diff --git a/azure-cli.pyproj b/azure-cli.pyproj
index 587757b1fb4..80fcb0a8e73 100644
--- a/azure-cli.pyproj
+++ b/azure-cli.pyproj
@@ -1324,6 +1324,9 @@
+
+
+
diff --git a/src/azure-cli-core/azure/cli/core/profiles/_shared.py b/src/azure-cli-core/azure/cli/core/profiles/_shared.py
index 37d35a07df3..524651b1ce6 100644
--- a/src/azure-cli-core/azure/cli/core/profiles/_shared.py
+++ b/src/azure-cli-core/azure/cli/core/profiles/_shared.py
@@ -134,7 +134,7 @@ def default_api_version(self):
ResourceType.MGMT_RESOURCE_FEATURES: '2015-12-01',
ResourceType.MGMT_RESOURCE_LINKS: '2016-09-01',
ResourceType.MGMT_RESOURCE_LOCKS: '2016-09-01',
- ResourceType.MGMT_RESOURCE_POLICY: '2019-06-01',
+ ResourceType.MGMT_RESOURCE_POLICY: '2019-09-01',
ResourceType.MGMT_RESOURCE_RESOURCES: '2019-07-01',
ResourceType.MGMT_RESOURCE_SUBSCRIPTIONS: '2016-06-01',
ResourceType.MGMT_NETWORK_DNS: '2018-05-01',
diff --git a/src/azure-cli-core/setup.py b/src/azure-cli-core/setup.py
index c4ba92ddbe5..0ceedf3c3d9 100644
--- a/src/azure-cli-core/setup.py
+++ b/src/azure-cli-core/setup.py
@@ -69,7 +69,7 @@
'requests~=2.20',
'six~=1.12',
'wheel==0.30.0',
- 'azure-mgmt-resource~=4.0',
+ 'azure-mgmt-resource~=6.0',
]
TESTS_REQUIRE = [
diff --git a/src/azure-cli-core/tox.ini b/src/azure-cli-core/tox.ini
index 8f4dd9b091e..d66b18261df 100644
--- a/src/azure-cli-core/tox.ini
+++ b/src/azure-cli-core/tox.ini
@@ -6,6 +6,6 @@ skip_missing_interpreters = True
deps = pytest
mock
pip
- azure-mgmt-resource~=4.0.0
+ azure-mgmt-resource~=6.0.0
-e ../azure-cli-telemetry
commands = pytest
diff --git a/src/azure-cli/HISTORY.rst b/src/azure-cli/HISTORY.rst
index 7e8e38600d3..5d989ef138d 100644
--- a/src/azure-cli/HISTORY.rst
+++ b/src/azure-cli/HISTORY.rst
@@ -11,6 +11,10 @@ Release History
* Fix issue #11217: webapp: az webapp config ssl upload should support slot parameter
+**ARM**
+
+* Update azure-mgmt-resource package to use 6.0.0
+
**Compute**
* vmss create/update: Add --scale-in-policy, which decides which virtual machines are chosen for removal when a VMSS is scaled-in
@@ -41,6 +45,11 @@ Release History
* Add back edge builds for pip install
* Add Ubuntu eoan package
+**Policy**
+
+* Support for Policy API version 2019-09-01.
+* az policy set-definition: Support grouping within policy set definitions with `--definition-groups` parameter
+
**Storage**
* GA Release Large File Shares property for storage account create and update command
diff --git a/src/azure-cli/azure/cli/command_modules/policyinsights/tests/latest/recordings/test_policy_insights_remediation.yaml b/src/azure-cli/azure/cli/command_modules/policyinsights/tests/latest/recordings/test_policy_insights_remediation.yaml
index 3639d260c96..1a919a67ff9 100644
--- a/src/azure-cli/azure/cli/command_modules/policyinsights/tests/latest/recordings/test_policy_insights_remediation.yaml
+++ b/src/azure-cli/azure/cli/command_modules/policyinsights/tests/latest/recordings/test_policy_insights_remediation.yaml
@@ -13,12 +13,12 @@ interactions:
ParameterSetName:
- --policy -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
@@ -31,7 +31,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:41:56 GMT
+ - Mon, 09 Dec 2019 19:19:29 GMT
expires:
- '-1'
pragma:
@@ -57,12 +57,12 @@ interactions:
ParameterSetName:
- --policy -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d?api-version=2019-09-01
response:
body:
string: '{"properties":{"displayName":"Audit VMs that do not use managed disks","policyType":"BuiltIn","mode":"All","description":"This
@@ -75,7 +75,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:41:56 GMT
+ - Mon, 09 Dec 2019 19:19:29 GMT
expires:
- '-1'
pragma:
@@ -111,15 +111,15 @@ interactions:
ParameterSetName:
- --policy -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000003?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000003?api-version=2019-09-01
response:
body:
- string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-10T18:41:57.3512047Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000003","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000003"}'
+ string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-09T19:19:31.4629037Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000003","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000003"}'
headers:
cache-control:
- no-cache
@@ -128,7 +128,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:41:57 GMT
+ - Mon, 09 Dec 2019 19:19:30 GMT
expires:
- '-1'
pragma:
@@ -156,43 +156,46 @@ interactions:
ParameterSetName:
- -n -g -a
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments?api-version=2019-09-01
response:
body:
- string: '{"value":[{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"EM
- - Deploy Advanced Data Security on SQL servers","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/29044f17-dbcd-4ff8-9508-9e76dd7d7462","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"description":"","metadata":{"assignedBy":"Sandip
- Shahane","parameterScopes":{},"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-08-27T17:20:35.6915066Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-03T23:55:10.085408Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"95e2781a-2ad5-455a-8000-02acdb0ee77d","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/3d2a442d40524196b8fd7dc7","type":"Microsoft.Authorization/policyAssignments","name":"3d2a442d40524196b8fd7dc7","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"EM
- - Deploy Advanced Data Security on SQL servers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"description":"","metadata":{"assignedBy":"Sandip
- Shahane","parameterScopes":{},"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-08-05T23:39:07.4803303Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-03T23:15:13.7247168Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"4a507e4a-7924-4e4b-b1c8-d9262d8136bc","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/4350056039914afd8e15a322","type":"Microsoft.Authorization/policyAssignments","name":"4350056039914afd8e15a322","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"EM
- - Diagnostic logs in Key Vault should be enabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"description":"","metadata":{"assignedBy":"Sandip
- Shahane","parameterScopes":{},"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-08-05T23:33:49.256093Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-04T00:25:57.4933757Z"},"enforcementMode":"DoNotEnforce"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/8550b144d33b4f5b8fee28b5","type":"Microsoft.Authorization/policyAssignments","name":"8550b144d33b4f5b8fee28b5"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Diagnostic
- logs in Key Vault should be enabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Sandip
- Shahane","parameterScopes":{},"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-08-05T23:33:32.4535073Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/96dbe57cce5c4513a5366b1c","type":"Microsoft.Authorization/policyAssignments","name":"96dbe57cce5c4513a5366b1c"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Deploy
- Advanced Data Security on SQL servers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Sandip
- Shahane","parameterScopes":{},"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-08-05T23:38:50.3438318Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-08-26T19:55:37.4449707Z"},"enforcementMode":"Default"},"identity":{"principalId":"64f2ce47-849a-4587-afb3-3dc011037096","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/a10235c6e3164c90a2774803","type":"Microsoft.Authorization/policyAssignments","name":"a10235c6e3164c90a2774803","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-10T18:41:57.3512047Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000003","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000003"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"GOKMENH
- Test Incident","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/gokmenhTestDefinition","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{"tagName":{"value":"productName"}},"description":"GOKMENH
- test MG take 2","metadata":{"createdBy":"611684ad-7140-4124-b482-8d031bdc553e","createdOn":"2019-06-13T16:04:47.2740504Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-04T17:44:31.7743392Z","parameterScopes":{}},"enforcementMode":"DoNotEnforce"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/gokmenhPolicyAssignment","type":"Microsoft.Authorization/policyAssignments","name":"gokmenhPolicyAssignment"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"ASC
- Default (subscription: 6e96e86b-389d-47df-926f-699d040c58f7)","policyDefinitionId":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","parameters":{},"description":"This
- is the default set of policies monitored by Azure Security Center. It was
- automatically assigned as part of onboarding to Security Center. The default
- assignment contains only audit policies. For more information please visit
- https://aka.ms/ascpolicies","metadata":{"assignedBy":"Security Center","createdBy":"6878917f-bc1d-4e4e-bb24-12924205b215","createdOn":"2019-02-19T21:00:49.9837993Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn","type":"Microsoft.Authorization/policyAssignments","name":"SecurityCenterBuiltIn"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"jilim
- audit subscriptions without security contacts","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/67d90168-f067-43df-bd57-bca4b46df3a0","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","notScopes":[],"parameters":{},"description":"1","metadata":{"assignedBy":"Jin
- Soon Lim","parameterScopes":{},"createdBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","createdOn":"2019-06-07T21:02:59.4330616Z","updatedBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","updatedOn":"2019-06-07T21:12:59.8524735Z"},"enforcementMode":"Default"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyAssignments/ce3fe2b4e1744039bed1d6a2","type":"Microsoft.Authorization/policyAssignments","name":"ce3fe2b4e1744039bed1d6a2","location":"eastus"}]}'
+ string: '{"value":[{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Test
+ Modify initiative","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/55afae72-7df0-417b-9eb7-f756576c854a","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"description":"","metadata":{"assignedBy":"Robert
+ Gao","parameterScopes":{},"createdBy":"0dc80135-ae53-4da3-8695-220a2d93aad8","createdOn":"2019-08-29T00:36:56.3908822Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-11T22:00:41.5492656Z"},"enforcementMode":"Default"},"identity":{"principalId":"48036e81-a2af-4e6c-9624-4908615cc36d","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/3cf2c941d7b2418ca7b860e2","type":"Microsoft.Authorization/policyAssignments","name":"3cf2c941d7b2418ca7b860e2","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"chegg
+ replace tag RG","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d157c373-a6c4-483d-aaad-570756956268","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{"tagName":{"value":"cheggReplaced"},"tagValue":{"value":"true_112019_246PM"}},"description":"","metadata":{"assignedBy":"Chris
+ Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-06T23:26:56.0841235Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-20T22:46:27.8117346Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"9f6b0b38-d4b1-43d7-9ec8-4905306fe6fa","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/98a7c096f5154b8eadd36f8c","type":"Microsoft.Authorization/policyAssignments","name":"98a7c096f5154b8eadd36f8c","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-09T19:19:31.4629037Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000003","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000003"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"[Preview]:
+ Audit NIST SP 800-53 R4 controls and deploy specific VM Extensions to support
+ audit requirements","policyDefinitionId":"/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{"logAnalyticsWorkspaceIdforVMReporting":{"value":"fasdff"},"listOfResourceTypesWithDiagnosticLogsEnabled":{"value":["Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"listOfMembersToExcludeFromWindowsVMAdministratorsGroup":{"value":"cheggert"},"listOfMembersToIncludeInWindowsVMAdministratorsGroup":{"value":"rohitbh"}},"description":"This
+ initiative includes audit and VM Extension deployment policies that address
+ a subset of NIST SP 800-53 R4 controls. Additional policies will be added
+ in upcoming releases. For more information, please visit https://aka.ms/nist80053-blueprint.","metadata":{"assignedBy":"Chris
+ Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-20T22:11:26.047177Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-22T04:20:25.4141918Z"},"enforcementMode":"Default"},"identity":{"principalId":"c7519ca7-0d79-4b0f-af0b-0a4cfe3402d0","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/d17bc2764dae4ec1be07d178","type":"Microsoft.Authorization/policyAssignments","name":"d17bc2764dae4ec1be07d178","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"rohitbh:
+ Key vault access policy (Always give Joel access)","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3863c624-094c-480d-bc42-74970b55e5e1","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{"userObjectId":{"value":"644c17f7-2b49-4549-a67f-bcc0448cd850"}},"description":"Assignment
+ description","metadata":{"assignedBy":"Rohit Bhardwaj","parameterScopes":{},"createdBy":"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e","createdOn":"2019-03-26T00:12:03.5422031Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-12T22:23:50.9933459Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"f12ee62c-35e6-45ec-b44b-13587ca23514","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/ebccc544c4dd43d29c937f0c","type":"Microsoft.Authorization/policyAssignments","name":"ebccc544c4dd43d29c937f0c","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"chegg:
+ Replace tag without becoming compliant","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/270f0d11-af30-4c15-95f7-28ba884518f0","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Chris
+ Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-21T00:28:49.7568462Z","updatedBy":null,"updatedOn":null},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"8b9d526a-9e43-4d1b-8bfe-cfe4d90f3b58","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/ee5909f9ee3f4c12bbed6efc","type":"Microsoft.Authorization/policyAssignments","name":"ee5909f9ee3f4c12bbed6efc","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Empty
+ deployment on each KeyVault resource (SUB)","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/78a38c70-5549-49bd-8a16-fe3619e5d2cf","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"description":"Deploys
+ an empty deployment (with one output) on each KeyVault vault. Used for some
+ PolicyInsights SDK tests.","metadata":{"assignedBy":"Chris Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-21T17:43:53.4694168Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-21T17:44:38.1610927Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"dfd2385a-7700-420f-b164-bd9ffb52285b","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/fcddeb6113ec43798567dce2","type":"Microsoft.Authorization/policyAssignments","name":"fcddeb6113ec43798567dce2","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Empty
+ deployment on each KeyVault resource (MG)","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/78a38c70-5549-49bd-8a16-fe3619e5d2cf","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","notScopes":[],"parameters":{},"description":"Deploys
+ an empty deployment (with one output) on each KeyVault vault. Used for some
+ PolicyInsights SDK tests.","metadata":{"assignedBy":"Chris Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-21T17:44:17.3643721Z","updatedBy":null,"updatedOn":null},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"067c1aa0-c425-4ad5-80fe-41d4639b1d42","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyAssignments/d80d743b97874fd3bfd1d539","type":"Microsoft.Authorization/policyAssignments","name":"d80d743b97874fd3bfd1d539","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Audit
+ tag at MG","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/03ae6c12-b46a-43f1-9f3d-c20620473106","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","notScopes":["/subscriptions/00000000-0000-0000-0000-000000000000"],"parameters":{},"metadata":{"assignedBy":"Chris
+ Eggert","parameterScopes":{},"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-19T21:02:48.2629834Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-10-01T17:50:28.4254014Z"},"enforcementMode":"Default"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyAssignments/ef26e8bbc3da423ebf7fcb80","type":"Microsoft.Authorization/policyAssignments","name":"ef26e8bbc3da423ebf7fcb80"}]}'
headers:
cache-control:
- no-cache
content-length:
- - '8153'
+ - '11280'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:41:57 GMT
+ - Mon, 09 Dec 2019 19:19:32 GMT
expires:
- '-1'
pragma:
@@ -226,24 +229,24 @@ interactions:
ParameterSetName:
- -n -g -a
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-policyinsights/0.3.1
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-policyinsights/0.3.1 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_remediation000001/providers/Microsoft.PolicyInsights/remediations/azurecli-test-remediation000004?api-version=2018-07-01-preview
response:
body:
- string: '{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/azurecli-test-policy-assignment000003","provisioningState":"Succeeded","createdOn":"2019-09-10T18:41:59.1899252Z","lastUpdatedOn":"2019-09-10T18:41:59.2680095Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"preEvaluateCompliance":false},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_remediation000001/providers/microsoft.policyinsights/remediations/azurecli-test-remediation000004","name":"azurecli-test-remediation000004","type":"Microsoft.PolicyInsights/remediations"}'
+ string: '{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/azurecli-test-policy-assignment000003","provisioningState":"Succeeded","createdOn":"2019-12-09T19:19:33.9610388Z","lastUpdatedOn":"2019-12-09T19:19:34.0288015Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_remediation000001/providers/microsoft.policyinsights/remediations/azurecli-test-remediation000004","name":"azurecli-test-remediation000004","type":"Microsoft.PolicyInsights/remediations"}'
headers:
cache-control:
- no-cache
content-length:
- - '762'
+ - '779'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:41:59 GMT
+ - Mon, 09 Dec 2019 19:19:33 GMT
expires:
- '-1'
pragma:
@@ -255,9 +258,9 @@ interactions:
x-content-type-options:
- nosniff
x-ms-ratelimit-remaining-subscription-policy-insights-requests:
- - '599'
+ - '598'
x-ms-ratelimit-remaining-subscription-writes:
- - '1199'
+ - '1198'
status:
code: 201
message: Created
@@ -275,24 +278,24 @@ interactions:
ParameterSetName:
- -n -g
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-policyinsights/0.3.1
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-policyinsights/0.3.1 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_remediation000001/providers/Microsoft.PolicyInsights/remediations/azurecli-test-remediation000004?api-version=2018-07-01-preview
response:
body:
- string: '{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/azurecli-test-policy-assignment000003","provisioningState":"Succeeded","createdOn":"2019-09-10T18:41:59.1899252Z","lastUpdatedOn":"2019-09-10T18:41:59.2680095Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"preEvaluateCompliance":false},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_remediation000001/providers/microsoft.policyinsights/remediations/azurecli-test-remediation000004","name":"azurecli-test-remediation000004","type":"Microsoft.PolicyInsights/remediations"}'
+ string: '{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/azurecli-test-policy-assignment000003","provisioningState":"Succeeded","createdOn":"2019-12-09T19:19:33.9610388Z","lastUpdatedOn":"2019-12-09T19:19:34.0288015Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_remediation000001/providers/microsoft.policyinsights/remediations/azurecli-test-remediation000004","name":"azurecli-test-remediation000004","type":"Microsoft.PolicyInsights/remediations"}'
headers:
cache-control:
- no-cache
content-length:
- - '762'
+ - '779'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:42:00 GMT
+ - Mon, 09 Dec 2019 19:19:34 GMT
expires:
- '-1'
pragma:
@@ -326,24 +329,24 @@ interactions:
ParameterSetName:
- -g
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-policyinsights/0.3.1
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-policyinsights/0.3.1 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_remediation000001/providers/Microsoft.PolicyInsights/remediations?api-version=2018-07-01-preview
response:
body:
- string: '{"value":[{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/azurecli-test-policy-assignment000003","provisioningState":"Succeeded","createdOn":"2019-09-10T18:41:59.1899252Z","lastUpdatedOn":"2019-09-10T18:41:59.2680095Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"preEvaluateCompliance":false},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_remediation000001/providers/microsoft.policyinsights/remediations/azurecli-test-remediation000004","name":"azurecli-test-remediation000004","type":"Microsoft.PolicyInsights/remediations"}]}'
+ string: '{"value":[{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/azurecli-test-policy-assignment000003","provisioningState":"Succeeded","createdOn":"2019-12-09T19:19:33.9610388Z","lastUpdatedOn":"2019-12-09T19:19:34.0288015Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_remediation000001/providers/microsoft.policyinsights/remediations/azurecli-test-remediation000004","name":"azurecli-test-remediation000004","type":"Microsoft.PolicyInsights/remediations"}]}'
headers:
cache-control:
- no-cache
content-length:
- - '774'
+ - '791'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:42:00 GMT
+ - Mon, 09 Dec 2019 19:19:35 GMT
expires:
- '-1'
pragma:
@@ -379,8 +382,8 @@ interactions:
ParameterSetName:
- -n -g
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-policyinsights/0.3.1
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-policyinsights/0.3.1 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: POST
@@ -396,7 +399,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:42:01 GMT
+ - Mon, 09 Dec 2019 19:19:36 GMT
expires:
- '-1'
pragma:
@@ -412,7 +415,7 @@ interactions:
x-content-type-options:
- nosniff
x-ms-ratelimit-remaining-subscription-policy-insights-requests:
- - '599'
+ - '597'
status:
code: 200
message: OK
@@ -432,24 +435,24 @@ interactions:
ParameterSetName:
- -n -g
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-policyinsights/0.3.1
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-policyinsights/0.3.1 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: DELETE
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_remediation000001/providers/Microsoft.PolicyInsights/remediations/azurecli-test-remediation000004?api-version=2018-07-01-preview
response:
body:
- string: '{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/azurecli-test-policy-assignment000003","provisioningState":"Succeeded","createdOn":"2019-09-10T18:41:59.1899252Z","lastUpdatedOn":"2019-09-10T18:41:59.2680095Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"preEvaluateCompliance":false},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_remediation000001/providers/microsoft.policyinsights/remediations/azurecli-test-remediation000004","name":"azurecli-test-remediation000004","type":"Microsoft.PolicyInsights/remediations"}'
+ string: '{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/azurecli-test-policy-assignment000003","provisioningState":"Succeeded","createdOn":"2019-12-09T19:19:33.9610388Z","lastUpdatedOn":"2019-12-09T19:19:34.0288015Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_remediation000001/providers/microsoft.policyinsights/remediations/azurecli-test-remediation000004","name":"azurecli-test-remediation000004","type":"Microsoft.PolicyInsights/remediations"}'
headers:
cache-control:
- no-cache
content-length:
- - '762'
+ - '779'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:42:02 GMT
+ - Mon, 09 Dec 2019 19:19:38 GMT
expires:
- '-1'
pragma:
@@ -467,7 +470,7 @@ interactions:
x-ms-ratelimit-remaining-subscription-deletes:
- '14999'
x-ms-ratelimit-remaining-subscription-policy-insights-requests:
- - '598'
+ - '597'
status:
code: 200
message: OK
@@ -485,8 +488,8 @@ interactions:
ParameterSetName:
- -g
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-policyinsights/0.3.1
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-policyinsights/0.3.1 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
@@ -502,7 +505,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:42:03 GMT
+ - Mon, 09 Dec 2019 19:19:39 GMT
expires:
- '-1'
pragma:
@@ -518,7 +521,7 @@ interactions:
x-content-type-options:
- nosniff
x-ms-ratelimit-remaining-subscription-policy-insights-requests:
- - '599'
+ - '597'
status:
code: 200
message: OK
@@ -536,43 +539,46 @@ interactions:
ParameterSetName:
- -n -a --location-filters
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments?api-version=2019-09-01
response:
body:
- string: '{"value":[{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"EM
- - Deploy Advanced Data Security on SQL servers","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/29044f17-dbcd-4ff8-9508-9e76dd7d7462","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"description":"","metadata":{"assignedBy":"Sandip
- Shahane","parameterScopes":{},"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-08-27T17:20:35.6915066Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-03T23:55:10.085408Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"95e2781a-2ad5-455a-8000-02acdb0ee77d","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/3d2a442d40524196b8fd7dc7","type":"Microsoft.Authorization/policyAssignments","name":"3d2a442d40524196b8fd7dc7","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"EM
- - Deploy Advanced Data Security on SQL servers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"description":"","metadata":{"assignedBy":"Sandip
- Shahane","parameterScopes":{},"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-08-05T23:39:07.4803303Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-03T23:15:13.7247168Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"4a507e4a-7924-4e4b-b1c8-d9262d8136bc","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/4350056039914afd8e15a322","type":"Microsoft.Authorization/policyAssignments","name":"4350056039914afd8e15a322","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"EM
- - Diagnostic logs in Key Vault should be enabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"description":"","metadata":{"assignedBy":"Sandip
- Shahane","parameterScopes":{},"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-08-05T23:33:49.256093Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-04T00:25:57.4933757Z"},"enforcementMode":"DoNotEnforce"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/8550b144d33b4f5b8fee28b5","type":"Microsoft.Authorization/policyAssignments","name":"8550b144d33b4f5b8fee28b5"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Diagnostic
- logs in Key Vault should be enabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Sandip
- Shahane","parameterScopes":{},"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-08-05T23:33:32.4535073Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/96dbe57cce5c4513a5366b1c","type":"Microsoft.Authorization/policyAssignments","name":"96dbe57cce5c4513a5366b1c"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Deploy
- Advanced Data Security on SQL servers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Sandip
- Shahane","parameterScopes":{},"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-08-05T23:38:50.3438318Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-08-26T19:55:37.4449707Z"},"enforcementMode":"Default"},"identity":{"principalId":"64f2ce47-849a-4587-afb3-3dc011037096","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/a10235c6e3164c90a2774803","type":"Microsoft.Authorization/policyAssignments","name":"a10235c6e3164c90a2774803","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-10T18:41:57.3512047Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000003","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000003"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"GOKMENH
- Test Incident","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/gokmenhTestDefinition","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{"tagName":{"value":"productName"}},"description":"GOKMENH
- test MG take 2","metadata":{"createdBy":"611684ad-7140-4124-b482-8d031bdc553e","createdOn":"2019-06-13T16:04:47.2740504Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-04T17:44:31.7743392Z","parameterScopes":{}},"enforcementMode":"DoNotEnforce"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/gokmenhPolicyAssignment","type":"Microsoft.Authorization/policyAssignments","name":"gokmenhPolicyAssignment"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"ASC
- Default (subscription: 6e96e86b-389d-47df-926f-699d040c58f7)","policyDefinitionId":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","parameters":{},"description":"This
- is the default set of policies monitored by Azure Security Center. It was
- automatically assigned as part of onboarding to Security Center. The default
- assignment contains only audit policies. For more information please visit
- https://aka.ms/ascpolicies","metadata":{"assignedBy":"Security Center","createdBy":"6878917f-bc1d-4e4e-bb24-12924205b215","createdOn":"2019-02-19T21:00:49.9837993Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn","type":"Microsoft.Authorization/policyAssignments","name":"SecurityCenterBuiltIn"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"jilim
- audit subscriptions without security contacts","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/67d90168-f067-43df-bd57-bca4b46df3a0","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","notScopes":[],"parameters":{},"description":"1","metadata":{"assignedBy":"Jin
- Soon Lim","parameterScopes":{},"createdBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","createdOn":"2019-06-07T21:02:59.4330616Z","updatedBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","updatedOn":"2019-06-07T21:12:59.8524735Z"},"enforcementMode":"Default"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyAssignments/ce3fe2b4e1744039bed1d6a2","type":"Microsoft.Authorization/policyAssignments","name":"ce3fe2b4e1744039bed1d6a2","location":"eastus"}]}'
+ string: '{"value":[{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Test
+ Modify initiative","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/55afae72-7df0-417b-9eb7-f756576c854a","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"description":"","metadata":{"assignedBy":"Robert
+ Gao","parameterScopes":{},"createdBy":"0dc80135-ae53-4da3-8695-220a2d93aad8","createdOn":"2019-08-29T00:36:56.3908822Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-11T22:00:41.5492656Z"},"enforcementMode":"Default"},"identity":{"principalId":"48036e81-a2af-4e6c-9624-4908615cc36d","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/3cf2c941d7b2418ca7b860e2","type":"Microsoft.Authorization/policyAssignments","name":"3cf2c941d7b2418ca7b860e2","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"chegg
+ replace tag RG","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d157c373-a6c4-483d-aaad-570756956268","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{"tagName":{"value":"cheggReplaced"},"tagValue":{"value":"true_112019_246PM"}},"description":"","metadata":{"assignedBy":"Chris
+ Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-06T23:26:56.0841235Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-20T22:46:27.8117346Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"9f6b0b38-d4b1-43d7-9ec8-4905306fe6fa","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/98a7c096f5154b8eadd36f8c","type":"Microsoft.Authorization/policyAssignments","name":"98a7c096f5154b8eadd36f8c","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-09T19:19:31.4629037Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000003","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000003"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"[Preview]:
+ Audit NIST SP 800-53 R4 controls and deploy specific VM Extensions to support
+ audit requirements","policyDefinitionId":"/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{"logAnalyticsWorkspaceIdforVMReporting":{"value":"fasdff"},"listOfResourceTypesWithDiagnosticLogsEnabled":{"value":["Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"listOfMembersToExcludeFromWindowsVMAdministratorsGroup":{"value":"cheggert"},"listOfMembersToIncludeInWindowsVMAdministratorsGroup":{"value":"rohitbh"}},"description":"This
+ initiative includes audit and VM Extension deployment policies that address
+ a subset of NIST SP 800-53 R4 controls. Additional policies will be added
+ in upcoming releases. For more information, please visit https://aka.ms/nist80053-blueprint.","metadata":{"assignedBy":"Chris
+ Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-20T22:11:26.047177Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-22T04:20:25.4141918Z"},"enforcementMode":"Default"},"identity":{"principalId":"c7519ca7-0d79-4b0f-af0b-0a4cfe3402d0","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/d17bc2764dae4ec1be07d178","type":"Microsoft.Authorization/policyAssignments","name":"d17bc2764dae4ec1be07d178","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"rohitbh:
+ Key vault access policy (Always give Joel access)","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3863c624-094c-480d-bc42-74970b55e5e1","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{"userObjectId":{"value":"644c17f7-2b49-4549-a67f-bcc0448cd850"}},"description":"Assignment
+ description","metadata":{"assignedBy":"Rohit Bhardwaj","parameterScopes":{},"createdBy":"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e","createdOn":"2019-03-26T00:12:03.5422031Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-12T22:23:50.9933459Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"f12ee62c-35e6-45ec-b44b-13587ca23514","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/ebccc544c4dd43d29c937f0c","type":"Microsoft.Authorization/policyAssignments","name":"ebccc544c4dd43d29c937f0c","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"chegg:
+ Replace tag without becoming compliant","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/270f0d11-af30-4c15-95f7-28ba884518f0","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Chris
+ Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-21T00:28:49.7568462Z","updatedBy":null,"updatedOn":null},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"8b9d526a-9e43-4d1b-8bfe-cfe4d90f3b58","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/ee5909f9ee3f4c12bbed6efc","type":"Microsoft.Authorization/policyAssignments","name":"ee5909f9ee3f4c12bbed6efc","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Empty
+ deployment on each KeyVault resource (SUB)","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/78a38c70-5549-49bd-8a16-fe3619e5d2cf","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"description":"Deploys
+ an empty deployment (with one output) on each KeyVault vault. Used for some
+ PolicyInsights SDK tests.","metadata":{"assignedBy":"Chris Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-21T17:43:53.4694168Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-21T17:44:38.1610927Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"dfd2385a-7700-420f-b164-bd9ffb52285b","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/fcddeb6113ec43798567dce2","type":"Microsoft.Authorization/policyAssignments","name":"fcddeb6113ec43798567dce2","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Empty
+ deployment on each KeyVault resource (MG)","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/78a38c70-5549-49bd-8a16-fe3619e5d2cf","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","notScopes":[],"parameters":{},"description":"Deploys
+ an empty deployment (with one output) on each KeyVault vault. Used for some
+ PolicyInsights SDK tests.","metadata":{"assignedBy":"Chris Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-21T17:44:17.3643721Z","updatedBy":null,"updatedOn":null},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"067c1aa0-c425-4ad5-80fe-41d4639b1d42","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyAssignments/d80d743b97874fd3bfd1d539","type":"Microsoft.Authorization/policyAssignments","name":"d80d743b97874fd3bfd1d539","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Audit
+ tag at MG","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/03ae6c12-b46a-43f1-9f3d-c20620473106","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","notScopes":["/subscriptions/00000000-0000-0000-0000-000000000000"],"parameters":{},"metadata":{"assignedBy":"Chris
+ Eggert","parameterScopes":{},"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-19T21:02:48.2629834Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-10-01T17:50:28.4254014Z"},"enforcementMode":"Default"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyAssignments/ef26e8bbc3da423ebf7fcb80","type":"Microsoft.Authorization/policyAssignments","name":"ef26e8bbc3da423ebf7fcb80"}]}'
headers:
cache-control:
- no-cache
content-length:
- - '8153'
+ - '11280'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:42:03 GMT
+ - Mon, 09 Dec 2019 19:19:40 GMT
expires:
- '-1'
pragma:
@@ -607,24 +613,24 @@ interactions:
ParameterSetName:
- -n -a --location-filters
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-policyinsights/0.3.1
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-policyinsights/0.3.1 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.PolicyInsights/remediations/azurecli-test-remediation000004?api-version=2018-07-01-preview
response:
body:
- string: '{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/azurecli-test-policy-assignment000003","provisioningState":"Succeeded","createdOn":"2019-09-10T18:42:05.1195317Z","lastUpdatedOn":"2019-09-10T18:42:05.1976897Z","filters":{"locations":["westus"]},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"preEvaluateCompliance":false},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/azurecli-test-remediation000004","name":"azurecli-test-remediation000004","type":"Microsoft.PolicyInsights/remediations"}'
+ string: '{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/azurecli-test-policy-assignment000003","provisioningState":"Succeeded","createdOn":"2019-12-09T19:19:41.6032796Z","lastUpdatedOn":"2019-12-09T19:19:41.6744743Z","filters":{"locations":["westus"]},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/azurecli-test-remediation000004","name":"azurecli-test-remediation000004","type":"Microsoft.PolicyInsights/remediations"}'
headers:
cache-control:
- no-cache
content-length:
- - '706'
+ - '723'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:42:05 GMT
+ - Mon, 09 Dec 2019 19:19:41 GMT
expires:
- '-1'
pragma:
@@ -636,7 +642,7 @@ interactions:
x-content-type-options:
- nosniff
x-ms-ratelimit-remaining-subscription-policy-insights-requests:
- - '597'
+ - '599'
x-ms-ratelimit-remaining-subscription-writes:
- '1199'
status:
@@ -656,24 +662,24 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-policyinsights/0.3.1
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-policyinsights/0.3.1 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.PolicyInsights/remediations/azurecli-test-remediation000004?api-version=2018-07-01-preview
response:
body:
- string: '{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/azurecli-test-policy-assignment000003","provisioningState":"Succeeded","createdOn":"2019-09-10T18:42:05.1195317Z","lastUpdatedOn":"2019-09-10T18:42:05.1976897Z","filters":{"locations":["westus"]},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"preEvaluateCompliance":false},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/azurecli-test-remediation000004","name":"azurecli-test-remediation000004","type":"Microsoft.PolicyInsights/remediations"}'
+ string: '{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/azurecli-test-policy-assignment000003","provisioningState":"Succeeded","createdOn":"2019-12-09T19:19:41.6032796Z","lastUpdatedOn":"2019-12-09T19:19:41.6744743Z","filters":{"locations":["westus"]},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/azurecli-test-remediation000004","name":"azurecli-test-remediation000004","type":"Microsoft.PolicyInsights/remediations"}'
headers:
cache-control:
- no-cache
content-length:
- - '706'
+ - '723'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:42:06 GMT
+ - Mon, 09 Dec 2019 19:19:42 GMT
expires:
- '-1'
pragma:
@@ -689,7 +695,7 @@ interactions:
x-content-type-options:
- nosniff
x-ms-ratelimit-remaining-subscription-policy-insights-requests:
- - '599'
+ - '596'
status:
code: 200
message: OK
@@ -705,24 +711,24 @@ interactions:
Connection:
- keep-alive
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-policyinsights/0.3.1
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-policyinsights/0.3.1 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.PolicyInsights/remediations?api-version=2018-07-01-preview
response:
body:
- string: '{"value":[{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/azurecli-test-policy-assignment000003","provisioningState":"Succeeded","createdOn":"2019-09-10T18:42:05.1195317Z","lastUpdatedOn":"2019-09-10T18:42:05.1976897Z","filters":{"locations":["westus"]},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"preEvaluateCompliance":false},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/azurecli-test-remediation000004","name":"azurecli-test-remediation000004","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/4350056039914afd8e15a322","provisioningState":"Succeeded","createdOn":"2019-08-19T22:02:18.1478267Z","lastUpdatedOn":"2019-08-19T22:03:47.7594204Z","filters":{},"deploymentStatus":{"totalDeployments":1,"successfulDeployments":1,"failedDeployments":0},"preEvaluateCompliance":false},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/3c396ac5-bb6d-4d7e-9d96-b8b00a824a20","name":"3c396ac5-bb6d-4d7e-9d96-b8b00a824a20","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/4350056039914afd8e15a322","provisioningState":"Succeeded","createdOn":"2019-08-19T21:22:51.7652784Z","lastUpdatedOn":"2019-08-19T21:26:24.2816754Z","filters":{},"deploymentStatus":{"totalDeployments":4,"successfulDeployments":4,"failedDeployments":0},"preEvaluateCompliance":false},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/f67094f7-575c-403b-90e8-4c8dd81d83f8","name":"f67094f7-575c-403b-90e8-4c8dd81d83f8","type":"Microsoft.PolicyInsights/remediations"}]}'
+ string: '{"value":[{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/azurecli-test-policy-assignment000003","provisioningState":"Succeeded","createdOn":"2019-12-09T19:19:41.6032796Z","lastUpdatedOn":"2019-12-09T19:19:41.6744743Z","filters":{"locations":["westus"]},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/azurecli-test-remediation000004","name":"azurecli-test-remediation000004","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/ee5909f9ee3f4c12bbed6efc","provisioningState":"Succeeded","createdOn":"2019-12-06T17:12:58.086026Z","lastUpdatedOn":"2019-12-06T17:13:03.6652843Z","filters":{},"deploymentStatus":{"totalDeployments":4,"successfulDeployments":4,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cheggrg/providers/microsoft.policyinsights/remediations/8ce9b41e-961e-4d6c-b4d9-885fb8431e86","name":"8ce9b41e-961e-4d6c-b4d9-885fb8431e86","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/fcddeb6113ec43798567dce2","provisioningState":"Succeeded","createdOn":"2019-12-06T17:11:01.6783426Z","lastUpdatedOn":"2019-12-06T17:12:06.3368733Z","filters":{},"deploymentStatus":{"totalDeployments":2,"successfulDeployments":2,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cheggrg/providers/microsoft.policyinsights/remediations/8ce9b41e-961e-4d6c-b4d9-885fb84317de","name":"8ce9b41e-961e-4d6c-b4d9-885fb84317de","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/fcddeb6113ec43798567dce2","provisioningState":"Succeeded","createdOn":"2019-12-05T23:59:22.5426377Z","lastUpdatedOn":"2019-12-06T00:16:37.9076359Z","filters":{},"deploymentStatus":{"totalDeployments":3,"successfulDeployments":3,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/5e4dfa62-0135-4b07-aeca-6e8adc22dd51","name":"5e4dfa62-0135-4b07-aeca-6e8adc22dd51","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Succeeded","createdOn":"2019-11-20T22:46:28.300423Z","lastUpdatedOn":"2019-11-20T22:59:42.573969Z","deploymentStatus":{"totalDeployments":5,"successfulDeployments":5,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/83f16767-13cd-4f8d-a3b6-0277c8b8434f","name":"83f16767-13cd-4f8d-a3b6-0277c8b8434f","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/b8ee29b617cf4511bfd3576a","provisioningState":"Succeeded","createdOn":"2019-11-20T22:21:38.6620359Z","lastUpdatedOn":"2019-11-20T22:34:52.7544687Z","deploymentStatus":{"totalDeployments":5,"successfulDeployments":5,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/1692db3e-f6ef-4956-a7f8-7a26bcc8e6cf","name":"1692db3e-f6ef-4956-a7f8-7a26bcc8e6cf","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/de8bf152374f4ec98bd325c0","provisioningState":"Succeeded","createdOn":"2019-11-20T19:51:33.8798813Z","lastUpdatedOn":"2019-11-20T19:55:37.5417252Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/ddbad8cb-6331-43ca-9b13-99b4d1defa46","name":"ddbad8cb-6331-43ca-9b13-99b4d1defa46","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/a866c7a2182841e7bf5b1549","provisioningState":"Succeeded","createdOn":"2019-11-20T19:42:54.5560951Z","lastUpdatedOn":"2019-11-20T19:56:07.1530707Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/fab544c4-8c5d-4410-a7ad-1048bade0369","name":"fab544c4-8c5d-4410-a7ad-1048bade0369","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/3cf2c941d7b2418ca7b860e2","policyDefinitionReferenceId":"2352795843478363616","provisioningState":"Succeeded","createdOn":"2019-11-20T19:30:51.898276Z","lastUpdatedOn":"2019-11-20T19:34:55.4495051Z","filters":{},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/c70df65e-f846-4f1c-a3ce-dd7957e9ea4a","name":"c70df65e-f846-4f1c-a3ce-dd7957e9ea4a","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Succeeded","createdOn":"2019-11-20T19:21:38.0285209Z","lastUpdatedOn":"2019-11-20T19:34:54.6751894Z","deploymentStatus":{"totalDeployments":5,"successfulDeployments":5,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/c70df65e-f846-4f1c-a3ce-dd7957e9e6d0","name":"c70df65e-f846-4f1c-a3ce-dd7957e9e6d0","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Succeeded","createdOn":"2019-11-20T19:08:38.8771741Z","lastUpdatedOn":"2019-11-20T19:08:44.7475064Z","filters":{},"deploymentStatus":{"totalDeployments":5,"successfulDeployments":5,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/c70df65e-f846-4f1c-a3ce-dd7957e9e366","name":"c70df65e-f846-4f1c-a3ce-dd7957e9e366","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Canceled","createdOn":"2019-11-13T18:44:04.9510566Z","lastUpdatedOn":"2019-11-13T18:45:06.9985655Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/a455cddb-231e-4dcd-ba7b-5fb0611277bb","name":"a455cddb-231e-4dcd-ba7b-5fb0611277bb","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Canceled","createdOn":"2019-11-13T18:41:48.8749871Z","lastUpdatedOn":"2019-11-13T18:42:51.3667048Z","filters":{},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/a455cddb-231e-4dcd-ba7b-5fb061127104","name":"a455cddb-231e-4dcd-ba7b-5fb061127104","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/ebccc544c4dd43d29c937f0c","provisioningState":"Succeeded","createdOn":"2019-11-13T17:33:31.9675708Z","lastUpdatedOn":"2019-11-13T17:43:44.3179039Z","filters":{},"deploymentStatus":{"totalDeployments":3,"successfulDeployments":3,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/6df1a796-a2c6-4878-a971-572526f98a51","name":"6df1a796-a2c6-4878-a971-572526f98a51","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Succeeded","createdOn":"2019-11-12T22:25:25.6600687Z","lastUpdatedOn":"2019-11-12T22:31:33.0973891Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/4c4fb0f9-e88f-444b-948b-8935457a8245","name":"4c4fb0f9-e88f-444b-948b-8935457a8245","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/ebccc544c4dd43d29c937f0c","provisioningState":"Succeeded","createdOn":"2019-11-12T22:23:51.6839202Z","lastUpdatedOn":"2019-11-12T22:33:02.7165829Z","deploymentStatus":{"totalDeployments":3,"successfulDeployments":3,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/53a6e05e-ff61-404a-a281-ececc58d3ee9","name":"53a6e05e-ff61-404a-a281-ececc58d3ee9","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/ebccc544c4dd43d29c937f0c","provisioningState":"Succeeded","createdOn":"2019-11-12T22:12:52.24389Z","lastUpdatedOn":"2019-11-12T22:14:56.14781Z","filters":{"locations":["eastasia","southeastasia","centralus","eastus","eastus2","westus","northcentralus","southcentralus","northeurope","westeurope","japanwest","japaneast","brazilsouth","australiaeast","australiasoutheast","southindia","centralindia","westindia","canadacentral","canadaeast","uksouth","ukwest","westcentralus","westus2","koreacentral","koreasouth","francecentral","francesouth","australiacentral","australiacentral2","uaecentral","uaenorth","southafricanorth","southafricawest","switzerlandnorth","switzerlandwest","germanynorth","germanywestcentral"]},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/53a6e05e-ff61-404a-a281-ececc58d3180","name":"53a6e05e-ff61-404a-a281-ececc58d3180","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/ebccc544c4dd43d29c937f0c","provisioningState":"Canceled","createdOn":"2019-11-12T22:09:26.338598Z","lastUpdatedOn":"2019-11-12T22:12:29.5890312Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/d1d6c99b-c492-4c53-a7ff-fba2894350c3","name":"d1d6c99b-c492-4c53-a7ff-fba2894350c3","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Succeeded","createdOn":"2019-11-12T22:07:15.3462611Z","lastUpdatedOn":"2019-11-12T22:15:25.230365Z","deploymentStatus":{"totalDeployments":5,"successfulDeployments":5,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/7643ec2e-bcbb-414c-b881-e3d84b700005","name":"7643ec2e-bcbb-414c-b881-e3d84b700005","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Succeeded","createdOn":"2019-11-12T20:14:29.1123172Z","lastUpdatedOn":"2019-11-12T20:22:37.0637093Z","filters":{},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/297ca4c3-13b0-4848-b032-32f194359002","name":"297ca4c3-13b0-4848-b032-32f194359002","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Succeeded","createdOn":"2019-11-12T19:50:36.2222417Z","lastUpdatedOn":"2019-11-12T19:58:47.8025008Z","filters":{},"deploymentStatus":{"totalDeployments":2,"successfulDeployments":2,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/0a61d5c6-843e-4288-be9a-b3056fcb935b","name":"0a61d5c6-843e-4288-be9a-b3056fcb935b","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Succeeded","createdOn":"2019-11-12T19:40:12.9323826Z","lastUpdatedOn":"2019-11-12T19:48:24.093845Z","filters":{"locations":["eastasia","southeastasia","centralus","eastus","eastus2","westus","westeurope","japanwest","japaneast","brazilsouth","australiaeast","australiasoutheast","southindia","centralindia","westindia","canadacentral","canadaeast","uksouth","ukwest","westcentralus","westus2","koreacentral","koreasouth","francecentral","francesouth","australiacentral","australiacentral2","uaecentral","uaenorth","southafricanorth","southafricawest","switzerlandnorth","switzerlandwest","germanynorth","germanywestcentral","norwaywest","norwayeast"]},"deploymentStatus":{"totalDeployments":3,"successfulDeployments":3,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/25bd6db4-fca4-4242-b1cd-cc9432d93001","name":"25bd6db4-fca4-4242-b1cd-cc9432d93001","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Succeeded","createdOn":"2019-11-06T23:52:59.9074676Z","lastUpdatedOn":"2019-11-06T23:53:05.6321787Z","filters":{},"deploymentStatus":{"totalDeployments":5,"successfulDeployments":5,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/583875f8-4a79-4661-8300-9b583e3456bd","name":"583875f8-4a79-4661-8300-9b583e3456bd","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Succeeded","createdOn":"2019-11-06T23:27:09.9354594Z","lastUpdatedOn":"2019-11-06T23:27:10.0135949Z","filters":{},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/21c95410-09fb-4c9d-a65d-b0371b932404","name":"21c95410-09fb-4c9d-a65d-b0371b932404","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/3cf2c941d7b2418ca7b860e2","policyDefinitionReferenceId":"2352795843478363616","provisioningState":"Succeeded","createdOn":"2019-11-06T21:19:12.9525703Z","lastUpdatedOn":"2019-11-06T21:19:13.0307779Z","filters":{},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/783b589e-86ba-41dd-a73a-2f7e31bda360","name":"783b589e-86ba-41dd-a73a-2f7e31bda360","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/3cf2c941d7b2418ca7b860e2","policyDefinitionReferenceId":"2352795843478363616","provisioningState":"Succeeded","createdOn":"2019-11-06T17:54:38.3759193Z","lastUpdatedOn":"2019-11-06T17:54:38.4540942Z","filters":{},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/fc2ff254-b71f-4fbf-8595-af076c8e3360","name":"fc2ff254-b71f-4fbf-8595-af076c8e3360","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/42a4937324464d7790a835be","provisioningState":"Succeeded","createdOn":"2019-08-07T20:42:10.8285279Z","lastUpdatedOn":"2019-08-07T20:42:16.1223288Z","filters":{},"deploymentStatus":{"totalDeployments":1,"successfulDeployments":1,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/a9a2c516-3752-454c-8275-141c7895b5e7","name":"a9a2c516-3752-454c-8275-141c7895b5e7","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/42a4937324464d7790a835be","provisioningState":"Succeeded","createdOn":"2019-08-07T01:09:19.4751632Z","lastUpdatedOn":"2019-08-07T01:09:19.4908118Z","filters":{},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/175cf8a7-d9ca-45c8-a464-64e46b12a84f","name":"175cf8a7-d9ca-45c8-a464-64e46b12a84f","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/42a4937324464d7790a835be","provisioningState":"Succeeded","createdOn":"2019-08-07T00:54:24.3578018Z","lastUpdatedOn":"2019-08-07T00:54:24.3734662Z","filters":{},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/0524898a-cd4b-49e1-a0db-ed438c69dc7e","name":"0524898a-cd4b-49e1-a0db-ed438c69dc7e","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/42a4937324464d7790a835be","provisioningState":"Succeeded","createdOn":"2019-08-06T15:02:33.1065661Z","lastUpdatedOn":"2019-08-06T15:02:33.1221582Z","filters":{},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/0185cd8b-3684-47fa-b782-5663143612f5","name":"0185cd8b-3684-47fa-b782-5663143612f5","type":"Microsoft.PolicyInsights/remediations"}]}'
headers:
cache-control:
- no-cache
content-length:
- - '2040'
+ - '21555'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:42:06 GMT
+ - Mon, 09 Dec 2019 19:19:43 GMT
expires:
- '-1'
pragma:
@@ -738,7 +744,7 @@ interactions:
x-content-type-options:
- nosniff
x-ms-ratelimit-remaining-subscription-policy-insights-requests:
- - '597'
+ - '595'
status:
code: 200
message: OK
@@ -758,8 +764,8 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-policyinsights/0.3.1
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-policyinsights/0.3.1 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: POST
@@ -775,7 +781,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:42:06 GMT
+ - Mon, 09 Dec 2019 19:19:44 GMT
expires:
- '-1'
pragma:
@@ -811,24 +817,24 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-policyinsights/0.3.1
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-policyinsights/0.3.1 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: DELETE
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.PolicyInsights/remediations/azurecli-test-remediation000004?api-version=2018-07-01-preview
response:
body:
- string: '{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/azurecli-test-policy-assignment000003","provisioningState":"Succeeded","createdOn":"2019-09-10T18:42:05.1195317Z","lastUpdatedOn":"2019-09-10T18:42:05.1976897Z","filters":{"locations":["westus"]},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"preEvaluateCompliance":false},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/azurecli-test-remediation000004","name":"azurecli-test-remediation000004","type":"Microsoft.PolicyInsights/remediations"}'
+ string: '{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/azurecli-test-policy-assignment000003","provisioningState":"Succeeded","createdOn":"2019-12-09T19:19:41.6032796Z","lastUpdatedOn":"2019-12-09T19:19:41.6744743Z","filters":{"locations":["westus"]},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/azurecli-test-remediation000004","name":"azurecli-test-remediation000004","type":"Microsoft.PolicyInsights/remediations"}'
headers:
cache-control:
- no-cache
content-length:
- - '706'
+ - '723'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:42:08 GMT
+ - Mon, 09 Dec 2019 19:19:46 GMT
expires:
- '-1'
pragma:
@@ -846,7 +852,7 @@ interactions:
x-ms-ratelimit-remaining-subscription-deletes:
- '14999'
x-ms-ratelimit-remaining-subscription-policy-insights-requests:
- - '596'
+ - '598'
status:
code: 200
message: OK
@@ -862,24 +868,24 @@ interactions:
Connection:
- keep-alive
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-policyinsights/0.3.1
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-policyinsights/0.3.1 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.PolicyInsights/remediations?api-version=2018-07-01-preview
response:
body:
- string: '{"value":[{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/4350056039914afd8e15a322","provisioningState":"Succeeded","createdOn":"2019-08-19T22:02:18.1478267Z","lastUpdatedOn":"2019-08-19T22:03:47.7594204Z","filters":{},"deploymentStatus":{"totalDeployments":1,"successfulDeployments":1,"failedDeployments":0},"preEvaluateCompliance":false},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/3c396ac5-bb6d-4d7e-9d96-b8b00a824a20","name":"3c396ac5-bb6d-4d7e-9d96-b8b00a824a20","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/4350056039914afd8e15a322","provisioningState":"Succeeded","createdOn":"2019-08-19T21:22:51.7652784Z","lastUpdatedOn":"2019-08-19T21:26:24.2816754Z","filters":{},"deploymentStatus":{"totalDeployments":4,"successfulDeployments":4,"failedDeployments":0},"preEvaluateCompliance":false},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/f67094f7-575c-403b-90e8-4c8dd81d83f8","name":"f67094f7-575c-403b-90e8-4c8dd81d83f8","type":"Microsoft.PolicyInsights/remediations"}]}'
+ string: '{"value":[{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/ee5909f9ee3f4c12bbed6efc","provisioningState":"Succeeded","createdOn":"2019-12-06T17:12:58.086026Z","lastUpdatedOn":"2019-12-06T17:13:03.6652843Z","filters":{},"deploymentStatus":{"totalDeployments":4,"successfulDeployments":4,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cheggrg/providers/microsoft.policyinsights/remediations/8ce9b41e-961e-4d6c-b4d9-885fb8431e86","name":"8ce9b41e-961e-4d6c-b4d9-885fb8431e86","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/fcddeb6113ec43798567dce2","provisioningState":"Succeeded","createdOn":"2019-12-06T17:11:01.6783426Z","lastUpdatedOn":"2019-12-06T17:12:06.3368733Z","filters":{},"deploymentStatus":{"totalDeployments":2,"successfulDeployments":2,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cheggrg/providers/microsoft.policyinsights/remediations/8ce9b41e-961e-4d6c-b4d9-885fb84317de","name":"8ce9b41e-961e-4d6c-b4d9-885fb84317de","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/fcddeb6113ec43798567dce2","provisioningState":"Succeeded","createdOn":"2019-12-05T23:59:22.5426377Z","lastUpdatedOn":"2019-12-06T00:16:37.9076359Z","filters":{},"deploymentStatus":{"totalDeployments":3,"successfulDeployments":3,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/5e4dfa62-0135-4b07-aeca-6e8adc22dd51","name":"5e4dfa62-0135-4b07-aeca-6e8adc22dd51","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Succeeded","createdOn":"2019-11-20T22:46:28.300423Z","lastUpdatedOn":"2019-11-20T22:59:42.573969Z","deploymentStatus":{"totalDeployments":5,"successfulDeployments":5,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/83f16767-13cd-4f8d-a3b6-0277c8b8434f","name":"83f16767-13cd-4f8d-a3b6-0277c8b8434f","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/b8ee29b617cf4511bfd3576a","provisioningState":"Succeeded","createdOn":"2019-11-20T22:21:38.6620359Z","lastUpdatedOn":"2019-11-20T22:34:52.7544687Z","deploymentStatus":{"totalDeployments":5,"successfulDeployments":5,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/1692db3e-f6ef-4956-a7f8-7a26bcc8e6cf","name":"1692db3e-f6ef-4956-a7f8-7a26bcc8e6cf","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/de8bf152374f4ec98bd325c0","provisioningState":"Succeeded","createdOn":"2019-11-20T19:51:33.8798813Z","lastUpdatedOn":"2019-11-20T19:55:37.5417252Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/ddbad8cb-6331-43ca-9b13-99b4d1defa46","name":"ddbad8cb-6331-43ca-9b13-99b4d1defa46","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/a866c7a2182841e7bf5b1549","provisioningState":"Succeeded","createdOn":"2019-11-20T19:42:54.5560951Z","lastUpdatedOn":"2019-11-20T19:56:07.1530707Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/fab544c4-8c5d-4410-a7ad-1048bade0369","name":"fab544c4-8c5d-4410-a7ad-1048bade0369","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/3cf2c941d7b2418ca7b860e2","policyDefinitionReferenceId":"2352795843478363616","provisioningState":"Succeeded","createdOn":"2019-11-20T19:30:51.898276Z","lastUpdatedOn":"2019-11-20T19:34:55.4495051Z","filters":{},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/c70df65e-f846-4f1c-a3ce-dd7957e9ea4a","name":"c70df65e-f846-4f1c-a3ce-dd7957e9ea4a","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Succeeded","createdOn":"2019-11-20T19:21:38.0285209Z","lastUpdatedOn":"2019-11-20T19:34:54.6751894Z","deploymentStatus":{"totalDeployments":5,"successfulDeployments":5,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/c70df65e-f846-4f1c-a3ce-dd7957e9e6d0","name":"c70df65e-f846-4f1c-a3ce-dd7957e9e6d0","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Succeeded","createdOn":"2019-11-20T19:08:38.8771741Z","lastUpdatedOn":"2019-11-20T19:08:44.7475064Z","filters":{},"deploymentStatus":{"totalDeployments":5,"successfulDeployments":5,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/c70df65e-f846-4f1c-a3ce-dd7957e9e366","name":"c70df65e-f846-4f1c-a3ce-dd7957e9e366","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Canceled","createdOn":"2019-11-13T18:44:04.9510566Z","lastUpdatedOn":"2019-11-13T18:45:06.9985655Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/a455cddb-231e-4dcd-ba7b-5fb0611277bb","name":"a455cddb-231e-4dcd-ba7b-5fb0611277bb","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Canceled","createdOn":"2019-11-13T18:41:48.8749871Z","lastUpdatedOn":"2019-11-13T18:42:51.3667048Z","filters":{},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/a455cddb-231e-4dcd-ba7b-5fb061127104","name":"a455cddb-231e-4dcd-ba7b-5fb061127104","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/ebccc544c4dd43d29c937f0c","provisioningState":"Succeeded","createdOn":"2019-11-13T17:33:31.9675708Z","lastUpdatedOn":"2019-11-13T17:43:44.3179039Z","filters":{},"deploymentStatus":{"totalDeployments":3,"successfulDeployments":3,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/6df1a796-a2c6-4878-a971-572526f98a51","name":"6df1a796-a2c6-4878-a971-572526f98a51","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Succeeded","createdOn":"2019-11-12T22:25:25.6600687Z","lastUpdatedOn":"2019-11-12T22:31:33.0973891Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/4c4fb0f9-e88f-444b-948b-8935457a8245","name":"4c4fb0f9-e88f-444b-948b-8935457a8245","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/ebccc544c4dd43d29c937f0c","provisioningState":"Succeeded","createdOn":"2019-11-12T22:23:51.6839202Z","lastUpdatedOn":"2019-11-12T22:33:02.7165829Z","deploymentStatus":{"totalDeployments":3,"successfulDeployments":3,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/53a6e05e-ff61-404a-a281-ececc58d3ee9","name":"53a6e05e-ff61-404a-a281-ececc58d3ee9","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/ebccc544c4dd43d29c937f0c","provisioningState":"Succeeded","createdOn":"2019-11-12T22:12:52.24389Z","lastUpdatedOn":"2019-11-12T22:14:56.14781Z","filters":{"locations":["eastasia","southeastasia","centralus","eastus","eastus2","westus","northcentralus","southcentralus","northeurope","westeurope","japanwest","japaneast","brazilsouth","australiaeast","australiasoutheast","southindia","centralindia","westindia","canadacentral","canadaeast","uksouth","ukwest","westcentralus","westus2","koreacentral","koreasouth","francecentral","francesouth","australiacentral","australiacentral2","uaecentral","uaenorth","southafricanorth","southafricawest","switzerlandnorth","switzerlandwest","germanynorth","germanywestcentral"]},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/53a6e05e-ff61-404a-a281-ececc58d3180","name":"53a6e05e-ff61-404a-a281-ececc58d3180","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/ebccc544c4dd43d29c937f0c","provisioningState":"Canceled","createdOn":"2019-11-12T22:09:26.338598Z","lastUpdatedOn":"2019-11-12T22:12:29.5890312Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/d1d6c99b-c492-4c53-a7ff-fba2894350c3","name":"d1d6c99b-c492-4c53-a7ff-fba2894350c3","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Succeeded","createdOn":"2019-11-12T22:07:15.3462611Z","lastUpdatedOn":"2019-11-12T22:15:25.230365Z","deploymentStatus":{"totalDeployments":5,"successfulDeployments":5,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/7643ec2e-bcbb-414c-b881-e3d84b700005","name":"7643ec2e-bcbb-414c-b881-e3d84b700005","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Succeeded","createdOn":"2019-11-12T20:14:29.1123172Z","lastUpdatedOn":"2019-11-12T20:22:37.0637093Z","filters":{},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/297ca4c3-13b0-4848-b032-32f194359002","name":"297ca4c3-13b0-4848-b032-32f194359002","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Succeeded","createdOn":"2019-11-12T19:50:36.2222417Z","lastUpdatedOn":"2019-11-12T19:58:47.8025008Z","filters":{},"deploymentStatus":{"totalDeployments":2,"successfulDeployments":2,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/0a61d5c6-843e-4288-be9a-b3056fcb935b","name":"0a61d5c6-843e-4288-be9a-b3056fcb935b","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Succeeded","createdOn":"2019-11-12T19:40:12.9323826Z","lastUpdatedOn":"2019-11-12T19:48:24.093845Z","filters":{"locations":["eastasia","southeastasia","centralus","eastus","eastus2","westus","westeurope","japanwest","japaneast","brazilsouth","australiaeast","australiasoutheast","southindia","centralindia","westindia","canadacentral","canadaeast","uksouth","ukwest","westcentralus","westus2","koreacentral","koreasouth","francecentral","francesouth","australiacentral","australiacentral2","uaecentral","uaenorth","southafricanorth","southafricawest","switzerlandnorth","switzerlandwest","germanynorth","germanywestcentral","norwaywest","norwayeast"]},"deploymentStatus":{"totalDeployments":3,"successfulDeployments":3,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/25bd6db4-fca4-4242-b1cd-cc9432d93001","name":"25bd6db4-fca4-4242-b1cd-cc9432d93001","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Succeeded","createdOn":"2019-11-06T23:52:59.9074676Z","lastUpdatedOn":"2019-11-06T23:53:05.6321787Z","filters":{},"deploymentStatus":{"totalDeployments":5,"successfulDeployments":5,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/583875f8-4a79-4661-8300-9b583e3456bd","name":"583875f8-4a79-4661-8300-9b583e3456bd","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Succeeded","createdOn":"2019-11-06T23:27:09.9354594Z","lastUpdatedOn":"2019-11-06T23:27:10.0135949Z","filters":{},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/21c95410-09fb-4c9d-a65d-b0371b932404","name":"21c95410-09fb-4c9d-a65d-b0371b932404","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/3cf2c941d7b2418ca7b860e2","policyDefinitionReferenceId":"2352795843478363616","provisioningState":"Succeeded","createdOn":"2019-11-06T21:19:12.9525703Z","lastUpdatedOn":"2019-11-06T21:19:13.0307779Z","filters":{},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/783b589e-86ba-41dd-a73a-2f7e31bda360","name":"783b589e-86ba-41dd-a73a-2f7e31bda360","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/3cf2c941d7b2418ca7b860e2","policyDefinitionReferenceId":"2352795843478363616","provisioningState":"Succeeded","createdOn":"2019-11-06T17:54:38.3759193Z","lastUpdatedOn":"2019-11-06T17:54:38.4540942Z","filters":{},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/fc2ff254-b71f-4fbf-8595-af076c8e3360","name":"fc2ff254-b71f-4fbf-8595-af076c8e3360","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/42a4937324464d7790a835be","provisioningState":"Succeeded","createdOn":"2019-08-07T20:42:10.8285279Z","lastUpdatedOn":"2019-08-07T20:42:16.1223288Z","filters":{},"deploymentStatus":{"totalDeployments":1,"successfulDeployments":1,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/a9a2c516-3752-454c-8275-141c7895b5e7","name":"a9a2c516-3752-454c-8275-141c7895b5e7","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/42a4937324464d7790a835be","provisioningState":"Succeeded","createdOn":"2019-08-07T01:09:19.4751632Z","lastUpdatedOn":"2019-08-07T01:09:19.4908118Z","filters":{},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/175cf8a7-d9ca-45c8-a464-64e46b12a84f","name":"175cf8a7-d9ca-45c8-a464-64e46b12a84f","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/42a4937324464d7790a835be","provisioningState":"Succeeded","createdOn":"2019-08-07T00:54:24.3578018Z","lastUpdatedOn":"2019-08-07T00:54:24.3734662Z","filters":{},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/0524898a-cd4b-49e1-a0db-ed438c69dc7e","name":"0524898a-cd4b-49e1-a0db-ed438c69dc7e","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/42a4937324464d7790a835be","provisioningState":"Succeeded","createdOn":"2019-08-06T15:02:33.1065661Z","lastUpdatedOn":"2019-08-06T15:02:33.1221582Z","filters":{},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/0185cd8b-3684-47fa-b782-5663143612f5","name":"0185cd8b-3684-47fa-b782-5663143612f5","type":"Microsoft.PolicyInsights/remediations"}]}'
headers:
cache-control:
- no-cache
content-length:
- - '1333'
+ - '20831'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:42:08 GMT
+ - Mon, 09 Dec 2019 19:19:46 GMT
expires:
- '-1'
pragma:
@@ -895,7 +901,7 @@ interactions:
x-content-type-options:
- nosniff
x-ms-ratelimit-remaining-subscription-policy-insights-requests:
- - '598'
+ - '596'
status:
code: 200
message: OK
@@ -913,43 +919,46 @@ interactions:
ParameterSetName:
- -n -a -g --namespace --resource-type --resource
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments?api-version=2019-09-01
response:
body:
- string: '{"value":[{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"EM
- - Deploy Advanced Data Security on SQL servers","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/29044f17-dbcd-4ff8-9508-9e76dd7d7462","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"description":"","metadata":{"assignedBy":"Sandip
- Shahane","parameterScopes":{},"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-08-27T17:20:35.6915066Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-03T23:55:10.085408Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"95e2781a-2ad5-455a-8000-02acdb0ee77d","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/3d2a442d40524196b8fd7dc7","type":"Microsoft.Authorization/policyAssignments","name":"3d2a442d40524196b8fd7dc7","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"EM
- - Deploy Advanced Data Security on SQL servers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"description":"","metadata":{"assignedBy":"Sandip
- Shahane","parameterScopes":{},"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-08-05T23:39:07.4803303Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-03T23:15:13.7247168Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"4a507e4a-7924-4e4b-b1c8-d9262d8136bc","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/4350056039914afd8e15a322","type":"Microsoft.Authorization/policyAssignments","name":"4350056039914afd8e15a322","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"EM
- - Diagnostic logs in Key Vault should be enabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"description":"","metadata":{"assignedBy":"Sandip
- Shahane","parameterScopes":{},"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-08-05T23:33:49.256093Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-04T00:25:57.4933757Z"},"enforcementMode":"DoNotEnforce"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/8550b144d33b4f5b8fee28b5","type":"Microsoft.Authorization/policyAssignments","name":"8550b144d33b4f5b8fee28b5"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Diagnostic
- logs in Key Vault should be enabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Sandip
- Shahane","parameterScopes":{},"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-08-05T23:33:32.4535073Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/96dbe57cce5c4513a5366b1c","type":"Microsoft.Authorization/policyAssignments","name":"96dbe57cce5c4513a5366b1c"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Deploy
- Advanced Data Security on SQL servers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Sandip
- Shahane","parameterScopes":{},"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-08-05T23:38:50.3438318Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-08-26T19:55:37.4449707Z"},"enforcementMode":"Default"},"identity":{"principalId":"64f2ce47-849a-4587-afb3-3dc011037096","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/a10235c6e3164c90a2774803","type":"Microsoft.Authorization/policyAssignments","name":"a10235c6e3164c90a2774803","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-10T18:41:57.3512047Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000003","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000003"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"GOKMENH
- Test Incident","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/gokmenhTestDefinition","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{"tagName":{"value":"productName"}},"description":"GOKMENH
- test MG take 2","metadata":{"createdBy":"611684ad-7140-4124-b482-8d031bdc553e","createdOn":"2019-06-13T16:04:47.2740504Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-04T17:44:31.7743392Z","parameterScopes":{}},"enforcementMode":"DoNotEnforce"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/gokmenhPolicyAssignment","type":"Microsoft.Authorization/policyAssignments","name":"gokmenhPolicyAssignment"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"ASC
- Default (subscription: 6e96e86b-389d-47df-926f-699d040c58f7)","policyDefinitionId":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","parameters":{},"description":"This
- is the default set of policies monitored by Azure Security Center. It was
- automatically assigned as part of onboarding to Security Center. The default
- assignment contains only audit policies. For more information please visit
- https://aka.ms/ascpolicies","metadata":{"assignedBy":"Security Center","createdBy":"6878917f-bc1d-4e4e-bb24-12924205b215","createdOn":"2019-02-19T21:00:49.9837993Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn","type":"Microsoft.Authorization/policyAssignments","name":"SecurityCenterBuiltIn"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"jilim
- audit subscriptions without security contacts","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/67d90168-f067-43df-bd57-bca4b46df3a0","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","notScopes":[],"parameters":{},"description":"1","metadata":{"assignedBy":"Jin
- Soon Lim","parameterScopes":{},"createdBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","createdOn":"2019-06-07T21:02:59.4330616Z","updatedBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","updatedOn":"2019-06-07T21:12:59.8524735Z"},"enforcementMode":"Default"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyAssignments/ce3fe2b4e1744039bed1d6a2","type":"Microsoft.Authorization/policyAssignments","name":"ce3fe2b4e1744039bed1d6a2","location":"eastus"}]}'
+ string: '{"value":[{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Test
+ Modify initiative","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/55afae72-7df0-417b-9eb7-f756576c854a","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"description":"","metadata":{"assignedBy":"Robert
+ Gao","parameterScopes":{},"createdBy":"0dc80135-ae53-4da3-8695-220a2d93aad8","createdOn":"2019-08-29T00:36:56.3908822Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-11T22:00:41.5492656Z"},"enforcementMode":"Default"},"identity":{"principalId":"48036e81-a2af-4e6c-9624-4908615cc36d","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/3cf2c941d7b2418ca7b860e2","type":"Microsoft.Authorization/policyAssignments","name":"3cf2c941d7b2418ca7b860e2","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"chegg
+ replace tag RG","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d157c373-a6c4-483d-aaad-570756956268","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{"tagName":{"value":"cheggReplaced"},"tagValue":{"value":"true_112019_246PM"}},"description":"","metadata":{"assignedBy":"Chris
+ Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-06T23:26:56.0841235Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-20T22:46:27.8117346Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"9f6b0b38-d4b1-43d7-9ec8-4905306fe6fa","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/98a7c096f5154b8eadd36f8c","type":"Microsoft.Authorization/policyAssignments","name":"98a7c096f5154b8eadd36f8c","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-09T19:19:31.4629037Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000003","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000003"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"[Preview]:
+ Audit NIST SP 800-53 R4 controls and deploy specific VM Extensions to support
+ audit requirements","policyDefinitionId":"/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{"logAnalyticsWorkspaceIdforVMReporting":{"value":"fasdff"},"listOfResourceTypesWithDiagnosticLogsEnabled":{"value":["Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"listOfMembersToExcludeFromWindowsVMAdministratorsGroup":{"value":"cheggert"},"listOfMembersToIncludeInWindowsVMAdministratorsGroup":{"value":"rohitbh"}},"description":"This
+ initiative includes audit and VM Extension deployment policies that address
+ a subset of NIST SP 800-53 R4 controls. Additional policies will be added
+ in upcoming releases. For more information, please visit https://aka.ms/nist80053-blueprint.","metadata":{"assignedBy":"Chris
+ Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-20T22:11:26.047177Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-22T04:20:25.4141918Z"},"enforcementMode":"Default"},"identity":{"principalId":"c7519ca7-0d79-4b0f-af0b-0a4cfe3402d0","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/d17bc2764dae4ec1be07d178","type":"Microsoft.Authorization/policyAssignments","name":"d17bc2764dae4ec1be07d178","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"rohitbh:
+ Key vault access policy (Always give Joel access)","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3863c624-094c-480d-bc42-74970b55e5e1","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{"userObjectId":{"value":"644c17f7-2b49-4549-a67f-bcc0448cd850"}},"description":"Assignment
+ description","metadata":{"assignedBy":"Rohit Bhardwaj","parameterScopes":{},"createdBy":"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e","createdOn":"2019-03-26T00:12:03.5422031Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-12T22:23:50.9933459Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"f12ee62c-35e6-45ec-b44b-13587ca23514","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/ebccc544c4dd43d29c937f0c","type":"Microsoft.Authorization/policyAssignments","name":"ebccc544c4dd43d29c937f0c","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"chegg:
+ Replace tag without becoming compliant","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/270f0d11-af30-4c15-95f7-28ba884518f0","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Chris
+ Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-21T00:28:49.7568462Z","updatedBy":null,"updatedOn":null},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"8b9d526a-9e43-4d1b-8bfe-cfe4d90f3b58","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/ee5909f9ee3f4c12bbed6efc","type":"Microsoft.Authorization/policyAssignments","name":"ee5909f9ee3f4c12bbed6efc","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Empty
+ deployment on each KeyVault resource (SUB)","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/78a38c70-5549-49bd-8a16-fe3619e5d2cf","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"description":"Deploys
+ an empty deployment (with one output) on each KeyVault vault. Used for some
+ PolicyInsights SDK tests.","metadata":{"assignedBy":"Chris Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-21T17:43:53.4694168Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-21T17:44:38.1610927Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"dfd2385a-7700-420f-b164-bd9ffb52285b","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/fcddeb6113ec43798567dce2","type":"Microsoft.Authorization/policyAssignments","name":"fcddeb6113ec43798567dce2","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Empty
+ deployment on each KeyVault resource (MG)","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/78a38c70-5549-49bd-8a16-fe3619e5d2cf","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","notScopes":[],"parameters":{},"description":"Deploys
+ an empty deployment (with one output) on each KeyVault vault. Used for some
+ PolicyInsights SDK tests.","metadata":{"assignedBy":"Chris Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-21T17:44:17.3643721Z","updatedBy":null,"updatedOn":null},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"067c1aa0-c425-4ad5-80fe-41d4639b1d42","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyAssignments/d80d743b97874fd3bfd1d539","type":"Microsoft.Authorization/policyAssignments","name":"d80d743b97874fd3bfd1d539","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Audit
+ tag at MG","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/03ae6c12-b46a-43f1-9f3d-c20620473106","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","notScopes":["/subscriptions/00000000-0000-0000-0000-000000000000"],"parameters":{},"metadata":{"assignedBy":"Chris
+ Eggert","parameterScopes":{},"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-19T21:02:48.2629834Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-10-01T17:50:28.4254014Z"},"enforcementMode":"Default"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyAssignments/ef26e8bbc3da423ebf7fcb80","type":"Microsoft.Authorization/policyAssignments","name":"ef26e8bbc3da423ebf7fcb80"}]}'
headers:
cache-control:
- no-cache
content-length:
- - '8153'
+ - '11280'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:42:09 GMT
+ - Mon, 09 Dec 2019 19:19:48 GMT
expires:
- '-1'
pragma:
@@ -983,24 +992,24 @@ interactions:
ParameterSetName:
- -n -a -g --namespace --resource-type --resource
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-policyinsights/0.3.1
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-policyinsights/0.3.1 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_remediation000001/providers/Microsoft.Storage/storageAccounts/cliremediation000002/providers/Microsoft.PolicyInsights/remediations/azurecli-test-remediation000004?api-version=2018-07-01-preview
response:
body:
- string: '{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/azurecli-test-policy-assignment000003","provisioningState":"Succeeded","createdOn":"2019-09-10T18:42:10.6750486Z","lastUpdatedOn":"2019-09-10T18:42:10.7555505Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"preEvaluateCompliance":false},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_remediation000001/providers/microsoft.storage/storageaccounts/cliremediation000002/providers/microsoft.policyinsights/remediations/azurecli-test-remediation000004","name":"azurecli-test-remediation000004","type":"Microsoft.PolicyInsights/remediations"}'
+ string: '{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/azurecli-test-policy-assignment000003","provisioningState":"Succeeded","createdOn":"2019-12-09T19:19:49.9627549Z","lastUpdatedOn":"2019-12-09T19:19:50.0400737Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_remediation000001/providers/microsoft.storage/storageaccounts/cliremediation000002/providers/microsoft.policyinsights/remediations/azurecli-test-remediation000004","name":"azurecli-test-remediation000004","type":"Microsoft.PolicyInsights/remediations"}'
headers:
cache-control:
- no-cache
content-length:
- - '831'
+ - '848'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:42:11 GMT
+ - Mon, 09 Dec 2019 19:19:49 GMT
expires:
- '-1'
pragma:
@@ -1012,9 +1021,9 @@ interactions:
x-content-type-options:
- nosniff
x-ms-ratelimit-remaining-subscription-policy-insights-requests:
- - '595'
+ - '594'
x-ms-ratelimit-remaining-subscription-writes:
- - '1199'
+ - '1197'
status:
code: 201
message: Created
@@ -1032,24 +1041,24 @@ interactions:
ParameterSetName:
- -n -g --namespace --resource-type --resource
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-policyinsights/0.3.1
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-policyinsights/0.3.1 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_remediation000001/providers/Microsoft.Storage/storageAccounts/cliremediation000002/providers/Microsoft.PolicyInsights/remediations/azurecli-test-remediation000004?api-version=2018-07-01-preview
response:
body:
- string: '{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/azurecli-test-policy-assignment000003","provisioningState":"Succeeded","createdOn":"2019-09-10T18:42:10.6750486Z","lastUpdatedOn":"2019-09-10T18:42:10.7555505Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"preEvaluateCompliance":false},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_remediation000001/providers/microsoft.storage/storageaccounts/cliremediation000002/providers/microsoft.policyinsights/remediations/azurecli-test-remediation000004","name":"azurecli-test-remediation000004","type":"Microsoft.PolicyInsights/remediations"}'
+ string: '{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/azurecli-test-policy-assignment000003","provisioningState":"Succeeded","createdOn":"2019-12-09T19:19:49.9627549Z","lastUpdatedOn":"2019-12-09T19:19:50.0400737Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_remediation000001/providers/microsoft.storage/storageaccounts/cliremediation000002/providers/microsoft.policyinsights/remediations/azurecli-test-remediation000004","name":"azurecli-test-remediation000004","type":"Microsoft.PolicyInsights/remediations"}'
headers:
cache-control:
- no-cache
content-length:
- - '831'
+ - '848'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:42:11 GMT
+ - Mon, 09 Dec 2019 19:19:50 GMT
expires:
- '-1'
pragma:
@@ -1065,7 +1074,7 @@ interactions:
x-content-type-options:
- nosniff
x-ms-ratelimit-remaining-subscription-policy-insights-requests:
- - '599'
+ - '597'
status:
code: 200
message: OK
@@ -1083,24 +1092,24 @@ interactions:
ParameterSetName:
- -g --namespace --resource-type --resource
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-policyinsights/0.3.1
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-policyinsights/0.3.1 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_remediation000001/providers/Microsoft.Storage/storageAccounts/cliremediation000002/providers/Microsoft.PolicyInsights/remediations?api-version=2018-07-01-preview
response:
body:
- string: '{"value":[{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/azurecli-test-policy-assignment000003","provisioningState":"Succeeded","createdOn":"2019-09-10T18:42:10.6750486Z","lastUpdatedOn":"2019-09-10T18:42:10.7555505Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"preEvaluateCompliance":false},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_remediation000001/providers/microsoft.storage/storageaccounts/cliremediation000002/providers/microsoft.policyinsights/remediations/azurecli-test-remediation000004","name":"azurecli-test-remediation000004","type":"Microsoft.PolicyInsights/remediations"}]}'
+ string: '{"value":[{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/azurecli-test-policy-assignment000003","provisioningState":"Succeeded","createdOn":"2019-12-09T19:19:49.9627549Z","lastUpdatedOn":"2019-12-09T19:19:50.0400737Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_remediation000001/providers/microsoft.storage/storageaccounts/cliremediation000002/providers/microsoft.policyinsights/remediations/azurecli-test-remediation000004","name":"azurecli-test-remediation000004","type":"Microsoft.PolicyInsights/remediations"}]}'
headers:
cache-control:
- no-cache
content-length:
- - '843'
+ - '860'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:42:11 GMT
+ - Mon, 09 Dec 2019 19:19:51 GMT
expires:
- '-1'
pragma:
@@ -1136,8 +1145,8 @@ interactions:
ParameterSetName:
- -n -g --namespace --resource-type --resource
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-policyinsights/0.3.1
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-policyinsights/0.3.1 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: POST
@@ -1153,7 +1162,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:42:12 GMT
+ - Mon, 09 Dec 2019 19:19:52 GMT
expires:
- '-1'
pragma:
@@ -1169,7 +1178,7 @@ interactions:
x-content-type-options:
- nosniff
x-ms-ratelimit-remaining-subscription-policy-insights-requests:
- - '594'
+ - '596'
status:
code: 200
message: OK
@@ -1189,24 +1198,24 @@ interactions:
ParameterSetName:
- -n -g --namespace --resource-type --resource
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-policyinsights/0.3.1
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-policyinsights/0.3.1 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: DELETE
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_remediation000001/providers/Microsoft.Storage/storageAccounts/cliremediation000002/providers/Microsoft.PolicyInsights/remediations/azurecli-test-remediation000004?api-version=2018-07-01-preview
response:
body:
- string: '{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/azurecli-test-policy-assignment000003","provisioningState":"Succeeded","createdOn":"2019-09-10T18:42:10.6750486Z","lastUpdatedOn":"2019-09-10T18:42:10.7555505Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"preEvaluateCompliance":false},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_remediation000001/providers/microsoft.storage/storageaccounts/cliremediation000002/providers/microsoft.policyinsights/remediations/azurecli-test-remediation000004","name":"azurecli-test-remediation000004","type":"Microsoft.PolicyInsights/remediations"}'
+ string: '{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/azurecli-test-policy-assignment000003","provisioningState":"Succeeded","createdOn":"2019-12-09T19:19:49.9627549Z","lastUpdatedOn":"2019-12-09T19:19:50.0400737Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_remediation000001/providers/microsoft.storage/storageaccounts/cliremediation000002/providers/microsoft.policyinsights/remediations/azurecli-test-remediation000004","name":"azurecli-test-remediation000004","type":"Microsoft.PolicyInsights/remediations"}'
headers:
cache-control:
- no-cache
content-length:
- - '831'
+ - '848'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:42:13 GMT
+ - Mon, 09 Dec 2019 19:19:54 GMT
expires:
- '-1'
pragma:
@@ -1224,7 +1233,7 @@ interactions:
x-ms-ratelimit-remaining-subscription-deletes:
- '14999'
x-ms-ratelimit-remaining-subscription-policy-insights-requests:
- - '593'
+ - '594'
status:
code: 200
message: OK
@@ -1242,8 +1251,8 @@ interactions:
ParameterSetName:
- -g --namespace --resource-type --resource
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-policyinsights/0.3.1
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-policyinsights/0.3.1 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
@@ -1259,7 +1268,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:42:13 GMT
+ - Mon, 09 Dec 2019 19:19:55 GMT
expires:
- '-1'
pragma:
@@ -1275,7 +1284,7 @@ interactions:
x-content-type-options:
- nosniff
x-ms-ratelimit-remaining-subscription-policy-insights-requests:
- - '592'
+ - '593'
status:
code: 200
message: OK
@@ -1295,15 +1304,15 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: DELETE
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000003?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000003?api-version=2019-09-01
response:
body:
- string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-10T18:41:57.3512047Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000003","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000003"}'
+ string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-09T19:19:31.4629037Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000003","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000003"}'
headers:
cache-control:
- no-cache
@@ -1312,7 +1321,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:42:15 GMT
+ - Mon, 09 Dec 2019 19:19:56 GMT
expires:
- '-1'
pragma:
diff --git a/src/azure-cli/azure/cli/command_modules/policyinsights/tests/latest/recordings/test_policy_insights_remediation_complete.yaml b/src/azure-cli/azure/cli/command_modules/policyinsights/tests/latest/recordings/test_policy_insights_remediation_complete.yaml
index 2406a0522f9..9398f4ec254 100644
--- a/src/azure-cli/azure/cli/command_modules/policyinsights/tests/latest/recordings/test_policy_insights_remediation_complete.yaml
+++ b/src/azure-cli/azure/cli/command_modules/policyinsights/tests/latest/recordings/test_policy_insights_remediation_complete.yaml
@@ -13,27 +13,26 @@ interactions:
ParameterSetName:
- -g -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/az-cli-policy-insights-test/providers/Microsoft.Authorization/policyAssignments/cd7ac64c77ec441dbff7af7c?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/az-cli-policy-insights-test/providers/Microsoft.Authorization/policyAssignments/2a47116300b347c599c4c4d3?api-version=2019-09-01
response:
body:
- string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Deploy
- prerequisites to audit Windows VMs that do not have the specified Windows
- PowerShell execution policy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e0efc13a-122a-47c5-b817-2ccfe5d12615","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/az-cli-policy-insights-test","notScopes":[],"parameters":{"ExecutionPolicy":{"value":"Restricted"}},"metadata":{"assignedBy":"Sandip
- Shahane","parameterScopes":{},"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-10T19:22:58.0436328Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"identity":{"principalId":"24b25701-4dc9-4640-87c6-084146488688","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/az-cli-policy-insights-test/providers/Microsoft.Authorization/policyAssignments/cd7ac64c77ec441dbff7af7c","type":"Microsoft.Authorization/policyAssignments","name":"cd7ac64c77ec441dbff7af7c","location":"eastus"}'
+ string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"chegg
+ cli tmp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e0efc13a-122a-47c5-b817-2ccfe5d12615","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/az-cli-policy-insights-test","notScopes":[],"parameters":{"ExecutionPolicy":{"value":"AllSigned"}},"description":"asdf","metadata":{"assignedBy":"Chris
+ Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-12-09T19:28:03.8853753Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-12-09T19:34:17.8856984Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"5ca72371-59ae-48ec-b5ce-b7b2b7e2a265","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/az-cli-policy-insights-test/providers/Microsoft.Authorization/policyAssignments/2a47116300b347c599c4c4d3","type":"Microsoft.Authorization/policyAssignments","name":"2a47116300b347c599c4c4d3","location":"eastus"}'
headers:
cache-control:
- no-cache
content-length:
- - '1108'
+ - '1096'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 19:33:28 GMT
+ - Mon, 09 Dec 2019 19:53:10 GMT
expires:
- '-1'
pragma:
@@ -63,47 +62,48 @@ interactions:
ParameterSetName:
- -n -g -a
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments?api-version=2019-09-01
response:
body:
- string: '{"value":[{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"EM
- - Deploy Advanced Data Security on SQL servers","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/29044f17-dbcd-4ff8-9508-9e76dd7d7462","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"description":"","metadata":{"assignedBy":"Sandip
- Shahane","parameterScopes":{},"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-08-27T17:20:35.6915066Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-03T23:55:10.085408Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"95e2781a-2ad5-455a-8000-02acdb0ee77d","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/3d2a442d40524196b8fd7dc7","type":"Microsoft.Authorization/policyAssignments","name":"3d2a442d40524196b8fd7dc7","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"EM
- - Deploy Advanced Data Security on SQL servers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"description":"","metadata":{"assignedBy":"Sandip
- Shahane","parameterScopes":{},"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-08-05T23:39:07.4803303Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-03T23:15:13.7247168Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"4a507e4a-7924-4e4b-b1c8-d9262d8136bc","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/4350056039914afd8e15a322","type":"Microsoft.Authorization/policyAssignments","name":"4350056039914afd8e15a322","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"EM
- - Diagnostic logs in Key Vault should be enabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"description":"","metadata":{"assignedBy":"Sandip
- Shahane","parameterScopes":{},"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-08-05T23:33:49.256093Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-04T00:25:57.4933757Z"},"enforcementMode":"DoNotEnforce"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/8550b144d33b4f5b8fee28b5","type":"Microsoft.Authorization/policyAssignments","name":"8550b144d33b4f5b8fee28b5"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Diagnostic
- logs in Key Vault should be enabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Sandip
- Shahane","parameterScopes":{},"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-08-05T23:33:32.4535073Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/96dbe57cce5c4513a5366b1c","type":"Microsoft.Authorization/policyAssignments","name":"96dbe57cce5c4513a5366b1c"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Deploy
- Advanced Data Security on SQL servers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Sandip
- Shahane","parameterScopes":{},"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-08-05T23:38:50.3438318Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-08-26T19:55:37.4449707Z"},"enforcementMode":"Default"},"identity":{"principalId":"64f2ce47-849a-4587-afb3-3dc011037096","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/a10235c6e3164c90a2774803","type":"Microsoft.Authorization/policyAssignments","name":"a10235c6e3164c90a2774803","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"GOKMENH
- Test Incident","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/gokmenhTestDefinition","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":["/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/az-cli-policy-insights-test"],"parameters":{"tagName":{"value":"productName"}},"description":"GOKMENH
- test MG take 2","metadata":{"createdBy":"611684ad-7140-4124-b482-8d031bdc553e","createdOn":"2019-06-13T16:04:47.2740504Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-10T19:21:06.2860733Z","parameterScopes":{},"assignedBy":"Sandip
- Shahane"},"enforcementMode":"DoNotEnforce"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/gokmenhPolicyAssignment","type":"Microsoft.Authorization/policyAssignments","name":"gokmenhPolicyAssignment"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"ASC
- Default (subscription: 6e96e86b-389d-47df-926f-699d040c58f7)","policyDefinitionId":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","parameters":{},"description":"This
- is the default set of policies monitored by Azure Security Center. It was
- automatically assigned as part of onboarding to Security Center. The default
- assignment contains only audit policies. For more information please visit
- https://aka.ms/ascpolicies","metadata":{"assignedBy":"Security Center","createdBy":"6878917f-bc1d-4e4e-bb24-12924205b215","createdOn":"2019-02-19T21:00:49.9837993Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn","type":"Microsoft.Authorization/policyAssignments","name":"SecurityCenterBuiltIn"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Deploy
- prerequisites to audit Windows VMs that do not have the specified Windows
- PowerShell execution policy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e0efc13a-122a-47c5-b817-2ccfe5d12615","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/az-cli-policy-insights-test","notScopes":[],"parameters":{"ExecutionPolicy":{"value":"Restricted"}},"metadata":{"assignedBy":"Sandip
- Shahane","parameterScopes":{},"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-10T19:22:58.0436328Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"identity":{"principalId":"24b25701-4dc9-4640-87c6-084146488688","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/az-cli-policy-insights-test/providers/Microsoft.Authorization/policyAssignments/cd7ac64c77ec441dbff7af7c","type":"Microsoft.Authorization/policyAssignments","name":"cd7ac64c77ec441dbff7af7c","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"jilim
- audit subscriptions without security contacts","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/67d90168-f067-43df-bd57-bca4b46df3a0","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","notScopes":[],"parameters":{},"description":"1","metadata":{"assignedBy":"Jin
- Soon Lim","parameterScopes":{},"createdBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","createdOn":"2019-06-07T21:02:59.4330616Z","updatedBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","updatedOn":"2019-06-07T21:12:59.8524735Z"},"enforcementMode":"Default"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyAssignments/ce3fe2b4e1744039bed1d6a2","type":"Microsoft.Authorization/policyAssignments","name":"ce3fe2b4e1744039bed1d6a2","location":"eastus"}]}'
+ string: '{"value":[{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Test
+ Modify initiative","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/55afae72-7df0-417b-9eb7-f756576c854a","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"description":"","metadata":{"assignedBy":"Robert
+ Gao","parameterScopes":{},"createdBy":"0dc80135-ae53-4da3-8695-220a2d93aad8","createdOn":"2019-08-29T00:36:56.3908822Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-11T22:00:41.5492656Z"},"enforcementMode":"Default"},"identity":{"principalId":"48036e81-a2af-4e6c-9624-4908615cc36d","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/3cf2c941d7b2418ca7b860e2","type":"Microsoft.Authorization/policyAssignments","name":"3cf2c941d7b2418ca7b860e2","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"chegg
+ replace tag RG","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d157c373-a6c4-483d-aaad-570756956268","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{"tagName":{"value":"cheggReplaced"},"tagValue":{"value":"true_112019_246PM"}},"description":"","metadata":{"assignedBy":"Chris
+ Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-06T23:26:56.0841235Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-20T22:46:27.8117346Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"9f6b0b38-d4b1-43d7-9ec8-4905306fe6fa","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/98a7c096f5154b8eadd36f8c","type":"Microsoft.Authorization/policyAssignments","name":"98a7c096f5154b8eadd36f8c","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"[Preview]:
+ Audit NIST SP 800-53 R4 controls and deploy specific VM Extensions to support
+ audit requirements","policyDefinitionId":"/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{"logAnalyticsWorkspaceIdforVMReporting":{"value":"fasdff"},"listOfResourceTypesWithDiagnosticLogsEnabled":{"value":["Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"listOfMembersToExcludeFromWindowsVMAdministratorsGroup":{"value":"cheggert"},"listOfMembersToIncludeInWindowsVMAdministratorsGroup":{"value":"rohitbh"}},"description":"This
+ initiative includes audit and VM Extension deployment policies that address
+ a subset of NIST SP 800-53 R4 controls. Additional policies will be added
+ in upcoming releases. For more information, please visit https://aka.ms/nist80053-blueprint.","metadata":{"assignedBy":"Chris
+ Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-20T22:11:26.047177Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-22T04:20:25.4141918Z"},"enforcementMode":"Default"},"identity":{"principalId":"c7519ca7-0d79-4b0f-af0b-0a4cfe3402d0","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/d17bc2764dae4ec1be07d178","type":"Microsoft.Authorization/policyAssignments","name":"d17bc2764dae4ec1be07d178","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"rohitbh:
+ Key vault access policy (Always give Joel access)","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3863c624-094c-480d-bc42-74970b55e5e1","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{"userObjectId":{"value":"644c17f7-2b49-4549-a67f-bcc0448cd850"}},"description":"Assignment
+ description","metadata":{"assignedBy":"Rohit Bhardwaj","parameterScopes":{},"createdBy":"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e","createdOn":"2019-03-26T00:12:03.5422031Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-12T22:23:50.9933459Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"f12ee62c-35e6-45ec-b44b-13587ca23514","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/ebccc544c4dd43d29c937f0c","type":"Microsoft.Authorization/policyAssignments","name":"ebccc544c4dd43d29c937f0c","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"chegg:
+ Replace tag without becoming compliant","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/270f0d11-af30-4c15-95f7-28ba884518f0","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Chris
+ Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-21T00:28:49.7568462Z","updatedBy":null,"updatedOn":null},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"8b9d526a-9e43-4d1b-8bfe-cfe4d90f3b58","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/ee5909f9ee3f4c12bbed6efc","type":"Microsoft.Authorization/policyAssignments","name":"ee5909f9ee3f4c12bbed6efc","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Empty
+ deployment on each KeyVault resource (SUB)","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/78a38c70-5549-49bd-8a16-fe3619e5d2cf","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"description":"Deploys
+ an empty deployment (with one output) on each KeyVault vault. Used for some
+ PolicyInsights SDK tests.","metadata":{"assignedBy":"Chris Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-21T17:43:53.4694168Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-21T17:44:38.1610927Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"dfd2385a-7700-420f-b164-bd9ffb52285b","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/fcddeb6113ec43798567dce2","type":"Microsoft.Authorization/policyAssignments","name":"fcddeb6113ec43798567dce2","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"chegg
+ cli tmp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e0efc13a-122a-47c5-b817-2ccfe5d12615","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/az-cli-policy-insights-test","notScopes":[],"parameters":{"ExecutionPolicy":{"value":"AllSigned"}},"description":"asdf","metadata":{"assignedBy":"Chris
+ Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-12-09T19:28:03.8853753Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-12-09T19:34:17.8856984Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"5ca72371-59ae-48ec-b5ce-b7b2b7e2a265","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/az-cli-policy-insights-test/providers/Microsoft.Authorization/policyAssignments/2a47116300b347c599c4c4d3","type":"Microsoft.Authorization/policyAssignments","name":"2a47116300b347c599c4c4d3","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Empty
+ deployment on each KeyVault resource (MG)","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/78a38c70-5549-49bd-8a16-fe3619e5d2cf","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","notScopes":[],"parameters":{},"description":"Deploys
+ an empty deployment (with one output) on each KeyVault vault. Used for some
+ PolicyInsights SDK tests.","metadata":{"assignedBy":"Chris Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-21T17:44:17.3643721Z","updatedBy":null,"updatedOn":null},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"067c1aa0-c425-4ad5-80fe-41d4639b1d42","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyAssignments/d80d743b97874fd3bfd1d539","type":"Microsoft.Authorization/policyAssignments","name":"d80d743b97874fd3bfd1d539","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Audit
+ tag at MG","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/03ae6c12-b46a-43f1-9f3d-c20620473106","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","notScopes":["/subscriptions/00000000-0000-0000-0000-000000000000"],"parameters":{},"metadata":{"assignedBy":"Chris
+ Eggert","parameterScopes":{},"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-19T21:02:48.2629834Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-10-01T17:50:28.4254014Z"},"enforcementMode":"Default"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyAssignments/ef26e8bbc3da423ebf7fcb80","type":"Microsoft.Authorization/policyAssignments","name":"ef26e8bbc3da423ebf7fcb80"}]}'
headers:
cache-control:
- no-cache
content-length:
- - '8740'
+ - '11729'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 19:33:29 GMT
+ - Mon, 09 Dec 2019 19:53:10 GMT
expires:
- '-1'
pragma:
@@ -120,7 +120,7 @@ interactions:
code: 200
message: OK
- request:
- body: '{"properties": {"policyAssignmentId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/az-cli-policy-insights-test/providers/Microsoft.Authorization/policyAssignments/cd7ac64c77ec441dbff7af7c"}}'
+ body: '{"properties": {"policyAssignmentId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/az-cli-policy-insights-test/providers/Microsoft.Authorization/policyAssignments/2a47116300b347c599c4c4d3"}}'
headers:
Accept:
- application/json
@@ -137,24 +137,24 @@ interactions:
ParameterSetName:
- -n -g -a
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-policyinsights/0.3.1
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-policyinsights/0.3.1 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/az-cli-policy-insights-test/providers/Microsoft.PolicyInsights/remediations/azurecli-test-remediation000001?api-version=2018-07-01-preview
response:
body:
- string: '{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/az-cli-policy-insights-test/providers/microsoft.authorization/policyassignments/cd7ac64c77ec441dbff7af7c","provisioningState":"Accepted","createdOn":"2019-09-10T19:33:30.3835333Z","lastUpdatedOn":"2019-09-10T19:33:30.5398058Z","deploymentStatus":{"totalDeployments":2,"successfulDeployments":0,"failedDeployments":0},"preEvaluateCompliance":false},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/az-cli-policy-insights-test/providers/microsoft.policyinsights/remediations/azurecli-test-remediation000001","name":"azurecli-test-remediation000001","type":"Microsoft.PolicyInsights/remediations"}'
+ string: '{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/az-cli-policy-insights-test/providers/microsoft.authorization/policyassignments/2a47116300b347c599c4c4d3","provisioningState":"Accepted","createdOn":"2019-12-09T19:53:12.5238887Z","lastUpdatedOn":"2019-12-09T19:53:12.8692658Z","deploymentStatus":{"totalDeployments":2,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/az-cli-policy-insights-test/providers/microsoft.policyinsights/remediations/azurecli-test-remediation000001","name":"azurecli-test-remediation000001","type":"Microsoft.PolicyInsights/remediations"}'
headers:
cache-control:
- no-cache
content-length:
- - '740'
+ - '757'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 19:33:30 GMT
+ - Mon, 09 Dec 2019 19:53:13 GMT
expires:
- '-1'
pragma:
@@ -166,7 +166,7 @@ interactions:
x-content-type-options:
- nosniff
x-ms-ratelimit-remaining-subscription-policy-insights-requests:
- - '597'
+ - '599'
x-ms-ratelimit-remaining-subscription-writes:
- '1199'
status:
@@ -186,24 +186,24 @@ interactions:
ParameterSetName:
- -n -g
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-policyinsights/0.3.1
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-policyinsights/0.3.1 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/az-cli-policy-insights-test/providers/Microsoft.PolicyInsights/remediations/azurecli-test-remediation000001?api-version=2018-07-01-preview
response:
body:
- string: '{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/az-cli-policy-insights-test/providers/microsoft.authorization/policyassignments/cd7ac64c77ec441dbff7af7c","provisioningState":"Accepted","createdOn":"2019-09-10T19:33:30.3835333Z","lastUpdatedOn":"2019-09-10T19:33:30.5398058Z","deploymentStatus":{"totalDeployments":2,"successfulDeployments":0,"failedDeployments":0},"preEvaluateCompliance":false},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/az-cli-policy-insights-test/providers/microsoft.policyinsights/remediations/azurecli-test-remediation000001","name":"azurecli-test-remediation000001","type":"Microsoft.PolicyInsights/remediations"}'
+ string: '{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/az-cli-policy-insights-test/providers/microsoft.authorization/policyassignments/2a47116300b347c599c4c4d3","provisioningState":"Accepted","createdOn":"2019-12-09T19:53:12.5238887Z","lastUpdatedOn":"2019-12-09T19:53:12.8692658Z","deploymentStatus":{"totalDeployments":2,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/az-cli-policy-insights-test/providers/microsoft.policyinsights/remediations/azurecli-test-remediation000001","name":"azurecli-test-remediation000001","type":"Microsoft.PolicyInsights/remediations"}'
headers:
cache-control:
- no-cache
content-length:
- - '740'
+ - '757'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 19:33:31 GMT
+ - Mon, 09 Dec 2019 19:53:14 GMT
expires:
- '-1'
pragma:
@@ -237,24 +237,24 @@ interactions:
ParameterSetName:
- -g
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-policyinsights/0.3.1
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-policyinsights/0.3.1 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/az-cli-policy-insights-test/providers/Microsoft.PolicyInsights/remediations?api-version=2018-07-01-preview
response:
body:
- string: '{"value":[{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/az-cli-policy-insights-test/providers/microsoft.authorization/policyassignments/cd7ac64c77ec441dbff7af7c","provisioningState":"Accepted","createdOn":"2019-09-10T19:33:30.3835333Z","lastUpdatedOn":"2019-09-10T19:33:30.5398058Z","deploymentStatus":{"totalDeployments":2,"successfulDeployments":0,"failedDeployments":0},"preEvaluateCompliance":false},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/az-cli-policy-insights-test/providers/microsoft.policyinsights/remediations/azurecli-test-remediation000001","name":"azurecli-test-remediation000001","type":"Microsoft.PolicyInsights/remediations"}]}'
+ string: '{"value":[{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/az-cli-policy-insights-test/providers/microsoft.authorization/policyassignments/2a47116300b347c599c4c4d3","provisioningState":"Running","createdOn":"2019-12-09T19:53:12.5238887Z","lastUpdatedOn":"2019-12-09T19:53:15.7523935Z","deploymentStatus":{"totalDeployments":2,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/az-cli-policy-insights-test/providers/microsoft.policyinsights/remediations/azurecli-test-remediation000001","name":"azurecli-test-remediation000001","type":"Microsoft.PolicyInsights/remediations"}]}'
headers:
cache-control:
- no-cache
content-length:
- - '752'
+ - '768'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 19:33:31 GMT
+ - Mon, 09 Dec 2019 19:53:15 GMT
expires:
- '-1'
pragma:
@@ -270,7 +270,7 @@ interactions:
x-content-type-options:
- nosniff
x-ms-ratelimit-remaining-subscription-policy-insights-requests:
- - '599'
+ - '598'
status:
code: 200
message: OK
@@ -290,24 +290,24 @@ interactions:
ParameterSetName:
- -n -g
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-policyinsights/0.3.1
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-policyinsights/0.3.1 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: POST
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/az-cli-policy-insights-test/providers/Microsoft.PolicyInsights/remediations/azurecli-test-remediation000001/listDeployments?api-version=2018-07-01-preview
response:
body:
- string: '{"value":[{"remediatedResourceId":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/az-cli-policy-insights-test/providers/microsoft.compute/virtualmachines/vm1","status":"NotStarted","resourceLocation":"eastus","createdOn":"2019-09-10T19:33:30.3835333Z","lastUpdatedOn":"2019-09-10T19:33:30.4616574Z"},{"remediatedResourceId":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/az-cli-policy-insights-test/providers/microsoft.compute/virtualmachines/vm2","status":"NotStarted","resourceLocation":"southcentralus","createdOn":"2019-09-10T19:33:30.3835333Z","lastUpdatedOn":"2019-09-10T19:33:30.4616574Z"}]}'
+ string: '{"value":[{"remediatedResourceId":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/az-cli-policy-insights-test/providers/microsoft.compute/virtualmachines/cheggvm2","status":"Evaluating","resourceLocation":"westus2","createdOn":"2019-12-09T19:53:12.5238887Z","lastUpdatedOn":"2019-12-09T19:53:15.736768Z"},{"remediatedResourceId":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/az-cli-policy-insights-test/providers/microsoft.compute/virtualmachines/cheggvm1","status":"Evaluating","resourceLocation":"eastus","createdOn":"2019-12-09T19:53:12.5238887Z","lastUpdatedOn":"2019-12-09T19:53:15.6876601Z"}]}'
headers:
cache-control:
- no-cache
content-length:
- - '639'
+ - '641'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 19:33:32 GMT
+ - Mon, 09 Dec 2019 19:53:16 GMT
expires:
- '-1'
pragma:
@@ -343,24 +343,24 @@ interactions:
ParameterSetName:
- -n -g
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-policyinsights/0.3.1
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-policyinsights/0.3.1 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: POST
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/az-cli-policy-insights-test/providers/Microsoft.PolicyInsights/remediations/azurecli-test-remediation000001/cancel?api-version=2018-07-01-preview
response:
body:
- string: '{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/az-cli-policy-insights-test/providers/microsoft.authorization/policyassignments/cd7ac64c77ec441dbff7af7c","provisioningState":"Cancelling","createdOn":"2019-09-10T19:33:30.3835333Z","lastUpdatedOn":"2019-09-10T19:33:33.0803318Z","deploymentStatus":{"totalDeployments":2,"successfulDeployments":0,"failedDeployments":0},"preEvaluateCompliance":false},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/az-cli-policy-insights-test/providers/microsoft.policyinsights/remediations/azurecli-test-remediation000001","name":"azurecli-test-remediation000001","type":"Microsoft.PolicyInsights/remediations"}'
+ string: '{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/az-cli-policy-insights-test/providers/microsoft.authorization/policyassignments/2a47116300b347c599c4c4d3","provisioningState":"Cancelling","createdOn":"2019-12-09T19:53:12.5238887Z","lastUpdatedOn":"2019-12-09T19:53:17.7954419Z","deploymentStatus":{"totalDeployments":2,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/az-cli-policy-insights-test/providers/microsoft.policyinsights/remediations/azurecli-test-remediation000001","name":"azurecli-test-remediation000001","type":"Microsoft.PolicyInsights/remediations"}'
headers:
cache-control:
- no-cache
content-length:
- - '742'
+ - '759'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 19:33:32 GMT
+ - Mon, 09 Dec 2019 19:53:17 GMT
expires:
- '-1'
pragma:
@@ -376,7 +376,7 @@ interactions:
x-content-type-options:
- nosniff
x-ms-ratelimit-remaining-subscription-policy-insights-requests:
- - '596'
+ - '599'
x-ms-ratelimit-remaining-subscription-writes:
- '1199'
status:
diff --git a/src/azure-cli/azure/cli/command_modules/policyinsights/tests/latest/recordings/test_policy_insights_remediation_management_group.yaml b/src/azure-cli/azure/cli/command_modules/policyinsights/tests/latest/recordings/test_policy_insights_remediation_management_group.yaml
index 8efda67fc5e..bb5fac09082 100644
--- a/src/azure-cli/azure/cli/command_modules/policyinsights/tests/latest/recordings/test_policy_insights_remediation_management_group.yaml
+++ b/src/azure-cli/azure/cli/command_modules/policyinsights/tests/latest/recordings/test_policy_insights_remediation_management_group.yaml
@@ -15,24 +15,24 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: POST
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Management/register?api-version=2019-07-01
response:
body:
- string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Management","namespace":"Microsoft.Management","authorization":{"applicationId":"f2c304cf-8e7e-4c3f-8164-16299ad9d272","roleDefinitionId":"c1cf3708-588a-4647-be7f-f400bbe214cf"},"resourceTypes":[{"resourceType":"resources","locations":[],"apiVersions":["2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"],"capabilities":"None"},{"resourceType":"managementGroups","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-03-01-alpha","2018-01-01-preview","2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"],"capabilities":"None"},{"resourceType":"getEntities","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-03-01-alpha","2018-01-01-preview"],"capabilities":"None"},{"resourceType":"checkNameAvailability","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-03-01-alpha","2018-01-01-preview"],"capabilities":"None"},{"resourceType":"operationResults","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-03-01-alpha","2018-01-01-preview"],"capabilities":"None"},{"resourceType":"operations","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-03-01-alpha","2018-01-01-preview","2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"],"capabilities":"None"},{"resourceType":"tenantBackfillStatus","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-03-01-alpha"],"capabilities":"None"},{"resourceType":"startTenantBackfill","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-03-01-alpha"],"capabilities":"None"}],"registrationState":"Registered","registrationPolicy":"RegistrationRequired"}'
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Management","namespace":"Microsoft.Management","authorization":{"applicationId":"f2c304cf-8e7e-4c3f-8164-16299ad9d272","roleDefinitionId":"c1cf3708-588a-4647-be7f-f400bbe214cf"},"resourceTypes":[{"resourceType":"resources","locations":[],"apiVersions":["2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"],"capabilities":"None"},{"resourceType":"managementGroups","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview","2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"],"capabilities":"None"},{"resourceType":"getEntities","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview"],"capabilities":"None"},{"resourceType":"checkNameAvailability","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview"],"capabilities":"None"},{"resourceType":"operationResults","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview"],"capabilities":"None"},{"resourceType":"operations","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview","2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"],"capabilities":"None"},{"resourceType":"tenantBackfillStatus","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta"],"capabilities":"None"},{"resourceType":"startTenantBackfill","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta"],"capabilities":"None"}],"registrationState":"Registered","registrationPolicy":"RegistrationRequired"}'
headers:
cache-control:
- no-cache
content-length:
- - '1821'
+ - '1688'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:48:08 GMT
+ - Mon, 09 Dec 2019 19:19:08 GMT
expires:
- '-1'
pragma:
@@ -64,24 +64,24 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Management?api-version=2019-07-01
response:
body:
- string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Management","namespace":"Microsoft.Management","authorization":{"applicationId":"f2c304cf-8e7e-4c3f-8164-16299ad9d272","roleDefinitionId":"c1cf3708-588a-4647-be7f-f400bbe214cf"},"resourceTypes":[{"resourceType":"resources","locations":[],"apiVersions":["2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"],"capabilities":"None"},{"resourceType":"managementGroups","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-03-01-alpha","2018-01-01-preview","2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"],"capabilities":"None"},{"resourceType":"getEntities","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-03-01-alpha","2018-01-01-preview"],"capabilities":"None"},{"resourceType":"checkNameAvailability","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-03-01-alpha","2018-01-01-preview"],"capabilities":"None"},{"resourceType":"operationResults","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-03-01-alpha","2018-01-01-preview"],"capabilities":"None"},{"resourceType":"operations","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-03-01-alpha","2018-01-01-preview","2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"],"capabilities":"None"},{"resourceType":"tenantBackfillStatus","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-03-01-alpha"],"capabilities":"None"},{"resourceType":"startTenantBackfill","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-03-01-alpha"],"capabilities":"None"}],"registrationState":"Registered","registrationPolicy":"RegistrationRequired"}'
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Management","namespace":"Microsoft.Management","authorization":{"applicationId":"f2c304cf-8e7e-4c3f-8164-16299ad9d272","roleDefinitionId":"c1cf3708-588a-4647-be7f-f400bbe214cf"},"resourceTypes":[{"resourceType":"resources","locations":[],"apiVersions":["2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"],"capabilities":"None"},{"resourceType":"managementGroups","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview","2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"],"capabilities":"None"},{"resourceType":"getEntities","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview"],"capabilities":"None"},{"resourceType":"checkNameAvailability","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview"],"capabilities":"None"},{"resourceType":"operationResults","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview"],"capabilities":"None"},{"resourceType":"operations","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview","2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"],"capabilities":"None"},{"resourceType":"tenantBackfillStatus","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta"],"capabilities":"None"},{"resourceType":"startTenantBackfill","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta"],"capabilities":"None"}],"registrationState":"Registered","registrationPolicy":"RegistrationRequired"}'
headers:
cache-control:
- no-cache
content-length:
- - '1821'
+ - '1688'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:48:18 GMT
+ - Mon, 09 Dec 2019 19:19:18 GMT
expires:
- '-1'
pragma:
@@ -115,8 +115,8 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-managementgroups/0.2.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
@@ -132,7 +132,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:48:20 GMT
+ - Mon, 09 Dec 2019 19:19:19 GMT
expires:
- '-1'
location:
@@ -140,21 +140,15 @@ interactions:
pragma:
- no-cache
request-id:
- - 4c8fed29-8413-41c8-bcf0-b1ece847dd0d
- server:
- - Microsoft-IIS/10.0
+ - 2af27664-c3a0-423f-bf6a-79d43383bd12
strict-transport-security:
- max-age=31536000; includeSubDomains
- x-aspnet-version:
- - 4.0.30319
x-ba-restapi:
- - 1.0.3.1529
+ - 1.0.3.1543
x-content-type-options:
- nosniff
x-ms-ratelimit-remaining-tenant-writes:
- '1199'
- x-powered-by:
- - ASP.NET
status:
code: 202
message: Accepted
@@ -172,8 +166,8 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-managementgroups/0.2.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.0.77
method: GET
uri: https://management.azure.com/providers/Microsoft.Management/operationResults/create/managementGroups/cli-test-mg000003?api-version=2018-03-01-preview
response:
@@ -187,7 +181,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:48:30 GMT
+ - Mon, 09 Dec 2019 19:19:30 GMT
expires:
- '-1'
location:
@@ -195,19 +189,154 @@ interactions:
pragma:
- no-cache
request-id:
- - 6bfdf2bc-22bd-4150-b436-b5637f62daca
- server:
- - Microsoft-IIS/10.0
+ - 794e3711-87d5-4542-bfca-efa0795d02bc
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-ba-restapi:
+ - 1.0.3.1543
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 202
+ message: Accepted
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - account management-group create
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Management/operationResults/create/managementGroups/cli-test-mg000003?api-version=2018-03-01-preview
+ response:
+ body:
+ string: '{"id":"/providers/Microsoft.Management/managementGroups/cli-test-mg000003","type":"/providers/Microsoft.Management/managementGroups","name":"cli-test-mg000003","status":"Running"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '205'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Mon, 09 Dec 2019 19:19:41 GMT
+ expires:
+ - '-1'
+ location:
+ - https://management.azure.com/providers/Microsoft.Management/operationResults/create/managementGroups/cli-test-mg000003?api-version=2018-03-01-preview
+ pragma:
+ - no-cache
+ request-id:
+ - 586d62a3-8727-40c3-b022-90a34763a09f
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-ba-restapi:
+ - 1.0.3.1543
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 202
+ message: Accepted
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - account management-group create
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Management/operationResults/create/managementGroups/cli-test-mg000003?api-version=2018-03-01-preview
+ response:
+ body:
+ string: '{"id":"/providers/Microsoft.Management/managementGroups/cli-test-mg000003","type":"/providers/Microsoft.Management/managementGroups","name":"cli-test-mg000003","status":"Running"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '205'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Mon, 09 Dec 2019 19:19:52 GMT
+ expires:
+ - '-1'
+ location:
+ - https://management.azure.com/providers/Microsoft.Management/operationResults/create/managementGroups/cli-test-mg000003?api-version=2018-03-01-preview
+ pragma:
+ - no-cache
+ request-id:
+ - 7b6dce05-fe1b-4535-b140-3d104891c18a
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-ba-restapi:
+ - 1.0.3.1543
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 202
+ message: Accepted
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - account management-group create
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Management/operationResults/create/managementGroups/cli-test-mg000003?api-version=2018-03-01-preview
+ response:
+ body:
+ string: '{"id":"/providers/Microsoft.Management/managementGroups/cli-test-mg000003","type":"/providers/Microsoft.Management/managementGroups","name":"cli-test-mg000003","status":"Running"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '205'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Mon, 09 Dec 2019 19:20:02 GMT
+ expires:
+ - '-1'
+ location:
+ - https://management.azure.com/providers/Microsoft.Management/operationResults/create/managementGroups/cli-test-mg000003?api-version=2018-03-01-preview
+ pragma:
+ - no-cache
+ request-id:
+ - 95b3eec1-0726-4dac-a590-a15619325e30
strict-transport-security:
- max-age=31536000; includeSubDomains
- x-aspnet-version:
- - 4.0.30319
x-ba-restapi:
- - 1.0.3.1529
+ - 1.0.3.1543
x-content-type-options:
- nosniff
- x-powered-by:
- - ASP.NET
status:
code: 202
message: Accepted
@@ -225,13 +354,60 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-managementgroups/0.2.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.0.77
method: GET
uri: https://management.azure.com/providers/Microsoft.Management/operationResults/create/managementGroups/cli-test-mg000003?api-version=2018-03-01-preview
response:
body:
- string: '{"id":"/providers/Microsoft.Management/managementGroups/cli-test-mg000003","type":"/providers/Microsoft.Management/managementGroups","name":"cli-test-mg000003","status":"Succeeded","properties":{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","displayName":"cli-test-mg000003","details":{"version":1,"updatedTime":"2019-09-10T18:48:25.5059959Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","parent":{"id":"/providers/Microsoft.Management/managementGroups/72f988bf-86f1-41af-91ab-2d7cd011db47","name":"72f988bf-86f1-41af-91ab-2d7cd011db47","displayName":"72f988bf-86f1-41af-91ab-2d7cd011db47"}}}}'
+ string: '{"id":"/providers/Microsoft.Management/managementGroups/cli-test-mg000003","type":"/providers/Microsoft.Management/managementGroups","name":"cli-test-mg000003","status":"Running"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '205'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Mon, 09 Dec 2019 19:20:13 GMT
+ expires:
+ - '-1'
+ location:
+ - https://management.azure.com/providers/Microsoft.Management/operationResults/create/managementGroups/cli-test-mg000003?api-version=2018-03-01-preview
+ pragma:
+ - no-cache
+ request-id:
+ - a37ee4dc-3bf6-4f86-b54a-d998a1eec227
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-ba-restapi:
+ - 1.0.3.1543
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 202
+ message: Accepted
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - account management-group create
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Management/operationResults/create/managementGroups/cli-test-mg000003?api-version=2018-03-01-preview
+ response:
+ body:
+ string: '{"id":"/providers/Microsoft.Management/managementGroups/cli-test-mg000003","type":"/providers/Microsoft.Management/managementGroups","name":"cli-test-mg000003","status":"Succeeded","properties":{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","displayName":"cli-test-mg000003","details":{"version":1,"updatedTime":"2019-12-09T19:20:03.3772203Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","parent":{"id":"/providers/Microsoft.Management/managementGroups/72f988bf-86f1-41af-91ab-2d7cd011db47","name":"72f988bf-86f1-41af-91ab-2d7cd011db47","displayName":"72f988bf-86f1-41af-91ab-2d7cd011db47"}}}}'
headers:
cache-control:
- no-cache
@@ -240,29 +416,23 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:48:44 GMT
+ - Mon, 09 Dec 2019 19:20:24 GMT
expires:
- '-1'
pragma:
- no-cache
request-id:
- - aae096a5-52d2-4bc0-a9f7-84dc76f660f2
- server:
- - Microsoft-IIS/10.0
+ - 1d30f020-c254-4297-a201-b461ea1f7e2e
strict-transport-security:
- max-age=31536000; includeSubDomains
transfer-encoding:
- chunked
vary:
- Accept-Encoding,Accept-Encoding
- x-aspnet-version:
- - 4.0.30319
x-ba-restapi:
- - 1.0.3.1529
+ - 1.0.3.1543
x-content-type-options:
- nosniff
- x-powered-by:
- - ASP.NET
status:
code: 200
message: OK
@@ -280,12 +450,12 @@ interactions:
ParameterSetName:
- --scope --policy -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
@@ -298,7 +468,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:48:45 GMT
+ - Mon, 09 Dec 2019 19:20:26 GMT
expires:
- '-1'
pragma:
@@ -324,12 +494,12 @@ interactions:
ParameterSetName:
- --scope --policy -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d?api-version=2019-09-01
response:
body:
string: '{"properties":{"displayName":"Audit VMs that do not use managed disks","policyType":"BuiltIn","mode":"All","description":"This
@@ -342,7 +512,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:48:45 GMT
+ - Mon, 09 Dec 2019 19:20:26 GMT
expires:
- '-1'
pragma:
@@ -378,15 +548,15 @@ interactions:
ParameterSetName:
- --scope --policy -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
- uri: https://management.azure.com/providers/Microsoft.Management/managementGroups/cli-test-mg000003/providers/Microsoft.Authorization/policyAssignments/cli-test-pa000001?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Management/managementGroups/cli-test-mg000003/providers/Microsoft.Authorization/policyAssignments/cli-test-pa000001?api-version=2019-09-01
response:
body:
- string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/providers/Microsoft.Management/managementGroups/cli-test-mg000003","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-10T18:48:47.9052692Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/providers/Microsoft.Management/managementGroups/cli-test-mg000003/providers/Microsoft.Authorization/policyAssignments/cli-test-pa000001","type":"Microsoft.Authorization/policyAssignments","name":"cli-test-pa000001"}'
+ string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/providers/Microsoft.Management/managementGroups/cli-test-mg000003","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-09T19:20:27.7344082Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/providers/Microsoft.Management/managementGroups/cli-test-mg000003/providers/Microsoft.Authorization/policyAssignments/cli-test-pa000001","type":"Microsoft.Authorization/policyAssignments","name":"cli-test-pa000001"}'
headers:
cache-control:
- no-cache
@@ -395,7 +565,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:48:47 GMT
+ - Mon, 09 Dec 2019 19:20:27 GMT
expires:
- '-1'
pragma:
@@ -427,24 +597,24 @@ interactions:
ParameterSetName:
- -n -m -a
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-policyinsights/0.3.1
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-policyinsights/0.3.1 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
uri: https://management.azure.com/providers/Microsoft.Management/managementGroups/cli-test-mg000003/providers/Microsoft.PolicyInsights/remediations/cli-test-remediation000002?api-version=2018-07-01-preview
response:
body:
- string: '{"properties":{"policyAssignmentId":"/providers/microsoft.management/managementgroups/cli-test-mg000003/providers/microsoft.authorization/policyassignments/cli-test-pa000001","provisioningState":"Succeeded","createdOn":"2019-09-10T18:48:48.9330346Z","lastUpdatedOn":"2019-09-10T18:48:49.0111372Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"preEvaluateCompliance":false},"id":"/providers/microsoft.management/managementgroups/cli-test-mg000003/providers/microsoft.policyinsights/remediations/cli-test-remediation000002","name":"cli-test-remediation000002","type":"Microsoft.PolicyInsights/remediations"}'
+ string: '{"properties":{"policyAssignmentId":"/providers/microsoft.management/managementgroups/cli-test-mg000003/providers/microsoft.authorization/policyassignments/cli-test-pa000001","provisioningState":"Succeeded","createdOn":"2019-12-09T19:20:29.4193301Z","lastUpdatedOn":"2019-12-09T19:20:29.4817048Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/providers/microsoft.management/managementgroups/cli-test-mg000003/providers/microsoft.policyinsights/remediations/cli-test-remediation000002","name":"cli-test-remediation000002","type":"Microsoft.PolicyInsights/remediations"}'
headers:
cache-control:
- no-cache
content-length:
- - '690'
+ - '707'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:48:48 GMT
+ - Mon, 09 Dec 2019 19:20:29 GMT
expires:
- '-1'
pragma:
@@ -476,24 +646,24 @@ interactions:
ParameterSetName:
- -n -m
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-policyinsights/0.3.1
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-policyinsights/0.3.1 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
uri: https://management.azure.com/providers/Microsoft.Management/managementGroups/cli-test-mg000003/providers/Microsoft.PolicyInsights/remediations/cli-test-remediation000002?api-version=2018-07-01-preview
response:
body:
- string: '{"properties":{"policyAssignmentId":"/providers/microsoft.management/managementgroups/cli-test-mg000003/providers/microsoft.authorization/policyassignments/cli-test-pa000001","provisioningState":"Succeeded","createdOn":"2019-09-10T18:48:48.9330346Z","lastUpdatedOn":"2019-09-10T18:48:49.0111372Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"preEvaluateCompliance":false},"id":"/providers/microsoft.management/managementgroups/cli-test-mg000003/providers/microsoft.policyinsights/remediations/cli-test-remediation000002","name":"cli-test-remediation000002","type":"Microsoft.PolicyInsights/remediations"}'
+ string: '{"properties":{"policyAssignmentId":"/providers/microsoft.management/managementgroups/cli-test-mg000003/providers/microsoft.authorization/policyassignments/cli-test-pa000001","provisioningState":"Succeeded","createdOn":"2019-12-09T19:20:29.4193301Z","lastUpdatedOn":"2019-12-09T19:20:29.4817048Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/providers/microsoft.management/managementgroups/cli-test-mg000003/providers/microsoft.policyinsights/remediations/cli-test-remediation000002","name":"cli-test-remediation000002","type":"Microsoft.PolicyInsights/remediations"}'
headers:
cache-control:
- no-cache
content-length:
- - '690'
+ - '707'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:48:49 GMT
+ - Mon, 09 Dec 2019 19:20:29 GMT
expires:
- '-1'
pragma:
@@ -527,24 +697,24 @@ interactions:
ParameterSetName:
- -m
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-policyinsights/0.3.1
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-policyinsights/0.3.1 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
uri: https://management.azure.com/providers/Microsoft.Management/managementGroups/cli-test-mg000003/providers/Microsoft.PolicyInsights/remediations?api-version=2018-07-01-preview
response:
body:
- string: '{"value":[{"properties":{"policyAssignmentId":"/providers/microsoft.management/managementgroups/cli-test-mg000003/providers/microsoft.authorization/policyassignments/cli-test-pa000001","provisioningState":"Succeeded","createdOn":"2019-09-10T18:48:48.9330346Z","lastUpdatedOn":"2019-09-10T18:48:49.0111372Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"preEvaluateCompliance":false},"id":"/providers/microsoft.management/managementgroups/cli-test-mg000003/providers/microsoft.policyinsights/remediations/cli-test-remediation000002","name":"cli-test-remediation000002","type":"Microsoft.PolicyInsights/remediations"}]}'
+ string: '{"value":[{"properties":{"policyAssignmentId":"/providers/microsoft.management/managementgroups/cli-test-mg000003/providers/microsoft.authorization/policyassignments/cli-test-pa000001","provisioningState":"Succeeded","createdOn":"2019-12-09T19:20:29.4193301Z","lastUpdatedOn":"2019-12-09T19:20:29.4817048Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/providers/microsoft.management/managementgroups/cli-test-mg000003/providers/microsoft.policyinsights/remediations/cli-test-remediation000002","name":"cli-test-remediation000002","type":"Microsoft.PolicyInsights/remediations"}]}'
headers:
cache-control:
- no-cache
content-length:
- - '702'
+ - '719'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:48:50 GMT
+ - Mon, 09 Dec 2019 19:20:31 GMT
expires:
- '-1'
pragma:
@@ -580,8 +750,8 @@ interactions:
ParameterSetName:
- -n -m
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-policyinsights/0.3.1
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-policyinsights/0.3.1 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: POST
@@ -597,7 +767,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:48:49 GMT
+ - Mon, 09 Dec 2019 19:20:32 GMT
expires:
- '-1'
pragma:
@@ -613,7 +783,7 @@ interactions:
x-content-type-options:
- nosniff
x-ms-ratelimit-remaining-tenant-policy-insights-requests:
- - '199'
+ - '198'
status:
code: 200
message: OK
@@ -633,24 +803,24 @@ interactions:
ParameterSetName:
- -n -m
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-policyinsights/0.3.1
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-policyinsights/0.3.1 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: DELETE
uri: https://management.azure.com/providers/Microsoft.Management/managementGroups/cli-test-mg000003/providers/Microsoft.PolicyInsights/remediations/cli-test-remediation000002?api-version=2018-07-01-preview
response:
body:
- string: '{"properties":{"policyAssignmentId":"/providers/microsoft.management/managementgroups/cli-test-mg000003/providers/microsoft.authorization/policyassignments/cli-test-pa000001","provisioningState":"Succeeded","createdOn":"2019-09-10T18:48:48.9330346Z","lastUpdatedOn":"2019-09-10T18:48:49.0111372Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"preEvaluateCompliance":false},"id":"/providers/microsoft.management/managementgroups/cli-test-mg000003/providers/microsoft.policyinsights/remediations/cli-test-remediation000002","name":"cli-test-remediation000002","type":"Microsoft.PolicyInsights/remediations"}'
+ string: '{"properties":{"policyAssignmentId":"/providers/microsoft.management/managementgroups/cli-test-mg000003/providers/microsoft.authorization/policyassignments/cli-test-pa000001","provisioningState":"Succeeded","createdOn":"2019-12-09T19:20:29.4193301Z","lastUpdatedOn":"2019-12-09T19:20:29.4817048Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/providers/microsoft.management/managementgroups/cli-test-mg000003/providers/microsoft.policyinsights/remediations/cli-test-remediation000002","name":"cli-test-remediation000002","type":"Microsoft.PolicyInsights/remediations"}'
headers:
cache-control:
- no-cache
content-length:
- - '690'
+ - '707'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:48:51 GMT
+ - Mon, 09 Dec 2019 19:20:34 GMT
expires:
- '-1'
pragma:
@@ -686,8 +856,8 @@ interactions:
ParameterSetName:
- -m
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-policyinsights/0.3.1
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-policyinsights/0.3.1 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
@@ -703,7 +873,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:48:51 GMT
+ - Mon, 09 Dec 2019 19:20:35 GMT
expires:
- '-1'
pragma:
@@ -719,7 +889,7 @@ interactions:
x-content-type-options:
- nosniff
x-ms-ratelimit-remaining-tenant-policy-insights-requests:
- - '198'
+ - '199'
status:
code: 200
message: OK
@@ -739,15 +909,15 @@ interactions:
ParameterSetName:
- -n --scope
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: DELETE
- uri: https://management.azure.com/providers/Microsoft.Management/managementGroups/cli-test-mg000003/providers/Microsoft.Authorization/policyAssignments/cli-test-pa000001?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Management/managementGroups/cli-test-mg000003/providers/Microsoft.Authorization/policyAssignments/cli-test-pa000001?api-version=2019-09-01
response:
body:
- string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/providers/Microsoft.Management/managementGroups/cli-test-mg000003","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-10T18:48:47.9052692Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/providers/Microsoft.Management/managementGroups/cli-test-mg000003/providers/Microsoft.Authorization/policyAssignments/cli-test-pa000001","type":"Microsoft.Authorization/policyAssignments","name":"cli-test-pa000001"}'
+ string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/providers/Microsoft.Management/managementGroups/cli-test-mg000003","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-09T19:20:27.7344082Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/providers/Microsoft.Management/managementGroups/cli-test-mg000003/providers/Microsoft.Authorization/policyAssignments/cli-test-pa000001","type":"Microsoft.Authorization/policyAssignments","name":"cli-test-pa000001"}'
headers:
cache-control:
- no-cache
@@ -756,7 +926,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:48:52 GMT
+ - Mon, 09 Dec 2019 19:20:35 GMT
expires:
- '-1'
pragma:
@@ -790,24 +960,24 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: POST
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Management/register?api-version=2019-07-01
response:
body:
- string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Management","namespace":"Microsoft.Management","authorization":{"applicationId":"f2c304cf-8e7e-4c3f-8164-16299ad9d272","roleDefinitionId":"c1cf3708-588a-4647-be7f-f400bbe214cf"},"resourceTypes":[{"resourceType":"resources","locations":[],"apiVersions":["2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"],"capabilities":"None"},{"resourceType":"managementGroups","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-03-01-alpha","2018-01-01-preview","2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"],"capabilities":"None"},{"resourceType":"getEntities","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-03-01-alpha","2018-01-01-preview"],"capabilities":"None"},{"resourceType":"checkNameAvailability","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-03-01-alpha","2018-01-01-preview"],"capabilities":"None"},{"resourceType":"operationResults","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-03-01-alpha","2018-01-01-preview"],"capabilities":"None"},{"resourceType":"operations","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-03-01-alpha","2018-01-01-preview","2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"],"capabilities":"None"},{"resourceType":"tenantBackfillStatus","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-03-01-alpha"],"capabilities":"None"},{"resourceType":"startTenantBackfill","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-03-01-alpha"],"capabilities":"None"}],"registrationState":"Registered","registrationPolicy":"RegistrationRequired"}'
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Management","namespace":"Microsoft.Management","authorization":{"applicationId":"f2c304cf-8e7e-4c3f-8164-16299ad9d272","roleDefinitionId":"c1cf3708-588a-4647-be7f-f400bbe214cf"},"resourceTypes":[{"resourceType":"resources","locations":[],"apiVersions":["2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"],"capabilities":"None"},{"resourceType":"managementGroups","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview","2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"],"capabilities":"None"},{"resourceType":"getEntities","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview"],"capabilities":"None"},{"resourceType":"checkNameAvailability","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview"],"capabilities":"None"},{"resourceType":"operationResults","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview"],"capabilities":"None"},{"resourceType":"operations","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview","2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"],"capabilities":"None"},{"resourceType":"tenantBackfillStatus","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta"],"capabilities":"None"},{"resourceType":"startTenantBackfill","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta"],"capabilities":"None"}],"registrationState":"Registered","registrationPolicy":"RegistrationRequired"}'
headers:
cache-control:
- no-cache
content-length:
- - '1821'
+ - '1688'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:48:54 GMT
+ - Mon, 09 Dec 2019 19:20:38 GMT
expires:
- '-1'
pragma:
@@ -839,24 +1009,24 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Management?api-version=2019-07-01
response:
body:
- string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Management","namespace":"Microsoft.Management","authorization":{"applicationId":"f2c304cf-8e7e-4c3f-8164-16299ad9d272","roleDefinitionId":"c1cf3708-588a-4647-be7f-f400bbe214cf"},"resourceTypes":[{"resourceType":"resources","locations":[],"apiVersions":["2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"],"capabilities":"None"},{"resourceType":"managementGroups","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-03-01-alpha","2018-01-01-preview","2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"],"capabilities":"None"},{"resourceType":"getEntities","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-03-01-alpha","2018-01-01-preview"],"capabilities":"None"},{"resourceType":"checkNameAvailability","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-03-01-alpha","2018-01-01-preview"],"capabilities":"None"},{"resourceType":"operationResults","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-03-01-alpha","2018-01-01-preview"],"capabilities":"None"},{"resourceType":"operations","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-03-01-alpha","2018-01-01-preview","2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"],"capabilities":"None"},{"resourceType":"tenantBackfillStatus","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-03-01-alpha"],"capabilities":"None"},{"resourceType":"startTenantBackfill","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-03-01-alpha"],"capabilities":"None"}],"registrationState":"Registered","registrationPolicy":"RegistrationRequired"}'
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Management","namespace":"Microsoft.Management","authorization":{"applicationId":"f2c304cf-8e7e-4c3f-8164-16299ad9d272","roleDefinitionId":"c1cf3708-588a-4647-be7f-f400bbe214cf"},"resourceTypes":[{"resourceType":"resources","locations":[],"apiVersions":["2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"],"capabilities":"None"},{"resourceType":"managementGroups","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview","2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"],"capabilities":"None"},{"resourceType":"getEntities","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview"],"capabilities":"None"},{"resourceType":"checkNameAvailability","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview"],"capabilities":"None"},{"resourceType":"operationResults","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview"],"capabilities":"None"},{"resourceType":"operations","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview","2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"],"capabilities":"None"},{"resourceType":"tenantBackfillStatus","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta"],"capabilities":"None"},{"resourceType":"startTenantBackfill","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta"],"capabilities":"None"}],"registrationState":"Registered","registrationPolicy":"RegistrationRequired"}'
headers:
cache-control:
- no-cache
content-length:
- - '1821'
+ - '1688'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:49:04 GMT
+ - Mon, 09 Dec 2019 19:20:48 GMT
expires:
- '-1'
pragma:
@@ -888,8 +1058,8 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-managementgroups/0.2.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: DELETE
@@ -905,7 +1075,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:49:11 GMT
+ - Mon, 09 Dec 2019 19:20:50 GMT
expires:
- '-1'
location:
@@ -913,21 +1083,15 @@ interactions:
pragma:
- no-cache
request-id:
- - 8139e9af-980e-406e-9c52-7ff1a269a239
- server:
- - Microsoft-IIS/10.0
+ - 61f21d00-7413-4e45-a320-06a9a9bb5c4f
strict-transport-security:
- max-age=31536000; includeSubDomains
- x-aspnet-version:
- - 4.0.30319
x-ba-restapi:
- - 1.0.3.1529
+ - 1.0.3.1543
x-content-type-options:
- nosniff
x-ms-ratelimit-remaining-tenant-deletes:
- '14999'
- x-powered-by:
- - ASP.NET
status:
code: 202
message: Accepted
@@ -945,22 +1109,22 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-managementgroups/0.2.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.0.77
method: GET
uri: https://management.azure.com/providers/Microsoft.Management/operationResults/delete/managementGroups/cli-test-mg000003?api-version=2018-03-01-preview
response:
body:
- string: '{"id":"/providers/Microsoft.Management/managementGroups/cli-test-mg000003","type":"/providers/Microsoft.Management/managementGroups","name":"cli-test-mg000003","status":"NotStarted"}'
+ string: '{"id":"/providers/Microsoft.Management/managementGroups/cli-test-mg000003","type":"/providers/Microsoft.Management/managementGroups","name":"cli-test-mg000003","status":"Running"}'
headers:
cache-control:
- no-cache
content-length:
- - '208'
+ - '205'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:49:20 GMT
+ - Mon, 09 Dec 2019 19:21:00 GMT
expires:
- '-1'
location:
@@ -968,19 +1132,13 @@ interactions:
pragma:
- no-cache
request-id:
- - 8f962eeb-4c64-44c8-b696-20a662809044
- server:
- - Microsoft-IIS/10.0
+ - 740b6843-dcc7-46c2-b92a-41ef67feb694
strict-transport-security:
- max-age=31536000; includeSubDomains
- x-aspnet-version:
- - 4.0.30319
x-ba-restapi:
- - 1.0.3.1529
+ - 1.0.3.1543
x-content-type-options:
- nosniff
- x-powered-by:
- - ASP.NET
status:
code: 202
message: Accepted
@@ -998,8 +1156,8 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-managementgroups/0.2.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.0.77
method: GET
uri: https://management.azure.com/providers/Microsoft.Management/operationResults/delete/managementGroups/cli-test-mg000003?api-version=2018-03-01-preview
response:
@@ -1013,29 +1171,23 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:49:31 GMT
+ - Mon, 09 Dec 2019 19:21:11 GMT
expires:
- '-1'
pragma:
- no-cache
request-id:
- - 92e06631-20dc-405a-a77a-d2889cde53e7
- server:
- - Microsoft-IIS/10.0
+ - 45877e83-7418-4b86-9b19-c7967b4607a8
strict-transport-security:
- max-age=31536000; includeSubDomains
transfer-encoding:
- chunked
vary:
- Accept-Encoding,Accept-Encoding
- x-aspnet-version:
- - 4.0.30319
x-ba-restapi:
- - 1.0.3.1529
+ - 1.0.3.1543
x-content-type-options:
- nosniff
- x-powered-by:
- - ASP.NET
status:
code: 200
message: OK
diff --git a/src/azure-cli/azure/cli/command_modules/policyinsights/tests/latest/recordings/test_policy_insights_remediation_policy_set.yaml b/src/azure-cli/azure/cli/command_modules/policyinsights/tests/latest/recordings/test_policy_insights_remediation_policy_set.yaml
index 7791c894f61..e8a99e937be 100644
--- a/src/azure-cli/azure/cli/command_modules/policyinsights/tests/latest/recordings/test_policy_insights_remediation_policy_set.yaml
+++ b/src/azure-cli/azure/cli/command_modules/policyinsights/tests/latest/recordings/test_policy_insights_remediation_policy_set.yaml
@@ -1,6 +1,7 @@
interactions:
- request:
- body: '{"properties": {"policyDefinitions": [{"policyDefinitionId": "/providers/microsoft.authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d"}]}}'
+ body: '{"properties": {"policyDefinitions": [{"policyDefinitionId": "/providers/microsoft.authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d",
+ "policyDefinitionReferenceId": "cli-test-reference-id000004"}]}}'
headers:
Accept:
- application/json
@@ -11,30 +12,30 @@ interactions:
Connection:
- keep-alive
Content-Length:
- - '156'
+ - '231'
Content-Type:
- application/json; charset=utf-8
ParameterSetName:
- -n --definitions
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azurecli-test-policy-set000002?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azurecli-test-policy-set000002?api-version=2019-09-01
response:
body:
- string: '{"properties":{"policyType":"Custom","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-10T18:43:32.2728615Z","updatedBy":null,"updatedOn":null},"policyDefinitions":[{"policyDefinitionReferenceId":"18058884261374893171","policyDefinitionId":"/providers/microsoft.authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azurecli-test-policy-set000002","type":"Microsoft.Authorization/policySetDefinitions","name":"azurecli-test-policy-set000002"}'
+ string: '{"properties":{"policyType":"Custom","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-09T19:19:09.1879305Z","updatedBy":null,"updatedOn":null},"policyDefinitions":[{"policyDefinitionReferenceId":"cli-test-reference-id000004","policyDefinitionId":"/providers/microsoft.authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azurecli-test-policy-set000002","type":"Microsoft.Authorization/policySetDefinitions","name":"azurecli-test-policy-set000002"}'
headers:
cache-control:
- no-cache
content-length:
- - '628'
+ - '648'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:43:32 GMT
+ - Mon, 09 Dec 2019 19:19:08 GMT
expires:
- '-1'
pragma:
@@ -62,24 +63,24 @@ interactions:
ParameterSetName:
- --policy-set-definition -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azurecli-test-policy-set000002?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azurecli-test-policy-set000002?api-version=2019-09-01
response:
body:
- string: '{"properties":{"policyType":"Custom","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-10T18:43:32.2728615Z","updatedBy":null,"updatedOn":null},"policyDefinitions":[{"policyDefinitionReferenceId":"18058884261374893171","policyDefinitionId":"/providers/microsoft.authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azurecli-test-policy-set000002","type":"Microsoft.Authorization/policySetDefinitions","name":"azurecli-test-policy-set000002"}'
+ string: '{"properties":{"policyType":"Custom","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-09T19:19:09.1879305Z","updatedBy":null,"updatedOn":null},"policyDefinitions":[{"policyDefinitionReferenceId":"cli-test-reference-id000004","policyDefinitionId":"/providers/microsoft.authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azurecli-test-policy-set000002","type":"Microsoft.Authorization/policySetDefinitions","name":"azurecli-test-policy-set000002"}'
headers:
cache-control:
- no-cache
content-length:
- - '628'
+ - '648'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:43:32 GMT
+ - Mon, 09 Dec 2019 19:19:09 GMT
expires:
- '-1'
pragma:
@@ -115,15 +116,15 @@ interactions:
ParameterSetName:
- --policy-set-definition -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000001?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000001?api-version=2019-09-01
response:
body:
- string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azurecli-test-policy-set000002","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-10T18:43:33.4408743Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000001","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000001"}'
+ string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azurecli-test-policy-set000002","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-09T19:19:10.6268153Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000001","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000001"}'
headers:
cache-control:
- no-cache
@@ -132,7 +133,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:43:33 GMT
+ - Mon, 09 Dec 2019 19:19:10 GMT
expires:
- '-1'
pragma:
@@ -160,43 +161,46 @@ interactions:
ParameterSetName:
- -n -a --definition-reference-id
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments?api-version=2019-09-01
response:
body:
- string: '{"value":[{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"EM
- - Deploy Advanced Data Security on SQL servers","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/29044f17-dbcd-4ff8-9508-9e76dd7d7462","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"description":"","metadata":{"assignedBy":"Sandip
- Shahane","parameterScopes":{},"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-08-27T17:20:35.6915066Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-03T23:55:10.085408Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"95e2781a-2ad5-455a-8000-02acdb0ee77d","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/3d2a442d40524196b8fd7dc7","type":"Microsoft.Authorization/policyAssignments","name":"3d2a442d40524196b8fd7dc7","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"EM
- - Deploy Advanced Data Security on SQL servers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"description":"","metadata":{"assignedBy":"Sandip
- Shahane","parameterScopes":{},"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-08-05T23:39:07.4803303Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-03T23:15:13.7247168Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"4a507e4a-7924-4e4b-b1c8-d9262d8136bc","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/4350056039914afd8e15a322","type":"Microsoft.Authorization/policyAssignments","name":"4350056039914afd8e15a322","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"EM
- - Diagnostic logs in Key Vault should be enabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"description":"","metadata":{"assignedBy":"Sandip
- Shahane","parameterScopes":{},"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-08-05T23:33:49.256093Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-04T00:25:57.4933757Z"},"enforcementMode":"DoNotEnforce"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/8550b144d33b4f5b8fee28b5","type":"Microsoft.Authorization/policyAssignments","name":"8550b144d33b4f5b8fee28b5"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Diagnostic
- logs in Key Vault should be enabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Sandip
- Shahane","parameterScopes":{},"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-08-05T23:33:32.4535073Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/96dbe57cce5c4513a5366b1c","type":"Microsoft.Authorization/policyAssignments","name":"96dbe57cce5c4513a5366b1c"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Deploy
- Advanced Data Security on SQL servers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Sandip
- Shahane","parameterScopes":{},"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-08-05T23:38:50.3438318Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-08-26T19:55:37.4449707Z"},"enforcementMode":"Default"},"identity":{"principalId":"64f2ce47-849a-4587-afb3-3dc011037096","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/a10235c6e3164c90a2774803","type":"Microsoft.Authorization/policyAssignments","name":"a10235c6e3164c90a2774803","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azurecli-test-policy-set000002","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-10T18:43:33.4408743Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000001","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000001"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"GOKMENH
- Test Incident","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/gokmenhTestDefinition","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{"tagName":{"value":"productName"}},"description":"GOKMENH
- test MG take 2","metadata":{"createdBy":"611684ad-7140-4124-b482-8d031bdc553e","createdOn":"2019-06-13T16:04:47.2740504Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-04T17:44:31.7743392Z","parameterScopes":{}},"enforcementMode":"DoNotEnforce"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/gokmenhPolicyAssignment","type":"Microsoft.Authorization/policyAssignments","name":"gokmenhPolicyAssignment"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"ASC
- Default (subscription: 6e96e86b-389d-47df-926f-699d040c58f7)","policyDefinitionId":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","parameters":{},"description":"This
- is the default set of policies monitored by Azure Security Center. It was
- automatically assigned as part of onboarding to Security Center. The default
- assignment contains only audit policies. For more information please visit
- https://aka.ms/ascpolicies","metadata":{"assignedBy":"Security Center","createdBy":"6878917f-bc1d-4e4e-bb24-12924205b215","createdOn":"2019-02-19T21:00:49.9837993Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn","type":"Microsoft.Authorization/policyAssignments","name":"SecurityCenterBuiltIn"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"jilim
- audit subscriptions without security contacts","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/67d90168-f067-43df-bd57-bca4b46df3a0","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","notScopes":[],"parameters":{},"description":"1","metadata":{"assignedBy":"Jin
- Soon Lim","parameterScopes":{},"createdBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","createdOn":"2019-06-07T21:02:59.4330616Z","updatedBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","updatedOn":"2019-06-07T21:12:59.8524735Z"},"enforcementMode":"Default"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyAssignments/ce3fe2b4e1744039bed1d6a2","type":"Microsoft.Authorization/policyAssignments","name":"ce3fe2b4e1744039bed1d6a2","location":"eastus"}]}'
+ string: '{"value":[{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Test
+ Modify initiative","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/55afae72-7df0-417b-9eb7-f756576c854a","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"description":"","metadata":{"assignedBy":"Robert
+ Gao","parameterScopes":{},"createdBy":"0dc80135-ae53-4da3-8695-220a2d93aad8","createdOn":"2019-08-29T00:36:56.3908822Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-11T22:00:41.5492656Z"},"enforcementMode":"Default"},"identity":{"principalId":"48036e81-a2af-4e6c-9624-4908615cc36d","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/3cf2c941d7b2418ca7b860e2","type":"Microsoft.Authorization/policyAssignments","name":"3cf2c941d7b2418ca7b860e2","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"chegg
+ replace tag RG","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d157c373-a6c4-483d-aaad-570756956268","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{"tagName":{"value":"cheggReplaced"},"tagValue":{"value":"true_112019_246PM"}},"description":"","metadata":{"assignedBy":"Chris
+ Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-06T23:26:56.0841235Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-20T22:46:27.8117346Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"9f6b0b38-d4b1-43d7-9ec8-4905306fe6fa","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/98a7c096f5154b8eadd36f8c","type":"Microsoft.Authorization/policyAssignments","name":"98a7c096f5154b8eadd36f8c","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azurecli-test-policy-set000002","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-09T19:19:10.6268153Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000001","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000001"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"[Preview]:
+ Audit NIST SP 800-53 R4 controls and deploy specific VM Extensions to support
+ audit requirements","policyDefinitionId":"/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{"logAnalyticsWorkspaceIdforVMReporting":{"value":"fasdff"},"listOfResourceTypesWithDiagnosticLogsEnabled":{"value":["Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"listOfMembersToExcludeFromWindowsVMAdministratorsGroup":{"value":"cheggert"},"listOfMembersToIncludeInWindowsVMAdministratorsGroup":{"value":"rohitbh"}},"description":"This
+ initiative includes audit and VM Extension deployment policies that address
+ a subset of NIST SP 800-53 R4 controls. Additional policies will be added
+ in upcoming releases. For more information, please visit https://aka.ms/nist80053-blueprint.","metadata":{"assignedBy":"Chris
+ Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-20T22:11:26.047177Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-22T04:20:25.4141918Z"},"enforcementMode":"Default"},"identity":{"principalId":"c7519ca7-0d79-4b0f-af0b-0a4cfe3402d0","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/d17bc2764dae4ec1be07d178","type":"Microsoft.Authorization/policyAssignments","name":"d17bc2764dae4ec1be07d178","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"rohitbh:
+ Key vault access policy (Always give Joel access)","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3863c624-094c-480d-bc42-74970b55e5e1","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{"userObjectId":{"value":"644c17f7-2b49-4549-a67f-bcc0448cd850"}},"description":"Assignment
+ description","metadata":{"assignedBy":"Rohit Bhardwaj","parameterScopes":{},"createdBy":"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e","createdOn":"2019-03-26T00:12:03.5422031Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-12T22:23:50.9933459Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"f12ee62c-35e6-45ec-b44b-13587ca23514","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/ebccc544c4dd43d29c937f0c","type":"Microsoft.Authorization/policyAssignments","name":"ebccc544c4dd43d29c937f0c","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"chegg:
+ Replace tag without becoming compliant","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/270f0d11-af30-4c15-95f7-28ba884518f0","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Chris
+ Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-21T00:28:49.7568462Z","updatedBy":null,"updatedOn":null},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"8b9d526a-9e43-4d1b-8bfe-cfe4d90f3b58","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/ee5909f9ee3f4c12bbed6efc","type":"Microsoft.Authorization/policyAssignments","name":"ee5909f9ee3f4c12bbed6efc","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Empty
+ deployment on each KeyVault resource (SUB)","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/78a38c70-5549-49bd-8a16-fe3619e5d2cf","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"description":"Deploys
+ an empty deployment (with one output) on each KeyVault vault. Used for some
+ PolicyInsights SDK tests.","metadata":{"assignedBy":"Chris Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-21T17:43:53.4694168Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-21T17:44:38.1610927Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"dfd2385a-7700-420f-b164-bd9ffb52285b","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/fcddeb6113ec43798567dce2","type":"Microsoft.Authorization/policyAssignments","name":"fcddeb6113ec43798567dce2","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Empty
+ deployment on each KeyVault resource (MG)","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/78a38c70-5549-49bd-8a16-fe3619e5d2cf","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","notScopes":[],"parameters":{},"description":"Deploys
+ an empty deployment (with one output) on each KeyVault vault. Used for some
+ PolicyInsights SDK tests.","metadata":{"assignedBy":"Chris Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-21T17:44:17.3643721Z","updatedBy":null,"updatedOn":null},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"067c1aa0-c425-4ad5-80fe-41d4639b1d42","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyAssignments/d80d743b97874fd3bfd1d539","type":"Microsoft.Authorization/policyAssignments","name":"d80d743b97874fd3bfd1d539","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Audit
+ tag at MG","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/03ae6c12-b46a-43f1-9f3d-c20620473106","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","notScopes":["/subscriptions/00000000-0000-0000-0000-000000000000"],"parameters":{},"metadata":{"assignedBy":"Chris
+ Eggert","parameterScopes":{},"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-19T21:02:48.2629834Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-10-01T17:50:28.4254014Z"},"enforcementMode":"Default"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyAssignments/ef26e8bbc3da423ebf7fcb80","type":"Microsoft.Authorization/policyAssignments","name":"ef26e8bbc3da423ebf7fcb80"}]}'
headers:
cache-control:
- no-cache
content-length:
- - '8211'
+ - '11338'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:43:33 GMT
+ - Mon, 09 Dec 2019 19:19:11 GMT
expires:
- '-1'
pragma:
@@ -231,24 +235,24 @@ interactions:
ParameterSetName:
- -n -a --definition-reference-id
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-policyinsights/0.3.1
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-policyinsights/0.3.1 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.PolicyInsights/remediations/azurecli-test-remediation000003?api-version=2018-07-01-preview
response:
body:
- string: '{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/azurecli-test-policy-assignment000001","policyDefinitionReferenceId":"cli-test-reference-id000004","provisioningState":"Succeeded","createdOn":"2019-09-10T18:43:35.2186568Z","lastUpdatedOn":"2019-09-10T18:43:35.2846203Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"preEvaluateCompliance":false},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/azurecli-test-remediation000003","name":"azurecli-test-remediation000003","type":"Microsoft.PolicyInsights/remediations"}'
+ string: '{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/azurecli-test-policy-assignment000001","policyDefinitionReferenceId":"cli-test-reference-id000004","provisioningState":"Succeeded","createdOn":"2019-12-09T19:19:12.7827199Z","lastUpdatedOn":"2019-12-09T19:19:12.8452461Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/azurecli-test-remediation000003","name":"azurecli-test-remediation000003","type":"Microsoft.PolicyInsights/remediations"}'
headers:
cache-control:
- no-cache
content-length:
- - '744'
+ - '761'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:43:35 GMT
+ - Mon, 09 Dec 2019 19:19:12 GMT
expires:
- '-1'
pragma:
@@ -280,24 +284,24 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-policyinsights/0.3.1
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-policyinsights/0.3.1 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.PolicyInsights/remediations/azurecli-test-remediation000003?api-version=2018-07-01-preview
response:
body:
- string: '{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/azurecli-test-policy-assignment000001","policyDefinitionReferenceId":"cli-test-reference-id000004","provisioningState":"Succeeded","createdOn":"2019-09-10T18:43:35.2186568Z","lastUpdatedOn":"2019-09-10T18:43:35.2846203Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"preEvaluateCompliance":false},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/azurecli-test-remediation000003","name":"azurecli-test-remediation000003","type":"Microsoft.PolicyInsights/remediations"}'
+ string: '{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/azurecli-test-policy-assignment000001","policyDefinitionReferenceId":"cli-test-reference-id000004","provisioningState":"Succeeded","createdOn":"2019-12-09T19:19:12.7827199Z","lastUpdatedOn":"2019-12-09T19:19:12.8452461Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/azurecli-test-remediation000003","name":"azurecli-test-remediation000003","type":"Microsoft.PolicyInsights/remediations"}'
headers:
cache-control:
- no-cache
content-length:
- - '744'
+ - '761'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:43:36 GMT
+ - Mon, 09 Dec 2019 19:19:13 GMT
expires:
- '-1'
pragma:
@@ -313,7 +317,7 @@ interactions:
x-content-type-options:
- nosniff
x-ms-ratelimit-remaining-subscription-policy-insights-requests:
- - '599'
+ - '598'
status:
code: 200
message: OK
@@ -329,24 +333,24 @@ interactions:
Connection:
- keep-alive
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-policyinsights/0.3.1
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-policyinsights/0.3.1 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.PolicyInsights/remediations?api-version=2018-07-01-preview
response:
body:
- string: '{"value":[{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/azurecli-test-policy-assignment000001","policyDefinitionReferenceId":"cli-test-reference-id000004","provisioningState":"Succeeded","createdOn":"2019-09-10T18:43:35.2186568Z","lastUpdatedOn":"2019-09-10T18:43:35.2846203Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"preEvaluateCompliance":false},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/azurecli-test-remediation000003","name":"azurecli-test-remediation000003","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/4350056039914afd8e15a322","provisioningState":"Succeeded","createdOn":"2019-08-19T22:02:18.1478267Z","lastUpdatedOn":"2019-08-19T22:03:47.7594204Z","filters":{},"deploymentStatus":{"totalDeployments":1,"successfulDeployments":1,"failedDeployments":0},"preEvaluateCompliance":false},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/3c396ac5-bb6d-4d7e-9d96-b8b00a824a20","name":"3c396ac5-bb6d-4d7e-9d96-b8b00a824a20","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/4350056039914afd8e15a322","provisioningState":"Succeeded","createdOn":"2019-08-19T21:22:51.7652784Z","lastUpdatedOn":"2019-08-19T21:26:24.2816754Z","filters":{},"deploymentStatus":{"totalDeployments":4,"successfulDeployments":4,"failedDeployments":0},"preEvaluateCompliance":false},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/f67094f7-575c-403b-90e8-4c8dd81d83f8","name":"f67094f7-575c-403b-90e8-4c8dd81d83f8","type":"Microsoft.PolicyInsights/remediations"}]}'
+ string: '{"value":[{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/azurecli-test-policy-assignment000001","policyDefinitionReferenceId":"cli-test-reference-id000004","provisioningState":"Succeeded","createdOn":"2019-12-09T19:19:12.7827199Z","lastUpdatedOn":"2019-12-09T19:19:12.8452461Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/azurecli-test-remediation000003","name":"azurecli-test-remediation000003","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/ee5909f9ee3f4c12bbed6efc","provisioningState":"Succeeded","createdOn":"2019-12-06T17:12:58.086026Z","lastUpdatedOn":"2019-12-06T17:13:03.6652843Z","filters":{},"deploymentStatus":{"totalDeployments":4,"successfulDeployments":4,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cheggrg/providers/microsoft.policyinsights/remediations/8ce9b41e-961e-4d6c-b4d9-885fb8431e86","name":"8ce9b41e-961e-4d6c-b4d9-885fb8431e86","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/fcddeb6113ec43798567dce2","provisioningState":"Succeeded","createdOn":"2019-12-06T17:11:01.6783426Z","lastUpdatedOn":"2019-12-06T17:12:06.3368733Z","filters":{},"deploymentStatus":{"totalDeployments":2,"successfulDeployments":2,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cheggrg/providers/microsoft.policyinsights/remediations/8ce9b41e-961e-4d6c-b4d9-885fb84317de","name":"8ce9b41e-961e-4d6c-b4d9-885fb84317de","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/fcddeb6113ec43798567dce2","provisioningState":"Succeeded","createdOn":"2019-12-05T23:59:22.5426377Z","lastUpdatedOn":"2019-12-06T00:16:37.9076359Z","filters":{},"deploymentStatus":{"totalDeployments":3,"successfulDeployments":3,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/5e4dfa62-0135-4b07-aeca-6e8adc22dd51","name":"5e4dfa62-0135-4b07-aeca-6e8adc22dd51","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Succeeded","createdOn":"2019-11-20T22:46:28.300423Z","lastUpdatedOn":"2019-11-20T22:59:42.573969Z","deploymentStatus":{"totalDeployments":5,"successfulDeployments":5,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/83f16767-13cd-4f8d-a3b6-0277c8b8434f","name":"83f16767-13cd-4f8d-a3b6-0277c8b8434f","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/b8ee29b617cf4511bfd3576a","provisioningState":"Succeeded","createdOn":"2019-11-20T22:21:38.6620359Z","lastUpdatedOn":"2019-11-20T22:34:52.7544687Z","deploymentStatus":{"totalDeployments":5,"successfulDeployments":5,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/1692db3e-f6ef-4956-a7f8-7a26bcc8e6cf","name":"1692db3e-f6ef-4956-a7f8-7a26bcc8e6cf","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/de8bf152374f4ec98bd325c0","provisioningState":"Succeeded","createdOn":"2019-11-20T19:51:33.8798813Z","lastUpdatedOn":"2019-11-20T19:55:37.5417252Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/ddbad8cb-6331-43ca-9b13-99b4d1defa46","name":"ddbad8cb-6331-43ca-9b13-99b4d1defa46","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/a866c7a2182841e7bf5b1549","provisioningState":"Succeeded","createdOn":"2019-11-20T19:42:54.5560951Z","lastUpdatedOn":"2019-11-20T19:56:07.1530707Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/fab544c4-8c5d-4410-a7ad-1048bade0369","name":"fab544c4-8c5d-4410-a7ad-1048bade0369","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/3cf2c941d7b2418ca7b860e2","policyDefinitionReferenceId":"2352795843478363616","provisioningState":"Succeeded","createdOn":"2019-11-20T19:30:51.898276Z","lastUpdatedOn":"2019-11-20T19:34:55.4495051Z","filters":{},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/c70df65e-f846-4f1c-a3ce-dd7957e9ea4a","name":"c70df65e-f846-4f1c-a3ce-dd7957e9ea4a","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Succeeded","createdOn":"2019-11-20T19:21:38.0285209Z","lastUpdatedOn":"2019-11-20T19:34:54.6751894Z","deploymentStatus":{"totalDeployments":5,"successfulDeployments":5,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/c70df65e-f846-4f1c-a3ce-dd7957e9e6d0","name":"c70df65e-f846-4f1c-a3ce-dd7957e9e6d0","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Succeeded","createdOn":"2019-11-20T19:08:38.8771741Z","lastUpdatedOn":"2019-11-20T19:08:44.7475064Z","filters":{},"deploymentStatus":{"totalDeployments":5,"successfulDeployments":5,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/c70df65e-f846-4f1c-a3ce-dd7957e9e366","name":"c70df65e-f846-4f1c-a3ce-dd7957e9e366","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Canceled","createdOn":"2019-11-13T18:44:04.9510566Z","lastUpdatedOn":"2019-11-13T18:45:06.9985655Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/a455cddb-231e-4dcd-ba7b-5fb0611277bb","name":"a455cddb-231e-4dcd-ba7b-5fb0611277bb","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Canceled","createdOn":"2019-11-13T18:41:48.8749871Z","lastUpdatedOn":"2019-11-13T18:42:51.3667048Z","filters":{},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/a455cddb-231e-4dcd-ba7b-5fb061127104","name":"a455cddb-231e-4dcd-ba7b-5fb061127104","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/ebccc544c4dd43d29c937f0c","provisioningState":"Succeeded","createdOn":"2019-11-13T17:33:31.9675708Z","lastUpdatedOn":"2019-11-13T17:43:44.3179039Z","filters":{},"deploymentStatus":{"totalDeployments":3,"successfulDeployments":3,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/6df1a796-a2c6-4878-a971-572526f98a51","name":"6df1a796-a2c6-4878-a971-572526f98a51","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Succeeded","createdOn":"2019-11-12T22:25:25.6600687Z","lastUpdatedOn":"2019-11-12T22:31:33.0973891Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/4c4fb0f9-e88f-444b-948b-8935457a8245","name":"4c4fb0f9-e88f-444b-948b-8935457a8245","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/ebccc544c4dd43d29c937f0c","provisioningState":"Succeeded","createdOn":"2019-11-12T22:23:51.6839202Z","lastUpdatedOn":"2019-11-12T22:33:02.7165829Z","deploymentStatus":{"totalDeployments":3,"successfulDeployments":3,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/53a6e05e-ff61-404a-a281-ececc58d3ee9","name":"53a6e05e-ff61-404a-a281-ececc58d3ee9","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/ebccc544c4dd43d29c937f0c","provisioningState":"Succeeded","createdOn":"2019-11-12T22:12:52.24389Z","lastUpdatedOn":"2019-11-12T22:14:56.14781Z","filters":{"locations":["eastasia","southeastasia","centralus","eastus","eastus2","westus","northcentralus","southcentralus","northeurope","westeurope","japanwest","japaneast","brazilsouth","australiaeast","australiasoutheast","southindia","centralindia","westindia","canadacentral","canadaeast","uksouth","ukwest","westcentralus","westus2","koreacentral","koreasouth","francecentral","francesouth","australiacentral","australiacentral2","uaecentral","uaenorth","southafricanorth","southafricawest","switzerlandnorth","switzerlandwest","germanynorth","germanywestcentral"]},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/53a6e05e-ff61-404a-a281-ececc58d3180","name":"53a6e05e-ff61-404a-a281-ececc58d3180","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/ebccc544c4dd43d29c937f0c","provisioningState":"Canceled","createdOn":"2019-11-12T22:09:26.338598Z","lastUpdatedOn":"2019-11-12T22:12:29.5890312Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/d1d6c99b-c492-4c53-a7ff-fba2894350c3","name":"d1d6c99b-c492-4c53-a7ff-fba2894350c3","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Succeeded","createdOn":"2019-11-12T22:07:15.3462611Z","lastUpdatedOn":"2019-11-12T22:15:25.230365Z","deploymentStatus":{"totalDeployments":5,"successfulDeployments":5,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/7643ec2e-bcbb-414c-b881-e3d84b700005","name":"7643ec2e-bcbb-414c-b881-e3d84b700005","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Succeeded","createdOn":"2019-11-12T20:14:29.1123172Z","lastUpdatedOn":"2019-11-12T20:22:37.0637093Z","filters":{},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/297ca4c3-13b0-4848-b032-32f194359002","name":"297ca4c3-13b0-4848-b032-32f194359002","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Succeeded","createdOn":"2019-11-12T19:50:36.2222417Z","lastUpdatedOn":"2019-11-12T19:58:47.8025008Z","filters":{},"deploymentStatus":{"totalDeployments":2,"successfulDeployments":2,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/0a61d5c6-843e-4288-be9a-b3056fcb935b","name":"0a61d5c6-843e-4288-be9a-b3056fcb935b","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Succeeded","createdOn":"2019-11-12T19:40:12.9323826Z","lastUpdatedOn":"2019-11-12T19:48:24.093845Z","filters":{"locations":["eastasia","southeastasia","centralus","eastus","eastus2","westus","westeurope","japanwest","japaneast","brazilsouth","australiaeast","australiasoutheast","southindia","centralindia","westindia","canadacentral","canadaeast","uksouth","ukwest","westcentralus","westus2","koreacentral","koreasouth","francecentral","francesouth","australiacentral","australiacentral2","uaecentral","uaenorth","southafricanorth","southafricawest","switzerlandnorth","switzerlandwest","germanynorth","germanywestcentral","norwaywest","norwayeast"]},"deploymentStatus":{"totalDeployments":3,"successfulDeployments":3,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/25bd6db4-fca4-4242-b1cd-cc9432d93001","name":"25bd6db4-fca4-4242-b1cd-cc9432d93001","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Succeeded","createdOn":"2019-11-06T23:52:59.9074676Z","lastUpdatedOn":"2019-11-06T23:53:05.6321787Z","filters":{},"deploymentStatus":{"totalDeployments":5,"successfulDeployments":5,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/583875f8-4a79-4661-8300-9b583e3456bd","name":"583875f8-4a79-4661-8300-9b583e3456bd","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Succeeded","createdOn":"2019-11-06T23:27:09.9354594Z","lastUpdatedOn":"2019-11-06T23:27:10.0135949Z","filters":{},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/21c95410-09fb-4c9d-a65d-b0371b932404","name":"21c95410-09fb-4c9d-a65d-b0371b932404","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/3cf2c941d7b2418ca7b860e2","policyDefinitionReferenceId":"2352795843478363616","provisioningState":"Succeeded","createdOn":"2019-11-06T21:19:12.9525703Z","lastUpdatedOn":"2019-11-06T21:19:13.0307779Z","filters":{},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/783b589e-86ba-41dd-a73a-2f7e31bda360","name":"783b589e-86ba-41dd-a73a-2f7e31bda360","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/3cf2c941d7b2418ca7b860e2","policyDefinitionReferenceId":"2352795843478363616","provisioningState":"Succeeded","createdOn":"2019-11-06T17:54:38.3759193Z","lastUpdatedOn":"2019-11-06T17:54:38.4540942Z","filters":{},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/fc2ff254-b71f-4fbf-8595-af076c8e3360","name":"fc2ff254-b71f-4fbf-8595-af076c8e3360","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/42a4937324464d7790a835be","provisioningState":"Succeeded","createdOn":"2019-08-07T20:42:10.8285279Z","lastUpdatedOn":"2019-08-07T20:42:16.1223288Z","filters":{},"deploymentStatus":{"totalDeployments":1,"successfulDeployments":1,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/a9a2c516-3752-454c-8275-141c7895b5e7","name":"a9a2c516-3752-454c-8275-141c7895b5e7","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/42a4937324464d7790a835be","provisioningState":"Succeeded","createdOn":"2019-08-07T01:09:19.4751632Z","lastUpdatedOn":"2019-08-07T01:09:19.4908118Z","filters":{},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/175cf8a7-d9ca-45c8-a464-64e46b12a84f","name":"175cf8a7-d9ca-45c8-a464-64e46b12a84f","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/42a4937324464d7790a835be","provisioningState":"Succeeded","createdOn":"2019-08-07T00:54:24.3578018Z","lastUpdatedOn":"2019-08-07T00:54:24.3734662Z","filters":{},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/0524898a-cd4b-49e1-a0db-ed438c69dc7e","name":"0524898a-cd4b-49e1-a0db-ed438c69dc7e","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/42a4937324464d7790a835be","provisioningState":"Succeeded","createdOn":"2019-08-06T15:02:33.1065661Z","lastUpdatedOn":"2019-08-06T15:02:33.1221582Z","filters":{},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/0185cd8b-3684-47fa-b782-5663143612f5","name":"0185cd8b-3684-47fa-b782-5663143612f5","type":"Microsoft.PolicyInsights/remediations"}]}'
headers:
cache-control:
- no-cache
content-length:
- - '2078'
+ - '21593'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:43:36 GMT
+ - Mon, 09 Dec 2019 19:19:15 GMT
expires:
- '-1'
pragma:
@@ -362,7 +366,7 @@ interactions:
x-content-type-options:
- nosniff
x-ms-ratelimit-remaining-subscription-policy-insights-requests:
- - '598'
+ - '597'
status:
code: 200
message: OK
@@ -382,8 +386,8 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-policyinsights/0.3.1
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-policyinsights/0.3.1 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: POST
@@ -399,7 +403,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:43:37 GMT
+ - Mon, 09 Dec 2019 19:19:15 GMT
expires:
- '-1'
pragma:
@@ -435,24 +439,24 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-policyinsights/0.3.1
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-policyinsights/0.3.1 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: DELETE
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.PolicyInsights/remediations/azurecli-test-remediation000003?api-version=2018-07-01-preview
response:
body:
- string: '{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/azurecli-test-policy-assignment000001","policyDefinitionReferenceId":"cli-test-reference-id000004","provisioningState":"Succeeded","createdOn":"2019-09-10T18:43:35.2186568Z","lastUpdatedOn":"2019-09-10T18:43:35.2846203Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"preEvaluateCompliance":false},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/azurecli-test-remediation000003","name":"azurecli-test-remediation000003","type":"Microsoft.PolicyInsights/remediations"}'
+ string: '{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/azurecli-test-policy-assignment000001","policyDefinitionReferenceId":"cli-test-reference-id000004","provisioningState":"Succeeded","createdOn":"2019-12-09T19:19:12.7827199Z","lastUpdatedOn":"2019-12-09T19:19:12.8452461Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/azurecli-test-remediation000003","name":"azurecli-test-remediation000003","type":"Microsoft.PolicyInsights/remediations"}'
headers:
cache-control:
- no-cache
content-length:
- - '744'
+ - '761'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:43:38 GMT
+ - Mon, 09 Dec 2019 19:19:17 GMT
expires:
- '-1'
pragma:
@@ -470,7 +474,7 @@ interactions:
x-ms-ratelimit-remaining-subscription-deletes:
- '14999'
x-ms-ratelimit-remaining-subscription-policy-insights-requests:
- - '599'
+ - '598'
status:
code: 200
message: OK
@@ -486,24 +490,24 @@ interactions:
Connection:
- keep-alive
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-policyinsights/0.3.1
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-policyinsights/0.3.1 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.PolicyInsights/remediations?api-version=2018-07-01-preview
response:
body:
- string: '{"value":[{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/4350056039914afd8e15a322","provisioningState":"Succeeded","createdOn":"2019-08-19T22:02:18.1478267Z","lastUpdatedOn":"2019-08-19T22:03:47.7594204Z","filters":{},"deploymentStatus":{"totalDeployments":1,"successfulDeployments":1,"failedDeployments":0},"preEvaluateCompliance":false},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/3c396ac5-bb6d-4d7e-9d96-b8b00a824a20","name":"3c396ac5-bb6d-4d7e-9d96-b8b00a824a20","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/4350056039914afd8e15a322","provisioningState":"Succeeded","createdOn":"2019-08-19T21:22:51.7652784Z","lastUpdatedOn":"2019-08-19T21:26:24.2816754Z","filters":{},"deploymentStatus":{"totalDeployments":4,"successfulDeployments":4,"failedDeployments":0},"preEvaluateCompliance":false},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/f67094f7-575c-403b-90e8-4c8dd81d83f8","name":"f67094f7-575c-403b-90e8-4c8dd81d83f8","type":"Microsoft.PolicyInsights/remediations"}]}'
+ string: '{"value":[{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/ee5909f9ee3f4c12bbed6efc","provisioningState":"Succeeded","createdOn":"2019-12-06T17:12:58.086026Z","lastUpdatedOn":"2019-12-06T17:13:03.6652843Z","filters":{},"deploymentStatus":{"totalDeployments":4,"successfulDeployments":4,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cheggrg/providers/microsoft.policyinsights/remediations/8ce9b41e-961e-4d6c-b4d9-885fb8431e86","name":"8ce9b41e-961e-4d6c-b4d9-885fb8431e86","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/fcddeb6113ec43798567dce2","provisioningState":"Succeeded","createdOn":"2019-12-06T17:11:01.6783426Z","lastUpdatedOn":"2019-12-06T17:12:06.3368733Z","filters":{},"deploymentStatus":{"totalDeployments":2,"successfulDeployments":2,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cheggrg/providers/microsoft.policyinsights/remediations/8ce9b41e-961e-4d6c-b4d9-885fb84317de","name":"8ce9b41e-961e-4d6c-b4d9-885fb84317de","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/fcddeb6113ec43798567dce2","provisioningState":"Succeeded","createdOn":"2019-12-05T23:59:22.5426377Z","lastUpdatedOn":"2019-12-06T00:16:37.9076359Z","filters":{},"deploymentStatus":{"totalDeployments":3,"successfulDeployments":3,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/5e4dfa62-0135-4b07-aeca-6e8adc22dd51","name":"5e4dfa62-0135-4b07-aeca-6e8adc22dd51","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Succeeded","createdOn":"2019-11-20T22:46:28.300423Z","lastUpdatedOn":"2019-11-20T22:59:42.573969Z","deploymentStatus":{"totalDeployments":5,"successfulDeployments":5,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/83f16767-13cd-4f8d-a3b6-0277c8b8434f","name":"83f16767-13cd-4f8d-a3b6-0277c8b8434f","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/b8ee29b617cf4511bfd3576a","provisioningState":"Succeeded","createdOn":"2019-11-20T22:21:38.6620359Z","lastUpdatedOn":"2019-11-20T22:34:52.7544687Z","deploymentStatus":{"totalDeployments":5,"successfulDeployments":5,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/1692db3e-f6ef-4956-a7f8-7a26bcc8e6cf","name":"1692db3e-f6ef-4956-a7f8-7a26bcc8e6cf","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/de8bf152374f4ec98bd325c0","provisioningState":"Succeeded","createdOn":"2019-11-20T19:51:33.8798813Z","lastUpdatedOn":"2019-11-20T19:55:37.5417252Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/ddbad8cb-6331-43ca-9b13-99b4d1defa46","name":"ddbad8cb-6331-43ca-9b13-99b4d1defa46","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/a866c7a2182841e7bf5b1549","provisioningState":"Succeeded","createdOn":"2019-11-20T19:42:54.5560951Z","lastUpdatedOn":"2019-11-20T19:56:07.1530707Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/fab544c4-8c5d-4410-a7ad-1048bade0369","name":"fab544c4-8c5d-4410-a7ad-1048bade0369","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/3cf2c941d7b2418ca7b860e2","policyDefinitionReferenceId":"2352795843478363616","provisioningState":"Succeeded","createdOn":"2019-11-20T19:30:51.898276Z","lastUpdatedOn":"2019-11-20T19:34:55.4495051Z","filters":{},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/c70df65e-f846-4f1c-a3ce-dd7957e9ea4a","name":"c70df65e-f846-4f1c-a3ce-dd7957e9ea4a","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Succeeded","createdOn":"2019-11-20T19:21:38.0285209Z","lastUpdatedOn":"2019-11-20T19:34:54.6751894Z","deploymentStatus":{"totalDeployments":5,"successfulDeployments":5,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/c70df65e-f846-4f1c-a3ce-dd7957e9e6d0","name":"c70df65e-f846-4f1c-a3ce-dd7957e9e6d0","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Succeeded","createdOn":"2019-11-20T19:08:38.8771741Z","lastUpdatedOn":"2019-11-20T19:08:44.7475064Z","filters":{},"deploymentStatus":{"totalDeployments":5,"successfulDeployments":5,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/c70df65e-f846-4f1c-a3ce-dd7957e9e366","name":"c70df65e-f846-4f1c-a3ce-dd7957e9e366","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Canceled","createdOn":"2019-11-13T18:44:04.9510566Z","lastUpdatedOn":"2019-11-13T18:45:06.9985655Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/a455cddb-231e-4dcd-ba7b-5fb0611277bb","name":"a455cddb-231e-4dcd-ba7b-5fb0611277bb","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Canceled","createdOn":"2019-11-13T18:41:48.8749871Z","lastUpdatedOn":"2019-11-13T18:42:51.3667048Z","filters":{},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/a455cddb-231e-4dcd-ba7b-5fb061127104","name":"a455cddb-231e-4dcd-ba7b-5fb061127104","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/ebccc544c4dd43d29c937f0c","provisioningState":"Succeeded","createdOn":"2019-11-13T17:33:31.9675708Z","lastUpdatedOn":"2019-11-13T17:43:44.3179039Z","filters":{},"deploymentStatus":{"totalDeployments":3,"successfulDeployments":3,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/6df1a796-a2c6-4878-a971-572526f98a51","name":"6df1a796-a2c6-4878-a971-572526f98a51","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Succeeded","createdOn":"2019-11-12T22:25:25.6600687Z","lastUpdatedOn":"2019-11-12T22:31:33.0973891Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/4c4fb0f9-e88f-444b-948b-8935457a8245","name":"4c4fb0f9-e88f-444b-948b-8935457a8245","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/ebccc544c4dd43d29c937f0c","provisioningState":"Succeeded","createdOn":"2019-11-12T22:23:51.6839202Z","lastUpdatedOn":"2019-11-12T22:33:02.7165829Z","deploymentStatus":{"totalDeployments":3,"successfulDeployments":3,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/53a6e05e-ff61-404a-a281-ececc58d3ee9","name":"53a6e05e-ff61-404a-a281-ececc58d3ee9","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/ebccc544c4dd43d29c937f0c","provisioningState":"Succeeded","createdOn":"2019-11-12T22:12:52.24389Z","lastUpdatedOn":"2019-11-12T22:14:56.14781Z","filters":{"locations":["eastasia","southeastasia","centralus","eastus","eastus2","westus","northcentralus","southcentralus","northeurope","westeurope","japanwest","japaneast","brazilsouth","australiaeast","australiasoutheast","southindia","centralindia","westindia","canadacentral","canadaeast","uksouth","ukwest","westcentralus","westus2","koreacentral","koreasouth","francecentral","francesouth","australiacentral","australiacentral2","uaecentral","uaenorth","southafricanorth","southafricawest","switzerlandnorth","switzerlandwest","germanynorth","germanywestcentral"]},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/53a6e05e-ff61-404a-a281-ececc58d3180","name":"53a6e05e-ff61-404a-a281-ececc58d3180","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/ebccc544c4dd43d29c937f0c","provisioningState":"Canceled","createdOn":"2019-11-12T22:09:26.338598Z","lastUpdatedOn":"2019-11-12T22:12:29.5890312Z","deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/d1d6c99b-c492-4c53-a7ff-fba2894350c3","name":"d1d6c99b-c492-4c53-a7ff-fba2894350c3","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Succeeded","createdOn":"2019-11-12T22:07:15.3462611Z","lastUpdatedOn":"2019-11-12T22:15:25.230365Z","deploymentStatus":{"totalDeployments":5,"successfulDeployments":5,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/7643ec2e-bcbb-414c-b881-e3d84b700005","name":"7643ec2e-bcbb-414c-b881-e3d84b700005","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Succeeded","createdOn":"2019-11-12T20:14:29.1123172Z","lastUpdatedOn":"2019-11-12T20:22:37.0637093Z","filters":{},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/297ca4c3-13b0-4848-b032-32f194359002","name":"297ca4c3-13b0-4848-b032-32f194359002","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Succeeded","createdOn":"2019-11-12T19:50:36.2222417Z","lastUpdatedOn":"2019-11-12T19:58:47.8025008Z","filters":{},"deploymentStatus":{"totalDeployments":2,"successfulDeployments":2,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/0a61d5c6-843e-4288-be9a-b3056fcb935b","name":"0a61d5c6-843e-4288-be9a-b3056fcb935b","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Succeeded","createdOn":"2019-11-12T19:40:12.9323826Z","lastUpdatedOn":"2019-11-12T19:48:24.093845Z","filters":{"locations":["eastasia","southeastasia","centralus","eastus","eastus2","westus","westeurope","japanwest","japaneast","brazilsouth","australiaeast","australiasoutheast","southindia","centralindia","westindia","canadacentral","canadaeast","uksouth","ukwest","westcentralus","westus2","koreacentral","koreasouth","francecentral","francesouth","australiacentral","australiacentral2","uaecentral","uaenorth","southafricanorth","southafricawest","switzerlandnorth","switzerlandwest","germanynorth","germanywestcentral","norwaywest","norwayeast"]},"deploymentStatus":{"totalDeployments":3,"successfulDeployments":3,"failedDeployments":0},"resourceDiscoveryMode":"ReEvaluateCompliance"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/25bd6db4-fca4-4242-b1cd-cc9432d93001","name":"25bd6db4-fca4-4242-b1cd-cc9432d93001","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Succeeded","createdOn":"2019-11-06T23:52:59.9074676Z","lastUpdatedOn":"2019-11-06T23:53:05.6321787Z","filters":{},"deploymentStatus":{"totalDeployments":5,"successfulDeployments":5,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/583875f8-4a79-4661-8300-9b583e3456bd","name":"583875f8-4a79-4661-8300-9b583e3456bd","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/98a7c096f5154b8eadd36f8c","provisioningState":"Succeeded","createdOn":"2019-11-06T23:27:09.9354594Z","lastUpdatedOn":"2019-11-06T23:27:10.0135949Z","filters":{},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/21c95410-09fb-4c9d-a65d-b0371b932404","name":"21c95410-09fb-4c9d-a65d-b0371b932404","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/3cf2c941d7b2418ca7b860e2","policyDefinitionReferenceId":"2352795843478363616","provisioningState":"Succeeded","createdOn":"2019-11-06T21:19:12.9525703Z","lastUpdatedOn":"2019-11-06T21:19:13.0307779Z","filters":{},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/783b589e-86ba-41dd-a73a-2f7e31bda360","name":"783b589e-86ba-41dd-a73a-2f7e31bda360","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/3cf2c941d7b2418ca7b860e2","policyDefinitionReferenceId":"2352795843478363616","provisioningState":"Succeeded","createdOn":"2019-11-06T17:54:38.3759193Z","lastUpdatedOn":"2019-11-06T17:54:38.4540942Z","filters":{},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/fc2ff254-b71f-4fbf-8595-af076c8e3360","name":"fc2ff254-b71f-4fbf-8595-af076c8e3360","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/42a4937324464d7790a835be","provisioningState":"Succeeded","createdOn":"2019-08-07T20:42:10.8285279Z","lastUpdatedOn":"2019-08-07T20:42:16.1223288Z","filters":{},"deploymentStatus":{"totalDeployments":1,"successfulDeployments":1,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/a9a2c516-3752-454c-8275-141c7895b5e7","name":"a9a2c516-3752-454c-8275-141c7895b5e7","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/42a4937324464d7790a835be","provisioningState":"Succeeded","createdOn":"2019-08-07T01:09:19.4751632Z","lastUpdatedOn":"2019-08-07T01:09:19.4908118Z","filters":{},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/175cf8a7-d9ca-45c8-a464-64e46b12a84f","name":"175cf8a7-d9ca-45c8-a464-64e46b12a84f","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/42a4937324464d7790a835be","provisioningState":"Succeeded","createdOn":"2019-08-07T00:54:24.3578018Z","lastUpdatedOn":"2019-08-07T00:54:24.3734662Z","filters":{},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/0524898a-cd4b-49e1-a0db-ed438c69dc7e","name":"0524898a-cd4b-49e1-a0db-ed438c69dc7e","type":"Microsoft.PolicyInsights/remediations"},{"properties":{"policyAssignmentId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.authorization/policyassignments/42a4937324464d7790a835be","provisioningState":"Succeeded","createdOn":"2019-08-06T15:02:33.1065661Z","lastUpdatedOn":"2019-08-06T15:02:33.1221582Z","filters":{},"deploymentStatus":{"totalDeployments":0,"successfulDeployments":0,"failedDeployments":0},"resourceDiscoveryMode":"ExistingNonCompliant"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/microsoft.policyinsights/remediations/0185cd8b-3684-47fa-b782-5663143612f5","name":"0185cd8b-3684-47fa-b782-5663143612f5","type":"Microsoft.PolicyInsights/remediations"}]}'
headers:
cache-control:
- no-cache
content-length:
- - '1333'
+ - '20831'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:43:39 GMT
+ - Mon, 09 Dec 2019 19:19:18 GMT
expires:
- '-1'
pragma:
@@ -539,15 +543,15 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: DELETE
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000001?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000001?api-version=2019-09-01
response:
body:
- string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azurecli-test-policy-set000002","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-10T18:43:33.4408743Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000001","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000001"}'
+ string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azurecli-test-policy-set000002","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-09T19:19:10.6268153Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000001","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000001"}'
headers:
cache-control:
- no-cache
@@ -556,7 +560,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:43:39 GMT
+ - Mon, 09 Dec 2019 19:19:19 GMT
expires:
- '-1'
pragma:
@@ -590,24 +594,24 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: DELETE
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azurecli-test-policy-set000002?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azurecli-test-policy-set000002?api-version=2019-09-01
response:
body:
- string: '{"properties":{"policyType":"Custom","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-10T18:43:32.2728615Z","updatedBy":null,"updatedOn":null},"policyDefinitions":[{"policyDefinitionReferenceId":"18058884261374893171","policyDefinitionId":"/providers/microsoft.authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azurecli-test-policy-set000002","type":"Microsoft.Authorization/policySetDefinitions","name":"azurecli-test-policy-set000002"}'
+ string: '{"properties":{"policyType":"Custom","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-09T19:19:09.1879305Z","updatedBy":null,"updatedOn":null},"policyDefinitions":[{"policyDefinitionReferenceId":"cli-test-reference-id000004","policyDefinitionId":"/providers/microsoft.authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azurecli-test-policy-set000002","type":"Microsoft.Authorization/policySetDefinitions","name":"azurecli-test-policy-set000002"}'
headers:
cache-control:
- no-cache
content-length:
- - '628'
+ - '648'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 18:43:41 GMT
+ - Mon, 09 Dec 2019 19:19:21 GMT
expires:
- '-1'
pragma:
diff --git a/src/azure-cli/azure/cli/command_modules/policyinsights/tests/latest/test_policyinsights_scenario.py b/src/azure-cli/azure/cli/command_modules/policyinsights/tests/latest/test_policyinsights_scenario.py
index f326f15ceb0..cfd5630e809 100644
--- a/src/azure-cli/azure/cli/command_modules/policyinsights/tests/latest/test_policyinsights_scenario.py
+++ b/src/azure-cli/azure/cli/command_modules/policyinsights/tests/latest/test_policyinsights_scenario.py
@@ -327,7 +327,7 @@ def test_policy_insights_remediation_management_group(self):
@AllowLargeResponse()
def test_policy_insights_remediation_complete(self):
self.kwargs.update({
- 'pan': 'cd7ac64c77ec441dbff7af7c',
+ 'pan': '2a47116300b347c599c4c4d3',
'rg': 'az-cli-policy-insights-test',
'rn': self.create_random_name('azurecli-test-remediation', 40)
})
diff --git a/src/azure-cli/azure/cli/command_modules/resource/_help.py b/src/azure-cli/azure/cli/command_modules/resource/_help.py
index 7929c9fcbda..1f9be32d2b4 100644
--- a/src/azure-cli/azure/cli/command_modules/resource/_help.py
+++ b/src/azure-cli/azure/cli/command_modules/resource/_help.py
@@ -884,7 +884,7 @@
parameters:
- name: --definitions
type: string
- short-summary: Policy definitions in JSON format, or a path to a file containing JSON rules.
+ short-summary: Policy definitions in JSON format, or a path to a file or URI containing JSON rules.
- name: --management-group
type: string
short-summary: Name of management group the new policy set definition can be assigned in.
@@ -896,16 +896,34 @@
text: |
az policy set-definition create -n readOnlyStorage --definitions '[
{
- "policyDefinitionId": "/subscriptions/mySubId/providers/Microsoft.Authorization/policyDefinitions/storagePolicy"
+ "policyDefinitionId": "/subscriptions/mySubId/providers/Microsoft.Authorization/policyDefinitions/storagePolicy",
+ "parameters": { "storageSku": { "value": "[parameters(\\"requiredSku\\")]" } }
}
+ ]' \\
+ --params '{ "requiredSku": { "type": "String" } }'
+ - name: Create a policy set definition with parameters.
+ text: |
+ az policy set-definition create -n readOnlyStorage --definitions '[
+ { "policyDefinitionId": "/subscriptions/mySubId/providers/Microsoft.Authorization/policyDefinitions/storagePolicy" }
]'
- - name: Create a policy set definition to be used by a subscription.
+ - name: Create a policy set definition in a subscription.
text: |
az policy set-definition create -n readOnlyStorage --subscription '0b1f6471-1bf0-4dda-aec3-111122223333' --definitions '[
+ { "policyDefinitionId": "/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/providers/Microsoft.Authorization/policyDefinitions/storagePolicy" }
+ ]'
+ - name: Create a policy set definition with policy definition groups.
+ text: |
+ az policy set-definition create -n computeRequirements --definitions '[
+ {
+ "policyDefinitionId": "/subscriptions/mySubId/providers/Microsoft.Authorization/policyDefinitions/storagePolicy",
+ "groupNames": [ "CostSaving", "Organizational" ]
+ },
{
- "policyDefinitionId": "/subscriptions/mySubId/providers/Microsoft.Authorization/policyDefinitions/storagePolicy"
+ "policyDefinitionId": "/subscriptions/mySubId/providers/Microsoft.Authorization/policyDefinitions/tagPolicy",
+ "groupNames": [ "Organizational" ]
}
- ]'
+ ]' \\
+ --definition-groups '[{ "name": "CostSaving" }, { "name": "Organizational" } ]'
"""
helps['policy set-definition delete'] = """
@@ -935,14 +953,24 @@
type: command
short-summary: Update a policy set definition.
examples:
- - name: Update a policy set definition. (autogenerated)
+ - name: Update a policy set definition.
text: |-
az policy set-definition update --definitions '[
+ { "policyDefinitionId": "/subscriptions/mySubId/providers/Microsoft.Authorization/policyDefinitions/storagePolicy" }
+ ]' --name MyPolicySetDefinition
+ - name: Update the groups and definitions within a policy set definition.
+ text: |
+ az policy set-definition update -n computeRequirements --definitions '[
+ {
+ "policyDefinitionId": "/subscriptions/mySubId/providers/Microsoft.Authorization/policyDefinitions/storagePolicy",
+ "groupNames": [ "CostSaving", "Organizational" ]
+ },
{
- "policyDefinitionId": "/subscriptions/mySubId/providers/Microsoft.Authorization/policyDefinitions/storagePolicy"
+ "policyDefinitionId": "/subscriptions/mySubId/providers/Microsoft.Authorization/policyDefinitions/tagPolicy",
+ "groupNames": [ "Organizational" ]
}
- ]' --name MyPolicySetDefinition
- crafted: true
+ ]' \\
+ --definition-groups '[{ "name": "CostSaving" }, { "name": "Organizational" } ]'
"""
helps['provider'] = """
diff --git a/src/azure-cli/azure/cli/command_modules/resource/_params.py b/src/azure-cli/azure/cli/command_modules/resource/_params.py
index c7f343bbf8b..b0bf6009fd7 100644
--- a/src/azure-cli/azure/cli/command_modules/resource/_params.py
+++ b/src/azure-cli/azure/cli/command_modules/resource/_params.py
@@ -156,6 +156,7 @@ def load_arguments(self, _):
c.argument('description', help='Description of policy set definition.')
c.argument('params', help='JSON formatted string or a path to a file or uri with parameter definitions.', type=file_type, completer=FilesCompleter())
c.argument('definitions', help='JSON formatted string or a path to a file or uri containing definitions.', type=file_type, completer=FilesCompleter())
+ c.argument('definition_groups', min_api='2019-09-01', help='JSON formatted string or a path to a file or uri containing policy definition groups. Groups are used to organize policy definitions within a policy set.', type=file_type, completer=FilesCompleter())
c.argument('management_group', arg_type=management_group_name_type)
c.argument('subscription', arg_type=subscription_type)
c.ignore('_subscription') # disable global subscription
diff --git a/src/azure-cli/azure/cli/command_modules/resource/custom.py b/src/azure-cli/azure/cli/command_modules/resource/custom.py
index d900c42adb4..c4c430075f0 100644
--- a/src/azure-cli/azure/cli/command_modules/resource/custom.py
+++ b/src/azure-cli/azure/cli/command_modules/resource/custom.py
@@ -1439,14 +1439,15 @@ def create_policy_definition(cmd, name, rules=None, params=None, display_name=No
def create_policy_setdefinition(cmd, name, definitions, params=None, display_name=None, description=None,
- subscription=None, management_group=None):
+ subscription=None, management_group=None, definition_groups=None):
definitions = _load_file_string_or_uri(definitions, 'definitions')
params = _load_file_string_or_uri(params, 'params', False)
+ definition_groups = _load_file_string_or_uri(definition_groups, 'definition_groups', False)
policy_client = _resource_policy_client_factory(cmd.cli_ctx)
PolicySetDefinition = cmd.get_models('PolicySetDefinition')
parameters = PolicySetDefinition(policy_definitions=definitions, parameters=params, description=description,
- display_name=display_name)
+ display_name=display_name, policy_definition_groups=definition_groups)
if cmd.supported_api_version(min_api='2018-03-01'):
enforce_mutually_exclusive(subscription, management_group)
if management_group:
@@ -1554,10 +1555,11 @@ def update_policy_definition(cmd, policy_definition_name, rules=None, params=Non
def update_policy_setdefinition(cmd, policy_set_definition_name, definitions=None, params=None,
display_name=None, description=None,
- subscription=None, management_group=None):
+ subscription=None, management_group=None, definition_groups=None):
definitions = _load_file_string_or_uri(definitions, 'definitions', False)
params = _load_file_string_or_uri(params, 'params', False)
+ definition_groups = _load_file_string_or_uri(definition_groups, 'definition_groups', False)
policy_client = _resource_policy_client_factory(cmd.cli_ctx)
definition = _get_custom_or_builtin_policy(cmd, policy_client, policy_set_definition_name, subscription, management_group, True)
@@ -1567,7 +1569,8 @@ def update_policy_setdefinition(cmd, policy_set_definition_name, definitions=Non
policy_definitions=definitions if definitions is not None else definition.policy_definitions,
description=description if description is not None else definition.description,
display_name=display_name if display_name is not None else definition.display_name,
- parameters=params if params is not None else definition.parameters)
+ parameters=params if params is not None else definition.parameters,
+ policy_definition_groups=definition_groups if definition_groups is not None else definition.policy_definition_groups)
if cmd.supported_api_version(min_api='2018-03-01'):
enforce_mutually_exclusive(subscription, management_group)
if management_group:
diff --git a/src/azure-cli/azure/cli/command_modules/resource/tests/hybrid_2019_03_01/recordings/test_managedappdef_inline.yaml b/src/azure-cli/azure/cli/command_modules/resource/tests/hybrid_2019_03_01/recordings/test_managedappdef_inline.yaml
index e95d14d06e2..15b20a91533 100644
--- a/src/azure-cli/azure/cli/command_modules/resource/tests/hybrid_2019_03_01/recordings/test_managedappdef_inline.yaml
+++ b/src/azure-cli/azure/cli/command_modules/resource/tests/hybrid_2019_03_01/recordings/test_managedappdef_inline.yaml
@@ -1,325 +1,381 @@
interactions:
- request:
- body: '{"location": "westus", "tags": {"date": "2019-02-27T23:57:38Z", "product":
- "azurecli", "cause": "automation"}}'
- headers:
- Accept: [application/json]
- Accept-Encoding: ['gzip, deflate']
- CommandName: [group create]
- Connection: [keep-alive]
- Content-Length: ['110']
- Content-Type: [application/json; charset=utf-8]
- ParameterSetName: [--location --name --tag]
- User-Agent: [python/3.5.2 (Windows-10-10.0.17763-SP0) msrest/0.6.2 msrest_azure/0.4.34
- resourcemanagementclient/2.1.0 Azure-SDK-For-Python AZURECLI/2.0.58]
- accept-language: [en-US]
- method: PUT
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest.rg000001?api-version=2018-05-01
- response:
- body: {string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001","name":"clitest.rg000001","location":"westus","tags":{"date":"2019-02-27T23:57:38Z","product":"azurecli","cause":"automation"},"properties":{"provisioningState":"Succeeded"}}'}
- headers:
- cache-control: [no-cache]
- content-length: ['384']
- content-type: [application/json; charset=utf-8]
- date: ['Wed, 27 Feb 2019 23:57:39 GMT']
- expires: ['-1']
- pragma: [no-cache]
- strict-transport-security: [max-age=31536000; includeSubDomains]
- x-content-type-options: [nosniff]
- x-ms-ratelimit-remaining-subscription-writes: ['1199']
- status: {code: 201, message: Created}
-- request:
- body: 'b''{"properties": {"lockLevel": "None", "mainTemplate": "{\\r\\n \\"$schema\\":
- \\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\\",\\r\\n \\"contentVersion\\":
- \\"1.0.0.0\\",\\r\\n \\"parameters\\": {\\r\\n \\"adminUsername\\": {\\r\\n \\"type\\":
- \\"string\\",\\r\\n \\"metadata\\": {\\r\\n \\"description\\": \\"User
- name for the Virtual Machine.\\"\\r\\n }\\r\\n },\\r\\n \\"adminPassword\\":
- {\\r\\n \\"type\\": \\"securestring\\",\\r\\n \\"metadata\\": {\\r\\n \\"description\\":
- \\"Password for the Virtual Machine.\\"\\r\\n }\\r\\n },\\r\\n \\"dnsLabelPrefix\\":
- {\\r\\n \\"type\\": \\"string\\",\\r\\n \\"metadata\\": {\\r\\n \\"description\\":
- \\"Unique DNS Name for the Public IP used to access the Virtual Machine.\\"\\r\\n }\\r\\n },\\r\\n \\"ubuntuOSVersion\\":
- {\\r\\n \\"type\\": \\"string\\",\\r\\n \\"defaultValue\\": \\"16.04.0-LTS\\",\\r\\n \\"allowedValues\\":
- [\\r\\n \\"12.04.5-LTS\\",\\r\\n \\"14.04.5-LTS\\",\\r\\n \\"15.10\\",\\r\\n \\"16.04.0-LTS\\"\\r\\n ],\\r\\n \\"metadata\\":
- {\\r\\n \\"description\\": \\"The Ubuntu version for the VM. This will
- pick a fully patched image of this given Ubuntu version.\\"\\r\\n }\\r\\n }\\r\\n },\\r\\n \\"variables\\":
- {\\r\\n \\"storageAccountName\\": \\"[concat(uniquestring(resourceGroup().id),
- \''salinuxvm\'')]\\",\\r\\n \\"imagePublisher\\": \\"Canonical\\",\\r\\n \\"imageOffer\\":
- \\"UbuntuServer\\",\\r\\n \\"nicName\\": \\"myVMNic\\",\\r\\n \\"addressPrefix\\":
- \\"10.0.0.0/16\\",\\r\\n \\"subnetName\\": \\"Subnet\\",\\r\\n \\"subnetPrefix\\":
- \\"10.0.0.0/24\\",\\r\\n \\"storageAccountType\\": \\"Standard_LRS\\",\\r\\n \\"publicIPAddressName\\":
- \\"myPublicIP\\",\\r\\n \\"publicIPAddressType\\": \\"Dynamic\\",\\r\\n \\"vmName\\":
- \\"MyUbuntuVM\\",\\r\\n \\"vmSize\\": \\"Standard_A1\\",\\r\\n \\"virtualNetworkName\\":
- \\"MyVNET\\",\\r\\n \\"vnetID\\": \\"[resourceId(\''Microsoft.Network/virtualNetworks\'',variables(\''virtualNetworkName\''))]\\",\\r\\n \\"subnetRef\\":
- \\"[concat(variables(\''vnetID\''),\''/subnets/\'',variables(\''subnetName\''))]\\"\\r\\n },\\r\\n \\"resources\\":
- [\\r\\n {\\r\\n \\"type\\": \\"Microsoft.Storage/storageAccounts\\",\\r\\n \\"name\\":
- \\"[variables(\''storageAccountName\'')]\\",\\r\\n \\"apiVersion\\": \\"2017-06-01\\",\\r\\n \\"location\\":
- \\"westus\\",\\r\\n \\"sku\\": {\\r\\n \\"name\\": \\"[variables(\''storageAccountType\'')]\\"\\r\\n },\\r\\n \\"kind\\":
- \\"Storage\\",\\r\\n \\"properties\\": {}\\r\\n },\\r\\n {\\r\\n \\"apiVersion\\":
- \\"2017-04-01\\",\\r\\n \\"type\\": \\"Microsoft.Network/publicIPAddresses\\",\\r\\n \\"name\\":
- \\"[variables(\''publicIPAddressName\'')]\\",\\r\\n \\"location\\": \\"westus\\",\\r\\n \\"properties\\":
- {\\r\\n \\"publicIPAllocationMethod\\": \\"[variables(\''publicIPAddressType\'')]\\",\\r\\n \\"dnsSettings\\":
- {\\r\\n \\"domainNameLabel\\": \\"[parameters(\''dnsLabelPrefix\'')]\\"\\r\\n }\\r\\n }\\r\\n },\\r\\n {\\r\\n \\"apiVersion\\":
- \\"2017-04-01\\",\\r\\n \\"type\\": \\"Microsoft.Network/virtualNetworks\\",\\r\\n \\"name\\":
- \\"[variables(\''virtualNetworkName\'')]\\",\\r\\n \\"location\\": \\"westus\\",\\r\\n \\"properties\\":
- {\\r\\n \\"addressSpace\\": {\\r\\n \\"addressPrefixes\\": [\\r\\n \\"[variables(\''addressPrefix\'')]\\"\\r\\n ]\\r\\n },\\r\\n \\"subnets\\":
- [\\r\\n {\\r\\n \\"name\\": \\"[variables(\''subnetName\'')]\\",\\r\\n \\"properties\\":
- {\\r\\n \\"addressPrefix\\": \\"[variables(\''subnetPrefix\'')]\\"\\r\\n }\\r\\n }\\r\\n ]\\r\\n }\\r\\n },\\r\\n {\\r\\n \\"apiVersion\\":
- \\"2017-04-01\\",\\r\\n \\"type\\": \\"Microsoft.Network/networkInterfaces\\",\\r\\n \\"name\\":
- \\"[variables(\''nicName\'')]\\",\\r\\n \\"location\\": \\"westus\\",\\r\\n \\"dependsOn\\":
- [\\r\\n \\"[resourceId(\''Microsoft.Network/publicIPAddresses/\'', variables(\''publicIPAddressName\''))]\\",\\r\\n \\"[resourceId(\''Microsoft.Network/virtualNetworks/\'',
- variables(\''virtualNetworkName\''))]\\"\\r\\n ],\\r\\n \\"properties\\":
- {\\r\\n \\"ipConfigurations\\": [\\r\\n {\\r\\n \\"name\\":
- \\"ipconfig1\\",\\r\\n \\"properties\\": {\\r\\n \\"privateIPAllocationMethod\\":
- \\"Dynamic\\",\\r\\n \\"publicIPAddress\\": {\\r\\n \\"id\\":
- \\"[resourceId(\''Microsoft.Network/publicIPAddresses\'',variables(\''publicIPAddressName\''))]\\"\\r\\n },\\r\\n \\"subnet\\":
- {\\r\\n \\"id\\": \\"[variables(\''subnetRef\'')]\\"\\r\\n }\\r\\n }\\r\\n }\\r\\n ]\\r\\n }\\r\\n },\\r\\n {\\r\\n \\"apiVersion\\":
- \\"2017-03-30\\",\\r\\n \\"type\\": \\"Microsoft.Compute/virtualMachines\\",\\r\\n \\"name\\":
- \\"[variables(\''vmName\'')]\\",\\r\\n \\"location\\": \\"westus\\",\\r\\n \\"dependsOn\\":
- [\\r\\n \\"[resourceId(\''Microsoft.Storage/storageAccounts/\'', variables(\''storageAccountName\''))]\\",\\r\\n \\"[resourceId(\''Microsoft.Network/networkInterfaces/\'',
- variables(\''nicName\''))]\\"\\r\\n ],\\r\\n \\"properties\\": {\\r\\n \\"hardwareProfile\\":
- {\\r\\n \\"vmSize\\": \\"[variables(\''vmSize\'')]\\"\\r\\n },\\r\\n \\"osProfile\\":
- {\\r\\n \\"computerName\\": \\"[variables(\''vmName\'')]\\",\\r\\n \\"adminUsername\\":
- \\"[parameters(\''adminUsername\'')]\\",\\r\\n \\"adminPassword\\":
- \\"[parameters(\''adminPassword\'')]\\"\\r\\n },\\r\\n \\"storageProfile\\":
- {\\r\\n \\"imageReference\\": {\\r\\n \\"publisher\\": \\"[variables(\''imagePublisher\'')]\\",\\r\\n \\"offer\\":
- \\"[variables(\''imageOffer\'')]\\",\\r\\n \\"sku\\": \\"[parameters(\''ubuntuOSVersion\'')]\\",\\r\\n \\"version\\":
- \\"latest\\"\\r\\n },\\r\\n \\"osDisk\\": {\\r\\n \\"createOption\\":
- \\"FromImage\\"\\r\\n },\\r\\n \\"dataDisks\\": [\\r\\n {\\r\\n \\"diskSizeGB\\":
- \\"1023\\",\\r\\n \\"lun\\": 0,\\r\\n \\"createOption\\":
- \\"Empty\\"\\r\\n }\\r\\n ]\\r\\n },\\r\\n \\"networkProfile\\":
- {\\r\\n \\"networkInterfaces\\": [\\r\\n {\\r\\n \\"id\\":
- \\"[resourceId(\''Microsoft.Network/networkInterfaces\'',variables(\''nicName\''))]\\"\\r\\n }\\r\\n ]\\r\\n },\\r\\n \\"diagnosticsProfile\\":
- {\\r\\n \\"bootDiagnostics\\": {\\r\\n \\"enabled\\": \\"true\\",\\r\\n \\"storageUri\\":
- \\"[concat(reference(concat(\''Microsoft.Storage/storageAccounts/\'', variables(\''storageAccountName\'')),
- \''2016-01-01\'').primaryEndpoints.blob)]\\"\\r\\n }\\r\\n }\\r\\n }\\r\\n }\\r\\n ],\\r\\n \\"outputs\\":
- {\\r\\n \\"hostname\\": {\\r\\n \\"type\\": \\"string\\",\\r\\n \\"value\\":
- \\"[reference(variables(\''publicIPAddressName\'')).dnsSettings.fqdn]\\"\\r\\n },\\r\\n \\"sshCommand\\":
- {\\r\\n \\"type\\": \\"string\\",\\r\\n \\"value\\": \\"[concat(\''ssh
- \'', parameters(\''adminUsername\''), \''@\'', reference(variables(\''publicIPAddressName\'')).dnsSettings.fqdn)]\\"\\r\\n }\\r\\n }\\r\\n}",
- "authorizations": [{"roleDefinitionId": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
- "principalId": "5e91139a-c94b-462e-a6ff-1ee95e8aac07"}], "createUiDefinition":
- "{\\r\\n \\"$schema\\": \\"https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#\\",\\r\\n \\"handler\\":
- \\"Microsoft.Compute.MultiVm\\",\\r\\n \\"version\\": \\"0.1.2-preview\\",\\r\\n \\"parameters\\":
- {\\r\\n \\"basics\\": [\\r\\n {\\r\\n \\"name\\":
- \\"adminUsername\\",\\r\\n \\"type\\": \\"Microsoft.Compute.UserNameTextBox\\",\\r\\n \\"label\\":
- \\"Admin Username\\",\\r\\n \\"toolTip\\": \\"Admin user name
- for the virtual machine\\",\\r\\n \\"osPlatform\\": \\"Linux\\"\\r\\n },\\r\\n {\\r\\n \\"name\\":
- \\"adminPassword\\",\\r\\n \\"type\\": \\"Microsoft.Common.PasswordBox\\",\\r\\n \\"label\\":
- {\\r\\n \\"password\\": \\"Admin Password\\",\\r\\n \\"confirmPassword\\":
- \\"Confirm password\\"\\r\\n },\\r\\n \\"toolTip\\":
- \\"Admin password for the virtual machine\\",\\r\\n \\"constraints\\":
- {\\r\\n \\"required\\": true,\\r\\n \\"regex\\":
- \\"^(?:(?=.*[a-z])(?:(?=.*[A-Z])(?=.*[\\\\\\\\d\\\\\\\\W])|(?=.*\\\\\\\\W)(?=.*\\\\\\\\d))|(?=.*\\\\\\\\W)(?=.*[A-Z])(?=.*\\\\\\\\d)).{6,72}$\\",\\r\\n \\"validationMessage\\":
- \\"The password must be between 6 and 72 characters long, and contain characters
+ body: '{"location": "eastus", "properties": {"lockLevel": "None", "displayName":
+ "test_appdef000003", "authorizations": [{"principalId": "5e91139a-c94b-462e-a6ff-1ee95e8aac07",
+ "roleDefinitionId": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635"}], "description":
+ "test_appdef_123", "mainTemplate": "{\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\":
+ \"1.0.0.0\",\r\n \"parameters\": {\r\n \"adminUsername\": {\r\n \"type\":
+ \"string\",\r\n \"metadata\": {\r\n \"description\": \"User name
+ for the Virtual Machine.\"\r\n }\r\n },\r\n \"adminPassword\": {\r\n \"type\":
+ \"securestring\",\r\n \"metadata\": {\r\n \"description\": \"Password
+ for the Virtual Machine.\"\r\n }\r\n },\r\n \"dnsLabelPrefix\": {\r\n \"type\":
+ \"string\",\r\n \"metadata\": {\r\n \"description\": \"Unique DNS
+ Name for the Public IP used to access the Virtual Machine.\"\r\n }\r\n },\r\n \"ubuntuOSVersion\":
+ {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"16.04.0-LTS\",\r\n \"allowedValues\":
+ [\r\n \"12.04.5-LTS\",\r\n \"14.04.5-LTS\",\r\n \"15.10\",\r\n \"16.04.0-LTS\"\r\n ],\r\n \"metadata\":
+ {\r\n \"description\": \"The Ubuntu version for the VM. This will pick
+ a fully patched image of this given Ubuntu version.\"\r\n }\r\n }\r\n },\r\n \"variables\":
+ {\r\n \"storageAccountName\": \"[concat(uniquestring(resourceGroup().id),
+ ''salinuxvm'')]\",\r\n \"imagePublisher\": \"Canonical\",\r\n \"imageOffer\":
+ \"UbuntuServer\",\r\n \"nicName\": \"myVMNic\",\r\n \"addressPrefix\":
+ \"10.0.0.0/16\",\r\n \"subnetName\": \"Subnet\",\r\n \"subnetPrefix\":
+ \"10.0.0.0/24\",\r\n \"storageAccountType\": \"Standard_LRS\",\r\n \"publicIPAddressName\":
+ \"myPublicIP\",\r\n \"publicIPAddressType\": \"Dynamic\",\r\n \"vmName\":
+ \"MyUbuntuVM\",\r\n \"vmSize\": \"Standard_A1\",\r\n \"virtualNetworkName\":
+ \"MyVNET\",\r\n \"vnetID\": \"[resourceId(''Microsoft.Network/virtualNetworks'',variables(''virtualNetworkName''))]\",\r\n \"subnetRef\":
+ \"[concat(variables(''vnetID''),''/subnets/'',variables(''subnetName''))]\"\r\n },\r\n \"resources\":
+ [\r\n {\r\n \"type\": \"Microsoft.Storage/storageAccounts\",\r\n \"name\":
+ \"[variables(''storageAccountName'')]\",\r\n \"apiVersion\": \"2017-06-01\",\r\n \"location\":
+ \"westus\",\r\n \"sku\": {\r\n \"name\": \"[variables(''storageAccountType'')]\"\r\n },\r\n \"kind\":
+ \"Storage\",\r\n \"properties\": {}\r\n },\r\n {\r\n \"apiVersion\":
+ \"2017-04-01\",\r\n \"type\": \"Microsoft.Network/publicIPAddresses\",\r\n \"name\":
+ \"[variables(''publicIPAddressName'')]\",\r\n \"location\": \"westus\",\r\n \"properties\":
+ {\r\n \"publicIPAllocationMethod\": \"[variables(''publicIPAddressType'')]\",\r\n \"dnsSettings\":
+ {\r\n \"domainNameLabel\": \"[parameters(''dnsLabelPrefix'')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\":
+ \"2017-04-01\",\r\n \"type\": \"Microsoft.Network/virtualNetworks\",\r\n \"name\":
+ \"[variables(''virtualNetworkName'')]\",\r\n \"location\": \"westus\",\r\n \"properties\":
+ {\r\n \"addressSpace\": {\r\n \"addressPrefixes\": [\r\n \"[variables(''addressPrefix'')]\"\r\n ]\r\n },\r\n \"subnets\":
+ [\r\n {\r\n \"name\": \"[variables(''subnetName'')]\",\r\n \"properties\":
+ {\r\n \"addressPrefix\": \"[variables(''subnetPrefix'')]\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\":
+ \"2017-04-01\",\r\n \"type\": \"Microsoft.Network/networkInterfaces\",\r\n \"name\":
+ \"[variables(''nicName'')]\",\r\n \"location\": \"westus\",\r\n \"dependsOn\":
+ [\r\n \"[resourceId(''Microsoft.Network/publicIPAddresses/'', variables(''publicIPAddressName''))]\",\r\n \"[resourceId(''Microsoft.Network/virtualNetworks/'',
+ variables(''virtualNetworkName''))]\"\r\n ],\r\n \"properties\": {\r\n \"ipConfigurations\":
+ [\r\n {\r\n \"name\": \"ipconfig1\",\r\n \"properties\":
+ {\r\n \"privateIPAllocationMethod\": \"Dynamic\",\r\n \"publicIPAddress\":
+ {\r\n \"id\": \"[resourceId(''Microsoft.Network/publicIPAddresses'',variables(''publicIPAddressName''))]\"\r\n },\r\n \"subnet\":
+ {\r\n \"id\": \"[variables(''subnetRef'')]\"\r\n }\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\":
+ \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"name\":
+ \"[variables(''vmName'')]\",\r\n \"location\": \"westus\",\r\n \"dependsOn\":
+ [\r\n \"[resourceId(''Microsoft.Storage/storageAccounts/'', variables(''storageAccountName''))]\",\r\n \"[resourceId(''Microsoft.Network/networkInterfaces/'',
+ variables(''nicName''))]\"\r\n ],\r\n \"properties\": {\r\n \"hardwareProfile\":
+ {\r\n \"vmSize\": \"[variables(''vmSize'')]\"\r\n },\r\n \"osProfile\":
+ {\r\n \"computerName\": \"[variables(''vmName'')]\",\r\n \"adminUsername\":
+ \"[parameters(''adminUsername'')]\",\r\n \"adminPassword\": \"[parameters(''adminPassword'')]\"\r\n },\r\n \"storageProfile\":
+ {\r\n \"imageReference\": {\r\n \"publisher\": \"[variables(''imagePublisher'')]\",\r\n \"offer\":
+ \"[variables(''imageOffer'')]\",\r\n \"sku\": \"[parameters(''ubuntuOSVersion'')]\",\r\n \"version\":
+ \"latest\"\r\n },\r\n \"osDisk\": {\r\n \"createOption\":
+ \"FromImage\"\r\n },\r\n \"dataDisks\": [\r\n {\r\n \"diskSizeGB\":
+ \"1023\",\r\n \"lun\": 0,\r\n \"createOption\": \"Empty\"\r\n }\r\n ]\r\n },\r\n \"networkProfile\":
+ {\r\n \"networkInterfaces\": [\r\n {\r\n \"id\":
+ \"[resourceId(''Microsoft.Network/networkInterfaces'',variables(''nicName''))]\"\r\n }\r\n ]\r\n },\r\n \"diagnosticsProfile\":
+ {\r\n \"bootDiagnostics\": {\r\n \"enabled\": \"true\",\r\n \"storageUri\":
+ \"[concat(reference(concat(''Microsoft.Storage/storageAccounts/'', variables(''storageAccountName'')),
+ ''2016-01-01'').primaryEndpoints.blob)]\"\r\n }\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\":
+ {\r\n \"hostname\": {\r\n \"type\": \"string\",\r\n \"value\":
+ \"[reference(variables(''publicIPAddressName'')).dnsSettings.fqdn]\"\r\n },\r\n \"sshCommand\":
+ {\r\n \"type\": \"string\",\r\n \"value\": \"[concat(''ssh '', parameters(''adminUsername''),
+ ''@'', reference(variables(''publicIPAddressName'')).dnsSettings.fqdn)]\"\r\n }\r\n }\r\n}",
+ "createUiDefinition": "{\r\n \"$schema\": \"https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#\",\r\n \"handler\":
+ \"Microsoft.Compute.MultiVm\",\r\n \"version\": \"0.1.2-preview\",\r\n \"parameters\":
+ {\r\n \"basics\": [\r\n {\r\n \"name\": \"adminUsername\",\r\n \"type\":
+ \"Microsoft.Compute.UserNameTextBox\",\r\n \"label\": \"Admin
+ Username\",\r\n \"toolTip\": \"Admin user name for the virtual
+ machine\",\r\n \"osPlatform\": \"Linux\"\r\n },\r\n {\r\n \"name\":
+ \"adminPassword\",\r\n \"type\": \"Microsoft.Common.PasswordBox\",\r\n \"label\":
+ {\r\n \"password\": \"Admin Password\",\r\n \"confirmPassword\":
+ \"Confirm password\"\r\n },\r\n \"toolTip\": \"Admin
+ password for the virtual machine\",\r\n \"constraints\": {\r\n \"required\":
+ true,\r\n \"regex\": \"^(?:(?=.*[a-z])(?:(?=.*[A-Z])(?=.*[\\\\d\\\\W])|(?=.*\\\\W)(?=.*\\\\d))|(?=.*\\\\W)(?=.*[A-Z])(?=.*\\\\d)).{6,72}$\",\r\n \"validationMessage\":
+ \"The password must be between 6 and 72 characters long, and contain characters
from at least 3 of the following groups: uppercase characters, lowercase characters,
- numbers, and special characters.\\"\\r\\n },\\r\\n \\"options\\":
- {\\r\\n \\"hideConfirmation\\": false\\r\\n }\\r\\n }\\r\\n ],\\r\\n \\"steps\\":
- [\\r\\n {\\r\\n \\"name\\": \\"ipConfig\\",\\r\\n \\"label\\":
- \\"IP Config\\",\\r\\n \\"subLabel\\": {\\r\\n \\"preValidation\\":
- \\"Configure the public IP address\\",\\r\\n \\"postValidation\\":
- \\"Done\\"\\r\\n },\\r\\n \\"bladeTitle\\": \\"IP
- Settings\\",\\r\\n \\"elements\\": [\\r\\n {\\r\\n \\"name\\":
- \\"ipCombo\\",\\r\\n \\"type\\": \\"Microsoft.Network.PublicIpAddressCombo\\",\\r\\n \\"label\\":
- {\\r\\n \\"publicIpAddress\\": \\"Public IP address\\",\\r\\n \\"domainNameLabel\\":
- \\"Domain name label\\"\\r\\n },\\r\\n \\"toolTip\\":
- {\\r\\n \\"publicIpAddress\\": \\"\\",\\r\\n \\"domainNameLabel\\":
- \\"\\"\\r\\n },\\r\\n \\"defaultValue\\":
- {\\r\\n \\"publicIpAddressName\\": \\"myPublicIP\\"\\r\\n },\\r\\n \\"constraints\\":
- {\\r\\n \\"required\\": {\\r\\n \\"domainNameLabel\\":
- true\\r\\n }\\r\\n },\\r\\n \\"options\\":
- {\\r\\n \\"hideNone\\": true,\\r\\n \\"hideDomainNameLabel\\":
- false,\\r\\n \\"hideExisting\\": true\\r\\n },\\r\\n \\"visible\\":
- true\\r\\n }\\r\\n ]\\r\\n }\\r\\n ],\\r\\n \\"outputs\\":
- {\\r\\n \\"adminUsername\\": \\"[basics(\''adminUsername\'')]\\",\\r\\n \\"adminPassword\\":
- \\"[basics(\''adminPassword\'')]\\",\\r\\n \\"dnsLabelPrefix\\":
- \\"[steps(\''ipConfig\'').ipCombo.domainNameLabel]\\",\\r\\n \\"applianceResourceNameForMainTemplate\\":
- \\"testappname\\"\\r\\n }\\r\\n }\\r\\n}", "displayName": "test_appdef000003",
- "description": "test_appdef_123"}, "location": "eastus"}'''
+ numbers, and special characters.\"\r\n },\r\n \"options\":
+ {\r\n \"hideConfirmation\": false\r\n }\r\n }\r\n ],\r\n \"steps\":
+ [\r\n {\r\n \"name\": \"ipConfig\",\r\n \"label\":
+ \"IP Config\",\r\n \"subLabel\": {\r\n \"preValidation\":
+ \"Configure the public IP address\",\r\n \"postValidation\":
+ \"Done\"\r\n },\r\n \"bladeTitle\": \"IP Settings\",\r\n \"elements\":
+ [\r\n {\r\n \"name\": \"ipCombo\",\r\n \"type\":
+ \"Microsoft.Network.PublicIpAddressCombo\",\r\n \"label\":
+ {\r\n \"publicIpAddress\": \"Public IP address\",\r\n \"domainNameLabel\":
+ \"Domain name label\"\r\n },\r\n \"toolTip\":
+ {\r\n \"publicIpAddress\": \"\",\r\n \"domainNameLabel\":
+ \"\"\r\n },\r\n \"defaultValue\":
+ {\r\n \"publicIpAddressName\": \"myPublicIP\"\r\n },\r\n \"constraints\":
+ {\r\n \"required\": {\r\n \"domainNameLabel\":
+ true\r\n }\r\n },\r\n \"options\":
+ {\r\n \"hideNone\": true,\r\n \"hideDomainNameLabel\":
+ false,\r\n \"hideExisting\": true\r\n },\r\n \"visible\":
+ true\r\n }\r\n ]\r\n }\r\n ],\r\n \"outputs\":
+ {\r\n \"adminUsername\": \"[basics(''adminUsername'')]\",\r\n \"adminPassword\":
+ \"[basics(''adminPassword'')]\",\r\n \"dnsLabelPrefix\": \"[steps(''ipConfig'').ipCombo.domainNameLabel]\",\r\n \"applianceResourceNameForMainTemplate\":
+ \"testappname\"\r\n }\r\n }\r\n}"}}'
headers:
- Accept: [application/json]
- Accept-Encoding: ['gzip, deflate']
- CommandName: [managedapp definition create]
- Connection: [keep-alive]
- Content-Length: ['10713']
- Content-Type: [application/json; charset=utf-8]
- ParameterSetName: [-n --create-ui-definition --main-template --display-name
- --description -l -a --lock-level -g]
- User-Agent: [python/3.5.2 (Windows-10-10.0.17763-SP0) msrest/0.6.2 msrest_azure/0.4.34
- azure-mgmt-resource/2017-09-01 Azure-SDK-For-Python AZURECLI/2.0.58]
- accept-language: [en-US]
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - managedapp definition create
+ Connection:
+ - keep-alive
+ Content-Length:
+ - '10713'
+ Content-Type:
+ - application/json; charset=utf-8
+ ParameterSetName:
+ - -n --create-ui-definition --main-template --display-name --description -l
+ -a --lock-level -g
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/2017-09-01 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
method: PUT
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002?api-version=2017-09-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002?api-version=2018-06-01
response:
- body: {string: '{"properties":{"isEnabled":true,"lockLevel":"None","displayName":"test_appdef000003","description":"test_appdef_123","authorizations":[{"principalId":"5e91139a-c94b-462e-a6ff-1ee95e8aac07","roleDefinitionId":"8e3af657-a8ff-443c-a75c-2fe8c4bcb635"}],"artifacts":[{"name":"ApplicationResourceTemplate","type":"Template","uri":"https://prdsapplianceprodbl01.blob.core.windows.net/applicationdefinitions/2274D_7DEC1FD62E4547989BE5EFBA704319B4_DFBB283E48258FA3A6B7224D07E126D9EB3D0882/applicationResourceTemplate.json?sv=2017-04-17&sr=b&sig=eEvN9E%2FHXP4JEh7QRev5IPXIH64O8EjRYF5kcVq9Y8k%3D&se=2119-02-27T23:57:41Z&sp=r"},{"name":"CreateUiDefinition","type":"Custom","uri":"https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002/applicationArtifacts/CreateUiDefinition?api-version=2017-09-01"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002","name":"testappdefname000002","type":"Microsoft.Solutions/applicationDefinitions","location":"eastus"}'}
+ body:
+ string: '{"properties":{"authorizations":[{"principalId":"5e91139a-c94b-462e-a6ff-1ee95e8aac07","roleDefinitionId":"8e3af657-a8ff-443c-a75c-2fe8c4bcb635"}],"isEnabled":true,"lockLevel":"None","displayName":"test_appdef000003","description":"test_appdef_123","artifacts":[{"name":"ApplicationResourceTemplate","type":"Template","uri":"https://prdsapplianceprodbl01.blob.core.windows.net/applicationdefinitions/92ACA_F67CC918F64F4C3FAA24A855465F9D41_65B57E6F1B2F9386CA11AD7BFB285A7500EDE5CF/09be27d5361f4afe827914c9128740f8/applicationResourceTemplate.json"},{"name":"CreateUiDefinition","type":"Custom","uri":"https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002/applicationArtifacts/CreateUiDefinition?api-version=2017-09-01"},{"name":"MainTemplateParameters","type":"Custom","uri":"https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002/applicationArtifacts/MainTemplateParameters?api-version=2017-09-01"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002","name":"testappdefname000002","type":"Microsoft.Solutions/applicationDefinitions","location":"eastus"}'
headers:
- cache-control: [no-cache]
- content-length: ['1309']
- content-type: [application/json; charset=utf-8]
- date: ['Wed, 27 Feb 2019 23:57:41 GMT']
- expires: ['-1']
- pragma: [no-cache]
- strict-transport-security: [max-age=31536000; includeSubDomains]
- x-content-type-options: [nosniff]
- x-ms-ratelimit-remaining-subscription-writes: ['1199']
- status: {code: 201, message: Created}
+ cache-control:
+ - no-cache
+ content-length:
+ - '1611'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Sat, 07 Dec 2019 00:22:16 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ x-ms-ratelimit-remaining-subscription-writes:
+ - '1199'
+ status:
+ code: 201
+ message: Created
- request:
body: null
headers:
- Accept: [application/json]
- Accept-Encoding: ['gzip, deflate']
- CommandName: [managedapp definition create]
- Connection: [keep-alive]
- ParameterSetName: [-n --create-ui-definition --main-template --display-name
- --description -l -a --lock-level -g]
- User-Agent: [python/3.5.2 (Windows-10-10.0.17763-SP0) msrest/0.6.2 msrest_azure/0.4.34
- azure-mgmt-resource/2017-09-01 Azure-SDK-For-Python AZURECLI/2.0.58]
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - managedapp definition create
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n --create-ui-definition --main-template --display-name --description -l
+ -a --lock-level -g
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/2017-09-01 Azure-SDK-For-Python AZURECLI/2.0.77
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002?api-version=2017-09-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002?api-version=2018-06-01
response:
- body: {string: '{"properties":{"isEnabled":true,"lockLevel":"None","displayName":"test_appdef000003","description":"test_appdef_123","authorizations":[{"principalId":"5e91139a-c94b-462e-a6ff-1ee95e8aac07","roleDefinitionId":"8e3af657-a8ff-443c-a75c-2fe8c4bcb635"}],"artifacts":[{"name":"ApplicationResourceTemplate","type":"Template","uri":"https://prdsapplianceprodbl01.blob.core.windows.net/applicationdefinitions/2274D_7DEC1FD62E4547989BE5EFBA704319B4_DFBB283E48258FA3A6B7224D07E126D9EB3D0882/applicationResourceTemplate.json?sv=2017-04-17&sr=b&sig=eEvN9E%2FHXP4JEh7QRev5IPXIH64O8EjRYF5kcVq9Y8k%3D&se=2119-02-27T23:57:41Z&sp=r"},{"name":"CreateUiDefinition","type":"Custom","uri":"https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002/applicationArtifacts/CreateUiDefinition?api-version=2017-09-01"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002","name":"testappdefname000002","type":"Microsoft.Solutions/applicationDefinitions","location":"eastus"}'}
+ body:
+ string: '{"properties":{"authorizations":[{"principalId":"5e91139a-c94b-462e-a6ff-1ee95e8aac07","roleDefinitionId":"8e3af657-a8ff-443c-a75c-2fe8c4bcb635"}],"isEnabled":true,"lockLevel":"None","displayName":"test_appdef000003","description":"test_appdef_123","artifacts":[{"name":"ApplicationResourceTemplate","type":"Template","uri":"https://prdsapplianceprodbl01.blob.core.windows.net/applicationdefinitions/92ACA_F67CC918F64F4C3FAA24A855465F9D41_65B57E6F1B2F9386CA11AD7BFB285A7500EDE5CF/09be27d5361f4afe827914c9128740f8/applicationResourceTemplate.json"},{"name":"CreateUiDefinition","type":"Custom","uri":"https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002/applicationArtifacts/CreateUiDefinition?api-version=2017-09-01"},{"name":"MainTemplateParameters","type":"Custom","uri":"https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002/applicationArtifacts/MainTemplateParameters?api-version=2017-09-01"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002","name":"testappdefname000002","type":"Microsoft.Solutions/applicationDefinitions","location":"eastus"}'
headers:
- cache-control: [no-cache]
- content-length: ['1309']
- content-type: [application/json; charset=utf-8]
- date: ['Wed, 27 Feb 2019 23:58:11 GMT']
- expires: ['-1']
- pragma: [no-cache]
- strict-transport-security: [max-age=31536000; includeSubDomains]
- transfer-encoding: [chunked]
- vary: ['Accept-Encoding,Accept-Encoding']
- x-content-type-options: [nosniff]
- status: {code: 200, message: OK}
+ cache-control:
+ - no-cache
+ content-length:
+ - '1611'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Sat, 07 Dec 2019 00:22:48 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
- request:
body: null
headers:
- Accept: [application/json]
- Accept-Encoding: ['gzip, deflate']
- CommandName: [managedapp definition list]
- Connection: [keep-alive]
- ParameterSetName: [-g]
- User-Agent: [python/3.5.2 (Windows-10-10.0.17763-SP0) msrest/0.6.2 msrest_azure/0.4.34
- azure-mgmt-resource/2017-09-01 Azure-SDK-For-Python AZURECLI/2.0.58]
- accept-language: [en-US]
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - managedapp definition list
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -g
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/2017-09-01 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions?api-version=2017-09-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions?api-version=2018-06-01
response:
- body: {string: '{"value":[{"properties":{"isEnabled":true,"lockLevel":"None","displayName":"test_appdef000003","description":"test_appdef_123","authorizations":[{"principalId":"5e91139a-c94b-462e-a6ff-1ee95e8aac07","roleDefinitionId":"8e3af657-a8ff-443c-a75c-2fe8c4bcb635"}],"artifacts":[{"name":"ApplicationResourceTemplate","type":"Template","uri":"https://prdsapplianceprodbl01.blob.core.windows.net/applicationdefinitions/2274D_7DEC1FD62E4547989BE5EFBA704319B4_DFBB283E48258FA3A6B7224D07E126D9EB3D0882/applicationResourceTemplate.json?sv=2017-04-17&sr=b&sig=eEvN9E%2FHXP4JEh7QRev5IPXIH64O8EjRYF5kcVq9Y8k%3D&se=2119-02-27T23:57:41Z&sp=r"},{"name":"CreateUiDefinition","type":"Custom","uri":"https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002/applicationArtifacts/CreateUiDefinition?api-version=2017-09-01"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002","name":"testappdefname000002","type":"Microsoft.Solutions/applicationDefinitions","location":"eastus"}]}'}
+ body:
+ string: '{"value":[{"properties":{"authorizations":[{"principalId":"5e91139a-c94b-462e-a6ff-1ee95e8aac07","roleDefinitionId":"8e3af657-a8ff-443c-a75c-2fe8c4bcb635"}],"isEnabled":true,"lockLevel":"None","displayName":"test_appdef000003","description":"test_appdef_123","artifacts":[{"name":"ApplicationResourceTemplate","type":"Template","uri":"https://prdsapplianceprodbl01.blob.core.windows.net/applicationdefinitions/92ACA_F67CC918F64F4C3FAA24A855465F9D41_65B57E6F1B2F9386CA11AD7BFB285A7500EDE5CF/09be27d5361f4afe827914c9128740f8/applicationResourceTemplate.json"},{"name":"CreateUiDefinition","type":"Custom","uri":"https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002/applicationArtifacts/CreateUiDefinition?api-version=2017-09-01"},{"name":"MainTemplateParameters","type":"Custom","uri":"https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002/applicationArtifacts/MainTemplateParameters?api-version=2017-09-01"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002","name":"testappdefname000002","type":"Microsoft.Solutions/applicationDefinitions","location":"eastus"}]}'
headers:
- cache-control: [no-cache]
- content-length: ['1321']
- content-type: [application/json; charset=utf-8]
- date: ['Wed, 27 Feb 2019 23:58:12 GMT']
- expires: ['-1']
- pragma: [no-cache]
- strict-transport-security: [max-age=31536000; includeSubDomains]
- transfer-encoding: [chunked]
- vary: ['Accept-Encoding,Accept-Encoding']
- x-content-type-options: [nosniff]
- status: {code: 200, message: OK}
+ cache-control:
+ - no-cache
+ content-length:
+ - '1623'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Sat, 07 Dec 2019 00:22:50 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
- request:
body: null
headers:
- Accept: [application/json]
- Accept-Encoding: ['gzip, deflate']
- CommandName: [managedapp definition show]
- Connection: [keep-alive]
- ParameterSetName: [--ids]
- User-Agent: [python/3.5.2 (Windows-10-10.0.17763-SP0) msrest/0.6.2 msrest_azure/0.4.34
- azure-mgmt-resource/2017-09-01 Azure-SDK-For-Python AZURECLI/2.0.58]
- accept-language: [en-US]
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - managedapp definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - --ids
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/2017-09-01 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002?api-version=2017-09-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002?api-version=2018-06-01
response:
- body: {string: '{"properties":{"isEnabled":true,"lockLevel":"None","displayName":"test_appdef000003","description":"test_appdef_123","authorizations":[{"principalId":"5e91139a-c94b-462e-a6ff-1ee95e8aac07","roleDefinitionId":"8e3af657-a8ff-443c-a75c-2fe8c4bcb635"}],"artifacts":[{"name":"ApplicationResourceTemplate","type":"Template","uri":"https://prdsapplianceprodbl01.blob.core.windows.net/applicationdefinitions/2274D_7DEC1FD62E4547989BE5EFBA704319B4_DFBB283E48258FA3A6B7224D07E126D9EB3D0882/applicationResourceTemplate.json?sv=2017-04-17&sr=b&sig=eEvN9E%2FHXP4JEh7QRev5IPXIH64O8EjRYF5kcVq9Y8k%3D&se=2119-02-27T23:57:41Z&sp=r"},{"name":"CreateUiDefinition","type":"Custom","uri":"https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002/applicationArtifacts/CreateUiDefinition?api-version=2017-09-01"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002","name":"testappdefname000002","type":"Microsoft.Solutions/applicationDefinitions","location":"eastus"}'}
+ body:
+ string: '{"properties":{"authorizations":[{"principalId":"5e91139a-c94b-462e-a6ff-1ee95e8aac07","roleDefinitionId":"8e3af657-a8ff-443c-a75c-2fe8c4bcb635"}],"isEnabled":true,"lockLevel":"None","displayName":"test_appdef000003","description":"test_appdef_123","artifacts":[{"name":"ApplicationResourceTemplate","type":"Template","uri":"https://prdsapplianceprodbl01.blob.core.windows.net/applicationdefinitions/92ACA_F67CC918F64F4C3FAA24A855465F9D41_65B57E6F1B2F9386CA11AD7BFB285A7500EDE5CF/09be27d5361f4afe827914c9128740f8/applicationResourceTemplate.json"},{"name":"CreateUiDefinition","type":"Custom","uri":"https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002/applicationArtifacts/CreateUiDefinition?api-version=2017-09-01"},{"name":"MainTemplateParameters","type":"Custom","uri":"https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002/applicationArtifacts/MainTemplateParameters?api-version=2017-09-01"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002","name":"testappdefname000002","type":"Microsoft.Solutions/applicationDefinitions","location":"eastus"}'
headers:
- cache-control: [no-cache]
- content-length: ['1309']
- content-type: [application/json; charset=utf-8]
- date: ['Wed, 27 Feb 2019 23:58:13 GMT']
- expires: ['-1']
- pragma: [no-cache]
- strict-transport-security: [max-age=31536000; includeSubDomains]
- transfer-encoding: [chunked]
- vary: ['Accept-Encoding,Accept-Encoding']
- x-content-type-options: [nosniff]
- status: {code: 200, message: OK}
+ cache-control:
+ - no-cache
+ content-length:
+ - '1611'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Sat, 07 Dec 2019 00:22:52 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
- request:
body: null
headers:
- Accept: [application/json]
- Accept-Encoding: ['gzip, deflate']
- CommandName: [managedapp definition delete]
- Connection: [keep-alive]
- Content-Length: ['0']
- ParameterSetName: [-g -n]
- User-Agent: [python/3.5.2 (Windows-10-10.0.17763-SP0) msrest/0.6.2 msrest_azure/0.4.34
- azure-mgmt-resource/2017-09-01 Azure-SDK-For-Python AZURECLI/2.0.58]
- accept-language: [en-US]
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - managedapp definition delete
+ Connection:
+ - keep-alive
+ Content-Length:
+ - '0'
+ ParameterSetName:
+ - -g -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/2017-09-01 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
method: DELETE
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002?api-version=2017-09-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002?api-version=2018-06-01
response:
- body: {string: ''}
+ body:
+ string: ''
headers:
- cache-control: [no-cache]
- content-length: ['0']
- date: ['Wed, 27 Feb 2019 23:58:15 GMT']
- expires: ['-1']
- pragma: [no-cache]
- strict-transport-security: [max-age=31536000; includeSubDomains]
- x-content-type-options: [nosniff]
- x-ms-ratelimit-remaining-subscription-deletes: ['14999']
- status: {code: 200, message: OK}
+ cache-control:
+ - no-cache
+ content-length:
+ - '0'
+ date:
+ - Sat, 07 Dec 2019 00:22:53 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ x-ms-ratelimit-remaining-subscription-deletes:
+ - '14999'
+ status:
+ code: 200
+ message: OK
- request:
body: null
headers:
- Accept: [application/json]
- Accept-Encoding: ['gzip, deflate']
- CommandName: [managedapp definition list]
- Connection: [keep-alive]
- ParameterSetName: [-g]
- User-Agent: [python/3.5.2 (Windows-10-10.0.17763-SP0) msrest/0.6.2 msrest_azure/0.4.34
- azure-mgmt-resource/2017-09-01 Azure-SDK-For-Python AZURECLI/2.0.58]
- accept-language: [en-US]
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - managedapp definition list
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -g
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/2017-09-01 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions?api-version=2017-09-01
- response:
- body: {string: '{"value":[]}'}
- headers:
- cache-control: [no-cache]
- content-length: ['12']
- content-type: [application/json; charset=utf-8]
- date: ['Wed, 27 Feb 2019 23:58:14 GMT']
- expires: ['-1']
- pragma: [no-cache]
- strict-transport-security: [max-age=31536000; includeSubDomains]
- vary: [Accept-Encoding]
- x-content-type-options: [nosniff]
- status: {code: 200, message: OK}
-- request:
- body: null
- headers:
- Accept: [application/json]
- Accept-Encoding: ['gzip, deflate']
- CommandName: [group delete]
- Connection: [keep-alive]
- Content-Length: ['0']
- ParameterSetName: [--name --yes --no-wait]
- User-Agent: [python/3.5.2 (Windows-10-10.0.17763-SP0) msrest/0.6.2 msrest_azure/0.4.34
- resourcemanagementclient/2.1.0 Azure-SDK-For-Python AZURECLI/2.0.58]
- accept-language: [en-US]
- method: DELETE
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest.rg000001?api-version=2018-05-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions?api-version=2018-06-01
response:
- body: {string: ''}
+ body:
+ string: '{"value":[]}'
headers:
- cache-control: [no-cache]
- content-length: ['0']
- date: ['Wed, 27 Feb 2019 23:58:16 GMT']
- expires: ['-1']
- location: ['https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/operationresults/eyJqb2JJZCI6IlJFU09VUkNFR1JPVVBERUxFVElPTkpPQi1DTElURVNUOjJFUkdDRENER1Y3QlBPSlkySjJOVFpVTENIR1hRVlBLTkNCUVpGSHwyMjE2RUFFODU5RjAzMzZFLVdFU1RVUyIsImpvYkxvY2F0aW9uIjoid2VzdHVzIn0?api-version=2018-05-01']
- pragma: [no-cache]
- strict-transport-security: [max-age=31536000; includeSubDomains]
- x-content-type-options: [nosniff]
- x-ms-ratelimit-remaining-subscription-deletes: ['14999']
- status: {code: 202, message: Accepted}
+ cache-control:
+ - no-cache
+ content-length:
+ - '12'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Sat, 07 Dec 2019 00:22:54 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
version: 1
diff --git a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_managedappdef.yaml b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_managedappdef.yaml
index 2d4bfdb69fc..0635af15548 100644
--- a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_managedappdef.yaml
+++ b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_managedappdef.yaml
@@ -1,584 +1,283 @@
interactions:
- request:
- body: '{"location": "westus", "tags": {"product": "azurecli", "cause": "automation",
- "date": "2018-06-13T23:00:37Z"}}'
- headers:
- Accept: [application/json]
- Accept-Encoding: ['gzip, deflate']
- CommandName: [group create]
- Connection: [keep-alive]
- Content-Length: ['110']
- Content-Type: [application/json; charset=utf-8]
- User-Agent: [python/3.6.5 (Windows-10-10.0.16299-SP0) requests/2.18.4 msrest/0.4.29
- msrest_azure/0.4.31 resourcemanagementclient/2.0.0rc2 Azure-SDK-For-Python
- AZURECLI/2.0.34]
- accept-language: [en-US]
- method: PUT
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest.rg000001?api-version=2019-07-01
- response:
- body: {string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001","name":"clitest.rg000001","location":"westus","tags":{"product":"azurecli","cause":"automation","date":"2018-06-13T23:00:37Z"},"properties":{"provisioningState":"Succeeded"}}'}
- headers:
- cache-control: [no-cache]
- content-length: ['384']
- content-type: [application/json; charset=utf-8]
- date: ['Wed, 13 Jun 2018 23:00:37 GMT']
- expires: ['-1']
- pragma: [no-cache]
- strict-transport-security: [max-age=31536000; includeSubDomains]
- x-content-type-options: [nosniff]
- x-ms-ratelimit-remaining-subscription-writes: ['1199']
- status: {code: 201, message: Created}
-- request:
- body: 'b''{"location": "eastus", "properties": {"lockLevel": "None", "displayName":
- "test_appdef000003", "authorizations": [{"principalId": "5e91139a-c94b-462e-a6ff-1ee95e8aac07",
- "roleDefinitionId": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635"}], "description":
- "test_appdef_123", "packageFileUri": "https://testclinew.blob.core.windows.net/files/vivekMAD.zip"}}'''
- headers:
- Accept: [application/json]
- Accept-Encoding: ['gzip, deflate']
- CommandName: [managedapp definition create]
- Connection: [keep-alive]
- Content-Length: ['350']
- Content-Type: [application/json; charset=utf-8]
- User-Agent: [python/3.6.5 (Windows-10-10.0.16299-SP0) requests/2.18.4 msrest/0.4.29
- msrest_azure/0.4.31 azure-mgmt-resource/2017-09-01 Azure-SDK-For-Python
- AZURECLI/2.0.34]
- accept-language: [en-US]
- method: PUT
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002?api-version=2017-09-01
- response:
- body: {string: '{"error":{"code":"MissingSubscriptionRegistration","message":"The
- subscription is not registered to use namespace ''Microsoft.Solutions''. See
- https://aka.ms/rps-not-found for how to register subscriptions.","details":[{"code":"MissingSubscriptionRegistration","target":"Microsoft.Solutions","message":"The
- subscription is not registered to use namespace ''Microsoft.Solutions''. See
- https://aka.ms/rps-not-found for how to register subscriptions."}]}}'}
- headers:
- cache-control: [no-cache]
- content-length: ['448']
- content-type: [application/json; charset=utf-8]
- date: ['Wed, 13 Jun 2018 23:00:39 GMT']
- expires: ['-1']
- pragma: [no-cache]
- strict-transport-security: [max-age=31536000; includeSubDomains]
- x-content-type-options: [nosniff]
- x-ms-failure-cause: [gateway]
- status: {code: 409, message: Conflict}
-- request:
- body: null
- headers:
- Accept: ['*/*']
- Accept-Encoding: ['gzip, deflate']
- Connection: [keep-alive]
- Content-Length: ['0']
- User-Agent: [python-requests/2.18.4]
- method: POST
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions/register?api-version=2016-02-01
- response:
- body: {string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"8e3af657-a8ff-443c-a75c-2fe8c4bcb635"},"resourceTypes":[{"resourceType":"appliances","locations":["West
- Central US"],"apiVersions":["2016-09-01-preview"],"capabilities":"None"},{"resourceType":"applianceDefinitions","locations":["West
- Central US"],"apiVersions":["2016-09-01-preview"],"capabilities":"None"},{"resourceType":"applications","locations":["South
- Central US","North Central US","West Central US","West US","West US 2","East
- US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
- Asia","Brazil South","Japan West","Japan East","Australia East","Australia
- Southeast","South India","West India","Central India","Canada Central","Canada
- East","UK South","UK West","Korea Central","Korea South","France Central"],"apiVersions":["2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"applicationDefinitions","locations":["South
- Central US","North Central US","West Central US","West US","West US 2","East
- US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
- Asia","Brazil South","Japan West","Japan East","Australia East","Australia
- Southeast","South India","West India","Central India","Canada Central","Canada
- East","UK South","UK West","Korea Central","Korea South","France Central"],"apiVersions":["2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
- Central US"],"apiVersions":["2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"locations/operationstatuses","locations":["South
- Central US","North Central US","West Central US","West US","West US 2","East
- US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
- Asia","Brazil South","Japan West","Japan East","Australia East","Australia
- Southeast","South India","West India","Central India","Canada Central","Canada
- East","UK South","UK West","Korea Central","Korea South","France Central"],"apiVersions":["2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'}
- headers:
- cache-control: [no-cache]
- content-length: ['2565']
- content-type: [application/json; charset=utf-8]
- date: ['Wed, 13 Jun 2018 23:00:40 GMT']
- expires: ['-1']
- pragma: [no-cache]
- strict-transport-security: [max-age=31536000; includeSubDomains]
- transfer-encoding: [chunked]
- vary: [Accept-Encoding]
- x-content-type-options: [nosniff]
- x-ms-ratelimit-remaining-subscription-writes: ['1198']
- status: {code: 200, message: OK}
-- request:
- body: null
- headers:
- Accept: ['*/*']
- Accept-Encoding: ['gzip, deflate']
- Connection: [keep-alive]
- User-Agent: [python-requests/2.18.4]
- method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
- response:
- body: {string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"8e3af657-a8ff-443c-a75c-2fe8c4bcb635"},"resourceTypes":[{"resourceType":"appliances","locations":["West
- Central US"],"apiVersions":["2016-09-01-preview"],"capabilities":"None"},{"resourceType":"applianceDefinitions","locations":["West
- Central US"],"apiVersions":["2016-09-01-preview"],"capabilities":"None"},{"resourceType":"applications","locations":["South
- Central US","North Central US","West Central US","West US","West US 2","East
- US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
- Asia","Brazil South","Japan West","Japan East","Australia East","Australia
- Southeast","South India","West India","Central India","Canada Central","Canada
- East","UK South","UK West","Korea Central","Korea South","France Central"],"apiVersions":["2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"applicationDefinitions","locations":["South
- Central US","North Central US","West Central US","West US","West US 2","East
- US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
- Asia","Brazil South","Japan West","Japan East","Australia East","Australia
- Southeast","South India","West India","Central India","Canada Central","Canada
- East","UK South","UK West","Korea Central","Korea South","France Central"],"apiVersions":["2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
- Central US"],"apiVersions":["2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"locations/operationstatuses","locations":["South
- Central US","North Central US","West Central US","West US","West US 2","East
- US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
- Asia","Brazil South","Japan West","Japan East","Australia East","Australia
- Southeast","South India","West India","Central India","Canada Central","Canada
- East","UK South","UK West","Korea Central","Korea South","France Central"],"apiVersions":["2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'}
- headers:
- cache-control: [no-cache]
- content-length: ['2565']
- content-type: [application/json; charset=utf-8]
- date: ['Wed, 13 Jun 2018 23:00:50 GMT']
- expires: ['-1']
- pragma: [no-cache]
- strict-transport-security: [max-age=31536000; includeSubDomains]
- vary: [Accept-Encoding]
- x-content-type-options: [nosniff]
- status: {code: 200, message: OK}
-- request:
- body: null
- headers:
- Accept: ['*/*']
- Accept-Encoding: ['gzip, deflate']
- Connection: [keep-alive]
- User-Agent: [python-requests/2.18.4]
- method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
- response:
- body: {string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"8e3af657-a8ff-443c-a75c-2fe8c4bcb635"},"resourceTypes":[{"resourceType":"appliances","locations":["West
- Central US"],"apiVersions":["2016-09-01-preview"],"capabilities":"None"},{"resourceType":"applianceDefinitions","locations":["West
- Central US"],"apiVersions":["2016-09-01-preview"],"capabilities":"None"},{"resourceType":"applications","locations":["South
- Central US","North Central US","West Central US","West US","West US 2","East
- US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
- Asia","Brazil South","Japan West","Japan East","Australia East","Australia
- Southeast","South India","West India","Central India","Canada Central","Canada
- East","UK South","UK West","Korea Central","Korea South","France Central"],"apiVersions":["2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"applicationDefinitions","locations":["South
- Central US","North Central US","West Central US","West US","West US 2","East
- US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
- Asia","Brazil South","Japan West","Japan East","Australia East","Australia
- Southeast","South India","West India","Central India","Canada Central","Canada
- East","UK South","UK West","Korea Central","Korea South","France Central"],"apiVersions":["2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
- Central US"],"apiVersions":["2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"locations/operationstatuses","locations":["South
- Central US","North Central US","West Central US","West US","West US 2","East
- US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
- Asia","Brazil South","Japan West","Japan East","Australia East","Australia
- Southeast","South India","West India","Central India","Canada Central","Canada
- East","UK South","UK West","Korea Central","Korea South","France Central"],"apiVersions":["2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'}
- headers:
- cache-control: [no-cache]
- content-length: ['2565']
- content-type: [application/json; charset=utf-8]
- date: ['Wed, 13 Jun 2018 23:00:59 GMT']
- expires: ['-1']
- pragma: [no-cache]
- strict-transport-security: [max-age=31536000; includeSubDomains]
- vary: [Accept-Encoding]
- x-content-type-options: [nosniff]
- status: {code: 200, message: OK}
-- request:
- body: null
- headers:
- Accept: ['*/*']
- Accept-Encoding: ['gzip, deflate']
- Connection: [keep-alive]
- User-Agent: [python-requests/2.18.4]
- method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
- response:
- body: {string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"8e3af657-a8ff-443c-a75c-2fe8c4bcb635"},"resourceTypes":[{"resourceType":"appliances","locations":["West
- Central US"],"apiVersions":["2016-09-01-preview"],"capabilities":"None"},{"resourceType":"applianceDefinitions","locations":["West
- Central US"],"apiVersions":["2016-09-01-preview"],"capabilities":"None"},{"resourceType":"applications","locations":["South
- Central US","North Central US","West Central US","West US","West US 2","East
- US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
- Asia","Brazil South","Japan West","Japan East","Australia East","Australia
- Southeast","South India","West India","Central India","Canada Central","Canada
- East","UK South","UK West","Korea Central","Korea South","France Central"],"apiVersions":["2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"applicationDefinitions","locations":["South
- Central US","North Central US","West Central US","West US","West US 2","East
- US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
- Asia","Brazil South","Japan West","Japan East","Australia East","Australia
- Southeast","South India","West India","Central India","Canada Central","Canada
- East","UK South","UK West","Korea Central","Korea South","France Central"],"apiVersions":["2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
- Central US"],"apiVersions":["2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"locations/operationstatuses","locations":["South
- Central US","North Central US","West Central US","West US","West US 2","East
- US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
- Asia","Brazil South","Japan West","Japan East","Australia East","Australia
- Southeast","South India","West India","Central India","Canada Central","Canada
- East","UK South","UK West","Korea Central","Korea South","France Central"],"apiVersions":["2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'}
- headers:
- cache-control: [no-cache]
- content-length: ['2565']
- content-type: [application/json; charset=utf-8]
- date: ['Wed, 13 Jun 2018 23:01:10 GMT']
- expires: ['-1']
- pragma: [no-cache]
- strict-transport-security: [max-age=31536000; includeSubDomains]
- vary: [Accept-Encoding]
- x-content-type-options: [nosniff]
- status: {code: 200, message: OK}
-- request:
- body: null
- headers:
- Accept: ['*/*']
- Accept-Encoding: ['gzip, deflate']
- Connection: [keep-alive]
- User-Agent: [python-requests/2.18.4]
- method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
- response:
- body: {string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"8e3af657-a8ff-443c-a75c-2fe8c4bcb635"},"resourceTypes":[{"resourceType":"appliances","locations":["West
- Central US"],"apiVersions":["2016-09-01-preview"],"capabilities":"None"},{"resourceType":"applianceDefinitions","locations":["West
- Central US"],"apiVersions":["2016-09-01-preview"],"capabilities":"None"},{"resourceType":"applications","locations":["South
- Central US","North Central US","West Central US","West US","West US 2","East
- US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
- Asia","Brazil South","Japan West","Japan East","Australia East","Australia
- Southeast","South India","West India","Central India","Canada Central","Canada
- East","UK South","UK West","Korea Central","Korea South","France Central"],"apiVersions":["2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"applicationDefinitions","locations":["South
- Central US","North Central US","West Central US","West US","West US 2","East
- US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
- Asia","Brazil South","Japan West","Japan East","Australia East","Australia
- Southeast","South India","West India","Central India","Canada Central","Canada
- East","UK South","UK West","Korea Central","Korea South","France Central"],"apiVersions":["2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
- Central US"],"apiVersions":["2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"locations/operationstatuses","locations":["South
- Central US","North Central US","West Central US","West US","West US 2","East
- US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
- Asia","Brazil South","Japan West","Japan East","Australia East","Australia
- Southeast","South India","West India","Central India","Canada Central","Canada
- East","UK South","UK West","Korea Central","Korea South","France Central"],"apiVersions":["2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'}
- headers:
- cache-control: [no-cache]
- content-length: ['2565']
- content-type: [application/json; charset=utf-8]
- date: ['Wed, 13 Jun 2018 23:01:20 GMT']
- expires: ['-1']
- pragma: [no-cache]
- strict-transport-security: [max-age=31536000; includeSubDomains]
- vary: [Accept-Encoding]
- x-content-type-options: [nosniff]
- status: {code: 200, message: OK}
-- request:
- body: null
- headers:
- Accept: ['*/*']
- Accept-Encoding: ['gzip, deflate']
- Connection: [keep-alive]
- User-Agent: [python-requests/2.18.4]
- method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
- response:
- body: {string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"8e3af657-a8ff-443c-a75c-2fe8c4bcb635"},"resourceTypes":[{"resourceType":"appliances","locations":["West
- Central US"],"apiVersions":["2016-09-01-preview"],"capabilities":"None"},{"resourceType":"applianceDefinitions","locations":["West
- Central US"],"apiVersions":["2016-09-01-preview"],"capabilities":"None"},{"resourceType":"applications","locations":["South
- Central US","North Central US","West Central US","West US","West US 2","East
- US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
- Asia","Brazil South","Japan West","Japan East","Australia East","Australia
- Southeast","South India","West India","Central India","Canada Central","Canada
- East","UK South","UK West","Korea Central","Korea South","France Central"],"apiVersions":["2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"applicationDefinitions","locations":["South
- Central US","North Central US","West Central US","West US","West US 2","East
- US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
- Asia","Brazil South","Japan West","Japan East","Australia East","Australia
- Southeast","South India","West India","Central India","Canada Central","Canada
- East","UK South","UK West","Korea Central","Korea South","France Central"],"apiVersions":["2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
- Central US"],"apiVersions":["2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"locations/operationstatuses","locations":["South
- Central US","North Central US","West Central US","West US","West US 2","East
- US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
- Asia","Brazil South","Japan West","Japan East","Australia East","Australia
- Southeast","South India","West India","Central India","Canada Central","Canada
- East","UK South","UK West","Korea Central","Korea South","France Central"],"apiVersions":["2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'}
- headers:
- cache-control: [no-cache]
- content-length: ['2565']
- content-type: [application/json; charset=utf-8]
- date: ['Wed, 13 Jun 2018 23:01:29 GMT']
- expires: ['-1']
- pragma: [no-cache]
- strict-transport-security: [max-age=31536000; includeSubDomains]
- vary: [Accept-Encoding]
- x-content-type-options: [nosniff]
- status: {code: 200, message: OK}
-- request:
- body: null
- headers:
- Accept: ['*/*']
- Accept-Encoding: ['gzip, deflate']
- Connection: [keep-alive]
- User-Agent: [python-requests/2.18.4]
- method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
- response:
- body: {string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"8e3af657-a8ff-443c-a75c-2fe8c4bcb635"},"resourceTypes":[{"resourceType":"appliances","locations":["West
- Central US"],"apiVersions":["2016-09-01-preview"],"capabilities":"None"},{"resourceType":"applianceDefinitions","locations":["West
- Central US"],"apiVersions":["2016-09-01-preview"],"capabilities":"None"},{"resourceType":"applications","locations":["South
- Central US","North Central US","West Central US","West US","West US 2","East
- US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
- Asia","Brazil South","Japan West","Japan East","Australia East","Australia
- Southeast","South India","West India","Central India","Canada Central","Canada
- East","UK South","UK West","Korea Central","Korea South","France Central"],"apiVersions":["2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"applicationDefinitions","locations":["South
- Central US","North Central US","West Central US","West US","West US 2","East
- US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
- Asia","Brazil South","Japan West","Japan East","Australia East","Australia
- Southeast","South India","West India","Central India","Canada Central","Canada
- East","UK South","UK West","Korea Central","Korea South","France Central"],"apiVersions":["2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
- Central US"],"apiVersions":["2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"locations/operationstatuses","locations":["South
- Central US","North Central US","West Central US","West US","West US 2","East
- US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
- Asia","Brazil South","Japan West","Japan East","Australia East","Australia
- Southeast","South India","West India","Central India","Canada Central","Canada
- East","UK South","UK West","Korea Central","Korea South","France Central"],"apiVersions":["2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'}
- headers:
- cache-control: [no-cache]
- content-length: ['2565']
- content-type: [application/json; charset=utf-8]
- date: ['Wed, 13 Jun 2018 23:01:39 GMT']
- expires: ['-1']
- pragma: [no-cache]
- strict-transport-security: [max-age=31536000; includeSubDomains]
- vary: [Accept-Encoding]
- x-content-type-options: [nosniff]
- status: {code: 200, message: OK}
-- request:
- body: null
- headers:
- Accept: ['*/*']
- Accept-Encoding: ['gzip, deflate']
- Connection: [keep-alive]
- User-Agent: [python-requests/2.18.4]
- method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
- response:
- body: {string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"8e3af657-a8ff-443c-a75c-2fe8c4bcb635"},"resourceTypes":[{"resourceType":"appliances","locations":["West
- Central US"],"apiVersions":["2016-09-01-preview"],"capabilities":"None"},{"resourceType":"applianceDefinitions","locations":["West
- Central US"],"apiVersions":["2016-09-01-preview"],"capabilities":"None"},{"resourceType":"applications","locations":["South
- Central US","North Central US","West Central US","West US","West US 2","East
- US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
- Asia","Brazil South","Japan West","Japan East","Australia East","Australia
- Southeast","South India","West India","Central India","Canada Central","Canada
- East","UK South","UK West","Korea Central","Korea South","France Central"],"apiVersions":["2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"applicationDefinitions","locations":["South
- Central US","North Central US","West Central US","West US","West US 2","East
- US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
- Asia","Brazil South","Japan West","Japan East","Australia East","Australia
- Southeast","South India","West India","Central India","Canada Central","Canada
- East","UK South","UK West","Korea Central","Korea South","France Central"],"apiVersions":["2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
- Central US"],"apiVersions":["2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"locations/operationstatuses","locations":["South
- Central US","North Central US","West Central US","West US","West US 2","East
- US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
- Asia","Brazil South","Japan West","Japan East","Australia East","Australia
- Southeast","South India","West India","Central India","Canada Central","Canada
- East","UK South","UK West","Korea Central","Korea South","France Central"],"apiVersions":["2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registered"}'}
- headers:
- cache-control: [no-cache]
- content-length: ['2564']
- content-type: [application/json; charset=utf-8]
- date: ['Wed, 13 Jun 2018 23:01:50 GMT']
- expires: ['-1']
- pragma: [no-cache]
- strict-transport-security: [max-age=31536000; includeSubDomains]
- vary: [Accept-Encoding]
- x-content-type-options: [nosniff]
- status: {code: 200, message: OK}
-- request:
- body: 'b''{"location": "eastus", "properties": {"lockLevel": "None", "displayName":
+ body: '{"location": "eastus", "properties": {"lockLevel": "None", "displayName":
"test_appdef000003", "authorizations": [{"principalId": "5e91139a-c94b-462e-a6ff-1ee95e8aac07",
"roleDefinitionId": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635"}], "description":
- "test_appdef_123", "packageFileUri": "https://testclinew.blob.core.windows.net/files/vivekMAD.zip"}}'''
- headers:
- Accept: [application/json]
- Accept-Encoding: ['gzip, deflate']
- CommandName: [managedapp definition create]
- Connection: [keep-alive]
- Content-Length: ['350']
- Content-Type: [application/json; charset=utf-8]
- User-Agent: [python/3.6.5 (Windows-10-10.0.16299-SP0) requests/2.18.4 msrest/0.4.29
- msrest_azure/0.4.31 azure-mgmt-resource/2017-09-01 Azure-SDK-For-Python
- AZURECLI/2.0.34]
- accept-language: [en-US]
+ "test_appdef_123", "packageFileUri": "https://raw.githubusercontent.com/Azure/azure-managedapp-samples/master/Managed%20Application%20Sample%20Packages/201-managed-storage-account/managedstorage.zip"}}'
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - managedapp definition create
+ Connection:
+ - keep-alive
+ Content-Length:
+ - '451'
+ Content-Type:
+ - application/json; charset=utf-8
+ ParameterSetName:
+ - -n --package-file-uri --display-name --description -l -a --lock-level -g
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/2017-09-01 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
method: PUT
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002?api-version=2017-09-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002?api-version=2018-06-01
response:
- body: {string: '{"properties":{"isEnabled":true,"lockLevel":"None","displayName":"test_appdef000003","description":"test_appdef_123","authorizations":[{"principalId":"5e91139a-c94b-462e-a6ff-1ee95e8aac07","roleDefinitionId":"8e3af657-a8ff-443c-a75c-2fe8c4bcb635"}],"artifacts":[{"name":"ApplicationResourceTemplate","type":"Template","uri":"https://prdsapplianceprodbl01.blob.core.windows.net/applicationdefinitions/3B796_89EC4D1DDCC74A3FA7010A5D074C8505_C23112071DE9FC2E3E4374454CB6FD3501C91EFF/applicationResourceTemplate.json?sv=2017-04-17&sr=b&sig=mTUIEqk26phMFSzbhR6Ee4YR%2F6EFrZ5NTKM7j0pA1wo%3D&se=2118-06-13T23:01:52Z&sp=r"},{"name":"CreateUiDefinition","type":"Custom","uri":"https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002/applicationArtifacts/CreateUiDefinition?api-version=2017-09-01"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002","name":"testappdefname000002","type":"Microsoft.Solutions/applicationDefinitions","location":"eastus"}'}
- headers:
- cache-control: [no-cache]
- content-length: ['1309']
- content-type: [application/json; charset=utf-8]
- date: ['Wed, 13 Jun 2018 23:01:51 GMT']
- expires: ['-1']
- pragma: [no-cache]
- strict-transport-security: [max-age=31536000; includeSubDomains]
- x-content-type-options: [nosniff]
- x-ms-ratelimit-remaining-subscription-writes: ['1197']
- status: {code: 201, message: Created}
+ body:
+ string: '{"properties":{"authorizations":[{"principalId":"5e91139a-c94b-462e-a6ff-1ee95e8aac07","roleDefinitionId":"8e3af657-a8ff-443c-a75c-2fe8c4bcb635"}],"isEnabled":true,"lockLevel":"None","displayName":"test_appdef000003","description":"test_appdef_123","artifacts":[{"name":"ApplicationResourceTemplate","type":"Template","uri":"https://prdsapplianceprodbl01.blob.core.windows.net/applicationdefinitions/92ACA_F67CC918F64F4C3FAA24A855465F9D41_DA545354A830C6BA1D0DF4D70733A9444EB2D789/c7edd05cb14c4fde9ad4b9247d13c072/applicationResourceTemplate.json"},{"name":"CreateUiDefinition","type":"Custom","uri":"https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002/applicationArtifacts/CreateUiDefinition?api-version=2017-09-01"},{"name":"MainTemplateParameters","type":"Custom","uri":"https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002/applicationArtifacts/MainTemplateParameters?api-version=2017-09-01"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002","name":"testappdefname000002","type":"Microsoft.Solutions/applicationDefinitions","location":"eastus"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1611'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 23:10:34 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ x-ms-ratelimit-remaining-subscription-writes:
+ - '1199'
+ status:
+ code: 201
+ message: Created
- request:
body: null
headers:
- Accept: [application/json]
- Accept-Encoding: ['gzip, deflate']
- CommandName: [managedapp definition create]
- Connection: [keep-alive]
- User-Agent: [python/3.6.5 (Windows-10-10.0.16299-SP0) requests/2.18.4 msrest/0.4.29
- msrest_azure/0.4.31 azure-mgmt-resource/2017-09-01 Azure-SDK-For-Python
- AZURECLI/2.0.34]
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - managedapp definition create
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n --package-file-uri --display-name --description -l -a --lock-level -g
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/2017-09-01 Azure-SDK-For-Python AZURECLI/2.0.77
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002?api-version=2017-09-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002?api-version=2018-06-01
response:
- body: {string: '{"properties":{"isEnabled":true,"lockLevel":"None","displayName":"test_appdef000003","description":"test_appdef_123","authorizations":[{"principalId":"5e91139a-c94b-462e-a6ff-1ee95e8aac07","roleDefinitionId":"8e3af657-a8ff-443c-a75c-2fe8c4bcb635"}],"artifacts":[{"name":"ApplicationResourceTemplate","type":"Template","uri":"https://prdsapplianceprodbl01.blob.core.windows.net/applicationdefinitions/3B796_89EC4D1DDCC74A3FA7010A5D074C8505_C23112071DE9FC2E3E4374454CB6FD3501C91EFF/applicationResourceTemplate.json?sv=2017-04-17&sr=b&sig=mTUIEqk26phMFSzbhR6Ee4YR%2F6EFrZ5NTKM7j0pA1wo%3D&se=2118-06-13T23:01:52Z&sp=r"},{"name":"CreateUiDefinition","type":"Custom","uri":"https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002/applicationArtifacts/CreateUiDefinition?api-version=2017-09-01"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002","name":"testappdefname000002","type":"Microsoft.Solutions/applicationDefinitions","location":"eastus"}'}
- headers:
- cache-control: [no-cache]
- content-length: ['1309']
- content-type: [application/json; charset=utf-8]
- date: ['Wed, 13 Jun 2018 23:02:22 GMT']
- expires: ['-1']
- pragma: [no-cache]
- strict-transport-security: [max-age=31536000; includeSubDomains]
- transfer-encoding: [chunked]
- vary: ['Accept-Encoding,Accept-Encoding']
- x-content-type-options: [nosniff]
- status: {code: 200, message: OK}
+ body:
+ string: '{"properties":{"authorizations":[{"principalId":"5e91139a-c94b-462e-a6ff-1ee95e8aac07","roleDefinitionId":"8e3af657-a8ff-443c-a75c-2fe8c4bcb635"}],"isEnabled":true,"lockLevel":"None","displayName":"test_appdef000003","description":"test_appdef_123","artifacts":[{"name":"ApplicationResourceTemplate","type":"Template","uri":"https://prdsapplianceprodbl01.blob.core.windows.net/applicationdefinitions/92ACA_F67CC918F64F4C3FAA24A855465F9D41_DA545354A830C6BA1D0DF4D70733A9444EB2D789/c7edd05cb14c4fde9ad4b9247d13c072/applicationResourceTemplate.json"},{"name":"CreateUiDefinition","type":"Custom","uri":"https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002/applicationArtifacts/CreateUiDefinition?api-version=2017-09-01"},{"name":"MainTemplateParameters","type":"Custom","uri":"https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002/applicationArtifacts/MainTemplateParameters?api-version=2017-09-01"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002","name":"testappdefname000002","type":"Microsoft.Solutions/applicationDefinitions","location":"eastus"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1611'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 23:11:06 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
- request:
body: null
headers:
- Accept: [application/json]
- Accept-Encoding: ['gzip, deflate']
- CommandName: [managedapp definition list]
- Connection: [keep-alive]
- Content-Type: [application/json; charset=utf-8]
- User-Agent: [python/3.6.5 (Windows-10-10.0.16299-SP0) requests/2.18.4 msrest/0.4.29
- msrest_azure/0.4.31 azure-mgmt-resource/2017-09-01 Azure-SDK-For-Python
- AZURECLI/2.0.34]
- accept-language: [en-US]
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - managedapp definition list
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -g
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/2017-09-01 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions?api-version=2017-09-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions?api-version=2018-06-01
response:
- body: {string: '{"value":[{"properties":{"isEnabled":true,"lockLevel":"None","displayName":"test_appdef000003","description":"test_appdef_123","authorizations":[{"principalId":"5e91139a-c94b-462e-a6ff-1ee95e8aac07","roleDefinitionId":"8e3af657-a8ff-443c-a75c-2fe8c4bcb635"}],"artifacts":[{"name":"ApplicationResourceTemplate","type":"Template","uri":"https://prdsapplianceprodbl01.blob.core.windows.net/applicationdefinitions/3B796_89EC4D1DDCC74A3FA7010A5D074C8505_C23112071DE9FC2E3E4374454CB6FD3501C91EFF/applicationResourceTemplate.json?sv=2017-04-17&sr=b&sig=mTUIEqk26phMFSzbhR6Ee4YR%2F6EFrZ5NTKM7j0pA1wo%3D&se=2118-06-13T23:01:52Z&sp=r"},{"name":"CreateUiDefinition","type":"Custom","uri":"https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002/applicationArtifacts/CreateUiDefinition?api-version=2017-09-01"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002","name":"testappdefname000002","type":"Microsoft.Solutions/applicationDefinitions","location":"eastus"}]}'}
- headers:
- cache-control: [no-cache]
- content-length: ['1321']
- content-type: [application/json; charset=utf-8]
- date: ['Wed, 13 Jun 2018 23:02:23 GMT']
- expires: ['-1']
- pragma: [no-cache]
- strict-transport-security: [max-age=31536000; includeSubDomains]
- transfer-encoding: [chunked]
- vary: ['Accept-Encoding,Accept-Encoding']
- x-content-type-options: [nosniff]
- status: {code: 200, message: OK}
+ body:
+ string: '{"value":[{"properties":{"authorizations":[{"principalId":"5e91139a-c94b-462e-a6ff-1ee95e8aac07","roleDefinitionId":"8e3af657-a8ff-443c-a75c-2fe8c4bcb635"}],"isEnabled":true,"lockLevel":"None","displayName":"test_appdef000003","description":"test_appdef_123","artifacts":[{"name":"ApplicationResourceTemplate","type":"Template","uri":"https://prdsapplianceprodbl01.blob.core.windows.net/applicationdefinitions/92ACA_F67CC918F64F4C3FAA24A855465F9D41_DA545354A830C6BA1D0DF4D70733A9444EB2D789/c7edd05cb14c4fde9ad4b9247d13c072/applicationResourceTemplate.json"},{"name":"CreateUiDefinition","type":"Custom","uri":"https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002/applicationArtifacts/CreateUiDefinition?api-version=2017-09-01"},{"name":"MainTemplateParameters","type":"Custom","uri":"https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002/applicationArtifacts/MainTemplateParameters?api-version=2017-09-01"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002","name":"testappdefname000002","type":"Microsoft.Solutions/applicationDefinitions","location":"eastus"}]}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1623'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 23:11:08 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
- request:
body: null
headers:
- Accept: [application/json]
- Accept-Encoding: ['gzip, deflate']
- CommandName: [managedapp definition show]
- Connection: [keep-alive]
- Content-Type: [application/json; charset=utf-8]
- User-Agent: [python/3.6.5 (Windows-10-10.0.16299-SP0) requests/2.18.4 msrest/0.4.29
- msrest_azure/0.4.31 azure-mgmt-resource/2017-09-01 Azure-SDK-For-Python
- AZURECLI/2.0.34]
- accept-language: [en-US]
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - managedapp definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - --ids
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/2017-09-01 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002?api-version=2017-09-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002?api-version=2018-06-01
response:
- body: {string: '{"properties":{"isEnabled":true,"lockLevel":"None","displayName":"test_appdef000003","description":"test_appdef_123","authorizations":[{"principalId":"5e91139a-c94b-462e-a6ff-1ee95e8aac07","roleDefinitionId":"8e3af657-a8ff-443c-a75c-2fe8c4bcb635"}],"artifacts":[{"name":"ApplicationResourceTemplate","type":"Template","uri":"https://prdsapplianceprodbl01.blob.core.windows.net/applicationdefinitions/3B796_89EC4D1DDCC74A3FA7010A5D074C8505_C23112071DE9FC2E3E4374454CB6FD3501C91EFF/applicationResourceTemplate.json?sv=2017-04-17&sr=b&sig=mTUIEqk26phMFSzbhR6Ee4YR%2F6EFrZ5NTKM7j0pA1wo%3D&se=2118-06-13T23:01:52Z&sp=r"},{"name":"CreateUiDefinition","type":"Custom","uri":"https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002/applicationArtifacts/CreateUiDefinition?api-version=2017-09-01"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002","name":"testappdefname000002","type":"Microsoft.Solutions/applicationDefinitions","location":"eastus"}'}
- headers:
- cache-control: [no-cache]
- content-length: ['1309']
- content-type: [application/json; charset=utf-8]
- date: ['Wed, 13 Jun 2018 23:02:24 GMT']
- expires: ['-1']
- pragma: [no-cache]
- strict-transport-security: [max-age=31536000; includeSubDomains]
- transfer-encoding: [chunked]
- vary: ['Accept-Encoding,Accept-Encoding']
- x-content-type-options: [nosniff]
- status: {code: 200, message: OK}
+ body:
+ string: '{"properties":{"authorizations":[{"principalId":"5e91139a-c94b-462e-a6ff-1ee95e8aac07","roleDefinitionId":"8e3af657-a8ff-443c-a75c-2fe8c4bcb635"}],"isEnabled":true,"lockLevel":"None","displayName":"test_appdef000003","description":"test_appdef_123","artifacts":[{"name":"ApplicationResourceTemplate","type":"Template","uri":"https://prdsapplianceprodbl01.blob.core.windows.net/applicationdefinitions/92ACA_F67CC918F64F4C3FAA24A855465F9D41_DA545354A830C6BA1D0DF4D70733A9444EB2D789/c7edd05cb14c4fde9ad4b9247d13c072/applicationResourceTemplate.json"},{"name":"CreateUiDefinition","type":"Custom","uri":"https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002/applicationArtifacts/CreateUiDefinition?api-version=2017-09-01"},{"name":"MainTemplateParameters","type":"Custom","uri":"https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002/applicationArtifacts/MainTemplateParameters?api-version=2017-09-01"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002","name":"testappdefname000002","type":"Microsoft.Solutions/applicationDefinitions","location":"eastus"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1611'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 23:11:10 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
- request:
body: null
headers:
- Accept: [application/json]
- Accept-Encoding: ['gzip, deflate']
- CommandName: [managedapp definition delete]
- Connection: [keep-alive]
- Content-Length: ['0']
- Content-Type: [application/json; charset=utf-8]
- User-Agent: [python/3.6.5 (Windows-10-10.0.16299-SP0) requests/2.18.4 msrest/0.4.29
- msrest_azure/0.4.31 azure-mgmt-resource/2017-09-01 Azure-SDK-For-Python
- AZURECLI/2.0.34]
- accept-language: [en-US]
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - managedapp definition delete
+ Connection:
+ - keep-alive
+ Content-Length:
+ - '0'
+ ParameterSetName:
+ - -g -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/2017-09-01 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
method: DELETE
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002?api-version=2017-09-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002?api-version=2018-06-01
response:
- body: {string: ''}
- headers:
- cache-control: [no-cache]
- content-length: ['0']
- date: ['Wed, 13 Jun 2018 23:02:26 GMT']
- expires: ['-1']
- pragma: [no-cache]
- strict-transport-security: [max-age=31536000; includeSubDomains]
- x-content-type-options: [nosniff]
- x-ms-ratelimit-remaining-subscription-deletes: ['14999']
- status: {code: 200, message: OK}
+ body:
+ string: ''
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '0'
+ date:
+ - Fri, 06 Dec 2019 23:11:11 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ x-ms-ratelimit-remaining-subscription-deletes:
+ - '14999'
+ status:
+ code: 200
+ message: OK
- request:
body: null
headers:
- Accept: [application/json]
- Accept-Encoding: ['gzip, deflate']
- CommandName: [managedapp definition list]
- Connection: [keep-alive]
- Content-Type: [application/json; charset=utf-8]
- User-Agent: [python/3.6.5 (Windows-10-10.0.16299-SP0) requests/2.18.4 msrest/0.4.29
- msrest_azure/0.4.31 azure-mgmt-resource/2017-09-01 Azure-SDK-For-Python
- AZURECLI/2.0.34]
- accept-language: [en-US]
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - managedapp definition list
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -g
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/2017-09-01 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions?api-version=2017-09-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions?api-version=2018-06-01
response:
- body: {string: '{"value":[]}'}
- headers:
- cache-control: [no-cache]
- content-length: ['12']
- content-type: [application/json; charset=utf-8]
- date: ['Wed, 13 Jun 2018 23:02:26 GMT']
- expires: ['-1']
- pragma: [no-cache]
- strict-transport-security: [max-age=31536000; includeSubDomains]
- vary: [Accept-Encoding]
- x-content-type-options: [nosniff]
- status: {code: 200, message: OK}
-- request:
- body: null
- headers:
- Accept: [application/json]
- Accept-Encoding: ['gzip, deflate']
- CommandName: [group delete]
- Connection: [keep-alive]
- Content-Length: ['0']
- Content-Type: [application/json; charset=utf-8]
- User-Agent: [python/3.6.5 (Windows-10-10.0.16299-SP0) requests/2.18.4 msrest/0.4.29
- msrest_azure/0.4.31 resourcemanagementclient/2.0.0rc2 Azure-SDK-For-Python
- AZURECLI/2.0.34]
- accept-language: [en-US]
- method: DELETE
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest.rg000001?api-version=2019-07-01
- response:
- body: {string: ''}
- headers:
- cache-control: [no-cache]
- content-length: ['0']
- date: ['Wed, 13 Jun 2018 23:02:26 GMT']
- expires: ['-1']
- location: ['https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/operationresults/eyJqb2JJZCI6IlJFU09VUkNFR1JPVVBERUxFVElPTkpPQi1DTElURVNUOjJFUkdONUYyUERSTjdBV0RWUk9YTTJMRlZPTUJNRkhGUkFVRUdPSnxBQkI0ODVGRkMxNTBGNDc1LVdFU1RVUyIsImpvYkxvY2F0aW9uIjoid2VzdHVzIn0?api-version=2019-07-01']
- pragma: [no-cache]
- strict-transport-security: [max-age=31536000; includeSubDomains]
- x-content-type-options: [nosniff]
- x-ms-ratelimit-remaining-subscription-deletes: ['14999']
- status: {code: 202, message: Accepted}
+ body:
+ string: '{"value":[]}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '12'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 23:11:12 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
version: 1
diff --git a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_managedappdef_inline.yaml b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_managedappdef_inline.yaml
index b66d9a6fac4..d9f5083f019 100644
--- a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_managedappdef_inline.yaml
+++ b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_managedappdef_inline.yaml
@@ -1,327 +1,4446 @@
interactions:
- request:
- body: '{"location": "westus", "tags": {"product": "azurecli", "cause": "automation",
- "date": "2018-06-14T00:01:59Z"}}'
- headers:
- Accept: [application/json]
- Accept-Encoding: ['gzip, deflate']
- CommandName: [group create]
- Connection: [keep-alive]
- Content-Length: ['110']
- Content-Type: [application/json; charset=utf-8]
- User-Agent: [python/3.6.5 (Windows-10-10.0.16299-SP0) requests/2.18.4 msrest/0.4.29
- msrest_azure/0.4.31 resourcemanagementclient/2.0.0rc2 Azure-SDK-For-Python
- AZURECLI/2.0.34]
- accept-language: [en-US]
+ body: '{"location": "eastus", "properties": {"lockLevel": "None", "displayName":
+ "test_appdef000003", "authorizations": [{"principalId": "5e91139a-c94b-462e-a6ff-1ee95e8aac07",
+ "roleDefinitionId": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635"}], "description":
+ "test_appdef_123", "mainTemplate": "{\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\":
+ \"1.0.0.0\",\r\n \"parameters\": {\r\n \"adminUsername\": {\r\n \"type\":
+ \"string\",\r\n \"metadata\": {\r\n \"description\": \"User name
+ for the Virtual Machine.\"\r\n }\r\n },\r\n \"adminPassword\": {\r\n \"type\":
+ \"securestring\",\r\n \"metadata\": {\r\n \"description\": \"Password
+ for the Virtual Machine.\"\r\n }\r\n },\r\n \"dnsLabelPrefix\": {\r\n \"type\":
+ \"string\",\r\n \"metadata\": {\r\n \"description\": \"Unique DNS
+ Name for the Public IP used to access the Virtual Machine.\"\r\n }\r\n },\r\n \"ubuntuOSVersion\":
+ {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"16.04.0-LTS\",\r\n \"allowedValues\":
+ [\r\n \"12.04.5-LTS\",\r\n \"14.04.5-LTS\",\r\n \"15.10\",\r\n \"16.04.0-LTS\"\r\n ],\r\n \"metadata\":
+ {\r\n \"description\": \"The Ubuntu version for the VM. This will pick
+ a fully patched image of this given Ubuntu version.\"\r\n }\r\n }\r\n },\r\n \"variables\":
+ {\r\n \"storageAccountName\": \"[concat(uniquestring(resourceGroup().id),
+ ''salinuxvm'')]\",\r\n \"imagePublisher\": \"Canonical\",\r\n \"imageOffer\":
+ \"UbuntuServer\",\r\n \"nicName\": \"myVMNic\",\r\n \"addressPrefix\":
+ \"10.0.0.0/16\",\r\n \"subnetName\": \"Subnet\",\r\n \"subnetPrefix\":
+ \"10.0.0.0/24\",\r\n \"storageAccountType\": \"Standard_LRS\",\r\n \"publicIPAddressName\":
+ \"myPublicIP\",\r\n \"publicIPAddressType\": \"Dynamic\",\r\n \"vmName\":
+ \"MyUbuntuVM\",\r\n \"vmSize\": \"Standard_A1\",\r\n \"virtualNetworkName\":
+ \"MyVNET\",\r\n \"vnetID\": \"[resourceId(''Microsoft.Network/virtualNetworks'',variables(''virtualNetworkName''))]\",\r\n \"subnetRef\":
+ \"[concat(variables(''vnetID''),''/subnets/'',variables(''subnetName''))]\"\r\n },\r\n \"resources\":
+ [\r\n {\r\n \"type\": \"Microsoft.Storage/storageAccounts\",\r\n \"name\":
+ \"[variables(''storageAccountName'')]\",\r\n \"apiVersion\": \"2017-06-01\",\r\n \"location\":
+ \"westus\",\r\n \"sku\": {\r\n \"name\": \"[variables(''storageAccountType'')]\"\r\n },\r\n \"kind\":
+ \"Storage\",\r\n \"properties\": {}\r\n },\r\n {\r\n \"apiVersion\":
+ \"2017-04-01\",\r\n \"type\": \"Microsoft.Network/publicIPAddresses\",\r\n \"name\":
+ \"[variables(''publicIPAddressName'')]\",\r\n \"location\": \"westus\",\r\n \"properties\":
+ {\r\n \"publicIPAllocationMethod\": \"[variables(''publicIPAddressType'')]\",\r\n \"dnsSettings\":
+ {\r\n \"domainNameLabel\": \"[parameters(''dnsLabelPrefix'')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\":
+ \"2017-04-01\",\r\n \"type\": \"Microsoft.Network/virtualNetworks\",\r\n \"name\":
+ \"[variables(''virtualNetworkName'')]\",\r\n \"location\": \"westus\",\r\n \"properties\":
+ {\r\n \"addressSpace\": {\r\n \"addressPrefixes\": [\r\n \"[variables(''addressPrefix'')]\"\r\n ]\r\n },\r\n \"subnets\":
+ [\r\n {\r\n \"name\": \"[variables(''subnetName'')]\",\r\n \"properties\":
+ {\r\n \"addressPrefix\": \"[variables(''subnetPrefix'')]\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\":
+ \"2017-04-01\",\r\n \"type\": \"Microsoft.Network/networkInterfaces\",\r\n \"name\":
+ \"[variables(''nicName'')]\",\r\n \"location\": \"westus\",\r\n \"dependsOn\":
+ [\r\n \"[resourceId(''Microsoft.Network/publicIPAddresses/'', variables(''publicIPAddressName''))]\",\r\n \"[resourceId(''Microsoft.Network/virtualNetworks/'',
+ variables(''virtualNetworkName''))]\"\r\n ],\r\n \"properties\": {\r\n \"ipConfigurations\":
+ [\r\n {\r\n \"name\": \"ipconfig1\",\r\n \"properties\":
+ {\r\n \"privateIPAllocationMethod\": \"Dynamic\",\r\n \"publicIPAddress\":
+ {\r\n \"id\": \"[resourceId(''Microsoft.Network/publicIPAddresses'',variables(''publicIPAddressName''))]\"\r\n },\r\n \"subnet\":
+ {\r\n \"id\": \"[variables(''subnetRef'')]\"\r\n }\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\":
+ \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"name\":
+ \"[variables(''vmName'')]\",\r\n \"location\": \"westus\",\r\n \"dependsOn\":
+ [\r\n \"[resourceId(''Microsoft.Storage/storageAccounts/'', variables(''storageAccountName''))]\",\r\n \"[resourceId(''Microsoft.Network/networkInterfaces/'',
+ variables(''nicName''))]\"\r\n ],\r\n \"properties\": {\r\n \"hardwareProfile\":
+ {\r\n \"vmSize\": \"[variables(''vmSize'')]\"\r\n },\r\n \"osProfile\":
+ {\r\n \"computerName\": \"[variables(''vmName'')]\",\r\n \"adminUsername\":
+ \"[parameters(''adminUsername'')]\",\r\n \"adminPassword\": \"[parameters(''adminPassword'')]\"\r\n },\r\n \"storageProfile\":
+ {\r\n \"imageReference\": {\r\n \"publisher\": \"[variables(''imagePublisher'')]\",\r\n \"offer\":
+ \"[variables(''imageOffer'')]\",\r\n \"sku\": \"[parameters(''ubuntuOSVersion'')]\",\r\n \"version\":
+ \"latest\"\r\n },\r\n \"osDisk\": {\r\n \"createOption\":
+ \"FromImage\"\r\n },\r\n \"dataDisks\": [\r\n {\r\n \"diskSizeGB\":
+ \"1023\",\r\n \"lun\": 0,\r\n \"createOption\": \"Empty\"\r\n }\r\n ]\r\n },\r\n \"networkProfile\":
+ {\r\n \"networkInterfaces\": [\r\n {\r\n \"id\":
+ \"[resourceId(''Microsoft.Network/networkInterfaces'',variables(''nicName''))]\"\r\n }\r\n ]\r\n },\r\n \"diagnosticsProfile\":
+ {\r\n \"bootDiagnostics\": {\r\n \"enabled\": \"true\",\r\n \"storageUri\":
+ \"[concat(reference(concat(''Microsoft.Storage/storageAccounts/'', variables(''storageAccountName'')),
+ ''2016-01-01'').primaryEndpoints.blob)]\"\r\n }\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\":
+ {\r\n \"hostname\": {\r\n \"type\": \"string\",\r\n \"value\":
+ \"[reference(variables(''publicIPAddressName'')).dnsSettings.fqdn]\"\r\n },\r\n \"sshCommand\":
+ {\r\n \"type\": \"string\",\r\n \"value\": \"[concat(''ssh '', parameters(''adminUsername''),
+ ''@'', reference(variables(''publicIPAddressName'')).dnsSettings.fqdn)]\"\r\n }\r\n }\r\n}",
+ "createUiDefinition": "{\r\n \"$schema\": \"https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#\",\r\n \"handler\":
+ \"Microsoft.Compute.MultiVm\",\r\n \"version\": \"0.1.2-preview\",\r\n \"parameters\":
+ {\r\n \"basics\": [\r\n {\r\n \"name\": \"adminUsername\",\r\n \"type\":
+ \"Microsoft.Compute.UserNameTextBox\",\r\n \"label\": \"Admin
+ Username\",\r\n \"toolTip\": \"Admin user name for the virtual
+ machine\",\r\n \"osPlatform\": \"Linux\"\r\n },\r\n {\r\n \"name\":
+ \"adminPassword\",\r\n \"type\": \"Microsoft.Common.PasswordBox\",\r\n \"label\":
+ {\r\n \"password\": \"Admin Password\",\r\n \"confirmPassword\":
+ \"Confirm password\"\r\n },\r\n \"toolTip\": \"Admin
+ password for the virtual machine\",\r\n \"constraints\": {\r\n \"required\":
+ true,\r\n \"regex\": \"^(?:(?=.*[a-z])(?:(?=.*[A-Z])(?=.*[\\\\d\\\\W])|(?=.*\\\\W)(?=.*\\\\d))|(?=.*\\\\W)(?=.*[A-Z])(?=.*\\\\d)).{6,72}$\",\r\n \"validationMessage\":
+ \"The password must be between 6 and 72 characters long, and contain characters
+ from at least 3 of the following groups: uppercase characters, lowercase characters,
+ numbers, and special characters.\"\r\n },\r\n \"options\":
+ {\r\n \"hideConfirmation\": false\r\n }\r\n }\r\n ],\r\n \"steps\":
+ [\r\n {\r\n \"name\": \"ipConfig\",\r\n \"label\":
+ \"IP Config\",\r\n \"subLabel\": {\r\n \"preValidation\":
+ \"Configure the public IP address\",\r\n \"postValidation\":
+ \"Done\"\r\n },\r\n \"bladeTitle\": \"IP Settings\",\r\n \"elements\":
+ [\r\n {\r\n \"name\": \"ipCombo\",\r\n \"type\":
+ \"Microsoft.Network.PublicIpAddressCombo\",\r\n \"label\":
+ {\r\n \"publicIpAddress\": \"Public IP address\",\r\n \"domainNameLabel\":
+ \"Domain name label\"\r\n },\r\n \"toolTip\":
+ {\r\n \"publicIpAddress\": \"\",\r\n \"domainNameLabel\":
+ \"\"\r\n },\r\n \"defaultValue\":
+ {\r\n \"publicIpAddressName\": \"myPublicIP\"\r\n },\r\n \"constraints\":
+ {\r\n \"required\": {\r\n \"domainNameLabel\":
+ true\r\n }\r\n },\r\n \"options\":
+ {\r\n \"hideNone\": true,\r\n \"hideDomainNameLabel\":
+ false,\r\n \"hideExisting\": true\r\n },\r\n \"visible\":
+ true\r\n }\r\n ]\r\n }\r\n ],\r\n \"outputs\":
+ {\r\n \"adminUsername\": \"[basics(''adminUsername'')]\",\r\n \"adminPassword\":
+ \"[basics(''adminPassword'')]\",\r\n \"dnsLabelPrefix\": \"[steps(''ipConfig'').ipCombo.domainNameLabel]\",\r\n \"applianceResourceNameForMainTemplate\":
+ \"testappname\"\r\n }\r\n }\r\n}"}}'
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - managedapp definition create
+ Connection:
+ - keep-alive
+ Content-Length:
+ - '10713'
+ Content-Type:
+ - application/json; charset=utf-8
+ ParameterSetName:
+ - -n --create-ui-definition --main-template --display-name --description -l
+ -a --lock-level -g
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/2017-09-01 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
method: PUT
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest.rg000001?api-version=2019-07-01
- response:
- body: {string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001","name":"clitest.rg000001","location":"westus","tags":{"product":"azurecli","cause":"automation","date":"2018-06-14T00:01:59Z"},"properties":{"provisioningState":"Succeeded"}}'}
- headers:
- cache-control: [no-cache]
- content-length: ['384']
- content-type: [application/json; charset=utf-8]
- date: ['Thu, 14 Jun 2018 00:02:00 GMT']
- expires: ['-1']
- pragma: [no-cache]
- strict-transport-security: [max-age=31536000; includeSubDomains]
- x-content-type-options: [nosniff]
- x-ms-ratelimit-remaining-subscription-writes: ['1199']
- status: {code: 201, message: Created}
-- request:
- body: 'b''{"location": "eastus", "properties": {"lockLevel": "None", "displayName":
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002?api-version=2018-06-01
+ response:
+ body:
+ string: '{"error":{"code":"MissingSubscriptionRegistration","message":"The subscription
+ is not registered to use namespace ''Microsoft.Solutions''. See https://aka.ms/rps-not-found
+ for how to register subscriptions.","details":[{"code":"MissingSubscriptionRegistration","target":"Microsoft.Solutions","message":"The
+ subscription is not registered to use namespace ''Microsoft.Solutions''. See
+ https://aka.ms/rps-not-found for how to register subscriptions."}]}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '448'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:02:41 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ x-ms-failure-cause:
+ - gateway
+ status:
+ code: 409
+ message: Conflict
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ Content-Length:
+ - '0'
+ User-Agent:
+ - python-requests/2.22.0
+ method: POST
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions/register?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:02:42 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ x-ms-ratelimit-remaining-subscription-writes:
+ - '1199'
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:02:52 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:03:02 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:03:11 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:03:21 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:03:32 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:03:42 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:03:52 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:04:02 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:04:12 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:04:22 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:04:32 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:04:42 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:04:53 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:05:03 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:05:13 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:05:23 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:05:33 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:05:43 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:05:53 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:06:03 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:06:13 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:06:23 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:06:33 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:06:43 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:06:54 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:07:04 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:07:14 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:07:24 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:07:34 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:07:44 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:07:54 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:08:04 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:08:14 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:08:24 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:08:34 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:08:44 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:08:54 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:04 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:14 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:24 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:34 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:44 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:55 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:05 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:15 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:25 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:35 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:45 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:55 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:05 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:15 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:25 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:36 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:46 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:56 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:12:06 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:12:16 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:12:26 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:12:36 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registering"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3333'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:12:46 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - '*/*'
+ Accept-Encoding:
+ - gzip, deflate
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python-requests/2.22.0
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions?api-version=2016-02-01
+ response:
+ body:
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Solutions","namespace":"Microsoft.Solutions","authorization":{"applicationId":"ba4bc2bd-843f-4d61-9d33-199178eae34e","roleDefinitionId":"6cb99a0b-29a8-49bc-b57b-057acc68cd9a","managedByRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635","managedByAuthorization":{"managedByResourceRoleDefinitionId":"9e3af657-a8ff-583c-a75c-2fe7c4bcb635"}},"resourceTypes":[{"resourceType":"applications","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"SystemAssignedResourceIdentity"},{"resourceType":"applicationDefinitions","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"],"capabilities":"None"},{"resourceType":"locations","locations":["West
+ Central US"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"jitRequests","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview"],"capabilities":"None"},{"resourceType":"locations/operationstatuses","locations":["South
+ Central US","North Central US","West Central US","West US","West US 2","East
+ US","East US 2","Central US","West Europe","North Europe","East Asia","Southeast
+ Asia","Brazil South","Japan West","Japan East","Australia East","Australia
+ Southeast","South India","West India","Central India","Canada Central","Canada
+ East","UK South","UK West","Korea Central","Korea South","France Central","Australia
+ Central","UAE North","South Africa North"],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01","2016-09-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2019-07-01","2018-09-01-preview","2018-06-01","2018-03-01","2018-02-01","2017-12-01","2017-09-01"]}],"registrationState":"Registered"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3332'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:12:55 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: '{"location": "eastus", "properties": {"lockLevel": "None", "displayName":
"test_appdef000003", "authorizations": [{"principalId": "5e91139a-c94b-462e-a6ff-1ee95e8aac07",
"roleDefinitionId": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635"}], "description":
- "test_appdef_123", "mainTemplate": "{\\r\\n \\"$schema\\": \\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\\",\\r\\n \\"contentVersion\\":
- \\"1.0.0.0\\",\\r\\n \\"parameters\\": {\\r\\n \\"adminUsername\\": {\\r\\n \\"type\\":
- \\"string\\",\\r\\n \\"metadata\\": {\\r\\n \\"description\\": \\"User
- name for the Virtual Machine.\\"\\r\\n }\\r\\n },\\r\\n \\"adminPassword\\":
- {\\r\\n \\"type\\": \\"securestring\\",\\r\\n \\"metadata\\": {\\r\\n \\"description\\":
- \\"Password for the Virtual Machine.\\"\\r\\n }\\r\\n },\\r\\n \\"dnsLabelPrefix\\":
- {\\r\\n \\"type\\": \\"string\\",\\r\\n \\"metadata\\": {\\r\\n \\"description\\":
- \\"Unique DNS Name for the Public IP used to access the Virtual Machine.\\"\\r\\n }\\r\\n },\\r\\n \\"ubuntuOSVersion\\":
- {\\r\\n \\"type\\": \\"string\\",\\r\\n \\"defaultValue\\": \\"16.04.0-LTS\\",\\r\\n \\"allowedValues\\":
- [\\r\\n \\"12.04.5-LTS\\",\\r\\n \\"14.04.5-LTS\\",\\r\\n \\"15.10\\",\\r\\n \\"16.04.0-LTS\\"\\r\\n ],\\r\\n \\"metadata\\":
- {\\r\\n \\"description\\": \\"The Ubuntu version for the VM. This will
- pick a fully patched image of this given Ubuntu version.\\"\\r\\n }\\r\\n }\\r\\n },\\r\\n \\"variables\\":
- {\\r\\n \\"storageAccountName\\": \\"[concat(uniquestring(resourceGroup().id),
- \''salinuxvm\'')]\\",\\r\\n \\"imagePublisher\\": \\"Canonical\\",\\r\\n \\"imageOffer\\":
- \\"UbuntuServer\\",\\r\\n \\"nicName\\": \\"myVMNic\\",\\r\\n \\"addressPrefix\\":
- \\"10.0.0.0/16\\",\\r\\n \\"subnetName\\": \\"Subnet\\",\\r\\n \\"subnetPrefix\\":
- \\"10.0.0.0/24\\",\\r\\n \\"storageAccountType\\": \\"Standard_LRS\\",\\r\\n \\"publicIPAddressName\\":
- \\"myPublicIP\\",\\r\\n \\"publicIPAddressType\\": \\"Dynamic\\",\\r\\n \\"vmName\\":
- \\"MyUbuntuVM\\",\\r\\n \\"vmSize\\": \\"Standard_A1\\",\\r\\n \\"virtualNetworkName\\":
- \\"MyVNET\\",\\r\\n \\"vnetID\\": \\"[resourceId(\''Microsoft.Network/virtualNetworks\'',variables(\''virtualNetworkName\''))]\\",\\r\\n \\"subnetRef\\":
- \\"[concat(variables(\''vnetID\''),\''/subnets/\'',variables(\''subnetName\''))]\\"\\r\\n },\\r\\n \\"resources\\":
- [\\r\\n {\\r\\n \\"type\\": \\"Microsoft.Storage/storageAccounts\\",\\r\\n \\"name\\":
- \\"[variables(\''storageAccountName\'')]\\",\\r\\n \\"apiVersion\\": \\"2017-06-01\\",\\r\\n \\"location\\":
- \\"westus\\",\\r\\n \\"sku\\": {\\r\\n \\"name\\": \\"[variables(\''storageAccountType\'')]\\"\\r\\n },\\r\\n \\"kind\\":
- \\"Storage\\",\\r\\n \\"properties\\": {}\\r\\n },\\r\\n {\\r\\n \\"apiVersion\\":
- \\"2017-04-01\\",\\r\\n \\"type\\": \\"Microsoft.Network/publicIPAddresses\\",\\r\\n \\"name\\":
- \\"[variables(\''publicIPAddressName\'')]\\",\\r\\n \\"location\\": \\"westus\\",\\r\\n \\"properties\\":
- {\\r\\n \\"publicIPAllocationMethod\\": \\"[variables(\''publicIPAddressType\'')]\\",\\r\\n \\"dnsSettings\\":
- {\\r\\n \\"domainNameLabel\\": \\"[parameters(\''dnsLabelPrefix\'')]\\"\\r\\n }\\r\\n }\\r\\n },\\r\\n {\\r\\n \\"apiVersion\\":
- \\"2017-04-01\\",\\r\\n \\"type\\": \\"Microsoft.Network/virtualNetworks\\",\\r\\n \\"name\\":
- \\"[variables(\''virtualNetworkName\'')]\\",\\r\\n \\"location\\": \\"westus\\",\\r\\n \\"properties\\":
- {\\r\\n \\"addressSpace\\": {\\r\\n \\"addressPrefixes\\": [\\r\\n \\"[variables(\''addressPrefix\'')]\\"\\r\\n ]\\r\\n },\\r\\n \\"subnets\\":
- [\\r\\n {\\r\\n \\"name\\": \\"[variables(\''subnetName\'')]\\",\\r\\n \\"properties\\":
- {\\r\\n \\"addressPrefix\\": \\"[variables(\''subnetPrefix\'')]\\"\\r\\n }\\r\\n }\\r\\n ]\\r\\n }\\r\\n },\\r\\n {\\r\\n \\"apiVersion\\":
- \\"2017-04-01\\",\\r\\n \\"type\\": \\"Microsoft.Network/networkInterfaces\\",\\r\\n \\"name\\":
- \\"[variables(\''nicName\'')]\\",\\r\\n \\"location\\": \\"westus\\",\\r\\n \\"dependsOn\\":
- [\\r\\n \\"[resourceId(\''Microsoft.Network/publicIPAddresses/\'', variables(\''publicIPAddressName\''))]\\",\\r\\n \\"[resourceId(\''Microsoft.Network/virtualNetworks/\'',
- variables(\''virtualNetworkName\''))]\\"\\r\\n ],\\r\\n \\"properties\\":
- {\\r\\n \\"ipConfigurations\\": [\\r\\n {\\r\\n \\"name\\":
- \\"ipconfig1\\",\\r\\n \\"properties\\": {\\r\\n \\"privateIPAllocationMethod\\":
- \\"Dynamic\\",\\r\\n \\"publicIPAddress\\": {\\r\\n \\"id\\":
- \\"[resourceId(\''Microsoft.Network/publicIPAddresses\'',variables(\''publicIPAddressName\''))]\\"\\r\\n },\\r\\n \\"subnet\\":
- {\\r\\n \\"id\\": \\"[variables(\''subnetRef\'')]\\"\\r\\n }\\r\\n }\\r\\n }\\r\\n ]\\r\\n }\\r\\n },\\r\\n {\\r\\n \\"apiVersion\\":
- \\"2017-03-30\\",\\r\\n \\"type\\": \\"Microsoft.Compute/virtualMachines\\",\\r\\n \\"name\\":
- \\"[variables(\''vmName\'')]\\",\\r\\n \\"location\\": \\"westus\\",\\r\\n \\"dependsOn\\":
- [\\r\\n \\"[resourceId(\''Microsoft.Storage/storageAccounts/\'', variables(\''storageAccountName\''))]\\",\\r\\n \\"[resourceId(\''Microsoft.Network/networkInterfaces/\'',
- variables(\''nicName\''))]\\"\\r\\n ],\\r\\n \\"properties\\": {\\r\\n \\"hardwareProfile\\":
- {\\r\\n \\"vmSize\\": \\"[variables(\''vmSize\'')]\\"\\r\\n },\\r\\n \\"osProfile\\":
- {\\r\\n \\"computerName\\": \\"[variables(\''vmName\'')]\\",\\r\\n \\"adminUsername\\":
- \\"[parameters(\''adminUsername\'')]\\",\\r\\n \\"adminPassword\\":
- \\"[parameters(\''adminPassword\'')]\\"\\r\\n },\\r\\n \\"storageProfile\\":
- {\\r\\n \\"imageReference\\": {\\r\\n \\"publisher\\": \\"[variables(\''imagePublisher\'')]\\",\\r\\n \\"offer\\":
- \\"[variables(\''imageOffer\'')]\\",\\r\\n \\"sku\\": \\"[parameters(\''ubuntuOSVersion\'')]\\",\\r\\n \\"version\\":
- \\"latest\\"\\r\\n },\\r\\n \\"osDisk\\": {\\r\\n \\"createOption\\":
- \\"FromImage\\"\\r\\n },\\r\\n \\"dataDisks\\": [\\r\\n {\\r\\n \\"diskSizeGB\\":
- \\"1023\\",\\r\\n \\"lun\\": 0,\\r\\n \\"createOption\\":
- \\"Empty\\"\\r\\n }\\r\\n ]\\r\\n },\\r\\n \\"networkProfile\\":
- {\\r\\n \\"networkInterfaces\\": [\\r\\n {\\r\\n \\"id\\":
- \\"[resourceId(\''Microsoft.Network/networkInterfaces\'',variables(\''nicName\''))]\\"\\r\\n }\\r\\n ]\\r\\n },\\r\\n \\"diagnosticsProfile\\":
- {\\r\\n \\"bootDiagnostics\\": {\\r\\n \\"enabled\\": \\"true\\",\\r\\n \\"storageUri\\":
- \\"[concat(reference(concat(\''Microsoft.Storage/storageAccounts/\'', variables(\''storageAccountName\'')),
- \''2016-01-01\'').primaryEndpoints.blob)]\\"\\r\\n }\\r\\n }\\r\\n }\\r\\n }\\r\\n ],\\r\\n \\"outputs\\":
- {\\r\\n \\"hostname\\": {\\r\\n \\"type\\": \\"string\\",\\r\\n \\"value\\":
- \\"[reference(variables(\''publicIPAddressName\'')).dnsSettings.fqdn]\\"\\r\\n },\\r\\n \\"sshCommand\\":
- {\\r\\n \\"type\\": \\"string\\",\\r\\n \\"value\\": \\"[concat(\''ssh
- \'', parameters(\''adminUsername\''), \''@\'', reference(variables(\''publicIPAddressName\'')).dnsSettings.fqdn)]\\"\\r\\n }\\r\\n }\\r\\n}",
- "createUiDefinition": "{\\r\\n \\"$schema\\": \\"https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#\\",\\r\\n \\"handler\\":
- \\"Microsoft.Compute.MultiVm\\",\\r\\n \\"version\\": \\"0.1.2-preview\\",\\r\\n \\"parameters\\":
- {\\r\\n \\"basics\\": [\\r\\n {\\r\\n \\"name\\":
- \\"adminUsername\\",\\r\\n \\"type\\": \\"Microsoft.Compute.UserNameTextBox\\",\\r\\n \\"label\\":
- \\"Admin Username\\",\\r\\n \\"toolTip\\": \\"Admin user name
- for the virtual machine\\",\\r\\n \\"osPlatform\\": \\"Linux\\"\\r\\n },\\r\\n {\\r\\n \\"name\\":
- \\"adminPassword\\",\\r\\n \\"type\\": \\"Microsoft.Common.PasswordBox\\",\\r\\n \\"label\\":
- {\\r\\n \\"password\\": \\"Admin Password\\",\\r\\n \\"confirmPassword\\":
- \\"Confirm password\\"\\r\\n },\\r\\n \\"toolTip\\":
- \\"Admin password for the virtual machine\\",\\r\\n \\"constraints\\":
- {\\r\\n \\"required\\": true,\\r\\n \\"regex\\":
- \\"^(?:(?=.*[a-z])(?:(?=.*[A-Z])(?=.*[\\\\\\\\d\\\\\\\\W])|(?=.*\\\\\\\\W)(?=.*\\\\\\\\d))|(?=.*\\\\\\\\W)(?=.*[A-Z])(?=.*\\\\\\\\d)).{6,72}$\\",\\r\\n \\"validationMessage\\":
- \\"The password must be between 6 and 72 characters long, and contain characters
+ "test_appdef_123", "mainTemplate": "{\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\":
+ \"1.0.0.0\",\r\n \"parameters\": {\r\n \"adminUsername\": {\r\n \"type\":
+ \"string\",\r\n \"metadata\": {\r\n \"description\": \"User name
+ for the Virtual Machine.\"\r\n }\r\n },\r\n \"adminPassword\": {\r\n \"type\":
+ \"securestring\",\r\n \"metadata\": {\r\n \"description\": \"Password
+ for the Virtual Machine.\"\r\n }\r\n },\r\n \"dnsLabelPrefix\": {\r\n \"type\":
+ \"string\",\r\n \"metadata\": {\r\n \"description\": \"Unique DNS
+ Name for the Public IP used to access the Virtual Machine.\"\r\n }\r\n },\r\n \"ubuntuOSVersion\":
+ {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"16.04.0-LTS\",\r\n \"allowedValues\":
+ [\r\n \"12.04.5-LTS\",\r\n \"14.04.5-LTS\",\r\n \"15.10\",\r\n \"16.04.0-LTS\"\r\n ],\r\n \"metadata\":
+ {\r\n \"description\": \"The Ubuntu version for the VM. This will pick
+ a fully patched image of this given Ubuntu version.\"\r\n }\r\n }\r\n },\r\n \"variables\":
+ {\r\n \"storageAccountName\": \"[concat(uniquestring(resourceGroup().id),
+ ''salinuxvm'')]\",\r\n \"imagePublisher\": \"Canonical\",\r\n \"imageOffer\":
+ \"UbuntuServer\",\r\n \"nicName\": \"myVMNic\",\r\n \"addressPrefix\":
+ \"10.0.0.0/16\",\r\n \"subnetName\": \"Subnet\",\r\n \"subnetPrefix\":
+ \"10.0.0.0/24\",\r\n \"storageAccountType\": \"Standard_LRS\",\r\n \"publicIPAddressName\":
+ \"myPublicIP\",\r\n \"publicIPAddressType\": \"Dynamic\",\r\n \"vmName\":
+ \"MyUbuntuVM\",\r\n \"vmSize\": \"Standard_A1\",\r\n \"virtualNetworkName\":
+ \"MyVNET\",\r\n \"vnetID\": \"[resourceId(''Microsoft.Network/virtualNetworks'',variables(''virtualNetworkName''))]\",\r\n \"subnetRef\":
+ \"[concat(variables(''vnetID''),''/subnets/'',variables(''subnetName''))]\"\r\n },\r\n \"resources\":
+ [\r\n {\r\n \"type\": \"Microsoft.Storage/storageAccounts\",\r\n \"name\":
+ \"[variables(''storageAccountName'')]\",\r\n \"apiVersion\": \"2017-06-01\",\r\n \"location\":
+ \"westus\",\r\n \"sku\": {\r\n \"name\": \"[variables(''storageAccountType'')]\"\r\n },\r\n \"kind\":
+ \"Storage\",\r\n \"properties\": {}\r\n },\r\n {\r\n \"apiVersion\":
+ \"2017-04-01\",\r\n \"type\": \"Microsoft.Network/publicIPAddresses\",\r\n \"name\":
+ \"[variables(''publicIPAddressName'')]\",\r\n \"location\": \"westus\",\r\n \"properties\":
+ {\r\n \"publicIPAllocationMethod\": \"[variables(''publicIPAddressType'')]\",\r\n \"dnsSettings\":
+ {\r\n \"domainNameLabel\": \"[parameters(''dnsLabelPrefix'')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\":
+ \"2017-04-01\",\r\n \"type\": \"Microsoft.Network/virtualNetworks\",\r\n \"name\":
+ \"[variables(''virtualNetworkName'')]\",\r\n \"location\": \"westus\",\r\n \"properties\":
+ {\r\n \"addressSpace\": {\r\n \"addressPrefixes\": [\r\n \"[variables(''addressPrefix'')]\"\r\n ]\r\n },\r\n \"subnets\":
+ [\r\n {\r\n \"name\": \"[variables(''subnetName'')]\",\r\n \"properties\":
+ {\r\n \"addressPrefix\": \"[variables(''subnetPrefix'')]\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\":
+ \"2017-04-01\",\r\n \"type\": \"Microsoft.Network/networkInterfaces\",\r\n \"name\":
+ \"[variables(''nicName'')]\",\r\n \"location\": \"westus\",\r\n \"dependsOn\":
+ [\r\n \"[resourceId(''Microsoft.Network/publicIPAddresses/'', variables(''publicIPAddressName''))]\",\r\n \"[resourceId(''Microsoft.Network/virtualNetworks/'',
+ variables(''virtualNetworkName''))]\"\r\n ],\r\n \"properties\": {\r\n \"ipConfigurations\":
+ [\r\n {\r\n \"name\": \"ipconfig1\",\r\n \"properties\":
+ {\r\n \"privateIPAllocationMethod\": \"Dynamic\",\r\n \"publicIPAddress\":
+ {\r\n \"id\": \"[resourceId(''Microsoft.Network/publicIPAddresses'',variables(''publicIPAddressName''))]\"\r\n },\r\n \"subnet\":
+ {\r\n \"id\": \"[variables(''subnetRef'')]\"\r\n }\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\":
+ \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"name\":
+ \"[variables(''vmName'')]\",\r\n \"location\": \"westus\",\r\n \"dependsOn\":
+ [\r\n \"[resourceId(''Microsoft.Storage/storageAccounts/'', variables(''storageAccountName''))]\",\r\n \"[resourceId(''Microsoft.Network/networkInterfaces/'',
+ variables(''nicName''))]\"\r\n ],\r\n \"properties\": {\r\n \"hardwareProfile\":
+ {\r\n \"vmSize\": \"[variables(''vmSize'')]\"\r\n },\r\n \"osProfile\":
+ {\r\n \"computerName\": \"[variables(''vmName'')]\",\r\n \"adminUsername\":
+ \"[parameters(''adminUsername'')]\",\r\n \"adminPassword\": \"[parameters(''adminPassword'')]\"\r\n },\r\n \"storageProfile\":
+ {\r\n \"imageReference\": {\r\n \"publisher\": \"[variables(''imagePublisher'')]\",\r\n \"offer\":
+ \"[variables(''imageOffer'')]\",\r\n \"sku\": \"[parameters(''ubuntuOSVersion'')]\",\r\n \"version\":
+ \"latest\"\r\n },\r\n \"osDisk\": {\r\n \"createOption\":
+ \"FromImage\"\r\n },\r\n \"dataDisks\": [\r\n {\r\n \"diskSizeGB\":
+ \"1023\",\r\n \"lun\": 0,\r\n \"createOption\": \"Empty\"\r\n }\r\n ]\r\n },\r\n \"networkProfile\":
+ {\r\n \"networkInterfaces\": [\r\n {\r\n \"id\":
+ \"[resourceId(''Microsoft.Network/networkInterfaces'',variables(''nicName''))]\"\r\n }\r\n ]\r\n },\r\n \"diagnosticsProfile\":
+ {\r\n \"bootDiagnostics\": {\r\n \"enabled\": \"true\",\r\n \"storageUri\":
+ \"[concat(reference(concat(''Microsoft.Storage/storageAccounts/'', variables(''storageAccountName'')),
+ ''2016-01-01'').primaryEndpoints.blob)]\"\r\n }\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\":
+ {\r\n \"hostname\": {\r\n \"type\": \"string\",\r\n \"value\":
+ \"[reference(variables(''publicIPAddressName'')).dnsSettings.fqdn]\"\r\n },\r\n \"sshCommand\":
+ {\r\n \"type\": \"string\",\r\n \"value\": \"[concat(''ssh '', parameters(''adminUsername''),
+ ''@'', reference(variables(''publicIPAddressName'')).dnsSettings.fqdn)]\"\r\n }\r\n }\r\n}",
+ "createUiDefinition": "{\r\n \"$schema\": \"https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#\",\r\n \"handler\":
+ \"Microsoft.Compute.MultiVm\",\r\n \"version\": \"0.1.2-preview\",\r\n \"parameters\":
+ {\r\n \"basics\": [\r\n {\r\n \"name\": \"adminUsername\",\r\n \"type\":
+ \"Microsoft.Compute.UserNameTextBox\",\r\n \"label\": \"Admin
+ Username\",\r\n \"toolTip\": \"Admin user name for the virtual
+ machine\",\r\n \"osPlatform\": \"Linux\"\r\n },\r\n {\r\n \"name\":
+ \"adminPassword\",\r\n \"type\": \"Microsoft.Common.PasswordBox\",\r\n \"label\":
+ {\r\n \"password\": \"Admin Password\",\r\n \"confirmPassword\":
+ \"Confirm password\"\r\n },\r\n \"toolTip\": \"Admin
+ password for the virtual machine\",\r\n \"constraints\": {\r\n \"required\":
+ true,\r\n \"regex\": \"^(?:(?=.*[a-z])(?:(?=.*[A-Z])(?=.*[\\\\d\\\\W])|(?=.*\\\\W)(?=.*\\\\d))|(?=.*\\\\W)(?=.*[A-Z])(?=.*\\\\d)).{6,72}$\",\r\n \"validationMessage\":
+ \"The password must be between 6 and 72 characters long, and contain characters
from at least 3 of the following groups: uppercase characters, lowercase characters,
- numbers, and special characters.\\"\\r\\n },\\r\\n \\"options\\":
- {\\r\\n \\"hideConfirmation\\": false\\r\\n }\\r\\n }\\r\\n ],\\r\\n \\"steps\\":
- [\\r\\n {\\r\\n \\"name\\": \\"ipConfig\\",\\r\\n \\"label\\":
- \\"IP Config\\",\\r\\n \\"subLabel\\": {\\r\\n \\"preValidation\\":
- \\"Configure the public IP address\\",\\r\\n \\"postValidation\\":
- \\"Done\\"\\r\\n },\\r\\n \\"bladeTitle\\": \\"IP
- Settings\\",\\r\\n \\"elements\\": [\\r\\n {\\r\\n \\"name\\":
- \\"ipCombo\\",\\r\\n \\"type\\": \\"Microsoft.Network.PublicIpAddressCombo\\",\\r\\n \\"label\\":
- {\\r\\n \\"publicIpAddress\\": \\"Public IP address\\",\\r\\n \\"domainNameLabel\\":
- \\"Domain name label\\"\\r\\n },\\r\\n \\"toolTip\\":
- {\\r\\n \\"publicIpAddress\\": \\"\\",\\r\\n \\"domainNameLabel\\":
- \\"\\"\\r\\n },\\r\\n \\"defaultValue\\":
- {\\r\\n \\"publicIpAddressName\\": \\"myPublicIP\\"\\r\\n },\\r\\n \\"constraints\\":
- {\\r\\n \\"required\\": {\\r\\n \\"domainNameLabel\\":
- true\\r\\n }\\r\\n },\\r\\n \\"options\\":
- {\\r\\n \\"hideNone\\": true,\\r\\n \\"hideDomainNameLabel\\":
- false,\\r\\n \\"hideExisting\\": true\\r\\n },\\r\\n \\"visible\\":
- true\\r\\n }\\r\\n ]\\r\\n }\\r\\n ],\\r\\n \\"outputs\\":
- {\\r\\n \\"adminUsername\\": \\"[basics(\''adminUsername\'')]\\",\\r\\n \\"adminPassword\\":
- \\"[basics(\''adminPassword\'')]\\",\\r\\n \\"dnsLabelPrefix\\":
- \\"[steps(\''ipConfig\'').ipCombo.domainNameLabel]\\",\\r\\n \\"applianceResourceNameForMainTemplate\\":
- \\"testappname\\"\\r\\n }\\r\\n }\\r\\n}"}}'''
- headers:
- Accept: [application/json]
- Accept-Encoding: ['gzip, deflate']
- CommandName: [managedapp definition create]
- Connection: [keep-alive]
- Content-Length: ['10713']
- Content-Type: [application/json; charset=utf-8]
- User-Agent: [python/3.6.5 (Windows-10-10.0.16299-SP0) requests/2.18.4 msrest/0.4.29
- msrest_azure/0.4.31 azure-mgmt-resource/2017-09-01 Azure-SDK-For-Python
- AZURECLI/2.0.34]
- accept-language: [en-US]
+ numbers, and special characters.\"\r\n },\r\n \"options\":
+ {\r\n \"hideConfirmation\": false\r\n }\r\n }\r\n ],\r\n \"steps\":
+ [\r\n {\r\n \"name\": \"ipConfig\",\r\n \"label\":
+ \"IP Config\",\r\n \"subLabel\": {\r\n \"preValidation\":
+ \"Configure the public IP address\",\r\n \"postValidation\":
+ \"Done\"\r\n },\r\n \"bladeTitle\": \"IP Settings\",\r\n \"elements\":
+ [\r\n {\r\n \"name\": \"ipCombo\",\r\n \"type\":
+ \"Microsoft.Network.PublicIpAddressCombo\",\r\n \"label\":
+ {\r\n \"publicIpAddress\": \"Public IP address\",\r\n \"domainNameLabel\":
+ \"Domain name label\"\r\n },\r\n \"toolTip\":
+ {\r\n \"publicIpAddress\": \"\",\r\n \"domainNameLabel\":
+ \"\"\r\n },\r\n \"defaultValue\":
+ {\r\n \"publicIpAddressName\": \"myPublicIP\"\r\n },\r\n \"constraints\":
+ {\r\n \"required\": {\r\n \"domainNameLabel\":
+ true\r\n }\r\n },\r\n \"options\":
+ {\r\n \"hideNone\": true,\r\n \"hideDomainNameLabel\":
+ false,\r\n \"hideExisting\": true\r\n },\r\n \"visible\":
+ true\r\n }\r\n ]\r\n }\r\n ],\r\n \"outputs\":
+ {\r\n \"adminUsername\": \"[basics(''adminUsername'')]\",\r\n \"adminPassword\":
+ \"[basics(''adminPassword'')]\",\r\n \"dnsLabelPrefix\": \"[steps(''ipConfig'').ipCombo.domainNameLabel]\",\r\n \"applianceResourceNameForMainTemplate\":
+ \"testappname\"\r\n }\r\n }\r\n}"}}'
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - managedapp definition create
+ Connection:
+ - keep-alive
+ Content-Length:
+ - '10713'
+ Content-Type:
+ - application/json; charset=utf-8
+ ParameterSetName:
+ - -n --create-ui-definition --main-template --display-name --description -l
+ -a --lock-level -g
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/2017-09-01 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
method: PUT
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002?api-version=2017-09-01
- response:
- body: {string: '{"properties":{"isEnabled":true,"lockLevel":"None","displayName":"test_appdef000003","description":"test_appdef_123","authorizations":[{"principalId":"5e91139a-c94b-462e-a6ff-1ee95e8aac07","roleDefinitionId":"8e3af657-a8ff-443c-a75c-2fe8c4bcb635"}],"artifacts":[{"name":"ApplicationResourceTemplate","type":"Template","uri":"https://prdsapplianceprodbl01.blob.core.windows.net/applicationdefinitions/3B796_89EC4D1DDCC74A3FA7010A5D074C8505_B2477AAD6D42A4A975B025755F9357927600CA38/applicationResourceTemplate.json?sv=2017-04-17&sr=b&sig=BpL1G%2BjiQwEKt6c1uCJHTk2hzEaEbc9R3a3uGmrlsVc%3D&se=2118-06-14T00:02:03Z&sp=r"},{"name":"CreateUiDefinition","type":"Custom","uri":"https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002/applicationArtifacts/CreateUiDefinition?api-version=2017-09-01"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002","name":"testappdefname000002","type":"Microsoft.Solutions/applicationDefinitions","location":"eastus"}'}
- headers:
- cache-control: [no-cache]
- content-length: ['1309']
- content-type: [application/json; charset=utf-8]
- date: ['Thu, 14 Jun 2018 00:02:03 GMT']
- expires: ['-1']
- pragma: [no-cache]
- strict-transport-security: [max-age=31536000; includeSubDomains]
- x-content-type-options: [nosniff]
- x-ms-ratelimit-remaining-subscription-writes: ['1199']
- status: {code: 201, message: Created}
-- request:
- body: null
- headers:
- Accept: [application/json]
- Accept-Encoding: ['gzip, deflate']
- CommandName: [managedapp definition create]
- Connection: [keep-alive]
- User-Agent: [python/3.6.5 (Windows-10-10.0.16299-SP0) requests/2.18.4 msrest/0.4.29
- msrest_azure/0.4.31 azure-mgmt-resource/2017-09-01 Azure-SDK-For-Python
- AZURECLI/2.0.34]
- method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002?api-version=2017-09-01
- response:
- body: {string: '{"properties":{"isEnabled":true,"lockLevel":"None","displayName":"test_appdef000003","description":"test_appdef_123","authorizations":[{"principalId":"5e91139a-c94b-462e-a6ff-1ee95e8aac07","roleDefinitionId":"8e3af657-a8ff-443c-a75c-2fe8c4bcb635"}],"artifacts":[{"name":"ApplicationResourceTemplate","type":"Template","uri":"https://prdsapplianceprodbl01.blob.core.windows.net/applicationdefinitions/3B796_89EC4D1DDCC74A3FA7010A5D074C8505_B2477AAD6D42A4A975B025755F9357927600CA38/applicationResourceTemplate.json?sv=2017-04-17&sr=b&sig=BpL1G%2BjiQwEKt6c1uCJHTk2hzEaEbc9R3a3uGmrlsVc%3D&se=2118-06-14T00:02:03Z&sp=r"},{"name":"CreateUiDefinition","type":"Custom","uri":"https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002/applicationArtifacts/CreateUiDefinition?api-version=2017-09-01"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002","name":"testappdefname000002","type":"Microsoft.Solutions/applicationDefinitions","location":"eastus"}'}
- headers:
- cache-control: [no-cache]
- content-length: ['1309']
- content-type: [application/json; charset=utf-8]
- date: ['Thu, 14 Jun 2018 00:02:34 GMT']
- expires: ['-1']
- pragma: [no-cache]
- strict-transport-security: [max-age=31536000; includeSubDomains]
- transfer-encoding: [chunked]
- vary: ['Accept-Encoding,Accept-Encoding']
- x-content-type-options: [nosniff]
- status: {code: 200, message: OK}
-- request:
- body: null
- headers:
- Accept: [application/json]
- Accept-Encoding: ['gzip, deflate']
- CommandName: [managedapp definition list]
- Connection: [keep-alive]
- Content-Type: [application/json; charset=utf-8]
- User-Agent: [python/3.6.5 (Windows-10-10.0.16299-SP0) requests/2.18.4 msrest/0.4.29
- msrest_azure/0.4.31 azure-mgmt-resource/2017-09-01 Azure-SDK-For-Python
- AZURECLI/2.0.34]
- accept-language: [en-US]
- method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions?api-version=2017-09-01
- response:
- body: {string: '{"value":[{"properties":{"isEnabled":true,"lockLevel":"None","displayName":"test_appdef000003","description":"test_appdef_123","authorizations":[{"principalId":"5e91139a-c94b-462e-a6ff-1ee95e8aac07","roleDefinitionId":"8e3af657-a8ff-443c-a75c-2fe8c4bcb635"}],"artifacts":[{"name":"ApplicationResourceTemplate","type":"Template","uri":"https://prdsapplianceprodbl01.blob.core.windows.net/applicationdefinitions/3B796_89EC4D1DDCC74A3FA7010A5D074C8505_B2477AAD6D42A4A975B025755F9357927600CA38/applicationResourceTemplate.json?sv=2017-04-17&sr=b&sig=BpL1G%2BjiQwEKt6c1uCJHTk2hzEaEbc9R3a3uGmrlsVc%3D&se=2118-06-14T00:02:03Z&sp=r"},{"name":"CreateUiDefinition","type":"Custom","uri":"https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002/applicationArtifacts/CreateUiDefinition?api-version=2017-09-01"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002","name":"testappdefname000002","type":"Microsoft.Solutions/applicationDefinitions","location":"eastus"}]}'}
- headers:
- cache-control: [no-cache]
- content-length: ['1321']
- content-type: [application/json; charset=utf-8]
- date: ['Thu, 14 Jun 2018 00:02:34 GMT']
- expires: ['-1']
- pragma: [no-cache]
- strict-transport-security: [max-age=31536000; includeSubDomains]
- transfer-encoding: [chunked]
- vary: ['Accept-Encoding,Accept-Encoding']
- x-content-type-options: [nosniff]
- status: {code: 200, message: OK}
-- request:
- body: null
- headers:
- Accept: [application/json]
- Accept-Encoding: ['gzip, deflate']
- CommandName: [managedapp definition show]
- Connection: [keep-alive]
- Content-Type: [application/json; charset=utf-8]
- User-Agent: [python/3.6.5 (Windows-10-10.0.16299-SP0) requests/2.18.4 msrest/0.4.29
- msrest_azure/0.4.31 azure-mgmt-resource/2017-09-01 Azure-SDK-For-Python
- AZURECLI/2.0.34]
- accept-language: [en-US]
- method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002?api-version=2017-09-01
- response:
- body: {string: '{"properties":{"isEnabled":true,"lockLevel":"None","displayName":"test_appdef000003","description":"test_appdef_123","authorizations":[{"principalId":"5e91139a-c94b-462e-a6ff-1ee95e8aac07","roleDefinitionId":"8e3af657-a8ff-443c-a75c-2fe8c4bcb635"}],"artifacts":[{"name":"ApplicationResourceTemplate","type":"Template","uri":"https://prdsapplianceprodbl01.blob.core.windows.net/applicationdefinitions/3B796_89EC4D1DDCC74A3FA7010A5D074C8505_B2477AAD6D42A4A975B025755F9357927600CA38/applicationResourceTemplate.json?sv=2017-04-17&sr=b&sig=BpL1G%2BjiQwEKt6c1uCJHTk2hzEaEbc9R3a3uGmrlsVc%3D&se=2118-06-14T00:02:03Z&sp=r"},{"name":"CreateUiDefinition","type":"Custom","uri":"https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002/applicationArtifacts/CreateUiDefinition?api-version=2017-09-01"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002","name":"testappdefname000002","type":"Microsoft.Solutions/applicationDefinitions","location":"eastus"}'}
- headers:
- cache-control: [no-cache]
- content-length: ['1309']
- content-type: [application/json; charset=utf-8]
- date: ['Thu, 14 Jun 2018 00:02:35 GMT']
- expires: ['-1']
- pragma: [no-cache]
- strict-transport-security: [max-age=31536000; includeSubDomains]
- transfer-encoding: [chunked]
- vary: ['Accept-Encoding,Accept-Encoding']
- x-content-type-options: [nosniff]
- status: {code: 200, message: OK}
-- request:
- body: null
- headers:
- Accept: [application/json]
- Accept-Encoding: ['gzip, deflate']
- CommandName: [managedapp definition delete]
- Connection: [keep-alive]
- Content-Length: ['0']
- Content-Type: [application/json; charset=utf-8]
- User-Agent: [python/3.6.5 (Windows-10-10.0.16299-SP0) requests/2.18.4 msrest/0.4.29
- msrest_azure/0.4.31 azure-mgmt-resource/2017-09-01 Azure-SDK-For-Python
- AZURECLI/2.0.34]
- accept-language: [en-US]
- method: DELETE
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002?api-version=2017-09-01
- response:
- body: {string: ''}
- headers:
- cache-control: [no-cache]
- content-length: ['0']
- date: ['Thu, 14 Jun 2018 00:02:37 GMT']
- expires: ['-1']
- pragma: [no-cache]
- strict-transport-security: [max-age=31536000; includeSubDomains]
- x-content-type-options: [nosniff]
- x-ms-ratelimit-remaining-subscription-deletes: ['14999']
- status: {code: 200, message: OK}
-- request:
- body: null
- headers:
- Accept: [application/json]
- Accept-Encoding: ['gzip, deflate']
- CommandName: [managedapp definition list]
- Connection: [keep-alive]
- Content-Type: [application/json; charset=utf-8]
- User-Agent: [python/3.6.5 (Windows-10-10.0.16299-SP0) requests/2.18.4 msrest/0.4.29
- msrest_azure/0.4.31 azure-mgmt-resource/2017-09-01 Azure-SDK-For-Python
- AZURECLI/2.0.34]
- accept-language: [en-US]
- method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions?api-version=2017-09-01
- response:
- body: {string: '{"value":[]}'}
- headers:
- cache-control: [no-cache]
- content-length: ['12']
- content-type: [application/json; charset=utf-8]
- date: ['Thu, 14 Jun 2018 00:02:38 GMT']
- expires: ['-1']
- pragma: [no-cache]
- strict-transport-security: [max-age=31536000; includeSubDomains]
- vary: [Accept-Encoding]
- x-content-type-options: [nosniff]
- status: {code: 200, message: OK}
-- request:
- body: null
- headers:
- Accept: [application/json]
- Accept-Encoding: ['gzip, deflate']
- CommandName: [group delete]
- Connection: [keep-alive]
- Content-Length: ['0']
- Content-Type: [application/json; charset=utf-8]
- User-Agent: [python/3.6.5 (Windows-10-10.0.16299-SP0) requests/2.18.4 msrest/0.4.29
- msrest_azure/0.4.31 resourcemanagementclient/2.0.0rc2 Azure-SDK-For-Python
- AZURECLI/2.0.34]
- accept-language: [en-US]
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002?api-version=2018-06-01
+ response:
+ body:
+ string: '{"properties":{"authorizations":[{"principalId":"5e91139a-c94b-462e-a6ff-1ee95e8aac07","roleDefinitionId":"8e3af657-a8ff-443c-a75c-2fe8c4bcb635"}],"isEnabled":true,"lockLevel":"None","displayName":"test_appdef000003","description":"test_appdef_123","artifacts":[{"name":"ApplicationResourceTemplate","type":"Template","uri":"https://prdsapplianceprodbl01.blob.core.windows.net/applicationdefinitions/92ACA_F67CC918F64F4C3FAA24A855465F9D41_2B8A5BECBA2839EDCF1DFAE35AC07F1F76111FD3/a4feab31bef444349a9696c2f80beefe/applicationResourceTemplate.json"},{"name":"CreateUiDefinition","type":"Custom","uri":"https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002/applicationArtifacts/CreateUiDefinition?api-version=2017-09-01"},{"name":"MainTemplateParameters","type":"Custom","uri":"https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002/applicationArtifacts/MainTemplateParameters?api-version=2017-09-01"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002","name":"testappdefname000002","type":"Microsoft.Solutions/applicationDefinitions","location":"eastus"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1611'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:12:57 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ x-ms-ratelimit-remaining-subscription-writes:
+ - '1198'
+ status:
+ code: 201
+ message: Created
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - managedapp definition create
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n --create-ui-definition --main-template --display-name --description -l
+ -a --lock-level -g
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/2017-09-01 Azure-SDK-For-Python AZURECLI/2.0.77
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002?api-version=2018-06-01
+ response:
+ body:
+ string: '{"properties":{"authorizations":[{"principalId":"5e91139a-c94b-462e-a6ff-1ee95e8aac07","roleDefinitionId":"8e3af657-a8ff-443c-a75c-2fe8c4bcb635"}],"isEnabled":true,"lockLevel":"None","displayName":"test_appdef000003","description":"test_appdef_123","artifacts":[{"name":"ApplicationResourceTemplate","type":"Template","uri":"https://prdsapplianceprodbl01.blob.core.windows.net/applicationdefinitions/92ACA_F67CC918F64F4C3FAA24A855465F9D41_2B8A5BECBA2839EDCF1DFAE35AC07F1F76111FD3/a4feab31bef444349a9696c2f80beefe/applicationResourceTemplate.json"},{"name":"CreateUiDefinition","type":"Custom","uri":"https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002/applicationArtifacts/CreateUiDefinition?api-version=2017-09-01"},{"name":"MainTemplateParameters","type":"Custom","uri":"https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002/applicationArtifacts/MainTemplateParameters?api-version=2017-09-01"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002","name":"testappdefname000002","type":"Microsoft.Solutions/applicationDefinitions","location":"eastus"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1611'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:13:29 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - managedapp definition list
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -g
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/2017-09-01 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions?api-version=2018-06-01
+ response:
+ body:
+ string: '{"value":[{"properties":{"authorizations":[{"principalId":"5e91139a-c94b-462e-a6ff-1ee95e8aac07","roleDefinitionId":"8e3af657-a8ff-443c-a75c-2fe8c4bcb635"}],"isEnabled":true,"lockLevel":"None","displayName":"test_appdef000003","description":"test_appdef_123","artifacts":[{"name":"ApplicationResourceTemplate","type":"Template","uri":"https://prdsapplianceprodbl01.blob.core.windows.net/applicationdefinitions/92ACA_F67CC918F64F4C3FAA24A855465F9D41_2B8A5BECBA2839EDCF1DFAE35AC07F1F76111FD3/a4feab31bef444349a9696c2f80beefe/applicationResourceTemplate.json"},{"name":"CreateUiDefinition","type":"Custom","uri":"https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002/applicationArtifacts/CreateUiDefinition?api-version=2017-09-01"},{"name":"MainTemplateParameters","type":"Custom","uri":"https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002/applicationArtifacts/MainTemplateParameters?api-version=2017-09-01"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002","name":"testappdefname000002","type":"Microsoft.Solutions/applicationDefinitions","location":"eastus"}]}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1623'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:13:30 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - managedapp definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - --ids
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/2017-09-01 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002?api-version=2018-06-01
+ response:
+ body:
+ string: '{"properties":{"authorizations":[{"principalId":"5e91139a-c94b-462e-a6ff-1ee95e8aac07","roleDefinitionId":"8e3af657-a8ff-443c-a75c-2fe8c4bcb635"}],"isEnabled":true,"lockLevel":"None","displayName":"test_appdef000003","description":"test_appdef_123","artifacts":[{"name":"ApplicationResourceTemplate","type":"Template","uri":"https://prdsapplianceprodbl01.blob.core.windows.net/applicationdefinitions/92ACA_F67CC918F64F4C3FAA24A855465F9D41_2B8A5BECBA2839EDCF1DFAE35AC07F1F76111FD3/a4feab31bef444349a9696c2f80beefe/applicationResourceTemplate.json"},{"name":"CreateUiDefinition","type":"Custom","uri":"https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002/applicationArtifacts/CreateUiDefinition?api-version=2017-09-01"},{"name":"MainTemplateParameters","type":"Custom","uri":"https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002/applicationArtifacts/MainTemplateParameters?api-version=2017-09-01"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002","name":"testappdefname000002","type":"Microsoft.Solutions/applicationDefinitions","location":"eastus"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1611'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:13:32 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - managedapp definition delete
+ Connection:
+ - keep-alive
+ Content-Length:
+ - '0'
+ ParameterSetName:
+ - -g -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/2017-09-01 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
method: DELETE
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest.rg000001?api-version=2019-07-01
- response:
- body: {string: ''}
- headers:
- cache-control: [no-cache]
- content-length: ['0']
- date: ['Thu, 14 Jun 2018 00:02:37 GMT']
- expires: ['-1']
- location: ['https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/operationresults/eyJqb2JJZCI6IlJFU09VUkNFR1JPVVBERUxFVElPTkpPQi1DTElURVNUOjJFUkdJM0xTTTdFRE1NRVhVTjRCN1AzT0ZSNFlaSlFFVldFSTMyR3w1MTk2NEZGRjg0M0U2OTAzLVdFU1RVUyIsImpvYkxvY2F0aW9uIjoid2VzdHVzIn0?api-version=2019-07-01']
- pragma: [no-cache]
- strict-transport-security: [max-age=31536000; includeSubDomains]
- x-content-type-options: [nosniff]
- x-ms-ratelimit-remaining-subscription-deletes: ['14999']
- status: {code: 202, message: Accepted}
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions/testappdefname000002?api-version=2018-06-01
+ response:
+ body:
+ string: ''
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '0'
+ date:
+ - Fri, 06 Dec 2019 22:13:34 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ x-ms-ratelimit-remaining-subscription-deletes:
+ - '14999'
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - managedapp definition list
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -g
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/2017-09-01 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.Solutions/applicationDefinitions?api-version=2018-06-01
+ response:
+ body:
+ string: '{"value":[]}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '12'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:13:35 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
version: 1
diff --git a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policy_default.yaml b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policy_default.yaml
index e7aec05b988..6993e49e731 100644
--- a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policy_default.yaml
+++ b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policy_default.yaml
@@ -4,9 +4,8 @@ interactions:
"description": "desc_for_test_policy_123", "policyRule": {"if": {"not": {"field":
"location", "in": "[parameters(''allowedLocations'')]"}}, "then": {"effect":
"deny"}}, "metadata": {"category": "test"}, "parameters": {"allowedLocations":
- {"type": "array", "metadata": {"description": "The list of locations that can
- be specified when deploying resources", "strongType": "location", "displayName":
- "Allowed locations"}}}}}'
+ {"type": "array", "metadata": {"displayName": "Allowed locations", "description":
+ "The list of locations that can be specified when deploying resources"}}}}}'
headers:
Accept:
- application/json
@@ -17,32 +16,32 @@ interactions:
Connection:
- keep-alive
Content-Length:
- - '493'
+ - '467'
Content-Type:
- application/json; charset=utf-8
ParameterSetName:
- -n --rules --params --display-name --description --mode --metadata
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policy000003","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"category":"test","createdBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","createdOn":"2019-10-21T05:18:14.6339461Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'
+ string: '{"properties":{"displayName":"test_policy000003","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"category":"test","createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T21:50:42.5142104Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ locations","description":"The list of locations that can be specified when
+ deploying resources"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'
headers:
cache-control:
- no-cache
content-length:
- - '846'
+ - '822'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:18:13 GMT
+ - Fri, 06 Dec 2019 21:50:42 GMT
expires:
- '-1'
pragma:
@@ -52,7 +51,7 @@ interactions:
x-content-type-options:
- nosniff
x-ms-ratelimit-remaining-subscription-writes:
- - '1198'
+ - '1199'
status:
code: 201
message: Created
@@ -70,26 +69,26 @@ interactions:
ParameterSetName:
- -n --description --display-name --metadata
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policy000003","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"category":"test","createdBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","createdOn":"2019-10-21T05:18:14.6339461Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'
+ string: '{"properties":{"displayName":"test_policy000003","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"category":"test","createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T21:50:42.5142104Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ locations","description":"The list of locations that can be specified when
+ deploying resources"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'
headers:
cache-control:
- no-cache
content-length:
- - '846'
+ - '822'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:18:15 GMT
+ - Fri, 06 Dec 2019 21:50:43 GMT
expires:
- '-1'
pragma:
@@ -110,8 +109,8 @@ interactions:
"desc_for_test_policy_123_new", "policyRule": {"if": {"not": {"field": "location",
"in": "[parameters(''allowedLocations'')]"}}, "then": {"effect": "deny"}}, "metadata":
{"category": "test2"}, "parameters": {"allowedLocations": {"type": "Array",
- "metadata": {"description": "The list of locations that can be specified when
- deploying resources", "strongType": "location", "displayName": "Allowed locations"}}}}}'
+ "metadata": {"displayName": "Allowed locations", "description": "The list of
+ locations that can be specified when deploying resources"}}}}}'
headers:
Accept:
- application/json
@@ -122,32 +121,32 @@ interactions:
Connection:
- keep-alive
Content-Length:
- - '483'
+ - '457'
Content-Type:
- application/json; charset=utf-8
ParameterSetName:
- -n --description --display-name --metadata
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policy000003_new","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2","createdBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","createdOn":"2019-10-21T05:18:14.6339461Z","updatedBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","updatedOn":"2019-10-21T05:18:15.8631375Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'
+ string: '{"properties":{"displayName":"test_policy000003_new","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2","createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T21:50:42.5142104Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T21:50:44.5717058Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ locations","description":"The list of locations that can be specified when
+ deploying resources"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'
headers:
cache-control:
- no-cache
content-length:
- - '915'
+ - '891'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:18:15 GMT
+ - Fri, 06 Dec 2019 21:50:44 GMT
expires:
- '-1'
pragma:
@@ -157,7 +156,7 @@ interactions:
x-content-type-options:
- nosniff
x-ms-ratelimit-remaining-subscription-writes:
- - '1194'
+ - '1199'
status:
code: 201
message: Created
@@ -175,26 +174,26 @@ interactions:
ParameterSetName:
- -n --description --display-name --metadata --params --rules
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policy000003_new","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2","createdBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","createdOn":"2019-10-21T05:18:14.6339461Z","updatedBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","updatedOn":"2019-10-21T05:18:15.8631375Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'
+ string: '{"properties":{"displayName":"test_policy000003_new","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2","createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T21:50:42.5142104Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T21:50:44.5717058Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ locations","description":"The list of locations that can be specified when
+ deploying resources"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'
headers:
cache-control:
- no-cache
content-length:
- - '915'
+ - '891'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:18:16 GMT
+ - Fri, 06 Dec 2019 21:50:45 GMT
expires:
- '-1'
pragma:
@@ -232,15 +231,15 @@ interactions:
ParameterSetName:
- -n --description --display-name --metadata --params --rules
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policy000003_new","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2","createdBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","createdOn":"2019-10-21T05:18:14.6339461Z","updatedBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","updatedOn":"2019-10-21T05:18:17.1140659Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ string: '{"properties":{"displayName":"test_policy000003_new","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2","createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T21:50:42.5142104Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T21:50:46.7696393Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
locations 2"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'
headers:
cache-control:
@@ -250,7 +249,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:18:16 GMT
+ - Fri, 06 Dec 2019 21:50:46 GMT
expires:
- '-1'
pragma:
@@ -260,7 +259,7 @@ interactions:
x-content-type-options:
- nosniff
x-ms-ratelimit-remaining-subscription-writes:
- - '1195'
+ - '1199'
status:
code: 201
message: Created
@@ -276,23 +275,52 @@ interactions:
Connection:
- keep-alive
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions?api-version=2019-09-01
response:
body:
- string: '{"value":[{"properties":{"displayName":"Audit virtual machines without
- disaster recovery configured","policyType":"BuiltIn","mode":"All","description":"Audit
+ string: '{"value":[{"properties":{"displayName":"Microsoft Managed Control 1599
+ - Developer Configuration Management | Software / Firmware Integrity Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1599"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0004bbf0-5099-4179-869e-e9ffe5fb0945","type":"Microsoft.Authorization/policyDefinitions","name":"0004bbf0-5099-4179-869e-e9ffe5fb0945"},{"properties":{"displayName":"Audit
+ virtual machines without disaster recovery configured","policyType":"BuiltIn","mode":"All","description":"Audit
virtual machines which do not have disaster recovery configured. To learn
more about disaster recovery, visit https://aka.ms/asr-doc.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Resources/links","existenceCondition":{"field":"name","like":"ASR-Protect-*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","type":"Microsoft.Authorization/policyDefinitions","name":"0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56"},{"properties":{"displayName":"[Deprecated]:
Audit Web Sockets state for a Function App","policyType":"BuiltIn","mode":"All","description":"The
Web Sockets protocol is vulnerable to different types of security threats.
Use of Web Sockets within an Function app must be carefully reviewed.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd","type":"Microsoft.Authorization/policyDefinitions","name":"001802d1-4969-4c82-a700-c29c6c6f9bbd"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd","type":"Microsoft.Authorization/policyDefinitions","name":"001802d1-4969-4c82-a700-c29c6c6f9bbd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1375 - Incident Response Assistance | Automation Support For
+ Availability Of Information / Support","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1375"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/00379355-8932-4b52-b63a-3bc6daf3451a","type":"Microsoft.Authorization/policyDefinitions","name":"00379355-8932-4b52-b63a-3bc6daf3451a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1605 - Developer Security Testing And Evaluation | Static
+ Code Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1605"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0062eb8b-dc75-4718-8ea5-9bb4a9606655","type":"Microsoft.Authorization/policyDefinitions","name":"0062eb8b-dc75-4718-8ea5-9bb4a9606655"},{"properties":{"displayName":"Microsoft
+ Managed Control 1142 - Security Assessment And Authorization Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1142"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/01524fa8-4555-48ce-ba5f-c3b8dcef5147","type":"Microsoft.Authorization/policyDefinitions","name":"01524fa8-4555-48ce-ba5f-c3b8dcef5147"},{"properties":{"displayName":"Microsoft
+ Managed Control 1099 - Security Training Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1099"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/01910bab-8639-4bd0-84ef-cc53b24d79ba","type":"Microsoft.Authorization/policyDefinitions","name":"01910bab-8639-4bd0-84ef-cc53b24d79ba"},{"properties":{"displayName":"Microsoft
+ Managed Control 1285 - Telecommunications Services | Provider Contingency
+ Plan","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1285"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/01f7726b-db54-45c2-bcb5-9bd7a43796ee","type":"Microsoft.Authorization/policyDefinitions","name":"01f7726b-db54-45c2-bcb5-9bd7a43796ee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1709 - Security Function Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1709"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/025992d6-7fee-4137-9bbf-2ffc39c0686c","type":"Microsoft.Authorization/policyDefinitions","name":"025992d6-7fee-4137-9bbf-2ffc39c0686c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1052 - Session Lock","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1052"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/027cae1c-ec3e-4492-9036-4168d540c42a","type":"Microsoft.Authorization/policyDefinitions","name":"027cae1c-ec3e-4492-9036-4168d540c42a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1034 - Least Privilege","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1034"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02a5ed00-6d2e-4e97-9a98-46c32c057329","type":"Microsoft.Authorization/policyDefinitions","name":"02a5ed00-6d2e-4e97-9a98-46c32c057329"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs on which the remote host connection status
does not match the specified one","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -300,12 +328,68 @@ interactions:
auditing Windows virtual machines on which the remote host connection status
does not match the specified one. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsRemoteConnection","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02a84be7-c304-421f-9bb7-5d2c26af54ad","type":"Microsoft.Authorization/policyDefinitions","name":"02a84be7-c304-421f-9bb7-5d2c26af54ad"},{"properties":{"displayName":"SQL
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsRemoteConnection","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02a84be7-c304-421f-9bb7-5d2c26af54ad","type":"Microsoft.Authorization/policyDefinitions","name":"02a84be7-c304-421f-9bb7-5d2c26af54ad"},{"properties":{"displayName":"Microsoft
+ Managed Control 1623 - Boundary Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1623"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02ce1b22-412a-4528-8630-c42146f917ed","type":"Microsoft.Authorization/policyDefinitions","name":"02ce1b22-412a-4528-8630-c42146f917ed"},{"properties":{"displayName":"Microsoft
+ Managed Control 1515 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1515"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02dd141a-a2b2-49a7-bcbd-ca31142f6211","type":"Microsoft.Authorization/policyDefinitions","name":"02dd141a-a2b2-49a7-bcbd-ca31142f6211"},{"properties":{"displayName":"Microsoft
+ Managed Control 1327 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1327"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03188d8f-1ae5-4fe1-974d-2d7d32ef937d","type":"Microsoft.Authorization/policyDefinitions","name":"03188d8f-1ae5-4fe1-974d-2d7d32ef937d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1229 - Information System Component Inventory | No Duplicate
+ Accounting Of Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1229"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03752212-103c-4ab8-a306-7e813022ca9d","type":"Microsoft.Authorization/policyDefinitions","name":"03752212-103c-4ab8-a306-7e813022ca9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1123 - Audit Review, Analysis, And Reporting | Audit Level
+ Adjustment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1123"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03996055-37a4-45a5-8b70-3f1caa45f87d","type":"Microsoft.Authorization/policyDefinitions","name":"03996055-37a4-45a5-8b70-3f1caa45f87d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1474 - Emergency Power | Long-Term Alternate Power Supply
+ - Minimal Operational Capability","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1474"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03ad326e-d7a1-44b1-9a76-e17492efc9e4","type":"Microsoft.Authorization/policyDefinitions","name":"03ad326e-d7a1-44b1-9a76-e17492efc9e4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1227 - Information System Component Inventory | Automated
+ Unauthorized Component Detection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1227"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03b78f5e-4877-4303-b0f4-eb6583f25768","type":"Microsoft.Authorization/policyDefinitions","name":"03b78f5e-4877-4303-b0f4-eb6583f25768"},{"properties":{"displayName":"Microsoft
+ Managed Control 1361 - Incident Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1361"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03ed3be1-7276-4452-9a5d-e4168565ac67","type":"Microsoft.Authorization/policyDefinitions","name":"03ed3be1-7276-4452-9a5d-e4168565ac67"},{"properties":{"displayName":"Microsoft
+ Managed Control 1594 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1594"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/042ba2a1-8bb8-45f4-b080-c78cf62b90e9","type":"Microsoft.Authorization/policyDefinitions","name":"042ba2a1-8bb8-45f4-b080-c78cf62b90e9"},{"properties":{"displayName":"SQL
managed instance TDE protector should be encrypted with your own key","policyType":"BuiltIn","mode":"Indexed","description":"Transparent
Data Encryption (TDE) with your own key support provides increased transparency
and control over the TDE Protector, increased security with an HSM-backed
external service, and promotion of separation of duties.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/encryptionProtector","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/managedInstances/encryptionProtector/serverKeyType","equals":"AzureKeyVault"},{"field":"Microsoft.Sql/managedInstances/encryptionProtector/uri","notEquals":""},{"field":"Microsoft.Sql/managedInstances/encryptionProtector/uri","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","type":"Microsoft.Authorization/policyDefinitions","name":"048248b0-55cd-46da-b1ff-39efd52db260"},{"properties":{"displayName":"[Preview]:
+ Network traffic data collection agent should be installed on Linux virtual
+ machines","policyType":"BuiltIn","mode":"Indexed","description":"Security
+ Center uses the Microsoft Monitoring Dependency Agent to collect network traffic
+ data from your Azure virtual machines to enable advanced network protection
+ features such as traffic visualization on the network map, network hardening
+ recommendations and specific network threats.","metadata":{"category":"Monitoring","preview":"true"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable Dependency Agent for Linux VMs monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/04c4380f-3fae-46e8-96c9-30193528f602","type":"Microsoft.Authorization/policyDefinitions","name":"04c4380f-3fae-46e8-96c9-30193528f602"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Service Bus to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Service Bus to stream to a regional Log Analytics
+ workspace when any Service Bus which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.ServiceBus/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e","type":"Microsoft.Authorization/policyDefinitions","name":"04d53d87-841c-4f23-8a5b-21564380b55e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1572 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1572"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/04f5fb00-80bb-48a9-a75b-4cb4d4c97c36","type":"Microsoft.Authorization/policyDefinitions","name":"04f5fb00-80bb-48a9-a75b-4cb4d4c97c36"},{"properties":{"displayName":"[Preview]:
Deploy Log Analytics Agent for Linux VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined
and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log
@@ -318,7 +402,10 @@ interactions:
''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77","type":"Microsoft.Authorization/policyDefinitions","name":"053d3325-282c-4e5c-b944-24faffd30d77"},{"properties":{"displayName":"Vulnerability
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77","type":"Microsoft.Authorization/policyDefinitions","name":"053d3325-282c-4e5c-b944-24faffd30d77"},{"properties":{"displayName":"Microsoft
+ Managed Control 1331 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1331"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05460fe2-301f-4ed1-8174-d62c8bb92ff4","type":"Microsoft.Authorization/policyDefinitions","name":"05460fe2-301f-4ed1-8174-d62c8bb92ff4"},{"properties":{"displayName":"Vulnerability
Assessment settings for SQL server should contain an email address to receive
scan reports","policyType":"BuiltIn","mode":"Indexed","description":"Ensure
that an email address is provided for the ''Send scan reports to'' field in
@@ -331,12 +418,44 @@ interactions:
your network is compromised","metadata":{"category":"Data Lake"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","type":"Microsoft.Authorization/policyDefinitions","name":"057ef27e-665e-4328-8ea3-04b3122bd9fb"},{"properties":{"displayName":"[Deprecated]:
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","type":"Microsoft.Authorization/policyDefinitions","name":"057ef27e-665e-4328-8ea3-04b3122bd9fb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1132 - Protection Of Audit Information | Audit Backup On Separate
+ Physical Systems / Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1132"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05938e10-cdbd-4a54-9b2b-1cbcfc141ad0","type":"Microsoft.Authorization/policyDefinitions","name":"05938e10-cdbd-4a54-9b2b-1cbcfc141ad0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1223 - Information System Component Inventory","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1223"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a","type":"Microsoft.Authorization/policyDefinitions","name":"05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1640 - Transmission Confidentiality And Integrity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1640"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05a289ce-6a20-4b75-a0f3-dc8601b6acd0","type":"Microsoft.Authorization/policyDefinitions","name":"05a289ce-6a20-4b75-a0f3-dc8601b6acd0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1420 - Maintenance Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1420"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05ae08cc-a282-413b-90c7-21a2c60b8404","type":"Microsoft.Authorization/policyDefinitions","name":"05ae08cc-a282-413b-90c7-21a2c60b8404"},{"properties":{"displayName":"Microsoft
+ Managed Control 1658 - Secure Name / Address Resolution Service (Recursive
+ Or Caching Resolver)","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1658"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/063b540e-4bdc-4e7a-a569-3a42ddf22098","type":"Microsoft.Authorization/policyDefinitions","name":"063b540e-4bdc-4e7a-a569-3a42ddf22098"},{"properties":{"displayName":"Microsoft
+ Managed Control 1688 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1688"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/063c3f09-e0f0-4587-8fd5-f4276fae675f","type":"Microsoft.Authorization/policyDefinitions","name":"063c3f09-e0f0-4587-8fd5-f4276fae675f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1332 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1332"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/068260be-a5e6-4b0a-a430-cd27071c226a","type":"Microsoft.Authorization/policyDefinitions","name":"068260be-a5e6-4b0a-a430-cd27071c226a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1455 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1455"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/068a88d4-e520-434e-baf0-9005a8164e6a","type":"Microsoft.Authorization/policyDefinitions","name":"068a88d4-e520-434e-baf0-9005a8164e6a"},{"properties":{"displayName":"[Deprecated]:
Audit SQL DB Level Audit Setting","policyType":"BuiltIn","mode":"All","description":"Audit
DB level audit setting for SQL databases","metadata":{"category":"SQL","deprecated":true},"parameters":{"setting":{"type":"String","metadata":{"displayName":"Audit
Setting"},"allowedValues":["enabled","disabled"]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Sql/servers/databases/auditingSettings","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/auditingSettings.state","equals":"[parameters(''setting'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"Audit
VMs that do not use managed disks","policyType":"BuiltIn","mode":"All","description":"This
- policy audits VMs that do not use managed disks","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/virtualMachines/osDisk.uri","exists":"True"}]},{"allOf":[{"field":"type","equals":"Microsoft.Compute/VirtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers","exists":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl","exists":"True"}]}]}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a4d"},{"properties":{"displayName":"CORS
+ policy audits VMs that do not use managed disks","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/virtualMachines/osDisk.uri","exists":"True"}]},{"allOf":[{"field":"type","equals":"Microsoft.Compute/VirtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers","exists":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl","exists":"True"}]}]}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a4d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1366 - Incident Handling | Information Correlation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1366"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06c45c30-ae44-4f0f-82be-41331da911cc","type":"Microsoft.Authorization/policyDefinitions","name":"06c45c30-ae44-4f0f-82be-41331da911cc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1633 - Boundary Protection | Route Traffic To Authenticated
+ Proxy Servers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1633"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/07557aa0-e02f-4460-9a81-8ecd2fed601a","type":"Microsoft.Authorization/policyDefinitions","name":"07557aa0-e02f-4460-9a81-8ecd2fed601a"},{"properties":{"displayName":"CORS
should not allow every resource to access your Function Apps","policyType":"BuiltIn","mode":"Indexed","description":"Cross-Origin
Resource Sharing (CORS) should not allow all domains to access your Function
app. Allow only required domains to interact with your Function app.","metadata":{"category":"App
@@ -355,12 +474,30 @@ interactions:
''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c","type":"Microsoft.Authorization/policyDefinitions","name":"0868462e-646c-4fe3-9ced-a733534b6a2c"},{"properties":{"displayName":"[Deprecated]:
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c","type":"Microsoft.Authorization/policyDefinitions","name":"0868462e-646c-4fe3-9ced-a733534b6a2c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1583 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1583"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0882d488-8e80-4466-bc0f-0cd15b6cb66d","type":"Microsoft.Authorization/policyDefinitions","name":"0882d488-8e80-4466-bc0f-0cd15b6cb66d"},{"properties":{"displayName":"[Deprecated]:
Audit Web Applications that are not using latest supported PHP Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported PHP version for the latest security classes. Using older
classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c","type":"Microsoft.Authorization/policyDefinitions","name":"08b17839-76c6-4015-90e0-33d9d54d219c"},{"properties":{"displayName":"Network
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c","type":"Microsoft.Authorization/policyDefinitions","name":"08b17839-76c6-4015-90e0-33d9d54d219c"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Search Services to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Search Services to stream to a regional Log Analytics
+ workspace when any Search Services which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Search/searchServices/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d","type":"Microsoft.Authorization/policyDefinitions","name":"08ba64b8-738f-4918-9686-730d2ed79c7d"},{"properties":{"displayName":"Network
Security Group Rules for Internet facing virtual machines should be hardened","policyType":"BuiltIn","mode":"Indexed","description":"Azure
Security Center analyzes the traffic patterns of Internet facing virtual machines
and provides Network Security Group rule recommendations that reduce the potential
@@ -369,11 +506,50 @@ interactions:
should be more than one owner assigned to your subscription","policyType":"BuiltIn","mode":"All","description":"It
is recommended to designate more than one subscription owner in order to have
administrator access redundancy.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateMoreThanOneOwner","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","type":"Microsoft.Authorization/policyDefinitions","name":"09024ccc-0c5f-475e-9457-b7c0d9ed487b"},{"properties":{"displayName":"Disk
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateMoreThanOneOwner","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","type":"Microsoft.Authorization/policyDefinitions","name":"09024ccc-0c5f-475e-9457-b7c0d9ed487b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1159 - Security Authorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1159"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0925f098-7877-450b-8ba4-d1e55f2d8795","type":"Microsoft.Authorization/policyDefinitions","name":"0925f098-7877-450b-8ba4-d1e55f2d8795"},{"properties":{"displayName":"Disk
encryption should be applied on virtual machines","policyType":"BuiltIn","mode":"All","description":"VMs
without an enabled disk encryption will be monitored by Azure Security Center
as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","type":"Microsoft.Authorization/policyDefinitions","name":"0961003e-5a0a-4549-abde-af6a37f2724d"},{"properties":{"displayName":"Audit
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","type":"Microsoft.Authorization/policyDefinitions","name":"0961003e-5a0a-4549-abde-af6a37f2724d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1302 - Identification And Authentication (Org. Users) | Network
+ Access To Non-Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1302"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09828c65-e323-422b-9774-9d5c646124da","type":"Microsoft.Authorization/policyDefinitions","name":"09828c65-e323-422b-9774-9d5c646124da"},{"properties":{"displayName":"Configure
+ backup on VMs of a location to an existing central Vault in the same location","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy configures Azure Backup protection on VMs in a given location to an
+ existing central vault in the same location. It applies to only those VMs
+ that are not already configured for backup. It is recommended that this policy
+ is assigned to not more than 200 VMs. If the policy is assigned for more than
+ 200 VMs, it can result in the backup getting triggered a few hours beyond
+ the defined schedule. This policy will be enhanced to support more VM images.","metadata":{"category":"Backup"},"parameters":{"vaultLocation":{"type":"String","metadata":{"displayName":"Location
+ (Specify the location of the VMs that you want to protect)","description":"Specify
+ the location of the VMs that you want to protect. VMs should be backed up
+ to a vault in the same location.\nFor example - southeastasia","strongType":"location"}},"backupPolicyId":{"type":"String","metadata":{"displayName":"Backup
+ Policy (of type Azure VM from a vault in the location chosen above)","description":"Specify
+ the id of the Azure backup policy to configure backup of the virtual machines.
+ The selected Azure backup policy should be of type Azure virtual machine.
+ This policy needs to be in a vault that is present in the location chosen
+ above.\nFor example - /subscriptions//resourceGroups//providers/Microsoft.RecoveryServices/vaults//backupPolicies/","strongType":"Microsoft.RecoveryServices/vaults/backupPolicies"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["deployIfNotExists","auditIfNotExists","disabled"],"defaultValue":"deployIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"location","equals":"[parameters(''vaultLocation'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c","/providers/microsoft.authorization/roleDefinitions/5e467623-bb1f-42f4-a55d-6e525e11384b"],"type":"Microsoft.RecoveryServices/backupprotecteditems","deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"backupPolicyId":{"type":"String"},"fabricName":{"type":"String"},"protectionContainers":{"type":"String"},"protectedItems":{"type":"String"},"sourceResourceId":{"type":"String"}},"resources":[{"apiVersion":"2017-05-10","name":"[concat(''DeployProtection-'',uniqueString(parameters(''protectedItems'')))]","type":"Microsoft.Resources/deployments","resourceGroup":"[first(skip(split(parameters(''backupPolicyId''),
+ ''/''), 4))]","subscriptionId":"[first(skip(split(parameters(''backupPolicyId''),
+ ''/''), 2))]","properties":{"mode":"Incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"backupPolicyId":{"type":"String"},"fabricName":{"type":"String"},"protectionContainers":{"type":"String"},"protectedItems":{"type":"String"},"sourceResourceId":{"type":"String"}},"resources":[{"type":"Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems","name":"[concat(first(skip(split(parameters(''backupPolicyId''),
+ ''/''), 8)), ''/'', parameters(''fabricName''), ''/'',parameters(''protectionContainers''),
+ ''/'', parameters(''protectedItems''))]","apiVersion":"2016-06-01","properties":{"protectedItemType":"Microsoft.Compute/virtualMachines","policyId":"[parameters(''backupPolicyId'')]","sourceResourceId":"[parameters(''sourceResourceId'')]"}}]},"parameters":{"backupPolicyId":{"value":"[parameters(''backupPolicyId'')]"},"fabricName":{"value":"[parameters(''fabricName'')]"},"protectionContainers":{"value":"[parameters(''protectionContainers'')]"},"protectedItems":{"value":"[parameters(''protectedItems'')]"},"sourceResourceId":{"value":"[parameters(''sourceResourceId'')]"}}}}]},"parameters":{"backupPolicyId":{"value":"[parameters(''backupPolicyId'')]"},"fabricName":{"value":"Azure"},"protectionContainers":{"value":"[concat(''iaasvmcontainer;iaasvmcontainerv2;'',
+ resourceGroup().name, '';'' ,field(''name''))]"},"protectedItems":{"value":"[concat(''vm;iaasvmcontainerv2;'',
+ resourceGroup().name, '';'' ,field(''name''))]"},"sourceResourceId":{"value":"[concat(''/subscriptions/'',
+ subscription().subscriptionId, ''/resourceGroups/'', resourceGroup().name,
+ ''/providers/Microsoft.Compute/virtualMachines/'',field(''name''))]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09ce66bc-1220-4153-8104-e3f51c936913","type":"Microsoft.Authorization/policyDefinitions","name":"09ce66bc-1220-4153-8104-e3f51c936913"},{"properties":{"displayName":"Microsoft
+ Managed Control 1654 - Voice Over Internet Protocol","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1654"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a2ee16e-ab1f-414a-800b-d1608835862b","type":"Microsoft.Authorization/policyDefinitions","name":"0a2ee16e-ab1f-414a-800b-d1608835862b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1402 - Controlled Maintenance | Automated Maintenance Activities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1402"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a560d32-8075-4fec-9615-9f7c853f4ea9","type":"Microsoft.Authorization/policyDefinitions","name":"0a560d32-8075-4fec-9615-9f7c853f4ea9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1428 - Media Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1428"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a77fcc7-b8d8-451a-ab52-56197913c0c7","type":"Microsoft.Authorization/policyDefinitions","name":"0a77fcc7-b8d8-451a-ab52-56197913c0c7"},{"properties":{"displayName":"Audit
resource location matches resource group location","policyType":"BuiltIn","mode":"Indexed","description":"Audit
that the resource location matches its resource group location","metadata":{"category":"General"},"policyRule":{"if":{"field":"location","notIn":["[resourcegroup().location]","global"]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a","type":"Microsoft.Authorization/policyDefinitions","name":"0a914e76-4921-4c19-b460-a2d36003525a"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
@@ -386,13 +562,26 @@ interactions:
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesAccountManagement","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesAccountManagement"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29","type":"Microsoft.Authorization/policyDefinitions","name":"0a9991e6-21be-49f9-8916-a06d934bcf29"},{"properties":{"displayName":"Email
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29","type":"Microsoft.Authorization/policyDefinitions","name":"0a9991e6-21be-49f9-8916-a06d934bcf29"},{"properties":{"displayName":"Microsoft
+ Managed Control 1044 - Unsuccessful Logon Attempts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1044"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0abbac52-57cf-450d-8408-1208d0dd9e90","type":"Microsoft.Authorization/policyDefinitions","name":"0abbac52-57cf-450d-8408-1208d0dd9e90"},{"properties":{"displayName":"Microsoft
+ Managed Control 1253 - Contingency Plan | Resume Essential Missions / Business
+ Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1253"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0afce0b3-dd9f-42bb-af28-1e4284ba8311","type":"Microsoft.Authorization/policyDefinitions","name":"0afce0b3-dd9f-42bb-af28-1e4284ba8311"},{"properties":{"displayName":"Email
notification to subscription owner for high severity alerts should be enabled","policyType":"BuiltIn","mode":"All","description":"Enable
emailing security alerts to the subscription owner, in order to have them
receive security alert emails from Microsoft. This ensures that they are aware
of any potential security issues and can mitigate the risk in a timely fashion","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertsToAdmins","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","type":"Microsoft.Authorization/policyDefinitions","name":"0b15565f-aa9e-48ba-8619-45960f2c314d"},{"properties":{"displayName":"Key
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertsToAdmins","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","type":"Microsoft.Authorization/policyDefinitions","name":"0b15565f-aa9e-48ba-8619-45960f2c314d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1046 - Automatic Account Lock | Purge / Wipe Mobile Device","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1046"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b1aa965-7502-41f9-92be-3e2fe7cc392a","type":"Microsoft.Authorization/policyDefinitions","name":"0b1aa965-7502-41f9-92be-3e2fe7cc392a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1020 - Account Management | Role-Based Schemes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1020"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b291ee8-3140-4cad-beb7-568c077c78ce","type":"Microsoft.Authorization/policyDefinitions","name":"0b291ee8-3140-4cad-beb7-568c077c78ce"},{"properties":{"displayName":"Key
Vault objects should be recoverable","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits if key vault objects are not recoverable. Soft Delete feature
helps to effectively hold the resources for a given retention period (90 days)
@@ -401,19 +590,51 @@ interactions:
state cannot be purged until the retention period of 90 days has passed. These
vaults and objects can still be recovered, assuring customers that the retention
policy will be followed.","metadata":{"category":"Key Vault"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"anyOf":[{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","equals":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","type":"Microsoft.Authorization/policyDefinitions","name":"0b60c0b2-2dc2-4e1c-b5c9-abbed971de53"},{"properties":{"displayName":"SQL
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"anyOf":[{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","equals":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","type":"Microsoft.Authorization/policyDefinitions","name":"0b60c0b2-2dc2-4e1c-b5c9-abbed971de53"},{"properties":{"displayName":"Microsoft
+ Managed Control 1115 - Audit Review, Analysis, And Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1115"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b653845-2ad9-4e09-a4f3-5a7c1d78353d","type":"Microsoft.Authorization/policyDefinitions","name":"0b653845-2ad9-4e09-a4f3-5a7c1d78353d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1239 - User-Installed Software","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1239"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0be51298-f643-4556-88af-d7db90794879","type":"Microsoft.Authorization/policyDefinitions","name":"0be51298-f643-4556-88af-d7db90794879"},{"properties":{"displayName":"Ensure
+ API app has ''Client Certificates (Incoming client certificates)'' set to
+ ''On''","policyType":"BuiltIn","mode":"Indexed","description":"Client certificates
+ allow for the app to request a certificate for incoming requests. Only clients
+ that have a valid certificate will be able to reach the app.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"},{"field":"Microsoft.Web/sites/clientCertEnabled","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886","type":"Microsoft.Authorization/policyDefinitions","name":"0c192fe8-9cbb-4516-85b3-0ade8bd03886"},{"properties":{"displayName":"Microsoft
+ Managed Control 1496 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1496"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0ca96127-2f87-46ab-a4fc-0d2a786df1c8","type":"Microsoft.Authorization/policyDefinitions","name":"0ca96127-2f87-46ab-a4fc-0d2a786df1c8"},{"properties":{"displayName":"SQL
server TDE protector should be encrypted with your own key","policyType":"BuiltIn","mode":"Indexed","description":"Transparent
Data Encryption (TDE) with your own key support provides increased transparency
and control over the TDE Protector, increased security with an HSM-backed
external service, and promotion of separation of duties.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/encryptionProtector","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/servers/encryptionProtector/serverKeyType","equals":"AzureKeyVault"},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","notEquals":""},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","type":"Microsoft.Authorization/policyDefinitions","name":"0d134df8-db83-46fb-ad72-fe0c9428c8dd"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/encryptionProtector","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/servers/encryptionProtector/serverKeyType","equals":"AzureKeyVault"},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","notEquals":""},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","type":"Microsoft.Authorization/policyDefinitions","name":"0d134df8-db83-46fb-ad72-fe0c9428c8dd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1518 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1518"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d58f734-c052-40e9-8b2f-a1c2bff0b815","type":"Microsoft.Authorization/policyDefinitions","name":"0d58f734-c052-40e9-8b2f-a1c2bff0b815"},{"properties":{"displayName":"Microsoft
+ Managed Control 1713 - Software, Firmware, And Information Integrity | Integrity
+ Checks","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1713"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d87c70b-5012-48e9-994b-e70dd4b8def0","type":"Microsoft.Authorization/policyDefinitions","name":"0d87c70b-5012-48e9-994b-e70dd4b8def0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1466 - Visitor Access Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1466"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d943a9c-a6f1-401f-a792-740cdb09c451","type":"Microsoft.Authorization/policyDefinitions","name":"0d943a9c-a6f1-401f-a792-740cdb09c451"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs on which Windows Defender Exploit Guard
is not enabled","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines on which Windows Defender Exploit Guard is not enabled. For
more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDefenderExploitGuard","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053","type":"Microsoft.Authorization/policyDefinitions","name":"0d9b45ff-9ddd-43fc-bf59-fbd1c8423053"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDefenderExploitGuard","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053","type":"Microsoft.Authorization/policyDefinitions","name":"0d9b45ff-9ddd-43fc-bf59-fbd1c8423053"},{"properties":{"displayName":"Managed
+ identity should be used in your Function App","policyType":"BuiltIn","mode":"Indexed","description":"Use
+ a managed identity for enhanced authentication security","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f","type":"Microsoft.Authorization/policyDefinitions","name":"0da106f2-4ca3-48e8-bc85-c638fe6aea8f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1718 - Software, Firmware, And Information Integrity | Binary
+ Or Machine Executable Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1718"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0dced7ab-9ce5-4137-93aa-14c13e06ab17","type":"Microsoft.Authorization/policyDefinitions","name":"0dced7ab-9ce5-4137-93aa-14c13e06ab17"},{"properties":{"displayName":"[Preview]:
Authorized IP ranges should be defined on Kubernetes Services","policyType":"BuiltIn","mode":"All","description":"Restrict
access to the Kubernetes Service Management API by granting API access only
to IP addresses in specific ranges. It is recommended to limit access to authorized
@@ -423,7 +644,42 @@ interactions:
debugging should be turned off for Function Apps","policyType":"BuiltIn","mode":"Indexed","description":"Remote
debugging requires inbound ports to be opened on an function app. Remote debugging
should be turned off.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","type":"Microsoft.Authorization/policyDefinitions","name":"0e60b895-3786-45da-8377-9c6b4b6ac5f9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","type":"Microsoft.Authorization/policyDefinitions","name":"0e60b895-3786-45da-8377-9c6b4b6ac5f9"},{"properties":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for MariaDB","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure Database for MariaDB with geo-redundant backup not
+ enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMariaDB/servers"},{"field":"Microsoft.DBforMariaDB/servers/storageProfile.geoRedundantBackup","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","type":"Microsoft.Authorization/policyDefinitions","name":"0ec47710-77ff-4a3d-9181-6aa50af424d0"},{"properties":{"displayName":"Deploy
+ prerequisites to enable Guest Configuration Policy on Windows VMs.","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a system-assigned managed identity and deploys the VM extension
+ for Guest Configuration on Windows VMs. This is a prerequisites for Guest
+ Configuration Policy and must be assigned to the scope before using any Guest
+ Configuration policy. For more information on Guest Configuration policies,
+ please visit https://aka.ms/gcpol.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.Compute/virtualMachines/extensions","name":"AzurePolicyforWindows","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.GuestConfiguration"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"ConfigurationforWindows"}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"resources":[{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}}}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0ecd903d-91e7-4726-83d3-a229d7f2e293","type":"Microsoft.Authorization/policyDefinitions","name":"0ecd903d-91e7-4726-83d3-a229d7f2e293"},{"properties":{"displayName":"Microsoft
+ Managed Control 1601 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1601"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e","type":"Microsoft.Authorization/policyDefinitions","name":"0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1476 - Fire Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1476"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f3c4ac2-3e35-4906-a80b-473b12a622d7","type":"Microsoft.Authorization/policyDefinitions","name":"0f3c4ac2-3e35-4906-a80b-473b12a622d7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1204 - Access Restrictions For Change | Review System Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1204"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f4f6750-d1ab-4a4c-8dfd-af3237682665","type":"Microsoft.Authorization/policyDefinitions","name":"0f4f6750-d1ab-4a4c-8dfd-af3237682665"},{"properties":{"displayName":"Microsoft
+ Managed Control 1430 - Media Marking","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1430"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f559588-5e53-4b14-a7c4-85d28ebc2234","type":"Microsoft.Authorization/policyDefinitions","name":"0f559588-5e53-4b14-a7c4-85d28ebc2234"},{"properties":{"displayName":"Microsoft
+ Managed Control 1574 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1574"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f935dab-83d6-47b8-85ef-68b8584161b9","type":"Microsoft.Authorization/policyDefinitions","name":"0f935dab-83d6-47b8-85ef-68b8584161b9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1164 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1164"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0fb8d3ce-9e96-481c-9c68-88d4e3019310","type":"Microsoft.Authorization/policyDefinitions","name":"0fb8d3ce-9e96-481c-9c68-88d4e3019310"},{"properties":{"displayName":"Microsoft
+ Managed Control 1017 - Account Management | Inactivity Logout","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1017"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0fc3db37-e59a-48c1-84e9-1780cedb409e","type":"Microsoft.Authorization/policyDefinitions","name":"0fc3db37-e59a-48c1-84e9-1780cedb409e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1087 - Security Awareness And Training Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1087"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/100c82ba-42e9-4d44-a2ba-94b209248583","type":"Microsoft.Authorization/policyDefinitions","name":"100c82ba-42e9-4d44-a2ba-94b209248583"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not contain the specified
certificates in Trusted Root","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows VMs that
@@ -444,10 +700,27 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprints'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/106ccbe4-a791-4f33-a44a-06796944b8d5","type":"Microsoft.Authorization/policyDefinitions","name":"106ccbe4-a791-4f33-a44a-06796944b8d5"},{"properties":{"displayName":"Custom
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/106ccbe4-a791-4f33-a44a-06796944b8d5","type":"Microsoft.Authorization/policyDefinitions","name":"106ccbe4-a791-4f33-a44a-06796944b8d5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1554 - Vulnerability Scanning | Discoverable Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1554"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/10984b4e-c93e-48d7-bf20-9c03b04e9eca","type":"Microsoft.Authorization/policyDefinitions","name":"10984b4e-c93e-48d7-bf20-9c03b04e9eca"},{"properties":{"displayName":"Ensure
+ that ''.Net Framework'' version is the latest, if used as a part of the Function
+ App","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for .Net Framework software either due to security
+ flaws or to include additional functionality. Using the latest .Net framework
+ version for web apps is recommended in order to to take advantage of security
+ fixes, if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.netFrameworkVersion","in":["v3.0","v4.0"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/10c1859c-e1a7-4df3-ab97-a487fa8059f6","type":"Microsoft.Authorization/policyDefinitions","name":"10c1859c-e1a7-4df3-ab97-a487fa8059f6"},{"properties":{"displayName":"Custom
subscription owner roles should not exist","policyType":"BuiltIn","mode":"All","description":"This
policy ensures that no custom subscription owner roles exist.","metadata":{"category":"General"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Authorization/roleDefinitions"},{"field":"Microsoft.Authorization/roleDefinitions/type","equals":"CustomRole"},{"anyOf":[{"not":{"field":"Microsoft.Authorization/roleDefinitions/permissions[*].actions[*]","notEquals":"*"}},{"not":{"field":"Microsoft.Authorization/roleDefinitions/permissions.actions[*]","notEquals":"*"}}]},{"not":{"field":"Microsoft.Authorization/roleDefinitions/assignableScopes[*]","notIn":["[concat(subscription().id,''/'')]","[subscription().id]","/"]}},{"not":{"field":"Microsoft.Authorization/roleDefinitions/assignableScopes[*]","notLike":"/providers/Microsoft.Management/*"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","type":"Microsoft.Authorization/policyDefinitions","name":"10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Authorization/roleDefinitions"},{"field":"Microsoft.Authorization/roleDefinitions/type","equals":"CustomRole"},{"anyOf":[{"not":{"field":"Microsoft.Authorization/roleDefinitions/permissions[*].actions[*]","notEquals":"*"}},{"not":{"field":"Microsoft.Authorization/roleDefinitions/permissions.actions[*]","notEquals":"*"}}]},{"not":{"field":"Microsoft.Authorization/roleDefinitions/assignableScopes[*]","notIn":["[concat(subscription().id,''/'')]","[subscription().id]","/"]}},{"not":{"field":"Microsoft.Authorization/roleDefinitions/assignableScopes[*]","notLike":"/providers/Microsoft.Management/*"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","type":"Microsoft.Authorization/policyDefinitions","name":"10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1230 - Configuration Management Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1230"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11158848-f679-4e9b-aa7b-9fb07d945071","type":"Microsoft.Authorization/policyDefinitions","name":"11158848-f679-4e9b-aa7b-9fb07d945071"},{"properties":{"displayName":"Microsoft
+ Managed Control 1432 - Media Storage","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1432"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1140e542-b80d-4048-af45-3f7245be274b","type":"Microsoft.Authorization/policyDefinitions","name":"1140e542-b80d-4048-af45-3f7245be274b"},{"properties":{"displayName":"[Preview]:
Audit Dependency Agent Deployment - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports
VMs as non-compliant if the VM Image (OS) is not in the list defined and the
agent is not installed. The list of OS images will be updated over time as
@@ -455,7 +728,16 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","type":"Microsoft.Authorization/policyDefinitions","name":"11ac78e3-31bc-4f0c-8434-37ab963cea07"},{"properties":{"displayName":"[Preview]:
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","type":"Microsoft.Authorization/policyDefinitions","name":"11ac78e3-31bc-4f0c-8434-37ab963cea07"},{"properties":{"displayName":"Microsoft
+ Managed Control 1655 - Voice Over Internet Protocol","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1655"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/121eab72-390e-4629-a7e2-6d6184f57c6b","type":"Microsoft.Authorization/policyDefinitions","name":"121eab72-390e-4629-a7e2-6d6184f57c6b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1681 - Malicious Code Protection | Automatic Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1681"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12623e7e-4736-4b2e-b776-c1600f35f93a","type":"Microsoft.Authorization/policyDefinitions","name":"12623e7e-4736-4b2e-b776-c1600f35f93a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1240 - User-Installed Software","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1240"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/129eb39f-d79a-4503-84cd-92f036b5e429","type":"Microsoft.Authorization/policyDefinitions","name":"129eb39f-d79a-4503-84cd-92f036b5e429"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- System objects''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -466,7 +748,10 @@ interactions:
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsSystemobjects","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsSystemobjects"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12ae2d24-3805-4b37-9fa9-465968bfbcfa","type":"Microsoft.Authorization/policyDefinitions","name":"12ae2d24-3805-4b37-9fa9-465968bfbcfa"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12ae2d24-3805-4b37-9fa9-465968bfbcfa","type":"Microsoft.Authorization/policyDefinitions","name":"12ae2d24-3805-4b37-9fa9-465968bfbcfa"},{"properties":{"displayName":"Microsoft
+ Managed Control 1666 - System And Information Integrity Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1666"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12e30ee3-61e6-4509-8302-a871e8ebb91e","type":"Microsoft.Authorization/policyDefinitions","name":"12e30ee3-61e6-4509-8302-a871e8ebb91e"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that do not have the specified applications
installed","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Windows virtual machines
@@ -486,7 +771,26 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]bwhitelistedapp;Name","value":"[parameters(''installedApplication'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6","type":"Microsoft.Authorization/policyDefinitions","name":"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6","type":"Microsoft.Authorization/policyDefinitions","name":"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1347 - Identification And Authentication (Non-Org. Users)
+ | Acceptance Of PIV Creds. From Other Agys.","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1347"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/131a2706-61e9-4916-a164-00e052056462","type":"Microsoft.Authorization/policyDefinitions","name":"131a2706-61e9-4916-a164-00e052056462"},{"properties":{"displayName":"Microsoft
+ Managed Control 1450 - Physical Access Authorizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1450"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/134d7a13-ba3e-41e2-b236-91bfcfa24e01","type":"Microsoft.Authorization/policyDefinitions","name":"134d7a13-ba3e-41e2-b236-91bfcfa24e01"},{"properties":{"displayName":"Microsoft
+ Managed Control 1184 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1184"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/13579d0e-0ab0-4b26-b0fb-d586f6d7ed20","type":"Microsoft.Authorization/policyDefinitions","name":"13579d0e-0ab0-4b26-b0fb-d586f6d7ed20"},{"properties":{"displayName":"Microsoft
+ Managed Control 1085 - Publicly Accessible Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1085"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/13d117e0-38b0-4bbb-aaab-563be5dd10ba","type":"Microsoft.Authorization/policyDefinitions","name":"13d117e0-38b0-4bbb-aaab-563be5dd10ba"},{"properties":{"displayName":"Microsoft
+ Managed Control 1404 - Maintenance Tools","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1404"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/13d8f903-0cd6-449f-a172-50f6579c182b","type":"Microsoft.Authorization/policyDefinitions","name":"13d8f903-0cd6-449f-a172-50f6579c182b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1695 - Information System Monitoring | Wireless Intrusion
+ Detection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1695"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/13fcf812-ec82-4eda-9b89-498de9efd620","type":"Microsoft.Authorization/policyDefinitions","name":"13fcf812-ec82-4eda-9b89-498de9efd620"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs in which the Administrators group contains
any of the specified members","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -506,7 +810,15 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToExclude","value":"[parameters(''MembersToExclude'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","type":"Microsoft.Authorization/policyDefinitions","name":"144f1397-32f9-4598-8c88-118decc3ccba"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","type":"Microsoft.Authorization/policyDefinitions","name":"144f1397-32f9-4598-8c88-118decc3ccba"},{"properties":{"displayName":"Microsoft
+ Managed Control 1157 - Plan Of Action And Milestones","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1157"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/15495367-cf68-464c-bbc3-f53ca5227b7a","type":"Microsoft.Authorization/policyDefinitions","name":"15495367-cf68-464c-bbc3-f53ca5227b7a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1491 - Security Planning Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1491"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1571dd40-dafc-4ef4-8f55-16eba27efc7b","type":"Microsoft.Authorization/policyDefinitions","name":"1571dd40-dafc-4ef4-8f55-16eba27efc7b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1564 - System Development Life Cycle","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1564"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/157f0ef9-143f-496d-b8f9-f8c8eeaad801","type":"Microsoft.Authorization/policyDefinitions","name":"157f0ef9-143f-496d-b8f9-f8c8eeaad801"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not have a minimum password
age of 1 day","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -514,24 +826,70 @@ interactions:
managed identity and deploys the VM extension for Guest Configuration. This
policy should only be used along with its corresponding audit policy in an
initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","type":"Microsoft.Authorization/policyDefinitions","name":"16390df4-2f73-4b42-af13-c801066763df"},{"properties":{"displayName":"Show
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","type":"Microsoft.Authorization/policyDefinitions","name":"16390df4-2f73-4b42-af13-c801066763df"},{"properties":{"displayName":"Microsoft
+ Managed Control 1662 - Fail In Known State","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1662"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/165cb91f-7ea8-4ab7-beaf-8636b98c9d15","type":"Microsoft.Authorization/policyDefinitions","name":"165cb91f-7ea8-4ab7-beaf-8636b98c9d15"},{"properties":{"displayName":"Microsoft
+ Managed Control 1684 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1684"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16bfdb59-db38-47a5-88a9-2e9371a638cf","type":"Microsoft.Authorization/policyDefinitions","name":"16bfdb59-db38-47a5-88a9-2e9371a638cf"},{"properties":{"displayName":"Show
audit results from Windows VMs that do not have the specified Windows PowerShell
modules installed","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that do not have the specified Windows PowerShell
modules installed. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellModules","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16f9b37c-4408-4c30-bc17-254958f2e2d6","type":"Microsoft.Authorization/policyDefinitions","name":"16f9b37c-4408-4c30-bc17-254958f2e2d6"},{"properties":{"displayName":"Transparent
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellModules","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16f9b37c-4408-4c30-bc17-254958f2e2d6","type":"Microsoft.Authorization/policyDefinitions","name":"16f9b37c-4408-4c30-bc17-254958f2e2d6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1103 - Audit Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1103"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16feeb31-6377-437e-bbab-d7f73911896d","type":"Microsoft.Authorization/policyDefinitions","name":"16feeb31-6377-437e-bbab-d7f73911896d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1007 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1007"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17200329-bf6c-46d8-ac6d-abf4641c2add","type":"Microsoft.Authorization/policyDefinitions","name":"17200329-bf6c-46d8-ac6d-abf4641c2add"},{"properties":{"displayName":"Microsoft
+ Managed Control 1349 - Identification And Authentication (Non-Org. Users)
+ | Use Of FICAM-Approved Products","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1349"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17641f70-94cd-4a5d-a613-3d1143e20e34","type":"Microsoft.Authorization/policyDefinitions","name":"17641f70-94cd-4a5d-a613-3d1143e20e34"},{"properties":{"displayName":"Deploy
+ associations for a managed application","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ an association resource that associates selected resource types to the specified
+ managed application. This policy deployment does not support nested resource
+ types.","metadata":{"category":"Managed Application"},"parameters":{"targetManagedApplicationId":{"type":"String","metadata":{"displayName":"Managed
+ application Id","description":"Resource ID of the managed application to which
+ resources need to be associated."}},"resourceTypesToAssociate":{"type":"Array","metadata":{"displayName":"Resource
+ types to associate","description":"The list of resource types to be associated
+ to the managed application.","strongType":"resourceTypes"}},"associationNamePrefix":{"type":"String","metadata":{"displayName":"Association
+ name prefix","description":"Prefix to be added to the name of the association
+ resource being created."},"defaultValue":"DeployedByPolicy"}},"policyRule":{"if":{"field":"type","in":"[parameters(''resourceTypesToAssociate'')]"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.CustomProviders/Associations","name":"[concat(parameters(''associationNamePrefix''),
+ ''-'', uniqueString(parameters(''targetManagedApplicationId'')))]","roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"associatedResourceName":{"type":"string"},"resourceTypesToAssociate":{"type":"string"},"targetManagedApplicationId":{"type":"string"},"associationNamePrefix":{"type":"string"}},"variables":{"resourceType":"[concat(parameters(''resourceTypesToAssociate''),
+ ''/providers/associations'')]","resourceName":"[concat(parameters(''associatedResourceName''),
+ ''/microsoft.customproviders/'', parameters(''associationNamePrefix''), ''-'',
+ uniqueString(parameters(''targetManagedApplicationId'')))]"},"resources":[{"type":"Microsoft.Resources/deployments","apiVersion":"2017-05-10","name":"[concat(deployment().Name,
+ ''-2'')]","properties":{"mode":"Incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[{"type":"[variables(''resourceType'')]","name":"[variables(''resourceName'')]","apiVersion":"2018-09-01-preview","properties":{"targetResourceId":"[parameters(''targetManagedApplicationId'')]"}}]}}}]},"parameters":{"resourceTypesToAssociate":{"value":"[field(''type'')]"},"associatedResourceName":{"value":"[field(''name'')]"},"targetManagedApplicationId":{"value":"[parameters(''targetManagedApplicationId'')]"},"associationNamePrefix":{"value":"[parameters(''associationNamePrefix'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17763ad9-70c0-4794-9397-53d765932634","type":"Microsoft.Authorization/policyDefinitions","name":"17763ad9-70c0-4794-9397-53d765932634"},{"properties":{"displayName":"Transparent
Data Encryption on SQL databases should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
transparent data encryption status for SQL databases","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"enabled"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"17k78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"Azure
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"enabled"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"17k78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"Microsoft
+ Managed Control 1325 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1325"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1845796a-7581-49b2-ae20-443121538e19","type":"Microsoft.Authorization/policyDefinitions","name":"1845796a-7581-49b2-ae20-443121538e19"},{"properties":{"displayName":"Microsoft
+ Managed Control 1480 - Temperature And Humidity Controls","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1480"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/18a767cc-1947-4338-a240-bc058c81164f","type":"Microsoft.Authorization/policyDefinitions","name":"18a767cc-1947-4338-a240-bc058c81164f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1369 - Incident Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1369"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/18cc35ed-a429-486d-8d59-cb47e87304ed","type":"Microsoft.Authorization/policyDefinitions","name":"18cc35ed-a429-486d-8d59-cb47e87304ed"},{"properties":{"displayName":"Microsoft
+ Managed Control 1269 - Alternate Storage Site | Separation From Primary Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1269"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/19b9439d-865d-4474-b17d-97d2702fdb66","type":"Microsoft.Authorization/policyDefinitions","name":"19b9439d-865d-4474-b17d-97d2702fdb66"},{"properties":{"displayName":"Microsoft
+ Managed Control 1071 - Wireless Access | Restrict Configurations By Users","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1071"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1a437f5b-9ad6-4f28-8861-de404d511ae4","type":"Microsoft.Authorization/policyDefinitions","name":"1a437f5b-9ad6-4f28-8861-de404d511ae4"},{"properties":{"displayName":"Azure
Monitor log profile should collect logs for categories ''write,'' ''delete,''
and ''action''","policyType":"BuiltIn","mode":"All","description":"This policy
ensures that a log profile collects logs for categories ''write,'' ''delete,''
@@ -546,7 +904,16 @@ interactions:
SQL managed instances which do not have recurring vulnerability assessment
scans enabled. Vulnerability assessment can discover, track, and help you
remediate potential database vulnerabilities.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/vulnerabilityAssessments/recurringScans.isEnabled","equals":"True"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","type":"Microsoft.Authorization/policyDefinitions","name":"1b7aa243-30e4-4c9e-bca8-d0d3022b634a"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/vulnerabilityAssessments/recurringScans.isEnabled","equals":"True"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","type":"Microsoft.Authorization/policyDefinitions","name":"1b7aa243-30e4-4c9e-bca8-d0d3022b634a"},{"properties":{"displayName":"Ensure
+ that ''PHP version'' is the latest, if used as a part of the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for PHP software either due to security flaws
+ or to include additional functionality. Using the latest PHP version for API
+ apps is recommended in order to to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ PHP version","description":"Latest supported PHP version for App Services"},"defaultValue":"7.3"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PHP"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PHP|'',
+ parameters(''PHPLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":"[parameters(''PHPLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","type":"Microsoft.Authorization/policyDefinitions","name":"1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba"},{"properties":{"displayName":"[Preview]:
Deploy Dependency Agent for Windows VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined
and the agent is not installed. The list of OS images will be updated over
@@ -554,19 +921,42 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentWindows","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''),
''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","type":"Microsoft.Authorization/policyDefinitions","name":"1c210e94-a481-4beb-95fa-1571b434fb04"},{"properties":{"displayName":"Virtual
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","type":"Microsoft.Authorization/policyDefinitions","name":"1c210e94-a481-4beb-95fa-1571b434fb04"},{"properties":{"displayName":"Microsoft
+ Managed Control 1072 - Wireless Access | Antennas / Transmission Power Levels","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1072"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1ca29e41-34ec-4e70-aba9-6248aca18c31","type":"Microsoft.Authorization/policyDefinitions","name":"1ca29e41-34ec-4e70-aba9-6248aca18c31"},{"properties":{"displayName":"Microsoft
+ Managed Control 1656 - Secure Name / Address Resolution Service (Authoritative
+ Source)","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1656"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1cb067d5-c8b5-4113-a7ee-0a493633924b","type":"Microsoft.Authorization/policyDefinitions","name":"1cb067d5-c8b5-4113-a7ee-0a493633924b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1592 - External Information System Services | Consistent Interests
+ Of Consumers And Providers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1592"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d01ba6c-289f-42fd-a408-494b355b6222","type":"Microsoft.Authorization/policyDefinitions","name":"1d01ba6c-289f-42fd-a408-494b355b6222"},{"properties":{"displayName":"Microsoft
+ Managed Control 1088 - Security Awareness And Training Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1088"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d50f99d-1356-49c0-934a-45f742ba7783","type":"Microsoft.Authorization/policyDefinitions","name":"1d50f99d-1356-49c0-934a-45f742ba7783"},{"properties":{"displayName":"Microsoft
+ Managed Control 1538 - Security Categorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1538"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d7658b2-e827-49c3-a2ae-6d2bd0b45874","type":"Microsoft.Authorization/policyDefinitions","name":"1d7658b2-e827-49c3-a2ae-6d2bd0b45874"},{"properties":{"displayName":"Virtual
machines should be migrated to new Azure Resource Manager resources","policyType":"BuiltIn","mode":"All","description":"Use
new Azure Resource Manager for your virtual machines to provide security enhancements
such as: stronger access control (RBAC), better auditing, ARM-based deployment
and governance, access to managed identities, access to key vault for secrets,
Azure AD-based authentication and support for tags and resource groups for
easier security management","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.ClassicCompute/virtualMachines","Microsoft.Compute/virtualMachines"]},{"value":"[field(''type'')]","equals":"Microsoft.ClassicCompute/virtualMachines"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","type":"Microsoft.Authorization/policyDefinitions","name":"1d84d5fb-01f6-4d12-ba4f-4a26081d403d"},{"properties":{"displayName":"[Deprecated]:
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.ClassicCompute/virtualMachines","Microsoft.Compute/virtualMachines"]},{"value":"[field(''type'')]","equals":"Microsoft.ClassicCompute/virtualMachines"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","type":"Microsoft.Authorization/policyDefinitions","name":"1d84d5fb-01f6-4d12-ba4f-4a26081d403d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1298 - Identification And Authentication Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1298"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1dc784b5-4895-4d27-9d40-a06b032bd1ee","type":"Microsoft.Authorization/policyDefinitions","name":"1dc784b5-4895-4d27-9d40-a06b032bd1ee"},{"properties":{"displayName":"[Deprecated]:
Audit API Applications that are not using latest supported .NET Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported .NET Framework version for the latest security classes.
Using older classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestDotNet","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb","type":"Microsoft.Authorization/policyDefinitions","name":"1de7b11d-1870-41a5-8181-507e7c663cfb"},{"properties":{"displayName":"Require
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestDotNet","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb","type":"Microsoft.Authorization/policyDefinitions","name":"1de7b11d-1870-41a5-8181-507e7c663cfb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1595 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1595"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1e0414e7-6ef5-4182-8076-aa82fbb53341","type":"Microsoft.Authorization/policyDefinitions","name":"1e0414e7-6ef5-4182-8076-aa82fbb53341"},{"properties":{"displayName":"Require
tag and its value","policyType":"BuiltIn","mode":"Indexed","description":"Enforces
a required tag and its value. Does not apply to resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
@@ -577,7 +967,22 @@ interactions:
to enable Azure AD authentication. Azure AD authentication enables simplified
permission management and centralized identity management of database users
and other Microsoft services","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/administrators"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","type":"Microsoft.Authorization/policyDefinitions","name":"1f314764-cb73-4fc9-b863-8eca98ac36e9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/administrators"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","type":"Microsoft.Authorization/policyDefinitions","name":"1f314764-cb73-4fc9-b863-8eca98ac36e9"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Event Hub to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Event Hub to stream to a regional Log Analytics
+ workspace when any Event Hub which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.EventHub/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ArchiveLogs","enabled":true,"retentionPolicy":{"enabled":false,"days":0}},{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"AutoScaleLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"KafkaCoordinatorLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"EventHubVNetConnectionEvent","enabled":"[parameters(''logsEnabled'')]"},{"category":"CustomerManagedKeyUserLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579","type":"Microsoft.Authorization/policyDefinitions","name":"1f6e93e8-6b31-41b1-83f6-36e449a42579"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Shutdown''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -602,24 +1007,47 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Shutdown:
Allow system to be shut down without having to log on;ExpectedValue","value":"[parameters(''ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn'')]"},{"name":"Shutdown:
Clear virtual memory pagefile;ExpectedValue","value":"[parameters(''ShutdownClearVirtualMemoryPagefile'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f8c20ce-3414-4496-8b26-0e902a1541da","type":"Microsoft.Authorization/policyDefinitions","name":"1f8c20ce-3414-4496-8b26-0e902a1541da"},{"properties":{"displayName":"The
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f8c20ce-3414-4496-8b26-0e902a1541da","type":"Microsoft.Authorization/policyDefinitions","name":"1f8c20ce-3414-4496-8b26-0e902a1541da"},{"properties":{"displayName":"Microsoft
+ Managed Control 1616 - System And Communications Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1616"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2006457a-48b3-4f7b-8d2e-1532287f9929","type":"Microsoft.Authorization/policyDefinitions","name":"2006457a-48b3-4f7b-8d2e-1532287f9929"},{"properties":{"displayName":"Microsoft
+ Managed Control 1650 - Public Key Infrastructure Certificates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1650"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/201d3740-bd16-4baf-b4b8-7cda352228b7","type":"Microsoft.Authorization/policyDefinitions","name":"201d3740-bd16-4baf-b4b8-7cda352228b7"},{"properties":{"displayName":"The
NSGs rules for web applications on IaaS should be hardened","policyType":"BuiltIn","mode":"All","description":"Azure
security center has discovered that some of your virtual machines are running
web applications, and the NSGs associated to these virtual machines are overly
permissive with regards to the web application ports","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedWebApplication","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","type":"Microsoft.Authorization/policyDefinitions","name":"201ea587-7c90-41c3-910f-c280ae01cfd6"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedWebApplication","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","type":"Microsoft.Authorization/policyDefinitions","name":"201ea587-7c90-41c3-910f-c280ae01cfd6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1181 - Baseline Configuration | Retention Of Previous Configurations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1181"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21839937-d241-4fa5-95c6-b669253d9ab9","type":"Microsoft.Authorization/policyDefinitions","name":"21839937-d241-4fa5-95c6-b669253d9ab9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1111 - Response To Audit Processing Failures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1111"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21de687c-f15e-4e51-bf8d-f35c8619965b","type":"Microsoft.Authorization/policyDefinitions","name":"21de687c-f15e-4e51-bf8d-f35c8619965b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1596 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1596"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21e25e01-0ae0-41be-919e-04ce92b8e8b8","type":"Microsoft.Authorization/policyDefinitions","name":"21e25e01-0ae0-41be-919e-04ce92b8e8b8"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Audit''","policyType":"BuiltIn","mode":"All","description":"This policy should
only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Security
Options - Audit''. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAudit","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21e2995e-683e-497a-9e81-2f42ad07050a","type":"Microsoft.Authorization/policyDefinitions","name":"21e2995e-683e-497a-9e81-2f42ad07050a"},{"properties":{"displayName":"[Deprecated]:
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAudit","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21e2995e-683e-497a-9e81-2f42ad07050a","type":"Microsoft.Authorization/policyDefinitions","name":"21e2995e-683e-497a-9e81-2f42ad07050a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1426 - Media Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1426"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21f639bc-f42b-46b1-8f40-7a2a389c291a","type":"Microsoft.Authorization/policyDefinitions","name":"21f639bc-f42b-46b1-8f40-7a2a389c291a"},{"properties":{"displayName":"[Deprecated]:
Audit API Apps that are not using custom domains","policyType":"BuiltIn","mode":"All","description":"Use
of custom domains protects a API app from common attacks such as phishing
and other DNS-related attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac","type":"Microsoft.Authorization/policyDefinitions","name":"224da9fe-0d38-4e79-adb3-0a6e2af942ac"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac","type":"Microsoft.Authorization/policyDefinitions","name":"224da9fe-0d38-4e79-adb3-0a6e2af942ac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1399 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1399"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2256e638-eb23-480f-9e15-6cf1af0a76b3","type":"Microsoft.Authorization/policyDefinitions","name":"2256e638-eb23-480f-9e15-6cf1af0a76b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1221 - Least Functionality | Authorized Software / Whitelisting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1221"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22589a07-0007-486a-86ca-95355081ae2a","type":"Microsoft.Authorization/policyDefinitions","name":"22589a07-0007-486a-86ca-95355081ae2a"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Account Management''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -632,7 +1060,9 @@ interactions:
remote management ports are exposing your VM to a high level of risk from
Internet-based attacks. These attacks attempt to brute force credentials to
gain admin access to the machine.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"restrictAccessToManagementPorts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","type":"Microsoft.Authorization/policyDefinitions","name":"22730e10-96f6-4aac-ad84-9383d35b5917"},{"properties":{"displayName":"Only
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"restrictAccessToManagementPorts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","type":"Microsoft.Authorization/policyDefinitions","name":"22730e10-96f6-4aac-ad84-9383d35b5917"},{"properties":{"displayName":"Microsoft
+ Managed Control 1493 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1493"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22b469b3-fccf-42da-aa3b-a28e6fb113ce","type":"Microsoft.Authorization/policyDefinitions","name":"22b469b3-fccf-42da-aa3b-a28e6fb113ce"},{"properties":{"displayName":"Only
secure connections to your Redis Cache should be enabled","policyType":"BuiltIn","mode":"All","description":"Audit
enabling of only connections via SSL to Redis Cache. Use of secure connections
ensures authentication between the server and the service and protects data
@@ -647,37 +1077,99 @@ interactions:
Guest Configuration. This policy should only be used along with its corresponding
audit policy in an initiative. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordLength"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","type":"Microsoft.Authorization/policyDefinitions","name":"23020aa6-1135-4be2-bae2-149982b06eca"},{"properties":{"displayName":"Service
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordLength"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","type":"Microsoft.Authorization/policyDefinitions","name":"23020aa6-1135-4be2-bae2-149982b06eca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1256 - Contingency Plan | Identify Critical Assets","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1256"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/232ab24b-810b-4640-9019-74a7d0d6a980","type":"Microsoft.Authorization/policyDefinitions","name":"232ab24b-810b-4640-9019-74a7d0d6a980"},{"properties":{"displayName":"Service
Bus should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Service Bus not configured to use a virtual network service
endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.ServiceBus/namespaces/virtualNetworkRules","existenceCondition":{"field":"Microsoft.ServiceBus/namespaces/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/235359c5-7c52-4b82-9055-01c75cf9f60e","type":"Microsoft.Authorization/policyDefinitions","name":"235359c5-7c52-4b82-9055-01c75cf9f60e"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.ServiceBus/namespaces/virtualNetworkRules","existenceCondition":{"field":"Microsoft.ServiceBus/namespaces/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/235359c5-7c52-4b82-9055-01c75cf9f60e","type":"Microsoft.Authorization/policyDefinitions","name":"235359c5-7c52-4b82-9055-01c75cf9f60e"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Stream Analytics to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Stream Analytics to stream to a regional Log Analytics
+ workspace when any Stream Analytics which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingjobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.StreamAnalytics/streamingjobs/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Execution","enabled":"[parameters(''logsEnabled'')]"},{"category":"Authoring","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673","type":"Microsoft.Authorization/policyDefinitions","name":"237e0f7e-b0e8-4ec4-ad46-8c12cb66d673"},{"properties":{"displayName":"Microsoft
+ Managed Control 1268 - Alternate Storage Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1268"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/23f6e984-3053-4dfc-ab48-543b764781f5","type":"Microsoft.Authorization/policyDefinitions","name":"23f6e984-3053-4dfc-ab48-543b764781f5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1122 - Audit Review, Analysis, And Reporting | Permitted Actions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1122"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/243ec95e-800c-49d4-ba52-1fdd9f6b8b57","type":"Microsoft.Authorization/policyDefinitions","name":"243ec95e-800c-49d4-ba52-1fdd9f6b8b57"},{"properties":{"displayName":"Microsoft
+ Managed Control 1231 - Configuration Management Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1231"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/244e0c05-cc45-4fe7-bf36-42dcf01f457d","type":"Microsoft.Authorization/policyDefinitions","name":"244e0c05-cc45-4fe7-bf36-42dcf01f457d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1082 - Information Sharing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1082"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/24d480ef-11a0-4b1b-8e70-4e023bf2be23","type":"Microsoft.Authorization/policyDefinitions","name":"24d480ef-11a0-4b1b-8e70-4e023bf2be23"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that do not have a maximum password age
of 70 days","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that do not have a maximum password age of 70 days. For more
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","type":"Microsoft.Authorization/policyDefinitions","name":"24dde96d-f0b1-425e-884f-4a1421e2dcdc"},{"properties":{"displayName":"Endpoint
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","type":"Microsoft.Authorization/policyDefinitions","name":"24dde96d-f0b1-425e-884f-4a1421e2dcdc"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Data Lake Storage Gen1 to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Storage Gen1 to stream to a regional
+ Log Analytics workspace when any Data Lake Storage Gen1 which is missing this
+ diagnostic settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeStore/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/25763a0a-5783-4f14-969e-79d4933eb74b","type":"Microsoft.Authorization/policyDefinitions","name":"25763a0a-5783-4f14-969e-79d4933eb74b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1372 - Incident Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1372"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/25b96717-c912-4c00-9143-4e487f411726","type":"Microsoft.Authorization/policyDefinitions","name":"25b96717-c912-4c00-9143-4e487f411726"},{"properties":{"displayName":"Microsoft
+ Managed Control 1038 - Least Privilege | Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1038"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26692e88-71b7-4a5f-a8ac-9f31dd05bd8e","type":"Microsoft.Authorization/policyDefinitions","name":"26692e88-71b7-4a5f-a8ac-9f31dd05bd8e"},{"properties":{"displayName":"Endpoint
protection solution should be installed on virtual machine scale sets","policyType":"BuiltIn","mode":"Indexed","description":"Audit
the existence and health of an endpoint protection solution on your virtual
machines scale sets, to protect them from threats and vulnerabilities.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EndpointProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","type":"Microsoft.Authorization/policyDefinitions","name":"26a828e1-e88f-464e-bbb3-c134a282b9de"},{"properties":{"displayName":"Metric
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EndpointProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","type":"Microsoft.Authorization/policyDefinitions","name":"26a828e1-e88f-464e-bbb3-c134a282b9de"},{"properties":{"displayName":"Microsoft
+ Managed Control 1649 - Collaborative Computing Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1649"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26d292cc-b0b8-4c29-9337-68abc758bf7b","type":"Microsoft.Authorization/policyDefinitions","name":"26d292cc-b0b8-4c29-9337-68abc758bf7b"},{"properties":{"displayName":"Metric
alert rules should be configured on Batch accounts","policyType":"BuiltIn","mode":"Indexed","description":"Audit
configuration of metric alert rules on Batch account to enable the required
metric","metadata":{"category":"Batch"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"metricName":{"type":"String","metadata":{"displayName":"Metric
name","description":"The metric name that an alert rule must be enabled on"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Batch/batchAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/alertRules","existenceScope":"Subscription","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/alertRules/isEnabled","equals":"true"},{"field":"Microsoft.Insights/alertRules/condition.dataSource.metricName","equals":"[parameters(''metricName'')]"},{"field":"Microsoft.Insights/alertRules/condition.dataSource.resourceUri","equals":"[concat(''/subscriptions/'',
subscription().subscriptionId, ''/resourcegroups/'', resourceGroup().name,
- ''/providers/Microsoft.Batch/batchAccounts/'', field(''name''))]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","type":"Microsoft.Authorization/policyDefinitions","name":"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7"},{"properties":{"displayName":"Deploy
+ ''/providers/Microsoft.Batch/batchAccounts/'', field(''name''))]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","type":"Microsoft.Authorization/policyDefinitions","name":"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1396 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1396"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/276af98f-4ff9-4e69-99fb-c9b2452fb85f","type":"Microsoft.Authorization/policyDefinitions","name":"276af98f-4ff9-4e69-99fb-c9b2452fb85f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1074 - Access Control For Mobile Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1074"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/27a69937-af92-4198-9b86-08d355c7e59a","type":"Microsoft.Authorization/policyDefinitions","name":"27a69937-af92-4198-9b86-08d355c7e59a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1527 - Access Agreements","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1527"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2823de66-332f-4bfd-94a3-3eb036cd3b67","type":"Microsoft.Authorization/policyDefinitions","name":"2823de66-332f-4bfd-94a3-3eb036cd3b67"},{"properties":{"displayName":"Deploy
default Microsoft IaaSAntimalware extension for Windows Server","policyType":"BuiltIn","mode":"Indexed","description":"This
policy deploys a Microsoft IaaSAntimalware extension with a default configuration
when a VM is not configured with the antimalware extension.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk"]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"ExclusionsPaths":{"type":"string","defaultValue":"","metadata":{"description":"Semicolon
@@ -689,7 +1181,25 @@ interactions:
whether scheduled scan setting type is set to Quick or Full (default is Quick)"}},"ScheduledScanSettingsDay":{"type":"string","defaultValue":"7","metadata":{"description":"Day
of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)"}},"ScheduledScanSettingsTime":{"type":"string","defaultValue":"120","metadata":{"description":"When
to perform the scheduled scan, measured in minutes from midnight (0-1440).
- For example: 0 = 12AM, 60 = 1AM, 120 = 2AM."}}},"resources":[{"name":"[concat(parameters(''vmName''),''/IaaSAntimalware'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2017-12-01","properties":{"publisher":"Microsoft.Azure.Security","type":"IaaSAntimalware","typeHandlerVersion":"1.3","autoUpgradeMinorVersion":true,"settings":{"AntimalwareEnabled":true,"RealtimeProtectionEnabled":"[parameters(''RealtimeProtectionEnabled'')]","ScheduledScanSettings":{"isEnabled":"[parameters(''ScheduledScanSettingsIsEnabled'')]","day":"[parameters(''ScheduledScanSettingsDay'')]","time":"[parameters(''ScheduledScanSettingsTime'')]","scanType":"[parameters(''ScheduledScanSettingsScanType'')]"},"Exclusions":{"Extensions":"[parameters(''ExclusionsExtensions'')]","Paths":"[parameters(''ExclusionsPaths'')]","Processes":"[parameters(''ExclusionsProcesses'')]"}}}}]},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"RealtimeProtectionEnabled":{"value":"true"},"ScheduledScanSettingsIsEnabled":{"value":"true"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc","type":"Microsoft.Authorization/policyDefinitions","name":"2835b622-407b-4114-9198-6f7064cbe0dc"},{"properties":{"displayName":"[Preview]:
+ For example: 0 = 12AM, 60 = 1AM, 120 = 2AM."}}},"resources":[{"name":"[concat(parameters(''vmName''),''/IaaSAntimalware'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2017-12-01","properties":{"publisher":"Microsoft.Azure.Security","type":"IaaSAntimalware","typeHandlerVersion":"1.3","autoUpgradeMinorVersion":true,"settings":{"AntimalwareEnabled":true,"RealtimeProtectionEnabled":"[parameters(''RealtimeProtectionEnabled'')]","ScheduledScanSettings":{"isEnabled":"[parameters(''ScheduledScanSettingsIsEnabled'')]","day":"[parameters(''ScheduledScanSettingsDay'')]","time":"[parameters(''ScheduledScanSettingsTime'')]","scanType":"[parameters(''ScheduledScanSettingsScanType'')]"},"Exclusions":{"Extensions":"[parameters(''ExclusionsExtensions'')]","Paths":"[parameters(''ExclusionsPaths'')]","Processes":"[parameters(''ExclusionsProcesses'')]"}}}}]},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"RealtimeProtectionEnabled":{"value":"true"},"ScheduledScanSettingsIsEnabled":{"value":"true"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc","type":"Microsoft.Authorization/policyDefinitions","name":"2835b622-407b-4114-9198-6f7064cbe0dc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1342 - Authenticator Management | Hardware Token-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1342"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/283a4e29-69d5-4c94-b99e-29acf003c899","type":"Microsoft.Authorization/policyDefinitions","name":"283a4e29-69d5-4c94-b99e-29acf003c899"},{"properties":{"displayName":"Microsoft
+ Managed Control 1436 - Media Transport","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1436"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/28aab8b4-74fd-4b7c-9080-5a7be525d574","type":"Microsoft.Authorization/policyDefinitions","name":"28aab8b4-74fd-4b7c-9080-5a7be525d574"},{"properties":{"displayName":"Microsoft
+ Managed Control 1224 - Information System Component Inventory | Updates During
+ Installations / Removals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1224"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/28cfa30b-7f72-47ce-ba3b-eed26c8d2c82","type":"Microsoft.Authorization/policyDefinitions","name":"28cfa30b-7f72-47ce-ba3b-eed26c8d2c82"},{"properties":{"displayName":"Microsoft
+ Managed Control 1148 - Security Assessments | Independent Assessors","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1148"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/28e62650-c7c2-4786-bdfa-17edc1673902","type":"Microsoft.Authorization/policyDefinitions","name":"28e62650-c7c2-4786-bdfa-17edc1673902"},{"properties":{"displayName":"Microsoft
+ Managed Control 1418 - Nonlocal Maintenance | Comparable Security / Sanitization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1418"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/28e633fd-284e-4ea7-88b4-02ca157ed713","type":"Microsoft.Authorization/policyDefinitions","name":"28e633fd-284e-4ea7-88b4-02ca157ed713"},{"properties":{"displayName":"Microsoft
+ Managed Control 1634 - Boundary Protection | Prevent Unauthorized Exfiltration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1634"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/292a7c44-37fa-4c68-af7c-9d836955ded2","type":"Microsoft.Authorization/policyDefinitions","name":"292a7c44-37fa-4c68-af7c-9d836955ded2"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
User Account Control''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -707,14 +1217,57 @@ interactions:
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"field":"[concat(''tags['',
parameters(''tagName''), '']'')]","exists":"false"},"then":{"effect":"append","details":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498","type":"Microsoft.Authorization/policyDefinitions","name":"2a0e14a6-b0a6-4fab-991a-187a4f81c498"},{"properties":{"displayName":"Unattached
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498","type":"Microsoft.Authorization/policyDefinitions","name":"2a0e14a6-b0a6-4fab-991a-187a4f81c498"},{"properties":{"displayName":"Microsoft
+ Managed Control 1219 - Least Functionality | Authorized Software / Whitelisting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1219"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2a39ac75-622b-4c88-9a3f-45b7373f7ef7","type":"Microsoft.Authorization/policyDefinitions","name":"2a39ac75-622b-4c88-9a3f-45b7373f7ef7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1274 - Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1274"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2aee175f-cd16-4825-939a-a85349d96210","type":"Microsoft.Authorization/policyDefinitions","name":"2aee175f-cd16-4825-939a-a85349d96210"},{"properties":{"displayName":"Microsoft
+ Managed Control 1603 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1603"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2b909c26-162f-47ce-8e15-0c1f55632eac","type":"Microsoft.Authorization/policyDefinitions","name":"2b909c26-162f-47ce-8e15-0c1f55632eac"},{"properties":{"displayName":"Managed
+ identity should be used in your Web App","policyType":"BuiltIn","mode":"Indexed","description":"Use
+ a managed identity for enhanced authentication security","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332","type":"Microsoft.Authorization/policyDefinitions","name":"2b9ad585-36bc-4615-b300-fd4435808332"},{"properties":{"displayName":"Microsoft
+ Managed Control 1434 - Media Transport","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1434"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c18f06b-a68d-41c3-8863-b8cd3acb5f8f","type":"Microsoft.Authorization/policyDefinitions","name":"2c18f06b-a68d-41c3-8863-b8cd3acb5f8f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1343 - Authenticator Management | Expiration Of Cached Authenticators","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1343"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c251a55-31eb-4e53-99c6-e9c43c393ac2","type":"Microsoft.Authorization/policyDefinitions","name":"2c251a55-31eb-4e53-99c6-e9c43c393ac2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1388 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1388"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c7c575a-d4c5-4f6f-bd49-dee97a8cba55","type":"Microsoft.Authorization/policyDefinitions","name":"2c7c575a-d4c5-4f6f-bd49-dee97a8cba55"},{"properties":{"displayName":"Microsoft
+ Managed Control 1344 - Authenticator Feedback","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1344"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c895fe7-2d8e-43a2-838c-3a533a5b355e","type":"Microsoft.Authorization/policyDefinitions","name":"2c895fe7-2d8e-43a2-838c-3a533a5b355e"},{"properties":{"displayName":"Unattached
disks should be encrypted","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any unattached disk without encryption enabled.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/disks"},{"field":"Microsoft.Compute/disks/diskState","equals":"Unattached"},{"anyOf":[{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","exists":"false"},{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","type":"Microsoft.Authorization/policyDefinitions","name":"2c89a2e5-7285-40fe-afe0-ae8654b92fb2"},{"properties":{"displayName":"App
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/disks"},{"field":"Microsoft.Compute/disks/diskState","equals":"Unattached"},{"anyOf":[{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","exists":"false"},{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","type":"Microsoft.Authorization/policyDefinitions","name":"2c89a2e5-7285-40fe-afe0-ae8654b92fb2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1593 - External Information System Services | Processing,
+ Storage, And Service Location","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1593"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2cd0a426-b5f5-4fe0-9539-a6043cdbc6fa","type":"Microsoft.Authorization/policyDefinitions","name":"2cd0a426-b5f5-4fe0-9539-a6043cdbc6fa"},{"properties":{"displayName":"Microsoft
+ Managed Control 1546 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1546"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2ce1ea7e-4038-4e53-82f4-63e8859333c1","type":"Microsoft.Authorization/policyDefinitions","name":"2ce1ea7e-4038-4e53-82f4-63e8859333c1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1414 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1414"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2ce63a52-e47b-4ae2-adbb-6e40d967f9e6","type":"Microsoft.Authorization/policyDefinitions","name":"2ce63a52-e47b-4ae2-adbb-6e40d967f9e6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1679 - Malicious Code Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1679"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2cf42a28-193e-41c5-98df-7688e7ef0a88","type":"Microsoft.Authorization/policyDefinitions","name":"2cf42a28-193e-41c5-98df-7688e7ef0a88"},{"properties":{"displayName":"Microsoft
+ Managed Control 1068 - Wireless Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1068"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d045bca-a0fd-452e-9f41-4ec33769717c","type":"Microsoft.Authorization/policyDefinitions","name":"2d045bca-a0fd-452e-9f41-4ec33769717c"},{"properties":{"displayName":"App
Service should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any App Service not configured to use a virtual network service
endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/virtualNetworkConnections","existenceCondition":{"field":"Microsoft.Web/sites/virtualnetworkconnections/vnetResourceId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d21331d-a4c2-4def-a9ad-ee4e1e023beb","type":"Microsoft.Authorization/policyDefinitions","name":"2d21331d-a4c2-4def-a9ad-ee4e1e023beb"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/virtualNetworkConnections","existenceCondition":{"field":"Microsoft.Web/sites/virtualnetworkconnections/vnetResourceId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d21331d-a4c2-4def-a9ad-ee4e1e023beb","type":"Microsoft.Authorization/policyDefinitions","name":"2d21331d-a4c2-4def-a9ad-ee4e1e023beb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1704 - Security Alerts, Advisories, And Directives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1704"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d44b6fa-1134-4ea6-ad4e-9edb68f65429","type":"Microsoft.Authorization/policyDefinitions","name":"2d44b6fa-1134-4ea6-ad4e-9edb68f65429"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that do not store passwords using reversible
encryption","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
@@ -728,7 +1281,35 @@ interactions:
initiative. This definition allows Azure Policy to process the results of
auditing Linux virtual machines that allow remote connections from accounts
without passwords. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","type":"Microsoft.Authorization/policyDefinitions","name":"2d67222d-05fd-4526-a171-2ee132ad9e83"},{"properties":{"displayName":"[Deprecated]:
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","type":"Microsoft.Authorization/policyDefinitions","name":"2d67222d-05fd-4526-a171-2ee132ad9e83"},{"properties":{"displayName":"Microsoft
+ Managed Control 1077 - Use Of External Information Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1077"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2dad3668-797a-412e-a798-07d3849a7a79","type":"Microsoft.Authorization/policyDefinitions","name":"2dad3668-797a-412e-a798-07d3849a7a79"},{"properties":{"displayName":"Microsoft
+ Managed Control 1149 - Security Assessments | Specialized Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1149"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2e1b855b-a013-481a-aeeb-2bcb129fd35d","type":"Microsoft.Authorization/policyDefinitions","name":"2e1b855b-a013-481a-aeeb-2bcb129fd35d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1497 - System Security Plan | Plan / Coordinate With Other
+ Organizational Entities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1497"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2e3c5583-1729-4d36-8771-59c32f090a22","type":"Microsoft.Authorization/policyDefinitions","name":"2e3c5583-1729-4d36-8771-59c32f090a22"},{"properties":{"displayName":"Microsoft
+ Managed Control 1000 - Access Control Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1000"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2ef3cc79-733e-48ed-ab6f-7bf439e9b406","type":"Microsoft.Authorization/policyDefinitions","name":"2ef3cc79-733e-48ed-ab6f-7bf439e9b406"},{"properties":{"displayName":"Microsoft
+ Managed Control 1519 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1519"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2f13915a-324c-4ab8-b45c-2eefeeefb098","type":"Microsoft.Authorization/policyDefinitions","name":"2f13915a-324c-4ab8-b45c-2eefeeefb098"},{"properties":{"displayName":"[Preview]:
+ Network traffic data collection agent should be installed on Windows virtual
+ machines","policyType":"BuiltIn","mode":"Indexed","description":"Security
+ Center uses the Microsoft Monitoring Dependency Agent to collect network traffic
+ data from your Azure virtual machines to enable advanced network protection
+ features such as traffic visualization on the network map, network hardening
+ recommendations and specific network threats.","metadata":{"category":"Monitoring","preview":"true"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable Dependency Agent for Windows VMs monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2f2ee1de-44aa-4762-b6bd-0893fc3f306d","type":"Microsoft.Authorization/policyDefinitions","name":"2f2ee1de-44aa-4762-b6bd-0893fc3f306d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1144 - Security Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1144"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fa15ff1-a693-4ee4-b094-324818dc9a51","type":"Microsoft.Authorization/policyDefinitions","name":"2fa15ff1-a693-4ee4-b094-324818dc9a51"},{"properties":{"displayName":"Microsoft
+ Managed Control 1090 - Security Awareness Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1090"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fb740e5-cbc7-4d10-8686-d1bf826652b1","type":"Microsoft.Authorization/policyDefinitions","name":"2fb740e5-cbc7-4d10-8686-d1bf826652b1"},{"properties":{"displayName":"[Deprecated]:
Web Application should only be accessible over HTTPS","policyType":"BuiltIn","mode":"All","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"Security
@@ -758,7 +1339,14 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[DomainMembership]WindowsDomainMembership;DomainName","value":"[parameters(''DomainName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/315c850a-272d-4502-8935-b79010405970","type":"Microsoft.Authorization/policyDefinitions","name":"315c850a-272d-4502-8935-b79010405970"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/315c850a-272d-4502-8935-b79010405970","type":"Microsoft.Authorization/policyDefinitions","name":"315c850a-272d-4502-8935-b79010405970"},{"properties":{"displayName":"Microsoft
+ Managed Control 1042 - Least Privilege | Auditing Use Of Privileged Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1042"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/319dc4f0-0fed-4ac9-8fc3-7aeddee82c07","type":"Microsoft.Authorization/policyDefinitions","name":"319dc4f0-0fed-4ac9-8fc3-7aeddee82c07"},{"properties":{"displayName":"Microsoft
+ Managed Control 1698 - Information System Monitoring | Individuals Posing
+ Greater Risk","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1698"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/31b752c1-05a9-432a-8fce-c39b56550119","type":"Microsoft.Authorization/policyDefinitions","name":"31b752c1-05a9-432a-8fce-c39b56550119"},{"properties":{"displayName":"[Preview]:
Audit Log Analytics Agent Deployment - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports
VMs as non-compliant if the VM Image (OS) is not in the list defined and the
agent is not installed. The list of OS images will be updated over time as
@@ -766,7 +1354,13 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","type":"Microsoft.Authorization/policyDefinitions","name":"32133ab0-ee4b-4b44-98d6-042180979d50"},{"properties":{"displayName":"Deploy
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","type":"Microsoft.Authorization/policyDefinitions","name":"32133ab0-ee4b-4b44-98d6-042180979d50"},{"properties":{"displayName":"Microsoft
+ Managed Control 1587 - External Information System Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1587"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32820956-9c6d-4376-934c-05cd8525be7c","type":"Microsoft.Authorization/policyDefinitions","name":"32820956-9c6d-4376-934c-05cd8525be7c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1333 - Authenticator Management | Pki-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1333"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3298d6bf-4bc6-4278-a95d-f7ef3ac6e594","type":"Microsoft.Authorization/policyDefinitions","name":"3298d6bf-4bc6-4278-a95d-f7ef3ac6e594"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs on which the specified services are not
installed and ''Running''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -785,35 +1379,59 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsServiceStatus]WindowsServiceStatus1;ServiceName","value":"[parameters(''ServiceName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32b1e4d4-6cd5-47b4-a935-169da8a5c262","type":"Microsoft.Authorization/policyDefinitions","name":"32b1e4d4-6cd5-47b4-a935-169da8a5c262"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32b1e4d4-6cd5-47b4-a935-169da8a5c262","type":"Microsoft.Authorization/policyDefinitions","name":"32b1e4d4-6cd5-47b4-a935-169da8a5c262"},{"properties":{"displayName":"Microsoft
+ Managed Control 1445 - Physical And Environmental Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1445"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32d07d59-2716-4972-b37b-214a67ac4a37","type":"Microsoft.Authorization/policyDefinitions","name":"32d07d59-2716-4972-b37b-214a67ac4a37"},{"properties":{"displayName":"Microsoft
+ Managed Control 1282 - Telecommunications Services | Single Points Of Failure","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1282"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34042a97-ec6d-4263-93d2-8c1c46823b2a","type":"Microsoft.Authorization/policyDefinitions","name":"34042a97-ec6d-4263-93d2-8c1c46823b2a"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Linux VMs that have accounts without passwords","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Linux virtual machines
that have accounts without passwords. It also creates a system-assigned managed
identity and deploys the VM extension for Guest Configuration. This policy
should only be used along with its corresponding audit policy in an initiative.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid232","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid232"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","type":"Microsoft.Authorization/policyDefinitions","name":"3470477a-b35a-49db-aca5-1073d04524fe"},{"properties":{"displayName":"Audit
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid232","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid232"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","type":"Microsoft.Authorization/policyDefinitions","name":"3470477a-b35a-49db-aca5-1073d04524fe"},{"properties":{"displayName":"Microsoft
+ Managed Control 1151 - System Interconnections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1151"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/347e3b69-7fb7-47df-a8ef-71a1a7b44bca","type":"Microsoft.Authorization/policyDefinitions","name":"347e3b69-7fb7-47df-a8ef-71a1a7b44bca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1412 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1412"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3492d949-0dbb-4589-88b3-7b59601cc764","type":"Microsoft.Authorization/policyDefinitions","name":"3492d949-0dbb-4589-88b3-7b59601cc764"},{"properties":{"displayName":"Microsoft
+ Managed Control 1475 - Emergency Lighting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1475"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34a63848-30cf-4081-937e-ce1a1c885501","type":"Microsoft.Authorization/policyDefinitions","name":"34a63848-30cf-4081-937e-ce1a1c885501"},{"properties":{"displayName":"Microsoft
+ Managed Control 1060 - Remote Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1060"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34a987fd-2003-45de-a120-014956581f2b","type":"Microsoft.Authorization/policyDefinitions","name":"34a987fd-2003-45de-a120-014956581f2b"},{"properties":{"displayName":"Audit
unrestricted network access to storage accounts","policyType":"BuiltIn","mode":"Indexed","description":"Audit
unrestricted network access in your storage account firewall settings. Instead,
configure network rules so only applications from allowed networks can access
the storage account. To allow connections from specific internet or on-premise
clients, access can be granted to traffic from specific Azure virtual networks
or to public internet IP address ranges","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.defaultAction","equals":"Allow"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","type":"Microsoft.Authorization/policyDefinitions","name":"34c877ad-507e-4c82-993e-3452a6e0ad3c"},{"properties":{"displayName":"Diagnostic
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.defaultAction","equals":"Allow"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","type":"Microsoft.Authorization/policyDefinitions","name":"34c877ad-507e-4c82-993e-3452a6e0ad3c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1341 - Authenticator Management | Multiple Information System
+ Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1341"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34cb7e92-fe4c-4826-b51e-8cd203fa5d35","type":"Microsoft.Authorization/policyDefinitions","name":"34cb7e92-fe4c-4826-b51e-8cd203fa5d35"},{"properties":{"displayName":"Diagnostic
logs in Logic Apps should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Logic Apps"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","type":"Microsoft.Authorization/policyDefinitions","name":"34f95f76-5386-4de7-b824-0d8478470c9d"},{"properties":{"displayName":"[Preview]:
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","type":"Microsoft.Authorization/policyDefinitions","name":"34f95f76-5386-4de7-b824-0d8478470c9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1210 - Configuration Settings","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1210"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3502c968-c490-4570-8167-1476f955e9b8","type":"Microsoft.Authorization/policyDefinitions","name":"3502c968-c490-4570-8167-1476f955e9b8"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not have a maximum password
age of 70 days","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -821,31 +1439,51 @@ interactions:
managed identity and deploys the VM extension for Guest Configuration. This
policy should only be used along with its corresponding audit policy in an
initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MaximumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MaximumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","type":"Microsoft.Authorization/policyDefinitions","name":"356a906e-05e5-4625-8729-90771e0ee934"},{"properties":{"displayName":"CORS
should not allow every resource to access your API App","policyType":"BuiltIn","mode":"Indexed","description":"Cross-Origin
Resource Sharing (CORS) should not allow all domains to access your API app.
Allow only required domains to interact with your API app.","metadata":{"category":"App
Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","type":"Microsoft.Authorization/policyDefinitions","name":"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac"},{"properties":{"displayName":"Gateway
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","type":"Microsoft.Authorization/policyDefinitions","name":"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1659 - Architecture And Provisioning For Name / Address Resolution
+ Service","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1659"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/35a4102f-a778-4a2e-98c2-971056288df8","type":"Microsoft.Authorization/policyDefinitions","name":"35a4102f-a778-4a2e-98c2-971056288df8"},{"properties":{"displayName":"Gateway
subnets should not be configured with a network security group","policyType":"BuiltIn","mode":"All","description":"This
policy denies if a gateway subnet is configured with a network security group.
Assigning a network security group to a gateway subnet will cause the gateway
- to stop functioning.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},{"field":"name","equals":"GatewaySubnet"},{"field":"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id","exists":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010","type":"Microsoft.Authorization/policyDefinitions","name":"35f9c03a-cc27-418e-9c0c-539ff999d010"},{"properties":{"displayName":"Deploy
+ to stop functioning.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},{"field":"name","equals":"GatewaySubnet"},{"field":"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id","exists":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010","type":"Microsoft.Authorization/policyDefinitions","name":"35f9c03a-cc27-418e-9c0c-539ff999d010"},{"properties":{"displayName":"Microsoft
+ Managed Control 1043 - Least Privilege | Prohibit Non-Privileged Users From
+ Executing Privileged Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1043"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/361a77f6-0f9c-4748-8eec-bc13aaaa2455","type":"Microsoft.Authorization/policyDefinitions","name":"361a77f6-0f9c-4748-8eec-bc13aaaa2455"},{"properties":{"displayName":"Deploy
Advanced Threat Protection on Storage Accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
policy enables Advanced Threat Protection on Storage Accounts.","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Storage/storageAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"storageAccountName":{"type":"string"}},"resources":[{"apiVersion":"2017-08-01-preview","type":"Microsoft.Storage/storageAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''storageAccountName''),
- ''/Microsoft.Security/current'')]","properties":{"isEnabled":true}}]},"parameters":{"storageAccountName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c","type":"Microsoft.Authorization/policyDefinitions","name":"361c2074-3595-4e5d-8cab-4f21dffc835c"},{"properties":{"displayName":"Automation
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Storage/storageAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"storageAccountName":{"type":"string"}},"resources":[{"apiVersion":"2019-01-01","type":"Microsoft.Storage/storageAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''storageAccountName''),
+ ''/Microsoft.Security/current'')]","properties":{"isEnabled":true}}]},"parameters":{"storageAccountName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c","type":"Microsoft.Authorization/policyDefinitions","name":"361c2074-3595-4e5d-8cab-4f21dffc835c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1313 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1313"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36220f5b-79a1-4cdb-8c74-2d2449f9a510","type":"Microsoft.Authorization/policyDefinitions","name":"36220f5b-79a1-4cdb-8c74-2d2449f9a510"},{"properties":{"displayName":"Microsoft
+ Managed Control 1630 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1630"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3643717a-3897-4bfd-8530-c7c96b26b2a0","type":"Microsoft.Authorization/policyDefinitions","name":"3643717a-3897-4bfd-8530-c7c96b26b2a0"},{"properties":{"displayName":"Automation
account variables should be encrypted","policyType":"BuiltIn","mode":"All","description":"It
is important to enable encryption of Automation account variable assets when
storing sensitive data","metadata":{"category":"Automation"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Automation/automationAccounts/variables"},{"field":"Microsoft.Automation/automationAccounts/variables/isEncrypted","notEquals":"true"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","type":"Microsoft.Authorization/policyDefinitions","name":"3657f5a0-770e-44a3-b44e-9431ba1e9735"},{"properties":{"displayName":"Deploy
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Automation/automationAccounts/variables"},{"field":"Microsoft.Automation/automationAccounts/variables/isEncrypted","notEquals":"true"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","type":"Microsoft.Authorization/policyDefinitions","name":"3657f5a0-770e-44a3-b44e-9431ba1e9735"},{"properties":{"displayName":"Microsoft
+ Managed Control 1339 - Authenticator Management | Protection Of Authenticators","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1339"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/367ae386-db7f-4167-b672-984ff86277c0","type":"Microsoft.Authorization/policyDefinitions","name":"367ae386-db7f-4167-b672-984ff86277c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1685 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1685"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36b0ef30-366f-4b1b-8652-a3511df11f53","type":"Microsoft.Authorization/policyDefinitions","name":"36b0ef30-366f-4b1b-8652-a3511df11f53"},{"properties":{"displayName":"Deploy
Threat Detection on SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy ensures that Threat Detection is enabled on SQL Servers.","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/securityAlertPolicies.state","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"serverName":{"type":"string"}},"variables":{},"resources":[{"name":"[concat(parameters(''serverName''),
''/Default'')]","type":"Microsoft.Sql/servers/securityAlertPolicies","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","emailAccountAdmins":true}}]},"parameters":{"serverName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5","type":"Microsoft.Authorization/policyDefinitions","name":"36d49e87-48c4-4f2e-beed-ba4ed02b71f5"},{"properties":{"displayName":"[Preview]:
@@ -894,7 +1532,10 @@ interactions:
clients;ExpectedValue","value":"[parameters(''NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients'')]"},{"name":"Network
security: Minimum session security for NTLM SSP based (including secure RPC)
servers;ExpectedValue","value":"[parameters(''NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36e17963-7202-494a-80c3-f508211c826b","type":"Microsoft.Authorization/policyDefinitions","name":"36e17963-7202-494a-80c3-f508211c826b"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36e17963-7202-494a-80c3-f508211c826b","type":"Microsoft.Authorization/policyDefinitions","name":"36e17963-7202-494a-80c3-f508211c826b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1557 - Vulnerability Scanning | Review Historic Audit Logs","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1557"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36fbe499-f2f2-41b6-880e-52d7ea1d94a5","type":"Microsoft.Authorization/policyDefinitions","name":"36fbe499-f2f2-41b6-880e-52d7ea1d94a5"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Interactive Logon''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -905,33 +1546,86 @@ interactions:
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsInteractiveLogon","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsInteractiveLogon"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3750712b-43d0-478e-9966-d2c26f6141b9","type":"Microsoft.Authorization/policyDefinitions","name":"3750712b-43d0-478e-9966-d2c26f6141b9"},{"properties":{"displayName":"Storage
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3750712b-43d0-478e-9966-d2c26f6141b9","type":"Microsoft.Authorization/policyDefinitions","name":"3750712b-43d0-478e-9966-d2c26f6141b9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1624 - Boundary Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1624"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37d079e3-d6aa-4263-a069-dd7ac6dd9684","type":"Microsoft.Authorization/policyDefinitions","name":"37d079e3-d6aa-4263-a069-dd7ac6dd9684"},{"properties":{"displayName":"Storage
accounts should be migrated to new Azure Resource Manager resources","policyType":"BuiltIn","mode":"All","description":"Use
new Azure Resource Manager for your storage accounts to provide security enhancements
such as: stronger access control (RBAC), better auditing, Azure Resource Manager
based deployment and governance, access to managed identities, access to key
vault for secrets, Azure AD-based authentication and support for tags and
resource groups for easier security management","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.ClassicStorage/storageAccounts","Microsoft.Storage/StorageAccounts"]},{"value":"[field(''type'')]","equals":"Microsoft.ClassicStorage/storageAccounts"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","type":"Microsoft.Authorization/policyDefinitions","name":"37e0d2fe-28a5-43d6-a273-67d37d1f5606"},{"properties":{"displayName":"Diagnostic
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.ClassicStorage/storageAccounts","Microsoft.Storage/StorageAccounts"]},{"value":"[field(''type'')]","equals":"Microsoft.ClassicStorage/storageAccounts"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","type":"Microsoft.Authorization/policyDefinitions","name":"37e0d2fe-28a5-43d6-a273-67d37d1f5606"},{"properties":{"displayName":"Microsoft
+ Managed Control 1335 - Authenticator Management | Pki-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1335"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/382016f3-d4ba-4e15-9716-55077ec4dc2a","type":"Microsoft.Authorization/policyDefinitions","name":"382016f3-d4ba-4e15-9716-55077ec4dc2a"},{"properties":{"displayName":"Diagnostic
logs in IoT Hub should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Internet of Things"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Devices/IotHubs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","type":"Microsoft.Authorization/policyDefinitions","name":"383856f8-de7f-44a2-81fc-e5135b5c2aa4"},{"properties":{"displayName":"Advanced
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Devices/IotHubs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","type":"Microsoft.Authorization/policyDefinitions","name":"383856f8-de7f-44a2-81fc-e5135b5c2aa4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1081 - Information Sharing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1081"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3867f2a9-23bb-4729-851f-c3ad98580caf","type":"Microsoft.Authorization/policyDefinitions","name":"3867f2a9-23bb-4729-851f-c3ad98580caf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1522 - Personnel Transfer","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1522"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/38b470cc-f939-4a15-80e0-9f0c74f2e2c9","type":"Microsoft.Authorization/policyDefinitions","name":"38b470cc-f939-4a15-80e0-9f0c74f2e2c9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1416 - Nonlocal Maintenance | Document Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1416"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/38dfd8a3-5290-4099-88b7-4081f4c4d8ae","type":"Microsoft.Authorization/policyDefinitions","name":"38dfd8a3-5290-4099-88b7-4081f4c4d8ae"},{"properties":{"displayName":"Microsoft
+ Managed Control 1397 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1397"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/391af4ab-1117-46b9-b2c7-78bbd5cd995b","type":"Microsoft.Authorization/policyDefinitions","name":"391af4ab-1117-46b9-b2c7-78bbd5cd995b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1556 - Vulnerability Scanning | Automated Trend Analyses","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1556"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/391ff8b3-afed-405e-9f7d-ef2f8168d5da","type":"Microsoft.Authorization/policyDefinitions","name":"391ff8b3-afed-405e-9f7d-ef2f8168d5da"},{"properties":{"displayName":"Advanced
data security settings for SQL managed instance should contain an email address
to receive security alerts","policyType":"BuiltIn","mode":"Indexed","description":"Ensure
that an email address is provided for the ''Send alerts to'' field in the
Advanced Data Security server settings. This email address receives alert
notifications when anomalous activities are detected on SQL managed instances.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","notEquals":""},{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","type":"Microsoft.Authorization/policyDefinitions","name":"3965c43d-b5f4-482e-b74a-d89ee0e0b3a8"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","notEquals":""},{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","type":"Microsoft.Authorization/policyDefinitions","name":"3965c43d-b5f4-482e-b74a-d89ee0e0b3a8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1232 - Configuration Management Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1232"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/396ba986-eac1-4d6d-85c4-d3fda6b78272","type":"Microsoft.Authorization/policyDefinitions","name":"396ba986-eac1-4d6d-85c4-d3fda6b78272"},{"properties":{"displayName":"Microsoft
+ Managed Control 1246 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1246"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/398eb61e-8111-40d5-a0c9-003df28f1753","type":"Microsoft.Authorization/policyDefinitions","name":"398eb61e-8111-40d5-a0c9-003df28f1753"},{"properties":{"displayName":"FTPS
+ only should be required in your Function App","policyType":"BuiltIn","mode":"Indexed","description":"Enable
+ FTPS enforcement for enhanced security","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/ftpsState","equals":"FtpsOnly"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15","type":"Microsoft.Authorization/policyDefinitions","name":"399b2637-a50f-4f95-96f8-3a145476eb15"},{"properties":{"displayName":"Microsoft
+ Managed Control 1680 - Malicious Code Protection | Central Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1680"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/399cd6ee-0e18-41db-9dea-cde3bd712f38","type":"Microsoft.Authorization/policyDefinitions","name":"399cd6ee-0e18-41db-9dea-cde3bd712f38"},{"properties":{"displayName":"Microsoft
+ Managed Control 1228 - Information System Component Inventory | Accountability
+ Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1228"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/39c54140-5902-4079-8bb5-ad31936fe764","type":"Microsoft.Authorization/policyDefinitions","name":"39c54140-5902-4079-8bb5-ad31936fe764"},{"properties":{"displayName":"Microsoft
+ Managed Control 1039 - Least Privilege | Review Of User Privileges","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1039"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3a7b9de4-a8a2-4672-914d-c5f6752aa7f9","type":"Microsoft.Authorization/policyDefinitions","name":"3a7b9de4-a8a2-4672-914d-c5f6752aa7f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1648 - Collaborative Computing Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1648"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3a9eb14b-495a-4ebb-933c-ce4ef5264e32","type":"Microsoft.Authorization/policyDefinitions","name":"3a9eb14b-495a-4ebb-933c-ce4ef5264e32"},{"properties":{"displayName":"Microsoft
+ Managed Control 1315 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1315"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3aa87116-f1a1-4edb-bfbf-14e036f8d454","type":"Microsoft.Authorization/policyDefinitions","name":"3aa87116-f1a1-4edb-bfbf-14e036f8d454"},{"properties":{"displayName":"[Preview]:
Pod Security Policies should be defined on Kubernetes Services","policyType":"BuiltIn","mode":"All","description":"Define
Pod Security Policies to reduce the attack vector by removing unnecessary
application privileges. It is recommended to configure Pod Security Policies
to only allow pods to access the resources which they have permissions to
access.","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","exists":"false"},{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94","type":"Microsoft.Authorization/policyDefinitions","name":"3abeb944-26af-43ee-b83d-32aaf060fb94"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","exists":"false"},{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94","type":"Microsoft.Authorization/policyDefinitions","name":"3abeb944-26af-43ee-b83d-32aaf060fb94"},{"properties":{"displayName":"Microsoft
+ Managed Control 1548 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1548"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3afe6c78-6124-4d95-b85c-eb8c0c9539cb","type":"Microsoft.Authorization/policyDefinitions","name":"3afe6c78-6124-4d95-b85c-eb8c0c9539cb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1266 - Contingency Plan Testing | Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1266"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3b4a3eb2-c25d-40bf-ad41-5094b6f59cee","type":"Microsoft.Authorization/policyDefinitions","name":"3b4a3eb2-c25d-40bf-ad41-5094b6f59cee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1003 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1003"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3b68b179-3704-4ff7-b51d-7d65374d165d","type":"Microsoft.Authorization/policyDefinitions","name":"3b68b179-3704-4ff7-b51d-7d65374d165d"},{"properties":{"displayName":"[Preview]:
Deploy Dependency Agent for Windows VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the
list defined and the agent is not installed. The list of OS images will be
@@ -961,7 +1655,32 @@ interactions:
in security configuration on your virtual machine scale sets should be remediated","policyType":"BuiltIn","mode":"Indexed","description":"Audit
the OS vulnerabilities on your virtual machine scale sets to protect them
from attacks.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OsVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","type":"Microsoft.Authorization/policyDefinitions","name":"3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OsVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","type":"Microsoft.Authorization/policyDefinitions","name":"3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1621 - Resource Availability","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1621"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3cb9f731-744a-4691-a481-ca77b0411538","type":"Microsoft.Authorization/policyDefinitions","name":"3cb9f731-744a-4691-a481-ca77b0411538"},{"properties":{"displayName":"Microsoft
+ Managed Control 1521 - Personnel Termination | Automated Notification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1521"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3cbddf9c-a3aa-4330-a0f5-4c0c1f1862e5","type":"Microsoft.Authorization/policyDefinitions","name":"3cbddf9c-a3aa-4330-a0f5-4c0c1f1862e5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1127 - Time Stamps","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1127"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3ce328db-aef3-48ed-9f81-2ab7cf839c66","type":"Microsoft.Authorization/policyDefinitions","name":"3ce328db-aef3-48ed-9f81-2ab7cf839c66"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Search Services to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Search Services to stream to a regional Event
+ Hub when any Search Services which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Search/searchServices/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d5da587-71bd-41f5-ac95-dd3330c2d58d","type":"Microsoft.Authorization/policyDefinitions","name":"3d5da587-71bd-41f5-ac95-dd3330c2d58d"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Devices''","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
@@ -978,22 +1697,43 @@ interactions:
policy assignment''s principal ID.","strongType":"omsWorkspace"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS","16.04-LTS","16.04.0-LTS","14.04.2-LTS","12.04.5-LTS"]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"OmsAgentForLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"resources":[{"name":"[concat(parameters(''vmName''),''/omsPolicy'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2017-12-01","properties":{"publisher":"Microsoft.EnterpriseCloud.Monitoring","type":"OmsAgentForLinux","typeHandlerVersion":"1.4","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
''2015-03-20'').customerId]"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- monitoring for Linux VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38","type":"Microsoft.Authorization/policyDefinitions","name":"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38"},{"properties":{"displayName":"Azure
+ monitoring for Linux VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38","type":"Microsoft.Authorization/policyDefinitions","name":"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38"},{"properties":{"displayName":"Microsoft
+ Managed Control 1385 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1385"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3e495e65-8663-49ca-9b38-9f45e800bc58","type":"Microsoft.Authorization/policyDefinitions","name":"3e495e65-8663-49ca-9b38-9f45e800bc58"},{"properties":{"displayName":"Azure
Monitor solution ''Security and Audit'' must be deployed","policyType":"BuiltIn","mode":"All","description":"This
policy ensures that Security and Audit is deployed.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.OperationsManagement/solutions","existenceCondition":{"allOf":[{"field":"Microsoft.OperationsManagement/solutions/provisioningState","equals":"Succeeded"},{"field":"name","like":"Security(*)"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3e596b57-105f-48a6-be97-03e9243bad6e","type":"Microsoft.Authorization/policyDefinitions","name":"3e596b57-105f-48a6-be97-03e9243bad6e"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.OperationsManagement/solutions","existenceCondition":{"allOf":[{"field":"Microsoft.OperationsManagement/solutions/provisioningState","equals":"Succeeded"},{"field":"name","like":"Security(*)"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3e596b57-105f-48a6-be97-03e9243bad6e","type":"Microsoft.Authorization/policyDefinitions","name":"3e596b57-105f-48a6-be97-03e9243bad6e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1160 - Security Authorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1160"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3e797ca6-2aa8-4333-b335-7036f1110c05","type":"Microsoft.Authorization/policyDefinitions","name":"3e797ca6-2aa8-4333-b335-7036f1110c05"},{"properties":{"displayName":"Microsoft
+ Managed Control 1545 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1545"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3f4b171a-a56b-4328-8112-32cf7f947ee1","type":"Microsoft.Authorization/policyDefinitions","name":"3f4b171a-a56b-4328-8112-32cf7f947ee1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1179 - Baseline Configuration | Reviews And Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1179"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3f9ce557-c8ab-4e6c-bb2c-9b8ed002c46c","type":"Microsoft.Authorization/policyDefinitions","name":"3f9ce557-c8ab-4e6c-bb2c-9b8ed002c46c"},{"properties":{"displayName":"[Deprecated]:
Audit API Applications that are not using latest supported PHP Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported PHP version for the latest security classes. Using older
classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66","type":"Microsoft.Authorization/policyDefinitions","name":"3fe37002-5d00-4b37-a301-da09e3a0ca66"},{"properties":{"displayName":"Secure
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66","type":"Microsoft.Authorization/policyDefinitions","name":"3fe37002-5d00-4b37-a301-da09e3a0ca66"},{"properties":{"displayName":"Microsoft
+ Managed Control 1561 - Allocation Of Resources","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1561"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40364c3f-c331-4e29-b1e3-2fbe998ba2f5","type":"Microsoft.Authorization/policyDefinitions","name":"40364c3f-c331-4e29-b1e3-2fbe998ba2f5"},{"properties":{"displayName":"Secure
transfer to storage accounts should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
requirment of Secure transfer in your storage account. Secure transfer is
an option that forces your storage account to accept requests only from secure
connections (HTTPS). Use of HTTPS ensures authentication between the server
and the service and protects data in transit from network layer attacks such
as man-in-the-middle, eavesdropping, and session-hijacking","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","type":"Microsoft.Authorization/policyDefinitions","name":"404c3081-a854-4457-ae30-26a93ef643f9"},{"properties":{"displayName":"[Preview]:
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","type":"Microsoft.Authorization/policyDefinitions","name":"404c3081-a854-4457-ae30-26a93ef643f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1100 - Audit And Accountability Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1100"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4057863c-ca7d-47eb-b1e0-503580cba8a4","type":"Microsoft.Authorization/policyDefinitions","name":"4057863c-ca7d-47eb-b1e0-503580cba8a4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1637 - Boundary Protection | Fail Secure","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1637"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4075bedc-c62a-4635-bede-a01be89807f3","type":"Microsoft.Authorization/policyDefinitions","name":"4075bedc-c62a-4635-bede-a01be89807f3"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Administrative
Templates - System''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -1023,11 +1763,41 @@ interactions:
Driver Initialization Policy;ExpectedValue","value":"[parameters(''BootStartDriverInitializationPolicy'')]"},{"name":"Enable
Windows NTP Client;ExpectedValue","value":"[parameters(''EnableWindowsNTPClient'')]"},{"name":"Turn
on convenience PIN sign-in;ExpectedValue","value":"[parameters(''TurnOnConveniencePINSignin'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40917425-69db-4018-8dae-2a0556cef899","type":"Microsoft.Authorization/policyDefinitions","name":"40917425-69db-4018-8dae-2a0556cef899"},{"properties":{"displayName":"Azure
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40917425-69db-4018-8dae-2a0556cef899","type":"Microsoft.Authorization/policyDefinitions","name":"40917425-69db-4018-8dae-2a0556cef899"},{"properties":{"displayName":"Microsoft
+ Managed Control 1202 - Access Restrictions For Change","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1202"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40a2a83b-74f2-4c02-ae65-f460a5d2792a","type":"Microsoft.Authorization/policyDefinitions","name":"40a2a83b-74f2-4c02-ae65-f460a5d2792a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1438 - Media Sanitization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1438"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40fcc635-52a2-4dbc-9523-80a1f4aa1de6","type":"Microsoft.Authorization/policyDefinitions","name":"40fcc635-52a2-4dbc-9523-80a1f4aa1de6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1365 - Incident Handling | Continuity Of Operations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1365"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4116891d-72f7-46ee-911c-8056cc8dcbd5","type":"Microsoft.Authorization/policyDefinitions","name":"4116891d-72f7-46ee-911c-8056cc8dcbd5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1022 - Account Management | Shared / Group Account Credential
+ Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1022"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/411f7e2d-9a0b-4627-a0b9-1700432db47d","type":"Microsoft.Authorization/policyDefinitions","name":"411f7e2d-9a0b-4627-a0b9-1700432db47d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1464 - Monitoring Physical Access | Intrusion Alarms / Surveillance
+ Equipment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1464"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/41256567-1795-4684-b00b-a1308ce43cac","type":"Microsoft.Authorization/policyDefinitions","name":"41256567-1795-4684-b00b-a1308ce43cac"},{"properties":{"displayName":"Azure
Monitor should collect activity logs from all regions","policyType":"BuiltIn","mode":"All","description":"This
policy audits the Azure Monitor log profile which does not export activities
from all Azure supported regions including global.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiasoutheast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"brazilsouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francesouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japaneast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japanwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreasouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricanorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricawest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southeastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaenorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uksouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"ukwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"global"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","type":"Microsoft.Authorization/policyDefinitions","name":"41388f1c-2db0-4c25-95b2-35d7f5ccbfa9"},{"properties":{"displayName":"Diagnostic
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiasoutheast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"brazilsouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francesouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japaneast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japanwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreasouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricanorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricawest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southeastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaenorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uksouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"ukwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"global"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","type":"Microsoft.Authorization/policyDefinitions","name":"41388f1c-2db0-4c25-95b2-35d7f5ccbfa9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1263 - Contingency Plan Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1263"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/41472613-3b05-49f6-8fe8-525af113ce17","type":"Microsoft.Authorization/policyDefinitions","name":"41472613-3b05-49f6-8fe8-525af113ce17"},{"properties":{"displayName":"Microsoft
+ Managed Control 1096 - Role-Based Security Training | Practical Exercises","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1096"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/420c1477-aa43-49d0-bd7e-c4abdd9addff","type":"Microsoft.Authorization/policyDefinitions","name":"420c1477-aa43-49d0-bd7e-c4abdd9addff"},{"properties":{"displayName":"Microsoft
+ Managed Control 1260 - Contingency Training | Simulated Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1260"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/42254fc4-2738-4128-9613-72aaa4f0d9c3","type":"Microsoft.Authorization/policyDefinitions","name":"42254fc4-2738-4128-9613-72aaa4f0d9c3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1694 - Information System Monitoring | Analyze Communications
+ Traffic Anomalies","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1694"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/426c4ac9-ff17-49d0-acd7-a13c157081c0","type":"Microsoft.Authorization/policyDefinitions","name":"426c4ac9-ff17-49d0-acd7-a13c157081c0"},{"properties":{"displayName":"Diagnostic
logs in Batch accounts should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
@@ -1051,7 +1821,20 @@ interactions:
Process Termination;ExpectedValue'', ''='', parameters(''AuditProcessTermination'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesDetailedTracking"},"AuditProcessTermination":{"value":"[parameters(''AuditProcessTermination'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AuditProcessTermination":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit
Process Termination;ExpectedValue","value":"[parameters(''AuditProcessTermination'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/42a07bbf-ffcf-459a-b4b1-30ecd118a505","type":"Microsoft.Authorization/policyDefinitions","name":"42a07bbf-ffcf-459a-b4b1-30ecd118a505"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/42a07bbf-ffcf-459a-b4b1-30ecd118a505","type":"Microsoft.Authorization/policyDefinitions","name":"42a07bbf-ffcf-459a-b4b1-30ecd118a505"},{"properties":{"displayName":"Microsoft
+ Managed Control 1174 - Configuration Management Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1174"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/42a9a714-8fbb-43ac-b115-ea12d2bd652f","type":"Microsoft.Authorization/policyDefinitions","name":"42a9a714-8fbb-43ac-b115-ea12d2bd652f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1137 - Audit Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1137"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4344df62-88ab-4637-b97b-bcaf2ec97e7c","type":"Microsoft.Authorization/policyDefinitions","name":"4344df62-88ab-4637-b97b-bcaf2ec97e7c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1367 - Incident Handling | Insider Threats - Specific Capabilities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1367"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/435b2547-6374-4f87-b42d-6e8dbe6ae62a","type":"Microsoft.Authorization/policyDefinitions","name":"435b2547-6374-4f87-b42d-6e8dbe6ae62a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1552 - Vulnerability Scanning | Update By Frequency / Prior
+ To New Scan / When Identified","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1552"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/43684572-e4f1-4642-af35-6b933bc506da","type":"Microsoft.Authorization/policyDefinitions","name":"43684572-e4f1-4642-af35-6b933bc506da"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- System settings''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -1073,13 +1856,56 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"System
settings: Use Certificate Rules on Windows Executables for Software Restriction
Policies;ExpectedValue","value":"[parameters(''SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/437a1f8f-8552-47a8-8b12-a2fee3269dd5","type":"Microsoft.Authorization/policyDefinitions","name":"437a1f8f-8552-47a8-8b12-a2fee3269dd5"},{"properties":{"displayName":"[Deprecated]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/437a1f8f-8552-47a8-8b12-a2fee3269dd5","type":"Microsoft.Authorization/policyDefinitions","name":"437a1f8f-8552-47a8-8b12-a2fee3269dd5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1544 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1544"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/43ced7c9-cd53-456b-b0da-2522649a4271","type":"Microsoft.Authorization/policyDefinitions","name":"43ced7c9-cd53-456b-b0da-2522649a4271"},{"properties":{"displayName":"Microsoft
+ Managed Control 1398 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1398"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/443e8f3d-b51a-45d8-95a7-18b0e42f4dc4","type":"Microsoft.Authorization/policyDefinitions","name":"443e8f3d-b51a-45d8-95a7-18b0e42f4dc4"},{"properties":{"displayName":"[Deprecated]:
Monitor permissive network access in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Network
Security Groups with too permissive rules will be monitored by Azure Security
Center as recommendations","metadata":{"category":"Security Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"permissiveNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed","type":"Microsoft.Authorization/policyDefinitions","name":"44452482-524f-4bf4-b852-0bff7cc4a3ed"},{"properties":{"displayName":"Require
- SQL Server version 12.0","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy ensures all SQL servers use version 12.0","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers"},{"not":{"field":"Microsoft.Sql/servers/version","equals":"12.0"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf","type":"Microsoft.Authorization/policyDefinitions","name":"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"permissiveNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed","type":"Microsoft.Authorization/policyDefinitions","name":"44452482-524f-4bf4-b852-0bff7cc4a3ed"},{"properties":{"displayName":"Microsoft
+ Managed Control 1066 - Remote Access | Disconnect / Disable Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1066"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4455c2e8-c65d-4acf-895e-304916f90b36","type":"Microsoft.Authorization/policyDefinitions","name":"4455c2e8-c65d-4acf-895e-304916f90b36"},{"properties":{"displayName":"Microsoft
+ Managed Control 1720 - Spam Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1720"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44b9a7cd-f36a-491a-a48b-6d04ae7c4221","type":"Microsoft.Authorization/policyDefinitions","name":"44b9a7cd-f36a-491a-a48b-6d04ae7c4221"},{"properties":{"displayName":"Microsoft
+ Managed Control 1334 - Authenticator Management | Pki-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1334"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44bfdadc-8c2e-4c30-9c99-f005986fabcd","type":"Microsoft.Authorization/policyDefinitions","name":"44bfdadc-8c2e-4c30-9c99-f005986fabcd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1604 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1604"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44dbba23-0b61-478e-89c7-b3084667782f","type":"Microsoft.Authorization/policyDefinitions","name":"44dbba23-0b61-478e-89c7-b3084667782f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1712 - Software, Firmware, And Information Integrity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1712"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44e543aa-41db-42aa-98eb-8a5eb1db53f0","type":"Microsoft.Authorization/policyDefinitions","name":"44e543aa-41db-42aa-98eb-8a5eb1db53f0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1310 - Device Identification And Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1310"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/450d7ede-823d-4931-a99d-57f6a38807dc","type":"Microsoft.Authorization/policyDefinitions","name":"450d7ede-823d-4931-a99d-57f6a38807dc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1559 - System And Services Acquisition Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1559"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/45692294-f074-42bd-ac54-16f1a3c07554","type":"Microsoft.Authorization/policyDefinitions","name":"45692294-f074-42bd-ac54-16f1a3c07554"},{"properties":{"displayName":"Microsoft
+ Managed Control 1578 - Acquisition Process | Functions / Ports / Protocols
+ / Services In Use","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1578"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/45b7b644-5f91-498e-9d89-7402532d3645","type":"Microsoft.Authorization/policyDefinitions","name":"45b7b644-5f91-498e-9d89-7402532d3645"},{"properties":{"displayName":"Microsoft
+ Managed Control 1565 - System Development Life Cycle","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1565"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/45ce2396-5c76-4654-9737-f8792ab3d26b","type":"Microsoft.Authorization/policyDefinitions","name":"45ce2396-5c76-4654-9737-f8792ab3d26b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1337 - Authenticator Management | In-Person Or Trusted Third-Party
+ Registration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1337"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/463e5220-3f79-4e24-a63f-343e4096cd22","type":"Microsoft.Authorization/policyDefinitions","name":"463e5220-3f79-4e24-a63f-343e4096cd22"},{"properties":{"displayName":"[Deprecated]:
+ Require SQL Server version 12.0","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy ensures all SQL servers use version 12.0. This policy is deprecated
+ because it is no longer possible to create an Azure SQL server with any version
+ other than 12.0.","metadata":{"category":"SQL","deprecated":"true"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers"},{"not":{"field":"Microsoft.Sql/servers/version","equals":"12.0"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf","type":"Microsoft.Authorization/policyDefinitions","name":"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1346 - Identification And Authentication (Non-Organizational
+ Users)","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1346"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/464dc8ce-2200-4720-87a5-dc5952924cc6","type":"Microsoft.Authorization/policyDefinitions","name":"464dc8ce-2200-4720-87a5-dc5952924cc6"},{"properties":{"displayName":"[Deprecated]:
Audit Web Applications that are not using latest supported Python Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported Python version for the latest security classes. Using
older classes and types can make your application vulnerable.","metadata":{"category":"Security
@@ -1088,7 +1914,14 @@ interactions:
automatic OS image patching on Virtual Machine Scale Sets","policyType":"BuiltIn","mode":"All","description":"This
policy enforces enabling automatic OS image patching on Virtual Machine Scale
Sets to always keep Virtual Machines secure by safely applying latest security
- patches every month.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgradePolicy.enableAutomaticOSUpgrade","notEquals":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade","notEquals":"True"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"465f0161-0087-490a-9ad9-ad6217f4f43a"},{"properties":{"displayName":"Automatic
+ patches every month.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgradePolicy.enableAutomaticOSUpgrade","notEquals":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade","notEquals":"True"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"465f0161-0087-490a-9ad9-ad6217f4f43a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1368 - Incident Handling | Correlation With External Organizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1368"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/465f32da-0ace-4603-8d1b-7be5a3a702de","type":"Microsoft.Authorization/policyDefinitions","name":"465f32da-0ace-4603-8d1b-7be5a3a702de"},{"properties":{"displayName":"Microsoft
+ Managed Control 1062 - Remote Access | Protection Of Confidentiality / Integrity
+ Using Encryption","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1062"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4708723f-e099-4af1-bbf9-b6df7642e444","type":"Microsoft.Authorization/policyDefinitions","name":"4708723f-e099-4af1-bbf9-b6df7642e444"},{"properties":{"displayName":"Automatic
provisioning of the Log Analytics monitoring agent should be enabled on your
subscription","policyType":"BuiltIn","mode":"All","description":"Enable automatic
provisioning of the Log Analytics monitoring agent in order to collect security
@@ -1097,12 +1930,51 @@ interactions:
Application Controls should be enabled on virtual machines","policyType":"BuiltIn","mode":"All","description":"Possible
Application Whitelist configuration will be monitored by Azure Security Center","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"applicationWhitelisting","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","type":"Microsoft.Authorization/policyDefinitions","name":"47a6b606-51aa-4496-8bb7-64b11cf66adc"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"applicationWhitelisting","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","type":"Microsoft.Authorization/policyDefinitions","name":"47a6b606-51aa-4496-8bb7-64b11cf66adc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1359 - Incident Response Testing | Coordination With Related
+ Plans","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Incident Response control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1359"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/47bc7ea0-7d13-4f7c-a154-b903f7194253","type":"Microsoft.Authorization/policyDefinitions","name":"47bc7ea0-7d13-4f7c-a154-b903f7194253"},{"properties":{"displayName":"Microsoft
+ Managed Control 1165 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1165"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/47e10916-6c9e-446b-b0bd-ff5fd439d79d","type":"Microsoft.Authorization/policyDefinitions","name":"47e10916-6c9e-446b-b0bd-ff5fd439d79d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1048 - System Use Notification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1048"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/483e7ca9-82b3-45a2-be97-b93163a0deb7","type":"Microsoft.Authorization/policyDefinitions","name":"483e7ca9-82b3-45a2-be97-b93163a0deb7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1033 - Separation Of Duties","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1033"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48540f01-fc11-411a-b160-42807c68896e","type":"Microsoft.Authorization/policyDefinitions","name":"48540f01-fc11-411a-b160-42807c68896e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1477 - Fire Protection | Detection Devices / Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1477"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4862a63c-6c74-4a9d-a221-89af3c374503","type":"Microsoft.Authorization/policyDefinitions","name":"4862a63c-6c74-4a9d-a221-89af3c374503"},{"properties":{"displayName":"Microsoft
+ Managed Control 1484 - Water Damage Protection | Automation Support","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1484"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/486b006a-3653-45e8-b41c-a052d3e05456","type":"Microsoft.Authorization/policyDefinitions","name":"486b006a-3653-45e8-b41c-a052d3e05456"},{"properties":{"displayName":"[Deprecated]:
Audit IP restrictions configuration for an API App","policyType":"BuiltIn","mode":"All","description":"IP
Restrictions allow you to define a list of IP addresses that are allowed to
access your app. Use of IP Restrictions protects an API app from common attacks.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53","type":"Microsoft.Authorization/policyDefinitions","name":"48893b84-a2c8-4d9a-badf-835d5d1b7d53"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53","type":"Microsoft.Authorization/policyDefinitions","name":"48893b84-a2c8-4d9a-badf-835d5d1b7d53"},{"properties":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for PostgreSQL","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure Database for PostgreSQL with geo-redundant backup
+ not enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},{"field":"Microsoft.DBforPostgreSQL/servers/storageProfile.geoRedundantBackup","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","type":"Microsoft.Authorization/policyDefinitions","name":"48af4db5-9b8b-401c-8e74-076be876a430"},{"properties":{"displayName":"Microsoft
+ Managed Control 1669 - Flaw Remediation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1669"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48f2f62b-5743-4415-a143-288adc0e078d","type":"Microsoft.Authorization/policyDefinitions","name":"48f2f62b-5743-4415-a143-288adc0e078d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1376 - Incident Response Assistance | Coordination With External
+ Providers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1376"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/493a95f3-f2e3-47d0-af02-65e6d6decc2f","type":"Microsoft.Authorization/policyDefinitions","name":"493a95f3-f2e3-47d0-af02-65e6d6decc2f"},{"properties":{"displayName":"Ensure
+ that ''Java version'' is the latest, if used as a part of the Web app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Java software either due to security flaws
+ or to include additional functionality. Using the latest Java version for
+ web apps is recommended in order to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ Java version","description":"Latest supported Java version for App Services"},"defaultValue":"11"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"JAVA"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","like":"[concat(''*'',
+ parameters(''JavaLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.javaVersion","like":"[concat(parameters(''JavaLatestVersion''),
+ ''*'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","type":"Microsoft.Authorization/policyDefinitions","name":"496223c3-ad65-4ecd-878a-bae78737e9ed"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Audit''","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Windows virtual machines
@@ -1118,7 +1990,13 @@ interactions:
''='', parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsAudit"},"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"value":"[parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit:
Shut down system immediately if unable to log security audits;ExpectedValue","value":"[parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/498b810c-59cd-4222-9338-352ba146ccf3","type":"Microsoft.Authorization/policyDefinitions","name":"498b810c-59cd-4222-9338-352ba146ccf3"},{"properties":{"displayName":"Append
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/498b810c-59cd-4222-9338-352ba146ccf3","type":"Microsoft.Authorization/policyDefinitions","name":"498b810c-59cd-4222-9338-352ba146ccf3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1329 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1329"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/498f6234-3e20-4b6a-a880-cbd646d973bd","type":"Microsoft.Authorization/policyDefinitions","name":"498f6234-3e20-4b6a-a880-cbd646d973bd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1638 - Boundary Protection | Dynamic Isolation / Segregation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1638"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49b99653-32cd-405d-a135-e7d60a9aae1f","type":"Microsoft.Authorization/policyDefinitions","name":"49b99653-32cd-405d-a135-e7d60a9aae1f"},{"properties":{"displayName":"Append
tag and its default value to resource groups","policyType":"BuiltIn","mode":"All","description":"Appends
the specified tag and value when any resource group which is missing this
tag is created or updated. Does not modify the tags of resource groups created
@@ -1128,7 +2006,36 @@ interactions:
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"append","details":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71","type":"Microsoft.Authorization/policyDefinitions","name":"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71"},{"properties":{"displayName":"Deploy
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71","type":"Microsoft.Authorization/policyDefinitions","name":"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71"},{"properties":{"displayName":"Microsoft
+ Managed Control 1294 - Information System Backup | Transfer To Alternate Storage
+ Site","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1294"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49dbe627-2c1e-438c-979e-dd7a39bbf81d","type":"Microsoft.Authorization/policyDefinitions","name":"49dbe627-2c1e-438c-979e-dd7a39bbf81d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1218 - Least Functionality | Prevent Program Execution","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1218"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4a1d0394-b9f5-493e-9e83-563fd0ac4df8","type":"Microsoft.Authorization/policyDefinitions","name":"4a1d0394-b9f5-493e-9e83-563fd0ac4df8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1677 - Malicious Code Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1677"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4a248e1e-040f-43e5-bff2-afc3a57a3923","type":"Microsoft.Authorization/policyDefinitions","name":"4a248e1e-040f-43e5-bff2-afc3a57a3923"},{"properties":{"displayName":"Microsoft
+ Managed Control 1094 - Role-Based Security Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1094"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4b1853e0-8973-446b-b567-09d901d31a09","type":"Microsoft.Authorization/policyDefinitions","name":"4b1853e0-8973-446b-b567-09d901d31a09"},{"properties":{"displayName":"Microsoft
+ Managed Control 1114 - Response To Audit Processing Failures | Real-Time Alerts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1114"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4c090801-59bc-4454-bb33-e0455133486a","type":"Microsoft.Authorization/policyDefinitions","name":"4c090801-59bc-4454-bb33-e0455133486a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1364 - Incident Handling | Dynamic Reconfiguration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1364"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4c615c2a-dc83-4dda-8220-abce7b50c9bc","type":"Microsoft.Authorization/policyDefinitions","name":"4c615c2a-dc83-4dda-8220-abce7b50c9bc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1661 - Session Authenticity | Invalidate Session Identifiers
+ At Logout","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1661"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4c643c9a-1be7-4016-a5e7-e4bada052920","type":"Microsoft.Authorization/policyDefinitions","name":"4c643c9a-1be7-4016-a5e7-e4bada052920"},{"properties":{"displayName":"Microsoft
+ Managed Control 1373 - Incident Reporting | Automated Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1373"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4cca950f-c3b7-492a-8e8f-ea39663c14f9","type":"Microsoft.Authorization/policyDefinitions","name":"4cca950f-c3b7-492a-8e8f-ea39663c14f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1632 - Boundary Protection | Prevent Split Tunneling For Remote
+ Devices","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1632"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4ce9073a-77fa-48f0-96b1-87aa8e6091c2","type":"Microsoft.Authorization/policyDefinitions","name":"4ce9073a-77fa-48f0-96b1-87aa8e6091c2"},{"properties":{"displayName":"Deploy
prerequisites to audit Linux VMs that do not have the specified applications
installed","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Linux virtual machines that
@@ -1149,19 +2056,90 @@ interactions:
['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721","type":"Microsoft.Authorization/policyDefinitions","name":"4d1c04de-2172-403f-901b-90608c35c721"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721","type":"Microsoft.Authorization/policyDefinitions","name":"4d1c04de-2172-403f-901b-90608c35c721"},{"properties":{"displayName":"FTPS
+ should be required in your Web App","policyType":"BuiltIn","mode":"Indexed","description":"Enable
+ FTPS enforcement for enhanced security","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/ftpsState","equals":"FtpsOnly"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","type":"Microsoft.Authorization/policyDefinitions","name":"4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1155 - System Interconnections | Restrictions On External
+ System Connections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1155"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d33f9f1-12d0-46ad-9fbd-8f8046694977","type":"Microsoft.Authorization/policyDefinitions","name":"4d33f9f1-12d0-46ad-9fbd-8f8046694977"},{"properties":{"displayName":"Microsoft
+ Managed Control 1156 - Plan Of Action And Milestones","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1156"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d52e864-9a3b-41ee-8f03-520815fe5378","type":"Microsoft.Authorization/policyDefinitions","name":"4d52e864-9a3b-41ee-8f03-520815fe5378"},{"properties":{"displayName":"Microsoft
+ Managed Control 1312 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1312"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d6a5968-9eef-4c18-8534-376790ab7274","type":"Microsoft.Authorization/policyDefinitions","name":"4d6a5968-9eef-4c18-8534-376790ab7274"},{"properties":{"displayName":"[Preview]:
Deploy Dependency Agent for Linux VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined
and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''),
''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee","type":"Microsoft.Authorization/policyDefinitions","name":"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee"},{"properties":{"displayName":"A
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee","type":"Microsoft.Authorization/policyDefinitions","name":"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Data Lake Analytics to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Analytics to stream to a regional Event
+ Hub when any Data Lake Analytics which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeAnalytics/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeAnalytics/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4daddf25-4823-43d4-88eb-2419eb6dcc08","type":"Microsoft.Authorization/policyDefinitions","name":"4daddf25-4823-43d4-88eb-2419eb6dcc08"},{"properties":{"displayName":"Microsoft
+ Managed Control 1394 - System Maintenance Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1394"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4db56f68-3f50-45ab-88f3-ca46f5379a94","type":"Microsoft.Authorization/policyDefinitions","name":"4db56f68-3f50-45ab-88f3-ca46f5379a94"},{"properties":{"displayName":"Microsoft
+ Managed Control 1702 - Information System Monitoring | Indicators Of Compromise","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1702"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4dfc0855-92c4-4641-b155-a55ddd962362","type":"Microsoft.Authorization/policyDefinitions","name":"4dfc0855-92c4-4641-b155-a55ddd962362"},{"properties":{"displayName":"Microsoft
+ Managed Control 1001 - Access Control Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1001"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e26f8c3-4bf3-4191-b8fc-d888805101b7","type":"Microsoft.Authorization/policyDefinitions","name":"4e26f8c3-4bf3-4191-b8fc-d888805101b7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1083 - Publicly Accessible Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1083"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e319cb6-2ca3-4a58-ad75-e67f484e50ec","type":"Microsoft.Authorization/policyDefinitions","name":"4e319cb6-2ca3-4a58-ad75-e67f484e50ec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1579 - Acquisition Process | Use Of Approved Piv Products","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1579"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e54c7ef-7457-430b-9a3e-ef8881d4a8e0","type":"Microsoft.Authorization/policyDefinitions","name":"4e54c7ef-7457-430b-9a3e-ef8881d4a8e0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1247 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1247"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e666db5-b2ef-4b06-aac6-09bfce49151b","type":"Microsoft.Authorization/policyDefinitions","name":"4e666db5-b2ef-4b06-aac6-09bfce49151b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1196 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1196"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e7f4ea4-dd62-44f6-8886-ac6137cf52b0","type":"Microsoft.Authorization/policyDefinitions","name":"4e7f4ea4-dd62-44f6-8886-ac6137cf52b0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1134 - Protection Of Audit Information | Access By Subset
+ Of Privileged Users","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1134"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e95f70e-181c-4422-9da2-43079710c789","type":"Microsoft.Authorization/policyDefinitions","name":"4e95f70e-181c-4422-9da2-43079710c789"},{"properties":{"displayName":"Microsoft
+ Managed Control 1267 - Alternate Storage Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1267"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e97ba1d-be5d-4953-8da4-0cccf28f4805","type":"Microsoft.Authorization/policyDefinitions","name":"4e97ba1d-be5d-4953-8da4-0cccf28f4805"},{"properties":{"displayName":"Microsoft
+ Managed Control 1192 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1192"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4ebd97f7-b105-4f50-8daf-c51465991240","type":"Microsoft.Authorization/policyDefinitions","name":"4ebd97f7-b105-4f50-8daf-c51465991240"},{"properties":{"displayName":"Microsoft
+ Managed Control 1139 - Audit Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1139"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4ed62522-de00-4dda-9810-5205733d2f34","type":"Microsoft.Authorization/policyDefinitions","name":"4ed62522-de00-4dda-9810-5205733d2f34"},{"properties":{"displayName":"A
maximum of 3 owners should be designated for your subscription","policyType":"BuiltIn","mode":"All","description":"It
is recommended to designate up to 3 subscription owners in order to reduce
the potential for breach by a compromised owner.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateLessThanXOwners","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","type":"Microsoft.Authorization/policyDefinitions","name":"4f11b553-d42e-4e3a-89be-32ca364cad4c"},{"properties":{"displayName":"A
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateLessThanXOwners","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","type":"Microsoft.Authorization/policyDefinitions","name":"4f11b553-d42e-4e3a-89be-32ca364cad4c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1442 - Media Sanitization | Nondestructive Techniques","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1442"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f26049b-2c5a-4841-9ff3-d48a26aae475","type":"Microsoft.Authorization/policyDefinitions","name":"4f26049b-2c5a-4841-9ff3-d48a26aae475"},{"properties":{"displayName":"Microsoft
+ Managed Control 1182 - Baseline Configuration | Configure Systems, Components,
+ Or Devices For High-Risk Areas","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1182"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f34f554-da4b-4786-8d66-7915c90893da","type":"Microsoft.Authorization/policyDefinitions","name":"4f34f554-da4b-4786-8d66-7915c90893da"},{"properties":{"displayName":"A
security contact email address should be provided for your subscription","policyType":"BuiltIn","mode":"All","description":"Enter
an email address to receive notifications when Azure Security Center detects
compromised resources","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -1178,7 +2156,17 @@ interactions:
Vulnerability Assessment should be enabled on Virtual Machines","policyType":"BuiltIn","mode":"All","description":"Monitors
vulnerabilities detected by Azure Security Center Vulnerability Assessment
on Virtual Machines","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"serverVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["NotApplicable","OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","type":"Microsoft.Authorization/policyDefinitions","name":"501541f7-f7e7-4cd6-868c-4190fdad3ac9"},{"properties":{"displayName":"A
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"serverVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["NotApplicable","OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","type":"Microsoft.Authorization/policyDefinitions","name":"501541f7-f7e7-4cd6-868c-4190fdad3ac9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1485 - Delivery And Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1485"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50301354-95d0-4a11-8af5-8039ecf6d38b","type":"Microsoft.Authorization/policyDefinitions","name":"50301354-95d0-4a11-8af5-8039ecf6d38b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1646 - Cryptographic Key Establishment And Management | Asymmetric
+ Keys","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1646"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/506814fa-b930-4b10-894e-a45b98c40e1a","type":"Microsoft.Authorization/policyDefinitions","name":"506814fa-b930-4b10-894e-a45b98c40e1a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1566 - System Development Life Cycle","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1566"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50ad3724-e2ac-4716-afcc-d8eabd97adb9","type":"Microsoft.Authorization/policyDefinitions","name":"50ad3724-e2ac-4716-afcc-d8eabd97adb9"},{"properties":{"displayName":"A
custom IPsec/IKE policy must be applied to all Azure virtual network gateway
connections","policyType":"BuiltIn","mode":"All","description":"This policy
ensures that all Azure virtual network gateway connections use a custom Internet
@@ -1190,37 +2178,146 @@ interactions:
Encryption","description":"IKE Encryption"}},"IKEIntegrity":{"type":"Array","metadata":{"displayName":"IKE
Integrity","description":"IKE Integrity"}},"DHGroup":{"type":"Array","metadata":{"displayName":"DH
Group","description":"DH Group"}},"PFSGroup":{"type":"Array","metadata":{"displayName":"PFS
- Group","description":"PFS Group"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/connections"},{"anyOf":[{"field":"Microsoft.Network/connections/ipsecPolicies[*].ipsecEncryption","notIn":"[parameters(''IPsecEncryption'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ipsecIntegrity","notIn":"[parameters(''IPsecIntegrity'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ikeEncryption","notIn":"[parameters(''IKEEncryption'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ikeIntegrity","notIn":"[parameters(''IKEIntegrity'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].dhGroup","notIn":"[parameters(''DHGroup'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].pfsGroup","notIn":"[parameters(''PFSGroup'')]"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50b83b09-03da-41c1-b656-c293c914862b","type":"Microsoft.Authorization/policyDefinitions","name":"50b83b09-03da-41c1-b656-c293c914862b"},{"properties":{"displayName":"Connection
+ Group","description":"PFS Group"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/connections"},{"anyOf":[{"field":"Microsoft.Network/connections/ipsecPolicies[*].ipsecEncryption","notIn":"[parameters(''IPsecEncryption'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ipsecIntegrity","notIn":"[parameters(''IPsecIntegrity'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ikeEncryption","notIn":"[parameters(''IKEEncryption'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ikeIntegrity","notIn":"[parameters(''IKEIntegrity'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].dhGroup","notIn":"[parameters(''DHGroup'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].pfsGroup","notIn":"[parameters(''PFSGroup'')]"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50b83b09-03da-41c1-b656-c293c914862b","type":"Microsoft.Authorization/policyDefinitions","name":"50b83b09-03da-41c1-b656-c293c914862b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1248 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1248"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50fc602d-d8e0-444b-a039-ad138ee5deb0","type":"Microsoft.Authorization/policyDefinitions","name":"50fc602d-d8e0-444b-a039-ad138ee5deb0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1386 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1386"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5120193e-91fd-4f9d-bc6d-194f94734065","type":"Microsoft.Authorization/policyDefinitions","name":"5120193e-91fd-4f9d-bc6d-194f94734065"},{"properties":{"displayName":"Microsoft
+ Managed Control 1352 - Incident Response Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1352"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/518cb545-bfa8-43f8-a108-3b7d5037469a","type":"Microsoft.Authorization/policyDefinitions","name":"518cb545-bfa8-43f8-a108-3b7d5037469a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1642 - Network Disconnect","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1642"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/53397227-5ee3-4b23-9e5e-c8a767ce6928","type":"Microsoft.Authorization/policyDefinitions","name":"53397227-5ee3-4b23-9e5e-c8a767ce6928"},{"properties":{"displayName":"Connection
throttling should be enabled for PostgreSQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy helps audit any PostgreSQL databases in your environment without Connection
throttling enabled. This setting enables temporary connection throttling per
IP for too many invalid password login failures.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"connection_throttling","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd","type":"Microsoft.Authorization/policyDefinitions","name":"5345bb39-67dc-4960-a1bf-427e16b9a0bd"},{"properties":{"displayName":"CORS
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"connection_throttling","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd","type":"Microsoft.Authorization/policyDefinitions","name":"5345bb39-67dc-4960-a1bf-427e16b9a0bd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1467 - Visitor Access Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1467"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5350cbf9-8bdd-4904-b22a-e88be84ca49d","type":"Microsoft.Authorization/policyDefinitions","name":"5350cbf9-8bdd-4904-b22a-e88be84ca49d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1183 - Baseline Configuration | Configure Systems, Components,
+ Or Devices For High-Risk Areas","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1183"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5352e3e0-e63a-452e-9e5f-9c1d181cff9c","type":"Microsoft.Authorization/policyDefinitions","name":"5352e3e0-e63a-452e-9e5f-9c1d181cff9c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1029 - Information Flow Enforcement | Security Policy Filters","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1029"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69","type":"Microsoft.Authorization/policyDefinitions","name":"53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69"},{"properties":{"displayName":"Microsoft
+ Managed Control 1270 - Alternate Storage Site | Recovery Time / Point Objectives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1270"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/53c76a39-2097-408a-b237-b279f7b4614d","type":"Microsoft.Authorization/policyDefinitions","name":"53c76a39-2097-408a-b237-b279f7b4614d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1040 - Least Privilege | Review Of User Privileges","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1040"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/54205576-cec9-463f-ba44-b4b3f5d0a84c","type":"Microsoft.Authorization/policyDefinitions","name":"54205576-cec9-463f-ba44-b4b3f5d0a84c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1015 - Account Management | Disable Inactive Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1015"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/544a208a-9c3f-40bc-b1d1-d7e144495c14","type":"Microsoft.Authorization/policyDefinitions","name":"544a208a-9c3f-40bc-b1d1-d7e144495c14"},{"properties":{"displayName":"Microsoft
+ Managed Control 1026 - Account Management | Disable Accounts For High-Risk
+ Individuals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1026"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/55419419-c597-4cd4-b51e-009fd2266783","type":"Microsoft.Authorization/policyDefinitions","name":"55419419-c597-4cd4-b51e-009fd2266783"},{"properties":{"displayName":"Microsoft
+ Managed Control 1045 - Unsuccessful Logon Attempts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1045"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/554d2dd6-f3a8-4ad5-b66f-5ce23bd18892","type":"Microsoft.Authorization/policyDefinitions","name":"554d2dd6-f3a8-4ad5-b66f-5ce23bd18892"},{"properties":{"displayName":"Microsoft
+ Managed Control 1523 - Personnel Transfer","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1523"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5577a310-2551-49c8-803b-36e0d5e55601","type":"Microsoft.Authorization/policyDefinitions","name":"5577a310-2551-49c8-803b-36e0d5e55601"},{"properties":{"displayName":"Microsoft
+ Managed Control 1113 - Response To Audit Processing Failures | Audit Storage
+ Capacity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1113"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/562afd61-56be-4313-8fe4-b9564aa4ba7d","type":"Microsoft.Authorization/policyDefinitions","name":"562afd61-56be-4313-8fe4-b9564aa4ba7d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1212 - Configuration Settings | Automated Central Management
+ / Application / Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1212"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/56d970ee-4efc-49c8-8a4e-5916940d784c","type":"Microsoft.Authorization/policyDefinitions","name":"56d970ee-4efc-49c8-8a4e-5916940d784c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1403 - Controlled Maintenance | Automated Maintenance Activities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1403"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/57149289-d52b-4f40-9fe6-5233c1ef80f7","type":"Microsoft.Authorization/policyDefinitions","name":"57149289-d52b-4f40-9fe6-5233c1ef80f7"},{"properties":{"displayName":"CORS
should not allow every resource to access your Web Applications","policyType":"BuiltIn","mode":"Indexed","description":"Cross-Origin
Resource Sharing (CORS) should not allow all domains to access your web application.
Allow only required domains to interact with your web app.","metadata":{"category":"App
Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","type":"Microsoft.Authorization/policyDefinitions","name":"5744710e-cc2f-4ee8-8809-3b11e89f4bc9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","type":"Microsoft.Authorization/policyDefinitions","name":"5744710e-cc2f-4ee8-8809-3b11e89f4bc9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1162 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1162"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592","type":"Microsoft.Authorization/policyDefinitions","name":"5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592"},{"properties":{"displayName":"Microsoft
+ Managed Control 1054 - Session Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1054"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5807e1b4-ba5e-4718-8689-a0ca05a191b2","type":"Microsoft.Authorization/policyDefinitions","name":"5807e1b4-ba5e-4718-8689-a0ca05a191b2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1584 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1584"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5864522b-ff1d-4979-a9f8-58bee1fb174c","type":"Microsoft.Authorization/policyDefinitions","name":"5864522b-ff1d-4979-a9f8-58bee1fb174c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1547 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1547"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52","type":"Microsoft.Authorization/policyDefinitions","name":"58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52"},{"properties":{"displayName":"Microsoft
+ Managed Control 1573 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1573"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/58c93053-7b98-4cf0-b99f-1beb985416c2","type":"Microsoft.Authorization/policyDefinitions","name":"58c93053-7b98-4cf0-b99f-1beb985416c2"},{"properties":{"displayName":"[Deprecated]:
+ Ensure Function app is using the latest version of TLS encryption","policyType":"BuiltIn","mode":"Indexed","description":"Please
+ use /providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193
+ instead. The TLS(Transport Layer Security) protocol secures transmission of
+ data over the internet using standard encryption technology. Encryption should
+ be set with the latest version of TLS. App service allows TLS 1.2 by default,
+ which is the recommended TLS level by industry standards, such as PCI DSS","metadata":{"category":"App
+ Service","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/58d94fc1-a072-47c2-bd37-9cdb38e77453","type":"Microsoft.Authorization/policyDefinitions","name":"58d94fc1-a072-47c2-bd37-9cdb38e77453"},{"properties":{"displayName":"Microsoft
+ Managed Control 1063 - Remote Access | Managed Access Control Points","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1063"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/593ce201-54b2-4dd0-b34f-c308005d7780","type":"Microsoft.Authorization/policyDefinitions","name":"593ce201-54b2-4dd0-b34f-c308005d7780"},{"properties":{"displayName":"Microsoft
+ Managed Control 1463 - Monitoring Physical Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1463"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/59721f87-ae25-4db0-a2a4-77cc5b25d495","type":"Microsoft.Authorization/policyDefinitions","name":"59721f87-ae25-4db0-a2a4-77cc5b25d495"},{"properties":{"displayName":"Microsoft
+ Managed Control 1425 - Timely Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1425"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5983d99c-f39b-4c32-a3dc-170f19f6941b","type":"Microsoft.Authorization/policyDefinitions","name":"5983d99c-f39b-4c32-a3dc-170f19f6941b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1512 - Personnel Screening","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1512"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5a8324ad-f599-429b-aaed-f9c6e8c987a8","type":"Microsoft.Authorization/policyDefinitions","name":"5a8324ad-f599-429b-aaed-f9c6e8c987a8"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that do not have a minimum password age
of 1 day","policyType":"BuiltIn","mode":"All","description":"This policy should
only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that do not have a minimum password age of 1 day. For more
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","type":"Microsoft.Authorization/policyDefinitions","name":"5aa11bbc-5c76-4302-80e5-aba46a4282e7"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","type":"Microsoft.Authorization/policyDefinitions","name":"5aa11bbc-5c76-4302-80e5-aba46a4282e7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1032 - Separation Of Duties","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1032"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aa85661-d618-46b8-a20f-ca40a86f0751","type":"Microsoft.Authorization/policyDefinitions","name":"5aa85661-d618-46b8-a20f-ca40a86f0751"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that do not restrict the minimum password
length to 14 characters","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that do not restrict the minimum password
length to 14 characters. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","type":"Microsoft.Authorization/policyDefinitions","name":"5aebc8d1-020d-4037-89a0-02043a7524ec"},{"properties":{"displayName":"Show
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","type":"Microsoft.Authorization/policyDefinitions","name":"5aebc8d1-020d-4037-89a0-02043a7524ec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1555 - Vulnerability Scanning | Privileged Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1555"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5afa8cab-1ed7-4e40-884c-64e0ac2059cc","type":"Microsoft.Authorization/policyDefinitions","name":"5afa8cab-1ed7-4e40-884c-64e0ac2059cc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1205 - Access Restrictions For Change | Signed Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1205"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b070cab-0fb8-4e48-ad29-fc90b4c2797c","type":"Microsoft.Authorization/policyDefinitions","name":"5b070cab-0fb8-4e48-ad29-fc90b4c2797c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1005 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1005"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b626abc-26d4-4e22-9de8-3831818526b1","type":"Microsoft.Authorization/policyDefinitions","name":"5b626abc-26d4-4e22-9de8-3831818526b1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1105 - Audit Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1105"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b73f57b-587d-4470-a344-0b0ae805f459","type":"Microsoft.Authorization/policyDefinitions","name":"5b73f57b-587d-4470-a344-0b0ae805f459"},{"properties":{"displayName":"Show
audit results from Linux VMs that have the specified applications installed","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Linux virtual machines that have the specified applications installed.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"not_installed_application_linux","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8","type":"Microsoft.Authorization/policyDefinitions","name":"5b842acb-0fe7-41b0-9f40-880ec4ad84d8"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"not_installed_application_linux","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8","type":"Microsoft.Authorization/policyDefinitions","name":"5b842acb-0fe7-41b0-9f40-880ec4ad84d8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1433 - Media Transport","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1433"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b879b41-2728-41c5-ad24-9ee2c37cbe65","type":"Microsoft.Authorization/policyDefinitions","name":"5b879b41-2728-41c5-ad24-9ee2c37cbe65"},{"properties":{"displayName":"Ensure
+ WEB app has ''Client Certificates (Incoming client certificates)'' set to
+ ''On''","policyType":"BuiltIn","mode":"Indexed","description":"Client certificates
+ allow for the app to request a certificate for incoming requests. Only clients
+ that have a valid certificate will be able to reach the app.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"},{"field":"Microsoft.Web/sites/clientCertEnabled","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","type":"Microsoft.Authorization/policyDefinitions","name":"5bb220d9-2698-4ee4-8404-b9c30c9df609"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs on which the remote host connection
status does not match the specified one","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -1248,7 +2345,10 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;host","value":"[parameters(''host'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;port","value":"[parameters(''port'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;shouldConnect","value":"[parameters(''shouldConnect'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5bb36dda-8a78-4df9-affd-4f05a8612a8a","type":"Microsoft.Authorization/policyDefinitions","name":"5bb36dda-8a78-4df9-affd-4f05a8612a8a"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5bb36dda-8a78-4df9-affd-4f05a8612a8a","type":"Microsoft.Authorization/policyDefinitions","name":"5bb36dda-8a78-4df9-affd-4f05a8612a8a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1551 - Vulnerability Scanning | Update Tool Capability","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1551"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5bbda922-0172-4095-89e6-5b4a0bf03af7","type":"Microsoft.Authorization/policyDefinitions","name":"5bbda922-0172-4095-89e6-5b4a0bf03af7"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Network Security''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -1264,16 +2364,38 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","type":"Microsoft.Authorization/policyDefinitions","name":"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138"},{"properties":{"displayName":"External
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","type":"Microsoft.Authorization/policyDefinitions","name":"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138"},{"properties":{"displayName":"Microsoft
+ Managed Control 1671 - Flaw Remediation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1671"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c5bbef7-a316-415b-9b38-29753ce8e698","type":"Microsoft.Authorization/policyDefinitions","name":"5c5bbef7-a316-415b-9b38-29753ce8e698"},{"properties":{"displayName":"Microsoft
+ Managed Control 1067 - Wireless Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1067"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c5e54f6-0127-44d0-8b61-f31dc8dd6190","type":"Microsoft.Authorization/policyDefinitions","name":"5c5e54f6-0127-44d0-8b61-f31dc8dd6190"},{"properties":{"displayName":"External
accounts with write permissions should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"External
accounts with write privileges should be removed from your subscription in
order to prevent unmonitored access.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","type":"Microsoft.Authorization/policyDefinitions","name":"5c607a2e-c700-4744-8254-d77e7c9eb5e4"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","type":"Microsoft.Authorization/policyDefinitions","name":"5c607a2e-c700-4744-8254-d77e7c9eb5e4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1483 - Water Damage Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1483"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5cb81060-3c8a-4968-bcdc-395a1801f6c1","type":"Microsoft.Authorization/policyDefinitions","name":"5cb81060-3c8a-4968-bcdc-395a1801f6c1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1362 - Incident Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1362"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5d169442-d6ef-439b-8dca-46c2c3248214","type":"Microsoft.Authorization/policyDefinitions","name":"5d169442-d6ef-439b-8dca-46c2c3248214"},{"properties":{"displayName":"Microsoft
+ Managed Control 1014 - Account Management | Removal Of Temporary / Emergency
+ Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1014"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5dee936c-8037-4df1-ab35-6635733da48c","type":"Microsoft.Authorization/policyDefinitions","name":"5dee936c-8037-4df1-ab35-6635733da48c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1665 - Process Isolation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1665"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5df3a55c-8456-44d4-941e-175f79332512","type":"Microsoft.Authorization/policyDefinitions","name":"5df3a55c-8456-44d4-941e-175f79332512"},{"properties":{"displayName":"[Deprecated]:
Function App should only be accessible over HTTPS","policyType":"BuiltIn","mode":"All","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"Security
Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForFunctionApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55","type":"Microsoft.Authorization/policyDefinitions","name":"5df82f4f-773a-4a2d-97a2-422a806f1a55"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForFunctionApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55","type":"Microsoft.Authorization/policyDefinitions","name":"5df82f4f-773a-4a2d-97a2-422a806f1a55"},{"properties":{"displayName":"Microsoft
+ Managed Control 1251 - Contingency Plan | Coordinate With Related Plans","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1251"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e2b3730-8c14-4081-8893-19dbb5de7348","type":"Microsoft.Authorization/policyDefinitions","name":"5e2b3730-8c14-4081-8893-19dbb5de7348"},{"properties":{"displayName":"[Deprecated]:
Audit Web Applications that are not using latest supported .NET Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported .NET Framework version for the latest security classes.
Using older classes and types can make your application vulnerable.","metadata":{"category":"Security
@@ -1285,7 +2407,13 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that do not have the specified applications installed. For
more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WhitelistedApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9","type":"Microsoft.Authorization/policyDefinitions","name":"5e393799-e3ca-4e43-a9a5-0ec4648a57d9"},{"properties":{"displayName":"[Deprecated]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WhitelistedApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9","type":"Microsoft.Authorization/policyDefinitions","name":"5e393799-e3ca-4e43-a9a5-0ec4648a57d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1116 - Audit Review, Analysis, And Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1116"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e47bc51-35d1-44b8-92af-e2f2d8b67635","type":"Microsoft.Authorization/policyDefinitions","name":"5e47bc51-35d1-44b8-92af-e2f2d8b67635"},{"properties":{"displayName":"Microsoft
+ Managed Control 1208 - Configuration Settings","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1208"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ea87673-d06b-456f-a324-8abcee5c159f","type":"Microsoft.Authorization/policyDefinitions","name":"5ea87673-d06b-456f-a324-8abcee5c159f"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation only in India data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation in the following locations only: West India, South India,
Central India","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["westindia","southindia","centralindia"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54","type":"Microsoft.Authorization/policyDefinitions","name":"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54"},{"properties":{"displayName":"[Preview]:
@@ -1303,7 +2431,11 @@ interactions:
''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachineScaleSets/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069","type":"Microsoft.Authorization/policyDefinitions","name":"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069"},{"properties":{"displayName":"External
+ extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069","type":"Microsoft.Authorization/policyDefinitions","name":"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069"},{"properties":{"displayName":"Microsoft
+ Managed Control 1576 - Acquisition Process | Design / Implementation Information
+ For Security Controls","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1576"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5f18c885-ade3-48c5-80b1-8f9216019c18","type":"Microsoft.Authorization/policyDefinitions","name":"5f18c885-ade3-48c5-80b1-8f9216019c18"},{"properties":{"displayName":"External
accounts with read permissions should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"External
accounts with read privileges should be removed from your subscription in
order to prevent unmonitored access.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -1315,7 +2447,10 @@ interactions:
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"field":"[concat(''tags['',
parameters(''tagName''), '']'')]","notEquals":"[parameters(''tagValue'')]"},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"addOrReplace","field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ffd78d9-436d-4b41-a421-5baa819e3008","type":"Microsoft.Authorization/policyDefinitions","name":"5ffd78d9-436d-4b41-a421-5baa819e3008"},{"properties":{"displayName":"[Preview]:
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ffd78d9-436d-4b41-a421-5baa819e3008","type":"Microsoft.Authorization/policyDefinitions","name":"5ffd78d9-436d-4b41-a421-5baa819e3008"},{"properties":{"displayName":"Microsoft
+ Managed Control 1663 - Protection Of Information At Rest","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1663"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/60171210-6dde-40af-a144-bf2670518bfa","type":"Microsoft.Authorization/policyDefinitions","name":"60171210-6dde-40af-a144-bf2670518bfa"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Object Access''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -1341,19 +2476,87 @@ interactions:
a storage account in the same region and resource group as the SQL server
to store scan results, with a ''sqlva'' prefix.","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/securityAlertPolicies.state","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3","/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"serverName":{"type":"string"},"location":{"type":"string"}},"variables":{"serverResourceGroupName":"[resourceGroup().name]","subscriptionId":"[subscription().subscriptionId]","uniqueStorage":"[uniqueString(variables(''subscriptionId''),
variables(''serverResourceGroupName''), parameters(''location''))]","storageName":"[tolower(concat(''sqlva'',
- variables(''uniqueStorage'')))]"},"resources":[{"type":"Microsoft.Storage/storageAccounts","name":"[variables(''storageName'')]","apiVersion":"2016-01-01","location":"[parameters(''location'')]","sku":{"name":"Standard_LRS"},"kind":"Storage","properties":{}},{"name":"[concat(parameters(''serverName''),
+ variables(''uniqueStorage'')))]"},"resources":[{"type":"Microsoft.Storage/storageAccounts","name":"[variables(''storageName'')]","apiVersion":"2019-04-01","location":"[parameters(''location'')]","sku":{"name":"Standard_LRS"},"kind":"StorageV2","properties":{}},{"name":"[concat(parameters(''serverName''),
''/Default'')]","type":"Microsoft.Sql/servers/securityAlertPolicies","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","emailAccountAdmins":true}},{"name":"[concat(parameters(''serverName''),
''/Default'')]","type":"Microsoft.Sql/servers/vulnerabilityAssessments","apiVersion":"2018-06-01-preview","properties":{"storageContainerPath":"[concat(reference(resourceId(''Microsoft.Storage/storageAccounts'',
variables(''storageName''))).primaryEndpoints.blob, ''vulnerability-assessment'')]","storageAccountAccessKey":"[listKeys(resourceId(''Microsoft.Storage/storageAccounts'',
variables(''storageName'')), ''2018-02-01'').keys[0].value]","recurringScans":{"isEnabled":true,"emailSubscriptionAdmins":true,"emails":[]}},"dependsOn":["[concat(''Microsoft.Storage/storageAccounts/'',
variables(''storageName''))]","[concat(''Microsoft.Sql/servers/'', parameters(''serverName''),
- ''/securityAlertPolicies/Default'')]"]}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6","type":"Microsoft.Authorization/policyDefinitions","name":"6134c3db-786f-471e-87bc-8f479dc890f6"},{"properties":{"displayName":"Service
+ ''/securityAlertPolicies/Default'')]"]}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6","type":"Microsoft.Authorization/policyDefinitions","name":"6134c3db-786f-471e-87bc-8f479dc890f6"},{"properties":{"displayName":"Configure
+ time zone on Windows machines.","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to set specified time zone
+ on Windows virtual machines.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"TimeZone":{"type":"String","metadata":{"displayName":"Time
+ zone","description":"The expected time zone"},"allowedValues":["(UTC-12:00)
+ International Date Line West","(UTC-11:00) Coordinated Universal Time-11","(UTC-10:00)
+ Aleutian Islands","(UTC-10:00) Hawaii","(UTC-09:30) Marquesas Islands","(UTC-09:00)
+ Alaska","(UTC-09:00) Coordinated Universal Time-09","(UTC-08:00) Baja California","(UTC-08:00)
+ Coordinated Universal Time-08","(UTC-08:00) Pacific Time (US & Canada)","(UTC-07:00)
+ Arizona","(UTC-07:00) Chihuahua, La Paz, Mazatlan","(UTC-07:00) Mountain Time
+ (US & Canada)","(UTC-06:00) Central America","(UTC-06:00) Central Time (US
+ & Canada)","(UTC-06:00) Easter Island","(UTC-06:00) Guadalajara, Mexico City,
+ Monterrey","(UTC-06:00) Saskatchewan","(UTC-05:00) Bogota, Lima, Quito, Rio
+ Branco","(UTC-05:00) Chetumal","(UTC-05:00) Eastern Time (US & Canada)","(UTC-05:00)
+ Haiti","(UTC-05:00) Havana","(UTC-05:00) Indiana (East)","(UTC-05:00) Turks
+ and Caicos","(UTC-04:00) Asuncion","(UTC-04:00) Atlantic Time (Canada)","(UTC-04:00)
+ Caracas","(UTC-04:00) Cuiaba","(UTC-04:00) Georgetown, La Paz, Manaus, San
+ Juan","(UTC-04:00) Santiago","(UTC-03:30) Newfoundland","(UTC-03:00) Araguaina","(UTC-03:00)
+ Brasilia","(UTC-03:00) Cayenne, Fortaleza","(UTC-03:00) City of Buenos Aires","(UTC-03:00)
+ Greenland","(UTC-03:00) Montevideo","(UTC-03:00) Punta Arenas","(UTC-03:00)
+ Saint Pierre and Miquelon","(UTC-03:00) Salvador","(UTC-02:00) Coordinated
+ Universal Time-02","(UTC-02:00) Mid-Atlantic - Old","(UTC-01:00) Azores","(UTC-01:00)
+ Cabo Verde Is.","(UTC) Coordinated Universal Time","(UTC+00:00) Dublin, Edinburgh,
+ Lisbon, London","(UTC+00:00) Monrovia, Reykjavik","(UTC+00:00) Sao Tome","(UTC+01:00)
+ Casablanca","(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna","(UTC+01:00)
+ Belgrade, Bratislava, Budapest, Ljubljana, Prague","(UTC+01:00) Brussels,
+ Copenhagen, Madrid, Paris","(UTC+01:00) Sarajevo, Skopje, Warsaw, Zagreb","(UTC+01:00)
+ West Central Africa","(UTC+02:00) Amman","(UTC+02:00) Athens, Bucharest","(UTC+02:00)
+ Beirut","(UTC+02:00) Cairo","(UTC+02:00) Chisinau","(UTC+02:00) Damascus","(UTC+02:00)
+ Gaza, Hebron","(UTC+02:00) Harare, Pretoria","(UTC+02:00) Helsinki, Kyiv,
+ Riga, Sofia, Tallinn, Vilnius","(UTC+02:00) Jerusalem","(UTC+02:00) Kaliningrad","(UTC+02:00)
+ Khartoum","(UTC+02:00) Tripoli","(UTC+02:00) Windhoek","(UTC+03:00) Baghdad","(UTC+03:00)
+ Istanbul","(UTC+03:00) Kuwait, Riyadh","(UTC+03:00) Minsk","(UTC+03:00) Moscow,
+ St. Petersburg","(UTC+03:00) Nairobi","(UTC+03:30) Tehran","(UTC+04:00) Abu
+ Dhabi, Muscat","(UTC+04:00) Astrakhan, Ulyanovsk","(UTC+04:00) Baku","(UTC+04:00)
+ Izhevsk, Samara","(UTC+04:00) Port Louis","(UTC+04:00) Saratov","(UTC+04:00)
+ Tbilisi","(UTC+04:00) Volgograd","(UTC+04:00) Yerevan","(UTC+04:30) Kabul","(UTC+05:00)
+ Ashgabat, Tashkent","(UTC+05:00) Ekaterinburg","(UTC+05:00) Islamabad, Karachi","(UTC+05:00)
+ Qyzylorda","(UTC+05:30) Chennai, Kolkata, Mumbai, New Delhi","(UTC+05:30)
+ Sri Jayawardenepura","(UTC+05:45) Kathmandu","(UTC+06:00) Astana","(UTC+06:00)
+ Dhaka","(UTC+06:00) Omsk","(UTC+06:30) Yangon (Rangoon)","(UTC+07:00) Bangkok,
+ Hanoi, Jakarta","(UTC+07:00) Barnaul, Gorno-Altaysk","(UTC+07:00) Hovd","(UTC+07:00)
+ Krasnoyarsk","(UTC+07:00) Novosibirsk","(UTC+07:00) Tomsk","(UTC+08:00) Beijing,
+ Chongqing, Hong Kong, Urumqi","(UTC+08:00) Irkutsk","(UTC+08:00) Kuala Lumpur,
+ Singapore","(UTC+08:00) Perth","(UTC+08:00) Taipei","(UTC+08:00) Ulaanbaatar","(UTC+08:45)
+ Eucla","(UTC+09:00) Chita","(UTC+09:00) Osaka, Sapporo, Tokyo","(UTC+09:00)
+ Pyongyang","(UTC+09:00) Seoul","(UTC+09:00) Yakutsk","(UTC+09:30) Adelaide","(UTC+09:30)
+ Darwin","(UTC+10:00) Brisbane","(UTC+10:00) Canberra, Melbourne, Sydney","(UTC+10:00)
+ Guam, Port Moresby","(UTC+10:00) Hobart","(UTC+10:00) Vladivostok","(UTC+10:30)
+ Lord Howe Island","(UTC+11:00) Bougainville Island","(UTC+11:00) Chokurdakh","(UTC+11:00)
+ Magadan","(UTC+11:00) Norfolk Island","(UTC+11:00) Sakhalin","(UTC+11:00)
+ Solomon Is., New Caledonia","(UTC+12:00) Anadyr, Petropavlovsk-Kamchatsky","(UTC+12:00)
+ Auckland, Wellington","(UTC+12:00) Coordinated Universal Time+12","(UTC+12:00)
+ Fiji","(UTC+12:00) Petropavlovsk-Kamchatsky - Old","(UTC+12:45) Chatham Islands","(UTC+13:00)
+ Coordinated Universal Time+13","(UTC+13:00) Nuku''alofa","(UTC+13:00) Samoa","(UTC+14:00)
+ Kiritimati Island"]}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"SetWindowsTimeZone","existenceCondition":{"allOf":[{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[WindowsTimeZone]WindowsTimeZone1;TimeZone'',
+ ''='', parameters(''TimeZone'')))]"},{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"SetWindowsTimeZone"},"TimeZone":{"value":"[parameters(''TimeZone'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"TimeZone":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","assignmentType":"DeployAndAutoCorrect","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","assignmentType":"DeployAndAutoCorrect","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6141c932-9384-44c6-a395-59e4c057d7c9","type":"Microsoft.Authorization/policyDefinitions","name":"6141c932-9384-44c6-a395-59e4c057d7c9"},{"properties":{"displayName":"Service
Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign","policyType":"BuiltIn","mode":"Indexed","description":"Service
Fabric provides three levels of protection (None, Sign and EncryptAndSign)
for node-to-node communication using a primary cluster certificate. Set the
protection level to ensure that all node-to-node messages are encrypted and
digitally signed","metadata":{"category":"Service Fabric"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceFabric/clusters"},{"anyOf":[{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].name","notEquals":"Security"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name","notEquals":"ClusterProtectionLevel"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value","notEquals":"EncryptAndSign"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","type":"Microsoft.Authorization/policyDefinitions","name":"617c02be-7f02-4efd-8836-3180d47b6c68"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceFabric/clusters"},{"anyOf":[{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].name","notEquals":"Security"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name","notEquals":"ClusterProtectionLevel"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value","notEquals":"EncryptAndSign"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","type":"Microsoft.Authorization/policyDefinitions","name":"617c02be-7f02-4efd-8836-3180d47b6c68"},{"properties":{"displayName":"Microsoft
+ Managed Control 1110 - Audit Storage Capacity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1110"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6182bfa7-0f2a-43f5-834a-a2ddf31c13c7","type":"Microsoft.Authorization/policyDefinitions","name":"6182bfa7-0f2a-43f5-834a-a2ddf31c13c7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1415 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1415"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/61a1dd98-b259-4840-abd5-fbba7ee0da83","type":"Microsoft.Authorization/policyDefinitions","name":"61a1dd98-b259-4840-abd5-fbba7ee0da83"},{"properties":{"displayName":"Microsoft
+ Managed Control 1153 - System Interconnections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1153"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/61cf3125-142c-4754-8a16-41ab4d529635","type":"Microsoft.Authorization/policyDefinitions","name":"61cf3125-142c-4754-8a16-41ab4d529635"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
System objects''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -1361,7 +2564,24 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - System objects''. For more information on Guest
Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsSystemobjects","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/620e58b5-ac75-49b4-993f-a9d4f0459636","type":"Microsoft.Authorization/policyDefinitions","name":"620e58b5-ac75-49b4-993f-a9d4f0459636"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsSystemobjects","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/620e58b5-ac75-49b4-993f-a9d4f0459636","type":"Microsoft.Authorization/policyDefinitions","name":"620e58b5-ac75-49b4-993f-a9d4f0459636"},{"properties":{"displayName":"Microsoft
+ Managed Control 1682 - Malicious Code Protection | Nonsignature-Based Detection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1682"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/62b638c5-29d7-404b-8d93-f21e4b1ce198","type":"Microsoft.Authorization/policyDefinitions","name":"62b638c5-29d7-404b-8d93-f21e4b1ce198"},{"properties":{"displayName":"Microsoft
+ Managed Control 1660 - Session Authenticity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1660"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/63096613-ce83-43e5-96f4-e588e8813554","type":"Microsoft.Authorization/policyDefinitions","name":"63096613-ce83-43e5-96f4-e588e8813554"},{"properties":{"displayName":"Microsoft
+ Managed Control 1002 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1002"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/632024c2-8079-439d-a7f6-90af1d78cc65","type":"Microsoft.Authorization/policyDefinitions","name":"632024c2-8079-439d-a7f6-90af1d78cc65"},{"properties":{"displayName":"Microsoft
+ Managed Control 1498 - Rules Of Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1498"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/633988b9-cf2f-4323-8394-f0d2af9cd6e1","type":"Microsoft.Authorization/policyDefinitions","name":"633988b9-cf2f-4323-8394-f0d2af9cd6e1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1177 - Baseline Configuration | Reviews And Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1177"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc","type":"Microsoft.Authorization/policyDefinitions","name":"63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1185 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1185"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6420cd73-b939-43b7-9d99-e8688fea053c","type":"Microsoft.Authorization/policyDefinitions","name":"6420cd73-b939-43b7-9d99-e8688fea053c"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Devices''","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Windows virtual machines
@@ -1378,16 +2598,38 @@ interactions:
Allowed to format and eject removable media;ExpectedValue'', ''='', parameters(''DevicesAllowedToFormatAndEjectRemovableMedia'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsDevices"},"DevicesAllowedToFormatAndEjectRemovableMedia":{"value":"[parameters(''DevicesAllowedToFormatAndEjectRemovableMedia'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"DevicesAllowedToFormatAndEjectRemovableMedia":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Devices:
Allowed to format and eject removable media;ExpectedValue","value":"[parameters(''DevicesAllowedToFormatAndEjectRemovableMedia'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6481cc21-ed6e-4480-99dd-ea7c5222e897","type":"Microsoft.Authorization/policyDefinitions","name":"6481cc21-ed6e-4480-99dd-ea7c5222e897"},{"properties":{"displayName":"[Deprecated]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6481cc21-ed6e-4480-99dd-ea7c5222e897","type":"Microsoft.Authorization/policyDefinitions","name":"6481cc21-ed6e-4480-99dd-ea7c5222e897"},{"properties":{"displayName":"Microsoft
+ Managed Control 1441 - Media Sanitization | Equipment Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1441"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6519d7f3-e8a2-4ff3-a935-9a9497152ad7","type":"Microsoft.Authorization/policyDefinitions","name":"6519d7f3-e8a2-4ff3-a935-9a9497152ad7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1558 - Vulnerability Scanning | Correlate Scanning Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1558"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/65592b16-4367-42c5-a26e-d371be450e17","type":"Microsoft.Authorization/policyDefinitions","name":"65592b16-4367-42c5-a26e-d371be450e17"},{"properties":{"displayName":"[Deprecated]:
Audit missing blob encryption for storage accounts","policyType":"BuiltIn","mode":"All","description":"This
policy is no longer necessary because storage blob encryption is enabled by
default and cannot be turned off.","metadata":{"category":"Security Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759","type":"Microsoft.Authorization/policyDefinitions","name":"655cb504-bcee-4362-bd4c-402e6aa38759"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759","type":"Microsoft.Authorization/policyDefinitions","name":"655cb504-bcee-4362-bd4c-402e6aa38759"},{"properties":{"displayName":"Microsoft
+ Managed Control 1261 - Contingency Plan Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1261"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/65aeceb5-a59c-4cb1-8d82-9c474be5d431","type":"Microsoft.Authorization/policyDefinitions","name":"65aeceb5-a59c-4cb1-8d82-9c474be5d431"},{"properties":{"displayName":"[Deprecated]:
Audit IP restrictions configuration for a Function App","policyType":"BuiltIn","mode":"All","description":"IP
Restrictions allow you to define a list of IP addresses that are allowed to
access your app. Use of IP Restrictions protects a Function app from common
attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90","type":"Microsoft.Authorization/policyDefinitions","name":"664346d9-be92-43fb-a219-d595eeb76a90"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90","type":"Microsoft.Authorization/policyDefinitions","name":"664346d9-be92-43fb-a219-d595eeb76a90"},{"properties":{"displayName":"Microsoft
+ Managed Control 1444 - Media Use | Prohibit Use Without Owner","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1444"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/666143df-f5e0-45bd-b554-135f0f93e44e","type":"Microsoft.Authorization/policyDefinitions","name":"666143df-f5e0-45bd-b554-135f0f93e44e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1319 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1319"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/66f7ae57-5560-4fc5-85c9-659f204e7a42","type":"Microsoft.Authorization/policyDefinitions","name":"66f7ae57-5560-4fc5-85c9-659f204e7a42"},{"properties":{"displayName":"Microsoft
+ Managed Control 1628 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1628"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/67de62b4-a737-4781-8861-3baed3c35069","type":"Microsoft.Authorization/policyDefinitions","name":"67de62b4-a737-4781-8861-3baed3c35069"},{"properties":{"displayName":"Microsoft
+ Managed Control 1377 - Incident Response Assistance | Coordination With External
+ Providers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1377"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68434bd1-e14b-4031-9edb-a4adf5f84a67","type":"Microsoft.Authorization/policyDefinitions","name":"68434bd1-e14b-4031-9edb-a4adf5f84a67"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs on which the Log Analytics agent
is not connected as expected","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -1406,7 +2648,35 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LogAnalyticsAgent]LogAnalyticsAgent1;WorkspaceId","value":"[parameters(''WorkspaceId'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68511db2-bd02-41c4-ae6b-1900a012968a","type":"Microsoft.Authorization/policyDefinitions","name":"68511db2-bd02-41c4-ae6b-1900a012968a"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68511db2-bd02-41c4-ae6b-1900a012968a","type":"Microsoft.Authorization/policyDefinitions","name":"68511db2-bd02-41c4-ae6b-1900a012968a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1597 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1597"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68b250ec-2e4f-4eee-898a-117a9fda7016","type":"Microsoft.Authorization/policyDefinitions","name":"68b250ec-2e4f-4eee-898a-117a9fda7016"},{"properties":{"displayName":"Microsoft
+ Managed Control 1588 - External Information System Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1588"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68ebae26-e0e0-4ecb-8379-aabf633b51e9","type":"Microsoft.Authorization/policyDefinitions","name":"68ebae26-e0e0-4ecb-8379-aabf633b51e9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1070 - Wireless Access | Disable Wireless Networking","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1070"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68f837d0-8942-4b1e-9b31-be78b247bda8","type":"Microsoft.Authorization/policyDefinitions","name":"68f837d0-8942-4b1e-9b31-be78b247bda8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1727 - Memory Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1727"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/697175a7-9715-4e89-b98b-c6f605888fa3","type":"Microsoft.Authorization/policyDefinitions","name":"697175a7-9715-4e89-b98b-c6f605888fa3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1652 - Mobile Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1652"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6998e84a-2d29-4e10-8962-76754d4f772d","type":"Microsoft.Authorization/policyDefinitions","name":"6998e84a-2d29-4e10-8962-76754d4f772d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1699 - Information System Monitoring | Privileged Users","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1699"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/69c7bee8-bc19-4129-a51e-65a7b39d3e7c","type":"Microsoft.Authorization/policyDefinitions","name":"69c7bee8-bc19-4129-a51e-65a7b39d3e7c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1696 - Information System Monitoring | Correlate Monitoring
+ Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1696"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/69d2a238-20ab-4206-a6dc-f302bf88b1b8","type":"Microsoft.Authorization/policyDefinitions","name":"69d2a238-20ab-4206-a6dc-f302bf88b1b8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1244 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1244"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a13a8f8-c163-4b1b-8554-d63569dab937","type":"Microsoft.Authorization/policyDefinitions","name":"6a13a8f8-c163-4b1b-8554-d63569dab937"},{"properties":{"displayName":"Microsoft
+ Managed Control 1019 - Account Management | Role-Based Schemes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1019"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a3ee9b2-3977-459c-b8ce-2db583abd9f7","type":"Microsoft.Authorization/policyDefinitions","name":"6a3ee9b2-3977-459c-b8ce-2db583abd9f7"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs on which Windows Defender Exploit
Guard is not enabled","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -1433,29 +2703,108 @@ interactions:
Restrictions allow you to define a list of IP addresses that are allowed to
access your app. Use of IP Restrictions protects a web application from common
attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe","type":"Microsoft.Authorization/policyDefinitions","name":"6a8450e2-6c61-43b4-be65-62e3a197bffe"},{"properties":{"displayName":"Deprecated
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe","type":"Microsoft.Authorization/policyDefinitions","name":"6a8450e2-6c61-43b4-be65-62e3a197bffe"},{"properties":{"displayName":"Microsoft
+ Managed Control 1211 - Configuration Settings","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1211"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a8b9dc8-6b00-4701-aa96-bba3277ebf50","type":"Microsoft.Authorization/policyDefinitions","name":"6a8b9dc8-6b00-4701-aa96-bba3277ebf50"},{"properties":{"displayName":"[Deprecated]:
+ Ensure WEB app is using the latest version of TLS encryption ","policyType":"BuiltIn","mode":"Indexed","description":"Please
+ use /providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b
+ instead. The TLS(Transport Layer Security) protocol secures transmission of
+ data over the internet using standard encryption technology. Encryption should
+ be set with the latest version of TLS. App service allows TLS 1.2 by default,
+ which is the recommended TLS level by industry standards, such as PCI DSS.","metadata":{"category":"App
+ Service","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6ad61431-88ce-4357-a0e1-6da43f292bd7","type":"Microsoft.Authorization/policyDefinitions","name":"6ad61431-88ce-4357-a0e1-6da43f292bd7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1653 - Mobile Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1653"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b","type":"Microsoft.Authorization/policyDefinitions","name":"6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b"},{"properties":{"displayName":"Deprecated
accounts should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"Deprecated
accounts should be removed from your subscriptions. Deprecated accounts are
accounts that have been blocked from signing in.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveDeprecatedAccounts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","type":"Microsoft.Authorization/policyDefinitions","name":"6b1cbf55-e8b6-442f-ba4c-7246b6381474"},{"properties":{"displayName":"Not
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveDeprecatedAccounts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","type":"Microsoft.Authorization/policyDefinitions","name":"6b1cbf55-e8b6-442f-ba4c-7246b6381474"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Service Bus to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Service Bus to stream to a regional Event Hub
+ when any Service Bus which is missing this diagnostic settings is created
+ or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.ServiceBus/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b51af03-9277-49a9-a3f8-1c69c9ff7403","type":"Microsoft.Authorization/policyDefinitions","name":"6b51af03-9277-49a9-a3f8-1c69c9ff7403"},{"properties":{"displayName":"Microsoft
+ Managed Control 1031 - Separation Of Duties","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1031"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b93a801-fe25-4574-a60d-cb22acffae00","type":"Microsoft.Authorization/policyDefinitions","name":"6b93a801-fe25-4574-a60d-cb22acffae00"},{"properties":{"displayName":"Not
allowed resource types","policyType":"BuiltIn","mode":"All","description":"This
policy enables you to specify the resource types that your organization cannot
deploy.","metadata":{"category":"General"},"parameters":{"listOfResourceTypesNotAllowed":{"type":"Array","metadata":{"description":"The
list of resource types that cannot be deployed.","displayName":"Not allowed
- resource types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypesNotAllowed'')]"},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749","type":"Microsoft.Authorization/policyDefinitions","name":"6c112d4e-5bc7-47ae-a041-ea2d9dccd749"},{"properties":{"displayName":"Function
+ resource types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypesNotAllowed'')]"},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749","type":"Microsoft.Authorization/policyDefinitions","name":"6c112d4e-5bc7-47ae-a041-ea2d9dccd749"},{"properties":{"displayName":"Microsoft
+ Managed Control 1338 - Authenticator Management | Automated Support For Password
+ Strength Determination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1338"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6c59a207-6aed-41dc-83a2-e1ff66e4a4db","type":"Microsoft.Authorization/policyDefinitions","name":"6c59a207-6aed-41dc-83a2-e1ff66e4a4db"},{"properties":{"displayName":"Microsoft
+ Managed Control 1304 - Identification And Authentication (Org. Users) | Local
+ Access To Non-Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1304"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b","type":"Microsoft.Authorization/policyDefinitions","name":"6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1437 - Media Transport | Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1437"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d1eb6ed-bf13-4046-b993-b9e2aef0f76c","type":"Microsoft.Authorization/policyDefinitions","name":"6d1eb6ed-bf13-4046-b993-b9e2aef0f76c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1171 - Penetration Testing | Independent Penetration Agent
+ Or Team","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1171"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d4820bc-8b61-4982-9501-2123cb776c00","type":"Microsoft.Authorization/policyDefinitions","name":"6d4820bc-8b61-4982-9501-2123cb776c00"},{"properties":{"displayName":"Function
App should only be accessible over HTTPS","policyType":"BuiltIn","mode":"Indexed","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","type":"Microsoft.Authorization/policyDefinitions","name":"6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab"},{"properties":{"displayName":"Email
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","type":"Microsoft.Authorization/policyDefinitions","name":"6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab"},{"properties":{"displayName":"Microsoft
+ Managed Control 1643 - Cryptographic Key Establishment And Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1643"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d8d492c-dd7a-46f7-a723-fa66a425b87c","type":"Microsoft.Authorization/policyDefinitions","name":"6d8d492c-dd7a-46f7-a723-fa66a425b87c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1291 - Information System Backup | Testing For Reliability
+ / Integrity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1291"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912","type":"Microsoft.Authorization/policyDefinitions","name":"6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912"},{"properties":{"displayName":"Microsoft
+ Managed Control 1175 - Configuration Management Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1175"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6dab4254-c30d-4bb7-ae99-1d21586c063c","type":"Microsoft.Authorization/policyDefinitions","name":"6dab4254-c30d-4bb7-ae99-1d21586c063c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1651 - Mobile Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1651"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6db63528-c9ba-491c-8a80-83e1e6977a50","type":"Microsoft.Authorization/policyDefinitions","name":"6db63528-c9ba-491c-8a80-83e1e6977a50"},{"properties":{"displayName":"Email
notification for high severity alerts should be enabled","policyType":"BuiltIn","mode":"All","description":"Enable
emailing security alerts to the security contact, in order to have them receive
security alert emails from Microsoft. This ensures that the right people are
aware of any potential security issues and are able to mitigate the risks","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertNotifications","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","type":"Microsoft.Authorization/policyDefinitions","name":"6e2593d9-add6-4083-9c9b-4b7d2188c899"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertNotifications","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","type":"Microsoft.Authorization/policyDefinitions","name":"6e2593d9-add6-4083-9c9b-4b7d2188c899"},{"properties":{"displayName":"Microsoft
+ Managed Control 1586 - External Information System Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1586"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e3b2fbd-8f37-4766-a64d-3f37703dcb51","type":"Microsoft.Authorization/policyDefinitions","name":"6e3b2fbd-8f37-4766-a64d-3f37703dcb51"},{"properties":{"displayName":"Microsoft
+ Managed Control 1536 - Risk Assessment Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1536"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e40d9de-2ad4-4cb5-8945-23143326a502","type":"Microsoft.Authorization/policyDefinitions","name":"6e40d9de-2ad4-4cb5-8945-23143326a502"},{"properties":{"displayName":"Microsoft
+ Managed Control 1530 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1530"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e8f9566-29f1-49cd-b61f-f8628a3cf993","type":"Microsoft.Authorization/policyDefinitions","name":"6e8f9566-29f1-49cd-b61f-f8628a3cf993"},{"properties":{"displayName":"Microsoft
+ Managed Control 1460 - Access Control For Output Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1460"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6f3ce1bb-4f77-4695-8355-70b08d54fdda","type":"Microsoft.Authorization/policyDefinitions","name":"6f3ce1bb-4f77-4695-8355-70b08d54fdda"},{"properties":{"displayName":"Microsoft
+ Managed Control 1320 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1320"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6f54c732-71d4-4f93-a696-4e373eca3a77","type":"Microsoft.Authorization/policyDefinitions","name":"6f54c732-71d4-4f93-a696-4e373eca3a77"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation only in Japan data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
- resource creation in the following locations only: Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4","type":"Microsoft.Authorization/policyDefinitions","name":"6fdb9205-3462-4cfc-87d8-16c7860b53f4"},{"properties":{"displayName":"[Preview]:
+ resource creation in the following locations only: Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4","type":"Microsoft.Authorization/policyDefinitions","name":"6fdb9205-3462-4cfc-87d8-16c7860b53f4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1141 - Audit Generation | Changes By Authorized Individuals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1141"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fdefbf4-93e7-4513-bc95-c1858b7093e0","type":"Microsoft.Authorization/policyDefinitions","name":"6fdefbf4-93e7-4513-bc95-c1858b7093e0"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Microsoft Network Server''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -1463,7 +2812,19 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - Microsoft Network Server''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkServer","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fe4ef56-7576-4dc4-8e9c-26bad4b087ce","type":"Microsoft.Authorization/policyDefinitions","name":"6fe4ef56-7576-4dc4-8e9c-26bad4b087ce"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkServer","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fe4ef56-7576-4dc4-8e9c-26bad4b087ce","type":"Microsoft.Authorization/policyDefinitions","name":"6fe4ef56-7576-4dc4-8e9c-26bad4b087ce"},{"properties":{"displayName":"Ensure
+ that ''Python version'' is the latest, if used as a part of the Web app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Python software either due to security flaws
+ or to include additional functionality. Using the latest Python version for
+ web apps is recommended in order to to take advantage of security fixes, if
+ any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"WindowsPythonLatestVersion":{"type":"String","metadata":{"displayName":"Windows
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.6"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"Linux
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.8"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PYTHON"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PYTHON|'',
+ parameters(''LinuxPythonLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":"[parameters(''WindowsPythonLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","type":"Microsoft.Authorization/policyDefinitions","name":"7008174a-fd10-4ef0-817e-fc820a951d73"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Windows Components''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
with non-compliant settings in Group Policy category: ''Windows Components''.
@@ -1575,14 +2936,36 @@ interactions:
Specify the maximum log file size (KB);ExpectedValue","value":"[parameters(''SystemSpecifyTheMaximumLogFileSizeKB'')]"},{"name":"Turn
off Data Execution Prevention for Explorer;ExpectedValue","value":"[parameters(''TurnOffDataExecutionPreventionForExplorer'')]"},{"name":"Specify
the interval to check for definition updates;ExpectedValue","value":"[parameters(''SpecifyTheIntervalToCheckForDefinitionUpdates'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7040a231-fb65-4412-8c0a-b365f4866c24","type":"Microsoft.Authorization/policyDefinitions","name":"7040a231-fb65-4412-8c0a-b365f4866c24"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7040a231-fb65-4412-8c0a-b365f4866c24","type":"Microsoft.Authorization/policyDefinitions","name":"7040a231-fb65-4412-8c0a-b365f4866c24"},{"properties":{"displayName":"Microsoft
+ Managed Control 1254 - Contingency Plan | Resume All Missions / Business Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1254"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/704e136a-4fe0-427c-b829-cd69957f5d2b","type":"Microsoft.Authorization/policyDefinitions","name":"704e136a-4fe0-427c-b829-cd69957f5d2b"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- System''","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''System
Audit Policies - System''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7066131b-61a6-4917-a7e4-72e8983f0aa6","type":"Microsoft.Authorization/policyDefinitions","name":"7066131b-61a6-4917-a7e4-72e8983f0aa6"},{"properties":{"displayName":"[Preview]:
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7066131b-61a6-4917-a7e4-72e8983f0aa6","type":"Microsoft.Authorization/policyDefinitions","name":"7066131b-61a6-4917-a7e4-72e8983f0aa6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1509 - Position Risk Designation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1509"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/70792197-9bfc-4813-905a-bd33993e327f","type":"Microsoft.Authorization/policyDefinitions","name":"70792197-9bfc-4813-905a-bd33993e327f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1541 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1541"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/70f6af82-7be6-44aa-9b15-8b9231b2e434","type":"Microsoft.Authorization/policyDefinitions","name":"70f6af82-7be6-44aa-9b15-8b9231b2e434"},{"properties":{"displayName":"Microsoft
+ Managed Control 1691 - Information System Monitoring | Automated Tools For
+ Real-Time Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1691"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/71475fb4-49bd-450b-a1a5-f63894c24725","type":"Microsoft.Authorization/policyDefinitions","name":"71475fb4-49bd-450b-a1a5-f63894c24725"},{"properties":{"displayName":"Microsoft
+ Managed Control 1481 - Temperature And Humidity Controls","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1481"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/717a1c78-a267-4f56-ac58-ee6c54dc4339","type":"Microsoft.Authorization/policyDefinitions","name":"717a1c78-a267-4f56-ac58-ee6c54dc4339"},{"properties":{"displayName":"Microsoft
+ Managed Control 1129 - Time Stamps | Synchronization With Authoritative Time
+ Source","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1129"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/71bb965d-4047-4623-afd4-b8189a58df5d","type":"Microsoft.Authorization/policyDefinitions","name":"71bb965d-4047-4623-afd4-b8189a58df5d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1395 - System Maintenance Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1395"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7207a023-a517-41c5-9df2-09d4c6845a05","type":"Microsoft.Authorization/policyDefinitions","name":"7207a023-a517-41c5-9df2-09d4c6845a05"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs on which the DSC configuration is not
compliant","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
@@ -1597,7 +2980,28 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Administrative
Templates - Network''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesNetwork","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7229bd6a-693d-478a-87f0-1dc1af06f3b8","type":"Microsoft.Authorization/policyDefinitions","name":"7229bd6a-693d-478a-87f0-1dc1af06f3b8"},{"properties":{"displayName":"[Preview]:
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesNetwork","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7229bd6a-693d-478a-87f0-1dc1af06f3b8","type":"Microsoft.Authorization/policyDefinitions","name":"7229bd6a-693d-478a-87f0-1dc1af06f3b8"},{"properties":{"displayName":"Ensure
+ that ''Python version'' is the latest, if used as a part of the Function app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Python software either due to security flaws
+ or to include additional functionality. Using the latest Python version for
+ Function apps is recommended in order to to take advantage of security fixes,
+ if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"WindowsPythonLatestVersion":{"type":"String","metadata":{"displayName":"Windows
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.6"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"Linux
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.8"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PYTHON"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PYTHON|'',
+ parameters(''LinuxPythonLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":"[parameters(''WindowsPythonLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","type":"Microsoft.Authorization/policyDefinitions","name":"7238174a-fd10-4ef0-817e-fc820a951d73"},{"properties":{"displayName":"Ensure
+ that ''PHP version'' is the latest, if used as a part of the WEB app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for PHP software either due to security flaws
+ or to include additional functionality. Using the latest PHP version for web
+ apps is recommended in order to to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ PHP version","description":"Latest supported PHP version for App Services"},"defaultValue":"7.3"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PHP"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PHP|'',
+ parameters(''PHPLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":"[parameters(''PHPLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","type":"Microsoft.Authorization/policyDefinitions","name":"7261b898-8a84-4db8-9e04-18527132abb3"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that allow re-use of the previous
24 passwords","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -1605,13 +3009,13 @@ interactions:
managed identity and deploys the VM extension for Guest Configuration. This
policy should only be used along with its corresponding audit policy in an
initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"EnforcePasswordHistory"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"EnforcePasswordHistory"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","type":"Microsoft.Authorization/policyDefinitions","name":"726671ac-c4de-4908-8c7d-6043ae62e3b6"},{"properties":{"displayName":"Add
a tag to resource groups","policyType":"BuiltIn","mode":"All","description":"Adds
the specified tag and value when any resource group missing this tag is created
@@ -1620,17 +3024,60 @@ interactions:
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"add","field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/726aca4c-86e9-4b04-b0c5-073027359532","type":"Microsoft.Authorization/policyDefinitions","name":"726aca4c-86e9-4b04-b0c5-073027359532"},{"properties":{"displayName":"Allowed
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/726aca4c-86e9-4b04-b0c5-073027359532","type":"Microsoft.Authorization/policyDefinitions","name":"726aca4c-86e9-4b04-b0c5-073027359532"},{"properties":{"displayName":"Microsoft
+ Managed Control 1524 - Personnel Transfer","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1524"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/72f1cb4e-2439-4fe8-88ea-b8671ce3c268","type":"Microsoft.Authorization/policyDefinitions","name":"72f1cb4e-2439-4fe8-88ea-b8671ce3c268"},{"properties":{"displayName":"Microsoft
+ Managed Control 1393 - Information Spillage Response | Exposure To Unauthorized
+ Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1393"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/731856d8-1598-4b75-92de-7d46235747c0","type":"Microsoft.Authorization/policyDefinitions","name":"731856d8-1598-4b75-92de-7d46235747c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1101 - Audit And Accountability Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1101"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7327b708-f0e0-457d-9d2a-527fcc9c9a65","type":"Microsoft.Authorization/policyDefinitions","name":"7327b708-f0e0-457d-9d2a-527fcc9c9a65"},{"properties":{"displayName":"Microsoft
+ Managed Control 1456 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1456"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/733ba9e3-9e7c-440a-a7aa-6196a90a2870","type":"Microsoft.Authorization/policyDefinitions","name":"733ba9e3-9e7c-440a-a7aa-6196a90a2870"},{"properties":{"displayName":"Microsoft
+ Managed Control 1581 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1581"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/742b549b-7a25-465f-b83c-ea1ffb4f4e0e","type":"Microsoft.Authorization/policyDefinitions","name":"742b549b-7a25-465f-b83c-ea1ffb4f4e0e"},{"properties":{"displayName":"Allowed
storage account SKUs","policyType":"BuiltIn","mode":"Indexed","description":"This
policy enables you to specify a set of storage account SKUs that your organization
can deploy.","metadata":{"category":"Storage"},"parameters":{"listOfAllowedSKUs":{"type":"Array","metadata":{"description":"The
list of SKUs that can be specified for storage accounts.","displayName":"Allowed
- SKUs","strongType":"StorageSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1","type":"Microsoft.Authorization/policyDefinitions","name":"7433c107-6db4-4ad1-b57a-a76dce0154a1"},{"properties":{"displayName":"[Deprecated]:
+ SKUs","strongType":"StorageSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1","type":"Microsoft.Authorization/policyDefinitions","name":"7433c107-6db4-4ad1-b57a-a76dce0154a1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1631 - Boundary Protection | Deny By Default / Allow By Exception","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1631"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/74ae9b8e-e7bb-4c9c-992f-c535282f7a2c","type":"Microsoft.Authorization/policyDefinitions","name":"74ae9b8e-e7bb-4c9c-992f-c535282f7a2c"},{"properties":{"displayName":"Ensure
+ that ''Python version'' is the latest, if used as a part of the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Python software either due to security flaws
+ or to include additional functionality. Using the latest Python version for
+ Api apps is recommended in order to to take advantage of security fixes, if
+ any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"WindowsPythonLatestVersion":{"type":"String","metadata":{"displayName":"Windows
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.6"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"Linux
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.8"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PYTHON"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PYTHON|'',
+ parameters(''LinuxPythonLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":"[parameters(''WindowsPythonLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","type":"Microsoft.Authorization/policyDefinitions","name":"74c3584d-afae-46f7-a20a-6f8adba71a16"},{"properties":{"displayName":"Microsoft
+ Managed Control 1417 - Nonlocal Maintenance | Comparable Security / Sanitization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1417"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7522ed84-70d5-4181-afc0-21e50b1b6d0e","type":"Microsoft.Authorization/policyDefinitions","name":"7522ed84-70d5-4181-afc0-21e50b1b6d0e"},{"properties":{"displayName":"[Deprecated]:
Audit enabling of diagnostic logs in App Services","policyType":"BuiltIn","mode":"All","description":"Audit
enabling of diagnostic logs on the app. This enables you to recreate activity
trails for investigation purposes if a security incident occurs or your network
is compromised","metadata":{"category":"App Service","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites/config"},{"field":"name","equals":"web"},{"anyOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","notEquals":"true"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac","type":"Microsoft.Authorization/policyDefinitions","name":"752c6934-9bcc-4749-b004-655e676ae2ac"},{"properties":{"displayName":"Vulnerabilities
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites/config"},{"field":"name","equals":"web"},{"anyOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","notEquals":"true"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac","type":"Microsoft.Authorization/policyDefinitions","name":"752c6934-9bcc-4749-b004-655e676ae2ac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1468 - Visitor Access Records | Automated Records Maintenance
+ / Review","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1468"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/75603f96-80a1-4757-991d-5a1221765ddd","type":"Microsoft.Authorization/policyDefinitions","name":"75603f96-80a1-4757-991d-5a1221765ddd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1053 - Session Lock | Pattern-Hiding Displays","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1053"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7582b19c-9dba-438e-aed8-ede59ac35ba3","type":"Microsoft.Authorization/policyDefinitions","name":"7582b19c-9dba-438e-aed8-ede59ac35ba3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1459 - Access Control For Transmission Medium","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1459"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0","type":"Microsoft.Authorization/policyDefinitions","name":"75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0"},{"properties":{"displayName":"Vulnerabilities
should be remediated by a Vulnerability Assessment solution","policyType":"BuiltIn","mode":"All","description":"Monitors
vulnerabilities detected by Vulnerability Assessment solution and VMs without
a Vulnerability Assessment solution in Azure Security Center as recommendations.","metadata":{"category":"Security
@@ -1644,12 +3091,63 @@ interactions:
List of VM images that have supported Linux OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.7"},"resources":[{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","name":"[concat(parameters(''vmName''),
''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0","type":"Microsoft.Authorization/policyDefinitions","name":"765266ab-e40e-4c61-bcb2-5a5275d0b7c0"},{"properties":{"displayName":"Azure
+ extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0","type":"Microsoft.Authorization/policyDefinitions","name":"765266ab-e40e-4c61-bcb2-5a5275d0b7c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1055 - Session Termination| User-Initiated Logouts / Message
+ Displays","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1055"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/769efd9b-3587-4e22-90ce-65ddcd5bd969","type":"Microsoft.Authorization/policyDefinitions","name":"769efd9b-3587-4e22-90ce-65ddcd5bd969"},{"properties":{"displayName":"Audit
+ delegation of scopes to a managing tenant","policyType":"BuiltIn","mode":"All","description":"Audit
+ delegation of scopes to a managing tenant via Azure Lighthouse.","metadata":{"category":"Lighthouse"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ManagedServices/registrationAssignments"},{"value":"true","equals":"true"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/76bed37b-484f-430f-a009-fd7592dff818","type":"Microsoft.Authorization/policyDefinitions","name":"76bed37b-484f-430f-a009-fd7592dff818"},{"properties":{"displayName":"Microsoft
+ Managed Control 1058 - Permitted Actions Without Identification Or Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1058"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/76e85d08-8fbb-4112-a1c1-93521e6a9254","type":"Microsoft.Authorization/policyDefinitions","name":"76e85d08-8fbb-4112-a1c1-93521e6a9254"},{"properties":{"displayName":"Microsoft
+ Managed Control 1508 - Position Risk Designation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1508"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/76f500cc-4bca-4583-bda1-6d084dc21086","type":"Microsoft.Authorization/policyDefinitions","name":"76f500cc-4bca-4583-bda1-6d084dc21086"},{"properties":{"displayName":"Microsoft
+ Managed Control 1423 - Maintenance Personnel | Individuals Without Appropriate
+ Access","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1423"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7741669e-d4f6-485a-83cb-e70ce7cbbc20","type":"Microsoft.Authorization/policyDefinitions","name":"7741669e-d4f6-485a-83cb-e70ce7cbbc20"},{"properties":{"displayName":"Azure
subscriptions should have a log profile for Activity Log","policyType":"BuiltIn","mode":"All","description":"This
policy ensures if a log profile is enabled for exporting activity logs. It
audits if there is no log profile created to export the logs either to a storage
account or to an event hub.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"field":"Microsoft.Insights/logProfiles/categories","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","type":"Microsoft.Authorization/policyDefinitions","name":"7796937f-307b-4598-941c-67d3a05ebfe7"},{"properties":{"displayName":"Deploy
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"field":"Microsoft.Insights/logProfiles/categories","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","type":"Microsoft.Authorization/policyDefinitions","name":"7796937f-307b-4598-941c-67d3a05ebfe7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1336 - Authenticator Management | Pki-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1336"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/77f56280-e367-432a-a3b9-8ca2aa636a26","type":"Microsoft.Authorization/policyDefinitions","name":"77f56280-e367-432a-a3b9-8ca2aa636a26"},{"properties":{"displayName":"Microsoft
+ Managed Control 1258 - Contingency Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1258"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7814506c-382c-4d33-a142-249dd4a0dbff","type":"Microsoft.Authorization/policyDefinitions","name":"7814506c-382c-4d33-a142-249dd4a0dbff"},{"properties":{"displayName":"Microsoft
+ Managed Control 1178 - Baseline Configuration | Reviews And Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1178"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7818b8f4-47c6-441a-90ae-12ce04e99893","type":"Microsoft.Authorization/policyDefinitions","name":"7818b8f4-47c6-441a-90ae-12ce04e99893"},{"properties":{"displayName":"Microsoft
+ Managed Control 1057 - Permitted Actions Without Identification Or Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1057"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/78255758-6d45-4bf0-a005-7016bc03b13c","type":"Microsoft.Authorization/policyDefinitions","name":"78255758-6d45-4bf0-a005-7016bc03b13c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1700 - Information System Monitoring | Unauthorized Network
+ Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1700"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5","type":"Microsoft.Authorization/policyDefinitions","name":"7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1010 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1010"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/784663a8-1eb0-418a-a98c-24d19bc1bb62","type":"Microsoft.Authorization/policyDefinitions","name":"784663a8-1eb0-418a-a98c-24d19bc1bb62"},{"properties":{"displayName":"Microsoft
+ Managed Control 1216 - Least Functionality | Periodic Review","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1216"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7894fe6a-f5cb-44c8-ba90-c3f254ff9484","type":"Microsoft.Authorization/policyDefinitions","name":"7894fe6a-f5cb-44c8-ba90-c3f254ff9484"},{"properties":{"displayName":"Microsoft
+ Managed Control 1639 - Boundary Protection | Isolation Of Information System
+ Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1639"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/78e8e649-50f6-4fe3-99ac-fedc2e63b03f","type":"Microsoft.Authorization/policyDefinitions","name":"78e8e649-50f6-4fe3-99ac-fedc2e63b03f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1647 - Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1647"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/791cfc15-6974-42a0-9f4c-2d4b82f4a78c","type":"Microsoft.Authorization/policyDefinitions","name":"791cfc15-6974-42a0-9f4c-2d4b82f4a78c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1510 - Position Risk Designation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1510"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/79da5b09-0e7e-499e-adda-141b069c7998","type":"Microsoft.Authorization/policyDefinitions","name":"79da5b09-0e7e-499e-adda-141b069c7998"},{"properties":{"displayName":"Microsoft
+ Managed Control 1384 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1384"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/79fbc228-461c-4a45-9004-a865ca0728a7","type":"Microsoft.Authorization/policyDefinitions","name":"79fbc228-461c-4a45-9004-a865ca0728a7"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows Server VMs on which Windows Serial Console
is not enabled","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows Server virtual
@@ -1672,7 +3170,28 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSPortNumber","value":"[parameters(''EMSPortNumber'')]"},{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSBaudRate","value":"[parameters(''EMSBaudRate'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a031c68-d6ab-406e-a506-697a19c634b0","type":"Microsoft.Authorization/policyDefinitions","name":"7a031c68-d6ab-406e-a506-697a19c634b0"},{"properties":{"displayName":"Diagnostic
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a031c68-d6ab-406e-a506-697a19c634b0","type":"Microsoft.Authorization/policyDefinitions","name":"7a031c68-d6ab-406e-a506-697a19c634b0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1093 - Role-Based Security Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1093"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a0bdeeb-15f4-47e8-a1da-9f769f845fdf","type":"Microsoft.Authorization/policyDefinitions","name":"7a0bdeeb-15f4-47e8-a1da-9f769f845fdf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1708 - Security Function Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1708"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a1e2c88-13de-4959-8ee7-47e3d74f1f48","type":"Microsoft.Authorization/policyDefinitions","name":"7a1e2c88-13de-4959-8ee7-47e3d74f1f48"},{"properties":{"displayName":"Microsoft
+ Managed Control 1289 - Information System Backup","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1289"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a724864-956a-496c-b778-637cb1d762cf","type":"Microsoft.Authorization/policyDefinitions","name":"7a724864-956a-496c-b778-637cb1d762cf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1687 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1687"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a87fc7f-301e-49f3-ba2a-4d74f424fa97","type":"Microsoft.Authorization/policyDefinitions","name":"7a87fc7f-301e-49f3-ba2a-4d74f424fa97"},{"properties":{"displayName":"Microsoft
+ Managed Control 1061 - Remote Access | Automated Monitoring / Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1061"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ac22808-a2e8-41c4-9d46-429b50738914","type":"Microsoft.Authorization/policyDefinitions","name":"7ac22808-a2e8-41c4-9d46-429b50738914"},{"properties":{"displayName":"Microsoft
+ Managed Control 1492 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1492"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ad5f307-e045-46f7-8214-5bdb7e973737","type":"Microsoft.Authorization/policyDefinitions","name":"7ad5f307-e045-46f7-8214-5bdb7e973737"},{"properties":{"displayName":"Microsoft
+ Managed Control 1636 - Boundary Protection | Isolation Of Security Tools /
+ Mechanisms / Support Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1636"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7b694eed-7081-43c6-867c-41c76c961043","type":"Microsoft.Authorization/policyDefinitions","name":"7b694eed-7081-43c6-867c-41c76c961043"},{"properties":{"displayName":"Diagnostic
logs in Virtual Machine Scale Sets should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"It
is recommended to enable Logs so that activity trail can be recreated when
investigations are required in the event of an incident or a compromise.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -1681,20 +3200,46 @@ interactions:
policy ensures blob encryption for storage accounts is turned on. It only
applies to Microsoft.Storage resource types, not other storage providers.
This policy is deprecated because storage blob encryption is now enabled by
- default, and can no longer be disabled.","metadata":{"category":"Storage","deprecated":true},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f","type":"Microsoft.Authorization/policyDefinitions","name":"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f"},{"properties":{"displayName":"Show
+ default, and can no longer be disabled.","metadata":{"category":"Storage","deprecated":true},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f","type":"Microsoft.Authorization/policyDefinitions","name":"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1143 - Security Assessment And Authorization Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1143"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7c6de11b-5f51-4f7c-8d83-d2467c8a816e","type":"Microsoft.Authorization/policyDefinitions","name":"7c6de11b-5f51-4f7c-8d83-d2467c8a816e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1051 - Session Lock","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1051"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7cac6ee9-b58b-40c8-a5ce-f0efc3d9b339","type":"Microsoft.Authorization/policyDefinitions","name":"7cac6ee9-b58b-40c8-a5ce-f0efc3d9b339"},{"properties":{"displayName":"Microsoft
+ Managed Control 1279 - Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1279"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0","type":"Microsoft.Authorization/policyDefinitions","name":"7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1109 - Content Of Audit Records | Centralized Management Of
+ Planned Audit Record Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1109"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7d9ffa23-ad92-4d0d-b1f4-7db274cc2aec","type":"Microsoft.Authorization/policyDefinitions","name":"7d9ffa23-ad92-4d0d-b1f4-7db274cc2aec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1201 - Security Impact Analysis | Separate Test Environments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1201"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7daef997-fdd3-461b-8807-a608a6dd70f1","type":"Microsoft.Authorization/policyDefinitions","name":"7daef997-fdd3-461b-8807-a608a6dd70f1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1471 - Emergency Shutoff","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1471"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7dd0e9ce-1772-41fb-a50a-99977071f916","type":"Microsoft.Authorization/policyDefinitions","name":"7dd0e9ce-1772-41fb-a50a-99977071f916"},{"properties":{"displayName":"Show
audit results from Windows VMs that have the specified applications installed","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that have the specified applications installed.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"NotInstalledApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c","type":"Microsoft.Authorization/policyDefinitions","name":"7e56b49b-5990-4159-a734-511ea19b731c"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"NotInstalledApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c","type":"Microsoft.Authorization/policyDefinitions","name":"7e56b49b-5990-4159-a734-511ea19b731c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1011 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1011"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e6a54f3-883f-43d5-87c4-172dfd64a1f5","type":"Microsoft.Authorization/policyDefinitions","name":"7e6a54f3-883f-43d5-87c4-172dfd64a1f5"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that have not restarted within the specified
number of days","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that have not restarted within the specified number of days.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MachineLastBootUpTime","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e84ba44-6d03-46fd-950e-5efa5a1112fa","type":"Microsoft.Authorization/policyDefinitions","name":"7e84ba44-6d03-46fd-950e-5efa5a1112fa"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MachineLastBootUpTime","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e84ba44-6d03-46fd-950e-5efa5a1112fa","type":"Microsoft.Authorization/policyDefinitions","name":"7e84ba44-6d03-46fd-950e-5efa5a1112fa"},{"properties":{"displayName":"Microsoft
+ Managed Control 1692 - Information System Monitoring | Inbound And Outbound
+ Communications Traffic","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1692"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ecda928-9df4-4dd7-8f44-641a91e470e8","type":"Microsoft.Authorization/policyDefinitions","name":"7ecda928-9df4-4dd7-8f44-641a91e470e8"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not have the password complexity
setting enabled","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -1703,14 +3248,24 @@ interactions:
Configuration. This policy should only be used along with its corresponding
audit policy in an initiative. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordMustMeetComplexityRequirements"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","type":"Microsoft.Authorization/policyDefinitions","name":"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8"},{"properties":{"displayName":"[Preview]:
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordMustMeetComplexityRequirements"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","type":"Microsoft.Authorization/policyDefinitions","name":"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1191 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1191"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f26a61b-a74d-467c-99cf-63644db144f7","type":"Microsoft.Authorization/policyDefinitions","name":"7f26a61b-a74d-467c-99cf-63644db144f7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1520 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1520"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f2c513b-eb16-463b-b469-c10e5fa94f0a","type":"Microsoft.Authorization/policyDefinitions","name":"7f2c513b-eb16-463b-b469-c10e5fa94f0a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1126 - Audit Reduction And Report Generation | Automatic Processing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1126"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f37f71b-420f-49bf-9477-9c0196974ecf","type":"Microsoft.Authorization/policyDefinitions","name":"7f37f71b-420f-49bf-9477-9c0196974ecf"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Privilege Use''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -1721,13 +3276,28 @@ interactions:
Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPrivilegeUse","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f4e96d1-e4f3-4dbb-b767-33ca4df8df7c","type":"Microsoft.Authorization/policyDefinitions","name":"7f4e96d1-e4f3-4dbb-b767-33ca4df8df7c"},{"properties":{"displayName":"Audit
diagnostic setting","policyType":"BuiltIn","mode":"All","description":"Audit
diagnostic setting for selected resource types","metadata":{"category":"Monitoring"},"parameters":{"listOfResourceTypes":{"type":"Array","metadata":{"displayName":"Resource
- Types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypes'')]"},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","type":"Microsoft.Authorization/policyDefinitions","name":"7f89b1eb-583c-429a-8828-af049802c1d9"},{"properties":{"displayName":"SQL
+ Types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypes'')]"},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","type":"Microsoft.Authorization/policyDefinitions","name":"7f89b1eb-583c-429a-8828-af049802c1d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1117 - Audit Review, Analysis, And Reporting | Process Integration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1117"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7fbfe680-6dbb-4037-963c-a621c5635902","type":"Microsoft.Authorization/policyDefinitions","name":"7fbfe680-6dbb-4037-963c-a621c5635902"},{"properties":{"displayName":"SQL
Auditing settings should have Action-Groups configured to capture critical
activities","policyType":"BuiltIn","mode":"Indexed","description":"The AuditActionsAndGroups
property should contain at least SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,
FAILED_DATABASE_AUTHENTICATION_GROUP, BATCH_COMPLETED_GROUP to ensure a thorough
audit logging","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"FAILED_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"BATCH_COMPLETED_GROUP"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","type":"Microsoft.Authorization/policyDefinitions","name":"7ff426e2-515f-405a-91c8-4f2333442eb5"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"FAILED_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"BATCH_COMPLETED_GROUP"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","type":"Microsoft.Authorization/policyDefinitions","name":"7ff426e2-515f-405a-91c8-4f2333442eb5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1703 - Security Alerts, Advisories, And Directives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1703"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/804faf7d-b687-40f7-9f74-79e28adf4205","type":"Microsoft.Authorization/policyDefinitions","name":"804faf7d-b687-40f7-9f74-79e28adf4205"},{"properties":{"displayName":"Microsoft
+ Managed Control 1303 - Identification And Authentication (Org. Users) | Local
+ Access To Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1303"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/80ca0a27-918a-4604-af9e-723a27ee51e8","type":"Microsoft.Authorization/policyDefinitions","name":"80ca0a27-918a-4604-af9e-723a27ee51e8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1505 - Information Security Architecture","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1505"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/813a10a7-3943-4fe3-8678-00dc52db5490","type":"Microsoft.Authorization/policyDefinitions","name":"813a10a7-3943-4fe3-8678-00dc52db5490"},{"properties":{"displayName":"Microsoft
+ Managed Control 1614 - Developer Security Architecture And Design","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1614"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8154e3b3-cc52-40be-9407-7756581d71f6","type":"Microsoft.Authorization/policyDefinitions","name":"8154e3b3-cc52-40be-9407-7756581d71f6"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''User Rights Assignment''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
with non-compliant settings in Group Policy category: ''User Rights Assignment''.
@@ -1828,7 +3398,35 @@ interactions:
files and directories;ExpectedValue","value":"[parameters(''UsersAndGroupsThatMayRestoreFilesAndDirectories'')]"},{"name":"Shut
down the system;ExpectedValue","value":"[parameters(''UsersAndGroupsThatMayShutDownTheSystem'')]"},{"name":"Take
ownership of files or other objects;ExpectedValue","value":"[parameters(''UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/815dcc9f-6662-43f2-9a03-1b83e9876f24","type":"Microsoft.Authorization/policyDefinitions","name":"815dcc9f-6662-43f2-9a03-1b83e9876f24"},{"properties":{"displayName":"Diagnostic
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/815dcc9f-6662-43f2-9a03-1b83e9876f24","type":"Microsoft.Authorization/policyDefinitions","name":"815dcc9f-6662-43f2-9a03-1b83e9876f24"},{"properties":{"displayName":"Microsoft
+ Managed Control 1308 - Identification And Authentication (Org. Users) | Remote
+ Access - Separate Device","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1308"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/81817e1c-5347-48dd-965a-40159d008229","type":"Microsoft.Authorization/policyDefinitions","name":"81817e1c-5347-48dd-965a-40159d008229"},{"properties":{"displayName":"Microsoft
+ Managed Control 1287 - Information System Backup","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1287"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/819dc6da-289d-476e-8500-7e341ef8677d","type":"Microsoft.Authorization/policyDefinitions","name":"819dc6da-289d-476e-8500-7e341ef8677d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1213 - Configuration Settings | Respond To Unauthorized Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1213"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/81f11e32-a293-4a58-82cd-134af52e2318","type":"Microsoft.Authorization/policyDefinitions","name":"81f11e32-a293-4a58-82cd-134af52e2318"},{"properties":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for MySQL","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure Database for MySQL with geo-redundant backup not enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMySQL/servers"},{"field":"Microsoft.DBforMySQL/servers/storageProfile.geoRedundantBackup","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","type":"Microsoft.Authorization/policyDefinitions","name":"82339799-d096-41ae-8538-b108becf0970"},{"properties":{"displayName":"Microsoft
+ Managed Control 1168 - Continuous Monitoring | Independent Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1168"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/82409f9e-1f32-4775-bf07-b99d53a91b06","type":"Microsoft.Authorization/policyDefinitions","name":"82409f9e-1f32-4775-bf07-b99d53a91b06"},{"properties":{"displayName":"Microsoft
+ Managed Control 1448 - Physical Access Authorizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1448"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/825d6494-e583-42f2-a3f2-6458e6f0004f","type":"Microsoft.Authorization/policyDefinitions","name":"825d6494-e583-42f2-a3f2-6458e6f0004f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1452 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1452"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/82c76455-4d3f-4e09-a654-22e592107e74","type":"Microsoft.Authorization/policyDefinitions","name":"82c76455-4d3f-4e09-a654-22e592107e74"},{"properties":{"displayName":"Microsoft
+ Managed Control 1262 - Contingency Plan Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1262"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/831e510e-db41-4c72-888e-a0621ab62265","type":"Microsoft.Authorization/policyDefinitions","name":"831e510e-db41-4c72-888e-a0621ab62265"},{"properties":{"displayName":"Microsoft
+ Managed Control 1008 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1008"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8356cfc6-507a-4d20-b818-08038011cd07","type":"Microsoft.Authorization/policyDefinitions","name":"8356cfc6-507a-4d20-b818-08038011cd07"},{"properties":{"displayName":"Diagnostic
logs in Event Hub should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
@@ -1840,7 +3438,48 @@ interactions:
policy denies the network interfaces which are configured with any public
IP. Public IP addresses allow internet resources to communicate inbound to
Azure resources, and Azure resources to communicate outbound to the internet.
- This should be reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"not":{"field":"Microsoft.Network/networkInterfaces/ipconfigurations[*].publicIpAddress.id","notLike":"*"}}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114","type":"Microsoft.Authorization/policyDefinitions","name":"83a86a26-fd1f-447c-b59d-e51f44264114"},{"properties":{"displayName":"[Preview]:
+ This should be reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"not":{"field":"Microsoft.Network/networkInterfaces/ipconfigurations[*].publicIpAddress.id","notLike":"*"}}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114","type":"Microsoft.Authorization/policyDefinitions","name":"83a86a26-fd1f-447c-b59d-e51f44264114"},{"properties":{"displayName":"Microsoft
+ Managed Control 1382 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1382"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/841392b3-40da-4473-b328-4cde49db67b3","type":"Microsoft.Authorization/policyDefinitions","name":"841392b3-40da-4473-b328-4cde49db67b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1098 - Security Training Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1098"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/84363adb-dde3-411a-9fc1-36b56737f822","type":"Microsoft.Authorization/policyDefinitions","name":"84363adb-dde3-411a-9fc1-36b56737f822"},{"properties":{"displayName":"Ensure
+ that ''.Net Framework'' version is the latest, if used as a part of the Web
+ app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for .Net Framework software either due to security
+ flaws or to include additional functionality. Using the latest .Net framework
+ version for web apps is recommended in order to to take advantage of security
+ fixes, if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.netFrameworkVersion","in":["v3.0","v4.0"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/843664e0-7563-41ee-a9cb-7522c382d2c4","type":"Microsoft.Authorization/policyDefinitions","name":"843664e0-7563-41ee-a9cb-7522c382d2c4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1119 - Audit Review, Analysis, And Reporting | Central Review
+ And Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1119"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/845f6359-b764-4b40-b579-657aefe23c44","type":"Microsoft.Authorization/policyDefinitions","name":"845f6359-b764-4b40-b579-657aefe23c44"},{"properties":{"displayName":"Microsoft
+ Managed Control 1024 - Account Management | Account Monitoring / Atypical
+ Usage","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1024"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/84914fb4-12da-4c53-a341-a9fd463bed10","type":"Microsoft.Authorization/policyDefinitions","name":"84914fb4-12da-4c53-a341-a9fd463bed10"},{"properties":{"displayName":"Microsoft
+ Managed Control 1307 - Identification And Authentication (Org. Users) | Net.
+ Access To Non-Priv. Accts. - Replay","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1307"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/84e622c8-4bed-417c-84c6-b2fb0dd73682","type":"Microsoft.Authorization/policyDefinitions","name":"84e622c8-4bed-417c-84c6-b2fb0dd73682"},{"properties":{"displayName":"Microsoft
+ Managed Control 1080 - Use Of External Information Systems | Portable Storage
+ Devices","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1080"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/852981b4-a380-4704-aa1e-2e52d63445e5","type":"Microsoft.Authorization/policyDefinitions","name":"852981b4-a380-4704-aa1e-2e52d63445e5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1580 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1580"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/854db8ac-6adf-42a0-bef3-b73f764f40b9","type":"Microsoft.Authorization/policyDefinitions","name":"854db8ac-6adf-42a0-bef3-b73f764f40b9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1348 - Identification And Authentication (Non-Org. Users)
+ | Acceptance Of Third-Party Credentials","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1348"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/855ced56-417b-4d74-9d5f-dd1bc81e22d6","type":"Microsoft.Authorization/policyDefinitions","name":"855ced56-417b-4d74-9d5f-dd1bc81e22d6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1079 - Use Of External Information Systems | Limits On Authorized
+ Use","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1079"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/85c32733-7d23-4948-88da-058e2c56b60f","type":"Microsoft.Authorization/policyDefinitions","name":"85c32733-7d23-4948-88da-058e2c56b60f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1326 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1326"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8605fc00-1bf5-4fb3-984e-c95cec4f231d","type":"Microsoft.Authorization/policyDefinitions","name":"8605fc00-1bf5-4fb3-984e-c95cec4f231d"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Microsoft Network Server''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -1858,11 +3497,39 @@ interactions:
updates should be installed on your machines","policyType":"BuiltIn","mode":"All","description":"Missing
security system updates on your servers will be monitored by Azure Security
Center as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"systemUpdates","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","type":"Microsoft.Authorization/policyDefinitions","name":"86b3d65f-7626-441e-b690-81a8b71cff60"},{"properties":{"displayName":"Require
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"systemUpdates","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","type":"Microsoft.Authorization/policyDefinitions","name":"86b3d65f-7626-441e-b690-81a8b71cff60"},{"properties":{"displayName":"Microsoft
+ Managed Control 1507 - Personnel Security Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1507"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86ccd1bf-e7ad-4851-93ce-6ec817469c1e","type":"Microsoft.Authorization/policyDefinitions","name":"86ccd1bf-e7ad-4851-93ce-6ec817469c1e"},{"properties":{"displayName":"Ensure
+ that Register with Azure Active Directory is enabled on API app","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86d97760-d216-4d81-a3ad-163087b2b6c3","type":"Microsoft.Authorization/policyDefinitions","name":"86d97760-d216-4d81-a3ad-163087b2b6c3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1392 - Information Spillage Response | Post-Spill Operations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1392"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86dc819f-15e1-43f9-a271-41ae58d4cecc","type":"Microsoft.Authorization/policyDefinitions","name":"86dc819f-15e1-43f9-a271-41ae58d4cecc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1589 - External Information System Services | Risk Assessments
+ / Organizational Approvals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1589"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86ec7f9b-9478-40ff-8cfd-6a0d510081a8","type":"Microsoft.Authorization/policyDefinitions","name":"86ec7f9b-9478-40ff-8cfd-6a0d510081a8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1207 - Access Restrictions For Change | Limit Production /
+ Operational Privileges","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1207"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8713a0ed-0d1e-4d10-be82-83dffb39830e","type":"Microsoft.Authorization/policyDefinitions","name":"8713a0ed-0d1e-4d10-be82-83dffb39830e"},{"properties":{"displayName":"Require
specified tag","policyType":"BuiltIn","mode":"Indexed","description":"Enforces
existence of a tag. Does not apply to resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","exists":"false"},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/871b6d14-10aa-478d-b590-94f262ecfa99","type":"Microsoft.Authorization/policyDefinitions","name":"871b6d14-10aa-478d-b590-94f262ecfa99"},{"properties":{"displayName":"[Preview]:
+ parameters(''tagName''), '']'')]","exists":"false"},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/871b6d14-10aa-478d-b590-94f262ecfa99","type":"Microsoft.Authorization/policyDefinitions","name":"871b6d14-10aa-478d-b590-94f262ecfa99"},{"properties":{"displayName":"Microsoft
+ Managed Control 1180 - Baseline Configuration | Automation Support For Accuracy
+ / Currency","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1180"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/874e7880-a067-42a7-bcbe-1a340f54c8cc","type":"Microsoft.Authorization/policyDefinitions","name":"874e7880-a067-42a7-bcbe-1a340f54c8cc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1635 - Boundary Protection | Host-Based Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1635"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e","type":"Microsoft.Authorization/policyDefinitions","name":"87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Administrative Templates
- Control Panel''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -1870,7 +3537,18 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Administrative Templates - Control Panel''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesControlPanel","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/87b590fe-4a1d-4697-ae74-d4fe72ab786c","type":"Microsoft.Authorization/policyDefinitions","name":"87b590fe-4a1d-4697-ae74-d4fe72ab786c"},{"properties":{"displayName":"Deploy
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesControlPanel","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/87b590fe-4a1d-4697-ae74-d4fe72ab786c","type":"Microsoft.Authorization/policyDefinitions","name":"87b590fe-4a1d-4697-ae74-d4fe72ab786c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1293 - Information System Backup | Separate Storage For Critical
+ Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1293"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/87f7cd82-2e45-4d0f-9e2f-586b0962d142","type":"Microsoft.Authorization/policyDefinitions","name":"87f7cd82-2e45-4d0f-9e2f-586b0962d142"},{"properties":{"displayName":"Microsoft
+ Managed Control 1440 - Media Sanitization | Review / Approve / Track / Document
+ / Verify","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1440"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/881299bf-2a5b-4686-a1b2-321d33679953","type":"Microsoft.Authorization/policyDefinitions","name":"881299bf-2a5b-4686-a1b2-321d33679953"},{"properties":{"displayName":"Microsoft
+ Managed Control 1356 - Incident Response Training | Simulated Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1356"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8829f8f5-e8be-441e-85c9-85b72a5d0ef3","type":"Microsoft.Authorization/policyDefinitions","name":"8829f8f5-e8be-441e-85c9-85b72a5d0ef3"},{"properties":{"displayName":"Deploy
prerequisites to audit Linux VMs that have the specified applications installed","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Linux virtual machines
that have the specified applications installed. It also creates a system-assigned
@@ -1890,15 +3568,37 @@ interactions:
['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0","type":"Microsoft.Authorization/policyDefinitions","name":"884b209a-963b-4520-8006-d20cb3c213e0"},{"properties":{"displayName":"Network
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0","type":"Microsoft.Authorization/policyDefinitions","name":"884b209a-963b-4520-8006-d20cb3c213e0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1317 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1317"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8877f519-c166-47b7-81b7-8a8eb4ff3775","type":"Microsoft.Authorization/policyDefinitions","name":"8877f519-c166-47b7-81b7-8a8eb4ff3775"},{"properties":{"displayName":"Microsoft
+ Managed Control 1501 - Rules Of Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1501"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88817b58-8472-4f6c-81fa-58ce42b67f51","type":"Microsoft.Authorization/policyDefinitions","name":"88817b58-8472-4f6c-81fa-58ce42b67f51"},{"properties":{"displayName":"Ensure
+ that ''Java version'' is the latest, if used as a part of the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Java either due to security flaws or to include
+ additional functionality. Using the latest Python version for Api apps is
+ recommended in order to to take advantage of security fixes, if any, and/or
+ new functionalities of the latest version.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ Java version","description":"Latest supported Java version for App Services"},"defaultValue":"11"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"JAVA"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","like":"[concat(''*'',
+ parameters(''JavaLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.javaVersion","like":"[concat(parameters(''JavaLatestVersion''),
+ ''*'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","type":"Microsoft.Authorization/policyDefinitions","name":"88999f4c-376a-45c8-bcb3-4058f713cf39"},{"properties":{"displayName":"Network
interfaces should disable IP forwarding","policyType":"BuiltIn","mode":"Indexed","description":"This
policy denies the network interfaces which enabled IP forwarding. The setting
of IP forwarding disables Azure''s check of the source and destination for
- a network interface. This should be reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"field":"Microsoft.Network/networkInterfaces/enableIpForwarding","equals":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900","type":"Microsoft.Authorization/policyDefinitions","name":"88c0b9da-ce96-4b03-9635-f29a937e2900"},{"properties":{"displayName":"SQL
+ a network interface. This should be reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"field":"Microsoft.Network/networkInterfaces/enableIpForwarding","equals":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900","type":"Microsoft.Authorization/policyDefinitions","name":"88c0b9da-ce96-4b03-9635-f29a937e2900"},{"properties":{"displayName":"Microsoft
+ Managed Control 1215 - Least Functionality","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1215"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88fc93e8-4745-4785-b5a5-b44bb92c44ff","type":"Microsoft.Authorization/policyDefinitions","name":"88fc93e8-4745-4785-b5a5-b44bb92c44ff"},{"properties":{"displayName":"SQL
servers should be configured with auditing retention days greater than 90
days.","policyType":"BuiltIn","mode":"Indexed","description":"Audit SQL servers
configured with an auditing retention period of less than 90 days.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/auditingSettings/retentionDays","greater":90}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","type":"Microsoft.Authorization/policyDefinitions","name":"89099bee-89e0-4b26-a5f4-165451757743"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/auditingSettings/retentionDays","greater":90}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","type":"Microsoft.Authorization/policyDefinitions","name":"89099bee-89e0-4b26-a5f4-165451757743"},{"properties":{"displayName":"Microsoft
+ Managed Control 1411 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1411"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/898d4fe8-f743-4333-86b7-0c9245d93e7d","type":"Microsoft.Authorization/policyDefinitions","name":"898d4fe8-f743-4333-86b7-0c9245d93e7d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1092 - Security Awareness Training | Insider Threat","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1092"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8a29d47b-8604-4667-84ef-90d203fcb305","type":"Microsoft.Authorization/policyDefinitions","name":"8a29d47b-8604-4667-84ef-90d203fcb305"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
System settings''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -1912,19 +3612,60 @@ interactions:
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines with a pending reboot. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8b0de57a-f511-4d45-a277-17cb79cb163b","type":"Microsoft.Authorization/policyDefinitions","name":"8b0de57a-f511-4d45-a277-17cb79cb163b"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8b0de57a-f511-4d45-a277-17cb79cb163b","type":"Microsoft.Authorization/policyDefinitions","name":"8b0de57a-f511-4d45-a277-17cb79cb163b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1534 - Personnel Sanctions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1534"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8b2b263e-cd05-4488-bcbf-4debec7a17d9","type":"Microsoft.Authorization/policyDefinitions","name":"8b2b263e-cd05-4488-bcbf-4debec7a17d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1170 - Penetration Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1170"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8b78b9b3-ee3c-48e0-a243-ed6dba5b7a12","type":"Microsoft.Authorization/policyDefinitions","name":"8b78b9b3-ee3c-48e0-a243-ed6dba5b7a12"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Windows Firewall Properties''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Windows Firewall Properties''. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsFirewallProperties","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8bbd627e-4d25-4906-9a6e-3789780af3ec","type":"Microsoft.Authorization/policyDefinitions","name":"8bbd627e-4d25-4906-9a6e-3789780af3ec"},{"properties":{"displayName":"Require
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsFirewallProperties","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8bbd627e-4d25-4906-9a6e-3789780af3ec","type":"Microsoft.Authorization/policyDefinitions","name":"8bbd627e-4d25-4906-9a6e-3789780af3ec"},{"properties":{"displayName":"Ensure
+ that ''HTTP Version'' is the latest, if used to run the Web app","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.http20Enabled","Equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae","type":"Microsoft.Authorization/policyDefinitions","name":"8c122334-9d20-4eb8-89ea-ac9a705b74ae"},{"properties":{"displayName":"Microsoft
+ Managed Control 1458 - Physical Access Control | Information System Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1458"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8c19ceb7-56e9-4488-8ddb-b1eb3aa6d203","type":"Microsoft.Authorization/policyDefinitions","name":"8c19ceb7-56e9-4488-8ddb-b1eb3aa6d203"},{"properties":{"displayName":"Microsoft
+ Managed Control 1683 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1683"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8c79fee4-88dd-44ce-bbd4-4de88948c4f8","type":"Microsoft.Authorization/policyDefinitions","name":"8c79fee4-88dd-44ce-bbd4-4de88948c4f8"},{"properties":{"displayName":"Latest
+ TLS version should be used in your API App","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
+ to the latest TLS version","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","type":"Microsoft.Authorization/policyDefinitions","name":"8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1316 - Identifier Management | Identify User Status","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1316"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ce14753-66e5-465d-9841-26ef55c09c0d","type":"Microsoft.Authorization/policyDefinitions","name":"8ce14753-66e5-465d-9841-26ef55c09c0d"},{"properties":{"displayName":"Require
tag and its value on resource groups","policyType":"BuiltIn","mode":"All","description":"Enforces
a required tag and its value on resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","notEquals":"[parameters(''tagValue'')]"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46","type":"Microsoft.Authorization/policyDefinitions","name":"8ce3da23-7156-49e4-b145-24f95f9dcb46"},{"properties":{"displayName":"[Preview]:
+ parameters(''tagName''), '']'')]","notEquals":"[parameters(''tagValue'')]"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46","type":"Microsoft.Authorization/policyDefinitions","name":"8ce3da23-7156-49e4-b145-24f95f9dcb46"},{"properties":{"displayName":"Microsoft
+ Managed Control 1324 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1324"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8cfea2b3-7f77-497e-ac20-0752f2ff6eee","type":"Microsoft.Authorization/policyDefinitions","name":"8cfea2b3-7f77-497e-ac20-0752f2ff6eee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1225 - Information System Component Inventory | Automated
+ Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1225"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8d096fe0-f510-4486-8b4d-d17dc230980b","type":"Microsoft.Authorization/policyDefinitions","name":"8d096fe0-f510-4486-8b4d-d17dc230980b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1288 - Information System Backup","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1288"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f","type":"Microsoft.Authorization/policyDefinitions","name":"8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1281 - Telecommunications Services | Priority Of Service Provisions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1281"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8dc459b3-0e77-45af-8d71-cfd8c9654fe2","type":"Microsoft.Authorization/policyDefinitions","name":"8dc459b3-0e77-45af-8d71-cfd8c9654fe2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1250 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1250"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8de614d8-a8b7-4f70-a62a-6d37089a002c","type":"Microsoft.Authorization/policyDefinitions","name":"8de614d8-a8b7-4f70-a62a-6d37089a002c"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - Object Access''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -1953,7 +3694,22 @@ interactions:
Detailed File Share;ExpectedValue","value":"[parameters(''AuditDetailedFileShare'')]"},{"name":"Audit
File Share;ExpectedValue","value":"[parameters(''AuditFileShare'')]"},{"name":"Audit
File System;ExpectedValue","value":"[parameters(''AuditFileSystem'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8e170edb-e0f5-497a-bb36-48b3280cec6a","type":"Microsoft.Authorization/policyDefinitions","name":"8e170edb-e0f5-497a-bb36-48b3280cec6a"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8e170edb-e0f5-497a-bb36-48b3280cec6a","type":"Microsoft.Authorization/policyDefinitions","name":"8e170edb-e0f5-497a-bb36-48b3280cec6a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1278 - Alternate Processing Site | Preparation For Use","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1278"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8e5ef485-9e16-4c53-a475-fbb8107eac59","type":"Microsoft.Authorization/policyDefinitions","name":"8e5ef485-9e16-4c53-a475-fbb8107eac59"},{"properties":{"displayName":"Microsoft
+ Managed Control 1517 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1517"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8f5ad423-50d6-4617-b058-69908f5586c9","type":"Microsoft.Authorization/policyDefinitions","name":"8f5ad423-50d6-4617-b058-69908f5586c9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1668 - Flaw Remediation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1668"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8fb0966e-be1d-42c3-baca-60df5c0bcc61","type":"Microsoft.Authorization/policyDefinitions","name":"8fb0966e-be1d-42c3-baca-60df5c0bcc61"},{"properties":{"displayName":"Microsoft
+ Managed Control 1013 - Account Management | Automated System Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1013"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8fd7b917-d83b-4379-af60-51e14e316c61","type":"Microsoft.Authorization/policyDefinitions","name":"8fd7b917-d83b-4379-af60-51e14e316c61"},{"properties":{"displayName":"Microsoft
+ Managed Control 1147 - Security Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1147"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8fef824a-29a8-4a4c-88fc-420a39c0d541","type":"Microsoft.Authorization/policyDefinitions","name":"8fef824a-29a8-4a4c-88fc-420a39c0d541"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not store passwords using
reversible encryption","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -1961,14 +3717,17 @@ interactions:
system-assigned managed identity and deploys the VM extension for Guest Configuration.
This policy should only be used along with its corresponding audit policy
in an initiative. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"StorePasswordsUsingReversibleEncryption","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"StorePasswordsUsingReversibleEncryption"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","type":"Microsoft.Authorization/policyDefinitions","name":"8ff0b18b-262e-4512-857a-48ad0aeb9a78"},{"properties":{"displayName":"[Preview]:
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"StorePasswordsUsingReversibleEncryption","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"StorePasswordsUsingReversibleEncryption"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","type":"Microsoft.Authorization/policyDefinitions","name":"8ff0b18b-262e-4512-857a-48ad0aeb9a78"},{"properties":{"displayName":"Microsoft
+ Managed Control 1550 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1550"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/902908fb-25a8-4225-a3a5-5603c80066c9","type":"Microsoft.Authorization/policyDefinitions","name":"902908fb-25a8-4225-a3a5-5603c80066c9"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Windows Firewall
Properties''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -2101,7 +3860,10 @@ interactions:
Firewall: Domain: Allow unicast response;ExpectedValue","value":"[parameters(''WindowsFirewallDomainAllowUnicastResponse'')]"},{"name":"Windows
Firewall: Private: Allow unicast response;ExpectedValue","value":"[parameters(''WindowsFirewallPrivateAllowUnicastResponse'')]"},{"name":"Windows
Firewall: Public: Allow unicast response;ExpectedValue","value":"[parameters(''WindowsFirewallPublicAllowUnicastResponse'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/909c958d-1b99-4c74-b88f-46a5c5bc34f9","type":"Microsoft.Authorization/policyDefinitions","name":"909c958d-1b99-4c74-b88f-46a5c5bc34f9"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/909c958d-1b99-4c74-b88f-46a5c5bc34f9","type":"Microsoft.Authorization/policyDefinitions","name":"909c958d-1b99-4c74-b88f-46a5c5bc34f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1133 - Protection Of Audit Information | Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1133"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90b60a09-133d-45bc-86ef-b206a6134bbe","type":"Microsoft.Authorization/policyDefinitions","name":"90b60a09-133d-45bc-86ef-b206a6134bbe"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that do not have the specified Windows
PowerShell modules installed","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -2123,19 +3885,40 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellModules]PowerShellModules1;Modules","value":"[parameters(''Modules'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90ba2ee7-4ca8-4673-84d1-c851c50d3baf","type":"Microsoft.Authorization/policyDefinitions","name":"90ba2ee7-4ca8-4673-84d1-c851c50d3baf"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90ba2ee7-4ca8-4673-84d1-c851c50d3baf","type":"Microsoft.Authorization/policyDefinitions","name":"90ba2ee7-4ca8-4673-84d1-c851c50d3baf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1140 - Audit Generation | System-Wide / Time-Correlated Audit
+ Trail","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1140"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90d8b8ad-8ee3-4db7-913f-2a53fcff5316","type":"Microsoft.Authorization/policyDefinitions","name":"90d8b8ad-8ee3-4db7-913f-2a53fcff5316"},{"properties":{"displayName":"Microsoft
+ Managed Control 1355 - Incident Response Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1355"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90e01f69-3074-4de8-ade7-0fef3e7d83e0","type":"Microsoft.Authorization/policyDefinitions","name":"90e01f69-3074-4de8-ade7-0fef3e7d83e0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1657 - Secure Name / Address Resolution Service (Authoritative
+ Source)","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1657"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90f01329-a100-43c2-af31-098996135d2b","type":"Microsoft.Authorization/policyDefinitions","name":"90f01329-a100-43c2-af31-098996135d2b"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Windows Components''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Windows Components''. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsComponents","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9178b430-2295-406e-bb28-f6a7a2a2f897","type":"Microsoft.Authorization/policyDefinitions","name":"9178b430-2295-406e-bb28-f6a7a2a2f897"},{"properties":{"displayName":"MFA
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsComponents","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9178b430-2295-406e-bb28-f6a7a2a2f897","type":"Microsoft.Authorization/policyDefinitions","name":"9178b430-2295-406e-bb28-f6a7a2a2f897"},{"properties":{"displayName":"Microsoft
+ Managed Control 1069 - Wireless Access | Authentication And Encryption","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1069"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/91c97b44-791e-46e9-bad7-ab7c4949edbb","type":"Microsoft.Authorization/policyDefinitions","name":"91c97b44-791e-46e9-bad7-ab7c4949edbb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1370 - Incident Monitoring | Automated Tracking / Data Collection
+ / Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1370"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/924e1b2d-c502-478f-bfdb-a7e09a0d5c01","type":"Microsoft.Authorization/policyDefinitions","name":"924e1b2d-c502-478f-bfdb-a7e09a0d5c01"},{"properties":{"displayName":"MFA
should be enabled accounts with write permissions on your subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor
Authentication (MFA) should be enabled for all subscription accounts with
write privileges to prevent a breach of accounts or resources.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","type":"Microsoft.Authorization/policyDefinitions","name":"9297c21d-2ed6-4474-b48f-163f75654ce3"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","type":"Microsoft.Authorization/policyDefinitions","name":"9297c21d-2ed6-4474-b48f-163f75654ce3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1290 - Information System Backup","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1290"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/92f85ce9-17b7-49ea-85ee-ea7271ea6b82","type":"Microsoft.Authorization/policyDefinitions","name":"92f85ce9-17b7-49ea-85ee-ea7271ea6b82"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that contain certificates expiring within
the specified number of days","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -2163,19 +3946,53 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToInclude","value":"[parameters(''MembersToInclude'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","type":"Microsoft.Authorization/policyDefinitions","name":"93507a81-10a4-4af0-9ee2-34cf25a96e98"},{"properties":{"displayName":"[Deprecated]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","type":"Microsoft.Authorization/policyDefinitions","name":"93507a81-10a4-4af0-9ee2-34cf25a96e98"},{"properties":{"displayName":"Microsoft
+ Managed Control 1575 - Acquisition Process | Functional Properties Of Security
+ Controls","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1575"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93e1bb73-1b08-4dbe-9c62-8e2e92e7ec41","type":"Microsoft.Authorization/policyDefinitions","name":"93e1bb73-1b08-4dbe-9c62-8e2e92e7ec41"},{"properties":{"displayName":"Microsoft
+ Managed Control 1674 - Flaw Remediation | Time To Remediate Flaws / Benchmarks
+ For Corrective Actions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1674"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93e9e233-dd0a-4bde-aea5-1371bce0e002","type":"Microsoft.Authorization/policyDefinitions","name":"93e9e233-dd0a-4bde-aea5-1371bce0e002"},{"properties":{"displayName":"Microsoft
+ Managed Control 1297 - Information System Recovery And Reconstitution | Restore
+ Within Time Period","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1297"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93fd8af1-c161-4bae-9ba9-f62731f76439","type":"Microsoft.Authorization/policyDefinitions","name":"93fd8af1-c161-4bae-9ba9-f62731f76439"},{"properties":{"displayName":"Microsoft
+ Managed Control 1284 - Telecommunications Services | Provider Contingency
+ Plan","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1284"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/942b3e97-6ae3-410e-a794-c9c999b97c0b","type":"Microsoft.Authorization/policyDefinitions","name":"942b3e97-6ae3-410e-a794-c9c999b97c0b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1379 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1379"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9442dd2c-a07f-46cd-b55a-553b66ba47ca","type":"Microsoft.Authorization/policyDefinitions","name":"9442dd2c-a07f-46cd-b55a-553b66ba47ca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1371 - Incident Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1371"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9447f354-2c85-4700-93b3-ecdc6cb6a417","type":"Microsoft.Authorization/policyDefinitions","name":"9447f354-2c85-4700-93b3-ecdc6cb6a417"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation only in European data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
- resource creation in the following locations only: North Europe, West Europe","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["northeurope","westeurope"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b","type":"Microsoft.Authorization/policyDefinitions","name":"94c19f19-8192-48cd-a11b-e37099d3e36b"},{"properties":{"displayName":"Require
+ resource creation in the following locations only: North Europe, West Europe","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["northeurope","westeurope"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b","type":"Microsoft.Authorization/policyDefinitions","name":"94c19f19-8192-48cd-a11b-e37099d3e36b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1526 - Access Agreements","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1526"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/953e6261-a05a-44fd-8246-000e1a3edbb9","type":"Microsoft.Authorization/policyDefinitions","name":"953e6261-a05a-44fd-8246-000e1a3edbb9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1163 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1163"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/961663a1-8a91-4e59-b6f5-1eee57c0f49c","type":"Microsoft.Authorization/policyDefinitions","name":"961663a1-8a91-4e59-b6f5-1eee57c0f49c"},{"properties":{"displayName":"Require
specified tag on resource groups","policyType":"BuiltIn","mode":"All","description":"Enforces
existence of a tag on resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/96670d01-0a4d-4649-9c89-2d3abc0a5025","type":"Microsoft.Authorization/policyDefinitions","name":"96670d01-0a4d-4649-9c89-2d3abc0a5025"},{"properties":{"displayName":"Advanced
+ parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/96670d01-0a4d-4649-9c89-2d3abc0a5025","type":"Microsoft.Authorization/policyDefinitions","name":"96670d01-0a4d-4649-9c89-2d3abc0a5025"},{"properties":{"displayName":"Microsoft
+ Managed Control 1717 - Software, Firmware, And Information Integrity | Binary
+ Or Machine Executable Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1717"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef","type":"Microsoft.Authorization/policyDefinitions","name":"967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef"},{"properties":{"displayName":"Advanced
data security settings for SQL server should contain an email address to receive
security alerts","policyType":"BuiltIn","mode":"Indexed","description":"Ensure
that an email address is provided for the ''Send alerts to'' field in the
Advanced Data Security server settings. This email address receives alert
notifications when anomalous activities are detected on SQL servers.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAddresses[*]","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","type":"Microsoft.Authorization/policyDefinitions","name":"9677b740-f641-4f3c-b9c5-466005c85278"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAddresses[*]","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","type":"Microsoft.Authorization/policyDefinitions","name":"9677b740-f641-4f3c-b9c5-466005c85278"},{"properties":{"displayName":"Microsoft
+ Managed Control 1453 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1453"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9693b564-3008-42bc-9d5d-9c7fe198c011","type":"Microsoft.Authorization/policyDefinitions","name":"9693b564-3008-42bc-9d5d-9c7fe198c011"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Adminstrative Templates
- MSS (Legacy)''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -2183,7 +4000,11 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Adminstrative Templates - MSS (Legacy)''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdminstrativeTemplatesMSSLegacy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97646672-5efa-4622-9b54-740270ad60bf","type":"Microsoft.Authorization/policyDefinitions","name":"97646672-5efa-4622-9b54-740270ad60bf"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdminstrativeTemplatesMSSLegacy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97646672-5efa-4622-9b54-740270ad60bf","type":"Microsoft.Authorization/policyDefinitions","name":"97646672-5efa-4622-9b54-740270ad60bf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1607 - Developer Security Testing And Evaluation | Dynamic
+ Code Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1607"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/976a74cf-b192-4d35-8cab-2068f272addb","type":"Microsoft.Authorization/policyDefinitions","name":"976a74cf-b192-4d35-8cab-2068f272addb"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - Policy Change''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -2208,7 +4029,13 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit
Authentication Policy Change;ExpectedValue","value":"[parameters(''AuditAuthenticationPolicyChange'')]"},{"name":"Audit
Authorization Policy Change;ExpectedValue","value":"[parameters(''AuditAuthorizationPolicyChange'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97b595c8-fd10-400e-8543-28e2b9138b13","type":"Microsoft.Authorization/policyDefinitions","name":"97b595c8-fd10-400e-8543-28e2b9138b13"},{"properties":{"displayName":"[Deprecated]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97b595c8-fd10-400e-8543-28e2b9138b13","type":"Microsoft.Authorization/policyDefinitions","name":"97b595c8-fd10-400e-8543-28e2b9138b13"},{"properties":{"displayName":"Microsoft
+ Managed Control 1136 - Audit Record Retention","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1136"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97ed5bac-a92f-4f6d-a8ed-dc094723597c","type":"Microsoft.Authorization/policyDefinitions","name":"97ed5bac-a92f-4f6d-a8ed-dc094723597c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1378 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1378"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97fceb70-6983-42d0-9331-18ad8253184d","type":"Microsoft.Authorization/policyDefinitions","name":"97fceb70-6983-42d0-9331-18ad8253184d"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation only in United States data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation in the following locations only: Central US, East US, East
US2, North Central US, South Central US, West US","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["centralus","eastus","eastus2","northcentralus","southcentralus","westus"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869","type":"Microsoft.Authorization/policyDefinitions","name":"983211ba-f348-4758-983b-21fa29294869"},{"properties":{"displayName":"[Preview]:
@@ -2238,7 +4065,33 @@ interactions:
insecure guest logons;ExpectedValue","value":"[parameters(''EnableInsecureGuestLogons'')]"},{"name":"Minimize
the number of simultaneous connections to the Internet or a Windows Domain;ExpectedValue","value":"[parameters(''AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain'')]"},{"name":"Turn
off multicast name resolution;ExpectedValue","value":"[parameters(''TurnOffMulticastNameResolution'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/985285b7-b97a-419c-8d48-c88cc934c8d8","type":"Microsoft.Authorization/policyDefinitions","name":"985285b7-b97a-419c-8d48-c88cc934c8d8"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/985285b7-b97a-419c-8d48-c88cc934c8d8","type":"Microsoft.Authorization/policyDefinitions","name":"985285b7-b97a-419c-8d48-c88cc934c8d8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1076 - Use Of External Information Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1076"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/98a4bd5f-6436-46d4-ad00-930b5b1dfed4","type":"Microsoft.Authorization/policyDefinitions","name":"98a4bd5f-6436-46d4-ad00-930b5b1dfed4"},{"properties":{"displayName":"Ensure
+ that ''HTTP Version'' is the latest, if used to run the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for HTTP either due to security flaws or to include
+ additional functionality. Using the latest HTTP version for web apps to take
+ advantage of security fixes, if any, and/or new functionalities of the newer
+ version.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.http20Enabled","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db","type":"Microsoft.Authorization/policyDefinitions","name":"991310cd-e9f3-47bc-b7b6-f57b557d07db"},{"properties":{"displayName":"Microsoft
+ Managed Control 1102 - Audit Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1102"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9943c16a-c54c-4b4a-ad28-bfd938cdbf57","type":"Microsoft.Authorization/policyDefinitions","name":"9943c16a-c54c-4b4a-ad28-bfd938cdbf57"},{"properties":{"displayName":"Microsoft
+ Managed Control 1300 - Identification And Authentication (Organizational Users)","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1300"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/99deec7d-5526-472e-b07c-3645a792026a","type":"Microsoft.Authorization/policyDefinitions","name":"99deec7d-5526-472e-b07c-3645a792026a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1036 - Least Privilege | Non-Privileged Access For Nonsecurity
+ Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1036"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9a16d673-8cf0-4dcf-b1d5-9b3e114fef71","type":"Microsoft.Authorization/policyDefinitions","name":"9a16d673-8cf0-4dcf-b1d5-9b3e114fef71"},{"properties":{"displayName":"FTPS
+ only should be required in your API App","policyType":"BuiltIn","mode":"Indexed","description":"Enable
+ FTPS enforcement for enhanced security","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/ftpsState","equals":"FtpsOnly"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5","type":"Microsoft.Authorization/policyDefinitions","name":"9a1b8c48-453a-4044-86c3-d8bfd823e4f5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1021 - Account Management | Restrictions On Use Of Shared
+ / Group Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1021"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9a3eb0a3-428d-4669-baff-20a14eb4b551","type":"Microsoft.Authorization/policyDefinitions","name":"9a3eb0a3-428d-4669-baff-20a14eb4b551"},{"properties":{"displayName":"Deploy
Diagnostic Settings for Azure SQL Database to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
the diagnostic settings for Azure SQL Database to stream to a regional Event
Hub on any Azure SQL Database which is missing this diagnostic settings is
@@ -2255,21 +4108,84 @@ interactions:
or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"fullName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"resources":[{"type":"Microsoft.Sql/servers/databases/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''fullName''),
''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"QueryStoreRuntimeStatistics","enabled":"[parameters(''logsEnabled'')]"},{"category":"QueryStoreWaitStatistics","enabled":"[parameters(''logsEnabled'')]"},{"category":"Errors","enabled":"[parameters(''logsEnabled'')]"},{"category":"DatabaseWaitStatistics","enabled":"[parameters(''logsEnabled'')]"},{"category":"Blocks","enabled":"[parameters(''logsEnabled'')]"},{"category":"SQLInsights","enabled":"[parameters(''logsEnabled'')]"},{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"SQLSecurityAuditEvents","enabled":"[parameters(''logsEnabled'')]"},{"category":"Timeouts","enabled":"[parameters(''logsEnabled'')]"},{"category":"AutomaticTuning","enabled":"[parameters(''logsEnabled'')]"},{"category":"Deadlocks","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
diagnostic settings for '', parameters(''fullName''))]"}}},"parameters":{"location":{"value":"[field(''location'')]"},"fullName":{"value":"[field(''fullName'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9a7c7a7d-49e5-4213-bea8-6a502b6272e0","type":"Microsoft.Authorization/policyDefinitions","name":"9a7c7a7d-49e5-4213-bea8-6a502b6272e0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1049 - System Use Notification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1049"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9adf7ba7-900a-4f35-8d57-9f34aafc405c","type":"Microsoft.Authorization/policyDefinitions","name":"9adf7ba7-900a-4f35-8d57-9f34aafc405c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1563 - Allocation Of Resources","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1563"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9afe2edf-232c-4fdf-8e6a-e867a5c525fd","type":"Microsoft.Authorization/policyDefinitions","name":"9afe2edf-232c-4fdf-8e6a-e867a5c525fd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1462 - Monitoring Physical Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1462"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9b1f3a9a-13a1-4b40-8420-36bca6fd8c02","type":"Microsoft.Authorization/policyDefinitions","name":"9b1f3a9a-13a1-4b40-8420-36bca6fd8c02"},{"properties":{"displayName":"Microsoft
IaaSAntimalware extension should be deployed on Windows servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Windows server VM without Microsoft IaaSAntimalware extension
deployed.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk"]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","type":"Microsoft.Authorization/policyDefinitions","name":"9b597639-28e4-48eb-b506-56b05d366257"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk"]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","type":"Microsoft.Authorization/policyDefinitions","name":"9b597639-28e4-48eb-b506-56b05d366257"},{"properties":{"displayName":"Microsoft
+ Managed Control 1236 - Software Usage Restrictions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1236"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ba3ed84-c768-4e18-b87c-34ef1aff1b57","type":"Microsoft.Authorization/policyDefinitions","name":"9ba3ed84-c768-4e18-b87c-34ef1aff1b57"},{"properties":{"displayName":"Microsoft
+ Managed Control 1525 - Personnel Transfer","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1525"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9be2f688-7a61-45e3-8230-e1ec93893f66","type":"Microsoft.Authorization/policyDefinitions","name":"9be2f688-7a61-45e3-8230-e1ec93893f66"},{"properties":{"displayName":"[Deprecated]:
Audit API Applications that are not using latest supported Java Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported Java version for the latest security classes. Using older
classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745","type":"Microsoft.Authorization/policyDefinitions","name":"9bfe3727-0a17-471f-a2fe-eddd6b668745"},{"properties":{"displayName":"Access
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745","type":"Microsoft.Authorization/policyDefinitions","name":"9bfe3727-0a17-471f-a2fe-eddd6b668745"},{"properties":{"displayName":"Microsoft
+ Managed Control 1138 - Audit Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1138"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9c284fc0-268a-4f29-af44-3c126674edb4","type":"Microsoft.Authorization/policyDefinitions","name":"9c284fc0-268a-4f29-af44-3c126674edb4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1135 - Non-Repudiation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1135"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9c308b6b-2429-4b97-86cf-081b8e737b04","type":"Microsoft.Authorization/policyDefinitions","name":"9c308b6b-2429-4b97-86cf-081b8e737b04"},{"properties":{"displayName":"Microsoft
+ Managed Control 1489 - Location Of Information System Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1489"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d0a794f-1444-4c96-9534-e35fc8c39c91","type":"Microsoft.Authorization/policyDefinitions","name":"9d0a794f-1444-4c96-9534-e35fc8c39c91"},{"properties":{"displayName":"Ensure
+ that ''Java version'' is the latest, if used as a part of the Funtion app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Java software either due to security flaws
+ or to include additional functionality. Using the latest Java version for
+ Function apps is recommended in order to to take advantage of security fixes,
+ if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ Java version","description":"Latest supported Java version for App Services"},"defaultValue":"11"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"JAVA"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","like":"[concat(''*'',
+ parameters(''JavaLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.javaVersion","like":"[concat(parameters(''JavaLatestVersion''),
+ ''*'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","type":"Microsoft.Authorization/policyDefinitions","name":"9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1322 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1322"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d1d971e-467e-4278-9633-c74c3d4fecc4","type":"Microsoft.Authorization/policyDefinitions","name":"9d1d971e-467e-4278-9633-c74c3d4fecc4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1233 - Configuration Management Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1233"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d79001f-95fe-45d0-8736-f217e78c1f57","type":"Microsoft.Authorization/policyDefinitions","name":"9d79001f-95fe-45d0-8736-f217e78c1f57"},{"properties":{"displayName":"Microsoft
+ Managed Control 1305 - Identification And Authentication (Org. Users) | Group
+ Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1305"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d9166a8-1722-4b8f-847c-2cf3f2618b3d","type":"Microsoft.Authorization/policyDefinitions","name":"9d9166a8-1722-4b8f-847c-2cf3f2618b3d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1259 - Contingency Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1259"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d9e18f7-bad9-4d30-8806-a0c9d5e26208","type":"Microsoft.Authorization/policyDefinitions","name":"9d9e18f7-bad9-4d30-8806-a0c9d5e26208"},{"properties":{"displayName":"Access
through Internet facing endpoint should be restricted","policyType":"BuiltIn","mode":"All","description":"Azure
Security center has identified some of your Network Security Groups'' inbound
rules to be too permissive. Inbound rules should not allow access from ''Any''
or ''Internet'' ranges. This can potentially enable attackers to easily target
your resources.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedNetworkEndpoint","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","type":"Microsoft.Authorization/policyDefinitions","name":"9daedab3-fb2d-461e-b861-71790eead4f6"},{"properties":{"displayName":"Append
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedNetworkEndpoint","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","type":"Microsoft.Authorization/policyDefinitions","name":"9daedab3-fb2d-461e-b861-71790eead4f6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1500 - Rules Of Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1500"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9dd5b241-03cb-47d3-a5cd-4b89f9c53c92","type":"Microsoft.Authorization/policyDefinitions","name":"9dd5b241-03cb-47d3-a5cd-4b89f9c53c92"},{"properties":{"displayName":"Microsoft
+ Managed Control 1482 - Temperature And Humidity Controls | Monitoring With
+ Alarms / Notifications","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1482"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9df4277e-8c88-4d5c-9b1a-541d53d15d7b","type":"Microsoft.Authorization/policyDefinitions","name":"9df4277e-8c88-4d5c-9b1a-541d53d15d7b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1553 - Vulnerability Scanning | Breadth / Depth Of Coverage","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1553"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9e5225fe-cdfb-4fce-9aec-0fe20dd53b62","type":"Microsoft.Authorization/policyDefinitions","name":"9e5225fe-cdfb-4fce-9aec-0fe20dd53b62"},{"properties":{"displayName":"Microsoft
+ Managed Control 1490 - Security Planning Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1490"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9e61da80-0957-4892-b70c-609d5eaafb6b","type":"Microsoft.Authorization/policyDefinitions","name":"9e61da80-0957-4892-b70c-609d5eaafb6b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1504 - Information Security Architecture","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1504"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9e7c35d0-12d4-4e0c-80a2-8a352537aefd","type":"Microsoft.Authorization/policyDefinitions","name":"9e7c35d0-12d4-4e0c-80a2-8a352537aefd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1609 - Development Process, Standards, And Tools","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1609"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9e93fa71-42ac-41a7-b177-efbfdc53c69f","type":"Microsoft.Authorization/policyDefinitions","name":"9e93fa71-42ac-41a7-b177-efbfdc53c69f"},{"properties":{"displayName":"Append
tag and its value from the resource group","policyType":"BuiltIn","mode":"Indexed","description":"Appends
the specified tag with its value from the resource group when any resource
which is missing this tag is created or updated. Does not modify the tags
@@ -2278,13 +4194,25 @@ interactions:
of tags on existing resources (see https://aka.ms/modifydoc).","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"allOf":[{"field":"[concat(''tags['',
parameters(''tagName''), '']'')]","exists":"false"},{"value":"[resourceGroup().tags[parameters(''tagName'')]]","notEquals":""}]},"then":{"effect":"append","details":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[resourceGroup().tags[parameters(''tagName'')]]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ea02ca2-71db-412d-8b00-7c7ca9fcd32d","type":"Microsoft.Authorization/policyDefinitions","name":"9ea02ca2-71db-412d-8b00-7c7ca9fcd32d"},{"properties":{"displayName":"Show
+ parameters(''tagName''), '']'')]","value":"[resourceGroup().tags[parameters(''tagName'')]]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ea02ca2-71db-412d-8b00-7c7ca9fcd32d","type":"Microsoft.Authorization/policyDefinitions","name":"9ea02ca2-71db-412d-8b00-7c7ca9fcd32d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1494 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1494"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ed09d84-3311-4853-8b67-2b55dfa33d09","type":"Microsoft.Authorization/policyDefinitions","name":"9ed09d84-3311-4853-8b67-2b55dfa33d09"},{"properties":{"displayName":"Microsoft
+ Managed Control 1514 - Personnel Screening | Information With Special Protection
+ Measures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1514"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ed5ca00-0e43-434e-a018-7aab91461ba7","type":"Microsoft.Authorization/policyDefinitions","name":"9ed5ca00-0e43-434e-a018-7aab91461ba7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1187 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1187"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9f2b2f9e-4ba6-46c3-907f-66db138b6f85","type":"Microsoft.Authorization/policyDefinitions","name":"9f2b2f9e-4ba6-46c3-907f-66db138b6f85"},{"properties":{"displayName":"Show
audit results from Windows VMs that are not set to the specified time zone","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that are not set to the specified time zone.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsTimeZone","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9f658460-46b7-43af-8565-94fc0662be38","type":"Microsoft.Authorization/policyDefinitions","name":"9f658460-46b7-43af-8565-94fc0662be38"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsTimeZone","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9f658460-46b7-43af-8565-94fc0662be38","type":"Microsoft.Authorization/policyDefinitions","name":"9f658460-46b7-43af-8565-94fc0662be38"},{"properties":{"displayName":"Microsoft
+ Managed Control 1354 - Incident Response Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1354"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9fd92c17-163a-4511-bb96-bbb476449796","type":"Microsoft.Authorization/policyDefinitions","name":"9fd92c17-163a-4511-bb96-bbb476449796"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs on which the Log Analytics agent is not
connected as expected","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -2292,14 +4220,22 @@ interactions:
auditing Windows virtual machines on which the Log Analytics agent is not
connected to the specified workspaces. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsLogAnalyticsAgentConnection","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a030a57e-4639-4e8f-ade9-a92f33afe7ee","type":"Microsoft.Authorization/policyDefinitions","name":"a030a57e-4639-4e8f-ade9-a92f33afe7ee"},{"properties":{"displayName":"Allowed
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsLogAnalyticsAgentConnection","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a030a57e-4639-4e8f-ade9-a92f33afe7ee","type":"Microsoft.Authorization/policyDefinitions","name":"a030a57e-4639-4e8f-ade9-a92f33afe7ee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1145 - Security Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1145"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a0724970-9c75-4a64-a225-a28002953f28","type":"Microsoft.Authorization/policyDefinitions","name":"a0724970-9c75-4a64-a225-a28002953f28"},{"properties":{"displayName":"Allowed
resource types","policyType":"BuiltIn","mode":"Indexed","description":"This
policy enables you to specify the resource types that your organization can
deploy. Only resource types that support ''tags'' and ''location'' will be
affected by this policy. To restrict all resources please duplicate this policy
and change the ''mode'' to ''All''.","metadata":{"category":"General"},"parameters":{"listOfResourceTypesAllowed":{"type":"Array","metadata":{"description":"The
list of resource types that can be deployed.","displayName":"Allowed resource
- types","strongType":"resourceTypes"}}},"policyRule":{"if":{"not":{"field":"type","in":"[parameters(''listOfResourceTypesAllowed'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c","type":"Microsoft.Authorization/policyDefinitions","name":"a08ec900-254a-4555-9bf5-e42af04b5c5c"},{"properties":{"displayName":"Security
+ types","strongType":"resourceTypes"}}},"policyRule":{"if":{"not":{"field":"type","in":"[parameters(''listOfResourceTypesAllowed'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c","type":"Microsoft.Authorization/policyDefinitions","name":"a08ec900-254a-4555-9bf5-e42af04b5c5c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1245 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1245"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a0e45314-57b8-4623-80cd-bbb561f59516","type":"Microsoft.Authorization/policyDefinitions","name":"a0e45314-57b8-4623-80cd-bbb561f59516"},{"properties":{"displayName":"Microsoft
+ Managed Control 1406 - Maintenance Tools | Inspect Media","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1406"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a0f5339c-9292-43aa-a0bc-d27c6b8e30aa","type":"Microsoft.Authorization/policyDefinitions","name":"a0f5339c-9292-43aa-a0bc-d27c6b8e30aa"},{"properties":{"displayName":"Security
Center standard pricing tier should be selected","policyType":"BuiltIn","mode":"All","description":"The
standard pricing tier enables threat detection for networks and virtual machines,
providing threat intelligence, anomaly detection, and behavior analytics in
@@ -2312,20 +4248,72 @@ interactions:
security model, you shoud create access policies at the entity level for queues
and topics to provide access to only the specific entity","metadata":{"category":"Service
Bus"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceBus/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","type":"Microsoft.Authorization/policyDefinitions","name":"a1817ec0-a368-432a-8057-8371e17ac6ee"},{"properties":{"displayName":"[Preview]:
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceBus/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","type":"Microsoft.Authorization/policyDefinitions","name":"a1817ec0-a368-432a-8057-8371e17ac6ee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1265 - Contingency Plan Testing | Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1265"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a18adb5b-1db6-4a5b-901a-7d3797d12972","type":"Microsoft.Authorization/policyDefinitions","name":"a18adb5b-1db6-4a5b-901a-7d3797d12972"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Logic Apps to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Logic Apps to stream to a regional Event Hub when
+ any Logic Apps which is missing this diagnostic settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Logic/workflows/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"WorkflowRuntime","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1dae6c7-13f3-48ea-a149-ff8442661f60","type":"Microsoft.Authorization/policyDefinitions","name":"a1dae6c7-13f3-48ea-a149-ff8442661f60"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Administrative Templates
- System''","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Administrative
Templates - System''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1e8dda3-9fd2-4835-aec3-0e55531fde33","type":"Microsoft.Authorization/policyDefinitions","name":"a1e8dda3-9fd2-4835-aec3-0e55531fde33"},{"properties":{"displayName":"Show
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1e8dda3-9fd2-4835-aec3-0e55531fde33","type":"Microsoft.Authorization/policyDefinitions","name":"a1e8dda3-9fd2-4835-aec3-0e55531fde33"},{"properties":{"displayName":"Microsoft
+ Managed Control 1612 - Developer Security Architecture And Design","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1612"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2037b3d-8b04-4171-8610-e6d4f1d08db5","type":"Microsoft.Authorization/policyDefinitions","name":"a2037b3d-8b04-4171-8610-e6d4f1d08db5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1197 - Configuration Change Control | Test / Validate / Document
+ Changes","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1197"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a20d2eaa-88e2-4907-96a2-8f3a05797e5c","type":"Microsoft.Authorization/policyDefinitions","name":"a20d2eaa-88e2-4907-96a2-8f3a05797e5c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1275 - Alternate Processing Site | Separation From Primary
+ Site","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1275"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a23d9d53-ad2e-45ef-afd5-e6d10900a737","type":"Microsoft.Authorization/policyDefinitions","name":"a23d9d53-ad2e-45ef-afd5-e6d10900a737"},{"properties":{"displayName":"Microsoft
+ Managed Control 1690 - Information System Monitoring | System-Wide Intrusion
+ Detection System","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1690"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2567a23-d1c3-4783-99f3-d471302a4d6b","type":"Microsoft.Authorization/policyDefinitions","name":"a2567a23-d1c3-4783-99f3-d471302a4d6b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1410 - Maintenance Tools | Prevent Unauthorized Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1410"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2596a9f-e59f-420d-9625-6e0b536348be","type":"Microsoft.Authorization/policyDefinitions","name":"a2596a9f-e59f-420d-9625-6e0b536348be"},{"properties":{"displayName":"Microsoft
+ Managed Control 1059 - Remote Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1059"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a29b5d9f-4953-4afe-b560-203a6410b6b4","type":"Microsoft.Authorization/policyDefinitions","name":"a29b5d9f-4953-4afe-b560-203a6410b6b4"},{"properties":{"displayName":"Show
audit results from Windows VMs that are not joined to the specified domain","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that are not joined to the specified domain.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDomainMembership","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a29ee95c-0395-4515-9851-cc04ffe82a91","type":"Microsoft.Authorization/policyDefinitions","name":"a29ee95c-0395-4515-9851-cc04ffe82a91"},{"properties":{"displayName":"Audit
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDomainMembership","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a29ee95c-0395-4515-9851-cc04ffe82a91","type":"Microsoft.Authorization/policyDefinitions","name":"a29ee95c-0395-4515-9851-cc04ffe82a91"},{"properties":{"displayName":"Microsoft
+ Managed Control 1532 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1532"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2c66299-9017-4d95-8040-8bdbf7901d52","type":"Microsoft.Authorization/policyDefinitions","name":"a2c66299-9017-4d95-8040-8bdbf7901d52"},{"properties":{"displayName":"Microsoft
+ Managed Control 1664 - Protection Of Information At Rest | Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1664"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2cdf6b8-9505-4619-b579-309ba72037ac","type":"Microsoft.Authorization/policyDefinitions","name":"a2cdf6b8-9505-4619-b579-309ba72037ac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1252 - Contingency Plan | Capacity Planning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1252"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a328fd72-8ff5-4f96-8c9c-b30ed95db4ab","type":"Microsoft.Authorization/policyDefinitions","name":"a328fd72-8ff5-4f96-8c9c-b30ed95db4ab"},{"properties":{"displayName":"Microsoft
+ Managed Control 1238 - User-Installed Software","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1238"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1","type":"Microsoft.Authorization/policyDefinitions","name":"a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1693 - Information System Monitoring | System-Generated Alerts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1693"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a450eba6-2efc-4a00-846a-5804a93c6b77","type":"Microsoft.Authorization/policyDefinitions","name":"a450eba6-2efc-4a00-846a-5804a93c6b77"},{"properties":{"displayName":"Audit
usage of custom RBAC rules","policyType":"BuiltIn","mode":"All","description":"Audit
built-in roles such as ''Owner, Contributer, Reader'' instead of custom RBAC
roles, which are error prone. Using custom roles is treated as an exception
@@ -2334,7 +4322,10 @@ interactions:
Application should only be accessible over HTTPS","policyType":"BuiltIn","mode":"Indexed","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","type":"Microsoft.Authorization/policyDefinitions","name":"a4af4a39-4135-47fb-b175-47fbdf85311d"},{"properties":{"displayName":"Auditing
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","type":"Microsoft.Authorization/policyDefinitions","name":"a4af4a39-4135-47fb-b175-47fbdf85311d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1617 - Application Partitioning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1617"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a631d8f5-eb81-4f9d-9ee1-74431371e4a3","type":"Microsoft.Authorization/policyDefinitions","name":"a631d8f5-eb81-4f9d-9ee1-74431371e4a3"},{"properties":{"displayName":"Auditing
should be enabled on advanced data security settings on SQL Server","policyType":"BuiltIn","mode":"Indexed","description":"Auditing
tracks database events and writes them to an audit log in the Azure storage
account. It also helps to maintain regulatory compliance, understand database
@@ -2345,21 +4336,49 @@ interactions:
Log Analytics agent should be installed on virtual machines","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Windows/Linux virtual machines if the Log Analytics agent
is not installed.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","in":["MicrosoftMonitoringAgent","OmsAgentForLinux"]},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"},{"field":"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be","type":"Microsoft.Authorization/policyDefinitions","name":"a70ca396-0a34-413a-88e1-b956c1e683be"},{"properties":{"displayName":"DDoS
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","in":["MicrosoftMonitoringAgent","OmsAgentForLinux"]},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"},{"field":"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be","type":"Microsoft.Authorization/policyDefinitions","name":"a70ca396-0a34-413a-88e1-b956c1e683be"},{"properties":{"displayName":"Microsoft
+ Managed Control 1431 - Media Storage","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1431"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7173c52-2b99-4696-a576-63dd5f970ef4","type":"Microsoft.Authorization/policyDefinitions","name":"a7173c52-2b99-4696-a576-63dd5f970ef4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1644 - Cryptographic Key Establishment And Management | Availability","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1644"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7211477-c970-446b-b4af-062f37461147","type":"Microsoft.Authorization/policyDefinitions","name":"a7211477-c970-446b-b4af-062f37461147"},{"properties":{"displayName":"Microsoft
+ Managed Control 1027 - Access Enforcement","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1027"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c","type":"Microsoft.Authorization/policyDefinitions","name":"a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c"},{"properties":{"displayName":"DDoS
Protection Standard should be enabled","policyType":"BuiltIn","mode":"All","description":"DDoS
protection standard should be enabled for all virtual networks with a subnet
that is part of an application gateway with a public IP.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"microsoft.network/virtualNetworks"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableDDoSProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","type":"Microsoft.Authorization/policyDefinitions","name":"a7aca53f-2ed4-4466-a25e-0b45ade68efd"},{"properties":{"displayName":"Require
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"microsoft.network/virtualNetworks"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableDDoSProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","type":"Microsoft.Authorization/policyDefinitions","name":"a7aca53f-2ed4-4466-a25e-0b45ade68efd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1570 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1570"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7fcf38d-bb09-4600-be7d-825046eb162a","type":"Microsoft.Authorization/policyDefinitions","name":"a7fcf38d-bb09-4600-be7d-825046eb162a"},{"properties":{"displayName":"Require
encryption on Data Lake Store accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
policy ensures encryption is enabled on all Data Lake Store accounts","metadata":{"category":"Data
- Lake"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},{"field":"Microsoft.DataLakeStore/accounts/encryptionState","equals":"Disabled"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"a7ff3161-0087-490a-9ad9-ad6217f4f43a"},{"properties":{"displayName":"[Deprecated]
+ Lake"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},{"field":"Microsoft.DataLakeStore/accounts/encryptionState","equals":"Disabled"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"a7ff3161-0087-490a-9ad9-ad6217f4f43a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1295 - Information System Recovery And Reconstitution","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1295"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a895fbdb-204d-4302-9689-0a59dc42b3d9","type":"Microsoft.Authorization/policyDefinitions","name":"a895fbdb-204d-4302-9689-0a59dc42b3d9"},{"properties":{"displayName":"[Deprecated]
Monitor unencrypted SQL databases in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Unencrypted
SQL databases will be monitored by Azure Security Center as recommendations.
This policy is deprecated and replaced by the following policy: Transparent
Data Encryption on SQL databases should be enabled''","metadata":{"category":"Security
Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16","type":"Microsoft.Authorization/policyDefinitions","name":"a8bef009-a5c9-4d0f-90d7-6018734e8a16"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16","type":"Microsoft.Authorization/policyDefinitions","name":"a8bef009-a5c9-4d0f-90d7-6018734e8a16"},{"properties":{"displayName":"Microsoft
+ Managed Control 1283 - Telecommunications Services | Separation Of Primary
+ / Alternate Providers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1283"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9172e76-7f56-46e9-93bf-75d69bdb5491","type":"Microsoft.Authorization/policyDefinitions","name":"a9172e76-7f56-46e9-93bf-75d69bdb5491"},{"properties":{"displayName":"Microsoft
+ Managed Control 1400 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1400"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a96d5098-a604-4cdf-90b1-ef6449a27424","type":"Microsoft.Authorization/policyDefinitions","name":"a96d5098-a604-4cdf-90b1-ef6449a27424"},{"properties":{"displayName":"Microsoft
+ Managed Control 1118 - Audit Review, Analysis, And Reporting | Correlate Audit
+ Repositories","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1118"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a96f743d-a195-420d-983a-08aa06bc441e","type":"Microsoft.Authorization/policyDefinitions","name":"a96f743d-a195-420d-983a-08aa06bc441e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1199 - Configuration Change Control | Cryptography Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1199"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9a08d1c-09b1-48f1-90ea-029bbdf7111e","type":"Microsoft.Authorization/policyDefinitions","name":"a9a08d1c-09b1-48f1-90ea-029bbdf7111e"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Detailed Tracking''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -2372,22 +4391,60 @@ interactions:
policy creates a network watcher resource in regions with virtual networks.
You need to ensure existence of a resource group named networkWatcherRG, which
will be used to deploy network watcher instances.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/virtualNetworks"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Network/networkWatchers","resourceGroupName":"networkWatcherRG","existenceCondition":{"field":"location","equals":"[field(''location'')]"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json","contentVersion":"1.0.0.0","parameters":{"location":{"type":"string"}},"resources":[{"apiVersion":"2016-09-01","type":"Microsoft.Network/networkWatchers","name":"[concat(''networkWatcher_'',
- parameters(''location''))]","location":"[parameters(''location'')]"}]},"parameters":{"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9","type":"Microsoft.Authorization/policyDefinitions","name":"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9"},{"properties":{"displayName":"MFA
+ parameters(''location''))]","location":"[parameters(''location'')]"}]},"parameters":{"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9","type":"Microsoft.Authorization/policyDefinitions","name":"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1511 - Personnel Screening","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1511"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9eae324-d327-4539-9293-b48e122465f8","type":"Microsoft.Authorization/policyDefinitions","name":"a9eae324-d327-4539-9293-b48e122465f8"},{"properties":{"displayName":"MFA
should be enabled on accounts with owner permissions on your subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor
Authentication (MFA) should be enabled for all subscription accounts with
owner permissions to prevent a breach of accounts or resources.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","type":"Microsoft.Authorization/policyDefinitions","name":"aa633080-8b72-40c4-a2d7-d00c03e80bed"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","type":"Microsoft.Authorization/policyDefinitions","name":"aa633080-8b72-40c4-a2d7-d00c03e80bed"},{"properties":{"displayName":"Ensure
+ that Register with Azure Active Directory is enabled on WEB App","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aa81768c-cb87-4ce2-bfaa-00baa10d760c","type":"Microsoft.Authorization/policyDefinitions","name":"aa81768c-cb87-4ce2-bfaa-00baa10d760c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1539 - Security Categorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1539"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aabb155f-e7a5-4896-a767-e918bfae2ee0","type":"Microsoft.Authorization/policyDefinitions","name":"aabb155f-e7a5-4896-a767-e918bfae2ee0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1006 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1006"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aae8d54c-4bce-4c04-b3aa-5b65b67caac8","type":"Microsoft.Authorization/policyDefinitions","name":"aae8d54c-4bce-4c04-b3aa-5b65b67caac8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1461 - Monitoring Physical Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1461"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aafef03e-fea8-470b-88fa-54bd1fcd7064","type":"Microsoft.Authorization/policyDefinitions","name":"aafef03e-fea8-470b-88fa-54bd1fcd7064"},{"properties":{"displayName":"Microsoft
+ Managed Control 1073 - Access Control For Mobile Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1073"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ab55cdb0-c7dd-4bd8-ae22-a7cea7594e9c","type":"Microsoft.Authorization/policyDefinitions","name":"ab55cdb0-c7dd-4bd8-ae22-a7cea7594e9c"},{"properties":{"displayName":"Ensure
+ that ''PHP version'' is the latest, if used as a part of the Function app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for PHP software either due to security flaws
+ or to include additional functionality. Using the latest PHP version for Function
+ apps is recommended in order to to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ PHP version","description":"Latest supported PHP version for App Services"},"defaultValue":"7.3"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PHP"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PHP|'',
+ parameters(''PHPLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":"[parameters(''PHPLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ab965db2-d2bf-4b64-8b39-c38ec8179461","type":"Microsoft.Authorization/policyDefinitions","name":"ab965db2-d2bf-4b64-8b39-c38ec8179461"},{"properties":{"displayName":"[Deprecated]:
Automatic provisioning of security monitoring agent","policyType":"BuiltIn","mode":"All","description":"Installs
security agent on VMs for advanced security alerts and preventions in Azure
Security Center. Applies only for subscriptions that use Azure Security Center.","metadata":{"category":"Security
- Center","deprecated":true},"parameters":{},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Security/complianceResults","name":"securityAgent","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24","type":"Microsoft.Authorization/policyDefinitions","name":"abcc6037-1fc4-47f6-aac5-89706589be24"},{"properties":{"displayName":"Advanced
+ Center","deprecated":true},"parameters":{},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Security/complianceResults","name":"securityAgent","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24","type":"Microsoft.Authorization/policyDefinitions","name":"abcc6037-1fc4-47f6-aac5-89706589be24"},{"properties":{"displayName":"Microsoft
+ Managed Control 1323 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1323"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abe8f70b-680f-470c-9b86-a7edfb664ecc","type":"Microsoft.Authorization/policyDefinitions","name":"abe8f70b-680f-470c-9b86-a7edfb664ecc"},{"properties":{"displayName":"Advanced
data security should be enabled on your SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"Audit
SQL servers without Advanced Data Security","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/state","equals":"Enabled"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","type":"Microsoft.Authorization/policyDefinitions","name":"abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9"},{"properties":{"displayName":"Advanced
data security should be enabled on your SQL managed instances","policyType":"BuiltIn","mode":"Indexed","description":"Audit
SQL managed instances without Advanced Data Security","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/state","equals":"Enabled"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","type":"Microsoft.Authorization/policyDefinitions","name":"abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/state","equals":"Enabled"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","type":"Microsoft.Authorization/policyDefinitions","name":"abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1056 - Session Termination | User-Initiated Logouts / Message
+ Displays","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1056"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac43352f-df83-4694-8738-cfce549fd08d","type":"Microsoft.Authorization/policyDefinitions","name":"ac43352f-df83-4694-8738-cfce549fd08d"},{"properties":{"displayName":"[Preview]:
Role-Based Access Control (RBAC) should be used on Kubernetes Services","policyType":"BuiltIn","mode":"All","description":"To
provide granular filtering on the actions that users can perform, use Role-Based
Access Control (RBAC) to manage permissions in Kubernetes Service Clusters
@@ -2396,18 +4453,38 @@ interactions:
or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/enableRBAC","exists":"false"},{"field":"Microsoft.ContainerService/managedClusters/enableRBAC","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","type":"Microsoft.Authorization/policyDefinitions","name":"ac4a19c2-fa67-49b4-8ae5-0b2e78c49457"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation if ''environment'' tag value in allowed values","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation if the ''environment'' tag is set to one of the following
- values: production, dev, test, staging","metadata":{"category":"Tags","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags[''environment'']","in":["production","dev","test","staging"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9","type":"Microsoft.Authorization/policyDefinitions","name":"ac7e5fc0-c029-4b12-91d4-a8500ce697f9"},{"properties":{"displayName":"SQL
+ values: production, dev, test, staging","metadata":{"category":"Tags","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags[''environment'']","in":["production","dev","test","staging"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9","type":"Microsoft.Authorization/policyDefinitions","name":"ac7e5fc0-c029-4b12-91d4-a8500ce697f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1569 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1569"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ad2f8e61-a564-4dfd-8eaa-816f5be8cb34","type":"Microsoft.Authorization/policyDefinitions","name":"ad2f8e61-a564-4dfd-8eaa-816f5be8cb34"},{"properties":{"displayName":"Microsoft
+ Managed Control 1454 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1454"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ad58985d-ab32-4f99-8bd3-b7e134c90229","type":"Microsoft.Authorization/policyDefinitions","name":"ad58985d-ab32-4f99-8bd3-b7e134c90229"},{"properties":{"displayName":"Microsoft
+ Managed Control 1025 - Account Management | Account Monitoring / Atypical
+ Usage","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1025"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/adfe020d-0a97-45f4-a39c-696ef99f3a95","type":"Microsoft.Authorization/policyDefinitions","name":"adfe020d-0a97-45f4-a39c-696ef99f3a95"},{"properties":{"displayName":"Microsoft
+ Managed Control 1272 - Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1272"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8","type":"Microsoft.Authorization/policyDefinitions","name":"ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8"},{"properties":{"displayName":"SQL
Server should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any SQL Server not configured to use a virtual network service
endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/virtualNetworkRules","existenceCondition":{"field":"Microsoft.Sql/servers/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ae5d2f14-d830-42b6-9899-df6cfe9c71a3","type":"Microsoft.Authorization/policyDefinitions","name":"ae5d2f14-d830-42b6-9899-df6cfe9c71a3"},{"properties":{"displayName":"Email
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/virtualNetworkRules","existenceCondition":{"field":"Microsoft.Sql/servers/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ae5d2f14-d830-42b6-9899-df6cfe9c71a3","type":"Microsoft.Authorization/policyDefinitions","name":"ae5d2f14-d830-42b6-9899-df6cfe9c71a3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1598 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1598"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ae7e1f5e-2d63-4b38-91ef-bce14151cce3","type":"Microsoft.Authorization/policyDefinitions","name":"ae7e1f5e-2d63-4b38-91ef-bce14151cce3"},{"properties":{"displayName":"Email
notifications to admins and subscription owners should be enabled in SQL managed
instance advanced data security settings","policyType":"BuiltIn","mode":"Indexed","description":"Audit
that ''email notification to admins and subscription owners'' is enabled in
the SQL managed instance advanced threat protection settings. This ensures
that any detections of anomalous activities on SQL managed instance are reported
as soon as possible to the admins.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","type":"Microsoft.Authorization/policyDefinitions","name":"aeb23562-188d-47cb-80b8-551f16ef9fff"},{"properties":{"displayName":"Monitor
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","type":"Microsoft.Authorization/policyDefinitions","name":"aeb23562-188d-47cb-80b8-551f16ef9fff"},{"properties":{"displayName":"Microsoft
+ Managed Control 1413 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1413"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aeedddb6-6bc0-42d5-809b-80048033419d","type":"Microsoft.Authorization/policyDefinitions","name":"aeedddb6-6bc0-42d5-809b-80048033419d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1710 - Security Function Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1710"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/af2a93c8-e6dd-4c94-acdd-4a2eedfc478e","type":"Microsoft.Authorization/policyDefinitions","name":"af2a93c8-e6dd-4c94-acdd-4a2eedfc478e"},{"properties":{"displayName":"Monitor
missing Endpoint Protection in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Servers
without an installed Endpoint Protection agent will be monitored by Azure
Security Center as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -2417,22 +4494,50 @@ interactions:
Security Center as recommendations. This policy is deprecated and replaced
by the following policy: ''Auditing should be enabled on advanced data security
settings on SQL Server''","metadata":{"category":"Security Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"auditing","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d","type":"Microsoft.Authorization/policyDefinitions","name":"af8051bf-258b-44e2-a2bf-165330459f9d"},{"properties":{"displayName":"Activity
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"auditing","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d","type":"Microsoft.Authorization/policyDefinitions","name":"af8051bf-258b-44e2-a2bf-165330459f9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1645 - Cryptographic Key Establishment And Management | Symmetric
+ Keys","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1645"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/afbd0baf-ff1a-4447-a86f-088a97347c0c","type":"Microsoft.Authorization/policyDefinitions","name":"afbd0baf-ff1a-4447-a86f-088a97347c0c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1725 - Error Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1725"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/afc234b5-456b-4aa5-b3e2-ce89108124cc","type":"Microsoft.Authorization/policyDefinitions","name":"afc234b5-456b-4aa5-b3e2-ce89108124cc"},{"properties":{"displayName":"Activity
log should be retained for at least one year","policyType":"BuiltIn","mode":"All","description":"This
policy audits the activity log if the retention is not set for 365 days or
forever (retention days set to 0).","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"true"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"365"}]},{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"false"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"0"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","type":"Microsoft.Authorization/policyDefinitions","name":"b02aacc0-b073-424e-8298-42b22829ee0a"},{"properties":{"displayName":"Just-In-Time
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"true"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"365"}]},{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"false"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"0"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","type":"Microsoft.Authorization/policyDefinitions","name":"b02aacc0-b073-424e-8298-42b22829ee0a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1429 - Media Marking","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1429"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b07c9b24-729e-4e85-95fc-f224d2d08a80","type":"Microsoft.Authorization/policyDefinitions","name":"b07c9b24-729e-4e85-95fc-f224d2d08a80"},{"properties":{"displayName":"Microsoft
+ Managed Control 1711 - Security Function Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1711"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b083a535-a66a-41ec-ba7f-f9498bf67cde","type":"Microsoft.Authorization/policyDefinitions","name":"b083a535-a66a-41ec-ba7f-f9498bf67cde"},{"properties":{"displayName":"Just-In-Time
network access control should be applied on virtual machines","policyType":"BuiltIn","mode":"All","description":"Possible
network Just In Time (JIT) access will be monitored by Azure Security Center
as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"jitNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","type":"Microsoft.Authorization/policyDefinitions","name":"b0f33259-77d7-4c9e-aac6-3aabcfae693c"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"jitNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","type":"Microsoft.Authorization/policyDefinitions","name":"b0f33259-77d7-4c9e-aac6-3aabcfae693c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1571 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1571"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b11c985b-f2cd-4bd7-85f4-b52426edf905","type":"Microsoft.Authorization/policyDefinitions","name":"b11c985b-f2cd-4bd7-85f4-b52426edf905"},{"properties":{"displayName":"[Preview]:
Show audit results from Linux VMs that do not have the passwd file permissions
set to 0644","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Linux
virtual machines that do not have the passwd file permissions set to 0644.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","type":"Microsoft.Authorization/policyDefinitions","name":"b18175dd-c599-4c64-83ba-bb018a06d35b"},{"properties":{"displayName":"All
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","type":"Microsoft.Authorization/policyDefinitions","name":"b18175dd-c599-4c64-83ba-bb018a06d35b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1537 - Risk Assessment Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1537"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b19454ca-0d70-42c0-acf5-ea1c1e5726d1","type":"Microsoft.Authorization/policyDefinitions","name":"b19454ca-0d70-42c0-acf5-ea1c1e5726d1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1091 - Security Awareness Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1091"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b23bd715-5d1c-4e5c-9759-9cbdf79ded9d","type":"Microsoft.Authorization/policyDefinitions","name":"b23bd715-5d1c-4e5c-9759-9cbdf79ded9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1078 - Use Of External Information Systems | Limits On Authorized
+ Use","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1078"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b25faf85-8a16-4f28-8e15-d05c0072d64d","type":"Microsoft.Authorization/policyDefinitions","name":"b25faf85-8a16-4f28-8e15-d05c0072d64d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1009 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1009"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b26f8610-e615-47c2-abd6-c00b2b0b503a","type":"Microsoft.Authorization/policyDefinitions","name":"b26f8610-e615-47c2-abd6-c00b2b0b503a"},{"properties":{"displayName":"All
authorization rules except RootManageSharedAccessKey should be removed from
Event Hub namespace","policyType":"BuiltIn","mode":"All","description":"Event
Hub clients should not use a namespace level access policy that provides access
@@ -2440,7 +4545,13 @@ interactions:
security model, you shoud create access policies at the entity level for queues
and topics to provide access to only the specific entity","metadata":{"category":"Event
Hub"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.EventHub/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","type":"Microsoft.Authorization/policyDefinitions","name":"b278e460-7cfc-4451-8294-cccc40a940d7"},{"properties":{"displayName":"Deploy
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.EventHub/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","type":"Microsoft.Authorization/policyDefinitions","name":"b278e460-7cfc-4451-8294-cccc40a940d7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1234 - Software Usage Restrictions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1234"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b293f881-361c-47ed-b997-bc4e2296bc0b","type":"Microsoft.Authorization/policyDefinitions","name":"b293f881-361c-47ed-b997-bc4e2296bc0b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1107 - Content Of Audit Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1107"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b29ed931-8e21-4779-8458-27916122a904","type":"Microsoft.Authorization/policyDefinitions","name":"b29ed931-8e21-4779-8458-27916122a904"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows web servers that are not using secure communication
protocols","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Windows web servers that
@@ -2467,14 +4578,29 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''System Audit Policies - Logon-Logoff''. For more information on
Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesLogonLogoff","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b3802d79-dd88-4bce-b81d-780218e48280","type":"Microsoft.Authorization/policyDefinitions","name":"b3802d79-dd88-4bce-b81d-780218e48280"},{"properties":{"displayName":"Diagnostic
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesLogonLogoff","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b3802d79-dd88-4bce-b81d-780218e48280","type":"Microsoft.Authorization/policyDefinitions","name":"b3802d79-dd88-4bce-b81d-780218e48280"},{"properties":{"displayName":"Microsoft
+ Managed Control 1041 - Least Privilege | Privilege Levels For Code Execution","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1041"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b3d8d15b-627a-4219-8c96-4d16f788888b","type":"Microsoft.Authorization/policyDefinitions","name":"b3d8d15b-627a-4219-8c96-4d16f788888b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1380 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1380"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4319b7e-ea8d-42ff-8a67-ccd462972827","type":"Microsoft.Authorization/policyDefinitions","name":"b4319b7e-ea8d-42ff-8a67-ccd462972827"},{"properties":{"displayName":"Diagnostic
logs in Search services should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Search"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","type":"Microsoft.Authorization/policyDefinitions","name":"b4330a05-a843-4bc8-bf9a-cacce50c67f4"},{"properties":{"displayName":"[Deprecated]:
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","type":"Microsoft.Authorization/policyDefinitions","name":"b4330a05-a843-4bc8-bf9a-cacce50c67f4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1172 - Internal System Connections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1172"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b43e946e-a4c8-4b92-8201-4a39331db43c","type":"Microsoft.Authorization/policyDefinitions","name":"b43e946e-a4c8-4b92-8201-4a39331db43c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1672 - Flaw Remediation | Central Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1672"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b45fe972-904e-45a4-ac20-673ba027a301","type":"Microsoft.Authorization/policyDefinitions","name":"b45fe972-904e-45a4-ac20-673ba027a301"},{"properties":{"displayName":"Microsoft
+ Managed Control 1131 - Protection Of Audit Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1131"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b472a17e-c2bc-493f-b50b-42d55a346962","type":"Microsoft.Authorization/policyDefinitions","name":"b472a17e-c2bc-493f-b50b-42d55a346962"},{"properties":{"displayName":"[Deprecated]:
Audit Web Sockets state for an API App","policyType":"BuiltIn","mode":"All","description":"The
Web Sockets protocol is vulnerable to different types of security threats.
Use of Web Sockets within an API app must be carefully reviewed.","metadata":{"category":"Security
@@ -2483,7 +4609,10 @@ interactions:
security contact phone number should be provided for your subscription","policyType":"BuiltIn","mode":"All","description":"Enter
a phone number to receive notifications when Azure Security Center detects
compromised resources","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/phone","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","type":"Microsoft.Authorization/policyDefinitions","name":"b4d66858-c922-44e3-9566-5cdb7a7be744"},{"properties":{"displayName":"Service
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/phone","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","type":"Microsoft.Authorization/policyDefinitions","name":"b4d66858-c922-44e3-9566-5cdb7a7be744"},{"properties":{"displayName":"Microsoft
+ Managed Control 1286 - Telecommunications Services | Provider Contingency
+ Plan","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1286"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4f9b47a-2116-4e6f-88db-4edbf22753f1","type":"Microsoft.Authorization/policyDefinitions","name":"b4f9b47a-2116-4e6f-88db-4edbf22753f1"},{"properties":{"displayName":"Service
Fabric clusters should only use Azure Active Directory for client authentication","policyType":"BuiltIn","mode":"Indexed","description":"Audit
usage of client authentication only via Azure Active Directory in Service
Fabric","metadata":{"category":"Service Fabric"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -2491,20 +4620,34 @@ interactions:
Advanced Threat Protection for Cosmos DB Accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
policy enables Advanced Threat Protection across Cosmos DB accounts.","metadata":{"category":"Cosmos
DB"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"cosmosDbAccountName":{"type":"string"}},"resources":[{"apiVersion":"2017-08-01-preview","type":"Microsoft.DocumentDB/databaseAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''cosmosDbAccountName''),
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"cosmosDbAccountName":{"type":"string"}},"resources":[{"apiVersion":"2019-01-01","type":"Microsoft.DocumentDB/databaseAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''cosmosDbAccountName''),
''/Microsoft.Security/current'')]","properties":{"isEnabled":true}}]},"parameters":{"cosmosDbAccountName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656","type":"Microsoft.Authorization/policyDefinitions","name":"b5f04e03-92a3-4b09-9410-2cc5e5047656"},{"properties":{"displayName":"Diagnostic
logs in App Services should be enabled","policyType":"BuiltIn","mode":"All","description":"Audit
enabling of diagnostic logs on the app. This enables you to recreate activity
trails for investigation purposes if a security incident occurs or your network
is compromised","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","notContains":"functionapp"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"allOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","type":"Microsoft.Authorization/policyDefinitions","name":"b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0"},{"properties":{"displayName":"Network
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","notContains":"functionapp"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"allOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","type":"Microsoft.Authorization/policyDefinitions","name":"b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1419 - Nonlocal Maintenance | Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1419"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6747bf9-2b97-45b8-b162-3c8becb9937d","type":"Microsoft.Authorization/policyDefinitions","name":"b6747bf9-2b97-45b8-b162-3c8becb9937d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1301 - Identification And Authentication (Org. Users) | Network
+ Access To Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1301"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08","type":"Microsoft.Authorization/policyDefinitions","name":"b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08"},{"properties":{"displayName":"Microsoft
+ Managed Control 1568 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1568"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6a8eae8-9854-495a-ac82-d2cd3eac02a6","type":"Microsoft.Authorization/policyDefinitions","name":"b6a8eae8-9854-495a-ac82-d2cd3eac02a6"},{"properties":{"displayName":"Network
Watcher should be enabled","policyType":"BuiltIn","mode":"All","description":"Network
Watcher is a regional service that enables you to monitor and diagnose conditions
at a network scenario level in, to, and from Azure. Scenario level monitoring
enables you to diagnose problems at an end to end network level view. Network
diagnostic and visualization tools available with Network Watcher help you
understand, diagnose, and gain insights to your network in Azure.","metadata":{"category":"Network"},"parameters":{"listOfLocations":{"type":"Array","metadata":{"displayName":"Locations","description":"Audit
- if Network Watcher is not enabled for region(s).","strongType":"location"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Network/networkWatchers","resourceGroupName":"NetworkWatcherRG","existenceCondition":{"field":"location","in":"[parameters(''listOfLocations'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","type":"Microsoft.Authorization/policyDefinitions","name":"b6e2945c-0b7b-40f5-9233-7a5323b5cdc6"},{"properties":{"displayName":"API
+ if Network Watcher is not enabled for region(s).","strongType":"location"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Network/networkWatchers","resourceGroupName":"NetworkWatcherRG","existenceCondition":{"field":"location","in":"[parameters(''listOfLocations'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","type":"Microsoft.Authorization/policyDefinitions","name":"b6e2945c-0b7b-40f5-9233-7a5323b5cdc6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1608 - Supply Chain Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1608"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b73b7b3b-677c-4a2a-b949-ad4dc4acd89f","type":"Microsoft.Authorization/policyDefinitions","name":"b73b7b3b-677c-4a2a-b949-ad4dc4acd89f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1401 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1401"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b78ee928-e3c1-4569-ad97-9f8c4b629847","type":"Microsoft.Authorization/policyDefinitions","name":"b78ee928-e3c1-4569-ad97-9f8c4b629847"},{"properties":{"displayName":"API
App should only be accessible over HTTPS","policyType":"BuiltIn","mode":"Indexed","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -2534,7 +4677,37 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Security
Options - Accounts''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAccounts","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b872a447-cc6f-43b9-bccf-45703cd81607","type":"Microsoft.Authorization/policyDefinitions","name":"b872a447-cc6f-43b9-bccf-45703cd81607"},{"properties":{"displayName":"[Preview]:
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAccounts","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b872a447-cc6f-43b9-bccf-45703cd81607","type":"Microsoft.Authorization/policyDefinitions","name":"b872a447-cc6f-43b9-bccf-45703cd81607"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Logic Apps to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Logic Apps to stream to a regional Log Analytics
+ workspace when any Logic Apps which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Logic/workflows/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"WorkflowRuntime","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721","type":"Microsoft.Authorization/policyDefinitions","name":"b889a06c-ec72-4b03-910a-cb169ee18721"},{"properties":{"displayName":"Microsoft
+ Managed Control 1257 - Contingency Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1257"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b958b241-4245-4bd6-bd2d-b8f0779fb543","type":"Microsoft.Authorization/policyDefinitions","name":"b958b241-4245-4bd6-bd2d-b8f0779fb543"},{"properties":{"displayName":"Microsoft
+ Managed Control 1186 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1186"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b95ba3bd-4ded-49ea-9d10-c6f4b680813d","type":"Microsoft.Authorization/policyDefinitions","name":"b95ba3bd-4ded-49ea-9d10-c6f4b680813d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1447 - Physical Access Authorizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1447"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b9783a99-98fe-4a95-873f-29613309fe9a","type":"Microsoft.Authorization/policyDefinitions","name":"b9783a99-98fe-4a95-873f-29613309fe9a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1625 - Boundary Protection | Access Points","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1625"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b9b66a4d-70a1-4b47-8fa1-289cec68c605","type":"Microsoft.Authorization/policyDefinitions","name":"b9b66a4d-70a1-4b47-8fa1-289cec68c605"},{"properties":{"displayName":"Microsoft
+ Managed Control 1610 - Development Process, Standards, And Tools","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1610"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b9f3fb54-4222-46a1-a308-4874061f8491","type":"Microsoft.Authorization/policyDefinitions","name":"b9f3fb54-4222-46a1-a308-4874061f8491"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Recovery console''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -2542,7 +4715,23 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - Recovery console''. For more information on
Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsRecoveryconsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b","type":"Microsoft.Authorization/policyDefinitions","name":"ba12366f-f9a6-42b8-9d98-157d0b1a837b"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsRecoveryconsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b","type":"Microsoft.Authorization/policyDefinitions","name":"ba12366f-f9a6-42b8-9d98-157d0b1a837b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1606 - Developer Security Testing And Evaluation | Threat
+ And Vulnerability Analyses","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1606"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca","type":"Microsoft.Authorization/policyDefinitions","name":"baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1726 - Information Handling And Retention","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1726"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/baff1279-05e0-4463-9a70-8ba5de4c7aa4","type":"Microsoft.Authorization/policyDefinitions","name":"baff1279-05e0-4463-9a70-8ba5de4c7aa4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1166 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1166"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bb02733d-3cc5-4bb0-a6cd-695ba2c2272e","type":"Microsoft.Authorization/policyDefinitions","name":"bb02733d-3cc5-4bb0-a6cd-695ba2c2272e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1188 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1188"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bb20548a-c926-4e4d-855c-bcddc6faf95e","type":"Microsoft.Authorization/policyDefinitions","name":"bb20548a-c926-4e4d-855c-bcddc6faf95e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1533 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1533"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bba2a036-fb3b-4261-b1be-a13dfb5fbcaa","type":"Microsoft.Authorization/policyDefinitions","name":"bba2a036-fb3b-4261-b1be-a13dfb5fbcaa"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Microsoft Network Client''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -2591,7 +4780,14 @@ interactions:
the latest supported Python version for the latest security classes. Using
older classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPython","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644","type":"Microsoft.Authorization/policyDefinitions","name":"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPython","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644","type":"Microsoft.Authorization/policyDefinitions","name":"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644"},{"properties":{"displayName":"Microsoft
+ Managed Control 1194 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1194"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc34667f-397e-4a65-9b72-d0358f0b6b09","type":"Microsoft.Authorization/policyDefinitions","name":"bc34667f-397e-4a65-9b72-d0358f0b6b09"},{"properties":{"displayName":"Microsoft
+ Managed Control 1095 - Role-Based Security Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1095"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc3f6f7a-057b-433e-9834-e8c97b0194f6","type":"Microsoft.Authorization/policyDefinitions","name":"bc3f6f7a-057b-433e-9834-e8c97b0194f6"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Account Logon''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -2599,7 +4795,16 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''System Audit Policies - Account Logon''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesAccountLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc87d811-4a9b-47cc-ae54-0a41abda7768","type":"Microsoft.Authorization/policyDefinitions","name":"bc87d811-4a9b-47cc-ae54-0a41abda7768"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesAccountLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc87d811-4a9b-47cc-ae54-0a41abda7768","type":"Microsoft.Authorization/policyDefinitions","name":"bc87d811-4a9b-47cc-ae54-0a41abda7768"},{"properties":{"displayName":"Microsoft
+ Managed Control 1427 - Media Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1427"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc90e44f-d83f-4bdf-900f-3d5eb4111b31","type":"Microsoft.Authorization/policyDefinitions","name":"bc90e44f-d83f-4bdf-900f-3d5eb4111b31"},{"properties":{"displayName":"Microsoft
+ Managed Control 1351 - Incident Response Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1351"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bcfb6683-05e5-4ce6-9723-c3fbe9896bdd","type":"Microsoft.Authorization/policyDefinitions","name":"bcfb6683-05e5-4ce6-9723-c3fbe9896bdd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1050 - Concurrent Session Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1050"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bd20184c-b4ec-4ce5-8db6-6e86352d183f","type":"Microsoft.Authorization/policyDefinitions","name":"bd20184c-b4ec-4ce5-8db6-6e86352d183f"},{"properties":{"displayName":"[Preview]:
IP Forwarding on your virtual machine should be disabled","policyType":"BuiltIn","mode":"All","description":"Enabling
IP forwarding on a virtual machine''s NIC allows the machine to receive traffic
addressed to other destinations. IP forwarding is rarely required (e.g., when
@@ -2624,7 +4829,38 @@ interactions:
the latest supported Java version for the latest security classes. Using older
classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6","type":"Microsoft.Authorization/policyDefinitions","name":"be0a7681-bed4-48dc-9ff3-f0171ee170b6"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6","type":"Microsoft.Authorization/policyDefinitions","name":"be0a7681-bed4-48dc-9ff3-f0171ee170b6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1360 - Incident Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1360"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/be5b05e7-0b82-4ebc-9eda-25e447b1a41e","type":"Microsoft.Authorization/policyDefinitions","name":"be5b05e7-0b82-4ebc-9eda-25e447b1a41e"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Key Vault to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Key Vault to stream to a regional Log Analytics
+ workspace when any Key Vault which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.KeyVault/vaults/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"AuditEvent","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47","type":"Microsoft.Authorization/policyDefinitions","name":"bef3f64c-5290-43b7-85b0-9b254eef4c47"},{"properties":{"displayName":"Microsoft
+ Managed Control 1152 - System Interconnections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1152"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/beff0acf-7e67-40b2-b1ca-1a0e8205cf1b","type":"Microsoft.Authorization/policyDefinitions","name":"beff0acf-7e67-40b2-b1ca-1a0e8205cf1b"},{"properties":{"displayName":"Geo-redundant
+ storage should be enabled for Storage Accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Storage Account with geo-redundant storage not enabled.","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":["Standard_GRS","Standard_RAGRS","Standard_GZRS","Standard_RAGZRS"]}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bf045164-79ba-4215-8f95-f8048dc1780b","type":"Microsoft.Authorization/policyDefinitions","name":"bf045164-79ba-4215-8f95-f8048dc1780b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1590 - External Information System Services | Risk Assessments
+ / Organizational Approvals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1590"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bf296b8c-f391-4ea4-9198-be3c9d39dd1f","type":"Microsoft.Authorization/policyDefinitions","name":"bf296b8c-f391-4ea4-9198-be3c9d39dd1f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1446 - Physical And Environmental Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1446"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bf6850fe-abba-468e-9ef4-d09ec7d983cd","type":"Microsoft.Authorization/policyDefinitions","name":"bf6850fe-abba-468e-9ef4-d09ec7d983cd"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - Logon-Logoff''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -2645,7 +4881,41 @@ interactions:
policy governs the virtual machine extensions that are not approved.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"approvedExtensions":{"type":"Array","metadata":{"description":"The
list of approved extension types that can be installed. Example: AzureDiskEncryption","displayName":"Approved
- extensions"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines/extensions"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","notIn":"[parameters(''approvedExtensions'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432","type":"Microsoft.Authorization/policyDefinitions","name":"c0e996f8-39cf-4af9-9f45-83fbde810432"},{"properties":{"displayName":"[Deprecated]:
+ extensions"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines/extensions"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","notIn":"[parameters(''approvedExtensions'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432","type":"Microsoft.Authorization/policyDefinitions","name":"c0e996f8-39cf-4af9-9f45-83fbde810432"},{"properties":{"displayName":"Microsoft
+ Managed Control 1124 - Audit Reduction And Report Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1124"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c10152dd-78f8-4335-ae2d-ad92cc028da4","type":"Microsoft.Authorization/policyDefinitions","name":"c10152dd-78f8-4335-ae2d-ad92cc028da4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1676 - Malicious Code Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1676"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c10fb58b-56a8-489e-9ce3-7ffe24e78e4b","type":"Microsoft.Authorization/policyDefinitions","name":"c10fb58b-56a8-489e-9ce3-7ffe24e78e4b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1719 - Spam Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1719"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c13da9b4-fe14-4fe2-853a-5997c9d4215a","type":"Microsoft.Authorization/policyDefinitions","name":"c13da9b4-fe14-4fe2-853a-5997c9d4215a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1226 - Information System Component Inventory | Automated
+ Unauthorized Component Detection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1226"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c158eb1c-ae7e-4081-8057-d527140c4e0c","type":"Microsoft.Authorization/policyDefinitions","name":"c158eb1c-ae7e-4081-8057-d527140c4e0c"},{"properties":{"displayName":"Deploy
+ associations for a custom provider","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ an association resource that associates selected resource types to the specified
+ custom provider. This policy deployment does not support nested resource types.","metadata":{"category":"Custom
+ Provider"},"parameters":{"targetCustomProviderId":{"type":"String","metadata":{"displayName":"Custom
+ provider Id","description":"Resource ID of the Custom provider to which resources
+ need to be associated."}},"resourceTypesToAssociate":{"type":"Array","metadata":{"displayName":"Resource
+ types to associate","description":"The list of resource types to be associated
+ to the custom provider.","strongType":"resourceTypes"}},"associationNamePrefix":{"type":"String","metadata":{"displayName":"Association
+ name prefix","description":"Prefix to be added to the name of the association
+ resource being created."},"defaultValue":"DeployedByPolicy"}},"policyRule":{"if":{"field":"type","in":"[parameters(''resourceTypesToAssociate'')]"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.CustomProviders/Associations","name":"[concat(parameters(''associationNamePrefix''),
+ ''-'', uniqueString(parameters(''targetCustomProviderId'')))]","roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"associatedResourceName":{"type":"string"},"resourceTypesToAssociate":{"type":"string"},"targetCustomProviderId":{"type":"string"},"associationNamePrefix":{"type":"string"}},"variables":{"resourceType":"[concat(parameters(''resourceTypesToAssociate''),
+ ''/providers/associations'')]","resourceName":"[concat(parameters(''associatedResourceName''),
+ ''/microsoft.customproviders/'', parameters(''associationNamePrefix''), ''-'',
+ uniqueString(parameters(''targetCustomProviderId'')))]"},"resources":[{"type":"Microsoft.Resources/deployments","apiVersion":"2017-05-10","name":"[concat(deployment().Name,
+ ''-2'')]","properties":{"mode":"Incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[{"type":"[variables(''resourceType'')]","name":"[variables(''resourceName'')]","apiVersion":"2018-09-01-preview","properties":{"targetResourceId":"[parameters(''targetCustomProviderId'')]"}}]}}}]},"parameters":{"resourceTypesToAssociate":{"value":"[field(''type'')]"},"associatedResourceName":{"value":"[field(''name'')]"},"targetCustomProviderId":{"value":"[parameters(''targetCustomProviderId'')]"},"associationNamePrefix":{"value":"[parameters(''associationNamePrefix'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c15c281f-ea5c-44cd-90b8-fc3c14d13f0c","type":"Microsoft.Authorization/policyDefinitions","name":"c15c281f-ea5c-44cd-90b8-fc3c14d13f0c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1629 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1629"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c171b095-7756-41de-8644-a062a96043f2","type":"Microsoft.Authorization/policyDefinitions","name":"c171b095-7756-41de-8644-a062a96043f2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1004 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1004"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c17822dc-736f-4eb4-a97d-e6be662ff835","type":"Microsoft.Authorization/policyDefinitions","name":"c17822dc-736f-4eb4-a97d-e6be662ff835"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation only in Asia data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation in the following locations only: East Asia, Southeast Asia,
West India, South India, Central India, Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["eastasia","southeastasia","westindia","southindia","centralindia","japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94","type":"Microsoft.Authorization/policyDefinitions","name":"c1b9cbed-08e3-427d-b9ce-7c535b1e9b94"},{"properties":{"displayName":"[Preview]:
@@ -2667,7 +4937,9 @@ interactions:
Credential Validation;ExpectedValue'', ''='', parameters(''AuditCredentialValidation'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesAccountLogon"},"AuditCredentialValidation":{"value":"[parameters(''AuditCredentialValidation'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AuditCredentialValidation":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit
Credential Validation;ExpectedValue","value":"[parameters(''AuditCredentialValidation'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1e289c0-ffad-475d-a924-adc058765d65","type":"Microsoft.Authorization/policyDefinitions","name":"c1e289c0-ffad-475d-a924-adc058765d65"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1e289c0-ffad-475d-a924-adc058765d65","type":"Microsoft.Authorization/policyDefinitions","name":"c1e289c0-ffad-475d-a924-adc058765d65"},{"properties":{"displayName":"Microsoft
+ Managed Control 1503 - Information Security Architecture","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1503"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1fa9c2f-d439-4ab9-8b83-81fb1934f81d","type":"Microsoft.Authorization/policyDefinitions","name":"c1fa9c2f-d439-4ab9-8b83-81fb1934f81d"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that are not set to the specified time
zone","policyType":"BuiltIn","mode":"Indexed","description":"This policy creates
a Guest Configuration assignment to audit Windows virtual machines that are
@@ -2742,7 +5014,24 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines on which the specified services are not installed and ''Running''.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsServiceStatus","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a","type":"Microsoft.Authorization/policyDefinitions","name":"c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a"},{"properties":{"displayName":"System
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsServiceStatus","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a","type":"Microsoft.Authorization/policyDefinitions","name":"c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a"},{"properties":{"displayName":"Ensure
+ that ''.Net Framework'' version is the latest, if used as a part of the API
+ app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for .Net Framework software either due to security
+ flaws or to include additional functionality. Using the latest .Net framework
+ version for web apps is recommended in order to to take advantage of security
+ fixes, if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.netFrameworkVersion","in":["v3.0","v4.0"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c2e7ca55-f62c-49b2-89a4-d41eb661d2f0","type":"Microsoft.Authorization/policyDefinitions","name":"c2e7ca55-f62c-49b2-89a4-d41eb661d2f0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1176 - Baseline Configuration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1176"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c30690a5-7bf3-467f-b0cd-ef5c7c7449cd","type":"Microsoft.Authorization/policyDefinitions","name":"c30690a5-7bf3-467f-b0cd-ef5c7c7449cd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1389 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1389"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c39e6fda-ae70-4891-a739-be7bba6d1062","type":"Microsoft.Authorization/policyDefinitions","name":"c39e6fda-ae70-4891-a739-be7bba6d1062"},{"properties":{"displayName":"Microsoft
+ Managed Control 1390 - Information Spillage Response | Responsible Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1390"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c3b65b63-09ec-4cb5-8028-7dd324d10eb0","type":"Microsoft.Authorization/policyDefinitions","name":"c3b65b63-09ec-4cb5-8028-7dd324d10eb0"},{"properties":{"displayName":"System
updates on virtual machine scale sets should be installed","policyType":"BuiltIn","mode":"Indexed","description":"Audit
whether there are any missing system security updates and critical updates
that should be installed to ensure that your Windows and Linux virtual machine
@@ -2754,6 +5043,13 @@ interactions:
auditing Linux virtual machines that have accounts without passwords. For
more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid232","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","type":"Microsoft.Authorization/policyDefinitions","name":"c40c9087-1981-4e73-9f53-39743eda9d05"},{"properties":{"displayName":"Microsoft
+ Managed Control 1220 - Least Functionality | Authorized Software / Whitelisting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1220"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c40f31a7-81e1-4130-99e5-a02ceea2a1d6","type":"Microsoft.Authorization/policyDefinitions","name":"c40f31a7-81e1-4130-99e5-a02ceea2a1d6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1513 - Personnel Screening | Information With Special Protection
+ Measures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1513"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c416970d-b12b-49eb-8af4-fb144cd7c290","type":"Microsoft.Authorization/policyDefinitions","name":"c416970d-b12b-49eb-8af4-fb144cd7c290"},{"properties":{"displayName":"Microsoft
Antimalware for Azure should be configured to automatically update protection
signatures","policyType":"BuiltIn","mode":"Indexed","description":"This policy
audits any Windows virtual machine not configured with automatic update of
@@ -2762,7 +5058,22 @@ interactions:
Container Registry should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Container Registry not configured to use a virtual network
service endpoint.","metadata":{"category":"Network","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerRegistry/registries"},{"anyOf":[{"field":"Microsoft.ContainerRegistry/registries/networkRuleSet.defaultAction","notEquals":"Deny"},{"field":"Microsoft.ContainerRegistry/registries/networkRuleSet.virtualNetworkRules[*].action","exists":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c4857be7-912a-4c75-87e6-e30292bcdf78","type":"Microsoft.Authorization/policyDefinitions","name":"c4857be7-912a-4c75-87e6-e30292bcdf78"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerRegistry/registries"},{"anyOf":[{"field":"Microsoft.ContainerRegistry/registries/networkRuleSet.defaultAction","notEquals":"Deny"},{"field":"Microsoft.ContainerRegistry/registries/networkRuleSet.virtualNetworkRules[*].action","exists":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c4857be7-912a-4c75-87e6-e30292bcdf78","type":"Microsoft.Authorization/policyDefinitions","name":"c4857be7-912a-4c75-87e6-e30292bcdf78"},{"properties":{"displayName":"Microsoft
+ Managed Control 1235 - Software Usage Restrictions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1235"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c49c610b-ece4-44b3-988c-2172b70d6e46","type":"Microsoft.Authorization/policyDefinitions","name":"c49c610b-ece4-44b3-988c-2172b70d6e46"},{"properties":{"displayName":"Microsoft
+ Managed Control 1173 - Internal System Connections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1173"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c4aff9e7-2e60-46fa-86be-506b79033fc5","type":"Microsoft.Authorization/policyDefinitions","name":"c4aff9e7-2e60-46fa-86be-506b79033fc5"},{"properties":{"displayName":"Managed
+ identity should be used in your API App","policyType":"BuiltIn","mode":"Indexed","description":"Use
+ a managed identity for enhanced authentication security","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","type":"Microsoft.Authorization/policyDefinitions","name":"c4d441f8-f9d9-4a9e-9cef-e82117cb3eef"},{"properties":{"displayName":"Microsoft
+ Managed Control 1600 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1600"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c53f3123-d233-44a7-930b-f40d3bfeb7d6","type":"Microsoft.Authorization/policyDefinitions","name":"c53f3123-d233-44a7-930b-f40d3bfeb7d6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1408 - Maintenance Tools | Prevent Unauthorized Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1408"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c5f56ac6-4bb2-4086-bc41-ad76344ba2c2","type":"Microsoft.Authorization/policyDefinitions","name":"c5f56ac6-4bb2-4086-bc41-ad76344ba2c2"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that contain certificates expiring
within the specified number of days","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -2803,19 +5114,60 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateStorePath","value":"[parameters(''CertificateStorePath'')]"},{"name":"[CertificateStore]CertificateStore1;ExpirationLimitInDays","value":"[parameters(''ExpirationLimitInDays'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprintsToInclude'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToExclude","value":"[parameters(''CertificateThumbprintsToExclude'')]"},{"name":"[CertificateStore]CertificateStore1;IncludeExpiredCertificates","value":"[parameters(''IncludeExpiredCertificates'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c5fbc59e-fb6f-494f-81e2-d99a671bdaa8","type":"Microsoft.Authorization/policyDefinitions","name":"c5fbc59e-fb6f-494f-81e2-d99a671bdaa8"},{"properties":{"displayName":"Email
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c5fbc59e-fb6f-494f-81e2-d99a671bdaa8","type":"Microsoft.Authorization/policyDefinitions","name":"c5fbc59e-fb6f-494f-81e2-d99a671bdaa8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1670 - Flaw Remediation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1670"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c6108469-57ee-4666-af7e-79ba61c7ae0c","type":"Microsoft.Authorization/policyDefinitions","name":"c6108469-57ee-4666-af7e-79ba61c7ae0c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1190 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1190"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c66a3d1e-465b-4f28-9da5-aef701b59892","type":"Microsoft.Authorization/policyDefinitions","name":"c66a3d1e-465b-4f28-9da5-aef701b59892"},{"properties":{"displayName":"Microsoft
+ Managed Control 1120 - Audit Review, Analysis, And Reporting | Integration
+ / Scanning And Monitoring Capabilities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1120"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c69b870e-857b-458b-af02-bb234f7a00d3","type":"Microsoft.Authorization/policyDefinitions","name":"c69b870e-857b-458b-af02-bb234f7a00d3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1125 - Audit Reduction And Report Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1125"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c6ce745a-670e-47d3-a6c4-3cfe5ef00c10","type":"Microsoft.Authorization/policyDefinitions","name":"c6ce745a-670e-47d3-a6c4-3cfe5ef00c10"},{"properties":{"displayName":"Microsoft
+ Managed Control 1619 - Information In Shared Resources","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1619"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c722e569-cb52-45f3-a643-836547d016e1","type":"Microsoft.Authorization/policyDefinitions","name":"c722e569-cb52-45f3-a643-836547d016e1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1121 - Audit Review, Analysis, And Reporting | Correlation
+ With Physical Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1121"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c72b0eb9-1fc2-44e5-a866-e7cb0532f7c1","type":"Microsoft.Authorization/policyDefinitions","name":"c72b0eb9-1fc2-44e5-a866-e7cb0532f7c1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1353 - Incident Response Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1353"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c785ad59-f78f-44ad-9a7f-d1202318c748","type":"Microsoft.Authorization/policyDefinitions","name":"c785ad59-f78f-44ad-9a7f-d1202318c748"},{"properties":{"displayName":"Email
notifications to admins and subscription owners should be enabled in SQL server
advanced data security settings","policyType":"BuiltIn","mode":"Indexed","description":"Audit
that ''email notification to admins and subscription owners'' is enabled in
the SQL server advanced threat protection settings. This ensures that any
detections of anomalous activities on SQL server are reported as soon as possible
to the admins.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","type":"Microsoft.Authorization/policyDefinitions","name":"c8343d2f-fdc9-4a97-b76f-fc71d1163bfc"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","type":"Microsoft.Authorization/policyDefinitions","name":"c8343d2f-fdc9-4a97-b76f-fc71d1163bfc"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Batch Account to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Batch Account to stream to a regional Log Analytics
+ workspace when any Batch Account which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Batch/batchAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Batch/batchAccounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ServiceLog","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5","type":"Microsoft.Authorization/policyDefinitions","name":"c84e5349-db6d-4769-805e-e14037dab9b5"},{"properties":{"displayName":"[Deprecated]:
API App should only be accessible over HTTPS","policyType":"BuiltIn","mode":"All","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"Security
Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForApiApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d","type":"Microsoft.Authorization/policyDefinitions","name":"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForApiApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d","type":"Microsoft.Authorization/policyDefinitions","name":"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1470 - Emergency Shutoff","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1470"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c89ba09f-2e0f-44d0-8095-65b05bd151ef","type":"Microsoft.Authorization/policyDefinitions","name":"c89ba09f-2e0f-44d0-8095-65b05bd151ef"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Interactive Logon''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -2823,7 +5175,10 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - Interactive Logon''. For more information on
Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsInteractiveLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8abcef9-fc26-482f-b8db-5fa60ee4586d","type":"Microsoft.Authorization/policyDefinitions","name":"c8abcef9-fc26-482f-b8db-5fa60ee4586d"},{"properties":{"displayName":"Diagnostic
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsInteractiveLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8abcef9-fc26-482f-b8db-5fa60ee4586d","type":"Microsoft.Authorization/policyDefinitions","name":"c8abcef9-fc26-482f-b8db-5fa60ee4586d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1018 - Account Management | Role-Based Schemes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1018"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c9121abf-e698-4ee9-b1cf-71ee528ff07f","type":"Microsoft.Authorization/policyDefinitions","name":"c9121abf-e698-4ee9-b1cf-71ee528ff07f"},{"properties":{"displayName":"Diagnostic
logs in Data Lake Analytics should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
@@ -2844,13 +5199,13 @@ interactions:
and deploys the VM extension for Guest Configuration. This policy should only
be used along with its corresponding audit policy in an initiative. For more
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPendingReboot"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPendingReboot"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c96f3246-4382-4264-bf6b-af0b35e23c3c","type":"Microsoft.Authorization/policyDefinitions","name":"c96f3246-4382-4264-bf6b-af0b35e23c3c"},{"properties":{"displayName":"Deploy
Diagnostic Settings for Network Security Groups","policyType":"BuiltIn","mode":"Indexed","description":"This
policy automatically deploys diagnostic settings to network security groups.
@@ -2872,11 +5227,30 @@ interactions:
service work as intended, allow the set of trusted Microsoft services to bypass
the network rules. These services will then use strong authentication to access
the storage account.","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","exists":"true"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","notContains":"AzureServices"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","type":"Microsoft.Authorization/policyDefinitions","name":"c9d007d0-c057-4772-b18c-01e546713bcd"},{"properties":{"displayName":"Remote
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","exists":"true"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","notContains":"AzureServices"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","type":"Microsoft.Authorization/policyDefinitions","name":"c9d007d0-c057-4772-b18c-01e546713bcd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1035 - Least Privilege | Authorize Access To Security Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1035"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ca94b046-45e2-444f-a862-dc8ce262a516","type":"Microsoft.Authorization/policyDefinitions","name":"ca94b046-45e2-444f-a862-dc8ce262a516"},{"properties":{"displayName":"Microsoft
+ Managed Control 1243 - Contingency Planning Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1243"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ca9a4469-d6df-4ab2-a42f-1213c396f0ec","type":"Microsoft.Authorization/policyDefinitions","name":"ca9a4469-d6df-4ab2-a42f-1213c396f0ec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1306 - Identification And Authentication (Org. Users) | Net.
+ Access To Priv. Accts. - Replay","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1306"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff","type":"Microsoft.Authorization/policyDefinitions","name":"cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff"},{"properties":{"displayName":"Remote
debugging should be turned off for Web Applications","policyType":"BuiltIn","mode":"Indexed","description":"Remote
debugging requires inbound ports to be opened on a web application. Remote
debugging should be turned off.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","type":"Microsoft.Authorization/policyDefinitions","name":"cb510bfd-1cba-4d9f-a230-cb0976f4bb71"},{"properties":{"displayName":"Show
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","type":"Microsoft.Authorization/policyDefinitions","name":"cb510bfd-1cba-4d9f-a230-cb0976f4bb71"},{"properties":{"displayName":"Microsoft
+ Managed Control 1486 - Alternate Work Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1486"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cb790345-a51f-43de-934e-98dbfaf9dca5","type":"Microsoft.Authorization/policyDefinitions","name":"cb790345-a51f-43de-934e-98dbfaf9dca5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1167 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1167"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cbb2be76-4891-430b-95a7-ca0b0a3d1300","type":"Microsoft.Authorization/policyDefinitions","name":"cbb2be76-4891-430b-95a7-ca0b0a3d1300"},{"properties":{"displayName":"Microsoft
+ Managed Control 1374 - Incident Response Assistance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1374"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cc5c8616-52ef-4e5e-8000-491634ed9249","type":"Microsoft.Authorization/policyDefinitions","name":"cc5c8616-52ef-4e5e-8000-491634ed9249"},{"properties":{"displayName":"Show
audit results from Windows VMs in which the Administrators group does not
contain only the specified members","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -2895,7 +5269,10 @@ interactions:
policy enables you to specify a set of virtual machine SKUs that your organization
can deploy.","metadata":{"category":"Compute"},"parameters":{"listOfAllowedSKUs":{"type":"Array","metadata":{"description":"The
list of SKUs that can be specified for virtual machines.","displayName":"Allowed
- SKUs","strongType":"VMSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"field":"Microsoft.Compute/virtualMachines/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3","type":"Microsoft.Authorization/policyDefinitions","name":"cccc23c7-8427-4f53-ad12-b6a63eb452b3"},{"properties":{"displayName":"Inherit
+ SKUs","strongType":"VMSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"field":"Microsoft.Compute/virtualMachines/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3","type":"Microsoft.Authorization/policyDefinitions","name":"cccc23c7-8427-4f53-ad12-b6a63eb452b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1443 - Media Use","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1443"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd0ec6fa-a2e7-4361-aee4-a8688659a9ed","type":"Microsoft.Authorization/policyDefinitions","name":"cd0ec6fa-a2e7-4361-aee4-a8688659a9ed"},{"properties":{"displayName":"Inherit
a tag from the resource group","policyType":"BuiltIn","mode":"Indexed","description":"Adds
or replaces the specified tag and value from the parent resource group when
any resource is created or updated. Existing resources can be remediated by
@@ -2904,13 +5281,19 @@ interactions:
parameters(''tagName''), '']'')]","notEquals":"[resourceGroup().tags[parameters(''tagName'')]]"},{"value":"[resourceGroup().tags[parameters(''tagName'')]]","notEquals":""}]},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"addOrReplace","field":"[concat(''tags['',
parameters(''tagName''), '']'')]","value":"[resourceGroup().tags[parameters(''tagName'')]]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd3aa116-8754-49c9-a813-ad46512ece54","type":"Microsoft.Authorization/policyDefinitions","name":"cd3aa116-8754-49c9-a813-ad46512ece54"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation if ''department'' tag set","policyType":"BuiltIn","mode":"Indexed","description":"Allows
- resource creation only if the ''department'' tag is set","metadata":{"category":"Tags","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags","containsKey":"department"}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064","type":"Microsoft.Authorization/policyDefinitions","name":"cd8dc879-a2ae-43c3-8211-1877c5755064"},{"properties":{"displayName":"[Preview]:
+ resource creation only if the ''department'' tag is set","metadata":{"category":"Tags","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags","containsKey":"department"}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064","type":"Microsoft.Authorization/policyDefinitions","name":"cd8dc879-a2ae-43c3-8211-1877c5755064"},{"properties":{"displayName":"Microsoft
+ Managed Control 1582 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1582"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd9e2f38-259b-462c-bfad-0ad7ab4e65c5","type":"Microsoft.Authorization/policyDefinitions","name":"cd9e2f38-259b-462c-bfad-0ad7ab4e65c5"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that allow re-use of the previous 24 passwords","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that allow re-use of the previous 24 passwords.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","type":"Microsoft.Authorization/policyDefinitions","name":"cdbf72d9-ac9c-4026-8a3a-491a5ac59293"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","type":"Microsoft.Authorization/policyDefinitions","name":"cdbf72d9-ac9c-4026-8a3a-491a5ac59293"},{"properties":{"displayName":"Microsoft
+ Managed Control 1104 - Audit Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1104"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cdd8d244-18b2-4306-a1d1-df175ae0935f","type":"Microsoft.Authorization/policyDefinitions","name":"cdd8d244-18b2-4306-a1d1-df175ae0935f"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - Privilege Use''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -2921,14 +5304,37 @@ interactions:
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPrivilegeUse","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesPrivilegeUse"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ce2370f6-0ac5-4d85-8ab4-10721cc640b0","type":"Microsoft.Authorization/policyDefinitions","name":"ce2370f6-0ac5-4d85-8ab4-10721cc640b0"},{"properties":{"displayName":"Diagnostic
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ce2370f6-0ac5-4d85-8ab4-10721cc640b0","type":"Microsoft.Authorization/policyDefinitions","name":"ce2370f6-0ac5-4d85-8ab4-10721cc640b0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1209 - Configuration Settings","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1209"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ce669c31-9103-4552-ae9c-cdef4e03580d","type":"Microsoft.Authorization/policyDefinitions","name":"ce669c31-9103-4552-ae9c-cdef4e03580d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1242 - Contingency Planning Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1242"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf3b3293-667a-445e-a722-fa0b0afc0958","type":"Microsoft.Authorization/policyDefinitions","name":"cf3b3293-667a-445e-a722-fa0b0afc0958"},{"properties":{"displayName":"Microsoft
+ Managed Control 1097 - Role-Based Security Training | Suspicious Communications
+ And Anomalous System Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1097"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf3e4836-f19e-47eb-a8cd-c3ca150452c0","type":"Microsoft.Authorization/policyDefinitions","name":"cf3e4836-f19e-47eb-a8cd-c3ca150452c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1424 - Maintenance Personnel | Individuals Without Appropriate
+ Access","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1424"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf55fc87-48e1-4676-a2f8-d9a8cf993283","type":"Microsoft.Authorization/policyDefinitions","name":"cf55fc87-48e1-4676-a2f8-d9a8cf993283"},{"properties":{"displayName":"Diagnostic
logs in Key Vault should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Key Vault"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","type":"Microsoft.Authorization/policyDefinitions","name":"cf820ca0-f99e-4f3e-84fb-66e913812d21"},{"properties":{"displayName":"Add
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","type":"Microsoft.Authorization/policyDefinitions","name":"cf820ca0-f99e-4f3e-84fb-66e913812d21"},{"properties":{"displayName":"Microsoft
+ Managed Control 1292 - Information System Backup | Test Restoration Using
+ Sampling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1292"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d03516cf-0293-489f-9b32-a18f2a79f836","type":"Microsoft.Authorization/policyDefinitions","name":"d03516cf-0293-489f-9b32-a18f2a79f836"},{"properties":{"displayName":"Microsoft
+ Managed Control 1724 - Error Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1724"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d07594d1-0307-4c08-94db-5d71ff31f0f6","type":"Microsoft.Authorization/policyDefinitions","name":"d07594d1-0307-4c08-94db-5d71ff31f0f6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1084 - Publicly Accessible Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1084"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d0eb15db-dd1c-4d1d-b200-b12dd6cd060c","type":"Microsoft.Authorization/policyDefinitions","name":"d0eb15db-dd1c-4d1d-b200-b12dd6cd060c"},{"properties":{"displayName":"Add
or replace a tag on resource groups","policyType":"BuiltIn","mode":"All","description":"Adds
or replaces the specified tag and value when any resource group is created
or updated. Existing resource groups can be remediated by triggering a remediation
@@ -2944,11 +5350,30 @@ interactions:
connections between your database server and your client applications helps
protect against ''man-in-the-middle'' attacks by encrypting the data stream
between the server and your application","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","type":"Microsoft.Authorization/policyDefinitions","name":"d158790f-bfb0-486c-8631-2dc6b4e8e6af"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","type":"Microsoft.Authorization/policyDefinitions","name":"d158790f-bfb0-486c-8631-2dc6b4e8e6af"},{"properties":{"displayName":"Microsoft
+ Managed Control 1620 - Denial Of Service Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1620"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d17c826b-1dec-43e1-a984-7b71c446649c","type":"Microsoft.Authorization/policyDefinitions","name":"d17c826b-1dec-43e1-a984-7b71c446649c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1409 - Maintenance Tools | Prevent Unauthorized Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1409"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d1880188-e51a-4772-b2ab-68f5e8bd27f6","type":"Microsoft.Authorization/policyDefinitions","name":"d1880188-e51a-4772-b2ab-68f5e8bd27f6"},{"properties":{"displayName":"[Deprecated]:
Audit Function Apps that are not using custom domains","policyType":"BuiltIn","mode":"All","description":"Use
of custom domains protects a Function app from common attacks such as phishing
and other DNS-related attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c","type":"Microsoft.Authorization/policyDefinitions","name":"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c","type":"Microsoft.Authorization/policyDefinitions","name":"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1195 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1195"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d1e1d65c-1013-4484-bd54-991332e6a0d2","type":"Microsoft.Authorization/policyDefinitions","name":"d1e1d65c-1013-4484-bd54-991332e6a0d2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1721 - Spam Protection | Central Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1721"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a","type":"Microsoft.Authorization/policyDefinitions","name":"d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1106 - Audit Events | Reviews And Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1106"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d2b4feae-61ab-423f-a4c5-0e38ac4464d8","type":"Microsoft.Authorization/policyDefinitions","name":"d2b4feae-61ab-423f-a4c5-0e38ac4464d8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1030 - Information Flow Enforcement | Physical / Logical Separation
+ Of Information Flows","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1030"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d3531453-b869-4606-9122-29c1cd6e7ed1","type":"Microsoft.Authorization/policyDefinitions","name":"d3531453-b869-4606-9122-29c1cd6e7ed1"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs on which the DSC configuration is
not compliant","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows VMs on which
@@ -2958,30 +5383,127 @@ interactions:
Configuration. This policy should only be used along with its corresponding
audit policy in an initiative. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDscConfiguration","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDscConfiguration"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d38b4c26-9d2e-47d7-aefe-18d859a8706a","type":"Microsoft.Authorization/policyDefinitions","name":"d38b4c26-9d2e-47d7-aefe-18d859a8706a"},{"properties":{"displayName":"Virtual
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDscConfiguration","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDscConfiguration"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d38b4c26-9d2e-47d7-aefe-18d859a8706a","type":"Microsoft.Authorization/policyDefinitions","name":"d38b4c26-9d2e-47d7-aefe-18d859a8706a"},{"properties":{"displayName":"Long-term
+ geo-redundant backup should be enabled for Azure SQL Databases","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure SQL Database with long-term geo-redundant backup not
+ enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies","name":"default","existenceCondition":{"anyOf":[{"field":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies/weeklyRetention","notEquals":"PT0S"},{"field":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies/monthlyRetention","notEquals":"PT0S"},{"field":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies/yearlyRetention","notEquals":"PT0S"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","type":"Microsoft.Authorization/policyDefinitions","name":"d38fc420-0735-4ef3-ac11-c806f651a570"},{"properties":{"displayName":"Microsoft
+ Managed Control 1641 - Transmission Confidentiality And Integrity | Cryptographic
+ Or Alternate Physical Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1641"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d39d4f68-7346-4133-8841-15318a714a24","type":"Microsoft.Authorization/policyDefinitions","name":"d39d4f68-7346-4133-8841-15318a714a24"},{"properties":{"displayName":"Microsoft
+ Managed Control 1249 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1249"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d3bf4251-0818-42db-950b-afd5b25a51c2","type":"Microsoft.Authorization/policyDefinitions","name":"d3bf4251-0818-42db-950b-afd5b25a51c2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1562 - Allocation Of Resources","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1562"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d4142013-7964-4163-a313-a900301c2cef","type":"Microsoft.Authorization/policyDefinitions","name":"d4142013-7964-4163-a313-a900301c2cef"},{"properties":{"displayName":"Virtual
machines should be connected to an approved virtual network","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any virtual machine connected to a virtual network that is not
approved.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"virtualNetworkId":{"type":"String","metadata":{"displayName":"Virtual
- network Id","description":"Resource Id of the virtual network. Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroupName/providers/Microsoft.Network/virtualNetworks/Name"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"not":{"field":"Microsoft.Network/networkInterfaces/ipconfigurations[*].subnet.id","like":"[concat(parameters(''virtualNetworkId''),''/*'')]"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d416745a-506c-48b6-8ab1-83cb814bcaa3","type":"Microsoft.Authorization/policyDefinitions","name":"d416745a-506c-48b6-8ab1-83cb814bcaa3"},{"properties":{"displayName":"Event
+ network Id","description":"Resource Id of the virtual network. Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroupName/providers/Microsoft.Network/virtualNetworks/Name"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"not":{"field":"Microsoft.Network/networkInterfaces/ipconfigurations[*].subnet.id","like":"[concat(parameters(''virtualNetworkId''),''/*'')]"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d416745a-506c-48b6-8ab1-83cb814bcaa3","type":"Microsoft.Authorization/policyDefinitions","name":"d416745a-506c-48b6-8ab1-83cb814bcaa3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1383 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1383"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d4558451-e16a-4d2d-a066-fe12a6282bb9","type":"Microsoft.Authorization/policyDefinitions","name":"d4558451-e16a-4d2d-a066-fe12a6282bb9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1112 - Response To Audit Processing Failures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1112"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d530aad8-4ee2-45f4-b234-c061dae683c0","type":"Microsoft.Authorization/policyDefinitions","name":"d530aad8-4ee2-45f4-b234-c061dae683c0"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Data Lake Analytics to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Analytics to stream to a regional Log
+ Analytics workspace when any Data Lake Analytics which is missing this diagnostic
+ settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeAnalytics/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeAnalytics/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03","type":"Microsoft.Authorization/policyDefinitions","name":"d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03"},{"properties":{"displayName":"Microsoft
+ Managed Control 1585 - Security Engineering Principles","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1585"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d57f8732-5cdc-4cda-8d27-ab148e1f3a55","type":"Microsoft.Authorization/policyDefinitions","name":"d57f8732-5cdc-4cda-8d27-ab148e1f3a55"},{"properties":{"displayName":"Microsoft
+ Managed Control 1667 - System And Information Integrity Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1667"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d61880dc-6e38-4f2a-a30c-3406a98f8220","type":"Microsoft.Authorization/policyDefinitions","name":"d61880dc-6e38-4f2a-a30c-3406a98f8220"},{"properties":{"displayName":"Microsoft
+ Managed Control 1150 - Security Assessments | External Organizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1150"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d630429d-e763-40b1-8fba-d20ba7314afb","type":"Microsoft.Authorization/policyDefinitions","name":"d630429d-e763-40b1-8fba-d20ba7314afb"},{"properties":{"displayName":"Event
Hub should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Event Hub not configured to use a virtual network service
endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.EventHub/namespaces/virtualNetworkRules","existenceCondition":{"field":"Microsoft.EventHub/namespaces/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d63edb4a-c612-454d-b47d-191a724fcbf0","type":"Microsoft.Authorization/policyDefinitions","name":"d63edb4a-c612-454d-b47d-191a724fcbf0"},{"properties":{"displayName":"Show
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.EventHub/namespaces/virtualNetworkRules","existenceCondition":{"field":"Microsoft.EventHub/namespaces/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d63edb4a-c612-454d-b47d-191a724fcbf0","type":"Microsoft.Authorization/policyDefinitions","name":"d63edb4a-c612-454d-b47d-191a724fcbf0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1549 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1549"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d6976a08-d969-4df2-bb38-29556c2eb48a","type":"Microsoft.Authorization/policyDefinitions","name":"d6976a08-d969-4df2-bb38-29556c2eb48a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1473 - Emergency Power","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1473"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d7047705-d719-46a7-8bb0-76ad233eba71","type":"Microsoft.Authorization/policyDefinitions","name":"d7047705-d719-46a7-8bb0-76ad233eba71"},{"properties":{"displayName":"Microsoft
+ Managed Control 1529 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1529"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d74fdc92-1cb8-4a34-9978-8556425cd14c","type":"Microsoft.Authorization/policyDefinitions","name":"d74fdc92-1cb8-4a34-9978-8556425cd14c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1350 - Identification And Authentication (Non-Org. Users)
+ | Use Of FICAM-Issued Profiles","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1350"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d77fd943-6ba6-4a21-ba07-22b03e347cc4","type":"Microsoft.Authorization/policyDefinitions","name":"d77fd943-6ba6-4a21-ba07-22b03e347cc4"},{"properties":{"displayName":"Show
audit results from Windows Server VMs on which Windows Serial Console is not
enabled","policyType":"BuiltIn","mode":"All","description":"This policy should
only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
Server virtual machines on which Windows Serial Console is not enabled. For
more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsSerialConsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d7ccd0ca-8d78-42af-a43d-6b7f928accbc","type":"Microsoft.Authorization/policyDefinitions","name":"d7ccd0ca-8d78-42af-a43d-6b7f928accbc"},{"properties":{"displayName":"[Deprecated]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsSerialConsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d7ccd0ca-8d78-42af-a43d-6b7f928accbc","type":"Microsoft.Authorization/policyDefinitions","name":"d7ccd0ca-8d78-42af-a43d-6b7f928accbc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1016 - Account Management | Automated Audit Actions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1016"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d8b43277-512e-40c3-ab00-14b3b6e72238","type":"Microsoft.Authorization/policyDefinitions","name":"d8b43277-512e-40c3-ab00-14b3b6e72238"},{"properties":{"displayName":"Microsoft
+ Managed Control 1488 - Alternate Work Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1488"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d8ef30eb-a44f-47af-8524-ac19a36d41d2","type":"Microsoft.Authorization/policyDefinitions","name":"d8ef30eb-a44f-47af-8524-ac19a36d41d2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1577 - Acquisition Process | Continuous Monitoring Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1577"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d922484a-8cfc-4a6b-95a4-77d6a685407f","type":"Microsoft.Authorization/policyDefinitions","name":"d922484a-8cfc-4a6b-95a4-77d6a685407f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1271 - Alternate Storage Site | Accessibility","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1271"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/da3bfb53-9c46-4010-b3db-a7ba1296dada","type":"Microsoft.Authorization/policyDefinitions","name":"da3bfb53-9c46-4010-b3db-a7ba1296dada"},{"properties":{"displayName":"Microsoft
+ Managed Control 1516 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1516"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/da3cd269-156f-435b-b472-c3af34c032ed","type":"Microsoft.Authorization/policyDefinitions","name":"da3cd269-156f-435b-b472-c3af34c032ed"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Batch Account to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Batch Account to stream to a regional Event Hub
+ when any Batch Account which is missing this diagnostic settings is created
+ or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Batch/batchAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Batch/batchAccounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ServiceLog","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/db51110f-0865-4a6e-b274-e2e07a5b2cd7","type":"Microsoft.Authorization/policyDefinitions","name":"db51110f-0865-4a6e-b274-e2e07a5b2cd7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1277 - Alternate Processing Site | Priority Of Service","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1277"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dc43e829-3d50-4a0a-aa0f-428d551862aa","type":"Microsoft.Authorization/policyDefinitions","name":"dc43e829-3d50-4a0a-aa0f-428d551862aa"},{"properties":{"displayName":"Microsoft
+ Managed Control 1439 - Media Sanitization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1439"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dce72873-c5f1-47c3-9b4f-6b8207fd5a45","type":"Microsoft.Authorization/policyDefinitions","name":"dce72873-c5f1-47c3-9b4f-6b8207fd5a45"},{"properties":{"displayName":"Microsoft
+ Managed Control 1264 - Contingency Plan Testing | Coordinate With Related
+ Plans","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1264"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd280d4b-50a1-42fb-a479-ece5878acf19","type":"Microsoft.Authorization/policyDefinitions","name":"dd280d4b-50a1-42fb-a479-ece5878acf19"},{"properties":{"displayName":"[Deprecated]:
Audit Web Applications that are not using custom domains","policyType":"BuiltIn","mode":"All","description":"Use
of custom domains protects a web application from common attacks such as phishing
and other DNS-related attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -2993,7 +5515,23 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''System Audit Policies - Policy Change''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPolicyChange","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd4680ed-0559-4a6a-ad10-081d14cbb484","type":"Microsoft.Authorization/policyDefinitions","name":"dd4680ed-0559-4a6a-ad10-081d14cbb484"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPolicyChange","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd4680ed-0559-4a6a-ad10-081d14cbb484","type":"Microsoft.Authorization/policyDefinitions","name":"dd4680ed-0559-4a6a-ad10-081d14cbb484"},{"properties":{"displayName":"Microsoft
+ Managed Control 1715 - Software, Firmware, And Information Integrity | Automated
+ Response To Integrity Violations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1715"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd469ae0-71a8-4adc-aafc-de6949ca3339","type":"Microsoft.Authorization/policyDefinitions","name":"dd469ae0-71a8-4adc-aafc-de6949ca3339"},{"properties":{"displayName":"Microsoft
+ Managed Control 1678 - Malicious Code Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1678"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd533cb0-b416-4be7-8e86-4d154824dfd7","type":"Microsoft.Authorization/policyDefinitions","name":"dd533cb0-b416-4be7-8e86-4d154824dfd7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1391 - Information Spillage Response | Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1391"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd6ac1a1-660e-4810-baa8-74e868e2ed47","type":"Microsoft.Authorization/policyDefinitions","name":"dd6ac1a1-660e-4810-baa8-74e868e2ed47"},{"properties":{"displayName":"Microsoft
+ Managed Control 1146 - Security Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1146"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd83410c-ecb6-4547-8f14-748c3cbdc7ac","type":"Microsoft.Authorization/policyDefinitions","name":"dd83410c-ecb6-4547-8f14-748c3cbdc7ac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1602 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1602"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ddae2e97-a449-499f-a1c8-aea4a7e52ec9","type":"Microsoft.Authorization/policyDefinitions","name":"ddae2e97-a449-499f-a1c8-aea4a7e52ec9"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Settings
- Account Policies''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -3018,13 +5556,26 @@ interactions:
''='', parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsRecoveryconsole"},"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Recovery
console: Allow floppy copy and access to all drives and all folders;ExpectedValue","value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b","type":"Microsoft.Authorization/policyDefinitions","name":"ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b"},{"properties":{"displayName":"[Deprecated]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b","type":"Microsoft.Authorization/policyDefinitions","name":"ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1689 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1689"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/de901f2f-a01a-4456-97f0-33cda7966172","type":"Microsoft.Authorization/policyDefinitions","name":"de901f2f-a01a-4456-97f0-33cda7966172"},{"properties":{"displayName":"Microsoft
+ Managed Control 1528 - Access Agreements","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1528"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/deb9797c-22f8-40e8-b342-a84003c924e6","type":"Microsoft.Authorization/policyDefinitions","name":"deb9797c-22f8-40e8-b342-a84003c924e6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1673 - Flaw Remediation | Automated Flaw Remediation Status","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1673"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dff0b90d-5a6f-491c-b2f8-b90aa402d844","type":"Microsoft.Authorization/policyDefinitions","name":"dff0b90d-5a6f-491c-b2f8-b90aa402d844"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation only in Japan data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation in the following locations only: Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697","type":"Microsoft.Authorization/policyDefinitions","name":"e01598e8-6538-41ed-95e8-8b29746cd697"},{"properties":{"displayName":"Cosmos
DB should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Cosmos DB not configured to use a virtual network service
endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"field":"Microsoft.DocumentDB/databaseAccounts/virtualNetworkRules[*].id","exists":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9","type":"Microsoft.Authorization/policyDefinitions","name":"e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9"},{"properties":{"displayName":"Deploy
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"field":"Microsoft.DocumentDB/databaseAccounts/virtualNetworkRules[*].id","exists":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9","type":"Microsoft.Authorization/policyDefinitions","name":"e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1206 - Access Restrictions For Change | Limit Production /
+ Operational Privileges","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1206"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0de232d-02a0-4652-872d-88afb4ae5e91","type":"Microsoft.Authorization/policyDefinitions","name":"e0de232d-02a0-4652-872d-88afb4ae5e91"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that do not have the specified Windows
PowerShell execution policy","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -3042,11 +5593,36 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellExecutionPolicy]PowerShellExecutionPolicy1;ExecutionPolicy","value":"[parameters(''ExecutionPolicy'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0efc13a-122a-47c5-b817-2ccfe5d12615","type":"Microsoft.Authorization/policyDefinitions","name":"e0efc13a-122a-47c5-b817-2ccfe5d12615"},{"properties":{"displayName":"Vulnerabilities
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0efc13a-122a-47c5-b817-2ccfe5d12615","type":"Microsoft.Authorization/policyDefinitions","name":"e0efc13a-122a-47c5-b817-2ccfe5d12615"},{"properties":{"displayName":"Microsoft
+ Managed Control 1714 - Software, Firmware, And Information Integrity | Automated
+ Notifications Of Integrity Violations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1714"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e12494fa-b81e-4080-af71-7dbacc2da0ec","type":"Microsoft.Authorization/policyDefinitions","name":"e12494fa-b81e-4080-af71-7dbacc2da0ec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1686 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1686"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e17085c5-0be8-4423-b39b-a52d3d1402e5","type":"Microsoft.Authorization/policyDefinitions","name":"e17085c5-0be8-4423-b39b-a52d3d1402e5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1722 - Spam Protection | Automatic Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1722"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1da06bd-25b6-4127-a301-c313d6873fff","type":"Microsoft.Authorization/policyDefinitions","name":"e1da06bd-25b6-4127-a301-c313d6873fff"},{"properties":{"displayName":"Vulnerabilities
in security configuration on your machines should be remediated","policyType":"BuiltIn","mode":"All","description":"Servers
which do not satisfy the configured baseline will be monitored by Azure Security
Center as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"osVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","type":"Microsoft.Authorization/policyDefinitions","name":"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"osVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","type":"Microsoft.Authorization/policyDefinitions","name":"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15"},{"properties":{"displayName":"Microsoft
+ Managed Control 1047 - System Use Notification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1047"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62","type":"Microsoft.Authorization/policyDefinitions","name":"e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62"},{"properties":{"displayName":"Microsoft
+ Managed Control 1276 - Alternate Processing Site | Accessibility","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1276"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e214e563-1206-4a43-a56b-ac5880c9c571","type":"Microsoft.Authorization/policyDefinitions","name":"e214e563-1206-4a43-a56b-ac5880c9c571"},{"properties":{"displayName":"Microsoft
+ Managed Control 1560 - System And Services Acquisition Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1560"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e29e0915-5c2f-4d09-8806-048b749ad763","type":"Microsoft.Authorization/policyDefinitions","name":"e29e0915-5c2f-4d09-8806-048b749ad763"},{"properties":{"displayName":"Ensure
+ that ''HTTP Version'' is the latest, if used to run the Function app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for HTTP either due to security flaws or to include
+ additional functionality. Using the latest HTTP version for web apps to take
+ advantage of security fixes, if any, and/or new functionalities of the newer
+ version.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.http20Enabled","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c","type":"Microsoft.Authorization/policyDefinitions","name":"e2c1c086-2d84-4019-bff3-c44ccd95113c"},{"properties":{"displayName":"[Preview]:
Audit Dependency Agent Deployment in VMSS - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports
VMSS as non-compliant if the VM Image (OS) is not in the list defined and
the agent is not installed. The list of OS images will be updated over time
@@ -3054,7 +5630,16 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10","type":"Microsoft.Authorization/policyDefinitions","name":"e2dd799a-a932-4e9d-ac17-d473bc3c6c10"},{"properties":{"displayName":"Azure
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10","type":"Microsoft.Authorization/policyDefinitions","name":"e2dd799a-a932-4e9d-ac17-d473bc3c6c10"},{"properties":{"displayName":"Microsoft
+ Managed Control 1161 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1161"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2f8f6c6-dde4-436b-a79d-bc50e129eb3a","type":"Microsoft.Authorization/policyDefinitions","name":"e2f8f6c6-dde4-436b-a79d-bc50e129eb3a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1387 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1387"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3007185-3857-43a9-8237-06ca94f1084c","type":"Microsoft.Authorization/policyDefinitions","name":"e3007185-3857-43a9-8237-06ca94f1084c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1479 - Fire Protection | Automatic Fire Suppression","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1479"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e327b072-281d-4f75-9c28-4216e5d72f26","type":"Microsoft.Authorization/policyDefinitions","name":"e327b072-281d-4f75-9c28-4216e5d72f26"},{"properties":{"displayName":"Azure
VPN gateways should not use ''basic'' SKU","policyType":"BuiltIn","mode":"All","description":"This
policy ensures that VPN gateways do not use ''basic'' SKU.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/virtualNetworkGateways"},{"field":"Microsoft.Network/virtualNetworkGateways/gatewayType","equals":"Vpn"},{"field":"Microsoft.Network/virtualNetworkGateways/sku.tier","equals":"Basic"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e345b6c3-24bd-4c93-9bbb-7e5e49a17b78","type":"Microsoft.Authorization/policyDefinitions","name":"e345b6c3-24bd-4c93-9bbb-7e5e49a17b78"},{"properties":{"displayName":"MFA
@@ -3105,7 +5690,13 @@ interactions:
password age;ExpectedValue","value":"[parameters(''MinimumPasswordAge'')]"},{"name":"Minimum
password length;ExpectedValue","value":"[parameters(''MinimumPasswordLength'')]"},{"name":"Password
must meet complexity requirements;ExpectedValue","value":"[parameters(''PasswordMustMeetComplexityRequirements'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3d95ab7-f47a-49d8-a347-784177b6c94c","type":"Microsoft.Authorization/policyDefinitions","name":"e3d95ab7-f47a-49d8-a347-784177b6c94c"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3d95ab7-f47a-49d8-a347-784177b6c94c","type":"Microsoft.Authorization/policyDefinitions","name":"e3d95ab7-f47a-49d8-a347-784177b6c94c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1451 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1451"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3f1e5a3-25c1-4476-8cb6-3955031f8e65","type":"Microsoft.Authorization/policyDefinitions","name":"e3f1e5a3-25c1-4476-8cb6-3955031f8e65"},{"properties":{"displayName":"Microsoft
+ Managed Control 1357 - Incident Response Training | Automated Training Environments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1357"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e4213689-05e8-4241-9d4e-8dd1cdafd105","type":"Microsoft.Authorization/policyDefinitions","name":"e4213689-05e8-4241-9d4e-8dd1cdafd105"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- User Account Control''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -3137,14 +5728,36 @@ interactions:
Approval Mode;ExpectedValue","value":"[parameters(''UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode'')]"},{"name":"User
Account Control: Detect application installations and prompt for elevation;ExpectedValue","value":"[parameters(''UACDetectApplicationInstallationsAndPromptForElevation'')]"},{"name":"User
Account Control: Run all administrators in Admin Approval Mode;ExpectedValue","value":"[parameters(''UACRunAllAdministratorsInAdminApprovalMode'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e425e402-a050-45e5-b010-bd3f934589fc","type":"Microsoft.Authorization/policyDefinitions","name":"e425e402-a050-45e5-b010-bd3f934589fc"},{"properties":{"displayName":"Allowed
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e425e402-a050-45e5-b010-bd3f934589fc","type":"Microsoft.Authorization/policyDefinitions","name":"e425e402-a050-45e5-b010-bd3f934589fc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1340 - Authenticator Management | No Embedded Unencrypted
+ Static Authenticators","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1340"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e51ff84b-e5ea-408f-b651-2ecc2933e4c6","type":"Microsoft.Authorization/policyDefinitions","name":"e51ff84b-e5ea-408f-b651-2ecc2933e4c6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1381 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1381"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e5368258-9684-4567-8126-269f34e65eab","type":"Microsoft.Authorization/policyDefinitions","name":"e5368258-9684-4567-8126-269f34e65eab"},{"properties":{"displayName":"Microsoft
+ Managed Control 1421 - Maintenance Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1421"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e539caaa-da8c-41b8-9e1e-449851e2f7a6","type":"Microsoft.Authorization/policyDefinitions","name":"e539caaa-da8c-41b8-9e1e-449851e2f7a6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1716 - Software, Firmware, And Information Integrity | Integration
+ Of Detection And Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1716"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e54c325e-42a0-4dcf-b105-046e0f6f590f","type":"Microsoft.Authorization/policyDefinitions","name":"e54c325e-42a0-4dcf-b105-046e0f6f590f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1023 - Account Management | Usage Conditions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1023"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e55698b6-3dea-4aa9-99b9-d8218c6ab6e5","type":"Microsoft.Authorization/policyDefinitions","name":"e55698b6-3dea-4aa9-99b9-d8218c6ab6e5"},{"properties":{"displayName":"Allowed
locations","policyType":"BuiltIn","mode":"Indexed","description":"This policy
enables you to restrict the locations your organization can specify when deploying
resources. Use to enforce your geo-compliance requirements. Excludes resource
groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources that
use the ''global'' region.","metadata":{"category":"General"},"parameters":{"listOfAllowedLocations":{"type":"Array","metadata":{"description":"The
list of locations that can be specified when deploying resources.","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"allOf":[{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"},{"field":"location","notEquals":"global"},{"field":"type","notEquals":"Microsoft.AzureActiveDirectory/b2cDirectories"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","type":"Microsoft.Authorization/policyDefinitions","name":"e56962a6-4747-49cd-b67b-bf8b01975c4c"},{"properties":{"displayName":"[Preview]:
+ locations"}}},"policyRule":{"if":{"allOf":[{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"},{"field":"location","notEquals":"global"},{"field":"type","notEquals":"Microsoft.AzureActiveDirectory/b2cDirectories"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","type":"Microsoft.Authorization/policyDefinitions","name":"e56962a6-4747-49cd-b67b-bf8b01975c4c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1296 - Information System Recovery And Reconstitution | Transaction
+ Recovery","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1296"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e57b98a0-a011-4956-a79d-5d17ed8b8e48","type":"Microsoft.Authorization/policyDefinitions","name":"e57b98a0-a011-4956-a79d-5d17ed8b8e48"},{"properties":{"displayName":"Microsoft
+ Managed Control 1499 - Rules Of Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1499"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e59671ab-9720-4ee2-9c60-170e8c82251e","type":"Microsoft.Authorization/policyDefinitions","name":"e59671ab-9720-4ee2-9c60-170e8c82251e"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Accounts''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -3164,29 +5777,49 @@ interactions:
the latest supported Node.js version for the latest security classes. Using
older classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestNodeJS","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008","type":"Microsoft.Authorization/policyDefinitions","name":"e67687e8-08d5-4e7f-8226-5b4753bba008"},{"properties":{"displayName":"Subnets
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestNodeJS","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008","type":"Microsoft.Authorization/policyDefinitions","name":"e67687e8-08d5-4e7f-8226-5b4753bba008"},{"properties":{"displayName":"Microsoft
+ Managed Control 1465 - Monitoring Physical Access | Monitoring Physical Access
+ To Information Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1465"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e6e41554-86b5-4537-9f7f-4fc41a1d1640","type":"Microsoft.Authorization/policyDefinitions","name":"e6e41554-86b5-4537-9f7f-4fc41a1d1640"},{"properties":{"displayName":"Subnets
should be associated with a Network Security Group","policyType":"BuiltIn","mode":"All","description":"Protect
your subnet from potential threats by restricting access to it with a Network
Security Group (NSG). NSGs contain a list of Access Control List (ACL) rules
that allow or deny network traffic to your subnet.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnSubnets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","type":"Microsoft.Authorization/policyDefinitions","name":"e71308d3-144b-4262-b144-efdc3cc90517"},{"properties":{"displayName":"Advanced
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnSubnets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","type":"Microsoft.Authorization/policyDefinitions","name":"e71308d3-144b-4262-b144-efdc3cc90517"},{"properties":{"displayName":"Microsoft
+ Managed Control 1567 - System Development Life Cycle","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1567"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e72edbf6-aa61-436d-a227-0f32b77194b3","type":"Microsoft.Authorization/policyDefinitions","name":"e72edbf6-aa61-436d-a227-0f32b77194b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1311 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1311"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e7568697-0c9e-4ea3-9cec-9e567d14f3c6","type":"Microsoft.Authorization/policyDefinitions","name":"e7568697-0c9e-4ea3-9cec-9e567d14f3c6"},{"properties":{"displayName":"Advanced
Threat Protection types should be set to ''All'' in SQL server Advanced Data
Security settings","policyType":"BuiltIn","mode":"Indexed","description":"It
is recommended to enable all Advanced Threat Protection types on your SQL
servers. Enabling all types protects against SQL injection, database vulnerabilities,
and any other anomalous activities.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/disabledAlerts[*]","equals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","type":"Microsoft.Authorization/policyDefinitions","name":"e756b945-1b1b-480b-8de8-9a0859d5f7ad"},{"properties":{"displayName":"Allowed
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/disabledAlerts[*]","equals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","type":"Microsoft.Authorization/policyDefinitions","name":"e756b945-1b1b-480b-8de8-9a0859d5f7ad"},{"properties":{"displayName":"Microsoft
+ Managed Control 1154 - System Interconnections | Unclassified Non-National
+ Security System Connections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1154"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e757ceb9-93b3-45fe-a4f4-f43f64f1ac5a","type":"Microsoft.Authorization/policyDefinitions","name":"e757ceb9-93b3-45fe-a4f4-f43f64f1ac5a"},{"properties":{"displayName":"Allowed
locations for resource groups","policyType":"BuiltIn","mode":"All","description":"This
policy enables you to restrict the locations your organization can create
resource groups in. Use to enforce your geo-compliance requirements.","metadata":{"category":"General"},"parameters":{"listOfAllowedLocations":{"type":"Array","metadata":{"description":"The
list of locations that resource groups can be created in.","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988","type":"Microsoft.Authorization/policyDefinitions","name":"e765b5de-1225-4ba3-bd56-1ac6695af988"},{"properties":{"displayName":"[Deprecated]:
+ locations"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988","type":"Microsoft.Authorization/policyDefinitions","name":"e765b5de-1225-4ba3-bd56-1ac6695af988"},{"properties":{"displayName":"Microsoft
+ Managed Control 1273 - Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1273"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e77fcbf2-a1e8-44f1-860e-ed6583761e65","type":"Microsoft.Authorization/policyDefinitions","name":"e77fcbf2-a1e8-44f1-860e-ed6583761e65"},{"properties":{"displayName":"[Deprecated]:
Audit Web Sockets state for a Web Application","policyType":"BuiltIn","mode":"All","description":"The
Web Sockets protocol is vulnerable to different types of security threats.
Use of Web Sockets within a web application must be carefully reviewed.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e","type":"Microsoft.Authorization/policyDefinitions","name":"e797f851-8be7-4c40-bb56-2e3395215b0e"},{"properties":{"displayName":"Enforce
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e","type":"Microsoft.Authorization/policyDefinitions","name":"e797f851-8be7-4c40-bb56-2e3395215b0e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1169 - Continuous Monitoring | Trend Analyses","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1169"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e7ba2cb3-5675-4468-8b50-8486bdd998a5","type":"Microsoft.Authorization/policyDefinitions","name":"e7ba2cb3-5675-4468-8b50-8486bdd998a5"},{"properties":{"displayName":"Enforce
SSL connection should be enabled for MySQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any MySQL server that is not enforcing SSL connection. Azure
Database for MySQL supports connecting your Azure Database for MySQL server
@@ -3194,16 +5827,52 @@ interactions:
between your database server and your client applications helps protect against
''man in the middle'' attacks by encrypting the data stream between the server
and your application.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMySQL/servers"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","type":"Microsoft.Authorization/policyDefinitions","name":"e802a67a-daf5-4436-9ea6-f6d821dd0c5d"},{"properties":{"displayName":"Vulnerabilities
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMySQL/servers"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","type":"Microsoft.Authorization/policyDefinitions","name":"e802a67a-daf5-4436-9ea6-f6d821dd0c5d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1237 - Software Usage Restrictions | Open Source Software","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1237"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e80b6812-0bfa-4383-8223-cdd86a46a890","type":"Microsoft.Authorization/policyDefinitions","name":"e80b6812-0bfa-4383-8223-cdd86a46a890"},{"properties":{"displayName":"Vulnerabilities
in container security configurations should be remediated","policyType":"BuiltIn","mode":"All","description":"Audit
vulnerabilities in security configuration on machines with Docker installed
and display as recommendations in Azure Security Center.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ContainerBenchmark","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","type":"Microsoft.Authorization/policyDefinitions","name":"e8cbc669-f12d-49eb-93e7-9273119e9933"},{"properties":{"displayName":"Remote
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ContainerBenchmark","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","type":"Microsoft.Authorization/policyDefinitions","name":"e8cbc669-f12d-49eb-93e7-9273119e9933"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Data Lake Storage Gen1 to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Storage Gen1 to stream to a regional
+ Event Hub when any Data Lake Storage Gen1 which is missing this diagnostic
+ settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeStore/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e8d096bc-85de-4c5f-8cfb-857bd1b9d62d","type":"Microsoft.Authorization/policyDefinitions","name":"e8d096bc-85de-4c5f-8cfb-857bd1b9d62d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1626 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1626"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e8f6bddd-6d67-439a-88d4-c5fe39a79341","type":"Microsoft.Authorization/policyDefinitions","name":"e8f6bddd-6d67-439a-88d4-c5fe39a79341"},{"properties":{"displayName":"Microsoft
+ Managed Control 1502 - Rules Of Behavior | Social Media And Networking Restrictions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1502"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e901375c-8f01-4ac8-9183-d5312f47fe63","type":"Microsoft.Authorization/policyDefinitions","name":"e901375c-8f01-4ac8-9183-d5312f47fe63"},{"properties":{"displayName":"Microsoft
+ Managed Control 1723 - Information Input Validation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1723"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e91927a0-ac1d-44a0-95f8-5185f9dfce9f","type":"Microsoft.Authorization/policyDefinitions","name":"e91927a0-ac1d-44a0-95f8-5185f9dfce9f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1200 - Security Impact Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1200"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e98fe9d7-2ed3-44f8-93b7-24dca69783ff","type":"Microsoft.Authorization/policyDefinitions","name":"e98fe9d7-2ed3-44f8-93b7-24dca69783ff"},{"properties":{"displayName":"Microsoft
+ Managed Control 1487 - Alternate Work Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1487"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e9c3371d-c30c-4f58-abd9-30b8a8199571","type":"Microsoft.Authorization/policyDefinitions","name":"e9c3371d-c30c-4f58-abd9-30b8a8199571"},{"properties":{"displayName":"Remote
debugging should be turned off for API Apps","policyType":"BuiltIn","mode":"Indexed","description":"Remote
debugging requires inbound ports to be opened on an API apps. Remote debugging
should be turned off.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","type":"Microsoft.Authorization/policyDefinitions","name":"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e"},{"properties":{"displayName":"Inherit
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","type":"Microsoft.Authorization/policyDefinitions","name":"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1363 - Incident Handling | Automated Incident Handling Processes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1363"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ea3e8156-89a1-45b1-8bd6-938abc79fdfd","type":"Microsoft.Authorization/policyDefinitions","name":"ea3e8156-89a1-45b1-8bd6-938abc79fdfd"},{"properties":{"displayName":"Inherit
a tag from the resource group if missing","policyType":"BuiltIn","mode":"Indexed","description":"Adds
the specified tag with its value from the parent resource group when any resource
missing this tag is created or updated. Existing resources can be remediated
@@ -3215,7 +5884,24 @@ interactions:
Vault should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Key Vault not configured to use a virtual network service
endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"anyOf":[{"field":"Microsoft.KeyVault/vaults/networkAcls.defaultAction","notEquals":"Deny"},{"field":"Microsoft.KeyVault/vaults/networkAcls.virtualNetworkRules[*].id","exists":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ea4d6841-2173-4317-9747-ff522a45120f","type":"Microsoft.Authorization/policyDefinitions","name":"ea4d6841-2173-4317-9747-ff522a45120f"},{"properties":{"displayName":"Log
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"anyOf":[{"field":"Microsoft.KeyVault/vaults/networkAcls.defaultAction","notEquals":"Deny"},{"field":"Microsoft.KeyVault/vaults/networkAcls.virtualNetworkRules[*].id","exists":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ea4d6841-2173-4317-9747-ff522a45120f","type":"Microsoft.Authorization/policyDefinitions","name":"ea4d6841-2173-4317-9747-ff522a45120f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1422 - Maintenance Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1422"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ea556850-838d-4a37-8ce5-9d7642f95e11","type":"Microsoft.Authorization/policyDefinitions","name":"ea556850-838d-4a37-8ce5-9d7642f95e11"},{"properties":{"displayName":"Microsoft
+ Managed Control 1542 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1542"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eab340d0-3d55-4826-a0e5-feebfeb0131d","type":"Microsoft.Authorization/policyDefinitions","name":"eab340d0-3d55-4826-a0e5-feebfeb0131d"},{"properties":{"displayName":"Ensure
+ Function app has ''Client Certificates (Incoming client certificates)'' set
+ to ''On''","policyType":"BuiltIn","mode":"Indexed","description":"Client certificates
+ allow for the app to request a certificate for incoming requests. Only clients
+ that have a valid certificate will be able to reach the app.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"},{"field":"Microsoft.Web/sites/clientCertEnabled","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c","type":"Microsoft.Authorization/policyDefinitions","name":"eaebaea7-8013-4ceb-9d14-7eb32271373c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1064 - Remote Access | Privileged Commands / Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1064"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eb4d9508-cbf0-4a3c-bb5c-6c95b159f3fb","type":"Microsoft.Authorization/policyDefinitions","name":"eb4d9508-cbf0-4a3c-bb5c-6c95b159f3fb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1321 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1321"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eb627cc6-3a9d-46b5-96b7-5fca49178a37","type":"Microsoft.Authorization/policyDefinitions","name":"eb627cc6-3a9d-46b5-96b7-5fca49178a37"},{"properties":{"displayName":"Log
checkpoints should be enabled for PostgreSQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy helps audit any PostgreSQL databases in your environment without log_checkpoints
setting enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -3245,13 +5931,13 @@ interactions:
Configuration. This policy should only be used along with its corresponding
audit policy in an initiative. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid110"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid110"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","type":"Microsoft.Authorization/policyDefinitions","name":"ec49586f-4939-402d-a29e-6ff502b20592"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Administrative
Templates - Control Panel''","policyType":"BuiltIn","mode":"Indexed","description":"This
@@ -3263,7 +5949,13 @@ interactions:
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesControlPanel","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_AdministrativeTemplatesControlPanel"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ec7ac234-2af5-4729-94d2-c557c071799d","type":"Microsoft.Authorization/policyDefinitions","name":"ec7ac234-2af5-4729-94d2-c557c071799d"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ec7ac234-2af5-4729-94d2-c557c071799d","type":"Microsoft.Authorization/policyDefinitions","name":"ec7ac234-2af5-4729-94d2-c557c071799d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1241 - User-Installed Software | Alerts For Unauthorized Installations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1241"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eca4d7b2-65e2-4e04-95d4-c68606b063c3","type":"Microsoft.Authorization/policyDefinitions","name":"eca4d7b2-65e2-4e04-95d4-c68606b063c3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1622 - Boundary Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1622"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ecf56554-164d-499a-8d00-206b07c27bed","type":"Microsoft.Authorization/policyDefinitions","name":"ecf56554-164d-499a-8d00-206b07c27bed"},{"properties":{"displayName":"Deploy
Diagnostic Settings for Key Vault to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
the diagnostic settings for Key Vault to stream to a regional Event Hub when
any Key Vault which is missing this diagnostic settings is created or updated.","metadata":{"category":"Key
@@ -3279,16 +5971,78 @@ interactions:
logs","description":"Whether to enable logs stream to the Event Hub - True
or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vaultName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"resources":[{"type":"Microsoft.KeyVault/vaults/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''vaultName''),
''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"AuditEvent","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- diagnostic settings for '', parameters(''vaultName''))]"}}},"parameters":{"location":{"value":"[field(''location'')]"},"vaultName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ed7c8c13-51e7-49d1-8a43-8490431a0da2","type":"Microsoft.Authorization/policyDefinitions","name":"ed7c8c13-51e7-49d1-8a43-8490431a0da2"},{"properties":{"displayName":"Vulnerability
+ diagnostic settings for '', parameters(''vaultName''))]"}}},"parameters":{"location":{"value":"[field(''location'')]"},"vaultName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ed7c8c13-51e7-49d1-8a43-8490431a0da2","type":"Microsoft.Authorization/policyDefinitions","name":"ed7c8c13-51e7-49d1-8a43-8490431a0da2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1217 - Least Functionality | Periodic Review","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1217"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/edea4f20-b02c-4115-be75-86c080e5c0ed","type":"Microsoft.Authorization/policyDefinitions","name":"edea4f20-b02c-4115-be75-86c080e5c0ed"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Stream Analytics to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Stream Analytics to stream to a regional Event
+ Hub when any Stream Analytics which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingjobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.StreamAnalytics/streamingjobs/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Execution","enabled":"[parameters(''logsEnabled'')]"},{"category":"Authoring","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/edf3780c-3d70-40fe-b17e-ab72013dafca","type":"Microsoft.Authorization/policyDefinitions","name":"edf3780c-3d70-40fe-b17e-ab72013dafca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1189 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1189"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ee45e02a-4140-416c-82c4-fecfea660b9d","type":"Microsoft.Authorization/policyDefinitions","name":"ee45e02a-4140-416c-82c4-fecfea660b9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1089 - Security Awareness Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1089"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef080e67-0d1a-4f76-a0c5-fb9b0358485e","type":"Microsoft.Authorization/policyDefinitions","name":"ef080e67-0d1a-4f76-a0c5-fb9b0358485e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1314 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1314"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef0c8530-efd9-45b8-b753-f03083d06295","type":"Microsoft.Authorization/policyDefinitions","name":"ef0c8530-efd9-45b8-b753-f03083d06295"},{"properties":{"displayName":"Microsoft
+ Managed Control 1128 - Time Stamps","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1128"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef212163-3bc4-4e86-bcf8-705127086393","type":"Microsoft.Authorization/policyDefinitions","name":"ef212163-3bc4-4e86-bcf8-705127086393"},{"properties":{"displayName":"Vulnerability
assessment should be enabled on your SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"Audit
Azure SQL servers which do not have recurring vulnerability assessment scans
enabled. Vulnerability assessment can discover, track, and help you remediate
potential database vulnerabilities.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/vulnerabilityAssessments/recurringScans.isEnabled","equals":"True"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","type":"Microsoft.Authorization/policyDefinitions","name":"ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9"},{"properties":{"displayName":"The
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/vulnerabilityAssessments/recurringScans.isEnabled","equals":"True"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","type":"Microsoft.Authorization/policyDefinitions","name":"ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Event Hub to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Event Hub to stream to a regional Event Hub when
+ any Event Hub which is missing this diagnostic settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.EventHub/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ArchiveLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"AutoScaleLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"KafkaCoordinatorLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"EventHubVNetConnectionEvent","enabled":"[parameters(''logsEnabled'')]"},{"category":"CustomerManagedKeyUserLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef7b61ef-b8e4-4c91-8e78-6946c6b0023f","type":"Microsoft.Authorization/policyDefinitions","name":"ef7b61ef-b8e4-4c91-8e78-6946c6b0023f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1472 - Emergency Shutoff","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1472"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef869332-921d-4c28-9402-3be73e6e50c8","type":"Microsoft.Authorization/policyDefinitions","name":"ef869332-921d-4c28-9402-3be73e6e50c8"},{"properties":{"displayName":"The
Log Analytics agent should be installed on Virtual Machine Scale Sets","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Windows/Linux Virtual Machine Scale Sets if the Log Analytics
agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","in":["MicrosoftMonitoringAgent","OmsAgentForLinux"]},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/provisioningState","equals":"Succeeded"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/settings.workspaceId","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf","type":"Microsoft.Authorization/policyDefinitions","name":"efbde977-ba53-4479-b8e9-10b957924fbf"},{"properties":{"displayName":"Deploy
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","in":["MicrosoftMonitoringAgent","OmsAgentForLinux"]},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/provisioningState","equals":"Succeeded"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/settings.workspaceId","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf","type":"Microsoft.Authorization/policyDefinitions","name":"efbde977-ba53-4479-b8e9-10b957924fbf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1012 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1012"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/efd7b9ae-1db6-4eb6-b0fe-87e6565f9738","type":"Microsoft.Authorization/policyDefinitions","name":"efd7b9ae-1db6-4eb6-b0fe-87e6565f9738"},{"properties":{"displayName":"Microsoft
+ Managed Control 1358 - Incident Response Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1358"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/effbaeef-5bf4-400d-895e-ef8cbc0e64c7","type":"Microsoft.Authorization/policyDefinitions","name":"effbaeef-5bf4-400d-895e-ef8cbc0e64c7"},{"properties":{"displayName":"Ensure
+ that Register with Azure Active Directory is enabled on Function App","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0473e7a-a1ba-4e86-afb2-e829e11b01d8","type":"Microsoft.Authorization/policyDefinitions","name":"f0473e7a-a1ba-4e86-afb2-e829e11b01d8"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that have the specified applications installed","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
that have the specified applications installed. It also creates a system-assigned
@@ -3307,7 +6061,16 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]NotInstalledApplicationResource1;Name","value":"[parameters(''ApplicationName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2","type":"Microsoft.Authorization/policyDefinitions","name":"f0633351-c7b2-41ff-9981-508fc08553c2"},{"properties":{"displayName":"Virtual
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2","type":"Microsoft.Authorization/policyDefinitions","name":"f0633351-c7b2-41ff-9981-508fc08553c2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1531 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1531"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0643e0c-eee5-4113-8684-c608d05c5236","type":"Microsoft.Authorization/policyDefinitions","name":"f0643e0c-eee5-4113-8684-c608d05c5236"},{"properties":{"displayName":"Latest
+ TLS version should be used in your Web App","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
+ to the latest TLS version","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","type":"Microsoft.Authorization/policyDefinitions","name":"f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1028 - Information Flow Enforcement","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1028"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f171df5c-921b-41e9-b12b-50801c315475","type":"Microsoft.Authorization/policyDefinitions","name":"f171df5c-921b-41e9-b12b-50801c315475"},{"properties":{"displayName":"Virtual
networks should use specified virtual network gateway","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any virtual network if the default route does not point to the
specified virtual network gateway.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -3322,13 +6085,13 @@ interactions:
managed identity and deploys the VM extension for Guest Configuration. This
policy should only be used along with its corresponding audit policy in an
initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid121"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid121"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","type":"Microsoft.Authorization/policyDefinitions","name":"f19aa1c1-6b91-4c27-ae6a-970279f03db9"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Adminstrative
Templates - MSS (Legacy)''","policyType":"BuiltIn","mode":"Indexed","description":"This
@@ -3340,7 +6103,24 @@ interactions:
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdminstrativeTemplatesMSSLegacy","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_AdminstrativeTemplatesMSSLegacy"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f1f4825d-58fb-4257-8016-8c00e3c9ed9d","type":"Microsoft.Authorization/policyDefinitions","name":"f1f4825d-58fb-4257-8016-8c00e3c9ed9d"},{"properties":{"displayName":"Show
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f1f4825d-58fb-4257-8016-8c00e3c9ed9d","type":"Microsoft.Authorization/policyDefinitions","name":"f1f4825d-58fb-4257-8016-8c00e3c9ed9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1701 - Information System Monitoring | Host-Based Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1701"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f25bc08f-27cb-43b6-9a23-014d00700426","type":"Microsoft.Authorization/policyDefinitions","name":"f25bc08f-27cb-43b6-9a23-014d00700426"},{"properties":{"displayName":"Microsoft
+ Managed Control 1457 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1457"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f2d9d3e6-8886-4305-865d-639163e5c305","type":"Microsoft.Authorization/policyDefinitions","name":"f2d9d3e6-8886-4305-865d-639163e5c305"},{"properties":{"displayName":"Microsoft
+ Managed Control 1309 - Identification And Authentication (Org. Users) | Acceptance
+ Of Piv Credentials","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1309"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f355d62b-39a8-4ba3-abf7-90f71cb3b000","type":"Microsoft.Authorization/policyDefinitions","name":"f355d62b-39a8-4ba3-abf7-90f71cb3b000"},{"properties":{"displayName":"Microsoft
+ Managed Control 1615 - System And Communications Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1615"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f35e02aa-0a55-49f8-8811-8abfa7e6f2c0","type":"Microsoft.Authorization/policyDefinitions","name":"f35e02aa-0a55-49f8-8811-8abfa7e6f2c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1255 - Contingency Plan | Continue Essential Missions / Business
+ Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1255"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f3793f5e-937f-44f7-bfba-40647ef3efa0","type":"Microsoft.Authorization/policyDefinitions","name":"f3793f5e-937f-44f7-bfba-40647ef3efa0"},{"properties":{"displayName":"Show
audit results from Windows VMs in which the Administrators group does not
contain all of the specified members","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -3356,7 +6136,10 @@ interactions:
VMs that do not contain the specified certificates in the Trusted Root Certification
Authorities certificate store (Cert:\\LocalMachine\\Root). For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsCertificateInTrustedRoot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f3b9ad83-000d-4dc1-bff0-6d54533dd03f","type":"Microsoft.Authorization/policyDefinitions","name":"f3b9ad83-000d-4dc1-bff0-6d54533dd03f"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsCertificateInTrustedRoot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f3b9ad83-000d-4dc1-bff0-6d54533dd03f","type":"Microsoft.Authorization/policyDefinitions","name":"f3b9ad83-000d-4dc1-bff0-6d54533dd03f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1706 - Security Alerts, Advisories, And Directives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1706"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f475ee0e-f560-4c9b-876b-04a77460a404","type":"Microsoft.Authorization/policyDefinitions","name":"f475ee0e-f560-4c9b-876b-04a77460a404"},{"properties":{"displayName":"[Preview]:
Audit Log Analytics Workspace for VM - Report Mismatch","policyType":"BuiltIn","mode":"Indexed","description":"Reports
VMs as non-compliant if they not logging to the LA workspace specified in
the policy/initiative assignment.","metadata":{"category":"Monitoring"},"parameters":{"logAnalyticsWorkspaceId":{"type":"String","metadata":{"displayName":"Log
@@ -3373,7 +6156,9 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that do not have the password complexity setting enabled.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","type":"Microsoft.Authorization/policyDefinitions","name":"f48b2913-1dc5-4834-8c72-ccc1dfd819bb"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","type":"Microsoft.Authorization/policyDefinitions","name":"f48b2913-1dc5-4834-8c72-ccc1dfd819bb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1495 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1495"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f4978d0e-a596-48e7-9f8c-bbf52554ce8d","type":"Microsoft.Authorization/policyDefinitions","name":"f4978d0e-a596-48e7-9f8c-bbf52554ce8d"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that have not restarted within the
specified number of days","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -3408,7 +6193,13 @@ interactions:
0, 3)]","storageName":"[tolower(concat(''sqlaudit'', variables(''locationCode''),
variables(''uniqueStorage'')))]","createStorageAccountDeploymentName":"[concat(''sqlServerAuditingStorageAccount-'',
uniqueString(variables(''locationCode''), parameters(''serverName'')))]"},"resources":[{"apiVersion":"2017-05-10","name":"[variables(''createStorageAccountDeploymentName'')]","type":"Microsoft.Resources/deployments","resourceGroup":"[parameters(''storageAccountsResourceGroup'')]","properties":{"mode":"Incremental","parameters":{"location":{"value":"[parameters(''location'')]"},"storageName":{"value":"[variables(''storageName'')]"}},"templateLink":{"uri":"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json","contentVersion":"1.0.0.0"}}},{"name":"[concat(parameters(''serverName''),
- ''/Default'')]","type":"Microsoft.Sql/servers/auditingSettings","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","storageEndpoint":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountEndPoint.value]","storageAccountAccessKey":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountKey.value]","retentionDays":"[variables(''retentionDays'')]","auditActionsAndGroups":null,"storageAccountSubscriptionId":"[subscription().subscriptionId]","isStorageSecondaryKeyInUse":false}}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"auditRetentionDays":{"value":"[parameters(''retentionDays'')]"},"storageAccountsResourceGroup":{"value":"[parameters(''storageAccountsResourceGroup'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036","type":"Microsoft.Authorization/policyDefinitions","name":"f4c68484-132f-41f9-9b6d-3e4b1cb55036"},{"properties":{"displayName":"[Preview]:
+ ''/Default'')]","type":"Microsoft.Sql/servers/auditingSettings","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","storageEndpoint":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountEndPoint.value]","storageAccountAccessKey":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountKey.value]","retentionDays":"[variables(''retentionDays'')]","auditActionsAndGroups":null,"storageAccountSubscriptionId":"[subscription().subscriptionId]","isStorageSecondaryKeyInUse":false}}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"auditRetentionDays":{"value":"[parameters(''retentionDays'')]"},"storageAccountsResourceGroup":{"value":"[parameters(''storageAccountsResourceGroup'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036","type":"Microsoft.Authorization/policyDefinitions","name":"f4c68484-132f-41f9-9b6d-3e4b1cb55036"},{"properties":{"displayName":"Microsoft
+ Managed Control 1469 - Power Equipment And Cabling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1469"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd","type":"Microsoft.Authorization/policyDefinitions","name":"f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1618 - Security Function Isolation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1618"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f52f89aa-4489-4ec4-950e-8c96a036baa9","type":"Microsoft.Authorization/policyDefinitions","name":"f52f89aa-4489-4ec4-950e-8c96a036baa9"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Network Access''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -3444,13 +6235,42 @@ interactions:
access: Remotely accessible registry paths;ExpectedValue","value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPaths'')]"},{"name":"Network
access: Remotely accessible registry paths and sub-paths;ExpectedValue","value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths'')]"},{"name":"Network
access: Shares that can be accessed anonymously;ExpectedValue","value":"[parameters(''NetworkAccessSharesThatCanBeAccessedAnonymously'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f56a3ab2-89d1-44de-ac0d-2ada5962e22a","type":"Microsoft.Authorization/policyDefinitions","name":"f56a3ab2-89d1-44de-ac0d-2ada5962e22a"},{"properties":{"displayName":"Virtual
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f56a3ab2-89d1-44de-ac0d-2ada5962e22a","type":"Microsoft.Authorization/policyDefinitions","name":"f56a3ab2-89d1-44de-ac0d-2ada5962e22a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1198 - Configuration Change Control | Security Representative","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1198"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f56be5c3-660b-4c61-9078-f67cf072c356","type":"Microsoft.Authorization/policyDefinitions","name":"f56be5c3-660b-4c61-9078-f67cf072c356"},{"properties":{"displayName":"Microsoft
+ Managed Control 1328 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1328"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f5c66fdc-3d02-4034-9db5-ba57802609de","type":"Microsoft.Authorization/policyDefinitions","name":"f5c66fdc-3d02-4034-9db5-ba57802609de"},{"properties":{"displayName":"Microsoft
+ Managed Control 1193 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1193"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f5fd629f-3075-4cae-ab53-bad65495a4ac","type":"Microsoft.Authorization/policyDefinitions","name":"f5fd629f-3075-4cae-ab53-bad65495a4ac"},{"properties":{"displayName":"Virtual
machines should be associated with a Network Security Group","policyType":"BuiltIn","mode":"All","description":"Protect
your VM from potential threats by restricting access to it with a Network
Security Group (NSG). NSGs contain a list of Access Control List (ACL) rules
that allow or deny network traffic to your VM from other instances, in or
outside the same subnet.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnVirtualMachines","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","type":"Microsoft.Authorization/policyDefinitions","name":"f6de0be7-9a8a-4b8a-b349-43cf02d22f7c"},{"properties":{"displayName":"Show
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnVirtualMachines","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","type":"Microsoft.Authorization/policyDefinitions","name":"f6de0be7-9a8a-4b8a-b349-43cf02d22f7c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1214 - Least Functionality","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1214"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f714a4e2-b580-47b6-ae8c-f2812d3750f3","type":"Microsoft.Authorization/policyDefinitions","name":"f714a4e2-b580-47b6-ae8c-f2812d3750f3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1591 - External Information System Services | Ident. Of Functions
+ / Ports / Protocols / Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1591"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f751cdb7-fbee-406b-969b-815d367cb9b3","type":"Microsoft.Authorization/policyDefinitions","name":"f751cdb7-fbee-406b-969b-815d367cb9b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1330 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1330"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f75cedb2-5def-4b31-973e-b69e8c7bd031","type":"Microsoft.Authorization/policyDefinitions","name":"f75cedb2-5def-4b31-973e-b69e8c7bd031"},{"properties":{"displayName":"Microsoft
+ Managed Control 1540 - Security Categorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1540"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f771f8cb-6642-45cc-9a15-8a41cd5c6977","type":"Microsoft.Authorization/policyDefinitions","name":"f771f8cb-6642-45cc-9a15-8a41cd5c6977"},{"properties":{"displayName":"Microsoft
+ Managed Control 1449 - Physical Access Authorizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1449"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f784d3b0-5f2b-49b7-b9f3-00ba8653ced5","type":"Microsoft.Authorization/policyDefinitions","name":"f784d3b0-5f2b-49b7-b9f3-00ba8653ced5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1506 - Personnel Security Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1506"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f7d2ff17-d604-4dd9-b607-9ecf63f28ad2","type":"Microsoft.Authorization/policyDefinitions","name":"f7d2ff17-d604-4dd9-b607-9ecf63f28ad2"},{"properties":{"displayName":"Show
audit results from Windows VMs that do not have the specified Windows PowerShell
execution policy","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -3458,11 +6278,20 @@ interactions:
auditing Windows virtual machines where Windows PowerShell is not configured
to use the specified PowerShell execution policy. For more information on
Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellExecutionPolicy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8036bd0-c10b-4931-86bb-94a878add855","type":"Microsoft.Authorization/policyDefinitions","name":"f8036bd0-c10b-4931-86bb-94a878add855"},{"properties":{"displayName":"External
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellExecutionPolicy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8036bd0-c10b-4931-86bb-94a878add855","type":"Microsoft.Authorization/policyDefinitions","name":"f8036bd0-c10b-4931-86bb-94a878add855"},{"properties":{"displayName":"Microsoft
+ Managed Control 1705 - Security Alerts, Advisories, And Directives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1705"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f82e3639-fa2b-4e06-a786-932d8379b972","type":"Microsoft.Authorization/policyDefinitions","name":"f82e3639-fa2b-4e06-a786-932d8379b972"},{"properties":{"displayName":"External
accounts with owner permissions should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"External
accounts with owner permissions should be removed from your subscription in
order to prevent unmonitored access.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","type":"Microsoft.Authorization/policyDefinitions","name":"f8456c1c-aa66-4dfb-861a-25d127b775c9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","type":"Microsoft.Authorization/policyDefinitions","name":"f8456c1c-aa66-4dfb-861a-25d127b775c9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1345 - Cryptographic Module Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1345"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f86aa129-7c07-4aa4-bbf5-792d93ffd9ea","type":"Microsoft.Authorization/policyDefinitions","name":"f86aa129-7c07-4aa4-bbf5-792d93ffd9ea"},{"properties":{"displayName":"Microsoft
+ Managed Control 1065 - Remote Access | Privileged Commands / Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1065"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f87b8085-dca9-4cf1-8f7b-9822b997797c","type":"Microsoft.Authorization/policyDefinitions","name":"f87b8085-dca9-4cf1-8f7b-9822b997797c"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - System''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -3487,20 +6316,69 @@ interactions:
your network is compromised","metadata":{"category":"Service Bus"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","type":"Microsoft.Authorization/policyDefinitions","name":"f8d36e2f-389b-4ee4-898d-21aeb69a0f45"},{"properties":{"displayName":"Diagnostic
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","type":"Microsoft.Authorization/policyDefinitions","name":"f8d36e2f-389b-4ee4-898d-21aeb69a0f45"},{"properties":{"displayName":"Microsoft
+ Managed Control 1203 - Access Restrictions For Change | Automated Access Enforcement
+ / Auditing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1203"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9012d14-e3e6-4d7b-b926-9f37b5537066","type":"Microsoft.Authorization/policyDefinitions","name":"f9012d14-e3e6-4d7b-b926-9f37b5537066"},{"properties":{"displayName":"Microsoft
+ Managed Control 1697 - Information System Monitoring | Analyze Traffic / Covert
+ Exfiltration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1697"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9873db2-18ad-46b3-a11a-1a1f8cbf0335","type":"Microsoft.Authorization/policyDefinitions","name":"f9873db2-18ad-46b3-a11a-1a1f8cbf0335"},{"properties":{"displayName":"Microsoft
+ Managed Control 1478 - Fire Protection | Suppression Devices / Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1478"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f997df46-cfbb-4cc8-aac8-3fecdaf6a183","type":"Microsoft.Authorization/policyDefinitions","name":"f997df46-cfbb-4cc8-aac8-3fecdaf6a183"},{"properties":{"displayName":"Microsoft
+ Managed Control 1535 - Personnel Sanctions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1535"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9a165d2-967d-4733-8399-1074270dae2e","type":"Microsoft.Authorization/policyDefinitions","name":"f9a165d2-967d-4733-8399-1074270dae2e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1108 - Content Of Audit Records | Additional Audit Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1108"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9ad559e-c12d-415e-9a78-e50fdd7da7ba","type":"Microsoft.Authorization/policyDefinitions","name":"f9ad559e-c12d-415e-9a78-e50fdd7da7ba"},{"properties":{"displayName":"Diagnostic
logs in Azure Stream Analytics should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Stream Analytics"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingJobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","type":"Microsoft.Authorization/policyDefinitions","name":"f9be5368-9bf5-4b84-9e0a-7850da98bb46"},{"properties":{"displayName":"[Preview]:
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingJobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","type":"Microsoft.Authorization/policyDefinitions","name":"f9be5368-9bf5-4b84-9e0a-7850da98bb46"},{"properties":{"displayName":"Latest
+ TLS version should be used in your Function App","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
+ to the latest TLS version","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","type":"Microsoft.Authorization/policyDefinitions","name":"f9d614c5-c173-4d56-95a7-b4437057d193"},{"properties":{"displayName":"Microsoft
+ Managed Control 1280 - Telecommunications Services | Priority Of Service Provisions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1280"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fa108498-b3a8-4ffb-9e79-1107e76afad3","type":"Microsoft.Authorization/policyDefinitions","name":"fa108498-b3a8-4ffb-9e79-1107e76afad3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1037 - Least Privilege | Network Access To Privileged Commands","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1037"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fa4c2a3d-1294-41a3-9ada-0e540471e9fb","type":"Microsoft.Authorization/policyDefinitions","name":"fa4c2a3d-1294-41a3-9ada-0e540471e9fb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1435 - Media Transport","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1435"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fa8d221b-d130-4637-ba16-501e666628bb","type":"Microsoft.Authorization/policyDefinitions","name":"fa8d221b-d130-4637-ba16-501e666628bb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1675 - Flaw Remediation | Time To Remediate Flaws / Benchmarks
+ For Corrective Actions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1675"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/facb66e0-1c48-478a-bed5-747a312323e1","type":"Microsoft.Authorization/policyDefinitions","name":"facb66e0-1c48-478a-bed5-747a312323e1"},{"properties":{"displayName":"Deploy
+ prerequisites to enable Guest Configuration Policy on Linux VMs.","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a system-assigned managed identity and deploys the VM extension
+ for Guest Configuration on Linux VMs. This is a prerequisites for Guest Configuration
+ Policy and must be assigned to the scope before using any Guest Configuration
+ policy. For more information on Guest Configuration policies, please visit
+ https://aka.ms/gcpol.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.Compute/virtualMachines/extensions","name":"AzurePolicyforLinux","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.GuestConfiguration"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"ConfigurationforLinux"}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"resources":[{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}}}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb27e9e0-526e-4ae1-89f2-a2a0bf0f8a50","type":"Microsoft.Authorization/policyDefinitions","name":"fb27e9e0-526e-4ae1-89f2-a2a0bf0f8a50"},{"properties":{"displayName":"Microsoft
+ Managed Control 1086 - Publicly Accessible Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1086"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb321e6f-16a0-4be3-878f-500956e309c5","type":"Microsoft.Authorization/policyDefinitions","name":"fb321e6f-16a0-4be3-878f-500956e309c5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1222 - Information System Component Inventory","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1222"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb39e62f-6bda-4558-8088-ec03d5670914","type":"Microsoft.Authorization/policyDefinitions","name":"fb39e62f-6bda-4558-8088-ec03d5670914"},{"properties":{"displayName":"[Preview]:
Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
your Kubernetes service cluster to a later Kubernetes version to protect against
known vulnerabilities in your current Kubernetes version. Vulnerability CVE-2019-9946
has been patched in Kubernetes versions 1.11.9+, 1.12.7+, 1.13.5+, and 1.14.0+","metadata":{"category":"Security
Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.13.4","1.13.3","1.13.2","1.13.1","1.13.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.12.6","1.12.5","1.12.4","1.12.3","1.12.2","1.12.1","1.12.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.11.8","1.11.7","1.11.6","1.11.5","1.11.4","1.11.3","1.11.2","1.11.1","1.11.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.10.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.9.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.8.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.7.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.6.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.5.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.4.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.3.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.2.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.1.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.0.*"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","type":"Microsoft.Authorization/policyDefinitions","name":"fb893a29-21bb-418c-a157-e99480ec364c"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.13.4","1.13.3","1.13.2","1.13.1","1.13.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.12.6","1.12.5","1.12.4","1.12.3","1.12.2","1.12.1","1.12.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.11.8","1.11.7","1.11.6","1.11.5","1.11.4","1.11.3","1.11.2","1.11.1","1.11.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.10.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.9.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.8.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.7.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.6.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.5.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.4.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.3.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.2.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.1.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.0.*"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","type":"Microsoft.Authorization/policyDefinitions","name":"fb893a29-21bb-418c-a157-e99480ec364c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1075 - Access Control For Mobile Devices | Full Device / Container-Based Encryption","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1075"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fc933d22-04df-48ed-8f87-22a3773d4309","type":"Microsoft.Authorization/policyDefinitions","name":"fc933d22-04df-48ed-8f87-22a3773d4309"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Microsoft Network Client''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -3508,7 +6386,35 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - Microsoft Network Client''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkClient","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fcbc55c9-f25a-4e55-a6cb-33acb3be778b","type":"Microsoft.Authorization/policyDefinitions","name":"fcbc55c9-f25a-4e55-a6cb-33acb3be778b"},{"properties":{"displayName":"Show
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkClient","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fcbc55c9-f25a-4e55-a6cb-33acb3be778b","type":"Microsoft.Authorization/policyDefinitions","name":"fcbc55c9-f25a-4e55-a6cb-33acb3be778b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1318 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1318"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fced5fda-3bdb-4d73-bfea-0e2c80428b66","type":"Microsoft.Authorization/policyDefinitions","name":"fced5fda-3bdb-4d73-bfea-0e2c80428b66"},{"properties":{"displayName":"Microsoft
+ Managed Control 1543 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1543"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd00b778-b5b5-49c0-a994-734ea7bd3624","type":"Microsoft.Authorization/policyDefinitions","name":"fd00b778-b5b5-49c0-a994-734ea7bd3624"},{"properties":{"displayName":"Microsoft
+ Managed Control 1707 - Security Alerts, Advisories, And Directives | Automated
+ Alerts And Advisories","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1707"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd4a2ac8-868a-4702-a345-6c896c3361ce","type":"Microsoft.Authorization/policyDefinitions","name":"fd4a2ac8-868a-4702-a345-6c896c3361ce"},{"properties":{"displayName":"Microsoft
+ Managed Control 1299 - Identification And Authentication Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1299"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd4e54f7-9ab0-4bae-b6cc-457809948a89","type":"Microsoft.Authorization/policyDefinitions","name":"fd4e54f7-9ab0-4bae-b6cc-457809948a89"},{"properties":{"displayName":"Microsoft
+ Managed Control 1627 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1627"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd73310d-76fc-422d-bda4-3a077149f179","type":"Microsoft.Authorization/policyDefinitions","name":"fd73310d-76fc-422d-bda4-3a077149f179"},{"properties":{"displayName":"Microsoft
+ Managed Control 1130 - Time Stamps | Synchronization With Authoritative Time
+ Source","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1130"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd7c4c1d-51ee-4349-9dab-89a7f8c8d102","type":"Microsoft.Authorization/policyDefinitions","name":"fd7c4c1d-51ee-4349-9dab-89a7f8c8d102"},{"properties":{"displayName":"Microsoft
+ Managed Control 1611 - Developer-Provided Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1611"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f","type":"Microsoft.Authorization/policyDefinitions","name":"fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1405 - Maintenance Tools | Inspect Tools","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1405"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b","type":"Microsoft.Authorization/policyDefinitions","name":"fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1613 - Developer Security Architecture And Design","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1613"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fe2ad78b-8748-4bff-a924-f74dfca93f30","type":"Microsoft.Authorization/policyDefinitions","name":"fe2ad78b-8748-4bff-a924-f74dfca93f30"},{"properties":{"displayName":"Show
audit results from Linux VMs that do not have the specified applications installed","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
@@ -3518,8 +6424,20 @@ interactions:
on your SQL databases should be remediated","policyType":"BuiltIn","mode":"Indexed","description":"Monitor
Vulnerability Assessment scan results and recommendations for how to remediate
database vulnerabilities.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Sql/servers/databases","Microsoft.Sql/managedinstances/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"sqlVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","type":"Microsoft.Authorization/policyDefinitions","name":"feedbf84-6b99-488c-acc2-71c829aa5ffc"},{"properties":{"displayName":"[Limited
- Preview]: Ensure containers listen only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Sql/servers/databases","Microsoft.Sql/managedinstances/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"sqlVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","type":"Microsoft.Authorization/policyDefinitions","name":"feedbf84-6b99-488c-acc2-71c829aa5ffc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1407 - Maintenance Tools | Prevent Unauthorized Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1407"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ff9fbd83-1d8d-4b41-aac2-94cb44b33976","type":"Microsoft.Authorization/policyDefinitions","name":"ff9fbd83-1d8d-4b41-aac2-94cb44b33976"},{"properties":{"displayName":"Microsoft
+ Managed Control 1158 - Security Authorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1158"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fff50cf2-28eb-45b4-b378-c99412688907","type":"Microsoft.Authorization/policyDefinitions","name":"fff50cf2-28eb-45b4-b378-c99412688907"},{"properties":{"displayName":"[Preview]:
+ Manage certificate validity period","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the maximum validity period for certificates in months.","metadata":{"category":"Key
+ Vault","preview":true},"parameters":{"maximumValidityInMonths":{"type":"Integer","metadata":{"displayName":"The
+ maximum validity in months","description":"The limit to how long a certificate
+ may be valid for. Certificates with lengthy validity periods aren''t best
+ practice."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/properties.validityInMonths","greater":"[parameters(''maximumValidityInMonths'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560","type":"Microsoft.Authorization/policyDefinitions","name":"0a075868-4c26-42ef-914c-5bc007359560"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Ensure containers listen only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces containers to listen only on allowed ports in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
@@ -3527,8 +6445,25 @@ interactions:
service"},"parameters":{"allowedContainerPortsRegex":{"type":"String","metadata":{"displayName":"Allowed
container ports regex","description":"Regex representing container ports allowed
in Kubernetes cluster. E.g. Regex for allowing ports 443,446 is ^(443|446)$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerAllowedPorts","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-allowed-ports/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedContainerPortsRegex":"[parameters(''allowedContainerPortsRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f636243-1b1c-4d50-880f-310f6199f2cb","type":"Microsoft.Authorization/policyDefinitions","name":"0f636243-1b1c-4d50-880f-310f6199f2cb"},{"properties":{"displayName":"[Limited
- Preview]: Enforce labels on pods in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerAllowedPorts","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-allowed-ports/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedContainerPortsRegex":"[parameters(''allowedContainerPortsRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f636243-1b1c-4d50-880f-310f6199f2cb","type":"Microsoft.Authorization/policyDefinitions","name":"0f636243-1b1c-4d50-880f-310f6199f2cb"},{"properties":{"displayName":"[Preview]:
+ Manage allowed certificate key types","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the allowed key types for certificates.","metadata":{"category":"Key
+ Vault","preview":true},"parameters":{"allowedKeyTypes":{"type":"Array","metadata":{"displayName":"Allowed
+ key types","description":"The list of allowed certificate key types."},"allowedValues":["RSA","RSA-HSM","EC","EC-HSM"],"defaultValue":["RSA","RSA-HSM"]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType","notIn":"[parameters(''allowedKeyTypes'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f","type":"Microsoft.Authorization/policyDefinitions","name":"1151cede-290b-4ba0-8b38-0ad145ac888f"},{"properties":{"displayName":"[Preview]:
+ Manage certificate lifetime action triggers","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the configuration for certificate lifetime action triggers
+ before certificate expiration.","metadata":{"category":"Key Vault","preview":true},"parameters":{"maximumPercentageLife":{"type":"Integer","metadata":{"displayName":"The
+ maximum lifetime percentage","description":"Enter the percentage of lifetime
+ of the certificate when you want to trigger the policy action. For example,
+ to trigger a policy action at 80% of the certificate''s valid life, enter
+ ''80''."}},"minimumDaysBeforeExpiry":{"type":"Integer","metadata":{"displayName":"The
+ minimum days before expiry","description":"Enter the days before expiration
+ of the certificate when you want to trigger the policy action. For example,
+ to trigger a policy action 90 days before the certificate''s expiration, enter
+ ''90''."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.daysBeforeExpiry","exists":"True"},{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.daysBeforeExpiry","less":"[parameters(''minimumDaysBeforeExpiry'')]"}]},{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.lifetimePercentage","exists":"True"},{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.lifetimePercentage","greater":"[parameters(''maximumPercentageLife'')]"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417","type":"Microsoft.Authorization/policyDefinitions","name":"12ef42cb-9903-4e39-9c26-422d29570417"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Enforce labels on pods in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces the specified labels are provided for pods in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
@@ -3536,8 +6471,20 @@ interactions:
service"},"parameters":{"commaSeparatedListOfLabels":{"type":"String","metadata":{"displayName":"Comma-separated
list of labels","description":"A comma-separated list of labels to be specified
on Pods in Kubernetes cluster. E.g. test1,test2"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"PodEnforceLabels","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/pod-enforce-labels/limited-preview/gatekeeperpolicy.rego","policyParameters":{"commaSeparatedListOfLabels":"[parameters(''commaSeparatedListOfLabels'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16c6ca72-89d2-4798-b87e-496f9de7fcb7","type":"Microsoft.Authorization/policyDefinitions","name":"16c6ca72-89d2-4798-b87e-496f9de7fcb7"},{"properties":{"displayName":"[Limited
- Preview]: Ensure services listen only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"PodEnforceLabels","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/pod-enforce-labels/limited-preview/gatekeeperpolicy.rego","policyParameters":{"commaSeparatedListOfLabels":"[parameters(''commaSeparatedListOfLabels'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16c6ca72-89d2-4798-b87e-496f9de7fcb7","type":"Microsoft.Authorization/policyDefinitions","name":"16c6ca72-89d2-4798-b87e-496f9de7fcb7"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Enforce HTTPS ingress in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces HTTPS ingress in a Kubernetes cluster. For instructions on
+ using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-https-only/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-https-only/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d","type":"Microsoft.Authorization/policyDefinitions","name":"1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Ensure services listen only on allowed ports in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces services to listen only on allowed ports in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"allowedServicePortsList":{"type":"Array","metadata":{"displayName":"Allowed
+ service ports list","description":"The list of service ports allowed in a
+ Kubernetes cluster."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/service-allowed-ports/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/service-allowed-ports/constraint.yaml","values":{"allowedServicePorts":"[parameters(''allowedServicePortsList'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/233a2a17-77ca-4fb1-9b6b-69223d272a44","type":"Microsoft.Authorization/policyDefinitions","name":"233a2a17-77ca-4fb1-9b6b-69223d272a44"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Ensure services listen only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces services to listen only on allowed ports in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
@@ -3546,14 +6493,34 @@ interactions:
service ports regex","description":"Regex representing service ports allowed
in Kubernetes cluster. E.g. Regex for allowing ports 443,446 is ^(443|446)$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ServiceAllowedPorts","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/service-allowed-ports/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedServicePortsRegex":"[parameters(''allowedServicePortsRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/25dee3db-6ce0-4c02-ab5d-245887b24077","type":"Microsoft.Authorization/policyDefinitions","name":"25dee3db-6ce0-4c02-ab5d-245887b24077"},{"properties":{"displayName":"[Limited
- Preview]: Enforce HTTPS ingress in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ Preview]: [AKS] Enforce HTTPS ingress in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces HTTPS ingress in an Azure Kubernetes Service cluster. Limited
Preview policies only work for registered subscriptions. To register, please
go to https://aka.ms/akspolicyonboarding. For instruction on using this policy,
please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"HttpsIngressOnly","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-https-only/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fbff515-eecc-4b7e-9b63-fcc7138b7dc3","type":"Microsoft.Authorization/policyDefinitions","name":"2fbff515-eecc-4b7e-9b63-fcc7138b7dc3"},{"properties":{"displayName":"[Limited
- Preview]: Ensure only allowed container images in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"HttpsIngressOnly","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-https-only/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fbff515-eecc-4b7e-9b63-fcc7138b7dc3","type":"Microsoft.Authorization/policyDefinitions","name":"2fbff515-eecc-4b7e-9b63-fcc7138b7dc3"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Enforce internal load balancers in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces load balancers do not have public IPs in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/load-balancer-no-public-ips/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/load-balancer-no-public-ips/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e","type":"Microsoft.Authorization/policyDefinitions","name":"3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Ensure containers listen only on allowed ports in Kubernetes
+ cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces containers to listen only on allowed ports in a Kubernetes
+ cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"allowedContainerPortsList":{"type":"Array","metadata":{"displayName":"Allowed
+ container ports list","description":"The list of container ports allowed in
+ a Kubernetes cluster."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-ports/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-ports/constraint.yaml","values":{"allowedContainerPorts":"[parameters(''allowedContainerPortsList'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/440b515e-a580-421e-abeb-b159a61ddcbc","type":"Microsoft.Authorization/policyDefinitions","name":"440b515e-a580-421e-abeb-b159a61ddcbc"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Enforce labels on pods in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces the specified labels are provided for pods in a Kubernetes
+ cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"labelsList":{"type":"Array","metadata":{"displayName":"List
+ of labels","description":"The list of labels to be specified on Pods in a
+ Kubernetes cluster."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/pod-enforce-labels/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/pod-enforce-labels/constraint.yaml","values":{"labels":"[parameters(''labelsList'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/46592696-4c7b-4bf3-9e45-6c2763bdc0a6","type":"Microsoft.Authorization/policyDefinitions","name":"46592696-4c7b-4bf3-9e45-6c2763bdc0a6"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Ensure only allowed container images in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy ensures only allowed container images are running in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
@@ -3563,112 +6530,134 @@ interactions:
allowed in Kubernetes cluster. E.g. Regex of azure container registry images
is ^.+azurecr.io/.+$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerAllowedImages","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-allowed-images/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedContainerImagesRegex":"[parameters(''allowedContainerImagesRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5f86cb6e-c4da-441b-807c-44bd0cc14e66","type":"Microsoft.Authorization/policyDefinitions","name":"5f86cb6e-c4da-441b-807c-44bd0cc14e66"},{"properties":{"displayName":"[Limited
- Preview]: Do not allow privileged containers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ Preview]: [AKS] Do not allow privileged containers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy does not allow privileged containers creation in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerNoPrivilege","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-no-privilege/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ce7ac02-a5c6-45d6-8d1b-844feb1c1531","type":"Microsoft.Authorization/policyDefinitions","name":"7ce7ac02-a5c6-45d6-8d1b-844feb1c1531"},{"properties":{"displayName":"[Limited
- Preview]: Ensure CPU and memory resource limits defined on containers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerNoPrivilege","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-no-privilege/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ce7ac02-a5c6-45d6-8d1b-844feb1c1531","type":"Microsoft.Authorization/policyDefinitions","name":"7ce7ac02-a5c6-45d6-8d1b-844feb1c1531"},{"properties":{"displayName":"[Preview]:
+ Manage certificates issued by an integrated CA","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages certificates are issued by a specified key vault integrated
+ Certificate Authority.","metadata":{"category":"Key Vault","preview":true},"parameters":{"allowedCAs":{"type":"Array","metadata":{"displayName":"Allowed
+ Azure Key Vault Supported CAs","description":"The list of allowed certificate
+ authorities supported by Azure Key Vault."},"allowedValues":["DigiCert","GlobalSign"],"defaultValue":["DigiCert","GlobalSign"]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/issuer.name","notIn":"[parameters(''allowedCAs'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82","type":"Microsoft.Authorization/policyDefinitions","name":"8e826246-c976-48f6-b03e-619bb92b3d82"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Do not allow privileged containers in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy does not allow privileged containers creation in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-no-privilege/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-no-privilege/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4","type":"Microsoft.Authorization/policyDefinitions","name":"95edb821-ddaf-4404-9732-666045e056b4"},{"properties":{"displayName":"[Preview]:
+ Manage certificates issued by a non-integrated CA","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages certificates are issued by a specified non-integrated Certificate
+ Authority.","metadata":{"category":"Key Vault","preview":true},"parameters":{"caCommonName":{"type":"String","metadata":{"displayName":"The
+ common name of the certificate authority","description":"The common name (CN)
+ of the Certificate Authority (CA) provider. For example, for an issuer CN
+ = Contoso, OU = .., DC = .., you can specify Contoso"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/issuer.commonName","notContains":"[parameters(''caCommonName'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341","type":"Microsoft.Authorization/policyDefinitions","name":"a22f4a40-01d3-4c7d-8071-da157eeff341"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Ensure CPU and memory resource limits defined on containers
+ in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy ensures CPU and memory resource limits are defined on containers in
an Azure Kubernetes Service cluster. Limited Preview policies only work for
registered subscriptions. To register, please go to https://aka.ms/akspolicyonboarding.
For instruction on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerResourceLimits","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-resource-limits/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2d3ed81-8d11-4079-80a5-1faadc0024f4","type":"Microsoft.Authorization/policyDefinitions","name":"a2d3ed81-8d11-4079-80a5-1faadc0024f4"},{"properties":{"displayName":"[Limited
- Preview]: Enforce internal load balancers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ Preview]: [AKS] Enforce internal load balancers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces load balancers do not have public IPs in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"LoadBalancersInternal","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/loadbalancer-no-publicips/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a74d8f00-2fd9-4ce4-968e-0ee1eb821698","type":"Microsoft.Authorization/policyDefinitions","name":"a74d8f00-2fd9-4ce4-968e-0ee1eb821698"},{"properties":{"displayName":"[Limited
- Preview]: Enforce unique ingress hostnames across namespaces in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"LoadBalancersInternal","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/loadbalancer-no-publicips/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a74d8f00-2fd9-4ce4-968e-0ee1eb821698","type":"Microsoft.Authorization/policyDefinitions","name":"a74d8f00-2fd9-4ce4-968e-0ee1eb821698"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Enforce unique ingress hostnames across namespaces in Kubernetes
+ cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces unique ingress hostnames across namespaces in a Kubernetes
+ cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-hostnames-conflict/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-hostnames-conflict/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b2fd3e59-6390-4f2b-8247-ea676bd03e2d","type":"Microsoft.Authorization/policyDefinitions","name":"b2fd3e59-6390-4f2b-8247-ea676bd03e2d"},{"properties":{"displayName":"[Preview]:
+ Manage allowed curve names for elliptic curve cryptography certificates","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the allowed elliptic curve names for elliptic curve cryptography
+ certificates.","metadata":{"category":"Key Vault","preview":true},"parameters":{"allowedECNames":{"type":"Array","metadata":{"displayName":"Allowed
+ elliptic curve names","description":"The list of allowed curve names for elliptic
+ curve cryptography certificates."},"allowedValues":["P-256","P-256K","P-384","P-521"],"defaultValue":["P-256","P-256K","P-384","P-521"]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType","in":["EC","EC-HSM"]},{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.ellipticCurveName","notIn":"[parameters(''allowedECNames'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf","type":"Microsoft.Authorization/policyDefinitions","name":"bd78111f-4953-4367-9fd5-7e08808b54bf"},{"properties":{"displayName":"[Preview]:
+ Manage minimum key size for RSA certificates","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the minimum key size for RSA certificates.","metadata":{"category":"Key
+ Vault","preview":true},"parameters":{"minimumRSAKeySize":{"type":"Integer","metadata":{"displayName":"Minimum
+ RSA key size","description":"The minimum key size for RSA certificates."},"allowedValues":[2048,3072,4096]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType","in":["RSA","RSA-HSM"]},{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keySize","less":"[parameters(''minimumRSAKeySize'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0","type":"Microsoft.Authorization/policyDefinitions","name":"cee51871-e572-4576-855c-047c820360f0"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Enforce unique ingress hostnames across namespaces in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces unique ingress hostnames across namespaces in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"UniqueIngressHostnames","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-hostnames-conflict/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d011d9f7-ba32-4005-b727-b3d09371ca60","type":"Microsoft.Authorization/policyDefinitions","name":"d011d9f7-ba32-4005-b727-b3d09371ca60"},{"properties":{"displayName":"test_policy3ulbefgq5","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy5rxcsbgyu","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy5rxcsbgyu"},{"properties":{"displayName":"test_policyvrud2j572","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy6rmvrx2ug","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy6rmvrx2ug"},{"properties":{"displayName":"test_policyeezgnn3tf","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy72fpbk6om","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy72fpbk6om"},{"properties":{"displayName":"test_policylzld56g3c","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy75lhjp2qz","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy75lhjp2qz"},{"properties":{"displayName":"test_policy4leaozaze","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyafjaspbln","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyafjaspbln"},{"properties":{"displayName":"test_policytz5xijuco","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","displayName":"Allowed
- locations","strongType":"location"}}},"policyRule":{"if":{"not":{"in":"[parameters(''allowedLocations'')]","field":"location"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyaip6dvuui","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyaip6dvuui"},{"properties":{"displayName":"test_policyk2ipvteje","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policycc24wg2ai","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policycc24wg2ai"},{"properties":{"displayName":"test_policynek2j6dvx","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyebyt2or2s","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyebyt2or2s"},{"properties":{"displayName":"test_policy000003_new","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2","createdBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","createdOn":"2019-10-21T05:18:14.6339461Z","updatedBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","updatedOn":"2019-10-21T05:18:17.1140659Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
- locations 2"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"},{"properties":{"displayName":"test_policyo57mbgttt","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyf4gvztvgz","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyf4gvztvgz"},{"properties":{"displayName":"test_policyry7ktdqpn","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyfneqctrjx","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyfneqctrjx"},{"properties":{"displayName":"test_policypq5w4fcp5","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyhavmopeay","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyhavmopeay"},{"properties":{"displayName":"test_policyzhxn622hb","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyhb6kmyq63","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyhb6kmyq63"},{"properties":{"displayName":"test_policyzbi2xb6y7","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyismcbfzwf","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyismcbfzwf"},{"properties":{"displayName":"test_policyyulsilxiw","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyjp2hqpyxg","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyjp2hqpyxg"},{"properties":{"displayName":"test_policykr5rg52qb","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"category":"test","createdBy":"93a01e49-673a-4e15-8230-51214a737962","createdOn":"2019-02-20T07:02:32.8430887Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyko7fuaryl","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyko7fuaryl"},{"properties":{"displayName":"test_policym7v6bzkep","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyl5e3igsku","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyl5e3igsku"},{"properties":{"displayName":"test_policyr5ivz4uoy","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policylw4dif6k4","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policylw4dif6k4"},{"properties":{"displayName":"test_policyp2yhkolhg","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policymxx4vzibo","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policymxx4vzibo"},{"properties":{"displayName":"test_policyt252aa3in","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyose3kehj3","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyose3kehj3"},{"properties":{"displayName":"test_policyg5g7wrd63","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyqcexugiyb","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyqcexugiyb"},{"properties":{"displayName":"test_policyfn5bvohrv","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"category":"test","createdBy":"93a01e49-673a-4e15-8230-51214a737962","createdOn":"2019-02-15T07:02:13.594025Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyr45j67nyp","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyr45j67nyp"},{"properties":{"displayName":"test_policy5u5ook2zf","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyrs5zxfokx","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyrs5zxfokx"},{"properties":{"displayName":"test_policyepxuvmnrs","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyrtseayuym","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyrtseayuym"},{"properties":{"displayName":"test_policyeglfwi2os","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyrzih7n7ws","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyrzih7n7ws"},{"properties":{"displayName":"test_policyrjb7ausww","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"category":"test","createdBy":"93a01e49-673a-4e15-8230-51214a737962","createdOn":"2019-02-26T07:06:57.89264Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policysh2ld2fbf","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policysh2ld2fbf"},{"properties":{"displayName":"test_policyeop2lxcb7","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policytaxuus2zo","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policytaxuus2zo"},{"properties":{"displayName":"test_policymichd2ukj","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policytrkoh7vio","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policytrkoh7vio"},{"properties":{"displayName":"test_policymhqqjyizg","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyunv6j3gfp","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyunv6j3gfp"},{"properties":{"displayName":"test_policyf2qzg3ba4","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","displayName":"Allowed
- locations","strongType":"location"}}},"policyRule":{"if":{"not":{"in":"[parameters(''allowedLocations'')]","field":"location"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyv3qavzpbx","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyv3qavzpbx"},{"properties":{"displayName":"test_policy5koxubsg5","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyv53qgvql6","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyv53qgvql6"},{"properties":{"displayName":"test_policy7t2i6ysv7","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyvpb2ircbl","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyvpb2ircbl"},{"properties":{"displayName":"test_policyn67yt2fld_new","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2","createdBy":"93a01e49-673a-4e15-8230-51214a737962","createdOn":"2019-06-11T06:51:10.2516Z","updatedBy":"93a01e49-673a-4e15-8230-51214a737962","updatedOn":"2019-06-11T06:51:13.9885473Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
- locations 2"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyx5j3fsjzb","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyx5j3fsjzb"},{"properties":{"displayName":"test_policyif4bjggk7","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyyuuoin4oc","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyyuuoin4oc"},{"properties":{"displayName":"test_policyvy7eweevk","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"category":"test","createdBy":"93a01e49-673a-4e15-8230-51214a737962","createdOn":"2019-02-19T07:01:55.8648869Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyzyhzyddss","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyzyhzyddss"},{"properties":{"policyType":"Custom","mode":"Indexed","description":"Deny
- cool access tiering for storage","metadata":{"createdBy":"89ed5be8-ff97-41b5-ab11-055e1e3cc34b","createdOn":"2019-03-09T04:29:39.8836867Z","updatedBy":null,"updatedOn":null},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"kind","equals":"BlobStorage"},{"not":{"field":"Microsoft.Storage/storageAccounts/accessTier","equals":"cool"}}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/denyCoolTiering","type":"Microsoft.Authorization/policyDefinitions","name":"denyCoolTiering"}]}'
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"UniqueIngressHostnames","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-hostnames-conflict/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d011d9f7-ba32-4005-b727-b3d09371ca60","type":"Microsoft.Authorization/policyDefinitions","name":"d011d9f7-ba32-4005-b727-b3d09371ca60"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Ensure container CPU and memory resource limits do not exceed
+ the specified limits in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy ensures container CPU and memory resource limits are defined and do
+ not exceed the specified limits in a Kubernetes cluster. For instructions
+ on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"cpuLimit":{"type":"String","metadata":{"displayName":"Max
+ allowed CPU units","description":"The maximum CPU units allowed for a container.
+ E.g. 200m. For more information, please refer https://aka.ms/k8s-policy-pod-limits"}},"memoryLimit":{"type":"String","metadata":{"displayName":"Max
+ allowed memory bytes","description":"The maximum memory bytes allowed for
+ a container. E.g. 1Gi. For more information, please refer https://aka.ms/k8s-policy-pod-limits"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-resource-limits/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-resource-limits/constraint.yaml","values":{"cpuLimit":"[parameters(''cpuLimit'')]","memoryLimit":"[parameters(''memoryLimit'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e345eecc-fa47-480f-9e88-67dcc122b164","type":"Microsoft.Authorization/policyDefinitions","name":"e345eecc-fa47-480f-9e88-67dcc122b164"},{"properties":{"displayName":"[Preview]:
+ Manage certificates that are within a specified number of days of expiration","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages certificates that are within a specified number of days to
+ their expiration date.","metadata":{"category":"Key Vault","preview":true},"parameters":{"daysToExpire":{"type":"Integer","metadata":{"displayName":"Days
+ to expire","description":"The number of days for a certificate to expire."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/attributes.expiresOn","lessOrEquals":"[addDays(utcNow(),
+ parameters(''daysToExpire''))]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427","type":"Microsoft.Authorization/policyDefinitions","name":"f772fb64-8e40-40ad-87bc-7706e1949427"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Ensure only allowed container images in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy ensures only allowed container images are running in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"allowedContainerImagesRegex":{"type":"String","metadata":{"displayName":"Allowed
+ container images regex","description":"Regex representing container images
+ allowed in a Kubernetes cluster. E.g. Regex for azure container registry images
+ is ^.+azurecr.io/.+$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-images/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-images/constraint.yaml","values":{"allowedContainerImagesRegex":"[parameters(''allowedContainerImagesRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/febd0533-8e55-448f-b837-bd0e06f16469","type":"Microsoft.Authorization/policyDefinitions","name":"febd0533-8e55-448f-b837-bd0e06f16469"},{"properties":{"displayName":"Replace
+ tag without becoming compliant","policyType":"Custom","mode":"Indexed","description":"","metadata":{"category":"Tags","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-21T00:28:28.0537053Z","updatedBy":null,"updatedOn":null},"parameters":{},"policyRule":{"if":{"value":"true","equals":"true"},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"addOrReplace","field":"tags.mockTag","value":"mockValue"}]}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/270f0d11-af30-4c15-95f7-28ba884518f0","type":"Microsoft.Authorization/policyDefinitions","name":"270f0d11-af30-4c15-95f7-28ba884518f0"},{"properties":{"displayName":"rohitbh:
+ Key vault access policy","policyType":"Custom","mode":"All","description":"definition
+ description","metadata":{"createdBy":"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e","createdOn":"2019-03-26T00:11:44.907552Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-12T22:08:39.7776262Z"},"parameters":{"userObjectId":{"type":"String","metadata":{"displayName":"User
+ Object ID","description":"The GUID for the user which should have access"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"field":"Microsoft.Keyvault/vaults/accessPolicies[*].objectId","notEquals":"[parameters(''userObjectId'')]"}]},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.KeyVault/vaults","name":"current","deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"objectId":{"type":"string"},"keyVaultName":{"type":"string"},"secretsPermissions":{"type":"array","defaultValue":["list"]},"tenantId":{"type":"string"},"location":{"type":"string"},"sku":{"type":"object"},"existingAccessPolicies":{"type":"array","defaultValue":[]}},"variables":{"accessPolicies":[{"tenantId":"[parameters(''tenantId'')]","objectId":"[parameters(''objectId'')]","permissions":{"secrets":"[parameters(''secretsPermissions'')]"}}]},"resources":[{"type":"Microsoft.KeyVault/vaults","name":"[parameters(''keyVaultName'')]","location":"[parameters(''location'')]","apiVersion":"2018-02-14","properties":{"sku":"[parameters(''sku'')]","tenantId":"[parameters(''tenantId'')]","accessPolicies":"[concat(parameters(''existingAccessPolicies''),
+ variables(''accessPolicies''))]"}}]},"parameters":{"objectId":{"value":"[parameters(''userObjectId'')]"},"tenantId":{"value":"[field(''Microsoft.Keyvault/vaults/tenantId'')]"},"keyVaultName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"sku":{"value":"[field(''Microsoft.Keyvault/vaults/sku'')]"},"existingAccessPolicies":{"value":"[field(''Microsoft.Keyvault/vaults/accessPolicies'')]"}}}},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/f25e0fa2-a7c8-4377-a976-54943a77a395"]}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3863c624-094c-480d-bc42-74970b55e5e1","type":"Microsoft.Authorization/policyDefinitions","name":"3863c624-094c-480d-bc42-74970b55e5e1"},{"properties":{"displayName":"test_policy000003_new","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2","createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T21:50:42.5142104Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T21:50:46.7696393Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ locations 2"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"},{"properties":{"displayName":"testDisplay","policyType":"Custom","mode":"Indexed","description":"Updated
+ Unit test junk: sorry for littering. Please delete me!","metadata":{"testName":"testValue","createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-02T22:35:27.2634648Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-02T22:35:29.2696603Z"},"policyRule":{"if":{"source":"action","equals":"Microsoft.Resources/Subscriptions/ResourceGroups/write"},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ps7866","type":"Microsoft.Authorization/policyDefinitions","name":"ps7866"},{"properties":{"displayName":"robga
+ test modify","policyType":"Custom","mode":"Indexed","metadata":{"createdBy":"0dc80135-ae53-4da3-8695-220a2d93aad8","createdOn":"2019-08-06T13:52:23.9266854Z","updatedBy":"0dc80135-ae53-4da3-8695-220a2d93aad8","updatedOn":"2019-08-28T17:18:53.3118044Z"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"tags.testModify","exists":"false"}]},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"add","field":"tags.testModify","value":"addModifyOperation"}]}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/robgaTestModify","type":"Microsoft.Authorization/policyDefinitions","name":"robgaTestModify"},{"properties":{"displayName":"Audit
+ tag at MG","policyType":"Custom","mode":"All","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-19T21:02:29.3038974Z","updatedBy":null,"updatedOn":null},"parameters":{},"policyRule":{"if":{"not":{"field":"tags.Test","equals":"UnitTest"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/03ae6c12-b46a-43f1-9f3d-c20620473106","type":"Microsoft.Authorization/policyDefinitions","name":"03ae6c12-b46a-43f1-9f3d-c20620473106"},{"properties":{"displayName":"\"metadata\":
+ { \"category\": \"testResourcesGrid\" },","policyType":"Custom","mode":"All","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-19T20:48:36.8149755Z","updatedBy":null,"updatedOn":null},"parameters":{},"policyRule":{"if":{"not":{"field":"tags.testResourcesGrid","equals":"testResourcesGrid"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/4bba2e95-2749-431f-95ff-d032a3ae57f6","type":"Microsoft.Authorization/policyDefinitions","name":"4bba2e95-2749-431f-95ff-d032a3ae57f6"},{"properties":{"displayName":"CaleC
+ - Technical Owner Email Tag on RG","policyType":"Custom","mode":"All","metadata":{"category":"Test","createdBy":"b8890a11-51b6-457d-99f0-b36fde28fa4f","createdOn":"2019-11-13T21:16:37.0623117Z","updatedBy":null,"updatedOn":null},"parameters":{"namePattern":{"type":"String","metadata":{"displayName":"Pattern
+ matching","description":"Pattern to use for names. Can include wildcard (*)."}},"tagName":{"type":"String","metadata":{"displayName":"tagName","description":"Technical
+ Owner Email Address"},"defaultValue":"TechnicalOwnerEmail"}},"policyRule":{"if":{"allOf":[{"not":{"field":"[concat(''tags['',parameters(''tagName''),
+ '']'')]","like":"[parameters(''namePattern'')]"}},{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/54d50b8c-c4c6-4552-9e50-19925aedcf44","type":"Microsoft.Authorization/policyDefinitions","name":"54d50b8c-c4c6-4552-9e50-19925aedcf44"},{"properties":{"displayName":"rohitbh
+ def","policyType":"Custom","mode":"All","metadata":{"category":"Test","createdBy":"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e","createdOn":"2019-03-28T00:13:27.0393653Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/5b51a7de-acd9-42cd-81bd-32d9c01968e9","type":"Microsoft.Authorization/policyDefinitions","name":"5b51a7de-acd9-42cd-81bd-32d9c01968e9"},{"properties":{"displayName":"jilim
+ audit subscriptions without security contacts","policyType":"Custom","mode":"All","metadata":{"createdBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","createdOn":"2019-06-07T20:59:59.7600143Z","updatedBy":null,"updatedOn":null},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/Subscriptions"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Security/securityContacts"}}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/67d90168-f067-43df-bd57-bca4b46df3a0","type":"Microsoft.Authorization/policyDefinitions","name":"67d90168-f067-43df-bd57-bca4b46df3a0"},{"properties":{"displayName":"Empty
+ deployment on each KeyVault resource","policyType":"Custom","mode":"Indexed","description":"Deploys
+ an empty deployment (with one output) on each KeyVault vault. Used for some
+ PolicyInsights SDK tests.","metadata":{"category":"SDK Tests","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-21T17:43:12.9974078Z","updatedBy":null,"updatedOn":null},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Authorization/policyAssignments","name":"notExists","roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/f25e0fa2-a7c8-4377-a976-54943a77a395"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[],"outputs":{"constantOutput":{"type":"string","value":"someConstantValue"}}}}}}}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/78a38c70-5549-49bd-8a16-fe3619e5d2cf","type":"Microsoft.Authorization/policyDefinitions","name":"78a38c70-5549-49bd-8a16-fe3619e5d2cf"},{"properties":{"displayName":"CaleC
+ - Ensure principal is member of role","policyType":"Custom","mode":"All","metadata":{"category":"Test","createdBy":"b8890a11-51b6-457d-99f0-b36fde28fa4f","createdOn":"2019-11-08T01:55:56.4678953Z","updatedBy":"b8890a11-51b6-457d-99f0-b36fde28fa4f","updatedOn":"2019-11-13T21:19:54.5769298Z"},"parameters":{"roleDefinitionId":{"type":"String","metadata":{"displayName":"Approved
+ Role Definition","description":"The role definition id to add the principal
+ to."}},"principalId":{"type":"String","metadata":{"displayName":"Principal
+ Id","description":"Principal Id to add to roles"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Authorization/roleDefinitions"},{"field":"name","equals":"[parameters(''roleDefinitionId'')]"}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Authorization/roleAssignments","deploymentScope":"subscription","existenceScope":"subscription","existenceCondition":{"allOf":[{"field":"Microsoft.Authorization/roleAssignments/principalId","equals":"[parameters(''principalId'')]"},{"field":"Microsoft.Authorization/roleAssignments/roleDefinitionId","equals":"[concat(subscription().id,
+ ''/providers/Microsoft.Authorization/roleDefinitions/'', parameters(''roleDefinitionId''))]"}]},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635"],"deployment":{"location":"eastus","properties":{"mode":"incremental","parameters":{"roleId":{"value":"[parameters(''roleDefinitionId'')]"},"principalId":{"value":"[parameters(''principalId'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"principalId":{"type":"string"},"roleId":{"type":"string"}},"resources":[{"name":"[guid(subscription().id,
+ parameters(''roleId''), parameters(''principalId''))]","type":"Microsoft.Authorization/roleAssignments","apiVersion":"2019-04-01-preview","properties":{"principalId":"[parameters(''principalId'')]","roleDefinitionId":"[concat(subscription().id,
+ ''/providers/Microsoft.Authorization/roleDefinitions/'', parameters(''roleId''))]"}}]}}}}}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/906ef7c2-27f9-48f4-b111-1f0aca8697cd","type":"Microsoft.Authorization/policyDefinitions","name":"906ef7c2-27f9-48f4-b111-1f0aca8697cd"},{"properties":{"displayName":"jilim
+ mg test 2","policyType":"Custom","mode":"All","metadata":{"createdBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","createdOn":"2019-04-01T18:34:15.5651057Z","updatedBy":null,"updatedOn":null},"policyRule":{"if":{"source":"action","equals":"Microsoft.Compute/virtualMachines/write"},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/jilim
+ mg test 2","type":"Microsoft.Authorization/policyDefinitions","name":"jilim
+ mg test 2"},{"properties":{"displayName":"jilim mg test","policyType":"Custom","mode":"All","metadata":{"createdBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","createdOn":"2019-04-01T18:00:41.0087033Z","updatedBy":null,"updatedOn":null},"policyRule":{"if":{"source":"action","equals":"Microsoft.Compute/virtualMachines/write"},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/jilimmgtest","type":"Microsoft.Authorization/policyDefinitions","name":"jilimmgtest"}]}'
headers:
cache-control:
- no-cache
content-length:
- - '934527'
+ - '1645041'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:18:17 GMT
+ - Fri, 06 Dec 2019 21:50:48 GMT
expires:
- '-1'
pragma:
@@ -3698,15 +6687,15 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policy000003_new","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2","createdBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","createdOn":"2019-10-21T05:18:14.6339461Z","updatedBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","updatedOn":"2019-10-21T05:18:17.1140659Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ string: '{"properties":{"displayName":"test_policy000003_new","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2","createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T21:50:42.5142104Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T21:50:46.7696393Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
locations 2"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'
headers:
cache-control:
@@ -3716,7 +6705,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:18:20 GMT
+ - Fri, 06 Dec 2019 21:50:50 GMT
expires:
- '-1'
pragma:
@@ -3746,15 +6735,15 @@ interactions:
ParameterSetName:
- --policy -n --display-name -g --params
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policy000003_new","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2","createdBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","createdOn":"2019-10-21T05:18:14.6339461Z","updatedBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","updatedOn":"2019-10-21T05:18:17.1140659Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ string: '{"properties":{"displayName":"test_policy000003_new","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2","createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T21:50:42.5142104Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T21:50:46.7696393Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
locations 2"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'
headers:
cache-control:
@@ -3764,7 +6753,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:18:20 GMT
+ - Fri, 06 Dec 2019 21:50:51 GMT
expires:
- '-1'
pragma:
@@ -3802,15 +6791,15 @@ interactions:
ParameterSetName:
- --policy -n --display-name -g --params
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000004?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000004?api-version=2019-09-01
response:
body:
- string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"test_assignment000005","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}},"metadata":{"createdBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","createdOn":"2019-10-21T05:18:21.0692791Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000004","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000004"}'
+ string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"test_assignment000005","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}},"metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T21:50:52.4839151Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000004","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000004"}'
headers:
cache-control:
- no-cache
@@ -3819,7 +6808,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:18:20 GMT
+ - Fri, 06 Dec 2019 21:50:52 GMT
expires:
- '-1'
pragma:
@@ -3829,7 +6818,7 @@ interactions:
x-content-type-options:
- nosniff
x-ms-ratelimit-remaining-subscription-writes:
- - '1197'
+ - '1199'
status:
code: 201
message: Created
@@ -3847,15 +6836,15 @@ interactions:
ParameterSetName:
- -g -n --subnet-name
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_policy000001?api-version=2019-07-01
response:
body:
- string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001","name":"cli_test_policy000001","type":"Microsoft.Resources/resourceGroups","location":"westus","tags":{"product":"azurecli","cause":"automation","date":"2019-10-21T05:18:09Z"},"properties":{"provisioningState":"Succeeded"}}'
+ string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001","name":"cli_test_policy000001","type":"Microsoft.Resources/resourceGroups","location":"westus","tags":{"product":"azurecli","cause":"automation","date":"2019-12-06T21:50:40Z"},"properties":{"provisioningState":"Succeeded"}}'
headers:
cache-control:
- no-cache
@@ -3864,7 +6853,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:18:21 GMT
+ - Fri, 06 Dec 2019 21:50:53 GMT
expires:
- '-1'
pragma:
@@ -3898,8 +6887,8 @@ interactions:
ParameterSetName:
- -g -n --subnet-name
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-network/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-network/7.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
@@ -3908,15 +6897,15 @@ interactions:
body:
string: "{\r\n \"name\": \"azurecli-test-policy-vnet000006\",\r\n \"id\":
\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Network/virtualNetworks/azurecli-test-policy-vnet000006\",\r\n
- \ \"etag\": \"W/\\\"943929ed-cb71-4018-9754-cfa6a9525b8d\\\"\",\r\n \"type\":
+ \ \"etag\": \"W/\\\"23cd4fd6-8437-4ba7-b785-25d9a65da1b0\\\"\",\r\n \"type\":
\"Microsoft.Network/virtualNetworks\",\r\n \"location\": \"westus\",\r\n
\ \"tags\": {},\r\n \"properties\": {\r\n \"provisioningState\": \"Updating\",\r\n
- \ \"resourceGuid\": \"dc5d3477-1d7b-41fb-8632-28630c6245b3\",\r\n \"addressSpace\":
+ \ \"resourceGuid\": \"677fe7c1-96f3-4c9c-8dc9-9e2f99b0bf3e\",\r\n \"addressSpace\":
{\r\n \"addressPrefixes\": [\r\n \"10.0.0.0/16\"\r\n ]\r\n
\ },\r\n \"dhcpOptions\": {\r\n \"dnsServers\": []\r\n },\r\n
\ \"subnets\": [\r\n {\r\n \"name\": \"azurecli-test-policy-subnet000007\",\r\n
\ \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Network/virtualNetworks/azurecli-test-policy-vnet000006/subnets/azurecli-test-policy-subnet000007\",\r\n
- \ \"etag\": \"W/\\\"943929ed-cb71-4018-9754-cfa6a9525b8d\\\"\",\r\n
+ \ \"etag\": \"W/\\\"23cd4fd6-8437-4ba7-b785-25d9a65da1b0\\\"\",\r\n
\ \"properties\": {\r\n \"provisioningState\": \"Updating\",\r\n
\ \"addressPrefix\": \"10.0.0.0/24\",\r\n \"delegations\":
[],\r\n \"privateEndpointNetworkPolicies\": \"Enabled\",\r\n \"privateLinkServiceNetworkPolicies\":
@@ -3925,7 +6914,7 @@ interactions:
false,\r\n \"enableVmProtection\": false\r\n }\r\n}"
headers:
azure-asyncoperation:
- - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Network/locations/westus/operations/58d587d0-fe52-4a7e-9e54-b080d7a0e866?api-version=2019-09-01
+ - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Network/locations/westus/operations/c54a9a3f-1d3f-4e71-949b-8f9fa1c609bb?api-version=2019-09-01
cache-control:
- no-cache
content-length:
@@ -3933,7 +6922,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:18:25 GMT
+ - Fri, 06 Dec 2019 21:50:55 GMT
expires:
- '-1'
pragma:
@@ -3946,9 +6935,9 @@ interactions:
x-content-type-options:
- nosniff
x-ms-arm-service-request-id:
- - 741c5210-c3de-4084-a21d-f649101500b8
+ - d4cd88db-2025-4d10-b8fa-e495a9bb3dbc
x-ms-ratelimit-remaining-subscription-writes:
- - '1194'
+ - '1199'
status:
code: 201
message: Created
@@ -3966,10 +6955,10 @@ interactions:
ParameterSetName:
- -g -n --subnet-name
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-network/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-network/7.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Network/locations/westus/operations/58d587d0-fe52-4a7e-9e54-b080d7a0e866?api-version=2019-09-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Network/locations/westus/operations/c54a9a3f-1d3f-4e71-949b-8f9fa1c609bb?api-version=2019-09-01
response:
body:
string: "{\r\n \"status\": \"Succeeded\"\r\n}"
@@ -3981,7 +6970,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:18:29 GMT
+ - Fri, 06 Dec 2019 21:50:59 GMT
expires:
- '-1'
pragma:
@@ -3998,7 +6987,7 @@ interactions:
x-content-type-options:
- nosniff
x-ms-arm-service-request-id:
- - 8342c429-afd5-4015-b6e1-7edf65325524
+ - c28cbe89-8823-44d2-8af3-91eb97d84b28
status:
code: 200
message: OK
@@ -4016,23 +7005,23 @@ interactions:
ParameterSetName:
- -g -n --subnet-name
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-network/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-network/7.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
method: GET
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Network/virtualNetworks/azurecli-test-policy-vnet000006?api-version=2019-09-01
response:
body:
string: "{\r\n \"name\": \"azurecli-test-policy-vnet000006\",\r\n \"id\":
\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Network/virtualNetworks/azurecli-test-policy-vnet000006\",\r\n
- \ \"etag\": \"W/\\\"5862feb2-12e8-45e9-82b6-6c5b078d5676\\\"\",\r\n \"type\":
+ \ \"etag\": \"W/\\\"211e6f23-e8cd-4c2f-863f-919551e45a09\\\"\",\r\n \"type\":
\"Microsoft.Network/virtualNetworks\",\r\n \"location\": \"westus\",\r\n
\ \"tags\": {},\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n
- \ \"resourceGuid\": \"dc5d3477-1d7b-41fb-8632-28630c6245b3\",\r\n \"addressSpace\":
+ \ \"resourceGuid\": \"677fe7c1-96f3-4c9c-8dc9-9e2f99b0bf3e\",\r\n \"addressSpace\":
{\r\n \"addressPrefixes\": [\r\n \"10.0.0.0/16\"\r\n ]\r\n
\ },\r\n \"dhcpOptions\": {\r\n \"dnsServers\": []\r\n },\r\n
\ \"subnets\": [\r\n {\r\n \"name\": \"azurecli-test-policy-subnet000007\",\r\n
\ \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Network/virtualNetworks/azurecli-test-policy-vnet000006/subnets/azurecli-test-policy-subnet000007\",\r\n
- \ \"etag\": \"W/\\\"5862feb2-12e8-45e9-82b6-6c5b078d5676\\\"\",\r\n
+ \ \"etag\": \"W/\\\"211e6f23-e8cd-4c2f-863f-919551e45a09\\\"\",\r\n
\ \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n
\ \"addressPrefix\": \"10.0.0.0/24\",\r\n \"delegations\":
[],\r\n \"privateEndpointNetworkPolicies\": \"Enabled\",\r\n \"privateLinkServiceNetworkPolicies\":
@@ -4047,9 +7036,9 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:18:29 GMT
+ - Fri, 06 Dec 2019 21:50:59 GMT
etag:
- - W/"5862feb2-12e8-45e9-82b6-6c5b078d5676"
+ - W/"211e6f23-e8cd-4c2f-863f-919551e45a09"
expires:
- '-1'
pragma:
@@ -4066,7 +7055,7 @@ interactions:
x-content-type-options:
- nosniff
x-ms-arm-service-request-id:
- - e607eb1b-7b00-4bae-a573-6a7731a05ae5
+ - 86f0477b-46b1-4783-80f5-749070928cac
status:
code: 200
message: OK
@@ -4084,15 +7073,15 @@ interactions:
ParameterSetName:
- --policy -n --display-name -g --not-scopes --params --sku
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policy000003_new","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2","createdBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","createdOn":"2019-10-21T05:18:14.6339461Z","updatedBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","updatedOn":"2019-10-21T05:18:17.1140659Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ string: '{"properties":{"displayName":"test_policy000003_new","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2","createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T21:50:42.5142104Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T21:50:46.7696393Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
locations 2"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'
headers:
cache-control:
@@ -4102,7 +7091,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:18:30 GMT
+ - Fri, 06 Dec 2019 21:51:00 GMT
expires:
- '-1'
pragma:
@@ -4141,24 +7130,24 @@ interactions:
ParameterSetName:
- --policy -n --display-name -g --not-scopes --params --sku
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000004?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000004?api-version=2019-09-01
response:
body:
- string: '{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"test_assignment000005","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001","notScopes":["/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Network/virtualNetworks"],"parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}},"metadata":{"createdBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","createdOn":"2019-10-21T05:18:21.0692791Z","updatedBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","updatedOn":"2019-10-21T05:18:31.706758Z"},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000004","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000004"}'
+ string: '{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"test_assignment000005","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001","notScopes":["/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Network/virtualNetworks"],"parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}},"metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T21:50:52.4839151Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T21:51:01.5166054Z"},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000004","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000004"}'
headers:
cache-control:
- no-cache
content-length:
- - '1269'
+ - '1270'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:18:31 GMT
+ - Fri, 06 Dec 2019 21:51:01 GMT
expires:
- '-1'
pragma:
@@ -4168,7 +7157,7 @@ interactions:
x-content-type-options:
- nosniff
x-ms-ratelimit-remaining-subscription-writes:
- - '1190'
+ - '1199'
status:
code: 201
message: Created
@@ -4186,12 +7175,12 @@ interactions:
ParameterSetName:
- --policy -n --display-name -g
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
@@ -4204,7 +7193,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:18:31 GMT
+ - Fri, 06 Dec 2019 21:51:02 GMT
expires:
- '-1'
pragma:
@@ -4230,12 +7219,12 @@ interactions:
ParameterSetName:
- --policy -n --display-name -g
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d?api-version=2019-09-01
response:
body:
string: '{"properties":{"displayName":"Audit VMs that do not use managed disks","policyType":"BuiltIn","mode":"All","description":"This
@@ -4248,7 +7237,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:18:31 GMT
+ - Fri, 06 Dec 2019 21:51:03 GMT
expires:
- '-1'
pragma:
@@ -4285,15 +7274,15 @@ interactions:
ParameterSetName:
- --policy -n --display-name -g
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment2000008?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment2000008?api-version=2019-09-01
response:
body:
- string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"test_assignment000005","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001","metadata":{"createdBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","createdOn":"2019-10-21T05:18:32.9930901Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment2000008","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment2000008"}'
+ string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"test_assignment000005","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T21:51:04.4471958Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment2000008","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment2000008"}'
headers:
cache-control:
- no-cache
@@ -4302,7 +7291,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:18:32 GMT
+ - Fri, 06 Dec 2019 21:51:04 GMT
expires:
- '-1'
pragma:
@@ -4312,7 +7301,7 @@ interactions:
x-content-type-options:
- nosniff
x-ms-ratelimit-remaining-subscription-writes:
- - '1193'
+ - '1199'
status:
code: 201
message: Created
@@ -4332,15 +7321,15 @@ interactions:
ParameterSetName:
- -n -g
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: DELETE
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment2000008?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment2000008?api-version=2019-09-01
response:
body:
- string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"test_assignment000005","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001","metadata":{"createdBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","createdOn":"2019-10-21T05:18:32.9930901Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment2000008","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment2000008"}'
+ string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"test_assignment000005","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T21:51:04.4471958Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment2000008","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment2000008"}'
headers:
cache-control:
- no-cache
@@ -4349,7 +7338,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:18:33 GMT
+ - Fri, 06 Dec 2019 21:51:05 GMT
expires:
- '-1'
pragma:
@@ -4363,7 +7352,7 @@ interactions:
x-content-type-options:
- nosniff
x-ms-ratelimit-remaining-subscription-deletes:
- - '14998'
+ - '14999'
status:
code: 200
message: OK
@@ -4379,29 +7368,46 @@ interactions:
Connection:
- keep-alive
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments?api-version=2019-09-01
response:
body:
- string: '{"value":[{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"ASC
- Default (subscription: 0b1f6471-1bf0-4dda-aec3-cb9272f09590)","policyDefinitionId":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","parameters":{"diagnosticsLogsInServiceFabricMonitoringEffect":{"value":"AuditIfNotExists"},"systemUpdatesMonitoringEffect":{"value":"AuditIfNotExists"},"systemConfigurationsMonitoringEffect":{"value":"AuditIfNotExists"},"endpointProtectionMonitoringEffect":{"value":"AuditIfNotExists"},"diskEncryptionMonitoringEffect":{"value":"AuditIfNotExists"},"networkSecurityGroupsMonitoringEffect":{"value":"AuditIfNotExists"},"webApplicationFirewallMonitoringEffect":{"value":"AuditIfNotExists"},"sqlAuditingMonitoringEffect":{"value":"AuditIfNotExists"},"sqlEncryptionMonitoringEffect":{"value":"AuditIfNotExists"},"nextGenerationFirewallMonitoringEffect":{"value":"AuditIfNotExists"},"vulnerabilityAssesmentMonitoringEffect":{"value":"AuditIfNotExists"},"storageEncryptionMonitoringEffect":{"value":"Audit"},"jitNetworkAccessMonitoringEffect":{"value":"AuditIfNotExists"},"adaptiveApplicationControlsMonitoringEffect":{"value":"AuditIfNotExists"},"identityDesignateLessThanOwnersMonitoringEffect":{"value":"AuditIfNotExists"},"identityDesignateMoreThanOneOwnerMonitoringEffect":{"value":"AuditIfNotExists"},"identityEnableMFAForOwnerPermissionsMonitoringEffect":{"value":"AuditIfNotExists"},"identityEnableMFAForWritePermissionsMonitoringEffect":{"value":"AuditIfNotExists"},"identityEnableMFAForReadPermissionsMonitoringEffect":{"value":"AuditIfNotExists"},"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect":{"value":"AuditIfNotExists"},"identityRemoveDeprecatedAccountMonitoringEffect":{"value":"AuditIfNotExists"},"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect":{"value":"AuditIfNotExists"},"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect":{"value":"AuditIfNotExists"},"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect":{"value":"AuditIfNotExists"},"secureTransferToStorageAccountMonitoringEffect":{"value":"Audit"},"aadAuthenticationInSqlServerMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInRedisCacheMonitoringEffect":{"value":"Audit"},"clusterProtectionLevelInServiceFabricMonitoringEffect":{"value":"Audit"},"aadAuthenticationInServiceFabricMonitoringEffect":{"value":"Audit"},"diagnosticsLogsInServiceBusMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInDataLakeAnalyticsMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInDataLakeStoreMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInBatchAccountMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInEventHubMonitoringEffect":{"value":"AuditIfNotExists"},"metricAlertsInBatchAccountMonitoringEffect":{"value":"AuditIfNotExists"},"namespaceAuthorizationRulesInServiceBusMonitoringEffect":{"value":"Audit"},"disableUnrestrictedNetworkToStorageAccountMonitoringEffect":{"value":"Audit"},"classicComputeVMsMonitoringEffect":{"value":"Audit"},"classicStorageAccountsMonitoringEffect":{"value":"Audit"},"sqlDbVulnerabilityAssesmentMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInKeyVaultMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInStreamAnalyticsMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInSearchServiceMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInLogicAppsMonitoringEffect":{"value":"AuditIfNotExists"}},"description":"This
- policy assignment was automatically created by Azure Security Center","metadata":{"assignedBy":"Security
- Center"},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn","type":"Microsoft.Authorization/policyAssignments","name":"SecurityCenterBuiltIn"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"test_assignment000005","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001","notScopes":["/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Network/virtualNetworks"],"parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}},"metadata":{"createdBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","createdOn":"2019-10-21T05:18:21.0692791Z","updatedBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","updatedOn":"2019-10-21T05:18:31.706758Z"},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000004","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000004"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Allowed
- virtual machine SKUs","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/fytest","notScopes":[],"parameters":{"listOfAllowedSKUs":{"value":["Basic_A0"]}},"metadata":{"assignedBy":"fey@microsoft.com
- ","parameterScopes":{"listOfAllowedSKUs":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/fytest"},"createdBy":"0a592c45-613e-4f1b-9023-7c4414fd53bf","createdOn":"2019-09-02T03:19:47.0995882Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/fytest/providers/Microsoft.Authorization/policyAssignments/9c95e7fe8227466b82f48228","type":"Microsoft.Authorization/policyAssignments","name":"9c95e7fe8227466b82f48228"}]}'
+ string: '{"value":[{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Test
+ Modify initiative","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/55afae72-7df0-417b-9eb7-f756576c854a","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"description":"","metadata":{"assignedBy":"Robert
+ Gao","parameterScopes":{},"createdBy":"0dc80135-ae53-4da3-8695-220a2d93aad8","createdOn":"2019-08-29T00:36:56.3908822Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-11T22:00:41.5492656Z"},"enforcementMode":"Default"},"identity":{"principalId":"48036e81-a2af-4e6c-9624-4908615cc36d","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/3cf2c941d7b2418ca7b860e2","type":"Microsoft.Authorization/policyAssignments","name":"3cf2c941d7b2418ca7b860e2","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"chegg
+ replace tag RG","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d157c373-a6c4-483d-aaad-570756956268","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{"tagName":{"value":"cheggReplaced"},"tagValue":{"value":"true_112019_246PM"}},"description":"","metadata":{"assignedBy":"Chris
+ Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-06T23:26:56.0841235Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-20T22:46:27.8117346Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"9f6b0b38-d4b1-43d7-9ec8-4905306fe6fa","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/98a7c096f5154b8eadd36f8c","type":"Microsoft.Authorization/policyAssignments","name":"98a7c096f5154b8eadd36f8c","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"[Preview]:
+ Audit NIST SP 800-53 R4 controls and deploy specific VM Extensions to support
+ audit requirements","policyDefinitionId":"/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{"logAnalyticsWorkspaceIdforVMReporting":{"value":"fasdff"},"listOfResourceTypesWithDiagnosticLogsEnabled":{"value":["Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"listOfMembersToExcludeFromWindowsVMAdministratorsGroup":{"value":"cheggert"},"listOfMembersToIncludeInWindowsVMAdministratorsGroup":{"value":"rohitbh"}},"description":"This
+ initiative includes audit and VM Extension deployment policies that address
+ a subset of NIST SP 800-53 R4 controls. Additional policies will be added
+ in upcoming releases. For more information, please visit https://aka.ms/nist80053-blueprint.","metadata":{"assignedBy":"Chris
+ Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-20T22:11:26.047177Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-22T04:20:25.4141918Z"},"enforcementMode":"Default"},"identity":{"principalId":"c7519ca7-0d79-4b0f-af0b-0a4cfe3402d0","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/d17bc2764dae4ec1be07d178","type":"Microsoft.Authorization/policyAssignments","name":"d17bc2764dae4ec1be07d178","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"rohitbh:
+ Key vault access policy (Always give Joel access)","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3863c624-094c-480d-bc42-74970b55e5e1","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{"userObjectId":{"value":"644c17f7-2b49-4549-a67f-bcc0448cd850"}},"description":"Assignment
+ description","metadata":{"assignedBy":"Rohit Bhardwaj","parameterScopes":{},"createdBy":"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e","createdOn":"2019-03-26T00:12:03.5422031Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-12T22:23:50.9933459Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"f12ee62c-35e6-45ec-b44b-13587ca23514","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/ebccc544c4dd43d29c937f0c","type":"Microsoft.Authorization/policyAssignments","name":"ebccc544c4dd43d29c937f0c","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"chegg:
+ Replace tag without becoming compliant","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/270f0d11-af30-4c15-95f7-28ba884518f0","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Chris
+ Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-21T00:28:49.7568462Z","updatedBy":null,"updatedOn":null},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"8b9d526a-9e43-4d1b-8bfe-cfe4d90f3b58","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/ee5909f9ee3f4c12bbed6efc","type":"Microsoft.Authorization/policyAssignments","name":"ee5909f9ee3f4c12bbed6efc","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Empty
+ deployment on each KeyVault resource (SUB)","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/78a38c70-5549-49bd-8a16-fe3619e5d2cf","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"description":"Deploys
+ an empty deployment (with one output) on each KeyVault vault. Used for some
+ PolicyInsights SDK tests.","metadata":{"assignedBy":"Chris Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-21T17:43:53.4694168Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-21T17:44:38.1610927Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"dfd2385a-7700-420f-b164-bd9ffb52285b","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/fcddeb6113ec43798567dce2","type":"Microsoft.Authorization/policyAssignments","name":"fcddeb6113ec43798567dce2","location":"eastus"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"test_assignment000005","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001","notScopes":["/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Network/virtualNetworks"],"parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}},"metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T21:50:52.4839151Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T21:51:01.5166054Z"},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000004","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000004"},{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity557xn6apwfdy5zpi4e6uaijd2usuq6twmbqwcylkbr6okqpoz3k","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T21:50:43.6673632Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T21:50:58.4925025Z"},"enforcementMode":"Default"},"identity":{"principalId":"dd1f4229-1d63-4f21-a902-d80d5c791f70","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity557xn6apwfdy5zpi4e6uaijd2usuq6twmbqwcylkbr6okqpoz3k/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignmentjrdjsk2k4","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignmentjrdjsk2k4","location":"westus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Empty
+ deployment on each KeyVault resource (MG)","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/78a38c70-5549-49bd-8a16-fe3619e5d2cf","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","notScopes":[],"parameters":{},"description":"Deploys
+ an empty deployment (with one output) on each KeyVault vault. Used for some
+ PolicyInsights SDK tests.","metadata":{"assignedBy":"Chris Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-21T17:44:17.3643721Z","updatedBy":null,"updatedOn":null},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"067c1aa0-c425-4ad5-80fe-41d4639b1d42","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyAssignments/d80d743b97874fd3bfd1d539","type":"Microsoft.Authorization/policyAssignments","name":"d80d743b97874fd3bfd1d539","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Audit
+ tag at MG","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/03ae6c12-b46a-43f1-9f3d-c20620473106","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","notScopes":["/subscriptions/00000000-0000-0000-0000-000000000000"],"parameters":{},"metadata":{"assignedBy":"Chris
+ Eggert","parameterScopes":{},"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-19T21:02:48.2629834Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-10-01T17:50:28.4254014Z"},"enforcementMode":"Default"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyAssignments/ef26e8bbc3da423ebf7fcb80","type":"Microsoft.Authorization/policyAssignments","name":"ef26e8bbc3da423ebf7fcb80"}]}'
headers:
cache-control:
- no-cache
content-length:
- - '6178'
+ - '12953'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:18:34 GMT
+ - Fri, 06 Dec 2019 21:51:05 GMT
expires:
- '-1'
pragma:
@@ -4431,29 +7437,46 @@ interactions:
ParameterSetName:
- --disable-scope-strict-match
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments?api-version=2019-09-01
response:
body:
- string: '{"value":[{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"ASC
- Default (subscription: 0b1f6471-1bf0-4dda-aec3-cb9272f09590)","policyDefinitionId":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","parameters":{"diagnosticsLogsInServiceFabricMonitoringEffect":{"value":"AuditIfNotExists"},"systemUpdatesMonitoringEffect":{"value":"AuditIfNotExists"},"systemConfigurationsMonitoringEffect":{"value":"AuditIfNotExists"},"endpointProtectionMonitoringEffect":{"value":"AuditIfNotExists"},"diskEncryptionMonitoringEffect":{"value":"AuditIfNotExists"},"networkSecurityGroupsMonitoringEffect":{"value":"AuditIfNotExists"},"webApplicationFirewallMonitoringEffect":{"value":"AuditIfNotExists"},"sqlAuditingMonitoringEffect":{"value":"AuditIfNotExists"},"sqlEncryptionMonitoringEffect":{"value":"AuditIfNotExists"},"nextGenerationFirewallMonitoringEffect":{"value":"AuditIfNotExists"},"vulnerabilityAssesmentMonitoringEffect":{"value":"AuditIfNotExists"},"storageEncryptionMonitoringEffect":{"value":"Audit"},"jitNetworkAccessMonitoringEffect":{"value":"AuditIfNotExists"},"adaptiveApplicationControlsMonitoringEffect":{"value":"AuditIfNotExists"},"identityDesignateLessThanOwnersMonitoringEffect":{"value":"AuditIfNotExists"},"identityDesignateMoreThanOneOwnerMonitoringEffect":{"value":"AuditIfNotExists"},"identityEnableMFAForOwnerPermissionsMonitoringEffect":{"value":"AuditIfNotExists"},"identityEnableMFAForWritePermissionsMonitoringEffect":{"value":"AuditIfNotExists"},"identityEnableMFAForReadPermissionsMonitoringEffect":{"value":"AuditIfNotExists"},"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect":{"value":"AuditIfNotExists"},"identityRemoveDeprecatedAccountMonitoringEffect":{"value":"AuditIfNotExists"},"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect":{"value":"AuditIfNotExists"},"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect":{"value":"AuditIfNotExists"},"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect":{"value":"AuditIfNotExists"},"secureTransferToStorageAccountMonitoringEffect":{"value":"Audit"},"aadAuthenticationInSqlServerMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInRedisCacheMonitoringEffect":{"value":"Audit"},"clusterProtectionLevelInServiceFabricMonitoringEffect":{"value":"Audit"},"aadAuthenticationInServiceFabricMonitoringEffect":{"value":"Audit"},"diagnosticsLogsInServiceBusMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInDataLakeAnalyticsMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInDataLakeStoreMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInBatchAccountMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInEventHubMonitoringEffect":{"value":"AuditIfNotExists"},"metricAlertsInBatchAccountMonitoringEffect":{"value":"AuditIfNotExists"},"namespaceAuthorizationRulesInServiceBusMonitoringEffect":{"value":"Audit"},"disableUnrestrictedNetworkToStorageAccountMonitoringEffect":{"value":"Audit"},"classicComputeVMsMonitoringEffect":{"value":"Audit"},"classicStorageAccountsMonitoringEffect":{"value":"Audit"},"sqlDbVulnerabilityAssesmentMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInKeyVaultMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInStreamAnalyticsMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInSearchServiceMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInLogicAppsMonitoringEffect":{"value":"AuditIfNotExists"}},"description":"This
- policy assignment was automatically created by Azure Security Center","metadata":{"assignedBy":"Security
- Center"},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn","type":"Microsoft.Authorization/policyAssignments","name":"SecurityCenterBuiltIn"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"test_assignment000005","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001","notScopes":["/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Network/virtualNetworks"],"parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}},"metadata":{"createdBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","createdOn":"2019-10-21T05:18:21.0692791Z","updatedBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","updatedOn":"2019-10-21T05:18:31.706758Z"},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000004","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000004"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Allowed
- virtual machine SKUs","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/fytest","notScopes":[],"parameters":{"listOfAllowedSKUs":{"value":["Basic_A0"]}},"metadata":{"assignedBy":"fey@microsoft.com
- ","parameterScopes":{"listOfAllowedSKUs":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/fytest"},"createdBy":"0a592c45-613e-4f1b-9023-7c4414fd53bf","createdOn":"2019-09-02T03:19:47.0995882Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/fytest/providers/Microsoft.Authorization/policyAssignments/9c95e7fe8227466b82f48228","type":"Microsoft.Authorization/policyAssignments","name":"9c95e7fe8227466b82f48228"}]}'
+ string: '{"value":[{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Test
+ Modify initiative","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/55afae72-7df0-417b-9eb7-f756576c854a","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"description":"","metadata":{"assignedBy":"Robert
+ Gao","parameterScopes":{},"createdBy":"0dc80135-ae53-4da3-8695-220a2d93aad8","createdOn":"2019-08-29T00:36:56.3908822Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-11T22:00:41.5492656Z"},"enforcementMode":"Default"},"identity":{"principalId":"48036e81-a2af-4e6c-9624-4908615cc36d","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/3cf2c941d7b2418ca7b860e2","type":"Microsoft.Authorization/policyAssignments","name":"3cf2c941d7b2418ca7b860e2","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"chegg
+ replace tag RG","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d157c373-a6c4-483d-aaad-570756956268","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{"tagName":{"value":"cheggReplaced"},"tagValue":{"value":"true_112019_246PM"}},"description":"","metadata":{"assignedBy":"Chris
+ Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-06T23:26:56.0841235Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-20T22:46:27.8117346Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"9f6b0b38-d4b1-43d7-9ec8-4905306fe6fa","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/98a7c096f5154b8eadd36f8c","type":"Microsoft.Authorization/policyAssignments","name":"98a7c096f5154b8eadd36f8c","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"[Preview]:
+ Audit NIST SP 800-53 R4 controls and deploy specific VM Extensions to support
+ audit requirements","policyDefinitionId":"/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{"logAnalyticsWorkspaceIdforVMReporting":{"value":"fasdff"},"listOfResourceTypesWithDiagnosticLogsEnabled":{"value":["Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"listOfMembersToExcludeFromWindowsVMAdministratorsGroup":{"value":"cheggert"},"listOfMembersToIncludeInWindowsVMAdministratorsGroup":{"value":"rohitbh"}},"description":"This
+ initiative includes audit and VM Extension deployment policies that address
+ a subset of NIST SP 800-53 R4 controls. Additional policies will be added
+ in upcoming releases. For more information, please visit https://aka.ms/nist80053-blueprint.","metadata":{"assignedBy":"Chris
+ Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-20T22:11:26.047177Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-22T04:20:25.4141918Z"},"enforcementMode":"Default"},"identity":{"principalId":"c7519ca7-0d79-4b0f-af0b-0a4cfe3402d0","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/d17bc2764dae4ec1be07d178","type":"Microsoft.Authorization/policyAssignments","name":"d17bc2764dae4ec1be07d178","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"rohitbh:
+ Key vault access policy (Always give Joel access)","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3863c624-094c-480d-bc42-74970b55e5e1","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{"userObjectId":{"value":"644c17f7-2b49-4549-a67f-bcc0448cd850"}},"description":"Assignment
+ description","metadata":{"assignedBy":"Rohit Bhardwaj","parameterScopes":{},"createdBy":"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e","createdOn":"2019-03-26T00:12:03.5422031Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-12T22:23:50.9933459Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"f12ee62c-35e6-45ec-b44b-13587ca23514","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/ebccc544c4dd43d29c937f0c","type":"Microsoft.Authorization/policyAssignments","name":"ebccc544c4dd43d29c937f0c","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"chegg:
+ Replace tag without becoming compliant","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/270f0d11-af30-4c15-95f7-28ba884518f0","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Chris
+ Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-21T00:28:49.7568462Z","updatedBy":null,"updatedOn":null},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"8b9d526a-9e43-4d1b-8bfe-cfe4d90f3b58","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/ee5909f9ee3f4c12bbed6efc","type":"Microsoft.Authorization/policyAssignments","name":"ee5909f9ee3f4c12bbed6efc","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Empty
+ deployment on each KeyVault resource (SUB)","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/78a38c70-5549-49bd-8a16-fe3619e5d2cf","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"description":"Deploys
+ an empty deployment (with one output) on each KeyVault vault. Used for some
+ PolicyInsights SDK tests.","metadata":{"assignedBy":"Chris Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-21T17:43:53.4694168Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-21T17:44:38.1610927Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"dfd2385a-7700-420f-b164-bd9ffb52285b","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/fcddeb6113ec43798567dce2","type":"Microsoft.Authorization/policyAssignments","name":"fcddeb6113ec43798567dce2","location":"eastus"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"test_assignment000005","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001","notScopes":["/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Network/virtualNetworks"],"parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}},"metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T21:50:52.4839151Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T21:51:01.5166054Z"},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000004","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000004"},{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity557xn6apwfdy5zpi4e6uaijd2usuq6twmbqwcylkbr6okqpoz3k","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T21:50:43.6673632Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T21:50:58.4925025Z"},"enforcementMode":"Default"},"identity":{"principalId":"dd1f4229-1d63-4f21-a902-d80d5c791f70","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity557xn6apwfdy5zpi4e6uaijd2usuq6twmbqwcylkbr6okqpoz3k/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignmentjrdjsk2k4","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignmentjrdjsk2k4","location":"westus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Empty
+ deployment on each KeyVault resource (MG)","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/78a38c70-5549-49bd-8a16-fe3619e5d2cf","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","notScopes":[],"parameters":{},"description":"Deploys
+ an empty deployment (with one output) on each KeyVault vault. Used for some
+ PolicyInsights SDK tests.","metadata":{"assignedBy":"Chris Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-21T17:44:17.3643721Z","updatedBy":null,"updatedOn":null},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"067c1aa0-c425-4ad5-80fe-41d4639b1d42","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyAssignments/d80d743b97874fd3bfd1d539","type":"Microsoft.Authorization/policyAssignments","name":"d80d743b97874fd3bfd1d539","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Audit
+ tag at MG","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/03ae6c12-b46a-43f1-9f3d-c20620473106","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","notScopes":["/subscriptions/00000000-0000-0000-0000-000000000000"],"parameters":{},"metadata":{"assignedBy":"Chris
+ Eggert","parameterScopes":{},"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-19T21:02:48.2629834Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-10-01T17:50:28.4254014Z"},"enforcementMode":"Default"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyAssignments/ef26e8bbc3da423ebf7fcb80","type":"Microsoft.Authorization/policyAssignments","name":"ef26e8bbc3da423ebf7fcb80"}]}'
headers:
cache-control:
- no-cache
content-length:
- - '6178'
+ - '12953'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:18:35 GMT
+ - Fri, 06 Dec 2019 21:51:07 GMT
expires:
- '-1'
pragma:
@@ -4485,24 +7508,24 @@ interactions:
ParameterSetName:
- -n -g
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: DELETE
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000004?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000004?api-version=2019-09-01
response:
body:
- string: '{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"test_assignment000005","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001","notScopes":["/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Network/virtualNetworks"],"parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}},"metadata":{"createdBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","createdOn":"2019-10-21T05:18:21.0692791Z","updatedBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","updatedOn":"2019-10-21T05:18:31.706758Z"},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000004","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000004"}'
+ string: '{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"test_assignment000005","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001","notScopes":["/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Network/virtualNetworks"],"parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}},"metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T21:50:52.4839151Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T21:51:01.5166054Z"},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000004","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000004"}'
headers:
cache-control:
- no-cache
content-length:
- - '1269'
+ - '1270'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:18:36 GMT
+ - Fri, 06 Dec 2019 21:51:08 GMT
expires:
- '-1'
pragma:
@@ -4516,7 +7539,7 @@ interactions:
x-content-type-options:
- nosniff
x-ms-ratelimit-remaining-subscription-deletes:
- - '14995'
+ - '14999'
status:
code: 200
message: OK
@@ -4534,29 +7557,46 @@ interactions:
ParameterSetName:
- --disable-scope-strict-match
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments?api-version=2019-09-01
response:
body:
- string: '{"value":[{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"ASC
- Default (subscription: 0b1f6471-1bf0-4dda-aec3-cb9272f09590)","policyDefinitionId":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","parameters":{"diagnosticsLogsInServiceFabricMonitoringEffect":{"value":"AuditIfNotExists"},"systemUpdatesMonitoringEffect":{"value":"AuditIfNotExists"},"systemConfigurationsMonitoringEffect":{"value":"AuditIfNotExists"},"endpointProtectionMonitoringEffect":{"value":"AuditIfNotExists"},"diskEncryptionMonitoringEffect":{"value":"AuditIfNotExists"},"networkSecurityGroupsMonitoringEffect":{"value":"AuditIfNotExists"},"webApplicationFirewallMonitoringEffect":{"value":"AuditIfNotExists"},"sqlAuditingMonitoringEffect":{"value":"AuditIfNotExists"},"sqlEncryptionMonitoringEffect":{"value":"AuditIfNotExists"},"nextGenerationFirewallMonitoringEffect":{"value":"AuditIfNotExists"},"vulnerabilityAssesmentMonitoringEffect":{"value":"AuditIfNotExists"},"storageEncryptionMonitoringEffect":{"value":"Audit"},"jitNetworkAccessMonitoringEffect":{"value":"AuditIfNotExists"},"adaptiveApplicationControlsMonitoringEffect":{"value":"AuditIfNotExists"},"identityDesignateLessThanOwnersMonitoringEffect":{"value":"AuditIfNotExists"},"identityDesignateMoreThanOneOwnerMonitoringEffect":{"value":"AuditIfNotExists"},"identityEnableMFAForOwnerPermissionsMonitoringEffect":{"value":"AuditIfNotExists"},"identityEnableMFAForWritePermissionsMonitoringEffect":{"value":"AuditIfNotExists"},"identityEnableMFAForReadPermissionsMonitoringEffect":{"value":"AuditIfNotExists"},"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect":{"value":"AuditIfNotExists"},"identityRemoveDeprecatedAccountMonitoringEffect":{"value":"AuditIfNotExists"},"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect":{"value":"AuditIfNotExists"},"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect":{"value":"AuditIfNotExists"},"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect":{"value":"AuditIfNotExists"},"secureTransferToStorageAccountMonitoringEffect":{"value":"Audit"},"aadAuthenticationInSqlServerMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInRedisCacheMonitoringEffect":{"value":"Audit"},"clusterProtectionLevelInServiceFabricMonitoringEffect":{"value":"Audit"},"aadAuthenticationInServiceFabricMonitoringEffect":{"value":"Audit"},"diagnosticsLogsInServiceBusMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInDataLakeAnalyticsMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInDataLakeStoreMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInBatchAccountMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInEventHubMonitoringEffect":{"value":"AuditIfNotExists"},"metricAlertsInBatchAccountMonitoringEffect":{"value":"AuditIfNotExists"},"namespaceAuthorizationRulesInServiceBusMonitoringEffect":{"value":"Audit"},"disableUnrestrictedNetworkToStorageAccountMonitoringEffect":{"value":"Audit"},"classicComputeVMsMonitoringEffect":{"value":"Audit"},"classicStorageAccountsMonitoringEffect":{"value":"Audit"},"sqlDbVulnerabilityAssesmentMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInKeyVaultMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInStreamAnalyticsMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInSearchServiceMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInLogicAppsMonitoringEffect":{"value":"AuditIfNotExists"}},"description":"This
- policy assignment was automatically created by Azure Security Center","metadata":{"assignedBy":"Security
- Center"},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn","type":"Microsoft.Authorization/policyAssignments","name":"SecurityCenterBuiltIn"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Allowed
- virtual machine SKUs","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/fytest","notScopes":[],"parameters":{"listOfAllowedSKUs":{"value":["Basic_A0"]}},"metadata":{"assignedBy":"fey@microsoft.com
- ","parameterScopes":{"listOfAllowedSKUs":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/fytest"},"createdBy":"0a592c45-613e-4f1b-9023-7c4414fd53bf","createdOn":"2019-09-02T03:19:47.0995882Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/fytest/providers/Microsoft.Authorization/policyAssignments/9c95e7fe8227466b82f48228","type":"Microsoft.Authorization/policyAssignments","name":"9c95e7fe8227466b82f48228"}]}'
+ string: '{"value":[{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Test
+ Modify initiative","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/55afae72-7df0-417b-9eb7-f756576c854a","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"description":"","metadata":{"assignedBy":"Robert
+ Gao","parameterScopes":{},"createdBy":"0dc80135-ae53-4da3-8695-220a2d93aad8","createdOn":"2019-08-29T00:36:56.3908822Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-11T22:00:41.5492656Z"},"enforcementMode":"Default"},"identity":{"principalId":"48036e81-a2af-4e6c-9624-4908615cc36d","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/3cf2c941d7b2418ca7b860e2","type":"Microsoft.Authorization/policyAssignments","name":"3cf2c941d7b2418ca7b860e2","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"chegg
+ replace tag RG","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d157c373-a6c4-483d-aaad-570756956268","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{"tagName":{"value":"cheggReplaced"},"tagValue":{"value":"true_112019_246PM"}},"description":"","metadata":{"assignedBy":"Chris
+ Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-06T23:26:56.0841235Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-20T22:46:27.8117346Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"9f6b0b38-d4b1-43d7-9ec8-4905306fe6fa","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/98a7c096f5154b8eadd36f8c","type":"Microsoft.Authorization/policyAssignments","name":"98a7c096f5154b8eadd36f8c","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"[Preview]:
+ Audit NIST SP 800-53 R4 controls and deploy specific VM Extensions to support
+ audit requirements","policyDefinitionId":"/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{"logAnalyticsWorkspaceIdforVMReporting":{"value":"fasdff"},"listOfResourceTypesWithDiagnosticLogsEnabled":{"value":["Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"listOfMembersToExcludeFromWindowsVMAdministratorsGroup":{"value":"cheggert"},"listOfMembersToIncludeInWindowsVMAdministratorsGroup":{"value":"rohitbh"}},"description":"This
+ initiative includes audit and VM Extension deployment policies that address
+ a subset of NIST SP 800-53 R4 controls. Additional policies will be added
+ in upcoming releases. For more information, please visit https://aka.ms/nist80053-blueprint.","metadata":{"assignedBy":"Chris
+ Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-20T22:11:26.047177Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-22T04:20:25.4141918Z"},"enforcementMode":"Default"},"identity":{"principalId":"c7519ca7-0d79-4b0f-af0b-0a4cfe3402d0","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/d17bc2764dae4ec1be07d178","type":"Microsoft.Authorization/policyAssignments","name":"d17bc2764dae4ec1be07d178","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"rohitbh:
+ Key vault access policy (Always give Joel access)","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3863c624-094c-480d-bc42-74970b55e5e1","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{"userObjectId":{"value":"644c17f7-2b49-4549-a67f-bcc0448cd850"}},"description":"Assignment
+ description","metadata":{"assignedBy":"Rohit Bhardwaj","parameterScopes":{},"createdBy":"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e","createdOn":"2019-03-26T00:12:03.5422031Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-12T22:23:50.9933459Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"f12ee62c-35e6-45ec-b44b-13587ca23514","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/ebccc544c4dd43d29c937f0c","type":"Microsoft.Authorization/policyAssignments","name":"ebccc544c4dd43d29c937f0c","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"chegg:
+ Replace tag without becoming compliant","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/270f0d11-af30-4c15-95f7-28ba884518f0","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Chris
+ Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-21T00:28:49.7568462Z","updatedBy":null,"updatedOn":null},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"8b9d526a-9e43-4d1b-8bfe-cfe4d90f3b58","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/ee5909f9ee3f4c12bbed6efc","type":"Microsoft.Authorization/policyAssignments","name":"ee5909f9ee3f4c12bbed6efc","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Empty
+ deployment on each KeyVault resource (SUB)","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/78a38c70-5549-49bd-8a16-fe3619e5d2cf","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"description":"Deploys
+ an empty deployment (with one output) on each KeyVault vault. Used for some
+ PolicyInsights SDK tests.","metadata":{"assignedBy":"Chris Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-21T17:43:53.4694168Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-21T17:44:38.1610927Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"dfd2385a-7700-420f-b164-bd9ffb52285b","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/fcddeb6113ec43798567dce2","type":"Microsoft.Authorization/policyAssignments","name":"fcddeb6113ec43798567dce2","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity557xn6apwfdy5zpi4e6uaijd2usuq6twmbqwcylkbr6okqpoz3k","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T21:50:43.6673632Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T21:50:58.4925025Z"},"enforcementMode":"Default"},"identity":{"principalId":"dd1f4229-1d63-4f21-a902-d80d5c791f70","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity557xn6apwfdy5zpi4e6uaijd2usuq6twmbqwcylkbr6okqpoz3k/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignmentjrdjsk2k4","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignmentjrdjsk2k4","location":"westus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Empty
+ deployment on each KeyVault resource (MG)","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/78a38c70-5549-49bd-8a16-fe3619e5d2cf","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","notScopes":[],"parameters":{},"description":"Deploys
+ an empty deployment (with one output) on each KeyVault vault. Used for some
+ PolicyInsights SDK tests.","metadata":{"assignedBy":"Chris Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-21T17:44:17.3643721Z","updatedBy":null,"updatedOn":null},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"067c1aa0-c425-4ad5-80fe-41d4639b1d42","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyAssignments/d80d743b97874fd3bfd1d539","type":"Microsoft.Authorization/policyAssignments","name":"d80d743b97874fd3bfd1d539","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Audit
+ tag at MG","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/03ae6c12-b46a-43f1-9f3d-c20620473106","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","notScopes":["/subscriptions/00000000-0000-0000-0000-000000000000"],"parameters":{},"metadata":{"assignedBy":"Chris
+ Eggert","parameterScopes":{},"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-19T21:02:48.2629834Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-10-01T17:50:28.4254014Z"},"enforcementMode":"Default"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyAssignments/ef26e8bbc3da423ebf7fcb80","type":"Microsoft.Authorization/policyAssignments","name":"ef26e8bbc3da423ebf7fcb80"}]}'
headers:
cache-control:
- no-cache
content-length:
- - '4908'
+ - '11682'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:18:38 GMT
+ - Fri, 06 Dec 2019 21:51:09 GMT
expires:
- '-1'
pragma:
@@ -4588,15 +7628,15 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: DELETE
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policy000003_new","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2","createdBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","createdOn":"2019-10-21T05:18:14.6339461Z","updatedBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","updatedOn":"2019-10-21T05:18:17.1140659Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ string: '{"properties":{"displayName":"test_policy000003_new","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2","createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T21:50:42.5142104Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T21:50:46.7696393Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
locations 2"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'
headers:
cache-control:
@@ -4606,7 +7646,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:18:39 GMT
+ - Fri, 06 Dec 2019 21:51:10 GMT
expires:
- '-1'
pragma:
@@ -4620,7 +7660,7 @@ interactions:
x-content-type-options:
- nosniff
x-ms-ratelimit-remaining-subscription-deletes:
- - '14996'
+ - '14999'
status:
code: 200
message: OK
@@ -4636,23 +7676,52 @@ interactions:
Connection:
- keep-alive
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions?api-version=2019-09-01
response:
body:
- string: '{"value":[{"properties":{"displayName":"Audit virtual machines without
- disaster recovery configured","policyType":"BuiltIn","mode":"All","description":"Audit
+ string: '{"value":[{"properties":{"displayName":"Microsoft Managed Control 1599
+ - Developer Configuration Management | Software / Firmware Integrity Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1599"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0004bbf0-5099-4179-869e-e9ffe5fb0945","type":"Microsoft.Authorization/policyDefinitions","name":"0004bbf0-5099-4179-869e-e9ffe5fb0945"},{"properties":{"displayName":"Audit
+ virtual machines without disaster recovery configured","policyType":"BuiltIn","mode":"All","description":"Audit
virtual machines which do not have disaster recovery configured. To learn
more about disaster recovery, visit https://aka.ms/asr-doc.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Resources/links","existenceCondition":{"field":"name","like":"ASR-Protect-*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","type":"Microsoft.Authorization/policyDefinitions","name":"0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56"},{"properties":{"displayName":"[Deprecated]:
Audit Web Sockets state for a Function App","policyType":"BuiltIn","mode":"All","description":"The
Web Sockets protocol is vulnerable to different types of security threats.
Use of Web Sockets within an Function app must be carefully reviewed.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd","type":"Microsoft.Authorization/policyDefinitions","name":"001802d1-4969-4c82-a700-c29c6c6f9bbd"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd","type":"Microsoft.Authorization/policyDefinitions","name":"001802d1-4969-4c82-a700-c29c6c6f9bbd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1375 - Incident Response Assistance | Automation Support For
+ Availability Of Information / Support","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1375"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/00379355-8932-4b52-b63a-3bc6daf3451a","type":"Microsoft.Authorization/policyDefinitions","name":"00379355-8932-4b52-b63a-3bc6daf3451a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1605 - Developer Security Testing And Evaluation | Static
+ Code Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1605"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0062eb8b-dc75-4718-8ea5-9bb4a9606655","type":"Microsoft.Authorization/policyDefinitions","name":"0062eb8b-dc75-4718-8ea5-9bb4a9606655"},{"properties":{"displayName":"Microsoft
+ Managed Control 1142 - Security Assessment And Authorization Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1142"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/01524fa8-4555-48ce-ba5f-c3b8dcef5147","type":"Microsoft.Authorization/policyDefinitions","name":"01524fa8-4555-48ce-ba5f-c3b8dcef5147"},{"properties":{"displayName":"Microsoft
+ Managed Control 1099 - Security Training Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1099"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/01910bab-8639-4bd0-84ef-cc53b24d79ba","type":"Microsoft.Authorization/policyDefinitions","name":"01910bab-8639-4bd0-84ef-cc53b24d79ba"},{"properties":{"displayName":"Microsoft
+ Managed Control 1285 - Telecommunications Services | Provider Contingency
+ Plan","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1285"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/01f7726b-db54-45c2-bcb5-9bd7a43796ee","type":"Microsoft.Authorization/policyDefinitions","name":"01f7726b-db54-45c2-bcb5-9bd7a43796ee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1709 - Security Function Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1709"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/025992d6-7fee-4137-9bbf-2ffc39c0686c","type":"Microsoft.Authorization/policyDefinitions","name":"025992d6-7fee-4137-9bbf-2ffc39c0686c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1052 - Session Lock","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1052"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/027cae1c-ec3e-4492-9036-4168d540c42a","type":"Microsoft.Authorization/policyDefinitions","name":"027cae1c-ec3e-4492-9036-4168d540c42a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1034 - Least Privilege","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1034"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02a5ed00-6d2e-4e97-9a98-46c32c057329","type":"Microsoft.Authorization/policyDefinitions","name":"02a5ed00-6d2e-4e97-9a98-46c32c057329"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs on which the remote host connection status
does not match the specified one","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -4660,12 +7729,68 @@ interactions:
auditing Windows virtual machines on which the remote host connection status
does not match the specified one. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsRemoteConnection","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02a84be7-c304-421f-9bb7-5d2c26af54ad","type":"Microsoft.Authorization/policyDefinitions","name":"02a84be7-c304-421f-9bb7-5d2c26af54ad"},{"properties":{"displayName":"SQL
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsRemoteConnection","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02a84be7-c304-421f-9bb7-5d2c26af54ad","type":"Microsoft.Authorization/policyDefinitions","name":"02a84be7-c304-421f-9bb7-5d2c26af54ad"},{"properties":{"displayName":"Microsoft
+ Managed Control 1623 - Boundary Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1623"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02ce1b22-412a-4528-8630-c42146f917ed","type":"Microsoft.Authorization/policyDefinitions","name":"02ce1b22-412a-4528-8630-c42146f917ed"},{"properties":{"displayName":"Microsoft
+ Managed Control 1515 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1515"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02dd141a-a2b2-49a7-bcbd-ca31142f6211","type":"Microsoft.Authorization/policyDefinitions","name":"02dd141a-a2b2-49a7-bcbd-ca31142f6211"},{"properties":{"displayName":"Microsoft
+ Managed Control 1327 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1327"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03188d8f-1ae5-4fe1-974d-2d7d32ef937d","type":"Microsoft.Authorization/policyDefinitions","name":"03188d8f-1ae5-4fe1-974d-2d7d32ef937d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1229 - Information System Component Inventory | No Duplicate
+ Accounting Of Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1229"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03752212-103c-4ab8-a306-7e813022ca9d","type":"Microsoft.Authorization/policyDefinitions","name":"03752212-103c-4ab8-a306-7e813022ca9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1123 - Audit Review, Analysis, And Reporting | Audit Level
+ Adjustment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1123"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03996055-37a4-45a5-8b70-3f1caa45f87d","type":"Microsoft.Authorization/policyDefinitions","name":"03996055-37a4-45a5-8b70-3f1caa45f87d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1474 - Emergency Power | Long-Term Alternate Power Supply
+ - Minimal Operational Capability","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1474"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03ad326e-d7a1-44b1-9a76-e17492efc9e4","type":"Microsoft.Authorization/policyDefinitions","name":"03ad326e-d7a1-44b1-9a76-e17492efc9e4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1227 - Information System Component Inventory | Automated
+ Unauthorized Component Detection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1227"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03b78f5e-4877-4303-b0f4-eb6583f25768","type":"Microsoft.Authorization/policyDefinitions","name":"03b78f5e-4877-4303-b0f4-eb6583f25768"},{"properties":{"displayName":"Microsoft
+ Managed Control 1361 - Incident Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1361"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03ed3be1-7276-4452-9a5d-e4168565ac67","type":"Microsoft.Authorization/policyDefinitions","name":"03ed3be1-7276-4452-9a5d-e4168565ac67"},{"properties":{"displayName":"Microsoft
+ Managed Control 1594 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1594"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/042ba2a1-8bb8-45f4-b080-c78cf62b90e9","type":"Microsoft.Authorization/policyDefinitions","name":"042ba2a1-8bb8-45f4-b080-c78cf62b90e9"},{"properties":{"displayName":"SQL
managed instance TDE protector should be encrypted with your own key","policyType":"BuiltIn","mode":"Indexed","description":"Transparent
Data Encryption (TDE) with your own key support provides increased transparency
and control over the TDE Protector, increased security with an HSM-backed
external service, and promotion of separation of duties.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/encryptionProtector","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/managedInstances/encryptionProtector/serverKeyType","equals":"AzureKeyVault"},{"field":"Microsoft.Sql/managedInstances/encryptionProtector/uri","notEquals":""},{"field":"Microsoft.Sql/managedInstances/encryptionProtector/uri","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","type":"Microsoft.Authorization/policyDefinitions","name":"048248b0-55cd-46da-b1ff-39efd52db260"},{"properties":{"displayName":"[Preview]:
+ Network traffic data collection agent should be installed on Linux virtual
+ machines","policyType":"BuiltIn","mode":"Indexed","description":"Security
+ Center uses the Microsoft Monitoring Dependency Agent to collect network traffic
+ data from your Azure virtual machines to enable advanced network protection
+ features such as traffic visualization on the network map, network hardening
+ recommendations and specific network threats.","metadata":{"category":"Monitoring","preview":"true"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable Dependency Agent for Linux VMs monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/04c4380f-3fae-46e8-96c9-30193528f602","type":"Microsoft.Authorization/policyDefinitions","name":"04c4380f-3fae-46e8-96c9-30193528f602"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Service Bus to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Service Bus to stream to a regional Log Analytics
+ workspace when any Service Bus which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.ServiceBus/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e","type":"Microsoft.Authorization/policyDefinitions","name":"04d53d87-841c-4f23-8a5b-21564380b55e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1572 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1572"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/04f5fb00-80bb-48a9-a75b-4cb4d4c97c36","type":"Microsoft.Authorization/policyDefinitions","name":"04f5fb00-80bb-48a9-a75b-4cb4d4c97c36"},{"properties":{"displayName":"[Preview]:
Deploy Log Analytics Agent for Linux VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined
and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log
@@ -4678,7 +7803,10 @@ interactions:
''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77","type":"Microsoft.Authorization/policyDefinitions","name":"053d3325-282c-4e5c-b944-24faffd30d77"},{"properties":{"displayName":"Vulnerability
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77","type":"Microsoft.Authorization/policyDefinitions","name":"053d3325-282c-4e5c-b944-24faffd30d77"},{"properties":{"displayName":"Microsoft
+ Managed Control 1331 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1331"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05460fe2-301f-4ed1-8174-d62c8bb92ff4","type":"Microsoft.Authorization/policyDefinitions","name":"05460fe2-301f-4ed1-8174-d62c8bb92ff4"},{"properties":{"displayName":"Vulnerability
Assessment settings for SQL server should contain an email address to receive
scan reports","policyType":"BuiltIn","mode":"Indexed","description":"Ensure
that an email address is provided for the ''Send scan reports to'' field in
@@ -4691,12 +7819,44 @@ interactions:
your network is compromised","metadata":{"category":"Data Lake"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","type":"Microsoft.Authorization/policyDefinitions","name":"057ef27e-665e-4328-8ea3-04b3122bd9fb"},{"properties":{"displayName":"[Deprecated]:
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","type":"Microsoft.Authorization/policyDefinitions","name":"057ef27e-665e-4328-8ea3-04b3122bd9fb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1132 - Protection Of Audit Information | Audit Backup On Separate
+ Physical Systems / Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1132"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05938e10-cdbd-4a54-9b2b-1cbcfc141ad0","type":"Microsoft.Authorization/policyDefinitions","name":"05938e10-cdbd-4a54-9b2b-1cbcfc141ad0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1223 - Information System Component Inventory","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1223"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a","type":"Microsoft.Authorization/policyDefinitions","name":"05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1640 - Transmission Confidentiality And Integrity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1640"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05a289ce-6a20-4b75-a0f3-dc8601b6acd0","type":"Microsoft.Authorization/policyDefinitions","name":"05a289ce-6a20-4b75-a0f3-dc8601b6acd0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1420 - Maintenance Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1420"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05ae08cc-a282-413b-90c7-21a2c60b8404","type":"Microsoft.Authorization/policyDefinitions","name":"05ae08cc-a282-413b-90c7-21a2c60b8404"},{"properties":{"displayName":"Microsoft
+ Managed Control 1658 - Secure Name / Address Resolution Service (Recursive
+ Or Caching Resolver)","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1658"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/063b540e-4bdc-4e7a-a569-3a42ddf22098","type":"Microsoft.Authorization/policyDefinitions","name":"063b540e-4bdc-4e7a-a569-3a42ddf22098"},{"properties":{"displayName":"Microsoft
+ Managed Control 1688 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1688"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/063c3f09-e0f0-4587-8fd5-f4276fae675f","type":"Microsoft.Authorization/policyDefinitions","name":"063c3f09-e0f0-4587-8fd5-f4276fae675f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1332 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1332"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/068260be-a5e6-4b0a-a430-cd27071c226a","type":"Microsoft.Authorization/policyDefinitions","name":"068260be-a5e6-4b0a-a430-cd27071c226a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1455 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1455"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/068a88d4-e520-434e-baf0-9005a8164e6a","type":"Microsoft.Authorization/policyDefinitions","name":"068a88d4-e520-434e-baf0-9005a8164e6a"},{"properties":{"displayName":"[Deprecated]:
Audit SQL DB Level Audit Setting","policyType":"BuiltIn","mode":"All","description":"Audit
DB level audit setting for SQL databases","metadata":{"category":"SQL","deprecated":true},"parameters":{"setting":{"type":"String","metadata":{"displayName":"Audit
Setting"},"allowedValues":["enabled","disabled"]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Sql/servers/databases/auditingSettings","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/auditingSettings.state","equals":"[parameters(''setting'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"Audit
VMs that do not use managed disks","policyType":"BuiltIn","mode":"All","description":"This
- policy audits VMs that do not use managed disks","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/virtualMachines/osDisk.uri","exists":"True"}]},{"allOf":[{"field":"type","equals":"Microsoft.Compute/VirtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers","exists":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl","exists":"True"}]}]}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a4d"},{"properties":{"displayName":"CORS
+ policy audits VMs that do not use managed disks","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/virtualMachines/osDisk.uri","exists":"True"}]},{"allOf":[{"field":"type","equals":"Microsoft.Compute/VirtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers","exists":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl","exists":"True"}]}]}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a4d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1366 - Incident Handling | Information Correlation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1366"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06c45c30-ae44-4f0f-82be-41331da911cc","type":"Microsoft.Authorization/policyDefinitions","name":"06c45c30-ae44-4f0f-82be-41331da911cc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1633 - Boundary Protection | Route Traffic To Authenticated
+ Proxy Servers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1633"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/07557aa0-e02f-4460-9a81-8ecd2fed601a","type":"Microsoft.Authorization/policyDefinitions","name":"07557aa0-e02f-4460-9a81-8ecd2fed601a"},{"properties":{"displayName":"CORS
should not allow every resource to access your Function Apps","policyType":"BuiltIn","mode":"Indexed","description":"Cross-Origin
Resource Sharing (CORS) should not allow all domains to access your Function
app. Allow only required domains to interact with your Function app.","metadata":{"category":"App
@@ -4715,12 +7875,30 @@ interactions:
''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c","type":"Microsoft.Authorization/policyDefinitions","name":"0868462e-646c-4fe3-9ced-a733534b6a2c"},{"properties":{"displayName":"[Deprecated]:
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c","type":"Microsoft.Authorization/policyDefinitions","name":"0868462e-646c-4fe3-9ced-a733534b6a2c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1583 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1583"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0882d488-8e80-4466-bc0f-0cd15b6cb66d","type":"Microsoft.Authorization/policyDefinitions","name":"0882d488-8e80-4466-bc0f-0cd15b6cb66d"},{"properties":{"displayName":"[Deprecated]:
Audit Web Applications that are not using latest supported PHP Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported PHP version for the latest security classes. Using older
classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c","type":"Microsoft.Authorization/policyDefinitions","name":"08b17839-76c6-4015-90e0-33d9d54d219c"},{"properties":{"displayName":"Network
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c","type":"Microsoft.Authorization/policyDefinitions","name":"08b17839-76c6-4015-90e0-33d9d54d219c"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Search Services to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Search Services to stream to a regional Log Analytics
+ workspace when any Search Services which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Search/searchServices/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d","type":"Microsoft.Authorization/policyDefinitions","name":"08ba64b8-738f-4918-9686-730d2ed79c7d"},{"properties":{"displayName":"Network
Security Group Rules for Internet facing virtual machines should be hardened","policyType":"BuiltIn","mode":"Indexed","description":"Azure
Security Center analyzes the traffic patterns of Internet facing virtual machines
and provides Network Security Group rule recommendations that reduce the potential
@@ -4729,11 +7907,50 @@ interactions:
should be more than one owner assigned to your subscription","policyType":"BuiltIn","mode":"All","description":"It
is recommended to designate more than one subscription owner in order to have
administrator access redundancy.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateMoreThanOneOwner","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","type":"Microsoft.Authorization/policyDefinitions","name":"09024ccc-0c5f-475e-9457-b7c0d9ed487b"},{"properties":{"displayName":"Disk
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateMoreThanOneOwner","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","type":"Microsoft.Authorization/policyDefinitions","name":"09024ccc-0c5f-475e-9457-b7c0d9ed487b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1159 - Security Authorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1159"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0925f098-7877-450b-8ba4-d1e55f2d8795","type":"Microsoft.Authorization/policyDefinitions","name":"0925f098-7877-450b-8ba4-d1e55f2d8795"},{"properties":{"displayName":"Disk
encryption should be applied on virtual machines","policyType":"BuiltIn","mode":"All","description":"VMs
without an enabled disk encryption will be monitored by Azure Security Center
as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","type":"Microsoft.Authorization/policyDefinitions","name":"0961003e-5a0a-4549-abde-af6a37f2724d"},{"properties":{"displayName":"Audit
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","type":"Microsoft.Authorization/policyDefinitions","name":"0961003e-5a0a-4549-abde-af6a37f2724d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1302 - Identification And Authentication (Org. Users) | Network
+ Access To Non-Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1302"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09828c65-e323-422b-9774-9d5c646124da","type":"Microsoft.Authorization/policyDefinitions","name":"09828c65-e323-422b-9774-9d5c646124da"},{"properties":{"displayName":"Configure
+ backup on VMs of a location to an existing central Vault in the same location","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy configures Azure Backup protection on VMs in a given location to an
+ existing central vault in the same location. It applies to only those VMs
+ that are not already configured for backup. It is recommended that this policy
+ is assigned to not more than 200 VMs. If the policy is assigned for more than
+ 200 VMs, it can result in the backup getting triggered a few hours beyond
+ the defined schedule. This policy will be enhanced to support more VM images.","metadata":{"category":"Backup"},"parameters":{"vaultLocation":{"type":"String","metadata":{"displayName":"Location
+ (Specify the location of the VMs that you want to protect)","description":"Specify
+ the location of the VMs that you want to protect. VMs should be backed up
+ to a vault in the same location.\nFor example - southeastasia","strongType":"location"}},"backupPolicyId":{"type":"String","metadata":{"displayName":"Backup
+ Policy (of type Azure VM from a vault in the location chosen above)","description":"Specify
+ the id of the Azure backup policy to configure backup of the virtual machines.
+ The selected Azure backup policy should be of type Azure virtual machine.
+ This policy needs to be in a vault that is present in the location chosen
+ above.\nFor example - /subscriptions//resourceGroups//providers/Microsoft.RecoveryServices/vaults//backupPolicies/","strongType":"Microsoft.RecoveryServices/vaults/backupPolicies"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["deployIfNotExists","auditIfNotExists","disabled"],"defaultValue":"deployIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"location","equals":"[parameters(''vaultLocation'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c","/providers/microsoft.authorization/roleDefinitions/5e467623-bb1f-42f4-a55d-6e525e11384b"],"type":"Microsoft.RecoveryServices/backupprotecteditems","deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"backupPolicyId":{"type":"String"},"fabricName":{"type":"String"},"protectionContainers":{"type":"String"},"protectedItems":{"type":"String"},"sourceResourceId":{"type":"String"}},"resources":[{"apiVersion":"2017-05-10","name":"[concat(''DeployProtection-'',uniqueString(parameters(''protectedItems'')))]","type":"Microsoft.Resources/deployments","resourceGroup":"[first(skip(split(parameters(''backupPolicyId''),
+ ''/''), 4))]","subscriptionId":"[first(skip(split(parameters(''backupPolicyId''),
+ ''/''), 2))]","properties":{"mode":"Incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"backupPolicyId":{"type":"String"},"fabricName":{"type":"String"},"protectionContainers":{"type":"String"},"protectedItems":{"type":"String"},"sourceResourceId":{"type":"String"}},"resources":[{"type":"Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems","name":"[concat(first(skip(split(parameters(''backupPolicyId''),
+ ''/''), 8)), ''/'', parameters(''fabricName''), ''/'',parameters(''protectionContainers''),
+ ''/'', parameters(''protectedItems''))]","apiVersion":"2016-06-01","properties":{"protectedItemType":"Microsoft.Compute/virtualMachines","policyId":"[parameters(''backupPolicyId'')]","sourceResourceId":"[parameters(''sourceResourceId'')]"}}]},"parameters":{"backupPolicyId":{"value":"[parameters(''backupPolicyId'')]"},"fabricName":{"value":"[parameters(''fabricName'')]"},"protectionContainers":{"value":"[parameters(''protectionContainers'')]"},"protectedItems":{"value":"[parameters(''protectedItems'')]"},"sourceResourceId":{"value":"[parameters(''sourceResourceId'')]"}}}}]},"parameters":{"backupPolicyId":{"value":"[parameters(''backupPolicyId'')]"},"fabricName":{"value":"Azure"},"protectionContainers":{"value":"[concat(''iaasvmcontainer;iaasvmcontainerv2;'',
+ resourceGroup().name, '';'' ,field(''name''))]"},"protectedItems":{"value":"[concat(''vm;iaasvmcontainerv2;'',
+ resourceGroup().name, '';'' ,field(''name''))]"},"sourceResourceId":{"value":"[concat(''/subscriptions/'',
+ subscription().subscriptionId, ''/resourceGroups/'', resourceGroup().name,
+ ''/providers/Microsoft.Compute/virtualMachines/'',field(''name''))]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09ce66bc-1220-4153-8104-e3f51c936913","type":"Microsoft.Authorization/policyDefinitions","name":"09ce66bc-1220-4153-8104-e3f51c936913"},{"properties":{"displayName":"Microsoft
+ Managed Control 1654 - Voice Over Internet Protocol","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1654"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a2ee16e-ab1f-414a-800b-d1608835862b","type":"Microsoft.Authorization/policyDefinitions","name":"0a2ee16e-ab1f-414a-800b-d1608835862b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1402 - Controlled Maintenance | Automated Maintenance Activities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1402"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a560d32-8075-4fec-9615-9f7c853f4ea9","type":"Microsoft.Authorization/policyDefinitions","name":"0a560d32-8075-4fec-9615-9f7c853f4ea9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1428 - Media Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1428"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a77fcc7-b8d8-451a-ab52-56197913c0c7","type":"Microsoft.Authorization/policyDefinitions","name":"0a77fcc7-b8d8-451a-ab52-56197913c0c7"},{"properties":{"displayName":"Audit
resource location matches resource group location","policyType":"BuiltIn","mode":"Indexed","description":"Audit
that the resource location matches its resource group location","metadata":{"category":"General"},"policyRule":{"if":{"field":"location","notIn":["[resourcegroup().location]","global"]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a","type":"Microsoft.Authorization/policyDefinitions","name":"0a914e76-4921-4c19-b460-a2d36003525a"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
@@ -4746,13 +7963,26 @@ interactions:
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesAccountManagement","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesAccountManagement"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29","type":"Microsoft.Authorization/policyDefinitions","name":"0a9991e6-21be-49f9-8916-a06d934bcf29"},{"properties":{"displayName":"Email
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29","type":"Microsoft.Authorization/policyDefinitions","name":"0a9991e6-21be-49f9-8916-a06d934bcf29"},{"properties":{"displayName":"Microsoft
+ Managed Control 1044 - Unsuccessful Logon Attempts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1044"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0abbac52-57cf-450d-8408-1208d0dd9e90","type":"Microsoft.Authorization/policyDefinitions","name":"0abbac52-57cf-450d-8408-1208d0dd9e90"},{"properties":{"displayName":"Microsoft
+ Managed Control 1253 - Contingency Plan | Resume Essential Missions / Business
+ Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1253"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0afce0b3-dd9f-42bb-af28-1e4284ba8311","type":"Microsoft.Authorization/policyDefinitions","name":"0afce0b3-dd9f-42bb-af28-1e4284ba8311"},{"properties":{"displayName":"Email
notification to subscription owner for high severity alerts should be enabled","policyType":"BuiltIn","mode":"All","description":"Enable
emailing security alerts to the subscription owner, in order to have them
receive security alert emails from Microsoft. This ensures that they are aware
of any potential security issues and can mitigate the risk in a timely fashion","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertsToAdmins","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","type":"Microsoft.Authorization/policyDefinitions","name":"0b15565f-aa9e-48ba-8619-45960f2c314d"},{"properties":{"displayName":"Key
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertsToAdmins","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","type":"Microsoft.Authorization/policyDefinitions","name":"0b15565f-aa9e-48ba-8619-45960f2c314d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1046 - Automatic Account Lock | Purge / Wipe Mobile Device","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1046"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b1aa965-7502-41f9-92be-3e2fe7cc392a","type":"Microsoft.Authorization/policyDefinitions","name":"0b1aa965-7502-41f9-92be-3e2fe7cc392a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1020 - Account Management | Role-Based Schemes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1020"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b291ee8-3140-4cad-beb7-568c077c78ce","type":"Microsoft.Authorization/policyDefinitions","name":"0b291ee8-3140-4cad-beb7-568c077c78ce"},{"properties":{"displayName":"Key
Vault objects should be recoverable","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits if key vault objects are not recoverable. Soft Delete feature
helps to effectively hold the resources for a given retention period (90 days)
@@ -4761,19 +7991,51 @@ interactions:
state cannot be purged until the retention period of 90 days has passed. These
vaults and objects can still be recovered, assuring customers that the retention
policy will be followed.","metadata":{"category":"Key Vault"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"anyOf":[{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","equals":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","type":"Microsoft.Authorization/policyDefinitions","name":"0b60c0b2-2dc2-4e1c-b5c9-abbed971de53"},{"properties":{"displayName":"SQL
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"anyOf":[{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","equals":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","type":"Microsoft.Authorization/policyDefinitions","name":"0b60c0b2-2dc2-4e1c-b5c9-abbed971de53"},{"properties":{"displayName":"Microsoft
+ Managed Control 1115 - Audit Review, Analysis, And Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1115"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b653845-2ad9-4e09-a4f3-5a7c1d78353d","type":"Microsoft.Authorization/policyDefinitions","name":"0b653845-2ad9-4e09-a4f3-5a7c1d78353d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1239 - User-Installed Software","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1239"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0be51298-f643-4556-88af-d7db90794879","type":"Microsoft.Authorization/policyDefinitions","name":"0be51298-f643-4556-88af-d7db90794879"},{"properties":{"displayName":"Ensure
+ API app has ''Client Certificates (Incoming client certificates)'' set to
+ ''On''","policyType":"BuiltIn","mode":"Indexed","description":"Client certificates
+ allow for the app to request a certificate for incoming requests. Only clients
+ that have a valid certificate will be able to reach the app.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"},{"field":"Microsoft.Web/sites/clientCertEnabled","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886","type":"Microsoft.Authorization/policyDefinitions","name":"0c192fe8-9cbb-4516-85b3-0ade8bd03886"},{"properties":{"displayName":"Microsoft
+ Managed Control 1496 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1496"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0ca96127-2f87-46ab-a4fc-0d2a786df1c8","type":"Microsoft.Authorization/policyDefinitions","name":"0ca96127-2f87-46ab-a4fc-0d2a786df1c8"},{"properties":{"displayName":"SQL
server TDE protector should be encrypted with your own key","policyType":"BuiltIn","mode":"Indexed","description":"Transparent
Data Encryption (TDE) with your own key support provides increased transparency
and control over the TDE Protector, increased security with an HSM-backed
external service, and promotion of separation of duties.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/encryptionProtector","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/servers/encryptionProtector/serverKeyType","equals":"AzureKeyVault"},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","notEquals":""},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","type":"Microsoft.Authorization/policyDefinitions","name":"0d134df8-db83-46fb-ad72-fe0c9428c8dd"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/encryptionProtector","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/servers/encryptionProtector/serverKeyType","equals":"AzureKeyVault"},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","notEquals":""},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","type":"Microsoft.Authorization/policyDefinitions","name":"0d134df8-db83-46fb-ad72-fe0c9428c8dd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1518 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1518"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d58f734-c052-40e9-8b2f-a1c2bff0b815","type":"Microsoft.Authorization/policyDefinitions","name":"0d58f734-c052-40e9-8b2f-a1c2bff0b815"},{"properties":{"displayName":"Microsoft
+ Managed Control 1713 - Software, Firmware, And Information Integrity | Integrity
+ Checks","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1713"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d87c70b-5012-48e9-994b-e70dd4b8def0","type":"Microsoft.Authorization/policyDefinitions","name":"0d87c70b-5012-48e9-994b-e70dd4b8def0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1466 - Visitor Access Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1466"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d943a9c-a6f1-401f-a792-740cdb09c451","type":"Microsoft.Authorization/policyDefinitions","name":"0d943a9c-a6f1-401f-a792-740cdb09c451"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs on which Windows Defender Exploit Guard
is not enabled","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines on which Windows Defender Exploit Guard is not enabled. For
more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDefenderExploitGuard","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053","type":"Microsoft.Authorization/policyDefinitions","name":"0d9b45ff-9ddd-43fc-bf59-fbd1c8423053"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDefenderExploitGuard","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053","type":"Microsoft.Authorization/policyDefinitions","name":"0d9b45ff-9ddd-43fc-bf59-fbd1c8423053"},{"properties":{"displayName":"Managed
+ identity should be used in your Function App","policyType":"BuiltIn","mode":"Indexed","description":"Use
+ a managed identity for enhanced authentication security","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f","type":"Microsoft.Authorization/policyDefinitions","name":"0da106f2-4ca3-48e8-bc85-c638fe6aea8f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1718 - Software, Firmware, And Information Integrity | Binary
+ Or Machine Executable Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1718"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0dced7ab-9ce5-4137-93aa-14c13e06ab17","type":"Microsoft.Authorization/policyDefinitions","name":"0dced7ab-9ce5-4137-93aa-14c13e06ab17"},{"properties":{"displayName":"[Preview]:
Authorized IP ranges should be defined on Kubernetes Services","policyType":"BuiltIn","mode":"All","description":"Restrict
access to the Kubernetes Service Management API by granting API access only
to IP addresses in specific ranges. It is recommended to limit access to authorized
@@ -4783,7 +8045,42 @@ interactions:
debugging should be turned off for Function Apps","policyType":"BuiltIn","mode":"Indexed","description":"Remote
debugging requires inbound ports to be opened on an function app. Remote debugging
should be turned off.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","type":"Microsoft.Authorization/policyDefinitions","name":"0e60b895-3786-45da-8377-9c6b4b6ac5f9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","type":"Microsoft.Authorization/policyDefinitions","name":"0e60b895-3786-45da-8377-9c6b4b6ac5f9"},{"properties":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for MariaDB","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure Database for MariaDB with geo-redundant backup not
+ enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMariaDB/servers"},{"field":"Microsoft.DBforMariaDB/servers/storageProfile.geoRedundantBackup","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","type":"Microsoft.Authorization/policyDefinitions","name":"0ec47710-77ff-4a3d-9181-6aa50af424d0"},{"properties":{"displayName":"Deploy
+ prerequisites to enable Guest Configuration Policy on Windows VMs.","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a system-assigned managed identity and deploys the VM extension
+ for Guest Configuration on Windows VMs. This is a prerequisites for Guest
+ Configuration Policy and must be assigned to the scope before using any Guest
+ Configuration policy. For more information on Guest Configuration policies,
+ please visit https://aka.ms/gcpol.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.Compute/virtualMachines/extensions","name":"AzurePolicyforWindows","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.GuestConfiguration"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"ConfigurationforWindows"}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"resources":[{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}}}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0ecd903d-91e7-4726-83d3-a229d7f2e293","type":"Microsoft.Authorization/policyDefinitions","name":"0ecd903d-91e7-4726-83d3-a229d7f2e293"},{"properties":{"displayName":"Microsoft
+ Managed Control 1601 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1601"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e","type":"Microsoft.Authorization/policyDefinitions","name":"0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1476 - Fire Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1476"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f3c4ac2-3e35-4906-a80b-473b12a622d7","type":"Microsoft.Authorization/policyDefinitions","name":"0f3c4ac2-3e35-4906-a80b-473b12a622d7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1204 - Access Restrictions For Change | Review System Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1204"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f4f6750-d1ab-4a4c-8dfd-af3237682665","type":"Microsoft.Authorization/policyDefinitions","name":"0f4f6750-d1ab-4a4c-8dfd-af3237682665"},{"properties":{"displayName":"Microsoft
+ Managed Control 1430 - Media Marking","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1430"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f559588-5e53-4b14-a7c4-85d28ebc2234","type":"Microsoft.Authorization/policyDefinitions","name":"0f559588-5e53-4b14-a7c4-85d28ebc2234"},{"properties":{"displayName":"Microsoft
+ Managed Control 1574 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1574"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f935dab-83d6-47b8-85ef-68b8584161b9","type":"Microsoft.Authorization/policyDefinitions","name":"0f935dab-83d6-47b8-85ef-68b8584161b9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1164 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1164"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0fb8d3ce-9e96-481c-9c68-88d4e3019310","type":"Microsoft.Authorization/policyDefinitions","name":"0fb8d3ce-9e96-481c-9c68-88d4e3019310"},{"properties":{"displayName":"Microsoft
+ Managed Control 1017 - Account Management | Inactivity Logout","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1017"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0fc3db37-e59a-48c1-84e9-1780cedb409e","type":"Microsoft.Authorization/policyDefinitions","name":"0fc3db37-e59a-48c1-84e9-1780cedb409e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1087 - Security Awareness And Training Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1087"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/100c82ba-42e9-4d44-a2ba-94b209248583","type":"Microsoft.Authorization/policyDefinitions","name":"100c82ba-42e9-4d44-a2ba-94b209248583"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not contain the specified
certificates in Trusted Root","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows VMs that
@@ -4804,10 +8101,27 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprints'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/106ccbe4-a791-4f33-a44a-06796944b8d5","type":"Microsoft.Authorization/policyDefinitions","name":"106ccbe4-a791-4f33-a44a-06796944b8d5"},{"properties":{"displayName":"Custom
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/106ccbe4-a791-4f33-a44a-06796944b8d5","type":"Microsoft.Authorization/policyDefinitions","name":"106ccbe4-a791-4f33-a44a-06796944b8d5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1554 - Vulnerability Scanning | Discoverable Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1554"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/10984b4e-c93e-48d7-bf20-9c03b04e9eca","type":"Microsoft.Authorization/policyDefinitions","name":"10984b4e-c93e-48d7-bf20-9c03b04e9eca"},{"properties":{"displayName":"Ensure
+ that ''.Net Framework'' version is the latest, if used as a part of the Function
+ App","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for .Net Framework software either due to security
+ flaws or to include additional functionality. Using the latest .Net framework
+ version for web apps is recommended in order to to take advantage of security
+ fixes, if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.netFrameworkVersion","in":["v3.0","v4.0"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/10c1859c-e1a7-4df3-ab97-a487fa8059f6","type":"Microsoft.Authorization/policyDefinitions","name":"10c1859c-e1a7-4df3-ab97-a487fa8059f6"},{"properties":{"displayName":"Custom
subscription owner roles should not exist","policyType":"BuiltIn","mode":"All","description":"This
policy ensures that no custom subscription owner roles exist.","metadata":{"category":"General"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Authorization/roleDefinitions"},{"field":"Microsoft.Authorization/roleDefinitions/type","equals":"CustomRole"},{"anyOf":[{"not":{"field":"Microsoft.Authorization/roleDefinitions/permissions[*].actions[*]","notEquals":"*"}},{"not":{"field":"Microsoft.Authorization/roleDefinitions/permissions.actions[*]","notEquals":"*"}}]},{"not":{"field":"Microsoft.Authorization/roleDefinitions/assignableScopes[*]","notIn":["[concat(subscription().id,''/'')]","[subscription().id]","/"]}},{"not":{"field":"Microsoft.Authorization/roleDefinitions/assignableScopes[*]","notLike":"/providers/Microsoft.Management/*"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","type":"Microsoft.Authorization/policyDefinitions","name":"10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Authorization/roleDefinitions"},{"field":"Microsoft.Authorization/roleDefinitions/type","equals":"CustomRole"},{"anyOf":[{"not":{"field":"Microsoft.Authorization/roleDefinitions/permissions[*].actions[*]","notEquals":"*"}},{"not":{"field":"Microsoft.Authorization/roleDefinitions/permissions.actions[*]","notEquals":"*"}}]},{"not":{"field":"Microsoft.Authorization/roleDefinitions/assignableScopes[*]","notIn":["[concat(subscription().id,''/'')]","[subscription().id]","/"]}},{"not":{"field":"Microsoft.Authorization/roleDefinitions/assignableScopes[*]","notLike":"/providers/Microsoft.Management/*"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","type":"Microsoft.Authorization/policyDefinitions","name":"10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1230 - Configuration Management Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1230"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11158848-f679-4e9b-aa7b-9fb07d945071","type":"Microsoft.Authorization/policyDefinitions","name":"11158848-f679-4e9b-aa7b-9fb07d945071"},{"properties":{"displayName":"Microsoft
+ Managed Control 1432 - Media Storage","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1432"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1140e542-b80d-4048-af45-3f7245be274b","type":"Microsoft.Authorization/policyDefinitions","name":"1140e542-b80d-4048-af45-3f7245be274b"},{"properties":{"displayName":"[Preview]:
Audit Dependency Agent Deployment - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports
VMs as non-compliant if the VM Image (OS) is not in the list defined and the
agent is not installed. The list of OS images will be updated over time as
@@ -4815,7 +8129,16 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","type":"Microsoft.Authorization/policyDefinitions","name":"11ac78e3-31bc-4f0c-8434-37ab963cea07"},{"properties":{"displayName":"[Preview]:
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","type":"Microsoft.Authorization/policyDefinitions","name":"11ac78e3-31bc-4f0c-8434-37ab963cea07"},{"properties":{"displayName":"Microsoft
+ Managed Control 1655 - Voice Over Internet Protocol","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1655"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/121eab72-390e-4629-a7e2-6d6184f57c6b","type":"Microsoft.Authorization/policyDefinitions","name":"121eab72-390e-4629-a7e2-6d6184f57c6b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1681 - Malicious Code Protection | Automatic Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1681"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12623e7e-4736-4b2e-b776-c1600f35f93a","type":"Microsoft.Authorization/policyDefinitions","name":"12623e7e-4736-4b2e-b776-c1600f35f93a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1240 - User-Installed Software","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1240"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/129eb39f-d79a-4503-84cd-92f036b5e429","type":"Microsoft.Authorization/policyDefinitions","name":"129eb39f-d79a-4503-84cd-92f036b5e429"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- System objects''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4826,7 +8149,10 @@ interactions:
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsSystemobjects","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsSystemobjects"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12ae2d24-3805-4b37-9fa9-465968bfbcfa","type":"Microsoft.Authorization/policyDefinitions","name":"12ae2d24-3805-4b37-9fa9-465968bfbcfa"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12ae2d24-3805-4b37-9fa9-465968bfbcfa","type":"Microsoft.Authorization/policyDefinitions","name":"12ae2d24-3805-4b37-9fa9-465968bfbcfa"},{"properties":{"displayName":"Microsoft
+ Managed Control 1666 - System And Information Integrity Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1666"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12e30ee3-61e6-4509-8302-a871e8ebb91e","type":"Microsoft.Authorization/policyDefinitions","name":"12e30ee3-61e6-4509-8302-a871e8ebb91e"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that do not have the specified applications
installed","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4846,7 +8172,26 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]bwhitelistedapp;Name","value":"[parameters(''installedApplication'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6","type":"Microsoft.Authorization/policyDefinitions","name":"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6","type":"Microsoft.Authorization/policyDefinitions","name":"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1347 - Identification And Authentication (Non-Org. Users)
+ | Acceptance Of PIV Creds. From Other Agys.","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1347"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/131a2706-61e9-4916-a164-00e052056462","type":"Microsoft.Authorization/policyDefinitions","name":"131a2706-61e9-4916-a164-00e052056462"},{"properties":{"displayName":"Microsoft
+ Managed Control 1450 - Physical Access Authorizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1450"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/134d7a13-ba3e-41e2-b236-91bfcfa24e01","type":"Microsoft.Authorization/policyDefinitions","name":"134d7a13-ba3e-41e2-b236-91bfcfa24e01"},{"properties":{"displayName":"Microsoft
+ Managed Control 1184 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1184"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/13579d0e-0ab0-4b26-b0fb-d586f6d7ed20","type":"Microsoft.Authorization/policyDefinitions","name":"13579d0e-0ab0-4b26-b0fb-d586f6d7ed20"},{"properties":{"displayName":"Microsoft
+ Managed Control 1085 - Publicly Accessible Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1085"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/13d117e0-38b0-4bbb-aaab-563be5dd10ba","type":"Microsoft.Authorization/policyDefinitions","name":"13d117e0-38b0-4bbb-aaab-563be5dd10ba"},{"properties":{"displayName":"Microsoft
+ Managed Control 1404 - Maintenance Tools","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1404"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/13d8f903-0cd6-449f-a172-50f6579c182b","type":"Microsoft.Authorization/policyDefinitions","name":"13d8f903-0cd6-449f-a172-50f6579c182b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1695 - Information System Monitoring | Wireless Intrusion
+ Detection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1695"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/13fcf812-ec82-4eda-9b89-498de9efd620","type":"Microsoft.Authorization/policyDefinitions","name":"13fcf812-ec82-4eda-9b89-498de9efd620"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs in which the Administrators group contains
any of the specified members","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4866,7 +8211,15 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToExclude","value":"[parameters(''MembersToExclude'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","type":"Microsoft.Authorization/policyDefinitions","name":"144f1397-32f9-4598-8c88-118decc3ccba"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","type":"Microsoft.Authorization/policyDefinitions","name":"144f1397-32f9-4598-8c88-118decc3ccba"},{"properties":{"displayName":"Microsoft
+ Managed Control 1157 - Plan Of Action And Milestones","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1157"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/15495367-cf68-464c-bbc3-f53ca5227b7a","type":"Microsoft.Authorization/policyDefinitions","name":"15495367-cf68-464c-bbc3-f53ca5227b7a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1491 - Security Planning Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1491"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1571dd40-dafc-4ef4-8f55-16eba27efc7b","type":"Microsoft.Authorization/policyDefinitions","name":"1571dd40-dafc-4ef4-8f55-16eba27efc7b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1564 - System Development Life Cycle","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1564"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/157f0ef9-143f-496d-b8f9-f8c8eeaad801","type":"Microsoft.Authorization/policyDefinitions","name":"157f0ef9-143f-496d-b8f9-f8c8eeaad801"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not have a minimum password
age of 1 day","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4874,24 +8227,70 @@ interactions:
managed identity and deploys the VM extension for Guest Configuration. This
policy should only be used along with its corresponding audit policy in an
initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","type":"Microsoft.Authorization/policyDefinitions","name":"16390df4-2f73-4b42-af13-c801066763df"},{"properties":{"displayName":"Show
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","type":"Microsoft.Authorization/policyDefinitions","name":"16390df4-2f73-4b42-af13-c801066763df"},{"properties":{"displayName":"Microsoft
+ Managed Control 1662 - Fail In Known State","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1662"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/165cb91f-7ea8-4ab7-beaf-8636b98c9d15","type":"Microsoft.Authorization/policyDefinitions","name":"165cb91f-7ea8-4ab7-beaf-8636b98c9d15"},{"properties":{"displayName":"Microsoft
+ Managed Control 1684 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1684"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16bfdb59-db38-47a5-88a9-2e9371a638cf","type":"Microsoft.Authorization/policyDefinitions","name":"16bfdb59-db38-47a5-88a9-2e9371a638cf"},{"properties":{"displayName":"Show
audit results from Windows VMs that do not have the specified Windows PowerShell
modules installed","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that do not have the specified Windows PowerShell
modules installed. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellModules","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16f9b37c-4408-4c30-bc17-254958f2e2d6","type":"Microsoft.Authorization/policyDefinitions","name":"16f9b37c-4408-4c30-bc17-254958f2e2d6"},{"properties":{"displayName":"Transparent
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellModules","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16f9b37c-4408-4c30-bc17-254958f2e2d6","type":"Microsoft.Authorization/policyDefinitions","name":"16f9b37c-4408-4c30-bc17-254958f2e2d6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1103 - Audit Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1103"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16feeb31-6377-437e-bbab-d7f73911896d","type":"Microsoft.Authorization/policyDefinitions","name":"16feeb31-6377-437e-bbab-d7f73911896d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1007 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1007"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17200329-bf6c-46d8-ac6d-abf4641c2add","type":"Microsoft.Authorization/policyDefinitions","name":"17200329-bf6c-46d8-ac6d-abf4641c2add"},{"properties":{"displayName":"Microsoft
+ Managed Control 1349 - Identification And Authentication (Non-Org. Users)
+ | Use Of FICAM-Approved Products","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1349"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17641f70-94cd-4a5d-a613-3d1143e20e34","type":"Microsoft.Authorization/policyDefinitions","name":"17641f70-94cd-4a5d-a613-3d1143e20e34"},{"properties":{"displayName":"Deploy
+ associations for a managed application","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ an association resource that associates selected resource types to the specified
+ managed application. This policy deployment does not support nested resource
+ types.","metadata":{"category":"Managed Application"},"parameters":{"targetManagedApplicationId":{"type":"String","metadata":{"displayName":"Managed
+ application Id","description":"Resource ID of the managed application to which
+ resources need to be associated."}},"resourceTypesToAssociate":{"type":"Array","metadata":{"displayName":"Resource
+ types to associate","description":"The list of resource types to be associated
+ to the managed application.","strongType":"resourceTypes"}},"associationNamePrefix":{"type":"String","metadata":{"displayName":"Association
+ name prefix","description":"Prefix to be added to the name of the association
+ resource being created."},"defaultValue":"DeployedByPolicy"}},"policyRule":{"if":{"field":"type","in":"[parameters(''resourceTypesToAssociate'')]"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.CustomProviders/Associations","name":"[concat(parameters(''associationNamePrefix''),
+ ''-'', uniqueString(parameters(''targetManagedApplicationId'')))]","roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"associatedResourceName":{"type":"string"},"resourceTypesToAssociate":{"type":"string"},"targetManagedApplicationId":{"type":"string"},"associationNamePrefix":{"type":"string"}},"variables":{"resourceType":"[concat(parameters(''resourceTypesToAssociate''),
+ ''/providers/associations'')]","resourceName":"[concat(parameters(''associatedResourceName''),
+ ''/microsoft.customproviders/'', parameters(''associationNamePrefix''), ''-'',
+ uniqueString(parameters(''targetManagedApplicationId'')))]"},"resources":[{"type":"Microsoft.Resources/deployments","apiVersion":"2017-05-10","name":"[concat(deployment().Name,
+ ''-2'')]","properties":{"mode":"Incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[{"type":"[variables(''resourceType'')]","name":"[variables(''resourceName'')]","apiVersion":"2018-09-01-preview","properties":{"targetResourceId":"[parameters(''targetManagedApplicationId'')]"}}]}}}]},"parameters":{"resourceTypesToAssociate":{"value":"[field(''type'')]"},"associatedResourceName":{"value":"[field(''name'')]"},"targetManagedApplicationId":{"value":"[parameters(''targetManagedApplicationId'')]"},"associationNamePrefix":{"value":"[parameters(''associationNamePrefix'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17763ad9-70c0-4794-9397-53d765932634","type":"Microsoft.Authorization/policyDefinitions","name":"17763ad9-70c0-4794-9397-53d765932634"},{"properties":{"displayName":"Transparent
Data Encryption on SQL databases should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
transparent data encryption status for SQL databases","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"enabled"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"17k78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"Azure
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"enabled"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"17k78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"Microsoft
+ Managed Control 1325 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1325"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1845796a-7581-49b2-ae20-443121538e19","type":"Microsoft.Authorization/policyDefinitions","name":"1845796a-7581-49b2-ae20-443121538e19"},{"properties":{"displayName":"Microsoft
+ Managed Control 1480 - Temperature And Humidity Controls","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1480"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/18a767cc-1947-4338-a240-bc058c81164f","type":"Microsoft.Authorization/policyDefinitions","name":"18a767cc-1947-4338-a240-bc058c81164f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1369 - Incident Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1369"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/18cc35ed-a429-486d-8d59-cb47e87304ed","type":"Microsoft.Authorization/policyDefinitions","name":"18cc35ed-a429-486d-8d59-cb47e87304ed"},{"properties":{"displayName":"Microsoft
+ Managed Control 1269 - Alternate Storage Site | Separation From Primary Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1269"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/19b9439d-865d-4474-b17d-97d2702fdb66","type":"Microsoft.Authorization/policyDefinitions","name":"19b9439d-865d-4474-b17d-97d2702fdb66"},{"properties":{"displayName":"Microsoft
+ Managed Control 1071 - Wireless Access | Restrict Configurations By Users","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1071"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1a437f5b-9ad6-4f28-8861-de404d511ae4","type":"Microsoft.Authorization/policyDefinitions","name":"1a437f5b-9ad6-4f28-8861-de404d511ae4"},{"properties":{"displayName":"Azure
Monitor log profile should collect logs for categories ''write,'' ''delete,''
and ''action''","policyType":"BuiltIn","mode":"All","description":"This policy
ensures that a log profile collects logs for categories ''write,'' ''delete,''
@@ -4906,7 +8305,16 @@ interactions:
SQL managed instances which do not have recurring vulnerability assessment
scans enabled. Vulnerability assessment can discover, track, and help you
remediate potential database vulnerabilities.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/vulnerabilityAssessments/recurringScans.isEnabled","equals":"True"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","type":"Microsoft.Authorization/policyDefinitions","name":"1b7aa243-30e4-4c9e-bca8-d0d3022b634a"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/vulnerabilityAssessments/recurringScans.isEnabled","equals":"True"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","type":"Microsoft.Authorization/policyDefinitions","name":"1b7aa243-30e4-4c9e-bca8-d0d3022b634a"},{"properties":{"displayName":"Ensure
+ that ''PHP version'' is the latest, if used as a part of the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for PHP software either due to security flaws
+ or to include additional functionality. Using the latest PHP version for API
+ apps is recommended in order to to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ PHP version","description":"Latest supported PHP version for App Services"},"defaultValue":"7.3"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PHP"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PHP|'',
+ parameters(''PHPLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":"[parameters(''PHPLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","type":"Microsoft.Authorization/policyDefinitions","name":"1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba"},{"properties":{"displayName":"[Preview]:
Deploy Dependency Agent for Windows VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined
and the agent is not installed. The list of OS images will be updated over
@@ -4914,19 +8322,42 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentWindows","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''),
''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","type":"Microsoft.Authorization/policyDefinitions","name":"1c210e94-a481-4beb-95fa-1571b434fb04"},{"properties":{"displayName":"Virtual
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","type":"Microsoft.Authorization/policyDefinitions","name":"1c210e94-a481-4beb-95fa-1571b434fb04"},{"properties":{"displayName":"Microsoft
+ Managed Control 1072 - Wireless Access | Antennas / Transmission Power Levels","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1072"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1ca29e41-34ec-4e70-aba9-6248aca18c31","type":"Microsoft.Authorization/policyDefinitions","name":"1ca29e41-34ec-4e70-aba9-6248aca18c31"},{"properties":{"displayName":"Microsoft
+ Managed Control 1656 - Secure Name / Address Resolution Service (Authoritative
+ Source)","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1656"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1cb067d5-c8b5-4113-a7ee-0a493633924b","type":"Microsoft.Authorization/policyDefinitions","name":"1cb067d5-c8b5-4113-a7ee-0a493633924b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1592 - External Information System Services | Consistent Interests
+ Of Consumers And Providers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1592"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d01ba6c-289f-42fd-a408-494b355b6222","type":"Microsoft.Authorization/policyDefinitions","name":"1d01ba6c-289f-42fd-a408-494b355b6222"},{"properties":{"displayName":"Microsoft
+ Managed Control 1088 - Security Awareness And Training Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1088"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d50f99d-1356-49c0-934a-45f742ba7783","type":"Microsoft.Authorization/policyDefinitions","name":"1d50f99d-1356-49c0-934a-45f742ba7783"},{"properties":{"displayName":"Microsoft
+ Managed Control 1538 - Security Categorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1538"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d7658b2-e827-49c3-a2ae-6d2bd0b45874","type":"Microsoft.Authorization/policyDefinitions","name":"1d7658b2-e827-49c3-a2ae-6d2bd0b45874"},{"properties":{"displayName":"Virtual
machines should be migrated to new Azure Resource Manager resources","policyType":"BuiltIn","mode":"All","description":"Use
new Azure Resource Manager for your virtual machines to provide security enhancements
such as: stronger access control (RBAC), better auditing, ARM-based deployment
and governance, access to managed identities, access to key vault for secrets,
Azure AD-based authentication and support for tags and resource groups for
easier security management","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.ClassicCompute/virtualMachines","Microsoft.Compute/virtualMachines"]},{"value":"[field(''type'')]","equals":"Microsoft.ClassicCompute/virtualMachines"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","type":"Microsoft.Authorization/policyDefinitions","name":"1d84d5fb-01f6-4d12-ba4f-4a26081d403d"},{"properties":{"displayName":"[Deprecated]:
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.ClassicCompute/virtualMachines","Microsoft.Compute/virtualMachines"]},{"value":"[field(''type'')]","equals":"Microsoft.ClassicCompute/virtualMachines"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","type":"Microsoft.Authorization/policyDefinitions","name":"1d84d5fb-01f6-4d12-ba4f-4a26081d403d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1298 - Identification And Authentication Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1298"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1dc784b5-4895-4d27-9d40-a06b032bd1ee","type":"Microsoft.Authorization/policyDefinitions","name":"1dc784b5-4895-4d27-9d40-a06b032bd1ee"},{"properties":{"displayName":"[Deprecated]:
Audit API Applications that are not using latest supported .NET Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported .NET Framework version for the latest security classes.
Using older classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestDotNet","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb","type":"Microsoft.Authorization/policyDefinitions","name":"1de7b11d-1870-41a5-8181-507e7c663cfb"},{"properties":{"displayName":"Require
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestDotNet","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb","type":"Microsoft.Authorization/policyDefinitions","name":"1de7b11d-1870-41a5-8181-507e7c663cfb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1595 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1595"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1e0414e7-6ef5-4182-8076-aa82fbb53341","type":"Microsoft.Authorization/policyDefinitions","name":"1e0414e7-6ef5-4182-8076-aa82fbb53341"},{"properties":{"displayName":"Require
tag and its value","policyType":"BuiltIn","mode":"Indexed","description":"Enforces
a required tag and its value. Does not apply to resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
@@ -4937,7 +8368,22 @@ interactions:
to enable Azure AD authentication. Azure AD authentication enables simplified
permission management and centralized identity management of database users
and other Microsoft services","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/administrators"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","type":"Microsoft.Authorization/policyDefinitions","name":"1f314764-cb73-4fc9-b863-8eca98ac36e9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/administrators"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","type":"Microsoft.Authorization/policyDefinitions","name":"1f314764-cb73-4fc9-b863-8eca98ac36e9"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Event Hub to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Event Hub to stream to a regional Log Analytics
+ workspace when any Event Hub which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.EventHub/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ArchiveLogs","enabled":true,"retentionPolicy":{"enabled":false,"days":0}},{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"AutoScaleLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"KafkaCoordinatorLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"EventHubVNetConnectionEvent","enabled":"[parameters(''logsEnabled'')]"},{"category":"CustomerManagedKeyUserLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579","type":"Microsoft.Authorization/policyDefinitions","name":"1f6e93e8-6b31-41b1-83f6-36e449a42579"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Shutdown''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4962,24 +8408,47 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Shutdown:
Allow system to be shut down without having to log on;ExpectedValue","value":"[parameters(''ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn'')]"},{"name":"Shutdown:
Clear virtual memory pagefile;ExpectedValue","value":"[parameters(''ShutdownClearVirtualMemoryPagefile'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f8c20ce-3414-4496-8b26-0e902a1541da","type":"Microsoft.Authorization/policyDefinitions","name":"1f8c20ce-3414-4496-8b26-0e902a1541da"},{"properties":{"displayName":"The
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f8c20ce-3414-4496-8b26-0e902a1541da","type":"Microsoft.Authorization/policyDefinitions","name":"1f8c20ce-3414-4496-8b26-0e902a1541da"},{"properties":{"displayName":"Microsoft
+ Managed Control 1616 - System And Communications Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1616"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2006457a-48b3-4f7b-8d2e-1532287f9929","type":"Microsoft.Authorization/policyDefinitions","name":"2006457a-48b3-4f7b-8d2e-1532287f9929"},{"properties":{"displayName":"Microsoft
+ Managed Control 1650 - Public Key Infrastructure Certificates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1650"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/201d3740-bd16-4baf-b4b8-7cda352228b7","type":"Microsoft.Authorization/policyDefinitions","name":"201d3740-bd16-4baf-b4b8-7cda352228b7"},{"properties":{"displayName":"The
NSGs rules for web applications on IaaS should be hardened","policyType":"BuiltIn","mode":"All","description":"Azure
security center has discovered that some of your virtual machines are running
web applications, and the NSGs associated to these virtual machines are overly
permissive with regards to the web application ports","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedWebApplication","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","type":"Microsoft.Authorization/policyDefinitions","name":"201ea587-7c90-41c3-910f-c280ae01cfd6"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedWebApplication","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","type":"Microsoft.Authorization/policyDefinitions","name":"201ea587-7c90-41c3-910f-c280ae01cfd6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1181 - Baseline Configuration | Retention Of Previous Configurations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1181"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21839937-d241-4fa5-95c6-b669253d9ab9","type":"Microsoft.Authorization/policyDefinitions","name":"21839937-d241-4fa5-95c6-b669253d9ab9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1111 - Response To Audit Processing Failures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1111"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21de687c-f15e-4e51-bf8d-f35c8619965b","type":"Microsoft.Authorization/policyDefinitions","name":"21de687c-f15e-4e51-bf8d-f35c8619965b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1596 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1596"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21e25e01-0ae0-41be-919e-04ce92b8e8b8","type":"Microsoft.Authorization/policyDefinitions","name":"21e25e01-0ae0-41be-919e-04ce92b8e8b8"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Audit''","policyType":"BuiltIn","mode":"All","description":"This policy should
only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Security
Options - Audit''. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAudit","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21e2995e-683e-497a-9e81-2f42ad07050a","type":"Microsoft.Authorization/policyDefinitions","name":"21e2995e-683e-497a-9e81-2f42ad07050a"},{"properties":{"displayName":"[Deprecated]:
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAudit","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21e2995e-683e-497a-9e81-2f42ad07050a","type":"Microsoft.Authorization/policyDefinitions","name":"21e2995e-683e-497a-9e81-2f42ad07050a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1426 - Media Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1426"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21f639bc-f42b-46b1-8f40-7a2a389c291a","type":"Microsoft.Authorization/policyDefinitions","name":"21f639bc-f42b-46b1-8f40-7a2a389c291a"},{"properties":{"displayName":"[Deprecated]:
Audit API Apps that are not using custom domains","policyType":"BuiltIn","mode":"All","description":"Use
of custom domains protects a API app from common attacks such as phishing
and other DNS-related attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac","type":"Microsoft.Authorization/policyDefinitions","name":"224da9fe-0d38-4e79-adb3-0a6e2af942ac"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac","type":"Microsoft.Authorization/policyDefinitions","name":"224da9fe-0d38-4e79-adb3-0a6e2af942ac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1399 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1399"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2256e638-eb23-480f-9e15-6cf1af0a76b3","type":"Microsoft.Authorization/policyDefinitions","name":"2256e638-eb23-480f-9e15-6cf1af0a76b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1221 - Least Functionality | Authorized Software / Whitelisting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1221"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22589a07-0007-486a-86ca-95355081ae2a","type":"Microsoft.Authorization/policyDefinitions","name":"22589a07-0007-486a-86ca-95355081ae2a"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Account Management''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -4992,7 +8461,9 @@ interactions:
remote management ports are exposing your VM to a high level of risk from
Internet-based attacks. These attacks attempt to brute force credentials to
gain admin access to the machine.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"restrictAccessToManagementPorts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","type":"Microsoft.Authorization/policyDefinitions","name":"22730e10-96f6-4aac-ad84-9383d35b5917"},{"properties":{"displayName":"Only
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"restrictAccessToManagementPorts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","type":"Microsoft.Authorization/policyDefinitions","name":"22730e10-96f6-4aac-ad84-9383d35b5917"},{"properties":{"displayName":"Microsoft
+ Managed Control 1493 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1493"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22b469b3-fccf-42da-aa3b-a28e6fb113ce","type":"Microsoft.Authorization/policyDefinitions","name":"22b469b3-fccf-42da-aa3b-a28e6fb113ce"},{"properties":{"displayName":"Only
secure connections to your Redis Cache should be enabled","policyType":"BuiltIn","mode":"All","description":"Audit
enabling of only connections via SSL to Redis Cache. Use of secure connections
ensures authentication between the server and the service and protects data
@@ -5007,37 +8478,99 @@ interactions:
Guest Configuration. This policy should only be used along with its corresponding
audit policy in an initiative. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordLength"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","type":"Microsoft.Authorization/policyDefinitions","name":"23020aa6-1135-4be2-bae2-149982b06eca"},{"properties":{"displayName":"Service
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordLength"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","type":"Microsoft.Authorization/policyDefinitions","name":"23020aa6-1135-4be2-bae2-149982b06eca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1256 - Contingency Plan | Identify Critical Assets","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1256"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/232ab24b-810b-4640-9019-74a7d0d6a980","type":"Microsoft.Authorization/policyDefinitions","name":"232ab24b-810b-4640-9019-74a7d0d6a980"},{"properties":{"displayName":"Service
Bus should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Service Bus not configured to use a virtual network service
endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.ServiceBus/namespaces/virtualNetworkRules","existenceCondition":{"field":"Microsoft.ServiceBus/namespaces/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/235359c5-7c52-4b82-9055-01c75cf9f60e","type":"Microsoft.Authorization/policyDefinitions","name":"235359c5-7c52-4b82-9055-01c75cf9f60e"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.ServiceBus/namespaces/virtualNetworkRules","existenceCondition":{"field":"Microsoft.ServiceBus/namespaces/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/235359c5-7c52-4b82-9055-01c75cf9f60e","type":"Microsoft.Authorization/policyDefinitions","name":"235359c5-7c52-4b82-9055-01c75cf9f60e"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Stream Analytics to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Stream Analytics to stream to a regional Log Analytics
+ workspace when any Stream Analytics which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingjobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.StreamAnalytics/streamingjobs/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Execution","enabled":"[parameters(''logsEnabled'')]"},{"category":"Authoring","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673","type":"Microsoft.Authorization/policyDefinitions","name":"237e0f7e-b0e8-4ec4-ad46-8c12cb66d673"},{"properties":{"displayName":"Microsoft
+ Managed Control 1268 - Alternate Storage Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1268"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/23f6e984-3053-4dfc-ab48-543b764781f5","type":"Microsoft.Authorization/policyDefinitions","name":"23f6e984-3053-4dfc-ab48-543b764781f5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1122 - Audit Review, Analysis, And Reporting | Permitted Actions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1122"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/243ec95e-800c-49d4-ba52-1fdd9f6b8b57","type":"Microsoft.Authorization/policyDefinitions","name":"243ec95e-800c-49d4-ba52-1fdd9f6b8b57"},{"properties":{"displayName":"Microsoft
+ Managed Control 1231 - Configuration Management Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1231"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/244e0c05-cc45-4fe7-bf36-42dcf01f457d","type":"Microsoft.Authorization/policyDefinitions","name":"244e0c05-cc45-4fe7-bf36-42dcf01f457d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1082 - Information Sharing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1082"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/24d480ef-11a0-4b1b-8e70-4e023bf2be23","type":"Microsoft.Authorization/policyDefinitions","name":"24d480ef-11a0-4b1b-8e70-4e023bf2be23"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that do not have a maximum password age
of 70 days","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that do not have a maximum password age of 70 days. For more
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","type":"Microsoft.Authorization/policyDefinitions","name":"24dde96d-f0b1-425e-884f-4a1421e2dcdc"},{"properties":{"displayName":"Endpoint
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","type":"Microsoft.Authorization/policyDefinitions","name":"24dde96d-f0b1-425e-884f-4a1421e2dcdc"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Data Lake Storage Gen1 to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Storage Gen1 to stream to a regional
+ Log Analytics workspace when any Data Lake Storage Gen1 which is missing this
+ diagnostic settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeStore/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/25763a0a-5783-4f14-969e-79d4933eb74b","type":"Microsoft.Authorization/policyDefinitions","name":"25763a0a-5783-4f14-969e-79d4933eb74b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1372 - Incident Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1372"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/25b96717-c912-4c00-9143-4e487f411726","type":"Microsoft.Authorization/policyDefinitions","name":"25b96717-c912-4c00-9143-4e487f411726"},{"properties":{"displayName":"Microsoft
+ Managed Control 1038 - Least Privilege | Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1038"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26692e88-71b7-4a5f-a8ac-9f31dd05bd8e","type":"Microsoft.Authorization/policyDefinitions","name":"26692e88-71b7-4a5f-a8ac-9f31dd05bd8e"},{"properties":{"displayName":"Endpoint
protection solution should be installed on virtual machine scale sets","policyType":"BuiltIn","mode":"Indexed","description":"Audit
the existence and health of an endpoint protection solution on your virtual
machines scale sets, to protect them from threats and vulnerabilities.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EndpointProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","type":"Microsoft.Authorization/policyDefinitions","name":"26a828e1-e88f-464e-bbb3-c134a282b9de"},{"properties":{"displayName":"Metric
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EndpointProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","type":"Microsoft.Authorization/policyDefinitions","name":"26a828e1-e88f-464e-bbb3-c134a282b9de"},{"properties":{"displayName":"Microsoft
+ Managed Control 1649 - Collaborative Computing Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1649"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26d292cc-b0b8-4c29-9337-68abc758bf7b","type":"Microsoft.Authorization/policyDefinitions","name":"26d292cc-b0b8-4c29-9337-68abc758bf7b"},{"properties":{"displayName":"Metric
alert rules should be configured on Batch accounts","policyType":"BuiltIn","mode":"Indexed","description":"Audit
configuration of metric alert rules on Batch account to enable the required
metric","metadata":{"category":"Batch"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"metricName":{"type":"String","metadata":{"displayName":"Metric
name","description":"The metric name that an alert rule must be enabled on"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Batch/batchAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/alertRules","existenceScope":"Subscription","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/alertRules/isEnabled","equals":"true"},{"field":"Microsoft.Insights/alertRules/condition.dataSource.metricName","equals":"[parameters(''metricName'')]"},{"field":"Microsoft.Insights/alertRules/condition.dataSource.resourceUri","equals":"[concat(''/subscriptions/'',
subscription().subscriptionId, ''/resourcegroups/'', resourceGroup().name,
- ''/providers/Microsoft.Batch/batchAccounts/'', field(''name''))]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","type":"Microsoft.Authorization/policyDefinitions","name":"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7"},{"properties":{"displayName":"Deploy
+ ''/providers/Microsoft.Batch/batchAccounts/'', field(''name''))]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","type":"Microsoft.Authorization/policyDefinitions","name":"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1396 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1396"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/276af98f-4ff9-4e69-99fb-c9b2452fb85f","type":"Microsoft.Authorization/policyDefinitions","name":"276af98f-4ff9-4e69-99fb-c9b2452fb85f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1074 - Access Control For Mobile Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1074"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/27a69937-af92-4198-9b86-08d355c7e59a","type":"Microsoft.Authorization/policyDefinitions","name":"27a69937-af92-4198-9b86-08d355c7e59a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1527 - Access Agreements","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1527"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2823de66-332f-4bfd-94a3-3eb036cd3b67","type":"Microsoft.Authorization/policyDefinitions","name":"2823de66-332f-4bfd-94a3-3eb036cd3b67"},{"properties":{"displayName":"Deploy
default Microsoft IaaSAntimalware extension for Windows Server","policyType":"BuiltIn","mode":"Indexed","description":"This
policy deploys a Microsoft IaaSAntimalware extension with a default configuration
when a VM is not configured with the antimalware extension.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk"]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"ExclusionsPaths":{"type":"string","defaultValue":"","metadata":{"description":"Semicolon
@@ -5049,7 +8582,25 @@ interactions:
whether scheduled scan setting type is set to Quick or Full (default is Quick)"}},"ScheduledScanSettingsDay":{"type":"string","defaultValue":"7","metadata":{"description":"Day
of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)"}},"ScheduledScanSettingsTime":{"type":"string","defaultValue":"120","metadata":{"description":"When
to perform the scheduled scan, measured in minutes from midnight (0-1440).
- For example: 0 = 12AM, 60 = 1AM, 120 = 2AM."}}},"resources":[{"name":"[concat(parameters(''vmName''),''/IaaSAntimalware'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2017-12-01","properties":{"publisher":"Microsoft.Azure.Security","type":"IaaSAntimalware","typeHandlerVersion":"1.3","autoUpgradeMinorVersion":true,"settings":{"AntimalwareEnabled":true,"RealtimeProtectionEnabled":"[parameters(''RealtimeProtectionEnabled'')]","ScheduledScanSettings":{"isEnabled":"[parameters(''ScheduledScanSettingsIsEnabled'')]","day":"[parameters(''ScheduledScanSettingsDay'')]","time":"[parameters(''ScheduledScanSettingsTime'')]","scanType":"[parameters(''ScheduledScanSettingsScanType'')]"},"Exclusions":{"Extensions":"[parameters(''ExclusionsExtensions'')]","Paths":"[parameters(''ExclusionsPaths'')]","Processes":"[parameters(''ExclusionsProcesses'')]"}}}}]},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"RealtimeProtectionEnabled":{"value":"true"},"ScheduledScanSettingsIsEnabled":{"value":"true"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc","type":"Microsoft.Authorization/policyDefinitions","name":"2835b622-407b-4114-9198-6f7064cbe0dc"},{"properties":{"displayName":"[Preview]:
+ For example: 0 = 12AM, 60 = 1AM, 120 = 2AM."}}},"resources":[{"name":"[concat(parameters(''vmName''),''/IaaSAntimalware'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2017-12-01","properties":{"publisher":"Microsoft.Azure.Security","type":"IaaSAntimalware","typeHandlerVersion":"1.3","autoUpgradeMinorVersion":true,"settings":{"AntimalwareEnabled":true,"RealtimeProtectionEnabled":"[parameters(''RealtimeProtectionEnabled'')]","ScheduledScanSettings":{"isEnabled":"[parameters(''ScheduledScanSettingsIsEnabled'')]","day":"[parameters(''ScheduledScanSettingsDay'')]","time":"[parameters(''ScheduledScanSettingsTime'')]","scanType":"[parameters(''ScheduledScanSettingsScanType'')]"},"Exclusions":{"Extensions":"[parameters(''ExclusionsExtensions'')]","Paths":"[parameters(''ExclusionsPaths'')]","Processes":"[parameters(''ExclusionsProcesses'')]"}}}}]},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"RealtimeProtectionEnabled":{"value":"true"},"ScheduledScanSettingsIsEnabled":{"value":"true"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc","type":"Microsoft.Authorization/policyDefinitions","name":"2835b622-407b-4114-9198-6f7064cbe0dc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1342 - Authenticator Management | Hardware Token-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1342"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/283a4e29-69d5-4c94-b99e-29acf003c899","type":"Microsoft.Authorization/policyDefinitions","name":"283a4e29-69d5-4c94-b99e-29acf003c899"},{"properties":{"displayName":"Microsoft
+ Managed Control 1436 - Media Transport","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1436"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/28aab8b4-74fd-4b7c-9080-5a7be525d574","type":"Microsoft.Authorization/policyDefinitions","name":"28aab8b4-74fd-4b7c-9080-5a7be525d574"},{"properties":{"displayName":"Microsoft
+ Managed Control 1224 - Information System Component Inventory | Updates During
+ Installations / Removals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1224"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/28cfa30b-7f72-47ce-ba3b-eed26c8d2c82","type":"Microsoft.Authorization/policyDefinitions","name":"28cfa30b-7f72-47ce-ba3b-eed26c8d2c82"},{"properties":{"displayName":"Microsoft
+ Managed Control 1148 - Security Assessments | Independent Assessors","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1148"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/28e62650-c7c2-4786-bdfa-17edc1673902","type":"Microsoft.Authorization/policyDefinitions","name":"28e62650-c7c2-4786-bdfa-17edc1673902"},{"properties":{"displayName":"Microsoft
+ Managed Control 1418 - Nonlocal Maintenance | Comparable Security / Sanitization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1418"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/28e633fd-284e-4ea7-88b4-02ca157ed713","type":"Microsoft.Authorization/policyDefinitions","name":"28e633fd-284e-4ea7-88b4-02ca157ed713"},{"properties":{"displayName":"Microsoft
+ Managed Control 1634 - Boundary Protection | Prevent Unauthorized Exfiltration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1634"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/292a7c44-37fa-4c68-af7c-9d836955ded2","type":"Microsoft.Authorization/policyDefinitions","name":"292a7c44-37fa-4c68-af7c-9d836955ded2"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
User Account Control''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -5067,14 +8618,57 @@ interactions:
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"field":"[concat(''tags['',
parameters(''tagName''), '']'')]","exists":"false"},"then":{"effect":"append","details":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498","type":"Microsoft.Authorization/policyDefinitions","name":"2a0e14a6-b0a6-4fab-991a-187a4f81c498"},{"properties":{"displayName":"Unattached
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498","type":"Microsoft.Authorization/policyDefinitions","name":"2a0e14a6-b0a6-4fab-991a-187a4f81c498"},{"properties":{"displayName":"Microsoft
+ Managed Control 1219 - Least Functionality | Authorized Software / Whitelisting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1219"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2a39ac75-622b-4c88-9a3f-45b7373f7ef7","type":"Microsoft.Authorization/policyDefinitions","name":"2a39ac75-622b-4c88-9a3f-45b7373f7ef7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1274 - Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1274"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2aee175f-cd16-4825-939a-a85349d96210","type":"Microsoft.Authorization/policyDefinitions","name":"2aee175f-cd16-4825-939a-a85349d96210"},{"properties":{"displayName":"Microsoft
+ Managed Control 1603 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1603"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2b909c26-162f-47ce-8e15-0c1f55632eac","type":"Microsoft.Authorization/policyDefinitions","name":"2b909c26-162f-47ce-8e15-0c1f55632eac"},{"properties":{"displayName":"Managed
+ identity should be used in your Web App","policyType":"BuiltIn","mode":"Indexed","description":"Use
+ a managed identity for enhanced authentication security","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332","type":"Microsoft.Authorization/policyDefinitions","name":"2b9ad585-36bc-4615-b300-fd4435808332"},{"properties":{"displayName":"Microsoft
+ Managed Control 1434 - Media Transport","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1434"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c18f06b-a68d-41c3-8863-b8cd3acb5f8f","type":"Microsoft.Authorization/policyDefinitions","name":"2c18f06b-a68d-41c3-8863-b8cd3acb5f8f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1343 - Authenticator Management | Expiration Of Cached Authenticators","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1343"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c251a55-31eb-4e53-99c6-e9c43c393ac2","type":"Microsoft.Authorization/policyDefinitions","name":"2c251a55-31eb-4e53-99c6-e9c43c393ac2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1388 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1388"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c7c575a-d4c5-4f6f-bd49-dee97a8cba55","type":"Microsoft.Authorization/policyDefinitions","name":"2c7c575a-d4c5-4f6f-bd49-dee97a8cba55"},{"properties":{"displayName":"Microsoft
+ Managed Control 1344 - Authenticator Feedback","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1344"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c895fe7-2d8e-43a2-838c-3a533a5b355e","type":"Microsoft.Authorization/policyDefinitions","name":"2c895fe7-2d8e-43a2-838c-3a533a5b355e"},{"properties":{"displayName":"Unattached
disks should be encrypted","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any unattached disk without encryption enabled.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/disks"},{"field":"Microsoft.Compute/disks/diskState","equals":"Unattached"},{"anyOf":[{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","exists":"false"},{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","type":"Microsoft.Authorization/policyDefinitions","name":"2c89a2e5-7285-40fe-afe0-ae8654b92fb2"},{"properties":{"displayName":"App
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/disks"},{"field":"Microsoft.Compute/disks/diskState","equals":"Unattached"},{"anyOf":[{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","exists":"false"},{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","type":"Microsoft.Authorization/policyDefinitions","name":"2c89a2e5-7285-40fe-afe0-ae8654b92fb2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1593 - External Information System Services | Processing,
+ Storage, And Service Location","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1593"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2cd0a426-b5f5-4fe0-9539-a6043cdbc6fa","type":"Microsoft.Authorization/policyDefinitions","name":"2cd0a426-b5f5-4fe0-9539-a6043cdbc6fa"},{"properties":{"displayName":"Microsoft
+ Managed Control 1546 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1546"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2ce1ea7e-4038-4e53-82f4-63e8859333c1","type":"Microsoft.Authorization/policyDefinitions","name":"2ce1ea7e-4038-4e53-82f4-63e8859333c1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1414 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1414"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2ce63a52-e47b-4ae2-adbb-6e40d967f9e6","type":"Microsoft.Authorization/policyDefinitions","name":"2ce63a52-e47b-4ae2-adbb-6e40d967f9e6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1679 - Malicious Code Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1679"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2cf42a28-193e-41c5-98df-7688e7ef0a88","type":"Microsoft.Authorization/policyDefinitions","name":"2cf42a28-193e-41c5-98df-7688e7ef0a88"},{"properties":{"displayName":"Microsoft
+ Managed Control 1068 - Wireless Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1068"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d045bca-a0fd-452e-9f41-4ec33769717c","type":"Microsoft.Authorization/policyDefinitions","name":"2d045bca-a0fd-452e-9f41-4ec33769717c"},{"properties":{"displayName":"App
Service should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any App Service not configured to use a virtual network service
endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/virtualNetworkConnections","existenceCondition":{"field":"Microsoft.Web/sites/virtualnetworkconnections/vnetResourceId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d21331d-a4c2-4def-a9ad-ee4e1e023beb","type":"Microsoft.Authorization/policyDefinitions","name":"2d21331d-a4c2-4def-a9ad-ee4e1e023beb"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/virtualNetworkConnections","existenceCondition":{"field":"Microsoft.Web/sites/virtualnetworkconnections/vnetResourceId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d21331d-a4c2-4def-a9ad-ee4e1e023beb","type":"Microsoft.Authorization/policyDefinitions","name":"2d21331d-a4c2-4def-a9ad-ee4e1e023beb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1704 - Security Alerts, Advisories, And Directives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1704"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d44b6fa-1134-4ea6-ad4e-9edb68f65429","type":"Microsoft.Authorization/policyDefinitions","name":"2d44b6fa-1134-4ea6-ad4e-9edb68f65429"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that do not store passwords using reversible
encryption","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
@@ -5088,7 +8682,35 @@ interactions:
initiative. This definition allows Azure Policy to process the results of
auditing Linux virtual machines that allow remote connections from accounts
without passwords. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","type":"Microsoft.Authorization/policyDefinitions","name":"2d67222d-05fd-4526-a171-2ee132ad9e83"},{"properties":{"displayName":"[Deprecated]:
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","type":"Microsoft.Authorization/policyDefinitions","name":"2d67222d-05fd-4526-a171-2ee132ad9e83"},{"properties":{"displayName":"Microsoft
+ Managed Control 1077 - Use Of External Information Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1077"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2dad3668-797a-412e-a798-07d3849a7a79","type":"Microsoft.Authorization/policyDefinitions","name":"2dad3668-797a-412e-a798-07d3849a7a79"},{"properties":{"displayName":"Microsoft
+ Managed Control 1149 - Security Assessments | Specialized Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1149"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2e1b855b-a013-481a-aeeb-2bcb129fd35d","type":"Microsoft.Authorization/policyDefinitions","name":"2e1b855b-a013-481a-aeeb-2bcb129fd35d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1497 - System Security Plan | Plan / Coordinate With Other
+ Organizational Entities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1497"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2e3c5583-1729-4d36-8771-59c32f090a22","type":"Microsoft.Authorization/policyDefinitions","name":"2e3c5583-1729-4d36-8771-59c32f090a22"},{"properties":{"displayName":"Microsoft
+ Managed Control 1000 - Access Control Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1000"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2ef3cc79-733e-48ed-ab6f-7bf439e9b406","type":"Microsoft.Authorization/policyDefinitions","name":"2ef3cc79-733e-48ed-ab6f-7bf439e9b406"},{"properties":{"displayName":"Microsoft
+ Managed Control 1519 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1519"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2f13915a-324c-4ab8-b45c-2eefeeefb098","type":"Microsoft.Authorization/policyDefinitions","name":"2f13915a-324c-4ab8-b45c-2eefeeefb098"},{"properties":{"displayName":"[Preview]:
+ Network traffic data collection agent should be installed on Windows virtual
+ machines","policyType":"BuiltIn","mode":"Indexed","description":"Security
+ Center uses the Microsoft Monitoring Dependency Agent to collect network traffic
+ data from your Azure virtual machines to enable advanced network protection
+ features such as traffic visualization on the network map, network hardening
+ recommendations and specific network threats.","metadata":{"category":"Monitoring","preview":"true"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable Dependency Agent for Windows VMs monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2f2ee1de-44aa-4762-b6bd-0893fc3f306d","type":"Microsoft.Authorization/policyDefinitions","name":"2f2ee1de-44aa-4762-b6bd-0893fc3f306d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1144 - Security Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1144"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fa15ff1-a693-4ee4-b094-324818dc9a51","type":"Microsoft.Authorization/policyDefinitions","name":"2fa15ff1-a693-4ee4-b094-324818dc9a51"},{"properties":{"displayName":"Microsoft
+ Managed Control 1090 - Security Awareness Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1090"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fb740e5-cbc7-4d10-8686-d1bf826652b1","type":"Microsoft.Authorization/policyDefinitions","name":"2fb740e5-cbc7-4d10-8686-d1bf826652b1"},{"properties":{"displayName":"[Deprecated]:
Web Application should only be accessible over HTTPS","policyType":"BuiltIn","mode":"All","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"Security
@@ -5118,7 +8740,14 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[DomainMembership]WindowsDomainMembership;DomainName","value":"[parameters(''DomainName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/315c850a-272d-4502-8935-b79010405970","type":"Microsoft.Authorization/policyDefinitions","name":"315c850a-272d-4502-8935-b79010405970"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/315c850a-272d-4502-8935-b79010405970","type":"Microsoft.Authorization/policyDefinitions","name":"315c850a-272d-4502-8935-b79010405970"},{"properties":{"displayName":"Microsoft
+ Managed Control 1042 - Least Privilege | Auditing Use Of Privileged Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1042"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/319dc4f0-0fed-4ac9-8fc3-7aeddee82c07","type":"Microsoft.Authorization/policyDefinitions","name":"319dc4f0-0fed-4ac9-8fc3-7aeddee82c07"},{"properties":{"displayName":"Microsoft
+ Managed Control 1698 - Information System Monitoring | Individuals Posing
+ Greater Risk","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1698"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/31b752c1-05a9-432a-8fce-c39b56550119","type":"Microsoft.Authorization/policyDefinitions","name":"31b752c1-05a9-432a-8fce-c39b56550119"},{"properties":{"displayName":"[Preview]:
Audit Log Analytics Agent Deployment - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports
VMs as non-compliant if the VM Image (OS) is not in the list defined and the
agent is not installed. The list of OS images will be updated over time as
@@ -5126,7 +8755,13 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","type":"Microsoft.Authorization/policyDefinitions","name":"32133ab0-ee4b-4b44-98d6-042180979d50"},{"properties":{"displayName":"Deploy
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","type":"Microsoft.Authorization/policyDefinitions","name":"32133ab0-ee4b-4b44-98d6-042180979d50"},{"properties":{"displayName":"Microsoft
+ Managed Control 1587 - External Information System Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1587"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32820956-9c6d-4376-934c-05cd8525be7c","type":"Microsoft.Authorization/policyDefinitions","name":"32820956-9c6d-4376-934c-05cd8525be7c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1333 - Authenticator Management | Pki-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1333"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3298d6bf-4bc6-4278-a95d-f7ef3ac6e594","type":"Microsoft.Authorization/policyDefinitions","name":"3298d6bf-4bc6-4278-a95d-f7ef3ac6e594"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs on which the specified services are not
installed and ''Running''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5145,35 +8780,59 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsServiceStatus]WindowsServiceStatus1;ServiceName","value":"[parameters(''ServiceName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32b1e4d4-6cd5-47b4-a935-169da8a5c262","type":"Microsoft.Authorization/policyDefinitions","name":"32b1e4d4-6cd5-47b4-a935-169da8a5c262"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32b1e4d4-6cd5-47b4-a935-169da8a5c262","type":"Microsoft.Authorization/policyDefinitions","name":"32b1e4d4-6cd5-47b4-a935-169da8a5c262"},{"properties":{"displayName":"Microsoft
+ Managed Control 1445 - Physical And Environmental Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1445"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32d07d59-2716-4972-b37b-214a67ac4a37","type":"Microsoft.Authorization/policyDefinitions","name":"32d07d59-2716-4972-b37b-214a67ac4a37"},{"properties":{"displayName":"Microsoft
+ Managed Control 1282 - Telecommunications Services | Single Points Of Failure","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1282"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34042a97-ec6d-4263-93d2-8c1c46823b2a","type":"Microsoft.Authorization/policyDefinitions","name":"34042a97-ec6d-4263-93d2-8c1c46823b2a"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Linux VMs that have accounts without passwords","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Linux virtual machines
that have accounts without passwords. It also creates a system-assigned managed
identity and deploys the VM extension for Guest Configuration. This policy
should only be used along with its corresponding audit policy in an initiative.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid232","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid232"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","type":"Microsoft.Authorization/policyDefinitions","name":"3470477a-b35a-49db-aca5-1073d04524fe"},{"properties":{"displayName":"Audit
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid232","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid232"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","type":"Microsoft.Authorization/policyDefinitions","name":"3470477a-b35a-49db-aca5-1073d04524fe"},{"properties":{"displayName":"Microsoft
+ Managed Control 1151 - System Interconnections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1151"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/347e3b69-7fb7-47df-a8ef-71a1a7b44bca","type":"Microsoft.Authorization/policyDefinitions","name":"347e3b69-7fb7-47df-a8ef-71a1a7b44bca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1412 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1412"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3492d949-0dbb-4589-88b3-7b59601cc764","type":"Microsoft.Authorization/policyDefinitions","name":"3492d949-0dbb-4589-88b3-7b59601cc764"},{"properties":{"displayName":"Microsoft
+ Managed Control 1475 - Emergency Lighting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1475"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34a63848-30cf-4081-937e-ce1a1c885501","type":"Microsoft.Authorization/policyDefinitions","name":"34a63848-30cf-4081-937e-ce1a1c885501"},{"properties":{"displayName":"Microsoft
+ Managed Control 1060 - Remote Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1060"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34a987fd-2003-45de-a120-014956581f2b","type":"Microsoft.Authorization/policyDefinitions","name":"34a987fd-2003-45de-a120-014956581f2b"},{"properties":{"displayName":"Audit
unrestricted network access to storage accounts","policyType":"BuiltIn","mode":"Indexed","description":"Audit
unrestricted network access in your storage account firewall settings. Instead,
configure network rules so only applications from allowed networks can access
the storage account. To allow connections from specific internet or on-premise
clients, access can be granted to traffic from specific Azure virtual networks
or to public internet IP address ranges","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.defaultAction","equals":"Allow"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","type":"Microsoft.Authorization/policyDefinitions","name":"34c877ad-507e-4c82-993e-3452a6e0ad3c"},{"properties":{"displayName":"Diagnostic
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.defaultAction","equals":"Allow"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","type":"Microsoft.Authorization/policyDefinitions","name":"34c877ad-507e-4c82-993e-3452a6e0ad3c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1341 - Authenticator Management | Multiple Information System
+ Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1341"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34cb7e92-fe4c-4826-b51e-8cd203fa5d35","type":"Microsoft.Authorization/policyDefinitions","name":"34cb7e92-fe4c-4826-b51e-8cd203fa5d35"},{"properties":{"displayName":"Diagnostic
logs in Logic Apps should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Logic Apps"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","type":"Microsoft.Authorization/policyDefinitions","name":"34f95f76-5386-4de7-b824-0d8478470c9d"},{"properties":{"displayName":"[Preview]:
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","type":"Microsoft.Authorization/policyDefinitions","name":"34f95f76-5386-4de7-b824-0d8478470c9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1210 - Configuration Settings","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1210"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3502c968-c490-4570-8167-1476f955e9b8","type":"Microsoft.Authorization/policyDefinitions","name":"3502c968-c490-4570-8167-1476f955e9b8"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not have a maximum password
age of 70 days","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5181,31 +8840,51 @@ interactions:
managed identity and deploys the VM extension for Guest Configuration. This
policy should only be used along with its corresponding audit policy in an
initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MaximumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MaximumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","type":"Microsoft.Authorization/policyDefinitions","name":"356a906e-05e5-4625-8729-90771e0ee934"},{"properties":{"displayName":"CORS
should not allow every resource to access your API App","policyType":"BuiltIn","mode":"Indexed","description":"Cross-Origin
Resource Sharing (CORS) should not allow all domains to access your API app.
Allow only required domains to interact with your API app.","metadata":{"category":"App
Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","type":"Microsoft.Authorization/policyDefinitions","name":"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac"},{"properties":{"displayName":"Gateway
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","type":"Microsoft.Authorization/policyDefinitions","name":"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1659 - Architecture And Provisioning For Name / Address Resolution
+ Service","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1659"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/35a4102f-a778-4a2e-98c2-971056288df8","type":"Microsoft.Authorization/policyDefinitions","name":"35a4102f-a778-4a2e-98c2-971056288df8"},{"properties":{"displayName":"Gateway
subnets should not be configured with a network security group","policyType":"BuiltIn","mode":"All","description":"This
policy denies if a gateway subnet is configured with a network security group.
Assigning a network security group to a gateway subnet will cause the gateway
- to stop functioning.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},{"field":"name","equals":"GatewaySubnet"},{"field":"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id","exists":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010","type":"Microsoft.Authorization/policyDefinitions","name":"35f9c03a-cc27-418e-9c0c-539ff999d010"},{"properties":{"displayName":"Deploy
+ to stop functioning.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},{"field":"name","equals":"GatewaySubnet"},{"field":"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id","exists":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010","type":"Microsoft.Authorization/policyDefinitions","name":"35f9c03a-cc27-418e-9c0c-539ff999d010"},{"properties":{"displayName":"Microsoft
+ Managed Control 1043 - Least Privilege | Prohibit Non-Privileged Users From
+ Executing Privileged Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1043"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/361a77f6-0f9c-4748-8eec-bc13aaaa2455","type":"Microsoft.Authorization/policyDefinitions","name":"361a77f6-0f9c-4748-8eec-bc13aaaa2455"},{"properties":{"displayName":"Deploy
Advanced Threat Protection on Storage Accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
policy enables Advanced Threat Protection on Storage Accounts.","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Storage/storageAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"storageAccountName":{"type":"string"}},"resources":[{"apiVersion":"2017-08-01-preview","type":"Microsoft.Storage/storageAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''storageAccountName''),
- ''/Microsoft.Security/current'')]","properties":{"isEnabled":true}}]},"parameters":{"storageAccountName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c","type":"Microsoft.Authorization/policyDefinitions","name":"361c2074-3595-4e5d-8cab-4f21dffc835c"},{"properties":{"displayName":"Automation
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Storage/storageAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"storageAccountName":{"type":"string"}},"resources":[{"apiVersion":"2019-01-01","type":"Microsoft.Storage/storageAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''storageAccountName''),
+ ''/Microsoft.Security/current'')]","properties":{"isEnabled":true}}]},"parameters":{"storageAccountName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c","type":"Microsoft.Authorization/policyDefinitions","name":"361c2074-3595-4e5d-8cab-4f21dffc835c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1313 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1313"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36220f5b-79a1-4cdb-8c74-2d2449f9a510","type":"Microsoft.Authorization/policyDefinitions","name":"36220f5b-79a1-4cdb-8c74-2d2449f9a510"},{"properties":{"displayName":"Microsoft
+ Managed Control 1630 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1630"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3643717a-3897-4bfd-8530-c7c96b26b2a0","type":"Microsoft.Authorization/policyDefinitions","name":"3643717a-3897-4bfd-8530-c7c96b26b2a0"},{"properties":{"displayName":"Automation
account variables should be encrypted","policyType":"BuiltIn","mode":"All","description":"It
is important to enable encryption of Automation account variable assets when
storing sensitive data","metadata":{"category":"Automation"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Automation/automationAccounts/variables"},{"field":"Microsoft.Automation/automationAccounts/variables/isEncrypted","notEquals":"true"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","type":"Microsoft.Authorization/policyDefinitions","name":"3657f5a0-770e-44a3-b44e-9431ba1e9735"},{"properties":{"displayName":"Deploy
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Automation/automationAccounts/variables"},{"field":"Microsoft.Automation/automationAccounts/variables/isEncrypted","notEquals":"true"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","type":"Microsoft.Authorization/policyDefinitions","name":"3657f5a0-770e-44a3-b44e-9431ba1e9735"},{"properties":{"displayName":"Microsoft
+ Managed Control 1339 - Authenticator Management | Protection Of Authenticators","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1339"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/367ae386-db7f-4167-b672-984ff86277c0","type":"Microsoft.Authorization/policyDefinitions","name":"367ae386-db7f-4167-b672-984ff86277c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1685 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1685"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36b0ef30-366f-4b1b-8652-a3511df11f53","type":"Microsoft.Authorization/policyDefinitions","name":"36b0ef30-366f-4b1b-8652-a3511df11f53"},{"properties":{"displayName":"Deploy
Threat Detection on SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy ensures that Threat Detection is enabled on SQL Servers.","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/securityAlertPolicies.state","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"serverName":{"type":"string"}},"variables":{},"resources":[{"name":"[concat(parameters(''serverName''),
''/Default'')]","type":"Microsoft.Sql/servers/securityAlertPolicies","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","emailAccountAdmins":true}}]},"parameters":{"serverName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5","type":"Microsoft.Authorization/policyDefinitions","name":"36d49e87-48c4-4f2e-beed-ba4ed02b71f5"},{"properties":{"displayName":"[Preview]:
@@ -5254,7 +8933,10 @@ interactions:
clients;ExpectedValue","value":"[parameters(''NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients'')]"},{"name":"Network
security: Minimum session security for NTLM SSP based (including secure RPC)
servers;ExpectedValue","value":"[parameters(''NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36e17963-7202-494a-80c3-f508211c826b","type":"Microsoft.Authorization/policyDefinitions","name":"36e17963-7202-494a-80c3-f508211c826b"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36e17963-7202-494a-80c3-f508211c826b","type":"Microsoft.Authorization/policyDefinitions","name":"36e17963-7202-494a-80c3-f508211c826b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1557 - Vulnerability Scanning | Review Historic Audit Logs","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1557"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36fbe499-f2f2-41b6-880e-52d7ea1d94a5","type":"Microsoft.Authorization/policyDefinitions","name":"36fbe499-f2f2-41b6-880e-52d7ea1d94a5"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Interactive Logon''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5265,33 +8947,86 @@ interactions:
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsInteractiveLogon","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsInteractiveLogon"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3750712b-43d0-478e-9966-d2c26f6141b9","type":"Microsoft.Authorization/policyDefinitions","name":"3750712b-43d0-478e-9966-d2c26f6141b9"},{"properties":{"displayName":"Storage
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3750712b-43d0-478e-9966-d2c26f6141b9","type":"Microsoft.Authorization/policyDefinitions","name":"3750712b-43d0-478e-9966-d2c26f6141b9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1624 - Boundary Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1624"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37d079e3-d6aa-4263-a069-dd7ac6dd9684","type":"Microsoft.Authorization/policyDefinitions","name":"37d079e3-d6aa-4263-a069-dd7ac6dd9684"},{"properties":{"displayName":"Storage
accounts should be migrated to new Azure Resource Manager resources","policyType":"BuiltIn","mode":"All","description":"Use
new Azure Resource Manager for your storage accounts to provide security enhancements
such as: stronger access control (RBAC), better auditing, Azure Resource Manager
based deployment and governance, access to managed identities, access to key
vault for secrets, Azure AD-based authentication and support for tags and
resource groups for easier security management","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.ClassicStorage/storageAccounts","Microsoft.Storage/StorageAccounts"]},{"value":"[field(''type'')]","equals":"Microsoft.ClassicStorage/storageAccounts"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","type":"Microsoft.Authorization/policyDefinitions","name":"37e0d2fe-28a5-43d6-a273-67d37d1f5606"},{"properties":{"displayName":"Diagnostic
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.ClassicStorage/storageAccounts","Microsoft.Storage/StorageAccounts"]},{"value":"[field(''type'')]","equals":"Microsoft.ClassicStorage/storageAccounts"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","type":"Microsoft.Authorization/policyDefinitions","name":"37e0d2fe-28a5-43d6-a273-67d37d1f5606"},{"properties":{"displayName":"Microsoft
+ Managed Control 1335 - Authenticator Management | Pki-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1335"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/382016f3-d4ba-4e15-9716-55077ec4dc2a","type":"Microsoft.Authorization/policyDefinitions","name":"382016f3-d4ba-4e15-9716-55077ec4dc2a"},{"properties":{"displayName":"Diagnostic
logs in IoT Hub should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Internet of Things"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Devices/IotHubs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","type":"Microsoft.Authorization/policyDefinitions","name":"383856f8-de7f-44a2-81fc-e5135b5c2aa4"},{"properties":{"displayName":"Advanced
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Devices/IotHubs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","type":"Microsoft.Authorization/policyDefinitions","name":"383856f8-de7f-44a2-81fc-e5135b5c2aa4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1081 - Information Sharing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1081"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3867f2a9-23bb-4729-851f-c3ad98580caf","type":"Microsoft.Authorization/policyDefinitions","name":"3867f2a9-23bb-4729-851f-c3ad98580caf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1522 - Personnel Transfer","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1522"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/38b470cc-f939-4a15-80e0-9f0c74f2e2c9","type":"Microsoft.Authorization/policyDefinitions","name":"38b470cc-f939-4a15-80e0-9f0c74f2e2c9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1416 - Nonlocal Maintenance | Document Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1416"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/38dfd8a3-5290-4099-88b7-4081f4c4d8ae","type":"Microsoft.Authorization/policyDefinitions","name":"38dfd8a3-5290-4099-88b7-4081f4c4d8ae"},{"properties":{"displayName":"Microsoft
+ Managed Control 1397 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1397"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/391af4ab-1117-46b9-b2c7-78bbd5cd995b","type":"Microsoft.Authorization/policyDefinitions","name":"391af4ab-1117-46b9-b2c7-78bbd5cd995b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1556 - Vulnerability Scanning | Automated Trend Analyses","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1556"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/391ff8b3-afed-405e-9f7d-ef2f8168d5da","type":"Microsoft.Authorization/policyDefinitions","name":"391ff8b3-afed-405e-9f7d-ef2f8168d5da"},{"properties":{"displayName":"Advanced
data security settings for SQL managed instance should contain an email address
to receive security alerts","policyType":"BuiltIn","mode":"Indexed","description":"Ensure
that an email address is provided for the ''Send alerts to'' field in the
Advanced Data Security server settings. This email address receives alert
notifications when anomalous activities are detected on SQL managed instances.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","notEquals":""},{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","type":"Microsoft.Authorization/policyDefinitions","name":"3965c43d-b5f4-482e-b74a-d89ee0e0b3a8"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","notEquals":""},{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","type":"Microsoft.Authorization/policyDefinitions","name":"3965c43d-b5f4-482e-b74a-d89ee0e0b3a8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1232 - Configuration Management Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1232"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/396ba986-eac1-4d6d-85c4-d3fda6b78272","type":"Microsoft.Authorization/policyDefinitions","name":"396ba986-eac1-4d6d-85c4-d3fda6b78272"},{"properties":{"displayName":"Microsoft
+ Managed Control 1246 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1246"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/398eb61e-8111-40d5-a0c9-003df28f1753","type":"Microsoft.Authorization/policyDefinitions","name":"398eb61e-8111-40d5-a0c9-003df28f1753"},{"properties":{"displayName":"FTPS
+ only should be required in your Function App","policyType":"BuiltIn","mode":"Indexed","description":"Enable
+ FTPS enforcement for enhanced security","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/ftpsState","equals":"FtpsOnly"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15","type":"Microsoft.Authorization/policyDefinitions","name":"399b2637-a50f-4f95-96f8-3a145476eb15"},{"properties":{"displayName":"Microsoft
+ Managed Control 1680 - Malicious Code Protection | Central Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1680"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/399cd6ee-0e18-41db-9dea-cde3bd712f38","type":"Microsoft.Authorization/policyDefinitions","name":"399cd6ee-0e18-41db-9dea-cde3bd712f38"},{"properties":{"displayName":"Microsoft
+ Managed Control 1228 - Information System Component Inventory | Accountability
+ Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1228"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/39c54140-5902-4079-8bb5-ad31936fe764","type":"Microsoft.Authorization/policyDefinitions","name":"39c54140-5902-4079-8bb5-ad31936fe764"},{"properties":{"displayName":"Microsoft
+ Managed Control 1039 - Least Privilege | Review Of User Privileges","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1039"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3a7b9de4-a8a2-4672-914d-c5f6752aa7f9","type":"Microsoft.Authorization/policyDefinitions","name":"3a7b9de4-a8a2-4672-914d-c5f6752aa7f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1648 - Collaborative Computing Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1648"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3a9eb14b-495a-4ebb-933c-ce4ef5264e32","type":"Microsoft.Authorization/policyDefinitions","name":"3a9eb14b-495a-4ebb-933c-ce4ef5264e32"},{"properties":{"displayName":"Microsoft
+ Managed Control 1315 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1315"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3aa87116-f1a1-4edb-bfbf-14e036f8d454","type":"Microsoft.Authorization/policyDefinitions","name":"3aa87116-f1a1-4edb-bfbf-14e036f8d454"},{"properties":{"displayName":"[Preview]:
Pod Security Policies should be defined on Kubernetes Services","policyType":"BuiltIn","mode":"All","description":"Define
Pod Security Policies to reduce the attack vector by removing unnecessary
application privileges. It is recommended to configure Pod Security Policies
to only allow pods to access the resources which they have permissions to
access.","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","exists":"false"},{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94","type":"Microsoft.Authorization/policyDefinitions","name":"3abeb944-26af-43ee-b83d-32aaf060fb94"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","exists":"false"},{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94","type":"Microsoft.Authorization/policyDefinitions","name":"3abeb944-26af-43ee-b83d-32aaf060fb94"},{"properties":{"displayName":"Microsoft
+ Managed Control 1548 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1548"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3afe6c78-6124-4d95-b85c-eb8c0c9539cb","type":"Microsoft.Authorization/policyDefinitions","name":"3afe6c78-6124-4d95-b85c-eb8c0c9539cb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1266 - Contingency Plan Testing | Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1266"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3b4a3eb2-c25d-40bf-ad41-5094b6f59cee","type":"Microsoft.Authorization/policyDefinitions","name":"3b4a3eb2-c25d-40bf-ad41-5094b6f59cee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1003 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1003"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3b68b179-3704-4ff7-b51d-7d65374d165d","type":"Microsoft.Authorization/policyDefinitions","name":"3b68b179-3704-4ff7-b51d-7d65374d165d"},{"properties":{"displayName":"[Preview]:
Deploy Dependency Agent for Windows VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the
list defined and the agent is not installed. The list of OS images will be
@@ -5321,7 +9056,32 @@ interactions:
in security configuration on your virtual machine scale sets should be remediated","policyType":"BuiltIn","mode":"Indexed","description":"Audit
the OS vulnerabilities on your virtual machine scale sets to protect them
from attacks.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OsVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","type":"Microsoft.Authorization/policyDefinitions","name":"3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OsVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","type":"Microsoft.Authorization/policyDefinitions","name":"3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1621 - Resource Availability","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1621"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3cb9f731-744a-4691-a481-ca77b0411538","type":"Microsoft.Authorization/policyDefinitions","name":"3cb9f731-744a-4691-a481-ca77b0411538"},{"properties":{"displayName":"Microsoft
+ Managed Control 1521 - Personnel Termination | Automated Notification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1521"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3cbddf9c-a3aa-4330-a0f5-4c0c1f1862e5","type":"Microsoft.Authorization/policyDefinitions","name":"3cbddf9c-a3aa-4330-a0f5-4c0c1f1862e5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1127 - Time Stamps","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1127"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3ce328db-aef3-48ed-9f81-2ab7cf839c66","type":"Microsoft.Authorization/policyDefinitions","name":"3ce328db-aef3-48ed-9f81-2ab7cf839c66"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Search Services to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Search Services to stream to a regional Event
+ Hub when any Search Services which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Search/searchServices/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d5da587-71bd-41f5-ac95-dd3330c2d58d","type":"Microsoft.Authorization/policyDefinitions","name":"3d5da587-71bd-41f5-ac95-dd3330c2d58d"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Devices''","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
@@ -5338,22 +9098,43 @@ interactions:
policy assignment''s principal ID.","strongType":"omsWorkspace"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS","16.04-LTS","16.04.0-LTS","14.04.2-LTS","12.04.5-LTS"]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"OmsAgentForLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"resources":[{"name":"[concat(parameters(''vmName''),''/omsPolicy'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2017-12-01","properties":{"publisher":"Microsoft.EnterpriseCloud.Monitoring","type":"OmsAgentForLinux","typeHandlerVersion":"1.4","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
''2015-03-20'').customerId]"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- monitoring for Linux VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38","type":"Microsoft.Authorization/policyDefinitions","name":"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38"},{"properties":{"displayName":"Azure
+ monitoring for Linux VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38","type":"Microsoft.Authorization/policyDefinitions","name":"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38"},{"properties":{"displayName":"Microsoft
+ Managed Control 1385 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1385"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3e495e65-8663-49ca-9b38-9f45e800bc58","type":"Microsoft.Authorization/policyDefinitions","name":"3e495e65-8663-49ca-9b38-9f45e800bc58"},{"properties":{"displayName":"Azure
Monitor solution ''Security and Audit'' must be deployed","policyType":"BuiltIn","mode":"All","description":"This
policy ensures that Security and Audit is deployed.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.OperationsManagement/solutions","existenceCondition":{"allOf":[{"field":"Microsoft.OperationsManagement/solutions/provisioningState","equals":"Succeeded"},{"field":"name","like":"Security(*)"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3e596b57-105f-48a6-be97-03e9243bad6e","type":"Microsoft.Authorization/policyDefinitions","name":"3e596b57-105f-48a6-be97-03e9243bad6e"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.OperationsManagement/solutions","existenceCondition":{"allOf":[{"field":"Microsoft.OperationsManagement/solutions/provisioningState","equals":"Succeeded"},{"field":"name","like":"Security(*)"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3e596b57-105f-48a6-be97-03e9243bad6e","type":"Microsoft.Authorization/policyDefinitions","name":"3e596b57-105f-48a6-be97-03e9243bad6e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1160 - Security Authorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1160"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3e797ca6-2aa8-4333-b335-7036f1110c05","type":"Microsoft.Authorization/policyDefinitions","name":"3e797ca6-2aa8-4333-b335-7036f1110c05"},{"properties":{"displayName":"Microsoft
+ Managed Control 1545 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1545"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3f4b171a-a56b-4328-8112-32cf7f947ee1","type":"Microsoft.Authorization/policyDefinitions","name":"3f4b171a-a56b-4328-8112-32cf7f947ee1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1179 - Baseline Configuration | Reviews And Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1179"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3f9ce557-c8ab-4e6c-bb2c-9b8ed002c46c","type":"Microsoft.Authorization/policyDefinitions","name":"3f9ce557-c8ab-4e6c-bb2c-9b8ed002c46c"},{"properties":{"displayName":"[Deprecated]:
Audit API Applications that are not using latest supported PHP Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported PHP version for the latest security classes. Using older
classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66","type":"Microsoft.Authorization/policyDefinitions","name":"3fe37002-5d00-4b37-a301-da09e3a0ca66"},{"properties":{"displayName":"Secure
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66","type":"Microsoft.Authorization/policyDefinitions","name":"3fe37002-5d00-4b37-a301-da09e3a0ca66"},{"properties":{"displayName":"Microsoft
+ Managed Control 1561 - Allocation Of Resources","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1561"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40364c3f-c331-4e29-b1e3-2fbe998ba2f5","type":"Microsoft.Authorization/policyDefinitions","name":"40364c3f-c331-4e29-b1e3-2fbe998ba2f5"},{"properties":{"displayName":"Secure
transfer to storage accounts should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
requirment of Secure transfer in your storage account. Secure transfer is
an option that forces your storage account to accept requests only from secure
connections (HTTPS). Use of HTTPS ensures authentication between the server
and the service and protects data in transit from network layer attacks such
as man-in-the-middle, eavesdropping, and session-hijacking","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","type":"Microsoft.Authorization/policyDefinitions","name":"404c3081-a854-4457-ae30-26a93ef643f9"},{"properties":{"displayName":"[Preview]:
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","type":"Microsoft.Authorization/policyDefinitions","name":"404c3081-a854-4457-ae30-26a93ef643f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1100 - Audit And Accountability Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1100"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4057863c-ca7d-47eb-b1e0-503580cba8a4","type":"Microsoft.Authorization/policyDefinitions","name":"4057863c-ca7d-47eb-b1e0-503580cba8a4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1637 - Boundary Protection | Fail Secure","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1637"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4075bedc-c62a-4635-bede-a01be89807f3","type":"Microsoft.Authorization/policyDefinitions","name":"4075bedc-c62a-4635-bede-a01be89807f3"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Administrative
Templates - System''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5383,11 +9164,41 @@ interactions:
Driver Initialization Policy;ExpectedValue","value":"[parameters(''BootStartDriverInitializationPolicy'')]"},{"name":"Enable
Windows NTP Client;ExpectedValue","value":"[parameters(''EnableWindowsNTPClient'')]"},{"name":"Turn
on convenience PIN sign-in;ExpectedValue","value":"[parameters(''TurnOnConveniencePINSignin'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40917425-69db-4018-8dae-2a0556cef899","type":"Microsoft.Authorization/policyDefinitions","name":"40917425-69db-4018-8dae-2a0556cef899"},{"properties":{"displayName":"Azure
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40917425-69db-4018-8dae-2a0556cef899","type":"Microsoft.Authorization/policyDefinitions","name":"40917425-69db-4018-8dae-2a0556cef899"},{"properties":{"displayName":"Microsoft
+ Managed Control 1202 - Access Restrictions For Change","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1202"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40a2a83b-74f2-4c02-ae65-f460a5d2792a","type":"Microsoft.Authorization/policyDefinitions","name":"40a2a83b-74f2-4c02-ae65-f460a5d2792a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1438 - Media Sanitization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1438"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40fcc635-52a2-4dbc-9523-80a1f4aa1de6","type":"Microsoft.Authorization/policyDefinitions","name":"40fcc635-52a2-4dbc-9523-80a1f4aa1de6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1365 - Incident Handling | Continuity Of Operations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1365"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4116891d-72f7-46ee-911c-8056cc8dcbd5","type":"Microsoft.Authorization/policyDefinitions","name":"4116891d-72f7-46ee-911c-8056cc8dcbd5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1022 - Account Management | Shared / Group Account Credential
+ Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1022"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/411f7e2d-9a0b-4627-a0b9-1700432db47d","type":"Microsoft.Authorization/policyDefinitions","name":"411f7e2d-9a0b-4627-a0b9-1700432db47d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1464 - Monitoring Physical Access | Intrusion Alarms / Surveillance
+ Equipment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1464"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/41256567-1795-4684-b00b-a1308ce43cac","type":"Microsoft.Authorization/policyDefinitions","name":"41256567-1795-4684-b00b-a1308ce43cac"},{"properties":{"displayName":"Azure
Monitor should collect activity logs from all regions","policyType":"BuiltIn","mode":"All","description":"This
policy audits the Azure Monitor log profile which does not export activities
from all Azure supported regions including global.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiasoutheast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"brazilsouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francesouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japaneast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japanwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreasouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricanorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricawest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southeastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaenorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uksouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"ukwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"global"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","type":"Microsoft.Authorization/policyDefinitions","name":"41388f1c-2db0-4c25-95b2-35d7f5ccbfa9"},{"properties":{"displayName":"Diagnostic
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiasoutheast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"brazilsouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francesouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japaneast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japanwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreasouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricanorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricawest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southeastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaenorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uksouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"ukwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"global"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","type":"Microsoft.Authorization/policyDefinitions","name":"41388f1c-2db0-4c25-95b2-35d7f5ccbfa9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1263 - Contingency Plan Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1263"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/41472613-3b05-49f6-8fe8-525af113ce17","type":"Microsoft.Authorization/policyDefinitions","name":"41472613-3b05-49f6-8fe8-525af113ce17"},{"properties":{"displayName":"Microsoft
+ Managed Control 1096 - Role-Based Security Training | Practical Exercises","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1096"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/420c1477-aa43-49d0-bd7e-c4abdd9addff","type":"Microsoft.Authorization/policyDefinitions","name":"420c1477-aa43-49d0-bd7e-c4abdd9addff"},{"properties":{"displayName":"Microsoft
+ Managed Control 1260 - Contingency Training | Simulated Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1260"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/42254fc4-2738-4128-9613-72aaa4f0d9c3","type":"Microsoft.Authorization/policyDefinitions","name":"42254fc4-2738-4128-9613-72aaa4f0d9c3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1694 - Information System Monitoring | Analyze Communications
+ Traffic Anomalies","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1694"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/426c4ac9-ff17-49d0-acd7-a13c157081c0","type":"Microsoft.Authorization/policyDefinitions","name":"426c4ac9-ff17-49d0-acd7-a13c157081c0"},{"properties":{"displayName":"Diagnostic
logs in Batch accounts should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
@@ -5411,7 +9222,20 @@ interactions:
Process Termination;ExpectedValue'', ''='', parameters(''AuditProcessTermination'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesDetailedTracking"},"AuditProcessTermination":{"value":"[parameters(''AuditProcessTermination'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AuditProcessTermination":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit
Process Termination;ExpectedValue","value":"[parameters(''AuditProcessTermination'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/42a07bbf-ffcf-459a-b4b1-30ecd118a505","type":"Microsoft.Authorization/policyDefinitions","name":"42a07bbf-ffcf-459a-b4b1-30ecd118a505"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/42a07bbf-ffcf-459a-b4b1-30ecd118a505","type":"Microsoft.Authorization/policyDefinitions","name":"42a07bbf-ffcf-459a-b4b1-30ecd118a505"},{"properties":{"displayName":"Microsoft
+ Managed Control 1174 - Configuration Management Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1174"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/42a9a714-8fbb-43ac-b115-ea12d2bd652f","type":"Microsoft.Authorization/policyDefinitions","name":"42a9a714-8fbb-43ac-b115-ea12d2bd652f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1137 - Audit Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1137"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4344df62-88ab-4637-b97b-bcaf2ec97e7c","type":"Microsoft.Authorization/policyDefinitions","name":"4344df62-88ab-4637-b97b-bcaf2ec97e7c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1367 - Incident Handling | Insider Threats - Specific Capabilities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1367"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/435b2547-6374-4f87-b42d-6e8dbe6ae62a","type":"Microsoft.Authorization/policyDefinitions","name":"435b2547-6374-4f87-b42d-6e8dbe6ae62a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1552 - Vulnerability Scanning | Update By Frequency / Prior
+ To New Scan / When Identified","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1552"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/43684572-e4f1-4642-af35-6b933bc506da","type":"Microsoft.Authorization/policyDefinitions","name":"43684572-e4f1-4642-af35-6b933bc506da"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- System settings''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5433,13 +9257,56 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"System
settings: Use Certificate Rules on Windows Executables for Software Restriction
Policies;ExpectedValue","value":"[parameters(''SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/437a1f8f-8552-47a8-8b12-a2fee3269dd5","type":"Microsoft.Authorization/policyDefinitions","name":"437a1f8f-8552-47a8-8b12-a2fee3269dd5"},{"properties":{"displayName":"[Deprecated]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/437a1f8f-8552-47a8-8b12-a2fee3269dd5","type":"Microsoft.Authorization/policyDefinitions","name":"437a1f8f-8552-47a8-8b12-a2fee3269dd5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1544 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1544"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/43ced7c9-cd53-456b-b0da-2522649a4271","type":"Microsoft.Authorization/policyDefinitions","name":"43ced7c9-cd53-456b-b0da-2522649a4271"},{"properties":{"displayName":"Microsoft
+ Managed Control 1398 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1398"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/443e8f3d-b51a-45d8-95a7-18b0e42f4dc4","type":"Microsoft.Authorization/policyDefinitions","name":"443e8f3d-b51a-45d8-95a7-18b0e42f4dc4"},{"properties":{"displayName":"[Deprecated]:
Monitor permissive network access in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Network
Security Groups with too permissive rules will be monitored by Azure Security
Center as recommendations","metadata":{"category":"Security Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"permissiveNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed","type":"Microsoft.Authorization/policyDefinitions","name":"44452482-524f-4bf4-b852-0bff7cc4a3ed"},{"properties":{"displayName":"Require
- SQL Server version 12.0","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy ensures all SQL servers use version 12.0","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers"},{"not":{"field":"Microsoft.Sql/servers/version","equals":"12.0"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf","type":"Microsoft.Authorization/policyDefinitions","name":"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"permissiveNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed","type":"Microsoft.Authorization/policyDefinitions","name":"44452482-524f-4bf4-b852-0bff7cc4a3ed"},{"properties":{"displayName":"Microsoft
+ Managed Control 1066 - Remote Access | Disconnect / Disable Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1066"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4455c2e8-c65d-4acf-895e-304916f90b36","type":"Microsoft.Authorization/policyDefinitions","name":"4455c2e8-c65d-4acf-895e-304916f90b36"},{"properties":{"displayName":"Microsoft
+ Managed Control 1720 - Spam Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1720"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44b9a7cd-f36a-491a-a48b-6d04ae7c4221","type":"Microsoft.Authorization/policyDefinitions","name":"44b9a7cd-f36a-491a-a48b-6d04ae7c4221"},{"properties":{"displayName":"Microsoft
+ Managed Control 1334 - Authenticator Management | Pki-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1334"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44bfdadc-8c2e-4c30-9c99-f005986fabcd","type":"Microsoft.Authorization/policyDefinitions","name":"44bfdadc-8c2e-4c30-9c99-f005986fabcd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1604 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1604"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44dbba23-0b61-478e-89c7-b3084667782f","type":"Microsoft.Authorization/policyDefinitions","name":"44dbba23-0b61-478e-89c7-b3084667782f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1712 - Software, Firmware, And Information Integrity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1712"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44e543aa-41db-42aa-98eb-8a5eb1db53f0","type":"Microsoft.Authorization/policyDefinitions","name":"44e543aa-41db-42aa-98eb-8a5eb1db53f0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1310 - Device Identification And Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1310"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/450d7ede-823d-4931-a99d-57f6a38807dc","type":"Microsoft.Authorization/policyDefinitions","name":"450d7ede-823d-4931-a99d-57f6a38807dc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1559 - System And Services Acquisition Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1559"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/45692294-f074-42bd-ac54-16f1a3c07554","type":"Microsoft.Authorization/policyDefinitions","name":"45692294-f074-42bd-ac54-16f1a3c07554"},{"properties":{"displayName":"Microsoft
+ Managed Control 1578 - Acquisition Process | Functions / Ports / Protocols
+ / Services In Use","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1578"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/45b7b644-5f91-498e-9d89-7402532d3645","type":"Microsoft.Authorization/policyDefinitions","name":"45b7b644-5f91-498e-9d89-7402532d3645"},{"properties":{"displayName":"Microsoft
+ Managed Control 1565 - System Development Life Cycle","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1565"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/45ce2396-5c76-4654-9737-f8792ab3d26b","type":"Microsoft.Authorization/policyDefinitions","name":"45ce2396-5c76-4654-9737-f8792ab3d26b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1337 - Authenticator Management | In-Person Or Trusted Third-Party
+ Registration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1337"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/463e5220-3f79-4e24-a63f-343e4096cd22","type":"Microsoft.Authorization/policyDefinitions","name":"463e5220-3f79-4e24-a63f-343e4096cd22"},{"properties":{"displayName":"[Deprecated]:
+ Require SQL Server version 12.0","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy ensures all SQL servers use version 12.0. This policy is deprecated
+ because it is no longer possible to create an Azure SQL server with any version
+ other than 12.0.","metadata":{"category":"SQL","deprecated":"true"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers"},{"not":{"field":"Microsoft.Sql/servers/version","equals":"12.0"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf","type":"Microsoft.Authorization/policyDefinitions","name":"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1346 - Identification And Authentication (Non-Organizational
+ Users)","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1346"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/464dc8ce-2200-4720-87a5-dc5952924cc6","type":"Microsoft.Authorization/policyDefinitions","name":"464dc8ce-2200-4720-87a5-dc5952924cc6"},{"properties":{"displayName":"[Deprecated]:
Audit Web Applications that are not using latest supported Python Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported Python version for the latest security classes. Using
older classes and types can make your application vulnerable.","metadata":{"category":"Security
@@ -5448,7 +9315,14 @@ interactions:
automatic OS image patching on Virtual Machine Scale Sets","policyType":"BuiltIn","mode":"All","description":"This
policy enforces enabling automatic OS image patching on Virtual Machine Scale
Sets to always keep Virtual Machines secure by safely applying latest security
- patches every month.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgradePolicy.enableAutomaticOSUpgrade","notEquals":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade","notEquals":"True"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"465f0161-0087-490a-9ad9-ad6217f4f43a"},{"properties":{"displayName":"Automatic
+ patches every month.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgradePolicy.enableAutomaticOSUpgrade","notEquals":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade","notEquals":"True"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"465f0161-0087-490a-9ad9-ad6217f4f43a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1368 - Incident Handling | Correlation With External Organizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1368"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/465f32da-0ace-4603-8d1b-7be5a3a702de","type":"Microsoft.Authorization/policyDefinitions","name":"465f32da-0ace-4603-8d1b-7be5a3a702de"},{"properties":{"displayName":"Microsoft
+ Managed Control 1062 - Remote Access | Protection Of Confidentiality / Integrity
+ Using Encryption","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1062"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4708723f-e099-4af1-bbf9-b6df7642e444","type":"Microsoft.Authorization/policyDefinitions","name":"4708723f-e099-4af1-bbf9-b6df7642e444"},{"properties":{"displayName":"Automatic
provisioning of the Log Analytics monitoring agent should be enabled on your
subscription","policyType":"BuiltIn","mode":"All","description":"Enable automatic
provisioning of the Log Analytics monitoring agent in order to collect security
@@ -5457,12 +9331,51 @@ interactions:
Application Controls should be enabled on virtual machines","policyType":"BuiltIn","mode":"All","description":"Possible
Application Whitelist configuration will be monitored by Azure Security Center","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"applicationWhitelisting","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","type":"Microsoft.Authorization/policyDefinitions","name":"47a6b606-51aa-4496-8bb7-64b11cf66adc"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"applicationWhitelisting","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","type":"Microsoft.Authorization/policyDefinitions","name":"47a6b606-51aa-4496-8bb7-64b11cf66adc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1359 - Incident Response Testing | Coordination With Related
+ Plans","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Incident Response control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1359"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/47bc7ea0-7d13-4f7c-a154-b903f7194253","type":"Microsoft.Authorization/policyDefinitions","name":"47bc7ea0-7d13-4f7c-a154-b903f7194253"},{"properties":{"displayName":"Microsoft
+ Managed Control 1165 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1165"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/47e10916-6c9e-446b-b0bd-ff5fd439d79d","type":"Microsoft.Authorization/policyDefinitions","name":"47e10916-6c9e-446b-b0bd-ff5fd439d79d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1048 - System Use Notification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1048"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/483e7ca9-82b3-45a2-be97-b93163a0deb7","type":"Microsoft.Authorization/policyDefinitions","name":"483e7ca9-82b3-45a2-be97-b93163a0deb7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1033 - Separation Of Duties","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1033"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48540f01-fc11-411a-b160-42807c68896e","type":"Microsoft.Authorization/policyDefinitions","name":"48540f01-fc11-411a-b160-42807c68896e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1477 - Fire Protection | Detection Devices / Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1477"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4862a63c-6c74-4a9d-a221-89af3c374503","type":"Microsoft.Authorization/policyDefinitions","name":"4862a63c-6c74-4a9d-a221-89af3c374503"},{"properties":{"displayName":"Microsoft
+ Managed Control 1484 - Water Damage Protection | Automation Support","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1484"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/486b006a-3653-45e8-b41c-a052d3e05456","type":"Microsoft.Authorization/policyDefinitions","name":"486b006a-3653-45e8-b41c-a052d3e05456"},{"properties":{"displayName":"[Deprecated]:
Audit IP restrictions configuration for an API App","policyType":"BuiltIn","mode":"All","description":"IP
Restrictions allow you to define a list of IP addresses that are allowed to
access your app. Use of IP Restrictions protects an API app from common attacks.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53","type":"Microsoft.Authorization/policyDefinitions","name":"48893b84-a2c8-4d9a-badf-835d5d1b7d53"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53","type":"Microsoft.Authorization/policyDefinitions","name":"48893b84-a2c8-4d9a-badf-835d5d1b7d53"},{"properties":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for PostgreSQL","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure Database for PostgreSQL with geo-redundant backup
+ not enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},{"field":"Microsoft.DBforPostgreSQL/servers/storageProfile.geoRedundantBackup","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","type":"Microsoft.Authorization/policyDefinitions","name":"48af4db5-9b8b-401c-8e74-076be876a430"},{"properties":{"displayName":"Microsoft
+ Managed Control 1669 - Flaw Remediation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1669"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48f2f62b-5743-4415-a143-288adc0e078d","type":"Microsoft.Authorization/policyDefinitions","name":"48f2f62b-5743-4415-a143-288adc0e078d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1376 - Incident Response Assistance | Coordination With External
+ Providers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1376"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/493a95f3-f2e3-47d0-af02-65e6d6decc2f","type":"Microsoft.Authorization/policyDefinitions","name":"493a95f3-f2e3-47d0-af02-65e6d6decc2f"},{"properties":{"displayName":"Ensure
+ that ''Java version'' is the latest, if used as a part of the Web app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Java software either due to security flaws
+ or to include additional functionality. Using the latest Java version for
+ web apps is recommended in order to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ Java version","description":"Latest supported Java version for App Services"},"defaultValue":"11"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"JAVA"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","like":"[concat(''*'',
+ parameters(''JavaLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.javaVersion","like":"[concat(parameters(''JavaLatestVersion''),
+ ''*'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","type":"Microsoft.Authorization/policyDefinitions","name":"496223c3-ad65-4ecd-878a-bae78737e9ed"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Audit''","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5478,7 +9391,13 @@ interactions:
''='', parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsAudit"},"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"value":"[parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit:
Shut down system immediately if unable to log security audits;ExpectedValue","value":"[parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/498b810c-59cd-4222-9338-352ba146ccf3","type":"Microsoft.Authorization/policyDefinitions","name":"498b810c-59cd-4222-9338-352ba146ccf3"},{"properties":{"displayName":"Append
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/498b810c-59cd-4222-9338-352ba146ccf3","type":"Microsoft.Authorization/policyDefinitions","name":"498b810c-59cd-4222-9338-352ba146ccf3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1329 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1329"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/498f6234-3e20-4b6a-a880-cbd646d973bd","type":"Microsoft.Authorization/policyDefinitions","name":"498f6234-3e20-4b6a-a880-cbd646d973bd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1638 - Boundary Protection | Dynamic Isolation / Segregation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1638"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49b99653-32cd-405d-a135-e7d60a9aae1f","type":"Microsoft.Authorization/policyDefinitions","name":"49b99653-32cd-405d-a135-e7d60a9aae1f"},{"properties":{"displayName":"Append
tag and its default value to resource groups","policyType":"BuiltIn","mode":"All","description":"Appends
the specified tag and value when any resource group which is missing this
tag is created or updated. Does not modify the tags of resource groups created
@@ -5488,7 +9407,36 @@ interactions:
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"append","details":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71","type":"Microsoft.Authorization/policyDefinitions","name":"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71"},{"properties":{"displayName":"Deploy
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71","type":"Microsoft.Authorization/policyDefinitions","name":"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71"},{"properties":{"displayName":"Microsoft
+ Managed Control 1294 - Information System Backup | Transfer To Alternate Storage
+ Site","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1294"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49dbe627-2c1e-438c-979e-dd7a39bbf81d","type":"Microsoft.Authorization/policyDefinitions","name":"49dbe627-2c1e-438c-979e-dd7a39bbf81d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1218 - Least Functionality | Prevent Program Execution","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1218"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4a1d0394-b9f5-493e-9e83-563fd0ac4df8","type":"Microsoft.Authorization/policyDefinitions","name":"4a1d0394-b9f5-493e-9e83-563fd0ac4df8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1677 - Malicious Code Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1677"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4a248e1e-040f-43e5-bff2-afc3a57a3923","type":"Microsoft.Authorization/policyDefinitions","name":"4a248e1e-040f-43e5-bff2-afc3a57a3923"},{"properties":{"displayName":"Microsoft
+ Managed Control 1094 - Role-Based Security Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1094"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4b1853e0-8973-446b-b567-09d901d31a09","type":"Microsoft.Authorization/policyDefinitions","name":"4b1853e0-8973-446b-b567-09d901d31a09"},{"properties":{"displayName":"Microsoft
+ Managed Control 1114 - Response To Audit Processing Failures | Real-Time Alerts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1114"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4c090801-59bc-4454-bb33-e0455133486a","type":"Microsoft.Authorization/policyDefinitions","name":"4c090801-59bc-4454-bb33-e0455133486a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1364 - Incident Handling | Dynamic Reconfiguration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1364"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4c615c2a-dc83-4dda-8220-abce7b50c9bc","type":"Microsoft.Authorization/policyDefinitions","name":"4c615c2a-dc83-4dda-8220-abce7b50c9bc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1661 - Session Authenticity | Invalidate Session Identifiers
+ At Logout","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1661"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4c643c9a-1be7-4016-a5e7-e4bada052920","type":"Microsoft.Authorization/policyDefinitions","name":"4c643c9a-1be7-4016-a5e7-e4bada052920"},{"properties":{"displayName":"Microsoft
+ Managed Control 1373 - Incident Reporting | Automated Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1373"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4cca950f-c3b7-492a-8e8f-ea39663c14f9","type":"Microsoft.Authorization/policyDefinitions","name":"4cca950f-c3b7-492a-8e8f-ea39663c14f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1632 - Boundary Protection | Prevent Split Tunneling For Remote
+ Devices","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1632"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4ce9073a-77fa-48f0-96b1-87aa8e6091c2","type":"Microsoft.Authorization/policyDefinitions","name":"4ce9073a-77fa-48f0-96b1-87aa8e6091c2"},{"properties":{"displayName":"Deploy
prerequisites to audit Linux VMs that do not have the specified applications
installed","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Linux virtual machines that
@@ -5509,19 +9457,90 @@ interactions:
['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721","type":"Microsoft.Authorization/policyDefinitions","name":"4d1c04de-2172-403f-901b-90608c35c721"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721","type":"Microsoft.Authorization/policyDefinitions","name":"4d1c04de-2172-403f-901b-90608c35c721"},{"properties":{"displayName":"FTPS
+ should be required in your Web App","policyType":"BuiltIn","mode":"Indexed","description":"Enable
+ FTPS enforcement for enhanced security","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/ftpsState","equals":"FtpsOnly"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","type":"Microsoft.Authorization/policyDefinitions","name":"4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1155 - System Interconnections | Restrictions On External
+ System Connections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1155"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d33f9f1-12d0-46ad-9fbd-8f8046694977","type":"Microsoft.Authorization/policyDefinitions","name":"4d33f9f1-12d0-46ad-9fbd-8f8046694977"},{"properties":{"displayName":"Microsoft
+ Managed Control 1156 - Plan Of Action And Milestones","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1156"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d52e864-9a3b-41ee-8f03-520815fe5378","type":"Microsoft.Authorization/policyDefinitions","name":"4d52e864-9a3b-41ee-8f03-520815fe5378"},{"properties":{"displayName":"Microsoft
+ Managed Control 1312 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1312"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d6a5968-9eef-4c18-8534-376790ab7274","type":"Microsoft.Authorization/policyDefinitions","name":"4d6a5968-9eef-4c18-8534-376790ab7274"},{"properties":{"displayName":"[Preview]:
Deploy Dependency Agent for Linux VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined
and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''),
''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee","type":"Microsoft.Authorization/policyDefinitions","name":"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee"},{"properties":{"displayName":"A
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee","type":"Microsoft.Authorization/policyDefinitions","name":"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Data Lake Analytics to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Analytics to stream to a regional Event
+ Hub when any Data Lake Analytics which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeAnalytics/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeAnalytics/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4daddf25-4823-43d4-88eb-2419eb6dcc08","type":"Microsoft.Authorization/policyDefinitions","name":"4daddf25-4823-43d4-88eb-2419eb6dcc08"},{"properties":{"displayName":"Microsoft
+ Managed Control 1394 - System Maintenance Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1394"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4db56f68-3f50-45ab-88f3-ca46f5379a94","type":"Microsoft.Authorization/policyDefinitions","name":"4db56f68-3f50-45ab-88f3-ca46f5379a94"},{"properties":{"displayName":"Microsoft
+ Managed Control 1702 - Information System Monitoring | Indicators Of Compromise","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1702"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4dfc0855-92c4-4641-b155-a55ddd962362","type":"Microsoft.Authorization/policyDefinitions","name":"4dfc0855-92c4-4641-b155-a55ddd962362"},{"properties":{"displayName":"Microsoft
+ Managed Control 1001 - Access Control Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1001"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e26f8c3-4bf3-4191-b8fc-d888805101b7","type":"Microsoft.Authorization/policyDefinitions","name":"4e26f8c3-4bf3-4191-b8fc-d888805101b7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1083 - Publicly Accessible Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1083"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e319cb6-2ca3-4a58-ad75-e67f484e50ec","type":"Microsoft.Authorization/policyDefinitions","name":"4e319cb6-2ca3-4a58-ad75-e67f484e50ec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1579 - Acquisition Process | Use Of Approved Piv Products","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1579"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e54c7ef-7457-430b-9a3e-ef8881d4a8e0","type":"Microsoft.Authorization/policyDefinitions","name":"4e54c7ef-7457-430b-9a3e-ef8881d4a8e0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1247 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1247"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e666db5-b2ef-4b06-aac6-09bfce49151b","type":"Microsoft.Authorization/policyDefinitions","name":"4e666db5-b2ef-4b06-aac6-09bfce49151b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1196 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1196"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e7f4ea4-dd62-44f6-8886-ac6137cf52b0","type":"Microsoft.Authorization/policyDefinitions","name":"4e7f4ea4-dd62-44f6-8886-ac6137cf52b0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1134 - Protection Of Audit Information | Access By Subset
+ Of Privileged Users","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1134"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e95f70e-181c-4422-9da2-43079710c789","type":"Microsoft.Authorization/policyDefinitions","name":"4e95f70e-181c-4422-9da2-43079710c789"},{"properties":{"displayName":"Microsoft
+ Managed Control 1267 - Alternate Storage Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1267"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e97ba1d-be5d-4953-8da4-0cccf28f4805","type":"Microsoft.Authorization/policyDefinitions","name":"4e97ba1d-be5d-4953-8da4-0cccf28f4805"},{"properties":{"displayName":"Microsoft
+ Managed Control 1192 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1192"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4ebd97f7-b105-4f50-8daf-c51465991240","type":"Microsoft.Authorization/policyDefinitions","name":"4ebd97f7-b105-4f50-8daf-c51465991240"},{"properties":{"displayName":"Microsoft
+ Managed Control 1139 - Audit Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1139"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4ed62522-de00-4dda-9810-5205733d2f34","type":"Microsoft.Authorization/policyDefinitions","name":"4ed62522-de00-4dda-9810-5205733d2f34"},{"properties":{"displayName":"A
maximum of 3 owners should be designated for your subscription","policyType":"BuiltIn","mode":"All","description":"It
is recommended to designate up to 3 subscription owners in order to reduce
the potential for breach by a compromised owner.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateLessThanXOwners","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","type":"Microsoft.Authorization/policyDefinitions","name":"4f11b553-d42e-4e3a-89be-32ca364cad4c"},{"properties":{"displayName":"A
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateLessThanXOwners","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","type":"Microsoft.Authorization/policyDefinitions","name":"4f11b553-d42e-4e3a-89be-32ca364cad4c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1442 - Media Sanitization | Nondestructive Techniques","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1442"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f26049b-2c5a-4841-9ff3-d48a26aae475","type":"Microsoft.Authorization/policyDefinitions","name":"4f26049b-2c5a-4841-9ff3-d48a26aae475"},{"properties":{"displayName":"Microsoft
+ Managed Control 1182 - Baseline Configuration | Configure Systems, Components,
+ Or Devices For High-Risk Areas","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1182"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f34f554-da4b-4786-8d66-7915c90893da","type":"Microsoft.Authorization/policyDefinitions","name":"4f34f554-da4b-4786-8d66-7915c90893da"},{"properties":{"displayName":"A
security contact email address should be provided for your subscription","policyType":"BuiltIn","mode":"All","description":"Enter
an email address to receive notifications when Azure Security Center detects
compromised resources","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -5538,7 +9557,17 @@ interactions:
Vulnerability Assessment should be enabled on Virtual Machines","policyType":"BuiltIn","mode":"All","description":"Monitors
vulnerabilities detected by Azure Security Center Vulnerability Assessment
on Virtual Machines","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"serverVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["NotApplicable","OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","type":"Microsoft.Authorization/policyDefinitions","name":"501541f7-f7e7-4cd6-868c-4190fdad3ac9"},{"properties":{"displayName":"A
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"serverVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["NotApplicable","OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","type":"Microsoft.Authorization/policyDefinitions","name":"501541f7-f7e7-4cd6-868c-4190fdad3ac9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1485 - Delivery And Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1485"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50301354-95d0-4a11-8af5-8039ecf6d38b","type":"Microsoft.Authorization/policyDefinitions","name":"50301354-95d0-4a11-8af5-8039ecf6d38b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1646 - Cryptographic Key Establishment And Management | Asymmetric
+ Keys","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1646"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/506814fa-b930-4b10-894e-a45b98c40e1a","type":"Microsoft.Authorization/policyDefinitions","name":"506814fa-b930-4b10-894e-a45b98c40e1a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1566 - System Development Life Cycle","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1566"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50ad3724-e2ac-4716-afcc-d8eabd97adb9","type":"Microsoft.Authorization/policyDefinitions","name":"50ad3724-e2ac-4716-afcc-d8eabd97adb9"},{"properties":{"displayName":"A
custom IPsec/IKE policy must be applied to all Azure virtual network gateway
connections","policyType":"BuiltIn","mode":"All","description":"This policy
ensures that all Azure virtual network gateway connections use a custom Internet
@@ -5550,37 +9579,146 @@ interactions:
Encryption","description":"IKE Encryption"}},"IKEIntegrity":{"type":"Array","metadata":{"displayName":"IKE
Integrity","description":"IKE Integrity"}},"DHGroup":{"type":"Array","metadata":{"displayName":"DH
Group","description":"DH Group"}},"PFSGroup":{"type":"Array","metadata":{"displayName":"PFS
- Group","description":"PFS Group"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/connections"},{"anyOf":[{"field":"Microsoft.Network/connections/ipsecPolicies[*].ipsecEncryption","notIn":"[parameters(''IPsecEncryption'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ipsecIntegrity","notIn":"[parameters(''IPsecIntegrity'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ikeEncryption","notIn":"[parameters(''IKEEncryption'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ikeIntegrity","notIn":"[parameters(''IKEIntegrity'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].dhGroup","notIn":"[parameters(''DHGroup'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].pfsGroup","notIn":"[parameters(''PFSGroup'')]"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50b83b09-03da-41c1-b656-c293c914862b","type":"Microsoft.Authorization/policyDefinitions","name":"50b83b09-03da-41c1-b656-c293c914862b"},{"properties":{"displayName":"Connection
+ Group","description":"PFS Group"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/connections"},{"anyOf":[{"field":"Microsoft.Network/connections/ipsecPolicies[*].ipsecEncryption","notIn":"[parameters(''IPsecEncryption'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ipsecIntegrity","notIn":"[parameters(''IPsecIntegrity'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ikeEncryption","notIn":"[parameters(''IKEEncryption'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ikeIntegrity","notIn":"[parameters(''IKEIntegrity'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].dhGroup","notIn":"[parameters(''DHGroup'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].pfsGroup","notIn":"[parameters(''PFSGroup'')]"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50b83b09-03da-41c1-b656-c293c914862b","type":"Microsoft.Authorization/policyDefinitions","name":"50b83b09-03da-41c1-b656-c293c914862b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1248 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1248"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50fc602d-d8e0-444b-a039-ad138ee5deb0","type":"Microsoft.Authorization/policyDefinitions","name":"50fc602d-d8e0-444b-a039-ad138ee5deb0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1386 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1386"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5120193e-91fd-4f9d-bc6d-194f94734065","type":"Microsoft.Authorization/policyDefinitions","name":"5120193e-91fd-4f9d-bc6d-194f94734065"},{"properties":{"displayName":"Microsoft
+ Managed Control 1352 - Incident Response Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1352"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/518cb545-bfa8-43f8-a108-3b7d5037469a","type":"Microsoft.Authorization/policyDefinitions","name":"518cb545-bfa8-43f8-a108-3b7d5037469a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1642 - Network Disconnect","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1642"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/53397227-5ee3-4b23-9e5e-c8a767ce6928","type":"Microsoft.Authorization/policyDefinitions","name":"53397227-5ee3-4b23-9e5e-c8a767ce6928"},{"properties":{"displayName":"Connection
throttling should be enabled for PostgreSQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy helps audit any PostgreSQL databases in your environment without Connection
throttling enabled. This setting enables temporary connection throttling per
IP for too many invalid password login failures.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"connection_throttling","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd","type":"Microsoft.Authorization/policyDefinitions","name":"5345bb39-67dc-4960-a1bf-427e16b9a0bd"},{"properties":{"displayName":"CORS
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"connection_throttling","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd","type":"Microsoft.Authorization/policyDefinitions","name":"5345bb39-67dc-4960-a1bf-427e16b9a0bd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1467 - Visitor Access Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1467"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5350cbf9-8bdd-4904-b22a-e88be84ca49d","type":"Microsoft.Authorization/policyDefinitions","name":"5350cbf9-8bdd-4904-b22a-e88be84ca49d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1183 - Baseline Configuration | Configure Systems, Components,
+ Or Devices For High-Risk Areas","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1183"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5352e3e0-e63a-452e-9e5f-9c1d181cff9c","type":"Microsoft.Authorization/policyDefinitions","name":"5352e3e0-e63a-452e-9e5f-9c1d181cff9c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1029 - Information Flow Enforcement | Security Policy Filters","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1029"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69","type":"Microsoft.Authorization/policyDefinitions","name":"53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69"},{"properties":{"displayName":"Microsoft
+ Managed Control 1270 - Alternate Storage Site | Recovery Time / Point Objectives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1270"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/53c76a39-2097-408a-b237-b279f7b4614d","type":"Microsoft.Authorization/policyDefinitions","name":"53c76a39-2097-408a-b237-b279f7b4614d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1040 - Least Privilege | Review Of User Privileges","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1040"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/54205576-cec9-463f-ba44-b4b3f5d0a84c","type":"Microsoft.Authorization/policyDefinitions","name":"54205576-cec9-463f-ba44-b4b3f5d0a84c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1015 - Account Management | Disable Inactive Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1015"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/544a208a-9c3f-40bc-b1d1-d7e144495c14","type":"Microsoft.Authorization/policyDefinitions","name":"544a208a-9c3f-40bc-b1d1-d7e144495c14"},{"properties":{"displayName":"Microsoft
+ Managed Control 1026 - Account Management | Disable Accounts For High-Risk
+ Individuals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1026"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/55419419-c597-4cd4-b51e-009fd2266783","type":"Microsoft.Authorization/policyDefinitions","name":"55419419-c597-4cd4-b51e-009fd2266783"},{"properties":{"displayName":"Microsoft
+ Managed Control 1045 - Unsuccessful Logon Attempts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1045"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/554d2dd6-f3a8-4ad5-b66f-5ce23bd18892","type":"Microsoft.Authorization/policyDefinitions","name":"554d2dd6-f3a8-4ad5-b66f-5ce23bd18892"},{"properties":{"displayName":"Microsoft
+ Managed Control 1523 - Personnel Transfer","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1523"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5577a310-2551-49c8-803b-36e0d5e55601","type":"Microsoft.Authorization/policyDefinitions","name":"5577a310-2551-49c8-803b-36e0d5e55601"},{"properties":{"displayName":"Microsoft
+ Managed Control 1113 - Response To Audit Processing Failures | Audit Storage
+ Capacity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1113"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/562afd61-56be-4313-8fe4-b9564aa4ba7d","type":"Microsoft.Authorization/policyDefinitions","name":"562afd61-56be-4313-8fe4-b9564aa4ba7d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1212 - Configuration Settings | Automated Central Management
+ / Application / Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1212"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/56d970ee-4efc-49c8-8a4e-5916940d784c","type":"Microsoft.Authorization/policyDefinitions","name":"56d970ee-4efc-49c8-8a4e-5916940d784c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1403 - Controlled Maintenance | Automated Maintenance Activities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1403"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/57149289-d52b-4f40-9fe6-5233c1ef80f7","type":"Microsoft.Authorization/policyDefinitions","name":"57149289-d52b-4f40-9fe6-5233c1ef80f7"},{"properties":{"displayName":"CORS
should not allow every resource to access your Web Applications","policyType":"BuiltIn","mode":"Indexed","description":"Cross-Origin
Resource Sharing (CORS) should not allow all domains to access your web application.
Allow only required domains to interact with your web app.","metadata":{"category":"App
Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","type":"Microsoft.Authorization/policyDefinitions","name":"5744710e-cc2f-4ee8-8809-3b11e89f4bc9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","type":"Microsoft.Authorization/policyDefinitions","name":"5744710e-cc2f-4ee8-8809-3b11e89f4bc9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1162 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1162"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592","type":"Microsoft.Authorization/policyDefinitions","name":"5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592"},{"properties":{"displayName":"Microsoft
+ Managed Control 1054 - Session Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1054"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5807e1b4-ba5e-4718-8689-a0ca05a191b2","type":"Microsoft.Authorization/policyDefinitions","name":"5807e1b4-ba5e-4718-8689-a0ca05a191b2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1584 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1584"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5864522b-ff1d-4979-a9f8-58bee1fb174c","type":"Microsoft.Authorization/policyDefinitions","name":"5864522b-ff1d-4979-a9f8-58bee1fb174c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1547 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1547"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52","type":"Microsoft.Authorization/policyDefinitions","name":"58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52"},{"properties":{"displayName":"Microsoft
+ Managed Control 1573 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1573"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/58c93053-7b98-4cf0-b99f-1beb985416c2","type":"Microsoft.Authorization/policyDefinitions","name":"58c93053-7b98-4cf0-b99f-1beb985416c2"},{"properties":{"displayName":"[Deprecated]:
+ Ensure Function app is using the latest version of TLS encryption","policyType":"BuiltIn","mode":"Indexed","description":"Please
+ use /providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193
+ instead. The TLS(Transport Layer Security) protocol secures transmission of
+ data over the internet using standard encryption technology. Encryption should
+ be set with the latest version of TLS. App service allows TLS 1.2 by default,
+ which is the recommended TLS level by industry standards, such as PCI DSS","metadata":{"category":"App
+ Service","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/58d94fc1-a072-47c2-bd37-9cdb38e77453","type":"Microsoft.Authorization/policyDefinitions","name":"58d94fc1-a072-47c2-bd37-9cdb38e77453"},{"properties":{"displayName":"Microsoft
+ Managed Control 1063 - Remote Access | Managed Access Control Points","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1063"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/593ce201-54b2-4dd0-b34f-c308005d7780","type":"Microsoft.Authorization/policyDefinitions","name":"593ce201-54b2-4dd0-b34f-c308005d7780"},{"properties":{"displayName":"Microsoft
+ Managed Control 1463 - Monitoring Physical Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1463"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/59721f87-ae25-4db0-a2a4-77cc5b25d495","type":"Microsoft.Authorization/policyDefinitions","name":"59721f87-ae25-4db0-a2a4-77cc5b25d495"},{"properties":{"displayName":"Microsoft
+ Managed Control 1425 - Timely Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1425"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5983d99c-f39b-4c32-a3dc-170f19f6941b","type":"Microsoft.Authorization/policyDefinitions","name":"5983d99c-f39b-4c32-a3dc-170f19f6941b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1512 - Personnel Screening","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1512"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5a8324ad-f599-429b-aaed-f9c6e8c987a8","type":"Microsoft.Authorization/policyDefinitions","name":"5a8324ad-f599-429b-aaed-f9c6e8c987a8"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that do not have a minimum password age
of 1 day","policyType":"BuiltIn","mode":"All","description":"This policy should
only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that do not have a minimum password age of 1 day. For more
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","type":"Microsoft.Authorization/policyDefinitions","name":"5aa11bbc-5c76-4302-80e5-aba46a4282e7"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","type":"Microsoft.Authorization/policyDefinitions","name":"5aa11bbc-5c76-4302-80e5-aba46a4282e7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1032 - Separation Of Duties","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1032"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aa85661-d618-46b8-a20f-ca40a86f0751","type":"Microsoft.Authorization/policyDefinitions","name":"5aa85661-d618-46b8-a20f-ca40a86f0751"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that do not restrict the minimum password
length to 14 characters","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that do not restrict the minimum password
length to 14 characters. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","type":"Microsoft.Authorization/policyDefinitions","name":"5aebc8d1-020d-4037-89a0-02043a7524ec"},{"properties":{"displayName":"Show
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","type":"Microsoft.Authorization/policyDefinitions","name":"5aebc8d1-020d-4037-89a0-02043a7524ec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1555 - Vulnerability Scanning | Privileged Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1555"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5afa8cab-1ed7-4e40-884c-64e0ac2059cc","type":"Microsoft.Authorization/policyDefinitions","name":"5afa8cab-1ed7-4e40-884c-64e0ac2059cc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1205 - Access Restrictions For Change | Signed Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1205"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b070cab-0fb8-4e48-ad29-fc90b4c2797c","type":"Microsoft.Authorization/policyDefinitions","name":"5b070cab-0fb8-4e48-ad29-fc90b4c2797c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1005 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1005"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b626abc-26d4-4e22-9de8-3831818526b1","type":"Microsoft.Authorization/policyDefinitions","name":"5b626abc-26d4-4e22-9de8-3831818526b1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1105 - Audit Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1105"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b73f57b-587d-4470-a344-0b0ae805f459","type":"Microsoft.Authorization/policyDefinitions","name":"5b73f57b-587d-4470-a344-0b0ae805f459"},{"properties":{"displayName":"Show
audit results from Linux VMs that have the specified applications installed","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Linux virtual machines that have the specified applications installed.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"not_installed_application_linux","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8","type":"Microsoft.Authorization/policyDefinitions","name":"5b842acb-0fe7-41b0-9f40-880ec4ad84d8"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"not_installed_application_linux","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8","type":"Microsoft.Authorization/policyDefinitions","name":"5b842acb-0fe7-41b0-9f40-880ec4ad84d8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1433 - Media Transport","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1433"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b879b41-2728-41c5-ad24-9ee2c37cbe65","type":"Microsoft.Authorization/policyDefinitions","name":"5b879b41-2728-41c5-ad24-9ee2c37cbe65"},{"properties":{"displayName":"Ensure
+ WEB app has ''Client Certificates (Incoming client certificates)'' set to
+ ''On''","policyType":"BuiltIn","mode":"Indexed","description":"Client certificates
+ allow for the app to request a certificate for incoming requests. Only clients
+ that have a valid certificate will be able to reach the app.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"},{"field":"Microsoft.Web/sites/clientCertEnabled","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","type":"Microsoft.Authorization/policyDefinitions","name":"5bb220d9-2698-4ee4-8404-b9c30c9df609"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs on which the remote host connection
status does not match the specified one","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5608,7 +9746,10 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;host","value":"[parameters(''host'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;port","value":"[parameters(''port'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;shouldConnect","value":"[parameters(''shouldConnect'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5bb36dda-8a78-4df9-affd-4f05a8612a8a","type":"Microsoft.Authorization/policyDefinitions","name":"5bb36dda-8a78-4df9-affd-4f05a8612a8a"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5bb36dda-8a78-4df9-affd-4f05a8612a8a","type":"Microsoft.Authorization/policyDefinitions","name":"5bb36dda-8a78-4df9-affd-4f05a8612a8a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1551 - Vulnerability Scanning | Update Tool Capability","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1551"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5bbda922-0172-4095-89e6-5b4a0bf03af7","type":"Microsoft.Authorization/policyDefinitions","name":"5bbda922-0172-4095-89e6-5b4a0bf03af7"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Network Security''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -5624,16 +9765,38 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","type":"Microsoft.Authorization/policyDefinitions","name":"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138"},{"properties":{"displayName":"External
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","type":"Microsoft.Authorization/policyDefinitions","name":"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138"},{"properties":{"displayName":"Microsoft
+ Managed Control 1671 - Flaw Remediation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1671"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c5bbef7-a316-415b-9b38-29753ce8e698","type":"Microsoft.Authorization/policyDefinitions","name":"5c5bbef7-a316-415b-9b38-29753ce8e698"},{"properties":{"displayName":"Microsoft
+ Managed Control 1067 - Wireless Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1067"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c5e54f6-0127-44d0-8b61-f31dc8dd6190","type":"Microsoft.Authorization/policyDefinitions","name":"5c5e54f6-0127-44d0-8b61-f31dc8dd6190"},{"properties":{"displayName":"External
accounts with write permissions should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"External
accounts with write privileges should be removed from your subscription in
order to prevent unmonitored access.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","type":"Microsoft.Authorization/policyDefinitions","name":"5c607a2e-c700-4744-8254-d77e7c9eb5e4"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","type":"Microsoft.Authorization/policyDefinitions","name":"5c607a2e-c700-4744-8254-d77e7c9eb5e4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1483 - Water Damage Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1483"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5cb81060-3c8a-4968-bcdc-395a1801f6c1","type":"Microsoft.Authorization/policyDefinitions","name":"5cb81060-3c8a-4968-bcdc-395a1801f6c1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1362 - Incident Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1362"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5d169442-d6ef-439b-8dca-46c2c3248214","type":"Microsoft.Authorization/policyDefinitions","name":"5d169442-d6ef-439b-8dca-46c2c3248214"},{"properties":{"displayName":"Microsoft
+ Managed Control 1014 - Account Management | Removal Of Temporary / Emergency
+ Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1014"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5dee936c-8037-4df1-ab35-6635733da48c","type":"Microsoft.Authorization/policyDefinitions","name":"5dee936c-8037-4df1-ab35-6635733da48c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1665 - Process Isolation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1665"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5df3a55c-8456-44d4-941e-175f79332512","type":"Microsoft.Authorization/policyDefinitions","name":"5df3a55c-8456-44d4-941e-175f79332512"},{"properties":{"displayName":"[Deprecated]:
Function App should only be accessible over HTTPS","policyType":"BuiltIn","mode":"All","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"Security
Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForFunctionApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55","type":"Microsoft.Authorization/policyDefinitions","name":"5df82f4f-773a-4a2d-97a2-422a806f1a55"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForFunctionApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55","type":"Microsoft.Authorization/policyDefinitions","name":"5df82f4f-773a-4a2d-97a2-422a806f1a55"},{"properties":{"displayName":"Microsoft
+ Managed Control 1251 - Contingency Plan | Coordinate With Related Plans","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1251"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e2b3730-8c14-4081-8893-19dbb5de7348","type":"Microsoft.Authorization/policyDefinitions","name":"5e2b3730-8c14-4081-8893-19dbb5de7348"},{"properties":{"displayName":"[Deprecated]:
Audit Web Applications that are not using latest supported .NET Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported .NET Framework version for the latest security classes.
Using older classes and types can make your application vulnerable.","metadata":{"category":"Security
@@ -5645,7 +9808,13 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that do not have the specified applications installed. For
more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WhitelistedApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9","type":"Microsoft.Authorization/policyDefinitions","name":"5e393799-e3ca-4e43-a9a5-0ec4648a57d9"},{"properties":{"displayName":"[Deprecated]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WhitelistedApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9","type":"Microsoft.Authorization/policyDefinitions","name":"5e393799-e3ca-4e43-a9a5-0ec4648a57d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1116 - Audit Review, Analysis, And Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1116"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e47bc51-35d1-44b8-92af-e2f2d8b67635","type":"Microsoft.Authorization/policyDefinitions","name":"5e47bc51-35d1-44b8-92af-e2f2d8b67635"},{"properties":{"displayName":"Microsoft
+ Managed Control 1208 - Configuration Settings","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1208"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ea87673-d06b-456f-a324-8abcee5c159f","type":"Microsoft.Authorization/policyDefinitions","name":"5ea87673-d06b-456f-a324-8abcee5c159f"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation only in India data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation in the following locations only: West India, South India,
Central India","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["westindia","southindia","centralindia"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54","type":"Microsoft.Authorization/policyDefinitions","name":"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54"},{"properties":{"displayName":"[Preview]:
@@ -5663,7 +9832,11 @@ interactions:
''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachineScaleSets/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069","type":"Microsoft.Authorization/policyDefinitions","name":"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069"},{"properties":{"displayName":"External
+ extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069","type":"Microsoft.Authorization/policyDefinitions","name":"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069"},{"properties":{"displayName":"Microsoft
+ Managed Control 1576 - Acquisition Process | Design / Implementation Information
+ For Security Controls","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1576"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5f18c885-ade3-48c5-80b1-8f9216019c18","type":"Microsoft.Authorization/policyDefinitions","name":"5f18c885-ade3-48c5-80b1-8f9216019c18"},{"properties":{"displayName":"External
accounts with read permissions should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"External
accounts with read privileges should be removed from your subscription in
order to prevent unmonitored access.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -5675,7 +9848,10 @@ interactions:
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"field":"[concat(''tags['',
parameters(''tagName''), '']'')]","notEquals":"[parameters(''tagValue'')]"},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"addOrReplace","field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ffd78d9-436d-4b41-a421-5baa819e3008","type":"Microsoft.Authorization/policyDefinitions","name":"5ffd78d9-436d-4b41-a421-5baa819e3008"},{"properties":{"displayName":"[Preview]:
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ffd78d9-436d-4b41-a421-5baa819e3008","type":"Microsoft.Authorization/policyDefinitions","name":"5ffd78d9-436d-4b41-a421-5baa819e3008"},{"properties":{"displayName":"Microsoft
+ Managed Control 1663 - Protection Of Information At Rest","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1663"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/60171210-6dde-40af-a144-bf2670518bfa","type":"Microsoft.Authorization/policyDefinitions","name":"60171210-6dde-40af-a144-bf2670518bfa"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Object Access''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -5701,19 +9877,87 @@ interactions:
a storage account in the same region and resource group as the SQL server
to store scan results, with a ''sqlva'' prefix.","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/securityAlertPolicies.state","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3","/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"serverName":{"type":"string"},"location":{"type":"string"}},"variables":{"serverResourceGroupName":"[resourceGroup().name]","subscriptionId":"[subscription().subscriptionId]","uniqueStorage":"[uniqueString(variables(''subscriptionId''),
variables(''serverResourceGroupName''), parameters(''location''))]","storageName":"[tolower(concat(''sqlva'',
- variables(''uniqueStorage'')))]"},"resources":[{"type":"Microsoft.Storage/storageAccounts","name":"[variables(''storageName'')]","apiVersion":"2016-01-01","location":"[parameters(''location'')]","sku":{"name":"Standard_LRS"},"kind":"Storage","properties":{}},{"name":"[concat(parameters(''serverName''),
+ variables(''uniqueStorage'')))]"},"resources":[{"type":"Microsoft.Storage/storageAccounts","name":"[variables(''storageName'')]","apiVersion":"2019-04-01","location":"[parameters(''location'')]","sku":{"name":"Standard_LRS"},"kind":"StorageV2","properties":{}},{"name":"[concat(parameters(''serverName''),
''/Default'')]","type":"Microsoft.Sql/servers/securityAlertPolicies","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","emailAccountAdmins":true}},{"name":"[concat(parameters(''serverName''),
''/Default'')]","type":"Microsoft.Sql/servers/vulnerabilityAssessments","apiVersion":"2018-06-01-preview","properties":{"storageContainerPath":"[concat(reference(resourceId(''Microsoft.Storage/storageAccounts'',
variables(''storageName''))).primaryEndpoints.blob, ''vulnerability-assessment'')]","storageAccountAccessKey":"[listKeys(resourceId(''Microsoft.Storage/storageAccounts'',
variables(''storageName'')), ''2018-02-01'').keys[0].value]","recurringScans":{"isEnabled":true,"emailSubscriptionAdmins":true,"emails":[]}},"dependsOn":["[concat(''Microsoft.Storage/storageAccounts/'',
variables(''storageName''))]","[concat(''Microsoft.Sql/servers/'', parameters(''serverName''),
- ''/securityAlertPolicies/Default'')]"]}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6","type":"Microsoft.Authorization/policyDefinitions","name":"6134c3db-786f-471e-87bc-8f479dc890f6"},{"properties":{"displayName":"Service
+ ''/securityAlertPolicies/Default'')]"]}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6","type":"Microsoft.Authorization/policyDefinitions","name":"6134c3db-786f-471e-87bc-8f479dc890f6"},{"properties":{"displayName":"Configure
+ time zone on Windows machines.","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to set specified time zone
+ on Windows virtual machines.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"TimeZone":{"type":"String","metadata":{"displayName":"Time
+ zone","description":"The expected time zone"},"allowedValues":["(UTC-12:00)
+ International Date Line West","(UTC-11:00) Coordinated Universal Time-11","(UTC-10:00)
+ Aleutian Islands","(UTC-10:00) Hawaii","(UTC-09:30) Marquesas Islands","(UTC-09:00)
+ Alaska","(UTC-09:00) Coordinated Universal Time-09","(UTC-08:00) Baja California","(UTC-08:00)
+ Coordinated Universal Time-08","(UTC-08:00) Pacific Time (US & Canada)","(UTC-07:00)
+ Arizona","(UTC-07:00) Chihuahua, La Paz, Mazatlan","(UTC-07:00) Mountain Time
+ (US & Canada)","(UTC-06:00) Central America","(UTC-06:00) Central Time (US
+ & Canada)","(UTC-06:00) Easter Island","(UTC-06:00) Guadalajara, Mexico City,
+ Monterrey","(UTC-06:00) Saskatchewan","(UTC-05:00) Bogota, Lima, Quito, Rio
+ Branco","(UTC-05:00) Chetumal","(UTC-05:00) Eastern Time (US & Canada)","(UTC-05:00)
+ Haiti","(UTC-05:00) Havana","(UTC-05:00) Indiana (East)","(UTC-05:00) Turks
+ and Caicos","(UTC-04:00) Asuncion","(UTC-04:00) Atlantic Time (Canada)","(UTC-04:00)
+ Caracas","(UTC-04:00) Cuiaba","(UTC-04:00) Georgetown, La Paz, Manaus, San
+ Juan","(UTC-04:00) Santiago","(UTC-03:30) Newfoundland","(UTC-03:00) Araguaina","(UTC-03:00)
+ Brasilia","(UTC-03:00) Cayenne, Fortaleza","(UTC-03:00) City of Buenos Aires","(UTC-03:00)
+ Greenland","(UTC-03:00) Montevideo","(UTC-03:00) Punta Arenas","(UTC-03:00)
+ Saint Pierre and Miquelon","(UTC-03:00) Salvador","(UTC-02:00) Coordinated
+ Universal Time-02","(UTC-02:00) Mid-Atlantic - Old","(UTC-01:00) Azores","(UTC-01:00)
+ Cabo Verde Is.","(UTC) Coordinated Universal Time","(UTC+00:00) Dublin, Edinburgh,
+ Lisbon, London","(UTC+00:00) Monrovia, Reykjavik","(UTC+00:00) Sao Tome","(UTC+01:00)
+ Casablanca","(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna","(UTC+01:00)
+ Belgrade, Bratislava, Budapest, Ljubljana, Prague","(UTC+01:00) Brussels,
+ Copenhagen, Madrid, Paris","(UTC+01:00) Sarajevo, Skopje, Warsaw, Zagreb","(UTC+01:00)
+ West Central Africa","(UTC+02:00) Amman","(UTC+02:00) Athens, Bucharest","(UTC+02:00)
+ Beirut","(UTC+02:00) Cairo","(UTC+02:00) Chisinau","(UTC+02:00) Damascus","(UTC+02:00)
+ Gaza, Hebron","(UTC+02:00) Harare, Pretoria","(UTC+02:00) Helsinki, Kyiv,
+ Riga, Sofia, Tallinn, Vilnius","(UTC+02:00) Jerusalem","(UTC+02:00) Kaliningrad","(UTC+02:00)
+ Khartoum","(UTC+02:00) Tripoli","(UTC+02:00) Windhoek","(UTC+03:00) Baghdad","(UTC+03:00)
+ Istanbul","(UTC+03:00) Kuwait, Riyadh","(UTC+03:00) Minsk","(UTC+03:00) Moscow,
+ St. Petersburg","(UTC+03:00) Nairobi","(UTC+03:30) Tehran","(UTC+04:00) Abu
+ Dhabi, Muscat","(UTC+04:00) Astrakhan, Ulyanovsk","(UTC+04:00) Baku","(UTC+04:00)
+ Izhevsk, Samara","(UTC+04:00) Port Louis","(UTC+04:00) Saratov","(UTC+04:00)
+ Tbilisi","(UTC+04:00) Volgograd","(UTC+04:00) Yerevan","(UTC+04:30) Kabul","(UTC+05:00)
+ Ashgabat, Tashkent","(UTC+05:00) Ekaterinburg","(UTC+05:00) Islamabad, Karachi","(UTC+05:00)
+ Qyzylorda","(UTC+05:30) Chennai, Kolkata, Mumbai, New Delhi","(UTC+05:30)
+ Sri Jayawardenepura","(UTC+05:45) Kathmandu","(UTC+06:00) Astana","(UTC+06:00)
+ Dhaka","(UTC+06:00) Omsk","(UTC+06:30) Yangon (Rangoon)","(UTC+07:00) Bangkok,
+ Hanoi, Jakarta","(UTC+07:00) Barnaul, Gorno-Altaysk","(UTC+07:00) Hovd","(UTC+07:00)
+ Krasnoyarsk","(UTC+07:00) Novosibirsk","(UTC+07:00) Tomsk","(UTC+08:00) Beijing,
+ Chongqing, Hong Kong, Urumqi","(UTC+08:00) Irkutsk","(UTC+08:00) Kuala Lumpur,
+ Singapore","(UTC+08:00) Perth","(UTC+08:00) Taipei","(UTC+08:00) Ulaanbaatar","(UTC+08:45)
+ Eucla","(UTC+09:00) Chita","(UTC+09:00) Osaka, Sapporo, Tokyo","(UTC+09:00)
+ Pyongyang","(UTC+09:00) Seoul","(UTC+09:00) Yakutsk","(UTC+09:30) Adelaide","(UTC+09:30)
+ Darwin","(UTC+10:00) Brisbane","(UTC+10:00) Canberra, Melbourne, Sydney","(UTC+10:00)
+ Guam, Port Moresby","(UTC+10:00) Hobart","(UTC+10:00) Vladivostok","(UTC+10:30)
+ Lord Howe Island","(UTC+11:00) Bougainville Island","(UTC+11:00) Chokurdakh","(UTC+11:00)
+ Magadan","(UTC+11:00) Norfolk Island","(UTC+11:00) Sakhalin","(UTC+11:00)
+ Solomon Is., New Caledonia","(UTC+12:00) Anadyr, Petropavlovsk-Kamchatsky","(UTC+12:00)
+ Auckland, Wellington","(UTC+12:00) Coordinated Universal Time+12","(UTC+12:00)
+ Fiji","(UTC+12:00) Petropavlovsk-Kamchatsky - Old","(UTC+12:45) Chatham Islands","(UTC+13:00)
+ Coordinated Universal Time+13","(UTC+13:00) Nuku''alofa","(UTC+13:00) Samoa","(UTC+14:00)
+ Kiritimati Island"]}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"SetWindowsTimeZone","existenceCondition":{"allOf":[{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[WindowsTimeZone]WindowsTimeZone1;TimeZone'',
+ ''='', parameters(''TimeZone'')))]"},{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"SetWindowsTimeZone"},"TimeZone":{"value":"[parameters(''TimeZone'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"TimeZone":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","assignmentType":"DeployAndAutoCorrect","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","assignmentType":"DeployAndAutoCorrect","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6141c932-9384-44c6-a395-59e4c057d7c9","type":"Microsoft.Authorization/policyDefinitions","name":"6141c932-9384-44c6-a395-59e4c057d7c9"},{"properties":{"displayName":"Service
Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign","policyType":"BuiltIn","mode":"Indexed","description":"Service
Fabric provides three levels of protection (None, Sign and EncryptAndSign)
for node-to-node communication using a primary cluster certificate. Set the
protection level to ensure that all node-to-node messages are encrypted and
digitally signed","metadata":{"category":"Service Fabric"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceFabric/clusters"},{"anyOf":[{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].name","notEquals":"Security"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name","notEquals":"ClusterProtectionLevel"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value","notEquals":"EncryptAndSign"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","type":"Microsoft.Authorization/policyDefinitions","name":"617c02be-7f02-4efd-8836-3180d47b6c68"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceFabric/clusters"},{"anyOf":[{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].name","notEquals":"Security"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name","notEquals":"ClusterProtectionLevel"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value","notEquals":"EncryptAndSign"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","type":"Microsoft.Authorization/policyDefinitions","name":"617c02be-7f02-4efd-8836-3180d47b6c68"},{"properties":{"displayName":"Microsoft
+ Managed Control 1110 - Audit Storage Capacity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1110"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6182bfa7-0f2a-43f5-834a-a2ddf31c13c7","type":"Microsoft.Authorization/policyDefinitions","name":"6182bfa7-0f2a-43f5-834a-a2ddf31c13c7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1415 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1415"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/61a1dd98-b259-4840-abd5-fbba7ee0da83","type":"Microsoft.Authorization/policyDefinitions","name":"61a1dd98-b259-4840-abd5-fbba7ee0da83"},{"properties":{"displayName":"Microsoft
+ Managed Control 1153 - System Interconnections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1153"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/61cf3125-142c-4754-8a16-41ab4d529635","type":"Microsoft.Authorization/policyDefinitions","name":"61cf3125-142c-4754-8a16-41ab4d529635"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
System objects''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -5721,7 +9965,24 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - System objects''. For more information on Guest
Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsSystemobjects","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/620e58b5-ac75-49b4-993f-a9d4f0459636","type":"Microsoft.Authorization/policyDefinitions","name":"620e58b5-ac75-49b4-993f-a9d4f0459636"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsSystemobjects","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/620e58b5-ac75-49b4-993f-a9d4f0459636","type":"Microsoft.Authorization/policyDefinitions","name":"620e58b5-ac75-49b4-993f-a9d4f0459636"},{"properties":{"displayName":"Microsoft
+ Managed Control 1682 - Malicious Code Protection | Nonsignature-Based Detection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1682"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/62b638c5-29d7-404b-8d93-f21e4b1ce198","type":"Microsoft.Authorization/policyDefinitions","name":"62b638c5-29d7-404b-8d93-f21e4b1ce198"},{"properties":{"displayName":"Microsoft
+ Managed Control 1660 - Session Authenticity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1660"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/63096613-ce83-43e5-96f4-e588e8813554","type":"Microsoft.Authorization/policyDefinitions","name":"63096613-ce83-43e5-96f4-e588e8813554"},{"properties":{"displayName":"Microsoft
+ Managed Control 1002 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1002"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/632024c2-8079-439d-a7f6-90af1d78cc65","type":"Microsoft.Authorization/policyDefinitions","name":"632024c2-8079-439d-a7f6-90af1d78cc65"},{"properties":{"displayName":"Microsoft
+ Managed Control 1498 - Rules Of Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1498"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/633988b9-cf2f-4323-8394-f0d2af9cd6e1","type":"Microsoft.Authorization/policyDefinitions","name":"633988b9-cf2f-4323-8394-f0d2af9cd6e1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1177 - Baseline Configuration | Reviews And Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1177"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc","type":"Microsoft.Authorization/policyDefinitions","name":"63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1185 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1185"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6420cd73-b939-43b7-9d99-e8688fea053c","type":"Microsoft.Authorization/policyDefinitions","name":"6420cd73-b939-43b7-9d99-e8688fea053c"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Devices''","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5738,16 +9999,38 @@ interactions:
Allowed to format and eject removable media;ExpectedValue'', ''='', parameters(''DevicesAllowedToFormatAndEjectRemovableMedia'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsDevices"},"DevicesAllowedToFormatAndEjectRemovableMedia":{"value":"[parameters(''DevicesAllowedToFormatAndEjectRemovableMedia'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"DevicesAllowedToFormatAndEjectRemovableMedia":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Devices:
Allowed to format and eject removable media;ExpectedValue","value":"[parameters(''DevicesAllowedToFormatAndEjectRemovableMedia'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6481cc21-ed6e-4480-99dd-ea7c5222e897","type":"Microsoft.Authorization/policyDefinitions","name":"6481cc21-ed6e-4480-99dd-ea7c5222e897"},{"properties":{"displayName":"[Deprecated]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6481cc21-ed6e-4480-99dd-ea7c5222e897","type":"Microsoft.Authorization/policyDefinitions","name":"6481cc21-ed6e-4480-99dd-ea7c5222e897"},{"properties":{"displayName":"Microsoft
+ Managed Control 1441 - Media Sanitization | Equipment Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1441"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6519d7f3-e8a2-4ff3-a935-9a9497152ad7","type":"Microsoft.Authorization/policyDefinitions","name":"6519d7f3-e8a2-4ff3-a935-9a9497152ad7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1558 - Vulnerability Scanning | Correlate Scanning Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1558"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/65592b16-4367-42c5-a26e-d371be450e17","type":"Microsoft.Authorization/policyDefinitions","name":"65592b16-4367-42c5-a26e-d371be450e17"},{"properties":{"displayName":"[Deprecated]:
Audit missing blob encryption for storage accounts","policyType":"BuiltIn","mode":"All","description":"This
policy is no longer necessary because storage blob encryption is enabled by
default and cannot be turned off.","metadata":{"category":"Security Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759","type":"Microsoft.Authorization/policyDefinitions","name":"655cb504-bcee-4362-bd4c-402e6aa38759"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759","type":"Microsoft.Authorization/policyDefinitions","name":"655cb504-bcee-4362-bd4c-402e6aa38759"},{"properties":{"displayName":"Microsoft
+ Managed Control 1261 - Contingency Plan Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1261"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/65aeceb5-a59c-4cb1-8d82-9c474be5d431","type":"Microsoft.Authorization/policyDefinitions","name":"65aeceb5-a59c-4cb1-8d82-9c474be5d431"},{"properties":{"displayName":"[Deprecated]:
Audit IP restrictions configuration for a Function App","policyType":"BuiltIn","mode":"All","description":"IP
Restrictions allow you to define a list of IP addresses that are allowed to
access your app. Use of IP Restrictions protects a Function app from common
attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90","type":"Microsoft.Authorization/policyDefinitions","name":"664346d9-be92-43fb-a219-d595eeb76a90"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90","type":"Microsoft.Authorization/policyDefinitions","name":"664346d9-be92-43fb-a219-d595eeb76a90"},{"properties":{"displayName":"Microsoft
+ Managed Control 1444 - Media Use | Prohibit Use Without Owner","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1444"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/666143df-f5e0-45bd-b554-135f0f93e44e","type":"Microsoft.Authorization/policyDefinitions","name":"666143df-f5e0-45bd-b554-135f0f93e44e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1319 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1319"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/66f7ae57-5560-4fc5-85c9-659f204e7a42","type":"Microsoft.Authorization/policyDefinitions","name":"66f7ae57-5560-4fc5-85c9-659f204e7a42"},{"properties":{"displayName":"Microsoft
+ Managed Control 1628 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1628"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/67de62b4-a737-4781-8861-3baed3c35069","type":"Microsoft.Authorization/policyDefinitions","name":"67de62b4-a737-4781-8861-3baed3c35069"},{"properties":{"displayName":"Microsoft
+ Managed Control 1377 - Incident Response Assistance | Coordination With External
+ Providers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1377"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68434bd1-e14b-4031-9edb-a4adf5f84a67","type":"Microsoft.Authorization/policyDefinitions","name":"68434bd1-e14b-4031-9edb-a4adf5f84a67"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs on which the Log Analytics agent
is not connected as expected","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5766,7 +10049,35 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LogAnalyticsAgent]LogAnalyticsAgent1;WorkspaceId","value":"[parameters(''WorkspaceId'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68511db2-bd02-41c4-ae6b-1900a012968a","type":"Microsoft.Authorization/policyDefinitions","name":"68511db2-bd02-41c4-ae6b-1900a012968a"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68511db2-bd02-41c4-ae6b-1900a012968a","type":"Microsoft.Authorization/policyDefinitions","name":"68511db2-bd02-41c4-ae6b-1900a012968a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1597 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1597"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68b250ec-2e4f-4eee-898a-117a9fda7016","type":"Microsoft.Authorization/policyDefinitions","name":"68b250ec-2e4f-4eee-898a-117a9fda7016"},{"properties":{"displayName":"Microsoft
+ Managed Control 1588 - External Information System Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1588"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68ebae26-e0e0-4ecb-8379-aabf633b51e9","type":"Microsoft.Authorization/policyDefinitions","name":"68ebae26-e0e0-4ecb-8379-aabf633b51e9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1070 - Wireless Access | Disable Wireless Networking","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1070"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68f837d0-8942-4b1e-9b31-be78b247bda8","type":"Microsoft.Authorization/policyDefinitions","name":"68f837d0-8942-4b1e-9b31-be78b247bda8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1727 - Memory Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1727"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/697175a7-9715-4e89-b98b-c6f605888fa3","type":"Microsoft.Authorization/policyDefinitions","name":"697175a7-9715-4e89-b98b-c6f605888fa3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1652 - Mobile Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1652"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6998e84a-2d29-4e10-8962-76754d4f772d","type":"Microsoft.Authorization/policyDefinitions","name":"6998e84a-2d29-4e10-8962-76754d4f772d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1699 - Information System Monitoring | Privileged Users","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1699"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/69c7bee8-bc19-4129-a51e-65a7b39d3e7c","type":"Microsoft.Authorization/policyDefinitions","name":"69c7bee8-bc19-4129-a51e-65a7b39d3e7c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1696 - Information System Monitoring | Correlate Monitoring
+ Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1696"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/69d2a238-20ab-4206-a6dc-f302bf88b1b8","type":"Microsoft.Authorization/policyDefinitions","name":"69d2a238-20ab-4206-a6dc-f302bf88b1b8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1244 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1244"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a13a8f8-c163-4b1b-8554-d63569dab937","type":"Microsoft.Authorization/policyDefinitions","name":"6a13a8f8-c163-4b1b-8554-d63569dab937"},{"properties":{"displayName":"Microsoft
+ Managed Control 1019 - Account Management | Role-Based Schemes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1019"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a3ee9b2-3977-459c-b8ce-2db583abd9f7","type":"Microsoft.Authorization/policyDefinitions","name":"6a3ee9b2-3977-459c-b8ce-2db583abd9f7"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs on which Windows Defender Exploit
Guard is not enabled","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5793,29 +10104,108 @@ interactions:
Restrictions allow you to define a list of IP addresses that are allowed to
access your app. Use of IP Restrictions protects a web application from common
attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe","type":"Microsoft.Authorization/policyDefinitions","name":"6a8450e2-6c61-43b4-be65-62e3a197bffe"},{"properties":{"displayName":"Deprecated
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe","type":"Microsoft.Authorization/policyDefinitions","name":"6a8450e2-6c61-43b4-be65-62e3a197bffe"},{"properties":{"displayName":"Microsoft
+ Managed Control 1211 - Configuration Settings","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1211"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a8b9dc8-6b00-4701-aa96-bba3277ebf50","type":"Microsoft.Authorization/policyDefinitions","name":"6a8b9dc8-6b00-4701-aa96-bba3277ebf50"},{"properties":{"displayName":"[Deprecated]:
+ Ensure WEB app is using the latest version of TLS encryption ","policyType":"BuiltIn","mode":"Indexed","description":"Please
+ use /providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b
+ instead. The TLS(Transport Layer Security) protocol secures transmission of
+ data over the internet using standard encryption technology. Encryption should
+ be set with the latest version of TLS. App service allows TLS 1.2 by default,
+ which is the recommended TLS level by industry standards, such as PCI DSS.","metadata":{"category":"App
+ Service","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6ad61431-88ce-4357-a0e1-6da43f292bd7","type":"Microsoft.Authorization/policyDefinitions","name":"6ad61431-88ce-4357-a0e1-6da43f292bd7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1653 - Mobile Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1653"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b","type":"Microsoft.Authorization/policyDefinitions","name":"6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b"},{"properties":{"displayName":"Deprecated
accounts should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"Deprecated
accounts should be removed from your subscriptions. Deprecated accounts are
accounts that have been blocked from signing in.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveDeprecatedAccounts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","type":"Microsoft.Authorization/policyDefinitions","name":"6b1cbf55-e8b6-442f-ba4c-7246b6381474"},{"properties":{"displayName":"Not
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveDeprecatedAccounts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","type":"Microsoft.Authorization/policyDefinitions","name":"6b1cbf55-e8b6-442f-ba4c-7246b6381474"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Service Bus to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Service Bus to stream to a regional Event Hub
+ when any Service Bus which is missing this diagnostic settings is created
+ or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.ServiceBus/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b51af03-9277-49a9-a3f8-1c69c9ff7403","type":"Microsoft.Authorization/policyDefinitions","name":"6b51af03-9277-49a9-a3f8-1c69c9ff7403"},{"properties":{"displayName":"Microsoft
+ Managed Control 1031 - Separation Of Duties","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1031"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b93a801-fe25-4574-a60d-cb22acffae00","type":"Microsoft.Authorization/policyDefinitions","name":"6b93a801-fe25-4574-a60d-cb22acffae00"},{"properties":{"displayName":"Not
allowed resource types","policyType":"BuiltIn","mode":"All","description":"This
policy enables you to specify the resource types that your organization cannot
deploy.","metadata":{"category":"General"},"parameters":{"listOfResourceTypesNotAllowed":{"type":"Array","metadata":{"description":"The
list of resource types that cannot be deployed.","displayName":"Not allowed
- resource types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypesNotAllowed'')]"},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749","type":"Microsoft.Authorization/policyDefinitions","name":"6c112d4e-5bc7-47ae-a041-ea2d9dccd749"},{"properties":{"displayName":"Function
+ resource types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypesNotAllowed'')]"},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749","type":"Microsoft.Authorization/policyDefinitions","name":"6c112d4e-5bc7-47ae-a041-ea2d9dccd749"},{"properties":{"displayName":"Microsoft
+ Managed Control 1338 - Authenticator Management | Automated Support For Password
+ Strength Determination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1338"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6c59a207-6aed-41dc-83a2-e1ff66e4a4db","type":"Microsoft.Authorization/policyDefinitions","name":"6c59a207-6aed-41dc-83a2-e1ff66e4a4db"},{"properties":{"displayName":"Microsoft
+ Managed Control 1304 - Identification And Authentication (Org. Users) | Local
+ Access To Non-Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1304"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b","type":"Microsoft.Authorization/policyDefinitions","name":"6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1437 - Media Transport | Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1437"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d1eb6ed-bf13-4046-b993-b9e2aef0f76c","type":"Microsoft.Authorization/policyDefinitions","name":"6d1eb6ed-bf13-4046-b993-b9e2aef0f76c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1171 - Penetration Testing | Independent Penetration Agent
+ Or Team","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1171"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d4820bc-8b61-4982-9501-2123cb776c00","type":"Microsoft.Authorization/policyDefinitions","name":"6d4820bc-8b61-4982-9501-2123cb776c00"},{"properties":{"displayName":"Function
App should only be accessible over HTTPS","policyType":"BuiltIn","mode":"Indexed","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","type":"Microsoft.Authorization/policyDefinitions","name":"6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab"},{"properties":{"displayName":"Email
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","type":"Microsoft.Authorization/policyDefinitions","name":"6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab"},{"properties":{"displayName":"Microsoft
+ Managed Control 1643 - Cryptographic Key Establishment And Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1643"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d8d492c-dd7a-46f7-a723-fa66a425b87c","type":"Microsoft.Authorization/policyDefinitions","name":"6d8d492c-dd7a-46f7-a723-fa66a425b87c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1291 - Information System Backup | Testing For Reliability
+ / Integrity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1291"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912","type":"Microsoft.Authorization/policyDefinitions","name":"6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912"},{"properties":{"displayName":"Microsoft
+ Managed Control 1175 - Configuration Management Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1175"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6dab4254-c30d-4bb7-ae99-1d21586c063c","type":"Microsoft.Authorization/policyDefinitions","name":"6dab4254-c30d-4bb7-ae99-1d21586c063c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1651 - Mobile Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1651"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6db63528-c9ba-491c-8a80-83e1e6977a50","type":"Microsoft.Authorization/policyDefinitions","name":"6db63528-c9ba-491c-8a80-83e1e6977a50"},{"properties":{"displayName":"Email
notification for high severity alerts should be enabled","policyType":"BuiltIn","mode":"All","description":"Enable
emailing security alerts to the security contact, in order to have them receive
security alert emails from Microsoft. This ensures that the right people are
aware of any potential security issues and are able to mitigate the risks","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertNotifications","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","type":"Microsoft.Authorization/policyDefinitions","name":"6e2593d9-add6-4083-9c9b-4b7d2188c899"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertNotifications","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","type":"Microsoft.Authorization/policyDefinitions","name":"6e2593d9-add6-4083-9c9b-4b7d2188c899"},{"properties":{"displayName":"Microsoft
+ Managed Control 1586 - External Information System Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1586"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e3b2fbd-8f37-4766-a64d-3f37703dcb51","type":"Microsoft.Authorization/policyDefinitions","name":"6e3b2fbd-8f37-4766-a64d-3f37703dcb51"},{"properties":{"displayName":"Microsoft
+ Managed Control 1536 - Risk Assessment Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1536"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e40d9de-2ad4-4cb5-8945-23143326a502","type":"Microsoft.Authorization/policyDefinitions","name":"6e40d9de-2ad4-4cb5-8945-23143326a502"},{"properties":{"displayName":"Microsoft
+ Managed Control 1530 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1530"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e8f9566-29f1-49cd-b61f-f8628a3cf993","type":"Microsoft.Authorization/policyDefinitions","name":"6e8f9566-29f1-49cd-b61f-f8628a3cf993"},{"properties":{"displayName":"Microsoft
+ Managed Control 1460 - Access Control For Output Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1460"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6f3ce1bb-4f77-4695-8355-70b08d54fdda","type":"Microsoft.Authorization/policyDefinitions","name":"6f3ce1bb-4f77-4695-8355-70b08d54fdda"},{"properties":{"displayName":"Microsoft
+ Managed Control 1320 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1320"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6f54c732-71d4-4f93-a696-4e373eca3a77","type":"Microsoft.Authorization/policyDefinitions","name":"6f54c732-71d4-4f93-a696-4e373eca3a77"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation only in Japan data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
- resource creation in the following locations only: Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4","type":"Microsoft.Authorization/policyDefinitions","name":"6fdb9205-3462-4cfc-87d8-16c7860b53f4"},{"properties":{"displayName":"[Preview]:
+ resource creation in the following locations only: Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4","type":"Microsoft.Authorization/policyDefinitions","name":"6fdb9205-3462-4cfc-87d8-16c7860b53f4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1141 - Audit Generation | Changes By Authorized Individuals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1141"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fdefbf4-93e7-4513-bc95-c1858b7093e0","type":"Microsoft.Authorization/policyDefinitions","name":"6fdefbf4-93e7-4513-bc95-c1858b7093e0"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Microsoft Network Server''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -5823,7 +10213,19 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - Microsoft Network Server''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkServer","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fe4ef56-7576-4dc4-8e9c-26bad4b087ce","type":"Microsoft.Authorization/policyDefinitions","name":"6fe4ef56-7576-4dc4-8e9c-26bad4b087ce"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkServer","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fe4ef56-7576-4dc4-8e9c-26bad4b087ce","type":"Microsoft.Authorization/policyDefinitions","name":"6fe4ef56-7576-4dc4-8e9c-26bad4b087ce"},{"properties":{"displayName":"Ensure
+ that ''Python version'' is the latest, if used as a part of the Web app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Python software either due to security flaws
+ or to include additional functionality. Using the latest Python version for
+ web apps is recommended in order to to take advantage of security fixes, if
+ any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"WindowsPythonLatestVersion":{"type":"String","metadata":{"displayName":"Windows
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.6"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"Linux
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.8"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PYTHON"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PYTHON|'',
+ parameters(''LinuxPythonLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":"[parameters(''WindowsPythonLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","type":"Microsoft.Authorization/policyDefinitions","name":"7008174a-fd10-4ef0-817e-fc820a951d73"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Windows Components''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
with non-compliant settings in Group Policy category: ''Windows Components''.
@@ -5935,14 +10337,36 @@ interactions:
Specify the maximum log file size (KB);ExpectedValue","value":"[parameters(''SystemSpecifyTheMaximumLogFileSizeKB'')]"},{"name":"Turn
off Data Execution Prevention for Explorer;ExpectedValue","value":"[parameters(''TurnOffDataExecutionPreventionForExplorer'')]"},{"name":"Specify
the interval to check for definition updates;ExpectedValue","value":"[parameters(''SpecifyTheIntervalToCheckForDefinitionUpdates'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7040a231-fb65-4412-8c0a-b365f4866c24","type":"Microsoft.Authorization/policyDefinitions","name":"7040a231-fb65-4412-8c0a-b365f4866c24"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7040a231-fb65-4412-8c0a-b365f4866c24","type":"Microsoft.Authorization/policyDefinitions","name":"7040a231-fb65-4412-8c0a-b365f4866c24"},{"properties":{"displayName":"Microsoft
+ Managed Control 1254 - Contingency Plan | Resume All Missions / Business Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1254"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/704e136a-4fe0-427c-b829-cd69957f5d2b","type":"Microsoft.Authorization/policyDefinitions","name":"704e136a-4fe0-427c-b829-cd69957f5d2b"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- System''","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''System
Audit Policies - System''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7066131b-61a6-4917-a7e4-72e8983f0aa6","type":"Microsoft.Authorization/policyDefinitions","name":"7066131b-61a6-4917-a7e4-72e8983f0aa6"},{"properties":{"displayName":"[Preview]:
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7066131b-61a6-4917-a7e4-72e8983f0aa6","type":"Microsoft.Authorization/policyDefinitions","name":"7066131b-61a6-4917-a7e4-72e8983f0aa6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1509 - Position Risk Designation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1509"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/70792197-9bfc-4813-905a-bd33993e327f","type":"Microsoft.Authorization/policyDefinitions","name":"70792197-9bfc-4813-905a-bd33993e327f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1541 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1541"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/70f6af82-7be6-44aa-9b15-8b9231b2e434","type":"Microsoft.Authorization/policyDefinitions","name":"70f6af82-7be6-44aa-9b15-8b9231b2e434"},{"properties":{"displayName":"Microsoft
+ Managed Control 1691 - Information System Monitoring | Automated Tools For
+ Real-Time Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1691"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/71475fb4-49bd-450b-a1a5-f63894c24725","type":"Microsoft.Authorization/policyDefinitions","name":"71475fb4-49bd-450b-a1a5-f63894c24725"},{"properties":{"displayName":"Microsoft
+ Managed Control 1481 - Temperature And Humidity Controls","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1481"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/717a1c78-a267-4f56-ac58-ee6c54dc4339","type":"Microsoft.Authorization/policyDefinitions","name":"717a1c78-a267-4f56-ac58-ee6c54dc4339"},{"properties":{"displayName":"Microsoft
+ Managed Control 1129 - Time Stamps | Synchronization With Authoritative Time
+ Source","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1129"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/71bb965d-4047-4623-afd4-b8189a58df5d","type":"Microsoft.Authorization/policyDefinitions","name":"71bb965d-4047-4623-afd4-b8189a58df5d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1395 - System Maintenance Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1395"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7207a023-a517-41c5-9df2-09d4c6845a05","type":"Microsoft.Authorization/policyDefinitions","name":"7207a023-a517-41c5-9df2-09d4c6845a05"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs on which the DSC configuration is not
compliant","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
@@ -5957,7 +10381,28 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Administrative
Templates - Network''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesNetwork","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7229bd6a-693d-478a-87f0-1dc1af06f3b8","type":"Microsoft.Authorization/policyDefinitions","name":"7229bd6a-693d-478a-87f0-1dc1af06f3b8"},{"properties":{"displayName":"[Preview]:
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesNetwork","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7229bd6a-693d-478a-87f0-1dc1af06f3b8","type":"Microsoft.Authorization/policyDefinitions","name":"7229bd6a-693d-478a-87f0-1dc1af06f3b8"},{"properties":{"displayName":"Ensure
+ that ''Python version'' is the latest, if used as a part of the Function app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Python software either due to security flaws
+ or to include additional functionality. Using the latest Python version for
+ Function apps is recommended in order to to take advantage of security fixes,
+ if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"WindowsPythonLatestVersion":{"type":"String","metadata":{"displayName":"Windows
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.6"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"Linux
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.8"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PYTHON"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PYTHON|'',
+ parameters(''LinuxPythonLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":"[parameters(''WindowsPythonLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","type":"Microsoft.Authorization/policyDefinitions","name":"7238174a-fd10-4ef0-817e-fc820a951d73"},{"properties":{"displayName":"Ensure
+ that ''PHP version'' is the latest, if used as a part of the WEB app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for PHP software either due to security flaws
+ or to include additional functionality. Using the latest PHP version for web
+ apps is recommended in order to to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ PHP version","description":"Latest supported PHP version for App Services"},"defaultValue":"7.3"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PHP"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PHP|'',
+ parameters(''PHPLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":"[parameters(''PHPLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","type":"Microsoft.Authorization/policyDefinitions","name":"7261b898-8a84-4db8-9e04-18527132abb3"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that allow re-use of the previous
24 passwords","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5965,13 +10410,13 @@ interactions:
managed identity and deploys the VM extension for Guest Configuration. This
policy should only be used along with its corresponding audit policy in an
initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"EnforcePasswordHistory"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"EnforcePasswordHistory"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","type":"Microsoft.Authorization/policyDefinitions","name":"726671ac-c4de-4908-8c7d-6043ae62e3b6"},{"properties":{"displayName":"Add
a tag to resource groups","policyType":"BuiltIn","mode":"All","description":"Adds
the specified tag and value when any resource group missing this tag is created
@@ -5980,17 +10425,60 @@ interactions:
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"add","field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/726aca4c-86e9-4b04-b0c5-073027359532","type":"Microsoft.Authorization/policyDefinitions","name":"726aca4c-86e9-4b04-b0c5-073027359532"},{"properties":{"displayName":"Allowed
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/726aca4c-86e9-4b04-b0c5-073027359532","type":"Microsoft.Authorization/policyDefinitions","name":"726aca4c-86e9-4b04-b0c5-073027359532"},{"properties":{"displayName":"Microsoft
+ Managed Control 1524 - Personnel Transfer","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1524"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/72f1cb4e-2439-4fe8-88ea-b8671ce3c268","type":"Microsoft.Authorization/policyDefinitions","name":"72f1cb4e-2439-4fe8-88ea-b8671ce3c268"},{"properties":{"displayName":"Microsoft
+ Managed Control 1393 - Information Spillage Response | Exposure To Unauthorized
+ Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1393"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/731856d8-1598-4b75-92de-7d46235747c0","type":"Microsoft.Authorization/policyDefinitions","name":"731856d8-1598-4b75-92de-7d46235747c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1101 - Audit And Accountability Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1101"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7327b708-f0e0-457d-9d2a-527fcc9c9a65","type":"Microsoft.Authorization/policyDefinitions","name":"7327b708-f0e0-457d-9d2a-527fcc9c9a65"},{"properties":{"displayName":"Microsoft
+ Managed Control 1456 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1456"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/733ba9e3-9e7c-440a-a7aa-6196a90a2870","type":"Microsoft.Authorization/policyDefinitions","name":"733ba9e3-9e7c-440a-a7aa-6196a90a2870"},{"properties":{"displayName":"Microsoft
+ Managed Control 1581 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1581"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/742b549b-7a25-465f-b83c-ea1ffb4f4e0e","type":"Microsoft.Authorization/policyDefinitions","name":"742b549b-7a25-465f-b83c-ea1ffb4f4e0e"},{"properties":{"displayName":"Allowed
storage account SKUs","policyType":"BuiltIn","mode":"Indexed","description":"This
policy enables you to specify a set of storage account SKUs that your organization
can deploy.","metadata":{"category":"Storage"},"parameters":{"listOfAllowedSKUs":{"type":"Array","metadata":{"description":"The
list of SKUs that can be specified for storage accounts.","displayName":"Allowed
- SKUs","strongType":"StorageSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1","type":"Microsoft.Authorization/policyDefinitions","name":"7433c107-6db4-4ad1-b57a-a76dce0154a1"},{"properties":{"displayName":"[Deprecated]:
+ SKUs","strongType":"StorageSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1","type":"Microsoft.Authorization/policyDefinitions","name":"7433c107-6db4-4ad1-b57a-a76dce0154a1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1631 - Boundary Protection | Deny By Default / Allow By Exception","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1631"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/74ae9b8e-e7bb-4c9c-992f-c535282f7a2c","type":"Microsoft.Authorization/policyDefinitions","name":"74ae9b8e-e7bb-4c9c-992f-c535282f7a2c"},{"properties":{"displayName":"Ensure
+ that ''Python version'' is the latest, if used as a part of the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Python software either due to security flaws
+ or to include additional functionality. Using the latest Python version for
+ Api apps is recommended in order to to take advantage of security fixes, if
+ any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"WindowsPythonLatestVersion":{"type":"String","metadata":{"displayName":"Windows
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.6"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"Linux
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.8"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PYTHON"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PYTHON|'',
+ parameters(''LinuxPythonLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":"[parameters(''WindowsPythonLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","type":"Microsoft.Authorization/policyDefinitions","name":"74c3584d-afae-46f7-a20a-6f8adba71a16"},{"properties":{"displayName":"Microsoft
+ Managed Control 1417 - Nonlocal Maintenance | Comparable Security / Sanitization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1417"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7522ed84-70d5-4181-afc0-21e50b1b6d0e","type":"Microsoft.Authorization/policyDefinitions","name":"7522ed84-70d5-4181-afc0-21e50b1b6d0e"},{"properties":{"displayName":"[Deprecated]:
Audit enabling of diagnostic logs in App Services","policyType":"BuiltIn","mode":"All","description":"Audit
enabling of diagnostic logs on the app. This enables you to recreate activity
trails for investigation purposes if a security incident occurs or your network
is compromised","metadata":{"category":"App Service","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites/config"},{"field":"name","equals":"web"},{"anyOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","notEquals":"true"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac","type":"Microsoft.Authorization/policyDefinitions","name":"752c6934-9bcc-4749-b004-655e676ae2ac"},{"properties":{"displayName":"Vulnerabilities
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites/config"},{"field":"name","equals":"web"},{"anyOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","notEquals":"true"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac","type":"Microsoft.Authorization/policyDefinitions","name":"752c6934-9bcc-4749-b004-655e676ae2ac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1468 - Visitor Access Records | Automated Records Maintenance
+ / Review","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1468"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/75603f96-80a1-4757-991d-5a1221765ddd","type":"Microsoft.Authorization/policyDefinitions","name":"75603f96-80a1-4757-991d-5a1221765ddd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1053 - Session Lock | Pattern-Hiding Displays","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1053"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7582b19c-9dba-438e-aed8-ede59ac35ba3","type":"Microsoft.Authorization/policyDefinitions","name":"7582b19c-9dba-438e-aed8-ede59ac35ba3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1459 - Access Control For Transmission Medium","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1459"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0","type":"Microsoft.Authorization/policyDefinitions","name":"75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0"},{"properties":{"displayName":"Vulnerabilities
should be remediated by a Vulnerability Assessment solution","policyType":"BuiltIn","mode":"All","description":"Monitors
vulnerabilities detected by Vulnerability Assessment solution and VMs without
a Vulnerability Assessment solution in Azure Security Center as recommendations.","metadata":{"category":"Security
@@ -6004,12 +10492,63 @@ interactions:
List of VM images that have supported Linux OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.7"},"resources":[{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","name":"[concat(parameters(''vmName''),
''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0","type":"Microsoft.Authorization/policyDefinitions","name":"765266ab-e40e-4c61-bcb2-5a5275d0b7c0"},{"properties":{"displayName":"Azure
+ extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0","type":"Microsoft.Authorization/policyDefinitions","name":"765266ab-e40e-4c61-bcb2-5a5275d0b7c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1055 - Session Termination| User-Initiated Logouts / Message
+ Displays","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1055"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/769efd9b-3587-4e22-90ce-65ddcd5bd969","type":"Microsoft.Authorization/policyDefinitions","name":"769efd9b-3587-4e22-90ce-65ddcd5bd969"},{"properties":{"displayName":"Audit
+ delegation of scopes to a managing tenant","policyType":"BuiltIn","mode":"All","description":"Audit
+ delegation of scopes to a managing tenant via Azure Lighthouse.","metadata":{"category":"Lighthouse"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ManagedServices/registrationAssignments"},{"value":"true","equals":"true"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/76bed37b-484f-430f-a009-fd7592dff818","type":"Microsoft.Authorization/policyDefinitions","name":"76bed37b-484f-430f-a009-fd7592dff818"},{"properties":{"displayName":"Microsoft
+ Managed Control 1058 - Permitted Actions Without Identification Or Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1058"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/76e85d08-8fbb-4112-a1c1-93521e6a9254","type":"Microsoft.Authorization/policyDefinitions","name":"76e85d08-8fbb-4112-a1c1-93521e6a9254"},{"properties":{"displayName":"Microsoft
+ Managed Control 1508 - Position Risk Designation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1508"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/76f500cc-4bca-4583-bda1-6d084dc21086","type":"Microsoft.Authorization/policyDefinitions","name":"76f500cc-4bca-4583-bda1-6d084dc21086"},{"properties":{"displayName":"Microsoft
+ Managed Control 1423 - Maintenance Personnel | Individuals Without Appropriate
+ Access","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1423"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7741669e-d4f6-485a-83cb-e70ce7cbbc20","type":"Microsoft.Authorization/policyDefinitions","name":"7741669e-d4f6-485a-83cb-e70ce7cbbc20"},{"properties":{"displayName":"Azure
subscriptions should have a log profile for Activity Log","policyType":"BuiltIn","mode":"All","description":"This
policy ensures if a log profile is enabled for exporting activity logs. It
audits if there is no log profile created to export the logs either to a storage
account or to an event hub.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"field":"Microsoft.Insights/logProfiles/categories","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","type":"Microsoft.Authorization/policyDefinitions","name":"7796937f-307b-4598-941c-67d3a05ebfe7"},{"properties":{"displayName":"Deploy
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"field":"Microsoft.Insights/logProfiles/categories","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","type":"Microsoft.Authorization/policyDefinitions","name":"7796937f-307b-4598-941c-67d3a05ebfe7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1336 - Authenticator Management | Pki-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1336"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/77f56280-e367-432a-a3b9-8ca2aa636a26","type":"Microsoft.Authorization/policyDefinitions","name":"77f56280-e367-432a-a3b9-8ca2aa636a26"},{"properties":{"displayName":"Microsoft
+ Managed Control 1258 - Contingency Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1258"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7814506c-382c-4d33-a142-249dd4a0dbff","type":"Microsoft.Authorization/policyDefinitions","name":"7814506c-382c-4d33-a142-249dd4a0dbff"},{"properties":{"displayName":"Microsoft
+ Managed Control 1178 - Baseline Configuration | Reviews And Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1178"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7818b8f4-47c6-441a-90ae-12ce04e99893","type":"Microsoft.Authorization/policyDefinitions","name":"7818b8f4-47c6-441a-90ae-12ce04e99893"},{"properties":{"displayName":"Microsoft
+ Managed Control 1057 - Permitted Actions Without Identification Or Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1057"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/78255758-6d45-4bf0-a005-7016bc03b13c","type":"Microsoft.Authorization/policyDefinitions","name":"78255758-6d45-4bf0-a005-7016bc03b13c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1700 - Information System Monitoring | Unauthorized Network
+ Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1700"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5","type":"Microsoft.Authorization/policyDefinitions","name":"7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1010 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1010"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/784663a8-1eb0-418a-a98c-24d19bc1bb62","type":"Microsoft.Authorization/policyDefinitions","name":"784663a8-1eb0-418a-a98c-24d19bc1bb62"},{"properties":{"displayName":"Microsoft
+ Managed Control 1216 - Least Functionality | Periodic Review","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1216"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7894fe6a-f5cb-44c8-ba90-c3f254ff9484","type":"Microsoft.Authorization/policyDefinitions","name":"7894fe6a-f5cb-44c8-ba90-c3f254ff9484"},{"properties":{"displayName":"Microsoft
+ Managed Control 1639 - Boundary Protection | Isolation Of Information System
+ Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1639"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/78e8e649-50f6-4fe3-99ac-fedc2e63b03f","type":"Microsoft.Authorization/policyDefinitions","name":"78e8e649-50f6-4fe3-99ac-fedc2e63b03f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1647 - Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1647"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/791cfc15-6974-42a0-9f4c-2d4b82f4a78c","type":"Microsoft.Authorization/policyDefinitions","name":"791cfc15-6974-42a0-9f4c-2d4b82f4a78c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1510 - Position Risk Designation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1510"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/79da5b09-0e7e-499e-adda-141b069c7998","type":"Microsoft.Authorization/policyDefinitions","name":"79da5b09-0e7e-499e-adda-141b069c7998"},{"properties":{"displayName":"Microsoft
+ Managed Control 1384 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1384"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/79fbc228-461c-4a45-9004-a865ca0728a7","type":"Microsoft.Authorization/policyDefinitions","name":"79fbc228-461c-4a45-9004-a865ca0728a7"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows Server VMs on which Windows Serial Console
is not enabled","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows Server virtual
@@ -6032,7 +10571,28 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSPortNumber","value":"[parameters(''EMSPortNumber'')]"},{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSBaudRate","value":"[parameters(''EMSBaudRate'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a031c68-d6ab-406e-a506-697a19c634b0","type":"Microsoft.Authorization/policyDefinitions","name":"7a031c68-d6ab-406e-a506-697a19c634b0"},{"properties":{"displayName":"Diagnostic
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a031c68-d6ab-406e-a506-697a19c634b0","type":"Microsoft.Authorization/policyDefinitions","name":"7a031c68-d6ab-406e-a506-697a19c634b0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1093 - Role-Based Security Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1093"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a0bdeeb-15f4-47e8-a1da-9f769f845fdf","type":"Microsoft.Authorization/policyDefinitions","name":"7a0bdeeb-15f4-47e8-a1da-9f769f845fdf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1708 - Security Function Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1708"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a1e2c88-13de-4959-8ee7-47e3d74f1f48","type":"Microsoft.Authorization/policyDefinitions","name":"7a1e2c88-13de-4959-8ee7-47e3d74f1f48"},{"properties":{"displayName":"Microsoft
+ Managed Control 1289 - Information System Backup","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1289"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a724864-956a-496c-b778-637cb1d762cf","type":"Microsoft.Authorization/policyDefinitions","name":"7a724864-956a-496c-b778-637cb1d762cf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1687 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1687"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a87fc7f-301e-49f3-ba2a-4d74f424fa97","type":"Microsoft.Authorization/policyDefinitions","name":"7a87fc7f-301e-49f3-ba2a-4d74f424fa97"},{"properties":{"displayName":"Microsoft
+ Managed Control 1061 - Remote Access | Automated Monitoring / Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1061"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ac22808-a2e8-41c4-9d46-429b50738914","type":"Microsoft.Authorization/policyDefinitions","name":"7ac22808-a2e8-41c4-9d46-429b50738914"},{"properties":{"displayName":"Microsoft
+ Managed Control 1492 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1492"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ad5f307-e045-46f7-8214-5bdb7e973737","type":"Microsoft.Authorization/policyDefinitions","name":"7ad5f307-e045-46f7-8214-5bdb7e973737"},{"properties":{"displayName":"Microsoft
+ Managed Control 1636 - Boundary Protection | Isolation Of Security Tools /
+ Mechanisms / Support Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1636"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7b694eed-7081-43c6-867c-41c76c961043","type":"Microsoft.Authorization/policyDefinitions","name":"7b694eed-7081-43c6-867c-41c76c961043"},{"properties":{"displayName":"Diagnostic
logs in Virtual Machine Scale Sets should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"It
is recommended to enable Logs so that activity trail can be recreated when
investigations are required in the event of an incident or a compromise.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -6041,20 +10601,46 @@ interactions:
policy ensures blob encryption for storage accounts is turned on. It only
applies to Microsoft.Storage resource types, not other storage providers.
This policy is deprecated because storage blob encryption is now enabled by
- default, and can no longer be disabled.","metadata":{"category":"Storage","deprecated":true},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f","type":"Microsoft.Authorization/policyDefinitions","name":"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f"},{"properties":{"displayName":"Show
+ default, and can no longer be disabled.","metadata":{"category":"Storage","deprecated":true},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f","type":"Microsoft.Authorization/policyDefinitions","name":"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1143 - Security Assessment And Authorization Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1143"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7c6de11b-5f51-4f7c-8d83-d2467c8a816e","type":"Microsoft.Authorization/policyDefinitions","name":"7c6de11b-5f51-4f7c-8d83-d2467c8a816e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1051 - Session Lock","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1051"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7cac6ee9-b58b-40c8-a5ce-f0efc3d9b339","type":"Microsoft.Authorization/policyDefinitions","name":"7cac6ee9-b58b-40c8-a5ce-f0efc3d9b339"},{"properties":{"displayName":"Microsoft
+ Managed Control 1279 - Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1279"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0","type":"Microsoft.Authorization/policyDefinitions","name":"7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1109 - Content Of Audit Records | Centralized Management Of
+ Planned Audit Record Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1109"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7d9ffa23-ad92-4d0d-b1f4-7db274cc2aec","type":"Microsoft.Authorization/policyDefinitions","name":"7d9ffa23-ad92-4d0d-b1f4-7db274cc2aec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1201 - Security Impact Analysis | Separate Test Environments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1201"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7daef997-fdd3-461b-8807-a608a6dd70f1","type":"Microsoft.Authorization/policyDefinitions","name":"7daef997-fdd3-461b-8807-a608a6dd70f1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1471 - Emergency Shutoff","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1471"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7dd0e9ce-1772-41fb-a50a-99977071f916","type":"Microsoft.Authorization/policyDefinitions","name":"7dd0e9ce-1772-41fb-a50a-99977071f916"},{"properties":{"displayName":"Show
audit results from Windows VMs that have the specified applications installed","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that have the specified applications installed.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"NotInstalledApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c","type":"Microsoft.Authorization/policyDefinitions","name":"7e56b49b-5990-4159-a734-511ea19b731c"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"NotInstalledApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c","type":"Microsoft.Authorization/policyDefinitions","name":"7e56b49b-5990-4159-a734-511ea19b731c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1011 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1011"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e6a54f3-883f-43d5-87c4-172dfd64a1f5","type":"Microsoft.Authorization/policyDefinitions","name":"7e6a54f3-883f-43d5-87c4-172dfd64a1f5"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that have not restarted within the specified
number of days","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that have not restarted within the specified number of days.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MachineLastBootUpTime","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e84ba44-6d03-46fd-950e-5efa5a1112fa","type":"Microsoft.Authorization/policyDefinitions","name":"7e84ba44-6d03-46fd-950e-5efa5a1112fa"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MachineLastBootUpTime","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e84ba44-6d03-46fd-950e-5efa5a1112fa","type":"Microsoft.Authorization/policyDefinitions","name":"7e84ba44-6d03-46fd-950e-5efa5a1112fa"},{"properties":{"displayName":"Microsoft
+ Managed Control 1692 - Information System Monitoring | Inbound And Outbound
+ Communications Traffic","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1692"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ecda928-9df4-4dd7-8f44-641a91e470e8","type":"Microsoft.Authorization/policyDefinitions","name":"7ecda928-9df4-4dd7-8f44-641a91e470e8"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not have the password complexity
setting enabled","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -6063,14 +10649,24 @@ interactions:
Configuration. This policy should only be used along with its corresponding
audit policy in an initiative. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordMustMeetComplexityRequirements"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","type":"Microsoft.Authorization/policyDefinitions","name":"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8"},{"properties":{"displayName":"[Preview]:
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordMustMeetComplexityRequirements"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","type":"Microsoft.Authorization/policyDefinitions","name":"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1191 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1191"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f26a61b-a74d-467c-99cf-63644db144f7","type":"Microsoft.Authorization/policyDefinitions","name":"7f26a61b-a74d-467c-99cf-63644db144f7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1520 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1520"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f2c513b-eb16-463b-b469-c10e5fa94f0a","type":"Microsoft.Authorization/policyDefinitions","name":"7f2c513b-eb16-463b-b469-c10e5fa94f0a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1126 - Audit Reduction And Report Generation | Automatic Processing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1126"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f37f71b-420f-49bf-9477-9c0196974ecf","type":"Microsoft.Authorization/policyDefinitions","name":"7f37f71b-420f-49bf-9477-9c0196974ecf"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Privilege Use''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -6081,13 +10677,28 @@ interactions:
Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPrivilegeUse","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f4e96d1-e4f3-4dbb-b767-33ca4df8df7c","type":"Microsoft.Authorization/policyDefinitions","name":"7f4e96d1-e4f3-4dbb-b767-33ca4df8df7c"},{"properties":{"displayName":"Audit
diagnostic setting","policyType":"BuiltIn","mode":"All","description":"Audit
diagnostic setting for selected resource types","metadata":{"category":"Monitoring"},"parameters":{"listOfResourceTypes":{"type":"Array","metadata":{"displayName":"Resource
- Types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypes'')]"},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","type":"Microsoft.Authorization/policyDefinitions","name":"7f89b1eb-583c-429a-8828-af049802c1d9"},{"properties":{"displayName":"SQL
+ Types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypes'')]"},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","type":"Microsoft.Authorization/policyDefinitions","name":"7f89b1eb-583c-429a-8828-af049802c1d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1117 - Audit Review, Analysis, And Reporting | Process Integration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1117"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7fbfe680-6dbb-4037-963c-a621c5635902","type":"Microsoft.Authorization/policyDefinitions","name":"7fbfe680-6dbb-4037-963c-a621c5635902"},{"properties":{"displayName":"SQL
Auditing settings should have Action-Groups configured to capture critical
activities","policyType":"BuiltIn","mode":"Indexed","description":"The AuditActionsAndGroups
property should contain at least SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,
FAILED_DATABASE_AUTHENTICATION_GROUP, BATCH_COMPLETED_GROUP to ensure a thorough
audit logging","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"FAILED_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"BATCH_COMPLETED_GROUP"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","type":"Microsoft.Authorization/policyDefinitions","name":"7ff426e2-515f-405a-91c8-4f2333442eb5"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"FAILED_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"BATCH_COMPLETED_GROUP"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","type":"Microsoft.Authorization/policyDefinitions","name":"7ff426e2-515f-405a-91c8-4f2333442eb5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1703 - Security Alerts, Advisories, And Directives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1703"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/804faf7d-b687-40f7-9f74-79e28adf4205","type":"Microsoft.Authorization/policyDefinitions","name":"804faf7d-b687-40f7-9f74-79e28adf4205"},{"properties":{"displayName":"Microsoft
+ Managed Control 1303 - Identification And Authentication (Org. Users) | Local
+ Access To Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1303"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/80ca0a27-918a-4604-af9e-723a27ee51e8","type":"Microsoft.Authorization/policyDefinitions","name":"80ca0a27-918a-4604-af9e-723a27ee51e8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1505 - Information Security Architecture","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1505"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/813a10a7-3943-4fe3-8678-00dc52db5490","type":"Microsoft.Authorization/policyDefinitions","name":"813a10a7-3943-4fe3-8678-00dc52db5490"},{"properties":{"displayName":"Microsoft
+ Managed Control 1614 - Developer Security Architecture And Design","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1614"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8154e3b3-cc52-40be-9407-7756581d71f6","type":"Microsoft.Authorization/policyDefinitions","name":"8154e3b3-cc52-40be-9407-7756581d71f6"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''User Rights Assignment''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
with non-compliant settings in Group Policy category: ''User Rights Assignment''.
@@ -6188,7 +10799,35 @@ interactions:
files and directories;ExpectedValue","value":"[parameters(''UsersAndGroupsThatMayRestoreFilesAndDirectories'')]"},{"name":"Shut
down the system;ExpectedValue","value":"[parameters(''UsersAndGroupsThatMayShutDownTheSystem'')]"},{"name":"Take
ownership of files or other objects;ExpectedValue","value":"[parameters(''UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/815dcc9f-6662-43f2-9a03-1b83e9876f24","type":"Microsoft.Authorization/policyDefinitions","name":"815dcc9f-6662-43f2-9a03-1b83e9876f24"},{"properties":{"displayName":"Diagnostic
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/815dcc9f-6662-43f2-9a03-1b83e9876f24","type":"Microsoft.Authorization/policyDefinitions","name":"815dcc9f-6662-43f2-9a03-1b83e9876f24"},{"properties":{"displayName":"Microsoft
+ Managed Control 1308 - Identification And Authentication (Org. Users) | Remote
+ Access - Separate Device","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1308"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/81817e1c-5347-48dd-965a-40159d008229","type":"Microsoft.Authorization/policyDefinitions","name":"81817e1c-5347-48dd-965a-40159d008229"},{"properties":{"displayName":"Microsoft
+ Managed Control 1287 - Information System Backup","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1287"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/819dc6da-289d-476e-8500-7e341ef8677d","type":"Microsoft.Authorization/policyDefinitions","name":"819dc6da-289d-476e-8500-7e341ef8677d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1213 - Configuration Settings | Respond To Unauthorized Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1213"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/81f11e32-a293-4a58-82cd-134af52e2318","type":"Microsoft.Authorization/policyDefinitions","name":"81f11e32-a293-4a58-82cd-134af52e2318"},{"properties":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for MySQL","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure Database for MySQL with geo-redundant backup not enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMySQL/servers"},{"field":"Microsoft.DBforMySQL/servers/storageProfile.geoRedundantBackup","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","type":"Microsoft.Authorization/policyDefinitions","name":"82339799-d096-41ae-8538-b108becf0970"},{"properties":{"displayName":"Microsoft
+ Managed Control 1168 - Continuous Monitoring | Independent Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1168"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/82409f9e-1f32-4775-bf07-b99d53a91b06","type":"Microsoft.Authorization/policyDefinitions","name":"82409f9e-1f32-4775-bf07-b99d53a91b06"},{"properties":{"displayName":"Microsoft
+ Managed Control 1448 - Physical Access Authorizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1448"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/825d6494-e583-42f2-a3f2-6458e6f0004f","type":"Microsoft.Authorization/policyDefinitions","name":"825d6494-e583-42f2-a3f2-6458e6f0004f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1452 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1452"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/82c76455-4d3f-4e09-a654-22e592107e74","type":"Microsoft.Authorization/policyDefinitions","name":"82c76455-4d3f-4e09-a654-22e592107e74"},{"properties":{"displayName":"Microsoft
+ Managed Control 1262 - Contingency Plan Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1262"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/831e510e-db41-4c72-888e-a0621ab62265","type":"Microsoft.Authorization/policyDefinitions","name":"831e510e-db41-4c72-888e-a0621ab62265"},{"properties":{"displayName":"Microsoft
+ Managed Control 1008 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1008"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8356cfc6-507a-4d20-b818-08038011cd07","type":"Microsoft.Authorization/policyDefinitions","name":"8356cfc6-507a-4d20-b818-08038011cd07"},{"properties":{"displayName":"Diagnostic
logs in Event Hub should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
@@ -6200,7 +10839,48 @@ interactions:
policy denies the network interfaces which are configured with any public
IP. Public IP addresses allow internet resources to communicate inbound to
Azure resources, and Azure resources to communicate outbound to the internet.
- This should be reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"not":{"field":"Microsoft.Network/networkInterfaces/ipconfigurations[*].publicIpAddress.id","notLike":"*"}}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114","type":"Microsoft.Authorization/policyDefinitions","name":"83a86a26-fd1f-447c-b59d-e51f44264114"},{"properties":{"displayName":"[Preview]:
+ This should be reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"not":{"field":"Microsoft.Network/networkInterfaces/ipconfigurations[*].publicIpAddress.id","notLike":"*"}}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114","type":"Microsoft.Authorization/policyDefinitions","name":"83a86a26-fd1f-447c-b59d-e51f44264114"},{"properties":{"displayName":"Microsoft
+ Managed Control 1382 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1382"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/841392b3-40da-4473-b328-4cde49db67b3","type":"Microsoft.Authorization/policyDefinitions","name":"841392b3-40da-4473-b328-4cde49db67b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1098 - Security Training Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1098"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/84363adb-dde3-411a-9fc1-36b56737f822","type":"Microsoft.Authorization/policyDefinitions","name":"84363adb-dde3-411a-9fc1-36b56737f822"},{"properties":{"displayName":"Ensure
+ that ''.Net Framework'' version is the latest, if used as a part of the Web
+ app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for .Net Framework software either due to security
+ flaws or to include additional functionality. Using the latest .Net framework
+ version for web apps is recommended in order to to take advantage of security
+ fixes, if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.netFrameworkVersion","in":["v3.0","v4.0"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/843664e0-7563-41ee-a9cb-7522c382d2c4","type":"Microsoft.Authorization/policyDefinitions","name":"843664e0-7563-41ee-a9cb-7522c382d2c4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1119 - Audit Review, Analysis, And Reporting | Central Review
+ And Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1119"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/845f6359-b764-4b40-b579-657aefe23c44","type":"Microsoft.Authorization/policyDefinitions","name":"845f6359-b764-4b40-b579-657aefe23c44"},{"properties":{"displayName":"Microsoft
+ Managed Control 1024 - Account Management | Account Monitoring / Atypical
+ Usage","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1024"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/84914fb4-12da-4c53-a341-a9fd463bed10","type":"Microsoft.Authorization/policyDefinitions","name":"84914fb4-12da-4c53-a341-a9fd463bed10"},{"properties":{"displayName":"Microsoft
+ Managed Control 1307 - Identification And Authentication (Org. Users) | Net.
+ Access To Non-Priv. Accts. - Replay","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1307"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/84e622c8-4bed-417c-84c6-b2fb0dd73682","type":"Microsoft.Authorization/policyDefinitions","name":"84e622c8-4bed-417c-84c6-b2fb0dd73682"},{"properties":{"displayName":"Microsoft
+ Managed Control 1080 - Use Of External Information Systems | Portable Storage
+ Devices","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1080"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/852981b4-a380-4704-aa1e-2e52d63445e5","type":"Microsoft.Authorization/policyDefinitions","name":"852981b4-a380-4704-aa1e-2e52d63445e5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1580 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1580"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/854db8ac-6adf-42a0-bef3-b73f764f40b9","type":"Microsoft.Authorization/policyDefinitions","name":"854db8ac-6adf-42a0-bef3-b73f764f40b9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1348 - Identification And Authentication (Non-Org. Users)
+ | Acceptance Of Third-Party Credentials","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1348"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/855ced56-417b-4d74-9d5f-dd1bc81e22d6","type":"Microsoft.Authorization/policyDefinitions","name":"855ced56-417b-4d74-9d5f-dd1bc81e22d6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1079 - Use Of External Information Systems | Limits On Authorized
+ Use","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1079"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/85c32733-7d23-4948-88da-058e2c56b60f","type":"Microsoft.Authorization/policyDefinitions","name":"85c32733-7d23-4948-88da-058e2c56b60f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1326 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1326"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8605fc00-1bf5-4fb3-984e-c95cec4f231d","type":"Microsoft.Authorization/policyDefinitions","name":"8605fc00-1bf5-4fb3-984e-c95cec4f231d"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Microsoft Network Server''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -6218,11 +10898,39 @@ interactions:
updates should be installed on your machines","policyType":"BuiltIn","mode":"All","description":"Missing
security system updates on your servers will be monitored by Azure Security
Center as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"systemUpdates","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","type":"Microsoft.Authorization/policyDefinitions","name":"86b3d65f-7626-441e-b690-81a8b71cff60"},{"properties":{"displayName":"Require
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"systemUpdates","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","type":"Microsoft.Authorization/policyDefinitions","name":"86b3d65f-7626-441e-b690-81a8b71cff60"},{"properties":{"displayName":"Microsoft
+ Managed Control 1507 - Personnel Security Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1507"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86ccd1bf-e7ad-4851-93ce-6ec817469c1e","type":"Microsoft.Authorization/policyDefinitions","name":"86ccd1bf-e7ad-4851-93ce-6ec817469c1e"},{"properties":{"displayName":"Ensure
+ that Register with Azure Active Directory is enabled on API app","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86d97760-d216-4d81-a3ad-163087b2b6c3","type":"Microsoft.Authorization/policyDefinitions","name":"86d97760-d216-4d81-a3ad-163087b2b6c3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1392 - Information Spillage Response | Post-Spill Operations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1392"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86dc819f-15e1-43f9-a271-41ae58d4cecc","type":"Microsoft.Authorization/policyDefinitions","name":"86dc819f-15e1-43f9-a271-41ae58d4cecc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1589 - External Information System Services | Risk Assessments
+ / Organizational Approvals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1589"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86ec7f9b-9478-40ff-8cfd-6a0d510081a8","type":"Microsoft.Authorization/policyDefinitions","name":"86ec7f9b-9478-40ff-8cfd-6a0d510081a8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1207 - Access Restrictions For Change | Limit Production /
+ Operational Privileges","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1207"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8713a0ed-0d1e-4d10-be82-83dffb39830e","type":"Microsoft.Authorization/policyDefinitions","name":"8713a0ed-0d1e-4d10-be82-83dffb39830e"},{"properties":{"displayName":"Require
specified tag","policyType":"BuiltIn","mode":"Indexed","description":"Enforces
existence of a tag. Does not apply to resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","exists":"false"},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/871b6d14-10aa-478d-b590-94f262ecfa99","type":"Microsoft.Authorization/policyDefinitions","name":"871b6d14-10aa-478d-b590-94f262ecfa99"},{"properties":{"displayName":"[Preview]:
+ parameters(''tagName''), '']'')]","exists":"false"},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/871b6d14-10aa-478d-b590-94f262ecfa99","type":"Microsoft.Authorization/policyDefinitions","name":"871b6d14-10aa-478d-b590-94f262ecfa99"},{"properties":{"displayName":"Microsoft
+ Managed Control 1180 - Baseline Configuration | Automation Support For Accuracy
+ / Currency","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1180"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/874e7880-a067-42a7-bcbe-1a340f54c8cc","type":"Microsoft.Authorization/policyDefinitions","name":"874e7880-a067-42a7-bcbe-1a340f54c8cc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1635 - Boundary Protection | Host-Based Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1635"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e","type":"Microsoft.Authorization/policyDefinitions","name":"87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Administrative Templates
- Control Panel''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -6230,7 +10938,18 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Administrative Templates - Control Panel''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesControlPanel","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/87b590fe-4a1d-4697-ae74-d4fe72ab786c","type":"Microsoft.Authorization/policyDefinitions","name":"87b590fe-4a1d-4697-ae74-d4fe72ab786c"},{"properties":{"displayName":"Deploy
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesControlPanel","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/87b590fe-4a1d-4697-ae74-d4fe72ab786c","type":"Microsoft.Authorization/policyDefinitions","name":"87b590fe-4a1d-4697-ae74-d4fe72ab786c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1293 - Information System Backup | Separate Storage For Critical
+ Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1293"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/87f7cd82-2e45-4d0f-9e2f-586b0962d142","type":"Microsoft.Authorization/policyDefinitions","name":"87f7cd82-2e45-4d0f-9e2f-586b0962d142"},{"properties":{"displayName":"Microsoft
+ Managed Control 1440 - Media Sanitization | Review / Approve / Track / Document
+ / Verify","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1440"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/881299bf-2a5b-4686-a1b2-321d33679953","type":"Microsoft.Authorization/policyDefinitions","name":"881299bf-2a5b-4686-a1b2-321d33679953"},{"properties":{"displayName":"Microsoft
+ Managed Control 1356 - Incident Response Training | Simulated Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1356"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8829f8f5-e8be-441e-85c9-85b72a5d0ef3","type":"Microsoft.Authorization/policyDefinitions","name":"8829f8f5-e8be-441e-85c9-85b72a5d0ef3"},{"properties":{"displayName":"Deploy
prerequisites to audit Linux VMs that have the specified applications installed","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Linux virtual machines
that have the specified applications installed. It also creates a system-assigned
@@ -6250,15 +10969,37 @@ interactions:
['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0","type":"Microsoft.Authorization/policyDefinitions","name":"884b209a-963b-4520-8006-d20cb3c213e0"},{"properties":{"displayName":"Network
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0","type":"Microsoft.Authorization/policyDefinitions","name":"884b209a-963b-4520-8006-d20cb3c213e0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1317 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1317"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8877f519-c166-47b7-81b7-8a8eb4ff3775","type":"Microsoft.Authorization/policyDefinitions","name":"8877f519-c166-47b7-81b7-8a8eb4ff3775"},{"properties":{"displayName":"Microsoft
+ Managed Control 1501 - Rules Of Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1501"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88817b58-8472-4f6c-81fa-58ce42b67f51","type":"Microsoft.Authorization/policyDefinitions","name":"88817b58-8472-4f6c-81fa-58ce42b67f51"},{"properties":{"displayName":"Ensure
+ that ''Java version'' is the latest, if used as a part of the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Java either due to security flaws or to include
+ additional functionality. Using the latest Python version for Api apps is
+ recommended in order to to take advantage of security fixes, if any, and/or
+ new functionalities of the latest version.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ Java version","description":"Latest supported Java version for App Services"},"defaultValue":"11"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"JAVA"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","like":"[concat(''*'',
+ parameters(''JavaLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.javaVersion","like":"[concat(parameters(''JavaLatestVersion''),
+ ''*'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","type":"Microsoft.Authorization/policyDefinitions","name":"88999f4c-376a-45c8-bcb3-4058f713cf39"},{"properties":{"displayName":"Network
interfaces should disable IP forwarding","policyType":"BuiltIn","mode":"Indexed","description":"This
policy denies the network interfaces which enabled IP forwarding. The setting
of IP forwarding disables Azure''s check of the source and destination for
- a network interface. This should be reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"field":"Microsoft.Network/networkInterfaces/enableIpForwarding","equals":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900","type":"Microsoft.Authorization/policyDefinitions","name":"88c0b9da-ce96-4b03-9635-f29a937e2900"},{"properties":{"displayName":"SQL
+ a network interface. This should be reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"field":"Microsoft.Network/networkInterfaces/enableIpForwarding","equals":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900","type":"Microsoft.Authorization/policyDefinitions","name":"88c0b9da-ce96-4b03-9635-f29a937e2900"},{"properties":{"displayName":"Microsoft
+ Managed Control 1215 - Least Functionality","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1215"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88fc93e8-4745-4785-b5a5-b44bb92c44ff","type":"Microsoft.Authorization/policyDefinitions","name":"88fc93e8-4745-4785-b5a5-b44bb92c44ff"},{"properties":{"displayName":"SQL
servers should be configured with auditing retention days greater than 90
days.","policyType":"BuiltIn","mode":"Indexed","description":"Audit SQL servers
configured with an auditing retention period of less than 90 days.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/auditingSettings/retentionDays","greater":90}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","type":"Microsoft.Authorization/policyDefinitions","name":"89099bee-89e0-4b26-a5f4-165451757743"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/auditingSettings/retentionDays","greater":90}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","type":"Microsoft.Authorization/policyDefinitions","name":"89099bee-89e0-4b26-a5f4-165451757743"},{"properties":{"displayName":"Microsoft
+ Managed Control 1411 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1411"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/898d4fe8-f743-4333-86b7-0c9245d93e7d","type":"Microsoft.Authorization/policyDefinitions","name":"898d4fe8-f743-4333-86b7-0c9245d93e7d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1092 - Security Awareness Training | Insider Threat","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1092"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8a29d47b-8604-4667-84ef-90d203fcb305","type":"Microsoft.Authorization/policyDefinitions","name":"8a29d47b-8604-4667-84ef-90d203fcb305"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
System settings''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -6272,19 +11013,60 @@ interactions:
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines with a pending reboot. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8b0de57a-f511-4d45-a277-17cb79cb163b","type":"Microsoft.Authorization/policyDefinitions","name":"8b0de57a-f511-4d45-a277-17cb79cb163b"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8b0de57a-f511-4d45-a277-17cb79cb163b","type":"Microsoft.Authorization/policyDefinitions","name":"8b0de57a-f511-4d45-a277-17cb79cb163b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1534 - Personnel Sanctions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1534"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8b2b263e-cd05-4488-bcbf-4debec7a17d9","type":"Microsoft.Authorization/policyDefinitions","name":"8b2b263e-cd05-4488-bcbf-4debec7a17d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1170 - Penetration Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1170"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8b78b9b3-ee3c-48e0-a243-ed6dba5b7a12","type":"Microsoft.Authorization/policyDefinitions","name":"8b78b9b3-ee3c-48e0-a243-ed6dba5b7a12"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Windows Firewall Properties''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Windows Firewall Properties''. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsFirewallProperties","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8bbd627e-4d25-4906-9a6e-3789780af3ec","type":"Microsoft.Authorization/policyDefinitions","name":"8bbd627e-4d25-4906-9a6e-3789780af3ec"},{"properties":{"displayName":"Require
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsFirewallProperties","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8bbd627e-4d25-4906-9a6e-3789780af3ec","type":"Microsoft.Authorization/policyDefinitions","name":"8bbd627e-4d25-4906-9a6e-3789780af3ec"},{"properties":{"displayName":"Ensure
+ that ''HTTP Version'' is the latest, if used to run the Web app","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.http20Enabled","Equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae","type":"Microsoft.Authorization/policyDefinitions","name":"8c122334-9d20-4eb8-89ea-ac9a705b74ae"},{"properties":{"displayName":"Microsoft
+ Managed Control 1458 - Physical Access Control | Information System Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1458"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8c19ceb7-56e9-4488-8ddb-b1eb3aa6d203","type":"Microsoft.Authorization/policyDefinitions","name":"8c19ceb7-56e9-4488-8ddb-b1eb3aa6d203"},{"properties":{"displayName":"Microsoft
+ Managed Control 1683 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1683"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8c79fee4-88dd-44ce-bbd4-4de88948c4f8","type":"Microsoft.Authorization/policyDefinitions","name":"8c79fee4-88dd-44ce-bbd4-4de88948c4f8"},{"properties":{"displayName":"Latest
+ TLS version should be used in your API App","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
+ to the latest TLS version","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","type":"Microsoft.Authorization/policyDefinitions","name":"8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1316 - Identifier Management | Identify User Status","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1316"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ce14753-66e5-465d-9841-26ef55c09c0d","type":"Microsoft.Authorization/policyDefinitions","name":"8ce14753-66e5-465d-9841-26ef55c09c0d"},{"properties":{"displayName":"Require
tag and its value on resource groups","policyType":"BuiltIn","mode":"All","description":"Enforces
a required tag and its value on resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","notEquals":"[parameters(''tagValue'')]"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46","type":"Microsoft.Authorization/policyDefinitions","name":"8ce3da23-7156-49e4-b145-24f95f9dcb46"},{"properties":{"displayName":"[Preview]:
+ parameters(''tagName''), '']'')]","notEquals":"[parameters(''tagValue'')]"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46","type":"Microsoft.Authorization/policyDefinitions","name":"8ce3da23-7156-49e4-b145-24f95f9dcb46"},{"properties":{"displayName":"Microsoft
+ Managed Control 1324 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1324"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8cfea2b3-7f77-497e-ac20-0752f2ff6eee","type":"Microsoft.Authorization/policyDefinitions","name":"8cfea2b3-7f77-497e-ac20-0752f2ff6eee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1225 - Information System Component Inventory | Automated
+ Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1225"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8d096fe0-f510-4486-8b4d-d17dc230980b","type":"Microsoft.Authorization/policyDefinitions","name":"8d096fe0-f510-4486-8b4d-d17dc230980b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1288 - Information System Backup","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1288"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f","type":"Microsoft.Authorization/policyDefinitions","name":"8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1281 - Telecommunications Services | Priority Of Service Provisions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1281"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8dc459b3-0e77-45af-8d71-cfd8c9654fe2","type":"Microsoft.Authorization/policyDefinitions","name":"8dc459b3-0e77-45af-8d71-cfd8c9654fe2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1250 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1250"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8de614d8-a8b7-4f70-a62a-6d37089a002c","type":"Microsoft.Authorization/policyDefinitions","name":"8de614d8-a8b7-4f70-a62a-6d37089a002c"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - Object Access''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -6313,7 +11095,22 @@ interactions:
Detailed File Share;ExpectedValue","value":"[parameters(''AuditDetailedFileShare'')]"},{"name":"Audit
File Share;ExpectedValue","value":"[parameters(''AuditFileShare'')]"},{"name":"Audit
File System;ExpectedValue","value":"[parameters(''AuditFileSystem'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8e170edb-e0f5-497a-bb36-48b3280cec6a","type":"Microsoft.Authorization/policyDefinitions","name":"8e170edb-e0f5-497a-bb36-48b3280cec6a"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8e170edb-e0f5-497a-bb36-48b3280cec6a","type":"Microsoft.Authorization/policyDefinitions","name":"8e170edb-e0f5-497a-bb36-48b3280cec6a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1278 - Alternate Processing Site | Preparation For Use","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1278"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8e5ef485-9e16-4c53-a475-fbb8107eac59","type":"Microsoft.Authorization/policyDefinitions","name":"8e5ef485-9e16-4c53-a475-fbb8107eac59"},{"properties":{"displayName":"Microsoft
+ Managed Control 1517 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1517"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8f5ad423-50d6-4617-b058-69908f5586c9","type":"Microsoft.Authorization/policyDefinitions","name":"8f5ad423-50d6-4617-b058-69908f5586c9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1668 - Flaw Remediation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1668"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8fb0966e-be1d-42c3-baca-60df5c0bcc61","type":"Microsoft.Authorization/policyDefinitions","name":"8fb0966e-be1d-42c3-baca-60df5c0bcc61"},{"properties":{"displayName":"Microsoft
+ Managed Control 1013 - Account Management | Automated System Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1013"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8fd7b917-d83b-4379-af60-51e14e316c61","type":"Microsoft.Authorization/policyDefinitions","name":"8fd7b917-d83b-4379-af60-51e14e316c61"},{"properties":{"displayName":"Microsoft
+ Managed Control 1147 - Security Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1147"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8fef824a-29a8-4a4c-88fc-420a39c0d541","type":"Microsoft.Authorization/policyDefinitions","name":"8fef824a-29a8-4a4c-88fc-420a39c0d541"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not store passwords using
reversible encryption","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -6321,14 +11118,17 @@ interactions:
system-assigned managed identity and deploys the VM extension for Guest Configuration.
This policy should only be used along with its corresponding audit policy
in an initiative. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"StorePasswordsUsingReversibleEncryption","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"StorePasswordsUsingReversibleEncryption"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","type":"Microsoft.Authorization/policyDefinitions","name":"8ff0b18b-262e-4512-857a-48ad0aeb9a78"},{"properties":{"displayName":"[Preview]:
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"StorePasswordsUsingReversibleEncryption","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"StorePasswordsUsingReversibleEncryption"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","type":"Microsoft.Authorization/policyDefinitions","name":"8ff0b18b-262e-4512-857a-48ad0aeb9a78"},{"properties":{"displayName":"Microsoft
+ Managed Control 1550 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1550"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/902908fb-25a8-4225-a3a5-5603c80066c9","type":"Microsoft.Authorization/policyDefinitions","name":"902908fb-25a8-4225-a3a5-5603c80066c9"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Windows Firewall
Properties''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -6461,7 +11261,10 @@ interactions:
Firewall: Domain: Allow unicast response;ExpectedValue","value":"[parameters(''WindowsFirewallDomainAllowUnicastResponse'')]"},{"name":"Windows
Firewall: Private: Allow unicast response;ExpectedValue","value":"[parameters(''WindowsFirewallPrivateAllowUnicastResponse'')]"},{"name":"Windows
Firewall: Public: Allow unicast response;ExpectedValue","value":"[parameters(''WindowsFirewallPublicAllowUnicastResponse'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/909c958d-1b99-4c74-b88f-46a5c5bc34f9","type":"Microsoft.Authorization/policyDefinitions","name":"909c958d-1b99-4c74-b88f-46a5c5bc34f9"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/909c958d-1b99-4c74-b88f-46a5c5bc34f9","type":"Microsoft.Authorization/policyDefinitions","name":"909c958d-1b99-4c74-b88f-46a5c5bc34f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1133 - Protection Of Audit Information | Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1133"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90b60a09-133d-45bc-86ef-b206a6134bbe","type":"Microsoft.Authorization/policyDefinitions","name":"90b60a09-133d-45bc-86ef-b206a6134bbe"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that do not have the specified Windows
PowerShell modules installed","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -6483,19 +11286,40 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellModules]PowerShellModules1;Modules","value":"[parameters(''Modules'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90ba2ee7-4ca8-4673-84d1-c851c50d3baf","type":"Microsoft.Authorization/policyDefinitions","name":"90ba2ee7-4ca8-4673-84d1-c851c50d3baf"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90ba2ee7-4ca8-4673-84d1-c851c50d3baf","type":"Microsoft.Authorization/policyDefinitions","name":"90ba2ee7-4ca8-4673-84d1-c851c50d3baf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1140 - Audit Generation | System-Wide / Time-Correlated Audit
+ Trail","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1140"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90d8b8ad-8ee3-4db7-913f-2a53fcff5316","type":"Microsoft.Authorization/policyDefinitions","name":"90d8b8ad-8ee3-4db7-913f-2a53fcff5316"},{"properties":{"displayName":"Microsoft
+ Managed Control 1355 - Incident Response Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1355"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90e01f69-3074-4de8-ade7-0fef3e7d83e0","type":"Microsoft.Authorization/policyDefinitions","name":"90e01f69-3074-4de8-ade7-0fef3e7d83e0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1657 - Secure Name / Address Resolution Service (Authoritative
+ Source)","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1657"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90f01329-a100-43c2-af31-098996135d2b","type":"Microsoft.Authorization/policyDefinitions","name":"90f01329-a100-43c2-af31-098996135d2b"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Windows Components''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Windows Components''. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsComponents","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9178b430-2295-406e-bb28-f6a7a2a2f897","type":"Microsoft.Authorization/policyDefinitions","name":"9178b430-2295-406e-bb28-f6a7a2a2f897"},{"properties":{"displayName":"MFA
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsComponents","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9178b430-2295-406e-bb28-f6a7a2a2f897","type":"Microsoft.Authorization/policyDefinitions","name":"9178b430-2295-406e-bb28-f6a7a2a2f897"},{"properties":{"displayName":"Microsoft
+ Managed Control 1069 - Wireless Access | Authentication And Encryption","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1069"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/91c97b44-791e-46e9-bad7-ab7c4949edbb","type":"Microsoft.Authorization/policyDefinitions","name":"91c97b44-791e-46e9-bad7-ab7c4949edbb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1370 - Incident Monitoring | Automated Tracking / Data Collection
+ / Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1370"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/924e1b2d-c502-478f-bfdb-a7e09a0d5c01","type":"Microsoft.Authorization/policyDefinitions","name":"924e1b2d-c502-478f-bfdb-a7e09a0d5c01"},{"properties":{"displayName":"MFA
should be enabled accounts with write permissions on your subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor
Authentication (MFA) should be enabled for all subscription accounts with
write privileges to prevent a breach of accounts or resources.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","type":"Microsoft.Authorization/policyDefinitions","name":"9297c21d-2ed6-4474-b48f-163f75654ce3"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","type":"Microsoft.Authorization/policyDefinitions","name":"9297c21d-2ed6-4474-b48f-163f75654ce3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1290 - Information System Backup","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1290"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/92f85ce9-17b7-49ea-85ee-ea7271ea6b82","type":"Microsoft.Authorization/policyDefinitions","name":"92f85ce9-17b7-49ea-85ee-ea7271ea6b82"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that contain certificates expiring within
the specified number of days","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -6523,19 +11347,53 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToInclude","value":"[parameters(''MembersToInclude'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","type":"Microsoft.Authorization/policyDefinitions","name":"93507a81-10a4-4af0-9ee2-34cf25a96e98"},{"properties":{"displayName":"[Deprecated]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","type":"Microsoft.Authorization/policyDefinitions","name":"93507a81-10a4-4af0-9ee2-34cf25a96e98"},{"properties":{"displayName":"Microsoft
+ Managed Control 1575 - Acquisition Process | Functional Properties Of Security
+ Controls","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1575"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93e1bb73-1b08-4dbe-9c62-8e2e92e7ec41","type":"Microsoft.Authorization/policyDefinitions","name":"93e1bb73-1b08-4dbe-9c62-8e2e92e7ec41"},{"properties":{"displayName":"Microsoft
+ Managed Control 1674 - Flaw Remediation | Time To Remediate Flaws / Benchmarks
+ For Corrective Actions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1674"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93e9e233-dd0a-4bde-aea5-1371bce0e002","type":"Microsoft.Authorization/policyDefinitions","name":"93e9e233-dd0a-4bde-aea5-1371bce0e002"},{"properties":{"displayName":"Microsoft
+ Managed Control 1297 - Information System Recovery And Reconstitution | Restore
+ Within Time Period","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1297"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93fd8af1-c161-4bae-9ba9-f62731f76439","type":"Microsoft.Authorization/policyDefinitions","name":"93fd8af1-c161-4bae-9ba9-f62731f76439"},{"properties":{"displayName":"Microsoft
+ Managed Control 1284 - Telecommunications Services | Provider Contingency
+ Plan","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1284"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/942b3e97-6ae3-410e-a794-c9c999b97c0b","type":"Microsoft.Authorization/policyDefinitions","name":"942b3e97-6ae3-410e-a794-c9c999b97c0b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1379 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1379"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9442dd2c-a07f-46cd-b55a-553b66ba47ca","type":"Microsoft.Authorization/policyDefinitions","name":"9442dd2c-a07f-46cd-b55a-553b66ba47ca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1371 - Incident Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1371"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9447f354-2c85-4700-93b3-ecdc6cb6a417","type":"Microsoft.Authorization/policyDefinitions","name":"9447f354-2c85-4700-93b3-ecdc6cb6a417"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation only in European data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
- resource creation in the following locations only: North Europe, West Europe","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["northeurope","westeurope"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b","type":"Microsoft.Authorization/policyDefinitions","name":"94c19f19-8192-48cd-a11b-e37099d3e36b"},{"properties":{"displayName":"Require
+ resource creation in the following locations only: North Europe, West Europe","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["northeurope","westeurope"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b","type":"Microsoft.Authorization/policyDefinitions","name":"94c19f19-8192-48cd-a11b-e37099d3e36b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1526 - Access Agreements","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1526"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/953e6261-a05a-44fd-8246-000e1a3edbb9","type":"Microsoft.Authorization/policyDefinitions","name":"953e6261-a05a-44fd-8246-000e1a3edbb9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1163 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1163"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/961663a1-8a91-4e59-b6f5-1eee57c0f49c","type":"Microsoft.Authorization/policyDefinitions","name":"961663a1-8a91-4e59-b6f5-1eee57c0f49c"},{"properties":{"displayName":"Require
specified tag on resource groups","policyType":"BuiltIn","mode":"All","description":"Enforces
existence of a tag on resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/96670d01-0a4d-4649-9c89-2d3abc0a5025","type":"Microsoft.Authorization/policyDefinitions","name":"96670d01-0a4d-4649-9c89-2d3abc0a5025"},{"properties":{"displayName":"Advanced
+ parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/96670d01-0a4d-4649-9c89-2d3abc0a5025","type":"Microsoft.Authorization/policyDefinitions","name":"96670d01-0a4d-4649-9c89-2d3abc0a5025"},{"properties":{"displayName":"Microsoft
+ Managed Control 1717 - Software, Firmware, And Information Integrity | Binary
+ Or Machine Executable Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1717"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef","type":"Microsoft.Authorization/policyDefinitions","name":"967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef"},{"properties":{"displayName":"Advanced
data security settings for SQL server should contain an email address to receive
security alerts","policyType":"BuiltIn","mode":"Indexed","description":"Ensure
that an email address is provided for the ''Send alerts to'' field in the
Advanced Data Security server settings. This email address receives alert
notifications when anomalous activities are detected on SQL servers.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAddresses[*]","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","type":"Microsoft.Authorization/policyDefinitions","name":"9677b740-f641-4f3c-b9c5-466005c85278"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAddresses[*]","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","type":"Microsoft.Authorization/policyDefinitions","name":"9677b740-f641-4f3c-b9c5-466005c85278"},{"properties":{"displayName":"Microsoft
+ Managed Control 1453 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1453"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9693b564-3008-42bc-9d5d-9c7fe198c011","type":"Microsoft.Authorization/policyDefinitions","name":"9693b564-3008-42bc-9d5d-9c7fe198c011"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Adminstrative Templates
- MSS (Legacy)''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -6543,7 +11401,11 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Adminstrative Templates - MSS (Legacy)''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdminstrativeTemplatesMSSLegacy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97646672-5efa-4622-9b54-740270ad60bf","type":"Microsoft.Authorization/policyDefinitions","name":"97646672-5efa-4622-9b54-740270ad60bf"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdminstrativeTemplatesMSSLegacy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97646672-5efa-4622-9b54-740270ad60bf","type":"Microsoft.Authorization/policyDefinitions","name":"97646672-5efa-4622-9b54-740270ad60bf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1607 - Developer Security Testing And Evaluation | Dynamic
+ Code Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1607"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/976a74cf-b192-4d35-8cab-2068f272addb","type":"Microsoft.Authorization/policyDefinitions","name":"976a74cf-b192-4d35-8cab-2068f272addb"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - Policy Change''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -6568,7 +11430,13 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit
Authentication Policy Change;ExpectedValue","value":"[parameters(''AuditAuthenticationPolicyChange'')]"},{"name":"Audit
Authorization Policy Change;ExpectedValue","value":"[parameters(''AuditAuthorizationPolicyChange'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97b595c8-fd10-400e-8543-28e2b9138b13","type":"Microsoft.Authorization/policyDefinitions","name":"97b595c8-fd10-400e-8543-28e2b9138b13"},{"properties":{"displayName":"[Deprecated]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97b595c8-fd10-400e-8543-28e2b9138b13","type":"Microsoft.Authorization/policyDefinitions","name":"97b595c8-fd10-400e-8543-28e2b9138b13"},{"properties":{"displayName":"Microsoft
+ Managed Control 1136 - Audit Record Retention","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1136"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97ed5bac-a92f-4f6d-a8ed-dc094723597c","type":"Microsoft.Authorization/policyDefinitions","name":"97ed5bac-a92f-4f6d-a8ed-dc094723597c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1378 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1378"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97fceb70-6983-42d0-9331-18ad8253184d","type":"Microsoft.Authorization/policyDefinitions","name":"97fceb70-6983-42d0-9331-18ad8253184d"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation only in United States data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation in the following locations only: Central US, East US, East
US2, North Central US, South Central US, West US","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["centralus","eastus","eastus2","northcentralus","southcentralus","westus"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869","type":"Microsoft.Authorization/policyDefinitions","name":"983211ba-f348-4758-983b-21fa29294869"},{"properties":{"displayName":"[Preview]:
@@ -6598,7 +11466,33 @@ interactions:
insecure guest logons;ExpectedValue","value":"[parameters(''EnableInsecureGuestLogons'')]"},{"name":"Minimize
the number of simultaneous connections to the Internet or a Windows Domain;ExpectedValue","value":"[parameters(''AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain'')]"},{"name":"Turn
off multicast name resolution;ExpectedValue","value":"[parameters(''TurnOffMulticastNameResolution'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/985285b7-b97a-419c-8d48-c88cc934c8d8","type":"Microsoft.Authorization/policyDefinitions","name":"985285b7-b97a-419c-8d48-c88cc934c8d8"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/985285b7-b97a-419c-8d48-c88cc934c8d8","type":"Microsoft.Authorization/policyDefinitions","name":"985285b7-b97a-419c-8d48-c88cc934c8d8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1076 - Use Of External Information Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1076"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/98a4bd5f-6436-46d4-ad00-930b5b1dfed4","type":"Microsoft.Authorization/policyDefinitions","name":"98a4bd5f-6436-46d4-ad00-930b5b1dfed4"},{"properties":{"displayName":"Ensure
+ that ''HTTP Version'' is the latest, if used to run the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for HTTP either due to security flaws or to include
+ additional functionality. Using the latest HTTP version for web apps to take
+ advantage of security fixes, if any, and/or new functionalities of the newer
+ version.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.http20Enabled","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db","type":"Microsoft.Authorization/policyDefinitions","name":"991310cd-e9f3-47bc-b7b6-f57b557d07db"},{"properties":{"displayName":"Microsoft
+ Managed Control 1102 - Audit Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1102"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9943c16a-c54c-4b4a-ad28-bfd938cdbf57","type":"Microsoft.Authorization/policyDefinitions","name":"9943c16a-c54c-4b4a-ad28-bfd938cdbf57"},{"properties":{"displayName":"Microsoft
+ Managed Control 1300 - Identification And Authentication (Organizational Users)","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1300"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/99deec7d-5526-472e-b07c-3645a792026a","type":"Microsoft.Authorization/policyDefinitions","name":"99deec7d-5526-472e-b07c-3645a792026a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1036 - Least Privilege | Non-Privileged Access For Nonsecurity
+ Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1036"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9a16d673-8cf0-4dcf-b1d5-9b3e114fef71","type":"Microsoft.Authorization/policyDefinitions","name":"9a16d673-8cf0-4dcf-b1d5-9b3e114fef71"},{"properties":{"displayName":"FTPS
+ only should be required in your API App","policyType":"BuiltIn","mode":"Indexed","description":"Enable
+ FTPS enforcement for enhanced security","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/ftpsState","equals":"FtpsOnly"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5","type":"Microsoft.Authorization/policyDefinitions","name":"9a1b8c48-453a-4044-86c3-d8bfd823e4f5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1021 - Account Management | Restrictions On Use Of Shared
+ / Group Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1021"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9a3eb0a3-428d-4669-baff-20a14eb4b551","type":"Microsoft.Authorization/policyDefinitions","name":"9a3eb0a3-428d-4669-baff-20a14eb4b551"},{"properties":{"displayName":"Deploy
Diagnostic Settings for Azure SQL Database to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
the diagnostic settings for Azure SQL Database to stream to a regional Event
Hub on any Azure SQL Database which is missing this diagnostic settings is
@@ -6615,21 +11509,84 @@ interactions:
or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"fullName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"resources":[{"type":"Microsoft.Sql/servers/databases/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''fullName''),
''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"QueryStoreRuntimeStatistics","enabled":"[parameters(''logsEnabled'')]"},{"category":"QueryStoreWaitStatistics","enabled":"[parameters(''logsEnabled'')]"},{"category":"Errors","enabled":"[parameters(''logsEnabled'')]"},{"category":"DatabaseWaitStatistics","enabled":"[parameters(''logsEnabled'')]"},{"category":"Blocks","enabled":"[parameters(''logsEnabled'')]"},{"category":"SQLInsights","enabled":"[parameters(''logsEnabled'')]"},{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"SQLSecurityAuditEvents","enabled":"[parameters(''logsEnabled'')]"},{"category":"Timeouts","enabled":"[parameters(''logsEnabled'')]"},{"category":"AutomaticTuning","enabled":"[parameters(''logsEnabled'')]"},{"category":"Deadlocks","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
diagnostic settings for '', parameters(''fullName''))]"}}},"parameters":{"location":{"value":"[field(''location'')]"},"fullName":{"value":"[field(''fullName'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9a7c7a7d-49e5-4213-bea8-6a502b6272e0","type":"Microsoft.Authorization/policyDefinitions","name":"9a7c7a7d-49e5-4213-bea8-6a502b6272e0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1049 - System Use Notification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1049"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9adf7ba7-900a-4f35-8d57-9f34aafc405c","type":"Microsoft.Authorization/policyDefinitions","name":"9adf7ba7-900a-4f35-8d57-9f34aafc405c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1563 - Allocation Of Resources","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1563"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9afe2edf-232c-4fdf-8e6a-e867a5c525fd","type":"Microsoft.Authorization/policyDefinitions","name":"9afe2edf-232c-4fdf-8e6a-e867a5c525fd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1462 - Monitoring Physical Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1462"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9b1f3a9a-13a1-4b40-8420-36bca6fd8c02","type":"Microsoft.Authorization/policyDefinitions","name":"9b1f3a9a-13a1-4b40-8420-36bca6fd8c02"},{"properties":{"displayName":"Microsoft
IaaSAntimalware extension should be deployed on Windows servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Windows server VM without Microsoft IaaSAntimalware extension
deployed.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk"]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","type":"Microsoft.Authorization/policyDefinitions","name":"9b597639-28e4-48eb-b506-56b05d366257"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk"]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","type":"Microsoft.Authorization/policyDefinitions","name":"9b597639-28e4-48eb-b506-56b05d366257"},{"properties":{"displayName":"Microsoft
+ Managed Control 1236 - Software Usage Restrictions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1236"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ba3ed84-c768-4e18-b87c-34ef1aff1b57","type":"Microsoft.Authorization/policyDefinitions","name":"9ba3ed84-c768-4e18-b87c-34ef1aff1b57"},{"properties":{"displayName":"Microsoft
+ Managed Control 1525 - Personnel Transfer","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1525"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9be2f688-7a61-45e3-8230-e1ec93893f66","type":"Microsoft.Authorization/policyDefinitions","name":"9be2f688-7a61-45e3-8230-e1ec93893f66"},{"properties":{"displayName":"[Deprecated]:
Audit API Applications that are not using latest supported Java Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported Java version for the latest security classes. Using older
classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745","type":"Microsoft.Authorization/policyDefinitions","name":"9bfe3727-0a17-471f-a2fe-eddd6b668745"},{"properties":{"displayName":"Access
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745","type":"Microsoft.Authorization/policyDefinitions","name":"9bfe3727-0a17-471f-a2fe-eddd6b668745"},{"properties":{"displayName":"Microsoft
+ Managed Control 1138 - Audit Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1138"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9c284fc0-268a-4f29-af44-3c126674edb4","type":"Microsoft.Authorization/policyDefinitions","name":"9c284fc0-268a-4f29-af44-3c126674edb4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1135 - Non-Repudiation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1135"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9c308b6b-2429-4b97-86cf-081b8e737b04","type":"Microsoft.Authorization/policyDefinitions","name":"9c308b6b-2429-4b97-86cf-081b8e737b04"},{"properties":{"displayName":"Microsoft
+ Managed Control 1489 - Location Of Information System Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1489"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d0a794f-1444-4c96-9534-e35fc8c39c91","type":"Microsoft.Authorization/policyDefinitions","name":"9d0a794f-1444-4c96-9534-e35fc8c39c91"},{"properties":{"displayName":"Ensure
+ that ''Java version'' is the latest, if used as a part of the Funtion app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Java software either due to security flaws
+ or to include additional functionality. Using the latest Java version for
+ Function apps is recommended in order to to take advantage of security fixes,
+ if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ Java version","description":"Latest supported Java version for App Services"},"defaultValue":"11"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"JAVA"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","like":"[concat(''*'',
+ parameters(''JavaLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.javaVersion","like":"[concat(parameters(''JavaLatestVersion''),
+ ''*'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","type":"Microsoft.Authorization/policyDefinitions","name":"9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1322 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1322"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d1d971e-467e-4278-9633-c74c3d4fecc4","type":"Microsoft.Authorization/policyDefinitions","name":"9d1d971e-467e-4278-9633-c74c3d4fecc4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1233 - Configuration Management Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1233"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d79001f-95fe-45d0-8736-f217e78c1f57","type":"Microsoft.Authorization/policyDefinitions","name":"9d79001f-95fe-45d0-8736-f217e78c1f57"},{"properties":{"displayName":"Microsoft
+ Managed Control 1305 - Identification And Authentication (Org. Users) | Group
+ Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1305"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d9166a8-1722-4b8f-847c-2cf3f2618b3d","type":"Microsoft.Authorization/policyDefinitions","name":"9d9166a8-1722-4b8f-847c-2cf3f2618b3d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1259 - Contingency Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1259"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d9e18f7-bad9-4d30-8806-a0c9d5e26208","type":"Microsoft.Authorization/policyDefinitions","name":"9d9e18f7-bad9-4d30-8806-a0c9d5e26208"},{"properties":{"displayName":"Access
through Internet facing endpoint should be restricted","policyType":"BuiltIn","mode":"All","description":"Azure
Security center has identified some of your Network Security Groups'' inbound
rules to be too permissive. Inbound rules should not allow access from ''Any''
or ''Internet'' ranges. This can potentially enable attackers to easily target
your resources.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedNetworkEndpoint","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","type":"Microsoft.Authorization/policyDefinitions","name":"9daedab3-fb2d-461e-b861-71790eead4f6"},{"properties":{"displayName":"Append
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedNetworkEndpoint","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","type":"Microsoft.Authorization/policyDefinitions","name":"9daedab3-fb2d-461e-b861-71790eead4f6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1500 - Rules Of Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1500"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9dd5b241-03cb-47d3-a5cd-4b89f9c53c92","type":"Microsoft.Authorization/policyDefinitions","name":"9dd5b241-03cb-47d3-a5cd-4b89f9c53c92"},{"properties":{"displayName":"Microsoft
+ Managed Control 1482 - Temperature And Humidity Controls | Monitoring With
+ Alarms / Notifications","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1482"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9df4277e-8c88-4d5c-9b1a-541d53d15d7b","type":"Microsoft.Authorization/policyDefinitions","name":"9df4277e-8c88-4d5c-9b1a-541d53d15d7b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1553 - Vulnerability Scanning | Breadth / Depth Of Coverage","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1553"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9e5225fe-cdfb-4fce-9aec-0fe20dd53b62","type":"Microsoft.Authorization/policyDefinitions","name":"9e5225fe-cdfb-4fce-9aec-0fe20dd53b62"},{"properties":{"displayName":"Microsoft
+ Managed Control 1490 - Security Planning Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1490"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9e61da80-0957-4892-b70c-609d5eaafb6b","type":"Microsoft.Authorization/policyDefinitions","name":"9e61da80-0957-4892-b70c-609d5eaafb6b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1504 - Information Security Architecture","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1504"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9e7c35d0-12d4-4e0c-80a2-8a352537aefd","type":"Microsoft.Authorization/policyDefinitions","name":"9e7c35d0-12d4-4e0c-80a2-8a352537aefd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1609 - Development Process, Standards, And Tools","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1609"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9e93fa71-42ac-41a7-b177-efbfdc53c69f","type":"Microsoft.Authorization/policyDefinitions","name":"9e93fa71-42ac-41a7-b177-efbfdc53c69f"},{"properties":{"displayName":"Append
tag and its value from the resource group","policyType":"BuiltIn","mode":"Indexed","description":"Appends
the specified tag with its value from the resource group when any resource
which is missing this tag is created or updated. Does not modify the tags
@@ -6638,13 +11595,25 @@ interactions:
of tags on existing resources (see https://aka.ms/modifydoc).","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"allOf":[{"field":"[concat(''tags['',
parameters(''tagName''), '']'')]","exists":"false"},{"value":"[resourceGroup().tags[parameters(''tagName'')]]","notEquals":""}]},"then":{"effect":"append","details":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[resourceGroup().tags[parameters(''tagName'')]]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ea02ca2-71db-412d-8b00-7c7ca9fcd32d","type":"Microsoft.Authorization/policyDefinitions","name":"9ea02ca2-71db-412d-8b00-7c7ca9fcd32d"},{"properties":{"displayName":"Show
+ parameters(''tagName''), '']'')]","value":"[resourceGroup().tags[parameters(''tagName'')]]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ea02ca2-71db-412d-8b00-7c7ca9fcd32d","type":"Microsoft.Authorization/policyDefinitions","name":"9ea02ca2-71db-412d-8b00-7c7ca9fcd32d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1494 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1494"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ed09d84-3311-4853-8b67-2b55dfa33d09","type":"Microsoft.Authorization/policyDefinitions","name":"9ed09d84-3311-4853-8b67-2b55dfa33d09"},{"properties":{"displayName":"Microsoft
+ Managed Control 1514 - Personnel Screening | Information With Special Protection
+ Measures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1514"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ed5ca00-0e43-434e-a018-7aab91461ba7","type":"Microsoft.Authorization/policyDefinitions","name":"9ed5ca00-0e43-434e-a018-7aab91461ba7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1187 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1187"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9f2b2f9e-4ba6-46c3-907f-66db138b6f85","type":"Microsoft.Authorization/policyDefinitions","name":"9f2b2f9e-4ba6-46c3-907f-66db138b6f85"},{"properties":{"displayName":"Show
audit results from Windows VMs that are not set to the specified time zone","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that are not set to the specified time zone.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsTimeZone","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9f658460-46b7-43af-8565-94fc0662be38","type":"Microsoft.Authorization/policyDefinitions","name":"9f658460-46b7-43af-8565-94fc0662be38"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsTimeZone","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9f658460-46b7-43af-8565-94fc0662be38","type":"Microsoft.Authorization/policyDefinitions","name":"9f658460-46b7-43af-8565-94fc0662be38"},{"properties":{"displayName":"Microsoft
+ Managed Control 1354 - Incident Response Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1354"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9fd92c17-163a-4511-bb96-bbb476449796","type":"Microsoft.Authorization/policyDefinitions","name":"9fd92c17-163a-4511-bb96-bbb476449796"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs on which the Log Analytics agent is not
connected as expected","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -6652,14 +11621,22 @@ interactions:
auditing Windows virtual machines on which the Log Analytics agent is not
connected to the specified workspaces. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsLogAnalyticsAgentConnection","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a030a57e-4639-4e8f-ade9-a92f33afe7ee","type":"Microsoft.Authorization/policyDefinitions","name":"a030a57e-4639-4e8f-ade9-a92f33afe7ee"},{"properties":{"displayName":"Allowed
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsLogAnalyticsAgentConnection","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a030a57e-4639-4e8f-ade9-a92f33afe7ee","type":"Microsoft.Authorization/policyDefinitions","name":"a030a57e-4639-4e8f-ade9-a92f33afe7ee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1145 - Security Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1145"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a0724970-9c75-4a64-a225-a28002953f28","type":"Microsoft.Authorization/policyDefinitions","name":"a0724970-9c75-4a64-a225-a28002953f28"},{"properties":{"displayName":"Allowed
resource types","policyType":"BuiltIn","mode":"Indexed","description":"This
policy enables you to specify the resource types that your organization can
deploy. Only resource types that support ''tags'' and ''location'' will be
affected by this policy. To restrict all resources please duplicate this policy
and change the ''mode'' to ''All''.","metadata":{"category":"General"},"parameters":{"listOfResourceTypesAllowed":{"type":"Array","metadata":{"description":"The
list of resource types that can be deployed.","displayName":"Allowed resource
- types","strongType":"resourceTypes"}}},"policyRule":{"if":{"not":{"field":"type","in":"[parameters(''listOfResourceTypesAllowed'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c","type":"Microsoft.Authorization/policyDefinitions","name":"a08ec900-254a-4555-9bf5-e42af04b5c5c"},{"properties":{"displayName":"Security
+ types","strongType":"resourceTypes"}}},"policyRule":{"if":{"not":{"field":"type","in":"[parameters(''listOfResourceTypesAllowed'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c","type":"Microsoft.Authorization/policyDefinitions","name":"a08ec900-254a-4555-9bf5-e42af04b5c5c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1245 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1245"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a0e45314-57b8-4623-80cd-bbb561f59516","type":"Microsoft.Authorization/policyDefinitions","name":"a0e45314-57b8-4623-80cd-bbb561f59516"},{"properties":{"displayName":"Microsoft
+ Managed Control 1406 - Maintenance Tools | Inspect Media","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1406"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a0f5339c-9292-43aa-a0bc-d27c6b8e30aa","type":"Microsoft.Authorization/policyDefinitions","name":"a0f5339c-9292-43aa-a0bc-d27c6b8e30aa"},{"properties":{"displayName":"Security
Center standard pricing tier should be selected","policyType":"BuiltIn","mode":"All","description":"The
standard pricing tier enables threat detection for networks and virtual machines,
providing threat intelligence, anomaly detection, and behavior analytics in
@@ -6672,20 +11649,72 @@ interactions:
security model, you shoud create access policies at the entity level for queues
and topics to provide access to only the specific entity","metadata":{"category":"Service
Bus"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceBus/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","type":"Microsoft.Authorization/policyDefinitions","name":"a1817ec0-a368-432a-8057-8371e17ac6ee"},{"properties":{"displayName":"[Preview]:
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceBus/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","type":"Microsoft.Authorization/policyDefinitions","name":"a1817ec0-a368-432a-8057-8371e17ac6ee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1265 - Contingency Plan Testing | Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1265"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a18adb5b-1db6-4a5b-901a-7d3797d12972","type":"Microsoft.Authorization/policyDefinitions","name":"a18adb5b-1db6-4a5b-901a-7d3797d12972"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Logic Apps to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Logic Apps to stream to a regional Event Hub when
+ any Logic Apps which is missing this diagnostic settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Logic/workflows/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"WorkflowRuntime","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1dae6c7-13f3-48ea-a149-ff8442661f60","type":"Microsoft.Authorization/policyDefinitions","name":"a1dae6c7-13f3-48ea-a149-ff8442661f60"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Administrative Templates
- System''","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Administrative
Templates - System''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1e8dda3-9fd2-4835-aec3-0e55531fde33","type":"Microsoft.Authorization/policyDefinitions","name":"a1e8dda3-9fd2-4835-aec3-0e55531fde33"},{"properties":{"displayName":"Show
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1e8dda3-9fd2-4835-aec3-0e55531fde33","type":"Microsoft.Authorization/policyDefinitions","name":"a1e8dda3-9fd2-4835-aec3-0e55531fde33"},{"properties":{"displayName":"Microsoft
+ Managed Control 1612 - Developer Security Architecture And Design","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1612"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2037b3d-8b04-4171-8610-e6d4f1d08db5","type":"Microsoft.Authorization/policyDefinitions","name":"a2037b3d-8b04-4171-8610-e6d4f1d08db5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1197 - Configuration Change Control | Test / Validate / Document
+ Changes","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1197"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a20d2eaa-88e2-4907-96a2-8f3a05797e5c","type":"Microsoft.Authorization/policyDefinitions","name":"a20d2eaa-88e2-4907-96a2-8f3a05797e5c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1275 - Alternate Processing Site | Separation From Primary
+ Site","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1275"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a23d9d53-ad2e-45ef-afd5-e6d10900a737","type":"Microsoft.Authorization/policyDefinitions","name":"a23d9d53-ad2e-45ef-afd5-e6d10900a737"},{"properties":{"displayName":"Microsoft
+ Managed Control 1690 - Information System Monitoring | System-Wide Intrusion
+ Detection System","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1690"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2567a23-d1c3-4783-99f3-d471302a4d6b","type":"Microsoft.Authorization/policyDefinitions","name":"a2567a23-d1c3-4783-99f3-d471302a4d6b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1410 - Maintenance Tools | Prevent Unauthorized Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1410"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2596a9f-e59f-420d-9625-6e0b536348be","type":"Microsoft.Authorization/policyDefinitions","name":"a2596a9f-e59f-420d-9625-6e0b536348be"},{"properties":{"displayName":"Microsoft
+ Managed Control 1059 - Remote Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1059"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a29b5d9f-4953-4afe-b560-203a6410b6b4","type":"Microsoft.Authorization/policyDefinitions","name":"a29b5d9f-4953-4afe-b560-203a6410b6b4"},{"properties":{"displayName":"Show
audit results from Windows VMs that are not joined to the specified domain","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that are not joined to the specified domain.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDomainMembership","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a29ee95c-0395-4515-9851-cc04ffe82a91","type":"Microsoft.Authorization/policyDefinitions","name":"a29ee95c-0395-4515-9851-cc04ffe82a91"},{"properties":{"displayName":"Audit
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDomainMembership","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a29ee95c-0395-4515-9851-cc04ffe82a91","type":"Microsoft.Authorization/policyDefinitions","name":"a29ee95c-0395-4515-9851-cc04ffe82a91"},{"properties":{"displayName":"Microsoft
+ Managed Control 1532 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1532"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2c66299-9017-4d95-8040-8bdbf7901d52","type":"Microsoft.Authorization/policyDefinitions","name":"a2c66299-9017-4d95-8040-8bdbf7901d52"},{"properties":{"displayName":"Microsoft
+ Managed Control 1664 - Protection Of Information At Rest | Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1664"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2cdf6b8-9505-4619-b579-309ba72037ac","type":"Microsoft.Authorization/policyDefinitions","name":"a2cdf6b8-9505-4619-b579-309ba72037ac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1252 - Contingency Plan | Capacity Planning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1252"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a328fd72-8ff5-4f96-8c9c-b30ed95db4ab","type":"Microsoft.Authorization/policyDefinitions","name":"a328fd72-8ff5-4f96-8c9c-b30ed95db4ab"},{"properties":{"displayName":"Microsoft
+ Managed Control 1238 - User-Installed Software","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1238"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1","type":"Microsoft.Authorization/policyDefinitions","name":"a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1693 - Information System Monitoring | System-Generated Alerts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1693"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a450eba6-2efc-4a00-846a-5804a93c6b77","type":"Microsoft.Authorization/policyDefinitions","name":"a450eba6-2efc-4a00-846a-5804a93c6b77"},{"properties":{"displayName":"Audit
usage of custom RBAC rules","policyType":"BuiltIn","mode":"All","description":"Audit
built-in roles such as ''Owner, Contributer, Reader'' instead of custom RBAC
roles, which are error prone. Using custom roles is treated as an exception
@@ -6694,7 +11723,10 @@ interactions:
Application should only be accessible over HTTPS","policyType":"BuiltIn","mode":"Indexed","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","type":"Microsoft.Authorization/policyDefinitions","name":"a4af4a39-4135-47fb-b175-47fbdf85311d"},{"properties":{"displayName":"Auditing
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","type":"Microsoft.Authorization/policyDefinitions","name":"a4af4a39-4135-47fb-b175-47fbdf85311d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1617 - Application Partitioning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1617"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a631d8f5-eb81-4f9d-9ee1-74431371e4a3","type":"Microsoft.Authorization/policyDefinitions","name":"a631d8f5-eb81-4f9d-9ee1-74431371e4a3"},{"properties":{"displayName":"Auditing
should be enabled on advanced data security settings on SQL Server","policyType":"BuiltIn","mode":"Indexed","description":"Auditing
tracks database events and writes them to an audit log in the Azure storage
account. It also helps to maintain regulatory compliance, understand database
@@ -6705,21 +11737,49 @@ interactions:
Log Analytics agent should be installed on virtual machines","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Windows/Linux virtual machines if the Log Analytics agent
is not installed.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","in":["MicrosoftMonitoringAgent","OmsAgentForLinux"]},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"},{"field":"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be","type":"Microsoft.Authorization/policyDefinitions","name":"a70ca396-0a34-413a-88e1-b956c1e683be"},{"properties":{"displayName":"DDoS
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","in":["MicrosoftMonitoringAgent","OmsAgentForLinux"]},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"},{"field":"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be","type":"Microsoft.Authorization/policyDefinitions","name":"a70ca396-0a34-413a-88e1-b956c1e683be"},{"properties":{"displayName":"Microsoft
+ Managed Control 1431 - Media Storage","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1431"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7173c52-2b99-4696-a576-63dd5f970ef4","type":"Microsoft.Authorization/policyDefinitions","name":"a7173c52-2b99-4696-a576-63dd5f970ef4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1644 - Cryptographic Key Establishment And Management | Availability","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1644"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7211477-c970-446b-b4af-062f37461147","type":"Microsoft.Authorization/policyDefinitions","name":"a7211477-c970-446b-b4af-062f37461147"},{"properties":{"displayName":"Microsoft
+ Managed Control 1027 - Access Enforcement","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1027"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c","type":"Microsoft.Authorization/policyDefinitions","name":"a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c"},{"properties":{"displayName":"DDoS
Protection Standard should be enabled","policyType":"BuiltIn","mode":"All","description":"DDoS
protection standard should be enabled for all virtual networks with a subnet
that is part of an application gateway with a public IP.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"microsoft.network/virtualNetworks"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableDDoSProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","type":"Microsoft.Authorization/policyDefinitions","name":"a7aca53f-2ed4-4466-a25e-0b45ade68efd"},{"properties":{"displayName":"Require
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"microsoft.network/virtualNetworks"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableDDoSProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","type":"Microsoft.Authorization/policyDefinitions","name":"a7aca53f-2ed4-4466-a25e-0b45ade68efd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1570 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1570"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7fcf38d-bb09-4600-be7d-825046eb162a","type":"Microsoft.Authorization/policyDefinitions","name":"a7fcf38d-bb09-4600-be7d-825046eb162a"},{"properties":{"displayName":"Require
encryption on Data Lake Store accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
policy ensures encryption is enabled on all Data Lake Store accounts","metadata":{"category":"Data
- Lake"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},{"field":"Microsoft.DataLakeStore/accounts/encryptionState","equals":"Disabled"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"a7ff3161-0087-490a-9ad9-ad6217f4f43a"},{"properties":{"displayName":"[Deprecated]
+ Lake"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},{"field":"Microsoft.DataLakeStore/accounts/encryptionState","equals":"Disabled"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"a7ff3161-0087-490a-9ad9-ad6217f4f43a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1295 - Information System Recovery And Reconstitution","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1295"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a895fbdb-204d-4302-9689-0a59dc42b3d9","type":"Microsoft.Authorization/policyDefinitions","name":"a895fbdb-204d-4302-9689-0a59dc42b3d9"},{"properties":{"displayName":"[Deprecated]
Monitor unencrypted SQL databases in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Unencrypted
SQL databases will be monitored by Azure Security Center as recommendations.
This policy is deprecated and replaced by the following policy: Transparent
Data Encryption on SQL databases should be enabled''","metadata":{"category":"Security
Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16","type":"Microsoft.Authorization/policyDefinitions","name":"a8bef009-a5c9-4d0f-90d7-6018734e8a16"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16","type":"Microsoft.Authorization/policyDefinitions","name":"a8bef009-a5c9-4d0f-90d7-6018734e8a16"},{"properties":{"displayName":"Microsoft
+ Managed Control 1283 - Telecommunications Services | Separation Of Primary
+ / Alternate Providers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1283"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9172e76-7f56-46e9-93bf-75d69bdb5491","type":"Microsoft.Authorization/policyDefinitions","name":"a9172e76-7f56-46e9-93bf-75d69bdb5491"},{"properties":{"displayName":"Microsoft
+ Managed Control 1400 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1400"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a96d5098-a604-4cdf-90b1-ef6449a27424","type":"Microsoft.Authorization/policyDefinitions","name":"a96d5098-a604-4cdf-90b1-ef6449a27424"},{"properties":{"displayName":"Microsoft
+ Managed Control 1118 - Audit Review, Analysis, And Reporting | Correlate Audit
+ Repositories","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1118"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a96f743d-a195-420d-983a-08aa06bc441e","type":"Microsoft.Authorization/policyDefinitions","name":"a96f743d-a195-420d-983a-08aa06bc441e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1199 - Configuration Change Control | Cryptography Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1199"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9a08d1c-09b1-48f1-90ea-029bbdf7111e","type":"Microsoft.Authorization/policyDefinitions","name":"a9a08d1c-09b1-48f1-90ea-029bbdf7111e"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Detailed Tracking''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -6732,22 +11792,60 @@ interactions:
policy creates a network watcher resource in regions with virtual networks.
You need to ensure existence of a resource group named networkWatcherRG, which
will be used to deploy network watcher instances.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/virtualNetworks"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Network/networkWatchers","resourceGroupName":"networkWatcherRG","existenceCondition":{"field":"location","equals":"[field(''location'')]"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json","contentVersion":"1.0.0.0","parameters":{"location":{"type":"string"}},"resources":[{"apiVersion":"2016-09-01","type":"Microsoft.Network/networkWatchers","name":"[concat(''networkWatcher_'',
- parameters(''location''))]","location":"[parameters(''location'')]"}]},"parameters":{"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9","type":"Microsoft.Authorization/policyDefinitions","name":"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9"},{"properties":{"displayName":"MFA
+ parameters(''location''))]","location":"[parameters(''location'')]"}]},"parameters":{"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9","type":"Microsoft.Authorization/policyDefinitions","name":"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1511 - Personnel Screening","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1511"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9eae324-d327-4539-9293-b48e122465f8","type":"Microsoft.Authorization/policyDefinitions","name":"a9eae324-d327-4539-9293-b48e122465f8"},{"properties":{"displayName":"MFA
should be enabled on accounts with owner permissions on your subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor
Authentication (MFA) should be enabled for all subscription accounts with
owner permissions to prevent a breach of accounts or resources.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","type":"Microsoft.Authorization/policyDefinitions","name":"aa633080-8b72-40c4-a2d7-d00c03e80bed"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","type":"Microsoft.Authorization/policyDefinitions","name":"aa633080-8b72-40c4-a2d7-d00c03e80bed"},{"properties":{"displayName":"Ensure
+ that Register with Azure Active Directory is enabled on WEB App","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aa81768c-cb87-4ce2-bfaa-00baa10d760c","type":"Microsoft.Authorization/policyDefinitions","name":"aa81768c-cb87-4ce2-bfaa-00baa10d760c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1539 - Security Categorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1539"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aabb155f-e7a5-4896-a767-e918bfae2ee0","type":"Microsoft.Authorization/policyDefinitions","name":"aabb155f-e7a5-4896-a767-e918bfae2ee0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1006 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1006"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aae8d54c-4bce-4c04-b3aa-5b65b67caac8","type":"Microsoft.Authorization/policyDefinitions","name":"aae8d54c-4bce-4c04-b3aa-5b65b67caac8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1461 - Monitoring Physical Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1461"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aafef03e-fea8-470b-88fa-54bd1fcd7064","type":"Microsoft.Authorization/policyDefinitions","name":"aafef03e-fea8-470b-88fa-54bd1fcd7064"},{"properties":{"displayName":"Microsoft
+ Managed Control 1073 - Access Control For Mobile Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1073"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ab55cdb0-c7dd-4bd8-ae22-a7cea7594e9c","type":"Microsoft.Authorization/policyDefinitions","name":"ab55cdb0-c7dd-4bd8-ae22-a7cea7594e9c"},{"properties":{"displayName":"Ensure
+ that ''PHP version'' is the latest, if used as a part of the Function app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for PHP software either due to security flaws
+ or to include additional functionality. Using the latest PHP version for Function
+ apps is recommended in order to to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ PHP version","description":"Latest supported PHP version for App Services"},"defaultValue":"7.3"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PHP"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PHP|'',
+ parameters(''PHPLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":"[parameters(''PHPLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ab965db2-d2bf-4b64-8b39-c38ec8179461","type":"Microsoft.Authorization/policyDefinitions","name":"ab965db2-d2bf-4b64-8b39-c38ec8179461"},{"properties":{"displayName":"[Deprecated]:
Automatic provisioning of security monitoring agent","policyType":"BuiltIn","mode":"All","description":"Installs
security agent on VMs for advanced security alerts and preventions in Azure
Security Center. Applies only for subscriptions that use Azure Security Center.","metadata":{"category":"Security
- Center","deprecated":true},"parameters":{},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Security/complianceResults","name":"securityAgent","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24","type":"Microsoft.Authorization/policyDefinitions","name":"abcc6037-1fc4-47f6-aac5-89706589be24"},{"properties":{"displayName":"Advanced
+ Center","deprecated":true},"parameters":{},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Security/complianceResults","name":"securityAgent","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24","type":"Microsoft.Authorization/policyDefinitions","name":"abcc6037-1fc4-47f6-aac5-89706589be24"},{"properties":{"displayName":"Microsoft
+ Managed Control 1323 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1323"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abe8f70b-680f-470c-9b86-a7edfb664ecc","type":"Microsoft.Authorization/policyDefinitions","name":"abe8f70b-680f-470c-9b86-a7edfb664ecc"},{"properties":{"displayName":"Advanced
data security should be enabled on your SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"Audit
SQL servers without Advanced Data Security","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/state","equals":"Enabled"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","type":"Microsoft.Authorization/policyDefinitions","name":"abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9"},{"properties":{"displayName":"Advanced
data security should be enabled on your SQL managed instances","policyType":"BuiltIn","mode":"Indexed","description":"Audit
SQL managed instances without Advanced Data Security","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/state","equals":"Enabled"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","type":"Microsoft.Authorization/policyDefinitions","name":"abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/state","equals":"Enabled"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","type":"Microsoft.Authorization/policyDefinitions","name":"abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1056 - Session Termination | User-Initiated Logouts / Message
+ Displays","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1056"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac43352f-df83-4694-8738-cfce549fd08d","type":"Microsoft.Authorization/policyDefinitions","name":"ac43352f-df83-4694-8738-cfce549fd08d"},{"properties":{"displayName":"[Preview]:
Role-Based Access Control (RBAC) should be used on Kubernetes Services","policyType":"BuiltIn","mode":"All","description":"To
provide granular filtering on the actions that users can perform, use Role-Based
Access Control (RBAC) to manage permissions in Kubernetes Service Clusters
@@ -6756,18 +11854,38 @@ interactions:
or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/enableRBAC","exists":"false"},{"field":"Microsoft.ContainerService/managedClusters/enableRBAC","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","type":"Microsoft.Authorization/policyDefinitions","name":"ac4a19c2-fa67-49b4-8ae5-0b2e78c49457"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation if ''environment'' tag value in allowed values","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation if the ''environment'' tag is set to one of the following
- values: production, dev, test, staging","metadata":{"category":"Tags","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags[''environment'']","in":["production","dev","test","staging"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9","type":"Microsoft.Authorization/policyDefinitions","name":"ac7e5fc0-c029-4b12-91d4-a8500ce697f9"},{"properties":{"displayName":"SQL
+ values: production, dev, test, staging","metadata":{"category":"Tags","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags[''environment'']","in":["production","dev","test","staging"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9","type":"Microsoft.Authorization/policyDefinitions","name":"ac7e5fc0-c029-4b12-91d4-a8500ce697f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1569 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1569"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ad2f8e61-a564-4dfd-8eaa-816f5be8cb34","type":"Microsoft.Authorization/policyDefinitions","name":"ad2f8e61-a564-4dfd-8eaa-816f5be8cb34"},{"properties":{"displayName":"Microsoft
+ Managed Control 1454 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1454"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ad58985d-ab32-4f99-8bd3-b7e134c90229","type":"Microsoft.Authorization/policyDefinitions","name":"ad58985d-ab32-4f99-8bd3-b7e134c90229"},{"properties":{"displayName":"Microsoft
+ Managed Control 1025 - Account Management | Account Monitoring / Atypical
+ Usage","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1025"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/adfe020d-0a97-45f4-a39c-696ef99f3a95","type":"Microsoft.Authorization/policyDefinitions","name":"adfe020d-0a97-45f4-a39c-696ef99f3a95"},{"properties":{"displayName":"Microsoft
+ Managed Control 1272 - Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1272"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8","type":"Microsoft.Authorization/policyDefinitions","name":"ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8"},{"properties":{"displayName":"SQL
Server should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any SQL Server not configured to use a virtual network service
endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/virtualNetworkRules","existenceCondition":{"field":"Microsoft.Sql/servers/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ae5d2f14-d830-42b6-9899-df6cfe9c71a3","type":"Microsoft.Authorization/policyDefinitions","name":"ae5d2f14-d830-42b6-9899-df6cfe9c71a3"},{"properties":{"displayName":"Email
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/virtualNetworkRules","existenceCondition":{"field":"Microsoft.Sql/servers/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ae5d2f14-d830-42b6-9899-df6cfe9c71a3","type":"Microsoft.Authorization/policyDefinitions","name":"ae5d2f14-d830-42b6-9899-df6cfe9c71a3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1598 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1598"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ae7e1f5e-2d63-4b38-91ef-bce14151cce3","type":"Microsoft.Authorization/policyDefinitions","name":"ae7e1f5e-2d63-4b38-91ef-bce14151cce3"},{"properties":{"displayName":"Email
notifications to admins and subscription owners should be enabled in SQL managed
instance advanced data security settings","policyType":"BuiltIn","mode":"Indexed","description":"Audit
that ''email notification to admins and subscription owners'' is enabled in
the SQL managed instance advanced threat protection settings. This ensures
that any detections of anomalous activities on SQL managed instance are reported
as soon as possible to the admins.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","type":"Microsoft.Authorization/policyDefinitions","name":"aeb23562-188d-47cb-80b8-551f16ef9fff"},{"properties":{"displayName":"Monitor
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","type":"Microsoft.Authorization/policyDefinitions","name":"aeb23562-188d-47cb-80b8-551f16ef9fff"},{"properties":{"displayName":"Microsoft
+ Managed Control 1413 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1413"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aeedddb6-6bc0-42d5-809b-80048033419d","type":"Microsoft.Authorization/policyDefinitions","name":"aeedddb6-6bc0-42d5-809b-80048033419d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1710 - Security Function Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1710"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/af2a93c8-e6dd-4c94-acdd-4a2eedfc478e","type":"Microsoft.Authorization/policyDefinitions","name":"af2a93c8-e6dd-4c94-acdd-4a2eedfc478e"},{"properties":{"displayName":"Monitor
missing Endpoint Protection in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Servers
without an installed Endpoint Protection agent will be monitored by Azure
Security Center as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -6777,22 +11895,50 @@ interactions:
Security Center as recommendations. This policy is deprecated and replaced
by the following policy: ''Auditing should be enabled on advanced data security
settings on SQL Server''","metadata":{"category":"Security Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"auditing","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d","type":"Microsoft.Authorization/policyDefinitions","name":"af8051bf-258b-44e2-a2bf-165330459f9d"},{"properties":{"displayName":"Activity
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"auditing","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d","type":"Microsoft.Authorization/policyDefinitions","name":"af8051bf-258b-44e2-a2bf-165330459f9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1645 - Cryptographic Key Establishment And Management | Symmetric
+ Keys","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1645"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/afbd0baf-ff1a-4447-a86f-088a97347c0c","type":"Microsoft.Authorization/policyDefinitions","name":"afbd0baf-ff1a-4447-a86f-088a97347c0c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1725 - Error Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1725"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/afc234b5-456b-4aa5-b3e2-ce89108124cc","type":"Microsoft.Authorization/policyDefinitions","name":"afc234b5-456b-4aa5-b3e2-ce89108124cc"},{"properties":{"displayName":"Activity
log should be retained for at least one year","policyType":"BuiltIn","mode":"All","description":"This
policy audits the activity log if the retention is not set for 365 days or
forever (retention days set to 0).","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"true"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"365"}]},{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"false"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"0"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","type":"Microsoft.Authorization/policyDefinitions","name":"b02aacc0-b073-424e-8298-42b22829ee0a"},{"properties":{"displayName":"Just-In-Time
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"true"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"365"}]},{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"false"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"0"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","type":"Microsoft.Authorization/policyDefinitions","name":"b02aacc0-b073-424e-8298-42b22829ee0a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1429 - Media Marking","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1429"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b07c9b24-729e-4e85-95fc-f224d2d08a80","type":"Microsoft.Authorization/policyDefinitions","name":"b07c9b24-729e-4e85-95fc-f224d2d08a80"},{"properties":{"displayName":"Microsoft
+ Managed Control 1711 - Security Function Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1711"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b083a535-a66a-41ec-ba7f-f9498bf67cde","type":"Microsoft.Authorization/policyDefinitions","name":"b083a535-a66a-41ec-ba7f-f9498bf67cde"},{"properties":{"displayName":"Just-In-Time
network access control should be applied on virtual machines","policyType":"BuiltIn","mode":"All","description":"Possible
network Just In Time (JIT) access will be monitored by Azure Security Center
as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"jitNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","type":"Microsoft.Authorization/policyDefinitions","name":"b0f33259-77d7-4c9e-aac6-3aabcfae693c"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"jitNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","type":"Microsoft.Authorization/policyDefinitions","name":"b0f33259-77d7-4c9e-aac6-3aabcfae693c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1571 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1571"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b11c985b-f2cd-4bd7-85f4-b52426edf905","type":"Microsoft.Authorization/policyDefinitions","name":"b11c985b-f2cd-4bd7-85f4-b52426edf905"},{"properties":{"displayName":"[Preview]:
Show audit results from Linux VMs that do not have the passwd file permissions
set to 0644","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Linux
virtual machines that do not have the passwd file permissions set to 0644.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","type":"Microsoft.Authorization/policyDefinitions","name":"b18175dd-c599-4c64-83ba-bb018a06d35b"},{"properties":{"displayName":"All
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","type":"Microsoft.Authorization/policyDefinitions","name":"b18175dd-c599-4c64-83ba-bb018a06d35b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1537 - Risk Assessment Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1537"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b19454ca-0d70-42c0-acf5-ea1c1e5726d1","type":"Microsoft.Authorization/policyDefinitions","name":"b19454ca-0d70-42c0-acf5-ea1c1e5726d1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1091 - Security Awareness Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1091"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b23bd715-5d1c-4e5c-9759-9cbdf79ded9d","type":"Microsoft.Authorization/policyDefinitions","name":"b23bd715-5d1c-4e5c-9759-9cbdf79ded9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1078 - Use Of External Information Systems | Limits On Authorized
+ Use","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1078"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b25faf85-8a16-4f28-8e15-d05c0072d64d","type":"Microsoft.Authorization/policyDefinitions","name":"b25faf85-8a16-4f28-8e15-d05c0072d64d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1009 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1009"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b26f8610-e615-47c2-abd6-c00b2b0b503a","type":"Microsoft.Authorization/policyDefinitions","name":"b26f8610-e615-47c2-abd6-c00b2b0b503a"},{"properties":{"displayName":"All
authorization rules except RootManageSharedAccessKey should be removed from
Event Hub namespace","policyType":"BuiltIn","mode":"All","description":"Event
Hub clients should not use a namespace level access policy that provides access
@@ -6800,7 +11946,13 @@ interactions:
security model, you shoud create access policies at the entity level for queues
and topics to provide access to only the specific entity","metadata":{"category":"Event
Hub"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.EventHub/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","type":"Microsoft.Authorization/policyDefinitions","name":"b278e460-7cfc-4451-8294-cccc40a940d7"},{"properties":{"displayName":"Deploy
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.EventHub/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","type":"Microsoft.Authorization/policyDefinitions","name":"b278e460-7cfc-4451-8294-cccc40a940d7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1234 - Software Usage Restrictions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1234"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b293f881-361c-47ed-b997-bc4e2296bc0b","type":"Microsoft.Authorization/policyDefinitions","name":"b293f881-361c-47ed-b997-bc4e2296bc0b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1107 - Content Of Audit Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1107"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b29ed931-8e21-4779-8458-27916122a904","type":"Microsoft.Authorization/policyDefinitions","name":"b29ed931-8e21-4779-8458-27916122a904"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows web servers that are not using secure communication
protocols","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Windows web servers that
@@ -6827,14 +11979,29 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''System Audit Policies - Logon-Logoff''. For more information on
Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesLogonLogoff","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b3802d79-dd88-4bce-b81d-780218e48280","type":"Microsoft.Authorization/policyDefinitions","name":"b3802d79-dd88-4bce-b81d-780218e48280"},{"properties":{"displayName":"Diagnostic
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesLogonLogoff","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b3802d79-dd88-4bce-b81d-780218e48280","type":"Microsoft.Authorization/policyDefinitions","name":"b3802d79-dd88-4bce-b81d-780218e48280"},{"properties":{"displayName":"Microsoft
+ Managed Control 1041 - Least Privilege | Privilege Levels For Code Execution","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1041"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b3d8d15b-627a-4219-8c96-4d16f788888b","type":"Microsoft.Authorization/policyDefinitions","name":"b3d8d15b-627a-4219-8c96-4d16f788888b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1380 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1380"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4319b7e-ea8d-42ff-8a67-ccd462972827","type":"Microsoft.Authorization/policyDefinitions","name":"b4319b7e-ea8d-42ff-8a67-ccd462972827"},{"properties":{"displayName":"Diagnostic
logs in Search services should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Search"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","type":"Microsoft.Authorization/policyDefinitions","name":"b4330a05-a843-4bc8-bf9a-cacce50c67f4"},{"properties":{"displayName":"[Deprecated]:
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","type":"Microsoft.Authorization/policyDefinitions","name":"b4330a05-a843-4bc8-bf9a-cacce50c67f4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1172 - Internal System Connections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1172"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b43e946e-a4c8-4b92-8201-4a39331db43c","type":"Microsoft.Authorization/policyDefinitions","name":"b43e946e-a4c8-4b92-8201-4a39331db43c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1672 - Flaw Remediation | Central Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1672"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b45fe972-904e-45a4-ac20-673ba027a301","type":"Microsoft.Authorization/policyDefinitions","name":"b45fe972-904e-45a4-ac20-673ba027a301"},{"properties":{"displayName":"Microsoft
+ Managed Control 1131 - Protection Of Audit Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1131"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b472a17e-c2bc-493f-b50b-42d55a346962","type":"Microsoft.Authorization/policyDefinitions","name":"b472a17e-c2bc-493f-b50b-42d55a346962"},{"properties":{"displayName":"[Deprecated]:
Audit Web Sockets state for an API App","policyType":"BuiltIn","mode":"All","description":"The
Web Sockets protocol is vulnerable to different types of security threats.
Use of Web Sockets within an API app must be carefully reviewed.","metadata":{"category":"Security
@@ -6843,7 +12010,10 @@ interactions:
security contact phone number should be provided for your subscription","policyType":"BuiltIn","mode":"All","description":"Enter
a phone number to receive notifications when Azure Security Center detects
compromised resources","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/phone","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","type":"Microsoft.Authorization/policyDefinitions","name":"b4d66858-c922-44e3-9566-5cdb7a7be744"},{"properties":{"displayName":"Service
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/phone","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","type":"Microsoft.Authorization/policyDefinitions","name":"b4d66858-c922-44e3-9566-5cdb7a7be744"},{"properties":{"displayName":"Microsoft
+ Managed Control 1286 - Telecommunications Services | Provider Contingency
+ Plan","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1286"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4f9b47a-2116-4e6f-88db-4edbf22753f1","type":"Microsoft.Authorization/policyDefinitions","name":"b4f9b47a-2116-4e6f-88db-4edbf22753f1"},{"properties":{"displayName":"Service
Fabric clusters should only use Azure Active Directory for client authentication","policyType":"BuiltIn","mode":"Indexed","description":"Audit
usage of client authentication only via Azure Active Directory in Service
Fabric","metadata":{"category":"Service Fabric"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -6851,20 +12021,34 @@ interactions:
Advanced Threat Protection for Cosmos DB Accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
policy enables Advanced Threat Protection across Cosmos DB accounts.","metadata":{"category":"Cosmos
DB"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"cosmosDbAccountName":{"type":"string"}},"resources":[{"apiVersion":"2017-08-01-preview","type":"Microsoft.DocumentDB/databaseAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''cosmosDbAccountName''),
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"cosmosDbAccountName":{"type":"string"}},"resources":[{"apiVersion":"2019-01-01","type":"Microsoft.DocumentDB/databaseAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''cosmosDbAccountName''),
''/Microsoft.Security/current'')]","properties":{"isEnabled":true}}]},"parameters":{"cosmosDbAccountName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656","type":"Microsoft.Authorization/policyDefinitions","name":"b5f04e03-92a3-4b09-9410-2cc5e5047656"},{"properties":{"displayName":"Diagnostic
logs in App Services should be enabled","policyType":"BuiltIn","mode":"All","description":"Audit
enabling of diagnostic logs on the app. This enables you to recreate activity
trails for investigation purposes if a security incident occurs or your network
is compromised","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","notContains":"functionapp"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"allOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","type":"Microsoft.Authorization/policyDefinitions","name":"b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0"},{"properties":{"displayName":"Network
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","notContains":"functionapp"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"allOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","type":"Microsoft.Authorization/policyDefinitions","name":"b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1419 - Nonlocal Maintenance | Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1419"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6747bf9-2b97-45b8-b162-3c8becb9937d","type":"Microsoft.Authorization/policyDefinitions","name":"b6747bf9-2b97-45b8-b162-3c8becb9937d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1301 - Identification And Authentication (Org. Users) | Network
+ Access To Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1301"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08","type":"Microsoft.Authorization/policyDefinitions","name":"b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08"},{"properties":{"displayName":"Microsoft
+ Managed Control 1568 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1568"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6a8eae8-9854-495a-ac82-d2cd3eac02a6","type":"Microsoft.Authorization/policyDefinitions","name":"b6a8eae8-9854-495a-ac82-d2cd3eac02a6"},{"properties":{"displayName":"Network
Watcher should be enabled","policyType":"BuiltIn","mode":"All","description":"Network
Watcher is a regional service that enables you to monitor and diagnose conditions
at a network scenario level in, to, and from Azure. Scenario level monitoring
enables you to diagnose problems at an end to end network level view. Network
diagnostic and visualization tools available with Network Watcher help you
understand, diagnose, and gain insights to your network in Azure.","metadata":{"category":"Network"},"parameters":{"listOfLocations":{"type":"Array","metadata":{"displayName":"Locations","description":"Audit
- if Network Watcher is not enabled for region(s).","strongType":"location"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Network/networkWatchers","resourceGroupName":"NetworkWatcherRG","existenceCondition":{"field":"location","in":"[parameters(''listOfLocations'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","type":"Microsoft.Authorization/policyDefinitions","name":"b6e2945c-0b7b-40f5-9233-7a5323b5cdc6"},{"properties":{"displayName":"API
+ if Network Watcher is not enabled for region(s).","strongType":"location"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Network/networkWatchers","resourceGroupName":"NetworkWatcherRG","existenceCondition":{"field":"location","in":"[parameters(''listOfLocations'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","type":"Microsoft.Authorization/policyDefinitions","name":"b6e2945c-0b7b-40f5-9233-7a5323b5cdc6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1608 - Supply Chain Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1608"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b73b7b3b-677c-4a2a-b949-ad4dc4acd89f","type":"Microsoft.Authorization/policyDefinitions","name":"b73b7b3b-677c-4a2a-b949-ad4dc4acd89f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1401 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1401"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b78ee928-e3c1-4569-ad97-9f8c4b629847","type":"Microsoft.Authorization/policyDefinitions","name":"b78ee928-e3c1-4569-ad97-9f8c4b629847"},{"properties":{"displayName":"API
App should only be accessible over HTTPS","policyType":"BuiltIn","mode":"Indexed","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -6894,7 +12078,37 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Security
Options - Accounts''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAccounts","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b872a447-cc6f-43b9-bccf-45703cd81607","type":"Microsoft.Authorization/policyDefinitions","name":"b872a447-cc6f-43b9-bccf-45703cd81607"},{"properties":{"displayName":"[Preview]:
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAccounts","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b872a447-cc6f-43b9-bccf-45703cd81607","type":"Microsoft.Authorization/policyDefinitions","name":"b872a447-cc6f-43b9-bccf-45703cd81607"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Logic Apps to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Logic Apps to stream to a regional Log Analytics
+ workspace when any Logic Apps which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Logic/workflows/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"WorkflowRuntime","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721","type":"Microsoft.Authorization/policyDefinitions","name":"b889a06c-ec72-4b03-910a-cb169ee18721"},{"properties":{"displayName":"Microsoft
+ Managed Control 1257 - Contingency Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1257"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b958b241-4245-4bd6-bd2d-b8f0779fb543","type":"Microsoft.Authorization/policyDefinitions","name":"b958b241-4245-4bd6-bd2d-b8f0779fb543"},{"properties":{"displayName":"Microsoft
+ Managed Control 1186 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1186"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b95ba3bd-4ded-49ea-9d10-c6f4b680813d","type":"Microsoft.Authorization/policyDefinitions","name":"b95ba3bd-4ded-49ea-9d10-c6f4b680813d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1447 - Physical Access Authorizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1447"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b9783a99-98fe-4a95-873f-29613309fe9a","type":"Microsoft.Authorization/policyDefinitions","name":"b9783a99-98fe-4a95-873f-29613309fe9a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1625 - Boundary Protection | Access Points","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1625"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b9b66a4d-70a1-4b47-8fa1-289cec68c605","type":"Microsoft.Authorization/policyDefinitions","name":"b9b66a4d-70a1-4b47-8fa1-289cec68c605"},{"properties":{"displayName":"Microsoft
+ Managed Control 1610 - Development Process, Standards, And Tools","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1610"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b9f3fb54-4222-46a1-a308-4874061f8491","type":"Microsoft.Authorization/policyDefinitions","name":"b9f3fb54-4222-46a1-a308-4874061f8491"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Recovery console''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -6902,7 +12116,23 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - Recovery console''. For more information on
Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsRecoveryconsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b","type":"Microsoft.Authorization/policyDefinitions","name":"ba12366f-f9a6-42b8-9d98-157d0b1a837b"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsRecoveryconsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b","type":"Microsoft.Authorization/policyDefinitions","name":"ba12366f-f9a6-42b8-9d98-157d0b1a837b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1606 - Developer Security Testing And Evaluation | Threat
+ And Vulnerability Analyses","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1606"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca","type":"Microsoft.Authorization/policyDefinitions","name":"baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1726 - Information Handling And Retention","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1726"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/baff1279-05e0-4463-9a70-8ba5de4c7aa4","type":"Microsoft.Authorization/policyDefinitions","name":"baff1279-05e0-4463-9a70-8ba5de4c7aa4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1166 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1166"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bb02733d-3cc5-4bb0-a6cd-695ba2c2272e","type":"Microsoft.Authorization/policyDefinitions","name":"bb02733d-3cc5-4bb0-a6cd-695ba2c2272e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1188 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1188"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bb20548a-c926-4e4d-855c-bcddc6faf95e","type":"Microsoft.Authorization/policyDefinitions","name":"bb20548a-c926-4e4d-855c-bcddc6faf95e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1533 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1533"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bba2a036-fb3b-4261-b1be-a13dfb5fbcaa","type":"Microsoft.Authorization/policyDefinitions","name":"bba2a036-fb3b-4261-b1be-a13dfb5fbcaa"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Microsoft Network Client''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -6951,7 +12181,14 @@ interactions:
the latest supported Python version for the latest security classes. Using
older classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPython","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644","type":"Microsoft.Authorization/policyDefinitions","name":"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPython","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644","type":"Microsoft.Authorization/policyDefinitions","name":"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644"},{"properties":{"displayName":"Microsoft
+ Managed Control 1194 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1194"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc34667f-397e-4a65-9b72-d0358f0b6b09","type":"Microsoft.Authorization/policyDefinitions","name":"bc34667f-397e-4a65-9b72-d0358f0b6b09"},{"properties":{"displayName":"Microsoft
+ Managed Control 1095 - Role-Based Security Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1095"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc3f6f7a-057b-433e-9834-e8c97b0194f6","type":"Microsoft.Authorization/policyDefinitions","name":"bc3f6f7a-057b-433e-9834-e8c97b0194f6"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Account Logon''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -6959,7 +12196,16 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''System Audit Policies - Account Logon''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesAccountLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc87d811-4a9b-47cc-ae54-0a41abda7768","type":"Microsoft.Authorization/policyDefinitions","name":"bc87d811-4a9b-47cc-ae54-0a41abda7768"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesAccountLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc87d811-4a9b-47cc-ae54-0a41abda7768","type":"Microsoft.Authorization/policyDefinitions","name":"bc87d811-4a9b-47cc-ae54-0a41abda7768"},{"properties":{"displayName":"Microsoft
+ Managed Control 1427 - Media Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1427"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc90e44f-d83f-4bdf-900f-3d5eb4111b31","type":"Microsoft.Authorization/policyDefinitions","name":"bc90e44f-d83f-4bdf-900f-3d5eb4111b31"},{"properties":{"displayName":"Microsoft
+ Managed Control 1351 - Incident Response Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1351"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bcfb6683-05e5-4ce6-9723-c3fbe9896bdd","type":"Microsoft.Authorization/policyDefinitions","name":"bcfb6683-05e5-4ce6-9723-c3fbe9896bdd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1050 - Concurrent Session Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1050"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bd20184c-b4ec-4ce5-8db6-6e86352d183f","type":"Microsoft.Authorization/policyDefinitions","name":"bd20184c-b4ec-4ce5-8db6-6e86352d183f"},{"properties":{"displayName":"[Preview]:
IP Forwarding on your virtual machine should be disabled","policyType":"BuiltIn","mode":"All","description":"Enabling
IP forwarding on a virtual machine''s NIC allows the machine to receive traffic
addressed to other destinations. IP forwarding is rarely required (e.g., when
@@ -6984,7 +12230,38 @@ interactions:
the latest supported Java version for the latest security classes. Using older
classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6","type":"Microsoft.Authorization/policyDefinitions","name":"be0a7681-bed4-48dc-9ff3-f0171ee170b6"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6","type":"Microsoft.Authorization/policyDefinitions","name":"be0a7681-bed4-48dc-9ff3-f0171ee170b6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1360 - Incident Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1360"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/be5b05e7-0b82-4ebc-9eda-25e447b1a41e","type":"Microsoft.Authorization/policyDefinitions","name":"be5b05e7-0b82-4ebc-9eda-25e447b1a41e"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Key Vault to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Key Vault to stream to a regional Log Analytics
+ workspace when any Key Vault which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.KeyVault/vaults/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"AuditEvent","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47","type":"Microsoft.Authorization/policyDefinitions","name":"bef3f64c-5290-43b7-85b0-9b254eef4c47"},{"properties":{"displayName":"Microsoft
+ Managed Control 1152 - System Interconnections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1152"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/beff0acf-7e67-40b2-b1ca-1a0e8205cf1b","type":"Microsoft.Authorization/policyDefinitions","name":"beff0acf-7e67-40b2-b1ca-1a0e8205cf1b"},{"properties":{"displayName":"Geo-redundant
+ storage should be enabled for Storage Accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Storage Account with geo-redundant storage not enabled.","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":["Standard_GRS","Standard_RAGRS","Standard_GZRS","Standard_RAGZRS"]}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bf045164-79ba-4215-8f95-f8048dc1780b","type":"Microsoft.Authorization/policyDefinitions","name":"bf045164-79ba-4215-8f95-f8048dc1780b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1590 - External Information System Services | Risk Assessments
+ / Organizational Approvals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1590"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bf296b8c-f391-4ea4-9198-be3c9d39dd1f","type":"Microsoft.Authorization/policyDefinitions","name":"bf296b8c-f391-4ea4-9198-be3c9d39dd1f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1446 - Physical And Environmental Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1446"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bf6850fe-abba-468e-9ef4-d09ec7d983cd","type":"Microsoft.Authorization/policyDefinitions","name":"bf6850fe-abba-468e-9ef4-d09ec7d983cd"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - Logon-Logoff''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -7005,7 +12282,41 @@ interactions:
policy governs the virtual machine extensions that are not approved.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"approvedExtensions":{"type":"Array","metadata":{"description":"The
list of approved extension types that can be installed. Example: AzureDiskEncryption","displayName":"Approved
- extensions"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines/extensions"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","notIn":"[parameters(''approvedExtensions'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432","type":"Microsoft.Authorization/policyDefinitions","name":"c0e996f8-39cf-4af9-9f45-83fbde810432"},{"properties":{"displayName":"[Deprecated]:
+ extensions"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines/extensions"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","notIn":"[parameters(''approvedExtensions'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432","type":"Microsoft.Authorization/policyDefinitions","name":"c0e996f8-39cf-4af9-9f45-83fbde810432"},{"properties":{"displayName":"Microsoft
+ Managed Control 1124 - Audit Reduction And Report Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1124"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c10152dd-78f8-4335-ae2d-ad92cc028da4","type":"Microsoft.Authorization/policyDefinitions","name":"c10152dd-78f8-4335-ae2d-ad92cc028da4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1676 - Malicious Code Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1676"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c10fb58b-56a8-489e-9ce3-7ffe24e78e4b","type":"Microsoft.Authorization/policyDefinitions","name":"c10fb58b-56a8-489e-9ce3-7ffe24e78e4b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1719 - Spam Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1719"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c13da9b4-fe14-4fe2-853a-5997c9d4215a","type":"Microsoft.Authorization/policyDefinitions","name":"c13da9b4-fe14-4fe2-853a-5997c9d4215a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1226 - Information System Component Inventory | Automated
+ Unauthorized Component Detection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1226"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c158eb1c-ae7e-4081-8057-d527140c4e0c","type":"Microsoft.Authorization/policyDefinitions","name":"c158eb1c-ae7e-4081-8057-d527140c4e0c"},{"properties":{"displayName":"Deploy
+ associations for a custom provider","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ an association resource that associates selected resource types to the specified
+ custom provider. This policy deployment does not support nested resource types.","metadata":{"category":"Custom
+ Provider"},"parameters":{"targetCustomProviderId":{"type":"String","metadata":{"displayName":"Custom
+ provider Id","description":"Resource ID of the Custom provider to which resources
+ need to be associated."}},"resourceTypesToAssociate":{"type":"Array","metadata":{"displayName":"Resource
+ types to associate","description":"The list of resource types to be associated
+ to the custom provider.","strongType":"resourceTypes"}},"associationNamePrefix":{"type":"String","metadata":{"displayName":"Association
+ name prefix","description":"Prefix to be added to the name of the association
+ resource being created."},"defaultValue":"DeployedByPolicy"}},"policyRule":{"if":{"field":"type","in":"[parameters(''resourceTypesToAssociate'')]"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.CustomProviders/Associations","name":"[concat(parameters(''associationNamePrefix''),
+ ''-'', uniqueString(parameters(''targetCustomProviderId'')))]","roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"associatedResourceName":{"type":"string"},"resourceTypesToAssociate":{"type":"string"},"targetCustomProviderId":{"type":"string"},"associationNamePrefix":{"type":"string"}},"variables":{"resourceType":"[concat(parameters(''resourceTypesToAssociate''),
+ ''/providers/associations'')]","resourceName":"[concat(parameters(''associatedResourceName''),
+ ''/microsoft.customproviders/'', parameters(''associationNamePrefix''), ''-'',
+ uniqueString(parameters(''targetCustomProviderId'')))]"},"resources":[{"type":"Microsoft.Resources/deployments","apiVersion":"2017-05-10","name":"[concat(deployment().Name,
+ ''-2'')]","properties":{"mode":"Incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[{"type":"[variables(''resourceType'')]","name":"[variables(''resourceName'')]","apiVersion":"2018-09-01-preview","properties":{"targetResourceId":"[parameters(''targetCustomProviderId'')]"}}]}}}]},"parameters":{"resourceTypesToAssociate":{"value":"[field(''type'')]"},"associatedResourceName":{"value":"[field(''name'')]"},"targetCustomProviderId":{"value":"[parameters(''targetCustomProviderId'')]"},"associationNamePrefix":{"value":"[parameters(''associationNamePrefix'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c15c281f-ea5c-44cd-90b8-fc3c14d13f0c","type":"Microsoft.Authorization/policyDefinitions","name":"c15c281f-ea5c-44cd-90b8-fc3c14d13f0c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1629 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1629"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c171b095-7756-41de-8644-a062a96043f2","type":"Microsoft.Authorization/policyDefinitions","name":"c171b095-7756-41de-8644-a062a96043f2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1004 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1004"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c17822dc-736f-4eb4-a97d-e6be662ff835","type":"Microsoft.Authorization/policyDefinitions","name":"c17822dc-736f-4eb4-a97d-e6be662ff835"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation only in Asia data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation in the following locations only: East Asia, Southeast Asia,
West India, South India, Central India, Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["eastasia","southeastasia","westindia","southindia","centralindia","japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94","type":"Microsoft.Authorization/policyDefinitions","name":"c1b9cbed-08e3-427d-b9ce-7c535b1e9b94"},{"properties":{"displayName":"[Preview]:
@@ -7027,7 +12338,9 @@ interactions:
Credential Validation;ExpectedValue'', ''='', parameters(''AuditCredentialValidation'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesAccountLogon"},"AuditCredentialValidation":{"value":"[parameters(''AuditCredentialValidation'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AuditCredentialValidation":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit
Credential Validation;ExpectedValue","value":"[parameters(''AuditCredentialValidation'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1e289c0-ffad-475d-a924-adc058765d65","type":"Microsoft.Authorization/policyDefinitions","name":"c1e289c0-ffad-475d-a924-adc058765d65"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1e289c0-ffad-475d-a924-adc058765d65","type":"Microsoft.Authorization/policyDefinitions","name":"c1e289c0-ffad-475d-a924-adc058765d65"},{"properties":{"displayName":"Microsoft
+ Managed Control 1503 - Information Security Architecture","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1503"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1fa9c2f-d439-4ab9-8b83-81fb1934f81d","type":"Microsoft.Authorization/policyDefinitions","name":"c1fa9c2f-d439-4ab9-8b83-81fb1934f81d"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that are not set to the specified time
zone","policyType":"BuiltIn","mode":"Indexed","description":"This policy creates
a Guest Configuration assignment to audit Windows virtual machines that are
@@ -7102,7 +12415,24 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines on which the specified services are not installed and ''Running''.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsServiceStatus","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a","type":"Microsoft.Authorization/policyDefinitions","name":"c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a"},{"properties":{"displayName":"System
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsServiceStatus","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a","type":"Microsoft.Authorization/policyDefinitions","name":"c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a"},{"properties":{"displayName":"Ensure
+ that ''.Net Framework'' version is the latest, if used as a part of the API
+ app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for .Net Framework software either due to security
+ flaws or to include additional functionality. Using the latest .Net framework
+ version for web apps is recommended in order to to take advantage of security
+ fixes, if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.netFrameworkVersion","in":["v3.0","v4.0"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c2e7ca55-f62c-49b2-89a4-d41eb661d2f0","type":"Microsoft.Authorization/policyDefinitions","name":"c2e7ca55-f62c-49b2-89a4-d41eb661d2f0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1176 - Baseline Configuration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1176"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c30690a5-7bf3-467f-b0cd-ef5c7c7449cd","type":"Microsoft.Authorization/policyDefinitions","name":"c30690a5-7bf3-467f-b0cd-ef5c7c7449cd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1389 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1389"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c39e6fda-ae70-4891-a739-be7bba6d1062","type":"Microsoft.Authorization/policyDefinitions","name":"c39e6fda-ae70-4891-a739-be7bba6d1062"},{"properties":{"displayName":"Microsoft
+ Managed Control 1390 - Information Spillage Response | Responsible Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1390"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c3b65b63-09ec-4cb5-8028-7dd324d10eb0","type":"Microsoft.Authorization/policyDefinitions","name":"c3b65b63-09ec-4cb5-8028-7dd324d10eb0"},{"properties":{"displayName":"System
updates on virtual machine scale sets should be installed","policyType":"BuiltIn","mode":"Indexed","description":"Audit
whether there are any missing system security updates and critical updates
that should be installed to ensure that your Windows and Linux virtual machine
@@ -7114,6 +12444,13 @@ interactions:
auditing Linux virtual machines that have accounts without passwords. For
more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid232","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","type":"Microsoft.Authorization/policyDefinitions","name":"c40c9087-1981-4e73-9f53-39743eda9d05"},{"properties":{"displayName":"Microsoft
+ Managed Control 1220 - Least Functionality | Authorized Software / Whitelisting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1220"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c40f31a7-81e1-4130-99e5-a02ceea2a1d6","type":"Microsoft.Authorization/policyDefinitions","name":"c40f31a7-81e1-4130-99e5-a02ceea2a1d6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1513 - Personnel Screening | Information With Special Protection
+ Measures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1513"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c416970d-b12b-49eb-8af4-fb144cd7c290","type":"Microsoft.Authorization/policyDefinitions","name":"c416970d-b12b-49eb-8af4-fb144cd7c290"},{"properties":{"displayName":"Microsoft
Antimalware for Azure should be configured to automatically update protection
signatures","policyType":"BuiltIn","mode":"Indexed","description":"This policy
audits any Windows virtual machine not configured with automatic update of
@@ -7122,7 +12459,22 @@ interactions:
Container Registry should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Container Registry not configured to use a virtual network
service endpoint.","metadata":{"category":"Network","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerRegistry/registries"},{"anyOf":[{"field":"Microsoft.ContainerRegistry/registries/networkRuleSet.defaultAction","notEquals":"Deny"},{"field":"Microsoft.ContainerRegistry/registries/networkRuleSet.virtualNetworkRules[*].action","exists":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c4857be7-912a-4c75-87e6-e30292bcdf78","type":"Microsoft.Authorization/policyDefinitions","name":"c4857be7-912a-4c75-87e6-e30292bcdf78"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerRegistry/registries"},{"anyOf":[{"field":"Microsoft.ContainerRegistry/registries/networkRuleSet.defaultAction","notEquals":"Deny"},{"field":"Microsoft.ContainerRegistry/registries/networkRuleSet.virtualNetworkRules[*].action","exists":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c4857be7-912a-4c75-87e6-e30292bcdf78","type":"Microsoft.Authorization/policyDefinitions","name":"c4857be7-912a-4c75-87e6-e30292bcdf78"},{"properties":{"displayName":"Microsoft
+ Managed Control 1235 - Software Usage Restrictions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1235"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c49c610b-ece4-44b3-988c-2172b70d6e46","type":"Microsoft.Authorization/policyDefinitions","name":"c49c610b-ece4-44b3-988c-2172b70d6e46"},{"properties":{"displayName":"Microsoft
+ Managed Control 1173 - Internal System Connections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1173"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c4aff9e7-2e60-46fa-86be-506b79033fc5","type":"Microsoft.Authorization/policyDefinitions","name":"c4aff9e7-2e60-46fa-86be-506b79033fc5"},{"properties":{"displayName":"Managed
+ identity should be used in your API App","policyType":"BuiltIn","mode":"Indexed","description":"Use
+ a managed identity for enhanced authentication security","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","type":"Microsoft.Authorization/policyDefinitions","name":"c4d441f8-f9d9-4a9e-9cef-e82117cb3eef"},{"properties":{"displayName":"Microsoft
+ Managed Control 1600 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1600"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c53f3123-d233-44a7-930b-f40d3bfeb7d6","type":"Microsoft.Authorization/policyDefinitions","name":"c53f3123-d233-44a7-930b-f40d3bfeb7d6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1408 - Maintenance Tools | Prevent Unauthorized Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1408"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c5f56ac6-4bb2-4086-bc41-ad76344ba2c2","type":"Microsoft.Authorization/policyDefinitions","name":"c5f56ac6-4bb2-4086-bc41-ad76344ba2c2"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that contain certificates expiring
within the specified number of days","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -7163,19 +12515,60 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateStorePath","value":"[parameters(''CertificateStorePath'')]"},{"name":"[CertificateStore]CertificateStore1;ExpirationLimitInDays","value":"[parameters(''ExpirationLimitInDays'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprintsToInclude'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToExclude","value":"[parameters(''CertificateThumbprintsToExclude'')]"},{"name":"[CertificateStore]CertificateStore1;IncludeExpiredCertificates","value":"[parameters(''IncludeExpiredCertificates'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c5fbc59e-fb6f-494f-81e2-d99a671bdaa8","type":"Microsoft.Authorization/policyDefinitions","name":"c5fbc59e-fb6f-494f-81e2-d99a671bdaa8"},{"properties":{"displayName":"Email
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c5fbc59e-fb6f-494f-81e2-d99a671bdaa8","type":"Microsoft.Authorization/policyDefinitions","name":"c5fbc59e-fb6f-494f-81e2-d99a671bdaa8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1670 - Flaw Remediation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1670"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c6108469-57ee-4666-af7e-79ba61c7ae0c","type":"Microsoft.Authorization/policyDefinitions","name":"c6108469-57ee-4666-af7e-79ba61c7ae0c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1190 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1190"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c66a3d1e-465b-4f28-9da5-aef701b59892","type":"Microsoft.Authorization/policyDefinitions","name":"c66a3d1e-465b-4f28-9da5-aef701b59892"},{"properties":{"displayName":"Microsoft
+ Managed Control 1120 - Audit Review, Analysis, And Reporting | Integration
+ / Scanning And Monitoring Capabilities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1120"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c69b870e-857b-458b-af02-bb234f7a00d3","type":"Microsoft.Authorization/policyDefinitions","name":"c69b870e-857b-458b-af02-bb234f7a00d3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1125 - Audit Reduction And Report Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1125"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c6ce745a-670e-47d3-a6c4-3cfe5ef00c10","type":"Microsoft.Authorization/policyDefinitions","name":"c6ce745a-670e-47d3-a6c4-3cfe5ef00c10"},{"properties":{"displayName":"Microsoft
+ Managed Control 1619 - Information In Shared Resources","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1619"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c722e569-cb52-45f3-a643-836547d016e1","type":"Microsoft.Authorization/policyDefinitions","name":"c722e569-cb52-45f3-a643-836547d016e1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1121 - Audit Review, Analysis, And Reporting | Correlation
+ With Physical Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1121"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c72b0eb9-1fc2-44e5-a866-e7cb0532f7c1","type":"Microsoft.Authorization/policyDefinitions","name":"c72b0eb9-1fc2-44e5-a866-e7cb0532f7c1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1353 - Incident Response Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1353"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c785ad59-f78f-44ad-9a7f-d1202318c748","type":"Microsoft.Authorization/policyDefinitions","name":"c785ad59-f78f-44ad-9a7f-d1202318c748"},{"properties":{"displayName":"Email
notifications to admins and subscription owners should be enabled in SQL server
advanced data security settings","policyType":"BuiltIn","mode":"Indexed","description":"Audit
that ''email notification to admins and subscription owners'' is enabled in
the SQL server advanced threat protection settings. This ensures that any
detections of anomalous activities on SQL server are reported as soon as possible
to the admins.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","type":"Microsoft.Authorization/policyDefinitions","name":"c8343d2f-fdc9-4a97-b76f-fc71d1163bfc"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","type":"Microsoft.Authorization/policyDefinitions","name":"c8343d2f-fdc9-4a97-b76f-fc71d1163bfc"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Batch Account to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Batch Account to stream to a regional Log Analytics
+ workspace when any Batch Account which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Batch/batchAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Batch/batchAccounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ServiceLog","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5","type":"Microsoft.Authorization/policyDefinitions","name":"c84e5349-db6d-4769-805e-e14037dab9b5"},{"properties":{"displayName":"[Deprecated]:
API App should only be accessible over HTTPS","policyType":"BuiltIn","mode":"All","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"Security
Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForApiApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d","type":"Microsoft.Authorization/policyDefinitions","name":"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForApiApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d","type":"Microsoft.Authorization/policyDefinitions","name":"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1470 - Emergency Shutoff","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1470"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c89ba09f-2e0f-44d0-8095-65b05bd151ef","type":"Microsoft.Authorization/policyDefinitions","name":"c89ba09f-2e0f-44d0-8095-65b05bd151ef"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Interactive Logon''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -7183,7 +12576,10 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - Interactive Logon''. For more information on
Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsInteractiveLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8abcef9-fc26-482f-b8db-5fa60ee4586d","type":"Microsoft.Authorization/policyDefinitions","name":"c8abcef9-fc26-482f-b8db-5fa60ee4586d"},{"properties":{"displayName":"Diagnostic
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsInteractiveLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8abcef9-fc26-482f-b8db-5fa60ee4586d","type":"Microsoft.Authorization/policyDefinitions","name":"c8abcef9-fc26-482f-b8db-5fa60ee4586d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1018 - Account Management | Role-Based Schemes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1018"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c9121abf-e698-4ee9-b1cf-71ee528ff07f","type":"Microsoft.Authorization/policyDefinitions","name":"c9121abf-e698-4ee9-b1cf-71ee528ff07f"},{"properties":{"displayName":"Diagnostic
logs in Data Lake Analytics should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
@@ -7204,13 +12600,13 @@ interactions:
and deploys the VM extension for Guest Configuration. This policy should only
be used along with its corresponding audit policy in an initiative. For more
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPendingReboot"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPendingReboot"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c96f3246-4382-4264-bf6b-af0b35e23c3c","type":"Microsoft.Authorization/policyDefinitions","name":"c96f3246-4382-4264-bf6b-af0b35e23c3c"},{"properties":{"displayName":"Deploy
Diagnostic Settings for Network Security Groups","policyType":"BuiltIn","mode":"Indexed","description":"This
policy automatically deploys diagnostic settings to network security groups.
@@ -7232,11 +12628,30 @@ interactions:
service work as intended, allow the set of trusted Microsoft services to bypass
the network rules. These services will then use strong authentication to access
the storage account.","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","exists":"true"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","notContains":"AzureServices"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","type":"Microsoft.Authorization/policyDefinitions","name":"c9d007d0-c057-4772-b18c-01e546713bcd"},{"properties":{"displayName":"Remote
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","exists":"true"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","notContains":"AzureServices"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","type":"Microsoft.Authorization/policyDefinitions","name":"c9d007d0-c057-4772-b18c-01e546713bcd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1035 - Least Privilege | Authorize Access To Security Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1035"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ca94b046-45e2-444f-a862-dc8ce262a516","type":"Microsoft.Authorization/policyDefinitions","name":"ca94b046-45e2-444f-a862-dc8ce262a516"},{"properties":{"displayName":"Microsoft
+ Managed Control 1243 - Contingency Planning Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1243"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ca9a4469-d6df-4ab2-a42f-1213c396f0ec","type":"Microsoft.Authorization/policyDefinitions","name":"ca9a4469-d6df-4ab2-a42f-1213c396f0ec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1306 - Identification And Authentication (Org. Users) | Net.
+ Access To Priv. Accts. - Replay","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1306"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff","type":"Microsoft.Authorization/policyDefinitions","name":"cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff"},{"properties":{"displayName":"Remote
debugging should be turned off for Web Applications","policyType":"BuiltIn","mode":"Indexed","description":"Remote
debugging requires inbound ports to be opened on a web application. Remote
debugging should be turned off.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","type":"Microsoft.Authorization/policyDefinitions","name":"cb510bfd-1cba-4d9f-a230-cb0976f4bb71"},{"properties":{"displayName":"Show
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","type":"Microsoft.Authorization/policyDefinitions","name":"cb510bfd-1cba-4d9f-a230-cb0976f4bb71"},{"properties":{"displayName":"Microsoft
+ Managed Control 1486 - Alternate Work Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1486"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cb790345-a51f-43de-934e-98dbfaf9dca5","type":"Microsoft.Authorization/policyDefinitions","name":"cb790345-a51f-43de-934e-98dbfaf9dca5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1167 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1167"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cbb2be76-4891-430b-95a7-ca0b0a3d1300","type":"Microsoft.Authorization/policyDefinitions","name":"cbb2be76-4891-430b-95a7-ca0b0a3d1300"},{"properties":{"displayName":"Microsoft
+ Managed Control 1374 - Incident Response Assistance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1374"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cc5c8616-52ef-4e5e-8000-491634ed9249","type":"Microsoft.Authorization/policyDefinitions","name":"cc5c8616-52ef-4e5e-8000-491634ed9249"},{"properties":{"displayName":"Show
audit results from Windows VMs in which the Administrators group does not
contain only the specified members","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -7255,7 +12670,10 @@ interactions:
policy enables you to specify a set of virtual machine SKUs that your organization
can deploy.","metadata":{"category":"Compute"},"parameters":{"listOfAllowedSKUs":{"type":"Array","metadata":{"description":"The
list of SKUs that can be specified for virtual machines.","displayName":"Allowed
- SKUs","strongType":"VMSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"field":"Microsoft.Compute/virtualMachines/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3","type":"Microsoft.Authorization/policyDefinitions","name":"cccc23c7-8427-4f53-ad12-b6a63eb452b3"},{"properties":{"displayName":"Inherit
+ SKUs","strongType":"VMSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"field":"Microsoft.Compute/virtualMachines/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3","type":"Microsoft.Authorization/policyDefinitions","name":"cccc23c7-8427-4f53-ad12-b6a63eb452b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1443 - Media Use","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1443"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd0ec6fa-a2e7-4361-aee4-a8688659a9ed","type":"Microsoft.Authorization/policyDefinitions","name":"cd0ec6fa-a2e7-4361-aee4-a8688659a9ed"},{"properties":{"displayName":"Inherit
a tag from the resource group","policyType":"BuiltIn","mode":"Indexed","description":"Adds
or replaces the specified tag and value from the parent resource group when
any resource is created or updated. Existing resources can be remediated by
@@ -7264,13 +12682,19 @@ interactions:
parameters(''tagName''), '']'')]","notEquals":"[resourceGroup().tags[parameters(''tagName'')]]"},{"value":"[resourceGroup().tags[parameters(''tagName'')]]","notEquals":""}]},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"addOrReplace","field":"[concat(''tags['',
parameters(''tagName''), '']'')]","value":"[resourceGroup().tags[parameters(''tagName'')]]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd3aa116-8754-49c9-a813-ad46512ece54","type":"Microsoft.Authorization/policyDefinitions","name":"cd3aa116-8754-49c9-a813-ad46512ece54"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation if ''department'' tag set","policyType":"BuiltIn","mode":"Indexed","description":"Allows
- resource creation only if the ''department'' tag is set","metadata":{"category":"Tags","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags","containsKey":"department"}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064","type":"Microsoft.Authorization/policyDefinitions","name":"cd8dc879-a2ae-43c3-8211-1877c5755064"},{"properties":{"displayName":"[Preview]:
+ resource creation only if the ''department'' tag is set","metadata":{"category":"Tags","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags","containsKey":"department"}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064","type":"Microsoft.Authorization/policyDefinitions","name":"cd8dc879-a2ae-43c3-8211-1877c5755064"},{"properties":{"displayName":"Microsoft
+ Managed Control 1582 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1582"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd9e2f38-259b-462c-bfad-0ad7ab4e65c5","type":"Microsoft.Authorization/policyDefinitions","name":"cd9e2f38-259b-462c-bfad-0ad7ab4e65c5"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that allow re-use of the previous 24 passwords","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that allow re-use of the previous 24 passwords.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","type":"Microsoft.Authorization/policyDefinitions","name":"cdbf72d9-ac9c-4026-8a3a-491a5ac59293"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","type":"Microsoft.Authorization/policyDefinitions","name":"cdbf72d9-ac9c-4026-8a3a-491a5ac59293"},{"properties":{"displayName":"Microsoft
+ Managed Control 1104 - Audit Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1104"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cdd8d244-18b2-4306-a1d1-df175ae0935f","type":"Microsoft.Authorization/policyDefinitions","name":"cdd8d244-18b2-4306-a1d1-df175ae0935f"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - Privilege Use''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -7281,14 +12705,37 @@ interactions:
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPrivilegeUse","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesPrivilegeUse"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ce2370f6-0ac5-4d85-8ab4-10721cc640b0","type":"Microsoft.Authorization/policyDefinitions","name":"ce2370f6-0ac5-4d85-8ab4-10721cc640b0"},{"properties":{"displayName":"Diagnostic
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ce2370f6-0ac5-4d85-8ab4-10721cc640b0","type":"Microsoft.Authorization/policyDefinitions","name":"ce2370f6-0ac5-4d85-8ab4-10721cc640b0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1209 - Configuration Settings","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1209"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ce669c31-9103-4552-ae9c-cdef4e03580d","type":"Microsoft.Authorization/policyDefinitions","name":"ce669c31-9103-4552-ae9c-cdef4e03580d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1242 - Contingency Planning Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1242"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf3b3293-667a-445e-a722-fa0b0afc0958","type":"Microsoft.Authorization/policyDefinitions","name":"cf3b3293-667a-445e-a722-fa0b0afc0958"},{"properties":{"displayName":"Microsoft
+ Managed Control 1097 - Role-Based Security Training | Suspicious Communications
+ And Anomalous System Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1097"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf3e4836-f19e-47eb-a8cd-c3ca150452c0","type":"Microsoft.Authorization/policyDefinitions","name":"cf3e4836-f19e-47eb-a8cd-c3ca150452c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1424 - Maintenance Personnel | Individuals Without Appropriate
+ Access","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1424"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf55fc87-48e1-4676-a2f8-d9a8cf993283","type":"Microsoft.Authorization/policyDefinitions","name":"cf55fc87-48e1-4676-a2f8-d9a8cf993283"},{"properties":{"displayName":"Diagnostic
logs in Key Vault should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Key Vault"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","type":"Microsoft.Authorization/policyDefinitions","name":"cf820ca0-f99e-4f3e-84fb-66e913812d21"},{"properties":{"displayName":"Add
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","type":"Microsoft.Authorization/policyDefinitions","name":"cf820ca0-f99e-4f3e-84fb-66e913812d21"},{"properties":{"displayName":"Microsoft
+ Managed Control 1292 - Information System Backup | Test Restoration Using
+ Sampling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1292"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d03516cf-0293-489f-9b32-a18f2a79f836","type":"Microsoft.Authorization/policyDefinitions","name":"d03516cf-0293-489f-9b32-a18f2a79f836"},{"properties":{"displayName":"Microsoft
+ Managed Control 1724 - Error Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1724"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d07594d1-0307-4c08-94db-5d71ff31f0f6","type":"Microsoft.Authorization/policyDefinitions","name":"d07594d1-0307-4c08-94db-5d71ff31f0f6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1084 - Publicly Accessible Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1084"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d0eb15db-dd1c-4d1d-b200-b12dd6cd060c","type":"Microsoft.Authorization/policyDefinitions","name":"d0eb15db-dd1c-4d1d-b200-b12dd6cd060c"},{"properties":{"displayName":"Add
or replace a tag on resource groups","policyType":"BuiltIn","mode":"All","description":"Adds
or replaces the specified tag and value when any resource group is created
or updated. Existing resource groups can be remediated by triggering a remediation
@@ -7304,11 +12751,30 @@ interactions:
connections between your database server and your client applications helps
protect against ''man-in-the-middle'' attacks by encrypting the data stream
between the server and your application","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","type":"Microsoft.Authorization/policyDefinitions","name":"d158790f-bfb0-486c-8631-2dc6b4e8e6af"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","type":"Microsoft.Authorization/policyDefinitions","name":"d158790f-bfb0-486c-8631-2dc6b4e8e6af"},{"properties":{"displayName":"Microsoft
+ Managed Control 1620 - Denial Of Service Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1620"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d17c826b-1dec-43e1-a984-7b71c446649c","type":"Microsoft.Authorization/policyDefinitions","name":"d17c826b-1dec-43e1-a984-7b71c446649c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1409 - Maintenance Tools | Prevent Unauthorized Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1409"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d1880188-e51a-4772-b2ab-68f5e8bd27f6","type":"Microsoft.Authorization/policyDefinitions","name":"d1880188-e51a-4772-b2ab-68f5e8bd27f6"},{"properties":{"displayName":"[Deprecated]:
Audit Function Apps that are not using custom domains","policyType":"BuiltIn","mode":"All","description":"Use
of custom domains protects a Function app from common attacks such as phishing
and other DNS-related attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c","type":"Microsoft.Authorization/policyDefinitions","name":"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c","type":"Microsoft.Authorization/policyDefinitions","name":"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1195 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1195"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d1e1d65c-1013-4484-bd54-991332e6a0d2","type":"Microsoft.Authorization/policyDefinitions","name":"d1e1d65c-1013-4484-bd54-991332e6a0d2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1721 - Spam Protection | Central Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1721"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a","type":"Microsoft.Authorization/policyDefinitions","name":"d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1106 - Audit Events | Reviews And Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1106"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d2b4feae-61ab-423f-a4c5-0e38ac4464d8","type":"Microsoft.Authorization/policyDefinitions","name":"d2b4feae-61ab-423f-a4c5-0e38ac4464d8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1030 - Information Flow Enforcement | Physical / Logical Separation
+ Of Information Flows","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1030"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d3531453-b869-4606-9122-29c1cd6e7ed1","type":"Microsoft.Authorization/policyDefinitions","name":"d3531453-b869-4606-9122-29c1cd6e7ed1"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs on which the DSC configuration is
not compliant","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows VMs on which
@@ -7318,30 +12784,127 @@ interactions:
Configuration. This policy should only be used along with its corresponding
audit policy in an initiative. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDscConfiguration","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDscConfiguration"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d38b4c26-9d2e-47d7-aefe-18d859a8706a","type":"Microsoft.Authorization/policyDefinitions","name":"d38b4c26-9d2e-47d7-aefe-18d859a8706a"},{"properties":{"displayName":"Virtual
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDscConfiguration","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDscConfiguration"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d38b4c26-9d2e-47d7-aefe-18d859a8706a","type":"Microsoft.Authorization/policyDefinitions","name":"d38b4c26-9d2e-47d7-aefe-18d859a8706a"},{"properties":{"displayName":"Long-term
+ geo-redundant backup should be enabled for Azure SQL Databases","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure SQL Database with long-term geo-redundant backup not
+ enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies","name":"default","existenceCondition":{"anyOf":[{"field":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies/weeklyRetention","notEquals":"PT0S"},{"field":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies/monthlyRetention","notEquals":"PT0S"},{"field":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies/yearlyRetention","notEquals":"PT0S"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","type":"Microsoft.Authorization/policyDefinitions","name":"d38fc420-0735-4ef3-ac11-c806f651a570"},{"properties":{"displayName":"Microsoft
+ Managed Control 1641 - Transmission Confidentiality And Integrity | Cryptographic
+ Or Alternate Physical Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1641"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d39d4f68-7346-4133-8841-15318a714a24","type":"Microsoft.Authorization/policyDefinitions","name":"d39d4f68-7346-4133-8841-15318a714a24"},{"properties":{"displayName":"Microsoft
+ Managed Control 1249 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1249"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d3bf4251-0818-42db-950b-afd5b25a51c2","type":"Microsoft.Authorization/policyDefinitions","name":"d3bf4251-0818-42db-950b-afd5b25a51c2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1562 - Allocation Of Resources","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1562"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d4142013-7964-4163-a313-a900301c2cef","type":"Microsoft.Authorization/policyDefinitions","name":"d4142013-7964-4163-a313-a900301c2cef"},{"properties":{"displayName":"Virtual
machines should be connected to an approved virtual network","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any virtual machine connected to a virtual network that is not
approved.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"virtualNetworkId":{"type":"String","metadata":{"displayName":"Virtual
- network Id","description":"Resource Id of the virtual network. Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroupName/providers/Microsoft.Network/virtualNetworks/Name"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"not":{"field":"Microsoft.Network/networkInterfaces/ipconfigurations[*].subnet.id","like":"[concat(parameters(''virtualNetworkId''),''/*'')]"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d416745a-506c-48b6-8ab1-83cb814bcaa3","type":"Microsoft.Authorization/policyDefinitions","name":"d416745a-506c-48b6-8ab1-83cb814bcaa3"},{"properties":{"displayName":"Event
+ network Id","description":"Resource Id of the virtual network. Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroupName/providers/Microsoft.Network/virtualNetworks/Name"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"not":{"field":"Microsoft.Network/networkInterfaces/ipconfigurations[*].subnet.id","like":"[concat(parameters(''virtualNetworkId''),''/*'')]"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d416745a-506c-48b6-8ab1-83cb814bcaa3","type":"Microsoft.Authorization/policyDefinitions","name":"d416745a-506c-48b6-8ab1-83cb814bcaa3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1383 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1383"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d4558451-e16a-4d2d-a066-fe12a6282bb9","type":"Microsoft.Authorization/policyDefinitions","name":"d4558451-e16a-4d2d-a066-fe12a6282bb9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1112 - Response To Audit Processing Failures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1112"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d530aad8-4ee2-45f4-b234-c061dae683c0","type":"Microsoft.Authorization/policyDefinitions","name":"d530aad8-4ee2-45f4-b234-c061dae683c0"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Data Lake Analytics to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Analytics to stream to a regional Log
+ Analytics workspace when any Data Lake Analytics which is missing this diagnostic
+ settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeAnalytics/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeAnalytics/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03","type":"Microsoft.Authorization/policyDefinitions","name":"d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03"},{"properties":{"displayName":"Microsoft
+ Managed Control 1585 - Security Engineering Principles","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1585"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d57f8732-5cdc-4cda-8d27-ab148e1f3a55","type":"Microsoft.Authorization/policyDefinitions","name":"d57f8732-5cdc-4cda-8d27-ab148e1f3a55"},{"properties":{"displayName":"Microsoft
+ Managed Control 1667 - System And Information Integrity Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1667"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d61880dc-6e38-4f2a-a30c-3406a98f8220","type":"Microsoft.Authorization/policyDefinitions","name":"d61880dc-6e38-4f2a-a30c-3406a98f8220"},{"properties":{"displayName":"Microsoft
+ Managed Control 1150 - Security Assessments | External Organizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1150"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d630429d-e763-40b1-8fba-d20ba7314afb","type":"Microsoft.Authorization/policyDefinitions","name":"d630429d-e763-40b1-8fba-d20ba7314afb"},{"properties":{"displayName":"Event
Hub should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Event Hub not configured to use a virtual network service
endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.EventHub/namespaces/virtualNetworkRules","existenceCondition":{"field":"Microsoft.EventHub/namespaces/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d63edb4a-c612-454d-b47d-191a724fcbf0","type":"Microsoft.Authorization/policyDefinitions","name":"d63edb4a-c612-454d-b47d-191a724fcbf0"},{"properties":{"displayName":"Show
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.EventHub/namespaces/virtualNetworkRules","existenceCondition":{"field":"Microsoft.EventHub/namespaces/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d63edb4a-c612-454d-b47d-191a724fcbf0","type":"Microsoft.Authorization/policyDefinitions","name":"d63edb4a-c612-454d-b47d-191a724fcbf0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1549 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1549"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d6976a08-d969-4df2-bb38-29556c2eb48a","type":"Microsoft.Authorization/policyDefinitions","name":"d6976a08-d969-4df2-bb38-29556c2eb48a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1473 - Emergency Power","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1473"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d7047705-d719-46a7-8bb0-76ad233eba71","type":"Microsoft.Authorization/policyDefinitions","name":"d7047705-d719-46a7-8bb0-76ad233eba71"},{"properties":{"displayName":"Microsoft
+ Managed Control 1529 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1529"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d74fdc92-1cb8-4a34-9978-8556425cd14c","type":"Microsoft.Authorization/policyDefinitions","name":"d74fdc92-1cb8-4a34-9978-8556425cd14c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1350 - Identification And Authentication (Non-Org. Users)
+ | Use Of FICAM-Issued Profiles","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1350"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d77fd943-6ba6-4a21-ba07-22b03e347cc4","type":"Microsoft.Authorization/policyDefinitions","name":"d77fd943-6ba6-4a21-ba07-22b03e347cc4"},{"properties":{"displayName":"Show
audit results from Windows Server VMs on which Windows Serial Console is not
enabled","policyType":"BuiltIn","mode":"All","description":"This policy should
only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
Server virtual machines on which Windows Serial Console is not enabled. For
more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsSerialConsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d7ccd0ca-8d78-42af-a43d-6b7f928accbc","type":"Microsoft.Authorization/policyDefinitions","name":"d7ccd0ca-8d78-42af-a43d-6b7f928accbc"},{"properties":{"displayName":"[Deprecated]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsSerialConsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d7ccd0ca-8d78-42af-a43d-6b7f928accbc","type":"Microsoft.Authorization/policyDefinitions","name":"d7ccd0ca-8d78-42af-a43d-6b7f928accbc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1016 - Account Management | Automated Audit Actions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1016"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d8b43277-512e-40c3-ab00-14b3b6e72238","type":"Microsoft.Authorization/policyDefinitions","name":"d8b43277-512e-40c3-ab00-14b3b6e72238"},{"properties":{"displayName":"Microsoft
+ Managed Control 1488 - Alternate Work Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1488"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d8ef30eb-a44f-47af-8524-ac19a36d41d2","type":"Microsoft.Authorization/policyDefinitions","name":"d8ef30eb-a44f-47af-8524-ac19a36d41d2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1577 - Acquisition Process | Continuous Monitoring Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1577"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d922484a-8cfc-4a6b-95a4-77d6a685407f","type":"Microsoft.Authorization/policyDefinitions","name":"d922484a-8cfc-4a6b-95a4-77d6a685407f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1271 - Alternate Storage Site | Accessibility","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1271"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/da3bfb53-9c46-4010-b3db-a7ba1296dada","type":"Microsoft.Authorization/policyDefinitions","name":"da3bfb53-9c46-4010-b3db-a7ba1296dada"},{"properties":{"displayName":"Microsoft
+ Managed Control 1516 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1516"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/da3cd269-156f-435b-b472-c3af34c032ed","type":"Microsoft.Authorization/policyDefinitions","name":"da3cd269-156f-435b-b472-c3af34c032ed"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Batch Account to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Batch Account to stream to a regional Event Hub
+ when any Batch Account which is missing this diagnostic settings is created
+ or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Batch/batchAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Batch/batchAccounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ServiceLog","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/db51110f-0865-4a6e-b274-e2e07a5b2cd7","type":"Microsoft.Authorization/policyDefinitions","name":"db51110f-0865-4a6e-b274-e2e07a5b2cd7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1277 - Alternate Processing Site | Priority Of Service","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1277"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dc43e829-3d50-4a0a-aa0f-428d551862aa","type":"Microsoft.Authorization/policyDefinitions","name":"dc43e829-3d50-4a0a-aa0f-428d551862aa"},{"properties":{"displayName":"Microsoft
+ Managed Control 1439 - Media Sanitization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1439"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dce72873-c5f1-47c3-9b4f-6b8207fd5a45","type":"Microsoft.Authorization/policyDefinitions","name":"dce72873-c5f1-47c3-9b4f-6b8207fd5a45"},{"properties":{"displayName":"Microsoft
+ Managed Control 1264 - Contingency Plan Testing | Coordinate With Related
+ Plans","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1264"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd280d4b-50a1-42fb-a479-ece5878acf19","type":"Microsoft.Authorization/policyDefinitions","name":"dd280d4b-50a1-42fb-a479-ece5878acf19"},{"properties":{"displayName":"[Deprecated]:
Audit Web Applications that are not using custom domains","policyType":"BuiltIn","mode":"All","description":"Use
of custom domains protects a web application from common attacks such as phishing
and other DNS-related attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -7353,7 +12916,23 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''System Audit Policies - Policy Change''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPolicyChange","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd4680ed-0559-4a6a-ad10-081d14cbb484","type":"Microsoft.Authorization/policyDefinitions","name":"dd4680ed-0559-4a6a-ad10-081d14cbb484"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPolicyChange","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd4680ed-0559-4a6a-ad10-081d14cbb484","type":"Microsoft.Authorization/policyDefinitions","name":"dd4680ed-0559-4a6a-ad10-081d14cbb484"},{"properties":{"displayName":"Microsoft
+ Managed Control 1715 - Software, Firmware, And Information Integrity | Automated
+ Response To Integrity Violations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1715"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd469ae0-71a8-4adc-aafc-de6949ca3339","type":"Microsoft.Authorization/policyDefinitions","name":"dd469ae0-71a8-4adc-aafc-de6949ca3339"},{"properties":{"displayName":"Microsoft
+ Managed Control 1678 - Malicious Code Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1678"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd533cb0-b416-4be7-8e86-4d154824dfd7","type":"Microsoft.Authorization/policyDefinitions","name":"dd533cb0-b416-4be7-8e86-4d154824dfd7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1391 - Information Spillage Response | Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1391"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd6ac1a1-660e-4810-baa8-74e868e2ed47","type":"Microsoft.Authorization/policyDefinitions","name":"dd6ac1a1-660e-4810-baa8-74e868e2ed47"},{"properties":{"displayName":"Microsoft
+ Managed Control 1146 - Security Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1146"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd83410c-ecb6-4547-8f14-748c3cbdc7ac","type":"Microsoft.Authorization/policyDefinitions","name":"dd83410c-ecb6-4547-8f14-748c3cbdc7ac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1602 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1602"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ddae2e97-a449-499f-a1c8-aea4a7e52ec9","type":"Microsoft.Authorization/policyDefinitions","name":"ddae2e97-a449-499f-a1c8-aea4a7e52ec9"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Settings
- Account Policies''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -7378,13 +12957,26 @@ interactions:
''='', parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsRecoveryconsole"},"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Recovery
console: Allow floppy copy and access to all drives and all folders;ExpectedValue","value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b","type":"Microsoft.Authorization/policyDefinitions","name":"ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b"},{"properties":{"displayName":"[Deprecated]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b","type":"Microsoft.Authorization/policyDefinitions","name":"ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1689 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1689"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/de901f2f-a01a-4456-97f0-33cda7966172","type":"Microsoft.Authorization/policyDefinitions","name":"de901f2f-a01a-4456-97f0-33cda7966172"},{"properties":{"displayName":"Microsoft
+ Managed Control 1528 - Access Agreements","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1528"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/deb9797c-22f8-40e8-b342-a84003c924e6","type":"Microsoft.Authorization/policyDefinitions","name":"deb9797c-22f8-40e8-b342-a84003c924e6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1673 - Flaw Remediation | Automated Flaw Remediation Status","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1673"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dff0b90d-5a6f-491c-b2f8-b90aa402d844","type":"Microsoft.Authorization/policyDefinitions","name":"dff0b90d-5a6f-491c-b2f8-b90aa402d844"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation only in Japan data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation in the following locations only: Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697","type":"Microsoft.Authorization/policyDefinitions","name":"e01598e8-6538-41ed-95e8-8b29746cd697"},{"properties":{"displayName":"Cosmos
DB should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Cosmos DB not configured to use a virtual network service
endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"field":"Microsoft.DocumentDB/databaseAccounts/virtualNetworkRules[*].id","exists":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9","type":"Microsoft.Authorization/policyDefinitions","name":"e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9"},{"properties":{"displayName":"Deploy
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"field":"Microsoft.DocumentDB/databaseAccounts/virtualNetworkRules[*].id","exists":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9","type":"Microsoft.Authorization/policyDefinitions","name":"e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1206 - Access Restrictions For Change | Limit Production /
+ Operational Privileges","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1206"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0de232d-02a0-4652-872d-88afb4ae5e91","type":"Microsoft.Authorization/policyDefinitions","name":"e0de232d-02a0-4652-872d-88afb4ae5e91"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that do not have the specified Windows
PowerShell execution policy","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -7402,11 +12994,36 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellExecutionPolicy]PowerShellExecutionPolicy1;ExecutionPolicy","value":"[parameters(''ExecutionPolicy'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0efc13a-122a-47c5-b817-2ccfe5d12615","type":"Microsoft.Authorization/policyDefinitions","name":"e0efc13a-122a-47c5-b817-2ccfe5d12615"},{"properties":{"displayName":"Vulnerabilities
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0efc13a-122a-47c5-b817-2ccfe5d12615","type":"Microsoft.Authorization/policyDefinitions","name":"e0efc13a-122a-47c5-b817-2ccfe5d12615"},{"properties":{"displayName":"Microsoft
+ Managed Control 1714 - Software, Firmware, And Information Integrity | Automated
+ Notifications Of Integrity Violations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1714"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e12494fa-b81e-4080-af71-7dbacc2da0ec","type":"Microsoft.Authorization/policyDefinitions","name":"e12494fa-b81e-4080-af71-7dbacc2da0ec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1686 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1686"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e17085c5-0be8-4423-b39b-a52d3d1402e5","type":"Microsoft.Authorization/policyDefinitions","name":"e17085c5-0be8-4423-b39b-a52d3d1402e5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1722 - Spam Protection | Automatic Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1722"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1da06bd-25b6-4127-a301-c313d6873fff","type":"Microsoft.Authorization/policyDefinitions","name":"e1da06bd-25b6-4127-a301-c313d6873fff"},{"properties":{"displayName":"Vulnerabilities
in security configuration on your machines should be remediated","policyType":"BuiltIn","mode":"All","description":"Servers
which do not satisfy the configured baseline will be monitored by Azure Security
Center as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"osVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","type":"Microsoft.Authorization/policyDefinitions","name":"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"osVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","type":"Microsoft.Authorization/policyDefinitions","name":"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15"},{"properties":{"displayName":"Microsoft
+ Managed Control 1047 - System Use Notification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1047"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62","type":"Microsoft.Authorization/policyDefinitions","name":"e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62"},{"properties":{"displayName":"Microsoft
+ Managed Control 1276 - Alternate Processing Site | Accessibility","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1276"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e214e563-1206-4a43-a56b-ac5880c9c571","type":"Microsoft.Authorization/policyDefinitions","name":"e214e563-1206-4a43-a56b-ac5880c9c571"},{"properties":{"displayName":"Microsoft
+ Managed Control 1560 - System And Services Acquisition Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1560"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e29e0915-5c2f-4d09-8806-048b749ad763","type":"Microsoft.Authorization/policyDefinitions","name":"e29e0915-5c2f-4d09-8806-048b749ad763"},{"properties":{"displayName":"Ensure
+ that ''HTTP Version'' is the latest, if used to run the Function app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for HTTP either due to security flaws or to include
+ additional functionality. Using the latest HTTP version for web apps to take
+ advantage of security fixes, if any, and/or new functionalities of the newer
+ version.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.http20Enabled","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c","type":"Microsoft.Authorization/policyDefinitions","name":"e2c1c086-2d84-4019-bff3-c44ccd95113c"},{"properties":{"displayName":"[Preview]:
Audit Dependency Agent Deployment in VMSS - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports
VMSS as non-compliant if the VM Image (OS) is not in the list defined and
the agent is not installed. The list of OS images will be updated over time
@@ -7414,7 +13031,16 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10","type":"Microsoft.Authorization/policyDefinitions","name":"e2dd799a-a932-4e9d-ac17-d473bc3c6c10"},{"properties":{"displayName":"Azure
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10","type":"Microsoft.Authorization/policyDefinitions","name":"e2dd799a-a932-4e9d-ac17-d473bc3c6c10"},{"properties":{"displayName":"Microsoft
+ Managed Control 1161 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1161"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2f8f6c6-dde4-436b-a79d-bc50e129eb3a","type":"Microsoft.Authorization/policyDefinitions","name":"e2f8f6c6-dde4-436b-a79d-bc50e129eb3a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1387 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1387"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3007185-3857-43a9-8237-06ca94f1084c","type":"Microsoft.Authorization/policyDefinitions","name":"e3007185-3857-43a9-8237-06ca94f1084c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1479 - Fire Protection | Automatic Fire Suppression","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1479"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e327b072-281d-4f75-9c28-4216e5d72f26","type":"Microsoft.Authorization/policyDefinitions","name":"e327b072-281d-4f75-9c28-4216e5d72f26"},{"properties":{"displayName":"Azure
VPN gateways should not use ''basic'' SKU","policyType":"BuiltIn","mode":"All","description":"This
policy ensures that VPN gateways do not use ''basic'' SKU.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/virtualNetworkGateways"},{"field":"Microsoft.Network/virtualNetworkGateways/gatewayType","equals":"Vpn"},{"field":"Microsoft.Network/virtualNetworkGateways/sku.tier","equals":"Basic"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e345b6c3-24bd-4c93-9bbb-7e5e49a17b78","type":"Microsoft.Authorization/policyDefinitions","name":"e345b6c3-24bd-4c93-9bbb-7e5e49a17b78"},{"properties":{"displayName":"MFA
@@ -7465,7 +13091,13 @@ interactions:
password age;ExpectedValue","value":"[parameters(''MinimumPasswordAge'')]"},{"name":"Minimum
password length;ExpectedValue","value":"[parameters(''MinimumPasswordLength'')]"},{"name":"Password
must meet complexity requirements;ExpectedValue","value":"[parameters(''PasswordMustMeetComplexityRequirements'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3d95ab7-f47a-49d8-a347-784177b6c94c","type":"Microsoft.Authorization/policyDefinitions","name":"e3d95ab7-f47a-49d8-a347-784177b6c94c"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3d95ab7-f47a-49d8-a347-784177b6c94c","type":"Microsoft.Authorization/policyDefinitions","name":"e3d95ab7-f47a-49d8-a347-784177b6c94c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1451 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1451"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3f1e5a3-25c1-4476-8cb6-3955031f8e65","type":"Microsoft.Authorization/policyDefinitions","name":"e3f1e5a3-25c1-4476-8cb6-3955031f8e65"},{"properties":{"displayName":"Microsoft
+ Managed Control 1357 - Incident Response Training | Automated Training Environments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1357"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e4213689-05e8-4241-9d4e-8dd1cdafd105","type":"Microsoft.Authorization/policyDefinitions","name":"e4213689-05e8-4241-9d4e-8dd1cdafd105"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- User Account Control''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -7497,14 +13129,36 @@ interactions:
Approval Mode;ExpectedValue","value":"[parameters(''UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode'')]"},{"name":"User
Account Control: Detect application installations and prompt for elevation;ExpectedValue","value":"[parameters(''UACDetectApplicationInstallationsAndPromptForElevation'')]"},{"name":"User
Account Control: Run all administrators in Admin Approval Mode;ExpectedValue","value":"[parameters(''UACRunAllAdministratorsInAdminApprovalMode'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e425e402-a050-45e5-b010-bd3f934589fc","type":"Microsoft.Authorization/policyDefinitions","name":"e425e402-a050-45e5-b010-bd3f934589fc"},{"properties":{"displayName":"Allowed
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e425e402-a050-45e5-b010-bd3f934589fc","type":"Microsoft.Authorization/policyDefinitions","name":"e425e402-a050-45e5-b010-bd3f934589fc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1340 - Authenticator Management | No Embedded Unencrypted
+ Static Authenticators","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1340"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e51ff84b-e5ea-408f-b651-2ecc2933e4c6","type":"Microsoft.Authorization/policyDefinitions","name":"e51ff84b-e5ea-408f-b651-2ecc2933e4c6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1381 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1381"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e5368258-9684-4567-8126-269f34e65eab","type":"Microsoft.Authorization/policyDefinitions","name":"e5368258-9684-4567-8126-269f34e65eab"},{"properties":{"displayName":"Microsoft
+ Managed Control 1421 - Maintenance Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1421"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e539caaa-da8c-41b8-9e1e-449851e2f7a6","type":"Microsoft.Authorization/policyDefinitions","name":"e539caaa-da8c-41b8-9e1e-449851e2f7a6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1716 - Software, Firmware, And Information Integrity | Integration
+ Of Detection And Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1716"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e54c325e-42a0-4dcf-b105-046e0f6f590f","type":"Microsoft.Authorization/policyDefinitions","name":"e54c325e-42a0-4dcf-b105-046e0f6f590f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1023 - Account Management | Usage Conditions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1023"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e55698b6-3dea-4aa9-99b9-d8218c6ab6e5","type":"Microsoft.Authorization/policyDefinitions","name":"e55698b6-3dea-4aa9-99b9-d8218c6ab6e5"},{"properties":{"displayName":"Allowed
locations","policyType":"BuiltIn","mode":"Indexed","description":"This policy
enables you to restrict the locations your organization can specify when deploying
resources. Use to enforce your geo-compliance requirements. Excludes resource
groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources that
use the ''global'' region.","metadata":{"category":"General"},"parameters":{"listOfAllowedLocations":{"type":"Array","metadata":{"description":"The
list of locations that can be specified when deploying resources.","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"allOf":[{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"},{"field":"location","notEquals":"global"},{"field":"type","notEquals":"Microsoft.AzureActiveDirectory/b2cDirectories"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","type":"Microsoft.Authorization/policyDefinitions","name":"e56962a6-4747-49cd-b67b-bf8b01975c4c"},{"properties":{"displayName":"[Preview]:
+ locations"}}},"policyRule":{"if":{"allOf":[{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"},{"field":"location","notEquals":"global"},{"field":"type","notEquals":"Microsoft.AzureActiveDirectory/b2cDirectories"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","type":"Microsoft.Authorization/policyDefinitions","name":"e56962a6-4747-49cd-b67b-bf8b01975c4c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1296 - Information System Recovery And Reconstitution | Transaction
+ Recovery","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1296"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e57b98a0-a011-4956-a79d-5d17ed8b8e48","type":"Microsoft.Authorization/policyDefinitions","name":"e57b98a0-a011-4956-a79d-5d17ed8b8e48"},{"properties":{"displayName":"Microsoft
+ Managed Control 1499 - Rules Of Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1499"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e59671ab-9720-4ee2-9c60-170e8c82251e","type":"Microsoft.Authorization/policyDefinitions","name":"e59671ab-9720-4ee2-9c60-170e8c82251e"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Accounts''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -7524,29 +13178,49 @@ interactions:
the latest supported Node.js version for the latest security classes. Using
older classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestNodeJS","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008","type":"Microsoft.Authorization/policyDefinitions","name":"e67687e8-08d5-4e7f-8226-5b4753bba008"},{"properties":{"displayName":"Subnets
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestNodeJS","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008","type":"Microsoft.Authorization/policyDefinitions","name":"e67687e8-08d5-4e7f-8226-5b4753bba008"},{"properties":{"displayName":"Microsoft
+ Managed Control 1465 - Monitoring Physical Access | Monitoring Physical Access
+ To Information Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1465"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e6e41554-86b5-4537-9f7f-4fc41a1d1640","type":"Microsoft.Authorization/policyDefinitions","name":"e6e41554-86b5-4537-9f7f-4fc41a1d1640"},{"properties":{"displayName":"Subnets
should be associated with a Network Security Group","policyType":"BuiltIn","mode":"All","description":"Protect
your subnet from potential threats by restricting access to it with a Network
Security Group (NSG). NSGs contain a list of Access Control List (ACL) rules
that allow or deny network traffic to your subnet.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnSubnets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","type":"Microsoft.Authorization/policyDefinitions","name":"e71308d3-144b-4262-b144-efdc3cc90517"},{"properties":{"displayName":"Advanced
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnSubnets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","type":"Microsoft.Authorization/policyDefinitions","name":"e71308d3-144b-4262-b144-efdc3cc90517"},{"properties":{"displayName":"Microsoft
+ Managed Control 1567 - System Development Life Cycle","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1567"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e72edbf6-aa61-436d-a227-0f32b77194b3","type":"Microsoft.Authorization/policyDefinitions","name":"e72edbf6-aa61-436d-a227-0f32b77194b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1311 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1311"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e7568697-0c9e-4ea3-9cec-9e567d14f3c6","type":"Microsoft.Authorization/policyDefinitions","name":"e7568697-0c9e-4ea3-9cec-9e567d14f3c6"},{"properties":{"displayName":"Advanced
Threat Protection types should be set to ''All'' in SQL server Advanced Data
Security settings","policyType":"BuiltIn","mode":"Indexed","description":"It
is recommended to enable all Advanced Threat Protection types on your SQL
servers. Enabling all types protects against SQL injection, database vulnerabilities,
and any other anomalous activities.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/disabledAlerts[*]","equals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","type":"Microsoft.Authorization/policyDefinitions","name":"e756b945-1b1b-480b-8de8-9a0859d5f7ad"},{"properties":{"displayName":"Allowed
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/disabledAlerts[*]","equals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","type":"Microsoft.Authorization/policyDefinitions","name":"e756b945-1b1b-480b-8de8-9a0859d5f7ad"},{"properties":{"displayName":"Microsoft
+ Managed Control 1154 - System Interconnections | Unclassified Non-National
+ Security System Connections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1154"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e757ceb9-93b3-45fe-a4f4-f43f64f1ac5a","type":"Microsoft.Authorization/policyDefinitions","name":"e757ceb9-93b3-45fe-a4f4-f43f64f1ac5a"},{"properties":{"displayName":"Allowed
locations for resource groups","policyType":"BuiltIn","mode":"All","description":"This
policy enables you to restrict the locations your organization can create
resource groups in. Use to enforce your geo-compliance requirements.","metadata":{"category":"General"},"parameters":{"listOfAllowedLocations":{"type":"Array","metadata":{"description":"The
list of locations that resource groups can be created in.","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988","type":"Microsoft.Authorization/policyDefinitions","name":"e765b5de-1225-4ba3-bd56-1ac6695af988"},{"properties":{"displayName":"[Deprecated]:
+ locations"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988","type":"Microsoft.Authorization/policyDefinitions","name":"e765b5de-1225-4ba3-bd56-1ac6695af988"},{"properties":{"displayName":"Microsoft
+ Managed Control 1273 - Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1273"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e77fcbf2-a1e8-44f1-860e-ed6583761e65","type":"Microsoft.Authorization/policyDefinitions","name":"e77fcbf2-a1e8-44f1-860e-ed6583761e65"},{"properties":{"displayName":"[Deprecated]:
Audit Web Sockets state for a Web Application","policyType":"BuiltIn","mode":"All","description":"The
Web Sockets protocol is vulnerable to different types of security threats.
Use of Web Sockets within a web application must be carefully reviewed.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e","type":"Microsoft.Authorization/policyDefinitions","name":"e797f851-8be7-4c40-bb56-2e3395215b0e"},{"properties":{"displayName":"Enforce
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e","type":"Microsoft.Authorization/policyDefinitions","name":"e797f851-8be7-4c40-bb56-2e3395215b0e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1169 - Continuous Monitoring | Trend Analyses","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1169"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e7ba2cb3-5675-4468-8b50-8486bdd998a5","type":"Microsoft.Authorization/policyDefinitions","name":"e7ba2cb3-5675-4468-8b50-8486bdd998a5"},{"properties":{"displayName":"Enforce
SSL connection should be enabled for MySQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any MySQL server that is not enforcing SSL connection. Azure
Database for MySQL supports connecting your Azure Database for MySQL server
@@ -7554,16 +13228,52 @@ interactions:
between your database server and your client applications helps protect against
''man in the middle'' attacks by encrypting the data stream between the server
and your application.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMySQL/servers"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","type":"Microsoft.Authorization/policyDefinitions","name":"e802a67a-daf5-4436-9ea6-f6d821dd0c5d"},{"properties":{"displayName":"Vulnerabilities
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMySQL/servers"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","type":"Microsoft.Authorization/policyDefinitions","name":"e802a67a-daf5-4436-9ea6-f6d821dd0c5d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1237 - Software Usage Restrictions | Open Source Software","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1237"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e80b6812-0bfa-4383-8223-cdd86a46a890","type":"Microsoft.Authorization/policyDefinitions","name":"e80b6812-0bfa-4383-8223-cdd86a46a890"},{"properties":{"displayName":"Vulnerabilities
in container security configurations should be remediated","policyType":"BuiltIn","mode":"All","description":"Audit
vulnerabilities in security configuration on machines with Docker installed
and display as recommendations in Azure Security Center.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ContainerBenchmark","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","type":"Microsoft.Authorization/policyDefinitions","name":"e8cbc669-f12d-49eb-93e7-9273119e9933"},{"properties":{"displayName":"Remote
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ContainerBenchmark","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","type":"Microsoft.Authorization/policyDefinitions","name":"e8cbc669-f12d-49eb-93e7-9273119e9933"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Data Lake Storage Gen1 to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Storage Gen1 to stream to a regional
+ Event Hub when any Data Lake Storage Gen1 which is missing this diagnostic
+ settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeStore/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e8d096bc-85de-4c5f-8cfb-857bd1b9d62d","type":"Microsoft.Authorization/policyDefinitions","name":"e8d096bc-85de-4c5f-8cfb-857bd1b9d62d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1626 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1626"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e8f6bddd-6d67-439a-88d4-c5fe39a79341","type":"Microsoft.Authorization/policyDefinitions","name":"e8f6bddd-6d67-439a-88d4-c5fe39a79341"},{"properties":{"displayName":"Microsoft
+ Managed Control 1502 - Rules Of Behavior | Social Media And Networking Restrictions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1502"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e901375c-8f01-4ac8-9183-d5312f47fe63","type":"Microsoft.Authorization/policyDefinitions","name":"e901375c-8f01-4ac8-9183-d5312f47fe63"},{"properties":{"displayName":"Microsoft
+ Managed Control 1723 - Information Input Validation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1723"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e91927a0-ac1d-44a0-95f8-5185f9dfce9f","type":"Microsoft.Authorization/policyDefinitions","name":"e91927a0-ac1d-44a0-95f8-5185f9dfce9f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1200 - Security Impact Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1200"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e98fe9d7-2ed3-44f8-93b7-24dca69783ff","type":"Microsoft.Authorization/policyDefinitions","name":"e98fe9d7-2ed3-44f8-93b7-24dca69783ff"},{"properties":{"displayName":"Microsoft
+ Managed Control 1487 - Alternate Work Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1487"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e9c3371d-c30c-4f58-abd9-30b8a8199571","type":"Microsoft.Authorization/policyDefinitions","name":"e9c3371d-c30c-4f58-abd9-30b8a8199571"},{"properties":{"displayName":"Remote
debugging should be turned off for API Apps","policyType":"BuiltIn","mode":"Indexed","description":"Remote
debugging requires inbound ports to be opened on an API apps. Remote debugging
should be turned off.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","type":"Microsoft.Authorization/policyDefinitions","name":"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e"},{"properties":{"displayName":"Inherit
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","type":"Microsoft.Authorization/policyDefinitions","name":"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1363 - Incident Handling | Automated Incident Handling Processes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1363"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ea3e8156-89a1-45b1-8bd6-938abc79fdfd","type":"Microsoft.Authorization/policyDefinitions","name":"ea3e8156-89a1-45b1-8bd6-938abc79fdfd"},{"properties":{"displayName":"Inherit
a tag from the resource group if missing","policyType":"BuiltIn","mode":"Indexed","description":"Adds
the specified tag with its value from the parent resource group when any resource
missing this tag is created or updated. Existing resources can be remediated
@@ -7575,7 +13285,24 @@ interactions:
Vault should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Key Vault not configured to use a virtual network service
endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"anyOf":[{"field":"Microsoft.KeyVault/vaults/networkAcls.defaultAction","notEquals":"Deny"},{"field":"Microsoft.KeyVault/vaults/networkAcls.virtualNetworkRules[*].id","exists":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ea4d6841-2173-4317-9747-ff522a45120f","type":"Microsoft.Authorization/policyDefinitions","name":"ea4d6841-2173-4317-9747-ff522a45120f"},{"properties":{"displayName":"Log
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"anyOf":[{"field":"Microsoft.KeyVault/vaults/networkAcls.defaultAction","notEquals":"Deny"},{"field":"Microsoft.KeyVault/vaults/networkAcls.virtualNetworkRules[*].id","exists":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ea4d6841-2173-4317-9747-ff522a45120f","type":"Microsoft.Authorization/policyDefinitions","name":"ea4d6841-2173-4317-9747-ff522a45120f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1422 - Maintenance Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1422"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ea556850-838d-4a37-8ce5-9d7642f95e11","type":"Microsoft.Authorization/policyDefinitions","name":"ea556850-838d-4a37-8ce5-9d7642f95e11"},{"properties":{"displayName":"Microsoft
+ Managed Control 1542 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1542"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eab340d0-3d55-4826-a0e5-feebfeb0131d","type":"Microsoft.Authorization/policyDefinitions","name":"eab340d0-3d55-4826-a0e5-feebfeb0131d"},{"properties":{"displayName":"Ensure
+ Function app has ''Client Certificates (Incoming client certificates)'' set
+ to ''On''","policyType":"BuiltIn","mode":"Indexed","description":"Client certificates
+ allow for the app to request a certificate for incoming requests. Only clients
+ that have a valid certificate will be able to reach the app.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"},{"field":"Microsoft.Web/sites/clientCertEnabled","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c","type":"Microsoft.Authorization/policyDefinitions","name":"eaebaea7-8013-4ceb-9d14-7eb32271373c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1064 - Remote Access | Privileged Commands / Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1064"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eb4d9508-cbf0-4a3c-bb5c-6c95b159f3fb","type":"Microsoft.Authorization/policyDefinitions","name":"eb4d9508-cbf0-4a3c-bb5c-6c95b159f3fb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1321 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1321"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eb627cc6-3a9d-46b5-96b7-5fca49178a37","type":"Microsoft.Authorization/policyDefinitions","name":"eb627cc6-3a9d-46b5-96b7-5fca49178a37"},{"properties":{"displayName":"Log
checkpoints should be enabled for PostgreSQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy helps audit any PostgreSQL databases in your environment without log_checkpoints
setting enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -7605,13 +13332,13 @@ interactions:
Configuration. This policy should only be used along with its corresponding
audit policy in an initiative. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid110"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid110"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","type":"Microsoft.Authorization/policyDefinitions","name":"ec49586f-4939-402d-a29e-6ff502b20592"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Administrative
Templates - Control Panel''","policyType":"BuiltIn","mode":"Indexed","description":"This
@@ -7623,7 +13350,13 @@ interactions:
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesControlPanel","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_AdministrativeTemplatesControlPanel"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ec7ac234-2af5-4729-94d2-c557c071799d","type":"Microsoft.Authorization/policyDefinitions","name":"ec7ac234-2af5-4729-94d2-c557c071799d"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ec7ac234-2af5-4729-94d2-c557c071799d","type":"Microsoft.Authorization/policyDefinitions","name":"ec7ac234-2af5-4729-94d2-c557c071799d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1241 - User-Installed Software | Alerts For Unauthorized Installations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1241"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eca4d7b2-65e2-4e04-95d4-c68606b063c3","type":"Microsoft.Authorization/policyDefinitions","name":"eca4d7b2-65e2-4e04-95d4-c68606b063c3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1622 - Boundary Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1622"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ecf56554-164d-499a-8d00-206b07c27bed","type":"Microsoft.Authorization/policyDefinitions","name":"ecf56554-164d-499a-8d00-206b07c27bed"},{"properties":{"displayName":"Deploy
Diagnostic Settings for Key Vault to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
the diagnostic settings for Key Vault to stream to a regional Event Hub when
any Key Vault which is missing this diagnostic settings is created or updated.","metadata":{"category":"Key
@@ -7639,16 +13372,78 @@ interactions:
logs","description":"Whether to enable logs stream to the Event Hub - True
or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vaultName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"resources":[{"type":"Microsoft.KeyVault/vaults/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''vaultName''),
''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"AuditEvent","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- diagnostic settings for '', parameters(''vaultName''))]"}}},"parameters":{"location":{"value":"[field(''location'')]"},"vaultName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ed7c8c13-51e7-49d1-8a43-8490431a0da2","type":"Microsoft.Authorization/policyDefinitions","name":"ed7c8c13-51e7-49d1-8a43-8490431a0da2"},{"properties":{"displayName":"Vulnerability
+ diagnostic settings for '', parameters(''vaultName''))]"}}},"parameters":{"location":{"value":"[field(''location'')]"},"vaultName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ed7c8c13-51e7-49d1-8a43-8490431a0da2","type":"Microsoft.Authorization/policyDefinitions","name":"ed7c8c13-51e7-49d1-8a43-8490431a0da2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1217 - Least Functionality | Periodic Review","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1217"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/edea4f20-b02c-4115-be75-86c080e5c0ed","type":"Microsoft.Authorization/policyDefinitions","name":"edea4f20-b02c-4115-be75-86c080e5c0ed"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Stream Analytics to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Stream Analytics to stream to a regional Event
+ Hub when any Stream Analytics which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingjobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.StreamAnalytics/streamingjobs/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Execution","enabled":"[parameters(''logsEnabled'')]"},{"category":"Authoring","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/edf3780c-3d70-40fe-b17e-ab72013dafca","type":"Microsoft.Authorization/policyDefinitions","name":"edf3780c-3d70-40fe-b17e-ab72013dafca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1189 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1189"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ee45e02a-4140-416c-82c4-fecfea660b9d","type":"Microsoft.Authorization/policyDefinitions","name":"ee45e02a-4140-416c-82c4-fecfea660b9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1089 - Security Awareness Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1089"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef080e67-0d1a-4f76-a0c5-fb9b0358485e","type":"Microsoft.Authorization/policyDefinitions","name":"ef080e67-0d1a-4f76-a0c5-fb9b0358485e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1314 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1314"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef0c8530-efd9-45b8-b753-f03083d06295","type":"Microsoft.Authorization/policyDefinitions","name":"ef0c8530-efd9-45b8-b753-f03083d06295"},{"properties":{"displayName":"Microsoft
+ Managed Control 1128 - Time Stamps","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1128"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef212163-3bc4-4e86-bcf8-705127086393","type":"Microsoft.Authorization/policyDefinitions","name":"ef212163-3bc4-4e86-bcf8-705127086393"},{"properties":{"displayName":"Vulnerability
assessment should be enabled on your SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"Audit
Azure SQL servers which do not have recurring vulnerability assessment scans
enabled. Vulnerability assessment can discover, track, and help you remediate
potential database vulnerabilities.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/vulnerabilityAssessments/recurringScans.isEnabled","equals":"True"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","type":"Microsoft.Authorization/policyDefinitions","name":"ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9"},{"properties":{"displayName":"The
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/vulnerabilityAssessments/recurringScans.isEnabled","equals":"True"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","type":"Microsoft.Authorization/policyDefinitions","name":"ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Event Hub to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Event Hub to stream to a regional Event Hub when
+ any Event Hub which is missing this diagnostic settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.EventHub/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ArchiveLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"AutoScaleLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"KafkaCoordinatorLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"EventHubVNetConnectionEvent","enabled":"[parameters(''logsEnabled'')]"},{"category":"CustomerManagedKeyUserLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef7b61ef-b8e4-4c91-8e78-6946c6b0023f","type":"Microsoft.Authorization/policyDefinitions","name":"ef7b61ef-b8e4-4c91-8e78-6946c6b0023f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1472 - Emergency Shutoff","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1472"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef869332-921d-4c28-9402-3be73e6e50c8","type":"Microsoft.Authorization/policyDefinitions","name":"ef869332-921d-4c28-9402-3be73e6e50c8"},{"properties":{"displayName":"The
Log Analytics agent should be installed on Virtual Machine Scale Sets","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Windows/Linux Virtual Machine Scale Sets if the Log Analytics
agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","in":["MicrosoftMonitoringAgent","OmsAgentForLinux"]},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/provisioningState","equals":"Succeeded"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/settings.workspaceId","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf","type":"Microsoft.Authorization/policyDefinitions","name":"efbde977-ba53-4479-b8e9-10b957924fbf"},{"properties":{"displayName":"Deploy
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","in":["MicrosoftMonitoringAgent","OmsAgentForLinux"]},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/provisioningState","equals":"Succeeded"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/settings.workspaceId","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf","type":"Microsoft.Authorization/policyDefinitions","name":"efbde977-ba53-4479-b8e9-10b957924fbf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1012 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1012"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/efd7b9ae-1db6-4eb6-b0fe-87e6565f9738","type":"Microsoft.Authorization/policyDefinitions","name":"efd7b9ae-1db6-4eb6-b0fe-87e6565f9738"},{"properties":{"displayName":"Microsoft
+ Managed Control 1358 - Incident Response Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1358"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/effbaeef-5bf4-400d-895e-ef8cbc0e64c7","type":"Microsoft.Authorization/policyDefinitions","name":"effbaeef-5bf4-400d-895e-ef8cbc0e64c7"},{"properties":{"displayName":"Ensure
+ that Register with Azure Active Directory is enabled on Function App","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0473e7a-a1ba-4e86-afb2-e829e11b01d8","type":"Microsoft.Authorization/policyDefinitions","name":"f0473e7a-a1ba-4e86-afb2-e829e11b01d8"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that have the specified applications installed","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
that have the specified applications installed. It also creates a system-assigned
@@ -7667,7 +13462,16 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]NotInstalledApplicationResource1;Name","value":"[parameters(''ApplicationName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2","type":"Microsoft.Authorization/policyDefinitions","name":"f0633351-c7b2-41ff-9981-508fc08553c2"},{"properties":{"displayName":"Virtual
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2","type":"Microsoft.Authorization/policyDefinitions","name":"f0633351-c7b2-41ff-9981-508fc08553c2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1531 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1531"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0643e0c-eee5-4113-8684-c608d05c5236","type":"Microsoft.Authorization/policyDefinitions","name":"f0643e0c-eee5-4113-8684-c608d05c5236"},{"properties":{"displayName":"Latest
+ TLS version should be used in your Web App","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
+ to the latest TLS version","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","type":"Microsoft.Authorization/policyDefinitions","name":"f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1028 - Information Flow Enforcement","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1028"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f171df5c-921b-41e9-b12b-50801c315475","type":"Microsoft.Authorization/policyDefinitions","name":"f171df5c-921b-41e9-b12b-50801c315475"},{"properties":{"displayName":"Virtual
networks should use specified virtual network gateway","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any virtual network if the default route does not point to the
specified virtual network gateway.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -7682,13 +13486,13 @@ interactions:
managed identity and deploys the VM extension for Guest Configuration. This
policy should only be used along with its corresponding audit policy in an
initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid121"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid121"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","type":"Microsoft.Authorization/policyDefinitions","name":"f19aa1c1-6b91-4c27-ae6a-970279f03db9"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Adminstrative
Templates - MSS (Legacy)''","policyType":"BuiltIn","mode":"Indexed","description":"This
@@ -7700,7 +13504,24 @@ interactions:
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdminstrativeTemplatesMSSLegacy","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_AdminstrativeTemplatesMSSLegacy"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f1f4825d-58fb-4257-8016-8c00e3c9ed9d","type":"Microsoft.Authorization/policyDefinitions","name":"f1f4825d-58fb-4257-8016-8c00e3c9ed9d"},{"properties":{"displayName":"Show
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f1f4825d-58fb-4257-8016-8c00e3c9ed9d","type":"Microsoft.Authorization/policyDefinitions","name":"f1f4825d-58fb-4257-8016-8c00e3c9ed9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1701 - Information System Monitoring | Host-Based Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1701"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f25bc08f-27cb-43b6-9a23-014d00700426","type":"Microsoft.Authorization/policyDefinitions","name":"f25bc08f-27cb-43b6-9a23-014d00700426"},{"properties":{"displayName":"Microsoft
+ Managed Control 1457 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1457"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f2d9d3e6-8886-4305-865d-639163e5c305","type":"Microsoft.Authorization/policyDefinitions","name":"f2d9d3e6-8886-4305-865d-639163e5c305"},{"properties":{"displayName":"Microsoft
+ Managed Control 1309 - Identification And Authentication (Org. Users) | Acceptance
+ Of Piv Credentials","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1309"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f355d62b-39a8-4ba3-abf7-90f71cb3b000","type":"Microsoft.Authorization/policyDefinitions","name":"f355d62b-39a8-4ba3-abf7-90f71cb3b000"},{"properties":{"displayName":"Microsoft
+ Managed Control 1615 - System And Communications Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1615"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f35e02aa-0a55-49f8-8811-8abfa7e6f2c0","type":"Microsoft.Authorization/policyDefinitions","name":"f35e02aa-0a55-49f8-8811-8abfa7e6f2c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1255 - Contingency Plan | Continue Essential Missions / Business
+ Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1255"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f3793f5e-937f-44f7-bfba-40647ef3efa0","type":"Microsoft.Authorization/policyDefinitions","name":"f3793f5e-937f-44f7-bfba-40647ef3efa0"},{"properties":{"displayName":"Show
audit results from Windows VMs in which the Administrators group does not
contain all of the specified members","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -7716,7 +13537,10 @@ interactions:
VMs that do not contain the specified certificates in the Trusted Root Certification
Authorities certificate store (Cert:\\LocalMachine\\Root). For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsCertificateInTrustedRoot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f3b9ad83-000d-4dc1-bff0-6d54533dd03f","type":"Microsoft.Authorization/policyDefinitions","name":"f3b9ad83-000d-4dc1-bff0-6d54533dd03f"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsCertificateInTrustedRoot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f3b9ad83-000d-4dc1-bff0-6d54533dd03f","type":"Microsoft.Authorization/policyDefinitions","name":"f3b9ad83-000d-4dc1-bff0-6d54533dd03f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1706 - Security Alerts, Advisories, And Directives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1706"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f475ee0e-f560-4c9b-876b-04a77460a404","type":"Microsoft.Authorization/policyDefinitions","name":"f475ee0e-f560-4c9b-876b-04a77460a404"},{"properties":{"displayName":"[Preview]:
Audit Log Analytics Workspace for VM - Report Mismatch","policyType":"BuiltIn","mode":"Indexed","description":"Reports
VMs as non-compliant if they not logging to the LA workspace specified in
the policy/initiative assignment.","metadata":{"category":"Monitoring"},"parameters":{"logAnalyticsWorkspaceId":{"type":"String","metadata":{"displayName":"Log
@@ -7733,7 +13557,9 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that do not have the password complexity setting enabled.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","type":"Microsoft.Authorization/policyDefinitions","name":"f48b2913-1dc5-4834-8c72-ccc1dfd819bb"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","type":"Microsoft.Authorization/policyDefinitions","name":"f48b2913-1dc5-4834-8c72-ccc1dfd819bb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1495 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1495"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f4978d0e-a596-48e7-9f8c-bbf52554ce8d","type":"Microsoft.Authorization/policyDefinitions","name":"f4978d0e-a596-48e7-9f8c-bbf52554ce8d"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that have not restarted within the
specified number of days","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -7768,7 +13594,13 @@ interactions:
0, 3)]","storageName":"[tolower(concat(''sqlaudit'', variables(''locationCode''),
variables(''uniqueStorage'')))]","createStorageAccountDeploymentName":"[concat(''sqlServerAuditingStorageAccount-'',
uniqueString(variables(''locationCode''), parameters(''serverName'')))]"},"resources":[{"apiVersion":"2017-05-10","name":"[variables(''createStorageAccountDeploymentName'')]","type":"Microsoft.Resources/deployments","resourceGroup":"[parameters(''storageAccountsResourceGroup'')]","properties":{"mode":"Incremental","parameters":{"location":{"value":"[parameters(''location'')]"},"storageName":{"value":"[variables(''storageName'')]"}},"templateLink":{"uri":"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json","contentVersion":"1.0.0.0"}}},{"name":"[concat(parameters(''serverName''),
- ''/Default'')]","type":"Microsoft.Sql/servers/auditingSettings","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","storageEndpoint":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountEndPoint.value]","storageAccountAccessKey":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountKey.value]","retentionDays":"[variables(''retentionDays'')]","auditActionsAndGroups":null,"storageAccountSubscriptionId":"[subscription().subscriptionId]","isStorageSecondaryKeyInUse":false}}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"auditRetentionDays":{"value":"[parameters(''retentionDays'')]"},"storageAccountsResourceGroup":{"value":"[parameters(''storageAccountsResourceGroup'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036","type":"Microsoft.Authorization/policyDefinitions","name":"f4c68484-132f-41f9-9b6d-3e4b1cb55036"},{"properties":{"displayName":"[Preview]:
+ ''/Default'')]","type":"Microsoft.Sql/servers/auditingSettings","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","storageEndpoint":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountEndPoint.value]","storageAccountAccessKey":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountKey.value]","retentionDays":"[variables(''retentionDays'')]","auditActionsAndGroups":null,"storageAccountSubscriptionId":"[subscription().subscriptionId]","isStorageSecondaryKeyInUse":false}}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"auditRetentionDays":{"value":"[parameters(''retentionDays'')]"},"storageAccountsResourceGroup":{"value":"[parameters(''storageAccountsResourceGroup'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036","type":"Microsoft.Authorization/policyDefinitions","name":"f4c68484-132f-41f9-9b6d-3e4b1cb55036"},{"properties":{"displayName":"Microsoft
+ Managed Control 1469 - Power Equipment And Cabling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1469"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd","type":"Microsoft.Authorization/policyDefinitions","name":"f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1618 - Security Function Isolation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1618"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f52f89aa-4489-4ec4-950e-8c96a036baa9","type":"Microsoft.Authorization/policyDefinitions","name":"f52f89aa-4489-4ec4-950e-8c96a036baa9"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Network Access''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -7804,13 +13636,42 @@ interactions:
access: Remotely accessible registry paths;ExpectedValue","value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPaths'')]"},{"name":"Network
access: Remotely accessible registry paths and sub-paths;ExpectedValue","value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths'')]"},{"name":"Network
access: Shares that can be accessed anonymously;ExpectedValue","value":"[parameters(''NetworkAccessSharesThatCanBeAccessedAnonymously'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f56a3ab2-89d1-44de-ac0d-2ada5962e22a","type":"Microsoft.Authorization/policyDefinitions","name":"f56a3ab2-89d1-44de-ac0d-2ada5962e22a"},{"properties":{"displayName":"Virtual
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f56a3ab2-89d1-44de-ac0d-2ada5962e22a","type":"Microsoft.Authorization/policyDefinitions","name":"f56a3ab2-89d1-44de-ac0d-2ada5962e22a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1198 - Configuration Change Control | Security Representative","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1198"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f56be5c3-660b-4c61-9078-f67cf072c356","type":"Microsoft.Authorization/policyDefinitions","name":"f56be5c3-660b-4c61-9078-f67cf072c356"},{"properties":{"displayName":"Microsoft
+ Managed Control 1328 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1328"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f5c66fdc-3d02-4034-9db5-ba57802609de","type":"Microsoft.Authorization/policyDefinitions","name":"f5c66fdc-3d02-4034-9db5-ba57802609de"},{"properties":{"displayName":"Microsoft
+ Managed Control 1193 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1193"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f5fd629f-3075-4cae-ab53-bad65495a4ac","type":"Microsoft.Authorization/policyDefinitions","name":"f5fd629f-3075-4cae-ab53-bad65495a4ac"},{"properties":{"displayName":"Virtual
machines should be associated with a Network Security Group","policyType":"BuiltIn","mode":"All","description":"Protect
your VM from potential threats by restricting access to it with a Network
Security Group (NSG). NSGs contain a list of Access Control List (ACL) rules
that allow or deny network traffic to your VM from other instances, in or
outside the same subnet.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnVirtualMachines","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","type":"Microsoft.Authorization/policyDefinitions","name":"f6de0be7-9a8a-4b8a-b349-43cf02d22f7c"},{"properties":{"displayName":"Show
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnVirtualMachines","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","type":"Microsoft.Authorization/policyDefinitions","name":"f6de0be7-9a8a-4b8a-b349-43cf02d22f7c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1214 - Least Functionality","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1214"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f714a4e2-b580-47b6-ae8c-f2812d3750f3","type":"Microsoft.Authorization/policyDefinitions","name":"f714a4e2-b580-47b6-ae8c-f2812d3750f3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1591 - External Information System Services | Ident. Of Functions
+ / Ports / Protocols / Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1591"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f751cdb7-fbee-406b-969b-815d367cb9b3","type":"Microsoft.Authorization/policyDefinitions","name":"f751cdb7-fbee-406b-969b-815d367cb9b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1330 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1330"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f75cedb2-5def-4b31-973e-b69e8c7bd031","type":"Microsoft.Authorization/policyDefinitions","name":"f75cedb2-5def-4b31-973e-b69e8c7bd031"},{"properties":{"displayName":"Microsoft
+ Managed Control 1540 - Security Categorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1540"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f771f8cb-6642-45cc-9a15-8a41cd5c6977","type":"Microsoft.Authorization/policyDefinitions","name":"f771f8cb-6642-45cc-9a15-8a41cd5c6977"},{"properties":{"displayName":"Microsoft
+ Managed Control 1449 - Physical Access Authorizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1449"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f784d3b0-5f2b-49b7-b9f3-00ba8653ced5","type":"Microsoft.Authorization/policyDefinitions","name":"f784d3b0-5f2b-49b7-b9f3-00ba8653ced5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1506 - Personnel Security Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1506"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f7d2ff17-d604-4dd9-b607-9ecf63f28ad2","type":"Microsoft.Authorization/policyDefinitions","name":"f7d2ff17-d604-4dd9-b607-9ecf63f28ad2"},{"properties":{"displayName":"Show
audit results from Windows VMs that do not have the specified Windows PowerShell
execution policy","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -7818,11 +13679,20 @@ interactions:
auditing Windows virtual machines where Windows PowerShell is not configured
to use the specified PowerShell execution policy. For more information on
Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellExecutionPolicy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8036bd0-c10b-4931-86bb-94a878add855","type":"Microsoft.Authorization/policyDefinitions","name":"f8036bd0-c10b-4931-86bb-94a878add855"},{"properties":{"displayName":"External
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellExecutionPolicy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8036bd0-c10b-4931-86bb-94a878add855","type":"Microsoft.Authorization/policyDefinitions","name":"f8036bd0-c10b-4931-86bb-94a878add855"},{"properties":{"displayName":"Microsoft
+ Managed Control 1705 - Security Alerts, Advisories, And Directives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1705"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f82e3639-fa2b-4e06-a786-932d8379b972","type":"Microsoft.Authorization/policyDefinitions","name":"f82e3639-fa2b-4e06-a786-932d8379b972"},{"properties":{"displayName":"External
accounts with owner permissions should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"External
accounts with owner permissions should be removed from your subscription in
order to prevent unmonitored access.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","type":"Microsoft.Authorization/policyDefinitions","name":"f8456c1c-aa66-4dfb-861a-25d127b775c9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","type":"Microsoft.Authorization/policyDefinitions","name":"f8456c1c-aa66-4dfb-861a-25d127b775c9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1345 - Cryptographic Module Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1345"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f86aa129-7c07-4aa4-bbf5-792d93ffd9ea","type":"Microsoft.Authorization/policyDefinitions","name":"f86aa129-7c07-4aa4-bbf5-792d93ffd9ea"},{"properties":{"displayName":"Microsoft
+ Managed Control 1065 - Remote Access | Privileged Commands / Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1065"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f87b8085-dca9-4cf1-8f7b-9822b997797c","type":"Microsoft.Authorization/policyDefinitions","name":"f87b8085-dca9-4cf1-8f7b-9822b997797c"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - System''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -7847,20 +13717,69 @@ interactions:
your network is compromised","metadata":{"category":"Service Bus"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","type":"Microsoft.Authorization/policyDefinitions","name":"f8d36e2f-389b-4ee4-898d-21aeb69a0f45"},{"properties":{"displayName":"Diagnostic
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","type":"Microsoft.Authorization/policyDefinitions","name":"f8d36e2f-389b-4ee4-898d-21aeb69a0f45"},{"properties":{"displayName":"Microsoft
+ Managed Control 1203 - Access Restrictions For Change | Automated Access Enforcement
+ / Auditing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1203"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9012d14-e3e6-4d7b-b926-9f37b5537066","type":"Microsoft.Authorization/policyDefinitions","name":"f9012d14-e3e6-4d7b-b926-9f37b5537066"},{"properties":{"displayName":"Microsoft
+ Managed Control 1697 - Information System Monitoring | Analyze Traffic / Covert
+ Exfiltration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1697"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9873db2-18ad-46b3-a11a-1a1f8cbf0335","type":"Microsoft.Authorization/policyDefinitions","name":"f9873db2-18ad-46b3-a11a-1a1f8cbf0335"},{"properties":{"displayName":"Microsoft
+ Managed Control 1478 - Fire Protection | Suppression Devices / Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1478"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f997df46-cfbb-4cc8-aac8-3fecdaf6a183","type":"Microsoft.Authorization/policyDefinitions","name":"f997df46-cfbb-4cc8-aac8-3fecdaf6a183"},{"properties":{"displayName":"Microsoft
+ Managed Control 1535 - Personnel Sanctions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1535"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9a165d2-967d-4733-8399-1074270dae2e","type":"Microsoft.Authorization/policyDefinitions","name":"f9a165d2-967d-4733-8399-1074270dae2e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1108 - Content Of Audit Records | Additional Audit Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1108"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9ad559e-c12d-415e-9a78-e50fdd7da7ba","type":"Microsoft.Authorization/policyDefinitions","name":"f9ad559e-c12d-415e-9a78-e50fdd7da7ba"},{"properties":{"displayName":"Diagnostic
logs in Azure Stream Analytics should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Stream Analytics"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingJobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","type":"Microsoft.Authorization/policyDefinitions","name":"f9be5368-9bf5-4b84-9e0a-7850da98bb46"},{"properties":{"displayName":"[Preview]:
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingJobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","type":"Microsoft.Authorization/policyDefinitions","name":"f9be5368-9bf5-4b84-9e0a-7850da98bb46"},{"properties":{"displayName":"Latest
+ TLS version should be used in your Function App","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
+ to the latest TLS version","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","type":"Microsoft.Authorization/policyDefinitions","name":"f9d614c5-c173-4d56-95a7-b4437057d193"},{"properties":{"displayName":"Microsoft
+ Managed Control 1280 - Telecommunications Services | Priority Of Service Provisions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1280"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fa108498-b3a8-4ffb-9e79-1107e76afad3","type":"Microsoft.Authorization/policyDefinitions","name":"fa108498-b3a8-4ffb-9e79-1107e76afad3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1037 - Least Privilege | Network Access To Privileged Commands","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1037"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fa4c2a3d-1294-41a3-9ada-0e540471e9fb","type":"Microsoft.Authorization/policyDefinitions","name":"fa4c2a3d-1294-41a3-9ada-0e540471e9fb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1435 - Media Transport","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1435"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fa8d221b-d130-4637-ba16-501e666628bb","type":"Microsoft.Authorization/policyDefinitions","name":"fa8d221b-d130-4637-ba16-501e666628bb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1675 - Flaw Remediation | Time To Remediate Flaws / Benchmarks
+ For Corrective Actions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1675"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/facb66e0-1c48-478a-bed5-747a312323e1","type":"Microsoft.Authorization/policyDefinitions","name":"facb66e0-1c48-478a-bed5-747a312323e1"},{"properties":{"displayName":"Deploy
+ prerequisites to enable Guest Configuration Policy on Linux VMs.","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a system-assigned managed identity and deploys the VM extension
+ for Guest Configuration on Linux VMs. This is a prerequisites for Guest Configuration
+ Policy and must be assigned to the scope before using any Guest Configuration
+ policy. For more information on Guest Configuration policies, please visit
+ https://aka.ms/gcpol.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.Compute/virtualMachines/extensions","name":"AzurePolicyforLinux","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.GuestConfiguration"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"ConfigurationforLinux"}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"resources":[{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}}}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb27e9e0-526e-4ae1-89f2-a2a0bf0f8a50","type":"Microsoft.Authorization/policyDefinitions","name":"fb27e9e0-526e-4ae1-89f2-a2a0bf0f8a50"},{"properties":{"displayName":"Microsoft
+ Managed Control 1086 - Publicly Accessible Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1086"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb321e6f-16a0-4be3-878f-500956e309c5","type":"Microsoft.Authorization/policyDefinitions","name":"fb321e6f-16a0-4be3-878f-500956e309c5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1222 - Information System Component Inventory","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1222"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb39e62f-6bda-4558-8088-ec03d5670914","type":"Microsoft.Authorization/policyDefinitions","name":"fb39e62f-6bda-4558-8088-ec03d5670914"},{"properties":{"displayName":"[Preview]:
Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
your Kubernetes service cluster to a later Kubernetes version to protect against
known vulnerabilities in your current Kubernetes version. Vulnerability CVE-2019-9946
has been patched in Kubernetes versions 1.11.9+, 1.12.7+, 1.13.5+, and 1.14.0+","metadata":{"category":"Security
Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.13.4","1.13.3","1.13.2","1.13.1","1.13.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.12.6","1.12.5","1.12.4","1.12.3","1.12.2","1.12.1","1.12.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.11.8","1.11.7","1.11.6","1.11.5","1.11.4","1.11.3","1.11.2","1.11.1","1.11.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.10.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.9.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.8.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.7.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.6.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.5.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.4.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.3.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.2.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.1.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.0.*"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","type":"Microsoft.Authorization/policyDefinitions","name":"fb893a29-21bb-418c-a157-e99480ec364c"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.13.4","1.13.3","1.13.2","1.13.1","1.13.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.12.6","1.12.5","1.12.4","1.12.3","1.12.2","1.12.1","1.12.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.11.8","1.11.7","1.11.6","1.11.5","1.11.4","1.11.3","1.11.2","1.11.1","1.11.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.10.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.9.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.8.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.7.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.6.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.5.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.4.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.3.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.2.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.1.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.0.*"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","type":"Microsoft.Authorization/policyDefinitions","name":"fb893a29-21bb-418c-a157-e99480ec364c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1075 - Access Control For Mobile Devices | Full Device / Container-Based Encryption","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1075"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fc933d22-04df-48ed-8f87-22a3773d4309","type":"Microsoft.Authorization/policyDefinitions","name":"fc933d22-04df-48ed-8f87-22a3773d4309"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Microsoft Network Client''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -7868,7 +13787,35 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - Microsoft Network Client''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkClient","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fcbc55c9-f25a-4e55-a6cb-33acb3be778b","type":"Microsoft.Authorization/policyDefinitions","name":"fcbc55c9-f25a-4e55-a6cb-33acb3be778b"},{"properties":{"displayName":"Show
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkClient","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fcbc55c9-f25a-4e55-a6cb-33acb3be778b","type":"Microsoft.Authorization/policyDefinitions","name":"fcbc55c9-f25a-4e55-a6cb-33acb3be778b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1318 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1318"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fced5fda-3bdb-4d73-bfea-0e2c80428b66","type":"Microsoft.Authorization/policyDefinitions","name":"fced5fda-3bdb-4d73-bfea-0e2c80428b66"},{"properties":{"displayName":"Microsoft
+ Managed Control 1543 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1543"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd00b778-b5b5-49c0-a994-734ea7bd3624","type":"Microsoft.Authorization/policyDefinitions","name":"fd00b778-b5b5-49c0-a994-734ea7bd3624"},{"properties":{"displayName":"Microsoft
+ Managed Control 1707 - Security Alerts, Advisories, And Directives | Automated
+ Alerts And Advisories","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1707"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd4a2ac8-868a-4702-a345-6c896c3361ce","type":"Microsoft.Authorization/policyDefinitions","name":"fd4a2ac8-868a-4702-a345-6c896c3361ce"},{"properties":{"displayName":"Microsoft
+ Managed Control 1299 - Identification And Authentication Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1299"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd4e54f7-9ab0-4bae-b6cc-457809948a89","type":"Microsoft.Authorization/policyDefinitions","name":"fd4e54f7-9ab0-4bae-b6cc-457809948a89"},{"properties":{"displayName":"Microsoft
+ Managed Control 1627 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1627"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd73310d-76fc-422d-bda4-3a077149f179","type":"Microsoft.Authorization/policyDefinitions","name":"fd73310d-76fc-422d-bda4-3a077149f179"},{"properties":{"displayName":"Microsoft
+ Managed Control 1130 - Time Stamps | Synchronization With Authoritative Time
+ Source","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1130"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd7c4c1d-51ee-4349-9dab-89a7f8c8d102","type":"Microsoft.Authorization/policyDefinitions","name":"fd7c4c1d-51ee-4349-9dab-89a7f8c8d102"},{"properties":{"displayName":"Microsoft
+ Managed Control 1611 - Developer-Provided Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1611"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f","type":"Microsoft.Authorization/policyDefinitions","name":"fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1405 - Maintenance Tools | Inspect Tools","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1405"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b","type":"Microsoft.Authorization/policyDefinitions","name":"fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1613 - Developer Security Architecture And Design","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1613"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fe2ad78b-8748-4bff-a924-f74dfca93f30","type":"Microsoft.Authorization/policyDefinitions","name":"fe2ad78b-8748-4bff-a924-f74dfca93f30"},{"properties":{"displayName":"Show
audit results from Linux VMs that do not have the specified applications installed","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
@@ -7878,8 +13825,20 @@ interactions:
on your SQL databases should be remediated","policyType":"BuiltIn","mode":"Indexed","description":"Monitor
Vulnerability Assessment scan results and recommendations for how to remediate
database vulnerabilities.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Sql/servers/databases","Microsoft.Sql/managedinstances/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"sqlVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","type":"Microsoft.Authorization/policyDefinitions","name":"feedbf84-6b99-488c-acc2-71c829aa5ffc"},{"properties":{"displayName":"[Limited
- Preview]: Ensure containers listen only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Sql/servers/databases","Microsoft.Sql/managedinstances/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"sqlVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","type":"Microsoft.Authorization/policyDefinitions","name":"feedbf84-6b99-488c-acc2-71c829aa5ffc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1407 - Maintenance Tools | Prevent Unauthorized Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1407"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ff9fbd83-1d8d-4b41-aac2-94cb44b33976","type":"Microsoft.Authorization/policyDefinitions","name":"ff9fbd83-1d8d-4b41-aac2-94cb44b33976"},{"properties":{"displayName":"Microsoft
+ Managed Control 1158 - Security Authorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1158"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fff50cf2-28eb-45b4-b378-c99412688907","type":"Microsoft.Authorization/policyDefinitions","name":"fff50cf2-28eb-45b4-b378-c99412688907"},{"properties":{"displayName":"[Preview]:
+ Manage certificate validity period","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the maximum validity period for certificates in months.","metadata":{"category":"Key
+ Vault","preview":true},"parameters":{"maximumValidityInMonths":{"type":"Integer","metadata":{"displayName":"The
+ maximum validity in months","description":"The limit to how long a certificate
+ may be valid for. Certificates with lengthy validity periods aren''t best
+ practice."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/properties.validityInMonths","greater":"[parameters(''maximumValidityInMonths'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560","type":"Microsoft.Authorization/policyDefinitions","name":"0a075868-4c26-42ef-914c-5bc007359560"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Ensure containers listen only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces containers to listen only on allowed ports in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
@@ -7887,8 +13846,25 @@ interactions:
service"},"parameters":{"allowedContainerPortsRegex":{"type":"String","metadata":{"displayName":"Allowed
container ports regex","description":"Regex representing container ports allowed
in Kubernetes cluster. E.g. Regex for allowing ports 443,446 is ^(443|446)$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerAllowedPorts","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-allowed-ports/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedContainerPortsRegex":"[parameters(''allowedContainerPortsRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f636243-1b1c-4d50-880f-310f6199f2cb","type":"Microsoft.Authorization/policyDefinitions","name":"0f636243-1b1c-4d50-880f-310f6199f2cb"},{"properties":{"displayName":"[Limited
- Preview]: Enforce labels on pods in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerAllowedPorts","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-allowed-ports/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedContainerPortsRegex":"[parameters(''allowedContainerPortsRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f636243-1b1c-4d50-880f-310f6199f2cb","type":"Microsoft.Authorization/policyDefinitions","name":"0f636243-1b1c-4d50-880f-310f6199f2cb"},{"properties":{"displayName":"[Preview]:
+ Manage allowed certificate key types","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the allowed key types for certificates.","metadata":{"category":"Key
+ Vault","preview":true},"parameters":{"allowedKeyTypes":{"type":"Array","metadata":{"displayName":"Allowed
+ key types","description":"The list of allowed certificate key types."},"allowedValues":["RSA","RSA-HSM","EC","EC-HSM"],"defaultValue":["RSA","RSA-HSM"]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType","notIn":"[parameters(''allowedKeyTypes'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f","type":"Microsoft.Authorization/policyDefinitions","name":"1151cede-290b-4ba0-8b38-0ad145ac888f"},{"properties":{"displayName":"[Preview]:
+ Manage certificate lifetime action triggers","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the configuration for certificate lifetime action triggers
+ before certificate expiration.","metadata":{"category":"Key Vault","preview":true},"parameters":{"maximumPercentageLife":{"type":"Integer","metadata":{"displayName":"The
+ maximum lifetime percentage","description":"Enter the percentage of lifetime
+ of the certificate when you want to trigger the policy action. For example,
+ to trigger a policy action at 80% of the certificate''s valid life, enter
+ ''80''."}},"minimumDaysBeforeExpiry":{"type":"Integer","metadata":{"displayName":"The
+ minimum days before expiry","description":"Enter the days before expiration
+ of the certificate when you want to trigger the policy action. For example,
+ to trigger a policy action 90 days before the certificate''s expiration, enter
+ ''90''."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.daysBeforeExpiry","exists":"True"},{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.daysBeforeExpiry","less":"[parameters(''minimumDaysBeforeExpiry'')]"}]},{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.lifetimePercentage","exists":"True"},{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.lifetimePercentage","greater":"[parameters(''maximumPercentageLife'')]"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417","type":"Microsoft.Authorization/policyDefinitions","name":"12ef42cb-9903-4e39-9c26-422d29570417"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Enforce labels on pods in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces the specified labels are provided for pods in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
@@ -7896,8 +13872,20 @@ interactions:
service"},"parameters":{"commaSeparatedListOfLabels":{"type":"String","metadata":{"displayName":"Comma-separated
list of labels","description":"A comma-separated list of labels to be specified
on Pods in Kubernetes cluster. E.g. test1,test2"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"PodEnforceLabels","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/pod-enforce-labels/limited-preview/gatekeeperpolicy.rego","policyParameters":{"commaSeparatedListOfLabels":"[parameters(''commaSeparatedListOfLabels'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16c6ca72-89d2-4798-b87e-496f9de7fcb7","type":"Microsoft.Authorization/policyDefinitions","name":"16c6ca72-89d2-4798-b87e-496f9de7fcb7"},{"properties":{"displayName":"[Limited
- Preview]: Ensure services listen only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"PodEnforceLabels","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/pod-enforce-labels/limited-preview/gatekeeperpolicy.rego","policyParameters":{"commaSeparatedListOfLabels":"[parameters(''commaSeparatedListOfLabels'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16c6ca72-89d2-4798-b87e-496f9de7fcb7","type":"Microsoft.Authorization/policyDefinitions","name":"16c6ca72-89d2-4798-b87e-496f9de7fcb7"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Enforce HTTPS ingress in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces HTTPS ingress in a Kubernetes cluster. For instructions on
+ using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-https-only/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-https-only/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d","type":"Microsoft.Authorization/policyDefinitions","name":"1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Ensure services listen only on allowed ports in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces services to listen only on allowed ports in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"allowedServicePortsList":{"type":"Array","metadata":{"displayName":"Allowed
+ service ports list","description":"The list of service ports allowed in a
+ Kubernetes cluster."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/service-allowed-ports/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/service-allowed-ports/constraint.yaml","values":{"allowedServicePorts":"[parameters(''allowedServicePortsList'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/233a2a17-77ca-4fb1-9b6b-69223d272a44","type":"Microsoft.Authorization/policyDefinitions","name":"233a2a17-77ca-4fb1-9b6b-69223d272a44"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Ensure services listen only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces services to listen only on allowed ports in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
@@ -7906,14 +13894,34 @@ interactions:
service ports regex","description":"Regex representing service ports allowed
in Kubernetes cluster. E.g. Regex for allowing ports 443,446 is ^(443|446)$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ServiceAllowedPorts","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/service-allowed-ports/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedServicePortsRegex":"[parameters(''allowedServicePortsRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/25dee3db-6ce0-4c02-ab5d-245887b24077","type":"Microsoft.Authorization/policyDefinitions","name":"25dee3db-6ce0-4c02-ab5d-245887b24077"},{"properties":{"displayName":"[Limited
- Preview]: Enforce HTTPS ingress in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ Preview]: [AKS] Enforce HTTPS ingress in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces HTTPS ingress in an Azure Kubernetes Service cluster. Limited
Preview policies only work for registered subscriptions. To register, please
go to https://aka.ms/akspolicyonboarding. For instruction on using this policy,
please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"HttpsIngressOnly","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-https-only/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fbff515-eecc-4b7e-9b63-fcc7138b7dc3","type":"Microsoft.Authorization/policyDefinitions","name":"2fbff515-eecc-4b7e-9b63-fcc7138b7dc3"},{"properties":{"displayName":"[Limited
- Preview]: Ensure only allowed container images in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"HttpsIngressOnly","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-https-only/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fbff515-eecc-4b7e-9b63-fcc7138b7dc3","type":"Microsoft.Authorization/policyDefinitions","name":"2fbff515-eecc-4b7e-9b63-fcc7138b7dc3"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Enforce internal load balancers in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces load balancers do not have public IPs in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/load-balancer-no-public-ips/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/load-balancer-no-public-ips/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e","type":"Microsoft.Authorization/policyDefinitions","name":"3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Ensure containers listen only on allowed ports in Kubernetes
+ cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces containers to listen only on allowed ports in a Kubernetes
+ cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"allowedContainerPortsList":{"type":"Array","metadata":{"displayName":"Allowed
+ container ports list","description":"The list of container ports allowed in
+ a Kubernetes cluster."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-ports/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-ports/constraint.yaml","values":{"allowedContainerPorts":"[parameters(''allowedContainerPortsList'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/440b515e-a580-421e-abeb-b159a61ddcbc","type":"Microsoft.Authorization/policyDefinitions","name":"440b515e-a580-421e-abeb-b159a61ddcbc"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Enforce labels on pods in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces the specified labels are provided for pods in a Kubernetes
+ cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"labelsList":{"type":"Array","metadata":{"displayName":"List
+ of labels","description":"The list of labels to be specified on Pods in a
+ Kubernetes cluster."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/pod-enforce-labels/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/pod-enforce-labels/constraint.yaml","values":{"labels":"[parameters(''labelsList'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/46592696-4c7b-4bf3-9e45-6c2763bdc0a6","type":"Microsoft.Authorization/policyDefinitions","name":"46592696-4c7b-4bf3-9e45-6c2763bdc0a6"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Ensure only allowed container images in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy ensures only allowed container images are running in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
@@ -7923,111 +13931,133 @@ interactions:
allowed in Kubernetes cluster. E.g. Regex of azure container registry images
is ^.+azurecr.io/.+$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerAllowedImages","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-allowed-images/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedContainerImagesRegex":"[parameters(''allowedContainerImagesRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5f86cb6e-c4da-441b-807c-44bd0cc14e66","type":"Microsoft.Authorization/policyDefinitions","name":"5f86cb6e-c4da-441b-807c-44bd0cc14e66"},{"properties":{"displayName":"[Limited
- Preview]: Do not allow privileged containers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ Preview]: [AKS] Do not allow privileged containers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy does not allow privileged containers creation in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerNoPrivilege","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-no-privilege/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ce7ac02-a5c6-45d6-8d1b-844feb1c1531","type":"Microsoft.Authorization/policyDefinitions","name":"7ce7ac02-a5c6-45d6-8d1b-844feb1c1531"},{"properties":{"displayName":"[Limited
- Preview]: Ensure CPU and memory resource limits defined on containers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerNoPrivilege","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-no-privilege/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ce7ac02-a5c6-45d6-8d1b-844feb1c1531","type":"Microsoft.Authorization/policyDefinitions","name":"7ce7ac02-a5c6-45d6-8d1b-844feb1c1531"},{"properties":{"displayName":"[Preview]:
+ Manage certificates issued by an integrated CA","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages certificates are issued by a specified key vault integrated
+ Certificate Authority.","metadata":{"category":"Key Vault","preview":true},"parameters":{"allowedCAs":{"type":"Array","metadata":{"displayName":"Allowed
+ Azure Key Vault Supported CAs","description":"The list of allowed certificate
+ authorities supported by Azure Key Vault."},"allowedValues":["DigiCert","GlobalSign"],"defaultValue":["DigiCert","GlobalSign"]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/issuer.name","notIn":"[parameters(''allowedCAs'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82","type":"Microsoft.Authorization/policyDefinitions","name":"8e826246-c976-48f6-b03e-619bb92b3d82"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Do not allow privileged containers in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy does not allow privileged containers creation in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-no-privilege/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-no-privilege/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4","type":"Microsoft.Authorization/policyDefinitions","name":"95edb821-ddaf-4404-9732-666045e056b4"},{"properties":{"displayName":"[Preview]:
+ Manage certificates issued by a non-integrated CA","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages certificates are issued by a specified non-integrated Certificate
+ Authority.","metadata":{"category":"Key Vault","preview":true},"parameters":{"caCommonName":{"type":"String","metadata":{"displayName":"The
+ common name of the certificate authority","description":"The common name (CN)
+ of the Certificate Authority (CA) provider. For example, for an issuer CN
+ = Contoso, OU = .., DC = .., you can specify Contoso"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/issuer.commonName","notContains":"[parameters(''caCommonName'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341","type":"Microsoft.Authorization/policyDefinitions","name":"a22f4a40-01d3-4c7d-8071-da157eeff341"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Ensure CPU and memory resource limits defined on containers
+ in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy ensures CPU and memory resource limits are defined on containers in
an Azure Kubernetes Service cluster. Limited Preview policies only work for
registered subscriptions. To register, please go to https://aka.ms/akspolicyonboarding.
For instruction on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerResourceLimits","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-resource-limits/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2d3ed81-8d11-4079-80a5-1faadc0024f4","type":"Microsoft.Authorization/policyDefinitions","name":"a2d3ed81-8d11-4079-80a5-1faadc0024f4"},{"properties":{"displayName":"[Limited
- Preview]: Enforce internal load balancers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ Preview]: [AKS] Enforce internal load balancers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces load balancers do not have public IPs in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"LoadBalancersInternal","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/loadbalancer-no-publicips/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a74d8f00-2fd9-4ce4-968e-0ee1eb821698","type":"Microsoft.Authorization/policyDefinitions","name":"a74d8f00-2fd9-4ce4-968e-0ee1eb821698"},{"properties":{"displayName":"[Limited
- Preview]: Enforce unique ingress hostnames across namespaces in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"LoadBalancersInternal","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/loadbalancer-no-publicips/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a74d8f00-2fd9-4ce4-968e-0ee1eb821698","type":"Microsoft.Authorization/policyDefinitions","name":"a74d8f00-2fd9-4ce4-968e-0ee1eb821698"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Enforce unique ingress hostnames across namespaces in Kubernetes
+ cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces unique ingress hostnames across namespaces in a Kubernetes
+ cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-hostnames-conflict/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-hostnames-conflict/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b2fd3e59-6390-4f2b-8247-ea676bd03e2d","type":"Microsoft.Authorization/policyDefinitions","name":"b2fd3e59-6390-4f2b-8247-ea676bd03e2d"},{"properties":{"displayName":"[Preview]:
+ Manage allowed curve names for elliptic curve cryptography certificates","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the allowed elliptic curve names for elliptic curve cryptography
+ certificates.","metadata":{"category":"Key Vault","preview":true},"parameters":{"allowedECNames":{"type":"Array","metadata":{"displayName":"Allowed
+ elliptic curve names","description":"The list of allowed curve names for elliptic
+ curve cryptography certificates."},"allowedValues":["P-256","P-256K","P-384","P-521"],"defaultValue":["P-256","P-256K","P-384","P-521"]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType","in":["EC","EC-HSM"]},{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.ellipticCurveName","notIn":"[parameters(''allowedECNames'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf","type":"Microsoft.Authorization/policyDefinitions","name":"bd78111f-4953-4367-9fd5-7e08808b54bf"},{"properties":{"displayName":"[Preview]:
+ Manage minimum key size for RSA certificates","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the minimum key size for RSA certificates.","metadata":{"category":"Key
+ Vault","preview":true},"parameters":{"minimumRSAKeySize":{"type":"Integer","metadata":{"displayName":"Minimum
+ RSA key size","description":"The minimum key size for RSA certificates."},"allowedValues":[2048,3072,4096]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType","in":["RSA","RSA-HSM"]},{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keySize","less":"[parameters(''minimumRSAKeySize'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0","type":"Microsoft.Authorization/policyDefinitions","name":"cee51871-e572-4576-855c-047c820360f0"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Enforce unique ingress hostnames across namespaces in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces unique ingress hostnames across namespaces in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"UniqueIngressHostnames","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-hostnames-conflict/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d011d9f7-ba32-4005-b727-b3d09371ca60","type":"Microsoft.Authorization/policyDefinitions","name":"d011d9f7-ba32-4005-b727-b3d09371ca60"},{"properties":{"displayName":"test_policy3ulbefgq5","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy5rxcsbgyu","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy5rxcsbgyu"},{"properties":{"displayName":"test_policyvrud2j572","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy6rmvrx2ug","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy6rmvrx2ug"},{"properties":{"displayName":"test_policyeezgnn3tf","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy72fpbk6om","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy72fpbk6om"},{"properties":{"displayName":"test_policylzld56g3c","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy75lhjp2qz","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy75lhjp2qz"},{"properties":{"displayName":"test_policy4leaozaze","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyafjaspbln","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyafjaspbln"},{"properties":{"displayName":"test_policytz5xijuco","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","displayName":"Allowed
- locations","strongType":"location"}}},"policyRule":{"if":{"not":{"in":"[parameters(''allowedLocations'')]","field":"location"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyaip6dvuui","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyaip6dvuui"},{"properties":{"displayName":"test_policyk2ipvteje","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policycc24wg2ai","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policycc24wg2ai"},{"properties":{"displayName":"test_policynek2j6dvx","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyebyt2or2s","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyebyt2or2s"},{"properties":{"displayName":"test_policyo57mbgttt","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyf4gvztvgz","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyf4gvztvgz"},{"properties":{"displayName":"test_policyry7ktdqpn","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyfneqctrjx","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyfneqctrjx"},{"properties":{"displayName":"test_policypq5w4fcp5","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyhavmopeay","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyhavmopeay"},{"properties":{"displayName":"test_policyzhxn622hb","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyhb6kmyq63","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyhb6kmyq63"},{"properties":{"displayName":"test_policyzbi2xb6y7","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyismcbfzwf","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyismcbfzwf"},{"properties":{"displayName":"test_policyyulsilxiw","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyjp2hqpyxg","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyjp2hqpyxg"},{"properties":{"displayName":"test_policykr5rg52qb","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"category":"test","createdBy":"93a01e49-673a-4e15-8230-51214a737962","createdOn":"2019-02-20T07:02:32.8430887Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyko7fuaryl","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyko7fuaryl"},{"properties":{"displayName":"test_policym7v6bzkep","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyl5e3igsku","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyl5e3igsku"},{"properties":{"displayName":"test_policyr5ivz4uoy","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policylw4dif6k4","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policylw4dif6k4"},{"properties":{"displayName":"test_policyp2yhkolhg","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policymxx4vzibo","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policymxx4vzibo"},{"properties":{"displayName":"test_policyt252aa3in","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyose3kehj3","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyose3kehj3"},{"properties":{"displayName":"test_policyg5g7wrd63","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyqcexugiyb","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyqcexugiyb"},{"properties":{"displayName":"test_policyfn5bvohrv","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"category":"test","createdBy":"93a01e49-673a-4e15-8230-51214a737962","createdOn":"2019-02-15T07:02:13.594025Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyr45j67nyp","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyr45j67nyp"},{"properties":{"displayName":"test_policy5u5ook2zf","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyrs5zxfokx","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyrs5zxfokx"},{"properties":{"displayName":"test_policyepxuvmnrs","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyrtseayuym","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyrtseayuym"},{"properties":{"displayName":"test_policyeglfwi2os","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyrzih7n7ws","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyrzih7n7ws"},{"properties":{"displayName":"test_policyrjb7ausww","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"category":"test","createdBy":"93a01e49-673a-4e15-8230-51214a737962","createdOn":"2019-02-26T07:06:57.89264Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policysh2ld2fbf","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policysh2ld2fbf"},{"properties":{"displayName":"test_policyeop2lxcb7","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policytaxuus2zo","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policytaxuus2zo"},{"properties":{"displayName":"test_policymichd2ukj","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policytrkoh7vio","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policytrkoh7vio"},{"properties":{"displayName":"test_policymhqqjyizg","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyunv6j3gfp","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyunv6j3gfp"},{"properties":{"displayName":"test_policyf2qzg3ba4","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","displayName":"Allowed
- locations","strongType":"location"}}},"policyRule":{"if":{"not":{"in":"[parameters(''allowedLocations'')]","field":"location"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyv3qavzpbx","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyv3qavzpbx"},{"properties":{"displayName":"test_policy5koxubsg5","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyv53qgvql6","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyv53qgvql6"},{"properties":{"displayName":"test_policy7t2i6ysv7","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyvpb2ircbl","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyvpb2ircbl"},{"properties":{"displayName":"test_policyn67yt2fld_new","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2","createdBy":"93a01e49-673a-4e15-8230-51214a737962","createdOn":"2019-06-11T06:51:10.2516Z","updatedBy":"93a01e49-673a-4e15-8230-51214a737962","updatedOn":"2019-06-11T06:51:13.9885473Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
- locations 2"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyx5j3fsjzb","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyx5j3fsjzb"},{"properties":{"displayName":"test_policyif4bjggk7","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyyuuoin4oc","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyyuuoin4oc"},{"properties":{"displayName":"test_policyvy7eweevk","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"category":"test","createdBy":"93a01e49-673a-4e15-8230-51214a737962","createdOn":"2019-02-19T07:01:55.8648869Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyzyhzyddss","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyzyhzyddss"},{"properties":{"policyType":"Custom","mode":"Indexed","description":"Deny
- cool access tiering for storage","metadata":{"createdBy":"89ed5be8-ff97-41b5-ab11-055e1e3cc34b","createdOn":"2019-03-09T04:29:39.8836867Z","updatedBy":null,"updatedOn":null},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"kind","equals":"BlobStorage"},{"not":{"field":"Microsoft.Storage/storageAccounts/accessTier","equals":"cool"}}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/denyCoolTiering","type":"Microsoft.Authorization/policyDefinitions","name":"denyCoolTiering"}]}'
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"UniqueIngressHostnames","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-hostnames-conflict/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d011d9f7-ba32-4005-b727-b3d09371ca60","type":"Microsoft.Authorization/policyDefinitions","name":"d011d9f7-ba32-4005-b727-b3d09371ca60"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Ensure container CPU and memory resource limits do not exceed
+ the specified limits in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy ensures container CPU and memory resource limits are defined and do
+ not exceed the specified limits in a Kubernetes cluster. For instructions
+ on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"cpuLimit":{"type":"String","metadata":{"displayName":"Max
+ allowed CPU units","description":"The maximum CPU units allowed for a container.
+ E.g. 200m. For more information, please refer https://aka.ms/k8s-policy-pod-limits"}},"memoryLimit":{"type":"String","metadata":{"displayName":"Max
+ allowed memory bytes","description":"The maximum memory bytes allowed for
+ a container. E.g. 1Gi. For more information, please refer https://aka.ms/k8s-policy-pod-limits"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-resource-limits/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-resource-limits/constraint.yaml","values":{"cpuLimit":"[parameters(''cpuLimit'')]","memoryLimit":"[parameters(''memoryLimit'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e345eecc-fa47-480f-9e88-67dcc122b164","type":"Microsoft.Authorization/policyDefinitions","name":"e345eecc-fa47-480f-9e88-67dcc122b164"},{"properties":{"displayName":"[Preview]:
+ Manage certificates that are within a specified number of days of expiration","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages certificates that are within a specified number of days to
+ their expiration date.","metadata":{"category":"Key Vault","preview":true},"parameters":{"daysToExpire":{"type":"Integer","metadata":{"displayName":"Days
+ to expire","description":"The number of days for a certificate to expire."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/attributes.expiresOn","lessOrEquals":"[addDays(utcNow(),
+ parameters(''daysToExpire''))]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427","type":"Microsoft.Authorization/policyDefinitions","name":"f772fb64-8e40-40ad-87bc-7706e1949427"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Ensure only allowed container images in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy ensures only allowed container images are running in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"allowedContainerImagesRegex":{"type":"String","metadata":{"displayName":"Allowed
+ container images regex","description":"Regex representing container images
+ allowed in a Kubernetes cluster. E.g. Regex for azure container registry images
+ is ^.+azurecr.io/.+$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-images/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-images/constraint.yaml","values":{"allowedContainerImagesRegex":"[parameters(''allowedContainerImagesRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/febd0533-8e55-448f-b837-bd0e06f16469","type":"Microsoft.Authorization/policyDefinitions","name":"febd0533-8e55-448f-b837-bd0e06f16469"},{"properties":{"displayName":"Replace
+ tag without becoming compliant","policyType":"Custom","mode":"Indexed","description":"","metadata":{"category":"Tags","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-21T00:28:28.0537053Z","updatedBy":null,"updatedOn":null},"parameters":{},"policyRule":{"if":{"value":"true","equals":"true"},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"addOrReplace","field":"tags.mockTag","value":"mockValue"}]}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/270f0d11-af30-4c15-95f7-28ba884518f0","type":"Microsoft.Authorization/policyDefinitions","name":"270f0d11-af30-4c15-95f7-28ba884518f0"},{"properties":{"displayName":"rohitbh:
+ Key vault access policy","policyType":"Custom","mode":"All","description":"definition
+ description","metadata":{"createdBy":"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e","createdOn":"2019-03-26T00:11:44.907552Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-12T22:08:39.7776262Z"},"parameters":{"userObjectId":{"type":"String","metadata":{"displayName":"User
+ Object ID","description":"The GUID for the user which should have access"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"field":"Microsoft.Keyvault/vaults/accessPolicies[*].objectId","notEquals":"[parameters(''userObjectId'')]"}]},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.KeyVault/vaults","name":"current","deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"objectId":{"type":"string"},"keyVaultName":{"type":"string"},"secretsPermissions":{"type":"array","defaultValue":["list"]},"tenantId":{"type":"string"},"location":{"type":"string"},"sku":{"type":"object"},"existingAccessPolicies":{"type":"array","defaultValue":[]}},"variables":{"accessPolicies":[{"tenantId":"[parameters(''tenantId'')]","objectId":"[parameters(''objectId'')]","permissions":{"secrets":"[parameters(''secretsPermissions'')]"}}]},"resources":[{"type":"Microsoft.KeyVault/vaults","name":"[parameters(''keyVaultName'')]","location":"[parameters(''location'')]","apiVersion":"2018-02-14","properties":{"sku":"[parameters(''sku'')]","tenantId":"[parameters(''tenantId'')]","accessPolicies":"[concat(parameters(''existingAccessPolicies''),
+ variables(''accessPolicies''))]"}}]},"parameters":{"objectId":{"value":"[parameters(''userObjectId'')]"},"tenantId":{"value":"[field(''Microsoft.Keyvault/vaults/tenantId'')]"},"keyVaultName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"sku":{"value":"[field(''Microsoft.Keyvault/vaults/sku'')]"},"existingAccessPolicies":{"value":"[field(''Microsoft.Keyvault/vaults/accessPolicies'')]"}}}},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/f25e0fa2-a7c8-4377-a976-54943a77a395"]}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3863c624-094c-480d-bc42-74970b55e5e1","type":"Microsoft.Authorization/policyDefinitions","name":"3863c624-094c-480d-bc42-74970b55e5e1"},{"properties":{"displayName":"testDisplay","policyType":"Custom","mode":"Indexed","description":"Updated
+ Unit test junk: sorry for littering. Please delete me!","metadata":{"testName":"testValue","createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-02T22:35:27.2634648Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-02T22:35:29.2696603Z"},"policyRule":{"if":{"source":"action","equals":"Microsoft.Resources/Subscriptions/ResourceGroups/write"},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ps7866","type":"Microsoft.Authorization/policyDefinitions","name":"ps7866"},{"properties":{"displayName":"robga
+ test modify","policyType":"Custom","mode":"Indexed","metadata":{"createdBy":"0dc80135-ae53-4da3-8695-220a2d93aad8","createdOn":"2019-08-06T13:52:23.9266854Z","updatedBy":"0dc80135-ae53-4da3-8695-220a2d93aad8","updatedOn":"2019-08-28T17:18:53.3118044Z"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"tags.testModify","exists":"false"}]},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"add","field":"tags.testModify","value":"addModifyOperation"}]}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/robgaTestModify","type":"Microsoft.Authorization/policyDefinitions","name":"robgaTestModify"},{"properties":{"displayName":"Audit
+ tag at MG","policyType":"Custom","mode":"All","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-19T21:02:29.3038974Z","updatedBy":null,"updatedOn":null},"parameters":{},"policyRule":{"if":{"not":{"field":"tags.Test","equals":"UnitTest"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/03ae6c12-b46a-43f1-9f3d-c20620473106","type":"Microsoft.Authorization/policyDefinitions","name":"03ae6c12-b46a-43f1-9f3d-c20620473106"},{"properties":{"displayName":"\"metadata\":
+ { \"category\": \"testResourcesGrid\" },","policyType":"Custom","mode":"All","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-19T20:48:36.8149755Z","updatedBy":null,"updatedOn":null},"parameters":{},"policyRule":{"if":{"not":{"field":"tags.testResourcesGrid","equals":"testResourcesGrid"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/4bba2e95-2749-431f-95ff-d032a3ae57f6","type":"Microsoft.Authorization/policyDefinitions","name":"4bba2e95-2749-431f-95ff-d032a3ae57f6"},{"properties":{"displayName":"CaleC
+ - Technical Owner Email Tag on RG","policyType":"Custom","mode":"All","metadata":{"category":"Test","createdBy":"b8890a11-51b6-457d-99f0-b36fde28fa4f","createdOn":"2019-11-13T21:16:37.0623117Z","updatedBy":null,"updatedOn":null},"parameters":{"namePattern":{"type":"String","metadata":{"displayName":"Pattern
+ matching","description":"Pattern to use for names. Can include wildcard (*)."}},"tagName":{"type":"String","metadata":{"displayName":"tagName","description":"Technical
+ Owner Email Address"},"defaultValue":"TechnicalOwnerEmail"}},"policyRule":{"if":{"allOf":[{"not":{"field":"[concat(''tags['',parameters(''tagName''),
+ '']'')]","like":"[parameters(''namePattern'')]"}},{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/54d50b8c-c4c6-4552-9e50-19925aedcf44","type":"Microsoft.Authorization/policyDefinitions","name":"54d50b8c-c4c6-4552-9e50-19925aedcf44"},{"properties":{"displayName":"rohitbh
+ def","policyType":"Custom","mode":"All","metadata":{"category":"Test","createdBy":"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e","createdOn":"2019-03-28T00:13:27.0393653Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/5b51a7de-acd9-42cd-81bd-32d9c01968e9","type":"Microsoft.Authorization/policyDefinitions","name":"5b51a7de-acd9-42cd-81bd-32d9c01968e9"},{"properties":{"displayName":"jilim
+ audit subscriptions without security contacts","policyType":"Custom","mode":"All","metadata":{"createdBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","createdOn":"2019-06-07T20:59:59.7600143Z","updatedBy":null,"updatedOn":null},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/Subscriptions"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Security/securityContacts"}}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/67d90168-f067-43df-bd57-bca4b46df3a0","type":"Microsoft.Authorization/policyDefinitions","name":"67d90168-f067-43df-bd57-bca4b46df3a0"},{"properties":{"displayName":"Empty
+ deployment on each KeyVault resource","policyType":"Custom","mode":"Indexed","description":"Deploys
+ an empty deployment (with one output) on each KeyVault vault. Used for some
+ PolicyInsights SDK tests.","metadata":{"category":"SDK Tests","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-21T17:43:12.9974078Z","updatedBy":null,"updatedOn":null},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Authorization/policyAssignments","name":"notExists","roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/f25e0fa2-a7c8-4377-a976-54943a77a395"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[],"outputs":{"constantOutput":{"type":"string","value":"someConstantValue"}}}}}}}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/78a38c70-5549-49bd-8a16-fe3619e5d2cf","type":"Microsoft.Authorization/policyDefinitions","name":"78a38c70-5549-49bd-8a16-fe3619e5d2cf"},{"properties":{"displayName":"CaleC
+ - Ensure principal is member of role","policyType":"Custom","mode":"All","metadata":{"category":"Test","createdBy":"b8890a11-51b6-457d-99f0-b36fde28fa4f","createdOn":"2019-11-08T01:55:56.4678953Z","updatedBy":"b8890a11-51b6-457d-99f0-b36fde28fa4f","updatedOn":"2019-11-13T21:19:54.5769298Z"},"parameters":{"roleDefinitionId":{"type":"String","metadata":{"displayName":"Approved
+ Role Definition","description":"The role definition id to add the principal
+ to."}},"principalId":{"type":"String","metadata":{"displayName":"Principal
+ Id","description":"Principal Id to add to roles"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Authorization/roleDefinitions"},{"field":"name","equals":"[parameters(''roleDefinitionId'')]"}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Authorization/roleAssignments","deploymentScope":"subscription","existenceScope":"subscription","existenceCondition":{"allOf":[{"field":"Microsoft.Authorization/roleAssignments/principalId","equals":"[parameters(''principalId'')]"},{"field":"Microsoft.Authorization/roleAssignments/roleDefinitionId","equals":"[concat(subscription().id,
+ ''/providers/Microsoft.Authorization/roleDefinitions/'', parameters(''roleDefinitionId''))]"}]},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635"],"deployment":{"location":"eastus","properties":{"mode":"incremental","parameters":{"roleId":{"value":"[parameters(''roleDefinitionId'')]"},"principalId":{"value":"[parameters(''principalId'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"principalId":{"type":"string"},"roleId":{"type":"string"}},"resources":[{"name":"[guid(subscription().id,
+ parameters(''roleId''), parameters(''principalId''))]","type":"Microsoft.Authorization/roleAssignments","apiVersion":"2019-04-01-preview","properties":{"principalId":"[parameters(''principalId'')]","roleDefinitionId":"[concat(subscription().id,
+ ''/providers/Microsoft.Authorization/roleDefinitions/'', parameters(''roleId''))]"}}]}}}}}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/906ef7c2-27f9-48f4-b111-1f0aca8697cd","type":"Microsoft.Authorization/policyDefinitions","name":"906ef7c2-27f9-48f4-b111-1f0aca8697cd"},{"properties":{"displayName":"jilim
+ mg test 2","policyType":"Custom","mode":"All","metadata":{"createdBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","createdOn":"2019-04-01T18:34:15.5651057Z","updatedBy":null,"updatedOn":null},"policyRule":{"if":{"source":"action","equals":"Microsoft.Compute/virtualMachines/write"},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/jilim
+ mg test 2","type":"Microsoft.Authorization/policyDefinitions","name":"jilim
+ mg test 2"},{"properties":{"displayName":"jilim mg test","policyType":"Custom","mode":"All","metadata":{"createdBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","createdOn":"2019-04-01T18:00:41.0087033Z","updatedBy":null,"updatedOn":null},"policyRule":{"if":{"source":"action","equals":"Microsoft.Compute/virtualMachines/write"},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/jilimmgtest","type":"Microsoft.Authorization/policyDefinitions","name":"jilimmgtest"}]}'
headers:
cache-control:
- no-cache
content-length:
- - '933717'
+ - '1644231'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:18:49 GMT
+ - Fri, 06 Dec 2019 21:51:23 GMT
expires:
- '-1'
pragma:
diff --git a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policy_identity.yaml b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policy_identity.yaml
index e128fa3b63d..7447b7ae5d9 100644
--- a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policy_identity.yaml
+++ b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policy_identity.yaml
@@ -13,12 +13,12 @@ interactions:
ParameterSetName:
- --policy -n -g --location --assign-identity --enforcement-mode
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
@@ -31,7 +31,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:58:21 GMT
+ - Fri, 06 Dec 2019 21:50:40 GMT
expires:
- '-1'
pragma:
@@ -57,12 +57,12 @@ interactions:
ParameterSetName:
- --policy -n -g --location --assign-identity --enforcement-mode
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d?api-version=2019-09-01
response:
body:
string: '{"properties":{"displayName":"Audit VMs that do not use managed disks","policyType":"BuiltIn","mode":"All","description":"This
@@ -75,7 +75,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:58:21 GMT
+ - Fri, 06 Dec 2019 21:50:41 GMT
expires:
- '-1'
pragma:
@@ -112,15 +112,15 @@ interactions:
ParameterSetName:
- --policy -n -g --location --assign-identity --enforcement-mode
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002?api-version=2019-09-01
response:
body:
- string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-11T21:58:24.3085051Z","updatedBy":null,"updatedOn":null},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"4faba1e9-fd8e-4c77-a2f2-2102a2623099","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000002","location":"westus"}'
+ string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T21:50:43.6673632Z","updatedBy":null,"updatedOn":null},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"a2efd621-c018-4232-a962-15ac91677fa6","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000002","location":"westus"}'
headers:
cache-control:
- no-cache
@@ -129,7 +129,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:58:24 GMT
+ - Fri, 06 Dec 2019 21:50:43 GMT
expires:
- '-1'
pragma:
@@ -139,7 +139,7 @@ interactions:
x-content-type-options:
- nosniff
x-ms-ratelimit-remaining-subscription-writes:
- - '1199'
+ - '1198'
status:
code: 201
message: Created
@@ -157,15 +157,15 @@ interactions:
ParameterSetName:
- -n -g
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002?api-version=2019-09-01
response:
body:
- string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-11T21:58:24.3085051Z","updatedBy":null,"updatedOn":null},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"4faba1e9-fd8e-4c77-a2f2-2102a2623099","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000002","location":"westus"}'
+ string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T21:50:43.6673632Z","updatedBy":null,"updatedOn":null},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"a2efd621-c018-4232-a962-15ac91677fa6","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000002","location":"westus"}'
headers:
cache-control:
- no-cache
@@ -174,7 +174,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:58:24 GMT
+ - Fri, 06 Dec 2019 21:50:44 GMT
expires:
- '-1'
pragma:
@@ -204,15 +204,15 @@ interactions:
ParameterSetName:
- -n -g
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002?api-version=2019-09-01
response:
body:
- string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-11T21:58:24.3085051Z","updatedBy":null,"updatedOn":null},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"4faba1e9-fd8e-4c77-a2f2-2102a2623099","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000002","location":"westus"}'
+ string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T21:50:43.6673632Z","updatedBy":null,"updatedOn":null},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"a2efd621-c018-4232-a962-15ac91677fa6","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000002","location":"westus"}'
headers:
cache-control:
- no-cache
@@ -221,7 +221,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:58:24 GMT
+ - Fri, 06 Dec 2019 21:50:45 GMT
expires:
- '-1'
pragma:
@@ -240,8 +240,8 @@ interactions:
- request:
body: 'b''{"properties": {"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d",
"scope": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001",
- "metadata": {"createdBy": "327c26bf-bf3e-4128-9b75-fbbd99e98739", "createdOn":
- "2019-09-11T21:58:24.3085051Z", "updatedBy": null, "updatedOn": null}, "enforcementMode":
+ "metadata": {"createdBy": "7140c269-e408-47a5-a626-a1d836b96883", "createdOn":
+ "2019-12-06T21:50:43.6673632Z", "updatedBy": null, "updatedOn": null}, "enforcementMode":
"DoNotEnforce"}, "sku": {"name": "A0", "tier": "Free"}, "location": "westus",
"identity": {"type": "None"}}'''
headers:
@@ -260,15 +260,15 @@ interactions:
ParameterSetName:
- -n -g
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002?api-version=2019-09-01
response:
body:
- string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-11T21:58:24.3085051Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-11T21:58:27.1879499Z"},"enforcementMode":"DoNotEnforce"},"identity":{"type":"None"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000002","location":"westus"}'
+ string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T21:50:43.6673632Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T21:50:47.3764925Z"},"enforcementMode":"DoNotEnforce"},"identity":{"type":"None"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000002","location":"westus"}'
headers:
cache-control:
- no-cache
@@ -277,7 +277,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:58:26 GMT
+ - Fri, 06 Dec 2019 21:50:47 GMT
expires:
- '-1'
pragma:
@@ -287,7 +287,7 @@ interactions:
x-content-type-options:
- nosniff
x-ms-ratelimit-remaining-subscription-writes:
- - '1198'
+ - '1199'
status:
code: 201
message: Created
@@ -305,15 +305,15 @@ interactions:
ParameterSetName:
- -n -g
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002?api-version=2019-09-01
response:
body:
- string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-11T21:58:24.3085051Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-11T21:58:27.1879499Z"},"enforcementMode":"DoNotEnforce"},"identity":{"type":"None"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000002","location":"westus"}'
+ string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T21:50:43.6673632Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T21:50:47.3764925Z"},"enforcementMode":"DoNotEnforce"},"identity":{"type":"None"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000002","location":"westus"}'
headers:
cache-control:
- no-cache
@@ -322,7 +322,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:58:27 GMT
+ - Fri, 06 Dec 2019 21:50:48 GMT
expires:
- '-1'
pragma:
@@ -352,15 +352,15 @@ interactions:
ParameterSetName:
- -n -g
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002?api-version=2019-09-01
response:
body:
- string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-11T21:58:24.3085051Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-11T21:58:27.1879499Z"},"enforcementMode":"DoNotEnforce"},"identity":{"type":"None"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000002","location":"westus"}'
+ string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T21:50:43.6673632Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T21:50:47.3764925Z"},"enforcementMode":"DoNotEnforce"},"identity":{"type":"None"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000002","location":"westus"}'
headers:
cache-control:
- no-cache
@@ -369,7 +369,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:58:27 GMT
+ - Fri, 06 Dec 2019 21:50:49 GMT
expires:
- '-1'
pragma:
@@ -388,9 +388,9 @@ interactions:
- request:
body: 'b''{"properties": {"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d",
"scope": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001",
- "metadata": {"createdBy": "327c26bf-bf3e-4128-9b75-fbbd99e98739", "createdOn":
- "2019-09-11T21:58:24.3085051Z", "updatedBy": "327c26bf-bf3e-4128-9b75-fbbd99e98739",
- "updatedOn": "2019-09-11T21:58:27.1879499Z"}, "enforcementMode": "DoNotEnforce"},
+ "metadata": {"createdBy": "7140c269-e408-47a5-a626-a1d836b96883", "createdOn":
+ "2019-12-06T21:50:43.6673632Z", "updatedBy": "7140c269-e408-47a5-a626-a1d836b96883",
+ "updatedOn": "2019-12-06T21:50:47.3764925Z"}, "enforcementMode": "DoNotEnforce"},
"sku": {"name": "A0", "tier": "Free"}, "location": "westus", "identity": {"type":
"SystemAssigned"}}'''
headers:
@@ -409,15 +409,15 @@ interactions:
ParameterSetName:
- -n -g
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002?api-version=2019-09-01
response:
body:
- string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-11T21:58:24.3085051Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-11T21:58:30.0061836Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"f1a8f5f8-fb5a-4a6d-b60c-7d456b7713a4","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000002","location":"westus"}'
+ string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T21:50:43.6673632Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T21:50:51.4525135Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"a4929873-192d-49c4-8b84-e78e9c44381a","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000002","location":"westus"}'
headers:
cache-control:
- no-cache
@@ -426,7 +426,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:58:30 GMT
+ - Fri, 06 Dec 2019 21:50:51 GMT
expires:
- '-1'
pragma:
@@ -454,15 +454,15 @@ interactions:
ParameterSetName:
- -n -g
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002?api-version=2019-09-01
response:
body:
- string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-11T21:58:24.3085051Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-11T21:58:30.0061836Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"f1a8f5f8-fb5a-4a6d-b60c-7d456b7713a4","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000002","location":"westus"}'
+ string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T21:50:43.6673632Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T21:50:51.4525135Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"a4929873-192d-49c4-8b84-e78e9c44381a","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000002","location":"westus"}'
headers:
cache-control:
- no-cache
@@ -471,7 +471,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:58:30 GMT
+ - Fri, 06 Dec 2019 21:50:51 GMT
expires:
- '-1'
pragma:
@@ -501,15 +501,15 @@ interactions:
ParameterSetName:
- -n -g
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002?api-version=2019-09-01
response:
body:
- string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-11T21:58:24.3085051Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-11T21:58:30.0061836Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"f1a8f5f8-fb5a-4a6d-b60c-7d456b7713a4","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000002","location":"westus"}'
+ string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T21:50:43.6673632Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T21:50:51.4525135Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"a4929873-192d-49c4-8b84-e78e9c44381a","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000002","location":"westus"}'
headers:
cache-control:
- no-cache
@@ -518,7 +518,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:58:30 GMT
+ - Fri, 06 Dec 2019 21:50:53 GMT
expires:
- '-1'
pragma:
@@ -537,9 +537,9 @@ interactions:
- request:
body: 'b''{"properties": {"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d",
"scope": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001",
- "metadata": {"createdBy": "327c26bf-bf3e-4128-9b75-fbbd99e98739", "createdOn":
- "2019-09-11T21:58:24.3085051Z", "updatedBy": "327c26bf-bf3e-4128-9b75-fbbd99e98739",
- "updatedOn": "2019-09-11T21:58:30.0061836Z"}, "enforcementMode": "DoNotEnforce"},
+ "metadata": {"createdBy": "7140c269-e408-47a5-a626-a1d836b96883", "createdOn":
+ "2019-12-06T21:50:43.6673632Z", "updatedBy": "7140c269-e408-47a5-a626-a1d836b96883",
+ "updatedOn": "2019-12-06T21:50:51.4525135Z"}, "enforcementMode": "DoNotEnforce"},
"sku": {"name": "A0", "tier": "Free"}, "location": "westus", "identity": {"type":
"None"}}'''
headers:
@@ -558,24 +558,24 @@ interactions:
ParameterSetName:
- -n -g
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002?api-version=2019-09-01
response:
body:
- string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-11T21:58:24.3085051Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-11T21:58:32.779779Z"},"enforcementMode":"DoNotEnforce"},"identity":{"type":"None"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000002","location":"westus"}'
+ string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T21:50:43.6673632Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T21:50:54.9066072Z"},"enforcementMode":"DoNotEnforce"},"identity":{"type":"None"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000002","location":"westus"}'
headers:
cache-control:
- no-cache
content-length:
- - '940'
+ - '941'
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:58:32 GMT
+ - Fri, 06 Dec 2019 21:50:54 GMT
expires:
- '-1'
pragma:
@@ -585,7 +585,7 @@ interactions:
x-content-type-options:
- nosniff
x-ms-ratelimit-remaining-subscription-writes:
- - '1199'
+ - '1197'
status:
code: 201
message: Created
@@ -603,12 +603,12 @@ interactions:
ParameterSetName:
- --policy -n -g --location --assign-identity --identity-scope --role
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
@@ -621,7 +621,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:58:33 GMT
+ - Fri, 06 Dec 2019 21:50:55 GMT
expires:
- '-1'
pragma:
@@ -647,12 +647,12 @@ interactions:
ParameterSetName:
- --policy -n -g --location --assign-identity --identity-scope --role
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d?api-version=2019-09-01
response:
body:
string: '{"properties":{"displayName":"Audit VMs that do not use managed disks","policyType":"BuiltIn","mode":"All","description":"This
@@ -665,7 +665,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:58:33 GMT
+ - Fri, 06 Dec 2019 21:50:55 GMT
expires:
- '-1'
pragma:
@@ -702,15 +702,15 @@ interactions:
ParameterSetName:
- --policy -n -g --location --assign-identity --identity-scope --role
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002?api-version=2019-09-01
response:
body:
- string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-11T21:58:24.3085051Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-11T21:58:35.4596324Z"},"enforcementMode":"Default"},"identity":{"principalId":"0b027d6b-c21d-4bb8-b0d2-5b94b5c075d1","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000002","location":"westus"}'
+ string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T21:50:43.6673632Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T21:50:58.4925025Z"},"enforcementMode":"Default"},"identity":{"principalId":"dd1f4229-1d63-4f21-a902-d80d5c791f70","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000002","location":"westus"}'
headers:
cache-control:
- no-cache
@@ -719,7 +719,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:58:35 GMT
+ - Fri, 06 Dec 2019 21:50:58 GMT
expires:
- '-1'
pragma:
@@ -729,7 +729,7 @@ interactions:
x-content-type-options:
- nosniff
x-ms-ratelimit-remaining-subscription-writes:
- - '1198'
+ - '1199'
status:
code: 201
message: Created
@@ -747,8 +747,8 @@ interactions:
ParameterSetName:
- --policy -n -g --location --assign-identity --identity-scope --role
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-authorization/0.52.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-authorization/0.52.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
@@ -765,13 +765,13 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:58:35 GMT
+ - Fri, 06 Dec 2019 21:50:58 GMT
expires:
- '-1'
pragma:
- no-cache
set-cookie:
- - x-ms-gateway-slice=Production; path=/; secure; HttpOnly
+ - x-ms-gateway-slice=Production; path=/; SameSite=None; secure; HttpOnly
strict-transport-security:
- max-age=31536000; includeSubDomains
transfer-encoding:
@@ -787,115 +787,7 @@ interactions:
message: OK
- request:
body: '{"properties": {"roleDefinitionId": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7",
- "principalId": "0b027d6b-c21d-4bb8-b0d2-5b94b5c075d1"}}'
- headers:
- Accept:
- - application/json
- Accept-Encoding:
- - gzip, deflate
- CommandName:
- - policy assignment create
- Connection:
- - keep-alive
- Content-Length:
- - '233'
- Content-Type:
- - application/json; charset=utf-8
- ParameterSetName:
- - --policy -n -g --location --assign-identity --identity-scope --role
- User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-authorization/0.52.0
- Azure-SDK-For-Python AZURECLI/2.0.72
- accept-language:
- - en-US
- method: PUT
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/roleAssignments/88888888-0000-0000-0000-000000000001?api-version=2018-09-01-preview
- response:
- body:
- string: '{"error":{"code":"PrincipalNotFound","message":"Principal 0b027d6bc21d4bb8b0d25b94b5c075d1
- does not exist in the directory 72f988bf-86f1-41af-91ab-2d7cd011db47."}}'
- headers:
- cache-control:
- - no-cache
- content-length:
- - '163'
- content-type:
- - application/json; charset=utf-8
- date:
- - Wed, 11 Sep 2019 21:58:35 GMT
- expires:
- - '-1'
- pragma:
- - no-cache
- set-cookie:
- - x-ms-gateway-slice=Production; path=/; secure; HttpOnly
- strict-transport-security:
- - max-age=31536000; includeSubDomains
- x-content-type-options:
- - nosniff
- x-ms-ratelimit-remaining-subscription-writes:
- - '1199'
- status:
- code: 400
- message: Bad Request
-- request:
- body: '{"properties": {"roleDefinitionId": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7",
- "principalId": "0b027d6b-c21d-4bb8-b0d2-5b94b5c075d1"}}'
- headers:
- Accept:
- - application/json
- Accept-Encoding:
- - gzip, deflate
- CommandName:
- - policy assignment create
- Connection:
- - keep-alive
- Content-Length:
- - '233'
- Content-Type:
- - application/json; charset=utf-8
- Cookie:
- - x-ms-gateway-slice=Production
- ParameterSetName:
- - --policy -n -g --location --assign-identity --identity-scope --role
- User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-authorization/0.52.0
- Azure-SDK-For-Python AZURECLI/2.0.72
- accept-language:
- - en-US
- method: PUT
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/roleAssignments/88888888-0000-0000-0000-000000000001?api-version=2018-09-01-preview
- response:
- body:
- string: '{"error":{"code":"PrincipalNotFound","message":"Principal 0b027d6bc21d4bb8b0d25b94b5c075d1
- does not exist in the directory 72f988bf-86f1-41af-91ab-2d7cd011db47."}}'
- headers:
- cache-control:
- - no-cache
- content-length:
- - '163'
- content-type:
- - application/json; charset=utf-8
- date:
- - Wed, 11 Sep 2019 21:58:41 GMT
- expires:
- - '-1'
- pragma:
- - no-cache
- set-cookie:
- - x-ms-gateway-slice=Production; path=/; secure; HttpOnly
- strict-transport-security:
- - max-age=31536000; includeSubDomains
- x-content-type-options:
- - nosniff
- x-ms-ratelimit-remaining-subscription-writes:
- - '1199'
- status:
- code: 400
- message: Bad Request
-- request:
- body: '{"properties": {"roleDefinitionId": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7",
- "principalId": "0b027d6b-c21d-4bb8-b0d2-5b94b5c075d1"}}'
+ "principalId": "dd1f4229-1d63-4f21-a902-d80d5c791f70"}}'
headers:
Accept:
- application/json
@@ -909,20 +801,18 @@ interactions:
- '233'
Content-Type:
- application/json; charset=utf-8
- Cookie:
- - x-ms-gateway-slice=Production
ParameterSetName:
- --policy -n -g --location --assign-identity --identity-scope --role
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-authorization/0.52.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-authorization/0.52.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/roleAssignments/88888888-0000-0000-0000-000000000001?api-version=2018-09-01-preview
response:
body:
- string: '{"error":{"code":"PrincipalNotFound","message":"Principal 0b027d6bc21d4bb8b0d25b94b5c075d1
+ string: '{"error":{"code":"PrincipalNotFound","message":"Principal dd1f42291d634f21a902d80d5c791f70
does not exist in the directory 72f988bf-86f1-41af-91ab-2d7cd011db47."}}'
headers:
cache-control:
@@ -932,68 +822,13 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:58:47 GMT
+ - Fri, 06 Dec 2019 21:51:00 GMT
expires:
- '-1'
pragma:
- no-cache
set-cookie:
- - x-ms-gateway-slice=Production; path=/; secure; HttpOnly
- strict-transport-security:
- - max-age=31536000; includeSubDomains
- x-content-type-options:
- - nosniff
- x-ms-ratelimit-remaining-subscription-writes:
- - '1197'
- status:
- code: 400
- message: Bad Request
-- request:
- body: '{"properties": {"roleDefinitionId": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7",
- "principalId": "0b027d6b-c21d-4bb8-b0d2-5b94b5c075d1"}}'
- headers:
- Accept:
- - application/json
- Accept-Encoding:
- - gzip, deflate
- CommandName:
- - policy assignment create
- Connection:
- - keep-alive
- Content-Length:
- - '233'
- Content-Type:
- - application/json; charset=utf-8
- Cookie:
- - x-ms-gateway-slice=Production
- ParameterSetName:
- - --policy -n -g --location --assign-identity --identity-scope --role
- User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-authorization/0.52.0
- Azure-SDK-For-Python AZURECLI/2.0.72
- accept-language:
- - en-US
- method: PUT
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/roleAssignments/88888888-0000-0000-0000-000000000001?api-version=2018-09-01-preview
- response:
- body:
- string: '{"error":{"code":"PrincipalNotFound","message":"Principal 0b027d6bc21d4bb8b0d25b94b5c075d1
- does not exist in the directory 72f988bf-86f1-41af-91ab-2d7cd011db47."}}'
- headers:
- cache-control:
- - no-cache
- content-length:
- - '163'
- content-type:
- - application/json; charset=utf-8
- date:
- - Wed, 11 Sep 2019 21:58:52 GMT
- expires:
- - '-1'
- pragma:
- - no-cache
- set-cookie:
- - x-ms-gateway-slice=Production; path=/; secure; HttpOnly
+ - x-ms-gateway-slice=Production; path=/; SameSite=None; secure; HttpOnly
strict-transport-security:
- max-age=31536000; includeSubDomains
x-content-type-options:
@@ -1005,7 +840,7 @@ interactions:
message: Bad Request
- request:
body: '{"properties": {"roleDefinitionId": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7",
- "principalId": "0b027d6b-c21d-4bb8-b0d2-5b94b5c075d1"}}'
+ "principalId": "dd1f4229-1d63-4f21-a902-d80d5c791f70"}}'
headers:
Accept:
- application/json
@@ -1024,15 +859,15 @@ interactions:
ParameterSetName:
- --policy -n -g --location --assign-identity --identity-scope --role
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-authorization/0.52.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-authorization/0.52.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/roleAssignments/88888888-0000-0000-0000-000000000001?api-version=2018-09-01-preview
response:
body:
- string: '{"error":{"code":"PrincipalNotFound","message":"Principal 0b027d6bc21d4bb8b0d25b94b5c075d1
+ string: '{"error":{"code":"PrincipalNotFound","message":"Principal dd1f42291d634f21a902d80d5c791f70
does not exist in the directory 72f988bf-86f1-41af-91ab-2d7cd011db47."}}'
headers:
cache-control:
@@ -1042,117 +877,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:58:57 GMT
- expires:
- - '-1'
- pragma:
- - no-cache
- set-cookie:
- - x-ms-gateway-slice=Production; path=/; secure; HttpOnly
- strict-transport-security:
- - max-age=31536000; includeSubDomains
- x-content-type-options:
- - nosniff
- x-ms-ratelimit-remaining-subscription-writes:
- - '1199'
- status:
- code: 400
- message: Bad Request
-- request:
- body: '{"properties": {"roleDefinitionId": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7",
- "principalId": "0b027d6b-c21d-4bb8-b0d2-5b94b5c075d1"}}'
- headers:
- Accept:
- - application/json
- Accept-Encoding:
- - gzip, deflate
- CommandName:
- - policy assignment create
- Connection:
- - keep-alive
- Content-Length:
- - '233'
- Content-Type:
- - application/json; charset=utf-8
- Cookie:
- - x-ms-gateway-slice=Production
- ParameterSetName:
- - --policy -n -g --location --assign-identity --identity-scope --role
- User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-authorization/0.52.0
- Azure-SDK-For-Python AZURECLI/2.0.72
- accept-language:
- - en-US
- method: PUT
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/roleAssignments/88888888-0000-0000-0000-000000000001?api-version=2018-09-01-preview
- response:
- body:
- string: '{"error":{"code":"PrincipalNotFound","message":"Principal 0b027d6bc21d4bb8b0d25b94b5c075d1
- does not exist in the directory 72f988bf-86f1-41af-91ab-2d7cd011db47."}}'
- headers:
- cache-control:
- - no-cache
- content-length:
- - '163'
- content-type:
- - application/json; charset=utf-8
- date:
- - Wed, 11 Sep 2019 21:59:03 GMT
- expires:
- - '-1'
- pragma:
- - no-cache
- set-cookie:
- - x-ms-gateway-slice=Production; path=/; secure; HttpOnly
- strict-transport-security:
- - max-age=31536000; includeSubDomains
- x-content-type-options:
- - nosniff
- x-ms-ratelimit-remaining-subscription-writes:
- - '1199'
- status:
- code: 400
- message: Bad Request
-- request:
- body: '{"properties": {"roleDefinitionId": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7",
- "principalId": "0b027d6b-c21d-4bb8-b0d2-5b94b5c075d1"}}'
- headers:
- Accept:
- - application/json
- Accept-Encoding:
- - gzip, deflate
- CommandName:
- - policy assignment create
- Connection:
- - keep-alive
- Content-Length:
- - '233'
- Content-Type:
- - application/json; charset=utf-8
- Cookie:
- - x-ms-gateway-slice=Production
- ParameterSetName:
- - --policy -n -g --location --assign-identity --identity-scope --role
- User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-authorization/0.52.0
- Azure-SDK-For-Python AZURECLI/2.0.72
- accept-language:
- - en-US
- method: PUT
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/roleAssignments/88888888-0000-0000-0000-000000000001?api-version=2018-09-01-preview
- response:
- body:
- string: '{"error":{"code":"PrincipalNotFound","message":"Principal 0b027d6bc21d4bb8b0d25b94b5c075d1
- does not exist in the directory 72f988bf-86f1-41af-91ab-2d7cd011db47."}}'
- headers:
- cache-control:
- - no-cache
- content-length:
- - '163'
- content-type:
- - application/json; charset=utf-8
- date:
- - Wed, 11 Sep 2019 21:59:09 GMT
+ - Fri, 06 Dec 2019 21:51:07 GMT
expires:
- '-1'
pragma:
@@ -1170,7 +895,7 @@ interactions:
message: Bad Request
- request:
body: '{"properties": {"roleDefinitionId": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7",
- "principalId": "0b027d6b-c21d-4bb8-b0d2-5b94b5c075d1"}}'
+ "principalId": "dd1f4229-1d63-4f21-a902-d80d5c791f70"}}'
headers:
Accept:
- application/json
@@ -1189,15 +914,15 @@ interactions:
ParameterSetName:
- --policy -n -g --location --assign-identity --identity-scope --role
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-authorization/0.52.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-authorization/0.52.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/roleAssignments/88888888-0000-0000-0000-000000000001?api-version=2018-09-01-preview
response:
body:
- string: '{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7","principalId":"0b027d6b-c21d-4bb8-b0d2-5b94b5c075d1","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001","createdOn":"2019-09-11T21:59:15.2238424Z","updatedOn":"2019-09-11T21:59:15.2238424Z","createdBy":null,"updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/roleAssignments/88888888-0000-0000-0000-000000000001","type":"Microsoft.Authorization/roleAssignments","name":"88888888-0000-0000-0000-000000000001"}'
+ string: '{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7","principalId":"dd1f4229-1d63-4f21-a902-d80d5c791f70","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001","createdOn":"2019-12-06T21:51:13.0258267Z","updatedOn":"2019-12-06T21:51:13.0258267Z","createdBy":null,"updatedBy":"7140c269-e408-47a5-a626-a1d836b96883"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/roleAssignments/88888888-0000-0000-0000-000000000001","type":"Microsoft.Authorization/roleAssignments","name":"88888888-0000-0000-0000-000000000001"}'
headers:
cache-control:
- no-cache
@@ -1206,7 +931,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:59:16 GMT
+ - Fri, 06 Dec 2019 21:51:13 GMT
expires:
- '-1'
pragma:
@@ -1220,7 +945,7 @@ interactions:
x-ms-ratelimit-remaining-subscription-writes:
- '1199'
x-ms-request-charge:
- - '2'
+ - '1'
status:
code: 201
message: Created
@@ -1238,30 +963,30 @@ interactions:
ParameterSetName:
- --resource-group --role
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-authorization/0.52.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-authorization/0.52.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/roleAssignments?$filter=atScope%28%29&api-version=2018-09-01-preview
response:
body:
- string: '{"value":[{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7","principalId":"0b027d6b-c21d-4bb8-b0d2-5b94b5c075d1","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001","createdOn":"2019-09-11T21:59:16.1586348Z","updatedOn":"2019-09-11T21:59:16.1586348Z","createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/roleAssignments/88888888-0000-0000-0000-000000000001","type":"Microsoft.Authorization/roleAssignments","name":"88888888-0000-0000-0000-000000000001"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3","principalId":"4a507e4a-7924-4e4b-b1c8-d9262d8136bc","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-08-05T23:39:09.5294379Z","updatedOn":"2019-08-05T23:39:09.5294379Z","createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/fcbe1eaa-0ebd-47fa-be94-9f7a1113818e","type":"Microsoft.Authorization/roleAssignments","name":"fcbe1eaa-0ebd-47fa-be94-9f7a1113818e"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3","principalId":"64f2ce47-849a-4587-afb3-3dc011037096","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-08-05T23:38:51.8741350Z","updatedOn":"2019-08-05T23:38:51.8741350Z","createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/fcbe1eaa-0ebd-47fa-be94-9f7a11138188","type":"Microsoft.Authorization/roleAssignments","name":"fcbe1eaa-0ebd-47fa-be94-9f7a11138188"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3","principalId":"95e2781a-2ad5-455a-8000-02acdb0ee77d","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-08-27T17:20:38.1844619Z","updatedOn":"2019-08-27T17:20:38.1844619Z","createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/29044f17-dbcd-4ff8-9508-9e76dd7d7eed","type":"Microsoft.Authorization/roleAssignments","name":"29044f17-dbcd-4ff8-9508-9e76dd7d7eed"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab","principalId":"4a507e4a-7924-4e4b-b1c8-d9262d8136bc","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-08-05T23:39:09.5906916Z","updatedOn":"2019-08-05T23:39:09.5906916Z","createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/fcbe1eaa-0ebd-47fa-be94-9f7a1113818f","type":"Microsoft.Authorization/roleAssignments","name":"fcbe1eaa-0ebd-47fa-be94-9f7a1113818f"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab","principalId":"64f2ce47-849a-4587-afb3-3dc011037096","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-08-05T23:38:51.8708446Z","updatedOn":"2019-08-05T23:38:51.8708446Z","createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/fcbe1eaa-0ebd-47fa-be94-9f7a11138189","type":"Microsoft.Authorization/roleAssignments","name":"fcbe1eaa-0ebd-47fa-be94-9f7a11138189"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab","principalId":"95e2781a-2ad5-455a-8000-02acdb0ee77d","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-08-27T17:20:38.1794616Z","updatedOn":"2019-08-27T17:20:38.1794616Z","createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/29044f17-dbcd-4ff8-9508-9e76dd7d7eee","type":"Microsoft.Authorization/roleAssignments","name":"29044f17-dbcd-4ff8-9508-9e76dd7d7eee"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/43d0d8ad-25c7-4714-9337-8ba259a9fe05","principalId":"5289bf2b-79f3-4c31-8d60-db42c3fd002a","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-01-10T21:47:58.8457396Z","updatedOn":"2019-01-10T21:47:58.8457396Z","createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/1f9763ab-2fc2-4bb3-840f-69f3e5e1695c","type":"Microsoft.Authorization/roleAssignments","name":"1f9763ab-2fc2-4bb3-840f-69f3e5e1695c"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635","principalId":"327c26bf-bf3e-4128-9b75-fbbd99e98739","principalType":"User","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-09-06T22:27:35.0610579Z","updatedOn":"2019-09-06T22:27:35.0610579Z","createdBy":"904fca91-c07a-4528-ac9c-e9496c36d9ef","updatedBy":"904fca91-c07a-4528-ac9c-e9496c36d9ef"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/80f18826-a049-4362-88d8-ac8dd359c32f","type":"Microsoft.Authorization/roleAssignments","name":"80f18826-a049-4362-88d8-ac8dd359c32f"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635","principalId":"904fca91-c07a-4528-ac9c-e9496c36d9ef","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-06-01T00:34:11.9538518Z","updatedOn":"2019-06-01T00:34:11.9538518Z","createdBy":"b8890a11-51b6-457d-99f0-b36fde28fa4f","updatedBy":"b8890a11-51b6-457d-99f0-b36fde28fa4f"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/579d88be-96cb-4410-8a58-8e335e43c59c","type":"Microsoft.Authorization/roleAssignments","name":"579d88be-96cb-4410-8a58-8e335e43c59c"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7","principalId":"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e","principalType":"User","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2018-04-04T19:51:52.6581071Z","updatedOn":"2018-04-04T19:51:52.6581071Z","createdBy":"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e","updatedBy":"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/6cd3d2cb-7065-4e32-9e3b-826797d0c09a","type":"Microsoft.Authorization/roleAssignments","name":"6cd3d2cb-7065-4e32-9e3b-826797d0c09a"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7","principalId":"5c617d2b-99f8-4c90-98fe-dfe040fa33c1","principalType":"ServicePrincipal","scope":"/","createdOn":"2018-02-27T19:19:50.2663941Z","updatedOn":"2018-02-27T19:19:50.2663941Z","createdBy":null,"updatedBy":null},"id":"/providers/Microsoft.Authorization/roleAssignments/3e883d24-b106-42ff-ad13-d7bf271b964d","type":"Microsoft.Authorization/roleAssignments","name":"3e883d24-b106-42ff-ad13-d7bf271b964d"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635","principalId":"0dc80135-ae53-4da3-8695-220a2d93aad8","principalType":"User","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","createdOn":"2018-09-10T17:13:24.7776684Z","updatedOn":"2018-09-10T17:13:24.7776684Z","createdBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","updatedBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/roleAssignments/273e1317-f5a2-469f-ae30-79ae57cd22ec","type":"Microsoft.Authorization/roleAssignments","name":"273e1317-f5a2-469f-ae30-79ae57cd22ec"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635","principalId":"327c26bf-bf3e-4128-9b75-fbbd99e98739","principalType":"User","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","createdOn":"2019-01-10T22:02:45.1345439Z","updatedOn":"2019-01-10T22:02:45.1345439Z","createdBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","updatedBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/roleAssignments/75ee36e5-f1d4-4bc7-859d-c7c2afad0117","type":"Microsoft.Authorization/roleAssignments","name":"75ee36e5-f1d4-4bc7-859d-c7c2afad0117"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635","principalId":"36e2f355-d2e2-4fbc-88ab-4281639dff94","principalType":"User","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","createdOn":"2019-08-05T22:34:29.0414452Z","updatedOn":"2019-08-05T22:34:29.0414452Z","createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/roleAssignments/ba87531b-7c7c-4aec-b5d8-2793653616f1","type":"Microsoft.Authorization/roleAssignments","name":"ba87531b-7c7c-4aec-b5d8-2793653616f1"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635","principalId":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","principalType":"User","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","createdOn":"2018-12-04T20:58:25.1746132Z","updatedOn":"2018-12-04T20:58:25.1746132Z","createdBy":"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e","updatedBy":"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/roleAssignments/49ba2f4a-3b4e-4145-b1d9-302ec841dfff","type":"Microsoft.Authorization/roleAssignments","name":"49ba2f4a-3b4e-4145-b1d9-302ec841dfff"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"141fb5c0-e620-44a7-b52a-98ead875e310","principalType":"User","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","createdOn":"2019-06-05T21:48:08.9580161Z","updatedOn":"2019-06-05T21:48:08.9580161Z","createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/roleAssignments/0950a63d-4756-49d3-8b06-fa95427ba8ab","type":"Microsoft.Authorization/roleAssignments","name":"0950a63d-4756-49d3-8b06-fa95427ba8ab"}]}'
+ string: '{"value":[{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7","principalId":"dd1f4229-1d63-4f21-a902-d80d5c791f70","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001","createdOn":"2019-12-06T21:51:13.7524750Z","updatedOn":"2019-12-06T21:51:13.7524750Z","createdBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/roleAssignments/88888888-0000-0000-0000-000000000001","type":"Microsoft.Authorization/roleAssignments","name":"88888888-0000-0000-0000-000000000001"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635","principalId":"36e2f355-d2e2-4fbc-88ab-4281639dff94","principalType":"User","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-12-02T17:28:19.2649309Z","updatedOn":"2019-12-02T17:28:19.2649309Z","createdBy":"904fca91-c07a-4528-ac9c-e9496c36d9ef","updatedBy":"904fca91-c07a-4528-ac9c-e9496c36d9ef"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/5e5b1036-a57c-4e6a-8aa2-3056bfe0570a","type":"Microsoft.Authorization/roleAssignments","name":"5e5b1036-a57c-4e6a-8aa2-3056bfe0570a"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635","principalId":"7140c269-e408-47a5-a626-a1d836b96883","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-11-21T00:21:36.3928810Z","updatedOn":"2019-11-21T00:21:36.3928810Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/e931be27-8f07-47bf-b997-5c6a5733d832","type":"Microsoft.Authorization/roleAssignments","name":"e931be27-8f07-47bf-b997-5c6a5733d832"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635","principalId":"904fca91-c07a-4528-ac9c-e9496c36d9ef","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-05-31T23:18:13.9633903Z","updatedOn":"2019-05-31T23:18:13.9633903Z","createdBy":"b8890a11-51b6-457d-99f0-b36fde28fa4f","updatedBy":"b8890a11-51b6-457d-99f0-b36fde28fa4f"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/d93a6a84-ba15-406d-829f-c0b89e6d18fb","type":"Microsoft.Authorization/roleAssignments","name":"d93a6a84-ba15-406d-829f-c0b89e6d18fb"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"251ceddb-6696-442f-85ba-392108eab6cd","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-11-12T00:00:26.7456674Z","updatedOn":"2019-11-12T00:00:26.7456674Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/0473b15a-2a1d-49d7-9782-7ab696b0c35c","type":"Microsoft.Authorization/roleAssignments","name":"0473b15a-2a1d-49d7-9782-7ab696b0c35c"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"32b46ca4-3db8-43dc-9203-30391ed9221e","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-08-06T13:59:51.7599283Z","updatedOn":"2019-08-06T13:59:51.7599283Z","createdBy":"0dc80135-ae53-4da3-8695-220a2d93aad8","updatedBy":"0dc80135-ae53-4da3-8695-220a2d93aad8"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/184bb79b-51fa-4e2e-a8f0-4063df1c91bc","type":"Microsoft.Authorization/roleAssignments","name":"184bb79b-51fa-4e2e-a8f0-4063df1c91bc"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"3963de89-a6e2-4dbf-914b-0fa406a93acc","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-11-20T19:51:33.3764874Z","updatedOn":"2019-11-20T19:51:33.3764874Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/ddbad8cb-6331-43ca-9b13-99b4d1defa45","type":"Microsoft.Authorization/roleAssignments","name":"ddbad8cb-6331-43ca-9b13-99b4d1defa45"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"48036e81-a2af-4e6c-9624-4908615cc36d","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-11-11T22:00:43.0105980Z","updatedOn":"2019-11-11T22:00:43.0105980Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/293789eb-75c2-4d3e-aabb-9dd1c3235365","type":"Microsoft.Authorization/roleAssignments","name":"293789eb-75c2-4d3e-aabb-9dd1c3235365"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"52018bb5-d55b-4981-9e28-6561993b891f","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-11-20T22:21:37.9215384Z","updatedOn":"2019-11-20T22:21:37.9215384Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/1692db3e-f6ef-4956-a7f8-7a26bcc8e6ce","type":"Microsoft.Authorization/roleAssignments","name":"1692db3e-f6ef-4956-a7f8-7a26bcc8e6ce"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"647f8596-2369-4988-a444-5ef7ed0bdc08","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-10-31T21:26:49.4889195Z","updatedOn":"2019-10-31T21:26:49.4889195Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/c2111c6c-e625-42b8-971b-ea4b80c8b0cb","type":"Microsoft.Authorization/roleAssignments","name":"c2111c6c-e625-42b8-971b-ea4b80c8b0cb"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"670a0604-32d9-44a5-b18e-afc95e4c3b42","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-11-05T18:57:24.2053253Z","updatedOn":"2019-11-05T18:57:24.2053253Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/a102996d-2873-4dfc-ae46-ab874c69a6db","type":"Microsoft.Authorization/roleAssignments","name":"a102996d-2873-4dfc-ae46-ab874c69a6db"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"6b4fa280-ebc5-4491-92d6-a993f22d3832","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-11-05T18:56:31.7536098Z","updatedOn":"2019-11-05T18:56:31.7536098Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/a102996d-2873-4dfc-ae46-ab874c69a6d5","type":"Microsoft.Authorization/roleAssignments","name":"a102996d-2873-4dfc-ae46-ab874c69a6d5"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"6ce407d2-3f01-403e-8bb9-a4d8ff959e87","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-11-11T21:59:58.4957035Z","updatedOn":"2019-11-11T21:59:58.4957035Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/293789eb-75c2-4d3e-aabb-9dd1c3235360","type":"Microsoft.Authorization/roleAssignments","name":"293789eb-75c2-4d3e-aabb-9dd1c3235360"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"6f579e8c-443d-4932-8fa7-00a888a6e4b4","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-11-20T19:48:24.6596159Z","updatedOn":"2019-11-20T19:48:24.6596159Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/ddbad8cb-6331-43ca-9b13-99b4d1def372","type":"Microsoft.Authorization/roleAssignments","name":"ddbad8cb-6331-43ca-9b13-99b4d1def372"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"81c20a45-4f13-45f0-9ced-b2daedac5636","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-11-05T18:54:02.6500420Z","updatedOn":"2019-11-05T18:54:02.6500420Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/a102996d-2873-4dfc-ae46-ab874c69a36f","type":"Microsoft.Authorization/roleAssignments","name":"a102996d-2873-4dfc-ae46-ab874c69a36f"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"827038e7-cb6c-4fec-b6ac-ba21fed2eadb","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-11-06T17:58:06.5153444Z","updatedOn":"2019-11-06T17:58:06.5153444Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/fc2ff254-b71f-4fbf-8595-af076c8e36c6","type":"Microsoft.Authorization/roleAssignments","name":"fc2ff254-b71f-4fbf-8595-af076c8e36c6"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"8b9d526a-9e43-4d1b-8bfe-cfe4d90f3b58","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-11-21T00:29:10.5484201Z","updatedOn":"2019-11-21T00:29:10.5484201Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/270f0d11-af30-4c15-95f7-28ba884518f5","type":"Microsoft.Authorization/roleAssignments","name":"270f0d11-af30-4c15-95f7-28ba884518f5"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"91331681-b5c9-4ce9-b968-82ad444690b3","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-11-05T18:57:46.2302487Z","updatedOn":"2019-11-05T18:57:46.2302487Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/a102996d-2873-4dfc-ae46-ab874c69a6e0","type":"Microsoft.Authorization/roleAssignments","name":"a102996d-2873-4dfc-ae46-ab874c69a6e0"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"9e949436-a38a-4cde-8e15-4304073650fb","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-11-05T19:03:21.0923852Z","updatedOn":"2019-11-05T19:03:21.0923852Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/a102996d-2873-4dfc-ae46-ab874c69aa4f","type":"Microsoft.Authorization/roleAssignments","name":"a102996d-2873-4dfc-ae46-ab874c69aa4f"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"9f6b0b38-d4b1-43d7-9ec8-4905306fe6fa","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-11-06T23:26:57.7873622Z","updatedOn":"2019-11-06T23:26:57.7873622Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/21c95410-09fb-4c9d-a65d-b0371b932401","type":"Microsoft.Authorization/roleAssignments","name":"21c95410-09fb-4c9d-a65d-b0371b932401"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"a612b2da-d891-48bd-94d3-2f15ca98b89f","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-11-05T18:58:22.9185374Z","updatedOn":"2019-11-05T18:58:22.9185374Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/a102996d-2873-4dfc-ae46-ab874c69aa41","type":"Microsoft.Authorization/roleAssignments","name":"a102996d-2873-4dfc-ae46-ab874c69aa41"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"bb4e9cd1-f508-4784-a374-4e9e46c83140","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-11-05T18:52:33.8624038Z","updatedOn":"2019-11-05T18:52:33.8624038Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/a102996d-2873-4dfc-ae46-ab874c69a008","type":"Microsoft.Authorization/roleAssignments","name":"a102996d-2873-4dfc-ae46-ab874c69a008"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"c7519ca7-0d79-4b0f-af0b-0a4cfe3402d0","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-11-20T22:11:27.9133892Z","updatedOn":"2019-11-20T22:11:27.9133892Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/b7e76e4f-2095-46c4-858b-8fcf80d52c7c","type":"Microsoft.Authorization/roleAssignments","name":"b7e76e4f-2095-46c4-858b-8fcf80d52c7c"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"dd40a1fa-e606-4f59-99e4-d21f640b5522","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-11-05T19:01:34.1126842Z","updatedOn":"2019-11-05T19:01:34.1126842Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/a102996d-2873-4dfc-ae46-ab874c69aa47","type":"Microsoft.Authorization/roleAssignments","name":"a102996d-2873-4dfc-ae46-ab874c69aa47"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"ee6af347-6b68-404f-bde1-7c76c2d8dca0","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-11-12T00:09:30.4207845Z","updatedOn":"2019-11-12T00:09:30.4207845Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/0473b15a-2a1d-49d7-9782-7ab696b0c6bc","type":"Microsoft.Authorization/roleAssignments","name":"0473b15a-2a1d-49d7-9782-7ab696b0c6bc"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"f853f01d-b28c-4004-8bd2-bcc6a55b3480","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-11-05T18:55:50.5869802Z","updatedOn":"2019-11-05T18:55:50.5869802Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/a102996d-2873-4dfc-ae46-ab874c69a6d0","type":"Microsoft.Authorization/roleAssignments","name":"a102996d-2873-4dfc-ae46-ab874c69a6d0"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/f25e0fa2-a7c8-4377-a976-54943a77a395","principalId":"4cf3d5b2-d184-43ae-a61f-89f6bc9296f1","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-12-06T00:27:38.2236171Z","updatedOn":"2019-12-06T00:27:38.2236171Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/b378eacf-348f-4220-ba6d-cebd36da9110","type":"Microsoft.Authorization/roleAssignments","name":"b378eacf-348f-4220-ba6d-cebd36da9110"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/f25e0fa2-a7c8-4377-a976-54943a77a395","principalId":"ca0da12b-d6d2-4633-b8af-0841feb68593","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-11-21T17:37:49.8080915Z","updatedOn":"2019-11-21T17:37:49.8080915Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/dc1dedcc-746a-40f3-b421-ab4328682c7b","type":"Microsoft.Authorization/roleAssignments","name":"dc1dedcc-746a-40f3-b421-ab4328682c7b"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/f25e0fa2-a7c8-4377-a976-54943a77a395","principalId":"dfd2385a-7700-420f-b164-bd9ffb52285b","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-11-21T17:43:54.9564973Z","updatedOn":"2019-11-21T17:43:54.9564973Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/78a38c70-5549-49bd-8a16-fe3619e5d911","type":"Microsoft.Authorization/roleAssignments","name":"78a38c70-5549-49bd-8a16-fe3619e5d911"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/f25e0fa2-a7c8-4377-a976-54943a77a395","principalId":"f12ee62c-35e6-45ec-b44b-13587ca23514","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-03-26T00:12:05.3694844Z","updatedOn":"2019-03-26T00:12:05.3694844Z","createdBy":"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e","updatedBy":"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/3863c624-094c-480d-bc42-74970b55e5e6","type":"Microsoft.Authorization/roleAssignments","name":"3863c624-094c-480d-bc42-74970b55e5e6"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7","principalId":"5c617d2b-99f8-4c90-98fe-dfe040fa33c1","principalType":"ServicePrincipal","scope":"/","createdOn":"2018-02-27T19:19:50.2663941Z","updatedOn":"2018-02-27T19:19:50.2663941Z","createdBy":null,"updatedBy":null},"id":"/providers/Microsoft.Authorization/roleAssignments/3e883d24-b106-42ff-ad13-d7bf271b964d","type":"Microsoft.Authorization/roleAssignments","name":"3e883d24-b106-42ff-ad13-d7bf271b964d"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/36243c78-bf99-498c-9df9-86d9f8d28608","principalId":"7140c269-e408-47a5-a626-a1d836b96883","principalType":"ServicePrincipal","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","createdOn":"2019-11-21T18:17:31.7147895Z","updatedOn":"2019-11-21T18:17:31.7147895Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/roleAssignments/b90658a5-be40-4b19-8e32-113491b98453","type":"Microsoft.Authorization/roleAssignments","name":"b90658a5-be40-4b19-8e32-113491b98453"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635","principalId":"0dc80135-ae53-4da3-8695-220a2d93aad8","principalType":"User","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","createdOn":"2018-09-10T17:13:24.7776684Z","updatedOn":"2018-09-10T17:13:24.7776684Z","createdBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","updatedBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/roleAssignments/273e1317-f5a2-469f-ae30-79ae57cd22ec","type":"Microsoft.Authorization/roleAssignments","name":"273e1317-f5a2-469f-ae30-79ae57cd22ec"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635","principalId":"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e","principalType":"User","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","createdOn":"2019-11-07T19:18:00.1798469Z","updatedOn":"2019-11-07T19:18:00.1798469Z","createdBy":"0dc80135-ae53-4da3-8695-220a2d93aad8","updatedBy":"0dc80135-ae53-4da3-8695-220a2d93aad8"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/roleAssignments/3a22899f-d177-45ae-8b8b-119e800a3dc6","type":"Microsoft.Authorization/roleAssignments","name":"3a22899f-d177-45ae-8b8b-119e800a3dc6"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635","principalId":"327c26bf-bf3e-4128-9b75-fbbd99e98739","principalType":"User","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","createdOn":"2019-01-10T22:02:45.1345439Z","updatedOn":"2019-01-10T22:02:45.1345439Z","createdBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","updatedBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/roleAssignments/75ee36e5-f1d4-4bc7-859d-c7c2afad0117","type":"Microsoft.Authorization/roleAssignments","name":"75ee36e5-f1d4-4bc7-859d-c7c2afad0117"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635","principalId":"36e2f355-d2e2-4fbc-88ab-4281639dff94","principalType":"User","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","createdOn":"2019-08-05T22:34:29.0414452Z","updatedOn":"2019-08-05T22:34:29.0414452Z","createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/roleAssignments/ba87531b-7c7c-4aec-b5d8-2793653616f1","type":"Microsoft.Authorization/roleAssignments","name":"ba87531b-7c7c-4aec-b5d8-2793653616f1"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635","principalId":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","principalType":"User","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","createdOn":"2018-12-04T20:58:25.1746132Z","updatedOn":"2018-12-04T20:58:25.1746132Z","createdBy":"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e","updatedBy":"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/roleAssignments/49ba2f4a-3b4e-4145-b1d9-302ec841dfff","type":"Microsoft.Authorization/roleAssignments","name":"49ba2f4a-3b4e-4145-b1d9-302ec841dfff"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635","principalId":"b8890a11-51b6-457d-99f0-b36fde28fa4f","principalType":"User","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","createdOn":"2019-11-07T19:18:01.0739364Z","updatedOn":"2019-11-07T19:18:01.0739364Z","createdBy":"0dc80135-ae53-4da3-8695-220a2d93aad8","updatedBy":"0dc80135-ae53-4da3-8695-220a2d93aad8"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/roleAssignments/dca387fc-991d-421a-9935-1b749061d1fc","type":"Microsoft.Authorization/roleAssignments","name":"dca387fc-991d-421a-9935-1b749061d1fc"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"141fb5c0-e620-44a7-b52a-98ead875e310","principalType":"User","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","createdOn":"2019-06-05T21:48:08.9580161Z","updatedOn":"2019-06-05T21:48:08.9580161Z","createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/roleAssignments/0950a63d-4756-49d3-8b06-fa95427ba8ab","type":"Microsoft.Authorization/roleAssignments","name":"0950a63d-4756-49d3-8b06-fa95427ba8ab"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"7140c269-e408-47a5-a626-a1d836b96883","principalType":"ServicePrincipal","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","createdOn":"2019-11-26T18:32:58.7205502Z","updatedOn":"2019-11-26T18:32:58.7205502Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/roleAssignments/5d5f1cc4-e656-4730-ac8b-257e4edf2fa4","type":"Microsoft.Authorization/roleAssignments","name":"5d5f1cc4-e656-4730-ac8b-257e4edf2fa4"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/f25e0fa2-a7c8-4377-a976-54943a77a395","principalId":"067c1aa0-c425-4ad5-80fe-41d4639b1d42","principalType":"ServicePrincipal","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","createdOn":"2019-11-21T17:44:18.7687874Z","updatedOn":"2019-11-21T17:44:18.7687874Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/roleAssignments/78a38c70-5549-49bd-8a16-fe3619e5d918","type":"Microsoft.Authorization/roleAssignments","name":"78a38c70-5549-49bd-8a16-fe3619e5d918"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/f25e0fa2-a7c8-4377-a976-54943a77a395","principalId":"20c50ab7-70da-40c7-806b-937bf59825b3","principalType":"ServicePrincipal","scope":"/providers/microsoft.management/managementgroups/AzGovPerfTest","createdOn":"2019-12-06T00:27:35.0978012Z","updatedOn":"2019-12-06T00:27:35.0978012Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/providers/microsoft.management/managementgroups/AzGovPerfTest/providers/Microsoft.Authorization/roleAssignments/c973dcac-4ee7-4ee5-ad95-f54de86a0036","type":"Microsoft.Authorization/roleAssignments","name":"c973dcac-4ee7-4ee5-ad95-f54de86a0036"}]}'
headers:
cache-control:
- no-cache
content-length:
- - '12902'
+ - '31922'
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:59:16 GMT
+ - Fri, 06 Dec 2019 21:51:14 GMT
expires:
- '-1'
pragma:
- no-cache
set-cookie:
- - x-ms-gateway-slice=Production; path=/; secure; HttpOnly
+ - x-ms-gateway-slice=Production; path=/; SameSite=None; secure; HttpOnly
strict-transport-security:
- max-age=31536000; includeSubDomains
transfer-encoding:
@@ -1291,8 +1016,8 @@ interactions:
ParameterSetName:
- --resource-group --role
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-authorization/0.52.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-authorization/0.52.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
@@ -1309,7 +1034,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:59:16 GMT
+ - Fri, 06 Dec 2019 21:51:15 GMT
expires:
- '-1'
pragma:
@@ -1345,8 +1070,8 @@ interactions:
ParameterSetName:
- --resource-group --role
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-authorization/0.52.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-authorization/0.52.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
@@ -1383,8 +1108,8 @@ interactions:
pull\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.ContainerRegistry/registries/pull/read\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2018-10-22T19:01:56.8227182Z\",\"updatedOn\":\"2018-11-13T23:22:03.2302457Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/7f951dda-4ed3-4680-a7ca-43fe172d538d\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"7f951dda-4ed3-4680-a7ca-43fe172d538d\"},{\"properties\":{\"roleName\":\"AcrImageSigner\",\"type\":\"BuiltInRole\",\"description\":\"acr
image signer\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.ContainerRegistry/registries/sign/write\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2018-03-15T23:23:08.4038322Z\",\"updatedOn\":\"2018-10-29T19:06:24.9004422Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/6cef56e8-d556-48e5-a04f-b8e64114680f\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"6cef56e8-d556-48e5-a04f-b8e64114680f\"},{\"properties\":{\"roleName\":\"AcrDelete\",\"type\":\"BuiltInRole\",\"description\":\"acr
delete\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.ContainerRegistry/registries/artifacts/delete\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-03-11T20:19:31.6682804Z\",\"updatedOn\":\"2019-03-11T20:24:38.9845104Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"c2f4ef07-c644-48eb-af81-4b1b4947fb11\"},{\"properties\":{\"roleName\":\"AcrQuarantineReader\",\"type\":\"BuiltInRole\",\"description\":\"acr
- quarantine data reader\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.ContainerRegistry/registries/quarantineRead/read\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2018-03-16T00:27:39.9596835Z\",\"updatedOn\":\"2018-10-29T19:16:24.3521233Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/cdda3590-29a3-44f6-95f2-9f980659eb04\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"cdda3590-29a3-44f6-95f2-9f980659eb04\"},{\"properties\":{\"roleName\":\"AcrQuarantineWriter\",\"type\":\"BuiltInRole\",\"description\":\"acr
- quarantine data writer\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.ContainerRegistry/registries/quarantineRead/read\",\"Microsoft.ContainerRegistry/registries/quarantineWrite/write\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2018-03-16T00:26:37.5871820Z\",\"updatedOn\":\"2018-10-29T19:22:29.9285629Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"c8d4ff99-41c3-41a8-9f60-21dfdad59608\"},{\"properties\":{\"roleName\":\"API
+ quarantine data reader\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.ContainerRegistry/registries/quarantine/read\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2018-03-16T00:27:39.9596835Z\",\"updatedOn\":\"2019-10-22T00:12:39.7020930Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/cdda3590-29a3-44f6-95f2-9f980659eb04\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"cdda3590-29a3-44f6-95f2-9f980659eb04\"},{\"properties\":{\"roleName\":\"AcrQuarantineWriter\",\"type\":\"BuiltInRole\",\"description\":\"acr
+ quarantine data writer\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.ContainerRegistry/registries/quarantine/read\",\"Microsoft.ContainerRegistry/registries/quarantine/write\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2018-03-16T00:26:37.5871820Z\",\"updatedOn\":\"2019-10-22T00:10:29.8202164Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"c8d4ff99-41c3-41a8-9f60-21dfdad59608\"},{\"properties\":{\"roleName\":\"API
Management Service Operator Role\",\"type\":\"BuiltInRole\",\"description\":\"Can
manage service but not the APIs\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.ApiManagement/service/*/read\",\"Microsoft.ApiManagement/service/backup/action\",\"Microsoft.ApiManagement/service/delete\",\"Microsoft.ApiManagement/service/managedeployments/action\",\"Microsoft.ApiManagement/service/read\",\"Microsoft.ApiManagement/service/restore/action\",\"Microsoft.ApiManagement/service/updatecertificate/action\",\"Microsoft.ApiManagement/service/updatehostname/action\",\"Microsoft.ApiManagement/service/write\",\"Microsoft.Authorization/*/read\",\"Microsoft.Insights/alertRules/*\",\"Microsoft.ResourceHealth/availabilityStatuses/read\",\"Microsoft.Resources/deployments/*\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Support/*\"],\"notActions\":[\"Microsoft.ApiManagement/service/users/keys/read\"],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2016-11-09T00:03:42.1194019Z\",\"updatedOn\":\"2016-11-18T23:56:25.4682649Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/e022efe7-f5ba-4159-bbe4-b44f577e9b61\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"e022efe7-f5ba-4159-bbe4-b44f577e9b61\"},{\"properties\":{\"roleName\":\"API
Management Service Reader Role\",\"type\":\"BuiltInRole\",\"description\":\"Read-only
@@ -1394,7 +1119,7 @@ interactions:
Insights Snapshot Debugger\",\"type\":\"BuiltInRole\",\"description\":\"Gives
user permission to use Application Insights Snapshot Debugger features\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Authorization/*/read\",\"Microsoft.Insights/alertRules/*\",\"Microsoft.Insights/components/*/read\",\"Microsoft.Resources/deployments/*\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Support/*\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2017-04-19T21:25:12.3728747Z\",\"updatedOn\":\"2017-04-19T23:34:59.9511581Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/08954f03-6346-4c2e-81c0-ec3a5cfae23b\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"08954f03-6346-4c2e-81c0-ec3a5cfae23b\"},{\"properties\":{\"roleName\":\"Attestation
Reader\",\"type\":\"BuiltInRole\",\"description\":\"Can read the attestation
- provider properties\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Attestation/attestationProviders/attestation/read\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-03-25T19:42:59.1576710Z\",\"updatedOn\":\"2019-07-01T17:52:38.9036953Z\",\"createdBy\":null,\"updatedBy\":\"SYSTEM\"},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/fd1bd22b-8476-40bc-a0bc-69b95687b9f3\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"fd1bd22b-8476-40bc-a0bc-69b95687b9f3\"},{\"properties\":{\"roleName\":\"Automation
+ provider properties\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Attestation/attestationProviders/attestation/read\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-03-25T19:42:59.1576710Z\",\"updatedOn\":\"2019-05-10T17:52:38.9036953Z\",\"createdBy\":null,\"updatedBy\":\"SYSTEM\"},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/fd1bd22b-8476-40bc-a0bc-69b95687b9f3\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"fd1bd22b-8476-40bc-a0bc-69b95687b9f3\"},{\"properties\":{\"roleName\":\"Automation
Job Operator\",\"type\":\"BuiltInRole\",\"description\":\"Create and Manage
Jobs using Automation Runbooks.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Authorization/*/read\",\"Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read\",\"Microsoft.Automation/automationAccounts/jobs/read\",\"Microsoft.Automation/automationAccounts/jobs/resume/action\",\"Microsoft.Automation/automationAccounts/jobs/stop/action\",\"Microsoft.Automation/automationAccounts/jobs/streams/read\",\"Microsoft.Automation/automationAccounts/jobs/suspend/action\",\"Microsoft.Automation/automationAccounts/jobs/write\",\"Microsoft.Automation/automationAccounts/jobs/output/read\",\"Microsoft.Insights/alertRules/*\",\"Microsoft.Resources/deployments/*\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Support/*\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2017-04-19T20:52:41.0020018Z\",\"updatedOn\":\"2018-08-14T22:08:48.1147327Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/4fe576fe-1146-4730-92eb-48519fa6bf9f\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"4fe576fe-1146-4730-92eb-48519fa6bf9f\"},{\"properties\":{\"roleName\":\"Automation
Runbook Operator\",\"type\":\"BuiltInRole\",\"description\":\"Read Runbook
@@ -1473,7 +1198,7 @@ interactions:
Labs User\",\"type\":\"BuiltInRole\",\"description\":\"Lets you connect, start,
restart, and shutdown your virtual machines in your Azure DevTest Labs.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Authorization/*/read\",\"Microsoft.Compute/availabilitySets/read\",\"Microsoft.Compute/virtualMachines/*/read\",\"Microsoft.Compute/virtualMachines/deallocate/action\",\"Microsoft.Compute/virtualMachines/read\",\"Microsoft.Compute/virtualMachines/restart/action\",\"Microsoft.Compute/virtualMachines/start/action\",\"Microsoft.DevTestLab/*/read\",\"Microsoft.DevTestLab/labs/claimAnyVm/action\",\"Microsoft.DevTestLab/labs/createEnvironment/action\",\"Microsoft.DevTestLab/labs/ensureCurrentUserProfile/action\",\"Microsoft.DevTestLab/labs/formulas/delete\",\"Microsoft.DevTestLab/labs/formulas/read\",\"Microsoft.DevTestLab/labs/formulas/write\",\"Microsoft.DevTestLab/labs/policySets/evaluatePolicies/action\",\"Microsoft.DevTestLab/labs/virtualMachines/claim/action\",\"Microsoft.DevTestLab/labs/virtualmachines/listApplicableSchedules/action\",\"Microsoft.DevTestLab/labs/virtualMachines/getRdpFileContents/action\",\"Microsoft.Network/loadBalancers/backendAddressPools/join/action\",\"Microsoft.Network/loadBalancers/inboundNatRules/join/action\",\"Microsoft.Network/networkInterfaces/*/read\",\"Microsoft.Network/networkInterfaces/join/action\",\"Microsoft.Network/networkInterfaces/read\",\"Microsoft.Network/networkInterfaces/write\",\"Microsoft.Network/publicIPAddresses/*/read\",\"Microsoft.Network/publicIPAddresses/join/action\",\"Microsoft.Network/publicIPAddresses/read\",\"Microsoft.Network/virtualNetworks/subnets/join/action\",\"Microsoft.Resources/deployments/operations/read\",\"Microsoft.Resources/deployments/read\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Storage/storageAccounts/listKeys/action\"],\"notActions\":[\"Microsoft.Compute/virtualMachines/vmSizes/read\"],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2015-06-08T21:52:45.0657582Z\",\"updatedOn\":\"2019-05-08T11:27:34.8855476Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/76283e04-6283-4c54-8f91-bcf1374a3c64\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"76283e04-6283-4c54-8f91-bcf1374a3c64\"},{\"properties\":{\"roleName\":\"DocumentDB
Account Contributor\",\"type\":\"BuiltInRole\",\"description\":\"Lets you
- manage DocumentDB accounts, but not access to them.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Authorization/*/read\",\"Microsoft.DocumentDb/databaseAccounts/*\",\"Microsoft.Insights/alertRules/*\",\"Microsoft.ResourceHealth/availabilityStatuses/read\",\"Microsoft.Resources/deployments/*\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Support/*\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2015-02-02T21:55:09.8806423Z\",\"updatedOn\":\"2019-02-05T21:24:22.5964810Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/5bd9cd88-fe45-4216-938b-f97437e15450\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"5bd9cd88-fe45-4216-938b-f97437e15450\"},{\"properties\":{\"roleName\":\"DNS
+ manage DocumentDB accounts, but not access to them.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Authorization/*/read\",\"Microsoft.DocumentDb/databaseAccounts/*\",\"Microsoft.Insights/alertRules/*\",\"Microsoft.ResourceHealth/availabilityStatuses/read\",\"Microsoft.Resources/deployments/*\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Support/*\",\"Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2015-02-02T21:55:09.8806423Z\",\"updatedOn\":\"2019-11-21T01:38:32.0948484Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/5bd9cd88-fe45-4216-938b-f97437e15450\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"5bd9cd88-fe45-4216-938b-f97437e15450\"},{\"properties\":{\"roleName\":\"DNS
Zone Contributor\",\"type\":\"BuiltInRole\",\"description\":\"Lets you manage
DNS zones and record sets in Azure DNS, but does not let you control who has
access to them.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Authorization/*/read\",\"Microsoft.Insights/alertRules/*\",\"Microsoft.Network/dnsZones/*\",\"Microsoft.ResourceHealth/availabilityStatuses/read\",\"Microsoft.Resources/deployments/*\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Support/*\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2015-10-15T23:33:25.9730842Z\",\"updatedOn\":\"2016-05-31T23:13:40.3710365Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/befefa01-2a29-4197-83a8-272ff33ce314\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"befefa01-2a29-4197-83a8-272ff33ce314\"},{\"properties\":{\"roleName\":\"EventGrid
@@ -1506,9 +1231,9 @@ interactions:
creating and configuring Automation accounts; adding solutions; and configuring
Azure diagnostics on all Azure resources.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"*/read\",\"Microsoft.Automation/automationAccounts/*\",\"Microsoft.ClassicCompute/virtualMachines/extensions/*\",\"Microsoft.ClassicStorage/storageAccounts/listKeys/action\",\"Microsoft.Compute/virtualMachines/extensions/*\",\"Microsoft.Insights/alertRules/*\",\"Microsoft.Insights/diagnosticSettings/*\",\"Microsoft.OperationalInsights/*\",\"Microsoft.OperationsManagement/*\",\"Microsoft.Resources/deployments/*\",\"Microsoft.Resources/subscriptions/resourcegroups/deployments/*\",\"Microsoft.Storage/storageAccounts/listKeys/action\",\"Microsoft.Support/*\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2017-04-25T21:51:45.3174711Z\",\"updatedOn\":\"2018-01-30T18:08:26.6376126Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"92aaf0da-9dab-42b6-94a3-d43ce8d16293\"},{\"properties\":{\"roleName\":\"Logic
App Operator\",\"type\":\"BuiltInRole\",\"description\":\"Lets you read, enable
- and disable logic app.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Authorization/*/read\",\"Microsoft.Insights/alertRules/*/read\",\"Microsoft.Insights/diagnosticSettings/*/read\",\"Microsoft.Insights/metricDefinitions/*/read\",\"Microsoft.Logic/*/read\",\"Microsoft.Logic/workflows/disable/action\",\"Microsoft.Logic/workflows/enable/action\",\"Microsoft.Logic/workflows/validate/action\",\"Microsoft.Resources/deployments/operations/read\",\"Microsoft.Resources/subscriptions/operationresults/read\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Support/*\",\"Microsoft.Web/connectionGateways/*/read\",\"Microsoft.Web/connections/*/read\",\"Microsoft.Web/customApis/*/read\",\"Microsoft.Web/serverFarms/read\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2016-04-28T21:33:30.4656007Z\",\"updatedOn\":\"2018-01-10T23:14:26.9539724Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/515c2055-d9d4-4321-b1b9-bd0c9a0f79fe\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"515c2055-d9d4-4321-b1b9-bd0c9a0f79fe\"},{\"properties\":{\"roleName\":\"Logic
+ and disable logic app.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Authorization/*/read\",\"Microsoft.Insights/alertRules/*/read\",\"Microsoft.Insights/metricAlerts/*/read\",\"Microsoft.Insights/diagnosticSettings/*/read\",\"Microsoft.Insights/metricDefinitions/*/read\",\"Microsoft.Logic/*/read\",\"Microsoft.Logic/workflows/disable/action\",\"Microsoft.Logic/workflows/enable/action\",\"Microsoft.Logic/workflows/validate/action\",\"Microsoft.Resources/deployments/operations/read\",\"Microsoft.Resources/subscriptions/operationresults/read\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Support/*\",\"Microsoft.Web/connectionGateways/*/read\",\"Microsoft.Web/connections/*/read\",\"Microsoft.Web/customApis/*/read\",\"Microsoft.Web/serverFarms/read\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2016-04-28T21:33:30.4656007Z\",\"updatedOn\":\"2019-10-15T04:28:56.3265986Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/515c2055-d9d4-4321-b1b9-bd0c9a0f79fe\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"515c2055-d9d4-4321-b1b9-bd0c9a0f79fe\"},{\"properties\":{\"roleName\":\"Logic
App Contributor\",\"type\":\"BuiltInRole\",\"description\":\"Lets you manage
- logic app, but not access to them.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Authorization/*/read\",\"Microsoft.ClassicStorage/storageAccounts/listKeys/action\",\"Microsoft.ClassicStorage/storageAccounts/read\",\"Microsoft.Insights/alertRules/*\",\"Microsoft.Insights/diagnosticSettings/*\",\"Microsoft.Insights/logdefinitions/*\",\"Microsoft.Insights/metricDefinitions/*\",\"Microsoft.Logic/*\",\"Microsoft.Resources/deployments/*\",\"Microsoft.Resources/subscriptions/operationresults/read\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Storage/storageAccounts/listkeys/action\",\"Microsoft.Storage/storageAccounts/read\",\"Microsoft.Support/*\",\"Microsoft.Web/connectionGateways/*\",\"Microsoft.Web/connections/*\",\"Microsoft.Web/customApis/*\",\"Microsoft.Web/serverFarms/join/action\",\"Microsoft.Web/serverFarms/read\",\"Microsoft.Web/sites/functions/listSecrets/action\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2016-04-28T21:33:30.4656007Z\",\"updatedOn\":\"2018-01-10T23:11:44.8580600Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/87a39d53-fc1b-424a-814c-f7e04687dc9e\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"87a39d53-fc1b-424a-814c-f7e04687dc9e\"},{\"properties\":{\"roleName\":\"Managed
+ logic app, but not access to them.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Authorization/*/read\",\"Microsoft.ClassicStorage/storageAccounts/listKeys/action\",\"Microsoft.ClassicStorage/storageAccounts/read\",\"Microsoft.Insights/alertRules/*\",\"Microsoft.Insights/metricAlerts/*\",\"Microsoft.Insights/diagnosticSettings/*\",\"Microsoft.Insights/logdefinitions/*\",\"Microsoft.Insights/metricDefinitions/*\",\"Microsoft.Logic/*\",\"Microsoft.Resources/deployments/*\",\"Microsoft.Resources/subscriptions/operationresults/read\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Storage/storageAccounts/listkeys/action\",\"Microsoft.Storage/storageAccounts/read\",\"Microsoft.Support/*\",\"Microsoft.Web/connectionGateways/*\",\"Microsoft.Web/connections/*\",\"Microsoft.Web/customApis/*\",\"Microsoft.Web/serverFarms/join/action\",\"Microsoft.Web/serverFarms/read\",\"Microsoft.Web/sites/functions/listSecrets/action\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2016-04-28T21:33:30.4656007Z\",\"updatedOn\":\"2019-10-15T04:31:27.7685427Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/87a39d53-fc1b-424a-814c-f7e04687dc9e\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"87a39d53-fc1b-424a-814c-f7e04687dc9e\"},{\"properties\":{\"roleName\":\"Managed
Application Operator Role\",\"type\":\"BuiltInRole\",\"description\":\"Lets
you read and perform actions on Managed Application resources\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"*/read\",\"Microsoft.Solutions/applications/read\",\"Microsoft.Solutions/*/action\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2018-07-27T00:59:33.7988813Z\",\"updatedOn\":\"2019-02-20T01:09:55.1593079Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/c7393b34-138c-406f-901b-d8cf2b17e6ae\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"c7393b34-138c-406f-901b-d8cf2b17e6ae\"},{\"properties\":{\"roleName\":\"Managed
Applications Reader\",\"type\":\"BuiltInRole\",\"description\":\"Lets you
@@ -1540,9 +1265,8 @@ interactions:
everything but will not let you delete or create a storage account or contained
resource. It will also allow read/write access to all data contained in a
storage account via access to storage account keys.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Storage/storageAccounts/listKeys/action\",\"Microsoft.Storage/storageAccounts/ListAccountSas/action\",\"Microsoft.Storage/storageAccounts/read\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2018-03-27T23:20:46.1498906Z\",\"updatedOn\":\"2019-04-04T23:41:26.1056261Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/c12c1c16-33a1-487b-954d-41c89c60f349\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"c12c1c16-33a1-487b-954d-41c89c60f349\"},{\"properties\":{\"roleName\":\"Resource
- Policy Contributor (Preview)\",\"type\":\"BuiltInRole\",\"description\":\"(Preview)
- Backfilled users from EA, with rights to create/modify resource policy, create
- support ticket and read resources/hierarchy.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"*/read\",\"Microsoft.Authorization/policyassignments/*\",\"Microsoft.Authorization/policydefinitions/*\",\"Microsoft.Authorization/policysetdefinitions/*\",\"Microsoft.PolicyInsights/*\",\"Microsoft.Support/*\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2017-08-25T19:08:01.3861639Z\",\"updatedOn\":\"2018-01-30T18:08:27.8272264Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/36243c78-bf99-498c-9df9-86d9f8d28608\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"36243c78-bf99-498c-9df9-86d9f8d28608\"},{\"properties\":{\"roleName\":\"Scheduler
+ Policy Contributor\",\"type\":\"BuiltInRole\",\"description\":\"Users with
+ rights to create/modify resource policy, create support ticket and read resources/hierarchy.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"*/read\",\"Microsoft.Authorization/policyassignments/*\",\"Microsoft.Authorization/policydefinitions/*\",\"Microsoft.Authorization/policysetdefinitions/*\",\"Microsoft.PolicyInsights/*\",\"Microsoft.Support/*\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2017-08-25T19:08:01.3861639Z\",\"updatedOn\":\"2019-11-20T20:26:12.8811365Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/36243c78-bf99-498c-9df9-86d9f8d28608\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"36243c78-bf99-498c-9df9-86d9f8d28608\"},{\"properties\":{\"roleName\":\"Scheduler
Job Collections Contributor\",\"type\":\"BuiltInRole\",\"description\":\"Lets
you manage Scheduler job collections, but not access to them.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Authorization/*/read\",\"Microsoft.Insights/alertRules/*\",\"Microsoft.ResourceHealth/availabilityStatuses/read\",\"Microsoft.Resources/deployments/*\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Scheduler/jobcollections/*\",\"Microsoft.Support/*\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2015-02-02T21:55:09.8806423Z\",\"updatedOn\":\"2019-02-05T20:42:24.8360756Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/188a0f2f-5c9e-469b-ae67-2aa5ce574b94\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"188a0f2f-5c9e-469b-ae67-2aa5ce574b94\"},{\"properties\":{\"roleName\":\"Search
Service Contributor\",\"type\":\"BuiltInRole\",\"description\":\"Lets you
@@ -1554,7 +1278,7 @@ interactions:
Anchors Account Contributor\",\"type\":\"BuiltInRole\",\"description\":\"Lets
you manage spatial anchors in your account, but not delete them\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.MixedReality/SpatialAnchorsAccounts/create/action\",\"Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/read\",\"Microsoft.MixedReality/SpatialAnchorsAccounts/properties/read\",\"Microsoft.MixedReality/SpatialAnchorsAccounts/query/read\",\"Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read\",\"Microsoft.MixedReality/SpatialAnchorsAccounts/write\"],\"notDataActions\":[]}],\"createdOn\":\"2018-12-21T17:57:41.1420864Z\",\"updatedOn\":\"2019-02-13T06:13:39.8686435Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827\"},{\"properties\":{\"roleName\":\"Site
Recovery Contributor\",\"type\":\"BuiltInRole\",\"description\":\"Lets you
- manage Site Recovery service except vault creation and role assignment\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Authorization/*/read\",\"Microsoft.Insights/alertRules/*\",\"Microsoft.Network/virtualNetworks/read\",\"Microsoft.RecoveryServices/locations/allocatedStamp/read\",\"Microsoft.RecoveryServices/locations/allocateStamp/action\",\"Microsoft.RecoveryServices/Vaults/certificates/write\",\"Microsoft.RecoveryServices/Vaults/extendedInformation/*\",\"Microsoft.RecoveryServices/Vaults/read\",\"Microsoft.RecoveryServices/Vaults/refreshContainers/read\",\"Microsoft.RecoveryServices/Vaults/registeredIdentities/*\",\"Microsoft.RecoveryServices/vaults/replicationAlertSettings/*\",\"Microsoft.RecoveryServices/vaults/replicationEvents/read\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/*\",\"Microsoft.RecoveryServices/vaults/replicationJobs/*\",\"Microsoft.RecoveryServices/vaults/replicationPolicies/*\",\"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/*\",\"Microsoft.RecoveryServices/Vaults/storageConfig/*\",\"Microsoft.RecoveryServices/Vaults/tokenInfo/read\",\"Microsoft.RecoveryServices/Vaults/usages/read\",\"Microsoft.RecoveryServices/Vaults/vaultTokens/read\",\"Microsoft.RecoveryServices/Vaults/monitoringAlerts/*\",\"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read\",\"Microsoft.ResourceHealth/availabilityStatuses/read\",\"Microsoft.Resources/deployments/*\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Storage/storageAccounts/read\",\"Microsoft.Support/*\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2017-05-19T13:46:17.4592776Z\",\"updatedOn\":\"2017-06-29T05:31:19.7240473Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/6670b86e-a3f7-4917-ac9b-5d6ab1be4567\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"6670b86e-a3f7-4917-ac9b-5d6ab1be4567\"},{\"properties\":{\"roleName\":\"Site
+ manage Site Recovery service except vault creation and role assignment\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Authorization/*/read\",\"Microsoft.Insights/alertRules/*\",\"Microsoft.Network/virtualNetworks/read\",\"Microsoft.RecoveryServices/locations/allocatedStamp/read\",\"Microsoft.RecoveryServices/locations/allocateStamp/action\",\"Microsoft.RecoveryServices/Vaults/certificates/write\",\"Microsoft.RecoveryServices/Vaults/extendedInformation/*\",\"Microsoft.RecoveryServices/Vaults/read\",\"Microsoft.RecoveryServices/Vaults/refreshContainers/read\",\"Microsoft.RecoveryServices/Vaults/registeredIdentities/*\",\"Microsoft.RecoveryServices/vaults/replicationAlertSettings/*\",\"Microsoft.RecoveryServices/vaults/replicationEvents/read\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/*\",\"Microsoft.RecoveryServices/vaults/replicationJobs/*\",\"Microsoft.RecoveryServices/vaults/replicationPolicies/*\",\"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/*\",\"Microsoft.RecoveryServices/Vaults/storageConfig/*\",\"Microsoft.RecoveryServices/Vaults/tokenInfo/read\",\"Microsoft.RecoveryServices/Vaults/usages/read\",\"Microsoft.RecoveryServices/Vaults/vaultTokens/read\",\"Microsoft.RecoveryServices/Vaults/monitoringAlerts/*\",\"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read\",\"Microsoft.ResourceHealth/availabilityStatuses/read\",\"Microsoft.Resources/deployments/*\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Storage/storageAccounts/read\",\"Microsoft.RecoveryServices/vaults/replicationOperationStatus/read\",\"Microsoft.Support/*\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2017-05-19T13:46:17.4592776Z\",\"updatedOn\":\"2019-11-07T06:13:49.0760858Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/6670b86e-a3f7-4917-ac9b-5d6ab1be4567\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"6670b86e-a3f7-4917-ac9b-5d6ab1be4567\"},{\"properties\":{\"roleName\":\"Site
Recovery Operator\",\"type\":\"BuiltInRole\",\"description\":\"Lets you failover
and failback but not perform other Site Recovery management operations\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Authorization/*/read\",\"Microsoft.Insights/alertRules/*\",\"Microsoft.Network/virtualNetworks/read\",\"Microsoft.RecoveryServices/locations/allocatedStamp/read\",\"Microsoft.RecoveryServices/locations/allocateStamp/action\",\"Microsoft.RecoveryServices/Vaults/extendedInformation/read\",\"Microsoft.RecoveryServices/Vaults/read\",\"Microsoft.RecoveryServices/Vaults/refreshContainers/read\",\"Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read\",\"Microsoft.RecoveryServices/Vaults/registeredIdentities/read\",\"Microsoft.RecoveryServices/vaults/replicationAlertSettings/read\",\"Microsoft.RecoveryServices/vaults/replicationEvents/read\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/checkConsistency/action\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/read\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/reassociateGateway/action\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/renewcertificate/action\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/read\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/read\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/read\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/read\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/applyRecoveryPoint/action\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/failoverCommit/action\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/plannedFailover/action\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/read\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/read\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/repairReplication/action\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/reProtect/action\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/switchprotection/action\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailover/action\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailoverCleanup/action\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/unplannedFailover/action\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/updateMobilityService/action\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/read\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/read\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/refreshProvider/action\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/read\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/read\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/read\",\"Microsoft.RecoveryServices/vaults/replicationJobs/*\",\"Microsoft.RecoveryServices/vaults/replicationPolicies/read\",\"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/failoverCommit/action\",\"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/plannedFailover/action\",\"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/read\",\"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/reProtect/action\",\"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailover/action\",\"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailoverCleanup/action\",\"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/unplannedFailover/action\",\"Microsoft.RecoveryServices/Vaults/monitoringAlerts/*\",\"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read\",\"Microsoft.RecoveryServices/Vaults/storageConfig/read\",\"Microsoft.RecoveryServices/Vaults/tokenInfo/read\",\"Microsoft.RecoveryServices/Vaults/usages/read\",\"Microsoft.RecoveryServices/Vaults/vaultTokens/read\",\"Microsoft.ResourceHealth/availabilityStatuses/read\",\"Microsoft.Resources/deployments/*\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Storage/storageAccounts/read\",\"Microsoft.Support/*\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2017-05-19T13:47:50.1341148Z\",\"updatedOn\":\"2019-08-28T12:00:57.4472826Z\",\"createdBy\":null,\"updatedBy\":\"\"},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/494ae006-db33-4328-bf46-533a6560a3ca\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"494ae006-db33-4328-bf46-533a6560a3ca\"},{\"properties\":{\"roleName\":\"Spatial
Anchors Account Reader\",\"type\":\"BuiltInRole\",\"description\":\"Lets you
@@ -1618,25 +1342,25 @@ interactions:
Event Hubs Data Owner\",\"type\":\"BuiltInRole\",\"description\":\"Allows
for full access to Azure Event Hubs resources.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.EventHub/*\"],\"notActions\":[],\"dataActions\":[\"Microsoft.EventHub/*\"],\"notDataActions\":[]}],\"createdOn\":\"2019-04-16T21:34:29.8656362Z\",\"updatedOn\":\"2019-08-21T22:58:57.7584645Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/f526a384-b230-433a-b45c-95f59c4a2dec\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"f526a384-b230-433a-b45c-95f59c4a2dec\"},{\"properties\":{\"roleName\":\"Attestation
Contributor\",\"type\":\"BuiltInRole\",\"description\":\"Can read write or
- delete the attestation provider instance\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Attestation/attestationProviders/attestation/read\",\"Microsoft.Attestation/attestationProviders/attestation/write\",\"Microsoft.Attestation/attestationProviders/attestation/delete\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-04-19T00:24:09.3354177Z\",\"updatedOn\":\"2019-07-01T17:59:06.3448436Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/bbf86eb8-f7b4-4cce-96e4-18cddf81d86e\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"bbf86eb8-f7b4-4cce-96e4-18cddf81d86e\"},{\"properties\":{\"roleName\":\"HDInsight
+ delete the attestation provider instance\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Attestation/attestationProviders/attestation/read\",\"Microsoft.Attestation/attestationProviders/attestation/write\",\"Microsoft.Attestation/attestationProviders/attestation/delete\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-04-19T00:24:09.3354177Z\",\"updatedOn\":\"2019-05-10T17:59:06.3448436Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/bbf86eb8-f7b4-4cce-96e4-18cddf81d86e\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"bbf86eb8-f7b4-4cce-96e4-18cddf81d86e\"},{\"properties\":{\"roleName\":\"HDInsight
Cluster Operator\",\"type\":\"BuiltInRole\",\"description\":\"Lets you read
and modify HDInsight cluster configurations.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.HDInsight/*/read\",\"Microsoft.HDInsight/clusters/getGatewaySettings/action\",\"Microsoft.HDInsight/clusters/updateGatewaySettings/action\",\"Microsoft.HDInsight/clusters/configurations/*\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Resources/deployments/operations/read\",\"Microsoft.Insights/alertRules/*\",\"Microsoft.Authorization/*/read\",\"Microsoft.Support/*\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-04-20T00:03:01.7110732Z\",\"updatedOn\":\"2019-04-28T02:34:17.4679314Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/61ed4efc-fab3-44fd-b111-e24485cc132a\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"61ed4efc-fab3-44fd-b111-e24485cc132a\"},{\"properties\":{\"roleName\":\"Cosmos
DB Operator\",\"type\":\"BuiltInRole\",\"description\":\"Lets you manage Azure
Cosmos DB accounts, but not access data in them. Prevents access to account
- keys and connection strings.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.DocumentDb/databaseAccounts/*\",\"Microsoft.Insights/alertRules/*\",\"Microsoft.Authorization/*/read\",\"Microsoft.ResourceHealth/availabilityStatuses/read\",\"Microsoft.Resources/deployments/*\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Support/*\"],\"notActions\":[\"Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*\",\"Microsoft.DocumentDB/databaseAccounts/regenerateKey/*\",\"Microsoft.DocumentDB/databaseAccounts/listKeys/*\",\"Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*\"],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-04-26T17:01:17.0169383Z\",\"updatedOn\":\"2019-04-26T19:26:46.6326968Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/230815da-be43-4aae-9cb4-875f7bd000aa\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"230815da-be43-4aae-9cb4-875f7bd000aa\"},{\"properties\":{\"roleName\":\"Hybrid
+ keys and connection strings.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.DocumentDb/databaseAccounts/*\",\"Microsoft.Insights/alertRules/*\",\"Microsoft.Authorization/*/read\",\"Microsoft.ResourceHealth/availabilityStatuses/read\",\"Microsoft.Resources/deployments/*\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Support/*\",\"Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action\"],\"notActions\":[\"Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*\",\"Microsoft.DocumentDB/databaseAccounts/regenerateKey/*\",\"Microsoft.DocumentDB/databaseAccounts/listKeys/*\",\"Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*\"],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-04-26T17:01:17.0169383Z\",\"updatedOn\":\"2019-11-21T01:34:13.3746345Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/230815da-be43-4aae-9cb4-875f7bd000aa\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"230815da-be43-4aae-9cb4-875f7bd000aa\"},{\"properties\":{\"roleName\":\"Hybrid
Server Resource Administrator\",\"type\":\"BuiltInRole\",\"description\":\"Can
read, write, delete, and re-onboard Hybrid servers to the Hybrid Resource
Provider.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.HybridCompute/machines/*\",\"Microsoft.HybridCompute/*/read\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-04-29T21:39:32.3132923Z\",\"updatedOn\":\"2019-05-06T20:08:25.3180258Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/48b40c6e-82e0-4eb3-90d5-19e40f49b624\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"48b40c6e-82e0-4eb3-90d5-19e40f49b624\"},{\"properties\":{\"roleName\":\"Hybrid
Server Onboarding\",\"type\":\"BuiltInRole\",\"description\":\"Can onboard
new Hybrid servers to the Hybrid Resource Provider.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.HybridCompute/machines/read\",\"Microsoft.HybridCompute/machines/write\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-04-29T22:36:28.1873756Z\",\"updatedOn\":\"2019-05-06T20:09:17.9364269Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/5d1e5ee4-7c68-4a71-ac8b-0739630a3dfb\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"5d1e5ee4-7c68-4a71-ac8b-0739630a3dfb\"},{\"properties\":{\"roleName\":\"Azure
Event Hubs Data Receiver\",\"type\":\"BuiltInRole\",\"description\":\"Allows
- receive access to Azure Event Hubs resources.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.EventHub/*/eventhubs/consumergroups/read\"],\"notActions\":[],\"dataActions\":[\"Microsoft.EventHub/*/receive/action\"],\"notDataActions\":[]}],\"createdOn\":\"2019-07-01T06:25:21.1056666Z\",\"updatedOn\":\"2019-08-21T23:00:32.6225396Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/a638d3c7-ab3a-418d-83e6-5f17a39d4fde\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"a638d3c7-ab3a-418d-83e6-5f17a39d4fde\"},{\"properties\":{\"roleName\":\"Azure
+ receive access to Azure Event Hubs resources.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.EventHub/*/eventhubs/consumergroups/read\"],\"notActions\":[],\"dataActions\":[\"Microsoft.EventHub/*/receive/action\"],\"notDataActions\":[]}],\"createdOn\":\"2019-05-10T06:25:21.1056666Z\",\"updatedOn\":\"2019-08-21T23:00:32.6225396Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/a638d3c7-ab3a-418d-83e6-5f17a39d4fde\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"a638d3c7-ab3a-418d-83e6-5f17a39d4fde\"},{\"properties\":{\"roleName\":\"Azure
Event Hubs Data Sender\",\"type\":\"BuiltInRole\",\"description\":\"Allows
- send access to Azure Event Hubs resources.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.EventHub/*/eventhubs/read\"],\"notActions\":[],\"dataActions\":[\"Microsoft.EventHub/*/send/action\"],\"notDataActions\":[]}],\"createdOn\":\"2019-07-01T06:26:12.4673714Z\",\"updatedOn\":\"2019-08-21T23:02:26.6155679Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/2b629674-e913-4c01-ae53-ef4638d8f975\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"2b629674-e913-4c01-ae53-ef4638d8f975\"},{\"properties\":{\"roleName\":\"Azure
+ send access to Azure Event Hubs resources.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.EventHub/*/eventhubs/read\"],\"notActions\":[],\"dataActions\":[\"Microsoft.EventHub/*/send/action\"],\"notDataActions\":[]}],\"createdOn\":\"2019-05-10T06:26:12.4673714Z\",\"updatedOn\":\"2019-08-21T23:02:26.6155679Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/2b629674-e913-4c01-ae53-ef4638d8f975\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"2b629674-e913-4c01-ae53-ef4638d8f975\"},{\"properties\":{\"roleName\":\"Azure
Service Bus Data Receiver\",\"type\":\"BuiltInRole\",\"description\":\"Allows
- for receive access to Azure Service Bus resources.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.ServiceBus/*/queues/read\",\"Microsoft.ServiceBus/*/topics/read\",\"Microsoft.ServiceBus/*/topics/subscriptions/read\"],\"notActions\":[],\"dataActions\":[\"Microsoft.ServiceBus/*/receive/action\"],\"notDataActions\":[]}],\"createdOn\":\"2019-07-01T06:43:01.6343849Z\",\"updatedOn\":\"2019-08-21T22:55:24.3423558Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0\"},{\"properties\":{\"roleName\":\"Azure
+ for receive access to Azure Service Bus resources.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.ServiceBus/*/queues/read\",\"Microsoft.ServiceBus/*/topics/read\",\"Microsoft.ServiceBus/*/topics/subscriptions/read\"],\"notActions\":[],\"dataActions\":[\"Microsoft.ServiceBus/*/receive/action\"],\"notDataActions\":[]}],\"createdOn\":\"2019-05-10T06:43:01.6343849Z\",\"updatedOn\":\"2019-08-21T22:55:24.3423558Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0\"},{\"properties\":{\"roleName\":\"Azure
Service Bus Data Sender\",\"type\":\"BuiltInRole\",\"description\":\"Allows
- for send access to Azure Service Bus resources.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.ServiceBus/*/queues/read\",\"Microsoft.ServiceBus/*/topics/read\",\"Microsoft.ServiceBus/*/topics/subscriptions/read\"],\"notActions\":[],\"dataActions\":[\"Microsoft.ServiceBus/*/send/action\"],\"notDataActions\":[]}],\"createdOn\":\"2019-07-01T06:43:46.7046934Z\",\"updatedOn\":\"2019-08-21T22:57:12.2555683Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/69a216fc-b8fb-44d8-bc22-1f3c2cd27a39\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"69a216fc-b8fb-44d8-bc22-1f3c2cd27a39\"},{\"properties\":{\"roleName\":\"Storage
+ for send access to Azure Service Bus resources.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.ServiceBus/*/queues/read\",\"Microsoft.ServiceBus/*/topics/read\",\"Microsoft.ServiceBus/*/topics/subscriptions/read\"],\"notActions\":[],\"dataActions\":[\"Microsoft.ServiceBus/*/send/action\"],\"notDataActions\":[]}],\"createdOn\":\"2019-05-10T06:43:46.7046934Z\",\"updatedOn\":\"2019-08-21T22:57:12.2555683Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/69a216fc-b8fb-44d8-bc22-1f3c2cd27a39\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"69a216fc-b8fb-44d8-bc22-1f3c2cd27a39\"},{\"properties\":{\"roleName\":\"Storage
File Data SMB Share Reader\",\"type\":\"BuiltInRole\",\"description\":\"Allows
for read access to Azure File Share over SMB\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read\"],\"notDataActions\":[]}],\"createdOn\":\"2019-07-01T20:19:31.8620471Z\",\"updatedOn\":\"2019-08-07T01:00:41.9223409Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/aba4ae5f-2193-4029-9191-0cb91df5e314\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"aba4ae5f-2193-4029-9191-0cb91df5e314\"},{\"properties\":{\"roleName\":\"Storage
File Data SMB Share Contributor\",\"type\":\"BuiltInRole\",\"description\":\"Allows
@@ -1655,18 +1379,47 @@ interactions:
definitions, but not assign them.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Authorization/*/read\",\"Microsoft.Blueprint/blueprints/*\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Resources/deployments/*\",\"Microsoft.Support/*\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-08-14T21:55:16.9683949Z\",\"updatedOn\":\"2019-08-17T00:10:55.7494677Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/41077137-e803-4205-871c-5a86e6a753b4\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"41077137-e803-4205-871c-5a86e6a753b4\"},{\"properties\":{\"roleName\":\"Blueprint
Operator\",\"type\":\"BuiltInRole\",\"description\":\"Can assign existing
published blueprints, but cannot create new blueprints. NOTE: this only works
- if the assignment is done with a user-assigned managed identity.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Authorization/*/read\",\"Microsoft.Blueprint/blueprintAssignments/*\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Resources/deployments/*\",\"Microsoft.Support/*\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-08-14T21:56:48.7897875Z\",\"updatedOn\":\"2019-08-17T00:06:02.6509737Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/437d2ced-4a38-4302-8479-ed2bcb43d090\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"437d2ced-4a38-4302-8479-ed2bcb43d090\"},{\"properties\":{\"roleName\":\"Workbook
+ if the assignment is done with a user-assigned managed identity.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Authorization/*/read\",\"Microsoft.Blueprint/blueprintAssignments/*\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Resources/deployments/*\",\"Microsoft.Support/*\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-08-14T21:56:48.7897875Z\",\"updatedOn\":\"2019-08-17T00:06:02.6509737Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/437d2ced-4a38-4302-8479-ed2bcb43d090\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"437d2ced-4a38-4302-8479-ed2bcb43d090\"},{\"properties\":{\"roleName\":\"Azure
+ Sentinel Contributor\",\"type\":\"BuiltInRole\",\"description\":\"Azure Sentinel
+ Contributor\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.SecurityInsights/*\",\"Microsoft.OperationalInsights/workspaces/analytics/query/action\",\"Microsoft.OperationalInsights/workspaces/read\",\"Microsoft.OperationalInsights/workspaces/savedSearches/*\",\"Microsoft.OperationsManagement/solutions/read\",\"Microsoft.OperationalInsights/workspaces/query/read\",\"Microsoft.OperationalInsights/workspaces/query/*/read\",\"Microsoft.OperationalInsights/workspaces/dataSources/read\",\"Microsoft.Insights/workbooks/*\",\"Microsoft.Authorization/*/read\",\"Microsoft.Insights/alertRules/*\",\"Microsoft.Resources/deployments/*\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Support/*\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-08-28T16:39:03.8725173Z\",\"updatedOn\":\"2019-11-28T13:01:04.7575960Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/ab8e14d6-4a74-4a29-9ba8-549422addade\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"ab8e14d6-4a74-4a29-9ba8-549422addade\"},{\"properties\":{\"roleName\":\"Azure
+ Sentinel Responder\",\"type\":\"BuiltInRole\",\"description\":\"Azure Sentinel
+ Responder\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.SecurityInsights/*/read\",\"Microsoft.SecurityInsights/cases/*\",\"Microsoft.OperationalInsights/workspaces/analytics/query/action\",\"Microsoft.OperationalInsights/workspaces/read\",\"Microsoft.OperationalInsights/workspaces/dataSources/read\",\"Microsoft.OperationalInsights/workspaces/savedSearches/read\",\"Microsoft.OperationsManagement/solutions/read\",\"Microsoft.OperationalInsights/workspaces/query/read\",\"Microsoft.OperationalInsights/workspaces/query/*/read\",\"Microsoft.OperationalInsights/workspaces/dataSources/read\",\"Microsoft.Insights/workbooks/read\",\"Microsoft.Authorization/*/read\",\"Microsoft.Insights/alertRules/*\",\"Microsoft.Resources/deployments/*\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Support/*\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-08-28T16:54:07.6467264Z\",\"updatedOn\":\"2019-11-28T13:02:33.8005599Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/3e150937-b8fe-4cfb-8069-0eaf05ecd056\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"3e150937-b8fe-4cfb-8069-0eaf05ecd056\"},{\"properties\":{\"roleName\":\"Azure
+ Sentinel Reader\",\"type\":\"BuiltInRole\",\"description\":\"Azure Sentinel
+ Reader\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.SecurityInsights/*/read\",\"Microsoft.OperationalInsights/workspaces/analytics/query/action\",\"Microsoft.OperationalInsights/workspaces/read\",\"Microsoft.OperationalInsights/workspaces/savedSearches/read\",\"Microsoft.OperationsManagement/solutions/read\",\"Microsoft.OperationalInsights/workspaces/query/read\",\"Microsoft.OperationalInsights/workspaces/query/*/read\",\"Microsoft.OperationalInsights/workspaces/dataSources/read\",\"Microsoft.Insights/workbooks/read\",\"Microsoft.Authorization/*/read\",\"Microsoft.Insights/alertRules/*\",\"Microsoft.Resources/deployments/*\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Support/*\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-08-28T16:58:50.1132117Z\",\"updatedOn\":\"2019-11-28T12:51:42.4847204Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/8d289c81-5878-46d4-8554-54e1e3d8b5cb\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"8d289c81-5878-46d4-8554-54e1e3d8b5cb\"},{\"properties\":{\"roleName\":\"Workbook
Reader\",\"type\":\"BuiltInRole\",\"description\":\"Can read workbooks.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"microsoft.insights/workbooks/read\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-08-28T20:56:17.6808140Z\",\"updatedOn\":\"2019-08-28T21:43:05.0202124Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b279062a-9be3-42a0-92ae-8b3cf002ec4d\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"b279062a-9be3-42a0-92ae-8b3cf002ec4d\"},{\"properties\":{\"roleName\":\"Workbook
- Contributor\",\"type\":\"BuiltInRole\",\"description\":\"Can save shared workbooks.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Insights/workbooks/write\",\"Microsoft.Insights/workbooks/delete\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-08-28T20:59:42.4820277Z\",\"updatedOn\":\"2019-08-28T21:43:55.5802704Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/e8ddcd69-c73f-4f9f-9844-4100522f16ad\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"e8ddcd69-c73f-4f9f-9844-4100522f16ad\"}]}"
+ Contributor\",\"type\":\"BuiltInRole\",\"description\":\"Can save shared workbooks.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Insights/workbooks/write\",\"Microsoft.Insights/workbooks/delete\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-08-28T20:59:42.4820277Z\",\"updatedOn\":\"2019-08-28T21:43:55.5802704Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/e8ddcd69-c73f-4f9f-9844-4100522f16ad\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"e8ddcd69-c73f-4f9f-9844-4100522f16ad\"},{\"properties\":{\"roleName\":\"Policy
+ Insights Data Writer (Preview)\",\"type\":\"BuiltInRole\",\"description\":\"Allows
+ read access to resource policies and write access to resource component policy
+ events.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Authorization/policyassignments/read\",\"Microsoft.Authorization/policydefinitions/read\",\"Microsoft.Authorization/policysetdefinitions/read\"],\"notActions\":[],\"dataActions\":[\"Microsoft.PolicyInsights/checkDataPolicyCompliance/action\",\"Microsoft.PolicyInsights/policyEvents/logDataEvents/action\"],\"notDataActions\":[]}],\"createdOn\":\"2019-09-19T19:35:20.9504127Z\",\"updatedOn\":\"2019-09-19T19:37:02.5331596Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/66bb4e9e-b016-4a94-8249-4c0511c2be84\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"66bb4e9e-b016-4a94-8249-4c0511c2be84\"},{\"properties\":{\"roleName\":\"SignalR
+ AccessKey Reader\",\"type\":\"BuiltInRole\",\"description\":\"Read SignalR
+ Service Access Keys\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.SignalRService/*/read\",\"Microsoft.SignalRService/SignalR/listkeys/action\",\"Microsoft.Authorization/*/read\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Support/*\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-09-20T09:33:19.6236874Z\",\"updatedOn\":\"2019-09-20T09:33:19.6236874Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/04165923-9d83-45d5-8227-78b77b0a687e\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"04165923-9d83-45d5-8227-78b77b0a687e\"},{\"properties\":{\"roleName\":\"SignalR
+ Contributor\",\"type\":\"BuiltInRole\",\"description\":\"Create, Read, Update,
+ and Delete SignalR service resources\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.SignalRService/*\",\"Microsoft.Authorization/*/read\",\"Microsoft.Insights/alertRules/*\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Resources/deployments/*\",\"Microsoft.Support/*\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-09-20T09:58:09.0009662Z\",\"updatedOn\":\"2019-09-20T09:58:09.0009662Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/8cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"8cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761\"},{\"properties\":{\"roleName\":\"Azure
+ Connected Machine Onboarding\",\"type\":\"BuiltInRole\",\"description\":\"Can
+ onboard Azure Connected Machines.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.HybridCompute/machines/read\",\"Microsoft.HybridCompute/machines/write\",\"Microsoft.GuestConfiguration/guestConfigurationAssignments/read\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-10-23T20:15:07.1372870Z\",\"updatedOn\":\"2019-11-03T18:26:59.2060282Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b64e21ea-ac4e-4cdf-9dc9-5b892992bee7\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"b64e21ea-ac4e-4cdf-9dc9-5b892992bee7\"},{\"properties\":{\"roleName\":\"Azure
+ Connected Machine Resource Administrator\",\"type\":\"BuiltInRole\",\"description\":\"Can
+ read, write, delete and re-onboard Azure Connected Machines.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.HybridCompute/machines/read\",\"Microsoft.HybridCompute/machines/write\",\"Microsoft.HybridCompute/machines/delete\",\"Microsoft.HybridCompute/machines/reconnect/action\",\"Microsoft.HybridCompute/*/read\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-10-23T20:24:59.1474607Z\",\"updatedOn\":\"2019-10-24T18:57:01.0320416Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/cd570a14-e51a-42ad-bac8-bafd67325302\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"cd570a14-e51a-42ad-bac8-bafd67325302\"},{\"properties\":{\"roleName\":\"Managed
+ Services Registration assignment Delete Role\",\"type\":\"BuiltInRole\",\"description\":\"Managed
+ Services Registration Assignment Delete Role allows the managing tenant users
+ to delete the registration assignment assigned to their tenant.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.ManagedServices/registrationAssignments/read\",\"Microsoft.ManagedServices/registrationAssignments/delete\",\"Microsoft.ManagedServices/operationStatuses/read\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-10-23T22:33:33.1183469Z\",\"updatedOn\":\"2019-10-24T21:49:09.3875276Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/91c1777a-f3dc-4fae-b103-61d183457e46\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"91c1777a-f3dc-4fae-b103-61d183457e46\"},{\"properties\":{\"roleName\":\"App
+ Configuration Data Owner\",\"type\":\"BuiltInRole\",\"description\":\"Allows
+ full access to App Configuration data.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.AppConfiguration/configurationStores/*/read\",\"Microsoft.AppConfiguration/configurationStores/*/write\",\"Microsoft.AppConfiguration/configurationStores/*/delete\"],\"notDataActions\":[]}],\"createdOn\":\"2019-10-25T18:41:40.1185063Z\",\"updatedOn\":\"2019-10-25T18:41:40.1185063Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b\"},{\"properties\":{\"roleName\":\"App
+ Configuration Data Reader\",\"type\":\"BuiltInRole\",\"description\":\"Allows
+ read access to App Configuration data.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.AppConfiguration/configurationStores/*/read\"],\"notDataActions\":[]}],\"createdOn\":\"2019-10-25T18:45:33.7975332Z\",\"updatedOn\":\"2019-10-25T18:45:33.7975332Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/516239f1-63e1-4d78-a4de-a74fb236a071\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"516239f1-63e1-4d78-a4de-a74fb236a071\"},{\"properties\":{\"roleName\":\"Kubernetes
+ Cluster - Azure Arc Onborading Role\",\"type\":\"BuiltInRole\",\"description\":\"Role
+ definition to authorize any user/service to create connectedClusters resource\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Authorization/*/read\",\"Microsoft.Insights/alertRules/*\",\"Microsoft.Resources/deployments/write\",\"Microsoft.Resources/subscriptions/operationresults/read\",\"Microsoft.Resources/subscriptions/read\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Kubernetes/connectedClusters/Write\",\"Microsoft.Support/*\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-11-18T17:00:02.2087147Z\",\"updatedOn\":\"2019-11-18T17:00:02.2087147Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/34e09817-6cbe-4d01-b1a2-e0eac5743d41\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"34e09817-6cbe-4d01-b1a2-e0eac5743d41\"},{\"properties\":{\"roleName\":\"MLC
+ Service Role\",\"type\":\"BuiltInRole\",\"description\":\"This role defines
+ permissions for control plane actions by the Machine Learning Compute (MLC)
+ service.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Resources/deployments/*\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-11-25T21:22:50.7173949Z\",\"updatedOn\":\"2019-11-25T23:28:52.8743615Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/0b072326-6884-49b7-a53d-ae6aa62260ff\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"0b072326-6884-49b7-a53d-ae6aa62260ff\"}]}"
headers:
cache-control:
- no-cache
content-length:
- - '156638'
+ - '168871'
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:59:17 GMT
+ - Fri, 06 Dec 2019 21:51:16 GMT
expires:
- '-1'
pragma:
@@ -1687,7 +1440,7 @@ interactions:
code: 200
message: OK
- request:
- body: '{"objectIds": ["0b027d6b-c21d-4bb8-b0d2-5b94b5c075d1"], "includeDirectoryObjectReferences":
+ body: '{"objectIds": ["dd1f4229-1d63-4f21-a902-d80d5c791f70"], "includeDirectoryObjectReferences":
true}'
headers:
Accept:
@@ -1705,40 +1458,41 @@ interactions:
ParameterSetName:
- --resource-group --role
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-graphrbac/0.60.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-graphrbac/0.60.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: POST
uri: https://graph.windows.net/00000000-0000-0000-0000-000000000000/getObjectsByObjectIds?api-version=1.6
response:
body:
- string: '{"odata.metadata":"https://graph.windows.net/00000000-0000-0000-0000-000000000000/$metadata#directoryObjects","value":[{"odata.type":"Microsoft.DirectoryServices.ServicePrincipal","objectType":"ServicePrincipal","objectId":"0b027d6b-c21d-4bb8-b0d2-5b94b5c075d1","deletionTimestamp":null,"accountEnabled":true,"addIns":[],"alternativeNames":["isExplicit=False","/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002"],"appDisplayName":null,"appId":"17e9cfb1-9eb5-4126-afe8-47e7ee11d6d1","applicationTemplateId":null,"appOwnerTenantId":null,"appRoleAssignmentRequired":false,"appRoles":[],"displayName":"azurecli-test-policy-assignment000002","errorUrl":null,"homepage":null,"informationalUrls":null,"keyCredentials":[{"customKeyIdentifier":"6693C804A6068E57F617F508FA9F4501689D57A1","endDate":"2019-12-10T21:53:00Z","keyId":"1205ca76-459f-470b-8cb3-ad91bbd0b727","startDate":"2019-09-11T21:53:00Z","type":"AsymmetricX509Cert","usage":"Verify","value":null}],"logoutUrl":null,"notificationEmailAddresses":[],"oauth2Permissions":[],"passwordCredentials":[],"preferredSingleSignOnMode":null,"preferredTokenSigningKeyEndDateTime":null,"preferredTokenSigningKeyThumbprint":null,"publisherName":null,"replyUrls":[],"samlMetadataUrl":null,"samlSingleSignOnSettings":null,"servicePrincipalNames":["17e9cfb1-9eb5-4126-afe8-47e7ee11d6d1","https://identity.azure.net/hdTR2quXHmmHmDRawBaqdgEmb7TKc8OivfuQKDLn/Tw="],"servicePrincipalType":"ManagedIdentity","signInAudience":null,"tags":[],"tokenEncryptionKeyId":null}]}'
+ string: '{"odata.error":{"code":"Authorization_RequestDenied","message":{"lang":"en","value":"Insufficient
+ privileges to complete the operation."},"requestId":"a5c20e8d-15c7-4a1a-b128-6c2afc529116","date":"2019-12-06T21:51:17"}}'
headers:
access-control-allow-origin:
- '*'
cache-control:
- no-cache
content-length:
- - '1690'
+ - '219'
content-type:
- application/json; odata=minimalmetadata; streaming=true; charset=utf-8
dataserviceversion:
- 3.0;
date:
- - Wed, 11 Sep 2019 21:59:20 GMT
+ - Fri, 06 Dec 2019 21:51:17 GMT
duration:
- - '1615157'
+ - '1261877'
expires:
- '-1'
ocp-aad-diagnostics-server-name:
- - BaUpzbcpe8CsfbLiSVe623GjwTzlV5c+gfKgkBtBCJY=
+ - ugNwVUhy/uil8Pg9hUjbVUCmwvlEB5WBlRSXf9K7vo0=
ocp-aad-session-key:
- - d7WYmwV7P5CiD-3zl9NWQoonPcM52BuIrkvQDiEr3h0u-FxnbpwYYM_JN9ua7nZNwSM7ZL7hgEgxiJckBoMVXo8RyRfavFsT3YPxUd-xkNLmI-KqMQrWKCT7i89Ku9Mr.qfr9FcoPWObotEk2URxYKRlVdPEibIlCggk7B51r2M8
+ - GFI5ZzVPBmn40-kBkXIo7yZHMkLnUo1DOpgYYtrelYihmnT6RSrrdIUbuPJuJUVRAxlbMqzO_WainQQs_GQSQxr3owtaFMcFxo816RNJgZN6h0MXMzacrGgwqYG7ZNOs.aoYCV88ejh3zANUSdSOKBcwYTZJevfAxDvFNQe-d0sY
pragma:
- no-cache
request-id:
- - ffebffdb-4ef8-44ed-a392-5bfc6beda067
+ - a5c20e8d-15c7-4a1a-b128-6c2afc529116
strict-transport-security:
- max-age=31536000; includeSubDomains
x-aspnet-version:
@@ -1748,8 +1502,8 @@ interactions:
x-powered-by:
- ASP.NET
status:
- code: 200
- message: OK
+ code: 403
+ message: Forbidden
- request:
body: null
headers:
@@ -1764,15 +1518,15 @@ interactions:
ParameterSetName:
- -n -g
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002?api-version=2019-09-01
response:
body:
- string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-11T21:58:24.3085051Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-11T21:58:35.4596324Z"},"enforcementMode":"Default"},"identity":{"principalId":"0b027d6b-c21d-4bb8-b0d2-5b94b5c075d1","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000002","location":"westus"}'
+ string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T21:50:43.6673632Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T21:50:58.4925025Z"},"enforcementMode":"Default"},"identity":{"principalId":"dd1f4229-1d63-4f21-a902-d80d5c791f70","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000002","location":"westus"}'
headers:
cache-control:
- no-cache
@@ -1781,7 +1535,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:59:20 GMT
+ - Fri, 06 Dec 2019 21:51:18 GMT
expires:
- '-1'
pragma:
@@ -1800,9 +1554,9 @@ interactions:
- request:
body: 'b''{"properties": {"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d",
"scope": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001",
- "metadata": {"createdBy": "327c26bf-bf3e-4128-9b75-fbbd99e98739", "createdOn":
- "2019-09-11T21:58:24.3085051Z", "updatedBy": "327c26bf-bf3e-4128-9b75-fbbd99e98739",
- "updatedOn": "2019-09-11T21:58:35.4596324Z"}, "enforcementMode": "Default"},
+ "metadata": {"createdBy": "7140c269-e408-47a5-a626-a1d836b96883", "createdOn":
+ "2019-12-06T21:50:43.6673632Z", "updatedBy": "7140c269-e408-47a5-a626-a1d836b96883",
+ "updatedOn": "2019-12-06T21:50:58.4925025Z"}, "enforcementMode": "Default"},
"sku": {"name": "A0", "tier": "Free"}, "location": "westus", "identity": {"type":
"None"}}'''
headers:
@@ -1821,15 +1575,15 @@ interactions:
ParameterSetName:
- -n -g
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002?api-version=2019-09-01
response:
body:
- string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-11T21:58:24.3085051Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-11T21:59:21.9541375Z"},"enforcementMode":"Default"},"identity":{"type":"None"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000002","location":"westus"}'
+ string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T21:50:43.6673632Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T21:51:20.5750066Z"},"enforcementMode":"Default"},"identity":{"type":"None"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000002","location":"westus"}'
headers:
cache-control:
- no-cache
@@ -1838,7 +1592,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:59:22 GMT
+ - Fri, 06 Dec 2019 21:51:20 GMT
expires:
- '-1'
pragma:
@@ -1866,15 +1620,15 @@ interactions:
ParameterSetName:
- -n -g --identity-scope --role
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002?api-version=2019-09-01
response:
body:
- string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-11T21:58:24.3085051Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-11T21:59:21.9541375Z"},"enforcementMode":"Default"},"identity":{"type":"None"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000002","location":"westus"}'
+ string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T21:50:43.6673632Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T21:51:20.5750066Z"},"enforcementMode":"Default"},"identity":{"type":"None"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000002","location":"westus"}'
headers:
cache-control:
- no-cache
@@ -1883,7 +1637,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:59:22 GMT
+ - Fri, 06 Dec 2019 21:51:20 GMT
expires:
- '-1'
pragma:
@@ -1902,9 +1656,9 @@ interactions:
- request:
body: 'b''{"properties": {"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d",
"scope": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001",
- "metadata": {"createdBy": "327c26bf-bf3e-4128-9b75-fbbd99e98739", "createdOn":
- "2019-09-11T21:58:24.3085051Z", "updatedBy": "327c26bf-bf3e-4128-9b75-fbbd99e98739",
- "updatedOn": "2019-09-11T21:59:21.9541375Z"}, "enforcementMode": "Default"},
+ "metadata": {"createdBy": "7140c269-e408-47a5-a626-a1d836b96883", "createdOn":
+ "2019-12-06T21:50:43.6673632Z", "updatedBy": "7140c269-e408-47a5-a626-a1d836b96883",
+ "updatedOn": "2019-12-06T21:51:20.5750066Z"}, "enforcementMode": "Default"},
"sku": {"name": "A0", "tier": "Free"}, "location": "westus", "identity": {"type":
"SystemAssigned"}}'''
headers:
@@ -1923,15 +1677,15 @@ interactions:
ParameterSetName:
- -n -g --identity-scope --role
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002?api-version=2019-09-01
response:
body:
- string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-11T21:58:24.3085051Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-11T21:59:25.2486151Z"},"enforcementMode":"Default"},"identity":{"principalId":"318faf44-e0f4-4cb4-bb4f-484308844dd6","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000002","location":"westus"}'
+ string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T21:50:43.6673632Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T21:51:23.3174033Z"},"enforcementMode":"Default"},"identity":{"principalId":"2c2edb87-ecd2-4864-9b2b-1762008042c0","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000002","location":"westus"}'
headers:
cache-control:
- no-cache
@@ -1940,7 +1694,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:59:25 GMT
+ - Fri, 06 Dec 2019 21:51:23 GMT
expires:
- '-1'
pragma:
@@ -1968,8 +1722,8 @@ interactions:
ParameterSetName:
- -n -g --identity-scope --role
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-authorization/0.52.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-authorization/0.52.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
@@ -1986,13 +1740,13 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:59:25 GMT
+ - Fri, 06 Dec 2019 21:51:24 GMT
expires:
- '-1'
pragma:
- no-cache
set-cookie:
- - x-ms-gateway-slice=Production; path=/; secure; HttpOnly
+ - x-ms-gateway-slice=Production; path=/; SameSite=None; secure; HttpOnly
strict-transport-security:
- max-age=31536000; includeSubDomains
transfer-encoding:
@@ -2008,60 +1762,7 @@ interactions:
message: OK
- request:
body: '{"properties": {"roleDefinitionId": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7",
- "principalId": "318faf44-e0f4-4cb4-bb4f-484308844dd6"}}'
- headers:
- Accept:
- - application/json
- Accept-Encoding:
- - gzip, deflate
- CommandName:
- - policy assignment identity assign
- Connection:
- - keep-alive
- Content-Length:
- - '233'
- Content-Type:
- - application/json; charset=utf-8
- ParameterSetName:
- - -n -g --identity-scope --role
- User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-authorization/0.52.0
- Azure-SDK-For-Python AZURECLI/2.0.72
- accept-language:
- - en-US
- method: PUT
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/roleAssignments/88888888-0000-0000-0000-000000000002?api-version=2018-09-01-preview
- response:
- body:
- string: '{"error":{"code":"PrincipalNotFound","message":"Principal 318faf44e0f44cb4bb4f484308844dd6
- does not exist in the directory 72f988bf-86f1-41af-91ab-2d7cd011db47."}}'
- headers:
- cache-control:
- - no-cache
- content-length:
- - '163'
- content-type:
- - application/json; charset=utf-8
- date:
- - Wed, 11 Sep 2019 21:59:25 GMT
- expires:
- - '-1'
- pragma:
- - no-cache
- set-cookie:
- - x-ms-gateway-slice=Production; path=/; secure; HttpOnly
- strict-transport-security:
- - max-age=31536000; includeSubDomains
- x-content-type-options:
- - nosniff
- x-ms-ratelimit-remaining-subscription-writes:
- - '1199'
- status:
- code: 400
- message: Bad Request
-- request:
- body: '{"properties": {"roleDefinitionId": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7",
- "principalId": "318faf44-e0f4-4cb4-bb4f-484308844dd6"}}'
+ "principalId": "2c2edb87-ecd2-4864-9b2b-1762008042c0"}}'
headers:
Accept:
- application/json
@@ -2075,20 +1776,18 @@ interactions:
- '233'
Content-Type:
- application/json; charset=utf-8
- Cookie:
- - x-ms-gateway-slice=Production
ParameterSetName:
- -n -g --identity-scope --role
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-authorization/0.52.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-authorization/0.52.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/roleAssignments/88888888-0000-0000-0000-000000000002?api-version=2018-09-01-preview
response:
body:
- string: '{"error":{"code":"PrincipalNotFound","message":"Principal 318faf44e0f44cb4bb4f484308844dd6
+ string: '{"error":{"code":"PrincipalNotFound","message":"Principal 2c2edb87ecd248649b2b1762008042c0
does not exist in the directory 72f988bf-86f1-41af-91ab-2d7cd011db47."}}'
headers:
cache-control:
@@ -2098,13 +1797,13 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:59:32 GMT
+ - Fri, 06 Dec 2019 21:51:25 GMT
expires:
- '-1'
pragma:
- no-cache
set-cookie:
- - x-ms-gateway-slice=Production; path=/; secure; HttpOnly
+ - x-ms-gateway-slice=Production; path=/; SameSite=None; secure; HttpOnly
strict-transport-security:
- max-age=31536000; includeSubDomains
x-content-type-options:
@@ -2116,7 +1815,7 @@ interactions:
message: Bad Request
- request:
body: '{"properties": {"roleDefinitionId": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7",
- "principalId": "318faf44-e0f4-4cb4-bb4f-484308844dd6"}}'
+ "principalId": "2c2edb87-ecd2-4864-9b2b-1762008042c0"}}'
headers:
Accept:
- application/json
@@ -2135,15 +1834,15 @@ interactions:
ParameterSetName:
- -n -g --identity-scope --role
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-authorization/0.52.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-authorization/0.52.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/roleAssignments/88888888-0000-0000-0000-000000000002?api-version=2018-09-01-preview
response:
body:
- string: '{"error":{"code":"PrincipalNotFound","message":"Principal 318faf44e0f44cb4bb4f484308844dd6
+ string: '{"error":{"code":"PrincipalNotFound","message":"Principal 2c2edb87ecd248649b2b1762008042c0
does not exist in the directory 72f988bf-86f1-41af-91ab-2d7cd011db47."}}'
headers:
cache-control:
@@ -2153,7 +1852,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:59:37 GMT
+ - Fri, 06 Dec 2019 21:51:32 GMT
expires:
- '-1'
pragma:
@@ -2171,7 +1870,7 @@ interactions:
message: Bad Request
- request:
body: '{"properties": {"roleDefinitionId": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7",
- "principalId": "318faf44-e0f4-4cb4-bb4f-484308844dd6"}}'
+ "principalId": "2c2edb87-ecd2-4864-9b2b-1762008042c0"}}'
headers:
Accept:
- application/json
@@ -2190,15 +1889,15 @@ interactions:
ParameterSetName:
- -n -g --identity-scope --role
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-authorization/0.52.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-authorization/0.52.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/roleAssignments/88888888-0000-0000-0000-000000000002?api-version=2018-09-01-preview
response:
body:
- string: '{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7","principalId":"318faf44-e0f4-4cb4-bb4f-484308844dd6","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001","createdOn":"2019-09-11T21:59:43.2878570Z","updatedOn":"2019-09-11T21:59:43.2878570Z","createdBy":null,"updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/roleAssignments/88888888-0000-0000-0000-000000000002","type":"Microsoft.Authorization/roleAssignments","name":"88888888-0000-0000-0000-000000000002"}'
+ string: '{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7","principalId":"2c2edb87-ecd2-4864-9b2b-1762008042c0","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001","createdOn":"2019-12-06T21:51:38.0562935Z","updatedOn":"2019-12-06T21:51:38.0562935Z","createdBy":null,"updatedBy":"7140c269-e408-47a5-a626-a1d836b96883"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/roleAssignments/88888888-0000-0000-0000-000000000002","type":"Microsoft.Authorization/roleAssignments","name":"88888888-0000-0000-0000-000000000002"}'
headers:
cache-control:
- no-cache
@@ -2207,7 +1906,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:59:44 GMT
+ - Fri, 06 Dec 2019 21:51:39 GMT
expires:
- '-1'
pragma:
@@ -2221,7 +1920,7 @@ interactions:
x-ms-ratelimit-remaining-subscription-writes:
- '1199'
x-ms-request-charge:
- - '1'
+ - '2'
status:
code: 201
message: Created
@@ -2239,30 +1938,30 @@ interactions:
ParameterSetName:
- --resource-group --role
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-authorization/0.52.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-authorization/0.52.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/roleAssignments?$filter=atScope%28%29&api-version=2018-09-01-preview
response:
body:
- string: '{"value":[{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7","principalId":"0b027d6b-c21d-4bb8-b0d2-5b94b5c075d1","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001","createdOn":"2019-09-11T21:59:16.1586348Z","updatedOn":"2019-09-11T21:59:16.1586348Z","createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/roleAssignments/88888888-0000-0000-0000-000000000001","type":"Microsoft.Authorization/roleAssignments","name":"88888888-0000-0000-0000-000000000001"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7","principalId":"318faf44-e0f4-4cb4-bb4f-484308844dd6","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001","createdOn":"2019-09-11T21:59:44.1288441Z","updatedOn":"2019-09-11T21:59:44.1288441Z","createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/roleAssignments/88888888-0000-0000-0000-000000000002","type":"Microsoft.Authorization/roleAssignments","name":"88888888-0000-0000-0000-000000000002"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3","principalId":"4a507e4a-7924-4e4b-b1c8-d9262d8136bc","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-08-05T23:39:09.5294379Z","updatedOn":"2019-08-05T23:39:09.5294379Z","createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/fcbe1eaa-0ebd-47fa-be94-9f7a1113818e","type":"Microsoft.Authorization/roleAssignments","name":"fcbe1eaa-0ebd-47fa-be94-9f7a1113818e"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3","principalId":"64f2ce47-849a-4587-afb3-3dc011037096","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-08-05T23:38:51.8741350Z","updatedOn":"2019-08-05T23:38:51.8741350Z","createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/fcbe1eaa-0ebd-47fa-be94-9f7a11138188","type":"Microsoft.Authorization/roleAssignments","name":"fcbe1eaa-0ebd-47fa-be94-9f7a11138188"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3","principalId":"95e2781a-2ad5-455a-8000-02acdb0ee77d","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-08-27T17:20:38.1844619Z","updatedOn":"2019-08-27T17:20:38.1844619Z","createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/29044f17-dbcd-4ff8-9508-9e76dd7d7eed","type":"Microsoft.Authorization/roleAssignments","name":"29044f17-dbcd-4ff8-9508-9e76dd7d7eed"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab","principalId":"4a507e4a-7924-4e4b-b1c8-d9262d8136bc","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-08-05T23:39:09.5906916Z","updatedOn":"2019-08-05T23:39:09.5906916Z","createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/fcbe1eaa-0ebd-47fa-be94-9f7a1113818f","type":"Microsoft.Authorization/roleAssignments","name":"fcbe1eaa-0ebd-47fa-be94-9f7a1113818f"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab","principalId":"64f2ce47-849a-4587-afb3-3dc011037096","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-08-05T23:38:51.8708446Z","updatedOn":"2019-08-05T23:38:51.8708446Z","createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/fcbe1eaa-0ebd-47fa-be94-9f7a11138189","type":"Microsoft.Authorization/roleAssignments","name":"fcbe1eaa-0ebd-47fa-be94-9f7a11138189"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab","principalId":"95e2781a-2ad5-455a-8000-02acdb0ee77d","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-08-27T17:20:38.1794616Z","updatedOn":"2019-08-27T17:20:38.1794616Z","createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/29044f17-dbcd-4ff8-9508-9e76dd7d7eee","type":"Microsoft.Authorization/roleAssignments","name":"29044f17-dbcd-4ff8-9508-9e76dd7d7eee"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/43d0d8ad-25c7-4714-9337-8ba259a9fe05","principalId":"5289bf2b-79f3-4c31-8d60-db42c3fd002a","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-01-10T21:47:58.8457396Z","updatedOn":"2019-01-10T21:47:58.8457396Z","createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/1f9763ab-2fc2-4bb3-840f-69f3e5e1695c","type":"Microsoft.Authorization/roleAssignments","name":"1f9763ab-2fc2-4bb3-840f-69f3e5e1695c"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635","principalId":"327c26bf-bf3e-4128-9b75-fbbd99e98739","principalType":"User","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-09-06T22:27:35.0610579Z","updatedOn":"2019-09-06T22:27:35.0610579Z","createdBy":"904fca91-c07a-4528-ac9c-e9496c36d9ef","updatedBy":"904fca91-c07a-4528-ac9c-e9496c36d9ef"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/80f18826-a049-4362-88d8-ac8dd359c32f","type":"Microsoft.Authorization/roleAssignments","name":"80f18826-a049-4362-88d8-ac8dd359c32f"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635","principalId":"904fca91-c07a-4528-ac9c-e9496c36d9ef","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-06-01T00:34:11.9538518Z","updatedOn":"2019-06-01T00:34:11.9538518Z","createdBy":"b8890a11-51b6-457d-99f0-b36fde28fa4f","updatedBy":"b8890a11-51b6-457d-99f0-b36fde28fa4f"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/579d88be-96cb-4410-8a58-8e335e43c59c","type":"Microsoft.Authorization/roleAssignments","name":"579d88be-96cb-4410-8a58-8e335e43c59c"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7","principalId":"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e","principalType":"User","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2018-04-04T19:51:52.6581071Z","updatedOn":"2018-04-04T19:51:52.6581071Z","createdBy":"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e","updatedBy":"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/6cd3d2cb-7065-4e32-9e3b-826797d0c09a","type":"Microsoft.Authorization/roleAssignments","name":"6cd3d2cb-7065-4e32-9e3b-826797d0c09a"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7","principalId":"5c617d2b-99f8-4c90-98fe-dfe040fa33c1","principalType":"ServicePrincipal","scope":"/","createdOn":"2018-02-27T19:19:50.2663941Z","updatedOn":"2018-02-27T19:19:50.2663941Z","createdBy":null,"updatedBy":null},"id":"/providers/Microsoft.Authorization/roleAssignments/3e883d24-b106-42ff-ad13-d7bf271b964d","type":"Microsoft.Authorization/roleAssignments","name":"3e883d24-b106-42ff-ad13-d7bf271b964d"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635","principalId":"0dc80135-ae53-4da3-8695-220a2d93aad8","principalType":"User","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","createdOn":"2018-09-10T17:13:24.7776684Z","updatedOn":"2018-09-10T17:13:24.7776684Z","createdBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","updatedBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/roleAssignments/273e1317-f5a2-469f-ae30-79ae57cd22ec","type":"Microsoft.Authorization/roleAssignments","name":"273e1317-f5a2-469f-ae30-79ae57cd22ec"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635","principalId":"327c26bf-bf3e-4128-9b75-fbbd99e98739","principalType":"User","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","createdOn":"2019-01-10T22:02:45.1345439Z","updatedOn":"2019-01-10T22:02:45.1345439Z","createdBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","updatedBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/roleAssignments/75ee36e5-f1d4-4bc7-859d-c7c2afad0117","type":"Microsoft.Authorization/roleAssignments","name":"75ee36e5-f1d4-4bc7-859d-c7c2afad0117"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635","principalId":"36e2f355-d2e2-4fbc-88ab-4281639dff94","principalType":"User","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","createdOn":"2019-08-05T22:34:29.0414452Z","updatedOn":"2019-08-05T22:34:29.0414452Z","createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/roleAssignments/ba87531b-7c7c-4aec-b5d8-2793653616f1","type":"Microsoft.Authorization/roleAssignments","name":"ba87531b-7c7c-4aec-b5d8-2793653616f1"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635","principalId":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","principalType":"User","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","createdOn":"2018-12-04T20:58:25.1746132Z","updatedOn":"2018-12-04T20:58:25.1746132Z","createdBy":"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e","updatedBy":"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/roleAssignments/49ba2f4a-3b4e-4145-b1d9-302ec841dfff","type":"Microsoft.Authorization/roleAssignments","name":"49ba2f4a-3b4e-4145-b1d9-302ec841dfff"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"141fb5c0-e620-44a7-b52a-98ead875e310","principalType":"User","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","createdOn":"2019-06-05T21:48:08.9580161Z","updatedOn":"2019-06-05T21:48:08.9580161Z","createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/roleAssignments/0950a63d-4756-49d3-8b06-fa95427ba8ab","type":"Microsoft.Authorization/roleAssignments","name":"0950a63d-4756-49d3-8b06-fa95427ba8ab"}]}'
+ string: '{"value":[{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7","principalId":"2c2edb87-ecd2-4864-9b2b-1762008042c0","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001","createdOn":"2019-12-06T21:51:39.1804746Z","updatedOn":"2019-12-06T21:51:39.1804746Z","createdBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/roleAssignments/88888888-0000-0000-0000-000000000002","type":"Microsoft.Authorization/roleAssignments","name":"88888888-0000-0000-0000-000000000002"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7","principalId":"dd1f4229-1d63-4f21-a902-d80d5c791f70","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001","createdOn":"2019-12-06T21:51:13.7524750Z","updatedOn":"2019-12-06T21:51:13.7524750Z","createdBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/roleAssignments/88888888-0000-0000-0000-000000000001","type":"Microsoft.Authorization/roleAssignments","name":"88888888-0000-0000-0000-000000000001"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635","principalId":"36e2f355-d2e2-4fbc-88ab-4281639dff94","principalType":"User","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-12-02T17:28:19.2649309Z","updatedOn":"2019-12-02T17:28:19.2649309Z","createdBy":"904fca91-c07a-4528-ac9c-e9496c36d9ef","updatedBy":"904fca91-c07a-4528-ac9c-e9496c36d9ef"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/5e5b1036-a57c-4e6a-8aa2-3056bfe0570a","type":"Microsoft.Authorization/roleAssignments","name":"5e5b1036-a57c-4e6a-8aa2-3056bfe0570a"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635","principalId":"7140c269-e408-47a5-a626-a1d836b96883","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-11-21T00:21:36.3928810Z","updatedOn":"2019-11-21T00:21:36.3928810Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/e931be27-8f07-47bf-b997-5c6a5733d832","type":"Microsoft.Authorization/roleAssignments","name":"e931be27-8f07-47bf-b997-5c6a5733d832"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635","principalId":"904fca91-c07a-4528-ac9c-e9496c36d9ef","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-05-31T23:18:13.9633903Z","updatedOn":"2019-05-31T23:18:13.9633903Z","createdBy":"b8890a11-51b6-457d-99f0-b36fde28fa4f","updatedBy":"b8890a11-51b6-457d-99f0-b36fde28fa4f"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/d93a6a84-ba15-406d-829f-c0b89e6d18fb","type":"Microsoft.Authorization/roleAssignments","name":"d93a6a84-ba15-406d-829f-c0b89e6d18fb"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"251ceddb-6696-442f-85ba-392108eab6cd","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-11-12T00:00:26.7456674Z","updatedOn":"2019-11-12T00:00:26.7456674Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/0473b15a-2a1d-49d7-9782-7ab696b0c35c","type":"Microsoft.Authorization/roleAssignments","name":"0473b15a-2a1d-49d7-9782-7ab696b0c35c"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"32b46ca4-3db8-43dc-9203-30391ed9221e","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-08-06T13:59:51.7599283Z","updatedOn":"2019-08-06T13:59:51.7599283Z","createdBy":"0dc80135-ae53-4da3-8695-220a2d93aad8","updatedBy":"0dc80135-ae53-4da3-8695-220a2d93aad8"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/184bb79b-51fa-4e2e-a8f0-4063df1c91bc","type":"Microsoft.Authorization/roleAssignments","name":"184bb79b-51fa-4e2e-a8f0-4063df1c91bc"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"3963de89-a6e2-4dbf-914b-0fa406a93acc","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-11-20T19:51:33.3764874Z","updatedOn":"2019-11-20T19:51:33.3764874Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/ddbad8cb-6331-43ca-9b13-99b4d1defa45","type":"Microsoft.Authorization/roleAssignments","name":"ddbad8cb-6331-43ca-9b13-99b4d1defa45"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"48036e81-a2af-4e6c-9624-4908615cc36d","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-11-11T22:00:43.0105980Z","updatedOn":"2019-11-11T22:00:43.0105980Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/293789eb-75c2-4d3e-aabb-9dd1c3235365","type":"Microsoft.Authorization/roleAssignments","name":"293789eb-75c2-4d3e-aabb-9dd1c3235365"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"52018bb5-d55b-4981-9e28-6561993b891f","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-11-20T22:21:37.9215384Z","updatedOn":"2019-11-20T22:21:37.9215384Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/1692db3e-f6ef-4956-a7f8-7a26bcc8e6ce","type":"Microsoft.Authorization/roleAssignments","name":"1692db3e-f6ef-4956-a7f8-7a26bcc8e6ce"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"647f8596-2369-4988-a444-5ef7ed0bdc08","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-10-31T21:26:49.4889195Z","updatedOn":"2019-10-31T21:26:49.4889195Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/c2111c6c-e625-42b8-971b-ea4b80c8b0cb","type":"Microsoft.Authorization/roleAssignments","name":"c2111c6c-e625-42b8-971b-ea4b80c8b0cb"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"670a0604-32d9-44a5-b18e-afc95e4c3b42","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-11-05T18:57:24.2053253Z","updatedOn":"2019-11-05T18:57:24.2053253Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/a102996d-2873-4dfc-ae46-ab874c69a6db","type":"Microsoft.Authorization/roleAssignments","name":"a102996d-2873-4dfc-ae46-ab874c69a6db"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"6b4fa280-ebc5-4491-92d6-a993f22d3832","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-11-05T18:56:31.7536098Z","updatedOn":"2019-11-05T18:56:31.7536098Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/a102996d-2873-4dfc-ae46-ab874c69a6d5","type":"Microsoft.Authorization/roleAssignments","name":"a102996d-2873-4dfc-ae46-ab874c69a6d5"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"6ce407d2-3f01-403e-8bb9-a4d8ff959e87","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-11-11T21:59:58.4957035Z","updatedOn":"2019-11-11T21:59:58.4957035Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/293789eb-75c2-4d3e-aabb-9dd1c3235360","type":"Microsoft.Authorization/roleAssignments","name":"293789eb-75c2-4d3e-aabb-9dd1c3235360"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"6f579e8c-443d-4932-8fa7-00a888a6e4b4","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-11-20T19:48:24.6596159Z","updatedOn":"2019-11-20T19:48:24.6596159Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/ddbad8cb-6331-43ca-9b13-99b4d1def372","type":"Microsoft.Authorization/roleAssignments","name":"ddbad8cb-6331-43ca-9b13-99b4d1def372"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"81c20a45-4f13-45f0-9ced-b2daedac5636","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-11-05T18:54:02.6500420Z","updatedOn":"2019-11-05T18:54:02.6500420Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/a102996d-2873-4dfc-ae46-ab874c69a36f","type":"Microsoft.Authorization/roleAssignments","name":"a102996d-2873-4dfc-ae46-ab874c69a36f"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"827038e7-cb6c-4fec-b6ac-ba21fed2eadb","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-11-06T17:58:06.5153444Z","updatedOn":"2019-11-06T17:58:06.5153444Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/fc2ff254-b71f-4fbf-8595-af076c8e36c6","type":"Microsoft.Authorization/roleAssignments","name":"fc2ff254-b71f-4fbf-8595-af076c8e36c6"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"8b9d526a-9e43-4d1b-8bfe-cfe4d90f3b58","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-11-21T00:29:10.5484201Z","updatedOn":"2019-11-21T00:29:10.5484201Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/270f0d11-af30-4c15-95f7-28ba884518f5","type":"Microsoft.Authorization/roleAssignments","name":"270f0d11-af30-4c15-95f7-28ba884518f5"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"91331681-b5c9-4ce9-b968-82ad444690b3","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-11-05T18:57:46.2302487Z","updatedOn":"2019-11-05T18:57:46.2302487Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/a102996d-2873-4dfc-ae46-ab874c69a6e0","type":"Microsoft.Authorization/roleAssignments","name":"a102996d-2873-4dfc-ae46-ab874c69a6e0"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"9e949436-a38a-4cde-8e15-4304073650fb","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-11-05T19:03:21.0923852Z","updatedOn":"2019-11-05T19:03:21.0923852Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/a102996d-2873-4dfc-ae46-ab874c69aa4f","type":"Microsoft.Authorization/roleAssignments","name":"a102996d-2873-4dfc-ae46-ab874c69aa4f"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"9f6b0b38-d4b1-43d7-9ec8-4905306fe6fa","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-11-06T23:26:57.7873622Z","updatedOn":"2019-11-06T23:26:57.7873622Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/21c95410-09fb-4c9d-a65d-b0371b932401","type":"Microsoft.Authorization/roleAssignments","name":"21c95410-09fb-4c9d-a65d-b0371b932401"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"a612b2da-d891-48bd-94d3-2f15ca98b89f","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-11-05T18:58:22.9185374Z","updatedOn":"2019-11-05T18:58:22.9185374Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/a102996d-2873-4dfc-ae46-ab874c69aa41","type":"Microsoft.Authorization/roleAssignments","name":"a102996d-2873-4dfc-ae46-ab874c69aa41"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"bb4e9cd1-f508-4784-a374-4e9e46c83140","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-11-05T18:52:33.8624038Z","updatedOn":"2019-11-05T18:52:33.8624038Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/a102996d-2873-4dfc-ae46-ab874c69a008","type":"Microsoft.Authorization/roleAssignments","name":"a102996d-2873-4dfc-ae46-ab874c69a008"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"c7519ca7-0d79-4b0f-af0b-0a4cfe3402d0","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-11-20T22:11:27.9133892Z","updatedOn":"2019-11-20T22:11:27.9133892Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/b7e76e4f-2095-46c4-858b-8fcf80d52c7c","type":"Microsoft.Authorization/roleAssignments","name":"b7e76e4f-2095-46c4-858b-8fcf80d52c7c"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"dd40a1fa-e606-4f59-99e4-d21f640b5522","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-11-05T19:01:34.1126842Z","updatedOn":"2019-11-05T19:01:34.1126842Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/a102996d-2873-4dfc-ae46-ab874c69aa47","type":"Microsoft.Authorization/roleAssignments","name":"a102996d-2873-4dfc-ae46-ab874c69aa47"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"ee6af347-6b68-404f-bde1-7c76c2d8dca0","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-11-12T00:09:30.4207845Z","updatedOn":"2019-11-12T00:09:30.4207845Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/0473b15a-2a1d-49d7-9782-7ab696b0c6bc","type":"Microsoft.Authorization/roleAssignments","name":"0473b15a-2a1d-49d7-9782-7ab696b0c6bc"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"f853f01d-b28c-4004-8bd2-bcc6a55b3480","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-11-05T18:55:50.5869802Z","updatedOn":"2019-11-05T18:55:50.5869802Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/a102996d-2873-4dfc-ae46-ab874c69a6d0","type":"Microsoft.Authorization/roleAssignments","name":"a102996d-2873-4dfc-ae46-ab874c69a6d0"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/f25e0fa2-a7c8-4377-a976-54943a77a395","principalId":"4cf3d5b2-d184-43ae-a61f-89f6bc9296f1","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-12-06T00:27:38.2236171Z","updatedOn":"2019-12-06T00:27:38.2236171Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/b378eacf-348f-4220-ba6d-cebd36da9110","type":"Microsoft.Authorization/roleAssignments","name":"b378eacf-348f-4220-ba6d-cebd36da9110"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/f25e0fa2-a7c8-4377-a976-54943a77a395","principalId":"ca0da12b-d6d2-4633-b8af-0841feb68593","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-11-21T17:37:49.8080915Z","updatedOn":"2019-11-21T17:37:49.8080915Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/dc1dedcc-746a-40f3-b421-ab4328682c7b","type":"Microsoft.Authorization/roleAssignments","name":"dc1dedcc-746a-40f3-b421-ab4328682c7b"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/f25e0fa2-a7c8-4377-a976-54943a77a395","principalId":"dfd2385a-7700-420f-b164-bd9ffb52285b","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-11-21T17:43:54.9564973Z","updatedOn":"2019-11-21T17:43:54.9564973Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/78a38c70-5549-49bd-8a16-fe3619e5d911","type":"Microsoft.Authorization/roleAssignments","name":"78a38c70-5549-49bd-8a16-fe3619e5d911"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/f25e0fa2-a7c8-4377-a976-54943a77a395","principalId":"f12ee62c-35e6-45ec-b44b-13587ca23514","principalType":"ServicePrincipal","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","createdOn":"2019-03-26T00:12:05.3694844Z","updatedOn":"2019-03-26T00:12:05.3694844Z","createdBy":"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e","updatedBy":"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/3863c624-094c-480d-bc42-74970b55e5e6","type":"Microsoft.Authorization/roleAssignments","name":"3863c624-094c-480d-bc42-74970b55e5e6"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7","principalId":"5c617d2b-99f8-4c90-98fe-dfe040fa33c1","principalType":"ServicePrincipal","scope":"/","createdOn":"2018-02-27T19:19:50.2663941Z","updatedOn":"2018-02-27T19:19:50.2663941Z","createdBy":null,"updatedBy":null},"id":"/providers/Microsoft.Authorization/roleAssignments/3e883d24-b106-42ff-ad13-d7bf271b964d","type":"Microsoft.Authorization/roleAssignments","name":"3e883d24-b106-42ff-ad13-d7bf271b964d"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/36243c78-bf99-498c-9df9-86d9f8d28608","principalId":"7140c269-e408-47a5-a626-a1d836b96883","principalType":"ServicePrincipal","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","createdOn":"2019-11-21T18:17:31.7147895Z","updatedOn":"2019-11-21T18:17:31.7147895Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/roleAssignments/b90658a5-be40-4b19-8e32-113491b98453","type":"Microsoft.Authorization/roleAssignments","name":"b90658a5-be40-4b19-8e32-113491b98453"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635","principalId":"0dc80135-ae53-4da3-8695-220a2d93aad8","principalType":"User","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","createdOn":"2018-09-10T17:13:24.7776684Z","updatedOn":"2018-09-10T17:13:24.7776684Z","createdBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","updatedBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/roleAssignments/273e1317-f5a2-469f-ae30-79ae57cd22ec","type":"Microsoft.Authorization/roleAssignments","name":"273e1317-f5a2-469f-ae30-79ae57cd22ec"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635","principalId":"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e","principalType":"User","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","createdOn":"2019-11-07T19:18:00.1798469Z","updatedOn":"2019-11-07T19:18:00.1798469Z","createdBy":"0dc80135-ae53-4da3-8695-220a2d93aad8","updatedBy":"0dc80135-ae53-4da3-8695-220a2d93aad8"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/roleAssignments/3a22899f-d177-45ae-8b8b-119e800a3dc6","type":"Microsoft.Authorization/roleAssignments","name":"3a22899f-d177-45ae-8b8b-119e800a3dc6"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635","principalId":"327c26bf-bf3e-4128-9b75-fbbd99e98739","principalType":"User","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","createdOn":"2019-01-10T22:02:45.1345439Z","updatedOn":"2019-01-10T22:02:45.1345439Z","createdBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","updatedBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/roleAssignments/75ee36e5-f1d4-4bc7-859d-c7c2afad0117","type":"Microsoft.Authorization/roleAssignments","name":"75ee36e5-f1d4-4bc7-859d-c7c2afad0117"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635","principalId":"36e2f355-d2e2-4fbc-88ab-4281639dff94","principalType":"User","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","createdOn":"2019-08-05T22:34:29.0414452Z","updatedOn":"2019-08-05T22:34:29.0414452Z","createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/roleAssignments/ba87531b-7c7c-4aec-b5d8-2793653616f1","type":"Microsoft.Authorization/roleAssignments","name":"ba87531b-7c7c-4aec-b5d8-2793653616f1"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635","principalId":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","principalType":"User","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","createdOn":"2018-12-04T20:58:25.1746132Z","updatedOn":"2018-12-04T20:58:25.1746132Z","createdBy":"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e","updatedBy":"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/roleAssignments/49ba2f4a-3b4e-4145-b1d9-302ec841dfff","type":"Microsoft.Authorization/roleAssignments","name":"49ba2f4a-3b4e-4145-b1d9-302ec841dfff"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635","principalId":"b8890a11-51b6-457d-99f0-b36fde28fa4f","principalType":"User","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","createdOn":"2019-11-07T19:18:01.0739364Z","updatedOn":"2019-11-07T19:18:01.0739364Z","createdBy":"0dc80135-ae53-4da3-8695-220a2d93aad8","updatedBy":"0dc80135-ae53-4da3-8695-220a2d93aad8"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/roleAssignments/dca387fc-991d-421a-9935-1b749061d1fc","type":"Microsoft.Authorization/roleAssignments","name":"dca387fc-991d-421a-9935-1b749061d1fc"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"141fb5c0-e620-44a7-b52a-98ead875e310","principalType":"User","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","createdOn":"2019-06-05T21:48:08.9580161Z","updatedOn":"2019-06-05T21:48:08.9580161Z","createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/roleAssignments/0950a63d-4756-49d3-8b06-fa95427ba8ab","type":"Microsoft.Authorization/roleAssignments","name":"0950a63d-4756-49d3-8b06-fa95427ba8ab"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId":"7140c269-e408-47a5-a626-a1d836b96883","principalType":"ServicePrincipal","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","createdOn":"2019-11-26T18:32:58.7205502Z","updatedOn":"2019-11-26T18:32:58.7205502Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/roleAssignments/5d5f1cc4-e656-4730-ac8b-257e4edf2fa4","type":"Microsoft.Authorization/roleAssignments","name":"5d5f1cc4-e656-4730-ac8b-257e4edf2fa4"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/f25e0fa2-a7c8-4377-a976-54943a77a395","principalId":"067c1aa0-c425-4ad5-80fe-41d4639b1d42","principalType":"ServicePrincipal","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","createdOn":"2019-11-21T17:44:18.7687874Z","updatedOn":"2019-11-21T17:44:18.7687874Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/roleAssignments/78a38c70-5549-49bd-8a16-fe3619e5d918","type":"Microsoft.Authorization/roleAssignments","name":"78a38c70-5549-49bd-8a16-fe3619e5d918"},{"properties":{"roleDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/f25e0fa2-a7c8-4377-a976-54943a77a395","principalId":"20c50ab7-70da-40c7-806b-937bf59825b3","principalType":"ServicePrincipal","scope":"/providers/microsoft.management/managementgroups/AzGovPerfTest","createdOn":"2019-12-06T00:27:35.0978012Z","updatedOn":"2019-12-06T00:27:35.0978012Z","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94"},"id":"/providers/microsoft.management/managementgroups/AzGovPerfTest/providers/Microsoft.Authorization/roleAssignments/c973dcac-4ee7-4ee5-ad95-f54de86a0036","type":"Microsoft.Authorization/roleAssignments","name":"c973dcac-4ee7-4ee5-ad95-f54de86a0036"}]}'
headers:
cache-control:
- no-cache
content-length:
- - '13840'
+ - '32860'
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:59:45 GMT
+ - Fri, 06 Dec 2019 21:51:40 GMT
expires:
- '-1'
pragma:
- no-cache
set-cookie:
- - x-ms-gateway-slice=Production; path=/; secure; HttpOnly
+ - x-ms-gateway-slice=Production; path=/; SameSite=None; secure; HttpOnly
strict-transport-security:
- max-age=31536000; includeSubDomains
transfer-encoding:
@@ -2292,8 +1991,8 @@ interactions:
ParameterSetName:
- --resource-group --role
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-authorization/0.52.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-authorization/0.52.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
@@ -2310,7 +2009,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:59:45 GMT
+ - Fri, 06 Dec 2019 21:51:40 GMT
expires:
- '-1'
pragma:
@@ -2346,8 +2045,8 @@ interactions:
ParameterSetName:
- --resource-group --role
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-authorization/0.52.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-authorization/0.52.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
@@ -2384,8 +2083,8 @@ interactions:
pull\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.ContainerRegistry/registries/pull/read\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2018-10-22T19:01:56.8227182Z\",\"updatedOn\":\"2018-11-13T23:22:03.2302457Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/7f951dda-4ed3-4680-a7ca-43fe172d538d\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"7f951dda-4ed3-4680-a7ca-43fe172d538d\"},{\"properties\":{\"roleName\":\"AcrImageSigner\",\"type\":\"BuiltInRole\",\"description\":\"acr
image signer\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.ContainerRegistry/registries/sign/write\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2018-03-15T23:23:08.4038322Z\",\"updatedOn\":\"2018-10-29T19:06:24.9004422Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/6cef56e8-d556-48e5-a04f-b8e64114680f\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"6cef56e8-d556-48e5-a04f-b8e64114680f\"},{\"properties\":{\"roleName\":\"AcrDelete\",\"type\":\"BuiltInRole\",\"description\":\"acr
delete\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.ContainerRegistry/registries/artifacts/delete\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-03-11T20:19:31.6682804Z\",\"updatedOn\":\"2019-03-11T20:24:38.9845104Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"c2f4ef07-c644-48eb-af81-4b1b4947fb11\"},{\"properties\":{\"roleName\":\"AcrQuarantineReader\",\"type\":\"BuiltInRole\",\"description\":\"acr
- quarantine data reader\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.ContainerRegistry/registries/quarantineRead/read\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2018-03-16T00:27:39.9596835Z\",\"updatedOn\":\"2018-10-29T19:16:24.3521233Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/cdda3590-29a3-44f6-95f2-9f980659eb04\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"cdda3590-29a3-44f6-95f2-9f980659eb04\"},{\"properties\":{\"roleName\":\"AcrQuarantineWriter\",\"type\":\"BuiltInRole\",\"description\":\"acr
- quarantine data writer\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.ContainerRegistry/registries/quarantineRead/read\",\"Microsoft.ContainerRegistry/registries/quarantineWrite/write\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2018-03-16T00:26:37.5871820Z\",\"updatedOn\":\"2018-10-29T19:22:29.9285629Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"c8d4ff99-41c3-41a8-9f60-21dfdad59608\"},{\"properties\":{\"roleName\":\"API
+ quarantine data reader\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.ContainerRegistry/registries/quarantine/read\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2018-03-16T00:27:39.9596835Z\",\"updatedOn\":\"2019-10-22T00:12:39.7020930Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/cdda3590-29a3-44f6-95f2-9f980659eb04\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"cdda3590-29a3-44f6-95f2-9f980659eb04\"},{\"properties\":{\"roleName\":\"AcrQuarantineWriter\",\"type\":\"BuiltInRole\",\"description\":\"acr
+ quarantine data writer\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.ContainerRegistry/registries/quarantine/read\",\"Microsoft.ContainerRegistry/registries/quarantine/write\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2018-03-16T00:26:37.5871820Z\",\"updatedOn\":\"2019-10-22T00:10:29.8202164Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"c8d4ff99-41c3-41a8-9f60-21dfdad59608\"},{\"properties\":{\"roleName\":\"API
Management Service Operator Role\",\"type\":\"BuiltInRole\",\"description\":\"Can
manage service but not the APIs\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.ApiManagement/service/*/read\",\"Microsoft.ApiManagement/service/backup/action\",\"Microsoft.ApiManagement/service/delete\",\"Microsoft.ApiManagement/service/managedeployments/action\",\"Microsoft.ApiManagement/service/read\",\"Microsoft.ApiManagement/service/restore/action\",\"Microsoft.ApiManagement/service/updatecertificate/action\",\"Microsoft.ApiManagement/service/updatehostname/action\",\"Microsoft.ApiManagement/service/write\",\"Microsoft.Authorization/*/read\",\"Microsoft.Insights/alertRules/*\",\"Microsoft.ResourceHealth/availabilityStatuses/read\",\"Microsoft.Resources/deployments/*\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Support/*\"],\"notActions\":[\"Microsoft.ApiManagement/service/users/keys/read\"],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2016-11-09T00:03:42.1194019Z\",\"updatedOn\":\"2016-11-18T23:56:25.4682649Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/e022efe7-f5ba-4159-bbe4-b44f577e9b61\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"e022efe7-f5ba-4159-bbe4-b44f577e9b61\"},{\"properties\":{\"roleName\":\"API
Management Service Reader Role\",\"type\":\"BuiltInRole\",\"description\":\"Read-only
@@ -2395,7 +2094,7 @@ interactions:
Insights Snapshot Debugger\",\"type\":\"BuiltInRole\",\"description\":\"Gives
user permission to use Application Insights Snapshot Debugger features\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Authorization/*/read\",\"Microsoft.Insights/alertRules/*\",\"Microsoft.Insights/components/*/read\",\"Microsoft.Resources/deployments/*\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Support/*\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2017-04-19T21:25:12.3728747Z\",\"updatedOn\":\"2017-04-19T23:34:59.9511581Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/08954f03-6346-4c2e-81c0-ec3a5cfae23b\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"08954f03-6346-4c2e-81c0-ec3a5cfae23b\"},{\"properties\":{\"roleName\":\"Attestation
Reader\",\"type\":\"BuiltInRole\",\"description\":\"Can read the attestation
- provider properties\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Attestation/attestationProviders/attestation/read\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-03-25T19:42:59.1576710Z\",\"updatedOn\":\"2019-07-01T17:52:38.9036953Z\",\"createdBy\":null,\"updatedBy\":\"SYSTEM\"},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/fd1bd22b-8476-40bc-a0bc-69b95687b9f3\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"fd1bd22b-8476-40bc-a0bc-69b95687b9f3\"},{\"properties\":{\"roleName\":\"Automation
+ provider properties\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Attestation/attestationProviders/attestation/read\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-03-25T19:42:59.1576710Z\",\"updatedOn\":\"2019-05-10T17:52:38.9036953Z\",\"createdBy\":null,\"updatedBy\":\"SYSTEM\"},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/fd1bd22b-8476-40bc-a0bc-69b95687b9f3\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"fd1bd22b-8476-40bc-a0bc-69b95687b9f3\"},{\"properties\":{\"roleName\":\"Automation
Job Operator\",\"type\":\"BuiltInRole\",\"description\":\"Create and Manage
Jobs using Automation Runbooks.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Authorization/*/read\",\"Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read\",\"Microsoft.Automation/automationAccounts/jobs/read\",\"Microsoft.Automation/automationAccounts/jobs/resume/action\",\"Microsoft.Automation/automationAccounts/jobs/stop/action\",\"Microsoft.Automation/automationAccounts/jobs/streams/read\",\"Microsoft.Automation/automationAccounts/jobs/suspend/action\",\"Microsoft.Automation/automationAccounts/jobs/write\",\"Microsoft.Automation/automationAccounts/jobs/output/read\",\"Microsoft.Insights/alertRules/*\",\"Microsoft.Resources/deployments/*\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Support/*\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2017-04-19T20:52:41.0020018Z\",\"updatedOn\":\"2018-08-14T22:08:48.1147327Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/4fe576fe-1146-4730-92eb-48519fa6bf9f\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"4fe576fe-1146-4730-92eb-48519fa6bf9f\"},{\"properties\":{\"roleName\":\"Automation
Runbook Operator\",\"type\":\"BuiltInRole\",\"description\":\"Read Runbook
@@ -2474,7 +2173,7 @@ interactions:
Labs User\",\"type\":\"BuiltInRole\",\"description\":\"Lets you connect, start,
restart, and shutdown your virtual machines in your Azure DevTest Labs.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Authorization/*/read\",\"Microsoft.Compute/availabilitySets/read\",\"Microsoft.Compute/virtualMachines/*/read\",\"Microsoft.Compute/virtualMachines/deallocate/action\",\"Microsoft.Compute/virtualMachines/read\",\"Microsoft.Compute/virtualMachines/restart/action\",\"Microsoft.Compute/virtualMachines/start/action\",\"Microsoft.DevTestLab/*/read\",\"Microsoft.DevTestLab/labs/claimAnyVm/action\",\"Microsoft.DevTestLab/labs/createEnvironment/action\",\"Microsoft.DevTestLab/labs/ensureCurrentUserProfile/action\",\"Microsoft.DevTestLab/labs/formulas/delete\",\"Microsoft.DevTestLab/labs/formulas/read\",\"Microsoft.DevTestLab/labs/formulas/write\",\"Microsoft.DevTestLab/labs/policySets/evaluatePolicies/action\",\"Microsoft.DevTestLab/labs/virtualMachines/claim/action\",\"Microsoft.DevTestLab/labs/virtualmachines/listApplicableSchedules/action\",\"Microsoft.DevTestLab/labs/virtualMachines/getRdpFileContents/action\",\"Microsoft.Network/loadBalancers/backendAddressPools/join/action\",\"Microsoft.Network/loadBalancers/inboundNatRules/join/action\",\"Microsoft.Network/networkInterfaces/*/read\",\"Microsoft.Network/networkInterfaces/join/action\",\"Microsoft.Network/networkInterfaces/read\",\"Microsoft.Network/networkInterfaces/write\",\"Microsoft.Network/publicIPAddresses/*/read\",\"Microsoft.Network/publicIPAddresses/join/action\",\"Microsoft.Network/publicIPAddresses/read\",\"Microsoft.Network/virtualNetworks/subnets/join/action\",\"Microsoft.Resources/deployments/operations/read\",\"Microsoft.Resources/deployments/read\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Storage/storageAccounts/listKeys/action\"],\"notActions\":[\"Microsoft.Compute/virtualMachines/vmSizes/read\"],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2015-06-08T21:52:45.0657582Z\",\"updatedOn\":\"2019-05-08T11:27:34.8855476Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/76283e04-6283-4c54-8f91-bcf1374a3c64\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"76283e04-6283-4c54-8f91-bcf1374a3c64\"},{\"properties\":{\"roleName\":\"DocumentDB
Account Contributor\",\"type\":\"BuiltInRole\",\"description\":\"Lets you
- manage DocumentDB accounts, but not access to them.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Authorization/*/read\",\"Microsoft.DocumentDb/databaseAccounts/*\",\"Microsoft.Insights/alertRules/*\",\"Microsoft.ResourceHealth/availabilityStatuses/read\",\"Microsoft.Resources/deployments/*\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Support/*\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2015-02-02T21:55:09.8806423Z\",\"updatedOn\":\"2019-02-05T21:24:22.5964810Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/5bd9cd88-fe45-4216-938b-f97437e15450\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"5bd9cd88-fe45-4216-938b-f97437e15450\"},{\"properties\":{\"roleName\":\"DNS
+ manage DocumentDB accounts, but not access to them.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Authorization/*/read\",\"Microsoft.DocumentDb/databaseAccounts/*\",\"Microsoft.Insights/alertRules/*\",\"Microsoft.ResourceHealth/availabilityStatuses/read\",\"Microsoft.Resources/deployments/*\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Support/*\",\"Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2015-02-02T21:55:09.8806423Z\",\"updatedOn\":\"2019-11-21T01:38:32.0948484Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/5bd9cd88-fe45-4216-938b-f97437e15450\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"5bd9cd88-fe45-4216-938b-f97437e15450\"},{\"properties\":{\"roleName\":\"DNS
Zone Contributor\",\"type\":\"BuiltInRole\",\"description\":\"Lets you manage
DNS zones and record sets in Azure DNS, but does not let you control who has
access to them.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Authorization/*/read\",\"Microsoft.Insights/alertRules/*\",\"Microsoft.Network/dnsZones/*\",\"Microsoft.ResourceHealth/availabilityStatuses/read\",\"Microsoft.Resources/deployments/*\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Support/*\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2015-10-15T23:33:25.9730842Z\",\"updatedOn\":\"2016-05-31T23:13:40.3710365Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/befefa01-2a29-4197-83a8-272ff33ce314\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"befefa01-2a29-4197-83a8-272ff33ce314\"},{\"properties\":{\"roleName\":\"EventGrid
@@ -2507,9 +2206,9 @@ interactions:
creating and configuring Automation accounts; adding solutions; and configuring
Azure diagnostics on all Azure resources.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"*/read\",\"Microsoft.Automation/automationAccounts/*\",\"Microsoft.ClassicCompute/virtualMachines/extensions/*\",\"Microsoft.ClassicStorage/storageAccounts/listKeys/action\",\"Microsoft.Compute/virtualMachines/extensions/*\",\"Microsoft.Insights/alertRules/*\",\"Microsoft.Insights/diagnosticSettings/*\",\"Microsoft.OperationalInsights/*\",\"Microsoft.OperationsManagement/*\",\"Microsoft.Resources/deployments/*\",\"Microsoft.Resources/subscriptions/resourcegroups/deployments/*\",\"Microsoft.Storage/storageAccounts/listKeys/action\",\"Microsoft.Support/*\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2017-04-25T21:51:45.3174711Z\",\"updatedOn\":\"2018-01-30T18:08:26.6376126Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"92aaf0da-9dab-42b6-94a3-d43ce8d16293\"},{\"properties\":{\"roleName\":\"Logic
App Operator\",\"type\":\"BuiltInRole\",\"description\":\"Lets you read, enable
- and disable logic app.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Authorization/*/read\",\"Microsoft.Insights/alertRules/*/read\",\"Microsoft.Insights/diagnosticSettings/*/read\",\"Microsoft.Insights/metricDefinitions/*/read\",\"Microsoft.Logic/*/read\",\"Microsoft.Logic/workflows/disable/action\",\"Microsoft.Logic/workflows/enable/action\",\"Microsoft.Logic/workflows/validate/action\",\"Microsoft.Resources/deployments/operations/read\",\"Microsoft.Resources/subscriptions/operationresults/read\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Support/*\",\"Microsoft.Web/connectionGateways/*/read\",\"Microsoft.Web/connections/*/read\",\"Microsoft.Web/customApis/*/read\",\"Microsoft.Web/serverFarms/read\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2016-04-28T21:33:30.4656007Z\",\"updatedOn\":\"2018-01-10T23:14:26.9539724Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/515c2055-d9d4-4321-b1b9-bd0c9a0f79fe\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"515c2055-d9d4-4321-b1b9-bd0c9a0f79fe\"},{\"properties\":{\"roleName\":\"Logic
+ and disable logic app.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Authorization/*/read\",\"Microsoft.Insights/alertRules/*/read\",\"Microsoft.Insights/metricAlerts/*/read\",\"Microsoft.Insights/diagnosticSettings/*/read\",\"Microsoft.Insights/metricDefinitions/*/read\",\"Microsoft.Logic/*/read\",\"Microsoft.Logic/workflows/disable/action\",\"Microsoft.Logic/workflows/enable/action\",\"Microsoft.Logic/workflows/validate/action\",\"Microsoft.Resources/deployments/operations/read\",\"Microsoft.Resources/subscriptions/operationresults/read\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Support/*\",\"Microsoft.Web/connectionGateways/*/read\",\"Microsoft.Web/connections/*/read\",\"Microsoft.Web/customApis/*/read\",\"Microsoft.Web/serverFarms/read\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2016-04-28T21:33:30.4656007Z\",\"updatedOn\":\"2019-10-15T04:28:56.3265986Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/515c2055-d9d4-4321-b1b9-bd0c9a0f79fe\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"515c2055-d9d4-4321-b1b9-bd0c9a0f79fe\"},{\"properties\":{\"roleName\":\"Logic
App Contributor\",\"type\":\"BuiltInRole\",\"description\":\"Lets you manage
- logic app, but not access to them.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Authorization/*/read\",\"Microsoft.ClassicStorage/storageAccounts/listKeys/action\",\"Microsoft.ClassicStorage/storageAccounts/read\",\"Microsoft.Insights/alertRules/*\",\"Microsoft.Insights/diagnosticSettings/*\",\"Microsoft.Insights/logdefinitions/*\",\"Microsoft.Insights/metricDefinitions/*\",\"Microsoft.Logic/*\",\"Microsoft.Resources/deployments/*\",\"Microsoft.Resources/subscriptions/operationresults/read\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Storage/storageAccounts/listkeys/action\",\"Microsoft.Storage/storageAccounts/read\",\"Microsoft.Support/*\",\"Microsoft.Web/connectionGateways/*\",\"Microsoft.Web/connections/*\",\"Microsoft.Web/customApis/*\",\"Microsoft.Web/serverFarms/join/action\",\"Microsoft.Web/serverFarms/read\",\"Microsoft.Web/sites/functions/listSecrets/action\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2016-04-28T21:33:30.4656007Z\",\"updatedOn\":\"2018-01-10T23:11:44.8580600Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/87a39d53-fc1b-424a-814c-f7e04687dc9e\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"87a39d53-fc1b-424a-814c-f7e04687dc9e\"},{\"properties\":{\"roleName\":\"Managed
+ logic app, but not access to them.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Authorization/*/read\",\"Microsoft.ClassicStorage/storageAccounts/listKeys/action\",\"Microsoft.ClassicStorage/storageAccounts/read\",\"Microsoft.Insights/alertRules/*\",\"Microsoft.Insights/metricAlerts/*\",\"Microsoft.Insights/diagnosticSettings/*\",\"Microsoft.Insights/logdefinitions/*\",\"Microsoft.Insights/metricDefinitions/*\",\"Microsoft.Logic/*\",\"Microsoft.Resources/deployments/*\",\"Microsoft.Resources/subscriptions/operationresults/read\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Storage/storageAccounts/listkeys/action\",\"Microsoft.Storage/storageAccounts/read\",\"Microsoft.Support/*\",\"Microsoft.Web/connectionGateways/*\",\"Microsoft.Web/connections/*\",\"Microsoft.Web/customApis/*\",\"Microsoft.Web/serverFarms/join/action\",\"Microsoft.Web/serverFarms/read\",\"Microsoft.Web/sites/functions/listSecrets/action\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2016-04-28T21:33:30.4656007Z\",\"updatedOn\":\"2019-10-15T04:31:27.7685427Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/87a39d53-fc1b-424a-814c-f7e04687dc9e\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"87a39d53-fc1b-424a-814c-f7e04687dc9e\"},{\"properties\":{\"roleName\":\"Managed
Application Operator Role\",\"type\":\"BuiltInRole\",\"description\":\"Lets
you read and perform actions on Managed Application resources\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"*/read\",\"Microsoft.Solutions/applications/read\",\"Microsoft.Solutions/*/action\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2018-07-27T00:59:33.7988813Z\",\"updatedOn\":\"2019-02-20T01:09:55.1593079Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/c7393b34-138c-406f-901b-d8cf2b17e6ae\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"c7393b34-138c-406f-901b-d8cf2b17e6ae\"},{\"properties\":{\"roleName\":\"Managed
Applications Reader\",\"type\":\"BuiltInRole\",\"description\":\"Lets you
@@ -2541,9 +2240,8 @@ interactions:
everything but will not let you delete or create a storage account or contained
resource. It will also allow read/write access to all data contained in a
storage account via access to storage account keys.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Storage/storageAccounts/listKeys/action\",\"Microsoft.Storage/storageAccounts/ListAccountSas/action\",\"Microsoft.Storage/storageAccounts/read\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2018-03-27T23:20:46.1498906Z\",\"updatedOn\":\"2019-04-04T23:41:26.1056261Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/c12c1c16-33a1-487b-954d-41c89c60f349\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"c12c1c16-33a1-487b-954d-41c89c60f349\"},{\"properties\":{\"roleName\":\"Resource
- Policy Contributor (Preview)\",\"type\":\"BuiltInRole\",\"description\":\"(Preview)
- Backfilled users from EA, with rights to create/modify resource policy, create
- support ticket and read resources/hierarchy.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"*/read\",\"Microsoft.Authorization/policyassignments/*\",\"Microsoft.Authorization/policydefinitions/*\",\"Microsoft.Authorization/policysetdefinitions/*\",\"Microsoft.PolicyInsights/*\",\"Microsoft.Support/*\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2017-08-25T19:08:01.3861639Z\",\"updatedOn\":\"2018-01-30T18:08:27.8272264Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/36243c78-bf99-498c-9df9-86d9f8d28608\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"36243c78-bf99-498c-9df9-86d9f8d28608\"},{\"properties\":{\"roleName\":\"Scheduler
+ Policy Contributor\",\"type\":\"BuiltInRole\",\"description\":\"Users with
+ rights to create/modify resource policy, create support ticket and read resources/hierarchy.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"*/read\",\"Microsoft.Authorization/policyassignments/*\",\"Microsoft.Authorization/policydefinitions/*\",\"Microsoft.Authorization/policysetdefinitions/*\",\"Microsoft.PolicyInsights/*\",\"Microsoft.Support/*\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2017-08-25T19:08:01.3861639Z\",\"updatedOn\":\"2019-11-20T20:26:12.8811365Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/36243c78-bf99-498c-9df9-86d9f8d28608\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"36243c78-bf99-498c-9df9-86d9f8d28608\"},{\"properties\":{\"roleName\":\"Scheduler
Job Collections Contributor\",\"type\":\"BuiltInRole\",\"description\":\"Lets
you manage Scheduler job collections, but not access to them.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Authorization/*/read\",\"Microsoft.Insights/alertRules/*\",\"Microsoft.ResourceHealth/availabilityStatuses/read\",\"Microsoft.Resources/deployments/*\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Scheduler/jobcollections/*\",\"Microsoft.Support/*\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2015-02-02T21:55:09.8806423Z\",\"updatedOn\":\"2019-02-05T20:42:24.8360756Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/188a0f2f-5c9e-469b-ae67-2aa5ce574b94\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"188a0f2f-5c9e-469b-ae67-2aa5ce574b94\"},{\"properties\":{\"roleName\":\"Search
Service Contributor\",\"type\":\"BuiltInRole\",\"description\":\"Lets you
@@ -2555,7 +2253,7 @@ interactions:
Anchors Account Contributor\",\"type\":\"BuiltInRole\",\"description\":\"Lets
you manage spatial anchors in your account, but not delete them\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.MixedReality/SpatialAnchorsAccounts/create/action\",\"Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/read\",\"Microsoft.MixedReality/SpatialAnchorsAccounts/properties/read\",\"Microsoft.MixedReality/SpatialAnchorsAccounts/query/read\",\"Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read\",\"Microsoft.MixedReality/SpatialAnchorsAccounts/write\"],\"notDataActions\":[]}],\"createdOn\":\"2018-12-21T17:57:41.1420864Z\",\"updatedOn\":\"2019-02-13T06:13:39.8686435Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827\"},{\"properties\":{\"roleName\":\"Site
Recovery Contributor\",\"type\":\"BuiltInRole\",\"description\":\"Lets you
- manage Site Recovery service except vault creation and role assignment\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Authorization/*/read\",\"Microsoft.Insights/alertRules/*\",\"Microsoft.Network/virtualNetworks/read\",\"Microsoft.RecoveryServices/locations/allocatedStamp/read\",\"Microsoft.RecoveryServices/locations/allocateStamp/action\",\"Microsoft.RecoveryServices/Vaults/certificates/write\",\"Microsoft.RecoveryServices/Vaults/extendedInformation/*\",\"Microsoft.RecoveryServices/Vaults/read\",\"Microsoft.RecoveryServices/Vaults/refreshContainers/read\",\"Microsoft.RecoveryServices/Vaults/registeredIdentities/*\",\"Microsoft.RecoveryServices/vaults/replicationAlertSettings/*\",\"Microsoft.RecoveryServices/vaults/replicationEvents/read\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/*\",\"Microsoft.RecoveryServices/vaults/replicationJobs/*\",\"Microsoft.RecoveryServices/vaults/replicationPolicies/*\",\"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/*\",\"Microsoft.RecoveryServices/Vaults/storageConfig/*\",\"Microsoft.RecoveryServices/Vaults/tokenInfo/read\",\"Microsoft.RecoveryServices/Vaults/usages/read\",\"Microsoft.RecoveryServices/Vaults/vaultTokens/read\",\"Microsoft.RecoveryServices/Vaults/monitoringAlerts/*\",\"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read\",\"Microsoft.ResourceHealth/availabilityStatuses/read\",\"Microsoft.Resources/deployments/*\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Storage/storageAccounts/read\",\"Microsoft.Support/*\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2017-05-19T13:46:17.4592776Z\",\"updatedOn\":\"2017-06-29T05:31:19.7240473Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/6670b86e-a3f7-4917-ac9b-5d6ab1be4567\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"6670b86e-a3f7-4917-ac9b-5d6ab1be4567\"},{\"properties\":{\"roleName\":\"Site
+ manage Site Recovery service except vault creation and role assignment\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Authorization/*/read\",\"Microsoft.Insights/alertRules/*\",\"Microsoft.Network/virtualNetworks/read\",\"Microsoft.RecoveryServices/locations/allocatedStamp/read\",\"Microsoft.RecoveryServices/locations/allocateStamp/action\",\"Microsoft.RecoveryServices/Vaults/certificates/write\",\"Microsoft.RecoveryServices/Vaults/extendedInformation/*\",\"Microsoft.RecoveryServices/Vaults/read\",\"Microsoft.RecoveryServices/Vaults/refreshContainers/read\",\"Microsoft.RecoveryServices/Vaults/registeredIdentities/*\",\"Microsoft.RecoveryServices/vaults/replicationAlertSettings/*\",\"Microsoft.RecoveryServices/vaults/replicationEvents/read\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/*\",\"Microsoft.RecoveryServices/vaults/replicationJobs/*\",\"Microsoft.RecoveryServices/vaults/replicationPolicies/*\",\"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/*\",\"Microsoft.RecoveryServices/Vaults/storageConfig/*\",\"Microsoft.RecoveryServices/Vaults/tokenInfo/read\",\"Microsoft.RecoveryServices/Vaults/usages/read\",\"Microsoft.RecoveryServices/Vaults/vaultTokens/read\",\"Microsoft.RecoveryServices/Vaults/monitoringAlerts/*\",\"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read\",\"Microsoft.ResourceHealth/availabilityStatuses/read\",\"Microsoft.Resources/deployments/*\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Storage/storageAccounts/read\",\"Microsoft.RecoveryServices/vaults/replicationOperationStatus/read\",\"Microsoft.Support/*\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2017-05-19T13:46:17.4592776Z\",\"updatedOn\":\"2019-11-07T06:13:49.0760858Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/6670b86e-a3f7-4917-ac9b-5d6ab1be4567\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"6670b86e-a3f7-4917-ac9b-5d6ab1be4567\"},{\"properties\":{\"roleName\":\"Site
Recovery Operator\",\"type\":\"BuiltInRole\",\"description\":\"Lets you failover
and failback but not perform other Site Recovery management operations\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Authorization/*/read\",\"Microsoft.Insights/alertRules/*\",\"Microsoft.Network/virtualNetworks/read\",\"Microsoft.RecoveryServices/locations/allocatedStamp/read\",\"Microsoft.RecoveryServices/locations/allocateStamp/action\",\"Microsoft.RecoveryServices/Vaults/extendedInformation/read\",\"Microsoft.RecoveryServices/Vaults/read\",\"Microsoft.RecoveryServices/Vaults/refreshContainers/read\",\"Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read\",\"Microsoft.RecoveryServices/Vaults/registeredIdentities/read\",\"Microsoft.RecoveryServices/vaults/replicationAlertSettings/read\",\"Microsoft.RecoveryServices/vaults/replicationEvents/read\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/checkConsistency/action\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/read\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/reassociateGateway/action\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/renewcertificate/action\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/read\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/read\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/read\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/read\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/applyRecoveryPoint/action\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/failoverCommit/action\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/plannedFailover/action\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/read\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/read\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/repairReplication/action\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/reProtect/action\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/switchprotection/action\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailover/action\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailoverCleanup/action\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/unplannedFailover/action\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/updateMobilityService/action\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/read\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/read\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/refreshProvider/action\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/read\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/read\",\"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/read\",\"Microsoft.RecoveryServices/vaults/replicationJobs/*\",\"Microsoft.RecoveryServices/vaults/replicationPolicies/read\",\"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/failoverCommit/action\",\"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/plannedFailover/action\",\"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/read\",\"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/reProtect/action\",\"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailover/action\",\"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailoverCleanup/action\",\"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/unplannedFailover/action\",\"Microsoft.RecoveryServices/Vaults/monitoringAlerts/*\",\"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read\",\"Microsoft.RecoveryServices/Vaults/storageConfig/read\",\"Microsoft.RecoveryServices/Vaults/tokenInfo/read\",\"Microsoft.RecoveryServices/Vaults/usages/read\",\"Microsoft.RecoveryServices/Vaults/vaultTokens/read\",\"Microsoft.ResourceHealth/availabilityStatuses/read\",\"Microsoft.Resources/deployments/*\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Storage/storageAccounts/read\",\"Microsoft.Support/*\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2017-05-19T13:47:50.1341148Z\",\"updatedOn\":\"2019-08-28T12:00:57.4472826Z\",\"createdBy\":null,\"updatedBy\":\"\"},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/494ae006-db33-4328-bf46-533a6560a3ca\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"494ae006-db33-4328-bf46-533a6560a3ca\"},{\"properties\":{\"roleName\":\"Spatial
Anchors Account Reader\",\"type\":\"BuiltInRole\",\"description\":\"Lets you
@@ -2619,25 +2317,25 @@ interactions:
Event Hubs Data Owner\",\"type\":\"BuiltInRole\",\"description\":\"Allows
for full access to Azure Event Hubs resources.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.EventHub/*\"],\"notActions\":[],\"dataActions\":[\"Microsoft.EventHub/*\"],\"notDataActions\":[]}],\"createdOn\":\"2019-04-16T21:34:29.8656362Z\",\"updatedOn\":\"2019-08-21T22:58:57.7584645Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/f526a384-b230-433a-b45c-95f59c4a2dec\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"f526a384-b230-433a-b45c-95f59c4a2dec\"},{\"properties\":{\"roleName\":\"Attestation
Contributor\",\"type\":\"BuiltInRole\",\"description\":\"Can read write or
- delete the attestation provider instance\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Attestation/attestationProviders/attestation/read\",\"Microsoft.Attestation/attestationProviders/attestation/write\",\"Microsoft.Attestation/attestationProviders/attestation/delete\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-04-19T00:24:09.3354177Z\",\"updatedOn\":\"2019-07-01T17:59:06.3448436Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/bbf86eb8-f7b4-4cce-96e4-18cddf81d86e\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"bbf86eb8-f7b4-4cce-96e4-18cddf81d86e\"},{\"properties\":{\"roleName\":\"HDInsight
+ delete the attestation provider instance\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Attestation/attestationProviders/attestation/read\",\"Microsoft.Attestation/attestationProviders/attestation/write\",\"Microsoft.Attestation/attestationProviders/attestation/delete\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-04-19T00:24:09.3354177Z\",\"updatedOn\":\"2019-05-10T17:59:06.3448436Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/bbf86eb8-f7b4-4cce-96e4-18cddf81d86e\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"bbf86eb8-f7b4-4cce-96e4-18cddf81d86e\"},{\"properties\":{\"roleName\":\"HDInsight
Cluster Operator\",\"type\":\"BuiltInRole\",\"description\":\"Lets you read
and modify HDInsight cluster configurations.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.HDInsight/*/read\",\"Microsoft.HDInsight/clusters/getGatewaySettings/action\",\"Microsoft.HDInsight/clusters/updateGatewaySettings/action\",\"Microsoft.HDInsight/clusters/configurations/*\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Resources/deployments/operations/read\",\"Microsoft.Insights/alertRules/*\",\"Microsoft.Authorization/*/read\",\"Microsoft.Support/*\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-04-20T00:03:01.7110732Z\",\"updatedOn\":\"2019-04-28T02:34:17.4679314Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/61ed4efc-fab3-44fd-b111-e24485cc132a\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"61ed4efc-fab3-44fd-b111-e24485cc132a\"},{\"properties\":{\"roleName\":\"Cosmos
DB Operator\",\"type\":\"BuiltInRole\",\"description\":\"Lets you manage Azure
Cosmos DB accounts, but not access data in them. Prevents access to account
- keys and connection strings.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.DocumentDb/databaseAccounts/*\",\"Microsoft.Insights/alertRules/*\",\"Microsoft.Authorization/*/read\",\"Microsoft.ResourceHealth/availabilityStatuses/read\",\"Microsoft.Resources/deployments/*\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Support/*\"],\"notActions\":[\"Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*\",\"Microsoft.DocumentDB/databaseAccounts/regenerateKey/*\",\"Microsoft.DocumentDB/databaseAccounts/listKeys/*\",\"Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*\"],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-04-26T17:01:17.0169383Z\",\"updatedOn\":\"2019-04-26T19:26:46.6326968Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/230815da-be43-4aae-9cb4-875f7bd000aa\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"230815da-be43-4aae-9cb4-875f7bd000aa\"},{\"properties\":{\"roleName\":\"Hybrid
+ keys and connection strings.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.DocumentDb/databaseAccounts/*\",\"Microsoft.Insights/alertRules/*\",\"Microsoft.Authorization/*/read\",\"Microsoft.ResourceHealth/availabilityStatuses/read\",\"Microsoft.Resources/deployments/*\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Support/*\",\"Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action\"],\"notActions\":[\"Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*\",\"Microsoft.DocumentDB/databaseAccounts/regenerateKey/*\",\"Microsoft.DocumentDB/databaseAccounts/listKeys/*\",\"Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*\"],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-04-26T17:01:17.0169383Z\",\"updatedOn\":\"2019-11-21T01:34:13.3746345Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/230815da-be43-4aae-9cb4-875f7bd000aa\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"230815da-be43-4aae-9cb4-875f7bd000aa\"},{\"properties\":{\"roleName\":\"Hybrid
Server Resource Administrator\",\"type\":\"BuiltInRole\",\"description\":\"Can
read, write, delete, and re-onboard Hybrid servers to the Hybrid Resource
Provider.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.HybridCompute/machines/*\",\"Microsoft.HybridCompute/*/read\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-04-29T21:39:32.3132923Z\",\"updatedOn\":\"2019-05-06T20:08:25.3180258Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/48b40c6e-82e0-4eb3-90d5-19e40f49b624\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"48b40c6e-82e0-4eb3-90d5-19e40f49b624\"},{\"properties\":{\"roleName\":\"Hybrid
Server Onboarding\",\"type\":\"BuiltInRole\",\"description\":\"Can onboard
new Hybrid servers to the Hybrid Resource Provider.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.HybridCompute/machines/read\",\"Microsoft.HybridCompute/machines/write\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-04-29T22:36:28.1873756Z\",\"updatedOn\":\"2019-05-06T20:09:17.9364269Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/5d1e5ee4-7c68-4a71-ac8b-0739630a3dfb\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"5d1e5ee4-7c68-4a71-ac8b-0739630a3dfb\"},{\"properties\":{\"roleName\":\"Azure
Event Hubs Data Receiver\",\"type\":\"BuiltInRole\",\"description\":\"Allows
- receive access to Azure Event Hubs resources.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.EventHub/*/eventhubs/consumergroups/read\"],\"notActions\":[],\"dataActions\":[\"Microsoft.EventHub/*/receive/action\"],\"notDataActions\":[]}],\"createdOn\":\"2019-07-01T06:25:21.1056666Z\",\"updatedOn\":\"2019-08-21T23:00:32.6225396Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/a638d3c7-ab3a-418d-83e6-5f17a39d4fde\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"a638d3c7-ab3a-418d-83e6-5f17a39d4fde\"},{\"properties\":{\"roleName\":\"Azure
+ receive access to Azure Event Hubs resources.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.EventHub/*/eventhubs/consumergroups/read\"],\"notActions\":[],\"dataActions\":[\"Microsoft.EventHub/*/receive/action\"],\"notDataActions\":[]}],\"createdOn\":\"2019-05-10T06:25:21.1056666Z\",\"updatedOn\":\"2019-08-21T23:00:32.6225396Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/a638d3c7-ab3a-418d-83e6-5f17a39d4fde\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"a638d3c7-ab3a-418d-83e6-5f17a39d4fde\"},{\"properties\":{\"roleName\":\"Azure
Event Hubs Data Sender\",\"type\":\"BuiltInRole\",\"description\":\"Allows
- send access to Azure Event Hubs resources.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.EventHub/*/eventhubs/read\"],\"notActions\":[],\"dataActions\":[\"Microsoft.EventHub/*/send/action\"],\"notDataActions\":[]}],\"createdOn\":\"2019-07-01T06:26:12.4673714Z\",\"updatedOn\":\"2019-08-21T23:02:26.6155679Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/2b629674-e913-4c01-ae53-ef4638d8f975\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"2b629674-e913-4c01-ae53-ef4638d8f975\"},{\"properties\":{\"roleName\":\"Azure
+ send access to Azure Event Hubs resources.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.EventHub/*/eventhubs/read\"],\"notActions\":[],\"dataActions\":[\"Microsoft.EventHub/*/send/action\"],\"notDataActions\":[]}],\"createdOn\":\"2019-05-10T06:26:12.4673714Z\",\"updatedOn\":\"2019-08-21T23:02:26.6155679Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/2b629674-e913-4c01-ae53-ef4638d8f975\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"2b629674-e913-4c01-ae53-ef4638d8f975\"},{\"properties\":{\"roleName\":\"Azure
Service Bus Data Receiver\",\"type\":\"BuiltInRole\",\"description\":\"Allows
- for receive access to Azure Service Bus resources.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.ServiceBus/*/queues/read\",\"Microsoft.ServiceBus/*/topics/read\",\"Microsoft.ServiceBus/*/topics/subscriptions/read\"],\"notActions\":[],\"dataActions\":[\"Microsoft.ServiceBus/*/receive/action\"],\"notDataActions\":[]}],\"createdOn\":\"2019-07-01T06:43:01.6343849Z\",\"updatedOn\":\"2019-08-21T22:55:24.3423558Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0\"},{\"properties\":{\"roleName\":\"Azure
+ for receive access to Azure Service Bus resources.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.ServiceBus/*/queues/read\",\"Microsoft.ServiceBus/*/topics/read\",\"Microsoft.ServiceBus/*/topics/subscriptions/read\"],\"notActions\":[],\"dataActions\":[\"Microsoft.ServiceBus/*/receive/action\"],\"notDataActions\":[]}],\"createdOn\":\"2019-05-10T06:43:01.6343849Z\",\"updatedOn\":\"2019-08-21T22:55:24.3423558Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0\"},{\"properties\":{\"roleName\":\"Azure
Service Bus Data Sender\",\"type\":\"BuiltInRole\",\"description\":\"Allows
- for send access to Azure Service Bus resources.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.ServiceBus/*/queues/read\",\"Microsoft.ServiceBus/*/topics/read\",\"Microsoft.ServiceBus/*/topics/subscriptions/read\"],\"notActions\":[],\"dataActions\":[\"Microsoft.ServiceBus/*/send/action\"],\"notDataActions\":[]}],\"createdOn\":\"2019-07-01T06:43:46.7046934Z\",\"updatedOn\":\"2019-08-21T22:57:12.2555683Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/69a216fc-b8fb-44d8-bc22-1f3c2cd27a39\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"69a216fc-b8fb-44d8-bc22-1f3c2cd27a39\"},{\"properties\":{\"roleName\":\"Storage
+ for send access to Azure Service Bus resources.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.ServiceBus/*/queues/read\",\"Microsoft.ServiceBus/*/topics/read\",\"Microsoft.ServiceBus/*/topics/subscriptions/read\"],\"notActions\":[],\"dataActions\":[\"Microsoft.ServiceBus/*/send/action\"],\"notDataActions\":[]}],\"createdOn\":\"2019-05-10T06:43:46.7046934Z\",\"updatedOn\":\"2019-08-21T22:57:12.2555683Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/69a216fc-b8fb-44d8-bc22-1f3c2cd27a39\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"69a216fc-b8fb-44d8-bc22-1f3c2cd27a39\"},{\"properties\":{\"roleName\":\"Storage
File Data SMB Share Reader\",\"type\":\"BuiltInRole\",\"description\":\"Allows
for read access to Azure File Share over SMB\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read\"],\"notDataActions\":[]}],\"createdOn\":\"2019-07-01T20:19:31.8620471Z\",\"updatedOn\":\"2019-08-07T01:00:41.9223409Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/aba4ae5f-2193-4029-9191-0cb91df5e314\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"aba4ae5f-2193-4029-9191-0cb91df5e314\"},{\"properties\":{\"roleName\":\"Storage
File Data SMB Share Contributor\",\"type\":\"BuiltInRole\",\"description\":\"Allows
@@ -2656,18 +2354,47 @@ interactions:
definitions, but not assign them.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Authorization/*/read\",\"Microsoft.Blueprint/blueprints/*\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Resources/deployments/*\",\"Microsoft.Support/*\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-08-14T21:55:16.9683949Z\",\"updatedOn\":\"2019-08-17T00:10:55.7494677Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/41077137-e803-4205-871c-5a86e6a753b4\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"41077137-e803-4205-871c-5a86e6a753b4\"},{\"properties\":{\"roleName\":\"Blueprint
Operator\",\"type\":\"BuiltInRole\",\"description\":\"Can assign existing
published blueprints, but cannot create new blueprints. NOTE: this only works
- if the assignment is done with a user-assigned managed identity.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Authorization/*/read\",\"Microsoft.Blueprint/blueprintAssignments/*\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Resources/deployments/*\",\"Microsoft.Support/*\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-08-14T21:56:48.7897875Z\",\"updatedOn\":\"2019-08-17T00:06:02.6509737Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/437d2ced-4a38-4302-8479-ed2bcb43d090\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"437d2ced-4a38-4302-8479-ed2bcb43d090\"},{\"properties\":{\"roleName\":\"Workbook
+ if the assignment is done with a user-assigned managed identity.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Authorization/*/read\",\"Microsoft.Blueprint/blueprintAssignments/*\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Resources/deployments/*\",\"Microsoft.Support/*\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-08-14T21:56:48.7897875Z\",\"updatedOn\":\"2019-08-17T00:06:02.6509737Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/437d2ced-4a38-4302-8479-ed2bcb43d090\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"437d2ced-4a38-4302-8479-ed2bcb43d090\"},{\"properties\":{\"roleName\":\"Azure
+ Sentinel Contributor\",\"type\":\"BuiltInRole\",\"description\":\"Azure Sentinel
+ Contributor\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.SecurityInsights/*\",\"Microsoft.OperationalInsights/workspaces/analytics/query/action\",\"Microsoft.OperationalInsights/workspaces/read\",\"Microsoft.OperationalInsights/workspaces/savedSearches/*\",\"Microsoft.OperationsManagement/solutions/read\",\"Microsoft.OperationalInsights/workspaces/query/read\",\"Microsoft.OperationalInsights/workspaces/query/*/read\",\"Microsoft.OperationalInsights/workspaces/dataSources/read\",\"Microsoft.Insights/workbooks/*\",\"Microsoft.Authorization/*/read\",\"Microsoft.Insights/alertRules/*\",\"Microsoft.Resources/deployments/*\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Support/*\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-08-28T16:39:03.8725173Z\",\"updatedOn\":\"2019-11-28T13:01:04.7575960Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/ab8e14d6-4a74-4a29-9ba8-549422addade\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"ab8e14d6-4a74-4a29-9ba8-549422addade\"},{\"properties\":{\"roleName\":\"Azure
+ Sentinel Responder\",\"type\":\"BuiltInRole\",\"description\":\"Azure Sentinel
+ Responder\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.SecurityInsights/*/read\",\"Microsoft.SecurityInsights/cases/*\",\"Microsoft.OperationalInsights/workspaces/analytics/query/action\",\"Microsoft.OperationalInsights/workspaces/read\",\"Microsoft.OperationalInsights/workspaces/dataSources/read\",\"Microsoft.OperationalInsights/workspaces/savedSearches/read\",\"Microsoft.OperationsManagement/solutions/read\",\"Microsoft.OperationalInsights/workspaces/query/read\",\"Microsoft.OperationalInsights/workspaces/query/*/read\",\"Microsoft.OperationalInsights/workspaces/dataSources/read\",\"Microsoft.Insights/workbooks/read\",\"Microsoft.Authorization/*/read\",\"Microsoft.Insights/alertRules/*\",\"Microsoft.Resources/deployments/*\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Support/*\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-08-28T16:54:07.6467264Z\",\"updatedOn\":\"2019-11-28T13:02:33.8005599Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/3e150937-b8fe-4cfb-8069-0eaf05ecd056\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"3e150937-b8fe-4cfb-8069-0eaf05ecd056\"},{\"properties\":{\"roleName\":\"Azure
+ Sentinel Reader\",\"type\":\"BuiltInRole\",\"description\":\"Azure Sentinel
+ Reader\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.SecurityInsights/*/read\",\"Microsoft.OperationalInsights/workspaces/analytics/query/action\",\"Microsoft.OperationalInsights/workspaces/read\",\"Microsoft.OperationalInsights/workspaces/savedSearches/read\",\"Microsoft.OperationsManagement/solutions/read\",\"Microsoft.OperationalInsights/workspaces/query/read\",\"Microsoft.OperationalInsights/workspaces/query/*/read\",\"Microsoft.OperationalInsights/workspaces/dataSources/read\",\"Microsoft.Insights/workbooks/read\",\"Microsoft.Authorization/*/read\",\"Microsoft.Insights/alertRules/*\",\"Microsoft.Resources/deployments/*\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Support/*\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-08-28T16:58:50.1132117Z\",\"updatedOn\":\"2019-11-28T12:51:42.4847204Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/8d289c81-5878-46d4-8554-54e1e3d8b5cb\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"8d289c81-5878-46d4-8554-54e1e3d8b5cb\"},{\"properties\":{\"roleName\":\"Workbook
Reader\",\"type\":\"BuiltInRole\",\"description\":\"Can read workbooks.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"microsoft.insights/workbooks/read\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-08-28T20:56:17.6808140Z\",\"updatedOn\":\"2019-08-28T21:43:05.0202124Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b279062a-9be3-42a0-92ae-8b3cf002ec4d\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"b279062a-9be3-42a0-92ae-8b3cf002ec4d\"},{\"properties\":{\"roleName\":\"Workbook
- Contributor\",\"type\":\"BuiltInRole\",\"description\":\"Can save shared workbooks.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Insights/workbooks/write\",\"Microsoft.Insights/workbooks/delete\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-08-28T20:59:42.4820277Z\",\"updatedOn\":\"2019-08-28T21:43:55.5802704Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/e8ddcd69-c73f-4f9f-9844-4100522f16ad\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"e8ddcd69-c73f-4f9f-9844-4100522f16ad\"}]}"
+ Contributor\",\"type\":\"BuiltInRole\",\"description\":\"Can save shared workbooks.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Insights/workbooks/write\",\"Microsoft.Insights/workbooks/delete\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-08-28T20:59:42.4820277Z\",\"updatedOn\":\"2019-08-28T21:43:55.5802704Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/e8ddcd69-c73f-4f9f-9844-4100522f16ad\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"e8ddcd69-c73f-4f9f-9844-4100522f16ad\"},{\"properties\":{\"roleName\":\"Policy
+ Insights Data Writer (Preview)\",\"type\":\"BuiltInRole\",\"description\":\"Allows
+ read access to resource policies and write access to resource component policy
+ events.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Authorization/policyassignments/read\",\"Microsoft.Authorization/policydefinitions/read\",\"Microsoft.Authorization/policysetdefinitions/read\"],\"notActions\":[],\"dataActions\":[\"Microsoft.PolicyInsights/checkDataPolicyCompliance/action\",\"Microsoft.PolicyInsights/policyEvents/logDataEvents/action\"],\"notDataActions\":[]}],\"createdOn\":\"2019-09-19T19:35:20.9504127Z\",\"updatedOn\":\"2019-09-19T19:37:02.5331596Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/66bb4e9e-b016-4a94-8249-4c0511c2be84\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"66bb4e9e-b016-4a94-8249-4c0511c2be84\"},{\"properties\":{\"roleName\":\"SignalR
+ AccessKey Reader\",\"type\":\"BuiltInRole\",\"description\":\"Read SignalR
+ Service Access Keys\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.SignalRService/*/read\",\"Microsoft.SignalRService/SignalR/listkeys/action\",\"Microsoft.Authorization/*/read\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Support/*\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-09-20T09:33:19.6236874Z\",\"updatedOn\":\"2019-09-20T09:33:19.6236874Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/04165923-9d83-45d5-8227-78b77b0a687e\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"04165923-9d83-45d5-8227-78b77b0a687e\"},{\"properties\":{\"roleName\":\"SignalR
+ Contributor\",\"type\":\"BuiltInRole\",\"description\":\"Create, Read, Update,
+ and Delete SignalR service resources\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.SignalRService/*\",\"Microsoft.Authorization/*/read\",\"Microsoft.Insights/alertRules/*\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Resources/deployments/*\",\"Microsoft.Support/*\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-09-20T09:58:09.0009662Z\",\"updatedOn\":\"2019-09-20T09:58:09.0009662Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/8cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"8cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761\"},{\"properties\":{\"roleName\":\"Azure
+ Connected Machine Onboarding\",\"type\":\"BuiltInRole\",\"description\":\"Can
+ onboard Azure Connected Machines.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.HybridCompute/machines/read\",\"Microsoft.HybridCompute/machines/write\",\"Microsoft.GuestConfiguration/guestConfigurationAssignments/read\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-10-23T20:15:07.1372870Z\",\"updatedOn\":\"2019-11-03T18:26:59.2060282Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b64e21ea-ac4e-4cdf-9dc9-5b892992bee7\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"b64e21ea-ac4e-4cdf-9dc9-5b892992bee7\"},{\"properties\":{\"roleName\":\"Azure
+ Connected Machine Resource Administrator\",\"type\":\"BuiltInRole\",\"description\":\"Can
+ read, write, delete and re-onboard Azure Connected Machines.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.HybridCompute/machines/read\",\"Microsoft.HybridCompute/machines/write\",\"Microsoft.HybridCompute/machines/delete\",\"Microsoft.HybridCompute/machines/reconnect/action\",\"Microsoft.HybridCompute/*/read\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-10-23T20:24:59.1474607Z\",\"updatedOn\":\"2019-10-24T18:57:01.0320416Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/cd570a14-e51a-42ad-bac8-bafd67325302\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"cd570a14-e51a-42ad-bac8-bafd67325302\"},{\"properties\":{\"roleName\":\"Managed
+ Services Registration assignment Delete Role\",\"type\":\"BuiltInRole\",\"description\":\"Managed
+ Services Registration Assignment Delete Role allows the managing tenant users
+ to delete the registration assignment assigned to their tenant.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.ManagedServices/registrationAssignments/read\",\"Microsoft.ManagedServices/registrationAssignments/delete\",\"Microsoft.ManagedServices/operationStatuses/read\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-10-23T22:33:33.1183469Z\",\"updatedOn\":\"2019-10-24T21:49:09.3875276Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/91c1777a-f3dc-4fae-b103-61d183457e46\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"91c1777a-f3dc-4fae-b103-61d183457e46\"},{\"properties\":{\"roleName\":\"App
+ Configuration Data Owner\",\"type\":\"BuiltInRole\",\"description\":\"Allows
+ full access to App Configuration data.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.AppConfiguration/configurationStores/*/read\",\"Microsoft.AppConfiguration/configurationStores/*/write\",\"Microsoft.AppConfiguration/configurationStores/*/delete\"],\"notDataActions\":[]}],\"createdOn\":\"2019-10-25T18:41:40.1185063Z\",\"updatedOn\":\"2019-10-25T18:41:40.1185063Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b\"},{\"properties\":{\"roleName\":\"App
+ Configuration Data Reader\",\"type\":\"BuiltInRole\",\"description\":\"Allows
+ read access to App Configuration data.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.AppConfiguration/configurationStores/*/read\"],\"notDataActions\":[]}],\"createdOn\":\"2019-10-25T18:45:33.7975332Z\",\"updatedOn\":\"2019-10-25T18:45:33.7975332Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/516239f1-63e1-4d78-a4de-a74fb236a071\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"516239f1-63e1-4d78-a4de-a74fb236a071\"},{\"properties\":{\"roleName\":\"Kubernetes
+ Cluster - Azure Arc Onborading Role\",\"type\":\"BuiltInRole\",\"description\":\"Role
+ definition to authorize any user/service to create connectedClusters resource\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Authorization/*/read\",\"Microsoft.Insights/alertRules/*\",\"Microsoft.Resources/deployments/write\",\"Microsoft.Resources/subscriptions/operationresults/read\",\"Microsoft.Resources/subscriptions/read\",\"Microsoft.Resources/subscriptions/resourceGroups/read\",\"Microsoft.Kubernetes/connectedClusters/Write\",\"Microsoft.Support/*\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-11-18T17:00:02.2087147Z\",\"updatedOn\":\"2019-11-18T17:00:02.2087147Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/34e09817-6cbe-4d01-b1a2-e0eac5743d41\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"34e09817-6cbe-4d01-b1a2-e0eac5743d41\"},{\"properties\":{\"roleName\":\"MLC
+ Service Role\",\"type\":\"BuiltInRole\",\"description\":\"This role defines
+ permissions for control plane actions by the Machine Learning Compute (MLC)
+ service.\",\"assignableScopes\":[\"/\"],\"permissions\":[{\"actions\":[\"Microsoft.Resources/deployments/*\"],\"notActions\":[],\"dataActions\":[],\"notDataActions\":[]}],\"createdOn\":\"2019-11-25T21:22:50.7173949Z\",\"updatedOn\":\"2019-11-25T23:28:52.8743615Z\",\"createdBy\":null,\"updatedBy\":null},\"id\":\"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/0b072326-6884-49b7-a53d-ae6aa62260ff\",\"type\":\"Microsoft.Authorization/roleDefinitions\",\"name\":\"0b072326-6884-49b7-a53d-ae6aa62260ff\"}]}"
headers:
cache-control:
- no-cache
content-length:
- - '156638'
+ - '168871'
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:59:45 GMT
+ - Fri, 06 Dec 2019 21:51:41 GMT
expires:
- '-1'
pragma:
@@ -2688,7 +2415,7 @@ interactions:
code: 200
message: OK
- request:
- body: '{"objectIds": ["318faf44-e0f4-4cb4-bb4f-484308844dd6", "0b027d6b-c21d-4bb8-b0d2-5b94b5c075d1"],
+ body: '{"objectIds": ["dd1f4229-1d63-4f21-a902-d80d5c791f70", "2c2edb87-ecd2-4864-9b2b-1762008042c0"],
"includeDirectoryObjectReferences": true}'
headers:
Accept:
@@ -2706,40 +2433,41 @@ interactions:
ParameterSetName:
- --resource-group --role
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-graphrbac/0.60.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-graphrbac/0.60.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: POST
uri: https://graph.windows.net/00000000-0000-0000-0000-000000000000/getObjectsByObjectIds?api-version=1.6
response:
body:
- string: '{"odata.metadata":"https://graph.windows.net/00000000-0000-0000-0000-000000000000/$metadata#directoryObjects","value":[{"odata.type":"Microsoft.DirectoryServices.ServicePrincipal","objectType":"ServicePrincipal","objectId":"318faf44-e0f4-4cb4-bb4f-484308844dd6","deletionTimestamp":null,"accountEnabled":true,"addIns":[],"alternativeNames":["isExplicit=False","/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002"],"appDisplayName":null,"appId":"fca154f3-7a93-4f8b-8309-c1b0c4f1adea","applicationTemplateId":null,"appOwnerTenantId":null,"appRoleAssignmentRequired":false,"appRoles":[],"displayName":"azurecli-test-policy-assignment000002","errorUrl":null,"homepage":null,"informationalUrls":null,"keyCredentials":[{"customKeyIdentifier":"5044EE8F1596DCD616E5C55820A58775F0DAF274","endDate":"2019-12-10T21:54:00Z","keyId":"f72670e6-f75a-4f17-8e7b-8ad4a9828bdb","startDate":"2019-09-11T21:54:00Z","type":"AsymmetricX509Cert","usage":"Verify","value":null}],"logoutUrl":null,"notificationEmailAddresses":[],"oauth2Permissions":[],"passwordCredentials":[],"preferredSingleSignOnMode":null,"preferredTokenSigningKeyEndDateTime":null,"preferredTokenSigningKeyThumbprint":null,"publisherName":null,"replyUrls":[],"samlMetadataUrl":null,"samlSingleSignOnSettings":null,"servicePrincipalNames":["fca154f3-7a93-4f8b-8309-c1b0c4f1adea","https://identity.azure.net/hdTR2quXHmmHmDRawBaqdgEmb7TKc8OivfuQKDLn/Tw="],"servicePrincipalType":"ManagedIdentity","signInAudience":null,"tags":[],"tokenEncryptionKeyId":null}]}'
+ string: '{"odata.error":{"code":"Authorization_RequestDenied","message":{"lang":"en","value":"Insufficient
+ privileges to complete the operation."},"requestId":"eb49f7c4-9899-4d44-b39f-248acdd0ecdc","date":"2019-12-06T21:51:42"}}'
headers:
access-control-allow-origin:
- '*'
cache-control:
- no-cache
content-length:
- - '1690'
+ - '219'
content-type:
- application/json; odata=minimalmetadata; streaming=true; charset=utf-8
dataserviceversion:
- 3.0;
date:
- - Wed, 11 Sep 2019 21:59:46 GMT
+ - Fri, 06 Dec 2019 21:51:42 GMT
duration:
- - '1029745'
+ - '1106249'
expires:
- '-1'
ocp-aad-diagnostics-server-name:
- - 6xA2684Cj65PUshjMtOaUZ8uUmQDbXvvhx+F3BqrgRE=
+ - YPCVOwAR3XOdfRvDdWZX3yHf1fnOOll9dsEetoCYv9Y=
ocp-aad-session-key:
- - hIpzdiZYD62uzRWZdarumIcrPTaXMg8SboUWJkG0Op1EUukb-FD2tryF2V4Nacg5ENmTklWBNUCJoomoMFnkWIvjZpT16guDAOt2GRqBN46izNJpI9VsSZiSiMWpl47e.2b9oJsaV8cmX425MbdhvVGSffXhLG0D-rcatXYQXecs
+ - NpZvldfvhaeiYizFQJiNZRQZPlPbhjVGDk04m1e4BH1Gz0SDHMKUob20xxNecd3Ox9aidzs93YdgMA9tH6px2GlZJB9u87vf0_rP_kriTyrj2D6188WuQEeJ5GKi90GI.uaIdseRcE0JT3wY_zX4HniBBWRbw0_JMn0QsjVpLh6E
pragma:
- no-cache
request-id:
- - a907a48c-2a38-487b-9740-3722d706ecde
+ - eb49f7c4-9899-4d44-b39f-248acdd0ecdc
strict-transport-security:
- max-age=31536000; includeSubDomains
x-aspnet-version:
@@ -2749,8 +2477,8 @@ interactions:
x-powered-by:
- ASP.NET
status:
- code: 200
- message: OK
+ code: 403
+ message: Forbidden
- request:
body: null
headers:
@@ -2767,15 +2495,15 @@ interactions:
ParameterSetName:
- -n -g
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: DELETE
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002?api-version=2019-09-01
response:
body:
- string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-11T21:58:24.3085051Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-11T21:59:25.2486151Z"},"enforcementMode":"Default"},"identity":{"principalId":"318faf44-e0f4-4cb4-bb4f-484308844dd6","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000002","location":"westus"}'
+ string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T21:50:43.6673632Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T21:51:23.3174033Z"},"enforcementMode":"Default"},"identity":{"principalId":"2c2edb87-ecd2-4864-9b2b-1762008042c0","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_identity000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000002","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000002","location":"westus"}'
headers:
cache-control:
- no-cache
@@ -2784,7 +2512,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:59:47 GMT
+ - Fri, 06 Dec 2019 21:51:44 GMT
expires:
- '-1'
pragma:
diff --git a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policy_management_group.yaml b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policy_management_group.yaml
index 1aa32442b8a..6832e830919 100644
--- a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policy_management_group.yaml
+++ b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policy_management_group.yaml
@@ -15,8 +15,8 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: POST
@@ -32,7 +32,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:13:01 GMT
+ - Fri, 06 Dec 2019 22:27:15 GMT
expires:
- '-1'
pragma:
@@ -64,8 +64,8 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
@@ -81,7 +81,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:13:11 GMT
+ - Fri, 06 Dec 2019 22:27:26 GMT
expires:
- '-1'
pragma:
@@ -116,8 +116,8 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
@@ -133,7 +133,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:13:14 GMT
+ - Fri, 06 Dec 2019 22:27:28 GMT
expires:
- '-1'
location:
@@ -141,21 +141,15 @@ interactions:
pragma:
- no-cache
request-id:
- - 6e7dc8ae-2575-4c5d-b040-4a953a76de30
- server:
- - Microsoft-IIS/10.0
+ - c0f1a989-d739-44f7-a019-dc2da4fef79b
strict-transport-security:
- max-age=31536000; includeSubDomains
- x-aspnet-version:
- - 4.0.30319
x-ba-restapi:
- - 1.0.3.1532
+ - 1.0.3.1543
x-content-type-options:
- nosniff
x-ms-ratelimit-remaining-tenant-writes:
- '1199'
- x-powered-by:
- - ASP.NET
status:
code: 202
message: Accepted
@@ -173,8 +167,8 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.0.77
method: GET
uri: https://management.azure.com/providers/Microsoft.Management/operationResults/create/managementGroups/cli-test-mgmt-group000002?api-version=2018-03-01-preview
response:
@@ -188,7 +182,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:13:25 GMT
+ - Fri, 06 Dec 2019 22:27:38 GMT
expires:
- '-1'
location:
@@ -196,19 +190,13 @@ interactions:
pragma:
- no-cache
request-id:
- - 957ef184-7dc7-4f9a-a211-e60d73068b80
- server:
- - Microsoft-IIS/10.0
+ - 77fcc86f-9bf5-4f94-a8d7-bc06a36a052c
strict-transport-security:
- max-age=31536000; includeSubDomains
- x-aspnet-version:
- - 4.0.30319
x-ba-restapi:
- - 1.0.3.1532
+ - 1.0.3.1543
x-content-type-options:
- nosniff
- x-powered-by:
- - ASP.NET
status:
code: 202
message: Accepted
@@ -226,13 +214,13 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.0.77
method: GET
uri: https://management.azure.com/providers/Microsoft.Management/operationResults/create/managementGroups/cli-test-mgmt-group000002?api-version=2018-03-01-preview
response:
body:
- string: '{"id":"/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002","type":"/providers/Microsoft.Management/managementGroups","name":"cli-test-mgmt-group000002","status":"Succeeded","properties":{"tenantId":"54826b22-38d6-4fb2-bad9-b7b93a3e9c5a","displayName":"cli-test-mgmt-group000002","details":{"version":1,"updatedTime":"2019-10-21T05:13:19.7133812Z","updatedBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","parent":{"id":"/providers/Microsoft.Management/managementGroups/54826b22-38d6-4fb2-bad9-b7b93a3e9c5a","name":"54826b22-38d6-4fb2-bad9-b7b93a3e9c5a","displayName":"54826b22-38d6-4fb2-bad9-b7b93a3e9c5a"}}}}'
+ string: '{"id":"/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002","type":"/providers/Microsoft.Management/managementGroups","name":"cli-test-mgmt-group000002","status":"Succeeded","properties":{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","displayName":"cli-test-mgmt-group000002","details":{"version":1,"updatedTime":"2019-12-06T22:27:38.5517836Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","parent":{"id":"/providers/Microsoft.Management/managementGroups/72f988bf-86f1-41af-91ab-2d7cd011db47","name":"72f988bf-86f1-41af-91ab-2d7cd011db47","displayName":"72f988bf-86f1-41af-91ab-2d7cd011db47"}}}}'
headers:
cache-control:
- no-cache
@@ -241,29 +229,23 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:13:36 GMT
+ - Fri, 06 Dec 2019 22:27:50 GMT
expires:
- '-1'
pragma:
- no-cache
request-id:
- - 35f0f613-446d-46c4-9ac2-bb11c6ee654f
- server:
- - Microsoft-IIS/10.0
+ - c4dd85a3-1a8c-4bcb-9784-b5611f728d22
strict-transport-security:
- max-age=31536000; includeSubDomains
transfer-encoding:
- chunked
vary:
- Accept-Encoding,Accept-Encoding
- x-aspnet-version:
- - 4.0.30319
x-ba-restapi:
- - 1.0.3.1532
+ - 1.0.3.1543
x-content-type-options:
- nosniff
- x-powered-by:
- - ASP.NET
status:
code: 200
message: OK
@@ -272,9 +254,8 @@ interactions:
"description": "desc_for_test_policy_123", "policyRule": {"if": {"not": {"field":
"location", "in": "[parameters(''allowedLocations'')]"}}, "then": {"effect":
"deny"}}, "metadata": {"category": "test"}, "parameters": {"allowedLocations":
- {"type": "array", "metadata": {"description": "The list of locations that can
- be specified when deploying resources", "strongType": "location", "displayName":
- "Allowed locations"}}}}}'
+ {"type": "array", "metadata": {"displayName": "Allowed locations", "description":
+ "The list of locations that can be specified when deploying resources"}}}}}'
headers:
Accept:
- application/json
@@ -285,32 +266,32 @@ interactions:
Connection:
- keep-alive
Content-Length:
- - '493'
+ - '467'
Content-Type:
- application/json; charset=utf-8
ParameterSetName:
- -n --rules --params --display-name --description --mode --metadata --management-group
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
- uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policy000004","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"category":"test","createdBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","createdOn":"2019-10-21T05:13:39.1584912Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000003"}'
+ string: '{"properties":{"displayName":"test_policy000004","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"category":"test","createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T22:27:54.1140605Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ locations","description":"The list of locations that can be specified when
+ deploying resources"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000003"}'
headers:
cache-control:
- no-cache
content-length:
- - '874'
+ - '850'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:13:38 GMT
+ - Fri, 06 Dec 2019 22:27:53 GMT
expires:
- '-1'
pragma:
@@ -338,26 +319,26 @@ interactions:
ParameterSetName:
- -n --description --display-name --metadata --management-group
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policy000004","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"category":"test","createdBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","createdOn":"2019-10-21T05:13:39.1584912Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000003"}'
+ string: '{"properties":{"displayName":"test_policy000004","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"category":"test","createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T22:27:54.1140605Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ locations","description":"The list of locations that can be specified when
+ deploying resources"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000003"}'
headers:
cache-control:
- no-cache
content-length:
- - '874'
+ - '850'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:13:39 GMT
+ - Fri, 06 Dec 2019 22:27:54 GMT
expires:
- '-1'
pragma:
@@ -378,8 +359,8 @@ interactions:
"desc_for_test_policy_123_new", "policyRule": {"if": {"not": {"field": "location",
"in": "[parameters(''allowedLocations'')]"}}, "then": {"effect": "deny"}}, "metadata":
{"category": "test2"}, "parameters": {"allowedLocations": {"type": "Array",
- "metadata": {"description": "The list of locations that can be specified when
- deploying resources", "strongType": "location", "displayName": "Allowed locations"}}}}}'
+ "metadata": {"displayName": "Allowed locations", "description": "The list of
+ locations that can be specified when deploying resources"}}}}}'
headers:
Accept:
- application/json
@@ -390,32 +371,32 @@ interactions:
Connection:
- keep-alive
Content-Length:
- - '483'
+ - '457'
Content-Type:
- application/json; charset=utf-8
ParameterSetName:
- -n --description --display-name --metadata --management-group
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
- uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policy000004_new","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2","createdBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","createdOn":"2019-10-21T05:13:39.1584912Z","updatedBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","updatedOn":"2019-10-21T05:13:40.3462689Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000003"}'
+ string: '{"properties":{"displayName":"test_policy000004_new","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2","createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T22:27:54.1140605Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T22:27:57.7919894Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ locations","description":"The list of locations that can be specified when
+ deploying resources"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000003"}'
headers:
cache-control:
- no-cache
content-length:
- - '943'
+ - '919'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:13:39 GMT
+ - Fri, 06 Dec 2019 22:27:57 GMT
expires:
- '-1'
pragma:
@@ -443,26 +424,26 @@ interactions:
ParameterSetName:
- -n --description --display-name --metadata --params --rules --management-group
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policy000004_new","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2","createdBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","createdOn":"2019-10-21T05:13:39.1584912Z","updatedBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","updatedOn":"2019-10-21T05:13:40.3462689Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000003"}'
+ string: '{"properties":{"displayName":"test_policy000004_new","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2","createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T22:27:54.1140605Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T22:27:57.7919894Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ locations","description":"The list of locations that can be specified when
+ deploying resources"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000003"}'
headers:
cache-control:
- no-cache
content-length:
- - '943'
+ - '919'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:13:40 GMT
+ - Fri, 06 Dec 2019 22:27:58 GMT
expires:
- '-1'
pragma:
@@ -500,25 +481,25 @@ interactions:
ParameterSetName:
- -n --description --display-name --metadata --params --rules --management-group
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
- uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policy000004_new","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2","createdBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","createdOn":"2019-10-21T05:13:39.1584912Z","updatedBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","updatedOn":"2019-10-21T05:13:41.3616577Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ string: '{"properties":{"displayName":"test_policy000004_new","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2","createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T22:27:54.1140605Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T22:28:01.355527Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
locations 2"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000003"}'
headers:
cache-control:
- no-cache
content-length:
- - '837'
+ - '836'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:13:41 GMT
+ - Fri, 06 Dec 2019 22:28:01 GMT
expires:
- '-1'
pragma:
@@ -546,23 +527,52 @@ interactions:
ParameterSetName:
- --management-group
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions?api-version=2019-09-01
response:
body:
- string: '{"value":[{"properties":{"displayName":"Audit virtual machines without
- disaster recovery configured","policyType":"BuiltIn","mode":"All","description":"Audit
+ string: '{"value":[{"properties":{"displayName":"Microsoft Managed Control 1599
+ - Developer Configuration Management | Software / Firmware Integrity Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1599"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0004bbf0-5099-4179-869e-e9ffe5fb0945","type":"Microsoft.Authorization/policyDefinitions","name":"0004bbf0-5099-4179-869e-e9ffe5fb0945"},{"properties":{"displayName":"Audit
+ virtual machines without disaster recovery configured","policyType":"BuiltIn","mode":"All","description":"Audit
virtual machines which do not have disaster recovery configured. To learn
more about disaster recovery, visit https://aka.ms/asr-doc.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Resources/links","existenceCondition":{"field":"name","like":"ASR-Protect-*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","type":"Microsoft.Authorization/policyDefinitions","name":"0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56"},{"properties":{"displayName":"[Deprecated]:
Audit Web Sockets state for a Function App","policyType":"BuiltIn","mode":"All","description":"The
Web Sockets protocol is vulnerable to different types of security threats.
Use of Web Sockets within an Function app must be carefully reviewed.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd","type":"Microsoft.Authorization/policyDefinitions","name":"001802d1-4969-4c82-a700-c29c6c6f9bbd"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd","type":"Microsoft.Authorization/policyDefinitions","name":"001802d1-4969-4c82-a700-c29c6c6f9bbd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1375 - Incident Response Assistance | Automation Support For
+ Availability Of Information / Support","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1375"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/00379355-8932-4b52-b63a-3bc6daf3451a","type":"Microsoft.Authorization/policyDefinitions","name":"00379355-8932-4b52-b63a-3bc6daf3451a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1605 - Developer Security Testing And Evaluation | Static
+ Code Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1605"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0062eb8b-dc75-4718-8ea5-9bb4a9606655","type":"Microsoft.Authorization/policyDefinitions","name":"0062eb8b-dc75-4718-8ea5-9bb4a9606655"},{"properties":{"displayName":"Microsoft
+ Managed Control 1142 - Security Assessment And Authorization Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1142"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/01524fa8-4555-48ce-ba5f-c3b8dcef5147","type":"Microsoft.Authorization/policyDefinitions","name":"01524fa8-4555-48ce-ba5f-c3b8dcef5147"},{"properties":{"displayName":"Microsoft
+ Managed Control 1099 - Security Training Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1099"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/01910bab-8639-4bd0-84ef-cc53b24d79ba","type":"Microsoft.Authorization/policyDefinitions","name":"01910bab-8639-4bd0-84ef-cc53b24d79ba"},{"properties":{"displayName":"Microsoft
+ Managed Control 1285 - Telecommunications Services | Provider Contingency
+ Plan","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1285"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/01f7726b-db54-45c2-bcb5-9bd7a43796ee","type":"Microsoft.Authorization/policyDefinitions","name":"01f7726b-db54-45c2-bcb5-9bd7a43796ee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1709 - Security Function Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1709"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/025992d6-7fee-4137-9bbf-2ffc39c0686c","type":"Microsoft.Authorization/policyDefinitions","name":"025992d6-7fee-4137-9bbf-2ffc39c0686c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1052 - Session Lock","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1052"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/027cae1c-ec3e-4492-9036-4168d540c42a","type":"Microsoft.Authorization/policyDefinitions","name":"027cae1c-ec3e-4492-9036-4168d540c42a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1034 - Least Privilege","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1034"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02a5ed00-6d2e-4e97-9a98-46c32c057329","type":"Microsoft.Authorization/policyDefinitions","name":"02a5ed00-6d2e-4e97-9a98-46c32c057329"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs on which the remote host connection status
does not match the specified one","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -570,12 +580,68 @@ interactions:
auditing Windows virtual machines on which the remote host connection status
does not match the specified one. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsRemoteConnection","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02a84be7-c304-421f-9bb7-5d2c26af54ad","type":"Microsoft.Authorization/policyDefinitions","name":"02a84be7-c304-421f-9bb7-5d2c26af54ad"},{"properties":{"displayName":"SQL
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsRemoteConnection","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02a84be7-c304-421f-9bb7-5d2c26af54ad","type":"Microsoft.Authorization/policyDefinitions","name":"02a84be7-c304-421f-9bb7-5d2c26af54ad"},{"properties":{"displayName":"Microsoft
+ Managed Control 1623 - Boundary Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1623"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02ce1b22-412a-4528-8630-c42146f917ed","type":"Microsoft.Authorization/policyDefinitions","name":"02ce1b22-412a-4528-8630-c42146f917ed"},{"properties":{"displayName":"Microsoft
+ Managed Control 1515 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1515"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02dd141a-a2b2-49a7-bcbd-ca31142f6211","type":"Microsoft.Authorization/policyDefinitions","name":"02dd141a-a2b2-49a7-bcbd-ca31142f6211"},{"properties":{"displayName":"Microsoft
+ Managed Control 1327 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1327"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03188d8f-1ae5-4fe1-974d-2d7d32ef937d","type":"Microsoft.Authorization/policyDefinitions","name":"03188d8f-1ae5-4fe1-974d-2d7d32ef937d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1229 - Information System Component Inventory | No Duplicate
+ Accounting Of Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1229"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03752212-103c-4ab8-a306-7e813022ca9d","type":"Microsoft.Authorization/policyDefinitions","name":"03752212-103c-4ab8-a306-7e813022ca9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1123 - Audit Review, Analysis, And Reporting | Audit Level
+ Adjustment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1123"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03996055-37a4-45a5-8b70-3f1caa45f87d","type":"Microsoft.Authorization/policyDefinitions","name":"03996055-37a4-45a5-8b70-3f1caa45f87d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1474 - Emergency Power | Long-Term Alternate Power Supply
+ - Minimal Operational Capability","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1474"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03ad326e-d7a1-44b1-9a76-e17492efc9e4","type":"Microsoft.Authorization/policyDefinitions","name":"03ad326e-d7a1-44b1-9a76-e17492efc9e4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1227 - Information System Component Inventory | Automated
+ Unauthorized Component Detection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1227"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03b78f5e-4877-4303-b0f4-eb6583f25768","type":"Microsoft.Authorization/policyDefinitions","name":"03b78f5e-4877-4303-b0f4-eb6583f25768"},{"properties":{"displayName":"Microsoft
+ Managed Control 1361 - Incident Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1361"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03ed3be1-7276-4452-9a5d-e4168565ac67","type":"Microsoft.Authorization/policyDefinitions","name":"03ed3be1-7276-4452-9a5d-e4168565ac67"},{"properties":{"displayName":"Microsoft
+ Managed Control 1594 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1594"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/042ba2a1-8bb8-45f4-b080-c78cf62b90e9","type":"Microsoft.Authorization/policyDefinitions","name":"042ba2a1-8bb8-45f4-b080-c78cf62b90e9"},{"properties":{"displayName":"SQL
managed instance TDE protector should be encrypted with your own key","policyType":"BuiltIn","mode":"Indexed","description":"Transparent
Data Encryption (TDE) with your own key support provides increased transparency
and control over the TDE Protector, increased security with an HSM-backed
external service, and promotion of separation of duties.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/encryptionProtector","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/managedInstances/encryptionProtector/serverKeyType","equals":"AzureKeyVault"},{"field":"Microsoft.Sql/managedInstances/encryptionProtector/uri","notEquals":""},{"field":"Microsoft.Sql/managedInstances/encryptionProtector/uri","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","type":"Microsoft.Authorization/policyDefinitions","name":"048248b0-55cd-46da-b1ff-39efd52db260"},{"properties":{"displayName":"[Preview]:
+ Network traffic data collection agent should be installed on Linux virtual
+ machines","policyType":"BuiltIn","mode":"Indexed","description":"Security
+ Center uses the Microsoft Monitoring Dependency Agent to collect network traffic
+ data from your Azure virtual machines to enable advanced network protection
+ features such as traffic visualization on the network map, network hardening
+ recommendations and specific network threats.","metadata":{"category":"Monitoring","preview":"true"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable Dependency Agent for Linux VMs monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/04c4380f-3fae-46e8-96c9-30193528f602","type":"Microsoft.Authorization/policyDefinitions","name":"04c4380f-3fae-46e8-96c9-30193528f602"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Service Bus to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Service Bus to stream to a regional Log Analytics
+ workspace when any Service Bus which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.ServiceBus/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e","type":"Microsoft.Authorization/policyDefinitions","name":"04d53d87-841c-4f23-8a5b-21564380b55e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1572 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1572"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/04f5fb00-80bb-48a9-a75b-4cb4d4c97c36","type":"Microsoft.Authorization/policyDefinitions","name":"04f5fb00-80bb-48a9-a75b-4cb4d4c97c36"},{"properties":{"displayName":"[Preview]:
Deploy Log Analytics Agent for Linux VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined
and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log
@@ -588,7 +654,10 @@ interactions:
''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77","type":"Microsoft.Authorization/policyDefinitions","name":"053d3325-282c-4e5c-b944-24faffd30d77"},{"properties":{"displayName":"Vulnerability
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77","type":"Microsoft.Authorization/policyDefinitions","name":"053d3325-282c-4e5c-b944-24faffd30d77"},{"properties":{"displayName":"Microsoft
+ Managed Control 1331 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1331"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05460fe2-301f-4ed1-8174-d62c8bb92ff4","type":"Microsoft.Authorization/policyDefinitions","name":"05460fe2-301f-4ed1-8174-d62c8bb92ff4"},{"properties":{"displayName":"Vulnerability
Assessment settings for SQL server should contain an email address to receive
scan reports","policyType":"BuiltIn","mode":"Indexed","description":"Ensure
that an email address is provided for the ''Send scan reports to'' field in
@@ -601,12 +670,44 @@ interactions:
your network is compromised","metadata":{"category":"Data Lake"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","type":"Microsoft.Authorization/policyDefinitions","name":"057ef27e-665e-4328-8ea3-04b3122bd9fb"},{"properties":{"displayName":"[Deprecated]:
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","type":"Microsoft.Authorization/policyDefinitions","name":"057ef27e-665e-4328-8ea3-04b3122bd9fb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1132 - Protection Of Audit Information | Audit Backup On Separate
+ Physical Systems / Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1132"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05938e10-cdbd-4a54-9b2b-1cbcfc141ad0","type":"Microsoft.Authorization/policyDefinitions","name":"05938e10-cdbd-4a54-9b2b-1cbcfc141ad0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1223 - Information System Component Inventory","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1223"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a","type":"Microsoft.Authorization/policyDefinitions","name":"05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1640 - Transmission Confidentiality And Integrity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1640"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05a289ce-6a20-4b75-a0f3-dc8601b6acd0","type":"Microsoft.Authorization/policyDefinitions","name":"05a289ce-6a20-4b75-a0f3-dc8601b6acd0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1420 - Maintenance Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1420"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05ae08cc-a282-413b-90c7-21a2c60b8404","type":"Microsoft.Authorization/policyDefinitions","name":"05ae08cc-a282-413b-90c7-21a2c60b8404"},{"properties":{"displayName":"Microsoft
+ Managed Control 1658 - Secure Name / Address Resolution Service (Recursive
+ Or Caching Resolver)","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1658"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/063b540e-4bdc-4e7a-a569-3a42ddf22098","type":"Microsoft.Authorization/policyDefinitions","name":"063b540e-4bdc-4e7a-a569-3a42ddf22098"},{"properties":{"displayName":"Microsoft
+ Managed Control 1688 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1688"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/063c3f09-e0f0-4587-8fd5-f4276fae675f","type":"Microsoft.Authorization/policyDefinitions","name":"063c3f09-e0f0-4587-8fd5-f4276fae675f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1332 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1332"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/068260be-a5e6-4b0a-a430-cd27071c226a","type":"Microsoft.Authorization/policyDefinitions","name":"068260be-a5e6-4b0a-a430-cd27071c226a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1455 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1455"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/068a88d4-e520-434e-baf0-9005a8164e6a","type":"Microsoft.Authorization/policyDefinitions","name":"068a88d4-e520-434e-baf0-9005a8164e6a"},{"properties":{"displayName":"[Deprecated]:
Audit SQL DB Level Audit Setting","policyType":"BuiltIn","mode":"All","description":"Audit
DB level audit setting for SQL databases","metadata":{"category":"SQL","deprecated":true},"parameters":{"setting":{"type":"String","metadata":{"displayName":"Audit
Setting"},"allowedValues":["enabled","disabled"]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Sql/servers/databases/auditingSettings","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/auditingSettings.state","equals":"[parameters(''setting'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"Audit
VMs that do not use managed disks","policyType":"BuiltIn","mode":"All","description":"This
- policy audits VMs that do not use managed disks","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/virtualMachines/osDisk.uri","exists":"True"}]},{"allOf":[{"field":"type","equals":"Microsoft.Compute/VirtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers","exists":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl","exists":"True"}]}]}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a4d"},{"properties":{"displayName":"CORS
+ policy audits VMs that do not use managed disks","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/virtualMachines/osDisk.uri","exists":"True"}]},{"allOf":[{"field":"type","equals":"Microsoft.Compute/VirtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers","exists":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl","exists":"True"}]}]}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a4d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1366 - Incident Handling | Information Correlation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1366"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06c45c30-ae44-4f0f-82be-41331da911cc","type":"Microsoft.Authorization/policyDefinitions","name":"06c45c30-ae44-4f0f-82be-41331da911cc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1633 - Boundary Protection | Route Traffic To Authenticated
+ Proxy Servers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1633"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/07557aa0-e02f-4460-9a81-8ecd2fed601a","type":"Microsoft.Authorization/policyDefinitions","name":"07557aa0-e02f-4460-9a81-8ecd2fed601a"},{"properties":{"displayName":"CORS
should not allow every resource to access your Function Apps","policyType":"BuiltIn","mode":"Indexed","description":"Cross-Origin
Resource Sharing (CORS) should not allow all domains to access your Function
app. Allow only required domains to interact with your Function app.","metadata":{"category":"App
@@ -625,12 +726,30 @@ interactions:
''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c","type":"Microsoft.Authorization/policyDefinitions","name":"0868462e-646c-4fe3-9ced-a733534b6a2c"},{"properties":{"displayName":"[Deprecated]:
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c","type":"Microsoft.Authorization/policyDefinitions","name":"0868462e-646c-4fe3-9ced-a733534b6a2c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1583 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1583"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0882d488-8e80-4466-bc0f-0cd15b6cb66d","type":"Microsoft.Authorization/policyDefinitions","name":"0882d488-8e80-4466-bc0f-0cd15b6cb66d"},{"properties":{"displayName":"[Deprecated]:
Audit Web Applications that are not using latest supported PHP Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported PHP version for the latest security classes. Using older
classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c","type":"Microsoft.Authorization/policyDefinitions","name":"08b17839-76c6-4015-90e0-33d9d54d219c"},{"properties":{"displayName":"Network
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c","type":"Microsoft.Authorization/policyDefinitions","name":"08b17839-76c6-4015-90e0-33d9d54d219c"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Search Services to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Search Services to stream to a regional Log Analytics
+ workspace when any Search Services which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Search/searchServices/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d","type":"Microsoft.Authorization/policyDefinitions","name":"08ba64b8-738f-4918-9686-730d2ed79c7d"},{"properties":{"displayName":"Network
Security Group Rules for Internet facing virtual machines should be hardened","policyType":"BuiltIn","mode":"Indexed","description":"Azure
Security Center analyzes the traffic patterns of Internet facing virtual machines
and provides Network Security Group rule recommendations that reduce the potential
@@ -639,11 +758,50 @@ interactions:
should be more than one owner assigned to your subscription","policyType":"BuiltIn","mode":"All","description":"It
is recommended to designate more than one subscription owner in order to have
administrator access redundancy.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateMoreThanOneOwner","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","type":"Microsoft.Authorization/policyDefinitions","name":"09024ccc-0c5f-475e-9457-b7c0d9ed487b"},{"properties":{"displayName":"Disk
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateMoreThanOneOwner","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","type":"Microsoft.Authorization/policyDefinitions","name":"09024ccc-0c5f-475e-9457-b7c0d9ed487b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1159 - Security Authorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1159"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0925f098-7877-450b-8ba4-d1e55f2d8795","type":"Microsoft.Authorization/policyDefinitions","name":"0925f098-7877-450b-8ba4-d1e55f2d8795"},{"properties":{"displayName":"Disk
encryption should be applied on virtual machines","policyType":"BuiltIn","mode":"All","description":"VMs
without an enabled disk encryption will be monitored by Azure Security Center
as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","type":"Microsoft.Authorization/policyDefinitions","name":"0961003e-5a0a-4549-abde-af6a37f2724d"},{"properties":{"displayName":"Audit
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","type":"Microsoft.Authorization/policyDefinitions","name":"0961003e-5a0a-4549-abde-af6a37f2724d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1302 - Identification And Authentication (Org. Users) | Network
+ Access To Non-Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1302"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09828c65-e323-422b-9774-9d5c646124da","type":"Microsoft.Authorization/policyDefinitions","name":"09828c65-e323-422b-9774-9d5c646124da"},{"properties":{"displayName":"Configure
+ backup on VMs of a location to an existing central Vault in the same location","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy configures Azure Backup protection on VMs in a given location to an
+ existing central vault in the same location. It applies to only those VMs
+ that are not already configured for backup. It is recommended that this policy
+ is assigned to not more than 200 VMs. If the policy is assigned for more than
+ 200 VMs, it can result in the backup getting triggered a few hours beyond
+ the defined schedule. This policy will be enhanced to support more VM images.","metadata":{"category":"Backup"},"parameters":{"vaultLocation":{"type":"String","metadata":{"displayName":"Location
+ (Specify the location of the VMs that you want to protect)","description":"Specify
+ the location of the VMs that you want to protect. VMs should be backed up
+ to a vault in the same location.\nFor example - southeastasia","strongType":"location"}},"backupPolicyId":{"type":"String","metadata":{"displayName":"Backup
+ Policy (of type Azure VM from a vault in the location chosen above)","description":"Specify
+ the id of the Azure backup policy to configure backup of the virtual machines.
+ The selected Azure backup policy should be of type Azure virtual machine.
+ This policy needs to be in a vault that is present in the location chosen
+ above.\nFor example - /subscriptions//resourceGroups//providers/Microsoft.RecoveryServices/vaults//backupPolicies/","strongType":"Microsoft.RecoveryServices/vaults/backupPolicies"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["deployIfNotExists","auditIfNotExists","disabled"],"defaultValue":"deployIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"location","equals":"[parameters(''vaultLocation'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c","/providers/microsoft.authorization/roleDefinitions/5e467623-bb1f-42f4-a55d-6e525e11384b"],"type":"Microsoft.RecoveryServices/backupprotecteditems","deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"backupPolicyId":{"type":"String"},"fabricName":{"type":"String"},"protectionContainers":{"type":"String"},"protectedItems":{"type":"String"},"sourceResourceId":{"type":"String"}},"resources":[{"apiVersion":"2017-05-10","name":"[concat(''DeployProtection-'',uniqueString(parameters(''protectedItems'')))]","type":"Microsoft.Resources/deployments","resourceGroup":"[first(skip(split(parameters(''backupPolicyId''),
+ ''/''), 4))]","subscriptionId":"[first(skip(split(parameters(''backupPolicyId''),
+ ''/''), 2))]","properties":{"mode":"Incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"backupPolicyId":{"type":"String"},"fabricName":{"type":"String"},"protectionContainers":{"type":"String"},"protectedItems":{"type":"String"},"sourceResourceId":{"type":"String"}},"resources":[{"type":"Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems","name":"[concat(first(skip(split(parameters(''backupPolicyId''),
+ ''/''), 8)), ''/'', parameters(''fabricName''), ''/'',parameters(''protectionContainers''),
+ ''/'', parameters(''protectedItems''))]","apiVersion":"2016-06-01","properties":{"protectedItemType":"Microsoft.Compute/virtualMachines","policyId":"[parameters(''backupPolicyId'')]","sourceResourceId":"[parameters(''sourceResourceId'')]"}}]},"parameters":{"backupPolicyId":{"value":"[parameters(''backupPolicyId'')]"},"fabricName":{"value":"[parameters(''fabricName'')]"},"protectionContainers":{"value":"[parameters(''protectionContainers'')]"},"protectedItems":{"value":"[parameters(''protectedItems'')]"},"sourceResourceId":{"value":"[parameters(''sourceResourceId'')]"}}}}]},"parameters":{"backupPolicyId":{"value":"[parameters(''backupPolicyId'')]"},"fabricName":{"value":"Azure"},"protectionContainers":{"value":"[concat(''iaasvmcontainer;iaasvmcontainerv2;'',
+ resourceGroup().name, '';'' ,field(''name''))]"},"protectedItems":{"value":"[concat(''vm;iaasvmcontainerv2;'',
+ resourceGroup().name, '';'' ,field(''name''))]"},"sourceResourceId":{"value":"[concat(''/subscriptions/'',
+ subscription().subscriptionId, ''/resourceGroups/'', resourceGroup().name,
+ ''/providers/Microsoft.Compute/virtualMachines/'',field(''name''))]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09ce66bc-1220-4153-8104-e3f51c936913","type":"Microsoft.Authorization/policyDefinitions","name":"09ce66bc-1220-4153-8104-e3f51c936913"},{"properties":{"displayName":"Microsoft
+ Managed Control 1654 - Voice Over Internet Protocol","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1654"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a2ee16e-ab1f-414a-800b-d1608835862b","type":"Microsoft.Authorization/policyDefinitions","name":"0a2ee16e-ab1f-414a-800b-d1608835862b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1402 - Controlled Maintenance | Automated Maintenance Activities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1402"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a560d32-8075-4fec-9615-9f7c853f4ea9","type":"Microsoft.Authorization/policyDefinitions","name":"0a560d32-8075-4fec-9615-9f7c853f4ea9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1428 - Media Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1428"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a77fcc7-b8d8-451a-ab52-56197913c0c7","type":"Microsoft.Authorization/policyDefinitions","name":"0a77fcc7-b8d8-451a-ab52-56197913c0c7"},{"properties":{"displayName":"Audit
resource location matches resource group location","policyType":"BuiltIn","mode":"Indexed","description":"Audit
that the resource location matches its resource group location","metadata":{"category":"General"},"policyRule":{"if":{"field":"location","notIn":["[resourcegroup().location]","global"]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a","type":"Microsoft.Authorization/policyDefinitions","name":"0a914e76-4921-4c19-b460-a2d36003525a"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
@@ -656,13 +814,26 @@ interactions:
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesAccountManagement","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesAccountManagement"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29","type":"Microsoft.Authorization/policyDefinitions","name":"0a9991e6-21be-49f9-8916-a06d934bcf29"},{"properties":{"displayName":"Email
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29","type":"Microsoft.Authorization/policyDefinitions","name":"0a9991e6-21be-49f9-8916-a06d934bcf29"},{"properties":{"displayName":"Microsoft
+ Managed Control 1044 - Unsuccessful Logon Attempts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1044"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0abbac52-57cf-450d-8408-1208d0dd9e90","type":"Microsoft.Authorization/policyDefinitions","name":"0abbac52-57cf-450d-8408-1208d0dd9e90"},{"properties":{"displayName":"Microsoft
+ Managed Control 1253 - Contingency Plan | Resume Essential Missions / Business
+ Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1253"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0afce0b3-dd9f-42bb-af28-1e4284ba8311","type":"Microsoft.Authorization/policyDefinitions","name":"0afce0b3-dd9f-42bb-af28-1e4284ba8311"},{"properties":{"displayName":"Email
notification to subscription owner for high severity alerts should be enabled","policyType":"BuiltIn","mode":"All","description":"Enable
emailing security alerts to the subscription owner, in order to have them
receive security alert emails from Microsoft. This ensures that they are aware
of any potential security issues and can mitigate the risk in a timely fashion","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertsToAdmins","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","type":"Microsoft.Authorization/policyDefinitions","name":"0b15565f-aa9e-48ba-8619-45960f2c314d"},{"properties":{"displayName":"Key
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertsToAdmins","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","type":"Microsoft.Authorization/policyDefinitions","name":"0b15565f-aa9e-48ba-8619-45960f2c314d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1046 - Automatic Account Lock | Purge / Wipe Mobile Device","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1046"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b1aa965-7502-41f9-92be-3e2fe7cc392a","type":"Microsoft.Authorization/policyDefinitions","name":"0b1aa965-7502-41f9-92be-3e2fe7cc392a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1020 - Account Management | Role-Based Schemes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1020"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b291ee8-3140-4cad-beb7-568c077c78ce","type":"Microsoft.Authorization/policyDefinitions","name":"0b291ee8-3140-4cad-beb7-568c077c78ce"},{"properties":{"displayName":"Key
Vault objects should be recoverable","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits if key vault objects are not recoverable. Soft Delete feature
helps to effectively hold the resources for a given retention period (90 days)
@@ -671,19 +842,51 @@ interactions:
state cannot be purged until the retention period of 90 days has passed. These
vaults and objects can still be recovered, assuring customers that the retention
policy will be followed.","metadata":{"category":"Key Vault"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"anyOf":[{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","equals":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","type":"Microsoft.Authorization/policyDefinitions","name":"0b60c0b2-2dc2-4e1c-b5c9-abbed971de53"},{"properties":{"displayName":"SQL
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"anyOf":[{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","equals":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","type":"Microsoft.Authorization/policyDefinitions","name":"0b60c0b2-2dc2-4e1c-b5c9-abbed971de53"},{"properties":{"displayName":"Microsoft
+ Managed Control 1115 - Audit Review, Analysis, And Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1115"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b653845-2ad9-4e09-a4f3-5a7c1d78353d","type":"Microsoft.Authorization/policyDefinitions","name":"0b653845-2ad9-4e09-a4f3-5a7c1d78353d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1239 - User-Installed Software","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1239"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0be51298-f643-4556-88af-d7db90794879","type":"Microsoft.Authorization/policyDefinitions","name":"0be51298-f643-4556-88af-d7db90794879"},{"properties":{"displayName":"Ensure
+ API app has ''Client Certificates (Incoming client certificates)'' set to
+ ''On''","policyType":"BuiltIn","mode":"Indexed","description":"Client certificates
+ allow for the app to request a certificate for incoming requests. Only clients
+ that have a valid certificate will be able to reach the app.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"},{"field":"Microsoft.Web/sites/clientCertEnabled","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886","type":"Microsoft.Authorization/policyDefinitions","name":"0c192fe8-9cbb-4516-85b3-0ade8bd03886"},{"properties":{"displayName":"Microsoft
+ Managed Control 1496 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1496"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0ca96127-2f87-46ab-a4fc-0d2a786df1c8","type":"Microsoft.Authorization/policyDefinitions","name":"0ca96127-2f87-46ab-a4fc-0d2a786df1c8"},{"properties":{"displayName":"SQL
server TDE protector should be encrypted with your own key","policyType":"BuiltIn","mode":"Indexed","description":"Transparent
Data Encryption (TDE) with your own key support provides increased transparency
and control over the TDE Protector, increased security with an HSM-backed
external service, and promotion of separation of duties.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/encryptionProtector","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/servers/encryptionProtector/serverKeyType","equals":"AzureKeyVault"},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","notEquals":""},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","type":"Microsoft.Authorization/policyDefinitions","name":"0d134df8-db83-46fb-ad72-fe0c9428c8dd"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/encryptionProtector","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/servers/encryptionProtector/serverKeyType","equals":"AzureKeyVault"},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","notEquals":""},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","type":"Microsoft.Authorization/policyDefinitions","name":"0d134df8-db83-46fb-ad72-fe0c9428c8dd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1518 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1518"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d58f734-c052-40e9-8b2f-a1c2bff0b815","type":"Microsoft.Authorization/policyDefinitions","name":"0d58f734-c052-40e9-8b2f-a1c2bff0b815"},{"properties":{"displayName":"Microsoft
+ Managed Control 1713 - Software, Firmware, And Information Integrity | Integrity
+ Checks","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1713"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d87c70b-5012-48e9-994b-e70dd4b8def0","type":"Microsoft.Authorization/policyDefinitions","name":"0d87c70b-5012-48e9-994b-e70dd4b8def0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1466 - Visitor Access Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1466"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d943a9c-a6f1-401f-a792-740cdb09c451","type":"Microsoft.Authorization/policyDefinitions","name":"0d943a9c-a6f1-401f-a792-740cdb09c451"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs on which Windows Defender Exploit Guard
is not enabled","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines on which Windows Defender Exploit Guard is not enabled. For
more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDefenderExploitGuard","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053","type":"Microsoft.Authorization/policyDefinitions","name":"0d9b45ff-9ddd-43fc-bf59-fbd1c8423053"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDefenderExploitGuard","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053","type":"Microsoft.Authorization/policyDefinitions","name":"0d9b45ff-9ddd-43fc-bf59-fbd1c8423053"},{"properties":{"displayName":"Managed
+ identity should be used in your Function App","policyType":"BuiltIn","mode":"Indexed","description":"Use
+ a managed identity for enhanced authentication security","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f","type":"Microsoft.Authorization/policyDefinitions","name":"0da106f2-4ca3-48e8-bc85-c638fe6aea8f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1718 - Software, Firmware, And Information Integrity | Binary
+ Or Machine Executable Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1718"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0dced7ab-9ce5-4137-93aa-14c13e06ab17","type":"Microsoft.Authorization/policyDefinitions","name":"0dced7ab-9ce5-4137-93aa-14c13e06ab17"},{"properties":{"displayName":"[Preview]:
Authorized IP ranges should be defined on Kubernetes Services","policyType":"BuiltIn","mode":"All","description":"Restrict
access to the Kubernetes Service Management API by granting API access only
to IP addresses in specific ranges. It is recommended to limit access to authorized
@@ -693,7 +896,42 @@ interactions:
debugging should be turned off for Function Apps","policyType":"BuiltIn","mode":"Indexed","description":"Remote
debugging requires inbound ports to be opened on an function app. Remote debugging
should be turned off.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","type":"Microsoft.Authorization/policyDefinitions","name":"0e60b895-3786-45da-8377-9c6b4b6ac5f9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","type":"Microsoft.Authorization/policyDefinitions","name":"0e60b895-3786-45da-8377-9c6b4b6ac5f9"},{"properties":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for MariaDB","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure Database for MariaDB with geo-redundant backup not
+ enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMariaDB/servers"},{"field":"Microsoft.DBforMariaDB/servers/storageProfile.geoRedundantBackup","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","type":"Microsoft.Authorization/policyDefinitions","name":"0ec47710-77ff-4a3d-9181-6aa50af424d0"},{"properties":{"displayName":"Deploy
+ prerequisites to enable Guest Configuration Policy on Windows VMs.","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a system-assigned managed identity and deploys the VM extension
+ for Guest Configuration on Windows VMs. This is a prerequisites for Guest
+ Configuration Policy and must be assigned to the scope before using any Guest
+ Configuration policy. For more information on Guest Configuration policies,
+ please visit https://aka.ms/gcpol.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.Compute/virtualMachines/extensions","name":"AzurePolicyforWindows","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.GuestConfiguration"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"ConfigurationforWindows"}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"resources":[{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}}}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0ecd903d-91e7-4726-83d3-a229d7f2e293","type":"Microsoft.Authorization/policyDefinitions","name":"0ecd903d-91e7-4726-83d3-a229d7f2e293"},{"properties":{"displayName":"Microsoft
+ Managed Control 1601 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1601"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e","type":"Microsoft.Authorization/policyDefinitions","name":"0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1476 - Fire Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1476"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f3c4ac2-3e35-4906-a80b-473b12a622d7","type":"Microsoft.Authorization/policyDefinitions","name":"0f3c4ac2-3e35-4906-a80b-473b12a622d7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1204 - Access Restrictions For Change | Review System Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1204"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f4f6750-d1ab-4a4c-8dfd-af3237682665","type":"Microsoft.Authorization/policyDefinitions","name":"0f4f6750-d1ab-4a4c-8dfd-af3237682665"},{"properties":{"displayName":"Microsoft
+ Managed Control 1430 - Media Marking","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1430"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f559588-5e53-4b14-a7c4-85d28ebc2234","type":"Microsoft.Authorization/policyDefinitions","name":"0f559588-5e53-4b14-a7c4-85d28ebc2234"},{"properties":{"displayName":"Microsoft
+ Managed Control 1574 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1574"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f935dab-83d6-47b8-85ef-68b8584161b9","type":"Microsoft.Authorization/policyDefinitions","name":"0f935dab-83d6-47b8-85ef-68b8584161b9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1164 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1164"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0fb8d3ce-9e96-481c-9c68-88d4e3019310","type":"Microsoft.Authorization/policyDefinitions","name":"0fb8d3ce-9e96-481c-9c68-88d4e3019310"},{"properties":{"displayName":"Microsoft
+ Managed Control 1017 - Account Management | Inactivity Logout","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1017"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0fc3db37-e59a-48c1-84e9-1780cedb409e","type":"Microsoft.Authorization/policyDefinitions","name":"0fc3db37-e59a-48c1-84e9-1780cedb409e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1087 - Security Awareness And Training Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1087"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/100c82ba-42e9-4d44-a2ba-94b209248583","type":"Microsoft.Authorization/policyDefinitions","name":"100c82ba-42e9-4d44-a2ba-94b209248583"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not contain the specified
certificates in Trusted Root","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows VMs that
@@ -714,10 +952,27 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprints'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/106ccbe4-a791-4f33-a44a-06796944b8d5","type":"Microsoft.Authorization/policyDefinitions","name":"106ccbe4-a791-4f33-a44a-06796944b8d5"},{"properties":{"displayName":"Custom
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/106ccbe4-a791-4f33-a44a-06796944b8d5","type":"Microsoft.Authorization/policyDefinitions","name":"106ccbe4-a791-4f33-a44a-06796944b8d5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1554 - Vulnerability Scanning | Discoverable Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1554"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/10984b4e-c93e-48d7-bf20-9c03b04e9eca","type":"Microsoft.Authorization/policyDefinitions","name":"10984b4e-c93e-48d7-bf20-9c03b04e9eca"},{"properties":{"displayName":"Ensure
+ that ''.Net Framework'' version is the latest, if used as a part of the Function
+ App","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for .Net Framework software either due to security
+ flaws or to include additional functionality. Using the latest .Net framework
+ version for web apps is recommended in order to to take advantage of security
+ fixes, if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.netFrameworkVersion","in":["v3.0","v4.0"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/10c1859c-e1a7-4df3-ab97-a487fa8059f6","type":"Microsoft.Authorization/policyDefinitions","name":"10c1859c-e1a7-4df3-ab97-a487fa8059f6"},{"properties":{"displayName":"Custom
subscription owner roles should not exist","policyType":"BuiltIn","mode":"All","description":"This
policy ensures that no custom subscription owner roles exist.","metadata":{"category":"General"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Authorization/roleDefinitions"},{"field":"Microsoft.Authorization/roleDefinitions/type","equals":"CustomRole"},{"anyOf":[{"not":{"field":"Microsoft.Authorization/roleDefinitions/permissions[*].actions[*]","notEquals":"*"}},{"not":{"field":"Microsoft.Authorization/roleDefinitions/permissions.actions[*]","notEquals":"*"}}]},{"not":{"field":"Microsoft.Authorization/roleDefinitions/assignableScopes[*]","notIn":["[concat(subscription().id,''/'')]","[subscription().id]","/"]}},{"not":{"field":"Microsoft.Authorization/roleDefinitions/assignableScopes[*]","notLike":"/providers/Microsoft.Management/*"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","type":"Microsoft.Authorization/policyDefinitions","name":"10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Authorization/roleDefinitions"},{"field":"Microsoft.Authorization/roleDefinitions/type","equals":"CustomRole"},{"anyOf":[{"not":{"field":"Microsoft.Authorization/roleDefinitions/permissions[*].actions[*]","notEquals":"*"}},{"not":{"field":"Microsoft.Authorization/roleDefinitions/permissions.actions[*]","notEquals":"*"}}]},{"not":{"field":"Microsoft.Authorization/roleDefinitions/assignableScopes[*]","notIn":["[concat(subscription().id,''/'')]","[subscription().id]","/"]}},{"not":{"field":"Microsoft.Authorization/roleDefinitions/assignableScopes[*]","notLike":"/providers/Microsoft.Management/*"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","type":"Microsoft.Authorization/policyDefinitions","name":"10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1230 - Configuration Management Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1230"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11158848-f679-4e9b-aa7b-9fb07d945071","type":"Microsoft.Authorization/policyDefinitions","name":"11158848-f679-4e9b-aa7b-9fb07d945071"},{"properties":{"displayName":"Microsoft
+ Managed Control 1432 - Media Storage","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1432"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1140e542-b80d-4048-af45-3f7245be274b","type":"Microsoft.Authorization/policyDefinitions","name":"1140e542-b80d-4048-af45-3f7245be274b"},{"properties":{"displayName":"[Preview]:
Audit Dependency Agent Deployment - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports
VMs as non-compliant if the VM Image (OS) is not in the list defined and the
agent is not installed. The list of OS images will be updated over time as
@@ -725,7 +980,16 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","type":"Microsoft.Authorization/policyDefinitions","name":"11ac78e3-31bc-4f0c-8434-37ab963cea07"},{"properties":{"displayName":"[Preview]:
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","type":"Microsoft.Authorization/policyDefinitions","name":"11ac78e3-31bc-4f0c-8434-37ab963cea07"},{"properties":{"displayName":"Microsoft
+ Managed Control 1655 - Voice Over Internet Protocol","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1655"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/121eab72-390e-4629-a7e2-6d6184f57c6b","type":"Microsoft.Authorization/policyDefinitions","name":"121eab72-390e-4629-a7e2-6d6184f57c6b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1681 - Malicious Code Protection | Automatic Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1681"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12623e7e-4736-4b2e-b776-c1600f35f93a","type":"Microsoft.Authorization/policyDefinitions","name":"12623e7e-4736-4b2e-b776-c1600f35f93a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1240 - User-Installed Software","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1240"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/129eb39f-d79a-4503-84cd-92f036b5e429","type":"Microsoft.Authorization/policyDefinitions","name":"129eb39f-d79a-4503-84cd-92f036b5e429"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- System objects''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -736,7 +1000,10 @@ interactions:
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsSystemobjects","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsSystemobjects"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12ae2d24-3805-4b37-9fa9-465968bfbcfa","type":"Microsoft.Authorization/policyDefinitions","name":"12ae2d24-3805-4b37-9fa9-465968bfbcfa"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12ae2d24-3805-4b37-9fa9-465968bfbcfa","type":"Microsoft.Authorization/policyDefinitions","name":"12ae2d24-3805-4b37-9fa9-465968bfbcfa"},{"properties":{"displayName":"Microsoft
+ Managed Control 1666 - System And Information Integrity Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1666"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12e30ee3-61e6-4509-8302-a871e8ebb91e","type":"Microsoft.Authorization/policyDefinitions","name":"12e30ee3-61e6-4509-8302-a871e8ebb91e"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that do not have the specified applications
installed","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Windows virtual machines
@@ -756,7 +1023,26 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]bwhitelistedapp;Name","value":"[parameters(''installedApplication'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6","type":"Microsoft.Authorization/policyDefinitions","name":"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6","type":"Microsoft.Authorization/policyDefinitions","name":"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1347 - Identification And Authentication (Non-Org. Users)
+ | Acceptance Of PIV Creds. From Other Agys.","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1347"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/131a2706-61e9-4916-a164-00e052056462","type":"Microsoft.Authorization/policyDefinitions","name":"131a2706-61e9-4916-a164-00e052056462"},{"properties":{"displayName":"Microsoft
+ Managed Control 1450 - Physical Access Authorizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1450"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/134d7a13-ba3e-41e2-b236-91bfcfa24e01","type":"Microsoft.Authorization/policyDefinitions","name":"134d7a13-ba3e-41e2-b236-91bfcfa24e01"},{"properties":{"displayName":"Microsoft
+ Managed Control 1184 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1184"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/13579d0e-0ab0-4b26-b0fb-d586f6d7ed20","type":"Microsoft.Authorization/policyDefinitions","name":"13579d0e-0ab0-4b26-b0fb-d586f6d7ed20"},{"properties":{"displayName":"Microsoft
+ Managed Control 1085 - Publicly Accessible Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1085"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/13d117e0-38b0-4bbb-aaab-563be5dd10ba","type":"Microsoft.Authorization/policyDefinitions","name":"13d117e0-38b0-4bbb-aaab-563be5dd10ba"},{"properties":{"displayName":"Microsoft
+ Managed Control 1404 - Maintenance Tools","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1404"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/13d8f903-0cd6-449f-a172-50f6579c182b","type":"Microsoft.Authorization/policyDefinitions","name":"13d8f903-0cd6-449f-a172-50f6579c182b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1695 - Information System Monitoring | Wireless Intrusion
+ Detection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1695"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/13fcf812-ec82-4eda-9b89-498de9efd620","type":"Microsoft.Authorization/policyDefinitions","name":"13fcf812-ec82-4eda-9b89-498de9efd620"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs in which the Administrators group contains
any of the specified members","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -776,7 +1062,15 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToExclude","value":"[parameters(''MembersToExclude'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","type":"Microsoft.Authorization/policyDefinitions","name":"144f1397-32f9-4598-8c88-118decc3ccba"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","type":"Microsoft.Authorization/policyDefinitions","name":"144f1397-32f9-4598-8c88-118decc3ccba"},{"properties":{"displayName":"Microsoft
+ Managed Control 1157 - Plan Of Action And Milestones","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1157"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/15495367-cf68-464c-bbc3-f53ca5227b7a","type":"Microsoft.Authorization/policyDefinitions","name":"15495367-cf68-464c-bbc3-f53ca5227b7a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1491 - Security Planning Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1491"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1571dd40-dafc-4ef4-8f55-16eba27efc7b","type":"Microsoft.Authorization/policyDefinitions","name":"1571dd40-dafc-4ef4-8f55-16eba27efc7b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1564 - System Development Life Cycle","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1564"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/157f0ef9-143f-496d-b8f9-f8c8eeaad801","type":"Microsoft.Authorization/policyDefinitions","name":"157f0ef9-143f-496d-b8f9-f8c8eeaad801"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not have a minimum password
age of 1 day","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -784,24 +1078,70 @@ interactions:
managed identity and deploys the VM extension for Guest Configuration. This
policy should only be used along with its corresponding audit policy in an
initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","type":"Microsoft.Authorization/policyDefinitions","name":"16390df4-2f73-4b42-af13-c801066763df"},{"properties":{"displayName":"Show
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","type":"Microsoft.Authorization/policyDefinitions","name":"16390df4-2f73-4b42-af13-c801066763df"},{"properties":{"displayName":"Microsoft
+ Managed Control 1662 - Fail In Known State","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1662"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/165cb91f-7ea8-4ab7-beaf-8636b98c9d15","type":"Microsoft.Authorization/policyDefinitions","name":"165cb91f-7ea8-4ab7-beaf-8636b98c9d15"},{"properties":{"displayName":"Microsoft
+ Managed Control 1684 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1684"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16bfdb59-db38-47a5-88a9-2e9371a638cf","type":"Microsoft.Authorization/policyDefinitions","name":"16bfdb59-db38-47a5-88a9-2e9371a638cf"},{"properties":{"displayName":"Show
audit results from Windows VMs that do not have the specified Windows PowerShell
modules installed","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that do not have the specified Windows PowerShell
modules installed. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellModules","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16f9b37c-4408-4c30-bc17-254958f2e2d6","type":"Microsoft.Authorization/policyDefinitions","name":"16f9b37c-4408-4c30-bc17-254958f2e2d6"},{"properties":{"displayName":"Transparent
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellModules","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16f9b37c-4408-4c30-bc17-254958f2e2d6","type":"Microsoft.Authorization/policyDefinitions","name":"16f9b37c-4408-4c30-bc17-254958f2e2d6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1103 - Audit Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1103"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16feeb31-6377-437e-bbab-d7f73911896d","type":"Microsoft.Authorization/policyDefinitions","name":"16feeb31-6377-437e-bbab-d7f73911896d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1007 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1007"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17200329-bf6c-46d8-ac6d-abf4641c2add","type":"Microsoft.Authorization/policyDefinitions","name":"17200329-bf6c-46d8-ac6d-abf4641c2add"},{"properties":{"displayName":"Microsoft
+ Managed Control 1349 - Identification And Authentication (Non-Org. Users)
+ | Use Of FICAM-Approved Products","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1349"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17641f70-94cd-4a5d-a613-3d1143e20e34","type":"Microsoft.Authorization/policyDefinitions","name":"17641f70-94cd-4a5d-a613-3d1143e20e34"},{"properties":{"displayName":"Deploy
+ associations for a managed application","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ an association resource that associates selected resource types to the specified
+ managed application. This policy deployment does not support nested resource
+ types.","metadata":{"category":"Managed Application"},"parameters":{"targetManagedApplicationId":{"type":"String","metadata":{"displayName":"Managed
+ application Id","description":"Resource ID of the managed application to which
+ resources need to be associated."}},"resourceTypesToAssociate":{"type":"Array","metadata":{"displayName":"Resource
+ types to associate","description":"The list of resource types to be associated
+ to the managed application.","strongType":"resourceTypes"}},"associationNamePrefix":{"type":"String","metadata":{"displayName":"Association
+ name prefix","description":"Prefix to be added to the name of the association
+ resource being created."},"defaultValue":"DeployedByPolicy"}},"policyRule":{"if":{"field":"type","in":"[parameters(''resourceTypesToAssociate'')]"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.CustomProviders/Associations","name":"[concat(parameters(''associationNamePrefix''),
+ ''-'', uniqueString(parameters(''targetManagedApplicationId'')))]","roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"associatedResourceName":{"type":"string"},"resourceTypesToAssociate":{"type":"string"},"targetManagedApplicationId":{"type":"string"},"associationNamePrefix":{"type":"string"}},"variables":{"resourceType":"[concat(parameters(''resourceTypesToAssociate''),
+ ''/providers/associations'')]","resourceName":"[concat(parameters(''associatedResourceName''),
+ ''/microsoft.customproviders/'', parameters(''associationNamePrefix''), ''-'',
+ uniqueString(parameters(''targetManagedApplicationId'')))]"},"resources":[{"type":"Microsoft.Resources/deployments","apiVersion":"2017-05-10","name":"[concat(deployment().Name,
+ ''-2'')]","properties":{"mode":"Incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[{"type":"[variables(''resourceType'')]","name":"[variables(''resourceName'')]","apiVersion":"2018-09-01-preview","properties":{"targetResourceId":"[parameters(''targetManagedApplicationId'')]"}}]}}}]},"parameters":{"resourceTypesToAssociate":{"value":"[field(''type'')]"},"associatedResourceName":{"value":"[field(''name'')]"},"targetManagedApplicationId":{"value":"[parameters(''targetManagedApplicationId'')]"},"associationNamePrefix":{"value":"[parameters(''associationNamePrefix'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17763ad9-70c0-4794-9397-53d765932634","type":"Microsoft.Authorization/policyDefinitions","name":"17763ad9-70c0-4794-9397-53d765932634"},{"properties":{"displayName":"Transparent
Data Encryption on SQL databases should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
transparent data encryption status for SQL databases","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"enabled"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"17k78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"Azure
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"enabled"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"17k78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"Microsoft
+ Managed Control 1325 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1325"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1845796a-7581-49b2-ae20-443121538e19","type":"Microsoft.Authorization/policyDefinitions","name":"1845796a-7581-49b2-ae20-443121538e19"},{"properties":{"displayName":"Microsoft
+ Managed Control 1480 - Temperature And Humidity Controls","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1480"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/18a767cc-1947-4338-a240-bc058c81164f","type":"Microsoft.Authorization/policyDefinitions","name":"18a767cc-1947-4338-a240-bc058c81164f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1369 - Incident Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1369"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/18cc35ed-a429-486d-8d59-cb47e87304ed","type":"Microsoft.Authorization/policyDefinitions","name":"18cc35ed-a429-486d-8d59-cb47e87304ed"},{"properties":{"displayName":"Microsoft
+ Managed Control 1269 - Alternate Storage Site | Separation From Primary Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1269"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/19b9439d-865d-4474-b17d-97d2702fdb66","type":"Microsoft.Authorization/policyDefinitions","name":"19b9439d-865d-4474-b17d-97d2702fdb66"},{"properties":{"displayName":"Microsoft
+ Managed Control 1071 - Wireless Access | Restrict Configurations By Users","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1071"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1a437f5b-9ad6-4f28-8861-de404d511ae4","type":"Microsoft.Authorization/policyDefinitions","name":"1a437f5b-9ad6-4f28-8861-de404d511ae4"},{"properties":{"displayName":"Azure
Monitor log profile should collect logs for categories ''write,'' ''delete,''
and ''action''","policyType":"BuiltIn","mode":"All","description":"This policy
ensures that a log profile collects logs for categories ''write,'' ''delete,''
@@ -816,7 +1156,16 @@ interactions:
SQL managed instances which do not have recurring vulnerability assessment
scans enabled. Vulnerability assessment can discover, track, and help you
remediate potential database vulnerabilities.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/vulnerabilityAssessments/recurringScans.isEnabled","equals":"True"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","type":"Microsoft.Authorization/policyDefinitions","name":"1b7aa243-30e4-4c9e-bca8-d0d3022b634a"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/vulnerabilityAssessments/recurringScans.isEnabled","equals":"True"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","type":"Microsoft.Authorization/policyDefinitions","name":"1b7aa243-30e4-4c9e-bca8-d0d3022b634a"},{"properties":{"displayName":"Ensure
+ that ''PHP version'' is the latest, if used as a part of the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for PHP software either due to security flaws
+ or to include additional functionality. Using the latest PHP version for API
+ apps is recommended in order to to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ PHP version","description":"Latest supported PHP version for App Services"},"defaultValue":"7.3"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PHP"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PHP|'',
+ parameters(''PHPLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":"[parameters(''PHPLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","type":"Microsoft.Authorization/policyDefinitions","name":"1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba"},{"properties":{"displayName":"[Preview]:
Deploy Dependency Agent for Windows VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined
and the agent is not installed. The list of OS images will be updated over
@@ -824,19 +1173,42 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentWindows","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''),
''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","type":"Microsoft.Authorization/policyDefinitions","name":"1c210e94-a481-4beb-95fa-1571b434fb04"},{"properties":{"displayName":"Virtual
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","type":"Microsoft.Authorization/policyDefinitions","name":"1c210e94-a481-4beb-95fa-1571b434fb04"},{"properties":{"displayName":"Microsoft
+ Managed Control 1072 - Wireless Access | Antennas / Transmission Power Levels","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1072"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1ca29e41-34ec-4e70-aba9-6248aca18c31","type":"Microsoft.Authorization/policyDefinitions","name":"1ca29e41-34ec-4e70-aba9-6248aca18c31"},{"properties":{"displayName":"Microsoft
+ Managed Control 1656 - Secure Name / Address Resolution Service (Authoritative
+ Source)","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1656"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1cb067d5-c8b5-4113-a7ee-0a493633924b","type":"Microsoft.Authorization/policyDefinitions","name":"1cb067d5-c8b5-4113-a7ee-0a493633924b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1592 - External Information System Services | Consistent Interests
+ Of Consumers And Providers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1592"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d01ba6c-289f-42fd-a408-494b355b6222","type":"Microsoft.Authorization/policyDefinitions","name":"1d01ba6c-289f-42fd-a408-494b355b6222"},{"properties":{"displayName":"Microsoft
+ Managed Control 1088 - Security Awareness And Training Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1088"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d50f99d-1356-49c0-934a-45f742ba7783","type":"Microsoft.Authorization/policyDefinitions","name":"1d50f99d-1356-49c0-934a-45f742ba7783"},{"properties":{"displayName":"Microsoft
+ Managed Control 1538 - Security Categorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1538"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d7658b2-e827-49c3-a2ae-6d2bd0b45874","type":"Microsoft.Authorization/policyDefinitions","name":"1d7658b2-e827-49c3-a2ae-6d2bd0b45874"},{"properties":{"displayName":"Virtual
machines should be migrated to new Azure Resource Manager resources","policyType":"BuiltIn","mode":"All","description":"Use
new Azure Resource Manager for your virtual machines to provide security enhancements
such as: stronger access control (RBAC), better auditing, ARM-based deployment
and governance, access to managed identities, access to key vault for secrets,
Azure AD-based authentication and support for tags and resource groups for
easier security management","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.ClassicCompute/virtualMachines","Microsoft.Compute/virtualMachines"]},{"value":"[field(''type'')]","equals":"Microsoft.ClassicCompute/virtualMachines"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","type":"Microsoft.Authorization/policyDefinitions","name":"1d84d5fb-01f6-4d12-ba4f-4a26081d403d"},{"properties":{"displayName":"[Deprecated]:
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.ClassicCompute/virtualMachines","Microsoft.Compute/virtualMachines"]},{"value":"[field(''type'')]","equals":"Microsoft.ClassicCompute/virtualMachines"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","type":"Microsoft.Authorization/policyDefinitions","name":"1d84d5fb-01f6-4d12-ba4f-4a26081d403d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1298 - Identification And Authentication Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1298"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1dc784b5-4895-4d27-9d40-a06b032bd1ee","type":"Microsoft.Authorization/policyDefinitions","name":"1dc784b5-4895-4d27-9d40-a06b032bd1ee"},{"properties":{"displayName":"[Deprecated]:
Audit API Applications that are not using latest supported .NET Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported .NET Framework version for the latest security classes.
Using older classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestDotNet","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb","type":"Microsoft.Authorization/policyDefinitions","name":"1de7b11d-1870-41a5-8181-507e7c663cfb"},{"properties":{"displayName":"Require
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestDotNet","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb","type":"Microsoft.Authorization/policyDefinitions","name":"1de7b11d-1870-41a5-8181-507e7c663cfb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1595 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1595"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1e0414e7-6ef5-4182-8076-aa82fbb53341","type":"Microsoft.Authorization/policyDefinitions","name":"1e0414e7-6ef5-4182-8076-aa82fbb53341"},{"properties":{"displayName":"Require
tag and its value","policyType":"BuiltIn","mode":"Indexed","description":"Enforces
a required tag and its value. Does not apply to resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
@@ -847,7 +1219,22 @@ interactions:
to enable Azure AD authentication. Azure AD authentication enables simplified
permission management and centralized identity management of database users
and other Microsoft services","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/administrators"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","type":"Microsoft.Authorization/policyDefinitions","name":"1f314764-cb73-4fc9-b863-8eca98ac36e9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/administrators"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","type":"Microsoft.Authorization/policyDefinitions","name":"1f314764-cb73-4fc9-b863-8eca98ac36e9"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Event Hub to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Event Hub to stream to a regional Log Analytics
+ workspace when any Event Hub which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.EventHub/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ArchiveLogs","enabled":true,"retentionPolicy":{"enabled":false,"days":0}},{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"AutoScaleLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"KafkaCoordinatorLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"EventHubVNetConnectionEvent","enabled":"[parameters(''logsEnabled'')]"},{"category":"CustomerManagedKeyUserLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579","type":"Microsoft.Authorization/policyDefinitions","name":"1f6e93e8-6b31-41b1-83f6-36e449a42579"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Shutdown''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -872,24 +1259,47 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Shutdown:
Allow system to be shut down without having to log on;ExpectedValue","value":"[parameters(''ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn'')]"},{"name":"Shutdown:
Clear virtual memory pagefile;ExpectedValue","value":"[parameters(''ShutdownClearVirtualMemoryPagefile'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f8c20ce-3414-4496-8b26-0e902a1541da","type":"Microsoft.Authorization/policyDefinitions","name":"1f8c20ce-3414-4496-8b26-0e902a1541da"},{"properties":{"displayName":"The
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f8c20ce-3414-4496-8b26-0e902a1541da","type":"Microsoft.Authorization/policyDefinitions","name":"1f8c20ce-3414-4496-8b26-0e902a1541da"},{"properties":{"displayName":"Microsoft
+ Managed Control 1616 - System And Communications Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1616"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2006457a-48b3-4f7b-8d2e-1532287f9929","type":"Microsoft.Authorization/policyDefinitions","name":"2006457a-48b3-4f7b-8d2e-1532287f9929"},{"properties":{"displayName":"Microsoft
+ Managed Control 1650 - Public Key Infrastructure Certificates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1650"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/201d3740-bd16-4baf-b4b8-7cda352228b7","type":"Microsoft.Authorization/policyDefinitions","name":"201d3740-bd16-4baf-b4b8-7cda352228b7"},{"properties":{"displayName":"The
NSGs rules for web applications on IaaS should be hardened","policyType":"BuiltIn","mode":"All","description":"Azure
security center has discovered that some of your virtual machines are running
web applications, and the NSGs associated to these virtual machines are overly
permissive with regards to the web application ports","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedWebApplication","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","type":"Microsoft.Authorization/policyDefinitions","name":"201ea587-7c90-41c3-910f-c280ae01cfd6"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedWebApplication","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","type":"Microsoft.Authorization/policyDefinitions","name":"201ea587-7c90-41c3-910f-c280ae01cfd6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1181 - Baseline Configuration | Retention Of Previous Configurations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1181"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21839937-d241-4fa5-95c6-b669253d9ab9","type":"Microsoft.Authorization/policyDefinitions","name":"21839937-d241-4fa5-95c6-b669253d9ab9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1111 - Response To Audit Processing Failures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1111"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21de687c-f15e-4e51-bf8d-f35c8619965b","type":"Microsoft.Authorization/policyDefinitions","name":"21de687c-f15e-4e51-bf8d-f35c8619965b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1596 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1596"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21e25e01-0ae0-41be-919e-04ce92b8e8b8","type":"Microsoft.Authorization/policyDefinitions","name":"21e25e01-0ae0-41be-919e-04ce92b8e8b8"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Audit''","policyType":"BuiltIn","mode":"All","description":"This policy should
only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Security
Options - Audit''. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAudit","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21e2995e-683e-497a-9e81-2f42ad07050a","type":"Microsoft.Authorization/policyDefinitions","name":"21e2995e-683e-497a-9e81-2f42ad07050a"},{"properties":{"displayName":"[Deprecated]:
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAudit","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21e2995e-683e-497a-9e81-2f42ad07050a","type":"Microsoft.Authorization/policyDefinitions","name":"21e2995e-683e-497a-9e81-2f42ad07050a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1426 - Media Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1426"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21f639bc-f42b-46b1-8f40-7a2a389c291a","type":"Microsoft.Authorization/policyDefinitions","name":"21f639bc-f42b-46b1-8f40-7a2a389c291a"},{"properties":{"displayName":"[Deprecated]:
Audit API Apps that are not using custom domains","policyType":"BuiltIn","mode":"All","description":"Use
of custom domains protects a API app from common attacks such as phishing
and other DNS-related attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac","type":"Microsoft.Authorization/policyDefinitions","name":"224da9fe-0d38-4e79-adb3-0a6e2af942ac"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac","type":"Microsoft.Authorization/policyDefinitions","name":"224da9fe-0d38-4e79-adb3-0a6e2af942ac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1399 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1399"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2256e638-eb23-480f-9e15-6cf1af0a76b3","type":"Microsoft.Authorization/policyDefinitions","name":"2256e638-eb23-480f-9e15-6cf1af0a76b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1221 - Least Functionality | Authorized Software / Whitelisting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1221"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22589a07-0007-486a-86ca-95355081ae2a","type":"Microsoft.Authorization/policyDefinitions","name":"22589a07-0007-486a-86ca-95355081ae2a"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Account Management''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -902,7 +1312,9 @@ interactions:
remote management ports are exposing your VM to a high level of risk from
Internet-based attacks. These attacks attempt to brute force credentials to
gain admin access to the machine.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"restrictAccessToManagementPorts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","type":"Microsoft.Authorization/policyDefinitions","name":"22730e10-96f6-4aac-ad84-9383d35b5917"},{"properties":{"displayName":"Only
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"restrictAccessToManagementPorts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","type":"Microsoft.Authorization/policyDefinitions","name":"22730e10-96f6-4aac-ad84-9383d35b5917"},{"properties":{"displayName":"Microsoft
+ Managed Control 1493 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1493"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22b469b3-fccf-42da-aa3b-a28e6fb113ce","type":"Microsoft.Authorization/policyDefinitions","name":"22b469b3-fccf-42da-aa3b-a28e6fb113ce"},{"properties":{"displayName":"Only
secure connections to your Redis Cache should be enabled","policyType":"BuiltIn","mode":"All","description":"Audit
enabling of only connections via SSL to Redis Cache. Use of secure connections
ensures authentication between the server and the service and protects data
@@ -917,37 +1329,99 @@ interactions:
Guest Configuration. This policy should only be used along with its corresponding
audit policy in an initiative. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordLength"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","type":"Microsoft.Authorization/policyDefinitions","name":"23020aa6-1135-4be2-bae2-149982b06eca"},{"properties":{"displayName":"Service
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordLength"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","type":"Microsoft.Authorization/policyDefinitions","name":"23020aa6-1135-4be2-bae2-149982b06eca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1256 - Contingency Plan | Identify Critical Assets","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1256"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/232ab24b-810b-4640-9019-74a7d0d6a980","type":"Microsoft.Authorization/policyDefinitions","name":"232ab24b-810b-4640-9019-74a7d0d6a980"},{"properties":{"displayName":"Service
Bus should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Service Bus not configured to use a virtual network service
endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.ServiceBus/namespaces/virtualNetworkRules","existenceCondition":{"field":"Microsoft.ServiceBus/namespaces/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/235359c5-7c52-4b82-9055-01c75cf9f60e","type":"Microsoft.Authorization/policyDefinitions","name":"235359c5-7c52-4b82-9055-01c75cf9f60e"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.ServiceBus/namespaces/virtualNetworkRules","existenceCondition":{"field":"Microsoft.ServiceBus/namespaces/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/235359c5-7c52-4b82-9055-01c75cf9f60e","type":"Microsoft.Authorization/policyDefinitions","name":"235359c5-7c52-4b82-9055-01c75cf9f60e"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Stream Analytics to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Stream Analytics to stream to a regional Log Analytics
+ workspace when any Stream Analytics which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingjobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.StreamAnalytics/streamingjobs/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Execution","enabled":"[parameters(''logsEnabled'')]"},{"category":"Authoring","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673","type":"Microsoft.Authorization/policyDefinitions","name":"237e0f7e-b0e8-4ec4-ad46-8c12cb66d673"},{"properties":{"displayName":"Microsoft
+ Managed Control 1268 - Alternate Storage Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1268"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/23f6e984-3053-4dfc-ab48-543b764781f5","type":"Microsoft.Authorization/policyDefinitions","name":"23f6e984-3053-4dfc-ab48-543b764781f5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1122 - Audit Review, Analysis, And Reporting | Permitted Actions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1122"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/243ec95e-800c-49d4-ba52-1fdd9f6b8b57","type":"Microsoft.Authorization/policyDefinitions","name":"243ec95e-800c-49d4-ba52-1fdd9f6b8b57"},{"properties":{"displayName":"Microsoft
+ Managed Control 1231 - Configuration Management Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1231"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/244e0c05-cc45-4fe7-bf36-42dcf01f457d","type":"Microsoft.Authorization/policyDefinitions","name":"244e0c05-cc45-4fe7-bf36-42dcf01f457d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1082 - Information Sharing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1082"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/24d480ef-11a0-4b1b-8e70-4e023bf2be23","type":"Microsoft.Authorization/policyDefinitions","name":"24d480ef-11a0-4b1b-8e70-4e023bf2be23"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that do not have a maximum password age
of 70 days","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that do not have a maximum password age of 70 days. For more
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","type":"Microsoft.Authorization/policyDefinitions","name":"24dde96d-f0b1-425e-884f-4a1421e2dcdc"},{"properties":{"displayName":"Endpoint
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","type":"Microsoft.Authorization/policyDefinitions","name":"24dde96d-f0b1-425e-884f-4a1421e2dcdc"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Data Lake Storage Gen1 to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Storage Gen1 to stream to a regional
+ Log Analytics workspace when any Data Lake Storage Gen1 which is missing this
+ diagnostic settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeStore/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/25763a0a-5783-4f14-969e-79d4933eb74b","type":"Microsoft.Authorization/policyDefinitions","name":"25763a0a-5783-4f14-969e-79d4933eb74b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1372 - Incident Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1372"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/25b96717-c912-4c00-9143-4e487f411726","type":"Microsoft.Authorization/policyDefinitions","name":"25b96717-c912-4c00-9143-4e487f411726"},{"properties":{"displayName":"Microsoft
+ Managed Control 1038 - Least Privilege | Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1038"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26692e88-71b7-4a5f-a8ac-9f31dd05bd8e","type":"Microsoft.Authorization/policyDefinitions","name":"26692e88-71b7-4a5f-a8ac-9f31dd05bd8e"},{"properties":{"displayName":"Endpoint
protection solution should be installed on virtual machine scale sets","policyType":"BuiltIn","mode":"Indexed","description":"Audit
the existence and health of an endpoint protection solution on your virtual
machines scale sets, to protect them from threats and vulnerabilities.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EndpointProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","type":"Microsoft.Authorization/policyDefinitions","name":"26a828e1-e88f-464e-bbb3-c134a282b9de"},{"properties":{"displayName":"Metric
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EndpointProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","type":"Microsoft.Authorization/policyDefinitions","name":"26a828e1-e88f-464e-bbb3-c134a282b9de"},{"properties":{"displayName":"Microsoft
+ Managed Control 1649 - Collaborative Computing Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1649"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26d292cc-b0b8-4c29-9337-68abc758bf7b","type":"Microsoft.Authorization/policyDefinitions","name":"26d292cc-b0b8-4c29-9337-68abc758bf7b"},{"properties":{"displayName":"Metric
alert rules should be configured on Batch accounts","policyType":"BuiltIn","mode":"Indexed","description":"Audit
configuration of metric alert rules on Batch account to enable the required
metric","metadata":{"category":"Batch"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"metricName":{"type":"String","metadata":{"displayName":"Metric
name","description":"The metric name that an alert rule must be enabled on"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Batch/batchAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/alertRules","existenceScope":"Subscription","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/alertRules/isEnabled","equals":"true"},{"field":"Microsoft.Insights/alertRules/condition.dataSource.metricName","equals":"[parameters(''metricName'')]"},{"field":"Microsoft.Insights/alertRules/condition.dataSource.resourceUri","equals":"[concat(''/subscriptions/'',
subscription().subscriptionId, ''/resourcegroups/'', resourceGroup().name,
- ''/providers/Microsoft.Batch/batchAccounts/'', field(''name''))]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","type":"Microsoft.Authorization/policyDefinitions","name":"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7"},{"properties":{"displayName":"Deploy
+ ''/providers/Microsoft.Batch/batchAccounts/'', field(''name''))]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","type":"Microsoft.Authorization/policyDefinitions","name":"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1396 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1396"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/276af98f-4ff9-4e69-99fb-c9b2452fb85f","type":"Microsoft.Authorization/policyDefinitions","name":"276af98f-4ff9-4e69-99fb-c9b2452fb85f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1074 - Access Control For Mobile Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1074"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/27a69937-af92-4198-9b86-08d355c7e59a","type":"Microsoft.Authorization/policyDefinitions","name":"27a69937-af92-4198-9b86-08d355c7e59a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1527 - Access Agreements","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1527"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2823de66-332f-4bfd-94a3-3eb036cd3b67","type":"Microsoft.Authorization/policyDefinitions","name":"2823de66-332f-4bfd-94a3-3eb036cd3b67"},{"properties":{"displayName":"Deploy
default Microsoft IaaSAntimalware extension for Windows Server","policyType":"BuiltIn","mode":"Indexed","description":"This
policy deploys a Microsoft IaaSAntimalware extension with a default configuration
when a VM is not configured with the antimalware extension.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk"]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"ExclusionsPaths":{"type":"string","defaultValue":"","metadata":{"description":"Semicolon
@@ -959,7 +1433,25 @@ interactions:
whether scheduled scan setting type is set to Quick or Full (default is Quick)"}},"ScheduledScanSettingsDay":{"type":"string","defaultValue":"7","metadata":{"description":"Day
of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)"}},"ScheduledScanSettingsTime":{"type":"string","defaultValue":"120","metadata":{"description":"When
to perform the scheduled scan, measured in minutes from midnight (0-1440).
- For example: 0 = 12AM, 60 = 1AM, 120 = 2AM."}}},"resources":[{"name":"[concat(parameters(''vmName''),''/IaaSAntimalware'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2017-12-01","properties":{"publisher":"Microsoft.Azure.Security","type":"IaaSAntimalware","typeHandlerVersion":"1.3","autoUpgradeMinorVersion":true,"settings":{"AntimalwareEnabled":true,"RealtimeProtectionEnabled":"[parameters(''RealtimeProtectionEnabled'')]","ScheduledScanSettings":{"isEnabled":"[parameters(''ScheduledScanSettingsIsEnabled'')]","day":"[parameters(''ScheduledScanSettingsDay'')]","time":"[parameters(''ScheduledScanSettingsTime'')]","scanType":"[parameters(''ScheduledScanSettingsScanType'')]"},"Exclusions":{"Extensions":"[parameters(''ExclusionsExtensions'')]","Paths":"[parameters(''ExclusionsPaths'')]","Processes":"[parameters(''ExclusionsProcesses'')]"}}}}]},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"RealtimeProtectionEnabled":{"value":"true"},"ScheduledScanSettingsIsEnabled":{"value":"true"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc","type":"Microsoft.Authorization/policyDefinitions","name":"2835b622-407b-4114-9198-6f7064cbe0dc"},{"properties":{"displayName":"[Preview]:
+ For example: 0 = 12AM, 60 = 1AM, 120 = 2AM."}}},"resources":[{"name":"[concat(parameters(''vmName''),''/IaaSAntimalware'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2017-12-01","properties":{"publisher":"Microsoft.Azure.Security","type":"IaaSAntimalware","typeHandlerVersion":"1.3","autoUpgradeMinorVersion":true,"settings":{"AntimalwareEnabled":true,"RealtimeProtectionEnabled":"[parameters(''RealtimeProtectionEnabled'')]","ScheduledScanSettings":{"isEnabled":"[parameters(''ScheduledScanSettingsIsEnabled'')]","day":"[parameters(''ScheduledScanSettingsDay'')]","time":"[parameters(''ScheduledScanSettingsTime'')]","scanType":"[parameters(''ScheduledScanSettingsScanType'')]"},"Exclusions":{"Extensions":"[parameters(''ExclusionsExtensions'')]","Paths":"[parameters(''ExclusionsPaths'')]","Processes":"[parameters(''ExclusionsProcesses'')]"}}}}]},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"RealtimeProtectionEnabled":{"value":"true"},"ScheduledScanSettingsIsEnabled":{"value":"true"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc","type":"Microsoft.Authorization/policyDefinitions","name":"2835b622-407b-4114-9198-6f7064cbe0dc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1342 - Authenticator Management | Hardware Token-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1342"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/283a4e29-69d5-4c94-b99e-29acf003c899","type":"Microsoft.Authorization/policyDefinitions","name":"283a4e29-69d5-4c94-b99e-29acf003c899"},{"properties":{"displayName":"Microsoft
+ Managed Control 1436 - Media Transport","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1436"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/28aab8b4-74fd-4b7c-9080-5a7be525d574","type":"Microsoft.Authorization/policyDefinitions","name":"28aab8b4-74fd-4b7c-9080-5a7be525d574"},{"properties":{"displayName":"Microsoft
+ Managed Control 1224 - Information System Component Inventory | Updates During
+ Installations / Removals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1224"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/28cfa30b-7f72-47ce-ba3b-eed26c8d2c82","type":"Microsoft.Authorization/policyDefinitions","name":"28cfa30b-7f72-47ce-ba3b-eed26c8d2c82"},{"properties":{"displayName":"Microsoft
+ Managed Control 1148 - Security Assessments | Independent Assessors","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1148"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/28e62650-c7c2-4786-bdfa-17edc1673902","type":"Microsoft.Authorization/policyDefinitions","name":"28e62650-c7c2-4786-bdfa-17edc1673902"},{"properties":{"displayName":"Microsoft
+ Managed Control 1418 - Nonlocal Maintenance | Comparable Security / Sanitization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1418"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/28e633fd-284e-4ea7-88b4-02ca157ed713","type":"Microsoft.Authorization/policyDefinitions","name":"28e633fd-284e-4ea7-88b4-02ca157ed713"},{"properties":{"displayName":"Microsoft
+ Managed Control 1634 - Boundary Protection | Prevent Unauthorized Exfiltration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1634"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/292a7c44-37fa-4c68-af7c-9d836955ded2","type":"Microsoft.Authorization/policyDefinitions","name":"292a7c44-37fa-4c68-af7c-9d836955ded2"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
User Account Control''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -977,14 +1469,57 @@ interactions:
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"field":"[concat(''tags['',
parameters(''tagName''), '']'')]","exists":"false"},"then":{"effect":"append","details":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498","type":"Microsoft.Authorization/policyDefinitions","name":"2a0e14a6-b0a6-4fab-991a-187a4f81c498"},{"properties":{"displayName":"Unattached
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498","type":"Microsoft.Authorization/policyDefinitions","name":"2a0e14a6-b0a6-4fab-991a-187a4f81c498"},{"properties":{"displayName":"Microsoft
+ Managed Control 1219 - Least Functionality | Authorized Software / Whitelisting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1219"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2a39ac75-622b-4c88-9a3f-45b7373f7ef7","type":"Microsoft.Authorization/policyDefinitions","name":"2a39ac75-622b-4c88-9a3f-45b7373f7ef7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1274 - Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1274"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2aee175f-cd16-4825-939a-a85349d96210","type":"Microsoft.Authorization/policyDefinitions","name":"2aee175f-cd16-4825-939a-a85349d96210"},{"properties":{"displayName":"Microsoft
+ Managed Control 1603 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1603"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2b909c26-162f-47ce-8e15-0c1f55632eac","type":"Microsoft.Authorization/policyDefinitions","name":"2b909c26-162f-47ce-8e15-0c1f55632eac"},{"properties":{"displayName":"Managed
+ identity should be used in your Web App","policyType":"BuiltIn","mode":"Indexed","description":"Use
+ a managed identity for enhanced authentication security","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332","type":"Microsoft.Authorization/policyDefinitions","name":"2b9ad585-36bc-4615-b300-fd4435808332"},{"properties":{"displayName":"Microsoft
+ Managed Control 1434 - Media Transport","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1434"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c18f06b-a68d-41c3-8863-b8cd3acb5f8f","type":"Microsoft.Authorization/policyDefinitions","name":"2c18f06b-a68d-41c3-8863-b8cd3acb5f8f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1343 - Authenticator Management | Expiration Of Cached Authenticators","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1343"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c251a55-31eb-4e53-99c6-e9c43c393ac2","type":"Microsoft.Authorization/policyDefinitions","name":"2c251a55-31eb-4e53-99c6-e9c43c393ac2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1388 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1388"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c7c575a-d4c5-4f6f-bd49-dee97a8cba55","type":"Microsoft.Authorization/policyDefinitions","name":"2c7c575a-d4c5-4f6f-bd49-dee97a8cba55"},{"properties":{"displayName":"Microsoft
+ Managed Control 1344 - Authenticator Feedback","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1344"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c895fe7-2d8e-43a2-838c-3a533a5b355e","type":"Microsoft.Authorization/policyDefinitions","name":"2c895fe7-2d8e-43a2-838c-3a533a5b355e"},{"properties":{"displayName":"Unattached
disks should be encrypted","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any unattached disk without encryption enabled.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/disks"},{"field":"Microsoft.Compute/disks/diskState","equals":"Unattached"},{"anyOf":[{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","exists":"false"},{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","type":"Microsoft.Authorization/policyDefinitions","name":"2c89a2e5-7285-40fe-afe0-ae8654b92fb2"},{"properties":{"displayName":"App
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/disks"},{"field":"Microsoft.Compute/disks/diskState","equals":"Unattached"},{"anyOf":[{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","exists":"false"},{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","type":"Microsoft.Authorization/policyDefinitions","name":"2c89a2e5-7285-40fe-afe0-ae8654b92fb2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1593 - External Information System Services | Processing,
+ Storage, And Service Location","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1593"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2cd0a426-b5f5-4fe0-9539-a6043cdbc6fa","type":"Microsoft.Authorization/policyDefinitions","name":"2cd0a426-b5f5-4fe0-9539-a6043cdbc6fa"},{"properties":{"displayName":"Microsoft
+ Managed Control 1546 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1546"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2ce1ea7e-4038-4e53-82f4-63e8859333c1","type":"Microsoft.Authorization/policyDefinitions","name":"2ce1ea7e-4038-4e53-82f4-63e8859333c1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1414 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1414"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2ce63a52-e47b-4ae2-adbb-6e40d967f9e6","type":"Microsoft.Authorization/policyDefinitions","name":"2ce63a52-e47b-4ae2-adbb-6e40d967f9e6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1679 - Malicious Code Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1679"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2cf42a28-193e-41c5-98df-7688e7ef0a88","type":"Microsoft.Authorization/policyDefinitions","name":"2cf42a28-193e-41c5-98df-7688e7ef0a88"},{"properties":{"displayName":"Microsoft
+ Managed Control 1068 - Wireless Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1068"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d045bca-a0fd-452e-9f41-4ec33769717c","type":"Microsoft.Authorization/policyDefinitions","name":"2d045bca-a0fd-452e-9f41-4ec33769717c"},{"properties":{"displayName":"App
Service should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any App Service not configured to use a virtual network service
endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/virtualNetworkConnections","existenceCondition":{"field":"Microsoft.Web/sites/virtualnetworkconnections/vnetResourceId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d21331d-a4c2-4def-a9ad-ee4e1e023beb","type":"Microsoft.Authorization/policyDefinitions","name":"2d21331d-a4c2-4def-a9ad-ee4e1e023beb"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/virtualNetworkConnections","existenceCondition":{"field":"Microsoft.Web/sites/virtualnetworkconnections/vnetResourceId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d21331d-a4c2-4def-a9ad-ee4e1e023beb","type":"Microsoft.Authorization/policyDefinitions","name":"2d21331d-a4c2-4def-a9ad-ee4e1e023beb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1704 - Security Alerts, Advisories, And Directives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1704"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d44b6fa-1134-4ea6-ad4e-9edb68f65429","type":"Microsoft.Authorization/policyDefinitions","name":"2d44b6fa-1134-4ea6-ad4e-9edb68f65429"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that do not store passwords using reversible
encryption","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
@@ -998,7 +1533,35 @@ interactions:
initiative. This definition allows Azure Policy to process the results of
auditing Linux virtual machines that allow remote connections from accounts
without passwords. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","type":"Microsoft.Authorization/policyDefinitions","name":"2d67222d-05fd-4526-a171-2ee132ad9e83"},{"properties":{"displayName":"[Deprecated]:
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","type":"Microsoft.Authorization/policyDefinitions","name":"2d67222d-05fd-4526-a171-2ee132ad9e83"},{"properties":{"displayName":"Microsoft
+ Managed Control 1077 - Use Of External Information Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1077"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2dad3668-797a-412e-a798-07d3849a7a79","type":"Microsoft.Authorization/policyDefinitions","name":"2dad3668-797a-412e-a798-07d3849a7a79"},{"properties":{"displayName":"Microsoft
+ Managed Control 1149 - Security Assessments | Specialized Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1149"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2e1b855b-a013-481a-aeeb-2bcb129fd35d","type":"Microsoft.Authorization/policyDefinitions","name":"2e1b855b-a013-481a-aeeb-2bcb129fd35d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1497 - System Security Plan | Plan / Coordinate With Other
+ Organizational Entities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1497"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2e3c5583-1729-4d36-8771-59c32f090a22","type":"Microsoft.Authorization/policyDefinitions","name":"2e3c5583-1729-4d36-8771-59c32f090a22"},{"properties":{"displayName":"Microsoft
+ Managed Control 1000 - Access Control Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1000"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2ef3cc79-733e-48ed-ab6f-7bf439e9b406","type":"Microsoft.Authorization/policyDefinitions","name":"2ef3cc79-733e-48ed-ab6f-7bf439e9b406"},{"properties":{"displayName":"Microsoft
+ Managed Control 1519 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1519"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2f13915a-324c-4ab8-b45c-2eefeeefb098","type":"Microsoft.Authorization/policyDefinitions","name":"2f13915a-324c-4ab8-b45c-2eefeeefb098"},{"properties":{"displayName":"[Preview]:
+ Network traffic data collection agent should be installed on Windows virtual
+ machines","policyType":"BuiltIn","mode":"Indexed","description":"Security
+ Center uses the Microsoft Monitoring Dependency Agent to collect network traffic
+ data from your Azure virtual machines to enable advanced network protection
+ features such as traffic visualization on the network map, network hardening
+ recommendations and specific network threats.","metadata":{"category":"Monitoring","preview":"true"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable Dependency Agent for Windows VMs monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2f2ee1de-44aa-4762-b6bd-0893fc3f306d","type":"Microsoft.Authorization/policyDefinitions","name":"2f2ee1de-44aa-4762-b6bd-0893fc3f306d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1144 - Security Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1144"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fa15ff1-a693-4ee4-b094-324818dc9a51","type":"Microsoft.Authorization/policyDefinitions","name":"2fa15ff1-a693-4ee4-b094-324818dc9a51"},{"properties":{"displayName":"Microsoft
+ Managed Control 1090 - Security Awareness Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1090"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fb740e5-cbc7-4d10-8686-d1bf826652b1","type":"Microsoft.Authorization/policyDefinitions","name":"2fb740e5-cbc7-4d10-8686-d1bf826652b1"},{"properties":{"displayName":"[Deprecated]:
Web Application should only be accessible over HTTPS","policyType":"BuiltIn","mode":"All","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"Security
@@ -1028,7 +1591,14 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[DomainMembership]WindowsDomainMembership;DomainName","value":"[parameters(''DomainName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/315c850a-272d-4502-8935-b79010405970","type":"Microsoft.Authorization/policyDefinitions","name":"315c850a-272d-4502-8935-b79010405970"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/315c850a-272d-4502-8935-b79010405970","type":"Microsoft.Authorization/policyDefinitions","name":"315c850a-272d-4502-8935-b79010405970"},{"properties":{"displayName":"Microsoft
+ Managed Control 1042 - Least Privilege | Auditing Use Of Privileged Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1042"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/319dc4f0-0fed-4ac9-8fc3-7aeddee82c07","type":"Microsoft.Authorization/policyDefinitions","name":"319dc4f0-0fed-4ac9-8fc3-7aeddee82c07"},{"properties":{"displayName":"Microsoft
+ Managed Control 1698 - Information System Monitoring | Individuals Posing
+ Greater Risk","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1698"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/31b752c1-05a9-432a-8fce-c39b56550119","type":"Microsoft.Authorization/policyDefinitions","name":"31b752c1-05a9-432a-8fce-c39b56550119"},{"properties":{"displayName":"[Preview]:
Audit Log Analytics Agent Deployment - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports
VMs as non-compliant if the VM Image (OS) is not in the list defined and the
agent is not installed. The list of OS images will be updated over time as
@@ -1036,7 +1606,13 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","type":"Microsoft.Authorization/policyDefinitions","name":"32133ab0-ee4b-4b44-98d6-042180979d50"},{"properties":{"displayName":"Deploy
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","type":"Microsoft.Authorization/policyDefinitions","name":"32133ab0-ee4b-4b44-98d6-042180979d50"},{"properties":{"displayName":"Microsoft
+ Managed Control 1587 - External Information System Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1587"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32820956-9c6d-4376-934c-05cd8525be7c","type":"Microsoft.Authorization/policyDefinitions","name":"32820956-9c6d-4376-934c-05cd8525be7c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1333 - Authenticator Management | Pki-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1333"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3298d6bf-4bc6-4278-a95d-f7ef3ac6e594","type":"Microsoft.Authorization/policyDefinitions","name":"3298d6bf-4bc6-4278-a95d-f7ef3ac6e594"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs on which the specified services are not
installed and ''Running''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -1055,35 +1631,59 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsServiceStatus]WindowsServiceStatus1;ServiceName","value":"[parameters(''ServiceName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32b1e4d4-6cd5-47b4-a935-169da8a5c262","type":"Microsoft.Authorization/policyDefinitions","name":"32b1e4d4-6cd5-47b4-a935-169da8a5c262"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32b1e4d4-6cd5-47b4-a935-169da8a5c262","type":"Microsoft.Authorization/policyDefinitions","name":"32b1e4d4-6cd5-47b4-a935-169da8a5c262"},{"properties":{"displayName":"Microsoft
+ Managed Control 1445 - Physical And Environmental Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1445"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32d07d59-2716-4972-b37b-214a67ac4a37","type":"Microsoft.Authorization/policyDefinitions","name":"32d07d59-2716-4972-b37b-214a67ac4a37"},{"properties":{"displayName":"Microsoft
+ Managed Control 1282 - Telecommunications Services | Single Points Of Failure","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1282"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34042a97-ec6d-4263-93d2-8c1c46823b2a","type":"Microsoft.Authorization/policyDefinitions","name":"34042a97-ec6d-4263-93d2-8c1c46823b2a"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Linux VMs that have accounts without passwords","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Linux virtual machines
that have accounts without passwords. It also creates a system-assigned managed
identity and deploys the VM extension for Guest Configuration. This policy
should only be used along with its corresponding audit policy in an initiative.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid232","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid232"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","type":"Microsoft.Authorization/policyDefinitions","name":"3470477a-b35a-49db-aca5-1073d04524fe"},{"properties":{"displayName":"Audit
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid232","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid232"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","type":"Microsoft.Authorization/policyDefinitions","name":"3470477a-b35a-49db-aca5-1073d04524fe"},{"properties":{"displayName":"Microsoft
+ Managed Control 1151 - System Interconnections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1151"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/347e3b69-7fb7-47df-a8ef-71a1a7b44bca","type":"Microsoft.Authorization/policyDefinitions","name":"347e3b69-7fb7-47df-a8ef-71a1a7b44bca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1412 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1412"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3492d949-0dbb-4589-88b3-7b59601cc764","type":"Microsoft.Authorization/policyDefinitions","name":"3492d949-0dbb-4589-88b3-7b59601cc764"},{"properties":{"displayName":"Microsoft
+ Managed Control 1475 - Emergency Lighting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1475"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34a63848-30cf-4081-937e-ce1a1c885501","type":"Microsoft.Authorization/policyDefinitions","name":"34a63848-30cf-4081-937e-ce1a1c885501"},{"properties":{"displayName":"Microsoft
+ Managed Control 1060 - Remote Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1060"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34a987fd-2003-45de-a120-014956581f2b","type":"Microsoft.Authorization/policyDefinitions","name":"34a987fd-2003-45de-a120-014956581f2b"},{"properties":{"displayName":"Audit
unrestricted network access to storage accounts","policyType":"BuiltIn","mode":"Indexed","description":"Audit
unrestricted network access in your storage account firewall settings. Instead,
configure network rules so only applications from allowed networks can access
the storage account. To allow connections from specific internet or on-premise
clients, access can be granted to traffic from specific Azure virtual networks
or to public internet IP address ranges","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.defaultAction","equals":"Allow"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","type":"Microsoft.Authorization/policyDefinitions","name":"34c877ad-507e-4c82-993e-3452a6e0ad3c"},{"properties":{"displayName":"Diagnostic
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.defaultAction","equals":"Allow"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","type":"Microsoft.Authorization/policyDefinitions","name":"34c877ad-507e-4c82-993e-3452a6e0ad3c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1341 - Authenticator Management | Multiple Information System
+ Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1341"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34cb7e92-fe4c-4826-b51e-8cd203fa5d35","type":"Microsoft.Authorization/policyDefinitions","name":"34cb7e92-fe4c-4826-b51e-8cd203fa5d35"},{"properties":{"displayName":"Diagnostic
logs in Logic Apps should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Logic Apps"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","type":"Microsoft.Authorization/policyDefinitions","name":"34f95f76-5386-4de7-b824-0d8478470c9d"},{"properties":{"displayName":"[Preview]:
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","type":"Microsoft.Authorization/policyDefinitions","name":"34f95f76-5386-4de7-b824-0d8478470c9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1210 - Configuration Settings","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1210"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3502c968-c490-4570-8167-1476f955e9b8","type":"Microsoft.Authorization/policyDefinitions","name":"3502c968-c490-4570-8167-1476f955e9b8"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not have a maximum password
age of 70 days","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -1091,31 +1691,51 @@ interactions:
managed identity and deploys the VM extension for Guest Configuration. This
policy should only be used along with its corresponding audit policy in an
initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MaximumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MaximumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","type":"Microsoft.Authorization/policyDefinitions","name":"356a906e-05e5-4625-8729-90771e0ee934"},{"properties":{"displayName":"CORS
should not allow every resource to access your API App","policyType":"BuiltIn","mode":"Indexed","description":"Cross-Origin
Resource Sharing (CORS) should not allow all domains to access your API app.
Allow only required domains to interact with your API app.","metadata":{"category":"App
Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","type":"Microsoft.Authorization/policyDefinitions","name":"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac"},{"properties":{"displayName":"Gateway
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","type":"Microsoft.Authorization/policyDefinitions","name":"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1659 - Architecture And Provisioning For Name / Address Resolution
+ Service","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1659"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/35a4102f-a778-4a2e-98c2-971056288df8","type":"Microsoft.Authorization/policyDefinitions","name":"35a4102f-a778-4a2e-98c2-971056288df8"},{"properties":{"displayName":"Gateway
subnets should not be configured with a network security group","policyType":"BuiltIn","mode":"All","description":"This
policy denies if a gateway subnet is configured with a network security group.
Assigning a network security group to a gateway subnet will cause the gateway
- to stop functioning.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},{"field":"name","equals":"GatewaySubnet"},{"field":"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id","exists":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010","type":"Microsoft.Authorization/policyDefinitions","name":"35f9c03a-cc27-418e-9c0c-539ff999d010"},{"properties":{"displayName":"Deploy
+ to stop functioning.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},{"field":"name","equals":"GatewaySubnet"},{"field":"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id","exists":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010","type":"Microsoft.Authorization/policyDefinitions","name":"35f9c03a-cc27-418e-9c0c-539ff999d010"},{"properties":{"displayName":"Microsoft
+ Managed Control 1043 - Least Privilege | Prohibit Non-Privileged Users From
+ Executing Privileged Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1043"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/361a77f6-0f9c-4748-8eec-bc13aaaa2455","type":"Microsoft.Authorization/policyDefinitions","name":"361a77f6-0f9c-4748-8eec-bc13aaaa2455"},{"properties":{"displayName":"Deploy
Advanced Threat Protection on Storage Accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
policy enables Advanced Threat Protection on Storage Accounts.","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Storage/storageAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"storageAccountName":{"type":"string"}},"resources":[{"apiVersion":"2017-08-01-preview","type":"Microsoft.Storage/storageAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''storageAccountName''),
- ''/Microsoft.Security/current'')]","properties":{"isEnabled":true}}]},"parameters":{"storageAccountName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c","type":"Microsoft.Authorization/policyDefinitions","name":"361c2074-3595-4e5d-8cab-4f21dffc835c"},{"properties":{"displayName":"Automation
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Storage/storageAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"storageAccountName":{"type":"string"}},"resources":[{"apiVersion":"2019-01-01","type":"Microsoft.Storage/storageAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''storageAccountName''),
+ ''/Microsoft.Security/current'')]","properties":{"isEnabled":true}}]},"parameters":{"storageAccountName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c","type":"Microsoft.Authorization/policyDefinitions","name":"361c2074-3595-4e5d-8cab-4f21dffc835c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1313 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1313"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36220f5b-79a1-4cdb-8c74-2d2449f9a510","type":"Microsoft.Authorization/policyDefinitions","name":"36220f5b-79a1-4cdb-8c74-2d2449f9a510"},{"properties":{"displayName":"Microsoft
+ Managed Control 1630 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1630"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3643717a-3897-4bfd-8530-c7c96b26b2a0","type":"Microsoft.Authorization/policyDefinitions","name":"3643717a-3897-4bfd-8530-c7c96b26b2a0"},{"properties":{"displayName":"Automation
account variables should be encrypted","policyType":"BuiltIn","mode":"All","description":"It
is important to enable encryption of Automation account variable assets when
storing sensitive data","metadata":{"category":"Automation"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Automation/automationAccounts/variables"},{"field":"Microsoft.Automation/automationAccounts/variables/isEncrypted","notEquals":"true"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","type":"Microsoft.Authorization/policyDefinitions","name":"3657f5a0-770e-44a3-b44e-9431ba1e9735"},{"properties":{"displayName":"Deploy
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Automation/automationAccounts/variables"},{"field":"Microsoft.Automation/automationAccounts/variables/isEncrypted","notEquals":"true"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","type":"Microsoft.Authorization/policyDefinitions","name":"3657f5a0-770e-44a3-b44e-9431ba1e9735"},{"properties":{"displayName":"Microsoft
+ Managed Control 1339 - Authenticator Management | Protection Of Authenticators","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1339"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/367ae386-db7f-4167-b672-984ff86277c0","type":"Microsoft.Authorization/policyDefinitions","name":"367ae386-db7f-4167-b672-984ff86277c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1685 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1685"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36b0ef30-366f-4b1b-8652-a3511df11f53","type":"Microsoft.Authorization/policyDefinitions","name":"36b0ef30-366f-4b1b-8652-a3511df11f53"},{"properties":{"displayName":"Deploy
Threat Detection on SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy ensures that Threat Detection is enabled on SQL Servers.","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/securityAlertPolicies.state","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"serverName":{"type":"string"}},"variables":{},"resources":[{"name":"[concat(parameters(''serverName''),
''/Default'')]","type":"Microsoft.Sql/servers/securityAlertPolicies","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","emailAccountAdmins":true}}]},"parameters":{"serverName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5","type":"Microsoft.Authorization/policyDefinitions","name":"36d49e87-48c4-4f2e-beed-ba4ed02b71f5"},{"properties":{"displayName":"[Preview]:
@@ -1164,7 +1784,10 @@ interactions:
clients;ExpectedValue","value":"[parameters(''NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients'')]"},{"name":"Network
security: Minimum session security for NTLM SSP based (including secure RPC)
servers;ExpectedValue","value":"[parameters(''NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36e17963-7202-494a-80c3-f508211c826b","type":"Microsoft.Authorization/policyDefinitions","name":"36e17963-7202-494a-80c3-f508211c826b"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36e17963-7202-494a-80c3-f508211c826b","type":"Microsoft.Authorization/policyDefinitions","name":"36e17963-7202-494a-80c3-f508211c826b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1557 - Vulnerability Scanning | Review Historic Audit Logs","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1557"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36fbe499-f2f2-41b6-880e-52d7ea1d94a5","type":"Microsoft.Authorization/policyDefinitions","name":"36fbe499-f2f2-41b6-880e-52d7ea1d94a5"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Interactive Logon''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -1175,33 +1798,86 @@ interactions:
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsInteractiveLogon","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsInteractiveLogon"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3750712b-43d0-478e-9966-d2c26f6141b9","type":"Microsoft.Authorization/policyDefinitions","name":"3750712b-43d0-478e-9966-d2c26f6141b9"},{"properties":{"displayName":"Storage
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3750712b-43d0-478e-9966-d2c26f6141b9","type":"Microsoft.Authorization/policyDefinitions","name":"3750712b-43d0-478e-9966-d2c26f6141b9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1624 - Boundary Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1624"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37d079e3-d6aa-4263-a069-dd7ac6dd9684","type":"Microsoft.Authorization/policyDefinitions","name":"37d079e3-d6aa-4263-a069-dd7ac6dd9684"},{"properties":{"displayName":"Storage
accounts should be migrated to new Azure Resource Manager resources","policyType":"BuiltIn","mode":"All","description":"Use
new Azure Resource Manager for your storage accounts to provide security enhancements
such as: stronger access control (RBAC), better auditing, Azure Resource Manager
based deployment and governance, access to managed identities, access to key
vault for secrets, Azure AD-based authentication and support for tags and
resource groups for easier security management","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.ClassicStorage/storageAccounts","Microsoft.Storage/StorageAccounts"]},{"value":"[field(''type'')]","equals":"Microsoft.ClassicStorage/storageAccounts"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","type":"Microsoft.Authorization/policyDefinitions","name":"37e0d2fe-28a5-43d6-a273-67d37d1f5606"},{"properties":{"displayName":"Diagnostic
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.ClassicStorage/storageAccounts","Microsoft.Storage/StorageAccounts"]},{"value":"[field(''type'')]","equals":"Microsoft.ClassicStorage/storageAccounts"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","type":"Microsoft.Authorization/policyDefinitions","name":"37e0d2fe-28a5-43d6-a273-67d37d1f5606"},{"properties":{"displayName":"Microsoft
+ Managed Control 1335 - Authenticator Management | Pki-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1335"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/382016f3-d4ba-4e15-9716-55077ec4dc2a","type":"Microsoft.Authorization/policyDefinitions","name":"382016f3-d4ba-4e15-9716-55077ec4dc2a"},{"properties":{"displayName":"Diagnostic
logs in IoT Hub should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Internet of Things"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Devices/IotHubs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","type":"Microsoft.Authorization/policyDefinitions","name":"383856f8-de7f-44a2-81fc-e5135b5c2aa4"},{"properties":{"displayName":"Advanced
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Devices/IotHubs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","type":"Microsoft.Authorization/policyDefinitions","name":"383856f8-de7f-44a2-81fc-e5135b5c2aa4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1081 - Information Sharing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1081"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3867f2a9-23bb-4729-851f-c3ad98580caf","type":"Microsoft.Authorization/policyDefinitions","name":"3867f2a9-23bb-4729-851f-c3ad98580caf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1522 - Personnel Transfer","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1522"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/38b470cc-f939-4a15-80e0-9f0c74f2e2c9","type":"Microsoft.Authorization/policyDefinitions","name":"38b470cc-f939-4a15-80e0-9f0c74f2e2c9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1416 - Nonlocal Maintenance | Document Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1416"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/38dfd8a3-5290-4099-88b7-4081f4c4d8ae","type":"Microsoft.Authorization/policyDefinitions","name":"38dfd8a3-5290-4099-88b7-4081f4c4d8ae"},{"properties":{"displayName":"Microsoft
+ Managed Control 1397 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1397"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/391af4ab-1117-46b9-b2c7-78bbd5cd995b","type":"Microsoft.Authorization/policyDefinitions","name":"391af4ab-1117-46b9-b2c7-78bbd5cd995b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1556 - Vulnerability Scanning | Automated Trend Analyses","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1556"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/391ff8b3-afed-405e-9f7d-ef2f8168d5da","type":"Microsoft.Authorization/policyDefinitions","name":"391ff8b3-afed-405e-9f7d-ef2f8168d5da"},{"properties":{"displayName":"Advanced
data security settings for SQL managed instance should contain an email address
to receive security alerts","policyType":"BuiltIn","mode":"Indexed","description":"Ensure
that an email address is provided for the ''Send alerts to'' field in the
Advanced Data Security server settings. This email address receives alert
notifications when anomalous activities are detected on SQL managed instances.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","notEquals":""},{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","type":"Microsoft.Authorization/policyDefinitions","name":"3965c43d-b5f4-482e-b74a-d89ee0e0b3a8"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","notEquals":""},{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","type":"Microsoft.Authorization/policyDefinitions","name":"3965c43d-b5f4-482e-b74a-d89ee0e0b3a8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1232 - Configuration Management Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1232"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/396ba986-eac1-4d6d-85c4-d3fda6b78272","type":"Microsoft.Authorization/policyDefinitions","name":"396ba986-eac1-4d6d-85c4-d3fda6b78272"},{"properties":{"displayName":"Microsoft
+ Managed Control 1246 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1246"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/398eb61e-8111-40d5-a0c9-003df28f1753","type":"Microsoft.Authorization/policyDefinitions","name":"398eb61e-8111-40d5-a0c9-003df28f1753"},{"properties":{"displayName":"FTPS
+ only should be required in your Function App","policyType":"BuiltIn","mode":"Indexed","description":"Enable
+ FTPS enforcement for enhanced security","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/ftpsState","equals":"FtpsOnly"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15","type":"Microsoft.Authorization/policyDefinitions","name":"399b2637-a50f-4f95-96f8-3a145476eb15"},{"properties":{"displayName":"Microsoft
+ Managed Control 1680 - Malicious Code Protection | Central Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1680"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/399cd6ee-0e18-41db-9dea-cde3bd712f38","type":"Microsoft.Authorization/policyDefinitions","name":"399cd6ee-0e18-41db-9dea-cde3bd712f38"},{"properties":{"displayName":"Microsoft
+ Managed Control 1228 - Information System Component Inventory | Accountability
+ Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1228"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/39c54140-5902-4079-8bb5-ad31936fe764","type":"Microsoft.Authorization/policyDefinitions","name":"39c54140-5902-4079-8bb5-ad31936fe764"},{"properties":{"displayName":"Microsoft
+ Managed Control 1039 - Least Privilege | Review Of User Privileges","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1039"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3a7b9de4-a8a2-4672-914d-c5f6752aa7f9","type":"Microsoft.Authorization/policyDefinitions","name":"3a7b9de4-a8a2-4672-914d-c5f6752aa7f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1648 - Collaborative Computing Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1648"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3a9eb14b-495a-4ebb-933c-ce4ef5264e32","type":"Microsoft.Authorization/policyDefinitions","name":"3a9eb14b-495a-4ebb-933c-ce4ef5264e32"},{"properties":{"displayName":"Microsoft
+ Managed Control 1315 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1315"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3aa87116-f1a1-4edb-bfbf-14e036f8d454","type":"Microsoft.Authorization/policyDefinitions","name":"3aa87116-f1a1-4edb-bfbf-14e036f8d454"},{"properties":{"displayName":"[Preview]:
Pod Security Policies should be defined on Kubernetes Services","policyType":"BuiltIn","mode":"All","description":"Define
Pod Security Policies to reduce the attack vector by removing unnecessary
application privileges. It is recommended to configure Pod Security Policies
to only allow pods to access the resources which they have permissions to
access.","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","exists":"false"},{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94","type":"Microsoft.Authorization/policyDefinitions","name":"3abeb944-26af-43ee-b83d-32aaf060fb94"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","exists":"false"},{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94","type":"Microsoft.Authorization/policyDefinitions","name":"3abeb944-26af-43ee-b83d-32aaf060fb94"},{"properties":{"displayName":"Microsoft
+ Managed Control 1548 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1548"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3afe6c78-6124-4d95-b85c-eb8c0c9539cb","type":"Microsoft.Authorization/policyDefinitions","name":"3afe6c78-6124-4d95-b85c-eb8c0c9539cb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1266 - Contingency Plan Testing | Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1266"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3b4a3eb2-c25d-40bf-ad41-5094b6f59cee","type":"Microsoft.Authorization/policyDefinitions","name":"3b4a3eb2-c25d-40bf-ad41-5094b6f59cee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1003 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1003"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3b68b179-3704-4ff7-b51d-7d65374d165d","type":"Microsoft.Authorization/policyDefinitions","name":"3b68b179-3704-4ff7-b51d-7d65374d165d"},{"properties":{"displayName":"[Preview]:
Deploy Dependency Agent for Windows VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the
list defined and the agent is not installed. The list of OS images will be
@@ -1231,7 +1907,32 @@ interactions:
in security configuration on your virtual machine scale sets should be remediated","policyType":"BuiltIn","mode":"Indexed","description":"Audit
the OS vulnerabilities on your virtual machine scale sets to protect them
from attacks.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OsVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","type":"Microsoft.Authorization/policyDefinitions","name":"3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OsVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","type":"Microsoft.Authorization/policyDefinitions","name":"3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1621 - Resource Availability","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1621"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3cb9f731-744a-4691-a481-ca77b0411538","type":"Microsoft.Authorization/policyDefinitions","name":"3cb9f731-744a-4691-a481-ca77b0411538"},{"properties":{"displayName":"Microsoft
+ Managed Control 1521 - Personnel Termination | Automated Notification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1521"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3cbddf9c-a3aa-4330-a0f5-4c0c1f1862e5","type":"Microsoft.Authorization/policyDefinitions","name":"3cbddf9c-a3aa-4330-a0f5-4c0c1f1862e5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1127 - Time Stamps","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1127"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3ce328db-aef3-48ed-9f81-2ab7cf839c66","type":"Microsoft.Authorization/policyDefinitions","name":"3ce328db-aef3-48ed-9f81-2ab7cf839c66"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Search Services to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Search Services to stream to a regional Event
+ Hub when any Search Services which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Search/searchServices/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d5da587-71bd-41f5-ac95-dd3330c2d58d","type":"Microsoft.Authorization/policyDefinitions","name":"3d5da587-71bd-41f5-ac95-dd3330c2d58d"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Devices''","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
@@ -1248,22 +1949,43 @@ interactions:
policy assignment''s principal ID.","strongType":"omsWorkspace"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS","16.04-LTS","16.04.0-LTS","14.04.2-LTS","12.04.5-LTS"]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"OmsAgentForLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"resources":[{"name":"[concat(parameters(''vmName''),''/omsPolicy'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2017-12-01","properties":{"publisher":"Microsoft.EnterpriseCloud.Monitoring","type":"OmsAgentForLinux","typeHandlerVersion":"1.4","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
''2015-03-20'').customerId]"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- monitoring for Linux VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38","type":"Microsoft.Authorization/policyDefinitions","name":"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38"},{"properties":{"displayName":"Azure
+ monitoring for Linux VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38","type":"Microsoft.Authorization/policyDefinitions","name":"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38"},{"properties":{"displayName":"Microsoft
+ Managed Control 1385 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1385"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3e495e65-8663-49ca-9b38-9f45e800bc58","type":"Microsoft.Authorization/policyDefinitions","name":"3e495e65-8663-49ca-9b38-9f45e800bc58"},{"properties":{"displayName":"Azure
Monitor solution ''Security and Audit'' must be deployed","policyType":"BuiltIn","mode":"All","description":"This
policy ensures that Security and Audit is deployed.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.OperationsManagement/solutions","existenceCondition":{"allOf":[{"field":"Microsoft.OperationsManagement/solutions/provisioningState","equals":"Succeeded"},{"field":"name","like":"Security(*)"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3e596b57-105f-48a6-be97-03e9243bad6e","type":"Microsoft.Authorization/policyDefinitions","name":"3e596b57-105f-48a6-be97-03e9243bad6e"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.OperationsManagement/solutions","existenceCondition":{"allOf":[{"field":"Microsoft.OperationsManagement/solutions/provisioningState","equals":"Succeeded"},{"field":"name","like":"Security(*)"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3e596b57-105f-48a6-be97-03e9243bad6e","type":"Microsoft.Authorization/policyDefinitions","name":"3e596b57-105f-48a6-be97-03e9243bad6e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1160 - Security Authorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1160"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3e797ca6-2aa8-4333-b335-7036f1110c05","type":"Microsoft.Authorization/policyDefinitions","name":"3e797ca6-2aa8-4333-b335-7036f1110c05"},{"properties":{"displayName":"Microsoft
+ Managed Control 1545 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1545"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3f4b171a-a56b-4328-8112-32cf7f947ee1","type":"Microsoft.Authorization/policyDefinitions","name":"3f4b171a-a56b-4328-8112-32cf7f947ee1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1179 - Baseline Configuration | Reviews And Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1179"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3f9ce557-c8ab-4e6c-bb2c-9b8ed002c46c","type":"Microsoft.Authorization/policyDefinitions","name":"3f9ce557-c8ab-4e6c-bb2c-9b8ed002c46c"},{"properties":{"displayName":"[Deprecated]:
Audit API Applications that are not using latest supported PHP Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported PHP version for the latest security classes. Using older
classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66","type":"Microsoft.Authorization/policyDefinitions","name":"3fe37002-5d00-4b37-a301-da09e3a0ca66"},{"properties":{"displayName":"Secure
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66","type":"Microsoft.Authorization/policyDefinitions","name":"3fe37002-5d00-4b37-a301-da09e3a0ca66"},{"properties":{"displayName":"Microsoft
+ Managed Control 1561 - Allocation Of Resources","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1561"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40364c3f-c331-4e29-b1e3-2fbe998ba2f5","type":"Microsoft.Authorization/policyDefinitions","name":"40364c3f-c331-4e29-b1e3-2fbe998ba2f5"},{"properties":{"displayName":"Secure
transfer to storage accounts should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
requirment of Secure transfer in your storage account. Secure transfer is
an option that forces your storage account to accept requests only from secure
connections (HTTPS). Use of HTTPS ensures authentication between the server
and the service and protects data in transit from network layer attacks such
as man-in-the-middle, eavesdropping, and session-hijacking","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","type":"Microsoft.Authorization/policyDefinitions","name":"404c3081-a854-4457-ae30-26a93ef643f9"},{"properties":{"displayName":"[Preview]:
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","type":"Microsoft.Authorization/policyDefinitions","name":"404c3081-a854-4457-ae30-26a93ef643f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1100 - Audit And Accountability Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1100"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4057863c-ca7d-47eb-b1e0-503580cba8a4","type":"Microsoft.Authorization/policyDefinitions","name":"4057863c-ca7d-47eb-b1e0-503580cba8a4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1637 - Boundary Protection | Fail Secure","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1637"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4075bedc-c62a-4635-bede-a01be89807f3","type":"Microsoft.Authorization/policyDefinitions","name":"4075bedc-c62a-4635-bede-a01be89807f3"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Administrative
Templates - System''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -1293,11 +2015,41 @@ interactions:
Driver Initialization Policy;ExpectedValue","value":"[parameters(''BootStartDriverInitializationPolicy'')]"},{"name":"Enable
Windows NTP Client;ExpectedValue","value":"[parameters(''EnableWindowsNTPClient'')]"},{"name":"Turn
on convenience PIN sign-in;ExpectedValue","value":"[parameters(''TurnOnConveniencePINSignin'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40917425-69db-4018-8dae-2a0556cef899","type":"Microsoft.Authorization/policyDefinitions","name":"40917425-69db-4018-8dae-2a0556cef899"},{"properties":{"displayName":"Azure
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40917425-69db-4018-8dae-2a0556cef899","type":"Microsoft.Authorization/policyDefinitions","name":"40917425-69db-4018-8dae-2a0556cef899"},{"properties":{"displayName":"Microsoft
+ Managed Control 1202 - Access Restrictions For Change","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1202"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40a2a83b-74f2-4c02-ae65-f460a5d2792a","type":"Microsoft.Authorization/policyDefinitions","name":"40a2a83b-74f2-4c02-ae65-f460a5d2792a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1438 - Media Sanitization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1438"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40fcc635-52a2-4dbc-9523-80a1f4aa1de6","type":"Microsoft.Authorization/policyDefinitions","name":"40fcc635-52a2-4dbc-9523-80a1f4aa1de6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1365 - Incident Handling | Continuity Of Operations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1365"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4116891d-72f7-46ee-911c-8056cc8dcbd5","type":"Microsoft.Authorization/policyDefinitions","name":"4116891d-72f7-46ee-911c-8056cc8dcbd5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1022 - Account Management | Shared / Group Account Credential
+ Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1022"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/411f7e2d-9a0b-4627-a0b9-1700432db47d","type":"Microsoft.Authorization/policyDefinitions","name":"411f7e2d-9a0b-4627-a0b9-1700432db47d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1464 - Monitoring Physical Access | Intrusion Alarms / Surveillance
+ Equipment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1464"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/41256567-1795-4684-b00b-a1308ce43cac","type":"Microsoft.Authorization/policyDefinitions","name":"41256567-1795-4684-b00b-a1308ce43cac"},{"properties":{"displayName":"Azure
Monitor should collect activity logs from all regions","policyType":"BuiltIn","mode":"All","description":"This
policy audits the Azure Monitor log profile which does not export activities
from all Azure supported regions including global.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiasoutheast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"brazilsouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francesouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japaneast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japanwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreasouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricanorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricawest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southeastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaenorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uksouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"ukwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"global"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","type":"Microsoft.Authorization/policyDefinitions","name":"41388f1c-2db0-4c25-95b2-35d7f5ccbfa9"},{"properties":{"displayName":"Diagnostic
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiasoutheast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"brazilsouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francesouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japaneast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japanwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreasouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricanorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricawest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southeastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaenorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uksouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"ukwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"global"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","type":"Microsoft.Authorization/policyDefinitions","name":"41388f1c-2db0-4c25-95b2-35d7f5ccbfa9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1263 - Contingency Plan Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1263"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/41472613-3b05-49f6-8fe8-525af113ce17","type":"Microsoft.Authorization/policyDefinitions","name":"41472613-3b05-49f6-8fe8-525af113ce17"},{"properties":{"displayName":"Microsoft
+ Managed Control 1096 - Role-Based Security Training | Practical Exercises","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1096"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/420c1477-aa43-49d0-bd7e-c4abdd9addff","type":"Microsoft.Authorization/policyDefinitions","name":"420c1477-aa43-49d0-bd7e-c4abdd9addff"},{"properties":{"displayName":"Microsoft
+ Managed Control 1260 - Contingency Training | Simulated Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1260"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/42254fc4-2738-4128-9613-72aaa4f0d9c3","type":"Microsoft.Authorization/policyDefinitions","name":"42254fc4-2738-4128-9613-72aaa4f0d9c3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1694 - Information System Monitoring | Analyze Communications
+ Traffic Anomalies","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1694"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/426c4ac9-ff17-49d0-acd7-a13c157081c0","type":"Microsoft.Authorization/policyDefinitions","name":"426c4ac9-ff17-49d0-acd7-a13c157081c0"},{"properties":{"displayName":"Diagnostic
logs in Batch accounts should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
@@ -1321,7 +2073,20 @@ interactions:
Process Termination;ExpectedValue'', ''='', parameters(''AuditProcessTermination'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesDetailedTracking"},"AuditProcessTermination":{"value":"[parameters(''AuditProcessTermination'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AuditProcessTermination":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit
Process Termination;ExpectedValue","value":"[parameters(''AuditProcessTermination'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/42a07bbf-ffcf-459a-b4b1-30ecd118a505","type":"Microsoft.Authorization/policyDefinitions","name":"42a07bbf-ffcf-459a-b4b1-30ecd118a505"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/42a07bbf-ffcf-459a-b4b1-30ecd118a505","type":"Microsoft.Authorization/policyDefinitions","name":"42a07bbf-ffcf-459a-b4b1-30ecd118a505"},{"properties":{"displayName":"Microsoft
+ Managed Control 1174 - Configuration Management Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1174"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/42a9a714-8fbb-43ac-b115-ea12d2bd652f","type":"Microsoft.Authorization/policyDefinitions","name":"42a9a714-8fbb-43ac-b115-ea12d2bd652f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1137 - Audit Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1137"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4344df62-88ab-4637-b97b-bcaf2ec97e7c","type":"Microsoft.Authorization/policyDefinitions","name":"4344df62-88ab-4637-b97b-bcaf2ec97e7c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1367 - Incident Handling | Insider Threats - Specific Capabilities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1367"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/435b2547-6374-4f87-b42d-6e8dbe6ae62a","type":"Microsoft.Authorization/policyDefinitions","name":"435b2547-6374-4f87-b42d-6e8dbe6ae62a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1552 - Vulnerability Scanning | Update By Frequency / Prior
+ To New Scan / When Identified","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1552"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/43684572-e4f1-4642-af35-6b933bc506da","type":"Microsoft.Authorization/policyDefinitions","name":"43684572-e4f1-4642-af35-6b933bc506da"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- System settings''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -1343,13 +2108,56 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"System
settings: Use Certificate Rules on Windows Executables for Software Restriction
Policies;ExpectedValue","value":"[parameters(''SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/437a1f8f-8552-47a8-8b12-a2fee3269dd5","type":"Microsoft.Authorization/policyDefinitions","name":"437a1f8f-8552-47a8-8b12-a2fee3269dd5"},{"properties":{"displayName":"[Deprecated]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/437a1f8f-8552-47a8-8b12-a2fee3269dd5","type":"Microsoft.Authorization/policyDefinitions","name":"437a1f8f-8552-47a8-8b12-a2fee3269dd5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1544 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1544"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/43ced7c9-cd53-456b-b0da-2522649a4271","type":"Microsoft.Authorization/policyDefinitions","name":"43ced7c9-cd53-456b-b0da-2522649a4271"},{"properties":{"displayName":"Microsoft
+ Managed Control 1398 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1398"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/443e8f3d-b51a-45d8-95a7-18b0e42f4dc4","type":"Microsoft.Authorization/policyDefinitions","name":"443e8f3d-b51a-45d8-95a7-18b0e42f4dc4"},{"properties":{"displayName":"[Deprecated]:
Monitor permissive network access in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Network
Security Groups with too permissive rules will be monitored by Azure Security
Center as recommendations","metadata":{"category":"Security Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"permissiveNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed","type":"Microsoft.Authorization/policyDefinitions","name":"44452482-524f-4bf4-b852-0bff7cc4a3ed"},{"properties":{"displayName":"Require
- SQL Server version 12.0","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy ensures all SQL servers use version 12.0","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers"},{"not":{"field":"Microsoft.Sql/servers/version","equals":"12.0"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf","type":"Microsoft.Authorization/policyDefinitions","name":"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"permissiveNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed","type":"Microsoft.Authorization/policyDefinitions","name":"44452482-524f-4bf4-b852-0bff7cc4a3ed"},{"properties":{"displayName":"Microsoft
+ Managed Control 1066 - Remote Access | Disconnect / Disable Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1066"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4455c2e8-c65d-4acf-895e-304916f90b36","type":"Microsoft.Authorization/policyDefinitions","name":"4455c2e8-c65d-4acf-895e-304916f90b36"},{"properties":{"displayName":"Microsoft
+ Managed Control 1720 - Spam Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1720"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44b9a7cd-f36a-491a-a48b-6d04ae7c4221","type":"Microsoft.Authorization/policyDefinitions","name":"44b9a7cd-f36a-491a-a48b-6d04ae7c4221"},{"properties":{"displayName":"Microsoft
+ Managed Control 1334 - Authenticator Management | Pki-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1334"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44bfdadc-8c2e-4c30-9c99-f005986fabcd","type":"Microsoft.Authorization/policyDefinitions","name":"44bfdadc-8c2e-4c30-9c99-f005986fabcd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1604 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1604"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44dbba23-0b61-478e-89c7-b3084667782f","type":"Microsoft.Authorization/policyDefinitions","name":"44dbba23-0b61-478e-89c7-b3084667782f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1712 - Software, Firmware, And Information Integrity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1712"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44e543aa-41db-42aa-98eb-8a5eb1db53f0","type":"Microsoft.Authorization/policyDefinitions","name":"44e543aa-41db-42aa-98eb-8a5eb1db53f0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1310 - Device Identification And Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1310"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/450d7ede-823d-4931-a99d-57f6a38807dc","type":"Microsoft.Authorization/policyDefinitions","name":"450d7ede-823d-4931-a99d-57f6a38807dc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1559 - System And Services Acquisition Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1559"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/45692294-f074-42bd-ac54-16f1a3c07554","type":"Microsoft.Authorization/policyDefinitions","name":"45692294-f074-42bd-ac54-16f1a3c07554"},{"properties":{"displayName":"Microsoft
+ Managed Control 1578 - Acquisition Process | Functions / Ports / Protocols
+ / Services In Use","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1578"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/45b7b644-5f91-498e-9d89-7402532d3645","type":"Microsoft.Authorization/policyDefinitions","name":"45b7b644-5f91-498e-9d89-7402532d3645"},{"properties":{"displayName":"Microsoft
+ Managed Control 1565 - System Development Life Cycle","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1565"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/45ce2396-5c76-4654-9737-f8792ab3d26b","type":"Microsoft.Authorization/policyDefinitions","name":"45ce2396-5c76-4654-9737-f8792ab3d26b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1337 - Authenticator Management | In-Person Or Trusted Third-Party
+ Registration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1337"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/463e5220-3f79-4e24-a63f-343e4096cd22","type":"Microsoft.Authorization/policyDefinitions","name":"463e5220-3f79-4e24-a63f-343e4096cd22"},{"properties":{"displayName":"[Deprecated]:
+ Require SQL Server version 12.0","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy ensures all SQL servers use version 12.0. This policy is deprecated
+ because it is no longer possible to create an Azure SQL server with any version
+ other than 12.0.","metadata":{"category":"SQL","deprecated":"true"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers"},{"not":{"field":"Microsoft.Sql/servers/version","equals":"12.0"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf","type":"Microsoft.Authorization/policyDefinitions","name":"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1346 - Identification And Authentication (Non-Organizational
+ Users)","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1346"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/464dc8ce-2200-4720-87a5-dc5952924cc6","type":"Microsoft.Authorization/policyDefinitions","name":"464dc8ce-2200-4720-87a5-dc5952924cc6"},{"properties":{"displayName":"[Deprecated]:
Audit Web Applications that are not using latest supported Python Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported Python version for the latest security classes. Using
older classes and types can make your application vulnerable.","metadata":{"category":"Security
@@ -1358,7 +2166,14 @@ interactions:
automatic OS image patching on Virtual Machine Scale Sets","policyType":"BuiltIn","mode":"All","description":"This
policy enforces enabling automatic OS image patching on Virtual Machine Scale
Sets to always keep Virtual Machines secure by safely applying latest security
- patches every month.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgradePolicy.enableAutomaticOSUpgrade","notEquals":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade","notEquals":"True"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"465f0161-0087-490a-9ad9-ad6217f4f43a"},{"properties":{"displayName":"Automatic
+ patches every month.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgradePolicy.enableAutomaticOSUpgrade","notEquals":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade","notEquals":"True"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"465f0161-0087-490a-9ad9-ad6217f4f43a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1368 - Incident Handling | Correlation With External Organizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1368"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/465f32da-0ace-4603-8d1b-7be5a3a702de","type":"Microsoft.Authorization/policyDefinitions","name":"465f32da-0ace-4603-8d1b-7be5a3a702de"},{"properties":{"displayName":"Microsoft
+ Managed Control 1062 - Remote Access | Protection Of Confidentiality / Integrity
+ Using Encryption","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1062"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4708723f-e099-4af1-bbf9-b6df7642e444","type":"Microsoft.Authorization/policyDefinitions","name":"4708723f-e099-4af1-bbf9-b6df7642e444"},{"properties":{"displayName":"Automatic
provisioning of the Log Analytics monitoring agent should be enabled on your
subscription","policyType":"BuiltIn","mode":"All","description":"Enable automatic
provisioning of the Log Analytics monitoring agent in order to collect security
@@ -1367,12 +2182,51 @@ interactions:
Application Controls should be enabled on virtual machines","policyType":"BuiltIn","mode":"All","description":"Possible
Application Whitelist configuration will be monitored by Azure Security Center","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"applicationWhitelisting","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","type":"Microsoft.Authorization/policyDefinitions","name":"47a6b606-51aa-4496-8bb7-64b11cf66adc"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"applicationWhitelisting","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","type":"Microsoft.Authorization/policyDefinitions","name":"47a6b606-51aa-4496-8bb7-64b11cf66adc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1359 - Incident Response Testing | Coordination With Related
+ Plans","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Incident Response control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1359"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/47bc7ea0-7d13-4f7c-a154-b903f7194253","type":"Microsoft.Authorization/policyDefinitions","name":"47bc7ea0-7d13-4f7c-a154-b903f7194253"},{"properties":{"displayName":"Microsoft
+ Managed Control 1165 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1165"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/47e10916-6c9e-446b-b0bd-ff5fd439d79d","type":"Microsoft.Authorization/policyDefinitions","name":"47e10916-6c9e-446b-b0bd-ff5fd439d79d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1048 - System Use Notification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1048"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/483e7ca9-82b3-45a2-be97-b93163a0deb7","type":"Microsoft.Authorization/policyDefinitions","name":"483e7ca9-82b3-45a2-be97-b93163a0deb7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1033 - Separation Of Duties","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1033"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48540f01-fc11-411a-b160-42807c68896e","type":"Microsoft.Authorization/policyDefinitions","name":"48540f01-fc11-411a-b160-42807c68896e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1477 - Fire Protection | Detection Devices / Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1477"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4862a63c-6c74-4a9d-a221-89af3c374503","type":"Microsoft.Authorization/policyDefinitions","name":"4862a63c-6c74-4a9d-a221-89af3c374503"},{"properties":{"displayName":"Microsoft
+ Managed Control 1484 - Water Damage Protection | Automation Support","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1484"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/486b006a-3653-45e8-b41c-a052d3e05456","type":"Microsoft.Authorization/policyDefinitions","name":"486b006a-3653-45e8-b41c-a052d3e05456"},{"properties":{"displayName":"[Deprecated]:
Audit IP restrictions configuration for an API App","policyType":"BuiltIn","mode":"All","description":"IP
Restrictions allow you to define a list of IP addresses that are allowed to
access your app. Use of IP Restrictions protects an API app from common attacks.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53","type":"Microsoft.Authorization/policyDefinitions","name":"48893b84-a2c8-4d9a-badf-835d5d1b7d53"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53","type":"Microsoft.Authorization/policyDefinitions","name":"48893b84-a2c8-4d9a-badf-835d5d1b7d53"},{"properties":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for PostgreSQL","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure Database for PostgreSQL with geo-redundant backup
+ not enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},{"field":"Microsoft.DBforPostgreSQL/servers/storageProfile.geoRedundantBackup","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","type":"Microsoft.Authorization/policyDefinitions","name":"48af4db5-9b8b-401c-8e74-076be876a430"},{"properties":{"displayName":"Microsoft
+ Managed Control 1669 - Flaw Remediation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1669"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48f2f62b-5743-4415-a143-288adc0e078d","type":"Microsoft.Authorization/policyDefinitions","name":"48f2f62b-5743-4415-a143-288adc0e078d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1376 - Incident Response Assistance | Coordination With External
+ Providers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1376"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/493a95f3-f2e3-47d0-af02-65e6d6decc2f","type":"Microsoft.Authorization/policyDefinitions","name":"493a95f3-f2e3-47d0-af02-65e6d6decc2f"},{"properties":{"displayName":"Ensure
+ that ''Java version'' is the latest, if used as a part of the Web app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Java software either due to security flaws
+ or to include additional functionality. Using the latest Java version for
+ web apps is recommended in order to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ Java version","description":"Latest supported Java version for App Services"},"defaultValue":"11"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"JAVA"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","like":"[concat(''*'',
+ parameters(''JavaLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.javaVersion","like":"[concat(parameters(''JavaLatestVersion''),
+ ''*'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","type":"Microsoft.Authorization/policyDefinitions","name":"496223c3-ad65-4ecd-878a-bae78737e9ed"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Audit''","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Windows virtual machines
@@ -1388,7 +2242,13 @@ interactions:
''='', parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsAudit"},"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"value":"[parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit:
Shut down system immediately if unable to log security audits;ExpectedValue","value":"[parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/498b810c-59cd-4222-9338-352ba146ccf3","type":"Microsoft.Authorization/policyDefinitions","name":"498b810c-59cd-4222-9338-352ba146ccf3"},{"properties":{"displayName":"Append
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/498b810c-59cd-4222-9338-352ba146ccf3","type":"Microsoft.Authorization/policyDefinitions","name":"498b810c-59cd-4222-9338-352ba146ccf3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1329 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1329"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/498f6234-3e20-4b6a-a880-cbd646d973bd","type":"Microsoft.Authorization/policyDefinitions","name":"498f6234-3e20-4b6a-a880-cbd646d973bd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1638 - Boundary Protection | Dynamic Isolation / Segregation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1638"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49b99653-32cd-405d-a135-e7d60a9aae1f","type":"Microsoft.Authorization/policyDefinitions","name":"49b99653-32cd-405d-a135-e7d60a9aae1f"},{"properties":{"displayName":"Append
tag and its default value to resource groups","policyType":"BuiltIn","mode":"All","description":"Appends
the specified tag and value when any resource group which is missing this
tag is created or updated. Does not modify the tags of resource groups created
@@ -1398,7 +2258,36 @@ interactions:
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"append","details":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71","type":"Microsoft.Authorization/policyDefinitions","name":"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71"},{"properties":{"displayName":"Deploy
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71","type":"Microsoft.Authorization/policyDefinitions","name":"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71"},{"properties":{"displayName":"Microsoft
+ Managed Control 1294 - Information System Backup | Transfer To Alternate Storage
+ Site","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1294"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49dbe627-2c1e-438c-979e-dd7a39bbf81d","type":"Microsoft.Authorization/policyDefinitions","name":"49dbe627-2c1e-438c-979e-dd7a39bbf81d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1218 - Least Functionality | Prevent Program Execution","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1218"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4a1d0394-b9f5-493e-9e83-563fd0ac4df8","type":"Microsoft.Authorization/policyDefinitions","name":"4a1d0394-b9f5-493e-9e83-563fd0ac4df8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1677 - Malicious Code Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1677"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4a248e1e-040f-43e5-bff2-afc3a57a3923","type":"Microsoft.Authorization/policyDefinitions","name":"4a248e1e-040f-43e5-bff2-afc3a57a3923"},{"properties":{"displayName":"Microsoft
+ Managed Control 1094 - Role-Based Security Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1094"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4b1853e0-8973-446b-b567-09d901d31a09","type":"Microsoft.Authorization/policyDefinitions","name":"4b1853e0-8973-446b-b567-09d901d31a09"},{"properties":{"displayName":"Microsoft
+ Managed Control 1114 - Response To Audit Processing Failures | Real-Time Alerts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1114"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4c090801-59bc-4454-bb33-e0455133486a","type":"Microsoft.Authorization/policyDefinitions","name":"4c090801-59bc-4454-bb33-e0455133486a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1364 - Incident Handling | Dynamic Reconfiguration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1364"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4c615c2a-dc83-4dda-8220-abce7b50c9bc","type":"Microsoft.Authorization/policyDefinitions","name":"4c615c2a-dc83-4dda-8220-abce7b50c9bc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1661 - Session Authenticity | Invalidate Session Identifiers
+ At Logout","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1661"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4c643c9a-1be7-4016-a5e7-e4bada052920","type":"Microsoft.Authorization/policyDefinitions","name":"4c643c9a-1be7-4016-a5e7-e4bada052920"},{"properties":{"displayName":"Microsoft
+ Managed Control 1373 - Incident Reporting | Automated Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1373"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4cca950f-c3b7-492a-8e8f-ea39663c14f9","type":"Microsoft.Authorization/policyDefinitions","name":"4cca950f-c3b7-492a-8e8f-ea39663c14f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1632 - Boundary Protection | Prevent Split Tunneling For Remote
+ Devices","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1632"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4ce9073a-77fa-48f0-96b1-87aa8e6091c2","type":"Microsoft.Authorization/policyDefinitions","name":"4ce9073a-77fa-48f0-96b1-87aa8e6091c2"},{"properties":{"displayName":"Deploy
prerequisites to audit Linux VMs that do not have the specified applications
installed","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Linux virtual machines that
@@ -1419,19 +2308,90 @@ interactions:
['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721","type":"Microsoft.Authorization/policyDefinitions","name":"4d1c04de-2172-403f-901b-90608c35c721"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721","type":"Microsoft.Authorization/policyDefinitions","name":"4d1c04de-2172-403f-901b-90608c35c721"},{"properties":{"displayName":"FTPS
+ should be required in your Web App","policyType":"BuiltIn","mode":"Indexed","description":"Enable
+ FTPS enforcement for enhanced security","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/ftpsState","equals":"FtpsOnly"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","type":"Microsoft.Authorization/policyDefinitions","name":"4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1155 - System Interconnections | Restrictions On External
+ System Connections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1155"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d33f9f1-12d0-46ad-9fbd-8f8046694977","type":"Microsoft.Authorization/policyDefinitions","name":"4d33f9f1-12d0-46ad-9fbd-8f8046694977"},{"properties":{"displayName":"Microsoft
+ Managed Control 1156 - Plan Of Action And Milestones","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1156"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d52e864-9a3b-41ee-8f03-520815fe5378","type":"Microsoft.Authorization/policyDefinitions","name":"4d52e864-9a3b-41ee-8f03-520815fe5378"},{"properties":{"displayName":"Microsoft
+ Managed Control 1312 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1312"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d6a5968-9eef-4c18-8534-376790ab7274","type":"Microsoft.Authorization/policyDefinitions","name":"4d6a5968-9eef-4c18-8534-376790ab7274"},{"properties":{"displayName":"[Preview]:
Deploy Dependency Agent for Linux VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined
and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''),
''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee","type":"Microsoft.Authorization/policyDefinitions","name":"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee"},{"properties":{"displayName":"A
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee","type":"Microsoft.Authorization/policyDefinitions","name":"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Data Lake Analytics to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Analytics to stream to a regional Event
+ Hub when any Data Lake Analytics which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeAnalytics/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeAnalytics/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4daddf25-4823-43d4-88eb-2419eb6dcc08","type":"Microsoft.Authorization/policyDefinitions","name":"4daddf25-4823-43d4-88eb-2419eb6dcc08"},{"properties":{"displayName":"Microsoft
+ Managed Control 1394 - System Maintenance Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1394"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4db56f68-3f50-45ab-88f3-ca46f5379a94","type":"Microsoft.Authorization/policyDefinitions","name":"4db56f68-3f50-45ab-88f3-ca46f5379a94"},{"properties":{"displayName":"Microsoft
+ Managed Control 1702 - Information System Monitoring | Indicators Of Compromise","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1702"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4dfc0855-92c4-4641-b155-a55ddd962362","type":"Microsoft.Authorization/policyDefinitions","name":"4dfc0855-92c4-4641-b155-a55ddd962362"},{"properties":{"displayName":"Microsoft
+ Managed Control 1001 - Access Control Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1001"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e26f8c3-4bf3-4191-b8fc-d888805101b7","type":"Microsoft.Authorization/policyDefinitions","name":"4e26f8c3-4bf3-4191-b8fc-d888805101b7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1083 - Publicly Accessible Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1083"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e319cb6-2ca3-4a58-ad75-e67f484e50ec","type":"Microsoft.Authorization/policyDefinitions","name":"4e319cb6-2ca3-4a58-ad75-e67f484e50ec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1579 - Acquisition Process | Use Of Approved Piv Products","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1579"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e54c7ef-7457-430b-9a3e-ef8881d4a8e0","type":"Microsoft.Authorization/policyDefinitions","name":"4e54c7ef-7457-430b-9a3e-ef8881d4a8e0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1247 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1247"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e666db5-b2ef-4b06-aac6-09bfce49151b","type":"Microsoft.Authorization/policyDefinitions","name":"4e666db5-b2ef-4b06-aac6-09bfce49151b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1196 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1196"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e7f4ea4-dd62-44f6-8886-ac6137cf52b0","type":"Microsoft.Authorization/policyDefinitions","name":"4e7f4ea4-dd62-44f6-8886-ac6137cf52b0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1134 - Protection Of Audit Information | Access By Subset
+ Of Privileged Users","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1134"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e95f70e-181c-4422-9da2-43079710c789","type":"Microsoft.Authorization/policyDefinitions","name":"4e95f70e-181c-4422-9da2-43079710c789"},{"properties":{"displayName":"Microsoft
+ Managed Control 1267 - Alternate Storage Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1267"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e97ba1d-be5d-4953-8da4-0cccf28f4805","type":"Microsoft.Authorization/policyDefinitions","name":"4e97ba1d-be5d-4953-8da4-0cccf28f4805"},{"properties":{"displayName":"Microsoft
+ Managed Control 1192 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1192"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4ebd97f7-b105-4f50-8daf-c51465991240","type":"Microsoft.Authorization/policyDefinitions","name":"4ebd97f7-b105-4f50-8daf-c51465991240"},{"properties":{"displayName":"Microsoft
+ Managed Control 1139 - Audit Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1139"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4ed62522-de00-4dda-9810-5205733d2f34","type":"Microsoft.Authorization/policyDefinitions","name":"4ed62522-de00-4dda-9810-5205733d2f34"},{"properties":{"displayName":"A
maximum of 3 owners should be designated for your subscription","policyType":"BuiltIn","mode":"All","description":"It
is recommended to designate up to 3 subscription owners in order to reduce
the potential for breach by a compromised owner.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateLessThanXOwners","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","type":"Microsoft.Authorization/policyDefinitions","name":"4f11b553-d42e-4e3a-89be-32ca364cad4c"},{"properties":{"displayName":"A
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateLessThanXOwners","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","type":"Microsoft.Authorization/policyDefinitions","name":"4f11b553-d42e-4e3a-89be-32ca364cad4c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1442 - Media Sanitization | Nondestructive Techniques","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1442"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f26049b-2c5a-4841-9ff3-d48a26aae475","type":"Microsoft.Authorization/policyDefinitions","name":"4f26049b-2c5a-4841-9ff3-d48a26aae475"},{"properties":{"displayName":"Microsoft
+ Managed Control 1182 - Baseline Configuration | Configure Systems, Components,
+ Or Devices For High-Risk Areas","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1182"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f34f554-da4b-4786-8d66-7915c90893da","type":"Microsoft.Authorization/policyDefinitions","name":"4f34f554-da4b-4786-8d66-7915c90893da"},{"properties":{"displayName":"A
security contact email address should be provided for your subscription","policyType":"BuiltIn","mode":"All","description":"Enter
an email address to receive notifications when Azure Security Center detects
compromised resources","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -1448,7 +2408,17 @@ interactions:
Vulnerability Assessment should be enabled on Virtual Machines","policyType":"BuiltIn","mode":"All","description":"Monitors
vulnerabilities detected by Azure Security Center Vulnerability Assessment
on Virtual Machines","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"serverVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["NotApplicable","OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","type":"Microsoft.Authorization/policyDefinitions","name":"501541f7-f7e7-4cd6-868c-4190fdad3ac9"},{"properties":{"displayName":"A
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"serverVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["NotApplicable","OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","type":"Microsoft.Authorization/policyDefinitions","name":"501541f7-f7e7-4cd6-868c-4190fdad3ac9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1485 - Delivery And Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1485"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50301354-95d0-4a11-8af5-8039ecf6d38b","type":"Microsoft.Authorization/policyDefinitions","name":"50301354-95d0-4a11-8af5-8039ecf6d38b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1646 - Cryptographic Key Establishment And Management | Asymmetric
+ Keys","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1646"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/506814fa-b930-4b10-894e-a45b98c40e1a","type":"Microsoft.Authorization/policyDefinitions","name":"506814fa-b930-4b10-894e-a45b98c40e1a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1566 - System Development Life Cycle","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1566"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50ad3724-e2ac-4716-afcc-d8eabd97adb9","type":"Microsoft.Authorization/policyDefinitions","name":"50ad3724-e2ac-4716-afcc-d8eabd97adb9"},{"properties":{"displayName":"A
custom IPsec/IKE policy must be applied to all Azure virtual network gateway
connections","policyType":"BuiltIn","mode":"All","description":"This policy
ensures that all Azure virtual network gateway connections use a custom Internet
@@ -1460,37 +2430,146 @@ interactions:
Encryption","description":"IKE Encryption"}},"IKEIntegrity":{"type":"Array","metadata":{"displayName":"IKE
Integrity","description":"IKE Integrity"}},"DHGroup":{"type":"Array","metadata":{"displayName":"DH
Group","description":"DH Group"}},"PFSGroup":{"type":"Array","metadata":{"displayName":"PFS
- Group","description":"PFS Group"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/connections"},{"anyOf":[{"field":"Microsoft.Network/connections/ipsecPolicies[*].ipsecEncryption","notIn":"[parameters(''IPsecEncryption'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ipsecIntegrity","notIn":"[parameters(''IPsecIntegrity'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ikeEncryption","notIn":"[parameters(''IKEEncryption'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ikeIntegrity","notIn":"[parameters(''IKEIntegrity'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].dhGroup","notIn":"[parameters(''DHGroup'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].pfsGroup","notIn":"[parameters(''PFSGroup'')]"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50b83b09-03da-41c1-b656-c293c914862b","type":"Microsoft.Authorization/policyDefinitions","name":"50b83b09-03da-41c1-b656-c293c914862b"},{"properties":{"displayName":"Connection
+ Group","description":"PFS Group"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/connections"},{"anyOf":[{"field":"Microsoft.Network/connections/ipsecPolicies[*].ipsecEncryption","notIn":"[parameters(''IPsecEncryption'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ipsecIntegrity","notIn":"[parameters(''IPsecIntegrity'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ikeEncryption","notIn":"[parameters(''IKEEncryption'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ikeIntegrity","notIn":"[parameters(''IKEIntegrity'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].dhGroup","notIn":"[parameters(''DHGroup'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].pfsGroup","notIn":"[parameters(''PFSGroup'')]"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50b83b09-03da-41c1-b656-c293c914862b","type":"Microsoft.Authorization/policyDefinitions","name":"50b83b09-03da-41c1-b656-c293c914862b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1248 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1248"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50fc602d-d8e0-444b-a039-ad138ee5deb0","type":"Microsoft.Authorization/policyDefinitions","name":"50fc602d-d8e0-444b-a039-ad138ee5deb0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1386 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1386"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5120193e-91fd-4f9d-bc6d-194f94734065","type":"Microsoft.Authorization/policyDefinitions","name":"5120193e-91fd-4f9d-bc6d-194f94734065"},{"properties":{"displayName":"Microsoft
+ Managed Control 1352 - Incident Response Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1352"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/518cb545-bfa8-43f8-a108-3b7d5037469a","type":"Microsoft.Authorization/policyDefinitions","name":"518cb545-bfa8-43f8-a108-3b7d5037469a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1642 - Network Disconnect","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1642"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/53397227-5ee3-4b23-9e5e-c8a767ce6928","type":"Microsoft.Authorization/policyDefinitions","name":"53397227-5ee3-4b23-9e5e-c8a767ce6928"},{"properties":{"displayName":"Connection
throttling should be enabled for PostgreSQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy helps audit any PostgreSQL databases in your environment without Connection
throttling enabled. This setting enables temporary connection throttling per
IP for too many invalid password login failures.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"connection_throttling","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd","type":"Microsoft.Authorization/policyDefinitions","name":"5345bb39-67dc-4960-a1bf-427e16b9a0bd"},{"properties":{"displayName":"CORS
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"connection_throttling","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd","type":"Microsoft.Authorization/policyDefinitions","name":"5345bb39-67dc-4960-a1bf-427e16b9a0bd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1467 - Visitor Access Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1467"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5350cbf9-8bdd-4904-b22a-e88be84ca49d","type":"Microsoft.Authorization/policyDefinitions","name":"5350cbf9-8bdd-4904-b22a-e88be84ca49d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1183 - Baseline Configuration | Configure Systems, Components,
+ Or Devices For High-Risk Areas","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1183"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5352e3e0-e63a-452e-9e5f-9c1d181cff9c","type":"Microsoft.Authorization/policyDefinitions","name":"5352e3e0-e63a-452e-9e5f-9c1d181cff9c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1029 - Information Flow Enforcement | Security Policy Filters","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1029"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69","type":"Microsoft.Authorization/policyDefinitions","name":"53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69"},{"properties":{"displayName":"Microsoft
+ Managed Control 1270 - Alternate Storage Site | Recovery Time / Point Objectives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1270"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/53c76a39-2097-408a-b237-b279f7b4614d","type":"Microsoft.Authorization/policyDefinitions","name":"53c76a39-2097-408a-b237-b279f7b4614d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1040 - Least Privilege | Review Of User Privileges","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1040"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/54205576-cec9-463f-ba44-b4b3f5d0a84c","type":"Microsoft.Authorization/policyDefinitions","name":"54205576-cec9-463f-ba44-b4b3f5d0a84c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1015 - Account Management | Disable Inactive Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1015"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/544a208a-9c3f-40bc-b1d1-d7e144495c14","type":"Microsoft.Authorization/policyDefinitions","name":"544a208a-9c3f-40bc-b1d1-d7e144495c14"},{"properties":{"displayName":"Microsoft
+ Managed Control 1026 - Account Management | Disable Accounts For High-Risk
+ Individuals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1026"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/55419419-c597-4cd4-b51e-009fd2266783","type":"Microsoft.Authorization/policyDefinitions","name":"55419419-c597-4cd4-b51e-009fd2266783"},{"properties":{"displayName":"Microsoft
+ Managed Control 1045 - Unsuccessful Logon Attempts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1045"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/554d2dd6-f3a8-4ad5-b66f-5ce23bd18892","type":"Microsoft.Authorization/policyDefinitions","name":"554d2dd6-f3a8-4ad5-b66f-5ce23bd18892"},{"properties":{"displayName":"Microsoft
+ Managed Control 1523 - Personnel Transfer","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1523"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5577a310-2551-49c8-803b-36e0d5e55601","type":"Microsoft.Authorization/policyDefinitions","name":"5577a310-2551-49c8-803b-36e0d5e55601"},{"properties":{"displayName":"Microsoft
+ Managed Control 1113 - Response To Audit Processing Failures | Audit Storage
+ Capacity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1113"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/562afd61-56be-4313-8fe4-b9564aa4ba7d","type":"Microsoft.Authorization/policyDefinitions","name":"562afd61-56be-4313-8fe4-b9564aa4ba7d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1212 - Configuration Settings | Automated Central Management
+ / Application / Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1212"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/56d970ee-4efc-49c8-8a4e-5916940d784c","type":"Microsoft.Authorization/policyDefinitions","name":"56d970ee-4efc-49c8-8a4e-5916940d784c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1403 - Controlled Maintenance | Automated Maintenance Activities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1403"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/57149289-d52b-4f40-9fe6-5233c1ef80f7","type":"Microsoft.Authorization/policyDefinitions","name":"57149289-d52b-4f40-9fe6-5233c1ef80f7"},{"properties":{"displayName":"CORS
should not allow every resource to access your Web Applications","policyType":"BuiltIn","mode":"Indexed","description":"Cross-Origin
Resource Sharing (CORS) should not allow all domains to access your web application.
Allow only required domains to interact with your web app.","metadata":{"category":"App
Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","type":"Microsoft.Authorization/policyDefinitions","name":"5744710e-cc2f-4ee8-8809-3b11e89f4bc9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","type":"Microsoft.Authorization/policyDefinitions","name":"5744710e-cc2f-4ee8-8809-3b11e89f4bc9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1162 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1162"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592","type":"Microsoft.Authorization/policyDefinitions","name":"5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592"},{"properties":{"displayName":"Microsoft
+ Managed Control 1054 - Session Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1054"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5807e1b4-ba5e-4718-8689-a0ca05a191b2","type":"Microsoft.Authorization/policyDefinitions","name":"5807e1b4-ba5e-4718-8689-a0ca05a191b2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1584 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1584"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5864522b-ff1d-4979-a9f8-58bee1fb174c","type":"Microsoft.Authorization/policyDefinitions","name":"5864522b-ff1d-4979-a9f8-58bee1fb174c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1547 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1547"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52","type":"Microsoft.Authorization/policyDefinitions","name":"58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52"},{"properties":{"displayName":"Microsoft
+ Managed Control 1573 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1573"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/58c93053-7b98-4cf0-b99f-1beb985416c2","type":"Microsoft.Authorization/policyDefinitions","name":"58c93053-7b98-4cf0-b99f-1beb985416c2"},{"properties":{"displayName":"[Deprecated]:
+ Ensure Function app is using the latest version of TLS encryption","policyType":"BuiltIn","mode":"Indexed","description":"Please
+ use /providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193
+ instead. The TLS(Transport Layer Security) protocol secures transmission of
+ data over the internet using standard encryption technology. Encryption should
+ be set with the latest version of TLS. App service allows TLS 1.2 by default,
+ which is the recommended TLS level by industry standards, such as PCI DSS","metadata":{"category":"App
+ Service","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/58d94fc1-a072-47c2-bd37-9cdb38e77453","type":"Microsoft.Authorization/policyDefinitions","name":"58d94fc1-a072-47c2-bd37-9cdb38e77453"},{"properties":{"displayName":"Microsoft
+ Managed Control 1063 - Remote Access | Managed Access Control Points","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1063"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/593ce201-54b2-4dd0-b34f-c308005d7780","type":"Microsoft.Authorization/policyDefinitions","name":"593ce201-54b2-4dd0-b34f-c308005d7780"},{"properties":{"displayName":"Microsoft
+ Managed Control 1463 - Monitoring Physical Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1463"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/59721f87-ae25-4db0-a2a4-77cc5b25d495","type":"Microsoft.Authorization/policyDefinitions","name":"59721f87-ae25-4db0-a2a4-77cc5b25d495"},{"properties":{"displayName":"Microsoft
+ Managed Control 1425 - Timely Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1425"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5983d99c-f39b-4c32-a3dc-170f19f6941b","type":"Microsoft.Authorization/policyDefinitions","name":"5983d99c-f39b-4c32-a3dc-170f19f6941b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1512 - Personnel Screening","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1512"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5a8324ad-f599-429b-aaed-f9c6e8c987a8","type":"Microsoft.Authorization/policyDefinitions","name":"5a8324ad-f599-429b-aaed-f9c6e8c987a8"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that do not have a minimum password age
of 1 day","policyType":"BuiltIn","mode":"All","description":"This policy should
only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that do not have a minimum password age of 1 day. For more
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","type":"Microsoft.Authorization/policyDefinitions","name":"5aa11bbc-5c76-4302-80e5-aba46a4282e7"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","type":"Microsoft.Authorization/policyDefinitions","name":"5aa11bbc-5c76-4302-80e5-aba46a4282e7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1032 - Separation Of Duties","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1032"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aa85661-d618-46b8-a20f-ca40a86f0751","type":"Microsoft.Authorization/policyDefinitions","name":"5aa85661-d618-46b8-a20f-ca40a86f0751"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that do not restrict the minimum password
length to 14 characters","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that do not restrict the minimum password
length to 14 characters. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","type":"Microsoft.Authorization/policyDefinitions","name":"5aebc8d1-020d-4037-89a0-02043a7524ec"},{"properties":{"displayName":"Show
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","type":"Microsoft.Authorization/policyDefinitions","name":"5aebc8d1-020d-4037-89a0-02043a7524ec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1555 - Vulnerability Scanning | Privileged Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1555"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5afa8cab-1ed7-4e40-884c-64e0ac2059cc","type":"Microsoft.Authorization/policyDefinitions","name":"5afa8cab-1ed7-4e40-884c-64e0ac2059cc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1205 - Access Restrictions For Change | Signed Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1205"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b070cab-0fb8-4e48-ad29-fc90b4c2797c","type":"Microsoft.Authorization/policyDefinitions","name":"5b070cab-0fb8-4e48-ad29-fc90b4c2797c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1005 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1005"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b626abc-26d4-4e22-9de8-3831818526b1","type":"Microsoft.Authorization/policyDefinitions","name":"5b626abc-26d4-4e22-9de8-3831818526b1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1105 - Audit Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1105"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b73f57b-587d-4470-a344-0b0ae805f459","type":"Microsoft.Authorization/policyDefinitions","name":"5b73f57b-587d-4470-a344-0b0ae805f459"},{"properties":{"displayName":"Show
audit results from Linux VMs that have the specified applications installed","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Linux virtual machines that have the specified applications installed.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"not_installed_application_linux","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8","type":"Microsoft.Authorization/policyDefinitions","name":"5b842acb-0fe7-41b0-9f40-880ec4ad84d8"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"not_installed_application_linux","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8","type":"Microsoft.Authorization/policyDefinitions","name":"5b842acb-0fe7-41b0-9f40-880ec4ad84d8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1433 - Media Transport","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1433"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b879b41-2728-41c5-ad24-9ee2c37cbe65","type":"Microsoft.Authorization/policyDefinitions","name":"5b879b41-2728-41c5-ad24-9ee2c37cbe65"},{"properties":{"displayName":"Ensure
+ WEB app has ''Client Certificates (Incoming client certificates)'' set to
+ ''On''","policyType":"BuiltIn","mode":"Indexed","description":"Client certificates
+ allow for the app to request a certificate for incoming requests. Only clients
+ that have a valid certificate will be able to reach the app.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"},{"field":"Microsoft.Web/sites/clientCertEnabled","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","type":"Microsoft.Authorization/policyDefinitions","name":"5bb220d9-2698-4ee4-8404-b9c30c9df609"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs on which the remote host connection
status does not match the specified one","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -1518,7 +2597,10 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;host","value":"[parameters(''host'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;port","value":"[parameters(''port'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;shouldConnect","value":"[parameters(''shouldConnect'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5bb36dda-8a78-4df9-affd-4f05a8612a8a","type":"Microsoft.Authorization/policyDefinitions","name":"5bb36dda-8a78-4df9-affd-4f05a8612a8a"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5bb36dda-8a78-4df9-affd-4f05a8612a8a","type":"Microsoft.Authorization/policyDefinitions","name":"5bb36dda-8a78-4df9-affd-4f05a8612a8a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1551 - Vulnerability Scanning | Update Tool Capability","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1551"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5bbda922-0172-4095-89e6-5b4a0bf03af7","type":"Microsoft.Authorization/policyDefinitions","name":"5bbda922-0172-4095-89e6-5b4a0bf03af7"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Network Security''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -1534,16 +2616,38 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","type":"Microsoft.Authorization/policyDefinitions","name":"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138"},{"properties":{"displayName":"External
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","type":"Microsoft.Authorization/policyDefinitions","name":"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138"},{"properties":{"displayName":"Microsoft
+ Managed Control 1671 - Flaw Remediation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1671"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c5bbef7-a316-415b-9b38-29753ce8e698","type":"Microsoft.Authorization/policyDefinitions","name":"5c5bbef7-a316-415b-9b38-29753ce8e698"},{"properties":{"displayName":"Microsoft
+ Managed Control 1067 - Wireless Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1067"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c5e54f6-0127-44d0-8b61-f31dc8dd6190","type":"Microsoft.Authorization/policyDefinitions","name":"5c5e54f6-0127-44d0-8b61-f31dc8dd6190"},{"properties":{"displayName":"External
accounts with write permissions should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"External
accounts with write privileges should be removed from your subscription in
order to prevent unmonitored access.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","type":"Microsoft.Authorization/policyDefinitions","name":"5c607a2e-c700-4744-8254-d77e7c9eb5e4"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","type":"Microsoft.Authorization/policyDefinitions","name":"5c607a2e-c700-4744-8254-d77e7c9eb5e4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1483 - Water Damage Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1483"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5cb81060-3c8a-4968-bcdc-395a1801f6c1","type":"Microsoft.Authorization/policyDefinitions","name":"5cb81060-3c8a-4968-bcdc-395a1801f6c1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1362 - Incident Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1362"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5d169442-d6ef-439b-8dca-46c2c3248214","type":"Microsoft.Authorization/policyDefinitions","name":"5d169442-d6ef-439b-8dca-46c2c3248214"},{"properties":{"displayName":"Microsoft
+ Managed Control 1014 - Account Management | Removal Of Temporary / Emergency
+ Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1014"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5dee936c-8037-4df1-ab35-6635733da48c","type":"Microsoft.Authorization/policyDefinitions","name":"5dee936c-8037-4df1-ab35-6635733da48c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1665 - Process Isolation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1665"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5df3a55c-8456-44d4-941e-175f79332512","type":"Microsoft.Authorization/policyDefinitions","name":"5df3a55c-8456-44d4-941e-175f79332512"},{"properties":{"displayName":"[Deprecated]:
Function App should only be accessible over HTTPS","policyType":"BuiltIn","mode":"All","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"Security
Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForFunctionApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55","type":"Microsoft.Authorization/policyDefinitions","name":"5df82f4f-773a-4a2d-97a2-422a806f1a55"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForFunctionApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55","type":"Microsoft.Authorization/policyDefinitions","name":"5df82f4f-773a-4a2d-97a2-422a806f1a55"},{"properties":{"displayName":"Microsoft
+ Managed Control 1251 - Contingency Plan | Coordinate With Related Plans","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1251"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e2b3730-8c14-4081-8893-19dbb5de7348","type":"Microsoft.Authorization/policyDefinitions","name":"5e2b3730-8c14-4081-8893-19dbb5de7348"},{"properties":{"displayName":"[Deprecated]:
Audit Web Applications that are not using latest supported .NET Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported .NET Framework version for the latest security classes.
Using older classes and types can make your application vulnerable.","metadata":{"category":"Security
@@ -1555,7 +2659,13 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that do not have the specified applications installed. For
more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WhitelistedApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9","type":"Microsoft.Authorization/policyDefinitions","name":"5e393799-e3ca-4e43-a9a5-0ec4648a57d9"},{"properties":{"displayName":"[Deprecated]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WhitelistedApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9","type":"Microsoft.Authorization/policyDefinitions","name":"5e393799-e3ca-4e43-a9a5-0ec4648a57d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1116 - Audit Review, Analysis, And Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1116"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e47bc51-35d1-44b8-92af-e2f2d8b67635","type":"Microsoft.Authorization/policyDefinitions","name":"5e47bc51-35d1-44b8-92af-e2f2d8b67635"},{"properties":{"displayName":"Microsoft
+ Managed Control 1208 - Configuration Settings","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1208"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ea87673-d06b-456f-a324-8abcee5c159f","type":"Microsoft.Authorization/policyDefinitions","name":"5ea87673-d06b-456f-a324-8abcee5c159f"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation only in India data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation in the following locations only: West India, South India,
Central India","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["westindia","southindia","centralindia"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54","type":"Microsoft.Authorization/policyDefinitions","name":"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54"},{"properties":{"displayName":"[Preview]:
@@ -1573,7 +2683,11 @@ interactions:
''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachineScaleSets/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069","type":"Microsoft.Authorization/policyDefinitions","name":"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069"},{"properties":{"displayName":"External
+ extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069","type":"Microsoft.Authorization/policyDefinitions","name":"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069"},{"properties":{"displayName":"Microsoft
+ Managed Control 1576 - Acquisition Process | Design / Implementation Information
+ For Security Controls","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1576"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5f18c885-ade3-48c5-80b1-8f9216019c18","type":"Microsoft.Authorization/policyDefinitions","name":"5f18c885-ade3-48c5-80b1-8f9216019c18"},{"properties":{"displayName":"External
accounts with read permissions should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"External
accounts with read privileges should be removed from your subscription in
order to prevent unmonitored access.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -1585,7 +2699,10 @@ interactions:
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"field":"[concat(''tags['',
parameters(''tagName''), '']'')]","notEquals":"[parameters(''tagValue'')]"},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"addOrReplace","field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ffd78d9-436d-4b41-a421-5baa819e3008","type":"Microsoft.Authorization/policyDefinitions","name":"5ffd78d9-436d-4b41-a421-5baa819e3008"},{"properties":{"displayName":"[Preview]:
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ffd78d9-436d-4b41-a421-5baa819e3008","type":"Microsoft.Authorization/policyDefinitions","name":"5ffd78d9-436d-4b41-a421-5baa819e3008"},{"properties":{"displayName":"Microsoft
+ Managed Control 1663 - Protection Of Information At Rest","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1663"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/60171210-6dde-40af-a144-bf2670518bfa","type":"Microsoft.Authorization/policyDefinitions","name":"60171210-6dde-40af-a144-bf2670518bfa"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Object Access''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -1611,19 +2728,87 @@ interactions:
a storage account in the same region and resource group as the SQL server
to store scan results, with a ''sqlva'' prefix.","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/securityAlertPolicies.state","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3","/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"serverName":{"type":"string"},"location":{"type":"string"}},"variables":{"serverResourceGroupName":"[resourceGroup().name]","subscriptionId":"[subscription().subscriptionId]","uniqueStorage":"[uniqueString(variables(''subscriptionId''),
variables(''serverResourceGroupName''), parameters(''location''))]","storageName":"[tolower(concat(''sqlva'',
- variables(''uniqueStorage'')))]"},"resources":[{"type":"Microsoft.Storage/storageAccounts","name":"[variables(''storageName'')]","apiVersion":"2016-01-01","location":"[parameters(''location'')]","sku":{"name":"Standard_LRS"},"kind":"Storage","properties":{}},{"name":"[concat(parameters(''serverName''),
+ variables(''uniqueStorage'')))]"},"resources":[{"type":"Microsoft.Storage/storageAccounts","name":"[variables(''storageName'')]","apiVersion":"2019-04-01","location":"[parameters(''location'')]","sku":{"name":"Standard_LRS"},"kind":"StorageV2","properties":{}},{"name":"[concat(parameters(''serverName''),
''/Default'')]","type":"Microsoft.Sql/servers/securityAlertPolicies","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","emailAccountAdmins":true}},{"name":"[concat(parameters(''serverName''),
''/Default'')]","type":"Microsoft.Sql/servers/vulnerabilityAssessments","apiVersion":"2018-06-01-preview","properties":{"storageContainerPath":"[concat(reference(resourceId(''Microsoft.Storage/storageAccounts'',
variables(''storageName''))).primaryEndpoints.blob, ''vulnerability-assessment'')]","storageAccountAccessKey":"[listKeys(resourceId(''Microsoft.Storage/storageAccounts'',
variables(''storageName'')), ''2018-02-01'').keys[0].value]","recurringScans":{"isEnabled":true,"emailSubscriptionAdmins":true,"emails":[]}},"dependsOn":["[concat(''Microsoft.Storage/storageAccounts/'',
variables(''storageName''))]","[concat(''Microsoft.Sql/servers/'', parameters(''serverName''),
- ''/securityAlertPolicies/Default'')]"]}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6","type":"Microsoft.Authorization/policyDefinitions","name":"6134c3db-786f-471e-87bc-8f479dc890f6"},{"properties":{"displayName":"Service
+ ''/securityAlertPolicies/Default'')]"]}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6","type":"Microsoft.Authorization/policyDefinitions","name":"6134c3db-786f-471e-87bc-8f479dc890f6"},{"properties":{"displayName":"Configure
+ time zone on Windows machines.","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to set specified time zone
+ on Windows virtual machines.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"TimeZone":{"type":"String","metadata":{"displayName":"Time
+ zone","description":"The expected time zone"},"allowedValues":["(UTC-12:00)
+ International Date Line West","(UTC-11:00) Coordinated Universal Time-11","(UTC-10:00)
+ Aleutian Islands","(UTC-10:00) Hawaii","(UTC-09:30) Marquesas Islands","(UTC-09:00)
+ Alaska","(UTC-09:00) Coordinated Universal Time-09","(UTC-08:00) Baja California","(UTC-08:00)
+ Coordinated Universal Time-08","(UTC-08:00) Pacific Time (US & Canada)","(UTC-07:00)
+ Arizona","(UTC-07:00) Chihuahua, La Paz, Mazatlan","(UTC-07:00) Mountain Time
+ (US & Canada)","(UTC-06:00) Central America","(UTC-06:00) Central Time (US
+ & Canada)","(UTC-06:00) Easter Island","(UTC-06:00) Guadalajara, Mexico City,
+ Monterrey","(UTC-06:00) Saskatchewan","(UTC-05:00) Bogota, Lima, Quito, Rio
+ Branco","(UTC-05:00) Chetumal","(UTC-05:00) Eastern Time (US & Canada)","(UTC-05:00)
+ Haiti","(UTC-05:00) Havana","(UTC-05:00) Indiana (East)","(UTC-05:00) Turks
+ and Caicos","(UTC-04:00) Asuncion","(UTC-04:00) Atlantic Time (Canada)","(UTC-04:00)
+ Caracas","(UTC-04:00) Cuiaba","(UTC-04:00) Georgetown, La Paz, Manaus, San
+ Juan","(UTC-04:00) Santiago","(UTC-03:30) Newfoundland","(UTC-03:00) Araguaina","(UTC-03:00)
+ Brasilia","(UTC-03:00) Cayenne, Fortaleza","(UTC-03:00) City of Buenos Aires","(UTC-03:00)
+ Greenland","(UTC-03:00) Montevideo","(UTC-03:00) Punta Arenas","(UTC-03:00)
+ Saint Pierre and Miquelon","(UTC-03:00) Salvador","(UTC-02:00) Coordinated
+ Universal Time-02","(UTC-02:00) Mid-Atlantic - Old","(UTC-01:00) Azores","(UTC-01:00)
+ Cabo Verde Is.","(UTC) Coordinated Universal Time","(UTC+00:00) Dublin, Edinburgh,
+ Lisbon, London","(UTC+00:00) Monrovia, Reykjavik","(UTC+00:00) Sao Tome","(UTC+01:00)
+ Casablanca","(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna","(UTC+01:00)
+ Belgrade, Bratislava, Budapest, Ljubljana, Prague","(UTC+01:00) Brussels,
+ Copenhagen, Madrid, Paris","(UTC+01:00) Sarajevo, Skopje, Warsaw, Zagreb","(UTC+01:00)
+ West Central Africa","(UTC+02:00) Amman","(UTC+02:00) Athens, Bucharest","(UTC+02:00)
+ Beirut","(UTC+02:00) Cairo","(UTC+02:00) Chisinau","(UTC+02:00) Damascus","(UTC+02:00)
+ Gaza, Hebron","(UTC+02:00) Harare, Pretoria","(UTC+02:00) Helsinki, Kyiv,
+ Riga, Sofia, Tallinn, Vilnius","(UTC+02:00) Jerusalem","(UTC+02:00) Kaliningrad","(UTC+02:00)
+ Khartoum","(UTC+02:00) Tripoli","(UTC+02:00) Windhoek","(UTC+03:00) Baghdad","(UTC+03:00)
+ Istanbul","(UTC+03:00) Kuwait, Riyadh","(UTC+03:00) Minsk","(UTC+03:00) Moscow,
+ St. Petersburg","(UTC+03:00) Nairobi","(UTC+03:30) Tehran","(UTC+04:00) Abu
+ Dhabi, Muscat","(UTC+04:00) Astrakhan, Ulyanovsk","(UTC+04:00) Baku","(UTC+04:00)
+ Izhevsk, Samara","(UTC+04:00) Port Louis","(UTC+04:00) Saratov","(UTC+04:00)
+ Tbilisi","(UTC+04:00) Volgograd","(UTC+04:00) Yerevan","(UTC+04:30) Kabul","(UTC+05:00)
+ Ashgabat, Tashkent","(UTC+05:00) Ekaterinburg","(UTC+05:00) Islamabad, Karachi","(UTC+05:00)
+ Qyzylorda","(UTC+05:30) Chennai, Kolkata, Mumbai, New Delhi","(UTC+05:30)
+ Sri Jayawardenepura","(UTC+05:45) Kathmandu","(UTC+06:00) Astana","(UTC+06:00)
+ Dhaka","(UTC+06:00) Omsk","(UTC+06:30) Yangon (Rangoon)","(UTC+07:00) Bangkok,
+ Hanoi, Jakarta","(UTC+07:00) Barnaul, Gorno-Altaysk","(UTC+07:00) Hovd","(UTC+07:00)
+ Krasnoyarsk","(UTC+07:00) Novosibirsk","(UTC+07:00) Tomsk","(UTC+08:00) Beijing,
+ Chongqing, Hong Kong, Urumqi","(UTC+08:00) Irkutsk","(UTC+08:00) Kuala Lumpur,
+ Singapore","(UTC+08:00) Perth","(UTC+08:00) Taipei","(UTC+08:00) Ulaanbaatar","(UTC+08:45)
+ Eucla","(UTC+09:00) Chita","(UTC+09:00) Osaka, Sapporo, Tokyo","(UTC+09:00)
+ Pyongyang","(UTC+09:00) Seoul","(UTC+09:00) Yakutsk","(UTC+09:30) Adelaide","(UTC+09:30)
+ Darwin","(UTC+10:00) Brisbane","(UTC+10:00) Canberra, Melbourne, Sydney","(UTC+10:00)
+ Guam, Port Moresby","(UTC+10:00) Hobart","(UTC+10:00) Vladivostok","(UTC+10:30)
+ Lord Howe Island","(UTC+11:00) Bougainville Island","(UTC+11:00) Chokurdakh","(UTC+11:00)
+ Magadan","(UTC+11:00) Norfolk Island","(UTC+11:00) Sakhalin","(UTC+11:00)
+ Solomon Is., New Caledonia","(UTC+12:00) Anadyr, Petropavlovsk-Kamchatsky","(UTC+12:00)
+ Auckland, Wellington","(UTC+12:00) Coordinated Universal Time+12","(UTC+12:00)
+ Fiji","(UTC+12:00) Petropavlovsk-Kamchatsky - Old","(UTC+12:45) Chatham Islands","(UTC+13:00)
+ Coordinated Universal Time+13","(UTC+13:00) Nuku''alofa","(UTC+13:00) Samoa","(UTC+14:00)
+ Kiritimati Island"]}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"SetWindowsTimeZone","existenceCondition":{"allOf":[{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[WindowsTimeZone]WindowsTimeZone1;TimeZone'',
+ ''='', parameters(''TimeZone'')))]"},{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"SetWindowsTimeZone"},"TimeZone":{"value":"[parameters(''TimeZone'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"TimeZone":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","assignmentType":"DeployAndAutoCorrect","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","assignmentType":"DeployAndAutoCorrect","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6141c932-9384-44c6-a395-59e4c057d7c9","type":"Microsoft.Authorization/policyDefinitions","name":"6141c932-9384-44c6-a395-59e4c057d7c9"},{"properties":{"displayName":"Service
Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign","policyType":"BuiltIn","mode":"Indexed","description":"Service
Fabric provides three levels of protection (None, Sign and EncryptAndSign)
for node-to-node communication using a primary cluster certificate. Set the
protection level to ensure that all node-to-node messages are encrypted and
digitally signed","metadata":{"category":"Service Fabric"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceFabric/clusters"},{"anyOf":[{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].name","notEquals":"Security"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name","notEquals":"ClusterProtectionLevel"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value","notEquals":"EncryptAndSign"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","type":"Microsoft.Authorization/policyDefinitions","name":"617c02be-7f02-4efd-8836-3180d47b6c68"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceFabric/clusters"},{"anyOf":[{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].name","notEquals":"Security"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name","notEquals":"ClusterProtectionLevel"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value","notEquals":"EncryptAndSign"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","type":"Microsoft.Authorization/policyDefinitions","name":"617c02be-7f02-4efd-8836-3180d47b6c68"},{"properties":{"displayName":"Microsoft
+ Managed Control 1110 - Audit Storage Capacity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1110"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6182bfa7-0f2a-43f5-834a-a2ddf31c13c7","type":"Microsoft.Authorization/policyDefinitions","name":"6182bfa7-0f2a-43f5-834a-a2ddf31c13c7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1415 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1415"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/61a1dd98-b259-4840-abd5-fbba7ee0da83","type":"Microsoft.Authorization/policyDefinitions","name":"61a1dd98-b259-4840-abd5-fbba7ee0da83"},{"properties":{"displayName":"Microsoft
+ Managed Control 1153 - System Interconnections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1153"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/61cf3125-142c-4754-8a16-41ab4d529635","type":"Microsoft.Authorization/policyDefinitions","name":"61cf3125-142c-4754-8a16-41ab4d529635"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
System objects''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -1631,7 +2816,24 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - System objects''. For more information on Guest
Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsSystemobjects","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/620e58b5-ac75-49b4-993f-a9d4f0459636","type":"Microsoft.Authorization/policyDefinitions","name":"620e58b5-ac75-49b4-993f-a9d4f0459636"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsSystemobjects","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/620e58b5-ac75-49b4-993f-a9d4f0459636","type":"Microsoft.Authorization/policyDefinitions","name":"620e58b5-ac75-49b4-993f-a9d4f0459636"},{"properties":{"displayName":"Microsoft
+ Managed Control 1682 - Malicious Code Protection | Nonsignature-Based Detection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1682"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/62b638c5-29d7-404b-8d93-f21e4b1ce198","type":"Microsoft.Authorization/policyDefinitions","name":"62b638c5-29d7-404b-8d93-f21e4b1ce198"},{"properties":{"displayName":"Microsoft
+ Managed Control 1660 - Session Authenticity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1660"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/63096613-ce83-43e5-96f4-e588e8813554","type":"Microsoft.Authorization/policyDefinitions","name":"63096613-ce83-43e5-96f4-e588e8813554"},{"properties":{"displayName":"Microsoft
+ Managed Control 1002 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1002"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/632024c2-8079-439d-a7f6-90af1d78cc65","type":"Microsoft.Authorization/policyDefinitions","name":"632024c2-8079-439d-a7f6-90af1d78cc65"},{"properties":{"displayName":"Microsoft
+ Managed Control 1498 - Rules Of Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1498"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/633988b9-cf2f-4323-8394-f0d2af9cd6e1","type":"Microsoft.Authorization/policyDefinitions","name":"633988b9-cf2f-4323-8394-f0d2af9cd6e1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1177 - Baseline Configuration | Reviews And Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1177"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc","type":"Microsoft.Authorization/policyDefinitions","name":"63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1185 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1185"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6420cd73-b939-43b7-9d99-e8688fea053c","type":"Microsoft.Authorization/policyDefinitions","name":"6420cd73-b939-43b7-9d99-e8688fea053c"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Devices''","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Windows virtual machines
@@ -1648,16 +2850,38 @@ interactions:
Allowed to format and eject removable media;ExpectedValue'', ''='', parameters(''DevicesAllowedToFormatAndEjectRemovableMedia'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsDevices"},"DevicesAllowedToFormatAndEjectRemovableMedia":{"value":"[parameters(''DevicesAllowedToFormatAndEjectRemovableMedia'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"DevicesAllowedToFormatAndEjectRemovableMedia":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Devices:
Allowed to format and eject removable media;ExpectedValue","value":"[parameters(''DevicesAllowedToFormatAndEjectRemovableMedia'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6481cc21-ed6e-4480-99dd-ea7c5222e897","type":"Microsoft.Authorization/policyDefinitions","name":"6481cc21-ed6e-4480-99dd-ea7c5222e897"},{"properties":{"displayName":"[Deprecated]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6481cc21-ed6e-4480-99dd-ea7c5222e897","type":"Microsoft.Authorization/policyDefinitions","name":"6481cc21-ed6e-4480-99dd-ea7c5222e897"},{"properties":{"displayName":"Microsoft
+ Managed Control 1441 - Media Sanitization | Equipment Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1441"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6519d7f3-e8a2-4ff3-a935-9a9497152ad7","type":"Microsoft.Authorization/policyDefinitions","name":"6519d7f3-e8a2-4ff3-a935-9a9497152ad7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1558 - Vulnerability Scanning | Correlate Scanning Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1558"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/65592b16-4367-42c5-a26e-d371be450e17","type":"Microsoft.Authorization/policyDefinitions","name":"65592b16-4367-42c5-a26e-d371be450e17"},{"properties":{"displayName":"[Deprecated]:
Audit missing blob encryption for storage accounts","policyType":"BuiltIn","mode":"All","description":"This
policy is no longer necessary because storage blob encryption is enabled by
default and cannot be turned off.","metadata":{"category":"Security Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759","type":"Microsoft.Authorization/policyDefinitions","name":"655cb504-bcee-4362-bd4c-402e6aa38759"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759","type":"Microsoft.Authorization/policyDefinitions","name":"655cb504-bcee-4362-bd4c-402e6aa38759"},{"properties":{"displayName":"Microsoft
+ Managed Control 1261 - Contingency Plan Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1261"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/65aeceb5-a59c-4cb1-8d82-9c474be5d431","type":"Microsoft.Authorization/policyDefinitions","name":"65aeceb5-a59c-4cb1-8d82-9c474be5d431"},{"properties":{"displayName":"[Deprecated]:
Audit IP restrictions configuration for a Function App","policyType":"BuiltIn","mode":"All","description":"IP
Restrictions allow you to define a list of IP addresses that are allowed to
access your app. Use of IP Restrictions protects a Function app from common
attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90","type":"Microsoft.Authorization/policyDefinitions","name":"664346d9-be92-43fb-a219-d595eeb76a90"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90","type":"Microsoft.Authorization/policyDefinitions","name":"664346d9-be92-43fb-a219-d595eeb76a90"},{"properties":{"displayName":"Microsoft
+ Managed Control 1444 - Media Use | Prohibit Use Without Owner","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1444"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/666143df-f5e0-45bd-b554-135f0f93e44e","type":"Microsoft.Authorization/policyDefinitions","name":"666143df-f5e0-45bd-b554-135f0f93e44e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1319 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1319"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/66f7ae57-5560-4fc5-85c9-659f204e7a42","type":"Microsoft.Authorization/policyDefinitions","name":"66f7ae57-5560-4fc5-85c9-659f204e7a42"},{"properties":{"displayName":"Microsoft
+ Managed Control 1628 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1628"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/67de62b4-a737-4781-8861-3baed3c35069","type":"Microsoft.Authorization/policyDefinitions","name":"67de62b4-a737-4781-8861-3baed3c35069"},{"properties":{"displayName":"Microsoft
+ Managed Control 1377 - Incident Response Assistance | Coordination With External
+ Providers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1377"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68434bd1-e14b-4031-9edb-a4adf5f84a67","type":"Microsoft.Authorization/policyDefinitions","name":"68434bd1-e14b-4031-9edb-a4adf5f84a67"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs on which the Log Analytics agent
is not connected as expected","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -1676,7 +2900,35 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LogAnalyticsAgent]LogAnalyticsAgent1;WorkspaceId","value":"[parameters(''WorkspaceId'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68511db2-bd02-41c4-ae6b-1900a012968a","type":"Microsoft.Authorization/policyDefinitions","name":"68511db2-bd02-41c4-ae6b-1900a012968a"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68511db2-bd02-41c4-ae6b-1900a012968a","type":"Microsoft.Authorization/policyDefinitions","name":"68511db2-bd02-41c4-ae6b-1900a012968a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1597 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1597"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68b250ec-2e4f-4eee-898a-117a9fda7016","type":"Microsoft.Authorization/policyDefinitions","name":"68b250ec-2e4f-4eee-898a-117a9fda7016"},{"properties":{"displayName":"Microsoft
+ Managed Control 1588 - External Information System Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1588"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68ebae26-e0e0-4ecb-8379-aabf633b51e9","type":"Microsoft.Authorization/policyDefinitions","name":"68ebae26-e0e0-4ecb-8379-aabf633b51e9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1070 - Wireless Access | Disable Wireless Networking","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1070"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68f837d0-8942-4b1e-9b31-be78b247bda8","type":"Microsoft.Authorization/policyDefinitions","name":"68f837d0-8942-4b1e-9b31-be78b247bda8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1727 - Memory Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1727"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/697175a7-9715-4e89-b98b-c6f605888fa3","type":"Microsoft.Authorization/policyDefinitions","name":"697175a7-9715-4e89-b98b-c6f605888fa3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1652 - Mobile Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1652"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6998e84a-2d29-4e10-8962-76754d4f772d","type":"Microsoft.Authorization/policyDefinitions","name":"6998e84a-2d29-4e10-8962-76754d4f772d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1699 - Information System Monitoring | Privileged Users","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1699"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/69c7bee8-bc19-4129-a51e-65a7b39d3e7c","type":"Microsoft.Authorization/policyDefinitions","name":"69c7bee8-bc19-4129-a51e-65a7b39d3e7c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1696 - Information System Monitoring | Correlate Monitoring
+ Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1696"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/69d2a238-20ab-4206-a6dc-f302bf88b1b8","type":"Microsoft.Authorization/policyDefinitions","name":"69d2a238-20ab-4206-a6dc-f302bf88b1b8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1244 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1244"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a13a8f8-c163-4b1b-8554-d63569dab937","type":"Microsoft.Authorization/policyDefinitions","name":"6a13a8f8-c163-4b1b-8554-d63569dab937"},{"properties":{"displayName":"Microsoft
+ Managed Control 1019 - Account Management | Role-Based Schemes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1019"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a3ee9b2-3977-459c-b8ce-2db583abd9f7","type":"Microsoft.Authorization/policyDefinitions","name":"6a3ee9b2-3977-459c-b8ce-2db583abd9f7"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs on which Windows Defender Exploit
Guard is not enabled","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -1703,29 +2955,108 @@ interactions:
Restrictions allow you to define a list of IP addresses that are allowed to
access your app. Use of IP Restrictions protects a web application from common
attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe","type":"Microsoft.Authorization/policyDefinitions","name":"6a8450e2-6c61-43b4-be65-62e3a197bffe"},{"properties":{"displayName":"Deprecated
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe","type":"Microsoft.Authorization/policyDefinitions","name":"6a8450e2-6c61-43b4-be65-62e3a197bffe"},{"properties":{"displayName":"Microsoft
+ Managed Control 1211 - Configuration Settings","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1211"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a8b9dc8-6b00-4701-aa96-bba3277ebf50","type":"Microsoft.Authorization/policyDefinitions","name":"6a8b9dc8-6b00-4701-aa96-bba3277ebf50"},{"properties":{"displayName":"[Deprecated]:
+ Ensure WEB app is using the latest version of TLS encryption ","policyType":"BuiltIn","mode":"Indexed","description":"Please
+ use /providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b
+ instead. The TLS(Transport Layer Security) protocol secures transmission of
+ data over the internet using standard encryption technology. Encryption should
+ be set with the latest version of TLS. App service allows TLS 1.2 by default,
+ which is the recommended TLS level by industry standards, such as PCI DSS.","metadata":{"category":"App
+ Service","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6ad61431-88ce-4357-a0e1-6da43f292bd7","type":"Microsoft.Authorization/policyDefinitions","name":"6ad61431-88ce-4357-a0e1-6da43f292bd7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1653 - Mobile Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1653"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b","type":"Microsoft.Authorization/policyDefinitions","name":"6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b"},{"properties":{"displayName":"Deprecated
accounts should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"Deprecated
accounts should be removed from your subscriptions. Deprecated accounts are
accounts that have been blocked from signing in.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveDeprecatedAccounts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","type":"Microsoft.Authorization/policyDefinitions","name":"6b1cbf55-e8b6-442f-ba4c-7246b6381474"},{"properties":{"displayName":"Not
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveDeprecatedAccounts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","type":"Microsoft.Authorization/policyDefinitions","name":"6b1cbf55-e8b6-442f-ba4c-7246b6381474"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Service Bus to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Service Bus to stream to a regional Event Hub
+ when any Service Bus which is missing this diagnostic settings is created
+ or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.ServiceBus/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b51af03-9277-49a9-a3f8-1c69c9ff7403","type":"Microsoft.Authorization/policyDefinitions","name":"6b51af03-9277-49a9-a3f8-1c69c9ff7403"},{"properties":{"displayName":"Microsoft
+ Managed Control 1031 - Separation Of Duties","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1031"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b93a801-fe25-4574-a60d-cb22acffae00","type":"Microsoft.Authorization/policyDefinitions","name":"6b93a801-fe25-4574-a60d-cb22acffae00"},{"properties":{"displayName":"Not
allowed resource types","policyType":"BuiltIn","mode":"All","description":"This
policy enables you to specify the resource types that your organization cannot
deploy.","metadata":{"category":"General"},"parameters":{"listOfResourceTypesNotAllowed":{"type":"Array","metadata":{"description":"The
list of resource types that cannot be deployed.","displayName":"Not allowed
- resource types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypesNotAllowed'')]"},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749","type":"Microsoft.Authorization/policyDefinitions","name":"6c112d4e-5bc7-47ae-a041-ea2d9dccd749"},{"properties":{"displayName":"Function
+ resource types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypesNotAllowed'')]"},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749","type":"Microsoft.Authorization/policyDefinitions","name":"6c112d4e-5bc7-47ae-a041-ea2d9dccd749"},{"properties":{"displayName":"Microsoft
+ Managed Control 1338 - Authenticator Management | Automated Support For Password
+ Strength Determination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1338"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6c59a207-6aed-41dc-83a2-e1ff66e4a4db","type":"Microsoft.Authorization/policyDefinitions","name":"6c59a207-6aed-41dc-83a2-e1ff66e4a4db"},{"properties":{"displayName":"Microsoft
+ Managed Control 1304 - Identification And Authentication (Org. Users) | Local
+ Access To Non-Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1304"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b","type":"Microsoft.Authorization/policyDefinitions","name":"6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1437 - Media Transport | Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1437"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d1eb6ed-bf13-4046-b993-b9e2aef0f76c","type":"Microsoft.Authorization/policyDefinitions","name":"6d1eb6ed-bf13-4046-b993-b9e2aef0f76c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1171 - Penetration Testing | Independent Penetration Agent
+ Or Team","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1171"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d4820bc-8b61-4982-9501-2123cb776c00","type":"Microsoft.Authorization/policyDefinitions","name":"6d4820bc-8b61-4982-9501-2123cb776c00"},{"properties":{"displayName":"Function
App should only be accessible over HTTPS","policyType":"BuiltIn","mode":"Indexed","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","type":"Microsoft.Authorization/policyDefinitions","name":"6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab"},{"properties":{"displayName":"Email
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","type":"Microsoft.Authorization/policyDefinitions","name":"6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab"},{"properties":{"displayName":"Microsoft
+ Managed Control 1643 - Cryptographic Key Establishment And Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1643"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d8d492c-dd7a-46f7-a723-fa66a425b87c","type":"Microsoft.Authorization/policyDefinitions","name":"6d8d492c-dd7a-46f7-a723-fa66a425b87c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1291 - Information System Backup | Testing For Reliability
+ / Integrity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1291"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912","type":"Microsoft.Authorization/policyDefinitions","name":"6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912"},{"properties":{"displayName":"Microsoft
+ Managed Control 1175 - Configuration Management Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1175"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6dab4254-c30d-4bb7-ae99-1d21586c063c","type":"Microsoft.Authorization/policyDefinitions","name":"6dab4254-c30d-4bb7-ae99-1d21586c063c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1651 - Mobile Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1651"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6db63528-c9ba-491c-8a80-83e1e6977a50","type":"Microsoft.Authorization/policyDefinitions","name":"6db63528-c9ba-491c-8a80-83e1e6977a50"},{"properties":{"displayName":"Email
notification for high severity alerts should be enabled","policyType":"BuiltIn","mode":"All","description":"Enable
emailing security alerts to the security contact, in order to have them receive
security alert emails from Microsoft. This ensures that the right people are
aware of any potential security issues and are able to mitigate the risks","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertNotifications","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","type":"Microsoft.Authorization/policyDefinitions","name":"6e2593d9-add6-4083-9c9b-4b7d2188c899"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertNotifications","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","type":"Microsoft.Authorization/policyDefinitions","name":"6e2593d9-add6-4083-9c9b-4b7d2188c899"},{"properties":{"displayName":"Microsoft
+ Managed Control 1586 - External Information System Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1586"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e3b2fbd-8f37-4766-a64d-3f37703dcb51","type":"Microsoft.Authorization/policyDefinitions","name":"6e3b2fbd-8f37-4766-a64d-3f37703dcb51"},{"properties":{"displayName":"Microsoft
+ Managed Control 1536 - Risk Assessment Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1536"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e40d9de-2ad4-4cb5-8945-23143326a502","type":"Microsoft.Authorization/policyDefinitions","name":"6e40d9de-2ad4-4cb5-8945-23143326a502"},{"properties":{"displayName":"Microsoft
+ Managed Control 1530 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1530"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e8f9566-29f1-49cd-b61f-f8628a3cf993","type":"Microsoft.Authorization/policyDefinitions","name":"6e8f9566-29f1-49cd-b61f-f8628a3cf993"},{"properties":{"displayName":"Microsoft
+ Managed Control 1460 - Access Control For Output Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1460"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6f3ce1bb-4f77-4695-8355-70b08d54fdda","type":"Microsoft.Authorization/policyDefinitions","name":"6f3ce1bb-4f77-4695-8355-70b08d54fdda"},{"properties":{"displayName":"Microsoft
+ Managed Control 1320 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1320"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6f54c732-71d4-4f93-a696-4e373eca3a77","type":"Microsoft.Authorization/policyDefinitions","name":"6f54c732-71d4-4f93-a696-4e373eca3a77"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation only in Japan data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
- resource creation in the following locations only: Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4","type":"Microsoft.Authorization/policyDefinitions","name":"6fdb9205-3462-4cfc-87d8-16c7860b53f4"},{"properties":{"displayName":"[Preview]:
+ resource creation in the following locations only: Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4","type":"Microsoft.Authorization/policyDefinitions","name":"6fdb9205-3462-4cfc-87d8-16c7860b53f4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1141 - Audit Generation | Changes By Authorized Individuals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1141"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fdefbf4-93e7-4513-bc95-c1858b7093e0","type":"Microsoft.Authorization/policyDefinitions","name":"6fdefbf4-93e7-4513-bc95-c1858b7093e0"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Microsoft Network Server''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -1733,7 +3064,19 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - Microsoft Network Server''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkServer","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fe4ef56-7576-4dc4-8e9c-26bad4b087ce","type":"Microsoft.Authorization/policyDefinitions","name":"6fe4ef56-7576-4dc4-8e9c-26bad4b087ce"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkServer","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fe4ef56-7576-4dc4-8e9c-26bad4b087ce","type":"Microsoft.Authorization/policyDefinitions","name":"6fe4ef56-7576-4dc4-8e9c-26bad4b087ce"},{"properties":{"displayName":"Ensure
+ that ''Python version'' is the latest, if used as a part of the Web app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Python software either due to security flaws
+ or to include additional functionality. Using the latest Python version for
+ web apps is recommended in order to to take advantage of security fixes, if
+ any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"WindowsPythonLatestVersion":{"type":"String","metadata":{"displayName":"Windows
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.6"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"Linux
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.8"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PYTHON"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PYTHON|'',
+ parameters(''LinuxPythonLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":"[parameters(''WindowsPythonLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","type":"Microsoft.Authorization/policyDefinitions","name":"7008174a-fd10-4ef0-817e-fc820a951d73"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Windows Components''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
with non-compliant settings in Group Policy category: ''Windows Components''.
@@ -1845,14 +3188,36 @@ interactions:
Specify the maximum log file size (KB);ExpectedValue","value":"[parameters(''SystemSpecifyTheMaximumLogFileSizeKB'')]"},{"name":"Turn
off Data Execution Prevention for Explorer;ExpectedValue","value":"[parameters(''TurnOffDataExecutionPreventionForExplorer'')]"},{"name":"Specify
the interval to check for definition updates;ExpectedValue","value":"[parameters(''SpecifyTheIntervalToCheckForDefinitionUpdates'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7040a231-fb65-4412-8c0a-b365f4866c24","type":"Microsoft.Authorization/policyDefinitions","name":"7040a231-fb65-4412-8c0a-b365f4866c24"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7040a231-fb65-4412-8c0a-b365f4866c24","type":"Microsoft.Authorization/policyDefinitions","name":"7040a231-fb65-4412-8c0a-b365f4866c24"},{"properties":{"displayName":"Microsoft
+ Managed Control 1254 - Contingency Plan | Resume All Missions / Business Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1254"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/704e136a-4fe0-427c-b829-cd69957f5d2b","type":"Microsoft.Authorization/policyDefinitions","name":"704e136a-4fe0-427c-b829-cd69957f5d2b"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- System''","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''System
Audit Policies - System''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7066131b-61a6-4917-a7e4-72e8983f0aa6","type":"Microsoft.Authorization/policyDefinitions","name":"7066131b-61a6-4917-a7e4-72e8983f0aa6"},{"properties":{"displayName":"[Preview]:
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7066131b-61a6-4917-a7e4-72e8983f0aa6","type":"Microsoft.Authorization/policyDefinitions","name":"7066131b-61a6-4917-a7e4-72e8983f0aa6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1509 - Position Risk Designation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1509"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/70792197-9bfc-4813-905a-bd33993e327f","type":"Microsoft.Authorization/policyDefinitions","name":"70792197-9bfc-4813-905a-bd33993e327f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1541 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1541"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/70f6af82-7be6-44aa-9b15-8b9231b2e434","type":"Microsoft.Authorization/policyDefinitions","name":"70f6af82-7be6-44aa-9b15-8b9231b2e434"},{"properties":{"displayName":"Microsoft
+ Managed Control 1691 - Information System Monitoring | Automated Tools For
+ Real-Time Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1691"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/71475fb4-49bd-450b-a1a5-f63894c24725","type":"Microsoft.Authorization/policyDefinitions","name":"71475fb4-49bd-450b-a1a5-f63894c24725"},{"properties":{"displayName":"Microsoft
+ Managed Control 1481 - Temperature And Humidity Controls","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1481"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/717a1c78-a267-4f56-ac58-ee6c54dc4339","type":"Microsoft.Authorization/policyDefinitions","name":"717a1c78-a267-4f56-ac58-ee6c54dc4339"},{"properties":{"displayName":"Microsoft
+ Managed Control 1129 - Time Stamps | Synchronization With Authoritative Time
+ Source","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1129"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/71bb965d-4047-4623-afd4-b8189a58df5d","type":"Microsoft.Authorization/policyDefinitions","name":"71bb965d-4047-4623-afd4-b8189a58df5d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1395 - System Maintenance Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1395"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7207a023-a517-41c5-9df2-09d4c6845a05","type":"Microsoft.Authorization/policyDefinitions","name":"7207a023-a517-41c5-9df2-09d4c6845a05"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs on which the DSC configuration is not
compliant","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
@@ -1867,7 +3232,28 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Administrative
Templates - Network''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesNetwork","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7229bd6a-693d-478a-87f0-1dc1af06f3b8","type":"Microsoft.Authorization/policyDefinitions","name":"7229bd6a-693d-478a-87f0-1dc1af06f3b8"},{"properties":{"displayName":"[Preview]:
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesNetwork","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7229bd6a-693d-478a-87f0-1dc1af06f3b8","type":"Microsoft.Authorization/policyDefinitions","name":"7229bd6a-693d-478a-87f0-1dc1af06f3b8"},{"properties":{"displayName":"Ensure
+ that ''Python version'' is the latest, if used as a part of the Function app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Python software either due to security flaws
+ or to include additional functionality. Using the latest Python version for
+ Function apps is recommended in order to to take advantage of security fixes,
+ if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"WindowsPythonLatestVersion":{"type":"String","metadata":{"displayName":"Windows
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.6"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"Linux
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.8"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PYTHON"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PYTHON|'',
+ parameters(''LinuxPythonLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":"[parameters(''WindowsPythonLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","type":"Microsoft.Authorization/policyDefinitions","name":"7238174a-fd10-4ef0-817e-fc820a951d73"},{"properties":{"displayName":"Ensure
+ that ''PHP version'' is the latest, if used as a part of the WEB app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for PHP software either due to security flaws
+ or to include additional functionality. Using the latest PHP version for web
+ apps is recommended in order to to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ PHP version","description":"Latest supported PHP version for App Services"},"defaultValue":"7.3"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PHP"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PHP|'',
+ parameters(''PHPLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":"[parameters(''PHPLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","type":"Microsoft.Authorization/policyDefinitions","name":"7261b898-8a84-4db8-9e04-18527132abb3"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that allow re-use of the previous
24 passwords","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -1875,13 +3261,13 @@ interactions:
managed identity and deploys the VM extension for Guest Configuration. This
policy should only be used along with its corresponding audit policy in an
initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"EnforcePasswordHistory"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"EnforcePasswordHistory"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","type":"Microsoft.Authorization/policyDefinitions","name":"726671ac-c4de-4908-8c7d-6043ae62e3b6"},{"properties":{"displayName":"Add
a tag to resource groups","policyType":"BuiltIn","mode":"All","description":"Adds
the specified tag and value when any resource group missing this tag is created
@@ -1890,17 +3276,60 @@ interactions:
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"add","field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/726aca4c-86e9-4b04-b0c5-073027359532","type":"Microsoft.Authorization/policyDefinitions","name":"726aca4c-86e9-4b04-b0c5-073027359532"},{"properties":{"displayName":"Allowed
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/726aca4c-86e9-4b04-b0c5-073027359532","type":"Microsoft.Authorization/policyDefinitions","name":"726aca4c-86e9-4b04-b0c5-073027359532"},{"properties":{"displayName":"Microsoft
+ Managed Control 1524 - Personnel Transfer","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1524"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/72f1cb4e-2439-4fe8-88ea-b8671ce3c268","type":"Microsoft.Authorization/policyDefinitions","name":"72f1cb4e-2439-4fe8-88ea-b8671ce3c268"},{"properties":{"displayName":"Microsoft
+ Managed Control 1393 - Information Spillage Response | Exposure To Unauthorized
+ Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1393"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/731856d8-1598-4b75-92de-7d46235747c0","type":"Microsoft.Authorization/policyDefinitions","name":"731856d8-1598-4b75-92de-7d46235747c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1101 - Audit And Accountability Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1101"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7327b708-f0e0-457d-9d2a-527fcc9c9a65","type":"Microsoft.Authorization/policyDefinitions","name":"7327b708-f0e0-457d-9d2a-527fcc9c9a65"},{"properties":{"displayName":"Microsoft
+ Managed Control 1456 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1456"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/733ba9e3-9e7c-440a-a7aa-6196a90a2870","type":"Microsoft.Authorization/policyDefinitions","name":"733ba9e3-9e7c-440a-a7aa-6196a90a2870"},{"properties":{"displayName":"Microsoft
+ Managed Control 1581 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1581"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/742b549b-7a25-465f-b83c-ea1ffb4f4e0e","type":"Microsoft.Authorization/policyDefinitions","name":"742b549b-7a25-465f-b83c-ea1ffb4f4e0e"},{"properties":{"displayName":"Allowed
storage account SKUs","policyType":"BuiltIn","mode":"Indexed","description":"This
policy enables you to specify a set of storage account SKUs that your organization
can deploy.","metadata":{"category":"Storage"},"parameters":{"listOfAllowedSKUs":{"type":"Array","metadata":{"description":"The
list of SKUs that can be specified for storage accounts.","displayName":"Allowed
- SKUs","strongType":"StorageSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1","type":"Microsoft.Authorization/policyDefinitions","name":"7433c107-6db4-4ad1-b57a-a76dce0154a1"},{"properties":{"displayName":"[Deprecated]:
+ SKUs","strongType":"StorageSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1","type":"Microsoft.Authorization/policyDefinitions","name":"7433c107-6db4-4ad1-b57a-a76dce0154a1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1631 - Boundary Protection | Deny By Default / Allow By Exception","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1631"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/74ae9b8e-e7bb-4c9c-992f-c535282f7a2c","type":"Microsoft.Authorization/policyDefinitions","name":"74ae9b8e-e7bb-4c9c-992f-c535282f7a2c"},{"properties":{"displayName":"Ensure
+ that ''Python version'' is the latest, if used as a part of the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Python software either due to security flaws
+ or to include additional functionality. Using the latest Python version for
+ Api apps is recommended in order to to take advantage of security fixes, if
+ any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"WindowsPythonLatestVersion":{"type":"String","metadata":{"displayName":"Windows
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.6"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"Linux
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.8"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PYTHON"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PYTHON|'',
+ parameters(''LinuxPythonLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":"[parameters(''WindowsPythonLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","type":"Microsoft.Authorization/policyDefinitions","name":"74c3584d-afae-46f7-a20a-6f8adba71a16"},{"properties":{"displayName":"Microsoft
+ Managed Control 1417 - Nonlocal Maintenance | Comparable Security / Sanitization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1417"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7522ed84-70d5-4181-afc0-21e50b1b6d0e","type":"Microsoft.Authorization/policyDefinitions","name":"7522ed84-70d5-4181-afc0-21e50b1b6d0e"},{"properties":{"displayName":"[Deprecated]:
Audit enabling of diagnostic logs in App Services","policyType":"BuiltIn","mode":"All","description":"Audit
enabling of diagnostic logs on the app. This enables you to recreate activity
trails for investigation purposes if a security incident occurs or your network
is compromised","metadata":{"category":"App Service","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites/config"},{"field":"name","equals":"web"},{"anyOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","notEquals":"true"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac","type":"Microsoft.Authorization/policyDefinitions","name":"752c6934-9bcc-4749-b004-655e676ae2ac"},{"properties":{"displayName":"Vulnerabilities
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites/config"},{"field":"name","equals":"web"},{"anyOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","notEquals":"true"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac","type":"Microsoft.Authorization/policyDefinitions","name":"752c6934-9bcc-4749-b004-655e676ae2ac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1468 - Visitor Access Records | Automated Records Maintenance
+ / Review","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1468"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/75603f96-80a1-4757-991d-5a1221765ddd","type":"Microsoft.Authorization/policyDefinitions","name":"75603f96-80a1-4757-991d-5a1221765ddd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1053 - Session Lock | Pattern-Hiding Displays","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1053"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7582b19c-9dba-438e-aed8-ede59ac35ba3","type":"Microsoft.Authorization/policyDefinitions","name":"7582b19c-9dba-438e-aed8-ede59ac35ba3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1459 - Access Control For Transmission Medium","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1459"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0","type":"Microsoft.Authorization/policyDefinitions","name":"75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0"},{"properties":{"displayName":"Vulnerabilities
should be remediated by a Vulnerability Assessment solution","policyType":"BuiltIn","mode":"All","description":"Monitors
vulnerabilities detected by Vulnerability Assessment solution and VMs without
a Vulnerability Assessment solution in Azure Security Center as recommendations.","metadata":{"category":"Security
@@ -1914,12 +3343,63 @@ interactions:
List of VM images that have supported Linux OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.7"},"resources":[{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","name":"[concat(parameters(''vmName''),
''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0","type":"Microsoft.Authorization/policyDefinitions","name":"765266ab-e40e-4c61-bcb2-5a5275d0b7c0"},{"properties":{"displayName":"Azure
+ extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0","type":"Microsoft.Authorization/policyDefinitions","name":"765266ab-e40e-4c61-bcb2-5a5275d0b7c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1055 - Session Termination| User-Initiated Logouts / Message
+ Displays","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1055"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/769efd9b-3587-4e22-90ce-65ddcd5bd969","type":"Microsoft.Authorization/policyDefinitions","name":"769efd9b-3587-4e22-90ce-65ddcd5bd969"},{"properties":{"displayName":"Audit
+ delegation of scopes to a managing tenant","policyType":"BuiltIn","mode":"All","description":"Audit
+ delegation of scopes to a managing tenant via Azure Lighthouse.","metadata":{"category":"Lighthouse"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ManagedServices/registrationAssignments"},{"value":"true","equals":"true"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/76bed37b-484f-430f-a009-fd7592dff818","type":"Microsoft.Authorization/policyDefinitions","name":"76bed37b-484f-430f-a009-fd7592dff818"},{"properties":{"displayName":"Microsoft
+ Managed Control 1058 - Permitted Actions Without Identification Or Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1058"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/76e85d08-8fbb-4112-a1c1-93521e6a9254","type":"Microsoft.Authorization/policyDefinitions","name":"76e85d08-8fbb-4112-a1c1-93521e6a9254"},{"properties":{"displayName":"Microsoft
+ Managed Control 1508 - Position Risk Designation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1508"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/76f500cc-4bca-4583-bda1-6d084dc21086","type":"Microsoft.Authorization/policyDefinitions","name":"76f500cc-4bca-4583-bda1-6d084dc21086"},{"properties":{"displayName":"Microsoft
+ Managed Control 1423 - Maintenance Personnel | Individuals Without Appropriate
+ Access","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1423"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7741669e-d4f6-485a-83cb-e70ce7cbbc20","type":"Microsoft.Authorization/policyDefinitions","name":"7741669e-d4f6-485a-83cb-e70ce7cbbc20"},{"properties":{"displayName":"Azure
subscriptions should have a log profile for Activity Log","policyType":"BuiltIn","mode":"All","description":"This
policy ensures if a log profile is enabled for exporting activity logs. It
audits if there is no log profile created to export the logs either to a storage
account or to an event hub.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"field":"Microsoft.Insights/logProfiles/categories","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","type":"Microsoft.Authorization/policyDefinitions","name":"7796937f-307b-4598-941c-67d3a05ebfe7"},{"properties":{"displayName":"Deploy
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"field":"Microsoft.Insights/logProfiles/categories","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","type":"Microsoft.Authorization/policyDefinitions","name":"7796937f-307b-4598-941c-67d3a05ebfe7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1336 - Authenticator Management | Pki-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1336"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/77f56280-e367-432a-a3b9-8ca2aa636a26","type":"Microsoft.Authorization/policyDefinitions","name":"77f56280-e367-432a-a3b9-8ca2aa636a26"},{"properties":{"displayName":"Microsoft
+ Managed Control 1258 - Contingency Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1258"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7814506c-382c-4d33-a142-249dd4a0dbff","type":"Microsoft.Authorization/policyDefinitions","name":"7814506c-382c-4d33-a142-249dd4a0dbff"},{"properties":{"displayName":"Microsoft
+ Managed Control 1178 - Baseline Configuration | Reviews And Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1178"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7818b8f4-47c6-441a-90ae-12ce04e99893","type":"Microsoft.Authorization/policyDefinitions","name":"7818b8f4-47c6-441a-90ae-12ce04e99893"},{"properties":{"displayName":"Microsoft
+ Managed Control 1057 - Permitted Actions Without Identification Or Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1057"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/78255758-6d45-4bf0-a005-7016bc03b13c","type":"Microsoft.Authorization/policyDefinitions","name":"78255758-6d45-4bf0-a005-7016bc03b13c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1700 - Information System Monitoring | Unauthorized Network
+ Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1700"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5","type":"Microsoft.Authorization/policyDefinitions","name":"7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1010 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1010"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/784663a8-1eb0-418a-a98c-24d19bc1bb62","type":"Microsoft.Authorization/policyDefinitions","name":"784663a8-1eb0-418a-a98c-24d19bc1bb62"},{"properties":{"displayName":"Microsoft
+ Managed Control 1216 - Least Functionality | Periodic Review","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1216"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7894fe6a-f5cb-44c8-ba90-c3f254ff9484","type":"Microsoft.Authorization/policyDefinitions","name":"7894fe6a-f5cb-44c8-ba90-c3f254ff9484"},{"properties":{"displayName":"Microsoft
+ Managed Control 1639 - Boundary Protection | Isolation Of Information System
+ Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1639"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/78e8e649-50f6-4fe3-99ac-fedc2e63b03f","type":"Microsoft.Authorization/policyDefinitions","name":"78e8e649-50f6-4fe3-99ac-fedc2e63b03f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1647 - Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1647"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/791cfc15-6974-42a0-9f4c-2d4b82f4a78c","type":"Microsoft.Authorization/policyDefinitions","name":"791cfc15-6974-42a0-9f4c-2d4b82f4a78c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1510 - Position Risk Designation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1510"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/79da5b09-0e7e-499e-adda-141b069c7998","type":"Microsoft.Authorization/policyDefinitions","name":"79da5b09-0e7e-499e-adda-141b069c7998"},{"properties":{"displayName":"Microsoft
+ Managed Control 1384 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1384"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/79fbc228-461c-4a45-9004-a865ca0728a7","type":"Microsoft.Authorization/policyDefinitions","name":"79fbc228-461c-4a45-9004-a865ca0728a7"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows Server VMs on which Windows Serial Console
is not enabled","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows Server virtual
@@ -1942,7 +3422,28 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSPortNumber","value":"[parameters(''EMSPortNumber'')]"},{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSBaudRate","value":"[parameters(''EMSBaudRate'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a031c68-d6ab-406e-a506-697a19c634b0","type":"Microsoft.Authorization/policyDefinitions","name":"7a031c68-d6ab-406e-a506-697a19c634b0"},{"properties":{"displayName":"Diagnostic
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a031c68-d6ab-406e-a506-697a19c634b0","type":"Microsoft.Authorization/policyDefinitions","name":"7a031c68-d6ab-406e-a506-697a19c634b0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1093 - Role-Based Security Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1093"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a0bdeeb-15f4-47e8-a1da-9f769f845fdf","type":"Microsoft.Authorization/policyDefinitions","name":"7a0bdeeb-15f4-47e8-a1da-9f769f845fdf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1708 - Security Function Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1708"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a1e2c88-13de-4959-8ee7-47e3d74f1f48","type":"Microsoft.Authorization/policyDefinitions","name":"7a1e2c88-13de-4959-8ee7-47e3d74f1f48"},{"properties":{"displayName":"Microsoft
+ Managed Control 1289 - Information System Backup","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1289"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a724864-956a-496c-b778-637cb1d762cf","type":"Microsoft.Authorization/policyDefinitions","name":"7a724864-956a-496c-b778-637cb1d762cf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1687 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1687"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a87fc7f-301e-49f3-ba2a-4d74f424fa97","type":"Microsoft.Authorization/policyDefinitions","name":"7a87fc7f-301e-49f3-ba2a-4d74f424fa97"},{"properties":{"displayName":"Microsoft
+ Managed Control 1061 - Remote Access | Automated Monitoring / Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1061"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ac22808-a2e8-41c4-9d46-429b50738914","type":"Microsoft.Authorization/policyDefinitions","name":"7ac22808-a2e8-41c4-9d46-429b50738914"},{"properties":{"displayName":"Microsoft
+ Managed Control 1492 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1492"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ad5f307-e045-46f7-8214-5bdb7e973737","type":"Microsoft.Authorization/policyDefinitions","name":"7ad5f307-e045-46f7-8214-5bdb7e973737"},{"properties":{"displayName":"Microsoft
+ Managed Control 1636 - Boundary Protection | Isolation Of Security Tools /
+ Mechanisms / Support Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1636"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7b694eed-7081-43c6-867c-41c76c961043","type":"Microsoft.Authorization/policyDefinitions","name":"7b694eed-7081-43c6-867c-41c76c961043"},{"properties":{"displayName":"Diagnostic
logs in Virtual Machine Scale Sets should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"It
is recommended to enable Logs so that activity trail can be recreated when
investigations are required in the event of an incident or a compromise.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -1951,20 +3452,46 @@ interactions:
policy ensures blob encryption for storage accounts is turned on. It only
applies to Microsoft.Storage resource types, not other storage providers.
This policy is deprecated because storage blob encryption is now enabled by
- default, and can no longer be disabled.","metadata":{"category":"Storage","deprecated":true},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f","type":"Microsoft.Authorization/policyDefinitions","name":"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f"},{"properties":{"displayName":"Show
+ default, and can no longer be disabled.","metadata":{"category":"Storage","deprecated":true},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f","type":"Microsoft.Authorization/policyDefinitions","name":"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1143 - Security Assessment And Authorization Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1143"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7c6de11b-5f51-4f7c-8d83-d2467c8a816e","type":"Microsoft.Authorization/policyDefinitions","name":"7c6de11b-5f51-4f7c-8d83-d2467c8a816e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1051 - Session Lock","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1051"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7cac6ee9-b58b-40c8-a5ce-f0efc3d9b339","type":"Microsoft.Authorization/policyDefinitions","name":"7cac6ee9-b58b-40c8-a5ce-f0efc3d9b339"},{"properties":{"displayName":"Microsoft
+ Managed Control 1279 - Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1279"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0","type":"Microsoft.Authorization/policyDefinitions","name":"7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1109 - Content Of Audit Records | Centralized Management Of
+ Planned Audit Record Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1109"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7d9ffa23-ad92-4d0d-b1f4-7db274cc2aec","type":"Microsoft.Authorization/policyDefinitions","name":"7d9ffa23-ad92-4d0d-b1f4-7db274cc2aec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1201 - Security Impact Analysis | Separate Test Environments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1201"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7daef997-fdd3-461b-8807-a608a6dd70f1","type":"Microsoft.Authorization/policyDefinitions","name":"7daef997-fdd3-461b-8807-a608a6dd70f1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1471 - Emergency Shutoff","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1471"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7dd0e9ce-1772-41fb-a50a-99977071f916","type":"Microsoft.Authorization/policyDefinitions","name":"7dd0e9ce-1772-41fb-a50a-99977071f916"},{"properties":{"displayName":"Show
audit results from Windows VMs that have the specified applications installed","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that have the specified applications installed.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"NotInstalledApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c","type":"Microsoft.Authorization/policyDefinitions","name":"7e56b49b-5990-4159-a734-511ea19b731c"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"NotInstalledApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c","type":"Microsoft.Authorization/policyDefinitions","name":"7e56b49b-5990-4159-a734-511ea19b731c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1011 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1011"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e6a54f3-883f-43d5-87c4-172dfd64a1f5","type":"Microsoft.Authorization/policyDefinitions","name":"7e6a54f3-883f-43d5-87c4-172dfd64a1f5"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that have not restarted within the specified
number of days","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that have not restarted within the specified number of days.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MachineLastBootUpTime","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e84ba44-6d03-46fd-950e-5efa5a1112fa","type":"Microsoft.Authorization/policyDefinitions","name":"7e84ba44-6d03-46fd-950e-5efa5a1112fa"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MachineLastBootUpTime","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e84ba44-6d03-46fd-950e-5efa5a1112fa","type":"Microsoft.Authorization/policyDefinitions","name":"7e84ba44-6d03-46fd-950e-5efa5a1112fa"},{"properties":{"displayName":"Microsoft
+ Managed Control 1692 - Information System Monitoring | Inbound And Outbound
+ Communications Traffic","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1692"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ecda928-9df4-4dd7-8f44-641a91e470e8","type":"Microsoft.Authorization/policyDefinitions","name":"7ecda928-9df4-4dd7-8f44-641a91e470e8"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not have the password complexity
setting enabled","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -1973,14 +3500,24 @@ interactions:
Configuration. This policy should only be used along with its corresponding
audit policy in an initiative. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordMustMeetComplexityRequirements"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","type":"Microsoft.Authorization/policyDefinitions","name":"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8"},{"properties":{"displayName":"[Preview]:
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordMustMeetComplexityRequirements"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","type":"Microsoft.Authorization/policyDefinitions","name":"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1191 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1191"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f26a61b-a74d-467c-99cf-63644db144f7","type":"Microsoft.Authorization/policyDefinitions","name":"7f26a61b-a74d-467c-99cf-63644db144f7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1520 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1520"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f2c513b-eb16-463b-b469-c10e5fa94f0a","type":"Microsoft.Authorization/policyDefinitions","name":"7f2c513b-eb16-463b-b469-c10e5fa94f0a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1126 - Audit Reduction And Report Generation | Automatic Processing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1126"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f37f71b-420f-49bf-9477-9c0196974ecf","type":"Microsoft.Authorization/policyDefinitions","name":"7f37f71b-420f-49bf-9477-9c0196974ecf"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Privilege Use''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -1991,13 +3528,28 @@ interactions:
Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPrivilegeUse","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f4e96d1-e4f3-4dbb-b767-33ca4df8df7c","type":"Microsoft.Authorization/policyDefinitions","name":"7f4e96d1-e4f3-4dbb-b767-33ca4df8df7c"},{"properties":{"displayName":"Audit
diagnostic setting","policyType":"BuiltIn","mode":"All","description":"Audit
diagnostic setting for selected resource types","metadata":{"category":"Monitoring"},"parameters":{"listOfResourceTypes":{"type":"Array","metadata":{"displayName":"Resource
- Types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypes'')]"},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","type":"Microsoft.Authorization/policyDefinitions","name":"7f89b1eb-583c-429a-8828-af049802c1d9"},{"properties":{"displayName":"SQL
+ Types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypes'')]"},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","type":"Microsoft.Authorization/policyDefinitions","name":"7f89b1eb-583c-429a-8828-af049802c1d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1117 - Audit Review, Analysis, And Reporting | Process Integration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1117"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7fbfe680-6dbb-4037-963c-a621c5635902","type":"Microsoft.Authorization/policyDefinitions","name":"7fbfe680-6dbb-4037-963c-a621c5635902"},{"properties":{"displayName":"SQL
Auditing settings should have Action-Groups configured to capture critical
activities","policyType":"BuiltIn","mode":"Indexed","description":"The AuditActionsAndGroups
property should contain at least SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,
FAILED_DATABASE_AUTHENTICATION_GROUP, BATCH_COMPLETED_GROUP to ensure a thorough
audit logging","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"FAILED_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"BATCH_COMPLETED_GROUP"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","type":"Microsoft.Authorization/policyDefinitions","name":"7ff426e2-515f-405a-91c8-4f2333442eb5"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"FAILED_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"BATCH_COMPLETED_GROUP"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","type":"Microsoft.Authorization/policyDefinitions","name":"7ff426e2-515f-405a-91c8-4f2333442eb5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1703 - Security Alerts, Advisories, And Directives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1703"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/804faf7d-b687-40f7-9f74-79e28adf4205","type":"Microsoft.Authorization/policyDefinitions","name":"804faf7d-b687-40f7-9f74-79e28adf4205"},{"properties":{"displayName":"Microsoft
+ Managed Control 1303 - Identification And Authentication (Org. Users) | Local
+ Access To Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1303"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/80ca0a27-918a-4604-af9e-723a27ee51e8","type":"Microsoft.Authorization/policyDefinitions","name":"80ca0a27-918a-4604-af9e-723a27ee51e8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1505 - Information Security Architecture","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1505"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/813a10a7-3943-4fe3-8678-00dc52db5490","type":"Microsoft.Authorization/policyDefinitions","name":"813a10a7-3943-4fe3-8678-00dc52db5490"},{"properties":{"displayName":"Microsoft
+ Managed Control 1614 - Developer Security Architecture And Design","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1614"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8154e3b3-cc52-40be-9407-7756581d71f6","type":"Microsoft.Authorization/policyDefinitions","name":"8154e3b3-cc52-40be-9407-7756581d71f6"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''User Rights Assignment''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
with non-compliant settings in Group Policy category: ''User Rights Assignment''.
@@ -2098,7 +3650,35 @@ interactions:
files and directories;ExpectedValue","value":"[parameters(''UsersAndGroupsThatMayRestoreFilesAndDirectories'')]"},{"name":"Shut
down the system;ExpectedValue","value":"[parameters(''UsersAndGroupsThatMayShutDownTheSystem'')]"},{"name":"Take
ownership of files or other objects;ExpectedValue","value":"[parameters(''UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/815dcc9f-6662-43f2-9a03-1b83e9876f24","type":"Microsoft.Authorization/policyDefinitions","name":"815dcc9f-6662-43f2-9a03-1b83e9876f24"},{"properties":{"displayName":"Diagnostic
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/815dcc9f-6662-43f2-9a03-1b83e9876f24","type":"Microsoft.Authorization/policyDefinitions","name":"815dcc9f-6662-43f2-9a03-1b83e9876f24"},{"properties":{"displayName":"Microsoft
+ Managed Control 1308 - Identification And Authentication (Org. Users) | Remote
+ Access - Separate Device","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1308"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/81817e1c-5347-48dd-965a-40159d008229","type":"Microsoft.Authorization/policyDefinitions","name":"81817e1c-5347-48dd-965a-40159d008229"},{"properties":{"displayName":"Microsoft
+ Managed Control 1287 - Information System Backup","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1287"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/819dc6da-289d-476e-8500-7e341ef8677d","type":"Microsoft.Authorization/policyDefinitions","name":"819dc6da-289d-476e-8500-7e341ef8677d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1213 - Configuration Settings | Respond To Unauthorized Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1213"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/81f11e32-a293-4a58-82cd-134af52e2318","type":"Microsoft.Authorization/policyDefinitions","name":"81f11e32-a293-4a58-82cd-134af52e2318"},{"properties":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for MySQL","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure Database for MySQL with geo-redundant backup not enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMySQL/servers"},{"field":"Microsoft.DBforMySQL/servers/storageProfile.geoRedundantBackup","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","type":"Microsoft.Authorization/policyDefinitions","name":"82339799-d096-41ae-8538-b108becf0970"},{"properties":{"displayName":"Microsoft
+ Managed Control 1168 - Continuous Monitoring | Independent Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1168"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/82409f9e-1f32-4775-bf07-b99d53a91b06","type":"Microsoft.Authorization/policyDefinitions","name":"82409f9e-1f32-4775-bf07-b99d53a91b06"},{"properties":{"displayName":"Microsoft
+ Managed Control 1448 - Physical Access Authorizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1448"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/825d6494-e583-42f2-a3f2-6458e6f0004f","type":"Microsoft.Authorization/policyDefinitions","name":"825d6494-e583-42f2-a3f2-6458e6f0004f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1452 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1452"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/82c76455-4d3f-4e09-a654-22e592107e74","type":"Microsoft.Authorization/policyDefinitions","name":"82c76455-4d3f-4e09-a654-22e592107e74"},{"properties":{"displayName":"Microsoft
+ Managed Control 1262 - Contingency Plan Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1262"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/831e510e-db41-4c72-888e-a0621ab62265","type":"Microsoft.Authorization/policyDefinitions","name":"831e510e-db41-4c72-888e-a0621ab62265"},{"properties":{"displayName":"Microsoft
+ Managed Control 1008 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1008"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8356cfc6-507a-4d20-b818-08038011cd07","type":"Microsoft.Authorization/policyDefinitions","name":"8356cfc6-507a-4d20-b818-08038011cd07"},{"properties":{"displayName":"Diagnostic
logs in Event Hub should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
@@ -2110,7 +3690,48 @@ interactions:
policy denies the network interfaces which are configured with any public
IP. Public IP addresses allow internet resources to communicate inbound to
Azure resources, and Azure resources to communicate outbound to the internet.
- This should be reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"not":{"field":"Microsoft.Network/networkInterfaces/ipconfigurations[*].publicIpAddress.id","notLike":"*"}}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114","type":"Microsoft.Authorization/policyDefinitions","name":"83a86a26-fd1f-447c-b59d-e51f44264114"},{"properties":{"displayName":"[Preview]:
+ This should be reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"not":{"field":"Microsoft.Network/networkInterfaces/ipconfigurations[*].publicIpAddress.id","notLike":"*"}}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114","type":"Microsoft.Authorization/policyDefinitions","name":"83a86a26-fd1f-447c-b59d-e51f44264114"},{"properties":{"displayName":"Microsoft
+ Managed Control 1382 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1382"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/841392b3-40da-4473-b328-4cde49db67b3","type":"Microsoft.Authorization/policyDefinitions","name":"841392b3-40da-4473-b328-4cde49db67b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1098 - Security Training Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1098"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/84363adb-dde3-411a-9fc1-36b56737f822","type":"Microsoft.Authorization/policyDefinitions","name":"84363adb-dde3-411a-9fc1-36b56737f822"},{"properties":{"displayName":"Ensure
+ that ''.Net Framework'' version is the latest, if used as a part of the Web
+ app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for .Net Framework software either due to security
+ flaws or to include additional functionality. Using the latest .Net framework
+ version for web apps is recommended in order to to take advantage of security
+ fixes, if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.netFrameworkVersion","in":["v3.0","v4.0"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/843664e0-7563-41ee-a9cb-7522c382d2c4","type":"Microsoft.Authorization/policyDefinitions","name":"843664e0-7563-41ee-a9cb-7522c382d2c4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1119 - Audit Review, Analysis, And Reporting | Central Review
+ And Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1119"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/845f6359-b764-4b40-b579-657aefe23c44","type":"Microsoft.Authorization/policyDefinitions","name":"845f6359-b764-4b40-b579-657aefe23c44"},{"properties":{"displayName":"Microsoft
+ Managed Control 1024 - Account Management | Account Monitoring / Atypical
+ Usage","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1024"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/84914fb4-12da-4c53-a341-a9fd463bed10","type":"Microsoft.Authorization/policyDefinitions","name":"84914fb4-12da-4c53-a341-a9fd463bed10"},{"properties":{"displayName":"Microsoft
+ Managed Control 1307 - Identification And Authentication (Org. Users) | Net.
+ Access To Non-Priv. Accts. - Replay","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1307"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/84e622c8-4bed-417c-84c6-b2fb0dd73682","type":"Microsoft.Authorization/policyDefinitions","name":"84e622c8-4bed-417c-84c6-b2fb0dd73682"},{"properties":{"displayName":"Microsoft
+ Managed Control 1080 - Use Of External Information Systems | Portable Storage
+ Devices","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1080"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/852981b4-a380-4704-aa1e-2e52d63445e5","type":"Microsoft.Authorization/policyDefinitions","name":"852981b4-a380-4704-aa1e-2e52d63445e5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1580 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1580"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/854db8ac-6adf-42a0-bef3-b73f764f40b9","type":"Microsoft.Authorization/policyDefinitions","name":"854db8ac-6adf-42a0-bef3-b73f764f40b9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1348 - Identification And Authentication (Non-Org. Users)
+ | Acceptance Of Third-Party Credentials","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1348"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/855ced56-417b-4d74-9d5f-dd1bc81e22d6","type":"Microsoft.Authorization/policyDefinitions","name":"855ced56-417b-4d74-9d5f-dd1bc81e22d6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1079 - Use Of External Information Systems | Limits On Authorized
+ Use","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1079"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/85c32733-7d23-4948-88da-058e2c56b60f","type":"Microsoft.Authorization/policyDefinitions","name":"85c32733-7d23-4948-88da-058e2c56b60f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1326 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1326"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8605fc00-1bf5-4fb3-984e-c95cec4f231d","type":"Microsoft.Authorization/policyDefinitions","name":"8605fc00-1bf5-4fb3-984e-c95cec4f231d"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Microsoft Network Server''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -2128,11 +3749,39 @@ interactions:
updates should be installed on your machines","policyType":"BuiltIn","mode":"All","description":"Missing
security system updates on your servers will be monitored by Azure Security
Center as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"systemUpdates","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","type":"Microsoft.Authorization/policyDefinitions","name":"86b3d65f-7626-441e-b690-81a8b71cff60"},{"properties":{"displayName":"Require
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"systemUpdates","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","type":"Microsoft.Authorization/policyDefinitions","name":"86b3d65f-7626-441e-b690-81a8b71cff60"},{"properties":{"displayName":"Microsoft
+ Managed Control 1507 - Personnel Security Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1507"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86ccd1bf-e7ad-4851-93ce-6ec817469c1e","type":"Microsoft.Authorization/policyDefinitions","name":"86ccd1bf-e7ad-4851-93ce-6ec817469c1e"},{"properties":{"displayName":"Ensure
+ that Register with Azure Active Directory is enabled on API app","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86d97760-d216-4d81-a3ad-163087b2b6c3","type":"Microsoft.Authorization/policyDefinitions","name":"86d97760-d216-4d81-a3ad-163087b2b6c3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1392 - Information Spillage Response | Post-Spill Operations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1392"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86dc819f-15e1-43f9-a271-41ae58d4cecc","type":"Microsoft.Authorization/policyDefinitions","name":"86dc819f-15e1-43f9-a271-41ae58d4cecc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1589 - External Information System Services | Risk Assessments
+ / Organizational Approvals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1589"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86ec7f9b-9478-40ff-8cfd-6a0d510081a8","type":"Microsoft.Authorization/policyDefinitions","name":"86ec7f9b-9478-40ff-8cfd-6a0d510081a8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1207 - Access Restrictions For Change | Limit Production /
+ Operational Privileges","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1207"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8713a0ed-0d1e-4d10-be82-83dffb39830e","type":"Microsoft.Authorization/policyDefinitions","name":"8713a0ed-0d1e-4d10-be82-83dffb39830e"},{"properties":{"displayName":"Require
specified tag","policyType":"BuiltIn","mode":"Indexed","description":"Enforces
existence of a tag. Does not apply to resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","exists":"false"},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/871b6d14-10aa-478d-b590-94f262ecfa99","type":"Microsoft.Authorization/policyDefinitions","name":"871b6d14-10aa-478d-b590-94f262ecfa99"},{"properties":{"displayName":"[Preview]:
+ parameters(''tagName''), '']'')]","exists":"false"},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/871b6d14-10aa-478d-b590-94f262ecfa99","type":"Microsoft.Authorization/policyDefinitions","name":"871b6d14-10aa-478d-b590-94f262ecfa99"},{"properties":{"displayName":"Microsoft
+ Managed Control 1180 - Baseline Configuration | Automation Support For Accuracy
+ / Currency","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1180"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/874e7880-a067-42a7-bcbe-1a340f54c8cc","type":"Microsoft.Authorization/policyDefinitions","name":"874e7880-a067-42a7-bcbe-1a340f54c8cc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1635 - Boundary Protection | Host-Based Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1635"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e","type":"Microsoft.Authorization/policyDefinitions","name":"87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Administrative Templates
- Control Panel''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -2140,7 +3789,18 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Administrative Templates - Control Panel''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesControlPanel","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/87b590fe-4a1d-4697-ae74-d4fe72ab786c","type":"Microsoft.Authorization/policyDefinitions","name":"87b590fe-4a1d-4697-ae74-d4fe72ab786c"},{"properties":{"displayName":"Deploy
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesControlPanel","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/87b590fe-4a1d-4697-ae74-d4fe72ab786c","type":"Microsoft.Authorization/policyDefinitions","name":"87b590fe-4a1d-4697-ae74-d4fe72ab786c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1293 - Information System Backup | Separate Storage For Critical
+ Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1293"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/87f7cd82-2e45-4d0f-9e2f-586b0962d142","type":"Microsoft.Authorization/policyDefinitions","name":"87f7cd82-2e45-4d0f-9e2f-586b0962d142"},{"properties":{"displayName":"Microsoft
+ Managed Control 1440 - Media Sanitization | Review / Approve / Track / Document
+ / Verify","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1440"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/881299bf-2a5b-4686-a1b2-321d33679953","type":"Microsoft.Authorization/policyDefinitions","name":"881299bf-2a5b-4686-a1b2-321d33679953"},{"properties":{"displayName":"Microsoft
+ Managed Control 1356 - Incident Response Training | Simulated Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1356"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8829f8f5-e8be-441e-85c9-85b72a5d0ef3","type":"Microsoft.Authorization/policyDefinitions","name":"8829f8f5-e8be-441e-85c9-85b72a5d0ef3"},{"properties":{"displayName":"Deploy
prerequisites to audit Linux VMs that have the specified applications installed","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Linux virtual machines
that have the specified applications installed. It also creates a system-assigned
@@ -2160,15 +3820,37 @@ interactions:
['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0","type":"Microsoft.Authorization/policyDefinitions","name":"884b209a-963b-4520-8006-d20cb3c213e0"},{"properties":{"displayName":"Network
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0","type":"Microsoft.Authorization/policyDefinitions","name":"884b209a-963b-4520-8006-d20cb3c213e0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1317 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1317"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8877f519-c166-47b7-81b7-8a8eb4ff3775","type":"Microsoft.Authorization/policyDefinitions","name":"8877f519-c166-47b7-81b7-8a8eb4ff3775"},{"properties":{"displayName":"Microsoft
+ Managed Control 1501 - Rules Of Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1501"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88817b58-8472-4f6c-81fa-58ce42b67f51","type":"Microsoft.Authorization/policyDefinitions","name":"88817b58-8472-4f6c-81fa-58ce42b67f51"},{"properties":{"displayName":"Ensure
+ that ''Java version'' is the latest, if used as a part of the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Java either due to security flaws or to include
+ additional functionality. Using the latest Python version for Api apps is
+ recommended in order to to take advantage of security fixes, if any, and/or
+ new functionalities of the latest version.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ Java version","description":"Latest supported Java version for App Services"},"defaultValue":"11"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"JAVA"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","like":"[concat(''*'',
+ parameters(''JavaLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.javaVersion","like":"[concat(parameters(''JavaLatestVersion''),
+ ''*'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","type":"Microsoft.Authorization/policyDefinitions","name":"88999f4c-376a-45c8-bcb3-4058f713cf39"},{"properties":{"displayName":"Network
interfaces should disable IP forwarding","policyType":"BuiltIn","mode":"Indexed","description":"This
policy denies the network interfaces which enabled IP forwarding. The setting
of IP forwarding disables Azure''s check of the source and destination for
- a network interface. This should be reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"field":"Microsoft.Network/networkInterfaces/enableIpForwarding","equals":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900","type":"Microsoft.Authorization/policyDefinitions","name":"88c0b9da-ce96-4b03-9635-f29a937e2900"},{"properties":{"displayName":"SQL
+ a network interface. This should be reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"field":"Microsoft.Network/networkInterfaces/enableIpForwarding","equals":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900","type":"Microsoft.Authorization/policyDefinitions","name":"88c0b9da-ce96-4b03-9635-f29a937e2900"},{"properties":{"displayName":"Microsoft
+ Managed Control 1215 - Least Functionality","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1215"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88fc93e8-4745-4785-b5a5-b44bb92c44ff","type":"Microsoft.Authorization/policyDefinitions","name":"88fc93e8-4745-4785-b5a5-b44bb92c44ff"},{"properties":{"displayName":"SQL
servers should be configured with auditing retention days greater than 90
days.","policyType":"BuiltIn","mode":"Indexed","description":"Audit SQL servers
configured with an auditing retention period of less than 90 days.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/auditingSettings/retentionDays","greater":90}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","type":"Microsoft.Authorization/policyDefinitions","name":"89099bee-89e0-4b26-a5f4-165451757743"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/auditingSettings/retentionDays","greater":90}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","type":"Microsoft.Authorization/policyDefinitions","name":"89099bee-89e0-4b26-a5f4-165451757743"},{"properties":{"displayName":"Microsoft
+ Managed Control 1411 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1411"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/898d4fe8-f743-4333-86b7-0c9245d93e7d","type":"Microsoft.Authorization/policyDefinitions","name":"898d4fe8-f743-4333-86b7-0c9245d93e7d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1092 - Security Awareness Training | Insider Threat","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1092"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8a29d47b-8604-4667-84ef-90d203fcb305","type":"Microsoft.Authorization/policyDefinitions","name":"8a29d47b-8604-4667-84ef-90d203fcb305"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
System settings''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -2182,19 +3864,60 @@ interactions:
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines with a pending reboot. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8b0de57a-f511-4d45-a277-17cb79cb163b","type":"Microsoft.Authorization/policyDefinitions","name":"8b0de57a-f511-4d45-a277-17cb79cb163b"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8b0de57a-f511-4d45-a277-17cb79cb163b","type":"Microsoft.Authorization/policyDefinitions","name":"8b0de57a-f511-4d45-a277-17cb79cb163b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1534 - Personnel Sanctions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1534"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8b2b263e-cd05-4488-bcbf-4debec7a17d9","type":"Microsoft.Authorization/policyDefinitions","name":"8b2b263e-cd05-4488-bcbf-4debec7a17d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1170 - Penetration Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1170"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8b78b9b3-ee3c-48e0-a243-ed6dba5b7a12","type":"Microsoft.Authorization/policyDefinitions","name":"8b78b9b3-ee3c-48e0-a243-ed6dba5b7a12"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Windows Firewall Properties''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Windows Firewall Properties''. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsFirewallProperties","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8bbd627e-4d25-4906-9a6e-3789780af3ec","type":"Microsoft.Authorization/policyDefinitions","name":"8bbd627e-4d25-4906-9a6e-3789780af3ec"},{"properties":{"displayName":"Require
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsFirewallProperties","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8bbd627e-4d25-4906-9a6e-3789780af3ec","type":"Microsoft.Authorization/policyDefinitions","name":"8bbd627e-4d25-4906-9a6e-3789780af3ec"},{"properties":{"displayName":"Ensure
+ that ''HTTP Version'' is the latest, if used to run the Web app","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.http20Enabled","Equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae","type":"Microsoft.Authorization/policyDefinitions","name":"8c122334-9d20-4eb8-89ea-ac9a705b74ae"},{"properties":{"displayName":"Microsoft
+ Managed Control 1458 - Physical Access Control | Information System Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1458"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8c19ceb7-56e9-4488-8ddb-b1eb3aa6d203","type":"Microsoft.Authorization/policyDefinitions","name":"8c19ceb7-56e9-4488-8ddb-b1eb3aa6d203"},{"properties":{"displayName":"Microsoft
+ Managed Control 1683 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1683"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8c79fee4-88dd-44ce-bbd4-4de88948c4f8","type":"Microsoft.Authorization/policyDefinitions","name":"8c79fee4-88dd-44ce-bbd4-4de88948c4f8"},{"properties":{"displayName":"Latest
+ TLS version should be used in your API App","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
+ to the latest TLS version","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","type":"Microsoft.Authorization/policyDefinitions","name":"8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1316 - Identifier Management | Identify User Status","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1316"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ce14753-66e5-465d-9841-26ef55c09c0d","type":"Microsoft.Authorization/policyDefinitions","name":"8ce14753-66e5-465d-9841-26ef55c09c0d"},{"properties":{"displayName":"Require
tag and its value on resource groups","policyType":"BuiltIn","mode":"All","description":"Enforces
a required tag and its value on resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","notEquals":"[parameters(''tagValue'')]"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46","type":"Microsoft.Authorization/policyDefinitions","name":"8ce3da23-7156-49e4-b145-24f95f9dcb46"},{"properties":{"displayName":"[Preview]:
+ parameters(''tagName''), '']'')]","notEquals":"[parameters(''tagValue'')]"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46","type":"Microsoft.Authorization/policyDefinitions","name":"8ce3da23-7156-49e4-b145-24f95f9dcb46"},{"properties":{"displayName":"Microsoft
+ Managed Control 1324 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1324"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8cfea2b3-7f77-497e-ac20-0752f2ff6eee","type":"Microsoft.Authorization/policyDefinitions","name":"8cfea2b3-7f77-497e-ac20-0752f2ff6eee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1225 - Information System Component Inventory | Automated
+ Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1225"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8d096fe0-f510-4486-8b4d-d17dc230980b","type":"Microsoft.Authorization/policyDefinitions","name":"8d096fe0-f510-4486-8b4d-d17dc230980b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1288 - Information System Backup","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1288"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f","type":"Microsoft.Authorization/policyDefinitions","name":"8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1281 - Telecommunications Services | Priority Of Service Provisions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1281"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8dc459b3-0e77-45af-8d71-cfd8c9654fe2","type":"Microsoft.Authorization/policyDefinitions","name":"8dc459b3-0e77-45af-8d71-cfd8c9654fe2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1250 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1250"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8de614d8-a8b7-4f70-a62a-6d37089a002c","type":"Microsoft.Authorization/policyDefinitions","name":"8de614d8-a8b7-4f70-a62a-6d37089a002c"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - Object Access''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -2223,7 +3946,22 @@ interactions:
Detailed File Share;ExpectedValue","value":"[parameters(''AuditDetailedFileShare'')]"},{"name":"Audit
File Share;ExpectedValue","value":"[parameters(''AuditFileShare'')]"},{"name":"Audit
File System;ExpectedValue","value":"[parameters(''AuditFileSystem'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8e170edb-e0f5-497a-bb36-48b3280cec6a","type":"Microsoft.Authorization/policyDefinitions","name":"8e170edb-e0f5-497a-bb36-48b3280cec6a"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8e170edb-e0f5-497a-bb36-48b3280cec6a","type":"Microsoft.Authorization/policyDefinitions","name":"8e170edb-e0f5-497a-bb36-48b3280cec6a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1278 - Alternate Processing Site | Preparation For Use","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1278"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8e5ef485-9e16-4c53-a475-fbb8107eac59","type":"Microsoft.Authorization/policyDefinitions","name":"8e5ef485-9e16-4c53-a475-fbb8107eac59"},{"properties":{"displayName":"Microsoft
+ Managed Control 1517 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1517"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8f5ad423-50d6-4617-b058-69908f5586c9","type":"Microsoft.Authorization/policyDefinitions","name":"8f5ad423-50d6-4617-b058-69908f5586c9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1668 - Flaw Remediation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1668"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8fb0966e-be1d-42c3-baca-60df5c0bcc61","type":"Microsoft.Authorization/policyDefinitions","name":"8fb0966e-be1d-42c3-baca-60df5c0bcc61"},{"properties":{"displayName":"Microsoft
+ Managed Control 1013 - Account Management | Automated System Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1013"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8fd7b917-d83b-4379-af60-51e14e316c61","type":"Microsoft.Authorization/policyDefinitions","name":"8fd7b917-d83b-4379-af60-51e14e316c61"},{"properties":{"displayName":"Microsoft
+ Managed Control 1147 - Security Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1147"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8fef824a-29a8-4a4c-88fc-420a39c0d541","type":"Microsoft.Authorization/policyDefinitions","name":"8fef824a-29a8-4a4c-88fc-420a39c0d541"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not store passwords using
reversible encryption","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -2231,14 +3969,17 @@ interactions:
system-assigned managed identity and deploys the VM extension for Guest Configuration.
This policy should only be used along with its corresponding audit policy
in an initiative. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"StorePasswordsUsingReversibleEncryption","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"StorePasswordsUsingReversibleEncryption"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","type":"Microsoft.Authorization/policyDefinitions","name":"8ff0b18b-262e-4512-857a-48ad0aeb9a78"},{"properties":{"displayName":"[Preview]:
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"StorePasswordsUsingReversibleEncryption","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"StorePasswordsUsingReversibleEncryption"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","type":"Microsoft.Authorization/policyDefinitions","name":"8ff0b18b-262e-4512-857a-48ad0aeb9a78"},{"properties":{"displayName":"Microsoft
+ Managed Control 1550 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1550"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/902908fb-25a8-4225-a3a5-5603c80066c9","type":"Microsoft.Authorization/policyDefinitions","name":"902908fb-25a8-4225-a3a5-5603c80066c9"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Windows Firewall
Properties''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -2371,7 +4112,10 @@ interactions:
Firewall: Domain: Allow unicast response;ExpectedValue","value":"[parameters(''WindowsFirewallDomainAllowUnicastResponse'')]"},{"name":"Windows
Firewall: Private: Allow unicast response;ExpectedValue","value":"[parameters(''WindowsFirewallPrivateAllowUnicastResponse'')]"},{"name":"Windows
Firewall: Public: Allow unicast response;ExpectedValue","value":"[parameters(''WindowsFirewallPublicAllowUnicastResponse'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/909c958d-1b99-4c74-b88f-46a5c5bc34f9","type":"Microsoft.Authorization/policyDefinitions","name":"909c958d-1b99-4c74-b88f-46a5c5bc34f9"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/909c958d-1b99-4c74-b88f-46a5c5bc34f9","type":"Microsoft.Authorization/policyDefinitions","name":"909c958d-1b99-4c74-b88f-46a5c5bc34f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1133 - Protection Of Audit Information | Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1133"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90b60a09-133d-45bc-86ef-b206a6134bbe","type":"Microsoft.Authorization/policyDefinitions","name":"90b60a09-133d-45bc-86ef-b206a6134bbe"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that do not have the specified Windows
PowerShell modules installed","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -2393,19 +4137,40 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellModules]PowerShellModules1;Modules","value":"[parameters(''Modules'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90ba2ee7-4ca8-4673-84d1-c851c50d3baf","type":"Microsoft.Authorization/policyDefinitions","name":"90ba2ee7-4ca8-4673-84d1-c851c50d3baf"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90ba2ee7-4ca8-4673-84d1-c851c50d3baf","type":"Microsoft.Authorization/policyDefinitions","name":"90ba2ee7-4ca8-4673-84d1-c851c50d3baf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1140 - Audit Generation | System-Wide / Time-Correlated Audit
+ Trail","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1140"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90d8b8ad-8ee3-4db7-913f-2a53fcff5316","type":"Microsoft.Authorization/policyDefinitions","name":"90d8b8ad-8ee3-4db7-913f-2a53fcff5316"},{"properties":{"displayName":"Microsoft
+ Managed Control 1355 - Incident Response Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1355"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90e01f69-3074-4de8-ade7-0fef3e7d83e0","type":"Microsoft.Authorization/policyDefinitions","name":"90e01f69-3074-4de8-ade7-0fef3e7d83e0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1657 - Secure Name / Address Resolution Service (Authoritative
+ Source)","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1657"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90f01329-a100-43c2-af31-098996135d2b","type":"Microsoft.Authorization/policyDefinitions","name":"90f01329-a100-43c2-af31-098996135d2b"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Windows Components''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Windows Components''. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsComponents","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9178b430-2295-406e-bb28-f6a7a2a2f897","type":"Microsoft.Authorization/policyDefinitions","name":"9178b430-2295-406e-bb28-f6a7a2a2f897"},{"properties":{"displayName":"MFA
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsComponents","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9178b430-2295-406e-bb28-f6a7a2a2f897","type":"Microsoft.Authorization/policyDefinitions","name":"9178b430-2295-406e-bb28-f6a7a2a2f897"},{"properties":{"displayName":"Microsoft
+ Managed Control 1069 - Wireless Access | Authentication And Encryption","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1069"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/91c97b44-791e-46e9-bad7-ab7c4949edbb","type":"Microsoft.Authorization/policyDefinitions","name":"91c97b44-791e-46e9-bad7-ab7c4949edbb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1370 - Incident Monitoring | Automated Tracking / Data Collection
+ / Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1370"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/924e1b2d-c502-478f-bfdb-a7e09a0d5c01","type":"Microsoft.Authorization/policyDefinitions","name":"924e1b2d-c502-478f-bfdb-a7e09a0d5c01"},{"properties":{"displayName":"MFA
should be enabled accounts with write permissions on your subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor
Authentication (MFA) should be enabled for all subscription accounts with
write privileges to prevent a breach of accounts or resources.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","type":"Microsoft.Authorization/policyDefinitions","name":"9297c21d-2ed6-4474-b48f-163f75654ce3"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","type":"Microsoft.Authorization/policyDefinitions","name":"9297c21d-2ed6-4474-b48f-163f75654ce3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1290 - Information System Backup","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1290"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/92f85ce9-17b7-49ea-85ee-ea7271ea6b82","type":"Microsoft.Authorization/policyDefinitions","name":"92f85ce9-17b7-49ea-85ee-ea7271ea6b82"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that contain certificates expiring within
the specified number of days","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -2433,19 +4198,53 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToInclude","value":"[parameters(''MembersToInclude'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","type":"Microsoft.Authorization/policyDefinitions","name":"93507a81-10a4-4af0-9ee2-34cf25a96e98"},{"properties":{"displayName":"[Deprecated]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","type":"Microsoft.Authorization/policyDefinitions","name":"93507a81-10a4-4af0-9ee2-34cf25a96e98"},{"properties":{"displayName":"Microsoft
+ Managed Control 1575 - Acquisition Process | Functional Properties Of Security
+ Controls","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1575"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93e1bb73-1b08-4dbe-9c62-8e2e92e7ec41","type":"Microsoft.Authorization/policyDefinitions","name":"93e1bb73-1b08-4dbe-9c62-8e2e92e7ec41"},{"properties":{"displayName":"Microsoft
+ Managed Control 1674 - Flaw Remediation | Time To Remediate Flaws / Benchmarks
+ For Corrective Actions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1674"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93e9e233-dd0a-4bde-aea5-1371bce0e002","type":"Microsoft.Authorization/policyDefinitions","name":"93e9e233-dd0a-4bde-aea5-1371bce0e002"},{"properties":{"displayName":"Microsoft
+ Managed Control 1297 - Information System Recovery And Reconstitution | Restore
+ Within Time Period","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1297"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93fd8af1-c161-4bae-9ba9-f62731f76439","type":"Microsoft.Authorization/policyDefinitions","name":"93fd8af1-c161-4bae-9ba9-f62731f76439"},{"properties":{"displayName":"Microsoft
+ Managed Control 1284 - Telecommunications Services | Provider Contingency
+ Plan","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1284"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/942b3e97-6ae3-410e-a794-c9c999b97c0b","type":"Microsoft.Authorization/policyDefinitions","name":"942b3e97-6ae3-410e-a794-c9c999b97c0b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1379 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1379"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9442dd2c-a07f-46cd-b55a-553b66ba47ca","type":"Microsoft.Authorization/policyDefinitions","name":"9442dd2c-a07f-46cd-b55a-553b66ba47ca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1371 - Incident Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1371"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9447f354-2c85-4700-93b3-ecdc6cb6a417","type":"Microsoft.Authorization/policyDefinitions","name":"9447f354-2c85-4700-93b3-ecdc6cb6a417"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation only in European data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
- resource creation in the following locations only: North Europe, West Europe","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["northeurope","westeurope"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b","type":"Microsoft.Authorization/policyDefinitions","name":"94c19f19-8192-48cd-a11b-e37099d3e36b"},{"properties":{"displayName":"Require
+ resource creation in the following locations only: North Europe, West Europe","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["northeurope","westeurope"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b","type":"Microsoft.Authorization/policyDefinitions","name":"94c19f19-8192-48cd-a11b-e37099d3e36b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1526 - Access Agreements","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1526"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/953e6261-a05a-44fd-8246-000e1a3edbb9","type":"Microsoft.Authorization/policyDefinitions","name":"953e6261-a05a-44fd-8246-000e1a3edbb9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1163 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1163"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/961663a1-8a91-4e59-b6f5-1eee57c0f49c","type":"Microsoft.Authorization/policyDefinitions","name":"961663a1-8a91-4e59-b6f5-1eee57c0f49c"},{"properties":{"displayName":"Require
specified tag on resource groups","policyType":"BuiltIn","mode":"All","description":"Enforces
existence of a tag on resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/96670d01-0a4d-4649-9c89-2d3abc0a5025","type":"Microsoft.Authorization/policyDefinitions","name":"96670d01-0a4d-4649-9c89-2d3abc0a5025"},{"properties":{"displayName":"Advanced
+ parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/96670d01-0a4d-4649-9c89-2d3abc0a5025","type":"Microsoft.Authorization/policyDefinitions","name":"96670d01-0a4d-4649-9c89-2d3abc0a5025"},{"properties":{"displayName":"Microsoft
+ Managed Control 1717 - Software, Firmware, And Information Integrity | Binary
+ Or Machine Executable Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1717"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef","type":"Microsoft.Authorization/policyDefinitions","name":"967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef"},{"properties":{"displayName":"Advanced
data security settings for SQL server should contain an email address to receive
security alerts","policyType":"BuiltIn","mode":"Indexed","description":"Ensure
that an email address is provided for the ''Send alerts to'' field in the
Advanced Data Security server settings. This email address receives alert
notifications when anomalous activities are detected on SQL servers.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAddresses[*]","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","type":"Microsoft.Authorization/policyDefinitions","name":"9677b740-f641-4f3c-b9c5-466005c85278"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAddresses[*]","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","type":"Microsoft.Authorization/policyDefinitions","name":"9677b740-f641-4f3c-b9c5-466005c85278"},{"properties":{"displayName":"Microsoft
+ Managed Control 1453 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1453"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9693b564-3008-42bc-9d5d-9c7fe198c011","type":"Microsoft.Authorization/policyDefinitions","name":"9693b564-3008-42bc-9d5d-9c7fe198c011"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Adminstrative Templates
- MSS (Legacy)''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -2453,7 +4252,11 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Adminstrative Templates - MSS (Legacy)''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdminstrativeTemplatesMSSLegacy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97646672-5efa-4622-9b54-740270ad60bf","type":"Microsoft.Authorization/policyDefinitions","name":"97646672-5efa-4622-9b54-740270ad60bf"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdminstrativeTemplatesMSSLegacy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97646672-5efa-4622-9b54-740270ad60bf","type":"Microsoft.Authorization/policyDefinitions","name":"97646672-5efa-4622-9b54-740270ad60bf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1607 - Developer Security Testing And Evaluation | Dynamic
+ Code Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1607"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/976a74cf-b192-4d35-8cab-2068f272addb","type":"Microsoft.Authorization/policyDefinitions","name":"976a74cf-b192-4d35-8cab-2068f272addb"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - Policy Change''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -2478,7 +4281,13 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit
Authentication Policy Change;ExpectedValue","value":"[parameters(''AuditAuthenticationPolicyChange'')]"},{"name":"Audit
Authorization Policy Change;ExpectedValue","value":"[parameters(''AuditAuthorizationPolicyChange'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97b595c8-fd10-400e-8543-28e2b9138b13","type":"Microsoft.Authorization/policyDefinitions","name":"97b595c8-fd10-400e-8543-28e2b9138b13"},{"properties":{"displayName":"[Deprecated]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97b595c8-fd10-400e-8543-28e2b9138b13","type":"Microsoft.Authorization/policyDefinitions","name":"97b595c8-fd10-400e-8543-28e2b9138b13"},{"properties":{"displayName":"Microsoft
+ Managed Control 1136 - Audit Record Retention","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1136"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97ed5bac-a92f-4f6d-a8ed-dc094723597c","type":"Microsoft.Authorization/policyDefinitions","name":"97ed5bac-a92f-4f6d-a8ed-dc094723597c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1378 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1378"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97fceb70-6983-42d0-9331-18ad8253184d","type":"Microsoft.Authorization/policyDefinitions","name":"97fceb70-6983-42d0-9331-18ad8253184d"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation only in United States data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation in the following locations only: Central US, East US, East
US2, North Central US, South Central US, West US","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["centralus","eastus","eastus2","northcentralus","southcentralus","westus"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869","type":"Microsoft.Authorization/policyDefinitions","name":"983211ba-f348-4758-983b-21fa29294869"},{"properties":{"displayName":"[Preview]:
@@ -2508,7 +4317,33 @@ interactions:
insecure guest logons;ExpectedValue","value":"[parameters(''EnableInsecureGuestLogons'')]"},{"name":"Minimize
the number of simultaneous connections to the Internet or a Windows Domain;ExpectedValue","value":"[parameters(''AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain'')]"},{"name":"Turn
off multicast name resolution;ExpectedValue","value":"[parameters(''TurnOffMulticastNameResolution'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/985285b7-b97a-419c-8d48-c88cc934c8d8","type":"Microsoft.Authorization/policyDefinitions","name":"985285b7-b97a-419c-8d48-c88cc934c8d8"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/985285b7-b97a-419c-8d48-c88cc934c8d8","type":"Microsoft.Authorization/policyDefinitions","name":"985285b7-b97a-419c-8d48-c88cc934c8d8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1076 - Use Of External Information Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1076"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/98a4bd5f-6436-46d4-ad00-930b5b1dfed4","type":"Microsoft.Authorization/policyDefinitions","name":"98a4bd5f-6436-46d4-ad00-930b5b1dfed4"},{"properties":{"displayName":"Ensure
+ that ''HTTP Version'' is the latest, if used to run the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for HTTP either due to security flaws or to include
+ additional functionality. Using the latest HTTP version for web apps to take
+ advantage of security fixes, if any, and/or new functionalities of the newer
+ version.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.http20Enabled","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db","type":"Microsoft.Authorization/policyDefinitions","name":"991310cd-e9f3-47bc-b7b6-f57b557d07db"},{"properties":{"displayName":"Microsoft
+ Managed Control 1102 - Audit Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1102"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9943c16a-c54c-4b4a-ad28-bfd938cdbf57","type":"Microsoft.Authorization/policyDefinitions","name":"9943c16a-c54c-4b4a-ad28-bfd938cdbf57"},{"properties":{"displayName":"Microsoft
+ Managed Control 1300 - Identification And Authentication (Organizational Users)","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1300"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/99deec7d-5526-472e-b07c-3645a792026a","type":"Microsoft.Authorization/policyDefinitions","name":"99deec7d-5526-472e-b07c-3645a792026a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1036 - Least Privilege | Non-Privileged Access For Nonsecurity
+ Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1036"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9a16d673-8cf0-4dcf-b1d5-9b3e114fef71","type":"Microsoft.Authorization/policyDefinitions","name":"9a16d673-8cf0-4dcf-b1d5-9b3e114fef71"},{"properties":{"displayName":"FTPS
+ only should be required in your API App","policyType":"BuiltIn","mode":"Indexed","description":"Enable
+ FTPS enforcement for enhanced security","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/ftpsState","equals":"FtpsOnly"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5","type":"Microsoft.Authorization/policyDefinitions","name":"9a1b8c48-453a-4044-86c3-d8bfd823e4f5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1021 - Account Management | Restrictions On Use Of Shared
+ / Group Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1021"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9a3eb0a3-428d-4669-baff-20a14eb4b551","type":"Microsoft.Authorization/policyDefinitions","name":"9a3eb0a3-428d-4669-baff-20a14eb4b551"},{"properties":{"displayName":"Deploy
Diagnostic Settings for Azure SQL Database to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
the diagnostic settings for Azure SQL Database to stream to a regional Event
Hub on any Azure SQL Database which is missing this diagnostic settings is
@@ -2525,21 +4360,84 @@ interactions:
or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"fullName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"resources":[{"type":"Microsoft.Sql/servers/databases/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''fullName''),
''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"QueryStoreRuntimeStatistics","enabled":"[parameters(''logsEnabled'')]"},{"category":"QueryStoreWaitStatistics","enabled":"[parameters(''logsEnabled'')]"},{"category":"Errors","enabled":"[parameters(''logsEnabled'')]"},{"category":"DatabaseWaitStatistics","enabled":"[parameters(''logsEnabled'')]"},{"category":"Blocks","enabled":"[parameters(''logsEnabled'')]"},{"category":"SQLInsights","enabled":"[parameters(''logsEnabled'')]"},{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"SQLSecurityAuditEvents","enabled":"[parameters(''logsEnabled'')]"},{"category":"Timeouts","enabled":"[parameters(''logsEnabled'')]"},{"category":"AutomaticTuning","enabled":"[parameters(''logsEnabled'')]"},{"category":"Deadlocks","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
diagnostic settings for '', parameters(''fullName''))]"}}},"parameters":{"location":{"value":"[field(''location'')]"},"fullName":{"value":"[field(''fullName'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9a7c7a7d-49e5-4213-bea8-6a502b6272e0","type":"Microsoft.Authorization/policyDefinitions","name":"9a7c7a7d-49e5-4213-bea8-6a502b6272e0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1049 - System Use Notification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1049"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9adf7ba7-900a-4f35-8d57-9f34aafc405c","type":"Microsoft.Authorization/policyDefinitions","name":"9adf7ba7-900a-4f35-8d57-9f34aafc405c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1563 - Allocation Of Resources","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1563"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9afe2edf-232c-4fdf-8e6a-e867a5c525fd","type":"Microsoft.Authorization/policyDefinitions","name":"9afe2edf-232c-4fdf-8e6a-e867a5c525fd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1462 - Monitoring Physical Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1462"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9b1f3a9a-13a1-4b40-8420-36bca6fd8c02","type":"Microsoft.Authorization/policyDefinitions","name":"9b1f3a9a-13a1-4b40-8420-36bca6fd8c02"},{"properties":{"displayName":"Microsoft
IaaSAntimalware extension should be deployed on Windows servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Windows server VM without Microsoft IaaSAntimalware extension
deployed.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk"]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","type":"Microsoft.Authorization/policyDefinitions","name":"9b597639-28e4-48eb-b506-56b05d366257"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk"]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","type":"Microsoft.Authorization/policyDefinitions","name":"9b597639-28e4-48eb-b506-56b05d366257"},{"properties":{"displayName":"Microsoft
+ Managed Control 1236 - Software Usage Restrictions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1236"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ba3ed84-c768-4e18-b87c-34ef1aff1b57","type":"Microsoft.Authorization/policyDefinitions","name":"9ba3ed84-c768-4e18-b87c-34ef1aff1b57"},{"properties":{"displayName":"Microsoft
+ Managed Control 1525 - Personnel Transfer","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1525"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9be2f688-7a61-45e3-8230-e1ec93893f66","type":"Microsoft.Authorization/policyDefinitions","name":"9be2f688-7a61-45e3-8230-e1ec93893f66"},{"properties":{"displayName":"[Deprecated]:
Audit API Applications that are not using latest supported Java Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported Java version for the latest security classes. Using older
classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745","type":"Microsoft.Authorization/policyDefinitions","name":"9bfe3727-0a17-471f-a2fe-eddd6b668745"},{"properties":{"displayName":"Access
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745","type":"Microsoft.Authorization/policyDefinitions","name":"9bfe3727-0a17-471f-a2fe-eddd6b668745"},{"properties":{"displayName":"Microsoft
+ Managed Control 1138 - Audit Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1138"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9c284fc0-268a-4f29-af44-3c126674edb4","type":"Microsoft.Authorization/policyDefinitions","name":"9c284fc0-268a-4f29-af44-3c126674edb4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1135 - Non-Repudiation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1135"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9c308b6b-2429-4b97-86cf-081b8e737b04","type":"Microsoft.Authorization/policyDefinitions","name":"9c308b6b-2429-4b97-86cf-081b8e737b04"},{"properties":{"displayName":"Microsoft
+ Managed Control 1489 - Location Of Information System Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1489"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d0a794f-1444-4c96-9534-e35fc8c39c91","type":"Microsoft.Authorization/policyDefinitions","name":"9d0a794f-1444-4c96-9534-e35fc8c39c91"},{"properties":{"displayName":"Ensure
+ that ''Java version'' is the latest, if used as a part of the Funtion app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Java software either due to security flaws
+ or to include additional functionality. Using the latest Java version for
+ Function apps is recommended in order to to take advantage of security fixes,
+ if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ Java version","description":"Latest supported Java version for App Services"},"defaultValue":"11"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"JAVA"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","like":"[concat(''*'',
+ parameters(''JavaLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.javaVersion","like":"[concat(parameters(''JavaLatestVersion''),
+ ''*'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","type":"Microsoft.Authorization/policyDefinitions","name":"9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1322 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1322"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d1d971e-467e-4278-9633-c74c3d4fecc4","type":"Microsoft.Authorization/policyDefinitions","name":"9d1d971e-467e-4278-9633-c74c3d4fecc4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1233 - Configuration Management Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1233"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d79001f-95fe-45d0-8736-f217e78c1f57","type":"Microsoft.Authorization/policyDefinitions","name":"9d79001f-95fe-45d0-8736-f217e78c1f57"},{"properties":{"displayName":"Microsoft
+ Managed Control 1305 - Identification And Authentication (Org. Users) | Group
+ Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1305"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d9166a8-1722-4b8f-847c-2cf3f2618b3d","type":"Microsoft.Authorization/policyDefinitions","name":"9d9166a8-1722-4b8f-847c-2cf3f2618b3d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1259 - Contingency Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1259"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d9e18f7-bad9-4d30-8806-a0c9d5e26208","type":"Microsoft.Authorization/policyDefinitions","name":"9d9e18f7-bad9-4d30-8806-a0c9d5e26208"},{"properties":{"displayName":"Access
through Internet facing endpoint should be restricted","policyType":"BuiltIn","mode":"All","description":"Azure
Security center has identified some of your Network Security Groups'' inbound
rules to be too permissive. Inbound rules should not allow access from ''Any''
or ''Internet'' ranges. This can potentially enable attackers to easily target
your resources.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedNetworkEndpoint","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","type":"Microsoft.Authorization/policyDefinitions","name":"9daedab3-fb2d-461e-b861-71790eead4f6"},{"properties":{"displayName":"Append
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedNetworkEndpoint","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","type":"Microsoft.Authorization/policyDefinitions","name":"9daedab3-fb2d-461e-b861-71790eead4f6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1500 - Rules Of Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1500"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9dd5b241-03cb-47d3-a5cd-4b89f9c53c92","type":"Microsoft.Authorization/policyDefinitions","name":"9dd5b241-03cb-47d3-a5cd-4b89f9c53c92"},{"properties":{"displayName":"Microsoft
+ Managed Control 1482 - Temperature And Humidity Controls | Monitoring With
+ Alarms / Notifications","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1482"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9df4277e-8c88-4d5c-9b1a-541d53d15d7b","type":"Microsoft.Authorization/policyDefinitions","name":"9df4277e-8c88-4d5c-9b1a-541d53d15d7b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1553 - Vulnerability Scanning | Breadth / Depth Of Coverage","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1553"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9e5225fe-cdfb-4fce-9aec-0fe20dd53b62","type":"Microsoft.Authorization/policyDefinitions","name":"9e5225fe-cdfb-4fce-9aec-0fe20dd53b62"},{"properties":{"displayName":"Microsoft
+ Managed Control 1490 - Security Planning Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1490"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9e61da80-0957-4892-b70c-609d5eaafb6b","type":"Microsoft.Authorization/policyDefinitions","name":"9e61da80-0957-4892-b70c-609d5eaafb6b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1504 - Information Security Architecture","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1504"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9e7c35d0-12d4-4e0c-80a2-8a352537aefd","type":"Microsoft.Authorization/policyDefinitions","name":"9e7c35d0-12d4-4e0c-80a2-8a352537aefd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1609 - Development Process, Standards, And Tools","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1609"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9e93fa71-42ac-41a7-b177-efbfdc53c69f","type":"Microsoft.Authorization/policyDefinitions","name":"9e93fa71-42ac-41a7-b177-efbfdc53c69f"},{"properties":{"displayName":"Append
tag and its value from the resource group","policyType":"BuiltIn","mode":"Indexed","description":"Appends
the specified tag with its value from the resource group when any resource
which is missing this tag is created or updated. Does not modify the tags
@@ -2548,13 +4446,25 @@ interactions:
of tags on existing resources (see https://aka.ms/modifydoc).","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"allOf":[{"field":"[concat(''tags['',
parameters(''tagName''), '']'')]","exists":"false"},{"value":"[resourceGroup().tags[parameters(''tagName'')]]","notEquals":""}]},"then":{"effect":"append","details":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[resourceGroup().tags[parameters(''tagName'')]]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ea02ca2-71db-412d-8b00-7c7ca9fcd32d","type":"Microsoft.Authorization/policyDefinitions","name":"9ea02ca2-71db-412d-8b00-7c7ca9fcd32d"},{"properties":{"displayName":"Show
+ parameters(''tagName''), '']'')]","value":"[resourceGroup().tags[parameters(''tagName'')]]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ea02ca2-71db-412d-8b00-7c7ca9fcd32d","type":"Microsoft.Authorization/policyDefinitions","name":"9ea02ca2-71db-412d-8b00-7c7ca9fcd32d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1494 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1494"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ed09d84-3311-4853-8b67-2b55dfa33d09","type":"Microsoft.Authorization/policyDefinitions","name":"9ed09d84-3311-4853-8b67-2b55dfa33d09"},{"properties":{"displayName":"Microsoft
+ Managed Control 1514 - Personnel Screening | Information With Special Protection
+ Measures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1514"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ed5ca00-0e43-434e-a018-7aab91461ba7","type":"Microsoft.Authorization/policyDefinitions","name":"9ed5ca00-0e43-434e-a018-7aab91461ba7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1187 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1187"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9f2b2f9e-4ba6-46c3-907f-66db138b6f85","type":"Microsoft.Authorization/policyDefinitions","name":"9f2b2f9e-4ba6-46c3-907f-66db138b6f85"},{"properties":{"displayName":"Show
audit results from Windows VMs that are not set to the specified time zone","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that are not set to the specified time zone.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsTimeZone","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9f658460-46b7-43af-8565-94fc0662be38","type":"Microsoft.Authorization/policyDefinitions","name":"9f658460-46b7-43af-8565-94fc0662be38"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsTimeZone","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9f658460-46b7-43af-8565-94fc0662be38","type":"Microsoft.Authorization/policyDefinitions","name":"9f658460-46b7-43af-8565-94fc0662be38"},{"properties":{"displayName":"Microsoft
+ Managed Control 1354 - Incident Response Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1354"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9fd92c17-163a-4511-bb96-bbb476449796","type":"Microsoft.Authorization/policyDefinitions","name":"9fd92c17-163a-4511-bb96-bbb476449796"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs on which the Log Analytics agent is not
connected as expected","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -2562,14 +4472,22 @@ interactions:
auditing Windows virtual machines on which the Log Analytics agent is not
connected to the specified workspaces. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsLogAnalyticsAgentConnection","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a030a57e-4639-4e8f-ade9-a92f33afe7ee","type":"Microsoft.Authorization/policyDefinitions","name":"a030a57e-4639-4e8f-ade9-a92f33afe7ee"},{"properties":{"displayName":"Allowed
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsLogAnalyticsAgentConnection","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a030a57e-4639-4e8f-ade9-a92f33afe7ee","type":"Microsoft.Authorization/policyDefinitions","name":"a030a57e-4639-4e8f-ade9-a92f33afe7ee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1145 - Security Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1145"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a0724970-9c75-4a64-a225-a28002953f28","type":"Microsoft.Authorization/policyDefinitions","name":"a0724970-9c75-4a64-a225-a28002953f28"},{"properties":{"displayName":"Allowed
resource types","policyType":"BuiltIn","mode":"Indexed","description":"This
policy enables you to specify the resource types that your organization can
deploy. Only resource types that support ''tags'' and ''location'' will be
affected by this policy. To restrict all resources please duplicate this policy
and change the ''mode'' to ''All''.","metadata":{"category":"General"},"parameters":{"listOfResourceTypesAllowed":{"type":"Array","metadata":{"description":"The
list of resource types that can be deployed.","displayName":"Allowed resource
- types","strongType":"resourceTypes"}}},"policyRule":{"if":{"not":{"field":"type","in":"[parameters(''listOfResourceTypesAllowed'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c","type":"Microsoft.Authorization/policyDefinitions","name":"a08ec900-254a-4555-9bf5-e42af04b5c5c"},{"properties":{"displayName":"Security
+ types","strongType":"resourceTypes"}}},"policyRule":{"if":{"not":{"field":"type","in":"[parameters(''listOfResourceTypesAllowed'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c","type":"Microsoft.Authorization/policyDefinitions","name":"a08ec900-254a-4555-9bf5-e42af04b5c5c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1245 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1245"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a0e45314-57b8-4623-80cd-bbb561f59516","type":"Microsoft.Authorization/policyDefinitions","name":"a0e45314-57b8-4623-80cd-bbb561f59516"},{"properties":{"displayName":"Microsoft
+ Managed Control 1406 - Maintenance Tools | Inspect Media","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1406"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a0f5339c-9292-43aa-a0bc-d27c6b8e30aa","type":"Microsoft.Authorization/policyDefinitions","name":"a0f5339c-9292-43aa-a0bc-d27c6b8e30aa"},{"properties":{"displayName":"Security
Center standard pricing tier should be selected","policyType":"BuiltIn","mode":"All","description":"The
standard pricing tier enables threat detection for networks and virtual machines,
providing threat intelligence, anomaly detection, and behavior analytics in
@@ -2582,20 +4500,72 @@ interactions:
security model, you shoud create access policies at the entity level for queues
and topics to provide access to only the specific entity","metadata":{"category":"Service
Bus"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceBus/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","type":"Microsoft.Authorization/policyDefinitions","name":"a1817ec0-a368-432a-8057-8371e17ac6ee"},{"properties":{"displayName":"[Preview]:
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceBus/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","type":"Microsoft.Authorization/policyDefinitions","name":"a1817ec0-a368-432a-8057-8371e17ac6ee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1265 - Contingency Plan Testing | Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1265"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a18adb5b-1db6-4a5b-901a-7d3797d12972","type":"Microsoft.Authorization/policyDefinitions","name":"a18adb5b-1db6-4a5b-901a-7d3797d12972"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Logic Apps to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Logic Apps to stream to a regional Event Hub when
+ any Logic Apps which is missing this diagnostic settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Logic/workflows/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"WorkflowRuntime","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1dae6c7-13f3-48ea-a149-ff8442661f60","type":"Microsoft.Authorization/policyDefinitions","name":"a1dae6c7-13f3-48ea-a149-ff8442661f60"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Administrative Templates
- System''","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Administrative
Templates - System''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1e8dda3-9fd2-4835-aec3-0e55531fde33","type":"Microsoft.Authorization/policyDefinitions","name":"a1e8dda3-9fd2-4835-aec3-0e55531fde33"},{"properties":{"displayName":"Show
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1e8dda3-9fd2-4835-aec3-0e55531fde33","type":"Microsoft.Authorization/policyDefinitions","name":"a1e8dda3-9fd2-4835-aec3-0e55531fde33"},{"properties":{"displayName":"Microsoft
+ Managed Control 1612 - Developer Security Architecture And Design","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1612"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2037b3d-8b04-4171-8610-e6d4f1d08db5","type":"Microsoft.Authorization/policyDefinitions","name":"a2037b3d-8b04-4171-8610-e6d4f1d08db5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1197 - Configuration Change Control | Test / Validate / Document
+ Changes","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1197"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a20d2eaa-88e2-4907-96a2-8f3a05797e5c","type":"Microsoft.Authorization/policyDefinitions","name":"a20d2eaa-88e2-4907-96a2-8f3a05797e5c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1275 - Alternate Processing Site | Separation From Primary
+ Site","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1275"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a23d9d53-ad2e-45ef-afd5-e6d10900a737","type":"Microsoft.Authorization/policyDefinitions","name":"a23d9d53-ad2e-45ef-afd5-e6d10900a737"},{"properties":{"displayName":"Microsoft
+ Managed Control 1690 - Information System Monitoring | System-Wide Intrusion
+ Detection System","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1690"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2567a23-d1c3-4783-99f3-d471302a4d6b","type":"Microsoft.Authorization/policyDefinitions","name":"a2567a23-d1c3-4783-99f3-d471302a4d6b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1410 - Maintenance Tools | Prevent Unauthorized Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1410"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2596a9f-e59f-420d-9625-6e0b536348be","type":"Microsoft.Authorization/policyDefinitions","name":"a2596a9f-e59f-420d-9625-6e0b536348be"},{"properties":{"displayName":"Microsoft
+ Managed Control 1059 - Remote Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1059"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a29b5d9f-4953-4afe-b560-203a6410b6b4","type":"Microsoft.Authorization/policyDefinitions","name":"a29b5d9f-4953-4afe-b560-203a6410b6b4"},{"properties":{"displayName":"Show
audit results from Windows VMs that are not joined to the specified domain","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that are not joined to the specified domain.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDomainMembership","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a29ee95c-0395-4515-9851-cc04ffe82a91","type":"Microsoft.Authorization/policyDefinitions","name":"a29ee95c-0395-4515-9851-cc04ffe82a91"},{"properties":{"displayName":"Audit
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDomainMembership","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a29ee95c-0395-4515-9851-cc04ffe82a91","type":"Microsoft.Authorization/policyDefinitions","name":"a29ee95c-0395-4515-9851-cc04ffe82a91"},{"properties":{"displayName":"Microsoft
+ Managed Control 1532 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1532"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2c66299-9017-4d95-8040-8bdbf7901d52","type":"Microsoft.Authorization/policyDefinitions","name":"a2c66299-9017-4d95-8040-8bdbf7901d52"},{"properties":{"displayName":"Microsoft
+ Managed Control 1664 - Protection Of Information At Rest | Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1664"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2cdf6b8-9505-4619-b579-309ba72037ac","type":"Microsoft.Authorization/policyDefinitions","name":"a2cdf6b8-9505-4619-b579-309ba72037ac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1252 - Contingency Plan | Capacity Planning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1252"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a328fd72-8ff5-4f96-8c9c-b30ed95db4ab","type":"Microsoft.Authorization/policyDefinitions","name":"a328fd72-8ff5-4f96-8c9c-b30ed95db4ab"},{"properties":{"displayName":"Microsoft
+ Managed Control 1238 - User-Installed Software","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1238"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1","type":"Microsoft.Authorization/policyDefinitions","name":"a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1693 - Information System Monitoring | System-Generated Alerts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1693"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a450eba6-2efc-4a00-846a-5804a93c6b77","type":"Microsoft.Authorization/policyDefinitions","name":"a450eba6-2efc-4a00-846a-5804a93c6b77"},{"properties":{"displayName":"Audit
usage of custom RBAC rules","policyType":"BuiltIn","mode":"All","description":"Audit
built-in roles such as ''Owner, Contributer, Reader'' instead of custom RBAC
roles, which are error prone. Using custom roles is treated as an exception
@@ -2604,7 +4574,10 @@ interactions:
Application should only be accessible over HTTPS","policyType":"BuiltIn","mode":"Indexed","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","type":"Microsoft.Authorization/policyDefinitions","name":"a4af4a39-4135-47fb-b175-47fbdf85311d"},{"properties":{"displayName":"Auditing
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","type":"Microsoft.Authorization/policyDefinitions","name":"a4af4a39-4135-47fb-b175-47fbdf85311d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1617 - Application Partitioning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1617"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a631d8f5-eb81-4f9d-9ee1-74431371e4a3","type":"Microsoft.Authorization/policyDefinitions","name":"a631d8f5-eb81-4f9d-9ee1-74431371e4a3"},{"properties":{"displayName":"Auditing
should be enabled on advanced data security settings on SQL Server","policyType":"BuiltIn","mode":"Indexed","description":"Auditing
tracks database events and writes them to an audit log in the Azure storage
account. It also helps to maintain regulatory compliance, understand database
@@ -2615,21 +4588,49 @@ interactions:
Log Analytics agent should be installed on virtual machines","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Windows/Linux virtual machines if the Log Analytics agent
is not installed.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","in":["MicrosoftMonitoringAgent","OmsAgentForLinux"]},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"},{"field":"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be","type":"Microsoft.Authorization/policyDefinitions","name":"a70ca396-0a34-413a-88e1-b956c1e683be"},{"properties":{"displayName":"DDoS
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","in":["MicrosoftMonitoringAgent","OmsAgentForLinux"]},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"},{"field":"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be","type":"Microsoft.Authorization/policyDefinitions","name":"a70ca396-0a34-413a-88e1-b956c1e683be"},{"properties":{"displayName":"Microsoft
+ Managed Control 1431 - Media Storage","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1431"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7173c52-2b99-4696-a576-63dd5f970ef4","type":"Microsoft.Authorization/policyDefinitions","name":"a7173c52-2b99-4696-a576-63dd5f970ef4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1644 - Cryptographic Key Establishment And Management | Availability","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1644"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7211477-c970-446b-b4af-062f37461147","type":"Microsoft.Authorization/policyDefinitions","name":"a7211477-c970-446b-b4af-062f37461147"},{"properties":{"displayName":"Microsoft
+ Managed Control 1027 - Access Enforcement","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1027"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c","type":"Microsoft.Authorization/policyDefinitions","name":"a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c"},{"properties":{"displayName":"DDoS
Protection Standard should be enabled","policyType":"BuiltIn","mode":"All","description":"DDoS
protection standard should be enabled for all virtual networks with a subnet
that is part of an application gateway with a public IP.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"microsoft.network/virtualNetworks"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableDDoSProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","type":"Microsoft.Authorization/policyDefinitions","name":"a7aca53f-2ed4-4466-a25e-0b45ade68efd"},{"properties":{"displayName":"Require
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"microsoft.network/virtualNetworks"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableDDoSProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","type":"Microsoft.Authorization/policyDefinitions","name":"a7aca53f-2ed4-4466-a25e-0b45ade68efd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1570 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1570"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7fcf38d-bb09-4600-be7d-825046eb162a","type":"Microsoft.Authorization/policyDefinitions","name":"a7fcf38d-bb09-4600-be7d-825046eb162a"},{"properties":{"displayName":"Require
encryption on Data Lake Store accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
policy ensures encryption is enabled on all Data Lake Store accounts","metadata":{"category":"Data
- Lake"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},{"field":"Microsoft.DataLakeStore/accounts/encryptionState","equals":"Disabled"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"a7ff3161-0087-490a-9ad9-ad6217f4f43a"},{"properties":{"displayName":"[Deprecated]
+ Lake"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},{"field":"Microsoft.DataLakeStore/accounts/encryptionState","equals":"Disabled"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"a7ff3161-0087-490a-9ad9-ad6217f4f43a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1295 - Information System Recovery And Reconstitution","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1295"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a895fbdb-204d-4302-9689-0a59dc42b3d9","type":"Microsoft.Authorization/policyDefinitions","name":"a895fbdb-204d-4302-9689-0a59dc42b3d9"},{"properties":{"displayName":"[Deprecated]
Monitor unencrypted SQL databases in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Unencrypted
SQL databases will be monitored by Azure Security Center as recommendations.
This policy is deprecated and replaced by the following policy: Transparent
Data Encryption on SQL databases should be enabled''","metadata":{"category":"Security
Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16","type":"Microsoft.Authorization/policyDefinitions","name":"a8bef009-a5c9-4d0f-90d7-6018734e8a16"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16","type":"Microsoft.Authorization/policyDefinitions","name":"a8bef009-a5c9-4d0f-90d7-6018734e8a16"},{"properties":{"displayName":"Microsoft
+ Managed Control 1283 - Telecommunications Services | Separation Of Primary
+ / Alternate Providers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1283"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9172e76-7f56-46e9-93bf-75d69bdb5491","type":"Microsoft.Authorization/policyDefinitions","name":"a9172e76-7f56-46e9-93bf-75d69bdb5491"},{"properties":{"displayName":"Microsoft
+ Managed Control 1400 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1400"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a96d5098-a604-4cdf-90b1-ef6449a27424","type":"Microsoft.Authorization/policyDefinitions","name":"a96d5098-a604-4cdf-90b1-ef6449a27424"},{"properties":{"displayName":"Microsoft
+ Managed Control 1118 - Audit Review, Analysis, And Reporting | Correlate Audit
+ Repositories","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1118"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a96f743d-a195-420d-983a-08aa06bc441e","type":"Microsoft.Authorization/policyDefinitions","name":"a96f743d-a195-420d-983a-08aa06bc441e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1199 - Configuration Change Control | Cryptography Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1199"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9a08d1c-09b1-48f1-90ea-029bbdf7111e","type":"Microsoft.Authorization/policyDefinitions","name":"a9a08d1c-09b1-48f1-90ea-029bbdf7111e"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Detailed Tracking''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -2642,22 +4643,60 @@ interactions:
policy creates a network watcher resource in regions with virtual networks.
You need to ensure existence of a resource group named networkWatcherRG, which
will be used to deploy network watcher instances.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/virtualNetworks"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Network/networkWatchers","resourceGroupName":"networkWatcherRG","existenceCondition":{"field":"location","equals":"[field(''location'')]"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json","contentVersion":"1.0.0.0","parameters":{"location":{"type":"string"}},"resources":[{"apiVersion":"2016-09-01","type":"Microsoft.Network/networkWatchers","name":"[concat(''networkWatcher_'',
- parameters(''location''))]","location":"[parameters(''location'')]"}]},"parameters":{"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9","type":"Microsoft.Authorization/policyDefinitions","name":"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9"},{"properties":{"displayName":"MFA
+ parameters(''location''))]","location":"[parameters(''location'')]"}]},"parameters":{"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9","type":"Microsoft.Authorization/policyDefinitions","name":"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1511 - Personnel Screening","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1511"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9eae324-d327-4539-9293-b48e122465f8","type":"Microsoft.Authorization/policyDefinitions","name":"a9eae324-d327-4539-9293-b48e122465f8"},{"properties":{"displayName":"MFA
should be enabled on accounts with owner permissions on your subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor
Authentication (MFA) should be enabled for all subscription accounts with
owner permissions to prevent a breach of accounts or resources.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","type":"Microsoft.Authorization/policyDefinitions","name":"aa633080-8b72-40c4-a2d7-d00c03e80bed"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","type":"Microsoft.Authorization/policyDefinitions","name":"aa633080-8b72-40c4-a2d7-d00c03e80bed"},{"properties":{"displayName":"Ensure
+ that Register with Azure Active Directory is enabled on WEB App","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aa81768c-cb87-4ce2-bfaa-00baa10d760c","type":"Microsoft.Authorization/policyDefinitions","name":"aa81768c-cb87-4ce2-bfaa-00baa10d760c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1539 - Security Categorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1539"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aabb155f-e7a5-4896-a767-e918bfae2ee0","type":"Microsoft.Authorization/policyDefinitions","name":"aabb155f-e7a5-4896-a767-e918bfae2ee0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1006 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1006"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aae8d54c-4bce-4c04-b3aa-5b65b67caac8","type":"Microsoft.Authorization/policyDefinitions","name":"aae8d54c-4bce-4c04-b3aa-5b65b67caac8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1461 - Monitoring Physical Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1461"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aafef03e-fea8-470b-88fa-54bd1fcd7064","type":"Microsoft.Authorization/policyDefinitions","name":"aafef03e-fea8-470b-88fa-54bd1fcd7064"},{"properties":{"displayName":"Microsoft
+ Managed Control 1073 - Access Control For Mobile Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1073"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ab55cdb0-c7dd-4bd8-ae22-a7cea7594e9c","type":"Microsoft.Authorization/policyDefinitions","name":"ab55cdb0-c7dd-4bd8-ae22-a7cea7594e9c"},{"properties":{"displayName":"Ensure
+ that ''PHP version'' is the latest, if used as a part of the Function app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for PHP software either due to security flaws
+ or to include additional functionality. Using the latest PHP version for Function
+ apps is recommended in order to to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ PHP version","description":"Latest supported PHP version for App Services"},"defaultValue":"7.3"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PHP"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PHP|'',
+ parameters(''PHPLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":"[parameters(''PHPLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ab965db2-d2bf-4b64-8b39-c38ec8179461","type":"Microsoft.Authorization/policyDefinitions","name":"ab965db2-d2bf-4b64-8b39-c38ec8179461"},{"properties":{"displayName":"[Deprecated]:
Automatic provisioning of security monitoring agent","policyType":"BuiltIn","mode":"All","description":"Installs
security agent on VMs for advanced security alerts and preventions in Azure
Security Center. Applies only for subscriptions that use Azure Security Center.","metadata":{"category":"Security
- Center","deprecated":true},"parameters":{},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Security/complianceResults","name":"securityAgent","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24","type":"Microsoft.Authorization/policyDefinitions","name":"abcc6037-1fc4-47f6-aac5-89706589be24"},{"properties":{"displayName":"Advanced
+ Center","deprecated":true},"parameters":{},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Security/complianceResults","name":"securityAgent","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24","type":"Microsoft.Authorization/policyDefinitions","name":"abcc6037-1fc4-47f6-aac5-89706589be24"},{"properties":{"displayName":"Microsoft
+ Managed Control 1323 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1323"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abe8f70b-680f-470c-9b86-a7edfb664ecc","type":"Microsoft.Authorization/policyDefinitions","name":"abe8f70b-680f-470c-9b86-a7edfb664ecc"},{"properties":{"displayName":"Advanced
data security should be enabled on your SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"Audit
SQL servers without Advanced Data Security","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/state","equals":"Enabled"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","type":"Microsoft.Authorization/policyDefinitions","name":"abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9"},{"properties":{"displayName":"Advanced
data security should be enabled on your SQL managed instances","policyType":"BuiltIn","mode":"Indexed","description":"Audit
SQL managed instances without Advanced Data Security","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/state","equals":"Enabled"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","type":"Microsoft.Authorization/policyDefinitions","name":"abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/state","equals":"Enabled"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","type":"Microsoft.Authorization/policyDefinitions","name":"abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1056 - Session Termination | User-Initiated Logouts / Message
+ Displays","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1056"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac43352f-df83-4694-8738-cfce549fd08d","type":"Microsoft.Authorization/policyDefinitions","name":"ac43352f-df83-4694-8738-cfce549fd08d"},{"properties":{"displayName":"[Preview]:
Role-Based Access Control (RBAC) should be used on Kubernetes Services","policyType":"BuiltIn","mode":"All","description":"To
provide granular filtering on the actions that users can perform, use Role-Based
Access Control (RBAC) to manage permissions in Kubernetes Service Clusters
@@ -2666,18 +4705,38 @@ interactions:
or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/enableRBAC","exists":"false"},{"field":"Microsoft.ContainerService/managedClusters/enableRBAC","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","type":"Microsoft.Authorization/policyDefinitions","name":"ac4a19c2-fa67-49b4-8ae5-0b2e78c49457"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation if ''environment'' tag value in allowed values","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation if the ''environment'' tag is set to one of the following
- values: production, dev, test, staging","metadata":{"category":"Tags","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags[''environment'']","in":["production","dev","test","staging"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9","type":"Microsoft.Authorization/policyDefinitions","name":"ac7e5fc0-c029-4b12-91d4-a8500ce697f9"},{"properties":{"displayName":"SQL
+ values: production, dev, test, staging","metadata":{"category":"Tags","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags[''environment'']","in":["production","dev","test","staging"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9","type":"Microsoft.Authorization/policyDefinitions","name":"ac7e5fc0-c029-4b12-91d4-a8500ce697f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1569 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1569"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ad2f8e61-a564-4dfd-8eaa-816f5be8cb34","type":"Microsoft.Authorization/policyDefinitions","name":"ad2f8e61-a564-4dfd-8eaa-816f5be8cb34"},{"properties":{"displayName":"Microsoft
+ Managed Control 1454 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1454"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ad58985d-ab32-4f99-8bd3-b7e134c90229","type":"Microsoft.Authorization/policyDefinitions","name":"ad58985d-ab32-4f99-8bd3-b7e134c90229"},{"properties":{"displayName":"Microsoft
+ Managed Control 1025 - Account Management | Account Monitoring / Atypical
+ Usage","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1025"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/adfe020d-0a97-45f4-a39c-696ef99f3a95","type":"Microsoft.Authorization/policyDefinitions","name":"adfe020d-0a97-45f4-a39c-696ef99f3a95"},{"properties":{"displayName":"Microsoft
+ Managed Control 1272 - Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1272"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8","type":"Microsoft.Authorization/policyDefinitions","name":"ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8"},{"properties":{"displayName":"SQL
Server should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any SQL Server not configured to use a virtual network service
endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/virtualNetworkRules","existenceCondition":{"field":"Microsoft.Sql/servers/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ae5d2f14-d830-42b6-9899-df6cfe9c71a3","type":"Microsoft.Authorization/policyDefinitions","name":"ae5d2f14-d830-42b6-9899-df6cfe9c71a3"},{"properties":{"displayName":"Email
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/virtualNetworkRules","existenceCondition":{"field":"Microsoft.Sql/servers/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ae5d2f14-d830-42b6-9899-df6cfe9c71a3","type":"Microsoft.Authorization/policyDefinitions","name":"ae5d2f14-d830-42b6-9899-df6cfe9c71a3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1598 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1598"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ae7e1f5e-2d63-4b38-91ef-bce14151cce3","type":"Microsoft.Authorization/policyDefinitions","name":"ae7e1f5e-2d63-4b38-91ef-bce14151cce3"},{"properties":{"displayName":"Email
notifications to admins and subscription owners should be enabled in SQL managed
instance advanced data security settings","policyType":"BuiltIn","mode":"Indexed","description":"Audit
that ''email notification to admins and subscription owners'' is enabled in
the SQL managed instance advanced threat protection settings. This ensures
that any detections of anomalous activities on SQL managed instance are reported
as soon as possible to the admins.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","type":"Microsoft.Authorization/policyDefinitions","name":"aeb23562-188d-47cb-80b8-551f16ef9fff"},{"properties":{"displayName":"Monitor
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","type":"Microsoft.Authorization/policyDefinitions","name":"aeb23562-188d-47cb-80b8-551f16ef9fff"},{"properties":{"displayName":"Microsoft
+ Managed Control 1413 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1413"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aeedddb6-6bc0-42d5-809b-80048033419d","type":"Microsoft.Authorization/policyDefinitions","name":"aeedddb6-6bc0-42d5-809b-80048033419d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1710 - Security Function Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1710"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/af2a93c8-e6dd-4c94-acdd-4a2eedfc478e","type":"Microsoft.Authorization/policyDefinitions","name":"af2a93c8-e6dd-4c94-acdd-4a2eedfc478e"},{"properties":{"displayName":"Monitor
missing Endpoint Protection in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Servers
without an installed Endpoint Protection agent will be monitored by Azure
Security Center as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -2687,22 +4746,50 @@ interactions:
Security Center as recommendations. This policy is deprecated and replaced
by the following policy: ''Auditing should be enabled on advanced data security
settings on SQL Server''","metadata":{"category":"Security Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"auditing","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d","type":"Microsoft.Authorization/policyDefinitions","name":"af8051bf-258b-44e2-a2bf-165330459f9d"},{"properties":{"displayName":"Activity
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"auditing","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d","type":"Microsoft.Authorization/policyDefinitions","name":"af8051bf-258b-44e2-a2bf-165330459f9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1645 - Cryptographic Key Establishment And Management | Symmetric
+ Keys","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1645"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/afbd0baf-ff1a-4447-a86f-088a97347c0c","type":"Microsoft.Authorization/policyDefinitions","name":"afbd0baf-ff1a-4447-a86f-088a97347c0c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1725 - Error Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1725"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/afc234b5-456b-4aa5-b3e2-ce89108124cc","type":"Microsoft.Authorization/policyDefinitions","name":"afc234b5-456b-4aa5-b3e2-ce89108124cc"},{"properties":{"displayName":"Activity
log should be retained for at least one year","policyType":"BuiltIn","mode":"All","description":"This
policy audits the activity log if the retention is not set for 365 days or
forever (retention days set to 0).","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"true"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"365"}]},{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"false"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"0"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","type":"Microsoft.Authorization/policyDefinitions","name":"b02aacc0-b073-424e-8298-42b22829ee0a"},{"properties":{"displayName":"Just-In-Time
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"true"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"365"}]},{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"false"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"0"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","type":"Microsoft.Authorization/policyDefinitions","name":"b02aacc0-b073-424e-8298-42b22829ee0a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1429 - Media Marking","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1429"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b07c9b24-729e-4e85-95fc-f224d2d08a80","type":"Microsoft.Authorization/policyDefinitions","name":"b07c9b24-729e-4e85-95fc-f224d2d08a80"},{"properties":{"displayName":"Microsoft
+ Managed Control 1711 - Security Function Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1711"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b083a535-a66a-41ec-ba7f-f9498bf67cde","type":"Microsoft.Authorization/policyDefinitions","name":"b083a535-a66a-41ec-ba7f-f9498bf67cde"},{"properties":{"displayName":"Just-In-Time
network access control should be applied on virtual machines","policyType":"BuiltIn","mode":"All","description":"Possible
network Just In Time (JIT) access will be monitored by Azure Security Center
as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"jitNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","type":"Microsoft.Authorization/policyDefinitions","name":"b0f33259-77d7-4c9e-aac6-3aabcfae693c"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"jitNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","type":"Microsoft.Authorization/policyDefinitions","name":"b0f33259-77d7-4c9e-aac6-3aabcfae693c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1571 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1571"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b11c985b-f2cd-4bd7-85f4-b52426edf905","type":"Microsoft.Authorization/policyDefinitions","name":"b11c985b-f2cd-4bd7-85f4-b52426edf905"},{"properties":{"displayName":"[Preview]:
Show audit results from Linux VMs that do not have the passwd file permissions
set to 0644","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Linux
virtual machines that do not have the passwd file permissions set to 0644.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","type":"Microsoft.Authorization/policyDefinitions","name":"b18175dd-c599-4c64-83ba-bb018a06d35b"},{"properties":{"displayName":"All
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","type":"Microsoft.Authorization/policyDefinitions","name":"b18175dd-c599-4c64-83ba-bb018a06d35b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1537 - Risk Assessment Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1537"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b19454ca-0d70-42c0-acf5-ea1c1e5726d1","type":"Microsoft.Authorization/policyDefinitions","name":"b19454ca-0d70-42c0-acf5-ea1c1e5726d1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1091 - Security Awareness Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1091"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b23bd715-5d1c-4e5c-9759-9cbdf79ded9d","type":"Microsoft.Authorization/policyDefinitions","name":"b23bd715-5d1c-4e5c-9759-9cbdf79ded9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1078 - Use Of External Information Systems | Limits On Authorized
+ Use","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1078"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b25faf85-8a16-4f28-8e15-d05c0072d64d","type":"Microsoft.Authorization/policyDefinitions","name":"b25faf85-8a16-4f28-8e15-d05c0072d64d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1009 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1009"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b26f8610-e615-47c2-abd6-c00b2b0b503a","type":"Microsoft.Authorization/policyDefinitions","name":"b26f8610-e615-47c2-abd6-c00b2b0b503a"},{"properties":{"displayName":"All
authorization rules except RootManageSharedAccessKey should be removed from
Event Hub namespace","policyType":"BuiltIn","mode":"All","description":"Event
Hub clients should not use a namespace level access policy that provides access
@@ -2710,7 +4797,13 @@ interactions:
security model, you shoud create access policies at the entity level for queues
and topics to provide access to only the specific entity","metadata":{"category":"Event
Hub"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.EventHub/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","type":"Microsoft.Authorization/policyDefinitions","name":"b278e460-7cfc-4451-8294-cccc40a940d7"},{"properties":{"displayName":"Deploy
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.EventHub/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","type":"Microsoft.Authorization/policyDefinitions","name":"b278e460-7cfc-4451-8294-cccc40a940d7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1234 - Software Usage Restrictions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1234"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b293f881-361c-47ed-b997-bc4e2296bc0b","type":"Microsoft.Authorization/policyDefinitions","name":"b293f881-361c-47ed-b997-bc4e2296bc0b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1107 - Content Of Audit Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1107"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b29ed931-8e21-4779-8458-27916122a904","type":"Microsoft.Authorization/policyDefinitions","name":"b29ed931-8e21-4779-8458-27916122a904"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows web servers that are not using secure communication
protocols","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Windows web servers that
@@ -2737,14 +4830,29 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''System Audit Policies - Logon-Logoff''. For more information on
Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesLogonLogoff","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b3802d79-dd88-4bce-b81d-780218e48280","type":"Microsoft.Authorization/policyDefinitions","name":"b3802d79-dd88-4bce-b81d-780218e48280"},{"properties":{"displayName":"Diagnostic
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesLogonLogoff","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b3802d79-dd88-4bce-b81d-780218e48280","type":"Microsoft.Authorization/policyDefinitions","name":"b3802d79-dd88-4bce-b81d-780218e48280"},{"properties":{"displayName":"Microsoft
+ Managed Control 1041 - Least Privilege | Privilege Levels For Code Execution","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1041"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b3d8d15b-627a-4219-8c96-4d16f788888b","type":"Microsoft.Authorization/policyDefinitions","name":"b3d8d15b-627a-4219-8c96-4d16f788888b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1380 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1380"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4319b7e-ea8d-42ff-8a67-ccd462972827","type":"Microsoft.Authorization/policyDefinitions","name":"b4319b7e-ea8d-42ff-8a67-ccd462972827"},{"properties":{"displayName":"Diagnostic
logs in Search services should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Search"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","type":"Microsoft.Authorization/policyDefinitions","name":"b4330a05-a843-4bc8-bf9a-cacce50c67f4"},{"properties":{"displayName":"[Deprecated]:
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","type":"Microsoft.Authorization/policyDefinitions","name":"b4330a05-a843-4bc8-bf9a-cacce50c67f4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1172 - Internal System Connections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1172"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b43e946e-a4c8-4b92-8201-4a39331db43c","type":"Microsoft.Authorization/policyDefinitions","name":"b43e946e-a4c8-4b92-8201-4a39331db43c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1672 - Flaw Remediation | Central Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1672"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b45fe972-904e-45a4-ac20-673ba027a301","type":"Microsoft.Authorization/policyDefinitions","name":"b45fe972-904e-45a4-ac20-673ba027a301"},{"properties":{"displayName":"Microsoft
+ Managed Control 1131 - Protection Of Audit Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1131"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b472a17e-c2bc-493f-b50b-42d55a346962","type":"Microsoft.Authorization/policyDefinitions","name":"b472a17e-c2bc-493f-b50b-42d55a346962"},{"properties":{"displayName":"[Deprecated]:
Audit Web Sockets state for an API App","policyType":"BuiltIn","mode":"All","description":"The
Web Sockets protocol is vulnerable to different types of security threats.
Use of Web Sockets within an API app must be carefully reviewed.","metadata":{"category":"Security
@@ -2753,7 +4861,10 @@ interactions:
security contact phone number should be provided for your subscription","policyType":"BuiltIn","mode":"All","description":"Enter
a phone number to receive notifications when Azure Security Center detects
compromised resources","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/phone","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","type":"Microsoft.Authorization/policyDefinitions","name":"b4d66858-c922-44e3-9566-5cdb7a7be744"},{"properties":{"displayName":"Service
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/phone","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","type":"Microsoft.Authorization/policyDefinitions","name":"b4d66858-c922-44e3-9566-5cdb7a7be744"},{"properties":{"displayName":"Microsoft
+ Managed Control 1286 - Telecommunications Services | Provider Contingency
+ Plan","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1286"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4f9b47a-2116-4e6f-88db-4edbf22753f1","type":"Microsoft.Authorization/policyDefinitions","name":"b4f9b47a-2116-4e6f-88db-4edbf22753f1"},{"properties":{"displayName":"Service
Fabric clusters should only use Azure Active Directory for client authentication","policyType":"BuiltIn","mode":"Indexed","description":"Audit
usage of client authentication only via Azure Active Directory in Service
Fabric","metadata":{"category":"Service Fabric"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -2761,20 +4872,34 @@ interactions:
Advanced Threat Protection for Cosmos DB Accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
policy enables Advanced Threat Protection across Cosmos DB accounts.","metadata":{"category":"Cosmos
DB"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"cosmosDbAccountName":{"type":"string"}},"resources":[{"apiVersion":"2017-08-01-preview","type":"Microsoft.DocumentDB/databaseAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''cosmosDbAccountName''),
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"cosmosDbAccountName":{"type":"string"}},"resources":[{"apiVersion":"2019-01-01","type":"Microsoft.DocumentDB/databaseAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''cosmosDbAccountName''),
''/Microsoft.Security/current'')]","properties":{"isEnabled":true}}]},"parameters":{"cosmosDbAccountName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656","type":"Microsoft.Authorization/policyDefinitions","name":"b5f04e03-92a3-4b09-9410-2cc5e5047656"},{"properties":{"displayName":"Diagnostic
logs in App Services should be enabled","policyType":"BuiltIn","mode":"All","description":"Audit
enabling of diagnostic logs on the app. This enables you to recreate activity
trails for investigation purposes if a security incident occurs or your network
is compromised","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","notContains":"functionapp"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"allOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","type":"Microsoft.Authorization/policyDefinitions","name":"b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0"},{"properties":{"displayName":"Network
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","notContains":"functionapp"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"allOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","type":"Microsoft.Authorization/policyDefinitions","name":"b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1419 - Nonlocal Maintenance | Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1419"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6747bf9-2b97-45b8-b162-3c8becb9937d","type":"Microsoft.Authorization/policyDefinitions","name":"b6747bf9-2b97-45b8-b162-3c8becb9937d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1301 - Identification And Authentication (Org. Users) | Network
+ Access To Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1301"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08","type":"Microsoft.Authorization/policyDefinitions","name":"b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08"},{"properties":{"displayName":"Microsoft
+ Managed Control 1568 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1568"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6a8eae8-9854-495a-ac82-d2cd3eac02a6","type":"Microsoft.Authorization/policyDefinitions","name":"b6a8eae8-9854-495a-ac82-d2cd3eac02a6"},{"properties":{"displayName":"Network
Watcher should be enabled","policyType":"BuiltIn","mode":"All","description":"Network
Watcher is a regional service that enables you to monitor and diagnose conditions
at a network scenario level in, to, and from Azure. Scenario level monitoring
enables you to diagnose problems at an end to end network level view. Network
diagnostic and visualization tools available with Network Watcher help you
understand, diagnose, and gain insights to your network in Azure.","metadata":{"category":"Network"},"parameters":{"listOfLocations":{"type":"Array","metadata":{"displayName":"Locations","description":"Audit
- if Network Watcher is not enabled for region(s).","strongType":"location"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Network/networkWatchers","resourceGroupName":"NetworkWatcherRG","existenceCondition":{"field":"location","in":"[parameters(''listOfLocations'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","type":"Microsoft.Authorization/policyDefinitions","name":"b6e2945c-0b7b-40f5-9233-7a5323b5cdc6"},{"properties":{"displayName":"API
+ if Network Watcher is not enabled for region(s).","strongType":"location"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Network/networkWatchers","resourceGroupName":"NetworkWatcherRG","existenceCondition":{"field":"location","in":"[parameters(''listOfLocations'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","type":"Microsoft.Authorization/policyDefinitions","name":"b6e2945c-0b7b-40f5-9233-7a5323b5cdc6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1608 - Supply Chain Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1608"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b73b7b3b-677c-4a2a-b949-ad4dc4acd89f","type":"Microsoft.Authorization/policyDefinitions","name":"b73b7b3b-677c-4a2a-b949-ad4dc4acd89f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1401 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1401"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b78ee928-e3c1-4569-ad97-9f8c4b629847","type":"Microsoft.Authorization/policyDefinitions","name":"b78ee928-e3c1-4569-ad97-9f8c4b629847"},{"properties":{"displayName":"API
App should only be accessible over HTTPS","policyType":"BuiltIn","mode":"Indexed","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -2804,7 +4929,37 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Security
Options - Accounts''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAccounts","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b872a447-cc6f-43b9-bccf-45703cd81607","type":"Microsoft.Authorization/policyDefinitions","name":"b872a447-cc6f-43b9-bccf-45703cd81607"},{"properties":{"displayName":"[Preview]:
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAccounts","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b872a447-cc6f-43b9-bccf-45703cd81607","type":"Microsoft.Authorization/policyDefinitions","name":"b872a447-cc6f-43b9-bccf-45703cd81607"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Logic Apps to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Logic Apps to stream to a regional Log Analytics
+ workspace when any Logic Apps which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Logic/workflows/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"WorkflowRuntime","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721","type":"Microsoft.Authorization/policyDefinitions","name":"b889a06c-ec72-4b03-910a-cb169ee18721"},{"properties":{"displayName":"Microsoft
+ Managed Control 1257 - Contingency Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1257"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b958b241-4245-4bd6-bd2d-b8f0779fb543","type":"Microsoft.Authorization/policyDefinitions","name":"b958b241-4245-4bd6-bd2d-b8f0779fb543"},{"properties":{"displayName":"Microsoft
+ Managed Control 1186 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1186"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b95ba3bd-4ded-49ea-9d10-c6f4b680813d","type":"Microsoft.Authorization/policyDefinitions","name":"b95ba3bd-4ded-49ea-9d10-c6f4b680813d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1447 - Physical Access Authorizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1447"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b9783a99-98fe-4a95-873f-29613309fe9a","type":"Microsoft.Authorization/policyDefinitions","name":"b9783a99-98fe-4a95-873f-29613309fe9a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1625 - Boundary Protection | Access Points","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1625"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b9b66a4d-70a1-4b47-8fa1-289cec68c605","type":"Microsoft.Authorization/policyDefinitions","name":"b9b66a4d-70a1-4b47-8fa1-289cec68c605"},{"properties":{"displayName":"Microsoft
+ Managed Control 1610 - Development Process, Standards, And Tools","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1610"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b9f3fb54-4222-46a1-a308-4874061f8491","type":"Microsoft.Authorization/policyDefinitions","name":"b9f3fb54-4222-46a1-a308-4874061f8491"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Recovery console''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -2812,7 +4967,23 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - Recovery console''. For more information on
Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsRecoveryconsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b","type":"Microsoft.Authorization/policyDefinitions","name":"ba12366f-f9a6-42b8-9d98-157d0b1a837b"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsRecoveryconsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b","type":"Microsoft.Authorization/policyDefinitions","name":"ba12366f-f9a6-42b8-9d98-157d0b1a837b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1606 - Developer Security Testing And Evaluation | Threat
+ And Vulnerability Analyses","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1606"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca","type":"Microsoft.Authorization/policyDefinitions","name":"baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1726 - Information Handling And Retention","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1726"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/baff1279-05e0-4463-9a70-8ba5de4c7aa4","type":"Microsoft.Authorization/policyDefinitions","name":"baff1279-05e0-4463-9a70-8ba5de4c7aa4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1166 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1166"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bb02733d-3cc5-4bb0-a6cd-695ba2c2272e","type":"Microsoft.Authorization/policyDefinitions","name":"bb02733d-3cc5-4bb0-a6cd-695ba2c2272e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1188 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1188"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bb20548a-c926-4e4d-855c-bcddc6faf95e","type":"Microsoft.Authorization/policyDefinitions","name":"bb20548a-c926-4e4d-855c-bcddc6faf95e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1533 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1533"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bba2a036-fb3b-4261-b1be-a13dfb5fbcaa","type":"Microsoft.Authorization/policyDefinitions","name":"bba2a036-fb3b-4261-b1be-a13dfb5fbcaa"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Microsoft Network Client''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -2861,7 +5032,14 @@ interactions:
the latest supported Python version for the latest security classes. Using
older classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPython","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644","type":"Microsoft.Authorization/policyDefinitions","name":"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPython","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644","type":"Microsoft.Authorization/policyDefinitions","name":"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644"},{"properties":{"displayName":"Microsoft
+ Managed Control 1194 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1194"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc34667f-397e-4a65-9b72-d0358f0b6b09","type":"Microsoft.Authorization/policyDefinitions","name":"bc34667f-397e-4a65-9b72-d0358f0b6b09"},{"properties":{"displayName":"Microsoft
+ Managed Control 1095 - Role-Based Security Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1095"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc3f6f7a-057b-433e-9834-e8c97b0194f6","type":"Microsoft.Authorization/policyDefinitions","name":"bc3f6f7a-057b-433e-9834-e8c97b0194f6"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Account Logon''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -2869,7 +5047,16 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''System Audit Policies - Account Logon''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesAccountLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc87d811-4a9b-47cc-ae54-0a41abda7768","type":"Microsoft.Authorization/policyDefinitions","name":"bc87d811-4a9b-47cc-ae54-0a41abda7768"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesAccountLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc87d811-4a9b-47cc-ae54-0a41abda7768","type":"Microsoft.Authorization/policyDefinitions","name":"bc87d811-4a9b-47cc-ae54-0a41abda7768"},{"properties":{"displayName":"Microsoft
+ Managed Control 1427 - Media Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1427"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc90e44f-d83f-4bdf-900f-3d5eb4111b31","type":"Microsoft.Authorization/policyDefinitions","name":"bc90e44f-d83f-4bdf-900f-3d5eb4111b31"},{"properties":{"displayName":"Microsoft
+ Managed Control 1351 - Incident Response Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1351"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bcfb6683-05e5-4ce6-9723-c3fbe9896bdd","type":"Microsoft.Authorization/policyDefinitions","name":"bcfb6683-05e5-4ce6-9723-c3fbe9896bdd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1050 - Concurrent Session Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1050"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bd20184c-b4ec-4ce5-8db6-6e86352d183f","type":"Microsoft.Authorization/policyDefinitions","name":"bd20184c-b4ec-4ce5-8db6-6e86352d183f"},{"properties":{"displayName":"[Preview]:
IP Forwarding on your virtual machine should be disabled","policyType":"BuiltIn","mode":"All","description":"Enabling
IP forwarding on a virtual machine''s NIC allows the machine to receive traffic
addressed to other destinations. IP forwarding is rarely required (e.g., when
@@ -2894,7 +5081,38 @@ interactions:
the latest supported Java version for the latest security classes. Using older
classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6","type":"Microsoft.Authorization/policyDefinitions","name":"be0a7681-bed4-48dc-9ff3-f0171ee170b6"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6","type":"Microsoft.Authorization/policyDefinitions","name":"be0a7681-bed4-48dc-9ff3-f0171ee170b6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1360 - Incident Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1360"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/be5b05e7-0b82-4ebc-9eda-25e447b1a41e","type":"Microsoft.Authorization/policyDefinitions","name":"be5b05e7-0b82-4ebc-9eda-25e447b1a41e"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Key Vault to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Key Vault to stream to a regional Log Analytics
+ workspace when any Key Vault which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.KeyVault/vaults/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"AuditEvent","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47","type":"Microsoft.Authorization/policyDefinitions","name":"bef3f64c-5290-43b7-85b0-9b254eef4c47"},{"properties":{"displayName":"Microsoft
+ Managed Control 1152 - System Interconnections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1152"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/beff0acf-7e67-40b2-b1ca-1a0e8205cf1b","type":"Microsoft.Authorization/policyDefinitions","name":"beff0acf-7e67-40b2-b1ca-1a0e8205cf1b"},{"properties":{"displayName":"Geo-redundant
+ storage should be enabled for Storage Accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Storage Account with geo-redundant storage not enabled.","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":["Standard_GRS","Standard_RAGRS","Standard_GZRS","Standard_RAGZRS"]}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bf045164-79ba-4215-8f95-f8048dc1780b","type":"Microsoft.Authorization/policyDefinitions","name":"bf045164-79ba-4215-8f95-f8048dc1780b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1590 - External Information System Services | Risk Assessments
+ / Organizational Approvals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1590"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bf296b8c-f391-4ea4-9198-be3c9d39dd1f","type":"Microsoft.Authorization/policyDefinitions","name":"bf296b8c-f391-4ea4-9198-be3c9d39dd1f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1446 - Physical And Environmental Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1446"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bf6850fe-abba-468e-9ef4-d09ec7d983cd","type":"Microsoft.Authorization/policyDefinitions","name":"bf6850fe-abba-468e-9ef4-d09ec7d983cd"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - Logon-Logoff''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -2915,7 +5133,41 @@ interactions:
policy governs the virtual machine extensions that are not approved.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"approvedExtensions":{"type":"Array","metadata":{"description":"The
list of approved extension types that can be installed. Example: AzureDiskEncryption","displayName":"Approved
- extensions"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines/extensions"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","notIn":"[parameters(''approvedExtensions'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432","type":"Microsoft.Authorization/policyDefinitions","name":"c0e996f8-39cf-4af9-9f45-83fbde810432"},{"properties":{"displayName":"[Deprecated]:
+ extensions"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines/extensions"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","notIn":"[parameters(''approvedExtensions'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432","type":"Microsoft.Authorization/policyDefinitions","name":"c0e996f8-39cf-4af9-9f45-83fbde810432"},{"properties":{"displayName":"Microsoft
+ Managed Control 1124 - Audit Reduction And Report Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1124"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c10152dd-78f8-4335-ae2d-ad92cc028da4","type":"Microsoft.Authorization/policyDefinitions","name":"c10152dd-78f8-4335-ae2d-ad92cc028da4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1676 - Malicious Code Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1676"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c10fb58b-56a8-489e-9ce3-7ffe24e78e4b","type":"Microsoft.Authorization/policyDefinitions","name":"c10fb58b-56a8-489e-9ce3-7ffe24e78e4b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1719 - Spam Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1719"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c13da9b4-fe14-4fe2-853a-5997c9d4215a","type":"Microsoft.Authorization/policyDefinitions","name":"c13da9b4-fe14-4fe2-853a-5997c9d4215a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1226 - Information System Component Inventory | Automated
+ Unauthorized Component Detection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1226"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c158eb1c-ae7e-4081-8057-d527140c4e0c","type":"Microsoft.Authorization/policyDefinitions","name":"c158eb1c-ae7e-4081-8057-d527140c4e0c"},{"properties":{"displayName":"Deploy
+ associations for a custom provider","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ an association resource that associates selected resource types to the specified
+ custom provider. This policy deployment does not support nested resource types.","metadata":{"category":"Custom
+ Provider"},"parameters":{"targetCustomProviderId":{"type":"String","metadata":{"displayName":"Custom
+ provider Id","description":"Resource ID of the Custom provider to which resources
+ need to be associated."}},"resourceTypesToAssociate":{"type":"Array","metadata":{"displayName":"Resource
+ types to associate","description":"The list of resource types to be associated
+ to the custom provider.","strongType":"resourceTypes"}},"associationNamePrefix":{"type":"String","metadata":{"displayName":"Association
+ name prefix","description":"Prefix to be added to the name of the association
+ resource being created."},"defaultValue":"DeployedByPolicy"}},"policyRule":{"if":{"field":"type","in":"[parameters(''resourceTypesToAssociate'')]"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.CustomProviders/Associations","name":"[concat(parameters(''associationNamePrefix''),
+ ''-'', uniqueString(parameters(''targetCustomProviderId'')))]","roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"associatedResourceName":{"type":"string"},"resourceTypesToAssociate":{"type":"string"},"targetCustomProviderId":{"type":"string"},"associationNamePrefix":{"type":"string"}},"variables":{"resourceType":"[concat(parameters(''resourceTypesToAssociate''),
+ ''/providers/associations'')]","resourceName":"[concat(parameters(''associatedResourceName''),
+ ''/microsoft.customproviders/'', parameters(''associationNamePrefix''), ''-'',
+ uniqueString(parameters(''targetCustomProviderId'')))]"},"resources":[{"type":"Microsoft.Resources/deployments","apiVersion":"2017-05-10","name":"[concat(deployment().Name,
+ ''-2'')]","properties":{"mode":"Incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[{"type":"[variables(''resourceType'')]","name":"[variables(''resourceName'')]","apiVersion":"2018-09-01-preview","properties":{"targetResourceId":"[parameters(''targetCustomProviderId'')]"}}]}}}]},"parameters":{"resourceTypesToAssociate":{"value":"[field(''type'')]"},"associatedResourceName":{"value":"[field(''name'')]"},"targetCustomProviderId":{"value":"[parameters(''targetCustomProviderId'')]"},"associationNamePrefix":{"value":"[parameters(''associationNamePrefix'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c15c281f-ea5c-44cd-90b8-fc3c14d13f0c","type":"Microsoft.Authorization/policyDefinitions","name":"c15c281f-ea5c-44cd-90b8-fc3c14d13f0c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1629 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1629"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c171b095-7756-41de-8644-a062a96043f2","type":"Microsoft.Authorization/policyDefinitions","name":"c171b095-7756-41de-8644-a062a96043f2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1004 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1004"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c17822dc-736f-4eb4-a97d-e6be662ff835","type":"Microsoft.Authorization/policyDefinitions","name":"c17822dc-736f-4eb4-a97d-e6be662ff835"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation only in Asia data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation in the following locations only: East Asia, Southeast Asia,
West India, South India, Central India, Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["eastasia","southeastasia","westindia","southindia","centralindia","japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94","type":"Microsoft.Authorization/policyDefinitions","name":"c1b9cbed-08e3-427d-b9ce-7c535b1e9b94"},{"properties":{"displayName":"[Preview]:
@@ -2937,7 +5189,9 @@ interactions:
Credential Validation;ExpectedValue'', ''='', parameters(''AuditCredentialValidation'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesAccountLogon"},"AuditCredentialValidation":{"value":"[parameters(''AuditCredentialValidation'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AuditCredentialValidation":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit
Credential Validation;ExpectedValue","value":"[parameters(''AuditCredentialValidation'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1e289c0-ffad-475d-a924-adc058765d65","type":"Microsoft.Authorization/policyDefinitions","name":"c1e289c0-ffad-475d-a924-adc058765d65"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1e289c0-ffad-475d-a924-adc058765d65","type":"Microsoft.Authorization/policyDefinitions","name":"c1e289c0-ffad-475d-a924-adc058765d65"},{"properties":{"displayName":"Microsoft
+ Managed Control 1503 - Information Security Architecture","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1503"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1fa9c2f-d439-4ab9-8b83-81fb1934f81d","type":"Microsoft.Authorization/policyDefinitions","name":"c1fa9c2f-d439-4ab9-8b83-81fb1934f81d"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that are not set to the specified time
zone","policyType":"BuiltIn","mode":"Indexed","description":"This policy creates
a Guest Configuration assignment to audit Windows virtual machines that are
@@ -3012,7 +5266,24 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines on which the specified services are not installed and ''Running''.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsServiceStatus","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a","type":"Microsoft.Authorization/policyDefinitions","name":"c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a"},{"properties":{"displayName":"System
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsServiceStatus","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a","type":"Microsoft.Authorization/policyDefinitions","name":"c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a"},{"properties":{"displayName":"Ensure
+ that ''.Net Framework'' version is the latest, if used as a part of the API
+ app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for .Net Framework software either due to security
+ flaws or to include additional functionality. Using the latest .Net framework
+ version for web apps is recommended in order to to take advantage of security
+ fixes, if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.netFrameworkVersion","in":["v3.0","v4.0"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c2e7ca55-f62c-49b2-89a4-d41eb661d2f0","type":"Microsoft.Authorization/policyDefinitions","name":"c2e7ca55-f62c-49b2-89a4-d41eb661d2f0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1176 - Baseline Configuration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1176"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c30690a5-7bf3-467f-b0cd-ef5c7c7449cd","type":"Microsoft.Authorization/policyDefinitions","name":"c30690a5-7bf3-467f-b0cd-ef5c7c7449cd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1389 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1389"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c39e6fda-ae70-4891-a739-be7bba6d1062","type":"Microsoft.Authorization/policyDefinitions","name":"c39e6fda-ae70-4891-a739-be7bba6d1062"},{"properties":{"displayName":"Microsoft
+ Managed Control 1390 - Information Spillage Response | Responsible Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1390"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c3b65b63-09ec-4cb5-8028-7dd324d10eb0","type":"Microsoft.Authorization/policyDefinitions","name":"c3b65b63-09ec-4cb5-8028-7dd324d10eb0"},{"properties":{"displayName":"System
updates on virtual machine scale sets should be installed","policyType":"BuiltIn","mode":"Indexed","description":"Audit
whether there are any missing system security updates and critical updates
that should be installed to ensure that your Windows and Linux virtual machine
@@ -3024,6 +5295,13 @@ interactions:
auditing Linux virtual machines that have accounts without passwords. For
more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid232","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","type":"Microsoft.Authorization/policyDefinitions","name":"c40c9087-1981-4e73-9f53-39743eda9d05"},{"properties":{"displayName":"Microsoft
+ Managed Control 1220 - Least Functionality | Authorized Software / Whitelisting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1220"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c40f31a7-81e1-4130-99e5-a02ceea2a1d6","type":"Microsoft.Authorization/policyDefinitions","name":"c40f31a7-81e1-4130-99e5-a02ceea2a1d6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1513 - Personnel Screening | Information With Special Protection
+ Measures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1513"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c416970d-b12b-49eb-8af4-fb144cd7c290","type":"Microsoft.Authorization/policyDefinitions","name":"c416970d-b12b-49eb-8af4-fb144cd7c290"},{"properties":{"displayName":"Microsoft
Antimalware for Azure should be configured to automatically update protection
signatures","policyType":"BuiltIn","mode":"Indexed","description":"This policy
audits any Windows virtual machine not configured with automatic update of
@@ -3032,7 +5310,22 @@ interactions:
Container Registry should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Container Registry not configured to use a virtual network
service endpoint.","metadata":{"category":"Network","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerRegistry/registries"},{"anyOf":[{"field":"Microsoft.ContainerRegistry/registries/networkRuleSet.defaultAction","notEquals":"Deny"},{"field":"Microsoft.ContainerRegistry/registries/networkRuleSet.virtualNetworkRules[*].action","exists":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c4857be7-912a-4c75-87e6-e30292bcdf78","type":"Microsoft.Authorization/policyDefinitions","name":"c4857be7-912a-4c75-87e6-e30292bcdf78"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerRegistry/registries"},{"anyOf":[{"field":"Microsoft.ContainerRegistry/registries/networkRuleSet.defaultAction","notEquals":"Deny"},{"field":"Microsoft.ContainerRegistry/registries/networkRuleSet.virtualNetworkRules[*].action","exists":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c4857be7-912a-4c75-87e6-e30292bcdf78","type":"Microsoft.Authorization/policyDefinitions","name":"c4857be7-912a-4c75-87e6-e30292bcdf78"},{"properties":{"displayName":"Microsoft
+ Managed Control 1235 - Software Usage Restrictions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1235"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c49c610b-ece4-44b3-988c-2172b70d6e46","type":"Microsoft.Authorization/policyDefinitions","name":"c49c610b-ece4-44b3-988c-2172b70d6e46"},{"properties":{"displayName":"Microsoft
+ Managed Control 1173 - Internal System Connections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1173"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c4aff9e7-2e60-46fa-86be-506b79033fc5","type":"Microsoft.Authorization/policyDefinitions","name":"c4aff9e7-2e60-46fa-86be-506b79033fc5"},{"properties":{"displayName":"Managed
+ identity should be used in your API App","policyType":"BuiltIn","mode":"Indexed","description":"Use
+ a managed identity for enhanced authentication security","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","type":"Microsoft.Authorization/policyDefinitions","name":"c4d441f8-f9d9-4a9e-9cef-e82117cb3eef"},{"properties":{"displayName":"Microsoft
+ Managed Control 1600 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1600"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c53f3123-d233-44a7-930b-f40d3bfeb7d6","type":"Microsoft.Authorization/policyDefinitions","name":"c53f3123-d233-44a7-930b-f40d3bfeb7d6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1408 - Maintenance Tools | Prevent Unauthorized Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1408"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c5f56ac6-4bb2-4086-bc41-ad76344ba2c2","type":"Microsoft.Authorization/policyDefinitions","name":"c5f56ac6-4bb2-4086-bc41-ad76344ba2c2"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that contain certificates expiring
within the specified number of days","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -3073,19 +5366,60 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateStorePath","value":"[parameters(''CertificateStorePath'')]"},{"name":"[CertificateStore]CertificateStore1;ExpirationLimitInDays","value":"[parameters(''ExpirationLimitInDays'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprintsToInclude'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToExclude","value":"[parameters(''CertificateThumbprintsToExclude'')]"},{"name":"[CertificateStore]CertificateStore1;IncludeExpiredCertificates","value":"[parameters(''IncludeExpiredCertificates'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c5fbc59e-fb6f-494f-81e2-d99a671bdaa8","type":"Microsoft.Authorization/policyDefinitions","name":"c5fbc59e-fb6f-494f-81e2-d99a671bdaa8"},{"properties":{"displayName":"Email
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c5fbc59e-fb6f-494f-81e2-d99a671bdaa8","type":"Microsoft.Authorization/policyDefinitions","name":"c5fbc59e-fb6f-494f-81e2-d99a671bdaa8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1670 - Flaw Remediation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1670"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c6108469-57ee-4666-af7e-79ba61c7ae0c","type":"Microsoft.Authorization/policyDefinitions","name":"c6108469-57ee-4666-af7e-79ba61c7ae0c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1190 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1190"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c66a3d1e-465b-4f28-9da5-aef701b59892","type":"Microsoft.Authorization/policyDefinitions","name":"c66a3d1e-465b-4f28-9da5-aef701b59892"},{"properties":{"displayName":"Microsoft
+ Managed Control 1120 - Audit Review, Analysis, And Reporting | Integration
+ / Scanning And Monitoring Capabilities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1120"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c69b870e-857b-458b-af02-bb234f7a00d3","type":"Microsoft.Authorization/policyDefinitions","name":"c69b870e-857b-458b-af02-bb234f7a00d3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1125 - Audit Reduction And Report Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1125"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c6ce745a-670e-47d3-a6c4-3cfe5ef00c10","type":"Microsoft.Authorization/policyDefinitions","name":"c6ce745a-670e-47d3-a6c4-3cfe5ef00c10"},{"properties":{"displayName":"Microsoft
+ Managed Control 1619 - Information In Shared Resources","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1619"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c722e569-cb52-45f3-a643-836547d016e1","type":"Microsoft.Authorization/policyDefinitions","name":"c722e569-cb52-45f3-a643-836547d016e1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1121 - Audit Review, Analysis, And Reporting | Correlation
+ With Physical Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1121"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c72b0eb9-1fc2-44e5-a866-e7cb0532f7c1","type":"Microsoft.Authorization/policyDefinitions","name":"c72b0eb9-1fc2-44e5-a866-e7cb0532f7c1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1353 - Incident Response Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1353"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c785ad59-f78f-44ad-9a7f-d1202318c748","type":"Microsoft.Authorization/policyDefinitions","name":"c785ad59-f78f-44ad-9a7f-d1202318c748"},{"properties":{"displayName":"Email
notifications to admins and subscription owners should be enabled in SQL server
advanced data security settings","policyType":"BuiltIn","mode":"Indexed","description":"Audit
that ''email notification to admins and subscription owners'' is enabled in
the SQL server advanced threat protection settings. This ensures that any
detections of anomalous activities on SQL server are reported as soon as possible
to the admins.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","type":"Microsoft.Authorization/policyDefinitions","name":"c8343d2f-fdc9-4a97-b76f-fc71d1163bfc"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","type":"Microsoft.Authorization/policyDefinitions","name":"c8343d2f-fdc9-4a97-b76f-fc71d1163bfc"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Batch Account to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Batch Account to stream to a regional Log Analytics
+ workspace when any Batch Account which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Batch/batchAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Batch/batchAccounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ServiceLog","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5","type":"Microsoft.Authorization/policyDefinitions","name":"c84e5349-db6d-4769-805e-e14037dab9b5"},{"properties":{"displayName":"[Deprecated]:
API App should only be accessible over HTTPS","policyType":"BuiltIn","mode":"All","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"Security
Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForApiApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d","type":"Microsoft.Authorization/policyDefinitions","name":"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForApiApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d","type":"Microsoft.Authorization/policyDefinitions","name":"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1470 - Emergency Shutoff","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1470"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c89ba09f-2e0f-44d0-8095-65b05bd151ef","type":"Microsoft.Authorization/policyDefinitions","name":"c89ba09f-2e0f-44d0-8095-65b05bd151ef"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Interactive Logon''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -3093,7 +5427,10 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - Interactive Logon''. For more information on
Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsInteractiveLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8abcef9-fc26-482f-b8db-5fa60ee4586d","type":"Microsoft.Authorization/policyDefinitions","name":"c8abcef9-fc26-482f-b8db-5fa60ee4586d"},{"properties":{"displayName":"Diagnostic
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsInteractiveLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8abcef9-fc26-482f-b8db-5fa60ee4586d","type":"Microsoft.Authorization/policyDefinitions","name":"c8abcef9-fc26-482f-b8db-5fa60ee4586d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1018 - Account Management | Role-Based Schemes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1018"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c9121abf-e698-4ee9-b1cf-71ee528ff07f","type":"Microsoft.Authorization/policyDefinitions","name":"c9121abf-e698-4ee9-b1cf-71ee528ff07f"},{"properties":{"displayName":"Diagnostic
logs in Data Lake Analytics should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
@@ -3114,13 +5451,13 @@ interactions:
and deploys the VM extension for Guest Configuration. This policy should only
be used along with its corresponding audit policy in an initiative. For more
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPendingReboot"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPendingReboot"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c96f3246-4382-4264-bf6b-af0b35e23c3c","type":"Microsoft.Authorization/policyDefinitions","name":"c96f3246-4382-4264-bf6b-af0b35e23c3c"},{"properties":{"displayName":"Deploy
Diagnostic Settings for Network Security Groups","policyType":"BuiltIn","mode":"Indexed","description":"This
policy automatically deploys diagnostic settings to network security groups.
@@ -3142,11 +5479,30 @@ interactions:
service work as intended, allow the set of trusted Microsoft services to bypass
the network rules. These services will then use strong authentication to access
the storage account.","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","exists":"true"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","notContains":"AzureServices"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","type":"Microsoft.Authorization/policyDefinitions","name":"c9d007d0-c057-4772-b18c-01e546713bcd"},{"properties":{"displayName":"Remote
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","exists":"true"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","notContains":"AzureServices"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","type":"Microsoft.Authorization/policyDefinitions","name":"c9d007d0-c057-4772-b18c-01e546713bcd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1035 - Least Privilege | Authorize Access To Security Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1035"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ca94b046-45e2-444f-a862-dc8ce262a516","type":"Microsoft.Authorization/policyDefinitions","name":"ca94b046-45e2-444f-a862-dc8ce262a516"},{"properties":{"displayName":"Microsoft
+ Managed Control 1243 - Contingency Planning Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1243"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ca9a4469-d6df-4ab2-a42f-1213c396f0ec","type":"Microsoft.Authorization/policyDefinitions","name":"ca9a4469-d6df-4ab2-a42f-1213c396f0ec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1306 - Identification And Authentication (Org. Users) | Net.
+ Access To Priv. Accts. - Replay","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1306"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff","type":"Microsoft.Authorization/policyDefinitions","name":"cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff"},{"properties":{"displayName":"Remote
debugging should be turned off for Web Applications","policyType":"BuiltIn","mode":"Indexed","description":"Remote
debugging requires inbound ports to be opened on a web application. Remote
debugging should be turned off.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","type":"Microsoft.Authorization/policyDefinitions","name":"cb510bfd-1cba-4d9f-a230-cb0976f4bb71"},{"properties":{"displayName":"Show
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","type":"Microsoft.Authorization/policyDefinitions","name":"cb510bfd-1cba-4d9f-a230-cb0976f4bb71"},{"properties":{"displayName":"Microsoft
+ Managed Control 1486 - Alternate Work Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1486"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cb790345-a51f-43de-934e-98dbfaf9dca5","type":"Microsoft.Authorization/policyDefinitions","name":"cb790345-a51f-43de-934e-98dbfaf9dca5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1167 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1167"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cbb2be76-4891-430b-95a7-ca0b0a3d1300","type":"Microsoft.Authorization/policyDefinitions","name":"cbb2be76-4891-430b-95a7-ca0b0a3d1300"},{"properties":{"displayName":"Microsoft
+ Managed Control 1374 - Incident Response Assistance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1374"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cc5c8616-52ef-4e5e-8000-491634ed9249","type":"Microsoft.Authorization/policyDefinitions","name":"cc5c8616-52ef-4e5e-8000-491634ed9249"},{"properties":{"displayName":"Show
audit results from Windows VMs in which the Administrators group does not
contain only the specified members","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -3165,7 +5521,10 @@ interactions:
policy enables you to specify a set of virtual machine SKUs that your organization
can deploy.","metadata":{"category":"Compute"},"parameters":{"listOfAllowedSKUs":{"type":"Array","metadata":{"description":"The
list of SKUs that can be specified for virtual machines.","displayName":"Allowed
- SKUs","strongType":"VMSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"field":"Microsoft.Compute/virtualMachines/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3","type":"Microsoft.Authorization/policyDefinitions","name":"cccc23c7-8427-4f53-ad12-b6a63eb452b3"},{"properties":{"displayName":"Inherit
+ SKUs","strongType":"VMSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"field":"Microsoft.Compute/virtualMachines/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3","type":"Microsoft.Authorization/policyDefinitions","name":"cccc23c7-8427-4f53-ad12-b6a63eb452b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1443 - Media Use","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1443"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd0ec6fa-a2e7-4361-aee4-a8688659a9ed","type":"Microsoft.Authorization/policyDefinitions","name":"cd0ec6fa-a2e7-4361-aee4-a8688659a9ed"},{"properties":{"displayName":"Inherit
a tag from the resource group","policyType":"BuiltIn","mode":"Indexed","description":"Adds
or replaces the specified tag and value from the parent resource group when
any resource is created or updated. Existing resources can be remediated by
@@ -3174,13 +5533,19 @@ interactions:
parameters(''tagName''), '']'')]","notEquals":"[resourceGroup().tags[parameters(''tagName'')]]"},{"value":"[resourceGroup().tags[parameters(''tagName'')]]","notEquals":""}]},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"addOrReplace","field":"[concat(''tags['',
parameters(''tagName''), '']'')]","value":"[resourceGroup().tags[parameters(''tagName'')]]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd3aa116-8754-49c9-a813-ad46512ece54","type":"Microsoft.Authorization/policyDefinitions","name":"cd3aa116-8754-49c9-a813-ad46512ece54"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation if ''department'' tag set","policyType":"BuiltIn","mode":"Indexed","description":"Allows
- resource creation only if the ''department'' tag is set","metadata":{"category":"Tags","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags","containsKey":"department"}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064","type":"Microsoft.Authorization/policyDefinitions","name":"cd8dc879-a2ae-43c3-8211-1877c5755064"},{"properties":{"displayName":"[Preview]:
+ resource creation only if the ''department'' tag is set","metadata":{"category":"Tags","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags","containsKey":"department"}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064","type":"Microsoft.Authorization/policyDefinitions","name":"cd8dc879-a2ae-43c3-8211-1877c5755064"},{"properties":{"displayName":"Microsoft
+ Managed Control 1582 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1582"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd9e2f38-259b-462c-bfad-0ad7ab4e65c5","type":"Microsoft.Authorization/policyDefinitions","name":"cd9e2f38-259b-462c-bfad-0ad7ab4e65c5"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that allow re-use of the previous 24 passwords","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that allow re-use of the previous 24 passwords.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","type":"Microsoft.Authorization/policyDefinitions","name":"cdbf72d9-ac9c-4026-8a3a-491a5ac59293"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","type":"Microsoft.Authorization/policyDefinitions","name":"cdbf72d9-ac9c-4026-8a3a-491a5ac59293"},{"properties":{"displayName":"Microsoft
+ Managed Control 1104 - Audit Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1104"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cdd8d244-18b2-4306-a1d1-df175ae0935f","type":"Microsoft.Authorization/policyDefinitions","name":"cdd8d244-18b2-4306-a1d1-df175ae0935f"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - Privilege Use''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -3191,14 +5556,37 @@ interactions:
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPrivilegeUse","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesPrivilegeUse"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ce2370f6-0ac5-4d85-8ab4-10721cc640b0","type":"Microsoft.Authorization/policyDefinitions","name":"ce2370f6-0ac5-4d85-8ab4-10721cc640b0"},{"properties":{"displayName":"Diagnostic
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ce2370f6-0ac5-4d85-8ab4-10721cc640b0","type":"Microsoft.Authorization/policyDefinitions","name":"ce2370f6-0ac5-4d85-8ab4-10721cc640b0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1209 - Configuration Settings","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1209"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ce669c31-9103-4552-ae9c-cdef4e03580d","type":"Microsoft.Authorization/policyDefinitions","name":"ce669c31-9103-4552-ae9c-cdef4e03580d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1242 - Contingency Planning Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1242"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf3b3293-667a-445e-a722-fa0b0afc0958","type":"Microsoft.Authorization/policyDefinitions","name":"cf3b3293-667a-445e-a722-fa0b0afc0958"},{"properties":{"displayName":"Microsoft
+ Managed Control 1097 - Role-Based Security Training | Suspicious Communications
+ And Anomalous System Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1097"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf3e4836-f19e-47eb-a8cd-c3ca150452c0","type":"Microsoft.Authorization/policyDefinitions","name":"cf3e4836-f19e-47eb-a8cd-c3ca150452c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1424 - Maintenance Personnel | Individuals Without Appropriate
+ Access","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1424"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf55fc87-48e1-4676-a2f8-d9a8cf993283","type":"Microsoft.Authorization/policyDefinitions","name":"cf55fc87-48e1-4676-a2f8-d9a8cf993283"},{"properties":{"displayName":"Diagnostic
logs in Key Vault should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Key Vault"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","type":"Microsoft.Authorization/policyDefinitions","name":"cf820ca0-f99e-4f3e-84fb-66e913812d21"},{"properties":{"displayName":"Add
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","type":"Microsoft.Authorization/policyDefinitions","name":"cf820ca0-f99e-4f3e-84fb-66e913812d21"},{"properties":{"displayName":"Microsoft
+ Managed Control 1292 - Information System Backup | Test Restoration Using
+ Sampling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1292"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d03516cf-0293-489f-9b32-a18f2a79f836","type":"Microsoft.Authorization/policyDefinitions","name":"d03516cf-0293-489f-9b32-a18f2a79f836"},{"properties":{"displayName":"Microsoft
+ Managed Control 1724 - Error Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1724"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d07594d1-0307-4c08-94db-5d71ff31f0f6","type":"Microsoft.Authorization/policyDefinitions","name":"d07594d1-0307-4c08-94db-5d71ff31f0f6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1084 - Publicly Accessible Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1084"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d0eb15db-dd1c-4d1d-b200-b12dd6cd060c","type":"Microsoft.Authorization/policyDefinitions","name":"d0eb15db-dd1c-4d1d-b200-b12dd6cd060c"},{"properties":{"displayName":"Add
or replace a tag on resource groups","policyType":"BuiltIn","mode":"All","description":"Adds
or replaces the specified tag and value when any resource group is created
or updated. Existing resource groups can be remediated by triggering a remediation
@@ -3214,11 +5602,30 @@ interactions:
connections between your database server and your client applications helps
protect against ''man-in-the-middle'' attacks by encrypting the data stream
between the server and your application","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","type":"Microsoft.Authorization/policyDefinitions","name":"d158790f-bfb0-486c-8631-2dc6b4e8e6af"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","type":"Microsoft.Authorization/policyDefinitions","name":"d158790f-bfb0-486c-8631-2dc6b4e8e6af"},{"properties":{"displayName":"Microsoft
+ Managed Control 1620 - Denial Of Service Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1620"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d17c826b-1dec-43e1-a984-7b71c446649c","type":"Microsoft.Authorization/policyDefinitions","name":"d17c826b-1dec-43e1-a984-7b71c446649c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1409 - Maintenance Tools | Prevent Unauthorized Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1409"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d1880188-e51a-4772-b2ab-68f5e8bd27f6","type":"Microsoft.Authorization/policyDefinitions","name":"d1880188-e51a-4772-b2ab-68f5e8bd27f6"},{"properties":{"displayName":"[Deprecated]:
Audit Function Apps that are not using custom domains","policyType":"BuiltIn","mode":"All","description":"Use
of custom domains protects a Function app from common attacks such as phishing
and other DNS-related attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c","type":"Microsoft.Authorization/policyDefinitions","name":"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c","type":"Microsoft.Authorization/policyDefinitions","name":"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1195 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1195"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d1e1d65c-1013-4484-bd54-991332e6a0d2","type":"Microsoft.Authorization/policyDefinitions","name":"d1e1d65c-1013-4484-bd54-991332e6a0d2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1721 - Spam Protection | Central Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1721"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a","type":"Microsoft.Authorization/policyDefinitions","name":"d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1106 - Audit Events | Reviews And Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1106"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d2b4feae-61ab-423f-a4c5-0e38ac4464d8","type":"Microsoft.Authorization/policyDefinitions","name":"d2b4feae-61ab-423f-a4c5-0e38ac4464d8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1030 - Information Flow Enforcement | Physical / Logical Separation
+ Of Information Flows","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1030"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d3531453-b869-4606-9122-29c1cd6e7ed1","type":"Microsoft.Authorization/policyDefinitions","name":"d3531453-b869-4606-9122-29c1cd6e7ed1"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs on which the DSC configuration is
not compliant","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows VMs on which
@@ -3228,30 +5635,127 @@ interactions:
Configuration. This policy should only be used along with its corresponding
audit policy in an initiative. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDscConfiguration","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDscConfiguration"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d38b4c26-9d2e-47d7-aefe-18d859a8706a","type":"Microsoft.Authorization/policyDefinitions","name":"d38b4c26-9d2e-47d7-aefe-18d859a8706a"},{"properties":{"displayName":"Virtual
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDscConfiguration","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDscConfiguration"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d38b4c26-9d2e-47d7-aefe-18d859a8706a","type":"Microsoft.Authorization/policyDefinitions","name":"d38b4c26-9d2e-47d7-aefe-18d859a8706a"},{"properties":{"displayName":"Long-term
+ geo-redundant backup should be enabled for Azure SQL Databases","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure SQL Database with long-term geo-redundant backup not
+ enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies","name":"default","existenceCondition":{"anyOf":[{"field":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies/weeklyRetention","notEquals":"PT0S"},{"field":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies/monthlyRetention","notEquals":"PT0S"},{"field":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies/yearlyRetention","notEquals":"PT0S"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","type":"Microsoft.Authorization/policyDefinitions","name":"d38fc420-0735-4ef3-ac11-c806f651a570"},{"properties":{"displayName":"Microsoft
+ Managed Control 1641 - Transmission Confidentiality And Integrity | Cryptographic
+ Or Alternate Physical Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1641"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d39d4f68-7346-4133-8841-15318a714a24","type":"Microsoft.Authorization/policyDefinitions","name":"d39d4f68-7346-4133-8841-15318a714a24"},{"properties":{"displayName":"Microsoft
+ Managed Control 1249 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1249"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d3bf4251-0818-42db-950b-afd5b25a51c2","type":"Microsoft.Authorization/policyDefinitions","name":"d3bf4251-0818-42db-950b-afd5b25a51c2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1562 - Allocation Of Resources","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1562"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d4142013-7964-4163-a313-a900301c2cef","type":"Microsoft.Authorization/policyDefinitions","name":"d4142013-7964-4163-a313-a900301c2cef"},{"properties":{"displayName":"Virtual
machines should be connected to an approved virtual network","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any virtual machine connected to a virtual network that is not
approved.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"virtualNetworkId":{"type":"String","metadata":{"displayName":"Virtual
- network Id","description":"Resource Id of the virtual network. Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroupName/providers/Microsoft.Network/virtualNetworks/Name"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"not":{"field":"Microsoft.Network/networkInterfaces/ipconfigurations[*].subnet.id","like":"[concat(parameters(''virtualNetworkId''),''/*'')]"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d416745a-506c-48b6-8ab1-83cb814bcaa3","type":"Microsoft.Authorization/policyDefinitions","name":"d416745a-506c-48b6-8ab1-83cb814bcaa3"},{"properties":{"displayName":"Event
+ network Id","description":"Resource Id of the virtual network. Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroupName/providers/Microsoft.Network/virtualNetworks/Name"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"not":{"field":"Microsoft.Network/networkInterfaces/ipconfigurations[*].subnet.id","like":"[concat(parameters(''virtualNetworkId''),''/*'')]"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d416745a-506c-48b6-8ab1-83cb814bcaa3","type":"Microsoft.Authorization/policyDefinitions","name":"d416745a-506c-48b6-8ab1-83cb814bcaa3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1383 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1383"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d4558451-e16a-4d2d-a066-fe12a6282bb9","type":"Microsoft.Authorization/policyDefinitions","name":"d4558451-e16a-4d2d-a066-fe12a6282bb9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1112 - Response To Audit Processing Failures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1112"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d530aad8-4ee2-45f4-b234-c061dae683c0","type":"Microsoft.Authorization/policyDefinitions","name":"d530aad8-4ee2-45f4-b234-c061dae683c0"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Data Lake Analytics to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Analytics to stream to a regional Log
+ Analytics workspace when any Data Lake Analytics which is missing this diagnostic
+ settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeAnalytics/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeAnalytics/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03","type":"Microsoft.Authorization/policyDefinitions","name":"d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03"},{"properties":{"displayName":"Microsoft
+ Managed Control 1585 - Security Engineering Principles","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1585"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d57f8732-5cdc-4cda-8d27-ab148e1f3a55","type":"Microsoft.Authorization/policyDefinitions","name":"d57f8732-5cdc-4cda-8d27-ab148e1f3a55"},{"properties":{"displayName":"Microsoft
+ Managed Control 1667 - System And Information Integrity Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1667"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d61880dc-6e38-4f2a-a30c-3406a98f8220","type":"Microsoft.Authorization/policyDefinitions","name":"d61880dc-6e38-4f2a-a30c-3406a98f8220"},{"properties":{"displayName":"Microsoft
+ Managed Control 1150 - Security Assessments | External Organizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1150"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d630429d-e763-40b1-8fba-d20ba7314afb","type":"Microsoft.Authorization/policyDefinitions","name":"d630429d-e763-40b1-8fba-d20ba7314afb"},{"properties":{"displayName":"Event
Hub should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Event Hub not configured to use a virtual network service
endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.EventHub/namespaces/virtualNetworkRules","existenceCondition":{"field":"Microsoft.EventHub/namespaces/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d63edb4a-c612-454d-b47d-191a724fcbf0","type":"Microsoft.Authorization/policyDefinitions","name":"d63edb4a-c612-454d-b47d-191a724fcbf0"},{"properties":{"displayName":"Show
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.EventHub/namespaces/virtualNetworkRules","existenceCondition":{"field":"Microsoft.EventHub/namespaces/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d63edb4a-c612-454d-b47d-191a724fcbf0","type":"Microsoft.Authorization/policyDefinitions","name":"d63edb4a-c612-454d-b47d-191a724fcbf0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1549 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1549"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d6976a08-d969-4df2-bb38-29556c2eb48a","type":"Microsoft.Authorization/policyDefinitions","name":"d6976a08-d969-4df2-bb38-29556c2eb48a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1473 - Emergency Power","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1473"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d7047705-d719-46a7-8bb0-76ad233eba71","type":"Microsoft.Authorization/policyDefinitions","name":"d7047705-d719-46a7-8bb0-76ad233eba71"},{"properties":{"displayName":"Microsoft
+ Managed Control 1529 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1529"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d74fdc92-1cb8-4a34-9978-8556425cd14c","type":"Microsoft.Authorization/policyDefinitions","name":"d74fdc92-1cb8-4a34-9978-8556425cd14c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1350 - Identification And Authentication (Non-Org. Users)
+ | Use Of FICAM-Issued Profiles","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1350"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d77fd943-6ba6-4a21-ba07-22b03e347cc4","type":"Microsoft.Authorization/policyDefinitions","name":"d77fd943-6ba6-4a21-ba07-22b03e347cc4"},{"properties":{"displayName":"Show
audit results from Windows Server VMs on which Windows Serial Console is not
enabled","policyType":"BuiltIn","mode":"All","description":"This policy should
only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
Server virtual machines on which Windows Serial Console is not enabled. For
more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsSerialConsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d7ccd0ca-8d78-42af-a43d-6b7f928accbc","type":"Microsoft.Authorization/policyDefinitions","name":"d7ccd0ca-8d78-42af-a43d-6b7f928accbc"},{"properties":{"displayName":"[Deprecated]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsSerialConsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d7ccd0ca-8d78-42af-a43d-6b7f928accbc","type":"Microsoft.Authorization/policyDefinitions","name":"d7ccd0ca-8d78-42af-a43d-6b7f928accbc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1016 - Account Management | Automated Audit Actions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1016"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d8b43277-512e-40c3-ab00-14b3b6e72238","type":"Microsoft.Authorization/policyDefinitions","name":"d8b43277-512e-40c3-ab00-14b3b6e72238"},{"properties":{"displayName":"Microsoft
+ Managed Control 1488 - Alternate Work Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1488"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d8ef30eb-a44f-47af-8524-ac19a36d41d2","type":"Microsoft.Authorization/policyDefinitions","name":"d8ef30eb-a44f-47af-8524-ac19a36d41d2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1577 - Acquisition Process | Continuous Monitoring Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1577"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d922484a-8cfc-4a6b-95a4-77d6a685407f","type":"Microsoft.Authorization/policyDefinitions","name":"d922484a-8cfc-4a6b-95a4-77d6a685407f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1271 - Alternate Storage Site | Accessibility","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1271"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/da3bfb53-9c46-4010-b3db-a7ba1296dada","type":"Microsoft.Authorization/policyDefinitions","name":"da3bfb53-9c46-4010-b3db-a7ba1296dada"},{"properties":{"displayName":"Microsoft
+ Managed Control 1516 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1516"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/da3cd269-156f-435b-b472-c3af34c032ed","type":"Microsoft.Authorization/policyDefinitions","name":"da3cd269-156f-435b-b472-c3af34c032ed"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Batch Account to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Batch Account to stream to a regional Event Hub
+ when any Batch Account which is missing this diagnostic settings is created
+ or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Batch/batchAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Batch/batchAccounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ServiceLog","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/db51110f-0865-4a6e-b274-e2e07a5b2cd7","type":"Microsoft.Authorization/policyDefinitions","name":"db51110f-0865-4a6e-b274-e2e07a5b2cd7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1277 - Alternate Processing Site | Priority Of Service","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1277"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dc43e829-3d50-4a0a-aa0f-428d551862aa","type":"Microsoft.Authorization/policyDefinitions","name":"dc43e829-3d50-4a0a-aa0f-428d551862aa"},{"properties":{"displayName":"Microsoft
+ Managed Control 1439 - Media Sanitization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1439"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dce72873-c5f1-47c3-9b4f-6b8207fd5a45","type":"Microsoft.Authorization/policyDefinitions","name":"dce72873-c5f1-47c3-9b4f-6b8207fd5a45"},{"properties":{"displayName":"Microsoft
+ Managed Control 1264 - Contingency Plan Testing | Coordinate With Related
+ Plans","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1264"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd280d4b-50a1-42fb-a479-ece5878acf19","type":"Microsoft.Authorization/policyDefinitions","name":"dd280d4b-50a1-42fb-a479-ece5878acf19"},{"properties":{"displayName":"[Deprecated]:
Audit Web Applications that are not using custom domains","policyType":"BuiltIn","mode":"All","description":"Use
of custom domains protects a web application from common attacks such as phishing
and other DNS-related attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -3263,7 +5767,23 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''System Audit Policies - Policy Change''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPolicyChange","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd4680ed-0559-4a6a-ad10-081d14cbb484","type":"Microsoft.Authorization/policyDefinitions","name":"dd4680ed-0559-4a6a-ad10-081d14cbb484"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPolicyChange","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd4680ed-0559-4a6a-ad10-081d14cbb484","type":"Microsoft.Authorization/policyDefinitions","name":"dd4680ed-0559-4a6a-ad10-081d14cbb484"},{"properties":{"displayName":"Microsoft
+ Managed Control 1715 - Software, Firmware, And Information Integrity | Automated
+ Response To Integrity Violations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1715"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd469ae0-71a8-4adc-aafc-de6949ca3339","type":"Microsoft.Authorization/policyDefinitions","name":"dd469ae0-71a8-4adc-aafc-de6949ca3339"},{"properties":{"displayName":"Microsoft
+ Managed Control 1678 - Malicious Code Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1678"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd533cb0-b416-4be7-8e86-4d154824dfd7","type":"Microsoft.Authorization/policyDefinitions","name":"dd533cb0-b416-4be7-8e86-4d154824dfd7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1391 - Information Spillage Response | Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1391"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd6ac1a1-660e-4810-baa8-74e868e2ed47","type":"Microsoft.Authorization/policyDefinitions","name":"dd6ac1a1-660e-4810-baa8-74e868e2ed47"},{"properties":{"displayName":"Microsoft
+ Managed Control 1146 - Security Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1146"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd83410c-ecb6-4547-8f14-748c3cbdc7ac","type":"Microsoft.Authorization/policyDefinitions","name":"dd83410c-ecb6-4547-8f14-748c3cbdc7ac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1602 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1602"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ddae2e97-a449-499f-a1c8-aea4a7e52ec9","type":"Microsoft.Authorization/policyDefinitions","name":"ddae2e97-a449-499f-a1c8-aea4a7e52ec9"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Settings
- Account Policies''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -3288,13 +5808,26 @@ interactions:
''='', parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsRecoveryconsole"},"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Recovery
console: Allow floppy copy and access to all drives and all folders;ExpectedValue","value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b","type":"Microsoft.Authorization/policyDefinitions","name":"ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b"},{"properties":{"displayName":"[Deprecated]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b","type":"Microsoft.Authorization/policyDefinitions","name":"ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1689 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1689"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/de901f2f-a01a-4456-97f0-33cda7966172","type":"Microsoft.Authorization/policyDefinitions","name":"de901f2f-a01a-4456-97f0-33cda7966172"},{"properties":{"displayName":"Microsoft
+ Managed Control 1528 - Access Agreements","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1528"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/deb9797c-22f8-40e8-b342-a84003c924e6","type":"Microsoft.Authorization/policyDefinitions","name":"deb9797c-22f8-40e8-b342-a84003c924e6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1673 - Flaw Remediation | Automated Flaw Remediation Status","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1673"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dff0b90d-5a6f-491c-b2f8-b90aa402d844","type":"Microsoft.Authorization/policyDefinitions","name":"dff0b90d-5a6f-491c-b2f8-b90aa402d844"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation only in Japan data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation in the following locations only: Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697","type":"Microsoft.Authorization/policyDefinitions","name":"e01598e8-6538-41ed-95e8-8b29746cd697"},{"properties":{"displayName":"Cosmos
DB should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Cosmos DB not configured to use a virtual network service
endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"field":"Microsoft.DocumentDB/databaseAccounts/virtualNetworkRules[*].id","exists":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9","type":"Microsoft.Authorization/policyDefinitions","name":"e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9"},{"properties":{"displayName":"Deploy
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"field":"Microsoft.DocumentDB/databaseAccounts/virtualNetworkRules[*].id","exists":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9","type":"Microsoft.Authorization/policyDefinitions","name":"e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1206 - Access Restrictions For Change | Limit Production /
+ Operational Privileges","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1206"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0de232d-02a0-4652-872d-88afb4ae5e91","type":"Microsoft.Authorization/policyDefinitions","name":"e0de232d-02a0-4652-872d-88afb4ae5e91"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that do not have the specified Windows
PowerShell execution policy","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -3312,11 +5845,36 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellExecutionPolicy]PowerShellExecutionPolicy1;ExecutionPolicy","value":"[parameters(''ExecutionPolicy'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0efc13a-122a-47c5-b817-2ccfe5d12615","type":"Microsoft.Authorization/policyDefinitions","name":"e0efc13a-122a-47c5-b817-2ccfe5d12615"},{"properties":{"displayName":"Vulnerabilities
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0efc13a-122a-47c5-b817-2ccfe5d12615","type":"Microsoft.Authorization/policyDefinitions","name":"e0efc13a-122a-47c5-b817-2ccfe5d12615"},{"properties":{"displayName":"Microsoft
+ Managed Control 1714 - Software, Firmware, And Information Integrity | Automated
+ Notifications Of Integrity Violations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1714"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e12494fa-b81e-4080-af71-7dbacc2da0ec","type":"Microsoft.Authorization/policyDefinitions","name":"e12494fa-b81e-4080-af71-7dbacc2da0ec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1686 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1686"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e17085c5-0be8-4423-b39b-a52d3d1402e5","type":"Microsoft.Authorization/policyDefinitions","name":"e17085c5-0be8-4423-b39b-a52d3d1402e5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1722 - Spam Protection | Automatic Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1722"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1da06bd-25b6-4127-a301-c313d6873fff","type":"Microsoft.Authorization/policyDefinitions","name":"e1da06bd-25b6-4127-a301-c313d6873fff"},{"properties":{"displayName":"Vulnerabilities
in security configuration on your machines should be remediated","policyType":"BuiltIn","mode":"All","description":"Servers
which do not satisfy the configured baseline will be monitored by Azure Security
Center as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"osVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","type":"Microsoft.Authorization/policyDefinitions","name":"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"osVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","type":"Microsoft.Authorization/policyDefinitions","name":"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15"},{"properties":{"displayName":"Microsoft
+ Managed Control 1047 - System Use Notification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1047"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62","type":"Microsoft.Authorization/policyDefinitions","name":"e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62"},{"properties":{"displayName":"Microsoft
+ Managed Control 1276 - Alternate Processing Site | Accessibility","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1276"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e214e563-1206-4a43-a56b-ac5880c9c571","type":"Microsoft.Authorization/policyDefinitions","name":"e214e563-1206-4a43-a56b-ac5880c9c571"},{"properties":{"displayName":"Microsoft
+ Managed Control 1560 - System And Services Acquisition Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1560"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e29e0915-5c2f-4d09-8806-048b749ad763","type":"Microsoft.Authorization/policyDefinitions","name":"e29e0915-5c2f-4d09-8806-048b749ad763"},{"properties":{"displayName":"Ensure
+ that ''HTTP Version'' is the latest, if used to run the Function app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for HTTP either due to security flaws or to include
+ additional functionality. Using the latest HTTP version for web apps to take
+ advantage of security fixes, if any, and/or new functionalities of the newer
+ version.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.http20Enabled","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c","type":"Microsoft.Authorization/policyDefinitions","name":"e2c1c086-2d84-4019-bff3-c44ccd95113c"},{"properties":{"displayName":"[Preview]:
Audit Dependency Agent Deployment in VMSS - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports
VMSS as non-compliant if the VM Image (OS) is not in the list defined and
the agent is not installed. The list of OS images will be updated over time
@@ -3324,7 +5882,16 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10","type":"Microsoft.Authorization/policyDefinitions","name":"e2dd799a-a932-4e9d-ac17-d473bc3c6c10"},{"properties":{"displayName":"Azure
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10","type":"Microsoft.Authorization/policyDefinitions","name":"e2dd799a-a932-4e9d-ac17-d473bc3c6c10"},{"properties":{"displayName":"Microsoft
+ Managed Control 1161 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1161"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2f8f6c6-dde4-436b-a79d-bc50e129eb3a","type":"Microsoft.Authorization/policyDefinitions","name":"e2f8f6c6-dde4-436b-a79d-bc50e129eb3a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1387 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1387"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3007185-3857-43a9-8237-06ca94f1084c","type":"Microsoft.Authorization/policyDefinitions","name":"e3007185-3857-43a9-8237-06ca94f1084c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1479 - Fire Protection | Automatic Fire Suppression","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1479"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e327b072-281d-4f75-9c28-4216e5d72f26","type":"Microsoft.Authorization/policyDefinitions","name":"e327b072-281d-4f75-9c28-4216e5d72f26"},{"properties":{"displayName":"Azure
VPN gateways should not use ''basic'' SKU","policyType":"BuiltIn","mode":"All","description":"This
policy ensures that VPN gateways do not use ''basic'' SKU.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/virtualNetworkGateways"},{"field":"Microsoft.Network/virtualNetworkGateways/gatewayType","equals":"Vpn"},{"field":"Microsoft.Network/virtualNetworkGateways/sku.tier","equals":"Basic"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e345b6c3-24bd-4c93-9bbb-7e5e49a17b78","type":"Microsoft.Authorization/policyDefinitions","name":"e345b6c3-24bd-4c93-9bbb-7e5e49a17b78"},{"properties":{"displayName":"MFA
@@ -3375,7 +5942,13 @@ interactions:
password age;ExpectedValue","value":"[parameters(''MinimumPasswordAge'')]"},{"name":"Minimum
password length;ExpectedValue","value":"[parameters(''MinimumPasswordLength'')]"},{"name":"Password
must meet complexity requirements;ExpectedValue","value":"[parameters(''PasswordMustMeetComplexityRequirements'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3d95ab7-f47a-49d8-a347-784177b6c94c","type":"Microsoft.Authorization/policyDefinitions","name":"e3d95ab7-f47a-49d8-a347-784177b6c94c"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3d95ab7-f47a-49d8-a347-784177b6c94c","type":"Microsoft.Authorization/policyDefinitions","name":"e3d95ab7-f47a-49d8-a347-784177b6c94c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1451 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1451"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3f1e5a3-25c1-4476-8cb6-3955031f8e65","type":"Microsoft.Authorization/policyDefinitions","name":"e3f1e5a3-25c1-4476-8cb6-3955031f8e65"},{"properties":{"displayName":"Microsoft
+ Managed Control 1357 - Incident Response Training | Automated Training Environments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1357"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e4213689-05e8-4241-9d4e-8dd1cdafd105","type":"Microsoft.Authorization/policyDefinitions","name":"e4213689-05e8-4241-9d4e-8dd1cdafd105"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- User Account Control''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -3407,14 +5980,36 @@ interactions:
Approval Mode;ExpectedValue","value":"[parameters(''UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode'')]"},{"name":"User
Account Control: Detect application installations and prompt for elevation;ExpectedValue","value":"[parameters(''UACDetectApplicationInstallationsAndPromptForElevation'')]"},{"name":"User
Account Control: Run all administrators in Admin Approval Mode;ExpectedValue","value":"[parameters(''UACRunAllAdministratorsInAdminApprovalMode'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e425e402-a050-45e5-b010-bd3f934589fc","type":"Microsoft.Authorization/policyDefinitions","name":"e425e402-a050-45e5-b010-bd3f934589fc"},{"properties":{"displayName":"Allowed
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e425e402-a050-45e5-b010-bd3f934589fc","type":"Microsoft.Authorization/policyDefinitions","name":"e425e402-a050-45e5-b010-bd3f934589fc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1340 - Authenticator Management | No Embedded Unencrypted
+ Static Authenticators","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1340"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e51ff84b-e5ea-408f-b651-2ecc2933e4c6","type":"Microsoft.Authorization/policyDefinitions","name":"e51ff84b-e5ea-408f-b651-2ecc2933e4c6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1381 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1381"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e5368258-9684-4567-8126-269f34e65eab","type":"Microsoft.Authorization/policyDefinitions","name":"e5368258-9684-4567-8126-269f34e65eab"},{"properties":{"displayName":"Microsoft
+ Managed Control 1421 - Maintenance Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1421"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e539caaa-da8c-41b8-9e1e-449851e2f7a6","type":"Microsoft.Authorization/policyDefinitions","name":"e539caaa-da8c-41b8-9e1e-449851e2f7a6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1716 - Software, Firmware, And Information Integrity | Integration
+ Of Detection And Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1716"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e54c325e-42a0-4dcf-b105-046e0f6f590f","type":"Microsoft.Authorization/policyDefinitions","name":"e54c325e-42a0-4dcf-b105-046e0f6f590f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1023 - Account Management | Usage Conditions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1023"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e55698b6-3dea-4aa9-99b9-d8218c6ab6e5","type":"Microsoft.Authorization/policyDefinitions","name":"e55698b6-3dea-4aa9-99b9-d8218c6ab6e5"},{"properties":{"displayName":"Allowed
locations","policyType":"BuiltIn","mode":"Indexed","description":"This policy
enables you to restrict the locations your organization can specify when deploying
resources. Use to enforce your geo-compliance requirements. Excludes resource
groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources that
use the ''global'' region.","metadata":{"category":"General"},"parameters":{"listOfAllowedLocations":{"type":"Array","metadata":{"description":"The
list of locations that can be specified when deploying resources.","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"allOf":[{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"},{"field":"location","notEquals":"global"},{"field":"type","notEquals":"Microsoft.AzureActiveDirectory/b2cDirectories"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","type":"Microsoft.Authorization/policyDefinitions","name":"e56962a6-4747-49cd-b67b-bf8b01975c4c"},{"properties":{"displayName":"[Preview]:
+ locations"}}},"policyRule":{"if":{"allOf":[{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"},{"field":"location","notEquals":"global"},{"field":"type","notEquals":"Microsoft.AzureActiveDirectory/b2cDirectories"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","type":"Microsoft.Authorization/policyDefinitions","name":"e56962a6-4747-49cd-b67b-bf8b01975c4c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1296 - Information System Recovery And Reconstitution | Transaction
+ Recovery","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1296"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e57b98a0-a011-4956-a79d-5d17ed8b8e48","type":"Microsoft.Authorization/policyDefinitions","name":"e57b98a0-a011-4956-a79d-5d17ed8b8e48"},{"properties":{"displayName":"Microsoft
+ Managed Control 1499 - Rules Of Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1499"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e59671ab-9720-4ee2-9c60-170e8c82251e","type":"Microsoft.Authorization/policyDefinitions","name":"e59671ab-9720-4ee2-9c60-170e8c82251e"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Accounts''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -3434,29 +6029,49 @@ interactions:
the latest supported Node.js version for the latest security classes. Using
older classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestNodeJS","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008","type":"Microsoft.Authorization/policyDefinitions","name":"e67687e8-08d5-4e7f-8226-5b4753bba008"},{"properties":{"displayName":"Subnets
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestNodeJS","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008","type":"Microsoft.Authorization/policyDefinitions","name":"e67687e8-08d5-4e7f-8226-5b4753bba008"},{"properties":{"displayName":"Microsoft
+ Managed Control 1465 - Monitoring Physical Access | Monitoring Physical Access
+ To Information Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1465"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e6e41554-86b5-4537-9f7f-4fc41a1d1640","type":"Microsoft.Authorization/policyDefinitions","name":"e6e41554-86b5-4537-9f7f-4fc41a1d1640"},{"properties":{"displayName":"Subnets
should be associated with a Network Security Group","policyType":"BuiltIn","mode":"All","description":"Protect
your subnet from potential threats by restricting access to it with a Network
Security Group (NSG). NSGs contain a list of Access Control List (ACL) rules
that allow or deny network traffic to your subnet.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnSubnets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","type":"Microsoft.Authorization/policyDefinitions","name":"e71308d3-144b-4262-b144-efdc3cc90517"},{"properties":{"displayName":"Advanced
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnSubnets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","type":"Microsoft.Authorization/policyDefinitions","name":"e71308d3-144b-4262-b144-efdc3cc90517"},{"properties":{"displayName":"Microsoft
+ Managed Control 1567 - System Development Life Cycle","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1567"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e72edbf6-aa61-436d-a227-0f32b77194b3","type":"Microsoft.Authorization/policyDefinitions","name":"e72edbf6-aa61-436d-a227-0f32b77194b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1311 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1311"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e7568697-0c9e-4ea3-9cec-9e567d14f3c6","type":"Microsoft.Authorization/policyDefinitions","name":"e7568697-0c9e-4ea3-9cec-9e567d14f3c6"},{"properties":{"displayName":"Advanced
Threat Protection types should be set to ''All'' in SQL server Advanced Data
Security settings","policyType":"BuiltIn","mode":"Indexed","description":"It
is recommended to enable all Advanced Threat Protection types on your SQL
servers. Enabling all types protects against SQL injection, database vulnerabilities,
and any other anomalous activities.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/disabledAlerts[*]","equals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","type":"Microsoft.Authorization/policyDefinitions","name":"e756b945-1b1b-480b-8de8-9a0859d5f7ad"},{"properties":{"displayName":"Allowed
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/disabledAlerts[*]","equals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","type":"Microsoft.Authorization/policyDefinitions","name":"e756b945-1b1b-480b-8de8-9a0859d5f7ad"},{"properties":{"displayName":"Microsoft
+ Managed Control 1154 - System Interconnections | Unclassified Non-National
+ Security System Connections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1154"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e757ceb9-93b3-45fe-a4f4-f43f64f1ac5a","type":"Microsoft.Authorization/policyDefinitions","name":"e757ceb9-93b3-45fe-a4f4-f43f64f1ac5a"},{"properties":{"displayName":"Allowed
locations for resource groups","policyType":"BuiltIn","mode":"All","description":"This
policy enables you to restrict the locations your organization can create
resource groups in. Use to enforce your geo-compliance requirements.","metadata":{"category":"General"},"parameters":{"listOfAllowedLocations":{"type":"Array","metadata":{"description":"The
list of locations that resource groups can be created in.","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988","type":"Microsoft.Authorization/policyDefinitions","name":"e765b5de-1225-4ba3-bd56-1ac6695af988"},{"properties":{"displayName":"[Deprecated]:
+ locations"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988","type":"Microsoft.Authorization/policyDefinitions","name":"e765b5de-1225-4ba3-bd56-1ac6695af988"},{"properties":{"displayName":"Microsoft
+ Managed Control 1273 - Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1273"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e77fcbf2-a1e8-44f1-860e-ed6583761e65","type":"Microsoft.Authorization/policyDefinitions","name":"e77fcbf2-a1e8-44f1-860e-ed6583761e65"},{"properties":{"displayName":"[Deprecated]:
Audit Web Sockets state for a Web Application","policyType":"BuiltIn","mode":"All","description":"The
Web Sockets protocol is vulnerable to different types of security threats.
Use of Web Sockets within a web application must be carefully reviewed.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e","type":"Microsoft.Authorization/policyDefinitions","name":"e797f851-8be7-4c40-bb56-2e3395215b0e"},{"properties":{"displayName":"Enforce
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e","type":"Microsoft.Authorization/policyDefinitions","name":"e797f851-8be7-4c40-bb56-2e3395215b0e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1169 - Continuous Monitoring | Trend Analyses","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1169"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e7ba2cb3-5675-4468-8b50-8486bdd998a5","type":"Microsoft.Authorization/policyDefinitions","name":"e7ba2cb3-5675-4468-8b50-8486bdd998a5"},{"properties":{"displayName":"Enforce
SSL connection should be enabled for MySQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any MySQL server that is not enforcing SSL connection. Azure
Database for MySQL supports connecting your Azure Database for MySQL server
@@ -3464,16 +6079,52 @@ interactions:
between your database server and your client applications helps protect against
''man in the middle'' attacks by encrypting the data stream between the server
and your application.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMySQL/servers"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","type":"Microsoft.Authorization/policyDefinitions","name":"e802a67a-daf5-4436-9ea6-f6d821dd0c5d"},{"properties":{"displayName":"Vulnerabilities
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMySQL/servers"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","type":"Microsoft.Authorization/policyDefinitions","name":"e802a67a-daf5-4436-9ea6-f6d821dd0c5d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1237 - Software Usage Restrictions | Open Source Software","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1237"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e80b6812-0bfa-4383-8223-cdd86a46a890","type":"Microsoft.Authorization/policyDefinitions","name":"e80b6812-0bfa-4383-8223-cdd86a46a890"},{"properties":{"displayName":"Vulnerabilities
in container security configurations should be remediated","policyType":"BuiltIn","mode":"All","description":"Audit
vulnerabilities in security configuration on machines with Docker installed
and display as recommendations in Azure Security Center.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ContainerBenchmark","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","type":"Microsoft.Authorization/policyDefinitions","name":"e8cbc669-f12d-49eb-93e7-9273119e9933"},{"properties":{"displayName":"Remote
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ContainerBenchmark","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","type":"Microsoft.Authorization/policyDefinitions","name":"e8cbc669-f12d-49eb-93e7-9273119e9933"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Data Lake Storage Gen1 to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Storage Gen1 to stream to a regional
+ Event Hub when any Data Lake Storage Gen1 which is missing this diagnostic
+ settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeStore/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e8d096bc-85de-4c5f-8cfb-857bd1b9d62d","type":"Microsoft.Authorization/policyDefinitions","name":"e8d096bc-85de-4c5f-8cfb-857bd1b9d62d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1626 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1626"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e8f6bddd-6d67-439a-88d4-c5fe39a79341","type":"Microsoft.Authorization/policyDefinitions","name":"e8f6bddd-6d67-439a-88d4-c5fe39a79341"},{"properties":{"displayName":"Microsoft
+ Managed Control 1502 - Rules Of Behavior | Social Media And Networking Restrictions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1502"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e901375c-8f01-4ac8-9183-d5312f47fe63","type":"Microsoft.Authorization/policyDefinitions","name":"e901375c-8f01-4ac8-9183-d5312f47fe63"},{"properties":{"displayName":"Microsoft
+ Managed Control 1723 - Information Input Validation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1723"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e91927a0-ac1d-44a0-95f8-5185f9dfce9f","type":"Microsoft.Authorization/policyDefinitions","name":"e91927a0-ac1d-44a0-95f8-5185f9dfce9f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1200 - Security Impact Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1200"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e98fe9d7-2ed3-44f8-93b7-24dca69783ff","type":"Microsoft.Authorization/policyDefinitions","name":"e98fe9d7-2ed3-44f8-93b7-24dca69783ff"},{"properties":{"displayName":"Microsoft
+ Managed Control 1487 - Alternate Work Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1487"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e9c3371d-c30c-4f58-abd9-30b8a8199571","type":"Microsoft.Authorization/policyDefinitions","name":"e9c3371d-c30c-4f58-abd9-30b8a8199571"},{"properties":{"displayName":"Remote
debugging should be turned off for API Apps","policyType":"BuiltIn","mode":"Indexed","description":"Remote
debugging requires inbound ports to be opened on an API apps. Remote debugging
should be turned off.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","type":"Microsoft.Authorization/policyDefinitions","name":"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e"},{"properties":{"displayName":"Inherit
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","type":"Microsoft.Authorization/policyDefinitions","name":"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1363 - Incident Handling | Automated Incident Handling Processes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1363"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ea3e8156-89a1-45b1-8bd6-938abc79fdfd","type":"Microsoft.Authorization/policyDefinitions","name":"ea3e8156-89a1-45b1-8bd6-938abc79fdfd"},{"properties":{"displayName":"Inherit
a tag from the resource group if missing","policyType":"BuiltIn","mode":"Indexed","description":"Adds
the specified tag with its value from the parent resource group when any resource
missing this tag is created or updated. Existing resources can be remediated
@@ -3485,7 +6136,24 @@ interactions:
Vault should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Key Vault not configured to use a virtual network service
endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"anyOf":[{"field":"Microsoft.KeyVault/vaults/networkAcls.defaultAction","notEquals":"Deny"},{"field":"Microsoft.KeyVault/vaults/networkAcls.virtualNetworkRules[*].id","exists":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ea4d6841-2173-4317-9747-ff522a45120f","type":"Microsoft.Authorization/policyDefinitions","name":"ea4d6841-2173-4317-9747-ff522a45120f"},{"properties":{"displayName":"Log
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"anyOf":[{"field":"Microsoft.KeyVault/vaults/networkAcls.defaultAction","notEquals":"Deny"},{"field":"Microsoft.KeyVault/vaults/networkAcls.virtualNetworkRules[*].id","exists":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ea4d6841-2173-4317-9747-ff522a45120f","type":"Microsoft.Authorization/policyDefinitions","name":"ea4d6841-2173-4317-9747-ff522a45120f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1422 - Maintenance Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1422"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ea556850-838d-4a37-8ce5-9d7642f95e11","type":"Microsoft.Authorization/policyDefinitions","name":"ea556850-838d-4a37-8ce5-9d7642f95e11"},{"properties":{"displayName":"Microsoft
+ Managed Control 1542 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1542"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eab340d0-3d55-4826-a0e5-feebfeb0131d","type":"Microsoft.Authorization/policyDefinitions","name":"eab340d0-3d55-4826-a0e5-feebfeb0131d"},{"properties":{"displayName":"Ensure
+ Function app has ''Client Certificates (Incoming client certificates)'' set
+ to ''On''","policyType":"BuiltIn","mode":"Indexed","description":"Client certificates
+ allow for the app to request a certificate for incoming requests. Only clients
+ that have a valid certificate will be able to reach the app.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"},{"field":"Microsoft.Web/sites/clientCertEnabled","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c","type":"Microsoft.Authorization/policyDefinitions","name":"eaebaea7-8013-4ceb-9d14-7eb32271373c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1064 - Remote Access | Privileged Commands / Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1064"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eb4d9508-cbf0-4a3c-bb5c-6c95b159f3fb","type":"Microsoft.Authorization/policyDefinitions","name":"eb4d9508-cbf0-4a3c-bb5c-6c95b159f3fb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1321 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1321"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eb627cc6-3a9d-46b5-96b7-5fca49178a37","type":"Microsoft.Authorization/policyDefinitions","name":"eb627cc6-3a9d-46b5-96b7-5fca49178a37"},{"properties":{"displayName":"Log
checkpoints should be enabled for PostgreSQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy helps audit any PostgreSQL databases in your environment without log_checkpoints
setting enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -3515,13 +6183,13 @@ interactions:
Configuration. This policy should only be used along with its corresponding
audit policy in an initiative. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid110"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid110"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","type":"Microsoft.Authorization/policyDefinitions","name":"ec49586f-4939-402d-a29e-6ff502b20592"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Administrative
Templates - Control Panel''","policyType":"BuiltIn","mode":"Indexed","description":"This
@@ -3533,7 +6201,13 @@ interactions:
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesControlPanel","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_AdministrativeTemplatesControlPanel"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ec7ac234-2af5-4729-94d2-c557c071799d","type":"Microsoft.Authorization/policyDefinitions","name":"ec7ac234-2af5-4729-94d2-c557c071799d"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ec7ac234-2af5-4729-94d2-c557c071799d","type":"Microsoft.Authorization/policyDefinitions","name":"ec7ac234-2af5-4729-94d2-c557c071799d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1241 - User-Installed Software | Alerts For Unauthorized Installations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1241"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eca4d7b2-65e2-4e04-95d4-c68606b063c3","type":"Microsoft.Authorization/policyDefinitions","name":"eca4d7b2-65e2-4e04-95d4-c68606b063c3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1622 - Boundary Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1622"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ecf56554-164d-499a-8d00-206b07c27bed","type":"Microsoft.Authorization/policyDefinitions","name":"ecf56554-164d-499a-8d00-206b07c27bed"},{"properties":{"displayName":"Deploy
Diagnostic Settings for Key Vault to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
the diagnostic settings for Key Vault to stream to a regional Event Hub when
any Key Vault which is missing this diagnostic settings is created or updated.","metadata":{"category":"Key
@@ -3549,16 +6223,78 @@ interactions:
logs","description":"Whether to enable logs stream to the Event Hub - True
or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vaultName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"resources":[{"type":"Microsoft.KeyVault/vaults/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''vaultName''),
''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"AuditEvent","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- diagnostic settings for '', parameters(''vaultName''))]"}}},"parameters":{"location":{"value":"[field(''location'')]"},"vaultName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ed7c8c13-51e7-49d1-8a43-8490431a0da2","type":"Microsoft.Authorization/policyDefinitions","name":"ed7c8c13-51e7-49d1-8a43-8490431a0da2"},{"properties":{"displayName":"Vulnerability
+ diagnostic settings for '', parameters(''vaultName''))]"}}},"parameters":{"location":{"value":"[field(''location'')]"},"vaultName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ed7c8c13-51e7-49d1-8a43-8490431a0da2","type":"Microsoft.Authorization/policyDefinitions","name":"ed7c8c13-51e7-49d1-8a43-8490431a0da2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1217 - Least Functionality | Periodic Review","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1217"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/edea4f20-b02c-4115-be75-86c080e5c0ed","type":"Microsoft.Authorization/policyDefinitions","name":"edea4f20-b02c-4115-be75-86c080e5c0ed"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Stream Analytics to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Stream Analytics to stream to a regional Event
+ Hub when any Stream Analytics which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingjobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.StreamAnalytics/streamingjobs/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Execution","enabled":"[parameters(''logsEnabled'')]"},{"category":"Authoring","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/edf3780c-3d70-40fe-b17e-ab72013dafca","type":"Microsoft.Authorization/policyDefinitions","name":"edf3780c-3d70-40fe-b17e-ab72013dafca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1189 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1189"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ee45e02a-4140-416c-82c4-fecfea660b9d","type":"Microsoft.Authorization/policyDefinitions","name":"ee45e02a-4140-416c-82c4-fecfea660b9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1089 - Security Awareness Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1089"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef080e67-0d1a-4f76-a0c5-fb9b0358485e","type":"Microsoft.Authorization/policyDefinitions","name":"ef080e67-0d1a-4f76-a0c5-fb9b0358485e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1314 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1314"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef0c8530-efd9-45b8-b753-f03083d06295","type":"Microsoft.Authorization/policyDefinitions","name":"ef0c8530-efd9-45b8-b753-f03083d06295"},{"properties":{"displayName":"Microsoft
+ Managed Control 1128 - Time Stamps","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1128"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef212163-3bc4-4e86-bcf8-705127086393","type":"Microsoft.Authorization/policyDefinitions","name":"ef212163-3bc4-4e86-bcf8-705127086393"},{"properties":{"displayName":"Vulnerability
assessment should be enabled on your SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"Audit
Azure SQL servers which do not have recurring vulnerability assessment scans
enabled. Vulnerability assessment can discover, track, and help you remediate
potential database vulnerabilities.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/vulnerabilityAssessments/recurringScans.isEnabled","equals":"True"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","type":"Microsoft.Authorization/policyDefinitions","name":"ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9"},{"properties":{"displayName":"The
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/vulnerabilityAssessments/recurringScans.isEnabled","equals":"True"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","type":"Microsoft.Authorization/policyDefinitions","name":"ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Event Hub to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Event Hub to stream to a regional Event Hub when
+ any Event Hub which is missing this diagnostic settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.EventHub/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ArchiveLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"AutoScaleLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"KafkaCoordinatorLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"EventHubVNetConnectionEvent","enabled":"[parameters(''logsEnabled'')]"},{"category":"CustomerManagedKeyUserLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef7b61ef-b8e4-4c91-8e78-6946c6b0023f","type":"Microsoft.Authorization/policyDefinitions","name":"ef7b61ef-b8e4-4c91-8e78-6946c6b0023f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1472 - Emergency Shutoff","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1472"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef869332-921d-4c28-9402-3be73e6e50c8","type":"Microsoft.Authorization/policyDefinitions","name":"ef869332-921d-4c28-9402-3be73e6e50c8"},{"properties":{"displayName":"The
Log Analytics agent should be installed on Virtual Machine Scale Sets","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Windows/Linux Virtual Machine Scale Sets if the Log Analytics
agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","in":["MicrosoftMonitoringAgent","OmsAgentForLinux"]},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/provisioningState","equals":"Succeeded"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/settings.workspaceId","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf","type":"Microsoft.Authorization/policyDefinitions","name":"efbde977-ba53-4479-b8e9-10b957924fbf"},{"properties":{"displayName":"Deploy
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","in":["MicrosoftMonitoringAgent","OmsAgentForLinux"]},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/provisioningState","equals":"Succeeded"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/settings.workspaceId","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf","type":"Microsoft.Authorization/policyDefinitions","name":"efbde977-ba53-4479-b8e9-10b957924fbf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1012 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1012"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/efd7b9ae-1db6-4eb6-b0fe-87e6565f9738","type":"Microsoft.Authorization/policyDefinitions","name":"efd7b9ae-1db6-4eb6-b0fe-87e6565f9738"},{"properties":{"displayName":"Microsoft
+ Managed Control 1358 - Incident Response Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1358"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/effbaeef-5bf4-400d-895e-ef8cbc0e64c7","type":"Microsoft.Authorization/policyDefinitions","name":"effbaeef-5bf4-400d-895e-ef8cbc0e64c7"},{"properties":{"displayName":"Ensure
+ that Register with Azure Active Directory is enabled on Function App","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0473e7a-a1ba-4e86-afb2-e829e11b01d8","type":"Microsoft.Authorization/policyDefinitions","name":"f0473e7a-a1ba-4e86-afb2-e829e11b01d8"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that have the specified applications installed","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
that have the specified applications installed. It also creates a system-assigned
@@ -3577,7 +6313,16 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]NotInstalledApplicationResource1;Name","value":"[parameters(''ApplicationName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2","type":"Microsoft.Authorization/policyDefinitions","name":"f0633351-c7b2-41ff-9981-508fc08553c2"},{"properties":{"displayName":"Virtual
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2","type":"Microsoft.Authorization/policyDefinitions","name":"f0633351-c7b2-41ff-9981-508fc08553c2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1531 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1531"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0643e0c-eee5-4113-8684-c608d05c5236","type":"Microsoft.Authorization/policyDefinitions","name":"f0643e0c-eee5-4113-8684-c608d05c5236"},{"properties":{"displayName":"Latest
+ TLS version should be used in your Web App","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
+ to the latest TLS version","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","type":"Microsoft.Authorization/policyDefinitions","name":"f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1028 - Information Flow Enforcement","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1028"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f171df5c-921b-41e9-b12b-50801c315475","type":"Microsoft.Authorization/policyDefinitions","name":"f171df5c-921b-41e9-b12b-50801c315475"},{"properties":{"displayName":"Virtual
networks should use specified virtual network gateway","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any virtual network if the default route does not point to the
specified virtual network gateway.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -3592,13 +6337,13 @@ interactions:
managed identity and deploys the VM extension for Guest Configuration. This
policy should only be used along with its corresponding audit policy in an
initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid121"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid121"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","type":"Microsoft.Authorization/policyDefinitions","name":"f19aa1c1-6b91-4c27-ae6a-970279f03db9"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Adminstrative
Templates - MSS (Legacy)''","policyType":"BuiltIn","mode":"Indexed","description":"This
@@ -3610,7 +6355,24 @@ interactions:
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdminstrativeTemplatesMSSLegacy","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_AdminstrativeTemplatesMSSLegacy"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f1f4825d-58fb-4257-8016-8c00e3c9ed9d","type":"Microsoft.Authorization/policyDefinitions","name":"f1f4825d-58fb-4257-8016-8c00e3c9ed9d"},{"properties":{"displayName":"Show
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f1f4825d-58fb-4257-8016-8c00e3c9ed9d","type":"Microsoft.Authorization/policyDefinitions","name":"f1f4825d-58fb-4257-8016-8c00e3c9ed9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1701 - Information System Monitoring | Host-Based Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1701"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f25bc08f-27cb-43b6-9a23-014d00700426","type":"Microsoft.Authorization/policyDefinitions","name":"f25bc08f-27cb-43b6-9a23-014d00700426"},{"properties":{"displayName":"Microsoft
+ Managed Control 1457 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1457"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f2d9d3e6-8886-4305-865d-639163e5c305","type":"Microsoft.Authorization/policyDefinitions","name":"f2d9d3e6-8886-4305-865d-639163e5c305"},{"properties":{"displayName":"Microsoft
+ Managed Control 1309 - Identification And Authentication (Org. Users) | Acceptance
+ Of Piv Credentials","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1309"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f355d62b-39a8-4ba3-abf7-90f71cb3b000","type":"Microsoft.Authorization/policyDefinitions","name":"f355d62b-39a8-4ba3-abf7-90f71cb3b000"},{"properties":{"displayName":"Microsoft
+ Managed Control 1615 - System And Communications Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1615"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f35e02aa-0a55-49f8-8811-8abfa7e6f2c0","type":"Microsoft.Authorization/policyDefinitions","name":"f35e02aa-0a55-49f8-8811-8abfa7e6f2c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1255 - Contingency Plan | Continue Essential Missions / Business
+ Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1255"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f3793f5e-937f-44f7-bfba-40647ef3efa0","type":"Microsoft.Authorization/policyDefinitions","name":"f3793f5e-937f-44f7-bfba-40647ef3efa0"},{"properties":{"displayName":"Show
audit results from Windows VMs in which the Administrators group does not
contain all of the specified members","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -3626,7 +6388,10 @@ interactions:
VMs that do not contain the specified certificates in the Trusted Root Certification
Authorities certificate store (Cert:\\LocalMachine\\Root). For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsCertificateInTrustedRoot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f3b9ad83-000d-4dc1-bff0-6d54533dd03f","type":"Microsoft.Authorization/policyDefinitions","name":"f3b9ad83-000d-4dc1-bff0-6d54533dd03f"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsCertificateInTrustedRoot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f3b9ad83-000d-4dc1-bff0-6d54533dd03f","type":"Microsoft.Authorization/policyDefinitions","name":"f3b9ad83-000d-4dc1-bff0-6d54533dd03f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1706 - Security Alerts, Advisories, And Directives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1706"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f475ee0e-f560-4c9b-876b-04a77460a404","type":"Microsoft.Authorization/policyDefinitions","name":"f475ee0e-f560-4c9b-876b-04a77460a404"},{"properties":{"displayName":"[Preview]:
Audit Log Analytics Workspace for VM - Report Mismatch","policyType":"BuiltIn","mode":"Indexed","description":"Reports
VMs as non-compliant if they not logging to the LA workspace specified in
the policy/initiative assignment.","metadata":{"category":"Monitoring"},"parameters":{"logAnalyticsWorkspaceId":{"type":"String","metadata":{"displayName":"Log
@@ -3643,7 +6408,9 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that do not have the password complexity setting enabled.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","type":"Microsoft.Authorization/policyDefinitions","name":"f48b2913-1dc5-4834-8c72-ccc1dfd819bb"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","type":"Microsoft.Authorization/policyDefinitions","name":"f48b2913-1dc5-4834-8c72-ccc1dfd819bb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1495 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1495"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f4978d0e-a596-48e7-9f8c-bbf52554ce8d","type":"Microsoft.Authorization/policyDefinitions","name":"f4978d0e-a596-48e7-9f8c-bbf52554ce8d"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that have not restarted within the
specified number of days","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -3678,7 +6445,13 @@ interactions:
0, 3)]","storageName":"[tolower(concat(''sqlaudit'', variables(''locationCode''),
variables(''uniqueStorage'')))]","createStorageAccountDeploymentName":"[concat(''sqlServerAuditingStorageAccount-'',
uniqueString(variables(''locationCode''), parameters(''serverName'')))]"},"resources":[{"apiVersion":"2017-05-10","name":"[variables(''createStorageAccountDeploymentName'')]","type":"Microsoft.Resources/deployments","resourceGroup":"[parameters(''storageAccountsResourceGroup'')]","properties":{"mode":"Incremental","parameters":{"location":{"value":"[parameters(''location'')]"},"storageName":{"value":"[variables(''storageName'')]"}},"templateLink":{"uri":"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json","contentVersion":"1.0.0.0"}}},{"name":"[concat(parameters(''serverName''),
- ''/Default'')]","type":"Microsoft.Sql/servers/auditingSettings","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","storageEndpoint":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountEndPoint.value]","storageAccountAccessKey":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountKey.value]","retentionDays":"[variables(''retentionDays'')]","auditActionsAndGroups":null,"storageAccountSubscriptionId":"[subscription().subscriptionId]","isStorageSecondaryKeyInUse":false}}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"auditRetentionDays":{"value":"[parameters(''retentionDays'')]"},"storageAccountsResourceGroup":{"value":"[parameters(''storageAccountsResourceGroup'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036","type":"Microsoft.Authorization/policyDefinitions","name":"f4c68484-132f-41f9-9b6d-3e4b1cb55036"},{"properties":{"displayName":"[Preview]:
+ ''/Default'')]","type":"Microsoft.Sql/servers/auditingSettings","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","storageEndpoint":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountEndPoint.value]","storageAccountAccessKey":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountKey.value]","retentionDays":"[variables(''retentionDays'')]","auditActionsAndGroups":null,"storageAccountSubscriptionId":"[subscription().subscriptionId]","isStorageSecondaryKeyInUse":false}}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"auditRetentionDays":{"value":"[parameters(''retentionDays'')]"},"storageAccountsResourceGroup":{"value":"[parameters(''storageAccountsResourceGroup'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036","type":"Microsoft.Authorization/policyDefinitions","name":"f4c68484-132f-41f9-9b6d-3e4b1cb55036"},{"properties":{"displayName":"Microsoft
+ Managed Control 1469 - Power Equipment And Cabling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1469"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd","type":"Microsoft.Authorization/policyDefinitions","name":"f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1618 - Security Function Isolation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1618"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f52f89aa-4489-4ec4-950e-8c96a036baa9","type":"Microsoft.Authorization/policyDefinitions","name":"f52f89aa-4489-4ec4-950e-8c96a036baa9"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Network Access''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -3714,13 +6487,42 @@ interactions:
access: Remotely accessible registry paths;ExpectedValue","value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPaths'')]"},{"name":"Network
access: Remotely accessible registry paths and sub-paths;ExpectedValue","value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths'')]"},{"name":"Network
access: Shares that can be accessed anonymously;ExpectedValue","value":"[parameters(''NetworkAccessSharesThatCanBeAccessedAnonymously'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f56a3ab2-89d1-44de-ac0d-2ada5962e22a","type":"Microsoft.Authorization/policyDefinitions","name":"f56a3ab2-89d1-44de-ac0d-2ada5962e22a"},{"properties":{"displayName":"Virtual
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f56a3ab2-89d1-44de-ac0d-2ada5962e22a","type":"Microsoft.Authorization/policyDefinitions","name":"f56a3ab2-89d1-44de-ac0d-2ada5962e22a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1198 - Configuration Change Control | Security Representative","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1198"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f56be5c3-660b-4c61-9078-f67cf072c356","type":"Microsoft.Authorization/policyDefinitions","name":"f56be5c3-660b-4c61-9078-f67cf072c356"},{"properties":{"displayName":"Microsoft
+ Managed Control 1328 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1328"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f5c66fdc-3d02-4034-9db5-ba57802609de","type":"Microsoft.Authorization/policyDefinitions","name":"f5c66fdc-3d02-4034-9db5-ba57802609de"},{"properties":{"displayName":"Microsoft
+ Managed Control 1193 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1193"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f5fd629f-3075-4cae-ab53-bad65495a4ac","type":"Microsoft.Authorization/policyDefinitions","name":"f5fd629f-3075-4cae-ab53-bad65495a4ac"},{"properties":{"displayName":"Virtual
machines should be associated with a Network Security Group","policyType":"BuiltIn","mode":"All","description":"Protect
your VM from potential threats by restricting access to it with a Network
Security Group (NSG). NSGs contain a list of Access Control List (ACL) rules
that allow or deny network traffic to your VM from other instances, in or
outside the same subnet.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnVirtualMachines","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","type":"Microsoft.Authorization/policyDefinitions","name":"f6de0be7-9a8a-4b8a-b349-43cf02d22f7c"},{"properties":{"displayName":"Show
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnVirtualMachines","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","type":"Microsoft.Authorization/policyDefinitions","name":"f6de0be7-9a8a-4b8a-b349-43cf02d22f7c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1214 - Least Functionality","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1214"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f714a4e2-b580-47b6-ae8c-f2812d3750f3","type":"Microsoft.Authorization/policyDefinitions","name":"f714a4e2-b580-47b6-ae8c-f2812d3750f3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1591 - External Information System Services | Ident. Of Functions
+ / Ports / Protocols / Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1591"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f751cdb7-fbee-406b-969b-815d367cb9b3","type":"Microsoft.Authorization/policyDefinitions","name":"f751cdb7-fbee-406b-969b-815d367cb9b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1330 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1330"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f75cedb2-5def-4b31-973e-b69e8c7bd031","type":"Microsoft.Authorization/policyDefinitions","name":"f75cedb2-5def-4b31-973e-b69e8c7bd031"},{"properties":{"displayName":"Microsoft
+ Managed Control 1540 - Security Categorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1540"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f771f8cb-6642-45cc-9a15-8a41cd5c6977","type":"Microsoft.Authorization/policyDefinitions","name":"f771f8cb-6642-45cc-9a15-8a41cd5c6977"},{"properties":{"displayName":"Microsoft
+ Managed Control 1449 - Physical Access Authorizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1449"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f784d3b0-5f2b-49b7-b9f3-00ba8653ced5","type":"Microsoft.Authorization/policyDefinitions","name":"f784d3b0-5f2b-49b7-b9f3-00ba8653ced5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1506 - Personnel Security Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1506"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f7d2ff17-d604-4dd9-b607-9ecf63f28ad2","type":"Microsoft.Authorization/policyDefinitions","name":"f7d2ff17-d604-4dd9-b607-9ecf63f28ad2"},{"properties":{"displayName":"Show
audit results from Windows VMs that do not have the specified Windows PowerShell
execution policy","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -3728,11 +6530,20 @@ interactions:
auditing Windows virtual machines where Windows PowerShell is not configured
to use the specified PowerShell execution policy. For more information on
Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellExecutionPolicy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8036bd0-c10b-4931-86bb-94a878add855","type":"Microsoft.Authorization/policyDefinitions","name":"f8036bd0-c10b-4931-86bb-94a878add855"},{"properties":{"displayName":"External
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellExecutionPolicy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8036bd0-c10b-4931-86bb-94a878add855","type":"Microsoft.Authorization/policyDefinitions","name":"f8036bd0-c10b-4931-86bb-94a878add855"},{"properties":{"displayName":"Microsoft
+ Managed Control 1705 - Security Alerts, Advisories, And Directives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1705"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f82e3639-fa2b-4e06-a786-932d8379b972","type":"Microsoft.Authorization/policyDefinitions","name":"f82e3639-fa2b-4e06-a786-932d8379b972"},{"properties":{"displayName":"External
accounts with owner permissions should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"External
accounts with owner permissions should be removed from your subscription in
order to prevent unmonitored access.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","type":"Microsoft.Authorization/policyDefinitions","name":"f8456c1c-aa66-4dfb-861a-25d127b775c9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","type":"Microsoft.Authorization/policyDefinitions","name":"f8456c1c-aa66-4dfb-861a-25d127b775c9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1345 - Cryptographic Module Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1345"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f86aa129-7c07-4aa4-bbf5-792d93ffd9ea","type":"Microsoft.Authorization/policyDefinitions","name":"f86aa129-7c07-4aa4-bbf5-792d93ffd9ea"},{"properties":{"displayName":"Microsoft
+ Managed Control 1065 - Remote Access | Privileged Commands / Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1065"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f87b8085-dca9-4cf1-8f7b-9822b997797c","type":"Microsoft.Authorization/policyDefinitions","name":"f87b8085-dca9-4cf1-8f7b-9822b997797c"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - System''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -3757,20 +6568,69 @@ interactions:
your network is compromised","metadata":{"category":"Service Bus"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","type":"Microsoft.Authorization/policyDefinitions","name":"f8d36e2f-389b-4ee4-898d-21aeb69a0f45"},{"properties":{"displayName":"Diagnostic
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","type":"Microsoft.Authorization/policyDefinitions","name":"f8d36e2f-389b-4ee4-898d-21aeb69a0f45"},{"properties":{"displayName":"Microsoft
+ Managed Control 1203 - Access Restrictions For Change | Automated Access Enforcement
+ / Auditing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1203"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9012d14-e3e6-4d7b-b926-9f37b5537066","type":"Microsoft.Authorization/policyDefinitions","name":"f9012d14-e3e6-4d7b-b926-9f37b5537066"},{"properties":{"displayName":"Microsoft
+ Managed Control 1697 - Information System Monitoring | Analyze Traffic / Covert
+ Exfiltration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1697"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9873db2-18ad-46b3-a11a-1a1f8cbf0335","type":"Microsoft.Authorization/policyDefinitions","name":"f9873db2-18ad-46b3-a11a-1a1f8cbf0335"},{"properties":{"displayName":"Microsoft
+ Managed Control 1478 - Fire Protection | Suppression Devices / Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1478"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f997df46-cfbb-4cc8-aac8-3fecdaf6a183","type":"Microsoft.Authorization/policyDefinitions","name":"f997df46-cfbb-4cc8-aac8-3fecdaf6a183"},{"properties":{"displayName":"Microsoft
+ Managed Control 1535 - Personnel Sanctions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1535"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9a165d2-967d-4733-8399-1074270dae2e","type":"Microsoft.Authorization/policyDefinitions","name":"f9a165d2-967d-4733-8399-1074270dae2e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1108 - Content Of Audit Records | Additional Audit Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1108"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9ad559e-c12d-415e-9a78-e50fdd7da7ba","type":"Microsoft.Authorization/policyDefinitions","name":"f9ad559e-c12d-415e-9a78-e50fdd7da7ba"},{"properties":{"displayName":"Diagnostic
logs in Azure Stream Analytics should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Stream Analytics"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingJobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","type":"Microsoft.Authorization/policyDefinitions","name":"f9be5368-9bf5-4b84-9e0a-7850da98bb46"},{"properties":{"displayName":"[Preview]:
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingJobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","type":"Microsoft.Authorization/policyDefinitions","name":"f9be5368-9bf5-4b84-9e0a-7850da98bb46"},{"properties":{"displayName":"Latest
+ TLS version should be used in your Function App","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
+ to the latest TLS version","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","type":"Microsoft.Authorization/policyDefinitions","name":"f9d614c5-c173-4d56-95a7-b4437057d193"},{"properties":{"displayName":"Microsoft
+ Managed Control 1280 - Telecommunications Services | Priority Of Service Provisions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1280"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fa108498-b3a8-4ffb-9e79-1107e76afad3","type":"Microsoft.Authorization/policyDefinitions","name":"fa108498-b3a8-4ffb-9e79-1107e76afad3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1037 - Least Privilege | Network Access To Privileged Commands","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1037"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fa4c2a3d-1294-41a3-9ada-0e540471e9fb","type":"Microsoft.Authorization/policyDefinitions","name":"fa4c2a3d-1294-41a3-9ada-0e540471e9fb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1435 - Media Transport","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1435"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fa8d221b-d130-4637-ba16-501e666628bb","type":"Microsoft.Authorization/policyDefinitions","name":"fa8d221b-d130-4637-ba16-501e666628bb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1675 - Flaw Remediation | Time To Remediate Flaws / Benchmarks
+ For Corrective Actions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1675"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/facb66e0-1c48-478a-bed5-747a312323e1","type":"Microsoft.Authorization/policyDefinitions","name":"facb66e0-1c48-478a-bed5-747a312323e1"},{"properties":{"displayName":"Deploy
+ prerequisites to enable Guest Configuration Policy on Linux VMs.","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a system-assigned managed identity and deploys the VM extension
+ for Guest Configuration on Linux VMs. This is a prerequisites for Guest Configuration
+ Policy and must be assigned to the scope before using any Guest Configuration
+ policy. For more information on Guest Configuration policies, please visit
+ https://aka.ms/gcpol.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.Compute/virtualMachines/extensions","name":"AzurePolicyforLinux","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.GuestConfiguration"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"ConfigurationforLinux"}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"resources":[{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}}}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb27e9e0-526e-4ae1-89f2-a2a0bf0f8a50","type":"Microsoft.Authorization/policyDefinitions","name":"fb27e9e0-526e-4ae1-89f2-a2a0bf0f8a50"},{"properties":{"displayName":"Microsoft
+ Managed Control 1086 - Publicly Accessible Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1086"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb321e6f-16a0-4be3-878f-500956e309c5","type":"Microsoft.Authorization/policyDefinitions","name":"fb321e6f-16a0-4be3-878f-500956e309c5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1222 - Information System Component Inventory","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1222"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb39e62f-6bda-4558-8088-ec03d5670914","type":"Microsoft.Authorization/policyDefinitions","name":"fb39e62f-6bda-4558-8088-ec03d5670914"},{"properties":{"displayName":"[Preview]:
Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
your Kubernetes service cluster to a later Kubernetes version to protect against
known vulnerabilities in your current Kubernetes version. Vulnerability CVE-2019-9946
has been patched in Kubernetes versions 1.11.9+, 1.12.7+, 1.13.5+, and 1.14.0+","metadata":{"category":"Security
Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.13.4","1.13.3","1.13.2","1.13.1","1.13.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.12.6","1.12.5","1.12.4","1.12.3","1.12.2","1.12.1","1.12.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.11.8","1.11.7","1.11.6","1.11.5","1.11.4","1.11.3","1.11.2","1.11.1","1.11.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.10.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.9.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.8.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.7.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.6.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.5.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.4.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.3.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.2.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.1.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.0.*"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","type":"Microsoft.Authorization/policyDefinitions","name":"fb893a29-21bb-418c-a157-e99480ec364c"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.13.4","1.13.3","1.13.2","1.13.1","1.13.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.12.6","1.12.5","1.12.4","1.12.3","1.12.2","1.12.1","1.12.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.11.8","1.11.7","1.11.6","1.11.5","1.11.4","1.11.3","1.11.2","1.11.1","1.11.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.10.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.9.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.8.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.7.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.6.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.5.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.4.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.3.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.2.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.1.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.0.*"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","type":"Microsoft.Authorization/policyDefinitions","name":"fb893a29-21bb-418c-a157-e99480ec364c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1075 - Access Control For Mobile Devices | Full Device / Container-Based Encryption","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1075"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fc933d22-04df-48ed-8f87-22a3773d4309","type":"Microsoft.Authorization/policyDefinitions","name":"fc933d22-04df-48ed-8f87-22a3773d4309"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Microsoft Network Client''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -3778,7 +6638,35 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - Microsoft Network Client''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkClient","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fcbc55c9-f25a-4e55-a6cb-33acb3be778b","type":"Microsoft.Authorization/policyDefinitions","name":"fcbc55c9-f25a-4e55-a6cb-33acb3be778b"},{"properties":{"displayName":"Show
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkClient","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fcbc55c9-f25a-4e55-a6cb-33acb3be778b","type":"Microsoft.Authorization/policyDefinitions","name":"fcbc55c9-f25a-4e55-a6cb-33acb3be778b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1318 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1318"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fced5fda-3bdb-4d73-bfea-0e2c80428b66","type":"Microsoft.Authorization/policyDefinitions","name":"fced5fda-3bdb-4d73-bfea-0e2c80428b66"},{"properties":{"displayName":"Microsoft
+ Managed Control 1543 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1543"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd00b778-b5b5-49c0-a994-734ea7bd3624","type":"Microsoft.Authorization/policyDefinitions","name":"fd00b778-b5b5-49c0-a994-734ea7bd3624"},{"properties":{"displayName":"Microsoft
+ Managed Control 1707 - Security Alerts, Advisories, And Directives | Automated
+ Alerts And Advisories","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1707"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd4a2ac8-868a-4702-a345-6c896c3361ce","type":"Microsoft.Authorization/policyDefinitions","name":"fd4a2ac8-868a-4702-a345-6c896c3361ce"},{"properties":{"displayName":"Microsoft
+ Managed Control 1299 - Identification And Authentication Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1299"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd4e54f7-9ab0-4bae-b6cc-457809948a89","type":"Microsoft.Authorization/policyDefinitions","name":"fd4e54f7-9ab0-4bae-b6cc-457809948a89"},{"properties":{"displayName":"Microsoft
+ Managed Control 1627 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1627"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd73310d-76fc-422d-bda4-3a077149f179","type":"Microsoft.Authorization/policyDefinitions","name":"fd73310d-76fc-422d-bda4-3a077149f179"},{"properties":{"displayName":"Microsoft
+ Managed Control 1130 - Time Stamps | Synchronization With Authoritative Time
+ Source","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1130"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd7c4c1d-51ee-4349-9dab-89a7f8c8d102","type":"Microsoft.Authorization/policyDefinitions","name":"fd7c4c1d-51ee-4349-9dab-89a7f8c8d102"},{"properties":{"displayName":"Microsoft
+ Managed Control 1611 - Developer-Provided Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1611"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f","type":"Microsoft.Authorization/policyDefinitions","name":"fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1405 - Maintenance Tools | Inspect Tools","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1405"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b","type":"Microsoft.Authorization/policyDefinitions","name":"fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1613 - Developer Security Architecture And Design","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1613"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fe2ad78b-8748-4bff-a924-f74dfca93f30","type":"Microsoft.Authorization/policyDefinitions","name":"fe2ad78b-8748-4bff-a924-f74dfca93f30"},{"properties":{"displayName":"Show
audit results from Linux VMs that do not have the specified applications installed","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
@@ -3788,8 +6676,20 @@ interactions:
on your SQL databases should be remediated","policyType":"BuiltIn","mode":"Indexed","description":"Monitor
Vulnerability Assessment scan results and recommendations for how to remediate
database vulnerabilities.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Sql/servers/databases","Microsoft.Sql/managedinstances/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"sqlVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","type":"Microsoft.Authorization/policyDefinitions","name":"feedbf84-6b99-488c-acc2-71c829aa5ffc"},{"properties":{"displayName":"[Limited
- Preview]: Ensure containers listen only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Sql/servers/databases","Microsoft.Sql/managedinstances/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"sqlVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","type":"Microsoft.Authorization/policyDefinitions","name":"feedbf84-6b99-488c-acc2-71c829aa5ffc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1407 - Maintenance Tools | Prevent Unauthorized Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1407"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ff9fbd83-1d8d-4b41-aac2-94cb44b33976","type":"Microsoft.Authorization/policyDefinitions","name":"ff9fbd83-1d8d-4b41-aac2-94cb44b33976"},{"properties":{"displayName":"Microsoft
+ Managed Control 1158 - Security Authorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1158"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fff50cf2-28eb-45b4-b378-c99412688907","type":"Microsoft.Authorization/policyDefinitions","name":"fff50cf2-28eb-45b4-b378-c99412688907"},{"properties":{"displayName":"[Preview]:
+ Manage certificate validity period","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the maximum validity period for certificates in months.","metadata":{"category":"Key
+ Vault","preview":true},"parameters":{"maximumValidityInMonths":{"type":"Integer","metadata":{"displayName":"The
+ maximum validity in months","description":"The limit to how long a certificate
+ may be valid for. Certificates with lengthy validity periods aren''t best
+ practice."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/properties.validityInMonths","greater":"[parameters(''maximumValidityInMonths'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560","type":"Microsoft.Authorization/policyDefinitions","name":"0a075868-4c26-42ef-914c-5bc007359560"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Ensure containers listen only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces containers to listen only on allowed ports in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
@@ -3797,8 +6697,25 @@ interactions:
service"},"parameters":{"allowedContainerPortsRegex":{"type":"String","metadata":{"displayName":"Allowed
container ports regex","description":"Regex representing container ports allowed
in Kubernetes cluster. E.g. Regex for allowing ports 443,446 is ^(443|446)$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerAllowedPorts","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-allowed-ports/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedContainerPortsRegex":"[parameters(''allowedContainerPortsRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f636243-1b1c-4d50-880f-310f6199f2cb","type":"Microsoft.Authorization/policyDefinitions","name":"0f636243-1b1c-4d50-880f-310f6199f2cb"},{"properties":{"displayName":"[Limited
- Preview]: Enforce labels on pods in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerAllowedPorts","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-allowed-ports/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedContainerPortsRegex":"[parameters(''allowedContainerPortsRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f636243-1b1c-4d50-880f-310f6199f2cb","type":"Microsoft.Authorization/policyDefinitions","name":"0f636243-1b1c-4d50-880f-310f6199f2cb"},{"properties":{"displayName":"[Preview]:
+ Manage allowed certificate key types","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the allowed key types for certificates.","metadata":{"category":"Key
+ Vault","preview":true},"parameters":{"allowedKeyTypes":{"type":"Array","metadata":{"displayName":"Allowed
+ key types","description":"The list of allowed certificate key types."},"allowedValues":["RSA","RSA-HSM","EC","EC-HSM"],"defaultValue":["RSA","RSA-HSM"]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType","notIn":"[parameters(''allowedKeyTypes'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f","type":"Microsoft.Authorization/policyDefinitions","name":"1151cede-290b-4ba0-8b38-0ad145ac888f"},{"properties":{"displayName":"[Preview]:
+ Manage certificate lifetime action triggers","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the configuration for certificate lifetime action triggers
+ before certificate expiration.","metadata":{"category":"Key Vault","preview":true},"parameters":{"maximumPercentageLife":{"type":"Integer","metadata":{"displayName":"The
+ maximum lifetime percentage","description":"Enter the percentage of lifetime
+ of the certificate when you want to trigger the policy action. For example,
+ to trigger a policy action at 80% of the certificate''s valid life, enter
+ ''80''."}},"minimumDaysBeforeExpiry":{"type":"Integer","metadata":{"displayName":"The
+ minimum days before expiry","description":"Enter the days before expiration
+ of the certificate when you want to trigger the policy action. For example,
+ to trigger a policy action 90 days before the certificate''s expiration, enter
+ ''90''."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.daysBeforeExpiry","exists":"True"},{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.daysBeforeExpiry","less":"[parameters(''minimumDaysBeforeExpiry'')]"}]},{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.lifetimePercentage","exists":"True"},{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.lifetimePercentage","greater":"[parameters(''maximumPercentageLife'')]"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417","type":"Microsoft.Authorization/policyDefinitions","name":"12ef42cb-9903-4e39-9c26-422d29570417"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Enforce labels on pods in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces the specified labels are provided for pods in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
@@ -3806,8 +6723,20 @@ interactions:
service"},"parameters":{"commaSeparatedListOfLabels":{"type":"String","metadata":{"displayName":"Comma-separated
list of labels","description":"A comma-separated list of labels to be specified
on Pods in Kubernetes cluster. E.g. test1,test2"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"PodEnforceLabels","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/pod-enforce-labels/limited-preview/gatekeeperpolicy.rego","policyParameters":{"commaSeparatedListOfLabels":"[parameters(''commaSeparatedListOfLabels'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16c6ca72-89d2-4798-b87e-496f9de7fcb7","type":"Microsoft.Authorization/policyDefinitions","name":"16c6ca72-89d2-4798-b87e-496f9de7fcb7"},{"properties":{"displayName":"[Limited
- Preview]: Ensure services listen only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"PodEnforceLabels","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/pod-enforce-labels/limited-preview/gatekeeperpolicy.rego","policyParameters":{"commaSeparatedListOfLabels":"[parameters(''commaSeparatedListOfLabels'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16c6ca72-89d2-4798-b87e-496f9de7fcb7","type":"Microsoft.Authorization/policyDefinitions","name":"16c6ca72-89d2-4798-b87e-496f9de7fcb7"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Enforce HTTPS ingress in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces HTTPS ingress in a Kubernetes cluster. For instructions on
+ using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-https-only/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-https-only/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d","type":"Microsoft.Authorization/policyDefinitions","name":"1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Ensure services listen only on allowed ports in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces services to listen only on allowed ports in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"allowedServicePortsList":{"type":"Array","metadata":{"displayName":"Allowed
+ service ports list","description":"The list of service ports allowed in a
+ Kubernetes cluster."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/service-allowed-ports/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/service-allowed-ports/constraint.yaml","values":{"allowedServicePorts":"[parameters(''allowedServicePortsList'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/233a2a17-77ca-4fb1-9b6b-69223d272a44","type":"Microsoft.Authorization/policyDefinitions","name":"233a2a17-77ca-4fb1-9b6b-69223d272a44"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Ensure services listen only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces services to listen only on allowed ports in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
@@ -3816,14 +6745,34 @@ interactions:
service ports regex","description":"Regex representing service ports allowed
in Kubernetes cluster. E.g. Regex for allowing ports 443,446 is ^(443|446)$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ServiceAllowedPorts","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/service-allowed-ports/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedServicePortsRegex":"[parameters(''allowedServicePortsRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/25dee3db-6ce0-4c02-ab5d-245887b24077","type":"Microsoft.Authorization/policyDefinitions","name":"25dee3db-6ce0-4c02-ab5d-245887b24077"},{"properties":{"displayName":"[Limited
- Preview]: Enforce HTTPS ingress in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ Preview]: [AKS] Enforce HTTPS ingress in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces HTTPS ingress in an Azure Kubernetes Service cluster. Limited
Preview policies only work for registered subscriptions. To register, please
go to https://aka.ms/akspolicyonboarding. For instruction on using this policy,
please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"HttpsIngressOnly","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-https-only/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fbff515-eecc-4b7e-9b63-fcc7138b7dc3","type":"Microsoft.Authorization/policyDefinitions","name":"2fbff515-eecc-4b7e-9b63-fcc7138b7dc3"},{"properties":{"displayName":"[Limited
- Preview]: Ensure only allowed container images in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"HttpsIngressOnly","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-https-only/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fbff515-eecc-4b7e-9b63-fcc7138b7dc3","type":"Microsoft.Authorization/policyDefinitions","name":"2fbff515-eecc-4b7e-9b63-fcc7138b7dc3"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Enforce internal load balancers in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces load balancers do not have public IPs in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/load-balancer-no-public-ips/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/load-balancer-no-public-ips/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e","type":"Microsoft.Authorization/policyDefinitions","name":"3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Ensure containers listen only on allowed ports in Kubernetes
+ cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces containers to listen only on allowed ports in a Kubernetes
+ cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"allowedContainerPortsList":{"type":"Array","metadata":{"displayName":"Allowed
+ container ports list","description":"The list of container ports allowed in
+ a Kubernetes cluster."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-ports/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-ports/constraint.yaml","values":{"allowedContainerPorts":"[parameters(''allowedContainerPortsList'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/440b515e-a580-421e-abeb-b159a61ddcbc","type":"Microsoft.Authorization/policyDefinitions","name":"440b515e-a580-421e-abeb-b159a61ddcbc"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Enforce labels on pods in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces the specified labels are provided for pods in a Kubernetes
+ cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"labelsList":{"type":"Array","metadata":{"displayName":"List
+ of labels","description":"The list of labels to be specified on Pods in a
+ Kubernetes cluster."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/pod-enforce-labels/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/pod-enforce-labels/constraint.yaml","values":{"labels":"[parameters(''labelsList'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/46592696-4c7b-4bf3-9e45-6c2763bdc0a6","type":"Microsoft.Authorization/policyDefinitions","name":"46592696-4c7b-4bf3-9e45-6c2763bdc0a6"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Ensure only allowed container images in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy ensures only allowed container images are running in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
@@ -3833,44 +6782,105 @@ interactions:
allowed in Kubernetes cluster. E.g. Regex of azure container registry images
is ^.+azurecr.io/.+$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerAllowedImages","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-allowed-images/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedContainerImagesRegex":"[parameters(''allowedContainerImagesRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5f86cb6e-c4da-441b-807c-44bd0cc14e66","type":"Microsoft.Authorization/policyDefinitions","name":"5f86cb6e-c4da-441b-807c-44bd0cc14e66"},{"properties":{"displayName":"[Limited
- Preview]: Do not allow privileged containers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ Preview]: [AKS] Do not allow privileged containers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy does not allow privileged containers creation in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerNoPrivilege","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-no-privilege/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ce7ac02-a5c6-45d6-8d1b-844feb1c1531","type":"Microsoft.Authorization/policyDefinitions","name":"7ce7ac02-a5c6-45d6-8d1b-844feb1c1531"},{"properties":{"displayName":"[Limited
- Preview]: Ensure CPU and memory resource limits defined on containers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerNoPrivilege","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-no-privilege/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ce7ac02-a5c6-45d6-8d1b-844feb1c1531","type":"Microsoft.Authorization/policyDefinitions","name":"7ce7ac02-a5c6-45d6-8d1b-844feb1c1531"},{"properties":{"displayName":"[Preview]:
+ Manage certificates issued by an integrated CA","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages certificates are issued by a specified key vault integrated
+ Certificate Authority.","metadata":{"category":"Key Vault","preview":true},"parameters":{"allowedCAs":{"type":"Array","metadata":{"displayName":"Allowed
+ Azure Key Vault Supported CAs","description":"The list of allowed certificate
+ authorities supported by Azure Key Vault."},"allowedValues":["DigiCert","GlobalSign"],"defaultValue":["DigiCert","GlobalSign"]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/issuer.name","notIn":"[parameters(''allowedCAs'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82","type":"Microsoft.Authorization/policyDefinitions","name":"8e826246-c976-48f6-b03e-619bb92b3d82"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Do not allow privileged containers in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy does not allow privileged containers creation in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-no-privilege/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-no-privilege/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4","type":"Microsoft.Authorization/policyDefinitions","name":"95edb821-ddaf-4404-9732-666045e056b4"},{"properties":{"displayName":"[Preview]:
+ Manage certificates issued by a non-integrated CA","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages certificates are issued by a specified non-integrated Certificate
+ Authority.","metadata":{"category":"Key Vault","preview":true},"parameters":{"caCommonName":{"type":"String","metadata":{"displayName":"The
+ common name of the certificate authority","description":"The common name (CN)
+ of the Certificate Authority (CA) provider. For example, for an issuer CN
+ = Contoso, OU = .., DC = .., you can specify Contoso"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/issuer.commonName","notContains":"[parameters(''caCommonName'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341","type":"Microsoft.Authorization/policyDefinitions","name":"a22f4a40-01d3-4c7d-8071-da157eeff341"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Ensure CPU and memory resource limits defined on containers
+ in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy ensures CPU and memory resource limits are defined on containers in
an Azure Kubernetes Service cluster. Limited Preview policies only work for
registered subscriptions. To register, please go to https://aka.ms/akspolicyonboarding.
For instruction on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerResourceLimits","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-resource-limits/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2d3ed81-8d11-4079-80a5-1faadc0024f4","type":"Microsoft.Authorization/policyDefinitions","name":"a2d3ed81-8d11-4079-80a5-1faadc0024f4"},{"properties":{"displayName":"[Limited
- Preview]: Enforce internal load balancers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ Preview]: [AKS] Enforce internal load balancers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces load balancers do not have public IPs in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"LoadBalancersInternal","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/loadbalancer-no-publicips/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a74d8f00-2fd9-4ce4-968e-0ee1eb821698","type":"Microsoft.Authorization/policyDefinitions","name":"a74d8f00-2fd9-4ce4-968e-0ee1eb821698"},{"properties":{"displayName":"[Limited
- Preview]: Enforce unique ingress hostnames across namespaces in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"LoadBalancersInternal","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/loadbalancer-no-publicips/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a74d8f00-2fd9-4ce4-968e-0ee1eb821698","type":"Microsoft.Authorization/policyDefinitions","name":"a74d8f00-2fd9-4ce4-968e-0ee1eb821698"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Enforce unique ingress hostnames across namespaces in Kubernetes
+ cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces unique ingress hostnames across namespaces in a Kubernetes
+ cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-hostnames-conflict/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-hostnames-conflict/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b2fd3e59-6390-4f2b-8247-ea676bd03e2d","type":"Microsoft.Authorization/policyDefinitions","name":"b2fd3e59-6390-4f2b-8247-ea676bd03e2d"},{"properties":{"displayName":"[Preview]:
+ Manage allowed curve names for elliptic curve cryptography certificates","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the allowed elliptic curve names for elliptic curve cryptography
+ certificates.","metadata":{"category":"Key Vault","preview":true},"parameters":{"allowedECNames":{"type":"Array","metadata":{"displayName":"Allowed
+ elliptic curve names","description":"The list of allowed curve names for elliptic
+ curve cryptography certificates."},"allowedValues":["P-256","P-256K","P-384","P-521"],"defaultValue":["P-256","P-256K","P-384","P-521"]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType","in":["EC","EC-HSM"]},{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.ellipticCurveName","notIn":"[parameters(''allowedECNames'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf","type":"Microsoft.Authorization/policyDefinitions","name":"bd78111f-4953-4367-9fd5-7e08808b54bf"},{"properties":{"displayName":"[Preview]:
+ Manage minimum key size for RSA certificates","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the minimum key size for RSA certificates.","metadata":{"category":"Key
+ Vault","preview":true},"parameters":{"minimumRSAKeySize":{"type":"Integer","metadata":{"displayName":"Minimum
+ RSA key size","description":"The minimum key size for RSA certificates."},"allowedValues":[2048,3072,4096]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType","in":["RSA","RSA-HSM"]},{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keySize","less":"[parameters(''minimumRSAKeySize'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0","type":"Microsoft.Authorization/policyDefinitions","name":"cee51871-e572-4576-855c-047c820360f0"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Enforce unique ingress hostnames across namespaces in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces unique ingress hostnames across namespaces in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"UniqueIngressHostnames","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-hostnames-conflict/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d011d9f7-ba32-4005-b727-b3d09371ca60","type":"Microsoft.Authorization/policyDefinitions","name":"d011d9f7-ba32-4005-b727-b3d09371ca60"},{"properties":{"displayName":"test_policy000004_new","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2","createdBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","createdOn":"2019-10-21T05:13:39.1584912Z","updatedBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","updatedOn":"2019-10-21T05:13:41.3616577Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"UniqueIngressHostnames","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-hostnames-conflict/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d011d9f7-ba32-4005-b727-b3d09371ca60","type":"Microsoft.Authorization/policyDefinitions","name":"d011d9f7-ba32-4005-b727-b3d09371ca60"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Ensure container CPU and memory resource limits do not exceed
+ the specified limits in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy ensures container CPU and memory resource limits are defined and do
+ not exceed the specified limits in a Kubernetes cluster. For instructions
+ on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"cpuLimit":{"type":"String","metadata":{"displayName":"Max
+ allowed CPU units","description":"The maximum CPU units allowed for a container.
+ E.g. 200m. For more information, please refer https://aka.ms/k8s-policy-pod-limits"}},"memoryLimit":{"type":"String","metadata":{"displayName":"Max
+ allowed memory bytes","description":"The maximum memory bytes allowed for
+ a container. E.g. 1Gi. For more information, please refer https://aka.ms/k8s-policy-pod-limits"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-resource-limits/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-resource-limits/constraint.yaml","values":{"cpuLimit":"[parameters(''cpuLimit'')]","memoryLimit":"[parameters(''memoryLimit'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e345eecc-fa47-480f-9e88-67dcc122b164","type":"Microsoft.Authorization/policyDefinitions","name":"e345eecc-fa47-480f-9e88-67dcc122b164"},{"properties":{"displayName":"[Preview]:
+ Manage certificates that are within a specified number of days of expiration","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages certificates that are within a specified number of days to
+ their expiration date.","metadata":{"category":"Key Vault","preview":true},"parameters":{"daysToExpire":{"type":"Integer","metadata":{"displayName":"Days
+ to expire","description":"The number of days for a certificate to expire."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/attributes.expiresOn","lessOrEquals":"[addDays(utcNow(),
+ parameters(''daysToExpire''))]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427","type":"Microsoft.Authorization/policyDefinitions","name":"f772fb64-8e40-40ad-87bc-7706e1949427"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Ensure only allowed container images in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy ensures only allowed container images are running in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"allowedContainerImagesRegex":{"type":"String","metadata":{"displayName":"Allowed
+ container images regex","description":"Regex representing container images
+ allowed in a Kubernetes cluster. E.g. Regex for azure container registry images
+ is ^.+azurecr.io/.+$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-images/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-images/constraint.yaml","values":{"allowedContainerImagesRegex":"[parameters(''allowedContainerImagesRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/febd0533-8e55-448f-b837-bd0e06f16469","type":"Microsoft.Authorization/policyDefinitions","name":"febd0533-8e55-448f-b837-bd0e06f16469"},{"properties":{"displayName":"test_policy000004_new","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2","createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T22:27:54.1140605Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T22:28:01.355527Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
locations 2"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000003"}]}'
headers:
cache-control:
- no-cache
content-length:
- - '908778'
+ - '1631556'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:13:42 GMT
+ - Fri, 06 Dec 2019 22:28:03 GMT
expires:
- '-1'
pragma:
@@ -3900,25 +6910,25 @@ interactions:
ParameterSetName:
- -n --management-group
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policy000004_new","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2","createdBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","createdOn":"2019-10-21T05:13:39.1584912Z","updatedBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","updatedOn":"2019-10-21T05:13:41.3616577Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ string: '{"properties":{"displayName":"test_policy000004_new","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2","createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T22:27:54.1140605Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T22:28:01.355527Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
locations 2"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000003"}'
headers:
cache-control:
- no-cache
content-length:
- - '837'
+ - '836'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:13:43 GMT
+ - Fri, 06 Dec 2019 22:28:05 GMT
expires:
- '-1'
pragma:
@@ -3948,25 +6958,25 @@ interactions:
ParameterSetName:
- --policy -n --display-name --params --scope --enforcement-mode
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policy000004_new","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2","createdBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","createdOn":"2019-10-21T05:13:39.1584912Z","updatedBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","updatedOn":"2019-10-21T05:13:41.3616577Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ string: '{"properties":{"displayName":"test_policy000004_new","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2","createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T22:27:54.1140605Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T22:28:01.355527Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
locations 2"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000003"}'
headers:
cache-control:
- no-cache
content-length:
- - '837'
+ - '836'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:13:44 GMT
+ - Fri, 06 Dec 2019 22:28:05 GMT
expires:
- '-1'
pragma:
@@ -4004,15 +7014,15 @@ interactions:
ParameterSetName:
- --policy -n --display-name --params --scope --enforcement-mode
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
- uri: https://management.azure.com/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyAssignments/cli-test-polassg000005?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyAssignments/cli-test-polassg000005?api-version=2019-09-01
response:
body:
- string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"test_assignment000006","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","scope":"/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}},"metadata":{"createdBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","createdOn":"2019-10-21T05:13:45.0884436Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyAssignments/cli-test-polassg000005","type":"Microsoft.Authorization/policyAssignments","name":"cli-test-polassg000005"}'
+ string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"test_assignment000006","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","scope":"/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}},"metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T22:28:09.0778582Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyAssignments/cli-test-polassg000005","type":"Microsoft.Authorization/policyAssignments","name":"cli-test-polassg000005"}'
headers:
cache-control:
- no-cache
@@ -4021,7 +7031,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:13:44 GMT
+ - Fri, 06 Dec 2019 22:28:08 GMT
expires:
- '-1'
pragma:
@@ -4051,15 +7061,15 @@ interactions:
ParameterSetName:
- -n --scope
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: DELETE
- uri: https://management.azure.com/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyAssignments/cli-test-polassg000005?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyAssignments/cli-test-polassg000005?api-version=2019-09-01
response:
body:
- string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"test_assignment000006","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","scope":"/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}},"metadata":{"createdBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","createdOn":"2019-10-21T05:13:45.0884436Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyAssignments/cli-test-polassg000005","type":"Microsoft.Authorization/policyAssignments","name":"cli-test-polassg000005"}'
+ string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"test_assignment000006","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","scope":"/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}},"metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T22:28:09.0778582Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyAssignments/cli-test-polassg000005","type":"Microsoft.Authorization/policyAssignments","name":"cli-test-polassg000005"}'
headers:
cache-control:
- no-cache
@@ -4068,7 +7078,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:13:45 GMT
+ - Fri, 06 Dec 2019 22:28:11 GMT
expires:
- '-1'
pragma:
@@ -4100,29 +7110,46 @@ interactions:
ParameterSetName:
- --disable-scope-strict-match
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments?api-version=2019-09-01
response:
body:
- string: '{"value":[{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"ASC
- Default (subscription: 0b1f6471-1bf0-4dda-aec3-cb9272f09590)","policyDefinitionId":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","parameters":{"diagnosticsLogsInServiceFabricMonitoringEffect":{"value":"AuditIfNotExists"},"systemUpdatesMonitoringEffect":{"value":"AuditIfNotExists"},"systemConfigurationsMonitoringEffect":{"value":"AuditIfNotExists"},"endpointProtectionMonitoringEffect":{"value":"AuditIfNotExists"},"diskEncryptionMonitoringEffect":{"value":"AuditIfNotExists"},"networkSecurityGroupsMonitoringEffect":{"value":"AuditIfNotExists"},"webApplicationFirewallMonitoringEffect":{"value":"AuditIfNotExists"},"sqlAuditingMonitoringEffect":{"value":"AuditIfNotExists"},"sqlEncryptionMonitoringEffect":{"value":"AuditIfNotExists"},"nextGenerationFirewallMonitoringEffect":{"value":"AuditIfNotExists"},"vulnerabilityAssesmentMonitoringEffect":{"value":"AuditIfNotExists"},"storageEncryptionMonitoringEffect":{"value":"Audit"},"jitNetworkAccessMonitoringEffect":{"value":"AuditIfNotExists"},"adaptiveApplicationControlsMonitoringEffect":{"value":"AuditIfNotExists"},"identityDesignateLessThanOwnersMonitoringEffect":{"value":"AuditIfNotExists"},"identityDesignateMoreThanOneOwnerMonitoringEffect":{"value":"AuditIfNotExists"},"identityEnableMFAForOwnerPermissionsMonitoringEffect":{"value":"AuditIfNotExists"},"identityEnableMFAForWritePermissionsMonitoringEffect":{"value":"AuditIfNotExists"},"identityEnableMFAForReadPermissionsMonitoringEffect":{"value":"AuditIfNotExists"},"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect":{"value":"AuditIfNotExists"},"identityRemoveDeprecatedAccountMonitoringEffect":{"value":"AuditIfNotExists"},"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect":{"value":"AuditIfNotExists"},"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect":{"value":"AuditIfNotExists"},"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect":{"value":"AuditIfNotExists"},"secureTransferToStorageAccountMonitoringEffect":{"value":"Audit"},"aadAuthenticationInSqlServerMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInRedisCacheMonitoringEffect":{"value":"Audit"},"clusterProtectionLevelInServiceFabricMonitoringEffect":{"value":"Audit"},"aadAuthenticationInServiceFabricMonitoringEffect":{"value":"Audit"},"diagnosticsLogsInServiceBusMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInDataLakeAnalyticsMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInDataLakeStoreMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInBatchAccountMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInEventHubMonitoringEffect":{"value":"AuditIfNotExists"},"metricAlertsInBatchAccountMonitoringEffect":{"value":"AuditIfNotExists"},"namespaceAuthorizationRulesInServiceBusMonitoringEffect":{"value":"Audit"},"disableUnrestrictedNetworkToStorageAccountMonitoringEffect":{"value":"Audit"},"classicComputeVMsMonitoringEffect":{"value":"Audit"},"classicStorageAccountsMonitoringEffect":{"value":"Audit"},"sqlDbVulnerabilityAssesmentMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInKeyVaultMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInStreamAnalyticsMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInSearchServiceMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInLogicAppsMonitoringEffect":{"value":"AuditIfNotExists"}},"description":"This
- policy assignment was automatically created by Azure Security Center","metadata":{"assignedBy":"Security
- Center"},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn","type":"Microsoft.Authorization/policyAssignments","name":"SecurityCenterBuiltIn"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Allowed
- virtual machine SKUs","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/fytest","notScopes":[],"parameters":{"listOfAllowedSKUs":{"value":["Basic_A0"]}},"metadata":{"assignedBy":"fey@microsoft.com
- ","parameterScopes":{"listOfAllowedSKUs":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/fytest"},"createdBy":"0a592c45-613e-4f1b-9023-7c4414fd53bf","createdOn":"2019-09-02T03:19:47.0995882Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/fytest/providers/Microsoft.Authorization/policyAssignments/9c95e7fe8227466b82f48228","type":"Microsoft.Authorization/policyAssignments","name":"9c95e7fe8227466b82f48228"}]}'
+ string: '{"value":[{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Test
+ Modify initiative","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/55afae72-7df0-417b-9eb7-f756576c854a","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"description":"","metadata":{"assignedBy":"Robert
+ Gao","parameterScopes":{},"createdBy":"0dc80135-ae53-4da3-8695-220a2d93aad8","createdOn":"2019-08-29T00:36:56.3908822Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-11T22:00:41.5492656Z"},"enforcementMode":"Default"},"identity":{"principalId":"48036e81-a2af-4e6c-9624-4908615cc36d","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/3cf2c941d7b2418ca7b860e2","type":"Microsoft.Authorization/policyAssignments","name":"3cf2c941d7b2418ca7b860e2","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"chegg
+ replace tag RG","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d157c373-a6c4-483d-aaad-570756956268","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{"tagName":{"value":"cheggReplaced"},"tagValue":{"value":"true_112019_246PM"}},"description":"","metadata":{"assignedBy":"Chris
+ Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-06T23:26:56.0841235Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-20T22:46:27.8117346Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"9f6b0b38-d4b1-43d7-9ec8-4905306fe6fa","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/98a7c096f5154b8eadd36f8c","type":"Microsoft.Authorization/policyAssignments","name":"98a7c096f5154b8eadd36f8c","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"[Preview]:
+ Audit NIST SP 800-53 R4 controls and deploy specific VM Extensions to support
+ audit requirements","policyDefinitionId":"/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{"logAnalyticsWorkspaceIdforVMReporting":{"value":"fasdff"},"listOfResourceTypesWithDiagnosticLogsEnabled":{"value":["Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"listOfMembersToExcludeFromWindowsVMAdministratorsGroup":{"value":"cheggert"},"listOfMembersToIncludeInWindowsVMAdministratorsGroup":{"value":"rohitbh"}},"description":"This
+ initiative includes audit and VM Extension deployment policies that address
+ a subset of NIST SP 800-53 R4 controls. Additional policies will be added
+ in upcoming releases. For more information, please visit https://aka.ms/nist80053-blueprint.","metadata":{"assignedBy":"Chris
+ Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-20T22:11:26.047177Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-22T04:20:25.4141918Z"},"enforcementMode":"Default"},"identity":{"principalId":"c7519ca7-0d79-4b0f-af0b-0a4cfe3402d0","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/d17bc2764dae4ec1be07d178","type":"Microsoft.Authorization/policyAssignments","name":"d17bc2764dae4ec1be07d178","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"rohitbh:
+ Key vault access policy (Always give Joel access)","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3863c624-094c-480d-bc42-74970b55e5e1","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{"userObjectId":{"value":"644c17f7-2b49-4549-a67f-bcc0448cd850"}},"description":"Assignment
+ description","metadata":{"assignedBy":"Rohit Bhardwaj","parameterScopes":{},"createdBy":"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e","createdOn":"2019-03-26T00:12:03.5422031Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-12T22:23:50.9933459Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"f12ee62c-35e6-45ec-b44b-13587ca23514","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/ebccc544c4dd43d29c937f0c","type":"Microsoft.Authorization/policyAssignments","name":"ebccc544c4dd43d29c937f0c","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"chegg:
+ Replace tag without becoming compliant","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/270f0d11-af30-4c15-95f7-28ba884518f0","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Chris
+ Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-21T00:28:49.7568462Z","updatedBy":null,"updatedOn":null},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"8b9d526a-9e43-4d1b-8bfe-cfe4d90f3b58","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/ee5909f9ee3f4c12bbed6efc","type":"Microsoft.Authorization/policyAssignments","name":"ee5909f9ee3f4c12bbed6efc","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Empty
+ deployment on each KeyVault resource (SUB)","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/78a38c70-5549-49bd-8a16-fe3619e5d2cf","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"description":"Deploys
+ an empty deployment (with one output) on each KeyVault vault. Used for some
+ PolicyInsights SDK tests.","metadata":{"assignedBy":"Chris Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-21T17:43:53.4694168Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-21T17:44:38.1610927Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"dfd2385a-7700-420f-b164-bd9ffb52285b","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/fcddeb6113ec43798567dce2","type":"Microsoft.Authorization/policyAssignments","name":"fcddeb6113ec43798567dce2","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Empty
+ deployment on each KeyVault resource (MG)","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/78a38c70-5549-49bd-8a16-fe3619e5d2cf","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","notScopes":[],"parameters":{},"description":"Deploys
+ an empty deployment (with one output) on each KeyVault vault. Used for some
+ PolicyInsights SDK tests.","metadata":{"assignedBy":"Chris Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-21T17:44:17.3643721Z","updatedBy":null,"updatedOn":null},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"067c1aa0-c425-4ad5-80fe-41d4639b1d42","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyAssignments/d80d743b97874fd3bfd1d539","type":"Microsoft.Authorization/policyAssignments","name":"d80d743b97874fd3bfd1d539","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Audit
+ tag at MG","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/03ae6c12-b46a-43f1-9f3d-c20620473106","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","notScopes":["/subscriptions/00000000-0000-0000-0000-000000000000"],"parameters":{},"metadata":{"assignedBy":"Chris
+ Eggert","parameterScopes":{},"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-19T21:02:48.2629834Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-10-01T17:50:28.4254014Z"},"enforcementMode":"Default"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyAssignments/ef26e8bbc3da423ebf7fcb80","type":"Microsoft.Authorization/policyAssignments","name":"ef26e8bbc3da423ebf7fcb80"}]}'
headers:
cache-control:
- no-cache
content-length:
- - '4908'
+ - '10632'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:13:47 GMT
+ - Fri, 06 Dec 2019 22:28:12 GMT
expires:
- '-1'
pragma:
@@ -4154,25 +7181,25 @@ interactions:
ParameterSetName:
- -n --management-group
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: DELETE
- uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policy000004_new","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2","createdBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","createdOn":"2019-10-21T05:13:39.1584912Z","updatedBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","updatedOn":"2019-10-21T05:13:41.3616577Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ string: '{"properties":{"displayName":"test_policy000004_new","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2","createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T22:27:54.1140605Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T22:28:01.355527Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
locations 2"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000003"}'
headers:
cache-control:
- no-cache
content-length:
- - '837'
+ - '836'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:13:47 GMT
+ - Fri, 06 Dec 2019 22:28:17 GMT
expires:
- '-1'
pragma:
@@ -4186,7 +7213,7 @@ interactions:
x-content-type-options:
- nosniff
x-ms-ratelimit-remaining-tenant-deletes:
- - '14998'
+ - '14999'
status:
code: 200
message: OK
@@ -4204,23 +7231,52 @@ interactions:
ParameterSetName:
- --management-group
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions?api-version=2019-09-01
response:
body:
- string: '{"value":[{"properties":{"displayName":"Audit virtual machines without
- disaster recovery configured","policyType":"BuiltIn","mode":"All","description":"Audit
+ string: '{"value":[{"properties":{"displayName":"Microsoft Managed Control 1599
+ - Developer Configuration Management | Software / Firmware Integrity Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1599"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0004bbf0-5099-4179-869e-e9ffe5fb0945","type":"Microsoft.Authorization/policyDefinitions","name":"0004bbf0-5099-4179-869e-e9ffe5fb0945"},{"properties":{"displayName":"Audit
+ virtual machines without disaster recovery configured","policyType":"BuiltIn","mode":"All","description":"Audit
virtual machines which do not have disaster recovery configured. To learn
more about disaster recovery, visit https://aka.ms/asr-doc.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Resources/links","existenceCondition":{"field":"name","like":"ASR-Protect-*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","type":"Microsoft.Authorization/policyDefinitions","name":"0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56"},{"properties":{"displayName":"[Deprecated]:
Audit Web Sockets state for a Function App","policyType":"BuiltIn","mode":"All","description":"The
Web Sockets protocol is vulnerable to different types of security threats.
Use of Web Sockets within an Function app must be carefully reviewed.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd","type":"Microsoft.Authorization/policyDefinitions","name":"001802d1-4969-4c82-a700-c29c6c6f9bbd"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd","type":"Microsoft.Authorization/policyDefinitions","name":"001802d1-4969-4c82-a700-c29c6c6f9bbd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1375 - Incident Response Assistance | Automation Support For
+ Availability Of Information / Support","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1375"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/00379355-8932-4b52-b63a-3bc6daf3451a","type":"Microsoft.Authorization/policyDefinitions","name":"00379355-8932-4b52-b63a-3bc6daf3451a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1605 - Developer Security Testing And Evaluation | Static
+ Code Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1605"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0062eb8b-dc75-4718-8ea5-9bb4a9606655","type":"Microsoft.Authorization/policyDefinitions","name":"0062eb8b-dc75-4718-8ea5-9bb4a9606655"},{"properties":{"displayName":"Microsoft
+ Managed Control 1142 - Security Assessment And Authorization Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1142"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/01524fa8-4555-48ce-ba5f-c3b8dcef5147","type":"Microsoft.Authorization/policyDefinitions","name":"01524fa8-4555-48ce-ba5f-c3b8dcef5147"},{"properties":{"displayName":"Microsoft
+ Managed Control 1099 - Security Training Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1099"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/01910bab-8639-4bd0-84ef-cc53b24d79ba","type":"Microsoft.Authorization/policyDefinitions","name":"01910bab-8639-4bd0-84ef-cc53b24d79ba"},{"properties":{"displayName":"Microsoft
+ Managed Control 1285 - Telecommunications Services | Provider Contingency
+ Plan","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1285"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/01f7726b-db54-45c2-bcb5-9bd7a43796ee","type":"Microsoft.Authorization/policyDefinitions","name":"01f7726b-db54-45c2-bcb5-9bd7a43796ee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1709 - Security Function Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1709"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/025992d6-7fee-4137-9bbf-2ffc39c0686c","type":"Microsoft.Authorization/policyDefinitions","name":"025992d6-7fee-4137-9bbf-2ffc39c0686c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1052 - Session Lock","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1052"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/027cae1c-ec3e-4492-9036-4168d540c42a","type":"Microsoft.Authorization/policyDefinitions","name":"027cae1c-ec3e-4492-9036-4168d540c42a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1034 - Least Privilege","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1034"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02a5ed00-6d2e-4e97-9a98-46c32c057329","type":"Microsoft.Authorization/policyDefinitions","name":"02a5ed00-6d2e-4e97-9a98-46c32c057329"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs on which the remote host connection status
does not match the specified one","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -4228,12 +7284,68 @@ interactions:
auditing Windows virtual machines on which the remote host connection status
does not match the specified one. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsRemoteConnection","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02a84be7-c304-421f-9bb7-5d2c26af54ad","type":"Microsoft.Authorization/policyDefinitions","name":"02a84be7-c304-421f-9bb7-5d2c26af54ad"},{"properties":{"displayName":"SQL
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsRemoteConnection","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02a84be7-c304-421f-9bb7-5d2c26af54ad","type":"Microsoft.Authorization/policyDefinitions","name":"02a84be7-c304-421f-9bb7-5d2c26af54ad"},{"properties":{"displayName":"Microsoft
+ Managed Control 1623 - Boundary Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1623"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02ce1b22-412a-4528-8630-c42146f917ed","type":"Microsoft.Authorization/policyDefinitions","name":"02ce1b22-412a-4528-8630-c42146f917ed"},{"properties":{"displayName":"Microsoft
+ Managed Control 1515 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1515"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02dd141a-a2b2-49a7-bcbd-ca31142f6211","type":"Microsoft.Authorization/policyDefinitions","name":"02dd141a-a2b2-49a7-bcbd-ca31142f6211"},{"properties":{"displayName":"Microsoft
+ Managed Control 1327 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1327"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03188d8f-1ae5-4fe1-974d-2d7d32ef937d","type":"Microsoft.Authorization/policyDefinitions","name":"03188d8f-1ae5-4fe1-974d-2d7d32ef937d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1229 - Information System Component Inventory | No Duplicate
+ Accounting Of Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1229"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03752212-103c-4ab8-a306-7e813022ca9d","type":"Microsoft.Authorization/policyDefinitions","name":"03752212-103c-4ab8-a306-7e813022ca9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1123 - Audit Review, Analysis, And Reporting | Audit Level
+ Adjustment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1123"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03996055-37a4-45a5-8b70-3f1caa45f87d","type":"Microsoft.Authorization/policyDefinitions","name":"03996055-37a4-45a5-8b70-3f1caa45f87d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1474 - Emergency Power | Long-Term Alternate Power Supply
+ - Minimal Operational Capability","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1474"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03ad326e-d7a1-44b1-9a76-e17492efc9e4","type":"Microsoft.Authorization/policyDefinitions","name":"03ad326e-d7a1-44b1-9a76-e17492efc9e4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1227 - Information System Component Inventory | Automated
+ Unauthorized Component Detection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1227"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03b78f5e-4877-4303-b0f4-eb6583f25768","type":"Microsoft.Authorization/policyDefinitions","name":"03b78f5e-4877-4303-b0f4-eb6583f25768"},{"properties":{"displayName":"Microsoft
+ Managed Control 1361 - Incident Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1361"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03ed3be1-7276-4452-9a5d-e4168565ac67","type":"Microsoft.Authorization/policyDefinitions","name":"03ed3be1-7276-4452-9a5d-e4168565ac67"},{"properties":{"displayName":"Microsoft
+ Managed Control 1594 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1594"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/042ba2a1-8bb8-45f4-b080-c78cf62b90e9","type":"Microsoft.Authorization/policyDefinitions","name":"042ba2a1-8bb8-45f4-b080-c78cf62b90e9"},{"properties":{"displayName":"SQL
managed instance TDE protector should be encrypted with your own key","policyType":"BuiltIn","mode":"Indexed","description":"Transparent
Data Encryption (TDE) with your own key support provides increased transparency
and control over the TDE Protector, increased security with an HSM-backed
external service, and promotion of separation of duties.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/encryptionProtector","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/managedInstances/encryptionProtector/serverKeyType","equals":"AzureKeyVault"},{"field":"Microsoft.Sql/managedInstances/encryptionProtector/uri","notEquals":""},{"field":"Microsoft.Sql/managedInstances/encryptionProtector/uri","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","type":"Microsoft.Authorization/policyDefinitions","name":"048248b0-55cd-46da-b1ff-39efd52db260"},{"properties":{"displayName":"[Preview]:
+ Network traffic data collection agent should be installed on Linux virtual
+ machines","policyType":"BuiltIn","mode":"Indexed","description":"Security
+ Center uses the Microsoft Monitoring Dependency Agent to collect network traffic
+ data from your Azure virtual machines to enable advanced network protection
+ features such as traffic visualization on the network map, network hardening
+ recommendations and specific network threats.","metadata":{"category":"Monitoring","preview":"true"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable Dependency Agent for Linux VMs monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/04c4380f-3fae-46e8-96c9-30193528f602","type":"Microsoft.Authorization/policyDefinitions","name":"04c4380f-3fae-46e8-96c9-30193528f602"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Service Bus to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Service Bus to stream to a regional Log Analytics
+ workspace when any Service Bus which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.ServiceBus/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e","type":"Microsoft.Authorization/policyDefinitions","name":"04d53d87-841c-4f23-8a5b-21564380b55e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1572 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1572"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/04f5fb00-80bb-48a9-a75b-4cb4d4c97c36","type":"Microsoft.Authorization/policyDefinitions","name":"04f5fb00-80bb-48a9-a75b-4cb4d4c97c36"},{"properties":{"displayName":"[Preview]:
Deploy Log Analytics Agent for Linux VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined
and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log
@@ -4246,7 +7358,10 @@ interactions:
''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77","type":"Microsoft.Authorization/policyDefinitions","name":"053d3325-282c-4e5c-b944-24faffd30d77"},{"properties":{"displayName":"Vulnerability
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77","type":"Microsoft.Authorization/policyDefinitions","name":"053d3325-282c-4e5c-b944-24faffd30d77"},{"properties":{"displayName":"Microsoft
+ Managed Control 1331 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1331"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05460fe2-301f-4ed1-8174-d62c8bb92ff4","type":"Microsoft.Authorization/policyDefinitions","name":"05460fe2-301f-4ed1-8174-d62c8bb92ff4"},{"properties":{"displayName":"Vulnerability
Assessment settings for SQL server should contain an email address to receive
scan reports","policyType":"BuiltIn","mode":"Indexed","description":"Ensure
that an email address is provided for the ''Send scan reports to'' field in
@@ -4259,12 +7374,44 @@ interactions:
your network is compromised","metadata":{"category":"Data Lake"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","type":"Microsoft.Authorization/policyDefinitions","name":"057ef27e-665e-4328-8ea3-04b3122bd9fb"},{"properties":{"displayName":"[Deprecated]:
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","type":"Microsoft.Authorization/policyDefinitions","name":"057ef27e-665e-4328-8ea3-04b3122bd9fb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1132 - Protection Of Audit Information | Audit Backup On Separate
+ Physical Systems / Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1132"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05938e10-cdbd-4a54-9b2b-1cbcfc141ad0","type":"Microsoft.Authorization/policyDefinitions","name":"05938e10-cdbd-4a54-9b2b-1cbcfc141ad0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1223 - Information System Component Inventory","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1223"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a","type":"Microsoft.Authorization/policyDefinitions","name":"05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1640 - Transmission Confidentiality And Integrity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1640"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05a289ce-6a20-4b75-a0f3-dc8601b6acd0","type":"Microsoft.Authorization/policyDefinitions","name":"05a289ce-6a20-4b75-a0f3-dc8601b6acd0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1420 - Maintenance Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1420"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05ae08cc-a282-413b-90c7-21a2c60b8404","type":"Microsoft.Authorization/policyDefinitions","name":"05ae08cc-a282-413b-90c7-21a2c60b8404"},{"properties":{"displayName":"Microsoft
+ Managed Control 1658 - Secure Name / Address Resolution Service (Recursive
+ Or Caching Resolver)","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1658"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/063b540e-4bdc-4e7a-a569-3a42ddf22098","type":"Microsoft.Authorization/policyDefinitions","name":"063b540e-4bdc-4e7a-a569-3a42ddf22098"},{"properties":{"displayName":"Microsoft
+ Managed Control 1688 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1688"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/063c3f09-e0f0-4587-8fd5-f4276fae675f","type":"Microsoft.Authorization/policyDefinitions","name":"063c3f09-e0f0-4587-8fd5-f4276fae675f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1332 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1332"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/068260be-a5e6-4b0a-a430-cd27071c226a","type":"Microsoft.Authorization/policyDefinitions","name":"068260be-a5e6-4b0a-a430-cd27071c226a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1455 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1455"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/068a88d4-e520-434e-baf0-9005a8164e6a","type":"Microsoft.Authorization/policyDefinitions","name":"068a88d4-e520-434e-baf0-9005a8164e6a"},{"properties":{"displayName":"[Deprecated]:
Audit SQL DB Level Audit Setting","policyType":"BuiltIn","mode":"All","description":"Audit
DB level audit setting for SQL databases","metadata":{"category":"SQL","deprecated":true},"parameters":{"setting":{"type":"String","metadata":{"displayName":"Audit
Setting"},"allowedValues":["enabled","disabled"]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Sql/servers/databases/auditingSettings","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/auditingSettings.state","equals":"[parameters(''setting'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"Audit
VMs that do not use managed disks","policyType":"BuiltIn","mode":"All","description":"This
- policy audits VMs that do not use managed disks","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/virtualMachines/osDisk.uri","exists":"True"}]},{"allOf":[{"field":"type","equals":"Microsoft.Compute/VirtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers","exists":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl","exists":"True"}]}]}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a4d"},{"properties":{"displayName":"CORS
+ policy audits VMs that do not use managed disks","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/virtualMachines/osDisk.uri","exists":"True"}]},{"allOf":[{"field":"type","equals":"Microsoft.Compute/VirtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers","exists":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl","exists":"True"}]}]}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a4d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1366 - Incident Handling | Information Correlation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1366"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06c45c30-ae44-4f0f-82be-41331da911cc","type":"Microsoft.Authorization/policyDefinitions","name":"06c45c30-ae44-4f0f-82be-41331da911cc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1633 - Boundary Protection | Route Traffic To Authenticated
+ Proxy Servers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1633"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/07557aa0-e02f-4460-9a81-8ecd2fed601a","type":"Microsoft.Authorization/policyDefinitions","name":"07557aa0-e02f-4460-9a81-8ecd2fed601a"},{"properties":{"displayName":"CORS
should not allow every resource to access your Function Apps","policyType":"BuiltIn","mode":"Indexed","description":"Cross-Origin
Resource Sharing (CORS) should not allow all domains to access your Function
app. Allow only required domains to interact with your Function app.","metadata":{"category":"App
@@ -4283,12 +7430,30 @@ interactions:
''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c","type":"Microsoft.Authorization/policyDefinitions","name":"0868462e-646c-4fe3-9ced-a733534b6a2c"},{"properties":{"displayName":"[Deprecated]:
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c","type":"Microsoft.Authorization/policyDefinitions","name":"0868462e-646c-4fe3-9ced-a733534b6a2c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1583 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1583"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0882d488-8e80-4466-bc0f-0cd15b6cb66d","type":"Microsoft.Authorization/policyDefinitions","name":"0882d488-8e80-4466-bc0f-0cd15b6cb66d"},{"properties":{"displayName":"[Deprecated]:
Audit Web Applications that are not using latest supported PHP Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported PHP version for the latest security classes. Using older
classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c","type":"Microsoft.Authorization/policyDefinitions","name":"08b17839-76c6-4015-90e0-33d9d54d219c"},{"properties":{"displayName":"Network
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c","type":"Microsoft.Authorization/policyDefinitions","name":"08b17839-76c6-4015-90e0-33d9d54d219c"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Search Services to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Search Services to stream to a regional Log Analytics
+ workspace when any Search Services which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Search/searchServices/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d","type":"Microsoft.Authorization/policyDefinitions","name":"08ba64b8-738f-4918-9686-730d2ed79c7d"},{"properties":{"displayName":"Network
Security Group Rules for Internet facing virtual machines should be hardened","policyType":"BuiltIn","mode":"Indexed","description":"Azure
Security Center analyzes the traffic patterns of Internet facing virtual machines
and provides Network Security Group rule recommendations that reduce the potential
@@ -4297,11 +7462,50 @@ interactions:
should be more than one owner assigned to your subscription","policyType":"BuiltIn","mode":"All","description":"It
is recommended to designate more than one subscription owner in order to have
administrator access redundancy.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateMoreThanOneOwner","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","type":"Microsoft.Authorization/policyDefinitions","name":"09024ccc-0c5f-475e-9457-b7c0d9ed487b"},{"properties":{"displayName":"Disk
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateMoreThanOneOwner","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","type":"Microsoft.Authorization/policyDefinitions","name":"09024ccc-0c5f-475e-9457-b7c0d9ed487b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1159 - Security Authorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1159"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0925f098-7877-450b-8ba4-d1e55f2d8795","type":"Microsoft.Authorization/policyDefinitions","name":"0925f098-7877-450b-8ba4-d1e55f2d8795"},{"properties":{"displayName":"Disk
encryption should be applied on virtual machines","policyType":"BuiltIn","mode":"All","description":"VMs
without an enabled disk encryption will be monitored by Azure Security Center
as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","type":"Microsoft.Authorization/policyDefinitions","name":"0961003e-5a0a-4549-abde-af6a37f2724d"},{"properties":{"displayName":"Audit
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","type":"Microsoft.Authorization/policyDefinitions","name":"0961003e-5a0a-4549-abde-af6a37f2724d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1302 - Identification And Authentication (Org. Users) | Network
+ Access To Non-Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1302"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09828c65-e323-422b-9774-9d5c646124da","type":"Microsoft.Authorization/policyDefinitions","name":"09828c65-e323-422b-9774-9d5c646124da"},{"properties":{"displayName":"Configure
+ backup on VMs of a location to an existing central Vault in the same location","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy configures Azure Backup protection on VMs in a given location to an
+ existing central vault in the same location. It applies to only those VMs
+ that are not already configured for backup. It is recommended that this policy
+ is assigned to not more than 200 VMs. If the policy is assigned for more than
+ 200 VMs, it can result in the backup getting triggered a few hours beyond
+ the defined schedule. This policy will be enhanced to support more VM images.","metadata":{"category":"Backup"},"parameters":{"vaultLocation":{"type":"String","metadata":{"displayName":"Location
+ (Specify the location of the VMs that you want to protect)","description":"Specify
+ the location of the VMs that you want to protect. VMs should be backed up
+ to a vault in the same location.\nFor example - southeastasia","strongType":"location"}},"backupPolicyId":{"type":"String","metadata":{"displayName":"Backup
+ Policy (of type Azure VM from a vault in the location chosen above)","description":"Specify
+ the id of the Azure backup policy to configure backup of the virtual machines.
+ The selected Azure backup policy should be of type Azure virtual machine.
+ This policy needs to be in a vault that is present in the location chosen
+ above.\nFor example - /subscriptions//resourceGroups//providers/Microsoft.RecoveryServices/vaults//backupPolicies/","strongType":"Microsoft.RecoveryServices/vaults/backupPolicies"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["deployIfNotExists","auditIfNotExists","disabled"],"defaultValue":"deployIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"location","equals":"[parameters(''vaultLocation'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c","/providers/microsoft.authorization/roleDefinitions/5e467623-bb1f-42f4-a55d-6e525e11384b"],"type":"Microsoft.RecoveryServices/backupprotecteditems","deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"backupPolicyId":{"type":"String"},"fabricName":{"type":"String"},"protectionContainers":{"type":"String"},"protectedItems":{"type":"String"},"sourceResourceId":{"type":"String"}},"resources":[{"apiVersion":"2017-05-10","name":"[concat(''DeployProtection-'',uniqueString(parameters(''protectedItems'')))]","type":"Microsoft.Resources/deployments","resourceGroup":"[first(skip(split(parameters(''backupPolicyId''),
+ ''/''), 4))]","subscriptionId":"[first(skip(split(parameters(''backupPolicyId''),
+ ''/''), 2))]","properties":{"mode":"Incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"backupPolicyId":{"type":"String"},"fabricName":{"type":"String"},"protectionContainers":{"type":"String"},"protectedItems":{"type":"String"},"sourceResourceId":{"type":"String"}},"resources":[{"type":"Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems","name":"[concat(first(skip(split(parameters(''backupPolicyId''),
+ ''/''), 8)), ''/'', parameters(''fabricName''), ''/'',parameters(''protectionContainers''),
+ ''/'', parameters(''protectedItems''))]","apiVersion":"2016-06-01","properties":{"protectedItemType":"Microsoft.Compute/virtualMachines","policyId":"[parameters(''backupPolicyId'')]","sourceResourceId":"[parameters(''sourceResourceId'')]"}}]},"parameters":{"backupPolicyId":{"value":"[parameters(''backupPolicyId'')]"},"fabricName":{"value":"[parameters(''fabricName'')]"},"protectionContainers":{"value":"[parameters(''protectionContainers'')]"},"protectedItems":{"value":"[parameters(''protectedItems'')]"},"sourceResourceId":{"value":"[parameters(''sourceResourceId'')]"}}}}]},"parameters":{"backupPolicyId":{"value":"[parameters(''backupPolicyId'')]"},"fabricName":{"value":"Azure"},"protectionContainers":{"value":"[concat(''iaasvmcontainer;iaasvmcontainerv2;'',
+ resourceGroup().name, '';'' ,field(''name''))]"},"protectedItems":{"value":"[concat(''vm;iaasvmcontainerv2;'',
+ resourceGroup().name, '';'' ,field(''name''))]"},"sourceResourceId":{"value":"[concat(''/subscriptions/'',
+ subscription().subscriptionId, ''/resourceGroups/'', resourceGroup().name,
+ ''/providers/Microsoft.Compute/virtualMachines/'',field(''name''))]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09ce66bc-1220-4153-8104-e3f51c936913","type":"Microsoft.Authorization/policyDefinitions","name":"09ce66bc-1220-4153-8104-e3f51c936913"},{"properties":{"displayName":"Microsoft
+ Managed Control 1654 - Voice Over Internet Protocol","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1654"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a2ee16e-ab1f-414a-800b-d1608835862b","type":"Microsoft.Authorization/policyDefinitions","name":"0a2ee16e-ab1f-414a-800b-d1608835862b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1402 - Controlled Maintenance | Automated Maintenance Activities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1402"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a560d32-8075-4fec-9615-9f7c853f4ea9","type":"Microsoft.Authorization/policyDefinitions","name":"0a560d32-8075-4fec-9615-9f7c853f4ea9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1428 - Media Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1428"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a77fcc7-b8d8-451a-ab52-56197913c0c7","type":"Microsoft.Authorization/policyDefinitions","name":"0a77fcc7-b8d8-451a-ab52-56197913c0c7"},{"properties":{"displayName":"Audit
resource location matches resource group location","policyType":"BuiltIn","mode":"Indexed","description":"Audit
that the resource location matches its resource group location","metadata":{"category":"General"},"policyRule":{"if":{"field":"location","notIn":["[resourcegroup().location]","global"]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a","type":"Microsoft.Authorization/policyDefinitions","name":"0a914e76-4921-4c19-b460-a2d36003525a"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
@@ -4314,13 +7518,26 @@ interactions:
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesAccountManagement","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesAccountManagement"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29","type":"Microsoft.Authorization/policyDefinitions","name":"0a9991e6-21be-49f9-8916-a06d934bcf29"},{"properties":{"displayName":"Email
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29","type":"Microsoft.Authorization/policyDefinitions","name":"0a9991e6-21be-49f9-8916-a06d934bcf29"},{"properties":{"displayName":"Microsoft
+ Managed Control 1044 - Unsuccessful Logon Attempts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1044"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0abbac52-57cf-450d-8408-1208d0dd9e90","type":"Microsoft.Authorization/policyDefinitions","name":"0abbac52-57cf-450d-8408-1208d0dd9e90"},{"properties":{"displayName":"Microsoft
+ Managed Control 1253 - Contingency Plan | Resume Essential Missions / Business
+ Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1253"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0afce0b3-dd9f-42bb-af28-1e4284ba8311","type":"Microsoft.Authorization/policyDefinitions","name":"0afce0b3-dd9f-42bb-af28-1e4284ba8311"},{"properties":{"displayName":"Email
notification to subscription owner for high severity alerts should be enabled","policyType":"BuiltIn","mode":"All","description":"Enable
emailing security alerts to the subscription owner, in order to have them
receive security alert emails from Microsoft. This ensures that they are aware
of any potential security issues and can mitigate the risk in a timely fashion","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertsToAdmins","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","type":"Microsoft.Authorization/policyDefinitions","name":"0b15565f-aa9e-48ba-8619-45960f2c314d"},{"properties":{"displayName":"Key
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertsToAdmins","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","type":"Microsoft.Authorization/policyDefinitions","name":"0b15565f-aa9e-48ba-8619-45960f2c314d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1046 - Automatic Account Lock | Purge / Wipe Mobile Device","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1046"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b1aa965-7502-41f9-92be-3e2fe7cc392a","type":"Microsoft.Authorization/policyDefinitions","name":"0b1aa965-7502-41f9-92be-3e2fe7cc392a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1020 - Account Management | Role-Based Schemes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1020"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b291ee8-3140-4cad-beb7-568c077c78ce","type":"Microsoft.Authorization/policyDefinitions","name":"0b291ee8-3140-4cad-beb7-568c077c78ce"},{"properties":{"displayName":"Key
Vault objects should be recoverable","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits if key vault objects are not recoverable. Soft Delete feature
helps to effectively hold the resources for a given retention period (90 days)
@@ -4329,19 +7546,51 @@ interactions:
state cannot be purged until the retention period of 90 days has passed. These
vaults and objects can still be recovered, assuring customers that the retention
policy will be followed.","metadata":{"category":"Key Vault"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"anyOf":[{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","equals":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","type":"Microsoft.Authorization/policyDefinitions","name":"0b60c0b2-2dc2-4e1c-b5c9-abbed971de53"},{"properties":{"displayName":"SQL
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"anyOf":[{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","equals":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","type":"Microsoft.Authorization/policyDefinitions","name":"0b60c0b2-2dc2-4e1c-b5c9-abbed971de53"},{"properties":{"displayName":"Microsoft
+ Managed Control 1115 - Audit Review, Analysis, And Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1115"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b653845-2ad9-4e09-a4f3-5a7c1d78353d","type":"Microsoft.Authorization/policyDefinitions","name":"0b653845-2ad9-4e09-a4f3-5a7c1d78353d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1239 - User-Installed Software","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1239"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0be51298-f643-4556-88af-d7db90794879","type":"Microsoft.Authorization/policyDefinitions","name":"0be51298-f643-4556-88af-d7db90794879"},{"properties":{"displayName":"Ensure
+ API app has ''Client Certificates (Incoming client certificates)'' set to
+ ''On''","policyType":"BuiltIn","mode":"Indexed","description":"Client certificates
+ allow for the app to request a certificate for incoming requests. Only clients
+ that have a valid certificate will be able to reach the app.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"},{"field":"Microsoft.Web/sites/clientCertEnabled","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886","type":"Microsoft.Authorization/policyDefinitions","name":"0c192fe8-9cbb-4516-85b3-0ade8bd03886"},{"properties":{"displayName":"Microsoft
+ Managed Control 1496 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1496"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0ca96127-2f87-46ab-a4fc-0d2a786df1c8","type":"Microsoft.Authorization/policyDefinitions","name":"0ca96127-2f87-46ab-a4fc-0d2a786df1c8"},{"properties":{"displayName":"SQL
server TDE protector should be encrypted with your own key","policyType":"BuiltIn","mode":"Indexed","description":"Transparent
Data Encryption (TDE) with your own key support provides increased transparency
and control over the TDE Protector, increased security with an HSM-backed
external service, and promotion of separation of duties.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/encryptionProtector","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/servers/encryptionProtector/serverKeyType","equals":"AzureKeyVault"},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","notEquals":""},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","type":"Microsoft.Authorization/policyDefinitions","name":"0d134df8-db83-46fb-ad72-fe0c9428c8dd"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/encryptionProtector","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/servers/encryptionProtector/serverKeyType","equals":"AzureKeyVault"},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","notEquals":""},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","type":"Microsoft.Authorization/policyDefinitions","name":"0d134df8-db83-46fb-ad72-fe0c9428c8dd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1518 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1518"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d58f734-c052-40e9-8b2f-a1c2bff0b815","type":"Microsoft.Authorization/policyDefinitions","name":"0d58f734-c052-40e9-8b2f-a1c2bff0b815"},{"properties":{"displayName":"Microsoft
+ Managed Control 1713 - Software, Firmware, And Information Integrity | Integrity
+ Checks","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1713"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d87c70b-5012-48e9-994b-e70dd4b8def0","type":"Microsoft.Authorization/policyDefinitions","name":"0d87c70b-5012-48e9-994b-e70dd4b8def0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1466 - Visitor Access Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1466"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d943a9c-a6f1-401f-a792-740cdb09c451","type":"Microsoft.Authorization/policyDefinitions","name":"0d943a9c-a6f1-401f-a792-740cdb09c451"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs on which Windows Defender Exploit Guard
is not enabled","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines on which Windows Defender Exploit Guard is not enabled. For
more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDefenderExploitGuard","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053","type":"Microsoft.Authorization/policyDefinitions","name":"0d9b45ff-9ddd-43fc-bf59-fbd1c8423053"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDefenderExploitGuard","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053","type":"Microsoft.Authorization/policyDefinitions","name":"0d9b45ff-9ddd-43fc-bf59-fbd1c8423053"},{"properties":{"displayName":"Managed
+ identity should be used in your Function App","policyType":"BuiltIn","mode":"Indexed","description":"Use
+ a managed identity for enhanced authentication security","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f","type":"Microsoft.Authorization/policyDefinitions","name":"0da106f2-4ca3-48e8-bc85-c638fe6aea8f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1718 - Software, Firmware, And Information Integrity | Binary
+ Or Machine Executable Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1718"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0dced7ab-9ce5-4137-93aa-14c13e06ab17","type":"Microsoft.Authorization/policyDefinitions","name":"0dced7ab-9ce5-4137-93aa-14c13e06ab17"},{"properties":{"displayName":"[Preview]:
Authorized IP ranges should be defined on Kubernetes Services","policyType":"BuiltIn","mode":"All","description":"Restrict
access to the Kubernetes Service Management API by granting API access only
to IP addresses in specific ranges. It is recommended to limit access to authorized
@@ -4351,7 +7600,42 @@ interactions:
debugging should be turned off for Function Apps","policyType":"BuiltIn","mode":"Indexed","description":"Remote
debugging requires inbound ports to be opened on an function app. Remote debugging
should be turned off.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","type":"Microsoft.Authorization/policyDefinitions","name":"0e60b895-3786-45da-8377-9c6b4b6ac5f9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","type":"Microsoft.Authorization/policyDefinitions","name":"0e60b895-3786-45da-8377-9c6b4b6ac5f9"},{"properties":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for MariaDB","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure Database for MariaDB with geo-redundant backup not
+ enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMariaDB/servers"},{"field":"Microsoft.DBforMariaDB/servers/storageProfile.geoRedundantBackup","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","type":"Microsoft.Authorization/policyDefinitions","name":"0ec47710-77ff-4a3d-9181-6aa50af424d0"},{"properties":{"displayName":"Deploy
+ prerequisites to enable Guest Configuration Policy on Windows VMs.","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a system-assigned managed identity and deploys the VM extension
+ for Guest Configuration on Windows VMs. This is a prerequisites for Guest
+ Configuration Policy and must be assigned to the scope before using any Guest
+ Configuration policy. For more information on Guest Configuration policies,
+ please visit https://aka.ms/gcpol.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.Compute/virtualMachines/extensions","name":"AzurePolicyforWindows","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.GuestConfiguration"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"ConfigurationforWindows"}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"resources":[{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}}}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0ecd903d-91e7-4726-83d3-a229d7f2e293","type":"Microsoft.Authorization/policyDefinitions","name":"0ecd903d-91e7-4726-83d3-a229d7f2e293"},{"properties":{"displayName":"Microsoft
+ Managed Control 1601 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1601"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e","type":"Microsoft.Authorization/policyDefinitions","name":"0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1476 - Fire Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1476"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f3c4ac2-3e35-4906-a80b-473b12a622d7","type":"Microsoft.Authorization/policyDefinitions","name":"0f3c4ac2-3e35-4906-a80b-473b12a622d7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1204 - Access Restrictions For Change | Review System Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1204"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f4f6750-d1ab-4a4c-8dfd-af3237682665","type":"Microsoft.Authorization/policyDefinitions","name":"0f4f6750-d1ab-4a4c-8dfd-af3237682665"},{"properties":{"displayName":"Microsoft
+ Managed Control 1430 - Media Marking","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1430"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f559588-5e53-4b14-a7c4-85d28ebc2234","type":"Microsoft.Authorization/policyDefinitions","name":"0f559588-5e53-4b14-a7c4-85d28ebc2234"},{"properties":{"displayName":"Microsoft
+ Managed Control 1574 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1574"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f935dab-83d6-47b8-85ef-68b8584161b9","type":"Microsoft.Authorization/policyDefinitions","name":"0f935dab-83d6-47b8-85ef-68b8584161b9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1164 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1164"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0fb8d3ce-9e96-481c-9c68-88d4e3019310","type":"Microsoft.Authorization/policyDefinitions","name":"0fb8d3ce-9e96-481c-9c68-88d4e3019310"},{"properties":{"displayName":"Microsoft
+ Managed Control 1017 - Account Management | Inactivity Logout","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1017"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0fc3db37-e59a-48c1-84e9-1780cedb409e","type":"Microsoft.Authorization/policyDefinitions","name":"0fc3db37-e59a-48c1-84e9-1780cedb409e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1087 - Security Awareness And Training Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1087"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/100c82ba-42e9-4d44-a2ba-94b209248583","type":"Microsoft.Authorization/policyDefinitions","name":"100c82ba-42e9-4d44-a2ba-94b209248583"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not contain the specified
certificates in Trusted Root","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows VMs that
@@ -4372,10 +7656,27 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprints'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/106ccbe4-a791-4f33-a44a-06796944b8d5","type":"Microsoft.Authorization/policyDefinitions","name":"106ccbe4-a791-4f33-a44a-06796944b8d5"},{"properties":{"displayName":"Custom
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/106ccbe4-a791-4f33-a44a-06796944b8d5","type":"Microsoft.Authorization/policyDefinitions","name":"106ccbe4-a791-4f33-a44a-06796944b8d5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1554 - Vulnerability Scanning | Discoverable Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1554"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/10984b4e-c93e-48d7-bf20-9c03b04e9eca","type":"Microsoft.Authorization/policyDefinitions","name":"10984b4e-c93e-48d7-bf20-9c03b04e9eca"},{"properties":{"displayName":"Ensure
+ that ''.Net Framework'' version is the latest, if used as a part of the Function
+ App","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for .Net Framework software either due to security
+ flaws or to include additional functionality. Using the latest .Net framework
+ version for web apps is recommended in order to to take advantage of security
+ fixes, if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.netFrameworkVersion","in":["v3.0","v4.0"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/10c1859c-e1a7-4df3-ab97-a487fa8059f6","type":"Microsoft.Authorization/policyDefinitions","name":"10c1859c-e1a7-4df3-ab97-a487fa8059f6"},{"properties":{"displayName":"Custom
subscription owner roles should not exist","policyType":"BuiltIn","mode":"All","description":"This
policy ensures that no custom subscription owner roles exist.","metadata":{"category":"General"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Authorization/roleDefinitions"},{"field":"Microsoft.Authorization/roleDefinitions/type","equals":"CustomRole"},{"anyOf":[{"not":{"field":"Microsoft.Authorization/roleDefinitions/permissions[*].actions[*]","notEquals":"*"}},{"not":{"field":"Microsoft.Authorization/roleDefinitions/permissions.actions[*]","notEquals":"*"}}]},{"not":{"field":"Microsoft.Authorization/roleDefinitions/assignableScopes[*]","notIn":["[concat(subscription().id,''/'')]","[subscription().id]","/"]}},{"not":{"field":"Microsoft.Authorization/roleDefinitions/assignableScopes[*]","notLike":"/providers/Microsoft.Management/*"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","type":"Microsoft.Authorization/policyDefinitions","name":"10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Authorization/roleDefinitions"},{"field":"Microsoft.Authorization/roleDefinitions/type","equals":"CustomRole"},{"anyOf":[{"not":{"field":"Microsoft.Authorization/roleDefinitions/permissions[*].actions[*]","notEquals":"*"}},{"not":{"field":"Microsoft.Authorization/roleDefinitions/permissions.actions[*]","notEquals":"*"}}]},{"not":{"field":"Microsoft.Authorization/roleDefinitions/assignableScopes[*]","notIn":["[concat(subscription().id,''/'')]","[subscription().id]","/"]}},{"not":{"field":"Microsoft.Authorization/roleDefinitions/assignableScopes[*]","notLike":"/providers/Microsoft.Management/*"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","type":"Microsoft.Authorization/policyDefinitions","name":"10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1230 - Configuration Management Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1230"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11158848-f679-4e9b-aa7b-9fb07d945071","type":"Microsoft.Authorization/policyDefinitions","name":"11158848-f679-4e9b-aa7b-9fb07d945071"},{"properties":{"displayName":"Microsoft
+ Managed Control 1432 - Media Storage","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1432"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1140e542-b80d-4048-af45-3f7245be274b","type":"Microsoft.Authorization/policyDefinitions","name":"1140e542-b80d-4048-af45-3f7245be274b"},{"properties":{"displayName":"[Preview]:
Audit Dependency Agent Deployment - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports
VMs as non-compliant if the VM Image (OS) is not in the list defined and the
agent is not installed. The list of OS images will be updated over time as
@@ -4383,7 +7684,16 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","type":"Microsoft.Authorization/policyDefinitions","name":"11ac78e3-31bc-4f0c-8434-37ab963cea07"},{"properties":{"displayName":"[Preview]:
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","type":"Microsoft.Authorization/policyDefinitions","name":"11ac78e3-31bc-4f0c-8434-37ab963cea07"},{"properties":{"displayName":"Microsoft
+ Managed Control 1655 - Voice Over Internet Protocol","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1655"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/121eab72-390e-4629-a7e2-6d6184f57c6b","type":"Microsoft.Authorization/policyDefinitions","name":"121eab72-390e-4629-a7e2-6d6184f57c6b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1681 - Malicious Code Protection | Automatic Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1681"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12623e7e-4736-4b2e-b776-c1600f35f93a","type":"Microsoft.Authorization/policyDefinitions","name":"12623e7e-4736-4b2e-b776-c1600f35f93a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1240 - User-Installed Software","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1240"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/129eb39f-d79a-4503-84cd-92f036b5e429","type":"Microsoft.Authorization/policyDefinitions","name":"129eb39f-d79a-4503-84cd-92f036b5e429"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- System objects''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4394,7 +7704,10 @@ interactions:
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsSystemobjects","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsSystemobjects"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12ae2d24-3805-4b37-9fa9-465968bfbcfa","type":"Microsoft.Authorization/policyDefinitions","name":"12ae2d24-3805-4b37-9fa9-465968bfbcfa"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12ae2d24-3805-4b37-9fa9-465968bfbcfa","type":"Microsoft.Authorization/policyDefinitions","name":"12ae2d24-3805-4b37-9fa9-465968bfbcfa"},{"properties":{"displayName":"Microsoft
+ Managed Control 1666 - System And Information Integrity Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1666"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12e30ee3-61e6-4509-8302-a871e8ebb91e","type":"Microsoft.Authorization/policyDefinitions","name":"12e30ee3-61e6-4509-8302-a871e8ebb91e"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that do not have the specified applications
installed","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4414,7 +7727,26 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]bwhitelistedapp;Name","value":"[parameters(''installedApplication'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6","type":"Microsoft.Authorization/policyDefinitions","name":"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6","type":"Microsoft.Authorization/policyDefinitions","name":"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1347 - Identification And Authentication (Non-Org. Users)
+ | Acceptance Of PIV Creds. From Other Agys.","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1347"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/131a2706-61e9-4916-a164-00e052056462","type":"Microsoft.Authorization/policyDefinitions","name":"131a2706-61e9-4916-a164-00e052056462"},{"properties":{"displayName":"Microsoft
+ Managed Control 1450 - Physical Access Authorizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1450"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/134d7a13-ba3e-41e2-b236-91bfcfa24e01","type":"Microsoft.Authorization/policyDefinitions","name":"134d7a13-ba3e-41e2-b236-91bfcfa24e01"},{"properties":{"displayName":"Microsoft
+ Managed Control 1184 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1184"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/13579d0e-0ab0-4b26-b0fb-d586f6d7ed20","type":"Microsoft.Authorization/policyDefinitions","name":"13579d0e-0ab0-4b26-b0fb-d586f6d7ed20"},{"properties":{"displayName":"Microsoft
+ Managed Control 1085 - Publicly Accessible Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1085"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/13d117e0-38b0-4bbb-aaab-563be5dd10ba","type":"Microsoft.Authorization/policyDefinitions","name":"13d117e0-38b0-4bbb-aaab-563be5dd10ba"},{"properties":{"displayName":"Microsoft
+ Managed Control 1404 - Maintenance Tools","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1404"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/13d8f903-0cd6-449f-a172-50f6579c182b","type":"Microsoft.Authorization/policyDefinitions","name":"13d8f903-0cd6-449f-a172-50f6579c182b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1695 - Information System Monitoring | Wireless Intrusion
+ Detection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1695"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/13fcf812-ec82-4eda-9b89-498de9efd620","type":"Microsoft.Authorization/policyDefinitions","name":"13fcf812-ec82-4eda-9b89-498de9efd620"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs in which the Administrators group contains
any of the specified members","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4434,7 +7766,15 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToExclude","value":"[parameters(''MembersToExclude'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","type":"Microsoft.Authorization/policyDefinitions","name":"144f1397-32f9-4598-8c88-118decc3ccba"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","type":"Microsoft.Authorization/policyDefinitions","name":"144f1397-32f9-4598-8c88-118decc3ccba"},{"properties":{"displayName":"Microsoft
+ Managed Control 1157 - Plan Of Action And Milestones","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1157"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/15495367-cf68-464c-bbc3-f53ca5227b7a","type":"Microsoft.Authorization/policyDefinitions","name":"15495367-cf68-464c-bbc3-f53ca5227b7a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1491 - Security Planning Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1491"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1571dd40-dafc-4ef4-8f55-16eba27efc7b","type":"Microsoft.Authorization/policyDefinitions","name":"1571dd40-dafc-4ef4-8f55-16eba27efc7b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1564 - System Development Life Cycle","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1564"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/157f0ef9-143f-496d-b8f9-f8c8eeaad801","type":"Microsoft.Authorization/policyDefinitions","name":"157f0ef9-143f-496d-b8f9-f8c8eeaad801"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not have a minimum password
age of 1 day","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4442,24 +7782,70 @@ interactions:
managed identity and deploys the VM extension for Guest Configuration. This
policy should only be used along with its corresponding audit policy in an
initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","type":"Microsoft.Authorization/policyDefinitions","name":"16390df4-2f73-4b42-af13-c801066763df"},{"properties":{"displayName":"Show
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","type":"Microsoft.Authorization/policyDefinitions","name":"16390df4-2f73-4b42-af13-c801066763df"},{"properties":{"displayName":"Microsoft
+ Managed Control 1662 - Fail In Known State","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1662"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/165cb91f-7ea8-4ab7-beaf-8636b98c9d15","type":"Microsoft.Authorization/policyDefinitions","name":"165cb91f-7ea8-4ab7-beaf-8636b98c9d15"},{"properties":{"displayName":"Microsoft
+ Managed Control 1684 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1684"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16bfdb59-db38-47a5-88a9-2e9371a638cf","type":"Microsoft.Authorization/policyDefinitions","name":"16bfdb59-db38-47a5-88a9-2e9371a638cf"},{"properties":{"displayName":"Show
audit results from Windows VMs that do not have the specified Windows PowerShell
modules installed","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that do not have the specified Windows PowerShell
modules installed. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellModules","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16f9b37c-4408-4c30-bc17-254958f2e2d6","type":"Microsoft.Authorization/policyDefinitions","name":"16f9b37c-4408-4c30-bc17-254958f2e2d6"},{"properties":{"displayName":"Transparent
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellModules","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16f9b37c-4408-4c30-bc17-254958f2e2d6","type":"Microsoft.Authorization/policyDefinitions","name":"16f9b37c-4408-4c30-bc17-254958f2e2d6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1103 - Audit Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1103"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16feeb31-6377-437e-bbab-d7f73911896d","type":"Microsoft.Authorization/policyDefinitions","name":"16feeb31-6377-437e-bbab-d7f73911896d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1007 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1007"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17200329-bf6c-46d8-ac6d-abf4641c2add","type":"Microsoft.Authorization/policyDefinitions","name":"17200329-bf6c-46d8-ac6d-abf4641c2add"},{"properties":{"displayName":"Microsoft
+ Managed Control 1349 - Identification And Authentication (Non-Org. Users)
+ | Use Of FICAM-Approved Products","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1349"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17641f70-94cd-4a5d-a613-3d1143e20e34","type":"Microsoft.Authorization/policyDefinitions","name":"17641f70-94cd-4a5d-a613-3d1143e20e34"},{"properties":{"displayName":"Deploy
+ associations for a managed application","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ an association resource that associates selected resource types to the specified
+ managed application. This policy deployment does not support nested resource
+ types.","metadata":{"category":"Managed Application"},"parameters":{"targetManagedApplicationId":{"type":"String","metadata":{"displayName":"Managed
+ application Id","description":"Resource ID of the managed application to which
+ resources need to be associated."}},"resourceTypesToAssociate":{"type":"Array","metadata":{"displayName":"Resource
+ types to associate","description":"The list of resource types to be associated
+ to the managed application.","strongType":"resourceTypes"}},"associationNamePrefix":{"type":"String","metadata":{"displayName":"Association
+ name prefix","description":"Prefix to be added to the name of the association
+ resource being created."},"defaultValue":"DeployedByPolicy"}},"policyRule":{"if":{"field":"type","in":"[parameters(''resourceTypesToAssociate'')]"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.CustomProviders/Associations","name":"[concat(parameters(''associationNamePrefix''),
+ ''-'', uniqueString(parameters(''targetManagedApplicationId'')))]","roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"associatedResourceName":{"type":"string"},"resourceTypesToAssociate":{"type":"string"},"targetManagedApplicationId":{"type":"string"},"associationNamePrefix":{"type":"string"}},"variables":{"resourceType":"[concat(parameters(''resourceTypesToAssociate''),
+ ''/providers/associations'')]","resourceName":"[concat(parameters(''associatedResourceName''),
+ ''/microsoft.customproviders/'', parameters(''associationNamePrefix''), ''-'',
+ uniqueString(parameters(''targetManagedApplicationId'')))]"},"resources":[{"type":"Microsoft.Resources/deployments","apiVersion":"2017-05-10","name":"[concat(deployment().Name,
+ ''-2'')]","properties":{"mode":"Incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[{"type":"[variables(''resourceType'')]","name":"[variables(''resourceName'')]","apiVersion":"2018-09-01-preview","properties":{"targetResourceId":"[parameters(''targetManagedApplicationId'')]"}}]}}}]},"parameters":{"resourceTypesToAssociate":{"value":"[field(''type'')]"},"associatedResourceName":{"value":"[field(''name'')]"},"targetManagedApplicationId":{"value":"[parameters(''targetManagedApplicationId'')]"},"associationNamePrefix":{"value":"[parameters(''associationNamePrefix'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17763ad9-70c0-4794-9397-53d765932634","type":"Microsoft.Authorization/policyDefinitions","name":"17763ad9-70c0-4794-9397-53d765932634"},{"properties":{"displayName":"Transparent
Data Encryption on SQL databases should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
transparent data encryption status for SQL databases","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"enabled"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"17k78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"Azure
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"enabled"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"17k78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"Microsoft
+ Managed Control 1325 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1325"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1845796a-7581-49b2-ae20-443121538e19","type":"Microsoft.Authorization/policyDefinitions","name":"1845796a-7581-49b2-ae20-443121538e19"},{"properties":{"displayName":"Microsoft
+ Managed Control 1480 - Temperature And Humidity Controls","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1480"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/18a767cc-1947-4338-a240-bc058c81164f","type":"Microsoft.Authorization/policyDefinitions","name":"18a767cc-1947-4338-a240-bc058c81164f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1369 - Incident Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1369"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/18cc35ed-a429-486d-8d59-cb47e87304ed","type":"Microsoft.Authorization/policyDefinitions","name":"18cc35ed-a429-486d-8d59-cb47e87304ed"},{"properties":{"displayName":"Microsoft
+ Managed Control 1269 - Alternate Storage Site | Separation From Primary Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1269"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/19b9439d-865d-4474-b17d-97d2702fdb66","type":"Microsoft.Authorization/policyDefinitions","name":"19b9439d-865d-4474-b17d-97d2702fdb66"},{"properties":{"displayName":"Microsoft
+ Managed Control 1071 - Wireless Access | Restrict Configurations By Users","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1071"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1a437f5b-9ad6-4f28-8861-de404d511ae4","type":"Microsoft.Authorization/policyDefinitions","name":"1a437f5b-9ad6-4f28-8861-de404d511ae4"},{"properties":{"displayName":"Azure
Monitor log profile should collect logs for categories ''write,'' ''delete,''
and ''action''","policyType":"BuiltIn","mode":"All","description":"This policy
ensures that a log profile collects logs for categories ''write,'' ''delete,''
@@ -4474,7 +7860,16 @@ interactions:
SQL managed instances which do not have recurring vulnerability assessment
scans enabled. Vulnerability assessment can discover, track, and help you
remediate potential database vulnerabilities.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/vulnerabilityAssessments/recurringScans.isEnabled","equals":"True"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","type":"Microsoft.Authorization/policyDefinitions","name":"1b7aa243-30e4-4c9e-bca8-d0d3022b634a"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/vulnerabilityAssessments/recurringScans.isEnabled","equals":"True"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","type":"Microsoft.Authorization/policyDefinitions","name":"1b7aa243-30e4-4c9e-bca8-d0d3022b634a"},{"properties":{"displayName":"Ensure
+ that ''PHP version'' is the latest, if used as a part of the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for PHP software either due to security flaws
+ or to include additional functionality. Using the latest PHP version for API
+ apps is recommended in order to to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ PHP version","description":"Latest supported PHP version for App Services"},"defaultValue":"7.3"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PHP"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PHP|'',
+ parameters(''PHPLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":"[parameters(''PHPLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","type":"Microsoft.Authorization/policyDefinitions","name":"1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba"},{"properties":{"displayName":"[Preview]:
Deploy Dependency Agent for Windows VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined
and the agent is not installed. The list of OS images will be updated over
@@ -4482,19 +7877,42 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentWindows","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''),
''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","type":"Microsoft.Authorization/policyDefinitions","name":"1c210e94-a481-4beb-95fa-1571b434fb04"},{"properties":{"displayName":"Virtual
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","type":"Microsoft.Authorization/policyDefinitions","name":"1c210e94-a481-4beb-95fa-1571b434fb04"},{"properties":{"displayName":"Microsoft
+ Managed Control 1072 - Wireless Access | Antennas / Transmission Power Levels","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1072"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1ca29e41-34ec-4e70-aba9-6248aca18c31","type":"Microsoft.Authorization/policyDefinitions","name":"1ca29e41-34ec-4e70-aba9-6248aca18c31"},{"properties":{"displayName":"Microsoft
+ Managed Control 1656 - Secure Name / Address Resolution Service (Authoritative
+ Source)","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1656"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1cb067d5-c8b5-4113-a7ee-0a493633924b","type":"Microsoft.Authorization/policyDefinitions","name":"1cb067d5-c8b5-4113-a7ee-0a493633924b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1592 - External Information System Services | Consistent Interests
+ Of Consumers And Providers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1592"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d01ba6c-289f-42fd-a408-494b355b6222","type":"Microsoft.Authorization/policyDefinitions","name":"1d01ba6c-289f-42fd-a408-494b355b6222"},{"properties":{"displayName":"Microsoft
+ Managed Control 1088 - Security Awareness And Training Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1088"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d50f99d-1356-49c0-934a-45f742ba7783","type":"Microsoft.Authorization/policyDefinitions","name":"1d50f99d-1356-49c0-934a-45f742ba7783"},{"properties":{"displayName":"Microsoft
+ Managed Control 1538 - Security Categorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1538"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d7658b2-e827-49c3-a2ae-6d2bd0b45874","type":"Microsoft.Authorization/policyDefinitions","name":"1d7658b2-e827-49c3-a2ae-6d2bd0b45874"},{"properties":{"displayName":"Virtual
machines should be migrated to new Azure Resource Manager resources","policyType":"BuiltIn","mode":"All","description":"Use
new Azure Resource Manager for your virtual machines to provide security enhancements
such as: stronger access control (RBAC), better auditing, ARM-based deployment
and governance, access to managed identities, access to key vault for secrets,
Azure AD-based authentication and support for tags and resource groups for
easier security management","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.ClassicCompute/virtualMachines","Microsoft.Compute/virtualMachines"]},{"value":"[field(''type'')]","equals":"Microsoft.ClassicCompute/virtualMachines"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","type":"Microsoft.Authorization/policyDefinitions","name":"1d84d5fb-01f6-4d12-ba4f-4a26081d403d"},{"properties":{"displayName":"[Deprecated]:
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.ClassicCompute/virtualMachines","Microsoft.Compute/virtualMachines"]},{"value":"[field(''type'')]","equals":"Microsoft.ClassicCompute/virtualMachines"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","type":"Microsoft.Authorization/policyDefinitions","name":"1d84d5fb-01f6-4d12-ba4f-4a26081d403d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1298 - Identification And Authentication Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1298"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1dc784b5-4895-4d27-9d40-a06b032bd1ee","type":"Microsoft.Authorization/policyDefinitions","name":"1dc784b5-4895-4d27-9d40-a06b032bd1ee"},{"properties":{"displayName":"[Deprecated]:
Audit API Applications that are not using latest supported .NET Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported .NET Framework version for the latest security classes.
Using older classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestDotNet","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb","type":"Microsoft.Authorization/policyDefinitions","name":"1de7b11d-1870-41a5-8181-507e7c663cfb"},{"properties":{"displayName":"Require
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestDotNet","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb","type":"Microsoft.Authorization/policyDefinitions","name":"1de7b11d-1870-41a5-8181-507e7c663cfb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1595 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1595"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1e0414e7-6ef5-4182-8076-aa82fbb53341","type":"Microsoft.Authorization/policyDefinitions","name":"1e0414e7-6ef5-4182-8076-aa82fbb53341"},{"properties":{"displayName":"Require
tag and its value","policyType":"BuiltIn","mode":"Indexed","description":"Enforces
a required tag and its value. Does not apply to resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
@@ -4505,7 +7923,22 @@ interactions:
to enable Azure AD authentication. Azure AD authentication enables simplified
permission management and centralized identity management of database users
and other Microsoft services","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/administrators"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","type":"Microsoft.Authorization/policyDefinitions","name":"1f314764-cb73-4fc9-b863-8eca98ac36e9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/administrators"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","type":"Microsoft.Authorization/policyDefinitions","name":"1f314764-cb73-4fc9-b863-8eca98ac36e9"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Event Hub to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Event Hub to stream to a regional Log Analytics
+ workspace when any Event Hub which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.EventHub/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ArchiveLogs","enabled":true,"retentionPolicy":{"enabled":false,"days":0}},{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"AutoScaleLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"KafkaCoordinatorLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"EventHubVNetConnectionEvent","enabled":"[parameters(''logsEnabled'')]"},{"category":"CustomerManagedKeyUserLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579","type":"Microsoft.Authorization/policyDefinitions","name":"1f6e93e8-6b31-41b1-83f6-36e449a42579"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Shutdown''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4530,24 +7963,47 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Shutdown:
Allow system to be shut down without having to log on;ExpectedValue","value":"[parameters(''ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn'')]"},{"name":"Shutdown:
Clear virtual memory pagefile;ExpectedValue","value":"[parameters(''ShutdownClearVirtualMemoryPagefile'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f8c20ce-3414-4496-8b26-0e902a1541da","type":"Microsoft.Authorization/policyDefinitions","name":"1f8c20ce-3414-4496-8b26-0e902a1541da"},{"properties":{"displayName":"The
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f8c20ce-3414-4496-8b26-0e902a1541da","type":"Microsoft.Authorization/policyDefinitions","name":"1f8c20ce-3414-4496-8b26-0e902a1541da"},{"properties":{"displayName":"Microsoft
+ Managed Control 1616 - System And Communications Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1616"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2006457a-48b3-4f7b-8d2e-1532287f9929","type":"Microsoft.Authorization/policyDefinitions","name":"2006457a-48b3-4f7b-8d2e-1532287f9929"},{"properties":{"displayName":"Microsoft
+ Managed Control 1650 - Public Key Infrastructure Certificates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1650"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/201d3740-bd16-4baf-b4b8-7cda352228b7","type":"Microsoft.Authorization/policyDefinitions","name":"201d3740-bd16-4baf-b4b8-7cda352228b7"},{"properties":{"displayName":"The
NSGs rules for web applications on IaaS should be hardened","policyType":"BuiltIn","mode":"All","description":"Azure
security center has discovered that some of your virtual machines are running
web applications, and the NSGs associated to these virtual machines are overly
permissive with regards to the web application ports","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedWebApplication","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","type":"Microsoft.Authorization/policyDefinitions","name":"201ea587-7c90-41c3-910f-c280ae01cfd6"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedWebApplication","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","type":"Microsoft.Authorization/policyDefinitions","name":"201ea587-7c90-41c3-910f-c280ae01cfd6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1181 - Baseline Configuration | Retention Of Previous Configurations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1181"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21839937-d241-4fa5-95c6-b669253d9ab9","type":"Microsoft.Authorization/policyDefinitions","name":"21839937-d241-4fa5-95c6-b669253d9ab9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1111 - Response To Audit Processing Failures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1111"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21de687c-f15e-4e51-bf8d-f35c8619965b","type":"Microsoft.Authorization/policyDefinitions","name":"21de687c-f15e-4e51-bf8d-f35c8619965b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1596 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1596"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21e25e01-0ae0-41be-919e-04ce92b8e8b8","type":"Microsoft.Authorization/policyDefinitions","name":"21e25e01-0ae0-41be-919e-04ce92b8e8b8"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Audit''","policyType":"BuiltIn","mode":"All","description":"This policy should
only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Security
Options - Audit''. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAudit","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21e2995e-683e-497a-9e81-2f42ad07050a","type":"Microsoft.Authorization/policyDefinitions","name":"21e2995e-683e-497a-9e81-2f42ad07050a"},{"properties":{"displayName":"[Deprecated]:
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAudit","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21e2995e-683e-497a-9e81-2f42ad07050a","type":"Microsoft.Authorization/policyDefinitions","name":"21e2995e-683e-497a-9e81-2f42ad07050a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1426 - Media Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1426"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21f639bc-f42b-46b1-8f40-7a2a389c291a","type":"Microsoft.Authorization/policyDefinitions","name":"21f639bc-f42b-46b1-8f40-7a2a389c291a"},{"properties":{"displayName":"[Deprecated]:
Audit API Apps that are not using custom domains","policyType":"BuiltIn","mode":"All","description":"Use
of custom domains protects a API app from common attacks such as phishing
and other DNS-related attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac","type":"Microsoft.Authorization/policyDefinitions","name":"224da9fe-0d38-4e79-adb3-0a6e2af942ac"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac","type":"Microsoft.Authorization/policyDefinitions","name":"224da9fe-0d38-4e79-adb3-0a6e2af942ac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1399 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1399"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2256e638-eb23-480f-9e15-6cf1af0a76b3","type":"Microsoft.Authorization/policyDefinitions","name":"2256e638-eb23-480f-9e15-6cf1af0a76b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1221 - Least Functionality | Authorized Software / Whitelisting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1221"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22589a07-0007-486a-86ca-95355081ae2a","type":"Microsoft.Authorization/policyDefinitions","name":"22589a07-0007-486a-86ca-95355081ae2a"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Account Management''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -4560,7 +8016,9 @@ interactions:
remote management ports are exposing your VM to a high level of risk from
Internet-based attacks. These attacks attempt to brute force credentials to
gain admin access to the machine.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"restrictAccessToManagementPorts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","type":"Microsoft.Authorization/policyDefinitions","name":"22730e10-96f6-4aac-ad84-9383d35b5917"},{"properties":{"displayName":"Only
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"restrictAccessToManagementPorts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","type":"Microsoft.Authorization/policyDefinitions","name":"22730e10-96f6-4aac-ad84-9383d35b5917"},{"properties":{"displayName":"Microsoft
+ Managed Control 1493 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1493"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22b469b3-fccf-42da-aa3b-a28e6fb113ce","type":"Microsoft.Authorization/policyDefinitions","name":"22b469b3-fccf-42da-aa3b-a28e6fb113ce"},{"properties":{"displayName":"Only
secure connections to your Redis Cache should be enabled","policyType":"BuiltIn","mode":"All","description":"Audit
enabling of only connections via SSL to Redis Cache. Use of secure connections
ensures authentication between the server and the service and protects data
@@ -4575,37 +8033,99 @@ interactions:
Guest Configuration. This policy should only be used along with its corresponding
audit policy in an initiative. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordLength"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","type":"Microsoft.Authorization/policyDefinitions","name":"23020aa6-1135-4be2-bae2-149982b06eca"},{"properties":{"displayName":"Service
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordLength"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","type":"Microsoft.Authorization/policyDefinitions","name":"23020aa6-1135-4be2-bae2-149982b06eca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1256 - Contingency Plan | Identify Critical Assets","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1256"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/232ab24b-810b-4640-9019-74a7d0d6a980","type":"Microsoft.Authorization/policyDefinitions","name":"232ab24b-810b-4640-9019-74a7d0d6a980"},{"properties":{"displayName":"Service
Bus should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Service Bus not configured to use a virtual network service
endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.ServiceBus/namespaces/virtualNetworkRules","existenceCondition":{"field":"Microsoft.ServiceBus/namespaces/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/235359c5-7c52-4b82-9055-01c75cf9f60e","type":"Microsoft.Authorization/policyDefinitions","name":"235359c5-7c52-4b82-9055-01c75cf9f60e"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.ServiceBus/namespaces/virtualNetworkRules","existenceCondition":{"field":"Microsoft.ServiceBus/namespaces/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/235359c5-7c52-4b82-9055-01c75cf9f60e","type":"Microsoft.Authorization/policyDefinitions","name":"235359c5-7c52-4b82-9055-01c75cf9f60e"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Stream Analytics to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Stream Analytics to stream to a regional Log Analytics
+ workspace when any Stream Analytics which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingjobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.StreamAnalytics/streamingjobs/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Execution","enabled":"[parameters(''logsEnabled'')]"},{"category":"Authoring","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673","type":"Microsoft.Authorization/policyDefinitions","name":"237e0f7e-b0e8-4ec4-ad46-8c12cb66d673"},{"properties":{"displayName":"Microsoft
+ Managed Control 1268 - Alternate Storage Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1268"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/23f6e984-3053-4dfc-ab48-543b764781f5","type":"Microsoft.Authorization/policyDefinitions","name":"23f6e984-3053-4dfc-ab48-543b764781f5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1122 - Audit Review, Analysis, And Reporting | Permitted Actions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1122"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/243ec95e-800c-49d4-ba52-1fdd9f6b8b57","type":"Microsoft.Authorization/policyDefinitions","name":"243ec95e-800c-49d4-ba52-1fdd9f6b8b57"},{"properties":{"displayName":"Microsoft
+ Managed Control 1231 - Configuration Management Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1231"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/244e0c05-cc45-4fe7-bf36-42dcf01f457d","type":"Microsoft.Authorization/policyDefinitions","name":"244e0c05-cc45-4fe7-bf36-42dcf01f457d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1082 - Information Sharing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1082"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/24d480ef-11a0-4b1b-8e70-4e023bf2be23","type":"Microsoft.Authorization/policyDefinitions","name":"24d480ef-11a0-4b1b-8e70-4e023bf2be23"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that do not have a maximum password age
of 70 days","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that do not have a maximum password age of 70 days. For more
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","type":"Microsoft.Authorization/policyDefinitions","name":"24dde96d-f0b1-425e-884f-4a1421e2dcdc"},{"properties":{"displayName":"Endpoint
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","type":"Microsoft.Authorization/policyDefinitions","name":"24dde96d-f0b1-425e-884f-4a1421e2dcdc"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Data Lake Storage Gen1 to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Storage Gen1 to stream to a regional
+ Log Analytics workspace when any Data Lake Storage Gen1 which is missing this
+ diagnostic settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeStore/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/25763a0a-5783-4f14-969e-79d4933eb74b","type":"Microsoft.Authorization/policyDefinitions","name":"25763a0a-5783-4f14-969e-79d4933eb74b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1372 - Incident Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1372"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/25b96717-c912-4c00-9143-4e487f411726","type":"Microsoft.Authorization/policyDefinitions","name":"25b96717-c912-4c00-9143-4e487f411726"},{"properties":{"displayName":"Microsoft
+ Managed Control 1038 - Least Privilege | Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1038"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26692e88-71b7-4a5f-a8ac-9f31dd05bd8e","type":"Microsoft.Authorization/policyDefinitions","name":"26692e88-71b7-4a5f-a8ac-9f31dd05bd8e"},{"properties":{"displayName":"Endpoint
protection solution should be installed on virtual machine scale sets","policyType":"BuiltIn","mode":"Indexed","description":"Audit
the existence and health of an endpoint protection solution on your virtual
machines scale sets, to protect them from threats and vulnerabilities.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EndpointProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","type":"Microsoft.Authorization/policyDefinitions","name":"26a828e1-e88f-464e-bbb3-c134a282b9de"},{"properties":{"displayName":"Metric
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EndpointProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","type":"Microsoft.Authorization/policyDefinitions","name":"26a828e1-e88f-464e-bbb3-c134a282b9de"},{"properties":{"displayName":"Microsoft
+ Managed Control 1649 - Collaborative Computing Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1649"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26d292cc-b0b8-4c29-9337-68abc758bf7b","type":"Microsoft.Authorization/policyDefinitions","name":"26d292cc-b0b8-4c29-9337-68abc758bf7b"},{"properties":{"displayName":"Metric
alert rules should be configured on Batch accounts","policyType":"BuiltIn","mode":"Indexed","description":"Audit
configuration of metric alert rules on Batch account to enable the required
metric","metadata":{"category":"Batch"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"metricName":{"type":"String","metadata":{"displayName":"Metric
name","description":"The metric name that an alert rule must be enabled on"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Batch/batchAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/alertRules","existenceScope":"Subscription","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/alertRules/isEnabled","equals":"true"},{"field":"Microsoft.Insights/alertRules/condition.dataSource.metricName","equals":"[parameters(''metricName'')]"},{"field":"Microsoft.Insights/alertRules/condition.dataSource.resourceUri","equals":"[concat(''/subscriptions/'',
subscription().subscriptionId, ''/resourcegroups/'', resourceGroup().name,
- ''/providers/Microsoft.Batch/batchAccounts/'', field(''name''))]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","type":"Microsoft.Authorization/policyDefinitions","name":"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7"},{"properties":{"displayName":"Deploy
+ ''/providers/Microsoft.Batch/batchAccounts/'', field(''name''))]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","type":"Microsoft.Authorization/policyDefinitions","name":"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1396 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1396"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/276af98f-4ff9-4e69-99fb-c9b2452fb85f","type":"Microsoft.Authorization/policyDefinitions","name":"276af98f-4ff9-4e69-99fb-c9b2452fb85f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1074 - Access Control For Mobile Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1074"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/27a69937-af92-4198-9b86-08d355c7e59a","type":"Microsoft.Authorization/policyDefinitions","name":"27a69937-af92-4198-9b86-08d355c7e59a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1527 - Access Agreements","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1527"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2823de66-332f-4bfd-94a3-3eb036cd3b67","type":"Microsoft.Authorization/policyDefinitions","name":"2823de66-332f-4bfd-94a3-3eb036cd3b67"},{"properties":{"displayName":"Deploy
default Microsoft IaaSAntimalware extension for Windows Server","policyType":"BuiltIn","mode":"Indexed","description":"This
policy deploys a Microsoft IaaSAntimalware extension with a default configuration
when a VM is not configured with the antimalware extension.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk"]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"ExclusionsPaths":{"type":"string","defaultValue":"","metadata":{"description":"Semicolon
@@ -4617,7 +8137,25 @@ interactions:
whether scheduled scan setting type is set to Quick or Full (default is Quick)"}},"ScheduledScanSettingsDay":{"type":"string","defaultValue":"7","metadata":{"description":"Day
of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)"}},"ScheduledScanSettingsTime":{"type":"string","defaultValue":"120","metadata":{"description":"When
to perform the scheduled scan, measured in minutes from midnight (0-1440).
- For example: 0 = 12AM, 60 = 1AM, 120 = 2AM."}}},"resources":[{"name":"[concat(parameters(''vmName''),''/IaaSAntimalware'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2017-12-01","properties":{"publisher":"Microsoft.Azure.Security","type":"IaaSAntimalware","typeHandlerVersion":"1.3","autoUpgradeMinorVersion":true,"settings":{"AntimalwareEnabled":true,"RealtimeProtectionEnabled":"[parameters(''RealtimeProtectionEnabled'')]","ScheduledScanSettings":{"isEnabled":"[parameters(''ScheduledScanSettingsIsEnabled'')]","day":"[parameters(''ScheduledScanSettingsDay'')]","time":"[parameters(''ScheduledScanSettingsTime'')]","scanType":"[parameters(''ScheduledScanSettingsScanType'')]"},"Exclusions":{"Extensions":"[parameters(''ExclusionsExtensions'')]","Paths":"[parameters(''ExclusionsPaths'')]","Processes":"[parameters(''ExclusionsProcesses'')]"}}}}]},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"RealtimeProtectionEnabled":{"value":"true"},"ScheduledScanSettingsIsEnabled":{"value":"true"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc","type":"Microsoft.Authorization/policyDefinitions","name":"2835b622-407b-4114-9198-6f7064cbe0dc"},{"properties":{"displayName":"[Preview]:
+ For example: 0 = 12AM, 60 = 1AM, 120 = 2AM."}}},"resources":[{"name":"[concat(parameters(''vmName''),''/IaaSAntimalware'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2017-12-01","properties":{"publisher":"Microsoft.Azure.Security","type":"IaaSAntimalware","typeHandlerVersion":"1.3","autoUpgradeMinorVersion":true,"settings":{"AntimalwareEnabled":true,"RealtimeProtectionEnabled":"[parameters(''RealtimeProtectionEnabled'')]","ScheduledScanSettings":{"isEnabled":"[parameters(''ScheduledScanSettingsIsEnabled'')]","day":"[parameters(''ScheduledScanSettingsDay'')]","time":"[parameters(''ScheduledScanSettingsTime'')]","scanType":"[parameters(''ScheduledScanSettingsScanType'')]"},"Exclusions":{"Extensions":"[parameters(''ExclusionsExtensions'')]","Paths":"[parameters(''ExclusionsPaths'')]","Processes":"[parameters(''ExclusionsProcesses'')]"}}}}]},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"RealtimeProtectionEnabled":{"value":"true"},"ScheduledScanSettingsIsEnabled":{"value":"true"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc","type":"Microsoft.Authorization/policyDefinitions","name":"2835b622-407b-4114-9198-6f7064cbe0dc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1342 - Authenticator Management | Hardware Token-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1342"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/283a4e29-69d5-4c94-b99e-29acf003c899","type":"Microsoft.Authorization/policyDefinitions","name":"283a4e29-69d5-4c94-b99e-29acf003c899"},{"properties":{"displayName":"Microsoft
+ Managed Control 1436 - Media Transport","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1436"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/28aab8b4-74fd-4b7c-9080-5a7be525d574","type":"Microsoft.Authorization/policyDefinitions","name":"28aab8b4-74fd-4b7c-9080-5a7be525d574"},{"properties":{"displayName":"Microsoft
+ Managed Control 1224 - Information System Component Inventory | Updates During
+ Installations / Removals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1224"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/28cfa30b-7f72-47ce-ba3b-eed26c8d2c82","type":"Microsoft.Authorization/policyDefinitions","name":"28cfa30b-7f72-47ce-ba3b-eed26c8d2c82"},{"properties":{"displayName":"Microsoft
+ Managed Control 1148 - Security Assessments | Independent Assessors","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1148"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/28e62650-c7c2-4786-bdfa-17edc1673902","type":"Microsoft.Authorization/policyDefinitions","name":"28e62650-c7c2-4786-bdfa-17edc1673902"},{"properties":{"displayName":"Microsoft
+ Managed Control 1418 - Nonlocal Maintenance | Comparable Security / Sanitization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1418"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/28e633fd-284e-4ea7-88b4-02ca157ed713","type":"Microsoft.Authorization/policyDefinitions","name":"28e633fd-284e-4ea7-88b4-02ca157ed713"},{"properties":{"displayName":"Microsoft
+ Managed Control 1634 - Boundary Protection | Prevent Unauthorized Exfiltration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1634"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/292a7c44-37fa-4c68-af7c-9d836955ded2","type":"Microsoft.Authorization/policyDefinitions","name":"292a7c44-37fa-4c68-af7c-9d836955ded2"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
User Account Control''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -4635,14 +8173,57 @@ interactions:
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"field":"[concat(''tags['',
parameters(''tagName''), '']'')]","exists":"false"},"then":{"effect":"append","details":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498","type":"Microsoft.Authorization/policyDefinitions","name":"2a0e14a6-b0a6-4fab-991a-187a4f81c498"},{"properties":{"displayName":"Unattached
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498","type":"Microsoft.Authorization/policyDefinitions","name":"2a0e14a6-b0a6-4fab-991a-187a4f81c498"},{"properties":{"displayName":"Microsoft
+ Managed Control 1219 - Least Functionality | Authorized Software / Whitelisting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1219"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2a39ac75-622b-4c88-9a3f-45b7373f7ef7","type":"Microsoft.Authorization/policyDefinitions","name":"2a39ac75-622b-4c88-9a3f-45b7373f7ef7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1274 - Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1274"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2aee175f-cd16-4825-939a-a85349d96210","type":"Microsoft.Authorization/policyDefinitions","name":"2aee175f-cd16-4825-939a-a85349d96210"},{"properties":{"displayName":"Microsoft
+ Managed Control 1603 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1603"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2b909c26-162f-47ce-8e15-0c1f55632eac","type":"Microsoft.Authorization/policyDefinitions","name":"2b909c26-162f-47ce-8e15-0c1f55632eac"},{"properties":{"displayName":"Managed
+ identity should be used in your Web App","policyType":"BuiltIn","mode":"Indexed","description":"Use
+ a managed identity for enhanced authentication security","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332","type":"Microsoft.Authorization/policyDefinitions","name":"2b9ad585-36bc-4615-b300-fd4435808332"},{"properties":{"displayName":"Microsoft
+ Managed Control 1434 - Media Transport","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1434"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c18f06b-a68d-41c3-8863-b8cd3acb5f8f","type":"Microsoft.Authorization/policyDefinitions","name":"2c18f06b-a68d-41c3-8863-b8cd3acb5f8f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1343 - Authenticator Management | Expiration Of Cached Authenticators","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1343"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c251a55-31eb-4e53-99c6-e9c43c393ac2","type":"Microsoft.Authorization/policyDefinitions","name":"2c251a55-31eb-4e53-99c6-e9c43c393ac2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1388 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1388"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c7c575a-d4c5-4f6f-bd49-dee97a8cba55","type":"Microsoft.Authorization/policyDefinitions","name":"2c7c575a-d4c5-4f6f-bd49-dee97a8cba55"},{"properties":{"displayName":"Microsoft
+ Managed Control 1344 - Authenticator Feedback","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1344"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c895fe7-2d8e-43a2-838c-3a533a5b355e","type":"Microsoft.Authorization/policyDefinitions","name":"2c895fe7-2d8e-43a2-838c-3a533a5b355e"},{"properties":{"displayName":"Unattached
disks should be encrypted","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any unattached disk without encryption enabled.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/disks"},{"field":"Microsoft.Compute/disks/diskState","equals":"Unattached"},{"anyOf":[{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","exists":"false"},{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","type":"Microsoft.Authorization/policyDefinitions","name":"2c89a2e5-7285-40fe-afe0-ae8654b92fb2"},{"properties":{"displayName":"App
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/disks"},{"field":"Microsoft.Compute/disks/diskState","equals":"Unattached"},{"anyOf":[{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","exists":"false"},{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","type":"Microsoft.Authorization/policyDefinitions","name":"2c89a2e5-7285-40fe-afe0-ae8654b92fb2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1593 - External Information System Services | Processing,
+ Storage, And Service Location","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1593"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2cd0a426-b5f5-4fe0-9539-a6043cdbc6fa","type":"Microsoft.Authorization/policyDefinitions","name":"2cd0a426-b5f5-4fe0-9539-a6043cdbc6fa"},{"properties":{"displayName":"Microsoft
+ Managed Control 1546 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1546"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2ce1ea7e-4038-4e53-82f4-63e8859333c1","type":"Microsoft.Authorization/policyDefinitions","name":"2ce1ea7e-4038-4e53-82f4-63e8859333c1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1414 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1414"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2ce63a52-e47b-4ae2-adbb-6e40d967f9e6","type":"Microsoft.Authorization/policyDefinitions","name":"2ce63a52-e47b-4ae2-adbb-6e40d967f9e6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1679 - Malicious Code Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1679"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2cf42a28-193e-41c5-98df-7688e7ef0a88","type":"Microsoft.Authorization/policyDefinitions","name":"2cf42a28-193e-41c5-98df-7688e7ef0a88"},{"properties":{"displayName":"Microsoft
+ Managed Control 1068 - Wireless Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1068"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d045bca-a0fd-452e-9f41-4ec33769717c","type":"Microsoft.Authorization/policyDefinitions","name":"2d045bca-a0fd-452e-9f41-4ec33769717c"},{"properties":{"displayName":"App
Service should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any App Service not configured to use a virtual network service
endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/virtualNetworkConnections","existenceCondition":{"field":"Microsoft.Web/sites/virtualnetworkconnections/vnetResourceId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d21331d-a4c2-4def-a9ad-ee4e1e023beb","type":"Microsoft.Authorization/policyDefinitions","name":"2d21331d-a4c2-4def-a9ad-ee4e1e023beb"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/virtualNetworkConnections","existenceCondition":{"field":"Microsoft.Web/sites/virtualnetworkconnections/vnetResourceId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d21331d-a4c2-4def-a9ad-ee4e1e023beb","type":"Microsoft.Authorization/policyDefinitions","name":"2d21331d-a4c2-4def-a9ad-ee4e1e023beb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1704 - Security Alerts, Advisories, And Directives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1704"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d44b6fa-1134-4ea6-ad4e-9edb68f65429","type":"Microsoft.Authorization/policyDefinitions","name":"2d44b6fa-1134-4ea6-ad4e-9edb68f65429"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that do not store passwords using reversible
encryption","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
@@ -4656,7 +8237,35 @@ interactions:
initiative. This definition allows Azure Policy to process the results of
auditing Linux virtual machines that allow remote connections from accounts
without passwords. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","type":"Microsoft.Authorization/policyDefinitions","name":"2d67222d-05fd-4526-a171-2ee132ad9e83"},{"properties":{"displayName":"[Deprecated]:
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","type":"Microsoft.Authorization/policyDefinitions","name":"2d67222d-05fd-4526-a171-2ee132ad9e83"},{"properties":{"displayName":"Microsoft
+ Managed Control 1077 - Use Of External Information Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1077"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2dad3668-797a-412e-a798-07d3849a7a79","type":"Microsoft.Authorization/policyDefinitions","name":"2dad3668-797a-412e-a798-07d3849a7a79"},{"properties":{"displayName":"Microsoft
+ Managed Control 1149 - Security Assessments | Specialized Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1149"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2e1b855b-a013-481a-aeeb-2bcb129fd35d","type":"Microsoft.Authorization/policyDefinitions","name":"2e1b855b-a013-481a-aeeb-2bcb129fd35d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1497 - System Security Plan | Plan / Coordinate With Other
+ Organizational Entities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1497"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2e3c5583-1729-4d36-8771-59c32f090a22","type":"Microsoft.Authorization/policyDefinitions","name":"2e3c5583-1729-4d36-8771-59c32f090a22"},{"properties":{"displayName":"Microsoft
+ Managed Control 1000 - Access Control Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1000"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2ef3cc79-733e-48ed-ab6f-7bf439e9b406","type":"Microsoft.Authorization/policyDefinitions","name":"2ef3cc79-733e-48ed-ab6f-7bf439e9b406"},{"properties":{"displayName":"Microsoft
+ Managed Control 1519 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1519"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2f13915a-324c-4ab8-b45c-2eefeeefb098","type":"Microsoft.Authorization/policyDefinitions","name":"2f13915a-324c-4ab8-b45c-2eefeeefb098"},{"properties":{"displayName":"[Preview]:
+ Network traffic data collection agent should be installed on Windows virtual
+ machines","policyType":"BuiltIn","mode":"Indexed","description":"Security
+ Center uses the Microsoft Monitoring Dependency Agent to collect network traffic
+ data from your Azure virtual machines to enable advanced network protection
+ features such as traffic visualization on the network map, network hardening
+ recommendations and specific network threats.","metadata":{"category":"Monitoring","preview":"true"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable Dependency Agent for Windows VMs monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2f2ee1de-44aa-4762-b6bd-0893fc3f306d","type":"Microsoft.Authorization/policyDefinitions","name":"2f2ee1de-44aa-4762-b6bd-0893fc3f306d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1144 - Security Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1144"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fa15ff1-a693-4ee4-b094-324818dc9a51","type":"Microsoft.Authorization/policyDefinitions","name":"2fa15ff1-a693-4ee4-b094-324818dc9a51"},{"properties":{"displayName":"Microsoft
+ Managed Control 1090 - Security Awareness Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1090"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fb740e5-cbc7-4d10-8686-d1bf826652b1","type":"Microsoft.Authorization/policyDefinitions","name":"2fb740e5-cbc7-4d10-8686-d1bf826652b1"},{"properties":{"displayName":"[Deprecated]:
Web Application should only be accessible over HTTPS","policyType":"BuiltIn","mode":"All","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"Security
@@ -4686,7 +8295,14 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[DomainMembership]WindowsDomainMembership;DomainName","value":"[parameters(''DomainName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/315c850a-272d-4502-8935-b79010405970","type":"Microsoft.Authorization/policyDefinitions","name":"315c850a-272d-4502-8935-b79010405970"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/315c850a-272d-4502-8935-b79010405970","type":"Microsoft.Authorization/policyDefinitions","name":"315c850a-272d-4502-8935-b79010405970"},{"properties":{"displayName":"Microsoft
+ Managed Control 1042 - Least Privilege | Auditing Use Of Privileged Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1042"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/319dc4f0-0fed-4ac9-8fc3-7aeddee82c07","type":"Microsoft.Authorization/policyDefinitions","name":"319dc4f0-0fed-4ac9-8fc3-7aeddee82c07"},{"properties":{"displayName":"Microsoft
+ Managed Control 1698 - Information System Monitoring | Individuals Posing
+ Greater Risk","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1698"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/31b752c1-05a9-432a-8fce-c39b56550119","type":"Microsoft.Authorization/policyDefinitions","name":"31b752c1-05a9-432a-8fce-c39b56550119"},{"properties":{"displayName":"[Preview]:
Audit Log Analytics Agent Deployment - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports
VMs as non-compliant if the VM Image (OS) is not in the list defined and the
agent is not installed. The list of OS images will be updated over time as
@@ -4694,7 +8310,13 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","type":"Microsoft.Authorization/policyDefinitions","name":"32133ab0-ee4b-4b44-98d6-042180979d50"},{"properties":{"displayName":"Deploy
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","type":"Microsoft.Authorization/policyDefinitions","name":"32133ab0-ee4b-4b44-98d6-042180979d50"},{"properties":{"displayName":"Microsoft
+ Managed Control 1587 - External Information System Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1587"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32820956-9c6d-4376-934c-05cd8525be7c","type":"Microsoft.Authorization/policyDefinitions","name":"32820956-9c6d-4376-934c-05cd8525be7c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1333 - Authenticator Management | Pki-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1333"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3298d6bf-4bc6-4278-a95d-f7ef3ac6e594","type":"Microsoft.Authorization/policyDefinitions","name":"3298d6bf-4bc6-4278-a95d-f7ef3ac6e594"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs on which the specified services are not
installed and ''Running''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4713,35 +8335,59 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsServiceStatus]WindowsServiceStatus1;ServiceName","value":"[parameters(''ServiceName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32b1e4d4-6cd5-47b4-a935-169da8a5c262","type":"Microsoft.Authorization/policyDefinitions","name":"32b1e4d4-6cd5-47b4-a935-169da8a5c262"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32b1e4d4-6cd5-47b4-a935-169da8a5c262","type":"Microsoft.Authorization/policyDefinitions","name":"32b1e4d4-6cd5-47b4-a935-169da8a5c262"},{"properties":{"displayName":"Microsoft
+ Managed Control 1445 - Physical And Environmental Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1445"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32d07d59-2716-4972-b37b-214a67ac4a37","type":"Microsoft.Authorization/policyDefinitions","name":"32d07d59-2716-4972-b37b-214a67ac4a37"},{"properties":{"displayName":"Microsoft
+ Managed Control 1282 - Telecommunications Services | Single Points Of Failure","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1282"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34042a97-ec6d-4263-93d2-8c1c46823b2a","type":"Microsoft.Authorization/policyDefinitions","name":"34042a97-ec6d-4263-93d2-8c1c46823b2a"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Linux VMs that have accounts without passwords","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Linux virtual machines
that have accounts without passwords. It also creates a system-assigned managed
identity and deploys the VM extension for Guest Configuration. This policy
should only be used along with its corresponding audit policy in an initiative.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid232","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid232"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","type":"Microsoft.Authorization/policyDefinitions","name":"3470477a-b35a-49db-aca5-1073d04524fe"},{"properties":{"displayName":"Audit
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid232","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid232"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","type":"Microsoft.Authorization/policyDefinitions","name":"3470477a-b35a-49db-aca5-1073d04524fe"},{"properties":{"displayName":"Microsoft
+ Managed Control 1151 - System Interconnections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1151"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/347e3b69-7fb7-47df-a8ef-71a1a7b44bca","type":"Microsoft.Authorization/policyDefinitions","name":"347e3b69-7fb7-47df-a8ef-71a1a7b44bca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1412 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1412"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3492d949-0dbb-4589-88b3-7b59601cc764","type":"Microsoft.Authorization/policyDefinitions","name":"3492d949-0dbb-4589-88b3-7b59601cc764"},{"properties":{"displayName":"Microsoft
+ Managed Control 1475 - Emergency Lighting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1475"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34a63848-30cf-4081-937e-ce1a1c885501","type":"Microsoft.Authorization/policyDefinitions","name":"34a63848-30cf-4081-937e-ce1a1c885501"},{"properties":{"displayName":"Microsoft
+ Managed Control 1060 - Remote Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1060"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34a987fd-2003-45de-a120-014956581f2b","type":"Microsoft.Authorization/policyDefinitions","name":"34a987fd-2003-45de-a120-014956581f2b"},{"properties":{"displayName":"Audit
unrestricted network access to storage accounts","policyType":"BuiltIn","mode":"Indexed","description":"Audit
unrestricted network access in your storage account firewall settings. Instead,
configure network rules so only applications from allowed networks can access
the storage account. To allow connections from specific internet or on-premise
clients, access can be granted to traffic from specific Azure virtual networks
or to public internet IP address ranges","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.defaultAction","equals":"Allow"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","type":"Microsoft.Authorization/policyDefinitions","name":"34c877ad-507e-4c82-993e-3452a6e0ad3c"},{"properties":{"displayName":"Diagnostic
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.defaultAction","equals":"Allow"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","type":"Microsoft.Authorization/policyDefinitions","name":"34c877ad-507e-4c82-993e-3452a6e0ad3c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1341 - Authenticator Management | Multiple Information System
+ Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1341"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34cb7e92-fe4c-4826-b51e-8cd203fa5d35","type":"Microsoft.Authorization/policyDefinitions","name":"34cb7e92-fe4c-4826-b51e-8cd203fa5d35"},{"properties":{"displayName":"Diagnostic
logs in Logic Apps should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Logic Apps"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","type":"Microsoft.Authorization/policyDefinitions","name":"34f95f76-5386-4de7-b824-0d8478470c9d"},{"properties":{"displayName":"[Preview]:
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","type":"Microsoft.Authorization/policyDefinitions","name":"34f95f76-5386-4de7-b824-0d8478470c9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1210 - Configuration Settings","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1210"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3502c968-c490-4570-8167-1476f955e9b8","type":"Microsoft.Authorization/policyDefinitions","name":"3502c968-c490-4570-8167-1476f955e9b8"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not have a maximum password
age of 70 days","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4749,31 +8395,51 @@ interactions:
managed identity and deploys the VM extension for Guest Configuration. This
policy should only be used along with its corresponding audit policy in an
initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MaximumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MaximumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","type":"Microsoft.Authorization/policyDefinitions","name":"356a906e-05e5-4625-8729-90771e0ee934"},{"properties":{"displayName":"CORS
should not allow every resource to access your API App","policyType":"BuiltIn","mode":"Indexed","description":"Cross-Origin
Resource Sharing (CORS) should not allow all domains to access your API app.
Allow only required domains to interact with your API app.","metadata":{"category":"App
Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","type":"Microsoft.Authorization/policyDefinitions","name":"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac"},{"properties":{"displayName":"Gateway
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","type":"Microsoft.Authorization/policyDefinitions","name":"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1659 - Architecture And Provisioning For Name / Address Resolution
+ Service","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1659"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/35a4102f-a778-4a2e-98c2-971056288df8","type":"Microsoft.Authorization/policyDefinitions","name":"35a4102f-a778-4a2e-98c2-971056288df8"},{"properties":{"displayName":"Gateway
subnets should not be configured with a network security group","policyType":"BuiltIn","mode":"All","description":"This
policy denies if a gateway subnet is configured with a network security group.
Assigning a network security group to a gateway subnet will cause the gateway
- to stop functioning.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},{"field":"name","equals":"GatewaySubnet"},{"field":"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id","exists":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010","type":"Microsoft.Authorization/policyDefinitions","name":"35f9c03a-cc27-418e-9c0c-539ff999d010"},{"properties":{"displayName":"Deploy
+ to stop functioning.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},{"field":"name","equals":"GatewaySubnet"},{"field":"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id","exists":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010","type":"Microsoft.Authorization/policyDefinitions","name":"35f9c03a-cc27-418e-9c0c-539ff999d010"},{"properties":{"displayName":"Microsoft
+ Managed Control 1043 - Least Privilege | Prohibit Non-Privileged Users From
+ Executing Privileged Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1043"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/361a77f6-0f9c-4748-8eec-bc13aaaa2455","type":"Microsoft.Authorization/policyDefinitions","name":"361a77f6-0f9c-4748-8eec-bc13aaaa2455"},{"properties":{"displayName":"Deploy
Advanced Threat Protection on Storage Accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
policy enables Advanced Threat Protection on Storage Accounts.","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Storage/storageAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"storageAccountName":{"type":"string"}},"resources":[{"apiVersion":"2017-08-01-preview","type":"Microsoft.Storage/storageAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''storageAccountName''),
- ''/Microsoft.Security/current'')]","properties":{"isEnabled":true}}]},"parameters":{"storageAccountName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c","type":"Microsoft.Authorization/policyDefinitions","name":"361c2074-3595-4e5d-8cab-4f21dffc835c"},{"properties":{"displayName":"Automation
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Storage/storageAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"storageAccountName":{"type":"string"}},"resources":[{"apiVersion":"2019-01-01","type":"Microsoft.Storage/storageAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''storageAccountName''),
+ ''/Microsoft.Security/current'')]","properties":{"isEnabled":true}}]},"parameters":{"storageAccountName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c","type":"Microsoft.Authorization/policyDefinitions","name":"361c2074-3595-4e5d-8cab-4f21dffc835c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1313 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1313"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36220f5b-79a1-4cdb-8c74-2d2449f9a510","type":"Microsoft.Authorization/policyDefinitions","name":"36220f5b-79a1-4cdb-8c74-2d2449f9a510"},{"properties":{"displayName":"Microsoft
+ Managed Control 1630 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1630"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3643717a-3897-4bfd-8530-c7c96b26b2a0","type":"Microsoft.Authorization/policyDefinitions","name":"3643717a-3897-4bfd-8530-c7c96b26b2a0"},{"properties":{"displayName":"Automation
account variables should be encrypted","policyType":"BuiltIn","mode":"All","description":"It
is important to enable encryption of Automation account variable assets when
storing sensitive data","metadata":{"category":"Automation"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Automation/automationAccounts/variables"},{"field":"Microsoft.Automation/automationAccounts/variables/isEncrypted","notEquals":"true"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","type":"Microsoft.Authorization/policyDefinitions","name":"3657f5a0-770e-44a3-b44e-9431ba1e9735"},{"properties":{"displayName":"Deploy
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Automation/automationAccounts/variables"},{"field":"Microsoft.Automation/automationAccounts/variables/isEncrypted","notEquals":"true"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","type":"Microsoft.Authorization/policyDefinitions","name":"3657f5a0-770e-44a3-b44e-9431ba1e9735"},{"properties":{"displayName":"Microsoft
+ Managed Control 1339 - Authenticator Management | Protection Of Authenticators","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1339"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/367ae386-db7f-4167-b672-984ff86277c0","type":"Microsoft.Authorization/policyDefinitions","name":"367ae386-db7f-4167-b672-984ff86277c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1685 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1685"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36b0ef30-366f-4b1b-8652-a3511df11f53","type":"Microsoft.Authorization/policyDefinitions","name":"36b0ef30-366f-4b1b-8652-a3511df11f53"},{"properties":{"displayName":"Deploy
Threat Detection on SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy ensures that Threat Detection is enabled on SQL Servers.","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/securityAlertPolicies.state","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"serverName":{"type":"string"}},"variables":{},"resources":[{"name":"[concat(parameters(''serverName''),
''/Default'')]","type":"Microsoft.Sql/servers/securityAlertPolicies","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","emailAccountAdmins":true}}]},"parameters":{"serverName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5","type":"Microsoft.Authorization/policyDefinitions","name":"36d49e87-48c4-4f2e-beed-ba4ed02b71f5"},{"properties":{"displayName":"[Preview]:
@@ -4822,7 +8488,10 @@ interactions:
clients;ExpectedValue","value":"[parameters(''NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients'')]"},{"name":"Network
security: Minimum session security for NTLM SSP based (including secure RPC)
servers;ExpectedValue","value":"[parameters(''NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36e17963-7202-494a-80c3-f508211c826b","type":"Microsoft.Authorization/policyDefinitions","name":"36e17963-7202-494a-80c3-f508211c826b"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36e17963-7202-494a-80c3-f508211c826b","type":"Microsoft.Authorization/policyDefinitions","name":"36e17963-7202-494a-80c3-f508211c826b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1557 - Vulnerability Scanning | Review Historic Audit Logs","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1557"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36fbe499-f2f2-41b6-880e-52d7ea1d94a5","type":"Microsoft.Authorization/policyDefinitions","name":"36fbe499-f2f2-41b6-880e-52d7ea1d94a5"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Interactive Logon''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4833,33 +8502,86 @@ interactions:
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsInteractiveLogon","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsInteractiveLogon"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3750712b-43d0-478e-9966-d2c26f6141b9","type":"Microsoft.Authorization/policyDefinitions","name":"3750712b-43d0-478e-9966-d2c26f6141b9"},{"properties":{"displayName":"Storage
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3750712b-43d0-478e-9966-d2c26f6141b9","type":"Microsoft.Authorization/policyDefinitions","name":"3750712b-43d0-478e-9966-d2c26f6141b9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1624 - Boundary Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1624"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37d079e3-d6aa-4263-a069-dd7ac6dd9684","type":"Microsoft.Authorization/policyDefinitions","name":"37d079e3-d6aa-4263-a069-dd7ac6dd9684"},{"properties":{"displayName":"Storage
accounts should be migrated to new Azure Resource Manager resources","policyType":"BuiltIn","mode":"All","description":"Use
new Azure Resource Manager for your storage accounts to provide security enhancements
such as: stronger access control (RBAC), better auditing, Azure Resource Manager
based deployment and governance, access to managed identities, access to key
vault for secrets, Azure AD-based authentication and support for tags and
resource groups for easier security management","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.ClassicStorage/storageAccounts","Microsoft.Storage/StorageAccounts"]},{"value":"[field(''type'')]","equals":"Microsoft.ClassicStorage/storageAccounts"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","type":"Microsoft.Authorization/policyDefinitions","name":"37e0d2fe-28a5-43d6-a273-67d37d1f5606"},{"properties":{"displayName":"Diagnostic
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.ClassicStorage/storageAccounts","Microsoft.Storage/StorageAccounts"]},{"value":"[field(''type'')]","equals":"Microsoft.ClassicStorage/storageAccounts"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","type":"Microsoft.Authorization/policyDefinitions","name":"37e0d2fe-28a5-43d6-a273-67d37d1f5606"},{"properties":{"displayName":"Microsoft
+ Managed Control 1335 - Authenticator Management | Pki-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1335"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/382016f3-d4ba-4e15-9716-55077ec4dc2a","type":"Microsoft.Authorization/policyDefinitions","name":"382016f3-d4ba-4e15-9716-55077ec4dc2a"},{"properties":{"displayName":"Diagnostic
logs in IoT Hub should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Internet of Things"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Devices/IotHubs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","type":"Microsoft.Authorization/policyDefinitions","name":"383856f8-de7f-44a2-81fc-e5135b5c2aa4"},{"properties":{"displayName":"Advanced
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Devices/IotHubs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","type":"Microsoft.Authorization/policyDefinitions","name":"383856f8-de7f-44a2-81fc-e5135b5c2aa4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1081 - Information Sharing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1081"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3867f2a9-23bb-4729-851f-c3ad98580caf","type":"Microsoft.Authorization/policyDefinitions","name":"3867f2a9-23bb-4729-851f-c3ad98580caf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1522 - Personnel Transfer","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1522"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/38b470cc-f939-4a15-80e0-9f0c74f2e2c9","type":"Microsoft.Authorization/policyDefinitions","name":"38b470cc-f939-4a15-80e0-9f0c74f2e2c9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1416 - Nonlocal Maintenance | Document Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1416"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/38dfd8a3-5290-4099-88b7-4081f4c4d8ae","type":"Microsoft.Authorization/policyDefinitions","name":"38dfd8a3-5290-4099-88b7-4081f4c4d8ae"},{"properties":{"displayName":"Microsoft
+ Managed Control 1397 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1397"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/391af4ab-1117-46b9-b2c7-78bbd5cd995b","type":"Microsoft.Authorization/policyDefinitions","name":"391af4ab-1117-46b9-b2c7-78bbd5cd995b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1556 - Vulnerability Scanning | Automated Trend Analyses","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1556"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/391ff8b3-afed-405e-9f7d-ef2f8168d5da","type":"Microsoft.Authorization/policyDefinitions","name":"391ff8b3-afed-405e-9f7d-ef2f8168d5da"},{"properties":{"displayName":"Advanced
data security settings for SQL managed instance should contain an email address
to receive security alerts","policyType":"BuiltIn","mode":"Indexed","description":"Ensure
that an email address is provided for the ''Send alerts to'' field in the
Advanced Data Security server settings. This email address receives alert
notifications when anomalous activities are detected on SQL managed instances.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","notEquals":""},{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","type":"Microsoft.Authorization/policyDefinitions","name":"3965c43d-b5f4-482e-b74a-d89ee0e0b3a8"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","notEquals":""},{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","type":"Microsoft.Authorization/policyDefinitions","name":"3965c43d-b5f4-482e-b74a-d89ee0e0b3a8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1232 - Configuration Management Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1232"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/396ba986-eac1-4d6d-85c4-d3fda6b78272","type":"Microsoft.Authorization/policyDefinitions","name":"396ba986-eac1-4d6d-85c4-d3fda6b78272"},{"properties":{"displayName":"Microsoft
+ Managed Control 1246 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1246"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/398eb61e-8111-40d5-a0c9-003df28f1753","type":"Microsoft.Authorization/policyDefinitions","name":"398eb61e-8111-40d5-a0c9-003df28f1753"},{"properties":{"displayName":"FTPS
+ only should be required in your Function App","policyType":"BuiltIn","mode":"Indexed","description":"Enable
+ FTPS enforcement for enhanced security","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/ftpsState","equals":"FtpsOnly"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15","type":"Microsoft.Authorization/policyDefinitions","name":"399b2637-a50f-4f95-96f8-3a145476eb15"},{"properties":{"displayName":"Microsoft
+ Managed Control 1680 - Malicious Code Protection | Central Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1680"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/399cd6ee-0e18-41db-9dea-cde3bd712f38","type":"Microsoft.Authorization/policyDefinitions","name":"399cd6ee-0e18-41db-9dea-cde3bd712f38"},{"properties":{"displayName":"Microsoft
+ Managed Control 1228 - Information System Component Inventory | Accountability
+ Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1228"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/39c54140-5902-4079-8bb5-ad31936fe764","type":"Microsoft.Authorization/policyDefinitions","name":"39c54140-5902-4079-8bb5-ad31936fe764"},{"properties":{"displayName":"Microsoft
+ Managed Control 1039 - Least Privilege | Review Of User Privileges","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1039"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3a7b9de4-a8a2-4672-914d-c5f6752aa7f9","type":"Microsoft.Authorization/policyDefinitions","name":"3a7b9de4-a8a2-4672-914d-c5f6752aa7f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1648 - Collaborative Computing Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1648"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3a9eb14b-495a-4ebb-933c-ce4ef5264e32","type":"Microsoft.Authorization/policyDefinitions","name":"3a9eb14b-495a-4ebb-933c-ce4ef5264e32"},{"properties":{"displayName":"Microsoft
+ Managed Control 1315 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1315"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3aa87116-f1a1-4edb-bfbf-14e036f8d454","type":"Microsoft.Authorization/policyDefinitions","name":"3aa87116-f1a1-4edb-bfbf-14e036f8d454"},{"properties":{"displayName":"[Preview]:
Pod Security Policies should be defined on Kubernetes Services","policyType":"BuiltIn","mode":"All","description":"Define
Pod Security Policies to reduce the attack vector by removing unnecessary
application privileges. It is recommended to configure Pod Security Policies
to only allow pods to access the resources which they have permissions to
access.","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","exists":"false"},{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94","type":"Microsoft.Authorization/policyDefinitions","name":"3abeb944-26af-43ee-b83d-32aaf060fb94"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","exists":"false"},{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94","type":"Microsoft.Authorization/policyDefinitions","name":"3abeb944-26af-43ee-b83d-32aaf060fb94"},{"properties":{"displayName":"Microsoft
+ Managed Control 1548 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1548"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3afe6c78-6124-4d95-b85c-eb8c0c9539cb","type":"Microsoft.Authorization/policyDefinitions","name":"3afe6c78-6124-4d95-b85c-eb8c0c9539cb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1266 - Contingency Plan Testing | Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1266"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3b4a3eb2-c25d-40bf-ad41-5094b6f59cee","type":"Microsoft.Authorization/policyDefinitions","name":"3b4a3eb2-c25d-40bf-ad41-5094b6f59cee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1003 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1003"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3b68b179-3704-4ff7-b51d-7d65374d165d","type":"Microsoft.Authorization/policyDefinitions","name":"3b68b179-3704-4ff7-b51d-7d65374d165d"},{"properties":{"displayName":"[Preview]:
Deploy Dependency Agent for Windows VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the
list defined and the agent is not installed. The list of OS images will be
@@ -4889,7 +8611,32 @@ interactions:
in security configuration on your virtual machine scale sets should be remediated","policyType":"BuiltIn","mode":"Indexed","description":"Audit
the OS vulnerabilities on your virtual machine scale sets to protect them
from attacks.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OsVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","type":"Microsoft.Authorization/policyDefinitions","name":"3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OsVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","type":"Microsoft.Authorization/policyDefinitions","name":"3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1621 - Resource Availability","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1621"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3cb9f731-744a-4691-a481-ca77b0411538","type":"Microsoft.Authorization/policyDefinitions","name":"3cb9f731-744a-4691-a481-ca77b0411538"},{"properties":{"displayName":"Microsoft
+ Managed Control 1521 - Personnel Termination | Automated Notification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1521"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3cbddf9c-a3aa-4330-a0f5-4c0c1f1862e5","type":"Microsoft.Authorization/policyDefinitions","name":"3cbddf9c-a3aa-4330-a0f5-4c0c1f1862e5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1127 - Time Stamps","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1127"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3ce328db-aef3-48ed-9f81-2ab7cf839c66","type":"Microsoft.Authorization/policyDefinitions","name":"3ce328db-aef3-48ed-9f81-2ab7cf839c66"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Search Services to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Search Services to stream to a regional Event
+ Hub when any Search Services which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Search/searchServices/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d5da587-71bd-41f5-ac95-dd3330c2d58d","type":"Microsoft.Authorization/policyDefinitions","name":"3d5da587-71bd-41f5-ac95-dd3330c2d58d"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Devices''","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
@@ -4906,22 +8653,43 @@ interactions:
policy assignment''s principal ID.","strongType":"omsWorkspace"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS","16.04-LTS","16.04.0-LTS","14.04.2-LTS","12.04.5-LTS"]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"OmsAgentForLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"resources":[{"name":"[concat(parameters(''vmName''),''/omsPolicy'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2017-12-01","properties":{"publisher":"Microsoft.EnterpriseCloud.Monitoring","type":"OmsAgentForLinux","typeHandlerVersion":"1.4","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
''2015-03-20'').customerId]"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- monitoring for Linux VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38","type":"Microsoft.Authorization/policyDefinitions","name":"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38"},{"properties":{"displayName":"Azure
+ monitoring for Linux VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38","type":"Microsoft.Authorization/policyDefinitions","name":"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38"},{"properties":{"displayName":"Microsoft
+ Managed Control 1385 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1385"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3e495e65-8663-49ca-9b38-9f45e800bc58","type":"Microsoft.Authorization/policyDefinitions","name":"3e495e65-8663-49ca-9b38-9f45e800bc58"},{"properties":{"displayName":"Azure
Monitor solution ''Security and Audit'' must be deployed","policyType":"BuiltIn","mode":"All","description":"This
policy ensures that Security and Audit is deployed.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.OperationsManagement/solutions","existenceCondition":{"allOf":[{"field":"Microsoft.OperationsManagement/solutions/provisioningState","equals":"Succeeded"},{"field":"name","like":"Security(*)"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3e596b57-105f-48a6-be97-03e9243bad6e","type":"Microsoft.Authorization/policyDefinitions","name":"3e596b57-105f-48a6-be97-03e9243bad6e"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.OperationsManagement/solutions","existenceCondition":{"allOf":[{"field":"Microsoft.OperationsManagement/solutions/provisioningState","equals":"Succeeded"},{"field":"name","like":"Security(*)"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3e596b57-105f-48a6-be97-03e9243bad6e","type":"Microsoft.Authorization/policyDefinitions","name":"3e596b57-105f-48a6-be97-03e9243bad6e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1160 - Security Authorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1160"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3e797ca6-2aa8-4333-b335-7036f1110c05","type":"Microsoft.Authorization/policyDefinitions","name":"3e797ca6-2aa8-4333-b335-7036f1110c05"},{"properties":{"displayName":"Microsoft
+ Managed Control 1545 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1545"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3f4b171a-a56b-4328-8112-32cf7f947ee1","type":"Microsoft.Authorization/policyDefinitions","name":"3f4b171a-a56b-4328-8112-32cf7f947ee1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1179 - Baseline Configuration | Reviews And Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1179"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3f9ce557-c8ab-4e6c-bb2c-9b8ed002c46c","type":"Microsoft.Authorization/policyDefinitions","name":"3f9ce557-c8ab-4e6c-bb2c-9b8ed002c46c"},{"properties":{"displayName":"[Deprecated]:
Audit API Applications that are not using latest supported PHP Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported PHP version for the latest security classes. Using older
classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66","type":"Microsoft.Authorization/policyDefinitions","name":"3fe37002-5d00-4b37-a301-da09e3a0ca66"},{"properties":{"displayName":"Secure
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66","type":"Microsoft.Authorization/policyDefinitions","name":"3fe37002-5d00-4b37-a301-da09e3a0ca66"},{"properties":{"displayName":"Microsoft
+ Managed Control 1561 - Allocation Of Resources","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1561"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40364c3f-c331-4e29-b1e3-2fbe998ba2f5","type":"Microsoft.Authorization/policyDefinitions","name":"40364c3f-c331-4e29-b1e3-2fbe998ba2f5"},{"properties":{"displayName":"Secure
transfer to storage accounts should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
requirment of Secure transfer in your storage account. Secure transfer is
an option that forces your storage account to accept requests only from secure
connections (HTTPS). Use of HTTPS ensures authentication between the server
and the service and protects data in transit from network layer attacks such
as man-in-the-middle, eavesdropping, and session-hijacking","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","type":"Microsoft.Authorization/policyDefinitions","name":"404c3081-a854-4457-ae30-26a93ef643f9"},{"properties":{"displayName":"[Preview]:
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","type":"Microsoft.Authorization/policyDefinitions","name":"404c3081-a854-4457-ae30-26a93ef643f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1100 - Audit And Accountability Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1100"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4057863c-ca7d-47eb-b1e0-503580cba8a4","type":"Microsoft.Authorization/policyDefinitions","name":"4057863c-ca7d-47eb-b1e0-503580cba8a4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1637 - Boundary Protection | Fail Secure","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1637"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4075bedc-c62a-4635-bede-a01be89807f3","type":"Microsoft.Authorization/policyDefinitions","name":"4075bedc-c62a-4635-bede-a01be89807f3"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Administrative
Templates - System''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4951,11 +8719,41 @@ interactions:
Driver Initialization Policy;ExpectedValue","value":"[parameters(''BootStartDriverInitializationPolicy'')]"},{"name":"Enable
Windows NTP Client;ExpectedValue","value":"[parameters(''EnableWindowsNTPClient'')]"},{"name":"Turn
on convenience PIN sign-in;ExpectedValue","value":"[parameters(''TurnOnConveniencePINSignin'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40917425-69db-4018-8dae-2a0556cef899","type":"Microsoft.Authorization/policyDefinitions","name":"40917425-69db-4018-8dae-2a0556cef899"},{"properties":{"displayName":"Azure
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40917425-69db-4018-8dae-2a0556cef899","type":"Microsoft.Authorization/policyDefinitions","name":"40917425-69db-4018-8dae-2a0556cef899"},{"properties":{"displayName":"Microsoft
+ Managed Control 1202 - Access Restrictions For Change","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1202"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40a2a83b-74f2-4c02-ae65-f460a5d2792a","type":"Microsoft.Authorization/policyDefinitions","name":"40a2a83b-74f2-4c02-ae65-f460a5d2792a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1438 - Media Sanitization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1438"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40fcc635-52a2-4dbc-9523-80a1f4aa1de6","type":"Microsoft.Authorization/policyDefinitions","name":"40fcc635-52a2-4dbc-9523-80a1f4aa1de6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1365 - Incident Handling | Continuity Of Operations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1365"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4116891d-72f7-46ee-911c-8056cc8dcbd5","type":"Microsoft.Authorization/policyDefinitions","name":"4116891d-72f7-46ee-911c-8056cc8dcbd5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1022 - Account Management | Shared / Group Account Credential
+ Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1022"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/411f7e2d-9a0b-4627-a0b9-1700432db47d","type":"Microsoft.Authorization/policyDefinitions","name":"411f7e2d-9a0b-4627-a0b9-1700432db47d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1464 - Monitoring Physical Access | Intrusion Alarms / Surveillance
+ Equipment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1464"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/41256567-1795-4684-b00b-a1308ce43cac","type":"Microsoft.Authorization/policyDefinitions","name":"41256567-1795-4684-b00b-a1308ce43cac"},{"properties":{"displayName":"Azure
Monitor should collect activity logs from all regions","policyType":"BuiltIn","mode":"All","description":"This
policy audits the Azure Monitor log profile which does not export activities
from all Azure supported regions including global.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiasoutheast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"brazilsouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francesouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japaneast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japanwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreasouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricanorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricawest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southeastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaenorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uksouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"ukwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"global"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","type":"Microsoft.Authorization/policyDefinitions","name":"41388f1c-2db0-4c25-95b2-35d7f5ccbfa9"},{"properties":{"displayName":"Diagnostic
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiasoutheast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"brazilsouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francesouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japaneast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japanwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreasouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricanorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricawest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southeastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaenorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uksouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"ukwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"global"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","type":"Microsoft.Authorization/policyDefinitions","name":"41388f1c-2db0-4c25-95b2-35d7f5ccbfa9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1263 - Contingency Plan Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1263"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/41472613-3b05-49f6-8fe8-525af113ce17","type":"Microsoft.Authorization/policyDefinitions","name":"41472613-3b05-49f6-8fe8-525af113ce17"},{"properties":{"displayName":"Microsoft
+ Managed Control 1096 - Role-Based Security Training | Practical Exercises","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1096"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/420c1477-aa43-49d0-bd7e-c4abdd9addff","type":"Microsoft.Authorization/policyDefinitions","name":"420c1477-aa43-49d0-bd7e-c4abdd9addff"},{"properties":{"displayName":"Microsoft
+ Managed Control 1260 - Contingency Training | Simulated Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1260"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/42254fc4-2738-4128-9613-72aaa4f0d9c3","type":"Microsoft.Authorization/policyDefinitions","name":"42254fc4-2738-4128-9613-72aaa4f0d9c3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1694 - Information System Monitoring | Analyze Communications
+ Traffic Anomalies","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1694"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/426c4ac9-ff17-49d0-acd7-a13c157081c0","type":"Microsoft.Authorization/policyDefinitions","name":"426c4ac9-ff17-49d0-acd7-a13c157081c0"},{"properties":{"displayName":"Diagnostic
logs in Batch accounts should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
@@ -4979,7 +8777,20 @@ interactions:
Process Termination;ExpectedValue'', ''='', parameters(''AuditProcessTermination'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesDetailedTracking"},"AuditProcessTermination":{"value":"[parameters(''AuditProcessTermination'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AuditProcessTermination":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit
Process Termination;ExpectedValue","value":"[parameters(''AuditProcessTermination'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/42a07bbf-ffcf-459a-b4b1-30ecd118a505","type":"Microsoft.Authorization/policyDefinitions","name":"42a07bbf-ffcf-459a-b4b1-30ecd118a505"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/42a07bbf-ffcf-459a-b4b1-30ecd118a505","type":"Microsoft.Authorization/policyDefinitions","name":"42a07bbf-ffcf-459a-b4b1-30ecd118a505"},{"properties":{"displayName":"Microsoft
+ Managed Control 1174 - Configuration Management Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1174"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/42a9a714-8fbb-43ac-b115-ea12d2bd652f","type":"Microsoft.Authorization/policyDefinitions","name":"42a9a714-8fbb-43ac-b115-ea12d2bd652f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1137 - Audit Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1137"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4344df62-88ab-4637-b97b-bcaf2ec97e7c","type":"Microsoft.Authorization/policyDefinitions","name":"4344df62-88ab-4637-b97b-bcaf2ec97e7c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1367 - Incident Handling | Insider Threats - Specific Capabilities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1367"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/435b2547-6374-4f87-b42d-6e8dbe6ae62a","type":"Microsoft.Authorization/policyDefinitions","name":"435b2547-6374-4f87-b42d-6e8dbe6ae62a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1552 - Vulnerability Scanning | Update By Frequency / Prior
+ To New Scan / When Identified","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1552"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/43684572-e4f1-4642-af35-6b933bc506da","type":"Microsoft.Authorization/policyDefinitions","name":"43684572-e4f1-4642-af35-6b933bc506da"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- System settings''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5001,13 +8812,56 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"System
settings: Use Certificate Rules on Windows Executables for Software Restriction
Policies;ExpectedValue","value":"[parameters(''SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/437a1f8f-8552-47a8-8b12-a2fee3269dd5","type":"Microsoft.Authorization/policyDefinitions","name":"437a1f8f-8552-47a8-8b12-a2fee3269dd5"},{"properties":{"displayName":"[Deprecated]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/437a1f8f-8552-47a8-8b12-a2fee3269dd5","type":"Microsoft.Authorization/policyDefinitions","name":"437a1f8f-8552-47a8-8b12-a2fee3269dd5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1544 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1544"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/43ced7c9-cd53-456b-b0da-2522649a4271","type":"Microsoft.Authorization/policyDefinitions","name":"43ced7c9-cd53-456b-b0da-2522649a4271"},{"properties":{"displayName":"Microsoft
+ Managed Control 1398 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1398"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/443e8f3d-b51a-45d8-95a7-18b0e42f4dc4","type":"Microsoft.Authorization/policyDefinitions","name":"443e8f3d-b51a-45d8-95a7-18b0e42f4dc4"},{"properties":{"displayName":"[Deprecated]:
Monitor permissive network access in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Network
Security Groups with too permissive rules will be monitored by Azure Security
Center as recommendations","metadata":{"category":"Security Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"permissiveNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed","type":"Microsoft.Authorization/policyDefinitions","name":"44452482-524f-4bf4-b852-0bff7cc4a3ed"},{"properties":{"displayName":"Require
- SQL Server version 12.0","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy ensures all SQL servers use version 12.0","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers"},{"not":{"field":"Microsoft.Sql/servers/version","equals":"12.0"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf","type":"Microsoft.Authorization/policyDefinitions","name":"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"permissiveNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed","type":"Microsoft.Authorization/policyDefinitions","name":"44452482-524f-4bf4-b852-0bff7cc4a3ed"},{"properties":{"displayName":"Microsoft
+ Managed Control 1066 - Remote Access | Disconnect / Disable Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1066"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4455c2e8-c65d-4acf-895e-304916f90b36","type":"Microsoft.Authorization/policyDefinitions","name":"4455c2e8-c65d-4acf-895e-304916f90b36"},{"properties":{"displayName":"Microsoft
+ Managed Control 1720 - Spam Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1720"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44b9a7cd-f36a-491a-a48b-6d04ae7c4221","type":"Microsoft.Authorization/policyDefinitions","name":"44b9a7cd-f36a-491a-a48b-6d04ae7c4221"},{"properties":{"displayName":"Microsoft
+ Managed Control 1334 - Authenticator Management | Pki-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1334"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44bfdadc-8c2e-4c30-9c99-f005986fabcd","type":"Microsoft.Authorization/policyDefinitions","name":"44bfdadc-8c2e-4c30-9c99-f005986fabcd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1604 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1604"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44dbba23-0b61-478e-89c7-b3084667782f","type":"Microsoft.Authorization/policyDefinitions","name":"44dbba23-0b61-478e-89c7-b3084667782f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1712 - Software, Firmware, And Information Integrity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1712"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44e543aa-41db-42aa-98eb-8a5eb1db53f0","type":"Microsoft.Authorization/policyDefinitions","name":"44e543aa-41db-42aa-98eb-8a5eb1db53f0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1310 - Device Identification And Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1310"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/450d7ede-823d-4931-a99d-57f6a38807dc","type":"Microsoft.Authorization/policyDefinitions","name":"450d7ede-823d-4931-a99d-57f6a38807dc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1559 - System And Services Acquisition Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1559"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/45692294-f074-42bd-ac54-16f1a3c07554","type":"Microsoft.Authorization/policyDefinitions","name":"45692294-f074-42bd-ac54-16f1a3c07554"},{"properties":{"displayName":"Microsoft
+ Managed Control 1578 - Acquisition Process | Functions / Ports / Protocols
+ / Services In Use","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1578"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/45b7b644-5f91-498e-9d89-7402532d3645","type":"Microsoft.Authorization/policyDefinitions","name":"45b7b644-5f91-498e-9d89-7402532d3645"},{"properties":{"displayName":"Microsoft
+ Managed Control 1565 - System Development Life Cycle","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1565"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/45ce2396-5c76-4654-9737-f8792ab3d26b","type":"Microsoft.Authorization/policyDefinitions","name":"45ce2396-5c76-4654-9737-f8792ab3d26b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1337 - Authenticator Management | In-Person Or Trusted Third-Party
+ Registration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1337"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/463e5220-3f79-4e24-a63f-343e4096cd22","type":"Microsoft.Authorization/policyDefinitions","name":"463e5220-3f79-4e24-a63f-343e4096cd22"},{"properties":{"displayName":"[Deprecated]:
+ Require SQL Server version 12.0","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy ensures all SQL servers use version 12.0. This policy is deprecated
+ because it is no longer possible to create an Azure SQL server with any version
+ other than 12.0.","metadata":{"category":"SQL","deprecated":"true"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers"},{"not":{"field":"Microsoft.Sql/servers/version","equals":"12.0"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf","type":"Microsoft.Authorization/policyDefinitions","name":"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1346 - Identification And Authentication (Non-Organizational
+ Users)","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1346"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/464dc8ce-2200-4720-87a5-dc5952924cc6","type":"Microsoft.Authorization/policyDefinitions","name":"464dc8ce-2200-4720-87a5-dc5952924cc6"},{"properties":{"displayName":"[Deprecated]:
Audit Web Applications that are not using latest supported Python Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported Python version for the latest security classes. Using
older classes and types can make your application vulnerable.","metadata":{"category":"Security
@@ -5016,7 +8870,14 @@ interactions:
automatic OS image patching on Virtual Machine Scale Sets","policyType":"BuiltIn","mode":"All","description":"This
policy enforces enabling automatic OS image patching on Virtual Machine Scale
Sets to always keep Virtual Machines secure by safely applying latest security
- patches every month.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgradePolicy.enableAutomaticOSUpgrade","notEquals":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade","notEquals":"True"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"465f0161-0087-490a-9ad9-ad6217f4f43a"},{"properties":{"displayName":"Automatic
+ patches every month.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgradePolicy.enableAutomaticOSUpgrade","notEquals":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade","notEquals":"True"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"465f0161-0087-490a-9ad9-ad6217f4f43a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1368 - Incident Handling | Correlation With External Organizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1368"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/465f32da-0ace-4603-8d1b-7be5a3a702de","type":"Microsoft.Authorization/policyDefinitions","name":"465f32da-0ace-4603-8d1b-7be5a3a702de"},{"properties":{"displayName":"Microsoft
+ Managed Control 1062 - Remote Access | Protection Of Confidentiality / Integrity
+ Using Encryption","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1062"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4708723f-e099-4af1-bbf9-b6df7642e444","type":"Microsoft.Authorization/policyDefinitions","name":"4708723f-e099-4af1-bbf9-b6df7642e444"},{"properties":{"displayName":"Automatic
provisioning of the Log Analytics monitoring agent should be enabled on your
subscription","policyType":"BuiltIn","mode":"All","description":"Enable automatic
provisioning of the Log Analytics monitoring agent in order to collect security
@@ -5025,12 +8886,51 @@ interactions:
Application Controls should be enabled on virtual machines","policyType":"BuiltIn","mode":"All","description":"Possible
Application Whitelist configuration will be monitored by Azure Security Center","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"applicationWhitelisting","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","type":"Microsoft.Authorization/policyDefinitions","name":"47a6b606-51aa-4496-8bb7-64b11cf66adc"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"applicationWhitelisting","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","type":"Microsoft.Authorization/policyDefinitions","name":"47a6b606-51aa-4496-8bb7-64b11cf66adc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1359 - Incident Response Testing | Coordination With Related
+ Plans","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Incident Response control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1359"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/47bc7ea0-7d13-4f7c-a154-b903f7194253","type":"Microsoft.Authorization/policyDefinitions","name":"47bc7ea0-7d13-4f7c-a154-b903f7194253"},{"properties":{"displayName":"Microsoft
+ Managed Control 1165 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1165"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/47e10916-6c9e-446b-b0bd-ff5fd439d79d","type":"Microsoft.Authorization/policyDefinitions","name":"47e10916-6c9e-446b-b0bd-ff5fd439d79d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1048 - System Use Notification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1048"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/483e7ca9-82b3-45a2-be97-b93163a0deb7","type":"Microsoft.Authorization/policyDefinitions","name":"483e7ca9-82b3-45a2-be97-b93163a0deb7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1033 - Separation Of Duties","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1033"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48540f01-fc11-411a-b160-42807c68896e","type":"Microsoft.Authorization/policyDefinitions","name":"48540f01-fc11-411a-b160-42807c68896e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1477 - Fire Protection | Detection Devices / Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1477"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4862a63c-6c74-4a9d-a221-89af3c374503","type":"Microsoft.Authorization/policyDefinitions","name":"4862a63c-6c74-4a9d-a221-89af3c374503"},{"properties":{"displayName":"Microsoft
+ Managed Control 1484 - Water Damage Protection | Automation Support","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1484"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/486b006a-3653-45e8-b41c-a052d3e05456","type":"Microsoft.Authorization/policyDefinitions","name":"486b006a-3653-45e8-b41c-a052d3e05456"},{"properties":{"displayName":"[Deprecated]:
Audit IP restrictions configuration for an API App","policyType":"BuiltIn","mode":"All","description":"IP
Restrictions allow you to define a list of IP addresses that are allowed to
access your app. Use of IP Restrictions protects an API app from common attacks.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53","type":"Microsoft.Authorization/policyDefinitions","name":"48893b84-a2c8-4d9a-badf-835d5d1b7d53"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53","type":"Microsoft.Authorization/policyDefinitions","name":"48893b84-a2c8-4d9a-badf-835d5d1b7d53"},{"properties":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for PostgreSQL","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure Database for PostgreSQL with geo-redundant backup
+ not enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},{"field":"Microsoft.DBforPostgreSQL/servers/storageProfile.geoRedundantBackup","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","type":"Microsoft.Authorization/policyDefinitions","name":"48af4db5-9b8b-401c-8e74-076be876a430"},{"properties":{"displayName":"Microsoft
+ Managed Control 1669 - Flaw Remediation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1669"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48f2f62b-5743-4415-a143-288adc0e078d","type":"Microsoft.Authorization/policyDefinitions","name":"48f2f62b-5743-4415-a143-288adc0e078d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1376 - Incident Response Assistance | Coordination With External
+ Providers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1376"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/493a95f3-f2e3-47d0-af02-65e6d6decc2f","type":"Microsoft.Authorization/policyDefinitions","name":"493a95f3-f2e3-47d0-af02-65e6d6decc2f"},{"properties":{"displayName":"Ensure
+ that ''Java version'' is the latest, if used as a part of the Web app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Java software either due to security flaws
+ or to include additional functionality. Using the latest Java version for
+ web apps is recommended in order to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ Java version","description":"Latest supported Java version for App Services"},"defaultValue":"11"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"JAVA"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","like":"[concat(''*'',
+ parameters(''JavaLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.javaVersion","like":"[concat(parameters(''JavaLatestVersion''),
+ ''*'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","type":"Microsoft.Authorization/policyDefinitions","name":"496223c3-ad65-4ecd-878a-bae78737e9ed"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Audit''","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5046,7 +8946,13 @@ interactions:
''='', parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsAudit"},"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"value":"[parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit:
Shut down system immediately if unable to log security audits;ExpectedValue","value":"[parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/498b810c-59cd-4222-9338-352ba146ccf3","type":"Microsoft.Authorization/policyDefinitions","name":"498b810c-59cd-4222-9338-352ba146ccf3"},{"properties":{"displayName":"Append
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/498b810c-59cd-4222-9338-352ba146ccf3","type":"Microsoft.Authorization/policyDefinitions","name":"498b810c-59cd-4222-9338-352ba146ccf3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1329 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1329"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/498f6234-3e20-4b6a-a880-cbd646d973bd","type":"Microsoft.Authorization/policyDefinitions","name":"498f6234-3e20-4b6a-a880-cbd646d973bd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1638 - Boundary Protection | Dynamic Isolation / Segregation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1638"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49b99653-32cd-405d-a135-e7d60a9aae1f","type":"Microsoft.Authorization/policyDefinitions","name":"49b99653-32cd-405d-a135-e7d60a9aae1f"},{"properties":{"displayName":"Append
tag and its default value to resource groups","policyType":"BuiltIn","mode":"All","description":"Appends
the specified tag and value when any resource group which is missing this
tag is created or updated. Does not modify the tags of resource groups created
@@ -5056,7 +8962,36 @@ interactions:
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"append","details":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71","type":"Microsoft.Authorization/policyDefinitions","name":"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71"},{"properties":{"displayName":"Deploy
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71","type":"Microsoft.Authorization/policyDefinitions","name":"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71"},{"properties":{"displayName":"Microsoft
+ Managed Control 1294 - Information System Backup | Transfer To Alternate Storage
+ Site","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1294"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49dbe627-2c1e-438c-979e-dd7a39bbf81d","type":"Microsoft.Authorization/policyDefinitions","name":"49dbe627-2c1e-438c-979e-dd7a39bbf81d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1218 - Least Functionality | Prevent Program Execution","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1218"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4a1d0394-b9f5-493e-9e83-563fd0ac4df8","type":"Microsoft.Authorization/policyDefinitions","name":"4a1d0394-b9f5-493e-9e83-563fd0ac4df8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1677 - Malicious Code Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1677"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4a248e1e-040f-43e5-bff2-afc3a57a3923","type":"Microsoft.Authorization/policyDefinitions","name":"4a248e1e-040f-43e5-bff2-afc3a57a3923"},{"properties":{"displayName":"Microsoft
+ Managed Control 1094 - Role-Based Security Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1094"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4b1853e0-8973-446b-b567-09d901d31a09","type":"Microsoft.Authorization/policyDefinitions","name":"4b1853e0-8973-446b-b567-09d901d31a09"},{"properties":{"displayName":"Microsoft
+ Managed Control 1114 - Response To Audit Processing Failures | Real-Time Alerts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1114"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4c090801-59bc-4454-bb33-e0455133486a","type":"Microsoft.Authorization/policyDefinitions","name":"4c090801-59bc-4454-bb33-e0455133486a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1364 - Incident Handling | Dynamic Reconfiguration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1364"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4c615c2a-dc83-4dda-8220-abce7b50c9bc","type":"Microsoft.Authorization/policyDefinitions","name":"4c615c2a-dc83-4dda-8220-abce7b50c9bc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1661 - Session Authenticity | Invalidate Session Identifiers
+ At Logout","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1661"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4c643c9a-1be7-4016-a5e7-e4bada052920","type":"Microsoft.Authorization/policyDefinitions","name":"4c643c9a-1be7-4016-a5e7-e4bada052920"},{"properties":{"displayName":"Microsoft
+ Managed Control 1373 - Incident Reporting | Automated Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1373"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4cca950f-c3b7-492a-8e8f-ea39663c14f9","type":"Microsoft.Authorization/policyDefinitions","name":"4cca950f-c3b7-492a-8e8f-ea39663c14f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1632 - Boundary Protection | Prevent Split Tunneling For Remote
+ Devices","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1632"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4ce9073a-77fa-48f0-96b1-87aa8e6091c2","type":"Microsoft.Authorization/policyDefinitions","name":"4ce9073a-77fa-48f0-96b1-87aa8e6091c2"},{"properties":{"displayName":"Deploy
prerequisites to audit Linux VMs that do not have the specified applications
installed","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Linux virtual machines that
@@ -5077,19 +9012,90 @@ interactions:
['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721","type":"Microsoft.Authorization/policyDefinitions","name":"4d1c04de-2172-403f-901b-90608c35c721"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721","type":"Microsoft.Authorization/policyDefinitions","name":"4d1c04de-2172-403f-901b-90608c35c721"},{"properties":{"displayName":"FTPS
+ should be required in your Web App","policyType":"BuiltIn","mode":"Indexed","description":"Enable
+ FTPS enforcement for enhanced security","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/ftpsState","equals":"FtpsOnly"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","type":"Microsoft.Authorization/policyDefinitions","name":"4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1155 - System Interconnections | Restrictions On External
+ System Connections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1155"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d33f9f1-12d0-46ad-9fbd-8f8046694977","type":"Microsoft.Authorization/policyDefinitions","name":"4d33f9f1-12d0-46ad-9fbd-8f8046694977"},{"properties":{"displayName":"Microsoft
+ Managed Control 1156 - Plan Of Action And Milestones","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1156"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d52e864-9a3b-41ee-8f03-520815fe5378","type":"Microsoft.Authorization/policyDefinitions","name":"4d52e864-9a3b-41ee-8f03-520815fe5378"},{"properties":{"displayName":"Microsoft
+ Managed Control 1312 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1312"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d6a5968-9eef-4c18-8534-376790ab7274","type":"Microsoft.Authorization/policyDefinitions","name":"4d6a5968-9eef-4c18-8534-376790ab7274"},{"properties":{"displayName":"[Preview]:
Deploy Dependency Agent for Linux VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined
and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''),
''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee","type":"Microsoft.Authorization/policyDefinitions","name":"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee"},{"properties":{"displayName":"A
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee","type":"Microsoft.Authorization/policyDefinitions","name":"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Data Lake Analytics to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Analytics to stream to a regional Event
+ Hub when any Data Lake Analytics which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeAnalytics/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeAnalytics/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4daddf25-4823-43d4-88eb-2419eb6dcc08","type":"Microsoft.Authorization/policyDefinitions","name":"4daddf25-4823-43d4-88eb-2419eb6dcc08"},{"properties":{"displayName":"Microsoft
+ Managed Control 1394 - System Maintenance Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1394"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4db56f68-3f50-45ab-88f3-ca46f5379a94","type":"Microsoft.Authorization/policyDefinitions","name":"4db56f68-3f50-45ab-88f3-ca46f5379a94"},{"properties":{"displayName":"Microsoft
+ Managed Control 1702 - Information System Monitoring | Indicators Of Compromise","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1702"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4dfc0855-92c4-4641-b155-a55ddd962362","type":"Microsoft.Authorization/policyDefinitions","name":"4dfc0855-92c4-4641-b155-a55ddd962362"},{"properties":{"displayName":"Microsoft
+ Managed Control 1001 - Access Control Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1001"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e26f8c3-4bf3-4191-b8fc-d888805101b7","type":"Microsoft.Authorization/policyDefinitions","name":"4e26f8c3-4bf3-4191-b8fc-d888805101b7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1083 - Publicly Accessible Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1083"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e319cb6-2ca3-4a58-ad75-e67f484e50ec","type":"Microsoft.Authorization/policyDefinitions","name":"4e319cb6-2ca3-4a58-ad75-e67f484e50ec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1579 - Acquisition Process | Use Of Approved Piv Products","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1579"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e54c7ef-7457-430b-9a3e-ef8881d4a8e0","type":"Microsoft.Authorization/policyDefinitions","name":"4e54c7ef-7457-430b-9a3e-ef8881d4a8e0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1247 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1247"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e666db5-b2ef-4b06-aac6-09bfce49151b","type":"Microsoft.Authorization/policyDefinitions","name":"4e666db5-b2ef-4b06-aac6-09bfce49151b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1196 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1196"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e7f4ea4-dd62-44f6-8886-ac6137cf52b0","type":"Microsoft.Authorization/policyDefinitions","name":"4e7f4ea4-dd62-44f6-8886-ac6137cf52b0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1134 - Protection Of Audit Information | Access By Subset
+ Of Privileged Users","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1134"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e95f70e-181c-4422-9da2-43079710c789","type":"Microsoft.Authorization/policyDefinitions","name":"4e95f70e-181c-4422-9da2-43079710c789"},{"properties":{"displayName":"Microsoft
+ Managed Control 1267 - Alternate Storage Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1267"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e97ba1d-be5d-4953-8da4-0cccf28f4805","type":"Microsoft.Authorization/policyDefinitions","name":"4e97ba1d-be5d-4953-8da4-0cccf28f4805"},{"properties":{"displayName":"Microsoft
+ Managed Control 1192 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1192"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4ebd97f7-b105-4f50-8daf-c51465991240","type":"Microsoft.Authorization/policyDefinitions","name":"4ebd97f7-b105-4f50-8daf-c51465991240"},{"properties":{"displayName":"Microsoft
+ Managed Control 1139 - Audit Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1139"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4ed62522-de00-4dda-9810-5205733d2f34","type":"Microsoft.Authorization/policyDefinitions","name":"4ed62522-de00-4dda-9810-5205733d2f34"},{"properties":{"displayName":"A
maximum of 3 owners should be designated for your subscription","policyType":"BuiltIn","mode":"All","description":"It
is recommended to designate up to 3 subscription owners in order to reduce
the potential for breach by a compromised owner.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateLessThanXOwners","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","type":"Microsoft.Authorization/policyDefinitions","name":"4f11b553-d42e-4e3a-89be-32ca364cad4c"},{"properties":{"displayName":"A
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateLessThanXOwners","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","type":"Microsoft.Authorization/policyDefinitions","name":"4f11b553-d42e-4e3a-89be-32ca364cad4c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1442 - Media Sanitization | Nondestructive Techniques","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1442"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f26049b-2c5a-4841-9ff3-d48a26aae475","type":"Microsoft.Authorization/policyDefinitions","name":"4f26049b-2c5a-4841-9ff3-d48a26aae475"},{"properties":{"displayName":"Microsoft
+ Managed Control 1182 - Baseline Configuration | Configure Systems, Components,
+ Or Devices For High-Risk Areas","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1182"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f34f554-da4b-4786-8d66-7915c90893da","type":"Microsoft.Authorization/policyDefinitions","name":"4f34f554-da4b-4786-8d66-7915c90893da"},{"properties":{"displayName":"A
security contact email address should be provided for your subscription","policyType":"BuiltIn","mode":"All","description":"Enter
an email address to receive notifications when Azure Security Center detects
compromised resources","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -5106,7 +9112,17 @@ interactions:
Vulnerability Assessment should be enabled on Virtual Machines","policyType":"BuiltIn","mode":"All","description":"Monitors
vulnerabilities detected by Azure Security Center Vulnerability Assessment
on Virtual Machines","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"serverVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["NotApplicable","OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","type":"Microsoft.Authorization/policyDefinitions","name":"501541f7-f7e7-4cd6-868c-4190fdad3ac9"},{"properties":{"displayName":"A
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"serverVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["NotApplicable","OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","type":"Microsoft.Authorization/policyDefinitions","name":"501541f7-f7e7-4cd6-868c-4190fdad3ac9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1485 - Delivery And Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1485"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50301354-95d0-4a11-8af5-8039ecf6d38b","type":"Microsoft.Authorization/policyDefinitions","name":"50301354-95d0-4a11-8af5-8039ecf6d38b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1646 - Cryptographic Key Establishment And Management | Asymmetric
+ Keys","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1646"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/506814fa-b930-4b10-894e-a45b98c40e1a","type":"Microsoft.Authorization/policyDefinitions","name":"506814fa-b930-4b10-894e-a45b98c40e1a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1566 - System Development Life Cycle","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1566"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50ad3724-e2ac-4716-afcc-d8eabd97adb9","type":"Microsoft.Authorization/policyDefinitions","name":"50ad3724-e2ac-4716-afcc-d8eabd97adb9"},{"properties":{"displayName":"A
custom IPsec/IKE policy must be applied to all Azure virtual network gateway
connections","policyType":"BuiltIn","mode":"All","description":"This policy
ensures that all Azure virtual network gateway connections use a custom Internet
@@ -5118,37 +9134,146 @@ interactions:
Encryption","description":"IKE Encryption"}},"IKEIntegrity":{"type":"Array","metadata":{"displayName":"IKE
Integrity","description":"IKE Integrity"}},"DHGroup":{"type":"Array","metadata":{"displayName":"DH
Group","description":"DH Group"}},"PFSGroup":{"type":"Array","metadata":{"displayName":"PFS
- Group","description":"PFS Group"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/connections"},{"anyOf":[{"field":"Microsoft.Network/connections/ipsecPolicies[*].ipsecEncryption","notIn":"[parameters(''IPsecEncryption'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ipsecIntegrity","notIn":"[parameters(''IPsecIntegrity'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ikeEncryption","notIn":"[parameters(''IKEEncryption'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ikeIntegrity","notIn":"[parameters(''IKEIntegrity'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].dhGroup","notIn":"[parameters(''DHGroup'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].pfsGroup","notIn":"[parameters(''PFSGroup'')]"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50b83b09-03da-41c1-b656-c293c914862b","type":"Microsoft.Authorization/policyDefinitions","name":"50b83b09-03da-41c1-b656-c293c914862b"},{"properties":{"displayName":"Connection
+ Group","description":"PFS Group"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/connections"},{"anyOf":[{"field":"Microsoft.Network/connections/ipsecPolicies[*].ipsecEncryption","notIn":"[parameters(''IPsecEncryption'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ipsecIntegrity","notIn":"[parameters(''IPsecIntegrity'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ikeEncryption","notIn":"[parameters(''IKEEncryption'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ikeIntegrity","notIn":"[parameters(''IKEIntegrity'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].dhGroup","notIn":"[parameters(''DHGroup'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].pfsGroup","notIn":"[parameters(''PFSGroup'')]"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50b83b09-03da-41c1-b656-c293c914862b","type":"Microsoft.Authorization/policyDefinitions","name":"50b83b09-03da-41c1-b656-c293c914862b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1248 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1248"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50fc602d-d8e0-444b-a039-ad138ee5deb0","type":"Microsoft.Authorization/policyDefinitions","name":"50fc602d-d8e0-444b-a039-ad138ee5deb0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1386 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1386"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5120193e-91fd-4f9d-bc6d-194f94734065","type":"Microsoft.Authorization/policyDefinitions","name":"5120193e-91fd-4f9d-bc6d-194f94734065"},{"properties":{"displayName":"Microsoft
+ Managed Control 1352 - Incident Response Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1352"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/518cb545-bfa8-43f8-a108-3b7d5037469a","type":"Microsoft.Authorization/policyDefinitions","name":"518cb545-bfa8-43f8-a108-3b7d5037469a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1642 - Network Disconnect","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1642"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/53397227-5ee3-4b23-9e5e-c8a767ce6928","type":"Microsoft.Authorization/policyDefinitions","name":"53397227-5ee3-4b23-9e5e-c8a767ce6928"},{"properties":{"displayName":"Connection
throttling should be enabled for PostgreSQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy helps audit any PostgreSQL databases in your environment without Connection
throttling enabled. This setting enables temporary connection throttling per
IP for too many invalid password login failures.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"connection_throttling","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd","type":"Microsoft.Authorization/policyDefinitions","name":"5345bb39-67dc-4960-a1bf-427e16b9a0bd"},{"properties":{"displayName":"CORS
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"connection_throttling","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd","type":"Microsoft.Authorization/policyDefinitions","name":"5345bb39-67dc-4960-a1bf-427e16b9a0bd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1467 - Visitor Access Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1467"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5350cbf9-8bdd-4904-b22a-e88be84ca49d","type":"Microsoft.Authorization/policyDefinitions","name":"5350cbf9-8bdd-4904-b22a-e88be84ca49d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1183 - Baseline Configuration | Configure Systems, Components,
+ Or Devices For High-Risk Areas","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1183"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5352e3e0-e63a-452e-9e5f-9c1d181cff9c","type":"Microsoft.Authorization/policyDefinitions","name":"5352e3e0-e63a-452e-9e5f-9c1d181cff9c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1029 - Information Flow Enforcement | Security Policy Filters","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1029"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69","type":"Microsoft.Authorization/policyDefinitions","name":"53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69"},{"properties":{"displayName":"Microsoft
+ Managed Control 1270 - Alternate Storage Site | Recovery Time / Point Objectives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1270"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/53c76a39-2097-408a-b237-b279f7b4614d","type":"Microsoft.Authorization/policyDefinitions","name":"53c76a39-2097-408a-b237-b279f7b4614d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1040 - Least Privilege | Review Of User Privileges","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1040"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/54205576-cec9-463f-ba44-b4b3f5d0a84c","type":"Microsoft.Authorization/policyDefinitions","name":"54205576-cec9-463f-ba44-b4b3f5d0a84c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1015 - Account Management | Disable Inactive Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1015"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/544a208a-9c3f-40bc-b1d1-d7e144495c14","type":"Microsoft.Authorization/policyDefinitions","name":"544a208a-9c3f-40bc-b1d1-d7e144495c14"},{"properties":{"displayName":"Microsoft
+ Managed Control 1026 - Account Management | Disable Accounts For High-Risk
+ Individuals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1026"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/55419419-c597-4cd4-b51e-009fd2266783","type":"Microsoft.Authorization/policyDefinitions","name":"55419419-c597-4cd4-b51e-009fd2266783"},{"properties":{"displayName":"Microsoft
+ Managed Control 1045 - Unsuccessful Logon Attempts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1045"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/554d2dd6-f3a8-4ad5-b66f-5ce23bd18892","type":"Microsoft.Authorization/policyDefinitions","name":"554d2dd6-f3a8-4ad5-b66f-5ce23bd18892"},{"properties":{"displayName":"Microsoft
+ Managed Control 1523 - Personnel Transfer","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1523"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5577a310-2551-49c8-803b-36e0d5e55601","type":"Microsoft.Authorization/policyDefinitions","name":"5577a310-2551-49c8-803b-36e0d5e55601"},{"properties":{"displayName":"Microsoft
+ Managed Control 1113 - Response To Audit Processing Failures | Audit Storage
+ Capacity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1113"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/562afd61-56be-4313-8fe4-b9564aa4ba7d","type":"Microsoft.Authorization/policyDefinitions","name":"562afd61-56be-4313-8fe4-b9564aa4ba7d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1212 - Configuration Settings | Automated Central Management
+ / Application / Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1212"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/56d970ee-4efc-49c8-8a4e-5916940d784c","type":"Microsoft.Authorization/policyDefinitions","name":"56d970ee-4efc-49c8-8a4e-5916940d784c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1403 - Controlled Maintenance | Automated Maintenance Activities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1403"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/57149289-d52b-4f40-9fe6-5233c1ef80f7","type":"Microsoft.Authorization/policyDefinitions","name":"57149289-d52b-4f40-9fe6-5233c1ef80f7"},{"properties":{"displayName":"CORS
should not allow every resource to access your Web Applications","policyType":"BuiltIn","mode":"Indexed","description":"Cross-Origin
Resource Sharing (CORS) should not allow all domains to access your web application.
Allow only required domains to interact with your web app.","metadata":{"category":"App
Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","type":"Microsoft.Authorization/policyDefinitions","name":"5744710e-cc2f-4ee8-8809-3b11e89f4bc9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","type":"Microsoft.Authorization/policyDefinitions","name":"5744710e-cc2f-4ee8-8809-3b11e89f4bc9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1162 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1162"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592","type":"Microsoft.Authorization/policyDefinitions","name":"5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592"},{"properties":{"displayName":"Microsoft
+ Managed Control 1054 - Session Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1054"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5807e1b4-ba5e-4718-8689-a0ca05a191b2","type":"Microsoft.Authorization/policyDefinitions","name":"5807e1b4-ba5e-4718-8689-a0ca05a191b2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1584 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1584"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5864522b-ff1d-4979-a9f8-58bee1fb174c","type":"Microsoft.Authorization/policyDefinitions","name":"5864522b-ff1d-4979-a9f8-58bee1fb174c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1547 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1547"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52","type":"Microsoft.Authorization/policyDefinitions","name":"58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52"},{"properties":{"displayName":"Microsoft
+ Managed Control 1573 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1573"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/58c93053-7b98-4cf0-b99f-1beb985416c2","type":"Microsoft.Authorization/policyDefinitions","name":"58c93053-7b98-4cf0-b99f-1beb985416c2"},{"properties":{"displayName":"[Deprecated]:
+ Ensure Function app is using the latest version of TLS encryption","policyType":"BuiltIn","mode":"Indexed","description":"Please
+ use /providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193
+ instead. The TLS(Transport Layer Security) protocol secures transmission of
+ data over the internet using standard encryption technology. Encryption should
+ be set with the latest version of TLS. App service allows TLS 1.2 by default,
+ which is the recommended TLS level by industry standards, such as PCI DSS","metadata":{"category":"App
+ Service","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/58d94fc1-a072-47c2-bd37-9cdb38e77453","type":"Microsoft.Authorization/policyDefinitions","name":"58d94fc1-a072-47c2-bd37-9cdb38e77453"},{"properties":{"displayName":"Microsoft
+ Managed Control 1063 - Remote Access | Managed Access Control Points","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1063"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/593ce201-54b2-4dd0-b34f-c308005d7780","type":"Microsoft.Authorization/policyDefinitions","name":"593ce201-54b2-4dd0-b34f-c308005d7780"},{"properties":{"displayName":"Microsoft
+ Managed Control 1463 - Monitoring Physical Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1463"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/59721f87-ae25-4db0-a2a4-77cc5b25d495","type":"Microsoft.Authorization/policyDefinitions","name":"59721f87-ae25-4db0-a2a4-77cc5b25d495"},{"properties":{"displayName":"Microsoft
+ Managed Control 1425 - Timely Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1425"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5983d99c-f39b-4c32-a3dc-170f19f6941b","type":"Microsoft.Authorization/policyDefinitions","name":"5983d99c-f39b-4c32-a3dc-170f19f6941b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1512 - Personnel Screening","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1512"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5a8324ad-f599-429b-aaed-f9c6e8c987a8","type":"Microsoft.Authorization/policyDefinitions","name":"5a8324ad-f599-429b-aaed-f9c6e8c987a8"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that do not have a minimum password age
of 1 day","policyType":"BuiltIn","mode":"All","description":"This policy should
only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that do not have a minimum password age of 1 day. For more
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","type":"Microsoft.Authorization/policyDefinitions","name":"5aa11bbc-5c76-4302-80e5-aba46a4282e7"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","type":"Microsoft.Authorization/policyDefinitions","name":"5aa11bbc-5c76-4302-80e5-aba46a4282e7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1032 - Separation Of Duties","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1032"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aa85661-d618-46b8-a20f-ca40a86f0751","type":"Microsoft.Authorization/policyDefinitions","name":"5aa85661-d618-46b8-a20f-ca40a86f0751"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that do not restrict the minimum password
length to 14 characters","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that do not restrict the minimum password
length to 14 characters. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","type":"Microsoft.Authorization/policyDefinitions","name":"5aebc8d1-020d-4037-89a0-02043a7524ec"},{"properties":{"displayName":"Show
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","type":"Microsoft.Authorization/policyDefinitions","name":"5aebc8d1-020d-4037-89a0-02043a7524ec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1555 - Vulnerability Scanning | Privileged Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1555"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5afa8cab-1ed7-4e40-884c-64e0ac2059cc","type":"Microsoft.Authorization/policyDefinitions","name":"5afa8cab-1ed7-4e40-884c-64e0ac2059cc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1205 - Access Restrictions For Change | Signed Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1205"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b070cab-0fb8-4e48-ad29-fc90b4c2797c","type":"Microsoft.Authorization/policyDefinitions","name":"5b070cab-0fb8-4e48-ad29-fc90b4c2797c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1005 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1005"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b626abc-26d4-4e22-9de8-3831818526b1","type":"Microsoft.Authorization/policyDefinitions","name":"5b626abc-26d4-4e22-9de8-3831818526b1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1105 - Audit Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1105"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b73f57b-587d-4470-a344-0b0ae805f459","type":"Microsoft.Authorization/policyDefinitions","name":"5b73f57b-587d-4470-a344-0b0ae805f459"},{"properties":{"displayName":"Show
audit results from Linux VMs that have the specified applications installed","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Linux virtual machines that have the specified applications installed.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"not_installed_application_linux","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8","type":"Microsoft.Authorization/policyDefinitions","name":"5b842acb-0fe7-41b0-9f40-880ec4ad84d8"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"not_installed_application_linux","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8","type":"Microsoft.Authorization/policyDefinitions","name":"5b842acb-0fe7-41b0-9f40-880ec4ad84d8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1433 - Media Transport","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1433"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b879b41-2728-41c5-ad24-9ee2c37cbe65","type":"Microsoft.Authorization/policyDefinitions","name":"5b879b41-2728-41c5-ad24-9ee2c37cbe65"},{"properties":{"displayName":"Ensure
+ WEB app has ''Client Certificates (Incoming client certificates)'' set to
+ ''On''","policyType":"BuiltIn","mode":"Indexed","description":"Client certificates
+ allow for the app to request a certificate for incoming requests. Only clients
+ that have a valid certificate will be able to reach the app.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"},{"field":"Microsoft.Web/sites/clientCertEnabled","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","type":"Microsoft.Authorization/policyDefinitions","name":"5bb220d9-2698-4ee4-8404-b9c30c9df609"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs on which the remote host connection
status does not match the specified one","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5176,7 +9301,10 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;host","value":"[parameters(''host'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;port","value":"[parameters(''port'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;shouldConnect","value":"[parameters(''shouldConnect'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5bb36dda-8a78-4df9-affd-4f05a8612a8a","type":"Microsoft.Authorization/policyDefinitions","name":"5bb36dda-8a78-4df9-affd-4f05a8612a8a"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5bb36dda-8a78-4df9-affd-4f05a8612a8a","type":"Microsoft.Authorization/policyDefinitions","name":"5bb36dda-8a78-4df9-affd-4f05a8612a8a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1551 - Vulnerability Scanning | Update Tool Capability","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1551"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5bbda922-0172-4095-89e6-5b4a0bf03af7","type":"Microsoft.Authorization/policyDefinitions","name":"5bbda922-0172-4095-89e6-5b4a0bf03af7"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Network Security''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -5192,16 +9320,38 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","type":"Microsoft.Authorization/policyDefinitions","name":"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138"},{"properties":{"displayName":"External
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","type":"Microsoft.Authorization/policyDefinitions","name":"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138"},{"properties":{"displayName":"Microsoft
+ Managed Control 1671 - Flaw Remediation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1671"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c5bbef7-a316-415b-9b38-29753ce8e698","type":"Microsoft.Authorization/policyDefinitions","name":"5c5bbef7-a316-415b-9b38-29753ce8e698"},{"properties":{"displayName":"Microsoft
+ Managed Control 1067 - Wireless Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1067"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c5e54f6-0127-44d0-8b61-f31dc8dd6190","type":"Microsoft.Authorization/policyDefinitions","name":"5c5e54f6-0127-44d0-8b61-f31dc8dd6190"},{"properties":{"displayName":"External
accounts with write permissions should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"External
accounts with write privileges should be removed from your subscription in
order to prevent unmonitored access.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","type":"Microsoft.Authorization/policyDefinitions","name":"5c607a2e-c700-4744-8254-d77e7c9eb5e4"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","type":"Microsoft.Authorization/policyDefinitions","name":"5c607a2e-c700-4744-8254-d77e7c9eb5e4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1483 - Water Damage Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1483"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5cb81060-3c8a-4968-bcdc-395a1801f6c1","type":"Microsoft.Authorization/policyDefinitions","name":"5cb81060-3c8a-4968-bcdc-395a1801f6c1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1362 - Incident Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1362"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5d169442-d6ef-439b-8dca-46c2c3248214","type":"Microsoft.Authorization/policyDefinitions","name":"5d169442-d6ef-439b-8dca-46c2c3248214"},{"properties":{"displayName":"Microsoft
+ Managed Control 1014 - Account Management | Removal Of Temporary / Emergency
+ Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1014"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5dee936c-8037-4df1-ab35-6635733da48c","type":"Microsoft.Authorization/policyDefinitions","name":"5dee936c-8037-4df1-ab35-6635733da48c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1665 - Process Isolation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1665"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5df3a55c-8456-44d4-941e-175f79332512","type":"Microsoft.Authorization/policyDefinitions","name":"5df3a55c-8456-44d4-941e-175f79332512"},{"properties":{"displayName":"[Deprecated]:
Function App should only be accessible over HTTPS","policyType":"BuiltIn","mode":"All","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"Security
Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForFunctionApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55","type":"Microsoft.Authorization/policyDefinitions","name":"5df82f4f-773a-4a2d-97a2-422a806f1a55"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForFunctionApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55","type":"Microsoft.Authorization/policyDefinitions","name":"5df82f4f-773a-4a2d-97a2-422a806f1a55"},{"properties":{"displayName":"Microsoft
+ Managed Control 1251 - Contingency Plan | Coordinate With Related Plans","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1251"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e2b3730-8c14-4081-8893-19dbb5de7348","type":"Microsoft.Authorization/policyDefinitions","name":"5e2b3730-8c14-4081-8893-19dbb5de7348"},{"properties":{"displayName":"[Deprecated]:
Audit Web Applications that are not using latest supported .NET Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported .NET Framework version for the latest security classes.
Using older classes and types can make your application vulnerable.","metadata":{"category":"Security
@@ -5213,7 +9363,13 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that do not have the specified applications installed. For
more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WhitelistedApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9","type":"Microsoft.Authorization/policyDefinitions","name":"5e393799-e3ca-4e43-a9a5-0ec4648a57d9"},{"properties":{"displayName":"[Deprecated]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WhitelistedApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9","type":"Microsoft.Authorization/policyDefinitions","name":"5e393799-e3ca-4e43-a9a5-0ec4648a57d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1116 - Audit Review, Analysis, And Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1116"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e47bc51-35d1-44b8-92af-e2f2d8b67635","type":"Microsoft.Authorization/policyDefinitions","name":"5e47bc51-35d1-44b8-92af-e2f2d8b67635"},{"properties":{"displayName":"Microsoft
+ Managed Control 1208 - Configuration Settings","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1208"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ea87673-d06b-456f-a324-8abcee5c159f","type":"Microsoft.Authorization/policyDefinitions","name":"5ea87673-d06b-456f-a324-8abcee5c159f"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation only in India data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation in the following locations only: West India, South India,
Central India","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["westindia","southindia","centralindia"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54","type":"Microsoft.Authorization/policyDefinitions","name":"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54"},{"properties":{"displayName":"[Preview]:
@@ -5231,7 +9387,11 @@ interactions:
''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachineScaleSets/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069","type":"Microsoft.Authorization/policyDefinitions","name":"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069"},{"properties":{"displayName":"External
+ extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069","type":"Microsoft.Authorization/policyDefinitions","name":"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069"},{"properties":{"displayName":"Microsoft
+ Managed Control 1576 - Acquisition Process | Design / Implementation Information
+ For Security Controls","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1576"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5f18c885-ade3-48c5-80b1-8f9216019c18","type":"Microsoft.Authorization/policyDefinitions","name":"5f18c885-ade3-48c5-80b1-8f9216019c18"},{"properties":{"displayName":"External
accounts with read permissions should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"External
accounts with read privileges should be removed from your subscription in
order to prevent unmonitored access.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -5243,7 +9403,10 @@ interactions:
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"field":"[concat(''tags['',
parameters(''tagName''), '']'')]","notEquals":"[parameters(''tagValue'')]"},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"addOrReplace","field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ffd78d9-436d-4b41-a421-5baa819e3008","type":"Microsoft.Authorization/policyDefinitions","name":"5ffd78d9-436d-4b41-a421-5baa819e3008"},{"properties":{"displayName":"[Preview]:
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ffd78d9-436d-4b41-a421-5baa819e3008","type":"Microsoft.Authorization/policyDefinitions","name":"5ffd78d9-436d-4b41-a421-5baa819e3008"},{"properties":{"displayName":"Microsoft
+ Managed Control 1663 - Protection Of Information At Rest","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1663"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/60171210-6dde-40af-a144-bf2670518bfa","type":"Microsoft.Authorization/policyDefinitions","name":"60171210-6dde-40af-a144-bf2670518bfa"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Object Access''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -5269,19 +9432,87 @@ interactions:
a storage account in the same region and resource group as the SQL server
to store scan results, with a ''sqlva'' prefix.","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/securityAlertPolicies.state","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3","/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"serverName":{"type":"string"},"location":{"type":"string"}},"variables":{"serverResourceGroupName":"[resourceGroup().name]","subscriptionId":"[subscription().subscriptionId]","uniqueStorage":"[uniqueString(variables(''subscriptionId''),
variables(''serverResourceGroupName''), parameters(''location''))]","storageName":"[tolower(concat(''sqlva'',
- variables(''uniqueStorage'')))]"},"resources":[{"type":"Microsoft.Storage/storageAccounts","name":"[variables(''storageName'')]","apiVersion":"2016-01-01","location":"[parameters(''location'')]","sku":{"name":"Standard_LRS"},"kind":"Storage","properties":{}},{"name":"[concat(parameters(''serverName''),
+ variables(''uniqueStorage'')))]"},"resources":[{"type":"Microsoft.Storage/storageAccounts","name":"[variables(''storageName'')]","apiVersion":"2019-04-01","location":"[parameters(''location'')]","sku":{"name":"Standard_LRS"},"kind":"StorageV2","properties":{}},{"name":"[concat(parameters(''serverName''),
''/Default'')]","type":"Microsoft.Sql/servers/securityAlertPolicies","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","emailAccountAdmins":true}},{"name":"[concat(parameters(''serverName''),
''/Default'')]","type":"Microsoft.Sql/servers/vulnerabilityAssessments","apiVersion":"2018-06-01-preview","properties":{"storageContainerPath":"[concat(reference(resourceId(''Microsoft.Storage/storageAccounts'',
variables(''storageName''))).primaryEndpoints.blob, ''vulnerability-assessment'')]","storageAccountAccessKey":"[listKeys(resourceId(''Microsoft.Storage/storageAccounts'',
variables(''storageName'')), ''2018-02-01'').keys[0].value]","recurringScans":{"isEnabled":true,"emailSubscriptionAdmins":true,"emails":[]}},"dependsOn":["[concat(''Microsoft.Storage/storageAccounts/'',
variables(''storageName''))]","[concat(''Microsoft.Sql/servers/'', parameters(''serverName''),
- ''/securityAlertPolicies/Default'')]"]}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6","type":"Microsoft.Authorization/policyDefinitions","name":"6134c3db-786f-471e-87bc-8f479dc890f6"},{"properties":{"displayName":"Service
+ ''/securityAlertPolicies/Default'')]"]}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6","type":"Microsoft.Authorization/policyDefinitions","name":"6134c3db-786f-471e-87bc-8f479dc890f6"},{"properties":{"displayName":"Configure
+ time zone on Windows machines.","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to set specified time zone
+ on Windows virtual machines.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"TimeZone":{"type":"String","metadata":{"displayName":"Time
+ zone","description":"The expected time zone"},"allowedValues":["(UTC-12:00)
+ International Date Line West","(UTC-11:00) Coordinated Universal Time-11","(UTC-10:00)
+ Aleutian Islands","(UTC-10:00) Hawaii","(UTC-09:30) Marquesas Islands","(UTC-09:00)
+ Alaska","(UTC-09:00) Coordinated Universal Time-09","(UTC-08:00) Baja California","(UTC-08:00)
+ Coordinated Universal Time-08","(UTC-08:00) Pacific Time (US & Canada)","(UTC-07:00)
+ Arizona","(UTC-07:00) Chihuahua, La Paz, Mazatlan","(UTC-07:00) Mountain Time
+ (US & Canada)","(UTC-06:00) Central America","(UTC-06:00) Central Time (US
+ & Canada)","(UTC-06:00) Easter Island","(UTC-06:00) Guadalajara, Mexico City,
+ Monterrey","(UTC-06:00) Saskatchewan","(UTC-05:00) Bogota, Lima, Quito, Rio
+ Branco","(UTC-05:00) Chetumal","(UTC-05:00) Eastern Time (US & Canada)","(UTC-05:00)
+ Haiti","(UTC-05:00) Havana","(UTC-05:00) Indiana (East)","(UTC-05:00) Turks
+ and Caicos","(UTC-04:00) Asuncion","(UTC-04:00) Atlantic Time (Canada)","(UTC-04:00)
+ Caracas","(UTC-04:00) Cuiaba","(UTC-04:00) Georgetown, La Paz, Manaus, San
+ Juan","(UTC-04:00) Santiago","(UTC-03:30) Newfoundland","(UTC-03:00) Araguaina","(UTC-03:00)
+ Brasilia","(UTC-03:00) Cayenne, Fortaleza","(UTC-03:00) City of Buenos Aires","(UTC-03:00)
+ Greenland","(UTC-03:00) Montevideo","(UTC-03:00) Punta Arenas","(UTC-03:00)
+ Saint Pierre and Miquelon","(UTC-03:00) Salvador","(UTC-02:00) Coordinated
+ Universal Time-02","(UTC-02:00) Mid-Atlantic - Old","(UTC-01:00) Azores","(UTC-01:00)
+ Cabo Verde Is.","(UTC) Coordinated Universal Time","(UTC+00:00) Dublin, Edinburgh,
+ Lisbon, London","(UTC+00:00) Monrovia, Reykjavik","(UTC+00:00) Sao Tome","(UTC+01:00)
+ Casablanca","(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna","(UTC+01:00)
+ Belgrade, Bratislava, Budapest, Ljubljana, Prague","(UTC+01:00) Brussels,
+ Copenhagen, Madrid, Paris","(UTC+01:00) Sarajevo, Skopje, Warsaw, Zagreb","(UTC+01:00)
+ West Central Africa","(UTC+02:00) Amman","(UTC+02:00) Athens, Bucharest","(UTC+02:00)
+ Beirut","(UTC+02:00) Cairo","(UTC+02:00) Chisinau","(UTC+02:00) Damascus","(UTC+02:00)
+ Gaza, Hebron","(UTC+02:00) Harare, Pretoria","(UTC+02:00) Helsinki, Kyiv,
+ Riga, Sofia, Tallinn, Vilnius","(UTC+02:00) Jerusalem","(UTC+02:00) Kaliningrad","(UTC+02:00)
+ Khartoum","(UTC+02:00) Tripoli","(UTC+02:00) Windhoek","(UTC+03:00) Baghdad","(UTC+03:00)
+ Istanbul","(UTC+03:00) Kuwait, Riyadh","(UTC+03:00) Minsk","(UTC+03:00) Moscow,
+ St. Petersburg","(UTC+03:00) Nairobi","(UTC+03:30) Tehran","(UTC+04:00) Abu
+ Dhabi, Muscat","(UTC+04:00) Astrakhan, Ulyanovsk","(UTC+04:00) Baku","(UTC+04:00)
+ Izhevsk, Samara","(UTC+04:00) Port Louis","(UTC+04:00) Saratov","(UTC+04:00)
+ Tbilisi","(UTC+04:00) Volgograd","(UTC+04:00) Yerevan","(UTC+04:30) Kabul","(UTC+05:00)
+ Ashgabat, Tashkent","(UTC+05:00) Ekaterinburg","(UTC+05:00) Islamabad, Karachi","(UTC+05:00)
+ Qyzylorda","(UTC+05:30) Chennai, Kolkata, Mumbai, New Delhi","(UTC+05:30)
+ Sri Jayawardenepura","(UTC+05:45) Kathmandu","(UTC+06:00) Astana","(UTC+06:00)
+ Dhaka","(UTC+06:00) Omsk","(UTC+06:30) Yangon (Rangoon)","(UTC+07:00) Bangkok,
+ Hanoi, Jakarta","(UTC+07:00) Barnaul, Gorno-Altaysk","(UTC+07:00) Hovd","(UTC+07:00)
+ Krasnoyarsk","(UTC+07:00) Novosibirsk","(UTC+07:00) Tomsk","(UTC+08:00) Beijing,
+ Chongqing, Hong Kong, Urumqi","(UTC+08:00) Irkutsk","(UTC+08:00) Kuala Lumpur,
+ Singapore","(UTC+08:00) Perth","(UTC+08:00) Taipei","(UTC+08:00) Ulaanbaatar","(UTC+08:45)
+ Eucla","(UTC+09:00) Chita","(UTC+09:00) Osaka, Sapporo, Tokyo","(UTC+09:00)
+ Pyongyang","(UTC+09:00) Seoul","(UTC+09:00) Yakutsk","(UTC+09:30) Adelaide","(UTC+09:30)
+ Darwin","(UTC+10:00) Brisbane","(UTC+10:00) Canberra, Melbourne, Sydney","(UTC+10:00)
+ Guam, Port Moresby","(UTC+10:00) Hobart","(UTC+10:00) Vladivostok","(UTC+10:30)
+ Lord Howe Island","(UTC+11:00) Bougainville Island","(UTC+11:00) Chokurdakh","(UTC+11:00)
+ Magadan","(UTC+11:00) Norfolk Island","(UTC+11:00) Sakhalin","(UTC+11:00)
+ Solomon Is., New Caledonia","(UTC+12:00) Anadyr, Petropavlovsk-Kamchatsky","(UTC+12:00)
+ Auckland, Wellington","(UTC+12:00) Coordinated Universal Time+12","(UTC+12:00)
+ Fiji","(UTC+12:00) Petropavlovsk-Kamchatsky - Old","(UTC+12:45) Chatham Islands","(UTC+13:00)
+ Coordinated Universal Time+13","(UTC+13:00) Nuku''alofa","(UTC+13:00) Samoa","(UTC+14:00)
+ Kiritimati Island"]}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"SetWindowsTimeZone","existenceCondition":{"allOf":[{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[WindowsTimeZone]WindowsTimeZone1;TimeZone'',
+ ''='', parameters(''TimeZone'')))]"},{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"SetWindowsTimeZone"},"TimeZone":{"value":"[parameters(''TimeZone'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"TimeZone":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","assignmentType":"DeployAndAutoCorrect","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","assignmentType":"DeployAndAutoCorrect","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6141c932-9384-44c6-a395-59e4c057d7c9","type":"Microsoft.Authorization/policyDefinitions","name":"6141c932-9384-44c6-a395-59e4c057d7c9"},{"properties":{"displayName":"Service
Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign","policyType":"BuiltIn","mode":"Indexed","description":"Service
Fabric provides three levels of protection (None, Sign and EncryptAndSign)
for node-to-node communication using a primary cluster certificate. Set the
protection level to ensure that all node-to-node messages are encrypted and
digitally signed","metadata":{"category":"Service Fabric"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceFabric/clusters"},{"anyOf":[{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].name","notEquals":"Security"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name","notEquals":"ClusterProtectionLevel"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value","notEquals":"EncryptAndSign"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","type":"Microsoft.Authorization/policyDefinitions","name":"617c02be-7f02-4efd-8836-3180d47b6c68"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceFabric/clusters"},{"anyOf":[{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].name","notEquals":"Security"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name","notEquals":"ClusterProtectionLevel"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value","notEquals":"EncryptAndSign"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","type":"Microsoft.Authorization/policyDefinitions","name":"617c02be-7f02-4efd-8836-3180d47b6c68"},{"properties":{"displayName":"Microsoft
+ Managed Control 1110 - Audit Storage Capacity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1110"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6182bfa7-0f2a-43f5-834a-a2ddf31c13c7","type":"Microsoft.Authorization/policyDefinitions","name":"6182bfa7-0f2a-43f5-834a-a2ddf31c13c7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1415 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1415"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/61a1dd98-b259-4840-abd5-fbba7ee0da83","type":"Microsoft.Authorization/policyDefinitions","name":"61a1dd98-b259-4840-abd5-fbba7ee0da83"},{"properties":{"displayName":"Microsoft
+ Managed Control 1153 - System Interconnections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1153"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/61cf3125-142c-4754-8a16-41ab4d529635","type":"Microsoft.Authorization/policyDefinitions","name":"61cf3125-142c-4754-8a16-41ab4d529635"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
System objects''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -5289,7 +9520,24 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - System objects''. For more information on Guest
Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsSystemobjects","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/620e58b5-ac75-49b4-993f-a9d4f0459636","type":"Microsoft.Authorization/policyDefinitions","name":"620e58b5-ac75-49b4-993f-a9d4f0459636"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsSystemobjects","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/620e58b5-ac75-49b4-993f-a9d4f0459636","type":"Microsoft.Authorization/policyDefinitions","name":"620e58b5-ac75-49b4-993f-a9d4f0459636"},{"properties":{"displayName":"Microsoft
+ Managed Control 1682 - Malicious Code Protection | Nonsignature-Based Detection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1682"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/62b638c5-29d7-404b-8d93-f21e4b1ce198","type":"Microsoft.Authorization/policyDefinitions","name":"62b638c5-29d7-404b-8d93-f21e4b1ce198"},{"properties":{"displayName":"Microsoft
+ Managed Control 1660 - Session Authenticity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1660"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/63096613-ce83-43e5-96f4-e588e8813554","type":"Microsoft.Authorization/policyDefinitions","name":"63096613-ce83-43e5-96f4-e588e8813554"},{"properties":{"displayName":"Microsoft
+ Managed Control 1002 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1002"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/632024c2-8079-439d-a7f6-90af1d78cc65","type":"Microsoft.Authorization/policyDefinitions","name":"632024c2-8079-439d-a7f6-90af1d78cc65"},{"properties":{"displayName":"Microsoft
+ Managed Control 1498 - Rules Of Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1498"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/633988b9-cf2f-4323-8394-f0d2af9cd6e1","type":"Microsoft.Authorization/policyDefinitions","name":"633988b9-cf2f-4323-8394-f0d2af9cd6e1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1177 - Baseline Configuration | Reviews And Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1177"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc","type":"Microsoft.Authorization/policyDefinitions","name":"63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1185 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1185"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6420cd73-b939-43b7-9d99-e8688fea053c","type":"Microsoft.Authorization/policyDefinitions","name":"6420cd73-b939-43b7-9d99-e8688fea053c"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Devices''","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5306,16 +9554,38 @@ interactions:
Allowed to format and eject removable media;ExpectedValue'', ''='', parameters(''DevicesAllowedToFormatAndEjectRemovableMedia'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsDevices"},"DevicesAllowedToFormatAndEjectRemovableMedia":{"value":"[parameters(''DevicesAllowedToFormatAndEjectRemovableMedia'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"DevicesAllowedToFormatAndEjectRemovableMedia":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Devices:
Allowed to format and eject removable media;ExpectedValue","value":"[parameters(''DevicesAllowedToFormatAndEjectRemovableMedia'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6481cc21-ed6e-4480-99dd-ea7c5222e897","type":"Microsoft.Authorization/policyDefinitions","name":"6481cc21-ed6e-4480-99dd-ea7c5222e897"},{"properties":{"displayName":"[Deprecated]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6481cc21-ed6e-4480-99dd-ea7c5222e897","type":"Microsoft.Authorization/policyDefinitions","name":"6481cc21-ed6e-4480-99dd-ea7c5222e897"},{"properties":{"displayName":"Microsoft
+ Managed Control 1441 - Media Sanitization | Equipment Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1441"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6519d7f3-e8a2-4ff3-a935-9a9497152ad7","type":"Microsoft.Authorization/policyDefinitions","name":"6519d7f3-e8a2-4ff3-a935-9a9497152ad7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1558 - Vulnerability Scanning | Correlate Scanning Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1558"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/65592b16-4367-42c5-a26e-d371be450e17","type":"Microsoft.Authorization/policyDefinitions","name":"65592b16-4367-42c5-a26e-d371be450e17"},{"properties":{"displayName":"[Deprecated]:
Audit missing blob encryption for storage accounts","policyType":"BuiltIn","mode":"All","description":"This
policy is no longer necessary because storage blob encryption is enabled by
default and cannot be turned off.","metadata":{"category":"Security Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759","type":"Microsoft.Authorization/policyDefinitions","name":"655cb504-bcee-4362-bd4c-402e6aa38759"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759","type":"Microsoft.Authorization/policyDefinitions","name":"655cb504-bcee-4362-bd4c-402e6aa38759"},{"properties":{"displayName":"Microsoft
+ Managed Control 1261 - Contingency Plan Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1261"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/65aeceb5-a59c-4cb1-8d82-9c474be5d431","type":"Microsoft.Authorization/policyDefinitions","name":"65aeceb5-a59c-4cb1-8d82-9c474be5d431"},{"properties":{"displayName":"[Deprecated]:
Audit IP restrictions configuration for a Function App","policyType":"BuiltIn","mode":"All","description":"IP
Restrictions allow you to define a list of IP addresses that are allowed to
access your app. Use of IP Restrictions protects a Function app from common
attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90","type":"Microsoft.Authorization/policyDefinitions","name":"664346d9-be92-43fb-a219-d595eeb76a90"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90","type":"Microsoft.Authorization/policyDefinitions","name":"664346d9-be92-43fb-a219-d595eeb76a90"},{"properties":{"displayName":"Microsoft
+ Managed Control 1444 - Media Use | Prohibit Use Without Owner","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1444"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/666143df-f5e0-45bd-b554-135f0f93e44e","type":"Microsoft.Authorization/policyDefinitions","name":"666143df-f5e0-45bd-b554-135f0f93e44e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1319 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1319"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/66f7ae57-5560-4fc5-85c9-659f204e7a42","type":"Microsoft.Authorization/policyDefinitions","name":"66f7ae57-5560-4fc5-85c9-659f204e7a42"},{"properties":{"displayName":"Microsoft
+ Managed Control 1628 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1628"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/67de62b4-a737-4781-8861-3baed3c35069","type":"Microsoft.Authorization/policyDefinitions","name":"67de62b4-a737-4781-8861-3baed3c35069"},{"properties":{"displayName":"Microsoft
+ Managed Control 1377 - Incident Response Assistance | Coordination With External
+ Providers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1377"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68434bd1-e14b-4031-9edb-a4adf5f84a67","type":"Microsoft.Authorization/policyDefinitions","name":"68434bd1-e14b-4031-9edb-a4adf5f84a67"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs on which the Log Analytics agent
is not connected as expected","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5334,7 +9604,35 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LogAnalyticsAgent]LogAnalyticsAgent1;WorkspaceId","value":"[parameters(''WorkspaceId'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68511db2-bd02-41c4-ae6b-1900a012968a","type":"Microsoft.Authorization/policyDefinitions","name":"68511db2-bd02-41c4-ae6b-1900a012968a"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68511db2-bd02-41c4-ae6b-1900a012968a","type":"Microsoft.Authorization/policyDefinitions","name":"68511db2-bd02-41c4-ae6b-1900a012968a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1597 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1597"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68b250ec-2e4f-4eee-898a-117a9fda7016","type":"Microsoft.Authorization/policyDefinitions","name":"68b250ec-2e4f-4eee-898a-117a9fda7016"},{"properties":{"displayName":"Microsoft
+ Managed Control 1588 - External Information System Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1588"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68ebae26-e0e0-4ecb-8379-aabf633b51e9","type":"Microsoft.Authorization/policyDefinitions","name":"68ebae26-e0e0-4ecb-8379-aabf633b51e9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1070 - Wireless Access | Disable Wireless Networking","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1070"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68f837d0-8942-4b1e-9b31-be78b247bda8","type":"Microsoft.Authorization/policyDefinitions","name":"68f837d0-8942-4b1e-9b31-be78b247bda8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1727 - Memory Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1727"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/697175a7-9715-4e89-b98b-c6f605888fa3","type":"Microsoft.Authorization/policyDefinitions","name":"697175a7-9715-4e89-b98b-c6f605888fa3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1652 - Mobile Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1652"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6998e84a-2d29-4e10-8962-76754d4f772d","type":"Microsoft.Authorization/policyDefinitions","name":"6998e84a-2d29-4e10-8962-76754d4f772d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1699 - Information System Monitoring | Privileged Users","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1699"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/69c7bee8-bc19-4129-a51e-65a7b39d3e7c","type":"Microsoft.Authorization/policyDefinitions","name":"69c7bee8-bc19-4129-a51e-65a7b39d3e7c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1696 - Information System Monitoring | Correlate Monitoring
+ Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1696"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/69d2a238-20ab-4206-a6dc-f302bf88b1b8","type":"Microsoft.Authorization/policyDefinitions","name":"69d2a238-20ab-4206-a6dc-f302bf88b1b8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1244 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1244"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a13a8f8-c163-4b1b-8554-d63569dab937","type":"Microsoft.Authorization/policyDefinitions","name":"6a13a8f8-c163-4b1b-8554-d63569dab937"},{"properties":{"displayName":"Microsoft
+ Managed Control 1019 - Account Management | Role-Based Schemes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1019"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a3ee9b2-3977-459c-b8ce-2db583abd9f7","type":"Microsoft.Authorization/policyDefinitions","name":"6a3ee9b2-3977-459c-b8ce-2db583abd9f7"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs on which Windows Defender Exploit
Guard is not enabled","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5361,29 +9659,108 @@ interactions:
Restrictions allow you to define a list of IP addresses that are allowed to
access your app. Use of IP Restrictions protects a web application from common
attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe","type":"Microsoft.Authorization/policyDefinitions","name":"6a8450e2-6c61-43b4-be65-62e3a197bffe"},{"properties":{"displayName":"Deprecated
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe","type":"Microsoft.Authorization/policyDefinitions","name":"6a8450e2-6c61-43b4-be65-62e3a197bffe"},{"properties":{"displayName":"Microsoft
+ Managed Control 1211 - Configuration Settings","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1211"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a8b9dc8-6b00-4701-aa96-bba3277ebf50","type":"Microsoft.Authorization/policyDefinitions","name":"6a8b9dc8-6b00-4701-aa96-bba3277ebf50"},{"properties":{"displayName":"[Deprecated]:
+ Ensure WEB app is using the latest version of TLS encryption ","policyType":"BuiltIn","mode":"Indexed","description":"Please
+ use /providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b
+ instead. The TLS(Transport Layer Security) protocol secures transmission of
+ data over the internet using standard encryption technology. Encryption should
+ be set with the latest version of TLS. App service allows TLS 1.2 by default,
+ which is the recommended TLS level by industry standards, such as PCI DSS.","metadata":{"category":"App
+ Service","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6ad61431-88ce-4357-a0e1-6da43f292bd7","type":"Microsoft.Authorization/policyDefinitions","name":"6ad61431-88ce-4357-a0e1-6da43f292bd7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1653 - Mobile Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1653"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b","type":"Microsoft.Authorization/policyDefinitions","name":"6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b"},{"properties":{"displayName":"Deprecated
accounts should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"Deprecated
accounts should be removed from your subscriptions. Deprecated accounts are
accounts that have been blocked from signing in.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveDeprecatedAccounts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","type":"Microsoft.Authorization/policyDefinitions","name":"6b1cbf55-e8b6-442f-ba4c-7246b6381474"},{"properties":{"displayName":"Not
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveDeprecatedAccounts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","type":"Microsoft.Authorization/policyDefinitions","name":"6b1cbf55-e8b6-442f-ba4c-7246b6381474"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Service Bus to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Service Bus to stream to a regional Event Hub
+ when any Service Bus which is missing this diagnostic settings is created
+ or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.ServiceBus/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b51af03-9277-49a9-a3f8-1c69c9ff7403","type":"Microsoft.Authorization/policyDefinitions","name":"6b51af03-9277-49a9-a3f8-1c69c9ff7403"},{"properties":{"displayName":"Microsoft
+ Managed Control 1031 - Separation Of Duties","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1031"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b93a801-fe25-4574-a60d-cb22acffae00","type":"Microsoft.Authorization/policyDefinitions","name":"6b93a801-fe25-4574-a60d-cb22acffae00"},{"properties":{"displayName":"Not
allowed resource types","policyType":"BuiltIn","mode":"All","description":"This
policy enables you to specify the resource types that your organization cannot
deploy.","metadata":{"category":"General"},"parameters":{"listOfResourceTypesNotAllowed":{"type":"Array","metadata":{"description":"The
list of resource types that cannot be deployed.","displayName":"Not allowed
- resource types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypesNotAllowed'')]"},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749","type":"Microsoft.Authorization/policyDefinitions","name":"6c112d4e-5bc7-47ae-a041-ea2d9dccd749"},{"properties":{"displayName":"Function
+ resource types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypesNotAllowed'')]"},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749","type":"Microsoft.Authorization/policyDefinitions","name":"6c112d4e-5bc7-47ae-a041-ea2d9dccd749"},{"properties":{"displayName":"Microsoft
+ Managed Control 1338 - Authenticator Management | Automated Support For Password
+ Strength Determination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1338"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6c59a207-6aed-41dc-83a2-e1ff66e4a4db","type":"Microsoft.Authorization/policyDefinitions","name":"6c59a207-6aed-41dc-83a2-e1ff66e4a4db"},{"properties":{"displayName":"Microsoft
+ Managed Control 1304 - Identification And Authentication (Org. Users) | Local
+ Access To Non-Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1304"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b","type":"Microsoft.Authorization/policyDefinitions","name":"6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1437 - Media Transport | Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1437"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d1eb6ed-bf13-4046-b993-b9e2aef0f76c","type":"Microsoft.Authorization/policyDefinitions","name":"6d1eb6ed-bf13-4046-b993-b9e2aef0f76c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1171 - Penetration Testing | Independent Penetration Agent
+ Or Team","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1171"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d4820bc-8b61-4982-9501-2123cb776c00","type":"Microsoft.Authorization/policyDefinitions","name":"6d4820bc-8b61-4982-9501-2123cb776c00"},{"properties":{"displayName":"Function
App should only be accessible over HTTPS","policyType":"BuiltIn","mode":"Indexed","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","type":"Microsoft.Authorization/policyDefinitions","name":"6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab"},{"properties":{"displayName":"Email
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","type":"Microsoft.Authorization/policyDefinitions","name":"6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab"},{"properties":{"displayName":"Microsoft
+ Managed Control 1643 - Cryptographic Key Establishment And Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1643"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d8d492c-dd7a-46f7-a723-fa66a425b87c","type":"Microsoft.Authorization/policyDefinitions","name":"6d8d492c-dd7a-46f7-a723-fa66a425b87c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1291 - Information System Backup | Testing For Reliability
+ / Integrity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1291"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912","type":"Microsoft.Authorization/policyDefinitions","name":"6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912"},{"properties":{"displayName":"Microsoft
+ Managed Control 1175 - Configuration Management Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1175"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6dab4254-c30d-4bb7-ae99-1d21586c063c","type":"Microsoft.Authorization/policyDefinitions","name":"6dab4254-c30d-4bb7-ae99-1d21586c063c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1651 - Mobile Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1651"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6db63528-c9ba-491c-8a80-83e1e6977a50","type":"Microsoft.Authorization/policyDefinitions","name":"6db63528-c9ba-491c-8a80-83e1e6977a50"},{"properties":{"displayName":"Email
notification for high severity alerts should be enabled","policyType":"BuiltIn","mode":"All","description":"Enable
emailing security alerts to the security contact, in order to have them receive
security alert emails from Microsoft. This ensures that the right people are
aware of any potential security issues and are able to mitigate the risks","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertNotifications","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","type":"Microsoft.Authorization/policyDefinitions","name":"6e2593d9-add6-4083-9c9b-4b7d2188c899"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertNotifications","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","type":"Microsoft.Authorization/policyDefinitions","name":"6e2593d9-add6-4083-9c9b-4b7d2188c899"},{"properties":{"displayName":"Microsoft
+ Managed Control 1586 - External Information System Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1586"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e3b2fbd-8f37-4766-a64d-3f37703dcb51","type":"Microsoft.Authorization/policyDefinitions","name":"6e3b2fbd-8f37-4766-a64d-3f37703dcb51"},{"properties":{"displayName":"Microsoft
+ Managed Control 1536 - Risk Assessment Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1536"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e40d9de-2ad4-4cb5-8945-23143326a502","type":"Microsoft.Authorization/policyDefinitions","name":"6e40d9de-2ad4-4cb5-8945-23143326a502"},{"properties":{"displayName":"Microsoft
+ Managed Control 1530 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1530"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e8f9566-29f1-49cd-b61f-f8628a3cf993","type":"Microsoft.Authorization/policyDefinitions","name":"6e8f9566-29f1-49cd-b61f-f8628a3cf993"},{"properties":{"displayName":"Microsoft
+ Managed Control 1460 - Access Control For Output Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1460"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6f3ce1bb-4f77-4695-8355-70b08d54fdda","type":"Microsoft.Authorization/policyDefinitions","name":"6f3ce1bb-4f77-4695-8355-70b08d54fdda"},{"properties":{"displayName":"Microsoft
+ Managed Control 1320 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1320"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6f54c732-71d4-4f93-a696-4e373eca3a77","type":"Microsoft.Authorization/policyDefinitions","name":"6f54c732-71d4-4f93-a696-4e373eca3a77"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation only in Japan data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
- resource creation in the following locations only: Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4","type":"Microsoft.Authorization/policyDefinitions","name":"6fdb9205-3462-4cfc-87d8-16c7860b53f4"},{"properties":{"displayName":"[Preview]:
+ resource creation in the following locations only: Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4","type":"Microsoft.Authorization/policyDefinitions","name":"6fdb9205-3462-4cfc-87d8-16c7860b53f4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1141 - Audit Generation | Changes By Authorized Individuals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1141"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fdefbf4-93e7-4513-bc95-c1858b7093e0","type":"Microsoft.Authorization/policyDefinitions","name":"6fdefbf4-93e7-4513-bc95-c1858b7093e0"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Microsoft Network Server''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -5391,7 +9768,19 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - Microsoft Network Server''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkServer","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fe4ef56-7576-4dc4-8e9c-26bad4b087ce","type":"Microsoft.Authorization/policyDefinitions","name":"6fe4ef56-7576-4dc4-8e9c-26bad4b087ce"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkServer","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fe4ef56-7576-4dc4-8e9c-26bad4b087ce","type":"Microsoft.Authorization/policyDefinitions","name":"6fe4ef56-7576-4dc4-8e9c-26bad4b087ce"},{"properties":{"displayName":"Ensure
+ that ''Python version'' is the latest, if used as a part of the Web app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Python software either due to security flaws
+ or to include additional functionality. Using the latest Python version for
+ web apps is recommended in order to to take advantage of security fixes, if
+ any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"WindowsPythonLatestVersion":{"type":"String","metadata":{"displayName":"Windows
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.6"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"Linux
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.8"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PYTHON"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PYTHON|'',
+ parameters(''LinuxPythonLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":"[parameters(''WindowsPythonLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","type":"Microsoft.Authorization/policyDefinitions","name":"7008174a-fd10-4ef0-817e-fc820a951d73"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Windows Components''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
with non-compliant settings in Group Policy category: ''Windows Components''.
@@ -5503,14 +9892,36 @@ interactions:
Specify the maximum log file size (KB);ExpectedValue","value":"[parameters(''SystemSpecifyTheMaximumLogFileSizeKB'')]"},{"name":"Turn
off Data Execution Prevention for Explorer;ExpectedValue","value":"[parameters(''TurnOffDataExecutionPreventionForExplorer'')]"},{"name":"Specify
the interval to check for definition updates;ExpectedValue","value":"[parameters(''SpecifyTheIntervalToCheckForDefinitionUpdates'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7040a231-fb65-4412-8c0a-b365f4866c24","type":"Microsoft.Authorization/policyDefinitions","name":"7040a231-fb65-4412-8c0a-b365f4866c24"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7040a231-fb65-4412-8c0a-b365f4866c24","type":"Microsoft.Authorization/policyDefinitions","name":"7040a231-fb65-4412-8c0a-b365f4866c24"},{"properties":{"displayName":"Microsoft
+ Managed Control 1254 - Contingency Plan | Resume All Missions / Business Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1254"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/704e136a-4fe0-427c-b829-cd69957f5d2b","type":"Microsoft.Authorization/policyDefinitions","name":"704e136a-4fe0-427c-b829-cd69957f5d2b"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- System''","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''System
Audit Policies - System''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7066131b-61a6-4917-a7e4-72e8983f0aa6","type":"Microsoft.Authorization/policyDefinitions","name":"7066131b-61a6-4917-a7e4-72e8983f0aa6"},{"properties":{"displayName":"[Preview]:
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7066131b-61a6-4917-a7e4-72e8983f0aa6","type":"Microsoft.Authorization/policyDefinitions","name":"7066131b-61a6-4917-a7e4-72e8983f0aa6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1509 - Position Risk Designation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1509"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/70792197-9bfc-4813-905a-bd33993e327f","type":"Microsoft.Authorization/policyDefinitions","name":"70792197-9bfc-4813-905a-bd33993e327f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1541 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1541"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/70f6af82-7be6-44aa-9b15-8b9231b2e434","type":"Microsoft.Authorization/policyDefinitions","name":"70f6af82-7be6-44aa-9b15-8b9231b2e434"},{"properties":{"displayName":"Microsoft
+ Managed Control 1691 - Information System Monitoring | Automated Tools For
+ Real-Time Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1691"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/71475fb4-49bd-450b-a1a5-f63894c24725","type":"Microsoft.Authorization/policyDefinitions","name":"71475fb4-49bd-450b-a1a5-f63894c24725"},{"properties":{"displayName":"Microsoft
+ Managed Control 1481 - Temperature And Humidity Controls","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1481"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/717a1c78-a267-4f56-ac58-ee6c54dc4339","type":"Microsoft.Authorization/policyDefinitions","name":"717a1c78-a267-4f56-ac58-ee6c54dc4339"},{"properties":{"displayName":"Microsoft
+ Managed Control 1129 - Time Stamps | Synchronization With Authoritative Time
+ Source","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1129"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/71bb965d-4047-4623-afd4-b8189a58df5d","type":"Microsoft.Authorization/policyDefinitions","name":"71bb965d-4047-4623-afd4-b8189a58df5d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1395 - System Maintenance Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1395"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7207a023-a517-41c5-9df2-09d4c6845a05","type":"Microsoft.Authorization/policyDefinitions","name":"7207a023-a517-41c5-9df2-09d4c6845a05"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs on which the DSC configuration is not
compliant","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
@@ -5525,7 +9936,28 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Administrative
Templates - Network''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesNetwork","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7229bd6a-693d-478a-87f0-1dc1af06f3b8","type":"Microsoft.Authorization/policyDefinitions","name":"7229bd6a-693d-478a-87f0-1dc1af06f3b8"},{"properties":{"displayName":"[Preview]:
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesNetwork","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7229bd6a-693d-478a-87f0-1dc1af06f3b8","type":"Microsoft.Authorization/policyDefinitions","name":"7229bd6a-693d-478a-87f0-1dc1af06f3b8"},{"properties":{"displayName":"Ensure
+ that ''Python version'' is the latest, if used as a part of the Function app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Python software either due to security flaws
+ or to include additional functionality. Using the latest Python version for
+ Function apps is recommended in order to to take advantage of security fixes,
+ if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"WindowsPythonLatestVersion":{"type":"String","metadata":{"displayName":"Windows
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.6"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"Linux
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.8"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PYTHON"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PYTHON|'',
+ parameters(''LinuxPythonLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":"[parameters(''WindowsPythonLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","type":"Microsoft.Authorization/policyDefinitions","name":"7238174a-fd10-4ef0-817e-fc820a951d73"},{"properties":{"displayName":"Ensure
+ that ''PHP version'' is the latest, if used as a part of the WEB app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for PHP software either due to security flaws
+ or to include additional functionality. Using the latest PHP version for web
+ apps is recommended in order to to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ PHP version","description":"Latest supported PHP version for App Services"},"defaultValue":"7.3"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PHP"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PHP|'',
+ parameters(''PHPLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":"[parameters(''PHPLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","type":"Microsoft.Authorization/policyDefinitions","name":"7261b898-8a84-4db8-9e04-18527132abb3"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that allow re-use of the previous
24 passwords","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5533,13 +9965,13 @@ interactions:
managed identity and deploys the VM extension for Guest Configuration. This
policy should only be used along with its corresponding audit policy in an
initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"EnforcePasswordHistory"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"EnforcePasswordHistory"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","type":"Microsoft.Authorization/policyDefinitions","name":"726671ac-c4de-4908-8c7d-6043ae62e3b6"},{"properties":{"displayName":"Add
a tag to resource groups","policyType":"BuiltIn","mode":"All","description":"Adds
the specified tag and value when any resource group missing this tag is created
@@ -5548,17 +9980,60 @@ interactions:
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"add","field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/726aca4c-86e9-4b04-b0c5-073027359532","type":"Microsoft.Authorization/policyDefinitions","name":"726aca4c-86e9-4b04-b0c5-073027359532"},{"properties":{"displayName":"Allowed
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/726aca4c-86e9-4b04-b0c5-073027359532","type":"Microsoft.Authorization/policyDefinitions","name":"726aca4c-86e9-4b04-b0c5-073027359532"},{"properties":{"displayName":"Microsoft
+ Managed Control 1524 - Personnel Transfer","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1524"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/72f1cb4e-2439-4fe8-88ea-b8671ce3c268","type":"Microsoft.Authorization/policyDefinitions","name":"72f1cb4e-2439-4fe8-88ea-b8671ce3c268"},{"properties":{"displayName":"Microsoft
+ Managed Control 1393 - Information Spillage Response | Exposure To Unauthorized
+ Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1393"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/731856d8-1598-4b75-92de-7d46235747c0","type":"Microsoft.Authorization/policyDefinitions","name":"731856d8-1598-4b75-92de-7d46235747c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1101 - Audit And Accountability Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1101"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7327b708-f0e0-457d-9d2a-527fcc9c9a65","type":"Microsoft.Authorization/policyDefinitions","name":"7327b708-f0e0-457d-9d2a-527fcc9c9a65"},{"properties":{"displayName":"Microsoft
+ Managed Control 1456 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1456"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/733ba9e3-9e7c-440a-a7aa-6196a90a2870","type":"Microsoft.Authorization/policyDefinitions","name":"733ba9e3-9e7c-440a-a7aa-6196a90a2870"},{"properties":{"displayName":"Microsoft
+ Managed Control 1581 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1581"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/742b549b-7a25-465f-b83c-ea1ffb4f4e0e","type":"Microsoft.Authorization/policyDefinitions","name":"742b549b-7a25-465f-b83c-ea1ffb4f4e0e"},{"properties":{"displayName":"Allowed
storage account SKUs","policyType":"BuiltIn","mode":"Indexed","description":"This
policy enables you to specify a set of storage account SKUs that your organization
can deploy.","metadata":{"category":"Storage"},"parameters":{"listOfAllowedSKUs":{"type":"Array","metadata":{"description":"The
list of SKUs that can be specified for storage accounts.","displayName":"Allowed
- SKUs","strongType":"StorageSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1","type":"Microsoft.Authorization/policyDefinitions","name":"7433c107-6db4-4ad1-b57a-a76dce0154a1"},{"properties":{"displayName":"[Deprecated]:
+ SKUs","strongType":"StorageSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1","type":"Microsoft.Authorization/policyDefinitions","name":"7433c107-6db4-4ad1-b57a-a76dce0154a1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1631 - Boundary Protection | Deny By Default / Allow By Exception","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1631"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/74ae9b8e-e7bb-4c9c-992f-c535282f7a2c","type":"Microsoft.Authorization/policyDefinitions","name":"74ae9b8e-e7bb-4c9c-992f-c535282f7a2c"},{"properties":{"displayName":"Ensure
+ that ''Python version'' is the latest, if used as a part of the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Python software either due to security flaws
+ or to include additional functionality. Using the latest Python version for
+ Api apps is recommended in order to to take advantage of security fixes, if
+ any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"WindowsPythonLatestVersion":{"type":"String","metadata":{"displayName":"Windows
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.6"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"Linux
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.8"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PYTHON"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PYTHON|'',
+ parameters(''LinuxPythonLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":"[parameters(''WindowsPythonLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","type":"Microsoft.Authorization/policyDefinitions","name":"74c3584d-afae-46f7-a20a-6f8adba71a16"},{"properties":{"displayName":"Microsoft
+ Managed Control 1417 - Nonlocal Maintenance | Comparable Security / Sanitization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1417"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7522ed84-70d5-4181-afc0-21e50b1b6d0e","type":"Microsoft.Authorization/policyDefinitions","name":"7522ed84-70d5-4181-afc0-21e50b1b6d0e"},{"properties":{"displayName":"[Deprecated]:
Audit enabling of diagnostic logs in App Services","policyType":"BuiltIn","mode":"All","description":"Audit
enabling of diagnostic logs on the app. This enables you to recreate activity
trails for investigation purposes if a security incident occurs or your network
is compromised","metadata":{"category":"App Service","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites/config"},{"field":"name","equals":"web"},{"anyOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","notEquals":"true"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac","type":"Microsoft.Authorization/policyDefinitions","name":"752c6934-9bcc-4749-b004-655e676ae2ac"},{"properties":{"displayName":"Vulnerabilities
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites/config"},{"field":"name","equals":"web"},{"anyOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","notEquals":"true"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac","type":"Microsoft.Authorization/policyDefinitions","name":"752c6934-9bcc-4749-b004-655e676ae2ac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1468 - Visitor Access Records | Automated Records Maintenance
+ / Review","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1468"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/75603f96-80a1-4757-991d-5a1221765ddd","type":"Microsoft.Authorization/policyDefinitions","name":"75603f96-80a1-4757-991d-5a1221765ddd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1053 - Session Lock | Pattern-Hiding Displays","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1053"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7582b19c-9dba-438e-aed8-ede59ac35ba3","type":"Microsoft.Authorization/policyDefinitions","name":"7582b19c-9dba-438e-aed8-ede59ac35ba3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1459 - Access Control For Transmission Medium","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1459"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0","type":"Microsoft.Authorization/policyDefinitions","name":"75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0"},{"properties":{"displayName":"Vulnerabilities
should be remediated by a Vulnerability Assessment solution","policyType":"BuiltIn","mode":"All","description":"Monitors
vulnerabilities detected by Vulnerability Assessment solution and VMs without
a Vulnerability Assessment solution in Azure Security Center as recommendations.","metadata":{"category":"Security
@@ -5572,12 +10047,63 @@ interactions:
List of VM images that have supported Linux OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.7"},"resources":[{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","name":"[concat(parameters(''vmName''),
''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0","type":"Microsoft.Authorization/policyDefinitions","name":"765266ab-e40e-4c61-bcb2-5a5275d0b7c0"},{"properties":{"displayName":"Azure
+ extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0","type":"Microsoft.Authorization/policyDefinitions","name":"765266ab-e40e-4c61-bcb2-5a5275d0b7c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1055 - Session Termination| User-Initiated Logouts / Message
+ Displays","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1055"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/769efd9b-3587-4e22-90ce-65ddcd5bd969","type":"Microsoft.Authorization/policyDefinitions","name":"769efd9b-3587-4e22-90ce-65ddcd5bd969"},{"properties":{"displayName":"Audit
+ delegation of scopes to a managing tenant","policyType":"BuiltIn","mode":"All","description":"Audit
+ delegation of scopes to a managing tenant via Azure Lighthouse.","metadata":{"category":"Lighthouse"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ManagedServices/registrationAssignments"},{"value":"true","equals":"true"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/76bed37b-484f-430f-a009-fd7592dff818","type":"Microsoft.Authorization/policyDefinitions","name":"76bed37b-484f-430f-a009-fd7592dff818"},{"properties":{"displayName":"Microsoft
+ Managed Control 1058 - Permitted Actions Without Identification Or Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1058"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/76e85d08-8fbb-4112-a1c1-93521e6a9254","type":"Microsoft.Authorization/policyDefinitions","name":"76e85d08-8fbb-4112-a1c1-93521e6a9254"},{"properties":{"displayName":"Microsoft
+ Managed Control 1508 - Position Risk Designation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1508"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/76f500cc-4bca-4583-bda1-6d084dc21086","type":"Microsoft.Authorization/policyDefinitions","name":"76f500cc-4bca-4583-bda1-6d084dc21086"},{"properties":{"displayName":"Microsoft
+ Managed Control 1423 - Maintenance Personnel | Individuals Without Appropriate
+ Access","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1423"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7741669e-d4f6-485a-83cb-e70ce7cbbc20","type":"Microsoft.Authorization/policyDefinitions","name":"7741669e-d4f6-485a-83cb-e70ce7cbbc20"},{"properties":{"displayName":"Azure
subscriptions should have a log profile for Activity Log","policyType":"BuiltIn","mode":"All","description":"This
policy ensures if a log profile is enabled for exporting activity logs. It
audits if there is no log profile created to export the logs either to a storage
account or to an event hub.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"field":"Microsoft.Insights/logProfiles/categories","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","type":"Microsoft.Authorization/policyDefinitions","name":"7796937f-307b-4598-941c-67d3a05ebfe7"},{"properties":{"displayName":"Deploy
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"field":"Microsoft.Insights/logProfiles/categories","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","type":"Microsoft.Authorization/policyDefinitions","name":"7796937f-307b-4598-941c-67d3a05ebfe7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1336 - Authenticator Management | Pki-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1336"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/77f56280-e367-432a-a3b9-8ca2aa636a26","type":"Microsoft.Authorization/policyDefinitions","name":"77f56280-e367-432a-a3b9-8ca2aa636a26"},{"properties":{"displayName":"Microsoft
+ Managed Control 1258 - Contingency Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1258"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7814506c-382c-4d33-a142-249dd4a0dbff","type":"Microsoft.Authorization/policyDefinitions","name":"7814506c-382c-4d33-a142-249dd4a0dbff"},{"properties":{"displayName":"Microsoft
+ Managed Control 1178 - Baseline Configuration | Reviews And Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1178"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7818b8f4-47c6-441a-90ae-12ce04e99893","type":"Microsoft.Authorization/policyDefinitions","name":"7818b8f4-47c6-441a-90ae-12ce04e99893"},{"properties":{"displayName":"Microsoft
+ Managed Control 1057 - Permitted Actions Without Identification Or Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1057"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/78255758-6d45-4bf0-a005-7016bc03b13c","type":"Microsoft.Authorization/policyDefinitions","name":"78255758-6d45-4bf0-a005-7016bc03b13c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1700 - Information System Monitoring | Unauthorized Network
+ Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1700"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5","type":"Microsoft.Authorization/policyDefinitions","name":"7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1010 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1010"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/784663a8-1eb0-418a-a98c-24d19bc1bb62","type":"Microsoft.Authorization/policyDefinitions","name":"784663a8-1eb0-418a-a98c-24d19bc1bb62"},{"properties":{"displayName":"Microsoft
+ Managed Control 1216 - Least Functionality | Periodic Review","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1216"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7894fe6a-f5cb-44c8-ba90-c3f254ff9484","type":"Microsoft.Authorization/policyDefinitions","name":"7894fe6a-f5cb-44c8-ba90-c3f254ff9484"},{"properties":{"displayName":"Microsoft
+ Managed Control 1639 - Boundary Protection | Isolation Of Information System
+ Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1639"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/78e8e649-50f6-4fe3-99ac-fedc2e63b03f","type":"Microsoft.Authorization/policyDefinitions","name":"78e8e649-50f6-4fe3-99ac-fedc2e63b03f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1647 - Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1647"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/791cfc15-6974-42a0-9f4c-2d4b82f4a78c","type":"Microsoft.Authorization/policyDefinitions","name":"791cfc15-6974-42a0-9f4c-2d4b82f4a78c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1510 - Position Risk Designation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1510"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/79da5b09-0e7e-499e-adda-141b069c7998","type":"Microsoft.Authorization/policyDefinitions","name":"79da5b09-0e7e-499e-adda-141b069c7998"},{"properties":{"displayName":"Microsoft
+ Managed Control 1384 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1384"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/79fbc228-461c-4a45-9004-a865ca0728a7","type":"Microsoft.Authorization/policyDefinitions","name":"79fbc228-461c-4a45-9004-a865ca0728a7"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows Server VMs on which Windows Serial Console
is not enabled","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows Server virtual
@@ -5600,7 +10126,28 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSPortNumber","value":"[parameters(''EMSPortNumber'')]"},{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSBaudRate","value":"[parameters(''EMSBaudRate'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a031c68-d6ab-406e-a506-697a19c634b0","type":"Microsoft.Authorization/policyDefinitions","name":"7a031c68-d6ab-406e-a506-697a19c634b0"},{"properties":{"displayName":"Diagnostic
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a031c68-d6ab-406e-a506-697a19c634b0","type":"Microsoft.Authorization/policyDefinitions","name":"7a031c68-d6ab-406e-a506-697a19c634b0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1093 - Role-Based Security Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1093"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a0bdeeb-15f4-47e8-a1da-9f769f845fdf","type":"Microsoft.Authorization/policyDefinitions","name":"7a0bdeeb-15f4-47e8-a1da-9f769f845fdf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1708 - Security Function Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1708"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a1e2c88-13de-4959-8ee7-47e3d74f1f48","type":"Microsoft.Authorization/policyDefinitions","name":"7a1e2c88-13de-4959-8ee7-47e3d74f1f48"},{"properties":{"displayName":"Microsoft
+ Managed Control 1289 - Information System Backup","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1289"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a724864-956a-496c-b778-637cb1d762cf","type":"Microsoft.Authorization/policyDefinitions","name":"7a724864-956a-496c-b778-637cb1d762cf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1687 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1687"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a87fc7f-301e-49f3-ba2a-4d74f424fa97","type":"Microsoft.Authorization/policyDefinitions","name":"7a87fc7f-301e-49f3-ba2a-4d74f424fa97"},{"properties":{"displayName":"Microsoft
+ Managed Control 1061 - Remote Access | Automated Monitoring / Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1061"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ac22808-a2e8-41c4-9d46-429b50738914","type":"Microsoft.Authorization/policyDefinitions","name":"7ac22808-a2e8-41c4-9d46-429b50738914"},{"properties":{"displayName":"Microsoft
+ Managed Control 1492 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1492"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ad5f307-e045-46f7-8214-5bdb7e973737","type":"Microsoft.Authorization/policyDefinitions","name":"7ad5f307-e045-46f7-8214-5bdb7e973737"},{"properties":{"displayName":"Microsoft
+ Managed Control 1636 - Boundary Protection | Isolation Of Security Tools /
+ Mechanisms / Support Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1636"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7b694eed-7081-43c6-867c-41c76c961043","type":"Microsoft.Authorization/policyDefinitions","name":"7b694eed-7081-43c6-867c-41c76c961043"},{"properties":{"displayName":"Diagnostic
logs in Virtual Machine Scale Sets should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"It
is recommended to enable Logs so that activity trail can be recreated when
investigations are required in the event of an incident or a compromise.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -5609,20 +10156,46 @@ interactions:
policy ensures blob encryption for storage accounts is turned on. It only
applies to Microsoft.Storage resource types, not other storage providers.
This policy is deprecated because storage blob encryption is now enabled by
- default, and can no longer be disabled.","metadata":{"category":"Storage","deprecated":true},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f","type":"Microsoft.Authorization/policyDefinitions","name":"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f"},{"properties":{"displayName":"Show
+ default, and can no longer be disabled.","metadata":{"category":"Storage","deprecated":true},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f","type":"Microsoft.Authorization/policyDefinitions","name":"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1143 - Security Assessment And Authorization Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1143"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7c6de11b-5f51-4f7c-8d83-d2467c8a816e","type":"Microsoft.Authorization/policyDefinitions","name":"7c6de11b-5f51-4f7c-8d83-d2467c8a816e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1051 - Session Lock","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1051"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7cac6ee9-b58b-40c8-a5ce-f0efc3d9b339","type":"Microsoft.Authorization/policyDefinitions","name":"7cac6ee9-b58b-40c8-a5ce-f0efc3d9b339"},{"properties":{"displayName":"Microsoft
+ Managed Control 1279 - Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1279"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0","type":"Microsoft.Authorization/policyDefinitions","name":"7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1109 - Content Of Audit Records | Centralized Management Of
+ Planned Audit Record Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1109"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7d9ffa23-ad92-4d0d-b1f4-7db274cc2aec","type":"Microsoft.Authorization/policyDefinitions","name":"7d9ffa23-ad92-4d0d-b1f4-7db274cc2aec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1201 - Security Impact Analysis | Separate Test Environments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1201"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7daef997-fdd3-461b-8807-a608a6dd70f1","type":"Microsoft.Authorization/policyDefinitions","name":"7daef997-fdd3-461b-8807-a608a6dd70f1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1471 - Emergency Shutoff","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1471"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7dd0e9ce-1772-41fb-a50a-99977071f916","type":"Microsoft.Authorization/policyDefinitions","name":"7dd0e9ce-1772-41fb-a50a-99977071f916"},{"properties":{"displayName":"Show
audit results from Windows VMs that have the specified applications installed","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that have the specified applications installed.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"NotInstalledApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c","type":"Microsoft.Authorization/policyDefinitions","name":"7e56b49b-5990-4159-a734-511ea19b731c"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"NotInstalledApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c","type":"Microsoft.Authorization/policyDefinitions","name":"7e56b49b-5990-4159-a734-511ea19b731c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1011 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1011"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e6a54f3-883f-43d5-87c4-172dfd64a1f5","type":"Microsoft.Authorization/policyDefinitions","name":"7e6a54f3-883f-43d5-87c4-172dfd64a1f5"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that have not restarted within the specified
number of days","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that have not restarted within the specified number of days.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MachineLastBootUpTime","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e84ba44-6d03-46fd-950e-5efa5a1112fa","type":"Microsoft.Authorization/policyDefinitions","name":"7e84ba44-6d03-46fd-950e-5efa5a1112fa"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MachineLastBootUpTime","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e84ba44-6d03-46fd-950e-5efa5a1112fa","type":"Microsoft.Authorization/policyDefinitions","name":"7e84ba44-6d03-46fd-950e-5efa5a1112fa"},{"properties":{"displayName":"Microsoft
+ Managed Control 1692 - Information System Monitoring | Inbound And Outbound
+ Communications Traffic","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1692"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ecda928-9df4-4dd7-8f44-641a91e470e8","type":"Microsoft.Authorization/policyDefinitions","name":"7ecda928-9df4-4dd7-8f44-641a91e470e8"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not have the password complexity
setting enabled","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5631,14 +10204,24 @@ interactions:
Configuration. This policy should only be used along with its corresponding
audit policy in an initiative. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordMustMeetComplexityRequirements"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","type":"Microsoft.Authorization/policyDefinitions","name":"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8"},{"properties":{"displayName":"[Preview]:
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordMustMeetComplexityRequirements"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","type":"Microsoft.Authorization/policyDefinitions","name":"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1191 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1191"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f26a61b-a74d-467c-99cf-63644db144f7","type":"Microsoft.Authorization/policyDefinitions","name":"7f26a61b-a74d-467c-99cf-63644db144f7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1520 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1520"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f2c513b-eb16-463b-b469-c10e5fa94f0a","type":"Microsoft.Authorization/policyDefinitions","name":"7f2c513b-eb16-463b-b469-c10e5fa94f0a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1126 - Audit Reduction And Report Generation | Automatic Processing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1126"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f37f71b-420f-49bf-9477-9c0196974ecf","type":"Microsoft.Authorization/policyDefinitions","name":"7f37f71b-420f-49bf-9477-9c0196974ecf"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Privilege Use''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -5649,13 +10232,28 @@ interactions:
Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPrivilegeUse","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f4e96d1-e4f3-4dbb-b767-33ca4df8df7c","type":"Microsoft.Authorization/policyDefinitions","name":"7f4e96d1-e4f3-4dbb-b767-33ca4df8df7c"},{"properties":{"displayName":"Audit
diagnostic setting","policyType":"BuiltIn","mode":"All","description":"Audit
diagnostic setting for selected resource types","metadata":{"category":"Monitoring"},"parameters":{"listOfResourceTypes":{"type":"Array","metadata":{"displayName":"Resource
- Types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypes'')]"},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","type":"Microsoft.Authorization/policyDefinitions","name":"7f89b1eb-583c-429a-8828-af049802c1d9"},{"properties":{"displayName":"SQL
+ Types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypes'')]"},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","type":"Microsoft.Authorization/policyDefinitions","name":"7f89b1eb-583c-429a-8828-af049802c1d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1117 - Audit Review, Analysis, And Reporting | Process Integration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1117"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7fbfe680-6dbb-4037-963c-a621c5635902","type":"Microsoft.Authorization/policyDefinitions","name":"7fbfe680-6dbb-4037-963c-a621c5635902"},{"properties":{"displayName":"SQL
Auditing settings should have Action-Groups configured to capture critical
activities","policyType":"BuiltIn","mode":"Indexed","description":"The AuditActionsAndGroups
property should contain at least SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,
FAILED_DATABASE_AUTHENTICATION_GROUP, BATCH_COMPLETED_GROUP to ensure a thorough
audit logging","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"FAILED_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"BATCH_COMPLETED_GROUP"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","type":"Microsoft.Authorization/policyDefinitions","name":"7ff426e2-515f-405a-91c8-4f2333442eb5"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"FAILED_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"BATCH_COMPLETED_GROUP"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","type":"Microsoft.Authorization/policyDefinitions","name":"7ff426e2-515f-405a-91c8-4f2333442eb5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1703 - Security Alerts, Advisories, And Directives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1703"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/804faf7d-b687-40f7-9f74-79e28adf4205","type":"Microsoft.Authorization/policyDefinitions","name":"804faf7d-b687-40f7-9f74-79e28adf4205"},{"properties":{"displayName":"Microsoft
+ Managed Control 1303 - Identification And Authentication (Org. Users) | Local
+ Access To Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1303"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/80ca0a27-918a-4604-af9e-723a27ee51e8","type":"Microsoft.Authorization/policyDefinitions","name":"80ca0a27-918a-4604-af9e-723a27ee51e8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1505 - Information Security Architecture","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1505"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/813a10a7-3943-4fe3-8678-00dc52db5490","type":"Microsoft.Authorization/policyDefinitions","name":"813a10a7-3943-4fe3-8678-00dc52db5490"},{"properties":{"displayName":"Microsoft
+ Managed Control 1614 - Developer Security Architecture And Design","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1614"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8154e3b3-cc52-40be-9407-7756581d71f6","type":"Microsoft.Authorization/policyDefinitions","name":"8154e3b3-cc52-40be-9407-7756581d71f6"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''User Rights Assignment''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
with non-compliant settings in Group Policy category: ''User Rights Assignment''.
@@ -5756,7 +10354,35 @@ interactions:
files and directories;ExpectedValue","value":"[parameters(''UsersAndGroupsThatMayRestoreFilesAndDirectories'')]"},{"name":"Shut
down the system;ExpectedValue","value":"[parameters(''UsersAndGroupsThatMayShutDownTheSystem'')]"},{"name":"Take
ownership of files or other objects;ExpectedValue","value":"[parameters(''UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/815dcc9f-6662-43f2-9a03-1b83e9876f24","type":"Microsoft.Authorization/policyDefinitions","name":"815dcc9f-6662-43f2-9a03-1b83e9876f24"},{"properties":{"displayName":"Diagnostic
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/815dcc9f-6662-43f2-9a03-1b83e9876f24","type":"Microsoft.Authorization/policyDefinitions","name":"815dcc9f-6662-43f2-9a03-1b83e9876f24"},{"properties":{"displayName":"Microsoft
+ Managed Control 1308 - Identification And Authentication (Org. Users) | Remote
+ Access - Separate Device","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1308"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/81817e1c-5347-48dd-965a-40159d008229","type":"Microsoft.Authorization/policyDefinitions","name":"81817e1c-5347-48dd-965a-40159d008229"},{"properties":{"displayName":"Microsoft
+ Managed Control 1287 - Information System Backup","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1287"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/819dc6da-289d-476e-8500-7e341ef8677d","type":"Microsoft.Authorization/policyDefinitions","name":"819dc6da-289d-476e-8500-7e341ef8677d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1213 - Configuration Settings | Respond To Unauthorized Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1213"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/81f11e32-a293-4a58-82cd-134af52e2318","type":"Microsoft.Authorization/policyDefinitions","name":"81f11e32-a293-4a58-82cd-134af52e2318"},{"properties":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for MySQL","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure Database for MySQL with geo-redundant backup not enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMySQL/servers"},{"field":"Microsoft.DBforMySQL/servers/storageProfile.geoRedundantBackup","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","type":"Microsoft.Authorization/policyDefinitions","name":"82339799-d096-41ae-8538-b108becf0970"},{"properties":{"displayName":"Microsoft
+ Managed Control 1168 - Continuous Monitoring | Independent Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1168"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/82409f9e-1f32-4775-bf07-b99d53a91b06","type":"Microsoft.Authorization/policyDefinitions","name":"82409f9e-1f32-4775-bf07-b99d53a91b06"},{"properties":{"displayName":"Microsoft
+ Managed Control 1448 - Physical Access Authorizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1448"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/825d6494-e583-42f2-a3f2-6458e6f0004f","type":"Microsoft.Authorization/policyDefinitions","name":"825d6494-e583-42f2-a3f2-6458e6f0004f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1452 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1452"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/82c76455-4d3f-4e09-a654-22e592107e74","type":"Microsoft.Authorization/policyDefinitions","name":"82c76455-4d3f-4e09-a654-22e592107e74"},{"properties":{"displayName":"Microsoft
+ Managed Control 1262 - Contingency Plan Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1262"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/831e510e-db41-4c72-888e-a0621ab62265","type":"Microsoft.Authorization/policyDefinitions","name":"831e510e-db41-4c72-888e-a0621ab62265"},{"properties":{"displayName":"Microsoft
+ Managed Control 1008 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1008"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8356cfc6-507a-4d20-b818-08038011cd07","type":"Microsoft.Authorization/policyDefinitions","name":"8356cfc6-507a-4d20-b818-08038011cd07"},{"properties":{"displayName":"Diagnostic
logs in Event Hub should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
@@ -5768,7 +10394,48 @@ interactions:
policy denies the network interfaces which are configured with any public
IP. Public IP addresses allow internet resources to communicate inbound to
Azure resources, and Azure resources to communicate outbound to the internet.
- This should be reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"not":{"field":"Microsoft.Network/networkInterfaces/ipconfigurations[*].publicIpAddress.id","notLike":"*"}}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114","type":"Microsoft.Authorization/policyDefinitions","name":"83a86a26-fd1f-447c-b59d-e51f44264114"},{"properties":{"displayName":"[Preview]:
+ This should be reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"not":{"field":"Microsoft.Network/networkInterfaces/ipconfigurations[*].publicIpAddress.id","notLike":"*"}}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114","type":"Microsoft.Authorization/policyDefinitions","name":"83a86a26-fd1f-447c-b59d-e51f44264114"},{"properties":{"displayName":"Microsoft
+ Managed Control 1382 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1382"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/841392b3-40da-4473-b328-4cde49db67b3","type":"Microsoft.Authorization/policyDefinitions","name":"841392b3-40da-4473-b328-4cde49db67b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1098 - Security Training Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1098"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/84363adb-dde3-411a-9fc1-36b56737f822","type":"Microsoft.Authorization/policyDefinitions","name":"84363adb-dde3-411a-9fc1-36b56737f822"},{"properties":{"displayName":"Ensure
+ that ''.Net Framework'' version is the latest, if used as a part of the Web
+ app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for .Net Framework software either due to security
+ flaws or to include additional functionality. Using the latest .Net framework
+ version for web apps is recommended in order to to take advantage of security
+ fixes, if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.netFrameworkVersion","in":["v3.0","v4.0"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/843664e0-7563-41ee-a9cb-7522c382d2c4","type":"Microsoft.Authorization/policyDefinitions","name":"843664e0-7563-41ee-a9cb-7522c382d2c4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1119 - Audit Review, Analysis, And Reporting | Central Review
+ And Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1119"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/845f6359-b764-4b40-b579-657aefe23c44","type":"Microsoft.Authorization/policyDefinitions","name":"845f6359-b764-4b40-b579-657aefe23c44"},{"properties":{"displayName":"Microsoft
+ Managed Control 1024 - Account Management | Account Monitoring / Atypical
+ Usage","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1024"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/84914fb4-12da-4c53-a341-a9fd463bed10","type":"Microsoft.Authorization/policyDefinitions","name":"84914fb4-12da-4c53-a341-a9fd463bed10"},{"properties":{"displayName":"Microsoft
+ Managed Control 1307 - Identification And Authentication (Org. Users) | Net.
+ Access To Non-Priv. Accts. - Replay","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1307"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/84e622c8-4bed-417c-84c6-b2fb0dd73682","type":"Microsoft.Authorization/policyDefinitions","name":"84e622c8-4bed-417c-84c6-b2fb0dd73682"},{"properties":{"displayName":"Microsoft
+ Managed Control 1080 - Use Of External Information Systems | Portable Storage
+ Devices","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1080"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/852981b4-a380-4704-aa1e-2e52d63445e5","type":"Microsoft.Authorization/policyDefinitions","name":"852981b4-a380-4704-aa1e-2e52d63445e5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1580 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1580"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/854db8ac-6adf-42a0-bef3-b73f764f40b9","type":"Microsoft.Authorization/policyDefinitions","name":"854db8ac-6adf-42a0-bef3-b73f764f40b9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1348 - Identification And Authentication (Non-Org. Users)
+ | Acceptance Of Third-Party Credentials","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1348"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/855ced56-417b-4d74-9d5f-dd1bc81e22d6","type":"Microsoft.Authorization/policyDefinitions","name":"855ced56-417b-4d74-9d5f-dd1bc81e22d6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1079 - Use Of External Information Systems | Limits On Authorized
+ Use","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1079"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/85c32733-7d23-4948-88da-058e2c56b60f","type":"Microsoft.Authorization/policyDefinitions","name":"85c32733-7d23-4948-88da-058e2c56b60f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1326 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1326"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8605fc00-1bf5-4fb3-984e-c95cec4f231d","type":"Microsoft.Authorization/policyDefinitions","name":"8605fc00-1bf5-4fb3-984e-c95cec4f231d"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Microsoft Network Server''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5786,11 +10453,39 @@ interactions:
updates should be installed on your machines","policyType":"BuiltIn","mode":"All","description":"Missing
security system updates on your servers will be monitored by Azure Security
Center as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"systemUpdates","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","type":"Microsoft.Authorization/policyDefinitions","name":"86b3d65f-7626-441e-b690-81a8b71cff60"},{"properties":{"displayName":"Require
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"systemUpdates","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","type":"Microsoft.Authorization/policyDefinitions","name":"86b3d65f-7626-441e-b690-81a8b71cff60"},{"properties":{"displayName":"Microsoft
+ Managed Control 1507 - Personnel Security Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1507"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86ccd1bf-e7ad-4851-93ce-6ec817469c1e","type":"Microsoft.Authorization/policyDefinitions","name":"86ccd1bf-e7ad-4851-93ce-6ec817469c1e"},{"properties":{"displayName":"Ensure
+ that Register with Azure Active Directory is enabled on API app","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86d97760-d216-4d81-a3ad-163087b2b6c3","type":"Microsoft.Authorization/policyDefinitions","name":"86d97760-d216-4d81-a3ad-163087b2b6c3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1392 - Information Spillage Response | Post-Spill Operations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1392"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86dc819f-15e1-43f9-a271-41ae58d4cecc","type":"Microsoft.Authorization/policyDefinitions","name":"86dc819f-15e1-43f9-a271-41ae58d4cecc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1589 - External Information System Services | Risk Assessments
+ / Organizational Approvals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1589"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86ec7f9b-9478-40ff-8cfd-6a0d510081a8","type":"Microsoft.Authorization/policyDefinitions","name":"86ec7f9b-9478-40ff-8cfd-6a0d510081a8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1207 - Access Restrictions For Change | Limit Production /
+ Operational Privileges","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1207"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8713a0ed-0d1e-4d10-be82-83dffb39830e","type":"Microsoft.Authorization/policyDefinitions","name":"8713a0ed-0d1e-4d10-be82-83dffb39830e"},{"properties":{"displayName":"Require
specified tag","policyType":"BuiltIn","mode":"Indexed","description":"Enforces
existence of a tag. Does not apply to resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","exists":"false"},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/871b6d14-10aa-478d-b590-94f262ecfa99","type":"Microsoft.Authorization/policyDefinitions","name":"871b6d14-10aa-478d-b590-94f262ecfa99"},{"properties":{"displayName":"[Preview]:
+ parameters(''tagName''), '']'')]","exists":"false"},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/871b6d14-10aa-478d-b590-94f262ecfa99","type":"Microsoft.Authorization/policyDefinitions","name":"871b6d14-10aa-478d-b590-94f262ecfa99"},{"properties":{"displayName":"Microsoft
+ Managed Control 1180 - Baseline Configuration | Automation Support For Accuracy
+ / Currency","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1180"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/874e7880-a067-42a7-bcbe-1a340f54c8cc","type":"Microsoft.Authorization/policyDefinitions","name":"874e7880-a067-42a7-bcbe-1a340f54c8cc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1635 - Boundary Protection | Host-Based Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1635"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e","type":"Microsoft.Authorization/policyDefinitions","name":"87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Administrative Templates
- Control Panel''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -5798,7 +10493,18 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Administrative Templates - Control Panel''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesControlPanel","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/87b590fe-4a1d-4697-ae74-d4fe72ab786c","type":"Microsoft.Authorization/policyDefinitions","name":"87b590fe-4a1d-4697-ae74-d4fe72ab786c"},{"properties":{"displayName":"Deploy
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesControlPanel","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/87b590fe-4a1d-4697-ae74-d4fe72ab786c","type":"Microsoft.Authorization/policyDefinitions","name":"87b590fe-4a1d-4697-ae74-d4fe72ab786c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1293 - Information System Backup | Separate Storage For Critical
+ Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1293"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/87f7cd82-2e45-4d0f-9e2f-586b0962d142","type":"Microsoft.Authorization/policyDefinitions","name":"87f7cd82-2e45-4d0f-9e2f-586b0962d142"},{"properties":{"displayName":"Microsoft
+ Managed Control 1440 - Media Sanitization | Review / Approve / Track / Document
+ / Verify","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1440"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/881299bf-2a5b-4686-a1b2-321d33679953","type":"Microsoft.Authorization/policyDefinitions","name":"881299bf-2a5b-4686-a1b2-321d33679953"},{"properties":{"displayName":"Microsoft
+ Managed Control 1356 - Incident Response Training | Simulated Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1356"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8829f8f5-e8be-441e-85c9-85b72a5d0ef3","type":"Microsoft.Authorization/policyDefinitions","name":"8829f8f5-e8be-441e-85c9-85b72a5d0ef3"},{"properties":{"displayName":"Deploy
prerequisites to audit Linux VMs that have the specified applications installed","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Linux virtual machines
that have the specified applications installed. It also creates a system-assigned
@@ -5818,15 +10524,37 @@ interactions:
['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0","type":"Microsoft.Authorization/policyDefinitions","name":"884b209a-963b-4520-8006-d20cb3c213e0"},{"properties":{"displayName":"Network
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0","type":"Microsoft.Authorization/policyDefinitions","name":"884b209a-963b-4520-8006-d20cb3c213e0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1317 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1317"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8877f519-c166-47b7-81b7-8a8eb4ff3775","type":"Microsoft.Authorization/policyDefinitions","name":"8877f519-c166-47b7-81b7-8a8eb4ff3775"},{"properties":{"displayName":"Microsoft
+ Managed Control 1501 - Rules Of Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1501"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88817b58-8472-4f6c-81fa-58ce42b67f51","type":"Microsoft.Authorization/policyDefinitions","name":"88817b58-8472-4f6c-81fa-58ce42b67f51"},{"properties":{"displayName":"Ensure
+ that ''Java version'' is the latest, if used as a part of the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Java either due to security flaws or to include
+ additional functionality. Using the latest Python version for Api apps is
+ recommended in order to to take advantage of security fixes, if any, and/or
+ new functionalities of the latest version.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ Java version","description":"Latest supported Java version for App Services"},"defaultValue":"11"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"JAVA"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","like":"[concat(''*'',
+ parameters(''JavaLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.javaVersion","like":"[concat(parameters(''JavaLatestVersion''),
+ ''*'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","type":"Microsoft.Authorization/policyDefinitions","name":"88999f4c-376a-45c8-bcb3-4058f713cf39"},{"properties":{"displayName":"Network
interfaces should disable IP forwarding","policyType":"BuiltIn","mode":"Indexed","description":"This
policy denies the network interfaces which enabled IP forwarding. The setting
of IP forwarding disables Azure''s check of the source and destination for
- a network interface. This should be reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"field":"Microsoft.Network/networkInterfaces/enableIpForwarding","equals":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900","type":"Microsoft.Authorization/policyDefinitions","name":"88c0b9da-ce96-4b03-9635-f29a937e2900"},{"properties":{"displayName":"SQL
+ a network interface. This should be reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"field":"Microsoft.Network/networkInterfaces/enableIpForwarding","equals":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900","type":"Microsoft.Authorization/policyDefinitions","name":"88c0b9da-ce96-4b03-9635-f29a937e2900"},{"properties":{"displayName":"Microsoft
+ Managed Control 1215 - Least Functionality","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1215"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88fc93e8-4745-4785-b5a5-b44bb92c44ff","type":"Microsoft.Authorization/policyDefinitions","name":"88fc93e8-4745-4785-b5a5-b44bb92c44ff"},{"properties":{"displayName":"SQL
servers should be configured with auditing retention days greater than 90
days.","policyType":"BuiltIn","mode":"Indexed","description":"Audit SQL servers
configured with an auditing retention period of less than 90 days.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/auditingSettings/retentionDays","greater":90}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","type":"Microsoft.Authorization/policyDefinitions","name":"89099bee-89e0-4b26-a5f4-165451757743"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/auditingSettings/retentionDays","greater":90}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","type":"Microsoft.Authorization/policyDefinitions","name":"89099bee-89e0-4b26-a5f4-165451757743"},{"properties":{"displayName":"Microsoft
+ Managed Control 1411 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1411"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/898d4fe8-f743-4333-86b7-0c9245d93e7d","type":"Microsoft.Authorization/policyDefinitions","name":"898d4fe8-f743-4333-86b7-0c9245d93e7d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1092 - Security Awareness Training | Insider Threat","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1092"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8a29d47b-8604-4667-84ef-90d203fcb305","type":"Microsoft.Authorization/policyDefinitions","name":"8a29d47b-8604-4667-84ef-90d203fcb305"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
System settings''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -5840,19 +10568,60 @@ interactions:
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines with a pending reboot. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8b0de57a-f511-4d45-a277-17cb79cb163b","type":"Microsoft.Authorization/policyDefinitions","name":"8b0de57a-f511-4d45-a277-17cb79cb163b"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8b0de57a-f511-4d45-a277-17cb79cb163b","type":"Microsoft.Authorization/policyDefinitions","name":"8b0de57a-f511-4d45-a277-17cb79cb163b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1534 - Personnel Sanctions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1534"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8b2b263e-cd05-4488-bcbf-4debec7a17d9","type":"Microsoft.Authorization/policyDefinitions","name":"8b2b263e-cd05-4488-bcbf-4debec7a17d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1170 - Penetration Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1170"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8b78b9b3-ee3c-48e0-a243-ed6dba5b7a12","type":"Microsoft.Authorization/policyDefinitions","name":"8b78b9b3-ee3c-48e0-a243-ed6dba5b7a12"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Windows Firewall Properties''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Windows Firewall Properties''. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsFirewallProperties","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8bbd627e-4d25-4906-9a6e-3789780af3ec","type":"Microsoft.Authorization/policyDefinitions","name":"8bbd627e-4d25-4906-9a6e-3789780af3ec"},{"properties":{"displayName":"Require
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsFirewallProperties","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8bbd627e-4d25-4906-9a6e-3789780af3ec","type":"Microsoft.Authorization/policyDefinitions","name":"8bbd627e-4d25-4906-9a6e-3789780af3ec"},{"properties":{"displayName":"Ensure
+ that ''HTTP Version'' is the latest, if used to run the Web app","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.http20Enabled","Equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae","type":"Microsoft.Authorization/policyDefinitions","name":"8c122334-9d20-4eb8-89ea-ac9a705b74ae"},{"properties":{"displayName":"Microsoft
+ Managed Control 1458 - Physical Access Control | Information System Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1458"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8c19ceb7-56e9-4488-8ddb-b1eb3aa6d203","type":"Microsoft.Authorization/policyDefinitions","name":"8c19ceb7-56e9-4488-8ddb-b1eb3aa6d203"},{"properties":{"displayName":"Microsoft
+ Managed Control 1683 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1683"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8c79fee4-88dd-44ce-bbd4-4de88948c4f8","type":"Microsoft.Authorization/policyDefinitions","name":"8c79fee4-88dd-44ce-bbd4-4de88948c4f8"},{"properties":{"displayName":"Latest
+ TLS version should be used in your API App","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
+ to the latest TLS version","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","type":"Microsoft.Authorization/policyDefinitions","name":"8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1316 - Identifier Management | Identify User Status","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1316"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ce14753-66e5-465d-9841-26ef55c09c0d","type":"Microsoft.Authorization/policyDefinitions","name":"8ce14753-66e5-465d-9841-26ef55c09c0d"},{"properties":{"displayName":"Require
tag and its value on resource groups","policyType":"BuiltIn","mode":"All","description":"Enforces
a required tag and its value on resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","notEquals":"[parameters(''tagValue'')]"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46","type":"Microsoft.Authorization/policyDefinitions","name":"8ce3da23-7156-49e4-b145-24f95f9dcb46"},{"properties":{"displayName":"[Preview]:
+ parameters(''tagName''), '']'')]","notEquals":"[parameters(''tagValue'')]"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46","type":"Microsoft.Authorization/policyDefinitions","name":"8ce3da23-7156-49e4-b145-24f95f9dcb46"},{"properties":{"displayName":"Microsoft
+ Managed Control 1324 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1324"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8cfea2b3-7f77-497e-ac20-0752f2ff6eee","type":"Microsoft.Authorization/policyDefinitions","name":"8cfea2b3-7f77-497e-ac20-0752f2ff6eee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1225 - Information System Component Inventory | Automated
+ Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1225"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8d096fe0-f510-4486-8b4d-d17dc230980b","type":"Microsoft.Authorization/policyDefinitions","name":"8d096fe0-f510-4486-8b4d-d17dc230980b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1288 - Information System Backup","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1288"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f","type":"Microsoft.Authorization/policyDefinitions","name":"8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1281 - Telecommunications Services | Priority Of Service Provisions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1281"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8dc459b3-0e77-45af-8d71-cfd8c9654fe2","type":"Microsoft.Authorization/policyDefinitions","name":"8dc459b3-0e77-45af-8d71-cfd8c9654fe2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1250 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1250"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8de614d8-a8b7-4f70-a62a-6d37089a002c","type":"Microsoft.Authorization/policyDefinitions","name":"8de614d8-a8b7-4f70-a62a-6d37089a002c"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - Object Access''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5881,7 +10650,22 @@ interactions:
Detailed File Share;ExpectedValue","value":"[parameters(''AuditDetailedFileShare'')]"},{"name":"Audit
File Share;ExpectedValue","value":"[parameters(''AuditFileShare'')]"},{"name":"Audit
File System;ExpectedValue","value":"[parameters(''AuditFileSystem'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8e170edb-e0f5-497a-bb36-48b3280cec6a","type":"Microsoft.Authorization/policyDefinitions","name":"8e170edb-e0f5-497a-bb36-48b3280cec6a"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8e170edb-e0f5-497a-bb36-48b3280cec6a","type":"Microsoft.Authorization/policyDefinitions","name":"8e170edb-e0f5-497a-bb36-48b3280cec6a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1278 - Alternate Processing Site | Preparation For Use","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1278"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8e5ef485-9e16-4c53-a475-fbb8107eac59","type":"Microsoft.Authorization/policyDefinitions","name":"8e5ef485-9e16-4c53-a475-fbb8107eac59"},{"properties":{"displayName":"Microsoft
+ Managed Control 1517 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1517"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8f5ad423-50d6-4617-b058-69908f5586c9","type":"Microsoft.Authorization/policyDefinitions","name":"8f5ad423-50d6-4617-b058-69908f5586c9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1668 - Flaw Remediation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1668"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8fb0966e-be1d-42c3-baca-60df5c0bcc61","type":"Microsoft.Authorization/policyDefinitions","name":"8fb0966e-be1d-42c3-baca-60df5c0bcc61"},{"properties":{"displayName":"Microsoft
+ Managed Control 1013 - Account Management | Automated System Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1013"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8fd7b917-d83b-4379-af60-51e14e316c61","type":"Microsoft.Authorization/policyDefinitions","name":"8fd7b917-d83b-4379-af60-51e14e316c61"},{"properties":{"displayName":"Microsoft
+ Managed Control 1147 - Security Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1147"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8fef824a-29a8-4a4c-88fc-420a39c0d541","type":"Microsoft.Authorization/policyDefinitions","name":"8fef824a-29a8-4a4c-88fc-420a39c0d541"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not store passwords using
reversible encryption","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5889,14 +10673,17 @@ interactions:
system-assigned managed identity and deploys the VM extension for Guest Configuration.
This policy should only be used along with its corresponding audit policy
in an initiative. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"StorePasswordsUsingReversibleEncryption","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"StorePasswordsUsingReversibleEncryption"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","type":"Microsoft.Authorization/policyDefinitions","name":"8ff0b18b-262e-4512-857a-48ad0aeb9a78"},{"properties":{"displayName":"[Preview]:
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"StorePasswordsUsingReversibleEncryption","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"StorePasswordsUsingReversibleEncryption"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","type":"Microsoft.Authorization/policyDefinitions","name":"8ff0b18b-262e-4512-857a-48ad0aeb9a78"},{"properties":{"displayName":"Microsoft
+ Managed Control 1550 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1550"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/902908fb-25a8-4225-a3a5-5603c80066c9","type":"Microsoft.Authorization/policyDefinitions","name":"902908fb-25a8-4225-a3a5-5603c80066c9"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Windows Firewall
Properties''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -6029,7 +10816,10 @@ interactions:
Firewall: Domain: Allow unicast response;ExpectedValue","value":"[parameters(''WindowsFirewallDomainAllowUnicastResponse'')]"},{"name":"Windows
Firewall: Private: Allow unicast response;ExpectedValue","value":"[parameters(''WindowsFirewallPrivateAllowUnicastResponse'')]"},{"name":"Windows
Firewall: Public: Allow unicast response;ExpectedValue","value":"[parameters(''WindowsFirewallPublicAllowUnicastResponse'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/909c958d-1b99-4c74-b88f-46a5c5bc34f9","type":"Microsoft.Authorization/policyDefinitions","name":"909c958d-1b99-4c74-b88f-46a5c5bc34f9"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/909c958d-1b99-4c74-b88f-46a5c5bc34f9","type":"Microsoft.Authorization/policyDefinitions","name":"909c958d-1b99-4c74-b88f-46a5c5bc34f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1133 - Protection Of Audit Information | Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1133"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90b60a09-133d-45bc-86ef-b206a6134bbe","type":"Microsoft.Authorization/policyDefinitions","name":"90b60a09-133d-45bc-86ef-b206a6134bbe"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that do not have the specified Windows
PowerShell modules installed","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -6051,19 +10841,40 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellModules]PowerShellModules1;Modules","value":"[parameters(''Modules'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90ba2ee7-4ca8-4673-84d1-c851c50d3baf","type":"Microsoft.Authorization/policyDefinitions","name":"90ba2ee7-4ca8-4673-84d1-c851c50d3baf"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90ba2ee7-4ca8-4673-84d1-c851c50d3baf","type":"Microsoft.Authorization/policyDefinitions","name":"90ba2ee7-4ca8-4673-84d1-c851c50d3baf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1140 - Audit Generation | System-Wide / Time-Correlated Audit
+ Trail","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1140"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90d8b8ad-8ee3-4db7-913f-2a53fcff5316","type":"Microsoft.Authorization/policyDefinitions","name":"90d8b8ad-8ee3-4db7-913f-2a53fcff5316"},{"properties":{"displayName":"Microsoft
+ Managed Control 1355 - Incident Response Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1355"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90e01f69-3074-4de8-ade7-0fef3e7d83e0","type":"Microsoft.Authorization/policyDefinitions","name":"90e01f69-3074-4de8-ade7-0fef3e7d83e0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1657 - Secure Name / Address Resolution Service (Authoritative
+ Source)","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1657"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90f01329-a100-43c2-af31-098996135d2b","type":"Microsoft.Authorization/policyDefinitions","name":"90f01329-a100-43c2-af31-098996135d2b"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Windows Components''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Windows Components''. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsComponents","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9178b430-2295-406e-bb28-f6a7a2a2f897","type":"Microsoft.Authorization/policyDefinitions","name":"9178b430-2295-406e-bb28-f6a7a2a2f897"},{"properties":{"displayName":"MFA
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsComponents","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9178b430-2295-406e-bb28-f6a7a2a2f897","type":"Microsoft.Authorization/policyDefinitions","name":"9178b430-2295-406e-bb28-f6a7a2a2f897"},{"properties":{"displayName":"Microsoft
+ Managed Control 1069 - Wireless Access | Authentication And Encryption","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1069"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/91c97b44-791e-46e9-bad7-ab7c4949edbb","type":"Microsoft.Authorization/policyDefinitions","name":"91c97b44-791e-46e9-bad7-ab7c4949edbb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1370 - Incident Monitoring | Automated Tracking / Data Collection
+ / Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1370"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/924e1b2d-c502-478f-bfdb-a7e09a0d5c01","type":"Microsoft.Authorization/policyDefinitions","name":"924e1b2d-c502-478f-bfdb-a7e09a0d5c01"},{"properties":{"displayName":"MFA
should be enabled accounts with write permissions on your subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor
Authentication (MFA) should be enabled for all subscription accounts with
write privileges to prevent a breach of accounts or resources.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","type":"Microsoft.Authorization/policyDefinitions","name":"9297c21d-2ed6-4474-b48f-163f75654ce3"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","type":"Microsoft.Authorization/policyDefinitions","name":"9297c21d-2ed6-4474-b48f-163f75654ce3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1290 - Information System Backup","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1290"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/92f85ce9-17b7-49ea-85ee-ea7271ea6b82","type":"Microsoft.Authorization/policyDefinitions","name":"92f85ce9-17b7-49ea-85ee-ea7271ea6b82"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that contain certificates expiring within
the specified number of days","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -6091,19 +10902,53 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToInclude","value":"[parameters(''MembersToInclude'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","type":"Microsoft.Authorization/policyDefinitions","name":"93507a81-10a4-4af0-9ee2-34cf25a96e98"},{"properties":{"displayName":"[Deprecated]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","type":"Microsoft.Authorization/policyDefinitions","name":"93507a81-10a4-4af0-9ee2-34cf25a96e98"},{"properties":{"displayName":"Microsoft
+ Managed Control 1575 - Acquisition Process | Functional Properties Of Security
+ Controls","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1575"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93e1bb73-1b08-4dbe-9c62-8e2e92e7ec41","type":"Microsoft.Authorization/policyDefinitions","name":"93e1bb73-1b08-4dbe-9c62-8e2e92e7ec41"},{"properties":{"displayName":"Microsoft
+ Managed Control 1674 - Flaw Remediation | Time To Remediate Flaws / Benchmarks
+ For Corrective Actions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1674"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93e9e233-dd0a-4bde-aea5-1371bce0e002","type":"Microsoft.Authorization/policyDefinitions","name":"93e9e233-dd0a-4bde-aea5-1371bce0e002"},{"properties":{"displayName":"Microsoft
+ Managed Control 1297 - Information System Recovery And Reconstitution | Restore
+ Within Time Period","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1297"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93fd8af1-c161-4bae-9ba9-f62731f76439","type":"Microsoft.Authorization/policyDefinitions","name":"93fd8af1-c161-4bae-9ba9-f62731f76439"},{"properties":{"displayName":"Microsoft
+ Managed Control 1284 - Telecommunications Services | Provider Contingency
+ Plan","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1284"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/942b3e97-6ae3-410e-a794-c9c999b97c0b","type":"Microsoft.Authorization/policyDefinitions","name":"942b3e97-6ae3-410e-a794-c9c999b97c0b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1379 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1379"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9442dd2c-a07f-46cd-b55a-553b66ba47ca","type":"Microsoft.Authorization/policyDefinitions","name":"9442dd2c-a07f-46cd-b55a-553b66ba47ca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1371 - Incident Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1371"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9447f354-2c85-4700-93b3-ecdc6cb6a417","type":"Microsoft.Authorization/policyDefinitions","name":"9447f354-2c85-4700-93b3-ecdc6cb6a417"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation only in European data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
- resource creation in the following locations only: North Europe, West Europe","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["northeurope","westeurope"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b","type":"Microsoft.Authorization/policyDefinitions","name":"94c19f19-8192-48cd-a11b-e37099d3e36b"},{"properties":{"displayName":"Require
+ resource creation in the following locations only: North Europe, West Europe","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["northeurope","westeurope"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b","type":"Microsoft.Authorization/policyDefinitions","name":"94c19f19-8192-48cd-a11b-e37099d3e36b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1526 - Access Agreements","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1526"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/953e6261-a05a-44fd-8246-000e1a3edbb9","type":"Microsoft.Authorization/policyDefinitions","name":"953e6261-a05a-44fd-8246-000e1a3edbb9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1163 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1163"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/961663a1-8a91-4e59-b6f5-1eee57c0f49c","type":"Microsoft.Authorization/policyDefinitions","name":"961663a1-8a91-4e59-b6f5-1eee57c0f49c"},{"properties":{"displayName":"Require
specified tag on resource groups","policyType":"BuiltIn","mode":"All","description":"Enforces
existence of a tag on resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/96670d01-0a4d-4649-9c89-2d3abc0a5025","type":"Microsoft.Authorization/policyDefinitions","name":"96670d01-0a4d-4649-9c89-2d3abc0a5025"},{"properties":{"displayName":"Advanced
+ parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/96670d01-0a4d-4649-9c89-2d3abc0a5025","type":"Microsoft.Authorization/policyDefinitions","name":"96670d01-0a4d-4649-9c89-2d3abc0a5025"},{"properties":{"displayName":"Microsoft
+ Managed Control 1717 - Software, Firmware, And Information Integrity | Binary
+ Or Machine Executable Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1717"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef","type":"Microsoft.Authorization/policyDefinitions","name":"967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef"},{"properties":{"displayName":"Advanced
data security settings for SQL server should contain an email address to receive
security alerts","policyType":"BuiltIn","mode":"Indexed","description":"Ensure
that an email address is provided for the ''Send alerts to'' field in the
Advanced Data Security server settings. This email address receives alert
notifications when anomalous activities are detected on SQL servers.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAddresses[*]","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","type":"Microsoft.Authorization/policyDefinitions","name":"9677b740-f641-4f3c-b9c5-466005c85278"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAddresses[*]","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","type":"Microsoft.Authorization/policyDefinitions","name":"9677b740-f641-4f3c-b9c5-466005c85278"},{"properties":{"displayName":"Microsoft
+ Managed Control 1453 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1453"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9693b564-3008-42bc-9d5d-9c7fe198c011","type":"Microsoft.Authorization/policyDefinitions","name":"9693b564-3008-42bc-9d5d-9c7fe198c011"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Adminstrative Templates
- MSS (Legacy)''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -6111,7 +10956,11 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Adminstrative Templates - MSS (Legacy)''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdminstrativeTemplatesMSSLegacy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97646672-5efa-4622-9b54-740270ad60bf","type":"Microsoft.Authorization/policyDefinitions","name":"97646672-5efa-4622-9b54-740270ad60bf"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdminstrativeTemplatesMSSLegacy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97646672-5efa-4622-9b54-740270ad60bf","type":"Microsoft.Authorization/policyDefinitions","name":"97646672-5efa-4622-9b54-740270ad60bf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1607 - Developer Security Testing And Evaluation | Dynamic
+ Code Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1607"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/976a74cf-b192-4d35-8cab-2068f272addb","type":"Microsoft.Authorization/policyDefinitions","name":"976a74cf-b192-4d35-8cab-2068f272addb"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - Policy Change''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -6136,7 +10985,13 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit
Authentication Policy Change;ExpectedValue","value":"[parameters(''AuditAuthenticationPolicyChange'')]"},{"name":"Audit
Authorization Policy Change;ExpectedValue","value":"[parameters(''AuditAuthorizationPolicyChange'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97b595c8-fd10-400e-8543-28e2b9138b13","type":"Microsoft.Authorization/policyDefinitions","name":"97b595c8-fd10-400e-8543-28e2b9138b13"},{"properties":{"displayName":"[Deprecated]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97b595c8-fd10-400e-8543-28e2b9138b13","type":"Microsoft.Authorization/policyDefinitions","name":"97b595c8-fd10-400e-8543-28e2b9138b13"},{"properties":{"displayName":"Microsoft
+ Managed Control 1136 - Audit Record Retention","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1136"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97ed5bac-a92f-4f6d-a8ed-dc094723597c","type":"Microsoft.Authorization/policyDefinitions","name":"97ed5bac-a92f-4f6d-a8ed-dc094723597c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1378 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1378"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97fceb70-6983-42d0-9331-18ad8253184d","type":"Microsoft.Authorization/policyDefinitions","name":"97fceb70-6983-42d0-9331-18ad8253184d"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation only in United States data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation in the following locations only: Central US, East US, East
US2, North Central US, South Central US, West US","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["centralus","eastus","eastus2","northcentralus","southcentralus","westus"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869","type":"Microsoft.Authorization/policyDefinitions","name":"983211ba-f348-4758-983b-21fa29294869"},{"properties":{"displayName":"[Preview]:
@@ -6166,7 +11021,33 @@ interactions:
insecure guest logons;ExpectedValue","value":"[parameters(''EnableInsecureGuestLogons'')]"},{"name":"Minimize
the number of simultaneous connections to the Internet or a Windows Domain;ExpectedValue","value":"[parameters(''AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain'')]"},{"name":"Turn
off multicast name resolution;ExpectedValue","value":"[parameters(''TurnOffMulticastNameResolution'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/985285b7-b97a-419c-8d48-c88cc934c8d8","type":"Microsoft.Authorization/policyDefinitions","name":"985285b7-b97a-419c-8d48-c88cc934c8d8"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/985285b7-b97a-419c-8d48-c88cc934c8d8","type":"Microsoft.Authorization/policyDefinitions","name":"985285b7-b97a-419c-8d48-c88cc934c8d8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1076 - Use Of External Information Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1076"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/98a4bd5f-6436-46d4-ad00-930b5b1dfed4","type":"Microsoft.Authorization/policyDefinitions","name":"98a4bd5f-6436-46d4-ad00-930b5b1dfed4"},{"properties":{"displayName":"Ensure
+ that ''HTTP Version'' is the latest, if used to run the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for HTTP either due to security flaws or to include
+ additional functionality. Using the latest HTTP version for web apps to take
+ advantage of security fixes, if any, and/or new functionalities of the newer
+ version.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.http20Enabled","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db","type":"Microsoft.Authorization/policyDefinitions","name":"991310cd-e9f3-47bc-b7b6-f57b557d07db"},{"properties":{"displayName":"Microsoft
+ Managed Control 1102 - Audit Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1102"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9943c16a-c54c-4b4a-ad28-bfd938cdbf57","type":"Microsoft.Authorization/policyDefinitions","name":"9943c16a-c54c-4b4a-ad28-bfd938cdbf57"},{"properties":{"displayName":"Microsoft
+ Managed Control 1300 - Identification And Authentication (Organizational Users)","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1300"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/99deec7d-5526-472e-b07c-3645a792026a","type":"Microsoft.Authorization/policyDefinitions","name":"99deec7d-5526-472e-b07c-3645a792026a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1036 - Least Privilege | Non-Privileged Access For Nonsecurity
+ Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1036"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9a16d673-8cf0-4dcf-b1d5-9b3e114fef71","type":"Microsoft.Authorization/policyDefinitions","name":"9a16d673-8cf0-4dcf-b1d5-9b3e114fef71"},{"properties":{"displayName":"FTPS
+ only should be required in your API App","policyType":"BuiltIn","mode":"Indexed","description":"Enable
+ FTPS enforcement for enhanced security","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/ftpsState","equals":"FtpsOnly"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5","type":"Microsoft.Authorization/policyDefinitions","name":"9a1b8c48-453a-4044-86c3-d8bfd823e4f5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1021 - Account Management | Restrictions On Use Of Shared
+ / Group Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1021"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9a3eb0a3-428d-4669-baff-20a14eb4b551","type":"Microsoft.Authorization/policyDefinitions","name":"9a3eb0a3-428d-4669-baff-20a14eb4b551"},{"properties":{"displayName":"Deploy
Diagnostic Settings for Azure SQL Database to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
the diagnostic settings for Azure SQL Database to stream to a regional Event
Hub on any Azure SQL Database which is missing this diagnostic settings is
@@ -6183,21 +11064,84 @@ interactions:
or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"fullName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"resources":[{"type":"Microsoft.Sql/servers/databases/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''fullName''),
''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"QueryStoreRuntimeStatistics","enabled":"[parameters(''logsEnabled'')]"},{"category":"QueryStoreWaitStatistics","enabled":"[parameters(''logsEnabled'')]"},{"category":"Errors","enabled":"[parameters(''logsEnabled'')]"},{"category":"DatabaseWaitStatistics","enabled":"[parameters(''logsEnabled'')]"},{"category":"Blocks","enabled":"[parameters(''logsEnabled'')]"},{"category":"SQLInsights","enabled":"[parameters(''logsEnabled'')]"},{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"SQLSecurityAuditEvents","enabled":"[parameters(''logsEnabled'')]"},{"category":"Timeouts","enabled":"[parameters(''logsEnabled'')]"},{"category":"AutomaticTuning","enabled":"[parameters(''logsEnabled'')]"},{"category":"Deadlocks","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
diagnostic settings for '', parameters(''fullName''))]"}}},"parameters":{"location":{"value":"[field(''location'')]"},"fullName":{"value":"[field(''fullName'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9a7c7a7d-49e5-4213-bea8-6a502b6272e0","type":"Microsoft.Authorization/policyDefinitions","name":"9a7c7a7d-49e5-4213-bea8-6a502b6272e0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1049 - System Use Notification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1049"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9adf7ba7-900a-4f35-8d57-9f34aafc405c","type":"Microsoft.Authorization/policyDefinitions","name":"9adf7ba7-900a-4f35-8d57-9f34aafc405c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1563 - Allocation Of Resources","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1563"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9afe2edf-232c-4fdf-8e6a-e867a5c525fd","type":"Microsoft.Authorization/policyDefinitions","name":"9afe2edf-232c-4fdf-8e6a-e867a5c525fd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1462 - Monitoring Physical Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1462"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9b1f3a9a-13a1-4b40-8420-36bca6fd8c02","type":"Microsoft.Authorization/policyDefinitions","name":"9b1f3a9a-13a1-4b40-8420-36bca6fd8c02"},{"properties":{"displayName":"Microsoft
IaaSAntimalware extension should be deployed on Windows servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Windows server VM without Microsoft IaaSAntimalware extension
deployed.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk"]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","type":"Microsoft.Authorization/policyDefinitions","name":"9b597639-28e4-48eb-b506-56b05d366257"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk"]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","type":"Microsoft.Authorization/policyDefinitions","name":"9b597639-28e4-48eb-b506-56b05d366257"},{"properties":{"displayName":"Microsoft
+ Managed Control 1236 - Software Usage Restrictions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1236"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ba3ed84-c768-4e18-b87c-34ef1aff1b57","type":"Microsoft.Authorization/policyDefinitions","name":"9ba3ed84-c768-4e18-b87c-34ef1aff1b57"},{"properties":{"displayName":"Microsoft
+ Managed Control 1525 - Personnel Transfer","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1525"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9be2f688-7a61-45e3-8230-e1ec93893f66","type":"Microsoft.Authorization/policyDefinitions","name":"9be2f688-7a61-45e3-8230-e1ec93893f66"},{"properties":{"displayName":"[Deprecated]:
Audit API Applications that are not using latest supported Java Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported Java version for the latest security classes. Using older
classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745","type":"Microsoft.Authorization/policyDefinitions","name":"9bfe3727-0a17-471f-a2fe-eddd6b668745"},{"properties":{"displayName":"Access
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745","type":"Microsoft.Authorization/policyDefinitions","name":"9bfe3727-0a17-471f-a2fe-eddd6b668745"},{"properties":{"displayName":"Microsoft
+ Managed Control 1138 - Audit Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1138"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9c284fc0-268a-4f29-af44-3c126674edb4","type":"Microsoft.Authorization/policyDefinitions","name":"9c284fc0-268a-4f29-af44-3c126674edb4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1135 - Non-Repudiation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1135"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9c308b6b-2429-4b97-86cf-081b8e737b04","type":"Microsoft.Authorization/policyDefinitions","name":"9c308b6b-2429-4b97-86cf-081b8e737b04"},{"properties":{"displayName":"Microsoft
+ Managed Control 1489 - Location Of Information System Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1489"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d0a794f-1444-4c96-9534-e35fc8c39c91","type":"Microsoft.Authorization/policyDefinitions","name":"9d0a794f-1444-4c96-9534-e35fc8c39c91"},{"properties":{"displayName":"Ensure
+ that ''Java version'' is the latest, if used as a part of the Funtion app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Java software either due to security flaws
+ or to include additional functionality. Using the latest Java version for
+ Function apps is recommended in order to to take advantage of security fixes,
+ if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ Java version","description":"Latest supported Java version for App Services"},"defaultValue":"11"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"JAVA"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","like":"[concat(''*'',
+ parameters(''JavaLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.javaVersion","like":"[concat(parameters(''JavaLatestVersion''),
+ ''*'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","type":"Microsoft.Authorization/policyDefinitions","name":"9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1322 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1322"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d1d971e-467e-4278-9633-c74c3d4fecc4","type":"Microsoft.Authorization/policyDefinitions","name":"9d1d971e-467e-4278-9633-c74c3d4fecc4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1233 - Configuration Management Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1233"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d79001f-95fe-45d0-8736-f217e78c1f57","type":"Microsoft.Authorization/policyDefinitions","name":"9d79001f-95fe-45d0-8736-f217e78c1f57"},{"properties":{"displayName":"Microsoft
+ Managed Control 1305 - Identification And Authentication (Org. Users) | Group
+ Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1305"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d9166a8-1722-4b8f-847c-2cf3f2618b3d","type":"Microsoft.Authorization/policyDefinitions","name":"9d9166a8-1722-4b8f-847c-2cf3f2618b3d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1259 - Contingency Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1259"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d9e18f7-bad9-4d30-8806-a0c9d5e26208","type":"Microsoft.Authorization/policyDefinitions","name":"9d9e18f7-bad9-4d30-8806-a0c9d5e26208"},{"properties":{"displayName":"Access
through Internet facing endpoint should be restricted","policyType":"BuiltIn","mode":"All","description":"Azure
Security center has identified some of your Network Security Groups'' inbound
rules to be too permissive. Inbound rules should not allow access from ''Any''
or ''Internet'' ranges. This can potentially enable attackers to easily target
your resources.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedNetworkEndpoint","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","type":"Microsoft.Authorization/policyDefinitions","name":"9daedab3-fb2d-461e-b861-71790eead4f6"},{"properties":{"displayName":"Append
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedNetworkEndpoint","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","type":"Microsoft.Authorization/policyDefinitions","name":"9daedab3-fb2d-461e-b861-71790eead4f6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1500 - Rules Of Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1500"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9dd5b241-03cb-47d3-a5cd-4b89f9c53c92","type":"Microsoft.Authorization/policyDefinitions","name":"9dd5b241-03cb-47d3-a5cd-4b89f9c53c92"},{"properties":{"displayName":"Microsoft
+ Managed Control 1482 - Temperature And Humidity Controls | Monitoring With
+ Alarms / Notifications","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1482"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9df4277e-8c88-4d5c-9b1a-541d53d15d7b","type":"Microsoft.Authorization/policyDefinitions","name":"9df4277e-8c88-4d5c-9b1a-541d53d15d7b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1553 - Vulnerability Scanning | Breadth / Depth Of Coverage","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1553"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9e5225fe-cdfb-4fce-9aec-0fe20dd53b62","type":"Microsoft.Authorization/policyDefinitions","name":"9e5225fe-cdfb-4fce-9aec-0fe20dd53b62"},{"properties":{"displayName":"Microsoft
+ Managed Control 1490 - Security Planning Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1490"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9e61da80-0957-4892-b70c-609d5eaafb6b","type":"Microsoft.Authorization/policyDefinitions","name":"9e61da80-0957-4892-b70c-609d5eaafb6b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1504 - Information Security Architecture","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1504"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9e7c35d0-12d4-4e0c-80a2-8a352537aefd","type":"Microsoft.Authorization/policyDefinitions","name":"9e7c35d0-12d4-4e0c-80a2-8a352537aefd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1609 - Development Process, Standards, And Tools","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1609"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9e93fa71-42ac-41a7-b177-efbfdc53c69f","type":"Microsoft.Authorization/policyDefinitions","name":"9e93fa71-42ac-41a7-b177-efbfdc53c69f"},{"properties":{"displayName":"Append
tag and its value from the resource group","policyType":"BuiltIn","mode":"Indexed","description":"Appends
the specified tag with its value from the resource group when any resource
which is missing this tag is created or updated. Does not modify the tags
@@ -6206,13 +11150,25 @@ interactions:
of tags on existing resources (see https://aka.ms/modifydoc).","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"allOf":[{"field":"[concat(''tags['',
parameters(''tagName''), '']'')]","exists":"false"},{"value":"[resourceGroup().tags[parameters(''tagName'')]]","notEquals":""}]},"then":{"effect":"append","details":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[resourceGroup().tags[parameters(''tagName'')]]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ea02ca2-71db-412d-8b00-7c7ca9fcd32d","type":"Microsoft.Authorization/policyDefinitions","name":"9ea02ca2-71db-412d-8b00-7c7ca9fcd32d"},{"properties":{"displayName":"Show
+ parameters(''tagName''), '']'')]","value":"[resourceGroup().tags[parameters(''tagName'')]]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ea02ca2-71db-412d-8b00-7c7ca9fcd32d","type":"Microsoft.Authorization/policyDefinitions","name":"9ea02ca2-71db-412d-8b00-7c7ca9fcd32d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1494 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1494"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ed09d84-3311-4853-8b67-2b55dfa33d09","type":"Microsoft.Authorization/policyDefinitions","name":"9ed09d84-3311-4853-8b67-2b55dfa33d09"},{"properties":{"displayName":"Microsoft
+ Managed Control 1514 - Personnel Screening | Information With Special Protection
+ Measures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1514"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ed5ca00-0e43-434e-a018-7aab91461ba7","type":"Microsoft.Authorization/policyDefinitions","name":"9ed5ca00-0e43-434e-a018-7aab91461ba7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1187 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1187"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9f2b2f9e-4ba6-46c3-907f-66db138b6f85","type":"Microsoft.Authorization/policyDefinitions","name":"9f2b2f9e-4ba6-46c3-907f-66db138b6f85"},{"properties":{"displayName":"Show
audit results from Windows VMs that are not set to the specified time zone","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that are not set to the specified time zone.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsTimeZone","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9f658460-46b7-43af-8565-94fc0662be38","type":"Microsoft.Authorization/policyDefinitions","name":"9f658460-46b7-43af-8565-94fc0662be38"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsTimeZone","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9f658460-46b7-43af-8565-94fc0662be38","type":"Microsoft.Authorization/policyDefinitions","name":"9f658460-46b7-43af-8565-94fc0662be38"},{"properties":{"displayName":"Microsoft
+ Managed Control 1354 - Incident Response Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1354"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9fd92c17-163a-4511-bb96-bbb476449796","type":"Microsoft.Authorization/policyDefinitions","name":"9fd92c17-163a-4511-bb96-bbb476449796"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs on which the Log Analytics agent is not
connected as expected","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -6220,14 +11176,22 @@ interactions:
auditing Windows virtual machines on which the Log Analytics agent is not
connected to the specified workspaces. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsLogAnalyticsAgentConnection","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a030a57e-4639-4e8f-ade9-a92f33afe7ee","type":"Microsoft.Authorization/policyDefinitions","name":"a030a57e-4639-4e8f-ade9-a92f33afe7ee"},{"properties":{"displayName":"Allowed
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsLogAnalyticsAgentConnection","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a030a57e-4639-4e8f-ade9-a92f33afe7ee","type":"Microsoft.Authorization/policyDefinitions","name":"a030a57e-4639-4e8f-ade9-a92f33afe7ee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1145 - Security Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1145"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a0724970-9c75-4a64-a225-a28002953f28","type":"Microsoft.Authorization/policyDefinitions","name":"a0724970-9c75-4a64-a225-a28002953f28"},{"properties":{"displayName":"Allowed
resource types","policyType":"BuiltIn","mode":"Indexed","description":"This
policy enables you to specify the resource types that your organization can
deploy. Only resource types that support ''tags'' and ''location'' will be
affected by this policy. To restrict all resources please duplicate this policy
and change the ''mode'' to ''All''.","metadata":{"category":"General"},"parameters":{"listOfResourceTypesAllowed":{"type":"Array","metadata":{"description":"The
list of resource types that can be deployed.","displayName":"Allowed resource
- types","strongType":"resourceTypes"}}},"policyRule":{"if":{"not":{"field":"type","in":"[parameters(''listOfResourceTypesAllowed'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c","type":"Microsoft.Authorization/policyDefinitions","name":"a08ec900-254a-4555-9bf5-e42af04b5c5c"},{"properties":{"displayName":"Security
+ types","strongType":"resourceTypes"}}},"policyRule":{"if":{"not":{"field":"type","in":"[parameters(''listOfResourceTypesAllowed'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c","type":"Microsoft.Authorization/policyDefinitions","name":"a08ec900-254a-4555-9bf5-e42af04b5c5c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1245 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1245"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a0e45314-57b8-4623-80cd-bbb561f59516","type":"Microsoft.Authorization/policyDefinitions","name":"a0e45314-57b8-4623-80cd-bbb561f59516"},{"properties":{"displayName":"Microsoft
+ Managed Control 1406 - Maintenance Tools | Inspect Media","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1406"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a0f5339c-9292-43aa-a0bc-d27c6b8e30aa","type":"Microsoft.Authorization/policyDefinitions","name":"a0f5339c-9292-43aa-a0bc-d27c6b8e30aa"},{"properties":{"displayName":"Security
Center standard pricing tier should be selected","policyType":"BuiltIn","mode":"All","description":"The
standard pricing tier enables threat detection for networks and virtual machines,
providing threat intelligence, anomaly detection, and behavior analytics in
@@ -6240,20 +11204,72 @@ interactions:
security model, you shoud create access policies at the entity level for queues
and topics to provide access to only the specific entity","metadata":{"category":"Service
Bus"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceBus/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","type":"Microsoft.Authorization/policyDefinitions","name":"a1817ec0-a368-432a-8057-8371e17ac6ee"},{"properties":{"displayName":"[Preview]:
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceBus/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","type":"Microsoft.Authorization/policyDefinitions","name":"a1817ec0-a368-432a-8057-8371e17ac6ee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1265 - Contingency Plan Testing | Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1265"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a18adb5b-1db6-4a5b-901a-7d3797d12972","type":"Microsoft.Authorization/policyDefinitions","name":"a18adb5b-1db6-4a5b-901a-7d3797d12972"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Logic Apps to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Logic Apps to stream to a regional Event Hub when
+ any Logic Apps which is missing this diagnostic settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Logic/workflows/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"WorkflowRuntime","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1dae6c7-13f3-48ea-a149-ff8442661f60","type":"Microsoft.Authorization/policyDefinitions","name":"a1dae6c7-13f3-48ea-a149-ff8442661f60"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Administrative Templates
- System''","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Administrative
Templates - System''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1e8dda3-9fd2-4835-aec3-0e55531fde33","type":"Microsoft.Authorization/policyDefinitions","name":"a1e8dda3-9fd2-4835-aec3-0e55531fde33"},{"properties":{"displayName":"Show
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1e8dda3-9fd2-4835-aec3-0e55531fde33","type":"Microsoft.Authorization/policyDefinitions","name":"a1e8dda3-9fd2-4835-aec3-0e55531fde33"},{"properties":{"displayName":"Microsoft
+ Managed Control 1612 - Developer Security Architecture And Design","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1612"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2037b3d-8b04-4171-8610-e6d4f1d08db5","type":"Microsoft.Authorization/policyDefinitions","name":"a2037b3d-8b04-4171-8610-e6d4f1d08db5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1197 - Configuration Change Control | Test / Validate / Document
+ Changes","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1197"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a20d2eaa-88e2-4907-96a2-8f3a05797e5c","type":"Microsoft.Authorization/policyDefinitions","name":"a20d2eaa-88e2-4907-96a2-8f3a05797e5c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1275 - Alternate Processing Site | Separation From Primary
+ Site","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1275"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a23d9d53-ad2e-45ef-afd5-e6d10900a737","type":"Microsoft.Authorization/policyDefinitions","name":"a23d9d53-ad2e-45ef-afd5-e6d10900a737"},{"properties":{"displayName":"Microsoft
+ Managed Control 1690 - Information System Monitoring | System-Wide Intrusion
+ Detection System","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1690"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2567a23-d1c3-4783-99f3-d471302a4d6b","type":"Microsoft.Authorization/policyDefinitions","name":"a2567a23-d1c3-4783-99f3-d471302a4d6b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1410 - Maintenance Tools | Prevent Unauthorized Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1410"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2596a9f-e59f-420d-9625-6e0b536348be","type":"Microsoft.Authorization/policyDefinitions","name":"a2596a9f-e59f-420d-9625-6e0b536348be"},{"properties":{"displayName":"Microsoft
+ Managed Control 1059 - Remote Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1059"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a29b5d9f-4953-4afe-b560-203a6410b6b4","type":"Microsoft.Authorization/policyDefinitions","name":"a29b5d9f-4953-4afe-b560-203a6410b6b4"},{"properties":{"displayName":"Show
audit results from Windows VMs that are not joined to the specified domain","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that are not joined to the specified domain.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDomainMembership","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a29ee95c-0395-4515-9851-cc04ffe82a91","type":"Microsoft.Authorization/policyDefinitions","name":"a29ee95c-0395-4515-9851-cc04ffe82a91"},{"properties":{"displayName":"Audit
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDomainMembership","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a29ee95c-0395-4515-9851-cc04ffe82a91","type":"Microsoft.Authorization/policyDefinitions","name":"a29ee95c-0395-4515-9851-cc04ffe82a91"},{"properties":{"displayName":"Microsoft
+ Managed Control 1532 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1532"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2c66299-9017-4d95-8040-8bdbf7901d52","type":"Microsoft.Authorization/policyDefinitions","name":"a2c66299-9017-4d95-8040-8bdbf7901d52"},{"properties":{"displayName":"Microsoft
+ Managed Control 1664 - Protection Of Information At Rest | Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1664"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2cdf6b8-9505-4619-b579-309ba72037ac","type":"Microsoft.Authorization/policyDefinitions","name":"a2cdf6b8-9505-4619-b579-309ba72037ac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1252 - Contingency Plan | Capacity Planning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1252"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a328fd72-8ff5-4f96-8c9c-b30ed95db4ab","type":"Microsoft.Authorization/policyDefinitions","name":"a328fd72-8ff5-4f96-8c9c-b30ed95db4ab"},{"properties":{"displayName":"Microsoft
+ Managed Control 1238 - User-Installed Software","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1238"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1","type":"Microsoft.Authorization/policyDefinitions","name":"a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1693 - Information System Monitoring | System-Generated Alerts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1693"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a450eba6-2efc-4a00-846a-5804a93c6b77","type":"Microsoft.Authorization/policyDefinitions","name":"a450eba6-2efc-4a00-846a-5804a93c6b77"},{"properties":{"displayName":"Audit
usage of custom RBAC rules","policyType":"BuiltIn","mode":"All","description":"Audit
built-in roles such as ''Owner, Contributer, Reader'' instead of custom RBAC
roles, which are error prone. Using custom roles is treated as an exception
@@ -6262,7 +11278,10 @@ interactions:
Application should only be accessible over HTTPS","policyType":"BuiltIn","mode":"Indexed","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","type":"Microsoft.Authorization/policyDefinitions","name":"a4af4a39-4135-47fb-b175-47fbdf85311d"},{"properties":{"displayName":"Auditing
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","type":"Microsoft.Authorization/policyDefinitions","name":"a4af4a39-4135-47fb-b175-47fbdf85311d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1617 - Application Partitioning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1617"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a631d8f5-eb81-4f9d-9ee1-74431371e4a3","type":"Microsoft.Authorization/policyDefinitions","name":"a631d8f5-eb81-4f9d-9ee1-74431371e4a3"},{"properties":{"displayName":"Auditing
should be enabled on advanced data security settings on SQL Server","policyType":"BuiltIn","mode":"Indexed","description":"Auditing
tracks database events and writes them to an audit log in the Azure storage
account. It also helps to maintain regulatory compliance, understand database
@@ -6273,21 +11292,49 @@ interactions:
Log Analytics agent should be installed on virtual machines","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Windows/Linux virtual machines if the Log Analytics agent
is not installed.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","in":["MicrosoftMonitoringAgent","OmsAgentForLinux"]},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"},{"field":"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be","type":"Microsoft.Authorization/policyDefinitions","name":"a70ca396-0a34-413a-88e1-b956c1e683be"},{"properties":{"displayName":"DDoS
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","in":["MicrosoftMonitoringAgent","OmsAgentForLinux"]},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"},{"field":"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be","type":"Microsoft.Authorization/policyDefinitions","name":"a70ca396-0a34-413a-88e1-b956c1e683be"},{"properties":{"displayName":"Microsoft
+ Managed Control 1431 - Media Storage","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1431"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7173c52-2b99-4696-a576-63dd5f970ef4","type":"Microsoft.Authorization/policyDefinitions","name":"a7173c52-2b99-4696-a576-63dd5f970ef4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1644 - Cryptographic Key Establishment And Management | Availability","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1644"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7211477-c970-446b-b4af-062f37461147","type":"Microsoft.Authorization/policyDefinitions","name":"a7211477-c970-446b-b4af-062f37461147"},{"properties":{"displayName":"Microsoft
+ Managed Control 1027 - Access Enforcement","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1027"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c","type":"Microsoft.Authorization/policyDefinitions","name":"a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c"},{"properties":{"displayName":"DDoS
Protection Standard should be enabled","policyType":"BuiltIn","mode":"All","description":"DDoS
protection standard should be enabled for all virtual networks with a subnet
that is part of an application gateway with a public IP.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"microsoft.network/virtualNetworks"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableDDoSProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","type":"Microsoft.Authorization/policyDefinitions","name":"a7aca53f-2ed4-4466-a25e-0b45ade68efd"},{"properties":{"displayName":"Require
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"microsoft.network/virtualNetworks"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableDDoSProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","type":"Microsoft.Authorization/policyDefinitions","name":"a7aca53f-2ed4-4466-a25e-0b45ade68efd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1570 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1570"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7fcf38d-bb09-4600-be7d-825046eb162a","type":"Microsoft.Authorization/policyDefinitions","name":"a7fcf38d-bb09-4600-be7d-825046eb162a"},{"properties":{"displayName":"Require
encryption on Data Lake Store accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
policy ensures encryption is enabled on all Data Lake Store accounts","metadata":{"category":"Data
- Lake"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},{"field":"Microsoft.DataLakeStore/accounts/encryptionState","equals":"Disabled"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"a7ff3161-0087-490a-9ad9-ad6217f4f43a"},{"properties":{"displayName":"[Deprecated]
+ Lake"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},{"field":"Microsoft.DataLakeStore/accounts/encryptionState","equals":"Disabled"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"a7ff3161-0087-490a-9ad9-ad6217f4f43a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1295 - Information System Recovery And Reconstitution","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1295"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a895fbdb-204d-4302-9689-0a59dc42b3d9","type":"Microsoft.Authorization/policyDefinitions","name":"a895fbdb-204d-4302-9689-0a59dc42b3d9"},{"properties":{"displayName":"[Deprecated]
Monitor unencrypted SQL databases in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Unencrypted
SQL databases will be monitored by Azure Security Center as recommendations.
This policy is deprecated and replaced by the following policy: Transparent
Data Encryption on SQL databases should be enabled''","metadata":{"category":"Security
Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16","type":"Microsoft.Authorization/policyDefinitions","name":"a8bef009-a5c9-4d0f-90d7-6018734e8a16"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16","type":"Microsoft.Authorization/policyDefinitions","name":"a8bef009-a5c9-4d0f-90d7-6018734e8a16"},{"properties":{"displayName":"Microsoft
+ Managed Control 1283 - Telecommunications Services | Separation Of Primary
+ / Alternate Providers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1283"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9172e76-7f56-46e9-93bf-75d69bdb5491","type":"Microsoft.Authorization/policyDefinitions","name":"a9172e76-7f56-46e9-93bf-75d69bdb5491"},{"properties":{"displayName":"Microsoft
+ Managed Control 1400 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1400"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a96d5098-a604-4cdf-90b1-ef6449a27424","type":"Microsoft.Authorization/policyDefinitions","name":"a96d5098-a604-4cdf-90b1-ef6449a27424"},{"properties":{"displayName":"Microsoft
+ Managed Control 1118 - Audit Review, Analysis, And Reporting | Correlate Audit
+ Repositories","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1118"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a96f743d-a195-420d-983a-08aa06bc441e","type":"Microsoft.Authorization/policyDefinitions","name":"a96f743d-a195-420d-983a-08aa06bc441e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1199 - Configuration Change Control | Cryptography Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1199"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9a08d1c-09b1-48f1-90ea-029bbdf7111e","type":"Microsoft.Authorization/policyDefinitions","name":"a9a08d1c-09b1-48f1-90ea-029bbdf7111e"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Detailed Tracking''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -6300,22 +11347,60 @@ interactions:
policy creates a network watcher resource in regions with virtual networks.
You need to ensure existence of a resource group named networkWatcherRG, which
will be used to deploy network watcher instances.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/virtualNetworks"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Network/networkWatchers","resourceGroupName":"networkWatcherRG","existenceCondition":{"field":"location","equals":"[field(''location'')]"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json","contentVersion":"1.0.0.0","parameters":{"location":{"type":"string"}},"resources":[{"apiVersion":"2016-09-01","type":"Microsoft.Network/networkWatchers","name":"[concat(''networkWatcher_'',
- parameters(''location''))]","location":"[parameters(''location'')]"}]},"parameters":{"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9","type":"Microsoft.Authorization/policyDefinitions","name":"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9"},{"properties":{"displayName":"MFA
+ parameters(''location''))]","location":"[parameters(''location'')]"}]},"parameters":{"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9","type":"Microsoft.Authorization/policyDefinitions","name":"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1511 - Personnel Screening","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1511"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9eae324-d327-4539-9293-b48e122465f8","type":"Microsoft.Authorization/policyDefinitions","name":"a9eae324-d327-4539-9293-b48e122465f8"},{"properties":{"displayName":"MFA
should be enabled on accounts with owner permissions on your subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor
Authentication (MFA) should be enabled for all subscription accounts with
owner permissions to prevent a breach of accounts or resources.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","type":"Microsoft.Authorization/policyDefinitions","name":"aa633080-8b72-40c4-a2d7-d00c03e80bed"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","type":"Microsoft.Authorization/policyDefinitions","name":"aa633080-8b72-40c4-a2d7-d00c03e80bed"},{"properties":{"displayName":"Ensure
+ that Register with Azure Active Directory is enabled on WEB App","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aa81768c-cb87-4ce2-bfaa-00baa10d760c","type":"Microsoft.Authorization/policyDefinitions","name":"aa81768c-cb87-4ce2-bfaa-00baa10d760c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1539 - Security Categorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1539"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aabb155f-e7a5-4896-a767-e918bfae2ee0","type":"Microsoft.Authorization/policyDefinitions","name":"aabb155f-e7a5-4896-a767-e918bfae2ee0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1006 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1006"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aae8d54c-4bce-4c04-b3aa-5b65b67caac8","type":"Microsoft.Authorization/policyDefinitions","name":"aae8d54c-4bce-4c04-b3aa-5b65b67caac8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1461 - Monitoring Physical Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1461"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aafef03e-fea8-470b-88fa-54bd1fcd7064","type":"Microsoft.Authorization/policyDefinitions","name":"aafef03e-fea8-470b-88fa-54bd1fcd7064"},{"properties":{"displayName":"Microsoft
+ Managed Control 1073 - Access Control For Mobile Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1073"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ab55cdb0-c7dd-4bd8-ae22-a7cea7594e9c","type":"Microsoft.Authorization/policyDefinitions","name":"ab55cdb0-c7dd-4bd8-ae22-a7cea7594e9c"},{"properties":{"displayName":"Ensure
+ that ''PHP version'' is the latest, if used as a part of the Function app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for PHP software either due to security flaws
+ or to include additional functionality. Using the latest PHP version for Function
+ apps is recommended in order to to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ PHP version","description":"Latest supported PHP version for App Services"},"defaultValue":"7.3"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PHP"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PHP|'',
+ parameters(''PHPLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":"[parameters(''PHPLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ab965db2-d2bf-4b64-8b39-c38ec8179461","type":"Microsoft.Authorization/policyDefinitions","name":"ab965db2-d2bf-4b64-8b39-c38ec8179461"},{"properties":{"displayName":"[Deprecated]:
Automatic provisioning of security monitoring agent","policyType":"BuiltIn","mode":"All","description":"Installs
security agent on VMs for advanced security alerts and preventions in Azure
Security Center. Applies only for subscriptions that use Azure Security Center.","metadata":{"category":"Security
- Center","deprecated":true},"parameters":{},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Security/complianceResults","name":"securityAgent","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24","type":"Microsoft.Authorization/policyDefinitions","name":"abcc6037-1fc4-47f6-aac5-89706589be24"},{"properties":{"displayName":"Advanced
+ Center","deprecated":true},"parameters":{},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Security/complianceResults","name":"securityAgent","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24","type":"Microsoft.Authorization/policyDefinitions","name":"abcc6037-1fc4-47f6-aac5-89706589be24"},{"properties":{"displayName":"Microsoft
+ Managed Control 1323 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1323"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abe8f70b-680f-470c-9b86-a7edfb664ecc","type":"Microsoft.Authorization/policyDefinitions","name":"abe8f70b-680f-470c-9b86-a7edfb664ecc"},{"properties":{"displayName":"Advanced
data security should be enabled on your SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"Audit
SQL servers without Advanced Data Security","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/state","equals":"Enabled"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","type":"Microsoft.Authorization/policyDefinitions","name":"abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9"},{"properties":{"displayName":"Advanced
data security should be enabled on your SQL managed instances","policyType":"BuiltIn","mode":"Indexed","description":"Audit
SQL managed instances without Advanced Data Security","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/state","equals":"Enabled"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","type":"Microsoft.Authorization/policyDefinitions","name":"abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/state","equals":"Enabled"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","type":"Microsoft.Authorization/policyDefinitions","name":"abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1056 - Session Termination | User-Initiated Logouts / Message
+ Displays","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1056"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac43352f-df83-4694-8738-cfce549fd08d","type":"Microsoft.Authorization/policyDefinitions","name":"ac43352f-df83-4694-8738-cfce549fd08d"},{"properties":{"displayName":"[Preview]:
Role-Based Access Control (RBAC) should be used on Kubernetes Services","policyType":"BuiltIn","mode":"All","description":"To
provide granular filtering on the actions that users can perform, use Role-Based
Access Control (RBAC) to manage permissions in Kubernetes Service Clusters
@@ -6324,18 +11409,38 @@ interactions:
or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/enableRBAC","exists":"false"},{"field":"Microsoft.ContainerService/managedClusters/enableRBAC","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","type":"Microsoft.Authorization/policyDefinitions","name":"ac4a19c2-fa67-49b4-8ae5-0b2e78c49457"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation if ''environment'' tag value in allowed values","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation if the ''environment'' tag is set to one of the following
- values: production, dev, test, staging","metadata":{"category":"Tags","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags[''environment'']","in":["production","dev","test","staging"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9","type":"Microsoft.Authorization/policyDefinitions","name":"ac7e5fc0-c029-4b12-91d4-a8500ce697f9"},{"properties":{"displayName":"SQL
+ values: production, dev, test, staging","metadata":{"category":"Tags","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags[''environment'']","in":["production","dev","test","staging"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9","type":"Microsoft.Authorization/policyDefinitions","name":"ac7e5fc0-c029-4b12-91d4-a8500ce697f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1569 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1569"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ad2f8e61-a564-4dfd-8eaa-816f5be8cb34","type":"Microsoft.Authorization/policyDefinitions","name":"ad2f8e61-a564-4dfd-8eaa-816f5be8cb34"},{"properties":{"displayName":"Microsoft
+ Managed Control 1454 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1454"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ad58985d-ab32-4f99-8bd3-b7e134c90229","type":"Microsoft.Authorization/policyDefinitions","name":"ad58985d-ab32-4f99-8bd3-b7e134c90229"},{"properties":{"displayName":"Microsoft
+ Managed Control 1025 - Account Management | Account Monitoring / Atypical
+ Usage","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1025"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/adfe020d-0a97-45f4-a39c-696ef99f3a95","type":"Microsoft.Authorization/policyDefinitions","name":"adfe020d-0a97-45f4-a39c-696ef99f3a95"},{"properties":{"displayName":"Microsoft
+ Managed Control 1272 - Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1272"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8","type":"Microsoft.Authorization/policyDefinitions","name":"ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8"},{"properties":{"displayName":"SQL
Server should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any SQL Server not configured to use a virtual network service
endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/virtualNetworkRules","existenceCondition":{"field":"Microsoft.Sql/servers/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ae5d2f14-d830-42b6-9899-df6cfe9c71a3","type":"Microsoft.Authorization/policyDefinitions","name":"ae5d2f14-d830-42b6-9899-df6cfe9c71a3"},{"properties":{"displayName":"Email
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/virtualNetworkRules","existenceCondition":{"field":"Microsoft.Sql/servers/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ae5d2f14-d830-42b6-9899-df6cfe9c71a3","type":"Microsoft.Authorization/policyDefinitions","name":"ae5d2f14-d830-42b6-9899-df6cfe9c71a3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1598 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1598"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ae7e1f5e-2d63-4b38-91ef-bce14151cce3","type":"Microsoft.Authorization/policyDefinitions","name":"ae7e1f5e-2d63-4b38-91ef-bce14151cce3"},{"properties":{"displayName":"Email
notifications to admins and subscription owners should be enabled in SQL managed
instance advanced data security settings","policyType":"BuiltIn","mode":"Indexed","description":"Audit
that ''email notification to admins and subscription owners'' is enabled in
the SQL managed instance advanced threat protection settings. This ensures
that any detections of anomalous activities on SQL managed instance are reported
as soon as possible to the admins.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","type":"Microsoft.Authorization/policyDefinitions","name":"aeb23562-188d-47cb-80b8-551f16ef9fff"},{"properties":{"displayName":"Monitor
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","type":"Microsoft.Authorization/policyDefinitions","name":"aeb23562-188d-47cb-80b8-551f16ef9fff"},{"properties":{"displayName":"Microsoft
+ Managed Control 1413 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1413"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aeedddb6-6bc0-42d5-809b-80048033419d","type":"Microsoft.Authorization/policyDefinitions","name":"aeedddb6-6bc0-42d5-809b-80048033419d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1710 - Security Function Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1710"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/af2a93c8-e6dd-4c94-acdd-4a2eedfc478e","type":"Microsoft.Authorization/policyDefinitions","name":"af2a93c8-e6dd-4c94-acdd-4a2eedfc478e"},{"properties":{"displayName":"Monitor
missing Endpoint Protection in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Servers
without an installed Endpoint Protection agent will be monitored by Azure
Security Center as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -6345,22 +11450,50 @@ interactions:
Security Center as recommendations. This policy is deprecated and replaced
by the following policy: ''Auditing should be enabled on advanced data security
settings on SQL Server''","metadata":{"category":"Security Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"auditing","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d","type":"Microsoft.Authorization/policyDefinitions","name":"af8051bf-258b-44e2-a2bf-165330459f9d"},{"properties":{"displayName":"Activity
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"auditing","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d","type":"Microsoft.Authorization/policyDefinitions","name":"af8051bf-258b-44e2-a2bf-165330459f9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1645 - Cryptographic Key Establishment And Management | Symmetric
+ Keys","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1645"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/afbd0baf-ff1a-4447-a86f-088a97347c0c","type":"Microsoft.Authorization/policyDefinitions","name":"afbd0baf-ff1a-4447-a86f-088a97347c0c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1725 - Error Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1725"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/afc234b5-456b-4aa5-b3e2-ce89108124cc","type":"Microsoft.Authorization/policyDefinitions","name":"afc234b5-456b-4aa5-b3e2-ce89108124cc"},{"properties":{"displayName":"Activity
log should be retained for at least one year","policyType":"BuiltIn","mode":"All","description":"This
policy audits the activity log if the retention is not set for 365 days or
forever (retention days set to 0).","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"true"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"365"}]},{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"false"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"0"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","type":"Microsoft.Authorization/policyDefinitions","name":"b02aacc0-b073-424e-8298-42b22829ee0a"},{"properties":{"displayName":"Just-In-Time
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"true"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"365"}]},{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"false"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"0"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","type":"Microsoft.Authorization/policyDefinitions","name":"b02aacc0-b073-424e-8298-42b22829ee0a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1429 - Media Marking","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1429"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b07c9b24-729e-4e85-95fc-f224d2d08a80","type":"Microsoft.Authorization/policyDefinitions","name":"b07c9b24-729e-4e85-95fc-f224d2d08a80"},{"properties":{"displayName":"Microsoft
+ Managed Control 1711 - Security Function Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1711"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b083a535-a66a-41ec-ba7f-f9498bf67cde","type":"Microsoft.Authorization/policyDefinitions","name":"b083a535-a66a-41ec-ba7f-f9498bf67cde"},{"properties":{"displayName":"Just-In-Time
network access control should be applied on virtual machines","policyType":"BuiltIn","mode":"All","description":"Possible
network Just In Time (JIT) access will be monitored by Azure Security Center
as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"jitNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","type":"Microsoft.Authorization/policyDefinitions","name":"b0f33259-77d7-4c9e-aac6-3aabcfae693c"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"jitNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","type":"Microsoft.Authorization/policyDefinitions","name":"b0f33259-77d7-4c9e-aac6-3aabcfae693c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1571 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1571"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b11c985b-f2cd-4bd7-85f4-b52426edf905","type":"Microsoft.Authorization/policyDefinitions","name":"b11c985b-f2cd-4bd7-85f4-b52426edf905"},{"properties":{"displayName":"[Preview]:
Show audit results from Linux VMs that do not have the passwd file permissions
set to 0644","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Linux
virtual machines that do not have the passwd file permissions set to 0644.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","type":"Microsoft.Authorization/policyDefinitions","name":"b18175dd-c599-4c64-83ba-bb018a06d35b"},{"properties":{"displayName":"All
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","type":"Microsoft.Authorization/policyDefinitions","name":"b18175dd-c599-4c64-83ba-bb018a06d35b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1537 - Risk Assessment Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1537"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b19454ca-0d70-42c0-acf5-ea1c1e5726d1","type":"Microsoft.Authorization/policyDefinitions","name":"b19454ca-0d70-42c0-acf5-ea1c1e5726d1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1091 - Security Awareness Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1091"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b23bd715-5d1c-4e5c-9759-9cbdf79ded9d","type":"Microsoft.Authorization/policyDefinitions","name":"b23bd715-5d1c-4e5c-9759-9cbdf79ded9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1078 - Use Of External Information Systems | Limits On Authorized
+ Use","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1078"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b25faf85-8a16-4f28-8e15-d05c0072d64d","type":"Microsoft.Authorization/policyDefinitions","name":"b25faf85-8a16-4f28-8e15-d05c0072d64d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1009 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1009"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b26f8610-e615-47c2-abd6-c00b2b0b503a","type":"Microsoft.Authorization/policyDefinitions","name":"b26f8610-e615-47c2-abd6-c00b2b0b503a"},{"properties":{"displayName":"All
authorization rules except RootManageSharedAccessKey should be removed from
Event Hub namespace","policyType":"BuiltIn","mode":"All","description":"Event
Hub clients should not use a namespace level access policy that provides access
@@ -6368,7 +11501,13 @@ interactions:
security model, you shoud create access policies at the entity level for queues
and topics to provide access to only the specific entity","metadata":{"category":"Event
Hub"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.EventHub/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","type":"Microsoft.Authorization/policyDefinitions","name":"b278e460-7cfc-4451-8294-cccc40a940d7"},{"properties":{"displayName":"Deploy
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.EventHub/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","type":"Microsoft.Authorization/policyDefinitions","name":"b278e460-7cfc-4451-8294-cccc40a940d7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1234 - Software Usage Restrictions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1234"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b293f881-361c-47ed-b997-bc4e2296bc0b","type":"Microsoft.Authorization/policyDefinitions","name":"b293f881-361c-47ed-b997-bc4e2296bc0b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1107 - Content Of Audit Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1107"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b29ed931-8e21-4779-8458-27916122a904","type":"Microsoft.Authorization/policyDefinitions","name":"b29ed931-8e21-4779-8458-27916122a904"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows web servers that are not using secure communication
protocols","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Windows web servers that
@@ -6395,14 +11534,29 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''System Audit Policies - Logon-Logoff''. For more information on
Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesLogonLogoff","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b3802d79-dd88-4bce-b81d-780218e48280","type":"Microsoft.Authorization/policyDefinitions","name":"b3802d79-dd88-4bce-b81d-780218e48280"},{"properties":{"displayName":"Diagnostic
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesLogonLogoff","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b3802d79-dd88-4bce-b81d-780218e48280","type":"Microsoft.Authorization/policyDefinitions","name":"b3802d79-dd88-4bce-b81d-780218e48280"},{"properties":{"displayName":"Microsoft
+ Managed Control 1041 - Least Privilege | Privilege Levels For Code Execution","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1041"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b3d8d15b-627a-4219-8c96-4d16f788888b","type":"Microsoft.Authorization/policyDefinitions","name":"b3d8d15b-627a-4219-8c96-4d16f788888b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1380 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1380"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4319b7e-ea8d-42ff-8a67-ccd462972827","type":"Microsoft.Authorization/policyDefinitions","name":"b4319b7e-ea8d-42ff-8a67-ccd462972827"},{"properties":{"displayName":"Diagnostic
logs in Search services should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Search"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","type":"Microsoft.Authorization/policyDefinitions","name":"b4330a05-a843-4bc8-bf9a-cacce50c67f4"},{"properties":{"displayName":"[Deprecated]:
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","type":"Microsoft.Authorization/policyDefinitions","name":"b4330a05-a843-4bc8-bf9a-cacce50c67f4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1172 - Internal System Connections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1172"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b43e946e-a4c8-4b92-8201-4a39331db43c","type":"Microsoft.Authorization/policyDefinitions","name":"b43e946e-a4c8-4b92-8201-4a39331db43c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1672 - Flaw Remediation | Central Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1672"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b45fe972-904e-45a4-ac20-673ba027a301","type":"Microsoft.Authorization/policyDefinitions","name":"b45fe972-904e-45a4-ac20-673ba027a301"},{"properties":{"displayName":"Microsoft
+ Managed Control 1131 - Protection Of Audit Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1131"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b472a17e-c2bc-493f-b50b-42d55a346962","type":"Microsoft.Authorization/policyDefinitions","name":"b472a17e-c2bc-493f-b50b-42d55a346962"},{"properties":{"displayName":"[Deprecated]:
Audit Web Sockets state for an API App","policyType":"BuiltIn","mode":"All","description":"The
Web Sockets protocol is vulnerable to different types of security threats.
Use of Web Sockets within an API app must be carefully reviewed.","metadata":{"category":"Security
@@ -6411,7 +11565,10 @@ interactions:
security contact phone number should be provided for your subscription","policyType":"BuiltIn","mode":"All","description":"Enter
a phone number to receive notifications when Azure Security Center detects
compromised resources","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/phone","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","type":"Microsoft.Authorization/policyDefinitions","name":"b4d66858-c922-44e3-9566-5cdb7a7be744"},{"properties":{"displayName":"Service
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/phone","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","type":"Microsoft.Authorization/policyDefinitions","name":"b4d66858-c922-44e3-9566-5cdb7a7be744"},{"properties":{"displayName":"Microsoft
+ Managed Control 1286 - Telecommunications Services | Provider Contingency
+ Plan","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1286"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4f9b47a-2116-4e6f-88db-4edbf22753f1","type":"Microsoft.Authorization/policyDefinitions","name":"b4f9b47a-2116-4e6f-88db-4edbf22753f1"},{"properties":{"displayName":"Service
Fabric clusters should only use Azure Active Directory for client authentication","policyType":"BuiltIn","mode":"Indexed","description":"Audit
usage of client authentication only via Azure Active Directory in Service
Fabric","metadata":{"category":"Service Fabric"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -6419,20 +11576,34 @@ interactions:
Advanced Threat Protection for Cosmos DB Accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
policy enables Advanced Threat Protection across Cosmos DB accounts.","metadata":{"category":"Cosmos
DB"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"cosmosDbAccountName":{"type":"string"}},"resources":[{"apiVersion":"2017-08-01-preview","type":"Microsoft.DocumentDB/databaseAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''cosmosDbAccountName''),
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"cosmosDbAccountName":{"type":"string"}},"resources":[{"apiVersion":"2019-01-01","type":"Microsoft.DocumentDB/databaseAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''cosmosDbAccountName''),
''/Microsoft.Security/current'')]","properties":{"isEnabled":true}}]},"parameters":{"cosmosDbAccountName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656","type":"Microsoft.Authorization/policyDefinitions","name":"b5f04e03-92a3-4b09-9410-2cc5e5047656"},{"properties":{"displayName":"Diagnostic
logs in App Services should be enabled","policyType":"BuiltIn","mode":"All","description":"Audit
enabling of diagnostic logs on the app. This enables you to recreate activity
trails for investigation purposes if a security incident occurs or your network
is compromised","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","notContains":"functionapp"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"allOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","type":"Microsoft.Authorization/policyDefinitions","name":"b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0"},{"properties":{"displayName":"Network
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","notContains":"functionapp"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"allOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","type":"Microsoft.Authorization/policyDefinitions","name":"b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1419 - Nonlocal Maintenance | Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1419"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6747bf9-2b97-45b8-b162-3c8becb9937d","type":"Microsoft.Authorization/policyDefinitions","name":"b6747bf9-2b97-45b8-b162-3c8becb9937d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1301 - Identification And Authentication (Org. Users) | Network
+ Access To Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1301"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08","type":"Microsoft.Authorization/policyDefinitions","name":"b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08"},{"properties":{"displayName":"Microsoft
+ Managed Control 1568 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1568"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6a8eae8-9854-495a-ac82-d2cd3eac02a6","type":"Microsoft.Authorization/policyDefinitions","name":"b6a8eae8-9854-495a-ac82-d2cd3eac02a6"},{"properties":{"displayName":"Network
Watcher should be enabled","policyType":"BuiltIn","mode":"All","description":"Network
Watcher is a regional service that enables you to monitor and diagnose conditions
at a network scenario level in, to, and from Azure. Scenario level monitoring
enables you to diagnose problems at an end to end network level view. Network
diagnostic and visualization tools available with Network Watcher help you
understand, diagnose, and gain insights to your network in Azure.","metadata":{"category":"Network"},"parameters":{"listOfLocations":{"type":"Array","metadata":{"displayName":"Locations","description":"Audit
- if Network Watcher is not enabled for region(s).","strongType":"location"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Network/networkWatchers","resourceGroupName":"NetworkWatcherRG","existenceCondition":{"field":"location","in":"[parameters(''listOfLocations'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","type":"Microsoft.Authorization/policyDefinitions","name":"b6e2945c-0b7b-40f5-9233-7a5323b5cdc6"},{"properties":{"displayName":"API
+ if Network Watcher is not enabled for region(s).","strongType":"location"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Network/networkWatchers","resourceGroupName":"NetworkWatcherRG","existenceCondition":{"field":"location","in":"[parameters(''listOfLocations'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","type":"Microsoft.Authorization/policyDefinitions","name":"b6e2945c-0b7b-40f5-9233-7a5323b5cdc6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1608 - Supply Chain Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1608"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b73b7b3b-677c-4a2a-b949-ad4dc4acd89f","type":"Microsoft.Authorization/policyDefinitions","name":"b73b7b3b-677c-4a2a-b949-ad4dc4acd89f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1401 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1401"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b78ee928-e3c1-4569-ad97-9f8c4b629847","type":"Microsoft.Authorization/policyDefinitions","name":"b78ee928-e3c1-4569-ad97-9f8c4b629847"},{"properties":{"displayName":"API
App should only be accessible over HTTPS","policyType":"BuiltIn","mode":"Indexed","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -6462,7 +11633,37 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Security
Options - Accounts''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAccounts","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b872a447-cc6f-43b9-bccf-45703cd81607","type":"Microsoft.Authorization/policyDefinitions","name":"b872a447-cc6f-43b9-bccf-45703cd81607"},{"properties":{"displayName":"[Preview]:
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAccounts","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b872a447-cc6f-43b9-bccf-45703cd81607","type":"Microsoft.Authorization/policyDefinitions","name":"b872a447-cc6f-43b9-bccf-45703cd81607"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Logic Apps to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Logic Apps to stream to a regional Log Analytics
+ workspace when any Logic Apps which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Logic/workflows/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"WorkflowRuntime","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721","type":"Microsoft.Authorization/policyDefinitions","name":"b889a06c-ec72-4b03-910a-cb169ee18721"},{"properties":{"displayName":"Microsoft
+ Managed Control 1257 - Contingency Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1257"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b958b241-4245-4bd6-bd2d-b8f0779fb543","type":"Microsoft.Authorization/policyDefinitions","name":"b958b241-4245-4bd6-bd2d-b8f0779fb543"},{"properties":{"displayName":"Microsoft
+ Managed Control 1186 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1186"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b95ba3bd-4ded-49ea-9d10-c6f4b680813d","type":"Microsoft.Authorization/policyDefinitions","name":"b95ba3bd-4ded-49ea-9d10-c6f4b680813d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1447 - Physical Access Authorizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1447"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b9783a99-98fe-4a95-873f-29613309fe9a","type":"Microsoft.Authorization/policyDefinitions","name":"b9783a99-98fe-4a95-873f-29613309fe9a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1625 - Boundary Protection | Access Points","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1625"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b9b66a4d-70a1-4b47-8fa1-289cec68c605","type":"Microsoft.Authorization/policyDefinitions","name":"b9b66a4d-70a1-4b47-8fa1-289cec68c605"},{"properties":{"displayName":"Microsoft
+ Managed Control 1610 - Development Process, Standards, And Tools","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1610"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b9f3fb54-4222-46a1-a308-4874061f8491","type":"Microsoft.Authorization/policyDefinitions","name":"b9f3fb54-4222-46a1-a308-4874061f8491"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Recovery console''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -6470,7 +11671,23 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - Recovery console''. For more information on
Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsRecoveryconsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b","type":"Microsoft.Authorization/policyDefinitions","name":"ba12366f-f9a6-42b8-9d98-157d0b1a837b"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsRecoveryconsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b","type":"Microsoft.Authorization/policyDefinitions","name":"ba12366f-f9a6-42b8-9d98-157d0b1a837b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1606 - Developer Security Testing And Evaluation | Threat
+ And Vulnerability Analyses","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1606"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca","type":"Microsoft.Authorization/policyDefinitions","name":"baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1726 - Information Handling And Retention","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1726"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/baff1279-05e0-4463-9a70-8ba5de4c7aa4","type":"Microsoft.Authorization/policyDefinitions","name":"baff1279-05e0-4463-9a70-8ba5de4c7aa4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1166 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1166"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bb02733d-3cc5-4bb0-a6cd-695ba2c2272e","type":"Microsoft.Authorization/policyDefinitions","name":"bb02733d-3cc5-4bb0-a6cd-695ba2c2272e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1188 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1188"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bb20548a-c926-4e4d-855c-bcddc6faf95e","type":"Microsoft.Authorization/policyDefinitions","name":"bb20548a-c926-4e4d-855c-bcddc6faf95e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1533 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1533"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bba2a036-fb3b-4261-b1be-a13dfb5fbcaa","type":"Microsoft.Authorization/policyDefinitions","name":"bba2a036-fb3b-4261-b1be-a13dfb5fbcaa"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Microsoft Network Client''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -6519,7 +11736,14 @@ interactions:
the latest supported Python version for the latest security classes. Using
older classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPython","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644","type":"Microsoft.Authorization/policyDefinitions","name":"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPython","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644","type":"Microsoft.Authorization/policyDefinitions","name":"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644"},{"properties":{"displayName":"Microsoft
+ Managed Control 1194 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1194"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc34667f-397e-4a65-9b72-d0358f0b6b09","type":"Microsoft.Authorization/policyDefinitions","name":"bc34667f-397e-4a65-9b72-d0358f0b6b09"},{"properties":{"displayName":"Microsoft
+ Managed Control 1095 - Role-Based Security Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1095"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc3f6f7a-057b-433e-9834-e8c97b0194f6","type":"Microsoft.Authorization/policyDefinitions","name":"bc3f6f7a-057b-433e-9834-e8c97b0194f6"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Account Logon''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -6527,7 +11751,16 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''System Audit Policies - Account Logon''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesAccountLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc87d811-4a9b-47cc-ae54-0a41abda7768","type":"Microsoft.Authorization/policyDefinitions","name":"bc87d811-4a9b-47cc-ae54-0a41abda7768"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesAccountLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc87d811-4a9b-47cc-ae54-0a41abda7768","type":"Microsoft.Authorization/policyDefinitions","name":"bc87d811-4a9b-47cc-ae54-0a41abda7768"},{"properties":{"displayName":"Microsoft
+ Managed Control 1427 - Media Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1427"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc90e44f-d83f-4bdf-900f-3d5eb4111b31","type":"Microsoft.Authorization/policyDefinitions","name":"bc90e44f-d83f-4bdf-900f-3d5eb4111b31"},{"properties":{"displayName":"Microsoft
+ Managed Control 1351 - Incident Response Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1351"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bcfb6683-05e5-4ce6-9723-c3fbe9896bdd","type":"Microsoft.Authorization/policyDefinitions","name":"bcfb6683-05e5-4ce6-9723-c3fbe9896bdd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1050 - Concurrent Session Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1050"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bd20184c-b4ec-4ce5-8db6-6e86352d183f","type":"Microsoft.Authorization/policyDefinitions","name":"bd20184c-b4ec-4ce5-8db6-6e86352d183f"},{"properties":{"displayName":"[Preview]:
IP Forwarding on your virtual machine should be disabled","policyType":"BuiltIn","mode":"All","description":"Enabling
IP forwarding on a virtual machine''s NIC allows the machine to receive traffic
addressed to other destinations. IP forwarding is rarely required (e.g., when
@@ -6552,7 +11785,38 @@ interactions:
the latest supported Java version for the latest security classes. Using older
classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6","type":"Microsoft.Authorization/policyDefinitions","name":"be0a7681-bed4-48dc-9ff3-f0171ee170b6"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6","type":"Microsoft.Authorization/policyDefinitions","name":"be0a7681-bed4-48dc-9ff3-f0171ee170b6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1360 - Incident Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1360"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/be5b05e7-0b82-4ebc-9eda-25e447b1a41e","type":"Microsoft.Authorization/policyDefinitions","name":"be5b05e7-0b82-4ebc-9eda-25e447b1a41e"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Key Vault to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Key Vault to stream to a regional Log Analytics
+ workspace when any Key Vault which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.KeyVault/vaults/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"AuditEvent","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47","type":"Microsoft.Authorization/policyDefinitions","name":"bef3f64c-5290-43b7-85b0-9b254eef4c47"},{"properties":{"displayName":"Microsoft
+ Managed Control 1152 - System Interconnections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1152"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/beff0acf-7e67-40b2-b1ca-1a0e8205cf1b","type":"Microsoft.Authorization/policyDefinitions","name":"beff0acf-7e67-40b2-b1ca-1a0e8205cf1b"},{"properties":{"displayName":"Geo-redundant
+ storage should be enabled for Storage Accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Storage Account with geo-redundant storage not enabled.","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":["Standard_GRS","Standard_RAGRS","Standard_GZRS","Standard_RAGZRS"]}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bf045164-79ba-4215-8f95-f8048dc1780b","type":"Microsoft.Authorization/policyDefinitions","name":"bf045164-79ba-4215-8f95-f8048dc1780b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1590 - External Information System Services | Risk Assessments
+ / Organizational Approvals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1590"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bf296b8c-f391-4ea4-9198-be3c9d39dd1f","type":"Microsoft.Authorization/policyDefinitions","name":"bf296b8c-f391-4ea4-9198-be3c9d39dd1f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1446 - Physical And Environmental Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1446"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bf6850fe-abba-468e-9ef4-d09ec7d983cd","type":"Microsoft.Authorization/policyDefinitions","name":"bf6850fe-abba-468e-9ef4-d09ec7d983cd"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - Logon-Logoff''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -6573,7 +11837,41 @@ interactions:
policy governs the virtual machine extensions that are not approved.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"approvedExtensions":{"type":"Array","metadata":{"description":"The
list of approved extension types that can be installed. Example: AzureDiskEncryption","displayName":"Approved
- extensions"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines/extensions"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","notIn":"[parameters(''approvedExtensions'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432","type":"Microsoft.Authorization/policyDefinitions","name":"c0e996f8-39cf-4af9-9f45-83fbde810432"},{"properties":{"displayName":"[Deprecated]:
+ extensions"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines/extensions"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","notIn":"[parameters(''approvedExtensions'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432","type":"Microsoft.Authorization/policyDefinitions","name":"c0e996f8-39cf-4af9-9f45-83fbde810432"},{"properties":{"displayName":"Microsoft
+ Managed Control 1124 - Audit Reduction And Report Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1124"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c10152dd-78f8-4335-ae2d-ad92cc028da4","type":"Microsoft.Authorization/policyDefinitions","name":"c10152dd-78f8-4335-ae2d-ad92cc028da4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1676 - Malicious Code Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1676"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c10fb58b-56a8-489e-9ce3-7ffe24e78e4b","type":"Microsoft.Authorization/policyDefinitions","name":"c10fb58b-56a8-489e-9ce3-7ffe24e78e4b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1719 - Spam Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1719"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c13da9b4-fe14-4fe2-853a-5997c9d4215a","type":"Microsoft.Authorization/policyDefinitions","name":"c13da9b4-fe14-4fe2-853a-5997c9d4215a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1226 - Information System Component Inventory | Automated
+ Unauthorized Component Detection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1226"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c158eb1c-ae7e-4081-8057-d527140c4e0c","type":"Microsoft.Authorization/policyDefinitions","name":"c158eb1c-ae7e-4081-8057-d527140c4e0c"},{"properties":{"displayName":"Deploy
+ associations for a custom provider","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ an association resource that associates selected resource types to the specified
+ custom provider. This policy deployment does not support nested resource types.","metadata":{"category":"Custom
+ Provider"},"parameters":{"targetCustomProviderId":{"type":"String","metadata":{"displayName":"Custom
+ provider Id","description":"Resource ID of the Custom provider to which resources
+ need to be associated."}},"resourceTypesToAssociate":{"type":"Array","metadata":{"displayName":"Resource
+ types to associate","description":"The list of resource types to be associated
+ to the custom provider.","strongType":"resourceTypes"}},"associationNamePrefix":{"type":"String","metadata":{"displayName":"Association
+ name prefix","description":"Prefix to be added to the name of the association
+ resource being created."},"defaultValue":"DeployedByPolicy"}},"policyRule":{"if":{"field":"type","in":"[parameters(''resourceTypesToAssociate'')]"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.CustomProviders/Associations","name":"[concat(parameters(''associationNamePrefix''),
+ ''-'', uniqueString(parameters(''targetCustomProviderId'')))]","roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"associatedResourceName":{"type":"string"},"resourceTypesToAssociate":{"type":"string"},"targetCustomProviderId":{"type":"string"},"associationNamePrefix":{"type":"string"}},"variables":{"resourceType":"[concat(parameters(''resourceTypesToAssociate''),
+ ''/providers/associations'')]","resourceName":"[concat(parameters(''associatedResourceName''),
+ ''/microsoft.customproviders/'', parameters(''associationNamePrefix''), ''-'',
+ uniqueString(parameters(''targetCustomProviderId'')))]"},"resources":[{"type":"Microsoft.Resources/deployments","apiVersion":"2017-05-10","name":"[concat(deployment().Name,
+ ''-2'')]","properties":{"mode":"Incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[{"type":"[variables(''resourceType'')]","name":"[variables(''resourceName'')]","apiVersion":"2018-09-01-preview","properties":{"targetResourceId":"[parameters(''targetCustomProviderId'')]"}}]}}}]},"parameters":{"resourceTypesToAssociate":{"value":"[field(''type'')]"},"associatedResourceName":{"value":"[field(''name'')]"},"targetCustomProviderId":{"value":"[parameters(''targetCustomProviderId'')]"},"associationNamePrefix":{"value":"[parameters(''associationNamePrefix'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c15c281f-ea5c-44cd-90b8-fc3c14d13f0c","type":"Microsoft.Authorization/policyDefinitions","name":"c15c281f-ea5c-44cd-90b8-fc3c14d13f0c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1629 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1629"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c171b095-7756-41de-8644-a062a96043f2","type":"Microsoft.Authorization/policyDefinitions","name":"c171b095-7756-41de-8644-a062a96043f2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1004 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1004"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c17822dc-736f-4eb4-a97d-e6be662ff835","type":"Microsoft.Authorization/policyDefinitions","name":"c17822dc-736f-4eb4-a97d-e6be662ff835"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation only in Asia data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation in the following locations only: East Asia, Southeast Asia,
West India, South India, Central India, Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["eastasia","southeastasia","westindia","southindia","centralindia","japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94","type":"Microsoft.Authorization/policyDefinitions","name":"c1b9cbed-08e3-427d-b9ce-7c535b1e9b94"},{"properties":{"displayName":"[Preview]:
@@ -6595,7 +11893,9 @@ interactions:
Credential Validation;ExpectedValue'', ''='', parameters(''AuditCredentialValidation'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesAccountLogon"},"AuditCredentialValidation":{"value":"[parameters(''AuditCredentialValidation'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AuditCredentialValidation":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit
Credential Validation;ExpectedValue","value":"[parameters(''AuditCredentialValidation'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1e289c0-ffad-475d-a924-adc058765d65","type":"Microsoft.Authorization/policyDefinitions","name":"c1e289c0-ffad-475d-a924-adc058765d65"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1e289c0-ffad-475d-a924-adc058765d65","type":"Microsoft.Authorization/policyDefinitions","name":"c1e289c0-ffad-475d-a924-adc058765d65"},{"properties":{"displayName":"Microsoft
+ Managed Control 1503 - Information Security Architecture","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1503"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1fa9c2f-d439-4ab9-8b83-81fb1934f81d","type":"Microsoft.Authorization/policyDefinitions","name":"c1fa9c2f-d439-4ab9-8b83-81fb1934f81d"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that are not set to the specified time
zone","policyType":"BuiltIn","mode":"Indexed","description":"This policy creates
a Guest Configuration assignment to audit Windows virtual machines that are
@@ -6670,7 +11970,24 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines on which the specified services are not installed and ''Running''.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsServiceStatus","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a","type":"Microsoft.Authorization/policyDefinitions","name":"c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a"},{"properties":{"displayName":"System
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsServiceStatus","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a","type":"Microsoft.Authorization/policyDefinitions","name":"c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a"},{"properties":{"displayName":"Ensure
+ that ''.Net Framework'' version is the latest, if used as a part of the API
+ app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for .Net Framework software either due to security
+ flaws or to include additional functionality. Using the latest .Net framework
+ version for web apps is recommended in order to to take advantage of security
+ fixes, if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.netFrameworkVersion","in":["v3.0","v4.0"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c2e7ca55-f62c-49b2-89a4-d41eb661d2f0","type":"Microsoft.Authorization/policyDefinitions","name":"c2e7ca55-f62c-49b2-89a4-d41eb661d2f0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1176 - Baseline Configuration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1176"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c30690a5-7bf3-467f-b0cd-ef5c7c7449cd","type":"Microsoft.Authorization/policyDefinitions","name":"c30690a5-7bf3-467f-b0cd-ef5c7c7449cd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1389 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1389"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c39e6fda-ae70-4891-a739-be7bba6d1062","type":"Microsoft.Authorization/policyDefinitions","name":"c39e6fda-ae70-4891-a739-be7bba6d1062"},{"properties":{"displayName":"Microsoft
+ Managed Control 1390 - Information Spillage Response | Responsible Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1390"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c3b65b63-09ec-4cb5-8028-7dd324d10eb0","type":"Microsoft.Authorization/policyDefinitions","name":"c3b65b63-09ec-4cb5-8028-7dd324d10eb0"},{"properties":{"displayName":"System
updates on virtual machine scale sets should be installed","policyType":"BuiltIn","mode":"Indexed","description":"Audit
whether there are any missing system security updates and critical updates
that should be installed to ensure that your Windows and Linux virtual machine
@@ -6682,6 +11999,13 @@ interactions:
auditing Linux virtual machines that have accounts without passwords. For
more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid232","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","type":"Microsoft.Authorization/policyDefinitions","name":"c40c9087-1981-4e73-9f53-39743eda9d05"},{"properties":{"displayName":"Microsoft
+ Managed Control 1220 - Least Functionality | Authorized Software / Whitelisting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1220"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c40f31a7-81e1-4130-99e5-a02ceea2a1d6","type":"Microsoft.Authorization/policyDefinitions","name":"c40f31a7-81e1-4130-99e5-a02ceea2a1d6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1513 - Personnel Screening | Information With Special Protection
+ Measures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1513"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c416970d-b12b-49eb-8af4-fb144cd7c290","type":"Microsoft.Authorization/policyDefinitions","name":"c416970d-b12b-49eb-8af4-fb144cd7c290"},{"properties":{"displayName":"Microsoft
Antimalware for Azure should be configured to automatically update protection
signatures","policyType":"BuiltIn","mode":"Indexed","description":"This policy
audits any Windows virtual machine not configured with automatic update of
@@ -6690,7 +12014,22 @@ interactions:
Container Registry should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Container Registry not configured to use a virtual network
service endpoint.","metadata":{"category":"Network","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerRegistry/registries"},{"anyOf":[{"field":"Microsoft.ContainerRegistry/registries/networkRuleSet.defaultAction","notEquals":"Deny"},{"field":"Microsoft.ContainerRegistry/registries/networkRuleSet.virtualNetworkRules[*].action","exists":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c4857be7-912a-4c75-87e6-e30292bcdf78","type":"Microsoft.Authorization/policyDefinitions","name":"c4857be7-912a-4c75-87e6-e30292bcdf78"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerRegistry/registries"},{"anyOf":[{"field":"Microsoft.ContainerRegistry/registries/networkRuleSet.defaultAction","notEquals":"Deny"},{"field":"Microsoft.ContainerRegistry/registries/networkRuleSet.virtualNetworkRules[*].action","exists":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c4857be7-912a-4c75-87e6-e30292bcdf78","type":"Microsoft.Authorization/policyDefinitions","name":"c4857be7-912a-4c75-87e6-e30292bcdf78"},{"properties":{"displayName":"Microsoft
+ Managed Control 1235 - Software Usage Restrictions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1235"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c49c610b-ece4-44b3-988c-2172b70d6e46","type":"Microsoft.Authorization/policyDefinitions","name":"c49c610b-ece4-44b3-988c-2172b70d6e46"},{"properties":{"displayName":"Microsoft
+ Managed Control 1173 - Internal System Connections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1173"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c4aff9e7-2e60-46fa-86be-506b79033fc5","type":"Microsoft.Authorization/policyDefinitions","name":"c4aff9e7-2e60-46fa-86be-506b79033fc5"},{"properties":{"displayName":"Managed
+ identity should be used in your API App","policyType":"BuiltIn","mode":"Indexed","description":"Use
+ a managed identity for enhanced authentication security","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","type":"Microsoft.Authorization/policyDefinitions","name":"c4d441f8-f9d9-4a9e-9cef-e82117cb3eef"},{"properties":{"displayName":"Microsoft
+ Managed Control 1600 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1600"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c53f3123-d233-44a7-930b-f40d3bfeb7d6","type":"Microsoft.Authorization/policyDefinitions","name":"c53f3123-d233-44a7-930b-f40d3bfeb7d6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1408 - Maintenance Tools | Prevent Unauthorized Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1408"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c5f56ac6-4bb2-4086-bc41-ad76344ba2c2","type":"Microsoft.Authorization/policyDefinitions","name":"c5f56ac6-4bb2-4086-bc41-ad76344ba2c2"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that contain certificates expiring
within the specified number of days","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -6731,19 +12070,60 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateStorePath","value":"[parameters(''CertificateStorePath'')]"},{"name":"[CertificateStore]CertificateStore1;ExpirationLimitInDays","value":"[parameters(''ExpirationLimitInDays'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprintsToInclude'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToExclude","value":"[parameters(''CertificateThumbprintsToExclude'')]"},{"name":"[CertificateStore]CertificateStore1;IncludeExpiredCertificates","value":"[parameters(''IncludeExpiredCertificates'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c5fbc59e-fb6f-494f-81e2-d99a671bdaa8","type":"Microsoft.Authorization/policyDefinitions","name":"c5fbc59e-fb6f-494f-81e2-d99a671bdaa8"},{"properties":{"displayName":"Email
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c5fbc59e-fb6f-494f-81e2-d99a671bdaa8","type":"Microsoft.Authorization/policyDefinitions","name":"c5fbc59e-fb6f-494f-81e2-d99a671bdaa8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1670 - Flaw Remediation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1670"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c6108469-57ee-4666-af7e-79ba61c7ae0c","type":"Microsoft.Authorization/policyDefinitions","name":"c6108469-57ee-4666-af7e-79ba61c7ae0c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1190 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1190"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c66a3d1e-465b-4f28-9da5-aef701b59892","type":"Microsoft.Authorization/policyDefinitions","name":"c66a3d1e-465b-4f28-9da5-aef701b59892"},{"properties":{"displayName":"Microsoft
+ Managed Control 1120 - Audit Review, Analysis, And Reporting | Integration
+ / Scanning And Monitoring Capabilities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1120"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c69b870e-857b-458b-af02-bb234f7a00d3","type":"Microsoft.Authorization/policyDefinitions","name":"c69b870e-857b-458b-af02-bb234f7a00d3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1125 - Audit Reduction And Report Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1125"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c6ce745a-670e-47d3-a6c4-3cfe5ef00c10","type":"Microsoft.Authorization/policyDefinitions","name":"c6ce745a-670e-47d3-a6c4-3cfe5ef00c10"},{"properties":{"displayName":"Microsoft
+ Managed Control 1619 - Information In Shared Resources","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1619"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c722e569-cb52-45f3-a643-836547d016e1","type":"Microsoft.Authorization/policyDefinitions","name":"c722e569-cb52-45f3-a643-836547d016e1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1121 - Audit Review, Analysis, And Reporting | Correlation
+ With Physical Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1121"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c72b0eb9-1fc2-44e5-a866-e7cb0532f7c1","type":"Microsoft.Authorization/policyDefinitions","name":"c72b0eb9-1fc2-44e5-a866-e7cb0532f7c1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1353 - Incident Response Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1353"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c785ad59-f78f-44ad-9a7f-d1202318c748","type":"Microsoft.Authorization/policyDefinitions","name":"c785ad59-f78f-44ad-9a7f-d1202318c748"},{"properties":{"displayName":"Email
notifications to admins and subscription owners should be enabled in SQL server
advanced data security settings","policyType":"BuiltIn","mode":"Indexed","description":"Audit
that ''email notification to admins and subscription owners'' is enabled in
the SQL server advanced threat protection settings. This ensures that any
detections of anomalous activities on SQL server are reported as soon as possible
to the admins.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","type":"Microsoft.Authorization/policyDefinitions","name":"c8343d2f-fdc9-4a97-b76f-fc71d1163bfc"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","type":"Microsoft.Authorization/policyDefinitions","name":"c8343d2f-fdc9-4a97-b76f-fc71d1163bfc"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Batch Account to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Batch Account to stream to a regional Log Analytics
+ workspace when any Batch Account which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Batch/batchAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Batch/batchAccounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ServiceLog","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5","type":"Microsoft.Authorization/policyDefinitions","name":"c84e5349-db6d-4769-805e-e14037dab9b5"},{"properties":{"displayName":"[Deprecated]:
API App should only be accessible over HTTPS","policyType":"BuiltIn","mode":"All","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"Security
Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForApiApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d","type":"Microsoft.Authorization/policyDefinitions","name":"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForApiApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d","type":"Microsoft.Authorization/policyDefinitions","name":"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1470 - Emergency Shutoff","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1470"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c89ba09f-2e0f-44d0-8095-65b05bd151ef","type":"Microsoft.Authorization/policyDefinitions","name":"c89ba09f-2e0f-44d0-8095-65b05bd151ef"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Interactive Logon''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -6751,7 +12131,10 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - Interactive Logon''. For more information on
Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsInteractiveLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8abcef9-fc26-482f-b8db-5fa60ee4586d","type":"Microsoft.Authorization/policyDefinitions","name":"c8abcef9-fc26-482f-b8db-5fa60ee4586d"},{"properties":{"displayName":"Diagnostic
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsInteractiveLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8abcef9-fc26-482f-b8db-5fa60ee4586d","type":"Microsoft.Authorization/policyDefinitions","name":"c8abcef9-fc26-482f-b8db-5fa60ee4586d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1018 - Account Management | Role-Based Schemes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1018"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c9121abf-e698-4ee9-b1cf-71ee528ff07f","type":"Microsoft.Authorization/policyDefinitions","name":"c9121abf-e698-4ee9-b1cf-71ee528ff07f"},{"properties":{"displayName":"Diagnostic
logs in Data Lake Analytics should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
@@ -6772,13 +12155,13 @@ interactions:
and deploys the VM extension for Guest Configuration. This policy should only
be used along with its corresponding audit policy in an initiative. For more
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPendingReboot"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPendingReboot"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c96f3246-4382-4264-bf6b-af0b35e23c3c","type":"Microsoft.Authorization/policyDefinitions","name":"c96f3246-4382-4264-bf6b-af0b35e23c3c"},{"properties":{"displayName":"Deploy
Diagnostic Settings for Network Security Groups","policyType":"BuiltIn","mode":"Indexed","description":"This
policy automatically deploys diagnostic settings to network security groups.
@@ -6800,11 +12183,30 @@ interactions:
service work as intended, allow the set of trusted Microsoft services to bypass
the network rules. These services will then use strong authentication to access
the storage account.","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","exists":"true"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","notContains":"AzureServices"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","type":"Microsoft.Authorization/policyDefinitions","name":"c9d007d0-c057-4772-b18c-01e546713bcd"},{"properties":{"displayName":"Remote
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","exists":"true"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","notContains":"AzureServices"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","type":"Microsoft.Authorization/policyDefinitions","name":"c9d007d0-c057-4772-b18c-01e546713bcd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1035 - Least Privilege | Authorize Access To Security Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1035"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ca94b046-45e2-444f-a862-dc8ce262a516","type":"Microsoft.Authorization/policyDefinitions","name":"ca94b046-45e2-444f-a862-dc8ce262a516"},{"properties":{"displayName":"Microsoft
+ Managed Control 1243 - Contingency Planning Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1243"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ca9a4469-d6df-4ab2-a42f-1213c396f0ec","type":"Microsoft.Authorization/policyDefinitions","name":"ca9a4469-d6df-4ab2-a42f-1213c396f0ec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1306 - Identification And Authentication (Org. Users) | Net.
+ Access To Priv. Accts. - Replay","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1306"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff","type":"Microsoft.Authorization/policyDefinitions","name":"cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff"},{"properties":{"displayName":"Remote
debugging should be turned off for Web Applications","policyType":"BuiltIn","mode":"Indexed","description":"Remote
debugging requires inbound ports to be opened on a web application. Remote
debugging should be turned off.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","type":"Microsoft.Authorization/policyDefinitions","name":"cb510bfd-1cba-4d9f-a230-cb0976f4bb71"},{"properties":{"displayName":"Show
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","type":"Microsoft.Authorization/policyDefinitions","name":"cb510bfd-1cba-4d9f-a230-cb0976f4bb71"},{"properties":{"displayName":"Microsoft
+ Managed Control 1486 - Alternate Work Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1486"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cb790345-a51f-43de-934e-98dbfaf9dca5","type":"Microsoft.Authorization/policyDefinitions","name":"cb790345-a51f-43de-934e-98dbfaf9dca5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1167 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1167"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cbb2be76-4891-430b-95a7-ca0b0a3d1300","type":"Microsoft.Authorization/policyDefinitions","name":"cbb2be76-4891-430b-95a7-ca0b0a3d1300"},{"properties":{"displayName":"Microsoft
+ Managed Control 1374 - Incident Response Assistance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1374"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cc5c8616-52ef-4e5e-8000-491634ed9249","type":"Microsoft.Authorization/policyDefinitions","name":"cc5c8616-52ef-4e5e-8000-491634ed9249"},{"properties":{"displayName":"Show
audit results from Windows VMs in which the Administrators group does not
contain only the specified members","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -6823,7 +12225,10 @@ interactions:
policy enables you to specify a set of virtual machine SKUs that your organization
can deploy.","metadata":{"category":"Compute"},"parameters":{"listOfAllowedSKUs":{"type":"Array","metadata":{"description":"The
list of SKUs that can be specified for virtual machines.","displayName":"Allowed
- SKUs","strongType":"VMSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"field":"Microsoft.Compute/virtualMachines/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3","type":"Microsoft.Authorization/policyDefinitions","name":"cccc23c7-8427-4f53-ad12-b6a63eb452b3"},{"properties":{"displayName":"Inherit
+ SKUs","strongType":"VMSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"field":"Microsoft.Compute/virtualMachines/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3","type":"Microsoft.Authorization/policyDefinitions","name":"cccc23c7-8427-4f53-ad12-b6a63eb452b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1443 - Media Use","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1443"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd0ec6fa-a2e7-4361-aee4-a8688659a9ed","type":"Microsoft.Authorization/policyDefinitions","name":"cd0ec6fa-a2e7-4361-aee4-a8688659a9ed"},{"properties":{"displayName":"Inherit
a tag from the resource group","policyType":"BuiltIn","mode":"Indexed","description":"Adds
or replaces the specified tag and value from the parent resource group when
any resource is created or updated. Existing resources can be remediated by
@@ -6832,13 +12237,19 @@ interactions:
parameters(''tagName''), '']'')]","notEquals":"[resourceGroup().tags[parameters(''tagName'')]]"},{"value":"[resourceGroup().tags[parameters(''tagName'')]]","notEquals":""}]},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"addOrReplace","field":"[concat(''tags['',
parameters(''tagName''), '']'')]","value":"[resourceGroup().tags[parameters(''tagName'')]]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd3aa116-8754-49c9-a813-ad46512ece54","type":"Microsoft.Authorization/policyDefinitions","name":"cd3aa116-8754-49c9-a813-ad46512ece54"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation if ''department'' tag set","policyType":"BuiltIn","mode":"Indexed","description":"Allows
- resource creation only if the ''department'' tag is set","metadata":{"category":"Tags","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags","containsKey":"department"}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064","type":"Microsoft.Authorization/policyDefinitions","name":"cd8dc879-a2ae-43c3-8211-1877c5755064"},{"properties":{"displayName":"[Preview]:
+ resource creation only if the ''department'' tag is set","metadata":{"category":"Tags","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags","containsKey":"department"}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064","type":"Microsoft.Authorization/policyDefinitions","name":"cd8dc879-a2ae-43c3-8211-1877c5755064"},{"properties":{"displayName":"Microsoft
+ Managed Control 1582 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1582"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd9e2f38-259b-462c-bfad-0ad7ab4e65c5","type":"Microsoft.Authorization/policyDefinitions","name":"cd9e2f38-259b-462c-bfad-0ad7ab4e65c5"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that allow re-use of the previous 24 passwords","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that allow re-use of the previous 24 passwords.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","type":"Microsoft.Authorization/policyDefinitions","name":"cdbf72d9-ac9c-4026-8a3a-491a5ac59293"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","type":"Microsoft.Authorization/policyDefinitions","name":"cdbf72d9-ac9c-4026-8a3a-491a5ac59293"},{"properties":{"displayName":"Microsoft
+ Managed Control 1104 - Audit Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1104"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cdd8d244-18b2-4306-a1d1-df175ae0935f","type":"Microsoft.Authorization/policyDefinitions","name":"cdd8d244-18b2-4306-a1d1-df175ae0935f"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - Privilege Use''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -6849,14 +12260,37 @@ interactions:
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPrivilegeUse","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesPrivilegeUse"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ce2370f6-0ac5-4d85-8ab4-10721cc640b0","type":"Microsoft.Authorization/policyDefinitions","name":"ce2370f6-0ac5-4d85-8ab4-10721cc640b0"},{"properties":{"displayName":"Diagnostic
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ce2370f6-0ac5-4d85-8ab4-10721cc640b0","type":"Microsoft.Authorization/policyDefinitions","name":"ce2370f6-0ac5-4d85-8ab4-10721cc640b0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1209 - Configuration Settings","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1209"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ce669c31-9103-4552-ae9c-cdef4e03580d","type":"Microsoft.Authorization/policyDefinitions","name":"ce669c31-9103-4552-ae9c-cdef4e03580d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1242 - Contingency Planning Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1242"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf3b3293-667a-445e-a722-fa0b0afc0958","type":"Microsoft.Authorization/policyDefinitions","name":"cf3b3293-667a-445e-a722-fa0b0afc0958"},{"properties":{"displayName":"Microsoft
+ Managed Control 1097 - Role-Based Security Training | Suspicious Communications
+ And Anomalous System Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1097"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf3e4836-f19e-47eb-a8cd-c3ca150452c0","type":"Microsoft.Authorization/policyDefinitions","name":"cf3e4836-f19e-47eb-a8cd-c3ca150452c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1424 - Maintenance Personnel | Individuals Without Appropriate
+ Access","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1424"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf55fc87-48e1-4676-a2f8-d9a8cf993283","type":"Microsoft.Authorization/policyDefinitions","name":"cf55fc87-48e1-4676-a2f8-d9a8cf993283"},{"properties":{"displayName":"Diagnostic
logs in Key Vault should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Key Vault"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","type":"Microsoft.Authorization/policyDefinitions","name":"cf820ca0-f99e-4f3e-84fb-66e913812d21"},{"properties":{"displayName":"Add
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","type":"Microsoft.Authorization/policyDefinitions","name":"cf820ca0-f99e-4f3e-84fb-66e913812d21"},{"properties":{"displayName":"Microsoft
+ Managed Control 1292 - Information System Backup | Test Restoration Using
+ Sampling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1292"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d03516cf-0293-489f-9b32-a18f2a79f836","type":"Microsoft.Authorization/policyDefinitions","name":"d03516cf-0293-489f-9b32-a18f2a79f836"},{"properties":{"displayName":"Microsoft
+ Managed Control 1724 - Error Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1724"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d07594d1-0307-4c08-94db-5d71ff31f0f6","type":"Microsoft.Authorization/policyDefinitions","name":"d07594d1-0307-4c08-94db-5d71ff31f0f6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1084 - Publicly Accessible Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1084"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d0eb15db-dd1c-4d1d-b200-b12dd6cd060c","type":"Microsoft.Authorization/policyDefinitions","name":"d0eb15db-dd1c-4d1d-b200-b12dd6cd060c"},{"properties":{"displayName":"Add
or replace a tag on resource groups","policyType":"BuiltIn","mode":"All","description":"Adds
or replaces the specified tag and value when any resource group is created
or updated. Existing resource groups can be remediated by triggering a remediation
@@ -6872,11 +12306,30 @@ interactions:
connections between your database server and your client applications helps
protect against ''man-in-the-middle'' attacks by encrypting the data stream
between the server and your application","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","type":"Microsoft.Authorization/policyDefinitions","name":"d158790f-bfb0-486c-8631-2dc6b4e8e6af"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","type":"Microsoft.Authorization/policyDefinitions","name":"d158790f-bfb0-486c-8631-2dc6b4e8e6af"},{"properties":{"displayName":"Microsoft
+ Managed Control 1620 - Denial Of Service Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1620"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d17c826b-1dec-43e1-a984-7b71c446649c","type":"Microsoft.Authorization/policyDefinitions","name":"d17c826b-1dec-43e1-a984-7b71c446649c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1409 - Maintenance Tools | Prevent Unauthorized Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1409"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d1880188-e51a-4772-b2ab-68f5e8bd27f6","type":"Microsoft.Authorization/policyDefinitions","name":"d1880188-e51a-4772-b2ab-68f5e8bd27f6"},{"properties":{"displayName":"[Deprecated]:
Audit Function Apps that are not using custom domains","policyType":"BuiltIn","mode":"All","description":"Use
of custom domains protects a Function app from common attacks such as phishing
and other DNS-related attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c","type":"Microsoft.Authorization/policyDefinitions","name":"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c","type":"Microsoft.Authorization/policyDefinitions","name":"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1195 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1195"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d1e1d65c-1013-4484-bd54-991332e6a0d2","type":"Microsoft.Authorization/policyDefinitions","name":"d1e1d65c-1013-4484-bd54-991332e6a0d2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1721 - Spam Protection | Central Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1721"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a","type":"Microsoft.Authorization/policyDefinitions","name":"d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1106 - Audit Events | Reviews And Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1106"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d2b4feae-61ab-423f-a4c5-0e38ac4464d8","type":"Microsoft.Authorization/policyDefinitions","name":"d2b4feae-61ab-423f-a4c5-0e38ac4464d8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1030 - Information Flow Enforcement | Physical / Logical Separation
+ Of Information Flows","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1030"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d3531453-b869-4606-9122-29c1cd6e7ed1","type":"Microsoft.Authorization/policyDefinitions","name":"d3531453-b869-4606-9122-29c1cd6e7ed1"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs on which the DSC configuration is
not compliant","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows VMs on which
@@ -6886,30 +12339,127 @@ interactions:
Configuration. This policy should only be used along with its corresponding
audit policy in an initiative. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDscConfiguration","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDscConfiguration"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d38b4c26-9d2e-47d7-aefe-18d859a8706a","type":"Microsoft.Authorization/policyDefinitions","name":"d38b4c26-9d2e-47d7-aefe-18d859a8706a"},{"properties":{"displayName":"Virtual
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDscConfiguration","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDscConfiguration"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d38b4c26-9d2e-47d7-aefe-18d859a8706a","type":"Microsoft.Authorization/policyDefinitions","name":"d38b4c26-9d2e-47d7-aefe-18d859a8706a"},{"properties":{"displayName":"Long-term
+ geo-redundant backup should be enabled for Azure SQL Databases","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure SQL Database with long-term geo-redundant backup not
+ enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies","name":"default","existenceCondition":{"anyOf":[{"field":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies/weeklyRetention","notEquals":"PT0S"},{"field":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies/monthlyRetention","notEquals":"PT0S"},{"field":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies/yearlyRetention","notEquals":"PT0S"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","type":"Microsoft.Authorization/policyDefinitions","name":"d38fc420-0735-4ef3-ac11-c806f651a570"},{"properties":{"displayName":"Microsoft
+ Managed Control 1641 - Transmission Confidentiality And Integrity | Cryptographic
+ Or Alternate Physical Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1641"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d39d4f68-7346-4133-8841-15318a714a24","type":"Microsoft.Authorization/policyDefinitions","name":"d39d4f68-7346-4133-8841-15318a714a24"},{"properties":{"displayName":"Microsoft
+ Managed Control 1249 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1249"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d3bf4251-0818-42db-950b-afd5b25a51c2","type":"Microsoft.Authorization/policyDefinitions","name":"d3bf4251-0818-42db-950b-afd5b25a51c2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1562 - Allocation Of Resources","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1562"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d4142013-7964-4163-a313-a900301c2cef","type":"Microsoft.Authorization/policyDefinitions","name":"d4142013-7964-4163-a313-a900301c2cef"},{"properties":{"displayName":"Virtual
machines should be connected to an approved virtual network","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any virtual machine connected to a virtual network that is not
approved.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"virtualNetworkId":{"type":"String","metadata":{"displayName":"Virtual
- network Id","description":"Resource Id of the virtual network. Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroupName/providers/Microsoft.Network/virtualNetworks/Name"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"not":{"field":"Microsoft.Network/networkInterfaces/ipconfigurations[*].subnet.id","like":"[concat(parameters(''virtualNetworkId''),''/*'')]"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d416745a-506c-48b6-8ab1-83cb814bcaa3","type":"Microsoft.Authorization/policyDefinitions","name":"d416745a-506c-48b6-8ab1-83cb814bcaa3"},{"properties":{"displayName":"Event
+ network Id","description":"Resource Id of the virtual network. Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroupName/providers/Microsoft.Network/virtualNetworks/Name"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"not":{"field":"Microsoft.Network/networkInterfaces/ipconfigurations[*].subnet.id","like":"[concat(parameters(''virtualNetworkId''),''/*'')]"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d416745a-506c-48b6-8ab1-83cb814bcaa3","type":"Microsoft.Authorization/policyDefinitions","name":"d416745a-506c-48b6-8ab1-83cb814bcaa3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1383 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1383"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d4558451-e16a-4d2d-a066-fe12a6282bb9","type":"Microsoft.Authorization/policyDefinitions","name":"d4558451-e16a-4d2d-a066-fe12a6282bb9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1112 - Response To Audit Processing Failures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1112"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d530aad8-4ee2-45f4-b234-c061dae683c0","type":"Microsoft.Authorization/policyDefinitions","name":"d530aad8-4ee2-45f4-b234-c061dae683c0"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Data Lake Analytics to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Analytics to stream to a regional Log
+ Analytics workspace when any Data Lake Analytics which is missing this diagnostic
+ settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeAnalytics/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeAnalytics/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03","type":"Microsoft.Authorization/policyDefinitions","name":"d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03"},{"properties":{"displayName":"Microsoft
+ Managed Control 1585 - Security Engineering Principles","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1585"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d57f8732-5cdc-4cda-8d27-ab148e1f3a55","type":"Microsoft.Authorization/policyDefinitions","name":"d57f8732-5cdc-4cda-8d27-ab148e1f3a55"},{"properties":{"displayName":"Microsoft
+ Managed Control 1667 - System And Information Integrity Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1667"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d61880dc-6e38-4f2a-a30c-3406a98f8220","type":"Microsoft.Authorization/policyDefinitions","name":"d61880dc-6e38-4f2a-a30c-3406a98f8220"},{"properties":{"displayName":"Microsoft
+ Managed Control 1150 - Security Assessments | External Organizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1150"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d630429d-e763-40b1-8fba-d20ba7314afb","type":"Microsoft.Authorization/policyDefinitions","name":"d630429d-e763-40b1-8fba-d20ba7314afb"},{"properties":{"displayName":"Event
Hub should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Event Hub not configured to use a virtual network service
endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.EventHub/namespaces/virtualNetworkRules","existenceCondition":{"field":"Microsoft.EventHub/namespaces/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d63edb4a-c612-454d-b47d-191a724fcbf0","type":"Microsoft.Authorization/policyDefinitions","name":"d63edb4a-c612-454d-b47d-191a724fcbf0"},{"properties":{"displayName":"Show
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.EventHub/namespaces/virtualNetworkRules","existenceCondition":{"field":"Microsoft.EventHub/namespaces/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d63edb4a-c612-454d-b47d-191a724fcbf0","type":"Microsoft.Authorization/policyDefinitions","name":"d63edb4a-c612-454d-b47d-191a724fcbf0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1549 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1549"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d6976a08-d969-4df2-bb38-29556c2eb48a","type":"Microsoft.Authorization/policyDefinitions","name":"d6976a08-d969-4df2-bb38-29556c2eb48a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1473 - Emergency Power","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1473"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d7047705-d719-46a7-8bb0-76ad233eba71","type":"Microsoft.Authorization/policyDefinitions","name":"d7047705-d719-46a7-8bb0-76ad233eba71"},{"properties":{"displayName":"Microsoft
+ Managed Control 1529 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1529"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d74fdc92-1cb8-4a34-9978-8556425cd14c","type":"Microsoft.Authorization/policyDefinitions","name":"d74fdc92-1cb8-4a34-9978-8556425cd14c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1350 - Identification And Authentication (Non-Org. Users)
+ | Use Of FICAM-Issued Profiles","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1350"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d77fd943-6ba6-4a21-ba07-22b03e347cc4","type":"Microsoft.Authorization/policyDefinitions","name":"d77fd943-6ba6-4a21-ba07-22b03e347cc4"},{"properties":{"displayName":"Show
audit results from Windows Server VMs on which Windows Serial Console is not
enabled","policyType":"BuiltIn","mode":"All","description":"This policy should
only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
Server virtual machines on which Windows Serial Console is not enabled. For
more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsSerialConsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d7ccd0ca-8d78-42af-a43d-6b7f928accbc","type":"Microsoft.Authorization/policyDefinitions","name":"d7ccd0ca-8d78-42af-a43d-6b7f928accbc"},{"properties":{"displayName":"[Deprecated]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsSerialConsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d7ccd0ca-8d78-42af-a43d-6b7f928accbc","type":"Microsoft.Authorization/policyDefinitions","name":"d7ccd0ca-8d78-42af-a43d-6b7f928accbc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1016 - Account Management | Automated Audit Actions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1016"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d8b43277-512e-40c3-ab00-14b3b6e72238","type":"Microsoft.Authorization/policyDefinitions","name":"d8b43277-512e-40c3-ab00-14b3b6e72238"},{"properties":{"displayName":"Microsoft
+ Managed Control 1488 - Alternate Work Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1488"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d8ef30eb-a44f-47af-8524-ac19a36d41d2","type":"Microsoft.Authorization/policyDefinitions","name":"d8ef30eb-a44f-47af-8524-ac19a36d41d2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1577 - Acquisition Process | Continuous Monitoring Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1577"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d922484a-8cfc-4a6b-95a4-77d6a685407f","type":"Microsoft.Authorization/policyDefinitions","name":"d922484a-8cfc-4a6b-95a4-77d6a685407f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1271 - Alternate Storage Site | Accessibility","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1271"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/da3bfb53-9c46-4010-b3db-a7ba1296dada","type":"Microsoft.Authorization/policyDefinitions","name":"da3bfb53-9c46-4010-b3db-a7ba1296dada"},{"properties":{"displayName":"Microsoft
+ Managed Control 1516 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1516"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/da3cd269-156f-435b-b472-c3af34c032ed","type":"Microsoft.Authorization/policyDefinitions","name":"da3cd269-156f-435b-b472-c3af34c032ed"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Batch Account to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Batch Account to stream to a regional Event Hub
+ when any Batch Account which is missing this diagnostic settings is created
+ or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Batch/batchAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Batch/batchAccounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ServiceLog","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/db51110f-0865-4a6e-b274-e2e07a5b2cd7","type":"Microsoft.Authorization/policyDefinitions","name":"db51110f-0865-4a6e-b274-e2e07a5b2cd7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1277 - Alternate Processing Site | Priority Of Service","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1277"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dc43e829-3d50-4a0a-aa0f-428d551862aa","type":"Microsoft.Authorization/policyDefinitions","name":"dc43e829-3d50-4a0a-aa0f-428d551862aa"},{"properties":{"displayName":"Microsoft
+ Managed Control 1439 - Media Sanitization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1439"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dce72873-c5f1-47c3-9b4f-6b8207fd5a45","type":"Microsoft.Authorization/policyDefinitions","name":"dce72873-c5f1-47c3-9b4f-6b8207fd5a45"},{"properties":{"displayName":"Microsoft
+ Managed Control 1264 - Contingency Plan Testing | Coordinate With Related
+ Plans","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1264"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd280d4b-50a1-42fb-a479-ece5878acf19","type":"Microsoft.Authorization/policyDefinitions","name":"dd280d4b-50a1-42fb-a479-ece5878acf19"},{"properties":{"displayName":"[Deprecated]:
Audit Web Applications that are not using custom domains","policyType":"BuiltIn","mode":"All","description":"Use
of custom domains protects a web application from common attacks such as phishing
and other DNS-related attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -6921,7 +12471,23 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''System Audit Policies - Policy Change''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPolicyChange","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd4680ed-0559-4a6a-ad10-081d14cbb484","type":"Microsoft.Authorization/policyDefinitions","name":"dd4680ed-0559-4a6a-ad10-081d14cbb484"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPolicyChange","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd4680ed-0559-4a6a-ad10-081d14cbb484","type":"Microsoft.Authorization/policyDefinitions","name":"dd4680ed-0559-4a6a-ad10-081d14cbb484"},{"properties":{"displayName":"Microsoft
+ Managed Control 1715 - Software, Firmware, And Information Integrity | Automated
+ Response To Integrity Violations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1715"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd469ae0-71a8-4adc-aafc-de6949ca3339","type":"Microsoft.Authorization/policyDefinitions","name":"dd469ae0-71a8-4adc-aafc-de6949ca3339"},{"properties":{"displayName":"Microsoft
+ Managed Control 1678 - Malicious Code Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1678"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd533cb0-b416-4be7-8e86-4d154824dfd7","type":"Microsoft.Authorization/policyDefinitions","name":"dd533cb0-b416-4be7-8e86-4d154824dfd7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1391 - Information Spillage Response | Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1391"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd6ac1a1-660e-4810-baa8-74e868e2ed47","type":"Microsoft.Authorization/policyDefinitions","name":"dd6ac1a1-660e-4810-baa8-74e868e2ed47"},{"properties":{"displayName":"Microsoft
+ Managed Control 1146 - Security Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1146"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd83410c-ecb6-4547-8f14-748c3cbdc7ac","type":"Microsoft.Authorization/policyDefinitions","name":"dd83410c-ecb6-4547-8f14-748c3cbdc7ac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1602 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1602"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ddae2e97-a449-499f-a1c8-aea4a7e52ec9","type":"Microsoft.Authorization/policyDefinitions","name":"ddae2e97-a449-499f-a1c8-aea4a7e52ec9"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Settings
- Account Policies''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -6946,13 +12512,26 @@ interactions:
''='', parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsRecoveryconsole"},"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Recovery
console: Allow floppy copy and access to all drives and all folders;ExpectedValue","value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b","type":"Microsoft.Authorization/policyDefinitions","name":"ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b"},{"properties":{"displayName":"[Deprecated]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b","type":"Microsoft.Authorization/policyDefinitions","name":"ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1689 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1689"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/de901f2f-a01a-4456-97f0-33cda7966172","type":"Microsoft.Authorization/policyDefinitions","name":"de901f2f-a01a-4456-97f0-33cda7966172"},{"properties":{"displayName":"Microsoft
+ Managed Control 1528 - Access Agreements","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1528"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/deb9797c-22f8-40e8-b342-a84003c924e6","type":"Microsoft.Authorization/policyDefinitions","name":"deb9797c-22f8-40e8-b342-a84003c924e6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1673 - Flaw Remediation | Automated Flaw Remediation Status","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1673"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dff0b90d-5a6f-491c-b2f8-b90aa402d844","type":"Microsoft.Authorization/policyDefinitions","name":"dff0b90d-5a6f-491c-b2f8-b90aa402d844"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation only in Japan data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation in the following locations only: Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697","type":"Microsoft.Authorization/policyDefinitions","name":"e01598e8-6538-41ed-95e8-8b29746cd697"},{"properties":{"displayName":"Cosmos
DB should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Cosmos DB not configured to use a virtual network service
endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"field":"Microsoft.DocumentDB/databaseAccounts/virtualNetworkRules[*].id","exists":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9","type":"Microsoft.Authorization/policyDefinitions","name":"e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9"},{"properties":{"displayName":"Deploy
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"field":"Microsoft.DocumentDB/databaseAccounts/virtualNetworkRules[*].id","exists":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9","type":"Microsoft.Authorization/policyDefinitions","name":"e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1206 - Access Restrictions For Change | Limit Production /
+ Operational Privileges","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1206"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0de232d-02a0-4652-872d-88afb4ae5e91","type":"Microsoft.Authorization/policyDefinitions","name":"e0de232d-02a0-4652-872d-88afb4ae5e91"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that do not have the specified Windows
PowerShell execution policy","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -6970,11 +12549,36 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellExecutionPolicy]PowerShellExecutionPolicy1;ExecutionPolicy","value":"[parameters(''ExecutionPolicy'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0efc13a-122a-47c5-b817-2ccfe5d12615","type":"Microsoft.Authorization/policyDefinitions","name":"e0efc13a-122a-47c5-b817-2ccfe5d12615"},{"properties":{"displayName":"Vulnerabilities
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0efc13a-122a-47c5-b817-2ccfe5d12615","type":"Microsoft.Authorization/policyDefinitions","name":"e0efc13a-122a-47c5-b817-2ccfe5d12615"},{"properties":{"displayName":"Microsoft
+ Managed Control 1714 - Software, Firmware, And Information Integrity | Automated
+ Notifications Of Integrity Violations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1714"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e12494fa-b81e-4080-af71-7dbacc2da0ec","type":"Microsoft.Authorization/policyDefinitions","name":"e12494fa-b81e-4080-af71-7dbacc2da0ec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1686 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1686"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e17085c5-0be8-4423-b39b-a52d3d1402e5","type":"Microsoft.Authorization/policyDefinitions","name":"e17085c5-0be8-4423-b39b-a52d3d1402e5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1722 - Spam Protection | Automatic Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1722"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1da06bd-25b6-4127-a301-c313d6873fff","type":"Microsoft.Authorization/policyDefinitions","name":"e1da06bd-25b6-4127-a301-c313d6873fff"},{"properties":{"displayName":"Vulnerabilities
in security configuration on your machines should be remediated","policyType":"BuiltIn","mode":"All","description":"Servers
which do not satisfy the configured baseline will be monitored by Azure Security
Center as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"osVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","type":"Microsoft.Authorization/policyDefinitions","name":"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"osVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","type":"Microsoft.Authorization/policyDefinitions","name":"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15"},{"properties":{"displayName":"Microsoft
+ Managed Control 1047 - System Use Notification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1047"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62","type":"Microsoft.Authorization/policyDefinitions","name":"e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62"},{"properties":{"displayName":"Microsoft
+ Managed Control 1276 - Alternate Processing Site | Accessibility","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1276"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e214e563-1206-4a43-a56b-ac5880c9c571","type":"Microsoft.Authorization/policyDefinitions","name":"e214e563-1206-4a43-a56b-ac5880c9c571"},{"properties":{"displayName":"Microsoft
+ Managed Control 1560 - System And Services Acquisition Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1560"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e29e0915-5c2f-4d09-8806-048b749ad763","type":"Microsoft.Authorization/policyDefinitions","name":"e29e0915-5c2f-4d09-8806-048b749ad763"},{"properties":{"displayName":"Ensure
+ that ''HTTP Version'' is the latest, if used to run the Function app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for HTTP either due to security flaws or to include
+ additional functionality. Using the latest HTTP version for web apps to take
+ advantage of security fixes, if any, and/or new functionalities of the newer
+ version.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.http20Enabled","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c","type":"Microsoft.Authorization/policyDefinitions","name":"e2c1c086-2d84-4019-bff3-c44ccd95113c"},{"properties":{"displayName":"[Preview]:
Audit Dependency Agent Deployment in VMSS - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports
VMSS as non-compliant if the VM Image (OS) is not in the list defined and
the agent is not installed. The list of OS images will be updated over time
@@ -6982,7 +12586,16 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10","type":"Microsoft.Authorization/policyDefinitions","name":"e2dd799a-a932-4e9d-ac17-d473bc3c6c10"},{"properties":{"displayName":"Azure
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10","type":"Microsoft.Authorization/policyDefinitions","name":"e2dd799a-a932-4e9d-ac17-d473bc3c6c10"},{"properties":{"displayName":"Microsoft
+ Managed Control 1161 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1161"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2f8f6c6-dde4-436b-a79d-bc50e129eb3a","type":"Microsoft.Authorization/policyDefinitions","name":"e2f8f6c6-dde4-436b-a79d-bc50e129eb3a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1387 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1387"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3007185-3857-43a9-8237-06ca94f1084c","type":"Microsoft.Authorization/policyDefinitions","name":"e3007185-3857-43a9-8237-06ca94f1084c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1479 - Fire Protection | Automatic Fire Suppression","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1479"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e327b072-281d-4f75-9c28-4216e5d72f26","type":"Microsoft.Authorization/policyDefinitions","name":"e327b072-281d-4f75-9c28-4216e5d72f26"},{"properties":{"displayName":"Azure
VPN gateways should not use ''basic'' SKU","policyType":"BuiltIn","mode":"All","description":"This
policy ensures that VPN gateways do not use ''basic'' SKU.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/virtualNetworkGateways"},{"field":"Microsoft.Network/virtualNetworkGateways/gatewayType","equals":"Vpn"},{"field":"Microsoft.Network/virtualNetworkGateways/sku.tier","equals":"Basic"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e345b6c3-24bd-4c93-9bbb-7e5e49a17b78","type":"Microsoft.Authorization/policyDefinitions","name":"e345b6c3-24bd-4c93-9bbb-7e5e49a17b78"},{"properties":{"displayName":"MFA
@@ -7033,7 +12646,13 @@ interactions:
password age;ExpectedValue","value":"[parameters(''MinimumPasswordAge'')]"},{"name":"Minimum
password length;ExpectedValue","value":"[parameters(''MinimumPasswordLength'')]"},{"name":"Password
must meet complexity requirements;ExpectedValue","value":"[parameters(''PasswordMustMeetComplexityRequirements'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3d95ab7-f47a-49d8-a347-784177b6c94c","type":"Microsoft.Authorization/policyDefinitions","name":"e3d95ab7-f47a-49d8-a347-784177b6c94c"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3d95ab7-f47a-49d8-a347-784177b6c94c","type":"Microsoft.Authorization/policyDefinitions","name":"e3d95ab7-f47a-49d8-a347-784177b6c94c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1451 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1451"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3f1e5a3-25c1-4476-8cb6-3955031f8e65","type":"Microsoft.Authorization/policyDefinitions","name":"e3f1e5a3-25c1-4476-8cb6-3955031f8e65"},{"properties":{"displayName":"Microsoft
+ Managed Control 1357 - Incident Response Training | Automated Training Environments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1357"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e4213689-05e8-4241-9d4e-8dd1cdafd105","type":"Microsoft.Authorization/policyDefinitions","name":"e4213689-05e8-4241-9d4e-8dd1cdafd105"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- User Account Control''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -7065,14 +12684,36 @@ interactions:
Approval Mode;ExpectedValue","value":"[parameters(''UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode'')]"},{"name":"User
Account Control: Detect application installations and prompt for elevation;ExpectedValue","value":"[parameters(''UACDetectApplicationInstallationsAndPromptForElevation'')]"},{"name":"User
Account Control: Run all administrators in Admin Approval Mode;ExpectedValue","value":"[parameters(''UACRunAllAdministratorsInAdminApprovalMode'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e425e402-a050-45e5-b010-bd3f934589fc","type":"Microsoft.Authorization/policyDefinitions","name":"e425e402-a050-45e5-b010-bd3f934589fc"},{"properties":{"displayName":"Allowed
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e425e402-a050-45e5-b010-bd3f934589fc","type":"Microsoft.Authorization/policyDefinitions","name":"e425e402-a050-45e5-b010-bd3f934589fc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1340 - Authenticator Management | No Embedded Unencrypted
+ Static Authenticators","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1340"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e51ff84b-e5ea-408f-b651-2ecc2933e4c6","type":"Microsoft.Authorization/policyDefinitions","name":"e51ff84b-e5ea-408f-b651-2ecc2933e4c6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1381 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1381"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e5368258-9684-4567-8126-269f34e65eab","type":"Microsoft.Authorization/policyDefinitions","name":"e5368258-9684-4567-8126-269f34e65eab"},{"properties":{"displayName":"Microsoft
+ Managed Control 1421 - Maintenance Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1421"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e539caaa-da8c-41b8-9e1e-449851e2f7a6","type":"Microsoft.Authorization/policyDefinitions","name":"e539caaa-da8c-41b8-9e1e-449851e2f7a6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1716 - Software, Firmware, And Information Integrity | Integration
+ Of Detection And Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1716"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e54c325e-42a0-4dcf-b105-046e0f6f590f","type":"Microsoft.Authorization/policyDefinitions","name":"e54c325e-42a0-4dcf-b105-046e0f6f590f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1023 - Account Management | Usage Conditions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1023"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e55698b6-3dea-4aa9-99b9-d8218c6ab6e5","type":"Microsoft.Authorization/policyDefinitions","name":"e55698b6-3dea-4aa9-99b9-d8218c6ab6e5"},{"properties":{"displayName":"Allowed
locations","policyType":"BuiltIn","mode":"Indexed","description":"This policy
enables you to restrict the locations your organization can specify when deploying
resources. Use to enforce your geo-compliance requirements. Excludes resource
groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources that
use the ''global'' region.","metadata":{"category":"General"},"parameters":{"listOfAllowedLocations":{"type":"Array","metadata":{"description":"The
list of locations that can be specified when deploying resources.","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"allOf":[{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"},{"field":"location","notEquals":"global"},{"field":"type","notEquals":"Microsoft.AzureActiveDirectory/b2cDirectories"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","type":"Microsoft.Authorization/policyDefinitions","name":"e56962a6-4747-49cd-b67b-bf8b01975c4c"},{"properties":{"displayName":"[Preview]:
+ locations"}}},"policyRule":{"if":{"allOf":[{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"},{"field":"location","notEquals":"global"},{"field":"type","notEquals":"Microsoft.AzureActiveDirectory/b2cDirectories"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","type":"Microsoft.Authorization/policyDefinitions","name":"e56962a6-4747-49cd-b67b-bf8b01975c4c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1296 - Information System Recovery And Reconstitution | Transaction
+ Recovery","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1296"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e57b98a0-a011-4956-a79d-5d17ed8b8e48","type":"Microsoft.Authorization/policyDefinitions","name":"e57b98a0-a011-4956-a79d-5d17ed8b8e48"},{"properties":{"displayName":"Microsoft
+ Managed Control 1499 - Rules Of Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1499"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e59671ab-9720-4ee2-9c60-170e8c82251e","type":"Microsoft.Authorization/policyDefinitions","name":"e59671ab-9720-4ee2-9c60-170e8c82251e"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Accounts''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -7092,29 +12733,49 @@ interactions:
the latest supported Node.js version for the latest security classes. Using
older classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestNodeJS","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008","type":"Microsoft.Authorization/policyDefinitions","name":"e67687e8-08d5-4e7f-8226-5b4753bba008"},{"properties":{"displayName":"Subnets
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestNodeJS","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008","type":"Microsoft.Authorization/policyDefinitions","name":"e67687e8-08d5-4e7f-8226-5b4753bba008"},{"properties":{"displayName":"Microsoft
+ Managed Control 1465 - Monitoring Physical Access | Monitoring Physical Access
+ To Information Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1465"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e6e41554-86b5-4537-9f7f-4fc41a1d1640","type":"Microsoft.Authorization/policyDefinitions","name":"e6e41554-86b5-4537-9f7f-4fc41a1d1640"},{"properties":{"displayName":"Subnets
should be associated with a Network Security Group","policyType":"BuiltIn","mode":"All","description":"Protect
your subnet from potential threats by restricting access to it with a Network
Security Group (NSG). NSGs contain a list of Access Control List (ACL) rules
that allow or deny network traffic to your subnet.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnSubnets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","type":"Microsoft.Authorization/policyDefinitions","name":"e71308d3-144b-4262-b144-efdc3cc90517"},{"properties":{"displayName":"Advanced
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnSubnets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","type":"Microsoft.Authorization/policyDefinitions","name":"e71308d3-144b-4262-b144-efdc3cc90517"},{"properties":{"displayName":"Microsoft
+ Managed Control 1567 - System Development Life Cycle","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1567"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e72edbf6-aa61-436d-a227-0f32b77194b3","type":"Microsoft.Authorization/policyDefinitions","name":"e72edbf6-aa61-436d-a227-0f32b77194b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1311 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1311"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e7568697-0c9e-4ea3-9cec-9e567d14f3c6","type":"Microsoft.Authorization/policyDefinitions","name":"e7568697-0c9e-4ea3-9cec-9e567d14f3c6"},{"properties":{"displayName":"Advanced
Threat Protection types should be set to ''All'' in SQL server Advanced Data
Security settings","policyType":"BuiltIn","mode":"Indexed","description":"It
is recommended to enable all Advanced Threat Protection types on your SQL
servers. Enabling all types protects against SQL injection, database vulnerabilities,
and any other anomalous activities.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/disabledAlerts[*]","equals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","type":"Microsoft.Authorization/policyDefinitions","name":"e756b945-1b1b-480b-8de8-9a0859d5f7ad"},{"properties":{"displayName":"Allowed
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/disabledAlerts[*]","equals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","type":"Microsoft.Authorization/policyDefinitions","name":"e756b945-1b1b-480b-8de8-9a0859d5f7ad"},{"properties":{"displayName":"Microsoft
+ Managed Control 1154 - System Interconnections | Unclassified Non-National
+ Security System Connections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1154"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e757ceb9-93b3-45fe-a4f4-f43f64f1ac5a","type":"Microsoft.Authorization/policyDefinitions","name":"e757ceb9-93b3-45fe-a4f4-f43f64f1ac5a"},{"properties":{"displayName":"Allowed
locations for resource groups","policyType":"BuiltIn","mode":"All","description":"This
policy enables you to restrict the locations your organization can create
resource groups in. Use to enforce your geo-compliance requirements.","metadata":{"category":"General"},"parameters":{"listOfAllowedLocations":{"type":"Array","metadata":{"description":"The
list of locations that resource groups can be created in.","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988","type":"Microsoft.Authorization/policyDefinitions","name":"e765b5de-1225-4ba3-bd56-1ac6695af988"},{"properties":{"displayName":"[Deprecated]:
+ locations"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988","type":"Microsoft.Authorization/policyDefinitions","name":"e765b5de-1225-4ba3-bd56-1ac6695af988"},{"properties":{"displayName":"Microsoft
+ Managed Control 1273 - Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1273"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e77fcbf2-a1e8-44f1-860e-ed6583761e65","type":"Microsoft.Authorization/policyDefinitions","name":"e77fcbf2-a1e8-44f1-860e-ed6583761e65"},{"properties":{"displayName":"[Deprecated]:
Audit Web Sockets state for a Web Application","policyType":"BuiltIn","mode":"All","description":"The
Web Sockets protocol is vulnerable to different types of security threats.
Use of Web Sockets within a web application must be carefully reviewed.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e","type":"Microsoft.Authorization/policyDefinitions","name":"e797f851-8be7-4c40-bb56-2e3395215b0e"},{"properties":{"displayName":"Enforce
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e","type":"Microsoft.Authorization/policyDefinitions","name":"e797f851-8be7-4c40-bb56-2e3395215b0e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1169 - Continuous Monitoring | Trend Analyses","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1169"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e7ba2cb3-5675-4468-8b50-8486bdd998a5","type":"Microsoft.Authorization/policyDefinitions","name":"e7ba2cb3-5675-4468-8b50-8486bdd998a5"},{"properties":{"displayName":"Enforce
SSL connection should be enabled for MySQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any MySQL server that is not enforcing SSL connection. Azure
Database for MySQL supports connecting your Azure Database for MySQL server
@@ -7122,16 +12783,52 @@ interactions:
between your database server and your client applications helps protect against
''man in the middle'' attacks by encrypting the data stream between the server
and your application.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMySQL/servers"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","type":"Microsoft.Authorization/policyDefinitions","name":"e802a67a-daf5-4436-9ea6-f6d821dd0c5d"},{"properties":{"displayName":"Vulnerabilities
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMySQL/servers"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","type":"Microsoft.Authorization/policyDefinitions","name":"e802a67a-daf5-4436-9ea6-f6d821dd0c5d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1237 - Software Usage Restrictions | Open Source Software","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1237"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e80b6812-0bfa-4383-8223-cdd86a46a890","type":"Microsoft.Authorization/policyDefinitions","name":"e80b6812-0bfa-4383-8223-cdd86a46a890"},{"properties":{"displayName":"Vulnerabilities
in container security configurations should be remediated","policyType":"BuiltIn","mode":"All","description":"Audit
vulnerabilities in security configuration on machines with Docker installed
and display as recommendations in Azure Security Center.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ContainerBenchmark","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","type":"Microsoft.Authorization/policyDefinitions","name":"e8cbc669-f12d-49eb-93e7-9273119e9933"},{"properties":{"displayName":"Remote
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ContainerBenchmark","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","type":"Microsoft.Authorization/policyDefinitions","name":"e8cbc669-f12d-49eb-93e7-9273119e9933"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Data Lake Storage Gen1 to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Storage Gen1 to stream to a regional
+ Event Hub when any Data Lake Storage Gen1 which is missing this diagnostic
+ settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeStore/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e8d096bc-85de-4c5f-8cfb-857bd1b9d62d","type":"Microsoft.Authorization/policyDefinitions","name":"e8d096bc-85de-4c5f-8cfb-857bd1b9d62d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1626 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1626"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e8f6bddd-6d67-439a-88d4-c5fe39a79341","type":"Microsoft.Authorization/policyDefinitions","name":"e8f6bddd-6d67-439a-88d4-c5fe39a79341"},{"properties":{"displayName":"Microsoft
+ Managed Control 1502 - Rules Of Behavior | Social Media And Networking Restrictions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1502"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e901375c-8f01-4ac8-9183-d5312f47fe63","type":"Microsoft.Authorization/policyDefinitions","name":"e901375c-8f01-4ac8-9183-d5312f47fe63"},{"properties":{"displayName":"Microsoft
+ Managed Control 1723 - Information Input Validation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1723"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e91927a0-ac1d-44a0-95f8-5185f9dfce9f","type":"Microsoft.Authorization/policyDefinitions","name":"e91927a0-ac1d-44a0-95f8-5185f9dfce9f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1200 - Security Impact Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1200"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e98fe9d7-2ed3-44f8-93b7-24dca69783ff","type":"Microsoft.Authorization/policyDefinitions","name":"e98fe9d7-2ed3-44f8-93b7-24dca69783ff"},{"properties":{"displayName":"Microsoft
+ Managed Control 1487 - Alternate Work Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1487"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e9c3371d-c30c-4f58-abd9-30b8a8199571","type":"Microsoft.Authorization/policyDefinitions","name":"e9c3371d-c30c-4f58-abd9-30b8a8199571"},{"properties":{"displayName":"Remote
debugging should be turned off for API Apps","policyType":"BuiltIn","mode":"Indexed","description":"Remote
debugging requires inbound ports to be opened on an API apps. Remote debugging
should be turned off.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","type":"Microsoft.Authorization/policyDefinitions","name":"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e"},{"properties":{"displayName":"Inherit
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","type":"Microsoft.Authorization/policyDefinitions","name":"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1363 - Incident Handling | Automated Incident Handling Processes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1363"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ea3e8156-89a1-45b1-8bd6-938abc79fdfd","type":"Microsoft.Authorization/policyDefinitions","name":"ea3e8156-89a1-45b1-8bd6-938abc79fdfd"},{"properties":{"displayName":"Inherit
a tag from the resource group if missing","policyType":"BuiltIn","mode":"Indexed","description":"Adds
the specified tag with its value from the parent resource group when any resource
missing this tag is created or updated. Existing resources can be remediated
@@ -7143,7 +12840,24 @@ interactions:
Vault should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Key Vault not configured to use a virtual network service
endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"anyOf":[{"field":"Microsoft.KeyVault/vaults/networkAcls.defaultAction","notEquals":"Deny"},{"field":"Microsoft.KeyVault/vaults/networkAcls.virtualNetworkRules[*].id","exists":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ea4d6841-2173-4317-9747-ff522a45120f","type":"Microsoft.Authorization/policyDefinitions","name":"ea4d6841-2173-4317-9747-ff522a45120f"},{"properties":{"displayName":"Log
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"anyOf":[{"field":"Microsoft.KeyVault/vaults/networkAcls.defaultAction","notEquals":"Deny"},{"field":"Microsoft.KeyVault/vaults/networkAcls.virtualNetworkRules[*].id","exists":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ea4d6841-2173-4317-9747-ff522a45120f","type":"Microsoft.Authorization/policyDefinitions","name":"ea4d6841-2173-4317-9747-ff522a45120f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1422 - Maintenance Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1422"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ea556850-838d-4a37-8ce5-9d7642f95e11","type":"Microsoft.Authorization/policyDefinitions","name":"ea556850-838d-4a37-8ce5-9d7642f95e11"},{"properties":{"displayName":"Microsoft
+ Managed Control 1542 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1542"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eab340d0-3d55-4826-a0e5-feebfeb0131d","type":"Microsoft.Authorization/policyDefinitions","name":"eab340d0-3d55-4826-a0e5-feebfeb0131d"},{"properties":{"displayName":"Ensure
+ Function app has ''Client Certificates (Incoming client certificates)'' set
+ to ''On''","policyType":"BuiltIn","mode":"Indexed","description":"Client certificates
+ allow for the app to request a certificate for incoming requests. Only clients
+ that have a valid certificate will be able to reach the app.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"},{"field":"Microsoft.Web/sites/clientCertEnabled","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c","type":"Microsoft.Authorization/policyDefinitions","name":"eaebaea7-8013-4ceb-9d14-7eb32271373c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1064 - Remote Access | Privileged Commands / Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1064"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eb4d9508-cbf0-4a3c-bb5c-6c95b159f3fb","type":"Microsoft.Authorization/policyDefinitions","name":"eb4d9508-cbf0-4a3c-bb5c-6c95b159f3fb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1321 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1321"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eb627cc6-3a9d-46b5-96b7-5fca49178a37","type":"Microsoft.Authorization/policyDefinitions","name":"eb627cc6-3a9d-46b5-96b7-5fca49178a37"},{"properties":{"displayName":"Log
checkpoints should be enabled for PostgreSQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy helps audit any PostgreSQL databases in your environment without log_checkpoints
setting enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -7173,13 +12887,13 @@ interactions:
Configuration. This policy should only be used along with its corresponding
audit policy in an initiative. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid110"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid110"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","type":"Microsoft.Authorization/policyDefinitions","name":"ec49586f-4939-402d-a29e-6ff502b20592"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Administrative
Templates - Control Panel''","policyType":"BuiltIn","mode":"Indexed","description":"This
@@ -7191,7 +12905,13 @@ interactions:
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesControlPanel","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_AdministrativeTemplatesControlPanel"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ec7ac234-2af5-4729-94d2-c557c071799d","type":"Microsoft.Authorization/policyDefinitions","name":"ec7ac234-2af5-4729-94d2-c557c071799d"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ec7ac234-2af5-4729-94d2-c557c071799d","type":"Microsoft.Authorization/policyDefinitions","name":"ec7ac234-2af5-4729-94d2-c557c071799d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1241 - User-Installed Software | Alerts For Unauthorized Installations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1241"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eca4d7b2-65e2-4e04-95d4-c68606b063c3","type":"Microsoft.Authorization/policyDefinitions","name":"eca4d7b2-65e2-4e04-95d4-c68606b063c3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1622 - Boundary Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1622"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ecf56554-164d-499a-8d00-206b07c27bed","type":"Microsoft.Authorization/policyDefinitions","name":"ecf56554-164d-499a-8d00-206b07c27bed"},{"properties":{"displayName":"Deploy
Diagnostic Settings for Key Vault to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
the diagnostic settings for Key Vault to stream to a regional Event Hub when
any Key Vault which is missing this diagnostic settings is created or updated.","metadata":{"category":"Key
@@ -7207,16 +12927,78 @@ interactions:
logs","description":"Whether to enable logs stream to the Event Hub - True
or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vaultName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"resources":[{"type":"Microsoft.KeyVault/vaults/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''vaultName''),
''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"AuditEvent","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- diagnostic settings for '', parameters(''vaultName''))]"}}},"parameters":{"location":{"value":"[field(''location'')]"},"vaultName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ed7c8c13-51e7-49d1-8a43-8490431a0da2","type":"Microsoft.Authorization/policyDefinitions","name":"ed7c8c13-51e7-49d1-8a43-8490431a0da2"},{"properties":{"displayName":"Vulnerability
+ diagnostic settings for '', parameters(''vaultName''))]"}}},"parameters":{"location":{"value":"[field(''location'')]"},"vaultName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ed7c8c13-51e7-49d1-8a43-8490431a0da2","type":"Microsoft.Authorization/policyDefinitions","name":"ed7c8c13-51e7-49d1-8a43-8490431a0da2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1217 - Least Functionality | Periodic Review","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1217"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/edea4f20-b02c-4115-be75-86c080e5c0ed","type":"Microsoft.Authorization/policyDefinitions","name":"edea4f20-b02c-4115-be75-86c080e5c0ed"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Stream Analytics to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Stream Analytics to stream to a regional Event
+ Hub when any Stream Analytics which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingjobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.StreamAnalytics/streamingjobs/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Execution","enabled":"[parameters(''logsEnabled'')]"},{"category":"Authoring","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/edf3780c-3d70-40fe-b17e-ab72013dafca","type":"Microsoft.Authorization/policyDefinitions","name":"edf3780c-3d70-40fe-b17e-ab72013dafca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1189 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1189"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ee45e02a-4140-416c-82c4-fecfea660b9d","type":"Microsoft.Authorization/policyDefinitions","name":"ee45e02a-4140-416c-82c4-fecfea660b9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1089 - Security Awareness Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1089"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef080e67-0d1a-4f76-a0c5-fb9b0358485e","type":"Microsoft.Authorization/policyDefinitions","name":"ef080e67-0d1a-4f76-a0c5-fb9b0358485e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1314 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1314"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef0c8530-efd9-45b8-b753-f03083d06295","type":"Microsoft.Authorization/policyDefinitions","name":"ef0c8530-efd9-45b8-b753-f03083d06295"},{"properties":{"displayName":"Microsoft
+ Managed Control 1128 - Time Stamps","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1128"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef212163-3bc4-4e86-bcf8-705127086393","type":"Microsoft.Authorization/policyDefinitions","name":"ef212163-3bc4-4e86-bcf8-705127086393"},{"properties":{"displayName":"Vulnerability
assessment should be enabled on your SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"Audit
Azure SQL servers which do not have recurring vulnerability assessment scans
enabled. Vulnerability assessment can discover, track, and help you remediate
potential database vulnerabilities.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/vulnerabilityAssessments/recurringScans.isEnabled","equals":"True"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","type":"Microsoft.Authorization/policyDefinitions","name":"ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9"},{"properties":{"displayName":"The
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/vulnerabilityAssessments/recurringScans.isEnabled","equals":"True"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","type":"Microsoft.Authorization/policyDefinitions","name":"ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Event Hub to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Event Hub to stream to a regional Event Hub when
+ any Event Hub which is missing this diagnostic settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.EventHub/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ArchiveLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"AutoScaleLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"KafkaCoordinatorLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"EventHubVNetConnectionEvent","enabled":"[parameters(''logsEnabled'')]"},{"category":"CustomerManagedKeyUserLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef7b61ef-b8e4-4c91-8e78-6946c6b0023f","type":"Microsoft.Authorization/policyDefinitions","name":"ef7b61ef-b8e4-4c91-8e78-6946c6b0023f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1472 - Emergency Shutoff","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1472"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef869332-921d-4c28-9402-3be73e6e50c8","type":"Microsoft.Authorization/policyDefinitions","name":"ef869332-921d-4c28-9402-3be73e6e50c8"},{"properties":{"displayName":"The
Log Analytics agent should be installed on Virtual Machine Scale Sets","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Windows/Linux Virtual Machine Scale Sets if the Log Analytics
agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","in":["MicrosoftMonitoringAgent","OmsAgentForLinux"]},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/provisioningState","equals":"Succeeded"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/settings.workspaceId","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf","type":"Microsoft.Authorization/policyDefinitions","name":"efbde977-ba53-4479-b8e9-10b957924fbf"},{"properties":{"displayName":"Deploy
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","in":["MicrosoftMonitoringAgent","OmsAgentForLinux"]},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/provisioningState","equals":"Succeeded"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/settings.workspaceId","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf","type":"Microsoft.Authorization/policyDefinitions","name":"efbde977-ba53-4479-b8e9-10b957924fbf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1012 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1012"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/efd7b9ae-1db6-4eb6-b0fe-87e6565f9738","type":"Microsoft.Authorization/policyDefinitions","name":"efd7b9ae-1db6-4eb6-b0fe-87e6565f9738"},{"properties":{"displayName":"Microsoft
+ Managed Control 1358 - Incident Response Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1358"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/effbaeef-5bf4-400d-895e-ef8cbc0e64c7","type":"Microsoft.Authorization/policyDefinitions","name":"effbaeef-5bf4-400d-895e-ef8cbc0e64c7"},{"properties":{"displayName":"Ensure
+ that Register with Azure Active Directory is enabled on Function App","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0473e7a-a1ba-4e86-afb2-e829e11b01d8","type":"Microsoft.Authorization/policyDefinitions","name":"f0473e7a-a1ba-4e86-afb2-e829e11b01d8"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that have the specified applications installed","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
that have the specified applications installed. It also creates a system-assigned
@@ -7235,7 +13017,16 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]NotInstalledApplicationResource1;Name","value":"[parameters(''ApplicationName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2","type":"Microsoft.Authorization/policyDefinitions","name":"f0633351-c7b2-41ff-9981-508fc08553c2"},{"properties":{"displayName":"Virtual
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2","type":"Microsoft.Authorization/policyDefinitions","name":"f0633351-c7b2-41ff-9981-508fc08553c2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1531 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1531"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0643e0c-eee5-4113-8684-c608d05c5236","type":"Microsoft.Authorization/policyDefinitions","name":"f0643e0c-eee5-4113-8684-c608d05c5236"},{"properties":{"displayName":"Latest
+ TLS version should be used in your Web App","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
+ to the latest TLS version","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","type":"Microsoft.Authorization/policyDefinitions","name":"f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1028 - Information Flow Enforcement","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1028"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f171df5c-921b-41e9-b12b-50801c315475","type":"Microsoft.Authorization/policyDefinitions","name":"f171df5c-921b-41e9-b12b-50801c315475"},{"properties":{"displayName":"Virtual
networks should use specified virtual network gateway","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any virtual network if the default route does not point to the
specified virtual network gateway.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -7250,13 +13041,13 @@ interactions:
managed identity and deploys the VM extension for Guest Configuration. This
policy should only be used along with its corresponding audit policy in an
initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid121"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid121"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","type":"Microsoft.Authorization/policyDefinitions","name":"f19aa1c1-6b91-4c27-ae6a-970279f03db9"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Adminstrative
Templates - MSS (Legacy)''","policyType":"BuiltIn","mode":"Indexed","description":"This
@@ -7268,7 +13059,24 @@ interactions:
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdminstrativeTemplatesMSSLegacy","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_AdminstrativeTemplatesMSSLegacy"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f1f4825d-58fb-4257-8016-8c00e3c9ed9d","type":"Microsoft.Authorization/policyDefinitions","name":"f1f4825d-58fb-4257-8016-8c00e3c9ed9d"},{"properties":{"displayName":"Show
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f1f4825d-58fb-4257-8016-8c00e3c9ed9d","type":"Microsoft.Authorization/policyDefinitions","name":"f1f4825d-58fb-4257-8016-8c00e3c9ed9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1701 - Information System Monitoring | Host-Based Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1701"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f25bc08f-27cb-43b6-9a23-014d00700426","type":"Microsoft.Authorization/policyDefinitions","name":"f25bc08f-27cb-43b6-9a23-014d00700426"},{"properties":{"displayName":"Microsoft
+ Managed Control 1457 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1457"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f2d9d3e6-8886-4305-865d-639163e5c305","type":"Microsoft.Authorization/policyDefinitions","name":"f2d9d3e6-8886-4305-865d-639163e5c305"},{"properties":{"displayName":"Microsoft
+ Managed Control 1309 - Identification And Authentication (Org. Users) | Acceptance
+ Of Piv Credentials","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1309"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f355d62b-39a8-4ba3-abf7-90f71cb3b000","type":"Microsoft.Authorization/policyDefinitions","name":"f355d62b-39a8-4ba3-abf7-90f71cb3b000"},{"properties":{"displayName":"Microsoft
+ Managed Control 1615 - System And Communications Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1615"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f35e02aa-0a55-49f8-8811-8abfa7e6f2c0","type":"Microsoft.Authorization/policyDefinitions","name":"f35e02aa-0a55-49f8-8811-8abfa7e6f2c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1255 - Contingency Plan | Continue Essential Missions / Business
+ Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1255"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f3793f5e-937f-44f7-bfba-40647ef3efa0","type":"Microsoft.Authorization/policyDefinitions","name":"f3793f5e-937f-44f7-bfba-40647ef3efa0"},{"properties":{"displayName":"Show
audit results from Windows VMs in which the Administrators group does not
contain all of the specified members","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -7284,7 +13092,10 @@ interactions:
VMs that do not contain the specified certificates in the Trusted Root Certification
Authorities certificate store (Cert:\\LocalMachine\\Root). For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsCertificateInTrustedRoot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f3b9ad83-000d-4dc1-bff0-6d54533dd03f","type":"Microsoft.Authorization/policyDefinitions","name":"f3b9ad83-000d-4dc1-bff0-6d54533dd03f"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsCertificateInTrustedRoot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f3b9ad83-000d-4dc1-bff0-6d54533dd03f","type":"Microsoft.Authorization/policyDefinitions","name":"f3b9ad83-000d-4dc1-bff0-6d54533dd03f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1706 - Security Alerts, Advisories, And Directives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1706"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f475ee0e-f560-4c9b-876b-04a77460a404","type":"Microsoft.Authorization/policyDefinitions","name":"f475ee0e-f560-4c9b-876b-04a77460a404"},{"properties":{"displayName":"[Preview]:
Audit Log Analytics Workspace for VM - Report Mismatch","policyType":"BuiltIn","mode":"Indexed","description":"Reports
VMs as non-compliant if they not logging to the LA workspace specified in
the policy/initiative assignment.","metadata":{"category":"Monitoring"},"parameters":{"logAnalyticsWorkspaceId":{"type":"String","metadata":{"displayName":"Log
@@ -7301,7 +13112,9 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that do not have the password complexity setting enabled.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","type":"Microsoft.Authorization/policyDefinitions","name":"f48b2913-1dc5-4834-8c72-ccc1dfd819bb"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","type":"Microsoft.Authorization/policyDefinitions","name":"f48b2913-1dc5-4834-8c72-ccc1dfd819bb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1495 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1495"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f4978d0e-a596-48e7-9f8c-bbf52554ce8d","type":"Microsoft.Authorization/policyDefinitions","name":"f4978d0e-a596-48e7-9f8c-bbf52554ce8d"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that have not restarted within the
specified number of days","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -7336,7 +13149,13 @@ interactions:
0, 3)]","storageName":"[tolower(concat(''sqlaudit'', variables(''locationCode''),
variables(''uniqueStorage'')))]","createStorageAccountDeploymentName":"[concat(''sqlServerAuditingStorageAccount-'',
uniqueString(variables(''locationCode''), parameters(''serverName'')))]"},"resources":[{"apiVersion":"2017-05-10","name":"[variables(''createStorageAccountDeploymentName'')]","type":"Microsoft.Resources/deployments","resourceGroup":"[parameters(''storageAccountsResourceGroup'')]","properties":{"mode":"Incremental","parameters":{"location":{"value":"[parameters(''location'')]"},"storageName":{"value":"[variables(''storageName'')]"}},"templateLink":{"uri":"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json","contentVersion":"1.0.0.0"}}},{"name":"[concat(parameters(''serverName''),
- ''/Default'')]","type":"Microsoft.Sql/servers/auditingSettings","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","storageEndpoint":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountEndPoint.value]","storageAccountAccessKey":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountKey.value]","retentionDays":"[variables(''retentionDays'')]","auditActionsAndGroups":null,"storageAccountSubscriptionId":"[subscription().subscriptionId]","isStorageSecondaryKeyInUse":false}}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"auditRetentionDays":{"value":"[parameters(''retentionDays'')]"},"storageAccountsResourceGroup":{"value":"[parameters(''storageAccountsResourceGroup'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036","type":"Microsoft.Authorization/policyDefinitions","name":"f4c68484-132f-41f9-9b6d-3e4b1cb55036"},{"properties":{"displayName":"[Preview]:
+ ''/Default'')]","type":"Microsoft.Sql/servers/auditingSettings","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","storageEndpoint":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountEndPoint.value]","storageAccountAccessKey":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountKey.value]","retentionDays":"[variables(''retentionDays'')]","auditActionsAndGroups":null,"storageAccountSubscriptionId":"[subscription().subscriptionId]","isStorageSecondaryKeyInUse":false}}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"auditRetentionDays":{"value":"[parameters(''retentionDays'')]"},"storageAccountsResourceGroup":{"value":"[parameters(''storageAccountsResourceGroup'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036","type":"Microsoft.Authorization/policyDefinitions","name":"f4c68484-132f-41f9-9b6d-3e4b1cb55036"},{"properties":{"displayName":"Microsoft
+ Managed Control 1469 - Power Equipment And Cabling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1469"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd","type":"Microsoft.Authorization/policyDefinitions","name":"f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1618 - Security Function Isolation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1618"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f52f89aa-4489-4ec4-950e-8c96a036baa9","type":"Microsoft.Authorization/policyDefinitions","name":"f52f89aa-4489-4ec4-950e-8c96a036baa9"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Network Access''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -7372,13 +13191,42 @@ interactions:
access: Remotely accessible registry paths;ExpectedValue","value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPaths'')]"},{"name":"Network
access: Remotely accessible registry paths and sub-paths;ExpectedValue","value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths'')]"},{"name":"Network
access: Shares that can be accessed anonymously;ExpectedValue","value":"[parameters(''NetworkAccessSharesThatCanBeAccessedAnonymously'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f56a3ab2-89d1-44de-ac0d-2ada5962e22a","type":"Microsoft.Authorization/policyDefinitions","name":"f56a3ab2-89d1-44de-ac0d-2ada5962e22a"},{"properties":{"displayName":"Virtual
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f56a3ab2-89d1-44de-ac0d-2ada5962e22a","type":"Microsoft.Authorization/policyDefinitions","name":"f56a3ab2-89d1-44de-ac0d-2ada5962e22a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1198 - Configuration Change Control | Security Representative","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1198"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f56be5c3-660b-4c61-9078-f67cf072c356","type":"Microsoft.Authorization/policyDefinitions","name":"f56be5c3-660b-4c61-9078-f67cf072c356"},{"properties":{"displayName":"Microsoft
+ Managed Control 1328 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1328"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f5c66fdc-3d02-4034-9db5-ba57802609de","type":"Microsoft.Authorization/policyDefinitions","name":"f5c66fdc-3d02-4034-9db5-ba57802609de"},{"properties":{"displayName":"Microsoft
+ Managed Control 1193 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1193"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f5fd629f-3075-4cae-ab53-bad65495a4ac","type":"Microsoft.Authorization/policyDefinitions","name":"f5fd629f-3075-4cae-ab53-bad65495a4ac"},{"properties":{"displayName":"Virtual
machines should be associated with a Network Security Group","policyType":"BuiltIn","mode":"All","description":"Protect
your VM from potential threats by restricting access to it with a Network
Security Group (NSG). NSGs contain a list of Access Control List (ACL) rules
that allow or deny network traffic to your VM from other instances, in or
outside the same subnet.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnVirtualMachines","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","type":"Microsoft.Authorization/policyDefinitions","name":"f6de0be7-9a8a-4b8a-b349-43cf02d22f7c"},{"properties":{"displayName":"Show
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnVirtualMachines","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","type":"Microsoft.Authorization/policyDefinitions","name":"f6de0be7-9a8a-4b8a-b349-43cf02d22f7c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1214 - Least Functionality","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1214"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f714a4e2-b580-47b6-ae8c-f2812d3750f3","type":"Microsoft.Authorization/policyDefinitions","name":"f714a4e2-b580-47b6-ae8c-f2812d3750f3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1591 - External Information System Services | Ident. Of Functions
+ / Ports / Protocols / Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1591"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f751cdb7-fbee-406b-969b-815d367cb9b3","type":"Microsoft.Authorization/policyDefinitions","name":"f751cdb7-fbee-406b-969b-815d367cb9b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1330 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1330"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f75cedb2-5def-4b31-973e-b69e8c7bd031","type":"Microsoft.Authorization/policyDefinitions","name":"f75cedb2-5def-4b31-973e-b69e8c7bd031"},{"properties":{"displayName":"Microsoft
+ Managed Control 1540 - Security Categorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1540"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f771f8cb-6642-45cc-9a15-8a41cd5c6977","type":"Microsoft.Authorization/policyDefinitions","name":"f771f8cb-6642-45cc-9a15-8a41cd5c6977"},{"properties":{"displayName":"Microsoft
+ Managed Control 1449 - Physical Access Authorizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1449"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f784d3b0-5f2b-49b7-b9f3-00ba8653ced5","type":"Microsoft.Authorization/policyDefinitions","name":"f784d3b0-5f2b-49b7-b9f3-00ba8653ced5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1506 - Personnel Security Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1506"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f7d2ff17-d604-4dd9-b607-9ecf63f28ad2","type":"Microsoft.Authorization/policyDefinitions","name":"f7d2ff17-d604-4dd9-b607-9ecf63f28ad2"},{"properties":{"displayName":"Show
audit results from Windows VMs that do not have the specified Windows PowerShell
execution policy","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -7386,11 +13234,20 @@ interactions:
auditing Windows virtual machines where Windows PowerShell is not configured
to use the specified PowerShell execution policy. For more information on
Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellExecutionPolicy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8036bd0-c10b-4931-86bb-94a878add855","type":"Microsoft.Authorization/policyDefinitions","name":"f8036bd0-c10b-4931-86bb-94a878add855"},{"properties":{"displayName":"External
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellExecutionPolicy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8036bd0-c10b-4931-86bb-94a878add855","type":"Microsoft.Authorization/policyDefinitions","name":"f8036bd0-c10b-4931-86bb-94a878add855"},{"properties":{"displayName":"Microsoft
+ Managed Control 1705 - Security Alerts, Advisories, And Directives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1705"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f82e3639-fa2b-4e06-a786-932d8379b972","type":"Microsoft.Authorization/policyDefinitions","name":"f82e3639-fa2b-4e06-a786-932d8379b972"},{"properties":{"displayName":"External
accounts with owner permissions should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"External
accounts with owner permissions should be removed from your subscription in
order to prevent unmonitored access.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","type":"Microsoft.Authorization/policyDefinitions","name":"f8456c1c-aa66-4dfb-861a-25d127b775c9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","type":"Microsoft.Authorization/policyDefinitions","name":"f8456c1c-aa66-4dfb-861a-25d127b775c9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1345 - Cryptographic Module Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1345"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f86aa129-7c07-4aa4-bbf5-792d93ffd9ea","type":"Microsoft.Authorization/policyDefinitions","name":"f86aa129-7c07-4aa4-bbf5-792d93ffd9ea"},{"properties":{"displayName":"Microsoft
+ Managed Control 1065 - Remote Access | Privileged Commands / Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1065"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f87b8085-dca9-4cf1-8f7b-9822b997797c","type":"Microsoft.Authorization/policyDefinitions","name":"f87b8085-dca9-4cf1-8f7b-9822b997797c"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - System''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -7415,20 +13272,69 @@ interactions:
your network is compromised","metadata":{"category":"Service Bus"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","type":"Microsoft.Authorization/policyDefinitions","name":"f8d36e2f-389b-4ee4-898d-21aeb69a0f45"},{"properties":{"displayName":"Diagnostic
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","type":"Microsoft.Authorization/policyDefinitions","name":"f8d36e2f-389b-4ee4-898d-21aeb69a0f45"},{"properties":{"displayName":"Microsoft
+ Managed Control 1203 - Access Restrictions For Change | Automated Access Enforcement
+ / Auditing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1203"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9012d14-e3e6-4d7b-b926-9f37b5537066","type":"Microsoft.Authorization/policyDefinitions","name":"f9012d14-e3e6-4d7b-b926-9f37b5537066"},{"properties":{"displayName":"Microsoft
+ Managed Control 1697 - Information System Monitoring | Analyze Traffic / Covert
+ Exfiltration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1697"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9873db2-18ad-46b3-a11a-1a1f8cbf0335","type":"Microsoft.Authorization/policyDefinitions","name":"f9873db2-18ad-46b3-a11a-1a1f8cbf0335"},{"properties":{"displayName":"Microsoft
+ Managed Control 1478 - Fire Protection | Suppression Devices / Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1478"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f997df46-cfbb-4cc8-aac8-3fecdaf6a183","type":"Microsoft.Authorization/policyDefinitions","name":"f997df46-cfbb-4cc8-aac8-3fecdaf6a183"},{"properties":{"displayName":"Microsoft
+ Managed Control 1535 - Personnel Sanctions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1535"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9a165d2-967d-4733-8399-1074270dae2e","type":"Microsoft.Authorization/policyDefinitions","name":"f9a165d2-967d-4733-8399-1074270dae2e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1108 - Content Of Audit Records | Additional Audit Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1108"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9ad559e-c12d-415e-9a78-e50fdd7da7ba","type":"Microsoft.Authorization/policyDefinitions","name":"f9ad559e-c12d-415e-9a78-e50fdd7da7ba"},{"properties":{"displayName":"Diagnostic
logs in Azure Stream Analytics should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Stream Analytics"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingJobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","type":"Microsoft.Authorization/policyDefinitions","name":"f9be5368-9bf5-4b84-9e0a-7850da98bb46"},{"properties":{"displayName":"[Preview]:
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingJobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","type":"Microsoft.Authorization/policyDefinitions","name":"f9be5368-9bf5-4b84-9e0a-7850da98bb46"},{"properties":{"displayName":"Latest
+ TLS version should be used in your Function App","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
+ to the latest TLS version","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","type":"Microsoft.Authorization/policyDefinitions","name":"f9d614c5-c173-4d56-95a7-b4437057d193"},{"properties":{"displayName":"Microsoft
+ Managed Control 1280 - Telecommunications Services | Priority Of Service Provisions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1280"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fa108498-b3a8-4ffb-9e79-1107e76afad3","type":"Microsoft.Authorization/policyDefinitions","name":"fa108498-b3a8-4ffb-9e79-1107e76afad3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1037 - Least Privilege | Network Access To Privileged Commands","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1037"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fa4c2a3d-1294-41a3-9ada-0e540471e9fb","type":"Microsoft.Authorization/policyDefinitions","name":"fa4c2a3d-1294-41a3-9ada-0e540471e9fb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1435 - Media Transport","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1435"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fa8d221b-d130-4637-ba16-501e666628bb","type":"Microsoft.Authorization/policyDefinitions","name":"fa8d221b-d130-4637-ba16-501e666628bb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1675 - Flaw Remediation | Time To Remediate Flaws / Benchmarks
+ For Corrective Actions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1675"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/facb66e0-1c48-478a-bed5-747a312323e1","type":"Microsoft.Authorization/policyDefinitions","name":"facb66e0-1c48-478a-bed5-747a312323e1"},{"properties":{"displayName":"Deploy
+ prerequisites to enable Guest Configuration Policy on Linux VMs.","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a system-assigned managed identity and deploys the VM extension
+ for Guest Configuration on Linux VMs. This is a prerequisites for Guest Configuration
+ Policy and must be assigned to the scope before using any Guest Configuration
+ policy. For more information on Guest Configuration policies, please visit
+ https://aka.ms/gcpol.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.Compute/virtualMachines/extensions","name":"AzurePolicyforLinux","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.GuestConfiguration"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"ConfigurationforLinux"}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"resources":[{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}}}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb27e9e0-526e-4ae1-89f2-a2a0bf0f8a50","type":"Microsoft.Authorization/policyDefinitions","name":"fb27e9e0-526e-4ae1-89f2-a2a0bf0f8a50"},{"properties":{"displayName":"Microsoft
+ Managed Control 1086 - Publicly Accessible Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1086"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb321e6f-16a0-4be3-878f-500956e309c5","type":"Microsoft.Authorization/policyDefinitions","name":"fb321e6f-16a0-4be3-878f-500956e309c5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1222 - Information System Component Inventory","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1222"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb39e62f-6bda-4558-8088-ec03d5670914","type":"Microsoft.Authorization/policyDefinitions","name":"fb39e62f-6bda-4558-8088-ec03d5670914"},{"properties":{"displayName":"[Preview]:
Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
your Kubernetes service cluster to a later Kubernetes version to protect against
known vulnerabilities in your current Kubernetes version. Vulnerability CVE-2019-9946
has been patched in Kubernetes versions 1.11.9+, 1.12.7+, 1.13.5+, and 1.14.0+","metadata":{"category":"Security
Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.13.4","1.13.3","1.13.2","1.13.1","1.13.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.12.6","1.12.5","1.12.4","1.12.3","1.12.2","1.12.1","1.12.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.11.8","1.11.7","1.11.6","1.11.5","1.11.4","1.11.3","1.11.2","1.11.1","1.11.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.10.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.9.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.8.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.7.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.6.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.5.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.4.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.3.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.2.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.1.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.0.*"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","type":"Microsoft.Authorization/policyDefinitions","name":"fb893a29-21bb-418c-a157-e99480ec364c"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.13.4","1.13.3","1.13.2","1.13.1","1.13.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.12.6","1.12.5","1.12.4","1.12.3","1.12.2","1.12.1","1.12.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.11.8","1.11.7","1.11.6","1.11.5","1.11.4","1.11.3","1.11.2","1.11.1","1.11.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.10.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.9.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.8.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.7.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.6.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.5.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.4.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.3.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.2.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.1.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.0.*"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","type":"Microsoft.Authorization/policyDefinitions","name":"fb893a29-21bb-418c-a157-e99480ec364c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1075 - Access Control For Mobile Devices | Full Device / Container-Based Encryption","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1075"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fc933d22-04df-48ed-8f87-22a3773d4309","type":"Microsoft.Authorization/policyDefinitions","name":"fc933d22-04df-48ed-8f87-22a3773d4309"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Microsoft Network Client''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -7436,7 +13342,35 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - Microsoft Network Client''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkClient","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fcbc55c9-f25a-4e55-a6cb-33acb3be778b","type":"Microsoft.Authorization/policyDefinitions","name":"fcbc55c9-f25a-4e55-a6cb-33acb3be778b"},{"properties":{"displayName":"Show
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkClient","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fcbc55c9-f25a-4e55-a6cb-33acb3be778b","type":"Microsoft.Authorization/policyDefinitions","name":"fcbc55c9-f25a-4e55-a6cb-33acb3be778b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1318 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1318"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fced5fda-3bdb-4d73-bfea-0e2c80428b66","type":"Microsoft.Authorization/policyDefinitions","name":"fced5fda-3bdb-4d73-bfea-0e2c80428b66"},{"properties":{"displayName":"Microsoft
+ Managed Control 1543 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1543"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd00b778-b5b5-49c0-a994-734ea7bd3624","type":"Microsoft.Authorization/policyDefinitions","name":"fd00b778-b5b5-49c0-a994-734ea7bd3624"},{"properties":{"displayName":"Microsoft
+ Managed Control 1707 - Security Alerts, Advisories, And Directives | Automated
+ Alerts And Advisories","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1707"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd4a2ac8-868a-4702-a345-6c896c3361ce","type":"Microsoft.Authorization/policyDefinitions","name":"fd4a2ac8-868a-4702-a345-6c896c3361ce"},{"properties":{"displayName":"Microsoft
+ Managed Control 1299 - Identification And Authentication Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1299"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd4e54f7-9ab0-4bae-b6cc-457809948a89","type":"Microsoft.Authorization/policyDefinitions","name":"fd4e54f7-9ab0-4bae-b6cc-457809948a89"},{"properties":{"displayName":"Microsoft
+ Managed Control 1627 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1627"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd73310d-76fc-422d-bda4-3a077149f179","type":"Microsoft.Authorization/policyDefinitions","name":"fd73310d-76fc-422d-bda4-3a077149f179"},{"properties":{"displayName":"Microsoft
+ Managed Control 1130 - Time Stamps | Synchronization With Authoritative Time
+ Source","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1130"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd7c4c1d-51ee-4349-9dab-89a7f8c8d102","type":"Microsoft.Authorization/policyDefinitions","name":"fd7c4c1d-51ee-4349-9dab-89a7f8c8d102"},{"properties":{"displayName":"Microsoft
+ Managed Control 1611 - Developer-Provided Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1611"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f","type":"Microsoft.Authorization/policyDefinitions","name":"fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1405 - Maintenance Tools | Inspect Tools","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1405"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b","type":"Microsoft.Authorization/policyDefinitions","name":"fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1613 - Developer Security Architecture And Design","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1613"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fe2ad78b-8748-4bff-a924-f74dfca93f30","type":"Microsoft.Authorization/policyDefinitions","name":"fe2ad78b-8748-4bff-a924-f74dfca93f30"},{"properties":{"displayName":"Show
audit results from Linux VMs that do not have the specified applications installed","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
@@ -7446,8 +13380,20 @@ interactions:
on your SQL databases should be remediated","policyType":"BuiltIn","mode":"Indexed","description":"Monitor
Vulnerability Assessment scan results and recommendations for how to remediate
database vulnerabilities.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Sql/servers/databases","Microsoft.Sql/managedinstances/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"sqlVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","type":"Microsoft.Authorization/policyDefinitions","name":"feedbf84-6b99-488c-acc2-71c829aa5ffc"},{"properties":{"displayName":"[Limited
- Preview]: Ensure containers listen only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Sql/servers/databases","Microsoft.Sql/managedinstances/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"sqlVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","type":"Microsoft.Authorization/policyDefinitions","name":"feedbf84-6b99-488c-acc2-71c829aa5ffc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1407 - Maintenance Tools | Prevent Unauthorized Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1407"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ff9fbd83-1d8d-4b41-aac2-94cb44b33976","type":"Microsoft.Authorization/policyDefinitions","name":"ff9fbd83-1d8d-4b41-aac2-94cb44b33976"},{"properties":{"displayName":"Microsoft
+ Managed Control 1158 - Security Authorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1158"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fff50cf2-28eb-45b4-b378-c99412688907","type":"Microsoft.Authorization/policyDefinitions","name":"fff50cf2-28eb-45b4-b378-c99412688907"},{"properties":{"displayName":"[Preview]:
+ Manage certificate validity period","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the maximum validity period for certificates in months.","metadata":{"category":"Key
+ Vault","preview":true},"parameters":{"maximumValidityInMonths":{"type":"Integer","metadata":{"displayName":"The
+ maximum validity in months","description":"The limit to how long a certificate
+ may be valid for. Certificates with lengthy validity periods aren''t best
+ practice."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/properties.validityInMonths","greater":"[parameters(''maximumValidityInMonths'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560","type":"Microsoft.Authorization/policyDefinitions","name":"0a075868-4c26-42ef-914c-5bc007359560"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Ensure containers listen only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces containers to listen only on allowed ports in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
@@ -7455,8 +13401,25 @@ interactions:
service"},"parameters":{"allowedContainerPortsRegex":{"type":"String","metadata":{"displayName":"Allowed
container ports regex","description":"Regex representing container ports allowed
in Kubernetes cluster. E.g. Regex for allowing ports 443,446 is ^(443|446)$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerAllowedPorts","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-allowed-ports/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedContainerPortsRegex":"[parameters(''allowedContainerPortsRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f636243-1b1c-4d50-880f-310f6199f2cb","type":"Microsoft.Authorization/policyDefinitions","name":"0f636243-1b1c-4d50-880f-310f6199f2cb"},{"properties":{"displayName":"[Limited
- Preview]: Enforce labels on pods in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerAllowedPorts","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-allowed-ports/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedContainerPortsRegex":"[parameters(''allowedContainerPortsRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f636243-1b1c-4d50-880f-310f6199f2cb","type":"Microsoft.Authorization/policyDefinitions","name":"0f636243-1b1c-4d50-880f-310f6199f2cb"},{"properties":{"displayName":"[Preview]:
+ Manage allowed certificate key types","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the allowed key types for certificates.","metadata":{"category":"Key
+ Vault","preview":true},"parameters":{"allowedKeyTypes":{"type":"Array","metadata":{"displayName":"Allowed
+ key types","description":"The list of allowed certificate key types."},"allowedValues":["RSA","RSA-HSM","EC","EC-HSM"],"defaultValue":["RSA","RSA-HSM"]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType","notIn":"[parameters(''allowedKeyTypes'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f","type":"Microsoft.Authorization/policyDefinitions","name":"1151cede-290b-4ba0-8b38-0ad145ac888f"},{"properties":{"displayName":"[Preview]:
+ Manage certificate lifetime action triggers","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the configuration for certificate lifetime action triggers
+ before certificate expiration.","metadata":{"category":"Key Vault","preview":true},"parameters":{"maximumPercentageLife":{"type":"Integer","metadata":{"displayName":"The
+ maximum lifetime percentage","description":"Enter the percentage of lifetime
+ of the certificate when you want to trigger the policy action. For example,
+ to trigger a policy action at 80% of the certificate''s valid life, enter
+ ''80''."}},"minimumDaysBeforeExpiry":{"type":"Integer","metadata":{"displayName":"The
+ minimum days before expiry","description":"Enter the days before expiration
+ of the certificate when you want to trigger the policy action. For example,
+ to trigger a policy action 90 days before the certificate''s expiration, enter
+ ''90''."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.daysBeforeExpiry","exists":"True"},{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.daysBeforeExpiry","less":"[parameters(''minimumDaysBeforeExpiry'')]"}]},{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.lifetimePercentage","exists":"True"},{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.lifetimePercentage","greater":"[parameters(''maximumPercentageLife'')]"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417","type":"Microsoft.Authorization/policyDefinitions","name":"12ef42cb-9903-4e39-9c26-422d29570417"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Enforce labels on pods in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces the specified labels are provided for pods in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
@@ -7464,8 +13427,20 @@ interactions:
service"},"parameters":{"commaSeparatedListOfLabels":{"type":"String","metadata":{"displayName":"Comma-separated
list of labels","description":"A comma-separated list of labels to be specified
on Pods in Kubernetes cluster. E.g. test1,test2"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"PodEnforceLabels","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/pod-enforce-labels/limited-preview/gatekeeperpolicy.rego","policyParameters":{"commaSeparatedListOfLabels":"[parameters(''commaSeparatedListOfLabels'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16c6ca72-89d2-4798-b87e-496f9de7fcb7","type":"Microsoft.Authorization/policyDefinitions","name":"16c6ca72-89d2-4798-b87e-496f9de7fcb7"},{"properties":{"displayName":"[Limited
- Preview]: Ensure services listen only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"PodEnforceLabels","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/pod-enforce-labels/limited-preview/gatekeeperpolicy.rego","policyParameters":{"commaSeparatedListOfLabels":"[parameters(''commaSeparatedListOfLabels'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16c6ca72-89d2-4798-b87e-496f9de7fcb7","type":"Microsoft.Authorization/policyDefinitions","name":"16c6ca72-89d2-4798-b87e-496f9de7fcb7"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Enforce HTTPS ingress in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces HTTPS ingress in a Kubernetes cluster. For instructions on
+ using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-https-only/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-https-only/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d","type":"Microsoft.Authorization/policyDefinitions","name":"1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Ensure services listen only on allowed ports in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces services to listen only on allowed ports in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"allowedServicePortsList":{"type":"Array","metadata":{"displayName":"Allowed
+ service ports list","description":"The list of service ports allowed in a
+ Kubernetes cluster."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/service-allowed-ports/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/service-allowed-ports/constraint.yaml","values":{"allowedServicePorts":"[parameters(''allowedServicePortsList'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/233a2a17-77ca-4fb1-9b6b-69223d272a44","type":"Microsoft.Authorization/policyDefinitions","name":"233a2a17-77ca-4fb1-9b6b-69223d272a44"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Ensure services listen only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces services to listen only on allowed ports in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
@@ -7474,14 +13449,34 @@ interactions:
service ports regex","description":"Regex representing service ports allowed
in Kubernetes cluster. E.g. Regex for allowing ports 443,446 is ^(443|446)$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ServiceAllowedPorts","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/service-allowed-ports/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedServicePortsRegex":"[parameters(''allowedServicePortsRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/25dee3db-6ce0-4c02-ab5d-245887b24077","type":"Microsoft.Authorization/policyDefinitions","name":"25dee3db-6ce0-4c02-ab5d-245887b24077"},{"properties":{"displayName":"[Limited
- Preview]: Enforce HTTPS ingress in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ Preview]: [AKS] Enforce HTTPS ingress in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces HTTPS ingress in an Azure Kubernetes Service cluster. Limited
Preview policies only work for registered subscriptions. To register, please
go to https://aka.ms/akspolicyonboarding. For instruction on using this policy,
please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"HttpsIngressOnly","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-https-only/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fbff515-eecc-4b7e-9b63-fcc7138b7dc3","type":"Microsoft.Authorization/policyDefinitions","name":"2fbff515-eecc-4b7e-9b63-fcc7138b7dc3"},{"properties":{"displayName":"[Limited
- Preview]: Ensure only allowed container images in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"HttpsIngressOnly","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-https-only/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fbff515-eecc-4b7e-9b63-fcc7138b7dc3","type":"Microsoft.Authorization/policyDefinitions","name":"2fbff515-eecc-4b7e-9b63-fcc7138b7dc3"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Enforce internal load balancers in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces load balancers do not have public IPs in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/load-balancer-no-public-ips/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/load-balancer-no-public-ips/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e","type":"Microsoft.Authorization/policyDefinitions","name":"3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Ensure containers listen only on allowed ports in Kubernetes
+ cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces containers to listen only on allowed ports in a Kubernetes
+ cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"allowedContainerPortsList":{"type":"Array","metadata":{"displayName":"Allowed
+ container ports list","description":"The list of container ports allowed in
+ a Kubernetes cluster."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-ports/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-ports/constraint.yaml","values":{"allowedContainerPorts":"[parameters(''allowedContainerPortsList'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/440b515e-a580-421e-abeb-b159a61ddcbc","type":"Microsoft.Authorization/policyDefinitions","name":"440b515e-a580-421e-abeb-b159a61ddcbc"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Enforce labels on pods in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces the specified labels are provided for pods in a Kubernetes
+ cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"labelsList":{"type":"Array","metadata":{"displayName":"List
+ of labels","description":"The list of labels to be specified on Pods in a
+ Kubernetes cluster."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/pod-enforce-labels/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/pod-enforce-labels/constraint.yaml","values":{"labels":"[parameters(''labelsList'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/46592696-4c7b-4bf3-9e45-6c2763bdc0a6","type":"Microsoft.Authorization/policyDefinitions","name":"46592696-4c7b-4bf3-9e45-6c2763bdc0a6"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Ensure only allowed container images in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy ensures only allowed container images are running in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
@@ -7491,43 +13486,104 @@ interactions:
allowed in Kubernetes cluster. E.g. Regex of azure container registry images
is ^.+azurecr.io/.+$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerAllowedImages","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-allowed-images/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedContainerImagesRegex":"[parameters(''allowedContainerImagesRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5f86cb6e-c4da-441b-807c-44bd0cc14e66","type":"Microsoft.Authorization/policyDefinitions","name":"5f86cb6e-c4da-441b-807c-44bd0cc14e66"},{"properties":{"displayName":"[Limited
- Preview]: Do not allow privileged containers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ Preview]: [AKS] Do not allow privileged containers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy does not allow privileged containers creation in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerNoPrivilege","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-no-privilege/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ce7ac02-a5c6-45d6-8d1b-844feb1c1531","type":"Microsoft.Authorization/policyDefinitions","name":"7ce7ac02-a5c6-45d6-8d1b-844feb1c1531"},{"properties":{"displayName":"[Limited
- Preview]: Ensure CPU and memory resource limits defined on containers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerNoPrivilege","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-no-privilege/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ce7ac02-a5c6-45d6-8d1b-844feb1c1531","type":"Microsoft.Authorization/policyDefinitions","name":"7ce7ac02-a5c6-45d6-8d1b-844feb1c1531"},{"properties":{"displayName":"[Preview]:
+ Manage certificates issued by an integrated CA","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages certificates are issued by a specified key vault integrated
+ Certificate Authority.","metadata":{"category":"Key Vault","preview":true},"parameters":{"allowedCAs":{"type":"Array","metadata":{"displayName":"Allowed
+ Azure Key Vault Supported CAs","description":"The list of allowed certificate
+ authorities supported by Azure Key Vault."},"allowedValues":["DigiCert","GlobalSign"],"defaultValue":["DigiCert","GlobalSign"]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/issuer.name","notIn":"[parameters(''allowedCAs'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82","type":"Microsoft.Authorization/policyDefinitions","name":"8e826246-c976-48f6-b03e-619bb92b3d82"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Do not allow privileged containers in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy does not allow privileged containers creation in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-no-privilege/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-no-privilege/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4","type":"Microsoft.Authorization/policyDefinitions","name":"95edb821-ddaf-4404-9732-666045e056b4"},{"properties":{"displayName":"[Preview]:
+ Manage certificates issued by a non-integrated CA","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages certificates are issued by a specified non-integrated Certificate
+ Authority.","metadata":{"category":"Key Vault","preview":true},"parameters":{"caCommonName":{"type":"String","metadata":{"displayName":"The
+ common name of the certificate authority","description":"The common name (CN)
+ of the Certificate Authority (CA) provider. For example, for an issuer CN
+ = Contoso, OU = .., DC = .., you can specify Contoso"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/issuer.commonName","notContains":"[parameters(''caCommonName'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341","type":"Microsoft.Authorization/policyDefinitions","name":"a22f4a40-01d3-4c7d-8071-da157eeff341"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Ensure CPU and memory resource limits defined on containers
+ in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy ensures CPU and memory resource limits are defined on containers in
an Azure Kubernetes Service cluster. Limited Preview policies only work for
registered subscriptions. To register, please go to https://aka.ms/akspolicyonboarding.
For instruction on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerResourceLimits","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-resource-limits/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2d3ed81-8d11-4079-80a5-1faadc0024f4","type":"Microsoft.Authorization/policyDefinitions","name":"a2d3ed81-8d11-4079-80a5-1faadc0024f4"},{"properties":{"displayName":"[Limited
- Preview]: Enforce internal load balancers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ Preview]: [AKS] Enforce internal load balancers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces load balancers do not have public IPs in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"LoadBalancersInternal","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/loadbalancer-no-publicips/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a74d8f00-2fd9-4ce4-968e-0ee1eb821698","type":"Microsoft.Authorization/policyDefinitions","name":"a74d8f00-2fd9-4ce4-968e-0ee1eb821698"},{"properties":{"displayName":"[Limited
- Preview]: Enforce unique ingress hostnames across namespaces in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"LoadBalancersInternal","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/loadbalancer-no-publicips/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a74d8f00-2fd9-4ce4-968e-0ee1eb821698","type":"Microsoft.Authorization/policyDefinitions","name":"a74d8f00-2fd9-4ce4-968e-0ee1eb821698"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Enforce unique ingress hostnames across namespaces in Kubernetes
+ cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces unique ingress hostnames across namespaces in a Kubernetes
+ cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-hostnames-conflict/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-hostnames-conflict/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b2fd3e59-6390-4f2b-8247-ea676bd03e2d","type":"Microsoft.Authorization/policyDefinitions","name":"b2fd3e59-6390-4f2b-8247-ea676bd03e2d"},{"properties":{"displayName":"[Preview]:
+ Manage allowed curve names for elliptic curve cryptography certificates","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the allowed elliptic curve names for elliptic curve cryptography
+ certificates.","metadata":{"category":"Key Vault","preview":true},"parameters":{"allowedECNames":{"type":"Array","metadata":{"displayName":"Allowed
+ elliptic curve names","description":"The list of allowed curve names for elliptic
+ curve cryptography certificates."},"allowedValues":["P-256","P-256K","P-384","P-521"],"defaultValue":["P-256","P-256K","P-384","P-521"]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType","in":["EC","EC-HSM"]},{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.ellipticCurveName","notIn":"[parameters(''allowedECNames'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf","type":"Microsoft.Authorization/policyDefinitions","name":"bd78111f-4953-4367-9fd5-7e08808b54bf"},{"properties":{"displayName":"[Preview]:
+ Manage minimum key size for RSA certificates","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the minimum key size for RSA certificates.","metadata":{"category":"Key
+ Vault","preview":true},"parameters":{"minimumRSAKeySize":{"type":"Integer","metadata":{"displayName":"Minimum
+ RSA key size","description":"The minimum key size for RSA certificates."},"allowedValues":[2048,3072,4096]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType","in":["RSA","RSA-HSM"]},{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keySize","less":"[parameters(''minimumRSAKeySize'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0","type":"Microsoft.Authorization/policyDefinitions","name":"cee51871-e572-4576-855c-047c820360f0"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Enforce unique ingress hostnames across namespaces in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces unique ingress hostnames across namespaces in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"UniqueIngressHostnames","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-hostnames-conflict/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d011d9f7-ba32-4005-b727-b3d09371ca60","type":"Microsoft.Authorization/policyDefinitions","name":"d011d9f7-ba32-4005-b727-b3d09371ca60"}]}'
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"UniqueIngressHostnames","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-hostnames-conflict/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d011d9f7-ba32-4005-b727-b3d09371ca60","type":"Microsoft.Authorization/policyDefinitions","name":"d011d9f7-ba32-4005-b727-b3d09371ca60"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Ensure container CPU and memory resource limits do not exceed
+ the specified limits in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy ensures container CPU and memory resource limits are defined and do
+ not exceed the specified limits in a Kubernetes cluster. For instructions
+ on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"cpuLimit":{"type":"String","metadata":{"displayName":"Max
+ allowed CPU units","description":"The maximum CPU units allowed for a container.
+ E.g. 200m. For more information, please refer https://aka.ms/k8s-policy-pod-limits"}},"memoryLimit":{"type":"String","metadata":{"displayName":"Max
+ allowed memory bytes","description":"The maximum memory bytes allowed for
+ a container. E.g. 1Gi. For more information, please refer https://aka.ms/k8s-policy-pod-limits"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-resource-limits/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-resource-limits/constraint.yaml","values":{"cpuLimit":"[parameters(''cpuLimit'')]","memoryLimit":"[parameters(''memoryLimit'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e345eecc-fa47-480f-9e88-67dcc122b164","type":"Microsoft.Authorization/policyDefinitions","name":"e345eecc-fa47-480f-9e88-67dcc122b164"},{"properties":{"displayName":"[Preview]:
+ Manage certificates that are within a specified number of days of expiration","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages certificates that are within a specified number of days to
+ their expiration date.","metadata":{"category":"Key Vault","preview":true},"parameters":{"daysToExpire":{"type":"Integer","metadata":{"displayName":"Days
+ to expire","description":"The number of days for a certificate to expire."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/attributes.expiresOn","lessOrEquals":"[addDays(utcNow(),
+ parameters(''daysToExpire''))]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427","type":"Microsoft.Authorization/policyDefinitions","name":"f772fb64-8e40-40ad-87bc-7706e1949427"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Ensure only allowed container images in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy ensures only allowed container images are running in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"allowedContainerImagesRegex":{"type":"String","metadata":{"displayName":"Allowed
+ container images regex","description":"Regex representing container images
+ allowed in a Kubernetes cluster. E.g. Regex for azure container registry images
+ is ^.+azurecr.io/.+$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-images/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-images/constraint.yaml","values":{"allowedContainerImagesRegex":"[parameters(''allowedContainerImagesRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/febd0533-8e55-448f-b837-bd0e06f16469","type":"Microsoft.Authorization/policyDefinitions","name":"febd0533-8e55-448f-b837-bd0e06f16469"}]}'
headers:
cache-control:
- no-cache
content-length:
- - '907940'
+ - '1630719'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:13:59 GMT
+ - Fri, 06 Dec 2019 22:28:29 GMT
expires:
- '-1'
pragma:
@@ -7559,8 +13615,8 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: POST
@@ -7576,7 +13632,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:14:04 GMT
+ - Fri, 06 Dec 2019 22:28:32 GMT
expires:
- '-1'
pragma:
@@ -7590,7 +13646,7 @@ interactions:
x-content-type-options:
- nosniff
x-ms-ratelimit-remaining-subscription-writes:
- - '1198'
+ - '1199'
status:
code: 200
message: OK
@@ -7608,8 +13664,8 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
@@ -7625,7 +13681,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:14:14 GMT
+ - Fri, 06 Dec 2019 22:28:42 GMT
expires:
- '-1'
pragma:
@@ -7657,8 +13713,8 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: DELETE
@@ -7674,7 +13730,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:14:18 GMT
+ - Fri, 06 Dec 2019 22:28:46 GMT
expires:
- '-1'
location:
@@ -7682,21 +13738,15 @@ interactions:
pragma:
- no-cache
request-id:
- - 50d77058-406d-43f5-90d2-55c8b4d8f815
- server:
- - Microsoft-IIS/10.0
+ - e83138d5-0e3c-43ec-9ffb-a421843d017f
strict-transport-security:
- max-age=31536000; includeSubDomains
- x-aspnet-version:
- - 4.0.30319
x-ba-restapi:
- - 1.0.3.1532
+ - 1.0.3.1543
x-content-type-options:
- nosniff
x-ms-ratelimit-remaining-tenant-deletes:
- '14999'
- x-powered-by:
- - ASP.NET
status:
code: 202
message: Accepted
@@ -7714,8 +13764,55 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Management/operationResults/delete/managementGroups/cli-test-mgmt-group000002?api-version=2018-03-01-preview
+ response:
+ body:
+ string: '{"id":"/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002","type":"/providers/Microsoft.Management/managementGroups","name":"cli-test-mgmt-group000002","status":"Running"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '205'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:28:58 GMT
+ expires:
+ - '-1'
+ location:
+ - https://management.azure.com/providers/Microsoft.Management/operationResults/delete/managementGroups/cli-test-mgmt-group000002?api-version=2018-03-01-preview
+ pragma:
+ - no-cache
+ request-id:
+ - 5c9a5d1b-6c7b-4b8c-8833-8f1fa38de10b
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-ba-restapi:
+ - 1.0.3.1543
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 202
+ message: Accepted
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - account management-group delete
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.0.77
method: GET
uri: https://management.azure.com/providers/Microsoft.Management/operationResults/delete/managementGroups/cli-test-mgmt-group000002?api-version=2018-03-01-preview
response:
@@ -7729,29 +13826,23 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:14:29 GMT
+ - Fri, 06 Dec 2019 22:29:08 GMT
expires:
- '-1'
pragma:
- no-cache
request-id:
- - 04f11267-4736-4f94-b8ec-13beb5cffae4
- server:
- - Microsoft-IIS/10.0
+ - e87f5903-bb64-471d-a281-26eae2e24326
strict-transport-security:
- max-age=31536000; includeSubDomains
transfer-encoding:
- chunked
vary:
- Accept-Encoding,Accept-Encoding
- x-aspnet-version:
- - 4.0.30319
x-ba-restapi:
- - 1.0.3.1532
+ - 1.0.3.1543
x-content-type-options:
- nosniff
- x-powered-by:
- - ASP.NET
status:
code: 200
message: OK
diff --git a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policyset_default.yaml b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policyset_default.yaml
index a15cc753370..b6ea5358120 100644
--- a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policyset_default.yaml
+++ b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policyset_default.yaml
@@ -3,8 +3,8 @@ interactions:
body: '{"properties": {"displayName": "test_policy000003", "description": "desc_for_test_policy_123",
"policyRule": {"if": {"not": {"field": "location", "in": "[parameters(''allowedLocations'')]"}},
"then": {"effect": "deny"}}, "parameters": {"allowedLocations": {"type": "array",
- "metadata": {"description": "The list of locations that can be specified when
- deploying resources", "strongType": "location", "displayName": "Allowed locations"}}}}}'
+ "metadata": {"displayName": "Allowed locations", "description": "The list of
+ locations that can be specified when deploying resources"}}}}}'
headers:
Accept:
- application/json
@@ -15,32 +15,32 @@ interactions:
Connection:
- keep-alive
Content-Length:
- - '440'
+ - '414'
Content-Type:
- application/json; charset=utf-8
ParameterSetName:
- -n --rules --params --display-name --description
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policy000003","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-11T21:56:39.5914345Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'
+ string: '{"properties":{"displayName":"test_policy000003","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T22:30:12.9687144Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ locations","description":"The list of locations that can be specified when
+ deploying resources"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'
headers:
cache-control:
- no-cache
content-length:
- - '828'
+ - '804'
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:56:40 GMT
+ - Fri, 06 Dec 2019 22:30:12 GMT
expires:
- '-1'
pragma:
@@ -55,10 +55,11 @@ interactions:
code: 201
message: Created
- request:
- body: '{"properties": {"mode": "Microsoft.KeyVault.Data", "displayName": "test_data_policy000005",
+ body: '{"properties": {"mode": "Microsoft.DataCatalog.Data", "displayName": "test_data_policy000005",
"description": "desc_for_test_data_policy_123", "policyRule": {"if": {"field":
- "Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType", "equals":
- "RSA"}, "then": {"effect": "audit"}}}}'
+ "Microsoft.DataCatalog.Data/catalog/entity/type", "equals": "SomeEntityType"},
+ "then": {"effect": "ModifyClassifications", "details": {"classificationsToAdd":
+ ["foo"], "classificationsToRemove": ["bar"]}}}}}'
headers:
Accept:
- application/json
@@ -69,30 +70,30 @@ interactions:
Connection:
- keep-alive
Content-Length:
- - '286'
+ - '379'
Content-Type:
- application/json; charset=utf-8
ParameterSetName:
- -n --rules --mode --display-name --description
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_data_policy000005","policyType":"Custom","mode":"Microsoft.KeyVault.Data","description":"desc_for_test_data_policy_123","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-11T21:56:40.9348856Z","updatedBy":null,"updatedOn":null},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType","equals":"RSA"},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-data-policy000004"}'
+ string: '{"properties":{"displayName":"test_data_policy000005","policyType":"Custom","mode":"Microsoft.DataCatalog.Data","description":"desc_for_test_data_policy_123","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T22:30:14.3836612Z","updatedBy":null,"updatedOn":null},"policyRule":{"if":{"field":"Microsoft.DataCatalog.Data/catalog/entity/type","equals":"SomeEntityType"},"then":{"effect":"ModifyClassifications","details":{"classificationsToAdd":["foo"],"classificationsToRemove":["bar"]}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-data-policy000004"}'
headers:
cache-control:
- no-cache
content-length:
- - '667'
+ - '755'
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:56:41 GMT
+ - Fri, 06 Dec 2019 22:30:13 GMT
expires:
- '-1'
pragma:
@@ -127,24 +128,24 @@ interactions:
ParameterSetName:
- -n --definitions --display-name --description
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policyset000007","policyType":"Custom","description":"desc_for_test_policyset_123","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-11T21:56:43.2492219Z","updatedBy":null,"updatedOn":null},"policyDefinitions":[{"policyDefinitionReferenceId":"800384065607876238","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"5698725340126492926","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000006"}'
+ string: '{"properties":{"displayName":"test_policyset000007","policyType":"Custom","description":"desc_for_test_policyset_123","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T22:30:16.9649536Z","updatedBy":null,"updatedOn":null},"policyDefinitions":[{"policyDefinitionReferenceId":"15292011381361584879","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"5774214427163382764","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000006"}'
headers:
cache-control:
- no-cache
content-length:
- - '1036'
+ - '1038'
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:56:43 GMT
+ - Fri, 06 Dec 2019 22:30:11 GMT
expires:
- '-1'
pragma:
@@ -172,24 +173,24 @@ interactions:
ParameterSetName:
- -n --display-name --description
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policyset000007","policyType":"Custom","description":"desc_for_test_policyset_123","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-11T21:56:43.2492219Z","updatedBy":null,"updatedOn":null},"policyDefinitions":[{"policyDefinitionReferenceId":"800384065607876238","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"5698725340126492926","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000006"}'
+ string: '{"properties":{"displayName":"test_policyset000007","policyType":"Custom","description":"desc_for_test_policyset_123","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T22:30:16.9649536Z","updatedBy":null,"updatedOn":null},"policyDefinitions":[{"policyDefinitionReferenceId":"15292011381361584879","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"5774214427163382764","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000006"}'
headers:
cache-control:
- no-cache
content-length:
- - '1036'
+ - '1038'
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:56:43 GMT
+ - Fri, 06 Dec 2019 22:30:17 GMT
expires:
- '-1'
pragma:
@@ -210,7 +211,9 @@ interactions:
"desc_for_test_policyset_123_new", "policyDefinitions": [{"policyDefinitionId":
"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002",
"parameters": {"allowedLocations": {"value": ["australiaeast", "eastus", "japaneast",
- "westus"]}}}, {"policyDefinitionId": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]}}'
+ "westus"]}}, "policyDefinitionReferenceId": "15292011381361584879"}, {"policyDefinitionId":
+ "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004",
+ "policyDefinitionReferenceId": "5774214427163382764"}]}}'
headers:
Accept:
- application/json
@@ -221,30 +224,30 @@ interactions:
Connection:
- keep-alive
Content-Length:
- - '555'
+ - '664'
Content-Type:
- application/json; charset=utf-8
ParameterSetName:
- -n --display-name --description
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policyset000007_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-11T21:56:43.2492219Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-11T21:56:44.6968178Z"},"policyDefinitions":[{"policyDefinitionReferenceId":"800384065607876238","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"5698725340126492926","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000006"}'
+ string: '{"properties":{"displayName":"test_policyset000007_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T22:30:16.9649536Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T22:30:19.416943Z"},"policyDefinitions":[{"policyDefinitionReferenceId":"15292011381361584879","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"5774214427163382764","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000006"}'
headers:
cache-control:
- no-cache
content-length:
- - '1104'
+ - '1105'
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:56:44 GMT
+ - Fri, 06 Dec 2019 22:30:18 GMT
expires:
- '-1'
pragma:
@@ -274,12 +277,12 @@ interactions:
Connection:
- keep-alive
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions?api-version=2019-09-01
response:
body:
string: '{"value":[{"properties":{"displayName":"Audit Windows VMs in which
@@ -322,7 +325,11 @@ interactions:
a subset of CIS Microsoft Azure Foundations Benchmark recommendations. Additional
policies will be added in upcoming releases. For more information, please
visit https://aka.ms/cisazure-blueprint.","metadata":{"category":"Regulatory
- Compliance"},"parameters":{},"policyDefinitions":[{"policyDefinitionReferenceId":"CISv110x1x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x1m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x3CISv110x7x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x5CISv110x7x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x6CISv110x7x1CISv110x7x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x15CISv110x4x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x5m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x10m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{}},{"policyDefinitionReferenceId":"CISv110x8x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1a5bb27d-173f-493e-9568-eb56638dde4d","type":"Microsoft.Authorization/policySetDefinitions","name":"1a5bb27d-173f-493e-9568-eb56638dde4d"},{"properties":{"displayName":"[Preview]:
+ Compliance"},"parameters":{"listOfRegionsWhereNetworkWatcherShouldBeEnabled":{"type":"Array","metadata":{"displayName":"List
+ of regions where Network Watcher should be enabled","description":"To see
+ a complete list of regions use Get-AzLocation","strongType":"location"},"defaultValue":["eastus"]},"listOfApprovedVMExtensions":{"type":"Array","metadata":{"displayName":"List
+ of virtual machine extensions that are approved for use","description":"To
+ see a complete list of virtual machine extensions, use Get-AzVMExtensionImage"},"defaultValue":["AzureDiskEncryption","AzureDiskEncryptionForLinux","DependencyAgentWindows","DependencyAgentLinux","IaaSAntimalware","IaaSDiagnostics","LinuxDiagnostic","MicrosoftMonitoringAgent","NetworkWatcherAgentLinux","NetworkWatcherAgentWindows","OmsAgentForLinux","VMSnapshot","VMSnapshotLinux"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"CISv110x1x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x1m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x23","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1181c5f-672a-477a-979a-7d58aa086233","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x3CISv110x7x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x5CISv110x7x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x6CISv110x7x1CISv110x7x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x9m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x13","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x14CISv110x4x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x15CISv110x4x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x16","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x17","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x18","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x19","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x4m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x5m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x6m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x7m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x10m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x11","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x13","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x14","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e442","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x15","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e446","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x16","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e8f3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x17","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{}},{"policyDefinitionReferenceId":"CISv110x6x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfRegionsWhereNetworkWatcherShouldBeEnabled'')]"}}},{"policyDefinitionReferenceId":"CISv110x7x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","parameters":{}},{"policyDefinitionReferenceId":"CISv110x7x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432","parameters":{"approvedExtensions":{"value":"[parameters(''listOfApprovedVMExtensions'')]"}}},{"policyDefinitionReferenceId":"CISv110x8x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","parameters":{}},{"policyDefinitionReferenceId":"CISv110x8x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x3m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x3mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x4m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x4mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86d97760-d216-4d81-a3ad-163087b2b6c3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x5m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0473e7a-a1ba-4e86-afb2-e829e11b01d8","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x5mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa81768c-cb87-4ce2-bfaa-00baa10d760c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c2e7ca55-f62c-49b2-89a4-d41eb661d2f0","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x6m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10c1859c-e1a7-4df3-ab97-a487fa8059f6","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x6mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/843664e0-7563-41ee-a9cb-7522c382d2c4","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x7m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ab965db2-d2bf-4b64-8b39-c38ec8179461","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x7mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x8m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x8mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x9m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x9mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x10m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x10mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1a5bb27d-173f-493e-9568-eb56638dde4d","type":"Microsoft.Authorization/policySetDefinitions","name":"1a5bb27d-173f-493e-9568-eb56638dde4d"},{"properties":{"displayName":"[Preview]:
Enable Monitoring in Azure Security Center","policyType":"BuiltIn","description":"Monitor
all the available security recommendations in Azure Security Center. This
is the default policy for Azure Security Center.","metadata":{"category":"Security
@@ -388,7 +395,7 @@ interactions:
retention (in days) for logs in Batch accounts","description":"The required
diagnostic logs retention period in days"},"defaultValue":"365"},"metricAlertsInBatchAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Metric
alert rules should be configured on Batch accounts","description":"Enable
- or disable the monitoring of metric alerts in Batch accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"classicComputeVMsMonitoringEffect":{"type":"String","metadata":{"displayName":"Virtual
+ or disable the monitoring of metric alerts in Batch accounts","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"classicComputeVMsMonitoringEffect":{"type":"String","metadata":{"displayName":"Virtual
machines should be migrated to new Azure Resource Manager resources","description":"Enable
or disable the monitoring of classic compute VMs"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"classicStorageAccountsMonitoringEffect":{"type":"String","metadata":{"displayName":"Storage
accounts should be migrated to new Azure Resource Manager resources","description":"Enable
@@ -487,7 +494,25 @@ interactions:
debugging should be turned off for Function App","description":"Enable or
disable the monitoring of remote debugging for Function App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppDisableRemoteDebuggingMonitoringEffect":{"type":"String","metadata":{"displayName":"Remote
debugging should be turned off for Web Application","description":"Enable
- or disable the monitoring of remote debugging for Web App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppDisableWebSocketsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
+ or disable the monitoring of remote debugging for Web App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppAuditFtpsMonitoringEffect":{"type":"String","metadata":{"displayName":"FTPS
+ should be required in your API App","description":"Enable FTPS enforcement
+ for enhanced security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"functionAppAuditFtpsMonitoringEffect":{"type":"String","metadata":{"displayName":"FTPS
+ should be required in your Function App","description":"Enable FTPS enforcement
+ for enhanced security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppAuditFtpsMonitoringEffect":{"type":"String","metadata":{"displayName":"FTPS
+ should be required in your Web App","description":"Enable FTPS enforcement
+ for enhanced security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppUseManagedIdentityMonitoringEffect":{"type":"String","metadata":{"displayName":"A
+ managed identity should be used in your API App","description":"Use a managed
+ identity for enhanced authentication security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"functionAppUseManagedIdentityMonitoringEffect":{"type":"String","metadata":{"displayName":"A
+ managed identity should be used in your Function App","description":"Use a
+ managed identity for enhanced authentication security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppUseManagedIdentityMonitoringEffect":{"type":"String","metadata":{"displayName":"A
+ managed identity should be used in your Web App","description":"Use a managed
+ identity for enhanced authentication security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppRequireLatestTlsMonitoringEffect":{"type":"String","metadata":{"displayName":"Latest
+ TLS version should be used in your API App","description":"Upgrade to the
+ latest TLS version"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"functionAppRequireLatestTlsMonitoringEffect":{"type":"String","metadata":{"displayName":"Latest
+ TLS version should be used in your Function App","description":"Upgrade to
+ the latest TLS version"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppRequireLatestTlsMonitoringEffect":{"type":"String","metadata":{"displayName":"Latest
+ TLS version should be used in your Web App","description":"Upgrade to the
+ latest TLS version"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppDisableWebSocketsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
disable web sockets for API App","description":"[Deprecated] Enable or disable
the monitoring of web sockets for API App","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"functionAppDisableWebSocketsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
disable web sockets for Function App","description":"[Deprecated] Enable or
@@ -613,7 +638,11 @@ interactions:
and control over the TDE Protector, increased security with an HSM-backed
external service, and promotion of separation of duties."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"containerBenchmarkMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities
in container security configurations should be remediated","description":"Enable
- or disable container benchmark monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssEndpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{"effect":{"value":"[parameters(''vmssEndpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInIoTHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInIoTHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInIoTHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceFabricMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"accessRulesInEventHubNamespaceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","parameters":{"effect":{"value":"[parameters(''accessRulesInEventHubNamespaceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"accessRulesInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d","parameters":{"effect":{"value":"[parameters(''accessRulesInEventHubMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"useRbacRulesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{"effect":{"value":"[parameters(''useRbacRulesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInStreamAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"secureTransferToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''secureTransferToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInSqlServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInSqlServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"namespaceAuthorizationRulesInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","parameters":{"effect":{"value":"[parameters(''namespaceAuthorizationRulesInServiceBusMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceBusMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInServiceBusRetentionDays'')]"}}},{"policyDefinitionReferenceId":"clusterProtectionLevelInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{"effect":{"value":"[parameters(''clusterProtectionLevelInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInSearchServiceRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInRedisCacheMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInRedisCacheMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInLogicAppsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInLogicAppsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInLogicAppsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInKeyVaultMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInKeyVaultMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInKeyVaultRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInEventHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInEventHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeStoreMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"classicStorageAccountsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{"effect":{"value":"[parameters(''classicStorageAccountsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"classicComputeVMsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''classicComputeVMsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"metricAlertsInBatchAccountPoolDeleteStart","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","parameters":{"effect":{"value":"[parameters(''metricAlertsInBatchAccountMonitoringEffect'')]"},"metricName":{"value":"PoolDeleteStartEvent"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInBatchAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInBatchAccountMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInBatchAccountRetentionDays'')]"}}},{"policyDefinitionReferenceId":"encryptionOfAutomationAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{"effect":{"value":"[parameters(''encryptionOfAutomationAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSelectiveAppServicesMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSelectiveAppServicesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''sqlDbEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAuditingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAuditingActionsAndGroupsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingActionsAndGroupsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"SqlServerAuditingRetentionDaysMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{"effect":{"value":"[parameters(''SqlServerAuditingRetentionDaysMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnSubnetsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnSubnetsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnVirtualMachinesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemConfigurationsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{"effect":{"value":"[parameters(''systemConfigurationsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"endpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{"effect":{"value":"[parameters(''endpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"serverVulnerabilityAssessment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''serverVulnerabilityAssessmentEffect'')]"}}},{"policyDefinitionReferenceId":"webApplicationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{"effect":{"value":"[parameters(''webApplicationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''nextGenerationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''sqlDbVulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbDataClassificationMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349","parameters":{"effect":{"value":"[parameters(''sqlDbDataClassificationMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateLessThanOwnersMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{"effect":{"value":"[parameters(''identityDesignateLessThanOwnersMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateMoreThanOneOwnerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{"effect":{"value":"[parameters(''identityDesignateMoreThanOneOwnerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''apiAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{"effect":{"value":"[parameters(''functionAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''webAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''apiAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"apiAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","parameters":{"effect":{"value":"[parameters(''apiAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5","parameters":{"effect":{"value":"[parameters(''functionAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vnetEnableDDoSProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{"effect":{"value":"[parameters(''vnetEnableDDoSProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityEmailsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityEmailsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityEmailsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityEmailsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityEmailAdminsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityEmailAdminsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceRbacEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''kubernetesServiceRbacEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServicePspEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94","parameters":{"effect":{"value":"[parameters(''kubernetesServicePspEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceVersionUpToDateMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{"effect":{"value":"[parameters(''kubernetesServiceVersionUpToDateMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceAuthorizedIPRangesEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e246bcf-5f6f-4f87-bc6f-775d4712c7ea","parameters":{"effect":{"value":"[parameters(''kubernetesServiceAuthorizedIPRangesEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"threatDetectionTypesOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{"effect":{"value":"[parameters(''threatDetectionTypesOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"threatDetectionTypesOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{"effect":{"value":"[parameters(''threatDetectionTypesOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToManagementPortsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{"effect":{"value":"[parameters(''restrictAccessToManagementPortsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToAppServicesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a833ff1-d297-4a0f-9944-888428f8e0ff","parameters":{"effect":{"value":"[parameters(''restrictAccessToAppServicesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableIPForwardingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744","parameters":{"effect":{"value":"[parameters(''disableIPForwardingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"containerBenchmarkMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{"effect":{"value":"[parameters(''containerBenchmarkMonitoringEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","type":"Microsoft.Authorization/policySetDefinitions","name":"1f3afdf9-d0c9-4c3d-847f-89da613e70a8"},{"properties":{"displayName":"Audit
+ or disable container benchmark monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"ASCDependencyAgentAuditWindowsEffect":{"type":"String","metadata":{"displayName":"Audit
+ Dependency Agent for Windows VMs monitoring","description":"Enable or disable
+ Dependency Agent for Windows VMs"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"ASCDependencyAgentAuditLinuxEffect":{"type":"String","metadata":{"displayName":"Audit
+ Dependency Agent for Linux VMs monitoring","description":"Enable or disable
+ Dependency Agent for Linux VMs"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssEndpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{"effect":{"value":"[parameters(''vmssEndpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInIoTHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInIoTHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInIoTHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceFabricMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"accessRulesInEventHubNamespaceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","parameters":{"effect":{"value":"[parameters(''accessRulesInEventHubNamespaceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"accessRulesInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d","parameters":{"effect":{"value":"[parameters(''accessRulesInEventHubMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"useRbacRulesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{"effect":{"value":"[parameters(''useRbacRulesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInStreamAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"secureTransferToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''secureTransferToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInSqlServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInSqlServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"namespaceAuthorizationRulesInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","parameters":{"effect":{"value":"[parameters(''namespaceAuthorizationRulesInServiceBusMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceBusMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInServiceBusRetentionDays'')]"}}},{"policyDefinitionReferenceId":"clusterProtectionLevelInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{"effect":{"value":"[parameters(''clusterProtectionLevelInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInSearchServiceRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInRedisCacheMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInRedisCacheMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInLogicAppsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInLogicAppsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInLogicAppsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInKeyVaultMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInKeyVaultMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInKeyVaultRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInEventHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInEventHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeStoreMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"classicStorageAccountsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{"effect":{"value":"[parameters(''classicStorageAccountsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"classicComputeVMsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''classicComputeVMsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInBatchAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInBatchAccountMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInBatchAccountRetentionDays'')]"}}},{"policyDefinitionReferenceId":"encryptionOfAutomationAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{"effect":{"value":"[parameters(''encryptionOfAutomationAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSelectiveAppServicesMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSelectiveAppServicesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''sqlDbEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAuditingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAuditingActionsAndGroupsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingActionsAndGroupsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"SqlServerAuditingRetentionDaysMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{"effect":{"value":"[parameters(''SqlServerAuditingRetentionDaysMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnSubnetsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnSubnetsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnVirtualMachinesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemConfigurationsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{"effect":{"value":"[parameters(''systemConfigurationsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"endpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{"effect":{"value":"[parameters(''endpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"serverVulnerabilityAssessment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''serverVulnerabilityAssessmentEffect'')]"}}},{"policyDefinitionReferenceId":"webApplicationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{"effect":{"value":"[parameters(''webApplicationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''nextGenerationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''sqlDbVulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbDataClassificationMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349","parameters":{"effect":{"value":"[parameters(''sqlDbDataClassificationMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateLessThanOwnersMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{"effect":{"value":"[parameters(''identityDesignateLessThanOwnersMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateMoreThanOneOwnerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{"effect":{"value":"[parameters(''identityDesignateMoreThanOneOwnerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''apiAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{"effect":{"value":"[parameters(''functionAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''webAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppAuditFtpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5","parameters":{"effect":{"value":"[parameters(''apiAppAuditFtpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppAuditFtpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","parameters":{"effect":{"value":"[parameters(''webAppAuditFtpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppAuditFtpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15","parameters":{"effect":{"value":"[parameters(''functionAppAuditFtpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppUseManagedIdentityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","parameters":{"effect":{"value":"[parameters(''apiAppUseManagedIdentityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppUseManagedIdentityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332","parameters":{"effect":{"value":"[parameters(''webAppUseManagedIdentityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppUseManagedIdentityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f","parameters":{"effect":{"value":"[parameters(''functionAppUseManagedIdentityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{"effect":{"value":"[parameters(''apiAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{"effect":{"value":"[parameters(''webAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{"effect":{"value":"[parameters(''functionAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''apiAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"apiAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","parameters":{"effect":{"value":"[parameters(''apiAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5","parameters":{"effect":{"value":"[parameters(''functionAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vnetEnableDDoSProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{"effect":{"value":"[parameters(''vnetEnableDDoSProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityEmailsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityEmailsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityEmailsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityEmailsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityEmailAdminsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityEmailAdminsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceRbacEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''kubernetesServiceRbacEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServicePspEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94","parameters":{"effect":{"value":"[parameters(''kubernetesServicePspEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceVersionUpToDateMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{"effect":{"value":"[parameters(''kubernetesServiceVersionUpToDateMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceAuthorizedIPRangesEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e246bcf-5f6f-4f87-bc6f-775d4712c7ea","parameters":{"effect":{"value":"[parameters(''kubernetesServiceAuthorizedIPRangesEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"threatDetectionTypesOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{"effect":{"value":"[parameters(''threatDetectionTypesOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"threatDetectionTypesOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{"effect":{"value":"[parameters(''threatDetectionTypesOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToManagementPortsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{"effect":{"value":"[parameters(''restrictAccessToManagementPortsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToAppServicesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a833ff1-d297-4a0f-9944-888428f8e0ff","parameters":{"effect":{"value":"[parameters(''restrictAccessToAppServicesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableIPForwardingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744","parameters":{"effect":{"value":"[parameters(''disableIPForwardingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"containerBenchmarkMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{"effect":{"value":"[parameters(''containerBenchmarkMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ASCDependencyAgentAuditWindowsEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2f2ee1de-44aa-4762-b6bd-0893fc3f306d","parameters":{"effect":{"value":"[parameters(''ASCDependencyAgentAuditWindowsEffect'')]"}}},{"policyDefinitionReferenceId":"ASCDependencyAgentAuditLinuxEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/04c4380f-3fae-46e8-96c9-30193528f602","parameters":{"effect":{"value":"[parameters(''ASCDependencyAgentAuditLinuxEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","type":"Microsoft.Authorization/policySetDefinitions","name":"1f3afdf9-d0c9-4c3d-847f-89da613e70a8"},{"properties":{"displayName":"Audit
Windows VMs that do not have the specified applications installed","policyType":"BuiltIn","description":"This
initiative deploys the policy requirements and audits Windows virtual machines
that do not have the specified applications installed. For more information
@@ -629,7 +658,7 @@ interactions:
Additional policies will be added in upcoming releases. For more information,
please visit https://aka.ms/ukofficial-blueprint and https://aka.ms/uknhs-blueprint","metadata":{"category":"Regulatory
Compliance"},"parameters":{"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"List
- of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmEtcPasswdFilePermissionsAreSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnauditedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVmDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorVmVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"AuditEnablementOfEncryptionOfAutomationAccountVariables","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{}},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"AuditTheSettingOfClusterprotectionlevelPropertyToEncryptandsignInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{}},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditVMsThatDoNotUseManagedDisks","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/3937f550-eedd-4639-9c5e-294358be442e","type":"Microsoft.Authorization/policySetDefinitions","name":"3937f550-eedd-4639-9c5e-294358be442e"},{"properties":{"displayName":"[Preview]:
+ of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmEtcPasswdFilePermissionsAreSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"DeployPrerequisitesAuditLinuxVmEtcPasswdFilePermissionsAreSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnauditedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVmDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorVmVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"AuditEnablementOfEncryptionOfAutomationAccountVariables","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{}},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AuditTheSettingOfClusterprotectionlevelPropertyToEncryptandsignInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditVMsThatDoNotUseManagedDisks","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{}},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{}},{"policyDefinitionReferenceId":"AuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"AuditVulnerabilityAssessmentShouldBeEnabledOnSQLServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{}},{"policyDefinitionReferenceId":"AuditVulnerabilityAssessmentShouldBeEnabledOnSQLManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"AudtiAdvancedThreatProtectionTypesAllInSQLManagedInstanceAdvancedDataSecuritySettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{}},{"policyDefinitionReferenceId":"AudtiAdvancedThreatProtectionTypesAllInSQLServerAdvancedDataSecuritySettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{}},{"policyDefinitionReferenceId":"TheNsGsRulesForWebApplicationsOnIaaSShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"MonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"MonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"AuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"MonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingsScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/3937f550-eedd-4639-9c5e-294358be442e","type":"Microsoft.Authorization/policySetDefinitions","name":"3937f550-eedd-4639-9c5e-294358be442e"},{"properties":{"displayName":"[Preview]:
Audit SWIFT CSP-CSCF v2020 controls and deploy specific VM Extensions to support
audit requirements","policyType":"BuiltIn","description":"This initiative
includes audit and VM Extension deployment policies that address a subset
@@ -812,6 +841,196 @@ interactions:
machines with older versions on which Windows Defender Exploit Guard is not
available (such as Windows Server 2012 R2) non-compliant. Setting this value
to ''Compliant'' will make these machines compliant."},"allowedValues":["Compliant","Non-Compliant"],"defaultValue":"Non-Compliant"}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_WindowsDefenderExploitGuard","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a7a2bcf-f9be-4e35-9734-4f9657a70f1d","parameters":{"NotAvailableMachineState":{"value":"[parameters(''NotAvailableMachineState'')]"}}},{"policyDefinitionReferenceId":"Audit_WindowsDefenderExploitGuard","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/9d2fd8e6-95c8-410d-add0-43ada4241574","type":"Microsoft.Authorization/policySetDefinitions","name":"9d2fd8e6-95c8-410d-add0-43ada4241574"},{"properties":{"displayName":"Audit
+ HITRUST/HIPAA controls and deploy specific VM Extensions to support audit
+ requirements","policyType":"BuiltIn","description":"This initiative includes
+ policies that address a subset of HITRUST/HIPAA controls. Additional policies
+ will be added in upcoming releases. https://aka.ms/hipaa-blueprint","metadata":{"category":"Regulatory
+ Compliance"},"parameters":{"installedApplicationsOnWindowsVM":{"type":"String","metadata":{"displayName":"Application
+ names (supports wildcards)","description":"A semicolon-separated list of the
+ names of the applications that should be installed. e.g. ''Microsoft SQL Server
+ 2014 (64-bit); Microsoft Visual Studio Code'' or ''Microsoft SQL Server 2014*''
+ (to match any application starting with ''Microsoft SQL Server 2014'')"}},"DeployDiagnosticSettingsforNetworkSecurityGroupsstoragePrefix":{"type":"String","metadata":{"displayName":"Storage
+ Account Prefix for Regional Storage Account to deploy diagnostic settings
+ for Network Security Groups","description":"This prefix will be combined with
+ the network security group location to form the created storage account name."}},"DeployDiagnosticSettingsforNetworkSecurityGroupsrgName":{"type":"String","metadata":{"displayName":"Resource
+ Group Name for Storage Account (must exist) to deploy diagnostic settings
+ for Network Security Groups","description":"The resource group that the storage
+ account will be created in. This resource group must already exist.","strongType":"ExistingResourceGroups"}},"diagnosticsLogsInBatchAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Batch accounts should be enabled","description":"Enable or disable
+ the monitoring of diagnostic logs in Batch accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInBatchAccountRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (in days) for logs in Batch accounts","description":"The required
+ diagnostic logs retention period in days"},"defaultValue":"365"},"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect":{"type":"String","metadata":{"displayName":"SQL
+ managed instance TDE protector should be encrypted with your own key","description":"Enable
+ or disable the monitoring of Transparent Data Encryption (TDE) with your own
+ key support. TDE with your own key support provides increased transparency
+ and control over the TDE Protector, increased security with an HSM-backed
+ external service, and promotion of separation of duties."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diskEncryptionMonitoringEffect":{"type":"String","metadata":{"displayName":"Disk
+ encryption should be applied on virtual machines","description":"Enable or
+ disable the monitoring for VM disk encryption"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInSearchServiceMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Search services should be enabled","description":"Enable or disable
+ the monitoring of diagnostic logs in Azure Search service"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInSearchServiceRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (in days) of logs in Azure Search service","description":"The required
+ diagnostic logs retention period in days"},"defaultValue":"365"},"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerability
+ assessment should be enabled on your SQL managed instances","description":"Audit
+ SQL managed instances which do not have recurring vulnerability assessment
+ scans enabled. Vulnerability assessment can discover, track, and help you
+ remediate potential database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vulnerabilityAssesmentMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities
+ should be remediated by a Vulnerability Assessment solution","description":"Enable
+ or disable the detection of VM vulnerabilities by a vulnerability assessment
+ solution"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"EnableInsecureGuestLogons":{"type":"String","metadata":{"displayName":"Enable
+ insecure guest logons","description":"Specifies whether the SMB client will
+ allow insecure guest logons to an SMB server."},"defaultValue":"0"},"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain":{"type":"String","metadata":{"displayName":"Allow
+ simultaneous connections to the Internet or a Windows Domain","description":"Specify
+ whether to prevent computers from connecting to both a domain based network
+ and a non-domain based network at the same time. A value of 0 allows simultaneous
+ connections, and a value of 1 blocks them."},"defaultValue":"1"},"TurnOffMulticastNameResolution":{"type":"String","metadata":{"displayName":"Turn
+ off multicast name resolution","description":"Specifies whether LLMNR, a secondary
+ name resolution protocol that transmits using multicast over a local subnet
+ link on a single subnet, is enabled."},"defaultValue":"1"},"nextGenerationFirewallMonitoringEffect":{"type":"String","metadata":{"displayName":"Access
+ through Internet facing endpoint should be restricted","description":"Enable
+ or disable overly permissive inbound NSG rules monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect":{"type":"String","metadata":{"displayName":"SQL
+ server TDE protector should be encrypted with your own key","description":"Enable
+ or disable the monitoring of Transparent Data Encryption (TDE) with your own
+ key support. TDE with your own key support provides increased transparency
+ and control over the TDE Protector, increased security with an HSM-backed
+ external service, and promotion of separation of duties."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppDisableRemoteDebuggingMonitoringEffect":{"type":"String","metadata":{"displayName":"Remote
+ debugging should be turned off for API App","description":"Enable or disable
+ the monitoring of remote debugging for API App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"classicComputeVMsMonitoringEffect":{"type":"String","metadata":{"displayName":"Virtual
+ machines should be migrated to new Azure Resource Manager resources","description":"Enable
+ or disable the monitoring of classic compute VMs"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"disableUnrestrictedNetworkToStorageAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Audit
+ unrestricted network access to storage accounts","description":"Enable or
+ disable the monitoring of network access to storage account"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"adaptiveApplicationControlsMonitoringEffect":{"type":"String","metadata":{"displayName":"Adaptive
+ Application Controls should be enabled on virtual machines","description":"Enable
+ or disable the monitoring of application whitelisting in Azure Security Center"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"NetworkAccessRemotelyAccessibleRegistryPaths":{"type":"String","metadata":{"displayName":"Network
+ access: Remotely accessible registry paths","description":"Specifies which
+ registry paths will be accessible over the network, regardless of the users
+ or groups listed in the access control list (ACL) of the `winreg` registry
+ key."},"defaultValue":"System\\CurrentControlSet\\Control\\ProductOptions|#|System\\CurrentControlSet\\Control\\Server
+ Applications|#|Software\\Microsoft\\Windows NT\\CurrentVersion"},"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths":{"type":"String","metadata":{"displayName":"Network
+ access: Remotely accessible registry paths and sub-paths","description":"Specifies
+ which registry paths and sub-paths will be accessible over the network, regardless
+ of the users or groups listed in the access control list (ACL) of the `winreg`
+ registry key."},"defaultValue":"System\\CurrentControlSet\\Control\\Print\\Printers|#|System\\CurrentControlSet\\Services\\Eventlog|#|Software\\Microsoft\\OLAP
+ Server|#|Software\\Microsoft\\Windows NT\\CurrentVersion\\Print|#|Software\\Microsoft\\Windows
+ NT\\CurrentVersion\\Windows|#|System\\CurrentControlSet\\Control\\ContentIndex|#|System\\CurrentControlSet\\Control\\Terminal
+ Server|#|System\\CurrentControlSet\\Control\\Terminal Server\\UserConfig|#|System\\CurrentControlSet\\Control\\Terminal
+ Server\\DefaultUserConfiguration|#|Software\\Microsoft\\Windows NT\\CurrentVersion\\Perflib|#|System\\CurrentControlSet\\Services\\SysmonLog"},"NetworkAccessSharesThatCanBeAccessedAnonymously":{"type":"String","metadata":{"displayName":"Network
+ access: Shares that can be accessed anonymously","description":"Specifies
+ which network shares can be accessed by anonymous users. The default configuration
+ for this policy setting has little effect because all users have to be authenticated
+ before they can access shared resources on the server."},"defaultValue":"0"},"webAppDisableRemoteDebuggingMonitoringEffect":{"type":"String","metadata":{"displayName":"Remote
+ debugging should be turned off for Web Application","description":"Enable
+ or disable the monitoring of remote debugging for Web App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppEnforceHttpsMonitoringEffectV2":{"type":"String","metadata":{"displayName":"API
+ App should only be accessible over HTTPS V2","description":"Enable or disable
+ the monitoring of the use of HTTPS in API App V2"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"identityEnableMFAForWritePermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled accounts with write permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with write permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"jitNetworkAccessMonitoringEffect":{"type":"String","metadata":{"displayName":"Just-In-Time
+ network access control should be applied on virtual machines","description":"Enable
+ or disable the monitoring of network just In time access"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled on accounts with owner permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with owner permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"kubernetesServiceRbacEnabledMonitoringEffect":{"type":"String","metadata":{"displayName":"Role-Based
+ Access Control (RBAC) should be used on Kubernetes Services","description":"Enable
+ or disable the monitoring of Kubernetes Services without RBAC enabled"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"restrictAccessToManagementPortsMonitoringEffect":{"type":"String","metadata":{"displayName":"Management
+ ports should be closed on your virtual machines","description":"Enable or
+ disable the monitoring of open management ports on Virtual Machines"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vmssOsVulnerabilitiesMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities
+ in security configuration on your virtual machine scale sets should be remediated","description":"Enable
+ or disable virtual machine scale sets OS vulnerabilities monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInEventHubMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Event Hub should be enabled","description":"Enable or disable the
+ monitoring of diagnostic logs in Event Hub accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInEventHubRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (in days) of logs in Event Hub accounts","description":"The required
+ diagnostic logs retention period in days"},"defaultValue":"365"},"vmssSystemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"System
+ updates on virtual machine scale sets should be installed","description":"Enable
+ or disable virtual machine scale sets reporting of system updates"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInServiceFabricMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Virtual Machine Scale Sets should be enabled","description":"Enable
+ or disable the monitoring of diagnostic logs in Service Fabric"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"systemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"System
+ updates should be installed on your machines","description":"Enable or disable
+ reporting of system updates"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"DeployAzureBaselineSecurityOptionsAccountsAccountsGuestAccountStatus":{"type":"String","metadata":{"displayName":"Accounts:
+ Guest account status","description":"Specifies whether the local Guest account
+ is disabled."},"defaultValue":"0"},"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"type":"String","metadata":{"displayName":"Recovery
+ console: Allow floppy copy and access to all drives and all folders","description":"Specifies
+ whether to make the Recovery Console SET command available, which allows setting
+ of recovery console environment variables."},"defaultValue":"0"},"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"type":"String","metadata":{"displayName":"Audit:
+ Shut down system immediately if unable to log security audits","description":"Audits
+ if the system will shut down when unable to log Security events."},"defaultValue":"0"},"DeployAzureBaselineSystemAuditPoliciesDetailedTrackingAuditProcessTermination":{"type":"String","metadata":{"displayName":"Audit
+ Process Termination","description":"Specifies whether audit events are generated
+ when a process has exited. Recommended for monitoring termination of critical
+ processes."},"allowedValues":["No Auditing","Success","Failure","Success and
+ Failure"],"defaultValue":"No Auditing"},"WindowsFirewallDomainUseProfileSettings":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Use profile settings","description":"Specifies whether
+ Windows Firewall with Advanced Security uses the settings for the Domain profile
+ to filter network traffic. If you select Off, Windows Firewall with Advanced
+ Security will not use any of the firewall rules or connection security rules
+ for this profile."},"defaultValue":"1"},"WindowsFirewallDomainBehaviorForOutboundConnections":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Behavior for outbound connections","description":"Specifies
+ the behavior for outbound connections for the Domain profile that do not match
+ an outbound firewall rule. The default value of 0 means to allow connections,
+ and a value of 1 means to block connections."},"defaultValue":"0"},"WindowsFirewallDomainApplyLocalConnectionSecurityRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Apply local connection security rules","description":"Specifies
+ whether local administrators are allowed to create connection security rules
+ that apply together with connection security rules configured by Group Policy
+ for the Domain profile."},"defaultValue":"1"},"WindowsFirewallDomainApplyLocalFirewallRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Apply local firewall rules","description":"Specifies whether
+ local administrators are allowed to create local firewall rules that apply
+ together with firewall rules configured by Group Policy for the Domain profile."},"defaultValue":"1"},"WindowsFirewallDomainDisplayNotifications":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Display notifications","description":"Specifies whether
+ Windows Firewall with Advanced Security displays notifications to the user
+ when a program is blocked from receiving inbound connections, for the Domain
+ profile."},"defaultValue":"1"},"WindowsFirewallPrivateUseProfileSettings":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Use profile settings","description":"Specifies whether
+ Windows Firewall with Advanced Security uses the settings for the Private
+ profile to filter network traffic. If you select Off, Windows Firewall with
+ Advanced Security will not use any of the firewall rules or connection security
+ rules for this profile."},"defaultValue":"1"},"WindowsFirewallPrivateBehaviorForOutboundConnections":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Behavior for outbound connections","description":"Specifies
+ the behavior for outbound connections for the Private profile that do not
+ match an outbound firewall rule. The default value of 0 means to allow connections,
+ and a value of 1 means to block connections."},"defaultValue":"0"},"WindowsFirewallPrivateApplyLocalConnectionSecurityRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Apply local connection security rules","description":"Specifies
+ whether local administrators are allowed to create connection security rules
+ that apply together with connection security rules configured by Group Policy
+ for the Private profile."},"defaultValue":"1"},"WindowsFirewallPrivateApplyLocalFirewallRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Apply local firewall rules","description":"Specifies whether
+ local administrators are allowed to create local firewall rules that apply
+ together with firewall rules configured by Group Policy for the Private profile."},"defaultValue":"1"},"WindowsFirewallPrivateDisplayNotifications":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Display notifications","description":"Specifies whether
+ Windows Firewall with Advanced Security displays notifications to the user
+ when a program is blocked from receiving inbound connections, for the Private
+ profile."},"defaultValue":"1"},"WindowsFirewallPublicUseProfileSettings":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Use profile settings","description":"Specifies whether
+ Windows Firewall with Advanced Security uses the settings for the Public profile
+ to filter network traffic. If you select Off, Windows Firewall with Advanced
+ Security will not use any of the firewall rules or connection security rules
+ for this profile."},"defaultValue":"1"},"WindowsFirewallPublicBehaviorForOutboundConnections":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Behavior for outbound connections","description":"Specifies
+ the behavior for outbound connections for the Public profile that do not match
+ an outbound firewall rule. The default value of 0 means to allow connections,
+ and a value of 1 means to block connections."},"defaultValue":"0"},"WindowsFirewallPublicApplyLocalConnectionSecurityRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Apply local connection security rules","description":"Specifies
+ whether local administrators are allowed to create connection security rules
+ that apply together with connection security rules configured by Group Policy
+ for the Public profile."},"defaultValue":"1"},"WindowsFirewallPublicApplyLocalFirewallRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Apply local firewall rules","description":"Specifies whether
+ local administrators are allowed to create local firewall rules that apply
+ together with firewall rules configured by Group Policy for the Public profile."},"defaultValue":"1"},"WindowsFirewallPublicDisplayNotifications":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Display notifications","description":"Specifies whether
+ Windows Firewall with Advanced Security displays notifications to the user
+ when a program is blocked from receiving inbound connections, for the Public
+ profile."},"defaultValue":"1"},"WindowsFirewallDomainAllowUnicastResponse":{"type":"String","metadata":{"displayName":"Windows
+ Firewall: Domain: Allow unicast response","description":"Specifies whether
+ Windows Firewall with Advanced Security permits the local computer to receive
+ unicast responses to its outgoing multicast or broadcast messages; for the
+ Domain profile."},"defaultValue":"0"},"WindowsFirewallPrivateAllowUnicastResponse":{"type":"String","metadata":{"displayName":"Windows
+ Firewall: Private: Allow unicast response","description":"Specifies whether
+ Windows Firewall with Advanced Security permits the local computer to receive
+ unicast responses to its outgoing multicast or broadcast messages; for the
+ Private profile."},"defaultValue":"0"},"WindowsFirewallPublicAllowUnicastResponse":{"type":"String","metadata":{"displayName":"Windows
+ Firewall: Public: Allow unicast response","description":"Specifies whether
+ Windows Firewall with Advanced Security permits the local computer to receive
+ unicast responses to its outgoing multicast or broadcast messages; for the
+ Public profile."},"defaultValue":"1"},"CertificateThumbprints":{"type":"String","metadata":{"displayName":"Certificate
+ thumbprints","description":"A semicolon-separated list of certificate thumbprints
+ that should exist under the Trusted Root certificate store (Cert:\\LocalMachine\\Root).
+ e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"DeploydefaultMicrosoftIaaSAntimalwareextensionforWindowsServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc","parameters":{}},{"policyDefinitionReferenceId":"diagnosticsLogsInBatchAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInBatchAccountMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInBatchAccountRetentionDays'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"RequireencryptiononDataLakeStoreaccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a","parameters":{}},{"policyDefinitionReferenceId":"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"AuditSQLTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"Deploy_InstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6","parameters":{"installedApplication":{"value":"[parameters(''installedApplicationsOnWindowsVM'')]"}}},{"policyDefinitionReferenceId":"Audit_InstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9","parameters":{}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21e2995e-683e-497a-9e81-2f42ad07050a","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/498b810c-59cd-4222-9338-352ba146ccf3","parameters":{"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"value":"[parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SystemAuditPoliciesAccountManagement","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/225e937e-d32e-4713-ab74-13ce95b3519a","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SystemAuditPoliciesAccountManagement","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29","parameters":{}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SystemAuditPoliciesDetailedTracking","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9a33475-481d-4b81-9116-0bf02ffe67e8","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SystemAuditPoliciesDetailedTracking","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/42a07bbf-ffcf-459a-b4b1-30ecd118a505","parameters":{"AuditProcessTermination":{"value":"[parameters(''DeployAzureBaselineSystemAuditPoliciesDetailedTrackingAuditProcessTermination'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInSearchServiceRetentionDays'')]"}}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsMicrosoftNetworkServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6fe4ef56-7576-4dc4-8e9c-26bad4b087ce","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsMicrosoftNetworkServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86880e5c-df35-43c5-95ad-7e120635775e","parameters":{}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_AdministrativeTemplatesNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7229bd6a-693d-478a-87f0-1dc1af06f3b8","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_AdministrativeTemplatesNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/985285b7-b97a-419c-8d48-c88cc934c8d8","parameters":{"EnableInsecureGuestLogons":{"value":"[parameters(''EnableInsecureGuestLogons'')]"},"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain":{"value":"[parameters(''AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain'')]"},"TurnOffMulticastNameResolution":{"value":"[parameters(''TurnOffMulticastNameResolution'')]"}}},{"policyDefinitionReferenceId":"Deploynetworkwatcherwhenvirtualnetworksarecreated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9","parameters":{}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_WindowsFirewallProperties","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8bbd627e-4d25-4906-9a6e-3789780af3ec","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_WindowsFirewallProperties","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/909c958d-1b99-4c74-b88f-46a5c5bc34f9","parameters":{"WindowsFirewallDomainUseProfileSettings":{"value":"[parameters(''WindowsFirewallDomainUseProfileSettings'')]"},"WindowsFirewallDomainBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallDomainBehaviorForOutboundConnections'')]"},"WindowsFirewallDomainApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallDomainApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalFirewallRules'')]"},"WindowsFirewallDomainDisplayNotifications":{"value":"[parameters(''WindowsFirewallDomainDisplayNotifications'')]"},"WindowsFirewallPrivateUseProfileSettings":{"value":"[parameters(''WindowsFirewallPrivateUseProfileSettings'')]"},"WindowsFirewallPrivateBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPrivateBehaviorForOutboundConnections'')]"},"WindowsFirewallPrivateApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallPrivateApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalFirewallRules'')]"},"WindowsFirewallPrivateDisplayNotifications":{"value":"[parameters(''WindowsFirewallPrivateDisplayNotifications'')]"},"WindowsFirewallPublicUseProfileSettings":{"value":"[parameters(''WindowsFirewallPublicUseProfileSettings'')]"},"WindowsFirewallPublicBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPublicBehaviorForOutboundConnections'')]"},"WindowsFirewallPublicApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallPublicApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalFirewallRules'')]"},"WindowsFirewallPublicDisplayNotifications":{"value":"[parameters(''WindowsFirewallPublicDisplayNotifications'')]"},"WindowsFirewallDomainAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallDomainAllowUnicastResponse'')]"},"WindowsFirewallPrivateAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPrivateAllowUnicastResponse'')]"},"WindowsFirewallPublicAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPublicAllowUnicastResponse'')]"}}},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''nextGenerationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''apiAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"classicComputeVMsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''classicComputeVMsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"DeployDiagnosticSettingsforNetworkSecurityGroups","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89","parameters":{"storagePrefix":{"value":"[parameters(''DeployDiagnosticSettingsforNetworkSecurityGroupsstoragePrefix'')]"},"rgName":{"value":"[parameters(''DeployDiagnosticSettingsforNetworkSecurityGroupsrgName'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsNetworkAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30040dab-4e75-4456-8273-14b8f75d91d9","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsNetworkAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f56a3ab2-89d1-44de-ac0d-2ada5962e22a","parameters":{"NetworkAccessRemotelyAccessibleRegistryPaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPaths'')]"},"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths'')]"},"NetworkAccessSharesThatCanBeAccessedAnonymously":{"value":"[parameters(''NetworkAccessSharesThatCanBeAccessedAnonymously'')]"}}},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''webAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"AuditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"Audit_WindowsCertificateInTrustedRoot","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b9ad83-000d-4dc1-bff0-6d54533dd03f","parameters":{}},{"policyDefinitionReferenceId":"Deploy_WindowsCertificateInTrustedRoot","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/106ccbe4-a791-4f33-a44a-06796944b8d5","parameters":{"CertificateThumbprints":{"value":"[parameters(''CertificateThumbprints'')]"}}},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''apiAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceRbacEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''kubernetesServiceRbacEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b872a447-cc6f-43b9-bccf-45703cd81607","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e5b81f87-9185-4224-bf00-9f505e9f89f3","parameters":{"AccountsGuestAccountStatus":{"value":"[parameters(''DeployAzureBaselineSecurityOptionsAccountsAccountsGuestAccountStatus'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToManagementPortsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{"effect":{"value":"[parameters(''restrictAccessToManagementPortsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInEventHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInEventHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceFabricMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsRecoveryconsole","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b"},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsRecoveryconsole","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b","parameters":{"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/a169a624-5599-4385-a696-c8d643089fab","type":"Microsoft.Authorization/policySetDefinitions","name":"a169a624-5599-4385-a696-c8d643089fab"},{"properties":{"displayName":"Audit
Windows Server VMs on which Windows Serial Console is not enabled","policyType":"BuiltIn","description":"This
initiative deploys the policy requirements and audits Windows Server virtual
machines on which Windows Serial Console is not enabled. For more information
@@ -910,7 +1129,81 @@ interactions:
Analytics workspace ID for VM agent reporting"}},"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"List
of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"listOfMembersToExcludeFromWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"List
of users excluded from Windows VM Administrators group"}},"listOfMembersToIncludeInWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"List
- of users that must be included in Windows VM Administrators group"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditCORSResourceAccessRestrictionsForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentMImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVMSSVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceforVMPreviewReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdforVMreporting'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditMaximumNumberOfOwnersForASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditMinimumNumberOfOwnersForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"PreviewAudiThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVMDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorVMVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"AuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de","parameters":{}},{"policyDefinitionReferenceId":"AuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a","parameters":{}},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingsScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{}},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","parameters":{"MembersToExclude":{"value":"[parameters(''listOfMembersToExcludeFromWindowsVMAdministratorsGroup'')]"}}},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","parameters":{"MembersToInclude":{"value":"[parameters(''listOfMembersToIncludeInWindowsVMAdministratorsGroup'')]"}}},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{}},{"policyDefinitionReferenceId":"TheNsGsRulesForWebApplicationsOnIaaSShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f","type":"Microsoft.Authorization/policySetDefinitions","name":"cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f"},{"properties":{"displayName":"[Preview]:
+ of users that must be included in Windows VM Administrators group"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(2)"]},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"PreviewAuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewAuditCORSResourceAccessRestrictionsForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4"]},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentMImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVMSSVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceforVMPreviewReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdforVMreporting'')]"}},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditMaximumNumberOfOwnersForASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"PreviewAuditMinimumNumberOfOwnersForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-5"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAudiThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3","NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3","NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(2)","NIST_SP_800-53_R4_CM-7(5)","NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"PreviewMonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)","NIST_SP_800-53_R4_SC-7(3)","NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVMDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"PreviewMonitorVMVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}},"groupNames":["NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-16","NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SC-28(1)","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-16","NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SC-28(1)","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"AuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"AuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingsScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)","NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","parameters":{"MembersToExclude":{"value":"[parameters(''listOfMembersToExcludeFromWindowsVMAdministratorsGroup'')]"}},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","parameters":{"MembersToInclude":{"value":"[parameters(''listOfMembersToIncludeInWindowsVMAdministratorsGroup'')]"}},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"TheNsGsRulesForWebApplicationsOnIaaSShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1000","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ef3cc79-733e-48ed-ab6f-7bf439e9b406","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-1"]},{"policyDefinitionReferenceId":"ACF1001","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e26f8c3-4bf3-4191-b8fc-d888805101b7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-1"]},{"policyDefinitionReferenceId":"ACF1002","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/632024c2-8079-439d-a7f6-90af1d78cc65","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1003","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b68b179-3704-4ff7-b51d-7d65374d165d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1004","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c17822dc-736f-4eb4-a97d-e6be662ff835","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1005","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b626abc-26d4-4e22-9de8-3831818526b1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1006","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aae8d54c-4bce-4c04-b3aa-5b65b67caac8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1007","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17200329-bf6c-46d8-ac6d-abf4641c2add","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1008","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8356cfc6-507a-4d20-b818-08038011cd07","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1009","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b26f8610-e615-47c2-abd6-c00b2b0b503a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1010","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/784663a8-1eb0-418a-a98c-24d19bc1bb62","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1011","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7e6a54f3-883f-43d5-87c4-172dfd64a1f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1012","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/efd7b9ae-1db6-4eb6-b0fe-87e6565f9738","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1013","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fd7b917-d83b-4379-af60-51e14e316c61","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(1)"]},{"policyDefinitionReferenceId":"ACF1014","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5dee936c-8037-4df1-ab35-6635733da48c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(2)"]},{"policyDefinitionReferenceId":"ACF1015","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/544a208a-9c3f-40bc-b1d1-d7e144495c14","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(3)"]},{"policyDefinitionReferenceId":"ACF1016","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d8b43277-512e-40c3-ab00-14b3b6e72238","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(4)"]},{"policyDefinitionReferenceId":"ACF1017","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0fc3db37-e59a-48c1-84e9-1780cedb409e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(5)"]},{"policyDefinitionReferenceId":"ACF1018","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9121abf-e698-4ee9-b1cf-71ee528ff07f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1019","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a3ee9b2-3977-459c-b8ce-2db583abd9f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1020","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b291ee8-3140-4cad-beb7-568c077c78ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1021","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a3eb0a3-428d-4669-baff-20a14eb4b551","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(9)"]},{"policyDefinitionReferenceId":"ACF1022","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/411f7e2d-9a0b-4627-a0b9-1700432db47d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(10)"]},{"policyDefinitionReferenceId":"ACF1023","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e55698b6-3dea-4aa9-99b9-d8218c6ab6e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(11)"]},{"policyDefinitionReferenceId":"ACF1024","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84914fb4-12da-4c53-a341-a9fd463bed10","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)"]},{"policyDefinitionReferenceId":"ACF1025","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/adfe020d-0a97-45f4-a39c-696ef99f3a95","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)"]},{"policyDefinitionReferenceId":"ACF1026","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/55419419-c597-4cd4-b51e-009fd2266783","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(13)"]},{"policyDefinitionReferenceId":"ACF1027","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-3"]},{"policyDefinitionReferenceId":"ACF1028","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f171df5c-921b-41e9-b12b-50801c315475","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4"]},{"policyDefinitionReferenceId":"ACF1029","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4(8)"]},{"policyDefinitionReferenceId":"ACF1030","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d3531453-b869-4606-9122-29c1cd6e7ed1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4(21)"]},{"policyDefinitionReferenceId":"ACF1031","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b93a801-fe25-4574-a60d-cb22acffae00","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1032","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa85661-d618-46b8-a20f-ca40a86f0751","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1033","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48540f01-fc11-411a-b160-42807c68896e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1034","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02a5ed00-6d2e-4e97-9a98-46c32c057329","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6"]},{"policyDefinitionReferenceId":"ACF1035","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ca94b046-45e2-444f-a862-dc8ce262a516","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(1)"]},{"policyDefinitionReferenceId":"ACF1036","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a16d673-8cf0-4dcf-b1d5-9b3e114fef71","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(2)"]},{"policyDefinitionReferenceId":"ACF1037","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa4c2a3d-1294-41a3-9ada-0e540471e9fb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(3)"]},{"policyDefinitionReferenceId":"ACF1038","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26692e88-71b7-4a5f-a8ac-9f31dd05bd8e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(5)"]},{"policyDefinitionReferenceId":"ACF1039","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3a7b9de4-a8a2-4672-914d-c5f6752aa7f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"ACF1040","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/54205576-cec9-463f-ba44-b4b3f5d0a84c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"ACF1041","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b3d8d15b-627a-4219-8c96-4d16f788888b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(8)"]},{"policyDefinitionReferenceId":"ACF1042","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/319dc4f0-0fed-4ac9-8fc3-7aeddee82c07","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(9)"]},{"policyDefinitionReferenceId":"ACF1043","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/361a77f6-0f9c-4748-8eec-bc13aaaa2455","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(10)"]},{"policyDefinitionReferenceId":"ACF1044","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0abbac52-57cf-450d-8408-1208d0dd9e90","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7"]},{"policyDefinitionReferenceId":"ACF1045","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/554d2dd6-f3a8-4ad5-b66f-5ce23bd18892","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7"]},{"policyDefinitionReferenceId":"ACF1046","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b1aa965-7502-41f9-92be-3e2fe7cc392a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7(2)"]},{"policyDefinitionReferenceId":"ACF1047","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1048","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/483e7ca9-82b3-45a2-be97-b93163a0deb7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1049","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9adf7ba7-900a-4f35-8d57-9f34aafc405c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1050","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd20184c-b4ec-4ce5-8db6-6e86352d183f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-10"]},{"policyDefinitionReferenceId":"ACF1051","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7cac6ee9-b58b-40c8-a5ce-f0efc3d9b339","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11"]},{"policyDefinitionReferenceId":"ACF1052","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/027cae1c-ec3e-4492-9036-4168d540c42a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11"]},{"policyDefinitionReferenceId":"ACF1053","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7582b19c-9dba-438e-aed8-ede59ac35ba3","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11(1)"]},{"policyDefinitionReferenceId":"ACF1054","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5807e1b4-ba5e-4718-8689-a0ca05a191b2","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12"]},{"policyDefinitionReferenceId":"ACF1055","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/769efd9b-3587-4e22-90ce-65ddcd5bd969","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12(1)"]},{"policyDefinitionReferenceId":"ACF1056","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac43352f-df83-4694-8738-cfce549fd08d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12(1)"]},{"policyDefinitionReferenceId":"ACF1057","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/78255758-6d45-4bf0-a005-7016bc03b13c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-14"]},{"policyDefinitionReferenceId":"ACF1058","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/76e85d08-8fbb-4112-a1c1-93521e6a9254","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-14"]},{"policyDefinitionReferenceId":"ACF1059","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a29b5d9f-4953-4afe-b560-203a6410b6b4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17"]},{"policyDefinitionReferenceId":"ACF1060","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34a987fd-2003-45de-a120-014956581f2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17"]},{"policyDefinitionReferenceId":"ACF1061","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ac22808-a2e8-41c4-9d46-429b50738914","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"ACF1062","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4708723f-e099-4af1-bbf9-b6df7642e444","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(2)"]},{"policyDefinitionReferenceId":"ACF1063","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/593ce201-54b2-4dd0-b34f-c308005d7780","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(3)"]},{"policyDefinitionReferenceId":"ACF1064","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb4d9508-cbf0-4a3c-bb5c-6c95b159f3fb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(4)"]},{"policyDefinitionReferenceId":"ACF1065","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f87b8085-dca9-4cf1-8f7b-9822b997797c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(4)"]},{"policyDefinitionReferenceId":"ACF1066","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4455c2e8-c65d-4acf-895e-304916f90b36","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(9)"]},{"policyDefinitionReferenceId":"ACF1067","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c5e54f6-0127-44d0-8b61-f31dc8dd6190","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18"]},{"policyDefinitionReferenceId":"ACF1068","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d045bca-a0fd-452e-9f41-4ec33769717c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18"]},{"policyDefinitionReferenceId":"ACF1069","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/91c97b44-791e-46e9-bad7-ab7c4949edbb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(1)"]},{"policyDefinitionReferenceId":"ACF1070","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68f837d0-8942-4b1e-9b31-be78b247bda8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(3)"]},{"policyDefinitionReferenceId":"ACF1071","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a437f5b-9ad6-4f28-8861-de404d511ae4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(4)"]},{"policyDefinitionReferenceId":"ACF1072","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1ca29e41-34ec-4e70-aba9-6248aca18c31","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(5)"]},{"policyDefinitionReferenceId":"ACF1073","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ab55cdb0-c7dd-4bd8-ae22-a7cea7594e9c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19"]},{"policyDefinitionReferenceId":"ACF1074","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/27a69937-af92-4198-9b86-08d355c7e59a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19"]},{"policyDefinitionReferenceId":"ACF1075","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fc933d22-04df-48ed-8f87-22a3773d4309","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19(5)"]},{"policyDefinitionReferenceId":"ACF1076","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/98a4bd5f-6436-46d4-ad00-930b5b1dfed4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20"]},{"policyDefinitionReferenceId":"ACF1077","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2dad3668-797a-412e-a798-07d3849a7a79","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20"]},{"policyDefinitionReferenceId":"ACF1078","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b25faf85-8a16-4f28-8e15-d05c0072d64d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(1)"]},{"policyDefinitionReferenceId":"ACF1079","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/85c32733-7d23-4948-88da-058e2c56b60f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(1)"]},{"policyDefinitionReferenceId":"ACF1080","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/852981b4-a380-4704-aa1e-2e52d63445e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(2)"]},{"policyDefinitionReferenceId":"ACF1081","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3867f2a9-23bb-4729-851f-c3ad98580caf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-21"]},{"policyDefinitionReferenceId":"ACF1082","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24d480ef-11a0-4b1b-8e70-4e023bf2be23","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-21"]},{"policyDefinitionReferenceId":"ACF1083","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e319cb6-2ca3-4a58-ad75-e67f484e50ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1084","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d0eb15db-dd1c-4d1d-b200-b12dd6cd060c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1085","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13d117e0-38b0-4bbb-aaab-563be5dd10ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1086","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb321e6f-16a0-4be3-878f-500956e309c5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1087","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/100c82ba-42e9-4d44-a2ba-94b209248583","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-1"]},{"policyDefinitionReferenceId":"ACF1088","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d50f99d-1356-49c0-934a-45f742ba7783","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-1"]},{"policyDefinitionReferenceId":"ACF1089","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef080e67-0d1a-4f76-a0c5-fb9b0358485e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1090","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2fb740e5-cbc7-4d10-8686-d1bf826652b1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1091","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b23bd715-5d1c-4e5c-9759-9cbdf79ded9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1092","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8a29d47b-8604-4667-84ef-90d203fcb305","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2(2)"]},{"policyDefinitionReferenceId":"ACF1093","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a0bdeeb-15f4-47e8-a1da-9f769f845fdf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1094","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4b1853e0-8973-446b-b567-09d901d31a09","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1095","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc3f6f7a-057b-433e-9834-e8c97b0194f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1096","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/420c1477-aa43-49d0-bd7e-c4abdd9addff","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3(3)"]},{"policyDefinitionReferenceId":"ACF1097","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf3e4836-f19e-47eb-a8cd-c3ca150452c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3(4)"]},{"policyDefinitionReferenceId":"ACF1098","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84363adb-dde3-411a-9fc1-36b56737f822","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-4"]},{"policyDefinitionReferenceId":"ACF1099","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01910bab-8639-4bd0-84ef-cc53b24d79ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-4"]},{"policyDefinitionReferenceId":"ACF1100","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4057863c-ca7d-47eb-b1e0-503580cba8a4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-1"]},{"policyDefinitionReferenceId":"ACF1101","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7327b708-f0e0-457d-9d2a-527fcc9c9a65","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-1"]},{"policyDefinitionReferenceId":"ACF1102","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9943c16a-c54c-4b4a-ad28-bfd938cdbf57","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1103","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16feeb31-6377-437e-bbab-d7f73911896d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1104","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdd8d244-18b2-4306-a1d1-df175ae0935f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1105","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b73f57b-587d-4470-a344-0b0ae805f459","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1106","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d2b4feae-61ab-423f-a4c5-0e38ac4464d8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2(3)"]},{"policyDefinitionReferenceId":"ACF1107","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b29ed931-8e21-4779-8458-27916122a904","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3"]},{"policyDefinitionReferenceId":"ACF1108","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9ad559e-c12d-415e-9a78-e50fdd7da7ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(1)"]},{"policyDefinitionReferenceId":"ACF1109","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7d9ffa23-ad92-4d0d-b1f4-7db274cc2aec","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)"]},{"policyDefinitionReferenceId":"ACF1110","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6182bfa7-0f2a-43f5-834a-a2ddf31c13c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-4"]},{"policyDefinitionReferenceId":"ACF1111","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21de687c-f15e-4e51-bf8d-f35c8619965b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5"]},{"policyDefinitionReferenceId":"ACF1112","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d530aad8-4ee2-45f4-b234-c061dae683c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5"]},{"policyDefinitionReferenceId":"ACF1113","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/562afd61-56be-4313-8fe4-b9564aa4ba7d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5(1)"]},{"policyDefinitionReferenceId":"ACF1114","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c090801-59bc-4454-bb33-e0455133486a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5(2)"]},{"policyDefinitionReferenceId":"ACF1115","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b653845-2ad9-4e09-a4f3-5a7c1d78353d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6"]},{"policyDefinitionReferenceId":"ACF1116","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e47bc51-35d1-44b8-92af-e2f2d8b67635","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6"]},{"policyDefinitionReferenceId":"ACF1117","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7fbfe680-6dbb-4037-963c-a621c5635902","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(1)"]},{"policyDefinitionReferenceId":"ACF1118","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a96f743d-a195-420d-983a-08aa06bc441e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(3)"]},{"policyDefinitionReferenceId":"ACF1119","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/845f6359-b764-4b40-b579-657aefe23c44","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(4)"]},{"policyDefinitionReferenceId":"ACF1120","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c69b870e-857b-458b-af02-bb234f7a00d3","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(5)"]},{"policyDefinitionReferenceId":"ACF1121","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c72b0eb9-1fc2-44e5-a866-e7cb0532f7c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(6)"]},{"policyDefinitionReferenceId":"ACF1122","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/243ec95e-800c-49d4-ba52-1fdd9f6b8b57","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(7)"]},{"policyDefinitionReferenceId":"ACF1123","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03996055-37a4-45a5-8b70-3f1caa45f87d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(10)"]},{"policyDefinitionReferenceId":"ACF1124","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c10152dd-78f8-4335-ae2d-ad92cc028da4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7"]},{"policyDefinitionReferenceId":"ACF1125","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c6ce745a-670e-47d3-a6c4-3cfe5ef00c10","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7"]},{"policyDefinitionReferenceId":"ACF1126","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f37f71b-420f-49bf-9477-9c0196974ecf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7(1)"]},{"policyDefinitionReferenceId":"ACF1127","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3ce328db-aef3-48ed-9f81-2ab7cf839c66","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8"]},{"policyDefinitionReferenceId":"ACF1128","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef212163-3bc4-4e86-bcf8-705127086393","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8"]},{"policyDefinitionReferenceId":"ACF1129","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/71bb965d-4047-4623-afd4-b8189a58df5d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8(1)"]},{"policyDefinitionReferenceId":"ACF1130","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd7c4c1d-51ee-4349-9dab-89a7f8c8d102","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8(1)"]},{"policyDefinitionReferenceId":"ACF1131","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b472a17e-c2bc-493f-b50b-42d55a346962","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9"]},{"policyDefinitionReferenceId":"ACF1132","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05938e10-cdbd-4a54-9b2b-1cbcfc141ad0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(2)"]},{"policyDefinitionReferenceId":"ACF1133","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90b60a09-133d-45bc-86ef-b206a6134bbe","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(3)"]},{"policyDefinitionReferenceId":"ACF1134","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e95f70e-181c-4422-9da2-43079710c789","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(4)"]},{"policyDefinitionReferenceId":"ACF1135","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9c308b6b-2429-4b97-86cf-081b8e737b04","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-10"]},{"policyDefinitionReferenceId":"ACF1136","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/97ed5bac-a92f-4f6d-a8ed-dc094723597c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-11"]},{"policyDefinitionReferenceId":"ACF1137","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4344df62-88ab-4637-b97b-bcaf2ec97e7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1138","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9c284fc0-268a-4f29-af44-3c126674edb4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1139","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ed62522-de00-4dda-9810-5205733d2f34","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1140","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90d8b8ad-8ee3-4db7-913f-2a53fcff5316","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12(1)"]},{"policyDefinitionReferenceId":"ACF1141","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6fdefbf4-93e7-4513-bc95-c1858b7093e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12(3)"]},{"policyDefinitionReferenceId":"ACF1142","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01524fa8-4555-48ce-ba5f-c3b8dcef5147","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-1"]},{"policyDefinitionReferenceId":"ACF1143","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c6de11b-5f51-4f7c-8d83-d2467c8a816e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-1"]},{"policyDefinitionReferenceId":"ACF1144","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2fa15ff1-a693-4ee4-b094-324818dc9a51","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1145","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0724970-9c75-4a64-a225-a28002953f28","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1146","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd83410c-ecb6-4547-8f14-748c3cbdc7ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1147","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fef824a-29a8-4a4c-88fc-420a39c0d541","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1148","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28e62650-c7c2-4786-bdfa-17edc1673902","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(1)"]},{"policyDefinitionReferenceId":"ACF1149","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2e1b855b-a013-481a-aeeb-2bcb129fd35d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(2)"]},{"policyDefinitionReferenceId":"ACF1150","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d630429d-e763-40b1-8fba-d20ba7314afb","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(3)"]},{"policyDefinitionReferenceId":"ACF1151","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/347e3b69-7fb7-47df-a8ef-71a1a7b44bca","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1152","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/beff0acf-7e67-40b2-b1ca-1a0e8205cf1b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1153","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/61cf3125-142c-4754-8a16-41ab4d529635","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1154","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e757ceb9-93b3-45fe-a4f4-f43f64f1ac5a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3(3)"]},{"policyDefinitionReferenceId":"ACF1155","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d33f9f1-12d0-46ad-9fbd-8f8046694977","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3(5)"]},{"policyDefinitionReferenceId":"ACF1156","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d52e864-9a3b-41ee-8f03-520815fe5378","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-5"]},{"policyDefinitionReferenceId":"ACF1157","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/15495367-cf68-464c-bbc3-f53ca5227b7a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-5"]},{"policyDefinitionReferenceId":"ACF1158","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fff50cf2-28eb-45b4-b378-c99412688907","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1159","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0925f098-7877-450b-8ba4-d1e55f2d8795","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1160","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3e797ca6-2aa8-4333-b335-7036f1110c05","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1161","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2f8f6c6-dde4-436b-a79d-bc50e129eb3a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1162","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1163","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/961663a1-8a91-4e59-b6f5-1eee57c0f49c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1164","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0fb8d3ce-9e96-481c-9c68-88d4e3019310","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1165","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47e10916-6c9e-446b-b0bd-ff5fd439d79d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1166","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bb02733d-3cc5-4bb0-a6cd-695ba2c2272e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1167","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cbb2be76-4891-430b-95a7-ca0b0a3d1300","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1168","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82409f9e-1f32-4775-bf07-b99d53a91b06","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7(1)"]},{"policyDefinitionReferenceId":"ACF1169","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e7ba2cb3-5675-4468-8b50-8486bdd998a5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7(3)"]},{"policyDefinitionReferenceId":"ACF1170","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8b78b9b3-ee3c-48e0-a243-ed6dba5b7a12","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-8"]},{"policyDefinitionReferenceId":"ACF1171","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d4820bc-8b61-4982-9501-2123cb776c00","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-8(1)"]},{"policyDefinitionReferenceId":"ACF1172","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b43e946e-a4c8-4b92-8201-4a39331db43c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-9"]},{"policyDefinitionReferenceId":"ACF1173","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4aff9e7-2e60-46fa-86be-506b79033fc5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-9"]},{"policyDefinitionReferenceId":"ACF1174","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/42a9a714-8fbb-43ac-b115-ea12d2bd652f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-1"]},{"policyDefinitionReferenceId":"ACF1175","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6dab4254-c30d-4bb7-ae99-1d21586c063c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-1"]},{"policyDefinitionReferenceId":"ACF1176","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c30690a5-7bf3-467f-b0cd-ef5c7c7449cd","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2"]},{"policyDefinitionReferenceId":"ACF1177","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1178","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7818b8f4-47c6-441a-90ae-12ce04e99893","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1179","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3f9ce557-c8ab-4e6c-bb2c-9b8ed002c46c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1180","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/874e7880-a067-42a7-bcbe-1a340f54c8cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(2)"]},{"policyDefinitionReferenceId":"ACF1181","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21839937-d241-4fa5-95c6-b669253d9ab9","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(3)"]},{"policyDefinitionReferenceId":"ACF1182","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f34f554-da4b-4786-8d66-7915c90893da","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(7)"]},{"policyDefinitionReferenceId":"ACF1183","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5352e3e0-e63a-452e-9e5f-9c1d181cff9c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(7)"]},{"policyDefinitionReferenceId":"ACF1184","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13579d0e-0ab0-4b26-b0fb-d586f6d7ed20","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1185","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6420cd73-b939-43b7-9d99-e8688fea053c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1186","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b95ba3bd-4ded-49ea-9d10-c6f4b680813d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1187","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9f2b2f9e-4ba6-46c3-907f-66db138b6f85","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1188","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bb20548a-c926-4e4d-855c-bcddc6faf95e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1189","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ee45e02a-4140-416c-82c4-fecfea660b9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1190","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c66a3d1e-465b-4f28-9da5-aef701b59892","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1191","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f26a61b-a74d-467c-99cf-63644db144f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1192","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ebd97f7-b105-4f50-8daf-c51465991240","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1193","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f5fd629f-3075-4cae-ab53-bad65495a4ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1194","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc34667f-397e-4a65-9b72-d0358f0b6b09","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1195","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d1e1d65c-1013-4484-bd54-991332e6a0d2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1196","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e7f4ea4-dd62-44f6-8886-ac6137cf52b0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1197","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a20d2eaa-88e2-4907-96a2-8f3a05797e5c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(2)"]},{"policyDefinitionReferenceId":"ACF1198","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f56be5c3-660b-4c61-9078-f67cf072c356","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(4)"]},{"policyDefinitionReferenceId":"ACF1199","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9a08d1c-09b1-48f1-90ea-029bbdf7111e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(6)"]},{"policyDefinitionReferenceId":"ACF1200","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e98fe9d7-2ed3-44f8-93b7-24dca69783ff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-4"]},{"policyDefinitionReferenceId":"ACF1201","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7daef997-fdd3-461b-8807-a608a6dd70f1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-4(1)"]},{"policyDefinitionReferenceId":"ACF1202","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40a2a83b-74f2-4c02-ae65-f460a5d2792a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5"]},{"policyDefinitionReferenceId":"ACF1203","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9012d14-e3e6-4d7b-b926-9f37b5537066","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(1)"]},{"policyDefinitionReferenceId":"ACF1204","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f4f6750-d1ab-4a4c-8dfd-af3237682665","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(2)"]},{"policyDefinitionReferenceId":"ACF1205","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b070cab-0fb8-4e48-ad29-fc90b4c2797c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(3)"]},{"policyDefinitionReferenceId":"ACF1206","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e0de232d-02a0-4652-872d-88afb4ae5e91","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(5)"]},{"policyDefinitionReferenceId":"ACF1207","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8713a0ed-0d1e-4d10-be82-83dffb39830e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(5)"]},{"policyDefinitionReferenceId":"ACF1208","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5ea87673-d06b-456f-a324-8abcee5c159f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1209","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ce669c31-9103-4552-ae9c-cdef4e03580d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1210","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3502c968-c490-4570-8167-1476f955e9b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1211","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a8b9dc8-6b00-4701-aa96-bba3277ebf50","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1212","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/56d970ee-4efc-49c8-8a4e-5916940d784c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6(1)"]},{"policyDefinitionReferenceId":"ACF1213","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/81f11e32-a293-4a58-82cd-134af52e2318","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6(2)"]},{"policyDefinitionReferenceId":"ACF1214","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f714a4e2-b580-47b6-ae8c-f2812d3750f3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7"]},{"policyDefinitionReferenceId":"ACF1215","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88fc93e8-4745-4785-b5a5-b44bb92c44ff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7"]},{"policyDefinitionReferenceId":"ACF1216","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7894fe6a-f5cb-44c8-ba90-c3f254ff9484","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(1)"]},{"policyDefinitionReferenceId":"ACF1217","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/edea4f20-b02c-4115-be75-86c080e5c0ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(1)"]},{"policyDefinitionReferenceId":"ACF1218","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4a1d0394-b9f5-493e-9e83-563fd0ac4df8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(2)"]},{"policyDefinitionReferenceId":"ACF1219","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2a39ac75-622b-4c88-9a3f-45b7373f7ef7","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1220","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40f31a7-81e1-4130-99e5-a02ceea2a1d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1221","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22589a07-0007-486a-86ca-95355081ae2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1222","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb39e62f-6bda-4558-8088-ec03d5670914","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8"]},{"policyDefinitionReferenceId":"ACF1223","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8"]},{"policyDefinitionReferenceId":"ACF1224","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28cfa30b-7f72-47ce-ba3b-eed26c8d2c82","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(1)"]},{"policyDefinitionReferenceId":"ACF1225","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8d096fe0-f510-4486-8b4d-d17dc230980b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(2)"]},{"policyDefinitionReferenceId":"ACF1226","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c158eb1c-ae7e-4081-8057-d527140c4e0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(3)"]},{"policyDefinitionReferenceId":"ACF1227","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03b78f5e-4877-4303-b0f4-eb6583f25768","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(3)"]},{"policyDefinitionReferenceId":"ACF1228","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/39c54140-5902-4079-8bb5-ad31936fe764","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(4)"]},{"policyDefinitionReferenceId":"ACF1229","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03752212-103c-4ab8-a306-7e813022ca9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(5)"]},{"policyDefinitionReferenceId":"ACF1230","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/11158848-f679-4e9b-aa7b-9fb07d945071","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1231","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/244e0c05-cc45-4fe7-bf36-42dcf01f457d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1232","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/396ba986-eac1-4d6d-85c4-d3fda6b78272","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1233","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d79001f-95fe-45d0-8736-f217e78c1f57","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1234","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b293f881-361c-47ed-b997-bc4e2296bc0b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1235","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c49c610b-ece4-44b3-988c-2172b70d6e46","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1236","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ba3ed84-c768-4e18-b87c-34ef1aff1b57","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1237","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e80b6812-0bfa-4383-8223-cdd86a46a890","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10(1)"]},{"policyDefinitionReferenceId":"ACF1238","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1239","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0be51298-f643-4556-88af-d7db90794879","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1240","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/129eb39f-d79a-4503-84cd-92f036b5e429","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1241","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eca4d7b2-65e2-4e04-95d4-c68606b063c3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11(1)"]},{"policyDefinitionReferenceId":"ACF1242","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf3b3293-667a-445e-a722-fa0b0afc0958","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-1"]},{"policyDefinitionReferenceId":"ACF1243","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ca9a4469-d6df-4ab2-a42f-1213c396f0ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-1"]},{"policyDefinitionReferenceId":"ACF1244","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a13a8f8-c163-4b1b-8554-d63569dab937","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1245","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0e45314-57b8-4623-80cd-bbb561f59516","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1246","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/398eb61e-8111-40d5-a0c9-003df28f1753","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1247","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e666db5-b2ef-4b06-aac6-09bfce49151b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1248","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50fc602d-d8e0-444b-a039-ad138ee5deb0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1249","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d3bf4251-0818-42db-950b-afd5b25a51c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1250","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8de614d8-a8b7-4f70-a62a-6d37089a002c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1251","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e2b3730-8c14-4081-8893-19dbb5de7348","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(1)"]},{"policyDefinitionReferenceId":"ACF1252","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a328fd72-8ff5-4f96-8c9c-b30ed95db4ab","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(2)"]},{"policyDefinitionReferenceId":"ACF1253","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0afce0b3-dd9f-42bb-af28-1e4284ba8311","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(3)"]},{"policyDefinitionReferenceId":"ACF1254","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/704e136a-4fe0-427c-b829-cd69957f5d2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(4)"]},{"policyDefinitionReferenceId":"ACF1255","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3793f5e-937f-44f7-bfba-40647ef3efa0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(5)"]},{"policyDefinitionReferenceId":"ACF1256","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/232ab24b-810b-4640-9019-74a7d0d6a980","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(8)"]},{"policyDefinitionReferenceId":"ACF1257","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b958b241-4245-4bd6-bd2d-b8f0779fb543","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1258","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7814506c-382c-4d33-a142-249dd4a0dbff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1259","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d9e18f7-bad9-4d30-8806-a0c9d5e26208","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1260","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/42254fc4-2738-4128-9613-72aaa4f0d9c3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3(1)"]},{"policyDefinitionReferenceId":"ACF1261","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/65aeceb5-a59c-4cb1-8d82-9c474be5d431","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1262","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/831e510e-db41-4c72-888e-a0621ab62265","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1263","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41472613-3b05-49f6-8fe8-525af113ce17","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1264","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd280d4b-50a1-42fb-a479-ece5878acf19","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(1)"]},{"policyDefinitionReferenceId":"ACF1265","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a18adb5b-1db6-4a5b-901a-7d3797d12972","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(2)"]},{"policyDefinitionReferenceId":"ACF1266","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b4a3eb2-c25d-40bf-ad41-5094b6f59cee","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(2)"]},{"policyDefinitionReferenceId":"ACF1267","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e97ba1d-be5d-4953-8da4-0cccf28f4805","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6"]},{"policyDefinitionReferenceId":"ACF1268","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23f6e984-3053-4dfc-ab48-543b764781f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6"]},{"policyDefinitionReferenceId":"ACF1269","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/19b9439d-865d-4474-b17d-97d2702fdb66","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(1)"]},{"policyDefinitionReferenceId":"ACF1270","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53c76a39-2097-408a-b237-b279f7b4614d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(2)"]},{"policyDefinitionReferenceId":"ACF1271","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da3bfb53-9c46-4010-b3db-a7ba1296dada","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(3)"]},{"policyDefinitionReferenceId":"ACF1272","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1273","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e77fcbf2-a1e8-44f1-860e-ed6583761e65","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1274","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2aee175f-cd16-4825-939a-a85349d96210","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1275","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a23d9d53-ad2e-45ef-afd5-e6d10900a737","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(1)"]},{"policyDefinitionReferenceId":"ACF1276","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e214e563-1206-4a43-a56b-ac5880c9c571","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(2)"]},{"policyDefinitionReferenceId":"ACF1277","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dc43e829-3d50-4a0a-aa0f-428d551862aa","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(3)"]},{"policyDefinitionReferenceId":"ACF1278","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8e5ef485-9e16-4c53-a475-fbb8107eac59","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(4)"]},{"policyDefinitionReferenceId":"ACF1279","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8"]},{"policyDefinitionReferenceId":"ACF1280","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa108498-b3a8-4ffb-9e79-1107e76afad3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(1)"]},{"policyDefinitionReferenceId":"ACF1281","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8dc459b3-0e77-45af-8d71-cfd8c9654fe2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(1)"]},{"policyDefinitionReferenceId":"ACF1282","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34042a97-ec6d-4263-93d2-8c1c46823b2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(2)"]},{"policyDefinitionReferenceId":"ACF1283","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9172e76-7f56-46e9-93bf-75d69bdb5491","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(3)"]},{"policyDefinitionReferenceId":"ACF1284","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/942b3e97-6ae3-410e-a794-c9c999b97c0b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1285","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01f7726b-db54-45c2-bcb5-9bd7a43796ee","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1286","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4f9b47a-2116-4e6f-88db-4edbf22753f1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1287","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/819dc6da-289d-476e-8500-7e341ef8677d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1288","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1289","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a724864-956a-496c-b778-637cb1d762cf","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1290","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/92f85ce9-17b7-49ea-85ee-ea7271ea6b82","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1291","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(1)"]},{"policyDefinitionReferenceId":"ACF1292","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d03516cf-0293-489f-9b32-a18f2a79f836","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(2)"]},{"policyDefinitionReferenceId":"ACF1293","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/87f7cd82-2e45-4d0f-9e2f-586b0962d142","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(3)"]},{"policyDefinitionReferenceId":"ACF1294","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/49dbe627-2c1e-438c-979e-dd7a39bbf81d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(5)"]},{"policyDefinitionReferenceId":"ACF1295","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a895fbdb-204d-4302-9689-0a59dc42b3d9","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10"]},{"policyDefinitionReferenceId":"ACF1296","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e57b98a0-a011-4956-a79d-5d17ed8b8e48","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10(2)"]},{"policyDefinitionReferenceId":"ACF1297","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93fd8af1-c161-4bae-9ba9-f62731f76439","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10(4)"]},{"policyDefinitionReferenceId":"ACF1298","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1dc784b5-4895-4d27-9d40-a06b032bd1ee","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-1"]},{"policyDefinitionReferenceId":"ACF1299","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd4e54f7-9ab0-4bae-b6cc-457809948a89","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-1"]},{"policyDefinitionReferenceId":"ACF1300","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/99deec7d-5526-472e-b07c-3645a792026a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2"]},{"policyDefinitionReferenceId":"ACF1301","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"ACF1302","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09828c65-e323-422b-9774-9d5c646124da","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(2)"]},{"policyDefinitionReferenceId":"ACF1303","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/80ca0a27-918a-4604-af9e-723a27ee51e8","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(3)"]},{"policyDefinitionReferenceId":"ACF1304","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(4)"]},{"policyDefinitionReferenceId":"ACF1305","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d9166a8-1722-4b8f-847c-2cf3f2618b3d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(5)"]},{"policyDefinitionReferenceId":"ACF1306","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(8)"]},{"policyDefinitionReferenceId":"ACF1307","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84e622c8-4bed-417c-84c6-b2fb0dd73682","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(9)"]},{"policyDefinitionReferenceId":"ACF1308","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/81817e1c-5347-48dd-965a-40159d008229","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(11)"]},{"policyDefinitionReferenceId":"ACF1309","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f355d62b-39a8-4ba3-abf7-90f71cb3b000","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(12)"]},{"policyDefinitionReferenceId":"ACF1310","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/450d7ede-823d-4931-a99d-57f6a38807dc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-3"]},{"policyDefinitionReferenceId":"ACF1311","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e7568697-0c9e-4ea3-9cec-9e567d14f3c6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1312","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d6a5968-9eef-4c18-8534-376790ab7274","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1313","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36220f5b-79a1-4cdb-8c74-2d2449f9a510","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1314","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef0c8530-efd9-45b8-b753-f03083d06295","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1315","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3aa87116-f1a1-4edb-bfbf-14e036f8d454","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1316","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ce14753-66e5-465d-9841-26ef55c09c0d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4(4)"]},{"policyDefinitionReferenceId":"ACF1317","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8877f519-c166-47b7-81b7-8a8eb4ff3775","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1318","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fced5fda-3bdb-4d73-bfea-0e2c80428b66","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1319","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/66f7ae57-5560-4fc5-85c9-659f204e7a42","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1320","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6f54c732-71d4-4f93-a696-4e373eca3a77","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1321","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb627cc6-3a9d-46b5-96b7-5fca49178a37","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1322","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d1d971e-467e-4278-9633-c74c3d4fecc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1323","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abe8f70b-680f-470c-9b86-a7edfb664ecc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1324","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cfea2b3-7f77-497e-ac20-0752f2ff6eee","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1325","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1845796a-7581-49b2-ae20-443121538e19","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1326","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8605fc00-1bf5-4fb3-984e-c95cec4f231d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1327","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03188d8f-1ae5-4fe1-974d-2d7d32ef937d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1328","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f5c66fdc-3d02-4034-9db5-ba57802609de","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1329","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/498f6234-3e20-4b6a-a880-cbd646d973bd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1330","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f75cedb2-5def-4b31-973e-b69e8c7bd031","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1331","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05460fe2-301f-4ed1-8174-d62c8bb92ff4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1332","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/068260be-a5e6-4b0a-a430-cd27071c226a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1333","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3298d6bf-4bc6-4278-a95d-f7ef3ac6e594","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1334","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44bfdadc-8c2e-4c30-9c99-f005986fabcd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1335","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/382016f3-d4ba-4e15-9716-55077ec4dc2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1336","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/77f56280-e367-432a-a3b9-8ca2aa636a26","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1337","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/463e5220-3f79-4e24-a63f-343e4096cd22","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(3)"]},{"policyDefinitionReferenceId":"ACF1338","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6c59a207-6aed-41dc-83a2-e1ff66e4a4db","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(4)"]},{"policyDefinitionReferenceId":"ACF1339","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/367ae386-db7f-4167-b672-984ff86277c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(6)"]},{"policyDefinitionReferenceId":"ACF1340","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e51ff84b-e5ea-408f-b651-2ecc2933e4c6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(7)"]},{"policyDefinitionReferenceId":"ACF1341","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34cb7e92-fe4c-4826-b51e-8cd203fa5d35","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(8)"]},{"policyDefinitionReferenceId":"ACF1342","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/283a4e29-69d5-4c94-b99e-29acf003c899","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(11)"]},{"policyDefinitionReferenceId":"ACF1343","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c251a55-31eb-4e53-99c6-e9c43c393ac2","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(13)"]},{"policyDefinitionReferenceId":"ACF1344","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c895fe7-2d8e-43a2-838c-3a533a5b355e","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-6"]},{"policyDefinitionReferenceId":"ACF1345","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f86aa129-7c07-4aa4-bbf5-792d93ffd9ea","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-7"]},{"policyDefinitionReferenceId":"ACF1346","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/464dc8ce-2200-4720-87a5-dc5952924cc6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8"]},{"policyDefinitionReferenceId":"ACF1347","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/131a2706-61e9-4916-a164-00e052056462","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(1)"]},{"policyDefinitionReferenceId":"ACF1348","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/855ced56-417b-4d74-9d5f-dd1bc81e22d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(2)"]},{"policyDefinitionReferenceId":"ACF1349","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17641f70-94cd-4a5d-a613-3d1143e20e34","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(3)"]},{"policyDefinitionReferenceId":"ACF1350","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d77fd943-6ba6-4a21-ba07-22b03e347cc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(4)"]},{"policyDefinitionReferenceId":"ACF1351","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bcfb6683-05e5-4ce6-9723-c3fbe9896bdd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-1"]},{"policyDefinitionReferenceId":"ACF1352","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/518cb545-bfa8-43f8-a108-3b7d5037469a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-1"]},{"policyDefinitionReferenceId":"ACF1353","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c785ad59-f78f-44ad-9a7f-d1202318c748","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1354","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9fd92c17-163a-4511-bb96-bbb476449796","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1355","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90e01f69-3074-4de8-ade7-0fef3e7d83e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1356","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8829f8f5-e8be-441e-85c9-85b72a5d0ef3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2(1)"]},{"policyDefinitionReferenceId":"ACF1357","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e4213689-05e8-4241-9d4e-8dd1cdafd105","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2(2)"]},{"policyDefinitionReferenceId":"ACF1358","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/effbaeef-5bf4-400d-895e-ef8cbc0e64c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-3"]},{"policyDefinitionReferenceId":"ACF1359","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47bc7ea0-7d13-4f7c-a154-b903f7194253","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-3(2)"]},{"policyDefinitionReferenceId":"ACF1360","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/be5b05e7-0b82-4ebc-9eda-25e447b1a41e","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1361","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03ed3be1-7276-4452-9a5d-e4168565ac67","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1362","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5d169442-d6ef-439b-8dca-46c2c3248214","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1363","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea3e8156-89a1-45b1-8bd6-938abc79fdfd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(1)"]},{"policyDefinitionReferenceId":"ACF1364","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c615c2a-dc83-4dda-8220-abce7b50c9bc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(2)"]},{"policyDefinitionReferenceId":"ACF1365","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4116891d-72f7-46ee-911c-8056cc8dcbd5","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(3)"]},{"policyDefinitionReferenceId":"ACF1366","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06c45c30-ae44-4f0f-82be-41331da911cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(4)"]},{"policyDefinitionReferenceId":"ACF1367","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/435b2547-6374-4f87-b42d-6e8dbe6ae62a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(6)"]},{"policyDefinitionReferenceId":"ACF1368","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/465f32da-0ace-4603-8d1b-7be5a3a702de","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(8)"]},{"policyDefinitionReferenceId":"ACF1369","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/18cc35ed-a429-486d-8d59-cb47e87304ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-5"]},{"policyDefinitionReferenceId":"ACF1370","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/924e1b2d-c502-478f-bfdb-a7e09a0d5c01","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-5(1)"]},{"policyDefinitionReferenceId":"ACF1371","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9447f354-2c85-4700-93b3-ecdc6cb6a417","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6"]},{"policyDefinitionReferenceId":"ACF1372","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/25b96717-c912-4c00-9143-4e487f411726","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6"]},{"policyDefinitionReferenceId":"ACF1373","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4cca950f-c3b7-492a-8e8f-ea39663c14f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6(1)"]},{"policyDefinitionReferenceId":"ACF1374","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc5c8616-52ef-4e5e-8000-491634ed9249","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7"]},{"policyDefinitionReferenceId":"ACF1375","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/00379355-8932-4b52-b63a-3bc6daf3451a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(1)"]},{"policyDefinitionReferenceId":"ACF1376","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/493a95f3-f2e3-47d0-af02-65e6d6decc2f","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(2)"]},{"policyDefinitionReferenceId":"ACF1377","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68434bd1-e14b-4031-9edb-a4adf5f84a67","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(2)"]},{"policyDefinitionReferenceId":"ACF1378","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/97fceb70-6983-42d0-9331-18ad8253184d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1379","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9442dd2c-a07f-46cd-b55a-553b66ba47ca","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1380","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4319b7e-ea8d-42ff-8a67-ccd462972827","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1381","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e5368258-9684-4567-8126-269f34e65eab","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1382","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/841392b3-40da-4473-b328-4cde49db67b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1383","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d4558451-e16a-4d2d-a066-fe12a6282bb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1384","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/79fbc228-461c-4a45-9004-a865ca0728a7","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1385","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3e495e65-8663-49ca-9b38-9f45e800bc58","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1386","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5120193e-91fd-4f9d-bc6d-194f94734065","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1387","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3007185-3857-43a9-8237-06ca94f1084c","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1388","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c7c575a-d4c5-4f6f-bd49-dee97a8cba55","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1389","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c39e6fda-ae70-4891-a739-be7bba6d1062","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1390","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3b65b63-09ec-4cb5-8028-7dd324d10eb0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(1)"]},{"policyDefinitionReferenceId":"ACF1391","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd6ac1a1-660e-4810-baa8-74e868e2ed47","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(2)"]},{"policyDefinitionReferenceId":"ACF1392","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86dc819f-15e1-43f9-a271-41ae58d4cecc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(3)"]},{"policyDefinitionReferenceId":"ACF1393","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/731856d8-1598-4b75-92de-7d46235747c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(4)"]},{"policyDefinitionReferenceId":"ACF1394","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4db56f68-3f50-45ab-88f3-ca46f5379a94","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-1"]},{"policyDefinitionReferenceId":"ACF1395","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7207a023-a517-41c5-9df2-09d4c6845a05","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-1"]},{"policyDefinitionReferenceId":"ACF1396","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/276af98f-4ff9-4e69-99fb-c9b2452fb85f","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1397","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/391af4ab-1117-46b9-b2c7-78bbd5cd995b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1398","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/443e8f3d-b51a-45d8-95a7-18b0e42f4dc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1399","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2256e638-eb23-480f-9e15-6cf1af0a76b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1400","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a96d5098-a604-4cdf-90b1-ef6449a27424","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1401","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b78ee928-e3c1-4569-ad97-9f8c4b629847","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1402","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a560d32-8075-4fec-9615-9f7c853f4ea9","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2(2)"]},{"policyDefinitionReferenceId":"ACF1403","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/57149289-d52b-4f40-9fe6-5233c1ef80f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2(2)"]},{"policyDefinitionReferenceId":"ACF1404","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13d8f903-0cd6-449f-a172-50f6579c182b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3"]},{"policyDefinitionReferenceId":"ACF1405","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(1)"]},{"policyDefinitionReferenceId":"ACF1406","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0f5339c-9292-43aa-a0bc-d27c6b8e30aa","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(2)"]},{"policyDefinitionReferenceId":"ACF1407","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ff9fbd83-1d8d-4b41-aac2-94cb44b33976","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1408","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c5f56ac6-4bb2-4086-bc41-ad76344ba2c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1409","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d1880188-e51a-4772-b2ab-68f5e8bd27f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1410","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2596a9f-e59f-420d-9625-6e0b536348be","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1411","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/898d4fe8-f743-4333-86b7-0c9245d93e7d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1412","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3492d949-0dbb-4589-88b3-7b59601cc764","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1413","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeedddb6-6bc0-42d5-809b-80048033419d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1414","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ce63a52-e47b-4ae2-adbb-6e40d967f9e6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1415","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/61a1dd98-b259-4840-abd5-fbba7ee0da83","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1416","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/38dfd8a3-5290-4099-88b7-4081f4c4d8ae","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(2)"]},{"policyDefinitionReferenceId":"ACF1417","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7522ed84-70d5-4181-afc0-21e50b1b6d0e","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(3)"]},{"policyDefinitionReferenceId":"ACF1418","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28e633fd-284e-4ea7-88b4-02ca157ed713","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(3)"]},{"policyDefinitionReferenceId":"ACF1419","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6747bf9-2b97-45b8-b162-3c8becb9937d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(6)"]},{"policyDefinitionReferenceId":"ACF1420","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05ae08cc-a282-413b-90c7-21a2c60b8404","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1421","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e539caaa-da8c-41b8-9e1e-449851e2f7a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1422","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea556850-838d-4a37-8ce5-9d7642f95e11","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1423","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7741669e-d4f6-485a-83cb-e70ce7cbbc20","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5(1)"]},{"policyDefinitionReferenceId":"ACF1424","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf55fc87-48e1-4676-a2f8-d9a8cf993283","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5(1)"]},{"policyDefinitionReferenceId":"ACF1425","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5983d99c-f39b-4c32-a3dc-170f19f6941b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-6"]},{"policyDefinitionReferenceId":"ACF1426","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21f639bc-f42b-46b1-8f40-7a2a389c291a","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-1"]},{"policyDefinitionReferenceId":"ACF1427","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc90e44f-d83f-4bdf-900f-3d5eb4111b31","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-1"]},{"policyDefinitionReferenceId":"ACF1428","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a77fcc7-b8d8-451a-ab52-56197913c0c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-2"]},{"policyDefinitionReferenceId":"ACF1429","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b07c9b24-729e-4e85-95fc-f224d2d08a80","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-3"]},{"policyDefinitionReferenceId":"ACF1430","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f559588-5e53-4b14-a7c4-85d28ebc2234","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-3"]},{"policyDefinitionReferenceId":"ACF1431","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7173c52-2b99-4696-a576-63dd5f970ef4","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-4"]},{"policyDefinitionReferenceId":"ACF1432","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1140e542-b80d-4048-af45-3f7245be274b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-4"]},{"policyDefinitionReferenceId":"ACF1433","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b879b41-2728-41c5-ad24-9ee2c37cbe65","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1434","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c18f06b-a68d-41c3-8863-b8cd3acb5f8f","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1435","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa8d221b-d130-4637-ba16-501e666628bb","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1436","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28aab8b4-74fd-4b7c-9080-5a7be525d574","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1437","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d1eb6ed-bf13-4046-b993-b9e2aef0f76c","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5(4)"]},{"policyDefinitionReferenceId":"ACF1438","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40fcc635-52a2-4dbc-9523-80a1f4aa1de6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6"]},{"policyDefinitionReferenceId":"ACF1439","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dce72873-c5f1-47c3-9b4f-6b8207fd5a45","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6"]},{"policyDefinitionReferenceId":"ACF1440","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/881299bf-2a5b-4686-a1b2-321d33679953","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(1)"]},{"policyDefinitionReferenceId":"ACF1441","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6519d7f3-e8a2-4ff3-a935-9a9497152ad7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(2)"]},{"policyDefinitionReferenceId":"ACF1442","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f26049b-2c5a-4841-9ff3-d48a26aae475","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(3)"]},{"policyDefinitionReferenceId":"ACF1443","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cd0ec6fa-a2e7-4361-aee4-a8688659a9ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-7"]},{"policyDefinitionReferenceId":"ACF1444","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/666143df-f5e0-45bd-b554-135f0f93e44e","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-7(1)"]},{"policyDefinitionReferenceId":"ACF1445","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32d07d59-2716-4972-b37b-214a67ac4a37","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-1"]},{"policyDefinitionReferenceId":"ACF1446","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf6850fe-abba-468e-9ef4-d09ec7d983cd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-1"]},{"policyDefinitionReferenceId":"ACF1447","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9783a99-98fe-4a95-873f-29613309fe9a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1448","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/825d6494-e583-42f2-a3f2-6458e6f0004f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1449","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f784d3b0-5f2b-49b7-b9f3-00ba8653ced5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1450","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/134d7a13-ba3e-41e2-b236-91bfcfa24e01","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1451","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3f1e5a3-25c1-4476-8cb6-3955031f8e65","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1452","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82c76455-4d3f-4e09-a654-22e592107e74","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1453","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9693b564-3008-42bc-9d5d-9c7fe198c011","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1454","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ad58985d-ab32-4f99-8bd3-b7e134c90229","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1455","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/068a88d4-e520-434e-baf0-9005a8164e6a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1456","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/733ba9e3-9e7c-440a-a7aa-6196a90a2870","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1457","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f2d9d3e6-8886-4305-865d-639163e5c305","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1458","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c19ceb7-56e9-4488-8ddb-b1eb3aa6d203","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3(1)"]},{"policyDefinitionReferenceId":"ACF1459","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-4"]},{"policyDefinitionReferenceId":"ACF1460","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6f3ce1bb-4f77-4695-8355-70b08d54fdda","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-5"]},{"policyDefinitionReferenceId":"ACF1461","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aafef03e-fea8-470b-88fa-54bd1fcd7064","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1462","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9b1f3a9a-13a1-4b40-8420-36bca6fd8c02","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1463","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/59721f87-ae25-4db0-a2a4-77cc5b25d495","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1464","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41256567-1795-4684-b00b-a1308ce43cac","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6(1)"]},{"policyDefinitionReferenceId":"ACF1465","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6e41554-86b5-4537-9f7f-4fc41a1d1640","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6(4)"]},{"policyDefinitionReferenceId":"ACF1466","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d943a9c-a6f1-401f-a792-740cdb09c451","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8"]},{"policyDefinitionReferenceId":"ACF1467","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5350cbf9-8bdd-4904-b22a-e88be84ca49d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8"]},{"policyDefinitionReferenceId":"ACF1468","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/75603f96-80a1-4757-991d-5a1221765ddd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8(1)"]},{"policyDefinitionReferenceId":"ACF1469","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-9"]},{"policyDefinitionReferenceId":"ACF1470","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c89ba09f-2e0f-44d0-8095-65b05bd151ef","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1471","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7dd0e9ce-1772-41fb-a50a-99977071f916","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1472","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef869332-921d-4c28-9402-3be73e6e50c8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1473","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d7047705-d719-46a7-8bb0-76ad233eba71","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-11"]},{"policyDefinitionReferenceId":"ACF1474","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03ad326e-d7a1-44b1-9a76-e17492efc9e4","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-11(1)"]},{"policyDefinitionReferenceId":"ACF1475","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34a63848-30cf-4081-937e-ce1a1c885501","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-12"]},{"policyDefinitionReferenceId":"ACF1476","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f3c4ac2-3e35-4906-a80b-473b12a622d7","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13"]},{"policyDefinitionReferenceId":"ACF1477","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4862a63c-6c74-4a9d-a221-89af3c374503","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(1)"]},{"policyDefinitionReferenceId":"ACF1478","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f997df46-cfbb-4cc8-aac8-3fecdaf6a183","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(2)"]},{"policyDefinitionReferenceId":"ACF1479","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e327b072-281d-4f75-9c28-4216e5d72f26","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(3)"]},{"policyDefinitionReferenceId":"ACF1480","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/18a767cc-1947-4338-a240-bc058c81164f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14"]},{"policyDefinitionReferenceId":"ACF1481","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/717a1c78-a267-4f56-ac58-ee6c54dc4339","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14"]},{"policyDefinitionReferenceId":"ACF1482","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9df4277e-8c88-4d5c-9b1a-541d53d15d7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14(2)"]},{"policyDefinitionReferenceId":"ACF1483","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5cb81060-3c8a-4968-bcdc-395a1801f6c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-15"]},{"policyDefinitionReferenceId":"ACF1484","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/486b006a-3653-45e8-b41c-a052d3e05456","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-15(1)"]},{"policyDefinitionReferenceId":"ACF1485","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50301354-95d0-4a11-8af5-8039ecf6d38b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-16"]},{"policyDefinitionReferenceId":"ACF1486","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb790345-a51f-43de-934e-98dbfaf9dca5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1487","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c3371d-c30c-4f58-abd9-30b8a8199571","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1488","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d8ef30eb-a44f-47af-8524-ac19a36d41d2","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1489","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0a794f-1444-4c96-9534-e35fc8c39c91","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-18"]},{"policyDefinitionReferenceId":"ACF1490","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e61da80-0957-4892-b70c-609d5eaafb6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-1"]},{"policyDefinitionReferenceId":"ACF1491","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1571dd40-dafc-4ef4-8f55-16eba27efc7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-1"]},{"policyDefinitionReferenceId":"ACF1492","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ad5f307-e045-46f7-8214-5bdb7e973737","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1493","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22b469b3-fccf-42da-aa3b-a28e6fb113ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1494","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ed09d84-3311-4853-8b67-2b55dfa33d09","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1495","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4978d0e-a596-48e7-9f8c-bbf52554ce8d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1496","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ca96127-2f87-46ab-a4fc-0d2a786df1c8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1497","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2e3c5583-1729-4d36-8771-59c32f090a22","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2(3)"]},{"policyDefinitionReferenceId":"ACF1498","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/633988b9-cf2f-4323-8394-f0d2af9cd6e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1499","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e59671ab-9720-4ee2-9c60-170e8c82251e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1500","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9dd5b241-03cb-47d3-a5cd-4b89f9c53c92","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1501","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88817b58-8472-4f6c-81fa-58ce42b67f51","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1502","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e901375c-8f01-4ac8-9183-d5312f47fe63","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4(1)"]},{"policyDefinitionReferenceId":"ACF1503","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c1fa9c2f-d439-4ab9-8b83-81fb1934f81d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1504","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e7c35d0-12d4-4e0c-80a2-8a352537aefd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1505","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/813a10a7-3943-4fe3-8678-00dc52db5490","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1506","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f7d2ff17-d604-4dd9-b607-9ecf63f28ad2","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-1"]},{"policyDefinitionReferenceId":"ACF1507","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86ccd1bf-e7ad-4851-93ce-6ec817469c1e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-1"]},{"policyDefinitionReferenceId":"ACF1508","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/76f500cc-4bca-4583-bda1-6d084dc21086","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1509","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/70792197-9bfc-4813-905a-bd33993e327f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1510","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/79da5b09-0e7e-499e-adda-141b069c7998","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1511","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9eae324-d327-4539-9293-b48e122465f8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3"]},{"policyDefinitionReferenceId":"ACF1512","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5a8324ad-f599-429b-aaed-f9c6e8c987a8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3"]},{"policyDefinitionReferenceId":"ACF1513","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c416970d-b12b-49eb-8af4-fb144cd7c290","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3(3)"]},{"policyDefinitionReferenceId":"ACF1514","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ed5ca00-0e43-434e-a018-7aab91461ba7","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3(3)"]},{"policyDefinitionReferenceId":"ACF1515","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02dd141a-a2b2-49a7-bcbd-ca31142f6211","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1516","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da3cd269-156f-435b-b472-c3af34c032ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1517","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8f5ad423-50d6-4617-b058-69908f5586c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1518","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d58f734-c052-40e9-8b2f-a1c2bff0b815","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1519","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2f13915a-324c-4ab8-b45c-2eefeeefb098","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1520","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f2c513b-eb16-463b-b469-c10e5fa94f0a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1521","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cbddf9c-a3aa-4330-a0f5-4c0c1f1862e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4(2)"]},{"policyDefinitionReferenceId":"ACF1522","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/38b470cc-f939-4a15-80e0-9f0c74f2e2c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1523","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5577a310-2551-49c8-803b-36e0d5e55601","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1524","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/72f1cb4e-2439-4fe8-88ea-b8671ce3c268","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1525","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9be2f688-7a61-45e3-8230-e1ec93893f66","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1526","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/953e6261-a05a-44fd-8246-000e1a3edbb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1527","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2823de66-332f-4bfd-94a3-3eb036cd3b67","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1528","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/deb9797c-22f8-40e8-b342-a84003c924e6","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1529","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d74fdc92-1cb8-4a34-9978-8556425cd14c","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1530","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e8f9566-29f1-49cd-b61f-f8628a3cf993","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1531","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0643e0c-eee5-4113-8684-c608d05c5236","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1532","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2c66299-9017-4d95-8040-8bdbf7901d52","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1533","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bba2a036-fb3b-4261-b1be-a13dfb5fbcaa","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1534","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8b2b263e-cd05-4488-bcbf-4debec7a17d9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-8"]},{"policyDefinitionReferenceId":"ACF1535","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9a165d2-967d-4733-8399-1074270dae2e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-8"]},{"policyDefinitionReferenceId":"ACF1536","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e40d9de-2ad4-4cb5-8945-23143326a502","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-1"]},{"policyDefinitionReferenceId":"ACF1537","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b19454ca-0d70-42c0-acf5-ea1c1e5726d1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-1"]},{"policyDefinitionReferenceId":"ACF1538","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d7658b2-e827-49c3-a2ae-6d2bd0b45874","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1539","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aabb155f-e7a5-4896-a767-e918bfae2ee0","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1540","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f771f8cb-6642-45cc-9a15-8a41cd5c6977","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1541","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/70f6af82-7be6-44aa-9b15-8b9231b2e434","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1542","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eab340d0-3d55-4826-a0e5-feebfeb0131d","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1543","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd00b778-b5b5-49c0-a994-734ea7bd3624","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1544","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/43ced7c9-cd53-456b-b0da-2522649a4271","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1545","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3f4b171a-a56b-4328-8112-32cf7f947ee1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1546","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ce1ea7e-4038-4e53-82f4-63e8859333c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1547","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1548","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3afe6c78-6124-4d95-b85c-eb8c0c9539cb","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1549","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d6976a08-d969-4df2-bb38-29556c2eb48a","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1550","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/902908fb-25a8-4225-a3a5-5603c80066c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1551","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bbda922-0172-4095-89e6-5b4a0bf03af7","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(1)"]},{"policyDefinitionReferenceId":"ACF1552","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/43684572-e4f1-4642-af35-6b933bc506da","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(2)"]},{"policyDefinitionReferenceId":"ACF1553","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e5225fe-cdfb-4fce-9aec-0fe20dd53b62","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(3)"]},{"policyDefinitionReferenceId":"ACF1554","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10984b4e-c93e-48d7-bf20-9c03b04e9eca","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(4)"]},{"policyDefinitionReferenceId":"ACF1555","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5afa8cab-1ed7-4e40-884c-64e0ac2059cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(5)"]},{"policyDefinitionReferenceId":"ACF1556","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/391ff8b3-afed-405e-9f7d-ef2f8168d5da","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(6)"]},{"policyDefinitionReferenceId":"ACF1557","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36fbe499-f2f2-41b6-880e-52d7ea1d94a5","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(8)"]},{"policyDefinitionReferenceId":"ACF1558","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/65592b16-4367-42c5-a26e-d371be450e17","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(10)"]},{"policyDefinitionReferenceId":"ACF1559","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45692294-f074-42bd-ac54-16f1a3c07554","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-1"]},{"policyDefinitionReferenceId":"ACF1560","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e29e0915-5c2f-4d09-8806-048b749ad763","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-1"]},{"policyDefinitionReferenceId":"ACF1561","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40364c3f-c331-4e29-b1e3-2fbe998ba2f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1562","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d4142013-7964-4163-a313-a900301c2cef","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1563","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9afe2edf-232c-4fdf-8e6a-e867a5c525fd","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1564","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/157f0ef9-143f-496d-b8f9-f8c8eeaad801","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1565","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45ce2396-5c76-4654-9737-f8792ab3d26b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1566","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50ad3724-e2ac-4716-afcc-d8eabd97adb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1567","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e72edbf6-aa61-436d-a227-0f32b77194b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1568","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6a8eae8-9854-495a-ac82-d2cd3eac02a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1569","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ad2f8e61-a564-4dfd-8eaa-816f5be8cb34","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1570","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7fcf38d-bb09-4600-be7d-825046eb162a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1571","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b11c985b-f2cd-4bd7-85f4-b52426edf905","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1572","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/04f5fb00-80bb-48a9-a75b-4cb4d4c97c36","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1573","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/58c93053-7b98-4cf0-b99f-1beb985416c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1574","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f935dab-83d6-47b8-85ef-68b8584161b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1575","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93e1bb73-1b08-4dbe-9c62-8e2e92e7ec41","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(1)"]},{"policyDefinitionReferenceId":"ACF1576","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f18c885-ade3-48c5-80b1-8f9216019c18","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(2)"]},{"policyDefinitionReferenceId":"ACF1577","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d922484a-8cfc-4a6b-95a4-77d6a685407f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(8)"]},{"policyDefinitionReferenceId":"ACF1578","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45b7b644-5f91-498e-9d89-7402532d3645","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(9)"]},{"policyDefinitionReferenceId":"ACF1579","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e54c7ef-7457-430b-9a3e-ef8881d4a8e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(10)"]},{"policyDefinitionReferenceId":"ACF1580","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/854db8ac-6adf-42a0-bef3-b73f764f40b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1581","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/742b549b-7a25-465f-b83c-ea1ffb4f4e0e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1582","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cd9e2f38-259b-462c-bfad-0ad7ab4e65c5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1583","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0882d488-8e80-4466-bc0f-0cd15b6cb66d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1584","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5864522b-ff1d-4979-a9f8-58bee1fb174c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1585","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d57f8732-5cdc-4cda-8d27-ab148e1f3a55","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-8"]},{"policyDefinitionReferenceId":"ACF1586","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e3b2fbd-8f37-4766-a64d-3f37703dcb51","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1587","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32820956-9c6d-4376-934c-05cd8525be7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1588","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68ebae26-e0e0-4ecb-8379-aabf633b51e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1589","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86ec7f9b-9478-40ff-8cfd-6a0d510081a8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(1)"]},{"policyDefinitionReferenceId":"ACF1590","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf296b8c-f391-4ea4-9198-be3c9d39dd1f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(1)"]},{"policyDefinitionReferenceId":"ACF1591","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f751cdb7-fbee-406b-969b-815d367cb9b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(2)"]},{"policyDefinitionReferenceId":"ACF1592","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d01ba6c-289f-42fd-a408-494b355b6222","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(4)"]},{"policyDefinitionReferenceId":"ACF1593","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2cd0a426-b5f5-4fe0-9539-a6043cdbc6fa","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(5)"]},{"policyDefinitionReferenceId":"ACF1594","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/042ba2a1-8bb8-45f4-b080-c78cf62b90e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1595","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1e0414e7-6ef5-4182-8076-aa82fbb53341","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1596","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21e25e01-0ae0-41be-919e-04ce92b8e8b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1597","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68b250ec-2e4f-4eee-898a-117a9fda7016","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1598","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae7e1f5e-2d63-4b38-91ef-bce14151cce3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1599","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0004bbf0-5099-4179-869e-e9ffe5fb0945","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10(1)"]},{"policyDefinitionReferenceId":"ACF1600","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c53f3123-d233-44a7-930b-f40d3bfeb7d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1601","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1602","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ddae2e97-a449-499f-a1c8-aea4a7e52ec9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1603","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b909c26-162f-47ce-8e15-0c1f55632eac","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1604","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44dbba23-0b61-478e-89c7-b3084667782f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1605","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0062eb8b-dc75-4718-8ea5-9bb4a9606655","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(1)"]},{"policyDefinitionReferenceId":"ACF1606","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(2)"]},{"policyDefinitionReferenceId":"ACF1607","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/976a74cf-b192-4d35-8cab-2068f272addb","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(8)"]},{"policyDefinitionReferenceId":"ACF1608","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b73b7b3b-677c-4a2a-b949-ad4dc4acd89f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-12"]},{"policyDefinitionReferenceId":"ACF1609","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e93fa71-42ac-41a7-b177-efbfdc53c69f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-15"]},{"policyDefinitionReferenceId":"ACF1610","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9f3fb54-4222-46a1-a308-4874061f8491","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-15"]},{"policyDefinitionReferenceId":"ACF1611","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-16"]},{"policyDefinitionReferenceId":"ACF1612","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2037b3d-8b04-4171-8610-e6d4f1d08db5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1613","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fe2ad78b-8748-4bff-a924-f74dfca93f30","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1614","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8154e3b3-cc52-40be-9407-7756581d71f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1615","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f35e02aa-0a55-49f8-8811-8abfa7e6f2c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-1"]},{"policyDefinitionReferenceId":"ACF1616","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2006457a-48b3-4f7b-8d2e-1532287f9929","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-1"]},{"policyDefinitionReferenceId":"ACF1617","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a631d8f5-eb81-4f9d-9ee1-74431371e4a3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-2"]},{"policyDefinitionReferenceId":"ACF1618","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f52f89aa-4489-4ec4-950e-8c96a036baa9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-3"]},{"policyDefinitionReferenceId":"ACF1619","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c722e569-cb52-45f3-a643-836547d016e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-4"]},{"policyDefinitionReferenceId":"ACF1620","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d17c826b-1dec-43e1-a984-7b71c446649c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-5"]},{"policyDefinitionReferenceId":"ACF1621","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cb9f731-744a-4691-a481-ca77b0411538","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-6"]},{"policyDefinitionReferenceId":"ACF1622","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ecf56554-164d-499a-8d00-206b07c27bed","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1623","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02ce1b22-412a-4528-8630-c42146f917ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1624","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37d079e3-d6aa-4263-a069-dd7ac6dd9684","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1625","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9b66a4d-70a1-4b47-8fa1-289cec68c605","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(3)"]},{"policyDefinitionReferenceId":"ACF1626","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8f6bddd-6d67-439a-88d4-c5fe39a79341","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1627","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd73310d-76fc-422d-bda4-3a077149f179","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1628","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/67de62b4-a737-4781-8861-3baed3c35069","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1629","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c171b095-7756-41de-8644-a062a96043f2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1630","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3643717a-3897-4bfd-8530-c7c96b26b2a0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1631","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74ae9b8e-e7bb-4c9c-992f-c535282f7a2c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(5)"]},{"policyDefinitionReferenceId":"ACF1632","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ce9073a-77fa-48f0-96b1-87aa8e6091c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(7)"]},{"policyDefinitionReferenceId":"ACF1633","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/07557aa0-e02f-4460-9a81-8ecd2fed601a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(8)"]},{"policyDefinitionReferenceId":"ACF1634","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/292a7c44-37fa-4c68-af7c-9d836955ded2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(10)"]},{"policyDefinitionReferenceId":"ACF1635","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(12)"]},{"policyDefinitionReferenceId":"ACF1636","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7b694eed-7081-43c6-867c-41c76c961043","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(13)"]},{"policyDefinitionReferenceId":"ACF1637","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4075bedc-c62a-4635-bede-a01be89807f3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(18)"]},{"policyDefinitionReferenceId":"ACF1638","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/49b99653-32cd-405d-a135-e7d60a9aae1f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(20)"]},{"policyDefinitionReferenceId":"ACF1639","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/78e8e649-50f6-4fe3-99ac-fedc2e63b03f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(21)"]},{"policyDefinitionReferenceId":"ACF1640","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05a289ce-6a20-4b75-a0f3-dc8601b6acd0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8"]},{"policyDefinitionReferenceId":"ACF1641","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d39d4f68-7346-4133-8841-15318a714a24","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"ACF1642","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53397227-5ee3-4b23-9e5e-c8a767ce6928","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-10"]},{"policyDefinitionReferenceId":"ACF1643","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d8d492c-dd7a-46f7-a723-fa66a425b87c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12"]},{"policyDefinitionReferenceId":"ACF1644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7211477-c970-446b-b4af-062f37461147","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(1)"]},{"policyDefinitionReferenceId":"ACF1645","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/afbd0baf-ff1a-4447-a86f-088a97347c0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(2)"]},{"policyDefinitionReferenceId":"ACF1646","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/506814fa-b930-4b10-894e-a45b98c40e1a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(3)"]},{"policyDefinitionReferenceId":"ACF1647","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/791cfc15-6974-42a0-9f4c-2d4b82f4a78c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-13"]},{"policyDefinitionReferenceId":"ACF1648","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3a9eb14b-495a-4ebb-933c-ce4ef5264e32","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-15"]},{"policyDefinitionReferenceId":"ACF1649","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26d292cc-b0b8-4c29-9337-68abc758bf7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-15"]},{"policyDefinitionReferenceId":"ACF1650","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201d3740-bd16-4baf-b4b8-7cda352228b7","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-17"]},{"policyDefinitionReferenceId":"ACF1651","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6db63528-c9ba-491c-8a80-83e1e6977a50","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1652","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6998e84a-2d29-4e10-8962-76754d4f772d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1653","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1654","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a2ee16e-ab1f-414a-800b-d1608835862b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-19"]},{"policyDefinitionReferenceId":"ACF1655","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/121eab72-390e-4629-a7e2-6d6184f57c6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-19"]},{"policyDefinitionReferenceId":"ACF1656","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1cb067d5-c8b5-4113-a7ee-0a493633924b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-20"]},{"policyDefinitionReferenceId":"ACF1657","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90f01329-a100-43c2-af31-098996135d2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-20"]},{"policyDefinitionReferenceId":"ACF1658","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/063b540e-4bdc-4e7a-a569-3a42ddf22098","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-21"]},{"policyDefinitionReferenceId":"ACF1659","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/35a4102f-a778-4a2e-98c2-971056288df8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-22"]},{"policyDefinitionReferenceId":"ACF1660","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/63096613-ce83-43e5-96f4-e588e8813554","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-23"]},{"policyDefinitionReferenceId":"ACF1661","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c643c9a-1be7-4016-a5e7-e4bada052920","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-23(1)"]},{"policyDefinitionReferenceId":"ACF1662","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/165cb91f-7ea8-4ab7-beaf-8636b98c9d15","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-24"]},{"policyDefinitionReferenceId":"ACF1663","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60171210-6dde-40af-a144-bf2670518bfa","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28"]},{"policyDefinitionReferenceId":"ACF1664","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2cdf6b8-9505-4619-b579-309ba72037ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"ACF1665","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5df3a55c-8456-44d4-941e-175f79332512","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-39"]},{"policyDefinitionReferenceId":"ACF1666","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12e30ee3-61e6-4509-8302-a871e8ebb91e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-1"]},{"policyDefinitionReferenceId":"ACF1667","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d61880dc-6e38-4f2a-a30c-3406a98f8220","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-1"]},{"policyDefinitionReferenceId":"ACF1668","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fb0966e-be1d-42c3-baca-60df5c0bcc61","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1669","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48f2f62b-5743-4415-a143-288adc0e078d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1670","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c6108469-57ee-4666-af7e-79ba61c7ae0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1671","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c5bbef7-a316-415b-9b38-29753ce8e698","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1672","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b45fe972-904e-45a4-ac20-673ba027a301","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(1)"]},{"policyDefinitionReferenceId":"ACF1673","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dff0b90d-5a6f-491c-b2f8-b90aa402d844","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(2)"]},{"policyDefinitionReferenceId":"ACF1674","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93e9e233-dd0a-4bde-aea5-1371bce0e002","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(3)"]},{"policyDefinitionReferenceId":"ACF1675","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/facb66e0-1c48-478a-bed5-747a312323e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(3)"]},{"policyDefinitionReferenceId":"ACF1676","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c10fb58b-56a8-489e-9ce3-7ffe24e78e4b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1677","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4a248e1e-040f-43e5-bff2-afc3a57a3923","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1678","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd533cb0-b416-4be7-8e86-4d154824dfd7","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1679","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2cf42a28-193e-41c5-98df-7688e7ef0a88","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1680","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/399cd6ee-0e18-41db-9dea-cde3bd712f38","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"ACF1681","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12623e7e-4736-4b2e-b776-c1600f35f93a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(2)"]},{"policyDefinitionReferenceId":"ACF1682","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/62b638c5-29d7-404b-8d93-f21e4b1ce198","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(7)"]},{"policyDefinitionReferenceId":"ACF1683","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c79fee4-88dd-44ce-bbd4-4de88948c4f8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1684","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16bfdb59-db38-47a5-88a9-2e9371a638cf","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1685","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36b0ef30-366f-4b1b-8652-a3511df11f53","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1686","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e17085c5-0be8-4423-b39b-a52d3d1402e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1687","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a87fc7f-301e-49f3-ba2a-4d74f424fa97","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1688","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/063c3f09-e0f0-4587-8fd5-f4276fae675f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1689","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/de901f2f-a01a-4456-97f0-33cda7966172","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1690","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2567a23-d1c3-4783-99f3-d471302a4d6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(1)"]},{"policyDefinitionReferenceId":"ACF1691","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/71475fb4-49bd-450b-a1a5-f63894c24725","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(2)"]},{"policyDefinitionReferenceId":"ACF1692","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ecda928-9df4-4dd7-8f44-641a91e470e8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(4)"]},{"policyDefinitionReferenceId":"ACF1693","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a450eba6-2efc-4a00-846a-5804a93c6b77","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(5)"]},{"policyDefinitionReferenceId":"ACF1694","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/426c4ac9-ff17-49d0-acd7-a13c157081c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(11)"]},{"policyDefinitionReferenceId":"ACF1695","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13fcf812-ec82-4eda-9b89-498de9efd620","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(14)"]},{"policyDefinitionReferenceId":"ACF1696","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69d2a238-20ab-4206-a6dc-f302bf88b1b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(16)"]},{"policyDefinitionReferenceId":"ACF1697","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9873db2-18ad-46b3-a11a-1a1f8cbf0335","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(18)"]},{"policyDefinitionReferenceId":"ACF1698","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/31b752c1-05a9-432a-8fce-c39b56550119","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(19)"]},{"policyDefinitionReferenceId":"ACF1699","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69c7bee8-bc19-4129-a51e-65a7b39d3e7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(20)"]},{"policyDefinitionReferenceId":"ACF1700","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(22)"]},{"policyDefinitionReferenceId":"ACF1701","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f25bc08f-27cb-43b6-9a23-014d00700426","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(23)"]},{"policyDefinitionReferenceId":"ACF1702","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4dfc0855-92c4-4641-b155-a55ddd962362","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(24)"]},{"policyDefinitionReferenceId":"ACF1703","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/804faf7d-b687-40f7-9f74-79e28adf4205","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1704","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d44b6fa-1134-4ea6-ad4e-9edb68f65429","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1705","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f82e3639-fa2b-4e06-a786-932d8379b972","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1706","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f475ee0e-f560-4c9b-876b-04a77460a404","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1707","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd4a2ac8-868a-4702-a345-6c896c3361ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5(1)"]},{"policyDefinitionReferenceId":"ACF1708","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a1e2c88-13de-4959-8ee7-47e3d74f1f48","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1709","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/025992d6-7fee-4137-9bbf-2ffc39c0686c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1710","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af2a93c8-e6dd-4c94-acdd-4a2eedfc478e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1711","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b083a535-a66a-41ec-ba7f-f9498bf67cde","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1712","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44e543aa-41db-42aa-98eb-8a5eb1db53f0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7"]},{"policyDefinitionReferenceId":"ACF1713","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d87c70b-5012-48e9-994b-e70dd4b8def0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(1)"]},{"policyDefinitionReferenceId":"ACF1714","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e12494fa-b81e-4080-af71-7dbacc2da0ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(2)"]},{"policyDefinitionReferenceId":"ACF1715","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd469ae0-71a8-4adc-aafc-de6949ca3339","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(5)"]},{"policyDefinitionReferenceId":"ACF1716","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e54c325e-42a0-4dcf-b105-046e0f6f590f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(7)"]},{"policyDefinitionReferenceId":"ACF1717","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(14)"]},{"policyDefinitionReferenceId":"ACF1718","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0dced7ab-9ce5-4137-93aa-14c13e06ab17","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(14)"]},{"policyDefinitionReferenceId":"ACF1719","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c13da9b4-fe14-4fe2-853a-5997c9d4215a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8"]},{"policyDefinitionReferenceId":"ACF1720","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44b9a7cd-f36a-491a-a48b-6d04ae7c4221","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8"]},{"policyDefinitionReferenceId":"ACF1721","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8(1)"]},{"policyDefinitionReferenceId":"ACF1722","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1da06bd-25b6-4127-a301-c313d6873fff","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8(2)"]},{"policyDefinitionReferenceId":"ACF1723","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e91927a0-ac1d-44a0-95f8-5185f9dfce9f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-10"]},{"policyDefinitionReferenceId":"ACF1724","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d07594d1-0307-4c08-94db-5d71ff31f0f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-11"]},{"policyDefinitionReferenceId":"ACF1725","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/afc234b5-456b-4aa5-b3e2-ce89108124cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-11"]},{"policyDefinitionReferenceId":"ACF1726","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/baff1279-05e0-4463-9a70-8ba5de4c7aa4","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-12"]},{"policyDefinitionReferenceId":"ACF1727","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/697175a7-9715-4e89-b98b-c6f605888fa3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-16"]}],"policyDefinitionGroups":[{"name":"NIST_SP_800-53_R4_AC-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-1"},{"name":"NIST_SP_800-53_R4_AC-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-10"},{"name":"NIST_SP_800-53_R4_AC-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-11(1)"},{"name":"NIST_SP_800-53_R4_AC-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-11"},{"name":"NIST_SP_800-53_R4_AC-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-12(1)"},{"name":"NIST_SP_800-53_R4_AC-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-12"},{"name":"NIST_SP_800-53_R4_AC-14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-14"},{"name":"NIST_SP_800-53_R4_AC-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_
+ AC-16"},{"name":"NIST_SP_800-53_R4_AC-17(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(1)"},{"name":"NIST_SP_800-53_R4_AC-17(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(2)"},{"name":"NIST_SP_800-53_R4_AC-17(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(3)"},{"name":"NIST_SP_800-53_R4_AC-17(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(4)"},{"name":"NIST_SP_800-53_R4_AC-17(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(9)"},{"name":"NIST_SP_800-53_R4_AC-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17"},{"name":"NIST_SP_800-53_R4_AC-18(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(1)"},{"name":"NIST_SP_800-53_R4_AC-18(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(3)"},{"name":"NIST_SP_800-53_R4_AC-18(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(4)"},{"name":"NIST_SP_800-53_R4_AC-18(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(5)"},{"name":"NIST_SP_800-53_R4_AC-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18"},{"name":"NIST_SP_800-53_R4_AC-19(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-19(5)"},{"name":"NIST_SP_800-53_R4_AC-19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-19"},{"name":"NIST_SP_800-53_R4_AC-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(1)"},{"name":"NIST_SP_800-53_R4_AC-2(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(10)"},{"name":"NIST_SP_800-53_R4_AC-2(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(11)"},{"name":"NIST_SP_800-53_R4_AC-2(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(12)"},{"name":"NIST_SP_800-53_R4_AC-2(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(13)"},{"name":"NIST_SP_800-53_R4_AC-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(2)"},{"name":"NIST_SP_800-53_R4_AC-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(3)"},{"name":"NIST_SP_800-53_R4_AC-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(4)"},{"name":"NIST_SP_800-53_R4_AC-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(5)"},{"name":"NIST_SP_800-53_R4_AC-2(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(7)"},{"name":"NIST_SP_800-53_R4_AC-2(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(9)"},{"name":"NIST_SP_800-53_R4_AC-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2"},{"name":"NIST_SP_800-53_R4_AC-20(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20(1)"},{"name":"NIST_SP_800-53_R4_AC-20(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20(2)"},{"name":"NIST_SP_800-53_R4_AC-20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20"},{"name":"NIST_SP_800-53_R4_AC-21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-21"},{"name":"NIST_SP_800-53_R4_AC-22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-22"},{"name":"NIST_SP_800-53_R4_AC-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-3"},{"name":"NIST_SP_800-53_R4_AC-4(21)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4(21)"},{"name":"NIST_SP_800-53_R4_AC-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4(8)"},{"name":"NIST_SP_800-53_R4_AC-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4"},{"name":"NIST_SP_800-53_R4_AC-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-5"},{"name":"NIST_SP_800-53_R4_AC-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(1)"},{"name":"NIST_SP_800-53_R4_AC-6(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(10)"},{"name":"NIST_SP_800-53_R4_AC-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(2)"},{"name":"NIST_SP_800-53_R4_AC-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(3)"},{"name":"NIST_SP_800-53_R4_AC-6(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(5)"},{"name":"NIST_SP_800-53_R4_AC-6(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(7)"},{"name":"NIST_SP_800-53_R4_AC-6(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(8)"},{"name":"NIST_SP_800-53_R4_AC-6(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(9)"},{"name":"NIST_SP_800-53_R4_AC-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6"},{"name":"NIST_SP_800-53_R4_AC-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-7(2)"},{"name":"NIST_SP_800-53_R4_AC-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-7"},{"name":"NIST_SP_800-53_R4_AC-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-8"},{"name":"NIST_SP_800-53_R4_AT-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-1"},{"name":"NIST_SP_800-53_R4_AT-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-2(2)"},{"name":"NIST_SP_800-53_R4_AT-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-2"},{"name":"NIST_SP_800-53_R4_AT-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3(3)"},{"name":"NIST_SP_800-53_R4_AT-3(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3(4)"},{"name":"NIST_SP_800-53_R4_AT-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3"},{"name":"NIST_SP_800-53_R4_AT-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-4"},{"name":"NIST_SP_800-53_R4_AU-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-1"},{"name":"NIST_SP_800-53_R4_AU-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-10"},{"name":"NIST_SP_800-53_R4_AU-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-11"},{"name":"NIST_SP_800-53_R4_AU-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12(1)"},{"name":"NIST_SP_800-53_R4_AU-12(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12(3)"},{"name":"NIST_SP_800-53_R4_AU-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12"},{"name":"NIST_SP_800-53_R4_AU-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-2(3)"},{"name":"NIST_SP_800-53_R4_AU-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-2"},{"name":"NIST_SP_800-53_R4_AU-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3(1)"},{"name":"NIST_SP_800-53_R4_AU-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3(2)"},{"name":"NIST_SP_800-53_R4_AU-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3"},{"name":"NIST_SP_800-53_R4_AU-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-4"},{"name":"NIST_SP_800-53_R4_AU-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5(1)"},{"name":"NIST_SP_800-53_R4_AU-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5(2)"},{"name":"NIST_SP_800-53_R4_AU-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5"},{"name":"NIST_SP_800-53_R4_AU-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(1)"},{"name":"NIST_SP_800-53_R4_AU-6(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(10)"},{"name":"NIST_SP_800-53_R4_AU-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(3)"},{"name":"NIST_SP_800-53_R4_AU-6(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(4)"},{"name":"NIST_SP_800-53_R4_AU-6(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(5)"},{"name":"NIST_SP_800-53_R4_AU-6(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(6)"},{"name":"NIST_SP_800-53_R4_AU-6(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(7)"},{"name":"NIST_SP_800-53_R4_AU-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6"},{"name":"NIST_SP_800-53_R4_AU-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-7(1)"},{"name":"NIST_SP_800-53_R4_AU-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-7"},{"name":"NIST_SP_800-53_R4_AU-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-8(1)"},{"name":"NIST_SP_800-53_R4_AU-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-8"},{"name":"NIST_SP_800-53_R4_AU-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(2)"},{"name":"NIST_SP_800-53_R4_AU-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(3)"},{"name":"NIST_SP_800-53_R4_AU-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(4)"},{"name":"NIST_SP_800-53_R4_AU-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9"},{"name":"NIST_SP_800-53_R4_CA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-1"},{"name":"NIST_SP_800-53_R4_CA-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(1)"},{"name":"NIST_SP_800-53_R4_CA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(2)"},{"name":"NIST_SP_800-53_R4_CA-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(3)"},{"name":"NIST_SP_800-53_R4_CA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2"},{"name":"NIST_SP_800-53_R4_CA-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3(3)"},{"name":"NIST_SP_800-53_R4_CA-3(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3(5)"},{"name":"NIST_SP_800-53_R4_CA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3"},{"name":"NIST_SP_800-53_R4_CA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-5"},{"name":"NIST_SP_800-53_R4_CA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-6"},{"name":"NIST_SP_800-53_R4_CA-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7(1)"},{"name":"NIST_SP_800-53_R4_CA-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7(3)"},{"name":"NIST_SP_800-53_R4_CA-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7"},{"name":"NIST_SP_800-53_R4_CA-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-8(1)"},{"name":"NIST_SP_800-53_R4_CA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-8"},{"name":"NIST_SP_800-53_R4_CA-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-9"},{"name":"NIST_SP_800-53_R4_CM-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-1"},{"name":"NIST_SP_800-53_R4_CM-10(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-10(1)"},{"name":"NIST_SP_800-53_R4_CM-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-10"},{"name":"NIST_SP_800-53_R4_CM-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-11(1)"},{"name":"NIST_SP_800-53_R4_CM-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-11"},{"name":"NIST_SP_800-53_R4_CM-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(1)"},{"name":"NIST_SP_800-53_R4_CM-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(2)"},{"name":"NIST_SP_800-53_R4_CM-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(3)"},{"name":"NIST_SP_800-53_R4_CM-2(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(7)"},{"name":"NIST_SP_800-53_R4_CM-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2"},{"name":"NIST_SP_800-53_R4_CM-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(1)"},{"name":"NIST_SP_800-53_R4_CM-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(2)"},{"name":"NIST_SP_800-53_R4_CM-3(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(4)"},{"name":"NIST_SP_800-53_R4_CM-3(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(6)"},{"name":"NIST_SP_800-53_R4_CM-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3"},{"name":"NIST_SP_800-53_R4_CM-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-4(1)"},{"name":"NIST_SP_800-53_R4_CM-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-4"},{"name":"NIST_SP_800-53_R4_CM-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(1)"},{"name":"NIST_SP_800-53_R4_CM-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(2)"},{"name":"NIST_SP_800-53_R4_CM-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(3)"},{"name":"NIST_SP_800-53_R4_CM-5(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(5)"},{"name":"NIST_SP_800-53_R4_CM-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5"},{"name":"NIST_SP_800-53_R4_CM-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6(1)"},{"name":"NIST_SP_800-53_R4_CM-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6(2)"},{"name":"NIST_SP_800-53_R4_CM-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6"},{"name":"NIST_SP_800-53_R4_CM-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(1)"},{"name":"NIST_SP_800-53_R4_CM-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(2)"},{"name":"NIST_SP_800-53_R4_CM-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(5)"},{"name":"NIST_SP_800-53_R4_CM-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7"},{"name":"NIST_SP_800-53_R4_CM-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(1)"},{"name":"NIST_SP_800-53_R4_CM-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(2)"},{"name":"NIST_SP_800-53_R4_CM-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(3)"},{"name":"NIST_SP_800-53_R4_CM-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(4)"},{"name":"NIST_SP_800-53_R4_CM-8(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(5)"},{"name":"NIST_SP_800-53_R4_CM-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8"},{"name":"NIST_SP_800-53_R4_CM-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-9"},{"name":"NIST_SP_800-53_R4_CP-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-1"},{"name":"NIST_SP_800-53_R4_CP-10(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10(2)"},{"name":"NIST_SP_800-53_R4_CP-10(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10(4)"},{"name":"NIST_SP_800-53_R4_CP-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10"},{"name":"NIST_SP_800-53_R4_CP-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(1)"},{"name":"NIST_SP_800-53_R4_CP-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(2)"},{"name":"NIST_SP_800-53_R4_CP-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(3)"},{"name":"NIST_SP_800-53_R4_CP-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(4)"},{"name":"NIST_SP_800-53_R4_CP-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(5)"},{"name":"NIST_SP_800-53_R4_CP-2(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(8)"},{"name":"NIST_SP_800-53_R4_CP-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2"},{"name":"NIST_SP_800-53_R4_CP-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-3(1)"},{"name":"NIST_SP_800-53_R4_CP-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-3"},{"name":"NIST_SP_800-53_R4_CP-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4(1)"},{"name":"NIST_SP_800-53_R4_CP-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4(2)"},{"name":"NIST_SP_800-53_R4_CP-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4"},{"name":"NIST_SP_800-53_R4_CP-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(1)"},{"name":"NIST_SP_800-53_R4_CP-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(2)"},{"name":"NIST_SP_800-53_R4_CP-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(3)"},{"name":"NIST_SP_800-53_R4_CP-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6"},{"name":"NIST_SP_800-53_R4_CP-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(1)"},{"name":"NIST_SP_800-53_R4_CP-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(2)"},{"name":"NIST_SP_800-53_R4_CP-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(3)"},{"name":"NIST_SP_800-53_R4_CP-7(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(4)"},{"name":"NIST_SP_800-53_R4_CP-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7"},{"name":"NIST_SP_800-53_R4_CP-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(1)"},{"name":"NIST_SP_800-53_R4_CP-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(2)"},{"name":"NIST_SP_800-53_R4_CP-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(3)"},{"name":"NIST_SP_800-53_R4_CP-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(4)"},{"name":"NIST_SP_800-53_R4_CP-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8"},{"name":"NIST_SP_800-53_R4_CP-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(1)"},{"name":"NIST_SP_800-53_R4_CP-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(2)"},{"name":"NIST_SP_800-53_R4_CP-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(3)"},{"name":"NIST_SP_800-53_R4_CP-9(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(5)"},{"name":"NIST_SP_800-53_R4_CP-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9"},{"name":"NIST_SP_800-53_R4_IA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-1"},{"name":"NIST_SP_800-53_R4_IA-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(1)"},{"name":"NIST_SP_800-53_R4_IA-2(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(11)"},{"name":"NIST_SP_800-53_R4_IA-2(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(12)"},{"name":"NIST_SP_800-53_R4_IA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(2)"},{"name":"NIST_SP_800-53_R4_IA-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(3)"},{"name":"NIST_SP_800-53_R4_IA-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(4)"},{"name":"NIST_SP_800-53_R4_IA-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(5)"},{"name":"NIST_SP_800-53_R4_IA-2(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(8)"},{"name":"NIST_SP_800-53_R4_IA-2(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(9)"},{"name":"NIST_SP_800-53_R4_IA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2"},{"name":"NIST_SP_800-53_R4_IA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-3"},{"name":"NIST_SP_800-53_R4_IA-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-4(4)"},{"name":"NIST_SP_800-53_R4_IA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-4"},{"name":"NIST_SP_800-53_R4_IA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(1)"},{"name":"NIST_SP_800-53_R4_IA-5(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(11)"},{"name":"NIST_SP_800-53_R4_IA-5(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(13)"},{"name":"NIST_SP_800-53_R4_IA-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(2)"},{"name":"NIST_SP_800-53_R4_IA-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(3)"},{"name":"NIST_SP_800-53_R4_IA-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(4)"},{"name":"NIST_SP_800-53_R4_IA-5(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(6)"},{"name":"NIST_SP_800-53_R4_IA-5(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(7)"},{"name":"NIST_SP_800-53_R4_IA-5(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(8)"},{"name":"NIST_SP_800-53_R4_IA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5"},{"name":"NIST_SP_800-53_R4_IA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-6"},{"name":"NIST_SP_800-53_R4_IA-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-7"},{"name":"NIST_SP_800-53_R4_IA-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(1)"},{"name":"NIST_SP_800-53_R4_IA-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(2)"},{"name":"NIST_SP_800-53_R4_IA-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(3)"},{"name":"NIST_SP_800-53_R4_IA-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(4)"},{"name":"NIST_SP_800-53_R4_IA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8"},{"name":"NIST_SP_800-53_R4_IR-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-1"},{"name":"NIST_SP_800-53_R4_IR-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2(1)"},{"name":"NIST_SP_800-53_R4_IR-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2(2)"},{"name":"NIST_SP_800-53_R4_IR-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2"},{"name":"NIST_SP_800-53_R4_IR-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-3(2)"},{"name":"NIST_SP_800-53_R4_IR-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-3"},{"name":"NIST_SP_800-53_R4_IR-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(1)"},{"name":"NIST_SP_800-53_R4_IR-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(2)"},{"name":"NIST_SP_800-53_R4_IR-4(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(3)"},{"name":"NIST_SP_800-53_R4_IR-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(4)"},{"name":"NIST_SP_800-53_R4_IR-4(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(6)"},{"name":"NIST_SP_800-53_R4_IR-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(8)"},{"name":"NIST_SP_800-53_R4_IR-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4"},{"name":"NIST_SP_800-53_R4_IR-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-5(1)"},{"name":"NIST_SP_800-53_R4_IR-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-5"},{"name":"NIST_SP_800-53_R4_IR-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-6(1)"},{"name":"NIST_SP_800-53_R4_IR-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-6"},{"name":"NIST_SP_800-53_R4_IR-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7(1)"},{"name":"NIST_SP_800-53_R4_IR-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7(2)"},{"name":"NIST_SP_800-53_R4_IR-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7"},{"name":"NIST_SP_800-53_R4_IR-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-8"},{"name":"NIST_SP_800-53_R4_IR-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(1)"},{"name":"NIST_SP_800-53_R4_IR-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(2)"},{"name":"NIST_SP_800-53_R4_IR-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(3)"},{"name":"NIST_SP_800-53_R4_IR-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(4)"},{"name":"NIST_SP_800-53_R4_IR-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9"},{"name":"NIST_SP_800-53_R4_MA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-1"},{"name":"NIST_SP_800-53_R4_MA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-2(2)"},{"name":"NIST_SP_800-53_R4_MA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-2"},{"name":"NIST_SP_800-53_R4_MA-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(1)"},{"name":"NIST_SP_800-53_R4_MA-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(2)"},{"name":"NIST_SP_800-53_R4_MA-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(3)"},{"name":"NIST_SP_800-53_R4_MA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3"},{"name":"NIST_SP_800-53_R4_MA-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(2)"},{"name":"NIST_SP_800-53_R4_MA-4(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(3)"},{"name":"NIST_SP_800-53_R4_MA-4(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(6)"},{"name":"NIST_SP_800-53_R4_MA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4"},{"name":"NIST_SP_800-53_R4_MA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-5(1)"},{"name":"NIST_SP_800-53_R4_MA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-5"},{"name":"NIST_SP_800-53_R4_MA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-6"},{"name":"NIST_SP_800-53_R4_MP-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-1"},{"name":"NIST_SP_800-53_R4_MP-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-2"},{"name":"NIST_SP_800-53_R4_MP-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-3"},{"name":"NIST_SP_800-53_R4_MP-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-4"},{"name":"NIST_SP_800-53_R4_MP-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-5(4)"},{"name":"NIST_SP_800-53_R4_MP-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-5"},{"name":"NIST_SP_800-53_R4_MP-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(1)"},{"name":"NIST_SP_800-53_R4_MP-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(2)"},{"name":"NIST_SP_800-53_R4_MP-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(3)"},{"name":"NIST_SP_800-53_R4_MP-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6"},{"name":"NIST_SP_800-53_R4_MP-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-7(1)"},{"name":"NIST_SP_800-53_R4_MP-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-7"},{"name":"NIST_SP_800-53_R4_PE-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-1"},{"name":"NIST_SP_800-53_R4_PE-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-10"},{"name":"NIST_SP_800-53_R4_PE-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-11(1)"},{"name":"NIST_SP_800-53_R4_PE-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-11"},{"name":"NIST_SP_800-53_R4_PE-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-12"},{"name":"NIST_SP_800-53_R4_PE-13(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(1)"},{"name":"NIST_SP_800-53_R4_PE-13(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(2)"},{"name":"NIST_SP_800-53_R4_PE-13(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(3)"},{"name":"NIST_SP_800-53_R4_PE-13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13"},{"name":"NIST_SP_800-53_R4_PE-14(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-14(2)"},{"name":"NIST_SP_800-53_R4_PE-14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-14"},{"name":"NIST_SP_800-53_R4_PE-15(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-15(1)"},{"name":"NIST_SP_800-53_R4_PE-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-15"},{"name":"NIST_SP_800-53_R4_PE-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-16"},{"name":"NIST_SP_800-53_R4_PE-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-17"},{"name":"NIST_SP_800-53_R4_PE-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-18"},{"name":"NIST_SP_800-53_R4_PE-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-2"},{"name":"NIST_SP_800-53_R4_PE-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-3(1)"},{"name":"NIST_SP_800-53_R4_PE-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-3"},{"name":"NIST_SP_800-53_R4_PE-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-4"},{"name":"NIST_SP_800-53_R4_PE-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-5"},{"name":"NIST_SP_800-53_R4_PE-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6(1)"},{"name":"NIST_SP_800-53_R4_PE-6(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6(4)"},{"name":"NIST_SP_800-53_R4_PE-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6"},{"name":"NIST_SP_800-53_R4_PE-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-8(1)"},{"name":"NIST_SP_800-53_R4_PE-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-8"},{"name":"NIST_SP_800-53_R4_PE-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-9"},{"name":"NIST_SP_800-53_R4_PL-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-1"},{"name":"NIST_SP_800-53_R4_PL-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-2(3)"},{"name":"NIST_SP_800-53_R4_PL-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-2"},{"name":"NIST_SP_800-53_R4_PL-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-4(1)"},{"name":"NIST_SP_800-53_R4_PL-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-4"},{"name":"NIST_SP_800-53_R4_PL-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-8"},{"name":"NIST_SP_800-53_R4_PS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-1"},{"name":"NIST_SP_800-53_R4_PS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-2"},{"name":"NIST_SP_800-53_R4_PS-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-3(3)"},{"name":"NIST_SP_800-53_R4_PS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-3"},{"name":"NIST_SP_800-53_R4_PS-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-4(2)"},{"name":"NIST_SP_800-53_R4_PS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-4"},{"name":"NIST_SP_800-53_R4_PS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-5"},{"name":"NIST_SP_800-53_R4_PS-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-6"},{"name":"NIST_SP_800-53_R4_PS-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-7"},{"name":"NIST_SP_800-53_R4_PS-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-8"},{"name":"NIST_SP_800-53_R4_RA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-1"},{"name":"NIST_SP_800-53_R4_RA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-2"},{"name":"NIST_SP_800-53_R4_RA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-3"},{"name":"NIST_SP_800-53_R4_RA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(1)"},{"name":"NIST_SP_800-53_R4_RA-5(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(10)"},{"name":"NIST_SP_800-53_R4_RA-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(2)"},{"name":"NIST_SP_800-53_R4_RA-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(3)"},{"name":"NIST_SP_800-53_R4_RA-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(4)"},{"name":"NIST_SP_800-53_R4_RA-5(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(5)"},{"name":"NIST_SP_800-53_R4_RA-5(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(6)"},{"name":"NIST_SP_800-53_R4_RA-5(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(8)"},{"name":"NIST_SP_800-53_R4_RA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5"},{"name":"NIST_SP_800-53_R4_SA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-1"},{"name":"NIST_SP_800-53_R4_SA-10(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-10(1)"},{"name":"NIST_SP_800-53_R4_SA-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-10"},{"name":"NIST_SP_800-53_R4_SA-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(1)"},{"name":"NIST_SP_800-53_R4_SA-11(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(2)"},{"name":"NIST_SP_800-53_R4_SA-11(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(8)"},{"name":"NIST_SP_800-53_R4_SA-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11"},{"name":"NIST_SP_800-53_R4_SA-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-12"},{"name":"NIST_SP_800-53_R4_SA-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-15"},{"name":"NIST_SP_800-53_R4_SA-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-16"},{"name":"NIST_SP_800-53_R4_SA-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-17"},{"name":"NIST_SP_800-53_R4_SA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-2"},{"name":"NIST_SP_800-53_R4_SA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-3"},{"name":"NIST_SP_800-53_R4_SA-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(1)"},{"name":"NIST_SP_800-53_R4_SA-4(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(10)"},{"name":"NIST_SP_800-53_R4_SA-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(2)"},{"name":"NIST_SP_800-53_R4_SA-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(8)"},{"name":"NIST_SP_800-53_R4_SA-4(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(9)"},{"name":"NIST_SP_800-53_R4_SA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4"},{"name":"NIST_SP_800-53_R4_SA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-5"},{"name":"NIST_SP_800-53_R4_SA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-8"},{"name":"NIST_SP_800-53_R4_SA-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(1)"},{"name":"NIST_SP_800-53_R4_SA-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(2)"},{"name":"NIST_SP_800-53_R4_SA-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(4)"},{"name":"NIST_SP_800-53_R4_SA-9(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(5)"},{"name":"NIST_SP_800-53_R4_SA-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9"},{"name":"NIST_SP_800-53_R4_SC-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-1"},{"name":"NIST_SP_800-53_R4_SC-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-10"},{"name":"NIST_SP_800-53_R4_SC-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(1)"},{"name":"NIST_SP_800-53_R4_SC-12(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(2)"},{"name":"NIST_SP_800-53_R4_SC-12(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(3)"},{"name":"NIST_SP_800-53_R4_SC-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12"},{"name":"NIST_SP_800-53_R4_SC-13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-13"},{"name":"NIST_SP_800-53_R4_SC-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-15"},{"name":"NIST_SP_800-53_R4_SC-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-17"},{"name":"NIST_SP_800-53_R4_SC-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-18"},{"name":"NIST_SP_800-53_R4_SC-19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-19"},{"name":"NIST_SP_800-53_R4_SC-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-2"},{"name":"NIST_SP_800-53_R4_SC-20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-20"},{"name":"NIST_SP_800-53_R4_SC-21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-21"},{"name":"NIST_SP_800-53_R4_SC-22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-22"},{"name":"NIST_SP_800-53_R4_SC-23(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-23(1)"},{"name":"NIST_SP_800-53_R4_SC-23","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-23"},{"name":"NIST_SP_800-53_R4_SC-24","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-24"},{"name":"NIST_SP_800-53_R4_SC-28(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-28(1)"},{"name":"NIST_SP_800-53_R4_SC-28","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-28"},{"name":"NIST_SP_800-53_R4_SC-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-3"},{"name":"NIST_SP_800-53_R4_SC-39","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-39"},{"name":"NIST_SP_800-53_R4_SC-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-4"},{"name":"NIST_SP_800-53_R4_SC-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-5"},{"name":"NIST_SP_800-53_R4_SC-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-6"},{"name":"NIST_SP_800-53_R4_SC-7(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(10)"},{"name":"NIST_SP_800-53_R4_SC-7(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(12)"},{"name":"NIST_SP_800-53_R4_SC-7(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(13)"},{"name":"NIST_SP_800-53_R4_SC-7(18)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(18)"},{"name":"NIST_SP_800-53_R4_SC-7(20)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(20)"},{"name":"NIST_SP_800-53_R4_SC-7(21)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(21)"},{"name":"NIST_SP_800-53_R4_SC-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(3)"},{"name":"NIST_SP_800-53_R4_SC-7(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(4)"},{"name":"NIST_SP_800-53_R4_SC-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(5)"},{"name":"NIST_SP_800-53_R4_SC-7(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(7)"},{"name":"NIST_SP_800-53_R4_SC-7(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(8)"},{"name":"NIST_SP_800-53_R4_SC-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7"},{"name":"NIST_SP_800-53_R4_SC-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-8(1)"},{"name":"NIST_SP_800-53_R4_SC-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-8"},{"name":"NIST_SP_800-53_R4_SI-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-1"},{"name":"NIST_SP_800-53_R4_SI-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-10"},{"name":"NIST_SP_800-53_R4_SI-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-11"},{"name":"NIST_SP_800-53_R4_SI-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-12"},{"name":"NIST_SP_800-53_R4_SI-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-16"},{"name":"NIST_SP_800-53_R4_SI-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(1)"},{"name":"NIST_SP_800-53_R4_SI-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(2)"},{"name":"NIST_SP_800-53_R4_SI-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(3)"},{"name":"NIST_SP_800-53_R4_SI-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2"},{"name":"NIST_SP_800-53_R4_SI-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(1)"},{"name":"NIST_SP_800-53_R4_SI-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(2)"},{"name":"NIST_SP_800-53_R4_SI-3(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(7)"},{"name":"NIST_SP_800-53_R4_SI-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3"},{"name":"NIST_SP_800-53_R4_SI-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(1)"},{"name":"NIST_SP_800-53_R4_SI-4(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(11)"},{"name":"NIST_SP_800-53_R4_SI-4(14)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(14)"},{"name":"NIST_SP_800-53_R4_SI-4(16)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(16)"},{"name":"NIST_SP_800-53_R4_SI-4(18)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(18)"},{"name":"NIST_SP_800-53_R4_SI-4(19)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(19)"},{"name":"NIST_SP_800-53_R4_SI-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(2)"},{"name":"NIST_SP_800-53_R4_SI-4(20)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(20)"},{"name":"NIST_SP_800-53_R4_SI-4(22)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(22)"},{"name":"NIST_SP_800-53_R4_SI-4(23)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(23)"},{"name":"NIST_SP_800-53_R4_SI-4(24)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(24)"},{"name":"NIST_SP_800-53_R4_SI-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(4)"},{"name":"NIST_SP_800-53_R4_SI-4(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(5)"},{"name":"NIST_SP_800-53_R4_SI-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4"},{"name":"NIST_SP_800-53_R4_SI-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-5(1)"},{"name":"NIST_SP_800-53_R4_SI-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-5"},{"name":"NIST_SP_800-53_R4_SI-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-6"},{"name":"NIST_SP_800-53_R4_SI-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(1)"},{"name":"NIST_SP_800-53_R4_SI-7(14)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(14)"},{"name":"NIST_SP_800-53_R4_SI-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(2)"},{"name":"NIST_SP_800-53_R4_SI-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(5)"},{"name":"NIST_SP_800-53_R4_SI-7(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(7)"},{"name":"NIST_SP_800-53_R4_SI-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7"},{"name":"NIST_SP_800-53_R4_SI-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8(1)"},{"name":"NIST_SP_800-53_R4_SI-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8(2)"},{"name":"NIST_SP_800-53_R4_SI-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f","type":"Microsoft.Authorization/policySetDefinitions","name":"cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f"},{"properties":{"displayName":"[Preview]:
+ Audit FedRAMP High controls and deploy specific VM Extensions to support audit
+ requirements","policyType":"BuiltIn","description":"This initiative includes
+ audit and VM Extension deployment policies that address a subset of FedRAMP
+ H controls. Additional policies will be added in upcoming releases. For more
+ information, please visit https://aka.ms/fedramph-blueprint.","metadata":{"category":"Regulatory
+ Compliance","preview":true},"parameters":{"listOfAllowedLocationsForResourcesAndResourceGroups":{"type":"Array","metadata":{"displayName":"Allowed
+ locations for resources and resource groups","description":"This policy enables
+ you to restrict the locations your organization can create resource groups
+ in or deploy resources. Use to enforce your geo-compliance requirements. Excludes
+ resource groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources
+ that use the ''global'' region.","strongType":"location"}},"membersToIncludeInAdministratorsLocalGroup":{"type":"String","metadata":{"displayName":"Members
+ to be included in the Administrators local group","description":"A semicolon-separated
+ list of members that should be included in the Administrators local group.
+ Ex: Administrator; myUser1; myUser2"}},"membersToExcludeInAdministratorsLocalGroup":{"type":"String","metadata":{"displayName":"Members
+ that should be excluded in the Administrators local group","description":"A
+ semicolon-separated list of members that should be excluded in the Administrators
+ local group. Ex: Administrator; myUser1; myUser2"}},"logAnalyticsWorkspaceIdForVMs":{"type":"String","metadata":{"displayName":"Log
+ Analytics Workspace Id that VMs should be configured for","description":"This
+ is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured
+ for."}},"listOfResourceTypes":{"type":"Array","metadata":{"displayName":"List
+ of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerability
+ assessment should be enabled on your SQL managed instances","description":"Audit
+ SQL managed instances which do not have recurring vulnerability assessment
+ scans enabled. Vulnerability assessment can discover, track, and help you
+ remediate potential database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vulnerabilityAssessmentOnServerMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerability
+ assessment should be enabled on your SQL servers","description":"Audit Azure
+ SQL servers which do not have recurring vulnerability assessment scans enabled.
+ Vulnerability assessment can discover, track, and help you remediate potential
+ database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vulnerabilityAssessmentOnVirtualMachinesEffect":{"type":"String","metadata":{"displayName":"Vulnerability
+ Assessment should be enabled on Virtual Machines","description":"Monitors
+ vulnerabilities detected by Azure Security Center Vulnerability Assessment
+ on Virtual Machines"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"geoRedundancyEnabledForStorageAccountsEffect":{"type":"String","metadata":{"displayName":"Geo-redundant
+ storage should be enabled for Storage Accounts","description":"This policy
+ audits any Storage Account with geo-redundant storage not enabled."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"geoRedundancyEnabledForAzureDatabaseForMariaDBEffect":{"type":"String","metadata":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for MariaDB","description":"This
+ policy audits any Azure Database for MariaDB with geo-redundant backup not
+ enabled."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"geoRedundancyEnabledForAzureDatabaseForMySQLEffect":{"type":"String","metadata":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for MySQL","description":"This
+ policy audits any Azure Database for MySQL with geo-redundant backup not enabled."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"geoRedundancyEnabledForAzureDatabaseForPostgreSQLEffect":{"type":"String","metadata":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for PostgreSQL","description":"This
+ policy audits any Azure Database for PostgreSQL with geo-redundant backup
+ not enabled."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"adaptiveNetworkHardeningsMonitoringEffect":{"type":"String","metadata":{"displayName":"Network
+ Security Group Rules for Internet facing virtual machines should be hardened","description":"Enable
+ or disable the monitoring of Internet-facing virtual machines for Network
+ Security Group traffic hardening recommendations"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppEnforceHttpsMonitoringEffect":{"type":"String","metadata":{"displayName":"Web
+ Application should only be accessible over HTTPS","description":"Enable or
+ disable the monitoring of the use of HTTPS in Web App"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"functionAppEnforceHttpsMonitoringEffect":{"type":"String","metadata":{"displayName":"Function
+ App should only be accessible over HTTPS","description":"Enable or disable
+ the monitoring of the use of HTTPS in function App"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"External
+ accounts with write permissions should be removed from your subscription","description":"Enable
+ or disable the monitoring of external acounts with write permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"External
+ accounts with read permissions should be removed from your subscription","description":"Enable
+ or disable the monitoring of external acounts with read permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"External
+ accounts with owner permissions should be removed from your subscription","description":"Enable
+ or disable the monitoring of external acounts with owner permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"Deprecated
+ accounts with owner permissions should be removed from your subscription","description":"Enable
+ or disable the monitoring of deprecated acounts with owner permissions in
+ subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveDeprecatedAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Deprecated
+ accounts should be removed from your subscription","description":"Enable or
+ disable the monitoring of deprecated acounts in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppRestrictCORSAccessMonitoringEffect":{"type":"String","metadata":{"displayName":"CORS
+ should not allow every resource to access your Web Application","description":"Enable
+ or disable the monitoring of CORS restrictions for API Web"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vmssSystemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"System
+ updates on virtual machine scale sets should be installed","description":"Enable
+ or disable virtual machine scale sets reporting of system updates"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForReadPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled on accounts with read permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with read permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled on accounts with owner permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with owner permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForWritePermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled accounts with write permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with write permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect":{"type":"String","metadata":{"displayName":"Long-term
+ geo-redundant backup should be enabled for Azure SQL Databases","description":"This
+ policy audits any Azure SQL Database with long-term geo-redundant backup not
+ enabled."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"previewMonitorUnprotectedWebApplicationInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"deployRequirementsToAuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{}},{"policyDefinitionReferenceId":"auditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"auditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"serviceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"auditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"transparentDataEncryptionOnSqlDatabasesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"auditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{}},{"policyDefinitionReferenceId":"auditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a","parameters":{}},{"policyDefinitionReferenceId":"auditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de","parameters":{}},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"auditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"auditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"anAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesShouldBeRemediatedByAVulnerabilityAssessmentSolution","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"diskEncryptionShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesOnYourSqlDatabasesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"justInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"systemUpdatesShouldBeInstalledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"monitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmShouldNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditLinuxVmPasswdFilePermissions","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"endpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"previewShowAuditResultsFromWindowsVMsThatDoNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatAllowReUseOfThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLinuxVMsThatHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"dDoSProtectionStandardShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"thereShouldBeMoreThanOneOwnerAssignedToYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"aMaximumOf3OwnersShouldBeDesignatedForYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsAgentDeploymentInVmssVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsAgentDeploymentVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"apiAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"VulnerabilityAssessmentshouldbeenabledonVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnVirtualMachinesEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantStorageShouldBeEnabledForStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf045164-79ba-4215-8f95-f8048dc1780b","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForStorageAccountsEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMariaDB","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForMariaDBEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMySQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForMySQLEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgreSQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForPostgreSQLEffect'')]"}}},{"policyDefinitionReferenceId":"allowedLocationsForResourceGroups","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988","parameters":{"listOfAllowedLocations":{"value":"[parameters(''listOfAllowedLocationsForResourcesAndResourceGroups'')]"}}},{"policyDefinitionReferenceId":"allowedLocationsForResources","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","parameters":{"listOfAllowedLocations":{"value":"[parameters(''listOfAllowedLocationsForResourcesAndResourceGroups'')]"}}},{"policyDefinitionReferenceId":"deployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","parameters":{"membersToInclude":{"value":"[parameters(''membersToIncludeInAdministratorsLocalGroup'')]"}}},{"policyDefinitionReferenceId":"DeployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","parameters":{"membersToExclude":{"value":"[parameters(''membersToExcludeInAdministratorsLocalGroup'')]"}}},{"policyDefinitionReferenceId":"auditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdForVMs'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"longtermGeoRedundantBackupEnabledAzureSQLDatabases","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","parameters":{"effect":{"value":"[parameters(''longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/d5264498-16f4-418a-b659-fa7ef418175f","type":"Microsoft.Authorization/policySetDefinitions","name":"d5264498-16f4-418a-b659-fa7ef418175f"},{"properties":{"displayName":"[Preview]:
Audit Windows VMs that do not match Azure security baseline settings","policyType":"BuiltIn","description":"This
initiative deploys the policy requirements and audits Windows virtual machines
with non-compliant Azure security baseline configurations. For more information
@@ -1268,7 +1561,23 @@ interactions:
names (supports wildcards)","description":"A semicolon-separated list of the
names of the applications that should not be installed. e.g. ''Microsoft SQL
Server 2014 (64-bit); Microsoft Visual Studio Code'' or ''Microsoft SQL Server
- 2014*'' (to match any application starting with ''Microsoft SQL Server 2014'')"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_NotInstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2","parameters":{"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}}},{"policyDefinitionReferenceId":"Audit_NotInstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/d7fff7ea-9d47-4952-b854-b7da261e48f2","type":"Microsoft.Authorization/policySetDefinitions","name":"d7fff7ea-9d47-4952-b854-b7da261e48f2"},{"properties":{"displayName":"Audit
+ 2014*'' (to match any application starting with ''Microsoft SQL Server 2014'')"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_NotInstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2","parameters":{"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}}},{"policyDefinitionReferenceId":"Audit_NotInstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/d7fff7ea-9d47-4952-b854-b7da261e48f2","type":"Microsoft.Authorization/policySetDefinitions","name":"d7fff7ea-9d47-4952-b854-b7da261e48f2"},{"properties":{"displayName":"[Preview]:
+ Audit FedRAMP Moderate controls and deploy specific VM Extensions to support
+ audit requirements","policyType":"BuiltIn","description":"This initiative
+ includes audit and VM Extension deployment policies that address a subset
+ of FedRAMP M controls. Additional policies will be added in upcoming releases.
+ For more information, please visit https://aka.ms/fedrampm-blueprint.","metadata":{"category":"Regulatory
+ Compliance"},"parameters":{"logAnalyticsWorkspaceId":{"type":"String","metadata":{"displayName":"Log
+ Analytics Workspace Id that VMs should be configured for","description":"This
+ is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured
+ for."}},"listOfResourceTypes":{"type":"Array","metadata":{"displayName":"List
+ of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"membersToExclude":{"type":"String","metadata":{"displayName":"Members
+ to exclude","description":"A semicolon-separated list of members that should
+ be excluded in the Administrators local group. Ex: Administrator; myUser1;
+ myUser2"}},"membersToInclude":{"type":"String","metadata":{"displayName":"Members
+ to include","description":"A semicolon-separated list of members that should
+ be included in the Administrators local group. Ex: Administrator; myUser1;
+ myUser2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"MfaShouldBeEnabledOnAccountsWithOwnerPermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"MFAShouldBeEnabledOnAccountsWithReadPermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"MfaShouldBeEnabledAccountsWithWritePermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"SystemUpdatesOnVirtualMachineScaleSetsShouldBeInstalled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{}},{"policyDefinitionReferenceId":"CorsShouldNotAllowEveryResourceToAccessYourWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{}},{"policyDefinitionReferenceId":"DeprecatedAccountsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"DeprecatedAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithReadPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithWritePermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"FunctionAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"WebApplicationShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"ApiAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVmssVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"AMaximumOf3OwnersShouldBeDesignatedForYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"ThereShouldBeMoreThanOneOwnerAssignedToYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"DDoSProtectionStandardShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatAllowReUseOfThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"PreviewShowAuditResultsFromWindowsVMsThatDoNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6","parameters":{}},{"policyDefinitionReferenceId":"EndpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditLinuxVMsThatHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditWindowsVMsThatAllowReUseOfThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployPrerequisitesToAuditWindowsVMsThatDoNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","parameters":{}},{"policyDefinitionReferenceId":"NetworkSecurityGroupRulesForInternetFacingVirtualMachinesShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"MonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"SystemUpdatesShouldBeInstalledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"AdaptiveApplicationControlsShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"JustInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesOnYourSqlDatabasesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"DiskEncryptionShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesShouldBeRemediatedByAVulnerabilityAssessmentSolution","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes'')]"}}},{"policyDefinitionReferenceId":"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AnAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AdvancedDataSecurityShouldBeEnabledOnYourManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"AuditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"AdvancedDataSecurityShouldBeEnabledOnYourSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de","parameters":{}},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a","parameters":{}},{"policyDefinitionReferenceId":"AuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{}},{"policyDefinitionReferenceId":"TransparentDataEncryptionOnSqlDatabasesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"ServiceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"DeployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","parameters":{"membersToExclude":{"value":"[parameters(''membersToExclude'')]"}}},{"policyDefinitionReferenceId":"DeployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","parameters":{"membersToInclude":{"value":"[parameters(''membersToInclude'')]"}}},{"policyDefinitionReferenceId":"DeployRequirementsToAuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{}},{"policyDefinitionReferenceId":"TheNsGsRulesForWebApplicationsOnIaaSShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceId'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/e95f5a9f-57ad-4d03-bb0b-b1d16db93693","type":"Microsoft.Authorization/policySetDefinitions","name":"e95f5a9f-57ad-4d03-bb0b-b1d16db93693"},{"properties":{"displayName":"Audit
Windows VMs that do not have the specified Windows PowerShell execution policy","policyType":"BuiltIn","description":"This
initiative deploys the policy requirements and audits Windows virtual machines
where Windows PowerShell is not configured to use the specified PowerShell
@@ -1281,18 +1590,17 @@ interactions:
Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration"},"parameters":{"ApplicationName":{"type":"String","metadata":{"displayName":"Application
names","description":"A semicolon-separated list of the names of the applications
- that should not be installed. e.g. ''python; powershell''"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_NotInstalledApplicationLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0","parameters":{"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}}},{"policyDefinitionReferenceId":"Audit_NotInstalledApplicationLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/f48bcc78-5400-4fb0-b913-5140a2e5fa20","type":"Microsoft.Authorization/policySetDefinitions","name":"f48bcc78-5400-4fb0-b913-5140a2e5fa20"},{"properties":{"displayName":"EM
- - Deploy Advanced Data Security on SQL servers","policyType":"Custom","metadata":{"category":"CSS","createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-08-27T17:19:58.6797315Z","updatedBy":null,"updatedOn":null},"parameters":{},"policyDefinitions":[{"policyDefinitionReferenceId":"3773989704580610944","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6","parameters":{}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/29044f17-dbcd-4ff8-9508-9e76dd7d7462","type":"Microsoft.Authorization/policySetDefinitions","name":"29044f17-dbcd-4ff8-9508-9e76dd7d7462"},{"properties":{"displayName":"Audit
- tags","policyType":"Custom","policyDefinitions":[{"policyDefinitionReferenceId":"10813782128107244105","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/audit-tags.shouldBePerfTest"},{"policyDefinitionReferenceId":"7905866564202904301","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/audit-tags.shouldBeUnitTest"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/audit-tags","type":"Microsoft.Authorization/policySetDefinitions","name":"audit-tags"},{"properties":{"displayName":"test_policyset000007_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-11T21:56:43.2492219Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-11T21:56:44.6968178Z"},"policyDefinitions":[{"policyDefinitionReferenceId":"800384065607876238","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"5698725340126492926","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000006"}]}'
+ that should not be installed. e.g. ''python; powershell''"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_NotInstalledApplicationLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0","parameters":{"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}}},{"policyDefinitionReferenceId":"Audit_NotInstalledApplicationLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/f48bcc78-5400-4fb0-b913-5140a2e5fa20","type":"Microsoft.Authorization/policySetDefinitions","name":"f48bcc78-5400-4fb0-b913-5140a2e5fa20"},{"properties":{"displayName":"Test
+ Modify initiative","policyType":"Custom","metadata":{"createdBy":"0dc80135-ae53-4da3-8695-220a2d93aad8","createdOn":"2019-08-29T00:36:36.3227701Z","updatedBy":"0dc80135-ae53-4da3-8695-220a2d93aad8","updatedOn":"2019-08-29T00:44:27.7479878Z"},"parameters":{},"policyDefinitions":[{"policyDefinitionReferenceId":"8044870099827093134","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","parameters":{}},{"policyDefinitionReferenceId":"2352795843478363616","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/robgaTestModify","parameters":{}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/55afae72-7df0-417b-9eb7-f756576c854a","type":"Microsoft.Authorization/policySetDefinitions","name":"55afae72-7df0-417b-9eb7-f756576c854a"},{"properties":{"displayName":"test_policyset000007_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T22:30:16.9649536Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T22:30:19.416943Z"},"policyDefinitions":[{"policyDefinitionReferenceId":"15292011381361584879","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"5774214427163382764","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000006"}]}'
headers:
cache-control:
- no-cache
content-length:
- - '314394'
+ - '646552'
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:56:45 GMT
+ - Fri, 06 Dec 2019 22:30:20 GMT
expires:
- '-1'
pragma:
@@ -1322,24 +1630,24 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policyset000007_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-11T21:56:43.2492219Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-11T21:56:44.6968178Z"},"policyDefinitions":[{"policyDefinitionReferenceId":"800384065607876238","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"5698725340126492926","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000006"}'
+ string: '{"properties":{"displayName":"test_policyset000007_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T22:30:16.9649536Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T22:30:19.416943Z"},"policyDefinitions":[{"policyDefinitionReferenceId":"15292011381361584879","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"5774214427163382764","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000006"}'
headers:
cache-control:
- no-cache
content-length:
- - '1104'
+ - '1105'
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:56:46 GMT
+ - Fri, 06 Dec 2019 22:30:21 GMT
expires:
- '-1'
pragma:
@@ -1369,24 +1677,24 @@ interactions:
ParameterSetName:
- -d -n --display-name -g
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policyset000007_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-11T21:56:43.2492219Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-11T21:56:44.6968178Z"},"policyDefinitions":[{"policyDefinitionReferenceId":"800384065607876238","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"5698725340126492926","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000006"}'
+ string: '{"properties":{"displayName":"test_policyset000007_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T22:30:16.9649536Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T22:30:19.416943Z"},"policyDefinitions":[{"policyDefinitionReferenceId":"15292011381361584879","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"5774214427163382764","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000006"}'
headers:
cache-control:
- no-cache
content-length:
- - '1104'
+ - '1105'
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:56:46 GMT
+ - Fri, 06 Dec 2019 22:30:22 GMT
expires:
- '-1'
pragma:
@@ -1423,15 +1731,15 @@ interactions:
ParameterSetName:
- -d -n --display-name -g
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policyset000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000008?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policyset000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000008?api-version=2019-09-01
response:
body:
- string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"test_assignment000009","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policyset000001","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-11T21:56:46.9974964Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policyset000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000008","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000008"}'
+ string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"test_assignment000009","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policyset000001","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T22:30:23.6163367Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policyset000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000008","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000008"}'
headers:
cache-control:
- no-cache
@@ -1440,7 +1748,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:56:46 GMT
+ - Fri, 06 Dec 2019 22:30:23 GMT
expires:
- '-1'
pragma:
@@ -1450,7 +1758,7 @@ interactions:
x-content-type-options:
- nosniff
x-ms-ratelimit-remaining-subscription-writes:
- - '1199'
+ - '1198'
status:
code: 201
message: Created
@@ -1470,15 +1778,15 @@ interactions:
ParameterSetName:
- -n -g
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: DELETE
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policyset000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000008?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policyset000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000008?api-version=2019-09-01
response:
body:
- string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"test_assignment000009","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policyset000001","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-11T21:56:46.9974964Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policyset000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000008","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000008"}'
+ string: '{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"test_assignment000009","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policyset000001","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T22:30:23.6163367Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policyset000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000008","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000008"}'
headers:
cache-control:
- no-cache
@@ -1487,7 +1795,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:56:47 GMT
+ - Fri, 06 Dec 2019 22:30:24 GMT
expires:
- '-1'
pragma:
@@ -1519,48 +1827,46 @@ interactions:
ParameterSetName:
- --disable-scope-strict-match
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments?api-version=2019-09-01
response:
body:
- string: '{"value":[{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"EM
- - Deploy Advanced Data Security on SQL servers","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/29044f17-dbcd-4ff8-9508-9e76dd7d7462","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"description":"","metadata":{"assignedBy":"Sandip
- Shahane","parameterScopes":{},"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-08-27T17:20:35.6915066Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-03T23:55:10.085408Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"95e2781a-2ad5-455a-8000-02acdb0ee77d","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/3d2a442d40524196b8fd7dc7","type":"Microsoft.Authorization/policyAssignments","name":"3d2a442d40524196b8fd7dc7","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"EM
- - Deploy Advanced Data Security on SQL servers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"description":"","metadata":{"assignedBy":"Sandip
- Shahane","parameterScopes":{},"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-08-05T23:39:07.4803303Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-03T23:15:13.7247168Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"4a507e4a-7924-4e4b-b1c8-d9262d8136bc","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/4350056039914afd8e15a322","type":"Microsoft.Authorization/policyAssignments","name":"4350056039914afd8e15a322","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"EM
- - Diagnostic logs in Key Vault should be enabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"description":"","metadata":{"assignedBy":"Sandip
- Shahane","parameterScopes":{},"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-08-05T23:33:49.256093Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-04T00:25:57.4933757Z"},"enforcementMode":"DoNotEnforce"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/8550b144d33b4f5b8fee28b5","type":"Microsoft.Authorization/policyAssignments","name":"8550b144d33b4f5b8fee28b5"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Diagnostic
- logs in Key Vault should be enabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Sandip
- Shahane","parameterScopes":{},"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-08-05T23:33:32.4535073Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/96dbe57cce5c4513a5366b1c","type":"Microsoft.Authorization/policyAssignments","name":"96dbe57cce5c4513a5366b1c"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Deploy
- Advanced Data Security on SQL servers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Sandip
- Shahane","parameterScopes":{},"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-08-05T23:38:50.3438318Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-08-26T19:55:37.4449707Z"},"enforcementMode":"Default"},"identity":{"principalId":"64f2ce47-849a-4587-afb3-3dc011037096","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/a10235c6e3164c90a2774803","type":"Microsoft.Authorization/policyAssignments","name":"a10235c6e3164c90a2774803","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"GOKMENH
- Test Incident","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/gokmenhTestDefinition","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":["/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/az-cli-policy-insights-test"],"parameters":{"tagName":{"value":"productName"}},"description":"GOKMENH
- test MG take 2","metadata":{"createdBy":"611684ad-7140-4124-b482-8d031bdc553e","createdOn":"2019-06-13T16:04:47.2740504Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-10T19:21:06.2860733Z","parameterScopes":{},"assignedBy":"Sandip
- Shahane"},"enforcementMode":"DoNotEnforce"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/gokmenhPolicyAssignment","type":"Microsoft.Authorization/policyAssignments","name":"gokmenhPolicyAssignment"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"ASC
- Default (subscription: 6e96e86b-389d-47df-926f-699d040c58f7)","policyDefinitionId":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","parameters":{},"description":"This
- is the default set of policies monitored by Azure Security Center. It was
- automatically assigned as part of onboarding to Security Center. The default
- assignment contains only audit policies. For more information please visit
- https://aka.ms/ascpolicies","metadata":{"assignedBy":"Security Center","createdBy":"6878917f-bc1d-4e4e-bb24-12924205b215","createdOn":"2019-02-19T21:00:49.9837993Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn","type":"Microsoft.Authorization/policyAssignments","name":"SecurityCenterBuiltIn"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"borgetTestPolicy","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/borgetTestPolicy","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/CSSTagVM","notScopes":[],"parameters":{"tagName":{"value":"Test"},"tagValue":{"value":"VM"}},"metadata":{"assignedBy":"Sandip
- Shahane","parameterScopes":{},"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-10T19:45:46.5396997Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/CSSTagVM/providers/Microsoft.Authorization/policyAssignments/f67dfe226ae44dcd94f5e7c2","type":"Microsoft.Authorization/policyAssignments","name":"f67dfe226ae44dcd94f5e7c2"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Deploy
- prerequisites to audit Windows VMs that do not have the specified Windows
- PowerShell execution policy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e0efc13a-122a-47c5-b817-2ccfe5d12615","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/az-cli-policy-insights-test","notScopes":[],"parameters":{"ExecutionPolicy":{"value":"Restricted"}},"metadata":{"assignedBy":"Sandip
- Shahane","parameterScopes":{},"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-10T19:22:58.0436328Z","updatedBy":null,"updatedOn":null},"enforcementMode":"Default"},"identity":{"principalId":"24b25701-4dc9-4640-87c6-084146488688","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/az-cli-policy-insights-test/providers/Microsoft.Authorization/policyAssignments/cd7ac64c77ec441dbff7af7c","type":"Microsoft.Authorization/policyAssignments","name":"cd7ac64c77ec441dbff7af7c","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"jilim
- audit subscriptions without security contacts","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/67d90168-f067-43df-bd57-bca4b46df3a0","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","notScopes":[],"parameters":{},"description":"1","metadata":{"assignedBy":"Jin
- Soon Lim","parameterScopes":{},"createdBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","createdOn":"2019-06-07T21:02:59.4330616Z","updatedBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","updatedOn":"2019-06-07T21:12:59.8524735Z"},"enforcementMode":"Default"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyAssignments/ce3fe2b4e1744039bed1d6a2","type":"Microsoft.Authorization/policyAssignments","name":"ce3fe2b4e1744039bed1d6a2","location":"eastus"}]}'
+ string: '{"value":[{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Test
+ Modify initiative","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/55afae72-7df0-417b-9eb7-f756576c854a","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"description":"","metadata":{"assignedBy":"Robert
+ Gao","parameterScopes":{},"createdBy":"0dc80135-ae53-4da3-8695-220a2d93aad8","createdOn":"2019-08-29T00:36:56.3908822Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-11T22:00:41.5492656Z"},"enforcementMode":"Default"},"identity":{"principalId":"48036e81-a2af-4e6c-9624-4908615cc36d","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/3cf2c941d7b2418ca7b860e2","type":"Microsoft.Authorization/policyAssignments","name":"3cf2c941d7b2418ca7b860e2","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"chegg
+ replace tag RG","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d157c373-a6c4-483d-aaad-570756956268","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{"tagName":{"value":"cheggReplaced"},"tagValue":{"value":"true_112019_246PM"}},"description":"","metadata":{"assignedBy":"Chris
+ Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-06T23:26:56.0841235Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-20T22:46:27.8117346Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"9f6b0b38-d4b1-43d7-9ec8-4905306fe6fa","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/98a7c096f5154b8eadd36f8c","type":"Microsoft.Authorization/policyAssignments","name":"98a7c096f5154b8eadd36f8c","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"[Preview]:
+ Audit NIST SP 800-53 R4 controls and deploy specific VM Extensions to support
+ audit requirements","policyDefinitionId":"/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{"logAnalyticsWorkspaceIdforVMReporting":{"value":"fasdff"},"listOfResourceTypesWithDiagnosticLogsEnabled":{"value":["Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"listOfMembersToExcludeFromWindowsVMAdministratorsGroup":{"value":"cheggert"},"listOfMembersToIncludeInWindowsVMAdministratorsGroup":{"value":"rohitbh"}},"description":"This
+ initiative includes audit and VM Extension deployment policies that address
+ a subset of NIST SP 800-53 R4 controls. Additional policies will be added
+ in upcoming releases. For more information, please visit https://aka.ms/nist80053-blueprint.","metadata":{"assignedBy":"Chris
+ Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-20T22:11:26.047177Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-22T04:20:25.4141918Z"},"enforcementMode":"Default"},"identity":{"principalId":"c7519ca7-0d79-4b0f-af0b-0a4cfe3402d0","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/d17bc2764dae4ec1be07d178","type":"Microsoft.Authorization/policyAssignments","name":"d17bc2764dae4ec1be07d178","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"rohitbh:
+ Key vault access policy (Always give Joel access)","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3863c624-094c-480d-bc42-74970b55e5e1","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{"userObjectId":{"value":"644c17f7-2b49-4549-a67f-bcc0448cd850"}},"description":"Assignment
+ description","metadata":{"assignedBy":"Rohit Bhardwaj","parameterScopes":{},"createdBy":"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e","createdOn":"2019-03-26T00:12:03.5422031Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-12T22:23:50.9933459Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"f12ee62c-35e6-45ec-b44b-13587ca23514","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/ebccc544c4dd43d29c937f0c","type":"Microsoft.Authorization/policyAssignments","name":"ebccc544c4dd43d29c937f0c","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"chegg:
+ Replace tag without becoming compliant","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/270f0d11-af30-4c15-95f7-28ba884518f0","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Chris
+ Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-21T00:28:49.7568462Z","updatedBy":null,"updatedOn":null},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"8b9d526a-9e43-4d1b-8bfe-cfe4d90f3b58","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/ee5909f9ee3f4c12bbed6efc","type":"Microsoft.Authorization/policyAssignments","name":"ee5909f9ee3f4c12bbed6efc","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Empty
+ deployment on each KeyVault resource (SUB)","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/78a38c70-5549-49bd-8a16-fe3619e5d2cf","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"description":"Deploys
+ an empty deployment (with one output) on each KeyVault vault. Used for some
+ PolicyInsights SDK tests.","metadata":{"assignedBy":"Chris Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-21T17:43:53.4694168Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-21T17:44:38.1610927Z"},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"dfd2385a-7700-420f-b164-bd9ffb52285b","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/fcddeb6113ec43798567dce2","type":"Microsoft.Authorization/policyAssignments","name":"fcddeb6113ec43798567dce2","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Empty
+ deployment on each KeyVault resource (MG)","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/78a38c70-5549-49bd-8a16-fe3619e5d2cf","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","notScopes":[],"parameters":{},"description":"Deploys
+ an empty deployment (with one output) on each KeyVault vault. Used for some
+ PolicyInsights SDK tests.","metadata":{"assignedBy":"Chris Eggert","parameterScopes":{},"createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-21T17:44:17.3643721Z","updatedBy":null,"updatedOn":null},"enforcementMode":"DoNotEnforce"},"identity":{"principalId":"067c1aa0-c425-4ad5-80fe-41d4639b1d42","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","type":"SystemAssigned"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyAssignments/d80d743b97874fd3bfd1d539","type":"Microsoft.Authorization/policyAssignments","name":"d80d743b97874fd3bfd1d539","location":"eastus"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Audit
+ tag at MG","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/03ae6c12-b46a-43f1-9f3d-c20620473106","scope":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest","notScopes":["/subscriptions/00000000-0000-0000-0000-000000000000"],"parameters":{},"metadata":{"assignedBy":"Chris
+ Eggert","parameterScopes":{},"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-19T21:02:48.2629834Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-10-01T17:50:28.4254014Z"},"enforcementMode":"Default"},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyAssignments/ef26e8bbc3da423ebf7fcb80","type":"Microsoft.Authorization/policyAssignments","name":"ef26e8bbc3da423ebf7fcb80"}]}'
headers:
cache-control:
- no-cache
content-length:
- - '9602'
+ - '10632'
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:56:48 GMT
+ - Fri, 06 Dec 2019 22:30:25 GMT
expires:
- '-1'
pragma:
@@ -1592,24 +1898,24 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: DELETE
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policyset000007_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-11T21:56:43.2492219Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-11T21:56:44.6968178Z"},"policyDefinitions":[{"policyDefinitionReferenceId":"800384065607876238","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"5698725340126492926","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000006"}'
+ string: '{"properties":{"displayName":"test_policyset000007_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T22:30:16.9649536Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T22:30:19.416943Z"},"policyDefinitions":[{"policyDefinitionReferenceId":"15292011381361584879","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"5774214427163382764","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000006"}'
headers:
cache-control:
- no-cache
content-length:
- - '1104'
+ - '1105'
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:56:50 GMT
+ - Fri, 06 Dec 2019 22:30:27 GMT
expires:
- '-1'
pragma:
@@ -1639,12 +1945,12 @@ interactions:
Connection:
- keep-alive
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions?api-version=2019-09-01
response:
body:
string: '{"value":[{"properties":{"displayName":"Audit Windows VMs in which
@@ -1687,7 +1993,11 @@ interactions:
a subset of CIS Microsoft Azure Foundations Benchmark recommendations. Additional
policies will be added in upcoming releases. For more information, please
visit https://aka.ms/cisazure-blueprint.","metadata":{"category":"Regulatory
- Compliance"},"parameters":{},"policyDefinitions":[{"policyDefinitionReferenceId":"CISv110x1x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x1m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x3CISv110x7x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x5CISv110x7x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x6CISv110x7x1CISv110x7x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x15CISv110x4x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x5m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x10m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{}},{"policyDefinitionReferenceId":"CISv110x8x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1a5bb27d-173f-493e-9568-eb56638dde4d","type":"Microsoft.Authorization/policySetDefinitions","name":"1a5bb27d-173f-493e-9568-eb56638dde4d"},{"properties":{"displayName":"[Preview]:
+ Compliance"},"parameters":{"listOfRegionsWhereNetworkWatcherShouldBeEnabled":{"type":"Array","metadata":{"displayName":"List
+ of regions where Network Watcher should be enabled","description":"To see
+ a complete list of regions use Get-AzLocation","strongType":"location"},"defaultValue":["eastus"]},"listOfApprovedVMExtensions":{"type":"Array","metadata":{"displayName":"List
+ of virtual machine extensions that are approved for use","description":"To
+ see a complete list of virtual machine extensions, use Get-AzVMExtensionImage"},"defaultValue":["AzureDiskEncryption","AzureDiskEncryptionForLinux","DependencyAgentWindows","DependencyAgentLinux","IaaSAntimalware","IaaSDiagnostics","LinuxDiagnostic","MicrosoftMonitoringAgent","NetworkWatcherAgentLinux","NetworkWatcherAgentWindows","OmsAgentForLinux","VMSnapshot","VMSnapshotLinux"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"CISv110x1x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x1m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x23","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1181c5f-672a-477a-979a-7d58aa086233","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x3CISv110x7x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x5CISv110x7x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x6CISv110x7x1CISv110x7x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x9m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x13","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x14CISv110x4x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x15CISv110x4x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x16","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x17","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x18","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x19","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x4m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x5m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x6m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x7m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x10m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x11","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x13","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x14","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e442","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x15","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e446","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x16","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e8f3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x17","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{}},{"policyDefinitionReferenceId":"CISv110x6x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfRegionsWhereNetworkWatcherShouldBeEnabled'')]"}}},{"policyDefinitionReferenceId":"CISv110x7x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","parameters":{}},{"policyDefinitionReferenceId":"CISv110x7x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432","parameters":{"approvedExtensions":{"value":"[parameters(''listOfApprovedVMExtensions'')]"}}},{"policyDefinitionReferenceId":"CISv110x8x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","parameters":{}},{"policyDefinitionReferenceId":"CISv110x8x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x3m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x3mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x4m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x4mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86d97760-d216-4d81-a3ad-163087b2b6c3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x5m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0473e7a-a1ba-4e86-afb2-e829e11b01d8","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x5mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa81768c-cb87-4ce2-bfaa-00baa10d760c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c2e7ca55-f62c-49b2-89a4-d41eb661d2f0","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x6m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10c1859c-e1a7-4df3-ab97-a487fa8059f6","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x6mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/843664e0-7563-41ee-a9cb-7522c382d2c4","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x7m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ab965db2-d2bf-4b64-8b39-c38ec8179461","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x7mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x8m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x8mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x9m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x9mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x10m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x10mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1a5bb27d-173f-493e-9568-eb56638dde4d","type":"Microsoft.Authorization/policySetDefinitions","name":"1a5bb27d-173f-493e-9568-eb56638dde4d"},{"properties":{"displayName":"[Preview]:
Enable Monitoring in Azure Security Center","policyType":"BuiltIn","description":"Monitor
all the available security recommendations in Azure Security Center. This
is the default policy for Azure Security Center.","metadata":{"category":"Security
@@ -1753,7 +2063,7 @@ interactions:
retention (in days) for logs in Batch accounts","description":"The required
diagnostic logs retention period in days"},"defaultValue":"365"},"metricAlertsInBatchAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Metric
alert rules should be configured on Batch accounts","description":"Enable
- or disable the monitoring of metric alerts in Batch accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"classicComputeVMsMonitoringEffect":{"type":"String","metadata":{"displayName":"Virtual
+ or disable the monitoring of metric alerts in Batch accounts","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"classicComputeVMsMonitoringEffect":{"type":"String","metadata":{"displayName":"Virtual
machines should be migrated to new Azure Resource Manager resources","description":"Enable
or disable the monitoring of classic compute VMs"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"classicStorageAccountsMonitoringEffect":{"type":"String","metadata":{"displayName":"Storage
accounts should be migrated to new Azure Resource Manager resources","description":"Enable
@@ -1852,7 +2162,25 @@ interactions:
debugging should be turned off for Function App","description":"Enable or
disable the monitoring of remote debugging for Function App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppDisableRemoteDebuggingMonitoringEffect":{"type":"String","metadata":{"displayName":"Remote
debugging should be turned off for Web Application","description":"Enable
- or disable the monitoring of remote debugging for Web App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppDisableWebSocketsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
+ or disable the monitoring of remote debugging for Web App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppAuditFtpsMonitoringEffect":{"type":"String","metadata":{"displayName":"FTPS
+ should be required in your API App","description":"Enable FTPS enforcement
+ for enhanced security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"functionAppAuditFtpsMonitoringEffect":{"type":"String","metadata":{"displayName":"FTPS
+ should be required in your Function App","description":"Enable FTPS enforcement
+ for enhanced security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppAuditFtpsMonitoringEffect":{"type":"String","metadata":{"displayName":"FTPS
+ should be required in your Web App","description":"Enable FTPS enforcement
+ for enhanced security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppUseManagedIdentityMonitoringEffect":{"type":"String","metadata":{"displayName":"A
+ managed identity should be used in your API App","description":"Use a managed
+ identity for enhanced authentication security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"functionAppUseManagedIdentityMonitoringEffect":{"type":"String","metadata":{"displayName":"A
+ managed identity should be used in your Function App","description":"Use a
+ managed identity for enhanced authentication security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppUseManagedIdentityMonitoringEffect":{"type":"String","metadata":{"displayName":"A
+ managed identity should be used in your Web App","description":"Use a managed
+ identity for enhanced authentication security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppRequireLatestTlsMonitoringEffect":{"type":"String","metadata":{"displayName":"Latest
+ TLS version should be used in your API App","description":"Upgrade to the
+ latest TLS version"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"functionAppRequireLatestTlsMonitoringEffect":{"type":"String","metadata":{"displayName":"Latest
+ TLS version should be used in your Function App","description":"Upgrade to
+ the latest TLS version"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppRequireLatestTlsMonitoringEffect":{"type":"String","metadata":{"displayName":"Latest
+ TLS version should be used in your Web App","description":"Upgrade to the
+ latest TLS version"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppDisableWebSocketsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
disable web sockets for API App","description":"[Deprecated] Enable or disable
the monitoring of web sockets for API App","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"functionAppDisableWebSocketsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
disable web sockets for Function App","description":"[Deprecated] Enable or
@@ -1978,7 +2306,11 @@ interactions:
and control over the TDE Protector, increased security with an HSM-backed
external service, and promotion of separation of duties."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"containerBenchmarkMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities
in container security configurations should be remediated","description":"Enable
- or disable container benchmark monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssEndpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{"effect":{"value":"[parameters(''vmssEndpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInIoTHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInIoTHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInIoTHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceFabricMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"accessRulesInEventHubNamespaceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","parameters":{"effect":{"value":"[parameters(''accessRulesInEventHubNamespaceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"accessRulesInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d","parameters":{"effect":{"value":"[parameters(''accessRulesInEventHubMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"useRbacRulesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{"effect":{"value":"[parameters(''useRbacRulesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInStreamAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"secureTransferToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''secureTransferToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInSqlServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInSqlServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"namespaceAuthorizationRulesInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","parameters":{"effect":{"value":"[parameters(''namespaceAuthorizationRulesInServiceBusMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceBusMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInServiceBusRetentionDays'')]"}}},{"policyDefinitionReferenceId":"clusterProtectionLevelInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{"effect":{"value":"[parameters(''clusterProtectionLevelInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInSearchServiceRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInRedisCacheMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInRedisCacheMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInLogicAppsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInLogicAppsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInLogicAppsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInKeyVaultMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInKeyVaultMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInKeyVaultRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInEventHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInEventHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeStoreMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"classicStorageAccountsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{"effect":{"value":"[parameters(''classicStorageAccountsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"classicComputeVMsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''classicComputeVMsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"metricAlertsInBatchAccountPoolDeleteStart","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","parameters":{"effect":{"value":"[parameters(''metricAlertsInBatchAccountMonitoringEffect'')]"},"metricName":{"value":"PoolDeleteStartEvent"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInBatchAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInBatchAccountMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInBatchAccountRetentionDays'')]"}}},{"policyDefinitionReferenceId":"encryptionOfAutomationAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{"effect":{"value":"[parameters(''encryptionOfAutomationAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSelectiveAppServicesMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSelectiveAppServicesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''sqlDbEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAuditingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAuditingActionsAndGroupsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingActionsAndGroupsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"SqlServerAuditingRetentionDaysMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{"effect":{"value":"[parameters(''SqlServerAuditingRetentionDaysMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnSubnetsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnSubnetsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnVirtualMachinesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemConfigurationsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{"effect":{"value":"[parameters(''systemConfigurationsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"endpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{"effect":{"value":"[parameters(''endpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"serverVulnerabilityAssessment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''serverVulnerabilityAssessmentEffect'')]"}}},{"policyDefinitionReferenceId":"webApplicationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{"effect":{"value":"[parameters(''webApplicationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''nextGenerationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''sqlDbVulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbDataClassificationMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349","parameters":{"effect":{"value":"[parameters(''sqlDbDataClassificationMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateLessThanOwnersMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{"effect":{"value":"[parameters(''identityDesignateLessThanOwnersMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateMoreThanOneOwnerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{"effect":{"value":"[parameters(''identityDesignateMoreThanOneOwnerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''apiAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{"effect":{"value":"[parameters(''functionAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''webAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''apiAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"apiAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","parameters":{"effect":{"value":"[parameters(''apiAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5","parameters":{"effect":{"value":"[parameters(''functionAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vnetEnableDDoSProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{"effect":{"value":"[parameters(''vnetEnableDDoSProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityEmailsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityEmailsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityEmailsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityEmailsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityEmailAdminsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityEmailAdminsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceRbacEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''kubernetesServiceRbacEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServicePspEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94","parameters":{"effect":{"value":"[parameters(''kubernetesServicePspEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceVersionUpToDateMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{"effect":{"value":"[parameters(''kubernetesServiceVersionUpToDateMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceAuthorizedIPRangesEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e246bcf-5f6f-4f87-bc6f-775d4712c7ea","parameters":{"effect":{"value":"[parameters(''kubernetesServiceAuthorizedIPRangesEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"threatDetectionTypesOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{"effect":{"value":"[parameters(''threatDetectionTypesOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"threatDetectionTypesOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{"effect":{"value":"[parameters(''threatDetectionTypesOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToManagementPortsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{"effect":{"value":"[parameters(''restrictAccessToManagementPortsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToAppServicesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a833ff1-d297-4a0f-9944-888428f8e0ff","parameters":{"effect":{"value":"[parameters(''restrictAccessToAppServicesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableIPForwardingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744","parameters":{"effect":{"value":"[parameters(''disableIPForwardingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"containerBenchmarkMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{"effect":{"value":"[parameters(''containerBenchmarkMonitoringEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","type":"Microsoft.Authorization/policySetDefinitions","name":"1f3afdf9-d0c9-4c3d-847f-89da613e70a8"},{"properties":{"displayName":"Audit
+ or disable container benchmark monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"ASCDependencyAgentAuditWindowsEffect":{"type":"String","metadata":{"displayName":"Audit
+ Dependency Agent for Windows VMs monitoring","description":"Enable or disable
+ Dependency Agent for Windows VMs"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"ASCDependencyAgentAuditLinuxEffect":{"type":"String","metadata":{"displayName":"Audit
+ Dependency Agent for Linux VMs monitoring","description":"Enable or disable
+ Dependency Agent for Linux VMs"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssEndpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{"effect":{"value":"[parameters(''vmssEndpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInIoTHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInIoTHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInIoTHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceFabricMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"accessRulesInEventHubNamespaceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","parameters":{"effect":{"value":"[parameters(''accessRulesInEventHubNamespaceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"accessRulesInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d","parameters":{"effect":{"value":"[parameters(''accessRulesInEventHubMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"useRbacRulesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{"effect":{"value":"[parameters(''useRbacRulesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInStreamAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"secureTransferToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''secureTransferToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInSqlServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInSqlServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"namespaceAuthorizationRulesInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","parameters":{"effect":{"value":"[parameters(''namespaceAuthorizationRulesInServiceBusMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceBusMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInServiceBusRetentionDays'')]"}}},{"policyDefinitionReferenceId":"clusterProtectionLevelInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{"effect":{"value":"[parameters(''clusterProtectionLevelInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInSearchServiceRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInRedisCacheMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInRedisCacheMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInLogicAppsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInLogicAppsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInLogicAppsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInKeyVaultMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInKeyVaultMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInKeyVaultRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInEventHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInEventHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeStoreMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"classicStorageAccountsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{"effect":{"value":"[parameters(''classicStorageAccountsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"classicComputeVMsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''classicComputeVMsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInBatchAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInBatchAccountMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInBatchAccountRetentionDays'')]"}}},{"policyDefinitionReferenceId":"encryptionOfAutomationAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{"effect":{"value":"[parameters(''encryptionOfAutomationAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSelectiveAppServicesMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSelectiveAppServicesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''sqlDbEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAuditingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAuditingActionsAndGroupsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingActionsAndGroupsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"SqlServerAuditingRetentionDaysMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{"effect":{"value":"[parameters(''SqlServerAuditingRetentionDaysMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnSubnetsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnSubnetsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnVirtualMachinesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemConfigurationsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{"effect":{"value":"[parameters(''systemConfigurationsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"endpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{"effect":{"value":"[parameters(''endpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"serverVulnerabilityAssessment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''serverVulnerabilityAssessmentEffect'')]"}}},{"policyDefinitionReferenceId":"webApplicationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{"effect":{"value":"[parameters(''webApplicationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''nextGenerationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''sqlDbVulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbDataClassificationMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349","parameters":{"effect":{"value":"[parameters(''sqlDbDataClassificationMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateLessThanOwnersMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{"effect":{"value":"[parameters(''identityDesignateLessThanOwnersMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateMoreThanOneOwnerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{"effect":{"value":"[parameters(''identityDesignateMoreThanOneOwnerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''apiAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{"effect":{"value":"[parameters(''functionAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''webAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppAuditFtpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5","parameters":{"effect":{"value":"[parameters(''apiAppAuditFtpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppAuditFtpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","parameters":{"effect":{"value":"[parameters(''webAppAuditFtpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppAuditFtpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15","parameters":{"effect":{"value":"[parameters(''functionAppAuditFtpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppUseManagedIdentityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","parameters":{"effect":{"value":"[parameters(''apiAppUseManagedIdentityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppUseManagedIdentityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332","parameters":{"effect":{"value":"[parameters(''webAppUseManagedIdentityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppUseManagedIdentityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f","parameters":{"effect":{"value":"[parameters(''functionAppUseManagedIdentityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{"effect":{"value":"[parameters(''apiAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{"effect":{"value":"[parameters(''webAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{"effect":{"value":"[parameters(''functionAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''apiAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"apiAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","parameters":{"effect":{"value":"[parameters(''apiAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5","parameters":{"effect":{"value":"[parameters(''functionAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vnetEnableDDoSProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{"effect":{"value":"[parameters(''vnetEnableDDoSProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityEmailsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityEmailsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityEmailsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityEmailsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityEmailAdminsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityEmailAdminsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceRbacEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''kubernetesServiceRbacEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServicePspEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94","parameters":{"effect":{"value":"[parameters(''kubernetesServicePspEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceVersionUpToDateMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{"effect":{"value":"[parameters(''kubernetesServiceVersionUpToDateMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceAuthorizedIPRangesEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e246bcf-5f6f-4f87-bc6f-775d4712c7ea","parameters":{"effect":{"value":"[parameters(''kubernetesServiceAuthorizedIPRangesEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"threatDetectionTypesOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{"effect":{"value":"[parameters(''threatDetectionTypesOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"threatDetectionTypesOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{"effect":{"value":"[parameters(''threatDetectionTypesOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToManagementPortsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{"effect":{"value":"[parameters(''restrictAccessToManagementPortsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToAppServicesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a833ff1-d297-4a0f-9944-888428f8e0ff","parameters":{"effect":{"value":"[parameters(''restrictAccessToAppServicesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableIPForwardingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744","parameters":{"effect":{"value":"[parameters(''disableIPForwardingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"containerBenchmarkMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{"effect":{"value":"[parameters(''containerBenchmarkMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ASCDependencyAgentAuditWindowsEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2f2ee1de-44aa-4762-b6bd-0893fc3f306d","parameters":{"effect":{"value":"[parameters(''ASCDependencyAgentAuditWindowsEffect'')]"}}},{"policyDefinitionReferenceId":"ASCDependencyAgentAuditLinuxEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/04c4380f-3fae-46e8-96c9-30193528f602","parameters":{"effect":{"value":"[parameters(''ASCDependencyAgentAuditLinuxEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","type":"Microsoft.Authorization/policySetDefinitions","name":"1f3afdf9-d0c9-4c3d-847f-89da613e70a8"},{"properties":{"displayName":"Audit
Windows VMs that do not have the specified applications installed","policyType":"BuiltIn","description":"This
initiative deploys the policy requirements and audits Windows virtual machines
that do not have the specified applications installed. For more information
@@ -1994,7 +2326,7 @@ interactions:
Additional policies will be added in upcoming releases. For more information,
please visit https://aka.ms/ukofficial-blueprint and https://aka.ms/uknhs-blueprint","metadata":{"category":"Regulatory
Compliance"},"parameters":{"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"List
- of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmEtcPasswdFilePermissionsAreSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnauditedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVmDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorVmVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"AuditEnablementOfEncryptionOfAutomationAccountVariables","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{}},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"AuditTheSettingOfClusterprotectionlevelPropertyToEncryptandsignInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{}},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditVMsThatDoNotUseManagedDisks","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/3937f550-eedd-4639-9c5e-294358be442e","type":"Microsoft.Authorization/policySetDefinitions","name":"3937f550-eedd-4639-9c5e-294358be442e"},{"properties":{"displayName":"[Preview]:
+ of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmEtcPasswdFilePermissionsAreSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"DeployPrerequisitesAuditLinuxVmEtcPasswdFilePermissionsAreSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnauditedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVmDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorVmVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"AuditEnablementOfEncryptionOfAutomationAccountVariables","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{}},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AuditTheSettingOfClusterprotectionlevelPropertyToEncryptandsignInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditVMsThatDoNotUseManagedDisks","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{}},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{}},{"policyDefinitionReferenceId":"AuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"AuditVulnerabilityAssessmentShouldBeEnabledOnSQLServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{}},{"policyDefinitionReferenceId":"AuditVulnerabilityAssessmentShouldBeEnabledOnSQLManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"AudtiAdvancedThreatProtectionTypesAllInSQLManagedInstanceAdvancedDataSecuritySettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{}},{"policyDefinitionReferenceId":"AudtiAdvancedThreatProtectionTypesAllInSQLServerAdvancedDataSecuritySettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{}},{"policyDefinitionReferenceId":"TheNsGsRulesForWebApplicationsOnIaaSShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"MonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"MonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"AuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"MonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingsScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/3937f550-eedd-4639-9c5e-294358be442e","type":"Microsoft.Authorization/policySetDefinitions","name":"3937f550-eedd-4639-9c5e-294358be442e"},{"properties":{"displayName":"[Preview]:
Audit SWIFT CSP-CSCF v2020 controls and deploy specific VM Extensions to support
audit requirements","policyType":"BuiltIn","description":"This initiative
includes audit and VM Extension deployment policies that address a subset
@@ -2177,6 +2509,196 @@ interactions:
machines with older versions on which Windows Defender Exploit Guard is not
available (such as Windows Server 2012 R2) non-compliant. Setting this value
to ''Compliant'' will make these machines compliant."},"allowedValues":["Compliant","Non-Compliant"],"defaultValue":"Non-Compliant"}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_WindowsDefenderExploitGuard","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a7a2bcf-f9be-4e35-9734-4f9657a70f1d","parameters":{"NotAvailableMachineState":{"value":"[parameters(''NotAvailableMachineState'')]"}}},{"policyDefinitionReferenceId":"Audit_WindowsDefenderExploitGuard","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/9d2fd8e6-95c8-410d-add0-43ada4241574","type":"Microsoft.Authorization/policySetDefinitions","name":"9d2fd8e6-95c8-410d-add0-43ada4241574"},{"properties":{"displayName":"Audit
+ HITRUST/HIPAA controls and deploy specific VM Extensions to support audit
+ requirements","policyType":"BuiltIn","description":"This initiative includes
+ policies that address a subset of HITRUST/HIPAA controls. Additional policies
+ will be added in upcoming releases. https://aka.ms/hipaa-blueprint","metadata":{"category":"Regulatory
+ Compliance"},"parameters":{"installedApplicationsOnWindowsVM":{"type":"String","metadata":{"displayName":"Application
+ names (supports wildcards)","description":"A semicolon-separated list of the
+ names of the applications that should be installed. e.g. ''Microsoft SQL Server
+ 2014 (64-bit); Microsoft Visual Studio Code'' or ''Microsoft SQL Server 2014*''
+ (to match any application starting with ''Microsoft SQL Server 2014'')"}},"DeployDiagnosticSettingsforNetworkSecurityGroupsstoragePrefix":{"type":"String","metadata":{"displayName":"Storage
+ Account Prefix for Regional Storage Account to deploy diagnostic settings
+ for Network Security Groups","description":"This prefix will be combined with
+ the network security group location to form the created storage account name."}},"DeployDiagnosticSettingsforNetworkSecurityGroupsrgName":{"type":"String","metadata":{"displayName":"Resource
+ Group Name for Storage Account (must exist) to deploy diagnostic settings
+ for Network Security Groups","description":"The resource group that the storage
+ account will be created in. This resource group must already exist.","strongType":"ExistingResourceGroups"}},"diagnosticsLogsInBatchAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Batch accounts should be enabled","description":"Enable or disable
+ the monitoring of diagnostic logs in Batch accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInBatchAccountRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (in days) for logs in Batch accounts","description":"The required
+ diagnostic logs retention period in days"},"defaultValue":"365"},"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect":{"type":"String","metadata":{"displayName":"SQL
+ managed instance TDE protector should be encrypted with your own key","description":"Enable
+ or disable the monitoring of Transparent Data Encryption (TDE) with your own
+ key support. TDE with your own key support provides increased transparency
+ and control over the TDE Protector, increased security with an HSM-backed
+ external service, and promotion of separation of duties."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diskEncryptionMonitoringEffect":{"type":"String","metadata":{"displayName":"Disk
+ encryption should be applied on virtual machines","description":"Enable or
+ disable the monitoring for VM disk encryption"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInSearchServiceMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Search services should be enabled","description":"Enable or disable
+ the monitoring of diagnostic logs in Azure Search service"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInSearchServiceRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (in days) of logs in Azure Search service","description":"The required
+ diagnostic logs retention period in days"},"defaultValue":"365"},"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerability
+ assessment should be enabled on your SQL managed instances","description":"Audit
+ SQL managed instances which do not have recurring vulnerability assessment
+ scans enabled. Vulnerability assessment can discover, track, and help you
+ remediate potential database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vulnerabilityAssesmentMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities
+ should be remediated by a Vulnerability Assessment solution","description":"Enable
+ or disable the detection of VM vulnerabilities by a vulnerability assessment
+ solution"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"EnableInsecureGuestLogons":{"type":"String","metadata":{"displayName":"Enable
+ insecure guest logons","description":"Specifies whether the SMB client will
+ allow insecure guest logons to an SMB server."},"defaultValue":"0"},"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain":{"type":"String","metadata":{"displayName":"Allow
+ simultaneous connections to the Internet or a Windows Domain","description":"Specify
+ whether to prevent computers from connecting to both a domain based network
+ and a non-domain based network at the same time. A value of 0 allows simultaneous
+ connections, and a value of 1 blocks them."},"defaultValue":"1"},"TurnOffMulticastNameResolution":{"type":"String","metadata":{"displayName":"Turn
+ off multicast name resolution","description":"Specifies whether LLMNR, a secondary
+ name resolution protocol that transmits using multicast over a local subnet
+ link on a single subnet, is enabled."},"defaultValue":"1"},"nextGenerationFirewallMonitoringEffect":{"type":"String","metadata":{"displayName":"Access
+ through Internet facing endpoint should be restricted","description":"Enable
+ or disable overly permissive inbound NSG rules monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect":{"type":"String","metadata":{"displayName":"SQL
+ server TDE protector should be encrypted with your own key","description":"Enable
+ or disable the monitoring of Transparent Data Encryption (TDE) with your own
+ key support. TDE with your own key support provides increased transparency
+ and control over the TDE Protector, increased security with an HSM-backed
+ external service, and promotion of separation of duties."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppDisableRemoteDebuggingMonitoringEffect":{"type":"String","metadata":{"displayName":"Remote
+ debugging should be turned off for API App","description":"Enable or disable
+ the monitoring of remote debugging for API App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"classicComputeVMsMonitoringEffect":{"type":"String","metadata":{"displayName":"Virtual
+ machines should be migrated to new Azure Resource Manager resources","description":"Enable
+ or disable the monitoring of classic compute VMs"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"disableUnrestrictedNetworkToStorageAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Audit
+ unrestricted network access to storage accounts","description":"Enable or
+ disable the monitoring of network access to storage account"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"adaptiveApplicationControlsMonitoringEffect":{"type":"String","metadata":{"displayName":"Adaptive
+ Application Controls should be enabled on virtual machines","description":"Enable
+ or disable the monitoring of application whitelisting in Azure Security Center"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"NetworkAccessRemotelyAccessibleRegistryPaths":{"type":"String","metadata":{"displayName":"Network
+ access: Remotely accessible registry paths","description":"Specifies which
+ registry paths will be accessible over the network, regardless of the users
+ or groups listed in the access control list (ACL) of the `winreg` registry
+ key."},"defaultValue":"System\\CurrentControlSet\\Control\\ProductOptions|#|System\\CurrentControlSet\\Control\\Server
+ Applications|#|Software\\Microsoft\\Windows NT\\CurrentVersion"},"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths":{"type":"String","metadata":{"displayName":"Network
+ access: Remotely accessible registry paths and sub-paths","description":"Specifies
+ which registry paths and sub-paths will be accessible over the network, regardless
+ of the users or groups listed in the access control list (ACL) of the `winreg`
+ registry key."},"defaultValue":"System\\CurrentControlSet\\Control\\Print\\Printers|#|System\\CurrentControlSet\\Services\\Eventlog|#|Software\\Microsoft\\OLAP
+ Server|#|Software\\Microsoft\\Windows NT\\CurrentVersion\\Print|#|Software\\Microsoft\\Windows
+ NT\\CurrentVersion\\Windows|#|System\\CurrentControlSet\\Control\\ContentIndex|#|System\\CurrentControlSet\\Control\\Terminal
+ Server|#|System\\CurrentControlSet\\Control\\Terminal Server\\UserConfig|#|System\\CurrentControlSet\\Control\\Terminal
+ Server\\DefaultUserConfiguration|#|Software\\Microsoft\\Windows NT\\CurrentVersion\\Perflib|#|System\\CurrentControlSet\\Services\\SysmonLog"},"NetworkAccessSharesThatCanBeAccessedAnonymously":{"type":"String","metadata":{"displayName":"Network
+ access: Shares that can be accessed anonymously","description":"Specifies
+ which network shares can be accessed by anonymous users. The default configuration
+ for this policy setting has little effect because all users have to be authenticated
+ before they can access shared resources on the server."},"defaultValue":"0"},"webAppDisableRemoteDebuggingMonitoringEffect":{"type":"String","metadata":{"displayName":"Remote
+ debugging should be turned off for Web Application","description":"Enable
+ or disable the monitoring of remote debugging for Web App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppEnforceHttpsMonitoringEffectV2":{"type":"String","metadata":{"displayName":"API
+ App should only be accessible over HTTPS V2","description":"Enable or disable
+ the monitoring of the use of HTTPS in API App V2"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"identityEnableMFAForWritePermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled accounts with write permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with write permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"jitNetworkAccessMonitoringEffect":{"type":"String","metadata":{"displayName":"Just-In-Time
+ network access control should be applied on virtual machines","description":"Enable
+ or disable the monitoring of network just In time access"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled on accounts with owner permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with owner permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"kubernetesServiceRbacEnabledMonitoringEffect":{"type":"String","metadata":{"displayName":"Role-Based
+ Access Control (RBAC) should be used on Kubernetes Services","description":"Enable
+ or disable the monitoring of Kubernetes Services without RBAC enabled"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"restrictAccessToManagementPortsMonitoringEffect":{"type":"String","metadata":{"displayName":"Management
+ ports should be closed on your virtual machines","description":"Enable or
+ disable the monitoring of open management ports on Virtual Machines"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vmssOsVulnerabilitiesMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities
+ in security configuration on your virtual machine scale sets should be remediated","description":"Enable
+ or disable virtual machine scale sets OS vulnerabilities monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInEventHubMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Event Hub should be enabled","description":"Enable or disable the
+ monitoring of diagnostic logs in Event Hub accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInEventHubRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (in days) of logs in Event Hub accounts","description":"The required
+ diagnostic logs retention period in days"},"defaultValue":"365"},"vmssSystemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"System
+ updates on virtual machine scale sets should be installed","description":"Enable
+ or disable virtual machine scale sets reporting of system updates"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInServiceFabricMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Virtual Machine Scale Sets should be enabled","description":"Enable
+ or disable the monitoring of diagnostic logs in Service Fabric"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"systemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"System
+ updates should be installed on your machines","description":"Enable or disable
+ reporting of system updates"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"DeployAzureBaselineSecurityOptionsAccountsAccountsGuestAccountStatus":{"type":"String","metadata":{"displayName":"Accounts:
+ Guest account status","description":"Specifies whether the local Guest account
+ is disabled."},"defaultValue":"0"},"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"type":"String","metadata":{"displayName":"Recovery
+ console: Allow floppy copy and access to all drives and all folders","description":"Specifies
+ whether to make the Recovery Console SET command available, which allows setting
+ of recovery console environment variables."},"defaultValue":"0"},"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"type":"String","metadata":{"displayName":"Audit:
+ Shut down system immediately if unable to log security audits","description":"Audits
+ if the system will shut down when unable to log Security events."},"defaultValue":"0"},"DeployAzureBaselineSystemAuditPoliciesDetailedTrackingAuditProcessTermination":{"type":"String","metadata":{"displayName":"Audit
+ Process Termination","description":"Specifies whether audit events are generated
+ when a process has exited. Recommended for monitoring termination of critical
+ processes."},"allowedValues":["No Auditing","Success","Failure","Success and
+ Failure"],"defaultValue":"No Auditing"},"WindowsFirewallDomainUseProfileSettings":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Use profile settings","description":"Specifies whether
+ Windows Firewall with Advanced Security uses the settings for the Domain profile
+ to filter network traffic. If you select Off, Windows Firewall with Advanced
+ Security will not use any of the firewall rules or connection security rules
+ for this profile."},"defaultValue":"1"},"WindowsFirewallDomainBehaviorForOutboundConnections":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Behavior for outbound connections","description":"Specifies
+ the behavior for outbound connections for the Domain profile that do not match
+ an outbound firewall rule. The default value of 0 means to allow connections,
+ and a value of 1 means to block connections."},"defaultValue":"0"},"WindowsFirewallDomainApplyLocalConnectionSecurityRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Apply local connection security rules","description":"Specifies
+ whether local administrators are allowed to create connection security rules
+ that apply together with connection security rules configured by Group Policy
+ for the Domain profile."},"defaultValue":"1"},"WindowsFirewallDomainApplyLocalFirewallRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Apply local firewall rules","description":"Specifies whether
+ local administrators are allowed to create local firewall rules that apply
+ together with firewall rules configured by Group Policy for the Domain profile."},"defaultValue":"1"},"WindowsFirewallDomainDisplayNotifications":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Display notifications","description":"Specifies whether
+ Windows Firewall with Advanced Security displays notifications to the user
+ when a program is blocked from receiving inbound connections, for the Domain
+ profile."},"defaultValue":"1"},"WindowsFirewallPrivateUseProfileSettings":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Use profile settings","description":"Specifies whether
+ Windows Firewall with Advanced Security uses the settings for the Private
+ profile to filter network traffic. If you select Off, Windows Firewall with
+ Advanced Security will not use any of the firewall rules or connection security
+ rules for this profile."},"defaultValue":"1"},"WindowsFirewallPrivateBehaviorForOutboundConnections":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Behavior for outbound connections","description":"Specifies
+ the behavior for outbound connections for the Private profile that do not
+ match an outbound firewall rule. The default value of 0 means to allow connections,
+ and a value of 1 means to block connections."},"defaultValue":"0"},"WindowsFirewallPrivateApplyLocalConnectionSecurityRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Apply local connection security rules","description":"Specifies
+ whether local administrators are allowed to create connection security rules
+ that apply together with connection security rules configured by Group Policy
+ for the Private profile."},"defaultValue":"1"},"WindowsFirewallPrivateApplyLocalFirewallRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Apply local firewall rules","description":"Specifies whether
+ local administrators are allowed to create local firewall rules that apply
+ together with firewall rules configured by Group Policy for the Private profile."},"defaultValue":"1"},"WindowsFirewallPrivateDisplayNotifications":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Display notifications","description":"Specifies whether
+ Windows Firewall with Advanced Security displays notifications to the user
+ when a program is blocked from receiving inbound connections, for the Private
+ profile."},"defaultValue":"1"},"WindowsFirewallPublicUseProfileSettings":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Use profile settings","description":"Specifies whether
+ Windows Firewall with Advanced Security uses the settings for the Public profile
+ to filter network traffic. If you select Off, Windows Firewall with Advanced
+ Security will not use any of the firewall rules or connection security rules
+ for this profile."},"defaultValue":"1"},"WindowsFirewallPublicBehaviorForOutboundConnections":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Behavior for outbound connections","description":"Specifies
+ the behavior for outbound connections for the Public profile that do not match
+ an outbound firewall rule. The default value of 0 means to allow connections,
+ and a value of 1 means to block connections."},"defaultValue":"0"},"WindowsFirewallPublicApplyLocalConnectionSecurityRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Apply local connection security rules","description":"Specifies
+ whether local administrators are allowed to create connection security rules
+ that apply together with connection security rules configured by Group Policy
+ for the Public profile."},"defaultValue":"1"},"WindowsFirewallPublicApplyLocalFirewallRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Apply local firewall rules","description":"Specifies whether
+ local administrators are allowed to create local firewall rules that apply
+ together with firewall rules configured by Group Policy for the Public profile."},"defaultValue":"1"},"WindowsFirewallPublicDisplayNotifications":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Display notifications","description":"Specifies whether
+ Windows Firewall with Advanced Security displays notifications to the user
+ when a program is blocked from receiving inbound connections, for the Public
+ profile."},"defaultValue":"1"},"WindowsFirewallDomainAllowUnicastResponse":{"type":"String","metadata":{"displayName":"Windows
+ Firewall: Domain: Allow unicast response","description":"Specifies whether
+ Windows Firewall with Advanced Security permits the local computer to receive
+ unicast responses to its outgoing multicast or broadcast messages; for the
+ Domain profile."},"defaultValue":"0"},"WindowsFirewallPrivateAllowUnicastResponse":{"type":"String","metadata":{"displayName":"Windows
+ Firewall: Private: Allow unicast response","description":"Specifies whether
+ Windows Firewall with Advanced Security permits the local computer to receive
+ unicast responses to its outgoing multicast or broadcast messages; for the
+ Private profile."},"defaultValue":"0"},"WindowsFirewallPublicAllowUnicastResponse":{"type":"String","metadata":{"displayName":"Windows
+ Firewall: Public: Allow unicast response","description":"Specifies whether
+ Windows Firewall with Advanced Security permits the local computer to receive
+ unicast responses to its outgoing multicast or broadcast messages; for the
+ Public profile."},"defaultValue":"1"},"CertificateThumbprints":{"type":"String","metadata":{"displayName":"Certificate
+ thumbprints","description":"A semicolon-separated list of certificate thumbprints
+ that should exist under the Trusted Root certificate store (Cert:\\LocalMachine\\Root).
+ e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"DeploydefaultMicrosoftIaaSAntimalwareextensionforWindowsServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc","parameters":{}},{"policyDefinitionReferenceId":"diagnosticsLogsInBatchAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInBatchAccountMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInBatchAccountRetentionDays'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"RequireencryptiononDataLakeStoreaccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a","parameters":{}},{"policyDefinitionReferenceId":"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"AuditSQLTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"Deploy_InstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6","parameters":{"installedApplication":{"value":"[parameters(''installedApplicationsOnWindowsVM'')]"}}},{"policyDefinitionReferenceId":"Audit_InstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9","parameters":{}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21e2995e-683e-497a-9e81-2f42ad07050a","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/498b810c-59cd-4222-9338-352ba146ccf3","parameters":{"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"value":"[parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SystemAuditPoliciesAccountManagement","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/225e937e-d32e-4713-ab74-13ce95b3519a","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SystemAuditPoliciesAccountManagement","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29","parameters":{}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SystemAuditPoliciesDetailedTracking","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9a33475-481d-4b81-9116-0bf02ffe67e8","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SystemAuditPoliciesDetailedTracking","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/42a07bbf-ffcf-459a-b4b1-30ecd118a505","parameters":{"AuditProcessTermination":{"value":"[parameters(''DeployAzureBaselineSystemAuditPoliciesDetailedTrackingAuditProcessTermination'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInSearchServiceRetentionDays'')]"}}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsMicrosoftNetworkServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6fe4ef56-7576-4dc4-8e9c-26bad4b087ce","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsMicrosoftNetworkServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86880e5c-df35-43c5-95ad-7e120635775e","parameters":{}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_AdministrativeTemplatesNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7229bd6a-693d-478a-87f0-1dc1af06f3b8","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_AdministrativeTemplatesNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/985285b7-b97a-419c-8d48-c88cc934c8d8","parameters":{"EnableInsecureGuestLogons":{"value":"[parameters(''EnableInsecureGuestLogons'')]"},"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain":{"value":"[parameters(''AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain'')]"},"TurnOffMulticastNameResolution":{"value":"[parameters(''TurnOffMulticastNameResolution'')]"}}},{"policyDefinitionReferenceId":"Deploynetworkwatcherwhenvirtualnetworksarecreated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9","parameters":{}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_WindowsFirewallProperties","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8bbd627e-4d25-4906-9a6e-3789780af3ec","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_WindowsFirewallProperties","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/909c958d-1b99-4c74-b88f-46a5c5bc34f9","parameters":{"WindowsFirewallDomainUseProfileSettings":{"value":"[parameters(''WindowsFirewallDomainUseProfileSettings'')]"},"WindowsFirewallDomainBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallDomainBehaviorForOutboundConnections'')]"},"WindowsFirewallDomainApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallDomainApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalFirewallRules'')]"},"WindowsFirewallDomainDisplayNotifications":{"value":"[parameters(''WindowsFirewallDomainDisplayNotifications'')]"},"WindowsFirewallPrivateUseProfileSettings":{"value":"[parameters(''WindowsFirewallPrivateUseProfileSettings'')]"},"WindowsFirewallPrivateBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPrivateBehaviorForOutboundConnections'')]"},"WindowsFirewallPrivateApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallPrivateApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalFirewallRules'')]"},"WindowsFirewallPrivateDisplayNotifications":{"value":"[parameters(''WindowsFirewallPrivateDisplayNotifications'')]"},"WindowsFirewallPublicUseProfileSettings":{"value":"[parameters(''WindowsFirewallPublicUseProfileSettings'')]"},"WindowsFirewallPublicBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPublicBehaviorForOutboundConnections'')]"},"WindowsFirewallPublicApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallPublicApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalFirewallRules'')]"},"WindowsFirewallPublicDisplayNotifications":{"value":"[parameters(''WindowsFirewallPublicDisplayNotifications'')]"},"WindowsFirewallDomainAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallDomainAllowUnicastResponse'')]"},"WindowsFirewallPrivateAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPrivateAllowUnicastResponse'')]"},"WindowsFirewallPublicAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPublicAllowUnicastResponse'')]"}}},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''nextGenerationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''apiAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"classicComputeVMsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''classicComputeVMsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"DeployDiagnosticSettingsforNetworkSecurityGroups","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89","parameters":{"storagePrefix":{"value":"[parameters(''DeployDiagnosticSettingsforNetworkSecurityGroupsstoragePrefix'')]"},"rgName":{"value":"[parameters(''DeployDiagnosticSettingsforNetworkSecurityGroupsrgName'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsNetworkAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30040dab-4e75-4456-8273-14b8f75d91d9","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsNetworkAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f56a3ab2-89d1-44de-ac0d-2ada5962e22a","parameters":{"NetworkAccessRemotelyAccessibleRegistryPaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPaths'')]"},"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths'')]"},"NetworkAccessSharesThatCanBeAccessedAnonymously":{"value":"[parameters(''NetworkAccessSharesThatCanBeAccessedAnonymously'')]"}}},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''webAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"AuditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"Audit_WindowsCertificateInTrustedRoot","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b9ad83-000d-4dc1-bff0-6d54533dd03f","parameters":{}},{"policyDefinitionReferenceId":"Deploy_WindowsCertificateInTrustedRoot","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/106ccbe4-a791-4f33-a44a-06796944b8d5","parameters":{"CertificateThumbprints":{"value":"[parameters(''CertificateThumbprints'')]"}}},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''apiAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceRbacEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''kubernetesServiceRbacEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b872a447-cc6f-43b9-bccf-45703cd81607","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e5b81f87-9185-4224-bf00-9f505e9f89f3","parameters":{"AccountsGuestAccountStatus":{"value":"[parameters(''DeployAzureBaselineSecurityOptionsAccountsAccountsGuestAccountStatus'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToManagementPortsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{"effect":{"value":"[parameters(''restrictAccessToManagementPortsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInEventHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInEventHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceFabricMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsRecoveryconsole","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b"},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsRecoveryconsole","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b","parameters":{"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/a169a624-5599-4385-a696-c8d643089fab","type":"Microsoft.Authorization/policySetDefinitions","name":"a169a624-5599-4385-a696-c8d643089fab"},{"properties":{"displayName":"Audit
Windows Server VMs on which Windows Serial Console is not enabled","policyType":"BuiltIn","description":"This
initiative deploys the policy requirements and audits Windows Server virtual
machines on which Windows Serial Console is not enabled. For more information
@@ -2275,7 +2797,81 @@ interactions:
Analytics workspace ID for VM agent reporting"}},"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"List
of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"listOfMembersToExcludeFromWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"List
of users excluded from Windows VM Administrators group"}},"listOfMembersToIncludeInWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"List
- of users that must be included in Windows VM Administrators group"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditCORSResourceAccessRestrictionsForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentMImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVMSSVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceforVMPreviewReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdforVMreporting'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditMaximumNumberOfOwnersForASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditMinimumNumberOfOwnersForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"PreviewAudiThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVMDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorVMVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"AuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de","parameters":{}},{"policyDefinitionReferenceId":"AuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a","parameters":{}},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingsScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{}},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","parameters":{"MembersToExclude":{"value":"[parameters(''listOfMembersToExcludeFromWindowsVMAdministratorsGroup'')]"}}},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","parameters":{"MembersToInclude":{"value":"[parameters(''listOfMembersToIncludeInWindowsVMAdministratorsGroup'')]"}}},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{}},{"policyDefinitionReferenceId":"TheNsGsRulesForWebApplicationsOnIaaSShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f","type":"Microsoft.Authorization/policySetDefinitions","name":"cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f"},{"properties":{"displayName":"[Preview]:
+ of users that must be included in Windows VM Administrators group"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(2)"]},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"PreviewAuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewAuditCORSResourceAccessRestrictionsForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4"]},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentMImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVMSSVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceforVMPreviewReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdforVMreporting'')]"}},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditMaximumNumberOfOwnersForASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"PreviewAuditMinimumNumberOfOwnersForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-5"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAudiThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3","NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3","NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(2)","NIST_SP_800-53_R4_CM-7(5)","NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"PreviewMonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)","NIST_SP_800-53_R4_SC-7(3)","NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVMDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"PreviewMonitorVMVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}},"groupNames":["NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-16","NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SC-28(1)","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-16","NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SC-28(1)","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"AuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"AuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingsScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)","NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","parameters":{"MembersToExclude":{"value":"[parameters(''listOfMembersToExcludeFromWindowsVMAdministratorsGroup'')]"}},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","parameters":{"MembersToInclude":{"value":"[parameters(''listOfMembersToIncludeInWindowsVMAdministratorsGroup'')]"}},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"TheNsGsRulesForWebApplicationsOnIaaSShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1000","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ef3cc79-733e-48ed-ab6f-7bf439e9b406","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-1"]},{"policyDefinitionReferenceId":"ACF1001","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e26f8c3-4bf3-4191-b8fc-d888805101b7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-1"]},{"policyDefinitionReferenceId":"ACF1002","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/632024c2-8079-439d-a7f6-90af1d78cc65","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1003","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b68b179-3704-4ff7-b51d-7d65374d165d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1004","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c17822dc-736f-4eb4-a97d-e6be662ff835","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1005","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b626abc-26d4-4e22-9de8-3831818526b1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1006","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aae8d54c-4bce-4c04-b3aa-5b65b67caac8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1007","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17200329-bf6c-46d8-ac6d-abf4641c2add","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1008","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8356cfc6-507a-4d20-b818-08038011cd07","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1009","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b26f8610-e615-47c2-abd6-c00b2b0b503a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1010","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/784663a8-1eb0-418a-a98c-24d19bc1bb62","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1011","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7e6a54f3-883f-43d5-87c4-172dfd64a1f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1012","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/efd7b9ae-1db6-4eb6-b0fe-87e6565f9738","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1013","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fd7b917-d83b-4379-af60-51e14e316c61","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(1)"]},{"policyDefinitionReferenceId":"ACF1014","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5dee936c-8037-4df1-ab35-6635733da48c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(2)"]},{"policyDefinitionReferenceId":"ACF1015","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/544a208a-9c3f-40bc-b1d1-d7e144495c14","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(3)"]},{"policyDefinitionReferenceId":"ACF1016","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d8b43277-512e-40c3-ab00-14b3b6e72238","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(4)"]},{"policyDefinitionReferenceId":"ACF1017","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0fc3db37-e59a-48c1-84e9-1780cedb409e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(5)"]},{"policyDefinitionReferenceId":"ACF1018","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9121abf-e698-4ee9-b1cf-71ee528ff07f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1019","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a3ee9b2-3977-459c-b8ce-2db583abd9f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1020","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b291ee8-3140-4cad-beb7-568c077c78ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1021","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a3eb0a3-428d-4669-baff-20a14eb4b551","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(9)"]},{"policyDefinitionReferenceId":"ACF1022","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/411f7e2d-9a0b-4627-a0b9-1700432db47d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(10)"]},{"policyDefinitionReferenceId":"ACF1023","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e55698b6-3dea-4aa9-99b9-d8218c6ab6e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(11)"]},{"policyDefinitionReferenceId":"ACF1024","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84914fb4-12da-4c53-a341-a9fd463bed10","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)"]},{"policyDefinitionReferenceId":"ACF1025","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/adfe020d-0a97-45f4-a39c-696ef99f3a95","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)"]},{"policyDefinitionReferenceId":"ACF1026","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/55419419-c597-4cd4-b51e-009fd2266783","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(13)"]},{"policyDefinitionReferenceId":"ACF1027","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-3"]},{"policyDefinitionReferenceId":"ACF1028","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f171df5c-921b-41e9-b12b-50801c315475","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4"]},{"policyDefinitionReferenceId":"ACF1029","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4(8)"]},{"policyDefinitionReferenceId":"ACF1030","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d3531453-b869-4606-9122-29c1cd6e7ed1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4(21)"]},{"policyDefinitionReferenceId":"ACF1031","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b93a801-fe25-4574-a60d-cb22acffae00","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1032","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa85661-d618-46b8-a20f-ca40a86f0751","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1033","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48540f01-fc11-411a-b160-42807c68896e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1034","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02a5ed00-6d2e-4e97-9a98-46c32c057329","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6"]},{"policyDefinitionReferenceId":"ACF1035","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ca94b046-45e2-444f-a862-dc8ce262a516","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(1)"]},{"policyDefinitionReferenceId":"ACF1036","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a16d673-8cf0-4dcf-b1d5-9b3e114fef71","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(2)"]},{"policyDefinitionReferenceId":"ACF1037","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa4c2a3d-1294-41a3-9ada-0e540471e9fb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(3)"]},{"policyDefinitionReferenceId":"ACF1038","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26692e88-71b7-4a5f-a8ac-9f31dd05bd8e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(5)"]},{"policyDefinitionReferenceId":"ACF1039","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3a7b9de4-a8a2-4672-914d-c5f6752aa7f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"ACF1040","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/54205576-cec9-463f-ba44-b4b3f5d0a84c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"ACF1041","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b3d8d15b-627a-4219-8c96-4d16f788888b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(8)"]},{"policyDefinitionReferenceId":"ACF1042","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/319dc4f0-0fed-4ac9-8fc3-7aeddee82c07","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(9)"]},{"policyDefinitionReferenceId":"ACF1043","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/361a77f6-0f9c-4748-8eec-bc13aaaa2455","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(10)"]},{"policyDefinitionReferenceId":"ACF1044","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0abbac52-57cf-450d-8408-1208d0dd9e90","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7"]},{"policyDefinitionReferenceId":"ACF1045","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/554d2dd6-f3a8-4ad5-b66f-5ce23bd18892","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7"]},{"policyDefinitionReferenceId":"ACF1046","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b1aa965-7502-41f9-92be-3e2fe7cc392a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7(2)"]},{"policyDefinitionReferenceId":"ACF1047","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1048","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/483e7ca9-82b3-45a2-be97-b93163a0deb7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1049","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9adf7ba7-900a-4f35-8d57-9f34aafc405c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1050","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd20184c-b4ec-4ce5-8db6-6e86352d183f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-10"]},{"policyDefinitionReferenceId":"ACF1051","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7cac6ee9-b58b-40c8-a5ce-f0efc3d9b339","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11"]},{"policyDefinitionReferenceId":"ACF1052","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/027cae1c-ec3e-4492-9036-4168d540c42a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11"]},{"policyDefinitionReferenceId":"ACF1053","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7582b19c-9dba-438e-aed8-ede59ac35ba3","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11(1)"]},{"policyDefinitionReferenceId":"ACF1054","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5807e1b4-ba5e-4718-8689-a0ca05a191b2","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12"]},{"policyDefinitionReferenceId":"ACF1055","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/769efd9b-3587-4e22-90ce-65ddcd5bd969","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12(1)"]},{"policyDefinitionReferenceId":"ACF1056","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac43352f-df83-4694-8738-cfce549fd08d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12(1)"]},{"policyDefinitionReferenceId":"ACF1057","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/78255758-6d45-4bf0-a005-7016bc03b13c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-14"]},{"policyDefinitionReferenceId":"ACF1058","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/76e85d08-8fbb-4112-a1c1-93521e6a9254","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-14"]},{"policyDefinitionReferenceId":"ACF1059","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a29b5d9f-4953-4afe-b560-203a6410b6b4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17"]},{"policyDefinitionReferenceId":"ACF1060","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34a987fd-2003-45de-a120-014956581f2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17"]},{"policyDefinitionReferenceId":"ACF1061","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ac22808-a2e8-41c4-9d46-429b50738914","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"ACF1062","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4708723f-e099-4af1-bbf9-b6df7642e444","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(2)"]},{"policyDefinitionReferenceId":"ACF1063","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/593ce201-54b2-4dd0-b34f-c308005d7780","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(3)"]},{"policyDefinitionReferenceId":"ACF1064","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb4d9508-cbf0-4a3c-bb5c-6c95b159f3fb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(4)"]},{"policyDefinitionReferenceId":"ACF1065","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f87b8085-dca9-4cf1-8f7b-9822b997797c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(4)"]},{"policyDefinitionReferenceId":"ACF1066","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4455c2e8-c65d-4acf-895e-304916f90b36","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(9)"]},{"policyDefinitionReferenceId":"ACF1067","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c5e54f6-0127-44d0-8b61-f31dc8dd6190","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18"]},{"policyDefinitionReferenceId":"ACF1068","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d045bca-a0fd-452e-9f41-4ec33769717c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18"]},{"policyDefinitionReferenceId":"ACF1069","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/91c97b44-791e-46e9-bad7-ab7c4949edbb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(1)"]},{"policyDefinitionReferenceId":"ACF1070","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68f837d0-8942-4b1e-9b31-be78b247bda8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(3)"]},{"policyDefinitionReferenceId":"ACF1071","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a437f5b-9ad6-4f28-8861-de404d511ae4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(4)"]},{"policyDefinitionReferenceId":"ACF1072","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1ca29e41-34ec-4e70-aba9-6248aca18c31","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(5)"]},{"policyDefinitionReferenceId":"ACF1073","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ab55cdb0-c7dd-4bd8-ae22-a7cea7594e9c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19"]},{"policyDefinitionReferenceId":"ACF1074","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/27a69937-af92-4198-9b86-08d355c7e59a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19"]},{"policyDefinitionReferenceId":"ACF1075","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fc933d22-04df-48ed-8f87-22a3773d4309","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19(5)"]},{"policyDefinitionReferenceId":"ACF1076","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/98a4bd5f-6436-46d4-ad00-930b5b1dfed4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20"]},{"policyDefinitionReferenceId":"ACF1077","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2dad3668-797a-412e-a798-07d3849a7a79","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20"]},{"policyDefinitionReferenceId":"ACF1078","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b25faf85-8a16-4f28-8e15-d05c0072d64d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(1)"]},{"policyDefinitionReferenceId":"ACF1079","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/85c32733-7d23-4948-88da-058e2c56b60f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(1)"]},{"policyDefinitionReferenceId":"ACF1080","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/852981b4-a380-4704-aa1e-2e52d63445e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(2)"]},{"policyDefinitionReferenceId":"ACF1081","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3867f2a9-23bb-4729-851f-c3ad98580caf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-21"]},{"policyDefinitionReferenceId":"ACF1082","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24d480ef-11a0-4b1b-8e70-4e023bf2be23","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-21"]},{"policyDefinitionReferenceId":"ACF1083","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e319cb6-2ca3-4a58-ad75-e67f484e50ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1084","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d0eb15db-dd1c-4d1d-b200-b12dd6cd060c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1085","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13d117e0-38b0-4bbb-aaab-563be5dd10ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1086","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb321e6f-16a0-4be3-878f-500956e309c5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1087","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/100c82ba-42e9-4d44-a2ba-94b209248583","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-1"]},{"policyDefinitionReferenceId":"ACF1088","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d50f99d-1356-49c0-934a-45f742ba7783","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-1"]},{"policyDefinitionReferenceId":"ACF1089","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef080e67-0d1a-4f76-a0c5-fb9b0358485e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1090","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2fb740e5-cbc7-4d10-8686-d1bf826652b1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1091","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b23bd715-5d1c-4e5c-9759-9cbdf79ded9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1092","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8a29d47b-8604-4667-84ef-90d203fcb305","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2(2)"]},{"policyDefinitionReferenceId":"ACF1093","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a0bdeeb-15f4-47e8-a1da-9f769f845fdf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1094","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4b1853e0-8973-446b-b567-09d901d31a09","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1095","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc3f6f7a-057b-433e-9834-e8c97b0194f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1096","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/420c1477-aa43-49d0-bd7e-c4abdd9addff","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3(3)"]},{"policyDefinitionReferenceId":"ACF1097","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf3e4836-f19e-47eb-a8cd-c3ca150452c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3(4)"]},{"policyDefinitionReferenceId":"ACF1098","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84363adb-dde3-411a-9fc1-36b56737f822","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-4"]},{"policyDefinitionReferenceId":"ACF1099","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01910bab-8639-4bd0-84ef-cc53b24d79ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-4"]},{"policyDefinitionReferenceId":"ACF1100","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4057863c-ca7d-47eb-b1e0-503580cba8a4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-1"]},{"policyDefinitionReferenceId":"ACF1101","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7327b708-f0e0-457d-9d2a-527fcc9c9a65","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-1"]},{"policyDefinitionReferenceId":"ACF1102","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9943c16a-c54c-4b4a-ad28-bfd938cdbf57","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1103","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16feeb31-6377-437e-bbab-d7f73911896d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1104","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdd8d244-18b2-4306-a1d1-df175ae0935f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1105","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b73f57b-587d-4470-a344-0b0ae805f459","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1106","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d2b4feae-61ab-423f-a4c5-0e38ac4464d8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2(3)"]},{"policyDefinitionReferenceId":"ACF1107","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b29ed931-8e21-4779-8458-27916122a904","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3"]},{"policyDefinitionReferenceId":"ACF1108","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9ad559e-c12d-415e-9a78-e50fdd7da7ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(1)"]},{"policyDefinitionReferenceId":"ACF1109","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7d9ffa23-ad92-4d0d-b1f4-7db274cc2aec","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)"]},{"policyDefinitionReferenceId":"ACF1110","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6182bfa7-0f2a-43f5-834a-a2ddf31c13c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-4"]},{"policyDefinitionReferenceId":"ACF1111","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21de687c-f15e-4e51-bf8d-f35c8619965b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5"]},{"policyDefinitionReferenceId":"ACF1112","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d530aad8-4ee2-45f4-b234-c061dae683c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5"]},{"policyDefinitionReferenceId":"ACF1113","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/562afd61-56be-4313-8fe4-b9564aa4ba7d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5(1)"]},{"policyDefinitionReferenceId":"ACF1114","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c090801-59bc-4454-bb33-e0455133486a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5(2)"]},{"policyDefinitionReferenceId":"ACF1115","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b653845-2ad9-4e09-a4f3-5a7c1d78353d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6"]},{"policyDefinitionReferenceId":"ACF1116","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e47bc51-35d1-44b8-92af-e2f2d8b67635","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6"]},{"policyDefinitionReferenceId":"ACF1117","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7fbfe680-6dbb-4037-963c-a621c5635902","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(1)"]},{"policyDefinitionReferenceId":"ACF1118","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a96f743d-a195-420d-983a-08aa06bc441e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(3)"]},{"policyDefinitionReferenceId":"ACF1119","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/845f6359-b764-4b40-b579-657aefe23c44","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(4)"]},{"policyDefinitionReferenceId":"ACF1120","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c69b870e-857b-458b-af02-bb234f7a00d3","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(5)"]},{"policyDefinitionReferenceId":"ACF1121","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c72b0eb9-1fc2-44e5-a866-e7cb0532f7c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(6)"]},{"policyDefinitionReferenceId":"ACF1122","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/243ec95e-800c-49d4-ba52-1fdd9f6b8b57","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(7)"]},{"policyDefinitionReferenceId":"ACF1123","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03996055-37a4-45a5-8b70-3f1caa45f87d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(10)"]},{"policyDefinitionReferenceId":"ACF1124","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c10152dd-78f8-4335-ae2d-ad92cc028da4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7"]},{"policyDefinitionReferenceId":"ACF1125","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c6ce745a-670e-47d3-a6c4-3cfe5ef00c10","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7"]},{"policyDefinitionReferenceId":"ACF1126","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f37f71b-420f-49bf-9477-9c0196974ecf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7(1)"]},{"policyDefinitionReferenceId":"ACF1127","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3ce328db-aef3-48ed-9f81-2ab7cf839c66","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8"]},{"policyDefinitionReferenceId":"ACF1128","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef212163-3bc4-4e86-bcf8-705127086393","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8"]},{"policyDefinitionReferenceId":"ACF1129","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/71bb965d-4047-4623-afd4-b8189a58df5d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8(1)"]},{"policyDefinitionReferenceId":"ACF1130","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd7c4c1d-51ee-4349-9dab-89a7f8c8d102","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8(1)"]},{"policyDefinitionReferenceId":"ACF1131","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b472a17e-c2bc-493f-b50b-42d55a346962","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9"]},{"policyDefinitionReferenceId":"ACF1132","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05938e10-cdbd-4a54-9b2b-1cbcfc141ad0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(2)"]},{"policyDefinitionReferenceId":"ACF1133","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90b60a09-133d-45bc-86ef-b206a6134bbe","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(3)"]},{"policyDefinitionReferenceId":"ACF1134","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e95f70e-181c-4422-9da2-43079710c789","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(4)"]},{"policyDefinitionReferenceId":"ACF1135","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9c308b6b-2429-4b97-86cf-081b8e737b04","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-10"]},{"policyDefinitionReferenceId":"ACF1136","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/97ed5bac-a92f-4f6d-a8ed-dc094723597c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-11"]},{"policyDefinitionReferenceId":"ACF1137","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4344df62-88ab-4637-b97b-bcaf2ec97e7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1138","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9c284fc0-268a-4f29-af44-3c126674edb4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1139","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ed62522-de00-4dda-9810-5205733d2f34","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1140","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90d8b8ad-8ee3-4db7-913f-2a53fcff5316","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12(1)"]},{"policyDefinitionReferenceId":"ACF1141","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6fdefbf4-93e7-4513-bc95-c1858b7093e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12(3)"]},{"policyDefinitionReferenceId":"ACF1142","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01524fa8-4555-48ce-ba5f-c3b8dcef5147","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-1"]},{"policyDefinitionReferenceId":"ACF1143","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c6de11b-5f51-4f7c-8d83-d2467c8a816e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-1"]},{"policyDefinitionReferenceId":"ACF1144","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2fa15ff1-a693-4ee4-b094-324818dc9a51","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1145","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0724970-9c75-4a64-a225-a28002953f28","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1146","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd83410c-ecb6-4547-8f14-748c3cbdc7ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1147","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fef824a-29a8-4a4c-88fc-420a39c0d541","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1148","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28e62650-c7c2-4786-bdfa-17edc1673902","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(1)"]},{"policyDefinitionReferenceId":"ACF1149","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2e1b855b-a013-481a-aeeb-2bcb129fd35d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(2)"]},{"policyDefinitionReferenceId":"ACF1150","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d630429d-e763-40b1-8fba-d20ba7314afb","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(3)"]},{"policyDefinitionReferenceId":"ACF1151","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/347e3b69-7fb7-47df-a8ef-71a1a7b44bca","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1152","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/beff0acf-7e67-40b2-b1ca-1a0e8205cf1b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1153","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/61cf3125-142c-4754-8a16-41ab4d529635","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1154","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e757ceb9-93b3-45fe-a4f4-f43f64f1ac5a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3(3)"]},{"policyDefinitionReferenceId":"ACF1155","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d33f9f1-12d0-46ad-9fbd-8f8046694977","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3(5)"]},{"policyDefinitionReferenceId":"ACF1156","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d52e864-9a3b-41ee-8f03-520815fe5378","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-5"]},{"policyDefinitionReferenceId":"ACF1157","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/15495367-cf68-464c-bbc3-f53ca5227b7a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-5"]},{"policyDefinitionReferenceId":"ACF1158","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fff50cf2-28eb-45b4-b378-c99412688907","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1159","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0925f098-7877-450b-8ba4-d1e55f2d8795","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1160","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3e797ca6-2aa8-4333-b335-7036f1110c05","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1161","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2f8f6c6-dde4-436b-a79d-bc50e129eb3a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1162","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1163","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/961663a1-8a91-4e59-b6f5-1eee57c0f49c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1164","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0fb8d3ce-9e96-481c-9c68-88d4e3019310","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1165","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47e10916-6c9e-446b-b0bd-ff5fd439d79d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1166","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bb02733d-3cc5-4bb0-a6cd-695ba2c2272e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1167","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cbb2be76-4891-430b-95a7-ca0b0a3d1300","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1168","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82409f9e-1f32-4775-bf07-b99d53a91b06","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7(1)"]},{"policyDefinitionReferenceId":"ACF1169","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e7ba2cb3-5675-4468-8b50-8486bdd998a5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7(3)"]},{"policyDefinitionReferenceId":"ACF1170","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8b78b9b3-ee3c-48e0-a243-ed6dba5b7a12","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-8"]},{"policyDefinitionReferenceId":"ACF1171","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d4820bc-8b61-4982-9501-2123cb776c00","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-8(1)"]},{"policyDefinitionReferenceId":"ACF1172","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b43e946e-a4c8-4b92-8201-4a39331db43c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-9"]},{"policyDefinitionReferenceId":"ACF1173","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4aff9e7-2e60-46fa-86be-506b79033fc5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-9"]},{"policyDefinitionReferenceId":"ACF1174","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/42a9a714-8fbb-43ac-b115-ea12d2bd652f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-1"]},{"policyDefinitionReferenceId":"ACF1175","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6dab4254-c30d-4bb7-ae99-1d21586c063c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-1"]},{"policyDefinitionReferenceId":"ACF1176","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c30690a5-7bf3-467f-b0cd-ef5c7c7449cd","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2"]},{"policyDefinitionReferenceId":"ACF1177","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1178","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7818b8f4-47c6-441a-90ae-12ce04e99893","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1179","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3f9ce557-c8ab-4e6c-bb2c-9b8ed002c46c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1180","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/874e7880-a067-42a7-bcbe-1a340f54c8cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(2)"]},{"policyDefinitionReferenceId":"ACF1181","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21839937-d241-4fa5-95c6-b669253d9ab9","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(3)"]},{"policyDefinitionReferenceId":"ACF1182","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f34f554-da4b-4786-8d66-7915c90893da","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(7)"]},{"policyDefinitionReferenceId":"ACF1183","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5352e3e0-e63a-452e-9e5f-9c1d181cff9c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(7)"]},{"policyDefinitionReferenceId":"ACF1184","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13579d0e-0ab0-4b26-b0fb-d586f6d7ed20","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1185","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6420cd73-b939-43b7-9d99-e8688fea053c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1186","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b95ba3bd-4ded-49ea-9d10-c6f4b680813d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1187","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9f2b2f9e-4ba6-46c3-907f-66db138b6f85","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1188","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bb20548a-c926-4e4d-855c-bcddc6faf95e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1189","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ee45e02a-4140-416c-82c4-fecfea660b9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1190","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c66a3d1e-465b-4f28-9da5-aef701b59892","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1191","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f26a61b-a74d-467c-99cf-63644db144f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1192","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ebd97f7-b105-4f50-8daf-c51465991240","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1193","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f5fd629f-3075-4cae-ab53-bad65495a4ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1194","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc34667f-397e-4a65-9b72-d0358f0b6b09","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1195","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d1e1d65c-1013-4484-bd54-991332e6a0d2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1196","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e7f4ea4-dd62-44f6-8886-ac6137cf52b0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1197","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a20d2eaa-88e2-4907-96a2-8f3a05797e5c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(2)"]},{"policyDefinitionReferenceId":"ACF1198","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f56be5c3-660b-4c61-9078-f67cf072c356","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(4)"]},{"policyDefinitionReferenceId":"ACF1199","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9a08d1c-09b1-48f1-90ea-029bbdf7111e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(6)"]},{"policyDefinitionReferenceId":"ACF1200","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e98fe9d7-2ed3-44f8-93b7-24dca69783ff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-4"]},{"policyDefinitionReferenceId":"ACF1201","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7daef997-fdd3-461b-8807-a608a6dd70f1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-4(1)"]},{"policyDefinitionReferenceId":"ACF1202","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40a2a83b-74f2-4c02-ae65-f460a5d2792a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5"]},{"policyDefinitionReferenceId":"ACF1203","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9012d14-e3e6-4d7b-b926-9f37b5537066","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(1)"]},{"policyDefinitionReferenceId":"ACF1204","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f4f6750-d1ab-4a4c-8dfd-af3237682665","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(2)"]},{"policyDefinitionReferenceId":"ACF1205","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b070cab-0fb8-4e48-ad29-fc90b4c2797c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(3)"]},{"policyDefinitionReferenceId":"ACF1206","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e0de232d-02a0-4652-872d-88afb4ae5e91","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(5)"]},{"policyDefinitionReferenceId":"ACF1207","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8713a0ed-0d1e-4d10-be82-83dffb39830e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(5)"]},{"policyDefinitionReferenceId":"ACF1208","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5ea87673-d06b-456f-a324-8abcee5c159f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1209","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ce669c31-9103-4552-ae9c-cdef4e03580d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1210","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3502c968-c490-4570-8167-1476f955e9b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1211","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a8b9dc8-6b00-4701-aa96-bba3277ebf50","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1212","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/56d970ee-4efc-49c8-8a4e-5916940d784c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6(1)"]},{"policyDefinitionReferenceId":"ACF1213","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/81f11e32-a293-4a58-82cd-134af52e2318","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6(2)"]},{"policyDefinitionReferenceId":"ACF1214","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f714a4e2-b580-47b6-ae8c-f2812d3750f3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7"]},{"policyDefinitionReferenceId":"ACF1215","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88fc93e8-4745-4785-b5a5-b44bb92c44ff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7"]},{"policyDefinitionReferenceId":"ACF1216","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7894fe6a-f5cb-44c8-ba90-c3f254ff9484","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(1)"]},{"policyDefinitionReferenceId":"ACF1217","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/edea4f20-b02c-4115-be75-86c080e5c0ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(1)"]},{"policyDefinitionReferenceId":"ACF1218","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4a1d0394-b9f5-493e-9e83-563fd0ac4df8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(2)"]},{"policyDefinitionReferenceId":"ACF1219","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2a39ac75-622b-4c88-9a3f-45b7373f7ef7","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1220","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40f31a7-81e1-4130-99e5-a02ceea2a1d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1221","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22589a07-0007-486a-86ca-95355081ae2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1222","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb39e62f-6bda-4558-8088-ec03d5670914","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8"]},{"policyDefinitionReferenceId":"ACF1223","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8"]},{"policyDefinitionReferenceId":"ACF1224","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28cfa30b-7f72-47ce-ba3b-eed26c8d2c82","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(1)"]},{"policyDefinitionReferenceId":"ACF1225","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8d096fe0-f510-4486-8b4d-d17dc230980b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(2)"]},{"policyDefinitionReferenceId":"ACF1226","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c158eb1c-ae7e-4081-8057-d527140c4e0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(3)"]},{"policyDefinitionReferenceId":"ACF1227","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03b78f5e-4877-4303-b0f4-eb6583f25768","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(3)"]},{"policyDefinitionReferenceId":"ACF1228","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/39c54140-5902-4079-8bb5-ad31936fe764","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(4)"]},{"policyDefinitionReferenceId":"ACF1229","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03752212-103c-4ab8-a306-7e813022ca9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(5)"]},{"policyDefinitionReferenceId":"ACF1230","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/11158848-f679-4e9b-aa7b-9fb07d945071","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1231","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/244e0c05-cc45-4fe7-bf36-42dcf01f457d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1232","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/396ba986-eac1-4d6d-85c4-d3fda6b78272","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1233","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d79001f-95fe-45d0-8736-f217e78c1f57","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1234","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b293f881-361c-47ed-b997-bc4e2296bc0b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1235","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c49c610b-ece4-44b3-988c-2172b70d6e46","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1236","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ba3ed84-c768-4e18-b87c-34ef1aff1b57","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1237","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e80b6812-0bfa-4383-8223-cdd86a46a890","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10(1)"]},{"policyDefinitionReferenceId":"ACF1238","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1239","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0be51298-f643-4556-88af-d7db90794879","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1240","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/129eb39f-d79a-4503-84cd-92f036b5e429","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1241","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eca4d7b2-65e2-4e04-95d4-c68606b063c3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11(1)"]},{"policyDefinitionReferenceId":"ACF1242","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf3b3293-667a-445e-a722-fa0b0afc0958","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-1"]},{"policyDefinitionReferenceId":"ACF1243","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ca9a4469-d6df-4ab2-a42f-1213c396f0ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-1"]},{"policyDefinitionReferenceId":"ACF1244","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a13a8f8-c163-4b1b-8554-d63569dab937","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1245","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0e45314-57b8-4623-80cd-bbb561f59516","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1246","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/398eb61e-8111-40d5-a0c9-003df28f1753","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1247","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e666db5-b2ef-4b06-aac6-09bfce49151b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1248","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50fc602d-d8e0-444b-a039-ad138ee5deb0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1249","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d3bf4251-0818-42db-950b-afd5b25a51c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1250","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8de614d8-a8b7-4f70-a62a-6d37089a002c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1251","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e2b3730-8c14-4081-8893-19dbb5de7348","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(1)"]},{"policyDefinitionReferenceId":"ACF1252","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a328fd72-8ff5-4f96-8c9c-b30ed95db4ab","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(2)"]},{"policyDefinitionReferenceId":"ACF1253","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0afce0b3-dd9f-42bb-af28-1e4284ba8311","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(3)"]},{"policyDefinitionReferenceId":"ACF1254","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/704e136a-4fe0-427c-b829-cd69957f5d2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(4)"]},{"policyDefinitionReferenceId":"ACF1255","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3793f5e-937f-44f7-bfba-40647ef3efa0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(5)"]},{"policyDefinitionReferenceId":"ACF1256","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/232ab24b-810b-4640-9019-74a7d0d6a980","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(8)"]},{"policyDefinitionReferenceId":"ACF1257","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b958b241-4245-4bd6-bd2d-b8f0779fb543","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1258","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7814506c-382c-4d33-a142-249dd4a0dbff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1259","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d9e18f7-bad9-4d30-8806-a0c9d5e26208","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1260","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/42254fc4-2738-4128-9613-72aaa4f0d9c3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3(1)"]},{"policyDefinitionReferenceId":"ACF1261","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/65aeceb5-a59c-4cb1-8d82-9c474be5d431","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1262","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/831e510e-db41-4c72-888e-a0621ab62265","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1263","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41472613-3b05-49f6-8fe8-525af113ce17","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1264","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd280d4b-50a1-42fb-a479-ece5878acf19","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(1)"]},{"policyDefinitionReferenceId":"ACF1265","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a18adb5b-1db6-4a5b-901a-7d3797d12972","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(2)"]},{"policyDefinitionReferenceId":"ACF1266","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b4a3eb2-c25d-40bf-ad41-5094b6f59cee","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(2)"]},{"policyDefinitionReferenceId":"ACF1267","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e97ba1d-be5d-4953-8da4-0cccf28f4805","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6"]},{"policyDefinitionReferenceId":"ACF1268","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23f6e984-3053-4dfc-ab48-543b764781f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6"]},{"policyDefinitionReferenceId":"ACF1269","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/19b9439d-865d-4474-b17d-97d2702fdb66","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(1)"]},{"policyDefinitionReferenceId":"ACF1270","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53c76a39-2097-408a-b237-b279f7b4614d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(2)"]},{"policyDefinitionReferenceId":"ACF1271","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da3bfb53-9c46-4010-b3db-a7ba1296dada","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(3)"]},{"policyDefinitionReferenceId":"ACF1272","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1273","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e77fcbf2-a1e8-44f1-860e-ed6583761e65","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1274","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2aee175f-cd16-4825-939a-a85349d96210","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1275","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a23d9d53-ad2e-45ef-afd5-e6d10900a737","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(1)"]},{"policyDefinitionReferenceId":"ACF1276","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e214e563-1206-4a43-a56b-ac5880c9c571","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(2)"]},{"policyDefinitionReferenceId":"ACF1277","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dc43e829-3d50-4a0a-aa0f-428d551862aa","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(3)"]},{"policyDefinitionReferenceId":"ACF1278","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8e5ef485-9e16-4c53-a475-fbb8107eac59","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(4)"]},{"policyDefinitionReferenceId":"ACF1279","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8"]},{"policyDefinitionReferenceId":"ACF1280","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa108498-b3a8-4ffb-9e79-1107e76afad3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(1)"]},{"policyDefinitionReferenceId":"ACF1281","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8dc459b3-0e77-45af-8d71-cfd8c9654fe2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(1)"]},{"policyDefinitionReferenceId":"ACF1282","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34042a97-ec6d-4263-93d2-8c1c46823b2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(2)"]},{"policyDefinitionReferenceId":"ACF1283","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9172e76-7f56-46e9-93bf-75d69bdb5491","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(3)"]},{"policyDefinitionReferenceId":"ACF1284","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/942b3e97-6ae3-410e-a794-c9c999b97c0b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1285","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01f7726b-db54-45c2-bcb5-9bd7a43796ee","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1286","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4f9b47a-2116-4e6f-88db-4edbf22753f1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1287","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/819dc6da-289d-476e-8500-7e341ef8677d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1288","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1289","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a724864-956a-496c-b778-637cb1d762cf","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1290","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/92f85ce9-17b7-49ea-85ee-ea7271ea6b82","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1291","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(1)"]},{"policyDefinitionReferenceId":"ACF1292","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d03516cf-0293-489f-9b32-a18f2a79f836","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(2)"]},{"policyDefinitionReferenceId":"ACF1293","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/87f7cd82-2e45-4d0f-9e2f-586b0962d142","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(3)"]},{"policyDefinitionReferenceId":"ACF1294","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/49dbe627-2c1e-438c-979e-dd7a39bbf81d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(5)"]},{"policyDefinitionReferenceId":"ACF1295","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a895fbdb-204d-4302-9689-0a59dc42b3d9","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10"]},{"policyDefinitionReferenceId":"ACF1296","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e57b98a0-a011-4956-a79d-5d17ed8b8e48","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10(2)"]},{"policyDefinitionReferenceId":"ACF1297","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93fd8af1-c161-4bae-9ba9-f62731f76439","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10(4)"]},{"policyDefinitionReferenceId":"ACF1298","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1dc784b5-4895-4d27-9d40-a06b032bd1ee","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-1"]},{"policyDefinitionReferenceId":"ACF1299","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd4e54f7-9ab0-4bae-b6cc-457809948a89","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-1"]},{"policyDefinitionReferenceId":"ACF1300","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/99deec7d-5526-472e-b07c-3645a792026a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2"]},{"policyDefinitionReferenceId":"ACF1301","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"ACF1302","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09828c65-e323-422b-9774-9d5c646124da","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(2)"]},{"policyDefinitionReferenceId":"ACF1303","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/80ca0a27-918a-4604-af9e-723a27ee51e8","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(3)"]},{"policyDefinitionReferenceId":"ACF1304","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(4)"]},{"policyDefinitionReferenceId":"ACF1305","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d9166a8-1722-4b8f-847c-2cf3f2618b3d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(5)"]},{"policyDefinitionReferenceId":"ACF1306","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(8)"]},{"policyDefinitionReferenceId":"ACF1307","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84e622c8-4bed-417c-84c6-b2fb0dd73682","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(9)"]},{"policyDefinitionReferenceId":"ACF1308","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/81817e1c-5347-48dd-965a-40159d008229","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(11)"]},{"policyDefinitionReferenceId":"ACF1309","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f355d62b-39a8-4ba3-abf7-90f71cb3b000","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(12)"]},{"policyDefinitionReferenceId":"ACF1310","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/450d7ede-823d-4931-a99d-57f6a38807dc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-3"]},{"policyDefinitionReferenceId":"ACF1311","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e7568697-0c9e-4ea3-9cec-9e567d14f3c6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1312","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d6a5968-9eef-4c18-8534-376790ab7274","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1313","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36220f5b-79a1-4cdb-8c74-2d2449f9a510","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1314","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef0c8530-efd9-45b8-b753-f03083d06295","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1315","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3aa87116-f1a1-4edb-bfbf-14e036f8d454","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1316","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ce14753-66e5-465d-9841-26ef55c09c0d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4(4)"]},{"policyDefinitionReferenceId":"ACF1317","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8877f519-c166-47b7-81b7-8a8eb4ff3775","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1318","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fced5fda-3bdb-4d73-bfea-0e2c80428b66","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1319","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/66f7ae57-5560-4fc5-85c9-659f204e7a42","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1320","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6f54c732-71d4-4f93-a696-4e373eca3a77","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1321","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb627cc6-3a9d-46b5-96b7-5fca49178a37","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1322","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d1d971e-467e-4278-9633-c74c3d4fecc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1323","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abe8f70b-680f-470c-9b86-a7edfb664ecc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1324","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cfea2b3-7f77-497e-ac20-0752f2ff6eee","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1325","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1845796a-7581-49b2-ae20-443121538e19","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1326","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8605fc00-1bf5-4fb3-984e-c95cec4f231d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1327","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03188d8f-1ae5-4fe1-974d-2d7d32ef937d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1328","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f5c66fdc-3d02-4034-9db5-ba57802609de","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1329","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/498f6234-3e20-4b6a-a880-cbd646d973bd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1330","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f75cedb2-5def-4b31-973e-b69e8c7bd031","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1331","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05460fe2-301f-4ed1-8174-d62c8bb92ff4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1332","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/068260be-a5e6-4b0a-a430-cd27071c226a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1333","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3298d6bf-4bc6-4278-a95d-f7ef3ac6e594","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1334","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44bfdadc-8c2e-4c30-9c99-f005986fabcd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1335","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/382016f3-d4ba-4e15-9716-55077ec4dc2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1336","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/77f56280-e367-432a-a3b9-8ca2aa636a26","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1337","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/463e5220-3f79-4e24-a63f-343e4096cd22","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(3)"]},{"policyDefinitionReferenceId":"ACF1338","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6c59a207-6aed-41dc-83a2-e1ff66e4a4db","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(4)"]},{"policyDefinitionReferenceId":"ACF1339","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/367ae386-db7f-4167-b672-984ff86277c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(6)"]},{"policyDefinitionReferenceId":"ACF1340","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e51ff84b-e5ea-408f-b651-2ecc2933e4c6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(7)"]},{"policyDefinitionReferenceId":"ACF1341","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34cb7e92-fe4c-4826-b51e-8cd203fa5d35","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(8)"]},{"policyDefinitionReferenceId":"ACF1342","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/283a4e29-69d5-4c94-b99e-29acf003c899","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(11)"]},{"policyDefinitionReferenceId":"ACF1343","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c251a55-31eb-4e53-99c6-e9c43c393ac2","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(13)"]},{"policyDefinitionReferenceId":"ACF1344","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c895fe7-2d8e-43a2-838c-3a533a5b355e","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-6"]},{"policyDefinitionReferenceId":"ACF1345","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f86aa129-7c07-4aa4-bbf5-792d93ffd9ea","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-7"]},{"policyDefinitionReferenceId":"ACF1346","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/464dc8ce-2200-4720-87a5-dc5952924cc6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8"]},{"policyDefinitionReferenceId":"ACF1347","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/131a2706-61e9-4916-a164-00e052056462","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(1)"]},{"policyDefinitionReferenceId":"ACF1348","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/855ced56-417b-4d74-9d5f-dd1bc81e22d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(2)"]},{"policyDefinitionReferenceId":"ACF1349","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17641f70-94cd-4a5d-a613-3d1143e20e34","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(3)"]},{"policyDefinitionReferenceId":"ACF1350","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d77fd943-6ba6-4a21-ba07-22b03e347cc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(4)"]},{"policyDefinitionReferenceId":"ACF1351","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bcfb6683-05e5-4ce6-9723-c3fbe9896bdd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-1"]},{"policyDefinitionReferenceId":"ACF1352","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/518cb545-bfa8-43f8-a108-3b7d5037469a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-1"]},{"policyDefinitionReferenceId":"ACF1353","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c785ad59-f78f-44ad-9a7f-d1202318c748","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1354","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9fd92c17-163a-4511-bb96-bbb476449796","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1355","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90e01f69-3074-4de8-ade7-0fef3e7d83e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1356","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8829f8f5-e8be-441e-85c9-85b72a5d0ef3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2(1)"]},{"policyDefinitionReferenceId":"ACF1357","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e4213689-05e8-4241-9d4e-8dd1cdafd105","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2(2)"]},{"policyDefinitionReferenceId":"ACF1358","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/effbaeef-5bf4-400d-895e-ef8cbc0e64c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-3"]},{"policyDefinitionReferenceId":"ACF1359","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47bc7ea0-7d13-4f7c-a154-b903f7194253","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-3(2)"]},{"policyDefinitionReferenceId":"ACF1360","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/be5b05e7-0b82-4ebc-9eda-25e447b1a41e","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1361","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03ed3be1-7276-4452-9a5d-e4168565ac67","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1362","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5d169442-d6ef-439b-8dca-46c2c3248214","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1363","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea3e8156-89a1-45b1-8bd6-938abc79fdfd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(1)"]},{"policyDefinitionReferenceId":"ACF1364","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c615c2a-dc83-4dda-8220-abce7b50c9bc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(2)"]},{"policyDefinitionReferenceId":"ACF1365","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4116891d-72f7-46ee-911c-8056cc8dcbd5","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(3)"]},{"policyDefinitionReferenceId":"ACF1366","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06c45c30-ae44-4f0f-82be-41331da911cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(4)"]},{"policyDefinitionReferenceId":"ACF1367","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/435b2547-6374-4f87-b42d-6e8dbe6ae62a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(6)"]},{"policyDefinitionReferenceId":"ACF1368","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/465f32da-0ace-4603-8d1b-7be5a3a702de","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(8)"]},{"policyDefinitionReferenceId":"ACF1369","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/18cc35ed-a429-486d-8d59-cb47e87304ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-5"]},{"policyDefinitionReferenceId":"ACF1370","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/924e1b2d-c502-478f-bfdb-a7e09a0d5c01","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-5(1)"]},{"policyDefinitionReferenceId":"ACF1371","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9447f354-2c85-4700-93b3-ecdc6cb6a417","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6"]},{"policyDefinitionReferenceId":"ACF1372","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/25b96717-c912-4c00-9143-4e487f411726","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6"]},{"policyDefinitionReferenceId":"ACF1373","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4cca950f-c3b7-492a-8e8f-ea39663c14f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6(1)"]},{"policyDefinitionReferenceId":"ACF1374","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc5c8616-52ef-4e5e-8000-491634ed9249","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7"]},{"policyDefinitionReferenceId":"ACF1375","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/00379355-8932-4b52-b63a-3bc6daf3451a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(1)"]},{"policyDefinitionReferenceId":"ACF1376","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/493a95f3-f2e3-47d0-af02-65e6d6decc2f","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(2)"]},{"policyDefinitionReferenceId":"ACF1377","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68434bd1-e14b-4031-9edb-a4adf5f84a67","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(2)"]},{"policyDefinitionReferenceId":"ACF1378","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/97fceb70-6983-42d0-9331-18ad8253184d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1379","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9442dd2c-a07f-46cd-b55a-553b66ba47ca","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1380","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4319b7e-ea8d-42ff-8a67-ccd462972827","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1381","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e5368258-9684-4567-8126-269f34e65eab","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1382","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/841392b3-40da-4473-b328-4cde49db67b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1383","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d4558451-e16a-4d2d-a066-fe12a6282bb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1384","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/79fbc228-461c-4a45-9004-a865ca0728a7","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1385","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3e495e65-8663-49ca-9b38-9f45e800bc58","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1386","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5120193e-91fd-4f9d-bc6d-194f94734065","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1387","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3007185-3857-43a9-8237-06ca94f1084c","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1388","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c7c575a-d4c5-4f6f-bd49-dee97a8cba55","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1389","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c39e6fda-ae70-4891-a739-be7bba6d1062","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1390","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3b65b63-09ec-4cb5-8028-7dd324d10eb0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(1)"]},{"policyDefinitionReferenceId":"ACF1391","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd6ac1a1-660e-4810-baa8-74e868e2ed47","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(2)"]},{"policyDefinitionReferenceId":"ACF1392","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86dc819f-15e1-43f9-a271-41ae58d4cecc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(3)"]},{"policyDefinitionReferenceId":"ACF1393","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/731856d8-1598-4b75-92de-7d46235747c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(4)"]},{"policyDefinitionReferenceId":"ACF1394","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4db56f68-3f50-45ab-88f3-ca46f5379a94","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-1"]},{"policyDefinitionReferenceId":"ACF1395","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7207a023-a517-41c5-9df2-09d4c6845a05","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-1"]},{"policyDefinitionReferenceId":"ACF1396","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/276af98f-4ff9-4e69-99fb-c9b2452fb85f","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1397","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/391af4ab-1117-46b9-b2c7-78bbd5cd995b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1398","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/443e8f3d-b51a-45d8-95a7-18b0e42f4dc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1399","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2256e638-eb23-480f-9e15-6cf1af0a76b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1400","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a96d5098-a604-4cdf-90b1-ef6449a27424","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1401","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b78ee928-e3c1-4569-ad97-9f8c4b629847","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1402","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a560d32-8075-4fec-9615-9f7c853f4ea9","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2(2)"]},{"policyDefinitionReferenceId":"ACF1403","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/57149289-d52b-4f40-9fe6-5233c1ef80f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2(2)"]},{"policyDefinitionReferenceId":"ACF1404","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13d8f903-0cd6-449f-a172-50f6579c182b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3"]},{"policyDefinitionReferenceId":"ACF1405","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(1)"]},{"policyDefinitionReferenceId":"ACF1406","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0f5339c-9292-43aa-a0bc-d27c6b8e30aa","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(2)"]},{"policyDefinitionReferenceId":"ACF1407","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ff9fbd83-1d8d-4b41-aac2-94cb44b33976","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1408","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c5f56ac6-4bb2-4086-bc41-ad76344ba2c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1409","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d1880188-e51a-4772-b2ab-68f5e8bd27f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1410","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2596a9f-e59f-420d-9625-6e0b536348be","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1411","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/898d4fe8-f743-4333-86b7-0c9245d93e7d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1412","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3492d949-0dbb-4589-88b3-7b59601cc764","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1413","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeedddb6-6bc0-42d5-809b-80048033419d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1414","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ce63a52-e47b-4ae2-adbb-6e40d967f9e6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1415","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/61a1dd98-b259-4840-abd5-fbba7ee0da83","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1416","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/38dfd8a3-5290-4099-88b7-4081f4c4d8ae","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(2)"]},{"policyDefinitionReferenceId":"ACF1417","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7522ed84-70d5-4181-afc0-21e50b1b6d0e","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(3)"]},{"policyDefinitionReferenceId":"ACF1418","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28e633fd-284e-4ea7-88b4-02ca157ed713","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(3)"]},{"policyDefinitionReferenceId":"ACF1419","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6747bf9-2b97-45b8-b162-3c8becb9937d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(6)"]},{"policyDefinitionReferenceId":"ACF1420","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05ae08cc-a282-413b-90c7-21a2c60b8404","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1421","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e539caaa-da8c-41b8-9e1e-449851e2f7a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1422","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea556850-838d-4a37-8ce5-9d7642f95e11","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1423","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7741669e-d4f6-485a-83cb-e70ce7cbbc20","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5(1)"]},{"policyDefinitionReferenceId":"ACF1424","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf55fc87-48e1-4676-a2f8-d9a8cf993283","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5(1)"]},{"policyDefinitionReferenceId":"ACF1425","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5983d99c-f39b-4c32-a3dc-170f19f6941b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-6"]},{"policyDefinitionReferenceId":"ACF1426","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21f639bc-f42b-46b1-8f40-7a2a389c291a","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-1"]},{"policyDefinitionReferenceId":"ACF1427","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc90e44f-d83f-4bdf-900f-3d5eb4111b31","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-1"]},{"policyDefinitionReferenceId":"ACF1428","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a77fcc7-b8d8-451a-ab52-56197913c0c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-2"]},{"policyDefinitionReferenceId":"ACF1429","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b07c9b24-729e-4e85-95fc-f224d2d08a80","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-3"]},{"policyDefinitionReferenceId":"ACF1430","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f559588-5e53-4b14-a7c4-85d28ebc2234","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-3"]},{"policyDefinitionReferenceId":"ACF1431","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7173c52-2b99-4696-a576-63dd5f970ef4","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-4"]},{"policyDefinitionReferenceId":"ACF1432","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1140e542-b80d-4048-af45-3f7245be274b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-4"]},{"policyDefinitionReferenceId":"ACF1433","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b879b41-2728-41c5-ad24-9ee2c37cbe65","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1434","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c18f06b-a68d-41c3-8863-b8cd3acb5f8f","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1435","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa8d221b-d130-4637-ba16-501e666628bb","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1436","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28aab8b4-74fd-4b7c-9080-5a7be525d574","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1437","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d1eb6ed-bf13-4046-b993-b9e2aef0f76c","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5(4)"]},{"policyDefinitionReferenceId":"ACF1438","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40fcc635-52a2-4dbc-9523-80a1f4aa1de6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6"]},{"policyDefinitionReferenceId":"ACF1439","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dce72873-c5f1-47c3-9b4f-6b8207fd5a45","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6"]},{"policyDefinitionReferenceId":"ACF1440","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/881299bf-2a5b-4686-a1b2-321d33679953","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(1)"]},{"policyDefinitionReferenceId":"ACF1441","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6519d7f3-e8a2-4ff3-a935-9a9497152ad7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(2)"]},{"policyDefinitionReferenceId":"ACF1442","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f26049b-2c5a-4841-9ff3-d48a26aae475","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(3)"]},{"policyDefinitionReferenceId":"ACF1443","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cd0ec6fa-a2e7-4361-aee4-a8688659a9ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-7"]},{"policyDefinitionReferenceId":"ACF1444","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/666143df-f5e0-45bd-b554-135f0f93e44e","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-7(1)"]},{"policyDefinitionReferenceId":"ACF1445","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32d07d59-2716-4972-b37b-214a67ac4a37","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-1"]},{"policyDefinitionReferenceId":"ACF1446","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf6850fe-abba-468e-9ef4-d09ec7d983cd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-1"]},{"policyDefinitionReferenceId":"ACF1447","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9783a99-98fe-4a95-873f-29613309fe9a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1448","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/825d6494-e583-42f2-a3f2-6458e6f0004f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1449","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f784d3b0-5f2b-49b7-b9f3-00ba8653ced5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1450","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/134d7a13-ba3e-41e2-b236-91bfcfa24e01","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1451","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3f1e5a3-25c1-4476-8cb6-3955031f8e65","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1452","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82c76455-4d3f-4e09-a654-22e592107e74","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1453","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9693b564-3008-42bc-9d5d-9c7fe198c011","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1454","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ad58985d-ab32-4f99-8bd3-b7e134c90229","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1455","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/068a88d4-e520-434e-baf0-9005a8164e6a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1456","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/733ba9e3-9e7c-440a-a7aa-6196a90a2870","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1457","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f2d9d3e6-8886-4305-865d-639163e5c305","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1458","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c19ceb7-56e9-4488-8ddb-b1eb3aa6d203","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3(1)"]},{"policyDefinitionReferenceId":"ACF1459","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-4"]},{"policyDefinitionReferenceId":"ACF1460","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6f3ce1bb-4f77-4695-8355-70b08d54fdda","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-5"]},{"policyDefinitionReferenceId":"ACF1461","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aafef03e-fea8-470b-88fa-54bd1fcd7064","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1462","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9b1f3a9a-13a1-4b40-8420-36bca6fd8c02","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1463","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/59721f87-ae25-4db0-a2a4-77cc5b25d495","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1464","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41256567-1795-4684-b00b-a1308ce43cac","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6(1)"]},{"policyDefinitionReferenceId":"ACF1465","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6e41554-86b5-4537-9f7f-4fc41a1d1640","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6(4)"]},{"policyDefinitionReferenceId":"ACF1466","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d943a9c-a6f1-401f-a792-740cdb09c451","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8"]},{"policyDefinitionReferenceId":"ACF1467","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5350cbf9-8bdd-4904-b22a-e88be84ca49d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8"]},{"policyDefinitionReferenceId":"ACF1468","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/75603f96-80a1-4757-991d-5a1221765ddd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8(1)"]},{"policyDefinitionReferenceId":"ACF1469","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-9"]},{"policyDefinitionReferenceId":"ACF1470","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c89ba09f-2e0f-44d0-8095-65b05bd151ef","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1471","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7dd0e9ce-1772-41fb-a50a-99977071f916","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1472","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef869332-921d-4c28-9402-3be73e6e50c8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1473","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d7047705-d719-46a7-8bb0-76ad233eba71","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-11"]},{"policyDefinitionReferenceId":"ACF1474","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03ad326e-d7a1-44b1-9a76-e17492efc9e4","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-11(1)"]},{"policyDefinitionReferenceId":"ACF1475","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34a63848-30cf-4081-937e-ce1a1c885501","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-12"]},{"policyDefinitionReferenceId":"ACF1476","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f3c4ac2-3e35-4906-a80b-473b12a622d7","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13"]},{"policyDefinitionReferenceId":"ACF1477","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4862a63c-6c74-4a9d-a221-89af3c374503","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(1)"]},{"policyDefinitionReferenceId":"ACF1478","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f997df46-cfbb-4cc8-aac8-3fecdaf6a183","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(2)"]},{"policyDefinitionReferenceId":"ACF1479","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e327b072-281d-4f75-9c28-4216e5d72f26","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(3)"]},{"policyDefinitionReferenceId":"ACF1480","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/18a767cc-1947-4338-a240-bc058c81164f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14"]},{"policyDefinitionReferenceId":"ACF1481","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/717a1c78-a267-4f56-ac58-ee6c54dc4339","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14"]},{"policyDefinitionReferenceId":"ACF1482","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9df4277e-8c88-4d5c-9b1a-541d53d15d7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14(2)"]},{"policyDefinitionReferenceId":"ACF1483","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5cb81060-3c8a-4968-bcdc-395a1801f6c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-15"]},{"policyDefinitionReferenceId":"ACF1484","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/486b006a-3653-45e8-b41c-a052d3e05456","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-15(1)"]},{"policyDefinitionReferenceId":"ACF1485","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50301354-95d0-4a11-8af5-8039ecf6d38b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-16"]},{"policyDefinitionReferenceId":"ACF1486","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb790345-a51f-43de-934e-98dbfaf9dca5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1487","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c3371d-c30c-4f58-abd9-30b8a8199571","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1488","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d8ef30eb-a44f-47af-8524-ac19a36d41d2","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1489","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0a794f-1444-4c96-9534-e35fc8c39c91","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-18"]},{"policyDefinitionReferenceId":"ACF1490","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e61da80-0957-4892-b70c-609d5eaafb6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-1"]},{"policyDefinitionReferenceId":"ACF1491","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1571dd40-dafc-4ef4-8f55-16eba27efc7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-1"]},{"policyDefinitionReferenceId":"ACF1492","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ad5f307-e045-46f7-8214-5bdb7e973737","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1493","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22b469b3-fccf-42da-aa3b-a28e6fb113ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1494","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ed09d84-3311-4853-8b67-2b55dfa33d09","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1495","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4978d0e-a596-48e7-9f8c-bbf52554ce8d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1496","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ca96127-2f87-46ab-a4fc-0d2a786df1c8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1497","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2e3c5583-1729-4d36-8771-59c32f090a22","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2(3)"]},{"policyDefinitionReferenceId":"ACF1498","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/633988b9-cf2f-4323-8394-f0d2af9cd6e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1499","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e59671ab-9720-4ee2-9c60-170e8c82251e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1500","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9dd5b241-03cb-47d3-a5cd-4b89f9c53c92","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1501","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88817b58-8472-4f6c-81fa-58ce42b67f51","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1502","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e901375c-8f01-4ac8-9183-d5312f47fe63","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4(1)"]},{"policyDefinitionReferenceId":"ACF1503","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c1fa9c2f-d439-4ab9-8b83-81fb1934f81d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1504","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e7c35d0-12d4-4e0c-80a2-8a352537aefd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1505","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/813a10a7-3943-4fe3-8678-00dc52db5490","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1506","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f7d2ff17-d604-4dd9-b607-9ecf63f28ad2","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-1"]},{"policyDefinitionReferenceId":"ACF1507","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86ccd1bf-e7ad-4851-93ce-6ec817469c1e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-1"]},{"policyDefinitionReferenceId":"ACF1508","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/76f500cc-4bca-4583-bda1-6d084dc21086","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1509","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/70792197-9bfc-4813-905a-bd33993e327f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1510","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/79da5b09-0e7e-499e-adda-141b069c7998","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1511","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9eae324-d327-4539-9293-b48e122465f8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3"]},{"policyDefinitionReferenceId":"ACF1512","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5a8324ad-f599-429b-aaed-f9c6e8c987a8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3"]},{"policyDefinitionReferenceId":"ACF1513","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c416970d-b12b-49eb-8af4-fb144cd7c290","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3(3)"]},{"policyDefinitionReferenceId":"ACF1514","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ed5ca00-0e43-434e-a018-7aab91461ba7","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3(3)"]},{"policyDefinitionReferenceId":"ACF1515","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02dd141a-a2b2-49a7-bcbd-ca31142f6211","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1516","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da3cd269-156f-435b-b472-c3af34c032ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1517","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8f5ad423-50d6-4617-b058-69908f5586c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1518","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d58f734-c052-40e9-8b2f-a1c2bff0b815","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1519","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2f13915a-324c-4ab8-b45c-2eefeeefb098","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1520","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f2c513b-eb16-463b-b469-c10e5fa94f0a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1521","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cbddf9c-a3aa-4330-a0f5-4c0c1f1862e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4(2)"]},{"policyDefinitionReferenceId":"ACF1522","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/38b470cc-f939-4a15-80e0-9f0c74f2e2c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1523","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5577a310-2551-49c8-803b-36e0d5e55601","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1524","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/72f1cb4e-2439-4fe8-88ea-b8671ce3c268","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1525","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9be2f688-7a61-45e3-8230-e1ec93893f66","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1526","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/953e6261-a05a-44fd-8246-000e1a3edbb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1527","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2823de66-332f-4bfd-94a3-3eb036cd3b67","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1528","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/deb9797c-22f8-40e8-b342-a84003c924e6","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1529","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d74fdc92-1cb8-4a34-9978-8556425cd14c","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1530","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e8f9566-29f1-49cd-b61f-f8628a3cf993","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1531","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0643e0c-eee5-4113-8684-c608d05c5236","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1532","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2c66299-9017-4d95-8040-8bdbf7901d52","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1533","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bba2a036-fb3b-4261-b1be-a13dfb5fbcaa","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1534","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8b2b263e-cd05-4488-bcbf-4debec7a17d9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-8"]},{"policyDefinitionReferenceId":"ACF1535","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9a165d2-967d-4733-8399-1074270dae2e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-8"]},{"policyDefinitionReferenceId":"ACF1536","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e40d9de-2ad4-4cb5-8945-23143326a502","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-1"]},{"policyDefinitionReferenceId":"ACF1537","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b19454ca-0d70-42c0-acf5-ea1c1e5726d1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-1"]},{"policyDefinitionReferenceId":"ACF1538","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d7658b2-e827-49c3-a2ae-6d2bd0b45874","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1539","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aabb155f-e7a5-4896-a767-e918bfae2ee0","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1540","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f771f8cb-6642-45cc-9a15-8a41cd5c6977","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1541","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/70f6af82-7be6-44aa-9b15-8b9231b2e434","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1542","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eab340d0-3d55-4826-a0e5-feebfeb0131d","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1543","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd00b778-b5b5-49c0-a994-734ea7bd3624","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1544","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/43ced7c9-cd53-456b-b0da-2522649a4271","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1545","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3f4b171a-a56b-4328-8112-32cf7f947ee1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1546","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ce1ea7e-4038-4e53-82f4-63e8859333c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1547","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1548","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3afe6c78-6124-4d95-b85c-eb8c0c9539cb","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1549","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d6976a08-d969-4df2-bb38-29556c2eb48a","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1550","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/902908fb-25a8-4225-a3a5-5603c80066c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1551","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bbda922-0172-4095-89e6-5b4a0bf03af7","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(1)"]},{"policyDefinitionReferenceId":"ACF1552","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/43684572-e4f1-4642-af35-6b933bc506da","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(2)"]},{"policyDefinitionReferenceId":"ACF1553","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e5225fe-cdfb-4fce-9aec-0fe20dd53b62","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(3)"]},{"policyDefinitionReferenceId":"ACF1554","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10984b4e-c93e-48d7-bf20-9c03b04e9eca","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(4)"]},{"policyDefinitionReferenceId":"ACF1555","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5afa8cab-1ed7-4e40-884c-64e0ac2059cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(5)"]},{"policyDefinitionReferenceId":"ACF1556","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/391ff8b3-afed-405e-9f7d-ef2f8168d5da","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(6)"]},{"policyDefinitionReferenceId":"ACF1557","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36fbe499-f2f2-41b6-880e-52d7ea1d94a5","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(8)"]},{"policyDefinitionReferenceId":"ACF1558","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/65592b16-4367-42c5-a26e-d371be450e17","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(10)"]},{"policyDefinitionReferenceId":"ACF1559","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45692294-f074-42bd-ac54-16f1a3c07554","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-1"]},{"policyDefinitionReferenceId":"ACF1560","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e29e0915-5c2f-4d09-8806-048b749ad763","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-1"]},{"policyDefinitionReferenceId":"ACF1561","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40364c3f-c331-4e29-b1e3-2fbe998ba2f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1562","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d4142013-7964-4163-a313-a900301c2cef","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1563","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9afe2edf-232c-4fdf-8e6a-e867a5c525fd","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1564","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/157f0ef9-143f-496d-b8f9-f8c8eeaad801","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1565","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45ce2396-5c76-4654-9737-f8792ab3d26b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1566","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50ad3724-e2ac-4716-afcc-d8eabd97adb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1567","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e72edbf6-aa61-436d-a227-0f32b77194b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1568","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6a8eae8-9854-495a-ac82-d2cd3eac02a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1569","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ad2f8e61-a564-4dfd-8eaa-816f5be8cb34","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1570","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7fcf38d-bb09-4600-be7d-825046eb162a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1571","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b11c985b-f2cd-4bd7-85f4-b52426edf905","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1572","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/04f5fb00-80bb-48a9-a75b-4cb4d4c97c36","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1573","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/58c93053-7b98-4cf0-b99f-1beb985416c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1574","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f935dab-83d6-47b8-85ef-68b8584161b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1575","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93e1bb73-1b08-4dbe-9c62-8e2e92e7ec41","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(1)"]},{"policyDefinitionReferenceId":"ACF1576","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f18c885-ade3-48c5-80b1-8f9216019c18","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(2)"]},{"policyDefinitionReferenceId":"ACF1577","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d922484a-8cfc-4a6b-95a4-77d6a685407f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(8)"]},{"policyDefinitionReferenceId":"ACF1578","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45b7b644-5f91-498e-9d89-7402532d3645","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(9)"]},{"policyDefinitionReferenceId":"ACF1579","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e54c7ef-7457-430b-9a3e-ef8881d4a8e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(10)"]},{"policyDefinitionReferenceId":"ACF1580","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/854db8ac-6adf-42a0-bef3-b73f764f40b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1581","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/742b549b-7a25-465f-b83c-ea1ffb4f4e0e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1582","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cd9e2f38-259b-462c-bfad-0ad7ab4e65c5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1583","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0882d488-8e80-4466-bc0f-0cd15b6cb66d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1584","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5864522b-ff1d-4979-a9f8-58bee1fb174c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1585","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d57f8732-5cdc-4cda-8d27-ab148e1f3a55","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-8"]},{"policyDefinitionReferenceId":"ACF1586","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e3b2fbd-8f37-4766-a64d-3f37703dcb51","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1587","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32820956-9c6d-4376-934c-05cd8525be7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1588","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68ebae26-e0e0-4ecb-8379-aabf633b51e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1589","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86ec7f9b-9478-40ff-8cfd-6a0d510081a8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(1)"]},{"policyDefinitionReferenceId":"ACF1590","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf296b8c-f391-4ea4-9198-be3c9d39dd1f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(1)"]},{"policyDefinitionReferenceId":"ACF1591","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f751cdb7-fbee-406b-969b-815d367cb9b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(2)"]},{"policyDefinitionReferenceId":"ACF1592","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d01ba6c-289f-42fd-a408-494b355b6222","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(4)"]},{"policyDefinitionReferenceId":"ACF1593","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2cd0a426-b5f5-4fe0-9539-a6043cdbc6fa","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(5)"]},{"policyDefinitionReferenceId":"ACF1594","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/042ba2a1-8bb8-45f4-b080-c78cf62b90e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1595","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1e0414e7-6ef5-4182-8076-aa82fbb53341","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1596","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21e25e01-0ae0-41be-919e-04ce92b8e8b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1597","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68b250ec-2e4f-4eee-898a-117a9fda7016","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1598","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae7e1f5e-2d63-4b38-91ef-bce14151cce3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1599","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0004bbf0-5099-4179-869e-e9ffe5fb0945","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10(1)"]},{"policyDefinitionReferenceId":"ACF1600","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c53f3123-d233-44a7-930b-f40d3bfeb7d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1601","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1602","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ddae2e97-a449-499f-a1c8-aea4a7e52ec9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1603","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b909c26-162f-47ce-8e15-0c1f55632eac","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1604","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44dbba23-0b61-478e-89c7-b3084667782f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1605","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0062eb8b-dc75-4718-8ea5-9bb4a9606655","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(1)"]},{"policyDefinitionReferenceId":"ACF1606","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(2)"]},{"policyDefinitionReferenceId":"ACF1607","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/976a74cf-b192-4d35-8cab-2068f272addb","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(8)"]},{"policyDefinitionReferenceId":"ACF1608","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b73b7b3b-677c-4a2a-b949-ad4dc4acd89f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-12"]},{"policyDefinitionReferenceId":"ACF1609","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e93fa71-42ac-41a7-b177-efbfdc53c69f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-15"]},{"policyDefinitionReferenceId":"ACF1610","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9f3fb54-4222-46a1-a308-4874061f8491","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-15"]},{"policyDefinitionReferenceId":"ACF1611","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-16"]},{"policyDefinitionReferenceId":"ACF1612","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2037b3d-8b04-4171-8610-e6d4f1d08db5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1613","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fe2ad78b-8748-4bff-a924-f74dfca93f30","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1614","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8154e3b3-cc52-40be-9407-7756581d71f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1615","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f35e02aa-0a55-49f8-8811-8abfa7e6f2c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-1"]},{"policyDefinitionReferenceId":"ACF1616","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2006457a-48b3-4f7b-8d2e-1532287f9929","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-1"]},{"policyDefinitionReferenceId":"ACF1617","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a631d8f5-eb81-4f9d-9ee1-74431371e4a3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-2"]},{"policyDefinitionReferenceId":"ACF1618","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f52f89aa-4489-4ec4-950e-8c96a036baa9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-3"]},{"policyDefinitionReferenceId":"ACF1619","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c722e569-cb52-45f3-a643-836547d016e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-4"]},{"policyDefinitionReferenceId":"ACF1620","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d17c826b-1dec-43e1-a984-7b71c446649c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-5"]},{"policyDefinitionReferenceId":"ACF1621","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cb9f731-744a-4691-a481-ca77b0411538","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-6"]},{"policyDefinitionReferenceId":"ACF1622","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ecf56554-164d-499a-8d00-206b07c27bed","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1623","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02ce1b22-412a-4528-8630-c42146f917ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1624","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37d079e3-d6aa-4263-a069-dd7ac6dd9684","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1625","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9b66a4d-70a1-4b47-8fa1-289cec68c605","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(3)"]},{"policyDefinitionReferenceId":"ACF1626","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8f6bddd-6d67-439a-88d4-c5fe39a79341","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1627","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd73310d-76fc-422d-bda4-3a077149f179","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1628","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/67de62b4-a737-4781-8861-3baed3c35069","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1629","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c171b095-7756-41de-8644-a062a96043f2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1630","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3643717a-3897-4bfd-8530-c7c96b26b2a0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1631","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74ae9b8e-e7bb-4c9c-992f-c535282f7a2c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(5)"]},{"policyDefinitionReferenceId":"ACF1632","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ce9073a-77fa-48f0-96b1-87aa8e6091c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(7)"]},{"policyDefinitionReferenceId":"ACF1633","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/07557aa0-e02f-4460-9a81-8ecd2fed601a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(8)"]},{"policyDefinitionReferenceId":"ACF1634","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/292a7c44-37fa-4c68-af7c-9d836955ded2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(10)"]},{"policyDefinitionReferenceId":"ACF1635","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(12)"]},{"policyDefinitionReferenceId":"ACF1636","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7b694eed-7081-43c6-867c-41c76c961043","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(13)"]},{"policyDefinitionReferenceId":"ACF1637","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4075bedc-c62a-4635-bede-a01be89807f3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(18)"]},{"policyDefinitionReferenceId":"ACF1638","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/49b99653-32cd-405d-a135-e7d60a9aae1f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(20)"]},{"policyDefinitionReferenceId":"ACF1639","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/78e8e649-50f6-4fe3-99ac-fedc2e63b03f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(21)"]},{"policyDefinitionReferenceId":"ACF1640","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05a289ce-6a20-4b75-a0f3-dc8601b6acd0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8"]},{"policyDefinitionReferenceId":"ACF1641","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d39d4f68-7346-4133-8841-15318a714a24","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"ACF1642","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53397227-5ee3-4b23-9e5e-c8a767ce6928","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-10"]},{"policyDefinitionReferenceId":"ACF1643","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d8d492c-dd7a-46f7-a723-fa66a425b87c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12"]},{"policyDefinitionReferenceId":"ACF1644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7211477-c970-446b-b4af-062f37461147","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(1)"]},{"policyDefinitionReferenceId":"ACF1645","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/afbd0baf-ff1a-4447-a86f-088a97347c0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(2)"]},{"policyDefinitionReferenceId":"ACF1646","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/506814fa-b930-4b10-894e-a45b98c40e1a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(3)"]},{"policyDefinitionReferenceId":"ACF1647","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/791cfc15-6974-42a0-9f4c-2d4b82f4a78c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-13"]},{"policyDefinitionReferenceId":"ACF1648","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3a9eb14b-495a-4ebb-933c-ce4ef5264e32","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-15"]},{"policyDefinitionReferenceId":"ACF1649","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26d292cc-b0b8-4c29-9337-68abc758bf7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-15"]},{"policyDefinitionReferenceId":"ACF1650","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201d3740-bd16-4baf-b4b8-7cda352228b7","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-17"]},{"policyDefinitionReferenceId":"ACF1651","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6db63528-c9ba-491c-8a80-83e1e6977a50","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1652","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6998e84a-2d29-4e10-8962-76754d4f772d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1653","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1654","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a2ee16e-ab1f-414a-800b-d1608835862b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-19"]},{"policyDefinitionReferenceId":"ACF1655","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/121eab72-390e-4629-a7e2-6d6184f57c6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-19"]},{"policyDefinitionReferenceId":"ACF1656","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1cb067d5-c8b5-4113-a7ee-0a493633924b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-20"]},{"policyDefinitionReferenceId":"ACF1657","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90f01329-a100-43c2-af31-098996135d2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-20"]},{"policyDefinitionReferenceId":"ACF1658","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/063b540e-4bdc-4e7a-a569-3a42ddf22098","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-21"]},{"policyDefinitionReferenceId":"ACF1659","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/35a4102f-a778-4a2e-98c2-971056288df8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-22"]},{"policyDefinitionReferenceId":"ACF1660","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/63096613-ce83-43e5-96f4-e588e8813554","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-23"]},{"policyDefinitionReferenceId":"ACF1661","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c643c9a-1be7-4016-a5e7-e4bada052920","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-23(1)"]},{"policyDefinitionReferenceId":"ACF1662","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/165cb91f-7ea8-4ab7-beaf-8636b98c9d15","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-24"]},{"policyDefinitionReferenceId":"ACF1663","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60171210-6dde-40af-a144-bf2670518bfa","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28"]},{"policyDefinitionReferenceId":"ACF1664","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2cdf6b8-9505-4619-b579-309ba72037ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"ACF1665","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5df3a55c-8456-44d4-941e-175f79332512","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-39"]},{"policyDefinitionReferenceId":"ACF1666","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12e30ee3-61e6-4509-8302-a871e8ebb91e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-1"]},{"policyDefinitionReferenceId":"ACF1667","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d61880dc-6e38-4f2a-a30c-3406a98f8220","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-1"]},{"policyDefinitionReferenceId":"ACF1668","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fb0966e-be1d-42c3-baca-60df5c0bcc61","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1669","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48f2f62b-5743-4415-a143-288adc0e078d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1670","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c6108469-57ee-4666-af7e-79ba61c7ae0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1671","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c5bbef7-a316-415b-9b38-29753ce8e698","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1672","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b45fe972-904e-45a4-ac20-673ba027a301","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(1)"]},{"policyDefinitionReferenceId":"ACF1673","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dff0b90d-5a6f-491c-b2f8-b90aa402d844","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(2)"]},{"policyDefinitionReferenceId":"ACF1674","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93e9e233-dd0a-4bde-aea5-1371bce0e002","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(3)"]},{"policyDefinitionReferenceId":"ACF1675","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/facb66e0-1c48-478a-bed5-747a312323e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(3)"]},{"policyDefinitionReferenceId":"ACF1676","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c10fb58b-56a8-489e-9ce3-7ffe24e78e4b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1677","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4a248e1e-040f-43e5-bff2-afc3a57a3923","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1678","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd533cb0-b416-4be7-8e86-4d154824dfd7","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1679","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2cf42a28-193e-41c5-98df-7688e7ef0a88","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1680","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/399cd6ee-0e18-41db-9dea-cde3bd712f38","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"ACF1681","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12623e7e-4736-4b2e-b776-c1600f35f93a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(2)"]},{"policyDefinitionReferenceId":"ACF1682","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/62b638c5-29d7-404b-8d93-f21e4b1ce198","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(7)"]},{"policyDefinitionReferenceId":"ACF1683","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c79fee4-88dd-44ce-bbd4-4de88948c4f8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1684","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16bfdb59-db38-47a5-88a9-2e9371a638cf","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1685","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36b0ef30-366f-4b1b-8652-a3511df11f53","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1686","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e17085c5-0be8-4423-b39b-a52d3d1402e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1687","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a87fc7f-301e-49f3-ba2a-4d74f424fa97","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1688","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/063c3f09-e0f0-4587-8fd5-f4276fae675f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1689","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/de901f2f-a01a-4456-97f0-33cda7966172","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1690","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2567a23-d1c3-4783-99f3-d471302a4d6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(1)"]},{"policyDefinitionReferenceId":"ACF1691","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/71475fb4-49bd-450b-a1a5-f63894c24725","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(2)"]},{"policyDefinitionReferenceId":"ACF1692","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ecda928-9df4-4dd7-8f44-641a91e470e8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(4)"]},{"policyDefinitionReferenceId":"ACF1693","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a450eba6-2efc-4a00-846a-5804a93c6b77","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(5)"]},{"policyDefinitionReferenceId":"ACF1694","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/426c4ac9-ff17-49d0-acd7-a13c157081c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(11)"]},{"policyDefinitionReferenceId":"ACF1695","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13fcf812-ec82-4eda-9b89-498de9efd620","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(14)"]},{"policyDefinitionReferenceId":"ACF1696","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69d2a238-20ab-4206-a6dc-f302bf88b1b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(16)"]},{"policyDefinitionReferenceId":"ACF1697","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9873db2-18ad-46b3-a11a-1a1f8cbf0335","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(18)"]},{"policyDefinitionReferenceId":"ACF1698","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/31b752c1-05a9-432a-8fce-c39b56550119","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(19)"]},{"policyDefinitionReferenceId":"ACF1699","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69c7bee8-bc19-4129-a51e-65a7b39d3e7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(20)"]},{"policyDefinitionReferenceId":"ACF1700","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(22)"]},{"policyDefinitionReferenceId":"ACF1701","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f25bc08f-27cb-43b6-9a23-014d00700426","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(23)"]},{"policyDefinitionReferenceId":"ACF1702","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4dfc0855-92c4-4641-b155-a55ddd962362","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(24)"]},{"policyDefinitionReferenceId":"ACF1703","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/804faf7d-b687-40f7-9f74-79e28adf4205","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1704","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d44b6fa-1134-4ea6-ad4e-9edb68f65429","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1705","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f82e3639-fa2b-4e06-a786-932d8379b972","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1706","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f475ee0e-f560-4c9b-876b-04a77460a404","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1707","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd4a2ac8-868a-4702-a345-6c896c3361ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5(1)"]},{"policyDefinitionReferenceId":"ACF1708","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a1e2c88-13de-4959-8ee7-47e3d74f1f48","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1709","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/025992d6-7fee-4137-9bbf-2ffc39c0686c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1710","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af2a93c8-e6dd-4c94-acdd-4a2eedfc478e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1711","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b083a535-a66a-41ec-ba7f-f9498bf67cde","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1712","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44e543aa-41db-42aa-98eb-8a5eb1db53f0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7"]},{"policyDefinitionReferenceId":"ACF1713","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d87c70b-5012-48e9-994b-e70dd4b8def0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(1)"]},{"policyDefinitionReferenceId":"ACF1714","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e12494fa-b81e-4080-af71-7dbacc2da0ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(2)"]},{"policyDefinitionReferenceId":"ACF1715","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd469ae0-71a8-4adc-aafc-de6949ca3339","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(5)"]},{"policyDefinitionReferenceId":"ACF1716","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e54c325e-42a0-4dcf-b105-046e0f6f590f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(7)"]},{"policyDefinitionReferenceId":"ACF1717","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(14)"]},{"policyDefinitionReferenceId":"ACF1718","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0dced7ab-9ce5-4137-93aa-14c13e06ab17","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(14)"]},{"policyDefinitionReferenceId":"ACF1719","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c13da9b4-fe14-4fe2-853a-5997c9d4215a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8"]},{"policyDefinitionReferenceId":"ACF1720","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44b9a7cd-f36a-491a-a48b-6d04ae7c4221","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8"]},{"policyDefinitionReferenceId":"ACF1721","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8(1)"]},{"policyDefinitionReferenceId":"ACF1722","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1da06bd-25b6-4127-a301-c313d6873fff","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8(2)"]},{"policyDefinitionReferenceId":"ACF1723","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e91927a0-ac1d-44a0-95f8-5185f9dfce9f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-10"]},{"policyDefinitionReferenceId":"ACF1724","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d07594d1-0307-4c08-94db-5d71ff31f0f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-11"]},{"policyDefinitionReferenceId":"ACF1725","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/afc234b5-456b-4aa5-b3e2-ce89108124cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-11"]},{"policyDefinitionReferenceId":"ACF1726","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/baff1279-05e0-4463-9a70-8ba5de4c7aa4","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-12"]},{"policyDefinitionReferenceId":"ACF1727","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/697175a7-9715-4e89-b98b-c6f605888fa3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-16"]}],"policyDefinitionGroups":[{"name":"NIST_SP_800-53_R4_AC-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-1"},{"name":"NIST_SP_800-53_R4_AC-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-10"},{"name":"NIST_SP_800-53_R4_AC-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-11(1)"},{"name":"NIST_SP_800-53_R4_AC-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-11"},{"name":"NIST_SP_800-53_R4_AC-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-12(1)"},{"name":"NIST_SP_800-53_R4_AC-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-12"},{"name":"NIST_SP_800-53_R4_AC-14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-14"},{"name":"NIST_SP_800-53_R4_AC-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_
+ AC-16"},{"name":"NIST_SP_800-53_R4_AC-17(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(1)"},{"name":"NIST_SP_800-53_R4_AC-17(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(2)"},{"name":"NIST_SP_800-53_R4_AC-17(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(3)"},{"name":"NIST_SP_800-53_R4_AC-17(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(4)"},{"name":"NIST_SP_800-53_R4_AC-17(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(9)"},{"name":"NIST_SP_800-53_R4_AC-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17"},{"name":"NIST_SP_800-53_R4_AC-18(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(1)"},{"name":"NIST_SP_800-53_R4_AC-18(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(3)"},{"name":"NIST_SP_800-53_R4_AC-18(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(4)"},{"name":"NIST_SP_800-53_R4_AC-18(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(5)"},{"name":"NIST_SP_800-53_R4_AC-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18"},{"name":"NIST_SP_800-53_R4_AC-19(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-19(5)"},{"name":"NIST_SP_800-53_R4_AC-19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-19"},{"name":"NIST_SP_800-53_R4_AC-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(1)"},{"name":"NIST_SP_800-53_R4_AC-2(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(10)"},{"name":"NIST_SP_800-53_R4_AC-2(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(11)"},{"name":"NIST_SP_800-53_R4_AC-2(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(12)"},{"name":"NIST_SP_800-53_R4_AC-2(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(13)"},{"name":"NIST_SP_800-53_R4_AC-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(2)"},{"name":"NIST_SP_800-53_R4_AC-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(3)"},{"name":"NIST_SP_800-53_R4_AC-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(4)"},{"name":"NIST_SP_800-53_R4_AC-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(5)"},{"name":"NIST_SP_800-53_R4_AC-2(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(7)"},{"name":"NIST_SP_800-53_R4_AC-2(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(9)"},{"name":"NIST_SP_800-53_R4_AC-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2"},{"name":"NIST_SP_800-53_R4_AC-20(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20(1)"},{"name":"NIST_SP_800-53_R4_AC-20(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20(2)"},{"name":"NIST_SP_800-53_R4_AC-20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20"},{"name":"NIST_SP_800-53_R4_AC-21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-21"},{"name":"NIST_SP_800-53_R4_AC-22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-22"},{"name":"NIST_SP_800-53_R4_AC-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-3"},{"name":"NIST_SP_800-53_R4_AC-4(21)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4(21)"},{"name":"NIST_SP_800-53_R4_AC-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4(8)"},{"name":"NIST_SP_800-53_R4_AC-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4"},{"name":"NIST_SP_800-53_R4_AC-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-5"},{"name":"NIST_SP_800-53_R4_AC-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(1)"},{"name":"NIST_SP_800-53_R4_AC-6(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(10)"},{"name":"NIST_SP_800-53_R4_AC-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(2)"},{"name":"NIST_SP_800-53_R4_AC-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(3)"},{"name":"NIST_SP_800-53_R4_AC-6(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(5)"},{"name":"NIST_SP_800-53_R4_AC-6(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(7)"},{"name":"NIST_SP_800-53_R4_AC-6(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(8)"},{"name":"NIST_SP_800-53_R4_AC-6(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(9)"},{"name":"NIST_SP_800-53_R4_AC-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6"},{"name":"NIST_SP_800-53_R4_AC-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-7(2)"},{"name":"NIST_SP_800-53_R4_AC-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-7"},{"name":"NIST_SP_800-53_R4_AC-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-8"},{"name":"NIST_SP_800-53_R4_AT-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-1"},{"name":"NIST_SP_800-53_R4_AT-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-2(2)"},{"name":"NIST_SP_800-53_R4_AT-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-2"},{"name":"NIST_SP_800-53_R4_AT-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3(3)"},{"name":"NIST_SP_800-53_R4_AT-3(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3(4)"},{"name":"NIST_SP_800-53_R4_AT-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3"},{"name":"NIST_SP_800-53_R4_AT-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-4"},{"name":"NIST_SP_800-53_R4_AU-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-1"},{"name":"NIST_SP_800-53_R4_AU-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-10"},{"name":"NIST_SP_800-53_R4_AU-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-11"},{"name":"NIST_SP_800-53_R4_AU-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12(1)"},{"name":"NIST_SP_800-53_R4_AU-12(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12(3)"},{"name":"NIST_SP_800-53_R4_AU-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12"},{"name":"NIST_SP_800-53_R4_AU-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-2(3)"},{"name":"NIST_SP_800-53_R4_AU-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-2"},{"name":"NIST_SP_800-53_R4_AU-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3(1)"},{"name":"NIST_SP_800-53_R4_AU-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3(2)"},{"name":"NIST_SP_800-53_R4_AU-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3"},{"name":"NIST_SP_800-53_R4_AU-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-4"},{"name":"NIST_SP_800-53_R4_AU-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5(1)"},{"name":"NIST_SP_800-53_R4_AU-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5(2)"},{"name":"NIST_SP_800-53_R4_AU-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5"},{"name":"NIST_SP_800-53_R4_AU-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(1)"},{"name":"NIST_SP_800-53_R4_AU-6(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(10)"},{"name":"NIST_SP_800-53_R4_AU-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(3)"},{"name":"NIST_SP_800-53_R4_AU-6(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(4)"},{"name":"NIST_SP_800-53_R4_AU-6(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(5)"},{"name":"NIST_SP_800-53_R4_AU-6(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(6)"},{"name":"NIST_SP_800-53_R4_AU-6(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(7)"},{"name":"NIST_SP_800-53_R4_AU-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6"},{"name":"NIST_SP_800-53_R4_AU-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-7(1)"},{"name":"NIST_SP_800-53_R4_AU-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-7"},{"name":"NIST_SP_800-53_R4_AU-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-8(1)"},{"name":"NIST_SP_800-53_R4_AU-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-8"},{"name":"NIST_SP_800-53_R4_AU-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(2)"},{"name":"NIST_SP_800-53_R4_AU-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(3)"},{"name":"NIST_SP_800-53_R4_AU-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(4)"},{"name":"NIST_SP_800-53_R4_AU-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9"},{"name":"NIST_SP_800-53_R4_CA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-1"},{"name":"NIST_SP_800-53_R4_CA-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(1)"},{"name":"NIST_SP_800-53_R4_CA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(2)"},{"name":"NIST_SP_800-53_R4_CA-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(3)"},{"name":"NIST_SP_800-53_R4_CA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2"},{"name":"NIST_SP_800-53_R4_CA-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3(3)"},{"name":"NIST_SP_800-53_R4_CA-3(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3(5)"},{"name":"NIST_SP_800-53_R4_CA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3"},{"name":"NIST_SP_800-53_R4_CA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-5"},{"name":"NIST_SP_800-53_R4_CA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-6"},{"name":"NIST_SP_800-53_R4_CA-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7(1)"},{"name":"NIST_SP_800-53_R4_CA-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7(3)"},{"name":"NIST_SP_800-53_R4_CA-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7"},{"name":"NIST_SP_800-53_R4_CA-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-8(1)"},{"name":"NIST_SP_800-53_R4_CA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-8"},{"name":"NIST_SP_800-53_R4_CA-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-9"},{"name":"NIST_SP_800-53_R4_CM-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-1"},{"name":"NIST_SP_800-53_R4_CM-10(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-10(1)"},{"name":"NIST_SP_800-53_R4_CM-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-10"},{"name":"NIST_SP_800-53_R4_CM-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-11(1)"},{"name":"NIST_SP_800-53_R4_CM-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-11"},{"name":"NIST_SP_800-53_R4_CM-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(1)"},{"name":"NIST_SP_800-53_R4_CM-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(2)"},{"name":"NIST_SP_800-53_R4_CM-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(3)"},{"name":"NIST_SP_800-53_R4_CM-2(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(7)"},{"name":"NIST_SP_800-53_R4_CM-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2"},{"name":"NIST_SP_800-53_R4_CM-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(1)"},{"name":"NIST_SP_800-53_R4_CM-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(2)"},{"name":"NIST_SP_800-53_R4_CM-3(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(4)"},{"name":"NIST_SP_800-53_R4_CM-3(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(6)"},{"name":"NIST_SP_800-53_R4_CM-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3"},{"name":"NIST_SP_800-53_R4_CM-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-4(1)"},{"name":"NIST_SP_800-53_R4_CM-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-4"},{"name":"NIST_SP_800-53_R4_CM-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(1)"},{"name":"NIST_SP_800-53_R4_CM-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(2)"},{"name":"NIST_SP_800-53_R4_CM-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(3)"},{"name":"NIST_SP_800-53_R4_CM-5(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(5)"},{"name":"NIST_SP_800-53_R4_CM-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5"},{"name":"NIST_SP_800-53_R4_CM-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6(1)"},{"name":"NIST_SP_800-53_R4_CM-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6(2)"},{"name":"NIST_SP_800-53_R4_CM-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6"},{"name":"NIST_SP_800-53_R4_CM-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(1)"},{"name":"NIST_SP_800-53_R4_CM-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(2)"},{"name":"NIST_SP_800-53_R4_CM-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(5)"},{"name":"NIST_SP_800-53_R4_CM-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7"},{"name":"NIST_SP_800-53_R4_CM-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(1)"},{"name":"NIST_SP_800-53_R4_CM-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(2)"},{"name":"NIST_SP_800-53_R4_CM-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(3)"},{"name":"NIST_SP_800-53_R4_CM-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(4)"},{"name":"NIST_SP_800-53_R4_CM-8(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(5)"},{"name":"NIST_SP_800-53_R4_CM-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8"},{"name":"NIST_SP_800-53_R4_CM-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-9"},{"name":"NIST_SP_800-53_R4_CP-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-1"},{"name":"NIST_SP_800-53_R4_CP-10(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10(2)"},{"name":"NIST_SP_800-53_R4_CP-10(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10(4)"},{"name":"NIST_SP_800-53_R4_CP-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10"},{"name":"NIST_SP_800-53_R4_CP-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(1)"},{"name":"NIST_SP_800-53_R4_CP-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(2)"},{"name":"NIST_SP_800-53_R4_CP-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(3)"},{"name":"NIST_SP_800-53_R4_CP-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(4)"},{"name":"NIST_SP_800-53_R4_CP-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(5)"},{"name":"NIST_SP_800-53_R4_CP-2(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(8)"},{"name":"NIST_SP_800-53_R4_CP-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2"},{"name":"NIST_SP_800-53_R4_CP-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-3(1)"},{"name":"NIST_SP_800-53_R4_CP-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-3"},{"name":"NIST_SP_800-53_R4_CP-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4(1)"},{"name":"NIST_SP_800-53_R4_CP-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4(2)"},{"name":"NIST_SP_800-53_R4_CP-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4"},{"name":"NIST_SP_800-53_R4_CP-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(1)"},{"name":"NIST_SP_800-53_R4_CP-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(2)"},{"name":"NIST_SP_800-53_R4_CP-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(3)"},{"name":"NIST_SP_800-53_R4_CP-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6"},{"name":"NIST_SP_800-53_R4_CP-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(1)"},{"name":"NIST_SP_800-53_R4_CP-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(2)"},{"name":"NIST_SP_800-53_R4_CP-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(3)"},{"name":"NIST_SP_800-53_R4_CP-7(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(4)"},{"name":"NIST_SP_800-53_R4_CP-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7"},{"name":"NIST_SP_800-53_R4_CP-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(1)"},{"name":"NIST_SP_800-53_R4_CP-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(2)"},{"name":"NIST_SP_800-53_R4_CP-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(3)"},{"name":"NIST_SP_800-53_R4_CP-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(4)"},{"name":"NIST_SP_800-53_R4_CP-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8"},{"name":"NIST_SP_800-53_R4_CP-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(1)"},{"name":"NIST_SP_800-53_R4_CP-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(2)"},{"name":"NIST_SP_800-53_R4_CP-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(3)"},{"name":"NIST_SP_800-53_R4_CP-9(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(5)"},{"name":"NIST_SP_800-53_R4_CP-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9"},{"name":"NIST_SP_800-53_R4_IA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-1"},{"name":"NIST_SP_800-53_R4_IA-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(1)"},{"name":"NIST_SP_800-53_R4_IA-2(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(11)"},{"name":"NIST_SP_800-53_R4_IA-2(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(12)"},{"name":"NIST_SP_800-53_R4_IA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(2)"},{"name":"NIST_SP_800-53_R4_IA-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(3)"},{"name":"NIST_SP_800-53_R4_IA-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(4)"},{"name":"NIST_SP_800-53_R4_IA-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(5)"},{"name":"NIST_SP_800-53_R4_IA-2(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(8)"},{"name":"NIST_SP_800-53_R4_IA-2(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(9)"},{"name":"NIST_SP_800-53_R4_IA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2"},{"name":"NIST_SP_800-53_R4_IA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-3"},{"name":"NIST_SP_800-53_R4_IA-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-4(4)"},{"name":"NIST_SP_800-53_R4_IA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-4"},{"name":"NIST_SP_800-53_R4_IA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(1)"},{"name":"NIST_SP_800-53_R4_IA-5(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(11)"},{"name":"NIST_SP_800-53_R4_IA-5(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(13)"},{"name":"NIST_SP_800-53_R4_IA-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(2)"},{"name":"NIST_SP_800-53_R4_IA-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(3)"},{"name":"NIST_SP_800-53_R4_IA-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(4)"},{"name":"NIST_SP_800-53_R4_IA-5(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(6)"},{"name":"NIST_SP_800-53_R4_IA-5(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(7)"},{"name":"NIST_SP_800-53_R4_IA-5(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(8)"},{"name":"NIST_SP_800-53_R4_IA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5"},{"name":"NIST_SP_800-53_R4_IA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-6"},{"name":"NIST_SP_800-53_R4_IA-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-7"},{"name":"NIST_SP_800-53_R4_IA-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(1)"},{"name":"NIST_SP_800-53_R4_IA-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(2)"},{"name":"NIST_SP_800-53_R4_IA-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(3)"},{"name":"NIST_SP_800-53_R4_IA-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(4)"},{"name":"NIST_SP_800-53_R4_IA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8"},{"name":"NIST_SP_800-53_R4_IR-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-1"},{"name":"NIST_SP_800-53_R4_IR-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2(1)"},{"name":"NIST_SP_800-53_R4_IR-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2(2)"},{"name":"NIST_SP_800-53_R4_IR-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2"},{"name":"NIST_SP_800-53_R4_IR-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-3(2)"},{"name":"NIST_SP_800-53_R4_IR-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-3"},{"name":"NIST_SP_800-53_R4_IR-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(1)"},{"name":"NIST_SP_800-53_R4_IR-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(2)"},{"name":"NIST_SP_800-53_R4_IR-4(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(3)"},{"name":"NIST_SP_800-53_R4_IR-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(4)"},{"name":"NIST_SP_800-53_R4_IR-4(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(6)"},{"name":"NIST_SP_800-53_R4_IR-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(8)"},{"name":"NIST_SP_800-53_R4_IR-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4"},{"name":"NIST_SP_800-53_R4_IR-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-5(1)"},{"name":"NIST_SP_800-53_R4_IR-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-5"},{"name":"NIST_SP_800-53_R4_IR-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-6(1)"},{"name":"NIST_SP_800-53_R4_IR-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-6"},{"name":"NIST_SP_800-53_R4_IR-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7(1)"},{"name":"NIST_SP_800-53_R4_IR-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7(2)"},{"name":"NIST_SP_800-53_R4_IR-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7"},{"name":"NIST_SP_800-53_R4_IR-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-8"},{"name":"NIST_SP_800-53_R4_IR-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(1)"},{"name":"NIST_SP_800-53_R4_IR-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(2)"},{"name":"NIST_SP_800-53_R4_IR-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(3)"},{"name":"NIST_SP_800-53_R4_IR-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(4)"},{"name":"NIST_SP_800-53_R4_IR-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9"},{"name":"NIST_SP_800-53_R4_MA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-1"},{"name":"NIST_SP_800-53_R4_MA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-2(2)"},{"name":"NIST_SP_800-53_R4_MA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-2"},{"name":"NIST_SP_800-53_R4_MA-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(1)"},{"name":"NIST_SP_800-53_R4_MA-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(2)"},{"name":"NIST_SP_800-53_R4_MA-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(3)"},{"name":"NIST_SP_800-53_R4_MA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3"},{"name":"NIST_SP_800-53_R4_MA-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(2)"},{"name":"NIST_SP_800-53_R4_MA-4(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(3)"},{"name":"NIST_SP_800-53_R4_MA-4(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(6)"},{"name":"NIST_SP_800-53_R4_MA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4"},{"name":"NIST_SP_800-53_R4_MA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-5(1)"},{"name":"NIST_SP_800-53_R4_MA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-5"},{"name":"NIST_SP_800-53_R4_MA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-6"},{"name":"NIST_SP_800-53_R4_MP-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-1"},{"name":"NIST_SP_800-53_R4_MP-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-2"},{"name":"NIST_SP_800-53_R4_MP-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-3"},{"name":"NIST_SP_800-53_R4_MP-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-4"},{"name":"NIST_SP_800-53_R4_MP-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-5(4)"},{"name":"NIST_SP_800-53_R4_MP-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-5"},{"name":"NIST_SP_800-53_R4_MP-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(1)"},{"name":"NIST_SP_800-53_R4_MP-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(2)"},{"name":"NIST_SP_800-53_R4_MP-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(3)"},{"name":"NIST_SP_800-53_R4_MP-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6"},{"name":"NIST_SP_800-53_R4_MP-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-7(1)"},{"name":"NIST_SP_800-53_R4_MP-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-7"},{"name":"NIST_SP_800-53_R4_PE-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-1"},{"name":"NIST_SP_800-53_R4_PE-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-10"},{"name":"NIST_SP_800-53_R4_PE-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-11(1)"},{"name":"NIST_SP_800-53_R4_PE-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-11"},{"name":"NIST_SP_800-53_R4_PE-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-12"},{"name":"NIST_SP_800-53_R4_PE-13(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(1)"},{"name":"NIST_SP_800-53_R4_PE-13(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(2)"},{"name":"NIST_SP_800-53_R4_PE-13(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(3)"},{"name":"NIST_SP_800-53_R4_PE-13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13"},{"name":"NIST_SP_800-53_R4_PE-14(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-14(2)"},{"name":"NIST_SP_800-53_R4_PE-14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-14"},{"name":"NIST_SP_800-53_R4_PE-15(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-15(1)"},{"name":"NIST_SP_800-53_R4_PE-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-15"},{"name":"NIST_SP_800-53_R4_PE-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-16"},{"name":"NIST_SP_800-53_R4_PE-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-17"},{"name":"NIST_SP_800-53_R4_PE-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-18"},{"name":"NIST_SP_800-53_R4_PE-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-2"},{"name":"NIST_SP_800-53_R4_PE-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-3(1)"},{"name":"NIST_SP_800-53_R4_PE-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-3"},{"name":"NIST_SP_800-53_R4_PE-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-4"},{"name":"NIST_SP_800-53_R4_PE-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-5"},{"name":"NIST_SP_800-53_R4_PE-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6(1)"},{"name":"NIST_SP_800-53_R4_PE-6(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6(4)"},{"name":"NIST_SP_800-53_R4_PE-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6"},{"name":"NIST_SP_800-53_R4_PE-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-8(1)"},{"name":"NIST_SP_800-53_R4_PE-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-8"},{"name":"NIST_SP_800-53_R4_PE-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-9"},{"name":"NIST_SP_800-53_R4_PL-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-1"},{"name":"NIST_SP_800-53_R4_PL-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-2(3)"},{"name":"NIST_SP_800-53_R4_PL-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-2"},{"name":"NIST_SP_800-53_R4_PL-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-4(1)"},{"name":"NIST_SP_800-53_R4_PL-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-4"},{"name":"NIST_SP_800-53_R4_PL-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-8"},{"name":"NIST_SP_800-53_R4_PS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-1"},{"name":"NIST_SP_800-53_R4_PS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-2"},{"name":"NIST_SP_800-53_R4_PS-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-3(3)"},{"name":"NIST_SP_800-53_R4_PS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-3"},{"name":"NIST_SP_800-53_R4_PS-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-4(2)"},{"name":"NIST_SP_800-53_R4_PS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-4"},{"name":"NIST_SP_800-53_R4_PS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-5"},{"name":"NIST_SP_800-53_R4_PS-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-6"},{"name":"NIST_SP_800-53_R4_PS-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-7"},{"name":"NIST_SP_800-53_R4_PS-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-8"},{"name":"NIST_SP_800-53_R4_RA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-1"},{"name":"NIST_SP_800-53_R4_RA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-2"},{"name":"NIST_SP_800-53_R4_RA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-3"},{"name":"NIST_SP_800-53_R4_RA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(1)"},{"name":"NIST_SP_800-53_R4_RA-5(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(10)"},{"name":"NIST_SP_800-53_R4_RA-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(2)"},{"name":"NIST_SP_800-53_R4_RA-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(3)"},{"name":"NIST_SP_800-53_R4_RA-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(4)"},{"name":"NIST_SP_800-53_R4_RA-5(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(5)"},{"name":"NIST_SP_800-53_R4_RA-5(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(6)"},{"name":"NIST_SP_800-53_R4_RA-5(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(8)"},{"name":"NIST_SP_800-53_R4_RA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5"},{"name":"NIST_SP_800-53_R4_SA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-1"},{"name":"NIST_SP_800-53_R4_SA-10(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-10(1)"},{"name":"NIST_SP_800-53_R4_SA-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-10"},{"name":"NIST_SP_800-53_R4_SA-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(1)"},{"name":"NIST_SP_800-53_R4_SA-11(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(2)"},{"name":"NIST_SP_800-53_R4_SA-11(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(8)"},{"name":"NIST_SP_800-53_R4_SA-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11"},{"name":"NIST_SP_800-53_R4_SA-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-12"},{"name":"NIST_SP_800-53_R4_SA-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-15"},{"name":"NIST_SP_800-53_R4_SA-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-16"},{"name":"NIST_SP_800-53_R4_SA-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-17"},{"name":"NIST_SP_800-53_R4_SA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-2"},{"name":"NIST_SP_800-53_R4_SA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-3"},{"name":"NIST_SP_800-53_R4_SA-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(1)"},{"name":"NIST_SP_800-53_R4_SA-4(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(10)"},{"name":"NIST_SP_800-53_R4_SA-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(2)"},{"name":"NIST_SP_800-53_R4_SA-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(8)"},{"name":"NIST_SP_800-53_R4_SA-4(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(9)"},{"name":"NIST_SP_800-53_R4_SA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4"},{"name":"NIST_SP_800-53_R4_SA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-5"},{"name":"NIST_SP_800-53_R4_SA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-8"},{"name":"NIST_SP_800-53_R4_SA-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(1)"},{"name":"NIST_SP_800-53_R4_SA-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(2)"},{"name":"NIST_SP_800-53_R4_SA-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(4)"},{"name":"NIST_SP_800-53_R4_SA-9(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(5)"},{"name":"NIST_SP_800-53_R4_SA-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9"},{"name":"NIST_SP_800-53_R4_SC-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-1"},{"name":"NIST_SP_800-53_R4_SC-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-10"},{"name":"NIST_SP_800-53_R4_SC-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(1)"},{"name":"NIST_SP_800-53_R4_SC-12(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(2)"},{"name":"NIST_SP_800-53_R4_SC-12(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(3)"},{"name":"NIST_SP_800-53_R4_SC-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12"},{"name":"NIST_SP_800-53_R4_SC-13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-13"},{"name":"NIST_SP_800-53_R4_SC-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-15"},{"name":"NIST_SP_800-53_R4_SC-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-17"},{"name":"NIST_SP_800-53_R4_SC-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-18"},{"name":"NIST_SP_800-53_R4_SC-19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-19"},{"name":"NIST_SP_800-53_R4_SC-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-2"},{"name":"NIST_SP_800-53_R4_SC-20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-20"},{"name":"NIST_SP_800-53_R4_SC-21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-21"},{"name":"NIST_SP_800-53_R4_SC-22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-22"},{"name":"NIST_SP_800-53_R4_SC-23(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-23(1)"},{"name":"NIST_SP_800-53_R4_SC-23","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-23"},{"name":"NIST_SP_800-53_R4_SC-24","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-24"},{"name":"NIST_SP_800-53_R4_SC-28(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-28(1)"},{"name":"NIST_SP_800-53_R4_SC-28","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-28"},{"name":"NIST_SP_800-53_R4_SC-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-3"},{"name":"NIST_SP_800-53_R4_SC-39","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-39"},{"name":"NIST_SP_800-53_R4_SC-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-4"},{"name":"NIST_SP_800-53_R4_SC-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-5"},{"name":"NIST_SP_800-53_R4_SC-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-6"},{"name":"NIST_SP_800-53_R4_SC-7(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(10)"},{"name":"NIST_SP_800-53_R4_SC-7(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(12)"},{"name":"NIST_SP_800-53_R4_SC-7(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(13)"},{"name":"NIST_SP_800-53_R4_SC-7(18)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(18)"},{"name":"NIST_SP_800-53_R4_SC-7(20)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(20)"},{"name":"NIST_SP_800-53_R4_SC-7(21)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(21)"},{"name":"NIST_SP_800-53_R4_SC-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(3)"},{"name":"NIST_SP_800-53_R4_SC-7(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(4)"},{"name":"NIST_SP_800-53_R4_SC-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(5)"},{"name":"NIST_SP_800-53_R4_SC-7(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(7)"},{"name":"NIST_SP_800-53_R4_SC-7(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(8)"},{"name":"NIST_SP_800-53_R4_SC-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7"},{"name":"NIST_SP_800-53_R4_SC-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-8(1)"},{"name":"NIST_SP_800-53_R4_SC-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-8"},{"name":"NIST_SP_800-53_R4_SI-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-1"},{"name":"NIST_SP_800-53_R4_SI-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-10"},{"name":"NIST_SP_800-53_R4_SI-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-11"},{"name":"NIST_SP_800-53_R4_SI-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-12"},{"name":"NIST_SP_800-53_R4_SI-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-16"},{"name":"NIST_SP_800-53_R4_SI-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(1)"},{"name":"NIST_SP_800-53_R4_SI-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(2)"},{"name":"NIST_SP_800-53_R4_SI-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(3)"},{"name":"NIST_SP_800-53_R4_SI-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2"},{"name":"NIST_SP_800-53_R4_SI-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(1)"},{"name":"NIST_SP_800-53_R4_SI-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(2)"},{"name":"NIST_SP_800-53_R4_SI-3(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(7)"},{"name":"NIST_SP_800-53_R4_SI-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3"},{"name":"NIST_SP_800-53_R4_SI-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(1)"},{"name":"NIST_SP_800-53_R4_SI-4(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(11)"},{"name":"NIST_SP_800-53_R4_SI-4(14)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(14)"},{"name":"NIST_SP_800-53_R4_SI-4(16)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(16)"},{"name":"NIST_SP_800-53_R4_SI-4(18)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(18)"},{"name":"NIST_SP_800-53_R4_SI-4(19)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(19)"},{"name":"NIST_SP_800-53_R4_SI-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(2)"},{"name":"NIST_SP_800-53_R4_SI-4(20)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(20)"},{"name":"NIST_SP_800-53_R4_SI-4(22)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(22)"},{"name":"NIST_SP_800-53_R4_SI-4(23)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(23)"},{"name":"NIST_SP_800-53_R4_SI-4(24)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(24)"},{"name":"NIST_SP_800-53_R4_SI-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(4)"},{"name":"NIST_SP_800-53_R4_SI-4(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(5)"},{"name":"NIST_SP_800-53_R4_SI-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4"},{"name":"NIST_SP_800-53_R4_SI-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-5(1)"},{"name":"NIST_SP_800-53_R4_SI-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-5"},{"name":"NIST_SP_800-53_R4_SI-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-6"},{"name":"NIST_SP_800-53_R4_SI-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(1)"},{"name":"NIST_SP_800-53_R4_SI-7(14)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(14)"},{"name":"NIST_SP_800-53_R4_SI-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(2)"},{"name":"NIST_SP_800-53_R4_SI-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(5)"},{"name":"NIST_SP_800-53_R4_SI-7(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(7)"},{"name":"NIST_SP_800-53_R4_SI-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7"},{"name":"NIST_SP_800-53_R4_SI-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8(1)"},{"name":"NIST_SP_800-53_R4_SI-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8(2)"},{"name":"NIST_SP_800-53_R4_SI-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f","type":"Microsoft.Authorization/policySetDefinitions","name":"cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f"},{"properties":{"displayName":"[Preview]:
+ Audit FedRAMP High controls and deploy specific VM Extensions to support audit
+ requirements","policyType":"BuiltIn","description":"This initiative includes
+ audit and VM Extension deployment policies that address a subset of FedRAMP
+ H controls. Additional policies will be added in upcoming releases. For more
+ information, please visit https://aka.ms/fedramph-blueprint.","metadata":{"category":"Regulatory
+ Compliance","preview":true},"parameters":{"listOfAllowedLocationsForResourcesAndResourceGroups":{"type":"Array","metadata":{"displayName":"Allowed
+ locations for resources and resource groups","description":"This policy enables
+ you to restrict the locations your organization can create resource groups
+ in or deploy resources. Use to enforce your geo-compliance requirements. Excludes
+ resource groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources
+ that use the ''global'' region.","strongType":"location"}},"membersToIncludeInAdministratorsLocalGroup":{"type":"String","metadata":{"displayName":"Members
+ to be included in the Administrators local group","description":"A semicolon-separated
+ list of members that should be included in the Administrators local group.
+ Ex: Administrator; myUser1; myUser2"}},"membersToExcludeInAdministratorsLocalGroup":{"type":"String","metadata":{"displayName":"Members
+ that should be excluded in the Administrators local group","description":"A
+ semicolon-separated list of members that should be excluded in the Administrators
+ local group. Ex: Administrator; myUser1; myUser2"}},"logAnalyticsWorkspaceIdForVMs":{"type":"String","metadata":{"displayName":"Log
+ Analytics Workspace Id that VMs should be configured for","description":"This
+ is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured
+ for."}},"listOfResourceTypes":{"type":"Array","metadata":{"displayName":"List
+ of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerability
+ assessment should be enabled on your SQL managed instances","description":"Audit
+ SQL managed instances which do not have recurring vulnerability assessment
+ scans enabled. Vulnerability assessment can discover, track, and help you
+ remediate potential database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vulnerabilityAssessmentOnServerMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerability
+ assessment should be enabled on your SQL servers","description":"Audit Azure
+ SQL servers which do not have recurring vulnerability assessment scans enabled.
+ Vulnerability assessment can discover, track, and help you remediate potential
+ database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vulnerabilityAssessmentOnVirtualMachinesEffect":{"type":"String","metadata":{"displayName":"Vulnerability
+ Assessment should be enabled on Virtual Machines","description":"Monitors
+ vulnerabilities detected by Azure Security Center Vulnerability Assessment
+ on Virtual Machines"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"geoRedundancyEnabledForStorageAccountsEffect":{"type":"String","metadata":{"displayName":"Geo-redundant
+ storage should be enabled for Storage Accounts","description":"This policy
+ audits any Storage Account with geo-redundant storage not enabled."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"geoRedundancyEnabledForAzureDatabaseForMariaDBEffect":{"type":"String","metadata":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for MariaDB","description":"This
+ policy audits any Azure Database for MariaDB with geo-redundant backup not
+ enabled."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"geoRedundancyEnabledForAzureDatabaseForMySQLEffect":{"type":"String","metadata":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for MySQL","description":"This
+ policy audits any Azure Database for MySQL with geo-redundant backup not enabled."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"geoRedundancyEnabledForAzureDatabaseForPostgreSQLEffect":{"type":"String","metadata":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for PostgreSQL","description":"This
+ policy audits any Azure Database for PostgreSQL with geo-redundant backup
+ not enabled."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"adaptiveNetworkHardeningsMonitoringEffect":{"type":"String","metadata":{"displayName":"Network
+ Security Group Rules for Internet facing virtual machines should be hardened","description":"Enable
+ or disable the monitoring of Internet-facing virtual machines for Network
+ Security Group traffic hardening recommendations"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppEnforceHttpsMonitoringEffect":{"type":"String","metadata":{"displayName":"Web
+ Application should only be accessible over HTTPS","description":"Enable or
+ disable the monitoring of the use of HTTPS in Web App"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"functionAppEnforceHttpsMonitoringEffect":{"type":"String","metadata":{"displayName":"Function
+ App should only be accessible over HTTPS","description":"Enable or disable
+ the monitoring of the use of HTTPS in function App"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"External
+ accounts with write permissions should be removed from your subscription","description":"Enable
+ or disable the monitoring of external acounts with write permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"External
+ accounts with read permissions should be removed from your subscription","description":"Enable
+ or disable the monitoring of external acounts with read permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"External
+ accounts with owner permissions should be removed from your subscription","description":"Enable
+ or disable the monitoring of external acounts with owner permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"Deprecated
+ accounts with owner permissions should be removed from your subscription","description":"Enable
+ or disable the monitoring of deprecated acounts with owner permissions in
+ subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveDeprecatedAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Deprecated
+ accounts should be removed from your subscription","description":"Enable or
+ disable the monitoring of deprecated acounts in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppRestrictCORSAccessMonitoringEffect":{"type":"String","metadata":{"displayName":"CORS
+ should not allow every resource to access your Web Application","description":"Enable
+ or disable the monitoring of CORS restrictions for API Web"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vmssSystemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"System
+ updates on virtual machine scale sets should be installed","description":"Enable
+ or disable virtual machine scale sets reporting of system updates"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForReadPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled on accounts with read permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with read permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled on accounts with owner permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with owner permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForWritePermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled accounts with write permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with write permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect":{"type":"String","metadata":{"displayName":"Long-term
+ geo-redundant backup should be enabled for Azure SQL Databases","description":"This
+ policy audits any Azure SQL Database with long-term geo-redundant backup not
+ enabled."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"previewMonitorUnprotectedWebApplicationInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"deployRequirementsToAuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{}},{"policyDefinitionReferenceId":"auditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"auditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"serviceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"auditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"transparentDataEncryptionOnSqlDatabasesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"auditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{}},{"policyDefinitionReferenceId":"auditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a","parameters":{}},{"policyDefinitionReferenceId":"auditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de","parameters":{}},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"auditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"auditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"anAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesShouldBeRemediatedByAVulnerabilityAssessmentSolution","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"diskEncryptionShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesOnYourSqlDatabasesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"justInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"systemUpdatesShouldBeInstalledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"monitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmShouldNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditLinuxVmPasswdFilePermissions","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"endpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"previewShowAuditResultsFromWindowsVMsThatDoNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatAllowReUseOfThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLinuxVMsThatHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"dDoSProtectionStandardShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"thereShouldBeMoreThanOneOwnerAssignedToYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"aMaximumOf3OwnersShouldBeDesignatedForYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsAgentDeploymentInVmssVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsAgentDeploymentVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"apiAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"VulnerabilityAssessmentshouldbeenabledonVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnVirtualMachinesEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantStorageShouldBeEnabledForStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf045164-79ba-4215-8f95-f8048dc1780b","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForStorageAccountsEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMariaDB","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForMariaDBEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMySQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForMySQLEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgreSQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForPostgreSQLEffect'')]"}}},{"policyDefinitionReferenceId":"allowedLocationsForResourceGroups","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988","parameters":{"listOfAllowedLocations":{"value":"[parameters(''listOfAllowedLocationsForResourcesAndResourceGroups'')]"}}},{"policyDefinitionReferenceId":"allowedLocationsForResources","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","parameters":{"listOfAllowedLocations":{"value":"[parameters(''listOfAllowedLocationsForResourcesAndResourceGroups'')]"}}},{"policyDefinitionReferenceId":"deployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","parameters":{"membersToInclude":{"value":"[parameters(''membersToIncludeInAdministratorsLocalGroup'')]"}}},{"policyDefinitionReferenceId":"DeployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","parameters":{"membersToExclude":{"value":"[parameters(''membersToExcludeInAdministratorsLocalGroup'')]"}}},{"policyDefinitionReferenceId":"auditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdForVMs'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"longtermGeoRedundantBackupEnabledAzureSQLDatabases","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","parameters":{"effect":{"value":"[parameters(''longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/d5264498-16f4-418a-b659-fa7ef418175f","type":"Microsoft.Authorization/policySetDefinitions","name":"d5264498-16f4-418a-b659-fa7ef418175f"},{"properties":{"displayName":"[Preview]:
Audit Windows VMs that do not match Azure security baseline settings","policyType":"BuiltIn","description":"This
initiative deploys the policy requirements and audits Windows virtual machines
with non-compliant Azure security baseline configurations. For more information
@@ -2633,7 +3229,23 @@ interactions:
names (supports wildcards)","description":"A semicolon-separated list of the
names of the applications that should not be installed. e.g. ''Microsoft SQL
Server 2014 (64-bit); Microsoft Visual Studio Code'' or ''Microsoft SQL Server
- 2014*'' (to match any application starting with ''Microsoft SQL Server 2014'')"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_NotInstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2","parameters":{"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}}},{"policyDefinitionReferenceId":"Audit_NotInstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/d7fff7ea-9d47-4952-b854-b7da261e48f2","type":"Microsoft.Authorization/policySetDefinitions","name":"d7fff7ea-9d47-4952-b854-b7da261e48f2"},{"properties":{"displayName":"Audit
+ 2014*'' (to match any application starting with ''Microsoft SQL Server 2014'')"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_NotInstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2","parameters":{"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}}},{"policyDefinitionReferenceId":"Audit_NotInstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/d7fff7ea-9d47-4952-b854-b7da261e48f2","type":"Microsoft.Authorization/policySetDefinitions","name":"d7fff7ea-9d47-4952-b854-b7da261e48f2"},{"properties":{"displayName":"[Preview]:
+ Audit FedRAMP Moderate controls and deploy specific VM Extensions to support
+ audit requirements","policyType":"BuiltIn","description":"This initiative
+ includes audit and VM Extension deployment policies that address a subset
+ of FedRAMP M controls. Additional policies will be added in upcoming releases.
+ For more information, please visit https://aka.ms/fedrampm-blueprint.","metadata":{"category":"Regulatory
+ Compliance"},"parameters":{"logAnalyticsWorkspaceId":{"type":"String","metadata":{"displayName":"Log
+ Analytics Workspace Id that VMs should be configured for","description":"This
+ is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured
+ for."}},"listOfResourceTypes":{"type":"Array","metadata":{"displayName":"List
+ of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"membersToExclude":{"type":"String","metadata":{"displayName":"Members
+ to exclude","description":"A semicolon-separated list of members that should
+ be excluded in the Administrators local group. Ex: Administrator; myUser1;
+ myUser2"}},"membersToInclude":{"type":"String","metadata":{"displayName":"Members
+ to include","description":"A semicolon-separated list of members that should
+ be included in the Administrators local group. Ex: Administrator; myUser1;
+ myUser2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"MfaShouldBeEnabledOnAccountsWithOwnerPermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"MFAShouldBeEnabledOnAccountsWithReadPermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"MfaShouldBeEnabledAccountsWithWritePermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"SystemUpdatesOnVirtualMachineScaleSetsShouldBeInstalled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{}},{"policyDefinitionReferenceId":"CorsShouldNotAllowEveryResourceToAccessYourWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{}},{"policyDefinitionReferenceId":"DeprecatedAccountsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"DeprecatedAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithReadPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithWritePermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"FunctionAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"WebApplicationShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"ApiAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVmssVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"AMaximumOf3OwnersShouldBeDesignatedForYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"ThereShouldBeMoreThanOneOwnerAssignedToYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"DDoSProtectionStandardShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatAllowReUseOfThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"PreviewShowAuditResultsFromWindowsVMsThatDoNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6","parameters":{}},{"policyDefinitionReferenceId":"EndpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditLinuxVMsThatHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditWindowsVMsThatAllowReUseOfThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployPrerequisitesToAuditWindowsVMsThatDoNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","parameters":{}},{"policyDefinitionReferenceId":"NetworkSecurityGroupRulesForInternetFacingVirtualMachinesShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"MonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"SystemUpdatesShouldBeInstalledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"AdaptiveApplicationControlsShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"JustInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesOnYourSqlDatabasesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"DiskEncryptionShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesShouldBeRemediatedByAVulnerabilityAssessmentSolution","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes'')]"}}},{"policyDefinitionReferenceId":"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AnAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AdvancedDataSecurityShouldBeEnabledOnYourManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"AuditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"AdvancedDataSecurityShouldBeEnabledOnYourSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de","parameters":{}},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a","parameters":{}},{"policyDefinitionReferenceId":"AuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{}},{"policyDefinitionReferenceId":"TransparentDataEncryptionOnSqlDatabasesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"ServiceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"DeployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","parameters":{"membersToExclude":{"value":"[parameters(''membersToExclude'')]"}}},{"policyDefinitionReferenceId":"DeployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","parameters":{"membersToInclude":{"value":"[parameters(''membersToInclude'')]"}}},{"policyDefinitionReferenceId":"DeployRequirementsToAuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{}},{"policyDefinitionReferenceId":"TheNsGsRulesForWebApplicationsOnIaaSShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceId'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/e95f5a9f-57ad-4d03-bb0b-b1d16db93693","type":"Microsoft.Authorization/policySetDefinitions","name":"e95f5a9f-57ad-4d03-bb0b-b1d16db93693"},{"properties":{"displayName":"Audit
Windows VMs that do not have the specified Windows PowerShell execution policy","policyType":"BuiltIn","description":"This
initiative deploys the policy requirements and audits Windows virtual machines
where Windows PowerShell is not configured to use the specified PowerShell
@@ -2646,18 +3258,17 @@ interactions:
Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration"},"parameters":{"ApplicationName":{"type":"String","metadata":{"displayName":"Application
names","description":"A semicolon-separated list of the names of the applications
- that should not be installed. e.g. ''python; powershell''"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_NotInstalledApplicationLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0","parameters":{"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}}},{"policyDefinitionReferenceId":"Audit_NotInstalledApplicationLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/f48bcc78-5400-4fb0-b913-5140a2e5fa20","type":"Microsoft.Authorization/policySetDefinitions","name":"f48bcc78-5400-4fb0-b913-5140a2e5fa20"},{"properties":{"displayName":"EM
- - Deploy Advanced Data Security on SQL servers","policyType":"Custom","metadata":{"category":"CSS","createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-08-27T17:19:58.6797315Z","updatedBy":null,"updatedOn":null},"parameters":{},"policyDefinitions":[{"policyDefinitionReferenceId":"3773989704580610944","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6","parameters":{}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/29044f17-dbcd-4ff8-9508-9e76dd7d7462","type":"Microsoft.Authorization/policySetDefinitions","name":"29044f17-dbcd-4ff8-9508-9e76dd7d7462"},{"properties":{"displayName":"Audit
- tags","policyType":"Custom","policyDefinitions":[{"policyDefinitionReferenceId":"10813782128107244105","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/audit-tags.shouldBePerfTest"},{"policyDefinitionReferenceId":"7905866564202904301","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/audit-tags.shouldBeUnitTest"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/audit-tags","type":"Microsoft.Authorization/policySetDefinitions","name":"audit-tags"}]}'
+ that should not be installed. e.g. ''python; powershell''"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_NotInstalledApplicationLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0","parameters":{"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}}},{"policyDefinitionReferenceId":"Audit_NotInstalledApplicationLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/f48bcc78-5400-4fb0-b913-5140a2e5fa20","type":"Microsoft.Authorization/policySetDefinitions","name":"f48bcc78-5400-4fb0-b913-5140a2e5fa20"},{"properties":{"displayName":"Test
+ Modify initiative","policyType":"Custom","metadata":{"createdBy":"0dc80135-ae53-4da3-8695-220a2d93aad8","createdOn":"2019-08-29T00:36:36.3227701Z","updatedBy":"0dc80135-ae53-4da3-8695-220a2d93aad8","updatedOn":"2019-08-29T00:44:27.7479878Z"},"parameters":{},"policyDefinitions":[{"policyDefinitionReferenceId":"8044870099827093134","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","parameters":{}},{"policyDefinitionReferenceId":"2352795843478363616","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/robgaTestModify","parameters":{}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/55afae72-7df0-417b-9eb7-f756576c854a","type":"Microsoft.Authorization/policySetDefinitions","name":"55afae72-7df0-417b-9eb7-f756576c854a"}]}'
headers:
cache-control:
- no-cache
content-length:
- - '313289'
+ - '645446'
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:57:00 GMT
+ - Fri, 06 Dec 2019 22:30:38 GMT
expires:
- '-1'
pragma:
@@ -2676,9 +3287,9 @@ interactions:
- request:
body: '{"properties": {"displayName": "test_policyset000007_new", "description":
"desc_for_test_policyset_123_new", "parameters": {"allowedLocations": {"type":
- "array", "metadata": {"description": "The list of locations that can be specified
- when deploying resources", "strongType": "location", "displayName": "Allowed
- locations"}}}, "policyDefinitions": [{"policyDefinitionId": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002",
+ "array", "metadata": {"displayName": "Allowed locations", "description": "The
+ list of locations that can be specified when deploying resources"}}}, "policyDefinitions":
+ [{"policyDefinitionId": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002",
"parameters": {"allowedLocations": {"value": "[parameters(''allowedLocations'')]"}}},
{"policyDefinitionId": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]}}'
headers:
@@ -2691,32 +3302,32 @@ interactions:
Connection:
- keep-alive
Content-Length:
- - '757'
+ - '731'
Content-Type:
- application/json; charset=utf-8
ParameterSetName:
- -n --definitions --display-name --description --params
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policyset000007_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-11T21:57:02.1159945Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"14845753732208947904","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":"[parameters(''allowedLocations'')]"}}},{"policyDefinitionReferenceId":"5698725340126492926","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000006"}'
+ string: '{"properties":{"displayName":"test_policyset000007_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T22:30:41.1460506Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ locations","description":"The list of locations that can be specified when
+ deploying resources"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"11044466353499950743","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":"[parameters(''allowedLocations'')]"}}},{"policyDefinitionReferenceId":"5774214427163382764","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000006"}'
headers:
cache-control:
- no-cache
content-length:
- - '1240'
+ - '1216'
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:57:01 GMT
+ - Fri, 06 Dec 2019 22:30:40 GMT
expires:
- '-1'
pragma:
@@ -2744,26 +3355,26 @@ interactions:
ParameterSetName:
- -n --params
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policyset000007_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-11T21:57:02.1159945Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"14845753732208947904","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":"[parameters(''allowedLocations'')]"}}},{"policyDefinitionReferenceId":"5698725340126492926","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000006"}'
+ string: '{"properties":{"displayName":"test_policyset000007_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T22:30:41.1460506Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ locations","description":"The list of locations that can be specified when
+ deploying resources"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"11044466353499950743","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":"[parameters(''allowedLocations'')]"}}},{"policyDefinitionReferenceId":"5774214427163382764","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000006"}'
headers:
cache-control:
- no-cache
content-length:
- - '1240'
+ - '1216'
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:57:02 GMT
+ - Fri, 06 Dec 2019 22:30:42 GMT
expires:
- '-1'
pragma:
@@ -2784,8 +3395,10 @@ interactions:
"desc_for_test_policyset_123_new", "parameters": {"allowedLocations": {"type":
"array", "metadata": {"displayName": "Allowed locations 2"}}}, "policyDefinitions":
[{"policyDefinitionId": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002",
- "parameters": {"allowedLocations": {"value": "[parameters(''allowedLocations'')]"}}},
- {"policyDefinitionId": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]}}'
+ "parameters": {"allowedLocations": {"value": "[parameters(''allowedLocations'')]"}},
+ "policyDefinitionReferenceId": "11044466353499950743"}, {"policyDefinitionId":
+ "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004",
+ "policyDefinitionReferenceId": "5774214427163382764"}]}}'
headers:
Accept:
- application/json
@@ -2796,22 +3409,22 @@ interactions:
Connection:
- keep-alive
Content-Length:
- - '646'
+ - '755'
Content-Type:
- application/json; charset=utf-8
ParameterSetName:
- -n --params
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policyset000007_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-11T21:57:02.1159945Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-11T21:57:03.4950592Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
- locations 2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"14845753732208947904","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":"[parameters(''allowedLocations'')]"}}},{"policyDefinitionReferenceId":"5698725340126492926","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000006"}'
+ string: '{"properties":{"displayName":"test_policyset000007_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T22:30:41.1460506Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T22:30:43.2538646Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ locations 2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"11044466353499950743","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":"[parameters(''allowedLocations'')]"}}},{"policyDefinitionReferenceId":"5774214427163382764","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000006"}'
headers:
cache-control:
- no-cache
@@ -2820,7 +3433,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:57:03 GMT
+ - Fri, 06 Dec 2019 22:30:43 GMT
expires:
- '-1'
pragma:
@@ -2854,16 +3467,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: DELETE
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policyset000007_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-11T21:57:02.1159945Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-11T21:57:03.4950592Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
- locations 2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"14845753732208947904","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":"[parameters(''allowedLocations'')]"}}},{"policyDefinitionReferenceId":"5698725340126492926","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000006"}'
+ string: '{"properties":{"displayName":"test_policyset000007_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T22:30:41.1460506Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T22:30:43.2538646Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ locations 2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"11044466353499950743","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":"[parameters(''allowedLocations'')]"}}},{"policyDefinitionReferenceId":"5774214427163382764","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000006"}'
headers:
cache-control:
- no-cache
@@ -2872,7 +3485,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:57:04 GMT
+ - Fri, 06 Dec 2019 22:30:44 GMT
expires:
- '-1'
pragma:
@@ -2902,12 +3515,12 @@ interactions:
Connection:
- keep-alive
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions?api-version=2019-09-01
response:
body:
string: '{"value":[{"properties":{"displayName":"Audit Windows VMs in which
@@ -2950,7 +3563,11 @@ interactions:
a subset of CIS Microsoft Azure Foundations Benchmark recommendations. Additional
policies will be added in upcoming releases. For more information, please
visit https://aka.ms/cisazure-blueprint.","metadata":{"category":"Regulatory
- Compliance"},"parameters":{},"policyDefinitions":[{"policyDefinitionReferenceId":"CISv110x1x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x1m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x3CISv110x7x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x5CISv110x7x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x6CISv110x7x1CISv110x7x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x15CISv110x4x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x5m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x10m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{}},{"policyDefinitionReferenceId":"CISv110x8x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1a5bb27d-173f-493e-9568-eb56638dde4d","type":"Microsoft.Authorization/policySetDefinitions","name":"1a5bb27d-173f-493e-9568-eb56638dde4d"},{"properties":{"displayName":"[Preview]:
+ Compliance"},"parameters":{"listOfRegionsWhereNetworkWatcherShouldBeEnabled":{"type":"Array","metadata":{"displayName":"List
+ of regions where Network Watcher should be enabled","description":"To see
+ a complete list of regions use Get-AzLocation","strongType":"location"},"defaultValue":["eastus"]},"listOfApprovedVMExtensions":{"type":"Array","metadata":{"displayName":"List
+ of virtual machine extensions that are approved for use","description":"To
+ see a complete list of virtual machine extensions, use Get-AzVMExtensionImage"},"defaultValue":["AzureDiskEncryption","AzureDiskEncryptionForLinux","DependencyAgentWindows","DependencyAgentLinux","IaaSAntimalware","IaaSDiagnostics","LinuxDiagnostic","MicrosoftMonitoringAgent","NetworkWatcherAgentLinux","NetworkWatcherAgentWindows","OmsAgentForLinux","VMSnapshot","VMSnapshotLinux"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"CISv110x1x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x1m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x23","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1181c5f-672a-477a-979a-7d58aa086233","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x3CISv110x7x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x5CISv110x7x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x6CISv110x7x1CISv110x7x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x9m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x13","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x14CISv110x4x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x15CISv110x4x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x16","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x17","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x18","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x19","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x4m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x5m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x6m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x7m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x10m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x11","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x13","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x14","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e442","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x15","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e446","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x16","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e8f3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x17","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{}},{"policyDefinitionReferenceId":"CISv110x6x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfRegionsWhereNetworkWatcherShouldBeEnabled'')]"}}},{"policyDefinitionReferenceId":"CISv110x7x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","parameters":{}},{"policyDefinitionReferenceId":"CISv110x7x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432","parameters":{"approvedExtensions":{"value":"[parameters(''listOfApprovedVMExtensions'')]"}}},{"policyDefinitionReferenceId":"CISv110x8x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","parameters":{}},{"policyDefinitionReferenceId":"CISv110x8x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x3m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x3mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x4m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x4mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86d97760-d216-4d81-a3ad-163087b2b6c3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x5m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0473e7a-a1ba-4e86-afb2-e829e11b01d8","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x5mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa81768c-cb87-4ce2-bfaa-00baa10d760c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c2e7ca55-f62c-49b2-89a4-d41eb661d2f0","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x6m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10c1859c-e1a7-4df3-ab97-a487fa8059f6","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x6mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/843664e0-7563-41ee-a9cb-7522c382d2c4","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x7m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ab965db2-d2bf-4b64-8b39-c38ec8179461","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x7mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x8m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x8mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x9m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x9mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x10m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x10mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1a5bb27d-173f-493e-9568-eb56638dde4d","type":"Microsoft.Authorization/policySetDefinitions","name":"1a5bb27d-173f-493e-9568-eb56638dde4d"},{"properties":{"displayName":"[Preview]:
Enable Monitoring in Azure Security Center","policyType":"BuiltIn","description":"Monitor
all the available security recommendations in Azure Security Center. This
is the default policy for Azure Security Center.","metadata":{"category":"Security
@@ -3016,7 +3633,7 @@ interactions:
retention (in days) for logs in Batch accounts","description":"The required
diagnostic logs retention period in days"},"defaultValue":"365"},"metricAlertsInBatchAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Metric
alert rules should be configured on Batch accounts","description":"Enable
- or disable the monitoring of metric alerts in Batch accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"classicComputeVMsMonitoringEffect":{"type":"String","metadata":{"displayName":"Virtual
+ or disable the monitoring of metric alerts in Batch accounts","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"classicComputeVMsMonitoringEffect":{"type":"String","metadata":{"displayName":"Virtual
machines should be migrated to new Azure Resource Manager resources","description":"Enable
or disable the monitoring of classic compute VMs"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"classicStorageAccountsMonitoringEffect":{"type":"String","metadata":{"displayName":"Storage
accounts should be migrated to new Azure Resource Manager resources","description":"Enable
@@ -3115,7 +3732,25 @@ interactions:
debugging should be turned off for Function App","description":"Enable or
disable the monitoring of remote debugging for Function App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppDisableRemoteDebuggingMonitoringEffect":{"type":"String","metadata":{"displayName":"Remote
debugging should be turned off for Web Application","description":"Enable
- or disable the monitoring of remote debugging for Web App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppDisableWebSocketsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
+ or disable the monitoring of remote debugging for Web App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppAuditFtpsMonitoringEffect":{"type":"String","metadata":{"displayName":"FTPS
+ should be required in your API App","description":"Enable FTPS enforcement
+ for enhanced security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"functionAppAuditFtpsMonitoringEffect":{"type":"String","metadata":{"displayName":"FTPS
+ should be required in your Function App","description":"Enable FTPS enforcement
+ for enhanced security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppAuditFtpsMonitoringEffect":{"type":"String","metadata":{"displayName":"FTPS
+ should be required in your Web App","description":"Enable FTPS enforcement
+ for enhanced security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppUseManagedIdentityMonitoringEffect":{"type":"String","metadata":{"displayName":"A
+ managed identity should be used in your API App","description":"Use a managed
+ identity for enhanced authentication security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"functionAppUseManagedIdentityMonitoringEffect":{"type":"String","metadata":{"displayName":"A
+ managed identity should be used in your Function App","description":"Use a
+ managed identity for enhanced authentication security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppUseManagedIdentityMonitoringEffect":{"type":"String","metadata":{"displayName":"A
+ managed identity should be used in your Web App","description":"Use a managed
+ identity for enhanced authentication security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppRequireLatestTlsMonitoringEffect":{"type":"String","metadata":{"displayName":"Latest
+ TLS version should be used in your API App","description":"Upgrade to the
+ latest TLS version"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"functionAppRequireLatestTlsMonitoringEffect":{"type":"String","metadata":{"displayName":"Latest
+ TLS version should be used in your Function App","description":"Upgrade to
+ the latest TLS version"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppRequireLatestTlsMonitoringEffect":{"type":"String","metadata":{"displayName":"Latest
+ TLS version should be used in your Web App","description":"Upgrade to the
+ latest TLS version"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppDisableWebSocketsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
disable web sockets for API App","description":"[Deprecated] Enable or disable
the monitoring of web sockets for API App","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"functionAppDisableWebSocketsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
disable web sockets for Function App","description":"[Deprecated] Enable or
@@ -3241,7 +3876,11 @@ interactions:
and control over the TDE Protector, increased security with an HSM-backed
external service, and promotion of separation of duties."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"containerBenchmarkMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities
in container security configurations should be remediated","description":"Enable
- or disable container benchmark monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssEndpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{"effect":{"value":"[parameters(''vmssEndpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInIoTHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInIoTHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInIoTHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceFabricMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"accessRulesInEventHubNamespaceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","parameters":{"effect":{"value":"[parameters(''accessRulesInEventHubNamespaceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"accessRulesInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d","parameters":{"effect":{"value":"[parameters(''accessRulesInEventHubMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"useRbacRulesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{"effect":{"value":"[parameters(''useRbacRulesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInStreamAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"secureTransferToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''secureTransferToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInSqlServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInSqlServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"namespaceAuthorizationRulesInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","parameters":{"effect":{"value":"[parameters(''namespaceAuthorizationRulesInServiceBusMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceBusMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInServiceBusRetentionDays'')]"}}},{"policyDefinitionReferenceId":"clusterProtectionLevelInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{"effect":{"value":"[parameters(''clusterProtectionLevelInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInSearchServiceRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInRedisCacheMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInRedisCacheMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInLogicAppsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInLogicAppsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInLogicAppsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInKeyVaultMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInKeyVaultMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInKeyVaultRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInEventHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInEventHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeStoreMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"classicStorageAccountsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{"effect":{"value":"[parameters(''classicStorageAccountsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"classicComputeVMsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''classicComputeVMsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"metricAlertsInBatchAccountPoolDeleteStart","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","parameters":{"effect":{"value":"[parameters(''metricAlertsInBatchAccountMonitoringEffect'')]"},"metricName":{"value":"PoolDeleteStartEvent"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInBatchAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInBatchAccountMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInBatchAccountRetentionDays'')]"}}},{"policyDefinitionReferenceId":"encryptionOfAutomationAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{"effect":{"value":"[parameters(''encryptionOfAutomationAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSelectiveAppServicesMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSelectiveAppServicesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''sqlDbEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAuditingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAuditingActionsAndGroupsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingActionsAndGroupsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"SqlServerAuditingRetentionDaysMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{"effect":{"value":"[parameters(''SqlServerAuditingRetentionDaysMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnSubnetsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnSubnetsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnVirtualMachinesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemConfigurationsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{"effect":{"value":"[parameters(''systemConfigurationsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"endpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{"effect":{"value":"[parameters(''endpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"serverVulnerabilityAssessment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''serverVulnerabilityAssessmentEffect'')]"}}},{"policyDefinitionReferenceId":"webApplicationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{"effect":{"value":"[parameters(''webApplicationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''nextGenerationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''sqlDbVulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbDataClassificationMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349","parameters":{"effect":{"value":"[parameters(''sqlDbDataClassificationMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateLessThanOwnersMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{"effect":{"value":"[parameters(''identityDesignateLessThanOwnersMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateMoreThanOneOwnerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{"effect":{"value":"[parameters(''identityDesignateMoreThanOneOwnerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''apiAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{"effect":{"value":"[parameters(''functionAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''webAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''apiAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"apiAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","parameters":{"effect":{"value":"[parameters(''apiAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5","parameters":{"effect":{"value":"[parameters(''functionAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vnetEnableDDoSProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{"effect":{"value":"[parameters(''vnetEnableDDoSProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityEmailsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityEmailsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityEmailsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityEmailsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityEmailAdminsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityEmailAdminsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceRbacEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''kubernetesServiceRbacEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServicePspEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94","parameters":{"effect":{"value":"[parameters(''kubernetesServicePspEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceVersionUpToDateMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{"effect":{"value":"[parameters(''kubernetesServiceVersionUpToDateMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceAuthorizedIPRangesEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e246bcf-5f6f-4f87-bc6f-775d4712c7ea","parameters":{"effect":{"value":"[parameters(''kubernetesServiceAuthorizedIPRangesEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"threatDetectionTypesOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{"effect":{"value":"[parameters(''threatDetectionTypesOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"threatDetectionTypesOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{"effect":{"value":"[parameters(''threatDetectionTypesOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToManagementPortsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{"effect":{"value":"[parameters(''restrictAccessToManagementPortsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToAppServicesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a833ff1-d297-4a0f-9944-888428f8e0ff","parameters":{"effect":{"value":"[parameters(''restrictAccessToAppServicesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableIPForwardingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744","parameters":{"effect":{"value":"[parameters(''disableIPForwardingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"containerBenchmarkMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{"effect":{"value":"[parameters(''containerBenchmarkMonitoringEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","type":"Microsoft.Authorization/policySetDefinitions","name":"1f3afdf9-d0c9-4c3d-847f-89da613e70a8"},{"properties":{"displayName":"Audit
+ or disable container benchmark monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"ASCDependencyAgentAuditWindowsEffect":{"type":"String","metadata":{"displayName":"Audit
+ Dependency Agent for Windows VMs monitoring","description":"Enable or disable
+ Dependency Agent for Windows VMs"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"ASCDependencyAgentAuditLinuxEffect":{"type":"String","metadata":{"displayName":"Audit
+ Dependency Agent for Linux VMs monitoring","description":"Enable or disable
+ Dependency Agent for Linux VMs"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssEndpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{"effect":{"value":"[parameters(''vmssEndpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInIoTHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInIoTHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInIoTHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceFabricMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"accessRulesInEventHubNamespaceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","parameters":{"effect":{"value":"[parameters(''accessRulesInEventHubNamespaceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"accessRulesInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d","parameters":{"effect":{"value":"[parameters(''accessRulesInEventHubMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"useRbacRulesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{"effect":{"value":"[parameters(''useRbacRulesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInStreamAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"secureTransferToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''secureTransferToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInSqlServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInSqlServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"namespaceAuthorizationRulesInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","parameters":{"effect":{"value":"[parameters(''namespaceAuthorizationRulesInServiceBusMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceBusMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInServiceBusRetentionDays'')]"}}},{"policyDefinitionReferenceId":"clusterProtectionLevelInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{"effect":{"value":"[parameters(''clusterProtectionLevelInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInSearchServiceRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInRedisCacheMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInRedisCacheMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInLogicAppsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInLogicAppsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInLogicAppsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInKeyVaultMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInKeyVaultMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInKeyVaultRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInEventHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInEventHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeStoreMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"classicStorageAccountsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{"effect":{"value":"[parameters(''classicStorageAccountsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"classicComputeVMsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''classicComputeVMsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInBatchAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInBatchAccountMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInBatchAccountRetentionDays'')]"}}},{"policyDefinitionReferenceId":"encryptionOfAutomationAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{"effect":{"value":"[parameters(''encryptionOfAutomationAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSelectiveAppServicesMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSelectiveAppServicesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''sqlDbEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAuditingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAuditingActionsAndGroupsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingActionsAndGroupsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"SqlServerAuditingRetentionDaysMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{"effect":{"value":"[parameters(''SqlServerAuditingRetentionDaysMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnSubnetsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnSubnetsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnVirtualMachinesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemConfigurationsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{"effect":{"value":"[parameters(''systemConfigurationsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"endpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{"effect":{"value":"[parameters(''endpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"serverVulnerabilityAssessment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''serverVulnerabilityAssessmentEffect'')]"}}},{"policyDefinitionReferenceId":"webApplicationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{"effect":{"value":"[parameters(''webApplicationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''nextGenerationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''sqlDbVulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbDataClassificationMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349","parameters":{"effect":{"value":"[parameters(''sqlDbDataClassificationMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateLessThanOwnersMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{"effect":{"value":"[parameters(''identityDesignateLessThanOwnersMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateMoreThanOneOwnerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{"effect":{"value":"[parameters(''identityDesignateMoreThanOneOwnerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''apiAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{"effect":{"value":"[parameters(''functionAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''webAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppAuditFtpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5","parameters":{"effect":{"value":"[parameters(''apiAppAuditFtpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppAuditFtpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","parameters":{"effect":{"value":"[parameters(''webAppAuditFtpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppAuditFtpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15","parameters":{"effect":{"value":"[parameters(''functionAppAuditFtpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppUseManagedIdentityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","parameters":{"effect":{"value":"[parameters(''apiAppUseManagedIdentityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppUseManagedIdentityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332","parameters":{"effect":{"value":"[parameters(''webAppUseManagedIdentityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppUseManagedIdentityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f","parameters":{"effect":{"value":"[parameters(''functionAppUseManagedIdentityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{"effect":{"value":"[parameters(''apiAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{"effect":{"value":"[parameters(''webAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{"effect":{"value":"[parameters(''functionAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''apiAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"apiAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","parameters":{"effect":{"value":"[parameters(''apiAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5","parameters":{"effect":{"value":"[parameters(''functionAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vnetEnableDDoSProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{"effect":{"value":"[parameters(''vnetEnableDDoSProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityEmailsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityEmailsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityEmailsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityEmailsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityEmailAdminsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityEmailAdminsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceRbacEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''kubernetesServiceRbacEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServicePspEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94","parameters":{"effect":{"value":"[parameters(''kubernetesServicePspEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceVersionUpToDateMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{"effect":{"value":"[parameters(''kubernetesServiceVersionUpToDateMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceAuthorizedIPRangesEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e246bcf-5f6f-4f87-bc6f-775d4712c7ea","parameters":{"effect":{"value":"[parameters(''kubernetesServiceAuthorizedIPRangesEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"threatDetectionTypesOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{"effect":{"value":"[parameters(''threatDetectionTypesOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"threatDetectionTypesOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{"effect":{"value":"[parameters(''threatDetectionTypesOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToManagementPortsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{"effect":{"value":"[parameters(''restrictAccessToManagementPortsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToAppServicesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a833ff1-d297-4a0f-9944-888428f8e0ff","parameters":{"effect":{"value":"[parameters(''restrictAccessToAppServicesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableIPForwardingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744","parameters":{"effect":{"value":"[parameters(''disableIPForwardingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"containerBenchmarkMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{"effect":{"value":"[parameters(''containerBenchmarkMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ASCDependencyAgentAuditWindowsEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2f2ee1de-44aa-4762-b6bd-0893fc3f306d","parameters":{"effect":{"value":"[parameters(''ASCDependencyAgentAuditWindowsEffect'')]"}}},{"policyDefinitionReferenceId":"ASCDependencyAgentAuditLinuxEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/04c4380f-3fae-46e8-96c9-30193528f602","parameters":{"effect":{"value":"[parameters(''ASCDependencyAgentAuditLinuxEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","type":"Microsoft.Authorization/policySetDefinitions","name":"1f3afdf9-d0c9-4c3d-847f-89da613e70a8"},{"properties":{"displayName":"Audit
Windows VMs that do not have the specified applications installed","policyType":"BuiltIn","description":"This
initiative deploys the policy requirements and audits Windows virtual machines
that do not have the specified applications installed. For more information
@@ -3257,7 +3896,7 @@ interactions:
Additional policies will be added in upcoming releases. For more information,
please visit https://aka.ms/ukofficial-blueprint and https://aka.ms/uknhs-blueprint","metadata":{"category":"Regulatory
Compliance"},"parameters":{"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"List
- of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmEtcPasswdFilePermissionsAreSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnauditedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVmDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorVmVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"AuditEnablementOfEncryptionOfAutomationAccountVariables","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{}},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"AuditTheSettingOfClusterprotectionlevelPropertyToEncryptandsignInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{}},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditVMsThatDoNotUseManagedDisks","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/3937f550-eedd-4639-9c5e-294358be442e","type":"Microsoft.Authorization/policySetDefinitions","name":"3937f550-eedd-4639-9c5e-294358be442e"},{"properties":{"displayName":"[Preview]:
+ of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmEtcPasswdFilePermissionsAreSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"DeployPrerequisitesAuditLinuxVmEtcPasswdFilePermissionsAreSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnauditedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVmDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorVmVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"AuditEnablementOfEncryptionOfAutomationAccountVariables","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{}},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AuditTheSettingOfClusterprotectionlevelPropertyToEncryptandsignInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditVMsThatDoNotUseManagedDisks","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{}},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{}},{"policyDefinitionReferenceId":"AuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"AuditVulnerabilityAssessmentShouldBeEnabledOnSQLServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{}},{"policyDefinitionReferenceId":"AuditVulnerabilityAssessmentShouldBeEnabledOnSQLManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"AudtiAdvancedThreatProtectionTypesAllInSQLManagedInstanceAdvancedDataSecuritySettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{}},{"policyDefinitionReferenceId":"AudtiAdvancedThreatProtectionTypesAllInSQLServerAdvancedDataSecuritySettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{}},{"policyDefinitionReferenceId":"TheNsGsRulesForWebApplicationsOnIaaSShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"MonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"MonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"AuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"MonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingsScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/3937f550-eedd-4639-9c5e-294358be442e","type":"Microsoft.Authorization/policySetDefinitions","name":"3937f550-eedd-4639-9c5e-294358be442e"},{"properties":{"displayName":"[Preview]:
Audit SWIFT CSP-CSCF v2020 controls and deploy specific VM Extensions to support
audit requirements","policyType":"BuiltIn","description":"This initiative
includes audit and VM Extension deployment policies that address a subset
@@ -3440,6 +4079,196 @@ interactions:
machines with older versions on which Windows Defender Exploit Guard is not
available (such as Windows Server 2012 R2) non-compliant. Setting this value
to ''Compliant'' will make these machines compliant."},"allowedValues":["Compliant","Non-Compliant"],"defaultValue":"Non-Compliant"}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_WindowsDefenderExploitGuard","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a7a2bcf-f9be-4e35-9734-4f9657a70f1d","parameters":{"NotAvailableMachineState":{"value":"[parameters(''NotAvailableMachineState'')]"}}},{"policyDefinitionReferenceId":"Audit_WindowsDefenderExploitGuard","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/9d2fd8e6-95c8-410d-add0-43ada4241574","type":"Microsoft.Authorization/policySetDefinitions","name":"9d2fd8e6-95c8-410d-add0-43ada4241574"},{"properties":{"displayName":"Audit
+ HITRUST/HIPAA controls and deploy specific VM Extensions to support audit
+ requirements","policyType":"BuiltIn","description":"This initiative includes
+ policies that address a subset of HITRUST/HIPAA controls. Additional policies
+ will be added in upcoming releases. https://aka.ms/hipaa-blueprint","metadata":{"category":"Regulatory
+ Compliance"},"parameters":{"installedApplicationsOnWindowsVM":{"type":"String","metadata":{"displayName":"Application
+ names (supports wildcards)","description":"A semicolon-separated list of the
+ names of the applications that should be installed. e.g. ''Microsoft SQL Server
+ 2014 (64-bit); Microsoft Visual Studio Code'' or ''Microsoft SQL Server 2014*''
+ (to match any application starting with ''Microsoft SQL Server 2014'')"}},"DeployDiagnosticSettingsforNetworkSecurityGroupsstoragePrefix":{"type":"String","metadata":{"displayName":"Storage
+ Account Prefix for Regional Storage Account to deploy diagnostic settings
+ for Network Security Groups","description":"This prefix will be combined with
+ the network security group location to form the created storage account name."}},"DeployDiagnosticSettingsforNetworkSecurityGroupsrgName":{"type":"String","metadata":{"displayName":"Resource
+ Group Name for Storage Account (must exist) to deploy diagnostic settings
+ for Network Security Groups","description":"The resource group that the storage
+ account will be created in. This resource group must already exist.","strongType":"ExistingResourceGroups"}},"diagnosticsLogsInBatchAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Batch accounts should be enabled","description":"Enable or disable
+ the monitoring of diagnostic logs in Batch accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInBatchAccountRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (in days) for logs in Batch accounts","description":"The required
+ diagnostic logs retention period in days"},"defaultValue":"365"},"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect":{"type":"String","metadata":{"displayName":"SQL
+ managed instance TDE protector should be encrypted with your own key","description":"Enable
+ or disable the monitoring of Transparent Data Encryption (TDE) with your own
+ key support. TDE with your own key support provides increased transparency
+ and control over the TDE Protector, increased security with an HSM-backed
+ external service, and promotion of separation of duties."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diskEncryptionMonitoringEffect":{"type":"String","metadata":{"displayName":"Disk
+ encryption should be applied on virtual machines","description":"Enable or
+ disable the monitoring for VM disk encryption"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInSearchServiceMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Search services should be enabled","description":"Enable or disable
+ the monitoring of diagnostic logs in Azure Search service"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInSearchServiceRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (in days) of logs in Azure Search service","description":"The required
+ diagnostic logs retention period in days"},"defaultValue":"365"},"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerability
+ assessment should be enabled on your SQL managed instances","description":"Audit
+ SQL managed instances which do not have recurring vulnerability assessment
+ scans enabled. Vulnerability assessment can discover, track, and help you
+ remediate potential database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vulnerabilityAssesmentMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities
+ should be remediated by a Vulnerability Assessment solution","description":"Enable
+ or disable the detection of VM vulnerabilities by a vulnerability assessment
+ solution"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"EnableInsecureGuestLogons":{"type":"String","metadata":{"displayName":"Enable
+ insecure guest logons","description":"Specifies whether the SMB client will
+ allow insecure guest logons to an SMB server."},"defaultValue":"0"},"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain":{"type":"String","metadata":{"displayName":"Allow
+ simultaneous connections to the Internet or a Windows Domain","description":"Specify
+ whether to prevent computers from connecting to both a domain based network
+ and a non-domain based network at the same time. A value of 0 allows simultaneous
+ connections, and a value of 1 blocks them."},"defaultValue":"1"},"TurnOffMulticastNameResolution":{"type":"String","metadata":{"displayName":"Turn
+ off multicast name resolution","description":"Specifies whether LLMNR, a secondary
+ name resolution protocol that transmits using multicast over a local subnet
+ link on a single subnet, is enabled."},"defaultValue":"1"},"nextGenerationFirewallMonitoringEffect":{"type":"String","metadata":{"displayName":"Access
+ through Internet facing endpoint should be restricted","description":"Enable
+ or disable overly permissive inbound NSG rules monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect":{"type":"String","metadata":{"displayName":"SQL
+ server TDE protector should be encrypted with your own key","description":"Enable
+ or disable the monitoring of Transparent Data Encryption (TDE) with your own
+ key support. TDE with your own key support provides increased transparency
+ and control over the TDE Protector, increased security with an HSM-backed
+ external service, and promotion of separation of duties."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppDisableRemoteDebuggingMonitoringEffect":{"type":"String","metadata":{"displayName":"Remote
+ debugging should be turned off for API App","description":"Enable or disable
+ the monitoring of remote debugging for API App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"classicComputeVMsMonitoringEffect":{"type":"String","metadata":{"displayName":"Virtual
+ machines should be migrated to new Azure Resource Manager resources","description":"Enable
+ or disable the monitoring of classic compute VMs"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"disableUnrestrictedNetworkToStorageAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Audit
+ unrestricted network access to storage accounts","description":"Enable or
+ disable the monitoring of network access to storage account"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"adaptiveApplicationControlsMonitoringEffect":{"type":"String","metadata":{"displayName":"Adaptive
+ Application Controls should be enabled on virtual machines","description":"Enable
+ or disable the monitoring of application whitelisting in Azure Security Center"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"NetworkAccessRemotelyAccessibleRegistryPaths":{"type":"String","metadata":{"displayName":"Network
+ access: Remotely accessible registry paths","description":"Specifies which
+ registry paths will be accessible over the network, regardless of the users
+ or groups listed in the access control list (ACL) of the `winreg` registry
+ key."},"defaultValue":"System\\CurrentControlSet\\Control\\ProductOptions|#|System\\CurrentControlSet\\Control\\Server
+ Applications|#|Software\\Microsoft\\Windows NT\\CurrentVersion"},"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths":{"type":"String","metadata":{"displayName":"Network
+ access: Remotely accessible registry paths and sub-paths","description":"Specifies
+ which registry paths and sub-paths will be accessible over the network, regardless
+ of the users or groups listed in the access control list (ACL) of the `winreg`
+ registry key."},"defaultValue":"System\\CurrentControlSet\\Control\\Print\\Printers|#|System\\CurrentControlSet\\Services\\Eventlog|#|Software\\Microsoft\\OLAP
+ Server|#|Software\\Microsoft\\Windows NT\\CurrentVersion\\Print|#|Software\\Microsoft\\Windows
+ NT\\CurrentVersion\\Windows|#|System\\CurrentControlSet\\Control\\ContentIndex|#|System\\CurrentControlSet\\Control\\Terminal
+ Server|#|System\\CurrentControlSet\\Control\\Terminal Server\\UserConfig|#|System\\CurrentControlSet\\Control\\Terminal
+ Server\\DefaultUserConfiguration|#|Software\\Microsoft\\Windows NT\\CurrentVersion\\Perflib|#|System\\CurrentControlSet\\Services\\SysmonLog"},"NetworkAccessSharesThatCanBeAccessedAnonymously":{"type":"String","metadata":{"displayName":"Network
+ access: Shares that can be accessed anonymously","description":"Specifies
+ which network shares can be accessed by anonymous users. The default configuration
+ for this policy setting has little effect because all users have to be authenticated
+ before they can access shared resources on the server."},"defaultValue":"0"},"webAppDisableRemoteDebuggingMonitoringEffect":{"type":"String","metadata":{"displayName":"Remote
+ debugging should be turned off for Web Application","description":"Enable
+ or disable the monitoring of remote debugging for Web App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppEnforceHttpsMonitoringEffectV2":{"type":"String","metadata":{"displayName":"API
+ App should only be accessible over HTTPS V2","description":"Enable or disable
+ the monitoring of the use of HTTPS in API App V2"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"identityEnableMFAForWritePermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled accounts with write permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with write permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"jitNetworkAccessMonitoringEffect":{"type":"String","metadata":{"displayName":"Just-In-Time
+ network access control should be applied on virtual machines","description":"Enable
+ or disable the monitoring of network just In time access"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled on accounts with owner permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with owner permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"kubernetesServiceRbacEnabledMonitoringEffect":{"type":"String","metadata":{"displayName":"Role-Based
+ Access Control (RBAC) should be used on Kubernetes Services","description":"Enable
+ or disable the monitoring of Kubernetes Services without RBAC enabled"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"restrictAccessToManagementPortsMonitoringEffect":{"type":"String","metadata":{"displayName":"Management
+ ports should be closed on your virtual machines","description":"Enable or
+ disable the monitoring of open management ports on Virtual Machines"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vmssOsVulnerabilitiesMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities
+ in security configuration on your virtual machine scale sets should be remediated","description":"Enable
+ or disable virtual machine scale sets OS vulnerabilities monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInEventHubMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Event Hub should be enabled","description":"Enable or disable the
+ monitoring of diagnostic logs in Event Hub accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInEventHubRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (in days) of logs in Event Hub accounts","description":"The required
+ diagnostic logs retention period in days"},"defaultValue":"365"},"vmssSystemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"System
+ updates on virtual machine scale sets should be installed","description":"Enable
+ or disable virtual machine scale sets reporting of system updates"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInServiceFabricMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Virtual Machine Scale Sets should be enabled","description":"Enable
+ or disable the monitoring of diagnostic logs in Service Fabric"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"systemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"System
+ updates should be installed on your machines","description":"Enable or disable
+ reporting of system updates"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"DeployAzureBaselineSecurityOptionsAccountsAccountsGuestAccountStatus":{"type":"String","metadata":{"displayName":"Accounts:
+ Guest account status","description":"Specifies whether the local Guest account
+ is disabled."},"defaultValue":"0"},"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"type":"String","metadata":{"displayName":"Recovery
+ console: Allow floppy copy and access to all drives and all folders","description":"Specifies
+ whether to make the Recovery Console SET command available, which allows setting
+ of recovery console environment variables."},"defaultValue":"0"},"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"type":"String","metadata":{"displayName":"Audit:
+ Shut down system immediately if unable to log security audits","description":"Audits
+ if the system will shut down when unable to log Security events."},"defaultValue":"0"},"DeployAzureBaselineSystemAuditPoliciesDetailedTrackingAuditProcessTermination":{"type":"String","metadata":{"displayName":"Audit
+ Process Termination","description":"Specifies whether audit events are generated
+ when a process has exited. Recommended for monitoring termination of critical
+ processes."},"allowedValues":["No Auditing","Success","Failure","Success and
+ Failure"],"defaultValue":"No Auditing"},"WindowsFirewallDomainUseProfileSettings":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Use profile settings","description":"Specifies whether
+ Windows Firewall with Advanced Security uses the settings for the Domain profile
+ to filter network traffic. If you select Off, Windows Firewall with Advanced
+ Security will not use any of the firewall rules or connection security rules
+ for this profile."},"defaultValue":"1"},"WindowsFirewallDomainBehaviorForOutboundConnections":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Behavior for outbound connections","description":"Specifies
+ the behavior for outbound connections for the Domain profile that do not match
+ an outbound firewall rule. The default value of 0 means to allow connections,
+ and a value of 1 means to block connections."},"defaultValue":"0"},"WindowsFirewallDomainApplyLocalConnectionSecurityRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Apply local connection security rules","description":"Specifies
+ whether local administrators are allowed to create connection security rules
+ that apply together with connection security rules configured by Group Policy
+ for the Domain profile."},"defaultValue":"1"},"WindowsFirewallDomainApplyLocalFirewallRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Apply local firewall rules","description":"Specifies whether
+ local administrators are allowed to create local firewall rules that apply
+ together with firewall rules configured by Group Policy for the Domain profile."},"defaultValue":"1"},"WindowsFirewallDomainDisplayNotifications":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Display notifications","description":"Specifies whether
+ Windows Firewall with Advanced Security displays notifications to the user
+ when a program is blocked from receiving inbound connections, for the Domain
+ profile."},"defaultValue":"1"},"WindowsFirewallPrivateUseProfileSettings":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Use profile settings","description":"Specifies whether
+ Windows Firewall with Advanced Security uses the settings for the Private
+ profile to filter network traffic. If you select Off, Windows Firewall with
+ Advanced Security will not use any of the firewall rules or connection security
+ rules for this profile."},"defaultValue":"1"},"WindowsFirewallPrivateBehaviorForOutboundConnections":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Behavior for outbound connections","description":"Specifies
+ the behavior for outbound connections for the Private profile that do not
+ match an outbound firewall rule. The default value of 0 means to allow connections,
+ and a value of 1 means to block connections."},"defaultValue":"0"},"WindowsFirewallPrivateApplyLocalConnectionSecurityRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Apply local connection security rules","description":"Specifies
+ whether local administrators are allowed to create connection security rules
+ that apply together with connection security rules configured by Group Policy
+ for the Private profile."},"defaultValue":"1"},"WindowsFirewallPrivateApplyLocalFirewallRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Apply local firewall rules","description":"Specifies whether
+ local administrators are allowed to create local firewall rules that apply
+ together with firewall rules configured by Group Policy for the Private profile."},"defaultValue":"1"},"WindowsFirewallPrivateDisplayNotifications":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Display notifications","description":"Specifies whether
+ Windows Firewall with Advanced Security displays notifications to the user
+ when a program is blocked from receiving inbound connections, for the Private
+ profile."},"defaultValue":"1"},"WindowsFirewallPublicUseProfileSettings":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Use profile settings","description":"Specifies whether
+ Windows Firewall with Advanced Security uses the settings for the Public profile
+ to filter network traffic. If you select Off, Windows Firewall with Advanced
+ Security will not use any of the firewall rules or connection security rules
+ for this profile."},"defaultValue":"1"},"WindowsFirewallPublicBehaviorForOutboundConnections":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Behavior for outbound connections","description":"Specifies
+ the behavior for outbound connections for the Public profile that do not match
+ an outbound firewall rule. The default value of 0 means to allow connections,
+ and a value of 1 means to block connections."},"defaultValue":"0"},"WindowsFirewallPublicApplyLocalConnectionSecurityRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Apply local connection security rules","description":"Specifies
+ whether local administrators are allowed to create connection security rules
+ that apply together with connection security rules configured by Group Policy
+ for the Public profile."},"defaultValue":"1"},"WindowsFirewallPublicApplyLocalFirewallRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Apply local firewall rules","description":"Specifies whether
+ local administrators are allowed to create local firewall rules that apply
+ together with firewall rules configured by Group Policy for the Public profile."},"defaultValue":"1"},"WindowsFirewallPublicDisplayNotifications":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Display notifications","description":"Specifies whether
+ Windows Firewall with Advanced Security displays notifications to the user
+ when a program is blocked from receiving inbound connections, for the Public
+ profile."},"defaultValue":"1"},"WindowsFirewallDomainAllowUnicastResponse":{"type":"String","metadata":{"displayName":"Windows
+ Firewall: Domain: Allow unicast response","description":"Specifies whether
+ Windows Firewall with Advanced Security permits the local computer to receive
+ unicast responses to its outgoing multicast or broadcast messages; for the
+ Domain profile."},"defaultValue":"0"},"WindowsFirewallPrivateAllowUnicastResponse":{"type":"String","metadata":{"displayName":"Windows
+ Firewall: Private: Allow unicast response","description":"Specifies whether
+ Windows Firewall with Advanced Security permits the local computer to receive
+ unicast responses to its outgoing multicast or broadcast messages; for the
+ Private profile."},"defaultValue":"0"},"WindowsFirewallPublicAllowUnicastResponse":{"type":"String","metadata":{"displayName":"Windows
+ Firewall: Public: Allow unicast response","description":"Specifies whether
+ Windows Firewall with Advanced Security permits the local computer to receive
+ unicast responses to its outgoing multicast or broadcast messages; for the
+ Public profile."},"defaultValue":"1"},"CertificateThumbprints":{"type":"String","metadata":{"displayName":"Certificate
+ thumbprints","description":"A semicolon-separated list of certificate thumbprints
+ that should exist under the Trusted Root certificate store (Cert:\\LocalMachine\\Root).
+ e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"DeploydefaultMicrosoftIaaSAntimalwareextensionforWindowsServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc","parameters":{}},{"policyDefinitionReferenceId":"diagnosticsLogsInBatchAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInBatchAccountMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInBatchAccountRetentionDays'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"RequireencryptiononDataLakeStoreaccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a","parameters":{}},{"policyDefinitionReferenceId":"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"AuditSQLTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"Deploy_InstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6","parameters":{"installedApplication":{"value":"[parameters(''installedApplicationsOnWindowsVM'')]"}}},{"policyDefinitionReferenceId":"Audit_InstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9","parameters":{}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21e2995e-683e-497a-9e81-2f42ad07050a","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/498b810c-59cd-4222-9338-352ba146ccf3","parameters":{"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"value":"[parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SystemAuditPoliciesAccountManagement","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/225e937e-d32e-4713-ab74-13ce95b3519a","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SystemAuditPoliciesAccountManagement","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29","parameters":{}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SystemAuditPoliciesDetailedTracking","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9a33475-481d-4b81-9116-0bf02ffe67e8","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SystemAuditPoliciesDetailedTracking","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/42a07bbf-ffcf-459a-b4b1-30ecd118a505","parameters":{"AuditProcessTermination":{"value":"[parameters(''DeployAzureBaselineSystemAuditPoliciesDetailedTrackingAuditProcessTermination'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInSearchServiceRetentionDays'')]"}}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsMicrosoftNetworkServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6fe4ef56-7576-4dc4-8e9c-26bad4b087ce","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsMicrosoftNetworkServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86880e5c-df35-43c5-95ad-7e120635775e","parameters":{}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_AdministrativeTemplatesNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7229bd6a-693d-478a-87f0-1dc1af06f3b8","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_AdministrativeTemplatesNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/985285b7-b97a-419c-8d48-c88cc934c8d8","parameters":{"EnableInsecureGuestLogons":{"value":"[parameters(''EnableInsecureGuestLogons'')]"},"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain":{"value":"[parameters(''AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain'')]"},"TurnOffMulticastNameResolution":{"value":"[parameters(''TurnOffMulticastNameResolution'')]"}}},{"policyDefinitionReferenceId":"Deploynetworkwatcherwhenvirtualnetworksarecreated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9","parameters":{}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_WindowsFirewallProperties","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8bbd627e-4d25-4906-9a6e-3789780af3ec","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_WindowsFirewallProperties","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/909c958d-1b99-4c74-b88f-46a5c5bc34f9","parameters":{"WindowsFirewallDomainUseProfileSettings":{"value":"[parameters(''WindowsFirewallDomainUseProfileSettings'')]"},"WindowsFirewallDomainBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallDomainBehaviorForOutboundConnections'')]"},"WindowsFirewallDomainApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallDomainApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalFirewallRules'')]"},"WindowsFirewallDomainDisplayNotifications":{"value":"[parameters(''WindowsFirewallDomainDisplayNotifications'')]"},"WindowsFirewallPrivateUseProfileSettings":{"value":"[parameters(''WindowsFirewallPrivateUseProfileSettings'')]"},"WindowsFirewallPrivateBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPrivateBehaviorForOutboundConnections'')]"},"WindowsFirewallPrivateApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallPrivateApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalFirewallRules'')]"},"WindowsFirewallPrivateDisplayNotifications":{"value":"[parameters(''WindowsFirewallPrivateDisplayNotifications'')]"},"WindowsFirewallPublicUseProfileSettings":{"value":"[parameters(''WindowsFirewallPublicUseProfileSettings'')]"},"WindowsFirewallPublicBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPublicBehaviorForOutboundConnections'')]"},"WindowsFirewallPublicApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallPublicApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalFirewallRules'')]"},"WindowsFirewallPublicDisplayNotifications":{"value":"[parameters(''WindowsFirewallPublicDisplayNotifications'')]"},"WindowsFirewallDomainAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallDomainAllowUnicastResponse'')]"},"WindowsFirewallPrivateAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPrivateAllowUnicastResponse'')]"},"WindowsFirewallPublicAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPublicAllowUnicastResponse'')]"}}},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''nextGenerationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''apiAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"classicComputeVMsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''classicComputeVMsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"DeployDiagnosticSettingsforNetworkSecurityGroups","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89","parameters":{"storagePrefix":{"value":"[parameters(''DeployDiagnosticSettingsforNetworkSecurityGroupsstoragePrefix'')]"},"rgName":{"value":"[parameters(''DeployDiagnosticSettingsforNetworkSecurityGroupsrgName'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsNetworkAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30040dab-4e75-4456-8273-14b8f75d91d9","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsNetworkAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f56a3ab2-89d1-44de-ac0d-2ada5962e22a","parameters":{"NetworkAccessRemotelyAccessibleRegistryPaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPaths'')]"},"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths'')]"},"NetworkAccessSharesThatCanBeAccessedAnonymously":{"value":"[parameters(''NetworkAccessSharesThatCanBeAccessedAnonymously'')]"}}},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''webAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"AuditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"Audit_WindowsCertificateInTrustedRoot","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b9ad83-000d-4dc1-bff0-6d54533dd03f","parameters":{}},{"policyDefinitionReferenceId":"Deploy_WindowsCertificateInTrustedRoot","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/106ccbe4-a791-4f33-a44a-06796944b8d5","parameters":{"CertificateThumbprints":{"value":"[parameters(''CertificateThumbprints'')]"}}},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''apiAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceRbacEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''kubernetesServiceRbacEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b872a447-cc6f-43b9-bccf-45703cd81607","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e5b81f87-9185-4224-bf00-9f505e9f89f3","parameters":{"AccountsGuestAccountStatus":{"value":"[parameters(''DeployAzureBaselineSecurityOptionsAccountsAccountsGuestAccountStatus'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToManagementPortsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{"effect":{"value":"[parameters(''restrictAccessToManagementPortsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInEventHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInEventHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceFabricMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsRecoveryconsole","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b"},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsRecoveryconsole","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b","parameters":{"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/a169a624-5599-4385-a696-c8d643089fab","type":"Microsoft.Authorization/policySetDefinitions","name":"a169a624-5599-4385-a696-c8d643089fab"},{"properties":{"displayName":"Audit
Windows Server VMs on which Windows Serial Console is not enabled","policyType":"BuiltIn","description":"This
initiative deploys the policy requirements and audits Windows Server virtual
machines on which Windows Serial Console is not enabled. For more information
@@ -3538,7 +4367,81 @@ interactions:
Analytics workspace ID for VM agent reporting"}},"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"List
of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"listOfMembersToExcludeFromWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"List
of users excluded from Windows VM Administrators group"}},"listOfMembersToIncludeInWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"List
- of users that must be included in Windows VM Administrators group"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditCORSResourceAccessRestrictionsForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentMImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVMSSVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceforVMPreviewReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdforVMreporting'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditMaximumNumberOfOwnersForASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditMinimumNumberOfOwnersForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"PreviewAudiThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVMDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorVMVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"AuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de","parameters":{}},{"policyDefinitionReferenceId":"AuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a","parameters":{}},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingsScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{}},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","parameters":{"MembersToExclude":{"value":"[parameters(''listOfMembersToExcludeFromWindowsVMAdministratorsGroup'')]"}}},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","parameters":{"MembersToInclude":{"value":"[parameters(''listOfMembersToIncludeInWindowsVMAdministratorsGroup'')]"}}},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{}},{"policyDefinitionReferenceId":"TheNsGsRulesForWebApplicationsOnIaaSShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f","type":"Microsoft.Authorization/policySetDefinitions","name":"cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f"},{"properties":{"displayName":"[Preview]:
+ of users that must be included in Windows VM Administrators group"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(2)"]},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"PreviewAuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewAuditCORSResourceAccessRestrictionsForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4"]},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentMImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVMSSVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceforVMPreviewReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdforVMreporting'')]"}},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditMaximumNumberOfOwnersForASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"PreviewAuditMinimumNumberOfOwnersForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-5"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAudiThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3","NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3","NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(2)","NIST_SP_800-53_R4_CM-7(5)","NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"PreviewMonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)","NIST_SP_800-53_R4_SC-7(3)","NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVMDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"PreviewMonitorVMVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}},"groupNames":["NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-16","NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SC-28(1)","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-16","NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SC-28(1)","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"AuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"AuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingsScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)","NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","parameters":{"MembersToExclude":{"value":"[parameters(''listOfMembersToExcludeFromWindowsVMAdministratorsGroup'')]"}},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","parameters":{"MembersToInclude":{"value":"[parameters(''listOfMembersToIncludeInWindowsVMAdministratorsGroup'')]"}},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"TheNsGsRulesForWebApplicationsOnIaaSShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1000","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ef3cc79-733e-48ed-ab6f-7bf439e9b406","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-1"]},{"policyDefinitionReferenceId":"ACF1001","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e26f8c3-4bf3-4191-b8fc-d888805101b7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-1"]},{"policyDefinitionReferenceId":"ACF1002","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/632024c2-8079-439d-a7f6-90af1d78cc65","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1003","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b68b179-3704-4ff7-b51d-7d65374d165d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1004","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c17822dc-736f-4eb4-a97d-e6be662ff835","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1005","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b626abc-26d4-4e22-9de8-3831818526b1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1006","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aae8d54c-4bce-4c04-b3aa-5b65b67caac8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1007","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17200329-bf6c-46d8-ac6d-abf4641c2add","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1008","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8356cfc6-507a-4d20-b818-08038011cd07","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1009","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b26f8610-e615-47c2-abd6-c00b2b0b503a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1010","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/784663a8-1eb0-418a-a98c-24d19bc1bb62","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1011","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7e6a54f3-883f-43d5-87c4-172dfd64a1f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1012","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/efd7b9ae-1db6-4eb6-b0fe-87e6565f9738","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1013","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fd7b917-d83b-4379-af60-51e14e316c61","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(1)"]},{"policyDefinitionReferenceId":"ACF1014","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5dee936c-8037-4df1-ab35-6635733da48c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(2)"]},{"policyDefinitionReferenceId":"ACF1015","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/544a208a-9c3f-40bc-b1d1-d7e144495c14","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(3)"]},{"policyDefinitionReferenceId":"ACF1016","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d8b43277-512e-40c3-ab00-14b3b6e72238","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(4)"]},{"policyDefinitionReferenceId":"ACF1017","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0fc3db37-e59a-48c1-84e9-1780cedb409e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(5)"]},{"policyDefinitionReferenceId":"ACF1018","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9121abf-e698-4ee9-b1cf-71ee528ff07f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1019","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a3ee9b2-3977-459c-b8ce-2db583abd9f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1020","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b291ee8-3140-4cad-beb7-568c077c78ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1021","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a3eb0a3-428d-4669-baff-20a14eb4b551","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(9)"]},{"policyDefinitionReferenceId":"ACF1022","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/411f7e2d-9a0b-4627-a0b9-1700432db47d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(10)"]},{"policyDefinitionReferenceId":"ACF1023","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e55698b6-3dea-4aa9-99b9-d8218c6ab6e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(11)"]},{"policyDefinitionReferenceId":"ACF1024","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84914fb4-12da-4c53-a341-a9fd463bed10","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)"]},{"policyDefinitionReferenceId":"ACF1025","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/adfe020d-0a97-45f4-a39c-696ef99f3a95","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)"]},{"policyDefinitionReferenceId":"ACF1026","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/55419419-c597-4cd4-b51e-009fd2266783","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(13)"]},{"policyDefinitionReferenceId":"ACF1027","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-3"]},{"policyDefinitionReferenceId":"ACF1028","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f171df5c-921b-41e9-b12b-50801c315475","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4"]},{"policyDefinitionReferenceId":"ACF1029","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4(8)"]},{"policyDefinitionReferenceId":"ACF1030","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d3531453-b869-4606-9122-29c1cd6e7ed1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4(21)"]},{"policyDefinitionReferenceId":"ACF1031","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b93a801-fe25-4574-a60d-cb22acffae00","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1032","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa85661-d618-46b8-a20f-ca40a86f0751","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1033","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48540f01-fc11-411a-b160-42807c68896e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1034","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02a5ed00-6d2e-4e97-9a98-46c32c057329","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6"]},{"policyDefinitionReferenceId":"ACF1035","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ca94b046-45e2-444f-a862-dc8ce262a516","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(1)"]},{"policyDefinitionReferenceId":"ACF1036","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a16d673-8cf0-4dcf-b1d5-9b3e114fef71","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(2)"]},{"policyDefinitionReferenceId":"ACF1037","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa4c2a3d-1294-41a3-9ada-0e540471e9fb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(3)"]},{"policyDefinitionReferenceId":"ACF1038","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26692e88-71b7-4a5f-a8ac-9f31dd05bd8e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(5)"]},{"policyDefinitionReferenceId":"ACF1039","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3a7b9de4-a8a2-4672-914d-c5f6752aa7f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"ACF1040","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/54205576-cec9-463f-ba44-b4b3f5d0a84c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"ACF1041","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b3d8d15b-627a-4219-8c96-4d16f788888b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(8)"]},{"policyDefinitionReferenceId":"ACF1042","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/319dc4f0-0fed-4ac9-8fc3-7aeddee82c07","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(9)"]},{"policyDefinitionReferenceId":"ACF1043","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/361a77f6-0f9c-4748-8eec-bc13aaaa2455","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(10)"]},{"policyDefinitionReferenceId":"ACF1044","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0abbac52-57cf-450d-8408-1208d0dd9e90","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7"]},{"policyDefinitionReferenceId":"ACF1045","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/554d2dd6-f3a8-4ad5-b66f-5ce23bd18892","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7"]},{"policyDefinitionReferenceId":"ACF1046","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b1aa965-7502-41f9-92be-3e2fe7cc392a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7(2)"]},{"policyDefinitionReferenceId":"ACF1047","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1048","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/483e7ca9-82b3-45a2-be97-b93163a0deb7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1049","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9adf7ba7-900a-4f35-8d57-9f34aafc405c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1050","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd20184c-b4ec-4ce5-8db6-6e86352d183f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-10"]},{"policyDefinitionReferenceId":"ACF1051","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7cac6ee9-b58b-40c8-a5ce-f0efc3d9b339","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11"]},{"policyDefinitionReferenceId":"ACF1052","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/027cae1c-ec3e-4492-9036-4168d540c42a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11"]},{"policyDefinitionReferenceId":"ACF1053","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7582b19c-9dba-438e-aed8-ede59ac35ba3","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11(1)"]},{"policyDefinitionReferenceId":"ACF1054","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5807e1b4-ba5e-4718-8689-a0ca05a191b2","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12"]},{"policyDefinitionReferenceId":"ACF1055","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/769efd9b-3587-4e22-90ce-65ddcd5bd969","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12(1)"]},{"policyDefinitionReferenceId":"ACF1056","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac43352f-df83-4694-8738-cfce549fd08d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12(1)"]},{"policyDefinitionReferenceId":"ACF1057","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/78255758-6d45-4bf0-a005-7016bc03b13c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-14"]},{"policyDefinitionReferenceId":"ACF1058","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/76e85d08-8fbb-4112-a1c1-93521e6a9254","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-14"]},{"policyDefinitionReferenceId":"ACF1059","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a29b5d9f-4953-4afe-b560-203a6410b6b4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17"]},{"policyDefinitionReferenceId":"ACF1060","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34a987fd-2003-45de-a120-014956581f2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17"]},{"policyDefinitionReferenceId":"ACF1061","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ac22808-a2e8-41c4-9d46-429b50738914","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"ACF1062","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4708723f-e099-4af1-bbf9-b6df7642e444","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(2)"]},{"policyDefinitionReferenceId":"ACF1063","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/593ce201-54b2-4dd0-b34f-c308005d7780","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(3)"]},{"policyDefinitionReferenceId":"ACF1064","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb4d9508-cbf0-4a3c-bb5c-6c95b159f3fb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(4)"]},{"policyDefinitionReferenceId":"ACF1065","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f87b8085-dca9-4cf1-8f7b-9822b997797c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(4)"]},{"policyDefinitionReferenceId":"ACF1066","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4455c2e8-c65d-4acf-895e-304916f90b36","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(9)"]},{"policyDefinitionReferenceId":"ACF1067","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c5e54f6-0127-44d0-8b61-f31dc8dd6190","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18"]},{"policyDefinitionReferenceId":"ACF1068","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d045bca-a0fd-452e-9f41-4ec33769717c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18"]},{"policyDefinitionReferenceId":"ACF1069","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/91c97b44-791e-46e9-bad7-ab7c4949edbb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(1)"]},{"policyDefinitionReferenceId":"ACF1070","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68f837d0-8942-4b1e-9b31-be78b247bda8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(3)"]},{"policyDefinitionReferenceId":"ACF1071","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a437f5b-9ad6-4f28-8861-de404d511ae4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(4)"]},{"policyDefinitionReferenceId":"ACF1072","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1ca29e41-34ec-4e70-aba9-6248aca18c31","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(5)"]},{"policyDefinitionReferenceId":"ACF1073","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ab55cdb0-c7dd-4bd8-ae22-a7cea7594e9c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19"]},{"policyDefinitionReferenceId":"ACF1074","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/27a69937-af92-4198-9b86-08d355c7e59a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19"]},{"policyDefinitionReferenceId":"ACF1075","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fc933d22-04df-48ed-8f87-22a3773d4309","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19(5)"]},{"policyDefinitionReferenceId":"ACF1076","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/98a4bd5f-6436-46d4-ad00-930b5b1dfed4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20"]},{"policyDefinitionReferenceId":"ACF1077","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2dad3668-797a-412e-a798-07d3849a7a79","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20"]},{"policyDefinitionReferenceId":"ACF1078","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b25faf85-8a16-4f28-8e15-d05c0072d64d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(1)"]},{"policyDefinitionReferenceId":"ACF1079","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/85c32733-7d23-4948-88da-058e2c56b60f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(1)"]},{"policyDefinitionReferenceId":"ACF1080","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/852981b4-a380-4704-aa1e-2e52d63445e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(2)"]},{"policyDefinitionReferenceId":"ACF1081","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3867f2a9-23bb-4729-851f-c3ad98580caf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-21"]},{"policyDefinitionReferenceId":"ACF1082","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24d480ef-11a0-4b1b-8e70-4e023bf2be23","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-21"]},{"policyDefinitionReferenceId":"ACF1083","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e319cb6-2ca3-4a58-ad75-e67f484e50ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1084","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d0eb15db-dd1c-4d1d-b200-b12dd6cd060c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1085","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13d117e0-38b0-4bbb-aaab-563be5dd10ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1086","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb321e6f-16a0-4be3-878f-500956e309c5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1087","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/100c82ba-42e9-4d44-a2ba-94b209248583","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-1"]},{"policyDefinitionReferenceId":"ACF1088","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d50f99d-1356-49c0-934a-45f742ba7783","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-1"]},{"policyDefinitionReferenceId":"ACF1089","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef080e67-0d1a-4f76-a0c5-fb9b0358485e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1090","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2fb740e5-cbc7-4d10-8686-d1bf826652b1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1091","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b23bd715-5d1c-4e5c-9759-9cbdf79ded9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1092","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8a29d47b-8604-4667-84ef-90d203fcb305","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2(2)"]},{"policyDefinitionReferenceId":"ACF1093","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a0bdeeb-15f4-47e8-a1da-9f769f845fdf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1094","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4b1853e0-8973-446b-b567-09d901d31a09","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1095","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc3f6f7a-057b-433e-9834-e8c97b0194f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1096","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/420c1477-aa43-49d0-bd7e-c4abdd9addff","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3(3)"]},{"policyDefinitionReferenceId":"ACF1097","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf3e4836-f19e-47eb-a8cd-c3ca150452c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3(4)"]},{"policyDefinitionReferenceId":"ACF1098","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84363adb-dde3-411a-9fc1-36b56737f822","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-4"]},{"policyDefinitionReferenceId":"ACF1099","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01910bab-8639-4bd0-84ef-cc53b24d79ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-4"]},{"policyDefinitionReferenceId":"ACF1100","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4057863c-ca7d-47eb-b1e0-503580cba8a4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-1"]},{"policyDefinitionReferenceId":"ACF1101","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7327b708-f0e0-457d-9d2a-527fcc9c9a65","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-1"]},{"policyDefinitionReferenceId":"ACF1102","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9943c16a-c54c-4b4a-ad28-bfd938cdbf57","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1103","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16feeb31-6377-437e-bbab-d7f73911896d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1104","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdd8d244-18b2-4306-a1d1-df175ae0935f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1105","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b73f57b-587d-4470-a344-0b0ae805f459","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1106","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d2b4feae-61ab-423f-a4c5-0e38ac4464d8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2(3)"]},{"policyDefinitionReferenceId":"ACF1107","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b29ed931-8e21-4779-8458-27916122a904","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3"]},{"policyDefinitionReferenceId":"ACF1108","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9ad559e-c12d-415e-9a78-e50fdd7da7ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(1)"]},{"policyDefinitionReferenceId":"ACF1109","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7d9ffa23-ad92-4d0d-b1f4-7db274cc2aec","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)"]},{"policyDefinitionReferenceId":"ACF1110","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6182bfa7-0f2a-43f5-834a-a2ddf31c13c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-4"]},{"policyDefinitionReferenceId":"ACF1111","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21de687c-f15e-4e51-bf8d-f35c8619965b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5"]},{"policyDefinitionReferenceId":"ACF1112","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d530aad8-4ee2-45f4-b234-c061dae683c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5"]},{"policyDefinitionReferenceId":"ACF1113","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/562afd61-56be-4313-8fe4-b9564aa4ba7d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5(1)"]},{"policyDefinitionReferenceId":"ACF1114","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c090801-59bc-4454-bb33-e0455133486a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5(2)"]},{"policyDefinitionReferenceId":"ACF1115","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b653845-2ad9-4e09-a4f3-5a7c1d78353d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6"]},{"policyDefinitionReferenceId":"ACF1116","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e47bc51-35d1-44b8-92af-e2f2d8b67635","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6"]},{"policyDefinitionReferenceId":"ACF1117","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7fbfe680-6dbb-4037-963c-a621c5635902","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(1)"]},{"policyDefinitionReferenceId":"ACF1118","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a96f743d-a195-420d-983a-08aa06bc441e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(3)"]},{"policyDefinitionReferenceId":"ACF1119","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/845f6359-b764-4b40-b579-657aefe23c44","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(4)"]},{"policyDefinitionReferenceId":"ACF1120","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c69b870e-857b-458b-af02-bb234f7a00d3","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(5)"]},{"policyDefinitionReferenceId":"ACF1121","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c72b0eb9-1fc2-44e5-a866-e7cb0532f7c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(6)"]},{"policyDefinitionReferenceId":"ACF1122","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/243ec95e-800c-49d4-ba52-1fdd9f6b8b57","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(7)"]},{"policyDefinitionReferenceId":"ACF1123","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03996055-37a4-45a5-8b70-3f1caa45f87d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(10)"]},{"policyDefinitionReferenceId":"ACF1124","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c10152dd-78f8-4335-ae2d-ad92cc028da4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7"]},{"policyDefinitionReferenceId":"ACF1125","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c6ce745a-670e-47d3-a6c4-3cfe5ef00c10","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7"]},{"policyDefinitionReferenceId":"ACF1126","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f37f71b-420f-49bf-9477-9c0196974ecf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7(1)"]},{"policyDefinitionReferenceId":"ACF1127","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3ce328db-aef3-48ed-9f81-2ab7cf839c66","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8"]},{"policyDefinitionReferenceId":"ACF1128","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef212163-3bc4-4e86-bcf8-705127086393","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8"]},{"policyDefinitionReferenceId":"ACF1129","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/71bb965d-4047-4623-afd4-b8189a58df5d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8(1)"]},{"policyDefinitionReferenceId":"ACF1130","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd7c4c1d-51ee-4349-9dab-89a7f8c8d102","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8(1)"]},{"policyDefinitionReferenceId":"ACF1131","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b472a17e-c2bc-493f-b50b-42d55a346962","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9"]},{"policyDefinitionReferenceId":"ACF1132","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05938e10-cdbd-4a54-9b2b-1cbcfc141ad0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(2)"]},{"policyDefinitionReferenceId":"ACF1133","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90b60a09-133d-45bc-86ef-b206a6134bbe","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(3)"]},{"policyDefinitionReferenceId":"ACF1134","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e95f70e-181c-4422-9da2-43079710c789","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(4)"]},{"policyDefinitionReferenceId":"ACF1135","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9c308b6b-2429-4b97-86cf-081b8e737b04","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-10"]},{"policyDefinitionReferenceId":"ACF1136","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/97ed5bac-a92f-4f6d-a8ed-dc094723597c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-11"]},{"policyDefinitionReferenceId":"ACF1137","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4344df62-88ab-4637-b97b-bcaf2ec97e7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1138","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9c284fc0-268a-4f29-af44-3c126674edb4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1139","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ed62522-de00-4dda-9810-5205733d2f34","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1140","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90d8b8ad-8ee3-4db7-913f-2a53fcff5316","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12(1)"]},{"policyDefinitionReferenceId":"ACF1141","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6fdefbf4-93e7-4513-bc95-c1858b7093e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12(3)"]},{"policyDefinitionReferenceId":"ACF1142","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01524fa8-4555-48ce-ba5f-c3b8dcef5147","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-1"]},{"policyDefinitionReferenceId":"ACF1143","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c6de11b-5f51-4f7c-8d83-d2467c8a816e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-1"]},{"policyDefinitionReferenceId":"ACF1144","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2fa15ff1-a693-4ee4-b094-324818dc9a51","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1145","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0724970-9c75-4a64-a225-a28002953f28","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1146","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd83410c-ecb6-4547-8f14-748c3cbdc7ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1147","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fef824a-29a8-4a4c-88fc-420a39c0d541","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1148","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28e62650-c7c2-4786-bdfa-17edc1673902","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(1)"]},{"policyDefinitionReferenceId":"ACF1149","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2e1b855b-a013-481a-aeeb-2bcb129fd35d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(2)"]},{"policyDefinitionReferenceId":"ACF1150","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d630429d-e763-40b1-8fba-d20ba7314afb","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(3)"]},{"policyDefinitionReferenceId":"ACF1151","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/347e3b69-7fb7-47df-a8ef-71a1a7b44bca","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1152","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/beff0acf-7e67-40b2-b1ca-1a0e8205cf1b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1153","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/61cf3125-142c-4754-8a16-41ab4d529635","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1154","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e757ceb9-93b3-45fe-a4f4-f43f64f1ac5a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3(3)"]},{"policyDefinitionReferenceId":"ACF1155","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d33f9f1-12d0-46ad-9fbd-8f8046694977","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3(5)"]},{"policyDefinitionReferenceId":"ACF1156","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d52e864-9a3b-41ee-8f03-520815fe5378","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-5"]},{"policyDefinitionReferenceId":"ACF1157","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/15495367-cf68-464c-bbc3-f53ca5227b7a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-5"]},{"policyDefinitionReferenceId":"ACF1158","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fff50cf2-28eb-45b4-b378-c99412688907","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1159","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0925f098-7877-450b-8ba4-d1e55f2d8795","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1160","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3e797ca6-2aa8-4333-b335-7036f1110c05","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1161","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2f8f6c6-dde4-436b-a79d-bc50e129eb3a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1162","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1163","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/961663a1-8a91-4e59-b6f5-1eee57c0f49c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1164","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0fb8d3ce-9e96-481c-9c68-88d4e3019310","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1165","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47e10916-6c9e-446b-b0bd-ff5fd439d79d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1166","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bb02733d-3cc5-4bb0-a6cd-695ba2c2272e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1167","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cbb2be76-4891-430b-95a7-ca0b0a3d1300","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1168","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82409f9e-1f32-4775-bf07-b99d53a91b06","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7(1)"]},{"policyDefinitionReferenceId":"ACF1169","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e7ba2cb3-5675-4468-8b50-8486bdd998a5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7(3)"]},{"policyDefinitionReferenceId":"ACF1170","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8b78b9b3-ee3c-48e0-a243-ed6dba5b7a12","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-8"]},{"policyDefinitionReferenceId":"ACF1171","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d4820bc-8b61-4982-9501-2123cb776c00","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-8(1)"]},{"policyDefinitionReferenceId":"ACF1172","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b43e946e-a4c8-4b92-8201-4a39331db43c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-9"]},{"policyDefinitionReferenceId":"ACF1173","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4aff9e7-2e60-46fa-86be-506b79033fc5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-9"]},{"policyDefinitionReferenceId":"ACF1174","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/42a9a714-8fbb-43ac-b115-ea12d2bd652f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-1"]},{"policyDefinitionReferenceId":"ACF1175","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6dab4254-c30d-4bb7-ae99-1d21586c063c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-1"]},{"policyDefinitionReferenceId":"ACF1176","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c30690a5-7bf3-467f-b0cd-ef5c7c7449cd","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2"]},{"policyDefinitionReferenceId":"ACF1177","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1178","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7818b8f4-47c6-441a-90ae-12ce04e99893","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1179","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3f9ce557-c8ab-4e6c-bb2c-9b8ed002c46c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1180","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/874e7880-a067-42a7-bcbe-1a340f54c8cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(2)"]},{"policyDefinitionReferenceId":"ACF1181","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21839937-d241-4fa5-95c6-b669253d9ab9","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(3)"]},{"policyDefinitionReferenceId":"ACF1182","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f34f554-da4b-4786-8d66-7915c90893da","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(7)"]},{"policyDefinitionReferenceId":"ACF1183","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5352e3e0-e63a-452e-9e5f-9c1d181cff9c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(7)"]},{"policyDefinitionReferenceId":"ACF1184","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13579d0e-0ab0-4b26-b0fb-d586f6d7ed20","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1185","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6420cd73-b939-43b7-9d99-e8688fea053c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1186","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b95ba3bd-4ded-49ea-9d10-c6f4b680813d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1187","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9f2b2f9e-4ba6-46c3-907f-66db138b6f85","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1188","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bb20548a-c926-4e4d-855c-bcddc6faf95e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1189","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ee45e02a-4140-416c-82c4-fecfea660b9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1190","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c66a3d1e-465b-4f28-9da5-aef701b59892","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1191","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f26a61b-a74d-467c-99cf-63644db144f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1192","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ebd97f7-b105-4f50-8daf-c51465991240","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1193","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f5fd629f-3075-4cae-ab53-bad65495a4ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1194","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc34667f-397e-4a65-9b72-d0358f0b6b09","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1195","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d1e1d65c-1013-4484-bd54-991332e6a0d2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1196","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e7f4ea4-dd62-44f6-8886-ac6137cf52b0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1197","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a20d2eaa-88e2-4907-96a2-8f3a05797e5c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(2)"]},{"policyDefinitionReferenceId":"ACF1198","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f56be5c3-660b-4c61-9078-f67cf072c356","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(4)"]},{"policyDefinitionReferenceId":"ACF1199","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9a08d1c-09b1-48f1-90ea-029bbdf7111e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(6)"]},{"policyDefinitionReferenceId":"ACF1200","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e98fe9d7-2ed3-44f8-93b7-24dca69783ff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-4"]},{"policyDefinitionReferenceId":"ACF1201","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7daef997-fdd3-461b-8807-a608a6dd70f1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-4(1)"]},{"policyDefinitionReferenceId":"ACF1202","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40a2a83b-74f2-4c02-ae65-f460a5d2792a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5"]},{"policyDefinitionReferenceId":"ACF1203","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9012d14-e3e6-4d7b-b926-9f37b5537066","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(1)"]},{"policyDefinitionReferenceId":"ACF1204","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f4f6750-d1ab-4a4c-8dfd-af3237682665","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(2)"]},{"policyDefinitionReferenceId":"ACF1205","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b070cab-0fb8-4e48-ad29-fc90b4c2797c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(3)"]},{"policyDefinitionReferenceId":"ACF1206","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e0de232d-02a0-4652-872d-88afb4ae5e91","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(5)"]},{"policyDefinitionReferenceId":"ACF1207","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8713a0ed-0d1e-4d10-be82-83dffb39830e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(5)"]},{"policyDefinitionReferenceId":"ACF1208","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5ea87673-d06b-456f-a324-8abcee5c159f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1209","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ce669c31-9103-4552-ae9c-cdef4e03580d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1210","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3502c968-c490-4570-8167-1476f955e9b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1211","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a8b9dc8-6b00-4701-aa96-bba3277ebf50","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1212","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/56d970ee-4efc-49c8-8a4e-5916940d784c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6(1)"]},{"policyDefinitionReferenceId":"ACF1213","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/81f11e32-a293-4a58-82cd-134af52e2318","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6(2)"]},{"policyDefinitionReferenceId":"ACF1214","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f714a4e2-b580-47b6-ae8c-f2812d3750f3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7"]},{"policyDefinitionReferenceId":"ACF1215","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88fc93e8-4745-4785-b5a5-b44bb92c44ff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7"]},{"policyDefinitionReferenceId":"ACF1216","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7894fe6a-f5cb-44c8-ba90-c3f254ff9484","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(1)"]},{"policyDefinitionReferenceId":"ACF1217","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/edea4f20-b02c-4115-be75-86c080e5c0ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(1)"]},{"policyDefinitionReferenceId":"ACF1218","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4a1d0394-b9f5-493e-9e83-563fd0ac4df8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(2)"]},{"policyDefinitionReferenceId":"ACF1219","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2a39ac75-622b-4c88-9a3f-45b7373f7ef7","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1220","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40f31a7-81e1-4130-99e5-a02ceea2a1d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1221","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22589a07-0007-486a-86ca-95355081ae2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1222","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb39e62f-6bda-4558-8088-ec03d5670914","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8"]},{"policyDefinitionReferenceId":"ACF1223","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8"]},{"policyDefinitionReferenceId":"ACF1224","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28cfa30b-7f72-47ce-ba3b-eed26c8d2c82","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(1)"]},{"policyDefinitionReferenceId":"ACF1225","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8d096fe0-f510-4486-8b4d-d17dc230980b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(2)"]},{"policyDefinitionReferenceId":"ACF1226","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c158eb1c-ae7e-4081-8057-d527140c4e0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(3)"]},{"policyDefinitionReferenceId":"ACF1227","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03b78f5e-4877-4303-b0f4-eb6583f25768","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(3)"]},{"policyDefinitionReferenceId":"ACF1228","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/39c54140-5902-4079-8bb5-ad31936fe764","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(4)"]},{"policyDefinitionReferenceId":"ACF1229","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03752212-103c-4ab8-a306-7e813022ca9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(5)"]},{"policyDefinitionReferenceId":"ACF1230","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/11158848-f679-4e9b-aa7b-9fb07d945071","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1231","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/244e0c05-cc45-4fe7-bf36-42dcf01f457d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1232","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/396ba986-eac1-4d6d-85c4-d3fda6b78272","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1233","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d79001f-95fe-45d0-8736-f217e78c1f57","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1234","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b293f881-361c-47ed-b997-bc4e2296bc0b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1235","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c49c610b-ece4-44b3-988c-2172b70d6e46","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1236","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ba3ed84-c768-4e18-b87c-34ef1aff1b57","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1237","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e80b6812-0bfa-4383-8223-cdd86a46a890","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10(1)"]},{"policyDefinitionReferenceId":"ACF1238","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1239","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0be51298-f643-4556-88af-d7db90794879","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1240","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/129eb39f-d79a-4503-84cd-92f036b5e429","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1241","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eca4d7b2-65e2-4e04-95d4-c68606b063c3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11(1)"]},{"policyDefinitionReferenceId":"ACF1242","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf3b3293-667a-445e-a722-fa0b0afc0958","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-1"]},{"policyDefinitionReferenceId":"ACF1243","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ca9a4469-d6df-4ab2-a42f-1213c396f0ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-1"]},{"policyDefinitionReferenceId":"ACF1244","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a13a8f8-c163-4b1b-8554-d63569dab937","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1245","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0e45314-57b8-4623-80cd-bbb561f59516","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1246","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/398eb61e-8111-40d5-a0c9-003df28f1753","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1247","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e666db5-b2ef-4b06-aac6-09bfce49151b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1248","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50fc602d-d8e0-444b-a039-ad138ee5deb0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1249","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d3bf4251-0818-42db-950b-afd5b25a51c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1250","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8de614d8-a8b7-4f70-a62a-6d37089a002c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1251","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e2b3730-8c14-4081-8893-19dbb5de7348","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(1)"]},{"policyDefinitionReferenceId":"ACF1252","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a328fd72-8ff5-4f96-8c9c-b30ed95db4ab","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(2)"]},{"policyDefinitionReferenceId":"ACF1253","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0afce0b3-dd9f-42bb-af28-1e4284ba8311","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(3)"]},{"policyDefinitionReferenceId":"ACF1254","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/704e136a-4fe0-427c-b829-cd69957f5d2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(4)"]},{"policyDefinitionReferenceId":"ACF1255","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3793f5e-937f-44f7-bfba-40647ef3efa0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(5)"]},{"policyDefinitionReferenceId":"ACF1256","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/232ab24b-810b-4640-9019-74a7d0d6a980","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(8)"]},{"policyDefinitionReferenceId":"ACF1257","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b958b241-4245-4bd6-bd2d-b8f0779fb543","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1258","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7814506c-382c-4d33-a142-249dd4a0dbff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1259","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d9e18f7-bad9-4d30-8806-a0c9d5e26208","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1260","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/42254fc4-2738-4128-9613-72aaa4f0d9c3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3(1)"]},{"policyDefinitionReferenceId":"ACF1261","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/65aeceb5-a59c-4cb1-8d82-9c474be5d431","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1262","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/831e510e-db41-4c72-888e-a0621ab62265","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1263","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41472613-3b05-49f6-8fe8-525af113ce17","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1264","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd280d4b-50a1-42fb-a479-ece5878acf19","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(1)"]},{"policyDefinitionReferenceId":"ACF1265","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a18adb5b-1db6-4a5b-901a-7d3797d12972","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(2)"]},{"policyDefinitionReferenceId":"ACF1266","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b4a3eb2-c25d-40bf-ad41-5094b6f59cee","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(2)"]},{"policyDefinitionReferenceId":"ACF1267","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e97ba1d-be5d-4953-8da4-0cccf28f4805","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6"]},{"policyDefinitionReferenceId":"ACF1268","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23f6e984-3053-4dfc-ab48-543b764781f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6"]},{"policyDefinitionReferenceId":"ACF1269","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/19b9439d-865d-4474-b17d-97d2702fdb66","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(1)"]},{"policyDefinitionReferenceId":"ACF1270","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53c76a39-2097-408a-b237-b279f7b4614d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(2)"]},{"policyDefinitionReferenceId":"ACF1271","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da3bfb53-9c46-4010-b3db-a7ba1296dada","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(3)"]},{"policyDefinitionReferenceId":"ACF1272","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1273","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e77fcbf2-a1e8-44f1-860e-ed6583761e65","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1274","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2aee175f-cd16-4825-939a-a85349d96210","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1275","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a23d9d53-ad2e-45ef-afd5-e6d10900a737","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(1)"]},{"policyDefinitionReferenceId":"ACF1276","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e214e563-1206-4a43-a56b-ac5880c9c571","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(2)"]},{"policyDefinitionReferenceId":"ACF1277","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dc43e829-3d50-4a0a-aa0f-428d551862aa","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(3)"]},{"policyDefinitionReferenceId":"ACF1278","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8e5ef485-9e16-4c53-a475-fbb8107eac59","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(4)"]},{"policyDefinitionReferenceId":"ACF1279","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8"]},{"policyDefinitionReferenceId":"ACF1280","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa108498-b3a8-4ffb-9e79-1107e76afad3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(1)"]},{"policyDefinitionReferenceId":"ACF1281","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8dc459b3-0e77-45af-8d71-cfd8c9654fe2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(1)"]},{"policyDefinitionReferenceId":"ACF1282","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34042a97-ec6d-4263-93d2-8c1c46823b2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(2)"]},{"policyDefinitionReferenceId":"ACF1283","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9172e76-7f56-46e9-93bf-75d69bdb5491","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(3)"]},{"policyDefinitionReferenceId":"ACF1284","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/942b3e97-6ae3-410e-a794-c9c999b97c0b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1285","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01f7726b-db54-45c2-bcb5-9bd7a43796ee","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1286","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4f9b47a-2116-4e6f-88db-4edbf22753f1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1287","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/819dc6da-289d-476e-8500-7e341ef8677d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1288","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1289","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a724864-956a-496c-b778-637cb1d762cf","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1290","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/92f85ce9-17b7-49ea-85ee-ea7271ea6b82","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1291","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(1)"]},{"policyDefinitionReferenceId":"ACF1292","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d03516cf-0293-489f-9b32-a18f2a79f836","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(2)"]},{"policyDefinitionReferenceId":"ACF1293","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/87f7cd82-2e45-4d0f-9e2f-586b0962d142","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(3)"]},{"policyDefinitionReferenceId":"ACF1294","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/49dbe627-2c1e-438c-979e-dd7a39bbf81d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(5)"]},{"policyDefinitionReferenceId":"ACF1295","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a895fbdb-204d-4302-9689-0a59dc42b3d9","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10"]},{"policyDefinitionReferenceId":"ACF1296","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e57b98a0-a011-4956-a79d-5d17ed8b8e48","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10(2)"]},{"policyDefinitionReferenceId":"ACF1297","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93fd8af1-c161-4bae-9ba9-f62731f76439","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10(4)"]},{"policyDefinitionReferenceId":"ACF1298","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1dc784b5-4895-4d27-9d40-a06b032bd1ee","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-1"]},{"policyDefinitionReferenceId":"ACF1299","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd4e54f7-9ab0-4bae-b6cc-457809948a89","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-1"]},{"policyDefinitionReferenceId":"ACF1300","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/99deec7d-5526-472e-b07c-3645a792026a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2"]},{"policyDefinitionReferenceId":"ACF1301","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"ACF1302","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09828c65-e323-422b-9774-9d5c646124da","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(2)"]},{"policyDefinitionReferenceId":"ACF1303","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/80ca0a27-918a-4604-af9e-723a27ee51e8","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(3)"]},{"policyDefinitionReferenceId":"ACF1304","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(4)"]},{"policyDefinitionReferenceId":"ACF1305","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d9166a8-1722-4b8f-847c-2cf3f2618b3d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(5)"]},{"policyDefinitionReferenceId":"ACF1306","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(8)"]},{"policyDefinitionReferenceId":"ACF1307","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84e622c8-4bed-417c-84c6-b2fb0dd73682","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(9)"]},{"policyDefinitionReferenceId":"ACF1308","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/81817e1c-5347-48dd-965a-40159d008229","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(11)"]},{"policyDefinitionReferenceId":"ACF1309","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f355d62b-39a8-4ba3-abf7-90f71cb3b000","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(12)"]},{"policyDefinitionReferenceId":"ACF1310","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/450d7ede-823d-4931-a99d-57f6a38807dc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-3"]},{"policyDefinitionReferenceId":"ACF1311","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e7568697-0c9e-4ea3-9cec-9e567d14f3c6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1312","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d6a5968-9eef-4c18-8534-376790ab7274","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1313","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36220f5b-79a1-4cdb-8c74-2d2449f9a510","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1314","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef0c8530-efd9-45b8-b753-f03083d06295","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1315","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3aa87116-f1a1-4edb-bfbf-14e036f8d454","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1316","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ce14753-66e5-465d-9841-26ef55c09c0d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4(4)"]},{"policyDefinitionReferenceId":"ACF1317","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8877f519-c166-47b7-81b7-8a8eb4ff3775","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1318","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fced5fda-3bdb-4d73-bfea-0e2c80428b66","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1319","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/66f7ae57-5560-4fc5-85c9-659f204e7a42","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1320","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6f54c732-71d4-4f93-a696-4e373eca3a77","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1321","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb627cc6-3a9d-46b5-96b7-5fca49178a37","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1322","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d1d971e-467e-4278-9633-c74c3d4fecc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1323","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abe8f70b-680f-470c-9b86-a7edfb664ecc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1324","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cfea2b3-7f77-497e-ac20-0752f2ff6eee","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1325","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1845796a-7581-49b2-ae20-443121538e19","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1326","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8605fc00-1bf5-4fb3-984e-c95cec4f231d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1327","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03188d8f-1ae5-4fe1-974d-2d7d32ef937d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1328","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f5c66fdc-3d02-4034-9db5-ba57802609de","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1329","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/498f6234-3e20-4b6a-a880-cbd646d973bd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1330","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f75cedb2-5def-4b31-973e-b69e8c7bd031","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1331","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05460fe2-301f-4ed1-8174-d62c8bb92ff4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1332","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/068260be-a5e6-4b0a-a430-cd27071c226a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1333","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3298d6bf-4bc6-4278-a95d-f7ef3ac6e594","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1334","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44bfdadc-8c2e-4c30-9c99-f005986fabcd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1335","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/382016f3-d4ba-4e15-9716-55077ec4dc2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1336","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/77f56280-e367-432a-a3b9-8ca2aa636a26","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1337","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/463e5220-3f79-4e24-a63f-343e4096cd22","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(3)"]},{"policyDefinitionReferenceId":"ACF1338","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6c59a207-6aed-41dc-83a2-e1ff66e4a4db","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(4)"]},{"policyDefinitionReferenceId":"ACF1339","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/367ae386-db7f-4167-b672-984ff86277c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(6)"]},{"policyDefinitionReferenceId":"ACF1340","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e51ff84b-e5ea-408f-b651-2ecc2933e4c6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(7)"]},{"policyDefinitionReferenceId":"ACF1341","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34cb7e92-fe4c-4826-b51e-8cd203fa5d35","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(8)"]},{"policyDefinitionReferenceId":"ACF1342","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/283a4e29-69d5-4c94-b99e-29acf003c899","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(11)"]},{"policyDefinitionReferenceId":"ACF1343","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c251a55-31eb-4e53-99c6-e9c43c393ac2","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(13)"]},{"policyDefinitionReferenceId":"ACF1344","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c895fe7-2d8e-43a2-838c-3a533a5b355e","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-6"]},{"policyDefinitionReferenceId":"ACF1345","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f86aa129-7c07-4aa4-bbf5-792d93ffd9ea","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-7"]},{"policyDefinitionReferenceId":"ACF1346","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/464dc8ce-2200-4720-87a5-dc5952924cc6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8"]},{"policyDefinitionReferenceId":"ACF1347","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/131a2706-61e9-4916-a164-00e052056462","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(1)"]},{"policyDefinitionReferenceId":"ACF1348","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/855ced56-417b-4d74-9d5f-dd1bc81e22d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(2)"]},{"policyDefinitionReferenceId":"ACF1349","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17641f70-94cd-4a5d-a613-3d1143e20e34","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(3)"]},{"policyDefinitionReferenceId":"ACF1350","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d77fd943-6ba6-4a21-ba07-22b03e347cc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(4)"]},{"policyDefinitionReferenceId":"ACF1351","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bcfb6683-05e5-4ce6-9723-c3fbe9896bdd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-1"]},{"policyDefinitionReferenceId":"ACF1352","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/518cb545-bfa8-43f8-a108-3b7d5037469a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-1"]},{"policyDefinitionReferenceId":"ACF1353","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c785ad59-f78f-44ad-9a7f-d1202318c748","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1354","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9fd92c17-163a-4511-bb96-bbb476449796","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1355","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90e01f69-3074-4de8-ade7-0fef3e7d83e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1356","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8829f8f5-e8be-441e-85c9-85b72a5d0ef3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2(1)"]},{"policyDefinitionReferenceId":"ACF1357","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e4213689-05e8-4241-9d4e-8dd1cdafd105","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2(2)"]},{"policyDefinitionReferenceId":"ACF1358","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/effbaeef-5bf4-400d-895e-ef8cbc0e64c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-3"]},{"policyDefinitionReferenceId":"ACF1359","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47bc7ea0-7d13-4f7c-a154-b903f7194253","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-3(2)"]},{"policyDefinitionReferenceId":"ACF1360","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/be5b05e7-0b82-4ebc-9eda-25e447b1a41e","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1361","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03ed3be1-7276-4452-9a5d-e4168565ac67","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1362","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5d169442-d6ef-439b-8dca-46c2c3248214","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1363","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea3e8156-89a1-45b1-8bd6-938abc79fdfd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(1)"]},{"policyDefinitionReferenceId":"ACF1364","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c615c2a-dc83-4dda-8220-abce7b50c9bc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(2)"]},{"policyDefinitionReferenceId":"ACF1365","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4116891d-72f7-46ee-911c-8056cc8dcbd5","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(3)"]},{"policyDefinitionReferenceId":"ACF1366","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06c45c30-ae44-4f0f-82be-41331da911cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(4)"]},{"policyDefinitionReferenceId":"ACF1367","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/435b2547-6374-4f87-b42d-6e8dbe6ae62a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(6)"]},{"policyDefinitionReferenceId":"ACF1368","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/465f32da-0ace-4603-8d1b-7be5a3a702de","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(8)"]},{"policyDefinitionReferenceId":"ACF1369","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/18cc35ed-a429-486d-8d59-cb47e87304ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-5"]},{"policyDefinitionReferenceId":"ACF1370","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/924e1b2d-c502-478f-bfdb-a7e09a0d5c01","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-5(1)"]},{"policyDefinitionReferenceId":"ACF1371","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9447f354-2c85-4700-93b3-ecdc6cb6a417","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6"]},{"policyDefinitionReferenceId":"ACF1372","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/25b96717-c912-4c00-9143-4e487f411726","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6"]},{"policyDefinitionReferenceId":"ACF1373","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4cca950f-c3b7-492a-8e8f-ea39663c14f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6(1)"]},{"policyDefinitionReferenceId":"ACF1374","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc5c8616-52ef-4e5e-8000-491634ed9249","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7"]},{"policyDefinitionReferenceId":"ACF1375","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/00379355-8932-4b52-b63a-3bc6daf3451a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(1)"]},{"policyDefinitionReferenceId":"ACF1376","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/493a95f3-f2e3-47d0-af02-65e6d6decc2f","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(2)"]},{"policyDefinitionReferenceId":"ACF1377","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68434bd1-e14b-4031-9edb-a4adf5f84a67","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(2)"]},{"policyDefinitionReferenceId":"ACF1378","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/97fceb70-6983-42d0-9331-18ad8253184d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1379","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9442dd2c-a07f-46cd-b55a-553b66ba47ca","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1380","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4319b7e-ea8d-42ff-8a67-ccd462972827","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1381","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e5368258-9684-4567-8126-269f34e65eab","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1382","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/841392b3-40da-4473-b328-4cde49db67b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1383","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d4558451-e16a-4d2d-a066-fe12a6282bb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1384","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/79fbc228-461c-4a45-9004-a865ca0728a7","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1385","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3e495e65-8663-49ca-9b38-9f45e800bc58","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1386","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5120193e-91fd-4f9d-bc6d-194f94734065","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1387","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3007185-3857-43a9-8237-06ca94f1084c","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1388","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c7c575a-d4c5-4f6f-bd49-dee97a8cba55","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1389","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c39e6fda-ae70-4891-a739-be7bba6d1062","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1390","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3b65b63-09ec-4cb5-8028-7dd324d10eb0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(1)"]},{"policyDefinitionReferenceId":"ACF1391","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd6ac1a1-660e-4810-baa8-74e868e2ed47","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(2)"]},{"policyDefinitionReferenceId":"ACF1392","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86dc819f-15e1-43f9-a271-41ae58d4cecc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(3)"]},{"policyDefinitionReferenceId":"ACF1393","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/731856d8-1598-4b75-92de-7d46235747c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(4)"]},{"policyDefinitionReferenceId":"ACF1394","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4db56f68-3f50-45ab-88f3-ca46f5379a94","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-1"]},{"policyDefinitionReferenceId":"ACF1395","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7207a023-a517-41c5-9df2-09d4c6845a05","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-1"]},{"policyDefinitionReferenceId":"ACF1396","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/276af98f-4ff9-4e69-99fb-c9b2452fb85f","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1397","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/391af4ab-1117-46b9-b2c7-78bbd5cd995b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1398","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/443e8f3d-b51a-45d8-95a7-18b0e42f4dc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1399","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2256e638-eb23-480f-9e15-6cf1af0a76b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1400","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a96d5098-a604-4cdf-90b1-ef6449a27424","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1401","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b78ee928-e3c1-4569-ad97-9f8c4b629847","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1402","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a560d32-8075-4fec-9615-9f7c853f4ea9","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2(2)"]},{"policyDefinitionReferenceId":"ACF1403","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/57149289-d52b-4f40-9fe6-5233c1ef80f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2(2)"]},{"policyDefinitionReferenceId":"ACF1404","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13d8f903-0cd6-449f-a172-50f6579c182b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3"]},{"policyDefinitionReferenceId":"ACF1405","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(1)"]},{"policyDefinitionReferenceId":"ACF1406","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0f5339c-9292-43aa-a0bc-d27c6b8e30aa","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(2)"]},{"policyDefinitionReferenceId":"ACF1407","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ff9fbd83-1d8d-4b41-aac2-94cb44b33976","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1408","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c5f56ac6-4bb2-4086-bc41-ad76344ba2c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1409","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d1880188-e51a-4772-b2ab-68f5e8bd27f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1410","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2596a9f-e59f-420d-9625-6e0b536348be","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1411","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/898d4fe8-f743-4333-86b7-0c9245d93e7d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1412","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3492d949-0dbb-4589-88b3-7b59601cc764","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1413","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeedddb6-6bc0-42d5-809b-80048033419d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1414","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ce63a52-e47b-4ae2-adbb-6e40d967f9e6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1415","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/61a1dd98-b259-4840-abd5-fbba7ee0da83","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1416","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/38dfd8a3-5290-4099-88b7-4081f4c4d8ae","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(2)"]},{"policyDefinitionReferenceId":"ACF1417","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7522ed84-70d5-4181-afc0-21e50b1b6d0e","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(3)"]},{"policyDefinitionReferenceId":"ACF1418","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28e633fd-284e-4ea7-88b4-02ca157ed713","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(3)"]},{"policyDefinitionReferenceId":"ACF1419","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6747bf9-2b97-45b8-b162-3c8becb9937d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(6)"]},{"policyDefinitionReferenceId":"ACF1420","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05ae08cc-a282-413b-90c7-21a2c60b8404","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1421","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e539caaa-da8c-41b8-9e1e-449851e2f7a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1422","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea556850-838d-4a37-8ce5-9d7642f95e11","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1423","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7741669e-d4f6-485a-83cb-e70ce7cbbc20","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5(1)"]},{"policyDefinitionReferenceId":"ACF1424","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf55fc87-48e1-4676-a2f8-d9a8cf993283","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5(1)"]},{"policyDefinitionReferenceId":"ACF1425","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5983d99c-f39b-4c32-a3dc-170f19f6941b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-6"]},{"policyDefinitionReferenceId":"ACF1426","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21f639bc-f42b-46b1-8f40-7a2a389c291a","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-1"]},{"policyDefinitionReferenceId":"ACF1427","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc90e44f-d83f-4bdf-900f-3d5eb4111b31","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-1"]},{"policyDefinitionReferenceId":"ACF1428","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a77fcc7-b8d8-451a-ab52-56197913c0c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-2"]},{"policyDefinitionReferenceId":"ACF1429","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b07c9b24-729e-4e85-95fc-f224d2d08a80","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-3"]},{"policyDefinitionReferenceId":"ACF1430","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f559588-5e53-4b14-a7c4-85d28ebc2234","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-3"]},{"policyDefinitionReferenceId":"ACF1431","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7173c52-2b99-4696-a576-63dd5f970ef4","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-4"]},{"policyDefinitionReferenceId":"ACF1432","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1140e542-b80d-4048-af45-3f7245be274b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-4"]},{"policyDefinitionReferenceId":"ACF1433","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b879b41-2728-41c5-ad24-9ee2c37cbe65","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1434","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c18f06b-a68d-41c3-8863-b8cd3acb5f8f","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1435","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa8d221b-d130-4637-ba16-501e666628bb","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1436","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28aab8b4-74fd-4b7c-9080-5a7be525d574","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1437","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d1eb6ed-bf13-4046-b993-b9e2aef0f76c","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5(4)"]},{"policyDefinitionReferenceId":"ACF1438","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40fcc635-52a2-4dbc-9523-80a1f4aa1de6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6"]},{"policyDefinitionReferenceId":"ACF1439","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dce72873-c5f1-47c3-9b4f-6b8207fd5a45","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6"]},{"policyDefinitionReferenceId":"ACF1440","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/881299bf-2a5b-4686-a1b2-321d33679953","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(1)"]},{"policyDefinitionReferenceId":"ACF1441","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6519d7f3-e8a2-4ff3-a935-9a9497152ad7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(2)"]},{"policyDefinitionReferenceId":"ACF1442","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f26049b-2c5a-4841-9ff3-d48a26aae475","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(3)"]},{"policyDefinitionReferenceId":"ACF1443","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cd0ec6fa-a2e7-4361-aee4-a8688659a9ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-7"]},{"policyDefinitionReferenceId":"ACF1444","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/666143df-f5e0-45bd-b554-135f0f93e44e","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-7(1)"]},{"policyDefinitionReferenceId":"ACF1445","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32d07d59-2716-4972-b37b-214a67ac4a37","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-1"]},{"policyDefinitionReferenceId":"ACF1446","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf6850fe-abba-468e-9ef4-d09ec7d983cd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-1"]},{"policyDefinitionReferenceId":"ACF1447","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9783a99-98fe-4a95-873f-29613309fe9a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1448","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/825d6494-e583-42f2-a3f2-6458e6f0004f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1449","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f784d3b0-5f2b-49b7-b9f3-00ba8653ced5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1450","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/134d7a13-ba3e-41e2-b236-91bfcfa24e01","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1451","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3f1e5a3-25c1-4476-8cb6-3955031f8e65","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1452","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82c76455-4d3f-4e09-a654-22e592107e74","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1453","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9693b564-3008-42bc-9d5d-9c7fe198c011","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1454","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ad58985d-ab32-4f99-8bd3-b7e134c90229","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1455","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/068a88d4-e520-434e-baf0-9005a8164e6a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1456","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/733ba9e3-9e7c-440a-a7aa-6196a90a2870","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1457","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f2d9d3e6-8886-4305-865d-639163e5c305","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1458","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c19ceb7-56e9-4488-8ddb-b1eb3aa6d203","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3(1)"]},{"policyDefinitionReferenceId":"ACF1459","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-4"]},{"policyDefinitionReferenceId":"ACF1460","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6f3ce1bb-4f77-4695-8355-70b08d54fdda","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-5"]},{"policyDefinitionReferenceId":"ACF1461","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aafef03e-fea8-470b-88fa-54bd1fcd7064","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1462","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9b1f3a9a-13a1-4b40-8420-36bca6fd8c02","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1463","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/59721f87-ae25-4db0-a2a4-77cc5b25d495","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1464","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41256567-1795-4684-b00b-a1308ce43cac","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6(1)"]},{"policyDefinitionReferenceId":"ACF1465","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6e41554-86b5-4537-9f7f-4fc41a1d1640","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6(4)"]},{"policyDefinitionReferenceId":"ACF1466","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d943a9c-a6f1-401f-a792-740cdb09c451","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8"]},{"policyDefinitionReferenceId":"ACF1467","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5350cbf9-8bdd-4904-b22a-e88be84ca49d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8"]},{"policyDefinitionReferenceId":"ACF1468","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/75603f96-80a1-4757-991d-5a1221765ddd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8(1)"]},{"policyDefinitionReferenceId":"ACF1469","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-9"]},{"policyDefinitionReferenceId":"ACF1470","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c89ba09f-2e0f-44d0-8095-65b05bd151ef","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1471","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7dd0e9ce-1772-41fb-a50a-99977071f916","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1472","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef869332-921d-4c28-9402-3be73e6e50c8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1473","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d7047705-d719-46a7-8bb0-76ad233eba71","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-11"]},{"policyDefinitionReferenceId":"ACF1474","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03ad326e-d7a1-44b1-9a76-e17492efc9e4","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-11(1)"]},{"policyDefinitionReferenceId":"ACF1475","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34a63848-30cf-4081-937e-ce1a1c885501","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-12"]},{"policyDefinitionReferenceId":"ACF1476","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f3c4ac2-3e35-4906-a80b-473b12a622d7","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13"]},{"policyDefinitionReferenceId":"ACF1477","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4862a63c-6c74-4a9d-a221-89af3c374503","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(1)"]},{"policyDefinitionReferenceId":"ACF1478","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f997df46-cfbb-4cc8-aac8-3fecdaf6a183","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(2)"]},{"policyDefinitionReferenceId":"ACF1479","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e327b072-281d-4f75-9c28-4216e5d72f26","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(3)"]},{"policyDefinitionReferenceId":"ACF1480","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/18a767cc-1947-4338-a240-bc058c81164f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14"]},{"policyDefinitionReferenceId":"ACF1481","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/717a1c78-a267-4f56-ac58-ee6c54dc4339","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14"]},{"policyDefinitionReferenceId":"ACF1482","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9df4277e-8c88-4d5c-9b1a-541d53d15d7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14(2)"]},{"policyDefinitionReferenceId":"ACF1483","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5cb81060-3c8a-4968-bcdc-395a1801f6c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-15"]},{"policyDefinitionReferenceId":"ACF1484","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/486b006a-3653-45e8-b41c-a052d3e05456","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-15(1)"]},{"policyDefinitionReferenceId":"ACF1485","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50301354-95d0-4a11-8af5-8039ecf6d38b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-16"]},{"policyDefinitionReferenceId":"ACF1486","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb790345-a51f-43de-934e-98dbfaf9dca5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1487","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c3371d-c30c-4f58-abd9-30b8a8199571","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1488","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d8ef30eb-a44f-47af-8524-ac19a36d41d2","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1489","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0a794f-1444-4c96-9534-e35fc8c39c91","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-18"]},{"policyDefinitionReferenceId":"ACF1490","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e61da80-0957-4892-b70c-609d5eaafb6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-1"]},{"policyDefinitionReferenceId":"ACF1491","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1571dd40-dafc-4ef4-8f55-16eba27efc7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-1"]},{"policyDefinitionReferenceId":"ACF1492","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ad5f307-e045-46f7-8214-5bdb7e973737","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1493","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22b469b3-fccf-42da-aa3b-a28e6fb113ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1494","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ed09d84-3311-4853-8b67-2b55dfa33d09","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1495","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4978d0e-a596-48e7-9f8c-bbf52554ce8d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1496","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ca96127-2f87-46ab-a4fc-0d2a786df1c8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1497","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2e3c5583-1729-4d36-8771-59c32f090a22","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2(3)"]},{"policyDefinitionReferenceId":"ACF1498","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/633988b9-cf2f-4323-8394-f0d2af9cd6e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1499","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e59671ab-9720-4ee2-9c60-170e8c82251e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1500","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9dd5b241-03cb-47d3-a5cd-4b89f9c53c92","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1501","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88817b58-8472-4f6c-81fa-58ce42b67f51","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1502","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e901375c-8f01-4ac8-9183-d5312f47fe63","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4(1)"]},{"policyDefinitionReferenceId":"ACF1503","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c1fa9c2f-d439-4ab9-8b83-81fb1934f81d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1504","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e7c35d0-12d4-4e0c-80a2-8a352537aefd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1505","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/813a10a7-3943-4fe3-8678-00dc52db5490","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1506","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f7d2ff17-d604-4dd9-b607-9ecf63f28ad2","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-1"]},{"policyDefinitionReferenceId":"ACF1507","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86ccd1bf-e7ad-4851-93ce-6ec817469c1e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-1"]},{"policyDefinitionReferenceId":"ACF1508","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/76f500cc-4bca-4583-bda1-6d084dc21086","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1509","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/70792197-9bfc-4813-905a-bd33993e327f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1510","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/79da5b09-0e7e-499e-adda-141b069c7998","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1511","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9eae324-d327-4539-9293-b48e122465f8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3"]},{"policyDefinitionReferenceId":"ACF1512","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5a8324ad-f599-429b-aaed-f9c6e8c987a8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3"]},{"policyDefinitionReferenceId":"ACF1513","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c416970d-b12b-49eb-8af4-fb144cd7c290","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3(3)"]},{"policyDefinitionReferenceId":"ACF1514","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ed5ca00-0e43-434e-a018-7aab91461ba7","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3(3)"]},{"policyDefinitionReferenceId":"ACF1515","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02dd141a-a2b2-49a7-bcbd-ca31142f6211","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1516","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da3cd269-156f-435b-b472-c3af34c032ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1517","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8f5ad423-50d6-4617-b058-69908f5586c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1518","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d58f734-c052-40e9-8b2f-a1c2bff0b815","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1519","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2f13915a-324c-4ab8-b45c-2eefeeefb098","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1520","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f2c513b-eb16-463b-b469-c10e5fa94f0a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1521","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cbddf9c-a3aa-4330-a0f5-4c0c1f1862e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4(2)"]},{"policyDefinitionReferenceId":"ACF1522","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/38b470cc-f939-4a15-80e0-9f0c74f2e2c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1523","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5577a310-2551-49c8-803b-36e0d5e55601","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1524","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/72f1cb4e-2439-4fe8-88ea-b8671ce3c268","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1525","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9be2f688-7a61-45e3-8230-e1ec93893f66","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1526","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/953e6261-a05a-44fd-8246-000e1a3edbb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1527","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2823de66-332f-4bfd-94a3-3eb036cd3b67","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1528","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/deb9797c-22f8-40e8-b342-a84003c924e6","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1529","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d74fdc92-1cb8-4a34-9978-8556425cd14c","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1530","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e8f9566-29f1-49cd-b61f-f8628a3cf993","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1531","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0643e0c-eee5-4113-8684-c608d05c5236","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1532","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2c66299-9017-4d95-8040-8bdbf7901d52","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1533","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bba2a036-fb3b-4261-b1be-a13dfb5fbcaa","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1534","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8b2b263e-cd05-4488-bcbf-4debec7a17d9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-8"]},{"policyDefinitionReferenceId":"ACF1535","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9a165d2-967d-4733-8399-1074270dae2e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-8"]},{"policyDefinitionReferenceId":"ACF1536","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e40d9de-2ad4-4cb5-8945-23143326a502","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-1"]},{"policyDefinitionReferenceId":"ACF1537","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b19454ca-0d70-42c0-acf5-ea1c1e5726d1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-1"]},{"policyDefinitionReferenceId":"ACF1538","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d7658b2-e827-49c3-a2ae-6d2bd0b45874","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1539","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aabb155f-e7a5-4896-a767-e918bfae2ee0","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1540","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f771f8cb-6642-45cc-9a15-8a41cd5c6977","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1541","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/70f6af82-7be6-44aa-9b15-8b9231b2e434","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1542","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eab340d0-3d55-4826-a0e5-feebfeb0131d","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1543","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd00b778-b5b5-49c0-a994-734ea7bd3624","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1544","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/43ced7c9-cd53-456b-b0da-2522649a4271","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1545","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3f4b171a-a56b-4328-8112-32cf7f947ee1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1546","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ce1ea7e-4038-4e53-82f4-63e8859333c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1547","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1548","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3afe6c78-6124-4d95-b85c-eb8c0c9539cb","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1549","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d6976a08-d969-4df2-bb38-29556c2eb48a","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1550","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/902908fb-25a8-4225-a3a5-5603c80066c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1551","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bbda922-0172-4095-89e6-5b4a0bf03af7","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(1)"]},{"policyDefinitionReferenceId":"ACF1552","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/43684572-e4f1-4642-af35-6b933bc506da","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(2)"]},{"policyDefinitionReferenceId":"ACF1553","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e5225fe-cdfb-4fce-9aec-0fe20dd53b62","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(3)"]},{"policyDefinitionReferenceId":"ACF1554","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10984b4e-c93e-48d7-bf20-9c03b04e9eca","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(4)"]},{"policyDefinitionReferenceId":"ACF1555","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5afa8cab-1ed7-4e40-884c-64e0ac2059cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(5)"]},{"policyDefinitionReferenceId":"ACF1556","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/391ff8b3-afed-405e-9f7d-ef2f8168d5da","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(6)"]},{"policyDefinitionReferenceId":"ACF1557","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36fbe499-f2f2-41b6-880e-52d7ea1d94a5","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(8)"]},{"policyDefinitionReferenceId":"ACF1558","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/65592b16-4367-42c5-a26e-d371be450e17","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(10)"]},{"policyDefinitionReferenceId":"ACF1559","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45692294-f074-42bd-ac54-16f1a3c07554","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-1"]},{"policyDefinitionReferenceId":"ACF1560","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e29e0915-5c2f-4d09-8806-048b749ad763","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-1"]},{"policyDefinitionReferenceId":"ACF1561","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40364c3f-c331-4e29-b1e3-2fbe998ba2f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1562","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d4142013-7964-4163-a313-a900301c2cef","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1563","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9afe2edf-232c-4fdf-8e6a-e867a5c525fd","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1564","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/157f0ef9-143f-496d-b8f9-f8c8eeaad801","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1565","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45ce2396-5c76-4654-9737-f8792ab3d26b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1566","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50ad3724-e2ac-4716-afcc-d8eabd97adb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1567","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e72edbf6-aa61-436d-a227-0f32b77194b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1568","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6a8eae8-9854-495a-ac82-d2cd3eac02a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1569","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ad2f8e61-a564-4dfd-8eaa-816f5be8cb34","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1570","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7fcf38d-bb09-4600-be7d-825046eb162a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1571","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b11c985b-f2cd-4bd7-85f4-b52426edf905","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1572","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/04f5fb00-80bb-48a9-a75b-4cb4d4c97c36","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1573","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/58c93053-7b98-4cf0-b99f-1beb985416c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1574","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f935dab-83d6-47b8-85ef-68b8584161b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1575","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93e1bb73-1b08-4dbe-9c62-8e2e92e7ec41","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(1)"]},{"policyDefinitionReferenceId":"ACF1576","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f18c885-ade3-48c5-80b1-8f9216019c18","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(2)"]},{"policyDefinitionReferenceId":"ACF1577","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d922484a-8cfc-4a6b-95a4-77d6a685407f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(8)"]},{"policyDefinitionReferenceId":"ACF1578","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45b7b644-5f91-498e-9d89-7402532d3645","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(9)"]},{"policyDefinitionReferenceId":"ACF1579","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e54c7ef-7457-430b-9a3e-ef8881d4a8e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(10)"]},{"policyDefinitionReferenceId":"ACF1580","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/854db8ac-6adf-42a0-bef3-b73f764f40b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1581","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/742b549b-7a25-465f-b83c-ea1ffb4f4e0e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1582","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cd9e2f38-259b-462c-bfad-0ad7ab4e65c5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1583","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0882d488-8e80-4466-bc0f-0cd15b6cb66d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1584","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5864522b-ff1d-4979-a9f8-58bee1fb174c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1585","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d57f8732-5cdc-4cda-8d27-ab148e1f3a55","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-8"]},{"policyDefinitionReferenceId":"ACF1586","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e3b2fbd-8f37-4766-a64d-3f37703dcb51","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1587","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32820956-9c6d-4376-934c-05cd8525be7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1588","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68ebae26-e0e0-4ecb-8379-aabf633b51e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1589","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86ec7f9b-9478-40ff-8cfd-6a0d510081a8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(1)"]},{"policyDefinitionReferenceId":"ACF1590","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf296b8c-f391-4ea4-9198-be3c9d39dd1f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(1)"]},{"policyDefinitionReferenceId":"ACF1591","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f751cdb7-fbee-406b-969b-815d367cb9b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(2)"]},{"policyDefinitionReferenceId":"ACF1592","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d01ba6c-289f-42fd-a408-494b355b6222","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(4)"]},{"policyDefinitionReferenceId":"ACF1593","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2cd0a426-b5f5-4fe0-9539-a6043cdbc6fa","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(5)"]},{"policyDefinitionReferenceId":"ACF1594","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/042ba2a1-8bb8-45f4-b080-c78cf62b90e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1595","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1e0414e7-6ef5-4182-8076-aa82fbb53341","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1596","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21e25e01-0ae0-41be-919e-04ce92b8e8b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1597","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68b250ec-2e4f-4eee-898a-117a9fda7016","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1598","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae7e1f5e-2d63-4b38-91ef-bce14151cce3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1599","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0004bbf0-5099-4179-869e-e9ffe5fb0945","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10(1)"]},{"policyDefinitionReferenceId":"ACF1600","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c53f3123-d233-44a7-930b-f40d3bfeb7d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1601","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1602","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ddae2e97-a449-499f-a1c8-aea4a7e52ec9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1603","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b909c26-162f-47ce-8e15-0c1f55632eac","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1604","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44dbba23-0b61-478e-89c7-b3084667782f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1605","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0062eb8b-dc75-4718-8ea5-9bb4a9606655","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(1)"]},{"policyDefinitionReferenceId":"ACF1606","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(2)"]},{"policyDefinitionReferenceId":"ACF1607","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/976a74cf-b192-4d35-8cab-2068f272addb","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(8)"]},{"policyDefinitionReferenceId":"ACF1608","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b73b7b3b-677c-4a2a-b949-ad4dc4acd89f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-12"]},{"policyDefinitionReferenceId":"ACF1609","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e93fa71-42ac-41a7-b177-efbfdc53c69f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-15"]},{"policyDefinitionReferenceId":"ACF1610","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9f3fb54-4222-46a1-a308-4874061f8491","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-15"]},{"policyDefinitionReferenceId":"ACF1611","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-16"]},{"policyDefinitionReferenceId":"ACF1612","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2037b3d-8b04-4171-8610-e6d4f1d08db5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1613","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fe2ad78b-8748-4bff-a924-f74dfca93f30","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1614","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8154e3b3-cc52-40be-9407-7756581d71f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1615","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f35e02aa-0a55-49f8-8811-8abfa7e6f2c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-1"]},{"policyDefinitionReferenceId":"ACF1616","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2006457a-48b3-4f7b-8d2e-1532287f9929","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-1"]},{"policyDefinitionReferenceId":"ACF1617","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a631d8f5-eb81-4f9d-9ee1-74431371e4a3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-2"]},{"policyDefinitionReferenceId":"ACF1618","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f52f89aa-4489-4ec4-950e-8c96a036baa9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-3"]},{"policyDefinitionReferenceId":"ACF1619","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c722e569-cb52-45f3-a643-836547d016e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-4"]},{"policyDefinitionReferenceId":"ACF1620","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d17c826b-1dec-43e1-a984-7b71c446649c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-5"]},{"policyDefinitionReferenceId":"ACF1621","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cb9f731-744a-4691-a481-ca77b0411538","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-6"]},{"policyDefinitionReferenceId":"ACF1622","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ecf56554-164d-499a-8d00-206b07c27bed","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1623","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02ce1b22-412a-4528-8630-c42146f917ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1624","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37d079e3-d6aa-4263-a069-dd7ac6dd9684","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1625","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9b66a4d-70a1-4b47-8fa1-289cec68c605","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(3)"]},{"policyDefinitionReferenceId":"ACF1626","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8f6bddd-6d67-439a-88d4-c5fe39a79341","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1627","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd73310d-76fc-422d-bda4-3a077149f179","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1628","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/67de62b4-a737-4781-8861-3baed3c35069","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1629","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c171b095-7756-41de-8644-a062a96043f2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1630","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3643717a-3897-4bfd-8530-c7c96b26b2a0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1631","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74ae9b8e-e7bb-4c9c-992f-c535282f7a2c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(5)"]},{"policyDefinitionReferenceId":"ACF1632","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ce9073a-77fa-48f0-96b1-87aa8e6091c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(7)"]},{"policyDefinitionReferenceId":"ACF1633","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/07557aa0-e02f-4460-9a81-8ecd2fed601a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(8)"]},{"policyDefinitionReferenceId":"ACF1634","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/292a7c44-37fa-4c68-af7c-9d836955ded2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(10)"]},{"policyDefinitionReferenceId":"ACF1635","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(12)"]},{"policyDefinitionReferenceId":"ACF1636","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7b694eed-7081-43c6-867c-41c76c961043","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(13)"]},{"policyDefinitionReferenceId":"ACF1637","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4075bedc-c62a-4635-bede-a01be89807f3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(18)"]},{"policyDefinitionReferenceId":"ACF1638","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/49b99653-32cd-405d-a135-e7d60a9aae1f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(20)"]},{"policyDefinitionReferenceId":"ACF1639","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/78e8e649-50f6-4fe3-99ac-fedc2e63b03f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(21)"]},{"policyDefinitionReferenceId":"ACF1640","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05a289ce-6a20-4b75-a0f3-dc8601b6acd0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8"]},{"policyDefinitionReferenceId":"ACF1641","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d39d4f68-7346-4133-8841-15318a714a24","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"ACF1642","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53397227-5ee3-4b23-9e5e-c8a767ce6928","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-10"]},{"policyDefinitionReferenceId":"ACF1643","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d8d492c-dd7a-46f7-a723-fa66a425b87c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12"]},{"policyDefinitionReferenceId":"ACF1644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7211477-c970-446b-b4af-062f37461147","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(1)"]},{"policyDefinitionReferenceId":"ACF1645","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/afbd0baf-ff1a-4447-a86f-088a97347c0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(2)"]},{"policyDefinitionReferenceId":"ACF1646","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/506814fa-b930-4b10-894e-a45b98c40e1a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(3)"]},{"policyDefinitionReferenceId":"ACF1647","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/791cfc15-6974-42a0-9f4c-2d4b82f4a78c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-13"]},{"policyDefinitionReferenceId":"ACF1648","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3a9eb14b-495a-4ebb-933c-ce4ef5264e32","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-15"]},{"policyDefinitionReferenceId":"ACF1649","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26d292cc-b0b8-4c29-9337-68abc758bf7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-15"]},{"policyDefinitionReferenceId":"ACF1650","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201d3740-bd16-4baf-b4b8-7cda352228b7","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-17"]},{"policyDefinitionReferenceId":"ACF1651","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6db63528-c9ba-491c-8a80-83e1e6977a50","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1652","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6998e84a-2d29-4e10-8962-76754d4f772d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1653","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1654","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a2ee16e-ab1f-414a-800b-d1608835862b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-19"]},{"policyDefinitionReferenceId":"ACF1655","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/121eab72-390e-4629-a7e2-6d6184f57c6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-19"]},{"policyDefinitionReferenceId":"ACF1656","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1cb067d5-c8b5-4113-a7ee-0a493633924b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-20"]},{"policyDefinitionReferenceId":"ACF1657","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90f01329-a100-43c2-af31-098996135d2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-20"]},{"policyDefinitionReferenceId":"ACF1658","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/063b540e-4bdc-4e7a-a569-3a42ddf22098","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-21"]},{"policyDefinitionReferenceId":"ACF1659","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/35a4102f-a778-4a2e-98c2-971056288df8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-22"]},{"policyDefinitionReferenceId":"ACF1660","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/63096613-ce83-43e5-96f4-e588e8813554","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-23"]},{"policyDefinitionReferenceId":"ACF1661","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c643c9a-1be7-4016-a5e7-e4bada052920","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-23(1)"]},{"policyDefinitionReferenceId":"ACF1662","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/165cb91f-7ea8-4ab7-beaf-8636b98c9d15","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-24"]},{"policyDefinitionReferenceId":"ACF1663","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60171210-6dde-40af-a144-bf2670518bfa","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28"]},{"policyDefinitionReferenceId":"ACF1664","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2cdf6b8-9505-4619-b579-309ba72037ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"ACF1665","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5df3a55c-8456-44d4-941e-175f79332512","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-39"]},{"policyDefinitionReferenceId":"ACF1666","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12e30ee3-61e6-4509-8302-a871e8ebb91e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-1"]},{"policyDefinitionReferenceId":"ACF1667","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d61880dc-6e38-4f2a-a30c-3406a98f8220","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-1"]},{"policyDefinitionReferenceId":"ACF1668","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fb0966e-be1d-42c3-baca-60df5c0bcc61","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1669","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48f2f62b-5743-4415-a143-288adc0e078d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1670","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c6108469-57ee-4666-af7e-79ba61c7ae0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1671","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c5bbef7-a316-415b-9b38-29753ce8e698","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1672","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b45fe972-904e-45a4-ac20-673ba027a301","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(1)"]},{"policyDefinitionReferenceId":"ACF1673","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dff0b90d-5a6f-491c-b2f8-b90aa402d844","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(2)"]},{"policyDefinitionReferenceId":"ACF1674","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93e9e233-dd0a-4bde-aea5-1371bce0e002","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(3)"]},{"policyDefinitionReferenceId":"ACF1675","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/facb66e0-1c48-478a-bed5-747a312323e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(3)"]},{"policyDefinitionReferenceId":"ACF1676","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c10fb58b-56a8-489e-9ce3-7ffe24e78e4b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1677","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4a248e1e-040f-43e5-bff2-afc3a57a3923","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1678","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd533cb0-b416-4be7-8e86-4d154824dfd7","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1679","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2cf42a28-193e-41c5-98df-7688e7ef0a88","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1680","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/399cd6ee-0e18-41db-9dea-cde3bd712f38","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"ACF1681","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12623e7e-4736-4b2e-b776-c1600f35f93a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(2)"]},{"policyDefinitionReferenceId":"ACF1682","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/62b638c5-29d7-404b-8d93-f21e4b1ce198","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(7)"]},{"policyDefinitionReferenceId":"ACF1683","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c79fee4-88dd-44ce-bbd4-4de88948c4f8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1684","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16bfdb59-db38-47a5-88a9-2e9371a638cf","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1685","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36b0ef30-366f-4b1b-8652-a3511df11f53","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1686","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e17085c5-0be8-4423-b39b-a52d3d1402e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1687","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a87fc7f-301e-49f3-ba2a-4d74f424fa97","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1688","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/063c3f09-e0f0-4587-8fd5-f4276fae675f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1689","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/de901f2f-a01a-4456-97f0-33cda7966172","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1690","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2567a23-d1c3-4783-99f3-d471302a4d6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(1)"]},{"policyDefinitionReferenceId":"ACF1691","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/71475fb4-49bd-450b-a1a5-f63894c24725","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(2)"]},{"policyDefinitionReferenceId":"ACF1692","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ecda928-9df4-4dd7-8f44-641a91e470e8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(4)"]},{"policyDefinitionReferenceId":"ACF1693","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a450eba6-2efc-4a00-846a-5804a93c6b77","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(5)"]},{"policyDefinitionReferenceId":"ACF1694","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/426c4ac9-ff17-49d0-acd7-a13c157081c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(11)"]},{"policyDefinitionReferenceId":"ACF1695","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13fcf812-ec82-4eda-9b89-498de9efd620","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(14)"]},{"policyDefinitionReferenceId":"ACF1696","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69d2a238-20ab-4206-a6dc-f302bf88b1b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(16)"]},{"policyDefinitionReferenceId":"ACF1697","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9873db2-18ad-46b3-a11a-1a1f8cbf0335","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(18)"]},{"policyDefinitionReferenceId":"ACF1698","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/31b752c1-05a9-432a-8fce-c39b56550119","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(19)"]},{"policyDefinitionReferenceId":"ACF1699","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69c7bee8-bc19-4129-a51e-65a7b39d3e7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(20)"]},{"policyDefinitionReferenceId":"ACF1700","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(22)"]},{"policyDefinitionReferenceId":"ACF1701","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f25bc08f-27cb-43b6-9a23-014d00700426","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(23)"]},{"policyDefinitionReferenceId":"ACF1702","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4dfc0855-92c4-4641-b155-a55ddd962362","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(24)"]},{"policyDefinitionReferenceId":"ACF1703","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/804faf7d-b687-40f7-9f74-79e28adf4205","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1704","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d44b6fa-1134-4ea6-ad4e-9edb68f65429","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1705","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f82e3639-fa2b-4e06-a786-932d8379b972","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1706","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f475ee0e-f560-4c9b-876b-04a77460a404","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1707","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd4a2ac8-868a-4702-a345-6c896c3361ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5(1)"]},{"policyDefinitionReferenceId":"ACF1708","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a1e2c88-13de-4959-8ee7-47e3d74f1f48","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1709","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/025992d6-7fee-4137-9bbf-2ffc39c0686c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1710","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af2a93c8-e6dd-4c94-acdd-4a2eedfc478e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1711","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b083a535-a66a-41ec-ba7f-f9498bf67cde","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1712","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44e543aa-41db-42aa-98eb-8a5eb1db53f0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7"]},{"policyDefinitionReferenceId":"ACF1713","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d87c70b-5012-48e9-994b-e70dd4b8def0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(1)"]},{"policyDefinitionReferenceId":"ACF1714","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e12494fa-b81e-4080-af71-7dbacc2da0ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(2)"]},{"policyDefinitionReferenceId":"ACF1715","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd469ae0-71a8-4adc-aafc-de6949ca3339","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(5)"]},{"policyDefinitionReferenceId":"ACF1716","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e54c325e-42a0-4dcf-b105-046e0f6f590f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(7)"]},{"policyDefinitionReferenceId":"ACF1717","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(14)"]},{"policyDefinitionReferenceId":"ACF1718","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0dced7ab-9ce5-4137-93aa-14c13e06ab17","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(14)"]},{"policyDefinitionReferenceId":"ACF1719","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c13da9b4-fe14-4fe2-853a-5997c9d4215a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8"]},{"policyDefinitionReferenceId":"ACF1720","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44b9a7cd-f36a-491a-a48b-6d04ae7c4221","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8"]},{"policyDefinitionReferenceId":"ACF1721","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8(1)"]},{"policyDefinitionReferenceId":"ACF1722","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1da06bd-25b6-4127-a301-c313d6873fff","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8(2)"]},{"policyDefinitionReferenceId":"ACF1723","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e91927a0-ac1d-44a0-95f8-5185f9dfce9f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-10"]},{"policyDefinitionReferenceId":"ACF1724","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d07594d1-0307-4c08-94db-5d71ff31f0f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-11"]},{"policyDefinitionReferenceId":"ACF1725","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/afc234b5-456b-4aa5-b3e2-ce89108124cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-11"]},{"policyDefinitionReferenceId":"ACF1726","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/baff1279-05e0-4463-9a70-8ba5de4c7aa4","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-12"]},{"policyDefinitionReferenceId":"ACF1727","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/697175a7-9715-4e89-b98b-c6f605888fa3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-16"]}],"policyDefinitionGroups":[{"name":"NIST_SP_800-53_R4_AC-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-1"},{"name":"NIST_SP_800-53_R4_AC-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-10"},{"name":"NIST_SP_800-53_R4_AC-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-11(1)"},{"name":"NIST_SP_800-53_R4_AC-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-11"},{"name":"NIST_SP_800-53_R4_AC-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-12(1)"},{"name":"NIST_SP_800-53_R4_AC-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-12"},{"name":"NIST_SP_800-53_R4_AC-14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-14"},{"name":"NIST_SP_800-53_R4_AC-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_
+ AC-16"},{"name":"NIST_SP_800-53_R4_AC-17(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(1)"},{"name":"NIST_SP_800-53_R4_AC-17(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(2)"},{"name":"NIST_SP_800-53_R4_AC-17(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(3)"},{"name":"NIST_SP_800-53_R4_AC-17(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(4)"},{"name":"NIST_SP_800-53_R4_AC-17(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(9)"},{"name":"NIST_SP_800-53_R4_AC-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17"},{"name":"NIST_SP_800-53_R4_AC-18(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(1)"},{"name":"NIST_SP_800-53_R4_AC-18(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(3)"},{"name":"NIST_SP_800-53_R4_AC-18(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(4)"},{"name":"NIST_SP_800-53_R4_AC-18(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(5)"},{"name":"NIST_SP_800-53_R4_AC-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18"},{"name":"NIST_SP_800-53_R4_AC-19(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-19(5)"},{"name":"NIST_SP_800-53_R4_AC-19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-19"},{"name":"NIST_SP_800-53_R4_AC-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(1)"},{"name":"NIST_SP_800-53_R4_AC-2(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(10)"},{"name":"NIST_SP_800-53_R4_AC-2(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(11)"},{"name":"NIST_SP_800-53_R4_AC-2(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(12)"},{"name":"NIST_SP_800-53_R4_AC-2(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(13)"},{"name":"NIST_SP_800-53_R4_AC-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(2)"},{"name":"NIST_SP_800-53_R4_AC-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(3)"},{"name":"NIST_SP_800-53_R4_AC-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(4)"},{"name":"NIST_SP_800-53_R4_AC-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(5)"},{"name":"NIST_SP_800-53_R4_AC-2(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(7)"},{"name":"NIST_SP_800-53_R4_AC-2(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(9)"},{"name":"NIST_SP_800-53_R4_AC-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2"},{"name":"NIST_SP_800-53_R4_AC-20(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20(1)"},{"name":"NIST_SP_800-53_R4_AC-20(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20(2)"},{"name":"NIST_SP_800-53_R4_AC-20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20"},{"name":"NIST_SP_800-53_R4_AC-21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-21"},{"name":"NIST_SP_800-53_R4_AC-22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-22"},{"name":"NIST_SP_800-53_R4_AC-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-3"},{"name":"NIST_SP_800-53_R4_AC-4(21)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4(21)"},{"name":"NIST_SP_800-53_R4_AC-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4(8)"},{"name":"NIST_SP_800-53_R4_AC-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4"},{"name":"NIST_SP_800-53_R4_AC-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-5"},{"name":"NIST_SP_800-53_R4_AC-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(1)"},{"name":"NIST_SP_800-53_R4_AC-6(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(10)"},{"name":"NIST_SP_800-53_R4_AC-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(2)"},{"name":"NIST_SP_800-53_R4_AC-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(3)"},{"name":"NIST_SP_800-53_R4_AC-6(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(5)"},{"name":"NIST_SP_800-53_R4_AC-6(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(7)"},{"name":"NIST_SP_800-53_R4_AC-6(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(8)"},{"name":"NIST_SP_800-53_R4_AC-6(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(9)"},{"name":"NIST_SP_800-53_R4_AC-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6"},{"name":"NIST_SP_800-53_R4_AC-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-7(2)"},{"name":"NIST_SP_800-53_R4_AC-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-7"},{"name":"NIST_SP_800-53_R4_AC-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-8"},{"name":"NIST_SP_800-53_R4_AT-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-1"},{"name":"NIST_SP_800-53_R4_AT-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-2(2)"},{"name":"NIST_SP_800-53_R4_AT-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-2"},{"name":"NIST_SP_800-53_R4_AT-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3(3)"},{"name":"NIST_SP_800-53_R4_AT-3(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3(4)"},{"name":"NIST_SP_800-53_R4_AT-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3"},{"name":"NIST_SP_800-53_R4_AT-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-4"},{"name":"NIST_SP_800-53_R4_AU-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-1"},{"name":"NIST_SP_800-53_R4_AU-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-10"},{"name":"NIST_SP_800-53_R4_AU-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-11"},{"name":"NIST_SP_800-53_R4_AU-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12(1)"},{"name":"NIST_SP_800-53_R4_AU-12(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12(3)"},{"name":"NIST_SP_800-53_R4_AU-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12"},{"name":"NIST_SP_800-53_R4_AU-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-2(3)"},{"name":"NIST_SP_800-53_R4_AU-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-2"},{"name":"NIST_SP_800-53_R4_AU-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3(1)"},{"name":"NIST_SP_800-53_R4_AU-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3(2)"},{"name":"NIST_SP_800-53_R4_AU-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3"},{"name":"NIST_SP_800-53_R4_AU-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-4"},{"name":"NIST_SP_800-53_R4_AU-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5(1)"},{"name":"NIST_SP_800-53_R4_AU-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5(2)"},{"name":"NIST_SP_800-53_R4_AU-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5"},{"name":"NIST_SP_800-53_R4_AU-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(1)"},{"name":"NIST_SP_800-53_R4_AU-6(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(10)"},{"name":"NIST_SP_800-53_R4_AU-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(3)"},{"name":"NIST_SP_800-53_R4_AU-6(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(4)"},{"name":"NIST_SP_800-53_R4_AU-6(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(5)"},{"name":"NIST_SP_800-53_R4_AU-6(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(6)"},{"name":"NIST_SP_800-53_R4_AU-6(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(7)"},{"name":"NIST_SP_800-53_R4_AU-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6"},{"name":"NIST_SP_800-53_R4_AU-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-7(1)"},{"name":"NIST_SP_800-53_R4_AU-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-7"},{"name":"NIST_SP_800-53_R4_AU-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-8(1)"},{"name":"NIST_SP_800-53_R4_AU-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-8"},{"name":"NIST_SP_800-53_R4_AU-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(2)"},{"name":"NIST_SP_800-53_R4_AU-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(3)"},{"name":"NIST_SP_800-53_R4_AU-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(4)"},{"name":"NIST_SP_800-53_R4_AU-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9"},{"name":"NIST_SP_800-53_R4_CA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-1"},{"name":"NIST_SP_800-53_R4_CA-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(1)"},{"name":"NIST_SP_800-53_R4_CA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(2)"},{"name":"NIST_SP_800-53_R4_CA-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(3)"},{"name":"NIST_SP_800-53_R4_CA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2"},{"name":"NIST_SP_800-53_R4_CA-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3(3)"},{"name":"NIST_SP_800-53_R4_CA-3(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3(5)"},{"name":"NIST_SP_800-53_R4_CA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3"},{"name":"NIST_SP_800-53_R4_CA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-5"},{"name":"NIST_SP_800-53_R4_CA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-6"},{"name":"NIST_SP_800-53_R4_CA-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7(1)"},{"name":"NIST_SP_800-53_R4_CA-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7(3)"},{"name":"NIST_SP_800-53_R4_CA-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7"},{"name":"NIST_SP_800-53_R4_CA-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-8(1)"},{"name":"NIST_SP_800-53_R4_CA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-8"},{"name":"NIST_SP_800-53_R4_CA-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-9"},{"name":"NIST_SP_800-53_R4_CM-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-1"},{"name":"NIST_SP_800-53_R4_CM-10(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-10(1)"},{"name":"NIST_SP_800-53_R4_CM-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-10"},{"name":"NIST_SP_800-53_R4_CM-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-11(1)"},{"name":"NIST_SP_800-53_R4_CM-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-11"},{"name":"NIST_SP_800-53_R4_CM-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(1)"},{"name":"NIST_SP_800-53_R4_CM-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(2)"},{"name":"NIST_SP_800-53_R4_CM-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(3)"},{"name":"NIST_SP_800-53_R4_CM-2(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(7)"},{"name":"NIST_SP_800-53_R4_CM-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2"},{"name":"NIST_SP_800-53_R4_CM-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(1)"},{"name":"NIST_SP_800-53_R4_CM-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(2)"},{"name":"NIST_SP_800-53_R4_CM-3(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(4)"},{"name":"NIST_SP_800-53_R4_CM-3(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(6)"},{"name":"NIST_SP_800-53_R4_CM-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3"},{"name":"NIST_SP_800-53_R4_CM-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-4(1)"},{"name":"NIST_SP_800-53_R4_CM-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-4"},{"name":"NIST_SP_800-53_R4_CM-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(1)"},{"name":"NIST_SP_800-53_R4_CM-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(2)"},{"name":"NIST_SP_800-53_R4_CM-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(3)"},{"name":"NIST_SP_800-53_R4_CM-5(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(5)"},{"name":"NIST_SP_800-53_R4_CM-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5"},{"name":"NIST_SP_800-53_R4_CM-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6(1)"},{"name":"NIST_SP_800-53_R4_CM-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6(2)"},{"name":"NIST_SP_800-53_R4_CM-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6"},{"name":"NIST_SP_800-53_R4_CM-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(1)"},{"name":"NIST_SP_800-53_R4_CM-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(2)"},{"name":"NIST_SP_800-53_R4_CM-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(5)"},{"name":"NIST_SP_800-53_R4_CM-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7"},{"name":"NIST_SP_800-53_R4_CM-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(1)"},{"name":"NIST_SP_800-53_R4_CM-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(2)"},{"name":"NIST_SP_800-53_R4_CM-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(3)"},{"name":"NIST_SP_800-53_R4_CM-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(4)"},{"name":"NIST_SP_800-53_R4_CM-8(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(5)"},{"name":"NIST_SP_800-53_R4_CM-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8"},{"name":"NIST_SP_800-53_R4_CM-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-9"},{"name":"NIST_SP_800-53_R4_CP-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-1"},{"name":"NIST_SP_800-53_R4_CP-10(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10(2)"},{"name":"NIST_SP_800-53_R4_CP-10(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10(4)"},{"name":"NIST_SP_800-53_R4_CP-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10"},{"name":"NIST_SP_800-53_R4_CP-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(1)"},{"name":"NIST_SP_800-53_R4_CP-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(2)"},{"name":"NIST_SP_800-53_R4_CP-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(3)"},{"name":"NIST_SP_800-53_R4_CP-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(4)"},{"name":"NIST_SP_800-53_R4_CP-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(5)"},{"name":"NIST_SP_800-53_R4_CP-2(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(8)"},{"name":"NIST_SP_800-53_R4_CP-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2"},{"name":"NIST_SP_800-53_R4_CP-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-3(1)"},{"name":"NIST_SP_800-53_R4_CP-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-3"},{"name":"NIST_SP_800-53_R4_CP-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4(1)"},{"name":"NIST_SP_800-53_R4_CP-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4(2)"},{"name":"NIST_SP_800-53_R4_CP-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4"},{"name":"NIST_SP_800-53_R4_CP-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(1)"},{"name":"NIST_SP_800-53_R4_CP-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(2)"},{"name":"NIST_SP_800-53_R4_CP-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(3)"},{"name":"NIST_SP_800-53_R4_CP-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6"},{"name":"NIST_SP_800-53_R4_CP-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(1)"},{"name":"NIST_SP_800-53_R4_CP-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(2)"},{"name":"NIST_SP_800-53_R4_CP-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(3)"},{"name":"NIST_SP_800-53_R4_CP-7(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(4)"},{"name":"NIST_SP_800-53_R4_CP-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7"},{"name":"NIST_SP_800-53_R4_CP-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(1)"},{"name":"NIST_SP_800-53_R4_CP-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(2)"},{"name":"NIST_SP_800-53_R4_CP-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(3)"},{"name":"NIST_SP_800-53_R4_CP-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(4)"},{"name":"NIST_SP_800-53_R4_CP-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8"},{"name":"NIST_SP_800-53_R4_CP-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(1)"},{"name":"NIST_SP_800-53_R4_CP-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(2)"},{"name":"NIST_SP_800-53_R4_CP-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(3)"},{"name":"NIST_SP_800-53_R4_CP-9(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(5)"},{"name":"NIST_SP_800-53_R4_CP-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9"},{"name":"NIST_SP_800-53_R4_IA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-1"},{"name":"NIST_SP_800-53_R4_IA-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(1)"},{"name":"NIST_SP_800-53_R4_IA-2(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(11)"},{"name":"NIST_SP_800-53_R4_IA-2(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(12)"},{"name":"NIST_SP_800-53_R4_IA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(2)"},{"name":"NIST_SP_800-53_R4_IA-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(3)"},{"name":"NIST_SP_800-53_R4_IA-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(4)"},{"name":"NIST_SP_800-53_R4_IA-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(5)"},{"name":"NIST_SP_800-53_R4_IA-2(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(8)"},{"name":"NIST_SP_800-53_R4_IA-2(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(9)"},{"name":"NIST_SP_800-53_R4_IA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2"},{"name":"NIST_SP_800-53_R4_IA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-3"},{"name":"NIST_SP_800-53_R4_IA-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-4(4)"},{"name":"NIST_SP_800-53_R4_IA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-4"},{"name":"NIST_SP_800-53_R4_IA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(1)"},{"name":"NIST_SP_800-53_R4_IA-5(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(11)"},{"name":"NIST_SP_800-53_R4_IA-5(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(13)"},{"name":"NIST_SP_800-53_R4_IA-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(2)"},{"name":"NIST_SP_800-53_R4_IA-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(3)"},{"name":"NIST_SP_800-53_R4_IA-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(4)"},{"name":"NIST_SP_800-53_R4_IA-5(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(6)"},{"name":"NIST_SP_800-53_R4_IA-5(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(7)"},{"name":"NIST_SP_800-53_R4_IA-5(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(8)"},{"name":"NIST_SP_800-53_R4_IA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5"},{"name":"NIST_SP_800-53_R4_IA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-6"},{"name":"NIST_SP_800-53_R4_IA-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-7"},{"name":"NIST_SP_800-53_R4_IA-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(1)"},{"name":"NIST_SP_800-53_R4_IA-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(2)"},{"name":"NIST_SP_800-53_R4_IA-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(3)"},{"name":"NIST_SP_800-53_R4_IA-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(4)"},{"name":"NIST_SP_800-53_R4_IA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8"},{"name":"NIST_SP_800-53_R4_IR-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-1"},{"name":"NIST_SP_800-53_R4_IR-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2(1)"},{"name":"NIST_SP_800-53_R4_IR-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2(2)"},{"name":"NIST_SP_800-53_R4_IR-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2"},{"name":"NIST_SP_800-53_R4_IR-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-3(2)"},{"name":"NIST_SP_800-53_R4_IR-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-3"},{"name":"NIST_SP_800-53_R4_IR-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(1)"},{"name":"NIST_SP_800-53_R4_IR-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(2)"},{"name":"NIST_SP_800-53_R4_IR-4(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(3)"},{"name":"NIST_SP_800-53_R4_IR-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(4)"},{"name":"NIST_SP_800-53_R4_IR-4(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(6)"},{"name":"NIST_SP_800-53_R4_IR-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(8)"},{"name":"NIST_SP_800-53_R4_IR-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4"},{"name":"NIST_SP_800-53_R4_IR-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-5(1)"},{"name":"NIST_SP_800-53_R4_IR-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-5"},{"name":"NIST_SP_800-53_R4_IR-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-6(1)"},{"name":"NIST_SP_800-53_R4_IR-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-6"},{"name":"NIST_SP_800-53_R4_IR-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7(1)"},{"name":"NIST_SP_800-53_R4_IR-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7(2)"},{"name":"NIST_SP_800-53_R4_IR-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7"},{"name":"NIST_SP_800-53_R4_IR-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-8"},{"name":"NIST_SP_800-53_R4_IR-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(1)"},{"name":"NIST_SP_800-53_R4_IR-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(2)"},{"name":"NIST_SP_800-53_R4_IR-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(3)"},{"name":"NIST_SP_800-53_R4_IR-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(4)"},{"name":"NIST_SP_800-53_R4_IR-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9"},{"name":"NIST_SP_800-53_R4_MA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-1"},{"name":"NIST_SP_800-53_R4_MA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-2(2)"},{"name":"NIST_SP_800-53_R4_MA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-2"},{"name":"NIST_SP_800-53_R4_MA-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(1)"},{"name":"NIST_SP_800-53_R4_MA-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(2)"},{"name":"NIST_SP_800-53_R4_MA-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(3)"},{"name":"NIST_SP_800-53_R4_MA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3"},{"name":"NIST_SP_800-53_R4_MA-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(2)"},{"name":"NIST_SP_800-53_R4_MA-4(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(3)"},{"name":"NIST_SP_800-53_R4_MA-4(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(6)"},{"name":"NIST_SP_800-53_R4_MA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4"},{"name":"NIST_SP_800-53_R4_MA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-5(1)"},{"name":"NIST_SP_800-53_R4_MA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-5"},{"name":"NIST_SP_800-53_R4_MA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-6"},{"name":"NIST_SP_800-53_R4_MP-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-1"},{"name":"NIST_SP_800-53_R4_MP-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-2"},{"name":"NIST_SP_800-53_R4_MP-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-3"},{"name":"NIST_SP_800-53_R4_MP-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-4"},{"name":"NIST_SP_800-53_R4_MP-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-5(4)"},{"name":"NIST_SP_800-53_R4_MP-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-5"},{"name":"NIST_SP_800-53_R4_MP-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(1)"},{"name":"NIST_SP_800-53_R4_MP-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(2)"},{"name":"NIST_SP_800-53_R4_MP-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(3)"},{"name":"NIST_SP_800-53_R4_MP-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6"},{"name":"NIST_SP_800-53_R4_MP-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-7(1)"},{"name":"NIST_SP_800-53_R4_MP-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-7"},{"name":"NIST_SP_800-53_R4_PE-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-1"},{"name":"NIST_SP_800-53_R4_PE-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-10"},{"name":"NIST_SP_800-53_R4_PE-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-11(1)"},{"name":"NIST_SP_800-53_R4_PE-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-11"},{"name":"NIST_SP_800-53_R4_PE-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-12"},{"name":"NIST_SP_800-53_R4_PE-13(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(1)"},{"name":"NIST_SP_800-53_R4_PE-13(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(2)"},{"name":"NIST_SP_800-53_R4_PE-13(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(3)"},{"name":"NIST_SP_800-53_R4_PE-13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13"},{"name":"NIST_SP_800-53_R4_PE-14(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-14(2)"},{"name":"NIST_SP_800-53_R4_PE-14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-14"},{"name":"NIST_SP_800-53_R4_PE-15(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-15(1)"},{"name":"NIST_SP_800-53_R4_PE-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-15"},{"name":"NIST_SP_800-53_R4_PE-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-16"},{"name":"NIST_SP_800-53_R4_PE-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-17"},{"name":"NIST_SP_800-53_R4_PE-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-18"},{"name":"NIST_SP_800-53_R4_PE-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-2"},{"name":"NIST_SP_800-53_R4_PE-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-3(1)"},{"name":"NIST_SP_800-53_R4_PE-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-3"},{"name":"NIST_SP_800-53_R4_PE-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-4"},{"name":"NIST_SP_800-53_R4_PE-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-5"},{"name":"NIST_SP_800-53_R4_PE-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6(1)"},{"name":"NIST_SP_800-53_R4_PE-6(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6(4)"},{"name":"NIST_SP_800-53_R4_PE-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6"},{"name":"NIST_SP_800-53_R4_PE-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-8(1)"},{"name":"NIST_SP_800-53_R4_PE-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-8"},{"name":"NIST_SP_800-53_R4_PE-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-9"},{"name":"NIST_SP_800-53_R4_PL-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-1"},{"name":"NIST_SP_800-53_R4_PL-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-2(3)"},{"name":"NIST_SP_800-53_R4_PL-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-2"},{"name":"NIST_SP_800-53_R4_PL-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-4(1)"},{"name":"NIST_SP_800-53_R4_PL-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-4"},{"name":"NIST_SP_800-53_R4_PL-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-8"},{"name":"NIST_SP_800-53_R4_PS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-1"},{"name":"NIST_SP_800-53_R4_PS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-2"},{"name":"NIST_SP_800-53_R4_PS-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-3(3)"},{"name":"NIST_SP_800-53_R4_PS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-3"},{"name":"NIST_SP_800-53_R4_PS-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-4(2)"},{"name":"NIST_SP_800-53_R4_PS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-4"},{"name":"NIST_SP_800-53_R4_PS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-5"},{"name":"NIST_SP_800-53_R4_PS-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-6"},{"name":"NIST_SP_800-53_R4_PS-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-7"},{"name":"NIST_SP_800-53_R4_PS-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-8"},{"name":"NIST_SP_800-53_R4_RA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-1"},{"name":"NIST_SP_800-53_R4_RA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-2"},{"name":"NIST_SP_800-53_R4_RA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-3"},{"name":"NIST_SP_800-53_R4_RA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(1)"},{"name":"NIST_SP_800-53_R4_RA-5(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(10)"},{"name":"NIST_SP_800-53_R4_RA-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(2)"},{"name":"NIST_SP_800-53_R4_RA-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(3)"},{"name":"NIST_SP_800-53_R4_RA-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(4)"},{"name":"NIST_SP_800-53_R4_RA-5(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(5)"},{"name":"NIST_SP_800-53_R4_RA-5(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(6)"},{"name":"NIST_SP_800-53_R4_RA-5(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(8)"},{"name":"NIST_SP_800-53_R4_RA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5"},{"name":"NIST_SP_800-53_R4_SA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-1"},{"name":"NIST_SP_800-53_R4_SA-10(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-10(1)"},{"name":"NIST_SP_800-53_R4_SA-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-10"},{"name":"NIST_SP_800-53_R4_SA-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(1)"},{"name":"NIST_SP_800-53_R4_SA-11(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(2)"},{"name":"NIST_SP_800-53_R4_SA-11(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(8)"},{"name":"NIST_SP_800-53_R4_SA-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11"},{"name":"NIST_SP_800-53_R4_SA-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-12"},{"name":"NIST_SP_800-53_R4_SA-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-15"},{"name":"NIST_SP_800-53_R4_SA-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-16"},{"name":"NIST_SP_800-53_R4_SA-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-17"},{"name":"NIST_SP_800-53_R4_SA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-2"},{"name":"NIST_SP_800-53_R4_SA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-3"},{"name":"NIST_SP_800-53_R4_SA-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(1)"},{"name":"NIST_SP_800-53_R4_SA-4(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(10)"},{"name":"NIST_SP_800-53_R4_SA-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(2)"},{"name":"NIST_SP_800-53_R4_SA-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(8)"},{"name":"NIST_SP_800-53_R4_SA-4(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(9)"},{"name":"NIST_SP_800-53_R4_SA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4"},{"name":"NIST_SP_800-53_R4_SA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-5"},{"name":"NIST_SP_800-53_R4_SA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-8"},{"name":"NIST_SP_800-53_R4_SA-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(1)"},{"name":"NIST_SP_800-53_R4_SA-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(2)"},{"name":"NIST_SP_800-53_R4_SA-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(4)"},{"name":"NIST_SP_800-53_R4_SA-9(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(5)"},{"name":"NIST_SP_800-53_R4_SA-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9"},{"name":"NIST_SP_800-53_R4_SC-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-1"},{"name":"NIST_SP_800-53_R4_SC-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-10"},{"name":"NIST_SP_800-53_R4_SC-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(1)"},{"name":"NIST_SP_800-53_R4_SC-12(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(2)"},{"name":"NIST_SP_800-53_R4_SC-12(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(3)"},{"name":"NIST_SP_800-53_R4_SC-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12"},{"name":"NIST_SP_800-53_R4_SC-13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-13"},{"name":"NIST_SP_800-53_R4_SC-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-15"},{"name":"NIST_SP_800-53_R4_SC-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-17"},{"name":"NIST_SP_800-53_R4_SC-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-18"},{"name":"NIST_SP_800-53_R4_SC-19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-19"},{"name":"NIST_SP_800-53_R4_SC-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-2"},{"name":"NIST_SP_800-53_R4_SC-20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-20"},{"name":"NIST_SP_800-53_R4_SC-21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-21"},{"name":"NIST_SP_800-53_R4_SC-22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-22"},{"name":"NIST_SP_800-53_R4_SC-23(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-23(1)"},{"name":"NIST_SP_800-53_R4_SC-23","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-23"},{"name":"NIST_SP_800-53_R4_SC-24","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-24"},{"name":"NIST_SP_800-53_R4_SC-28(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-28(1)"},{"name":"NIST_SP_800-53_R4_SC-28","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-28"},{"name":"NIST_SP_800-53_R4_SC-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-3"},{"name":"NIST_SP_800-53_R4_SC-39","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-39"},{"name":"NIST_SP_800-53_R4_SC-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-4"},{"name":"NIST_SP_800-53_R4_SC-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-5"},{"name":"NIST_SP_800-53_R4_SC-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-6"},{"name":"NIST_SP_800-53_R4_SC-7(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(10)"},{"name":"NIST_SP_800-53_R4_SC-7(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(12)"},{"name":"NIST_SP_800-53_R4_SC-7(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(13)"},{"name":"NIST_SP_800-53_R4_SC-7(18)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(18)"},{"name":"NIST_SP_800-53_R4_SC-7(20)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(20)"},{"name":"NIST_SP_800-53_R4_SC-7(21)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(21)"},{"name":"NIST_SP_800-53_R4_SC-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(3)"},{"name":"NIST_SP_800-53_R4_SC-7(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(4)"},{"name":"NIST_SP_800-53_R4_SC-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(5)"},{"name":"NIST_SP_800-53_R4_SC-7(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(7)"},{"name":"NIST_SP_800-53_R4_SC-7(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(8)"},{"name":"NIST_SP_800-53_R4_SC-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7"},{"name":"NIST_SP_800-53_R4_SC-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-8(1)"},{"name":"NIST_SP_800-53_R4_SC-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-8"},{"name":"NIST_SP_800-53_R4_SI-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-1"},{"name":"NIST_SP_800-53_R4_SI-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-10"},{"name":"NIST_SP_800-53_R4_SI-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-11"},{"name":"NIST_SP_800-53_R4_SI-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-12"},{"name":"NIST_SP_800-53_R4_SI-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-16"},{"name":"NIST_SP_800-53_R4_SI-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(1)"},{"name":"NIST_SP_800-53_R4_SI-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(2)"},{"name":"NIST_SP_800-53_R4_SI-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(3)"},{"name":"NIST_SP_800-53_R4_SI-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2"},{"name":"NIST_SP_800-53_R4_SI-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(1)"},{"name":"NIST_SP_800-53_R4_SI-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(2)"},{"name":"NIST_SP_800-53_R4_SI-3(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(7)"},{"name":"NIST_SP_800-53_R4_SI-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3"},{"name":"NIST_SP_800-53_R4_SI-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(1)"},{"name":"NIST_SP_800-53_R4_SI-4(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(11)"},{"name":"NIST_SP_800-53_R4_SI-4(14)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(14)"},{"name":"NIST_SP_800-53_R4_SI-4(16)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(16)"},{"name":"NIST_SP_800-53_R4_SI-4(18)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(18)"},{"name":"NIST_SP_800-53_R4_SI-4(19)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(19)"},{"name":"NIST_SP_800-53_R4_SI-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(2)"},{"name":"NIST_SP_800-53_R4_SI-4(20)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(20)"},{"name":"NIST_SP_800-53_R4_SI-4(22)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(22)"},{"name":"NIST_SP_800-53_R4_SI-4(23)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(23)"},{"name":"NIST_SP_800-53_R4_SI-4(24)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(24)"},{"name":"NIST_SP_800-53_R4_SI-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(4)"},{"name":"NIST_SP_800-53_R4_SI-4(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(5)"},{"name":"NIST_SP_800-53_R4_SI-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4"},{"name":"NIST_SP_800-53_R4_SI-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-5(1)"},{"name":"NIST_SP_800-53_R4_SI-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-5"},{"name":"NIST_SP_800-53_R4_SI-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-6"},{"name":"NIST_SP_800-53_R4_SI-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(1)"},{"name":"NIST_SP_800-53_R4_SI-7(14)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(14)"},{"name":"NIST_SP_800-53_R4_SI-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(2)"},{"name":"NIST_SP_800-53_R4_SI-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(5)"},{"name":"NIST_SP_800-53_R4_SI-7(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(7)"},{"name":"NIST_SP_800-53_R4_SI-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7"},{"name":"NIST_SP_800-53_R4_SI-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8(1)"},{"name":"NIST_SP_800-53_R4_SI-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8(2)"},{"name":"NIST_SP_800-53_R4_SI-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f","type":"Microsoft.Authorization/policySetDefinitions","name":"cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f"},{"properties":{"displayName":"[Preview]:
+ Audit FedRAMP High controls and deploy specific VM Extensions to support audit
+ requirements","policyType":"BuiltIn","description":"This initiative includes
+ audit and VM Extension deployment policies that address a subset of FedRAMP
+ H controls. Additional policies will be added in upcoming releases. For more
+ information, please visit https://aka.ms/fedramph-blueprint.","metadata":{"category":"Regulatory
+ Compliance","preview":true},"parameters":{"listOfAllowedLocationsForResourcesAndResourceGroups":{"type":"Array","metadata":{"displayName":"Allowed
+ locations for resources and resource groups","description":"This policy enables
+ you to restrict the locations your organization can create resource groups
+ in or deploy resources. Use to enforce your geo-compliance requirements. Excludes
+ resource groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources
+ that use the ''global'' region.","strongType":"location"}},"membersToIncludeInAdministratorsLocalGroup":{"type":"String","metadata":{"displayName":"Members
+ to be included in the Administrators local group","description":"A semicolon-separated
+ list of members that should be included in the Administrators local group.
+ Ex: Administrator; myUser1; myUser2"}},"membersToExcludeInAdministratorsLocalGroup":{"type":"String","metadata":{"displayName":"Members
+ that should be excluded in the Administrators local group","description":"A
+ semicolon-separated list of members that should be excluded in the Administrators
+ local group. Ex: Administrator; myUser1; myUser2"}},"logAnalyticsWorkspaceIdForVMs":{"type":"String","metadata":{"displayName":"Log
+ Analytics Workspace Id that VMs should be configured for","description":"This
+ is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured
+ for."}},"listOfResourceTypes":{"type":"Array","metadata":{"displayName":"List
+ of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerability
+ assessment should be enabled on your SQL managed instances","description":"Audit
+ SQL managed instances which do not have recurring vulnerability assessment
+ scans enabled. Vulnerability assessment can discover, track, and help you
+ remediate potential database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vulnerabilityAssessmentOnServerMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerability
+ assessment should be enabled on your SQL servers","description":"Audit Azure
+ SQL servers which do not have recurring vulnerability assessment scans enabled.
+ Vulnerability assessment can discover, track, and help you remediate potential
+ database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vulnerabilityAssessmentOnVirtualMachinesEffect":{"type":"String","metadata":{"displayName":"Vulnerability
+ Assessment should be enabled on Virtual Machines","description":"Monitors
+ vulnerabilities detected by Azure Security Center Vulnerability Assessment
+ on Virtual Machines"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"geoRedundancyEnabledForStorageAccountsEffect":{"type":"String","metadata":{"displayName":"Geo-redundant
+ storage should be enabled for Storage Accounts","description":"This policy
+ audits any Storage Account with geo-redundant storage not enabled."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"geoRedundancyEnabledForAzureDatabaseForMariaDBEffect":{"type":"String","metadata":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for MariaDB","description":"This
+ policy audits any Azure Database for MariaDB with geo-redundant backup not
+ enabled."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"geoRedundancyEnabledForAzureDatabaseForMySQLEffect":{"type":"String","metadata":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for MySQL","description":"This
+ policy audits any Azure Database for MySQL with geo-redundant backup not enabled."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"geoRedundancyEnabledForAzureDatabaseForPostgreSQLEffect":{"type":"String","metadata":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for PostgreSQL","description":"This
+ policy audits any Azure Database for PostgreSQL with geo-redundant backup
+ not enabled."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"adaptiveNetworkHardeningsMonitoringEffect":{"type":"String","metadata":{"displayName":"Network
+ Security Group Rules for Internet facing virtual machines should be hardened","description":"Enable
+ or disable the monitoring of Internet-facing virtual machines for Network
+ Security Group traffic hardening recommendations"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppEnforceHttpsMonitoringEffect":{"type":"String","metadata":{"displayName":"Web
+ Application should only be accessible over HTTPS","description":"Enable or
+ disable the monitoring of the use of HTTPS in Web App"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"functionAppEnforceHttpsMonitoringEffect":{"type":"String","metadata":{"displayName":"Function
+ App should only be accessible over HTTPS","description":"Enable or disable
+ the monitoring of the use of HTTPS in function App"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"External
+ accounts with write permissions should be removed from your subscription","description":"Enable
+ or disable the monitoring of external acounts with write permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"External
+ accounts with read permissions should be removed from your subscription","description":"Enable
+ or disable the monitoring of external acounts with read permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"External
+ accounts with owner permissions should be removed from your subscription","description":"Enable
+ or disable the monitoring of external acounts with owner permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"Deprecated
+ accounts with owner permissions should be removed from your subscription","description":"Enable
+ or disable the monitoring of deprecated acounts with owner permissions in
+ subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveDeprecatedAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Deprecated
+ accounts should be removed from your subscription","description":"Enable or
+ disable the monitoring of deprecated acounts in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppRestrictCORSAccessMonitoringEffect":{"type":"String","metadata":{"displayName":"CORS
+ should not allow every resource to access your Web Application","description":"Enable
+ or disable the monitoring of CORS restrictions for API Web"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vmssSystemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"System
+ updates on virtual machine scale sets should be installed","description":"Enable
+ or disable virtual machine scale sets reporting of system updates"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForReadPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled on accounts with read permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with read permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled on accounts with owner permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with owner permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForWritePermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled accounts with write permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with write permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect":{"type":"String","metadata":{"displayName":"Long-term
+ geo-redundant backup should be enabled for Azure SQL Databases","description":"This
+ policy audits any Azure SQL Database with long-term geo-redundant backup not
+ enabled."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"previewMonitorUnprotectedWebApplicationInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"deployRequirementsToAuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{}},{"policyDefinitionReferenceId":"auditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"auditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"serviceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"auditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"transparentDataEncryptionOnSqlDatabasesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"auditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{}},{"policyDefinitionReferenceId":"auditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a","parameters":{}},{"policyDefinitionReferenceId":"auditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de","parameters":{}},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"auditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"auditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"anAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesShouldBeRemediatedByAVulnerabilityAssessmentSolution","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"diskEncryptionShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesOnYourSqlDatabasesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"justInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"systemUpdatesShouldBeInstalledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"monitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmShouldNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditLinuxVmPasswdFilePermissions","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"endpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"previewShowAuditResultsFromWindowsVMsThatDoNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatAllowReUseOfThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLinuxVMsThatHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"dDoSProtectionStandardShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"thereShouldBeMoreThanOneOwnerAssignedToYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"aMaximumOf3OwnersShouldBeDesignatedForYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsAgentDeploymentInVmssVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsAgentDeploymentVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"apiAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"VulnerabilityAssessmentshouldbeenabledonVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnVirtualMachinesEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantStorageShouldBeEnabledForStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf045164-79ba-4215-8f95-f8048dc1780b","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForStorageAccountsEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMariaDB","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForMariaDBEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMySQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForMySQLEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgreSQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForPostgreSQLEffect'')]"}}},{"policyDefinitionReferenceId":"allowedLocationsForResourceGroups","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988","parameters":{"listOfAllowedLocations":{"value":"[parameters(''listOfAllowedLocationsForResourcesAndResourceGroups'')]"}}},{"policyDefinitionReferenceId":"allowedLocationsForResources","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","parameters":{"listOfAllowedLocations":{"value":"[parameters(''listOfAllowedLocationsForResourcesAndResourceGroups'')]"}}},{"policyDefinitionReferenceId":"deployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","parameters":{"membersToInclude":{"value":"[parameters(''membersToIncludeInAdministratorsLocalGroup'')]"}}},{"policyDefinitionReferenceId":"DeployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","parameters":{"membersToExclude":{"value":"[parameters(''membersToExcludeInAdministratorsLocalGroup'')]"}}},{"policyDefinitionReferenceId":"auditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdForVMs'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"longtermGeoRedundantBackupEnabledAzureSQLDatabases","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","parameters":{"effect":{"value":"[parameters(''longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/d5264498-16f4-418a-b659-fa7ef418175f","type":"Microsoft.Authorization/policySetDefinitions","name":"d5264498-16f4-418a-b659-fa7ef418175f"},{"properties":{"displayName":"[Preview]:
Audit Windows VMs that do not match Azure security baseline settings","policyType":"BuiltIn","description":"This
initiative deploys the policy requirements and audits Windows virtual machines
with non-compliant Azure security baseline configurations. For more information
@@ -3896,7 +4799,23 @@ interactions:
names (supports wildcards)","description":"A semicolon-separated list of the
names of the applications that should not be installed. e.g. ''Microsoft SQL
Server 2014 (64-bit); Microsoft Visual Studio Code'' or ''Microsoft SQL Server
- 2014*'' (to match any application starting with ''Microsoft SQL Server 2014'')"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_NotInstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2","parameters":{"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}}},{"policyDefinitionReferenceId":"Audit_NotInstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/d7fff7ea-9d47-4952-b854-b7da261e48f2","type":"Microsoft.Authorization/policySetDefinitions","name":"d7fff7ea-9d47-4952-b854-b7da261e48f2"},{"properties":{"displayName":"Audit
+ 2014*'' (to match any application starting with ''Microsoft SQL Server 2014'')"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_NotInstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2","parameters":{"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}}},{"policyDefinitionReferenceId":"Audit_NotInstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/d7fff7ea-9d47-4952-b854-b7da261e48f2","type":"Microsoft.Authorization/policySetDefinitions","name":"d7fff7ea-9d47-4952-b854-b7da261e48f2"},{"properties":{"displayName":"[Preview]:
+ Audit FedRAMP Moderate controls and deploy specific VM Extensions to support
+ audit requirements","policyType":"BuiltIn","description":"This initiative
+ includes audit and VM Extension deployment policies that address a subset
+ of FedRAMP M controls. Additional policies will be added in upcoming releases.
+ For more information, please visit https://aka.ms/fedrampm-blueprint.","metadata":{"category":"Regulatory
+ Compliance"},"parameters":{"logAnalyticsWorkspaceId":{"type":"String","metadata":{"displayName":"Log
+ Analytics Workspace Id that VMs should be configured for","description":"This
+ is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured
+ for."}},"listOfResourceTypes":{"type":"Array","metadata":{"displayName":"List
+ of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"membersToExclude":{"type":"String","metadata":{"displayName":"Members
+ to exclude","description":"A semicolon-separated list of members that should
+ be excluded in the Administrators local group. Ex: Administrator; myUser1;
+ myUser2"}},"membersToInclude":{"type":"String","metadata":{"displayName":"Members
+ to include","description":"A semicolon-separated list of members that should
+ be included in the Administrators local group. Ex: Administrator; myUser1;
+ myUser2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"MfaShouldBeEnabledOnAccountsWithOwnerPermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"MFAShouldBeEnabledOnAccountsWithReadPermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"MfaShouldBeEnabledAccountsWithWritePermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"SystemUpdatesOnVirtualMachineScaleSetsShouldBeInstalled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{}},{"policyDefinitionReferenceId":"CorsShouldNotAllowEveryResourceToAccessYourWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{}},{"policyDefinitionReferenceId":"DeprecatedAccountsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"DeprecatedAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithReadPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithWritePermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"FunctionAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"WebApplicationShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"ApiAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVmssVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"AMaximumOf3OwnersShouldBeDesignatedForYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"ThereShouldBeMoreThanOneOwnerAssignedToYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"DDoSProtectionStandardShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatAllowReUseOfThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"PreviewShowAuditResultsFromWindowsVMsThatDoNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6","parameters":{}},{"policyDefinitionReferenceId":"EndpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditLinuxVMsThatHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditWindowsVMsThatAllowReUseOfThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployPrerequisitesToAuditWindowsVMsThatDoNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","parameters":{}},{"policyDefinitionReferenceId":"NetworkSecurityGroupRulesForInternetFacingVirtualMachinesShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"MonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"SystemUpdatesShouldBeInstalledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"AdaptiveApplicationControlsShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"JustInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesOnYourSqlDatabasesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"DiskEncryptionShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesShouldBeRemediatedByAVulnerabilityAssessmentSolution","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes'')]"}}},{"policyDefinitionReferenceId":"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AnAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AdvancedDataSecurityShouldBeEnabledOnYourManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"AuditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"AdvancedDataSecurityShouldBeEnabledOnYourSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de","parameters":{}},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a","parameters":{}},{"policyDefinitionReferenceId":"AuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{}},{"policyDefinitionReferenceId":"TransparentDataEncryptionOnSqlDatabasesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"ServiceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"DeployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","parameters":{"membersToExclude":{"value":"[parameters(''membersToExclude'')]"}}},{"policyDefinitionReferenceId":"DeployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","parameters":{"membersToInclude":{"value":"[parameters(''membersToInclude'')]"}}},{"policyDefinitionReferenceId":"DeployRequirementsToAuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{}},{"policyDefinitionReferenceId":"TheNsGsRulesForWebApplicationsOnIaaSShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceId'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/e95f5a9f-57ad-4d03-bb0b-b1d16db93693","type":"Microsoft.Authorization/policySetDefinitions","name":"e95f5a9f-57ad-4d03-bb0b-b1d16db93693"},{"properties":{"displayName":"Audit
Windows VMs that do not have the specified Windows PowerShell execution policy","policyType":"BuiltIn","description":"This
initiative deploys the policy requirements and audits Windows virtual machines
where Windows PowerShell is not configured to use the specified PowerShell
@@ -3909,18 +4828,17 @@ interactions:
Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration"},"parameters":{"ApplicationName":{"type":"String","metadata":{"displayName":"Application
names","description":"A semicolon-separated list of the names of the applications
- that should not be installed. e.g. ''python; powershell''"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_NotInstalledApplicationLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0","parameters":{"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}}},{"policyDefinitionReferenceId":"Audit_NotInstalledApplicationLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/f48bcc78-5400-4fb0-b913-5140a2e5fa20","type":"Microsoft.Authorization/policySetDefinitions","name":"f48bcc78-5400-4fb0-b913-5140a2e5fa20"},{"properties":{"displayName":"EM
- - Deploy Advanced Data Security on SQL servers","policyType":"Custom","metadata":{"category":"CSS","createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-08-27T17:19:58.6797315Z","updatedBy":null,"updatedOn":null},"parameters":{},"policyDefinitions":[{"policyDefinitionReferenceId":"3773989704580610944","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6","parameters":{}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/29044f17-dbcd-4ff8-9508-9e76dd7d7462","type":"Microsoft.Authorization/policySetDefinitions","name":"29044f17-dbcd-4ff8-9508-9e76dd7d7462"},{"properties":{"displayName":"Audit
- tags","policyType":"Custom","policyDefinitions":[{"policyDefinitionReferenceId":"10813782128107244105","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/audit-tags.shouldBePerfTest"},{"policyDefinitionReferenceId":"7905866564202904301","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/audit-tags.shouldBeUnitTest"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/audit-tags","type":"Microsoft.Authorization/policySetDefinitions","name":"audit-tags"}]}'
+ that should not be installed. e.g. ''python; powershell''"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_NotInstalledApplicationLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0","parameters":{"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}}},{"policyDefinitionReferenceId":"Audit_NotInstalledApplicationLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/f48bcc78-5400-4fb0-b913-5140a2e5fa20","type":"Microsoft.Authorization/policySetDefinitions","name":"f48bcc78-5400-4fb0-b913-5140a2e5fa20"},{"properties":{"displayName":"Test
+ Modify initiative","policyType":"Custom","metadata":{"createdBy":"0dc80135-ae53-4da3-8695-220a2d93aad8","createdOn":"2019-08-29T00:36:36.3227701Z","updatedBy":"0dc80135-ae53-4da3-8695-220a2d93aad8","updatedOn":"2019-08-29T00:44:27.7479878Z"},"parameters":{},"policyDefinitions":[{"policyDefinitionReferenceId":"8044870099827093134","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","parameters":{}},{"policyDefinitionReferenceId":"2352795843478363616","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/robgaTestModify","parameters":{}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/55afae72-7df0-417b-9eb7-f756576c854a","type":"Microsoft.Authorization/policySetDefinitions","name":"55afae72-7df0-417b-9eb7-f756576c854a"}]}'
headers:
cache-control:
- no-cache
content-length:
- - '313289'
+ - '645446'
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:57:14 GMT
+ - Fri, 06 Dec 2019 22:30:55 GMT
expires:
- '-1'
pragma:
@@ -3952,26 +4870,26 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: DELETE
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policy000003","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-11T21:56:39.5914345Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'
+ string: '{"properties":{"displayName":"test_policy000003","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T22:30:12.9687144Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ locations","description":"The list of locations that can be specified when
+ deploying resources"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'
headers:
cache-control:
- no-cache
content-length:
- - '828'
+ - '804'
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:57:16 GMT
+ - Fri, 06 Dec 2019 22:30:57 GMT
expires:
- '-1'
pragma:
@@ -3985,7 +4903,7 @@ interactions:
x-content-type-options:
- nosniff
x-ms-ratelimit-remaining-subscription-deletes:
- - '14999'
+ - '14998'
status:
code: 200
message: OK
@@ -4005,24 +4923,24 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: DELETE
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_data_policy000005","policyType":"Custom","mode":"Microsoft.KeyVault.Data","description":"desc_for_test_data_policy_123","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-11T21:56:40.9348856Z","updatedBy":null,"updatedOn":null},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType","equals":"RSA"},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-data-policy000004"}'
+ string: '{"properties":{"displayName":"test_data_policy000005","policyType":"Custom","mode":"Microsoft.DataCatalog.Data","description":"desc_for_test_data_policy_123","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T22:30:14.3836612Z","updatedBy":null,"updatedOn":null},"policyRule":{"if":{"field":"Microsoft.DataCatalog.Data/catalog/entity/type","equals":"SomeEntityType"},"then":{"effect":"ModifyClassifications","details":{"classificationsToAdd":["foo"],"classificationsToRemove":["bar"]}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-data-policy000004"}'
headers:
cache-control:
- no-cache
content-length:
- - '667'
+ - '755'
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:57:26 GMT
+ - Fri, 06 Dec 2019 22:31:08 GMT
expires:
- '-1'
pragma:
@@ -4052,23 +4970,52 @@ interactions:
Connection:
- keep-alive
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions?api-version=2019-09-01
response:
body:
- string: '{"value":[{"properties":{"displayName":"Audit virtual machines without
- disaster recovery configured","policyType":"BuiltIn","mode":"All","description":"Audit
+ string: '{"value":[{"properties":{"displayName":"Microsoft Managed Control 1599
+ - Developer Configuration Management | Software / Firmware Integrity Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1599"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0004bbf0-5099-4179-869e-e9ffe5fb0945","type":"Microsoft.Authorization/policyDefinitions","name":"0004bbf0-5099-4179-869e-e9ffe5fb0945"},{"properties":{"displayName":"Audit
+ virtual machines without disaster recovery configured","policyType":"BuiltIn","mode":"All","description":"Audit
virtual machines which do not have disaster recovery configured. To learn
more about disaster recovery, visit https://aka.ms/asr-doc.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Resources/links","existenceCondition":{"field":"name","like":"ASR-Protect-*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","type":"Microsoft.Authorization/policyDefinitions","name":"0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56"},{"properties":{"displayName":"[Deprecated]:
Audit Web Sockets state for a Function App","policyType":"BuiltIn","mode":"All","description":"The
Web Sockets protocol is vulnerable to different types of security threats.
Use of Web Sockets within an Function app must be carefully reviewed.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd","type":"Microsoft.Authorization/policyDefinitions","name":"001802d1-4969-4c82-a700-c29c6c6f9bbd"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd","type":"Microsoft.Authorization/policyDefinitions","name":"001802d1-4969-4c82-a700-c29c6c6f9bbd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1375 - Incident Response Assistance | Automation Support For
+ Availability Of Information / Support","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1375"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/00379355-8932-4b52-b63a-3bc6daf3451a","type":"Microsoft.Authorization/policyDefinitions","name":"00379355-8932-4b52-b63a-3bc6daf3451a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1605 - Developer Security Testing And Evaluation | Static
+ Code Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1605"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0062eb8b-dc75-4718-8ea5-9bb4a9606655","type":"Microsoft.Authorization/policyDefinitions","name":"0062eb8b-dc75-4718-8ea5-9bb4a9606655"},{"properties":{"displayName":"Microsoft
+ Managed Control 1142 - Security Assessment And Authorization Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1142"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/01524fa8-4555-48ce-ba5f-c3b8dcef5147","type":"Microsoft.Authorization/policyDefinitions","name":"01524fa8-4555-48ce-ba5f-c3b8dcef5147"},{"properties":{"displayName":"Microsoft
+ Managed Control 1099 - Security Training Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1099"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/01910bab-8639-4bd0-84ef-cc53b24d79ba","type":"Microsoft.Authorization/policyDefinitions","name":"01910bab-8639-4bd0-84ef-cc53b24d79ba"},{"properties":{"displayName":"Microsoft
+ Managed Control 1285 - Telecommunications Services | Provider Contingency
+ Plan","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1285"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/01f7726b-db54-45c2-bcb5-9bd7a43796ee","type":"Microsoft.Authorization/policyDefinitions","name":"01f7726b-db54-45c2-bcb5-9bd7a43796ee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1709 - Security Function Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1709"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/025992d6-7fee-4137-9bbf-2ffc39c0686c","type":"Microsoft.Authorization/policyDefinitions","name":"025992d6-7fee-4137-9bbf-2ffc39c0686c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1052 - Session Lock","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1052"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/027cae1c-ec3e-4492-9036-4168d540c42a","type":"Microsoft.Authorization/policyDefinitions","name":"027cae1c-ec3e-4492-9036-4168d540c42a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1034 - Least Privilege","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1034"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02a5ed00-6d2e-4e97-9a98-46c32c057329","type":"Microsoft.Authorization/policyDefinitions","name":"02a5ed00-6d2e-4e97-9a98-46c32c057329"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs on which the remote host connection status
does not match the specified one","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -4076,12 +5023,68 @@ interactions:
auditing Windows virtual machines on which the remote host connection status
does not match the specified one. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsRemoteConnection","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02a84be7-c304-421f-9bb7-5d2c26af54ad","type":"Microsoft.Authorization/policyDefinitions","name":"02a84be7-c304-421f-9bb7-5d2c26af54ad"},{"properties":{"displayName":"SQL
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsRemoteConnection","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02a84be7-c304-421f-9bb7-5d2c26af54ad","type":"Microsoft.Authorization/policyDefinitions","name":"02a84be7-c304-421f-9bb7-5d2c26af54ad"},{"properties":{"displayName":"Microsoft
+ Managed Control 1623 - Boundary Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1623"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02ce1b22-412a-4528-8630-c42146f917ed","type":"Microsoft.Authorization/policyDefinitions","name":"02ce1b22-412a-4528-8630-c42146f917ed"},{"properties":{"displayName":"Microsoft
+ Managed Control 1515 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1515"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02dd141a-a2b2-49a7-bcbd-ca31142f6211","type":"Microsoft.Authorization/policyDefinitions","name":"02dd141a-a2b2-49a7-bcbd-ca31142f6211"},{"properties":{"displayName":"Microsoft
+ Managed Control 1327 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1327"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03188d8f-1ae5-4fe1-974d-2d7d32ef937d","type":"Microsoft.Authorization/policyDefinitions","name":"03188d8f-1ae5-4fe1-974d-2d7d32ef937d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1229 - Information System Component Inventory | No Duplicate
+ Accounting Of Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1229"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03752212-103c-4ab8-a306-7e813022ca9d","type":"Microsoft.Authorization/policyDefinitions","name":"03752212-103c-4ab8-a306-7e813022ca9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1123 - Audit Review, Analysis, And Reporting | Audit Level
+ Adjustment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1123"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03996055-37a4-45a5-8b70-3f1caa45f87d","type":"Microsoft.Authorization/policyDefinitions","name":"03996055-37a4-45a5-8b70-3f1caa45f87d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1474 - Emergency Power | Long-Term Alternate Power Supply
+ - Minimal Operational Capability","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1474"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03ad326e-d7a1-44b1-9a76-e17492efc9e4","type":"Microsoft.Authorization/policyDefinitions","name":"03ad326e-d7a1-44b1-9a76-e17492efc9e4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1227 - Information System Component Inventory | Automated
+ Unauthorized Component Detection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1227"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03b78f5e-4877-4303-b0f4-eb6583f25768","type":"Microsoft.Authorization/policyDefinitions","name":"03b78f5e-4877-4303-b0f4-eb6583f25768"},{"properties":{"displayName":"Microsoft
+ Managed Control 1361 - Incident Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1361"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03ed3be1-7276-4452-9a5d-e4168565ac67","type":"Microsoft.Authorization/policyDefinitions","name":"03ed3be1-7276-4452-9a5d-e4168565ac67"},{"properties":{"displayName":"Microsoft
+ Managed Control 1594 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1594"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/042ba2a1-8bb8-45f4-b080-c78cf62b90e9","type":"Microsoft.Authorization/policyDefinitions","name":"042ba2a1-8bb8-45f4-b080-c78cf62b90e9"},{"properties":{"displayName":"SQL
managed instance TDE protector should be encrypted with your own key","policyType":"BuiltIn","mode":"Indexed","description":"Transparent
Data Encryption (TDE) with your own key support provides increased transparency
and control over the TDE Protector, increased security with an HSM-backed
external service, and promotion of separation of duties.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/encryptionProtector","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/managedInstances/encryptionProtector/serverKeyType","equals":"AzureKeyVault"},{"field":"Microsoft.Sql/managedInstances/encryptionProtector/uri","notEquals":""},{"field":"Microsoft.Sql/managedInstances/encryptionProtector/uri","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","type":"Microsoft.Authorization/policyDefinitions","name":"048248b0-55cd-46da-b1ff-39efd52db260"},{"properties":{"displayName":"[Preview]:
+ Network traffic data collection agent should be installed on Linux virtual
+ machines","policyType":"BuiltIn","mode":"Indexed","description":"Security
+ Center uses the Microsoft Monitoring Dependency Agent to collect network traffic
+ data from your Azure virtual machines to enable advanced network protection
+ features such as traffic visualization on the network map, network hardening
+ recommendations and specific network threats.","metadata":{"category":"Monitoring","preview":"true"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable Dependency Agent for Linux VMs monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/04c4380f-3fae-46e8-96c9-30193528f602","type":"Microsoft.Authorization/policyDefinitions","name":"04c4380f-3fae-46e8-96c9-30193528f602"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Service Bus to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Service Bus to stream to a regional Log Analytics
+ workspace when any Service Bus which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.ServiceBus/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e","type":"Microsoft.Authorization/policyDefinitions","name":"04d53d87-841c-4f23-8a5b-21564380b55e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1572 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1572"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/04f5fb00-80bb-48a9-a75b-4cb4d4c97c36","type":"Microsoft.Authorization/policyDefinitions","name":"04f5fb00-80bb-48a9-a75b-4cb4d4c97c36"},{"properties":{"displayName":"[Preview]:
Deploy Log Analytics Agent for Linux VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined
and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log
@@ -4094,19 +5097,60 @@ interactions:
''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77","type":"Microsoft.Authorization/policyDefinitions","name":"053d3325-282c-4e5c-b944-24faffd30d77"},{"properties":{"displayName":"Diagnostic
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77","type":"Microsoft.Authorization/policyDefinitions","name":"053d3325-282c-4e5c-b944-24faffd30d77"},{"properties":{"displayName":"Microsoft
+ Managed Control 1331 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1331"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05460fe2-301f-4ed1-8174-d62c8bb92ff4","type":"Microsoft.Authorization/policyDefinitions","name":"05460fe2-301f-4ed1-8174-d62c8bb92ff4"},{"properties":{"displayName":"Vulnerability
+ Assessment settings for SQL server should contain an email address to receive
+ scan reports","policyType":"BuiltIn","mode":"Indexed","description":"Ensure
+ that an email address is provided for the ''Send scan reports to'' field in
+ the Vulnerability Assessment settings. This email address receives scan result
+ summary after a periodic scan runs on SQL servers.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/vulnerabilityAssessments/default.recurringScans.emails[*]","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9","type":"Microsoft.Authorization/policyDefinitions","name":"057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9"},{"properties":{"displayName":"Diagnostic
logs in Azure Data Lake Store should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Data Lake"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","type":"Microsoft.Authorization/policyDefinitions","name":"057ef27e-665e-4328-8ea3-04b3122bd9fb"},{"properties":{"displayName":"Audit
- SQL DB Level Audit Setting","policyType":"BuiltIn","mode":"All","description":"Audit
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","type":"Microsoft.Authorization/policyDefinitions","name":"057ef27e-665e-4328-8ea3-04b3122bd9fb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1132 - Protection Of Audit Information | Audit Backup On Separate
+ Physical Systems / Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1132"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05938e10-cdbd-4a54-9b2b-1cbcfc141ad0","type":"Microsoft.Authorization/policyDefinitions","name":"05938e10-cdbd-4a54-9b2b-1cbcfc141ad0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1223 - Information System Component Inventory","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1223"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a","type":"Microsoft.Authorization/policyDefinitions","name":"05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1640 - Transmission Confidentiality And Integrity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1640"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05a289ce-6a20-4b75-a0f3-dc8601b6acd0","type":"Microsoft.Authorization/policyDefinitions","name":"05a289ce-6a20-4b75-a0f3-dc8601b6acd0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1420 - Maintenance Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1420"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05ae08cc-a282-413b-90c7-21a2c60b8404","type":"Microsoft.Authorization/policyDefinitions","name":"05ae08cc-a282-413b-90c7-21a2c60b8404"},{"properties":{"displayName":"Microsoft
+ Managed Control 1658 - Secure Name / Address Resolution Service (Recursive
+ Or Caching Resolver)","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1658"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/063b540e-4bdc-4e7a-a569-3a42ddf22098","type":"Microsoft.Authorization/policyDefinitions","name":"063b540e-4bdc-4e7a-a569-3a42ddf22098"},{"properties":{"displayName":"Microsoft
+ Managed Control 1688 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1688"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/063c3f09-e0f0-4587-8fd5-f4276fae675f","type":"Microsoft.Authorization/policyDefinitions","name":"063c3f09-e0f0-4587-8fd5-f4276fae675f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1332 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1332"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/068260be-a5e6-4b0a-a430-cd27071c226a","type":"Microsoft.Authorization/policyDefinitions","name":"068260be-a5e6-4b0a-a430-cd27071c226a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1455 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1455"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/068a88d4-e520-434e-baf0-9005a8164e6a","type":"Microsoft.Authorization/policyDefinitions","name":"068a88d4-e520-434e-baf0-9005a8164e6a"},{"properties":{"displayName":"[Deprecated]:
+ Audit SQL DB Level Audit Setting","policyType":"BuiltIn","mode":"All","description":"Audit
DB level audit setting for SQL databases","metadata":{"category":"SQL","deprecated":true},"parameters":{"setting":{"type":"String","metadata":{"displayName":"Audit
Setting"},"allowedValues":["enabled","disabled"]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Sql/servers/databases/auditingSettings","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/auditingSettings.state","equals":"[parameters(''setting'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"Audit
VMs that do not use managed disks","policyType":"BuiltIn","mode":"All","description":"This
- policy audits VMs that do not use managed disks","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/virtualMachines/osDisk.uri","exists":"True"}]},{"allOf":[{"field":"type","equals":"Microsoft.Compute/VirtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers","exists":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl","exists":"True"}]}]}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a4d"},{"properties":{"displayName":"CORS
+ policy audits VMs that do not use managed disks","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/virtualMachines/osDisk.uri","exists":"True"}]},{"allOf":[{"field":"type","equals":"Microsoft.Compute/VirtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers","exists":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl","exists":"True"}]}]}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a4d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1366 - Incident Handling | Information Correlation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1366"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06c45c30-ae44-4f0f-82be-41331da911cc","type":"Microsoft.Authorization/policyDefinitions","name":"06c45c30-ae44-4f0f-82be-41331da911cc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1633 - Boundary Protection | Route Traffic To Authenticated
+ Proxy Servers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1633"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/07557aa0-e02f-4460-9a81-8ecd2fed601a","type":"Microsoft.Authorization/policyDefinitions","name":"07557aa0-e02f-4460-9a81-8ecd2fed601a"},{"properties":{"displayName":"CORS
should not allow every resource to access your Function Apps","policyType":"BuiltIn","mode":"Indexed","description":"Cross-Origin
Resource Sharing (CORS) should not allow all domains to access your Function
app. Allow only required domains to interact with your Function app.","metadata":{"category":"App
@@ -4125,12 +5169,30 @@ interactions:
''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c","type":"Microsoft.Authorization/policyDefinitions","name":"0868462e-646c-4fe3-9ced-a733534b6a2c"},{"properties":{"displayName":"[Deprecated]:
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c","type":"Microsoft.Authorization/policyDefinitions","name":"0868462e-646c-4fe3-9ced-a733534b6a2c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1583 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1583"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0882d488-8e80-4466-bc0f-0cd15b6cb66d","type":"Microsoft.Authorization/policyDefinitions","name":"0882d488-8e80-4466-bc0f-0cd15b6cb66d"},{"properties":{"displayName":"[Deprecated]:
Audit Web Applications that are not using latest supported PHP Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported PHP version for the latest security classes. Using older
classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c","type":"Microsoft.Authorization/policyDefinitions","name":"08b17839-76c6-4015-90e0-33d9d54d219c"},{"properties":{"displayName":"Network
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c","type":"Microsoft.Authorization/policyDefinitions","name":"08b17839-76c6-4015-90e0-33d9d54d219c"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Search Services to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Search Services to stream to a regional Log Analytics
+ workspace when any Search Services which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Search/searchServices/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d","type":"Microsoft.Authorization/policyDefinitions","name":"08ba64b8-738f-4918-9686-730d2ed79c7d"},{"properties":{"displayName":"Network
Security Group Rules for Internet facing virtual machines should be hardened","policyType":"BuiltIn","mode":"Indexed","description":"Azure
Security Center analyzes the traffic patterns of Internet facing virtual machines
and provides Network Security Group rule recommendations that reduce the potential
@@ -4139,11 +5201,50 @@ interactions:
should be more than one owner assigned to your subscription","policyType":"BuiltIn","mode":"All","description":"It
is recommended to designate more than one subscription owner in order to have
administrator access redundancy.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateMoreThanOneOwner","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","type":"Microsoft.Authorization/policyDefinitions","name":"09024ccc-0c5f-475e-9457-b7c0d9ed487b"},{"properties":{"displayName":"Disk
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateMoreThanOneOwner","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","type":"Microsoft.Authorization/policyDefinitions","name":"09024ccc-0c5f-475e-9457-b7c0d9ed487b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1159 - Security Authorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1159"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0925f098-7877-450b-8ba4-d1e55f2d8795","type":"Microsoft.Authorization/policyDefinitions","name":"0925f098-7877-450b-8ba4-d1e55f2d8795"},{"properties":{"displayName":"Disk
encryption should be applied on virtual machines","policyType":"BuiltIn","mode":"All","description":"VMs
without an enabled disk encryption will be monitored by Azure Security Center
as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","type":"Microsoft.Authorization/policyDefinitions","name":"0961003e-5a0a-4549-abde-af6a37f2724d"},{"properties":{"displayName":"Audit
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","type":"Microsoft.Authorization/policyDefinitions","name":"0961003e-5a0a-4549-abde-af6a37f2724d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1302 - Identification And Authentication (Org. Users) | Network
+ Access To Non-Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1302"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09828c65-e323-422b-9774-9d5c646124da","type":"Microsoft.Authorization/policyDefinitions","name":"09828c65-e323-422b-9774-9d5c646124da"},{"properties":{"displayName":"Configure
+ backup on VMs of a location to an existing central Vault in the same location","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy configures Azure Backup protection on VMs in a given location to an
+ existing central vault in the same location. It applies to only those VMs
+ that are not already configured for backup. It is recommended that this policy
+ is assigned to not more than 200 VMs. If the policy is assigned for more than
+ 200 VMs, it can result in the backup getting triggered a few hours beyond
+ the defined schedule. This policy will be enhanced to support more VM images.","metadata":{"category":"Backup"},"parameters":{"vaultLocation":{"type":"String","metadata":{"displayName":"Location
+ (Specify the location of the VMs that you want to protect)","description":"Specify
+ the location of the VMs that you want to protect. VMs should be backed up
+ to a vault in the same location.\nFor example - southeastasia","strongType":"location"}},"backupPolicyId":{"type":"String","metadata":{"displayName":"Backup
+ Policy (of type Azure VM from a vault in the location chosen above)","description":"Specify
+ the id of the Azure backup policy to configure backup of the virtual machines.
+ The selected Azure backup policy should be of type Azure virtual machine.
+ This policy needs to be in a vault that is present in the location chosen
+ above.\nFor example - /subscriptions//resourceGroups//providers/Microsoft.RecoveryServices/vaults//backupPolicies/","strongType":"Microsoft.RecoveryServices/vaults/backupPolicies"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["deployIfNotExists","auditIfNotExists","disabled"],"defaultValue":"deployIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"location","equals":"[parameters(''vaultLocation'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c","/providers/microsoft.authorization/roleDefinitions/5e467623-bb1f-42f4-a55d-6e525e11384b"],"type":"Microsoft.RecoveryServices/backupprotecteditems","deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"backupPolicyId":{"type":"String"},"fabricName":{"type":"String"},"protectionContainers":{"type":"String"},"protectedItems":{"type":"String"},"sourceResourceId":{"type":"String"}},"resources":[{"apiVersion":"2017-05-10","name":"[concat(''DeployProtection-'',uniqueString(parameters(''protectedItems'')))]","type":"Microsoft.Resources/deployments","resourceGroup":"[first(skip(split(parameters(''backupPolicyId''),
+ ''/''), 4))]","subscriptionId":"[first(skip(split(parameters(''backupPolicyId''),
+ ''/''), 2))]","properties":{"mode":"Incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"backupPolicyId":{"type":"String"},"fabricName":{"type":"String"},"protectionContainers":{"type":"String"},"protectedItems":{"type":"String"},"sourceResourceId":{"type":"String"}},"resources":[{"type":"Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems","name":"[concat(first(skip(split(parameters(''backupPolicyId''),
+ ''/''), 8)), ''/'', parameters(''fabricName''), ''/'',parameters(''protectionContainers''),
+ ''/'', parameters(''protectedItems''))]","apiVersion":"2016-06-01","properties":{"protectedItemType":"Microsoft.Compute/virtualMachines","policyId":"[parameters(''backupPolicyId'')]","sourceResourceId":"[parameters(''sourceResourceId'')]"}}]},"parameters":{"backupPolicyId":{"value":"[parameters(''backupPolicyId'')]"},"fabricName":{"value":"[parameters(''fabricName'')]"},"protectionContainers":{"value":"[parameters(''protectionContainers'')]"},"protectedItems":{"value":"[parameters(''protectedItems'')]"},"sourceResourceId":{"value":"[parameters(''sourceResourceId'')]"}}}}]},"parameters":{"backupPolicyId":{"value":"[parameters(''backupPolicyId'')]"},"fabricName":{"value":"Azure"},"protectionContainers":{"value":"[concat(''iaasvmcontainer;iaasvmcontainerv2;'',
+ resourceGroup().name, '';'' ,field(''name''))]"},"protectedItems":{"value":"[concat(''vm;iaasvmcontainerv2;'',
+ resourceGroup().name, '';'' ,field(''name''))]"},"sourceResourceId":{"value":"[concat(''/subscriptions/'',
+ subscription().subscriptionId, ''/resourceGroups/'', resourceGroup().name,
+ ''/providers/Microsoft.Compute/virtualMachines/'',field(''name''))]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09ce66bc-1220-4153-8104-e3f51c936913","type":"Microsoft.Authorization/policyDefinitions","name":"09ce66bc-1220-4153-8104-e3f51c936913"},{"properties":{"displayName":"Microsoft
+ Managed Control 1654 - Voice Over Internet Protocol","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1654"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a2ee16e-ab1f-414a-800b-d1608835862b","type":"Microsoft.Authorization/policyDefinitions","name":"0a2ee16e-ab1f-414a-800b-d1608835862b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1402 - Controlled Maintenance | Automated Maintenance Activities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1402"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a560d32-8075-4fec-9615-9f7c853f4ea9","type":"Microsoft.Authorization/policyDefinitions","name":"0a560d32-8075-4fec-9615-9f7c853f4ea9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1428 - Media Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1428"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a77fcc7-b8d8-451a-ab52-56197913c0c7","type":"Microsoft.Authorization/policyDefinitions","name":"0a77fcc7-b8d8-451a-ab52-56197913c0c7"},{"properties":{"displayName":"Audit
resource location matches resource group location","policyType":"BuiltIn","mode":"Indexed","description":"Audit
that the resource location matches its resource group location","metadata":{"category":"General"},"policyRule":{"if":{"field":"location","notIn":["[resourcegroup().location]","global"]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a","type":"Microsoft.Authorization/policyDefinitions","name":"0a914e76-4921-4c19-b460-a2d36003525a"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
@@ -4156,13 +5257,26 @@ interactions:
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesAccountManagement","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesAccountManagement"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29","type":"Microsoft.Authorization/policyDefinitions","name":"0a9991e6-21be-49f9-8916-a06d934bcf29"},{"properties":{"displayName":"Email
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29","type":"Microsoft.Authorization/policyDefinitions","name":"0a9991e6-21be-49f9-8916-a06d934bcf29"},{"properties":{"displayName":"Microsoft
+ Managed Control 1044 - Unsuccessful Logon Attempts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1044"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0abbac52-57cf-450d-8408-1208d0dd9e90","type":"Microsoft.Authorization/policyDefinitions","name":"0abbac52-57cf-450d-8408-1208d0dd9e90"},{"properties":{"displayName":"Microsoft
+ Managed Control 1253 - Contingency Plan | Resume Essential Missions / Business
+ Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1253"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0afce0b3-dd9f-42bb-af28-1e4284ba8311","type":"Microsoft.Authorization/policyDefinitions","name":"0afce0b3-dd9f-42bb-af28-1e4284ba8311"},{"properties":{"displayName":"Email
notification to subscription owner for high severity alerts should be enabled","policyType":"BuiltIn","mode":"All","description":"Enable
emailing security alerts to the subscription owner, in order to have them
receive security alert emails from Microsoft. This ensures that they are aware
of any potential security issues and can mitigate the risk in a timely fashion","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertsToAdmins","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","type":"Microsoft.Authorization/policyDefinitions","name":"0b15565f-aa9e-48ba-8619-45960f2c314d"},{"properties":{"displayName":"Key
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertsToAdmins","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","type":"Microsoft.Authorization/policyDefinitions","name":"0b15565f-aa9e-48ba-8619-45960f2c314d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1046 - Automatic Account Lock | Purge / Wipe Mobile Device","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1046"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b1aa965-7502-41f9-92be-3e2fe7cc392a","type":"Microsoft.Authorization/policyDefinitions","name":"0b1aa965-7502-41f9-92be-3e2fe7cc392a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1020 - Account Management | Role-Based Schemes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1020"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b291ee8-3140-4cad-beb7-568c077c78ce","type":"Microsoft.Authorization/policyDefinitions","name":"0b291ee8-3140-4cad-beb7-568c077c78ce"},{"properties":{"displayName":"Key
Vault objects should be recoverable","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits if key vault objects are not recoverable. Soft Delete feature
helps to effectively hold the resources for a given retention period (90 days)
@@ -4171,19 +5285,51 @@ interactions:
state cannot be purged until the retention period of 90 days has passed. These
vaults and objects can still be recovered, assuring customers that the retention
policy will be followed.","metadata":{"category":"Key Vault"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"anyOf":[{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","equals":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","type":"Microsoft.Authorization/policyDefinitions","name":"0b60c0b2-2dc2-4e1c-b5c9-abbed971de53"},{"properties":{"displayName":"SQL
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"anyOf":[{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","equals":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","type":"Microsoft.Authorization/policyDefinitions","name":"0b60c0b2-2dc2-4e1c-b5c9-abbed971de53"},{"properties":{"displayName":"Microsoft
+ Managed Control 1115 - Audit Review, Analysis, And Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1115"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b653845-2ad9-4e09-a4f3-5a7c1d78353d","type":"Microsoft.Authorization/policyDefinitions","name":"0b653845-2ad9-4e09-a4f3-5a7c1d78353d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1239 - User-Installed Software","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1239"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0be51298-f643-4556-88af-d7db90794879","type":"Microsoft.Authorization/policyDefinitions","name":"0be51298-f643-4556-88af-d7db90794879"},{"properties":{"displayName":"Ensure
+ API app has ''Client Certificates (Incoming client certificates)'' set to
+ ''On''","policyType":"BuiltIn","mode":"Indexed","description":"Client certificates
+ allow for the app to request a certificate for incoming requests. Only clients
+ that have a valid certificate will be able to reach the app.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"},{"field":"Microsoft.Web/sites/clientCertEnabled","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886","type":"Microsoft.Authorization/policyDefinitions","name":"0c192fe8-9cbb-4516-85b3-0ade8bd03886"},{"properties":{"displayName":"Microsoft
+ Managed Control 1496 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1496"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0ca96127-2f87-46ab-a4fc-0d2a786df1c8","type":"Microsoft.Authorization/policyDefinitions","name":"0ca96127-2f87-46ab-a4fc-0d2a786df1c8"},{"properties":{"displayName":"SQL
server TDE protector should be encrypted with your own key","policyType":"BuiltIn","mode":"Indexed","description":"Transparent
Data Encryption (TDE) with your own key support provides increased transparency
and control over the TDE Protector, increased security with an HSM-backed
external service, and promotion of separation of duties.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/encryptionProtector","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/servers/encryptionProtector/serverKeyType","equals":"AzureKeyVault"},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","notEquals":""},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","type":"Microsoft.Authorization/policyDefinitions","name":"0d134df8-db83-46fb-ad72-fe0c9428c8dd"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/encryptionProtector","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/servers/encryptionProtector/serverKeyType","equals":"AzureKeyVault"},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","notEquals":""},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","type":"Microsoft.Authorization/policyDefinitions","name":"0d134df8-db83-46fb-ad72-fe0c9428c8dd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1518 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1518"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d58f734-c052-40e9-8b2f-a1c2bff0b815","type":"Microsoft.Authorization/policyDefinitions","name":"0d58f734-c052-40e9-8b2f-a1c2bff0b815"},{"properties":{"displayName":"Microsoft
+ Managed Control 1713 - Software, Firmware, And Information Integrity | Integrity
+ Checks","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1713"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d87c70b-5012-48e9-994b-e70dd4b8def0","type":"Microsoft.Authorization/policyDefinitions","name":"0d87c70b-5012-48e9-994b-e70dd4b8def0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1466 - Visitor Access Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1466"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d943a9c-a6f1-401f-a792-740cdb09c451","type":"Microsoft.Authorization/policyDefinitions","name":"0d943a9c-a6f1-401f-a792-740cdb09c451"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs on which Windows Defender Exploit Guard
is not enabled","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines on which Windows Defender Exploit Guard is not enabled. For
more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDefenderExploitGuard","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053","type":"Microsoft.Authorization/policyDefinitions","name":"0d9b45ff-9ddd-43fc-bf59-fbd1c8423053"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDefenderExploitGuard","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053","type":"Microsoft.Authorization/policyDefinitions","name":"0d9b45ff-9ddd-43fc-bf59-fbd1c8423053"},{"properties":{"displayName":"Managed
+ identity should be used in your Function App","policyType":"BuiltIn","mode":"Indexed","description":"Use
+ a managed identity for enhanced authentication security","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f","type":"Microsoft.Authorization/policyDefinitions","name":"0da106f2-4ca3-48e8-bc85-c638fe6aea8f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1718 - Software, Firmware, And Information Integrity | Binary
+ Or Machine Executable Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1718"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0dced7ab-9ce5-4137-93aa-14c13e06ab17","type":"Microsoft.Authorization/policyDefinitions","name":"0dced7ab-9ce5-4137-93aa-14c13e06ab17"},{"properties":{"displayName":"[Preview]:
Authorized IP ranges should be defined on Kubernetes Services","policyType":"BuiltIn","mode":"All","description":"Restrict
access to the Kubernetes Service Management API by granting API access only
to IP addresses in specific ranges. It is recommended to limit access to authorized
@@ -4193,7 +5339,42 @@ interactions:
debugging should be turned off for Function Apps","policyType":"BuiltIn","mode":"Indexed","description":"Remote
debugging requires inbound ports to be opened on an function app. Remote debugging
should be turned off.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","type":"Microsoft.Authorization/policyDefinitions","name":"0e60b895-3786-45da-8377-9c6b4b6ac5f9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","type":"Microsoft.Authorization/policyDefinitions","name":"0e60b895-3786-45da-8377-9c6b4b6ac5f9"},{"properties":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for MariaDB","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure Database for MariaDB with geo-redundant backup not
+ enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMariaDB/servers"},{"field":"Microsoft.DBforMariaDB/servers/storageProfile.geoRedundantBackup","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","type":"Microsoft.Authorization/policyDefinitions","name":"0ec47710-77ff-4a3d-9181-6aa50af424d0"},{"properties":{"displayName":"Deploy
+ prerequisites to enable Guest Configuration Policy on Windows VMs.","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a system-assigned managed identity and deploys the VM extension
+ for Guest Configuration on Windows VMs. This is a prerequisites for Guest
+ Configuration Policy and must be assigned to the scope before using any Guest
+ Configuration policy. For more information on Guest Configuration policies,
+ please visit https://aka.ms/gcpol.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.Compute/virtualMachines/extensions","name":"AzurePolicyforWindows","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.GuestConfiguration"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"ConfigurationforWindows"}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"resources":[{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}}}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0ecd903d-91e7-4726-83d3-a229d7f2e293","type":"Microsoft.Authorization/policyDefinitions","name":"0ecd903d-91e7-4726-83d3-a229d7f2e293"},{"properties":{"displayName":"Microsoft
+ Managed Control 1601 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1601"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e","type":"Microsoft.Authorization/policyDefinitions","name":"0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1476 - Fire Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1476"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f3c4ac2-3e35-4906-a80b-473b12a622d7","type":"Microsoft.Authorization/policyDefinitions","name":"0f3c4ac2-3e35-4906-a80b-473b12a622d7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1204 - Access Restrictions For Change | Review System Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1204"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f4f6750-d1ab-4a4c-8dfd-af3237682665","type":"Microsoft.Authorization/policyDefinitions","name":"0f4f6750-d1ab-4a4c-8dfd-af3237682665"},{"properties":{"displayName":"Microsoft
+ Managed Control 1430 - Media Marking","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1430"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f559588-5e53-4b14-a7c4-85d28ebc2234","type":"Microsoft.Authorization/policyDefinitions","name":"0f559588-5e53-4b14-a7c4-85d28ebc2234"},{"properties":{"displayName":"Microsoft
+ Managed Control 1574 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1574"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f935dab-83d6-47b8-85ef-68b8584161b9","type":"Microsoft.Authorization/policyDefinitions","name":"0f935dab-83d6-47b8-85ef-68b8584161b9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1164 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1164"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0fb8d3ce-9e96-481c-9c68-88d4e3019310","type":"Microsoft.Authorization/policyDefinitions","name":"0fb8d3ce-9e96-481c-9c68-88d4e3019310"},{"properties":{"displayName":"Microsoft
+ Managed Control 1017 - Account Management | Inactivity Logout","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1017"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0fc3db37-e59a-48c1-84e9-1780cedb409e","type":"Microsoft.Authorization/policyDefinitions","name":"0fc3db37-e59a-48c1-84e9-1780cedb409e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1087 - Security Awareness And Training Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1087"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/100c82ba-42e9-4d44-a2ba-94b209248583","type":"Microsoft.Authorization/policyDefinitions","name":"100c82ba-42e9-4d44-a2ba-94b209248583"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not contain the specified
certificates in Trusted Root","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows VMs that
@@ -4207,14 +5388,34 @@ interactions:
thumbprints","description":"A semicolon-separated list of certificate thumbprints
that should exist under the Trusted Root certificate store (Cert:\\LocalMachine\\Root).
e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsCertificateInTrustedRoot","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude'',
- ''='', parameters(''CertificateThumbprints'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsCertificateInTrustedRoot"},"CertificateThumbprints":{"value":"[parameters(''CertificateThumbprints'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"CertificateThumbprints":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprints'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprints'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/106ccbe4-a791-4f33-a44a-06796944b8d5","type":"Microsoft.Authorization/policyDefinitions","name":"106ccbe4-a791-4f33-a44a-06796944b8d5"},{"properties":{"displayName":"[Preview]:
+ ''='', parameters(''CertificateThumbprints'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsCertificateInTrustedRoot"},"CertificateThumbprints":{"value":"[parameters(''CertificateThumbprints'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"CertificateThumbprints":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprints'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprints'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/106ccbe4-a791-4f33-a44a-06796944b8d5","type":"Microsoft.Authorization/policyDefinitions","name":"106ccbe4-a791-4f33-a44a-06796944b8d5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1554 - Vulnerability Scanning | Discoverable Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1554"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/10984b4e-c93e-48d7-bf20-9c03b04e9eca","type":"Microsoft.Authorization/policyDefinitions","name":"10984b4e-c93e-48d7-bf20-9c03b04e9eca"},{"properties":{"displayName":"Ensure
+ that ''.Net Framework'' version is the latest, if used as a part of the Function
+ App","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for .Net Framework software either due to security
+ flaws or to include additional functionality. Using the latest .Net framework
+ version for web apps is recommended in order to to take advantage of security
+ fixes, if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.netFrameworkVersion","in":["v3.0","v4.0"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/10c1859c-e1a7-4df3-ab97-a487fa8059f6","type":"Microsoft.Authorization/policyDefinitions","name":"10c1859c-e1a7-4df3-ab97-a487fa8059f6"},{"properties":{"displayName":"Custom
+ subscription owner roles should not exist","policyType":"BuiltIn","mode":"All","description":"This
+ policy ensures that no custom subscription owner roles exist.","metadata":{"category":"General"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Authorization/roleDefinitions"},{"field":"Microsoft.Authorization/roleDefinitions/type","equals":"CustomRole"},{"anyOf":[{"not":{"field":"Microsoft.Authorization/roleDefinitions/permissions[*].actions[*]","notEquals":"*"}},{"not":{"field":"Microsoft.Authorization/roleDefinitions/permissions.actions[*]","notEquals":"*"}}]},{"not":{"field":"Microsoft.Authorization/roleDefinitions/assignableScopes[*]","notIn":["[concat(subscription().id,''/'')]","[subscription().id]","/"]}},{"not":{"field":"Microsoft.Authorization/roleDefinitions/assignableScopes[*]","notLike":"/providers/Microsoft.Management/*"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","type":"Microsoft.Authorization/policyDefinitions","name":"10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1230 - Configuration Management Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1230"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11158848-f679-4e9b-aa7b-9fb07d945071","type":"Microsoft.Authorization/policyDefinitions","name":"11158848-f679-4e9b-aa7b-9fb07d945071"},{"properties":{"displayName":"Microsoft
+ Managed Control 1432 - Media Storage","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1432"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1140e542-b80d-4048-af45-3f7245be274b","type":"Microsoft.Authorization/policyDefinitions","name":"1140e542-b80d-4048-af45-3f7245be274b"},{"properties":{"displayName":"[Preview]:
Audit Dependency Agent Deployment - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports
VMs as non-compliant if the VM Image (OS) is not in the list defined and the
agent is not installed. The list of OS images will be updated over time as
@@ -4222,7 +5423,16 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","type":"Microsoft.Authorization/policyDefinitions","name":"11ac78e3-31bc-4f0c-8434-37ab963cea07"},{"properties":{"displayName":"[Preview]:
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","type":"Microsoft.Authorization/policyDefinitions","name":"11ac78e3-31bc-4f0c-8434-37ab963cea07"},{"properties":{"displayName":"Microsoft
+ Managed Control 1655 - Voice Over Internet Protocol","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1655"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/121eab72-390e-4629-a7e2-6d6184f57c6b","type":"Microsoft.Authorization/policyDefinitions","name":"121eab72-390e-4629-a7e2-6d6184f57c6b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1681 - Malicious Code Protection | Automatic Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1681"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12623e7e-4736-4b2e-b776-c1600f35f93a","type":"Microsoft.Authorization/policyDefinitions","name":"12623e7e-4736-4b2e-b776-c1600f35f93a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1240 - User-Installed Software","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1240"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/129eb39f-d79a-4503-84cd-92f036b5e429","type":"Microsoft.Authorization/policyDefinitions","name":"129eb39f-d79a-4503-84cd-92f036b5e429"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- System objects''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4233,7 +5443,10 @@ interactions:
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsSystemobjects","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsSystemobjects"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12ae2d24-3805-4b37-9fa9-465968bfbcfa","type":"Microsoft.Authorization/policyDefinitions","name":"12ae2d24-3805-4b37-9fa9-465968bfbcfa"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12ae2d24-3805-4b37-9fa9-465968bfbcfa","type":"Microsoft.Authorization/policyDefinitions","name":"12ae2d24-3805-4b37-9fa9-465968bfbcfa"},{"properties":{"displayName":"Microsoft
+ Managed Control 1666 - System And Information Integrity Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1666"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12e30ee3-61e6-4509-8302-a871e8ebb91e","type":"Microsoft.Authorization/policyDefinitions","name":"12e30ee3-61e6-4509-8302-a871e8ebb91e"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that do not have the specified applications
installed","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4246,14 +5459,33 @@ interactions:
names of the applications that should be installed. e.g. ''Microsoft SQL Server
2014 (64-bit); Microsoft Visual Studio Code'' or ''Microsoft SQL Server 2014*''
(to match any application starting with ''Microsoft SQL Server 2014'')"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WhitelistedApplication","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[InstalledApplication]bwhitelistedapp;Name'',
- ''='', parameters(''installedApplication'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WhitelistedApplication"},"installedApplication":{"value":"[parameters(''installedApplication'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"installedApplication":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]bwhitelistedapp;Name","value":"[parameters(''installedApplication'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]bwhitelistedapp;Name","value":"[parameters(''installedApplication'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6","type":"Microsoft.Authorization/policyDefinitions","name":"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6"},{"properties":{"displayName":"Deploy
+ ''='', parameters(''installedApplication'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WhitelistedApplication"},"installedApplication":{"value":"[parameters(''installedApplication'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"installedApplication":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]bwhitelistedapp;Name","value":"[parameters(''installedApplication'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]bwhitelistedapp;Name","value":"[parameters(''installedApplication'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6","type":"Microsoft.Authorization/policyDefinitions","name":"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1347 - Identification And Authentication (Non-Org. Users)
+ | Acceptance Of PIV Creds. From Other Agys.","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1347"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/131a2706-61e9-4916-a164-00e052056462","type":"Microsoft.Authorization/policyDefinitions","name":"131a2706-61e9-4916-a164-00e052056462"},{"properties":{"displayName":"Microsoft
+ Managed Control 1450 - Physical Access Authorizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1450"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/134d7a13-ba3e-41e2-b236-91bfcfa24e01","type":"Microsoft.Authorization/policyDefinitions","name":"134d7a13-ba3e-41e2-b236-91bfcfa24e01"},{"properties":{"displayName":"Microsoft
+ Managed Control 1184 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1184"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/13579d0e-0ab0-4b26-b0fb-d586f6d7ed20","type":"Microsoft.Authorization/policyDefinitions","name":"13579d0e-0ab0-4b26-b0fb-d586f6d7ed20"},{"properties":{"displayName":"Microsoft
+ Managed Control 1085 - Publicly Accessible Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1085"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/13d117e0-38b0-4bbb-aaab-563be5dd10ba","type":"Microsoft.Authorization/policyDefinitions","name":"13d117e0-38b0-4bbb-aaab-563be5dd10ba"},{"properties":{"displayName":"Microsoft
+ Managed Control 1404 - Maintenance Tools","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1404"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/13d8f903-0cd6-449f-a172-50f6579c182b","type":"Microsoft.Authorization/policyDefinitions","name":"13d8f903-0cd6-449f-a172-50f6579c182b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1695 - Information System Monitoring | Wireless Intrusion
+ Detection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1695"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/13fcf812-ec82-4eda-9b89-498de9efd620","type":"Microsoft.Authorization/policyDefinitions","name":"13fcf812-ec82-4eda-9b89-498de9efd620"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs in which the Administrators group contains
any of the specified members","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4266,14 +5498,22 @@ interactions:
to exclude","description":"A semicolon-separated list of members that should
be excluded in the Administrators local group. Ex: Administrator; myUser1;
myUser2"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AdministratorsGroupMembersToExclude","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[LocalGroup]AdministratorsGroup;MembersToExclude'',
- ''='', parameters(''MembersToExclude'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AdministratorsGroupMembersToExclude"},"MembersToExclude":{"value":"[parameters(''MembersToExclude'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"MembersToExclude":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToExclude","value":"[parameters(''MembersToExclude'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToExclude","value":"[parameters(''MembersToExclude'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","type":"Microsoft.Authorization/policyDefinitions","name":"144f1397-32f9-4598-8c88-118decc3ccba"},{"properties":{"displayName":"[Preview]:
+ ''='', parameters(''MembersToExclude'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AdministratorsGroupMembersToExclude"},"MembersToExclude":{"value":"[parameters(''MembersToExclude'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"MembersToExclude":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToExclude","value":"[parameters(''MembersToExclude'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToExclude","value":"[parameters(''MembersToExclude'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","type":"Microsoft.Authorization/policyDefinitions","name":"144f1397-32f9-4598-8c88-118decc3ccba"},{"properties":{"displayName":"Microsoft
+ Managed Control 1157 - Plan Of Action And Milestones","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1157"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/15495367-cf68-464c-bbc3-f53ca5227b7a","type":"Microsoft.Authorization/policyDefinitions","name":"15495367-cf68-464c-bbc3-f53ca5227b7a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1491 - Security Planning Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1491"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1571dd40-dafc-4ef4-8f55-16eba27efc7b","type":"Microsoft.Authorization/policyDefinitions","name":"1571dd40-dafc-4ef4-8f55-16eba27efc7b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1564 - System Development Life Cycle","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1564"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/157f0ef9-143f-496d-b8f9-f8c8eeaad801","type":"Microsoft.Authorization/policyDefinitions","name":"157f0ef9-143f-496d-b8f9-f8c8eeaad801"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not have a minimum password
age of 1 day","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4281,24 +5521,70 @@ interactions:
managed identity and deploys the VM extension for Guest Configuration. This
policy should only be used along with its corresponding audit policy in an
initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","type":"Microsoft.Authorization/policyDefinitions","name":"16390df4-2f73-4b42-af13-c801066763df"},{"properties":{"displayName":"Show
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","type":"Microsoft.Authorization/policyDefinitions","name":"16390df4-2f73-4b42-af13-c801066763df"},{"properties":{"displayName":"Microsoft
+ Managed Control 1662 - Fail In Known State","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1662"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/165cb91f-7ea8-4ab7-beaf-8636b98c9d15","type":"Microsoft.Authorization/policyDefinitions","name":"165cb91f-7ea8-4ab7-beaf-8636b98c9d15"},{"properties":{"displayName":"Microsoft
+ Managed Control 1684 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1684"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16bfdb59-db38-47a5-88a9-2e9371a638cf","type":"Microsoft.Authorization/policyDefinitions","name":"16bfdb59-db38-47a5-88a9-2e9371a638cf"},{"properties":{"displayName":"Show
audit results from Windows VMs that do not have the specified Windows PowerShell
modules installed","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that do not have the specified Windows PowerShell
modules installed. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellModules","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16f9b37c-4408-4c30-bc17-254958f2e2d6","type":"Microsoft.Authorization/policyDefinitions","name":"16f9b37c-4408-4c30-bc17-254958f2e2d6"},{"properties":{"displayName":"Transparent
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellModules","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16f9b37c-4408-4c30-bc17-254958f2e2d6","type":"Microsoft.Authorization/policyDefinitions","name":"16f9b37c-4408-4c30-bc17-254958f2e2d6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1103 - Audit Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1103"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16feeb31-6377-437e-bbab-d7f73911896d","type":"Microsoft.Authorization/policyDefinitions","name":"16feeb31-6377-437e-bbab-d7f73911896d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1007 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1007"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17200329-bf6c-46d8-ac6d-abf4641c2add","type":"Microsoft.Authorization/policyDefinitions","name":"17200329-bf6c-46d8-ac6d-abf4641c2add"},{"properties":{"displayName":"Microsoft
+ Managed Control 1349 - Identification And Authentication (Non-Org. Users)
+ | Use Of FICAM-Approved Products","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1349"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17641f70-94cd-4a5d-a613-3d1143e20e34","type":"Microsoft.Authorization/policyDefinitions","name":"17641f70-94cd-4a5d-a613-3d1143e20e34"},{"properties":{"displayName":"Deploy
+ associations for a managed application","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ an association resource that associates selected resource types to the specified
+ managed application. This policy deployment does not support nested resource
+ types.","metadata":{"category":"Managed Application"},"parameters":{"targetManagedApplicationId":{"type":"String","metadata":{"displayName":"Managed
+ application Id","description":"Resource ID of the managed application to which
+ resources need to be associated."}},"resourceTypesToAssociate":{"type":"Array","metadata":{"displayName":"Resource
+ types to associate","description":"The list of resource types to be associated
+ to the managed application.","strongType":"resourceTypes"}},"associationNamePrefix":{"type":"String","metadata":{"displayName":"Association
+ name prefix","description":"Prefix to be added to the name of the association
+ resource being created."},"defaultValue":"DeployedByPolicy"}},"policyRule":{"if":{"field":"type","in":"[parameters(''resourceTypesToAssociate'')]"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.CustomProviders/Associations","name":"[concat(parameters(''associationNamePrefix''),
+ ''-'', uniqueString(parameters(''targetManagedApplicationId'')))]","roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"associatedResourceName":{"type":"string"},"resourceTypesToAssociate":{"type":"string"},"targetManagedApplicationId":{"type":"string"},"associationNamePrefix":{"type":"string"}},"variables":{"resourceType":"[concat(parameters(''resourceTypesToAssociate''),
+ ''/providers/associations'')]","resourceName":"[concat(parameters(''associatedResourceName''),
+ ''/microsoft.customproviders/'', parameters(''associationNamePrefix''), ''-'',
+ uniqueString(parameters(''targetManagedApplicationId'')))]"},"resources":[{"type":"Microsoft.Resources/deployments","apiVersion":"2017-05-10","name":"[concat(deployment().Name,
+ ''-2'')]","properties":{"mode":"Incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[{"type":"[variables(''resourceType'')]","name":"[variables(''resourceName'')]","apiVersion":"2018-09-01-preview","properties":{"targetResourceId":"[parameters(''targetManagedApplicationId'')]"}}]}}}]},"parameters":{"resourceTypesToAssociate":{"value":"[field(''type'')]"},"associatedResourceName":{"value":"[field(''name'')]"},"targetManagedApplicationId":{"value":"[parameters(''targetManagedApplicationId'')]"},"associationNamePrefix":{"value":"[parameters(''associationNamePrefix'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17763ad9-70c0-4794-9397-53d765932634","type":"Microsoft.Authorization/policyDefinitions","name":"17763ad9-70c0-4794-9397-53d765932634"},{"properties":{"displayName":"Transparent
Data Encryption on SQL databases should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
transparent data encryption status for SQL databases","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"enabled"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"17k78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"Azure
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"enabled"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"17k78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"Microsoft
+ Managed Control 1325 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1325"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1845796a-7581-49b2-ae20-443121538e19","type":"Microsoft.Authorization/policyDefinitions","name":"1845796a-7581-49b2-ae20-443121538e19"},{"properties":{"displayName":"Microsoft
+ Managed Control 1480 - Temperature And Humidity Controls","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1480"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/18a767cc-1947-4338-a240-bc058c81164f","type":"Microsoft.Authorization/policyDefinitions","name":"18a767cc-1947-4338-a240-bc058c81164f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1369 - Incident Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1369"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/18cc35ed-a429-486d-8d59-cb47e87304ed","type":"Microsoft.Authorization/policyDefinitions","name":"18cc35ed-a429-486d-8d59-cb47e87304ed"},{"properties":{"displayName":"Microsoft
+ Managed Control 1269 - Alternate Storage Site | Separation From Primary Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1269"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/19b9439d-865d-4474-b17d-97d2702fdb66","type":"Microsoft.Authorization/policyDefinitions","name":"19b9439d-865d-4474-b17d-97d2702fdb66"},{"properties":{"displayName":"Microsoft
+ Managed Control 1071 - Wireless Access | Restrict Configurations By Users","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1071"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1a437f5b-9ad6-4f28-8861-de404d511ae4","type":"Microsoft.Authorization/policyDefinitions","name":"1a437f5b-9ad6-4f28-8861-de404d511ae4"},{"properties":{"displayName":"Azure
Monitor log profile should collect logs for categories ''write,'' ''delete,''
and ''action''","policyType":"BuiltIn","mode":"All","description":"This policy
ensures that a log profile collects logs for categories ''write,'' ''delete,''
@@ -4313,7 +5599,16 @@ interactions:
SQL managed instances which do not have recurring vulnerability assessment
scans enabled. Vulnerability assessment can discover, track, and help you
remediate potential database vulnerabilities.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/vulnerabilityAssessments/recurringScans.isEnabled","equals":"True"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","type":"Microsoft.Authorization/policyDefinitions","name":"1b7aa243-30e4-4c9e-bca8-d0d3022b634a"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/vulnerabilityAssessments/recurringScans.isEnabled","equals":"True"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","type":"Microsoft.Authorization/policyDefinitions","name":"1b7aa243-30e4-4c9e-bca8-d0d3022b634a"},{"properties":{"displayName":"Ensure
+ that ''PHP version'' is the latest, if used as a part of the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for PHP software either due to security flaws
+ or to include additional functionality. Using the latest PHP version for API
+ apps is recommended in order to to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ PHP version","description":"Latest supported PHP version for App Services"},"defaultValue":"7.3"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PHP"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PHP|'',
+ parameters(''PHPLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":"[parameters(''PHPLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","type":"Microsoft.Authorization/policyDefinitions","name":"1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba"},{"properties":{"displayName":"[Preview]:
Deploy Dependency Agent for Windows VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined
and the agent is not installed. The list of OS images will be updated over
@@ -4321,21 +5616,44 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentWindows","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''),
''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","type":"Microsoft.Authorization/policyDefinitions","name":"1c210e94-a481-4beb-95fa-1571b434fb04"},{"properties":{"displayName":"Virtual
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","type":"Microsoft.Authorization/policyDefinitions","name":"1c210e94-a481-4beb-95fa-1571b434fb04"},{"properties":{"displayName":"Microsoft
+ Managed Control 1072 - Wireless Access | Antennas / Transmission Power Levels","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1072"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1ca29e41-34ec-4e70-aba9-6248aca18c31","type":"Microsoft.Authorization/policyDefinitions","name":"1ca29e41-34ec-4e70-aba9-6248aca18c31"},{"properties":{"displayName":"Microsoft
+ Managed Control 1656 - Secure Name / Address Resolution Service (Authoritative
+ Source)","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1656"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1cb067d5-c8b5-4113-a7ee-0a493633924b","type":"Microsoft.Authorization/policyDefinitions","name":"1cb067d5-c8b5-4113-a7ee-0a493633924b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1592 - External Information System Services | Consistent Interests
+ Of Consumers And Providers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1592"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d01ba6c-289f-42fd-a408-494b355b6222","type":"Microsoft.Authorization/policyDefinitions","name":"1d01ba6c-289f-42fd-a408-494b355b6222"},{"properties":{"displayName":"Microsoft
+ Managed Control 1088 - Security Awareness And Training Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1088"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d50f99d-1356-49c0-934a-45f742ba7783","type":"Microsoft.Authorization/policyDefinitions","name":"1d50f99d-1356-49c0-934a-45f742ba7783"},{"properties":{"displayName":"Microsoft
+ Managed Control 1538 - Security Categorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1538"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d7658b2-e827-49c3-a2ae-6d2bd0b45874","type":"Microsoft.Authorization/policyDefinitions","name":"1d7658b2-e827-49c3-a2ae-6d2bd0b45874"},{"properties":{"displayName":"Virtual
machines should be migrated to new Azure Resource Manager resources","policyType":"BuiltIn","mode":"All","description":"Use
new Azure Resource Manager for your virtual machines to provide security enhancements
such as: stronger access control (RBAC), better auditing, ARM-based deployment
and governance, access to managed identities, access to key vault for secrets,
Azure AD-based authentication and support for tags and resource groups for
easier security management","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.classicCompute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","type":"Microsoft.Authorization/policyDefinitions","name":"1d84d5fb-01f6-4d12-ba4f-4a26081d403d"},{"properties":{"displayName":"[Deprecated]:
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.ClassicCompute/virtualMachines","Microsoft.Compute/virtualMachines"]},{"value":"[field(''type'')]","equals":"Microsoft.ClassicCompute/virtualMachines"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","type":"Microsoft.Authorization/policyDefinitions","name":"1d84d5fb-01f6-4d12-ba4f-4a26081d403d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1298 - Identification And Authentication Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1298"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1dc784b5-4895-4d27-9d40-a06b032bd1ee","type":"Microsoft.Authorization/policyDefinitions","name":"1dc784b5-4895-4d27-9d40-a06b032bd1ee"},{"properties":{"displayName":"[Deprecated]:
Audit API Applications that are not using latest supported .NET Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported .NET Framework version for the latest security classes.
Using older classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestDotNet","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb","type":"Microsoft.Authorization/policyDefinitions","name":"1de7b11d-1870-41a5-8181-507e7c663cfb"},{"properties":{"displayName":"Require
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestDotNet","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb","type":"Microsoft.Authorization/policyDefinitions","name":"1de7b11d-1870-41a5-8181-507e7c663cfb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1595 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1595"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1e0414e7-6ef5-4182-8076-aa82fbb53341","type":"Microsoft.Authorization/policyDefinitions","name":"1e0414e7-6ef5-4182-8076-aa82fbb53341"},{"properties":{"displayName":"Require
tag and its value","policyType":"BuiltIn","mode":"Indexed","description":"Enforces
- a required tag and its value. Does not apply to resource groups.","metadata":{"category":"General"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ a required tag and its value. Does not apply to resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"not":{"field":"[concat(''tags['',
parameters(''tagName''), '']'')]","equals":"[parameters(''tagValue'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62","type":"Microsoft.Authorization/policyDefinitions","name":"1e30110a-5ceb-460c-a204-c1c3969c6d62"},{"properties":{"displayName":"An
@@ -4344,7 +5662,22 @@ interactions:
to enable Azure AD authentication. Azure AD authentication enables simplified
permission management and centralized identity management of database users
and other Microsoft services","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/administrators"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","type":"Microsoft.Authorization/policyDefinitions","name":"1f314764-cb73-4fc9-b863-8eca98ac36e9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/administrators"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","type":"Microsoft.Authorization/policyDefinitions","name":"1f314764-cb73-4fc9-b863-8eca98ac36e9"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Event Hub to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Event Hub to stream to a regional Log Analytics
+ workspace when any Event Hub which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.EventHub/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ArchiveLogs","enabled":true,"retentionPolicy":{"enabled":false,"days":0}},{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"AutoScaleLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"KafkaCoordinatorLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"EventHubVNetConnectionEvent","enabled":"[parameters(''logsEnabled'')]"},{"category":"CustomerManagedKeyUserLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579","type":"Microsoft.Authorization/policyDefinitions","name":"1f6e93e8-6b31-41b1-83f6-36e449a42579"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Shutdown''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4369,24 +5702,47 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Shutdown:
Allow system to be shut down without having to log on;ExpectedValue","value":"[parameters(''ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn'')]"},{"name":"Shutdown:
Clear virtual memory pagefile;ExpectedValue","value":"[parameters(''ShutdownClearVirtualMemoryPagefile'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f8c20ce-3414-4496-8b26-0e902a1541da","type":"Microsoft.Authorization/policyDefinitions","name":"1f8c20ce-3414-4496-8b26-0e902a1541da"},{"properties":{"displayName":"The
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f8c20ce-3414-4496-8b26-0e902a1541da","type":"Microsoft.Authorization/policyDefinitions","name":"1f8c20ce-3414-4496-8b26-0e902a1541da"},{"properties":{"displayName":"Microsoft
+ Managed Control 1616 - System And Communications Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1616"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2006457a-48b3-4f7b-8d2e-1532287f9929","type":"Microsoft.Authorization/policyDefinitions","name":"2006457a-48b3-4f7b-8d2e-1532287f9929"},{"properties":{"displayName":"Microsoft
+ Managed Control 1650 - Public Key Infrastructure Certificates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1650"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/201d3740-bd16-4baf-b4b8-7cda352228b7","type":"Microsoft.Authorization/policyDefinitions","name":"201d3740-bd16-4baf-b4b8-7cda352228b7"},{"properties":{"displayName":"The
NSGs rules for web applications on IaaS should be hardened","policyType":"BuiltIn","mode":"All","description":"Azure
security center has discovered that some of your virtual machines are running
web applications, and the NSGs associated to these virtual machines are overly
permissive with regards to the web application ports","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedWebApplication","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","type":"Microsoft.Authorization/policyDefinitions","name":"201ea587-7c90-41c3-910f-c280ae01cfd6"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedWebApplication","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","type":"Microsoft.Authorization/policyDefinitions","name":"201ea587-7c90-41c3-910f-c280ae01cfd6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1181 - Baseline Configuration | Retention Of Previous Configurations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1181"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21839937-d241-4fa5-95c6-b669253d9ab9","type":"Microsoft.Authorization/policyDefinitions","name":"21839937-d241-4fa5-95c6-b669253d9ab9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1111 - Response To Audit Processing Failures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1111"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21de687c-f15e-4e51-bf8d-f35c8619965b","type":"Microsoft.Authorization/policyDefinitions","name":"21de687c-f15e-4e51-bf8d-f35c8619965b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1596 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1596"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21e25e01-0ae0-41be-919e-04ce92b8e8b8","type":"Microsoft.Authorization/policyDefinitions","name":"21e25e01-0ae0-41be-919e-04ce92b8e8b8"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Audit''","policyType":"BuiltIn","mode":"All","description":"This policy should
only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Security
Options - Audit''. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAudit","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21e2995e-683e-497a-9e81-2f42ad07050a","type":"Microsoft.Authorization/policyDefinitions","name":"21e2995e-683e-497a-9e81-2f42ad07050a"},{"properties":{"displayName":"[Deprecated]:
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAudit","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21e2995e-683e-497a-9e81-2f42ad07050a","type":"Microsoft.Authorization/policyDefinitions","name":"21e2995e-683e-497a-9e81-2f42ad07050a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1426 - Media Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1426"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21f639bc-f42b-46b1-8f40-7a2a389c291a","type":"Microsoft.Authorization/policyDefinitions","name":"21f639bc-f42b-46b1-8f40-7a2a389c291a"},{"properties":{"displayName":"[Deprecated]:
Audit API Apps that are not using custom domains","policyType":"BuiltIn","mode":"All","description":"Use
of custom domains protects a API app from common attacks such as phishing
and other DNS-related attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac","type":"Microsoft.Authorization/policyDefinitions","name":"224da9fe-0d38-4e79-adb3-0a6e2af942ac"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac","type":"Microsoft.Authorization/policyDefinitions","name":"224da9fe-0d38-4e79-adb3-0a6e2af942ac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1399 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1399"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2256e638-eb23-480f-9e15-6cf1af0a76b3","type":"Microsoft.Authorization/policyDefinitions","name":"2256e638-eb23-480f-9e15-6cf1af0a76b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1221 - Least Functionality | Authorized Software / Whitelisting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1221"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22589a07-0007-486a-86ca-95355081ae2a","type":"Microsoft.Authorization/policyDefinitions","name":"22589a07-0007-486a-86ca-95355081ae2a"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Account Management''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -4399,7 +5755,9 @@ interactions:
remote management ports are exposing your VM to a high level of risk from
Internet-based attacks. These attacks attempt to brute force credentials to
gain admin access to the machine.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"restrictAccessToManagementPorts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","type":"Microsoft.Authorization/policyDefinitions","name":"22730e10-96f6-4aac-ad84-9383d35b5917"},{"properties":{"displayName":"Only
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"restrictAccessToManagementPorts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","type":"Microsoft.Authorization/policyDefinitions","name":"22730e10-96f6-4aac-ad84-9383d35b5917"},{"properties":{"displayName":"Microsoft
+ Managed Control 1493 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1493"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22b469b3-fccf-42da-aa3b-a28e6fb113ce","type":"Microsoft.Authorization/policyDefinitions","name":"22b469b3-fccf-42da-aa3b-a28e6fb113ce"},{"properties":{"displayName":"Only
secure connections to your Redis Cache should be enabled","policyType":"BuiltIn","mode":"All","description":"Audit
enabling of only connections via SSL to Redis Cache. Use of secure connections
ensures authentication between the server and the service and protects data
@@ -4414,33 +5772,99 @@ interactions:
Guest Configuration. This policy should only be used along with its corresponding
audit policy in an initiative. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordLength"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","type":"Microsoft.Authorization/policyDefinitions","name":"23020aa6-1135-4be2-bae2-149982b06eca"},{"properties":{"displayName":"[Preview]:
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordLength"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","type":"Microsoft.Authorization/policyDefinitions","name":"23020aa6-1135-4be2-bae2-149982b06eca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1256 - Contingency Plan | Identify Critical Assets","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1256"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/232ab24b-810b-4640-9019-74a7d0d6a980","type":"Microsoft.Authorization/policyDefinitions","name":"232ab24b-810b-4640-9019-74a7d0d6a980"},{"properties":{"displayName":"Service
+ Bus should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Service Bus not configured to use a virtual network service
+ endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.ServiceBus/namespaces/virtualNetworkRules","existenceCondition":{"field":"Microsoft.ServiceBus/namespaces/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/235359c5-7c52-4b82-9055-01c75cf9f60e","type":"Microsoft.Authorization/policyDefinitions","name":"235359c5-7c52-4b82-9055-01c75cf9f60e"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Stream Analytics to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Stream Analytics to stream to a regional Log Analytics
+ workspace when any Stream Analytics which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingjobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.StreamAnalytics/streamingjobs/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Execution","enabled":"[parameters(''logsEnabled'')]"},{"category":"Authoring","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673","type":"Microsoft.Authorization/policyDefinitions","name":"237e0f7e-b0e8-4ec4-ad46-8c12cb66d673"},{"properties":{"displayName":"Microsoft
+ Managed Control 1268 - Alternate Storage Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1268"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/23f6e984-3053-4dfc-ab48-543b764781f5","type":"Microsoft.Authorization/policyDefinitions","name":"23f6e984-3053-4dfc-ab48-543b764781f5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1122 - Audit Review, Analysis, And Reporting | Permitted Actions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1122"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/243ec95e-800c-49d4-ba52-1fdd9f6b8b57","type":"Microsoft.Authorization/policyDefinitions","name":"243ec95e-800c-49d4-ba52-1fdd9f6b8b57"},{"properties":{"displayName":"Microsoft
+ Managed Control 1231 - Configuration Management Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1231"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/244e0c05-cc45-4fe7-bf36-42dcf01f457d","type":"Microsoft.Authorization/policyDefinitions","name":"244e0c05-cc45-4fe7-bf36-42dcf01f457d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1082 - Information Sharing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1082"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/24d480ef-11a0-4b1b-8e70-4e023bf2be23","type":"Microsoft.Authorization/policyDefinitions","name":"24d480ef-11a0-4b1b-8e70-4e023bf2be23"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that do not have a maximum password age
of 70 days","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that do not have a maximum password age of 70 days. For more
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","type":"Microsoft.Authorization/policyDefinitions","name":"24dde96d-f0b1-425e-884f-4a1421e2dcdc"},{"properties":{"displayName":"Endpoint
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","type":"Microsoft.Authorization/policyDefinitions","name":"24dde96d-f0b1-425e-884f-4a1421e2dcdc"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Data Lake Storage Gen1 to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Storage Gen1 to stream to a regional
+ Log Analytics workspace when any Data Lake Storage Gen1 which is missing this
+ diagnostic settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeStore/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/25763a0a-5783-4f14-969e-79d4933eb74b","type":"Microsoft.Authorization/policyDefinitions","name":"25763a0a-5783-4f14-969e-79d4933eb74b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1372 - Incident Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1372"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/25b96717-c912-4c00-9143-4e487f411726","type":"Microsoft.Authorization/policyDefinitions","name":"25b96717-c912-4c00-9143-4e487f411726"},{"properties":{"displayName":"Microsoft
+ Managed Control 1038 - Least Privilege | Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1038"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26692e88-71b7-4a5f-a8ac-9f31dd05bd8e","type":"Microsoft.Authorization/policyDefinitions","name":"26692e88-71b7-4a5f-a8ac-9f31dd05bd8e"},{"properties":{"displayName":"Endpoint
protection solution should be installed on virtual machine scale sets","policyType":"BuiltIn","mode":"Indexed","description":"Audit
the existence and health of an endpoint protection solution on your virtual
machines scale sets, to protect them from threats and vulnerabilities.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EndpointProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","type":"Microsoft.Authorization/policyDefinitions","name":"26a828e1-e88f-464e-bbb3-c134a282b9de"},{"properties":{"displayName":"Metric
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EndpointProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","type":"Microsoft.Authorization/policyDefinitions","name":"26a828e1-e88f-464e-bbb3-c134a282b9de"},{"properties":{"displayName":"Microsoft
+ Managed Control 1649 - Collaborative Computing Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1649"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26d292cc-b0b8-4c29-9337-68abc758bf7b","type":"Microsoft.Authorization/policyDefinitions","name":"26d292cc-b0b8-4c29-9337-68abc758bf7b"},{"properties":{"displayName":"Metric
alert rules should be configured on Batch accounts","policyType":"BuiltIn","mode":"Indexed","description":"Audit
configuration of metric alert rules on Batch account to enable the required
metric","metadata":{"category":"Batch"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"metricName":{"type":"String","metadata":{"displayName":"Metric
name","description":"The metric name that an alert rule must be enabled on"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Batch/batchAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/alertRules","existenceScope":"Subscription","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/alertRules/isEnabled","equals":"true"},{"field":"Microsoft.Insights/alertRules/condition.dataSource.metricName","equals":"[parameters(''metricName'')]"},{"field":"Microsoft.Insights/alertRules/condition.dataSource.resourceUri","equals":"[concat(''/subscriptions/'',
subscription().subscriptionId, ''/resourcegroups/'', resourceGroup().name,
- ''/providers/Microsoft.Batch/batchAccounts/'', field(''name''))]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","type":"Microsoft.Authorization/policyDefinitions","name":"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7"},{"properties":{"displayName":"Deploy
+ ''/providers/Microsoft.Batch/batchAccounts/'', field(''name''))]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","type":"Microsoft.Authorization/policyDefinitions","name":"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1396 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1396"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/276af98f-4ff9-4e69-99fb-c9b2452fb85f","type":"Microsoft.Authorization/policyDefinitions","name":"276af98f-4ff9-4e69-99fb-c9b2452fb85f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1074 - Access Control For Mobile Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1074"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/27a69937-af92-4198-9b86-08d355c7e59a","type":"Microsoft.Authorization/policyDefinitions","name":"27a69937-af92-4198-9b86-08d355c7e59a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1527 - Access Agreements","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1527"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2823de66-332f-4bfd-94a3-3eb036cd3b67","type":"Microsoft.Authorization/policyDefinitions","name":"2823de66-332f-4bfd-94a3-3eb036cd3b67"},{"properties":{"displayName":"Deploy
default Microsoft IaaSAntimalware extension for Windows Server","policyType":"BuiltIn","mode":"Indexed","description":"This
policy deploys a Microsoft IaaSAntimalware extension with a default configuration
when a VM is not configured with the antimalware extension.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk"]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"ExclusionsPaths":{"type":"string","defaultValue":"","metadata":{"description":"Semicolon
@@ -4452,7 +5876,25 @@ interactions:
whether scheduled scan setting type is set to Quick or Full (default is Quick)"}},"ScheduledScanSettingsDay":{"type":"string","defaultValue":"7","metadata":{"description":"Day
of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)"}},"ScheduledScanSettingsTime":{"type":"string","defaultValue":"120","metadata":{"description":"When
to perform the scheduled scan, measured in minutes from midnight (0-1440).
- For example: 0 = 12AM, 60 = 1AM, 120 = 2AM."}}},"resources":[{"name":"[concat(parameters(''vmName''),''/IaaSAntimalware'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2017-12-01","properties":{"publisher":"Microsoft.Azure.Security","type":"IaaSAntimalware","typeHandlerVersion":"1.3","autoUpgradeMinorVersion":true,"settings":{"AntimalwareEnabled":true,"RealtimeProtectionEnabled":"[parameters(''RealtimeProtectionEnabled'')]","ScheduledScanSettings":{"isEnabled":"[parameters(''ScheduledScanSettingsIsEnabled'')]","day":"[parameters(''ScheduledScanSettingsDay'')]","time":"[parameters(''ScheduledScanSettingsTime'')]","scanType":"[parameters(''ScheduledScanSettingsScanType'')]"},"Exclusions":{"Extensions":"[parameters(''ExclusionsExtensions'')]","Paths":"[parameters(''ExclusionsPaths'')]","Processes":"[parameters(''ExclusionsProcesses'')]"}}}}]},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"RealtimeProtectionEnabled":{"value":"true"},"ScheduledScanSettingsIsEnabled":{"value":"true"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc","type":"Microsoft.Authorization/policyDefinitions","name":"2835b622-407b-4114-9198-6f7064cbe0dc"},{"properties":{"displayName":"[Preview]:
+ For example: 0 = 12AM, 60 = 1AM, 120 = 2AM."}}},"resources":[{"name":"[concat(parameters(''vmName''),''/IaaSAntimalware'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2017-12-01","properties":{"publisher":"Microsoft.Azure.Security","type":"IaaSAntimalware","typeHandlerVersion":"1.3","autoUpgradeMinorVersion":true,"settings":{"AntimalwareEnabled":true,"RealtimeProtectionEnabled":"[parameters(''RealtimeProtectionEnabled'')]","ScheduledScanSettings":{"isEnabled":"[parameters(''ScheduledScanSettingsIsEnabled'')]","day":"[parameters(''ScheduledScanSettingsDay'')]","time":"[parameters(''ScheduledScanSettingsTime'')]","scanType":"[parameters(''ScheduledScanSettingsScanType'')]"},"Exclusions":{"Extensions":"[parameters(''ExclusionsExtensions'')]","Paths":"[parameters(''ExclusionsPaths'')]","Processes":"[parameters(''ExclusionsProcesses'')]"}}}}]},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"RealtimeProtectionEnabled":{"value":"true"},"ScheduledScanSettingsIsEnabled":{"value":"true"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc","type":"Microsoft.Authorization/policyDefinitions","name":"2835b622-407b-4114-9198-6f7064cbe0dc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1342 - Authenticator Management | Hardware Token-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1342"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/283a4e29-69d5-4c94-b99e-29acf003c899","type":"Microsoft.Authorization/policyDefinitions","name":"283a4e29-69d5-4c94-b99e-29acf003c899"},{"properties":{"displayName":"Microsoft
+ Managed Control 1436 - Media Transport","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1436"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/28aab8b4-74fd-4b7c-9080-5a7be525d574","type":"Microsoft.Authorization/policyDefinitions","name":"28aab8b4-74fd-4b7c-9080-5a7be525d574"},{"properties":{"displayName":"Microsoft
+ Managed Control 1224 - Information System Component Inventory | Updates During
+ Installations / Removals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1224"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/28cfa30b-7f72-47ce-ba3b-eed26c8d2c82","type":"Microsoft.Authorization/policyDefinitions","name":"28cfa30b-7f72-47ce-ba3b-eed26c8d2c82"},{"properties":{"displayName":"Microsoft
+ Managed Control 1148 - Security Assessments | Independent Assessors","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1148"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/28e62650-c7c2-4786-bdfa-17edc1673902","type":"Microsoft.Authorization/policyDefinitions","name":"28e62650-c7c2-4786-bdfa-17edc1673902"},{"properties":{"displayName":"Microsoft
+ Managed Control 1418 - Nonlocal Maintenance | Comparable Security / Sanitization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1418"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/28e633fd-284e-4ea7-88b4-02ca157ed713","type":"Microsoft.Authorization/policyDefinitions","name":"28e633fd-284e-4ea7-88b4-02ca157ed713"},{"properties":{"displayName":"Microsoft
+ Managed Control 1634 - Boundary Protection | Prevent Unauthorized Exfiltration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1634"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/292a7c44-37fa-4c68-af7c-9d836955ded2","type":"Microsoft.Authorization/policyDefinitions","name":"292a7c44-37fa-4c68-af7c-9d836955ded2"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
User Account Control''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -4465,14 +5907,62 @@ interactions:
the specified tag and value when any resource which is missing this tag is
created or updated. Does not modify the tags of resources created before this
policy was applied until those resources are changed. Does not apply to resource
- groups.","metadata":{"category":"General"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ groups. New ''modify'' effect policies are available that support remediation
+ of tags on existing resources (see https://aka.ms/modifydoc).","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"field":"[concat(''tags['',
parameters(''tagName''), '']'')]","exists":"false"},"then":{"effect":"append","details":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498","type":"Microsoft.Authorization/policyDefinitions","name":"2a0e14a6-b0a6-4fab-991a-187a4f81c498"},{"properties":{"displayName":"Unattached
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498","type":"Microsoft.Authorization/policyDefinitions","name":"2a0e14a6-b0a6-4fab-991a-187a4f81c498"},{"properties":{"displayName":"Microsoft
+ Managed Control 1219 - Least Functionality | Authorized Software / Whitelisting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1219"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2a39ac75-622b-4c88-9a3f-45b7373f7ef7","type":"Microsoft.Authorization/policyDefinitions","name":"2a39ac75-622b-4c88-9a3f-45b7373f7ef7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1274 - Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1274"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2aee175f-cd16-4825-939a-a85349d96210","type":"Microsoft.Authorization/policyDefinitions","name":"2aee175f-cd16-4825-939a-a85349d96210"},{"properties":{"displayName":"Microsoft
+ Managed Control 1603 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1603"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2b909c26-162f-47ce-8e15-0c1f55632eac","type":"Microsoft.Authorization/policyDefinitions","name":"2b909c26-162f-47ce-8e15-0c1f55632eac"},{"properties":{"displayName":"Managed
+ identity should be used in your Web App","policyType":"BuiltIn","mode":"Indexed","description":"Use
+ a managed identity for enhanced authentication security","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332","type":"Microsoft.Authorization/policyDefinitions","name":"2b9ad585-36bc-4615-b300-fd4435808332"},{"properties":{"displayName":"Microsoft
+ Managed Control 1434 - Media Transport","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1434"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c18f06b-a68d-41c3-8863-b8cd3acb5f8f","type":"Microsoft.Authorization/policyDefinitions","name":"2c18f06b-a68d-41c3-8863-b8cd3acb5f8f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1343 - Authenticator Management | Expiration Of Cached Authenticators","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1343"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c251a55-31eb-4e53-99c6-e9c43c393ac2","type":"Microsoft.Authorization/policyDefinitions","name":"2c251a55-31eb-4e53-99c6-e9c43c393ac2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1388 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1388"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c7c575a-d4c5-4f6f-bd49-dee97a8cba55","type":"Microsoft.Authorization/policyDefinitions","name":"2c7c575a-d4c5-4f6f-bd49-dee97a8cba55"},{"properties":{"displayName":"Microsoft
+ Managed Control 1344 - Authenticator Feedback","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1344"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c895fe7-2d8e-43a2-838c-3a533a5b355e","type":"Microsoft.Authorization/policyDefinitions","name":"2c895fe7-2d8e-43a2-838c-3a533a5b355e"},{"properties":{"displayName":"Unattached
disks should be encrypted","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any unattached disk without encryption enabled.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/disks"},{"field":"Microsoft.Compute/disks/diskState","equals":"Unattached"},{"anyOf":[{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","exists":"false"},{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","type":"Microsoft.Authorization/policyDefinitions","name":"2c89a2e5-7285-40fe-afe0-ae8654b92fb2"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/disks"},{"field":"Microsoft.Compute/disks/diskState","equals":"Unattached"},{"anyOf":[{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","exists":"false"},{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","type":"Microsoft.Authorization/policyDefinitions","name":"2c89a2e5-7285-40fe-afe0-ae8654b92fb2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1593 - External Information System Services | Processing,
+ Storage, And Service Location","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1593"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2cd0a426-b5f5-4fe0-9539-a6043cdbc6fa","type":"Microsoft.Authorization/policyDefinitions","name":"2cd0a426-b5f5-4fe0-9539-a6043cdbc6fa"},{"properties":{"displayName":"Microsoft
+ Managed Control 1546 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1546"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2ce1ea7e-4038-4e53-82f4-63e8859333c1","type":"Microsoft.Authorization/policyDefinitions","name":"2ce1ea7e-4038-4e53-82f4-63e8859333c1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1414 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1414"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2ce63a52-e47b-4ae2-adbb-6e40d967f9e6","type":"Microsoft.Authorization/policyDefinitions","name":"2ce63a52-e47b-4ae2-adbb-6e40d967f9e6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1679 - Malicious Code Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1679"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2cf42a28-193e-41c5-98df-7688e7ef0a88","type":"Microsoft.Authorization/policyDefinitions","name":"2cf42a28-193e-41c5-98df-7688e7ef0a88"},{"properties":{"displayName":"Microsoft
+ Managed Control 1068 - Wireless Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1068"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d045bca-a0fd-452e-9f41-4ec33769717c","type":"Microsoft.Authorization/policyDefinitions","name":"2d045bca-a0fd-452e-9f41-4ec33769717c"},{"properties":{"displayName":"App
+ Service should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any App Service not configured to use a virtual network service
+ endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/virtualNetworkConnections","existenceCondition":{"field":"Microsoft.Web/sites/virtualnetworkconnections/vnetResourceId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d21331d-a4c2-4def-a9ad-ee4e1e023beb","type":"Microsoft.Authorization/policyDefinitions","name":"2d21331d-a4c2-4def-a9ad-ee4e1e023beb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1704 - Security Alerts, Advisories, And Directives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1704"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d44b6fa-1134-4ea6-ad4e-9edb68f65429","type":"Microsoft.Authorization/policyDefinitions","name":"2d44b6fa-1134-4ea6-ad4e-9edb68f65429"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that do not store passwords using reversible
encryption","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
@@ -4486,7 +5976,35 @@ interactions:
initiative. This definition allows Azure Policy to process the results of
auditing Linux virtual machines that allow remote connections from accounts
without passwords. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","type":"Microsoft.Authorization/policyDefinitions","name":"2d67222d-05fd-4526-a171-2ee132ad9e83"},{"properties":{"displayName":"[Deprecated]:
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","type":"Microsoft.Authorization/policyDefinitions","name":"2d67222d-05fd-4526-a171-2ee132ad9e83"},{"properties":{"displayName":"Microsoft
+ Managed Control 1077 - Use Of External Information Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1077"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2dad3668-797a-412e-a798-07d3849a7a79","type":"Microsoft.Authorization/policyDefinitions","name":"2dad3668-797a-412e-a798-07d3849a7a79"},{"properties":{"displayName":"Microsoft
+ Managed Control 1149 - Security Assessments | Specialized Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1149"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2e1b855b-a013-481a-aeeb-2bcb129fd35d","type":"Microsoft.Authorization/policyDefinitions","name":"2e1b855b-a013-481a-aeeb-2bcb129fd35d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1497 - System Security Plan | Plan / Coordinate With Other
+ Organizational Entities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1497"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2e3c5583-1729-4d36-8771-59c32f090a22","type":"Microsoft.Authorization/policyDefinitions","name":"2e3c5583-1729-4d36-8771-59c32f090a22"},{"properties":{"displayName":"Microsoft
+ Managed Control 1000 - Access Control Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1000"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2ef3cc79-733e-48ed-ab6f-7bf439e9b406","type":"Microsoft.Authorization/policyDefinitions","name":"2ef3cc79-733e-48ed-ab6f-7bf439e9b406"},{"properties":{"displayName":"Microsoft
+ Managed Control 1519 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1519"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2f13915a-324c-4ab8-b45c-2eefeeefb098","type":"Microsoft.Authorization/policyDefinitions","name":"2f13915a-324c-4ab8-b45c-2eefeeefb098"},{"properties":{"displayName":"[Preview]:
+ Network traffic data collection agent should be installed on Windows virtual
+ machines","policyType":"BuiltIn","mode":"Indexed","description":"Security
+ Center uses the Microsoft Monitoring Dependency Agent to collect network traffic
+ data from your Azure virtual machines to enable advanced network protection
+ features such as traffic visualization on the network map, network hardening
+ recommendations and specific network threats.","metadata":{"category":"Monitoring","preview":"true"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable Dependency Agent for Windows VMs monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2f2ee1de-44aa-4762-b6bd-0893fc3f306d","type":"Microsoft.Authorization/policyDefinitions","name":"2f2ee1de-44aa-4762-b6bd-0893fc3f306d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1144 - Security Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1144"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fa15ff1-a693-4ee4-b094-324818dc9a51","type":"Microsoft.Authorization/policyDefinitions","name":"2fa15ff1-a693-4ee4-b094-324818dc9a51"},{"properties":{"displayName":"Microsoft
+ Managed Control 1090 - Security Awareness Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1090"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fb740e5-cbc7-4d10-8686-d1bf826652b1","type":"Microsoft.Authorization/policyDefinitions","name":"2fb740e5-cbc7-4d10-8686-d1bf826652b1"},{"properties":{"displayName":"[Deprecated]:
Web Application should only be accessible over HTTPS","policyType":"BuiltIn","mode":"All","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"Security
@@ -4509,14 +6027,21 @@ interactions:
https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"DomainName":{"type":"String","metadata":{"displayName":"Domain
Name (FQDN)","description":"The fully qualified domain name (FQDN) that the
Windows VMs should be joined to"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDomainMembership","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[DomainMembership]WindowsDomainMembership;DomainName'',
- ''='', parameters(''DomainName'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDomainMembership"},"DomainName":{"value":"[parameters(''DomainName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"DomainName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[DomainMembership]WindowsDomainMembership;DomainName","value":"[parameters(''DomainName'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[DomainMembership]WindowsDomainMembership;DomainName","value":"[parameters(''DomainName'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/315c850a-272d-4502-8935-b79010405970","type":"Microsoft.Authorization/policyDefinitions","name":"315c850a-272d-4502-8935-b79010405970"},{"properties":{"displayName":"[Preview]:
+ ''='', parameters(''DomainName'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDomainMembership"},"DomainName":{"value":"[parameters(''DomainName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"DomainName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[DomainMembership]WindowsDomainMembership;DomainName","value":"[parameters(''DomainName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[DomainMembership]WindowsDomainMembership;DomainName","value":"[parameters(''DomainName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/315c850a-272d-4502-8935-b79010405970","type":"Microsoft.Authorization/policyDefinitions","name":"315c850a-272d-4502-8935-b79010405970"},{"properties":{"displayName":"Microsoft
+ Managed Control 1042 - Least Privilege | Auditing Use Of Privileged Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1042"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/319dc4f0-0fed-4ac9-8fc3-7aeddee82c07","type":"Microsoft.Authorization/policyDefinitions","name":"319dc4f0-0fed-4ac9-8fc3-7aeddee82c07"},{"properties":{"displayName":"Microsoft
+ Managed Control 1698 - Information System Monitoring | Individuals Posing
+ Greater Risk","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1698"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/31b752c1-05a9-432a-8fce-c39b56550119","type":"Microsoft.Authorization/policyDefinitions","name":"31b752c1-05a9-432a-8fce-c39b56550119"},{"properties":{"displayName":"[Preview]:
Audit Log Analytics Agent Deployment - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports
VMs as non-compliant if the VM Image (OS) is not in the list defined and the
agent is not installed. The list of OS images will be updated over time as
@@ -4524,7 +6049,13 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","type":"Microsoft.Authorization/policyDefinitions","name":"32133ab0-ee4b-4b44-98d6-042180979d50"},{"properties":{"displayName":"Deploy
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","type":"Microsoft.Authorization/policyDefinitions","name":"32133ab0-ee4b-4b44-98d6-042180979d50"},{"properties":{"displayName":"Microsoft
+ Managed Control 1587 - External Information System Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1587"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32820956-9c6d-4376-934c-05cd8525be7c","type":"Microsoft.Authorization/policyDefinitions","name":"32820956-9c6d-4376-934c-05cd8525be7c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1333 - Authenticator Management | Pki-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1333"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3298d6bf-4bc6-4278-a95d-f7ef3ac6e594","type":"Microsoft.Authorization/policyDefinitions","name":"3298d6bf-4bc6-4278-a95d-f7ef3ac6e594"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs on which the specified services are not
installed and ''Running''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4536,42 +6067,66 @@ interactions:
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"ServiceName":{"type":"String","metadata":{"displayName":"Service
names (supports wildcards)","description":"A semicolon-separated list of the
names of the services that should be installed and ''Running''. e.g. ''WinRm;Wi*''"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsServiceStatus","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[WindowsServiceStatus]WindowsServiceStatus1;ServiceName'',
- ''='', parameters(''ServiceName'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsServiceStatus"},"ServiceName":{"value":"[parameters(''ServiceName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ServiceName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsServiceStatus]WindowsServiceStatus1;ServiceName","value":"[parameters(''ServiceName'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsServiceStatus]WindowsServiceStatus1;ServiceName","value":"[parameters(''ServiceName'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32b1e4d4-6cd5-47b4-a935-169da8a5c262","type":"Microsoft.Authorization/policyDefinitions","name":"32b1e4d4-6cd5-47b4-a935-169da8a5c262"},{"properties":{"displayName":"[Preview]:
+ ''='', parameters(''ServiceName'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsServiceStatus"},"ServiceName":{"value":"[parameters(''ServiceName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ServiceName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsServiceStatus]WindowsServiceStatus1;ServiceName","value":"[parameters(''ServiceName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsServiceStatus]WindowsServiceStatus1;ServiceName","value":"[parameters(''ServiceName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32b1e4d4-6cd5-47b4-a935-169da8a5c262","type":"Microsoft.Authorization/policyDefinitions","name":"32b1e4d4-6cd5-47b4-a935-169da8a5c262"},{"properties":{"displayName":"Microsoft
+ Managed Control 1445 - Physical And Environmental Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1445"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32d07d59-2716-4972-b37b-214a67ac4a37","type":"Microsoft.Authorization/policyDefinitions","name":"32d07d59-2716-4972-b37b-214a67ac4a37"},{"properties":{"displayName":"Microsoft
+ Managed Control 1282 - Telecommunications Services | Single Points Of Failure","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1282"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34042a97-ec6d-4263-93d2-8c1c46823b2a","type":"Microsoft.Authorization/policyDefinitions","name":"34042a97-ec6d-4263-93d2-8c1c46823b2a"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Linux VMs that have accounts without passwords","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Linux virtual machines
that have accounts without passwords. It also creates a system-assigned managed
identity and deploys the VM extension for Guest Configuration. This policy
should only be used along with its corresponding audit policy in an initiative.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid232","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid232"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","type":"Microsoft.Authorization/policyDefinitions","name":"3470477a-b35a-49db-aca5-1073d04524fe"},{"properties":{"displayName":"Audit
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid232","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid232"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","type":"Microsoft.Authorization/policyDefinitions","name":"3470477a-b35a-49db-aca5-1073d04524fe"},{"properties":{"displayName":"Microsoft
+ Managed Control 1151 - System Interconnections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1151"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/347e3b69-7fb7-47df-a8ef-71a1a7b44bca","type":"Microsoft.Authorization/policyDefinitions","name":"347e3b69-7fb7-47df-a8ef-71a1a7b44bca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1412 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1412"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3492d949-0dbb-4589-88b3-7b59601cc764","type":"Microsoft.Authorization/policyDefinitions","name":"3492d949-0dbb-4589-88b3-7b59601cc764"},{"properties":{"displayName":"Microsoft
+ Managed Control 1475 - Emergency Lighting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1475"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34a63848-30cf-4081-937e-ce1a1c885501","type":"Microsoft.Authorization/policyDefinitions","name":"34a63848-30cf-4081-937e-ce1a1c885501"},{"properties":{"displayName":"Microsoft
+ Managed Control 1060 - Remote Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1060"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34a987fd-2003-45de-a120-014956581f2b","type":"Microsoft.Authorization/policyDefinitions","name":"34a987fd-2003-45de-a120-014956581f2b"},{"properties":{"displayName":"Audit
unrestricted network access to storage accounts","policyType":"BuiltIn","mode":"Indexed","description":"Audit
unrestricted network access in your storage account firewall settings. Instead,
configure network rules so only applications from allowed networks can access
the storage account. To allow connections from specific internet or on-premise
clients, access can be granted to traffic from specific Azure virtual networks
or to public internet IP address ranges","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.defaultAction","equals":"Allow"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","type":"Microsoft.Authorization/policyDefinitions","name":"34c877ad-507e-4c82-993e-3452a6e0ad3c"},{"properties":{"displayName":"Diagnostic
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.defaultAction","equals":"Allow"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","type":"Microsoft.Authorization/policyDefinitions","name":"34c877ad-507e-4c82-993e-3452a6e0ad3c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1341 - Authenticator Management | Multiple Information System
+ Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1341"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34cb7e92-fe4c-4826-b51e-8cd203fa5d35","type":"Microsoft.Authorization/policyDefinitions","name":"34cb7e92-fe4c-4826-b51e-8cd203fa5d35"},{"properties":{"displayName":"Diagnostic
logs in Logic Apps should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Logic Apps"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","type":"Microsoft.Authorization/policyDefinitions","name":"34f95f76-5386-4de7-b824-0d8478470c9d"},{"properties":{"displayName":"[Preview]:
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","type":"Microsoft.Authorization/policyDefinitions","name":"34f95f76-5386-4de7-b824-0d8478470c9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1210 - Configuration Settings","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1210"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3502c968-c490-4570-8167-1476f955e9b8","type":"Microsoft.Authorization/policyDefinitions","name":"3502c968-c490-4570-8167-1476f955e9b8"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not have a maximum password
age of 70 days","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4579,31 +6134,51 @@ interactions:
managed identity and deploys the VM extension for Guest Configuration. This
policy should only be used along with its corresponding audit policy in an
initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MaximumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MaximumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","type":"Microsoft.Authorization/policyDefinitions","name":"356a906e-05e5-4625-8729-90771e0ee934"},{"properties":{"displayName":"CORS
should not allow every resource to access your API App","policyType":"BuiltIn","mode":"Indexed","description":"Cross-Origin
Resource Sharing (CORS) should not allow all domains to access your API app.
Allow only required domains to interact with your API app.","metadata":{"category":"App
Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","type":"Microsoft.Authorization/policyDefinitions","name":"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac"},{"properties":{"displayName":"Gateway
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","type":"Microsoft.Authorization/policyDefinitions","name":"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1659 - Architecture And Provisioning For Name / Address Resolution
+ Service","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1659"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/35a4102f-a778-4a2e-98c2-971056288df8","type":"Microsoft.Authorization/policyDefinitions","name":"35a4102f-a778-4a2e-98c2-971056288df8"},{"properties":{"displayName":"Gateway
subnets should not be configured with a network security group","policyType":"BuiltIn","mode":"All","description":"This
policy denies if a gateway subnet is configured with a network security group.
Assigning a network security group to a gateway subnet will cause the gateway
- to stop functioning.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},{"field":"name","equals":"GatewaySubnet"},{"field":"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id","exists":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010","type":"Microsoft.Authorization/policyDefinitions","name":"35f9c03a-cc27-418e-9c0c-539ff999d010"},{"properties":{"displayName":"Deploy
+ to stop functioning.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},{"field":"name","equals":"GatewaySubnet"},{"field":"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id","exists":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010","type":"Microsoft.Authorization/policyDefinitions","name":"35f9c03a-cc27-418e-9c0c-539ff999d010"},{"properties":{"displayName":"Microsoft
+ Managed Control 1043 - Least Privilege | Prohibit Non-Privileged Users From
+ Executing Privileged Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1043"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/361a77f6-0f9c-4748-8eec-bc13aaaa2455","type":"Microsoft.Authorization/policyDefinitions","name":"361a77f6-0f9c-4748-8eec-bc13aaaa2455"},{"properties":{"displayName":"Deploy
Advanced Threat Protection on Storage Accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
policy enables Advanced Threat Protection on Storage Accounts.","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Storage/storageAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"storageAccountName":{"type":"string"}},"resources":[{"apiVersion":"2017-08-01-preview","type":"Microsoft.Storage/storageAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''storageAccountName''),
- ''/Microsoft.Security/current'')]","properties":{"isEnabled":true}}]},"parameters":{"storageAccountName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c","type":"Microsoft.Authorization/policyDefinitions","name":"361c2074-3595-4e5d-8cab-4f21dffc835c"},{"properties":{"displayName":"Automation
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Storage/storageAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"storageAccountName":{"type":"string"}},"resources":[{"apiVersion":"2019-01-01","type":"Microsoft.Storage/storageAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''storageAccountName''),
+ ''/Microsoft.Security/current'')]","properties":{"isEnabled":true}}]},"parameters":{"storageAccountName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c","type":"Microsoft.Authorization/policyDefinitions","name":"361c2074-3595-4e5d-8cab-4f21dffc835c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1313 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1313"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36220f5b-79a1-4cdb-8c74-2d2449f9a510","type":"Microsoft.Authorization/policyDefinitions","name":"36220f5b-79a1-4cdb-8c74-2d2449f9a510"},{"properties":{"displayName":"Microsoft
+ Managed Control 1630 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1630"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3643717a-3897-4bfd-8530-c7c96b26b2a0","type":"Microsoft.Authorization/policyDefinitions","name":"3643717a-3897-4bfd-8530-c7c96b26b2a0"},{"properties":{"displayName":"Automation
account variables should be encrypted","policyType":"BuiltIn","mode":"All","description":"It
is important to enable encryption of Automation account variable assets when
storing sensitive data","metadata":{"category":"Automation"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Automation/automationAccounts/variables"},{"field":"Microsoft.Automation/automationAccounts/variables/isEncrypted","notEquals":"true"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","type":"Microsoft.Authorization/policyDefinitions","name":"3657f5a0-770e-44a3-b44e-9431ba1e9735"},{"properties":{"displayName":"Deploy
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Automation/automationAccounts/variables"},{"field":"Microsoft.Automation/automationAccounts/variables/isEncrypted","notEquals":"true"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","type":"Microsoft.Authorization/policyDefinitions","name":"3657f5a0-770e-44a3-b44e-9431ba1e9735"},{"properties":{"displayName":"Microsoft
+ Managed Control 1339 - Authenticator Management | Protection Of Authenticators","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1339"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/367ae386-db7f-4167-b672-984ff86277c0","type":"Microsoft.Authorization/policyDefinitions","name":"367ae386-db7f-4167-b672-984ff86277c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1685 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1685"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36b0ef30-366f-4b1b-8652-a3511df11f53","type":"Microsoft.Authorization/policyDefinitions","name":"36b0ef30-366f-4b1b-8652-a3511df11f53"},{"properties":{"displayName":"Deploy
Threat Detection on SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy ensures that Threat Detection is enabled on SQL Servers.","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/securityAlertPolicies.state","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"serverName":{"type":"string"}},"variables":{},"resources":[{"name":"[concat(parameters(''serverName''),
''/Default'')]","type":"Microsoft.Sql/servers/securityAlertPolicies","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","emailAccountAdmins":true}}]},"parameters":{"serverName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5","type":"Microsoft.Authorization/policyDefinitions","name":"36d49e87-48c4-4f2e-beed-ba4ed02b71f5"},{"properties":{"displayName":"[Preview]:
@@ -4652,7 +6227,10 @@ interactions:
clients;ExpectedValue","value":"[parameters(''NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients'')]"},{"name":"Network
security: Minimum session security for NTLM SSP based (including secure RPC)
servers;ExpectedValue","value":"[parameters(''NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36e17963-7202-494a-80c3-f508211c826b","type":"Microsoft.Authorization/policyDefinitions","name":"36e17963-7202-494a-80c3-f508211c826b"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36e17963-7202-494a-80c3-f508211c826b","type":"Microsoft.Authorization/policyDefinitions","name":"36e17963-7202-494a-80c3-f508211c826b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1557 - Vulnerability Scanning | Review Historic Audit Logs","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1557"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36fbe499-f2f2-41b6-880e-52d7ea1d94a5","type":"Microsoft.Authorization/policyDefinitions","name":"36fbe499-f2f2-41b6-880e-52d7ea1d94a5"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Interactive Logon''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4663,33 +6241,86 @@ interactions:
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsInteractiveLogon","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsInteractiveLogon"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3750712b-43d0-478e-9966-d2c26f6141b9","type":"Microsoft.Authorization/policyDefinitions","name":"3750712b-43d0-478e-9966-d2c26f6141b9"},{"properties":{"displayName":"Storage
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3750712b-43d0-478e-9966-d2c26f6141b9","type":"Microsoft.Authorization/policyDefinitions","name":"3750712b-43d0-478e-9966-d2c26f6141b9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1624 - Boundary Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1624"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37d079e3-d6aa-4263-a069-dd7ac6dd9684","type":"Microsoft.Authorization/policyDefinitions","name":"37d079e3-d6aa-4263-a069-dd7ac6dd9684"},{"properties":{"displayName":"Storage
accounts should be migrated to new Azure Resource Manager resources","policyType":"BuiltIn","mode":"All","description":"Use
new Azure Resource Manager for your storage accounts to provide security enhancements
such as: stronger access control (RBAC), better auditing, Azure Resource Manager
based deployment and governance, access to managed identities, access to key
vault for secrets, Azure AD-based authentication and support for tags and
resource groups for easier security management","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.classicStorage/storageAccounts"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","type":"Microsoft.Authorization/policyDefinitions","name":"37e0d2fe-28a5-43d6-a273-67d37d1f5606"},{"properties":{"displayName":"Diagnostic
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.ClassicStorage/storageAccounts","Microsoft.Storage/StorageAccounts"]},{"value":"[field(''type'')]","equals":"Microsoft.ClassicStorage/storageAccounts"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","type":"Microsoft.Authorization/policyDefinitions","name":"37e0d2fe-28a5-43d6-a273-67d37d1f5606"},{"properties":{"displayName":"Microsoft
+ Managed Control 1335 - Authenticator Management | Pki-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1335"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/382016f3-d4ba-4e15-9716-55077ec4dc2a","type":"Microsoft.Authorization/policyDefinitions","name":"382016f3-d4ba-4e15-9716-55077ec4dc2a"},{"properties":{"displayName":"Diagnostic
logs in IoT Hub should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Internet of Things"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Devices/IotHubs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","type":"Microsoft.Authorization/policyDefinitions","name":"383856f8-de7f-44a2-81fc-e5135b5c2aa4"},{"properties":{"displayName":"Advanced
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Devices/IotHubs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","type":"Microsoft.Authorization/policyDefinitions","name":"383856f8-de7f-44a2-81fc-e5135b5c2aa4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1081 - Information Sharing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1081"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3867f2a9-23bb-4729-851f-c3ad98580caf","type":"Microsoft.Authorization/policyDefinitions","name":"3867f2a9-23bb-4729-851f-c3ad98580caf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1522 - Personnel Transfer","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1522"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/38b470cc-f939-4a15-80e0-9f0c74f2e2c9","type":"Microsoft.Authorization/policyDefinitions","name":"38b470cc-f939-4a15-80e0-9f0c74f2e2c9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1416 - Nonlocal Maintenance | Document Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1416"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/38dfd8a3-5290-4099-88b7-4081f4c4d8ae","type":"Microsoft.Authorization/policyDefinitions","name":"38dfd8a3-5290-4099-88b7-4081f4c4d8ae"},{"properties":{"displayName":"Microsoft
+ Managed Control 1397 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1397"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/391af4ab-1117-46b9-b2c7-78bbd5cd995b","type":"Microsoft.Authorization/policyDefinitions","name":"391af4ab-1117-46b9-b2c7-78bbd5cd995b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1556 - Vulnerability Scanning | Automated Trend Analyses","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1556"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/391ff8b3-afed-405e-9f7d-ef2f8168d5da","type":"Microsoft.Authorization/policyDefinitions","name":"391ff8b3-afed-405e-9f7d-ef2f8168d5da"},{"properties":{"displayName":"Advanced
data security settings for SQL managed instance should contain an email address
to receive security alerts","policyType":"BuiltIn","mode":"Indexed","description":"Ensure
that an email address is provided for the ''Send alerts to'' field in the
Advanced Data Security server settings. This email address receives alert
notifications when anomalous activities are detected on SQL managed instances.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","notEquals":""},{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","type":"Microsoft.Authorization/policyDefinitions","name":"3965c43d-b5f4-482e-b74a-d89ee0e0b3a8"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","notEquals":""},{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","type":"Microsoft.Authorization/policyDefinitions","name":"3965c43d-b5f4-482e-b74a-d89ee0e0b3a8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1232 - Configuration Management Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1232"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/396ba986-eac1-4d6d-85c4-d3fda6b78272","type":"Microsoft.Authorization/policyDefinitions","name":"396ba986-eac1-4d6d-85c4-d3fda6b78272"},{"properties":{"displayName":"Microsoft
+ Managed Control 1246 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1246"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/398eb61e-8111-40d5-a0c9-003df28f1753","type":"Microsoft.Authorization/policyDefinitions","name":"398eb61e-8111-40d5-a0c9-003df28f1753"},{"properties":{"displayName":"FTPS
+ only should be required in your Function App","policyType":"BuiltIn","mode":"Indexed","description":"Enable
+ FTPS enforcement for enhanced security","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/ftpsState","equals":"FtpsOnly"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15","type":"Microsoft.Authorization/policyDefinitions","name":"399b2637-a50f-4f95-96f8-3a145476eb15"},{"properties":{"displayName":"Microsoft
+ Managed Control 1680 - Malicious Code Protection | Central Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1680"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/399cd6ee-0e18-41db-9dea-cde3bd712f38","type":"Microsoft.Authorization/policyDefinitions","name":"399cd6ee-0e18-41db-9dea-cde3bd712f38"},{"properties":{"displayName":"Microsoft
+ Managed Control 1228 - Information System Component Inventory | Accountability
+ Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1228"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/39c54140-5902-4079-8bb5-ad31936fe764","type":"Microsoft.Authorization/policyDefinitions","name":"39c54140-5902-4079-8bb5-ad31936fe764"},{"properties":{"displayName":"Microsoft
+ Managed Control 1039 - Least Privilege | Review Of User Privileges","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1039"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3a7b9de4-a8a2-4672-914d-c5f6752aa7f9","type":"Microsoft.Authorization/policyDefinitions","name":"3a7b9de4-a8a2-4672-914d-c5f6752aa7f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1648 - Collaborative Computing Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1648"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3a9eb14b-495a-4ebb-933c-ce4ef5264e32","type":"Microsoft.Authorization/policyDefinitions","name":"3a9eb14b-495a-4ebb-933c-ce4ef5264e32"},{"properties":{"displayName":"Microsoft
+ Managed Control 1315 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1315"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3aa87116-f1a1-4edb-bfbf-14e036f8d454","type":"Microsoft.Authorization/policyDefinitions","name":"3aa87116-f1a1-4edb-bfbf-14e036f8d454"},{"properties":{"displayName":"[Preview]:
Pod Security Policies should be defined on Kubernetes Services","policyType":"BuiltIn","mode":"All","description":"Define
Pod Security Policies to reduce the attack vector by removing unnecessary
application privileges. It is recommended to configure Pod Security Policies
to only allow pods to access the resources which they have permissions to
access.","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","exists":"false"},{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94","type":"Microsoft.Authorization/policyDefinitions","name":"3abeb944-26af-43ee-b83d-32aaf060fb94"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","exists":"false"},{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94","type":"Microsoft.Authorization/policyDefinitions","name":"3abeb944-26af-43ee-b83d-32aaf060fb94"},{"properties":{"displayName":"Microsoft
+ Managed Control 1548 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1548"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3afe6c78-6124-4d95-b85c-eb8c0c9539cb","type":"Microsoft.Authorization/policyDefinitions","name":"3afe6c78-6124-4d95-b85c-eb8c0c9539cb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1266 - Contingency Plan Testing | Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1266"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3b4a3eb2-c25d-40bf-ad41-5094b6f59cee","type":"Microsoft.Authorization/policyDefinitions","name":"3b4a3eb2-c25d-40bf-ad41-5094b6f59cee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1003 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1003"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3b68b179-3704-4ff7-b51d-7d65374d165d","type":"Microsoft.Authorization/policyDefinitions","name":"3b68b179-3704-4ff7-b51d-7d65374d165d"},{"properties":{"displayName":"[Preview]:
Deploy Dependency Agent for Windows VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the
list defined and the agent is not installed. The list of OS images will be
@@ -4719,15 +6350,40 @@ interactions:
in security configuration on your virtual machine scale sets should be remediated","policyType":"BuiltIn","mode":"Indexed","description":"Audit
the OS vulnerabilities on your virtual machine scale sets to protect them
from attacks.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OsVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","type":"Microsoft.Authorization/policyDefinitions","name":"3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OsVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","type":"Microsoft.Authorization/policyDefinitions","name":"3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1621 - Resource Availability","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1621"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3cb9f731-744a-4691-a481-ca77b0411538","type":"Microsoft.Authorization/policyDefinitions","name":"3cb9f731-744a-4691-a481-ca77b0411538"},{"properties":{"displayName":"Microsoft
+ Managed Control 1521 - Personnel Termination | Automated Notification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1521"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3cbddf9c-a3aa-4330-a0f5-4c0c1f1862e5","type":"Microsoft.Authorization/policyDefinitions","name":"3cbddf9c-a3aa-4330-a0f5-4c0c1f1862e5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1127 - Time Stamps","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1127"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3ce328db-aef3-48ed-9f81-2ab7cf839c66","type":"Microsoft.Authorization/policyDefinitions","name":"3ce328db-aef3-48ed-9f81-2ab7cf839c66"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Search Services to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Search Services to stream to a regional Event
+ Hub when any Search Services which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Search/searchServices/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d5da587-71bd-41f5-ac95-dd3330c2d58d","type":"Microsoft.Authorization/policyDefinitions","name":"3d5da587-71bd-41f5-ac95-dd3330c2d58d"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Devices''","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Security
Options - Devices''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsDevices","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d7b154e-2700-4c8c-9e46-cb65ac1578c2","type":"Microsoft.Authorization/policyDefinitions","name":"3d7b154e-2700-4c8c-9e46-cb65ac1578c2"},{"properties":{"displayName":"Deploy
- default Log Analytics Agent for Ubuntu VMs","policyType":"BuiltIn","mode":"Indexed","description":"This
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsDevices","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d7b154e-2700-4c8c-9e46-cb65ac1578c2","type":"Microsoft.Authorization/policyDefinitions","name":"3d7b154e-2700-4c8c-9e46-cb65ac1578c2"},{"properties":{"displayName":"[Deprecated]:
+ Deploy default Log Analytics Agent for Ubuntu VMs","policyType":"BuiltIn","mode":"Indexed","description":"This
policy deploys the Log Analytics Agent on Ubuntu VMs, and connects to the
selected Log Analytics workspace","metadata":{"category":"Compute","deprecated":true},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log
Analytics workspace","description":"Select Log Analytics workspace from dropdown
@@ -4736,22 +6392,43 @@ interactions:
policy assignment''s principal ID.","strongType":"omsWorkspace"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS","16.04-LTS","16.04.0-LTS","14.04.2-LTS","12.04.5-LTS"]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"OmsAgentForLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"resources":[{"name":"[concat(parameters(''vmName''),''/omsPolicy'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2017-12-01","properties":{"publisher":"Microsoft.EnterpriseCloud.Monitoring","type":"OmsAgentForLinux","typeHandlerVersion":"1.4","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
''2015-03-20'').customerId]"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- monitoring for Linux VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38","type":"Microsoft.Authorization/policyDefinitions","name":"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38"},{"properties":{"displayName":"Azure
+ monitoring for Linux VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38","type":"Microsoft.Authorization/policyDefinitions","name":"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38"},{"properties":{"displayName":"Microsoft
+ Managed Control 1385 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1385"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3e495e65-8663-49ca-9b38-9f45e800bc58","type":"Microsoft.Authorization/policyDefinitions","name":"3e495e65-8663-49ca-9b38-9f45e800bc58"},{"properties":{"displayName":"Azure
Monitor solution ''Security and Audit'' must be deployed","policyType":"BuiltIn","mode":"All","description":"This
policy ensures that Security and Audit is deployed.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.OperationsManagement/solutions","existenceCondition":{"allOf":[{"field":"Microsoft.OperationsManagement/solutions/provisioningState","equals":"Succeeded"},{"field":"name","like":"Security(*)"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3e596b57-105f-48a6-be97-03e9243bad6e","type":"Microsoft.Authorization/policyDefinitions","name":"3e596b57-105f-48a6-be97-03e9243bad6e"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.OperationsManagement/solutions","existenceCondition":{"allOf":[{"field":"Microsoft.OperationsManagement/solutions/provisioningState","equals":"Succeeded"},{"field":"name","like":"Security(*)"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3e596b57-105f-48a6-be97-03e9243bad6e","type":"Microsoft.Authorization/policyDefinitions","name":"3e596b57-105f-48a6-be97-03e9243bad6e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1160 - Security Authorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1160"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3e797ca6-2aa8-4333-b335-7036f1110c05","type":"Microsoft.Authorization/policyDefinitions","name":"3e797ca6-2aa8-4333-b335-7036f1110c05"},{"properties":{"displayName":"Microsoft
+ Managed Control 1545 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1545"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3f4b171a-a56b-4328-8112-32cf7f947ee1","type":"Microsoft.Authorization/policyDefinitions","name":"3f4b171a-a56b-4328-8112-32cf7f947ee1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1179 - Baseline Configuration | Reviews And Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1179"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3f9ce557-c8ab-4e6c-bb2c-9b8ed002c46c","type":"Microsoft.Authorization/policyDefinitions","name":"3f9ce557-c8ab-4e6c-bb2c-9b8ed002c46c"},{"properties":{"displayName":"[Deprecated]:
Audit API Applications that are not using latest supported PHP Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported PHP version for the latest security classes. Using older
classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66","type":"Microsoft.Authorization/policyDefinitions","name":"3fe37002-5d00-4b37-a301-da09e3a0ca66"},{"properties":{"displayName":"Secure
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66","type":"Microsoft.Authorization/policyDefinitions","name":"3fe37002-5d00-4b37-a301-da09e3a0ca66"},{"properties":{"displayName":"Microsoft
+ Managed Control 1561 - Allocation Of Resources","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1561"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40364c3f-c331-4e29-b1e3-2fbe998ba2f5","type":"Microsoft.Authorization/policyDefinitions","name":"40364c3f-c331-4e29-b1e3-2fbe998ba2f5"},{"properties":{"displayName":"Secure
transfer to storage accounts should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
requirment of Secure transfer in your storage account. Secure transfer is
an option that forces your storage account to accept requests only from secure
connections (HTTPS). Use of HTTPS ensures authentication between the server
and the service and protects data in transit from network layer attacks such
as man-in-the-middle, eavesdropping, and session-hijacking","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","type":"Microsoft.Authorization/policyDefinitions","name":"404c3081-a854-4457-ae30-26a93ef643f9"},{"properties":{"displayName":"[Preview]:
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","type":"Microsoft.Authorization/policyDefinitions","name":"404c3081-a854-4457-ae30-26a93ef643f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1100 - Audit And Accountability Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1100"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4057863c-ca7d-47eb-b1e0-503580cba8a4","type":"Microsoft.Authorization/policyDefinitions","name":"4057863c-ca7d-47eb-b1e0-503580cba8a4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1637 - Boundary Protection | Fail Secure","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1637"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4075bedc-c62a-4635-bede-a01be89807f3","type":"Microsoft.Authorization/policyDefinitions","name":"4075bedc-c62a-4635-bede-a01be89807f3"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Administrative
Templates - System''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4781,11 +6458,41 @@ interactions:
Driver Initialization Policy;ExpectedValue","value":"[parameters(''BootStartDriverInitializationPolicy'')]"},{"name":"Enable
Windows NTP Client;ExpectedValue","value":"[parameters(''EnableWindowsNTPClient'')]"},{"name":"Turn
on convenience PIN sign-in;ExpectedValue","value":"[parameters(''TurnOnConveniencePINSignin'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40917425-69db-4018-8dae-2a0556cef899","type":"Microsoft.Authorization/policyDefinitions","name":"40917425-69db-4018-8dae-2a0556cef899"},{"properties":{"displayName":"Azure
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40917425-69db-4018-8dae-2a0556cef899","type":"Microsoft.Authorization/policyDefinitions","name":"40917425-69db-4018-8dae-2a0556cef899"},{"properties":{"displayName":"Microsoft
+ Managed Control 1202 - Access Restrictions For Change","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1202"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40a2a83b-74f2-4c02-ae65-f460a5d2792a","type":"Microsoft.Authorization/policyDefinitions","name":"40a2a83b-74f2-4c02-ae65-f460a5d2792a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1438 - Media Sanitization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1438"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40fcc635-52a2-4dbc-9523-80a1f4aa1de6","type":"Microsoft.Authorization/policyDefinitions","name":"40fcc635-52a2-4dbc-9523-80a1f4aa1de6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1365 - Incident Handling | Continuity Of Operations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1365"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4116891d-72f7-46ee-911c-8056cc8dcbd5","type":"Microsoft.Authorization/policyDefinitions","name":"4116891d-72f7-46ee-911c-8056cc8dcbd5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1022 - Account Management | Shared / Group Account Credential
+ Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1022"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/411f7e2d-9a0b-4627-a0b9-1700432db47d","type":"Microsoft.Authorization/policyDefinitions","name":"411f7e2d-9a0b-4627-a0b9-1700432db47d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1464 - Monitoring Physical Access | Intrusion Alarms / Surveillance
+ Equipment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1464"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/41256567-1795-4684-b00b-a1308ce43cac","type":"Microsoft.Authorization/policyDefinitions","name":"41256567-1795-4684-b00b-a1308ce43cac"},{"properties":{"displayName":"Azure
Monitor should collect activity logs from all regions","policyType":"BuiltIn","mode":"All","description":"This
policy audits the Azure Monitor log profile which does not export activities
from all Azure supported regions including global.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiasoutheast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"brazilsouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francesouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japaneast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japanwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreasouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricanorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricawest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southeastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaenorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uksouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"ukwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"global"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","type":"Microsoft.Authorization/policyDefinitions","name":"41388f1c-2db0-4c25-95b2-35d7f5ccbfa9"},{"properties":{"displayName":"Diagnostic
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiasoutheast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"brazilsouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francesouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japaneast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japanwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreasouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricanorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricawest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southeastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaenorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uksouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"ukwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"global"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","type":"Microsoft.Authorization/policyDefinitions","name":"41388f1c-2db0-4c25-95b2-35d7f5ccbfa9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1263 - Contingency Plan Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1263"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/41472613-3b05-49f6-8fe8-525af113ce17","type":"Microsoft.Authorization/policyDefinitions","name":"41472613-3b05-49f6-8fe8-525af113ce17"},{"properties":{"displayName":"Microsoft
+ Managed Control 1096 - Role-Based Security Training | Practical Exercises","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1096"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/420c1477-aa43-49d0-bd7e-c4abdd9addff","type":"Microsoft.Authorization/policyDefinitions","name":"420c1477-aa43-49d0-bd7e-c4abdd9addff"},{"properties":{"displayName":"Microsoft
+ Managed Control 1260 - Contingency Training | Simulated Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1260"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/42254fc4-2738-4128-9613-72aaa4f0d9c3","type":"Microsoft.Authorization/policyDefinitions","name":"42254fc4-2738-4128-9613-72aaa4f0d9c3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1694 - Information System Monitoring | Analyze Communications
+ Traffic Anomalies","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1694"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/426c4ac9-ff17-49d0-acd7-a13c157081c0","type":"Microsoft.Authorization/policyDefinitions","name":"426c4ac9-ff17-49d0-acd7-a13c157081c0"},{"properties":{"displayName":"Diagnostic
logs in Batch accounts should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
@@ -4809,7 +6516,20 @@ interactions:
Process Termination;ExpectedValue'', ''='', parameters(''AuditProcessTermination'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesDetailedTracking"},"AuditProcessTermination":{"value":"[parameters(''AuditProcessTermination'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AuditProcessTermination":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit
Process Termination;ExpectedValue","value":"[parameters(''AuditProcessTermination'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/42a07bbf-ffcf-459a-b4b1-30ecd118a505","type":"Microsoft.Authorization/policyDefinitions","name":"42a07bbf-ffcf-459a-b4b1-30ecd118a505"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/42a07bbf-ffcf-459a-b4b1-30ecd118a505","type":"Microsoft.Authorization/policyDefinitions","name":"42a07bbf-ffcf-459a-b4b1-30ecd118a505"},{"properties":{"displayName":"Microsoft
+ Managed Control 1174 - Configuration Management Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1174"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/42a9a714-8fbb-43ac-b115-ea12d2bd652f","type":"Microsoft.Authorization/policyDefinitions","name":"42a9a714-8fbb-43ac-b115-ea12d2bd652f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1137 - Audit Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1137"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4344df62-88ab-4637-b97b-bcaf2ec97e7c","type":"Microsoft.Authorization/policyDefinitions","name":"4344df62-88ab-4637-b97b-bcaf2ec97e7c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1367 - Incident Handling | Insider Threats - Specific Capabilities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1367"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/435b2547-6374-4f87-b42d-6e8dbe6ae62a","type":"Microsoft.Authorization/policyDefinitions","name":"435b2547-6374-4f87-b42d-6e8dbe6ae62a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1552 - Vulnerability Scanning | Update By Frequency / Prior
+ To New Scan / When Identified","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1552"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/43684572-e4f1-4642-af35-6b933bc506da","type":"Microsoft.Authorization/policyDefinitions","name":"43684572-e4f1-4642-af35-6b933bc506da"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- System settings''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4831,13 +6551,56 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"System
settings: Use Certificate Rules on Windows Executables for Software Restriction
Policies;ExpectedValue","value":"[parameters(''SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/437a1f8f-8552-47a8-8b12-a2fee3269dd5","type":"Microsoft.Authorization/policyDefinitions","name":"437a1f8f-8552-47a8-8b12-a2fee3269dd5"},{"properties":{"displayName":"[Deprecated]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/437a1f8f-8552-47a8-8b12-a2fee3269dd5","type":"Microsoft.Authorization/policyDefinitions","name":"437a1f8f-8552-47a8-8b12-a2fee3269dd5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1544 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1544"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/43ced7c9-cd53-456b-b0da-2522649a4271","type":"Microsoft.Authorization/policyDefinitions","name":"43ced7c9-cd53-456b-b0da-2522649a4271"},{"properties":{"displayName":"Microsoft
+ Managed Control 1398 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1398"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/443e8f3d-b51a-45d8-95a7-18b0e42f4dc4","type":"Microsoft.Authorization/policyDefinitions","name":"443e8f3d-b51a-45d8-95a7-18b0e42f4dc4"},{"properties":{"displayName":"[Deprecated]:
Monitor permissive network access in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Network
Security Groups with too permissive rules will be monitored by Azure Security
Center as recommendations","metadata":{"category":"Security Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"permissiveNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed","type":"Microsoft.Authorization/policyDefinitions","name":"44452482-524f-4bf4-b852-0bff7cc4a3ed"},{"properties":{"displayName":"Require
- SQL Server version 12.0","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy ensures all SQL servers use version 12.0","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers"},{"not":{"field":"Microsoft.Sql/servers/version","equals":"12.0"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf","type":"Microsoft.Authorization/policyDefinitions","name":"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"permissiveNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed","type":"Microsoft.Authorization/policyDefinitions","name":"44452482-524f-4bf4-b852-0bff7cc4a3ed"},{"properties":{"displayName":"Microsoft
+ Managed Control 1066 - Remote Access | Disconnect / Disable Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1066"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4455c2e8-c65d-4acf-895e-304916f90b36","type":"Microsoft.Authorization/policyDefinitions","name":"4455c2e8-c65d-4acf-895e-304916f90b36"},{"properties":{"displayName":"Microsoft
+ Managed Control 1720 - Spam Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1720"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44b9a7cd-f36a-491a-a48b-6d04ae7c4221","type":"Microsoft.Authorization/policyDefinitions","name":"44b9a7cd-f36a-491a-a48b-6d04ae7c4221"},{"properties":{"displayName":"Microsoft
+ Managed Control 1334 - Authenticator Management | Pki-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1334"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44bfdadc-8c2e-4c30-9c99-f005986fabcd","type":"Microsoft.Authorization/policyDefinitions","name":"44bfdadc-8c2e-4c30-9c99-f005986fabcd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1604 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1604"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44dbba23-0b61-478e-89c7-b3084667782f","type":"Microsoft.Authorization/policyDefinitions","name":"44dbba23-0b61-478e-89c7-b3084667782f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1712 - Software, Firmware, And Information Integrity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1712"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44e543aa-41db-42aa-98eb-8a5eb1db53f0","type":"Microsoft.Authorization/policyDefinitions","name":"44e543aa-41db-42aa-98eb-8a5eb1db53f0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1310 - Device Identification And Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1310"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/450d7ede-823d-4931-a99d-57f6a38807dc","type":"Microsoft.Authorization/policyDefinitions","name":"450d7ede-823d-4931-a99d-57f6a38807dc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1559 - System And Services Acquisition Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1559"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/45692294-f074-42bd-ac54-16f1a3c07554","type":"Microsoft.Authorization/policyDefinitions","name":"45692294-f074-42bd-ac54-16f1a3c07554"},{"properties":{"displayName":"Microsoft
+ Managed Control 1578 - Acquisition Process | Functions / Ports / Protocols
+ / Services In Use","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1578"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/45b7b644-5f91-498e-9d89-7402532d3645","type":"Microsoft.Authorization/policyDefinitions","name":"45b7b644-5f91-498e-9d89-7402532d3645"},{"properties":{"displayName":"Microsoft
+ Managed Control 1565 - System Development Life Cycle","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1565"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/45ce2396-5c76-4654-9737-f8792ab3d26b","type":"Microsoft.Authorization/policyDefinitions","name":"45ce2396-5c76-4654-9737-f8792ab3d26b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1337 - Authenticator Management | In-Person Or Trusted Third-Party
+ Registration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1337"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/463e5220-3f79-4e24-a63f-343e4096cd22","type":"Microsoft.Authorization/policyDefinitions","name":"463e5220-3f79-4e24-a63f-343e4096cd22"},{"properties":{"displayName":"[Deprecated]:
+ Require SQL Server version 12.0","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy ensures all SQL servers use version 12.0. This policy is deprecated
+ because it is no longer possible to create an Azure SQL server with any version
+ other than 12.0.","metadata":{"category":"SQL","deprecated":"true"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers"},{"not":{"field":"Microsoft.Sql/servers/version","equals":"12.0"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf","type":"Microsoft.Authorization/policyDefinitions","name":"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1346 - Identification And Authentication (Non-Organizational
+ Users)","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1346"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/464dc8ce-2200-4720-87a5-dc5952924cc6","type":"Microsoft.Authorization/policyDefinitions","name":"464dc8ce-2200-4720-87a5-dc5952924cc6"},{"properties":{"displayName":"[Deprecated]:
Audit Web Applications that are not using latest supported Python Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported Python version for the latest security classes. Using
older classes and types can make your application vulnerable.","metadata":{"category":"Security
@@ -4846,7 +6609,14 @@ interactions:
automatic OS image patching on Virtual Machine Scale Sets","policyType":"BuiltIn","mode":"All","description":"This
policy enforces enabling automatic OS image patching on Virtual Machine Scale
Sets to always keep Virtual Machines secure by safely applying latest security
- patches every month.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgradePolicy.enableAutomaticOSUpgrade","notEquals":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade","notEquals":"True"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"465f0161-0087-490a-9ad9-ad6217f4f43a"},{"properties":{"displayName":"Automatic
+ patches every month.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgradePolicy.enableAutomaticOSUpgrade","notEquals":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade","notEquals":"True"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"465f0161-0087-490a-9ad9-ad6217f4f43a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1368 - Incident Handling | Correlation With External Organizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1368"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/465f32da-0ace-4603-8d1b-7be5a3a702de","type":"Microsoft.Authorization/policyDefinitions","name":"465f32da-0ace-4603-8d1b-7be5a3a702de"},{"properties":{"displayName":"Microsoft
+ Managed Control 1062 - Remote Access | Protection Of Confidentiality / Integrity
+ Using Encryption","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1062"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4708723f-e099-4af1-bbf9-b6df7642e444","type":"Microsoft.Authorization/policyDefinitions","name":"4708723f-e099-4af1-bbf9-b6df7642e444"},{"properties":{"displayName":"Automatic
provisioning of the Log Analytics monitoring agent should be enabled on your
subscription","policyType":"BuiltIn","mode":"All","description":"Enable automatic
provisioning of the Log Analytics monitoring agent in order to collect security
@@ -4855,12 +6625,51 @@ interactions:
Application Controls should be enabled on virtual machines","policyType":"BuiltIn","mode":"All","description":"Possible
Application Whitelist configuration will be monitored by Azure Security Center","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"applicationWhitelisting","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","type":"Microsoft.Authorization/policyDefinitions","name":"47a6b606-51aa-4496-8bb7-64b11cf66adc"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"applicationWhitelisting","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","type":"Microsoft.Authorization/policyDefinitions","name":"47a6b606-51aa-4496-8bb7-64b11cf66adc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1359 - Incident Response Testing | Coordination With Related
+ Plans","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Incident Response control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1359"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/47bc7ea0-7d13-4f7c-a154-b903f7194253","type":"Microsoft.Authorization/policyDefinitions","name":"47bc7ea0-7d13-4f7c-a154-b903f7194253"},{"properties":{"displayName":"Microsoft
+ Managed Control 1165 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1165"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/47e10916-6c9e-446b-b0bd-ff5fd439d79d","type":"Microsoft.Authorization/policyDefinitions","name":"47e10916-6c9e-446b-b0bd-ff5fd439d79d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1048 - System Use Notification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1048"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/483e7ca9-82b3-45a2-be97-b93163a0deb7","type":"Microsoft.Authorization/policyDefinitions","name":"483e7ca9-82b3-45a2-be97-b93163a0deb7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1033 - Separation Of Duties","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1033"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48540f01-fc11-411a-b160-42807c68896e","type":"Microsoft.Authorization/policyDefinitions","name":"48540f01-fc11-411a-b160-42807c68896e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1477 - Fire Protection | Detection Devices / Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1477"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4862a63c-6c74-4a9d-a221-89af3c374503","type":"Microsoft.Authorization/policyDefinitions","name":"4862a63c-6c74-4a9d-a221-89af3c374503"},{"properties":{"displayName":"Microsoft
+ Managed Control 1484 - Water Damage Protection | Automation Support","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1484"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/486b006a-3653-45e8-b41c-a052d3e05456","type":"Microsoft.Authorization/policyDefinitions","name":"486b006a-3653-45e8-b41c-a052d3e05456"},{"properties":{"displayName":"[Deprecated]:
Audit IP restrictions configuration for an API App","policyType":"BuiltIn","mode":"All","description":"IP
Restrictions allow you to define a list of IP addresses that are allowed to
access your app. Use of IP Restrictions protects an API app from common attacks.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53","type":"Microsoft.Authorization/policyDefinitions","name":"48893b84-a2c8-4d9a-badf-835d5d1b7d53"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53","type":"Microsoft.Authorization/policyDefinitions","name":"48893b84-a2c8-4d9a-badf-835d5d1b7d53"},{"properties":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for PostgreSQL","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure Database for PostgreSQL with geo-redundant backup
+ not enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},{"field":"Microsoft.DBforPostgreSQL/servers/storageProfile.geoRedundantBackup","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","type":"Microsoft.Authorization/policyDefinitions","name":"48af4db5-9b8b-401c-8e74-076be876a430"},{"properties":{"displayName":"Microsoft
+ Managed Control 1669 - Flaw Remediation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1669"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48f2f62b-5743-4415-a143-288adc0e078d","type":"Microsoft.Authorization/policyDefinitions","name":"48f2f62b-5743-4415-a143-288adc0e078d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1376 - Incident Response Assistance | Coordination With External
+ Providers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1376"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/493a95f3-f2e3-47d0-af02-65e6d6decc2f","type":"Microsoft.Authorization/policyDefinitions","name":"493a95f3-f2e3-47d0-af02-65e6d6decc2f"},{"properties":{"displayName":"Ensure
+ that ''Java version'' is the latest, if used as a part of the Web app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Java software either due to security flaws
+ or to include additional functionality. Using the latest Java version for
+ web apps is recommended in order to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ Java version","description":"Latest supported Java version for App Services"},"defaultValue":"11"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"JAVA"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","like":"[concat(''*'',
+ parameters(''JavaLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.javaVersion","like":"[concat(parameters(''JavaLatestVersion''),
+ ''*'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","type":"Microsoft.Authorization/policyDefinitions","name":"496223c3-ad65-4ecd-878a-bae78737e9ed"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Audit''","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4876,15 +6685,52 @@ interactions:
''='', parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsAudit"},"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"value":"[parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit:
Shut down system immediately if unable to log security audits;ExpectedValue","value":"[parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/498b810c-59cd-4222-9338-352ba146ccf3","type":"Microsoft.Authorization/policyDefinitions","name":"498b810c-59cd-4222-9338-352ba146ccf3"},{"properties":{"displayName":"Append
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/498b810c-59cd-4222-9338-352ba146ccf3","type":"Microsoft.Authorization/policyDefinitions","name":"498b810c-59cd-4222-9338-352ba146ccf3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1329 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1329"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/498f6234-3e20-4b6a-a880-cbd646d973bd","type":"Microsoft.Authorization/policyDefinitions","name":"498f6234-3e20-4b6a-a880-cbd646d973bd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1638 - Boundary Protection | Dynamic Isolation / Segregation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1638"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49b99653-32cd-405d-a135-e7d60a9aae1f","type":"Microsoft.Authorization/policyDefinitions","name":"49b99653-32cd-405d-a135-e7d60a9aae1f"},{"properties":{"displayName":"Append
tag and its default value to resource groups","policyType":"BuiltIn","mode":"All","description":"Appends
the specified tag and value when any resource group which is missing this
tag is created or updated. Does not modify the tags of resource groups created
- before this policy was applied until those resource groups are changed.","metadata":{"category":"General"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ before this policy was applied until those resource groups are changed. New
+ ''modify'' effect policies are available that support remediation of tags
+ on existing resources (see https://aka.ms/modifydoc).","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
- Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","exists":"false"},{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"}]},"then":{"effect":"append","details":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71","type":"Microsoft.Authorization/policyDefinitions","name":"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71"},{"properties":{"displayName":"Deploy
+ Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"append","details":[{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71","type":"Microsoft.Authorization/policyDefinitions","name":"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71"},{"properties":{"displayName":"Microsoft
+ Managed Control 1294 - Information System Backup | Transfer To Alternate Storage
+ Site","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1294"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49dbe627-2c1e-438c-979e-dd7a39bbf81d","type":"Microsoft.Authorization/policyDefinitions","name":"49dbe627-2c1e-438c-979e-dd7a39bbf81d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1218 - Least Functionality | Prevent Program Execution","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1218"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4a1d0394-b9f5-493e-9e83-563fd0ac4df8","type":"Microsoft.Authorization/policyDefinitions","name":"4a1d0394-b9f5-493e-9e83-563fd0ac4df8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1677 - Malicious Code Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1677"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4a248e1e-040f-43e5-bff2-afc3a57a3923","type":"Microsoft.Authorization/policyDefinitions","name":"4a248e1e-040f-43e5-bff2-afc3a57a3923"},{"properties":{"displayName":"Microsoft
+ Managed Control 1094 - Role-Based Security Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1094"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4b1853e0-8973-446b-b567-09d901d31a09","type":"Microsoft.Authorization/policyDefinitions","name":"4b1853e0-8973-446b-b567-09d901d31a09"},{"properties":{"displayName":"Microsoft
+ Managed Control 1114 - Response To Audit Processing Failures | Real-Time Alerts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1114"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4c090801-59bc-4454-bb33-e0455133486a","type":"Microsoft.Authorization/policyDefinitions","name":"4c090801-59bc-4454-bb33-e0455133486a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1364 - Incident Handling | Dynamic Reconfiguration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1364"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4c615c2a-dc83-4dda-8220-abce7b50c9bc","type":"Microsoft.Authorization/policyDefinitions","name":"4c615c2a-dc83-4dda-8220-abce7b50c9bc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1661 - Session Authenticity | Invalidate Session Identifiers
+ At Logout","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1661"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4c643c9a-1be7-4016-a5e7-e4bada052920","type":"Microsoft.Authorization/policyDefinitions","name":"4c643c9a-1be7-4016-a5e7-e4bada052920"},{"properties":{"displayName":"Microsoft
+ Managed Control 1373 - Incident Reporting | Automated Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1373"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4cca950f-c3b7-492a-8e8f-ea39663c14f9","type":"Microsoft.Authorization/policyDefinitions","name":"4cca950f-c3b7-492a-8e8f-ea39663c14f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1632 - Boundary Protection | Prevent Split Tunneling For Remote
+ Devices","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1632"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4ce9073a-77fa-48f0-96b1-87aa8e6091c2","type":"Microsoft.Authorization/policyDefinitions","name":"4ce9073a-77fa-48f0-96b1-87aa8e6091c2"},{"properties":{"displayName":"Deploy
prerequisites to audit Linux VMs that do not have the specified applications
installed","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Linux virtual machines that
@@ -4896,66 +6742,277 @@ interactions:
names","description":"A semicolon-separated list of the names of the applications
that should be installed. e.g. ''python; powershell''"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"installed_application_linux","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent'',
''='', concat(''packages: ['', replace(parameters(''ApplicationName''), '';'',
- '',''), '']'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"installed_application_linux"},"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ApplicationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ '',''), '']'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"installed_application_linux"},"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ApplicationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent","value":"[concat(''packages:
- ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent","value":"[concat(''packages:
- ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721","type":"Microsoft.Authorization/policyDefinitions","name":"4d1c04de-2172-403f-901b-90608c35c721"},{"properties":{"displayName":"[Preview]:
+ ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721","type":"Microsoft.Authorization/policyDefinitions","name":"4d1c04de-2172-403f-901b-90608c35c721"},{"properties":{"displayName":"FTPS
+ should be required in your Web App","policyType":"BuiltIn","mode":"Indexed","description":"Enable
+ FTPS enforcement for enhanced security","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/ftpsState","equals":"FtpsOnly"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","type":"Microsoft.Authorization/policyDefinitions","name":"4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1155 - System Interconnections | Restrictions On External
+ System Connections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1155"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d33f9f1-12d0-46ad-9fbd-8f8046694977","type":"Microsoft.Authorization/policyDefinitions","name":"4d33f9f1-12d0-46ad-9fbd-8f8046694977"},{"properties":{"displayName":"Microsoft
+ Managed Control 1156 - Plan Of Action And Milestones","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1156"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d52e864-9a3b-41ee-8f03-520815fe5378","type":"Microsoft.Authorization/policyDefinitions","name":"4d52e864-9a3b-41ee-8f03-520815fe5378"},{"properties":{"displayName":"Microsoft
+ Managed Control 1312 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1312"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d6a5968-9eef-4c18-8534-376790ab7274","type":"Microsoft.Authorization/policyDefinitions","name":"4d6a5968-9eef-4c18-8534-376790ab7274"},{"properties":{"displayName":"[Preview]:
Deploy Dependency Agent for Linux VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined
and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''),
''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee","type":"Microsoft.Authorization/policyDefinitions","name":"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee"},{"properties":{"displayName":"A
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee","type":"Microsoft.Authorization/policyDefinitions","name":"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Data Lake Analytics to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Analytics to stream to a regional Event
+ Hub when any Data Lake Analytics which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeAnalytics/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeAnalytics/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4daddf25-4823-43d4-88eb-2419eb6dcc08","type":"Microsoft.Authorization/policyDefinitions","name":"4daddf25-4823-43d4-88eb-2419eb6dcc08"},{"properties":{"displayName":"Microsoft
+ Managed Control 1394 - System Maintenance Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1394"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4db56f68-3f50-45ab-88f3-ca46f5379a94","type":"Microsoft.Authorization/policyDefinitions","name":"4db56f68-3f50-45ab-88f3-ca46f5379a94"},{"properties":{"displayName":"Microsoft
+ Managed Control 1702 - Information System Monitoring | Indicators Of Compromise","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1702"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4dfc0855-92c4-4641-b155-a55ddd962362","type":"Microsoft.Authorization/policyDefinitions","name":"4dfc0855-92c4-4641-b155-a55ddd962362"},{"properties":{"displayName":"Microsoft
+ Managed Control 1001 - Access Control Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1001"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e26f8c3-4bf3-4191-b8fc-d888805101b7","type":"Microsoft.Authorization/policyDefinitions","name":"4e26f8c3-4bf3-4191-b8fc-d888805101b7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1083 - Publicly Accessible Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1083"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e319cb6-2ca3-4a58-ad75-e67f484e50ec","type":"Microsoft.Authorization/policyDefinitions","name":"4e319cb6-2ca3-4a58-ad75-e67f484e50ec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1579 - Acquisition Process | Use Of Approved Piv Products","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1579"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e54c7ef-7457-430b-9a3e-ef8881d4a8e0","type":"Microsoft.Authorization/policyDefinitions","name":"4e54c7ef-7457-430b-9a3e-ef8881d4a8e0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1247 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1247"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e666db5-b2ef-4b06-aac6-09bfce49151b","type":"Microsoft.Authorization/policyDefinitions","name":"4e666db5-b2ef-4b06-aac6-09bfce49151b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1196 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1196"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e7f4ea4-dd62-44f6-8886-ac6137cf52b0","type":"Microsoft.Authorization/policyDefinitions","name":"4e7f4ea4-dd62-44f6-8886-ac6137cf52b0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1134 - Protection Of Audit Information | Access By Subset
+ Of Privileged Users","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1134"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e95f70e-181c-4422-9da2-43079710c789","type":"Microsoft.Authorization/policyDefinitions","name":"4e95f70e-181c-4422-9da2-43079710c789"},{"properties":{"displayName":"Microsoft
+ Managed Control 1267 - Alternate Storage Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1267"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e97ba1d-be5d-4953-8da4-0cccf28f4805","type":"Microsoft.Authorization/policyDefinitions","name":"4e97ba1d-be5d-4953-8da4-0cccf28f4805"},{"properties":{"displayName":"Microsoft
+ Managed Control 1192 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1192"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4ebd97f7-b105-4f50-8daf-c51465991240","type":"Microsoft.Authorization/policyDefinitions","name":"4ebd97f7-b105-4f50-8daf-c51465991240"},{"properties":{"displayName":"Microsoft
+ Managed Control 1139 - Audit Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1139"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4ed62522-de00-4dda-9810-5205733d2f34","type":"Microsoft.Authorization/policyDefinitions","name":"4ed62522-de00-4dda-9810-5205733d2f34"},{"properties":{"displayName":"A
maximum of 3 owners should be designated for your subscription","policyType":"BuiltIn","mode":"All","description":"It
is recommended to designate up to 3 subscription owners in order to reduce
the potential for breach by a compromised owner.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateLessThanXOwners","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","type":"Microsoft.Authorization/policyDefinitions","name":"4f11b553-d42e-4e3a-89be-32ca364cad4c"},{"properties":{"displayName":"A
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateLessThanXOwners","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","type":"Microsoft.Authorization/policyDefinitions","name":"4f11b553-d42e-4e3a-89be-32ca364cad4c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1442 - Media Sanitization | Nondestructive Techniques","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1442"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f26049b-2c5a-4841-9ff3-d48a26aae475","type":"Microsoft.Authorization/policyDefinitions","name":"4f26049b-2c5a-4841-9ff3-d48a26aae475"},{"properties":{"displayName":"Microsoft
+ Managed Control 1182 - Baseline Configuration | Configure Systems, Components,
+ Or Devices For High-Risk Areas","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1182"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f34f554-da4b-4786-8d66-7915c90893da","type":"Microsoft.Authorization/policyDefinitions","name":"4f34f554-da4b-4786-8d66-7915c90893da"},{"properties":{"displayName":"A
security contact email address should be provided for your subscription","policyType":"BuiltIn","mode":"All","description":"Enter
an email address to receive notifications when Azure Security Center detects
compromised resources","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/email","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","type":"Microsoft.Authorization/policyDefinitions","name":"4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7"},{"properties":{"displayName":"[Preview]
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/email","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","type":"Microsoft.Authorization/policyDefinitions","name":"4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7"},{"properties":{"displayName":"Add
+ a tag to resources","policyType":"BuiltIn","mode":"Indexed","description":"Adds
+ the specified tag and value when any resource missing this tag is created
+ or updated. Existing resources can be remediated by triggering a remediation
+ task. If the tag exists with a different value it will not be changed. Does
+ not modify tags on resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
+ Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","exists":"false"},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"add","field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f9dc7db-30c1-420c-b61a-e1d640128d26","type":"Microsoft.Authorization/policyDefinitions","name":"4f9dc7db-30c1-420c-b61a-e1d640128d26"},{"properties":{"displayName":"[Preview]
Vulnerability Assessment should be enabled on Virtual Machines","policyType":"BuiltIn","mode":"All","description":"Monitors
vulnerabilities detected by Azure Security Center Vulnerability Assessment
on Virtual Machines","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"serverVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["NotApplicable","OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","type":"Microsoft.Authorization/policyDefinitions","name":"501541f7-f7e7-4cd6-868c-4190fdad3ac9"},{"properties":{"displayName":"Connection
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"serverVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["NotApplicable","OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","type":"Microsoft.Authorization/policyDefinitions","name":"501541f7-f7e7-4cd6-868c-4190fdad3ac9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1485 - Delivery And Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1485"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50301354-95d0-4a11-8af5-8039ecf6d38b","type":"Microsoft.Authorization/policyDefinitions","name":"50301354-95d0-4a11-8af5-8039ecf6d38b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1646 - Cryptographic Key Establishment And Management | Asymmetric
+ Keys","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1646"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/506814fa-b930-4b10-894e-a45b98c40e1a","type":"Microsoft.Authorization/policyDefinitions","name":"506814fa-b930-4b10-894e-a45b98c40e1a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1566 - System Development Life Cycle","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1566"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50ad3724-e2ac-4716-afcc-d8eabd97adb9","type":"Microsoft.Authorization/policyDefinitions","name":"50ad3724-e2ac-4716-afcc-d8eabd97adb9"},{"properties":{"displayName":"A
+ custom IPsec/IKE policy must be applied to all Azure virtual network gateway
+ connections","policyType":"BuiltIn","mode":"All","description":"This policy
+ ensures that all Azure virtual network gateway connections use a custom Internet
+ Protocol Security(Ipsec)/Internet Key Exchange(IKE) policy. Supported algorithms
+ and key strengths - https://aka.ms/AA62kb0","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"IPsecEncryption":{"type":"Array","metadata":{"displayName":"IPsec
+ Encryption","description":"IPsec Encryption"}},"IPsecIntegrity":{"type":"Array","metadata":{"displayName":"IPsec
+ Integrity","description":"IPsec Integrity"}},"IKEEncryption":{"type":"Array","metadata":{"displayName":"IKE
+ Encryption","description":"IKE Encryption"}},"IKEIntegrity":{"type":"Array","metadata":{"displayName":"IKE
+ Integrity","description":"IKE Integrity"}},"DHGroup":{"type":"Array","metadata":{"displayName":"DH
+ Group","description":"DH Group"}},"PFSGroup":{"type":"Array","metadata":{"displayName":"PFS
+ Group","description":"PFS Group"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/connections"},{"anyOf":[{"field":"Microsoft.Network/connections/ipsecPolicies[*].ipsecEncryption","notIn":"[parameters(''IPsecEncryption'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ipsecIntegrity","notIn":"[parameters(''IPsecIntegrity'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ikeEncryption","notIn":"[parameters(''IKEEncryption'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ikeIntegrity","notIn":"[parameters(''IKEIntegrity'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].dhGroup","notIn":"[parameters(''DHGroup'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].pfsGroup","notIn":"[parameters(''PFSGroup'')]"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50b83b09-03da-41c1-b656-c293c914862b","type":"Microsoft.Authorization/policyDefinitions","name":"50b83b09-03da-41c1-b656-c293c914862b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1248 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1248"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50fc602d-d8e0-444b-a039-ad138ee5deb0","type":"Microsoft.Authorization/policyDefinitions","name":"50fc602d-d8e0-444b-a039-ad138ee5deb0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1386 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1386"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5120193e-91fd-4f9d-bc6d-194f94734065","type":"Microsoft.Authorization/policyDefinitions","name":"5120193e-91fd-4f9d-bc6d-194f94734065"},{"properties":{"displayName":"Microsoft
+ Managed Control 1352 - Incident Response Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1352"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/518cb545-bfa8-43f8-a108-3b7d5037469a","type":"Microsoft.Authorization/policyDefinitions","name":"518cb545-bfa8-43f8-a108-3b7d5037469a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1642 - Network Disconnect","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1642"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/53397227-5ee3-4b23-9e5e-c8a767ce6928","type":"Microsoft.Authorization/policyDefinitions","name":"53397227-5ee3-4b23-9e5e-c8a767ce6928"},{"properties":{"displayName":"Connection
throttling should be enabled for PostgreSQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy helps audit any PostgreSQL databases in your environment without Connection
throttling enabled. This setting enables temporary connection throttling per
IP for too many invalid password login failures.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"connection_throttling","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd","type":"Microsoft.Authorization/policyDefinitions","name":"5345bb39-67dc-4960-a1bf-427e16b9a0bd"},{"properties":{"displayName":"CORS
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"connection_throttling","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd","type":"Microsoft.Authorization/policyDefinitions","name":"5345bb39-67dc-4960-a1bf-427e16b9a0bd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1467 - Visitor Access Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1467"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5350cbf9-8bdd-4904-b22a-e88be84ca49d","type":"Microsoft.Authorization/policyDefinitions","name":"5350cbf9-8bdd-4904-b22a-e88be84ca49d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1183 - Baseline Configuration | Configure Systems, Components,
+ Or Devices For High-Risk Areas","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1183"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5352e3e0-e63a-452e-9e5f-9c1d181cff9c","type":"Microsoft.Authorization/policyDefinitions","name":"5352e3e0-e63a-452e-9e5f-9c1d181cff9c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1029 - Information Flow Enforcement | Security Policy Filters","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1029"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69","type":"Microsoft.Authorization/policyDefinitions","name":"53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69"},{"properties":{"displayName":"Microsoft
+ Managed Control 1270 - Alternate Storage Site | Recovery Time / Point Objectives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1270"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/53c76a39-2097-408a-b237-b279f7b4614d","type":"Microsoft.Authorization/policyDefinitions","name":"53c76a39-2097-408a-b237-b279f7b4614d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1040 - Least Privilege | Review Of User Privileges","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1040"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/54205576-cec9-463f-ba44-b4b3f5d0a84c","type":"Microsoft.Authorization/policyDefinitions","name":"54205576-cec9-463f-ba44-b4b3f5d0a84c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1015 - Account Management | Disable Inactive Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1015"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/544a208a-9c3f-40bc-b1d1-d7e144495c14","type":"Microsoft.Authorization/policyDefinitions","name":"544a208a-9c3f-40bc-b1d1-d7e144495c14"},{"properties":{"displayName":"Microsoft
+ Managed Control 1026 - Account Management | Disable Accounts For High-Risk
+ Individuals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1026"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/55419419-c597-4cd4-b51e-009fd2266783","type":"Microsoft.Authorization/policyDefinitions","name":"55419419-c597-4cd4-b51e-009fd2266783"},{"properties":{"displayName":"Microsoft
+ Managed Control 1045 - Unsuccessful Logon Attempts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1045"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/554d2dd6-f3a8-4ad5-b66f-5ce23bd18892","type":"Microsoft.Authorization/policyDefinitions","name":"554d2dd6-f3a8-4ad5-b66f-5ce23bd18892"},{"properties":{"displayName":"Microsoft
+ Managed Control 1523 - Personnel Transfer","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1523"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5577a310-2551-49c8-803b-36e0d5e55601","type":"Microsoft.Authorization/policyDefinitions","name":"5577a310-2551-49c8-803b-36e0d5e55601"},{"properties":{"displayName":"Microsoft
+ Managed Control 1113 - Response To Audit Processing Failures | Audit Storage
+ Capacity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1113"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/562afd61-56be-4313-8fe4-b9564aa4ba7d","type":"Microsoft.Authorization/policyDefinitions","name":"562afd61-56be-4313-8fe4-b9564aa4ba7d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1212 - Configuration Settings | Automated Central Management
+ / Application / Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1212"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/56d970ee-4efc-49c8-8a4e-5916940d784c","type":"Microsoft.Authorization/policyDefinitions","name":"56d970ee-4efc-49c8-8a4e-5916940d784c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1403 - Controlled Maintenance | Automated Maintenance Activities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1403"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/57149289-d52b-4f40-9fe6-5233c1ef80f7","type":"Microsoft.Authorization/policyDefinitions","name":"57149289-d52b-4f40-9fe6-5233c1ef80f7"},{"properties":{"displayName":"CORS
should not allow every resource to access your Web Applications","policyType":"BuiltIn","mode":"Indexed","description":"Cross-Origin
Resource Sharing (CORS) should not allow all domains to access your web application.
Allow only required domains to interact with your web app.","metadata":{"category":"App
Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","type":"Microsoft.Authorization/policyDefinitions","name":"5744710e-cc2f-4ee8-8809-3b11e89f4bc9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","type":"Microsoft.Authorization/policyDefinitions","name":"5744710e-cc2f-4ee8-8809-3b11e89f4bc9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1162 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1162"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592","type":"Microsoft.Authorization/policyDefinitions","name":"5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592"},{"properties":{"displayName":"Microsoft
+ Managed Control 1054 - Session Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1054"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5807e1b4-ba5e-4718-8689-a0ca05a191b2","type":"Microsoft.Authorization/policyDefinitions","name":"5807e1b4-ba5e-4718-8689-a0ca05a191b2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1584 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1584"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5864522b-ff1d-4979-a9f8-58bee1fb174c","type":"Microsoft.Authorization/policyDefinitions","name":"5864522b-ff1d-4979-a9f8-58bee1fb174c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1547 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1547"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52","type":"Microsoft.Authorization/policyDefinitions","name":"58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52"},{"properties":{"displayName":"Microsoft
+ Managed Control 1573 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1573"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/58c93053-7b98-4cf0-b99f-1beb985416c2","type":"Microsoft.Authorization/policyDefinitions","name":"58c93053-7b98-4cf0-b99f-1beb985416c2"},{"properties":{"displayName":"[Deprecated]:
+ Ensure Function app is using the latest version of TLS encryption","policyType":"BuiltIn","mode":"Indexed","description":"Please
+ use /providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193
+ instead. The TLS(Transport Layer Security) protocol secures transmission of
+ data over the internet using standard encryption technology. Encryption should
+ be set with the latest version of TLS. App service allows TLS 1.2 by default,
+ which is the recommended TLS level by industry standards, such as PCI DSS","metadata":{"category":"App
+ Service","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/58d94fc1-a072-47c2-bd37-9cdb38e77453","type":"Microsoft.Authorization/policyDefinitions","name":"58d94fc1-a072-47c2-bd37-9cdb38e77453"},{"properties":{"displayName":"Microsoft
+ Managed Control 1063 - Remote Access | Managed Access Control Points","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1063"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/593ce201-54b2-4dd0-b34f-c308005d7780","type":"Microsoft.Authorization/policyDefinitions","name":"593ce201-54b2-4dd0-b34f-c308005d7780"},{"properties":{"displayName":"Microsoft
+ Managed Control 1463 - Monitoring Physical Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1463"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/59721f87-ae25-4db0-a2a4-77cc5b25d495","type":"Microsoft.Authorization/policyDefinitions","name":"59721f87-ae25-4db0-a2a4-77cc5b25d495"},{"properties":{"displayName":"Microsoft
+ Managed Control 1425 - Timely Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1425"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5983d99c-f39b-4c32-a3dc-170f19f6941b","type":"Microsoft.Authorization/policyDefinitions","name":"5983d99c-f39b-4c32-a3dc-170f19f6941b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1512 - Personnel Screening","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1512"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5a8324ad-f599-429b-aaed-f9c6e8c987a8","type":"Microsoft.Authorization/policyDefinitions","name":"5a8324ad-f599-429b-aaed-f9c6e8c987a8"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that do not have a minimum password age
of 1 day","policyType":"BuiltIn","mode":"All","description":"This policy should
only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that do not have a minimum password age of 1 day. For more
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","type":"Microsoft.Authorization/policyDefinitions","name":"5aa11bbc-5c76-4302-80e5-aba46a4282e7"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","type":"Microsoft.Authorization/policyDefinitions","name":"5aa11bbc-5c76-4302-80e5-aba46a4282e7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1032 - Separation Of Duties","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1032"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aa85661-d618-46b8-a20f-ca40a86f0751","type":"Microsoft.Authorization/policyDefinitions","name":"5aa85661-d618-46b8-a20f-ca40a86f0751"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that do not restrict the minimum password
length to 14 characters","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that do not restrict the minimum password
length to 14 characters. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","type":"Microsoft.Authorization/policyDefinitions","name":"5aebc8d1-020d-4037-89a0-02043a7524ec"},{"properties":{"displayName":"Show
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","type":"Microsoft.Authorization/policyDefinitions","name":"5aebc8d1-020d-4037-89a0-02043a7524ec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1555 - Vulnerability Scanning | Privileged Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1555"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5afa8cab-1ed7-4e40-884c-64e0ac2059cc","type":"Microsoft.Authorization/policyDefinitions","name":"5afa8cab-1ed7-4e40-884c-64e0ac2059cc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1205 - Access Restrictions For Change | Signed Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1205"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b070cab-0fb8-4e48-ad29-fc90b4c2797c","type":"Microsoft.Authorization/policyDefinitions","name":"5b070cab-0fb8-4e48-ad29-fc90b4c2797c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1005 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1005"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b626abc-26d4-4e22-9de8-3831818526b1","type":"Microsoft.Authorization/policyDefinitions","name":"5b626abc-26d4-4e22-9de8-3831818526b1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1105 - Audit Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1105"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b73f57b-587d-4470-a344-0b0ae805f459","type":"Microsoft.Authorization/policyDefinitions","name":"5b73f57b-587d-4470-a344-0b0ae805f459"},{"properties":{"displayName":"Show
audit results from Linux VMs that have the specified applications installed","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Linux virtual machines that have the specified applications installed.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"not_installed_application_linux","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8","type":"Microsoft.Authorization/policyDefinitions","name":"5b842acb-0fe7-41b0-9f40-880ec4ad84d8"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"not_installed_application_linux","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8","type":"Microsoft.Authorization/policyDefinitions","name":"5b842acb-0fe7-41b0-9f40-880ec4ad84d8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1433 - Media Transport","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1433"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b879b41-2728-41c5-ad24-9ee2c37cbe65","type":"Microsoft.Authorization/policyDefinitions","name":"5b879b41-2728-41c5-ad24-9ee2c37cbe65"},{"properties":{"displayName":"Ensure
+ WEB app has ''Client Certificates (Incoming client certificates)'' set to
+ ''On''","policyType":"BuiltIn","mode":"Indexed","description":"Client certificates
+ allow for the app to request a certificate for incoming requests. Only clients
+ that have a valid certificate will be able to reach the app.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"},{"field":"Microsoft.Web/sites/clientCertEnabled","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","type":"Microsoft.Authorization/policyDefinitions","name":"5bb220d9-2698-4ee4-8404-b9c30c9df609"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs on which the remote host connection
status does not match the specified one","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4976,14 +7033,17 @@ interactions:
so the machine will be non-compliant if it can establish a connection."},"allowedValues":["True","False"],"defaultValue":"False"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsRemoteConnection","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[WindowsRemoteConnection]WindowsRemoteConnection1;host'',
''='', parameters(''host''), '','', ''[WindowsRemoteConnection]WindowsRemoteConnection1;port'',
''='', parameters(''port''), '','', ''[WindowsRemoteConnection]WindowsRemoteConnection1;shouldConnect'',
- ''='', parameters(''shouldConnect'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsRemoteConnection"},"host":{"value":"[parameters(''host'')]"},"port":{"value":"[parameters(''port'')]"},"shouldConnect":{"value":"[parameters(''shouldConnect'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"host":{"type":"string"},"port":{"type":"string"},"shouldConnect":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;host","value":"[parameters(''host'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;port","value":"[parameters(''port'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;shouldConnect","value":"[parameters(''shouldConnect'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;host","value":"[parameters(''host'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;port","value":"[parameters(''port'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;shouldConnect","value":"[parameters(''shouldConnect'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5bb36dda-8a78-4df9-affd-4f05a8612a8a","type":"Microsoft.Authorization/policyDefinitions","name":"5bb36dda-8a78-4df9-affd-4f05a8612a8a"},{"properties":{"displayName":"[Preview]:
+ ''='', parameters(''shouldConnect'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsRemoteConnection"},"host":{"value":"[parameters(''host'')]"},"port":{"value":"[parameters(''port'')]"},"shouldConnect":{"value":"[parameters(''shouldConnect'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"host":{"type":"string"},"port":{"type":"string"},"shouldConnect":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;host","value":"[parameters(''host'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;port","value":"[parameters(''port'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;shouldConnect","value":"[parameters(''shouldConnect'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;host","value":"[parameters(''host'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;port","value":"[parameters(''port'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;shouldConnect","value":"[parameters(''shouldConnect'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5bb36dda-8a78-4df9-affd-4f05a8612a8a","type":"Microsoft.Authorization/policyDefinitions","name":"5bb36dda-8a78-4df9-affd-4f05a8612a8a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1551 - Vulnerability Scanning | Update Tool Capability","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1551"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5bbda922-0172-4095-89e6-5b4a0bf03af7","type":"Microsoft.Authorization/policyDefinitions","name":"5bbda922-0172-4095-89e6-5b4a0bf03af7"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Network Security''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -4999,16 +7059,38 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","type":"Microsoft.Authorization/policyDefinitions","name":"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138"},{"properties":{"displayName":"External
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","type":"Microsoft.Authorization/policyDefinitions","name":"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138"},{"properties":{"displayName":"Microsoft
+ Managed Control 1671 - Flaw Remediation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1671"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c5bbef7-a316-415b-9b38-29753ce8e698","type":"Microsoft.Authorization/policyDefinitions","name":"5c5bbef7-a316-415b-9b38-29753ce8e698"},{"properties":{"displayName":"Microsoft
+ Managed Control 1067 - Wireless Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1067"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c5e54f6-0127-44d0-8b61-f31dc8dd6190","type":"Microsoft.Authorization/policyDefinitions","name":"5c5e54f6-0127-44d0-8b61-f31dc8dd6190"},{"properties":{"displayName":"External
accounts with write permissions should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"External
accounts with write privileges should be removed from your subscription in
order to prevent unmonitored access.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","type":"Microsoft.Authorization/policyDefinitions","name":"5c607a2e-c700-4744-8254-d77e7c9eb5e4"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","type":"Microsoft.Authorization/policyDefinitions","name":"5c607a2e-c700-4744-8254-d77e7c9eb5e4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1483 - Water Damage Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1483"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5cb81060-3c8a-4968-bcdc-395a1801f6c1","type":"Microsoft.Authorization/policyDefinitions","name":"5cb81060-3c8a-4968-bcdc-395a1801f6c1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1362 - Incident Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1362"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5d169442-d6ef-439b-8dca-46c2c3248214","type":"Microsoft.Authorization/policyDefinitions","name":"5d169442-d6ef-439b-8dca-46c2c3248214"},{"properties":{"displayName":"Microsoft
+ Managed Control 1014 - Account Management | Removal Of Temporary / Emergency
+ Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1014"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5dee936c-8037-4df1-ab35-6635733da48c","type":"Microsoft.Authorization/policyDefinitions","name":"5dee936c-8037-4df1-ab35-6635733da48c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1665 - Process Isolation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1665"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5df3a55c-8456-44d4-941e-175f79332512","type":"Microsoft.Authorization/policyDefinitions","name":"5df3a55c-8456-44d4-941e-175f79332512"},{"properties":{"displayName":"[Deprecated]:
Function App should only be accessible over HTTPS","policyType":"BuiltIn","mode":"All","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"Security
Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForFunctionApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55","type":"Microsoft.Authorization/policyDefinitions","name":"5df82f4f-773a-4a2d-97a2-422a806f1a55"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForFunctionApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55","type":"Microsoft.Authorization/policyDefinitions","name":"5df82f4f-773a-4a2d-97a2-422a806f1a55"},{"properties":{"displayName":"Microsoft
+ Managed Control 1251 - Contingency Plan | Coordinate With Related Plans","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1251"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e2b3730-8c14-4081-8893-19dbb5de7348","type":"Microsoft.Authorization/policyDefinitions","name":"5e2b3730-8c14-4081-8893-19dbb5de7348"},{"properties":{"displayName":"[Deprecated]:
Audit Web Applications that are not using latest supported .NET Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported .NET Framework version for the latest security classes.
Using older classes and types can make your application vulnerable.","metadata":{"category":"Security
@@ -5020,8 +7102,14 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that do not have the specified applications installed. For
more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WhitelistedApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9","type":"Microsoft.Authorization/policyDefinitions","name":"5e393799-e3ca-4e43-a9a5-0ec4648a57d9"},{"properties":{"displayName":"Allow
- resource creation only in India data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WhitelistedApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9","type":"Microsoft.Authorization/policyDefinitions","name":"5e393799-e3ca-4e43-a9a5-0ec4648a57d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1116 - Audit Review, Analysis, And Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1116"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e47bc51-35d1-44b8-92af-e2f2d8b67635","type":"Microsoft.Authorization/policyDefinitions","name":"5e47bc51-35d1-44b8-92af-e2f2d8b67635"},{"properties":{"displayName":"Microsoft
+ Managed Control 1208 - Configuration Settings","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1208"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ea87673-d06b-456f-a324-8abcee5c159f","type":"Microsoft.Authorization/policyDefinitions","name":"5ea87673-d06b-456f-a324-8abcee5c159f"},{"properties":{"displayName":"[Deprecated]:
+ Allow resource creation only in India data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation in the following locations only: West India, South India,
Central India","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["westindia","southindia","centralindia"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54","type":"Microsoft.Authorization/policyDefinitions","name":"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54"},{"properties":{"displayName":"[Preview]:
Deploy Log Analytics Agent for Linux VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
@@ -5038,11 +7126,26 @@ interactions:
''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachineScaleSets/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069","type":"Microsoft.Authorization/policyDefinitions","name":"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069"},{"properties":{"displayName":"External
+ extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069","type":"Microsoft.Authorization/policyDefinitions","name":"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069"},{"properties":{"displayName":"Microsoft
+ Managed Control 1576 - Acquisition Process | Design / Implementation Information
+ For Security Controls","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1576"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5f18c885-ade3-48c5-80b1-8f9216019c18","type":"Microsoft.Authorization/policyDefinitions","name":"5f18c885-ade3-48c5-80b1-8f9216019c18"},{"properties":{"displayName":"External
accounts with read permissions should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"External
accounts with read privileges should be removed from your subscription in
order to prevent unmonitored access.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithReadPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","type":"Microsoft.Authorization/policyDefinitions","name":"5f76cf89-fbf2-47fd-a3f4-b891fa780b60"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithReadPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","type":"Microsoft.Authorization/policyDefinitions","name":"5f76cf89-fbf2-47fd-a3f4-b891fa780b60"},{"properties":{"displayName":"Add
+ or replace a tag on resources","policyType":"BuiltIn","mode":"Indexed","description":"Adds
+ or replaces the specified tag and value when any resource is created or updated.
+ Existing resources can be remediated by triggering a remediation task. Does
+ not modify tags on resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
+ Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","notEquals":"[parameters(''tagValue'')]"},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"addOrReplace","field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ffd78d9-436d-4b41-a421-5baa819e3008","type":"Microsoft.Authorization/policyDefinitions","name":"5ffd78d9-436d-4b41-a421-5baa819e3008"},{"properties":{"displayName":"Microsoft
+ Managed Control 1663 - Protection Of Information At Rest","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1663"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/60171210-6dde-40af-a144-bf2670518bfa","type":"Microsoft.Authorization/policyDefinitions","name":"60171210-6dde-40af-a144-bf2670518bfa"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Object Access''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -5050,7 +7153,11 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''System Audit Policies - Object Access''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesObjectAccess","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/60aeaf73-a074-417a-905f-7ce9df0ff77b","type":"Microsoft.Authorization/policyDefinitions","name":"60aeaf73-a074-417a-905f-7ce9df0ff77b"},{"properties":{"displayName":"Show
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesObjectAccess","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/60aeaf73-a074-417a-905f-7ce9df0ff77b","type":"Microsoft.Authorization/policyDefinitions","name":"60aeaf73-a074-417a-905f-7ce9df0ff77b"},{"properties":{"displayName":"Storage
+ Accounts should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Storage Account not configured to use a virtual network
+ service endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"anyOf":[{"field":"Microsoft.Storage/storageAccounts/networkAcls.defaultAction","notEquals":"Deny"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.virtualNetworkRules[*].id","exists":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/60d21c4f-21a3-4d94-85f4-b924e6aeeda4","type":"Microsoft.Authorization/policyDefinitions","name":"60d21c4f-21a3-4d94-85f4-b924e6aeeda4"},{"properties":{"displayName":"Show
audit results from Windows web servers that are not using secure communication
protocols","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
@@ -5064,19 +7171,87 @@ interactions:
a storage account in the same region and resource group as the SQL server
to store scan results, with a ''sqlva'' prefix.","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/securityAlertPolicies.state","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3","/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"serverName":{"type":"string"},"location":{"type":"string"}},"variables":{"serverResourceGroupName":"[resourceGroup().name]","subscriptionId":"[subscription().subscriptionId]","uniqueStorage":"[uniqueString(variables(''subscriptionId''),
variables(''serverResourceGroupName''), parameters(''location''))]","storageName":"[tolower(concat(''sqlva'',
- variables(''uniqueStorage'')))]"},"resources":[{"type":"Microsoft.Storage/storageAccounts","name":"[variables(''storageName'')]","apiVersion":"2016-01-01","location":"[parameters(''location'')]","sku":{"name":"Standard_LRS"},"kind":"Storage","properties":{}},{"name":"[concat(parameters(''serverName''),
+ variables(''uniqueStorage'')))]"},"resources":[{"type":"Microsoft.Storage/storageAccounts","name":"[variables(''storageName'')]","apiVersion":"2019-04-01","location":"[parameters(''location'')]","sku":{"name":"Standard_LRS"},"kind":"StorageV2","properties":{}},{"name":"[concat(parameters(''serverName''),
''/Default'')]","type":"Microsoft.Sql/servers/securityAlertPolicies","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","emailAccountAdmins":true}},{"name":"[concat(parameters(''serverName''),
''/Default'')]","type":"Microsoft.Sql/servers/vulnerabilityAssessments","apiVersion":"2018-06-01-preview","properties":{"storageContainerPath":"[concat(reference(resourceId(''Microsoft.Storage/storageAccounts'',
variables(''storageName''))).primaryEndpoints.blob, ''vulnerability-assessment'')]","storageAccountAccessKey":"[listKeys(resourceId(''Microsoft.Storage/storageAccounts'',
variables(''storageName'')), ''2018-02-01'').keys[0].value]","recurringScans":{"isEnabled":true,"emailSubscriptionAdmins":true,"emails":[]}},"dependsOn":["[concat(''Microsoft.Storage/storageAccounts/'',
variables(''storageName''))]","[concat(''Microsoft.Sql/servers/'', parameters(''serverName''),
- ''/securityAlertPolicies/Default'')]"]}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6","type":"Microsoft.Authorization/policyDefinitions","name":"6134c3db-786f-471e-87bc-8f479dc890f6"},{"properties":{"displayName":"Service
+ ''/securityAlertPolicies/Default'')]"]}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6","type":"Microsoft.Authorization/policyDefinitions","name":"6134c3db-786f-471e-87bc-8f479dc890f6"},{"properties":{"displayName":"Configure
+ time zone on Windows machines.","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to set specified time zone
+ on Windows virtual machines.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"TimeZone":{"type":"String","metadata":{"displayName":"Time
+ zone","description":"The expected time zone"},"allowedValues":["(UTC-12:00)
+ International Date Line West","(UTC-11:00) Coordinated Universal Time-11","(UTC-10:00)
+ Aleutian Islands","(UTC-10:00) Hawaii","(UTC-09:30) Marquesas Islands","(UTC-09:00)
+ Alaska","(UTC-09:00) Coordinated Universal Time-09","(UTC-08:00) Baja California","(UTC-08:00)
+ Coordinated Universal Time-08","(UTC-08:00) Pacific Time (US & Canada)","(UTC-07:00)
+ Arizona","(UTC-07:00) Chihuahua, La Paz, Mazatlan","(UTC-07:00) Mountain Time
+ (US & Canada)","(UTC-06:00) Central America","(UTC-06:00) Central Time (US
+ & Canada)","(UTC-06:00) Easter Island","(UTC-06:00) Guadalajara, Mexico City,
+ Monterrey","(UTC-06:00) Saskatchewan","(UTC-05:00) Bogota, Lima, Quito, Rio
+ Branco","(UTC-05:00) Chetumal","(UTC-05:00) Eastern Time (US & Canada)","(UTC-05:00)
+ Haiti","(UTC-05:00) Havana","(UTC-05:00) Indiana (East)","(UTC-05:00) Turks
+ and Caicos","(UTC-04:00) Asuncion","(UTC-04:00) Atlantic Time (Canada)","(UTC-04:00)
+ Caracas","(UTC-04:00) Cuiaba","(UTC-04:00) Georgetown, La Paz, Manaus, San
+ Juan","(UTC-04:00) Santiago","(UTC-03:30) Newfoundland","(UTC-03:00) Araguaina","(UTC-03:00)
+ Brasilia","(UTC-03:00) Cayenne, Fortaleza","(UTC-03:00) City of Buenos Aires","(UTC-03:00)
+ Greenland","(UTC-03:00) Montevideo","(UTC-03:00) Punta Arenas","(UTC-03:00)
+ Saint Pierre and Miquelon","(UTC-03:00) Salvador","(UTC-02:00) Coordinated
+ Universal Time-02","(UTC-02:00) Mid-Atlantic - Old","(UTC-01:00) Azores","(UTC-01:00)
+ Cabo Verde Is.","(UTC) Coordinated Universal Time","(UTC+00:00) Dublin, Edinburgh,
+ Lisbon, London","(UTC+00:00) Monrovia, Reykjavik","(UTC+00:00) Sao Tome","(UTC+01:00)
+ Casablanca","(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna","(UTC+01:00)
+ Belgrade, Bratislava, Budapest, Ljubljana, Prague","(UTC+01:00) Brussels,
+ Copenhagen, Madrid, Paris","(UTC+01:00) Sarajevo, Skopje, Warsaw, Zagreb","(UTC+01:00)
+ West Central Africa","(UTC+02:00) Amman","(UTC+02:00) Athens, Bucharest","(UTC+02:00)
+ Beirut","(UTC+02:00) Cairo","(UTC+02:00) Chisinau","(UTC+02:00) Damascus","(UTC+02:00)
+ Gaza, Hebron","(UTC+02:00) Harare, Pretoria","(UTC+02:00) Helsinki, Kyiv,
+ Riga, Sofia, Tallinn, Vilnius","(UTC+02:00) Jerusalem","(UTC+02:00) Kaliningrad","(UTC+02:00)
+ Khartoum","(UTC+02:00) Tripoli","(UTC+02:00) Windhoek","(UTC+03:00) Baghdad","(UTC+03:00)
+ Istanbul","(UTC+03:00) Kuwait, Riyadh","(UTC+03:00) Minsk","(UTC+03:00) Moscow,
+ St. Petersburg","(UTC+03:00) Nairobi","(UTC+03:30) Tehran","(UTC+04:00) Abu
+ Dhabi, Muscat","(UTC+04:00) Astrakhan, Ulyanovsk","(UTC+04:00) Baku","(UTC+04:00)
+ Izhevsk, Samara","(UTC+04:00) Port Louis","(UTC+04:00) Saratov","(UTC+04:00)
+ Tbilisi","(UTC+04:00) Volgograd","(UTC+04:00) Yerevan","(UTC+04:30) Kabul","(UTC+05:00)
+ Ashgabat, Tashkent","(UTC+05:00) Ekaterinburg","(UTC+05:00) Islamabad, Karachi","(UTC+05:00)
+ Qyzylorda","(UTC+05:30) Chennai, Kolkata, Mumbai, New Delhi","(UTC+05:30)
+ Sri Jayawardenepura","(UTC+05:45) Kathmandu","(UTC+06:00) Astana","(UTC+06:00)
+ Dhaka","(UTC+06:00) Omsk","(UTC+06:30) Yangon (Rangoon)","(UTC+07:00) Bangkok,
+ Hanoi, Jakarta","(UTC+07:00) Barnaul, Gorno-Altaysk","(UTC+07:00) Hovd","(UTC+07:00)
+ Krasnoyarsk","(UTC+07:00) Novosibirsk","(UTC+07:00) Tomsk","(UTC+08:00) Beijing,
+ Chongqing, Hong Kong, Urumqi","(UTC+08:00) Irkutsk","(UTC+08:00) Kuala Lumpur,
+ Singapore","(UTC+08:00) Perth","(UTC+08:00) Taipei","(UTC+08:00) Ulaanbaatar","(UTC+08:45)
+ Eucla","(UTC+09:00) Chita","(UTC+09:00) Osaka, Sapporo, Tokyo","(UTC+09:00)
+ Pyongyang","(UTC+09:00) Seoul","(UTC+09:00) Yakutsk","(UTC+09:30) Adelaide","(UTC+09:30)
+ Darwin","(UTC+10:00) Brisbane","(UTC+10:00) Canberra, Melbourne, Sydney","(UTC+10:00)
+ Guam, Port Moresby","(UTC+10:00) Hobart","(UTC+10:00) Vladivostok","(UTC+10:30)
+ Lord Howe Island","(UTC+11:00) Bougainville Island","(UTC+11:00) Chokurdakh","(UTC+11:00)
+ Magadan","(UTC+11:00) Norfolk Island","(UTC+11:00) Sakhalin","(UTC+11:00)
+ Solomon Is., New Caledonia","(UTC+12:00) Anadyr, Petropavlovsk-Kamchatsky","(UTC+12:00)
+ Auckland, Wellington","(UTC+12:00) Coordinated Universal Time+12","(UTC+12:00)
+ Fiji","(UTC+12:00) Petropavlovsk-Kamchatsky - Old","(UTC+12:45) Chatham Islands","(UTC+13:00)
+ Coordinated Universal Time+13","(UTC+13:00) Nuku''alofa","(UTC+13:00) Samoa","(UTC+14:00)
+ Kiritimati Island"]}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"SetWindowsTimeZone","existenceCondition":{"allOf":[{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[WindowsTimeZone]WindowsTimeZone1;TimeZone'',
+ ''='', parameters(''TimeZone'')))]"},{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"SetWindowsTimeZone"},"TimeZone":{"value":"[parameters(''TimeZone'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"TimeZone":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","assignmentType":"DeployAndAutoCorrect","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","assignmentType":"DeployAndAutoCorrect","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6141c932-9384-44c6-a395-59e4c057d7c9","type":"Microsoft.Authorization/policyDefinitions","name":"6141c932-9384-44c6-a395-59e4c057d7c9"},{"properties":{"displayName":"Service
Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign","policyType":"BuiltIn","mode":"Indexed","description":"Service
Fabric provides three levels of protection (None, Sign and EncryptAndSign)
for node-to-node communication using a primary cluster certificate. Set the
protection level to ensure that all node-to-node messages are encrypted and
digitally signed","metadata":{"category":"Service Fabric"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceFabric/clusters"},{"anyOf":[{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].name","notEquals":"Security"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name","notEquals":"ClusterProtectionLevel"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value","notEquals":"EncryptAndSign"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","type":"Microsoft.Authorization/policyDefinitions","name":"617c02be-7f02-4efd-8836-3180d47b6c68"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceFabric/clusters"},{"anyOf":[{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].name","notEquals":"Security"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name","notEquals":"ClusterProtectionLevel"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value","notEquals":"EncryptAndSign"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","type":"Microsoft.Authorization/policyDefinitions","name":"617c02be-7f02-4efd-8836-3180d47b6c68"},{"properties":{"displayName":"Microsoft
+ Managed Control 1110 - Audit Storage Capacity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1110"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6182bfa7-0f2a-43f5-834a-a2ddf31c13c7","type":"Microsoft.Authorization/policyDefinitions","name":"6182bfa7-0f2a-43f5-834a-a2ddf31c13c7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1415 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1415"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/61a1dd98-b259-4840-abd5-fbba7ee0da83","type":"Microsoft.Authorization/policyDefinitions","name":"61a1dd98-b259-4840-abd5-fbba7ee0da83"},{"properties":{"displayName":"Microsoft
+ Managed Control 1153 - System Interconnections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1153"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/61cf3125-142c-4754-8a16-41ab4d529635","type":"Microsoft.Authorization/policyDefinitions","name":"61cf3125-142c-4754-8a16-41ab4d529635"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
System objects''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -5084,7 +7259,24 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - System objects''. For more information on Guest
Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsSystemobjects","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/620e58b5-ac75-49b4-993f-a9d4f0459636","type":"Microsoft.Authorization/policyDefinitions","name":"620e58b5-ac75-49b4-993f-a9d4f0459636"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsSystemobjects","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/620e58b5-ac75-49b4-993f-a9d4f0459636","type":"Microsoft.Authorization/policyDefinitions","name":"620e58b5-ac75-49b4-993f-a9d4f0459636"},{"properties":{"displayName":"Microsoft
+ Managed Control 1682 - Malicious Code Protection | Nonsignature-Based Detection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1682"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/62b638c5-29d7-404b-8d93-f21e4b1ce198","type":"Microsoft.Authorization/policyDefinitions","name":"62b638c5-29d7-404b-8d93-f21e4b1ce198"},{"properties":{"displayName":"Microsoft
+ Managed Control 1660 - Session Authenticity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1660"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/63096613-ce83-43e5-96f4-e588e8813554","type":"Microsoft.Authorization/policyDefinitions","name":"63096613-ce83-43e5-96f4-e588e8813554"},{"properties":{"displayName":"Microsoft
+ Managed Control 1002 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1002"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/632024c2-8079-439d-a7f6-90af1d78cc65","type":"Microsoft.Authorization/policyDefinitions","name":"632024c2-8079-439d-a7f6-90af1d78cc65"},{"properties":{"displayName":"Microsoft
+ Managed Control 1498 - Rules Of Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1498"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/633988b9-cf2f-4323-8394-f0d2af9cd6e1","type":"Microsoft.Authorization/policyDefinitions","name":"633988b9-cf2f-4323-8394-f0d2af9cd6e1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1177 - Baseline Configuration | Reviews And Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1177"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc","type":"Microsoft.Authorization/policyDefinitions","name":"63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1185 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1185"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6420cd73-b939-43b7-9d99-e8688fea053c","type":"Microsoft.Authorization/policyDefinitions","name":"6420cd73-b939-43b7-9d99-e8688fea053c"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Devices''","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5101,16 +7293,38 @@ interactions:
Allowed to format and eject removable media;ExpectedValue'', ''='', parameters(''DevicesAllowedToFormatAndEjectRemovableMedia'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsDevices"},"DevicesAllowedToFormatAndEjectRemovableMedia":{"value":"[parameters(''DevicesAllowedToFormatAndEjectRemovableMedia'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"DevicesAllowedToFormatAndEjectRemovableMedia":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Devices:
Allowed to format and eject removable media;ExpectedValue","value":"[parameters(''DevicesAllowedToFormatAndEjectRemovableMedia'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6481cc21-ed6e-4480-99dd-ea7c5222e897","type":"Microsoft.Authorization/policyDefinitions","name":"6481cc21-ed6e-4480-99dd-ea7c5222e897"},{"properties":{"displayName":"[Deprecated]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6481cc21-ed6e-4480-99dd-ea7c5222e897","type":"Microsoft.Authorization/policyDefinitions","name":"6481cc21-ed6e-4480-99dd-ea7c5222e897"},{"properties":{"displayName":"Microsoft
+ Managed Control 1441 - Media Sanitization | Equipment Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1441"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6519d7f3-e8a2-4ff3-a935-9a9497152ad7","type":"Microsoft.Authorization/policyDefinitions","name":"6519d7f3-e8a2-4ff3-a935-9a9497152ad7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1558 - Vulnerability Scanning | Correlate Scanning Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1558"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/65592b16-4367-42c5-a26e-d371be450e17","type":"Microsoft.Authorization/policyDefinitions","name":"65592b16-4367-42c5-a26e-d371be450e17"},{"properties":{"displayName":"[Deprecated]:
Audit missing blob encryption for storage accounts","policyType":"BuiltIn","mode":"All","description":"This
policy is no longer necessary because storage blob encryption is enabled by
default and cannot be turned off.","metadata":{"category":"Security Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759","type":"Microsoft.Authorization/policyDefinitions","name":"655cb504-bcee-4362-bd4c-402e6aa38759"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759","type":"Microsoft.Authorization/policyDefinitions","name":"655cb504-bcee-4362-bd4c-402e6aa38759"},{"properties":{"displayName":"Microsoft
+ Managed Control 1261 - Contingency Plan Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1261"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/65aeceb5-a59c-4cb1-8d82-9c474be5d431","type":"Microsoft.Authorization/policyDefinitions","name":"65aeceb5-a59c-4cb1-8d82-9c474be5d431"},{"properties":{"displayName":"[Deprecated]:
Audit IP restrictions configuration for a Function App","policyType":"BuiltIn","mode":"All","description":"IP
Restrictions allow you to define a list of IP addresses that are allowed to
access your app. Use of IP Restrictions protects a Function app from common
attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90","type":"Microsoft.Authorization/policyDefinitions","name":"664346d9-be92-43fb-a219-d595eeb76a90"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90","type":"Microsoft.Authorization/policyDefinitions","name":"664346d9-be92-43fb-a219-d595eeb76a90"},{"properties":{"displayName":"Microsoft
+ Managed Control 1444 - Media Use | Prohibit Use Without Owner","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1444"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/666143df-f5e0-45bd-b554-135f0f93e44e","type":"Microsoft.Authorization/policyDefinitions","name":"666143df-f5e0-45bd-b554-135f0f93e44e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1319 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1319"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/66f7ae57-5560-4fc5-85c9-659f204e7a42","type":"Microsoft.Authorization/policyDefinitions","name":"66f7ae57-5560-4fc5-85c9-659f204e7a42"},{"properties":{"displayName":"Microsoft
+ Managed Control 1628 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1628"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/67de62b4-a737-4781-8861-3baed3c35069","type":"Microsoft.Authorization/policyDefinitions","name":"67de62b4-a737-4781-8861-3baed3c35069"},{"properties":{"displayName":"Microsoft
+ Managed Control 1377 - Incident Response Assistance | Coordination With External
+ Providers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1377"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68434bd1-e14b-4031-9edb-a4adf5f84a67","type":"Microsoft.Authorization/policyDefinitions","name":"68434bd1-e14b-4031-9edb-a4adf5f84a67"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs on which the Log Analytics agent
is not connected as expected","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5122,14 +7336,42 @@ interactions:
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"WorkspaceId":{"type":"String","metadata":{"displayName":"Connected
workspace IDs","description":"A semicolon-separated list of the workspace
IDs that the Log Analytics agent should be connected to"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsLogAnalyticsAgentConnection","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[LogAnalyticsAgent]LogAnalyticsAgent1;WorkspaceId'',
- ''='', parameters(''WorkspaceId'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsLogAnalyticsAgentConnection"},"WorkspaceId":{"value":"[parameters(''WorkspaceId'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"WorkspaceId":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LogAnalyticsAgent]LogAnalyticsAgent1;WorkspaceId","value":"[parameters(''WorkspaceId'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LogAnalyticsAgent]LogAnalyticsAgent1;WorkspaceId","value":"[parameters(''WorkspaceId'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68511db2-bd02-41c4-ae6b-1900a012968a","type":"Microsoft.Authorization/policyDefinitions","name":"68511db2-bd02-41c4-ae6b-1900a012968a"},{"properties":{"displayName":"[Preview]:
+ ''='', parameters(''WorkspaceId'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsLogAnalyticsAgentConnection"},"WorkspaceId":{"value":"[parameters(''WorkspaceId'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"WorkspaceId":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LogAnalyticsAgent]LogAnalyticsAgent1;WorkspaceId","value":"[parameters(''WorkspaceId'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LogAnalyticsAgent]LogAnalyticsAgent1;WorkspaceId","value":"[parameters(''WorkspaceId'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68511db2-bd02-41c4-ae6b-1900a012968a","type":"Microsoft.Authorization/policyDefinitions","name":"68511db2-bd02-41c4-ae6b-1900a012968a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1597 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1597"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68b250ec-2e4f-4eee-898a-117a9fda7016","type":"Microsoft.Authorization/policyDefinitions","name":"68b250ec-2e4f-4eee-898a-117a9fda7016"},{"properties":{"displayName":"Microsoft
+ Managed Control 1588 - External Information System Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1588"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68ebae26-e0e0-4ecb-8379-aabf633b51e9","type":"Microsoft.Authorization/policyDefinitions","name":"68ebae26-e0e0-4ecb-8379-aabf633b51e9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1070 - Wireless Access | Disable Wireless Networking","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1070"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68f837d0-8942-4b1e-9b31-be78b247bda8","type":"Microsoft.Authorization/policyDefinitions","name":"68f837d0-8942-4b1e-9b31-be78b247bda8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1727 - Memory Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1727"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/697175a7-9715-4e89-b98b-c6f605888fa3","type":"Microsoft.Authorization/policyDefinitions","name":"697175a7-9715-4e89-b98b-c6f605888fa3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1652 - Mobile Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1652"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6998e84a-2d29-4e10-8962-76754d4f772d","type":"Microsoft.Authorization/policyDefinitions","name":"6998e84a-2d29-4e10-8962-76754d4f772d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1699 - Information System Monitoring | Privileged Users","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1699"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/69c7bee8-bc19-4129-a51e-65a7b39d3e7c","type":"Microsoft.Authorization/policyDefinitions","name":"69c7bee8-bc19-4129-a51e-65a7b39d3e7c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1696 - Information System Monitoring | Correlate Monitoring
+ Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1696"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/69d2a238-20ab-4206-a6dc-f302bf88b1b8","type":"Microsoft.Authorization/policyDefinitions","name":"69d2a238-20ab-4206-a6dc-f302bf88b1b8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1244 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1244"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a13a8f8-c163-4b1b-8554-d63569dab937","type":"Microsoft.Authorization/policyDefinitions","name":"6a13a8f8-c163-4b1b-8554-d63569dab937"},{"properties":{"displayName":"Microsoft
+ Managed Control 1019 - Account Management | Role-Based Schemes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1019"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a3ee9b2-3977-459c-b8ce-2db583abd9f7","type":"Microsoft.Authorization/policyDefinitions","name":"6a3ee9b2-3977-459c-b8ce-2db583abd9f7"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs on which Windows Defender Exploit
Guard is not enabled","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5144,41 +7386,120 @@ interactions:
machines with older versions on which Windows Defender Exploit Guard is not
available (such as Windows Server 2012 R2) non-compliant. Setting this value
to ''Compliant'' will make these machines compliant."},"allowedValues":["Compliant","Non-Compliant"],"defaultValue":"Non-Compliant"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDefenderExploitGuard","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[WindowsDefenderExploitGuard]WindowsDefenderExploitGuard1;NotAvailableMachineState'',
- ''='', parameters(''NotAvailableMachineState'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDefenderExploitGuard"},"NotAvailableMachineState":{"value":"[parameters(''NotAvailableMachineState'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"NotAvailableMachineState":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsDefenderExploitGuard]WindowsDefenderExploitGuard1;NotAvailableMachineState","value":"[parameters(''NotAvailableMachineState'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsDefenderExploitGuard]WindowsDefenderExploitGuard1;NotAvailableMachineState","value":"[parameters(''NotAvailableMachineState'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''='', parameters(''NotAvailableMachineState'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDefenderExploitGuard"},"NotAvailableMachineState":{"value":"[parameters(''NotAvailableMachineState'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"NotAvailableMachineState":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsDefenderExploitGuard]WindowsDefenderExploitGuard1;NotAvailableMachineState","value":"[parameters(''NotAvailableMachineState'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsDefenderExploitGuard]WindowsDefenderExploitGuard1;NotAvailableMachineState","value":"[parameters(''NotAvailableMachineState'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a7a2bcf-f9be-4e35-9734-4f9657a70f1d","type":"Microsoft.Authorization/policyDefinitions","name":"6a7a2bcf-f9be-4e35-9734-4f9657a70f1d"},{"properties":{"displayName":"[Deprecated]:
Audit IP restrictions configuration for a Web Application","policyType":"BuiltIn","mode":"All","description":"IP
Restrictions allow you to define a list of IP addresses that are allowed to
access your app. Use of IP Restrictions protects a web application from common
attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe","type":"Microsoft.Authorization/policyDefinitions","name":"6a8450e2-6c61-43b4-be65-62e3a197bffe"},{"properties":{"displayName":"Deprecated
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe","type":"Microsoft.Authorization/policyDefinitions","name":"6a8450e2-6c61-43b4-be65-62e3a197bffe"},{"properties":{"displayName":"Microsoft
+ Managed Control 1211 - Configuration Settings","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1211"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a8b9dc8-6b00-4701-aa96-bba3277ebf50","type":"Microsoft.Authorization/policyDefinitions","name":"6a8b9dc8-6b00-4701-aa96-bba3277ebf50"},{"properties":{"displayName":"[Deprecated]:
+ Ensure WEB app is using the latest version of TLS encryption ","policyType":"BuiltIn","mode":"Indexed","description":"Please
+ use /providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b
+ instead. The TLS(Transport Layer Security) protocol secures transmission of
+ data over the internet using standard encryption technology. Encryption should
+ be set with the latest version of TLS. App service allows TLS 1.2 by default,
+ which is the recommended TLS level by industry standards, such as PCI DSS.","metadata":{"category":"App
+ Service","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6ad61431-88ce-4357-a0e1-6da43f292bd7","type":"Microsoft.Authorization/policyDefinitions","name":"6ad61431-88ce-4357-a0e1-6da43f292bd7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1653 - Mobile Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1653"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b","type":"Microsoft.Authorization/policyDefinitions","name":"6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b"},{"properties":{"displayName":"Deprecated
accounts should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"Deprecated
accounts should be removed from your subscriptions. Deprecated accounts are
accounts that have been blocked from signing in.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveDeprecatedAccounts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","type":"Microsoft.Authorization/policyDefinitions","name":"6b1cbf55-e8b6-442f-ba4c-7246b6381474"},{"properties":{"displayName":"Not
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveDeprecatedAccounts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","type":"Microsoft.Authorization/policyDefinitions","name":"6b1cbf55-e8b6-442f-ba4c-7246b6381474"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Service Bus to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Service Bus to stream to a regional Event Hub
+ when any Service Bus which is missing this diagnostic settings is created
+ or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.ServiceBus/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b51af03-9277-49a9-a3f8-1c69c9ff7403","type":"Microsoft.Authorization/policyDefinitions","name":"6b51af03-9277-49a9-a3f8-1c69c9ff7403"},{"properties":{"displayName":"Microsoft
+ Managed Control 1031 - Separation Of Duties","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1031"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b93a801-fe25-4574-a60d-cb22acffae00","type":"Microsoft.Authorization/policyDefinitions","name":"6b93a801-fe25-4574-a60d-cb22acffae00"},{"properties":{"displayName":"Not
allowed resource types","policyType":"BuiltIn","mode":"All","description":"This
policy enables you to specify the resource types that your organization cannot
deploy.","metadata":{"category":"General"},"parameters":{"listOfResourceTypesNotAllowed":{"type":"Array","metadata":{"description":"The
list of resource types that cannot be deployed.","displayName":"Not allowed
- resource types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypesNotAllowed'')]"},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749","type":"Microsoft.Authorization/policyDefinitions","name":"6c112d4e-5bc7-47ae-a041-ea2d9dccd749"},{"properties":{"displayName":"Function
+ resource types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypesNotAllowed'')]"},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749","type":"Microsoft.Authorization/policyDefinitions","name":"6c112d4e-5bc7-47ae-a041-ea2d9dccd749"},{"properties":{"displayName":"Microsoft
+ Managed Control 1338 - Authenticator Management | Automated Support For Password
+ Strength Determination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1338"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6c59a207-6aed-41dc-83a2-e1ff66e4a4db","type":"Microsoft.Authorization/policyDefinitions","name":"6c59a207-6aed-41dc-83a2-e1ff66e4a4db"},{"properties":{"displayName":"Microsoft
+ Managed Control 1304 - Identification And Authentication (Org. Users) | Local
+ Access To Non-Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1304"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b","type":"Microsoft.Authorization/policyDefinitions","name":"6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1437 - Media Transport | Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1437"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d1eb6ed-bf13-4046-b993-b9e2aef0f76c","type":"Microsoft.Authorization/policyDefinitions","name":"6d1eb6ed-bf13-4046-b993-b9e2aef0f76c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1171 - Penetration Testing | Independent Penetration Agent
+ Or Team","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1171"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d4820bc-8b61-4982-9501-2123cb776c00","type":"Microsoft.Authorization/policyDefinitions","name":"6d4820bc-8b61-4982-9501-2123cb776c00"},{"properties":{"displayName":"Function
App should only be accessible over HTTPS","policyType":"BuiltIn","mode":"Indexed","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","type":"Microsoft.Authorization/policyDefinitions","name":"6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab"},{"properties":{"displayName":"Email
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","type":"Microsoft.Authorization/policyDefinitions","name":"6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab"},{"properties":{"displayName":"Microsoft
+ Managed Control 1643 - Cryptographic Key Establishment And Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1643"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d8d492c-dd7a-46f7-a723-fa66a425b87c","type":"Microsoft.Authorization/policyDefinitions","name":"6d8d492c-dd7a-46f7-a723-fa66a425b87c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1291 - Information System Backup | Testing For Reliability
+ / Integrity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1291"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912","type":"Microsoft.Authorization/policyDefinitions","name":"6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912"},{"properties":{"displayName":"Microsoft
+ Managed Control 1175 - Configuration Management Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1175"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6dab4254-c30d-4bb7-ae99-1d21586c063c","type":"Microsoft.Authorization/policyDefinitions","name":"6dab4254-c30d-4bb7-ae99-1d21586c063c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1651 - Mobile Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1651"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6db63528-c9ba-491c-8a80-83e1e6977a50","type":"Microsoft.Authorization/policyDefinitions","name":"6db63528-c9ba-491c-8a80-83e1e6977a50"},{"properties":{"displayName":"Email
notification for high severity alerts should be enabled","policyType":"BuiltIn","mode":"All","description":"Enable
emailing security alerts to the security contact, in order to have them receive
security alert emails from Microsoft. This ensures that the right people are
aware of any potential security issues and are able to mitigate the risks","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertNotifications","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","type":"Microsoft.Authorization/policyDefinitions","name":"6e2593d9-add6-4083-9c9b-4b7d2188c899"},{"properties":{"displayName":"Allow
- resource creation only in Japan data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
- resource creation in the following locations only: Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4","type":"Microsoft.Authorization/policyDefinitions","name":"6fdb9205-3462-4cfc-87d8-16c7860b53f4"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertNotifications","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","type":"Microsoft.Authorization/policyDefinitions","name":"6e2593d9-add6-4083-9c9b-4b7d2188c899"},{"properties":{"displayName":"Microsoft
+ Managed Control 1586 - External Information System Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1586"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e3b2fbd-8f37-4766-a64d-3f37703dcb51","type":"Microsoft.Authorization/policyDefinitions","name":"6e3b2fbd-8f37-4766-a64d-3f37703dcb51"},{"properties":{"displayName":"Microsoft
+ Managed Control 1536 - Risk Assessment Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1536"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e40d9de-2ad4-4cb5-8945-23143326a502","type":"Microsoft.Authorization/policyDefinitions","name":"6e40d9de-2ad4-4cb5-8945-23143326a502"},{"properties":{"displayName":"Microsoft
+ Managed Control 1530 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1530"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e8f9566-29f1-49cd-b61f-f8628a3cf993","type":"Microsoft.Authorization/policyDefinitions","name":"6e8f9566-29f1-49cd-b61f-f8628a3cf993"},{"properties":{"displayName":"Microsoft
+ Managed Control 1460 - Access Control For Output Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1460"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6f3ce1bb-4f77-4695-8355-70b08d54fdda","type":"Microsoft.Authorization/policyDefinitions","name":"6f3ce1bb-4f77-4695-8355-70b08d54fdda"},{"properties":{"displayName":"Microsoft
+ Managed Control 1320 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1320"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6f54c732-71d4-4f93-a696-4e373eca3a77","type":"Microsoft.Authorization/policyDefinitions","name":"6f54c732-71d4-4f93-a696-4e373eca3a77"},{"properties":{"displayName":"[Deprecated]:
+ Allow resource creation only in Japan data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ resource creation in the following locations only: Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4","type":"Microsoft.Authorization/policyDefinitions","name":"6fdb9205-3462-4cfc-87d8-16c7860b53f4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1141 - Audit Generation | Changes By Authorized Individuals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1141"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fdefbf4-93e7-4513-bc95-c1858b7093e0","type":"Microsoft.Authorization/policyDefinitions","name":"6fdefbf4-93e7-4513-bc95-c1858b7093e0"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Microsoft Network Server''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -5186,7 +7507,19 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - Microsoft Network Server''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkServer","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fe4ef56-7576-4dc4-8e9c-26bad4b087ce","type":"Microsoft.Authorization/policyDefinitions","name":"6fe4ef56-7576-4dc4-8e9c-26bad4b087ce"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkServer","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fe4ef56-7576-4dc4-8e9c-26bad4b087ce","type":"Microsoft.Authorization/policyDefinitions","name":"6fe4ef56-7576-4dc4-8e9c-26bad4b087ce"},{"properties":{"displayName":"Ensure
+ that ''Python version'' is the latest, if used as a part of the Web app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Python software either due to security flaws
+ or to include additional functionality. Using the latest Python version for
+ web apps is recommended in order to to take advantage of security fixes, if
+ any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"WindowsPythonLatestVersion":{"type":"String","metadata":{"displayName":"Windows
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.6"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"Linux
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.8"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PYTHON"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PYTHON|'',
+ parameters(''LinuxPythonLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":"[parameters(''WindowsPythonLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","type":"Microsoft.Authorization/policyDefinitions","name":"7008174a-fd10-4ef0-817e-fc820a951d73"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Windows Components''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
with non-compliant settings in Group Policy category: ''Windows Components''.
@@ -5298,14 +7631,36 @@ interactions:
Specify the maximum log file size (KB);ExpectedValue","value":"[parameters(''SystemSpecifyTheMaximumLogFileSizeKB'')]"},{"name":"Turn
off Data Execution Prevention for Explorer;ExpectedValue","value":"[parameters(''TurnOffDataExecutionPreventionForExplorer'')]"},{"name":"Specify
the interval to check for definition updates;ExpectedValue","value":"[parameters(''SpecifyTheIntervalToCheckForDefinitionUpdates'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7040a231-fb65-4412-8c0a-b365f4866c24","type":"Microsoft.Authorization/policyDefinitions","name":"7040a231-fb65-4412-8c0a-b365f4866c24"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7040a231-fb65-4412-8c0a-b365f4866c24","type":"Microsoft.Authorization/policyDefinitions","name":"7040a231-fb65-4412-8c0a-b365f4866c24"},{"properties":{"displayName":"Microsoft
+ Managed Control 1254 - Contingency Plan | Resume All Missions / Business Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1254"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/704e136a-4fe0-427c-b829-cd69957f5d2b","type":"Microsoft.Authorization/policyDefinitions","name":"704e136a-4fe0-427c-b829-cd69957f5d2b"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- System''","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''System
Audit Policies - System''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7066131b-61a6-4917-a7e4-72e8983f0aa6","type":"Microsoft.Authorization/policyDefinitions","name":"7066131b-61a6-4917-a7e4-72e8983f0aa6"},{"properties":{"displayName":"[Preview]:
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7066131b-61a6-4917-a7e4-72e8983f0aa6","type":"Microsoft.Authorization/policyDefinitions","name":"7066131b-61a6-4917-a7e4-72e8983f0aa6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1509 - Position Risk Designation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1509"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/70792197-9bfc-4813-905a-bd33993e327f","type":"Microsoft.Authorization/policyDefinitions","name":"70792197-9bfc-4813-905a-bd33993e327f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1541 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1541"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/70f6af82-7be6-44aa-9b15-8b9231b2e434","type":"Microsoft.Authorization/policyDefinitions","name":"70f6af82-7be6-44aa-9b15-8b9231b2e434"},{"properties":{"displayName":"Microsoft
+ Managed Control 1691 - Information System Monitoring | Automated Tools For
+ Real-Time Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1691"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/71475fb4-49bd-450b-a1a5-f63894c24725","type":"Microsoft.Authorization/policyDefinitions","name":"71475fb4-49bd-450b-a1a5-f63894c24725"},{"properties":{"displayName":"Microsoft
+ Managed Control 1481 - Temperature And Humidity Controls","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1481"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/717a1c78-a267-4f56-ac58-ee6c54dc4339","type":"Microsoft.Authorization/policyDefinitions","name":"717a1c78-a267-4f56-ac58-ee6c54dc4339"},{"properties":{"displayName":"Microsoft
+ Managed Control 1129 - Time Stamps | Synchronization With Authoritative Time
+ Source","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1129"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/71bb965d-4047-4623-afd4-b8189a58df5d","type":"Microsoft.Authorization/policyDefinitions","name":"71bb965d-4047-4623-afd4-b8189a58df5d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1395 - System Maintenance Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1395"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7207a023-a517-41c5-9df2-09d4c6845a05","type":"Microsoft.Authorization/policyDefinitions","name":"7207a023-a517-41c5-9df2-09d4c6845a05"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs on which the DSC configuration is not
compliant","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
@@ -5320,7 +7675,28 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Administrative
Templates - Network''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesNetwork","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7229bd6a-693d-478a-87f0-1dc1af06f3b8","type":"Microsoft.Authorization/policyDefinitions","name":"7229bd6a-693d-478a-87f0-1dc1af06f3b8"},{"properties":{"displayName":"[Preview]:
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesNetwork","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7229bd6a-693d-478a-87f0-1dc1af06f3b8","type":"Microsoft.Authorization/policyDefinitions","name":"7229bd6a-693d-478a-87f0-1dc1af06f3b8"},{"properties":{"displayName":"Ensure
+ that ''Python version'' is the latest, if used as a part of the Function app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Python software either due to security flaws
+ or to include additional functionality. Using the latest Python version for
+ Function apps is recommended in order to to take advantage of security fixes,
+ if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"WindowsPythonLatestVersion":{"type":"String","metadata":{"displayName":"Windows
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.6"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"Linux
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.8"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PYTHON"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PYTHON|'',
+ parameters(''LinuxPythonLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":"[parameters(''WindowsPythonLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","type":"Microsoft.Authorization/policyDefinitions","name":"7238174a-fd10-4ef0-817e-fc820a951d73"},{"properties":{"displayName":"Ensure
+ that ''PHP version'' is the latest, if used as a part of the WEB app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for PHP software either due to security flaws
+ or to include additional functionality. Using the latest PHP version for web
+ apps is recommended in order to to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ PHP version","description":"Latest supported PHP version for App Services"},"defaultValue":"7.3"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PHP"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PHP|'',
+ parameters(''PHPLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":"[parameters(''PHPLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","type":"Microsoft.Authorization/policyDefinitions","name":"7261b898-8a84-4db8-9e04-18527132abb3"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that allow re-use of the previous
24 passwords","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5328,24 +7704,75 @@ interactions:
managed identity and deploys the VM extension for Guest Configuration. This
policy should only be used along with its corresponding audit policy in an
initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"EnforcePasswordHistory"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","type":"Microsoft.Authorization/policyDefinitions","name":"726671ac-c4de-4908-8c7d-6043ae62e3b6"},{"properties":{"displayName":"Allowed
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"EnforcePasswordHistory"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","type":"Microsoft.Authorization/policyDefinitions","name":"726671ac-c4de-4908-8c7d-6043ae62e3b6"},{"properties":{"displayName":"Add
+ a tag to resource groups","policyType":"BuiltIn","mode":"All","description":"Adds
+ the specified tag and value when any resource group missing this tag is created
+ or updated. Existing resource groups can be remediated by triggering a remediation
+ task. If the tag exists with a different value it will not be changed.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
+ Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"add","field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/726aca4c-86e9-4b04-b0c5-073027359532","type":"Microsoft.Authorization/policyDefinitions","name":"726aca4c-86e9-4b04-b0c5-073027359532"},{"properties":{"displayName":"Microsoft
+ Managed Control 1524 - Personnel Transfer","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1524"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/72f1cb4e-2439-4fe8-88ea-b8671ce3c268","type":"Microsoft.Authorization/policyDefinitions","name":"72f1cb4e-2439-4fe8-88ea-b8671ce3c268"},{"properties":{"displayName":"Microsoft
+ Managed Control 1393 - Information Spillage Response | Exposure To Unauthorized
+ Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1393"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/731856d8-1598-4b75-92de-7d46235747c0","type":"Microsoft.Authorization/policyDefinitions","name":"731856d8-1598-4b75-92de-7d46235747c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1101 - Audit And Accountability Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1101"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7327b708-f0e0-457d-9d2a-527fcc9c9a65","type":"Microsoft.Authorization/policyDefinitions","name":"7327b708-f0e0-457d-9d2a-527fcc9c9a65"},{"properties":{"displayName":"Microsoft
+ Managed Control 1456 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1456"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/733ba9e3-9e7c-440a-a7aa-6196a90a2870","type":"Microsoft.Authorization/policyDefinitions","name":"733ba9e3-9e7c-440a-a7aa-6196a90a2870"},{"properties":{"displayName":"Microsoft
+ Managed Control 1581 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1581"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/742b549b-7a25-465f-b83c-ea1ffb4f4e0e","type":"Microsoft.Authorization/policyDefinitions","name":"742b549b-7a25-465f-b83c-ea1ffb4f4e0e"},{"properties":{"displayName":"Allowed
storage account SKUs","policyType":"BuiltIn","mode":"Indexed","description":"This
policy enables you to specify a set of storage account SKUs that your organization
can deploy.","metadata":{"category":"Storage"},"parameters":{"listOfAllowedSKUs":{"type":"Array","metadata":{"description":"The
list of SKUs that can be specified for storage accounts.","displayName":"Allowed
- SKUs","strongType":"StorageSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1","type":"Microsoft.Authorization/policyDefinitions","name":"7433c107-6db4-4ad1-b57a-a76dce0154a1"},{"properties":{"displayName":"[Deprecated]:
+ SKUs","strongType":"StorageSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1","type":"Microsoft.Authorization/policyDefinitions","name":"7433c107-6db4-4ad1-b57a-a76dce0154a1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1631 - Boundary Protection | Deny By Default / Allow By Exception","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1631"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/74ae9b8e-e7bb-4c9c-992f-c535282f7a2c","type":"Microsoft.Authorization/policyDefinitions","name":"74ae9b8e-e7bb-4c9c-992f-c535282f7a2c"},{"properties":{"displayName":"Ensure
+ that ''Python version'' is the latest, if used as a part of the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Python software either due to security flaws
+ or to include additional functionality. Using the latest Python version for
+ Api apps is recommended in order to to take advantage of security fixes, if
+ any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"WindowsPythonLatestVersion":{"type":"String","metadata":{"displayName":"Windows
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.6"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"Linux
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.8"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PYTHON"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PYTHON|'',
+ parameters(''LinuxPythonLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":"[parameters(''WindowsPythonLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","type":"Microsoft.Authorization/policyDefinitions","name":"74c3584d-afae-46f7-a20a-6f8adba71a16"},{"properties":{"displayName":"Microsoft
+ Managed Control 1417 - Nonlocal Maintenance | Comparable Security / Sanitization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1417"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7522ed84-70d5-4181-afc0-21e50b1b6d0e","type":"Microsoft.Authorization/policyDefinitions","name":"7522ed84-70d5-4181-afc0-21e50b1b6d0e"},{"properties":{"displayName":"[Deprecated]:
Audit enabling of diagnostic logs in App Services","policyType":"BuiltIn","mode":"All","description":"Audit
enabling of diagnostic logs on the app. This enables you to recreate activity
trails for investigation purposes if a security incident occurs or your network
is compromised","metadata":{"category":"App Service","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites/config"},{"field":"name","equals":"web"},{"anyOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","notEquals":"true"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac","type":"Microsoft.Authorization/policyDefinitions","name":"752c6934-9bcc-4749-b004-655e676ae2ac"},{"properties":{"displayName":"Vulnerabilities
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites/config"},{"field":"name","equals":"web"},{"anyOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","notEquals":"true"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac","type":"Microsoft.Authorization/policyDefinitions","name":"752c6934-9bcc-4749-b004-655e676ae2ac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1468 - Visitor Access Records | Automated Records Maintenance
+ / Review","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1468"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/75603f96-80a1-4757-991d-5a1221765ddd","type":"Microsoft.Authorization/policyDefinitions","name":"75603f96-80a1-4757-991d-5a1221765ddd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1053 - Session Lock | Pattern-Hiding Displays","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1053"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7582b19c-9dba-438e-aed8-ede59ac35ba3","type":"Microsoft.Authorization/policyDefinitions","name":"7582b19c-9dba-438e-aed8-ede59ac35ba3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1459 - Access Control For Transmission Medium","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1459"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0","type":"Microsoft.Authorization/policyDefinitions","name":"75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0"},{"properties":{"displayName":"Vulnerabilities
should be remediated by a Vulnerability Assessment solution","policyType":"BuiltIn","mode":"All","description":"Monitors
vulnerabilities detected by Vulnerability Assessment solution and VMs without
a Vulnerability Assessment solution in Azure Security Center as recommendations.","metadata":{"category":"Security
@@ -5359,12 +7786,63 @@ interactions:
List of VM images that have supported Linux OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.7"},"resources":[{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","name":"[concat(parameters(''vmName''),
''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0","type":"Microsoft.Authorization/policyDefinitions","name":"765266ab-e40e-4c61-bcb2-5a5275d0b7c0"},{"properties":{"displayName":"Azure
+ extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0","type":"Microsoft.Authorization/policyDefinitions","name":"765266ab-e40e-4c61-bcb2-5a5275d0b7c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1055 - Session Termination| User-Initiated Logouts / Message
+ Displays","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1055"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/769efd9b-3587-4e22-90ce-65ddcd5bd969","type":"Microsoft.Authorization/policyDefinitions","name":"769efd9b-3587-4e22-90ce-65ddcd5bd969"},{"properties":{"displayName":"Audit
+ delegation of scopes to a managing tenant","policyType":"BuiltIn","mode":"All","description":"Audit
+ delegation of scopes to a managing tenant via Azure Lighthouse.","metadata":{"category":"Lighthouse"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ManagedServices/registrationAssignments"},{"value":"true","equals":"true"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/76bed37b-484f-430f-a009-fd7592dff818","type":"Microsoft.Authorization/policyDefinitions","name":"76bed37b-484f-430f-a009-fd7592dff818"},{"properties":{"displayName":"Microsoft
+ Managed Control 1058 - Permitted Actions Without Identification Or Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1058"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/76e85d08-8fbb-4112-a1c1-93521e6a9254","type":"Microsoft.Authorization/policyDefinitions","name":"76e85d08-8fbb-4112-a1c1-93521e6a9254"},{"properties":{"displayName":"Microsoft
+ Managed Control 1508 - Position Risk Designation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1508"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/76f500cc-4bca-4583-bda1-6d084dc21086","type":"Microsoft.Authorization/policyDefinitions","name":"76f500cc-4bca-4583-bda1-6d084dc21086"},{"properties":{"displayName":"Microsoft
+ Managed Control 1423 - Maintenance Personnel | Individuals Without Appropriate
+ Access","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1423"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7741669e-d4f6-485a-83cb-e70ce7cbbc20","type":"Microsoft.Authorization/policyDefinitions","name":"7741669e-d4f6-485a-83cb-e70ce7cbbc20"},{"properties":{"displayName":"Azure
subscriptions should have a log profile for Activity Log","policyType":"BuiltIn","mode":"All","description":"This
policy ensures if a log profile is enabled for exporting activity logs. It
audits if there is no log profile created to export the logs either to a storage
account or to an event hub.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"field":"Microsoft.Insights/logProfiles/categories","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","type":"Microsoft.Authorization/policyDefinitions","name":"7796937f-307b-4598-941c-67d3a05ebfe7"},{"properties":{"displayName":"Deploy
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"field":"Microsoft.Insights/logProfiles/categories","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","type":"Microsoft.Authorization/policyDefinitions","name":"7796937f-307b-4598-941c-67d3a05ebfe7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1336 - Authenticator Management | Pki-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1336"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/77f56280-e367-432a-a3b9-8ca2aa636a26","type":"Microsoft.Authorization/policyDefinitions","name":"77f56280-e367-432a-a3b9-8ca2aa636a26"},{"properties":{"displayName":"Microsoft
+ Managed Control 1258 - Contingency Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1258"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7814506c-382c-4d33-a142-249dd4a0dbff","type":"Microsoft.Authorization/policyDefinitions","name":"7814506c-382c-4d33-a142-249dd4a0dbff"},{"properties":{"displayName":"Microsoft
+ Managed Control 1178 - Baseline Configuration | Reviews And Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1178"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7818b8f4-47c6-441a-90ae-12ce04e99893","type":"Microsoft.Authorization/policyDefinitions","name":"7818b8f4-47c6-441a-90ae-12ce04e99893"},{"properties":{"displayName":"Microsoft
+ Managed Control 1057 - Permitted Actions Without Identification Or Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1057"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/78255758-6d45-4bf0-a005-7016bc03b13c","type":"Microsoft.Authorization/policyDefinitions","name":"78255758-6d45-4bf0-a005-7016bc03b13c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1700 - Information System Monitoring | Unauthorized Network
+ Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1700"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5","type":"Microsoft.Authorization/policyDefinitions","name":"7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1010 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1010"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/784663a8-1eb0-418a-a98c-24d19bc1bb62","type":"Microsoft.Authorization/policyDefinitions","name":"784663a8-1eb0-418a-a98c-24d19bc1bb62"},{"properties":{"displayName":"Microsoft
+ Managed Control 1216 - Least Functionality | Periodic Review","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1216"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7894fe6a-f5cb-44c8-ba90-c3f254ff9484","type":"Microsoft.Authorization/policyDefinitions","name":"7894fe6a-f5cb-44c8-ba90-c3f254ff9484"},{"properties":{"displayName":"Microsoft
+ Managed Control 1639 - Boundary Protection | Isolation Of Information System
+ Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1639"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/78e8e649-50f6-4fe3-99ac-fedc2e63b03f","type":"Microsoft.Authorization/policyDefinitions","name":"78e8e649-50f6-4fe3-99ac-fedc2e63b03f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1647 - Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1647"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/791cfc15-6974-42a0-9f4c-2d4b82f4a78c","type":"Microsoft.Authorization/policyDefinitions","name":"791cfc15-6974-42a0-9f4c-2d4b82f4a78c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1510 - Position Risk Designation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1510"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/79da5b09-0e7e-499e-adda-141b069c7998","type":"Microsoft.Authorization/policyDefinitions","name":"79da5b09-0e7e-499e-adda-141b069c7998"},{"properties":{"displayName":"Microsoft
+ Managed Control 1384 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1384"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/79fbc228-461c-4a45-9004-a865ca0728a7","type":"Microsoft.Authorization/policyDefinitions","name":"79fbc228-461c-4a45-9004-a865ca0728a7"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows Server VMs on which Windows Serial Console
is not enabled","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows Server virtual
@@ -5380,14 +7858,35 @@ interactions:
the Emergency Management Services (EMS) console redirection. For more information
on EMS settings, please visit https://aka.ms/gcpolwsc"},"allowedValues":["9600","19200","38400","57600","115200"],"defaultValue":"115200"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsSerialConsole","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[WindowsSerialConsole]WindowsSerialConsole;EMSPortNumber'',
''='', parameters(''EMSPortNumber''), '','', ''[WindowsSerialConsole]WindowsSerialConsole;EMSBaudRate'',
- ''='', parameters(''EMSBaudRate'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsSerialConsole"},"EMSPortNumber":{"value":"[parameters(''EMSPortNumber'')]"},"EMSBaudRate":{"value":"[parameters(''EMSBaudRate'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"EMSPortNumber":{"type":"string"},"EMSBaudRate":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSPortNumber","value":"[parameters(''EMSPortNumber'')]"},{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSBaudRate","value":"[parameters(''EMSBaudRate'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSPortNumber","value":"[parameters(''EMSPortNumber'')]"},{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSBaudRate","value":"[parameters(''EMSBaudRate'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a031c68-d6ab-406e-a506-697a19c634b0","type":"Microsoft.Authorization/policyDefinitions","name":"7a031c68-d6ab-406e-a506-697a19c634b0"},{"properties":{"displayName":"Diagnostic
+ ''='', parameters(''EMSBaudRate'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsSerialConsole"},"EMSPortNumber":{"value":"[parameters(''EMSPortNumber'')]"},"EMSBaudRate":{"value":"[parameters(''EMSBaudRate'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"EMSPortNumber":{"type":"string"},"EMSBaudRate":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSPortNumber","value":"[parameters(''EMSPortNumber'')]"},{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSBaudRate","value":"[parameters(''EMSBaudRate'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSPortNumber","value":"[parameters(''EMSPortNumber'')]"},{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSBaudRate","value":"[parameters(''EMSBaudRate'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a031c68-d6ab-406e-a506-697a19c634b0","type":"Microsoft.Authorization/policyDefinitions","name":"7a031c68-d6ab-406e-a506-697a19c634b0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1093 - Role-Based Security Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1093"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a0bdeeb-15f4-47e8-a1da-9f769f845fdf","type":"Microsoft.Authorization/policyDefinitions","name":"7a0bdeeb-15f4-47e8-a1da-9f769f845fdf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1708 - Security Function Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1708"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a1e2c88-13de-4959-8ee7-47e3d74f1f48","type":"Microsoft.Authorization/policyDefinitions","name":"7a1e2c88-13de-4959-8ee7-47e3d74f1f48"},{"properties":{"displayName":"Microsoft
+ Managed Control 1289 - Information System Backup","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1289"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a724864-956a-496c-b778-637cb1d762cf","type":"Microsoft.Authorization/policyDefinitions","name":"7a724864-956a-496c-b778-637cb1d762cf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1687 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1687"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a87fc7f-301e-49f3-ba2a-4d74f424fa97","type":"Microsoft.Authorization/policyDefinitions","name":"7a87fc7f-301e-49f3-ba2a-4d74f424fa97"},{"properties":{"displayName":"Microsoft
+ Managed Control 1061 - Remote Access | Automated Monitoring / Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1061"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ac22808-a2e8-41c4-9d46-429b50738914","type":"Microsoft.Authorization/policyDefinitions","name":"7ac22808-a2e8-41c4-9d46-429b50738914"},{"properties":{"displayName":"Microsoft
+ Managed Control 1492 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1492"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ad5f307-e045-46f7-8214-5bdb7e973737","type":"Microsoft.Authorization/policyDefinitions","name":"7ad5f307-e045-46f7-8214-5bdb7e973737"},{"properties":{"displayName":"Microsoft
+ Managed Control 1636 - Boundary Protection | Isolation Of Security Tools /
+ Mechanisms / Support Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1636"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7b694eed-7081-43c6-867c-41c76c961043","type":"Microsoft.Authorization/policyDefinitions","name":"7b694eed-7081-43c6-867c-41c76c961043"},{"properties":{"displayName":"Diagnostic
logs in Virtual Machine Scale Sets should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"It
is recommended to enable Logs so that activity trail can be recreated when
investigations are required in the event of an incident or a compromise.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -5396,20 +7895,46 @@ interactions:
policy ensures blob encryption for storage accounts is turned on. It only
applies to Microsoft.Storage resource types, not other storage providers.
This policy is deprecated because storage blob encryption is now enabled by
- default, and can no longer be disabled.","metadata":{"category":"Storage","deprecated":true},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f","type":"Microsoft.Authorization/policyDefinitions","name":"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f"},{"properties":{"displayName":"Show
+ default, and can no longer be disabled.","metadata":{"category":"Storage","deprecated":true},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f","type":"Microsoft.Authorization/policyDefinitions","name":"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1143 - Security Assessment And Authorization Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1143"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7c6de11b-5f51-4f7c-8d83-d2467c8a816e","type":"Microsoft.Authorization/policyDefinitions","name":"7c6de11b-5f51-4f7c-8d83-d2467c8a816e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1051 - Session Lock","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1051"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7cac6ee9-b58b-40c8-a5ce-f0efc3d9b339","type":"Microsoft.Authorization/policyDefinitions","name":"7cac6ee9-b58b-40c8-a5ce-f0efc3d9b339"},{"properties":{"displayName":"Microsoft
+ Managed Control 1279 - Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1279"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0","type":"Microsoft.Authorization/policyDefinitions","name":"7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1109 - Content Of Audit Records | Centralized Management Of
+ Planned Audit Record Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1109"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7d9ffa23-ad92-4d0d-b1f4-7db274cc2aec","type":"Microsoft.Authorization/policyDefinitions","name":"7d9ffa23-ad92-4d0d-b1f4-7db274cc2aec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1201 - Security Impact Analysis | Separate Test Environments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1201"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7daef997-fdd3-461b-8807-a608a6dd70f1","type":"Microsoft.Authorization/policyDefinitions","name":"7daef997-fdd3-461b-8807-a608a6dd70f1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1471 - Emergency Shutoff","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1471"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7dd0e9ce-1772-41fb-a50a-99977071f916","type":"Microsoft.Authorization/policyDefinitions","name":"7dd0e9ce-1772-41fb-a50a-99977071f916"},{"properties":{"displayName":"Show
audit results from Windows VMs that have the specified applications installed","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that have the specified applications installed.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"NotInstalledApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c","type":"Microsoft.Authorization/policyDefinitions","name":"7e56b49b-5990-4159-a734-511ea19b731c"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"NotInstalledApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c","type":"Microsoft.Authorization/policyDefinitions","name":"7e56b49b-5990-4159-a734-511ea19b731c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1011 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1011"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e6a54f3-883f-43d5-87c4-172dfd64a1f5","type":"Microsoft.Authorization/policyDefinitions","name":"7e6a54f3-883f-43d5-87c4-172dfd64a1f5"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that have not restarted within the specified
number of days","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that have not restarted within the specified number of days.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MachineLastBootUpTime","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e84ba44-6d03-46fd-950e-5efa5a1112fa","type":"Microsoft.Authorization/policyDefinitions","name":"7e84ba44-6d03-46fd-950e-5efa5a1112fa"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MachineLastBootUpTime","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e84ba44-6d03-46fd-950e-5efa5a1112fa","type":"Microsoft.Authorization/policyDefinitions","name":"7e84ba44-6d03-46fd-950e-5efa5a1112fa"},{"properties":{"displayName":"Microsoft
+ Managed Control 1692 - Information System Monitoring | Inbound And Outbound
+ Communications Traffic","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1692"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ecda928-9df4-4dd7-8f44-641a91e470e8","type":"Microsoft.Authorization/policyDefinitions","name":"7ecda928-9df4-4dd7-8f44-641a91e470e8"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not have the password complexity
setting enabled","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5418,14 +7943,24 @@ interactions:
Configuration. This policy should only be used along with its corresponding
audit policy in an initiative. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordMustMeetComplexityRequirements"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","type":"Microsoft.Authorization/policyDefinitions","name":"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8"},{"properties":{"displayName":"[Preview]:
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordMustMeetComplexityRequirements"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","type":"Microsoft.Authorization/policyDefinitions","name":"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1191 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1191"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f26a61b-a74d-467c-99cf-63644db144f7","type":"Microsoft.Authorization/policyDefinitions","name":"7f26a61b-a74d-467c-99cf-63644db144f7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1520 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1520"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f2c513b-eb16-463b-b469-c10e5fa94f0a","type":"Microsoft.Authorization/policyDefinitions","name":"7f2c513b-eb16-463b-b469-c10e5fa94f0a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1126 - Audit Reduction And Report Generation | Automatic Processing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1126"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f37f71b-420f-49bf-9477-9c0196974ecf","type":"Microsoft.Authorization/policyDefinitions","name":"7f37f71b-420f-49bf-9477-9c0196974ecf"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Privilege Use''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -5436,13 +7971,28 @@ interactions:
Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPrivilegeUse","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f4e96d1-e4f3-4dbb-b767-33ca4df8df7c","type":"Microsoft.Authorization/policyDefinitions","name":"7f4e96d1-e4f3-4dbb-b767-33ca4df8df7c"},{"properties":{"displayName":"Audit
diagnostic setting","policyType":"BuiltIn","mode":"All","description":"Audit
diagnostic setting for selected resource types","metadata":{"category":"Monitoring"},"parameters":{"listOfResourceTypes":{"type":"Array","metadata":{"displayName":"Resource
- Types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypes'')]"},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","type":"Microsoft.Authorization/policyDefinitions","name":"7f89b1eb-583c-429a-8828-af049802c1d9"},{"properties":{"displayName":"SQL
+ Types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypes'')]"},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","type":"Microsoft.Authorization/policyDefinitions","name":"7f89b1eb-583c-429a-8828-af049802c1d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1117 - Audit Review, Analysis, And Reporting | Process Integration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1117"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7fbfe680-6dbb-4037-963c-a621c5635902","type":"Microsoft.Authorization/policyDefinitions","name":"7fbfe680-6dbb-4037-963c-a621c5635902"},{"properties":{"displayName":"SQL
Auditing settings should have Action-Groups configured to capture critical
activities","policyType":"BuiltIn","mode":"Indexed","description":"The AuditActionsAndGroups
property should contain at least SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,
FAILED_DATABASE_AUTHENTICATION_GROUP, BATCH_COMPLETED_GROUP to ensure a thorough
audit logging","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"FAILED_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"BATCH_COMPLETED_GROUP"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","type":"Microsoft.Authorization/policyDefinitions","name":"7ff426e2-515f-405a-91c8-4f2333442eb5"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"FAILED_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"BATCH_COMPLETED_GROUP"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","type":"Microsoft.Authorization/policyDefinitions","name":"7ff426e2-515f-405a-91c8-4f2333442eb5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1703 - Security Alerts, Advisories, And Directives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1703"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/804faf7d-b687-40f7-9f74-79e28adf4205","type":"Microsoft.Authorization/policyDefinitions","name":"804faf7d-b687-40f7-9f74-79e28adf4205"},{"properties":{"displayName":"Microsoft
+ Managed Control 1303 - Identification And Authentication (Org. Users) | Local
+ Access To Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1303"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/80ca0a27-918a-4604-af9e-723a27ee51e8","type":"Microsoft.Authorization/policyDefinitions","name":"80ca0a27-918a-4604-af9e-723a27ee51e8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1505 - Information Security Architecture","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1505"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/813a10a7-3943-4fe3-8678-00dc52db5490","type":"Microsoft.Authorization/policyDefinitions","name":"813a10a7-3943-4fe3-8678-00dc52db5490"},{"properties":{"displayName":"Microsoft
+ Managed Control 1614 - Developer Security Architecture And Design","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1614"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8154e3b3-cc52-40be-9407-7756581d71f6","type":"Microsoft.Authorization/policyDefinitions","name":"8154e3b3-cc52-40be-9407-7756581d71f6"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''User Rights Assignment''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
with non-compliant settings in Group Policy category: ''User Rights Assignment''.
@@ -5543,7 +8093,35 @@ interactions:
files and directories;ExpectedValue","value":"[parameters(''UsersAndGroupsThatMayRestoreFilesAndDirectories'')]"},{"name":"Shut
down the system;ExpectedValue","value":"[parameters(''UsersAndGroupsThatMayShutDownTheSystem'')]"},{"name":"Take
ownership of files or other objects;ExpectedValue","value":"[parameters(''UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/815dcc9f-6662-43f2-9a03-1b83e9876f24","type":"Microsoft.Authorization/policyDefinitions","name":"815dcc9f-6662-43f2-9a03-1b83e9876f24"},{"properties":{"displayName":"Diagnostic
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/815dcc9f-6662-43f2-9a03-1b83e9876f24","type":"Microsoft.Authorization/policyDefinitions","name":"815dcc9f-6662-43f2-9a03-1b83e9876f24"},{"properties":{"displayName":"Microsoft
+ Managed Control 1308 - Identification And Authentication (Org. Users) | Remote
+ Access - Separate Device","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1308"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/81817e1c-5347-48dd-965a-40159d008229","type":"Microsoft.Authorization/policyDefinitions","name":"81817e1c-5347-48dd-965a-40159d008229"},{"properties":{"displayName":"Microsoft
+ Managed Control 1287 - Information System Backup","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1287"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/819dc6da-289d-476e-8500-7e341ef8677d","type":"Microsoft.Authorization/policyDefinitions","name":"819dc6da-289d-476e-8500-7e341ef8677d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1213 - Configuration Settings | Respond To Unauthorized Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1213"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/81f11e32-a293-4a58-82cd-134af52e2318","type":"Microsoft.Authorization/policyDefinitions","name":"81f11e32-a293-4a58-82cd-134af52e2318"},{"properties":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for MySQL","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure Database for MySQL with geo-redundant backup not enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMySQL/servers"},{"field":"Microsoft.DBforMySQL/servers/storageProfile.geoRedundantBackup","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","type":"Microsoft.Authorization/policyDefinitions","name":"82339799-d096-41ae-8538-b108becf0970"},{"properties":{"displayName":"Microsoft
+ Managed Control 1168 - Continuous Monitoring | Independent Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1168"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/82409f9e-1f32-4775-bf07-b99d53a91b06","type":"Microsoft.Authorization/policyDefinitions","name":"82409f9e-1f32-4775-bf07-b99d53a91b06"},{"properties":{"displayName":"Microsoft
+ Managed Control 1448 - Physical Access Authorizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1448"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/825d6494-e583-42f2-a3f2-6458e6f0004f","type":"Microsoft.Authorization/policyDefinitions","name":"825d6494-e583-42f2-a3f2-6458e6f0004f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1452 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1452"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/82c76455-4d3f-4e09-a654-22e592107e74","type":"Microsoft.Authorization/policyDefinitions","name":"82c76455-4d3f-4e09-a654-22e592107e74"},{"properties":{"displayName":"Microsoft
+ Managed Control 1262 - Contingency Plan Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1262"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/831e510e-db41-4c72-888e-a0621ab62265","type":"Microsoft.Authorization/policyDefinitions","name":"831e510e-db41-4c72-888e-a0621ab62265"},{"properties":{"displayName":"Microsoft
+ Managed Control 1008 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1008"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8356cfc6-507a-4d20-b818-08038011cd07","type":"Microsoft.Authorization/policyDefinitions","name":"8356cfc6-507a-4d20-b818-08038011cd07"},{"properties":{"displayName":"Diagnostic
logs in Event Hub should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
@@ -5555,7 +8133,48 @@ interactions:
policy denies the network interfaces which are configured with any public
IP. Public IP addresses allow internet resources to communicate inbound to
Azure resources, and Azure resources to communicate outbound to the internet.
- This should be reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"not":{"field":"Microsoft.Network/networkInterfaces/ipconfigurations[*].publicIpAddress.id","notLike":"*"}}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114","type":"Microsoft.Authorization/policyDefinitions","name":"83a86a26-fd1f-447c-b59d-e51f44264114"},{"properties":{"displayName":"[Preview]:
+ This should be reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"not":{"field":"Microsoft.Network/networkInterfaces/ipconfigurations[*].publicIpAddress.id","notLike":"*"}}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114","type":"Microsoft.Authorization/policyDefinitions","name":"83a86a26-fd1f-447c-b59d-e51f44264114"},{"properties":{"displayName":"Microsoft
+ Managed Control 1382 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1382"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/841392b3-40da-4473-b328-4cde49db67b3","type":"Microsoft.Authorization/policyDefinitions","name":"841392b3-40da-4473-b328-4cde49db67b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1098 - Security Training Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1098"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/84363adb-dde3-411a-9fc1-36b56737f822","type":"Microsoft.Authorization/policyDefinitions","name":"84363adb-dde3-411a-9fc1-36b56737f822"},{"properties":{"displayName":"Ensure
+ that ''.Net Framework'' version is the latest, if used as a part of the Web
+ app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for .Net Framework software either due to security
+ flaws or to include additional functionality. Using the latest .Net framework
+ version for web apps is recommended in order to to take advantage of security
+ fixes, if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.netFrameworkVersion","in":["v3.0","v4.0"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/843664e0-7563-41ee-a9cb-7522c382d2c4","type":"Microsoft.Authorization/policyDefinitions","name":"843664e0-7563-41ee-a9cb-7522c382d2c4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1119 - Audit Review, Analysis, And Reporting | Central Review
+ And Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1119"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/845f6359-b764-4b40-b579-657aefe23c44","type":"Microsoft.Authorization/policyDefinitions","name":"845f6359-b764-4b40-b579-657aefe23c44"},{"properties":{"displayName":"Microsoft
+ Managed Control 1024 - Account Management | Account Monitoring / Atypical
+ Usage","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1024"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/84914fb4-12da-4c53-a341-a9fd463bed10","type":"Microsoft.Authorization/policyDefinitions","name":"84914fb4-12da-4c53-a341-a9fd463bed10"},{"properties":{"displayName":"Microsoft
+ Managed Control 1307 - Identification And Authentication (Org. Users) | Net.
+ Access To Non-Priv. Accts. - Replay","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1307"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/84e622c8-4bed-417c-84c6-b2fb0dd73682","type":"Microsoft.Authorization/policyDefinitions","name":"84e622c8-4bed-417c-84c6-b2fb0dd73682"},{"properties":{"displayName":"Microsoft
+ Managed Control 1080 - Use Of External Information Systems | Portable Storage
+ Devices","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1080"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/852981b4-a380-4704-aa1e-2e52d63445e5","type":"Microsoft.Authorization/policyDefinitions","name":"852981b4-a380-4704-aa1e-2e52d63445e5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1580 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1580"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/854db8ac-6adf-42a0-bef3-b73f764f40b9","type":"Microsoft.Authorization/policyDefinitions","name":"854db8ac-6adf-42a0-bef3-b73f764f40b9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1348 - Identification And Authentication (Non-Org. Users)
+ | Acceptance Of Third-Party Credentials","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1348"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/855ced56-417b-4d74-9d5f-dd1bc81e22d6","type":"Microsoft.Authorization/policyDefinitions","name":"855ced56-417b-4d74-9d5f-dd1bc81e22d6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1079 - Use Of External Information Systems | Limits On Authorized
+ Use","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1079"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/85c32733-7d23-4948-88da-058e2c56b60f","type":"Microsoft.Authorization/policyDefinitions","name":"85c32733-7d23-4948-88da-058e2c56b60f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1326 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1326"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8605fc00-1bf5-4fb3-984e-c95cec4f231d","type":"Microsoft.Authorization/policyDefinitions","name":"8605fc00-1bf5-4fb3-984e-c95cec4f231d"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Microsoft Network Server''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5573,11 +8192,39 @@ interactions:
updates should be installed on your machines","policyType":"BuiltIn","mode":"All","description":"Missing
security system updates on your servers will be monitored by Azure Security
Center as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"systemUpdates","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","type":"Microsoft.Authorization/policyDefinitions","name":"86b3d65f-7626-441e-b690-81a8b71cff60"},{"properties":{"displayName":"Require
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"systemUpdates","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","type":"Microsoft.Authorization/policyDefinitions","name":"86b3d65f-7626-441e-b690-81a8b71cff60"},{"properties":{"displayName":"Microsoft
+ Managed Control 1507 - Personnel Security Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1507"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86ccd1bf-e7ad-4851-93ce-6ec817469c1e","type":"Microsoft.Authorization/policyDefinitions","name":"86ccd1bf-e7ad-4851-93ce-6ec817469c1e"},{"properties":{"displayName":"Ensure
+ that Register with Azure Active Directory is enabled on API app","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86d97760-d216-4d81-a3ad-163087b2b6c3","type":"Microsoft.Authorization/policyDefinitions","name":"86d97760-d216-4d81-a3ad-163087b2b6c3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1392 - Information Spillage Response | Post-Spill Operations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1392"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86dc819f-15e1-43f9-a271-41ae58d4cecc","type":"Microsoft.Authorization/policyDefinitions","name":"86dc819f-15e1-43f9-a271-41ae58d4cecc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1589 - External Information System Services | Risk Assessments
+ / Organizational Approvals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1589"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86ec7f9b-9478-40ff-8cfd-6a0d510081a8","type":"Microsoft.Authorization/policyDefinitions","name":"86ec7f9b-9478-40ff-8cfd-6a0d510081a8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1207 - Access Restrictions For Change | Limit Production /
+ Operational Privileges","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1207"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8713a0ed-0d1e-4d10-be82-83dffb39830e","type":"Microsoft.Authorization/policyDefinitions","name":"8713a0ed-0d1e-4d10-be82-83dffb39830e"},{"properties":{"displayName":"Require
specified tag","policyType":"BuiltIn","mode":"Indexed","description":"Enforces
- existence of a tag. Does not apply to resource groups.","metadata":{"category":"General"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ existence of a tag. Does not apply to resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","exists":"false"},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/871b6d14-10aa-478d-b590-94f262ecfa99","type":"Microsoft.Authorization/policyDefinitions","name":"871b6d14-10aa-478d-b590-94f262ecfa99"},{"properties":{"displayName":"[Preview]:
+ parameters(''tagName''), '']'')]","exists":"false"},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/871b6d14-10aa-478d-b590-94f262ecfa99","type":"Microsoft.Authorization/policyDefinitions","name":"871b6d14-10aa-478d-b590-94f262ecfa99"},{"properties":{"displayName":"Microsoft
+ Managed Control 1180 - Baseline Configuration | Automation Support For Accuracy
+ / Currency","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1180"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/874e7880-a067-42a7-bcbe-1a340f54c8cc","type":"Microsoft.Authorization/policyDefinitions","name":"874e7880-a067-42a7-bcbe-1a340f54c8cc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1635 - Boundary Protection | Host-Based Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1635"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e","type":"Microsoft.Authorization/policyDefinitions","name":"87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Administrative Templates
- Control Panel''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -5585,7 +8232,18 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Administrative Templates - Control Panel''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesControlPanel","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/87b590fe-4a1d-4697-ae74-d4fe72ab786c","type":"Microsoft.Authorization/policyDefinitions","name":"87b590fe-4a1d-4697-ae74-d4fe72ab786c"},{"properties":{"displayName":"Deploy
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesControlPanel","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/87b590fe-4a1d-4697-ae74-d4fe72ab786c","type":"Microsoft.Authorization/policyDefinitions","name":"87b590fe-4a1d-4697-ae74-d4fe72ab786c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1293 - Information System Backup | Separate Storage For Critical
+ Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1293"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/87f7cd82-2e45-4d0f-9e2f-586b0962d142","type":"Microsoft.Authorization/policyDefinitions","name":"87f7cd82-2e45-4d0f-9e2f-586b0962d142"},{"properties":{"displayName":"Microsoft
+ Managed Control 1440 - Media Sanitization | Review / Approve / Track / Document
+ / Verify","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1440"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/881299bf-2a5b-4686-a1b2-321d33679953","type":"Microsoft.Authorization/policyDefinitions","name":"881299bf-2a5b-4686-a1b2-321d33679953"},{"properties":{"displayName":"Microsoft
+ Managed Control 1356 - Incident Response Training | Simulated Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1356"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8829f8f5-e8be-441e-85c9-85b72a5d0ef3","type":"Microsoft.Authorization/policyDefinitions","name":"8829f8f5-e8be-441e-85c9-85b72a5d0ef3"},{"properties":{"displayName":"Deploy
prerequisites to audit Linux VMs that have the specified applications installed","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Linux virtual machines
that have the specified applications installed. It also creates a system-assigned
@@ -5596,24 +8254,46 @@ interactions:
names","description":"A semicolon-separated list of the names of the applications
that should not be installed. e.g. ''python; powershell''"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"not_installed_application_linux","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent'',
''='', concat(''packages: ['', replace(parameters(''ApplicationName''), '';'',
- '',''), '']'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"not_installed_application_linux"},"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ApplicationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ '',''), '']'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"not_installed_application_linux"},"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ApplicationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent","value":"[concat(''packages:
- ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent","value":"[concat(''packages:
- ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0","type":"Microsoft.Authorization/policyDefinitions","name":"884b209a-963b-4520-8006-d20cb3c213e0"},{"properties":{"displayName":"Network
+ ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0","type":"Microsoft.Authorization/policyDefinitions","name":"884b209a-963b-4520-8006-d20cb3c213e0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1317 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1317"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8877f519-c166-47b7-81b7-8a8eb4ff3775","type":"Microsoft.Authorization/policyDefinitions","name":"8877f519-c166-47b7-81b7-8a8eb4ff3775"},{"properties":{"displayName":"Microsoft
+ Managed Control 1501 - Rules Of Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1501"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88817b58-8472-4f6c-81fa-58ce42b67f51","type":"Microsoft.Authorization/policyDefinitions","name":"88817b58-8472-4f6c-81fa-58ce42b67f51"},{"properties":{"displayName":"Ensure
+ that ''Java version'' is the latest, if used as a part of the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Java either due to security flaws or to include
+ additional functionality. Using the latest Python version for Api apps is
+ recommended in order to to take advantage of security fixes, if any, and/or
+ new functionalities of the latest version.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ Java version","description":"Latest supported Java version for App Services"},"defaultValue":"11"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"JAVA"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","like":"[concat(''*'',
+ parameters(''JavaLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.javaVersion","like":"[concat(parameters(''JavaLatestVersion''),
+ ''*'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","type":"Microsoft.Authorization/policyDefinitions","name":"88999f4c-376a-45c8-bcb3-4058f713cf39"},{"properties":{"displayName":"Network
interfaces should disable IP forwarding","policyType":"BuiltIn","mode":"Indexed","description":"This
policy denies the network interfaces which enabled IP forwarding. The setting
of IP forwarding disables Azure''s check of the source and destination for
- a network interface. This should be reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"field":"Microsoft.Network/networkInterfaces/enableIpForwarding","equals":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900","type":"Microsoft.Authorization/policyDefinitions","name":"88c0b9da-ce96-4b03-9635-f29a937e2900"},{"properties":{"displayName":"SQL
+ a network interface. This should be reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"field":"Microsoft.Network/networkInterfaces/enableIpForwarding","equals":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900","type":"Microsoft.Authorization/policyDefinitions","name":"88c0b9da-ce96-4b03-9635-f29a937e2900"},{"properties":{"displayName":"Microsoft
+ Managed Control 1215 - Least Functionality","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1215"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88fc93e8-4745-4785-b5a5-b44bb92c44ff","type":"Microsoft.Authorization/policyDefinitions","name":"88fc93e8-4745-4785-b5a5-b44bb92c44ff"},{"properties":{"displayName":"SQL
servers should be configured with auditing retention days greater than 90
days.","policyType":"BuiltIn","mode":"Indexed","description":"Audit SQL servers
configured with an auditing retention period of less than 90 days.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/auditingSettings/retentionDays","greater":90}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","type":"Microsoft.Authorization/policyDefinitions","name":"89099bee-89e0-4b26-a5f4-165451757743"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/auditingSettings/retentionDays","greater":90}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","type":"Microsoft.Authorization/policyDefinitions","name":"89099bee-89e0-4b26-a5f4-165451757743"},{"properties":{"displayName":"Microsoft
+ Managed Control 1411 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1411"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/898d4fe8-f743-4333-86b7-0c9245d93e7d","type":"Microsoft.Authorization/policyDefinitions","name":"898d4fe8-f743-4333-86b7-0c9245d93e7d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1092 - Security Awareness Training | Insider Threat","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1092"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8a29d47b-8604-4667-84ef-90d203fcb305","type":"Microsoft.Authorization/policyDefinitions","name":"8a29d47b-8604-4667-84ef-90d203fcb305"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
System settings''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -5627,19 +8307,60 @@ interactions:
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines with a pending reboot. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8b0de57a-f511-4d45-a277-17cb79cb163b","type":"Microsoft.Authorization/policyDefinitions","name":"8b0de57a-f511-4d45-a277-17cb79cb163b"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8b0de57a-f511-4d45-a277-17cb79cb163b","type":"Microsoft.Authorization/policyDefinitions","name":"8b0de57a-f511-4d45-a277-17cb79cb163b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1534 - Personnel Sanctions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1534"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8b2b263e-cd05-4488-bcbf-4debec7a17d9","type":"Microsoft.Authorization/policyDefinitions","name":"8b2b263e-cd05-4488-bcbf-4debec7a17d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1170 - Penetration Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1170"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8b78b9b3-ee3c-48e0-a243-ed6dba5b7a12","type":"Microsoft.Authorization/policyDefinitions","name":"8b78b9b3-ee3c-48e0-a243-ed6dba5b7a12"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Windows Firewall Properties''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Windows Firewall Properties''. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsFirewallProperties","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8bbd627e-4d25-4906-9a6e-3789780af3ec","type":"Microsoft.Authorization/policyDefinitions","name":"8bbd627e-4d25-4906-9a6e-3789780af3ec"},{"properties":{"displayName":"Require
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsFirewallProperties","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8bbd627e-4d25-4906-9a6e-3789780af3ec","type":"Microsoft.Authorization/policyDefinitions","name":"8bbd627e-4d25-4906-9a6e-3789780af3ec"},{"properties":{"displayName":"Ensure
+ that ''HTTP Version'' is the latest, if used to run the Web app","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.http20Enabled","Equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae","type":"Microsoft.Authorization/policyDefinitions","name":"8c122334-9d20-4eb8-89ea-ac9a705b74ae"},{"properties":{"displayName":"Microsoft
+ Managed Control 1458 - Physical Access Control | Information System Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1458"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8c19ceb7-56e9-4488-8ddb-b1eb3aa6d203","type":"Microsoft.Authorization/policyDefinitions","name":"8c19ceb7-56e9-4488-8ddb-b1eb3aa6d203"},{"properties":{"displayName":"Microsoft
+ Managed Control 1683 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1683"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8c79fee4-88dd-44ce-bbd4-4de88948c4f8","type":"Microsoft.Authorization/policyDefinitions","name":"8c79fee4-88dd-44ce-bbd4-4de88948c4f8"},{"properties":{"displayName":"Latest
+ TLS version should be used in your API App","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
+ to the latest TLS version","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","type":"Microsoft.Authorization/policyDefinitions","name":"8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1316 - Identifier Management | Identify User Status","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1316"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ce14753-66e5-465d-9841-26ef55c09c0d","type":"Microsoft.Authorization/policyDefinitions","name":"8ce14753-66e5-465d-9841-26ef55c09c0d"},{"properties":{"displayName":"Require
tag and its value on resource groups","policyType":"BuiltIn","mode":"All","description":"Enforces
- a required tag and its value on resource groups.","metadata":{"category":"General"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ a required tag and its value on resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
- Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","notEquals":"[parameters(''tagValue'')]"},{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46","type":"Microsoft.Authorization/policyDefinitions","name":"8ce3da23-7156-49e4-b145-24f95f9dcb46"},{"properties":{"displayName":"[Preview]:
+ Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","notEquals":"[parameters(''tagValue'')]"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46","type":"Microsoft.Authorization/policyDefinitions","name":"8ce3da23-7156-49e4-b145-24f95f9dcb46"},{"properties":{"displayName":"Microsoft
+ Managed Control 1324 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1324"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8cfea2b3-7f77-497e-ac20-0752f2ff6eee","type":"Microsoft.Authorization/policyDefinitions","name":"8cfea2b3-7f77-497e-ac20-0752f2ff6eee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1225 - Information System Component Inventory | Automated
+ Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1225"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8d096fe0-f510-4486-8b4d-d17dc230980b","type":"Microsoft.Authorization/policyDefinitions","name":"8d096fe0-f510-4486-8b4d-d17dc230980b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1288 - Information System Backup","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1288"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f","type":"Microsoft.Authorization/policyDefinitions","name":"8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1281 - Telecommunications Services | Priority Of Service Provisions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1281"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8dc459b3-0e77-45af-8d71-cfd8c9654fe2","type":"Microsoft.Authorization/policyDefinitions","name":"8dc459b3-0e77-45af-8d71-cfd8c9654fe2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1250 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1250"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8de614d8-a8b7-4f70-a62a-6d37089a002c","type":"Microsoft.Authorization/policyDefinitions","name":"8de614d8-a8b7-4f70-a62a-6d37089a002c"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - Object Access''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5668,7 +8389,22 @@ interactions:
Detailed File Share;ExpectedValue","value":"[parameters(''AuditDetailedFileShare'')]"},{"name":"Audit
File Share;ExpectedValue","value":"[parameters(''AuditFileShare'')]"},{"name":"Audit
File System;ExpectedValue","value":"[parameters(''AuditFileSystem'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8e170edb-e0f5-497a-bb36-48b3280cec6a","type":"Microsoft.Authorization/policyDefinitions","name":"8e170edb-e0f5-497a-bb36-48b3280cec6a"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8e170edb-e0f5-497a-bb36-48b3280cec6a","type":"Microsoft.Authorization/policyDefinitions","name":"8e170edb-e0f5-497a-bb36-48b3280cec6a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1278 - Alternate Processing Site | Preparation For Use","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1278"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8e5ef485-9e16-4c53-a475-fbb8107eac59","type":"Microsoft.Authorization/policyDefinitions","name":"8e5ef485-9e16-4c53-a475-fbb8107eac59"},{"properties":{"displayName":"Microsoft
+ Managed Control 1517 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1517"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8f5ad423-50d6-4617-b058-69908f5586c9","type":"Microsoft.Authorization/policyDefinitions","name":"8f5ad423-50d6-4617-b058-69908f5586c9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1668 - Flaw Remediation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1668"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8fb0966e-be1d-42c3-baca-60df5c0bcc61","type":"Microsoft.Authorization/policyDefinitions","name":"8fb0966e-be1d-42c3-baca-60df5c0bcc61"},{"properties":{"displayName":"Microsoft
+ Managed Control 1013 - Account Management | Automated System Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1013"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8fd7b917-d83b-4379-af60-51e14e316c61","type":"Microsoft.Authorization/policyDefinitions","name":"8fd7b917-d83b-4379-af60-51e14e316c61"},{"properties":{"displayName":"Microsoft
+ Managed Control 1147 - Security Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1147"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8fef824a-29a8-4a4c-88fc-420a39c0d541","type":"Microsoft.Authorization/policyDefinitions","name":"8fef824a-29a8-4a4c-88fc-420a39c0d541"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not store passwords using
reversible encryption","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5676,14 +8412,17 @@ interactions:
system-assigned managed identity and deploys the VM extension for Guest Configuration.
This policy should only be used along with its corresponding audit policy
in an initiative. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"StorePasswordsUsingReversibleEncryption","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"StorePasswordsUsingReversibleEncryption"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","type":"Microsoft.Authorization/policyDefinitions","name":"8ff0b18b-262e-4512-857a-48ad0aeb9a78"},{"properties":{"displayName":"[Preview]:
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"StorePasswordsUsingReversibleEncryption","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"StorePasswordsUsingReversibleEncryption"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","type":"Microsoft.Authorization/policyDefinitions","name":"8ff0b18b-262e-4512-857a-48ad0aeb9a78"},{"properties":{"displayName":"Microsoft
+ Managed Control 1550 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1550"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/902908fb-25a8-4225-a3a5-5603c80066c9","type":"Microsoft.Authorization/policyDefinitions","name":"902908fb-25a8-4225-a3a5-5603c80066c9"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Windows Firewall
Properties''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5816,7 +8555,10 @@ interactions:
Firewall: Domain: Allow unicast response;ExpectedValue","value":"[parameters(''WindowsFirewallDomainAllowUnicastResponse'')]"},{"name":"Windows
Firewall: Private: Allow unicast response;ExpectedValue","value":"[parameters(''WindowsFirewallPrivateAllowUnicastResponse'')]"},{"name":"Windows
Firewall: Public: Allow unicast response;ExpectedValue","value":"[parameters(''WindowsFirewallPublicAllowUnicastResponse'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/909c958d-1b99-4c74-b88f-46a5c5bc34f9","type":"Microsoft.Authorization/policyDefinitions","name":"909c958d-1b99-4c74-b88f-46a5c5bc34f9"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/909c958d-1b99-4c74-b88f-46a5c5bc34f9","type":"Microsoft.Authorization/policyDefinitions","name":"909c958d-1b99-4c74-b88f-46a5c5bc34f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1133 - Protection Of Audit Information | Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1133"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90b60a09-133d-45bc-86ef-b206a6134bbe","type":"Microsoft.Authorization/policyDefinitions","name":"90b60a09-133d-45bc-86ef-b206a6134bbe"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that do not have the specified Windows
PowerShell modules installed","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5831,26 +8573,47 @@ interactions:
of a module that should be installed by including a comma after the module
name, followed by the desired version. e.g. PSDscResources; SqlServerDsc,
12.0.0.0; ComputerManagementDsc, 6.1.0.0"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellModules","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[PowerShellModules]PowerShellModules1;Modules'',
- ''='', parameters(''Modules'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPowerShellModules"},"Modules":{"value":"[parameters(''Modules'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"Modules":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellModules]PowerShellModules1;Modules","value":"[parameters(''Modules'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellModules]PowerShellModules1;Modules","value":"[parameters(''Modules'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90ba2ee7-4ca8-4673-84d1-c851c50d3baf","type":"Microsoft.Authorization/policyDefinitions","name":"90ba2ee7-4ca8-4673-84d1-c851c50d3baf"},{"properties":{"displayName":"[Preview]:
+ ''='', parameters(''Modules'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPowerShellModules"},"Modules":{"value":"[parameters(''Modules'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"Modules":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellModules]PowerShellModules1;Modules","value":"[parameters(''Modules'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellModules]PowerShellModules1;Modules","value":"[parameters(''Modules'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90ba2ee7-4ca8-4673-84d1-c851c50d3baf","type":"Microsoft.Authorization/policyDefinitions","name":"90ba2ee7-4ca8-4673-84d1-c851c50d3baf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1140 - Audit Generation | System-Wide / Time-Correlated Audit
+ Trail","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1140"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90d8b8ad-8ee3-4db7-913f-2a53fcff5316","type":"Microsoft.Authorization/policyDefinitions","name":"90d8b8ad-8ee3-4db7-913f-2a53fcff5316"},{"properties":{"displayName":"Microsoft
+ Managed Control 1355 - Incident Response Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1355"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90e01f69-3074-4de8-ade7-0fef3e7d83e0","type":"Microsoft.Authorization/policyDefinitions","name":"90e01f69-3074-4de8-ade7-0fef3e7d83e0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1657 - Secure Name / Address Resolution Service (Authoritative
+ Source)","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1657"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90f01329-a100-43c2-af31-098996135d2b","type":"Microsoft.Authorization/policyDefinitions","name":"90f01329-a100-43c2-af31-098996135d2b"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Windows Components''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Windows Components''. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsComponents","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9178b430-2295-406e-bb28-f6a7a2a2f897","type":"Microsoft.Authorization/policyDefinitions","name":"9178b430-2295-406e-bb28-f6a7a2a2f897"},{"properties":{"displayName":"MFA
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsComponents","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9178b430-2295-406e-bb28-f6a7a2a2f897","type":"Microsoft.Authorization/policyDefinitions","name":"9178b430-2295-406e-bb28-f6a7a2a2f897"},{"properties":{"displayName":"Microsoft
+ Managed Control 1069 - Wireless Access | Authentication And Encryption","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1069"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/91c97b44-791e-46e9-bad7-ab7c4949edbb","type":"Microsoft.Authorization/policyDefinitions","name":"91c97b44-791e-46e9-bad7-ab7c4949edbb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1370 - Incident Monitoring | Automated Tracking / Data Collection
+ / Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1370"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/924e1b2d-c502-478f-bfdb-a7e09a0d5c01","type":"Microsoft.Authorization/policyDefinitions","name":"924e1b2d-c502-478f-bfdb-a7e09a0d5c01"},{"properties":{"displayName":"MFA
should be enabled accounts with write permissions on your subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor
Authentication (MFA) should be enabled for all subscription accounts with
write privileges to prevent a breach of accounts or resources.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","type":"Microsoft.Authorization/policyDefinitions","name":"9297c21d-2ed6-4474-b48f-163f75654ce3"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","type":"Microsoft.Authorization/policyDefinitions","name":"9297c21d-2ed6-4474-b48f-163f75654ce3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1290 - Information System Backup","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1290"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/92f85ce9-17b7-49ea-85ee-ea7271ea6b82","type":"Microsoft.Authorization/policyDefinitions","name":"92f85ce9-17b7-49ea-85ee-ea7271ea6b82"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that contain certificates expiring within
the specified number of days","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -5871,26 +8634,60 @@ interactions:
to include","description":"A semicolon-separated list of members that should
be included in the Administrators local group. Ex: Administrator; myUser1;
myUser2"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AdministratorsGroupMembersToInclude","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[LocalGroup]AdministratorsGroup;MembersToInclude'',
- ''='', parameters(''MembersToInclude'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AdministratorsGroupMembersToInclude"},"MembersToInclude":{"value":"[parameters(''MembersToInclude'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"MembersToInclude":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToInclude","value":"[parameters(''MembersToInclude'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToInclude","value":"[parameters(''MembersToInclude'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","type":"Microsoft.Authorization/policyDefinitions","name":"93507a81-10a4-4af0-9ee2-34cf25a96e98"},{"properties":{"displayName":"Allow
- resource creation only in European data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
- resource creation in the following locations only: North Europe, West Europe","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["northeurope","westeurope"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b","type":"Microsoft.Authorization/policyDefinitions","name":"94c19f19-8192-48cd-a11b-e37099d3e36b"},{"properties":{"displayName":"Require
+ ''='', parameters(''MembersToInclude'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AdministratorsGroupMembersToInclude"},"MembersToInclude":{"value":"[parameters(''MembersToInclude'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"MembersToInclude":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToInclude","value":"[parameters(''MembersToInclude'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToInclude","value":"[parameters(''MembersToInclude'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","type":"Microsoft.Authorization/policyDefinitions","name":"93507a81-10a4-4af0-9ee2-34cf25a96e98"},{"properties":{"displayName":"Microsoft
+ Managed Control 1575 - Acquisition Process | Functional Properties Of Security
+ Controls","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1575"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93e1bb73-1b08-4dbe-9c62-8e2e92e7ec41","type":"Microsoft.Authorization/policyDefinitions","name":"93e1bb73-1b08-4dbe-9c62-8e2e92e7ec41"},{"properties":{"displayName":"Microsoft
+ Managed Control 1674 - Flaw Remediation | Time To Remediate Flaws / Benchmarks
+ For Corrective Actions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1674"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93e9e233-dd0a-4bde-aea5-1371bce0e002","type":"Microsoft.Authorization/policyDefinitions","name":"93e9e233-dd0a-4bde-aea5-1371bce0e002"},{"properties":{"displayName":"Microsoft
+ Managed Control 1297 - Information System Recovery And Reconstitution | Restore
+ Within Time Period","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1297"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93fd8af1-c161-4bae-9ba9-f62731f76439","type":"Microsoft.Authorization/policyDefinitions","name":"93fd8af1-c161-4bae-9ba9-f62731f76439"},{"properties":{"displayName":"Microsoft
+ Managed Control 1284 - Telecommunications Services | Provider Contingency
+ Plan","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1284"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/942b3e97-6ae3-410e-a794-c9c999b97c0b","type":"Microsoft.Authorization/policyDefinitions","name":"942b3e97-6ae3-410e-a794-c9c999b97c0b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1379 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1379"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9442dd2c-a07f-46cd-b55a-553b66ba47ca","type":"Microsoft.Authorization/policyDefinitions","name":"9442dd2c-a07f-46cd-b55a-553b66ba47ca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1371 - Incident Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1371"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9447f354-2c85-4700-93b3-ecdc6cb6a417","type":"Microsoft.Authorization/policyDefinitions","name":"9447f354-2c85-4700-93b3-ecdc6cb6a417"},{"properties":{"displayName":"[Deprecated]:
+ Allow resource creation only in European data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ resource creation in the following locations only: North Europe, West Europe","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["northeurope","westeurope"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b","type":"Microsoft.Authorization/policyDefinitions","name":"94c19f19-8192-48cd-a11b-e37099d3e36b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1526 - Access Agreements","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1526"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/953e6261-a05a-44fd-8246-000e1a3edbb9","type":"Microsoft.Authorization/policyDefinitions","name":"953e6261-a05a-44fd-8246-000e1a3edbb9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1163 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1163"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/961663a1-8a91-4e59-b6f5-1eee57c0f49c","type":"Microsoft.Authorization/policyDefinitions","name":"961663a1-8a91-4e59-b6f5-1eee57c0f49c"},{"properties":{"displayName":"Require
specified tag on resource groups","policyType":"BuiltIn","mode":"All","description":"Enforces
- existence of a tag on resource groups.","metadata":{"category":"General"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ existence of a tag on resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/96670d01-0a4d-4649-9c89-2d3abc0a5025","type":"Microsoft.Authorization/policyDefinitions","name":"96670d01-0a4d-4649-9c89-2d3abc0a5025"},{"properties":{"displayName":"Advanced
+ parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/96670d01-0a4d-4649-9c89-2d3abc0a5025","type":"Microsoft.Authorization/policyDefinitions","name":"96670d01-0a4d-4649-9c89-2d3abc0a5025"},{"properties":{"displayName":"Microsoft
+ Managed Control 1717 - Software, Firmware, And Information Integrity | Binary
+ Or Machine Executable Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1717"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef","type":"Microsoft.Authorization/policyDefinitions","name":"967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef"},{"properties":{"displayName":"Advanced
data security settings for SQL server should contain an email address to receive
security alerts","policyType":"BuiltIn","mode":"Indexed","description":"Ensure
that an email address is provided for the ''Send alerts to'' field in the
Advanced Data Security server settings. This email address receives alert
notifications when anomalous activities are detected on SQL servers.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAddresses[*]","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","type":"Microsoft.Authorization/policyDefinitions","name":"9677b740-f641-4f3c-b9c5-466005c85278"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAddresses[*]","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","type":"Microsoft.Authorization/policyDefinitions","name":"9677b740-f641-4f3c-b9c5-466005c85278"},{"properties":{"displayName":"Microsoft
+ Managed Control 1453 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1453"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9693b564-3008-42bc-9d5d-9c7fe198c011","type":"Microsoft.Authorization/policyDefinitions","name":"9693b564-3008-42bc-9d5d-9c7fe198c011"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Adminstrative Templates
- MSS (Legacy)''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -5898,7 +8695,11 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Adminstrative Templates - MSS (Legacy)''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdminstrativeTemplatesMSSLegacy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97646672-5efa-4622-9b54-740270ad60bf","type":"Microsoft.Authorization/policyDefinitions","name":"97646672-5efa-4622-9b54-740270ad60bf"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdminstrativeTemplatesMSSLegacy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97646672-5efa-4622-9b54-740270ad60bf","type":"Microsoft.Authorization/policyDefinitions","name":"97646672-5efa-4622-9b54-740270ad60bf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1607 - Developer Security Testing And Evaluation | Dynamic
+ Code Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1607"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/976a74cf-b192-4d35-8cab-2068f272addb","type":"Microsoft.Authorization/policyDefinitions","name":"976a74cf-b192-4d35-8cab-2068f272addb"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - Policy Change''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5923,8 +8724,14 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit
Authentication Policy Change;ExpectedValue","value":"[parameters(''AuditAuthenticationPolicyChange'')]"},{"name":"Audit
Authorization Policy Change;ExpectedValue","value":"[parameters(''AuditAuthorizationPolicyChange'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97b595c8-fd10-400e-8543-28e2b9138b13","type":"Microsoft.Authorization/policyDefinitions","name":"97b595c8-fd10-400e-8543-28e2b9138b13"},{"properties":{"displayName":"Allow
- resource creation only in United States data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97b595c8-fd10-400e-8543-28e2b9138b13","type":"Microsoft.Authorization/policyDefinitions","name":"97b595c8-fd10-400e-8543-28e2b9138b13"},{"properties":{"displayName":"Microsoft
+ Managed Control 1136 - Audit Record Retention","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1136"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97ed5bac-a92f-4f6d-a8ed-dc094723597c","type":"Microsoft.Authorization/policyDefinitions","name":"97ed5bac-a92f-4f6d-a8ed-dc094723597c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1378 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1378"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97fceb70-6983-42d0-9331-18ad8253184d","type":"Microsoft.Authorization/policyDefinitions","name":"97fceb70-6983-42d0-9331-18ad8253184d"},{"properties":{"displayName":"[Deprecated]:
+ Allow resource creation only in United States data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation in the following locations only: Central US, East US, East
US2, North Central US, South Central US, West US","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["centralus","eastus","eastus2","northcentralus","southcentralus","westus"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869","type":"Microsoft.Authorization/policyDefinitions","name":"983211ba-f348-4758-983b-21fa29294869"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Administrative
@@ -5953,7 +8760,33 @@ interactions:
insecure guest logons;ExpectedValue","value":"[parameters(''EnableInsecureGuestLogons'')]"},{"name":"Minimize
the number of simultaneous connections to the Internet or a Windows Domain;ExpectedValue","value":"[parameters(''AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain'')]"},{"name":"Turn
off multicast name resolution;ExpectedValue","value":"[parameters(''TurnOffMulticastNameResolution'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/985285b7-b97a-419c-8d48-c88cc934c8d8","type":"Microsoft.Authorization/policyDefinitions","name":"985285b7-b97a-419c-8d48-c88cc934c8d8"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/985285b7-b97a-419c-8d48-c88cc934c8d8","type":"Microsoft.Authorization/policyDefinitions","name":"985285b7-b97a-419c-8d48-c88cc934c8d8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1076 - Use Of External Information Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1076"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/98a4bd5f-6436-46d4-ad00-930b5b1dfed4","type":"Microsoft.Authorization/policyDefinitions","name":"98a4bd5f-6436-46d4-ad00-930b5b1dfed4"},{"properties":{"displayName":"Ensure
+ that ''HTTP Version'' is the latest, if used to run the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for HTTP either due to security flaws or to include
+ additional functionality. Using the latest HTTP version for web apps to take
+ advantage of security fixes, if any, and/or new functionalities of the newer
+ version.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.http20Enabled","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db","type":"Microsoft.Authorization/policyDefinitions","name":"991310cd-e9f3-47bc-b7b6-f57b557d07db"},{"properties":{"displayName":"Microsoft
+ Managed Control 1102 - Audit Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1102"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9943c16a-c54c-4b4a-ad28-bfd938cdbf57","type":"Microsoft.Authorization/policyDefinitions","name":"9943c16a-c54c-4b4a-ad28-bfd938cdbf57"},{"properties":{"displayName":"Microsoft
+ Managed Control 1300 - Identification And Authentication (Organizational Users)","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1300"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/99deec7d-5526-472e-b07c-3645a792026a","type":"Microsoft.Authorization/policyDefinitions","name":"99deec7d-5526-472e-b07c-3645a792026a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1036 - Least Privilege | Non-Privileged Access For Nonsecurity
+ Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1036"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9a16d673-8cf0-4dcf-b1d5-9b3e114fef71","type":"Microsoft.Authorization/policyDefinitions","name":"9a16d673-8cf0-4dcf-b1d5-9b3e114fef71"},{"properties":{"displayName":"FTPS
+ only should be required in your API App","policyType":"BuiltIn","mode":"Indexed","description":"Enable
+ FTPS enforcement for enhanced security","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/ftpsState","equals":"FtpsOnly"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5","type":"Microsoft.Authorization/policyDefinitions","name":"9a1b8c48-453a-4044-86c3-d8bfd823e4f5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1021 - Account Management | Restrictions On Use Of Shared
+ / Group Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1021"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9a3eb0a3-428d-4669-baff-20a14eb4b551","type":"Microsoft.Authorization/policyDefinitions","name":"9a3eb0a3-428d-4669-baff-20a14eb4b551"},{"properties":{"displayName":"Deploy
Diagnostic Settings for Azure SQL Database to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
the diagnostic settings for Azure SQL Database to stream to a regional Event
Hub on any Azure SQL Database which is missing this diagnostic settings is
@@ -5970,35 +8803,111 @@ interactions:
or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"fullName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"resources":[{"type":"Microsoft.Sql/servers/databases/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''fullName''),
''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"QueryStoreRuntimeStatistics","enabled":"[parameters(''logsEnabled'')]"},{"category":"QueryStoreWaitStatistics","enabled":"[parameters(''logsEnabled'')]"},{"category":"Errors","enabled":"[parameters(''logsEnabled'')]"},{"category":"DatabaseWaitStatistics","enabled":"[parameters(''logsEnabled'')]"},{"category":"Blocks","enabled":"[parameters(''logsEnabled'')]"},{"category":"SQLInsights","enabled":"[parameters(''logsEnabled'')]"},{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"SQLSecurityAuditEvents","enabled":"[parameters(''logsEnabled'')]"},{"category":"Timeouts","enabled":"[parameters(''logsEnabled'')]"},{"category":"AutomaticTuning","enabled":"[parameters(''logsEnabled'')]"},{"category":"Deadlocks","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
diagnostic settings for '', parameters(''fullName''))]"}}},"parameters":{"location":{"value":"[field(''location'')]"},"fullName":{"value":"[field(''fullName'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9a7c7a7d-49e5-4213-bea8-6a502b6272e0","type":"Microsoft.Authorization/policyDefinitions","name":"9a7c7a7d-49e5-4213-bea8-6a502b6272e0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1049 - System Use Notification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1049"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9adf7ba7-900a-4f35-8d57-9f34aafc405c","type":"Microsoft.Authorization/policyDefinitions","name":"9adf7ba7-900a-4f35-8d57-9f34aafc405c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1563 - Allocation Of Resources","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1563"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9afe2edf-232c-4fdf-8e6a-e867a5c525fd","type":"Microsoft.Authorization/policyDefinitions","name":"9afe2edf-232c-4fdf-8e6a-e867a5c525fd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1462 - Monitoring Physical Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1462"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9b1f3a9a-13a1-4b40-8420-36bca6fd8c02","type":"Microsoft.Authorization/policyDefinitions","name":"9b1f3a9a-13a1-4b40-8420-36bca6fd8c02"},{"properties":{"displayName":"Microsoft
IaaSAntimalware extension should be deployed on Windows servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Windows server VM without Microsoft IaaSAntimalware extension
deployed.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk"]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","type":"Microsoft.Authorization/policyDefinitions","name":"9b597639-28e4-48eb-b506-56b05d366257"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk"]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","type":"Microsoft.Authorization/policyDefinitions","name":"9b597639-28e4-48eb-b506-56b05d366257"},{"properties":{"displayName":"Microsoft
+ Managed Control 1236 - Software Usage Restrictions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1236"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ba3ed84-c768-4e18-b87c-34ef1aff1b57","type":"Microsoft.Authorization/policyDefinitions","name":"9ba3ed84-c768-4e18-b87c-34ef1aff1b57"},{"properties":{"displayName":"Microsoft
+ Managed Control 1525 - Personnel Transfer","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1525"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9be2f688-7a61-45e3-8230-e1ec93893f66","type":"Microsoft.Authorization/policyDefinitions","name":"9be2f688-7a61-45e3-8230-e1ec93893f66"},{"properties":{"displayName":"[Deprecated]:
Audit API Applications that are not using latest supported Java Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported Java version for the latest security classes. Using older
classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745","type":"Microsoft.Authorization/policyDefinitions","name":"9bfe3727-0a17-471f-a2fe-eddd6b668745"},{"properties":{"displayName":"Access
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745","type":"Microsoft.Authorization/policyDefinitions","name":"9bfe3727-0a17-471f-a2fe-eddd6b668745"},{"properties":{"displayName":"Microsoft
+ Managed Control 1138 - Audit Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1138"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9c284fc0-268a-4f29-af44-3c126674edb4","type":"Microsoft.Authorization/policyDefinitions","name":"9c284fc0-268a-4f29-af44-3c126674edb4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1135 - Non-Repudiation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1135"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9c308b6b-2429-4b97-86cf-081b8e737b04","type":"Microsoft.Authorization/policyDefinitions","name":"9c308b6b-2429-4b97-86cf-081b8e737b04"},{"properties":{"displayName":"Microsoft
+ Managed Control 1489 - Location Of Information System Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1489"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d0a794f-1444-4c96-9534-e35fc8c39c91","type":"Microsoft.Authorization/policyDefinitions","name":"9d0a794f-1444-4c96-9534-e35fc8c39c91"},{"properties":{"displayName":"Ensure
+ that ''Java version'' is the latest, if used as a part of the Funtion app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Java software either due to security flaws
+ or to include additional functionality. Using the latest Java version for
+ Function apps is recommended in order to to take advantage of security fixes,
+ if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ Java version","description":"Latest supported Java version for App Services"},"defaultValue":"11"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"JAVA"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","like":"[concat(''*'',
+ parameters(''JavaLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.javaVersion","like":"[concat(parameters(''JavaLatestVersion''),
+ ''*'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","type":"Microsoft.Authorization/policyDefinitions","name":"9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1322 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1322"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d1d971e-467e-4278-9633-c74c3d4fecc4","type":"Microsoft.Authorization/policyDefinitions","name":"9d1d971e-467e-4278-9633-c74c3d4fecc4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1233 - Configuration Management Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1233"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d79001f-95fe-45d0-8736-f217e78c1f57","type":"Microsoft.Authorization/policyDefinitions","name":"9d79001f-95fe-45d0-8736-f217e78c1f57"},{"properties":{"displayName":"Microsoft
+ Managed Control 1305 - Identification And Authentication (Org. Users) | Group
+ Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1305"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d9166a8-1722-4b8f-847c-2cf3f2618b3d","type":"Microsoft.Authorization/policyDefinitions","name":"9d9166a8-1722-4b8f-847c-2cf3f2618b3d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1259 - Contingency Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1259"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d9e18f7-bad9-4d30-8806-a0c9d5e26208","type":"Microsoft.Authorization/policyDefinitions","name":"9d9e18f7-bad9-4d30-8806-a0c9d5e26208"},{"properties":{"displayName":"Access
through Internet facing endpoint should be restricted","policyType":"BuiltIn","mode":"All","description":"Azure
Security center has identified some of your Network Security Groups'' inbound
rules to be too permissive. Inbound rules should not allow access from ''Any''
or ''Internet'' ranges. This can potentially enable attackers to easily target
your resources.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedNetworkEndpoint","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","type":"Microsoft.Authorization/policyDefinitions","name":"9daedab3-fb2d-461e-b861-71790eead4f6"},{"properties":{"displayName":"Append
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedNetworkEndpoint","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","type":"Microsoft.Authorization/policyDefinitions","name":"9daedab3-fb2d-461e-b861-71790eead4f6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1500 - Rules Of Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1500"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9dd5b241-03cb-47d3-a5cd-4b89f9c53c92","type":"Microsoft.Authorization/policyDefinitions","name":"9dd5b241-03cb-47d3-a5cd-4b89f9c53c92"},{"properties":{"displayName":"Microsoft
+ Managed Control 1482 - Temperature And Humidity Controls | Monitoring With
+ Alarms / Notifications","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1482"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9df4277e-8c88-4d5c-9b1a-541d53d15d7b","type":"Microsoft.Authorization/policyDefinitions","name":"9df4277e-8c88-4d5c-9b1a-541d53d15d7b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1553 - Vulnerability Scanning | Breadth / Depth Of Coverage","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1553"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9e5225fe-cdfb-4fce-9aec-0fe20dd53b62","type":"Microsoft.Authorization/policyDefinitions","name":"9e5225fe-cdfb-4fce-9aec-0fe20dd53b62"},{"properties":{"displayName":"Microsoft
+ Managed Control 1490 - Security Planning Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1490"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9e61da80-0957-4892-b70c-609d5eaafb6b","type":"Microsoft.Authorization/policyDefinitions","name":"9e61da80-0957-4892-b70c-609d5eaafb6b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1504 - Information Security Architecture","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1504"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9e7c35d0-12d4-4e0c-80a2-8a352537aefd","type":"Microsoft.Authorization/policyDefinitions","name":"9e7c35d0-12d4-4e0c-80a2-8a352537aefd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1609 - Development Process, Standards, And Tools","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1609"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9e93fa71-42ac-41a7-b177-efbfdc53c69f","type":"Microsoft.Authorization/policyDefinitions","name":"9e93fa71-42ac-41a7-b177-efbfdc53c69f"},{"properties":{"displayName":"Append
tag and its value from the resource group","policyType":"BuiltIn","mode":"Indexed","description":"Appends
the specified tag with its value from the resource group when any resource
which is missing this tag is created or updated. Does not modify the tags
of resources created before this policy was applied until those resources
- are changed.","metadata":{"category":"General"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ are changed. New ''modify'' effect policies are available that support remediation
+ of tags on existing resources (see https://aka.ms/modifydoc).","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"allOf":[{"field":"[concat(''tags['',
parameters(''tagName''), '']'')]","exists":"false"},{"value":"[resourceGroup().tags[parameters(''tagName'')]]","notEquals":""}]},"then":{"effect":"append","details":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[resourceGroup().tags[parameters(''tagName'')]]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ea02ca2-71db-412d-8b00-7c7ca9fcd32d","type":"Microsoft.Authorization/policyDefinitions","name":"9ea02ca2-71db-412d-8b00-7c7ca9fcd32d"},{"properties":{"displayName":"Show
+ parameters(''tagName''), '']'')]","value":"[resourceGroup().tags[parameters(''tagName'')]]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ea02ca2-71db-412d-8b00-7c7ca9fcd32d","type":"Microsoft.Authorization/policyDefinitions","name":"9ea02ca2-71db-412d-8b00-7c7ca9fcd32d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1494 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1494"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ed09d84-3311-4853-8b67-2b55dfa33d09","type":"Microsoft.Authorization/policyDefinitions","name":"9ed09d84-3311-4853-8b67-2b55dfa33d09"},{"properties":{"displayName":"Microsoft
+ Managed Control 1514 - Personnel Screening | Information With Special Protection
+ Measures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1514"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ed5ca00-0e43-434e-a018-7aab91461ba7","type":"Microsoft.Authorization/policyDefinitions","name":"9ed5ca00-0e43-434e-a018-7aab91461ba7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1187 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1187"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9f2b2f9e-4ba6-46c3-907f-66db138b6f85","type":"Microsoft.Authorization/policyDefinitions","name":"9f2b2f9e-4ba6-46c3-907f-66db138b6f85"},{"properties":{"displayName":"Show
audit results from Windows VMs that are not set to the specified time zone","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that are not set to the specified time zone.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsTimeZone","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9f658460-46b7-43af-8565-94fc0662be38","type":"Microsoft.Authorization/policyDefinitions","name":"9f658460-46b7-43af-8565-94fc0662be38"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsTimeZone","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9f658460-46b7-43af-8565-94fc0662be38","type":"Microsoft.Authorization/policyDefinitions","name":"9f658460-46b7-43af-8565-94fc0662be38"},{"properties":{"displayName":"Microsoft
+ Managed Control 1354 - Incident Response Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1354"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9fd92c17-163a-4511-bb96-bbb476449796","type":"Microsoft.Authorization/policyDefinitions","name":"9fd92c17-163a-4511-bb96-bbb476449796"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs on which the Log Analytics agent is not
connected as expected","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -6006,14 +8915,22 @@ interactions:
auditing Windows virtual machines on which the Log Analytics agent is not
connected to the specified workspaces. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsLogAnalyticsAgentConnection","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a030a57e-4639-4e8f-ade9-a92f33afe7ee","type":"Microsoft.Authorization/policyDefinitions","name":"a030a57e-4639-4e8f-ade9-a92f33afe7ee"},{"properties":{"displayName":"Allowed
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsLogAnalyticsAgentConnection","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a030a57e-4639-4e8f-ade9-a92f33afe7ee","type":"Microsoft.Authorization/policyDefinitions","name":"a030a57e-4639-4e8f-ade9-a92f33afe7ee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1145 - Security Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1145"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a0724970-9c75-4a64-a225-a28002953f28","type":"Microsoft.Authorization/policyDefinitions","name":"a0724970-9c75-4a64-a225-a28002953f28"},{"properties":{"displayName":"Allowed
resource types","policyType":"BuiltIn","mode":"Indexed","description":"This
policy enables you to specify the resource types that your organization can
deploy. Only resource types that support ''tags'' and ''location'' will be
affected by this policy. To restrict all resources please duplicate this policy
and change the ''mode'' to ''All''.","metadata":{"category":"General"},"parameters":{"listOfResourceTypesAllowed":{"type":"Array","metadata":{"description":"The
list of resource types that can be deployed.","displayName":"Allowed resource
- types","strongType":"resourceTypes"}}},"policyRule":{"if":{"not":{"field":"type","in":"[parameters(''listOfResourceTypesAllowed'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c","type":"Microsoft.Authorization/policyDefinitions","name":"a08ec900-254a-4555-9bf5-e42af04b5c5c"},{"properties":{"displayName":"Security
+ types","strongType":"resourceTypes"}}},"policyRule":{"if":{"not":{"field":"type","in":"[parameters(''listOfResourceTypesAllowed'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c","type":"Microsoft.Authorization/policyDefinitions","name":"a08ec900-254a-4555-9bf5-e42af04b5c5c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1245 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1245"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a0e45314-57b8-4623-80cd-bbb561f59516","type":"Microsoft.Authorization/policyDefinitions","name":"a0e45314-57b8-4623-80cd-bbb561f59516"},{"properties":{"displayName":"Microsoft
+ Managed Control 1406 - Maintenance Tools | Inspect Media","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1406"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a0f5339c-9292-43aa-a0bc-d27c6b8e30aa","type":"Microsoft.Authorization/policyDefinitions","name":"a0f5339c-9292-43aa-a0bc-d27c6b8e30aa"},{"properties":{"displayName":"Security
Center standard pricing tier should be selected","policyType":"BuiltIn","mode":"All","description":"The
standard pricing tier enables threat detection for networks and virtual machines,
providing threat intelligence, anomaly detection, and behavior analytics in
@@ -6026,20 +8943,72 @@ interactions:
security model, you shoud create access policies at the entity level for queues
and topics to provide access to only the specific entity","metadata":{"category":"Service
Bus"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceBus/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","type":"Microsoft.Authorization/policyDefinitions","name":"a1817ec0-a368-432a-8057-8371e17ac6ee"},{"properties":{"displayName":"[Preview]:
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceBus/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","type":"Microsoft.Authorization/policyDefinitions","name":"a1817ec0-a368-432a-8057-8371e17ac6ee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1265 - Contingency Plan Testing | Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1265"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a18adb5b-1db6-4a5b-901a-7d3797d12972","type":"Microsoft.Authorization/policyDefinitions","name":"a18adb5b-1db6-4a5b-901a-7d3797d12972"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Logic Apps to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Logic Apps to stream to a regional Event Hub when
+ any Logic Apps which is missing this diagnostic settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Logic/workflows/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"WorkflowRuntime","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1dae6c7-13f3-48ea-a149-ff8442661f60","type":"Microsoft.Authorization/policyDefinitions","name":"a1dae6c7-13f3-48ea-a149-ff8442661f60"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Administrative Templates
- System''","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Administrative
Templates - System''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1e8dda3-9fd2-4835-aec3-0e55531fde33","type":"Microsoft.Authorization/policyDefinitions","name":"a1e8dda3-9fd2-4835-aec3-0e55531fde33"},{"properties":{"displayName":"Show
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1e8dda3-9fd2-4835-aec3-0e55531fde33","type":"Microsoft.Authorization/policyDefinitions","name":"a1e8dda3-9fd2-4835-aec3-0e55531fde33"},{"properties":{"displayName":"Microsoft
+ Managed Control 1612 - Developer Security Architecture And Design","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1612"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2037b3d-8b04-4171-8610-e6d4f1d08db5","type":"Microsoft.Authorization/policyDefinitions","name":"a2037b3d-8b04-4171-8610-e6d4f1d08db5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1197 - Configuration Change Control | Test / Validate / Document
+ Changes","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1197"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a20d2eaa-88e2-4907-96a2-8f3a05797e5c","type":"Microsoft.Authorization/policyDefinitions","name":"a20d2eaa-88e2-4907-96a2-8f3a05797e5c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1275 - Alternate Processing Site | Separation From Primary
+ Site","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1275"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a23d9d53-ad2e-45ef-afd5-e6d10900a737","type":"Microsoft.Authorization/policyDefinitions","name":"a23d9d53-ad2e-45ef-afd5-e6d10900a737"},{"properties":{"displayName":"Microsoft
+ Managed Control 1690 - Information System Monitoring | System-Wide Intrusion
+ Detection System","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1690"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2567a23-d1c3-4783-99f3-d471302a4d6b","type":"Microsoft.Authorization/policyDefinitions","name":"a2567a23-d1c3-4783-99f3-d471302a4d6b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1410 - Maintenance Tools | Prevent Unauthorized Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1410"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2596a9f-e59f-420d-9625-6e0b536348be","type":"Microsoft.Authorization/policyDefinitions","name":"a2596a9f-e59f-420d-9625-6e0b536348be"},{"properties":{"displayName":"Microsoft
+ Managed Control 1059 - Remote Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1059"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a29b5d9f-4953-4afe-b560-203a6410b6b4","type":"Microsoft.Authorization/policyDefinitions","name":"a29b5d9f-4953-4afe-b560-203a6410b6b4"},{"properties":{"displayName":"Show
audit results from Windows VMs that are not joined to the specified domain","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that are not joined to the specified domain.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDomainMembership","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a29ee95c-0395-4515-9851-cc04ffe82a91","type":"Microsoft.Authorization/policyDefinitions","name":"a29ee95c-0395-4515-9851-cc04ffe82a91"},{"properties":{"displayName":"Audit
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDomainMembership","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a29ee95c-0395-4515-9851-cc04ffe82a91","type":"Microsoft.Authorization/policyDefinitions","name":"a29ee95c-0395-4515-9851-cc04ffe82a91"},{"properties":{"displayName":"Microsoft
+ Managed Control 1532 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1532"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2c66299-9017-4d95-8040-8bdbf7901d52","type":"Microsoft.Authorization/policyDefinitions","name":"a2c66299-9017-4d95-8040-8bdbf7901d52"},{"properties":{"displayName":"Microsoft
+ Managed Control 1664 - Protection Of Information At Rest | Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1664"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2cdf6b8-9505-4619-b579-309ba72037ac","type":"Microsoft.Authorization/policyDefinitions","name":"a2cdf6b8-9505-4619-b579-309ba72037ac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1252 - Contingency Plan | Capacity Planning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1252"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a328fd72-8ff5-4f96-8c9c-b30ed95db4ab","type":"Microsoft.Authorization/policyDefinitions","name":"a328fd72-8ff5-4f96-8c9c-b30ed95db4ab"},{"properties":{"displayName":"Microsoft
+ Managed Control 1238 - User-Installed Software","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1238"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1","type":"Microsoft.Authorization/policyDefinitions","name":"a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1693 - Information System Monitoring | System-Generated Alerts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1693"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a450eba6-2efc-4a00-846a-5804a93c6b77","type":"Microsoft.Authorization/policyDefinitions","name":"a450eba6-2efc-4a00-846a-5804a93c6b77"},{"properties":{"displayName":"Audit
usage of custom RBAC rules","policyType":"BuiltIn","mode":"All","description":"Audit
built-in roles such as ''Owner, Contributer, Reader'' instead of custom RBAC
roles, which are error prone. Using custom roles is treated as an exception
@@ -6048,28 +9017,63 @@ interactions:
Application should only be accessible over HTTPS","policyType":"BuiltIn","mode":"Indexed","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","type":"Microsoft.Authorization/policyDefinitions","name":"a4af4a39-4135-47fb-b175-47fbdf85311d"},{"properties":{"displayName":"Auditing
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","type":"Microsoft.Authorization/policyDefinitions","name":"a4af4a39-4135-47fb-b175-47fbdf85311d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1617 - Application Partitioning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1617"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a631d8f5-eb81-4f9d-9ee1-74431371e4a3","type":"Microsoft.Authorization/policyDefinitions","name":"a631d8f5-eb81-4f9d-9ee1-74431371e4a3"},{"properties":{"displayName":"Auditing
should be enabled on advanced data security settings on SQL Server","policyType":"BuiltIn","mode":"Indexed","description":"Auditing
tracks database events and writes them to an audit log in the Azure storage
account. It also helps to maintain regulatory compliance, understand database
activity, and gain insight into discrepancies and anomalies that could indicate
business concerns or suspected security violations.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"setting":{"type":"String","metadata":{"displayName":"Desired
- Auditing setting"},"allowedValues":["enabled","disabled"],"defaultValue":"enabled"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"field":"Microsoft.Sql/auditingSettings.state","equals":"[parameters(''setting'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","type":"Microsoft.Authorization/policyDefinitions","name":"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9"},{"properties":{"displayName":"DDoS
+ Auditing setting"},"allowedValues":["enabled","disabled"],"defaultValue":"enabled"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"field":"Microsoft.Sql/auditingSettings.state","equals":"[parameters(''setting'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","type":"Microsoft.Authorization/policyDefinitions","name":"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9"},{"properties":{"displayName":"The
+ Log Analytics agent should be installed on virtual machines","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Windows/Linux virtual machines if the Log Analytics agent
+ is not installed.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","in":["MicrosoftMonitoringAgent","OmsAgentForLinux"]},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"},{"field":"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be","type":"Microsoft.Authorization/policyDefinitions","name":"a70ca396-0a34-413a-88e1-b956c1e683be"},{"properties":{"displayName":"Microsoft
+ Managed Control 1431 - Media Storage","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1431"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7173c52-2b99-4696-a576-63dd5f970ef4","type":"Microsoft.Authorization/policyDefinitions","name":"a7173c52-2b99-4696-a576-63dd5f970ef4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1644 - Cryptographic Key Establishment And Management | Availability","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1644"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7211477-c970-446b-b4af-062f37461147","type":"Microsoft.Authorization/policyDefinitions","name":"a7211477-c970-446b-b4af-062f37461147"},{"properties":{"displayName":"Microsoft
+ Managed Control 1027 - Access Enforcement","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1027"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c","type":"Microsoft.Authorization/policyDefinitions","name":"a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c"},{"properties":{"displayName":"DDoS
Protection Standard should be enabled","policyType":"BuiltIn","mode":"All","description":"DDoS
protection standard should be enabled for all virtual networks with a subnet
that is part of an application gateway with a public IP.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"microsoft.network/virtualNetworks"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableDDoSProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","type":"Microsoft.Authorization/policyDefinitions","name":"a7aca53f-2ed4-4466-a25e-0b45ade68efd"},{"properties":{"displayName":"Require
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"microsoft.network/virtualNetworks"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableDDoSProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","type":"Microsoft.Authorization/policyDefinitions","name":"a7aca53f-2ed4-4466-a25e-0b45ade68efd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1570 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1570"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7fcf38d-bb09-4600-be7d-825046eb162a","type":"Microsoft.Authorization/policyDefinitions","name":"a7fcf38d-bb09-4600-be7d-825046eb162a"},{"properties":{"displayName":"Require
encryption on Data Lake Store accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
policy ensures encryption is enabled on all Data Lake Store accounts","metadata":{"category":"Data
- Lake"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},{"field":"Microsoft.DataLakeStore/accounts/encryptionState","equals":"Disabled"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"a7ff3161-0087-490a-9ad9-ad6217f4f43a"},{"properties":{"displayName":"[Deprecated]
+ Lake"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},{"field":"Microsoft.DataLakeStore/accounts/encryptionState","equals":"Disabled"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"a7ff3161-0087-490a-9ad9-ad6217f4f43a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1295 - Information System Recovery And Reconstitution","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1295"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a895fbdb-204d-4302-9689-0a59dc42b3d9","type":"Microsoft.Authorization/policyDefinitions","name":"a895fbdb-204d-4302-9689-0a59dc42b3d9"},{"properties":{"displayName":"[Deprecated]
Monitor unencrypted SQL databases in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Unencrypted
SQL databases will be monitored by Azure Security Center as recommendations.
This policy is deprecated and replaced by the following policy: Transparent
Data Encryption on SQL databases should be enabled''","metadata":{"category":"Security
Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16","type":"Microsoft.Authorization/policyDefinitions","name":"a8bef009-a5c9-4d0f-90d7-6018734e8a16"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16","type":"Microsoft.Authorization/policyDefinitions","name":"a8bef009-a5c9-4d0f-90d7-6018734e8a16"},{"properties":{"displayName":"Microsoft
+ Managed Control 1283 - Telecommunications Services | Separation Of Primary
+ / Alternate Providers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1283"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9172e76-7f56-46e9-93bf-75d69bdb5491","type":"Microsoft.Authorization/policyDefinitions","name":"a9172e76-7f56-46e9-93bf-75d69bdb5491"},{"properties":{"displayName":"Microsoft
+ Managed Control 1400 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1400"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a96d5098-a604-4cdf-90b1-ef6449a27424","type":"Microsoft.Authorization/policyDefinitions","name":"a96d5098-a604-4cdf-90b1-ef6449a27424"},{"properties":{"displayName":"Microsoft
+ Managed Control 1118 - Audit Review, Analysis, And Reporting | Correlate Audit
+ Repositories","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1118"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a96f743d-a195-420d-983a-08aa06bc441e","type":"Microsoft.Authorization/policyDefinitions","name":"a96f743d-a195-420d-983a-08aa06bc441e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1199 - Configuration Change Control | Cryptography Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1199"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9a08d1c-09b1-48f1-90ea-029bbdf7111e","type":"Microsoft.Authorization/policyDefinitions","name":"a9a08d1c-09b1-48f1-90ea-029bbdf7111e"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Detailed Tracking''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -6082,38 +9086,100 @@ interactions:
policy creates a network watcher resource in regions with virtual networks.
You need to ensure existence of a resource group named networkWatcherRG, which
will be used to deploy network watcher instances.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/virtualNetworks"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Network/networkWatchers","resourceGroupName":"networkWatcherRG","existenceCondition":{"field":"location","equals":"[field(''location'')]"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json","contentVersion":"1.0.0.0","parameters":{"location":{"type":"string"}},"resources":[{"apiVersion":"2016-09-01","type":"Microsoft.Network/networkWatchers","name":"[concat(''networkWatcher_'',
- parameters(''location''))]","location":"[parameters(''location'')]"}]},"parameters":{"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9","type":"Microsoft.Authorization/policyDefinitions","name":"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9"},{"properties":{"displayName":"MFA
+ parameters(''location''))]","location":"[parameters(''location'')]"}]},"parameters":{"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9","type":"Microsoft.Authorization/policyDefinitions","name":"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1511 - Personnel Screening","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1511"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9eae324-d327-4539-9293-b48e122465f8","type":"Microsoft.Authorization/policyDefinitions","name":"a9eae324-d327-4539-9293-b48e122465f8"},{"properties":{"displayName":"MFA
should be enabled on accounts with owner permissions on your subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor
Authentication (MFA) should be enabled for all subscription accounts with
owner permissions to prevent a breach of accounts or resources.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","type":"Microsoft.Authorization/policyDefinitions","name":"aa633080-8b72-40c4-a2d7-d00c03e80bed"},{"properties":{"displayName":"Automatic
- provisioning of security monitoring agent","policyType":"BuiltIn","mode":"All","description":"Installs
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","type":"Microsoft.Authorization/policyDefinitions","name":"aa633080-8b72-40c4-a2d7-d00c03e80bed"},{"properties":{"displayName":"Ensure
+ that Register with Azure Active Directory is enabled on WEB App","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aa81768c-cb87-4ce2-bfaa-00baa10d760c","type":"Microsoft.Authorization/policyDefinitions","name":"aa81768c-cb87-4ce2-bfaa-00baa10d760c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1539 - Security Categorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1539"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aabb155f-e7a5-4896-a767-e918bfae2ee0","type":"Microsoft.Authorization/policyDefinitions","name":"aabb155f-e7a5-4896-a767-e918bfae2ee0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1006 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1006"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aae8d54c-4bce-4c04-b3aa-5b65b67caac8","type":"Microsoft.Authorization/policyDefinitions","name":"aae8d54c-4bce-4c04-b3aa-5b65b67caac8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1461 - Monitoring Physical Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1461"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aafef03e-fea8-470b-88fa-54bd1fcd7064","type":"Microsoft.Authorization/policyDefinitions","name":"aafef03e-fea8-470b-88fa-54bd1fcd7064"},{"properties":{"displayName":"Microsoft
+ Managed Control 1073 - Access Control For Mobile Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1073"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ab55cdb0-c7dd-4bd8-ae22-a7cea7594e9c","type":"Microsoft.Authorization/policyDefinitions","name":"ab55cdb0-c7dd-4bd8-ae22-a7cea7594e9c"},{"properties":{"displayName":"Ensure
+ that ''PHP version'' is the latest, if used as a part of the Function app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for PHP software either due to security flaws
+ or to include additional functionality. Using the latest PHP version for Function
+ apps is recommended in order to to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ PHP version","description":"Latest supported PHP version for App Services"},"defaultValue":"7.3"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PHP"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PHP|'',
+ parameters(''PHPLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":"[parameters(''PHPLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ab965db2-d2bf-4b64-8b39-c38ec8179461","type":"Microsoft.Authorization/policyDefinitions","name":"ab965db2-d2bf-4b64-8b39-c38ec8179461"},{"properties":{"displayName":"[Deprecated]:
+ Automatic provisioning of security monitoring agent","policyType":"BuiltIn","mode":"All","description":"Installs
security agent on VMs for advanced security alerts and preventions in Azure
Security Center. Applies only for subscriptions that use Azure Security Center.","metadata":{"category":"Security
- Center","deprecated":true},"parameters":{},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Security/complianceResults","name":"securityAgent","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24","type":"Microsoft.Authorization/policyDefinitions","name":"abcc6037-1fc4-47f6-aac5-89706589be24"},{"properties":{"displayName":"Advanced
+ Center","deprecated":true},"parameters":{},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Security/complianceResults","name":"securityAgent","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24","type":"Microsoft.Authorization/policyDefinitions","name":"abcc6037-1fc4-47f6-aac5-89706589be24"},{"properties":{"displayName":"Microsoft
+ Managed Control 1323 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1323"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abe8f70b-680f-470c-9b86-a7edfb664ecc","type":"Microsoft.Authorization/policyDefinitions","name":"abe8f70b-680f-470c-9b86-a7edfb664ecc"},{"properties":{"displayName":"Advanced
data security should be enabled on your SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"Audit
SQL servers without Advanced Data Security","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/state","equals":"Enabled"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","type":"Microsoft.Authorization/policyDefinitions","name":"abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9"},{"properties":{"displayName":"Advanced
data security should be enabled on your SQL managed instances","policyType":"BuiltIn","mode":"Indexed","description":"Audit
SQL managed instances without Advanced Data Security","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/state","equals":"Enabled"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","type":"Microsoft.Authorization/policyDefinitions","name":"abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/state","equals":"Enabled"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","type":"Microsoft.Authorization/policyDefinitions","name":"abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1056 - Session Termination | User-Initiated Logouts / Message
+ Displays","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1056"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac43352f-df83-4694-8738-cfce549fd08d","type":"Microsoft.Authorization/policyDefinitions","name":"ac43352f-df83-4694-8738-cfce549fd08d"},{"properties":{"displayName":"[Preview]:
Role-Based Access Control (RBAC) should be used on Kubernetes Services","policyType":"BuiltIn","mode":"All","description":"To
provide granular filtering on the actions that users can perform, use Role-Based
Access Control (RBAC) to manage permissions in Kubernetes Service Clusters
and configure relevant authorization policies.","metadata":{"category":"Security
Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/enableRBAC","exists":"false"},{"field":"Microsoft.ContainerService/managedClusters/enableRBAC","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","type":"Microsoft.Authorization/policyDefinitions","name":"ac4a19c2-fa67-49b4-8ae5-0b2e78c49457"},{"properties":{"displayName":"Allow
- resource creation if ''environment'' tag value in allowed values","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/enableRBAC","exists":"false"},{"field":"Microsoft.ContainerService/managedClusters/enableRBAC","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","type":"Microsoft.Authorization/policyDefinitions","name":"ac4a19c2-fa67-49b4-8ae5-0b2e78c49457"},{"properties":{"displayName":"[Deprecated]:
+ Allow resource creation if ''environment'' tag value in allowed values","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation if the ''environment'' tag is set to one of the following
- values: production, dev, test, staging","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags.environment","in":["production","dev","test","staging"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9","type":"Microsoft.Authorization/policyDefinitions","name":"ac7e5fc0-c029-4b12-91d4-a8500ce697f9"},{"properties":{"displayName":"Email
+ values: production, dev, test, staging","metadata":{"category":"Tags","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags[''environment'']","in":["production","dev","test","staging"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9","type":"Microsoft.Authorization/policyDefinitions","name":"ac7e5fc0-c029-4b12-91d4-a8500ce697f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1569 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1569"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ad2f8e61-a564-4dfd-8eaa-816f5be8cb34","type":"Microsoft.Authorization/policyDefinitions","name":"ad2f8e61-a564-4dfd-8eaa-816f5be8cb34"},{"properties":{"displayName":"Microsoft
+ Managed Control 1454 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1454"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ad58985d-ab32-4f99-8bd3-b7e134c90229","type":"Microsoft.Authorization/policyDefinitions","name":"ad58985d-ab32-4f99-8bd3-b7e134c90229"},{"properties":{"displayName":"Microsoft
+ Managed Control 1025 - Account Management | Account Monitoring / Atypical
+ Usage","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1025"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/adfe020d-0a97-45f4-a39c-696ef99f3a95","type":"Microsoft.Authorization/policyDefinitions","name":"adfe020d-0a97-45f4-a39c-696ef99f3a95"},{"properties":{"displayName":"Microsoft
+ Managed Control 1272 - Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1272"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8","type":"Microsoft.Authorization/policyDefinitions","name":"ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8"},{"properties":{"displayName":"SQL
+ Server should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any SQL Server not configured to use a virtual network service
+ endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/virtualNetworkRules","existenceCondition":{"field":"Microsoft.Sql/servers/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ae5d2f14-d830-42b6-9899-df6cfe9c71a3","type":"Microsoft.Authorization/policyDefinitions","name":"ae5d2f14-d830-42b6-9899-df6cfe9c71a3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1598 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1598"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ae7e1f5e-2d63-4b38-91ef-bce14151cce3","type":"Microsoft.Authorization/policyDefinitions","name":"ae7e1f5e-2d63-4b38-91ef-bce14151cce3"},{"properties":{"displayName":"Email
notifications to admins and subscription owners should be enabled in SQL managed
instance advanced data security settings","policyType":"BuiltIn","mode":"Indexed","description":"Audit
that ''email notification to admins and subscription owners'' is enabled in
the SQL managed instance advanced threat protection settings. This ensures
that any detections of anomalous activities on SQL managed instance are reported
as soon as possible to the admins.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","type":"Microsoft.Authorization/policyDefinitions","name":"aeb23562-188d-47cb-80b8-551f16ef9fff"},{"properties":{"displayName":"Monitor
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","type":"Microsoft.Authorization/policyDefinitions","name":"aeb23562-188d-47cb-80b8-551f16ef9fff"},{"properties":{"displayName":"Microsoft
+ Managed Control 1413 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1413"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aeedddb6-6bc0-42d5-809b-80048033419d","type":"Microsoft.Authorization/policyDefinitions","name":"aeedddb6-6bc0-42d5-809b-80048033419d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1710 - Security Function Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1710"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/af2a93c8-e6dd-4c94-acdd-4a2eedfc478e","type":"Microsoft.Authorization/policyDefinitions","name":"af2a93c8-e6dd-4c94-acdd-4a2eedfc478e"},{"properties":{"displayName":"Monitor
missing Endpoint Protection in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Servers
without an installed Endpoint Protection agent will be monitored by Azure
Security Center as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -6123,22 +9189,50 @@ interactions:
Security Center as recommendations. This policy is deprecated and replaced
by the following policy: ''Auditing should be enabled on advanced data security
settings on SQL Server''","metadata":{"category":"Security Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"auditing","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d","type":"Microsoft.Authorization/policyDefinitions","name":"af8051bf-258b-44e2-a2bf-165330459f9d"},{"properties":{"displayName":"Activity
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"auditing","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d","type":"Microsoft.Authorization/policyDefinitions","name":"af8051bf-258b-44e2-a2bf-165330459f9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1645 - Cryptographic Key Establishment And Management | Symmetric
+ Keys","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1645"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/afbd0baf-ff1a-4447-a86f-088a97347c0c","type":"Microsoft.Authorization/policyDefinitions","name":"afbd0baf-ff1a-4447-a86f-088a97347c0c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1725 - Error Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1725"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/afc234b5-456b-4aa5-b3e2-ce89108124cc","type":"Microsoft.Authorization/policyDefinitions","name":"afc234b5-456b-4aa5-b3e2-ce89108124cc"},{"properties":{"displayName":"Activity
log should be retained for at least one year","policyType":"BuiltIn","mode":"All","description":"This
policy audits the activity log if the retention is not set for 365 days or
forever (retention days set to 0).","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"true"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"365"}]},{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"false"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"0"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","type":"Microsoft.Authorization/policyDefinitions","name":"b02aacc0-b073-424e-8298-42b22829ee0a"},{"properties":{"displayName":"Just-In-Time
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"true"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"365"}]},{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"false"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"0"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","type":"Microsoft.Authorization/policyDefinitions","name":"b02aacc0-b073-424e-8298-42b22829ee0a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1429 - Media Marking","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1429"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b07c9b24-729e-4e85-95fc-f224d2d08a80","type":"Microsoft.Authorization/policyDefinitions","name":"b07c9b24-729e-4e85-95fc-f224d2d08a80"},{"properties":{"displayName":"Microsoft
+ Managed Control 1711 - Security Function Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1711"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b083a535-a66a-41ec-ba7f-f9498bf67cde","type":"Microsoft.Authorization/policyDefinitions","name":"b083a535-a66a-41ec-ba7f-f9498bf67cde"},{"properties":{"displayName":"Just-In-Time
network access control should be applied on virtual machines","policyType":"BuiltIn","mode":"All","description":"Possible
network Just In Time (JIT) access will be monitored by Azure Security Center
as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"jitNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","type":"Microsoft.Authorization/policyDefinitions","name":"b0f33259-77d7-4c9e-aac6-3aabcfae693c"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"jitNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","type":"Microsoft.Authorization/policyDefinitions","name":"b0f33259-77d7-4c9e-aac6-3aabcfae693c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1571 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1571"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b11c985b-f2cd-4bd7-85f4-b52426edf905","type":"Microsoft.Authorization/policyDefinitions","name":"b11c985b-f2cd-4bd7-85f4-b52426edf905"},{"properties":{"displayName":"[Preview]:
Show audit results from Linux VMs that do not have the passwd file permissions
set to 0644","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Linux
virtual machines that do not have the passwd file permissions set to 0644.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","type":"Microsoft.Authorization/policyDefinitions","name":"b18175dd-c599-4c64-83ba-bb018a06d35b"},{"properties":{"displayName":"All
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","type":"Microsoft.Authorization/policyDefinitions","name":"b18175dd-c599-4c64-83ba-bb018a06d35b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1537 - Risk Assessment Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1537"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b19454ca-0d70-42c0-acf5-ea1c1e5726d1","type":"Microsoft.Authorization/policyDefinitions","name":"b19454ca-0d70-42c0-acf5-ea1c1e5726d1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1091 - Security Awareness Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1091"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b23bd715-5d1c-4e5c-9759-9cbdf79ded9d","type":"Microsoft.Authorization/policyDefinitions","name":"b23bd715-5d1c-4e5c-9759-9cbdf79ded9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1078 - Use Of External Information Systems | Limits On Authorized
+ Use","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1078"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b25faf85-8a16-4f28-8e15-d05c0072d64d","type":"Microsoft.Authorization/policyDefinitions","name":"b25faf85-8a16-4f28-8e15-d05c0072d64d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1009 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1009"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b26f8610-e615-47c2-abd6-c00b2b0b503a","type":"Microsoft.Authorization/policyDefinitions","name":"b26f8610-e615-47c2-abd6-c00b2b0b503a"},{"properties":{"displayName":"All
authorization rules except RootManageSharedAccessKey should be removed from
Event Hub namespace","policyType":"BuiltIn","mode":"All","description":"Event
Hub clients should not use a namespace level access policy that provides access
@@ -6146,7 +9240,13 @@ interactions:
security model, you shoud create access policies at the entity level for queues
and topics to provide access to only the specific entity","metadata":{"category":"Event
Hub"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.EventHub/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","type":"Microsoft.Authorization/policyDefinitions","name":"b278e460-7cfc-4451-8294-cccc40a940d7"},{"properties":{"displayName":"Deploy
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.EventHub/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","type":"Microsoft.Authorization/policyDefinitions","name":"b278e460-7cfc-4451-8294-cccc40a940d7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1234 - Software Usage Restrictions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1234"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b293f881-361c-47ed-b997-bc4e2296bc0b","type":"Microsoft.Authorization/policyDefinitions","name":"b293f881-361c-47ed-b997-bc4e2296bc0b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1107 - Content Of Audit Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1107"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b29ed931-8e21-4779-8458-27916122a904","type":"Microsoft.Authorization/policyDefinitions","name":"b29ed931-8e21-4779-8458-27916122a904"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows web servers that are not using secure communication
protocols","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Windows web servers that
@@ -6158,13 +9258,13 @@ interactions:
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"MinimumTLSVersion":{"type":"String","metadata":{"displayName":"Minimum
TLS version","description":"The minimum TLS protocol version that should be
enabled. Windows web servers with lower TLS versions will be marked as non-compliant."},"allowedValues":["1.1","1.2"],"defaultValue":"1.1"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AuditSecureProtocol","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"anyOf":[{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[SecureWebServer]s1;MinimumTLSVersion'',
- ''='', parameters(''MinimumTLSVersion'')))]"},{"allOf":[{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":""},{"value":"[parameters(''MinimumTLSVersion'')]","equals":"1.1"}]}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AuditSecureProtocol"},"MinimumTLSVersion":{"value":"[parameters(''MinimumTLSVersion'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"MinimumTLSVersion":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[SecureWebServer]s1;MinimumTLSVersion","value":"[parameters(''MinimumTLSVersion'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[SecureWebServer]s1;MinimumTLSVersion","value":"[parameters(''MinimumTLSVersion'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''='', parameters(''MinimumTLSVersion'')))]"},{"allOf":[{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":""},{"value":"[parameters(''MinimumTLSVersion'')]","equals":"1.1"}]}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AuditSecureProtocol"},"MinimumTLSVersion":{"value":"[parameters(''MinimumTLSVersion'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"MinimumTLSVersion":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[SecureWebServer]s1;MinimumTLSVersion","value":"[parameters(''MinimumTLSVersion'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[SecureWebServer]s1;MinimumTLSVersion","value":"[parameters(''MinimumTLSVersion'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","type":"Microsoft.Authorization/policyDefinitions","name":"b2fc8f91-866d-4434-9089-5ebfe38d6fd8"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Logon-Logoff''","policyType":"BuiltIn","mode":"All","description":"This
@@ -6173,14 +9273,29 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''System Audit Policies - Logon-Logoff''. For more information on
Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesLogonLogoff","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b3802d79-dd88-4bce-b81d-780218e48280","type":"Microsoft.Authorization/policyDefinitions","name":"b3802d79-dd88-4bce-b81d-780218e48280"},{"properties":{"displayName":"Diagnostic
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesLogonLogoff","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b3802d79-dd88-4bce-b81d-780218e48280","type":"Microsoft.Authorization/policyDefinitions","name":"b3802d79-dd88-4bce-b81d-780218e48280"},{"properties":{"displayName":"Microsoft
+ Managed Control 1041 - Least Privilege | Privilege Levels For Code Execution","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1041"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b3d8d15b-627a-4219-8c96-4d16f788888b","type":"Microsoft.Authorization/policyDefinitions","name":"b3d8d15b-627a-4219-8c96-4d16f788888b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1380 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1380"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4319b7e-ea8d-42ff-8a67-ccd462972827","type":"Microsoft.Authorization/policyDefinitions","name":"b4319b7e-ea8d-42ff-8a67-ccd462972827"},{"properties":{"displayName":"Diagnostic
logs in Search services should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Search"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","type":"Microsoft.Authorization/policyDefinitions","name":"b4330a05-a843-4bc8-bf9a-cacce50c67f4"},{"properties":{"displayName":"[Deprecated]:
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","type":"Microsoft.Authorization/policyDefinitions","name":"b4330a05-a843-4bc8-bf9a-cacce50c67f4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1172 - Internal System Connections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1172"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b43e946e-a4c8-4b92-8201-4a39331db43c","type":"Microsoft.Authorization/policyDefinitions","name":"b43e946e-a4c8-4b92-8201-4a39331db43c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1672 - Flaw Remediation | Central Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1672"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b45fe972-904e-45a4-ac20-673ba027a301","type":"Microsoft.Authorization/policyDefinitions","name":"b45fe972-904e-45a4-ac20-673ba027a301"},{"properties":{"displayName":"Microsoft
+ Managed Control 1131 - Protection Of Audit Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1131"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b472a17e-c2bc-493f-b50b-42d55a346962","type":"Microsoft.Authorization/policyDefinitions","name":"b472a17e-c2bc-493f-b50b-42d55a346962"},{"properties":{"displayName":"[Deprecated]:
Audit Web Sockets state for an API App","policyType":"BuiltIn","mode":"All","description":"The
Web Sockets protocol is vulnerable to different types of security threats.
Use of Web Sockets within an API app must be carefully reviewed.","metadata":{"category":"Security
@@ -6189,7 +9304,10 @@ interactions:
security contact phone number should be provided for your subscription","policyType":"BuiltIn","mode":"All","description":"Enter
a phone number to receive notifications when Azure Security Center detects
compromised resources","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/phone","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","type":"Microsoft.Authorization/policyDefinitions","name":"b4d66858-c922-44e3-9566-5cdb7a7be744"},{"properties":{"displayName":"Service
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/phone","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","type":"Microsoft.Authorization/policyDefinitions","name":"b4d66858-c922-44e3-9566-5cdb7a7be744"},{"properties":{"displayName":"Microsoft
+ Managed Control 1286 - Telecommunications Services | Provider Contingency
+ Plan","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1286"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4f9b47a-2116-4e6f-88db-4edbf22753f1","type":"Microsoft.Authorization/policyDefinitions","name":"b4f9b47a-2116-4e6f-88db-4edbf22753f1"},{"properties":{"displayName":"Service
Fabric clusters should only use Azure Active Directory for client authentication","policyType":"BuiltIn","mode":"Indexed","description":"Audit
usage of client authentication only via Azure Active Directory in Service
Fabric","metadata":{"category":"Service Fabric"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -6197,20 +9315,34 @@ interactions:
Advanced Threat Protection for Cosmos DB Accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
policy enables Advanced Threat Protection across Cosmos DB accounts.","metadata":{"category":"Cosmos
DB"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"cosmosDbAccountName":{"type":"string"}},"resources":[{"apiVersion":"2017-08-01-preview","type":"Microsoft.DocumentDB/databaseAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''cosmosDbAccountName''),
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"cosmosDbAccountName":{"type":"string"}},"resources":[{"apiVersion":"2019-01-01","type":"Microsoft.DocumentDB/databaseAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''cosmosDbAccountName''),
''/Microsoft.Security/current'')]","properties":{"isEnabled":true}}]},"parameters":{"cosmosDbAccountName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656","type":"Microsoft.Authorization/policyDefinitions","name":"b5f04e03-92a3-4b09-9410-2cc5e5047656"},{"properties":{"displayName":"Diagnostic
logs in App Services should be enabled","policyType":"BuiltIn","mode":"All","description":"Audit
enabling of diagnostic logs on the app. This enables you to recreate activity
trails for investigation purposes if a security incident occurs or your network
is compromised","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","notContains":"functionapp"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"allOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","type":"Microsoft.Authorization/policyDefinitions","name":"b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0"},{"properties":{"displayName":"Network
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","notContains":"functionapp"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"allOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","type":"Microsoft.Authorization/policyDefinitions","name":"b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1419 - Nonlocal Maintenance | Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1419"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6747bf9-2b97-45b8-b162-3c8becb9937d","type":"Microsoft.Authorization/policyDefinitions","name":"b6747bf9-2b97-45b8-b162-3c8becb9937d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1301 - Identification And Authentication (Org. Users) | Network
+ Access To Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1301"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08","type":"Microsoft.Authorization/policyDefinitions","name":"b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08"},{"properties":{"displayName":"Microsoft
+ Managed Control 1568 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1568"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6a8eae8-9854-495a-ac82-d2cd3eac02a6","type":"Microsoft.Authorization/policyDefinitions","name":"b6a8eae8-9854-495a-ac82-d2cd3eac02a6"},{"properties":{"displayName":"Network
Watcher should be enabled","policyType":"BuiltIn","mode":"All","description":"Network
Watcher is a regional service that enables you to monitor and diagnose conditions
at a network scenario level in, to, and from Azure. Scenario level monitoring
enables you to diagnose problems at an end to end network level view. Network
diagnostic and visualization tools available with Network Watcher help you
understand, diagnose, and gain insights to your network in Azure.","metadata":{"category":"Network"},"parameters":{"listOfLocations":{"type":"Array","metadata":{"displayName":"Locations","description":"Audit
- if Network Watcher is not enabled for region(s).","strongType":"location"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Network/networkWatchers","resourceGroupName":"NetworkWatcherRG","existenceCondition":{"field":"location","in":"[parameters(''listOfLocations'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","type":"Microsoft.Authorization/policyDefinitions","name":"b6e2945c-0b7b-40f5-9233-7a5323b5cdc6"},{"properties":{"displayName":"API
+ if Network Watcher is not enabled for region(s).","strongType":"location"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Network/networkWatchers","resourceGroupName":"NetworkWatcherRG","existenceCondition":{"field":"location","in":"[parameters(''listOfLocations'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","type":"Microsoft.Authorization/policyDefinitions","name":"b6e2945c-0b7b-40f5-9233-7a5323b5cdc6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1608 - Supply Chain Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1608"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b73b7b3b-677c-4a2a-b949-ad4dc4acd89f","type":"Microsoft.Authorization/policyDefinitions","name":"b73b7b3b-677c-4a2a-b949-ad4dc4acd89f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1401 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1401"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b78ee928-e3c1-4569-ad97-9f8c4b629847","type":"Microsoft.Authorization/policyDefinitions","name":"b78ee928-e3c1-4569-ad97-9f8c4b629847"},{"properties":{"displayName":"API
App should only be accessible over HTTPS","policyType":"BuiltIn","mode":"Indexed","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -6226,13 +9358,13 @@ interactions:
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"Members":{"type":"String","metadata":{"displayName":"Members","description":"A
semicolon-separated list of all the expected members of the Administrators
local group. Ex: Administrator; myUser1; myUser2"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AdministratorsGroupMembers","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[LocalGroup]AdministratorsGroup;Members'',
- ''='', parameters(''Members'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AdministratorsGroupMembers"},"Members":{"value":"[parameters(''Members'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"Members":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;Members","value":"[parameters(''Members'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;Members","value":"[parameters(''Members'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''='', parameters(''Members'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AdministratorsGroupMembers"},"Members":{"value":"[parameters(''Members'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"Members":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;Members","value":"[parameters(''Members'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;Members","value":"[parameters(''Members'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b821191b-3a12-44bc-9c38-212138a29ff3","type":"Microsoft.Authorization/policyDefinitions","name":"b821191b-3a12-44bc-9c38-212138a29ff3"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Accounts''","policyType":"BuiltIn","mode":"All","description":"This policy
@@ -6240,7 +9372,37 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Security
Options - Accounts''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAccounts","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b872a447-cc6f-43b9-bccf-45703cd81607","type":"Microsoft.Authorization/policyDefinitions","name":"b872a447-cc6f-43b9-bccf-45703cd81607"},{"properties":{"displayName":"[Preview]:
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAccounts","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b872a447-cc6f-43b9-bccf-45703cd81607","type":"Microsoft.Authorization/policyDefinitions","name":"b872a447-cc6f-43b9-bccf-45703cd81607"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Logic Apps to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Logic Apps to stream to a regional Log Analytics
+ workspace when any Logic Apps which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Logic/workflows/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"WorkflowRuntime","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721","type":"Microsoft.Authorization/policyDefinitions","name":"b889a06c-ec72-4b03-910a-cb169ee18721"},{"properties":{"displayName":"Microsoft
+ Managed Control 1257 - Contingency Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1257"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b958b241-4245-4bd6-bd2d-b8f0779fb543","type":"Microsoft.Authorization/policyDefinitions","name":"b958b241-4245-4bd6-bd2d-b8f0779fb543"},{"properties":{"displayName":"Microsoft
+ Managed Control 1186 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1186"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b95ba3bd-4ded-49ea-9d10-c6f4b680813d","type":"Microsoft.Authorization/policyDefinitions","name":"b95ba3bd-4ded-49ea-9d10-c6f4b680813d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1447 - Physical Access Authorizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1447"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b9783a99-98fe-4a95-873f-29613309fe9a","type":"Microsoft.Authorization/policyDefinitions","name":"b9783a99-98fe-4a95-873f-29613309fe9a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1625 - Boundary Protection | Access Points","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1625"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b9b66a4d-70a1-4b47-8fa1-289cec68c605","type":"Microsoft.Authorization/policyDefinitions","name":"b9b66a4d-70a1-4b47-8fa1-289cec68c605"},{"properties":{"displayName":"Microsoft
+ Managed Control 1610 - Development Process, Standards, And Tools","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1610"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b9f3fb54-4222-46a1-a308-4874061f8491","type":"Microsoft.Authorization/policyDefinitions","name":"b9f3fb54-4222-46a1-a308-4874061f8491"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Recovery console''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -6248,7 +9410,23 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - Recovery console''. For more information on
Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsRecoveryconsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b","type":"Microsoft.Authorization/policyDefinitions","name":"ba12366f-f9a6-42b8-9d98-157d0b1a837b"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsRecoveryconsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b","type":"Microsoft.Authorization/policyDefinitions","name":"ba12366f-f9a6-42b8-9d98-157d0b1a837b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1606 - Developer Security Testing And Evaluation | Threat
+ And Vulnerability Analyses","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1606"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca","type":"Microsoft.Authorization/policyDefinitions","name":"baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1726 - Information Handling And Retention","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1726"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/baff1279-05e0-4463-9a70-8ba5de4c7aa4","type":"Microsoft.Authorization/policyDefinitions","name":"baff1279-05e0-4463-9a70-8ba5de4c7aa4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1166 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1166"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bb02733d-3cc5-4bb0-a6cd-695ba2c2272e","type":"Microsoft.Authorization/policyDefinitions","name":"bb02733d-3cc5-4bb0-a6cd-695ba2c2272e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1188 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1188"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bb20548a-c926-4e4d-855c-bcddc6faf95e","type":"Microsoft.Authorization/policyDefinitions","name":"bb20548a-c926-4e4d-855c-bcddc6faf95e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1533 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1533"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bba2a036-fb3b-4261-b1be-a13dfb5fbcaa","type":"Microsoft.Authorization/policyDefinitions","name":"bba2a036-fb3b-4261-b1be-a13dfb5fbcaa"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Microsoft Network Client''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -6297,7 +9475,14 @@ interactions:
the latest supported Python version for the latest security classes. Using
older classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPython","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644","type":"Microsoft.Authorization/policyDefinitions","name":"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPython","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644","type":"Microsoft.Authorization/policyDefinitions","name":"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644"},{"properties":{"displayName":"Microsoft
+ Managed Control 1194 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1194"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc34667f-397e-4a65-9b72-d0358f0b6b09","type":"Microsoft.Authorization/policyDefinitions","name":"bc34667f-397e-4a65-9b72-d0358f0b6b09"},{"properties":{"displayName":"Microsoft
+ Managed Control 1095 - Role-Based Security Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1095"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc3f6f7a-057b-433e-9834-e8c97b0194f6","type":"Microsoft.Authorization/policyDefinitions","name":"bc3f6f7a-057b-433e-9834-e8c97b0194f6"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Account Logon''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -6305,7 +9490,16 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''System Audit Policies - Account Logon''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesAccountLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc87d811-4a9b-47cc-ae54-0a41abda7768","type":"Microsoft.Authorization/policyDefinitions","name":"bc87d811-4a9b-47cc-ae54-0a41abda7768"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesAccountLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc87d811-4a9b-47cc-ae54-0a41abda7768","type":"Microsoft.Authorization/policyDefinitions","name":"bc87d811-4a9b-47cc-ae54-0a41abda7768"},{"properties":{"displayName":"Microsoft
+ Managed Control 1427 - Media Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1427"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc90e44f-d83f-4bdf-900f-3d5eb4111b31","type":"Microsoft.Authorization/policyDefinitions","name":"bc90e44f-d83f-4bdf-900f-3d5eb4111b31"},{"properties":{"displayName":"Microsoft
+ Managed Control 1351 - Incident Response Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1351"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bcfb6683-05e5-4ce6-9723-c3fbe9896bdd","type":"Microsoft.Authorization/policyDefinitions","name":"bcfb6683-05e5-4ce6-9723-c3fbe9896bdd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1050 - Concurrent Session Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1050"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bd20184c-b4ec-4ce5-8db6-6e86352d183f","type":"Microsoft.Authorization/policyDefinitions","name":"bd20184c-b4ec-4ce5-8db6-6e86352d183f"},{"properties":{"displayName":"[Preview]:
IP Forwarding on your virtual machine should be disabled","policyType":"BuiltIn","mode":"All","description":"Enabling
IP forwarding on a virtual machine''s NIC allows the machine to receive traffic
addressed to other destinations. IP forwarding is rarely required (e.g., when
@@ -6330,7 +9524,38 @@ interactions:
the latest supported Java version for the latest security classes. Using older
classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6","type":"Microsoft.Authorization/policyDefinitions","name":"be0a7681-bed4-48dc-9ff3-f0171ee170b6"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6","type":"Microsoft.Authorization/policyDefinitions","name":"be0a7681-bed4-48dc-9ff3-f0171ee170b6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1360 - Incident Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1360"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/be5b05e7-0b82-4ebc-9eda-25e447b1a41e","type":"Microsoft.Authorization/policyDefinitions","name":"be5b05e7-0b82-4ebc-9eda-25e447b1a41e"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Key Vault to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Key Vault to stream to a regional Log Analytics
+ workspace when any Key Vault which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.KeyVault/vaults/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"AuditEvent","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47","type":"Microsoft.Authorization/policyDefinitions","name":"bef3f64c-5290-43b7-85b0-9b254eef4c47"},{"properties":{"displayName":"Microsoft
+ Managed Control 1152 - System Interconnections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1152"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/beff0acf-7e67-40b2-b1ca-1a0e8205cf1b","type":"Microsoft.Authorization/policyDefinitions","name":"beff0acf-7e67-40b2-b1ca-1a0e8205cf1b"},{"properties":{"displayName":"Geo-redundant
+ storage should be enabled for Storage Accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Storage Account with geo-redundant storage not enabled.","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":["Standard_GRS","Standard_RAGRS","Standard_GZRS","Standard_RAGZRS"]}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bf045164-79ba-4215-8f95-f8048dc1780b","type":"Microsoft.Authorization/policyDefinitions","name":"bf045164-79ba-4215-8f95-f8048dc1780b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1590 - External Information System Services | Risk Assessments
+ / Organizational Approvals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1590"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bf296b8c-f391-4ea4-9198-be3c9d39dd1f","type":"Microsoft.Authorization/policyDefinitions","name":"bf296b8c-f391-4ea4-9198-be3c9d39dd1f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1446 - Physical And Environmental Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1446"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bf6850fe-abba-468e-9ef4-d09ec7d983cd","type":"Microsoft.Authorization/policyDefinitions","name":"bf6850fe-abba-468e-9ef4-d09ec7d983cd"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - Logon-Logoff''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -6351,8 +9576,42 @@ interactions:
policy governs the virtual machine extensions that are not approved.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"approvedExtensions":{"type":"Array","metadata":{"description":"The
list of approved extension types that can be installed. Example: AzureDiskEncryption","displayName":"Approved
- extensions"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines/extensions"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","notIn":"[parameters(''approvedExtensions'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432","type":"Microsoft.Authorization/policyDefinitions","name":"c0e996f8-39cf-4af9-9f45-83fbde810432"},{"properties":{"displayName":"Allow
- resource creation only in Asia data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ extensions"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines/extensions"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","notIn":"[parameters(''approvedExtensions'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432","type":"Microsoft.Authorization/policyDefinitions","name":"c0e996f8-39cf-4af9-9f45-83fbde810432"},{"properties":{"displayName":"Microsoft
+ Managed Control 1124 - Audit Reduction And Report Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1124"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c10152dd-78f8-4335-ae2d-ad92cc028da4","type":"Microsoft.Authorization/policyDefinitions","name":"c10152dd-78f8-4335-ae2d-ad92cc028da4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1676 - Malicious Code Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1676"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c10fb58b-56a8-489e-9ce3-7ffe24e78e4b","type":"Microsoft.Authorization/policyDefinitions","name":"c10fb58b-56a8-489e-9ce3-7ffe24e78e4b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1719 - Spam Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1719"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c13da9b4-fe14-4fe2-853a-5997c9d4215a","type":"Microsoft.Authorization/policyDefinitions","name":"c13da9b4-fe14-4fe2-853a-5997c9d4215a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1226 - Information System Component Inventory | Automated
+ Unauthorized Component Detection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1226"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c158eb1c-ae7e-4081-8057-d527140c4e0c","type":"Microsoft.Authorization/policyDefinitions","name":"c158eb1c-ae7e-4081-8057-d527140c4e0c"},{"properties":{"displayName":"Deploy
+ associations for a custom provider","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ an association resource that associates selected resource types to the specified
+ custom provider. This policy deployment does not support nested resource types.","metadata":{"category":"Custom
+ Provider"},"parameters":{"targetCustomProviderId":{"type":"String","metadata":{"displayName":"Custom
+ provider Id","description":"Resource ID of the Custom provider to which resources
+ need to be associated."}},"resourceTypesToAssociate":{"type":"Array","metadata":{"displayName":"Resource
+ types to associate","description":"The list of resource types to be associated
+ to the custom provider.","strongType":"resourceTypes"}},"associationNamePrefix":{"type":"String","metadata":{"displayName":"Association
+ name prefix","description":"Prefix to be added to the name of the association
+ resource being created."},"defaultValue":"DeployedByPolicy"}},"policyRule":{"if":{"field":"type","in":"[parameters(''resourceTypesToAssociate'')]"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.CustomProviders/Associations","name":"[concat(parameters(''associationNamePrefix''),
+ ''-'', uniqueString(parameters(''targetCustomProviderId'')))]","roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"associatedResourceName":{"type":"string"},"resourceTypesToAssociate":{"type":"string"},"targetCustomProviderId":{"type":"string"},"associationNamePrefix":{"type":"string"}},"variables":{"resourceType":"[concat(parameters(''resourceTypesToAssociate''),
+ ''/providers/associations'')]","resourceName":"[concat(parameters(''associatedResourceName''),
+ ''/microsoft.customproviders/'', parameters(''associationNamePrefix''), ''-'',
+ uniqueString(parameters(''targetCustomProviderId'')))]"},"resources":[{"type":"Microsoft.Resources/deployments","apiVersion":"2017-05-10","name":"[concat(deployment().Name,
+ ''-2'')]","properties":{"mode":"Incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[{"type":"[variables(''resourceType'')]","name":"[variables(''resourceName'')]","apiVersion":"2018-09-01-preview","properties":{"targetResourceId":"[parameters(''targetCustomProviderId'')]"}}]}}}]},"parameters":{"resourceTypesToAssociate":{"value":"[field(''type'')]"},"associatedResourceName":{"value":"[field(''name'')]"},"targetCustomProviderId":{"value":"[parameters(''targetCustomProviderId'')]"},"associationNamePrefix":{"value":"[parameters(''associationNamePrefix'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c15c281f-ea5c-44cd-90b8-fc3c14d13f0c","type":"Microsoft.Authorization/policyDefinitions","name":"c15c281f-ea5c-44cd-90b8-fc3c14d13f0c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1629 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1629"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c171b095-7756-41de-8644-a062a96043f2","type":"Microsoft.Authorization/policyDefinitions","name":"c171b095-7756-41de-8644-a062a96043f2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1004 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1004"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c17822dc-736f-4eb4-a97d-e6be662ff835","type":"Microsoft.Authorization/policyDefinitions","name":"c17822dc-736f-4eb4-a97d-e6be662ff835"},{"properties":{"displayName":"[Deprecated]:
+ Allow resource creation only in Asia data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation in the following locations only: East Asia, Southeast Asia,
West India, South India, Central India, Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["eastasia","southeastasia","westindia","southindia","centralindia","japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94","type":"Microsoft.Authorization/policyDefinitions","name":"c1b9cbed-08e3-427d-b9ce-7c535b1e9b94"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
@@ -6373,7 +9632,9 @@ interactions:
Credential Validation;ExpectedValue'', ''='', parameters(''AuditCredentialValidation'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesAccountLogon"},"AuditCredentialValidation":{"value":"[parameters(''AuditCredentialValidation'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AuditCredentialValidation":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit
Credential Validation;ExpectedValue","value":"[parameters(''AuditCredentialValidation'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1e289c0-ffad-475d-a924-adc058765d65","type":"Microsoft.Authorization/policyDefinitions","name":"c1e289c0-ffad-475d-a924-adc058765d65"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1e289c0-ffad-475d-a924-adc058765d65","type":"Microsoft.Authorization/policyDefinitions","name":"c1e289c0-ffad-475d-a924-adc058765d65"},{"properties":{"displayName":"Microsoft
+ Managed Control 1503 - Information Security Architecture","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1503"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1fa9c2f-d439-4ab9-8b83-81fb1934f81d","type":"Microsoft.Authorization/policyDefinitions","name":"c1fa9c2f-d439-4ab9-8b83-81fb1934f81d"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that are not set to the specified time
zone","policyType":"BuiltIn","mode":"Indexed","description":"This policy creates
a Guest Configuration assignment to audit Windows virtual machines that are
@@ -6434,13 +9695,13 @@ interactions:
Fiji","(UTC+12:00) Petropavlovsk-Kamchatsky - Old","(UTC+12:45) Chatham Islands","(UTC+13:00)
Coordinated Universal Time+13","(UTC+13:00) Nuku''alofa","(UTC+13:00) Samoa","(UTC+14:00)
Kiritimati Island"]}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsTimeZone","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[WindowsTimeZone]WindowsTimeZone1;TimeZone'',
- ''='', parameters(''TimeZone'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsTimeZone"},"TimeZone":{"value":"[parameters(''TimeZone'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"TimeZone":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''='', parameters(''TimeZone'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsTimeZone"},"TimeZone":{"value":"[parameters(''TimeZone'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"TimeZone":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c21f7060-c148-41cf-a68b-0ab3e14c764c","type":"Microsoft.Authorization/policyDefinitions","name":"c21f7060-c148-41cf-a68b-0ab3e14c764c"},{"properties":{"displayName":"Show
audit results from Windows VMs on which the specified services are not installed
and ''Running''","policyType":"BuiltIn","mode":"All","description":"This policy
@@ -6448,7 +9709,24 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines on which the specified services are not installed and ''Running''.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsServiceStatus","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a","type":"Microsoft.Authorization/policyDefinitions","name":"c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a"},{"properties":{"displayName":"System
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsServiceStatus","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a","type":"Microsoft.Authorization/policyDefinitions","name":"c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a"},{"properties":{"displayName":"Ensure
+ that ''.Net Framework'' version is the latest, if used as a part of the API
+ app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for .Net Framework software either due to security
+ flaws or to include additional functionality. Using the latest .Net framework
+ version for web apps is recommended in order to to take advantage of security
+ fixes, if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.netFrameworkVersion","in":["v3.0","v4.0"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c2e7ca55-f62c-49b2-89a4-d41eb661d2f0","type":"Microsoft.Authorization/policyDefinitions","name":"c2e7ca55-f62c-49b2-89a4-d41eb661d2f0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1176 - Baseline Configuration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1176"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c30690a5-7bf3-467f-b0cd-ef5c7c7449cd","type":"Microsoft.Authorization/policyDefinitions","name":"c30690a5-7bf3-467f-b0cd-ef5c7c7449cd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1389 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1389"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c39e6fda-ae70-4891-a739-be7bba6d1062","type":"Microsoft.Authorization/policyDefinitions","name":"c39e6fda-ae70-4891-a739-be7bba6d1062"},{"properties":{"displayName":"Microsoft
+ Managed Control 1390 - Information Spillage Response | Responsible Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1390"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c3b65b63-09ec-4cb5-8028-7dd324d10eb0","type":"Microsoft.Authorization/policyDefinitions","name":"c3b65b63-09ec-4cb5-8028-7dd324d10eb0"},{"properties":{"displayName":"System
updates on virtual machine scale sets should be installed","policyType":"BuiltIn","mode":"Indexed","description":"Audit
whether there are any missing system security updates and critical updates
that should be installed to ensure that your Windows and Linux virtual machine
@@ -6460,11 +9738,37 @@ interactions:
auditing Linux virtual machines that have accounts without passwords. For
more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid232","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","type":"Microsoft.Authorization/policyDefinitions","name":"c40c9087-1981-4e73-9f53-39743eda9d05"},{"properties":{"displayName":"Microsoft
+ Managed Control 1220 - Least Functionality | Authorized Software / Whitelisting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1220"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c40f31a7-81e1-4130-99e5-a02ceea2a1d6","type":"Microsoft.Authorization/policyDefinitions","name":"c40f31a7-81e1-4130-99e5-a02ceea2a1d6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1513 - Personnel Screening | Information With Special Protection
+ Measures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1513"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c416970d-b12b-49eb-8af4-fb144cd7c290","type":"Microsoft.Authorization/policyDefinitions","name":"c416970d-b12b-49eb-8af4-fb144cd7c290"},{"properties":{"displayName":"Microsoft
Antimalware for Azure should be configured to automatically update protection
signatures","policyType":"BuiltIn","mode":"Indexed","description":"This policy
audits any Windows virtual machine not configured with automatic update of
Microsoft Antimalware protection signatures.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType","equals":"Windows"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"},{"field":"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c43e4a30-77cb-48ab-a4dd-93f175c63b57","type":"Microsoft.Authorization/policyDefinitions","name":"c43e4a30-77cb-48ab-a4dd-93f175c63b57"},{"properties":{"displayName":"[Preview]:
+ Container Registry should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Container Registry not configured to use a virtual network
+ service endpoint.","metadata":{"category":"Network","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerRegistry/registries"},{"anyOf":[{"field":"Microsoft.ContainerRegistry/registries/networkRuleSet.defaultAction","notEquals":"Deny"},{"field":"Microsoft.ContainerRegistry/registries/networkRuleSet.virtualNetworkRules[*].action","exists":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c4857be7-912a-4c75-87e6-e30292bcdf78","type":"Microsoft.Authorization/policyDefinitions","name":"c4857be7-912a-4c75-87e6-e30292bcdf78"},{"properties":{"displayName":"Microsoft
+ Managed Control 1235 - Software Usage Restrictions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1235"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c49c610b-ece4-44b3-988c-2172b70d6e46","type":"Microsoft.Authorization/policyDefinitions","name":"c49c610b-ece4-44b3-988c-2172b70d6e46"},{"properties":{"displayName":"Microsoft
+ Managed Control 1173 - Internal System Connections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1173"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c4aff9e7-2e60-46fa-86be-506b79033fc5","type":"Microsoft.Authorization/policyDefinitions","name":"c4aff9e7-2e60-46fa-86be-506b79033fc5"},{"properties":{"displayName":"Managed
+ identity should be used in your API App","policyType":"BuiltIn","mode":"Indexed","description":"Use
+ a managed identity for enhanced authentication security","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","type":"Microsoft.Authorization/policyDefinitions","name":"c4d441f8-f9d9-4a9e-9cef-e82117cb3eef"},{"properties":{"displayName":"Microsoft
+ Managed Control 1600 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1600"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c53f3123-d233-44a7-930b-f40d3bfeb7d6","type":"Microsoft.Authorization/policyDefinitions","name":"c53f3123-d233-44a7-930b-f40d3bfeb7d6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1408 - Maintenance Tools | Prevent Unauthorized Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1408"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c5f56ac6-4bb2-4086-bc41-ad76344ba2c2","type":"Microsoft.Authorization/policyDefinitions","name":"c5f56ac6-4bb2-4086-bc41-ad76344ba2c2"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that contain certificates expiring
within the specified number of days","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -6498,26 +9802,67 @@ interactions:
''='', parameters(''ExpirationLimitInDays''), '','', ''[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude'',
''='', parameters(''CertificateThumbprintsToInclude''), '','', ''[CertificateStore]CertificateStore1;CertificateThumbprintsToExclude'',
''='', parameters(''CertificateThumbprintsToExclude''), '','', ''[CertificateStore]CertificateStore1;IncludeExpiredCertificates'',
- ''='', parameters(''IncludeExpiredCertificates'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"CertificateExpiration"},"CertificateStorePath":{"value":"[parameters(''CertificateStorePath'')]"},"ExpirationLimitInDays":{"value":"[parameters(''ExpirationLimitInDays'')]"},"CertificateThumbprintsToInclude":{"value":"[parameters(''CertificateThumbprintsToInclude'')]"},"CertificateThumbprintsToExclude":{"value":"[parameters(''CertificateThumbprintsToExclude'')]"},"IncludeExpiredCertificates":{"value":"[parameters(''IncludeExpiredCertificates'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"CertificateStorePath":{"type":"string"},"ExpirationLimitInDays":{"type":"string"},"CertificateThumbprintsToInclude":{"type":"string"},"CertificateThumbprintsToExclude":{"type":"string"},"IncludeExpiredCertificates":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateStorePath","value":"[parameters(''CertificateStorePath'')]"},{"name":"[CertificateStore]CertificateStore1;ExpirationLimitInDays","value":"[parameters(''ExpirationLimitInDays'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprintsToInclude'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToExclude","value":"[parameters(''CertificateThumbprintsToExclude'')]"},{"name":"[CertificateStore]CertificateStore1;IncludeExpiredCertificates","value":"[parameters(''IncludeExpiredCertificates'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateStorePath","value":"[parameters(''CertificateStorePath'')]"},{"name":"[CertificateStore]CertificateStore1;ExpirationLimitInDays","value":"[parameters(''ExpirationLimitInDays'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprintsToInclude'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToExclude","value":"[parameters(''CertificateThumbprintsToExclude'')]"},{"name":"[CertificateStore]CertificateStore1;IncludeExpiredCertificates","value":"[parameters(''IncludeExpiredCertificates'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c5fbc59e-fb6f-494f-81e2-d99a671bdaa8","type":"Microsoft.Authorization/policyDefinitions","name":"c5fbc59e-fb6f-494f-81e2-d99a671bdaa8"},{"properties":{"displayName":"Email
+ ''='', parameters(''IncludeExpiredCertificates'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"CertificateExpiration"},"CertificateStorePath":{"value":"[parameters(''CertificateStorePath'')]"},"ExpirationLimitInDays":{"value":"[parameters(''ExpirationLimitInDays'')]"},"CertificateThumbprintsToInclude":{"value":"[parameters(''CertificateThumbprintsToInclude'')]"},"CertificateThumbprintsToExclude":{"value":"[parameters(''CertificateThumbprintsToExclude'')]"},"IncludeExpiredCertificates":{"value":"[parameters(''IncludeExpiredCertificates'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"CertificateStorePath":{"type":"string"},"ExpirationLimitInDays":{"type":"string"},"CertificateThumbprintsToInclude":{"type":"string"},"CertificateThumbprintsToExclude":{"type":"string"},"IncludeExpiredCertificates":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateStorePath","value":"[parameters(''CertificateStorePath'')]"},{"name":"[CertificateStore]CertificateStore1;ExpirationLimitInDays","value":"[parameters(''ExpirationLimitInDays'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprintsToInclude'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToExclude","value":"[parameters(''CertificateThumbprintsToExclude'')]"},{"name":"[CertificateStore]CertificateStore1;IncludeExpiredCertificates","value":"[parameters(''IncludeExpiredCertificates'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateStorePath","value":"[parameters(''CertificateStorePath'')]"},{"name":"[CertificateStore]CertificateStore1;ExpirationLimitInDays","value":"[parameters(''ExpirationLimitInDays'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprintsToInclude'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToExclude","value":"[parameters(''CertificateThumbprintsToExclude'')]"},{"name":"[CertificateStore]CertificateStore1;IncludeExpiredCertificates","value":"[parameters(''IncludeExpiredCertificates'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c5fbc59e-fb6f-494f-81e2-d99a671bdaa8","type":"Microsoft.Authorization/policyDefinitions","name":"c5fbc59e-fb6f-494f-81e2-d99a671bdaa8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1670 - Flaw Remediation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1670"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c6108469-57ee-4666-af7e-79ba61c7ae0c","type":"Microsoft.Authorization/policyDefinitions","name":"c6108469-57ee-4666-af7e-79ba61c7ae0c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1190 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1190"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c66a3d1e-465b-4f28-9da5-aef701b59892","type":"Microsoft.Authorization/policyDefinitions","name":"c66a3d1e-465b-4f28-9da5-aef701b59892"},{"properties":{"displayName":"Microsoft
+ Managed Control 1120 - Audit Review, Analysis, And Reporting | Integration
+ / Scanning And Monitoring Capabilities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1120"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c69b870e-857b-458b-af02-bb234f7a00d3","type":"Microsoft.Authorization/policyDefinitions","name":"c69b870e-857b-458b-af02-bb234f7a00d3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1125 - Audit Reduction And Report Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1125"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c6ce745a-670e-47d3-a6c4-3cfe5ef00c10","type":"Microsoft.Authorization/policyDefinitions","name":"c6ce745a-670e-47d3-a6c4-3cfe5ef00c10"},{"properties":{"displayName":"Microsoft
+ Managed Control 1619 - Information In Shared Resources","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1619"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c722e569-cb52-45f3-a643-836547d016e1","type":"Microsoft.Authorization/policyDefinitions","name":"c722e569-cb52-45f3-a643-836547d016e1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1121 - Audit Review, Analysis, And Reporting | Correlation
+ With Physical Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1121"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c72b0eb9-1fc2-44e5-a866-e7cb0532f7c1","type":"Microsoft.Authorization/policyDefinitions","name":"c72b0eb9-1fc2-44e5-a866-e7cb0532f7c1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1353 - Incident Response Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1353"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c785ad59-f78f-44ad-9a7f-d1202318c748","type":"Microsoft.Authorization/policyDefinitions","name":"c785ad59-f78f-44ad-9a7f-d1202318c748"},{"properties":{"displayName":"Email
notifications to admins and subscription owners should be enabled in SQL server
advanced data security settings","policyType":"BuiltIn","mode":"Indexed","description":"Audit
that ''email notification to admins and subscription owners'' is enabled in
the SQL server advanced threat protection settings. This ensures that any
detections of anomalous activities on SQL server are reported as soon as possible
to the admins.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","type":"Microsoft.Authorization/policyDefinitions","name":"c8343d2f-fdc9-4a97-b76f-fc71d1163bfc"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","type":"Microsoft.Authorization/policyDefinitions","name":"c8343d2f-fdc9-4a97-b76f-fc71d1163bfc"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Batch Account to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Batch Account to stream to a regional Log Analytics
+ workspace when any Batch Account which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Batch/batchAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Batch/batchAccounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ServiceLog","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5","type":"Microsoft.Authorization/policyDefinitions","name":"c84e5349-db6d-4769-805e-e14037dab9b5"},{"properties":{"displayName":"[Deprecated]:
API App should only be accessible over HTTPS","policyType":"BuiltIn","mode":"All","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"Security
Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForApiApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d","type":"Microsoft.Authorization/policyDefinitions","name":"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForApiApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d","type":"Microsoft.Authorization/policyDefinitions","name":"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1470 - Emergency Shutoff","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1470"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c89ba09f-2e0f-44d0-8095-65b05bd151ef","type":"Microsoft.Authorization/policyDefinitions","name":"c89ba09f-2e0f-44d0-8095-65b05bd151ef"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Interactive Logon''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -6525,7 +9870,10 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - Interactive Logon''. For more information on
Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsInteractiveLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8abcef9-fc26-482f-b8db-5fa60ee4586d","type":"Microsoft.Authorization/policyDefinitions","name":"c8abcef9-fc26-482f-b8db-5fa60ee4586d"},{"properties":{"displayName":"Diagnostic
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsInteractiveLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8abcef9-fc26-482f-b8db-5fa60ee4586d","type":"Microsoft.Authorization/policyDefinitions","name":"c8abcef9-fc26-482f-b8db-5fa60ee4586d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1018 - Account Management | Role-Based Schemes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1018"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c9121abf-e698-4ee9-b1cf-71ee528ff07f","type":"Microsoft.Authorization/policyDefinitions","name":"c9121abf-e698-4ee9-b1cf-71ee528ff07f"},{"properties":{"displayName":"Diagnostic
logs in Data Lake Analytics should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
@@ -6546,13 +9894,13 @@ interactions:
and deploys the VM extension for Guest Configuration. This policy should only
be used along with its corresponding audit policy in an initiative. For more
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPendingReboot"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPendingReboot"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c96f3246-4382-4264-bf6b-af0b35e23c3c","type":"Microsoft.Authorization/policyDefinitions","name":"c96f3246-4382-4264-bf6b-af0b35e23c3c"},{"properties":{"displayName":"Deploy
Diagnostic Settings for Network Security Groups","policyType":"BuiltIn","mode":"Indexed","description":"This
policy automatically deploys diagnostic settings to network security groups.
@@ -6574,11 +9922,30 @@ interactions:
service work as intended, allow the set of trusted Microsoft services to bypass
the network rules. These services will then use strong authentication to access
the storage account.","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","exists":"true"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","notContains":"AzureServices"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","type":"Microsoft.Authorization/policyDefinitions","name":"c9d007d0-c057-4772-b18c-01e546713bcd"},{"properties":{"displayName":"Remote
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","exists":"true"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","notContains":"AzureServices"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","type":"Microsoft.Authorization/policyDefinitions","name":"c9d007d0-c057-4772-b18c-01e546713bcd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1035 - Least Privilege | Authorize Access To Security Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1035"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ca94b046-45e2-444f-a862-dc8ce262a516","type":"Microsoft.Authorization/policyDefinitions","name":"ca94b046-45e2-444f-a862-dc8ce262a516"},{"properties":{"displayName":"Microsoft
+ Managed Control 1243 - Contingency Planning Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1243"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ca9a4469-d6df-4ab2-a42f-1213c396f0ec","type":"Microsoft.Authorization/policyDefinitions","name":"ca9a4469-d6df-4ab2-a42f-1213c396f0ec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1306 - Identification And Authentication (Org. Users) | Net.
+ Access To Priv. Accts. - Replay","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1306"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff","type":"Microsoft.Authorization/policyDefinitions","name":"cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff"},{"properties":{"displayName":"Remote
debugging should be turned off for Web Applications","policyType":"BuiltIn","mode":"Indexed","description":"Remote
debugging requires inbound ports to be opened on a web application. Remote
debugging should be turned off.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","type":"Microsoft.Authorization/policyDefinitions","name":"cb510bfd-1cba-4d9f-a230-cb0976f4bb71"},{"properties":{"displayName":"Show
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","type":"Microsoft.Authorization/policyDefinitions","name":"cb510bfd-1cba-4d9f-a230-cb0976f4bb71"},{"properties":{"displayName":"Microsoft
+ Managed Control 1486 - Alternate Work Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1486"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cb790345-a51f-43de-934e-98dbfaf9dca5","type":"Microsoft.Authorization/policyDefinitions","name":"cb790345-a51f-43de-934e-98dbfaf9dca5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1167 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1167"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cbb2be76-4891-430b-95a7-ca0b0a3d1300","type":"Microsoft.Authorization/policyDefinitions","name":"cbb2be76-4891-430b-95a7-ca0b0a3d1300"},{"properties":{"displayName":"Microsoft
+ Managed Control 1374 - Incident Response Assistance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1374"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cc5c8616-52ef-4e5e-8000-491634ed9249","type":"Microsoft.Authorization/policyDefinitions","name":"cc5c8616-52ef-4e5e-8000-491634ed9249"},{"properties":{"displayName":"Show
audit results from Windows VMs in which the Administrators group does not
contain only the specified members","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -6597,15 +9964,31 @@ interactions:
policy enables you to specify a set of virtual machine SKUs that your organization
can deploy.","metadata":{"category":"Compute"},"parameters":{"listOfAllowedSKUs":{"type":"Array","metadata":{"description":"The
list of SKUs that can be specified for virtual machines.","displayName":"Allowed
- SKUs","strongType":"VMSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"field":"Microsoft.Compute/virtualMachines/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3","type":"Microsoft.Authorization/policyDefinitions","name":"cccc23c7-8427-4f53-ad12-b6a63eb452b3"},{"properties":{"displayName":"Allow
- resource creation if ''department'' tag set","policyType":"BuiltIn","mode":"Indexed","description":"Allows
- resource creation only if the ''department'' tag is set","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags","containsKey":"department"}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064","type":"Microsoft.Authorization/policyDefinitions","name":"cd8dc879-a2ae-43c3-8211-1877c5755064"},{"properties":{"displayName":"[Preview]:
+ SKUs","strongType":"VMSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"field":"Microsoft.Compute/virtualMachines/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3","type":"Microsoft.Authorization/policyDefinitions","name":"cccc23c7-8427-4f53-ad12-b6a63eb452b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1443 - Media Use","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1443"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd0ec6fa-a2e7-4361-aee4-a8688659a9ed","type":"Microsoft.Authorization/policyDefinitions","name":"cd0ec6fa-a2e7-4361-aee4-a8688659a9ed"},{"properties":{"displayName":"Inherit
+ a tag from the resource group","policyType":"BuiltIn","mode":"Indexed","description":"Adds
+ or replaces the specified tag and value from the parent resource group when
+ any resource is created or updated. Existing resources can be remediated by
+ triggering a remediation task.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"allOf":[{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","notEquals":"[resourceGroup().tags[parameters(''tagName'')]]"},{"value":"[resourceGroup().tags[parameters(''tagName'')]]","notEquals":""}]},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"addOrReplace","field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","value":"[resourceGroup().tags[parameters(''tagName'')]]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd3aa116-8754-49c9-a813-ad46512ece54","type":"Microsoft.Authorization/policyDefinitions","name":"cd3aa116-8754-49c9-a813-ad46512ece54"},{"properties":{"displayName":"[Deprecated]:
+ Allow resource creation if ''department'' tag set","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ resource creation only if the ''department'' tag is set","metadata":{"category":"Tags","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags","containsKey":"department"}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064","type":"Microsoft.Authorization/policyDefinitions","name":"cd8dc879-a2ae-43c3-8211-1877c5755064"},{"properties":{"displayName":"Microsoft
+ Managed Control 1582 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1582"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd9e2f38-259b-462c-bfad-0ad7ab4e65c5","type":"Microsoft.Authorization/policyDefinitions","name":"cd9e2f38-259b-462c-bfad-0ad7ab4e65c5"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that allow re-use of the previous 24 passwords","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that allow re-use of the previous 24 passwords.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","type":"Microsoft.Authorization/policyDefinitions","name":"cdbf72d9-ac9c-4026-8a3a-491a5ac59293"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","type":"Microsoft.Authorization/policyDefinitions","name":"cdbf72d9-ac9c-4026-8a3a-491a5ac59293"},{"properties":{"displayName":"Microsoft
+ Managed Control 1104 - Audit Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1104"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cdd8d244-18b2-4306-a1d1-df175ae0935f","type":"Microsoft.Authorization/policyDefinitions","name":"cdd8d244-18b2-4306-a1d1-df175ae0935f"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - Privilege Use''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -6616,14 +9999,45 @@ interactions:
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPrivilegeUse","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesPrivilegeUse"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ce2370f6-0ac5-4d85-8ab4-10721cc640b0","type":"Microsoft.Authorization/policyDefinitions","name":"ce2370f6-0ac5-4d85-8ab4-10721cc640b0"},{"properties":{"displayName":"Diagnostic
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ce2370f6-0ac5-4d85-8ab4-10721cc640b0","type":"Microsoft.Authorization/policyDefinitions","name":"ce2370f6-0ac5-4d85-8ab4-10721cc640b0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1209 - Configuration Settings","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1209"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ce669c31-9103-4552-ae9c-cdef4e03580d","type":"Microsoft.Authorization/policyDefinitions","name":"ce669c31-9103-4552-ae9c-cdef4e03580d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1242 - Contingency Planning Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1242"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf3b3293-667a-445e-a722-fa0b0afc0958","type":"Microsoft.Authorization/policyDefinitions","name":"cf3b3293-667a-445e-a722-fa0b0afc0958"},{"properties":{"displayName":"Microsoft
+ Managed Control 1097 - Role-Based Security Training | Suspicious Communications
+ And Anomalous System Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1097"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf3e4836-f19e-47eb-a8cd-c3ca150452c0","type":"Microsoft.Authorization/policyDefinitions","name":"cf3e4836-f19e-47eb-a8cd-c3ca150452c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1424 - Maintenance Personnel | Individuals Without Appropriate
+ Access","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1424"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf55fc87-48e1-4676-a2f8-d9a8cf993283","type":"Microsoft.Authorization/policyDefinitions","name":"cf55fc87-48e1-4676-a2f8-d9a8cf993283"},{"properties":{"displayName":"Diagnostic
logs in Key Vault should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Key Vault"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","type":"Microsoft.Authorization/policyDefinitions","name":"cf820ca0-f99e-4f3e-84fb-66e913812d21"},{"properties":{"displayName":"Enforce
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","type":"Microsoft.Authorization/policyDefinitions","name":"cf820ca0-f99e-4f3e-84fb-66e913812d21"},{"properties":{"displayName":"Microsoft
+ Managed Control 1292 - Information System Backup | Test Restoration Using
+ Sampling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1292"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d03516cf-0293-489f-9b32-a18f2a79f836","type":"Microsoft.Authorization/policyDefinitions","name":"d03516cf-0293-489f-9b32-a18f2a79f836"},{"properties":{"displayName":"Microsoft
+ Managed Control 1724 - Error Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1724"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d07594d1-0307-4c08-94db-5d71ff31f0f6","type":"Microsoft.Authorization/policyDefinitions","name":"d07594d1-0307-4c08-94db-5d71ff31f0f6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1084 - Publicly Accessible Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1084"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d0eb15db-dd1c-4d1d-b200-b12dd6cd060c","type":"Microsoft.Authorization/policyDefinitions","name":"d0eb15db-dd1c-4d1d-b200-b12dd6cd060c"},{"properties":{"displayName":"Add
+ or replace a tag on resource groups","policyType":"BuiltIn","mode":"All","description":"Adds
+ or replaces the specified tag and value when any resource group is created
+ or updated. Existing resource groups can be remediated by triggering a remediation
+ task.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
+ Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","notEquals":"[parameters(''tagValue'')]"}]},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"addOrReplace","field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d157c373-a6c4-483d-aaad-570756956268","type":"Microsoft.Authorization/policyDefinitions","name":"d157c373-a6c4-483d-aaad-570756956268"},{"properties":{"displayName":"Enforce
SSL connection should be enabled for PostgreSQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any PostgreSQL server that is not enforcing SSL connection.
Azure Database for PostgreSQL prefers connecting your client applications
@@ -6631,11 +10045,30 @@ interactions:
connections between your database server and your client applications helps
protect against ''man-in-the-middle'' attacks by encrypting the data stream
between the server and your application","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","type":"Microsoft.Authorization/policyDefinitions","name":"d158790f-bfb0-486c-8631-2dc6b4e8e6af"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","type":"Microsoft.Authorization/policyDefinitions","name":"d158790f-bfb0-486c-8631-2dc6b4e8e6af"},{"properties":{"displayName":"Microsoft
+ Managed Control 1620 - Denial Of Service Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1620"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d17c826b-1dec-43e1-a984-7b71c446649c","type":"Microsoft.Authorization/policyDefinitions","name":"d17c826b-1dec-43e1-a984-7b71c446649c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1409 - Maintenance Tools | Prevent Unauthorized Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1409"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d1880188-e51a-4772-b2ab-68f5e8bd27f6","type":"Microsoft.Authorization/policyDefinitions","name":"d1880188-e51a-4772-b2ab-68f5e8bd27f6"},{"properties":{"displayName":"[Deprecated]:
Audit Function Apps that are not using custom domains","policyType":"BuiltIn","mode":"All","description":"Use
of custom domains protects a Function app from common attacks such as phishing
and other DNS-related attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c","type":"Microsoft.Authorization/policyDefinitions","name":"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c","type":"Microsoft.Authorization/policyDefinitions","name":"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1195 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1195"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d1e1d65c-1013-4484-bd54-991332e6a0d2","type":"Microsoft.Authorization/policyDefinitions","name":"d1e1d65c-1013-4484-bd54-991332e6a0d2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1721 - Spam Protection | Central Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1721"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a","type":"Microsoft.Authorization/policyDefinitions","name":"d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1106 - Audit Events | Reviews And Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1106"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d2b4feae-61ab-423f-a4c5-0e38ac4464d8","type":"Microsoft.Authorization/policyDefinitions","name":"d2b4feae-61ab-423f-a4c5-0e38ac4464d8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1030 - Information Flow Enforcement | Physical / Logical Separation
+ Of Information Flows","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1030"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d3531453-b869-4606-9122-29c1cd6e7ed1","type":"Microsoft.Authorization/policyDefinitions","name":"d3531453-b869-4606-9122-29c1cd6e7ed1"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs on which the DSC configuration is
not compliant","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows VMs on which
@@ -6645,21 +10078,127 @@ interactions:
Configuration. This policy should only be used along with its corresponding
audit policy in an initiative. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDscConfiguration","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDscConfiguration"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d38b4c26-9d2e-47d7-aefe-18d859a8706a","type":"Microsoft.Authorization/policyDefinitions","name":"d38b4c26-9d2e-47d7-aefe-18d859a8706a"},{"properties":{"displayName":"Show
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDscConfiguration","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDscConfiguration"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d38b4c26-9d2e-47d7-aefe-18d859a8706a","type":"Microsoft.Authorization/policyDefinitions","name":"d38b4c26-9d2e-47d7-aefe-18d859a8706a"},{"properties":{"displayName":"Long-term
+ geo-redundant backup should be enabled for Azure SQL Databases","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure SQL Database with long-term geo-redundant backup not
+ enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies","name":"default","existenceCondition":{"anyOf":[{"field":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies/weeklyRetention","notEquals":"PT0S"},{"field":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies/monthlyRetention","notEquals":"PT0S"},{"field":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies/yearlyRetention","notEquals":"PT0S"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","type":"Microsoft.Authorization/policyDefinitions","name":"d38fc420-0735-4ef3-ac11-c806f651a570"},{"properties":{"displayName":"Microsoft
+ Managed Control 1641 - Transmission Confidentiality And Integrity | Cryptographic
+ Or Alternate Physical Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1641"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d39d4f68-7346-4133-8841-15318a714a24","type":"Microsoft.Authorization/policyDefinitions","name":"d39d4f68-7346-4133-8841-15318a714a24"},{"properties":{"displayName":"Microsoft
+ Managed Control 1249 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1249"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d3bf4251-0818-42db-950b-afd5b25a51c2","type":"Microsoft.Authorization/policyDefinitions","name":"d3bf4251-0818-42db-950b-afd5b25a51c2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1562 - Allocation Of Resources","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1562"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d4142013-7964-4163-a313-a900301c2cef","type":"Microsoft.Authorization/policyDefinitions","name":"d4142013-7964-4163-a313-a900301c2cef"},{"properties":{"displayName":"Virtual
+ machines should be connected to an approved virtual network","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any virtual machine connected to a virtual network that is not
+ approved.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"virtualNetworkId":{"type":"String","metadata":{"displayName":"Virtual
+ network Id","description":"Resource Id of the virtual network. Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroupName/providers/Microsoft.Network/virtualNetworks/Name"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"not":{"field":"Microsoft.Network/networkInterfaces/ipconfigurations[*].subnet.id","like":"[concat(parameters(''virtualNetworkId''),''/*'')]"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d416745a-506c-48b6-8ab1-83cb814bcaa3","type":"Microsoft.Authorization/policyDefinitions","name":"d416745a-506c-48b6-8ab1-83cb814bcaa3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1383 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1383"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d4558451-e16a-4d2d-a066-fe12a6282bb9","type":"Microsoft.Authorization/policyDefinitions","name":"d4558451-e16a-4d2d-a066-fe12a6282bb9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1112 - Response To Audit Processing Failures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1112"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d530aad8-4ee2-45f4-b234-c061dae683c0","type":"Microsoft.Authorization/policyDefinitions","name":"d530aad8-4ee2-45f4-b234-c061dae683c0"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Data Lake Analytics to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Analytics to stream to a regional Log
+ Analytics workspace when any Data Lake Analytics which is missing this diagnostic
+ settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeAnalytics/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeAnalytics/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03","type":"Microsoft.Authorization/policyDefinitions","name":"d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03"},{"properties":{"displayName":"Microsoft
+ Managed Control 1585 - Security Engineering Principles","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1585"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d57f8732-5cdc-4cda-8d27-ab148e1f3a55","type":"Microsoft.Authorization/policyDefinitions","name":"d57f8732-5cdc-4cda-8d27-ab148e1f3a55"},{"properties":{"displayName":"Microsoft
+ Managed Control 1667 - System And Information Integrity Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1667"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d61880dc-6e38-4f2a-a30c-3406a98f8220","type":"Microsoft.Authorization/policyDefinitions","name":"d61880dc-6e38-4f2a-a30c-3406a98f8220"},{"properties":{"displayName":"Microsoft
+ Managed Control 1150 - Security Assessments | External Organizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1150"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d630429d-e763-40b1-8fba-d20ba7314afb","type":"Microsoft.Authorization/policyDefinitions","name":"d630429d-e763-40b1-8fba-d20ba7314afb"},{"properties":{"displayName":"Event
+ Hub should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Event Hub not configured to use a virtual network service
+ endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.EventHub/namespaces/virtualNetworkRules","existenceCondition":{"field":"Microsoft.EventHub/namespaces/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d63edb4a-c612-454d-b47d-191a724fcbf0","type":"Microsoft.Authorization/policyDefinitions","name":"d63edb4a-c612-454d-b47d-191a724fcbf0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1549 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1549"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d6976a08-d969-4df2-bb38-29556c2eb48a","type":"Microsoft.Authorization/policyDefinitions","name":"d6976a08-d969-4df2-bb38-29556c2eb48a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1473 - Emergency Power","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1473"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d7047705-d719-46a7-8bb0-76ad233eba71","type":"Microsoft.Authorization/policyDefinitions","name":"d7047705-d719-46a7-8bb0-76ad233eba71"},{"properties":{"displayName":"Microsoft
+ Managed Control 1529 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1529"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d74fdc92-1cb8-4a34-9978-8556425cd14c","type":"Microsoft.Authorization/policyDefinitions","name":"d74fdc92-1cb8-4a34-9978-8556425cd14c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1350 - Identification And Authentication (Non-Org. Users)
+ | Use Of FICAM-Issued Profiles","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1350"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d77fd943-6ba6-4a21-ba07-22b03e347cc4","type":"Microsoft.Authorization/policyDefinitions","name":"d77fd943-6ba6-4a21-ba07-22b03e347cc4"},{"properties":{"displayName":"Show
audit results from Windows Server VMs on which Windows Serial Console is not
enabled","policyType":"BuiltIn","mode":"All","description":"This policy should
only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
Server virtual machines on which Windows Serial Console is not enabled. For
more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsSerialConsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d7ccd0ca-8d78-42af-a43d-6b7f928accbc","type":"Microsoft.Authorization/policyDefinitions","name":"d7ccd0ca-8d78-42af-a43d-6b7f928accbc"},{"properties":{"displayName":"[Deprecated]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsSerialConsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d7ccd0ca-8d78-42af-a43d-6b7f928accbc","type":"Microsoft.Authorization/policyDefinitions","name":"d7ccd0ca-8d78-42af-a43d-6b7f928accbc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1016 - Account Management | Automated Audit Actions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1016"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d8b43277-512e-40c3-ab00-14b3b6e72238","type":"Microsoft.Authorization/policyDefinitions","name":"d8b43277-512e-40c3-ab00-14b3b6e72238"},{"properties":{"displayName":"Microsoft
+ Managed Control 1488 - Alternate Work Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1488"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d8ef30eb-a44f-47af-8524-ac19a36d41d2","type":"Microsoft.Authorization/policyDefinitions","name":"d8ef30eb-a44f-47af-8524-ac19a36d41d2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1577 - Acquisition Process | Continuous Monitoring Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1577"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d922484a-8cfc-4a6b-95a4-77d6a685407f","type":"Microsoft.Authorization/policyDefinitions","name":"d922484a-8cfc-4a6b-95a4-77d6a685407f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1271 - Alternate Storage Site | Accessibility","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1271"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/da3bfb53-9c46-4010-b3db-a7ba1296dada","type":"Microsoft.Authorization/policyDefinitions","name":"da3bfb53-9c46-4010-b3db-a7ba1296dada"},{"properties":{"displayName":"Microsoft
+ Managed Control 1516 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1516"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/da3cd269-156f-435b-b472-c3af34c032ed","type":"Microsoft.Authorization/policyDefinitions","name":"da3cd269-156f-435b-b472-c3af34c032ed"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Batch Account to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Batch Account to stream to a regional Event Hub
+ when any Batch Account which is missing this diagnostic settings is created
+ or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Batch/batchAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Batch/batchAccounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ServiceLog","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/db51110f-0865-4a6e-b274-e2e07a5b2cd7","type":"Microsoft.Authorization/policyDefinitions","name":"db51110f-0865-4a6e-b274-e2e07a5b2cd7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1277 - Alternate Processing Site | Priority Of Service","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1277"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dc43e829-3d50-4a0a-aa0f-428d551862aa","type":"Microsoft.Authorization/policyDefinitions","name":"dc43e829-3d50-4a0a-aa0f-428d551862aa"},{"properties":{"displayName":"Microsoft
+ Managed Control 1439 - Media Sanitization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1439"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dce72873-c5f1-47c3-9b4f-6b8207fd5a45","type":"Microsoft.Authorization/policyDefinitions","name":"dce72873-c5f1-47c3-9b4f-6b8207fd5a45"},{"properties":{"displayName":"Microsoft
+ Managed Control 1264 - Contingency Plan Testing | Coordinate With Related
+ Plans","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1264"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd280d4b-50a1-42fb-a479-ece5878acf19","type":"Microsoft.Authorization/policyDefinitions","name":"dd280d4b-50a1-42fb-a479-ece5878acf19"},{"properties":{"displayName":"[Deprecated]:
Audit Web Applications that are not using custom domains","policyType":"BuiltIn","mode":"All","description":"Use
of custom domains protects a web application from common attacks such as phishing
and other DNS-related attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -6671,7 +10210,23 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''System Audit Policies - Policy Change''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPolicyChange","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd4680ed-0559-4a6a-ad10-081d14cbb484","type":"Microsoft.Authorization/policyDefinitions","name":"dd4680ed-0559-4a6a-ad10-081d14cbb484"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPolicyChange","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd4680ed-0559-4a6a-ad10-081d14cbb484","type":"Microsoft.Authorization/policyDefinitions","name":"dd4680ed-0559-4a6a-ad10-081d14cbb484"},{"properties":{"displayName":"Microsoft
+ Managed Control 1715 - Software, Firmware, And Information Integrity | Automated
+ Response To Integrity Violations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1715"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd469ae0-71a8-4adc-aafc-de6949ca3339","type":"Microsoft.Authorization/policyDefinitions","name":"dd469ae0-71a8-4adc-aafc-de6949ca3339"},{"properties":{"displayName":"Microsoft
+ Managed Control 1678 - Malicious Code Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1678"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd533cb0-b416-4be7-8e86-4d154824dfd7","type":"Microsoft.Authorization/policyDefinitions","name":"dd533cb0-b416-4be7-8e86-4d154824dfd7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1391 - Information Spillage Response | Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1391"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd6ac1a1-660e-4810-baa8-74e868e2ed47","type":"Microsoft.Authorization/policyDefinitions","name":"dd6ac1a1-660e-4810-baa8-74e868e2ed47"},{"properties":{"displayName":"Microsoft
+ Managed Control 1146 - Security Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1146"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd83410c-ecb6-4547-8f14-748c3cbdc7ac","type":"Microsoft.Authorization/policyDefinitions","name":"dd83410c-ecb6-4547-8f14-748c3cbdc7ac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1602 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1602"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ddae2e97-a449-499f-a1c8-aea4a7e52ec9","type":"Microsoft.Authorization/policyDefinitions","name":"ddae2e97-a449-499f-a1c8-aea4a7e52ec9"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Settings
- Account Policies''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -6696,9 +10251,26 @@ interactions:
''='', parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsRecoveryconsole"},"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Recovery
console: Allow floppy copy and access to all drives and all folders;ExpectedValue","value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b","type":"Microsoft.Authorization/policyDefinitions","name":"ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b"},{"properties":{"displayName":"Allow
- resource creation only in Japan data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
- resource creation in the following locations only: Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697","type":"Microsoft.Authorization/policyDefinitions","name":"e01598e8-6538-41ed-95e8-8b29746cd697"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b","type":"Microsoft.Authorization/policyDefinitions","name":"ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1689 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1689"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/de901f2f-a01a-4456-97f0-33cda7966172","type":"Microsoft.Authorization/policyDefinitions","name":"de901f2f-a01a-4456-97f0-33cda7966172"},{"properties":{"displayName":"Microsoft
+ Managed Control 1528 - Access Agreements","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1528"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/deb9797c-22f8-40e8-b342-a84003c924e6","type":"Microsoft.Authorization/policyDefinitions","name":"deb9797c-22f8-40e8-b342-a84003c924e6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1673 - Flaw Remediation | Automated Flaw Remediation Status","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1673"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dff0b90d-5a6f-491c-b2f8-b90aa402d844","type":"Microsoft.Authorization/policyDefinitions","name":"dff0b90d-5a6f-491c-b2f8-b90aa402d844"},{"properties":{"displayName":"[Deprecated]:
+ Allow resource creation only in Japan data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ resource creation in the following locations only: Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697","type":"Microsoft.Authorization/policyDefinitions","name":"e01598e8-6538-41ed-95e8-8b29746cd697"},{"properties":{"displayName":"Cosmos
+ DB should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Cosmos DB not configured to use a virtual network service
+ endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"field":"Microsoft.DocumentDB/databaseAccounts/virtualNetworkRules[*].id","exists":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9","type":"Microsoft.Authorization/policyDefinitions","name":"e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1206 - Access Restrictions For Change | Limit Production /
+ Operational Privileges","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1206"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0de232d-02a0-4652-872d-88afb4ae5e91","type":"Microsoft.Authorization/policyDefinitions","name":"e0de232d-02a0-4652-872d-88afb4ae5e91"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that do not have the specified Windows
PowerShell execution policy","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -6709,18 +10281,43 @@ interactions:
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"ExecutionPolicy":{"type":"String","metadata":{"displayName":"PowerShell
Execution Policy","description":"The expected PowerShell execution policy."},"allowedValues":["AllSigned","Bypass","Default","RemoteSigned","Restricted","Undefined","Unrestricted"]}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellExecutionPolicy","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[PowerShellExecutionPolicy]PowerShellExecutionPolicy1;ExecutionPolicy'',
- ''='', parameters(''ExecutionPolicy'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPowerShellExecutionPolicy"},"ExecutionPolicy":{"value":"[parameters(''ExecutionPolicy'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ExecutionPolicy":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellExecutionPolicy]PowerShellExecutionPolicy1;ExecutionPolicy","value":"[parameters(''ExecutionPolicy'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellExecutionPolicy]PowerShellExecutionPolicy1;ExecutionPolicy","value":"[parameters(''ExecutionPolicy'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0efc13a-122a-47c5-b817-2ccfe5d12615","type":"Microsoft.Authorization/policyDefinitions","name":"e0efc13a-122a-47c5-b817-2ccfe5d12615"},{"properties":{"displayName":"Vulnerabilities
+ ''='', parameters(''ExecutionPolicy'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPowerShellExecutionPolicy"},"ExecutionPolicy":{"value":"[parameters(''ExecutionPolicy'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ExecutionPolicy":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellExecutionPolicy]PowerShellExecutionPolicy1;ExecutionPolicy","value":"[parameters(''ExecutionPolicy'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellExecutionPolicy]PowerShellExecutionPolicy1;ExecutionPolicy","value":"[parameters(''ExecutionPolicy'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0efc13a-122a-47c5-b817-2ccfe5d12615","type":"Microsoft.Authorization/policyDefinitions","name":"e0efc13a-122a-47c5-b817-2ccfe5d12615"},{"properties":{"displayName":"Microsoft
+ Managed Control 1714 - Software, Firmware, And Information Integrity | Automated
+ Notifications Of Integrity Violations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1714"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e12494fa-b81e-4080-af71-7dbacc2da0ec","type":"Microsoft.Authorization/policyDefinitions","name":"e12494fa-b81e-4080-af71-7dbacc2da0ec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1686 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1686"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e17085c5-0be8-4423-b39b-a52d3d1402e5","type":"Microsoft.Authorization/policyDefinitions","name":"e17085c5-0be8-4423-b39b-a52d3d1402e5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1722 - Spam Protection | Automatic Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1722"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1da06bd-25b6-4127-a301-c313d6873fff","type":"Microsoft.Authorization/policyDefinitions","name":"e1da06bd-25b6-4127-a301-c313d6873fff"},{"properties":{"displayName":"Vulnerabilities
in security configuration on your machines should be remediated","policyType":"BuiltIn","mode":"All","description":"Servers
which do not satisfy the configured baseline will be monitored by Azure Security
Center as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"osVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","type":"Microsoft.Authorization/policyDefinitions","name":"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"osVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","type":"Microsoft.Authorization/policyDefinitions","name":"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15"},{"properties":{"displayName":"Microsoft
+ Managed Control 1047 - System Use Notification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1047"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62","type":"Microsoft.Authorization/policyDefinitions","name":"e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62"},{"properties":{"displayName":"Microsoft
+ Managed Control 1276 - Alternate Processing Site | Accessibility","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1276"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e214e563-1206-4a43-a56b-ac5880c9c571","type":"Microsoft.Authorization/policyDefinitions","name":"e214e563-1206-4a43-a56b-ac5880c9c571"},{"properties":{"displayName":"Microsoft
+ Managed Control 1560 - System And Services Acquisition Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1560"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e29e0915-5c2f-4d09-8806-048b749ad763","type":"Microsoft.Authorization/policyDefinitions","name":"e29e0915-5c2f-4d09-8806-048b749ad763"},{"properties":{"displayName":"Ensure
+ that ''HTTP Version'' is the latest, if used to run the Function app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for HTTP either due to security flaws or to include
+ additional functionality. Using the latest HTTP version for web apps to take
+ advantage of security fixes, if any, and/or new functionalities of the newer
+ version.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.http20Enabled","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c","type":"Microsoft.Authorization/policyDefinitions","name":"e2c1c086-2d84-4019-bff3-c44ccd95113c"},{"properties":{"displayName":"[Preview]:
Audit Dependency Agent Deployment in VMSS - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports
VMSS as non-compliant if the VM Image (OS) is not in the list defined and
the agent is not installed. The list of OS images will be updated over time
@@ -6728,7 +10325,19 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10","type":"Microsoft.Authorization/policyDefinitions","name":"e2dd799a-a932-4e9d-ac17-d473bc3c6c10"},{"properties":{"displayName":"MFA
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10","type":"Microsoft.Authorization/policyDefinitions","name":"e2dd799a-a932-4e9d-ac17-d473bc3c6c10"},{"properties":{"displayName":"Microsoft
+ Managed Control 1161 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1161"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2f8f6c6-dde4-436b-a79d-bc50e129eb3a","type":"Microsoft.Authorization/policyDefinitions","name":"e2f8f6c6-dde4-436b-a79d-bc50e129eb3a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1387 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1387"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3007185-3857-43a9-8237-06ca94f1084c","type":"Microsoft.Authorization/policyDefinitions","name":"e3007185-3857-43a9-8237-06ca94f1084c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1479 - Fire Protection | Automatic Fire Suppression","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1479"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e327b072-281d-4f75-9c28-4216e5d72f26","type":"Microsoft.Authorization/policyDefinitions","name":"e327b072-281d-4f75-9c28-4216e5d72f26"},{"properties":{"displayName":"Azure
+ VPN gateways should not use ''basic'' SKU","policyType":"BuiltIn","mode":"All","description":"This
+ policy ensures that VPN gateways do not use ''basic'' SKU.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/virtualNetworkGateways"},{"field":"Microsoft.Network/virtualNetworkGateways/gatewayType","equals":"Vpn"},{"field":"Microsoft.Network/virtualNetworkGateways/sku.tier","equals":"Basic"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e345b6c3-24bd-4c93-9bbb-7e5e49a17b78","type":"Microsoft.Authorization/policyDefinitions","name":"e345b6c3-24bd-4c93-9bbb-7e5e49a17b78"},{"properties":{"displayName":"MFA
should be enabled on accounts with read permissions on your subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor
Authentication (MFA) should be enabled for all subscription accounts with
read privileges to prevent a breach of accounts or resources.","metadata":{"category":"Security
@@ -6776,7 +10385,13 @@ interactions:
password age;ExpectedValue","value":"[parameters(''MinimumPasswordAge'')]"},{"name":"Minimum
password length;ExpectedValue","value":"[parameters(''MinimumPasswordLength'')]"},{"name":"Password
must meet complexity requirements;ExpectedValue","value":"[parameters(''PasswordMustMeetComplexityRequirements'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3d95ab7-f47a-49d8-a347-784177b6c94c","type":"Microsoft.Authorization/policyDefinitions","name":"e3d95ab7-f47a-49d8-a347-784177b6c94c"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3d95ab7-f47a-49d8-a347-784177b6c94c","type":"Microsoft.Authorization/policyDefinitions","name":"e3d95ab7-f47a-49d8-a347-784177b6c94c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1451 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1451"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3f1e5a3-25c1-4476-8cb6-3955031f8e65","type":"Microsoft.Authorization/policyDefinitions","name":"e3f1e5a3-25c1-4476-8cb6-3955031f8e65"},{"properties":{"displayName":"Microsoft
+ Managed Control 1357 - Incident Response Training | Automated Training Environments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1357"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e4213689-05e8-4241-9d4e-8dd1cdafd105","type":"Microsoft.Authorization/policyDefinitions","name":"e4213689-05e8-4241-9d4e-8dd1cdafd105"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- User Account Control''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -6808,14 +10423,36 @@ interactions:
Approval Mode;ExpectedValue","value":"[parameters(''UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode'')]"},{"name":"User
Account Control: Detect application installations and prompt for elevation;ExpectedValue","value":"[parameters(''UACDetectApplicationInstallationsAndPromptForElevation'')]"},{"name":"User
Account Control: Run all administrators in Admin Approval Mode;ExpectedValue","value":"[parameters(''UACRunAllAdministratorsInAdminApprovalMode'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e425e402-a050-45e5-b010-bd3f934589fc","type":"Microsoft.Authorization/policyDefinitions","name":"e425e402-a050-45e5-b010-bd3f934589fc"},{"properties":{"displayName":"Allowed
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e425e402-a050-45e5-b010-bd3f934589fc","type":"Microsoft.Authorization/policyDefinitions","name":"e425e402-a050-45e5-b010-bd3f934589fc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1340 - Authenticator Management | No Embedded Unencrypted
+ Static Authenticators","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1340"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e51ff84b-e5ea-408f-b651-2ecc2933e4c6","type":"Microsoft.Authorization/policyDefinitions","name":"e51ff84b-e5ea-408f-b651-2ecc2933e4c6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1381 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1381"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e5368258-9684-4567-8126-269f34e65eab","type":"Microsoft.Authorization/policyDefinitions","name":"e5368258-9684-4567-8126-269f34e65eab"},{"properties":{"displayName":"Microsoft
+ Managed Control 1421 - Maintenance Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1421"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e539caaa-da8c-41b8-9e1e-449851e2f7a6","type":"Microsoft.Authorization/policyDefinitions","name":"e539caaa-da8c-41b8-9e1e-449851e2f7a6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1716 - Software, Firmware, And Information Integrity | Integration
+ Of Detection And Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1716"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e54c325e-42a0-4dcf-b105-046e0f6f590f","type":"Microsoft.Authorization/policyDefinitions","name":"e54c325e-42a0-4dcf-b105-046e0f6f590f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1023 - Account Management | Usage Conditions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1023"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e55698b6-3dea-4aa9-99b9-d8218c6ab6e5","type":"Microsoft.Authorization/policyDefinitions","name":"e55698b6-3dea-4aa9-99b9-d8218c6ab6e5"},{"properties":{"displayName":"Allowed
locations","policyType":"BuiltIn","mode":"Indexed","description":"This policy
enables you to restrict the locations your organization can specify when deploying
resources. Use to enforce your geo-compliance requirements. Excludes resource
groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources that
use the ''global'' region.","metadata":{"category":"General"},"parameters":{"listOfAllowedLocations":{"type":"Array","metadata":{"description":"The
list of locations that can be specified when deploying resources.","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"allOf":[{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"},{"field":"location","notEquals":"global"},{"field":"type","notEquals":"Microsoft.AzureActiveDirectory/b2cDirectories"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","type":"Microsoft.Authorization/policyDefinitions","name":"e56962a6-4747-49cd-b67b-bf8b01975c4c"},{"properties":{"displayName":"[Preview]:
+ locations"}}},"policyRule":{"if":{"allOf":[{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"},{"field":"location","notEquals":"global"},{"field":"type","notEquals":"Microsoft.AzureActiveDirectory/b2cDirectories"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","type":"Microsoft.Authorization/policyDefinitions","name":"e56962a6-4747-49cd-b67b-bf8b01975c4c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1296 - Information System Recovery And Reconstitution | Transaction
+ Recovery","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1296"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e57b98a0-a011-4956-a79d-5d17ed8b8e48","type":"Microsoft.Authorization/policyDefinitions","name":"e57b98a0-a011-4956-a79d-5d17ed8b8e48"},{"properties":{"displayName":"Microsoft
+ Managed Control 1499 - Rules Of Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1499"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e59671ab-9720-4ee2-9c60-170e8c82251e","type":"Microsoft.Authorization/policyDefinitions","name":"e59671ab-9720-4ee2-9c60-170e8c82251e"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Accounts''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -6835,29 +10472,49 @@ interactions:
the latest supported Node.js version for the latest security classes. Using
older classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestNodeJS","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008","type":"Microsoft.Authorization/policyDefinitions","name":"e67687e8-08d5-4e7f-8226-5b4753bba008"},{"properties":{"displayName":"Subnets
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestNodeJS","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008","type":"Microsoft.Authorization/policyDefinitions","name":"e67687e8-08d5-4e7f-8226-5b4753bba008"},{"properties":{"displayName":"Microsoft
+ Managed Control 1465 - Monitoring Physical Access | Monitoring Physical Access
+ To Information Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1465"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e6e41554-86b5-4537-9f7f-4fc41a1d1640","type":"Microsoft.Authorization/policyDefinitions","name":"e6e41554-86b5-4537-9f7f-4fc41a1d1640"},{"properties":{"displayName":"Subnets
should be associated with a Network Security Group","policyType":"BuiltIn","mode":"All","description":"Protect
your subnet from potential threats by restricting access to it with a Network
Security Group (NSG). NSGs contain a list of Access Control List (ACL) rules
that allow or deny network traffic to your subnet.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnSubnets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","type":"Microsoft.Authorization/policyDefinitions","name":"e71308d3-144b-4262-b144-efdc3cc90517"},{"properties":{"displayName":"Advanced
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnSubnets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","type":"Microsoft.Authorization/policyDefinitions","name":"e71308d3-144b-4262-b144-efdc3cc90517"},{"properties":{"displayName":"Microsoft
+ Managed Control 1567 - System Development Life Cycle","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1567"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e72edbf6-aa61-436d-a227-0f32b77194b3","type":"Microsoft.Authorization/policyDefinitions","name":"e72edbf6-aa61-436d-a227-0f32b77194b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1311 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1311"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e7568697-0c9e-4ea3-9cec-9e567d14f3c6","type":"Microsoft.Authorization/policyDefinitions","name":"e7568697-0c9e-4ea3-9cec-9e567d14f3c6"},{"properties":{"displayName":"Advanced
Threat Protection types should be set to ''All'' in SQL server Advanced Data
Security settings","policyType":"BuiltIn","mode":"Indexed","description":"It
is recommended to enable all Advanced Threat Protection types on your SQL
servers. Enabling all types protects against SQL injection, database vulnerabilities,
and any other anomalous activities.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/disabledAlerts[*]","equals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","type":"Microsoft.Authorization/policyDefinitions","name":"e756b945-1b1b-480b-8de8-9a0859d5f7ad"},{"properties":{"displayName":"Allowed
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/disabledAlerts[*]","equals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","type":"Microsoft.Authorization/policyDefinitions","name":"e756b945-1b1b-480b-8de8-9a0859d5f7ad"},{"properties":{"displayName":"Microsoft
+ Managed Control 1154 - System Interconnections | Unclassified Non-National
+ Security System Connections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1154"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e757ceb9-93b3-45fe-a4f4-f43f64f1ac5a","type":"Microsoft.Authorization/policyDefinitions","name":"e757ceb9-93b3-45fe-a4f4-f43f64f1ac5a"},{"properties":{"displayName":"Allowed
locations for resource groups","policyType":"BuiltIn","mode":"All","description":"This
policy enables you to restrict the locations your organization can create
resource groups in. Use to enforce your geo-compliance requirements.","metadata":{"category":"General"},"parameters":{"listOfAllowedLocations":{"type":"Array","metadata":{"description":"The
list of locations that resource groups can be created in.","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"allOf":[{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"},{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988","type":"Microsoft.Authorization/policyDefinitions","name":"e765b5de-1225-4ba3-bd56-1ac6695af988"},{"properties":{"displayName":"[Deprecated]:
+ locations"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988","type":"Microsoft.Authorization/policyDefinitions","name":"e765b5de-1225-4ba3-bd56-1ac6695af988"},{"properties":{"displayName":"Microsoft
+ Managed Control 1273 - Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1273"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e77fcbf2-a1e8-44f1-860e-ed6583761e65","type":"Microsoft.Authorization/policyDefinitions","name":"e77fcbf2-a1e8-44f1-860e-ed6583761e65"},{"properties":{"displayName":"[Deprecated]:
Audit Web Sockets state for a Web Application","policyType":"BuiltIn","mode":"All","description":"The
Web Sockets protocol is vulnerable to different types of security threats.
Use of Web Sockets within a web application must be carefully reviewed.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e","type":"Microsoft.Authorization/policyDefinitions","name":"e797f851-8be7-4c40-bb56-2e3395215b0e"},{"properties":{"displayName":"Enforce
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e","type":"Microsoft.Authorization/policyDefinitions","name":"e797f851-8be7-4c40-bb56-2e3395215b0e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1169 - Continuous Monitoring | Trend Analyses","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1169"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e7ba2cb3-5675-4468-8b50-8486bdd998a5","type":"Microsoft.Authorization/policyDefinitions","name":"e7ba2cb3-5675-4468-8b50-8486bdd998a5"},{"properties":{"displayName":"Enforce
SSL connection should be enabled for MySQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any MySQL server that is not enforcing SSL connection. Azure
Database for MySQL supports connecting your Azure Database for MySQL server
@@ -6865,16 +10522,97 @@ interactions:
between your database server and your client applications helps protect against
''man in the middle'' attacks by encrypting the data stream between the server
and your application.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMySQL/servers"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","type":"Microsoft.Authorization/policyDefinitions","name":"e802a67a-daf5-4436-9ea6-f6d821dd0c5d"},{"properties":{"displayName":"Vulnerabilities
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMySQL/servers"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","type":"Microsoft.Authorization/policyDefinitions","name":"e802a67a-daf5-4436-9ea6-f6d821dd0c5d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1237 - Software Usage Restrictions | Open Source Software","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1237"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e80b6812-0bfa-4383-8223-cdd86a46a890","type":"Microsoft.Authorization/policyDefinitions","name":"e80b6812-0bfa-4383-8223-cdd86a46a890"},{"properties":{"displayName":"Vulnerabilities
in container security configurations should be remediated","policyType":"BuiltIn","mode":"All","description":"Audit
vulnerabilities in security configuration on machines with Docker installed
and display as recommendations in Azure Security Center.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ContainerBenchmark","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","type":"Microsoft.Authorization/policyDefinitions","name":"e8cbc669-f12d-49eb-93e7-9273119e9933"},{"properties":{"displayName":"Remote
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ContainerBenchmark","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","type":"Microsoft.Authorization/policyDefinitions","name":"e8cbc669-f12d-49eb-93e7-9273119e9933"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Data Lake Storage Gen1 to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Storage Gen1 to stream to a regional
+ Event Hub when any Data Lake Storage Gen1 which is missing this diagnostic
+ settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeStore/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e8d096bc-85de-4c5f-8cfb-857bd1b9d62d","type":"Microsoft.Authorization/policyDefinitions","name":"e8d096bc-85de-4c5f-8cfb-857bd1b9d62d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1626 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1626"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e8f6bddd-6d67-439a-88d4-c5fe39a79341","type":"Microsoft.Authorization/policyDefinitions","name":"e8f6bddd-6d67-439a-88d4-c5fe39a79341"},{"properties":{"displayName":"Microsoft
+ Managed Control 1502 - Rules Of Behavior | Social Media And Networking Restrictions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1502"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e901375c-8f01-4ac8-9183-d5312f47fe63","type":"Microsoft.Authorization/policyDefinitions","name":"e901375c-8f01-4ac8-9183-d5312f47fe63"},{"properties":{"displayName":"Microsoft
+ Managed Control 1723 - Information Input Validation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1723"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e91927a0-ac1d-44a0-95f8-5185f9dfce9f","type":"Microsoft.Authorization/policyDefinitions","name":"e91927a0-ac1d-44a0-95f8-5185f9dfce9f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1200 - Security Impact Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1200"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e98fe9d7-2ed3-44f8-93b7-24dca69783ff","type":"Microsoft.Authorization/policyDefinitions","name":"e98fe9d7-2ed3-44f8-93b7-24dca69783ff"},{"properties":{"displayName":"Microsoft
+ Managed Control 1487 - Alternate Work Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1487"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e9c3371d-c30c-4f58-abd9-30b8a8199571","type":"Microsoft.Authorization/policyDefinitions","name":"e9c3371d-c30c-4f58-abd9-30b8a8199571"},{"properties":{"displayName":"Remote
debugging should be turned off for API Apps","policyType":"BuiltIn","mode":"Indexed","description":"Remote
debugging requires inbound ports to be opened on an API apps. Remote debugging
should be turned off.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","type":"Microsoft.Authorization/policyDefinitions","name":"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e"},{"properties":{"displayName":"Deprecated
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","type":"Microsoft.Authorization/policyDefinitions","name":"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1363 - Incident Handling | Automated Incident Handling Processes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1363"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ea3e8156-89a1-45b1-8bd6-938abc79fdfd","type":"Microsoft.Authorization/policyDefinitions","name":"ea3e8156-89a1-45b1-8bd6-938abc79fdfd"},{"properties":{"displayName":"Inherit
+ a tag from the resource group if missing","policyType":"BuiltIn","mode":"Indexed","description":"Adds
+ the specified tag with its value from the parent resource group when any resource
+ missing this tag is created or updated. Existing resources can be remediated
+ by triggering a remediation task. If the tag exists with a different value
+ it will not be changed.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"allOf":[{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","exists":"false"},{"value":"[resourceGroup().tags[parameters(''tagName'')]]","notEquals":""}]},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"add","field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","value":"[resourceGroup().tags[parameters(''tagName'')]]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ea3f2387-9b95-492a-a190-fcdc54f7b070","type":"Microsoft.Authorization/policyDefinitions","name":"ea3f2387-9b95-492a-a190-fcdc54f7b070"},{"properties":{"displayName":"Key
+ Vault should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Key Vault not configured to use a virtual network service
+ endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"anyOf":[{"field":"Microsoft.KeyVault/vaults/networkAcls.defaultAction","notEquals":"Deny"},{"field":"Microsoft.KeyVault/vaults/networkAcls.virtualNetworkRules[*].id","exists":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ea4d6841-2173-4317-9747-ff522a45120f","type":"Microsoft.Authorization/policyDefinitions","name":"ea4d6841-2173-4317-9747-ff522a45120f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1422 - Maintenance Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1422"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ea556850-838d-4a37-8ce5-9d7642f95e11","type":"Microsoft.Authorization/policyDefinitions","name":"ea556850-838d-4a37-8ce5-9d7642f95e11"},{"properties":{"displayName":"Microsoft
+ Managed Control 1542 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1542"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eab340d0-3d55-4826-a0e5-feebfeb0131d","type":"Microsoft.Authorization/policyDefinitions","name":"eab340d0-3d55-4826-a0e5-feebfeb0131d"},{"properties":{"displayName":"Ensure
+ Function app has ''Client Certificates (Incoming client certificates)'' set
+ to ''On''","policyType":"BuiltIn","mode":"Indexed","description":"Client certificates
+ allow for the app to request a certificate for incoming requests. Only clients
+ that have a valid certificate will be able to reach the app.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"},{"field":"Microsoft.Web/sites/clientCertEnabled","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c","type":"Microsoft.Authorization/policyDefinitions","name":"eaebaea7-8013-4ceb-9d14-7eb32271373c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1064 - Remote Access | Privileged Commands / Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1064"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eb4d9508-cbf0-4a3c-bb5c-6c95b159f3fb","type":"Microsoft.Authorization/policyDefinitions","name":"eb4d9508-cbf0-4a3c-bb5c-6c95b159f3fb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1321 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1321"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eb627cc6-3a9d-46b5-96b7-5fca49178a37","type":"Microsoft.Authorization/policyDefinitions","name":"eb627cc6-3a9d-46b5-96b7-5fca49178a37"},{"properties":{"displayName":"Log
+ checkpoints should be enabled for PostgreSQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy helps audit any PostgreSQL databases in your environment without log_checkpoints
+ setting enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"log_checkpoints","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d","type":"Microsoft.Authorization/policyDefinitions","name":"eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d"},{"properties":{"displayName":"Log
+ connections should be enabled for PostgreSQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy helps audit any PostgreSQL databases in your environment without log_connections
+ setting enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"log_connections","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e442","type":"Microsoft.Authorization/policyDefinitions","name":"eb6f77b9-bd53-4e35-a23d-7f65d5f0e442"},{"properties":{"displayName":"Disconnections
+ should be logged for PostgreSQL database servers.","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy helps audit any PostgreSQL databases in your environment without log_disconnections
+ enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"log_disconnections","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e446","type":"Microsoft.Authorization/policyDefinitions","name":"eb6f77b9-bd53-4e35-a23d-7f65d5f0e446"},{"properties":{"displayName":"Log
+ duration should be enabled for PostgreSQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy helps audit any PostgreSQL databases in your environment without log_duration
+ setting enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"log_duration","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e8f3","type":"Microsoft.Authorization/policyDefinitions","name":"eb6f77b9-bd53-4e35-a23d-7f65d5f0e8f3"},{"properties":{"displayName":"Deprecated
accounts with owner permissions should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"Deprecated
accounts with owner permissions should be removed from your subscription. Deprecated
accounts are accounts that have been blocked from signing in.","metadata":{"category":"Security
@@ -6888,13 +10626,13 @@ interactions:
Configuration. This policy should only be used along with its corresponding
audit policy in an initiative. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid110"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid110"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","type":"Microsoft.Authorization/policyDefinitions","name":"ec49586f-4939-402d-a29e-6ff502b20592"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Administrative
Templates - Control Panel''","policyType":"BuiltIn","mode":"Indexed","description":"This
@@ -6906,7 +10644,13 @@ interactions:
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesControlPanel","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_AdministrativeTemplatesControlPanel"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ec7ac234-2af5-4729-94d2-c557c071799d","type":"Microsoft.Authorization/policyDefinitions","name":"ec7ac234-2af5-4729-94d2-c557c071799d"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ec7ac234-2af5-4729-94d2-c557c071799d","type":"Microsoft.Authorization/policyDefinitions","name":"ec7ac234-2af5-4729-94d2-c557c071799d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1241 - User-Installed Software | Alerts For Unauthorized Installations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1241"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eca4d7b2-65e2-4e04-95d4-c68606b063c3","type":"Microsoft.Authorization/policyDefinitions","name":"eca4d7b2-65e2-4e04-95d4-c68606b063c3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1622 - Boundary Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1622"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ecf56554-164d-499a-8d00-206b07c27bed","type":"Microsoft.Authorization/policyDefinitions","name":"ecf56554-164d-499a-8d00-206b07c27bed"},{"properties":{"displayName":"Deploy
Diagnostic Settings for Key Vault to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
the diagnostic settings for Key Vault to stream to a regional Event Hub when
any Key Vault which is missing this diagnostic settings is created or updated.","metadata":{"category":"Key
@@ -6922,12 +10666,78 @@ interactions:
logs","description":"Whether to enable logs stream to the Event Hub - True
or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vaultName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"resources":[{"type":"Microsoft.KeyVault/vaults/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''vaultName''),
''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"AuditEvent","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- diagnostic settings for '', parameters(''vaultName''))]"}}},"parameters":{"location":{"value":"[field(''location'')]"},"vaultName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ed7c8c13-51e7-49d1-8a43-8490431a0da2","type":"Microsoft.Authorization/policyDefinitions","name":"ed7c8c13-51e7-49d1-8a43-8490431a0da2"},{"properties":{"displayName":"Vulnerability
+ diagnostic settings for '', parameters(''vaultName''))]"}}},"parameters":{"location":{"value":"[field(''location'')]"},"vaultName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ed7c8c13-51e7-49d1-8a43-8490431a0da2","type":"Microsoft.Authorization/policyDefinitions","name":"ed7c8c13-51e7-49d1-8a43-8490431a0da2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1217 - Least Functionality | Periodic Review","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1217"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/edea4f20-b02c-4115-be75-86c080e5c0ed","type":"Microsoft.Authorization/policyDefinitions","name":"edea4f20-b02c-4115-be75-86c080e5c0ed"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Stream Analytics to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Stream Analytics to stream to a regional Event
+ Hub when any Stream Analytics which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingjobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.StreamAnalytics/streamingjobs/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Execution","enabled":"[parameters(''logsEnabled'')]"},{"category":"Authoring","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/edf3780c-3d70-40fe-b17e-ab72013dafca","type":"Microsoft.Authorization/policyDefinitions","name":"edf3780c-3d70-40fe-b17e-ab72013dafca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1189 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1189"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ee45e02a-4140-416c-82c4-fecfea660b9d","type":"Microsoft.Authorization/policyDefinitions","name":"ee45e02a-4140-416c-82c4-fecfea660b9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1089 - Security Awareness Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1089"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef080e67-0d1a-4f76-a0c5-fb9b0358485e","type":"Microsoft.Authorization/policyDefinitions","name":"ef080e67-0d1a-4f76-a0c5-fb9b0358485e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1314 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1314"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef0c8530-efd9-45b8-b753-f03083d06295","type":"Microsoft.Authorization/policyDefinitions","name":"ef0c8530-efd9-45b8-b753-f03083d06295"},{"properties":{"displayName":"Microsoft
+ Managed Control 1128 - Time Stamps","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1128"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef212163-3bc4-4e86-bcf8-705127086393","type":"Microsoft.Authorization/policyDefinitions","name":"ef212163-3bc4-4e86-bcf8-705127086393"},{"properties":{"displayName":"Vulnerability
assessment should be enabled on your SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"Audit
Azure SQL servers which do not have recurring vulnerability assessment scans
enabled. Vulnerability assessment can discover, track, and help you remediate
potential database vulnerabilities.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/vulnerabilityAssessments/recurringScans.isEnabled","equals":"True"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","type":"Microsoft.Authorization/policyDefinitions","name":"ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Event Hub to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Event Hub to stream to a regional Event Hub when
+ any Event Hub which is missing this diagnostic settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.EventHub/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ArchiveLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"AutoScaleLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"KafkaCoordinatorLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"EventHubVNetConnectionEvent","enabled":"[parameters(''logsEnabled'')]"},{"category":"CustomerManagedKeyUserLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef7b61ef-b8e4-4c91-8e78-6946c6b0023f","type":"Microsoft.Authorization/policyDefinitions","name":"ef7b61ef-b8e4-4c91-8e78-6946c6b0023f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1472 - Emergency Shutoff","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1472"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef869332-921d-4c28-9402-3be73e6e50c8","type":"Microsoft.Authorization/policyDefinitions","name":"ef869332-921d-4c28-9402-3be73e6e50c8"},{"properties":{"displayName":"The
+ Log Analytics agent should be installed on Virtual Machine Scale Sets","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Windows/Linux Virtual Machine Scale Sets if the Log Analytics
+ agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","in":["MicrosoftMonitoringAgent","OmsAgentForLinux"]},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/provisioningState","equals":"Succeeded"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/settings.workspaceId","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf","type":"Microsoft.Authorization/policyDefinitions","name":"efbde977-ba53-4479-b8e9-10b957924fbf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1012 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1012"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/efd7b9ae-1db6-4eb6-b0fe-87e6565f9738","type":"Microsoft.Authorization/policyDefinitions","name":"efd7b9ae-1db6-4eb6-b0fe-87e6565f9738"},{"properties":{"displayName":"Microsoft
+ Managed Control 1358 - Incident Response Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1358"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/effbaeef-5bf4-400d-895e-ef8cbc0e64c7","type":"Microsoft.Authorization/policyDefinitions","name":"effbaeef-5bf4-400d-895e-ef8cbc0e64c7"},{"properties":{"displayName":"Ensure
+ that Register with Azure Active Directory is enabled on Function App","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0473e7a-a1ba-4e86-afb2-e829e11b01d8","type":"Microsoft.Authorization/policyDefinitions","name":"f0473e7a-a1ba-4e86-afb2-e829e11b01d8"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that have the specified applications installed","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
that have the specified applications installed. It also creates a system-assigned
@@ -6939,14 +10749,30 @@ interactions:
names of the applications that should not be installed. e.g. ''Microsoft SQL
Server 2014 (64-bit); Microsoft Visual Studio Code'' or ''Microsoft SQL Server
2014*'' (to match any application starting with ''Microsoft SQL Server 2014'')"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"NotInstalledApplication","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[InstalledApplication]NotInstalledApplicationResource1;Name'',
- ''='', parameters(''ApplicationName'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"NotInstalledApplication"},"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ApplicationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]NotInstalledApplicationResource1;Name","value":"[parameters(''ApplicationName'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]NotInstalledApplicationResource1;Name","value":"[parameters(''ApplicationName'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2","type":"Microsoft.Authorization/policyDefinitions","name":"f0633351-c7b2-41ff-9981-508fc08553c2"},{"properties":{"displayName":"[Preview]:
+ ''='', parameters(''ApplicationName'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"NotInstalledApplication"},"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ApplicationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]NotInstalledApplicationResource1;Name","value":"[parameters(''ApplicationName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]NotInstalledApplicationResource1;Name","value":"[parameters(''ApplicationName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2","type":"Microsoft.Authorization/policyDefinitions","name":"f0633351-c7b2-41ff-9981-508fc08553c2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1531 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1531"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0643e0c-eee5-4113-8684-c608d05c5236","type":"Microsoft.Authorization/policyDefinitions","name":"f0643e0c-eee5-4113-8684-c608d05c5236"},{"properties":{"displayName":"Latest
+ TLS version should be used in your Web App","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
+ to the latest TLS version","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","type":"Microsoft.Authorization/policyDefinitions","name":"f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1028 - Information Flow Enforcement","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1028"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f171df5c-921b-41e9-b12b-50801c315475","type":"Microsoft.Authorization/policyDefinitions","name":"f171df5c-921b-41e9-b12b-50801c315475"},{"properties":{"displayName":"Virtual
+ networks should use specified virtual network gateway","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any virtual network if the default route does not point to the
+ specified virtual network gateway.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"virtualNetworkGatewayId":{"type":"String","metadata":{"displayName":"Virtual
+ network gateway Id","description":"Resource Id of the virtual network gateway.
+ Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroup/providers/Microsoft.Network/virtualNetworkGateways/Name"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/virtualNetworks"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Network/virtualNetworks/subnets","name":"GatewaySubnet","existenceCondition":{"not":{"field":"Microsoft.Network/virtualNetworks/subnets/ipConfigurations[*].id","notContains":"[concat(parameters(''virtualNetworkGatewayId''),
+ ''/'')]"}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f1776c76-f58c-4245-a8d0-2b207198dc8b","type":"Microsoft.Authorization/policyDefinitions","name":"f1776c76-f58c-4245-a8d0-2b207198dc8b"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Linux VMs that do not have the passwd file permissions
set to 0644","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Linux virtual machines that
@@ -6954,13 +10780,13 @@ interactions:
managed identity and deploys the VM extension for Guest Configuration. This
policy should only be used along with its corresponding audit policy in an
initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid121"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid121"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","type":"Microsoft.Authorization/policyDefinitions","name":"f19aa1c1-6b91-4c27-ae6a-970279f03db9"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Adminstrative
Templates - MSS (Legacy)''","policyType":"BuiltIn","mode":"Indexed","description":"This
@@ -6972,7 +10798,24 @@ interactions:
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdminstrativeTemplatesMSSLegacy","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_AdminstrativeTemplatesMSSLegacy"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f1f4825d-58fb-4257-8016-8c00e3c9ed9d","type":"Microsoft.Authorization/policyDefinitions","name":"f1f4825d-58fb-4257-8016-8c00e3c9ed9d"},{"properties":{"displayName":"Show
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f1f4825d-58fb-4257-8016-8c00e3c9ed9d","type":"Microsoft.Authorization/policyDefinitions","name":"f1f4825d-58fb-4257-8016-8c00e3c9ed9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1701 - Information System Monitoring | Host-Based Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1701"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f25bc08f-27cb-43b6-9a23-014d00700426","type":"Microsoft.Authorization/policyDefinitions","name":"f25bc08f-27cb-43b6-9a23-014d00700426"},{"properties":{"displayName":"Microsoft
+ Managed Control 1457 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1457"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f2d9d3e6-8886-4305-865d-639163e5c305","type":"Microsoft.Authorization/policyDefinitions","name":"f2d9d3e6-8886-4305-865d-639163e5c305"},{"properties":{"displayName":"Microsoft
+ Managed Control 1309 - Identification And Authentication (Org. Users) | Acceptance
+ Of Piv Credentials","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1309"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f355d62b-39a8-4ba3-abf7-90f71cb3b000","type":"Microsoft.Authorization/policyDefinitions","name":"f355d62b-39a8-4ba3-abf7-90f71cb3b000"},{"properties":{"displayName":"Microsoft
+ Managed Control 1615 - System And Communications Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1615"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f35e02aa-0a55-49f8-8811-8abfa7e6f2c0","type":"Microsoft.Authorization/policyDefinitions","name":"f35e02aa-0a55-49f8-8811-8abfa7e6f2c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1255 - Contingency Plan | Continue Essential Missions / Business
+ Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1255"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f3793f5e-937f-44f7-bfba-40647ef3efa0","type":"Microsoft.Authorization/policyDefinitions","name":"f3793f5e-937f-44f7-bfba-40647ef3efa0"},{"properties":{"displayName":"Show
audit results from Windows VMs in which the Administrators group does not
contain all of the specified members","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -6988,7 +10831,10 @@ interactions:
VMs that do not contain the specified certificates in the Trusted Root Certification
Authorities certificate store (Cert:\\LocalMachine\\Root). For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsCertificateInTrustedRoot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f3b9ad83-000d-4dc1-bff0-6d54533dd03f","type":"Microsoft.Authorization/policyDefinitions","name":"f3b9ad83-000d-4dc1-bff0-6d54533dd03f"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsCertificateInTrustedRoot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f3b9ad83-000d-4dc1-bff0-6d54533dd03f","type":"Microsoft.Authorization/policyDefinitions","name":"f3b9ad83-000d-4dc1-bff0-6d54533dd03f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1706 - Security Alerts, Advisories, And Directives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1706"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f475ee0e-f560-4c9b-876b-04a77460a404","type":"Microsoft.Authorization/policyDefinitions","name":"f475ee0e-f560-4c9b-876b-04a77460a404"},{"properties":{"displayName":"[Preview]:
Audit Log Analytics Workspace for VM - Report Mismatch","policyType":"BuiltIn","mode":"Indexed","description":"Reports
VMs as non-compliant if they not logging to the LA workspace specified in
the policy/initiative assignment.","metadata":{"category":"Monitoring"},"parameters":{"logAnalyticsWorkspaceId":{"type":"String","metadata":{"displayName":"Log
@@ -7005,7 +10851,9 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that do not have the password complexity setting enabled.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","type":"Microsoft.Authorization/policyDefinitions","name":"f48b2913-1dc5-4834-8c72-ccc1dfd819bb"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","type":"Microsoft.Authorization/policyDefinitions","name":"f48b2913-1dc5-4834-8c72-ccc1dfd819bb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1495 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1495"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f4978d0e-a596-48e7-9f8c-bbf52554ce8d","type":"Microsoft.Authorization/policyDefinitions","name":"f4978d0e-a596-48e7-9f8c-bbf52554ce8d"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that have not restarted within the
specified number of days","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -7017,13 +10865,13 @@ interactions:
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"NumberOfDays":{"type":"String","metadata":{"displayName":"Number
of days","description":"The number of days without restart until the machine
is considered non-compliant"},"defaultValue":"12"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MachineLastBootUpTime","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[MachineUpTime]MachineLastBootUpTime;NumberOfDays'',
- ''='', parameters(''NumberOfDays'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MachineLastBootUpTime"},"NumberOfDays":{"value":"[parameters(''NumberOfDays'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"NumberOfDays":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[MachineUpTime]MachineLastBootUpTime;NumberOfDays","value":"[parameters(''NumberOfDays'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[MachineUpTime]MachineLastBootUpTime;NumberOfDays","value":"[parameters(''NumberOfDays'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''='', parameters(''NumberOfDays'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MachineLastBootUpTime"},"NumberOfDays":{"value":"[parameters(''NumberOfDays'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"NumberOfDays":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[MachineUpTime]MachineLastBootUpTime;NumberOfDays","value":"[parameters(''NumberOfDays'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[MachineUpTime]MachineLastBootUpTime;NumberOfDays","value":"[parameters(''NumberOfDays'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f4b245d4-46c9-42be-9b1a-49e2b5b94194","type":"Microsoft.Authorization/policyDefinitions","name":"f4b245d4-46c9-42be-9b1a-49e2b5b94194"},{"properties":{"displayName":"Deploy
Auditing on SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy ensures that Auditing is enabled on SQL Servers for enhanced security
@@ -7040,7 +10888,13 @@ interactions:
0, 3)]","storageName":"[tolower(concat(''sqlaudit'', variables(''locationCode''),
variables(''uniqueStorage'')))]","createStorageAccountDeploymentName":"[concat(''sqlServerAuditingStorageAccount-'',
uniqueString(variables(''locationCode''), parameters(''serverName'')))]"},"resources":[{"apiVersion":"2017-05-10","name":"[variables(''createStorageAccountDeploymentName'')]","type":"Microsoft.Resources/deployments","resourceGroup":"[parameters(''storageAccountsResourceGroup'')]","properties":{"mode":"Incremental","parameters":{"location":{"value":"[parameters(''location'')]"},"storageName":{"value":"[variables(''storageName'')]"}},"templateLink":{"uri":"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json","contentVersion":"1.0.0.0"}}},{"name":"[concat(parameters(''serverName''),
- ''/Default'')]","type":"Microsoft.Sql/servers/auditingSettings","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","storageEndpoint":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountEndPoint.value]","storageAccountAccessKey":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountKey.value]","retentionDays":"[variables(''retentionDays'')]","auditActionsAndGroups":null,"storageAccountSubscriptionId":"[subscription().subscriptionId]","isStorageSecondaryKeyInUse":false}}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"auditRetentionDays":{"value":"[parameters(''retentionDays'')]"},"storageAccountsResourceGroup":{"value":"[parameters(''storageAccountsResourceGroup'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036","type":"Microsoft.Authorization/policyDefinitions","name":"f4c68484-132f-41f9-9b6d-3e4b1cb55036"},{"properties":{"displayName":"[Preview]:
+ ''/Default'')]","type":"Microsoft.Sql/servers/auditingSettings","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","storageEndpoint":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountEndPoint.value]","storageAccountAccessKey":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountKey.value]","retentionDays":"[variables(''retentionDays'')]","auditActionsAndGroups":null,"storageAccountSubscriptionId":"[subscription().subscriptionId]","isStorageSecondaryKeyInUse":false}}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"auditRetentionDays":{"value":"[parameters(''retentionDays'')]"},"storageAccountsResourceGroup":{"value":"[parameters(''storageAccountsResourceGroup'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036","type":"Microsoft.Authorization/policyDefinitions","name":"f4c68484-132f-41f9-9b6d-3e4b1cb55036"},{"properties":{"displayName":"Microsoft
+ Managed Control 1469 - Power Equipment And Cabling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1469"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd","type":"Microsoft.Authorization/policyDefinitions","name":"f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1618 - Security Function Isolation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1618"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f52f89aa-4489-4ec4-950e-8c96a036baa9","type":"Microsoft.Authorization/policyDefinitions","name":"f52f89aa-4489-4ec4-950e-8c96a036baa9"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Network Access''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -7076,13 +10930,42 @@ interactions:
access: Remotely accessible registry paths;ExpectedValue","value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPaths'')]"},{"name":"Network
access: Remotely accessible registry paths and sub-paths;ExpectedValue","value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths'')]"},{"name":"Network
access: Shares that can be accessed anonymously;ExpectedValue","value":"[parameters(''NetworkAccessSharesThatCanBeAccessedAnonymously'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f56a3ab2-89d1-44de-ac0d-2ada5962e22a","type":"Microsoft.Authorization/policyDefinitions","name":"f56a3ab2-89d1-44de-ac0d-2ada5962e22a"},{"properties":{"displayName":"Virtual
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f56a3ab2-89d1-44de-ac0d-2ada5962e22a","type":"Microsoft.Authorization/policyDefinitions","name":"f56a3ab2-89d1-44de-ac0d-2ada5962e22a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1198 - Configuration Change Control | Security Representative","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1198"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f56be5c3-660b-4c61-9078-f67cf072c356","type":"Microsoft.Authorization/policyDefinitions","name":"f56be5c3-660b-4c61-9078-f67cf072c356"},{"properties":{"displayName":"Microsoft
+ Managed Control 1328 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1328"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f5c66fdc-3d02-4034-9db5-ba57802609de","type":"Microsoft.Authorization/policyDefinitions","name":"f5c66fdc-3d02-4034-9db5-ba57802609de"},{"properties":{"displayName":"Microsoft
+ Managed Control 1193 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1193"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f5fd629f-3075-4cae-ab53-bad65495a4ac","type":"Microsoft.Authorization/policyDefinitions","name":"f5fd629f-3075-4cae-ab53-bad65495a4ac"},{"properties":{"displayName":"Virtual
machines should be associated with a Network Security Group","policyType":"BuiltIn","mode":"All","description":"Protect
your VM from potential threats by restricting access to it with a Network
Security Group (NSG). NSGs contain a list of Access Control List (ACL) rules
that allow or deny network traffic to your VM from other instances, in or
outside the same subnet.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnVirtualMachines","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","type":"Microsoft.Authorization/policyDefinitions","name":"f6de0be7-9a8a-4b8a-b349-43cf02d22f7c"},{"properties":{"displayName":"Show
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnVirtualMachines","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","type":"Microsoft.Authorization/policyDefinitions","name":"f6de0be7-9a8a-4b8a-b349-43cf02d22f7c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1214 - Least Functionality","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1214"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f714a4e2-b580-47b6-ae8c-f2812d3750f3","type":"Microsoft.Authorization/policyDefinitions","name":"f714a4e2-b580-47b6-ae8c-f2812d3750f3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1591 - External Information System Services | Ident. Of Functions
+ / Ports / Protocols / Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1591"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f751cdb7-fbee-406b-969b-815d367cb9b3","type":"Microsoft.Authorization/policyDefinitions","name":"f751cdb7-fbee-406b-969b-815d367cb9b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1330 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1330"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f75cedb2-5def-4b31-973e-b69e8c7bd031","type":"Microsoft.Authorization/policyDefinitions","name":"f75cedb2-5def-4b31-973e-b69e8c7bd031"},{"properties":{"displayName":"Microsoft
+ Managed Control 1540 - Security Categorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1540"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f771f8cb-6642-45cc-9a15-8a41cd5c6977","type":"Microsoft.Authorization/policyDefinitions","name":"f771f8cb-6642-45cc-9a15-8a41cd5c6977"},{"properties":{"displayName":"Microsoft
+ Managed Control 1449 - Physical Access Authorizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1449"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f784d3b0-5f2b-49b7-b9f3-00ba8653ced5","type":"Microsoft.Authorization/policyDefinitions","name":"f784d3b0-5f2b-49b7-b9f3-00ba8653ced5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1506 - Personnel Security Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1506"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f7d2ff17-d604-4dd9-b607-9ecf63f28ad2","type":"Microsoft.Authorization/policyDefinitions","name":"f7d2ff17-d604-4dd9-b607-9ecf63f28ad2"},{"properties":{"displayName":"Show
audit results from Windows VMs that do not have the specified Windows PowerShell
execution policy","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -7090,11 +10973,20 @@ interactions:
auditing Windows virtual machines where Windows PowerShell is not configured
to use the specified PowerShell execution policy. For more information on
Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellExecutionPolicy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8036bd0-c10b-4931-86bb-94a878add855","type":"Microsoft.Authorization/policyDefinitions","name":"f8036bd0-c10b-4931-86bb-94a878add855"},{"properties":{"displayName":"External
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellExecutionPolicy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8036bd0-c10b-4931-86bb-94a878add855","type":"Microsoft.Authorization/policyDefinitions","name":"f8036bd0-c10b-4931-86bb-94a878add855"},{"properties":{"displayName":"Microsoft
+ Managed Control 1705 - Security Alerts, Advisories, And Directives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1705"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f82e3639-fa2b-4e06-a786-932d8379b972","type":"Microsoft.Authorization/policyDefinitions","name":"f82e3639-fa2b-4e06-a786-932d8379b972"},{"properties":{"displayName":"External
accounts with owner permissions should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"External
accounts with owner permissions should be removed from your subscription in
order to prevent unmonitored access.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","type":"Microsoft.Authorization/policyDefinitions","name":"f8456c1c-aa66-4dfb-861a-25d127b775c9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","type":"Microsoft.Authorization/policyDefinitions","name":"f8456c1c-aa66-4dfb-861a-25d127b775c9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1345 - Cryptographic Module Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1345"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f86aa129-7c07-4aa4-bbf5-792d93ffd9ea","type":"Microsoft.Authorization/policyDefinitions","name":"f86aa129-7c07-4aa4-bbf5-792d93ffd9ea"},{"properties":{"displayName":"Microsoft
+ Managed Control 1065 - Remote Access | Privileged Commands / Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1065"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f87b8085-dca9-4cf1-8f7b-9822b997797c","type":"Microsoft.Authorization/policyDefinitions","name":"f87b8085-dca9-4cf1-8f7b-9822b997797c"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - System''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -7119,20 +11011,69 @@ interactions:
your network is compromised","metadata":{"category":"Service Bus"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","type":"Microsoft.Authorization/policyDefinitions","name":"f8d36e2f-389b-4ee4-898d-21aeb69a0f45"},{"properties":{"displayName":"Diagnostic
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","type":"Microsoft.Authorization/policyDefinitions","name":"f8d36e2f-389b-4ee4-898d-21aeb69a0f45"},{"properties":{"displayName":"Microsoft
+ Managed Control 1203 - Access Restrictions For Change | Automated Access Enforcement
+ / Auditing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1203"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9012d14-e3e6-4d7b-b926-9f37b5537066","type":"Microsoft.Authorization/policyDefinitions","name":"f9012d14-e3e6-4d7b-b926-9f37b5537066"},{"properties":{"displayName":"Microsoft
+ Managed Control 1697 - Information System Monitoring | Analyze Traffic / Covert
+ Exfiltration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1697"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9873db2-18ad-46b3-a11a-1a1f8cbf0335","type":"Microsoft.Authorization/policyDefinitions","name":"f9873db2-18ad-46b3-a11a-1a1f8cbf0335"},{"properties":{"displayName":"Microsoft
+ Managed Control 1478 - Fire Protection | Suppression Devices / Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1478"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f997df46-cfbb-4cc8-aac8-3fecdaf6a183","type":"Microsoft.Authorization/policyDefinitions","name":"f997df46-cfbb-4cc8-aac8-3fecdaf6a183"},{"properties":{"displayName":"Microsoft
+ Managed Control 1535 - Personnel Sanctions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1535"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9a165d2-967d-4733-8399-1074270dae2e","type":"Microsoft.Authorization/policyDefinitions","name":"f9a165d2-967d-4733-8399-1074270dae2e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1108 - Content Of Audit Records | Additional Audit Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1108"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9ad559e-c12d-415e-9a78-e50fdd7da7ba","type":"Microsoft.Authorization/policyDefinitions","name":"f9ad559e-c12d-415e-9a78-e50fdd7da7ba"},{"properties":{"displayName":"Diagnostic
logs in Azure Stream Analytics should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Stream Analytics"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingJobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","type":"Microsoft.Authorization/policyDefinitions","name":"f9be5368-9bf5-4b84-9e0a-7850da98bb46"},{"properties":{"displayName":"[Preview]:
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingJobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","type":"Microsoft.Authorization/policyDefinitions","name":"f9be5368-9bf5-4b84-9e0a-7850da98bb46"},{"properties":{"displayName":"Latest
+ TLS version should be used in your Function App","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
+ to the latest TLS version","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","type":"Microsoft.Authorization/policyDefinitions","name":"f9d614c5-c173-4d56-95a7-b4437057d193"},{"properties":{"displayName":"Microsoft
+ Managed Control 1280 - Telecommunications Services | Priority Of Service Provisions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1280"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fa108498-b3a8-4ffb-9e79-1107e76afad3","type":"Microsoft.Authorization/policyDefinitions","name":"fa108498-b3a8-4ffb-9e79-1107e76afad3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1037 - Least Privilege | Network Access To Privileged Commands","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1037"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fa4c2a3d-1294-41a3-9ada-0e540471e9fb","type":"Microsoft.Authorization/policyDefinitions","name":"fa4c2a3d-1294-41a3-9ada-0e540471e9fb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1435 - Media Transport","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1435"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fa8d221b-d130-4637-ba16-501e666628bb","type":"Microsoft.Authorization/policyDefinitions","name":"fa8d221b-d130-4637-ba16-501e666628bb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1675 - Flaw Remediation | Time To Remediate Flaws / Benchmarks
+ For Corrective Actions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1675"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/facb66e0-1c48-478a-bed5-747a312323e1","type":"Microsoft.Authorization/policyDefinitions","name":"facb66e0-1c48-478a-bed5-747a312323e1"},{"properties":{"displayName":"Deploy
+ prerequisites to enable Guest Configuration Policy on Linux VMs.","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a system-assigned managed identity and deploys the VM extension
+ for Guest Configuration on Linux VMs. This is a prerequisites for Guest Configuration
+ Policy and must be assigned to the scope before using any Guest Configuration
+ policy. For more information on Guest Configuration policies, please visit
+ https://aka.ms/gcpol.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.Compute/virtualMachines/extensions","name":"AzurePolicyforLinux","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.GuestConfiguration"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"ConfigurationforLinux"}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"resources":[{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}}}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb27e9e0-526e-4ae1-89f2-a2a0bf0f8a50","type":"Microsoft.Authorization/policyDefinitions","name":"fb27e9e0-526e-4ae1-89f2-a2a0bf0f8a50"},{"properties":{"displayName":"Microsoft
+ Managed Control 1086 - Publicly Accessible Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1086"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb321e6f-16a0-4be3-878f-500956e309c5","type":"Microsoft.Authorization/policyDefinitions","name":"fb321e6f-16a0-4be3-878f-500956e309c5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1222 - Information System Component Inventory","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1222"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb39e62f-6bda-4558-8088-ec03d5670914","type":"Microsoft.Authorization/policyDefinitions","name":"fb39e62f-6bda-4558-8088-ec03d5670914"},{"properties":{"displayName":"[Preview]:
Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
your Kubernetes service cluster to a later Kubernetes version to protect against
known vulnerabilities in your current Kubernetes version. Vulnerability CVE-2019-9946
has been patched in Kubernetes versions 1.11.9+, 1.12.7+, 1.13.5+, and 1.14.0+","metadata":{"category":"Security
Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.13.4","1.13.3","1.13.2","1.13.1","1.13.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.12.6","1.12.5","1.12.4","1.12.3","1.12.2","1.12.1","1.12.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.11.8","1.11.7","1.11.6","1.11.5","1.11.4","1.11.3","1.11.2","1.11.1","1.11.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.10.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.9.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.8.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.7.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.6.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.5.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.4.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.3.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.2.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.1.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.0.*"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","type":"Microsoft.Authorization/policyDefinitions","name":"fb893a29-21bb-418c-a157-e99480ec364c"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.13.4","1.13.3","1.13.2","1.13.1","1.13.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.12.6","1.12.5","1.12.4","1.12.3","1.12.2","1.12.1","1.12.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.11.8","1.11.7","1.11.6","1.11.5","1.11.4","1.11.3","1.11.2","1.11.1","1.11.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.10.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.9.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.8.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.7.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.6.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.5.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.4.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.3.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.2.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.1.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.0.*"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","type":"Microsoft.Authorization/policyDefinitions","name":"fb893a29-21bb-418c-a157-e99480ec364c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1075 - Access Control For Mobile Devices | Full Device / Container-Based Encryption","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1075"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fc933d22-04df-48ed-8f87-22a3773d4309","type":"Microsoft.Authorization/policyDefinitions","name":"fc933d22-04df-48ed-8f87-22a3773d4309"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Microsoft Network Client''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -7140,7 +11081,35 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - Microsoft Network Client''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkClient","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fcbc55c9-f25a-4e55-a6cb-33acb3be778b","type":"Microsoft.Authorization/policyDefinitions","name":"fcbc55c9-f25a-4e55-a6cb-33acb3be778b"},{"properties":{"displayName":"Show
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkClient","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fcbc55c9-f25a-4e55-a6cb-33acb3be778b","type":"Microsoft.Authorization/policyDefinitions","name":"fcbc55c9-f25a-4e55-a6cb-33acb3be778b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1318 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1318"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fced5fda-3bdb-4d73-bfea-0e2c80428b66","type":"Microsoft.Authorization/policyDefinitions","name":"fced5fda-3bdb-4d73-bfea-0e2c80428b66"},{"properties":{"displayName":"Microsoft
+ Managed Control 1543 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1543"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd00b778-b5b5-49c0-a994-734ea7bd3624","type":"Microsoft.Authorization/policyDefinitions","name":"fd00b778-b5b5-49c0-a994-734ea7bd3624"},{"properties":{"displayName":"Microsoft
+ Managed Control 1707 - Security Alerts, Advisories, And Directives | Automated
+ Alerts And Advisories","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1707"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd4a2ac8-868a-4702-a345-6c896c3361ce","type":"Microsoft.Authorization/policyDefinitions","name":"fd4a2ac8-868a-4702-a345-6c896c3361ce"},{"properties":{"displayName":"Microsoft
+ Managed Control 1299 - Identification And Authentication Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1299"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd4e54f7-9ab0-4bae-b6cc-457809948a89","type":"Microsoft.Authorization/policyDefinitions","name":"fd4e54f7-9ab0-4bae-b6cc-457809948a89"},{"properties":{"displayName":"Microsoft
+ Managed Control 1627 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1627"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd73310d-76fc-422d-bda4-3a077149f179","type":"Microsoft.Authorization/policyDefinitions","name":"fd73310d-76fc-422d-bda4-3a077149f179"},{"properties":{"displayName":"Microsoft
+ Managed Control 1130 - Time Stamps | Synchronization With Authoritative Time
+ Source","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1130"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd7c4c1d-51ee-4349-9dab-89a7f8c8d102","type":"Microsoft.Authorization/policyDefinitions","name":"fd7c4c1d-51ee-4349-9dab-89a7f8c8d102"},{"properties":{"displayName":"Microsoft
+ Managed Control 1611 - Developer-Provided Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1611"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f","type":"Microsoft.Authorization/policyDefinitions","name":"fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1405 - Maintenance Tools | Inspect Tools","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1405"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b","type":"Microsoft.Authorization/policyDefinitions","name":"fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1613 - Developer Security Architecture And Design","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1613"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fe2ad78b-8748-4bff-a924-f74dfca93f30","type":"Microsoft.Authorization/policyDefinitions","name":"fe2ad78b-8748-4bff-a924-f74dfca93f30"},{"properties":{"displayName":"Show
audit results from Linux VMs that do not have the specified applications installed","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
@@ -7150,8 +11119,20 @@ interactions:
on your SQL databases should be remediated","policyType":"BuiltIn","mode":"Indexed","description":"Monitor
Vulnerability Assessment scan results and recommendations for how to remediate
database vulnerabilities.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Sql/servers/databases","Microsoft.Sql/managedinstances/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"sqlVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","type":"Microsoft.Authorization/policyDefinitions","name":"feedbf84-6b99-488c-acc2-71c829aa5ffc"},{"properties":{"displayName":"[Limited
- Preview]: Ensure containers listen only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Sql/servers/databases","Microsoft.Sql/managedinstances/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"sqlVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","type":"Microsoft.Authorization/policyDefinitions","name":"feedbf84-6b99-488c-acc2-71c829aa5ffc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1407 - Maintenance Tools | Prevent Unauthorized Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1407"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ff9fbd83-1d8d-4b41-aac2-94cb44b33976","type":"Microsoft.Authorization/policyDefinitions","name":"ff9fbd83-1d8d-4b41-aac2-94cb44b33976"},{"properties":{"displayName":"Microsoft
+ Managed Control 1158 - Security Authorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1158"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fff50cf2-28eb-45b4-b378-c99412688907","type":"Microsoft.Authorization/policyDefinitions","name":"fff50cf2-28eb-45b4-b378-c99412688907"},{"properties":{"displayName":"[Preview]:
+ Manage certificate validity period","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the maximum validity period for certificates in months.","metadata":{"category":"Key
+ Vault","preview":true},"parameters":{"maximumValidityInMonths":{"type":"Integer","metadata":{"displayName":"The
+ maximum validity in months","description":"The limit to how long a certificate
+ may be valid for. Certificates with lengthy validity periods aren''t best
+ practice."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/properties.validityInMonths","greater":"[parameters(''maximumValidityInMonths'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560","type":"Microsoft.Authorization/policyDefinitions","name":"0a075868-4c26-42ef-914c-5bc007359560"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Ensure containers listen only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces containers to listen only on allowed ports in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
@@ -7159,8 +11140,25 @@ interactions:
service"},"parameters":{"allowedContainerPortsRegex":{"type":"String","metadata":{"displayName":"Allowed
container ports regex","description":"Regex representing container ports allowed
in Kubernetes cluster. E.g. Regex for allowing ports 443,446 is ^(443|446)$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerAllowedPorts","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-allowed-ports/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedContainerPortsRegex":"[parameters(''allowedContainerPortsRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f636243-1b1c-4d50-880f-310f6199f2cb","type":"Microsoft.Authorization/policyDefinitions","name":"0f636243-1b1c-4d50-880f-310f6199f2cb"},{"properties":{"displayName":"[Limited
- Preview]: Enforce labels on pods in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerAllowedPorts","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-allowed-ports/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedContainerPortsRegex":"[parameters(''allowedContainerPortsRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f636243-1b1c-4d50-880f-310f6199f2cb","type":"Microsoft.Authorization/policyDefinitions","name":"0f636243-1b1c-4d50-880f-310f6199f2cb"},{"properties":{"displayName":"[Preview]:
+ Manage allowed certificate key types","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the allowed key types for certificates.","metadata":{"category":"Key
+ Vault","preview":true},"parameters":{"allowedKeyTypes":{"type":"Array","metadata":{"displayName":"Allowed
+ key types","description":"The list of allowed certificate key types."},"allowedValues":["RSA","RSA-HSM","EC","EC-HSM"],"defaultValue":["RSA","RSA-HSM"]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType","notIn":"[parameters(''allowedKeyTypes'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f","type":"Microsoft.Authorization/policyDefinitions","name":"1151cede-290b-4ba0-8b38-0ad145ac888f"},{"properties":{"displayName":"[Preview]:
+ Manage certificate lifetime action triggers","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the configuration for certificate lifetime action triggers
+ before certificate expiration.","metadata":{"category":"Key Vault","preview":true},"parameters":{"maximumPercentageLife":{"type":"Integer","metadata":{"displayName":"The
+ maximum lifetime percentage","description":"Enter the percentage of lifetime
+ of the certificate when you want to trigger the policy action. For example,
+ to trigger a policy action at 80% of the certificate''s valid life, enter
+ ''80''."}},"minimumDaysBeforeExpiry":{"type":"Integer","metadata":{"displayName":"The
+ minimum days before expiry","description":"Enter the days before expiration
+ of the certificate when you want to trigger the policy action. For example,
+ to trigger a policy action 90 days before the certificate''s expiration, enter
+ ''90''."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.daysBeforeExpiry","exists":"True"},{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.daysBeforeExpiry","less":"[parameters(''minimumDaysBeforeExpiry'')]"}]},{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.lifetimePercentage","exists":"True"},{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.lifetimePercentage","greater":"[parameters(''maximumPercentageLife'')]"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417","type":"Microsoft.Authorization/policyDefinitions","name":"12ef42cb-9903-4e39-9c26-422d29570417"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Enforce labels on pods in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces the specified labels are provided for pods in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
@@ -7168,8 +11166,20 @@ interactions:
service"},"parameters":{"commaSeparatedListOfLabels":{"type":"String","metadata":{"displayName":"Comma-separated
list of labels","description":"A comma-separated list of labels to be specified
on Pods in Kubernetes cluster. E.g. test1,test2"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"PodEnforceLabels","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/pod-enforce-labels/limited-preview/gatekeeperpolicy.rego","policyParameters":{"commaSeparatedListOfLabels":"[parameters(''commaSeparatedListOfLabels'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16c6ca72-89d2-4798-b87e-496f9de7fcb7","type":"Microsoft.Authorization/policyDefinitions","name":"16c6ca72-89d2-4798-b87e-496f9de7fcb7"},{"properties":{"displayName":"[Limited
- Preview]: Ensure services listen only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"PodEnforceLabels","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/pod-enforce-labels/limited-preview/gatekeeperpolicy.rego","policyParameters":{"commaSeparatedListOfLabels":"[parameters(''commaSeparatedListOfLabels'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16c6ca72-89d2-4798-b87e-496f9de7fcb7","type":"Microsoft.Authorization/policyDefinitions","name":"16c6ca72-89d2-4798-b87e-496f9de7fcb7"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Enforce HTTPS ingress in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces HTTPS ingress in a Kubernetes cluster. For instructions on
+ using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-https-only/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-https-only/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d","type":"Microsoft.Authorization/policyDefinitions","name":"1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Ensure services listen only on allowed ports in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces services to listen only on allowed ports in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"allowedServicePortsList":{"type":"Array","metadata":{"displayName":"Allowed
+ service ports list","description":"The list of service ports allowed in a
+ Kubernetes cluster."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/service-allowed-ports/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/service-allowed-ports/constraint.yaml","values":{"allowedServicePorts":"[parameters(''allowedServicePortsList'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/233a2a17-77ca-4fb1-9b6b-69223d272a44","type":"Microsoft.Authorization/policyDefinitions","name":"233a2a17-77ca-4fb1-9b6b-69223d272a44"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Ensure services listen only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces services to listen only on allowed ports in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
@@ -7178,14 +11188,34 @@ interactions:
service ports regex","description":"Regex representing service ports allowed
in Kubernetes cluster. E.g. Regex for allowing ports 443,446 is ^(443|446)$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ServiceAllowedPorts","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/service-allowed-ports/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedServicePortsRegex":"[parameters(''allowedServicePortsRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/25dee3db-6ce0-4c02-ab5d-245887b24077","type":"Microsoft.Authorization/policyDefinitions","name":"25dee3db-6ce0-4c02-ab5d-245887b24077"},{"properties":{"displayName":"[Limited
- Preview]: Enforce HTTPS ingress in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ Preview]: [AKS] Enforce HTTPS ingress in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces HTTPS ingress in an Azure Kubernetes Service cluster. Limited
Preview policies only work for registered subscriptions. To register, please
go to https://aka.ms/akspolicyonboarding. For instruction on using this policy,
please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"HttpsIngressOnly","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-https-only/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fbff515-eecc-4b7e-9b63-fcc7138b7dc3","type":"Microsoft.Authorization/policyDefinitions","name":"2fbff515-eecc-4b7e-9b63-fcc7138b7dc3"},{"properties":{"displayName":"[Limited
- Preview]: Ensure only allowed container images in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"HttpsIngressOnly","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-https-only/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fbff515-eecc-4b7e-9b63-fcc7138b7dc3","type":"Microsoft.Authorization/policyDefinitions","name":"2fbff515-eecc-4b7e-9b63-fcc7138b7dc3"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Enforce internal load balancers in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces load balancers do not have public IPs in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/load-balancer-no-public-ips/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/load-balancer-no-public-ips/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e","type":"Microsoft.Authorization/policyDefinitions","name":"3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Ensure containers listen only on allowed ports in Kubernetes
+ cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces containers to listen only on allowed ports in a Kubernetes
+ cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"allowedContainerPortsList":{"type":"Array","metadata":{"displayName":"Allowed
+ container ports list","description":"The list of container ports allowed in
+ a Kubernetes cluster."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-ports/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-ports/constraint.yaml","values":{"allowedContainerPorts":"[parameters(''allowedContainerPortsList'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/440b515e-a580-421e-abeb-b159a61ddcbc","type":"Microsoft.Authorization/policyDefinitions","name":"440b515e-a580-421e-abeb-b159a61ddcbc"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Enforce labels on pods in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces the specified labels are provided for pods in a Kubernetes
+ cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"labelsList":{"type":"Array","metadata":{"displayName":"List
+ of labels","description":"The list of labels to be specified on Pods in a
+ Kubernetes cluster."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/pod-enforce-labels/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/pod-enforce-labels/constraint.yaml","values":{"labels":"[parameters(''labelsList'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/46592696-4c7b-4bf3-9e45-6c2763bdc0a6","type":"Microsoft.Authorization/policyDefinitions","name":"46592696-4c7b-4bf3-9e45-6c2763bdc0a6"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Ensure only allowed container images in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy ensures only allowed container images are running in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
@@ -7195,55 +11225,123 @@ interactions:
allowed in Kubernetes cluster. E.g. Regex of azure container registry images
is ^.+azurecr.io/.+$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerAllowedImages","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-allowed-images/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedContainerImagesRegex":"[parameters(''allowedContainerImagesRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5f86cb6e-c4da-441b-807c-44bd0cc14e66","type":"Microsoft.Authorization/policyDefinitions","name":"5f86cb6e-c4da-441b-807c-44bd0cc14e66"},{"properties":{"displayName":"[Limited
- Preview]: Do not allow privileged containers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ Preview]: [AKS] Do not allow privileged containers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy does not allow privileged containers creation in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerNoPrivilege","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-no-privilege/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ce7ac02-a5c6-45d6-8d1b-844feb1c1531","type":"Microsoft.Authorization/policyDefinitions","name":"7ce7ac02-a5c6-45d6-8d1b-844feb1c1531"},{"properties":{"displayName":"[Limited
- Preview]: Ensure CPU and memory resource limits defined on containers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerNoPrivilege","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-no-privilege/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ce7ac02-a5c6-45d6-8d1b-844feb1c1531","type":"Microsoft.Authorization/policyDefinitions","name":"7ce7ac02-a5c6-45d6-8d1b-844feb1c1531"},{"properties":{"displayName":"[Preview]:
+ Manage certificates issued by an integrated CA","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages certificates are issued by a specified key vault integrated
+ Certificate Authority.","metadata":{"category":"Key Vault","preview":true},"parameters":{"allowedCAs":{"type":"Array","metadata":{"displayName":"Allowed
+ Azure Key Vault Supported CAs","description":"The list of allowed certificate
+ authorities supported by Azure Key Vault."},"allowedValues":["DigiCert","GlobalSign"],"defaultValue":["DigiCert","GlobalSign"]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/issuer.name","notIn":"[parameters(''allowedCAs'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82","type":"Microsoft.Authorization/policyDefinitions","name":"8e826246-c976-48f6-b03e-619bb92b3d82"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Do not allow privileged containers in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy does not allow privileged containers creation in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-no-privilege/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-no-privilege/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4","type":"Microsoft.Authorization/policyDefinitions","name":"95edb821-ddaf-4404-9732-666045e056b4"},{"properties":{"displayName":"[Preview]:
+ Manage certificates issued by a non-integrated CA","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages certificates are issued by a specified non-integrated Certificate
+ Authority.","metadata":{"category":"Key Vault","preview":true},"parameters":{"caCommonName":{"type":"String","metadata":{"displayName":"The
+ common name of the certificate authority","description":"The common name (CN)
+ of the Certificate Authority (CA) provider. For example, for an issuer CN
+ = Contoso, OU = .., DC = .., you can specify Contoso"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/issuer.commonName","notContains":"[parameters(''caCommonName'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341","type":"Microsoft.Authorization/policyDefinitions","name":"a22f4a40-01d3-4c7d-8071-da157eeff341"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Ensure CPU and memory resource limits defined on containers
+ in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy ensures CPU and memory resource limits are defined on containers in
an Azure Kubernetes Service cluster. Limited Preview policies only work for
registered subscriptions. To register, please go to https://aka.ms/akspolicyonboarding.
For instruction on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerResourceLimits","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-resource-limits/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2d3ed81-8d11-4079-80a5-1faadc0024f4","type":"Microsoft.Authorization/policyDefinitions","name":"a2d3ed81-8d11-4079-80a5-1faadc0024f4"},{"properties":{"displayName":"[Limited
- Preview]: Enforce internal load balancers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ Preview]: [AKS] Enforce internal load balancers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces load balancers do not have public IPs in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"LoadBalancersInternal","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/loadbalancer-no-publicips/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a74d8f00-2fd9-4ce4-968e-0ee1eb821698","type":"Microsoft.Authorization/policyDefinitions","name":"a74d8f00-2fd9-4ce4-968e-0ee1eb821698"},{"properties":{"displayName":"[Limited
- Preview]: Enforce unique ingress hostnames across namespaces in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"LoadBalancersInternal","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/loadbalancer-no-publicips/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a74d8f00-2fd9-4ce4-968e-0ee1eb821698","type":"Microsoft.Authorization/policyDefinitions","name":"a74d8f00-2fd9-4ce4-968e-0ee1eb821698"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Enforce unique ingress hostnames across namespaces in Kubernetes
+ cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces unique ingress hostnames across namespaces in a Kubernetes
+ cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-hostnames-conflict/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-hostnames-conflict/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b2fd3e59-6390-4f2b-8247-ea676bd03e2d","type":"Microsoft.Authorization/policyDefinitions","name":"b2fd3e59-6390-4f2b-8247-ea676bd03e2d"},{"properties":{"displayName":"[Preview]:
+ Manage allowed curve names for elliptic curve cryptography certificates","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the allowed elliptic curve names for elliptic curve cryptography
+ certificates.","metadata":{"category":"Key Vault","preview":true},"parameters":{"allowedECNames":{"type":"Array","metadata":{"displayName":"Allowed
+ elliptic curve names","description":"The list of allowed curve names for elliptic
+ curve cryptography certificates."},"allowedValues":["P-256","P-256K","P-384","P-521"],"defaultValue":["P-256","P-256K","P-384","P-521"]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType","in":["EC","EC-HSM"]},{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.ellipticCurveName","notIn":"[parameters(''allowedECNames'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf","type":"Microsoft.Authorization/policyDefinitions","name":"bd78111f-4953-4367-9fd5-7e08808b54bf"},{"properties":{"displayName":"[Preview]:
+ Manage minimum key size for RSA certificates","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the minimum key size for RSA certificates.","metadata":{"category":"Key
+ Vault","preview":true},"parameters":{"minimumRSAKeySize":{"type":"Integer","metadata":{"displayName":"Minimum
+ RSA key size","description":"The minimum key size for RSA certificates."},"allowedValues":[2048,3072,4096]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType","in":["RSA","RSA-HSM"]},{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keySize","less":"[parameters(''minimumRSAKeySize'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0","type":"Microsoft.Authorization/policyDefinitions","name":"cee51871-e572-4576-855c-047c820360f0"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Enforce unique ingress hostnames across namespaces in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces unique ingress hostnames across namespaces in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"UniqueIngressHostnames","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-hostnames-conflict/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d011d9f7-ba32-4005-b727-b3d09371ca60","type":"Microsoft.Authorization/policyDefinitions","name":"d011d9f7-ba32-4005-b727-b3d09371ca60"},{"properties":{"displayName":"audit
- tag perf test","policyType":"Custom","mode":"All","metadata":{},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"tagName","description":null}},"tagValue":{"type":"String","metadata":{"displayName":"tagValue","description":null}}},"policyRule":{"if":{"not":{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","equals":"[parameters(''tagValue'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/2b045b1b-f457-4358-aba2-cf8cff3c3136","type":"Microsoft.Authorization/policyDefinitions","name":"2b045b1b-f457-4358-aba2-cf8cff3c3136"},{"properties":{"displayName":"Audit
- if not perf test","policyType":"Custom","mode":"All","metadata":{"category":"PerfTest"},"policyRule":{"if":{"not":{"field":"tags.Test","equals":"Perf"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/audit-tags.shouldBePerfTest","type":"Microsoft.Authorization/policyDefinitions","name":"audit-tags.shouldBePerfTest"},{"properties":{"displayName":"Audit
- if not unit test","policyType":"Custom","mode":"All","metadata":{"category":"PerfTest"},"policyRule":{"if":{"not":{"field":"tags.Test","equals":"UnitTest"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/audit-tags.shouldBeUnitTest","type":"Microsoft.Authorization/policyDefinitions","name":"audit-tags.shouldBeUnitTest"},{"properties":{"displayName":"borgetTestPolicy","policyType":"Custom","mode":"Indexed","description":"Appends
- the specified tag and value when any resource which is missing this tag is
- created or updated. Does not modify the tags of resources created before this
- policy was applied until those resources are changed. Does not apply to resource
- groups.\n\nExcudes Disks","metadata":{"category":"General","createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-10T19:44:40.7912544Z","updatedBy":null,"updatedOn":null},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
- Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
- Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","exists":"false"},{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"type","notequals":"Microsoft.Compute/disks"}]},"then":{"effect":"append","details":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/borgetTestPolicy","type":"Microsoft.Authorization/policyDefinitions","name":"borgetTestPolicy"},{"properties":{"displayName":"Audit
- tag","policyType":"Custom","mode":"Indexed","description":"Audit a specified
- Tag key to be present without requiring a value or applying a default value.","metadata":{"createdBy":"611684ad-7140-4124-b482-8d031bdc553e","createdOn":"2019-06-13T15:55:32.9932893Z","updatedBy":"611684ad-7140-4124-b482-8d031bdc553e","updatedOn":"2019-06-13T17:54:27.1111611Z"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
- Name","description":"Name of the tag, such as environment"}}},"policyRule":{"if":{"field":"[concat(''tags.'',parameters(''tagName''))]","exists":false},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/gokmenhTestDefinition","type":"Microsoft.Authorization/policyDefinitions","name":"gokmenhTestDefinition"},{"properties":{"displayName":"Deny
- tag","policyType":"Custom","mode":"Indexed","description":"Deny a specified
- Tag key to be present without requiring a value or applying a default value.","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-08-05T22:32:52.3646544Z","updatedBy":null,"updatedOn":null},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
- Name","description":"Name of the tag, such as environment"}}},"policyRule":{"if":{"field":"[concat(''tags.'',parameters(''tagName''))]","exists":false},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/sandipTestDefinition","type":"Microsoft.Authorization/policyDefinitions","name":"sandipTestDefinition"},{"properties":{"displayName":"rohitbh
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"UniqueIngressHostnames","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-hostnames-conflict/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d011d9f7-ba32-4005-b727-b3d09371ca60","type":"Microsoft.Authorization/policyDefinitions","name":"d011d9f7-ba32-4005-b727-b3d09371ca60"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Ensure container CPU and memory resource limits do not exceed
+ the specified limits in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy ensures container CPU and memory resource limits are defined and do
+ not exceed the specified limits in a Kubernetes cluster. For instructions
+ on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"cpuLimit":{"type":"String","metadata":{"displayName":"Max
+ allowed CPU units","description":"The maximum CPU units allowed for a container.
+ E.g. 200m. For more information, please refer https://aka.ms/k8s-policy-pod-limits"}},"memoryLimit":{"type":"String","metadata":{"displayName":"Max
+ allowed memory bytes","description":"The maximum memory bytes allowed for
+ a container. E.g. 1Gi. For more information, please refer https://aka.ms/k8s-policy-pod-limits"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-resource-limits/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-resource-limits/constraint.yaml","values":{"cpuLimit":"[parameters(''cpuLimit'')]","memoryLimit":"[parameters(''memoryLimit'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e345eecc-fa47-480f-9e88-67dcc122b164","type":"Microsoft.Authorization/policyDefinitions","name":"e345eecc-fa47-480f-9e88-67dcc122b164"},{"properties":{"displayName":"[Preview]:
+ Manage certificates that are within a specified number of days of expiration","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages certificates that are within a specified number of days to
+ their expiration date.","metadata":{"category":"Key Vault","preview":true},"parameters":{"daysToExpire":{"type":"Integer","metadata":{"displayName":"Days
+ to expire","description":"The number of days for a certificate to expire."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/attributes.expiresOn","lessOrEquals":"[addDays(utcNow(),
+ parameters(''daysToExpire''))]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427","type":"Microsoft.Authorization/policyDefinitions","name":"f772fb64-8e40-40ad-87bc-7706e1949427"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Ensure only allowed container images in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy ensures only allowed container images are running in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"allowedContainerImagesRegex":{"type":"String","metadata":{"displayName":"Allowed
+ container images regex","description":"Regex representing container images
+ allowed in a Kubernetes cluster. E.g. Regex for azure container registry images
+ is ^.+azurecr.io/.+$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-images/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-images/constraint.yaml","values":{"allowedContainerImagesRegex":"[parameters(''allowedContainerImagesRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/febd0533-8e55-448f-b837-bd0e06f16469","type":"Microsoft.Authorization/policyDefinitions","name":"febd0533-8e55-448f-b837-bd0e06f16469"},{"properties":{"displayName":"Replace
+ tag without becoming compliant","policyType":"Custom","mode":"Indexed","description":"","metadata":{"category":"Tags","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-21T00:28:28.0537053Z","updatedBy":null,"updatedOn":null},"parameters":{},"policyRule":{"if":{"value":"true","equals":"true"},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"addOrReplace","field":"tags.mockTag","value":"mockValue"}]}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/270f0d11-af30-4c15-95f7-28ba884518f0","type":"Microsoft.Authorization/policyDefinitions","name":"270f0d11-af30-4c15-95f7-28ba884518f0"},{"properties":{"displayName":"rohitbh:
+ Key vault access policy","policyType":"Custom","mode":"All","description":"definition
+ description","metadata":{"createdBy":"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e","createdOn":"2019-03-26T00:11:44.907552Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-12T22:08:39.7776262Z"},"parameters":{"userObjectId":{"type":"String","metadata":{"displayName":"User
+ Object ID","description":"The GUID for the user which should have access"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"field":"Microsoft.Keyvault/vaults/accessPolicies[*].objectId","notEquals":"[parameters(''userObjectId'')]"}]},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.KeyVault/vaults","name":"current","deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"objectId":{"type":"string"},"keyVaultName":{"type":"string"},"secretsPermissions":{"type":"array","defaultValue":["list"]},"tenantId":{"type":"string"},"location":{"type":"string"},"sku":{"type":"object"},"existingAccessPolicies":{"type":"array","defaultValue":[]}},"variables":{"accessPolicies":[{"tenantId":"[parameters(''tenantId'')]","objectId":"[parameters(''objectId'')]","permissions":{"secrets":"[parameters(''secretsPermissions'')]"}}]},"resources":[{"type":"Microsoft.KeyVault/vaults","name":"[parameters(''keyVaultName'')]","location":"[parameters(''location'')]","apiVersion":"2018-02-14","properties":{"sku":"[parameters(''sku'')]","tenantId":"[parameters(''tenantId'')]","accessPolicies":"[concat(parameters(''existingAccessPolicies''),
+ variables(''accessPolicies''))]"}}]},"parameters":{"objectId":{"value":"[parameters(''userObjectId'')]"},"tenantId":{"value":"[field(''Microsoft.Keyvault/vaults/tenantId'')]"},"keyVaultName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"sku":{"value":"[field(''Microsoft.Keyvault/vaults/sku'')]"},"existingAccessPolicies":{"value":"[field(''Microsoft.Keyvault/vaults/accessPolicies'')]"}}}},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/f25e0fa2-a7c8-4377-a976-54943a77a395"]}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3863c624-094c-480d-bc42-74970b55e5e1","type":"Microsoft.Authorization/policyDefinitions","name":"3863c624-094c-480d-bc42-74970b55e5e1"},{"properties":{"displayName":"test_policyem3nif7gi","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T21:51:40.6097535Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ locations","description":"The list of locations that can be specified when
+ deploying resources"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policykavffx3v6","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policykavffx3v6"},{"properties":{"displayName":"testDisplay","policyType":"Custom","mode":"Indexed","description":"Updated
+ Unit test junk: sorry for littering. Please delete me!","metadata":{"testName":"testValue","createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-02T22:35:27.2634648Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-02T22:35:29.2696603Z"},"policyRule":{"if":{"source":"action","equals":"Microsoft.Resources/Subscriptions/ResourceGroups/write"},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ps7866","type":"Microsoft.Authorization/policyDefinitions","name":"ps7866"},{"properties":{"displayName":"robga
+ test modify","policyType":"Custom","mode":"Indexed","metadata":{"createdBy":"0dc80135-ae53-4da3-8695-220a2d93aad8","createdOn":"2019-08-06T13:52:23.9266854Z","updatedBy":"0dc80135-ae53-4da3-8695-220a2d93aad8","updatedOn":"2019-08-28T17:18:53.3118044Z"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"tags.testModify","exists":"false"}]},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"add","field":"tags.testModify","value":"addModifyOperation"}]}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/robgaTestModify","type":"Microsoft.Authorization/policyDefinitions","name":"robgaTestModify"},{"properties":{"displayName":"Audit
+ tag at MG","policyType":"Custom","mode":"All","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-19T21:02:29.3038974Z","updatedBy":null,"updatedOn":null},"parameters":{},"policyRule":{"if":{"not":{"field":"tags.Test","equals":"UnitTest"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/03ae6c12-b46a-43f1-9f3d-c20620473106","type":"Microsoft.Authorization/policyDefinitions","name":"03ae6c12-b46a-43f1-9f3d-c20620473106"},{"properties":{"displayName":"\"metadata\":
+ { \"category\": \"testResourcesGrid\" },","policyType":"Custom","mode":"All","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-19T20:48:36.8149755Z","updatedBy":null,"updatedOn":null},"parameters":{},"policyRule":{"if":{"not":{"field":"tags.testResourcesGrid","equals":"testResourcesGrid"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/4bba2e95-2749-431f-95ff-d032a3ae57f6","type":"Microsoft.Authorization/policyDefinitions","name":"4bba2e95-2749-431f-95ff-d032a3ae57f6"},{"properties":{"displayName":"CaleC
+ - Technical Owner Email Tag on RG","policyType":"Custom","mode":"All","metadata":{"category":"Test","createdBy":"b8890a11-51b6-457d-99f0-b36fde28fa4f","createdOn":"2019-11-13T21:16:37.0623117Z","updatedBy":null,"updatedOn":null},"parameters":{"namePattern":{"type":"String","metadata":{"displayName":"Pattern
+ matching","description":"Pattern to use for names. Can include wildcard (*)."}},"tagName":{"type":"String","metadata":{"displayName":"tagName","description":"Technical
+ Owner Email Address"},"defaultValue":"TechnicalOwnerEmail"}},"policyRule":{"if":{"allOf":[{"not":{"field":"[concat(''tags['',parameters(''tagName''),
+ '']'')]","like":"[parameters(''namePattern'')]"}},{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/54d50b8c-c4c6-4552-9e50-19925aedcf44","type":"Microsoft.Authorization/policyDefinitions","name":"54d50b8c-c4c6-4552-9e50-19925aedcf44"},{"properties":{"displayName":"rohitbh
def","policyType":"Custom","mode":"All","metadata":{"category":"Test","createdBy":"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e","createdOn":"2019-03-28T00:13:27.0393653Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/5b51a7de-acd9-42cd-81bd-32d9c01968e9","type":"Microsoft.Authorization/policyDefinitions","name":"5b51a7de-acd9-42cd-81bd-32d9c01968e9"},{"properties":{"displayName":"jilim
- audit subscriptions without security contacts","policyType":"Custom","mode":"All","metadata":{"createdBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","createdOn":"2019-06-07T20:59:59.7600143Z","updatedBy":null,"updatedOn":null},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/Subscriptions"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Security/securityContacts"}}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/67d90168-f067-43df-bd57-bca4b46df3a0","type":"Microsoft.Authorization/policyDefinitions","name":"67d90168-f067-43df-bd57-bca4b46df3a0"},{"properties":{"displayName":"jilim
+ audit subscriptions without security contacts","policyType":"Custom","mode":"All","metadata":{"createdBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","createdOn":"2019-06-07T20:59:59.7600143Z","updatedBy":null,"updatedOn":null},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/Subscriptions"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Security/securityContacts"}}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/67d90168-f067-43df-bd57-bca4b46df3a0","type":"Microsoft.Authorization/policyDefinitions","name":"67d90168-f067-43df-bd57-bca4b46df3a0"},{"properties":{"displayName":"Empty
+ deployment on each KeyVault resource","policyType":"Custom","mode":"Indexed","description":"Deploys
+ an empty deployment (with one output) on each KeyVault vault. Used for some
+ PolicyInsights SDK tests.","metadata":{"category":"SDK Tests","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-21T17:43:12.9974078Z","updatedBy":null,"updatedOn":null},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Authorization/policyAssignments","name":"notExists","roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/f25e0fa2-a7c8-4377-a976-54943a77a395"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[],"outputs":{"constantOutput":{"type":"string","value":"someConstantValue"}}}}}}}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/78a38c70-5549-49bd-8a16-fe3619e5d2cf","type":"Microsoft.Authorization/policyDefinitions","name":"78a38c70-5549-49bd-8a16-fe3619e5d2cf"},{"properties":{"displayName":"CaleC
+ - Ensure principal is member of role","policyType":"Custom","mode":"All","metadata":{"category":"Test","createdBy":"b8890a11-51b6-457d-99f0-b36fde28fa4f","createdOn":"2019-11-08T01:55:56.4678953Z","updatedBy":"b8890a11-51b6-457d-99f0-b36fde28fa4f","updatedOn":"2019-11-13T21:19:54.5769298Z"},"parameters":{"roleDefinitionId":{"type":"String","metadata":{"displayName":"Approved
+ Role Definition","description":"The role definition id to add the principal
+ to."}},"principalId":{"type":"String","metadata":{"displayName":"Principal
+ Id","description":"Principal Id to add to roles"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Authorization/roleDefinitions"},{"field":"name","equals":"[parameters(''roleDefinitionId'')]"}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Authorization/roleAssignments","deploymentScope":"subscription","existenceScope":"subscription","existenceCondition":{"allOf":[{"field":"Microsoft.Authorization/roleAssignments/principalId","equals":"[parameters(''principalId'')]"},{"field":"Microsoft.Authorization/roleAssignments/roleDefinitionId","equals":"[concat(subscription().id,
+ ''/providers/Microsoft.Authorization/roleDefinitions/'', parameters(''roleDefinitionId''))]"}]},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635"],"deployment":{"location":"eastus","properties":{"mode":"incremental","parameters":{"roleId":{"value":"[parameters(''roleDefinitionId'')]"},"principalId":{"value":"[parameters(''principalId'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"principalId":{"type":"string"},"roleId":{"type":"string"}},"resources":[{"name":"[guid(subscription().id,
+ parameters(''roleId''), parameters(''principalId''))]","type":"Microsoft.Authorization/roleAssignments","apiVersion":"2019-04-01-preview","properties":{"principalId":"[parameters(''principalId'')]","roleDefinitionId":"[concat(subscription().id,
+ ''/providers/Microsoft.Authorization/roleDefinitions/'', parameters(''roleId''))]"}}]}}}}}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/906ef7c2-27f9-48f4-b111-1f0aca8697cd","type":"Microsoft.Authorization/policyDefinitions","name":"906ef7c2-27f9-48f4-b111-1f0aca8697cd"},{"properties":{"displayName":"jilim
mg test 2","policyType":"Custom","mode":"All","metadata":{"createdBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","createdOn":"2019-04-01T18:34:15.5651057Z","updatedBy":null,"updatedOn":null},"policyRule":{"if":{"source":"action","equals":"Microsoft.Compute/virtualMachines/write"},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/jilim
mg test 2","type":"Microsoft.Authorization/policyDefinitions","name":"jilim
mg test 2"},{"properties":{"displayName":"jilim mg test","policyType":"Custom","mode":"All","metadata":{"createdBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","createdOn":"2019-04-01T18:00:41.0087033Z","updatedBy":null,"updatedOn":null},"policyRule":{"if":{"source":"action","equals":"Microsoft.Compute/virtualMachines/write"},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/jilimmgtest","type":"Microsoft.Authorization/policyDefinitions","name":"jilimmgtest"}]}'
@@ -7251,11 +11349,11 @@ interactions:
cache-control:
- no-cache
content-length:
- - '882235'
+ - '1645036'
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:57:37 GMT
+ - Fri, 06 Dec 2019 22:31:19 GMT
expires:
- '-1'
pragma:
@@ -7283,23 +11381,52 @@ interactions:
Connection:
- keep-alive
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions?api-version=2019-09-01
response:
body:
- string: '{"value":[{"properties":{"displayName":"Audit virtual machines without
- disaster recovery configured","policyType":"BuiltIn","mode":"All","description":"Audit
+ string: '{"value":[{"properties":{"displayName":"Microsoft Managed Control 1599
+ - Developer Configuration Management | Software / Firmware Integrity Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1599"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0004bbf0-5099-4179-869e-e9ffe5fb0945","type":"Microsoft.Authorization/policyDefinitions","name":"0004bbf0-5099-4179-869e-e9ffe5fb0945"},{"properties":{"displayName":"Audit
+ virtual machines without disaster recovery configured","policyType":"BuiltIn","mode":"All","description":"Audit
virtual machines which do not have disaster recovery configured. To learn
more about disaster recovery, visit https://aka.ms/asr-doc.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Resources/links","existenceCondition":{"field":"name","like":"ASR-Protect-*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","type":"Microsoft.Authorization/policyDefinitions","name":"0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56"},{"properties":{"displayName":"[Deprecated]:
Audit Web Sockets state for a Function App","policyType":"BuiltIn","mode":"All","description":"The
Web Sockets protocol is vulnerable to different types of security threats.
Use of Web Sockets within an Function app must be carefully reviewed.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd","type":"Microsoft.Authorization/policyDefinitions","name":"001802d1-4969-4c82-a700-c29c6c6f9bbd"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd","type":"Microsoft.Authorization/policyDefinitions","name":"001802d1-4969-4c82-a700-c29c6c6f9bbd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1375 - Incident Response Assistance | Automation Support For
+ Availability Of Information / Support","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1375"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/00379355-8932-4b52-b63a-3bc6daf3451a","type":"Microsoft.Authorization/policyDefinitions","name":"00379355-8932-4b52-b63a-3bc6daf3451a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1605 - Developer Security Testing And Evaluation | Static
+ Code Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1605"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0062eb8b-dc75-4718-8ea5-9bb4a9606655","type":"Microsoft.Authorization/policyDefinitions","name":"0062eb8b-dc75-4718-8ea5-9bb4a9606655"},{"properties":{"displayName":"Microsoft
+ Managed Control 1142 - Security Assessment And Authorization Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1142"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/01524fa8-4555-48ce-ba5f-c3b8dcef5147","type":"Microsoft.Authorization/policyDefinitions","name":"01524fa8-4555-48ce-ba5f-c3b8dcef5147"},{"properties":{"displayName":"Microsoft
+ Managed Control 1099 - Security Training Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1099"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/01910bab-8639-4bd0-84ef-cc53b24d79ba","type":"Microsoft.Authorization/policyDefinitions","name":"01910bab-8639-4bd0-84ef-cc53b24d79ba"},{"properties":{"displayName":"Microsoft
+ Managed Control 1285 - Telecommunications Services | Provider Contingency
+ Plan","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1285"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/01f7726b-db54-45c2-bcb5-9bd7a43796ee","type":"Microsoft.Authorization/policyDefinitions","name":"01f7726b-db54-45c2-bcb5-9bd7a43796ee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1709 - Security Function Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1709"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/025992d6-7fee-4137-9bbf-2ffc39c0686c","type":"Microsoft.Authorization/policyDefinitions","name":"025992d6-7fee-4137-9bbf-2ffc39c0686c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1052 - Session Lock","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1052"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/027cae1c-ec3e-4492-9036-4168d540c42a","type":"Microsoft.Authorization/policyDefinitions","name":"027cae1c-ec3e-4492-9036-4168d540c42a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1034 - Least Privilege","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1034"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02a5ed00-6d2e-4e97-9a98-46c32c057329","type":"Microsoft.Authorization/policyDefinitions","name":"02a5ed00-6d2e-4e97-9a98-46c32c057329"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs on which the remote host connection status
does not match the specified one","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -7307,12 +11434,68 @@ interactions:
auditing Windows virtual machines on which the remote host connection status
does not match the specified one. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsRemoteConnection","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02a84be7-c304-421f-9bb7-5d2c26af54ad","type":"Microsoft.Authorization/policyDefinitions","name":"02a84be7-c304-421f-9bb7-5d2c26af54ad"},{"properties":{"displayName":"SQL
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsRemoteConnection","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02a84be7-c304-421f-9bb7-5d2c26af54ad","type":"Microsoft.Authorization/policyDefinitions","name":"02a84be7-c304-421f-9bb7-5d2c26af54ad"},{"properties":{"displayName":"Microsoft
+ Managed Control 1623 - Boundary Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1623"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02ce1b22-412a-4528-8630-c42146f917ed","type":"Microsoft.Authorization/policyDefinitions","name":"02ce1b22-412a-4528-8630-c42146f917ed"},{"properties":{"displayName":"Microsoft
+ Managed Control 1515 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1515"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02dd141a-a2b2-49a7-bcbd-ca31142f6211","type":"Microsoft.Authorization/policyDefinitions","name":"02dd141a-a2b2-49a7-bcbd-ca31142f6211"},{"properties":{"displayName":"Microsoft
+ Managed Control 1327 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1327"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03188d8f-1ae5-4fe1-974d-2d7d32ef937d","type":"Microsoft.Authorization/policyDefinitions","name":"03188d8f-1ae5-4fe1-974d-2d7d32ef937d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1229 - Information System Component Inventory | No Duplicate
+ Accounting Of Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1229"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03752212-103c-4ab8-a306-7e813022ca9d","type":"Microsoft.Authorization/policyDefinitions","name":"03752212-103c-4ab8-a306-7e813022ca9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1123 - Audit Review, Analysis, And Reporting | Audit Level
+ Adjustment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1123"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03996055-37a4-45a5-8b70-3f1caa45f87d","type":"Microsoft.Authorization/policyDefinitions","name":"03996055-37a4-45a5-8b70-3f1caa45f87d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1474 - Emergency Power | Long-Term Alternate Power Supply
+ - Minimal Operational Capability","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1474"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03ad326e-d7a1-44b1-9a76-e17492efc9e4","type":"Microsoft.Authorization/policyDefinitions","name":"03ad326e-d7a1-44b1-9a76-e17492efc9e4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1227 - Information System Component Inventory | Automated
+ Unauthorized Component Detection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1227"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03b78f5e-4877-4303-b0f4-eb6583f25768","type":"Microsoft.Authorization/policyDefinitions","name":"03b78f5e-4877-4303-b0f4-eb6583f25768"},{"properties":{"displayName":"Microsoft
+ Managed Control 1361 - Incident Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1361"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03ed3be1-7276-4452-9a5d-e4168565ac67","type":"Microsoft.Authorization/policyDefinitions","name":"03ed3be1-7276-4452-9a5d-e4168565ac67"},{"properties":{"displayName":"Microsoft
+ Managed Control 1594 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1594"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/042ba2a1-8bb8-45f4-b080-c78cf62b90e9","type":"Microsoft.Authorization/policyDefinitions","name":"042ba2a1-8bb8-45f4-b080-c78cf62b90e9"},{"properties":{"displayName":"SQL
managed instance TDE protector should be encrypted with your own key","policyType":"BuiltIn","mode":"Indexed","description":"Transparent
Data Encryption (TDE) with your own key support provides increased transparency
and control over the TDE Protector, increased security with an HSM-backed
external service, and promotion of separation of duties.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/encryptionProtector","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/managedInstances/encryptionProtector/serverKeyType","equals":"AzureKeyVault"},{"field":"Microsoft.Sql/managedInstances/encryptionProtector/uri","notEquals":""},{"field":"Microsoft.Sql/managedInstances/encryptionProtector/uri","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","type":"Microsoft.Authorization/policyDefinitions","name":"048248b0-55cd-46da-b1ff-39efd52db260"},{"properties":{"displayName":"[Preview]:
+ Network traffic data collection agent should be installed on Linux virtual
+ machines","policyType":"BuiltIn","mode":"Indexed","description":"Security
+ Center uses the Microsoft Monitoring Dependency Agent to collect network traffic
+ data from your Azure virtual machines to enable advanced network protection
+ features such as traffic visualization on the network map, network hardening
+ recommendations and specific network threats.","metadata":{"category":"Monitoring","preview":"true"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable Dependency Agent for Linux VMs monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/04c4380f-3fae-46e8-96c9-30193528f602","type":"Microsoft.Authorization/policyDefinitions","name":"04c4380f-3fae-46e8-96c9-30193528f602"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Service Bus to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Service Bus to stream to a regional Log Analytics
+ workspace when any Service Bus which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.ServiceBus/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e","type":"Microsoft.Authorization/policyDefinitions","name":"04d53d87-841c-4f23-8a5b-21564380b55e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1572 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1572"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/04f5fb00-80bb-48a9-a75b-4cb4d4c97c36","type":"Microsoft.Authorization/policyDefinitions","name":"04f5fb00-80bb-48a9-a75b-4cb4d4c97c36"},{"properties":{"displayName":"[Preview]:
Deploy Log Analytics Agent for Linux VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined
and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log
@@ -7325,19 +11508,60 @@ interactions:
''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77","type":"Microsoft.Authorization/policyDefinitions","name":"053d3325-282c-4e5c-b944-24faffd30d77"},{"properties":{"displayName":"Diagnostic
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77","type":"Microsoft.Authorization/policyDefinitions","name":"053d3325-282c-4e5c-b944-24faffd30d77"},{"properties":{"displayName":"Microsoft
+ Managed Control 1331 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1331"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05460fe2-301f-4ed1-8174-d62c8bb92ff4","type":"Microsoft.Authorization/policyDefinitions","name":"05460fe2-301f-4ed1-8174-d62c8bb92ff4"},{"properties":{"displayName":"Vulnerability
+ Assessment settings for SQL server should contain an email address to receive
+ scan reports","policyType":"BuiltIn","mode":"Indexed","description":"Ensure
+ that an email address is provided for the ''Send scan reports to'' field in
+ the Vulnerability Assessment settings. This email address receives scan result
+ summary after a periodic scan runs on SQL servers.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/vulnerabilityAssessments/default.recurringScans.emails[*]","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9","type":"Microsoft.Authorization/policyDefinitions","name":"057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9"},{"properties":{"displayName":"Diagnostic
logs in Azure Data Lake Store should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Data Lake"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","type":"Microsoft.Authorization/policyDefinitions","name":"057ef27e-665e-4328-8ea3-04b3122bd9fb"},{"properties":{"displayName":"Audit
- SQL DB Level Audit Setting","policyType":"BuiltIn","mode":"All","description":"Audit
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","type":"Microsoft.Authorization/policyDefinitions","name":"057ef27e-665e-4328-8ea3-04b3122bd9fb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1132 - Protection Of Audit Information | Audit Backup On Separate
+ Physical Systems / Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1132"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05938e10-cdbd-4a54-9b2b-1cbcfc141ad0","type":"Microsoft.Authorization/policyDefinitions","name":"05938e10-cdbd-4a54-9b2b-1cbcfc141ad0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1223 - Information System Component Inventory","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1223"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a","type":"Microsoft.Authorization/policyDefinitions","name":"05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1640 - Transmission Confidentiality And Integrity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1640"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05a289ce-6a20-4b75-a0f3-dc8601b6acd0","type":"Microsoft.Authorization/policyDefinitions","name":"05a289ce-6a20-4b75-a0f3-dc8601b6acd0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1420 - Maintenance Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1420"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05ae08cc-a282-413b-90c7-21a2c60b8404","type":"Microsoft.Authorization/policyDefinitions","name":"05ae08cc-a282-413b-90c7-21a2c60b8404"},{"properties":{"displayName":"Microsoft
+ Managed Control 1658 - Secure Name / Address Resolution Service (Recursive
+ Or Caching Resolver)","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1658"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/063b540e-4bdc-4e7a-a569-3a42ddf22098","type":"Microsoft.Authorization/policyDefinitions","name":"063b540e-4bdc-4e7a-a569-3a42ddf22098"},{"properties":{"displayName":"Microsoft
+ Managed Control 1688 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1688"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/063c3f09-e0f0-4587-8fd5-f4276fae675f","type":"Microsoft.Authorization/policyDefinitions","name":"063c3f09-e0f0-4587-8fd5-f4276fae675f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1332 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1332"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/068260be-a5e6-4b0a-a430-cd27071c226a","type":"Microsoft.Authorization/policyDefinitions","name":"068260be-a5e6-4b0a-a430-cd27071c226a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1455 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1455"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/068a88d4-e520-434e-baf0-9005a8164e6a","type":"Microsoft.Authorization/policyDefinitions","name":"068a88d4-e520-434e-baf0-9005a8164e6a"},{"properties":{"displayName":"[Deprecated]:
+ Audit SQL DB Level Audit Setting","policyType":"BuiltIn","mode":"All","description":"Audit
DB level audit setting for SQL databases","metadata":{"category":"SQL","deprecated":true},"parameters":{"setting":{"type":"String","metadata":{"displayName":"Audit
Setting"},"allowedValues":["enabled","disabled"]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Sql/servers/databases/auditingSettings","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/auditingSettings.state","equals":"[parameters(''setting'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"Audit
VMs that do not use managed disks","policyType":"BuiltIn","mode":"All","description":"This
- policy audits VMs that do not use managed disks","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/virtualMachines/osDisk.uri","exists":"True"}]},{"allOf":[{"field":"type","equals":"Microsoft.Compute/VirtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers","exists":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl","exists":"True"}]}]}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a4d"},{"properties":{"displayName":"CORS
+ policy audits VMs that do not use managed disks","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/virtualMachines/osDisk.uri","exists":"True"}]},{"allOf":[{"field":"type","equals":"Microsoft.Compute/VirtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers","exists":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl","exists":"True"}]}]}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a4d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1366 - Incident Handling | Information Correlation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1366"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06c45c30-ae44-4f0f-82be-41331da911cc","type":"Microsoft.Authorization/policyDefinitions","name":"06c45c30-ae44-4f0f-82be-41331da911cc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1633 - Boundary Protection | Route Traffic To Authenticated
+ Proxy Servers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1633"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/07557aa0-e02f-4460-9a81-8ecd2fed601a","type":"Microsoft.Authorization/policyDefinitions","name":"07557aa0-e02f-4460-9a81-8ecd2fed601a"},{"properties":{"displayName":"CORS
should not allow every resource to access your Function Apps","policyType":"BuiltIn","mode":"Indexed","description":"Cross-Origin
Resource Sharing (CORS) should not allow all domains to access your Function
app. Allow only required domains to interact with your Function app.","metadata":{"category":"App
@@ -7356,12 +11580,30 @@ interactions:
''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c","type":"Microsoft.Authorization/policyDefinitions","name":"0868462e-646c-4fe3-9ced-a733534b6a2c"},{"properties":{"displayName":"[Deprecated]:
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c","type":"Microsoft.Authorization/policyDefinitions","name":"0868462e-646c-4fe3-9ced-a733534b6a2c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1583 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1583"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0882d488-8e80-4466-bc0f-0cd15b6cb66d","type":"Microsoft.Authorization/policyDefinitions","name":"0882d488-8e80-4466-bc0f-0cd15b6cb66d"},{"properties":{"displayName":"[Deprecated]:
Audit Web Applications that are not using latest supported PHP Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported PHP version for the latest security classes. Using older
classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c","type":"Microsoft.Authorization/policyDefinitions","name":"08b17839-76c6-4015-90e0-33d9d54d219c"},{"properties":{"displayName":"Network
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c","type":"Microsoft.Authorization/policyDefinitions","name":"08b17839-76c6-4015-90e0-33d9d54d219c"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Search Services to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Search Services to stream to a regional Log Analytics
+ workspace when any Search Services which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Search/searchServices/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d","type":"Microsoft.Authorization/policyDefinitions","name":"08ba64b8-738f-4918-9686-730d2ed79c7d"},{"properties":{"displayName":"Network
Security Group Rules for Internet facing virtual machines should be hardened","policyType":"BuiltIn","mode":"Indexed","description":"Azure
Security Center analyzes the traffic patterns of Internet facing virtual machines
and provides Network Security Group rule recommendations that reduce the potential
@@ -7370,11 +11612,50 @@ interactions:
should be more than one owner assigned to your subscription","policyType":"BuiltIn","mode":"All","description":"It
is recommended to designate more than one subscription owner in order to have
administrator access redundancy.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateMoreThanOneOwner","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","type":"Microsoft.Authorization/policyDefinitions","name":"09024ccc-0c5f-475e-9457-b7c0d9ed487b"},{"properties":{"displayName":"Disk
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateMoreThanOneOwner","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","type":"Microsoft.Authorization/policyDefinitions","name":"09024ccc-0c5f-475e-9457-b7c0d9ed487b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1159 - Security Authorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1159"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0925f098-7877-450b-8ba4-d1e55f2d8795","type":"Microsoft.Authorization/policyDefinitions","name":"0925f098-7877-450b-8ba4-d1e55f2d8795"},{"properties":{"displayName":"Disk
encryption should be applied on virtual machines","policyType":"BuiltIn","mode":"All","description":"VMs
without an enabled disk encryption will be monitored by Azure Security Center
as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","type":"Microsoft.Authorization/policyDefinitions","name":"0961003e-5a0a-4549-abde-af6a37f2724d"},{"properties":{"displayName":"Audit
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","type":"Microsoft.Authorization/policyDefinitions","name":"0961003e-5a0a-4549-abde-af6a37f2724d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1302 - Identification And Authentication (Org. Users) | Network
+ Access To Non-Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1302"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09828c65-e323-422b-9774-9d5c646124da","type":"Microsoft.Authorization/policyDefinitions","name":"09828c65-e323-422b-9774-9d5c646124da"},{"properties":{"displayName":"Configure
+ backup on VMs of a location to an existing central Vault in the same location","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy configures Azure Backup protection on VMs in a given location to an
+ existing central vault in the same location. It applies to only those VMs
+ that are not already configured for backup. It is recommended that this policy
+ is assigned to not more than 200 VMs. If the policy is assigned for more than
+ 200 VMs, it can result in the backup getting triggered a few hours beyond
+ the defined schedule. This policy will be enhanced to support more VM images.","metadata":{"category":"Backup"},"parameters":{"vaultLocation":{"type":"String","metadata":{"displayName":"Location
+ (Specify the location of the VMs that you want to protect)","description":"Specify
+ the location of the VMs that you want to protect. VMs should be backed up
+ to a vault in the same location.\nFor example - southeastasia","strongType":"location"}},"backupPolicyId":{"type":"String","metadata":{"displayName":"Backup
+ Policy (of type Azure VM from a vault in the location chosen above)","description":"Specify
+ the id of the Azure backup policy to configure backup of the virtual machines.
+ The selected Azure backup policy should be of type Azure virtual machine.
+ This policy needs to be in a vault that is present in the location chosen
+ above.\nFor example - /subscriptions//resourceGroups//providers/Microsoft.RecoveryServices/vaults//backupPolicies/","strongType":"Microsoft.RecoveryServices/vaults/backupPolicies"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["deployIfNotExists","auditIfNotExists","disabled"],"defaultValue":"deployIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"location","equals":"[parameters(''vaultLocation'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c","/providers/microsoft.authorization/roleDefinitions/5e467623-bb1f-42f4-a55d-6e525e11384b"],"type":"Microsoft.RecoveryServices/backupprotecteditems","deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"backupPolicyId":{"type":"String"},"fabricName":{"type":"String"},"protectionContainers":{"type":"String"},"protectedItems":{"type":"String"},"sourceResourceId":{"type":"String"}},"resources":[{"apiVersion":"2017-05-10","name":"[concat(''DeployProtection-'',uniqueString(parameters(''protectedItems'')))]","type":"Microsoft.Resources/deployments","resourceGroup":"[first(skip(split(parameters(''backupPolicyId''),
+ ''/''), 4))]","subscriptionId":"[first(skip(split(parameters(''backupPolicyId''),
+ ''/''), 2))]","properties":{"mode":"Incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"backupPolicyId":{"type":"String"},"fabricName":{"type":"String"},"protectionContainers":{"type":"String"},"protectedItems":{"type":"String"},"sourceResourceId":{"type":"String"}},"resources":[{"type":"Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems","name":"[concat(first(skip(split(parameters(''backupPolicyId''),
+ ''/''), 8)), ''/'', parameters(''fabricName''), ''/'',parameters(''protectionContainers''),
+ ''/'', parameters(''protectedItems''))]","apiVersion":"2016-06-01","properties":{"protectedItemType":"Microsoft.Compute/virtualMachines","policyId":"[parameters(''backupPolicyId'')]","sourceResourceId":"[parameters(''sourceResourceId'')]"}}]},"parameters":{"backupPolicyId":{"value":"[parameters(''backupPolicyId'')]"},"fabricName":{"value":"[parameters(''fabricName'')]"},"protectionContainers":{"value":"[parameters(''protectionContainers'')]"},"protectedItems":{"value":"[parameters(''protectedItems'')]"},"sourceResourceId":{"value":"[parameters(''sourceResourceId'')]"}}}}]},"parameters":{"backupPolicyId":{"value":"[parameters(''backupPolicyId'')]"},"fabricName":{"value":"Azure"},"protectionContainers":{"value":"[concat(''iaasvmcontainer;iaasvmcontainerv2;'',
+ resourceGroup().name, '';'' ,field(''name''))]"},"protectedItems":{"value":"[concat(''vm;iaasvmcontainerv2;'',
+ resourceGroup().name, '';'' ,field(''name''))]"},"sourceResourceId":{"value":"[concat(''/subscriptions/'',
+ subscription().subscriptionId, ''/resourceGroups/'', resourceGroup().name,
+ ''/providers/Microsoft.Compute/virtualMachines/'',field(''name''))]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09ce66bc-1220-4153-8104-e3f51c936913","type":"Microsoft.Authorization/policyDefinitions","name":"09ce66bc-1220-4153-8104-e3f51c936913"},{"properties":{"displayName":"Microsoft
+ Managed Control 1654 - Voice Over Internet Protocol","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1654"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a2ee16e-ab1f-414a-800b-d1608835862b","type":"Microsoft.Authorization/policyDefinitions","name":"0a2ee16e-ab1f-414a-800b-d1608835862b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1402 - Controlled Maintenance | Automated Maintenance Activities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1402"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a560d32-8075-4fec-9615-9f7c853f4ea9","type":"Microsoft.Authorization/policyDefinitions","name":"0a560d32-8075-4fec-9615-9f7c853f4ea9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1428 - Media Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1428"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a77fcc7-b8d8-451a-ab52-56197913c0c7","type":"Microsoft.Authorization/policyDefinitions","name":"0a77fcc7-b8d8-451a-ab52-56197913c0c7"},{"properties":{"displayName":"Audit
resource location matches resource group location","policyType":"BuiltIn","mode":"Indexed","description":"Audit
that the resource location matches its resource group location","metadata":{"category":"General"},"policyRule":{"if":{"field":"location","notIn":["[resourcegroup().location]","global"]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a","type":"Microsoft.Authorization/policyDefinitions","name":"0a914e76-4921-4c19-b460-a2d36003525a"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
@@ -7387,13 +11668,26 @@ interactions:
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesAccountManagement","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesAccountManagement"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29","type":"Microsoft.Authorization/policyDefinitions","name":"0a9991e6-21be-49f9-8916-a06d934bcf29"},{"properties":{"displayName":"Email
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29","type":"Microsoft.Authorization/policyDefinitions","name":"0a9991e6-21be-49f9-8916-a06d934bcf29"},{"properties":{"displayName":"Microsoft
+ Managed Control 1044 - Unsuccessful Logon Attempts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1044"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0abbac52-57cf-450d-8408-1208d0dd9e90","type":"Microsoft.Authorization/policyDefinitions","name":"0abbac52-57cf-450d-8408-1208d0dd9e90"},{"properties":{"displayName":"Microsoft
+ Managed Control 1253 - Contingency Plan | Resume Essential Missions / Business
+ Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1253"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0afce0b3-dd9f-42bb-af28-1e4284ba8311","type":"Microsoft.Authorization/policyDefinitions","name":"0afce0b3-dd9f-42bb-af28-1e4284ba8311"},{"properties":{"displayName":"Email
notification to subscription owner for high severity alerts should be enabled","policyType":"BuiltIn","mode":"All","description":"Enable
emailing security alerts to the subscription owner, in order to have them
receive security alert emails from Microsoft. This ensures that they are aware
of any potential security issues and can mitigate the risk in a timely fashion","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertsToAdmins","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","type":"Microsoft.Authorization/policyDefinitions","name":"0b15565f-aa9e-48ba-8619-45960f2c314d"},{"properties":{"displayName":"Key
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertsToAdmins","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","type":"Microsoft.Authorization/policyDefinitions","name":"0b15565f-aa9e-48ba-8619-45960f2c314d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1046 - Automatic Account Lock | Purge / Wipe Mobile Device","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1046"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b1aa965-7502-41f9-92be-3e2fe7cc392a","type":"Microsoft.Authorization/policyDefinitions","name":"0b1aa965-7502-41f9-92be-3e2fe7cc392a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1020 - Account Management | Role-Based Schemes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1020"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b291ee8-3140-4cad-beb7-568c077c78ce","type":"Microsoft.Authorization/policyDefinitions","name":"0b291ee8-3140-4cad-beb7-568c077c78ce"},{"properties":{"displayName":"Key
Vault objects should be recoverable","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits if key vault objects are not recoverable. Soft Delete feature
helps to effectively hold the resources for a given retention period (90 days)
@@ -7402,19 +11696,51 @@ interactions:
state cannot be purged until the retention period of 90 days has passed. These
vaults and objects can still be recovered, assuring customers that the retention
policy will be followed.","metadata":{"category":"Key Vault"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"anyOf":[{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","equals":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","type":"Microsoft.Authorization/policyDefinitions","name":"0b60c0b2-2dc2-4e1c-b5c9-abbed971de53"},{"properties":{"displayName":"SQL
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"anyOf":[{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","equals":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","type":"Microsoft.Authorization/policyDefinitions","name":"0b60c0b2-2dc2-4e1c-b5c9-abbed971de53"},{"properties":{"displayName":"Microsoft
+ Managed Control 1115 - Audit Review, Analysis, And Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1115"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b653845-2ad9-4e09-a4f3-5a7c1d78353d","type":"Microsoft.Authorization/policyDefinitions","name":"0b653845-2ad9-4e09-a4f3-5a7c1d78353d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1239 - User-Installed Software","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1239"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0be51298-f643-4556-88af-d7db90794879","type":"Microsoft.Authorization/policyDefinitions","name":"0be51298-f643-4556-88af-d7db90794879"},{"properties":{"displayName":"Ensure
+ API app has ''Client Certificates (Incoming client certificates)'' set to
+ ''On''","policyType":"BuiltIn","mode":"Indexed","description":"Client certificates
+ allow for the app to request a certificate for incoming requests. Only clients
+ that have a valid certificate will be able to reach the app.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"},{"field":"Microsoft.Web/sites/clientCertEnabled","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886","type":"Microsoft.Authorization/policyDefinitions","name":"0c192fe8-9cbb-4516-85b3-0ade8bd03886"},{"properties":{"displayName":"Microsoft
+ Managed Control 1496 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1496"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0ca96127-2f87-46ab-a4fc-0d2a786df1c8","type":"Microsoft.Authorization/policyDefinitions","name":"0ca96127-2f87-46ab-a4fc-0d2a786df1c8"},{"properties":{"displayName":"SQL
server TDE protector should be encrypted with your own key","policyType":"BuiltIn","mode":"Indexed","description":"Transparent
Data Encryption (TDE) with your own key support provides increased transparency
and control over the TDE Protector, increased security with an HSM-backed
external service, and promotion of separation of duties.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/encryptionProtector","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/servers/encryptionProtector/serverKeyType","equals":"AzureKeyVault"},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","notEquals":""},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","type":"Microsoft.Authorization/policyDefinitions","name":"0d134df8-db83-46fb-ad72-fe0c9428c8dd"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/encryptionProtector","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/servers/encryptionProtector/serverKeyType","equals":"AzureKeyVault"},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","notEquals":""},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","type":"Microsoft.Authorization/policyDefinitions","name":"0d134df8-db83-46fb-ad72-fe0c9428c8dd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1518 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1518"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d58f734-c052-40e9-8b2f-a1c2bff0b815","type":"Microsoft.Authorization/policyDefinitions","name":"0d58f734-c052-40e9-8b2f-a1c2bff0b815"},{"properties":{"displayName":"Microsoft
+ Managed Control 1713 - Software, Firmware, And Information Integrity | Integrity
+ Checks","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1713"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d87c70b-5012-48e9-994b-e70dd4b8def0","type":"Microsoft.Authorization/policyDefinitions","name":"0d87c70b-5012-48e9-994b-e70dd4b8def0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1466 - Visitor Access Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1466"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d943a9c-a6f1-401f-a792-740cdb09c451","type":"Microsoft.Authorization/policyDefinitions","name":"0d943a9c-a6f1-401f-a792-740cdb09c451"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs on which Windows Defender Exploit Guard
is not enabled","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines on which Windows Defender Exploit Guard is not enabled. For
more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDefenderExploitGuard","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053","type":"Microsoft.Authorization/policyDefinitions","name":"0d9b45ff-9ddd-43fc-bf59-fbd1c8423053"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDefenderExploitGuard","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053","type":"Microsoft.Authorization/policyDefinitions","name":"0d9b45ff-9ddd-43fc-bf59-fbd1c8423053"},{"properties":{"displayName":"Managed
+ identity should be used in your Function App","policyType":"BuiltIn","mode":"Indexed","description":"Use
+ a managed identity for enhanced authentication security","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f","type":"Microsoft.Authorization/policyDefinitions","name":"0da106f2-4ca3-48e8-bc85-c638fe6aea8f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1718 - Software, Firmware, And Information Integrity | Binary
+ Or Machine Executable Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1718"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0dced7ab-9ce5-4137-93aa-14c13e06ab17","type":"Microsoft.Authorization/policyDefinitions","name":"0dced7ab-9ce5-4137-93aa-14c13e06ab17"},{"properties":{"displayName":"[Preview]:
Authorized IP ranges should be defined on Kubernetes Services","policyType":"BuiltIn","mode":"All","description":"Restrict
access to the Kubernetes Service Management API by granting API access only
to IP addresses in specific ranges. It is recommended to limit access to authorized
@@ -7424,7 +11750,42 @@ interactions:
debugging should be turned off for Function Apps","policyType":"BuiltIn","mode":"Indexed","description":"Remote
debugging requires inbound ports to be opened on an function app. Remote debugging
should be turned off.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","type":"Microsoft.Authorization/policyDefinitions","name":"0e60b895-3786-45da-8377-9c6b4b6ac5f9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","type":"Microsoft.Authorization/policyDefinitions","name":"0e60b895-3786-45da-8377-9c6b4b6ac5f9"},{"properties":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for MariaDB","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure Database for MariaDB with geo-redundant backup not
+ enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMariaDB/servers"},{"field":"Microsoft.DBforMariaDB/servers/storageProfile.geoRedundantBackup","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","type":"Microsoft.Authorization/policyDefinitions","name":"0ec47710-77ff-4a3d-9181-6aa50af424d0"},{"properties":{"displayName":"Deploy
+ prerequisites to enable Guest Configuration Policy on Windows VMs.","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a system-assigned managed identity and deploys the VM extension
+ for Guest Configuration on Windows VMs. This is a prerequisites for Guest
+ Configuration Policy and must be assigned to the scope before using any Guest
+ Configuration policy. For more information on Guest Configuration policies,
+ please visit https://aka.ms/gcpol.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.Compute/virtualMachines/extensions","name":"AzurePolicyforWindows","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.GuestConfiguration"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"ConfigurationforWindows"}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"resources":[{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}}}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0ecd903d-91e7-4726-83d3-a229d7f2e293","type":"Microsoft.Authorization/policyDefinitions","name":"0ecd903d-91e7-4726-83d3-a229d7f2e293"},{"properties":{"displayName":"Microsoft
+ Managed Control 1601 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1601"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e","type":"Microsoft.Authorization/policyDefinitions","name":"0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1476 - Fire Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1476"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f3c4ac2-3e35-4906-a80b-473b12a622d7","type":"Microsoft.Authorization/policyDefinitions","name":"0f3c4ac2-3e35-4906-a80b-473b12a622d7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1204 - Access Restrictions For Change | Review System Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1204"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f4f6750-d1ab-4a4c-8dfd-af3237682665","type":"Microsoft.Authorization/policyDefinitions","name":"0f4f6750-d1ab-4a4c-8dfd-af3237682665"},{"properties":{"displayName":"Microsoft
+ Managed Control 1430 - Media Marking","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1430"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f559588-5e53-4b14-a7c4-85d28ebc2234","type":"Microsoft.Authorization/policyDefinitions","name":"0f559588-5e53-4b14-a7c4-85d28ebc2234"},{"properties":{"displayName":"Microsoft
+ Managed Control 1574 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1574"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f935dab-83d6-47b8-85ef-68b8584161b9","type":"Microsoft.Authorization/policyDefinitions","name":"0f935dab-83d6-47b8-85ef-68b8584161b9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1164 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1164"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0fb8d3ce-9e96-481c-9c68-88d4e3019310","type":"Microsoft.Authorization/policyDefinitions","name":"0fb8d3ce-9e96-481c-9c68-88d4e3019310"},{"properties":{"displayName":"Microsoft
+ Managed Control 1017 - Account Management | Inactivity Logout","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1017"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0fc3db37-e59a-48c1-84e9-1780cedb409e","type":"Microsoft.Authorization/policyDefinitions","name":"0fc3db37-e59a-48c1-84e9-1780cedb409e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1087 - Security Awareness And Training Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1087"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/100c82ba-42e9-4d44-a2ba-94b209248583","type":"Microsoft.Authorization/policyDefinitions","name":"100c82ba-42e9-4d44-a2ba-94b209248583"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not contain the specified
certificates in Trusted Root","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows VMs that
@@ -7438,14 +11799,34 @@ interactions:
thumbprints","description":"A semicolon-separated list of certificate thumbprints
that should exist under the Trusted Root certificate store (Cert:\\LocalMachine\\Root).
e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsCertificateInTrustedRoot","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude'',
- ''='', parameters(''CertificateThumbprints'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsCertificateInTrustedRoot"},"CertificateThumbprints":{"value":"[parameters(''CertificateThumbprints'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"CertificateThumbprints":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprints'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprints'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/106ccbe4-a791-4f33-a44a-06796944b8d5","type":"Microsoft.Authorization/policyDefinitions","name":"106ccbe4-a791-4f33-a44a-06796944b8d5"},{"properties":{"displayName":"[Preview]:
+ ''='', parameters(''CertificateThumbprints'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsCertificateInTrustedRoot"},"CertificateThumbprints":{"value":"[parameters(''CertificateThumbprints'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"CertificateThumbprints":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprints'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprints'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/106ccbe4-a791-4f33-a44a-06796944b8d5","type":"Microsoft.Authorization/policyDefinitions","name":"106ccbe4-a791-4f33-a44a-06796944b8d5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1554 - Vulnerability Scanning | Discoverable Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1554"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/10984b4e-c93e-48d7-bf20-9c03b04e9eca","type":"Microsoft.Authorization/policyDefinitions","name":"10984b4e-c93e-48d7-bf20-9c03b04e9eca"},{"properties":{"displayName":"Ensure
+ that ''.Net Framework'' version is the latest, if used as a part of the Function
+ App","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for .Net Framework software either due to security
+ flaws or to include additional functionality. Using the latest .Net framework
+ version for web apps is recommended in order to to take advantage of security
+ fixes, if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.netFrameworkVersion","in":["v3.0","v4.0"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/10c1859c-e1a7-4df3-ab97-a487fa8059f6","type":"Microsoft.Authorization/policyDefinitions","name":"10c1859c-e1a7-4df3-ab97-a487fa8059f6"},{"properties":{"displayName":"Custom
+ subscription owner roles should not exist","policyType":"BuiltIn","mode":"All","description":"This
+ policy ensures that no custom subscription owner roles exist.","metadata":{"category":"General"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Authorization/roleDefinitions"},{"field":"Microsoft.Authorization/roleDefinitions/type","equals":"CustomRole"},{"anyOf":[{"not":{"field":"Microsoft.Authorization/roleDefinitions/permissions[*].actions[*]","notEquals":"*"}},{"not":{"field":"Microsoft.Authorization/roleDefinitions/permissions.actions[*]","notEquals":"*"}}]},{"not":{"field":"Microsoft.Authorization/roleDefinitions/assignableScopes[*]","notIn":["[concat(subscription().id,''/'')]","[subscription().id]","/"]}},{"not":{"field":"Microsoft.Authorization/roleDefinitions/assignableScopes[*]","notLike":"/providers/Microsoft.Management/*"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","type":"Microsoft.Authorization/policyDefinitions","name":"10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1230 - Configuration Management Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1230"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11158848-f679-4e9b-aa7b-9fb07d945071","type":"Microsoft.Authorization/policyDefinitions","name":"11158848-f679-4e9b-aa7b-9fb07d945071"},{"properties":{"displayName":"Microsoft
+ Managed Control 1432 - Media Storage","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1432"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1140e542-b80d-4048-af45-3f7245be274b","type":"Microsoft.Authorization/policyDefinitions","name":"1140e542-b80d-4048-af45-3f7245be274b"},{"properties":{"displayName":"[Preview]:
Audit Dependency Agent Deployment - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports
VMs as non-compliant if the VM Image (OS) is not in the list defined and the
agent is not installed. The list of OS images will be updated over time as
@@ -7453,7 +11834,16 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","type":"Microsoft.Authorization/policyDefinitions","name":"11ac78e3-31bc-4f0c-8434-37ab963cea07"},{"properties":{"displayName":"[Preview]:
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","type":"Microsoft.Authorization/policyDefinitions","name":"11ac78e3-31bc-4f0c-8434-37ab963cea07"},{"properties":{"displayName":"Microsoft
+ Managed Control 1655 - Voice Over Internet Protocol","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1655"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/121eab72-390e-4629-a7e2-6d6184f57c6b","type":"Microsoft.Authorization/policyDefinitions","name":"121eab72-390e-4629-a7e2-6d6184f57c6b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1681 - Malicious Code Protection | Automatic Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1681"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12623e7e-4736-4b2e-b776-c1600f35f93a","type":"Microsoft.Authorization/policyDefinitions","name":"12623e7e-4736-4b2e-b776-c1600f35f93a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1240 - User-Installed Software","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1240"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/129eb39f-d79a-4503-84cd-92f036b5e429","type":"Microsoft.Authorization/policyDefinitions","name":"129eb39f-d79a-4503-84cd-92f036b5e429"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- System objects''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -7464,7 +11854,10 @@ interactions:
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsSystemobjects","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsSystemobjects"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12ae2d24-3805-4b37-9fa9-465968bfbcfa","type":"Microsoft.Authorization/policyDefinitions","name":"12ae2d24-3805-4b37-9fa9-465968bfbcfa"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12ae2d24-3805-4b37-9fa9-465968bfbcfa","type":"Microsoft.Authorization/policyDefinitions","name":"12ae2d24-3805-4b37-9fa9-465968bfbcfa"},{"properties":{"displayName":"Microsoft
+ Managed Control 1666 - System And Information Integrity Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1666"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12e30ee3-61e6-4509-8302-a871e8ebb91e","type":"Microsoft.Authorization/policyDefinitions","name":"12e30ee3-61e6-4509-8302-a871e8ebb91e"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that do not have the specified applications
installed","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Windows virtual machines
@@ -7477,14 +11870,33 @@ interactions:
names of the applications that should be installed. e.g. ''Microsoft SQL Server
2014 (64-bit); Microsoft Visual Studio Code'' or ''Microsoft SQL Server 2014*''
(to match any application starting with ''Microsoft SQL Server 2014'')"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WhitelistedApplication","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[InstalledApplication]bwhitelistedapp;Name'',
- ''='', parameters(''installedApplication'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WhitelistedApplication"},"installedApplication":{"value":"[parameters(''installedApplication'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"installedApplication":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]bwhitelistedapp;Name","value":"[parameters(''installedApplication'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]bwhitelistedapp;Name","value":"[parameters(''installedApplication'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6","type":"Microsoft.Authorization/policyDefinitions","name":"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6"},{"properties":{"displayName":"Deploy
+ ''='', parameters(''installedApplication'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WhitelistedApplication"},"installedApplication":{"value":"[parameters(''installedApplication'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"installedApplication":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]bwhitelistedapp;Name","value":"[parameters(''installedApplication'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]bwhitelistedapp;Name","value":"[parameters(''installedApplication'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6","type":"Microsoft.Authorization/policyDefinitions","name":"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1347 - Identification And Authentication (Non-Org. Users)
+ | Acceptance Of PIV Creds. From Other Agys.","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1347"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/131a2706-61e9-4916-a164-00e052056462","type":"Microsoft.Authorization/policyDefinitions","name":"131a2706-61e9-4916-a164-00e052056462"},{"properties":{"displayName":"Microsoft
+ Managed Control 1450 - Physical Access Authorizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1450"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/134d7a13-ba3e-41e2-b236-91bfcfa24e01","type":"Microsoft.Authorization/policyDefinitions","name":"134d7a13-ba3e-41e2-b236-91bfcfa24e01"},{"properties":{"displayName":"Microsoft
+ Managed Control 1184 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1184"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/13579d0e-0ab0-4b26-b0fb-d586f6d7ed20","type":"Microsoft.Authorization/policyDefinitions","name":"13579d0e-0ab0-4b26-b0fb-d586f6d7ed20"},{"properties":{"displayName":"Microsoft
+ Managed Control 1085 - Publicly Accessible Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1085"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/13d117e0-38b0-4bbb-aaab-563be5dd10ba","type":"Microsoft.Authorization/policyDefinitions","name":"13d117e0-38b0-4bbb-aaab-563be5dd10ba"},{"properties":{"displayName":"Microsoft
+ Managed Control 1404 - Maintenance Tools","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1404"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/13d8f903-0cd6-449f-a172-50f6579c182b","type":"Microsoft.Authorization/policyDefinitions","name":"13d8f903-0cd6-449f-a172-50f6579c182b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1695 - Information System Monitoring | Wireless Intrusion
+ Detection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1695"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/13fcf812-ec82-4eda-9b89-498de9efd620","type":"Microsoft.Authorization/policyDefinitions","name":"13fcf812-ec82-4eda-9b89-498de9efd620"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs in which the Administrators group contains
any of the specified members","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -7497,14 +11909,22 @@ interactions:
to exclude","description":"A semicolon-separated list of members that should
be excluded in the Administrators local group. Ex: Administrator; myUser1;
myUser2"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AdministratorsGroupMembersToExclude","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[LocalGroup]AdministratorsGroup;MembersToExclude'',
- ''='', parameters(''MembersToExclude'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AdministratorsGroupMembersToExclude"},"MembersToExclude":{"value":"[parameters(''MembersToExclude'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"MembersToExclude":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToExclude","value":"[parameters(''MembersToExclude'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToExclude","value":"[parameters(''MembersToExclude'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","type":"Microsoft.Authorization/policyDefinitions","name":"144f1397-32f9-4598-8c88-118decc3ccba"},{"properties":{"displayName":"[Preview]:
+ ''='', parameters(''MembersToExclude'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AdministratorsGroupMembersToExclude"},"MembersToExclude":{"value":"[parameters(''MembersToExclude'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"MembersToExclude":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToExclude","value":"[parameters(''MembersToExclude'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToExclude","value":"[parameters(''MembersToExclude'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","type":"Microsoft.Authorization/policyDefinitions","name":"144f1397-32f9-4598-8c88-118decc3ccba"},{"properties":{"displayName":"Microsoft
+ Managed Control 1157 - Plan Of Action And Milestones","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1157"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/15495367-cf68-464c-bbc3-f53ca5227b7a","type":"Microsoft.Authorization/policyDefinitions","name":"15495367-cf68-464c-bbc3-f53ca5227b7a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1491 - Security Planning Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1491"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1571dd40-dafc-4ef4-8f55-16eba27efc7b","type":"Microsoft.Authorization/policyDefinitions","name":"1571dd40-dafc-4ef4-8f55-16eba27efc7b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1564 - System Development Life Cycle","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1564"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/157f0ef9-143f-496d-b8f9-f8c8eeaad801","type":"Microsoft.Authorization/policyDefinitions","name":"157f0ef9-143f-496d-b8f9-f8c8eeaad801"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not have a minimum password
age of 1 day","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -7512,24 +11932,70 @@ interactions:
managed identity and deploys the VM extension for Guest Configuration. This
policy should only be used along with its corresponding audit policy in an
initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","type":"Microsoft.Authorization/policyDefinitions","name":"16390df4-2f73-4b42-af13-c801066763df"},{"properties":{"displayName":"Show
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","type":"Microsoft.Authorization/policyDefinitions","name":"16390df4-2f73-4b42-af13-c801066763df"},{"properties":{"displayName":"Microsoft
+ Managed Control 1662 - Fail In Known State","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1662"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/165cb91f-7ea8-4ab7-beaf-8636b98c9d15","type":"Microsoft.Authorization/policyDefinitions","name":"165cb91f-7ea8-4ab7-beaf-8636b98c9d15"},{"properties":{"displayName":"Microsoft
+ Managed Control 1684 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1684"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16bfdb59-db38-47a5-88a9-2e9371a638cf","type":"Microsoft.Authorization/policyDefinitions","name":"16bfdb59-db38-47a5-88a9-2e9371a638cf"},{"properties":{"displayName":"Show
audit results from Windows VMs that do not have the specified Windows PowerShell
modules installed","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that do not have the specified Windows PowerShell
modules installed. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellModules","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16f9b37c-4408-4c30-bc17-254958f2e2d6","type":"Microsoft.Authorization/policyDefinitions","name":"16f9b37c-4408-4c30-bc17-254958f2e2d6"},{"properties":{"displayName":"Transparent
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellModules","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16f9b37c-4408-4c30-bc17-254958f2e2d6","type":"Microsoft.Authorization/policyDefinitions","name":"16f9b37c-4408-4c30-bc17-254958f2e2d6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1103 - Audit Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1103"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16feeb31-6377-437e-bbab-d7f73911896d","type":"Microsoft.Authorization/policyDefinitions","name":"16feeb31-6377-437e-bbab-d7f73911896d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1007 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1007"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17200329-bf6c-46d8-ac6d-abf4641c2add","type":"Microsoft.Authorization/policyDefinitions","name":"17200329-bf6c-46d8-ac6d-abf4641c2add"},{"properties":{"displayName":"Microsoft
+ Managed Control 1349 - Identification And Authentication (Non-Org. Users)
+ | Use Of FICAM-Approved Products","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1349"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17641f70-94cd-4a5d-a613-3d1143e20e34","type":"Microsoft.Authorization/policyDefinitions","name":"17641f70-94cd-4a5d-a613-3d1143e20e34"},{"properties":{"displayName":"Deploy
+ associations for a managed application","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ an association resource that associates selected resource types to the specified
+ managed application. This policy deployment does not support nested resource
+ types.","metadata":{"category":"Managed Application"},"parameters":{"targetManagedApplicationId":{"type":"String","metadata":{"displayName":"Managed
+ application Id","description":"Resource ID of the managed application to which
+ resources need to be associated."}},"resourceTypesToAssociate":{"type":"Array","metadata":{"displayName":"Resource
+ types to associate","description":"The list of resource types to be associated
+ to the managed application.","strongType":"resourceTypes"}},"associationNamePrefix":{"type":"String","metadata":{"displayName":"Association
+ name prefix","description":"Prefix to be added to the name of the association
+ resource being created."},"defaultValue":"DeployedByPolicy"}},"policyRule":{"if":{"field":"type","in":"[parameters(''resourceTypesToAssociate'')]"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.CustomProviders/Associations","name":"[concat(parameters(''associationNamePrefix''),
+ ''-'', uniqueString(parameters(''targetManagedApplicationId'')))]","roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"associatedResourceName":{"type":"string"},"resourceTypesToAssociate":{"type":"string"},"targetManagedApplicationId":{"type":"string"},"associationNamePrefix":{"type":"string"}},"variables":{"resourceType":"[concat(parameters(''resourceTypesToAssociate''),
+ ''/providers/associations'')]","resourceName":"[concat(parameters(''associatedResourceName''),
+ ''/microsoft.customproviders/'', parameters(''associationNamePrefix''), ''-'',
+ uniqueString(parameters(''targetManagedApplicationId'')))]"},"resources":[{"type":"Microsoft.Resources/deployments","apiVersion":"2017-05-10","name":"[concat(deployment().Name,
+ ''-2'')]","properties":{"mode":"Incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[{"type":"[variables(''resourceType'')]","name":"[variables(''resourceName'')]","apiVersion":"2018-09-01-preview","properties":{"targetResourceId":"[parameters(''targetManagedApplicationId'')]"}}]}}}]},"parameters":{"resourceTypesToAssociate":{"value":"[field(''type'')]"},"associatedResourceName":{"value":"[field(''name'')]"},"targetManagedApplicationId":{"value":"[parameters(''targetManagedApplicationId'')]"},"associationNamePrefix":{"value":"[parameters(''associationNamePrefix'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17763ad9-70c0-4794-9397-53d765932634","type":"Microsoft.Authorization/policyDefinitions","name":"17763ad9-70c0-4794-9397-53d765932634"},{"properties":{"displayName":"Transparent
Data Encryption on SQL databases should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
transparent data encryption status for SQL databases","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"enabled"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"17k78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"Azure
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"enabled"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"17k78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"Microsoft
+ Managed Control 1325 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1325"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1845796a-7581-49b2-ae20-443121538e19","type":"Microsoft.Authorization/policyDefinitions","name":"1845796a-7581-49b2-ae20-443121538e19"},{"properties":{"displayName":"Microsoft
+ Managed Control 1480 - Temperature And Humidity Controls","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1480"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/18a767cc-1947-4338-a240-bc058c81164f","type":"Microsoft.Authorization/policyDefinitions","name":"18a767cc-1947-4338-a240-bc058c81164f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1369 - Incident Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1369"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/18cc35ed-a429-486d-8d59-cb47e87304ed","type":"Microsoft.Authorization/policyDefinitions","name":"18cc35ed-a429-486d-8d59-cb47e87304ed"},{"properties":{"displayName":"Microsoft
+ Managed Control 1269 - Alternate Storage Site | Separation From Primary Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1269"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/19b9439d-865d-4474-b17d-97d2702fdb66","type":"Microsoft.Authorization/policyDefinitions","name":"19b9439d-865d-4474-b17d-97d2702fdb66"},{"properties":{"displayName":"Microsoft
+ Managed Control 1071 - Wireless Access | Restrict Configurations By Users","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1071"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1a437f5b-9ad6-4f28-8861-de404d511ae4","type":"Microsoft.Authorization/policyDefinitions","name":"1a437f5b-9ad6-4f28-8861-de404d511ae4"},{"properties":{"displayName":"Azure
Monitor log profile should collect logs for categories ''write,'' ''delete,''
and ''action''","policyType":"BuiltIn","mode":"All","description":"This policy
ensures that a log profile collects logs for categories ''write,'' ''delete,''
@@ -7544,7 +12010,16 @@ interactions:
SQL managed instances which do not have recurring vulnerability assessment
scans enabled. Vulnerability assessment can discover, track, and help you
remediate potential database vulnerabilities.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/vulnerabilityAssessments/recurringScans.isEnabled","equals":"True"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","type":"Microsoft.Authorization/policyDefinitions","name":"1b7aa243-30e4-4c9e-bca8-d0d3022b634a"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/vulnerabilityAssessments/recurringScans.isEnabled","equals":"True"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","type":"Microsoft.Authorization/policyDefinitions","name":"1b7aa243-30e4-4c9e-bca8-d0d3022b634a"},{"properties":{"displayName":"Ensure
+ that ''PHP version'' is the latest, if used as a part of the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for PHP software either due to security flaws
+ or to include additional functionality. Using the latest PHP version for API
+ apps is recommended in order to to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ PHP version","description":"Latest supported PHP version for App Services"},"defaultValue":"7.3"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PHP"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PHP|'',
+ parameters(''PHPLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":"[parameters(''PHPLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","type":"Microsoft.Authorization/policyDefinitions","name":"1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba"},{"properties":{"displayName":"[Preview]:
Deploy Dependency Agent for Windows VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined
and the agent is not installed. The list of OS images will be updated over
@@ -7552,21 +12027,44 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentWindows","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''),
''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","type":"Microsoft.Authorization/policyDefinitions","name":"1c210e94-a481-4beb-95fa-1571b434fb04"},{"properties":{"displayName":"Virtual
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","type":"Microsoft.Authorization/policyDefinitions","name":"1c210e94-a481-4beb-95fa-1571b434fb04"},{"properties":{"displayName":"Microsoft
+ Managed Control 1072 - Wireless Access | Antennas / Transmission Power Levels","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1072"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1ca29e41-34ec-4e70-aba9-6248aca18c31","type":"Microsoft.Authorization/policyDefinitions","name":"1ca29e41-34ec-4e70-aba9-6248aca18c31"},{"properties":{"displayName":"Microsoft
+ Managed Control 1656 - Secure Name / Address Resolution Service (Authoritative
+ Source)","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1656"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1cb067d5-c8b5-4113-a7ee-0a493633924b","type":"Microsoft.Authorization/policyDefinitions","name":"1cb067d5-c8b5-4113-a7ee-0a493633924b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1592 - External Information System Services | Consistent Interests
+ Of Consumers And Providers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1592"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d01ba6c-289f-42fd-a408-494b355b6222","type":"Microsoft.Authorization/policyDefinitions","name":"1d01ba6c-289f-42fd-a408-494b355b6222"},{"properties":{"displayName":"Microsoft
+ Managed Control 1088 - Security Awareness And Training Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1088"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d50f99d-1356-49c0-934a-45f742ba7783","type":"Microsoft.Authorization/policyDefinitions","name":"1d50f99d-1356-49c0-934a-45f742ba7783"},{"properties":{"displayName":"Microsoft
+ Managed Control 1538 - Security Categorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1538"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d7658b2-e827-49c3-a2ae-6d2bd0b45874","type":"Microsoft.Authorization/policyDefinitions","name":"1d7658b2-e827-49c3-a2ae-6d2bd0b45874"},{"properties":{"displayName":"Virtual
machines should be migrated to new Azure Resource Manager resources","policyType":"BuiltIn","mode":"All","description":"Use
new Azure Resource Manager for your virtual machines to provide security enhancements
such as: stronger access control (RBAC), better auditing, ARM-based deployment
and governance, access to managed identities, access to key vault for secrets,
Azure AD-based authentication and support for tags and resource groups for
easier security management","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.classicCompute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","type":"Microsoft.Authorization/policyDefinitions","name":"1d84d5fb-01f6-4d12-ba4f-4a26081d403d"},{"properties":{"displayName":"[Deprecated]:
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.ClassicCompute/virtualMachines","Microsoft.Compute/virtualMachines"]},{"value":"[field(''type'')]","equals":"Microsoft.ClassicCompute/virtualMachines"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","type":"Microsoft.Authorization/policyDefinitions","name":"1d84d5fb-01f6-4d12-ba4f-4a26081d403d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1298 - Identification And Authentication Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1298"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1dc784b5-4895-4d27-9d40-a06b032bd1ee","type":"Microsoft.Authorization/policyDefinitions","name":"1dc784b5-4895-4d27-9d40-a06b032bd1ee"},{"properties":{"displayName":"[Deprecated]:
Audit API Applications that are not using latest supported .NET Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported .NET Framework version for the latest security classes.
Using older classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestDotNet","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb","type":"Microsoft.Authorization/policyDefinitions","name":"1de7b11d-1870-41a5-8181-507e7c663cfb"},{"properties":{"displayName":"Require
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestDotNet","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb","type":"Microsoft.Authorization/policyDefinitions","name":"1de7b11d-1870-41a5-8181-507e7c663cfb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1595 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1595"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1e0414e7-6ef5-4182-8076-aa82fbb53341","type":"Microsoft.Authorization/policyDefinitions","name":"1e0414e7-6ef5-4182-8076-aa82fbb53341"},{"properties":{"displayName":"Require
tag and its value","policyType":"BuiltIn","mode":"Indexed","description":"Enforces
- a required tag and its value. Does not apply to resource groups.","metadata":{"category":"General"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ a required tag and its value. Does not apply to resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"not":{"field":"[concat(''tags['',
parameters(''tagName''), '']'')]","equals":"[parameters(''tagValue'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62","type":"Microsoft.Authorization/policyDefinitions","name":"1e30110a-5ceb-460c-a204-c1c3969c6d62"},{"properties":{"displayName":"An
@@ -7575,7 +12073,22 @@ interactions:
to enable Azure AD authentication. Azure AD authentication enables simplified
permission management and centralized identity management of database users
and other Microsoft services","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/administrators"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","type":"Microsoft.Authorization/policyDefinitions","name":"1f314764-cb73-4fc9-b863-8eca98ac36e9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/administrators"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","type":"Microsoft.Authorization/policyDefinitions","name":"1f314764-cb73-4fc9-b863-8eca98ac36e9"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Event Hub to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Event Hub to stream to a regional Log Analytics
+ workspace when any Event Hub which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.EventHub/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ArchiveLogs","enabled":true,"retentionPolicy":{"enabled":false,"days":0}},{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"AutoScaleLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"KafkaCoordinatorLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"EventHubVNetConnectionEvent","enabled":"[parameters(''logsEnabled'')]"},{"category":"CustomerManagedKeyUserLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579","type":"Microsoft.Authorization/policyDefinitions","name":"1f6e93e8-6b31-41b1-83f6-36e449a42579"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Shutdown''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -7600,24 +12113,47 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Shutdown:
Allow system to be shut down without having to log on;ExpectedValue","value":"[parameters(''ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn'')]"},{"name":"Shutdown:
Clear virtual memory pagefile;ExpectedValue","value":"[parameters(''ShutdownClearVirtualMemoryPagefile'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f8c20ce-3414-4496-8b26-0e902a1541da","type":"Microsoft.Authorization/policyDefinitions","name":"1f8c20ce-3414-4496-8b26-0e902a1541da"},{"properties":{"displayName":"The
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f8c20ce-3414-4496-8b26-0e902a1541da","type":"Microsoft.Authorization/policyDefinitions","name":"1f8c20ce-3414-4496-8b26-0e902a1541da"},{"properties":{"displayName":"Microsoft
+ Managed Control 1616 - System And Communications Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1616"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2006457a-48b3-4f7b-8d2e-1532287f9929","type":"Microsoft.Authorization/policyDefinitions","name":"2006457a-48b3-4f7b-8d2e-1532287f9929"},{"properties":{"displayName":"Microsoft
+ Managed Control 1650 - Public Key Infrastructure Certificates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1650"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/201d3740-bd16-4baf-b4b8-7cda352228b7","type":"Microsoft.Authorization/policyDefinitions","name":"201d3740-bd16-4baf-b4b8-7cda352228b7"},{"properties":{"displayName":"The
NSGs rules for web applications on IaaS should be hardened","policyType":"BuiltIn","mode":"All","description":"Azure
security center has discovered that some of your virtual machines are running
web applications, and the NSGs associated to these virtual machines are overly
permissive with regards to the web application ports","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedWebApplication","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","type":"Microsoft.Authorization/policyDefinitions","name":"201ea587-7c90-41c3-910f-c280ae01cfd6"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedWebApplication","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","type":"Microsoft.Authorization/policyDefinitions","name":"201ea587-7c90-41c3-910f-c280ae01cfd6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1181 - Baseline Configuration | Retention Of Previous Configurations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1181"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21839937-d241-4fa5-95c6-b669253d9ab9","type":"Microsoft.Authorization/policyDefinitions","name":"21839937-d241-4fa5-95c6-b669253d9ab9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1111 - Response To Audit Processing Failures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1111"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21de687c-f15e-4e51-bf8d-f35c8619965b","type":"Microsoft.Authorization/policyDefinitions","name":"21de687c-f15e-4e51-bf8d-f35c8619965b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1596 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1596"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21e25e01-0ae0-41be-919e-04ce92b8e8b8","type":"Microsoft.Authorization/policyDefinitions","name":"21e25e01-0ae0-41be-919e-04ce92b8e8b8"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Audit''","policyType":"BuiltIn","mode":"All","description":"This policy should
only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Security
Options - Audit''. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAudit","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21e2995e-683e-497a-9e81-2f42ad07050a","type":"Microsoft.Authorization/policyDefinitions","name":"21e2995e-683e-497a-9e81-2f42ad07050a"},{"properties":{"displayName":"[Deprecated]:
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAudit","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21e2995e-683e-497a-9e81-2f42ad07050a","type":"Microsoft.Authorization/policyDefinitions","name":"21e2995e-683e-497a-9e81-2f42ad07050a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1426 - Media Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1426"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21f639bc-f42b-46b1-8f40-7a2a389c291a","type":"Microsoft.Authorization/policyDefinitions","name":"21f639bc-f42b-46b1-8f40-7a2a389c291a"},{"properties":{"displayName":"[Deprecated]:
Audit API Apps that are not using custom domains","policyType":"BuiltIn","mode":"All","description":"Use
of custom domains protects a API app from common attacks such as phishing
and other DNS-related attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac","type":"Microsoft.Authorization/policyDefinitions","name":"224da9fe-0d38-4e79-adb3-0a6e2af942ac"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac","type":"Microsoft.Authorization/policyDefinitions","name":"224da9fe-0d38-4e79-adb3-0a6e2af942ac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1399 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1399"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2256e638-eb23-480f-9e15-6cf1af0a76b3","type":"Microsoft.Authorization/policyDefinitions","name":"2256e638-eb23-480f-9e15-6cf1af0a76b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1221 - Least Functionality | Authorized Software / Whitelisting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1221"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22589a07-0007-486a-86ca-95355081ae2a","type":"Microsoft.Authorization/policyDefinitions","name":"22589a07-0007-486a-86ca-95355081ae2a"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Account Management''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -7630,7 +12166,9 @@ interactions:
remote management ports are exposing your VM to a high level of risk from
Internet-based attacks. These attacks attempt to brute force credentials to
gain admin access to the machine.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"restrictAccessToManagementPorts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","type":"Microsoft.Authorization/policyDefinitions","name":"22730e10-96f6-4aac-ad84-9383d35b5917"},{"properties":{"displayName":"Only
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"restrictAccessToManagementPorts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","type":"Microsoft.Authorization/policyDefinitions","name":"22730e10-96f6-4aac-ad84-9383d35b5917"},{"properties":{"displayName":"Microsoft
+ Managed Control 1493 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1493"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22b469b3-fccf-42da-aa3b-a28e6fb113ce","type":"Microsoft.Authorization/policyDefinitions","name":"22b469b3-fccf-42da-aa3b-a28e6fb113ce"},{"properties":{"displayName":"Only
secure connections to your Redis Cache should be enabled","policyType":"BuiltIn","mode":"All","description":"Audit
enabling of only connections via SSL to Redis Cache. Use of secure connections
ensures authentication between the server and the service and protects data
@@ -7645,33 +12183,99 @@ interactions:
Guest Configuration. This policy should only be used along with its corresponding
audit policy in an initiative. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordLength"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","type":"Microsoft.Authorization/policyDefinitions","name":"23020aa6-1135-4be2-bae2-149982b06eca"},{"properties":{"displayName":"[Preview]:
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordLength"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","type":"Microsoft.Authorization/policyDefinitions","name":"23020aa6-1135-4be2-bae2-149982b06eca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1256 - Contingency Plan | Identify Critical Assets","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1256"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/232ab24b-810b-4640-9019-74a7d0d6a980","type":"Microsoft.Authorization/policyDefinitions","name":"232ab24b-810b-4640-9019-74a7d0d6a980"},{"properties":{"displayName":"Service
+ Bus should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Service Bus not configured to use a virtual network service
+ endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.ServiceBus/namespaces/virtualNetworkRules","existenceCondition":{"field":"Microsoft.ServiceBus/namespaces/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/235359c5-7c52-4b82-9055-01c75cf9f60e","type":"Microsoft.Authorization/policyDefinitions","name":"235359c5-7c52-4b82-9055-01c75cf9f60e"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Stream Analytics to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Stream Analytics to stream to a regional Log Analytics
+ workspace when any Stream Analytics which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingjobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.StreamAnalytics/streamingjobs/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Execution","enabled":"[parameters(''logsEnabled'')]"},{"category":"Authoring","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673","type":"Microsoft.Authorization/policyDefinitions","name":"237e0f7e-b0e8-4ec4-ad46-8c12cb66d673"},{"properties":{"displayName":"Microsoft
+ Managed Control 1268 - Alternate Storage Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1268"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/23f6e984-3053-4dfc-ab48-543b764781f5","type":"Microsoft.Authorization/policyDefinitions","name":"23f6e984-3053-4dfc-ab48-543b764781f5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1122 - Audit Review, Analysis, And Reporting | Permitted Actions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1122"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/243ec95e-800c-49d4-ba52-1fdd9f6b8b57","type":"Microsoft.Authorization/policyDefinitions","name":"243ec95e-800c-49d4-ba52-1fdd9f6b8b57"},{"properties":{"displayName":"Microsoft
+ Managed Control 1231 - Configuration Management Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1231"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/244e0c05-cc45-4fe7-bf36-42dcf01f457d","type":"Microsoft.Authorization/policyDefinitions","name":"244e0c05-cc45-4fe7-bf36-42dcf01f457d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1082 - Information Sharing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1082"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/24d480ef-11a0-4b1b-8e70-4e023bf2be23","type":"Microsoft.Authorization/policyDefinitions","name":"24d480ef-11a0-4b1b-8e70-4e023bf2be23"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that do not have a maximum password age
of 70 days","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that do not have a maximum password age of 70 days. For more
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","type":"Microsoft.Authorization/policyDefinitions","name":"24dde96d-f0b1-425e-884f-4a1421e2dcdc"},{"properties":{"displayName":"Endpoint
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","type":"Microsoft.Authorization/policyDefinitions","name":"24dde96d-f0b1-425e-884f-4a1421e2dcdc"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Data Lake Storage Gen1 to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Storage Gen1 to stream to a regional
+ Log Analytics workspace when any Data Lake Storage Gen1 which is missing this
+ diagnostic settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeStore/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/25763a0a-5783-4f14-969e-79d4933eb74b","type":"Microsoft.Authorization/policyDefinitions","name":"25763a0a-5783-4f14-969e-79d4933eb74b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1372 - Incident Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1372"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/25b96717-c912-4c00-9143-4e487f411726","type":"Microsoft.Authorization/policyDefinitions","name":"25b96717-c912-4c00-9143-4e487f411726"},{"properties":{"displayName":"Microsoft
+ Managed Control 1038 - Least Privilege | Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1038"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26692e88-71b7-4a5f-a8ac-9f31dd05bd8e","type":"Microsoft.Authorization/policyDefinitions","name":"26692e88-71b7-4a5f-a8ac-9f31dd05bd8e"},{"properties":{"displayName":"Endpoint
protection solution should be installed on virtual machine scale sets","policyType":"BuiltIn","mode":"Indexed","description":"Audit
the existence and health of an endpoint protection solution on your virtual
machines scale sets, to protect them from threats and vulnerabilities.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EndpointProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","type":"Microsoft.Authorization/policyDefinitions","name":"26a828e1-e88f-464e-bbb3-c134a282b9de"},{"properties":{"displayName":"Metric
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EndpointProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","type":"Microsoft.Authorization/policyDefinitions","name":"26a828e1-e88f-464e-bbb3-c134a282b9de"},{"properties":{"displayName":"Microsoft
+ Managed Control 1649 - Collaborative Computing Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1649"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26d292cc-b0b8-4c29-9337-68abc758bf7b","type":"Microsoft.Authorization/policyDefinitions","name":"26d292cc-b0b8-4c29-9337-68abc758bf7b"},{"properties":{"displayName":"Metric
alert rules should be configured on Batch accounts","policyType":"BuiltIn","mode":"Indexed","description":"Audit
configuration of metric alert rules on Batch account to enable the required
metric","metadata":{"category":"Batch"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"metricName":{"type":"String","metadata":{"displayName":"Metric
name","description":"The metric name that an alert rule must be enabled on"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Batch/batchAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/alertRules","existenceScope":"Subscription","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/alertRules/isEnabled","equals":"true"},{"field":"Microsoft.Insights/alertRules/condition.dataSource.metricName","equals":"[parameters(''metricName'')]"},{"field":"Microsoft.Insights/alertRules/condition.dataSource.resourceUri","equals":"[concat(''/subscriptions/'',
subscription().subscriptionId, ''/resourcegroups/'', resourceGroup().name,
- ''/providers/Microsoft.Batch/batchAccounts/'', field(''name''))]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","type":"Microsoft.Authorization/policyDefinitions","name":"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7"},{"properties":{"displayName":"Deploy
+ ''/providers/Microsoft.Batch/batchAccounts/'', field(''name''))]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","type":"Microsoft.Authorization/policyDefinitions","name":"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1396 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1396"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/276af98f-4ff9-4e69-99fb-c9b2452fb85f","type":"Microsoft.Authorization/policyDefinitions","name":"276af98f-4ff9-4e69-99fb-c9b2452fb85f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1074 - Access Control For Mobile Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1074"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/27a69937-af92-4198-9b86-08d355c7e59a","type":"Microsoft.Authorization/policyDefinitions","name":"27a69937-af92-4198-9b86-08d355c7e59a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1527 - Access Agreements","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1527"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2823de66-332f-4bfd-94a3-3eb036cd3b67","type":"Microsoft.Authorization/policyDefinitions","name":"2823de66-332f-4bfd-94a3-3eb036cd3b67"},{"properties":{"displayName":"Deploy
default Microsoft IaaSAntimalware extension for Windows Server","policyType":"BuiltIn","mode":"Indexed","description":"This
policy deploys a Microsoft IaaSAntimalware extension with a default configuration
when a VM is not configured with the antimalware extension.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk"]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"ExclusionsPaths":{"type":"string","defaultValue":"","metadata":{"description":"Semicolon
@@ -7683,7 +12287,25 @@ interactions:
whether scheduled scan setting type is set to Quick or Full (default is Quick)"}},"ScheduledScanSettingsDay":{"type":"string","defaultValue":"7","metadata":{"description":"Day
of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)"}},"ScheduledScanSettingsTime":{"type":"string","defaultValue":"120","metadata":{"description":"When
to perform the scheduled scan, measured in minutes from midnight (0-1440).
- For example: 0 = 12AM, 60 = 1AM, 120 = 2AM."}}},"resources":[{"name":"[concat(parameters(''vmName''),''/IaaSAntimalware'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2017-12-01","properties":{"publisher":"Microsoft.Azure.Security","type":"IaaSAntimalware","typeHandlerVersion":"1.3","autoUpgradeMinorVersion":true,"settings":{"AntimalwareEnabled":true,"RealtimeProtectionEnabled":"[parameters(''RealtimeProtectionEnabled'')]","ScheduledScanSettings":{"isEnabled":"[parameters(''ScheduledScanSettingsIsEnabled'')]","day":"[parameters(''ScheduledScanSettingsDay'')]","time":"[parameters(''ScheduledScanSettingsTime'')]","scanType":"[parameters(''ScheduledScanSettingsScanType'')]"},"Exclusions":{"Extensions":"[parameters(''ExclusionsExtensions'')]","Paths":"[parameters(''ExclusionsPaths'')]","Processes":"[parameters(''ExclusionsProcesses'')]"}}}}]},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"RealtimeProtectionEnabled":{"value":"true"},"ScheduledScanSettingsIsEnabled":{"value":"true"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc","type":"Microsoft.Authorization/policyDefinitions","name":"2835b622-407b-4114-9198-6f7064cbe0dc"},{"properties":{"displayName":"[Preview]:
+ For example: 0 = 12AM, 60 = 1AM, 120 = 2AM."}}},"resources":[{"name":"[concat(parameters(''vmName''),''/IaaSAntimalware'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2017-12-01","properties":{"publisher":"Microsoft.Azure.Security","type":"IaaSAntimalware","typeHandlerVersion":"1.3","autoUpgradeMinorVersion":true,"settings":{"AntimalwareEnabled":true,"RealtimeProtectionEnabled":"[parameters(''RealtimeProtectionEnabled'')]","ScheduledScanSettings":{"isEnabled":"[parameters(''ScheduledScanSettingsIsEnabled'')]","day":"[parameters(''ScheduledScanSettingsDay'')]","time":"[parameters(''ScheduledScanSettingsTime'')]","scanType":"[parameters(''ScheduledScanSettingsScanType'')]"},"Exclusions":{"Extensions":"[parameters(''ExclusionsExtensions'')]","Paths":"[parameters(''ExclusionsPaths'')]","Processes":"[parameters(''ExclusionsProcesses'')]"}}}}]},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"RealtimeProtectionEnabled":{"value":"true"},"ScheduledScanSettingsIsEnabled":{"value":"true"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc","type":"Microsoft.Authorization/policyDefinitions","name":"2835b622-407b-4114-9198-6f7064cbe0dc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1342 - Authenticator Management | Hardware Token-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1342"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/283a4e29-69d5-4c94-b99e-29acf003c899","type":"Microsoft.Authorization/policyDefinitions","name":"283a4e29-69d5-4c94-b99e-29acf003c899"},{"properties":{"displayName":"Microsoft
+ Managed Control 1436 - Media Transport","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1436"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/28aab8b4-74fd-4b7c-9080-5a7be525d574","type":"Microsoft.Authorization/policyDefinitions","name":"28aab8b4-74fd-4b7c-9080-5a7be525d574"},{"properties":{"displayName":"Microsoft
+ Managed Control 1224 - Information System Component Inventory | Updates During
+ Installations / Removals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1224"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/28cfa30b-7f72-47ce-ba3b-eed26c8d2c82","type":"Microsoft.Authorization/policyDefinitions","name":"28cfa30b-7f72-47ce-ba3b-eed26c8d2c82"},{"properties":{"displayName":"Microsoft
+ Managed Control 1148 - Security Assessments | Independent Assessors","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1148"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/28e62650-c7c2-4786-bdfa-17edc1673902","type":"Microsoft.Authorization/policyDefinitions","name":"28e62650-c7c2-4786-bdfa-17edc1673902"},{"properties":{"displayName":"Microsoft
+ Managed Control 1418 - Nonlocal Maintenance | Comparable Security / Sanitization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1418"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/28e633fd-284e-4ea7-88b4-02ca157ed713","type":"Microsoft.Authorization/policyDefinitions","name":"28e633fd-284e-4ea7-88b4-02ca157ed713"},{"properties":{"displayName":"Microsoft
+ Managed Control 1634 - Boundary Protection | Prevent Unauthorized Exfiltration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1634"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/292a7c44-37fa-4c68-af7c-9d836955ded2","type":"Microsoft.Authorization/policyDefinitions","name":"292a7c44-37fa-4c68-af7c-9d836955ded2"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
User Account Control''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -7696,14 +12318,62 @@ interactions:
the specified tag and value when any resource which is missing this tag is
created or updated. Does not modify the tags of resources created before this
policy was applied until those resources are changed. Does not apply to resource
- groups.","metadata":{"category":"General"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ groups. New ''modify'' effect policies are available that support remediation
+ of tags on existing resources (see https://aka.ms/modifydoc).","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"field":"[concat(''tags['',
parameters(''tagName''), '']'')]","exists":"false"},"then":{"effect":"append","details":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498","type":"Microsoft.Authorization/policyDefinitions","name":"2a0e14a6-b0a6-4fab-991a-187a4f81c498"},{"properties":{"displayName":"Unattached
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498","type":"Microsoft.Authorization/policyDefinitions","name":"2a0e14a6-b0a6-4fab-991a-187a4f81c498"},{"properties":{"displayName":"Microsoft
+ Managed Control 1219 - Least Functionality | Authorized Software / Whitelisting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1219"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2a39ac75-622b-4c88-9a3f-45b7373f7ef7","type":"Microsoft.Authorization/policyDefinitions","name":"2a39ac75-622b-4c88-9a3f-45b7373f7ef7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1274 - Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1274"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2aee175f-cd16-4825-939a-a85349d96210","type":"Microsoft.Authorization/policyDefinitions","name":"2aee175f-cd16-4825-939a-a85349d96210"},{"properties":{"displayName":"Microsoft
+ Managed Control 1603 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1603"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2b909c26-162f-47ce-8e15-0c1f55632eac","type":"Microsoft.Authorization/policyDefinitions","name":"2b909c26-162f-47ce-8e15-0c1f55632eac"},{"properties":{"displayName":"Managed
+ identity should be used in your Web App","policyType":"BuiltIn","mode":"Indexed","description":"Use
+ a managed identity for enhanced authentication security","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332","type":"Microsoft.Authorization/policyDefinitions","name":"2b9ad585-36bc-4615-b300-fd4435808332"},{"properties":{"displayName":"Microsoft
+ Managed Control 1434 - Media Transport","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1434"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c18f06b-a68d-41c3-8863-b8cd3acb5f8f","type":"Microsoft.Authorization/policyDefinitions","name":"2c18f06b-a68d-41c3-8863-b8cd3acb5f8f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1343 - Authenticator Management | Expiration Of Cached Authenticators","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1343"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c251a55-31eb-4e53-99c6-e9c43c393ac2","type":"Microsoft.Authorization/policyDefinitions","name":"2c251a55-31eb-4e53-99c6-e9c43c393ac2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1388 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1388"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c7c575a-d4c5-4f6f-bd49-dee97a8cba55","type":"Microsoft.Authorization/policyDefinitions","name":"2c7c575a-d4c5-4f6f-bd49-dee97a8cba55"},{"properties":{"displayName":"Microsoft
+ Managed Control 1344 - Authenticator Feedback","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1344"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c895fe7-2d8e-43a2-838c-3a533a5b355e","type":"Microsoft.Authorization/policyDefinitions","name":"2c895fe7-2d8e-43a2-838c-3a533a5b355e"},{"properties":{"displayName":"Unattached
disks should be encrypted","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any unattached disk without encryption enabled.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/disks"},{"field":"Microsoft.Compute/disks/diskState","equals":"Unattached"},{"anyOf":[{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","exists":"false"},{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","type":"Microsoft.Authorization/policyDefinitions","name":"2c89a2e5-7285-40fe-afe0-ae8654b92fb2"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/disks"},{"field":"Microsoft.Compute/disks/diskState","equals":"Unattached"},{"anyOf":[{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","exists":"false"},{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","type":"Microsoft.Authorization/policyDefinitions","name":"2c89a2e5-7285-40fe-afe0-ae8654b92fb2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1593 - External Information System Services | Processing,
+ Storage, And Service Location","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1593"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2cd0a426-b5f5-4fe0-9539-a6043cdbc6fa","type":"Microsoft.Authorization/policyDefinitions","name":"2cd0a426-b5f5-4fe0-9539-a6043cdbc6fa"},{"properties":{"displayName":"Microsoft
+ Managed Control 1546 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1546"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2ce1ea7e-4038-4e53-82f4-63e8859333c1","type":"Microsoft.Authorization/policyDefinitions","name":"2ce1ea7e-4038-4e53-82f4-63e8859333c1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1414 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1414"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2ce63a52-e47b-4ae2-adbb-6e40d967f9e6","type":"Microsoft.Authorization/policyDefinitions","name":"2ce63a52-e47b-4ae2-adbb-6e40d967f9e6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1679 - Malicious Code Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1679"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2cf42a28-193e-41c5-98df-7688e7ef0a88","type":"Microsoft.Authorization/policyDefinitions","name":"2cf42a28-193e-41c5-98df-7688e7ef0a88"},{"properties":{"displayName":"Microsoft
+ Managed Control 1068 - Wireless Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1068"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d045bca-a0fd-452e-9f41-4ec33769717c","type":"Microsoft.Authorization/policyDefinitions","name":"2d045bca-a0fd-452e-9f41-4ec33769717c"},{"properties":{"displayName":"App
+ Service should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any App Service not configured to use a virtual network service
+ endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/virtualNetworkConnections","existenceCondition":{"field":"Microsoft.Web/sites/virtualnetworkconnections/vnetResourceId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d21331d-a4c2-4def-a9ad-ee4e1e023beb","type":"Microsoft.Authorization/policyDefinitions","name":"2d21331d-a4c2-4def-a9ad-ee4e1e023beb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1704 - Security Alerts, Advisories, And Directives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1704"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d44b6fa-1134-4ea6-ad4e-9edb68f65429","type":"Microsoft.Authorization/policyDefinitions","name":"2d44b6fa-1134-4ea6-ad4e-9edb68f65429"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that do not store passwords using reversible
encryption","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
@@ -7717,7 +12387,35 @@ interactions:
initiative. This definition allows Azure Policy to process the results of
auditing Linux virtual machines that allow remote connections from accounts
without passwords. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","type":"Microsoft.Authorization/policyDefinitions","name":"2d67222d-05fd-4526-a171-2ee132ad9e83"},{"properties":{"displayName":"[Deprecated]:
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","type":"Microsoft.Authorization/policyDefinitions","name":"2d67222d-05fd-4526-a171-2ee132ad9e83"},{"properties":{"displayName":"Microsoft
+ Managed Control 1077 - Use Of External Information Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1077"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2dad3668-797a-412e-a798-07d3849a7a79","type":"Microsoft.Authorization/policyDefinitions","name":"2dad3668-797a-412e-a798-07d3849a7a79"},{"properties":{"displayName":"Microsoft
+ Managed Control 1149 - Security Assessments | Specialized Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1149"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2e1b855b-a013-481a-aeeb-2bcb129fd35d","type":"Microsoft.Authorization/policyDefinitions","name":"2e1b855b-a013-481a-aeeb-2bcb129fd35d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1497 - System Security Plan | Plan / Coordinate With Other
+ Organizational Entities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1497"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2e3c5583-1729-4d36-8771-59c32f090a22","type":"Microsoft.Authorization/policyDefinitions","name":"2e3c5583-1729-4d36-8771-59c32f090a22"},{"properties":{"displayName":"Microsoft
+ Managed Control 1000 - Access Control Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1000"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2ef3cc79-733e-48ed-ab6f-7bf439e9b406","type":"Microsoft.Authorization/policyDefinitions","name":"2ef3cc79-733e-48ed-ab6f-7bf439e9b406"},{"properties":{"displayName":"Microsoft
+ Managed Control 1519 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1519"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2f13915a-324c-4ab8-b45c-2eefeeefb098","type":"Microsoft.Authorization/policyDefinitions","name":"2f13915a-324c-4ab8-b45c-2eefeeefb098"},{"properties":{"displayName":"[Preview]:
+ Network traffic data collection agent should be installed on Windows virtual
+ machines","policyType":"BuiltIn","mode":"Indexed","description":"Security
+ Center uses the Microsoft Monitoring Dependency Agent to collect network traffic
+ data from your Azure virtual machines to enable advanced network protection
+ features such as traffic visualization on the network map, network hardening
+ recommendations and specific network threats.","metadata":{"category":"Monitoring","preview":"true"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable Dependency Agent for Windows VMs monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2f2ee1de-44aa-4762-b6bd-0893fc3f306d","type":"Microsoft.Authorization/policyDefinitions","name":"2f2ee1de-44aa-4762-b6bd-0893fc3f306d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1144 - Security Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1144"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fa15ff1-a693-4ee4-b094-324818dc9a51","type":"Microsoft.Authorization/policyDefinitions","name":"2fa15ff1-a693-4ee4-b094-324818dc9a51"},{"properties":{"displayName":"Microsoft
+ Managed Control 1090 - Security Awareness Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1090"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fb740e5-cbc7-4d10-8686-d1bf826652b1","type":"Microsoft.Authorization/policyDefinitions","name":"2fb740e5-cbc7-4d10-8686-d1bf826652b1"},{"properties":{"displayName":"[Deprecated]:
Web Application should only be accessible over HTTPS","policyType":"BuiltIn","mode":"All","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"Security
@@ -7740,14 +12438,21 @@ interactions:
https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"DomainName":{"type":"String","metadata":{"displayName":"Domain
Name (FQDN)","description":"The fully qualified domain name (FQDN) that the
Windows VMs should be joined to"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDomainMembership","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[DomainMembership]WindowsDomainMembership;DomainName'',
- ''='', parameters(''DomainName'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDomainMembership"},"DomainName":{"value":"[parameters(''DomainName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"DomainName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[DomainMembership]WindowsDomainMembership;DomainName","value":"[parameters(''DomainName'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[DomainMembership]WindowsDomainMembership;DomainName","value":"[parameters(''DomainName'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/315c850a-272d-4502-8935-b79010405970","type":"Microsoft.Authorization/policyDefinitions","name":"315c850a-272d-4502-8935-b79010405970"},{"properties":{"displayName":"[Preview]:
+ ''='', parameters(''DomainName'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDomainMembership"},"DomainName":{"value":"[parameters(''DomainName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"DomainName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[DomainMembership]WindowsDomainMembership;DomainName","value":"[parameters(''DomainName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[DomainMembership]WindowsDomainMembership;DomainName","value":"[parameters(''DomainName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/315c850a-272d-4502-8935-b79010405970","type":"Microsoft.Authorization/policyDefinitions","name":"315c850a-272d-4502-8935-b79010405970"},{"properties":{"displayName":"Microsoft
+ Managed Control 1042 - Least Privilege | Auditing Use Of Privileged Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1042"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/319dc4f0-0fed-4ac9-8fc3-7aeddee82c07","type":"Microsoft.Authorization/policyDefinitions","name":"319dc4f0-0fed-4ac9-8fc3-7aeddee82c07"},{"properties":{"displayName":"Microsoft
+ Managed Control 1698 - Information System Monitoring | Individuals Posing
+ Greater Risk","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1698"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/31b752c1-05a9-432a-8fce-c39b56550119","type":"Microsoft.Authorization/policyDefinitions","name":"31b752c1-05a9-432a-8fce-c39b56550119"},{"properties":{"displayName":"[Preview]:
Audit Log Analytics Agent Deployment - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports
VMs as non-compliant if the VM Image (OS) is not in the list defined and the
agent is not installed. The list of OS images will be updated over time as
@@ -7755,7 +12460,13 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","type":"Microsoft.Authorization/policyDefinitions","name":"32133ab0-ee4b-4b44-98d6-042180979d50"},{"properties":{"displayName":"Deploy
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","type":"Microsoft.Authorization/policyDefinitions","name":"32133ab0-ee4b-4b44-98d6-042180979d50"},{"properties":{"displayName":"Microsoft
+ Managed Control 1587 - External Information System Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1587"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32820956-9c6d-4376-934c-05cd8525be7c","type":"Microsoft.Authorization/policyDefinitions","name":"32820956-9c6d-4376-934c-05cd8525be7c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1333 - Authenticator Management | Pki-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1333"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3298d6bf-4bc6-4278-a95d-f7ef3ac6e594","type":"Microsoft.Authorization/policyDefinitions","name":"3298d6bf-4bc6-4278-a95d-f7ef3ac6e594"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs on which the specified services are not
installed and ''Running''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -7767,42 +12478,66 @@ interactions:
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"ServiceName":{"type":"String","metadata":{"displayName":"Service
names (supports wildcards)","description":"A semicolon-separated list of the
names of the services that should be installed and ''Running''. e.g. ''WinRm;Wi*''"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsServiceStatus","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[WindowsServiceStatus]WindowsServiceStatus1;ServiceName'',
- ''='', parameters(''ServiceName'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsServiceStatus"},"ServiceName":{"value":"[parameters(''ServiceName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ServiceName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsServiceStatus]WindowsServiceStatus1;ServiceName","value":"[parameters(''ServiceName'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsServiceStatus]WindowsServiceStatus1;ServiceName","value":"[parameters(''ServiceName'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32b1e4d4-6cd5-47b4-a935-169da8a5c262","type":"Microsoft.Authorization/policyDefinitions","name":"32b1e4d4-6cd5-47b4-a935-169da8a5c262"},{"properties":{"displayName":"[Preview]:
+ ''='', parameters(''ServiceName'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsServiceStatus"},"ServiceName":{"value":"[parameters(''ServiceName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ServiceName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsServiceStatus]WindowsServiceStatus1;ServiceName","value":"[parameters(''ServiceName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsServiceStatus]WindowsServiceStatus1;ServiceName","value":"[parameters(''ServiceName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32b1e4d4-6cd5-47b4-a935-169da8a5c262","type":"Microsoft.Authorization/policyDefinitions","name":"32b1e4d4-6cd5-47b4-a935-169da8a5c262"},{"properties":{"displayName":"Microsoft
+ Managed Control 1445 - Physical And Environmental Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1445"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32d07d59-2716-4972-b37b-214a67ac4a37","type":"Microsoft.Authorization/policyDefinitions","name":"32d07d59-2716-4972-b37b-214a67ac4a37"},{"properties":{"displayName":"Microsoft
+ Managed Control 1282 - Telecommunications Services | Single Points Of Failure","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1282"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34042a97-ec6d-4263-93d2-8c1c46823b2a","type":"Microsoft.Authorization/policyDefinitions","name":"34042a97-ec6d-4263-93d2-8c1c46823b2a"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Linux VMs that have accounts without passwords","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Linux virtual machines
that have accounts without passwords. It also creates a system-assigned managed
identity and deploys the VM extension for Guest Configuration. This policy
should only be used along with its corresponding audit policy in an initiative.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid232","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid232"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","type":"Microsoft.Authorization/policyDefinitions","name":"3470477a-b35a-49db-aca5-1073d04524fe"},{"properties":{"displayName":"Audit
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid232","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid232"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","type":"Microsoft.Authorization/policyDefinitions","name":"3470477a-b35a-49db-aca5-1073d04524fe"},{"properties":{"displayName":"Microsoft
+ Managed Control 1151 - System Interconnections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1151"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/347e3b69-7fb7-47df-a8ef-71a1a7b44bca","type":"Microsoft.Authorization/policyDefinitions","name":"347e3b69-7fb7-47df-a8ef-71a1a7b44bca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1412 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1412"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3492d949-0dbb-4589-88b3-7b59601cc764","type":"Microsoft.Authorization/policyDefinitions","name":"3492d949-0dbb-4589-88b3-7b59601cc764"},{"properties":{"displayName":"Microsoft
+ Managed Control 1475 - Emergency Lighting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1475"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34a63848-30cf-4081-937e-ce1a1c885501","type":"Microsoft.Authorization/policyDefinitions","name":"34a63848-30cf-4081-937e-ce1a1c885501"},{"properties":{"displayName":"Microsoft
+ Managed Control 1060 - Remote Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1060"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34a987fd-2003-45de-a120-014956581f2b","type":"Microsoft.Authorization/policyDefinitions","name":"34a987fd-2003-45de-a120-014956581f2b"},{"properties":{"displayName":"Audit
unrestricted network access to storage accounts","policyType":"BuiltIn","mode":"Indexed","description":"Audit
unrestricted network access in your storage account firewall settings. Instead,
configure network rules so only applications from allowed networks can access
the storage account. To allow connections from specific internet or on-premise
clients, access can be granted to traffic from specific Azure virtual networks
or to public internet IP address ranges","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.defaultAction","equals":"Allow"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","type":"Microsoft.Authorization/policyDefinitions","name":"34c877ad-507e-4c82-993e-3452a6e0ad3c"},{"properties":{"displayName":"Diagnostic
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.defaultAction","equals":"Allow"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","type":"Microsoft.Authorization/policyDefinitions","name":"34c877ad-507e-4c82-993e-3452a6e0ad3c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1341 - Authenticator Management | Multiple Information System
+ Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1341"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34cb7e92-fe4c-4826-b51e-8cd203fa5d35","type":"Microsoft.Authorization/policyDefinitions","name":"34cb7e92-fe4c-4826-b51e-8cd203fa5d35"},{"properties":{"displayName":"Diagnostic
logs in Logic Apps should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Logic Apps"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","type":"Microsoft.Authorization/policyDefinitions","name":"34f95f76-5386-4de7-b824-0d8478470c9d"},{"properties":{"displayName":"[Preview]:
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","type":"Microsoft.Authorization/policyDefinitions","name":"34f95f76-5386-4de7-b824-0d8478470c9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1210 - Configuration Settings","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1210"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3502c968-c490-4570-8167-1476f955e9b8","type":"Microsoft.Authorization/policyDefinitions","name":"3502c968-c490-4570-8167-1476f955e9b8"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not have a maximum password
age of 70 days","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -7810,31 +12545,51 @@ interactions:
managed identity and deploys the VM extension for Guest Configuration. This
policy should only be used along with its corresponding audit policy in an
initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MaximumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MaximumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","type":"Microsoft.Authorization/policyDefinitions","name":"356a906e-05e5-4625-8729-90771e0ee934"},{"properties":{"displayName":"CORS
should not allow every resource to access your API App","policyType":"BuiltIn","mode":"Indexed","description":"Cross-Origin
Resource Sharing (CORS) should not allow all domains to access your API app.
Allow only required domains to interact with your API app.","metadata":{"category":"App
Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","type":"Microsoft.Authorization/policyDefinitions","name":"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac"},{"properties":{"displayName":"Gateway
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","type":"Microsoft.Authorization/policyDefinitions","name":"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1659 - Architecture And Provisioning For Name / Address Resolution
+ Service","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1659"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/35a4102f-a778-4a2e-98c2-971056288df8","type":"Microsoft.Authorization/policyDefinitions","name":"35a4102f-a778-4a2e-98c2-971056288df8"},{"properties":{"displayName":"Gateway
subnets should not be configured with a network security group","policyType":"BuiltIn","mode":"All","description":"This
policy denies if a gateway subnet is configured with a network security group.
Assigning a network security group to a gateway subnet will cause the gateway
- to stop functioning.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},{"field":"name","equals":"GatewaySubnet"},{"field":"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id","exists":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010","type":"Microsoft.Authorization/policyDefinitions","name":"35f9c03a-cc27-418e-9c0c-539ff999d010"},{"properties":{"displayName":"Deploy
+ to stop functioning.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},{"field":"name","equals":"GatewaySubnet"},{"field":"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id","exists":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010","type":"Microsoft.Authorization/policyDefinitions","name":"35f9c03a-cc27-418e-9c0c-539ff999d010"},{"properties":{"displayName":"Microsoft
+ Managed Control 1043 - Least Privilege | Prohibit Non-Privileged Users From
+ Executing Privileged Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1043"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/361a77f6-0f9c-4748-8eec-bc13aaaa2455","type":"Microsoft.Authorization/policyDefinitions","name":"361a77f6-0f9c-4748-8eec-bc13aaaa2455"},{"properties":{"displayName":"Deploy
Advanced Threat Protection on Storage Accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
policy enables Advanced Threat Protection on Storage Accounts.","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Storage/storageAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"storageAccountName":{"type":"string"}},"resources":[{"apiVersion":"2017-08-01-preview","type":"Microsoft.Storage/storageAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''storageAccountName''),
- ''/Microsoft.Security/current'')]","properties":{"isEnabled":true}}]},"parameters":{"storageAccountName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c","type":"Microsoft.Authorization/policyDefinitions","name":"361c2074-3595-4e5d-8cab-4f21dffc835c"},{"properties":{"displayName":"Automation
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Storage/storageAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"storageAccountName":{"type":"string"}},"resources":[{"apiVersion":"2019-01-01","type":"Microsoft.Storage/storageAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''storageAccountName''),
+ ''/Microsoft.Security/current'')]","properties":{"isEnabled":true}}]},"parameters":{"storageAccountName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c","type":"Microsoft.Authorization/policyDefinitions","name":"361c2074-3595-4e5d-8cab-4f21dffc835c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1313 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1313"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36220f5b-79a1-4cdb-8c74-2d2449f9a510","type":"Microsoft.Authorization/policyDefinitions","name":"36220f5b-79a1-4cdb-8c74-2d2449f9a510"},{"properties":{"displayName":"Microsoft
+ Managed Control 1630 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1630"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3643717a-3897-4bfd-8530-c7c96b26b2a0","type":"Microsoft.Authorization/policyDefinitions","name":"3643717a-3897-4bfd-8530-c7c96b26b2a0"},{"properties":{"displayName":"Automation
account variables should be encrypted","policyType":"BuiltIn","mode":"All","description":"It
is important to enable encryption of Automation account variable assets when
storing sensitive data","metadata":{"category":"Automation"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Automation/automationAccounts/variables"},{"field":"Microsoft.Automation/automationAccounts/variables/isEncrypted","notEquals":"true"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","type":"Microsoft.Authorization/policyDefinitions","name":"3657f5a0-770e-44a3-b44e-9431ba1e9735"},{"properties":{"displayName":"Deploy
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Automation/automationAccounts/variables"},{"field":"Microsoft.Automation/automationAccounts/variables/isEncrypted","notEquals":"true"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","type":"Microsoft.Authorization/policyDefinitions","name":"3657f5a0-770e-44a3-b44e-9431ba1e9735"},{"properties":{"displayName":"Microsoft
+ Managed Control 1339 - Authenticator Management | Protection Of Authenticators","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1339"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/367ae386-db7f-4167-b672-984ff86277c0","type":"Microsoft.Authorization/policyDefinitions","name":"367ae386-db7f-4167-b672-984ff86277c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1685 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1685"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36b0ef30-366f-4b1b-8652-a3511df11f53","type":"Microsoft.Authorization/policyDefinitions","name":"36b0ef30-366f-4b1b-8652-a3511df11f53"},{"properties":{"displayName":"Deploy
Threat Detection on SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy ensures that Threat Detection is enabled on SQL Servers.","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/securityAlertPolicies.state","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"serverName":{"type":"string"}},"variables":{},"resources":[{"name":"[concat(parameters(''serverName''),
''/Default'')]","type":"Microsoft.Sql/servers/securityAlertPolicies","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","emailAccountAdmins":true}}]},"parameters":{"serverName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5","type":"Microsoft.Authorization/policyDefinitions","name":"36d49e87-48c4-4f2e-beed-ba4ed02b71f5"},{"properties":{"displayName":"[Preview]:
@@ -7883,7 +12638,10 @@ interactions:
clients;ExpectedValue","value":"[parameters(''NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients'')]"},{"name":"Network
security: Minimum session security for NTLM SSP based (including secure RPC)
servers;ExpectedValue","value":"[parameters(''NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36e17963-7202-494a-80c3-f508211c826b","type":"Microsoft.Authorization/policyDefinitions","name":"36e17963-7202-494a-80c3-f508211c826b"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36e17963-7202-494a-80c3-f508211c826b","type":"Microsoft.Authorization/policyDefinitions","name":"36e17963-7202-494a-80c3-f508211c826b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1557 - Vulnerability Scanning | Review Historic Audit Logs","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1557"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36fbe499-f2f2-41b6-880e-52d7ea1d94a5","type":"Microsoft.Authorization/policyDefinitions","name":"36fbe499-f2f2-41b6-880e-52d7ea1d94a5"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Interactive Logon''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -7894,33 +12652,86 @@ interactions:
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsInteractiveLogon","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsInteractiveLogon"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3750712b-43d0-478e-9966-d2c26f6141b9","type":"Microsoft.Authorization/policyDefinitions","name":"3750712b-43d0-478e-9966-d2c26f6141b9"},{"properties":{"displayName":"Storage
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3750712b-43d0-478e-9966-d2c26f6141b9","type":"Microsoft.Authorization/policyDefinitions","name":"3750712b-43d0-478e-9966-d2c26f6141b9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1624 - Boundary Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1624"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37d079e3-d6aa-4263-a069-dd7ac6dd9684","type":"Microsoft.Authorization/policyDefinitions","name":"37d079e3-d6aa-4263-a069-dd7ac6dd9684"},{"properties":{"displayName":"Storage
accounts should be migrated to new Azure Resource Manager resources","policyType":"BuiltIn","mode":"All","description":"Use
new Azure Resource Manager for your storage accounts to provide security enhancements
such as: stronger access control (RBAC), better auditing, Azure Resource Manager
based deployment and governance, access to managed identities, access to key
vault for secrets, Azure AD-based authentication and support for tags and
resource groups for easier security management","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.classicStorage/storageAccounts"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","type":"Microsoft.Authorization/policyDefinitions","name":"37e0d2fe-28a5-43d6-a273-67d37d1f5606"},{"properties":{"displayName":"Diagnostic
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.ClassicStorage/storageAccounts","Microsoft.Storage/StorageAccounts"]},{"value":"[field(''type'')]","equals":"Microsoft.ClassicStorage/storageAccounts"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","type":"Microsoft.Authorization/policyDefinitions","name":"37e0d2fe-28a5-43d6-a273-67d37d1f5606"},{"properties":{"displayName":"Microsoft
+ Managed Control 1335 - Authenticator Management | Pki-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1335"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/382016f3-d4ba-4e15-9716-55077ec4dc2a","type":"Microsoft.Authorization/policyDefinitions","name":"382016f3-d4ba-4e15-9716-55077ec4dc2a"},{"properties":{"displayName":"Diagnostic
logs in IoT Hub should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Internet of Things"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Devices/IotHubs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","type":"Microsoft.Authorization/policyDefinitions","name":"383856f8-de7f-44a2-81fc-e5135b5c2aa4"},{"properties":{"displayName":"Advanced
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Devices/IotHubs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","type":"Microsoft.Authorization/policyDefinitions","name":"383856f8-de7f-44a2-81fc-e5135b5c2aa4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1081 - Information Sharing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1081"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3867f2a9-23bb-4729-851f-c3ad98580caf","type":"Microsoft.Authorization/policyDefinitions","name":"3867f2a9-23bb-4729-851f-c3ad98580caf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1522 - Personnel Transfer","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1522"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/38b470cc-f939-4a15-80e0-9f0c74f2e2c9","type":"Microsoft.Authorization/policyDefinitions","name":"38b470cc-f939-4a15-80e0-9f0c74f2e2c9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1416 - Nonlocal Maintenance | Document Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1416"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/38dfd8a3-5290-4099-88b7-4081f4c4d8ae","type":"Microsoft.Authorization/policyDefinitions","name":"38dfd8a3-5290-4099-88b7-4081f4c4d8ae"},{"properties":{"displayName":"Microsoft
+ Managed Control 1397 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1397"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/391af4ab-1117-46b9-b2c7-78bbd5cd995b","type":"Microsoft.Authorization/policyDefinitions","name":"391af4ab-1117-46b9-b2c7-78bbd5cd995b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1556 - Vulnerability Scanning | Automated Trend Analyses","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1556"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/391ff8b3-afed-405e-9f7d-ef2f8168d5da","type":"Microsoft.Authorization/policyDefinitions","name":"391ff8b3-afed-405e-9f7d-ef2f8168d5da"},{"properties":{"displayName":"Advanced
data security settings for SQL managed instance should contain an email address
to receive security alerts","policyType":"BuiltIn","mode":"Indexed","description":"Ensure
that an email address is provided for the ''Send alerts to'' field in the
Advanced Data Security server settings. This email address receives alert
notifications when anomalous activities are detected on SQL managed instances.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","notEquals":""},{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","type":"Microsoft.Authorization/policyDefinitions","name":"3965c43d-b5f4-482e-b74a-d89ee0e0b3a8"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","notEquals":""},{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","type":"Microsoft.Authorization/policyDefinitions","name":"3965c43d-b5f4-482e-b74a-d89ee0e0b3a8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1232 - Configuration Management Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1232"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/396ba986-eac1-4d6d-85c4-d3fda6b78272","type":"Microsoft.Authorization/policyDefinitions","name":"396ba986-eac1-4d6d-85c4-d3fda6b78272"},{"properties":{"displayName":"Microsoft
+ Managed Control 1246 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1246"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/398eb61e-8111-40d5-a0c9-003df28f1753","type":"Microsoft.Authorization/policyDefinitions","name":"398eb61e-8111-40d5-a0c9-003df28f1753"},{"properties":{"displayName":"FTPS
+ only should be required in your Function App","policyType":"BuiltIn","mode":"Indexed","description":"Enable
+ FTPS enforcement for enhanced security","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/ftpsState","equals":"FtpsOnly"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15","type":"Microsoft.Authorization/policyDefinitions","name":"399b2637-a50f-4f95-96f8-3a145476eb15"},{"properties":{"displayName":"Microsoft
+ Managed Control 1680 - Malicious Code Protection | Central Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1680"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/399cd6ee-0e18-41db-9dea-cde3bd712f38","type":"Microsoft.Authorization/policyDefinitions","name":"399cd6ee-0e18-41db-9dea-cde3bd712f38"},{"properties":{"displayName":"Microsoft
+ Managed Control 1228 - Information System Component Inventory | Accountability
+ Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1228"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/39c54140-5902-4079-8bb5-ad31936fe764","type":"Microsoft.Authorization/policyDefinitions","name":"39c54140-5902-4079-8bb5-ad31936fe764"},{"properties":{"displayName":"Microsoft
+ Managed Control 1039 - Least Privilege | Review Of User Privileges","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1039"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3a7b9de4-a8a2-4672-914d-c5f6752aa7f9","type":"Microsoft.Authorization/policyDefinitions","name":"3a7b9de4-a8a2-4672-914d-c5f6752aa7f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1648 - Collaborative Computing Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1648"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3a9eb14b-495a-4ebb-933c-ce4ef5264e32","type":"Microsoft.Authorization/policyDefinitions","name":"3a9eb14b-495a-4ebb-933c-ce4ef5264e32"},{"properties":{"displayName":"Microsoft
+ Managed Control 1315 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1315"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3aa87116-f1a1-4edb-bfbf-14e036f8d454","type":"Microsoft.Authorization/policyDefinitions","name":"3aa87116-f1a1-4edb-bfbf-14e036f8d454"},{"properties":{"displayName":"[Preview]:
Pod Security Policies should be defined on Kubernetes Services","policyType":"BuiltIn","mode":"All","description":"Define
Pod Security Policies to reduce the attack vector by removing unnecessary
application privileges. It is recommended to configure Pod Security Policies
to only allow pods to access the resources which they have permissions to
access.","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","exists":"false"},{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94","type":"Microsoft.Authorization/policyDefinitions","name":"3abeb944-26af-43ee-b83d-32aaf060fb94"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","exists":"false"},{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94","type":"Microsoft.Authorization/policyDefinitions","name":"3abeb944-26af-43ee-b83d-32aaf060fb94"},{"properties":{"displayName":"Microsoft
+ Managed Control 1548 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1548"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3afe6c78-6124-4d95-b85c-eb8c0c9539cb","type":"Microsoft.Authorization/policyDefinitions","name":"3afe6c78-6124-4d95-b85c-eb8c0c9539cb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1266 - Contingency Plan Testing | Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1266"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3b4a3eb2-c25d-40bf-ad41-5094b6f59cee","type":"Microsoft.Authorization/policyDefinitions","name":"3b4a3eb2-c25d-40bf-ad41-5094b6f59cee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1003 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1003"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3b68b179-3704-4ff7-b51d-7d65374d165d","type":"Microsoft.Authorization/policyDefinitions","name":"3b68b179-3704-4ff7-b51d-7d65374d165d"},{"properties":{"displayName":"[Preview]:
Deploy Dependency Agent for Windows VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the
list defined and the agent is not installed. The list of OS images will be
@@ -7950,15 +12761,40 @@ interactions:
in security configuration on your virtual machine scale sets should be remediated","policyType":"BuiltIn","mode":"Indexed","description":"Audit
the OS vulnerabilities on your virtual machine scale sets to protect them
from attacks.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OsVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","type":"Microsoft.Authorization/policyDefinitions","name":"3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OsVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","type":"Microsoft.Authorization/policyDefinitions","name":"3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1621 - Resource Availability","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1621"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3cb9f731-744a-4691-a481-ca77b0411538","type":"Microsoft.Authorization/policyDefinitions","name":"3cb9f731-744a-4691-a481-ca77b0411538"},{"properties":{"displayName":"Microsoft
+ Managed Control 1521 - Personnel Termination | Automated Notification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1521"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3cbddf9c-a3aa-4330-a0f5-4c0c1f1862e5","type":"Microsoft.Authorization/policyDefinitions","name":"3cbddf9c-a3aa-4330-a0f5-4c0c1f1862e5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1127 - Time Stamps","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1127"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3ce328db-aef3-48ed-9f81-2ab7cf839c66","type":"Microsoft.Authorization/policyDefinitions","name":"3ce328db-aef3-48ed-9f81-2ab7cf839c66"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Search Services to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Search Services to stream to a regional Event
+ Hub when any Search Services which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Search/searchServices/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d5da587-71bd-41f5-ac95-dd3330c2d58d","type":"Microsoft.Authorization/policyDefinitions","name":"3d5da587-71bd-41f5-ac95-dd3330c2d58d"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Devices''","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Security
Options - Devices''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsDevices","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d7b154e-2700-4c8c-9e46-cb65ac1578c2","type":"Microsoft.Authorization/policyDefinitions","name":"3d7b154e-2700-4c8c-9e46-cb65ac1578c2"},{"properties":{"displayName":"Deploy
- default Log Analytics Agent for Ubuntu VMs","policyType":"BuiltIn","mode":"Indexed","description":"This
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsDevices","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d7b154e-2700-4c8c-9e46-cb65ac1578c2","type":"Microsoft.Authorization/policyDefinitions","name":"3d7b154e-2700-4c8c-9e46-cb65ac1578c2"},{"properties":{"displayName":"[Deprecated]:
+ Deploy default Log Analytics Agent for Ubuntu VMs","policyType":"BuiltIn","mode":"Indexed","description":"This
policy deploys the Log Analytics Agent on Ubuntu VMs, and connects to the
selected Log Analytics workspace","metadata":{"category":"Compute","deprecated":true},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log
Analytics workspace","description":"Select Log Analytics workspace from dropdown
@@ -7967,22 +12803,43 @@ interactions:
policy assignment''s principal ID.","strongType":"omsWorkspace"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS","16.04-LTS","16.04.0-LTS","14.04.2-LTS","12.04.5-LTS"]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"OmsAgentForLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"resources":[{"name":"[concat(parameters(''vmName''),''/omsPolicy'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2017-12-01","properties":{"publisher":"Microsoft.EnterpriseCloud.Monitoring","type":"OmsAgentForLinux","typeHandlerVersion":"1.4","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
''2015-03-20'').customerId]"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- monitoring for Linux VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38","type":"Microsoft.Authorization/policyDefinitions","name":"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38"},{"properties":{"displayName":"Azure
+ monitoring for Linux VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38","type":"Microsoft.Authorization/policyDefinitions","name":"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38"},{"properties":{"displayName":"Microsoft
+ Managed Control 1385 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1385"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3e495e65-8663-49ca-9b38-9f45e800bc58","type":"Microsoft.Authorization/policyDefinitions","name":"3e495e65-8663-49ca-9b38-9f45e800bc58"},{"properties":{"displayName":"Azure
Monitor solution ''Security and Audit'' must be deployed","policyType":"BuiltIn","mode":"All","description":"This
policy ensures that Security and Audit is deployed.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.OperationsManagement/solutions","existenceCondition":{"allOf":[{"field":"Microsoft.OperationsManagement/solutions/provisioningState","equals":"Succeeded"},{"field":"name","like":"Security(*)"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3e596b57-105f-48a6-be97-03e9243bad6e","type":"Microsoft.Authorization/policyDefinitions","name":"3e596b57-105f-48a6-be97-03e9243bad6e"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.OperationsManagement/solutions","existenceCondition":{"allOf":[{"field":"Microsoft.OperationsManagement/solutions/provisioningState","equals":"Succeeded"},{"field":"name","like":"Security(*)"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3e596b57-105f-48a6-be97-03e9243bad6e","type":"Microsoft.Authorization/policyDefinitions","name":"3e596b57-105f-48a6-be97-03e9243bad6e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1160 - Security Authorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1160"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3e797ca6-2aa8-4333-b335-7036f1110c05","type":"Microsoft.Authorization/policyDefinitions","name":"3e797ca6-2aa8-4333-b335-7036f1110c05"},{"properties":{"displayName":"Microsoft
+ Managed Control 1545 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1545"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3f4b171a-a56b-4328-8112-32cf7f947ee1","type":"Microsoft.Authorization/policyDefinitions","name":"3f4b171a-a56b-4328-8112-32cf7f947ee1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1179 - Baseline Configuration | Reviews And Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1179"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3f9ce557-c8ab-4e6c-bb2c-9b8ed002c46c","type":"Microsoft.Authorization/policyDefinitions","name":"3f9ce557-c8ab-4e6c-bb2c-9b8ed002c46c"},{"properties":{"displayName":"[Deprecated]:
Audit API Applications that are not using latest supported PHP Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported PHP version for the latest security classes. Using older
classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66","type":"Microsoft.Authorization/policyDefinitions","name":"3fe37002-5d00-4b37-a301-da09e3a0ca66"},{"properties":{"displayName":"Secure
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66","type":"Microsoft.Authorization/policyDefinitions","name":"3fe37002-5d00-4b37-a301-da09e3a0ca66"},{"properties":{"displayName":"Microsoft
+ Managed Control 1561 - Allocation Of Resources","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1561"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40364c3f-c331-4e29-b1e3-2fbe998ba2f5","type":"Microsoft.Authorization/policyDefinitions","name":"40364c3f-c331-4e29-b1e3-2fbe998ba2f5"},{"properties":{"displayName":"Secure
transfer to storage accounts should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
requirment of Secure transfer in your storage account. Secure transfer is
an option that forces your storage account to accept requests only from secure
connections (HTTPS). Use of HTTPS ensures authentication between the server
and the service and protects data in transit from network layer attacks such
as man-in-the-middle, eavesdropping, and session-hijacking","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","type":"Microsoft.Authorization/policyDefinitions","name":"404c3081-a854-4457-ae30-26a93ef643f9"},{"properties":{"displayName":"[Preview]:
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","type":"Microsoft.Authorization/policyDefinitions","name":"404c3081-a854-4457-ae30-26a93ef643f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1100 - Audit And Accountability Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1100"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4057863c-ca7d-47eb-b1e0-503580cba8a4","type":"Microsoft.Authorization/policyDefinitions","name":"4057863c-ca7d-47eb-b1e0-503580cba8a4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1637 - Boundary Protection | Fail Secure","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1637"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4075bedc-c62a-4635-bede-a01be89807f3","type":"Microsoft.Authorization/policyDefinitions","name":"4075bedc-c62a-4635-bede-a01be89807f3"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Administrative
Templates - System''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -8012,11 +12869,41 @@ interactions:
Driver Initialization Policy;ExpectedValue","value":"[parameters(''BootStartDriverInitializationPolicy'')]"},{"name":"Enable
Windows NTP Client;ExpectedValue","value":"[parameters(''EnableWindowsNTPClient'')]"},{"name":"Turn
on convenience PIN sign-in;ExpectedValue","value":"[parameters(''TurnOnConveniencePINSignin'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40917425-69db-4018-8dae-2a0556cef899","type":"Microsoft.Authorization/policyDefinitions","name":"40917425-69db-4018-8dae-2a0556cef899"},{"properties":{"displayName":"Azure
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40917425-69db-4018-8dae-2a0556cef899","type":"Microsoft.Authorization/policyDefinitions","name":"40917425-69db-4018-8dae-2a0556cef899"},{"properties":{"displayName":"Microsoft
+ Managed Control 1202 - Access Restrictions For Change","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1202"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40a2a83b-74f2-4c02-ae65-f460a5d2792a","type":"Microsoft.Authorization/policyDefinitions","name":"40a2a83b-74f2-4c02-ae65-f460a5d2792a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1438 - Media Sanitization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1438"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40fcc635-52a2-4dbc-9523-80a1f4aa1de6","type":"Microsoft.Authorization/policyDefinitions","name":"40fcc635-52a2-4dbc-9523-80a1f4aa1de6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1365 - Incident Handling | Continuity Of Operations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1365"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4116891d-72f7-46ee-911c-8056cc8dcbd5","type":"Microsoft.Authorization/policyDefinitions","name":"4116891d-72f7-46ee-911c-8056cc8dcbd5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1022 - Account Management | Shared / Group Account Credential
+ Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1022"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/411f7e2d-9a0b-4627-a0b9-1700432db47d","type":"Microsoft.Authorization/policyDefinitions","name":"411f7e2d-9a0b-4627-a0b9-1700432db47d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1464 - Monitoring Physical Access | Intrusion Alarms / Surveillance
+ Equipment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1464"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/41256567-1795-4684-b00b-a1308ce43cac","type":"Microsoft.Authorization/policyDefinitions","name":"41256567-1795-4684-b00b-a1308ce43cac"},{"properties":{"displayName":"Azure
Monitor should collect activity logs from all regions","policyType":"BuiltIn","mode":"All","description":"This
policy audits the Azure Monitor log profile which does not export activities
from all Azure supported regions including global.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiasoutheast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"brazilsouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francesouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japaneast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japanwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreasouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricanorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricawest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southeastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaenorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uksouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"ukwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"global"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","type":"Microsoft.Authorization/policyDefinitions","name":"41388f1c-2db0-4c25-95b2-35d7f5ccbfa9"},{"properties":{"displayName":"Diagnostic
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiasoutheast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"brazilsouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francesouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japaneast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japanwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreasouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricanorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricawest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southeastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaenorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uksouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"ukwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"global"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","type":"Microsoft.Authorization/policyDefinitions","name":"41388f1c-2db0-4c25-95b2-35d7f5ccbfa9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1263 - Contingency Plan Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1263"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/41472613-3b05-49f6-8fe8-525af113ce17","type":"Microsoft.Authorization/policyDefinitions","name":"41472613-3b05-49f6-8fe8-525af113ce17"},{"properties":{"displayName":"Microsoft
+ Managed Control 1096 - Role-Based Security Training | Practical Exercises","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1096"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/420c1477-aa43-49d0-bd7e-c4abdd9addff","type":"Microsoft.Authorization/policyDefinitions","name":"420c1477-aa43-49d0-bd7e-c4abdd9addff"},{"properties":{"displayName":"Microsoft
+ Managed Control 1260 - Contingency Training | Simulated Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1260"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/42254fc4-2738-4128-9613-72aaa4f0d9c3","type":"Microsoft.Authorization/policyDefinitions","name":"42254fc4-2738-4128-9613-72aaa4f0d9c3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1694 - Information System Monitoring | Analyze Communications
+ Traffic Anomalies","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1694"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/426c4ac9-ff17-49d0-acd7-a13c157081c0","type":"Microsoft.Authorization/policyDefinitions","name":"426c4ac9-ff17-49d0-acd7-a13c157081c0"},{"properties":{"displayName":"Diagnostic
logs in Batch accounts should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
@@ -8040,7 +12927,20 @@ interactions:
Process Termination;ExpectedValue'', ''='', parameters(''AuditProcessTermination'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesDetailedTracking"},"AuditProcessTermination":{"value":"[parameters(''AuditProcessTermination'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AuditProcessTermination":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit
Process Termination;ExpectedValue","value":"[parameters(''AuditProcessTermination'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/42a07bbf-ffcf-459a-b4b1-30ecd118a505","type":"Microsoft.Authorization/policyDefinitions","name":"42a07bbf-ffcf-459a-b4b1-30ecd118a505"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/42a07bbf-ffcf-459a-b4b1-30ecd118a505","type":"Microsoft.Authorization/policyDefinitions","name":"42a07bbf-ffcf-459a-b4b1-30ecd118a505"},{"properties":{"displayName":"Microsoft
+ Managed Control 1174 - Configuration Management Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1174"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/42a9a714-8fbb-43ac-b115-ea12d2bd652f","type":"Microsoft.Authorization/policyDefinitions","name":"42a9a714-8fbb-43ac-b115-ea12d2bd652f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1137 - Audit Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1137"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4344df62-88ab-4637-b97b-bcaf2ec97e7c","type":"Microsoft.Authorization/policyDefinitions","name":"4344df62-88ab-4637-b97b-bcaf2ec97e7c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1367 - Incident Handling | Insider Threats - Specific Capabilities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1367"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/435b2547-6374-4f87-b42d-6e8dbe6ae62a","type":"Microsoft.Authorization/policyDefinitions","name":"435b2547-6374-4f87-b42d-6e8dbe6ae62a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1552 - Vulnerability Scanning | Update By Frequency / Prior
+ To New Scan / When Identified","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1552"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/43684572-e4f1-4642-af35-6b933bc506da","type":"Microsoft.Authorization/policyDefinitions","name":"43684572-e4f1-4642-af35-6b933bc506da"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- System settings''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -8062,13 +12962,56 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"System
settings: Use Certificate Rules on Windows Executables for Software Restriction
Policies;ExpectedValue","value":"[parameters(''SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/437a1f8f-8552-47a8-8b12-a2fee3269dd5","type":"Microsoft.Authorization/policyDefinitions","name":"437a1f8f-8552-47a8-8b12-a2fee3269dd5"},{"properties":{"displayName":"[Deprecated]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/437a1f8f-8552-47a8-8b12-a2fee3269dd5","type":"Microsoft.Authorization/policyDefinitions","name":"437a1f8f-8552-47a8-8b12-a2fee3269dd5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1544 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1544"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/43ced7c9-cd53-456b-b0da-2522649a4271","type":"Microsoft.Authorization/policyDefinitions","name":"43ced7c9-cd53-456b-b0da-2522649a4271"},{"properties":{"displayName":"Microsoft
+ Managed Control 1398 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1398"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/443e8f3d-b51a-45d8-95a7-18b0e42f4dc4","type":"Microsoft.Authorization/policyDefinitions","name":"443e8f3d-b51a-45d8-95a7-18b0e42f4dc4"},{"properties":{"displayName":"[Deprecated]:
Monitor permissive network access in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Network
Security Groups with too permissive rules will be monitored by Azure Security
Center as recommendations","metadata":{"category":"Security Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"permissiveNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed","type":"Microsoft.Authorization/policyDefinitions","name":"44452482-524f-4bf4-b852-0bff7cc4a3ed"},{"properties":{"displayName":"Require
- SQL Server version 12.0","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy ensures all SQL servers use version 12.0","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers"},{"not":{"field":"Microsoft.Sql/servers/version","equals":"12.0"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf","type":"Microsoft.Authorization/policyDefinitions","name":"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"permissiveNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed","type":"Microsoft.Authorization/policyDefinitions","name":"44452482-524f-4bf4-b852-0bff7cc4a3ed"},{"properties":{"displayName":"Microsoft
+ Managed Control 1066 - Remote Access | Disconnect / Disable Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1066"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4455c2e8-c65d-4acf-895e-304916f90b36","type":"Microsoft.Authorization/policyDefinitions","name":"4455c2e8-c65d-4acf-895e-304916f90b36"},{"properties":{"displayName":"Microsoft
+ Managed Control 1720 - Spam Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1720"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44b9a7cd-f36a-491a-a48b-6d04ae7c4221","type":"Microsoft.Authorization/policyDefinitions","name":"44b9a7cd-f36a-491a-a48b-6d04ae7c4221"},{"properties":{"displayName":"Microsoft
+ Managed Control 1334 - Authenticator Management | Pki-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1334"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44bfdadc-8c2e-4c30-9c99-f005986fabcd","type":"Microsoft.Authorization/policyDefinitions","name":"44bfdadc-8c2e-4c30-9c99-f005986fabcd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1604 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1604"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44dbba23-0b61-478e-89c7-b3084667782f","type":"Microsoft.Authorization/policyDefinitions","name":"44dbba23-0b61-478e-89c7-b3084667782f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1712 - Software, Firmware, And Information Integrity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1712"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44e543aa-41db-42aa-98eb-8a5eb1db53f0","type":"Microsoft.Authorization/policyDefinitions","name":"44e543aa-41db-42aa-98eb-8a5eb1db53f0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1310 - Device Identification And Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1310"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/450d7ede-823d-4931-a99d-57f6a38807dc","type":"Microsoft.Authorization/policyDefinitions","name":"450d7ede-823d-4931-a99d-57f6a38807dc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1559 - System And Services Acquisition Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1559"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/45692294-f074-42bd-ac54-16f1a3c07554","type":"Microsoft.Authorization/policyDefinitions","name":"45692294-f074-42bd-ac54-16f1a3c07554"},{"properties":{"displayName":"Microsoft
+ Managed Control 1578 - Acquisition Process | Functions / Ports / Protocols
+ / Services In Use","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1578"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/45b7b644-5f91-498e-9d89-7402532d3645","type":"Microsoft.Authorization/policyDefinitions","name":"45b7b644-5f91-498e-9d89-7402532d3645"},{"properties":{"displayName":"Microsoft
+ Managed Control 1565 - System Development Life Cycle","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1565"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/45ce2396-5c76-4654-9737-f8792ab3d26b","type":"Microsoft.Authorization/policyDefinitions","name":"45ce2396-5c76-4654-9737-f8792ab3d26b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1337 - Authenticator Management | In-Person Or Trusted Third-Party
+ Registration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1337"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/463e5220-3f79-4e24-a63f-343e4096cd22","type":"Microsoft.Authorization/policyDefinitions","name":"463e5220-3f79-4e24-a63f-343e4096cd22"},{"properties":{"displayName":"[Deprecated]:
+ Require SQL Server version 12.0","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy ensures all SQL servers use version 12.0. This policy is deprecated
+ because it is no longer possible to create an Azure SQL server with any version
+ other than 12.0.","metadata":{"category":"SQL","deprecated":"true"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers"},{"not":{"field":"Microsoft.Sql/servers/version","equals":"12.0"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf","type":"Microsoft.Authorization/policyDefinitions","name":"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1346 - Identification And Authentication (Non-Organizational
+ Users)","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1346"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/464dc8ce-2200-4720-87a5-dc5952924cc6","type":"Microsoft.Authorization/policyDefinitions","name":"464dc8ce-2200-4720-87a5-dc5952924cc6"},{"properties":{"displayName":"[Deprecated]:
Audit Web Applications that are not using latest supported Python Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported Python version for the latest security classes. Using
older classes and types can make your application vulnerable.","metadata":{"category":"Security
@@ -8077,7 +13020,14 @@ interactions:
automatic OS image patching on Virtual Machine Scale Sets","policyType":"BuiltIn","mode":"All","description":"This
policy enforces enabling automatic OS image patching on Virtual Machine Scale
Sets to always keep Virtual Machines secure by safely applying latest security
- patches every month.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgradePolicy.enableAutomaticOSUpgrade","notEquals":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade","notEquals":"True"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"465f0161-0087-490a-9ad9-ad6217f4f43a"},{"properties":{"displayName":"Automatic
+ patches every month.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgradePolicy.enableAutomaticOSUpgrade","notEquals":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade","notEquals":"True"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"465f0161-0087-490a-9ad9-ad6217f4f43a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1368 - Incident Handling | Correlation With External Organizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1368"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/465f32da-0ace-4603-8d1b-7be5a3a702de","type":"Microsoft.Authorization/policyDefinitions","name":"465f32da-0ace-4603-8d1b-7be5a3a702de"},{"properties":{"displayName":"Microsoft
+ Managed Control 1062 - Remote Access | Protection Of Confidentiality / Integrity
+ Using Encryption","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1062"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4708723f-e099-4af1-bbf9-b6df7642e444","type":"Microsoft.Authorization/policyDefinitions","name":"4708723f-e099-4af1-bbf9-b6df7642e444"},{"properties":{"displayName":"Automatic
provisioning of the Log Analytics monitoring agent should be enabled on your
subscription","policyType":"BuiltIn","mode":"All","description":"Enable automatic
provisioning of the Log Analytics monitoring agent in order to collect security
@@ -8086,12 +13036,51 @@ interactions:
Application Controls should be enabled on virtual machines","policyType":"BuiltIn","mode":"All","description":"Possible
Application Whitelist configuration will be monitored by Azure Security Center","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"applicationWhitelisting","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","type":"Microsoft.Authorization/policyDefinitions","name":"47a6b606-51aa-4496-8bb7-64b11cf66adc"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"applicationWhitelisting","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","type":"Microsoft.Authorization/policyDefinitions","name":"47a6b606-51aa-4496-8bb7-64b11cf66adc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1359 - Incident Response Testing | Coordination With Related
+ Plans","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Incident Response control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1359"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/47bc7ea0-7d13-4f7c-a154-b903f7194253","type":"Microsoft.Authorization/policyDefinitions","name":"47bc7ea0-7d13-4f7c-a154-b903f7194253"},{"properties":{"displayName":"Microsoft
+ Managed Control 1165 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1165"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/47e10916-6c9e-446b-b0bd-ff5fd439d79d","type":"Microsoft.Authorization/policyDefinitions","name":"47e10916-6c9e-446b-b0bd-ff5fd439d79d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1048 - System Use Notification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1048"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/483e7ca9-82b3-45a2-be97-b93163a0deb7","type":"Microsoft.Authorization/policyDefinitions","name":"483e7ca9-82b3-45a2-be97-b93163a0deb7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1033 - Separation Of Duties","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1033"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48540f01-fc11-411a-b160-42807c68896e","type":"Microsoft.Authorization/policyDefinitions","name":"48540f01-fc11-411a-b160-42807c68896e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1477 - Fire Protection | Detection Devices / Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1477"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4862a63c-6c74-4a9d-a221-89af3c374503","type":"Microsoft.Authorization/policyDefinitions","name":"4862a63c-6c74-4a9d-a221-89af3c374503"},{"properties":{"displayName":"Microsoft
+ Managed Control 1484 - Water Damage Protection | Automation Support","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1484"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/486b006a-3653-45e8-b41c-a052d3e05456","type":"Microsoft.Authorization/policyDefinitions","name":"486b006a-3653-45e8-b41c-a052d3e05456"},{"properties":{"displayName":"[Deprecated]:
Audit IP restrictions configuration for an API App","policyType":"BuiltIn","mode":"All","description":"IP
Restrictions allow you to define a list of IP addresses that are allowed to
access your app. Use of IP Restrictions protects an API app from common attacks.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53","type":"Microsoft.Authorization/policyDefinitions","name":"48893b84-a2c8-4d9a-badf-835d5d1b7d53"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53","type":"Microsoft.Authorization/policyDefinitions","name":"48893b84-a2c8-4d9a-badf-835d5d1b7d53"},{"properties":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for PostgreSQL","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure Database for PostgreSQL with geo-redundant backup
+ not enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},{"field":"Microsoft.DBforPostgreSQL/servers/storageProfile.geoRedundantBackup","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","type":"Microsoft.Authorization/policyDefinitions","name":"48af4db5-9b8b-401c-8e74-076be876a430"},{"properties":{"displayName":"Microsoft
+ Managed Control 1669 - Flaw Remediation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1669"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48f2f62b-5743-4415-a143-288adc0e078d","type":"Microsoft.Authorization/policyDefinitions","name":"48f2f62b-5743-4415-a143-288adc0e078d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1376 - Incident Response Assistance | Coordination With External
+ Providers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1376"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/493a95f3-f2e3-47d0-af02-65e6d6decc2f","type":"Microsoft.Authorization/policyDefinitions","name":"493a95f3-f2e3-47d0-af02-65e6d6decc2f"},{"properties":{"displayName":"Ensure
+ that ''Java version'' is the latest, if used as a part of the Web app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Java software either due to security flaws
+ or to include additional functionality. Using the latest Java version for
+ web apps is recommended in order to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ Java version","description":"Latest supported Java version for App Services"},"defaultValue":"11"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"JAVA"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","like":"[concat(''*'',
+ parameters(''JavaLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.javaVersion","like":"[concat(parameters(''JavaLatestVersion''),
+ ''*'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","type":"Microsoft.Authorization/policyDefinitions","name":"496223c3-ad65-4ecd-878a-bae78737e9ed"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Audit''","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Windows virtual machines
@@ -8107,15 +13096,52 @@ interactions:
''='', parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsAudit"},"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"value":"[parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit:
Shut down system immediately if unable to log security audits;ExpectedValue","value":"[parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/498b810c-59cd-4222-9338-352ba146ccf3","type":"Microsoft.Authorization/policyDefinitions","name":"498b810c-59cd-4222-9338-352ba146ccf3"},{"properties":{"displayName":"Append
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/498b810c-59cd-4222-9338-352ba146ccf3","type":"Microsoft.Authorization/policyDefinitions","name":"498b810c-59cd-4222-9338-352ba146ccf3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1329 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1329"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/498f6234-3e20-4b6a-a880-cbd646d973bd","type":"Microsoft.Authorization/policyDefinitions","name":"498f6234-3e20-4b6a-a880-cbd646d973bd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1638 - Boundary Protection | Dynamic Isolation / Segregation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1638"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49b99653-32cd-405d-a135-e7d60a9aae1f","type":"Microsoft.Authorization/policyDefinitions","name":"49b99653-32cd-405d-a135-e7d60a9aae1f"},{"properties":{"displayName":"Append
tag and its default value to resource groups","policyType":"BuiltIn","mode":"All","description":"Appends
the specified tag and value when any resource group which is missing this
tag is created or updated. Does not modify the tags of resource groups created
- before this policy was applied until those resource groups are changed.","metadata":{"category":"General"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ before this policy was applied until those resource groups are changed. New
+ ''modify'' effect policies are available that support remediation of tags
+ on existing resources (see https://aka.ms/modifydoc).","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
- Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","exists":"false"},{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"}]},"then":{"effect":"append","details":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71","type":"Microsoft.Authorization/policyDefinitions","name":"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71"},{"properties":{"displayName":"Deploy
+ Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"append","details":[{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71","type":"Microsoft.Authorization/policyDefinitions","name":"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71"},{"properties":{"displayName":"Microsoft
+ Managed Control 1294 - Information System Backup | Transfer To Alternate Storage
+ Site","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1294"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49dbe627-2c1e-438c-979e-dd7a39bbf81d","type":"Microsoft.Authorization/policyDefinitions","name":"49dbe627-2c1e-438c-979e-dd7a39bbf81d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1218 - Least Functionality | Prevent Program Execution","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1218"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4a1d0394-b9f5-493e-9e83-563fd0ac4df8","type":"Microsoft.Authorization/policyDefinitions","name":"4a1d0394-b9f5-493e-9e83-563fd0ac4df8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1677 - Malicious Code Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1677"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4a248e1e-040f-43e5-bff2-afc3a57a3923","type":"Microsoft.Authorization/policyDefinitions","name":"4a248e1e-040f-43e5-bff2-afc3a57a3923"},{"properties":{"displayName":"Microsoft
+ Managed Control 1094 - Role-Based Security Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1094"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4b1853e0-8973-446b-b567-09d901d31a09","type":"Microsoft.Authorization/policyDefinitions","name":"4b1853e0-8973-446b-b567-09d901d31a09"},{"properties":{"displayName":"Microsoft
+ Managed Control 1114 - Response To Audit Processing Failures | Real-Time Alerts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1114"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4c090801-59bc-4454-bb33-e0455133486a","type":"Microsoft.Authorization/policyDefinitions","name":"4c090801-59bc-4454-bb33-e0455133486a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1364 - Incident Handling | Dynamic Reconfiguration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1364"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4c615c2a-dc83-4dda-8220-abce7b50c9bc","type":"Microsoft.Authorization/policyDefinitions","name":"4c615c2a-dc83-4dda-8220-abce7b50c9bc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1661 - Session Authenticity | Invalidate Session Identifiers
+ At Logout","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1661"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4c643c9a-1be7-4016-a5e7-e4bada052920","type":"Microsoft.Authorization/policyDefinitions","name":"4c643c9a-1be7-4016-a5e7-e4bada052920"},{"properties":{"displayName":"Microsoft
+ Managed Control 1373 - Incident Reporting | Automated Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1373"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4cca950f-c3b7-492a-8e8f-ea39663c14f9","type":"Microsoft.Authorization/policyDefinitions","name":"4cca950f-c3b7-492a-8e8f-ea39663c14f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1632 - Boundary Protection | Prevent Split Tunneling For Remote
+ Devices","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1632"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4ce9073a-77fa-48f0-96b1-87aa8e6091c2","type":"Microsoft.Authorization/policyDefinitions","name":"4ce9073a-77fa-48f0-96b1-87aa8e6091c2"},{"properties":{"displayName":"Deploy
prerequisites to audit Linux VMs that do not have the specified applications
installed","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Linux virtual machines that
@@ -8127,66 +13153,277 @@ interactions:
names","description":"A semicolon-separated list of the names of the applications
that should be installed. e.g. ''python; powershell''"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"installed_application_linux","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent'',
''='', concat(''packages: ['', replace(parameters(''ApplicationName''), '';'',
- '',''), '']'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"installed_application_linux"},"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ApplicationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ '',''), '']'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"installed_application_linux"},"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ApplicationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent","value":"[concat(''packages:
- ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent","value":"[concat(''packages:
- ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721","type":"Microsoft.Authorization/policyDefinitions","name":"4d1c04de-2172-403f-901b-90608c35c721"},{"properties":{"displayName":"[Preview]:
+ ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721","type":"Microsoft.Authorization/policyDefinitions","name":"4d1c04de-2172-403f-901b-90608c35c721"},{"properties":{"displayName":"FTPS
+ should be required in your Web App","policyType":"BuiltIn","mode":"Indexed","description":"Enable
+ FTPS enforcement for enhanced security","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/ftpsState","equals":"FtpsOnly"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","type":"Microsoft.Authorization/policyDefinitions","name":"4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1155 - System Interconnections | Restrictions On External
+ System Connections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1155"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d33f9f1-12d0-46ad-9fbd-8f8046694977","type":"Microsoft.Authorization/policyDefinitions","name":"4d33f9f1-12d0-46ad-9fbd-8f8046694977"},{"properties":{"displayName":"Microsoft
+ Managed Control 1156 - Plan Of Action And Milestones","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1156"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d52e864-9a3b-41ee-8f03-520815fe5378","type":"Microsoft.Authorization/policyDefinitions","name":"4d52e864-9a3b-41ee-8f03-520815fe5378"},{"properties":{"displayName":"Microsoft
+ Managed Control 1312 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1312"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d6a5968-9eef-4c18-8534-376790ab7274","type":"Microsoft.Authorization/policyDefinitions","name":"4d6a5968-9eef-4c18-8534-376790ab7274"},{"properties":{"displayName":"[Preview]:
Deploy Dependency Agent for Linux VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined
and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''),
''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee","type":"Microsoft.Authorization/policyDefinitions","name":"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee"},{"properties":{"displayName":"A
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee","type":"Microsoft.Authorization/policyDefinitions","name":"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Data Lake Analytics to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Analytics to stream to a regional Event
+ Hub when any Data Lake Analytics which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeAnalytics/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeAnalytics/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4daddf25-4823-43d4-88eb-2419eb6dcc08","type":"Microsoft.Authorization/policyDefinitions","name":"4daddf25-4823-43d4-88eb-2419eb6dcc08"},{"properties":{"displayName":"Microsoft
+ Managed Control 1394 - System Maintenance Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1394"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4db56f68-3f50-45ab-88f3-ca46f5379a94","type":"Microsoft.Authorization/policyDefinitions","name":"4db56f68-3f50-45ab-88f3-ca46f5379a94"},{"properties":{"displayName":"Microsoft
+ Managed Control 1702 - Information System Monitoring | Indicators Of Compromise","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1702"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4dfc0855-92c4-4641-b155-a55ddd962362","type":"Microsoft.Authorization/policyDefinitions","name":"4dfc0855-92c4-4641-b155-a55ddd962362"},{"properties":{"displayName":"Microsoft
+ Managed Control 1001 - Access Control Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1001"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e26f8c3-4bf3-4191-b8fc-d888805101b7","type":"Microsoft.Authorization/policyDefinitions","name":"4e26f8c3-4bf3-4191-b8fc-d888805101b7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1083 - Publicly Accessible Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1083"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e319cb6-2ca3-4a58-ad75-e67f484e50ec","type":"Microsoft.Authorization/policyDefinitions","name":"4e319cb6-2ca3-4a58-ad75-e67f484e50ec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1579 - Acquisition Process | Use Of Approved Piv Products","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1579"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e54c7ef-7457-430b-9a3e-ef8881d4a8e0","type":"Microsoft.Authorization/policyDefinitions","name":"4e54c7ef-7457-430b-9a3e-ef8881d4a8e0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1247 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1247"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e666db5-b2ef-4b06-aac6-09bfce49151b","type":"Microsoft.Authorization/policyDefinitions","name":"4e666db5-b2ef-4b06-aac6-09bfce49151b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1196 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1196"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e7f4ea4-dd62-44f6-8886-ac6137cf52b0","type":"Microsoft.Authorization/policyDefinitions","name":"4e7f4ea4-dd62-44f6-8886-ac6137cf52b0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1134 - Protection Of Audit Information | Access By Subset
+ Of Privileged Users","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1134"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e95f70e-181c-4422-9da2-43079710c789","type":"Microsoft.Authorization/policyDefinitions","name":"4e95f70e-181c-4422-9da2-43079710c789"},{"properties":{"displayName":"Microsoft
+ Managed Control 1267 - Alternate Storage Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1267"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e97ba1d-be5d-4953-8da4-0cccf28f4805","type":"Microsoft.Authorization/policyDefinitions","name":"4e97ba1d-be5d-4953-8da4-0cccf28f4805"},{"properties":{"displayName":"Microsoft
+ Managed Control 1192 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1192"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4ebd97f7-b105-4f50-8daf-c51465991240","type":"Microsoft.Authorization/policyDefinitions","name":"4ebd97f7-b105-4f50-8daf-c51465991240"},{"properties":{"displayName":"Microsoft
+ Managed Control 1139 - Audit Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1139"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4ed62522-de00-4dda-9810-5205733d2f34","type":"Microsoft.Authorization/policyDefinitions","name":"4ed62522-de00-4dda-9810-5205733d2f34"},{"properties":{"displayName":"A
maximum of 3 owners should be designated for your subscription","policyType":"BuiltIn","mode":"All","description":"It
is recommended to designate up to 3 subscription owners in order to reduce
the potential for breach by a compromised owner.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateLessThanXOwners","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","type":"Microsoft.Authorization/policyDefinitions","name":"4f11b553-d42e-4e3a-89be-32ca364cad4c"},{"properties":{"displayName":"A
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateLessThanXOwners","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","type":"Microsoft.Authorization/policyDefinitions","name":"4f11b553-d42e-4e3a-89be-32ca364cad4c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1442 - Media Sanitization | Nondestructive Techniques","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1442"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f26049b-2c5a-4841-9ff3-d48a26aae475","type":"Microsoft.Authorization/policyDefinitions","name":"4f26049b-2c5a-4841-9ff3-d48a26aae475"},{"properties":{"displayName":"Microsoft
+ Managed Control 1182 - Baseline Configuration | Configure Systems, Components,
+ Or Devices For High-Risk Areas","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1182"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f34f554-da4b-4786-8d66-7915c90893da","type":"Microsoft.Authorization/policyDefinitions","name":"4f34f554-da4b-4786-8d66-7915c90893da"},{"properties":{"displayName":"A
security contact email address should be provided for your subscription","policyType":"BuiltIn","mode":"All","description":"Enter
an email address to receive notifications when Azure Security Center detects
compromised resources","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/email","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","type":"Microsoft.Authorization/policyDefinitions","name":"4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7"},{"properties":{"displayName":"[Preview]
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/email","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","type":"Microsoft.Authorization/policyDefinitions","name":"4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7"},{"properties":{"displayName":"Add
+ a tag to resources","policyType":"BuiltIn","mode":"Indexed","description":"Adds
+ the specified tag and value when any resource missing this tag is created
+ or updated. Existing resources can be remediated by triggering a remediation
+ task. If the tag exists with a different value it will not be changed. Does
+ not modify tags on resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
+ Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","exists":"false"},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"add","field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f9dc7db-30c1-420c-b61a-e1d640128d26","type":"Microsoft.Authorization/policyDefinitions","name":"4f9dc7db-30c1-420c-b61a-e1d640128d26"},{"properties":{"displayName":"[Preview]
Vulnerability Assessment should be enabled on Virtual Machines","policyType":"BuiltIn","mode":"All","description":"Monitors
vulnerabilities detected by Azure Security Center Vulnerability Assessment
on Virtual Machines","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"serverVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["NotApplicable","OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","type":"Microsoft.Authorization/policyDefinitions","name":"501541f7-f7e7-4cd6-868c-4190fdad3ac9"},{"properties":{"displayName":"Connection
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"serverVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["NotApplicable","OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","type":"Microsoft.Authorization/policyDefinitions","name":"501541f7-f7e7-4cd6-868c-4190fdad3ac9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1485 - Delivery And Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1485"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50301354-95d0-4a11-8af5-8039ecf6d38b","type":"Microsoft.Authorization/policyDefinitions","name":"50301354-95d0-4a11-8af5-8039ecf6d38b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1646 - Cryptographic Key Establishment And Management | Asymmetric
+ Keys","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1646"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/506814fa-b930-4b10-894e-a45b98c40e1a","type":"Microsoft.Authorization/policyDefinitions","name":"506814fa-b930-4b10-894e-a45b98c40e1a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1566 - System Development Life Cycle","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1566"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50ad3724-e2ac-4716-afcc-d8eabd97adb9","type":"Microsoft.Authorization/policyDefinitions","name":"50ad3724-e2ac-4716-afcc-d8eabd97adb9"},{"properties":{"displayName":"A
+ custom IPsec/IKE policy must be applied to all Azure virtual network gateway
+ connections","policyType":"BuiltIn","mode":"All","description":"This policy
+ ensures that all Azure virtual network gateway connections use a custom Internet
+ Protocol Security(Ipsec)/Internet Key Exchange(IKE) policy. Supported algorithms
+ and key strengths - https://aka.ms/AA62kb0","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"IPsecEncryption":{"type":"Array","metadata":{"displayName":"IPsec
+ Encryption","description":"IPsec Encryption"}},"IPsecIntegrity":{"type":"Array","metadata":{"displayName":"IPsec
+ Integrity","description":"IPsec Integrity"}},"IKEEncryption":{"type":"Array","metadata":{"displayName":"IKE
+ Encryption","description":"IKE Encryption"}},"IKEIntegrity":{"type":"Array","metadata":{"displayName":"IKE
+ Integrity","description":"IKE Integrity"}},"DHGroup":{"type":"Array","metadata":{"displayName":"DH
+ Group","description":"DH Group"}},"PFSGroup":{"type":"Array","metadata":{"displayName":"PFS
+ Group","description":"PFS Group"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/connections"},{"anyOf":[{"field":"Microsoft.Network/connections/ipsecPolicies[*].ipsecEncryption","notIn":"[parameters(''IPsecEncryption'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ipsecIntegrity","notIn":"[parameters(''IPsecIntegrity'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ikeEncryption","notIn":"[parameters(''IKEEncryption'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ikeIntegrity","notIn":"[parameters(''IKEIntegrity'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].dhGroup","notIn":"[parameters(''DHGroup'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].pfsGroup","notIn":"[parameters(''PFSGroup'')]"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50b83b09-03da-41c1-b656-c293c914862b","type":"Microsoft.Authorization/policyDefinitions","name":"50b83b09-03da-41c1-b656-c293c914862b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1248 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1248"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50fc602d-d8e0-444b-a039-ad138ee5deb0","type":"Microsoft.Authorization/policyDefinitions","name":"50fc602d-d8e0-444b-a039-ad138ee5deb0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1386 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1386"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5120193e-91fd-4f9d-bc6d-194f94734065","type":"Microsoft.Authorization/policyDefinitions","name":"5120193e-91fd-4f9d-bc6d-194f94734065"},{"properties":{"displayName":"Microsoft
+ Managed Control 1352 - Incident Response Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1352"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/518cb545-bfa8-43f8-a108-3b7d5037469a","type":"Microsoft.Authorization/policyDefinitions","name":"518cb545-bfa8-43f8-a108-3b7d5037469a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1642 - Network Disconnect","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1642"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/53397227-5ee3-4b23-9e5e-c8a767ce6928","type":"Microsoft.Authorization/policyDefinitions","name":"53397227-5ee3-4b23-9e5e-c8a767ce6928"},{"properties":{"displayName":"Connection
throttling should be enabled for PostgreSQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy helps audit any PostgreSQL databases in your environment without Connection
throttling enabled. This setting enables temporary connection throttling per
IP for too many invalid password login failures.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"connection_throttling","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd","type":"Microsoft.Authorization/policyDefinitions","name":"5345bb39-67dc-4960-a1bf-427e16b9a0bd"},{"properties":{"displayName":"CORS
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"connection_throttling","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd","type":"Microsoft.Authorization/policyDefinitions","name":"5345bb39-67dc-4960-a1bf-427e16b9a0bd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1467 - Visitor Access Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1467"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5350cbf9-8bdd-4904-b22a-e88be84ca49d","type":"Microsoft.Authorization/policyDefinitions","name":"5350cbf9-8bdd-4904-b22a-e88be84ca49d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1183 - Baseline Configuration | Configure Systems, Components,
+ Or Devices For High-Risk Areas","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1183"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5352e3e0-e63a-452e-9e5f-9c1d181cff9c","type":"Microsoft.Authorization/policyDefinitions","name":"5352e3e0-e63a-452e-9e5f-9c1d181cff9c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1029 - Information Flow Enforcement | Security Policy Filters","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1029"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69","type":"Microsoft.Authorization/policyDefinitions","name":"53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69"},{"properties":{"displayName":"Microsoft
+ Managed Control 1270 - Alternate Storage Site | Recovery Time / Point Objectives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1270"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/53c76a39-2097-408a-b237-b279f7b4614d","type":"Microsoft.Authorization/policyDefinitions","name":"53c76a39-2097-408a-b237-b279f7b4614d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1040 - Least Privilege | Review Of User Privileges","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1040"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/54205576-cec9-463f-ba44-b4b3f5d0a84c","type":"Microsoft.Authorization/policyDefinitions","name":"54205576-cec9-463f-ba44-b4b3f5d0a84c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1015 - Account Management | Disable Inactive Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1015"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/544a208a-9c3f-40bc-b1d1-d7e144495c14","type":"Microsoft.Authorization/policyDefinitions","name":"544a208a-9c3f-40bc-b1d1-d7e144495c14"},{"properties":{"displayName":"Microsoft
+ Managed Control 1026 - Account Management | Disable Accounts For High-Risk
+ Individuals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1026"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/55419419-c597-4cd4-b51e-009fd2266783","type":"Microsoft.Authorization/policyDefinitions","name":"55419419-c597-4cd4-b51e-009fd2266783"},{"properties":{"displayName":"Microsoft
+ Managed Control 1045 - Unsuccessful Logon Attempts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1045"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/554d2dd6-f3a8-4ad5-b66f-5ce23bd18892","type":"Microsoft.Authorization/policyDefinitions","name":"554d2dd6-f3a8-4ad5-b66f-5ce23bd18892"},{"properties":{"displayName":"Microsoft
+ Managed Control 1523 - Personnel Transfer","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1523"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5577a310-2551-49c8-803b-36e0d5e55601","type":"Microsoft.Authorization/policyDefinitions","name":"5577a310-2551-49c8-803b-36e0d5e55601"},{"properties":{"displayName":"Microsoft
+ Managed Control 1113 - Response To Audit Processing Failures | Audit Storage
+ Capacity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1113"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/562afd61-56be-4313-8fe4-b9564aa4ba7d","type":"Microsoft.Authorization/policyDefinitions","name":"562afd61-56be-4313-8fe4-b9564aa4ba7d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1212 - Configuration Settings | Automated Central Management
+ / Application / Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1212"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/56d970ee-4efc-49c8-8a4e-5916940d784c","type":"Microsoft.Authorization/policyDefinitions","name":"56d970ee-4efc-49c8-8a4e-5916940d784c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1403 - Controlled Maintenance | Automated Maintenance Activities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1403"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/57149289-d52b-4f40-9fe6-5233c1ef80f7","type":"Microsoft.Authorization/policyDefinitions","name":"57149289-d52b-4f40-9fe6-5233c1ef80f7"},{"properties":{"displayName":"CORS
should not allow every resource to access your Web Applications","policyType":"BuiltIn","mode":"Indexed","description":"Cross-Origin
Resource Sharing (CORS) should not allow all domains to access your web application.
Allow only required domains to interact with your web app.","metadata":{"category":"App
Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","type":"Microsoft.Authorization/policyDefinitions","name":"5744710e-cc2f-4ee8-8809-3b11e89f4bc9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","type":"Microsoft.Authorization/policyDefinitions","name":"5744710e-cc2f-4ee8-8809-3b11e89f4bc9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1162 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1162"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592","type":"Microsoft.Authorization/policyDefinitions","name":"5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592"},{"properties":{"displayName":"Microsoft
+ Managed Control 1054 - Session Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1054"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5807e1b4-ba5e-4718-8689-a0ca05a191b2","type":"Microsoft.Authorization/policyDefinitions","name":"5807e1b4-ba5e-4718-8689-a0ca05a191b2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1584 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1584"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5864522b-ff1d-4979-a9f8-58bee1fb174c","type":"Microsoft.Authorization/policyDefinitions","name":"5864522b-ff1d-4979-a9f8-58bee1fb174c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1547 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1547"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52","type":"Microsoft.Authorization/policyDefinitions","name":"58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52"},{"properties":{"displayName":"Microsoft
+ Managed Control 1573 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1573"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/58c93053-7b98-4cf0-b99f-1beb985416c2","type":"Microsoft.Authorization/policyDefinitions","name":"58c93053-7b98-4cf0-b99f-1beb985416c2"},{"properties":{"displayName":"[Deprecated]:
+ Ensure Function app is using the latest version of TLS encryption","policyType":"BuiltIn","mode":"Indexed","description":"Please
+ use /providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193
+ instead. The TLS(Transport Layer Security) protocol secures transmission of
+ data over the internet using standard encryption technology. Encryption should
+ be set with the latest version of TLS. App service allows TLS 1.2 by default,
+ which is the recommended TLS level by industry standards, such as PCI DSS","metadata":{"category":"App
+ Service","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/58d94fc1-a072-47c2-bd37-9cdb38e77453","type":"Microsoft.Authorization/policyDefinitions","name":"58d94fc1-a072-47c2-bd37-9cdb38e77453"},{"properties":{"displayName":"Microsoft
+ Managed Control 1063 - Remote Access | Managed Access Control Points","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1063"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/593ce201-54b2-4dd0-b34f-c308005d7780","type":"Microsoft.Authorization/policyDefinitions","name":"593ce201-54b2-4dd0-b34f-c308005d7780"},{"properties":{"displayName":"Microsoft
+ Managed Control 1463 - Monitoring Physical Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1463"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/59721f87-ae25-4db0-a2a4-77cc5b25d495","type":"Microsoft.Authorization/policyDefinitions","name":"59721f87-ae25-4db0-a2a4-77cc5b25d495"},{"properties":{"displayName":"Microsoft
+ Managed Control 1425 - Timely Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1425"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5983d99c-f39b-4c32-a3dc-170f19f6941b","type":"Microsoft.Authorization/policyDefinitions","name":"5983d99c-f39b-4c32-a3dc-170f19f6941b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1512 - Personnel Screening","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1512"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5a8324ad-f599-429b-aaed-f9c6e8c987a8","type":"Microsoft.Authorization/policyDefinitions","name":"5a8324ad-f599-429b-aaed-f9c6e8c987a8"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that do not have a minimum password age
of 1 day","policyType":"BuiltIn","mode":"All","description":"This policy should
only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that do not have a minimum password age of 1 day. For more
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","type":"Microsoft.Authorization/policyDefinitions","name":"5aa11bbc-5c76-4302-80e5-aba46a4282e7"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","type":"Microsoft.Authorization/policyDefinitions","name":"5aa11bbc-5c76-4302-80e5-aba46a4282e7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1032 - Separation Of Duties","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1032"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aa85661-d618-46b8-a20f-ca40a86f0751","type":"Microsoft.Authorization/policyDefinitions","name":"5aa85661-d618-46b8-a20f-ca40a86f0751"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that do not restrict the minimum password
length to 14 characters","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that do not restrict the minimum password
length to 14 characters. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","type":"Microsoft.Authorization/policyDefinitions","name":"5aebc8d1-020d-4037-89a0-02043a7524ec"},{"properties":{"displayName":"Show
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","type":"Microsoft.Authorization/policyDefinitions","name":"5aebc8d1-020d-4037-89a0-02043a7524ec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1555 - Vulnerability Scanning | Privileged Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1555"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5afa8cab-1ed7-4e40-884c-64e0ac2059cc","type":"Microsoft.Authorization/policyDefinitions","name":"5afa8cab-1ed7-4e40-884c-64e0ac2059cc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1205 - Access Restrictions For Change | Signed Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1205"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b070cab-0fb8-4e48-ad29-fc90b4c2797c","type":"Microsoft.Authorization/policyDefinitions","name":"5b070cab-0fb8-4e48-ad29-fc90b4c2797c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1005 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1005"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b626abc-26d4-4e22-9de8-3831818526b1","type":"Microsoft.Authorization/policyDefinitions","name":"5b626abc-26d4-4e22-9de8-3831818526b1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1105 - Audit Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1105"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b73f57b-587d-4470-a344-0b0ae805f459","type":"Microsoft.Authorization/policyDefinitions","name":"5b73f57b-587d-4470-a344-0b0ae805f459"},{"properties":{"displayName":"Show
audit results from Linux VMs that have the specified applications installed","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Linux virtual machines that have the specified applications installed.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"not_installed_application_linux","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8","type":"Microsoft.Authorization/policyDefinitions","name":"5b842acb-0fe7-41b0-9f40-880ec4ad84d8"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"not_installed_application_linux","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8","type":"Microsoft.Authorization/policyDefinitions","name":"5b842acb-0fe7-41b0-9f40-880ec4ad84d8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1433 - Media Transport","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1433"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b879b41-2728-41c5-ad24-9ee2c37cbe65","type":"Microsoft.Authorization/policyDefinitions","name":"5b879b41-2728-41c5-ad24-9ee2c37cbe65"},{"properties":{"displayName":"Ensure
+ WEB app has ''Client Certificates (Incoming client certificates)'' set to
+ ''On''","policyType":"BuiltIn","mode":"Indexed","description":"Client certificates
+ allow for the app to request a certificate for incoming requests. Only clients
+ that have a valid certificate will be able to reach the app.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"},{"field":"Microsoft.Web/sites/clientCertEnabled","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","type":"Microsoft.Authorization/policyDefinitions","name":"5bb220d9-2698-4ee4-8404-b9c30c9df609"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs on which the remote host connection
status does not match the specified one","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -8207,14 +13444,17 @@ interactions:
so the machine will be non-compliant if it can establish a connection."},"allowedValues":["True","False"],"defaultValue":"False"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsRemoteConnection","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[WindowsRemoteConnection]WindowsRemoteConnection1;host'',
''='', parameters(''host''), '','', ''[WindowsRemoteConnection]WindowsRemoteConnection1;port'',
''='', parameters(''port''), '','', ''[WindowsRemoteConnection]WindowsRemoteConnection1;shouldConnect'',
- ''='', parameters(''shouldConnect'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsRemoteConnection"},"host":{"value":"[parameters(''host'')]"},"port":{"value":"[parameters(''port'')]"},"shouldConnect":{"value":"[parameters(''shouldConnect'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"host":{"type":"string"},"port":{"type":"string"},"shouldConnect":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;host","value":"[parameters(''host'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;port","value":"[parameters(''port'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;shouldConnect","value":"[parameters(''shouldConnect'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;host","value":"[parameters(''host'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;port","value":"[parameters(''port'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;shouldConnect","value":"[parameters(''shouldConnect'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5bb36dda-8a78-4df9-affd-4f05a8612a8a","type":"Microsoft.Authorization/policyDefinitions","name":"5bb36dda-8a78-4df9-affd-4f05a8612a8a"},{"properties":{"displayName":"[Preview]:
+ ''='', parameters(''shouldConnect'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsRemoteConnection"},"host":{"value":"[parameters(''host'')]"},"port":{"value":"[parameters(''port'')]"},"shouldConnect":{"value":"[parameters(''shouldConnect'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"host":{"type":"string"},"port":{"type":"string"},"shouldConnect":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;host","value":"[parameters(''host'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;port","value":"[parameters(''port'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;shouldConnect","value":"[parameters(''shouldConnect'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;host","value":"[parameters(''host'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;port","value":"[parameters(''port'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;shouldConnect","value":"[parameters(''shouldConnect'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5bb36dda-8a78-4df9-affd-4f05a8612a8a","type":"Microsoft.Authorization/policyDefinitions","name":"5bb36dda-8a78-4df9-affd-4f05a8612a8a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1551 - Vulnerability Scanning | Update Tool Capability","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1551"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5bbda922-0172-4095-89e6-5b4a0bf03af7","type":"Microsoft.Authorization/policyDefinitions","name":"5bbda922-0172-4095-89e6-5b4a0bf03af7"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Network Security''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -8230,16 +13470,38 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","type":"Microsoft.Authorization/policyDefinitions","name":"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138"},{"properties":{"displayName":"External
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","type":"Microsoft.Authorization/policyDefinitions","name":"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138"},{"properties":{"displayName":"Microsoft
+ Managed Control 1671 - Flaw Remediation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1671"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c5bbef7-a316-415b-9b38-29753ce8e698","type":"Microsoft.Authorization/policyDefinitions","name":"5c5bbef7-a316-415b-9b38-29753ce8e698"},{"properties":{"displayName":"Microsoft
+ Managed Control 1067 - Wireless Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1067"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c5e54f6-0127-44d0-8b61-f31dc8dd6190","type":"Microsoft.Authorization/policyDefinitions","name":"5c5e54f6-0127-44d0-8b61-f31dc8dd6190"},{"properties":{"displayName":"External
accounts with write permissions should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"External
accounts with write privileges should be removed from your subscription in
order to prevent unmonitored access.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","type":"Microsoft.Authorization/policyDefinitions","name":"5c607a2e-c700-4744-8254-d77e7c9eb5e4"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","type":"Microsoft.Authorization/policyDefinitions","name":"5c607a2e-c700-4744-8254-d77e7c9eb5e4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1483 - Water Damage Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1483"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5cb81060-3c8a-4968-bcdc-395a1801f6c1","type":"Microsoft.Authorization/policyDefinitions","name":"5cb81060-3c8a-4968-bcdc-395a1801f6c1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1362 - Incident Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1362"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5d169442-d6ef-439b-8dca-46c2c3248214","type":"Microsoft.Authorization/policyDefinitions","name":"5d169442-d6ef-439b-8dca-46c2c3248214"},{"properties":{"displayName":"Microsoft
+ Managed Control 1014 - Account Management | Removal Of Temporary / Emergency
+ Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1014"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5dee936c-8037-4df1-ab35-6635733da48c","type":"Microsoft.Authorization/policyDefinitions","name":"5dee936c-8037-4df1-ab35-6635733da48c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1665 - Process Isolation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1665"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5df3a55c-8456-44d4-941e-175f79332512","type":"Microsoft.Authorization/policyDefinitions","name":"5df3a55c-8456-44d4-941e-175f79332512"},{"properties":{"displayName":"[Deprecated]:
Function App should only be accessible over HTTPS","policyType":"BuiltIn","mode":"All","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"Security
Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForFunctionApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55","type":"Microsoft.Authorization/policyDefinitions","name":"5df82f4f-773a-4a2d-97a2-422a806f1a55"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForFunctionApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55","type":"Microsoft.Authorization/policyDefinitions","name":"5df82f4f-773a-4a2d-97a2-422a806f1a55"},{"properties":{"displayName":"Microsoft
+ Managed Control 1251 - Contingency Plan | Coordinate With Related Plans","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1251"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e2b3730-8c14-4081-8893-19dbb5de7348","type":"Microsoft.Authorization/policyDefinitions","name":"5e2b3730-8c14-4081-8893-19dbb5de7348"},{"properties":{"displayName":"[Deprecated]:
Audit Web Applications that are not using latest supported .NET Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported .NET Framework version for the latest security classes.
Using older classes and types can make your application vulnerable.","metadata":{"category":"Security
@@ -8251,8 +13513,14 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that do not have the specified applications installed. For
more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WhitelistedApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9","type":"Microsoft.Authorization/policyDefinitions","name":"5e393799-e3ca-4e43-a9a5-0ec4648a57d9"},{"properties":{"displayName":"Allow
- resource creation only in India data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WhitelistedApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9","type":"Microsoft.Authorization/policyDefinitions","name":"5e393799-e3ca-4e43-a9a5-0ec4648a57d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1116 - Audit Review, Analysis, And Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1116"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e47bc51-35d1-44b8-92af-e2f2d8b67635","type":"Microsoft.Authorization/policyDefinitions","name":"5e47bc51-35d1-44b8-92af-e2f2d8b67635"},{"properties":{"displayName":"Microsoft
+ Managed Control 1208 - Configuration Settings","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1208"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ea87673-d06b-456f-a324-8abcee5c159f","type":"Microsoft.Authorization/policyDefinitions","name":"5ea87673-d06b-456f-a324-8abcee5c159f"},{"properties":{"displayName":"[Deprecated]:
+ Allow resource creation only in India data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation in the following locations only: West India, South India,
Central India","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["westindia","southindia","centralindia"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54","type":"Microsoft.Authorization/policyDefinitions","name":"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54"},{"properties":{"displayName":"[Preview]:
Deploy Log Analytics Agent for Linux VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
@@ -8269,11 +13537,26 @@ interactions:
''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachineScaleSets/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069","type":"Microsoft.Authorization/policyDefinitions","name":"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069"},{"properties":{"displayName":"External
+ extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069","type":"Microsoft.Authorization/policyDefinitions","name":"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069"},{"properties":{"displayName":"Microsoft
+ Managed Control 1576 - Acquisition Process | Design / Implementation Information
+ For Security Controls","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1576"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5f18c885-ade3-48c5-80b1-8f9216019c18","type":"Microsoft.Authorization/policyDefinitions","name":"5f18c885-ade3-48c5-80b1-8f9216019c18"},{"properties":{"displayName":"External
accounts with read permissions should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"External
accounts with read privileges should be removed from your subscription in
order to prevent unmonitored access.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithReadPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","type":"Microsoft.Authorization/policyDefinitions","name":"5f76cf89-fbf2-47fd-a3f4-b891fa780b60"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithReadPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","type":"Microsoft.Authorization/policyDefinitions","name":"5f76cf89-fbf2-47fd-a3f4-b891fa780b60"},{"properties":{"displayName":"Add
+ or replace a tag on resources","policyType":"BuiltIn","mode":"Indexed","description":"Adds
+ or replaces the specified tag and value when any resource is created or updated.
+ Existing resources can be remediated by triggering a remediation task. Does
+ not modify tags on resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
+ Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","notEquals":"[parameters(''tagValue'')]"},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"addOrReplace","field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ffd78d9-436d-4b41-a421-5baa819e3008","type":"Microsoft.Authorization/policyDefinitions","name":"5ffd78d9-436d-4b41-a421-5baa819e3008"},{"properties":{"displayName":"Microsoft
+ Managed Control 1663 - Protection Of Information At Rest","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1663"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/60171210-6dde-40af-a144-bf2670518bfa","type":"Microsoft.Authorization/policyDefinitions","name":"60171210-6dde-40af-a144-bf2670518bfa"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Object Access''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -8281,7 +13564,11 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''System Audit Policies - Object Access''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesObjectAccess","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/60aeaf73-a074-417a-905f-7ce9df0ff77b","type":"Microsoft.Authorization/policyDefinitions","name":"60aeaf73-a074-417a-905f-7ce9df0ff77b"},{"properties":{"displayName":"Show
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesObjectAccess","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/60aeaf73-a074-417a-905f-7ce9df0ff77b","type":"Microsoft.Authorization/policyDefinitions","name":"60aeaf73-a074-417a-905f-7ce9df0ff77b"},{"properties":{"displayName":"Storage
+ Accounts should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Storage Account not configured to use a virtual network
+ service endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"anyOf":[{"field":"Microsoft.Storage/storageAccounts/networkAcls.defaultAction","notEquals":"Deny"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.virtualNetworkRules[*].id","exists":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/60d21c4f-21a3-4d94-85f4-b924e6aeeda4","type":"Microsoft.Authorization/policyDefinitions","name":"60d21c4f-21a3-4d94-85f4-b924e6aeeda4"},{"properties":{"displayName":"Show
audit results from Windows web servers that are not using secure communication
protocols","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
@@ -8295,19 +13582,87 @@ interactions:
a storage account in the same region and resource group as the SQL server
to store scan results, with a ''sqlva'' prefix.","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/securityAlertPolicies.state","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3","/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"serverName":{"type":"string"},"location":{"type":"string"}},"variables":{"serverResourceGroupName":"[resourceGroup().name]","subscriptionId":"[subscription().subscriptionId]","uniqueStorage":"[uniqueString(variables(''subscriptionId''),
variables(''serverResourceGroupName''), parameters(''location''))]","storageName":"[tolower(concat(''sqlva'',
- variables(''uniqueStorage'')))]"},"resources":[{"type":"Microsoft.Storage/storageAccounts","name":"[variables(''storageName'')]","apiVersion":"2016-01-01","location":"[parameters(''location'')]","sku":{"name":"Standard_LRS"},"kind":"Storage","properties":{}},{"name":"[concat(parameters(''serverName''),
+ variables(''uniqueStorage'')))]"},"resources":[{"type":"Microsoft.Storage/storageAccounts","name":"[variables(''storageName'')]","apiVersion":"2019-04-01","location":"[parameters(''location'')]","sku":{"name":"Standard_LRS"},"kind":"StorageV2","properties":{}},{"name":"[concat(parameters(''serverName''),
''/Default'')]","type":"Microsoft.Sql/servers/securityAlertPolicies","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","emailAccountAdmins":true}},{"name":"[concat(parameters(''serverName''),
''/Default'')]","type":"Microsoft.Sql/servers/vulnerabilityAssessments","apiVersion":"2018-06-01-preview","properties":{"storageContainerPath":"[concat(reference(resourceId(''Microsoft.Storage/storageAccounts'',
variables(''storageName''))).primaryEndpoints.blob, ''vulnerability-assessment'')]","storageAccountAccessKey":"[listKeys(resourceId(''Microsoft.Storage/storageAccounts'',
variables(''storageName'')), ''2018-02-01'').keys[0].value]","recurringScans":{"isEnabled":true,"emailSubscriptionAdmins":true,"emails":[]}},"dependsOn":["[concat(''Microsoft.Storage/storageAccounts/'',
variables(''storageName''))]","[concat(''Microsoft.Sql/servers/'', parameters(''serverName''),
- ''/securityAlertPolicies/Default'')]"]}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6","type":"Microsoft.Authorization/policyDefinitions","name":"6134c3db-786f-471e-87bc-8f479dc890f6"},{"properties":{"displayName":"Service
+ ''/securityAlertPolicies/Default'')]"]}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6","type":"Microsoft.Authorization/policyDefinitions","name":"6134c3db-786f-471e-87bc-8f479dc890f6"},{"properties":{"displayName":"Configure
+ time zone on Windows machines.","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to set specified time zone
+ on Windows virtual machines.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"TimeZone":{"type":"String","metadata":{"displayName":"Time
+ zone","description":"The expected time zone"},"allowedValues":["(UTC-12:00)
+ International Date Line West","(UTC-11:00) Coordinated Universal Time-11","(UTC-10:00)
+ Aleutian Islands","(UTC-10:00) Hawaii","(UTC-09:30) Marquesas Islands","(UTC-09:00)
+ Alaska","(UTC-09:00) Coordinated Universal Time-09","(UTC-08:00) Baja California","(UTC-08:00)
+ Coordinated Universal Time-08","(UTC-08:00) Pacific Time (US & Canada)","(UTC-07:00)
+ Arizona","(UTC-07:00) Chihuahua, La Paz, Mazatlan","(UTC-07:00) Mountain Time
+ (US & Canada)","(UTC-06:00) Central America","(UTC-06:00) Central Time (US
+ & Canada)","(UTC-06:00) Easter Island","(UTC-06:00) Guadalajara, Mexico City,
+ Monterrey","(UTC-06:00) Saskatchewan","(UTC-05:00) Bogota, Lima, Quito, Rio
+ Branco","(UTC-05:00) Chetumal","(UTC-05:00) Eastern Time (US & Canada)","(UTC-05:00)
+ Haiti","(UTC-05:00) Havana","(UTC-05:00) Indiana (East)","(UTC-05:00) Turks
+ and Caicos","(UTC-04:00) Asuncion","(UTC-04:00) Atlantic Time (Canada)","(UTC-04:00)
+ Caracas","(UTC-04:00) Cuiaba","(UTC-04:00) Georgetown, La Paz, Manaus, San
+ Juan","(UTC-04:00) Santiago","(UTC-03:30) Newfoundland","(UTC-03:00) Araguaina","(UTC-03:00)
+ Brasilia","(UTC-03:00) Cayenne, Fortaleza","(UTC-03:00) City of Buenos Aires","(UTC-03:00)
+ Greenland","(UTC-03:00) Montevideo","(UTC-03:00) Punta Arenas","(UTC-03:00)
+ Saint Pierre and Miquelon","(UTC-03:00) Salvador","(UTC-02:00) Coordinated
+ Universal Time-02","(UTC-02:00) Mid-Atlantic - Old","(UTC-01:00) Azores","(UTC-01:00)
+ Cabo Verde Is.","(UTC) Coordinated Universal Time","(UTC+00:00) Dublin, Edinburgh,
+ Lisbon, London","(UTC+00:00) Monrovia, Reykjavik","(UTC+00:00) Sao Tome","(UTC+01:00)
+ Casablanca","(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna","(UTC+01:00)
+ Belgrade, Bratislava, Budapest, Ljubljana, Prague","(UTC+01:00) Brussels,
+ Copenhagen, Madrid, Paris","(UTC+01:00) Sarajevo, Skopje, Warsaw, Zagreb","(UTC+01:00)
+ West Central Africa","(UTC+02:00) Amman","(UTC+02:00) Athens, Bucharest","(UTC+02:00)
+ Beirut","(UTC+02:00) Cairo","(UTC+02:00) Chisinau","(UTC+02:00) Damascus","(UTC+02:00)
+ Gaza, Hebron","(UTC+02:00) Harare, Pretoria","(UTC+02:00) Helsinki, Kyiv,
+ Riga, Sofia, Tallinn, Vilnius","(UTC+02:00) Jerusalem","(UTC+02:00) Kaliningrad","(UTC+02:00)
+ Khartoum","(UTC+02:00) Tripoli","(UTC+02:00) Windhoek","(UTC+03:00) Baghdad","(UTC+03:00)
+ Istanbul","(UTC+03:00) Kuwait, Riyadh","(UTC+03:00) Minsk","(UTC+03:00) Moscow,
+ St. Petersburg","(UTC+03:00) Nairobi","(UTC+03:30) Tehran","(UTC+04:00) Abu
+ Dhabi, Muscat","(UTC+04:00) Astrakhan, Ulyanovsk","(UTC+04:00) Baku","(UTC+04:00)
+ Izhevsk, Samara","(UTC+04:00) Port Louis","(UTC+04:00) Saratov","(UTC+04:00)
+ Tbilisi","(UTC+04:00) Volgograd","(UTC+04:00) Yerevan","(UTC+04:30) Kabul","(UTC+05:00)
+ Ashgabat, Tashkent","(UTC+05:00) Ekaterinburg","(UTC+05:00) Islamabad, Karachi","(UTC+05:00)
+ Qyzylorda","(UTC+05:30) Chennai, Kolkata, Mumbai, New Delhi","(UTC+05:30)
+ Sri Jayawardenepura","(UTC+05:45) Kathmandu","(UTC+06:00) Astana","(UTC+06:00)
+ Dhaka","(UTC+06:00) Omsk","(UTC+06:30) Yangon (Rangoon)","(UTC+07:00) Bangkok,
+ Hanoi, Jakarta","(UTC+07:00) Barnaul, Gorno-Altaysk","(UTC+07:00) Hovd","(UTC+07:00)
+ Krasnoyarsk","(UTC+07:00) Novosibirsk","(UTC+07:00) Tomsk","(UTC+08:00) Beijing,
+ Chongqing, Hong Kong, Urumqi","(UTC+08:00) Irkutsk","(UTC+08:00) Kuala Lumpur,
+ Singapore","(UTC+08:00) Perth","(UTC+08:00) Taipei","(UTC+08:00) Ulaanbaatar","(UTC+08:45)
+ Eucla","(UTC+09:00) Chita","(UTC+09:00) Osaka, Sapporo, Tokyo","(UTC+09:00)
+ Pyongyang","(UTC+09:00) Seoul","(UTC+09:00) Yakutsk","(UTC+09:30) Adelaide","(UTC+09:30)
+ Darwin","(UTC+10:00) Brisbane","(UTC+10:00) Canberra, Melbourne, Sydney","(UTC+10:00)
+ Guam, Port Moresby","(UTC+10:00) Hobart","(UTC+10:00) Vladivostok","(UTC+10:30)
+ Lord Howe Island","(UTC+11:00) Bougainville Island","(UTC+11:00) Chokurdakh","(UTC+11:00)
+ Magadan","(UTC+11:00) Norfolk Island","(UTC+11:00) Sakhalin","(UTC+11:00)
+ Solomon Is., New Caledonia","(UTC+12:00) Anadyr, Petropavlovsk-Kamchatsky","(UTC+12:00)
+ Auckland, Wellington","(UTC+12:00) Coordinated Universal Time+12","(UTC+12:00)
+ Fiji","(UTC+12:00) Petropavlovsk-Kamchatsky - Old","(UTC+12:45) Chatham Islands","(UTC+13:00)
+ Coordinated Universal Time+13","(UTC+13:00) Nuku''alofa","(UTC+13:00) Samoa","(UTC+14:00)
+ Kiritimati Island"]}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"SetWindowsTimeZone","existenceCondition":{"allOf":[{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[WindowsTimeZone]WindowsTimeZone1;TimeZone'',
+ ''='', parameters(''TimeZone'')))]"},{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"SetWindowsTimeZone"},"TimeZone":{"value":"[parameters(''TimeZone'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"TimeZone":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","assignmentType":"DeployAndAutoCorrect","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","assignmentType":"DeployAndAutoCorrect","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6141c932-9384-44c6-a395-59e4c057d7c9","type":"Microsoft.Authorization/policyDefinitions","name":"6141c932-9384-44c6-a395-59e4c057d7c9"},{"properties":{"displayName":"Service
Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign","policyType":"BuiltIn","mode":"Indexed","description":"Service
Fabric provides three levels of protection (None, Sign and EncryptAndSign)
for node-to-node communication using a primary cluster certificate. Set the
protection level to ensure that all node-to-node messages are encrypted and
digitally signed","metadata":{"category":"Service Fabric"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceFabric/clusters"},{"anyOf":[{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].name","notEquals":"Security"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name","notEquals":"ClusterProtectionLevel"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value","notEquals":"EncryptAndSign"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","type":"Microsoft.Authorization/policyDefinitions","name":"617c02be-7f02-4efd-8836-3180d47b6c68"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceFabric/clusters"},{"anyOf":[{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].name","notEquals":"Security"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name","notEquals":"ClusterProtectionLevel"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value","notEquals":"EncryptAndSign"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","type":"Microsoft.Authorization/policyDefinitions","name":"617c02be-7f02-4efd-8836-3180d47b6c68"},{"properties":{"displayName":"Microsoft
+ Managed Control 1110 - Audit Storage Capacity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1110"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6182bfa7-0f2a-43f5-834a-a2ddf31c13c7","type":"Microsoft.Authorization/policyDefinitions","name":"6182bfa7-0f2a-43f5-834a-a2ddf31c13c7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1415 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1415"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/61a1dd98-b259-4840-abd5-fbba7ee0da83","type":"Microsoft.Authorization/policyDefinitions","name":"61a1dd98-b259-4840-abd5-fbba7ee0da83"},{"properties":{"displayName":"Microsoft
+ Managed Control 1153 - System Interconnections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1153"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/61cf3125-142c-4754-8a16-41ab4d529635","type":"Microsoft.Authorization/policyDefinitions","name":"61cf3125-142c-4754-8a16-41ab4d529635"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
System objects''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -8315,7 +13670,24 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - System objects''. For more information on Guest
Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsSystemobjects","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/620e58b5-ac75-49b4-993f-a9d4f0459636","type":"Microsoft.Authorization/policyDefinitions","name":"620e58b5-ac75-49b4-993f-a9d4f0459636"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsSystemobjects","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/620e58b5-ac75-49b4-993f-a9d4f0459636","type":"Microsoft.Authorization/policyDefinitions","name":"620e58b5-ac75-49b4-993f-a9d4f0459636"},{"properties":{"displayName":"Microsoft
+ Managed Control 1682 - Malicious Code Protection | Nonsignature-Based Detection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1682"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/62b638c5-29d7-404b-8d93-f21e4b1ce198","type":"Microsoft.Authorization/policyDefinitions","name":"62b638c5-29d7-404b-8d93-f21e4b1ce198"},{"properties":{"displayName":"Microsoft
+ Managed Control 1660 - Session Authenticity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1660"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/63096613-ce83-43e5-96f4-e588e8813554","type":"Microsoft.Authorization/policyDefinitions","name":"63096613-ce83-43e5-96f4-e588e8813554"},{"properties":{"displayName":"Microsoft
+ Managed Control 1002 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1002"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/632024c2-8079-439d-a7f6-90af1d78cc65","type":"Microsoft.Authorization/policyDefinitions","name":"632024c2-8079-439d-a7f6-90af1d78cc65"},{"properties":{"displayName":"Microsoft
+ Managed Control 1498 - Rules Of Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1498"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/633988b9-cf2f-4323-8394-f0d2af9cd6e1","type":"Microsoft.Authorization/policyDefinitions","name":"633988b9-cf2f-4323-8394-f0d2af9cd6e1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1177 - Baseline Configuration | Reviews And Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1177"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc","type":"Microsoft.Authorization/policyDefinitions","name":"63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1185 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1185"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6420cd73-b939-43b7-9d99-e8688fea053c","type":"Microsoft.Authorization/policyDefinitions","name":"6420cd73-b939-43b7-9d99-e8688fea053c"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Devices''","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Windows virtual machines
@@ -8332,16 +13704,38 @@ interactions:
Allowed to format and eject removable media;ExpectedValue'', ''='', parameters(''DevicesAllowedToFormatAndEjectRemovableMedia'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsDevices"},"DevicesAllowedToFormatAndEjectRemovableMedia":{"value":"[parameters(''DevicesAllowedToFormatAndEjectRemovableMedia'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"DevicesAllowedToFormatAndEjectRemovableMedia":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Devices:
Allowed to format and eject removable media;ExpectedValue","value":"[parameters(''DevicesAllowedToFormatAndEjectRemovableMedia'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6481cc21-ed6e-4480-99dd-ea7c5222e897","type":"Microsoft.Authorization/policyDefinitions","name":"6481cc21-ed6e-4480-99dd-ea7c5222e897"},{"properties":{"displayName":"[Deprecated]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6481cc21-ed6e-4480-99dd-ea7c5222e897","type":"Microsoft.Authorization/policyDefinitions","name":"6481cc21-ed6e-4480-99dd-ea7c5222e897"},{"properties":{"displayName":"Microsoft
+ Managed Control 1441 - Media Sanitization | Equipment Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1441"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6519d7f3-e8a2-4ff3-a935-9a9497152ad7","type":"Microsoft.Authorization/policyDefinitions","name":"6519d7f3-e8a2-4ff3-a935-9a9497152ad7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1558 - Vulnerability Scanning | Correlate Scanning Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1558"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/65592b16-4367-42c5-a26e-d371be450e17","type":"Microsoft.Authorization/policyDefinitions","name":"65592b16-4367-42c5-a26e-d371be450e17"},{"properties":{"displayName":"[Deprecated]:
Audit missing blob encryption for storage accounts","policyType":"BuiltIn","mode":"All","description":"This
policy is no longer necessary because storage blob encryption is enabled by
default and cannot be turned off.","metadata":{"category":"Security Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759","type":"Microsoft.Authorization/policyDefinitions","name":"655cb504-bcee-4362-bd4c-402e6aa38759"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759","type":"Microsoft.Authorization/policyDefinitions","name":"655cb504-bcee-4362-bd4c-402e6aa38759"},{"properties":{"displayName":"Microsoft
+ Managed Control 1261 - Contingency Plan Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1261"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/65aeceb5-a59c-4cb1-8d82-9c474be5d431","type":"Microsoft.Authorization/policyDefinitions","name":"65aeceb5-a59c-4cb1-8d82-9c474be5d431"},{"properties":{"displayName":"[Deprecated]:
Audit IP restrictions configuration for a Function App","policyType":"BuiltIn","mode":"All","description":"IP
Restrictions allow you to define a list of IP addresses that are allowed to
access your app. Use of IP Restrictions protects a Function app from common
attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90","type":"Microsoft.Authorization/policyDefinitions","name":"664346d9-be92-43fb-a219-d595eeb76a90"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90","type":"Microsoft.Authorization/policyDefinitions","name":"664346d9-be92-43fb-a219-d595eeb76a90"},{"properties":{"displayName":"Microsoft
+ Managed Control 1444 - Media Use | Prohibit Use Without Owner","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1444"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/666143df-f5e0-45bd-b554-135f0f93e44e","type":"Microsoft.Authorization/policyDefinitions","name":"666143df-f5e0-45bd-b554-135f0f93e44e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1319 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1319"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/66f7ae57-5560-4fc5-85c9-659f204e7a42","type":"Microsoft.Authorization/policyDefinitions","name":"66f7ae57-5560-4fc5-85c9-659f204e7a42"},{"properties":{"displayName":"Microsoft
+ Managed Control 1628 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1628"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/67de62b4-a737-4781-8861-3baed3c35069","type":"Microsoft.Authorization/policyDefinitions","name":"67de62b4-a737-4781-8861-3baed3c35069"},{"properties":{"displayName":"Microsoft
+ Managed Control 1377 - Incident Response Assistance | Coordination With External
+ Providers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1377"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68434bd1-e14b-4031-9edb-a4adf5f84a67","type":"Microsoft.Authorization/policyDefinitions","name":"68434bd1-e14b-4031-9edb-a4adf5f84a67"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs on which the Log Analytics agent
is not connected as expected","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -8353,14 +13747,42 @@ interactions:
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"WorkspaceId":{"type":"String","metadata":{"displayName":"Connected
workspace IDs","description":"A semicolon-separated list of the workspace
IDs that the Log Analytics agent should be connected to"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsLogAnalyticsAgentConnection","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[LogAnalyticsAgent]LogAnalyticsAgent1;WorkspaceId'',
- ''='', parameters(''WorkspaceId'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsLogAnalyticsAgentConnection"},"WorkspaceId":{"value":"[parameters(''WorkspaceId'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"WorkspaceId":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LogAnalyticsAgent]LogAnalyticsAgent1;WorkspaceId","value":"[parameters(''WorkspaceId'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LogAnalyticsAgent]LogAnalyticsAgent1;WorkspaceId","value":"[parameters(''WorkspaceId'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68511db2-bd02-41c4-ae6b-1900a012968a","type":"Microsoft.Authorization/policyDefinitions","name":"68511db2-bd02-41c4-ae6b-1900a012968a"},{"properties":{"displayName":"[Preview]:
+ ''='', parameters(''WorkspaceId'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsLogAnalyticsAgentConnection"},"WorkspaceId":{"value":"[parameters(''WorkspaceId'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"WorkspaceId":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LogAnalyticsAgent]LogAnalyticsAgent1;WorkspaceId","value":"[parameters(''WorkspaceId'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LogAnalyticsAgent]LogAnalyticsAgent1;WorkspaceId","value":"[parameters(''WorkspaceId'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68511db2-bd02-41c4-ae6b-1900a012968a","type":"Microsoft.Authorization/policyDefinitions","name":"68511db2-bd02-41c4-ae6b-1900a012968a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1597 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1597"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68b250ec-2e4f-4eee-898a-117a9fda7016","type":"Microsoft.Authorization/policyDefinitions","name":"68b250ec-2e4f-4eee-898a-117a9fda7016"},{"properties":{"displayName":"Microsoft
+ Managed Control 1588 - External Information System Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1588"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68ebae26-e0e0-4ecb-8379-aabf633b51e9","type":"Microsoft.Authorization/policyDefinitions","name":"68ebae26-e0e0-4ecb-8379-aabf633b51e9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1070 - Wireless Access | Disable Wireless Networking","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1070"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68f837d0-8942-4b1e-9b31-be78b247bda8","type":"Microsoft.Authorization/policyDefinitions","name":"68f837d0-8942-4b1e-9b31-be78b247bda8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1727 - Memory Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1727"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/697175a7-9715-4e89-b98b-c6f605888fa3","type":"Microsoft.Authorization/policyDefinitions","name":"697175a7-9715-4e89-b98b-c6f605888fa3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1652 - Mobile Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1652"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6998e84a-2d29-4e10-8962-76754d4f772d","type":"Microsoft.Authorization/policyDefinitions","name":"6998e84a-2d29-4e10-8962-76754d4f772d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1699 - Information System Monitoring | Privileged Users","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1699"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/69c7bee8-bc19-4129-a51e-65a7b39d3e7c","type":"Microsoft.Authorization/policyDefinitions","name":"69c7bee8-bc19-4129-a51e-65a7b39d3e7c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1696 - Information System Monitoring | Correlate Monitoring
+ Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1696"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/69d2a238-20ab-4206-a6dc-f302bf88b1b8","type":"Microsoft.Authorization/policyDefinitions","name":"69d2a238-20ab-4206-a6dc-f302bf88b1b8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1244 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1244"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a13a8f8-c163-4b1b-8554-d63569dab937","type":"Microsoft.Authorization/policyDefinitions","name":"6a13a8f8-c163-4b1b-8554-d63569dab937"},{"properties":{"displayName":"Microsoft
+ Managed Control 1019 - Account Management | Role-Based Schemes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1019"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a3ee9b2-3977-459c-b8ce-2db583abd9f7","type":"Microsoft.Authorization/policyDefinitions","name":"6a3ee9b2-3977-459c-b8ce-2db583abd9f7"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs on which Windows Defender Exploit
Guard is not enabled","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -8375,41 +13797,120 @@ interactions:
machines with older versions on which Windows Defender Exploit Guard is not
available (such as Windows Server 2012 R2) non-compliant. Setting this value
to ''Compliant'' will make these machines compliant."},"allowedValues":["Compliant","Non-Compliant"],"defaultValue":"Non-Compliant"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDefenderExploitGuard","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[WindowsDefenderExploitGuard]WindowsDefenderExploitGuard1;NotAvailableMachineState'',
- ''='', parameters(''NotAvailableMachineState'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDefenderExploitGuard"},"NotAvailableMachineState":{"value":"[parameters(''NotAvailableMachineState'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"NotAvailableMachineState":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsDefenderExploitGuard]WindowsDefenderExploitGuard1;NotAvailableMachineState","value":"[parameters(''NotAvailableMachineState'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsDefenderExploitGuard]WindowsDefenderExploitGuard1;NotAvailableMachineState","value":"[parameters(''NotAvailableMachineState'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''='', parameters(''NotAvailableMachineState'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDefenderExploitGuard"},"NotAvailableMachineState":{"value":"[parameters(''NotAvailableMachineState'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"NotAvailableMachineState":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsDefenderExploitGuard]WindowsDefenderExploitGuard1;NotAvailableMachineState","value":"[parameters(''NotAvailableMachineState'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsDefenderExploitGuard]WindowsDefenderExploitGuard1;NotAvailableMachineState","value":"[parameters(''NotAvailableMachineState'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a7a2bcf-f9be-4e35-9734-4f9657a70f1d","type":"Microsoft.Authorization/policyDefinitions","name":"6a7a2bcf-f9be-4e35-9734-4f9657a70f1d"},{"properties":{"displayName":"[Deprecated]:
Audit IP restrictions configuration for a Web Application","policyType":"BuiltIn","mode":"All","description":"IP
Restrictions allow you to define a list of IP addresses that are allowed to
access your app. Use of IP Restrictions protects a web application from common
attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe","type":"Microsoft.Authorization/policyDefinitions","name":"6a8450e2-6c61-43b4-be65-62e3a197bffe"},{"properties":{"displayName":"Deprecated
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe","type":"Microsoft.Authorization/policyDefinitions","name":"6a8450e2-6c61-43b4-be65-62e3a197bffe"},{"properties":{"displayName":"Microsoft
+ Managed Control 1211 - Configuration Settings","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1211"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a8b9dc8-6b00-4701-aa96-bba3277ebf50","type":"Microsoft.Authorization/policyDefinitions","name":"6a8b9dc8-6b00-4701-aa96-bba3277ebf50"},{"properties":{"displayName":"[Deprecated]:
+ Ensure WEB app is using the latest version of TLS encryption ","policyType":"BuiltIn","mode":"Indexed","description":"Please
+ use /providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b
+ instead. The TLS(Transport Layer Security) protocol secures transmission of
+ data over the internet using standard encryption technology. Encryption should
+ be set with the latest version of TLS. App service allows TLS 1.2 by default,
+ which is the recommended TLS level by industry standards, such as PCI DSS.","metadata":{"category":"App
+ Service","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6ad61431-88ce-4357-a0e1-6da43f292bd7","type":"Microsoft.Authorization/policyDefinitions","name":"6ad61431-88ce-4357-a0e1-6da43f292bd7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1653 - Mobile Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1653"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b","type":"Microsoft.Authorization/policyDefinitions","name":"6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b"},{"properties":{"displayName":"Deprecated
accounts should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"Deprecated
accounts should be removed from your subscriptions. Deprecated accounts are
accounts that have been blocked from signing in.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveDeprecatedAccounts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","type":"Microsoft.Authorization/policyDefinitions","name":"6b1cbf55-e8b6-442f-ba4c-7246b6381474"},{"properties":{"displayName":"Not
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveDeprecatedAccounts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","type":"Microsoft.Authorization/policyDefinitions","name":"6b1cbf55-e8b6-442f-ba4c-7246b6381474"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Service Bus to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Service Bus to stream to a regional Event Hub
+ when any Service Bus which is missing this diagnostic settings is created
+ or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.ServiceBus/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b51af03-9277-49a9-a3f8-1c69c9ff7403","type":"Microsoft.Authorization/policyDefinitions","name":"6b51af03-9277-49a9-a3f8-1c69c9ff7403"},{"properties":{"displayName":"Microsoft
+ Managed Control 1031 - Separation Of Duties","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1031"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b93a801-fe25-4574-a60d-cb22acffae00","type":"Microsoft.Authorization/policyDefinitions","name":"6b93a801-fe25-4574-a60d-cb22acffae00"},{"properties":{"displayName":"Not
allowed resource types","policyType":"BuiltIn","mode":"All","description":"This
policy enables you to specify the resource types that your organization cannot
deploy.","metadata":{"category":"General"},"parameters":{"listOfResourceTypesNotAllowed":{"type":"Array","metadata":{"description":"The
list of resource types that cannot be deployed.","displayName":"Not allowed
- resource types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypesNotAllowed'')]"},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749","type":"Microsoft.Authorization/policyDefinitions","name":"6c112d4e-5bc7-47ae-a041-ea2d9dccd749"},{"properties":{"displayName":"Function
+ resource types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypesNotAllowed'')]"},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749","type":"Microsoft.Authorization/policyDefinitions","name":"6c112d4e-5bc7-47ae-a041-ea2d9dccd749"},{"properties":{"displayName":"Microsoft
+ Managed Control 1338 - Authenticator Management | Automated Support For Password
+ Strength Determination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1338"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6c59a207-6aed-41dc-83a2-e1ff66e4a4db","type":"Microsoft.Authorization/policyDefinitions","name":"6c59a207-6aed-41dc-83a2-e1ff66e4a4db"},{"properties":{"displayName":"Microsoft
+ Managed Control 1304 - Identification And Authentication (Org. Users) | Local
+ Access To Non-Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1304"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b","type":"Microsoft.Authorization/policyDefinitions","name":"6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1437 - Media Transport | Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1437"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d1eb6ed-bf13-4046-b993-b9e2aef0f76c","type":"Microsoft.Authorization/policyDefinitions","name":"6d1eb6ed-bf13-4046-b993-b9e2aef0f76c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1171 - Penetration Testing | Independent Penetration Agent
+ Or Team","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1171"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d4820bc-8b61-4982-9501-2123cb776c00","type":"Microsoft.Authorization/policyDefinitions","name":"6d4820bc-8b61-4982-9501-2123cb776c00"},{"properties":{"displayName":"Function
App should only be accessible over HTTPS","policyType":"BuiltIn","mode":"Indexed","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","type":"Microsoft.Authorization/policyDefinitions","name":"6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab"},{"properties":{"displayName":"Email
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","type":"Microsoft.Authorization/policyDefinitions","name":"6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab"},{"properties":{"displayName":"Microsoft
+ Managed Control 1643 - Cryptographic Key Establishment And Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1643"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d8d492c-dd7a-46f7-a723-fa66a425b87c","type":"Microsoft.Authorization/policyDefinitions","name":"6d8d492c-dd7a-46f7-a723-fa66a425b87c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1291 - Information System Backup | Testing For Reliability
+ / Integrity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1291"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912","type":"Microsoft.Authorization/policyDefinitions","name":"6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912"},{"properties":{"displayName":"Microsoft
+ Managed Control 1175 - Configuration Management Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1175"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6dab4254-c30d-4bb7-ae99-1d21586c063c","type":"Microsoft.Authorization/policyDefinitions","name":"6dab4254-c30d-4bb7-ae99-1d21586c063c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1651 - Mobile Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1651"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6db63528-c9ba-491c-8a80-83e1e6977a50","type":"Microsoft.Authorization/policyDefinitions","name":"6db63528-c9ba-491c-8a80-83e1e6977a50"},{"properties":{"displayName":"Email
notification for high severity alerts should be enabled","policyType":"BuiltIn","mode":"All","description":"Enable
emailing security alerts to the security contact, in order to have them receive
security alert emails from Microsoft. This ensures that the right people are
aware of any potential security issues and are able to mitigate the risks","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertNotifications","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","type":"Microsoft.Authorization/policyDefinitions","name":"6e2593d9-add6-4083-9c9b-4b7d2188c899"},{"properties":{"displayName":"Allow
- resource creation only in Japan data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
- resource creation in the following locations only: Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4","type":"Microsoft.Authorization/policyDefinitions","name":"6fdb9205-3462-4cfc-87d8-16c7860b53f4"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertNotifications","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","type":"Microsoft.Authorization/policyDefinitions","name":"6e2593d9-add6-4083-9c9b-4b7d2188c899"},{"properties":{"displayName":"Microsoft
+ Managed Control 1586 - External Information System Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1586"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e3b2fbd-8f37-4766-a64d-3f37703dcb51","type":"Microsoft.Authorization/policyDefinitions","name":"6e3b2fbd-8f37-4766-a64d-3f37703dcb51"},{"properties":{"displayName":"Microsoft
+ Managed Control 1536 - Risk Assessment Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1536"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e40d9de-2ad4-4cb5-8945-23143326a502","type":"Microsoft.Authorization/policyDefinitions","name":"6e40d9de-2ad4-4cb5-8945-23143326a502"},{"properties":{"displayName":"Microsoft
+ Managed Control 1530 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1530"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e8f9566-29f1-49cd-b61f-f8628a3cf993","type":"Microsoft.Authorization/policyDefinitions","name":"6e8f9566-29f1-49cd-b61f-f8628a3cf993"},{"properties":{"displayName":"Microsoft
+ Managed Control 1460 - Access Control For Output Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1460"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6f3ce1bb-4f77-4695-8355-70b08d54fdda","type":"Microsoft.Authorization/policyDefinitions","name":"6f3ce1bb-4f77-4695-8355-70b08d54fdda"},{"properties":{"displayName":"Microsoft
+ Managed Control 1320 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1320"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6f54c732-71d4-4f93-a696-4e373eca3a77","type":"Microsoft.Authorization/policyDefinitions","name":"6f54c732-71d4-4f93-a696-4e373eca3a77"},{"properties":{"displayName":"[Deprecated]:
+ Allow resource creation only in Japan data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ resource creation in the following locations only: Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4","type":"Microsoft.Authorization/policyDefinitions","name":"6fdb9205-3462-4cfc-87d8-16c7860b53f4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1141 - Audit Generation | Changes By Authorized Individuals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1141"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fdefbf4-93e7-4513-bc95-c1858b7093e0","type":"Microsoft.Authorization/policyDefinitions","name":"6fdefbf4-93e7-4513-bc95-c1858b7093e0"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Microsoft Network Server''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -8417,7 +13918,19 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - Microsoft Network Server''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkServer","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fe4ef56-7576-4dc4-8e9c-26bad4b087ce","type":"Microsoft.Authorization/policyDefinitions","name":"6fe4ef56-7576-4dc4-8e9c-26bad4b087ce"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkServer","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fe4ef56-7576-4dc4-8e9c-26bad4b087ce","type":"Microsoft.Authorization/policyDefinitions","name":"6fe4ef56-7576-4dc4-8e9c-26bad4b087ce"},{"properties":{"displayName":"Ensure
+ that ''Python version'' is the latest, if used as a part of the Web app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Python software either due to security flaws
+ or to include additional functionality. Using the latest Python version for
+ web apps is recommended in order to to take advantage of security fixes, if
+ any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"WindowsPythonLatestVersion":{"type":"String","metadata":{"displayName":"Windows
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.6"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"Linux
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.8"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PYTHON"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PYTHON|'',
+ parameters(''LinuxPythonLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":"[parameters(''WindowsPythonLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","type":"Microsoft.Authorization/policyDefinitions","name":"7008174a-fd10-4ef0-817e-fc820a951d73"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Windows Components''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
with non-compliant settings in Group Policy category: ''Windows Components''.
@@ -8529,14 +14042,36 @@ interactions:
Specify the maximum log file size (KB);ExpectedValue","value":"[parameters(''SystemSpecifyTheMaximumLogFileSizeKB'')]"},{"name":"Turn
off Data Execution Prevention for Explorer;ExpectedValue","value":"[parameters(''TurnOffDataExecutionPreventionForExplorer'')]"},{"name":"Specify
the interval to check for definition updates;ExpectedValue","value":"[parameters(''SpecifyTheIntervalToCheckForDefinitionUpdates'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7040a231-fb65-4412-8c0a-b365f4866c24","type":"Microsoft.Authorization/policyDefinitions","name":"7040a231-fb65-4412-8c0a-b365f4866c24"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7040a231-fb65-4412-8c0a-b365f4866c24","type":"Microsoft.Authorization/policyDefinitions","name":"7040a231-fb65-4412-8c0a-b365f4866c24"},{"properties":{"displayName":"Microsoft
+ Managed Control 1254 - Contingency Plan | Resume All Missions / Business Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1254"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/704e136a-4fe0-427c-b829-cd69957f5d2b","type":"Microsoft.Authorization/policyDefinitions","name":"704e136a-4fe0-427c-b829-cd69957f5d2b"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- System''","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''System
Audit Policies - System''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7066131b-61a6-4917-a7e4-72e8983f0aa6","type":"Microsoft.Authorization/policyDefinitions","name":"7066131b-61a6-4917-a7e4-72e8983f0aa6"},{"properties":{"displayName":"[Preview]:
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7066131b-61a6-4917-a7e4-72e8983f0aa6","type":"Microsoft.Authorization/policyDefinitions","name":"7066131b-61a6-4917-a7e4-72e8983f0aa6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1509 - Position Risk Designation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1509"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/70792197-9bfc-4813-905a-bd33993e327f","type":"Microsoft.Authorization/policyDefinitions","name":"70792197-9bfc-4813-905a-bd33993e327f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1541 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1541"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/70f6af82-7be6-44aa-9b15-8b9231b2e434","type":"Microsoft.Authorization/policyDefinitions","name":"70f6af82-7be6-44aa-9b15-8b9231b2e434"},{"properties":{"displayName":"Microsoft
+ Managed Control 1691 - Information System Monitoring | Automated Tools For
+ Real-Time Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1691"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/71475fb4-49bd-450b-a1a5-f63894c24725","type":"Microsoft.Authorization/policyDefinitions","name":"71475fb4-49bd-450b-a1a5-f63894c24725"},{"properties":{"displayName":"Microsoft
+ Managed Control 1481 - Temperature And Humidity Controls","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1481"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/717a1c78-a267-4f56-ac58-ee6c54dc4339","type":"Microsoft.Authorization/policyDefinitions","name":"717a1c78-a267-4f56-ac58-ee6c54dc4339"},{"properties":{"displayName":"Microsoft
+ Managed Control 1129 - Time Stamps | Synchronization With Authoritative Time
+ Source","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1129"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/71bb965d-4047-4623-afd4-b8189a58df5d","type":"Microsoft.Authorization/policyDefinitions","name":"71bb965d-4047-4623-afd4-b8189a58df5d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1395 - System Maintenance Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1395"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7207a023-a517-41c5-9df2-09d4c6845a05","type":"Microsoft.Authorization/policyDefinitions","name":"7207a023-a517-41c5-9df2-09d4c6845a05"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs on which the DSC configuration is not
compliant","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
@@ -8551,7 +14086,28 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Administrative
Templates - Network''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesNetwork","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7229bd6a-693d-478a-87f0-1dc1af06f3b8","type":"Microsoft.Authorization/policyDefinitions","name":"7229bd6a-693d-478a-87f0-1dc1af06f3b8"},{"properties":{"displayName":"[Preview]:
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesNetwork","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7229bd6a-693d-478a-87f0-1dc1af06f3b8","type":"Microsoft.Authorization/policyDefinitions","name":"7229bd6a-693d-478a-87f0-1dc1af06f3b8"},{"properties":{"displayName":"Ensure
+ that ''Python version'' is the latest, if used as a part of the Function app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Python software either due to security flaws
+ or to include additional functionality. Using the latest Python version for
+ Function apps is recommended in order to to take advantage of security fixes,
+ if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"WindowsPythonLatestVersion":{"type":"String","metadata":{"displayName":"Windows
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.6"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"Linux
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.8"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PYTHON"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PYTHON|'',
+ parameters(''LinuxPythonLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":"[parameters(''WindowsPythonLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","type":"Microsoft.Authorization/policyDefinitions","name":"7238174a-fd10-4ef0-817e-fc820a951d73"},{"properties":{"displayName":"Ensure
+ that ''PHP version'' is the latest, if used as a part of the WEB app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for PHP software either due to security flaws
+ or to include additional functionality. Using the latest PHP version for web
+ apps is recommended in order to to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ PHP version","description":"Latest supported PHP version for App Services"},"defaultValue":"7.3"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PHP"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PHP|'',
+ parameters(''PHPLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":"[parameters(''PHPLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","type":"Microsoft.Authorization/policyDefinitions","name":"7261b898-8a84-4db8-9e04-18527132abb3"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that allow re-use of the previous
24 passwords","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -8559,24 +14115,75 @@ interactions:
managed identity and deploys the VM extension for Guest Configuration. This
policy should only be used along with its corresponding audit policy in an
initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"EnforcePasswordHistory"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","type":"Microsoft.Authorization/policyDefinitions","name":"726671ac-c4de-4908-8c7d-6043ae62e3b6"},{"properties":{"displayName":"Allowed
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"EnforcePasswordHistory"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","type":"Microsoft.Authorization/policyDefinitions","name":"726671ac-c4de-4908-8c7d-6043ae62e3b6"},{"properties":{"displayName":"Add
+ a tag to resource groups","policyType":"BuiltIn","mode":"All","description":"Adds
+ the specified tag and value when any resource group missing this tag is created
+ or updated. Existing resource groups can be remediated by triggering a remediation
+ task. If the tag exists with a different value it will not be changed.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
+ Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"add","field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/726aca4c-86e9-4b04-b0c5-073027359532","type":"Microsoft.Authorization/policyDefinitions","name":"726aca4c-86e9-4b04-b0c5-073027359532"},{"properties":{"displayName":"Microsoft
+ Managed Control 1524 - Personnel Transfer","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1524"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/72f1cb4e-2439-4fe8-88ea-b8671ce3c268","type":"Microsoft.Authorization/policyDefinitions","name":"72f1cb4e-2439-4fe8-88ea-b8671ce3c268"},{"properties":{"displayName":"Microsoft
+ Managed Control 1393 - Information Spillage Response | Exposure To Unauthorized
+ Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1393"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/731856d8-1598-4b75-92de-7d46235747c0","type":"Microsoft.Authorization/policyDefinitions","name":"731856d8-1598-4b75-92de-7d46235747c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1101 - Audit And Accountability Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1101"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7327b708-f0e0-457d-9d2a-527fcc9c9a65","type":"Microsoft.Authorization/policyDefinitions","name":"7327b708-f0e0-457d-9d2a-527fcc9c9a65"},{"properties":{"displayName":"Microsoft
+ Managed Control 1456 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1456"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/733ba9e3-9e7c-440a-a7aa-6196a90a2870","type":"Microsoft.Authorization/policyDefinitions","name":"733ba9e3-9e7c-440a-a7aa-6196a90a2870"},{"properties":{"displayName":"Microsoft
+ Managed Control 1581 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1581"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/742b549b-7a25-465f-b83c-ea1ffb4f4e0e","type":"Microsoft.Authorization/policyDefinitions","name":"742b549b-7a25-465f-b83c-ea1ffb4f4e0e"},{"properties":{"displayName":"Allowed
storage account SKUs","policyType":"BuiltIn","mode":"Indexed","description":"This
policy enables you to specify a set of storage account SKUs that your organization
can deploy.","metadata":{"category":"Storage"},"parameters":{"listOfAllowedSKUs":{"type":"Array","metadata":{"description":"The
list of SKUs that can be specified for storage accounts.","displayName":"Allowed
- SKUs","strongType":"StorageSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1","type":"Microsoft.Authorization/policyDefinitions","name":"7433c107-6db4-4ad1-b57a-a76dce0154a1"},{"properties":{"displayName":"[Deprecated]:
+ SKUs","strongType":"StorageSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1","type":"Microsoft.Authorization/policyDefinitions","name":"7433c107-6db4-4ad1-b57a-a76dce0154a1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1631 - Boundary Protection | Deny By Default / Allow By Exception","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1631"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/74ae9b8e-e7bb-4c9c-992f-c535282f7a2c","type":"Microsoft.Authorization/policyDefinitions","name":"74ae9b8e-e7bb-4c9c-992f-c535282f7a2c"},{"properties":{"displayName":"Ensure
+ that ''Python version'' is the latest, if used as a part of the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Python software either due to security flaws
+ or to include additional functionality. Using the latest Python version for
+ Api apps is recommended in order to to take advantage of security fixes, if
+ any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"WindowsPythonLatestVersion":{"type":"String","metadata":{"displayName":"Windows
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.6"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"Linux
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.8"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PYTHON"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PYTHON|'',
+ parameters(''LinuxPythonLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":"[parameters(''WindowsPythonLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","type":"Microsoft.Authorization/policyDefinitions","name":"74c3584d-afae-46f7-a20a-6f8adba71a16"},{"properties":{"displayName":"Microsoft
+ Managed Control 1417 - Nonlocal Maintenance | Comparable Security / Sanitization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1417"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7522ed84-70d5-4181-afc0-21e50b1b6d0e","type":"Microsoft.Authorization/policyDefinitions","name":"7522ed84-70d5-4181-afc0-21e50b1b6d0e"},{"properties":{"displayName":"[Deprecated]:
Audit enabling of diagnostic logs in App Services","policyType":"BuiltIn","mode":"All","description":"Audit
enabling of diagnostic logs on the app. This enables you to recreate activity
trails for investigation purposes if a security incident occurs or your network
is compromised","metadata":{"category":"App Service","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites/config"},{"field":"name","equals":"web"},{"anyOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","notEquals":"true"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac","type":"Microsoft.Authorization/policyDefinitions","name":"752c6934-9bcc-4749-b004-655e676ae2ac"},{"properties":{"displayName":"Vulnerabilities
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites/config"},{"field":"name","equals":"web"},{"anyOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","notEquals":"true"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac","type":"Microsoft.Authorization/policyDefinitions","name":"752c6934-9bcc-4749-b004-655e676ae2ac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1468 - Visitor Access Records | Automated Records Maintenance
+ / Review","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1468"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/75603f96-80a1-4757-991d-5a1221765ddd","type":"Microsoft.Authorization/policyDefinitions","name":"75603f96-80a1-4757-991d-5a1221765ddd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1053 - Session Lock | Pattern-Hiding Displays","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1053"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7582b19c-9dba-438e-aed8-ede59ac35ba3","type":"Microsoft.Authorization/policyDefinitions","name":"7582b19c-9dba-438e-aed8-ede59ac35ba3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1459 - Access Control For Transmission Medium","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1459"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0","type":"Microsoft.Authorization/policyDefinitions","name":"75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0"},{"properties":{"displayName":"Vulnerabilities
should be remediated by a Vulnerability Assessment solution","policyType":"BuiltIn","mode":"All","description":"Monitors
vulnerabilities detected by Vulnerability Assessment solution and VMs without
a Vulnerability Assessment solution in Azure Security Center as recommendations.","metadata":{"category":"Security
@@ -8590,12 +14197,63 @@ interactions:
List of VM images that have supported Linux OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.7"},"resources":[{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","name":"[concat(parameters(''vmName''),
''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0","type":"Microsoft.Authorization/policyDefinitions","name":"765266ab-e40e-4c61-bcb2-5a5275d0b7c0"},{"properties":{"displayName":"Azure
+ extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0","type":"Microsoft.Authorization/policyDefinitions","name":"765266ab-e40e-4c61-bcb2-5a5275d0b7c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1055 - Session Termination| User-Initiated Logouts / Message
+ Displays","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1055"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/769efd9b-3587-4e22-90ce-65ddcd5bd969","type":"Microsoft.Authorization/policyDefinitions","name":"769efd9b-3587-4e22-90ce-65ddcd5bd969"},{"properties":{"displayName":"Audit
+ delegation of scopes to a managing tenant","policyType":"BuiltIn","mode":"All","description":"Audit
+ delegation of scopes to a managing tenant via Azure Lighthouse.","metadata":{"category":"Lighthouse"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ManagedServices/registrationAssignments"},{"value":"true","equals":"true"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/76bed37b-484f-430f-a009-fd7592dff818","type":"Microsoft.Authorization/policyDefinitions","name":"76bed37b-484f-430f-a009-fd7592dff818"},{"properties":{"displayName":"Microsoft
+ Managed Control 1058 - Permitted Actions Without Identification Or Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1058"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/76e85d08-8fbb-4112-a1c1-93521e6a9254","type":"Microsoft.Authorization/policyDefinitions","name":"76e85d08-8fbb-4112-a1c1-93521e6a9254"},{"properties":{"displayName":"Microsoft
+ Managed Control 1508 - Position Risk Designation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1508"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/76f500cc-4bca-4583-bda1-6d084dc21086","type":"Microsoft.Authorization/policyDefinitions","name":"76f500cc-4bca-4583-bda1-6d084dc21086"},{"properties":{"displayName":"Microsoft
+ Managed Control 1423 - Maintenance Personnel | Individuals Without Appropriate
+ Access","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1423"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7741669e-d4f6-485a-83cb-e70ce7cbbc20","type":"Microsoft.Authorization/policyDefinitions","name":"7741669e-d4f6-485a-83cb-e70ce7cbbc20"},{"properties":{"displayName":"Azure
subscriptions should have a log profile for Activity Log","policyType":"BuiltIn","mode":"All","description":"This
policy ensures if a log profile is enabled for exporting activity logs. It
audits if there is no log profile created to export the logs either to a storage
account or to an event hub.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"field":"Microsoft.Insights/logProfiles/categories","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","type":"Microsoft.Authorization/policyDefinitions","name":"7796937f-307b-4598-941c-67d3a05ebfe7"},{"properties":{"displayName":"Deploy
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"field":"Microsoft.Insights/logProfiles/categories","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","type":"Microsoft.Authorization/policyDefinitions","name":"7796937f-307b-4598-941c-67d3a05ebfe7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1336 - Authenticator Management | Pki-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1336"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/77f56280-e367-432a-a3b9-8ca2aa636a26","type":"Microsoft.Authorization/policyDefinitions","name":"77f56280-e367-432a-a3b9-8ca2aa636a26"},{"properties":{"displayName":"Microsoft
+ Managed Control 1258 - Contingency Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1258"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7814506c-382c-4d33-a142-249dd4a0dbff","type":"Microsoft.Authorization/policyDefinitions","name":"7814506c-382c-4d33-a142-249dd4a0dbff"},{"properties":{"displayName":"Microsoft
+ Managed Control 1178 - Baseline Configuration | Reviews And Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1178"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7818b8f4-47c6-441a-90ae-12ce04e99893","type":"Microsoft.Authorization/policyDefinitions","name":"7818b8f4-47c6-441a-90ae-12ce04e99893"},{"properties":{"displayName":"Microsoft
+ Managed Control 1057 - Permitted Actions Without Identification Or Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1057"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/78255758-6d45-4bf0-a005-7016bc03b13c","type":"Microsoft.Authorization/policyDefinitions","name":"78255758-6d45-4bf0-a005-7016bc03b13c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1700 - Information System Monitoring | Unauthorized Network
+ Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1700"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5","type":"Microsoft.Authorization/policyDefinitions","name":"7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1010 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1010"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/784663a8-1eb0-418a-a98c-24d19bc1bb62","type":"Microsoft.Authorization/policyDefinitions","name":"784663a8-1eb0-418a-a98c-24d19bc1bb62"},{"properties":{"displayName":"Microsoft
+ Managed Control 1216 - Least Functionality | Periodic Review","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1216"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7894fe6a-f5cb-44c8-ba90-c3f254ff9484","type":"Microsoft.Authorization/policyDefinitions","name":"7894fe6a-f5cb-44c8-ba90-c3f254ff9484"},{"properties":{"displayName":"Microsoft
+ Managed Control 1639 - Boundary Protection | Isolation Of Information System
+ Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1639"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/78e8e649-50f6-4fe3-99ac-fedc2e63b03f","type":"Microsoft.Authorization/policyDefinitions","name":"78e8e649-50f6-4fe3-99ac-fedc2e63b03f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1647 - Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1647"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/791cfc15-6974-42a0-9f4c-2d4b82f4a78c","type":"Microsoft.Authorization/policyDefinitions","name":"791cfc15-6974-42a0-9f4c-2d4b82f4a78c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1510 - Position Risk Designation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1510"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/79da5b09-0e7e-499e-adda-141b069c7998","type":"Microsoft.Authorization/policyDefinitions","name":"79da5b09-0e7e-499e-adda-141b069c7998"},{"properties":{"displayName":"Microsoft
+ Managed Control 1384 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1384"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/79fbc228-461c-4a45-9004-a865ca0728a7","type":"Microsoft.Authorization/policyDefinitions","name":"79fbc228-461c-4a45-9004-a865ca0728a7"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows Server VMs on which Windows Serial Console
is not enabled","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows Server virtual
@@ -8611,14 +14269,35 @@ interactions:
the Emergency Management Services (EMS) console redirection. For more information
on EMS settings, please visit https://aka.ms/gcpolwsc"},"allowedValues":["9600","19200","38400","57600","115200"],"defaultValue":"115200"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsSerialConsole","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[WindowsSerialConsole]WindowsSerialConsole;EMSPortNumber'',
''='', parameters(''EMSPortNumber''), '','', ''[WindowsSerialConsole]WindowsSerialConsole;EMSBaudRate'',
- ''='', parameters(''EMSBaudRate'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsSerialConsole"},"EMSPortNumber":{"value":"[parameters(''EMSPortNumber'')]"},"EMSBaudRate":{"value":"[parameters(''EMSBaudRate'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"EMSPortNumber":{"type":"string"},"EMSBaudRate":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSPortNumber","value":"[parameters(''EMSPortNumber'')]"},{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSBaudRate","value":"[parameters(''EMSBaudRate'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSPortNumber","value":"[parameters(''EMSPortNumber'')]"},{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSBaudRate","value":"[parameters(''EMSBaudRate'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a031c68-d6ab-406e-a506-697a19c634b0","type":"Microsoft.Authorization/policyDefinitions","name":"7a031c68-d6ab-406e-a506-697a19c634b0"},{"properties":{"displayName":"Diagnostic
+ ''='', parameters(''EMSBaudRate'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsSerialConsole"},"EMSPortNumber":{"value":"[parameters(''EMSPortNumber'')]"},"EMSBaudRate":{"value":"[parameters(''EMSBaudRate'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"EMSPortNumber":{"type":"string"},"EMSBaudRate":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSPortNumber","value":"[parameters(''EMSPortNumber'')]"},{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSBaudRate","value":"[parameters(''EMSBaudRate'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSPortNumber","value":"[parameters(''EMSPortNumber'')]"},{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSBaudRate","value":"[parameters(''EMSBaudRate'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a031c68-d6ab-406e-a506-697a19c634b0","type":"Microsoft.Authorization/policyDefinitions","name":"7a031c68-d6ab-406e-a506-697a19c634b0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1093 - Role-Based Security Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1093"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a0bdeeb-15f4-47e8-a1da-9f769f845fdf","type":"Microsoft.Authorization/policyDefinitions","name":"7a0bdeeb-15f4-47e8-a1da-9f769f845fdf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1708 - Security Function Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1708"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a1e2c88-13de-4959-8ee7-47e3d74f1f48","type":"Microsoft.Authorization/policyDefinitions","name":"7a1e2c88-13de-4959-8ee7-47e3d74f1f48"},{"properties":{"displayName":"Microsoft
+ Managed Control 1289 - Information System Backup","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1289"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a724864-956a-496c-b778-637cb1d762cf","type":"Microsoft.Authorization/policyDefinitions","name":"7a724864-956a-496c-b778-637cb1d762cf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1687 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1687"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a87fc7f-301e-49f3-ba2a-4d74f424fa97","type":"Microsoft.Authorization/policyDefinitions","name":"7a87fc7f-301e-49f3-ba2a-4d74f424fa97"},{"properties":{"displayName":"Microsoft
+ Managed Control 1061 - Remote Access | Automated Monitoring / Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1061"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ac22808-a2e8-41c4-9d46-429b50738914","type":"Microsoft.Authorization/policyDefinitions","name":"7ac22808-a2e8-41c4-9d46-429b50738914"},{"properties":{"displayName":"Microsoft
+ Managed Control 1492 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1492"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ad5f307-e045-46f7-8214-5bdb7e973737","type":"Microsoft.Authorization/policyDefinitions","name":"7ad5f307-e045-46f7-8214-5bdb7e973737"},{"properties":{"displayName":"Microsoft
+ Managed Control 1636 - Boundary Protection | Isolation Of Security Tools /
+ Mechanisms / Support Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1636"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7b694eed-7081-43c6-867c-41c76c961043","type":"Microsoft.Authorization/policyDefinitions","name":"7b694eed-7081-43c6-867c-41c76c961043"},{"properties":{"displayName":"Diagnostic
logs in Virtual Machine Scale Sets should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"It
is recommended to enable Logs so that activity trail can be recreated when
investigations are required in the event of an incident or a compromise.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -8627,20 +14306,46 @@ interactions:
policy ensures blob encryption for storage accounts is turned on. It only
applies to Microsoft.Storage resource types, not other storage providers.
This policy is deprecated because storage blob encryption is now enabled by
- default, and can no longer be disabled.","metadata":{"category":"Storage","deprecated":true},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f","type":"Microsoft.Authorization/policyDefinitions","name":"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f"},{"properties":{"displayName":"Show
+ default, and can no longer be disabled.","metadata":{"category":"Storage","deprecated":true},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f","type":"Microsoft.Authorization/policyDefinitions","name":"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1143 - Security Assessment And Authorization Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1143"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7c6de11b-5f51-4f7c-8d83-d2467c8a816e","type":"Microsoft.Authorization/policyDefinitions","name":"7c6de11b-5f51-4f7c-8d83-d2467c8a816e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1051 - Session Lock","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1051"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7cac6ee9-b58b-40c8-a5ce-f0efc3d9b339","type":"Microsoft.Authorization/policyDefinitions","name":"7cac6ee9-b58b-40c8-a5ce-f0efc3d9b339"},{"properties":{"displayName":"Microsoft
+ Managed Control 1279 - Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1279"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0","type":"Microsoft.Authorization/policyDefinitions","name":"7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1109 - Content Of Audit Records | Centralized Management Of
+ Planned Audit Record Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1109"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7d9ffa23-ad92-4d0d-b1f4-7db274cc2aec","type":"Microsoft.Authorization/policyDefinitions","name":"7d9ffa23-ad92-4d0d-b1f4-7db274cc2aec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1201 - Security Impact Analysis | Separate Test Environments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1201"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7daef997-fdd3-461b-8807-a608a6dd70f1","type":"Microsoft.Authorization/policyDefinitions","name":"7daef997-fdd3-461b-8807-a608a6dd70f1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1471 - Emergency Shutoff","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1471"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7dd0e9ce-1772-41fb-a50a-99977071f916","type":"Microsoft.Authorization/policyDefinitions","name":"7dd0e9ce-1772-41fb-a50a-99977071f916"},{"properties":{"displayName":"Show
audit results from Windows VMs that have the specified applications installed","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that have the specified applications installed.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"NotInstalledApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c","type":"Microsoft.Authorization/policyDefinitions","name":"7e56b49b-5990-4159-a734-511ea19b731c"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"NotInstalledApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c","type":"Microsoft.Authorization/policyDefinitions","name":"7e56b49b-5990-4159-a734-511ea19b731c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1011 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1011"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e6a54f3-883f-43d5-87c4-172dfd64a1f5","type":"Microsoft.Authorization/policyDefinitions","name":"7e6a54f3-883f-43d5-87c4-172dfd64a1f5"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that have not restarted within the specified
number of days","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that have not restarted within the specified number of days.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MachineLastBootUpTime","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e84ba44-6d03-46fd-950e-5efa5a1112fa","type":"Microsoft.Authorization/policyDefinitions","name":"7e84ba44-6d03-46fd-950e-5efa5a1112fa"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MachineLastBootUpTime","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e84ba44-6d03-46fd-950e-5efa5a1112fa","type":"Microsoft.Authorization/policyDefinitions","name":"7e84ba44-6d03-46fd-950e-5efa5a1112fa"},{"properties":{"displayName":"Microsoft
+ Managed Control 1692 - Information System Monitoring | Inbound And Outbound
+ Communications Traffic","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1692"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ecda928-9df4-4dd7-8f44-641a91e470e8","type":"Microsoft.Authorization/policyDefinitions","name":"7ecda928-9df4-4dd7-8f44-641a91e470e8"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not have the password complexity
setting enabled","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -8649,14 +14354,24 @@ interactions:
Configuration. This policy should only be used along with its corresponding
audit policy in an initiative. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordMustMeetComplexityRequirements"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","type":"Microsoft.Authorization/policyDefinitions","name":"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8"},{"properties":{"displayName":"[Preview]:
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordMustMeetComplexityRequirements"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","type":"Microsoft.Authorization/policyDefinitions","name":"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1191 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1191"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f26a61b-a74d-467c-99cf-63644db144f7","type":"Microsoft.Authorization/policyDefinitions","name":"7f26a61b-a74d-467c-99cf-63644db144f7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1520 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1520"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f2c513b-eb16-463b-b469-c10e5fa94f0a","type":"Microsoft.Authorization/policyDefinitions","name":"7f2c513b-eb16-463b-b469-c10e5fa94f0a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1126 - Audit Reduction And Report Generation | Automatic Processing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1126"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f37f71b-420f-49bf-9477-9c0196974ecf","type":"Microsoft.Authorization/policyDefinitions","name":"7f37f71b-420f-49bf-9477-9c0196974ecf"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Privilege Use''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -8667,13 +14382,28 @@ interactions:
Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPrivilegeUse","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f4e96d1-e4f3-4dbb-b767-33ca4df8df7c","type":"Microsoft.Authorization/policyDefinitions","name":"7f4e96d1-e4f3-4dbb-b767-33ca4df8df7c"},{"properties":{"displayName":"Audit
diagnostic setting","policyType":"BuiltIn","mode":"All","description":"Audit
diagnostic setting for selected resource types","metadata":{"category":"Monitoring"},"parameters":{"listOfResourceTypes":{"type":"Array","metadata":{"displayName":"Resource
- Types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypes'')]"},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","type":"Microsoft.Authorization/policyDefinitions","name":"7f89b1eb-583c-429a-8828-af049802c1d9"},{"properties":{"displayName":"SQL
+ Types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypes'')]"},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","type":"Microsoft.Authorization/policyDefinitions","name":"7f89b1eb-583c-429a-8828-af049802c1d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1117 - Audit Review, Analysis, And Reporting | Process Integration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1117"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7fbfe680-6dbb-4037-963c-a621c5635902","type":"Microsoft.Authorization/policyDefinitions","name":"7fbfe680-6dbb-4037-963c-a621c5635902"},{"properties":{"displayName":"SQL
Auditing settings should have Action-Groups configured to capture critical
activities","policyType":"BuiltIn","mode":"Indexed","description":"The AuditActionsAndGroups
property should contain at least SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,
FAILED_DATABASE_AUTHENTICATION_GROUP, BATCH_COMPLETED_GROUP to ensure a thorough
audit logging","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"FAILED_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"BATCH_COMPLETED_GROUP"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","type":"Microsoft.Authorization/policyDefinitions","name":"7ff426e2-515f-405a-91c8-4f2333442eb5"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"FAILED_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"BATCH_COMPLETED_GROUP"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","type":"Microsoft.Authorization/policyDefinitions","name":"7ff426e2-515f-405a-91c8-4f2333442eb5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1703 - Security Alerts, Advisories, And Directives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1703"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/804faf7d-b687-40f7-9f74-79e28adf4205","type":"Microsoft.Authorization/policyDefinitions","name":"804faf7d-b687-40f7-9f74-79e28adf4205"},{"properties":{"displayName":"Microsoft
+ Managed Control 1303 - Identification And Authentication (Org. Users) | Local
+ Access To Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1303"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/80ca0a27-918a-4604-af9e-723a27ee51e8","type":"Microsoft.Authorization/policyDefinitions","name":"80ca0a27-918a-4604-af9e-723a27ee51e8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1505 - Information Security Architecture","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1505"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/813a10a7-3943-4fe3-8678-00dc52db5490","type":"Microsoft.Authorization/policyDefinitions","name":"813a10a7-3943-4fe3-8678-00dc52db5490"},{"properties":{"displayName":"Microsoft
+ Managed Control 1614 - Developer Security Architecture And Design","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1614"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8154e3b3-cc52-40be-9407-7756581d71f6","type":"Microsoft.Authorization/policyDefinitions","name":"8154e3b3-cc52-40be-9407-7756581d71f6"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''User Rights Assignment''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
with non-compliant settings in Group Policy category: ''User Rights Assignment''.
@@ -8774,7 +14504,35 @@ interactions:
files and directories;ExpectedValue","value":"[parameters(''UsersAndGroupsThatMayRestoreFilesAndDirectories'')]"},{"name":"Shut
down the system;ExpectedValue","value":"[parameters(''UsersAndGroupsThatMayShutDownTheSystem'')]"},{"name":"Take
ownership of files or other objects;ExpectedValue","value":"[parameters(''UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/815dcc9f-6662-43f2-9a03-1b83e9876f24","type":"Microsoft.Authorization/policyDefinitions","name":"815dcc9f-6662-43f2-9a03-1b83e9876f24"},{"properties":{"displayName":"Diagnostic
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/815dcc9f-6662-43f2-9a03-1b83e9876f24","type":"Microsoft.Authorization/policyDefinitions","name":"815dcc9f-6662-43f2-9a03-1b83e9876f24"},{"properties":{"displayName":"Microsoft
+ Managed Control 1308 - Identification And Authentication (Org. Users) | Remote
+ Access - Separate Device","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1308"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/81817e1c-5347-48dd-965a-40159d008229","type":"Microsoft.Authorization/policyDefinitions","name":"81817e1c-5347-48dd-965a-40159d008229"},{"properties":{"displayName":"Microsoft
+ Managed Control 1287 - Information System Backup","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1287"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/819dc6da-289d-476e-8500-7e341ef8677d","type":"Microsoft.Authorization/policyDefinitions","name":"819dc6da-289d-476e-8500-7e341ef8677d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1213 - Configuration Settings | Respond To Unauthorized Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1213"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/81f11e32-a293-4a58-82cd-134af52e2318","type":"Microsoft.Authorization/policyDefinitions","name":"81f11e32-a293-4a58-82cd-134af52e2318"},{"properties":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for MySQL","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure Database for MySQL with geo-redundant backup not enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMySQL/servers"},{"field":"Microsoft.DBforMySQL/servers/storageProfile.geoRedundantBackup","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","type":"Microsoft.Authorization/policyDefinitions","name":"82339799-d096-41ae-8538-b108becf0970"},{"properties":{"displayName":"Microsoft
+ Managed Control 1168 - Continuous Monitoring | Independent Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1168"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/82409f9e-1f32-4775-bf07-b99d53a91b06","type":"Microsoft.Authorization/policyDefinitions","name":"82409f9e-1f32-4775-bf07-b99d53a91b06"},{"properties":{"displayName":"Microsoft
+ Managed Control 1448 - Physical Access Authorizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1448"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/825d6494-e583-42f2-a3f2-6458e6f0004f","type":"Microsoft.Authorization/policyDefinitions","name":"825d6494-e583-42f2-a3f2-6458e6f0004f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1452 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1452"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/82c76455-4d3f-4e09-a654-22e592107e74","type":"Microsoft.Authorization/policyDefinitions","name":"82c76455-4d3f-4e09-a654-22e592107e74"},{"properties":{"displayName":"Microsoft
+ Managed Control 1262 - Contingency Plan Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1262"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/831e510e-db41-4c72-888e-a0621ab62265","type":"Microsoft.Authorization/policyDefinitions","name":"831e510e-db41-4c72-888e-a0621ab62265"},{"properties":{"displayName":"Microsoft
+ Managed Control 1008 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1008"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8356cfc6-507a-4d20-b818-08038011cd07","type":"Microsoft.Authorization/policyDefinitions","name":"8356cfc6-507a-4d20-b818-08038011cd07"},{"properties":{"displayName":"Diagnostic
logs in Event Hub should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
@@ -8786,7 +14544,48 @@ interactions:
policy denies the network interfaces which are configured with any public
IP. Public IP addresses allow internet resources to communicate inbound to
Azure resources, and Azure resources to communicate outbound to the internet.
- This should be reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"not":{"field":"Microsoft.Network/networkInterfaces/ipconfigurations[*].publicIpAddress.id","notLike":"*"}}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114","type":"Microsoft.Authorization/policyDefinitions","name":"83a86a26-fd1f-447c-b59d-e51f44264114"},{"properties":{"displayName":"[Preview]:
+ This should be reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"not":{"field":"Microsoft.Network/networkInterfaces/ipconfigurations[*].publicIpAddress.id","notLike":"*"}}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114","type":"Microsoft.Authorization/policyDefinitions","name":"83a86a26-fd1f-447c-b59d-e51f44264114"},{"properties":{"displayName":"Microsoft
+ Managed Control 1382 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1382"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/841392b3-40da-4473-b328-4cde49db67b3","type":"Microsoft.Authorization/policyDefinitions","name":"841392b3-40da-4473-b328-4cde49db67b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1098 - Security Training Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1098"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/84363adb-dde3-411a-9fc1-36b56737f822","type":"Microsoft.Authorization/policyDefinitions","name":"84363adb-dde3-411a-9fc1-36b56737f822"},{"properties":{"displayName":"Ensure
+ that ''.Net Framework'' version is the latest, if used as a part of the Web
+ app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for .Net Framework software either due to security
+ flaws or to include additional functionality. Using the latest .Net framework
+ version for web apps is recommended in order to to take advantage of security
+ fixes, if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.netFrameworkVersion","in":["v3.0","v4.0"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/843664e0-7563-41ee-a9cb-7522c382d2c4","type":"Microsoft.Authorization/policyDefinitions","name":"843664e0-7563-41ee-a9cb-7522c382d2c4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1119 - Audit Review, Analysis, And Reporting | Central Review
+ And Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1119"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/845f6359-b764-4b40-b579-657aefe23c44","type":"Microsoft.Authorization/policyDefinitions","name":"845f6359-b764-4b40-b579-657aefe23c44"},{"properties":{"displayName":"Microsoft
+ Managed Control 1024 - Account Management | Account Monitoring / Atypical
+ Usage","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1024"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/84914fb4-12da-4c53-a341-a9fd463bed10","type":"Microsoft.Authorization/policyDefinitions","name":"84914fb4-12da-4c53-a341-a9fd463bed10"},{"properties":{"displayName":"Microsoft
+ Managed Control 1307 - Identification And Authentication (Org. Users) | Net.
+ Access To Non-Priv. Accts. - Replay","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1307"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/84e622c8-4bed-417c-84c6-b2fb0dd73682","type":"Microsoft.Authorization/policyDefinitions","name":"84e622c8-4bed-417c-84c6-b2fb0dd73682"},{"properties":{"displayName":"Microsoft
+ Managed Control 1080 - Use Of External Information Systems | Portable Storage
+ Devices","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1080"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/852981b4-a380-4704-aa1e-2e52d63445e5","type":"Microsoft.Authorization/policyDefinitions","name":"852981b4-a380-4704-aa1e-2e52d63445e5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1580 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1580"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/854db8ac-6adf-42a0-bef3-b73f764f40b9","type":"Microsoft.Authorization/policyDefinitions","name":"854db8ac-6adf-42a0-bef3-b73f764f40b9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1348 - Identification And Authentication (Non-Org. Users)
+ | Acceptance Of Third-Party Credentials","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1348"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/855ced56-417b-4d74-9d5f-dd1bc81e22d6","type":"Microsoft.Authorization/policyDefinitions","name":"855ced56-417b-4d74-9d5f-dd1bc81e22d6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1079 - Use Of External Information Systems | Limits On Authorized
+ Use","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1079"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/85c32733-7d23-4948-88da-058e2c56b60f","type":"Microsoft.Authorization/policyDefinitions","name":"85c32733-7d23-4948-88da-058e2c56b60f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1326 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1326"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8605fc00-1bf5-4fb3-984e-c95cec4f231d","type":"Microsoft.Authorization/policyDefinitions","name":"8605fc00-1bf5-4fb3-984e-c95cec4f231d"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Microsoft Network Server''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -8804,11 +14603,39 @@ interactions:
updates should be installed on your machines","policyType":"BuiltIn","mode":"All","description":"Missing
security system updates on your servers will be monitored by Azure Security
Center as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"systemUpdates","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","type":"Microsoft.Authorization/policyDefinitions","name":"86b3d65f-7626-441e-b690-81a8b71cff60"},{"properties":{"displayName":"Require
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"systemUpdates","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","type":"Microsoft.Authorization/policyDefinitions","name":"86b3d65f-7626-441e-b690-81a8b71cff60"},{"properties":{"displayName":"Microsoft
+ Managed Control 1507 - Personnel Security Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1507"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86ccd1bf-e7ad-4851-93ce-6ec817469c1e","type":"Microsoft.Authorization/policyDefinitions","name":"86ccd1bf-e7ad-4851-93ce-6ec817469c1e"},{"properties":{"displayName":"Ensure
+ that Register with Azure Active Directory is enabled on API app","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86d97760-d216-4d81-a3ad-163087b2b6c3","type":"Microsoft.Authorization/policyDefinitions","name":"86d97760-d216-4d81-a3ad-163087b2b6c3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1392 - Information Spillage Response | Post-Spill Operations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1392"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86dc819f-15e1-43f9-a271-41ae58d4cecc","type":"Microsoft.Authorization/policyDefinitions","name":"86dc819f-15e1-43f9-a271-41ae58d4cecc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1589 - External Information System Services | Risk Assessments
+ / Organizational Approvals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1589"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86ec7f9b-9478-40ff-8cfd-6a0d510081a8","type":"Microsoft.Authorization/policyDefinitions","name":"86ec7f9b-9478-40ff-8cfd-6a0d510081a8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1207 - Access Restrictions For Change | Limit Production /
+ Operational Privileges","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1207"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8713a0ed-0d1e-4d10-be82-83dffb39830e","type":"Microsoft.Authorization/policyDefinitions","name":"8713a0ed-0d1e-4d10-be82-83dffb39830e"},{"properties":{"displayName":"Require
specified tag","policyType":"BuiltIn","mode":"Indexed","description":"Enforces
- existence of a tag. Does not apply to resource groups.","metadata":{"category":"General"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ existence of a tag. Does not apply to resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","exists":"false"},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/871b6d14-10aa-478d-b590-94f262ecfa99","type":"Microsoft.Authorization/policyDefinitions","name":"871b6d14-10aa-478d-b590-94f262ecfa99"},{"properties":{"displayName":"[Preview]:
+ parameters(''tagName''), '']'')]","exists":"false"},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/871b6d14-10aa-478d-b590-94f262ecfa99","type":"Microsoft.Authorization/policyDefinitions","name":"871b6d14-10aa-478d-b590-94f262ecfa99"},{"properties":{"displayName":"Microsoft
+ Managed Control 1180 - Baseline Configuration | Automation Support For Accuracy
+ / Currency","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1180"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/874e7880-a067-42a7-bcbe-1a340f54c8cc","type":"Microsoft.Authorization/policyDefinitions","name":"874e7880-a067-42a7-bcbe-1a340f54c8cc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1635 - Boundary Protection | Host-Based Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1635"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e","type":"Microsoft.Authorization/policyDefinitions","name":"87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Administrative Templates
- Control Panel''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -8816,7 +14643,18 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Administrative Templates - Control Panel''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesControlPanel","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/87b590fe-4a1d-4697-ae74-d4fe72ab786c","type":"Microsoft.Authorization/policyDefinitions","name":"87b590fe-4a1d-4697-ae74-d4fe72ab786c"},{"properties":{"displayName":"Deploy
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesControlPanel","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/87b590fe-4a1d-4697-ae74-d4fe72ab786c","type":"Microsoft.Authorization/policyDefinitions","name":"87b590fe-4a1d-4697-ae74-d4fe72ab786c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1293 - Information System Backup | Separate Storage For Critical
+ Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1293"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/87f7cd82-2e45-4d0f-9e2f-586b0962d142","type":"Microsoft.Authorization/policyDefinitions","name":"87f7cd82-2e45-4d0f-9e2f-586b0962d142"},{"properties":{"displayName":"Microsoft
+ Managed Control 1440 - Media Sanitization | Review / Approve / Track / Document
+ / Verify","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1440"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/881299bf-2a5b-4686-a1b2-321d33679953","type":"Microsoft.Authorization/policyDefinitions","name":"881299bf-2a5b-4686-a1b2-321d33679953"},{"properties":{"displayName":"Microsoft
+ Managed Control 1356 - Incident Response Training | Simulated Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1356"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8829f8f5-e8be-441e-85c9-85b72a5d0ef3","type":"Microsoft.Authorization/policyDefinitions","name":"8829f8f5-e8be-441e-85c9-85b72a5d0ef3"},{"properties":{"displayName":"Deploy
prerequisites to audit Linux VMs that have the specified applications installed","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Linux virtual machines
that have the specified applications installed. It also creates a system-assigned
@@ -8827,24 +14665,46 @@ interactions:
names","description":"A semicolon-separated list of the names of the applications
that should not be installed. e.g. ''python; powershell''"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"not_installed_application_linux","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent'',
''='', concat(''packages: ['', replace(parameters(''ApplicationName''), '';'',
- '',''), '']'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"not_installed_application_linux"},"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ApplicationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ '',''), '']'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"not_installed_application_linux"},"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ApplicationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent","value":"[concat(''packages:
- ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent","value":"[concat(''packages:
- ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0","type":"Microsoft.Authorization/policyDefinitions","name":"884b209a-963b-4520-8006-d20cb3c213e0"},{"properties":{"displayName":"Network
+ ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0","type":"Microsoft.Authorization/policyDefinitions","name":"884b209a-963b-4520-8006-d20cb3c213e0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1317 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1317"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8877f519-c166-47b7-81b7-8a8eb4ff3775","type":"Microsoft.Authorization/policyDefinitions","name":"8877f519-c166-47b7-81b7-8a8eb4ff3775"},{"properties":{"displayName":"Microsoft
+ Managed Control 1501 - Rules Of Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1501"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88817b58-8472-4f6c-81fa-58ce42b67f51","type":"Microsoft.Authorization/policyDefinitions","name":"88817b58-8472-4f6c-81fa-58ce42b67f51"},{"properties":{"displayName":"Ensure
+ that ''Java version'' is the latest, if used as a part of the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Java either due to security flaws or to include
+ additional functionality. Using the latest Python version for Api apps is
+ recommended in order to to take advantage of security fixes, if any, and/or
+ new functionalities of the latest version.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ Java version","description":"Latest supported Java version for App Services"},"defaultValue":"11"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"JAVA"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","like":"[concat(''*'',
+ parameters(''JavaLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.javaVersion","like":"[concat(parameters(''JavaLatestVersion''),
+ ''*'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","type":"Microsoft.Authorization/policyDefinitions","name":"88999f4c-376a-45c8-bcb3-4058f713cf39"},{"properties":{"displayName":"Network
interfaces should disable IP forwarding","policyType":"BuiltIn","mode":"Indexed","description":"This
policy denies the network interfaces which enabled IP forwarding. The setting
of IP forwarding disables Azure''s check of the source and destination for
- a network interface. This should be reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"field":"Microsoft.Network/networkInterfaces/enableIpForwarding","equals":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900","type":"Microsoft.Authorization/policyDefinitions","name":"88c0b9da-ce96-4b03-9635-f29a937e2900"},{"properties":{"displayName":"SQL
+ a network interface. This should be reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"field":"Microsoft.Network/networkInterfaces/enableIpForwarding","equals":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900","type":"Microsoft.Authorization/policyDefinitions","name":"88c0b9da-ce96-4b03-9635-f29a937e2900"},{"properties":{"displayName":"Microsoft
+ Managed Control 1215 - Least Functionality","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1215"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88fc93e8-4745-4785-b5a5-b44bb92c44ff","type":"Microsoft.Authorization/policyDefinitions","name":"88fc93e8-4745-4785-b5a5-b44bb92c44ff"},{"properties":{"displayName":"SQL
servers should be configured with auditing retention days greater than 90
days.","policyType":"BuiltIn","mode":"Indexed","description":"Audit SQL servers
configured with an auditing retention period of less than 90 days.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/auditingSettings/retentionDays","greater":90}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","type":"Microsoft.Authorization/policyDefinitions","name":"89099bee-89e0-4b26-a5f4-165451757743"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/auditingSettings/retentionDays","greater":90}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","type":"Microsoft.Authorization/policyDefinitions","name":"89099bee-89e0-4b26-a5f4-165451757743"},{"properties":{"displayName":"Microsoft
+ Managed Control 1411 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1411"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/898d4fe8-f743-4333-86b7-0c9245d93e7d","type":"Microsoft.Authorization/policyDefinitions","name":"898d4fe8-f743-4333-86b7-0c9245d93e7d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1092 - Security Awareness Training | Insider Threat","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1092"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8a29d47b-8604-4667-84ef-90d203fcb305","type":"Microsoft.Authorization/policyDefinitions","name":"8a29d47b-8604-4667-84ef-90d203fcb305"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
System settings''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -8858,19 +14718,60 @@ interactions:
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines with a pending reboot. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8b0de57a-f511-4d45-a277-17cb79cb163b","type":"Microsoft.Authorization/policyDefinitions","name":"8b0de57a-f511-4d45-a277-17cb79cb163b"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8b0de57a-f511-4d45-a277-17cb79cb163b","type":"Microsoft.Authorization/policyDefinitions","name":"8b0de57a-f511-4d45-a277-17cb79cb163b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1534 - Personnel Sanctions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1534"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8b2b263e-cd05-4488-bcbf-4debec7a17d9","type":"Microsoft.Authorization/policyDefinitions","name":"8b2b263e-cd05-4488-bcbf-4debec7a17d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1170 - Penetration Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1170"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8b78b9b3-ee3c-48e0-a243-ed6dba5b7a12","type":"Microsoft.Authorization/policyDefinitions","name":"8b78b9b3-ee3c-48e0-a243-ed6dba5b7a12"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Windows Firewall Properties''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Windows Firewall Properties''. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsFirewallProperties","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8bbd627e-4d25-4906-9a6e-3789780af3ec","type":"Microsoft.Authorization/policyDefinitions","name":"8bbd627e-4d25-4906-9a6e-3789780af3ec"},{"properties":{"displayName":"Require
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsFirewallProperties","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8bbd627e-4d25-4906-9a6e-3789780af3ec","type":"Microsoft.Authorization/policyDefinitions","name":"8bbd627e-4d25-4906-9a6e-3789780af3ec"},{"properties":{"displayName":"Ensure
+ that ''HTTP Version'' is the latest, if used to run the Web app","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.http20Enabled","Equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae","type":"Microsoft.Authorization/policyDefinitions","name":"8c122334-9d20-4eb8-89ea-ac9a705b74ae"},{"properties":{"displayName":"Microsoft
+ Managed Control 1458 - Physical Access Control | Information System Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1458"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8c19ceb7-56e9-4488-8ddb-b1eb3aa6d203","type":"Microsoft.Authorization/policyDefinitions","name":"8c19ceb7-56e9-4488-8ddb-b1eb3aa6d203"},{"properties":{"displayName":"Microsoft
+ Managed Control 1683 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1683"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8c79fee4-88dd-44ce-bbd4-4de88948c4f8","type":"Microsoft.Authorization/policyDefinitions","name":"8c79fee4-88dd-44ce-bbd4-4de88948c4f8"},{"properties":{"displayName":"Latest
+ TLS version should be used in your API App","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
+ to the latest TLS version","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","type":"Microsoft.Authorization/policyDefinitions","name":"8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1316 - Identifier Management | Identify User Status","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1316"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ce14753-66e5-465d-9841-26ef55c09c0d","type":"Microsoft.Authorization/policyDefinitions","name":"8ce14753-66e5-465d-9841-26ef55c09c0d"},{"properties":{"displayName":"Require
tag and its value on resource groups","policyType":"BuiltIn","mode":"All","description":"Enforces
- a required tag and its value on resource groups.","metadata":{"category":"General"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ a required tag and its value on resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
- Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","notEquals":"[parameters(''tagValue'')]"},{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46","type":"Microsoft.Authorization/policyDefinitions","name":"8ce3da23-7156-49e4-b145-24f95f9dcb46"},{"properties":{"displayName":"[Preview]:
+ Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","notEquals":"[parameters(''tagValue'')]"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46","type":"Microsoft.Authorization/policyDefinitions","name":"8ce3da23-7156-49e4-b145-24f95f9dcb46"},{"properties":{"displayName":"Microsoft
+ Managed Control 1324 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1324"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8cfea2b3-7f77-497e-ac20-0752f2ff6eee","type":"Microsoft.Authorization/policyDefinitions","name":"8cfea2b3-7f77-497e-ac20-0752f2ff6eee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1225 - Information System Component Inventory | Automated
+ Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1225"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8d096fe0-f510-4486-8b4d-d17dc230980b","type":"Microsoft.Authorization/policyDefinitions","name":"8d096fe0-f510-4486-8b4d-d17dc230980b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1288 - Information System Backup","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1288"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f","type":"Microsoft.Authorization/policyDefinitions","name":"8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1281 - Telecommunications Services | Priority Of Service Provisions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1281"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8dc459b3-0e77-45af-8d71-cfd8c9654fe2","type":"Microsoft.Authorization/policyDefinitions","name":"8dc459b3-0e77-45af-8d71-cfd8c9654fe2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1250 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1250"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8de614d8-a8b7-4f70-a62a-6d37089a002c","type":"Microsoft.Authorization/policyDefinitions","name":"8de614d8-a8b7-4f70-a62a-6d37089a002c"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - Object Access''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -8899,7 +14800,22 @@ interactions:
Detailed File Share;ExpectedValue","value":"[parameters(''AuditDetailedFileShare'')]"},{"name":"Audit
File Share;ExpectedValue","value":"[parameters(''AuditFileShare'')]"},{"name":"Audit
File System;ExpectedValue","value":"[parameters(''AuditFileSystem'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8e170edb-e0f5-497a-bb36-48b3280cec6a","type":"Microsoft.Authorization/policyDefinitions","name":"8e170edb-e0f5-497a-bb36-48b3280cec6a"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8e170edb-e0f5-497a-bb36-48b3280cec6a","type":"Microsoft.Authorization/policyDefinitions","name":"8e170edb-e0f5-497a-bb36-48b3280cec6a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1278 - Alternate Processing Site | Preparation For Use","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1278"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8e5ef485-9e16-4c53-a475-fbb8107eac59","type":"Microsoft.Authorization/policyDefinitions","name":"8e5ef485-9e16-4c53-a475-fbb8107eac59"},{"properties":{"displayName":"Microsoft
+ Managed Control 1517 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1517"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8f5ad423-50d6-4617-b058-69908f5586c9","type":"Microsoft.Authorization/policyDefinitions","name":"8f5ad423-50d6-4617-b058-69908f5586c9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1668 - Flaw Remediation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1668"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8fb0966e-be1d-42c3-baca-60df5c0bcc61","type":"Microsoft.Authorization/policyDefinitions","name":"8fb0966e-be1d-42c3-baca-60df5c0bcc61"},{"properties":{"displayName":"Microsoft
+ Managed Control 1013 - Account Management | Automated System Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1013"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8fd7b917-d83b-4379-af60-51e14e316c61","type":"Microsoft.Authorization/policyDefinitions","name":"8fd7b917-d83b-4379-af60-51e14e316c61"},{"properties":{"displayName":"Microsoft
+ Managed Control 1147 - Security Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1147"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8fef824a-29a8-4a4c-88fc-420a39c0d541","type":"Microsoft.Authorization/policyDefinitions","name":"8fef824a-29a8-4a4c-88fc-420a39c0d541"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not store passwords using
reversible encryption","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -8907,14 +14823,17 @@ interactions:
system-assigned managed identity and deploys the VM extension for Guest Configuration.
This policy should only be used along with its corresponding audit policy
in an initiative. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"StorePasswordsUsingReversibleEncryption","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"StorePasswordsUsingReversibleEncryption"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","type":"Microsoft.Authorization/policyDefinitions","name":"8ff0b18b-262e-4512-857a-48ad0aeb9a78"},{"properties":{"displayName":"[Preview]:
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"StorePasswordsUsingReversibleEncryption","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"StorePasswordsUsingReversibleEncryption"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","type":"Microsoft.Authorization/policyDefinitions","name":"8ff0b18b-262e-4512-857a-48ad0aeb9a78"},{"properties":{"displayName":"Microsoft
+ Managed Control 1550 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1550"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/902908fb-25a8-4225-a3a5-5603c80066c9","type":"Microsoft.Authorization/policyDefinitions","name":"902908fb-25a8-4225-a3a5-5603c80066c9"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Windows Firewall
Properties''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -9047,7 +14966,10 @@ interactions:
Firewall: Domain: Allow unicast response;ExpectedValue","value":"[parameters(''WindowsFirewallDomainAllowUnicastResponse'')]"},{"name":"Windows
Firewall: Private: Allow unicast response;ExpectedValue","value":"[parameters(''WindowsFirewallPrivateAllowUnicastResponse'')]"},{"name":"Windows
Firewall: Public: Allow unicast response;ExpectedValue","value":"[parameters(''WindowsFirewallPublicAllowUnicastResponse'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/909c958d-1b99-4c74-b88f-46a5c5bc34f9","type":"Microsoft.Authorization/policyDefinitions","name":"909c958d-1b99-4c74-b88f-46a5c5bc34f9"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/909c958d-1b99-4c74-b88f-46a5c5bc34f9","type":"Microsoft.Authorization/policyDefinitions","name":"909c958d-1b99-4c74-b88f-46a5c5bc34f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1133 - Protection Of Audit Information | Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1133"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90b60a09-133d-45bc-86ef-b206a6134bbe","type":"Microsoft.Authorization/policyDefinitions","name":"90b60a09-133d-45bc-86ef-b206a6134bbe"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that do not have the specified Windows
PowerShell modules installed","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -9062,26 +14984,47 @@ interactions:
of a module that should be installed by including a comma after the module
name, followed by the desired version. e.g. PSDscResources; SqlServerDsc,
12.0.0.0; ComputerManagementDsc, 6.1.0.0"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellModules","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[PowerShellModules]PowerShellModules1;Modules'',
- ''='', parameters(''Modules'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPowerShellModules"},"Modules":{"value":"[parameters(''Modules'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"Modules":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellModules]PowerShellModules1;Modules","value":"[parameters(''Modules'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellModules]PowerShellModules1;Modules","value":"[parameters(''Modules'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90ba2ee7-4ca8-4673-84d1-c851c50d3baf","type":"Microsoft.Authorization/policyDefinitions","name":"90ba2ee7-4ca8-4673-84d1-c851c50d3baf"},{"properties":{"displayName":"[Preview]:
+ ''='', parameters(''Modules'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPowerShellModules"},"Modules":{"value":"[parameters(''Modules'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"Modules":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellModules]PowerShellModules1;Modules","value":"[parameters(''Modules'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellModules]PowerShellModules1;Modules","value":"[parameters(''Modules'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90ba2ee7-4ca8-4673-84d1-c851c50d3baf","type":"Microsoft.Authorization/policyDefinitions","name":"90ba2ee7-4ca8-4673-84d1-c851c50d3baf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1140 - Audit Generation | System-Wide / Time-Correlated Audit
+ Trail","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1140"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90d8b8ad-8ee3-4db7-913f-2a53fcff5316","type":"Microsoft.Authorization/policyDefinitions","name":"90d8b8ad-8ee3-4db7-913f-2a53fcff5316"},{"properties":{"displayName":"Microsoft
+ Managed Control 1355 - Incident Response Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1355"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90e01f69-3074-4de8-ade7-0fef3e7d83e0","type":"Microsoft.Authorization/policyDefinitions","name":"90e01f69-3074-4de8-ade7-0fef3e7d83e0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1657 - Secure Name / Address Resolution Service (Authoritative
+ Source)","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1657"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90f01329-a100-43c2-af31-098996135d2b","type":"Microsoft.Authorization/policyDefinitions","name":"90f01329-a100-43c2-af31-098996135d2b"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Windows Components''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Windows Components''. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsComponents","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9178b430-2295-406e-bb28-f6a7a2a2f897","type":"Microsoft.Authorization/policyDefinitions","name":"9178b430-2295-406e-bb28-f6a7a2a2f897"},{"properties":{"displayName":"MFA
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsComponents","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9178b430-2295-406e-bb28-f6a7a2a2f897","type":"Microsoft.Authorization/policyDefinitions","name":"9178b430-2295-406e-bb28-f6a7a2a2f897"},{"properties":{"displayName":"Microsoft
+ Managed Control 1069 - Wireless Access | Authentication And Encryption","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1069"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/91c97b44-791e-46e9-bad7-ab7c4949edbb","type":"Microsoft.Authorization/policyDefinitions","name":"91c97b44-791e-46e9-bad7-ab7c4949edbb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1370 - Incident Monitoring | Automated Tracking / Data Collection
+ / Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1370"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/924e1b2d-c502-478f-bfdb-a7e09a0d5c01","type":"Microsoft.Authorization/policyDefinitions","name":"924e1b2d-c502-478f-bfdb-a7e09a0d5c01"},{"properties":{"displayName":"MFA
should be enabled accounts with write permissions on your subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor
Authentication (MFA) should be enabled for all subscription accounts with
write privileges to prevent a breach of accounts or resources.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","type":"Microsoft.Authorization/policyDefinitions","name":"9297c21d-2ed6-4474-b48f-163f75654ce3"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","type":"Microsoft.Authorization/policyDefinitions","name":"9297c21d-2ed6-4474-b48f-163f75654ce3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1290 - Information System Backup","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1290"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/92f85ce9-17b7-49ea-85ee-ea7271ea6b82","type":"Microsoft.Authorization/policyDefinitions","name":"92f85ce9-17b7-49ea-85ee-ea7271ea6b82"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that contain certificates expiring within
the specified number of days","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -9102,26 +15045,60 @@ interactions:
to include","description":"A semicolon-separated list of members that should
be included in the Administrators local group. Ex: Administrator; myUser1;
myUser2"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AdministratorsGroupMembersToInclude","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[LocalGroup]AdministratorsGroup;MembersToInclude'',
- ''='', parameters(''MembersToInclude'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AdministratorsGroupMembersToInclude"},"MembersToInclude":{"value":"[parameters(''MembersToInclude'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"MembersToInclude":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToInclude","value":"[parameters(''MembersToInclude'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToInclude","value":"[parameters(''MembersToInclude'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","type":"Microsoft.Authorization/policyDefinitions","name":"93507a81-10a4-4af0-9ee2-34cf25a96e98"},{"properties":{"displayName":"Allow
- resource creation only in European data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
- resource creation in the following locations only: North Europe, West Europe","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["northeurope","westeurope"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b","type":"Microsoft.Authorization/policyDefinitions","name":"94c19f19-8192-48cd-a11b-e37099d3e36b"},{"properties":{"displayName":"Require
+ ''='', parameters(''MembersToInclude'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AdministratorsGroupMembersToInclude"},"MembersToInclude":{"value":"[parameters(''MembersToInclude'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"MembersToInclude":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToInclude","value":"[parameters(''MembersToInclude'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToInclude","value":"[parameters(''MembersToInclude'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","type":"Microsoft.Authorization/policyDefinitions","name":"93507a81-10a4-4af0-9ee2-34cf25a96e98"},{"properties":{"displayName":"Microsoft
+ Managed Control 1575 - Acquisition Process | Functional Properties Of Security
+ Controls","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1575"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93e1bb73-1b08-4dbe-9c62-8e2e92e7ec41","type":"Microsoft.Authorization/policyDefinitions","name":"93e1bb73-1b08-4dbe-9c62-8e2e92e7ec41"},{"properties":{"displayName":"Microsoft
+ Managed Control 1674 - Flaw Remediation | Time To Remediate Flaws / Benchmarks
+ For Corrective Actions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1674"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93e9e233-dd0a-4bde-aea5-1371bce0e002","type":"Microsoft.Authorization/policyDefinitions","name":"93e9e233-dd0a-4bde-aea5-1371bce0e002"},{"properties":{"displayName":"Microsoft
+ Managed Control 1297 - Information System Recovery And Reconstitution | Restore
+ Within Time Period","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1297"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93fd8af1-c161-4bae-9ba9-f62731f76439","type":"Microsoft.Authorization/policyDefinitions","name":"93fd8af1-c161-4bae-9ba9-f62731f76439"},{"properties":{"displayName":"Microsoft
+ Managed Control 1284 - Telecommunications Services | Provider Contingency
+ Plan","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1284"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/942b3e97-6ae3-410e-a794-c9c999b97c0b","type":"Microsoft.Authorization/policyDefinitions","name":"942b3e97-6ae3-410e-a794-c9c999b97c0b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1379 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1379"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9442dd2c-a07f-46cd-b55a-553b66ba47ca","type":"Microsoft.Authorization/policyDefinitions","name":"9442dd2c-a07f-46cd-b55a-553b66ba47ca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1371 - Incident Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1371"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9447f354-2c85-4700-93b3-ecdc6cb6a417","type":"Microsoft.Authorization/policyDefinitions","name":"9447f354-2c85-4700-93b3-ecdc6cb6a417"},{"properties":{"displayName":"[Deprecated]:
+ Allow resource creation only in European data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ resource creation in the following locations only: North Europe, West Europe","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["northeurope","westeurope"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b","type":"Microsoft.Authorization/policyDefinitions","name":"94c19f19-8192-48cd-a11b-e37099d3e36b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1526 - Access Agreements","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1526"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/953e6261-a05a-44fd-8246-000e1a3edbb9","type":"Microsoft.Authorization/policyDefinitions","name":"953e6261-a05a-44fd-8246-000e1a3edbb9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1163 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1163"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/961663a1-8a91-4e59-b6f5-1eee57c0f49c","type":"Microsoft.Authorization/policyDefinitions","name":"961663a1-8a91-4e59-b6f5-1eee57c0f49c"},{"properties":{"displayName":"Require
specified tag on resource groups","policyType":"BuiltIn","mode":"All","description":"Enforces
- existence of a tag on resource groups.","metadata":{"category":"General"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ existence of a tag on resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/96670d01-0a4d-4649-9c89-2d3abc0a5025","type":"Microsoft.Authorization/policyDefinitions","name":"96670d01-0a4d-4649-9c89-2d3abc0a5025"},{"properties":{"displayName":"Advanced
+ parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/96670d01-0a4d-4649-9c89-2d3abc0a5025","type":"Microsoft.Authorization/policyDefinitions","name":"96670d01-0a4d-4649-9c89-2d3abc0a5025"},{"properties":{"displayName":"Microsoft
+ Managed Control 1717 - Software, Firmware, And Information Integrity | Binary
+ Or Machine Executable Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1717"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef","type":"Microsoft.Authorization/policyDefinitions","name":"967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef"},{"properties":{"displayName":"Advanced
data security settings for SQL server should contain an email address to receive
security alerts","policyType":"BuiltIn","mode":"Indexed","description":"Ensure
that an email address is provided for the ''Send alerts to'' field in the
Advanced Data Security server settings. This email address receives alert
notifications when anomalous activities are detected on SQL servers.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAddresses[*]","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","type":"Microsoft.Authorization/policyDefinitions","name":"9677b740-f641-4f3c-b9c5-466005c85278"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAddresses[*]","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","type":"Microsoft.Authorization/policyDefinitions","name":"9677b740-f641-4f3c-b9c5-466005c85278"},{"properties":{"displayName":"Microsoft
+ Managed Control 1453 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1453"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9693b564-3008-42bc-9d5d-9c7fe198c011","type":"Microsoft.Authorization/policyDefinitions","name":"9693b564-3008-42bc-9d5d-9c7fe198c011"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Adminstrative Templates
- MSS (Legacy)''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -9129,7 +15106,11 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Adminstrative Templates - MSS (Legacy)''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdminstrativeTemplatesMSSLegacy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97646672-5efa-4622-9b54-740270ad60bf","type":"Microsoft.Authorization/policyDefinitions","name":"97646672-5efa-4622-9b54-740270ad60bf"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdminstrativeTemplatesMSSLegacy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97646672-5efa-4622-9b54-740270ad60bf","type":"Microsoft.Authorization/policyDefinitions","name":"97646672-5efa-4622-9b54-740270ad60bf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1607 - Developer Security Testing And Evaluation | Dynamic
+ Code Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1607"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/976a74cf-b192-4d35-8cab-2068f272addb","type":"Microsoft.Authorization/policyDefinitions","name":"976a74cf-b192-4d35-8cab-2068f272addb"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - Policy Change''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -9154,8 +15135,14 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit
Authentication Policy Change;ExpectedValue","value":"[parameters(''AuditAuthenticationPolicyChange'')]"},{"name":"Audit
Authorization Policy Change;ExpectedValue","value":"[parameters(''AuditAuthorizationPolicyChange'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97b595c8-fd10-400e-8543-28e2b9138b13","type":"Microsoft.Authorization/policyDefinitions","name":"97b595c8-fd10-400e-8543-28e2b9138b13"},{"properties":{"displayName":"Allow
- resource creation only in United States data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97b595c8-fd10-400e-8543-28e2b9138b13","type":"Microsoft.Authorization/policyDefinitions","name":"97b595c8-fd10-400e-8543-28e2b9138b13"},{"properties":{"displayName":"Microsoft
+ Managed Control 1136 - Audit Record Retention","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1136"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97ed5bac-a92f-4f6d-a8ed-dc094723597c","type":"Microsoft.Authorization/policyDefinitions","name":"97ed5bac-a92f-4f6d-a8ed-dc094723597c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1378 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1378"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97fceb70-6983-42d0-9331-18ad8253184d","type":"Microsoft.Authorization/policyDefinitions","name":"97fceb70-6983-42d0-9331-18ad8253184d"},{"properties":{"displayName":"[Deprecated]:
+ Allow resource creation only in United States data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation in the following locations only: Central US, East US, East
US2, North Central US, South Central US, West US","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["centralus","eastus","eastus2","northcentralus","southcentralus","westus"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869","type":"Microsoft.Authorization/policyDefinitions","name":"983211ba-f348-4758-983b-21fa29294869"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Administrative
@@ -9184,7 +15171,33 @@ interactions:
insecure guest logons;ExpectedValue","value":"[parameters(''EnableInsecureGuestLogons'')]"},{"name":"Minimize
the number of simultaneous connections to the Internet or a Windows Domain;ExpectedValue","value":"[parameters(''AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain'')]"},{"name":"Turn
off multicast name resolution;ExpectedValue","value":"[parameters(''TurnOffMulticastNameResolution'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/985285b7-b97a-419c-8d48-c88cc934c8d8","type":"Microsoft.Authorization/policyDefinitions","name":"985285b7-b97a-419c-8d48-c88cc934c8d8"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/985285b7-b97a-419c-8d48-c88cc934c8d8","type":"Microsoft.Authorization/policyDefinitions","name":"985285b7-b97a-419c-8d48-c88cc934c8d8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1076 - Use Of External Information Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1076"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/98a4bd5f-6436-46d4-ad00-930b5b1dfed4","type":"Microsoft.Authorization/policyDefinitions","name":"98a4bd5f-6436-46d4-ad00-930b5b1dfed4"},{"properties":{"displayName":"Ensure
+ that ''HTTP Version'' is the latest, if used to run the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for HTTP either due to security flaws or to include
+ additional functionality. Using the latest HTTP version for web apps to take
+ advantage of security fixes, if any, and/or new functionalities of the newer
+ version.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.http20Enabled","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db","type":"Microsoft.Authorization/policyDefinitions","name":"991310cd-e9f3-47bc-b7b6-f57b557d07db"},{"properties":{"displayName":"Microsoft
+ Managed Control 1102 - Audit Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1102"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9943c16a-c54c-4b4a-ad28-bfd938cdbf57","type":"Microsoft.Authorization/policyDefinitions","name":"9943c16a-c54c-4b4a-ad28-bfd938cdbf57"},{"properties":{"displayName":"Microsoft
+ Managed Control 1300 - Identification And Authentication (Organizational Users)","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1300"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/99deec7d-5526-472e-b07c-3645a792026a","type":"Microsoft.Authorization/policyDefinitions","name":"99deec7d-5526-472e-b07c-3645a792026a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1036 - Least Privilege | Non-Privileged Access For Nonsecurity
+ Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1036"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9a16d673-8cf0-4dcf-b1d5-9b3e114fef71","type":"Microsoft.Authorization/policyDefinitions","name":"9a16d673-8cf0-4dcf-b1d5-9b3e114fef71"},{"properties":{"displayName":"FTPS
+ only should be required in your API App","policyType":"BuiltIn","mode":"Indexed","description":"Enable
+ FTPS enforcement for enhanced security","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/ftpsState","equals":"FtpsOnly"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5","type":"Microsoft.Authorization/policyDefinitions","name":"9a1b8c48-453a-4044-86c3-d8bfd823e4f5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1021 - Account Management | Restrictions On Use Of Shared
+ / Group Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1021"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9a3eb0a3-428d-4669-baff-20a14eb4b551","type":"Microsoft.Authorization/policyDefinitions","name":"9a3eb0a3-428d-4669-baff-20a14eb4b551"},{"properties":{"displayName":"Deploy
Diagnostic Settings for Azure SQL Database to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
the diagnostic settings for Azure SQL Database to stream to a regional Event
Hub on any Azure SQL Database which is missing this diagnostic settings is
@@ -9201,35 +15214,111 @@ interactions:
or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"fullName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"resources":[{"type":"Microsoft.Sql/servers/databases/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''fullName''),
''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"QueryStoreRuntimeStatistics","enabled":"[parameters(''logsEnabled'')]"},{"category":"QueryStoreWaitStatistics","enabled":"[parameters(''logsEnabled'')]"},{"category":"Errors","enabled":"[parameters(''logsEnabled'')]"},{"category":"DatabaseWaitStatistics","enabled":"[parameters(''logsEnabled'')]"},{"category":"Blocks","enabled":"[parameters(''logsEnabled'')]"},{"category":"SQLInsights","enabled":"[parameters(''logsEnabled'')]"},{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"SQLSecurityAuditEvents","enabled":"[parameters(''logsEnabled'')]"},{"category":"Timeouts","enabled":"[parameters(''logsEnabled'')]"},{"category":"AutomaticTuning","enabled":"[parameters(''logsEnabled'')]"},{"category":"Deadlocks","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
diagnostic settings for '', parameters(''fullName''))]"}}},"parameters":{"location":{"value":"[field(''location'')]"},"fullName":{"value":"[field(''fullName'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9a7c7a7d-49e5-4213-bea8-6a502b6272e0","type":"Microsoft.Authorization/policyDefinitions","name":"9a7c7a7d-49e5-4213-bea8-6a502b6272e0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1049 - System Use Notification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1049"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9adf7ba7-900a-4f35-8d57-9f34aafc405c","type":"Microsoft.Authorization/policyDefinitions","name":"9adf7ba7-900a-4f35-8d57-9f34aafc405c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1563 - Allocation Of Resources","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1563"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9afe2edf-232c-4fdf-8e6a-e867a5c525fd","type":"Microsoft.Authorization/policyDefinitions","name":"9afe2edf-232c-4fdf-8e6a-e867a5c525fd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1462 - Monitoring Physical Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1462"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9b1f3a9a-13a1-4b40-8420-36bca6fd8c02","type":"Microsoft.Authorization/policyDefinitions","name":"9b1f3a9a-13a1-4b40-8420-36bca6fd8c02"},{"properties":{"displayName":"Microsoft
IaaSAntimalware extension should be deployed on Windows servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Windows server VM without Microsoft IaaSAntimalware extension
deployed.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk"]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","type":"Microsoft.Authorization/policyDefinitions","name":"9b597639-28e4-48eb-b506-56b05d366257"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk"]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","type":"Microsoft.Authorization/policyDefinitions","name":"9b597639-28e4-48eb-b506-56b05d366257"},{"properties":{"displayName":"Microsoft
+ Managed Control 1236 - Software Usage Restrictions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1236"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ba3ed84-c768-4e18-b87c-34ef1aff1b57","type":"Microsoft.Authorization/policyDefinitions","name":"9ba3ed84-c768-4e18-b87c-34ef1aff1b57"},{"properties":{"displayName":"Microsoft
+ Managed Control 1525 - Personnel Transfer","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1525"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9be2f688-7a61-45e3-8230-e1ec93893f66","type":"Microsoft.Authorization/policyDefinitions","name":"9be2f688-7a61-45e3-8230-e1ec93893f66"},{"properties":{"displayName":"[Deprecated]:
Audit API Applications that are not using latest supported Java Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported Java version for the latest security classes. Using older
classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745","type":"Microsoft.Authorization/policyDefinitions","name":"9bfe3727-0a17-471f-a2fe-eddd6b668745"},{"properties":{"displayName":"Access
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745","type":"Microsoft.Authorization/policyDefinitions","name":"9bfe3727-0a17-471f-a2fe-eddd6b668745"},{"properties":{"displayName":"Microsoft
+ Managed Control 1138 - Audit Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1138"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9c284fc0-268a-4f29-af44-3c126674edb4","type":"Microsoft.Authorization/policyDefinitions","name":"9c284fc0-268a-4f29-af44-3c126674edb4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1135 - Non-Repudiation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1135"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9c308b6b-2429-4b97-86cf-081b8e737b04","type":"Microsoft.Authorization/policyDefinitions","name":"9c308b6b-2429-4b97-86cf-081b8e737b04"},{"properties":{"displayName":"Microsoft
+ Managed Control 1489 - Location Of Information System Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1489"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d0a794f-1444-4c96-9534-e35fc8c39c91","type":"Microsoft.Authorization/policyDefinitions","name":"9d0a794f-1444-4c96-9534-e35fc8c39c91"},{"properties":{"displayName":"Ensure
+ that ''Java version'' is the latest, if used as a part of the Funtion app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Java software either due to security flaws
+ or to include additional functionality. Using the latest Java version for
+ Function apps is recommended in order to to take advantage of security fixes,
+ if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ Java version","description":"Latest supported Java version for App Services"},"defaultValue":"11"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"JAVA"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","like":"[concat(''*'',
+ parameters(''JavaLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.javaVersion","like":"[concat(parameters(''JavaLatestVersion''),
+ ''*'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","type":"Microsoft.Authorization/policyDefinitions","name":"9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1322 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1322"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d1d971e-467e-4278-9633-c74c3d4fecc4","type":"Microsoft.Authorization/policyDefinitions","name":"9d1d971e-467e-4278-9633-c74c3d4fecc4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1233 - Configuration Management Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1233"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d79001f-95fe-45d0-8736-f217e78c1f57","type":"Microsoft.Authorization/policyDefinitions","name":"9d79001f-95fe-45d0-8736-f217e78c1f57"},{"properties":{"displayName":"Microsoft
+ Managed Control 1305 - Identification And Authentication (Org. Users) | Group
+ Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1305"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d9166a8-1722-4b8f-847c-2cf3f2618b3d","type":"Microsoft.Authorization/policyDefinitions","name":"9d9166a8-1722-4b8f-847c-2cf3f2618b3d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1259 - Contingency Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1259"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d9e18f7-bad9-4d30-8806-a0c9d5e26208","type":"Microsoft.Authorization/policyDefinitions","name":"9d9e18f7-bad9-4d30-8806-a0c9d5e26208"},{"properties":{"displayName":"Access
through Internet facing endpoint should be restricted","policyType":"BuiltIn","mode":"All","description":"Azure
Security center has identified some of your Network Security Groups'' inbound
rules to be too permissive. Inbound rules should not allow access from ''Any''
or ''Internet'' ranges. This can potentially enable attackers to easily target
your resources.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedNetworkEndpoint","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","type":"Microsoft.Authorization/policyDefinitions","name":"9daedab3-fb2d-461e-b861-71790eead4f6"},{"properties":{"displayName":"Append
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedNetworkEndpoint","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","type":"Microsoft.Authorization/policyDefinitions","name":"9daedab3-fb2d-461e-b861-71790eead4f6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1500 - Rules Of Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1500"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9dd5b241-03cb-47d3-a5cd-4b89f9c53c92","type":"Microsoft.Authorization/policyDefinitions","name":"9dd5b241-03cb-47d3-a5cd-4b89f9c53c92"},{"properties":{"displayName":"Microsoft
+ Managed Control 1482 - Temperature And Humidity Controls | Monitoring With
+ Alarms / Notifications","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1482"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9df4277e-8c88-4d5c-9b1a-541d53d15d7b","type":"Microsoft.Authorization/policyDefinitions","name":"9df4277e-8c88-4d5c-9b1a-541d53d15d7b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1553 - Vulnerability Scanning | Breadth / Depth Of Coverage","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1553"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9e5225fe-cdfb-4fce-9aec-0fe20dd53b62","type":"Microsoft.Authorization/policyDefinitions","name":"9e5225fe-cdfb-4fce-9aec-0fe20dd53b62"},{"properties":{"displayName":"Microsoft
+ Managed Control 1490 - Security Planning Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1490"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9e61da80-0957-4892-b70c-609d5eaafb6b","type":"Microsoft.Authorization/policyDefinitions","name":"9e61da80-0957-4892-b70c-609d5eaafb6b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1504 - Information Security Architecture","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1504"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9e7c35d0-12d4-4e0c-80a2-8a352537aefd","type":"Microsoft.Authorization/policyDefinitions","name":"9e7c35d0-12d4-4e0c-80a2-8a352537aefd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1609 - Development Process, Standards, And Tools","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1609"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9e93fa71-42ac-41a7-b177-efbfdc53c69f","type":"Microsoft.Authorization/policyDefinitions","name":"9e93fa71-42ac-41a7-b177-efbfdc53c69f"},{"properties":{"displayName":"Append
tag and its value from the resource group","policyType":"BuiltIn","mode":"Indexed","description":"Appends
the specified tag with its value from the resource group when any resource
which is missing this tag is created or updated. Does not modify the tags
of resources created before this policy was applied until those resources
- are changed.","metadata":{"category":"General"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ are changed. New ''modify'' effect policies are available that support remediation
+ of tags on existing resources (see https://aka.ms/modifydoc).","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"allOf":[{"field":"[concat(''tags['',
parameters(''tagName''), '']'')]","exists":"false"},{"value":"[resourceGroup().tags[parameters(''tagName'')]]","notEquals":""}]},"then":{"effect":"append","details":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[resourceGroup().tags[parameters(''tagName'')]]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ea02ca2-71db-412d-8b00-7c7ca9fcd32d","type":"Microsoft.Authorization/policyDefinitions","name":"9ea02ca2-71db-412d-8b00-7c7ca9fcd32d"},{"properties":{"displayName":"Show
+ parameters(''tagName''), '']'')]","value":"[resourceGroup().tags[parameters(''tagName'')]]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ea02ca2-71db-412d-8b00-7c7ca9fcd32d","type":"Microsoft.Authorization/policyDefinitions","name":"9ea02ca2-71db-412d-8b00-7c7ca9fcd32d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1494 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1494"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ed09d84-3311-4853-8b67-2b55dfa33d09","type":"Microsoft.Authorization/policyDefinitions","name":"9ed09d84-3311-4853-8b67-2b55dfa33d09"},{"properties":{"displayName":"Microsoft
+ Managed Control 1514 - Personnel Screening | Information With Special Protection
+ Measures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1514"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ed5ca00-0e43-434e-a018-7aab91461ba7","type":"Microsoft.Authorization/policyDefinitions","name":"9ed5ca00-0e43-434e-a018-7aab91461ba7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1187 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1187"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9f2b2f9e-4ba6-46c3-907f-66db138b6f85","type":"Microsoft.Authorization/policyDefinitions","name":"9f2b2f9e-4ba6-46c3-907f-66db138b6f85"},{"properties":{"displayName":"Show
audit results from Windows VMs that are not set to the specified time zone","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that are not set to the specified time zone.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsTimeZone","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9f658460-46b7-43af-8565-94fc0662be38","type":"Microsoft.Authorization/policyDefinitions","name":"9f658460-46b7-43af-8565-94fc0662be38"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsTimeZone","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9f658460-46b7-43af-8565-94fc0662be38","type":"Microsoft.Authorization/policyDefinitions","name":"9f658460-46b7-43af-8565-94fc0662be38"},{"properties":{"displayName":"Microsoft
+ Managed Control 1354 - Incident Response Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1354"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9fd92c17-163a-4511-bb96-bbb476449796","type":"Microsoft.Authorization/policyDefinitions","name":"9fd92c17-163a-4511-bb96-bbb476449796"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs on which the Log Analytics agent is not
connected as expected","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -9237,14 +15326,22 @@ interactions:
auditing Windows virtual machines on which the Log Analytics agent is not
connected to the specified workspaces. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsLogAnalyticsAgentConnection","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a030a57e-4639-4e8f-ade9-a92f33afe7ee","type":"Microsoft.Authorization/policyDefinitions","name":"a030a57e-4639-4e8f-ade9-a92f33afe7ee"},{"properties":{"displayName":"Allowed
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsLogAnalyticsAgentConnection","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a030a57e-4639-4e8f-ade9-a92f33afe7ee","type":"Microsoft.Authorization/policyDefinitions","name":"a030a57e-4639-4e8f-ade9-a92f33afe7ee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1145 - Security Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1145"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a0724970-9c75-4a64-a225-a28002953f28","type":"Microsoft.Authorization/policyDefinitions","name":"a0724970-9c75-4a64-a225-a28002953f28"},{"properties":{"displayName":"Allowed
resource types","policyType":"BuiltIn","mode":"Indexed","description":"This
policy enables you to specify the resource types that your organization can
deploy. Only resource types that support ''tags'' and ''location'' will be
affected by this policy. To restrict all resources please duplicate this policy
and change the ''mode'' to ''All''.","metadata":{"category":"General"},"parameters":{"listOfResourceTypesAllowed":{"type":"Array","metadata":{"description":"The
list of resource types that can be deployed.","displayName":"Allowed resource
- types","strongType":"resourceTypes"}}},"policyRule":{"if":{"not":{"field":"type","in":"[parameters(''listOfResourceTypesAllowed'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c","type":"Microsoft.Authorization/policyDefinitions","name":"a08ec900-254a-4555-9bf5-e42af04b5c5c"},{"properties":{"displayName":"Security
+ types","strongType":"resourceTypes"}}},"policyRule":{"if":{"not":{"field":"type","in":"[parameters(''listOfResourceTypesAllowed'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c","type":"Microsoft.Authorization/policyDefinitions","name":"a08ec900-254a-4555-9bf5-e42af04b5c5c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1245 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1245"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a0e45314-57b8-4623-80cd-bbb561f59516","type":"Microsoft.Authorization/policyDefinitions","name":"a0e45314-57b8-4623-80cd-bbb561f59516"},{"properties":{"displayName":"Microsoft
+ Managed Control 1406 - Maintenance Tools | Inspect Media","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1406"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a0f5339c-9292-43aa-a0bc-d27c6b8e30aa","type":"Microsoft.Authorization/policyDefinitions","name":"a0f5339c-9292-43aa-a0bc-d27c6b8e30aa"},{"properties":{"displayName":"Security
Center standard pricing tier should be selected","policyType":"BuiltIn","mode":"All","description":"The
standard pricing tier enables threat detection for networks and virtual machines,
providing threat intelligence, anomaly detection, and behavior analytics in
@@ -9257,20 +15354,72 @@ interactions:
security model, you shoud create access policies at the entity level for queues
and topics to provide access to only the specific entity","metadata":{"category":"Service
Bus"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceBus/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","type":"Microsoft.Authorization/policyDefinitions","name":"a1817ec0-a368-432a-8057-8371e17ac6ee"},{"properties":{"displayName":"[Preview]:
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceBus/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","type":"Microsoft.Authorization/policyDefinitions","name":"a1817ec0-a368-432a-8057-8371e17ac6ee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1265 - Contingency Plan Testing | Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1265"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a18adb5b-1db6-4a5b-901a-7d3797d12972","type":"Microsoft.Authorization/policyDefinitions","name":"a18adb5b-1db6-4a5b-901a-7d3797d12972"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Logic Apps to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Logic Apps to stream to a regional Event Hub when
+ any Logic Apps which is missing this diagnostic settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Logic/workflows/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"WorkflowRuntime","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1dae6c7-13f3-48ea-a149-ff8442661f60","type":"Microsoft.Authorization/policyDefinitions","name":"a1dae6c7-13f3-48ea-a149-ff8442661f60"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Administrative Templates
- System''","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Administrative
Templates - System''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1e8dda3-9fd2-4835-aec3-0e55531fde33","type":"Microsoft.Authorization/policyDefinitions","name":"a1e8dda3-9fd2-4835-aec3-0e55531fde33"},{"properties":{"displayName":"Show
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1e8dda3-9fd2-4835-aec3-0e55531fde33","type":"Microsoft.Authorization/policyDefinitions","name":"a1e8dda3-9fd2-4835-aec3-0e55531fde33"},{"properties":{"displayName":"Microsoft
+ Managed Control 1612 - Developer Security Architecture And Design","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1612"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2037b3d-8b04-4171-8610-e6d4f1d08db5","type":"Microsoft.Authorization/policyDefinitions","name":"a2037b3d-8b04-4171-8610-e6d4f1d08db5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1197 - Configuration Change Control | Test / Validate / Document
+ Changes","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1197"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a20d2eaa-88e2-4907-96a2-8f3a05797e5c","type":"Microsoft.Authorization/policyDefinitions","name":"a20d2eaa-88e2-4907-96a2-8f3a05797e5c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1275 - Alternate Processing Site | Separation From Primary
+ Site","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1275"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a23d9d53-ad2e-45ef-afd5-e6d10900a737","type":"Microsoft.Authorization/policyDefinitions","name":"a23d9d53-ad2e-45ef-afd5-e6d10900a737"},{"properties":{"displayName":"Microsoft
+ Managed Control 1690 - Information System Monitoring | System-Wide Intrusion
+ Detection System","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1690"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2567a23-d1c3-4783-99f3-d471302a4d6b","type":"Microsoft.Authorization/policyDefinitions","name":"a2567a23-d1c3-4783-99f3-d471302a4d6b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1410 - Maintenance Tools | Prevent Unauthorized Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1410"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2596a9f-e59f-420d-9625-6e0b536348be","type":"Microsoft.Authorization/policyDefinitions","name":"a2596a9f-e59f-420d-9625-6e0b536348be"},{"properties":{"displayName":"Microsoft
+ Managed Control 1059 - Remote Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1059"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a29b5d9f-4953-4afe-b560-203a6410b6b4","type":"Microsoft.Authorization/policyDefinitions","name":"a29b5d9f-4953-4afe-b560-203a6410b6b4"},{"properties":{"displayName":"Show
audit results from Windows VMs that are not joined to the specified domain","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that are not joined to the specified domain.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDomainMembership","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a29ee95c-0395-4515-9851-cc04ffe82a91","type":"Microsoft.Authorization/policyDefinitions","name":"a29ee95c-0395-4515-9851-cc04ffe82a91"},{"properties":{"displayName":"Audit
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDomainMembership","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a29ee95c-0395-4515-9851-cc04ffe82a91","type":"Microsoft.Authorization/policyDefinitions","name":"a29ee95c-0395-4515-9851-cc04ffe82a91"},{"properties":{"displayName":"Microsoft
+ Managed Control 1532 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1532"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2c66299-9017-4d95-8040-8bdbf7901d52","type":"Microsoft.Authorization/policyDefinitions","name":"a2c66299-9017-4d95-8040-8bdbf7901d52"},{"properties":{"displayName":"Microsoft
+ Managed Control 1664 - Protection Of Information At Rest | Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1664"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2cdf6b8-9505-4619-b579-309ba72037ac","type":"Microsoft.Authorization/policyDefinitions","name":"a2cdf6b8-9505-4619-b579-309ba72037ac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1252 - Contingency Plan | Capacity Planning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1252"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a328fd72-8ff5-4f96-8c9c-b30ed95db4ab","type":"Microsoft.Authorization/policyDefinitions","name":"a328fd72-8ff5-4f96-8c9c-b30ed95db4ab"},{"properties":{"displayName":"Microsoft
+ Managed Control 1238 - User-Installed Software","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1238"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1","type":"Microsoft.Authorization/policyDefinitions","name":"a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1693 - Information System Monitoring | System-Generated Alerts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1693"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a450eba6-2efc-4a00-846a-5804a93c6b77","type":"Microsoft.Authorization/policyDefinitions","name":"a450eba6-2efc-4a00-846a-5804a93c6b77"},{"properties":{"displayName":"Audit
usage of custom RBAC rules","policyType":"BuiltIn","mode":"All","description":"Audit
built-in roles such as ''Owner, Contributer, Reader'' instead of custom RBAC
roles, which are error prone. Using custom roles is treated as an exception
@@ -9279,28 +15428,63 @@ interactions:
Application should only be accessible over HTTPS","policyType":"BuiltIn","mode":"Indexed","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","type":"Microsoft.Authorization/policyDefinitions","name":"a4af4a39-4135-47fb-b175-47fbdf85311d"},{"properties":{"displayName":"Auditing
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","type":"Microsoft.Authorization/policyDefinitions","name":"a4af4a39-4135-47fb-b175-47fbdf85311d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1617 - Application Partitioning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1617"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a631d8f5-eb81-4f9d-9ee1-74431371e4a3","type":"Microsoft.Authorization/policyDefinitions","name":"a631d8f5-eb81-4f9d-9ee1-74431371e4a3"},{"properties":{"displayName":"Auditing
should be enabled on advanced data security settings on SQL Server","policyType":"BuiltIn","mode":"Indexed","description":"Auditing
tracks database events and writes them to an audit log in the Azure storage
account. It also helps to maintain regulatory compliance, understand database
activity, and gain insight into discrepancies and anomalies that could indicate
business concerns or suspected security violations.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"setting":{"type":"String","metadata":{"displayName":"Desired
- Auditing setting"},"allowedValues":["enabled","disabled"],"defaultValue":"enabled"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"field":"Microsoft.Sql/auditingSettings.state","equals":"[parameters(''setting'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","type":"Microsoft.Authorization/policyDefinitions","name":"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9"},{"properties":{"displayName":"DDoS
+ Auditing setting"},"allowedValues":["enabled","disabled"],"defaultValue":"enabled"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"field":"Microsoft.Sql/auditingSettings.state","equals":"[parameters(''setting'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","type":"Microsoft.Authorization/policyDefinitions","name":"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9"},{"properties":{"displayName":"The
+ Log Analytics agent should be installed on virtual machines","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Windows/Linux virtual machines if the Log Analytics agent
+ is not installed.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","in":["MicrosoftMonitoringAgent","OmsAgentForLinux"]},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"},{"field":"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be","type":"Microsoft.Authorization/policyDefinitions","name":"a70ca396-0a34-413a-88e1-b956c1e683be"},{"properties":{"displayName":"Microsoft
+ Managed Control 1431 - Media Storage","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1431"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7173c52-2b99-4696-a576-63dd5f970ef4","type":"Microsoft.Authorization/policyDefinitions","name":"a7173c52-2b99-4696-a576-63dd5f970ef4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1644 - Cryptographic Key Establishment And Management | Availability","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1644"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7211477-c970-446b-b4af-062f37461147","type":"Microsoft.Authorization/policyDefinitions","name":"a7211477-c970-446b-b4af-062f37461147"},{"properties":{"displayName":"Microsoft
+ Managed Control 1027 - Access Enforcement","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1027"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c","type":"Microsoft.Authorization/policyDefinitions","name":"a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c"},{"properties":{"displayName":"DDoS
Protection Standard should be enabled","policyType":"BuiltIn","mode":"All","description":"DDoS
protection standard should be enabled for all virtual networks with a subnet
that is part of an application gateway with a public IP.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"microsoft.network/virtualNetworks"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableDDoSProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","type":"Microsoft.Authorization/policyDefinitions","name":"a7aca53f-2ed4-4466-a25e-0b45ade68efd"},{"properties":{"displayName":"Require
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"microsoft.network/virtualNetworks"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableDDoSProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","type":"Microsoft.Authorization/policyDefinitions","name":"a7aca53f-2ed4-4466-a25e-0b45ade68efd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1570 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1570"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7fcf38d-bb09-4600-be7d-825046eb162a","type":"Microsoft.Authorization/policyDefinitions","name":"a7fcf38d-bb09-4600-be7d-825046eb162a"},{"properties":{"displayName":"Require
encryption on Data Lake Store accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
policy ensures encryption is enabled on all Data Lake Store accounts","metadata":{"category":"Data
- Lake"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},{"field":"Microsoft.DataLakeStore/accounts/encryptionState","equals":"Disabled"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"a7ff3161-0087-490a-9ad9-ad6217f4f43a"},{"properties":{"displayName":"[Deprecated]
+ Lake"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},{"field":"Microsoft.DataLakeStore/accounts/encryptionState","equals":"Disabled"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"a7ff3161-0087-490a-9ad9-ad6217f4f43a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1295 - Information System Recovery And Reconstitution","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1295"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a895fbdb-204d-4302-9689-0a59dc42b3d9","type":"Microsoft.Authorization/policyDefinitions","name":"a895fbdb-204d-4302-9689-0a59dc42b3d9"},{"properties":{"displayName":"[Deprecated]
Monitor unencrypted SQL databases in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Unencrypted
SQL databases will be monitored by Azure Security Center as recommendations.
This policy is deprecated and replaced by the following policy: Transparent
Data Encryption on SQL databases should be enabled''","metadata":{"category":"Security
Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16","type":"Microsoft.Authorization/policyDefinitions","name":"a8bef009-a5c9-4d0f-90d7-6018734e8a16"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16","type":"Microsoft.Authorization/policyDefinitions","name":"a8bef009-a5c9-4d0f-90d7-6018734e8a16"},{"properties":{"displayName":"Microsoft
+ Managed Control 1283 - Telecommunications Services | Separation Of Primary
+ / Alternate Providers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1283"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9172e76-7f56-46e9-93bf-75d69bdb5491","type":"Microsoft.Authorization/policyDefinitions","name":"a9172e76-7f56-46e9-93bf-75d69bdb5491"},{"properties":{"displayName":"Microsoft
+ Managed Control 1400 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1400"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a96d5098-a604-4cdf-90b1-ef6449a27424","type":"Microsoft.Authorization/policyDefinitions","name":"a96d5098-a604-4cdf-90b1-ef6449a27424"},{"properties":{"displayName":"Microsoft
+ Managed Control 1118 - Audit Review, Analysis, And Reporting | Correlate Audit
+ Repositories","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1118"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a96f743d-a195-420d-983a-08aa06bc441e","type":"Microsoft.Authorization/policyDefinitions","name":"a96f743d-a195-420d-983a-08aa06bc441e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1199 - Configuration Change Control | Cryptography Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1199"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9a08d1c-09b1-48f1-90ea-029bbdf7111e","type":"Microsoft.Authorization/policyDefinitions","name":"a9a08d1c-09b1-48f1-90ea-029bbdf7111e"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Detailed Tracking''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -9313,38 +15497,100 @@ interactions:
policy creates a network watcher resource in regions with virtual networks.
You need to ensure existence of a resource group named networkWatcherRG, which
will be used to deploy network watcher instances.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/virtualNetworks"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Network/networkWatchers","resourceGroupName":"networkWatcherRG","existenceCondition":{"field":"location","equals":"[field(''location'')]"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json","contentVersion":"1.0.0.0","parameters":{"location":{"type":"string"}},"resources":[{"apiVersion":"2016-09-01","type":"Microsoft.Network/networkWatchers","name":"[concat(''networkWatcher_'',
- parameters(''location''))]","location":"[parameters(''location'')]"}]},"parameters":{"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9","type":"Microsoft.Authorization/policyDefinitions","name":"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9"},{"properties":{"displayName":"MFA
+ parameters(''location''))]","location":"[parameters(''location'')]"}]},"parameters":{"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9","type":"Microsoft.Authorization/policyDefinitions","name":"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1511 - Personnel Screening","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1511"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9eae324-d327-4539-9293-b48e122465f8","type":"Microsoft.Authorization/policyDefinitions","name":"a9eae324-d327-4539-9293-b48e122465f8"},{"properties":{"displayName":"MFA
should be enabled on accounts with owner permissions on your subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor
Authentication (MFA) should be enabled for all subscription accounts with
owner permissions to prevent a breach of accounts or resources.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","type":"Microsoft.Authorization/policyDefinitions","name":"aa633080-8b72-40c4-a2d7-d00c03e80bed"},{"properties":{"displayName":"Automatic
- provisioning of security monitoring agent","policyType":"BuiltIn","mode":"All","description":"Installs
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","type":"Microsoft.Authorization/policyDefinitions","name":"aa633080-8b72-40c4-a2d7-d00c03e80bed"},{"properties":{"displayName":"Ensure
+ that Register with Azure Active Directory is enabled on WEB App","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aa81768c-cb87-4ce2-bfaa-00baa10d760c","type":"Microsoft.Authorization/policyDefinitions","name":"aa81768c-cb87-4ce2-bfaa-00baa10d760c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1539 - Security Categorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1539"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aabb155f-e7a5-4896-a767-e918bfae2ee0","type":"Microsoft.Authorization/policyDefinitions","name":"aabb155f-e7a5-4896-a767-e918bfae2ee0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1006 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1006"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aae8d54c-4bce-4c04-b3aa-5b65b67caac8","type":"Microsoft.Authorization/policyDefinitions","name":"aae8d54c-4bce-4c04-b3aa-5b65b67caac8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1461 - Monitoring Physical Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1461"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aafef03e-fea8-470b-88fa-54bd1fcd7064","type":"Microsoft.Authorization/policyDefinitions","name":"aafef03e-fea8-470b-88fa-54bd1fcd7064"},{"properties":{"displayName":"Microsoft
+ Managed Control 1073 - Access Control For Mobile Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1073"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ab55cdb0-c7dd-4bd8-ae22-a7cea7594e9c","type":"Microsoft.Authorization/policyDefinitions","name":"ab55cdb0-c7dd-4bd8-ae22-a7cea7594e9c"},{"properties":{"displayName":"Ensure
+ that ''PHP version'' is the latest, if used as a part of the Function app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for PHP software either due to security flaws
+ or to include additional functionality. Using the latest PHP version for Function
+ apps is recommended in order to to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ PHP version","description":"Latest supported PHP version for App Services"},"defaultValue":"7.3"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PHP"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PHP|'',
+ parameters(''PHPLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":"[parameters(''PHPLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ab965db2-d2bf-4b64-8b39-c38ec8179461","type":"Microsoft.Authorization/policyDefinitions","name":"ab965db2-d2bf-4b64-8b39-c38ec8179461"},{"properties":{"displayName":"[Deprecated]:
+ Automatic provisioning of security monitoring agent","policyType":"BuiltIn","mode":"All","description":"Installs
security agent on VMs for advanced security alerts and preventions in Azure
Security Center. Applies only for subscriptions that use Azure Security Center.","metadata":{"category":"Security
- Center","deprecated":true},"parameters":{},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Security/complianceResults","name":"securityAgent","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24","type":"Microsoft.Authorization/policyDefinitions","name":"abcc6037-1fc4-47f6-aac5-89706589be24"},{"properties":{"displayName":"Advanced
+ Center","deprecated":true},"parameters":{},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Security/complianceResults","name":"securityAgent","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24","type":"Microsoft.Authorization/policyDefinitions","name":"abcc6037-1fc4-47f6-aac5-89706589be24"},{"properties":{"displayName":"Microsoft
+ Managed Control 1323 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1323"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abe8f70b-680f-470c-9b86-a7edfb664ecc","type":"Microsoft.Authorization/policyDefinitions","name":"abe8f70b-680f-470c-9b86-a7edfb664ecc"},{"properties":{"displayName":"Advanced
data security should be enabled on your SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"Audit
SQL servers without Advanced Data Security","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/state","equals":"Enabled"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","type":"Microsoft.Authorization/policyDefinitions","name":"abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9"},{"properties":{"displayName":"Advanced
data security should be enabled on your SQL managed instances","policyType":"BuiltIn","mode":"Indexed","description":"Audit
SQL managed instances without Advanced Data Security","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/state","equals":"Enabled"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","type":"Microsoft.Authorization/policyDefinitions","name":"abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/state","equals":"Enabled"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","type":"Microsoft.Authorization/policyDefinitions","name":"abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1056 - Session Termination | User-Initiated Logouts / Message
+ Displays","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1056"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac43352f-df83-4694-8738-cfce549fd08d","type":"Microsoft.Authorization/policyDefinitions","name":"ac43352f-df83-4694-8738-cfce549fd08d"},{"properties":{"displayName":"[Preview]:
Role-Based Access Control (RBAC) should be used on Kubernetes Services","policyType":"BuiltIn","mode":"All","description":"To
provide granular filtering on the actions that users can perform, use Role-Based
Access Control (RBAC) to manage permissions in Kubernetes Service Clusters
and configure relevant authorization policies.","metadata":{"category":"Security
Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/enableRBAC","exists":"false"},{"field":"Microsoft.ContainerService/managedClusters/enableRBAC","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","type":"Microsoft.Authorization/policyDefinitions","name":"ac4a19c2-fa67-49b4-8ae5-0b2e78c49457"},{"properties":{"displayName":"Allow
- resource creation if ''environment'' tag value in allowed values","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/enableRBAC","exists":"false"},{"field":"Microsoft.ContainerService/managedClusters/enableRBAC","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","type":"Microsoft.Authorization/policyDefinitions","name":"ac4a19c2-fa67-49b4-8ae5-0b2e78c49457"},{"properties":{"displayName":"[Deprecated]:
+ Allow resource creation if ''environment'' tag value in allowed values","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation if the ''environment'' tag is set to one of the following
- values: production, dev, test, staging","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags.environment","in":["production","dev","test","staging"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9","type":"Microsoft.Authorization/policyDefinitions","name":"ac7e5fc0-c029-4b12-91d4-a8500ce697f9"},{"properties":{"displayName":"Email
+ values: production, dev, test, staging","metadata":{"category":"Tags","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags[''environment'']","in":["production","dev","test","staging"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9","type":"Microsoft.Authorization/policyDefinitions","name":"ac7e5fc0-c029-4b12-91d4-a8500ce697f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1569 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1569"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ad2f8e61-a564-4dfd-8eaa-816f5be8cb34","type":"Microsoft.Authorization/policyDefinitions","name":"ad2f8e61-a564-4dfd-8eaa-816f5be8cb34"},{"properties":{"displayName":"Microsoft
+ Managed Control 1454 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1454"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ad58985d-ab32-4f99-8bd3-b7e134c90229","type":"Microsoft.Authorization/policyDefinitions","name":"ad58985d-ab32-4f99-8bd3-b7e134c90229"},{"properties":{"displayName":"Microsoft
+ Managed Control 1025 - Account Management | Account Monitoring / Atypical
+ Usage","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1025"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/adfe020d-0a97-45f4-a39c-696ef99f3a95","type":"Microsoft.Authorization/policyDefinitions","name":"adfe020d-0a97-45f4-a39c-696ef99f3a95"},{"properties":{"displayName":"Microsoft
+ Managed Control 1272 - Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1272"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8","type":"Microsoft.Authorization/policyDefinitions","name":"ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8"},{"properties":{"displayName":"SQL
+ Server should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any SQL Server not configured to use a virtual network service
+ endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/virtualNetworkRules","existenceCondition":{"field":"Microsoft.Sql/servers/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ae5d2f14-d830-42b6-9899-df6cfe9c71a3","type":"Microsoft.Authorization/policyDefinitions","name":"ae5d2f14-d830-42b6-9899-df6cfe9c71a3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1598 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1598"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ae7e1f5e-2d63-4b38-91ef-bce14151cce3","type":"Microsoft.Authorization/policyDefinitions","name":"ae7e1f5e-2d63-4b38-91ef-bce14151cce3"},{"properties":{"displayName":"Email
notifications to admins and subscription owners should be enabled in SQL managed
instance advanced data security settings","policyType":"BuiltIn","mode":"Indexed","description":"Audit
that ''email notification to admins and subscription owners'' is enabled in
the SQL managed instance advanced threat protection settings. This ensures
that any detections of anomalous activities on SQL managed instance are reported
as soon as possible to the admins.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","type":"Microsoft.Authorization/policyDefinitions","name":"aeb23562-188d-47cb-80b8-551f16ef9fff"},{"properties":{"displayName":"Monitor
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","type":"Microsoft.Authorization/policyDefinitions","name":"aeb23562-188d-47cb-80b8-551f16ef9fff"},{"properties":{"displayName":"Microsoft
+ Managed Control 1413 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1413"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aeedddb6-6bc0-42d5-809b-80048033419d","type":"Microsoft.Authorization/policyDefinitions","name":"aeedddb6-6bc0-42d5-809b-80048033419d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1710 - Security Function Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1710"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/af2a93c8-e6dd-4c94-acdd-4a2eedfc478e","type":"Microsoft.Authorization/policyDefinitions","name":"af2a93c8-e6dd-4c94-acdd-4a2eedfc478e"},{"properties":{"displayName":"Monitor
missing Endpoint Protection in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Servers
without an installed Endpoint Protection agent will be monitored by Azure
Security Center as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -9354,22 +15600,50 @@ interactions:
Security Center as recommendations. This policy is deprecated and replaced
by the following policy: ''Auditing should be enabled on advanced data security
settings on SQL Server''","metadata":{"category":"Security Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"auditing","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d","type":"Microsoft.Authorization/policyDefinitions","name":"af8051bf-258b-44e2-a2bf-165330459f9d"},{"properties":{"displayName":"Activity
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"auditing","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d","type":"Microsoft.Authorization/policyDefinitions","name":"af8051bf-258b-44e2-a2bf-165330459f9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1645 - Cryptographic Key Establishment And Management | Symmetric
+ Keys","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1645"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/afbd0baf-ff1a-4447-a86f-088a97347c0c","type":"Microsoft.Authorization/policyDefinitions","name":"afbd0baf-ff1a-4447-a86f-088a97347c0c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1725 - Error Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1725"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/afc234b5-456b-4aa5-b3e2-ce89108124cc","type":"Microsoft.Authorization/policyDefinitions","name":"afc234b5-456b-4aa5-b3e2-ce89108124cc"},{"properties":{"displayName":"Activity
log should be retained for at least one year","policyType":"BuiltIn","mode":"All","description":"This
policy audits the activity log if the retention is not set for 365 days or
forever (retention days set to 0).","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"true"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"365"}]},{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"false"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"0"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","type":"Microsoft.Authorization/policyDefinitions","name":"b02aacc0-b073-424e-8298-42b22829ee0a"},{"properties":{"displayName":"Just-In-Time
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"true"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"365"}]},{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"false"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"0"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","type":"Microsoft.Authorization/policyDefinitions","name":"b02aacc0-b073-424e-8298-42b22829ee0a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1429 - Media Marking","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1429"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b07c9b24-729e-4e85-95fc-f224d2d08a80","type":"Microsoft.Authorization/policyDefinitions","name":"b07c9b24-729e-4e85-95fc-f224d2d08a80"},{"properties":{"displayName":"Microsoft
+ Managed Control 1711 - Security Function Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1711"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b083a535-a66a-41ec-ba7f-f9498bf67cde","type":"Microsoft.Authorization/policyDefinitions","name":"b083a535-a66a-41ec-ba7f-f9498bf67cde"},{"properties":{"displayName":"Just-In-Time
network access control should be applied on virtual machines","policyType":"BuiltIn","mode":"All","description":"Possible
network Just In Time (JIT) access will be monitored by Azure Security Center
as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"jitNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","type":"Microsoft.Authorization/policyDefinitions","name":"b0f33259-77d7-4c9e-aac6-3aabcfae693c"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"jitNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","type":"Microsoft.Authorization/policyDefinitions","name":"b0f33259-77d7-4c9e-aac6-3aabcfae693c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1571 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1571"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b11c985b-f2cd-4bd7-85f4-b52426edf905","type":"Microsoft.Authorization/policyDefinitions","name":"b11c985b-f2cd-4bd7-85f4-b52426edf905"},{"properties":{"displayName":"[Preview]:
Show audit results from Linux VMs that do not have the passwd file permissions
set to 0644","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Linux
virtual machines that do not have the passwd file permissions set to 0644.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","type":"Microsoft.Authorization/policyDefinitions","name":"b18175dd-c599-4c64-83ba-bb018a06d35b"},{"properties":{"displayName":"All
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","type":"Microsoft.Authorization/policyDefinitions","name":"b18175dd-c599-4c64-83ba-bb018a06d35b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1537 - Risk Assessment Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1537"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b19454ca-0d70-42c0-acf5-ea1c1e5726d1","type":"Microsoft.Authorization/policyDefinitions","name":"b19454ca-0d70-42c0-acf5-ea1c1e5726d1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1091 - Security Awareness Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1091"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b23bd715-5d1c-4e5c-9759-9cbdf79ded9d","type":"Microsoft.Authorization/policyDefinitions","name":"b23bd715-5d1c-4e5c-9759-9cbdf79ded9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1078 - Use Of External Information Systems | Limits On Authorized
+ Use","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1078"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b25faf85-8a16-4f28-8e15-d05c0072d64d","type":"Microsoft.Authorization/policyDefinitions","name":"b25faf85-8a16-4f28-8e15-d05c0072d64d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1009 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1009"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b26f8610-e615-47c2-abd6-c00b2b0b503a","type":"Microsoft.Authorization/policyDefinitions","name":"b26f8610-e615-47c2-abd6-c00b2b0b503a"},{"properties":{"displayName":"All
authorization rules except RootManageSharedAccessKey should be removed from
Event Hub namespace","policyType":"BuiltIn","mode":"All","description":"Event
Hub clients should not use a namespace level access policy that provides access
@@ -9377,7 +15651,13 @@ interactions:
security model, you shoud create access policies at the entity level for queues
and topics to provide access to only the specific entity","metadata":{"category":"Event
Hub"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.EventHub/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","type":"Microsoft.Authorization/policyDefinitions","name":"b278e460-7cfc-4451-8294-cccc40a940d7"},{"properties":{"displayName":"Deploy
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.EventHub/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","type":"Microsoft.Authorization/policyDefinitions","name":"b278e460-7cfc-4451-8294-cccc40a940d7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1234 - Software Usage Restrictions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1234"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b293f881-361c-47ed-b997-bc4e2296bc0b","type":"Microsoft.Authorization/policyDefinitions","name":"b293f881-361c-47ed-b997-bc4e2296bc0b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1107 - Content Of Audit Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1107"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b29ed931-8e21-4779-8458-27916122a904","type":"Microsoft.Authorization/policyDefinitions","name":"b29ed931-8e21-4779-8458-27916122a904"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows web servers that are not using secure communication
protocols","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Windows web servers that
@@ -9389,13 +15669,13 @@ interactions:
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"MinimumTLSVersion":{"type":"String","metadata":{"displayName":"Minimum
TLS version","description":"The minimum TLS protocol version that should be
enabled. Windows web servers with lower TLS versions will be marked as non-compliant."},"allowedValues":["1.1","1.2"],"defaultValue":"1.1"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AuditSecureProtocol","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"anyOf":[{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[SecureWebServer]s1;MinimumTLSVersion'',
- ''='', parameters(''MinimumTLSVersion'')))]"},{"allOf":[{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":""},{"value":"[parameters(''MinimumTLSVersion'')]","equals":"1.1"}]}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AuditSecureProtocol"},"MinimumTLSVersion":{"value":"[parameters(''MinimumTLSVersion'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"MinimumTLSVersion":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[SecureWebServer]s1;MinimumTLSVersion","value":"[parameters(''MinimumTLSVersion'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[SecureWebServer]s1;MinimumTLSVersion","value":"[parameters(''MinimumTLSVersion'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''='', parameters(''MinimumTLSVersion'')))]"},{"allOf":[{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":""},{"value":"[parameters(''MinimumTLSVersion'')]","equals":"1.1"}]}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AuditSecureProtocol"},"MinimumTLSVersion":{"value":"[parameters(''MinimumTLSVersion'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"MinimumTLSVersion":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[SecureWebServer]s1;MinimumTLSVersion","value":"[parameters(''MinimumTLSVersion'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[SecureWebServer]s1;MinimumTLSVersion","value":"[parameters(''MinimumTLSVersion'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","type":"Microsoft.Authorization/policyDefinitions","name":"b2fc8f91-866d-4434-9089-5ebfe38d6fd8"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Logon-Logoff''","policyType":"BuiltIn","mode":"All","description":"This
@@ -9404,14 +15684,29 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''System Audit Policies - Logon-Logoff''. For more information on
Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesLogonLogoff","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b3802d79-dd88-4bce-b81d-780218e48280","type":"Microsoft.Authorization/policyDefinitions","name":"b3802d79-dd88-4bce-b81d-780218e48280"},{"properties":{"displayName":"Diagnostic
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesLogonLogoff","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b3802d79-dd88-4bce-b81d-780218e48280","type":"Microsoft.Authorization/policyDefinitions","name":"b3802d79-dd88-4bce-b81d-780218e48280"},{"properties":{"displayName":"Microsoft
+ Managed Control 1041 - Least Privilege | Privilege Levels For Code Execution","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1041"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b3d8d15b-627a-4219-8c96-4d16f788888b","type":"Microsoft.Authorization/policyDefinitions","name":"b3d8d15b-627a-4219-8c96-4d16f788888b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1380 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1380"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4319b7e-ea8d-42ff-8a67-ccd462972827","type":"Microsoft.Authorization/policyDefinitions","name":"b4319b7e-ea8d-42ff-8a67-ccd462972827"},{"properties":{"displayName":"Diagnostic
logs in Search services should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Search"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","type":"Microsoft.Authorization/policyDefinitions","name":"b4330a05-a843-4bc8-bf9a-cacce50c67f4"},{"properties":{"displayName":"[Deprecated]:
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","type":"Microsoft.Authorization/policyDefinitions","name":"b4330a05-a843-4bc8-bf9a-cacce50c67f4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1172 - Internal System Connections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1172"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b43e946e-a4c8-4b92-8201-4a39331db43c","type":"Microsoft.Authorization/policyDefinitions","name":"b43e946e-a4c8-4b92-8201-4a39331db43c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1672 - Flaw Remediation | Central Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1672"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b45fe972-904e-45a4-ac20-673ba027a301","type":"Microsoft.Authorization/policyDefinitions","name":"b45fe972-904e-45a4-ac20-673ba027a301"},{"properties":{"displayName":"Microsoft
+ Managed Control 1131 - Protection Of Audit Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1131"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b472a17e-c2bc-493f-b50b-42d55a346962","type":"Microsoft.Authorization/policyDefinitions","name":"b472a17e-c2bc-493f-b50b-42d55a346962"},{"properties":{"displayName":"[Deprecated]:
Audit Web Sockets state for an API App","policyType":"BuiltIn","mode":"All","description":"The
Web Sockets protocol is vulnerable to different types of security threats.
Use of Web Sockets within an API app must be carefully reviewed.","metadata":{"category":"Security
@@ -9420,7 +15715,10 @@ interactions:
security contact phone number should be provided for your subscription","policyType":"BuiltIn","mode":"All","description":"Enter
a phone number to receive notifications when Azure Security Center detects
compromised resources","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/phone","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","type":"Microsoft.Authorization/policyDefinitions","name":"b4d66858-c922-44e3-9566-5cdb7a7be744"},{"properties":{"displayName":"Service
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/phone","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","type":"Microsoft.Authorization/policyDefinitions","name":"b4d66858-c922-44e3-9566-5cdb7a7be744"},{"properties":{"displayName":"Microsoft
+ Managed Control 1286 - Telecommunications Services | Provider Contingency
+ Plan","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1286"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4f9b47a-2116-4e6f-88db-4edbf22753f1","type":"Microsoft.Authorization/policyDefinitions","name":"b4f9b47a-2116-4e6f-88db-4edbf22753f1"},{"properties":{"displayName":"Service
Fabric clusters should only use Azure Active Directory for client authentication","policyType":"BuiltIn","mode":"Indexed","description":"Audit
usage of client authentication only via Azure Active Directory in Service
Fabric","metadata":{"category":"Service Fabric"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -9428,20 +15726,34 @@ interactions:
Advanced Threat Protection for Cosmos DB Accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
policy enables Advanced Threat Protection across Cosmos DB accounts.","metadata":{"category":"Cosmos
DB"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"cosmosDbAccountName":{"type":"string"}},"resources":[{"apiVersion":"2017-08-01-preview","type":"Microsoft.DocumentDB/databaseAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''cosmosDbAccountName''),
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"cosmosDbAccountName":{"type":"string"}},"resources":[{"apiVersion":"2019-01-01","type":"Microsoft.DocumentDB/databaseAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''cosmosDbAccountName''),
''/Microsoft.Security/current'')]","properties":{"isEnabled":true}}]},"parameters":{"cosmosDbAccountName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656","type":"Microsoft.Authorization/policyDefinitions","name":"b5f04e03-92a3-4b09-9410-2cc5e5047656"},{"properties":{"displayName":"Diagnostic
logs in App Services should be enabled","policyType":"BuiltIn","mode":"All","description":"Audit
enabling of diagnostic logs on the app. This enables you to recreate activity
trails for investigation purposes if a security incident occurs or your network
is compromised","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","notContains":"functionapp"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"allOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","type":"Microsoft.Authorization/policyDefinitions","name":"b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0"},{"properties":{"displayName":"Network
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","notContains":"functionapp"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"allOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","type":"Microsoft.Authorization/policyDefinitions","name":"b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1419 - Nonlocal Maintenance | Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1419"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6747bf9-2b97-45b8-b162-3c8becb9937d","type":"Microsoft.Authorization/policyDefinitions","name":"b6747bf9-2b97-45b8-b162-3c8becb9937d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1301 - Identification And Authentication (Org. Users) | Network
+ Access To Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1301"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08","type":"Microsoft.Authorization/policyDefinitions","name":"b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08"},{"properties":{"displayName":"Microsoft
+ Managed Control 1568 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1568"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6a8eae8-9854-495a-ac82-d2cd3eac02a6","type":"Microsoft.Authorization/policyDefinitions","name":"b6a8eae8-9854-495a-ac82-d2cd3eac02a6"},{"properties":{"displayName":"Network
Watcher should be enabled","policyType":"BuiltIn","mode":"All","description":"Network
Watcher is a regional service that enables you to monitor and diagnose conditions
at a network scenario level in, to, and from Azure. Scenario level monitoring
enables you to diagnose problems at an end to end network level view. Network
diagnostic and visualization tools available with Network Watcher help you
understand, diagnose, and gain insights to your network in Azure.","metadata":{"category":"Network"},"parameters":{"listOfLocations":{"type":"Array","metadata":{"displayName":"Locations","description":"Audit
- if Network Watcher is not enabled for region(s).","strongType":"location"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Network/networkWatchers","resourceGroupName":"NetworkWatcherRG","existenceCondition":{"field":"location","in":"[parameters(''listOfLocations'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","type":"Microsoft.Authorization/policyDefinitions","name":"b6e2945c-0b7b-40f5-9233-7a5323b5cdc6"},{"properties":{"displayName":"API
+ if Network Watcher is not enabled for region(s).","strongType":"location"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Network/networkWatchers","resourceGroupName":"NetworkWatcherRG","existenceCondition":{"field":"location","in":"[parameters(''listOfLocations'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","type":"Microsoft.Authorization/policyDefinitions","name":"b6e2945c-0b7b-40f5-9233-7a5323b5cdc6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1608 - Supply Chain Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1608"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b73b7b3b-677c-4a2a-b949-ad4dc4acd89f","type":"Microsoft.Authorization/policyDefinitions","name":"b73b7b3b-677c-4a2a-b949-ad4dc4acd89f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1401 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1401"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b78ee928-e3c1-4569-ad97-9f8c4b629847","type":"Microsoft.Authorization/policyDefinitions","name":"b78ee928-e3c1-4569-ad97-9f8c4b629847"},{"properties":{"displayName":"API
App should only be accessible over HTTPS","policyType":"BuiltIn","mode":"Indexed","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -9457,13 +15769,13 @@ interactions:
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"Members":{"type":"String","metadata":{"displayName":"Members","description":"A
semicolon-separated list of all the expected members of the Administrators
local group. Ex: Administrator; myUser1; myUser2"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AdministratorsGroupMembers","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[LocalGroup]AdministratorsGroup;Members'',
- ''='', parameters(''Members'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AdministratorsGroupMembers"},"Members":{"value":"[parameters(''Members'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"Members":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;Members","value":"[parameters(''Members'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;Members","value":"[parameters(''Members'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''='', parameters(''Members'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AdministratorsGroupMembers"},"Members":{"value":"[parameters(''Members'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"Members":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;Members","value":"[parameters(''Members'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;Members","value":"[parameters(''Members'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b821191b-3a12-44bc-9c38-212138a29ff3","type":"Microsoft.Authorization/policyDefinitions","name":"b821191b-3a12-44bc-9c38-212138a29ff3"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Accounts''","policyType":"BuiltIn","mode":"All","description":"This policy
@@ -9471,7 +15783,37 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Security
Options - Accounts''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAccounts","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b872a447-cc6f-43b9-bccf-45703cd81607","type":"Microsoft.Authorization/policyDefinitions","name":"b872a447-cc6f-43b9-bccf-45703cd81607"},{"properties":{"displayName":"[Preview]:
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAccounts","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b872a447-cc6f-43b9-bccf-45703cd81607","type":"Microsoft.Authorization/policyDefinitions","name":"b872a447-cc6f-43b9-bccf-45703cd81607"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Logic Apps to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Logic Apps to stream to a regional Log Analytics
+ workspace when any Logic Apps which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Logic/workflows/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"WorkflowRuntime","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721","type":"Microsoft.Authorization/policyDefinitions","name":"b889a06c-ec72-4b03-910a-cb169ee18721"},{"properties":{"displayName":"Microsoft
+ Managed Control 1257 - Contingency Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1257"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b958b241-4245-4bd6-bd2d-b8f0779fb543","type":"Microsoft.Authorization/policyDefinitions","name":"b958b241-4245-4bd6-bd2d-b8f0779fb543"},{"properties":{"displayName":"Microsoft
+ Managed Control 1186 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1186"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b95ba3bd-4ded-49ea-9d10-c6f4b680813d","type":"Microsoft.Authorization/policyDefinitions","name":"b95ba3bd-4ded-49ea-9d10-c6f4b680813d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1447 - Physical Access Authorizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1447"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b9783a99-98fe-4a95-873f-29613309fe9a","type":"Microsoft.Authorization/policyDefinitions","name":"b9783a99-98fe-4a95-873f-29613309fe9a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1625 - Boundary Protection | Access Points","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1625"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b9b66a4d-70a1-4b47-8fa1-289cec68c605","type":"Microsoft.Authorization/policyDefinitions","name":"b9b66a4d-70a1-4b47-8fa1-289cec68c605"},{"properties":{"displayName":"Microsoft
+ Managed Control 1610 - Development Process, Standards, And Tools","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1610"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b9f3fb54-4222-46a1-a308-4874061f8491","type":"Microsoft.Authorization/policyDefinitions","name":"b9f3fb54-4222-46a1-a308-4874061f8491"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Recovery console''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -9479,7 +15821,23 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - Recovery console''. For more information on
Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsRecoveryconsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b","type":"Microsoft.Authorization/policyDefinitions","name":"ba12366f-f9a6-42b8-9d98-157d0b1a837b"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsRecoveryconsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b","type":"Microsoft.Authorization/policyDefinitions","name":"ba12366f-f9a6-42b8-9d98-157d0b1a837b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1606 - Developer Security Testing And Evaluation | Threat
+ And Vulnerability Analyses","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1606"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca","type":"Microsoft.Authorization/policyDefinitions","name":"baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1726 - Information Handling And Retention","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1726"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/baff1279-05e0-4463-9a70-8ba5de4c7aa4","type":"Microsoft.Authorization/policyDefinitions","name":"baff1279-05e0-4463-9a70-8ba5de4c7aa4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1166 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1166"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bb02733d-3cc5-4bb0-a6cd-695ba2c2272e","type":"Microsoft.Authorization/policyDefinitions","name":"bb02733d-3cc5-4bb0-a6cd-695ba2c2272e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1188 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1188"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bb20548a-c926-4e4d-855c-bcddc6faf95e","type":"Microsoft.Authorization/policyDefinitions","name":"bb20548a-c926-4e4d-855c-bcddc6faf95e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1533 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1533"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bba2a036-fb3b-4261-b1be-a13dfb5fbcaa","type":"Microsoft.Authorization/policyDefinitions","name":"bba2a036-fb3b-4261-b1be-a13dfb5fbcaa"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Microsoft Network Client''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -9528,7 +15886,14 @@ interactions:
the latest supported Python version for the latest security classes. Using
older classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPython","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644","type":"Microsoft.Authorization/policyDefinitions","name":"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPython","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644","type":"Microsoft.Authorization/policyDefinitions","name":"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644"},{"properties":{"displayName":"Microsoft
+ Managed Control 1194 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1194"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc34667f-397e-4a65-9b72-d0358f0b6b09","type":"Microsoft.Authorization/policyDefinitions","name":"bc34667f-397e-4a65-9b72-d0358f0b6b09"},{"properties":{"displayName":"Microsoft
+ Managed Control 1095 - Role-Based Security Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1095"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc3f6f7a-057b-433e-9834-e8c97b0194f6","type":"Microsoft.Authorization/policyDefinitions","name":"bc3f6f7a-057b-433e-9834-e8c97b0194f6"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Account Logon''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -9536,7 +15901,16 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''System Audit Policies - Account Logon''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesAccountLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc87d811-4a9b-47cc-ae54-0a41abda7768","type":"Microsoft.Authorization/policyDefinitions","name":"bc87d811-4a9b-47cc-ae54-0a41abda7768"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesAccountLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc87d811-4a9b-47cc-ae54-0a41abda7768","type":"Microsoft.Authorization/policyDefinitions","name":"bc87d811-4a9b-47cc-ae54-0a41abda7768"},{"properties":{"displayName":"Microsoft
+ Managed Control 1427 - Media Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1427"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc90e44f-d83f-4bdf-900f-3d5eb4111b31","type":"Microsoft.Authorization/policyDefinitions","name":"bc90e44f-d83f-4bdf-900f-3d5eb4111b31"},{"properties":{"displayName":"Microsoft
+ Managed Control 1351 - Incident Response Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1351"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bcfb6683-05e5-4ce6-9723-c3fbe9896bdd","type":"Microsoft.Authorization/policyDefinitions","name":"bcfb6683-05e5-4ce6-9723-c3fbe9896bdd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1050 - Concurrent Session Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1050"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bd20184c-b4ec-4ce5-8db6-6e86352d183f","type":"Microsoft.Authorization/policyDefinitions","name":"bd20184c-b4ec-4ce5-8db6-6e86352d183f"},{"properties":{"displayName":"[Preview]:
IP Forwarding on your virtual machine should be disabled","policyType":"BuiltIn","mode":"All","description":"Enabling
IP forwarding on a virtual machine''s NIC allows the machine to receive traffic
addressed to other destinations. IP forwarding is rarely required (e.g., when
@@ -9561,7 +15935,38 @@ interactions:
the latest supported Java version for the latest security classes. Using older
classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6","type":"Microsoft.Authorization/policyDefinitions","name":"be0a7681-bed4-48dc-9ff3-f0171ee170b6"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6","type":"Microsoft.Authorization/policyDefinitions","name":"be0a7681-bed4-48dc-9ff3-f0171ee170b6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1360 - Incident Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1360"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/be5b05e7-0b82-4ebc-9eda-25e447b1a41e","type":"Microsoft.Authorization/policyDefinitions","name":"be5b05e7-0b82-4ebc-9eda-25e447b1a41e"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Key Vault to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Key Vault to stream to a regional Log Analytics
+ workspace when any Key Vault which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.KeyVault/vaults/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"AuditEvent","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47","type":"Microsoft.Authorization/policyDefinitions","name":"bef3f64c-5290-43b7-85b0-9b254eef4c47"},{"properties":{"displayName":"Microsoft
+ Managed Control 1152 - System Interconnections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1152"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/beff0acf-7e67-40b2-b1ca-1a0e8205cf1b","type":"Microsoft.Authorization/policyDefinitions","name":"beff0acf-7e67-40b2-b1ca-1a0e8205cf1b"},{"properties":{"displayName":"Geo-redundant
+ storage should be enabled for Storage Accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Storage Account with geo-redundant storage not enabled.","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":["Standard_GRS","Standard_RAGRS","Standard_GZRS","Standard_RAGZRS"]}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bf045164-79ba-4215-8f95-f8048dc1780b","type":"Microsoft.Authorization/policyDefinitions","name":"bf045164-79ba-4215-8f95-f8048dc1780b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1590 - External Information System Services | Risk Assessments
+ / Organizational Approvals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1590"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bf296b8c-f391-4ea4-9198-be3c9d39dd1f","type":"Microsoft.Authorization/policyDefinitions","name":"bf296b8c-f391-4ea4-9198-be3c9d39dd1f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1446 - Physical And Environmental Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1446"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bf6850fe-abba-468e-9ef4-d09ec7d983cd","type":"Microsoft.Authorization/policyDefinitions","name":"bf6850fe-abba-468e-9ef4-d09ec7d983cd"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - Logon-Logoff''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -9582,8 +15987,42 @@ interactions:
policy governs the virtual machine extensions that are not approved.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"approvedExtensions":{"type":"Array","metadata":{"description":"The
list of approved extension types that can be installed. Example: AzureDiskEncryption","displayName":"Approved
- extensions"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines/extensions"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","notIn":"[parameters(''approvedExtensions'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432","type":"Microsoft.Authorization/policyDefinitions","name":"c0e996f8-39cf-4af9-9f45-83fbde810432"},{"properties":{"displayName":"Allow
- resource creation only in Asia data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ extensions"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines/extensions"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","notIn":"[parameters(''approvedExtensions'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432","type":"Microsoft.Authorization/policyDefinitions","name":"c0e996f8-39cf-4af9-9f45-83fbde810432"},{"properties":{"displayName":"Microsoft
+ Managed Control 1124 - Audit Reduction And Report Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1124"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c10152dd-78f8-4335-ae2d-ad92cc028da4","type":"Microsoft.Authorization/policyDefinitions","name":"c10152dd-78f8-4335-ae2d-ad92cc028da4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1676 - Malicious Code Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1676"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c10fb58b-56a8-489e-9ce3-7ffe24e78e4b","type":"Microsoft.Authorization/policyDefinitions","name":"c10fb58b-56a8-489e-9ce3-7ffe24e78e4b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1719 - Spam Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1719"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c13da9b4-fe14-4fe2-853a-5997c9d4215a","type":"Microsoft.Authorization/policyDefinitions","name":"c13da9b4-fe14-4fe2-853a-5997c9d4215a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1226 - Information System Component Inventory | Automated
+ Unauthorized Component Detection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1226"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c158eb1c-ae7e-4081-8057-d527140c4e0c","type":"Microsoft.Authorization/policyDefinitions","name":"c158eb1c-ae7e-4081-8057-d527140c4e0c"},{"properties":{"displayName":"Deploy
+ associations for a custom provider","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ an association resource that associates selected resource types to the specified
+ custom provider. This policy deployment does not support nested resource types.","metadata":{"category":"Custom
+ Provider"},"parameters":{"targetCustomProviderId":{"type":"String","metadata":{"displayName":"Custom
+ provider Id","description":"Resource ID of the Custom provider to which resources
+ need to be associated."}},"resourceTypesToAssociate":{"type":"Array","metadata":{"displayName":"Resource
+ types to associate","description":"The list of resource types to be associated
+ to the custom provider.","strongType":"resourceTypes"}},"associationNamePrefix":{"type":"String","metadata":{"displayName":"Association
+ name prefix","description":"Prefix to be added to the name of the association
+ resource being created."},"defaultValue":"DeployedByPolicy"}},"policyRule":{"if":{"field":"type","in":"[parameters(''resourceTypesToAssociate'')]"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.CustomProviders/Associations","name":"[concat(parameters(''associationNamePrefix''),
+ ''-'', uniqueString(parameters(''targetCustomProviderId'')))]","roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"associatedResourceName":{"type":"string"},"resourceTypesToAssociate":{"type":"string"},"targetCustomProviderId":{"type":"string"},"associationNamePrefix":{"type":"string"}},"variables":{"resourceType":"[concat(parameters(''resourceTypesToAssociate''),
+ ''/providers/associations'')]","resourceName":"[concat(parameters(''associatedResourceName''),
+ ''/microsoft.customproviders/'', parameters(''associationNamePrefix''), ''-'',
+ uniqueString(parameters(''targetCustomProviderId'')))]"},"resources":[{"type":"Microsoft.Resources/deployments","apiVersion":"2017-05-10","name":"[concat(deployment().Name,
+ ''-2'')]","properties":{"mode":"Incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[{"type":"[variables(''resourceType'')]","name":"[variables(''resourceName'')]","apiVersion":"2018-09-01-preview","properties":{"targetResourceId":"[parameters(''targetCustomProviderId'')]"}}]}}}]},"parameters":{"resourceTypesToAssociate":{"value":"[field(''type'')]"},"associatedResourceName":{"value":"[field(''name'')]"},"targetCustomProviderId":{"value":"[parameters(''targetCustomProviderId'')]"},"associationNamePrefix":{"value":"[parameters(''associationNamePrefix'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c15c281f-ea5c-44cd-90b8-fc3c14d13f0c","type":"Microsoft.Authorization/policyDefinitions","name":"c15c281f-ea5c-44cd-90b8-fc3c14d13f0c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1629 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1629"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c171b095-7756-41de-8644-a062a96043f2","type":"Microsoft.Authorization/policyDefinitions","name":"c171b095-7756-41de-8644-a062a96043f2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1004 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1004"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c17822dc-736f-4eb4-a97d-e6be662ff835","type":"Microsoft.Authorization/policyDefinitions","name":"c17822dc-736f-4eb4-a97d-e6be662ff835"},{"properties":{"displayName":"[Deprecated]:
+ Allow resource creation only in Asia data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation in the following locations only: East Asia, Southeast Asia,
West India, South India, Central India, Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["eastasia","southeastasia","westindia","southindia","centralindia","japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94","type":"Microsoft.Authorization/policyDefinitions","name":"c1b9cbed-08e3-427d-b9ce-7c535b1e9b94"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
@@ -9604,7 +16043,9 @@ interactions:
Credential Validation;ExpectedValue'', ''='', parameters(''AuditCredentialValidation'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesAccountLogon"},"AuditCredentialValidation":{"value":"[parameters(''AuditCredentialValidation'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AuditCredentialValidation":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit
Credential Validation;ExpectedValue","value":"[parameters(''AuditCredentialValidation'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1e289c0-ffad-475d-a924-adc058765d65","type":"Microsoft.Authorization/policyDefinitions","name":"c1e289c0-ffad-475d-a924-adc058765d65"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1e289c0-ffad-475d-a924-adc058765d65","type":"Microsoft.Authorization/policyDefinitions","name":"c1e289c0-ffad-475d-a924-adc058765d65"},{"properties":{"displayName":"Microsoft
+ Managed Control 1503 - Information Security Architecture","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1503"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1fa9c2f-d439-4ab9-8b83-81fb1934f81d","type":"Microsoft.Authorization/policyDefinitions","name":"c1fa9c2f-d439-4ab9-8b83-81fb1934f81d"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that are not set to the specified time
zone","policyType":"BuiltIn","mode":"Indexed","description":"This policy creates
a Guest Configuration assignment to audit Windows virtual machines that are
@@ -9665,13 +16106,13 @@ interactions:
Fiji","(UTC+12:00) Petropavlovsk-Kamchatsky - Old","(UTC+12:45) Chatham Islands","(UTC+13:00)
Coordinated Universal Time+13","(UTC+13:00) Nuku''alofa","(UTC+13:00) Samoa","(UTC+14:00)
Kiritimati Island"]}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsTimeZone","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[WindowsTimeZone]WindowsTimeZone1;TimeZone'',
- ''='', parameters(''TimeZone'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsTimeZone"},"TimeZone":{"value":"[parameters(''TimeZone'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"TimeZone":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''='', parameters(''TimeZone'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsTimeZone"},"TimeZone":{"value":"[parameters(''TimeZone'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"TimeZone":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c21f7060-c148-41cf-a68b-0ab3e14c764c","type":"Microsoft.Authorization/policyDefinitions","name":"c21f7060-c148-41cf-a68b-0ab3e14c764c"},{"properties":{"displayName":"Show
audit results from Windows VMs on which the specified services are not installed
and ''Running''","policyType":"BuiltIn","mode":"All","description":"This policy
@@ -9679,7 +16120,24 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines on which the specified services are not installed and ''Running''.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsServiceStatus","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a","type":"Microsoft.Authorization/policyDefinitions","name":"c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a"},{"properties":{"displayName":"System
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsServiceStatus","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a","type":"Microsoft.Authorization/policyDefinitions","name":"c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a"},{"properties":{"displayName":"Ensure
+ that ''.Net Framework'' version is the latest, if used as a part of the API
+ app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for .Net Framework software either due to security
+ flaws or to include additional functionality. Using the latest .Net framework
+ version for web apps is recommended in order to to take advantage of security
+ fixes, if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.netFrameworkVersion","in":["v3.0","v4.0"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c2e7ca55-f62c-49b2-89a4-d41eb661d2f0","type":"Microsoft.Authorization/policyDefinitions","name":"c2e7ca55-f62c-49b2-89a4-d41eb661d2f0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1176 - Baseline Configuration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1176"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c30690a5-7bf3-467f-b0cd-ef5c7c7449cd","type":"Microsoft.Authorization/policyDefinitions","name":"c30690a5-7bf3-467f-b0cd-ef5c7c7449cd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1389 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1389"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c39e6fda-ae70-4891-a739-be7bba6d1062","type":"Microsoft.Authorization/policyDefinitions","name":"c39e6fda-ae70-4891-a739-be7bba6d1062"},{"properties":{"displayName":"Microsoft
+ Managed Control 1390 - Information Spillage Response | Responsible Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1390"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c3b65b63-09ec-4cb5-8028-7dd324d10eb0","type":"Microsoft.Authorization/policyDefinitions","name":"c3b65b63-09ec-4cb5-8028-7dd324d10eb0"},{"properties":{"displayName":"System
updates on virtual machine scale sets should be installed","policyType":"BuiltIn","mode":"Indexed","description":"Audit
whether there are any missing system security updates and critical updates
that should be installed to ensure that your Windows and Linux virtual machine
@@ -9691,11 +16149,37 @@ interactions:
auditing Linux virtual machines that have accounts without passwords. For
more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid232","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","type":"Microsoft.Authorization/policyDefinitions","name":"c40c9087-1981-4e73-9f53-39743eda9d05"},{"properties":{"displayName":"Microsoft
+ Managed Control 1220 - Least Functionality | Authorized Software / Whitelisting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1220"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c40f31a7-81e1-4130-99e5-a02ceea2a1d6","type":"Microsoft.Authorization/policyDefinitions","name":"c40f31a7-81e1-4130-99e5-a02ceea2a1d6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1513 - Personnel Screening | Information With Special Protection
+ Measures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1513"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c416970d-b12b-49eb-8af4-fb144cd7c290","type":"Microsoft.Authorization/policyDefinitions","name":"c416970d-b12b-49eb-8af4-fb144cd7c290"},{"properties":{"displayName":"Microsoft
Antimalware for Azure should be configured to automatically update protection
signatures","policyType":"BuiltIn","mode":"Indexed","description":"This policy
audits any Windows virtual machine not configured with automatic update of
Microsoft Antimalware protection signatures.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType","equals":"Windows"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"},{"field":"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c43e4a30-77cb-48ab-a4dd-93f175c63b57","type":"Microsoft.Authorization/policyDefinitions","name":"c43e4a30-77cb-48ab-a4dd-93f175c63b57"},{"properties":{"displayName":"[Preview]:
+ Container Registry should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Container Registry not configured to use a virtual network
+ service endpoint.","metadata":{"category":"Network","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerRegistry/registries"},{"anyOf":[{"field":"Microsoft.ContainerRegistry/registries/networkRuleSet.defaultAction","notEquals":"Deny"},{"field":"Microsoft.ContainerRegistry/registries/networkRuleSet.virtualNetworkRules[*].action","exists":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c4857be7-912a-4c75-87e6-e30292bcdf78","type":"Microsoft.Authorization/policyDefinitions","name":"c4857be7-912a-4c75-87e6-e30292bcdf78"},{"properties":{"displayName":"Microsoft
+ Managed Control 1235 - Software Usage Restrictions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1235"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c49c610b-ece4-44b3-988c-2172b70d6e46","type":"Microsoft.Authorization/policyDefinitions","name":"c49c610b-ece4-44b3-988c-2172b70d6e46"},{"properties":{"displayName":"Microsoft
+ Managed Control 1173 - Internal System Connections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1173"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c4aff9e7-2e60-46fa-86be-506b79033fc5","type":"Microsoft.Authorization/policyDefinitions","name":"c4aff9e7-2e60-46fa-86be-506b79033fc5"},{"properties":{"displayName":"Managed
+ identity should be used in your API App","policyType":"BuiltIn","mode":"Indexed","description":"Use
+ a managed identity for enhanced authentication security","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","type":"Microsoft.Authorization/policyDefinitions","name":"c4d441f8-f9d9-4a9e-9cef-e82117cb3eef"},{"properties":{"displayName":"Microsoft
+ Managed Control 1600 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1600"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c53f3123-d233-44a7-930b-f40d3bfeb7d6","type":"Microsoft.Authorization/policyDefinitions","name":"c53f3123-d233-44a7-930b-f40d3bfeb7d6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1408 - Maintenance Tools | Prevent Unauthorized Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1408"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c5f56ac6-4bb2-4086-bc41-ad76344ba2c2","type":"Microsoft.Authorization/policyDefinitions","name":"c5f56ac6-4bb2-4086-bc41-ad76344ba2c2"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that contain certificates expiring
within the specified number of days","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -9729,26 +16213,67 @@ interactions:
''='', parameters(''ExpirationLimitInDays''), '','', ''[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude'',
''='', parameters(''CertificateThumbprintsToInclude''), '','', ''[CertificateStore]CertificateStore1;CertificateThumbprintsToExclude'',
''='', parameters(''CertificateThumbprintsToExclude''), '','', ''[CertificateStore]CertificateStore1;IncludeExpiredCertificates'',
- ''='', parameters(''IncludeExpiredCertificates'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"CertificateExpiration"},"CertificateStorePath":{"value":"[parameters(''CertificateStorePath'')]"},"ExpirationLimitInDays":{"value":"[parameters(''ExpirationLimitInDays'')]"},"CertificateThumbprintsToInclude":{"value":"[parameters(''CertificateThumbprintsToInclude'')]"},"CertificateThumbprintsToExclude":{"value":"[parameters(''CertificateThumbprintsToExclude'')]"},"IncludeExpiredCertificates":{"value":"[parameters(''IncludeExpiredCertificates'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"CertificateStorePath":{"type":"string"},"ExpirationLimitInDays":{"type":"string"},"CertificateThumbprintsToInclude":{"type":"string"},"CertificateThumbprintsToExclude":{"type":"string"},"IncludeExpiredCertificates":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateStorePath","value":"[parameters(''CertificateStorePath'')]"},{"name":"[CertificateStore]CertificateStore1;ExpirationLimitInDays","value":"[parameters(''ExpirationLimitInDays'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprintsToInclude'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToExclude","value":"[parameters(''CertificateThumbprintsToExclude'')]"},{"name":"[CertificateStore]CertificateStore1;IncludeExpiredCertificates","value":"[parameters(''IncludeExpiredCertificates'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateStorePath","value":"[parameters(''CertificateStorePath'')]"},{"name":"[CertificateStore]CertificateStore1;ExpirationLimitInDays","value":"[parameters(''ExpirationLimitInDays'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprintsToInclude'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToExclude","value":"[parameters(''CertificateThumbprintsToExclude'')]"},{"name":"[CertificateStore]CertificateStore1;IncludeExpiredCertificates","value":"[parameters(''IncludeExpiredCertificates'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c5fbc59e-fb6f-494f-81e2-d99a671bdaa8","type":"Microsoft.Authorization/policyDefinitions","name":"c5fbc59e-fb6f-494f-81e2-d99a671bdaa8"},{"properties":{"displayName":"Email
+ ''='', parameters(''IncludeExpiredCertificates'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"CertificateExpiration"},"CertificateStorePath":{"value":"[parameters(''CertificateStorePath'')]"},"ExpirationLimitInDays":{"value":"[parameters(''ExpirationLimitInDays'')]"},"CertificateThumbprintsToInclude":{"value":"[parameters(''CertificateThumbprintsToInclude'')]"},"CertificateThumbprintsToExclude":{"value":"[parameters(''CertificateThumbprintsToExclude'')]"},"IncludeExpiredCertificates":{"value":"[parameters(''IncludeExpiredCertificates'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"CertificateStorePath":{"type":"string"},"ExpirationLimitInDays":{"type":"string"},"CertificateThumbprintsToInclude":{"type":"string"},"CertificateThumbprintsToExclude":{"type":"string"},"IncludeExpiredCertificates":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateStorePath","value":"[parameters(''CertificateStorePath'')]"},{"name":"[CertificateStore]CertificateStore1;ExpirationLimitInDays","value":"[parameters(''ExpirationLimitInDays'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprintsToInclude'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToExclude","value":"[parameters(''CertificateThumbprintsToExclude'')]"},{"name":"[CertificateStore]CertificateStore1;IncludeExpiredCertificates","value":"[parameters(''IncludeExpiredCertificates'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateStorePath","value":"[parameters(''CertificateStorePath'')]"},{"name":"[CertificateStore]CertificateStore1;ExpirationLimitInDays","value":"[parameters(''ExpirationLimitInDays'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprintsToInclude'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToExclude","value":"[parameters(''CertificateThumbprintsToExclude'')]"},{"name":"[CertificateStore]CertificateStore1;IncludeExpiredCertificates","value":"[parameters(''IncludeExpiredCertificates'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c5fbc59e-fb6f-494f-81e2-d99a671bdaa8","type":"Microsoft.Authorization/policyDefinitions","name":"c5fbc59e-fb6f-494f-81e2-d99a671bdaa8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1670 - Flaw Remediation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1670"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c6108469-57ee-4666-af7e-79ba61c7ae0c","type":"Microsoft.Authorization/policyDefinitions","name":"c6108469-57ee-4666-af7e-79ba61c7ae0c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1190 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1190"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c66a3d1e-465b-4f28-9da5-aef701b59892","type":"Microsoft.Authorization/policyDefinitions","name":"c66a3d1e-465b-4f28-9da5-aef701b59892"},{"properties":{"displayName":"Microsoft
+ Managed Control 1120 - Audit Review, Analysis, And Reporting | Integration
+ / Scanning And Monitoring Capabilities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1120"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c69b870e-857b-458b-af02-bb234f7a00d3","type":"Microsoft.Authorization/policyDefinitions","name":"c69b870e-857b-458b-af02-bb234f7a00d3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1125 - Audit Reduction And Report Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1125"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c6ce745a-670e-47d3-a6c4-3cfe5ef00c10","type":"Microsoft.Authorization/policyDefinitions","name":"c6ce745a-670e-47d3-a6c4-3cfe5ef00c10"},{"properties":{"displayName":"Microsoft
+ Managed Control 1619 - Information In Shared Resources","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1619"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c722e569-cb52-45f3-a643-836547d016e1","type":"Microsoft.Authorization/policyDefinitions","name":"c722e569-cb52-45f3-a643-836547d016e1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1121 - Audit Review, Analysis, And Reporting | Correlation
+ With Physical Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1121"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c72b0eb9-1fc2-44e5-a866-e7cb0532f7c1","type":"Microsoft.Authorization/policyDefinitions","name":"c72b0eb9-1fc2-44e5-a866-e7cb0532f7c1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1353 - Incident Response Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1353"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c785ad59-f78f-44ad-9a7f-d1202318c748","type":"Microsoft.Authorization/policyDefinitions","name":"c785ad59-f78f-44ad-9a7f-d1202318c748"},{"properties":{"displayName":"Email
notifications to admins and subscription owners should be enabled in SQL server
advanced data security settings","policyType":"BuiltIn","mode":"Indexed","description":"Audit
that ''email notification to admins and subscription owners'' is enabled in
the SQL server advanced threat protection settings. This ensures that any
detections of anomalous activities on SQL server are reported as soon as possible
to the admins.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","type":"Microsoft.Authorization/policyDefinitions","name":"c8343d2f-fdc9-4a97-b76f-fc71d1163bfc"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","type":"Microsoft.Authorization/policyDefinitions","name":"c8343d2f-fdc9-4a97-b76f-fc71d1163bfc"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Batch Account to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Batch Account to stream to a regional Log Analytics
+ workspace when any Batch Account which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Batch/batchAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Batch/batchAccounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ServiceLog","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5","type":"Microsoft.Authorization/policyDefinitions","name":"c84e5349-db6d-4769-805e-e14037dab9b5"},{"properties":{"displayName":"[Deprecated]:
API App should only be accessible over HTTPS","policyType":"BuiltIn","mode":"All","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"Security
Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForApiApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d","type":"Microsoft.Authorization/policyDefinitions","name":"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForApiApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d","type":"Microsoft.Authorization/policyDefinitions","name":"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1470 - Emergency Shutoff","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1470"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c89ba09f-2e0f-44d0-8095-65b05bd151ef","type":"Microsoft.Authorization/policyDefinitions","name":"c89ba09f-2e0f-44d0-8095-65b05bd151ef"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Interactive Logon''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -9756,7 +16281,10 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - Interactive Logon''. For more information on
Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsInteractiveLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8abcef9-fc26-482f-b8db-5fa60ee4586d","type":"Microsoft.Authorization/policyDefinitions","name":"c8abcef9-fc26-482f-b8db-5fa60ee4586d"},{"properties":{"displayName":"Diagnostic
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsInteractiveLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8abcef9-fc26-482f-b8db-5fa60ee4586d","type":"Microsoft.Authorization/policyDefinitions","name":"c8abcef9-fc26-482f-b8db-5fa60ee4586d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1018 - Account Management | Role-Based Schemes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1018"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c9121abf-e698-4ee9-b1cf-71ee528ff07f","type":"Microsoft.Authorization/policyDefinitions","name":"c9121abf-e698-4ee9-b1cf-71ee528ff07f"},{"properties":{"displayName":"Diagnostic
logs in Data Lake Analytics should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
@@ -9777,13 +16305,13 @@ interactions:
and deploys the VM extension for Guest Configuration. This policy should only
be used along with its corresponding audit policy in an initiative. For more
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPendingReboot"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPendingReboot"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c96f3246-4382-4264-bf6b-af0b35e23c3c","type":"Microsoft.Authorization/policyDefinitions","name":"c96f3246-4382-4264-bf6b-af0b35e23c3c"},{"properties":{"displayName":"Deploy
Diagnostic Settings for Network Security Groups","policyType":"BuiltIn","mode":"Indexed","description":"This
policy automatically deploys diagnostic settings to network security groups.
@@ -9805,11 +16333,30 @@ interactions:
service work as intended, allow the set of trusted Microsoft services to bypass
the network rules. These services will then use strong authentication to access
the storage account.","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","exists":"true"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","notContains":"AzureServices"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","type":"Microsoft.Authorization/policyDefinitions","name":"c9d007d0-c057-4772-b18c-01e546713bcd"},{"properties":{"displayName":"Remote
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","exists":"true"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","notContains":"AzureServices"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","type":"Microsoft.Authorization/policyDefinitions","name":"c9d007d0-c057-4772-b18c-01e546713bcd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1035 - Least Privilege | Authorize Access To Security Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1035"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ca94b046-45e2-444f-a862-dc8ce262a516","type":"Microsoft.Authorization/policyDefinitions","name":"ca94b046-45e2-444f-a862-dc8ce262a516"},{"properties":{"displayName":"Microsoft
+ Managed Control 1243 - Contingency Planning Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1243"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ca9a4469-d6df-4ab2-a42f-1213c396f0ec","type":"Microsoft.Authorization/policyDefinitions","name":"ca9a4469-d6df-4ab2-a42f-1213c396f0ec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1306 - Identification And Authentication (Org. Users) | Net.
+ Access To Priv. Accts. - Replay","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1306"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff","type":"Microsoft.Authorization/policyDefinitions","name":"cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff"},{"properties":{"displayName":"Remote
debugging should be turned off for Web Applications","policyType":"BuiltIn","mode":"Indexed","description":"Remote
debugging requires inbound ports to be opened on a web application. Remote
debugging should be turned off.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","type":"Microsoft.Authorization/policyDefinitions","name":"cb510bfd-1cba-4d9f-a230-cb0976f4bb71"},{"properties":{"displayName":"Show
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","type":"Microsoft.Authorization/policyDefinitions","name":"cb510bfd-1cba-4d9f-a230-cb0976f4bb71"},{"properties":{"displayName":"Microsoft
+ Managed Control 1486 - Alternate Work Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1486"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cb790345-a51f-43de-934e-98dbfaf9dca5","type":"Microsoft.Authorization/policyDefinitions","name":"cb790345-a51f-43de-934e-98dbfaf9dca5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1167 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1167"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cbb2be76-4891-430b-95a7-ca0b0a3d1300","type":"Microsoft.Authorization/policyDefinitions","name":"cbb2be76-4891-430b-95a7-ca0b0a3d1300"},{"properties":{"displayName":"Microsoft
+ Managed Control 1374 - Incident Response Assistance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1374"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cc5c8616-52ef-4e5e-8000-491634ed9249","type":"Microsoft.Authorization/policyDefinitions","name":"cc5c8616-52ef-4e5e-8000-491634ed9249"},{"properties":{"displayName":"Show
audit results from Windows VMs in which the Administrators group does not
contain only the specified members","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -9828,15 +16375,31 @@ interactions:
policy enables you to specify a set of virtual machine SKUs that your organization
can deploy.","metadata":{"category":"Compute"},"parameters":{"listOfAllowedSKUs":{"type":"Array","metadata":{"description":"The
list of SKUs that can be specified for virtual machines.","displayName":"Allowed
- SKUs","strongType":"VMSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"field":"Microsoft.Compute/virtualMachines/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3","type":"Microsoft.Authorization/policyDefinitions","name":"cccc23c7-8427-4f53-ad12-b6a63eb452b3"},{"properties":{"displayName":"Allow
- resource creation if ''department'' tag set","policyType":"BuiltIn","mode":"Indexed","description":"Allows
- resource creation only if the ''department'' tag is set","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags","containsKey":"department"}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064","type":"Microsoft.Authorization/policyDefinitions","name":"cd8dc879-a2ae-43c3-8211-1877c5755064"},{"properties":{"displayName":"[Preview]:
+ SKUs","strongType":"VMSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"field":"Microsoft.Compute/virtualMachines/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3","type":"Microsoft.Authorization/policyDefinitions","name":"cccc23c7-8427-4f53-ad12-b6a63eb452b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1443 - Media Use","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1443"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd0ec6fa-a2e7-4361-aee4-a8688659a9ed","type":"Microsoft.Authorization/policyDefinitions","name":"cd0ec6fa-a2e7-4361-aee4-a8688659a9ed"},{"properties":{"displayName":"Inherit
+ a tag from the resource group","policyType":"BuiltIn","mode":"Indexed","description":"Adds
+ or replaces the specified tag and value from the parent resource group when
+ any resource is created or updated. Existing resources can be remediated by
+ triggering a remediation task.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"allOf":[{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","notEquals":"[resourceGroup().tags[parameters(''tagName'')]]"},{"value":"[resourceGroup().tags[parameters(''tagName'')]]","notEquals":""}]},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"addOrReplace","field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","value":"[resourceGroup().tags[parameters(''tagName'')]]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd3aa116-8754-49c9-a813-ad46512ece54","type":"Microsoft.Authorization/policyDefinitions","name":"cd3aa116-8754-49c9-a813-ad46512ece54"},{"properties":{"displayName":"[Deprecated]:
+ Allow resource creation if ''department'' tag set","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ resource creation only if the ''department'' tag is set","metadata":{"category":"Tags","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags","containsKey":"department"}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064","type":"Microsoft.Authorization/policyDefinitions","name":"cd8dc879-a2ae-43c3-8211-1877c5755064"},{"properties":{"displayName":"Microsoft
+ Managed Control 1582 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1582"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd9e2f38-259b-462c-bfad-0ad7ab4e65c5","type":"Microsoft.Authorization/policyDefinitions","name":"cd9e2f38-259b-462c-bfad-0ad7ab4e65c5"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that allow re-use of the previous 24 passwords","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that allow re-use of the previous 24 passwords.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","type":"Microsoft.Authorization/policyDefinitions","name":"cdbf72d9-ac9c-4026-8a3a-491a5ac59293"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","type":"Microsoft.Authorization/policyDefinitions","name":"cdbf72d9-ac9c-4026-8a3a-491a5ac59293"},{"properties":{"displayName":"Microsoft
+ Managed Control 1104 - Audit Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1104"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cdd8d244-18b2-4306-a1d1-df175ae0935f","type":"Microsoft.Authorization/policyDefinitions","name":"cdd8d244-18b2-4306-a1d1-df175ae0935f"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - Privilege Use''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -9847,14 +16410,45 @@ interactions:
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPrivilegeUse","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesPrivilegeUse"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ce2370f6-0ac5-4d85-8ab4-10721cc640b0","type":"Microsoft.Authorization/policyDefinitions","name":"ce2370f6-0ac5-4d85-8ab4-10721cc640b0"},{"properties":{"displayName":"Diagnostic
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ce2370f6-0ac5-4d85-8ab4-10721cc640b0","type":"Microsoft.Authorization/policyDefinitions","name":"ce2370f6-0ac5-4d85-8ab4-10721cc640b0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1209 - Configuration Settings","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1209"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ce669c31-9103-4552-ae9c-cdef4e03580d","type":"Microsoft.Authorization/policyDefinitions","name":"ce669c31-9103-4552-ae9c-cdef4e03580d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1242 - Contingency Planning Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1242"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf3b3293-667a-445e-a722-fa0b0afc0958","type":"Microsoft.Authorization/policyDefinitions","name":"cf3b3293-667a-445e-a722-fa0b0afc0958"},{"properties":{"displayName":"Microsoft
+ Managed Control 1097 - Role-Based Security Training | Suspicious Communications
+ And Anomalous System Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1097"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf3e4836-f19e-47eb-a8cd-c3ca150452c0","type":"Microsoft.Authorization/policyDefinitions","name":"cf3e4836-f19e-47eb-a8cd-c3ca150452c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1424 - Maintenance Personnel | Individuals Without Appropriate
+ Access","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1424"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf55fc87-48e1-4676-a2f8-d9a8cf993283","type":"Microsoft.Authorization/policyDefinitions","name":"cf55fc87-48e1-4676-a2f8-d9a8cf993283"},{"properties":{"displayName":"Diagnostic
logs in Key Vault should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Key Vault"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","type":"Microsoft.Authorization/policyDefinitions","name":"cf820ca0-f99e-4f3e-84fb-66e913812d21"},{"properties":{"displayName":"Enforce
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","type":"Microsoft.Authorization/policyDefinitions","name":"cf820ca0-f99e-4f3e-84fb-66e913812d21"},{"properties":{"displayName":"Microsoft
+ Managed Control 1292 - Information System Backup | Test Restoration Using
+ Sampling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1292"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d03516cf-0293-489f-9b32-a18f2a79f836","type":"Microsoft.Authorization/policyDefinitions","name":"d03516cf-0293-489f-9b32-a18f2a79f836"},{"properties":{"displayName":"Microsoft
+ Managed Control 1724 - Error Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1724"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d07594d1-0307-4c08-94db-5d71ff31f0f6","type":"Microsoft.Authorization/policyDefinitions","name":"d07594d1-0307-4c08-94db-5d71ff31f0f6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1084 - Publicly Accessible Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1084"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d0eb15db-dd1c-4d1d-b200-b12dd6cd060c","type":"Microsoft.Authorization/policyDefinitions","name":"d0eb15db-dd1c-4d1d-b200-b12dd6cd060c"},{"properties":{"displayName":"Add
+ or replace a tag on resource groups","policyType":"BuiltIn","mode":"All","description":"Adds
+ or replaces the specified tag and value when any resource group is created
+ or updated. Existing resource groups can be remediated by triggering a remediation
+ task.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
+ Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","notEquals":"[parameters(''tagValue'')]"}]},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"addOrReplace","field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d157c373-a6c4-483d-aaad-570756956268","type":"Microsoft.Authorization/policyDefinitions","name":"d157c373-a6c4-483d-aaad-570756956268"},{"properties":{"displayName":"Enforce
SSL connection should be enabled for PostgreSQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any PostgreSQL server that is not enforcing SSL connection.
Azure Database for PostgreSQL prefers connecting your client applications
@@ -9862,11 +16456,30 @@ interactions:
connections between your database server and your client applications helps
protect against ''man-in-the-middle'' attacks by encrypting the data stream
between the server and your application","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","type":"Microsoft.Authorization/policyDefinitions","name":"d158790f-bfb0-486c-8631-2dc6b4e8e6af"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","type":"Microsoft.Authorization/policyDefinitions","name":"d158790f-bfb0-486c-8631-2dc6b4e8e6af"},{"properties":{"displayName":"Microsoft
+ Managed Control 1620 - Denial Of Service Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1620"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d17c826b-1dec-43e1-a984-7b71c446649c","type":"Microsoft.Authorization/policyDefinitions","name":"d17c826b-1dec-43e1-a984-7b71c446649c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1409 - Maintenance Tools | Prevent Unauthorized Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1409"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d1880188-e51a-4772-b2ab-68f5e8bd27f6","type":"Microsoft.Authorization/policyDefinitions","name":"d1880188-e51a-4772-b2ab-68f5e8bd27f6"},{"properties":{"displayName":"[Deprecated]:
Audit Function Apps that are not using custom domains","policyType":"BuiltIn","mode":"All","description":"Use
of custom domains protects a Function app from common attacks such as phishing
and other DNS-related attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c","type":"Microsoft.Authorization/policyDefinitions","name":"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c","type":"Microsoft.Authorization/policyDefinitions","name":"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1195 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1195"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d1e1d65c-1013-4484-bd54-991332e6a0d2","type":"Microsoft.Authorization/policyDefinitions","name":"d1e1d65c-1013-4484-bd54-991332e6a0d2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1721 - Spam Protection | Central Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1721"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a","type":"Microsoft.Authorization/policyDefinitions","name":"d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1106 - Audit Events | Reviews And Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1106"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d2b4feae-61ab-423f-a4c5-0e38ac4464d8","type":"Microsoft.Authorization/policyDefinitions","name":"d2b4feae-61ab-423f-a4c5-0e38ac4464d8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1030 - Information Flow Enforcement | Physical / Logical Separation
+ Of Information Flows","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1030"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d3531453-b869-4606-9122-29c1cd6e7ed1","type":"Microsoft.Authorization/policyDefinitions","name":"d3531453-b869-4606-9122-29c1cd6e7ed1"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs on which the DSC configuration is
not compliant","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows VMs on which
@@ -9876,21 +16489,127 @@ interactions:
Configuration. This policy should only be used along with its corresponding
audit policy in an initiative. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDscConfiguration","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDscConfiguration"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d38b4c26-9d2e-47d7-aefe-18d859a8706a","type":"Microsoft.Authorization/policyDefinitions","name":"d38b4c26-9d2e-47d7-aefe-18d859a8706a"},{"properties":{"displayName":"Show
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDscConfiguration","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDscConfiguration"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d38b4c26-9d2e-47d7-aefe-18d859a8706a","type":"Microsoft.Authorization/policyDefinitions","name":"d38b4c26-9d2e-47d7-aefe-18d859a8706a"},{"properties":{"displayName":"Long-term
+ geo-redundant backup should be enabled for Azure SQL Databases","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure SQL Database with long-term geo-redundant backup not
+ enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies","name":"default","existenceCondition":{"anyOf":[{"field":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies/weeklyRetention","notEquals":"PT0S"},{"field":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies/monthlyRetention","notEquals":"PT0S"},{"field":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies/yearlyRetention","notEquals":"PT0S"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","type":"Microsoft.Authorization/policyDefinitions","name":"d38fc420-0735-4ef3-ac11-c806f651a570"},{"properties":{"displayName":"Microsoft
+ Managed Control 1641 - Transmission Confidentiality And Integrity | Cryptographic
+ Or Alternate Physical Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1641"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d39d4f68-7346-4133-8841-15318a714a24","type":"Microsoft.Authorization/policyDefinitions","name":"d39d4f68-7346-4133-8841-15318a714a24"},{"properties":{"displayName":"Microsoft
+ Managed Control 1249 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1249"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d3bf4251-0818-42db-950b-afd5b25a51c2","type":"Microsoft.Authorization/policyDefinitions","name":"d3bf4251-0818-42db-950b-afd5b25a51c2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1562 - Allocation Of Resources","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1562"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d4142013-7964-4163-a313-a900301c2cef","type":"Microsoft.Authorization/policyDefinitions","name":"d4142013-7964-4163-a313-a900301c2cef"},{"properties":{"displayName":"Virtual
+ machines should be connected to an approved virtual network","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any virtual machine connected to a virtual network that is not
+ approved.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"virtualNetworkId":{"type":"String","metadata":{"displayName":"Virtual
+ network Id","description":"Resource Id of the virtual network. Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroupName/providers/Microsoft.Network/virtualNetworks/Name"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"not":{"field":"Microsoft.Network/networkInterfaces/ipconfigurations[*].subnet.id","like":"[concat(parameters(''virtualNetworkId''),''/*'')]"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d416745a-506c-48b6-8ab1-83cb814bcaa3","type":"Microsoft.Authorization/policyDefinitions","name":"d416745a-506c-48b6-8ab1-83cb814bcaa3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1383 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1383"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d4558451-e16a-4d2d-a066-fe12a6282bb9","type":"Microsoft.Authorization/policyDefinitions","name":"d4558451-e16a-4d2d-a066-fe12a6282bb9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1112 - Response To Audit Processing Failures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1112"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d530aad8-4ee2-45f4-b234-c061dae683c0","type":"Microsoft.Authorization/policyDefinitions","name":"d530aad8-4ee2-45f4-b234-c061dae683c0"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Data Lake Analytics to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Analytics to stream to a regional Log
+ Analytics workspace when any Data Lake Analytics which is missing this diagnostic
+ settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeAnalytics/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeAnalytics/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03","type":"Microsoft.Authorization/policyDefinitions","name":"d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03"},{"properties":{"displayName":"Microsoft
+ Managed Control 1585 - Security Engineering Principles","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1585"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d57f8732-5cdc-4cda-8d27-ab148e1f3a55","type":"Microsoft.Authorization/policyDefinitions","name":"d57f8732-5cdc-4cda-8d27-ab148e1f3a55"},{"properties":{"displayName":"Microsoft
+ Managed Control 1667 - System And Information Integrity Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1667"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d61880dc-6e38-4f2a-a30c-3406a98f8220","type":"Microsoft.Authorization/policyDefinitions","name":"d61880dc-6e38-4f2a-a30c-3406a98f8220"},{"properties":{"displayName":"Microsoft
+ Managed Control 1150 - Security Assessments | External Organizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1150"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d630429d-e763-40b1-8fba-d20ba7314afb","type":"Microsoft.Authorization/policyDefinitions","name":"d630429d-e763-40b1-8fba-d20ba7314afb"},{"properties":{"displayName":"Event
+ Hub should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Event Hub not configured to use a virtual network service
+ endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.EventHub/namespaces/virtualNetworkRules","existenceCondition":{"field":"Microsoft.EventHub/namespaces/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d63edb4a-c612-454d-b47d-191a724fcbf0","type":"Microsoft.Authorization/policyDefinitions","name":"d63edb4a-c612-454d-b47d-191a724fcbf0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1549 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1549"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d6976a08-d969-4df2-bb38-29556c2eb48a","type":"Microsoft.Authorization/policyDefinitions","name":"d6976a08-d969-4df2-bb38-29556c2eb48a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1473 - Emergency Power","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1473"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d7047705-d719-46a7-8bb0-76ad233eba71","type":"Microsoft.Authorization/policyDefinitions","name":"d7047705-d719-46a7-8bb0-76ad233eba71"},{"properties":{"displayName":"Microsoft
+ Managed Control 1529 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1529"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d74fdc92-1cb8-4a34-9978-8556425cd14c","type":"Microsoft.Authorization/policyDefinitions","name":"d74fdc92-1cb8-4a34-9978-8556425cd14c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1350 - Identification And Authentication (Non-Org. Users)
+ | Use Of FICAM-Issued Profiles","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1350"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d77fd943-6ba6-4a21-ba07-22b03e347cc4","type":"Microsoft.Authorization/policyDefinitions","name":"d77fd943-6ba6-4a21-ba07-22b03e347cc4"},{"properties":{"displayName":"Show
audit results from Windows Server VMs on which Windows Serial Console is not
enabled","policyType":"BuiltIn","mode":"All","description":"This policy should
only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
Server virtual machines on which Windows Serial Console is not enabled. For
more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsSerialConsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d7ccd0ca-8d78-42af-a43d-6b7f928accbc","type":"Microsoft.Authorization/policyDefinitions","name":"d7ccd0ca-8d78-42af-a43d-6b7f928accbc"},{"properties":{"displayName":"[Deprecated]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsSerialConsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d7ccd0ca-8d78-42af-a43d-6b7f928accbc","type":"Microsoft.Authorization/policyDefinitions","name":"d7ccd0ca-8d78-42af-a43d-6b7f928accbc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1016 - Account Management | Automated Audit Actions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1016"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d8b43277-512e-40c3-ab00-14b3b6e72238","type":"Microsoft.Authorization/policyDefinitions","name":"d8b43277-512e-40c3-ab00-14b3b6e72238"},{"properties":{"displayName":"Microsoft
+ Managed Control 1488 - Alternate Work Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1488"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d8ef30eb-a44f-47af-8524-ac19a36d41d2","type":"Microsoft.Authorization/policyDefinitions","name":"d8ef30eb-a44f-47af-8524-ac19a36d41d2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1577 - Acquisition Process | Continuous Monitoring Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1577"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d922484a-8cfc-4a6b-95a4-77d6a685407f","type":"Microsoft.Authorization/policyDefinitions","name":"d922484a-8cfc-4a6b-95a4-77d6a685407f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1271 - Alternate Storage Site | Accessibility","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1271"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/da3bfb53-9c46-4010-b3db-a7ba1296dada","type":"Microsoft.Authorization/policyDefinitions","name":"da3bfb53-9c46-4010-b3db-a7ba1296dada"},{"properties":{"displayName":"Microsoft
+ Managed Control 1516 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1516"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/da3cd269-156f-435b-b472-c3af34c032ed","type":"Microsoft.Authorization/policyDefinitions","name":"da3cd269-156f-435b-b472-c3af34c032ed"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Batch Account to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Batch Account to stream to a regional Event Hub
+ when any Batch Account which is missing this diagnostic settings is created
+ or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Batch/batchAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Batch/batchAccounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ServiceLog","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/db51110f-0865-4a6e-b274-e2e07a5b2cd7","type":"Microsoft.Authorization/policyDefinitions","name":"db51110f-0865-4a6e-b274-e2e07a5b2cd7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1277 - Alternate Processing Site | Priority Of Service","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1277"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dc43e829-3d50-4a0a-aa0f-428d551862aa","type":"Microsoft.Authorization/policyDefinitions","name":"dc43e829-3d50-4a0a-aa0f-428d551862aa"},{"properties":{"displayName":"Microsoft
+ Managed Control 1439 - Media Sanitization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1439"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dce72873-c5f1-47c3-9b4f-6b8207fd5a45","type":"Microsoft.Authorization/policyDefinitions","name":"dce72873-c5f1-47c3-9b4f-6b8207fd5a45"},{"properties":{"displayName":"Microsoft
+ Managed Control 1264 - Contingency Plan Testing | Coordinate With Related
+ Plans","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1264"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd280d4b-50a1-42fb-a479-ece5878acf19","type":"Microsoft.Authorization/policyDefinitions","name":"dd280d4b-50a1-42fb-a479-ece5878acf19"},{"properties":{"displayName":"[Deprecated]:
Audit Web Applications that are not using custom domains","policyType":"BuiltIn","mode":"All","description":"Use
of custom domains protects a web application from common attacks such as phishing
and other DNS-related attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -9902,7 +16621,23 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''System Audit Policies - Policy Change''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPolicyChange","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd4680ed-0559-4a6a-ad10-081d14cbb484","type":"Microsoft.Authorization/policyDefinitions","name":"dd4680ed-0559-4a6a-ad10-081d14cbb484"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPolicyChange","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd4680ed-0559-4a6a-ad10-081d14cbb484","type":"Microsoft.Authorization/policyDefinitions","name":"dd4680ed-0559-4a6a-ad10-081d14cbb484"},{"properties":{"displayName":"Microsoft
+ Managed Control 1715 - Software, Firmware, And Information Integrity | Automated
+ Response To Integrity Violations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1715"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd469ae0-71a8-4adc-aafc-de6949ca3339","type":"Microsoft.Authorization/policyDefinitions","name":"dd469ae0-71a8-4adc-aafc-de6949ca3339"},{"properties":{"displayName":"Microsoft
+ Managed Control 1678 - Malicious Code Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1678"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd533cb0-b416-4be7-8e86-4d154824dfd7","type":"Microsoft.Authorization/policyDefinitions","name":"dd533cb0-b416-4be7-8e86-4d154824dfd7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1391 - Information Spillage Response | Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1391"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd6ac1a1-660e-4810-baa8-74e868e2ed47","type":"Microsoft.Authorization/policyDefinitions","name":"dd6ac1a1-660e-4810-baa8-74e868e2ed47"},{"properties":{"displayName":"Microsoft
+ Managed Control 1146 - Security Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1146"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd83410c-ecb6-4547-8f14-748c3cbdc7ac","type":"Microsoft.Authorization/policyDefinitions","name":"dd83410c-ecb6-4547-8f14-748c3cbdc7ac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1602 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1602"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ddae2e97-a449-499f-a1c8-aea4a7e52ec9","type":"Microsoft.Authorization/policyDefinitions","name":"ddae2e97-a449-499f-a1c8-aea4a7e52ec9"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Settings
- Account Policies''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -9927,9 +16662,26 @@ interactions:
''='', parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsRecoveryconsole"},"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Recovery
console: Allow floppy copy and access to all drives and all folders;ExpectedValue","value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b","type":"Microsoft.Authorization/policyDefinitions","name":"ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b"},{"properties":{"displayName":"Allow
- resource creation only in Japan data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
- resource creation in the following locations only: Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697","type":"Microsoft.Authorization/policyDefinitions","name":"e01598e8-6538-41ed-95e8-8b29746cd697"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b","type":"Microsoft.Authorization/policyDefinitions","name":"ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1689 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1689"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/de901f2f-a01a-4456-97f0-33cda7966172","type":"Microsoft.Authorization/policyDefinitions","name":"de901f2f-a01a-4456-97f0-33cda7966172"},{"properties":{"displayName":"Microsoft
+ Managed Control 1528 - Access Agreements","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1528"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/deb9797c-22f8-40e8-b342-a84003c924e6","type":"Microsoft.Authorization/policyDefinitions","name":"deb9797c-22f8-40e8-b342-a84003c924e6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1673 - Flaw Remediation | Automated Flaw Remediation Status","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1673"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dff0b90d-5a6f-491c-b2f8-b90aa402d844","type":"Microsoft.Authorization/policyDefinitions","name":"dff0b90d-5a6f-491c-b2f8-b90aa402d844"},{"properties":{"displayName":"[Deprecated]:
+ Allow resource creation only in Japan data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ resource creation in the following locations only: Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697","type":"Microsoft.Authorization/policyDefinitions","name":"e01598e8-6538-41ed-95e8-8b29746cd697"},{"properties":{"displayName":"Cosmos
+ DB should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Cosmos DB not configured to use a virtual network service
+ endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"field":"Microsoft.DocumentDB/databaseAccounts/virtualNetworkRules[*].id","exists":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9","type":"Microsoft.Authorization/policyDefinitions","name":"e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1206 - Access Restrictions For Change | Limit Production /
+ Operational Privileges","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1206"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0de232d-02a0-4652-872d-88afb4ae5e91","type":"Microsoft.Authorization/policyDefinitions","name":"e0de232d-02a0-4652-872d-88afb4ae5e91"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that do not have the specified Windows
PowerShell execution policy","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -9940,18 +16692,43 @@ interactions:
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"ExecutionPolicy":{"type":"String","metadata":{"displayName":"PowerShell
Execution Policy","description":"The expected PowerShell execution policy."},"allowedValues":["AllSigned","Bypass","Default","RemoteSigned","Restricted","Undefined","Unrestricted"]}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellExecutionPolicy","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[PowerShellExecutionPolicy]PowerShellExecutionPolicy1;ExecutionPolicy'',
- ''='', parameters(''ExecutionPolicy'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPowerShellExecutionPolicy"},"ExecutionPolicy":{"value":"[parameters(''ExecutionPolicy'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ExecutionPolicy":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellExecutionPolicy]PowerShellExecutionPolicy1;ExecutionPolicy","value":"[parameters(''ExecutionPolicy'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellExecutionPolicy]PowerShellExecutionPolicy1;ExecutionPolicy","value":"[parameters(''ExecutionPolicy'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0efc13a-122a-47c5-b817-2ccfe5d12615","type":"Microsoft.Authorization/policyDefinitions","name":"e0efc13a-122a-47c5-b817-2ccfe5d12615"},{"properties":{"displayName":"Vulnerabilities
+ ''='', parameters(''ExecutionPolicy'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPowerShellExecutionPolicy"},"ExecutionPolicy":{"value":"[parameters(''ExecutionPolicy'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ExecutionPolicy":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellExecutionPolicy]PowerShellExecutionPolicy1;ExecutionPolicy","value":"[parameters(''ExecutionPolicy'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellExecutionPolicy]PowerShellExecutionPolicy1;ExecutionPolicy","value":"[parameters(''ExecutionPolicy'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0efc13a-122a-47c5-b817-2ccfe5d12615","type":"Microsoft.Authorization/policyDefinitions","name":"e0efc13a-122a-47c5-b817-2ccfe5d12615"},{"properties":{"displayName":"Microsoft
+ Managed Control 1714 - Software, Firmware, And Information Integrity | Automated
+ Notifications Of Integrity Violations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1714"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e12494fa-b81e-4080-af71-7dbacc2da0ec","type":"Microsoft.Authorization/policyDefinitions","name":"e12494fa-b81e-4080-af71-7dbacc2da0ec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1686 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1686"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e17085c5-0be8-4423-b39b-a52d3d1402e5","type":"Microsoft.Authorization/policyDefinitions","name":"e17085c5-0be8-4423-b39b-a52d3d1402e5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1722 - Spam Protection | Automatic Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1722"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1da06bd-25b6-4127-a301-c313d6873fff","type":"Microsoft.Authorization/policyDefinitions","name":"e1da06bd-25b6-4127-a301-c313d6873fff"},{"properties":{"displayName":"Vulnerabilities
in security configuration on your machines should be remediated","policyType":"BuiltIn","mode":"All","description":"Servers
which do not satisfy the configured baseline will be monitored by Azure Security
Center as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"osVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","type":"Microsoft.Authorization/policyDefinitions","name":"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"osVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","type":"Microsoft.Authorization/policyDefinitions","name":"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15"},{"properties":{"displayName":"Microsoft
+ Managed Control 1047 - System Use Notification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1047"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62","type":"Microsoft.Authorization/policyDefinitions","name":"e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62"},{"properties":{"displayName":"Microsoft
+ Managed Control 1276 - Alternate Processing Site | Accessibility","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1276"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e214e563-1206-4a43-a56b-ac5880c9c571","type":"Microsoft.Authorization/policyDefinitions","name":"e214e563-1206-4a43-a56b-ac5880c9c571"},{"properties":{"displayName":"Microsoft
+ Managed Control 1560 - System And Services Acquisition Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1560"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e29e0915-5c2f-4d09-8806-048b749ad763","type":"Microsoft.Authorization/policyDefinitions","name":"e29e0915-5c2f-4d09-8806-048b749ad763"},{"properties":{"displayName":"Ensure
+ that ''HTTP Version'' is the latest, if used to run the Function app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for HTTP either due to security flaws or to include
+ additional functionality. Using the latest HTTP version for web apps to take
+ advantage of security fixes, if any, and/or new functionalities of the newer
+ version.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.http20Enabled","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c","type":"Microsoft.Authorization/policyDefinitions","name":"e2c1c086-2d84-4019-bff3-c44ccd95113c"},{"properties":{"displayName":"[Preview]:
Audit Dependency Agent Deployment in VMSS - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports
VMSS as non-compliant if the VM Image (OS) is not in the list defined and
the agent is not installed. The list of OS images will be updated over time
@@ -9959,7 +16736,19 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10","type":"Microsoft.Authorization/policyDefinitions","name":"e2dd799a-a932-4e9d-ac17-d473bc3c6c10"},{"properties":{"displayName":"MFA
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10","type":"Microsoft.Authorization/policyDefinitions","name":"e2dd799a-a932-4e9d-ac17-d473bc3c6c10"},{"properties":{"displayName":"Microsoft
+ Managed Control 1161 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1161"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2f8f6c6-dde4-436b-a79d-bc50e129eb3a","type":"Microsoft.Authorization/policyDefinitions","name":"e2f8f6c6-dde4-436b-a79d-bc50e129eb3a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1387 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1387"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3007185-3857-43a9-8237-06ca94f1084c","type":"Microsoft.Authorization/policyDefinitions","name":"e3007185-3857-43a9-8237-06ca94f1084c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1479 - Fire Protection | Automatic Fire Suppression","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1479"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e327b072-281d-4f75-9c28-4216e5d72f26","type":"Microsoft.Authorization/policyDefinitions","name":"e327b072-281d-4f75-9c28-4216e5d72f26"},{"properties":{"displayName":"Azure
+ VPN gateways should not use ''basic'' SKU","policyType":"BuiltIn","mode":"All","description":"This
+ policy ensures that VPN gateways do not use ''basic'' SKU.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/virtualNetworkGateways"},{"field":"Microsoft.Network/virtualNetworkGateways/gatewayType","equals":"Vpn"},{"field":"Microsoft.Network/virtualNetworkGateways/sku.tier","equals":"Basic"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e345b6c3-24bd-4c93-9bbb-7e5e49a17b78","type":"Microsoft.Authorization/policyDefinitions","name":"e345b6c3-24bd-4c93-9bbb-7e5e49a17b78"},{"properties":{"displayName":"MFA
should be enabled on accounts with read permissions on your subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor
Authentication (MFA) should be enabled for all subscription accounts with
read privileges to prevent a breach of accounts or resources.","metadata":{"category":"Security
@@ -10007,7 +16796,13 @@ interactions:
password age;ExpectedValue","value":"[parameters(''MinimumPasswordAge'')]"},{"name":"Minimum
password length;ExpectedValue","value":"[parameters(''MinimumPasswordLength'')]"},{"name":"Password
must meet complexity requirements;ExpectedValue","value":"[parameters(''PasswordMustMeetComplexityRequirements'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3d95ab7-f47a-49d8-a347-784177b6c94c","type":"Microsoft.Authorization/policyDefinitions","name":"e3d95ab7-f47a-49d8-a347-784177b6c94c"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3d95ab7-f47a-49d8-a347-784177b6c94c","type":"Microsoft.Authorization/policyDefinitions","name":"e3d95ab7-f47a-49d8-a347-784177b6c94c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1451 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1451"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3f1e5a3-25c1-4476-8cb6-3955031f8e65","type":"Microsoft.Authorization/policyDefinitions","name":"e3f1e5a3-25c1-4476-8cb6-3955031f8e65"},{"properties":{"displayName":"Microsoft
+ Managed Control 1357 - Incident Response Training | Automated Training Environments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1357"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e4213689-05e8-4241-9d4e-8dd1cdafd105","type":"Microsoft.Authorization/policyDefinitions","name":"e4213689-05e8-4241-9d4e-8dd1cdafd105"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- User Account Control''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -10039,14 +16834,36 @@ interactions:
Approval Mode;ExpectedValue","value":"[parameters(''UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode'')]"},{"name":"User
Account Control: Detect application installations and prompt for elevation;ExpectedValue","value":"[parameters(''UACDetectApplicationInstallationsAndPromptForElevation'')]"},{"name":"User
Account Control: Run all administrators in Admin Approval Mode;ExpectedValue","value":"[parameters(''UACRunAllAdministratorsInAdminApprovalMode'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e425e402-a050-45e5-b010-bd3f934589fc","type":"Microsoft.Authorization/policyDefinitions","name":"e425e402-a050-45e5-b010-bd3f934589fc"},{"properties":{"displayName":"Allowed
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e425e402-a050-45e5-b010-bd3f934589fc","type":"Microsoft.Authorization/policyDefinitions","name":"e425e402-a050-45e5-b010-bd3f934589fc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1340 - Authenticator Management | No Embedded Unencrypted
+ Static Authenticators","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1340"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e51ff84b-e5ea-408f-b651-2ecc2933e4c6","type":"Microsoft.Authorization/policyDefinitions","name":"e51ff84b-e5ea-408f-b651-2ecc2933e4c6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1381 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1381"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e5368258-9684-4567-8126-269f34e65eab","type":"Microsoft.Authorization/policyDefinitions","name":"e5368258-9684-4567-8126-269f34e65eab"},{"properties":{"displayName":"Microsoft
+ Managed Control 1421 - Maintenance Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1421"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e539caaa-da8c-41b8-9e1e-449851e2f7a6","type":"Microsoft.Authorization/policyDefinitions","name":"e539caaa-da8c-41b8-9e1e-449851e2f7a6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1716 - Software, Firmware, And Information Integrity | Integration
+ Of Detection And Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1716"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e54c325e-42a0-4dcf-b105-046e0f6f590f","type":"Microsoft.Authorization/policyDefinitions","name":"e54c325e-42a0-4dcf-b105-046e0f6f590f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1023 - Account Management | Usage Conditions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1023"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e55698b6-3dea-4aa9-99b9-d8218c6ab6e5","type":"Microsoft.Authorization/policyDefinitions","name":"e55698b6-3dea-4aa9-99b9-d8218c6ab6e5"},{"properties":{"displayName":"Allowed
locations","policyType":"BuiltIn","mode":"Indexed","description":"This policy
enables you to restrict the locations your organization can specify when deploying
resources. Use to enforce your geo-compliance requirements. Excludes resource
groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources that
use the ''global'' region.","metadata":{"category":"General"},"parameters":{"listOfAllowedLocations":{"type":"Array","metadata":{"description":"The
list of locations that can be specified when deploying resources.","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"allOf":[{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"},{"field":"location","notEquals":"global"},{"field":"type","notEquals":"Microsoft.AzureActiveDirectory/b2cDirectories"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","type":"Microsoft.Authorization/policyDefinitions","name":"e56962a6-4747-49cd-b67b-bf8b01975c4c"},{"properties":{"displayName":"[Preview]:
+ locations"}}},"policyRule":{"if":{"allOf":[{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"},{"field":"location","notEquals":"global"},{"field":"type","notEquals":"Microsoft.AzureActiveDirectory/b2cDirectories"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","type":"Microsoft.Authorization/policyDefinitions","name":"e56962a6-4747-49cd-b67b-bf8b01975c4c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1296 - Information System Recovery And Reconstitution | Transaction
+ Recovery","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1296"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e57b98a0-a011-4956-a79d-5d17ed8b8e48","type":"Microsoft.Authorization/policyDefinitions","name":"e57b98a0-a011-4956-a79d-5d17ed8b8e48"},{"properties":{"displayName":"Microsoft
+ Managed Control 1499 - Rules Of Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1499"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e59671ab-9720-4ee2-9c60-170e8c82251e","type":"Microsoft.Authorization/policyDefinitions","name":"e59671ab-9720-4ee2-9c60-170e8c82251e"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Accounts''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -10066,29 +16883,49 @@ interactions:
the latest supported Node.js version for the latest security classes. Using
older classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestNodeJS","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008","type":"Microsoft.Authorization/policyDefinitions","name":"e67687e8-08d5-4e7f-8226-5b4753bba008"},{"properties":{"displayName":"Subnets
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestNodeJS","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008","type":"Microsoft.Authorization/policyDefinitions","name":"e67687e8-08d5-4e7f-8226-5b4753bba008"},{"properties":{"displayName":"Microsoft
+ Managed Control 1465 - Monitoring Physical Access | Monitoring Physical Access
+ To Information Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1465"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e6e41554-86b5-4537-9f7f-4fc41a1d1640","type":"Microsoft.Authorization/policyDefinitions","name":"e6e41554-86b5-4537-9f7f-4fc41a1d1640"},{"properties":{"displayName":"Subnets
should be associated with a Network Security Group","policyType":"BuiltIn","mode":"All","description":"Protect
your subnet from potential threats by restricting access to it with a Network
Security Group (NSG). NSGs contain a list of Access Control List (ACL) rules
that allow or deny network traffic to your subnet.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnSubnets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","type":"Microsoft.Authorization/policyDefinitions","name":"e71308d3-144b-4262-b144-efdc3cc90517"},{"properties":{"displayName":"Advanced
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnSubnets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","type":"Microsoft.Authorization/policyDefinitions","name":"e71308d3-144b-4262-b144-efdc3cc90517"},{"properties":{"displayName":"Microsoft
+ Managed Control 1567 - System Development Life Cycle","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1567"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e72edbf6-aa61-436d-a227-0f32b77194b3","type":"Microsoft.Authorization/policyDefinitions","name":"e72edbf6-aa61-436d-a227-0f32b77194b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1311 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1311"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e7568697-0c9e-4ea3-9cec-9e567d14f3c6","type":"Microsoft.Authorization/policyDefinitions","name":"e7568697-0c9e-4ea3-9cec-9e567d14f3c6"},{"properties":{"displayName":"Advanced
Threat Protection types should be set to ''All'' in SQL server Advanced Data
Security settings","policyType":"BuiltIn","mode":"Indexed","description":"It
is recommended to enable all Advanced Threat Protection types on your SQL
servers. Enabling all types protects against SQL injection, database vulnerabilities,
and any other anomalous activities.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/disabledAlerts[*]","equals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","type":"Microsoft.Authorization/policyDefinitions","name":"e756b945-1b1b-480b-8de8-9a0859d5f7ad"},{"properties":{"displayName":"Allowed
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/disabledAlerts[*]","equals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","type":"Microsoft.Authorization/policyDefinitions","name":"e756b945-1b1b-480b-8de8-9a0859d5f7ad"},{"properties":{"displayName":"Microsoft
+ Managed Control 1154 - System Interconnections | Unclassified Non-National
+ Security System Connections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1154"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e757ceb9-93b3-45fe-a4f4-f43f64f1ac5a","type":"Microsoft.Authorization/policyDefinitions","name":"e757ceb9-93b3-45fe-a4f4-f43f64f1ac5a"},{"properties":{"displayName":"Allowed
locations for resource groups","policyType":"BuiltIn","mode":"All","description":"This
policy enables you to restrict the locations your organization can create
resource groups in. Use to enforce your geo-compliance requirements.","metadata":{"category":"General"},"parameters":{"listOfAllowedLocations":{"type":"Array","metadata":{"description":"The
list of locations that resource groups can be created in.","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"allOf":[{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"},{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988","type":"Microsoft.Authorization/policyDefinitions","name":"e765b5de-1225-4ba3-bd56-1ac6695af988"},{"properties":{"displayName":"[Deprecated]:
+ locations"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988","type":"Microsoft.Authorization/policyDefinitions","name":"e765b5de-1225-4ba3-bd56-1ac6695af988"},{"properties":{"displayName":"Microsoft
+ Managed Control 1273 - Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1273"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e77fcbf2-a1e8-44f1-860e-ed6583761e65","type":"Microsoft.Authorization/policyDefinitions","name":"e77fcbf2-a1e8-44f1-860e-ed6583761e65"},{"properties":{"displayName":"[Deprecated]:
Audit Web Sockets state for a Web Application","policyType":"BuiltIn","mode":"All","description":"The
Web Sockets protocol is vulnerable to different types of security threats.
Use of Web Sockets within a web application must be carefully reviewed.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e","type":"Microsoft.Authorization/policyDefinitions","name":"e797f851-8be7-4c40-bb56-2e3395215b0e"},{"properties":{"displayName":"Enforce
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e","type":"Microsoft.Authorization/policyDefinitions","name":"e797f851-8be7-4c40-bb56-2e3395215b0e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1169 - Continuous Monitoring | Trend Analyses","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1169"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e7ba2cb3-5675-4468-8b50-8486bdd998a5","type":"Microsoft.Authorization/policyDefinitions","name":"e7ba2cb3-5675-4468-8b50-8486bdd998a5"},{"properties":{"displayName":"Enforce
SSL connection should be enabled for MySQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any MySQL server that is not enforcing SSL connection. Azure
Database for MySQL supports connecting your Azure Database for MySQL server
@@ -10096,16 +16933,97 @@ interactions:
between your database server and your client applications helps protect against
''man in the middle'' attacks by encrypting the data stream between the server
and your application.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMySQL/servers"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","type":"Microsoft.Authorization/policyDefinitions","name":"e802a67a-daf5-4436-9ea6-f6d821dd0c5d"},{"properties":{"displayName":"Vulnerabilities
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMySQL/servers"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","type":"Microsoft.Authorization/policyDefinitions","name":"e802a67a-daf5-4436-9ea6-f6d821dd0c5d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1237 - Software Usage Restrictions | Open Source Software","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1237"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e80b6812-0bfa-4383-8223-cdd86a46a890","type":"Microsoft.Authorization/policyDefinitions","name":"e80b6812-0bfa-4383-8223-cdd86a46a890"},{"properties":{"displayName":"Vulnerabilities
in container security configurations should be remediated","policyType":"BuiltIn","mode":"All","description":"Audit
vulnerabilities in security configuration on machines with Docker installed
and display as recommendations in Azure Security Center.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ContainerBenchmark","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","type":"Microsoft.Authorization/policyDefinitions","name":"e8cbc669-f12d-49eb-93e7-9273119e9933"},{"properties":{"displayName":"Remote
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ContainerBenchmark","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","type":"Microsoft.Authorization/policyDefinitions","name":"e8cbc669-f12d-49eb-93e7-9273119e9933"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Data Lake Storage Gen1 to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Storage Gen1 to stream to a regional
+ Event Hub when any Data Lake Storage Gen1 which is missing this diagnostic
+ settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeStore/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e8d096bc-85de-4c5f-8cfb-857bd1b9d62d","type":"Microsoft.Authorization/policyDefinitions","name":"e8d096bc-85de-4c5f-8cfb-857bd1b9d62d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1626 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1626"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e8f6bddd-6d67-439a-88d4-c5fe39a79341","type":"Microsoft.Authorization/policyDefinitions","name":"e8f6bddd-6d67-439a-88d4-c5fe39a79341"},{"properties":{"displayName":"Microsoft
+ Managed Control 1502 - Rules Of Behavior | Social Media And Networking Restrictions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1502"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e901375c-8f01-4ac8-9183-d5312f47fe63","type":"Microsoft.Authorization/policyDefinitions","name":"e901375c-8f01-4ac8-9183-d5312f47fe63"},{"properties":{"displayName":"Microsoft
+ Managed Control 1723 - Information Input Validation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1723"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e91927a0-ac1d-44a0-95f8-5185f9dfce9f","type":"Microsoft.Authorization/policyDefinitions","name":"e91927a0-ac1d-44a0-95f8-5185f9dfce9f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1200 - Security Impact Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1200"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e98fe9d7-2ed3-44f8-93b7-24dca69783ff","type":"Microsoft.Authorization/policyDefinitions","name":"e98fe9d7-2ed3-44f8-93b7-24dca69783ff"},{"properties":{"displayName":"Microsoft
+ Managed Control 1487 - Alternate Work Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1487"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e9c3371d-c30c-4f58-abd9-30b8a8199571","type":"Microsoft.Authorization/policyDefinitions","name":"e9c3371d-c30c-4f58-abd9-30b8a8199571"},{"properties":{"displayName":"Remote
debugging should be turned off for API Apps","policyType":"BuiltIn","mode":"Indexed","description":"Remote
debugging requires inbound ports to be opened on an API apps. Remote debugging
should be turned off.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","type":"Microsoft.Authorization/policyDefinitions","name":"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e"},{"properties":{"displayName":"Deprecated
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","type":"Microsoft.Authorization/policyDefinitions","name":"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1363 - Incident Handling | Automated Incident Handling Processes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1363"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ea3e8156-89a1-45b1-8bd6-938abc79fdfd","type":"Microsoft.Authorization/policyDefinitions","name":"ea3e8156-89a1-45b1-8bd6-938abc79fdfd"},{"properties":{"displayName":"Inherit
+ a tag from the resource group if missing","policyType":"BuiltIn","mode":"Indexed","description":"Adds
+ the specified tag with its value from the parent resource group when any resource
+ missing this tag is created or updated. Existing resources can be remediated
+ by triggering a remediation task. If the tag exists with a different value
+ it will not be changed.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"allOf":[{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","exists":"false"},{"value":"[resourceGroup().tags[parameters(''tagName'')]]","notEquals":""}]},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"add","field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","value":"[resourceGroup().tags[parameters(''tagName'')]]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ea3f2387-9b95-492a-a190-fcdc54f7b070","type":"Microsoft.Authorization/policyDefinitions","name":"ea3f2387-9b95-492a-a190-fcdc54f7b070"},{"properties":{"displayName":"Key
+ Vault should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Key Vault not configured to use a virtual network service
+ endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"anyOf":[{"field":"Microsoft.KeyVault/vaults/networkAcls.defaultAction","notEquals":"Deny"},{"field":"Microsoft.KeyVault/vaults/networkAcls.virtualNetworkRules[*].id","exists":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ea4d6841-2173-4317-9747-ff522a45120f","type":"Microsoft.Authorization/policyDefinitions","name":"ea4d6841-2173-4317-9747-ff522a45120f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1422 - Maintenance Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1422"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ea556850-838d-4a37-8ce5-9d7642f95e11","type":"Microsoft.Authorization/policyDefinitions","name":"ea556850-838d-4a37-8ce5-9d7642f95e11"},{"properties":{"displayName":"Microsoft
+ Managed Control 1542 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1542"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eab340d0-3d55-4826-a0e5-feebfeb0131d","type":"Microsoft.Authorization/policyDefinitions","name":"eab340d0-3d55-4826-a0e5-feebfeb0131d"},{"properties":{"displayName":"Ensure
+ Function app has ''Client Certificates (Incoming client certificates)'' set
+ to ''On''","policyType":"BuiltIn","mode":"Indexed","description":"Client certificates
+ allow for the app to request a certificate for incoming requests. Only clients
+ that have a valid certificate will be able to reach the app.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"},{"field":"Microsoft.Web/sites/clientCertEnabled","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c","type":"Microsoft.Authorization/policyDefinitions","name":"eaebaea7-8013-4ceb-9d14-7eb32271373c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1064 - Remote Access | Privileged Commands / Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1064"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eb4d9508-cbf0-4a3c-bb5c-6c95b159f3fb","type":"Microsoft.Authorization/policyDefinitions","name":"eb4d9508-cbf0-4a3c-bb5c-6c95b159f3fb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1321 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1321"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eb627cc6-3a9d-46b5-96b7-5fca49178a37","type":"Microsoft.Authorization/policyDefinitions","name":"eb627cc6-3a9d-46b5-96b7-5fca49178a37"},{"properties":{"displayName":"Log
+ checkpoints should be enabled for PostgreSQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy helps audit any PostgreSQL databases in your environment without log_checkpoints
+ setting enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"log_checkpoints","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d","type":"Microsoft.Authorization/policyDefinitions","name":"eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d"},{"properties":{"displayName":"Log
+ connections should be enabled for PostgreSQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy helps audit any PostgreSQL databases in your environment without log_connections
+ setting enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"log_connections","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e442","type":"Microsoft.Authorization/policyDefinitions","name":"eb6f77b9-bd53-4e35-a23d-7f65d5f0e442"},{"properties":{"displayName":"Disconnections
+ should be logged for PostgreSQL database servers.","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy helps audit any PostgreSQL databases in your environment without log_disconnections
+ enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"log_disconnections","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e446","type":"Microsoft.Authorization/policyDefinitions","name":"eb6f77b9-bd53-4e35-a23d-7f65d5f0e446"},{"properties":{"displayName":"Log
+ duration should be enabled for PostgreSQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy helps audit any PostgreSQL databases in your environment without log_duration
+ setting enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"log_duration","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e8f3","type":"Microsoft.Authorization/policyDefinitions","name":"eb6f77b9-bd53-4e35-a23d-7f65d5f0e8f3"},{"properties":{"displayName":"Deprecated
accounts with owner permissions should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"Deprecated
accounts with owner permissions should be removed from your subscription. Deprecated
accounts are accounts that have been blocked from signing in.","metadata":{"category":"Security
@@ -10119,13 +17037,13 @@ interactions:
Configuration. This policy should only be used along with its corresponding
audit policy in an initiative. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid110"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid110"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","type":"Microsoft.Authorization/policyDefinitions","name":"ec49586f-4939-402d-a29e-6ff502b20592"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Administrative
Templates - Control Panel''","policyType":"BuiltIn","mode":"Indexed","description":"This
@@ -10137,7 +17055,13 @@ interactions:
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesControlPanel","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_AdministrativeTemplatesControlPanel"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ec7ac234-2af5-4729-94d2-c557c071799d","type":"Microsoft.Authorization/policyDefinitions","name":"ec7ac234-2af5-4729-94d2-c557c071799d"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ec7ac234-2af5-4729-94d2-c557c071799d","type":"Microsoft.Authorization/policyDefinitions","name":"ec7ac234-2af5-4729-94d2-c557c071799d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1241 - User-Installed Software | Alerts For Unauthorized Installations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1241"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eca4d7b2-65e2-4e04-95d4-c68606b063c3","type":"Microsoft.Authorization/policyDefinitions","name":"eca4d7b2-65e2-4e04-95d4-c68606b063c3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1622 - Boundary Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1622"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ecf56554-164d-499a-8d00-206b07c27bed","type":"Microsoft.Authorization/policyDefinitions","name":"ecf56554-164d-499a-8d00-206b07c27bed"},{"properties":{"displayName":"Deploy
Diagnostic Settings for Key Vault to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
the diagnostic settings for Key Vault to stream to a regional Event Hub when
any Key Vault which is missing this diagnostic settings is created or updated.","metadata":{"category":"Key
@@ -10153,12 +17077,78 @@ interactions:
logs","description":"Whether to enable logs stream to the Event Hub - True
or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vaultName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"resources":[{"type":"Microsoft.KeyVault/vaults/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''vaultName''),
''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"AuditEvent","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- diagnostic settings for '', parameters(''vaultName''))]"}}},"parameters":{"location":{"value":"[field(''location'')]"},"vaultName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ed7c8c13-51e7-49d1-8a43-8490431a0da2","type":"Microsoft.Authorization/policyDefinitions","name":"ed7c8c13-51e7-49d1-8a43-8490431a0da2"},{"properties":{"displayName":"Vulnerability
+ diagnostic settings for '', parameters(''vaultName''))]"}}},"parameters":{"location":{"value":"[field(''location'')]"},"vaultName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ed7c8c13-51e7-49d1-8a43-8490431a0da2","type":"Microsoft.Authorization/policyDefinitions","name":"ed7c8c13-51e7-49d1-8a43-8490431a0da2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1217 - Least Functionality | Periodic Review","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1217"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/edea4f20-b02c-4115-be75-86c080e5c0ed","type":"Microsoft.Authorization/policyDefinitions","name":"edea4f20-b02c-4115-be75-86c080e5c0ed"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Stream Analytics to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Stream Analytics to stream to a regional Event
+ Hub when any Stream Analytics which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingjobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.StreamAnalytics/streamingjobs/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Execution","enabled":"[parameters(''logsEnabled'')]"},{"category":"Authoring","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/edf3780c-3d70-40fe-b17e-ab72013dafca","type":"Microsoft.Authorization/policyDefinitions","name":"edf3780c-3d70-40fe-b17e-ab72013dafca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1189 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1189"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ee45e02a-4140-416c-82c4-fecfea660b9d","type":"Microsoft.Authorization/policyDefinitions","name":"ee45e02a-4140-416c-82c4-fecfea660b9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1089 - Security Awareness Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1089"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef080e67-0d1a-4f76-a0c5-fb9b0358485e","type":"Microsoft.Authorization/policyDefinitions","name":"ef080e67-0d1a-4f76-a0c5-fb9b0358485e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1314 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1314"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef0c8530-efd9-45b8-b753-f03083d06295","type":"Microsoft.Authorization/policyDefinitions","name":"ef0c8530-efd9-45b8-b753-f03083d06295"},{"properties":{"displayName":"Microsoft
+ Managed Control 1128 - Time Stamps","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1128"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef212163-3bc4-4e86-bcf8-705127086393","type":"Microsoft.Authorization/policyDefinitions","name":"ef212163-3bc4-4e86-bcf8-705127086393"},{"properties":{"displayName":"Vulnerability
assessment should be enabled on your SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"Audit
Azure SQL servers which do not have recurring vulnerability assessment scans
enabled. Vulnerability assessment can discover, track, and help you remediate
potential database vulnerabilities.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/vulnerabilityAssessments/recurringScans.isEnabled","equals":"True"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","type":"Microsoft.Authorization/policyDefinitions","name":"ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Event Hub to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Event Hub to stream to a regional Event Hub when
+ any Event Hub which is missing this diagnostic settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.EventHub/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ArchiveLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"AutoScaleLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"KafkaCoordinatorLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"EventHubVNetConnectionEvent","enabled":"[parameters(''logsEnabled'')]"},{"category":"CustomerManagedKeyUserLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef7b61ef-b8e4-4c91-8e78-6946c6b0023f","type":"Microsoft.Authorization/policyDefinitions","name":"ef7b61ef-b8e4-4c91-8e78-6946c6b0023f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1472 - Emergency Shutoff","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1472"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef869332-921d-4c28-9402-3be73e6e50c8","type":"Microsoft.Authorization/policyDefinitions","name":"ef869332-921d-4c28-9402-3be73e6e50c8"},{"properties":{"displayName":"The
+ Log Analytics agent should be installed on Virtual Machine Scale Sets","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Windows/Linux Virtual Machine Scale Sets if the Log Analytics
+ agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","in":["MicrosoftMonitoringAgent","OmsAgentForLinux"]},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/provisioningState","equals":"Succeeded"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/settings.workspaceId","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf","type":"Microsoft.Authorization/policyDefinitions","name":"efbde977-ba53-4479-b8e9-10b957924fbf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1012 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1012"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/efd7b9ae-1db6-4eb6-b0fe-87e6565f9738","type":"Microsoft.Authorization/policyDefinitions","name":"efd7b9ae-1db6-4eb6-b0fe-87e6565f9738"},{"properties":{"displayName":"Microsoft
+ Managed Control 1358 - Incident Response Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1358"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/effbaeef-5bf4-400d-895e-ef8cbc0e64c7","type":"Microsoft.Authorization/policyDefinitions","name":"effbaeef-5bf4-400d-895e-ef8cbc0e64c7"},{"properties":{"displayName":"Ensure
+ that Register with Azure Active Directory is enabled on Function App","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0473e7a-a1ba-4e86-afb2-e829e11b01d8","type":"Microsoft.Authorization/policyDefinitions","name":"f0473e7a-a1ba-4e86-afb2-e829e11b01d8"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that have the specified applications installed","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
that have the specified applications installed. It also creates a system-assigned
@@ -10170,14 +17160,30 @@ interactions:
names of the applications that should not be installed. e.g. ''Microsoft SQL
Server 2014 (64-bit); Microsoft Visual Studio Code'' or ''Microsoft SQL Server
2014*'' (to match any application starting with ''Microsoft SQL Server 2014'')"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"NotInstalledApplication","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[InstalledApplication]NotInstalledApplicationResource1;Name'',
- ''='', parameters(''ApplicationName'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"NotInstalledApplication"},"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ApplicationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]NotInstalledApplicationResource1;Name","value":"[parameters(''ApplicationName'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]NotInstalledApplicationResource1;Name","value":"[parameters(''ApplicationName'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2","type":"Microsoft.Authorization/policyDefinitions","name":"f0633351-c7b2-41ff-9981-508fc08553c2"},{"properties":{"displayName":"[Preview]:
+ ''='', parameters(''ApplicationName'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"NotInstalledApplication"},"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ApplicationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]NotInstalledApplicationResource1;Name","value":"[parameters(''ApplicationName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]NotInstalledApplicationResource1;Name","value":"[parameters(''ApplicationName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2","type":"Microsoft.Authorization/policyDefinitions","name":"f0633351-c7b2-41ff-9981-508fc08553c2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1531 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1531"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0643e0c-eee5-4113-8684-c608d05c5236","type":"Microsoft.Authorization/policyDefinitions","name":"f0643e0c-eee5-4113-8684-c608d05c5236"},{"properties":{"displayName":"Latest
+ TLS version should be used in your Web App","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
+ to the latest TLS version","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","type":"Microsoft.Authorization/policyDefinitions","name":"f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1028 - Information Flow Enforcement","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1028"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f171df5c-921b-41e9-b12b-50801c315475","type":"Microsoft.Authorization/policyDefinitions","name":"f171df5c-921b-41e9-b12b-50801c315475"},{"properties":{"displayName":"Virtual
+ networks should use specified virtual network gateway","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any virtual network if the default route does not point to the
+ specified virtual network gateway.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"virtualNetworkGatewayId":{"type":"String","metadata":{"displayName":"Virtual
+ network gateway Id","description":"Resource Id of the virtual network gateway.
+ Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroup/providers/Microsoft.Network/virtualNetworkGateways/Name"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/virtualNetworks"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Network/virtualNetworks/subnets","name":"GatewaySubnet","existenceCondition":{"not":{"field":"Microsoft.Network/virtualNetworks/subnets/ipConfigurations[*].id","notContains":"[concat(parameters(''virtualNetworkGatewayId''),
+ ''/'')]"}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f1776c76-f58c-4245-a8d0-2b207198dc8b","type":"Microsoft.Authorization/policyDefinitions","name":"f1776c76-f58c-4245-a8d0-2b207198dc8b"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Linux VMs that do not have the passwd file permissions
set to 0644","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Linux virtual machines that
@@ -10185,13 +17191,13 @@ interactions:
managed identity and deploys the VM extension for Guest Configuration. This
policy should only be used along with its corresponding audit policy in an
initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid121"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid121"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","type":"Microsoft.Authorization/policyDefinitions","name":"f19aa1c1-6b91-4c27-ae6a-970279f03db9"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Adminstrative
Templates - MSS (Legacy)''","policyType":"BuiltIn","mode":"Indexed","description":"This
@@ -10203,7 +17209,24 @@ interactions:
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdminstrativeTemplatesMSSLegacy","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_AdminstrativeTemplatesMSSLegacy"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f1f4825d-58fb-4257-8016-8c00e3c9ed9d","type":"Microsoft.Authorization/policyDefinitions","name":"f1f4825d-58fb-4257-8016-8c00e3c9ed9d"},{"properties":{"displayName":"Show
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f1f4825d-58fb-4257-8016-8c00e3c9ed9d","type":"Microsoft.Authorization/policyDefinitions","name":"f1f4825d-58fb-4257-8016-8c00e3c9ed9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1701 - Information System Monitoring | Host-Based Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1701"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f25bc08f-27cb-43b6-9a23-014d00700426","type":"Microsoft.Authorization/policyDefinitions","name":"f25bc08f-27cb-43b6-9a23-014d00700426"},{"properties":{"displayName":"Microsoft
+ Managed Control 1457 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1457"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f2d9d3e6-8886-4305-865d-639163e5c305","type":"Microsoft.Authorization/policyDefinitions","name":"f2d9d3e6-8886-4305-865d-639163e5c305"},{"properties":{"displayName":"Microsoft
+ Managed Control 1309 - Identification And Authentication (Org. Users) | Acceptance
+ Of Piv Credentials","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1309"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f355d62b-39a8-4ba3-abf7-90f71cb3b000","type":"Microsoft.Authorization/policyDefinitions","name":"f355d62b-39a8-4ba3-abf7-90f71cb3b000"},{"properties":{"displayName":"Microsoft
+ Managed Control 1615 - System And Communications Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1615"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f35e02aa-0a55-49f8-8811-8abfa7e6f2c0","type":"Microsoft.Authorization/policyDefinitions","name":"f35e02aa-0a55-49f8-8811-8abfa7e6f2c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1255 - Contingency Plan | Continue Essential Missions / Business
+ Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1255"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f3793f5e-937f-44f7-bfba-40647ef3efa0","type":"Microsoft.Authorization/policyDefinitions","name":"f3793f5e-937f-44f7-bfba-40647ef3efa0"},{"properties":{"displayName":"Show
audit results from Windows VMs in which the Administrators group does not
contain all of the specified members","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -10219,7 +17242,10 @@ interactions:
VMs that do not contain the specified certificates in the Trusted Root Certification
Authorities certificate store (Cert:\\LocalMachine\\Root). For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsCertificateInTrustedRoot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f3b9ad83-000d-4dc1-bff0-6d54533dd03f","type":"Microsoft.Authorization/policyDefinitions","name":"f3b9ad83-000d-4dc1-bff0-6d54533dd03f"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsCertificateInTrustedRoot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f3b9ad83-000d-4dc1-bff0-6d54533dd03f","type":"Microsoft.Authorization/policyDefinitions","name":"f3b9ad83-000d-4dc1-bff0-6d54533dd03f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1706 - Security Alerts, Advisories, And Directives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1706"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f475ee0e-f560-4c9b-876b-04a77460a404","type":"Microsoft.Authorization/policyDefinitions","name":"f475ee0e-f560-4c9b-876b-04a77460a404"},{"properties":{"displayName":"[Preview]:
Audit Log Analytics Workspace for VM - Report Mismatch","policyType":"BuiltIn","mode":"Indexed","description":"Reports
VMs as non-compliant if they not logging to the LA workspace specified in
the policy/initiative assignment.","metadata":{"category":"Monitoring"},"parameters":{"logAnalyticsWorkspaceId":{"type":"String","metadata":{"displayName":"Log
@@ -10236,7 +17262,9 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that do not have the password complexity setting enabled.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","type":"Microsoft.Authorization/policyDefinitions","name":"f48b2913-1dc5-4834-8c72-ccc1dfd819bb"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","type":"Microsoft.Authorization/policyDefinitions","name":"f48b2913-1dc5-4834-8c72-ccc1dfd819bb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1495 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1495"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f4978d0e-a596-48e7-9f8c-bbf52554ce8d","type":"Microsoft.Authorization/policyDefinitions","name":"f4978d0e-a596-48e7-9f8c-bbf52554ce8d"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that have not restarted within the
specified number of days","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -10248,13 +17276,13 @@ interactions:
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"NumberOfDays":{"type":"String","metadata":{"displayName":"Number
of days","description":"The number of days without restart until the machine
is considered non-compliant"},"defaultValue":"12"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MachineLastBootUpTime","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[MachineUpTime]MachineLastBootUpTime;NumberOfDays'',
- ''='', parameters(''NumberOfDays'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MachineLastBootUpTime"},"NumberOfDays":{"value":"[parameters(''NumberOfDays'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"NumberOfDays":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[MachineUpTime]MachineLastBootUpTime;NumberOfDays","value":"[parameters(''NumberOfDays'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[MachineUpTime]MachineLastBootUpTime;NumberOfDays","value":"[parameters(''NumberOfDays'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''='', parameters(''NumberOfDays'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MachineLastBootUpTime"},"NumberOfDays":{"value":"[parameters(''NumberOfDays'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"NumberOfDays":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[MachineUpTime]MachineLastBootUpTime;NumberOfDays","value":"[parameters(''NumberOfDays'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[MachineUpTime]MachineLastBootUpTime;NumberOfDays","value":"[parameters(''NumberOfDays'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f4b245d4-46c9-42be-9b1a-49e2b5b94194","type":"Microsoft.Authorization/policyDefinitions","name":"f4b245d4-46c9-42be-9b1a-49e2b5b94194"},{"properties":{"displayName":"Deploy
Auditing on SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy ensures that Auditing is enabled on SQL Servers for enhanced security
@@ -10271,7 +17299,13 @@ interactions:
0, 3)]","storageName":"[tolower(concat(''sqlaudit'', variables(''locationCode''),
variables(''uniqueStorage'')))]","createStorageAccountDeploymentName":"[concat(''sqlServerAuditingStorageAccount-'',
uniqueString(variables(''locationCode''), parameters(''serverName'')))]"},"resources":[{"apiVersion":"2017-05-10","name":"[variables(''createStorageAccountDeploymentName'')]","type":"Microsoft.Resources/deployments","resourceGroup":"[parameters(''storageAccountsResourceGroup'')]","properties":{"mode":"Incremental","parameters":{"location":{"value":"[parameters(''location'')]"},"storageName":{"value":"[variables(''storageName'')]"}},"templateLink":{"uri":"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json","contentVersion":"1.0.0.0"}}},{"name":"[concat(parameters(''serverName''),
- ''/Default'')]","type":"Microsoft.Sql/servers/auditingSettings","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","storageEndpoint":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountEndPoint.value]","storageAccountAccessKey":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountKey.value]","retentionDays":"[variables(''retentionDays'')]","auditActionsAndGroups":null,"storageAccountSubscriptionId":"[subscription().subscriptionId]","isStorageSecondaryKeyInUse":false}}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"auditRetentionDays":{"value":"[parameters(''retentionDays'')]"},"storageAccountsResourceGroup":{"value":"[parameters(''storageAccountsResourceGroup'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036","type":"Microsoft.Authorization/policyDefinitions","name":"f4c68484-132f-41f9-9b6d-3e4b1cb55036"},{"properties":{"displayName":"[Preview]:
+ ''/Default'')]","type":"Microsoft.Sql/servers/auditingSettings","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","storageEndpoint":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountEndPoint.value]","storageAccountAccessKey":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountKey.value]","retentionDays":"[variables(''retentionDays'')]","auditActionsAndGroups":null,"storageAccountSubscriptionId":"[subscription().subscriptionId]","isStorageSecondaryKeyInUse":false}}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"auditRetentionDays":{"value":"[parameters(''retentionDays'')]"},"storageAccountsResourceGroup":{"value":"[parameters(''storageAccountsResourceGroup'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036","type":"Microsoft.Authorization/policyDefinitions","name":"f4c68484-132f-41f9-9b6d-3e4b1cb55036"},{"properties":{"displayName":"Microsoft
+ Managed Control 1469 - Power Equipment And Cabling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1469"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd","type":"Microsoft.Authorization/policyDefinitions","name":"f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1618 - Security Function Isolation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1618"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f52f89aa-4489-4ec4-950e-8c96a036baa9","type":"Microsoft.Authorization/policyDefinitions","name":"f52f89aa-4489-4ec4-950e-8c96a036baa9"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Network Access''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -10307,13 +17341,42 @@ interactions:
access: Remotely accessible registry paths;ExpectedValue","value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPaths'')]"},{"name":"Network
access: Remotely accessible registry paths and sub-paths;ExpectedValue","value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths'')]"},{"name":"Network
access: Shares that can be accessed anonymously;ExpectedValue","value":"[parameters(''NetworkAccessSharesThatCanBeAccessedAnonymously'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f56a3ab2-89d1-44de-ac0d-2ada5962e22a","type":"Microsoft.Authorization/policyDefinitions","name":"f56a3ab2-89d1-44de-ac0d-2ada5962e22a"},{"properties":{"displayName":"Virtual
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f56a3ab2-89d1-44de-ac0d-2ada5962e22a","type":"Microsoft.Authorization/policyDefinitions","name":"f56a3ab2-89d1-44de-ac0d-2ada5962e22a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1198 - Configuration Change Control | Security Representative","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1198"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f56be5c3-660b-4c61-9078-f67cf072c356","type":"Microsoft.Authorization/policyDefinitions","name":"f56be5c3-660b-4c61-9078-f67cf072c356"},{"properties":{"displayName":"Microsoft
+ Managed Control 1328 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1328"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f5c66fdc-3d02-4034-9db5-ba57802609de","type":"Microsoft.Authorization/policyDefinitions","name":"f5c66fdc-3d02-4034-9db5-ba57802609de"},{"properties":{"displayName":"Microsoft
+ Managed Control 1193 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1193"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f5fd629f-3075-4cae-ab53-bad65495a4ac","type":"Microsoft.Authorization/policyDefinitions","name":"f5fd629f-3075-4cae-ab53-bad65495a4ac"},{"properties":{"displayName":"Virtual
machines should be associated with a Network Security Group","policyType":"BuiltIn","mode":"All","description":"Protect
your VM from potential threats by restricting access to it with a Network
Security Group (NSG). NSGs contain a list of Access Control List (ACL) rules
that allow or deny network traffic to your VM from other instances, in or
outside the same subnet.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnVirtualMachines","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","type":"Microsoft.Authorization/policyDefinitions","name":"f6de0be7-9a8a-4b8a-b349-43cf02d22f7c"},{"properties":{"displayName":"Show
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnVirtualMachines","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","type":"Microsoft.Authorization/policyDefinitions","name":"f6de0be7-9a8a-4b8a-b349-43cf02d22f7c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1214 - Least Functionality","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1214"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f714a4e2-b580-47b6-ae8c-f2812d3750f3","type":"Microsoft.Authorization/policyDefinitions","name":"f714a4e2-b580-47b6-ae8c-f2812d3750f3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1591 - External Information System Services | Ident. Of Functions
+ / Ports / Protocols / Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1591"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f751cdb7-fbee-406b-969b-815d367cb9b3","type":"Microsoft.Authorization/policyDefinitions","name":"f751cdb7-fbee-406b-969b-815d367cb9b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1330 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1330"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f75cedb2-5def-4b31-973e-b69e8c7bd031","type":"Microsoft.Authorization/policyDefinitions","name":"f75cedb2-5def-4b31-973e-b69e8c7bd031"},{"properties":{"displayName":"Microsoft
+ Managed Control 1540 - Security Categorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1540"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f771f8cb-6642-45cc-9a15-8a41cd5c6977","type":"Microsoft.Authorization/policyDefinitions","name":"f771f8cb-6642-45cc-9a15-8a41cd5c6977"},{"properties":{"displayName":"Microsoft
+ Managed Control 1449 - Physical Access Authorizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1449"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f784d3b0-5f2b-49b7-b9f3-00ba8653ced5","type":"Microsoft.Authorization/policyDefinitions","name":"f784d3b0-5f2b-49b7-b9f3-00ba8653ced5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1506 - Personnel Security Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1506"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f7d2ff17-d604-4dd9-b607-9ecf63f28ad2","type":"Microsoft.Authorization/policyDefinitions","name":"f7d2ff17-d604-4dd9-b607-9ecf63f28ad2"},{"properties":{"displayName":"Show
audit results from Windows VMs that do not have the specified Windows PowerShell
execution policy","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -10321,11 +17384,20 @@ interactions:
auditing Windows virtual machines where Windows PowerShell is not configured
to use the specified PowerShell execution policy. For more information on
Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellExecutionPolicy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8036bd0-c10b-4931-86bb-94a878add855","type":"Microsoft.Authorization/policyDefinitions","name":"f8036bd0-c10b-4931-86bb-94a878add855"},{"properties":{"displayName":"External
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellExecutionPolicy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8036bd0-c10b-4931-86bb-94a878add855","type":"Microsoft.Authorization/policyDefinitions","name":"f8036bd0-c10b-4931-86bb-94a878add855"},{"properties":{"displayName":"Microsoft
+ Managed Control 1705 - Security Alerts, Advisories, And Directives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1705"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f82e3639-fa2b-4e06-a786-932d8379b972","type":"Microsoft.Authorization/policyDefinitions","name":"f82e3639-fa2b-4e06-a786-932d8379b972"},{"properties":{"displayName":"External
accounts with owner permissions should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"External
accounts with owner permissions should be removed from your subscription in
order to prevent unmonitored access.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","type":"Microsoft.Authorization/policyDefinitions","name":"f8456c1c-aa66-4dfb-861a-25d127b775c9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","type":"Microsoft.Authorization/policyDefinitions","name":"f8456c1c-aa66-4dfb-861a-25d127b775c9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1345 - Cryptographic Module Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1345"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f86aa129-7c07-4aa4-bbf5-792d93ffd9ea","type":"Microsoft.Authorization/policyDefinitions","name":"f86aa129-7c07-4aa4-bbf5-792d93ffd9ea"},{"properties":{"displayName":"Microsoft
+ Managed Control 1065 - Remote Access | Privileged Commands / Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1065"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f87b8085-dca9-4cf1-8f7b-9822b997797c","type":"Microsoft.Authorization/policyDefinitions","name":"f87b8085-dca9-4cf1-8f7b-9822b997797c"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - System''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -10350,20 +17422,69 @@ interactions:
your network is compromised","metadata":{"category":"Service Bus"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","type":"Microsoft.Authorization/policyDefinitions","name":"f8d36e2f-389b-4ee4-898d-21aeb69a0f45"},{"properties":{"displayName":"Diagnostic
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","type":"Microsoft.Authorization/policyDefinitions","name":"f8d36e2f-389b-4ee4-898d-21aeb69a0f45"},{"properties":{"displayName":"Microsoft
+ Managed Control 1203 - Access Restrictions For Change | Automated Access Enforcement
+ / Auditing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1203"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9012d14-e3e6-4d7b-b926-9f37b5537066","type":"Microsoft.Authorization/policyDefinitions","name":"f9012d14-e3e6-4d7b-b926-9f37b5537066"},{"properties":{"displayName":"Microsoft
+ Managed Control 1697 - Information System Monitoring | Analyze Traffic / Covert
+ Exfiltration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1697"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9873db2-18ad-46b3-a11a-1a1f8cbf0335","type":"Microsoft.Authorization/policyDefinitions","name":"f9873db2-18ad-46b3-a11a-1a1f8cbf0335"},{"properties":{"displayName":"Microsoft
+ Managed Control 1478 - Fire Protection | Suppression Devices / Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1478"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f997df46-cfbb-4cc8-aac8-3fecdaf6a183","type":"Microsoft.Authorization/policyDefinitions","name":"f997df46-cfbb-4cc8-aac8-3fecdaf6a183"},{"properties":{"displayName":"Microsoft
+ Managed Control 1535 - Personnel Sanctions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1535"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9a165d2-967d-4733-8399-1074270dae2e","type":"Microsoft.Authorization/policyDefinitions","name":"f9a165d2-967d-4733-8399-1074270dae2e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1108 - Content Of Audit Records | Additional Audit Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1108"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9ad559e-c12d-415e-9a78-e50fdd7da7ba","type":"Microsoft.Authorization/policyDefinitions","name":"f9ad559e-c12d-415e-9a78-e50fdd7da7ba"},{"properties":{"displayName":"Diagnostic
logs in Azure Stream Analytics should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Stream Analytics"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingJobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","type":"Microsoft.Authorization/policyDefinitions","name":"f9be5368-9bf5-4b84-9e0a-7850da98bb46"},{"properties":{"displayName":"[Preview]:
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingJobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","type":"Microsoft.Authorization/policyDefinitions","name":"f9be5368-9bf5-4b84-9e0a-7850da98bb46"},{"properties":{"displayName":"Latest
+ TLS version should be used in your Function App","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
+ to the latest TLS version","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","type":"Microsoft.Authorization/policyDefinitions","name":"f9d614c5-c173-4d56-95a7-b4437057d193"},{"properties":{"displayName":"Microsoft
+ Managed Control 1280 - Telecommunications Services | Priority Of Service Provisions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1280"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fa108498-b3a8-4ffb-9e79-1107e76afad3","type":"Microsoft.Authorization/policyDefinitions","name":"fa108498-b3a8-4ffb-9e79-1107e76afad3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1037 - Least Privilege | Network Access To Privileged Commands","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1037"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fa4c2a3d-1294-41a3-9ada-0e540471e9fb","type":"Microsoft.Authorization/policyDefinitions","name":"fa4c2a3d-1294-41a3-9ada-0e540471e9fb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1435 - Media Transport","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1435"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fa8d221b-d130-4637-ba16-501e666628bb","type":"Microsoft.Authorization/policyDefinitions","name":"fa8d221b-d130-4637-ba16-501e666628bb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1675 - Flaw Remediation | Time To Remediate Flaws / Benchmarks
+ For Corrective Actions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1675"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/facb66e0-1c48-478a-bed5-747a312323e1","type":"Microsoft.Authorization/policyDefinitions","name":"facb66e0-1c48-478a-bed5-747a312323e1"},{"properties":{"displayName":"Deploy
+ prerequisites to enable Guest Configuration Policy on Linux VMs.","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a system-assigned managed identity and deploys the VM extension
+ for Guest Configuration on Linux VMs. This is a prerequisites for Guest Configuration
+ Policy and must be assigned to the scope before using any Guest Configuration
+ policy. For more information on Guest Configuration policies, please visit
+ https://aka.ms/gcpol.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.Compute/virtualMachines/extensions","name":"AzurePolicyforLinux","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.GuestConfiguration"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"ConfigurationforLinux"}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"resources":[{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}}}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb27e9e0-526e-4ae1-89f2-a2a0bf0f8a50","type":"Microsoft.Authorization/policyDefinitions","name":"fb27e9e0-526e-4ae1-89f2-a2a0bf0f8a50"},{"properties":{"displayName":"Microsoft
+ Managed Control 1086 - Publicly Accessible Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1086"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb321e6f-16a0-4be3-878f-500956e309c5","type":"Microsoft.Authorization/policyDefinitions","name":"fb321e6f-16a0-4be3-878f-500956e309c5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1222 - Information System Component Inventory","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1222"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb39e62f-6bda-4558-8088-ec03d5670914","type":"Microsoft.Authorization/policyDefinitions","name":"fb39e62f-6bda-4558-8088-ec03d5670914"},{"properties":{"displayName":"[Preview]:
Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
your Kubernetes service cluster to a later Kubernetes version to protect against
known vulnerabilities in your current Kubernetes version. Vulnerability CVE-2019-9946
has been patched in Kubernetes versions 1.11.9+, 1.12.7+, 1.13.5+, and 1.14.0+","metadata":{"category":"Security
Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.13.4","1.13.3","1.13.2","1.13.1","1.13.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.12.6","1.12.5","1.12.4","1.12.3","1.12.2","1.12.1","1.12.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.11.8","1.11.7","1.11.6","1.11.5","1.11.4","1.11.3","1.11.2","1.11.1","1.11.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.10.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.9.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.8.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.7.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.6.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.5.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.4.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.3.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.2.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.1.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.0.*"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","type":"Microsoft.Authorization/policyDefinitions","name":"fb893a29-21bb-418c-a157-e99480ec364c"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.13.4","1.13.3","1.13.2","1.13.1","1.13.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.12.6","1.12.5","1.12.4","1.12.3","1.12.2","1.12.1","1.12.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.11.8","1.11.7","1.11.6","1.11.5","1.11.4","1.11.3","1.11.2","1.11.1","1.11.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.10.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.9.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.8.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.7.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.6.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.5.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.4.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.3.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.2.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.1.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.0.*"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","type":"Microsoft.Authorization/policyDefinitions","name":"fb893a29-21bb-418c-a157-e99480ec364c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1075 - Access Control For Mobile Devices | Full Device / Container-Based Encryption","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1075"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fc933d22-04df-48ed-8f87-22a3773d4309","type":"Microsoft.Authorization/policyDefinitions","name":"fc933d22-04df-48ed-8f87-22a3773d4309"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Microsoft Network Client''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -10371,7 +17492,35 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - Microsoft Network Client''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkClient","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fcbc55c9-f25a-4e55-a6cb-33acb3be778b","type":"Microsoft.Authorization/policyDefinitions","name":"fcbc55c9-f25a-4e55-a6cb-33acb3be778b"},{"properties":{"displayName":"Show
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkClient","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fcbc55c9-f25a-4e55-a6cb-33acb3be778b","type":"Microsoft.Authorization/policyDefinitions","name":"fcbc55c9-f25a-4e55-a6cb-33acb3be778b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1318 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1318"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fced5fda-3bdb-4d73-bfea-0e2c80428b66","type":"Microsoft.Authorization/policyDefinitions","name":"fced5fda-3bdb-4d73-bfea-0e2c80428b66"},{"properties":{"displayName":"Microsoft
+ Managed Control 1543 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1543"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd00b778-b5b5-49c0-a994-734ea7bd3624","type":"Microsoft.Authorization/policyDefinitions","name":"fd00b778-b5b5-49c0-a994-734ea7bd3624"},{"properties":{"displayName":"Microsoft
+ Managed Control 1707 - Security Alerts, Advisories, And Directives | Automated
+ Alerts And Advisories","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1707"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd4a2ac8-868a-4702-a345-6c896c3361ce","type":"Microsoft.Authorization/policyDefinitions","name":"fd4a2ac8-868a-4702-a345-6c896c3361ce"},{"properties":{"displayName":"Microsoft
+ Managed Control 1299 - Identification And Authentication Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1299"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd4e54f7-9ab0-4bae-b6cc-457809948a89","type":"Microsoft.Authorization/policyDefinitions","name":"fd4e54f7-9ab0-4bae-b6cc-457809948a89"},{"properties":{"displayName":"Microsoft
+ Managed Control 1627 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1627"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd73310d-76fc-422d-bda4-3a077149f179","type":"Microsoft.Authorization/policyDefinitions","name":"fd73310d-76fc-422d-bda4-3a077149f179"},{"properties":{"displayName":"Microsoft
+ Managed Control 1130 - Time Stamps | Synchronization With Authoritative Time
+ Source","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1130"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd7c4c1d-51ee-4349-9dab-89a7f8c8d102","type":"Microsoft.Authorization/policyDefinitions","name":"fd7c4c1d-51ee-4349-9dab-89a7f8c8d102"},{"properties":{"displayName":"Microsoft
+ Managed Control 1611 - Developer-Provided Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1611"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f","type":"Microsoft.Authorization/policyDefinitions","name":"fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1405 - Maintenance Tools | Inspect Tools","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1405"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b","type":"Microsoft.Authorization/policyDefinitions","name":"fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1613 - Developer Security Architecture And Design","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1613"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fe2ad78b-8748-4bff-a924-f74dfca93f30","type":"Microsoft.Authorization/policyDefinitions","name":"fe2ad78b-8748-4bff-a924-f74dfca93f30"},{"properties":{"displayName":"Show
audit results from Linux VMs that do not have the specified applications installed","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
@@ -10381,8 +17530,20 @@ interactions:
on your SQL databases should be remediated","policyType":"BuiltIn","mode":"Indexed","description":"Monitor
Vulnerability Assessment scan results and recommendations for how to remediate
database vulnerabilities.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Sql/servers/databases","Microsoft.Sql/managedinstances/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"sqlVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","type":"Microsoft.Authorization/policyDefinitions","name":"feedbf84-6b99-488c-acc2-71c829aa5ffc"},{"properties":{"displayName":"[Limited
- Preview]: Ensure containers listen only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Sql/servers/databases","Microsoft.Sql/managedinstances/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"sqlVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","type":"Microsoft.Authorization/policyDefinitions","name":"feedbf84-6b99-488c-acc2-71c829aa5ffc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1407 - Maintenance Tools | Prevent Unauthorized Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1407"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ff9fbd83-1d8d-4b41-aac2-94cb44b33976","type":"Microsoft.Authorization/policyDefinitions","name":"ff9fbd83-1d8d-4b41-aac2-94cb44b33976"},{"properties":{"displayName":"Microsoft
+ Managed Control 1158 - Security Authorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1158"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fff50cf2-28eb-45b4-b378-c99412688907","type":"Microsoft.Authorization/policyDefinitions","name":"fff50cf2-28eb-45b4-b378-c99412688907"},{"properties":{"displayName":"[Preview]:
+ Manage certificate validity period","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the maximum validity period for certificates in months.","metadata":{"category":"Key
+ Vault","preview":true},"parameters":{"maximumValidityInMonths":{"type":"Integer","metadata":{"displayName":"The
+ maximum validity in months","description":"The limit to how long a certificate
+ may be valid for. Certificates with lengthy validity periods aren''t best
+ practice."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/properties.validityInMonths","greater":"[parameters(''maximumValidityInMonths'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560","type":"Microsoft.Authorization/policyDefinitions","name":"0a075868-4c26-42ef-914c-5bc007359560"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Ensure containers listen only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces containers to listen only on allowed ports in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
@@ -10390,8 +17551,25 @@ interactions:
service"},"parameters":{"allowedContainerPortsRegex":{"type":"String","metadata":{"displayName":"Allowed
container ports regex","description":"Regex representing container ports allowed
in Kubernetes cluster. E.g. Regex for allowing ports 443,446 is ^(443|446)$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerAllowedPorts","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-allowed-ports/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedContainerPortsRegex":"[parameters(''allowedContainerPortsRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f636243-1b1c-4d50-880f-310f6199f2cb","type":"Microsoft.Authorization/policyDefinitions","name":"0f636243-1b1c-4d50-880f-310f6199f2cb"},{"properties":{"displayName":"[Limited
- Preview]: Enforce labels on pods in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerAllowedPorts","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-allowed-ports/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedContainerPortsRegex":"[parameters(''allowedContainerPortsRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f636243-1b1c-4d50-880f-310f6199f2cb","type":"Microsoft.Authorization/policyDefinitions","name":"0f636243-1b1c-4d50-880f-310f6199f2cb"},{"properties":{"displayName":"[Preview]:
+ Manage allowed certificate key types","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the allowed key types for certificates.","metadata":{"category":"Key
+ Vault","preview":true},"parameters":{"allowedKeyTypes":{"type":"Array","metadata":{"displayName":"Allowed
+ key types","description":"The list of allowed certificate key types."},"allowedValues":["RSA","RSA-HSM","EC","EC-HSM"],"defaultValue":["RSA","RSA-HSM"]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType","notIn":"[parameters(''allowedKeyTypes'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f","type":"Microsoft.Authorization/policyDefinitions","name":"1151cede-290b-4ba0-8b38-0ad145ac888f"},{"properties":{"displayName":"[Preview]:
+ Manage certificate lifetime action triggers","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the configuration for certificate lifetime action triggers
+ before certificate expiration.","metadata":{"category":"Key Vault","preview":true},"parameters":{"maximumPercentageLife":{"type":"Integer","metadata":{"displayName":"The
+ maximum lifetime percentage","description":"Enter the percentage of lifetime
+ of the certificate when you want to trigger the policy action. For example,
+ to trigger a policy action at 80% of the certificate''s valid life, enter
+ ''80''."}},"minimumDaysBeforeExpiry":{"type":"Integer","metadata":{"displayName":"The
+ minimum days before expiry","description":"Enter the days before expiration
+ of the certificate when you want to trigger the policy action. For example,
+ to trigger a policy action 90 days before the certificate''s expiration, enter
+ ''90''."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.daysBeforeExpiry","exists":"True"},{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.daysBeforeExpiry","less":"[parameters(''minimumDaysBeforeExpiry'')]"}]},{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.lifetimePercentage","exists":"True"},{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.lifetimePercentage","greater":"[parameters(''maximumPercentageLife'')]"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417","type":"Microsoft.Authorization/policyDefinitions","name":"12ef42cb-9903-4e39-9c26-422d29570417"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Enforce labels on pods in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces the specified labels are provided for pods in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
@@ -10399,8 +17577,20 @@ interactions:
service"},"parameters":{"commaSeparatedListOfLabels":{"type":"String","metadata":{"displayName":"Comma-separated
list of labels","description":"A comma-separated list of labels to be specified
on Pods in Kubernetes cluster. E.g. test1,test2"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"PodEnforceLabels","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/pod-enforce-labels/limited-preview/gatekeeperpolicy.rego","policyParameters":{"commaSeparatedListOfLabels":"[parameters(''commaSeparatedListOfLabels'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16c6ca72-89d2-4798-b87e-496f9de7fcb7","type":"Microsoft.Authorization/policyDefinitions","name":"16c6ca72-89d2-4798-b87e-496f9de7fcb7"},{"properties":{"displayName":"[Limited
- Preview]: Ensure services listen only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"PodEnforceLabels","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/pod-enforce-labels/limited-preview/gatekeeperpolicy.rego","policyParameters":{"commaSeparatedListOfLabels":"[parameters(''commaSeparatedListOfLabels'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16c6ca72-89d2-4798-b87e-496f9de7fcb7","type":"Microsoft.Authorization/policyDefinitions","name":"16c6ca72-89d2-4798-b87e-496f9de7fcb7"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Enforce HTTPS ingress in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces HTTPS ingress in a Kubernetes cluster. For instructions on
+ using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-https-only/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-https-only/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d","type":"Microsoft.Authorization/policyDefinitions","name":"1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Ensure services listen only on allowed ports in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces services to listen only on allowed ports in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"allowedServicePortsList":{"type":"Array","metadata":{"displayName":"Allowed
+ service ports list","description":"The list of service ports allowed in a
+ Kubernetes cluster."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/service-allowed-ports/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/service-allowed-ports/constraint.yaml","values":{"allowedServicePorts":"[parameters(''allowedServicePortsList'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/233a2a17-77ca-4fb1-9b6b-69223d272a44","type":"Microsoft.Authorization/policyDefinitions","name":"233a2a17-77ca-4fb1-9b6b-69223d272a44"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Ensure services listen only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces services to listen only on allowed ports in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
@@ -10409,14 +17599,34 @@ interactions:
service ports regex","description":"Regex representing service ports allowed
in Kubernetes cluster. E.g. Regex for allowing ports 443,446 is ^(443|446)$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ServiceAllowedPorts","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/service-allowed-ports/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedServicePortsRegex":"[parameters(''allowedServicePortsRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/25dee3db-6ce0-4c02-ab5d-245887b24077","type":"Microsoft.Authorization/policyDefinitions","name":"25dee3db-6ce0-4c02-ab5d-245887b24077"},{"properties":{"displayName":"[Limited
- Preview]: Enforce HTTPS ingress in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ Preview]: [AKS] Enforce HTTPS ingress in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces HTTPS ingress in an Azure Kubernetes Service cluster. Limited
Preview policies only work for registered subscriptions. To register, please
go to https://aka.ms/akspolicyonboarding. For instruction on using this policy,
please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"HttpsIngressOnly","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-https-only/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fbff515-eecc-4b7e-9b63-fcc7138b7dc3","type":"Microsoft.Authorization/policyDefinitions","name":"2fbff515-eecc-4b7e-9b63-fcc7138b7dc3"},{"properties":{"displayName":"[Limited
- Preview]: Ensure only allowed container images in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"HttpsIngressOnly","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-https-only/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fbff515-eecc-4b7e-9b63-fcc7138b7dc3","type":"Microsoft.Authorization/policyDefinitions","name":"2fbff515-eecc-4b7e-9b63-fcc7138b7dc3"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Enforce internal load balancers in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces load balancers do not have public IPs in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/load-balancer-no-public-ips/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/load-balancer-no-public-ips/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e","type":"Microsoft.Authorization/policyDefinitions","name":"3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Ensure containers listen only on allowed ports in Kubernetes
+ cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces containers to listen only on allowed ports in a Kubernetes
+ cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"allowedContainerPortsList":{"type":"Array","metadata":{"displayName":"Allowed
+ container ports list","description":"The list of container ports allowed in
+ a Kubernetes cluster."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-ports/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-ports/constraint.yaml","values":{"allowedContainerPorts":"[parameters(''allowedContainerPortsList'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/440b515e-a580-421e-abeb-b159a61ddcbc","type":"Microsoft.Authorization/policyDefinitions","name":"440b515e-a580-421e-abeb-b159a61ddcbc"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Enforce labels on pods in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces the specified labels are provided for pods in a Kubernetes
+ cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"labelsList":{"type":"Array","metadata":{"displayName":"List
+ of labels","description":"The list of labels to be specified on Pods in a
+ Kubernetes cluster."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/pod-enforce-labels/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/pod-enforce-labels/constraint.yaml","values":{"labels":"[parameters(''labelsList'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/46592696-4c7b-4bf3-9e45-6c2763bdc0a6","type":"Microsoft.Authorization/policyDefinitions","name":"46592696-4c7b-4bf3-9e45-6c2763bdc0a6"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Ensure only allowed container images in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy ensures only allowed container images are running in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
@@ -10426,55 +17636,123 @@ interactions:
allowed in Kubernetes cluster. E.g. Regex of azure container registry images
is ^.+azurecr.io/.+$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerAllowedImages","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-allowed-images/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedContainerImagesRegex":"[parameters(''allowedContainerImagesRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5f86cb6e-c4da-441b-807c-44bd0cc14e66","type":"Microsoft.Authorization/policyDefinitions","name":"5f86cb6e-c4da-441b-807c-44bd0cc14e66"},{"properties":{"displayName":"[Limited
- Preview]: Do not allow privileged containers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ Preview]: [AKS] Do not allow privileged containers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy does not allow privileged containers creation in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerNoPrivilege","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-no-privilege/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ce7ac02-a5c6-45d6-8d1b-844feb1c1531","type":"Microsoft.Authorization/policyDefinitions","name":"7ce7ac02-a5c6-45d6-8d1b-844feb1c1531"},{"properties":{"displayName":"[Limited
- Preview]: Ensure CPU and memory resource limits defined on containers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerNoPrivilege","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-no-privilege/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ce7ac02-a5c6-45d6-8d1b-844feb1c1531","type":"Microsoft.Authorization/policyDefinitions","name":"7ce7ac02-a5c6-45d6-8d1b-844feb1c1531"},{"properties":{"displayName":"[Preview]:
+ Manage certificates issued by an integrated CA","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages certificates are issued by a specified key vault integrated
+ Certificate Authority.","metadata":{"category":"Key Vault","preview":true},"parameters":{"allowedCAs":{"type":"Array","metadata":{"displayName":"Allowed
+ Azure Key Vault Supported CAs","description":"The list of allowed certificate
+ authorities supported by Azure Key Vault."},"allowedValues":["DigiCert","GlobalSign"],"defaultValue":["DigiCert","GlobalSign"]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/issuer.name","notIn":"[parameters(''allowedCAs'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82","type":"Microsoft.Authorization/policyDefinitions","name":"8e826246-c976-48f6-b03e-619bb92b3d82"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Do not allow privileged containers in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy does not allow privileged containers creation in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-no-privilege/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-no-privilege/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4","type":"Microsoft.Authorization/policyDefinitions","name":"95edb821-ddaf-4404-9732-666045e056b4"},{"properties":{"displayName":"[Preview]:
+ Manage certificates issued by a non-integrated CA","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages certificates are issued by a specified non-integrated Certificate
+ Authority.","metadata":{"category":"Key Vault","preview":true},"parameters":{"caCommonName":{"type":"String","metadata":{"displayName":"The
+ common name of the certificate authority","description":"The common name (CN)
+ of the Certificate Authority (CA) provider. For example, for an issuer CN
+ = Contoso, OU = .., DC = .., you can specify Contoso"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/issuer.commonName","notContains":"[parameters(''caCommonName'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341","type":"Microsoft.Authorization/policyDefinitions","name":"a22f4a40-01d3-4c7d-8071-da157eeff341"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Ensure CPU and memory resource limits defined on containers
+ in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy ensures CPU and memory resource limits are defined on containers in
an Azure Kubernetes Service cluster. Limited Preview policies only work for
registered subscriptions. To register, please go to https://aka.ms/akspolicyonboarding.
For instruction on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerResourceLimits","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-resource-limits/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2d3ed81-8d11-4079-80a5-1faadc0024f4","type":"Microsoft.Authorization/policyDefinitions","name":"a2d3ed81-8d11-4079-80a5-1faadc0024f4"},{"properties":{"displayName":"[Limited
- Preview]: Enforce internal load balancers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ Preview]: [AKS] Enforce internal load balancers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces load balancers do not have public IPs in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"LoadBalancersInternal","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/loadbalancer-no-publicips/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a74d8f00-2fd9-4ce4-968e-0ee1eb821698","type":"Microsoft.Authorization/policyDefinitions","name":"a74d8f00-2fd9-4ce4-968e-0ee1eb821698"},{"properties":{"displayName":"[Limited
- Preview]: Enforce unique ingress hostnames across namespaces in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"LoadBalancersInternal","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/loadbalancer-no-publicips/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a74d8f00-2fd9-4ce4-968e-0ee1eb821698","type":"Microsoft.Authorization/policyDefinitions","name":"a74d8f00-2fd9-4ce4-968e-0ee1eb821698"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Enforce unique ingress hostnames across namespaces in Kubernetes
+ cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces unique ingress hostnames across namespaces in a Kubernetes
+ cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-hostnames-conflict/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-hostnames-conflict/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b2fd3e59-6390-4f2b-8247-ea676bd03e2d","type":"Microsoft.Authorization/policyDefinitions","name":"b2fd3e59-6390-4f2b-8247-ea676bd03e2d"},{"properties":{"displayName":"[Preview]:
+ Manage allowed curve names for elliptic curve cryptography certificates","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the allowed elliptic curve names for elliptic curve cryptography
+ certificates.","metadata":{"category":"Key Vault","preview":true},"parameters":{"allowedECNames":{"type":"Array","metadata":{"displayName":"Allowed
+ elliptic curve names","description":"The list of allowed curve names for elliptic
+ curve cryptography certificates."},"allowedValues":["P-256","P-256K","P-384","P-521"],"defaultValue":["P-256","P-256K","P-384","P-521"]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType","in":["EC","EC-HSM"]},{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.ellipticCurveName","notIn":"[parameters(''allowedECNames'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf","type":"Microsoft.Authorization/policyDefinitions","name":"bd78111f-4953-4367-9fd5-7e08808b54bf"},{"properties":{"displayName":"[Preview]:
+ Manage minimum key size for RSA certificates","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the minimum key size for RSA certificates.","metadata":{"category":"Key
+ Vault","preview":true},"parameters":{"minimumRSAKeySize":{"type":"Integer","metadata":{"displayName":"Minimum
+ RSA key size","description":"The minimum key size for RSA certificates."},"allowedValues":[2048,3072,4096]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType","in":["RSA","RSA-HSM"]},{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keySize","less":"[parameters(''minimumRSAKeySize'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0","type":"Microsoft.Authorization/policyDefinitions","name":"cee51871-e572-4576-855c-047c820360f0"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Enforce unique ingress hostnames across namespaces in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces unique ingress hostnames across namespaces in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"UniqueIngressHostnames","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-hostnames-conflict/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d011d9f7-ba32-4005-b727-b3d09371ca60","type":"Microsoft.Authorization/policyDefinitions","name":"d011d9f7-ba32-4005-b727-b3d09371ca60"},{"properties":{"displayName":"audit
- tag perf test","policyType":"Custom","mode":"All","metadata":{},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"tagName","description":null}},"tagValue":{"type":"String","metadata":{"displayName":"tagValue","description":null}}},"policyRule":{"if":{"not":{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","equals":"[parameters(''tagValue'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/2b045b1b-f457-4358-aba2-cf8cff3c3136","type":"Microsoft.Authorization/policyDefinitions","name":"2b045b1b-f457-4358-aba2-cf8cff3c3136"},{"properties":{"displayName":"Audit
- if not perf test","policyType":"Custom","mode":"All","metadata":{"category":"PerfTest"},"policyRule":{"if":{"not":{"field":"tags.Test","equals":"Perf"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/audit-tags.shouldBePerfTest","type":"Microsoft.Authorization/policyDefinitions","name":"audit-tags.shouldBePerfTest"},{"properties":{"displayName":"Audit
- if not unit test","policyType":"Custom","mode":"All","metadata":{"category":"PerfTest"},"policyRule":{"if":{"not":{"field":"tags.Test","equals":"UnitTest"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/audit-tags.shouldBeUnitTest","type":"Microsoft.Authorization/policyDefinitions","name":"audit-tags.shouldBeUnitTest"},{"properties":{"displayName":"borgetTestPolicy","policyType":"Custom","mode":"Indexed","description":"Appends
- the specified tag and value when any resource which is missing this tag is
- created or updated. Does not modify the tags of resources created before this
- policy was applied until those resources are changed. Does not apply to resource
- groups.\n\nExcudes Disks","metadata":{"category":"General","createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-10T19:44:40.7912544Z","updatedBy":null,"updatedOn":null},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
- Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
- Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","exists":"false"},{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"type","notequals":"Microsoft.Compute/disks"}]},"then":{"effect":"append","details":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/borgetTestPolicy","type":"Microsoft.Authorization/policyDefinitions","name":"borgetTestPolicy"},{"properties":{"displayName":"Audit
- tag","policyType":"Custom","mode":"Indexed","description":"Audit a specified
- Tag key to be present without requiring a value or applying a default value.","metadata":{"createdBy":"611684ad-7140-4124-b482-8d031bdc553e","createdOn":"2019-06-13T15:55:32.9932893Z","updatedBy":"611684ad-7140-4124-b482-8d031bdc553e","updatedOn":"2019-06-13T17:54:27.1111611Z"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
- Name","description":"Name of the tag, such as environment"}}},"policyRule":{"if":{"field":"[concat(''tags.'',parameters(''tagName''))]","exists":false},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/gokmenhTestDefinition","type":"Microsoft.Authorization/policyDefinitions","name":"gokmenhTestDefinition"},{"properties":{"displayName":"Deny
- tag","policyType":"Custom","mode":"Indexed","description":"Deny a specified
- Tag key to be present without requiring a value or applying a default value.","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-08-05T22:32:52.3646544Z","updatedBy":null,"updatedOn":null},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
- Name","description":"Name of the tag, such as environment"}}},"policyRule":{"if":{"field":"[concat(''tags.'',parameters(''tagName''))]","exists":false},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/sandipTestDefinition","type":"Microsoft.Authorization/policyDefinitions","name":"sandipTestDefinition"},{"properties":{"displayName":"rohitbh
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"UniqueIngressHostnames","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-hostnames-conflict/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d011d9f7-ba32-4005-b727-b3d09371ca60","type":"Microsoft.Authorization/policyDefinitions","name":"d011d9f7-ba32-4005-b727-b3d09371ca60"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Ensure container CPU and memory resource limits do not exceed
+ the specified limits in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy ensures container CPU and memory resource limits are defined and do
+ not exceed the specified limits in a Kubernetes cluster. For instructions
+ on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"cpuLimit":{"type":"String","metadata":{"displayName":"Max
+ allowed CPU units","description":"The maximum CPU units allowed for a container.
+ E.g. 200m. For more information, please refer https://aka.ms/k8s-policy-pod-limits"}},"memoryLimit":{"type":"String","metadata":{"displayName":"Max
+ allowed memory bytes","description":"The maximum memory bytes allowed for
+ a container. E.g. 1Gi. For more information, please refer https://aka.ms/k8s-policy-pod-limits"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-resource-limits/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-resource-limits/constraint.yaml","values":{"cpuLimit":"[parameters(''cpuLimit'')]","memoryLimit":"[parameters(''memoryLimit'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e345eecc-fa47-480f-9e88-67dcc122b164","type":"Microsoft.Authorization/policyDefinitions","name":"e345eecc-fa47-480f-9e88-67dcc122b164"},{"properties":{"displayName":"[Preview]:
+ Manage certificates that are within a specified number of days of expiration","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages certificates that are within a specified number of days to
+ their expiration date.","metadata":{"category":"Key Vault","preview":true},"parameters":{"daysToExpire":{"type":"Integer","metadata":{"displayName":"Days
+ to expire","description":"The number of days for a certificate to expire."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/attributes.expiresOn","lessOrEquals":"[addDays(utcNow(),
+ parameters(''daysToExpire''))]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427","type":"Microsoft.Authorization/policyDefinitions","name":"f772fb64-8e40-40ad-87bc-7706e1949427"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Ensure only allowed container images in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy ensures only allowed container images are running in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"allowedContainerImagesRegex":{"type":"String","metadata":{"displayName":"Allowed
+ container images regex","description":"Regex representing container images
+ allowed in a Kubernetes cluster. E.g. Regex for azure container registry images
+ is ^.+azurecr.io/.+$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-images/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-images/constraint.yaml","values":{"allowedContainerImagesRegex":"[parameters(''allowedContainerImagesRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/febd0533-8e55-448f-b837-bd0e06f16469","type":"Microsoft.Authorization/policyDefinitions","name":"febd0533-8e55-448f-b837-bd0e06f16469"},{"properties":{"displayName":"Replace
+ tag without becoming compliant","policyType":"Custom","mode":"Indexed","description":"","metadata":{"category":"Tags","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-21T00:28:28.0537053Z","updatedBy":null,"updatedOn":null},"parameters":{},"policyRule":{"if":{"value":"true","equals":"true"},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"addOrReplace","field":"tags.mockTag","value":"mockValue"}]}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/270f0d11-af30-4c15-95f7-28ba884518f0","type":"Microsoft.Authorization/policyDefinitions","name":"270f0d11-af30-4c15-95f7-28ba884518f0"},{"properties":{"displayName":"rohitbh:
+ Key vault access policy","policyType":"Custom","mode":"All","description":"definition
+ description","metadata":{"createdBy":"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e","createdOn":"2019-03-26T00:11:44.907552Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-12T22:08:39.7776262Z"},"parameters":{"userObjectId":{"type":"String","metadata":{"displayName":"User
+ Object ID","description":"The GUID for the user which should have access"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"field":"Microsoft.Keyvault/vaults/accessPolicies[*].objectId","notEquals":"[parameters(''userObjectId'')]"}]},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.KeyVault/vaults","name":"current","deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"objectId":{"type":"string"},"keyVaultName":{"type":"string"},"secretsPermissions":{"type":"array","defaultValue":["list"]},"tenantId":{"type":"string"},"location":{"type":"string"},"sku":{"type":"object"},"existingAccessPolicies":{"type":"array","defaultValue":[]}},"variables":{"accessPolicies":[{"tenantId":"[parameters(''tenantId'')]","objectId":"[parameters(''objectId'')]","permissions":{"secrets":"[parameters(''secretsPermissions'')]"}}]},"resources":[{"type":"Microsoft.KeyVault/vaults","name":"[parameters(''keyVaultName'')]","location":"[parameters(''location'')]","apiVersion":"2018-02-14","properties":{"sku":"[parameters(''sku'')]","tenantId":"[parameters(''tenantId'')]","accessPolicies":"[concat(parameters(''existingAccessPolicies''),
+ variables(''accessPolicies''))]"}}]},"parameters":{"objectId":{"value":"[parameters(''userObjectId'')]"},"tenantId":{"value":"[field(''Microsoft.Keyvault/vaults/tenantId'')]"},"keyVaultName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"sku":{"value":"[field(''Microsoft.Keyvault/vaults/sku'')]"},"existingAccessPolicies":{"value":"[field(''Microsoft.Keyvault/vaults/accessPolicies'')]"}}}},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/f25e0fa2-a7c8-4377-a976-54943a77a395"]}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3863c624-094c-480d-bc42-74970b55e5e1","type":"Microsoft.Authorization/policyDefinitions","name":"3863c624-094c-480d-bc42-74970b55e5e1"},{"properties":{"displayName":"test_policyem3nif7gi","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T21:51:40.6097535Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ locations","description":"The list of locations that can be specified when
+ deploying resources"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policykavffx3v6","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policykavffx3v6"},{"properties":{"displayName":"testDisplay","policyType":"Custom","mode":"Indexed","description":"Updated
+ Unit test junk: sorry for littering. Please delete me!","metadata":{"testName":"testValue","createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-02T22:35:27.2634648Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-02T22:35:29.2696603Z"},"policyRule":{"if":{"source":"action","equals":"Microsoft.Resources/Subscriptions/ResourceGroups/write"},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ps7866","type":"Microsoft.Authorization/policyDefinitions","name":"ps7866"},{"properties":{"displayName":"robga
+ test modify","policyType":"Custom","mode":"Indexed","metadata":{"createdBy":"0dc80135-ae53-4da3-8695-220a2d93aad8","createdOn":"2019-08-06T13:52:23.9266854Z","updatedBy":"0dc80135-ae53-4da3-8695-220a2d93aad8","updatedOn":"2019-08-28T17:18:53.3118044Z"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"tags.testModify","exists":"false"}]},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"add","field":"tags.testModify","value":"addModifyOperation"}]}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/robgaTestModify","type":"Microsoft.Authorization/policyDefinitions","name":"robgaTestModify"},{"properties":{"displayName":"Audit
+ tag at MG","policyType":"Custom","mode":"All","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-19T21:02:29.3038974Z","updatedBy":null,"updatedOn":null},"parameters":{},"policyRule":{"if":{"not":{"field":"tags.Test","equals":"UnitTest"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/03ae6c12-b46a-43f1-9f3d-c20620473106","type":"Microsoft.Authorization/policyDefinitions","name":"03ae6c12-b46a-43f1-9f3d-c20620473106"},{"properties":{"displayName":"\"metadata\":
+ { \"category\": \"testResourcesGrid\" },","policyType":"Custom","mode":"All","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-19T20:48:36.8149755Z","updatedBy":null,"updatedOn":null},"parameters":{},"policyRule":{"if":{"not":{"field":"tags.testResourcesGrid","equals":"testResourcesGrid"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/4bba2e95-2749-431f-95ff-d032a3ae57f6","type":"Microsoft.Authorization/policyDefinitions","name":"4bba2e95-2749-431f-95ff-d032a3ae57f6"},{"properties":{"displayName":"CaleC
+ - Technical Owner Email Tag on RG","policyType":"Custom","mode":"All","metadata":{"category":"Test","createdBy":"b8890a11-51b6-457d-99f0-b36fde28fa4f","createdOn":"2019-11-13T21:16:37.0623117Z","updatedBy":null,"updatedOn":null},"parameters":{"namePattern":{"type":"String","metadata":{"displayName":"Pattern
+ matching","description":"Pattern to use for names. Can include wildcard (*)."}},"tagName":{"type":"String","metadata":{"displayName":"tagName","description":"Technical
+ Owner Email Address"},"defaultValue":"TechnicalOwnerEmail"}},"policyRule":{"if":{"allOf":[{"not":{"field":"[concat(''tags['',parameters(''tagName''),
+ '']'')]","like":"[parameters(''namePattern'')]"}},{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/54d50b8c-c4c6-4552-9e50-19925aedcf44","type":"Microsoft.Authorization/policyDefinitions","name":"54d50b8c-c4c6-4552-9e50-19925aedcf44"},{"properties":{"displayName":"rohitbh
def","policyType":"Custom","mode":"All","metadata":{"category":"Test","createdBy":"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e","createdOn":"2019-03-28T00:13:27.0393653Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/5b51a7de-acd9-42cd-81bd-32d9c01968e9","type":"Microsoft.Authorization/policyDefinitions","name":"5b51a7de-acd9-42cd-81bd-32d9c01968e9"},{"properties":{"displayName":"jilim
- audit subscriptions without security contacts","policyType":"Custom","mode":"All","metadata":{"createdBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","createdOn":"2019-06-07T20:59:59.7600143Z","updatedBy":null,"updatedOn":null},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/Subscriptions"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Security/securityContacts"}}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/67d90168-f067-43df-bd57-bca4b46df3a0","type":"Microsoft.Authorization/policyDefinitions","name":"67d90168-f067-43df-bd57-bca4b46df3a0"},{"properties":{"displayName":"jilim
+ audit subscriptions without security contacts","policyType":"Custom","mode":"All","metadata":{"createdBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","createdOn":"2019-06-07T20:59:59.7600143Z","updatedBy":null,"updatedOn":null},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/Subscriptions"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Security/securityContacts"}}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/67d90168-f067-43df-bd57-bca4b46df3a0","type":"Microsoft.Authorization/policyDefinitions","name":"67d90168-f067-43df-bd57-bca4b46df3a0"},{"properties":{"displayName":"Empty
+ deployment on each KeyVault resource","policyType":"Custom","mode":"Indexed","description":"Deploys
+ an empty deployment (with one output) on each KeyVault vault. Used for some
+ PolicyInsights SDK tests.","metadata":{"category":"SDK Tests","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-21T17:43:12.9974078Z","updatedBy":null,"updatedOn":null},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Authorization/policyAssignments","name":"notExists","roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/f25e0fa2-a7c8-4377-a976-54943a77a395"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[],"outputs":{"constantOutput":{"type":"string","value":"someConstantValue"}}}}}}}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/78a38c70-5549-49bd-8a16-fe3619e5d2cf","type":"Microsoft.Authorization/policyDefinitions","name":"78a38c70-5549-49bd-8a16-fe3619e5d2cf"},{"properties":{"displayName":"CaleC
+ - Ensure principal is member of role","policyType":"Custom","mode":"All","metadata":{"category":"Test","createdBy":"b8890a11-51b6-457d-99f0-b36fde28fa4f","createdOn":"2019-11-08T01:55:56.4678953Z","updatedBy":"b8890a11-51b6-457d-99f0-b36fde28fa4f","updatedOn":"2019-11-13T21:19:54.5769298Z"},"parameters":{"roleDefinitionId":{"type":"String","metadata":{"displayName":"Approved
+ Role Definition","description":"The role definition id to add the principal
+ to."}},"principalId":{"type":"String","metadata":{"displayName":"Principal
+ Id","description":"Principal Id to add to roles"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Authorization/roleDefinitions"},{"field":"name","equals":"[parameters(''roleDefinitionId'')]"}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Authorization/roleAssignments","deploymentScope":"subscription","existenceScope":"subscription","existenceCondition":{"allOf":[{"field":"Microsoft.Authorization/roleAssignments/principalId","equals":"[parameters(''principalId'')]"},{"field":"Microsoft.Authorization/roleAssignments/roleDefinitionId","equals":"[concat(subscription().id,
+ ''/providers/Microsoft.Authorization/roleDefinitions/'', parameters(''roleDefinitionId''))]"}]},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635"],"deployment":{"location":"eastus","properties":{"mode":"incremental","parameters":{"roleId":{"value":"[parameters(''roleDefinitionId'')]"},"principalId":{"value":"[parameters(''principalId'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"principalId":{"type":"string"},"roleId":{"type":"string"}},"resources":[{"name":"[guid(subscription().id,
+ parameters(''roleId''), parameters(''principalId''))]","type":"Microsoft.Authorization/roleAssignments","apiVersion":"2019-04-01-preview","properties":{"principalId":"[parameters(''principalId'')]","roleDefinitionId":"[concat(subscription().id,
+ ''/providers/Microsoft.Authorization/roleDefinitions/'', parameters(''roleId''))]"}}]}}}}}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/906ef7c2-27f9-48f4-b111-1f0aca8697cd","type":"Microsoft.Authorization/policyDefinitions","name":"906ef7c2-27f9-48f4-b111-1f0aca8697cd"},{"properties":{"displayName":"jilim
mg test 2","policyType":"Custom","mode":"All","metadata":{"createdBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","createdOn":"2019-04-01T18:34:15.5651057Z","updatedBy":null,"updatedOn":null},"policyRule":{"if":{"source":"action","equals":"Microsoft.Compute/virtualMachines/write"},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/jilim
mg test 2","type":"Microsoft.Authorization/policyDefinitions","name":"jilim
mg test 2"},{"properties":{"displayName":"jilim mg test","policyType":"Custom","mode":"All","metadata":{"createdBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","createdOn":"2019-04-01T18:00:41.0087033Z","updatedBy":null,"updatedOn":null},"policyRule":{"if":{"source":"action","equals":"Microsoft.Compute/virtualMachines/write"},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/jilimmgtest","type":"Microsoft.Authorization/policyDefinitions","name":"jilimmgtest"}]}'
@@ -10482,11 +17760,11 @@ interactions:
cache-control:
- no-cache
content-length:
- - '882235'
+ - '1645036'
content-type:
- application/json; charset=utf-8
date:
- - Wed, 11 Sep 2019 21:57:39 GMT
+ - Fri, 06 Dec 2019 22:31:23 GMT
expires:
- '-1'
pragma:
diff --git a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policyset_grouping.yaml b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policyset_grouping.yaml
new file mode 100644
index 00000000000..392b8107379
--- /dev/null
+++ b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policyset_grouping.yaml
@@ -0,0 +1,1735 @@
+interactions:
+- request:
+ body: '{"properties": {"displayName": "test_policy000003", "policyRule": {"if":
+ {"not": {"field": "location", "in": "[parameters(''allowedLocations'')]"}},
+ "then": {"effect": "deny"}}, "parameters": {"allowedLocations": {"type": "array",
+ "metadata": {"displayName": "Allowed locations", "description": "The list of
+ locations that can be specified when deploying resources"}}}}}'
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition create
+ Connection:
+ - keep-alive
+ Content-Length:
+ - '371'
+ Content-Type:
+ - application/json; charset=utf-8
+ ParameterSetName:
+ - -n --rules --params --display-name
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: PUT
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"test_policy000003","policyType":"Custom","mode":"Indexed","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T23:47:11.7027808Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ locations","description":"The list of locations that can be specified when
+ deploying resources"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '763'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 23:47:11 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ x-ms-ratelimit-remaining-subscription-writes:
+ - '1199'
+ status:
+ code: 201
+ message: Created
+- request:
+ body: '{"properties": {"displayName": "test_policyset000005", "policyDefinitions":
+ [{"policyDefinitionId": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002",
+ "parameters": {"allowedLocations": {"value": ["eastus"]}}, "policyDefinitionReferenceId":
+ "1", "groupNames": ["group1", "group2"]}, {"policyDefinitionId": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002",
+ "parameters": {"allowedLocations": {"value": ["eastus"]}}, "policyDefinitionReferenceId":
+ "2", "groupNames": ["group1"]}], "policyDefinitionGroups": [{"name": "group1",
+ "displayName": "Cost Savings"}, {"name": "group2", "displayName": "Organizational"}]}}'
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy set-definition create
+ Connection:
+ - keep-alive
+ Content-Length:
+ - '786'
+ Content-Type:
+ - application/json; charset=utf-8
+ ParameterSetName:
+ - -n --definitions --display-name --definition-groups
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: PUT
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000004?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"test_policyset000005","policyType":"Custom","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T23:47:13.8227187Z","updatedBy":null,"updatedOn":null},"policyDefinitions":[{"policyDefinitionReferenceId":"1","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["eastus"]}},"groupNames":["group1","group2"]},{"policyDefinitionReferenceId":"2","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["eastus"]}},"groupNames":["group1"]}],"policyDefinitionGroups":[{"name":"group1","displayName":"Cost
+ Savings"},{"name":"group2","displayName":"Organizational"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000004","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000004"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1155'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 23:47:12 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ x-ms-ratelimit-remaining-subscription-writes:
+ - '1199'
+ status:
+ code: 201
+ message: Created
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy set-definition update
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n --definition-groups
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000004?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"test_policyset000005","policyType":"Custom","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T23:47:13.8227187Z","updatedBy":null,"updatedOn":null},"policyDefinitions":[{"policyDefinitionReferenceId":"1","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["eastus"]}},"groupNames":["group1","group2"]},{"policyDefinitionReferenceId":"2","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["eastus"]}},"groupNames":["group1"]}],"policyDefinitionGroups":[{"name":"group1","displayName":"Cost
+ Savings"},{"name":"group2","displayName":"Organizational"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000004","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000004"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1155'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 23:47:14 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: '{"properties": {"displayName": "test_policyset000005", "policyDefinitions":
+ [{"policyDefinitionId": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002",
+ "parameters": {"allowedLocations": {"value": ["eastus"]}}, "policyDefinitionReferenceId":
+ "1", "groupNames": ["group1", "group2"]}, {"policyDefinitionId": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002",
+ "parameters": {"allowedLocations": {"value": ["eastus"]}}, "policyDefinitionReferenceId":
+ "2", "groupNames": ["group1"]}], "policyDefinitionGroups": [{"name": "group1",
+ "displayName": "Updated display name"}, {"name": "group2", "displayName": "Organizational"}]}}'
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy set-definition update
+ Connection:
+ - keep-alive
+ Content-Length:
+ - '794'
+ Content-Type:
+ - application/json; charset=utf-8
+ ParameterSetName:
+ - -n --definition-groups
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: PUT
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000004?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"test_policyset000005","policyType":"Custom","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T23:47:13.8227187Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T23:47:15.1178395Z"},"policyDefinitions":[{"policyDefinitionReferenceId":"1","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["eastus"]}},"groupNames":["group1","group2"]},{"policyDefinitionReferenceId":"2","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["eastus"]}},"groupNames":["group1"]}],"policyDefinitionGroups":[{"name":"group1","displayName":"Updated
+ display name"},{"name":"group2","displayName":"Organizational"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000004","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000004"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1223'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 23:47:15 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ x-ms-ratelimit-remaining-subscription-writes:
+ - '1198'
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy set-definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000004?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"test_policyset000005","policyType":"Custom","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T23:47:13.8227187Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T23:47:15.1178395Z"},"policyDefinitions":[{"policyDefinitionReferenceId":"1","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["eastus"]}},"groupNames":["group1","group2"]},{"policyDefinitionReferenceId":"2","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["eastus"]}},"groupNames":["group1"]}],"policyDefinitionGroups":[{"name":"group1","displayName":"Updated
+ display name"},{"name":"group2","displayName":"Organizational"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000004","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000004"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1223'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 23:47:15 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy set-definition delete
+ Connection:
+ - keep-alive
+ Content-Length:
+ - '0'
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: DELETE
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000004?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"test_policyset000005","policyType":"Custom","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T23:47:13.8227187Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T23:47:15.1178395Z"},"policyDefinitions":[{"policyDefinitionReferenceId":"1","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["eastus"]}},"groupNames":["group1","group2"]},{"policyDefinitionReferenceId":"2","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["eastus"]}},"groupNames":["group1"]}],"policyDefinitionGroups":[{"name":"group1","displayName":"Updated
+ display name"},{"name":"group2","displayName":"Organizational"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000004","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000004"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1223'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 23:47:16 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ x-ms-ratelimit-remaining-subscription-deletes:
+ - '14999'
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy set-definition list
+ Connection:
+ - keep-alive
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions?api-version=2019-09-01
+ response:
+ body:
+ string: '{"value":[{"properties":{"displayName":"Audit Windows VMs in which
+ the Administrators group does not contain only the specified members","policyType":"BuiltIn","description":"This
+ initiative deploys the policy requirements and audits Windows virtual machines
+ in which the Administrators group does not contain only the specified members.
+ For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"parameters":{"Members":{"type":"String","metadata":{"displayName":"Members","description":"A
+ semicolon-separated list of all the expected members of the Administrators
+ local group. Ex: Administrator; myUser1; myUser2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_AdministratorsGroupMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b821191b-3a12-44bc-9c38-212138a29ff3","parameters":{"Members":{"value":"[parameters(''Members'')]"}}},{"policyDefinitionReferenceId":"Audit_AdministratorsGroupMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc7cda28-f867-4311-8497-a526129a8d19"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/06122b01-688c-42a8-af2e-fa97dd39aa3b","type":"Microsoft.Authorization/policySetDefinitions","name":"06122b01-688c-42a8-af2e-fa97dd39aa3b"},{"properties":{"displayName":"[Preview]:
+ Audit Windows VMs on which the Log Analytics agent is not connected as expected","policyType":"BuiltIn","description":"This
+ initiative deploys the policy requirements and audits Windows virtual machines
+ on which the Log Analytics agent is not connected to the specified workspaces.
+ For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"parameters":{"WorkspaceId":{"type":"String","metadata":{"displayName":"Connected
+ workspace IDs","description":"A semicolon-separated list of the workspace
+ IDs that the Log Analytics agent should be connected to"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_WindowsLogAnalyticsAgentConnection","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68511db2-bd02-41c4-ae6b-1900a012968a","parameters":{"WorkspaceId":{"value":"[parameters(''WorkspaceId'')]"}}},{"policyDefinitionReferenceId":"Audit_WindowsLogAnalyticsAgentConnection","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a030a57e-4639-4e8f-ade9-a92f33afe7ee"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/06c5e415-a662-463a-bb85-ede14286b979","type":"Microsoft.Authorization/policySetDefinitions","name":"06c5e415-a662-463a-bb85-ede14286b979"},{"properties":{"displayName":"[Preview]:
+ Audit IRS1075 September 2016 controls and deploy specific VM Extensions to
+ support audit requirements","policyType":"BuiltIn","description":"This initiative
+ includes audit and VM Extension deployment policies that address a subset
+ of IRS1075 September 2016 controls. Additional policies will be added in upcoming
+ releases. For more information, please visit https://aka.ms/irs1075-blueprint.","metadata":{"category":"Regulatory
+ Compliance"},"parameters":{"logAnalyticsWorkspaceIdforVMReporting":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace ID for VM agent reporting"}},"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"List
+ of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"listOfMembersToExcludeFromWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"List
+ of users excluded from Windows VM Administrators group"}},"listOfMembersToIncludeInWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"List
+ of users that must be included in Windows VM Administrators group"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditCORSResourceAccessRestrictionsForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentMImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVMSSVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceforVMPreviewReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdforVMreporting'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditMaximumNumberOfOwnersForASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditMinimumNumberOfOwnersForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"PreviewAudiThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVMDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorVMVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"AuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de","parameters":{}},{"policyDefinitionReferenceId":"AuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a","parameters":{}},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingsScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{}},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","parameters":{"MembersToExclude":{"value":"[parameters(''listOfMembersToExcludeFromWindowsVMAdministratorsGroup'')]"}}},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","parameters":{"MembersToInclude":{"value":"[parameters(''listOfMembersToIncludeInWindowsVMAdministratorsGroup'')]"}}},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{}},{"policyDefinitionReferenceId":"TheNsGsRulesForWebApplicationsOnIaaSShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/105e0327-6175-4eb2-9af4-1fba43bdb39d","type":"Microsoft.Authorization/policySetDefinitions","name":"105e0327-6175-4eb2-9af4-1fba43bdb39d"},{"properties":{"displayName":"Audit
+ Windows VMs in which the Administrators group does not contain all of the
+ specified members","policyType":"BuiltIn","description":"This initiative deploys
+ the policy requirements and audits Windows virtual machines in which the Administrators
+ group does not contain all of the specified members. For more information
+ on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"parameters":{"MembersToInclude":{"type":"String","metadata":{"displayName":"Members
+ to include","description":"A semicolon-separated list of members that should
+ be included in the Administrators local group. Ex: Administrator; myUser1;
+ myUser2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_AdministratorsGroupMembersToInclude","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","parameters":{"MembersToInclude":{"value":"[parameters(''MembersToInclude'')]"}}},{"policyDefinitionReferenceId":"Audit_AdministratorsGroupMembersToInclude","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/133046de-0bd7-4546-93f4-f452e9e258b7","type":"Microsoft.Authorization/policySetDefinitions","name":"133046de-0bd7-4546-93f4-f452e9e258b7"},{"properties":{"displayName":"[Preview]:
+ Audit CIS Microsoft Azure Foundations Benchmark 1.1.0 recommendations and
+ deploy specific supporting VM Extensions","policyType":"BuiltIn","description":"This
+ initiative includes audit and VM Extension deployment policies that address
+ a subset of CIS Microsoft Azure Foundations Benchmark recommendations. Additional
+ policies will be added in upcoming releases. For more information, please
+ visit https://aka.ms/cisazure-blueprint.","metadata":{"category":"Regulatory
+ Compliance"},"parameters":{"listOfRegionsWhereNetworkWatcherShouldBeEnabled":{"type":"Array","metadata":{"displayName":"List
+ of regions where Network Watcher should be enabled","description":"To see
+ a complete list of regions use Get-AzLocation","strongType":"location"},"defaultValue":["eastus"]},"listOfApprovedVMExtensions":{"type":"Array","metadata":{"displayName":"List
+ of virtual machine extensions that are approved for use","description":"To
+ see a complete list of virtual machine extensions, use Get-AzVMExtensionImage"},"defaultValue":["AzureDiskEncryption","AzureDiskEncryptionForLinux","DependencyAgentWindows","DependencyAgentLinux","IaaSAntimalware","IaaSDiagnostics","LinuxDiagnostic","MicrosoftMonitoringAgent","NetworkWatcherAgentLinux","NetworkWatcherAgentWindows","OmsAgentForLinux","VMSnapshot","VMSnapshotLinux"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"CISv110x1x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x1m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x23","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1181c5f-672a-477a-979a-7d58aa086233","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x3CISv110x7x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x5CISv110x7x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x6CISv110x7x1CISv110x7x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x9m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x13","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x14CISv110x4x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x15CISv110x4x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x16","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x17","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x18","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x19","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x4m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x5m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x6m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x7m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x10m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x11","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x13","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x14","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e442","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x15","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e446","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x16","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e8f3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x17","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{}},{"policyDefinitionReferenceId":"CISv110x6x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfRegionsWhereNetworkWatcherShouldBeEnabled'')]"}}},{"policyDefinitionReferenceId":"CISv110x7x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","parameters":{}},{"policyDefinitionReferenceId":"CISv110x7x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432","parameters":{"approvedExtensions":{"value":"[parameters(''listOfApprovedVMExtensions'')]"}}},{"policyDefinitionReferenceId":"CISv110x8x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","parameters":{}},{"policyDefinitionReferenceId":"CISv110x8x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x3m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x3mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x4m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x4mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86d97760-d216-4d81-a3ad-163087b2b6c3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x5m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0473e7a-a1ba-4e86-afb2-e829e11b01d8","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x5mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa81768c-cb87-4ce2-bfaa-00baa10d760c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c2e7ca55-f62c-49b2-89a4-d41eb661d2f0","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x6m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10c1859c-e1a7-4df3-ab97-a487fa8059f6","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x6mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/843664e0-7563-41ee-a9cb-7522c382d2c4","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x7m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ab965db2-d2bf-4b64-8b39-c38ec8179461","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x7mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x8m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x8mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x9m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x9mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x10m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x10mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1a5bb27d-173f-493e-9568-eb56638dde4d","type":"Microsoft.Authorization/policySetDefinitions","name":"1a5bb27d-173f-493e-9568-eb56638dde4d"},{"properties":{"displayName":"[Preview]:
+ Enable Monitoring in Azure Security Center","policyType":"BuiltIn","description":"Monitor
+ all the available security recommendations in Azure Security Center. This
+ is the default policy for Azure Security Center.","metadata":{"category":"Security
+ Center"},"parameters":{"vmssSystemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"System
+ updates on virtual machine scale sets should be installed","description":"Enable
+ or disable virtual machine scale sets reporting of system updates"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vmssEndpointProtectionMonitoringEffect":{"type":"String","metadata":{"displayName":"Endpoint
+ protection solution should be installed on virtual machine scale sets","description":"Enable
+ or disable virtual machine scale sets endpoint protection monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vmssOsVulnerabilitiesMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities
+ in security configuration on your virtual machine scale sets should be remediated","description":"Enable
+ or disable virtual machine scale sets OS vulnerabilities monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"systemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"System
+ updates should be installed on your machines","description":"Enable or disable
+ reporting of system updates"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"systemConfigurationsMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities
+ in security configuration on your machines should be remediated","description":"Enable
+ or disable OS vulnerabilities monitoring (based on a configured baseline)"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"endpointProtectionMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
+ missing Endpoint Protection in Azure Security Center","description":"Enable
+ or disable endpoint protection monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diskEncryptionMonitoringEffect":{"type":"String","metadata":{"displayName":"Disk
+ encryption should be applied on virtual machines","description":"Enable or
+ disable the monitoring for VM disk encryption"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"networkSecurityGroupsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
+ network security groups","description":"[Deprecated] Enable or disable monitoring
+ of network security groups with permissive rules","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"networkSecurityGroupsOnSubnetsMonitoringEffect":{"type":"String","metadata":{"displayName":"Network
+ Security Groups on the subnet level should be enabled","description":"Enable
+ or disable monitoring of NSGs on subnets"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"networkSecurityGroupsOnVirtualMachinesMonitoringEffect":{"type":"String","metadata":{"displayName":"Network
+ Security Groups for virtual machines should be enabled","description":"Enable
+ or disable monitoring of NSGs on VMs"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"webApplicationFirewallMonitoringEffect":{"type":"String","metadata":{"displayName":"The
+ NSGs rules for web applications on IaaS should be hardened","description":"Enable
+ or disable the monitoring of unprotected web applications"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"nextGenerationFirewallMonitoringEffect":{"type":"String","metadata":{"displayName":"Access
+ through Internet facing endpoint should be restricted","description":"Enable
+ or disable overly permissive inbound NSG rules monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vulnerabilityAssesmentMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities
+ should be remediated by a Vulnerability Assessment solution","description":"Enable
+ or disable the detection of VM vulnerabilities by a vulnerability assessment
+ solution"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"serverVulnerabilityAssessmentEffect":{"type":"String","metadata":{"displayName":"[Preview]
+ Vulnerability Assessment should be enabled on Virtual Machines","description":"Enable
+ or disable the detection of VM vulnerabilities by Azure Security Center Vulnerability
+ Assessment"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"storageEncryptionMonitoringEffect":{"type":"String","metadata":{"displayName":"Audit
+ missing blob encryption for storage accounts","description":"[Deprecated]
+ Enable or disable the monitoring of blob encryption for storage accounts","deprecated":true},"allowedValues":["Audit","Disabled"],"defaultValue":"Disabled"},"jitNetworkAccessMonitoringEffect":{"type":"String","metadata":{"displayName":"Just-In-Time
+ network access control should be applied on virtual machines","description":"Enable
+ or disable the monitoring of network just In time access"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"adaptiveApplicationControlsMonitoringEffect":{"type":"String","metadata":{"displayName":"Adaptive
+ Application Controls should be enabled on virtual machines","description":"Enable
+ or disable the monitoring of application whitelisting in Azure Security Center"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"sqlAuditingMonitoringEffect":{"type":"String","metadata":{"displayName":"[Deprecated]
+ Monitor unaudited SQL servers in Azure Security Center","description":"Enable
+ or disable the monitoring of unaudited SQL databases","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"sqlEncryptionMonitoringEffect":{"type":"String","metadata":{"displayName":"[Deprecated]
+ Monitor unencrypted SQL databases in Azure Security Center","description":"Enable
+ or disable the monitoring of unencrypted SQL databases","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"sqlDbEncryptionMonitoringEffect":{"type":"String","metadata":{"displayName":"Transparent
+ Data Encryption on SQL databases should be enabled","description":"Enable
+ or disable the monitoring of unencrypted SQL databases"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"sqlServerAuditingMonitoringEffect":{"type":"String","metadata":{"displayName":"Auditing
+ should be enabled on advanced data security settings on SQL Server","description":"Enable
+ or disable the monitoring of unaudited SQL Servers"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"sqlServerAuditingActionsAndGroupsMonitoringEffect":{"type":"String","metadata":{"displayName":"SQL
+ Auditing settings should have Action-Groups configured to capture critical
+ activities","description":"Enable or disable the monitoring of auditing policy
+ Action-Groups and Actions setting"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"SqlServerAuditingRetentionDaysMonitoringEffect":{"type":"String","metadata":{"displayName":"SQL
+ servers should be configured with auditing retention days greater than 90
+ days","description":"Enable or disable the monitoring of SQL servers with
+ auditing retention period less than 90"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInAppServiceMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
+ diagnostic logs in Azure App Services","description":"[Deprecated] Enable
+ or disable the monitoring of diagnostics logs in Azure App Services","deprecated":true},"allowedValues":["Audit","Disabled"],"defaultValue":"Disabled"},"diagnosticsLogsInSelectiveAppServicesMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in App Services should be enabled","description":"Enable or disable the
+ monitoring of diagnostics logs in Azure App Services"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"encryptionOfAutomationAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Automation
+ account variables should be encrypted","description":"Enable or disable the
+ monitoring of automation account encryption"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInBatchAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Batch accounts should be enabled","description":"Enable or disable
+ the monitoring of diagnostic logs in Batch accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInBatchAccountRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (in days) for logs in Batch accounts","description":"The required
+ diagnostic logs retention period in days"},"defaultValue":"365"},"metricAlertsInBatchAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Metric
+ alert rules should be configured on Batch accounts","description":"Enable
+ or disable the monitoring of metric alerts in Batch accounts","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"classicComputeVMsMonitoringEffect":{"type":"String","metadata":{"displayName":"Virtual
+ machines should be migrated to new Azure Resource Manager resources","description":"Enable
+ or disable the monitoring of classic compute VMs"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"classicStorageAccountsMonitoringEffect":{"type":"String","metadata":{"displayName":"Storage
+ accounts should be migrated to new Azure Resource Manager resources","description":"Enable
+ or disable the monitoring of classic storage accounts"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInDataLakeAnalyticsMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Data Lake Analytics should be enabled","description":"Enable or disable
+ the monitoring of diagnostic logs in Data Lake Analytics accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInDataLakeAnalyticsRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (in days) of logs in Data Lake Analytics accounts","description":"The
+ required diagnostic logs retention period in days"},"defaultValue":"365"},"diagnosticsLogsInDataLakeStoreMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Azure Data Lake Store should be enabled","description":"Enable or
+ disable the monitoring of diagnostic logs in Data Lake Store accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInDataLakeStoreRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (in days) of logs in Data Lake Store accounts","description":"The
+ required diagnostic logs retention period in days"},"defaultValue":"365"},"diagnosticsLogsInEventHubMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Event Hub should be enabled","description":"Enable or disable the
+ monitoring of diagnostic logs in Event Hub accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInEventHubRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (in days) of logs in Event Hub accounts","description":"The required
+ diagnostic logs retention period in days"},"defaultValue":"365"},"diagnosticsLogsInKeyVaultMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Key Vault should be enabled","description":"Enable or disable the
+ monitoring of diagnostic logs in Key Vault vaults"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInKeyVaultRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (in days) of logs in Key Vault vaults","description":"The required
+ diagnostic logs retention period in days"},"defaultValue":"365"},"diagnosticsLogsInLogicAppsMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Logic Apps should be enabled","description":"Enable or disable the
+ monitoring of diagnostic logs in Logic Apps workflows"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInLogicAppsRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (in days) of logs in Logic Apps workflows","description":"The required
+ diagnostic logs retention period in days"},"defaultValue":"365"},"diagnosticsLogsInRedisCacheMonitoringEffect":{"type":"String","metadata":{"displayName":"Only
+ secure connections to your Redis Cache should be enabled","description":"Enable
+ or disable the monitoring of diagnostic logs in Azure Redis Cache"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInSearchServiceMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Search services should be enabled","description":"Enable or disable
+ the monitoring of diagnostic logs in Azure Search service"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInSearchServiceRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (in days) of logs in Azure Search service","description":"The required
+ diagnostic logs retention period in days"},"defaultValue":"365"},"aadAuthenticationInServiceFabricMonitoringEffect":{"type":"String","metadata":{"displayName":"Service
+ Fabric clusters should only use Azure Active Directory for client authentication","description":"Enable
+ or disable the monitoring of Azure Active Directory for client authentication
+ in Service Fabric"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"clusterProtectionLevelInServiceFabricMonitoringEffect":{"type":"String","metadata":{"displayName":"Service
+ Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign","description":"Enable
+ or disable the monitoring of cluster protection level in Service Fabric"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInServiceBusMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Service Bus should be enabled","description":"Enable or disable the
+ monitoring of diagnostic logs in Service Bus"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInServiceBusRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (in days) of logs in Service Bus","description":"The required diagnostic
+ logs retention period in days"},"defaultValue":"365"},"namespaceAuthorizationRulesInServiceBusMonitoringEffect":{"type":"String","metadata":{"displayName":"All
+ authorization rules except RootManageSharedAccessKey should be removed from
+ Service Bus namespace","description":"Enable or disable the monitoring of
+ Service Bus namespace authorization rules"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Disabled"},"aadAuthenticationInSqlServerMonitoringEffect":{"type":"String","metadata":{"displayName":"An
+ Azure Active Directory administrator should be provisioned for SQL servers","description":"Enable
+ or disable the monitoring of an Azure AD admininistrator for SQL server"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"secureTransferToStorageAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Secure
+ transfer to storage accounts should be enabled","description":"Enable or disable
+ the monitoring of secure transfer to storage account"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInStreamAnalyticsMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Azure Stream Analytics should be enabled","description":"Enable or
+ disable the monitoring of diagnostic logs in Stream Analytics"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInStreamAnalyticsRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (in days) of logs in Stream Analytics","description":"The required
+ diagnostic logs retention period in days"},"defaultValue":"365"},"useRbacRulesMonitoringEffect":{"type":"String","metadata":{"displayName":"Audit
+ usage of custom RBAC rules","description":"Enable or disable the monitoring
+ of using built-in RBAC rules"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"disableUnrestrictedNetworkToStorageAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Audit
+ unrestricted network access to storage accounts","description":"Enable or
+ disable the monitoring of network access to storage account"},"allowedValues":["Audit","Disabled"],"defaultValue":"Disabled"},"diagnosticsLogsInServiceFabricMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Virtual Machine Scale Sets should be enabled","description":"Enable
+ or disable the monitoring of diagnostic logs in Service Fabric"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"accessRulesInEventHubNamespaceMonitoringEffect":{"type":"String","metadata":{"displayName":"All
+ authorization rules except RootManageSharedAccessKey should be removed from
+ Event Hub namespace","description":"Enable or disable the monitoring of access
+ rules in Event Hub namespaces"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Disabled"},"accessRulesInEventHubMonitoringEffect":{"type":"String","metadata":{"displayName":"Authorization
+ rules on the Event Hub instance should be defined","description":"Enable or
+ disable the monitoring of access rules in Event Hubs"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"sqlDbVulnerabilityAssesmentMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities
+ on your SQL databases should be remediated","description":"Enable or disable
+ the monitoring of Vulnerability Assessment scan results and recommendations
+ for how to remediate database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"sqlDbDataClassificationMonitoringEffect":{"type":"String","metadata":{"displayName":"Sensitive
+ data in your SQL databases should be classified","description":"Enable or
+ disable the monitoring of sensitive data classification in databases."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityDesignateLessThanOwnersMonitoringEffect":{"type":"String","metadata":{"displayName":"A
+ maximum of 3 owners should be designated for your subscription","description":"Enable
+ or disable the monitoring of maximum owners in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityDesignateMoreThanOneOwnerMonitoringEffect":{"type":"String","metadata":{"displayName":"There
+ should be more than one owner assigned to your subscription","description":"Enable
+ or disable the monitoring of minimum owners in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled on accounts with owner permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with owner permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForWritePermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled accounts with write permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with write permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForReadPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled on accounts with read permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with read permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"Deprecated
+ accounts with owner permissions should be removed from your subscription","description":"Enable
+ or disable the monitoring of deprecated acounts with owner permissions in
+ subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveDeprecatedAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Deprecated
+ accounts should be removed from your subscription","description":"Enable or
+ disable the monitoring of deprecated acounts in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"External
+ accounts with owner permissions should be removed from your subscription","description":"Enable
+ or disable the monitoring of external acounts with owner permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"External
+ accounts with write permissions should be removed from your subscription","description":"Enable
+ or disable the monitoring of external acounts with write permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"External
+ accounts with read permissions should be removed from your subscription","description":"Enable
+ or disable the monitoring of external acounts with read permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppConfigureIPRestrictionsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
+ Configure IP restrictions for API App","description":"[Deprecated] Enable
+ or disable the monitoring of IP restrictions for API App","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"functionAppConfigureIPRestrictionsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
+ Configure IP restrictions for Function App","description":"[Deprecated] Enable
+ or disable the monitoring of IP restrictions for Function App","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"webAppConfigureIPRestrictionsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
+ Configure IP restrictions for Web App","description":"[Deprecated] Enable
+ or disable the monitoring of IP restrictions for Web App","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"apiAppDisableRemoteDebuggingMonitoringEffect":{"type":"String","metadata":{"displayName":"Remote
+ debugging should be turned off for API App","description":"Enable or disable
+ the monitoring of remote debugging for API App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"functionAppDisableRemoteDebuggingMonitoringEffect":{"type":"String","metadata":{"displayName":"Remote
+ debugging should be turned off for Function App","description":"Enable or
+ disable the monitoring of remote debugging for Function App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppDisableRemoteDebuggingMonitoringEffect":{"type":"String","metadata":{"displayName":"Remote
+ debugging should be turned off for Web Application","description":"Enable
+ or disable the monitoring of remote debugging for Web App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppAuditFtpsMonitoringEffect":{"type":"String","metadata":{"displayName":"FTPS
+ should be required in your API App","description":"Enable FTPS enforcement
+ for enhanced security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"functionAppAuditFtpsMonitoringEffect":{"type":"String","metadata":{"displayName":"FTPS
+ should be required in your Function App","description":"Enable FTPS enforcement
+ for enhanced security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppAuditFtpsMonitoringEffect":{"type":"String","metadata":{"displayName":"FTPS
+ should be required in your Web App","description":"Enable FTPS enforcement
+ for enhanced security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppUseManagedIdentityMonitoringEffect":{"type":"String","metadata":{"displayName":"A
+ managed identity should be used in your API App","description":"Use a managed
+ identity for enhanced authentication security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"functionAppUseManagedIdentityMonitoringEffect":{"type":"String","metadata":{"displayName":"A
+ managed identity should be used in your Function App","description":"Use a
+ managed identity for enhanced authentication security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppUseManagedIdentityMonitoringEffect":{"type":"String","metadata":{"displayName":"A
+ managed identity should be used in your Web App","description":"Use a managed
+ identity for enhanced authentication security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppRequireLatestTlsMonitoringEffect":{"type":"String","metadata":{"displayName":"Latest
+ TLS version should be used in your API App","description":"Upgrade to the
+ latest TLS version"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"functionAppRequireLatestTlsMonitoringEffect":{"type":"String","metadata":{"displayName":"Latest
+ TLS version should be used in your Function App","description":"Upgrade to
+ the latest TLS version"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppRequireLatestTlsMonitoringEffect":{"type":"String","metadata":{"displayName":"Latest
+ TLS version should be used in your Web App","description":"Upgrade to the
+ latest TLS version"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppDisableWebSocketsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
+ disable web sockets for API App","description":"[Deprecated] Enable or disable
+ the monitoring of web sockets for API App","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"functionAppDisableWebSocketsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
+ disable web sockets for Function App","description":"[Deprecated] Enable or
+ disable the monitoring of web sockets for Function App","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"webAppDisableWebSocketsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
+ disable web sockets for Web App","description":"[Deprecated] Enable or disable
+ the monitoring of web sockets for Web App","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"apiAppEnforceHttpsMonitoringEffect":{"type":"String","metadata":{"displayName":"API
+ App should only be accessible over HTTPS","description":"[Deprecated] Enable
+ or disable the monitoring of the use of HTTPS in API App","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"functionAppEnforceHttpsMonitoringEffect":{"type":"String","metadata":{"displayName":"Function
+ App should only be accessible over HTTPS","description":"[Deprecated] Enable
+ or disable the monitoring of the use of HTTPS in function App","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"webAppEnforceHttpsMonitoringEffect":{"type":"String","metadata":{"displayName":"Web
+ Application should only be accessible over HTTPS","description":"[Deprecated]
+ Enable or disable the monitoring of the use of HTTPS in Web App","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"apiAppEnforceHttpsMonitoringEffectV2":{"type":"String","metadata":{"displayName":"API
+ App should only be accessible over HTTPS V2","description":"Enable or disable
+ the monitoring of the use of HTTPS in API App V2"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"functionAppEnforceHttpsMonitoringEffectV2":{"type":"String","metadata":{"displayName":"Function
+ App should only be accessible over HTTPS V2","description":"Enable or disable
+ the monitoring of the use of HTTPS in function App V2"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"webAppEnforceHttpsMonitoringEffectV2":{"type":"String","metadata":{"displayName":"Web
+ Application should only be accessible over HTTPS V2","description":"Enable
+ or disable the monitoring of the use of HTTPS in Web App V2"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"apiAppRestrictCORSAccessMonitoringEffect":{"type":"String","metadata":{"displayName":"CORS
+ should not allow every resource to access your API App","description":"Enable
+ or disable the monitoring of CORS restrictions for API App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"functionAppRestrictCORSAccessMonitoringEffect":{"type":"String","metadata":{"displayName":"CORS
+ should not allow every resource to access your Function App","description":"Enable
+ or disable the monitoring of CORS restrictions for API Function"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppRestrictCORSAccessMonitoringEffect":{"type":"String","metadata":{"displayName":"CORS
+ should not allow every resource to access your Web Application","description":"Enable
+ or disable the monitoring of CORS restrictions for API Web"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppUsedCustomDomainsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
+ the custom domain use in API App","description":"[Deprecated] Enable or disable
+ the monitoring of custom domain use in API App","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"functionAppUsedCustomDomainsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
+ the custom domain use in Function App","description":"[Deprecated] Enable
+ or disable the monitoring of custom domain use in Function App","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"webAppUsedCustomDomainsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
+ the custom domain use in Web App","description":"[Deprecated] Enable or disable
+ the monitoring of custom domain use in Web App","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"apiAppUsedLatestDotNetMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
+ use latest .Net in API App","description":"[Deprecated] Enable or disable
+ the monitoring of .Net version in API App","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"webAppUsedLatestDotNetMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
+ use latest .Net in Web App","description":"[Deprecated] Enable or disable
+ the monitoring of .Net version in Web App","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"apiAppUsedLatestJavaMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
+ use latest Java in API App","description":"[Deprecated] Enable or disable
+ the monitoring of Java version in API App","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"webAppUsedLatestJavaMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
+ use latest Java in Web App","description":"[Deprecated] Enable or disable
+ the monitoring of Java version in Web App","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"webAppUsedLatestNodeJsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
+ use latest Node.js in Web App","description":"[Deprecated] Enable or disable
+ the monitoring of Node.js version in Web App","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"apiAppUsedLatestPHPMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
+ use latest PHP in API App","description":"[Deprecated] Enable or disable the
+ monitoring of PHP version in API App","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"webAppUsedLatestPHPMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
+ use latest PHP in Web App","description":"[Deprecated] Enable or disable the
+ monitoring of PHP version in Web App","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"apiAppUsedLatestPythonMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
+ use latest Python in API App","description":"[Deprecated] Enable or disable
+ the monitoring of Python version in API App","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"webAppUsedLatestPythonMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
+ use latest Python in Web App","description":"[Deprecated] Enable or disable
+ the monitoring of Python version in Web App","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"vnetEnableDDoSProtectionMonitoringEffect":{"type":"String","metadata":{"displayName":"DDoS
+ Protection Standard should be enabled","description":"Enable or disable the
+ monitoring of DDoS protection for virtual network"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInIoTHubMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in IoT Hub should be enabled","description":"Enable or disable the monitoring
+ of diagnostic logs in IoT Hubs"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInIoTHubRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (in days) of logs in IoT Hub accounts","description":"The required
+ diagnostic logs retention period in days"},"defaultValue":"365"},"sqlServerAdvancedDataSecurityMonitoringEffect":{"type":"String","metadata":{"displayName":"Advanced
+ data security should be enabled on your SQL servers","description":"Enable
+ or disable the monitoring of SQL servers without Advanced Data Security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"sqlManagedInstanceAdvancedDataSecurityMonitoringEffect":{"type":"String","metadata":{"displayName":"Advanced
+ data security should be enabled on your SQL managed instances","description":"Enable
+ or disable the monitoring of SQL managed instances without Advanced Data Security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"sqlServerAdvancedDataSecurityEmailsMonitoringEffect":{"type":"String","metadata":{"displayName":"Advanced
+ data security settings for SQL server should contain an email address to receive
+ security alerts","description":"Enable or disable the monitoring that advanced
+ data security settings for SQL server contain at least one email address to
+ receive security alerts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"sqlManagedInstanceAdvancedDataSecurityEmailsMonitoringEffect":{"type":"String","metadata":{"displayName":"Advanced
+ data security settings for SQL managed instance should contain an email address
+ to receive security alerts","description":"Enable or disable the monitoring
+ that advanced data security settings for SQL managed instance contain at least
+ one email address to receive security alerts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"sqlServerAdvancedDataSecurityEmailAdminsMonitoringEffect":{"type":"String","metadata":{"displayName":"Email
+ notifications to admins and subscription owners should be enabled in SQL server
+ advanced data security settings","description":"Enable or disable auditing
+ that ''email notification to admins and subscription owners'' is enabled in
+ the SQL Server advanced threat protection settings. This ensures that any
+ detections of anomalous activities on SQL server are reported as soon as possible
+ to the admins."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoringEffect":{"type":"String","metadata":{"displayName":"Email
+ notifications to admins and subscription owners should be enabled in SQL managed
+ instance advanced data security settings","description":"Enable or disable
+ auditing that ''email notification to admins and subscription owners'' is
+ enabled in the SQL Server advanced threat protection settings. This ensures
+ that any detections of anomalous activities on SQL managed instance are reported
+ as soon as possible to the admins."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"kubernetesServiceRbacEnabledMonitoringEffect":{"type":"String","metadata":{"displayName":"Role-Based
+ Access Control (RBAC) should be used on Kubernetes Services","description":"Enable
+ or disable the monitoring of Kubernetes Services without RBAC enabled"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"kubernetesServicePspEnabledMonitoringEffect":{"type":"String","metadata":{"displayName":"Pod
+ Security Policies should be defined on Kubernetes Services","description":"Enable
+ or disable the monitoring of Kubernetes Services without Pod Security Policy
+ enabled"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"kubernetesServiceAuthorizedIPRangesEnabledMonitoringEffect":{"type":"String","metadata":{"displayName":"Authorized
+ IP ranges should be defined on Kubernetes Services","description":"Enable
+ or disable the monitoring of Kubernetes Services without Authorized IP Ranges
+ enabled"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"kubernetesServiceVersionUpToDateMonitoringEffect":{"type":"String","metadata":{"displayName":"Kubernetes
+ Services should be upgraded to a non vulnerable Kubernetes version","description":"Enable
+ or disable the monitoring of the Kubernetes Services with versions that contain
+ known vulnerabilities"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerability
+ assessment should be enabled on your SQL managed instances","description":"Audit
+ SQL managed instances which do not have recurring vulnerability assessment
+ scans enabled. Vulnerability assessment can discover, track, and help you
+ remediate potential database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vulnerabilityAssessmentOnServerMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerability
+ assessment should be enabled on your SQL servers","description":"Audit Azure
+ SQL servers which do not have recurring vulnerability assessment scans enabled.
+ Vulnerability assessment can discover, track, and help you remediate potential
+ database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"threatDetectionTypesOnManagedInstanceMonitoringEffect":{"type":"String","metadata":{"displayName":"Advanced
+ Threat Protection types should be set to ''All'' in SQL managed instance Advanced
+ Data Security settings","description":"It is recommended to enable all Advanced
+ Threat Protection types on your SQL servers. Enabling all types protects against
+ SQL injection, database vulnerabilities, and any other anomalous activities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"threatDetectionTypesOnServerMonitoringEffect":{"type":"String","metadata":{"displayName":"Advanced
+ Threat Protection types should be set to ''All'' in SQL server Advanced Data
+ Security settings","description":"It is recommended to enable all Advanced
+ Threat Protection types on your SQL servers. Enabling all types protects against
+ SQL injection, database vulnerabilities, and any other anomalous activities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"adaptiveNetworkHardeningsMonitoringEffect":{"type":"String","metadata":{"displayName":"Network
+ Security Group Rules for Internet facing virtual machines should be hardened","description":"Enable
+ or disable the monitoring of Internet-facing virtual machines for Network
+ Security Group traffic hardening recommendations"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"restrictAccessToManagementPortsMonitoringEffect":{"type":"String","metadata":{"displayName":"Management
+ ports should be closed on your virtual machines","description":"Enable or
+ disable the monitoring of open management ports on Virtual Machines"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"restrictAccessToAppServicesMonitoringEffect":{"type":"String","metadata":{"displayName":"Access
+ to App Services should be restricted","description":"Enable or disable the
+ monitoring of permissive network access to app-services"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"disableIPForwardingMonitoringEffect":{"type":"String","metadata":{"displayName":"IP
+ Forwarding on your virtual machine should be disabled","description":"Enable
+ or disable the monitoring of IP forwarding on virtual machines"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect":{"type":"String","metadata":{"displayName":"SQL
+ server TDE protector should be encrypted with your own key","description":"Enable
+ or disable the monitoring of Transparent Data Encryption (TDE) with your own
+ key support. TDE with your own key support provides increased transparency
+ and control over the TDE Protector, increased security with an HSM-backed
+ external service, and promotion of separation of duties."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect":{"type":"String","metadata":{"displayName":"SQL
+ managed instance TDE protector should be encrypted with your own key","description":"Enable
+ or disable the monitoring of Transparent Data Encryption (TDE) with your own
+ key support. TDE with your own key support provides increased transparency
+ and control over the TDE Protector, increased security with an HSM-backed
+ external service, and promotion of separation of duties."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"containerBenchmarkMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities
+ in container security configurations should be remediated","description":"Enable
+ or disable container benchmark monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"ASCDependencyAgentAuditWindowsEffect":{"type":"String","metadata":{"displayName":"Audit
+ Dependency Agent for Windows VMs monitoring","description":"Enable or disable
+ Dependency Agent for Windows VMs"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"ASCDependencyAgentAuditLinuxEffect":{"type":"String","metadata":{"displayName":"Audit
+ Dependency Agent for Linux VMs monitoring","description":"Enable or disable
+ Dependency Agent for Linux VMs"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssEndpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{"effect":{"value":"[parameters(''vmssEndpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInIoTHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInIoTHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInIoTHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceFabricMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"accessRulesInEventHubNamespaceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","parameters":{"effect":{"value":"[parameters(''accessRulesInEventHubNamespaceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"accessRulesInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d","parameters":{"effect":{"value":"[parameters(''accessRulesInEventHubMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"useRbacRulesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{"effect":{"value":"[parameters(''useRbacRulesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInStreamAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"secureTransferToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''secureTransferToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInSqlServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInSqlServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"namespaceAuthorizationRulesInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","parameters":{"effect":{"value":"[parameters(''namespaceAuthorizationRulesInServiceBusMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceBusMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInServiceBusRetentionDays'')]"}}},{"policyDefinitionReferenceId":"clusterProtectionLevelInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{"effect":{"value":"[parameters(''clusterProtectionLevelInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInSearchServiceRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInRedisCacheMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInRedisCacheMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInLogicAppsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInLogicAppsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInLogicAppsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInKeyVaultMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInKeyVaultMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInKeyVaultRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInEventHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInEventHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeStoreMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"classicStorageAccountsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{"effect":{"value":"[parameters(''classicStorageAccountsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"classicComputeVMsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''classicComputeVMsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInBatchAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInBatchAccountMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInBatchAccountRetentionDays'')]"}}},{"policyDefinitionReferenceId":"encryptionOfAutomationAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{"effect":{"value":"[parameters(''encryptionOfAutomationAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSelectiveAppServicesMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSelectiveAppServicesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''sqlDbEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAuditingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAuditingActionsAndGroupsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingActionsAndGroupsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"SqlServerAuditingRetentionDaysMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{"effect":{"value":"[parameters(''SqlServerAuditingRetentionDaysMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnSubnetsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnSubnetsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnVirtualMachinesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemConfigurationsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{"effect":{"value":"[parameters(''systemConfigurationsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"endpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{"effect":{"value":"[parameters(''endpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"serverVulnerabilityAssessment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''serverVulnerabilityAssessmentEffect'')]"}}},{"policyDefinitionReferenceId":"webApplicationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{"effect":{"value":"[parameters(''webApplicationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''nextGenerationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''sqlDbVulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbDataClassificationMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349","parameters":{"effect":{"value":"[parameters(''sqlDbDataClassificationMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateLessThanOwnersMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{"effect":{"value":"[parameters(''identityDesignateLessThanOwnersMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateMoreThanOneOwnerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{"effect":{"value":"[parameters(''identityDesignateMoreThanOneOwnerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''apiAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{"effect":{"value":"[parameters(''functionAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''webAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppAuditFtpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5","parameters":{"effect":{"value":"[parameters(''apiAppAuditFtpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppAuditFtpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","parameters":{"effect":{"value":"[parameters(''webAppAuditFtpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppAuditFtpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15","parameters":{"effect":{"value":"[parameters(''functionAppAuditFtpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppUseManagedIdentityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","parameters":{"effect":{"value":"[parameters(''apiAppUseManagedIdentityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppUseManagedIdentityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332","parameters":{"effect":{"value":"[parameters(''webAppUseManagedIdentityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppUseManagedIdentityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f","parameters":{"effect":{"value":"[parameters(''functionAppUseManagedIdentityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{"effect":{"value":"[parameters(''apiAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{"effect":{"value":"[parameters(''webAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{"effect":{"value":"[parameters(''functionAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''apiAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"apiAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","parameters":{"effect":{"value":"[parameters(''apiAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5","parameters":{"effect":{"value":"[parameters(''functionAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vnetEnableDDoSProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{"effect":{"value":"[parameters(''vnetEnableDDoSProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityEmailsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityEmailsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityEmailsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityEmailsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityEmailAdminsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityEmailAdminsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceRbacEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''kubernetesServiceRbacEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServicePspEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94","parameters":{"effect":{"value":"[parameters(''kubernetesServicePspEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceVersionUpToDateMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{"effect":{"value":"[parameters(''kubernetesServiceVersionUpToDateMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceAuthorizedIPRangesEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e246bcf-5f6f-4f87-bc6f-775d4712c7ea","parameters":{"effect":{"value":"[parameters(''kubernetesServiceAuthorizedIPRangesEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"threatDetectionTypesOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{"effect":{"value":"[parameters(''threatDetectionTypesOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"threatDetectionTypesOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{"effect":{"value":"[parameters(''threatDetectionTypesOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToManagementPortsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{"effect":{"value":"[parameters(''restrictAccessToManagementPortsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToAppServicesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a833ff1-d297-4a0f-9944-888428f8e0ff","parameters":{"effect":{"value":"[parameters(''restrictAccessToAppServicesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableIPForwardingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744","parameters":{"effect":{"value":"[parameters(''disableIPForwardingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"containerBenchmarkMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{"effect":{"value":"[parameters(''containerBenchmarkMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ASCDependencyAgentAuditWindowsEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2f2ee1de-44aa-4762-b6bd-0893fc3f306d","parameters":{"effect":{"value":"[parameters(''ASCDependencyAgentAuditWindowsEffect'')]"}}},{"policyDefinitionReferenceId":"ASCDependencyAgentAuditLinuxEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/04c4380f-3fae-46e8-96c9-30193528f602","parameters":{"effect":{"value":"[parameters(''ASCDependencyAgentAuditLinuxEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","type":"Microsoft.Authorization/policySetDefinitions","name":"1f3afdf9-d0c9-4c3d-847f-89da613e70a8"},{"properties":{"displayName":"Audit
+ Windows VMs that do not have the specified applications installed","policyType":"BuiltIn","description":"This
+ initiative deploys the policy requirements and audits Windows virtual machines
+ that do not have the specified applications installed. For more information
+ on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"parameters":{"installedApplication":{"type":"String","metadata":{"displayName":"Application
+ names (supports wildcards)","description":"A semicolon-separated list of the
+ names of the applications that should be installed. e.g. ''Microsoft SQL Server
+ 2014 (64-bit); Microsoft Visual Studio Code'' or ''Microsoft SQL Server 2014*''
+ (to match any application starting with ''Microsoft SQL Server 2014'')"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_InstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6","parameters":{"installedApplication":{"value":"[parameters(''installedApplication'')]"}}},{"policyDefinitionReferenceId":"Audit_InstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/25ef9b72-4af2-4501-acd1-fc814e73dde1","type":"Microsoft.Authorization/policySetDefinitions","name":"25ef9b72-4af2-4501-acd1-fc814e73dde1"},{"properties":{"displayName":"[Preview]:
+ Audit UK OFFICIAL and UK NHS controls and deploy specific VM Extensions to
+ support audit requirements","policyType":"BuiltIn","description":"This initiative
+ includes policies that address a subset of UK OFFICIAL and UK NHS controls.
+ Additional policies will be added in upcoming releases. For more information,
+ please visit https://aka.ms/ukofficial-blueprint and https://aka.ms/uknhs-blueprint","metadata":{"category":"Regulatory
+ Compliance"},"parameters":{"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"List
+ of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmEtcPasswdFilePermissionsAreSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"DeployPrerequisitesAuditLinuxVmEtcPasswdFilePermissionsAreSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnauditedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVmDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorVmVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"AuditEnablementOfEncryptionOfAutomationAccountVariables","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{}},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AuditTheSettingOfClusterprotectionlevelPropertyToEncryptandsignInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditVMsThatDoNotUseManagedDisks","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{}},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{}},{"policyDefinitionReferenceId":"AuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"AuditVulnerabilityAssessmentShouldBeEnabledOnSQLServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{}},{"policyDefinitionReferenceId":"AuditVulnerabilityAssessmentShouldBeEnabledOnSQLManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"AudtiAdvancedThreatProtectionTypesAllInSQLManagedInstanceAdvancedDataSecuritySettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{}},{"policyDefinitionReferenceId":"AudtiAdvancedThreatProtectionTypesAllInSQLServerAdvancedDataSecuritySettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{}},{"policyDefinitionReferenceId":"TheNsGsRulesForWebApplicationsOnIaaSShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"MonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"MonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"AuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"MonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingsScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/3937f550-eedd-4639-9c5e-294358be442e","type":"Microsoft.Authorization/policySetDefinitions","name":"3937f550-eedd-4639-9c5e-294358be442e"},{"properties":{"displayName":"[Preview]:
+ Audit SWIFT CSP-CSCF v2020 controls and deploy specific VM Extensions to support
+ audit requirements","policyType":"BuiltIn","description":"This initiative
+ includes audit and VM Extension deployment policies that address a subset
+ of SWIFT CSP-CSCF v2020 controls. Additional policies will be added in upcoming
+ releases. For more information, please visit https://aka.ms/SWIFT-blueprint.","metadata":{"category":"Regulatory
+ Compliance"},"parameters":{"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"List
+ of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"workspaceIDsLogAnalyticsAgentShouldConnectTo":{"type":"String","metadata":{"displayName":"Connected
+ workspace IDs","description":"A semicolon-separated list of the workspace
+ IDs that the Log Analytics agent should be connected to"}},"listOfMembersToIncludeInWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"Members
+ to include","description":"A semicolon-separated list of members that should
+ be included in the Administrators local group. Ex: Administrator; myUser1;
+ myUser2"}},"domainNameFQDN":{"type":"String","metadata":{"displayName":"Domain
+ Name (FQDN)","description":"The fully qualified domain name (FQDN) that the
+ Windows VMs should be joined to"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"MfaShouldBeEnabledOnAccountsWithOwnerPermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"MfaShouldBeEnabledOnAccountsWithReadPermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"MfaShouldBeEnabledAccountsWithWritePermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"SystemUpdatesOnVirtualMachineScaleSetsShouldBeInstalled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{}},{"policyDefinitionReferenceId":"DeprecatedAccountsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"DeprecatedAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithReadPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithWritePermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"FunctionAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"WebApplicationShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"ApiAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"AMaximumOf3OwnersShouldBeDesignatedForYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"ThereShouldBeMoreThanOneOwnerAssignedToYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"DDoSProtectionStandardShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditLinuxVMsThatHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatAllowReUseOfThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditWindowsVMsThatAllowReUseOfThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","parameters":{}},{"policyDefinitionReferenceId":"EndpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"MonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"SystemUpdatesShouldBeInstalledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"AdaptiveApplicationControlsShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"JustInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesOnYourSqlDatabasesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"AccessThroughInternetFacingEndpointShouldBeRestricted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AnAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"SecureTransferToStorageAccountsShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AdvancedDataSecurityShouldBeEnabledOnYourSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"AuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{}},{"policyDefinitionReferenceId":"DeployRequirementsToAuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{}},{"policyDefinitionReferenceId":"TransparentDataEncryptionOnSqlDatabasesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"ServiceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfCustomRbacRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"AuditVMsThatDoNotUseManagedDisks","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","parameters":{}},{"policyDefinitionReferenceId":"VirtualMachineShouldBeMigratedToNewAzureResourceManagerResources","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{}},{"policyDefinitionReferenceId":"AutomationAccountVariablesShouldBeEncrypted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{}},{"policyDefinitionReferenceId":"StorageAccountsShouldBeMigratedToNewAzureResourceManagerResources","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{}},{"policyDefinitionReferenceId":"DiagnosticLogsInAzureStreamAnalyticsShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsOnWhichTheLogAnalyticsAgentIsNotConnectedAsExpected","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a030a57e-4639-4e8f-ade9-a92f33afe7ee","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditWindowsVMsOnWhichTheLogAnalyticsAgentIsNotConnectedAsExpected","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68511db2-bd02-41c4-ae6b-1900a012968a","parameters":{"WorkspaceId":{"value":"[parameters(''workspaceIDsLogAnalyticsAgentShouldConnectTo'')]"}}},{"policyDefinitionReferenceId":"NetworkSecurityGroupRulesForInternetFacingVirtualMachinesShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"EnsureThatSendAlertsToIsSetInSqlServerAdvancedDataSecuritySettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDependencyAgentDeploymentInVmssVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10","parameters":{}},{"policyDefinitionReferenceId":"AuditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"AuditWindowsVMsThatAreNotJoinedToTheSpecifiedDomain","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a29ee95c-0395-4515-9851-cc04ffe82a91","parameters":{}},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a","parameters":{}},{"policyDefinitionReferenceId":"DeployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","parameters":{"MembersToInclude":{"value":"[parameters(''listOfMembersToIncludeInWindowsVMAdministratorsGroup'')]"}}},{"policyDefinitionReferenceId":"DeployRequirementsToAuditWindowsVMsThatAreNotJoinedToTheSpecifiedDomain","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/315c850a-272d-4502-8935-b79010405970","parameters":{"DomainName":{"value":"[parameters(''domainNameFQDN'')]"}}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/3e0c67fc-8c7c-406c-89bd-6b6bdc986a22","type":"Microsoft.Authorization/policySetDefinitions","name":"3e0c67fc-8c7c-406c-89bd-6b6bdc986a22"},{"properties":{"displayName":"[Preview]:
+ Audit VMs with insecure password security settings","policyType":"BuiltIn","description":"This
+ initiative deploys the policy requirements and audits virtual machines with
+ insecure password security settings. For more information on Guest Configuration
+ policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_MaximumPasswordAge","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934"},{"policyDefinitionReferenceId":"Deploy_MinimumPasswordAge","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df"},{"policyDefinitionReferenceId":"Deploy_PasswordMustMeetComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8"},{"policyDefinitionReferenceId":"Deploy_StorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78"},{"policyDefinitionReferenceId":"Deploy_EnforcePasswordHistory","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6"},{"policyDefinitionReferenceId":"Deploy_MinimumPasswordLength","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca"},{"policyDefinitionReferenceId":"Deploy_PasswordPolicy_msid110","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592"},{"policyDefinitionReferenceId":"Deploy_PasswordPolicy_msid121","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9"},{"policyDefinitionReferenceId":"Deploy_PasswordPolicy_msid232","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe"},{"policyDefinitionReferenceId":"Audit_MaximumPasswordAge","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc"},{"policyDefinitionReferenceId":"Audit_MinimumPasswordAge","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7"},{"policyDefinitionReferenceId":"Audit_PasswordMustMeetComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb"},{"policyDefinitionReferenceId":"Audit_StorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6"},{"policyDefinitionReferenceId":"Audit_EnforcePasswordHistory","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293"},{"policyDefinitionReferenceId":"Audit_MinimumPasswordLength","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec"},{"policyDefinitionReferenceId":"Audit_PasswordPolicy_msid110","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83"},{"policyDefinitionReferenceId":"Audit_PasswordPolicy_msid121","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b"},{"policyDefinitionReferenceId":"Audit_PasswordPolicy_msid232","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6","type":"Microsoft.Authorization/policySetDefinitions","name":"3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6"},{"properties":{"displayName":"[Preview]:
+ Audit PCI v3.2.1:2018 controls and deploy specific VM Extensions to support
+ audit requirements","policyType":"BuiltIn","description":"This initiative
+ includes audit and VM Extension deployment policies that address a subset
+ of PCI v3.2.1:2018 controls. Additional policies will be added in upcoming
+ releases. For more information, please visit https://aka.ms/pciv321-init.","metadata":{"category":"Regulatory
+ Compliance"},"parameters":{"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"List
+ of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"previewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"previewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"previewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"previewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"previewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"previewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"previewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"previewAuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"previewAuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"previewAuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"previewAuditMaximumNumberOfOwnersForASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"previewAuditMinimumNumberOfOwnersForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorUnauditedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorUnencryptedVmDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"accessThroughInternetFacingEndpointShouldBeRestricted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorVmVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"auditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"auditEnablementOfEncryptionOfAutomationAccountVariables","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{}},{"policyDefinitionReferenceId":"auditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"auditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"auditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"auditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"auditTheSettingOfClusterprotectionlevelPropertyToEncryptandsignInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{}},{"policyDefinitionReferenceId":"auditUseOfClassicStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{}},{"policyDefinitionReferenceId":"auditUseOfClassicVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{}},{"policyDefinitionReferenceId":"auditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"auditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"auditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/496eeda9-8f2f-4d5e-8dfd-204f0a92ed41","type":"Microsoft.Authorization/policySetDefinitions","name":"496eeda9-8f2f-4d5e-8dfd-204f0a92ed41"},{"properties":{"displayName":"[Preview]:
+ Audit Canada Federal PBMM controls and deploy specific VM Extensions to support
+ audit requirements","policyType":"BuiltIn","description":"This initiative
+ includes audit and VM Extension deployment policies that address a subset
+ of Canada Federal PBMM controls. Additional policies will be added in upcoming
+ releases. For more information, please visit https://aka.ms/canadafederalPBMM-blueprint","metadata":{"category":"Regulatory
+ Compliance"},"parameters":{"logAnalyticsWorkspaceIdforVMReporting":{"type":"String","metadata":{"displayName":"Log
+ Analytics Workspace Id that VMs should be configured for","description":"This
+ is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured
+ for."}},"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"List
+ of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"listOfMembersToExcludeFromWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"Members
+ to exclude","description":"A semicolon-separated list of members that should
+ be excluded in the Administrators local group. Ex: Administrator; myUser1;
+ myUser2"}},"listOfMembersToIncludeInWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"Members
+ to include","description":"A semicolon-separated list of members that should
+ be included in the Administrators local group. Ex: Administrator; myUser1;
+ myUser2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"MfaShouldBeEnabledOnAccountsWithOwnerPermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"MfaShouldBeEnabledAccountsWithWritePermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"SystemUpdatesOnVirtualMachineScaleSetsShouldBeInstalled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{}},{"policyDefinitionReferenceId":"CorsShouldNotAllowEveryResourceToAccessYourWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{}},{"policyDefinitionReferenceId":"DeprecatedAccountsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"DeprecatedAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithReadPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithWritePermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"FunctionAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"WebApplicationShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"ApiAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVmssVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdforVMreporting'')]"}}},{"policyDefinitionReferenceId":"AMaximumOf3OwnersShouldBeDesignatedForYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"ThereShouldBeMoreThanOneOwnerAssignedToYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"DDoSProtectionStandardShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatAllowReUseOfThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"EndpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditLinuxVMsThatHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditWindowsVMsThatAllowReUseOfThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"NetworkSecurityGroupRulesForInternetFacingVirtualMachinesShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"MonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"SystemUpdatesShouldBeInstalledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"AdaptiveApplicationControlsShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"JustInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesOnYourSqlDatabasesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"DiskEncryptionShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesShouldBeRemediatedByAVulnerabilityAssessmentSolution","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AnAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"SecureTransferToStorageAccountsShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AdvancedDataSecurityShouldBeEnabledOnYourManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"AuditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"AdvancedDataSecurityShouldBeEnabledOnYourSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de","parameters":{}},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a","parameters":{}},{"policyDefinitionReferenceId":"AuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{}},{"policyDefinitionReferenceId":"TransparentDataEncryptionOnSqlDatabasesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"ServiceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"DeployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","parameters":{"MembersToExclude":{"value":"[parameters(''listOfMembersToExcludeFromWindowsVMAdministratorsGroup'')]"}}},{"policyDefinitionReferenceId":"DeployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","parameters":{"MembersToInclude":{"value":"[parameters(''listOfMembersToIncludeInWindowsVMAdministratorsGroup'')]"}}},{"policyDefinitionReferenceId":"DeployRequirementsToAuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{}},{"policyDefinitionReferenceId":"TheNsGsRulesForWebApplicationsOnIaaSShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/4c4a5f27-de81-430b-b4e5-9cbd50595a87","type":"Microsoft.Authorization/policySetDefinitions","name":"4c4a5f27-de81-430b-b4e5-9cbd50595a87"},{"properties":{"displayName":"[Preview]:
+ Audit Windows VMs on which the remote host connection status does not match
+ the specified one","policyType":"BuiltIn","description":"This initiative deploys
+ the policy requirements and audits Windows virtual machines on which the remote
+ host connection status does not match the specified one. For more information
+ on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"parameters":{"host":{"type":"String","metadata":{"displayName":"Remote
+ Host Name","description":"Specifies the Domain Name System (DNS) name or IP
+ address of the remote host machine."}},"port":{"type":"String","metadata":{"displayName":"Port","description":"The
+ TCP port number on the remote host name."}},"shouldConnect":{"type":"String","metadata":{"displayName":"Should
+ connect to remote host","description":"Must be ''True'' or ''False''. ''True''
+ indicates that the virtual machine should be able to establish a connection
+ with the remote host specified, so the machine will be non-compliant if it
+ cannot establish a connection. ''False'' indicates that the virtual machine
+ should not be able to establish a connection with the remote host specified,
+ so the machine will be non-compliant if it can establish a connection."},"allowedValues":["True","False"],"defaultValue":"False"}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_WindowsRemoteConnection","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bb36dda-8a78-4df9-affd-4f05a8612a8a","parameters":{"host":{"value":"[parameters(''host'')]"},"port":{"value":"[parameters(''port'')]"},"shouldConnect":{"value":"[parameters(''shouldConnect'')]"}}},{"policyDefinitionReferenceId":"Audit_WindowsRemoteConnection","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02a84be7-c304-421f-9bb7-5d2c26af54ad"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/4ddaefff-7c78-4824-9b27-5c344f3cdf90","type":"Microsoft.Authorization/policySetDefinitions","name":"4ddaefff-7c78-4824-9b27-5c344f3cdf90"},{"properties":{"displayName":"Audit
+ Windows VMs that are not set to the specified time zone","policyType":"BuiltIn","description":"This
+ initiative deploys the policy requirements and audits Windows virtual machines
+ that are not set to the specified time zone. For more information on Guest
+ Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"parameters":{"TimeZone":{"type":"String","metadata":{"displayName":"Time
+ zone","description":"The expected time zone"},"allowedValues":["(UTC-12:00)
+ International Date Line West","(UTC-11:00) Coordinated Universal Time-11","(UTC-10:00)
+ Aleutian Islands","(UTC-10:00) Hawaii","(UTC-09:30) Marquesas Islands","(UTC-09:00)
+ Alaska","(UTC-09:00) Coordinated Universal Time-09","(UTC-08:00) Baja California","(UTC-08:00)
+ Coordinated Universal Time-08","(UTC-08:00) Pacific Time (US & Canada)","(UTC-07:00)
+ Arizona","(UTC-07:00) Chihuahua, La Paz, Mazatlan","(UTC-07:00) Mountain Time
+ (US & Canada)","(UTC-06:00) Central America","(UTC-06:00) Central Time (US
+ & Canada)","(UTC-06:00) Easter Island","(UTC-06:00) Guadalajara, Mexico City,
+ Monterrey","(UTC-06:00) Saskatchewan","(UTC-05:00) Bogota, Lima, Quito, Rio
+ Branco","(UTC-05:00) Chetumal","(UTC-05:00) Eastern Time (US & Canada)","(UTC-05:00)
+ Haiti","(UTC-05:00) Havana","(UTC-05:00) Indiana (East)","(UTC-05:00) Turks
+ and Caicos","(UTC-04:00) Asuncion","(UTC-04:00) Atlantic Time (Canada)","(UTC-04:00)
+ Caracas","(UTC-04:00) Cuiaba","(UTC-04:00) Georgetown, La Paz, Manaus, San
+ Juan","(UTC-04:00) Santiago","(UTC-03:30) Newfoundland","(UTC-03:00) Araguaina","(UTC-03:00)
+ Brasilia","(UTC-03:00) Cayenne, Fortaleza","(UTC-03:00) City of Buenos Aires","(UTC-03:00)
+ Greenland","(UTC-03:00) Montevideo","(UTC-03:00) Punta Arenas","(UTC-03:00)
+ Saint Pierre and Miquelon","(UTC-03:00) Salvador","(UTC-02:00) Coordinated
+ Universal Time-02","(UTC-02:00) Mid-Atlantic - Old","(UTC-01:00) Azores","(UTC-01:00)
+ Cabo Verde Is.","(UTC) Coordinated Universal Time","(UTC+00:00) Dublin, Edinburgh,
+ Lisbon, London","(UTC+00:00) Monrovia, Reykjavik","(UTC+00:00) Sao Tome","(UTC+01:00)
+ Casablanca","(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna","(UTC+01:00)
+ Belgrade, Bratislava, Budapest, Ljubljana, Prague","(UTC+01:00) Brussels,
+ Copenhagen, Madrid, Paris","(UTC+01:00) Sarajevo, Skopje, Warsaw, Zagreb","(UTC+01:00)
+ West Central Africa","(UTC+02:00) Amman","(UTC+02:00) Athens, Bucharest","(UTC+02:00)
+ Beirut","(UTC+02:00) Cairo","(UTC+02:00) Chisinau","(UTC+02:00) Damascus","(UTC+02:00)
+ Gaza, Hebron","(UTC+02:00) Harare, Pretoria","(UTC+02:00) Helsinki, Kyiv,
+ Riga, Sofia, Tallinn, Vilnius","(UTC+02:00) Jerusalem","(UTC+02:00) Kaliningrad","(UTC+02:00)
+ Khartoum","(UTC+02:00) Tripoli","(UTC+02:00) Windhoek","(UTC+03:00) Baghdad","(UTC+03:00)
+ Istanbul","(UTC+03:00) Kuwait, Riyadh","(UTC+03:00) Minsk","(UTC+03:00) Moscow,
+ St. Petersburg","(UTC+03:00) Nairobi","(UTC+03:30) Tehran","(UTC+04:00) Abu
+ Dhabi, Muscat","(UTC+04:00) Astrakhan, Ulyanovsk","(UTC+04:00) Baku","(UTC+04:00)
+ Izhevsk, Samara","(UTC+04:00) Port Louis","(UTC+04:00) Saratov","(UTC+04:00)
+ Tbilisi","(UTC+04:00) Volgograd","(UTC+04:00) Yerevan","(UTC+04:30) Kabul","(UTC+05:00)
+ Ashgabat, Tashkent","(UTC+05:00) Ekaterinburg","(UTC+05:00) Islamabad, Karachi","(UTC+05:00)
+ Qyzylorda","(UTC+05:30) Chennai, Kolkata, Mumbai, New Delhi","(UTC+05:30)
+ Sri Jayawardenepura","(UTC+05:45) Kathmandu","(UTC+06:00) Astana","(UTC+06:00)
+ Dhaka","(UTC+06:00) Omsk","(UTC+06:30) Yangon (Rangoon)","(UTC+07:00) Bangkok,
+ Hanoi, Jakarta","(UTC+07:00) Barnaul, Gorno-Altaysk","(UTC+07:00) Hovd","(UTC+07:00)
+ Krasnoyarsk","(UTC+07:00) Novosibirsk","(UTC+07:00) Tomsk","(UTC+08:00) Beijing,
+ Chongqing, Hong Kong, Urumqi","(UTC+08:00) Irkutsk","(UTC+08:00) Kuala Lumpur,
+ Singapore","(UTC+08:00) Perth","(UTC+08:00) Taipei","(UTC+08:00) Ulaanbaatar","(UTC+08:45)
+ Eucla","(UTC+09:00) Chita","(UTC+09:00) Osaka, Sapporo, Tokyo","(UTC+09:00)
+ Pyongyang","(UTC+09:00) Seoul","(UTC+09:00) Yakutsk","(UTC+09:30) Adelaide","(UTC+09:30)
+ Darwin","(UTC+10:00) Brisbane","(UTC+10:00) Canberra, Melbourne, Sydney","(UTC+10:00)
+ Guam, Port Moresby","(UTC+10:00) Hobart","(UTC+10:00) Vladivostok","(UTC+10:30)
+ Lord Howe Island","(UTC+11:00) Bougainville Island","(UTC+11:00) Chokurdakh","(UTC+11:00)
+ Magadan","(UTC+11:00) Norfolk Island","(UTC+11:00) Sakhalin","(UTC+11:00)
+ Solomon Is., New Caledonia","(UTC+12:00) Anadyr, Petropavlovsk-Kamchatsky","(UTC+12:00)
+ Auckland, Wellington","(UTC+12:00) Coordinated Universal Time+12","(UTC+12:00)
+ Fiji","(UTC+12:00) Petropavlovsk-Kamchatsky - Old","(UTC+12:45) Chatham Islands","(UTC+13:00)
+ Coordinated Universal Time+13","(UTC+13:00) Nuku''alofa","(UTC+13:00) Samoa","(UTC+14:00)
+ Kiritimati Island"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_WindowsTimeZone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c21f7060-c148-41cf-a68b-0ab3e14c764c","parameters":{"TimeZone":{"value":"[parameters(''TimeZone'')]"}}},{"policyDefinitionReferenceId":"Audit_WindowsTimeZone","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9f658460-46b7-43af-8565-94fc0662be38"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/538942d3-3fae-4fb6-9d94-744f9a51e7da","type":"Microsoft.Authorization/policySetDefinitions","name":"538942d3-3fae-4fb6-9d94-744f9a51e7da"},{"properties":{"displayName":"[Preview]:
+ Enable Azure Monitor for VMs","policyType":"BuiltIn","description":"Enable
+ Azure Monitor for the Virtual Machines (VMs) in the specified scope (Management
+ group, Subscription or resource group). Takes Log Analytics workspace as parameter.","metadata":{"category":"Monitoring"},"parameters":{"logAnalytics_1":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace"}},"listOfImageIdToInclude_windows":{"type":"Array","metadata":{"displayName":"Optional:
+ List of VM images that have supported Windows OS to add to scope","description":"Example
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
+ List of VM images that have supported Linux OS to add to scope","description":"Example
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyDefinitions":[{"policyDefinitionReferenceId":"LogAnalyticsExtension_Windows_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c","parameters":{"logAnalytics":{"value":"[parameters(''logAnalytics_1'')]"},"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"}}},{"policyDefinitionReferenceId":"LogAnalyticsExtension_Linux_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77","parameters":{"logAnalytics":{"value":"[parameters(''logAnalytics_1'')]"},"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}},{"policyDefinitionReferenceId":"DependencyAgentExtension_Windows_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","parameters":{"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"}}},{"policyDefinitionReferenceId":"DependencyAgentExtension_Linux_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee","parameters":{"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}},{"policyDefinitionReferenceId":"LogAnalytics_OSImage_Audit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}},{"policyDefinitionReferenceId":"DependencyAgent_OSImage_Audit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a","type":"Microsoft.Authorization/policySetDefinitions","name":"55f3eceb-5573-4f18-9695-226972c6d74a"},{"properties":{"displayName":"Audit
+ Windows VMs that are not joined to the specified domain","policyType":"BuiltIn","description":"This
+ initiative deploys the policy requirements and audits Windows virtual machines
+ that are not joined to the specified domain. For more information on Guest
+ Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"parameters":{"DomainName":{"type":"String","metadata":{"displayName":"Domain
+ Name (FQDN)","description":"The fully qualified domain name (FQDN) that the
+ Windows VMs should be joined to"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_WindowsDomainMembership","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/315c850a-272d-4502-8935-b79010405970","parameters":{"DomainName":{"value":"[parameters(''DomainName'')]"}}},{"policyDefinitionReferenceId":"Audit_WindowsDomainMembership","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a29ee95c-0395-4515-9851-cc04ffe82a91"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/6b3c1e80-8ae5-405b-b021-c23d13b3959f","type":"Microsoft.Authorization/policySetDefinitions","name":"6b3c1e80-8ae5-405b-b021-c23d13b3959f"},{"properties":{"displayName":"[Preview]:
+ Enable Azure Monitor for VM Scale Sets (VMSS)","policyType":"BuiltIn","description":"Enable
+ Azure Monitor for the VM Scale Sets in the specified scope (Management group,
+ Subscription or resource group). Takes Log Analytics workspace as parameter.
+ Note: if your scale set upgradePolicy is set to Manual, you need to apply
+ the extension to the all VMs in the set by calling upgrade on them. In CLI
+ this would be az vmss update-instances.","metadata":{"category":"Monitoring"},"parameters":{"logAnalytics_1":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace"}},"listOfImageIdToInclude_windows":{"type":"Array","metadata":{"displayName":"Optional:
+ List of VM images that have supported Windows OS to add to scope","description":"Example
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
+ List of VM images that have supported Linux OS to add to scope","description":"Example
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyDefinitions":[{"policyDefinitionReferenceId":"LogAnalyticsExtension_Windows_VMSS_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038","parameters":{"logAnalytics":{"value":"[parameters(''logAnalytics_1'')]"},"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"}}},{"policyDefinitionReferenceId":"LogAnalyticsExtension_Linux_VMSS_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069","parameters":{"logAnalytics":{"value":"[parameters(''logAnalytics_1'')]"},"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}},{"policyDefinitionReferenceId":"DependencyAgentExtension_Windows_VMSS_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9","parameters":{"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"}}},{"policyDefinitionReferenceId":"DependencyAgentExtension_Linux_VMSS_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0","parameters":{"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}},{"policyDefinitionReferenceId":"LogAnalytics_OSImage_VMSS_Audit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}},{"policyDefinitionReferenceId":"DependencyAgent_OSImage_VMSS_Audit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/75714362-cae7-409e-9b99-a8e5075b7fad","type":"Microsoft.Authorization/policySetDefinitions","name":"75714362-cae7-409e-9b99-a8e5075b7fad"},{"properties":{"displayName":"[Preview]:
+ Audit ISO 27001:2013 controls and deploy specific VM Extensions to support
+ audit requirements","policyType":"BuiltIn","description":"This initiative
+ includes audit and VM Extension deployment policies that address a subset
+ of ISO 27001:2013 controls. Additional policies will be added in upcoming
+ releases. For more information, please visit https://aka.ms/iso27001-blueprint.","metadata":{"category":"Regulatory
+ Compliance"},"parameters":{"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"List
+ of resource types that should have diagnostic logs enabled","strongType":"resourceTypes"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDependencyAgentDeploymentVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDependencyAgentDeploymentInVMSSVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmPasswdFilePermissions","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmShouldNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmEtcPasswdFilePermissionsAreSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVMSSVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditMaximumNumberOfOwnersForASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditMinimumNumberOfOwnersForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmShouldNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnauditedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVmDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedWebApplicationInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorVmVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"AuditEnablementOfEncryptionOfAutomationAccountVariables","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{}},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"AuditTheSettingOfClusterprotectionlevelPropertyToEncryptandsignInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{}},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{}},{"policyDefinitionReferenceId":"AuditVMsThatDoNotUseManagedDisks","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/89c6cddc-1c73-4ac1-b19c-54d1a15a42f2","type":"Microsoft.Authorization/policySetDefinitions","name":"89c6cddc-1c73-4ac1-b19c-54d1a15a42f2"},{"properties":{"displayName":"Audit
+ Windows web servers that are not using secure communication protocols","policyType":"BuiltIn","description":"This
+ initiative deploys the policy requirements and audits Windows web servers
+ that are not using secure communication protocols (TLS 1.1 or TLS 1.2). For
+ more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"parameters":{"MinimumTLSVersion":{"type":"String","metadata":{"displayName":"Minimum
+ TLS version","description":"The minimum TLS protocol version that should be
+ enabled. Windows web servers with lower TLS versions will be marked as non-compliant."},"allowedValues":["1.1","1.2"],"defaultValue":"1.1"}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_WindowsTLS","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{"MinimumTLSVersion":{"value":"[parameters(''MinimumTLSVersion'')]"}}},{"policyDefinitionReferenceId":"Audit_WindowsTLS","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/8bc55e6b-e9d5-4266-8dac-f688d151ec9c","type":"Microsoft.Authorization/policySetDefinitions","name":"8bc55e6b-e9d5-4266-8dac-f688d151ec9c"},{"properties":{"displayName":"Audit
+ Windows VMs on which the specified services are not installed and ''Running''","policyType":"BuiltIn","description":"This
+ initiative deploys the policy requirements and audits Windows virtual machines
+ on which the specified services are not installed and ''Running''. For more
+ information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"parameters":{"ServiceName":{"type":"String","metadata":{"displayName":"Service
+ names (supports wildcards)","description":"A semicolon-separated list of the
+ names of the services that should be installed and ''Running''. e.g. ''WinRm;Wi*''"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_WindowsServiceStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32b1e4d4-6cd5-47b4-a935-169da8a5c262","parameters":{"ServiceName":{"value":"[parameters(''ServiceName'')]"}}},{"policyDefinitionReferenceId":"Audit_WindowsServiceStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/8eeec860-e2fa-4f89-a669-84942c57225f","type":"Microsoft.Authorization/policySetDefinitions","name":"8eeec860-e2fa-4f89-a669-84942c57225f"},{"properties":{"displayName":"[Preview]:
+ Enable Data Protection Suite","policyType":"BuiltIn","description":"Enable
+ data protection for SQL servers. This initiative is assigned automatically
+ by Azure Security Center Standard Tier.","metadata":{"category":"Security
+ Center"},"parameters":{},"policyDefinitions":[{"policyDefinitionReferenceId":"deployThreatDetectionOnSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97","type":"Microsoft.Authorization/policySetDefinitions","name":"9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97"},{"properties":{"displayName":"[Preview]:
+ Audit Windows VMs on which Windows Defender Exploit Guard is not enabled","policyType":"BuiltIn","description":"This
+ initiative deploys the policy requirements and audits Windows virtual machines
+ on which Windows Defender Exploit Guard is not enabled. For more information
+ on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"parameters":{"NotAvailableMachineState":{"type":"String","metadata":{"displayName":"State
+ in which to show VMs on which Windows Defender Exploit Guard is not available","description":"Windows
+ Defender Exploit Guard is only available starting with Windows 10/Windows
+ Server with update 1709. Setting this value to ''Non-Compliant'' will make
+ machines with older versions on which Windows Defender Exploit Guard is not
+ available (such as Windows Server 2012 R2) non-compliant. Setting this value
+ to ''Compliant'' will make these machines compliant."},"allowedValues":["Compliant","Non-Compliant"],"defaultValue":"Non-Compliant"}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_WindowsDefenderExploitGuard","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a7a2bcf-f9be-4e35-9734-4f9657a70f1d","parameters":{"NotAvailableMachineState":{"value":"[parameters(''NotAvailableMachineState'')]"}}},{"policyDefinitionReferenceId":"Audit_WindowsDefenderExploitGuard","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/9d2fd8e6-95c8-410d-add0-43ada4241574","type":"Microsoft.Authorization/policySetDefinitions","name":"9d2fd8e6-95c8-410d-add0-43ada4241574"},{"properties":{"displayName":"Audit
+ HITRUST/HIPAA controls and deploy specific VM Extensions to support audit
+ requirements","policyType":"BuiltIn","description":"This initiative includes
+ policies that address a subset of HITRUST/HIPAA controls. Additional policies
+ will be added in upcoming releases. https://aka.ms/hipaa-blueprint","metadata":{"category":"Regulatory
+ Compliance"},"parameters":{"installedApplicationsOnWindowsVM":{"type":"String","metadata":{"displayName":"Application
+ names (supports wildcards)","description":"A semicolon-separated list of the
+ names of the applications that should be installed. e.g. ''Microsoft SQL Server
+ 2014 (64-bit); Microsoft Visual Studio Code'' or ''Microsoft SQL Server 2014*''
+ (to match any application starting with ''Microsoft SQL Server 2014'')"}},"DeployDiagnosticSettingsforNetworkSecurityGroupsstoragePrefix":{"type":"String","metadata":{"displayName":"Storage
+ Account Prefix for Regional Storage Account to deploy diagnostic settings
+ for Network Security Groups","description":"This prefix will be combined with
+ the network security group location to form the created storage account name."}},"DeployDiagnosticSettingsforNetworkSecurityGroupsrgName":{"type":"String","metadata":{"displayName":"Resource
+ Group Name for Storage Account (must exist) to deploy diagnostic settings
+ for Network Security Groups","description":"The resource group that the storage
+ account will be created in. This resource group must already exist.","strongType":"ExistingResourceGroups"}},"diagnosticsLogsInBatchAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Batch accounts should be enabled","description":"Enable or disable
+ the monitoring of diagnostic logs in Batch accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInBatchAccountRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (in days) for logs in Batch accounts","description":"The required
+ diagnostic logs retention period in days"},"defaultValue":"365"},"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect":{"type":"String","metadata":{"displayName":"SQL
+ managed instance TDE protector should be encrypted with your own key","description":"Enable
+ or disable the monitoring of Transparent Data Encryption (TDE) with your own
+ key support. TDE with your own key support provides increased transparency
+ and control over the TDE Protector, increased security with an HSM-backed
+ external service, and promotion of separation of duties."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diskEncryptionMonitoringEffect":{"type":"String","metadata":{"displayName":"Disk
+ encryption should be applied on virtual machines","description":"Enable or
+ disable the monitoring for VM disk encryption"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInSearchServiceMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Search services should be enabled","description":"Enable or disable
+ the monitoring of diagnostic logs in Azure Search service"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInSearchServiceRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (in days) of logs in Azure Search service","description":"The required
+ diagnostic logs retention period in days"},"defaultValue":"365"},"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerability
+ assessment should be enabled on your SQL managed instances","description":"Audit
+ SQL managed instances which do not have recurring vulnerability assessment
+ scans enabled. Vulnerability assessment can discover, track, and help you
+ remediate potential database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vulnerabilityAssesmentMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities
+ should be remediated by a Vulnerability Assessment solution","description":"Enable
+ or disable the detection of VM vulnerabilities by a vulnerability assessment
+ solution"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"EnableInsecureGuestLogons":{"type":"String","metadata":{"displayName":"Enable
+ insecure guest logons","description":"Specifies whether the SMB client will
+ allow insecure guest logons to an SMB server."},"defaultValue":"0"},"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain":{"type":"String","metadata":{"displayName":"Allow
+ simultaneous connections to the Internet or a Windows Domain","description":"Specify
+ whether to prevent computers from connecting to both a domain based network
+ and a non-domain based network at the same time. A value of 0 allows simultaneous
+ connections, and a value of 1 blocks them."},"defaultValue":"1"},"TurnOffMulticastNameResolution":{"type":"String","metadata":{"displayName":"Turn
+ off multicast name resolution","description":"Specifies whether LLMNR, a secondary
+ name resolution protocol that transmits using multicast over a local subnet
+ link on a single subnet, is enabled."},"defaultValue":"1"},"nextGenerationFirewallMonitoringEffect":{"type":"String","metadata":{"displayName":"Access
+ through Internet facing endpoint should be restricted","description":"Enable
+ or disable overly permissive inbound NSG rules monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect":{"type":"String","metadata":{"displayName":"SQL
+ server TDE protector should be encrypted with your own key","description":"Enable
+ or disable the monitoring of Transparent Data Encryption (TDE) with your own
+ key support. TDE with your own key support provides increased transparency
+ and control over the TDE Protector, increased security with an HSM-backed
+ external service, and promotion of separation of duties."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppDisableRemoteDebuggingMonitoringEffect":{"type":"String","metadata":{"displayName":"Remote
+ debugging should be turned off for API App","description":"Enable or disable
+ the monitoring of remote debugging for API App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"classicComputeVMsMonitoringEffect":{"type":"String","metadata":{"displayName":"Virtual
+ machines should be migrated to new Azure Resource Manager resources","description":"Enable
+ or disable the monitoring of classic compute VMs"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"disableUnrestrictedNetworkToStorageAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Audit
+ unrestricted network access to storage accounts","description":"Enable or
+ disable the monitoring of network access to storage account"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"adaptiveApplicationControlsMonitoringEffect":{"type":"String","metadata":{"displayName":"Adaptive
+ Application Controls should be enabled on virtual machines","description":"Enable
+ or disable the monitoring of application whitelisting in Azure Security Center"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"NetworkAccessRemotelyAccessibleRegistryPaths":{"type":"String","metadata":{"displayName":"Network
+ access: Remotely accessible registry paths","description":"Specifies which
+ registry paths will be accessible over the network, regardless of the users
+ or groups listed in the access control list (ACL) of the `winreg` registry
+ key."},"defaultValue":"System\\CurrentControlSet\\Control\\ProductOptions|#|System\\CurrentControlSet\\Control\\Server
+ Applications|#|Software\\Microsoft\\Windows NT\\CurrentVersion"},"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths":{"type":"String","metadata":{"displayName":"Network
+ access: Remotely accessible registry paths and sub-paths","description":"Specifies
+ which registry paths and sub-paths will be accessible over the network, regardless
+ of the users or groups listed in the access control list (ACL) of the `winreg`
+ registry key."},"defaultValue":"System\\CurrentControlSet\\Control\\Print\\Printers|#|System\\CurrentControlSet\\Services\\Eventlog|#|Software\\Microsoft\\OLAP
+ Server|#|Software\\Microsoft\\Windows NT\\CurrentVersion\\Print|#|Software\\Microsoft\\Windows
+ NT\\CurrentVersion\\Windows|#|System\\CurrentControlSet\\Control\\ContentIndex|#|System\\CurrentControlSet\\Control\\Terminal
+ Server|#|System\\CurrentControlSet\\Control\\Terminal Server\\UserConfig|#|System\\CurrentControlSet\\Control\\Terminal
+ Server\\DefaultUserConfiguration|#|Software\\Microsoft\\Windows NT\\CurrentVersion\\Perflib|#|System\\CurrentControlSet\\Services\\SysmonLog"},"NetworkAccessSharesThatCanBeAccessedAnonymously":{"type":"String","metadata":{"displayName":"Network
+ access: Shares that can be accessed anonymously","description":"Specifies
+ which network shares can be accessed by anonymous users. The default configuration
+ for this policy setting has little effect because all users have to be authenticated
+ before they can access shared resources on the server."},"defaultValue":"0"},"webAppDisableRemoteDebuggingMonitoringEffect":{"type":"String","metadata":{"displayName":"Remote
+ debugging should be turned off for Web Application","description":"Enable
+ or disable the monitoring of remote debugging for Web App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppEnforceHttpsMonitoringEffectV2":{"type":"String","metadata":{"displayName":"API
+ App should only be accessible over HTTPS V2","description":"Enable or disable
+ the monitoring of the use of HTTPS in API App V2"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"identityEnableMFAForWritePermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled accounts with write permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with write permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"jitNetworkAccessMonitoringEffect":{"type":"String","metadata":{"displayName":"Just-In-Time
+ network access control should be applied on virtual machines","description":"Enable
+ or disable the monitoring of network just In time access"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled on accounts with owner permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with owner permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"kubernetesServiceRbacEnabledMonitoringEffect":{"type":"String","metadata":{"displayName":"Role-Based
+ Access Control (RBAC) should be used on Kubernetes Services","description":"Enable
+ or disable the monitoring of Kubernetes Services without RBAC enabled"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"restrictAccessToManagementPortsMonitoringEffect":{"type":"String","metadata":{"displayName":"Management
+ ports should be closed on your virtual machines","description":"Enable or
+ disable the monitoring of open management ports on Virtual Machines"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vmssOsVulnerabilitiesMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities
+ in security configuration on your virtual machine scale sets should be remediated","description":"Enable
+ or disable virtual machine scale sets OS vulnerabilities monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInEventHubMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Event Hub should be enabled","description":"Enable or disable the
+ monitoring of diagnostic logs in Event Hub accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInEventHubRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (in days) of logs in Event Hub accounts","description":"The required
+ diagnostic logs retention period in days"},"defaultValue":"365"},"vmssSystemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"System
+ updates on virtual machine scale sets should be installed","description":"Enable
+ or disable virtual machine scale sets reporting of system updates"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInServiceFabricMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Virtual Machine Scale Sets should be enabled","description":"Enable
+ or disable the monitoring of diagnostic logs in Service Fabric"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"systemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"System
+ updates should be installed on your machines","description":"Enable or disable
+ reporting of system updates"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"DeployAzureBaselineSecurityOptionsAccountsAccountsGuestAccountStatus":{"type":"String","metadata":{"displayName":"Accounts:
+ Guest account status","description":"Specifies whether the local Guest account
+ is disabled."},"defaultValue":"0"},"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"type":"String","metadata":{"displayName":"Recovery
+ console: Allow floppy copy and access to all drives and all folders","description":"Specifies
+ whether to make the Recovery Console SET command available, which allows setting
+ of recovery console environment variables."},"defaultValue":"0"},"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"type":"String","metadata":{"displayName":"Audit:
+ Shut down system immediately if unable to log security audits","description":"Audits
+ if the system will shut down when unable to log Security events."},"defaultValue":"0"},"DeployAzureBaselineSystemAuditPoliciesDetailedTrackingAuditProcessTermination":{"type":"String","metadata":{"displayName":"Audit
+ Process Termination","description":"Specifies whether audit events are generated
+ when a process has exited. Recommended for monitoring termination of critical
+ processes."},"allowedValues":["No Auditing","Success","Failure","Success and
+ Failure"],"defaultValue":"No Auditing"},"WindowsFirewallDomainUseProfileSettings":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Use profile settings","description":"Specifies whether
+ Windows Firewall with Advanced Security uses the settings for the Domain profile
+ to filter network traffic. If you select Off, Windows Firewall with Advanced
+ Security will not use any of the firewall rules or connection security rules
+ for this profile."},"defaultValue":"1"},"WindowsFirewallDomainBehaviorForOutboundConnections":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Behavior for outbound connections","description":"Specifies
+ the behavior for outbound connections for the Domain profile that do not match
+ an outbound firewall rule. The default value of 0 means to allow connections,
+ and a value of 1 means to block connections."},"defaultValue":"0"},"WindowsFirewallDomainApplyLocalConnectionSecurityRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Apply local connection security rules","description":"Specifies
+ whether local administrators are allowed to create connection security rules
+ that apply together with connection security rules configured by Group Policy
+ for the Domain profile."},"defaultValue":"1"},"WindowsFirewallDomainApplyLocalFirewallRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Apply local firewall rules","description":"Specifies whether
+ local administrators are allowed to create local firewall rules that apply
+ together with firewall rules configured by Group Policy for the Domain profile."},"defaultValue":"1"},"WindowsFirewallDomainDisplayNotifications":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Display notifications","description":"Specifies whether
+ Windows Firewall with Advanced Security displays notifications to the user
+ when a program is blocked from receiving inbound connections, for the Domain
+ profile."},"defaultValue":"1"},"WindowsFirewallPrivateUseProfileSettings":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Use profile settings","description":"Specifies whether
+ Windows Firewall with Advanced Security uses the settings for the Private
+ profile to filter network traffic. If you select Off, Windows Firewall with
+ Advanced Security will not use any of the firewall rules or connection security
+ rules for this profile."},"defaultValue":"1"},"WindowsFirewallPrivateBehaviorForOutboundConnections":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Behavior for outbound connections","description":"Specifies
+ the behavior for outbound connections for the Private profile that do not
+ match an outbound firewall rule. The default value of 0 means to allow connections,
+ and a value of 1 means to block connections."},"defaultValue":"0"},"WindowsFirewallPrivateApplyLocalConnectionSecurityRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Apply local connection security rules","description":"Specifies
+ whether local administrators are allowed to create connection security rules
+ that apply together with connection security rules configured by Group Policy
+ for the Private profile."},"defaultValue":"1"},"WindowsFirewallPrivateApplyLocalFirewallRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Apply local firewall rules","description":"Specifies whether
+ local administrators are allowed to create local firewall rules that apply
+ together with firewall rules configured by Group Policy for the Private profile."},"defaultValue":"1"},"WindowsFirewallPrivateDisplayNotifications":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Display notifications","description":"Specifies whether
+ Windows Firewall with Advanced Security displays notifications to the user
+ when a program is blocked from receiving inbound connections, for the Private
+ profile."},"defaultValue":"1"},"WindowsFirewallPublicUseProfileSettings":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Use profile settings","description":"Specifies whether
+ Windows Firewall with Advanced Security uses the settings for the Public profile
+ to filter network traffic. If you select Off, Windows Firewall with Advanced
+ Security will not use any of the firewall rules or connection security rules
+ for this profile."},"defaultValue":"1"},"WindowsFirewallPublicBehaviorForOutboundConnections":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Behavior for outbound connections","description":"Specifies
+ the behavior for outbound connections for the Public profile that do not match
+ an outbound firewall rule. The default value of 0 means to allow connections,
+ and a value of 1 means to block connections."},"defaultValue":"0"},"WindowsFirewallPublicApplyLocalConnectionSecurityRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Apply local connection security rules","description":"Specifies
+ whether local administrators are allowed to create connection security rules
+ that apply together with connection security rules configured by Group Policy
+ for the Public profile."},"defaultValue":"1"},"WindowsFirewallPublicApplyLocalFirewallRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Apply local firewall rules","description":"Specifies whether
+ local administrators are allowed to create local firewall rules that apply
+ together with firewall rules configured by Group Policy for the Public profile."},"defaultValue":"1"},"WindowsFirewallPublicDisplayNotifications":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Display notifications","description":"Specifies whether
+ Windows Firewall with Advanced Security displays notifications to the user
+ when a program is blocked from receiving inbound connections, for the Public
+ profile."},"defaultValue":"1"},"WindowsFirewallDomainAllowUnicastResponse":{"type":"String","metadata":{"displayName":"Windows
+ Firewall: Domain: Allow unicast response","description":"Specifies whether
+ Windows Firewall with Advanced Security permits the local computer to receive
+ unicast responses to its outgoing multicast or broadcast messages; for the
+ Domain profile."},"defaultValue":"0"},"WindowsFirewallPrivateAllowUnicastResponse":{"type":"String","metadata":{"displayName":"Windows
+ Firewall: Private: Allow unicast response","description":"Specifies whether
+ Windows Firewall with Advanced Security permits the local computer to receive
+ unicast responses to its outgoing multicast or broadcast messages; for the
+ Private profile."},"defaultValue":"0"},"WindowsFirewallPublicAllowUnicastResponse":{"type":"String","metadata":{"displayName":"Windows
+ Firewall: Public: Allow unicast response","description":"Specifies whether
+ Windows Firewall with Advanced Security permits the local computer to receive
+ unicast responses to its outgoing multicast or broadcast messages; for the
+ Public profile."},"defaultValue":"1"},"CertificateThumbprints":{"type":"String","metadata":{"displayName":"Certificate
+ thumbprints","description":"A semicolon-separated list of certificate thumbprints
+ that should exist under the Trusted Root certificate store (Cert:\\LocalMachine\\Root).
+ e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"DeploydefaultMicrosoftIaaSAntimalwareextensionforWindowsServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc","parameters":{}},{"policyDefinitionReferenceId":"diagnosticsLogsInBatchAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInBatchAccountMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInBatchAccountRetentionDays'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"RequireencryptiononDataLakeStoreaccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a","parameters":{}},{"policyDefinitionReferenceId":"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"AuditSQLTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"Deploy_InstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6","parameters":{"installedApplication":{"value":"[parameters(''installedApplicationsOnWindowsVM'')]"}}},{"policyDefinitionReferenceId":"Audit_InstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9","parameters":{}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21e2995e-683e-497a-9e81-2f42ad07050a","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/498b810c-59cd-4222-9338-352ba146ccf3","parameters":{"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"value":"[parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SystemAuditPoliciesAccountManagement","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/225e937e-d32e-4713-ab74-13ce95b3519a","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SystemAuditPoliciesAccountManagement","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29","parameters":{}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SystemAuditPoliciesDetailedTracking","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9a33475-481d-4b81-9116-0bf02ffe67e8","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SystemAuditPoliciesDetailedTracking","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/42a07bbf-ffcf-459a-b4b1-30ecd118a505","parameters":{"AuditProcessTermination":{"value":"[parameters(''DeployAzureBaselineSystemAuditPoliciesDetailedTrackingAuditProcessTermination'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInSearchServiceRetentionDays'')]"}}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsMicrosoftNetworkServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6fe4ef56-7576-4dc4-8e9c-26bad4b087ce","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsMicrosoftNetworkServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86880e5c-df35-43c5-95ad-7e120635775e","parameters":{}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_AdministrativeTemplatesNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7229bd6a-693d-478a-87f0-1dc1af06f3b8","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_AdministrativeTemplatesNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/985285b7-b97a-419c-8d48-c88cc934c8d8","parameters":{"EnableInsecureGuestLogons":{"value":"[parameters(''EnableInsecureGuestLogons'')]"},"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain":{"value":"[parameters(''AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain'')]"},"TurnOffMulticastNameResolution":{"value":"[parameters(''TurnOffMulticastNameResolution'')]"}}},{"policyDefinitionReferenceId":"Deploynetworkwatcherwhenvirtualnetworksarecreated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9","parameters":{}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_WindowsFirewallProperties","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8bbd627e-4d25-4906-9a6e-3789780af3ec","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_WindowsFirewallProperties","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/909c958d-1b99-4c74-b88f-46a5c5bc34f9","parameters":{"WindowsFirewallDomainUseProfileSettings":{"value":"[parameters(''WindowsFirewallDomainUseProfileSettings'')]"},"WindowsFirewallDomainBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallDomainBehaviorForOutboundConnections'')]"},"WindowsFirewallDomainApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallDomainApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalFirewallRules'')]"},"WindowsFirewallDomainDisplayNotifications":{"value":"[parameters(''WindowsFirewallDomainDisplayNotifications'')]"},"WindowsFirewallPrivateUseProfileSettings":{"value":"[parameters(''WindowsFirewallPrivateUseProfileSettings'')]"},"WindowsFirewallPrivateBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPrivateBehaviorForOutboundConnections'')]"},"WindowsFirewallPrivateApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallPrivateApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalFirewallRules'')]"},"WindowsFirewallPrivateDisplayNotifications":{"value":"[parameters(''WindowsFirewallPrivateDisplayNotifications'')]"},"WindowsFirewallPublicUseProfileSettings":{"value":"[parameters(''WindowsFirewallPublicUseProfileSettings'')]"},"WindowsFirewallPublicBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPublicBehaviorForOutboundConnections'')]"},"WindowsFirewallPublicApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallPublicApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalFirewallRules'')]"},"WindowsFirewallPublicDisplayNotifications":{"value":"[parameters(''WindowsFirewallPublicDisplayNotifications'')]"},"WindowsFirewallDomainAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallDomainAllowUnicastResponse'')]"},"WindowsFirewallPrivateAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPrivateAllowUnicastResponse'')]"},"WindowsFirewallPublicAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPublicAllowUnicastResponse'')]"}}},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''nextGenerationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''apiAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"classicComputeVMsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''classicComputeVMsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"DeployDiagnosticSettingsforNetworkSecurityGroups","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89","parameters":{"storagePrefix":{"value":"[parameters(''DeployDiagnosticSettingsforNetworkSecurityGroupsstoragePrefix'')]"},"rgName":{"value":"[parameters(''DeployDiagnosticSettingsforNetworkSecurityGroupsrgName'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsNetworkAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30040dab-4e75-4456-8273-14b8f75d91d9","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsNetworkAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f56a3ab2-89d1-44de-ac0d-2ada5962e22a","parameters":{"NetworkAccessRemotelyAccessibleRegistryPaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPaths'')]"},"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths'')]"},"NetworkAccessSharesThatCanBeAccessedAnonymously":{"value":"[parameters(''NetworkAccessSharesThatCanBeAccessedAnonymously'')]"}}},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''webAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"AuditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"Audit_WindowsCertificateInTrustedRoot","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b9ad83-000d-4dc1-bff0-6d54533dd03f","parameters":{}},{"policyDefinitionReferenceId":"Deploy_WindowsCertificateInTrustedRoot","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/106ccbe4-a791-4f33-a44a-06796944b8d5","parameters":{"CertificateThumbprints":{"value":"[parameters(''CertificateThumbprints'')]"}}},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''apiAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceRbacEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''kubernetesServiceRbacEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b872a447-cc6f-43b9-bccf-45703cd81607","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e5b81f87-9185-4224-bf00-9f505e9f89f3","parameters":{"AccountsGuestAccountStatus":{"value":"[parameters(''DeployAzureBaselineSecurityOptionsAccountsAccountsGuestAccountStatus'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToManagementPortsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{"effect":{"value":"[parameters(''restrictAccessToManagementPortsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInEventHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInEventHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceFabricMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsRecoveryconsole","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b"},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsRecoveryconsole","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b","parameters":{"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/a169a624-5599-4385-a696-c8d643089fab","type":"Microsoft.Authorization/policySetDefinitions","name":"a169a624-5599-4385-a696-c8d643089fab"},{"properties":{"displayName":"Audit
+ Windows Server VMs on which Windows Serial Console is not enabled","policyType":"BuiltIn","description":"This
+ initiative deploys the policy requirements and audits Windows Server virtual
+ machines on which Windows Serial Console is not enabled. For more information
+ on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"parameters":{"EMSPortNumber":{"type":"String","metadata":{"displayName":"EMS
+ Port Number","description":"An integer indicating the COM port to be used
+ for the Emergency Management Services (EMS) console redirection. For more
+ information on EMS settings, please visit https://aka.ms/gcpolwsc"},"allowedValues":["1","2","3","4"],"defaultValue":"1"},"EMSBaudRate":{"type":"String","metadata":{"displayName":"EMS
+ Baud Rate","description":"An integer indicating the baud rate to be used for
+ the Emergency Management Services (EMS) console redirection. For more information
+ on EMS settings, please visit https://aka.ms/gcpolwsc"},"allowedValues":["9600","19200","38400","57600","115200"],"defaultValue":"115200"}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_WindowsSerialConsole","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a031c68-d6ab-406e-a506-697a19c634b0","parameters":{"EMSPortNumber":{"value":"[parameters(''EMSPortNumber'')]"},"EMSBaudRate":{"value":"[parameters(''EMSBaudRate'')]"}}},{"policyDefinitionReferenceId":"Audit_WindowsSerialConsole","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d7ccd0ca-8d78-42af-a43d-6b7f928accbc"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/acb6cd8e-45f5-466f-b3cb-ff6fce525f71","type":"Microsoft.Authorization/policySetDefinitions","name":"acb6cd8e-45f5-466f-b3cb-ff6fce525f71"},{"properties":{"displayName":"Audit
+ Windows VMs in which the Administrators group contains any of the specified
+ members","policyType":"BuiltIn","description":"This initiative deploys the
+ policy requirements and audits Windows virtual machines in which the Administrators
+ group contains any of the specified members. For more information on Guest
+ Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"parameters":{"MembersToExclude":{"type":"String","metadata":{"displayName":"Members
+ to exclude","description":"A semicolon-separated list of members that should
+ be excluded in the Administrators local group. Ex: Administrator; myUser1;
+ myUser2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_AdministratorsGroupMembersToExclude","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","parameters":{"MembersToExclude":{"value":"[parameters(''MembersToExclude'')]"}}},{"policyDefinitionReferenceId":"Audit_AdministratorsGroupMembersToExclude","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/add1999e-a61c-46d3-b8c3-f35fb8398175","type":"Microsoft.Authorization/policySetDefinitions","name":"add1999e-a61c-46d3-b8c3-f35fb8398175"},{"properties":{"displayName":"[Preview]:
+ Audit Windows VMs that contain certificates expiring within the specified
+ number of days","policyType":"BuiltIn","description":"This initiative deploys
+ the policy requirements and audits Windows virtual machines that contain certificates
+ expiring within the specified number of days. For more information on Guest
+ Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"parameters":{"CertificateStorePath":{"type":"String","metadata":{"displayName":"Certificate
+ store path","description":"The path to the certificate store containing the
+ certificates to check the expiration dates of. Default value is ''Cert:''
+ which is the root certificate store path, so all certificates on the machine
+ will be checked. Other example paths: ''Cert:\\LocalMachine'', ''Cert:\\LocalMachine\\TrustedPublisher'',
+ ''Cert:\\CurrentUser''"},"defaultValue":"Cert:"},"ExpirationLimitInDays":{"type":"String","metadata":{"displayName":"Expiration
+ limit in days","description":"An integer indicating the number of days within
+ which to check for certificates that are expiring. For example, if this value
+ is 30, any certificate expiring within the next 30 days will cause this policy
+ to be non-compliant."},"defaultValue":"30"},"CertificateThumbprintsToInclude":{"type":"String","metadata":{"displayName":"Certificate
+ thumbprints to include","description":"A semicolon-separated list of certificate
+ thumbprints to check under the specified path. If a value is not specified,
+ all certificates under the certificate store path will be checked. If a value
+ is specified, no certificates other than those with the thumbprints specified
+ will be checked. e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3"},"defaultValue":""},"CertificateThumbprintsToExclude":{"type":"String","metadata":{"displayName":"Certificate
+ thumbprints to exclude","description":"A semicolon-separated list of certificate
+ thumbprints to ignore. e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3"},"defaultValue":""},"IncludeExpiredCertificates":{"type":"String","metadata":{"displayName":"Include
+ expired certificates","description":"Must be ''true'' or ''false''. True indicates
+ that any found certificates that have already expired will also make this
+ policy non-compliant. False indicates that certificates that have expired
+ will be be ignored."},"allowedValues":["true","false"],"defaultValue":"false"}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_CertificateExpiration","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c5fbc59e-fb6f-494f-81e2-d99a671bdaa8","parameters":{"CertificateStorePath":{"value":"[parameters(''CertificateStorePath'')]"},"ExpirationLimitInDays":{"value":"[parameters(''ExpirationLimitInDays'')]"},"CertificateThumbprintsToInclude":{"value":"[parameters(''CertificateThumbprintsToInclude'')]"},"CertificateThumbprintsToExclude":{"value":"[parameters(''CertificateThumbprintsToExclude'')]"},"IncludeExpiredCertificates":{"value":"[parameters(''IncludeExpiredCertificates'')]"}}},{"policyDefinitionReferenceId":"Audit_CertificateExpiration","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9328f27e-611e-44a7-a244-39109d7d35ab"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/b6f5e05c-0aaa-4337-8dd4-357c399d12ae","type":"Microsoft.Authorization/policySetDefinitions","name":"b6f5e05c-0aaa-4337-8dd4-357c399d12ae"},{"properties":{"displayName":"[Preview]:
+ Audit Windows VMs that have not restarted within the specified number of days","policyType":"BuiltIn","description":"This
+ initiative deploys the policy requirements and audits Windows virtual machines
+ that have not restarted within the specified number of days. For more information
+ on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"parameters":{"NumberOfDays":{"type":"String","metadata":{"displayName":"Number
+ of days","description":"The number of days without restart until the machine
+ is considered non-compliant"},"defaultValue":"12"}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_MachineLastBootUpTime","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4b245d4-46c9-42be-9b1a-49e2b5b94194","parameters":{"NumberOfDays":{"value":"[parameters(''NumberOfDays'')]"}}},{"policyDefinitionReferenceId":"Audit_MachineLastBootUpTime","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7e84ba44-6d03-46fd-950e-5efa5a1112fa"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/b8b5b0a8-b809-4e5d-8082-382c686e35b7","type":"Microsoft.Authorization/policySetDefinitions","name":"b8b5b0a8-b809-4e5d-8082-382c686e35b7"},{"properties":{"displayName":"[Preview]:
+ Audit Windows VMs on which the DSC configuration is not compliant","policyType":"BuiltIn","description":"This
+ initiative deploys the policy requirements and audits Windows VMs on which
+ the Desired State Configuration (DSC) configuration is not compliant. This
+ policy is only applicable to machines with WMF 4 and above. For more information
+ on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_WindowsDscConfiguration","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d38b4c26-9d2e-47d7-aefe-18d859a8706a"},{"policyDefinitionReferenceId":"Audit_WindowsDscConfiguration","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7227ebe5-9ff7-47ab-b823-171cd02fb90f"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/c58599d5-0d51-454f-aaf1-da18a5e76edd","type":"Microsoft.Authorization/policySetDefinitions","name":"c58599d5-0d51-454f-aaf1-da18a5e76edd"},{"properties":{"displayName":"Audit
+ Linux VMs that do not have the specified applications installed","policyType":"BuiltIn","description":"This
+ initiative deploys the policy requirements and audits Linux virtual machines
+ that do not have the specified applications installed. For more information
+ on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"parameters":{"ApplicationName":{"type":"String","metadata":{"displayName":"Application
+ names","description":"A semicolon-separated list of the names of the applications
+ that should be installed. e.g. ''python; powershell''"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_InstalledApplicationLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721","parameters":{"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}}},{"policyDefinitionReferenceId":"Audit_InstalledApplicationLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/c937dcb4-4398-4b39-8d63-4a6be432252e","type":"Microsoft.Authorization/policySetDefinitions","name":"c937dcb4-4398-4b39-8d63-4a6be432252e"},{"properties":{"displayName":"Audit
+ Windows VMs with a pending reboot","policyType":"BuiltIn","description":"This
+ initiative deploys the policy requirements and audits Windows virtual machines
+ with a pending reboot. For more information on Guest Configuration policies,
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_WindowsPendingReboot","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c96f3246-4382-4264-bf6b-af0b35e23c3c"},{"policyDefinitionReferenceId":"Audit_WindowsPendingReboot","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8b0de57a-f511-4d45-a277-17cb79cb163b"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/c96b2a9c-6fab-4ac2-ae21-502143491cd4","type":"Microsoft.Authorization/policySetDefinitions","name":"c96b2a9c-6fab-4ac2-ae21-502143491cd4"},{"properties":{"displayName":"Audit
+ Windows VMs that do not have the specified Windows PowerShell modules installed","policyType":"BuiltIn","description":"This
+ initiative deploys the policy requirements and audits Windows virtual machines
+ that do not have the specified Windows PowerShell modules installed. For more
+ information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"parameters":{"Modules":{"type":"String","metadata":{"displayName":"PowerShell
+ Modules","description":"A semicolon-separated list of the names of the PowerShell
+ modules that should be installed. You may also specify a specific version
+ of a module that should be installed by including a comma after the module
+ name, followed by the desired version. e.g. PSDscResources; SqlServerDsc,
+ 12.0.0.0; ComputerManagementDsc, 6.1.0.0"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_WindowsPowerShellModules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90ba2ee7-4ca8-4673-84d1-c851c50d3baf","parameters":{"Modules":{"value":"[parameters(''Modules'')]"}}},{"policyDefinitionReferenceId":"Audit_WindowsPowerShellModules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16f9b37c-4408-4c30-bc17-254958f2e2d6"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/c980fd64-c67f-49a6-a8a8-e57661150802","type":"Microsoft.Authorization/policySetDefinitions","name":"c980fd64-c67f-49a6-a8a8-e57661150802"},{"properties":{"displayName":"[Preview]:
+ Audit Windows VMs that do not contain the specified certificates in Trusted
+ Root","policyType":"BuiltIn","description":"This initiative deploys the policy
+ requirements and audits Windows VMs that do not contain the specified certificates
+ in the Trusted Root Certification Authorities certificate store (Cert:\\LocalMachine\\Root).
+ For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"parameters":{"CertificateThumbprints":{"type":"String","metadata":{"displayName":"Certificate
+ thumbprints","description":"A semicolon-separated list of certificate thumbprints
+ that should exist under the Trusted Root certificate store (Cert:\\LocalMachine\\Root).
+ e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_WindowsCertificateInTrustedRoot","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/106ccbe4-a791-4f33-a44a-06796944b8d5","parameters":{"CertificateThumbprints":{"value":"[parameters(''CertificateThumbprints'')]"}}},{"policyDefinitionReferenceId":"Audit_WindowsCertificateInTrustedRoot","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b9ad83-000d-4dc1-bff0-6d54533dd03f"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/cdfcc6ff-945e-4bc6-857e-056cbc511e0c","type":"Microsoft.Authorization/policySetDefinitions","name":"cdfcc6ff-945e-4bc6-857e-056cbc511e0c"},{"properties":{"displayName":"[Preview]:
+ Audit NIST SP 800-53 R4 controls and deploy specific VM Extensions to support
+ audit requirements","policyType":"BuiltIn","description":"This initiative
+ includes audit and VM Extension deployment policies that address a subset
+ of NIST SP 800-53 R4 controls. Additional policies will be added in upcoming
+ releases. For more information, please visit https://aka.ms/nist80053-blueprint.","metadata":{"category":"Regulatory
+ Compliance"},"parameters":{"logAnalyticsWorkspaceIdforVMReporting":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace ID for VM agent reporting"}},"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"List
+ of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"listOfMembersToExcludeFromWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"List
+ of users excluded from Windows VM Administrators group"}},"listOfMembersToIncludeInWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"List
+ of users that must be included in Windows VM Administrators group"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(2)"]},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"PreviewAuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewAuditCORSResourceAccessRestrictionsForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4"]},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentMImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVMSSVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceforVMPreviewReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdforVMreporting'')]"}},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditMaximumNumberOfOwnersForASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"PreviewAuditMinimumNumberOfOwnersForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-5"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAudiThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3","NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3","NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(2)","NIST_SP_800-53_R4_CM-7(5)","NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"PreviewMonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)","NIST_SP_800-53_R4_SC-7(3)","NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVMDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"PreviewMonitorVMVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}},"groupNames":["NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-16","NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SC-28(1)","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-16","NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SC-28(1)","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"AuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"AuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingsScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)","NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","parameters":{"MembersToExclude":{"value":"[parameters(''listOfMembersToExcludeFromWindowsVMAdministratorsGroup'')]"}},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","parameters":{"MembersToInclude":{"value":"[parameters(''listOfMembersToIncludeInWindowsVMAdministratorsGroup'')]"}},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"TheNsGsRulesForWebApplicationsOnIaaSShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1000","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ef3cc79-733e-48ed-ab6f-7bf439e9b406","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-1"]},{"policyDefinitionReferenceId":"ACF1001","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e26f8c3-4bf3-4191-b8fc-d888805101b7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-1"]},{"policyDefinitionReferenceId":"ACF1002","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/632024c2-8079-439d-a7f6-90af1d78cc65","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1003","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b68b179-3704-4ff7-b51d-7d65374d165d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1004","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c17822dc-736f-4eb4-a97d-e6be662ff835","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1005","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b626abc-26d4-4e22-9de8-3831818526b1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1006","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aae8d54c-4bce-4c04-b3aa-5b65b67caac8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1007","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17200329-bf6c-46d8-ac6d-abf4641c2add","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1008","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8356cfc6-507a-4d20-b818-08038011cd07","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1009","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b26f8610-e615-47c2-abd6-c00b2b0b503a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1010","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/784663a8-1eb0-418a-a98c-24d19bc1bb62","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1011","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7e6a54f3-883f-43d5-87c4-172dfd64a1f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1012","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/efd7b9ae-1db6-4eb6-b0fe-87e6565f9738","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1013","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fd7b917-d83b-4379-af60-51e14e316c61","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(1)"]},{"policyDefinitionReferenceId":"ACF1014","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5dee936c-8037-4df1-ab35-6635733da48c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(2)"]},{"policyDefinitionReferenceId":"ACF1015","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/544a208a-9c3f-40bc-b1d1-d7e144495c14","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(3)"]},{"policyDefinitionReferenceId":"ACF1016","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d8b43277-512e-40c3-ab00-14b3b6e72238","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(4)"]},{"policyDefinitionReferenceId":"ACF1017","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0fc3db37-e59a-48c1-84e9-1780cedb409e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(5)"]},{"policyDefinitionReferenceId":"ACF1018","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9121abf-e698-4ee9-b1cf-71ee528ff07f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1019","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a3ee9b2-3977-459c-b8ce-2db583abd9f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1020","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b291ee8-3140-4cad-beb7-568c077c78ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1021","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a3eb0a3-428d-4669-baff-20a14eb4b551","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(9)"]},{"policyDefinitionReferenceId":"ACF1022","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/411f7e2d-9a0b-4627-a0b9-1700432db47d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(10)"]},{"policyDefinitionReferenceId":"ACF1023","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e55698b6-3dea-4aa9-99b9-d8218c6ab6e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(11)"]},{"policyDefinitionReferenceId":"ACF1024","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84914fb4-12da-4c53-a341-a9fd463bed10","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)"]},{"policyDefinitionReferenceId":"ACF1025","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/adfe020d-0a97-45f4-a39c-696ef99f3a95","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)"]},{"policyDefinitionReferenceId":"ACF1026","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/55419419-c597-4cd4-b51e-009fd2266783","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(13)"]},{"policyDefinitionReferenceId":"ACF1027","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-3"]},{"policyDefinitionReferenceId":"ACF1028","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f171df5c-921b-41e9-b12b-50801c315475","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4"]},{"policyDefinitionReferenceId":"ACF1029","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4(8)"]},{"policyDefinitionReferenceId":"ACF1030","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d3531453-b869-4606-9122-29c1cd6e7ed1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4(21)"]},{"policyDefinitionReferenceId":"ACF1031","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b93a801-fe25-4574-a60d-cb22acffae00","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1032","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa85661-d618-46b8-a20f-ca40a86f0751","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1033","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48540f01-fc11-411a-b160-42807c68896e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1034","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02a5ed00-6d2e-4e97-9a98-46c32c057329","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6"]},{"policyDefinitionReferenceId":"ACF1035","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ca94b046-45e2-444f-a862-dc8ce262a516","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(1)"]},{"policyDefinitionReferenceId":"ACF1036","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a16d673-8cf0-4dcf-b1d5-9b3e114fef71","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(2)"]},{"policyDefinitionReferenceId":"ACF1037","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa4c2a3d-1294-41a3-9ada-0e540471e9fb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(3)"]},{"policyDefinitionReferenceId":"ACF1038","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26692e88-71b7-4a5f-a8ac-9f31dd05bd8e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(5)"]},{"policyDefinitionReferenceId":"ACF1039","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3a7b9de4-a8a2-4672-914d-c5f6752aa7f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"ACF1040","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/54205576-cec9-463f-ba44-b4b3f5d0a84c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"ACF1041","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b3d8d15b-627a-4219-8c96-4d16f788888b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(8)"]},{"policyDefinitionReferenceId":"ACF1042","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/319dc4f0-0fed-4ac9-8fc3-7aeddee82c07","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(9)"]},{"policyDefinitionReferenceId":"ACF1043","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/361a77f6-0f9c-4748-8eec-bc13aaaa2455","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(10)"]},{"policyDefinitionReferenceId":"ACF1044","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0abbac52-57cf-450d-8408-1208d0dd9e90","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7"]},{"policyDefinitionReferenceId":"ACF1045","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/554d2dd6-f3a8-4ad5-b66f-5ce23bd18892","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7"]},{"policyDefinitionReferenceId":"ACF1046","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b1aa965-7502-41f9-92be-3e2fe7cc392a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7(2)"]},{"policyDefinitionReferenceId":"ACF1047","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1048","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/483e7ca9-82b3-45a2-be97-b93163a0deb7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1049","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9adf7ba7-900a-4f35-8d57-9f34aafc405c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1050","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd20184c-b4ec-4ce5-8db6-6e86352d183f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-10"]},{"policyDefinitionReferenceId":"ACF1051","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7cac6ee9-b58b-40c8-a5ce-f0efc3d9b339","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11"]},{"policyDefinitionReferenceId":"ACF1052","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/027cae1c-ec3e-4492-9036-4168d540c42a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11"]},{"policyDefinitionReferenceId":"ACF1053","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7582b19c-9dba-438e-aed8-ede59ac35ba3","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11(1)"]},{"policyDefinitionReferenceId":"ACF1054","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5807e1b4-ba5e-4718-8689-a0ca05a191b2","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12"]},{"policyDefinitionReferenceId":"ACF1055","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/769efd9b-3587-4e22-90ce-65ddcd5bd969","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12(1)"]},{"policyDefinitionReferenceId":"ACF1056","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac43352f-df83-4694-8738-cfce549fd08d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12(1)"]},{"policyDefinitionReferenceId":"ACF1057","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/78255758-6d45-4bf0-a005-7016bc03b13c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-14"]},{"policyDefinitionReferenceId":"ACF1058","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/76e85d08-8fbb-4112-a1c1-93521e6a9254","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-14"]},{"policyDefinitionReferenceId":"ACF1059","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a29b5d9f-4953-4afe-b560-203a6410b6b4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17"]},{"policyDefinitionReferenceId":"ACF1060","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34a987fd-2003-45de-a120-014956581f2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17"]},{"policyDefinitionReferenceId":"ACF1061","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ac22808-a2e8-41c4-9d46-429b50738914","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"ACF1062","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4708723f-e099-4af1-bbf9-b6df7642e444","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(2)"]},{"policyDefinitionReferenceId":"ACF1063","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/593ce201-54b2-4dd0-b34f-c308005d7780","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(3)"]},{"policyDefinitionReferenceId":"ACF1064","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb4d9508-cbf0-4a3c-bb5c-6c95b159f3fb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(4)"]},{"policyDefinitionReferenceId":"ACF1065","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f87b8085-dca9-4cf1-8f7b-9822b997797c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(4)"]},{"policyDefinitionReferenceId":"ACF1066","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4455c2e8-c65d-4acf-895e-304916f90b36","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(9)"]},{"policyDefinitionReferenceId":"ACF1067","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c5e54f6-0127-44d0-8b61-f31dc8dd6190","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18"]},{"policyDefinitionReferenceId":"ACF1068","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d045bca-a0fd-452e-9f41-4ec33769717c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18"]},{"policyDefinitionReferenceId":"ACF1069","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/91c97b44-791e-46e9-bad7-ab7c4949edbb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(1)"]},{"policyDefinitionReferenceId":"ACF1070","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68f837d0-8942-4b1e-9b31-be78b247bda8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(3)"]},{"policyDefinitionReferenceId":"ACF1071","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a437f5b-9ad6-4f28-8861-de404d511ae4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(4)"]},{"policyDefinitionReferenceId":"ACF1072","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1ca29e41-34ec-4e70-aba9-6248aca18c31","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(5)"]},{"policyDefinitionReferenceId":"ACF1073","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ab55cdb0-c7dd-4bd8-ae22-a7cea7594e9c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19"]},{"policyDefinitionReferenceId":"ACF1074","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/27a69937-af92-4198-9b86-08d355c7e59a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19"]},{"policyDefinitionReferenceId":"ACF1075","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fc933d22-04df-48ed-8f87-22a3773d4309","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19(5)"]},{"policyDefinitionReferenceId":"ACF1076","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/98a4bd5f-6436-46d4-ad00-930b5b1dfed4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20"]},{"policyDefinitionReferenceId":"ACF1077","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2dad3668-797a-412e-a798-07d3849a7a79","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20"]},{"policyDefinitionReferenceId":"ACF1078","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b25faf85-8a16-4f28-8e15-d05c0072d64d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(1)"]},{"policyDefinitionReferenceId":"ACF1079","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/85c32733-7d23-4948-88da-058e2c56b60f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(1)"]},{"policyDefinitionReferenceId":"ACF1080","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/852981b4-a380-4704-aa1e-2e52d63445e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(2)"]},{"policyDefinitionReferenceId":"ACF1081","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3867f2a9-23bb-4729-851f-c3ad98580caf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-21"]},{"policyDefinitionReferenceId":"ACF1082","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24d480ef-11a0-4b1b-8e70-4e023bf2be23","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-21"]},{"policyDefinitionReferenceId":"ACF1083","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e319cb6-2ca3-4a58-ad75-e67f484e50ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1084","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d0eb15db-dd1c-4d1d-b200-b12dd6cd060c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1085","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13d117e0-38b0-4bbb-aaab-563be5dd10ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1086","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb321e6f-16a0-4be3-878f-500956e309c5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1087","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/100c82ba-42e9-4d44-a2ba-94b209248583","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-1"]},{"policyDefinitionReferenceId":"ACF1088","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d50f99d-1356-49c0-934a-45f742ba7783","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-1"]},{"policyDefinitionReferenceId":"ACF1089","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef080e67-0d1a-4f76-a0c5-fb9b0358485e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1090","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2fb740e5-cbc7-4d10-8686-d1bf826652b1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1091","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b23bd715-5d1c-4e5c-9759-9cbdf79ded9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1092","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8a29d47b-8604-4667-84ef-90d203fcb305","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2(2)"]},{"policyDefinitionReferenceId":"ACF1093","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a0bdeeb-15f4-47e8-a1da-9f769f845fdf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1094","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4b1853e0-8973-446b-b567-09d901d31a09","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1095","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc3f6f7a-057b-433e-9834-e8c97b0194f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1096","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/420c1477-aa43-49d0-bd7e-c4abdd9addff","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3(3)"]},{"policyDefinitionReferenceId":"ACF1097","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf3e4836-f19e-47eb-a8cd-c3ca150452c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3(4)"]},{"policyDefinitionReferenceId":"ACF1098","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84363adb-dde3-411a-9fc1-36b56737f822","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-4"]},{"policyDefinitionReferenceId":"ACF1099","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01910bab-8639-4bd0-84ef-cc53b24d79ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-4"]},{"policyDefinitionReferenceId":"ACF1100","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4057863c-ca7d-47eb-b1e0-503580cba8a4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-1"]},{"policyDefinitionReferenceId":"ACF1101","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7327b708-f0e0-457d-9d2a-527fcc9c9a65","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-1"]},{"policyDefinitionReferenceId":"ACF1102","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9943c16a-c54c-4b4a-ad28-bfd938cdbf57","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1103","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16feeb31-6377-437e-bbab-d7f73911896d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1104","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdd8d244-18b2-4306-a1d1-df175ae0935f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1105","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b73f57b-587d-4470-a344-0b0ae805f459","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1106","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d2b4feae-61ab-423f-a4c5-0e38ac4464d8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2(3)"]},{"policyDefinitionReferenceId":"ACF1107","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b29ed931-8e21-4779-8458-27916122a904","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3"]},{"policyDefinitionReferenceId":"ACF1108","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9ad559e-c12d-415e-9a78-e50fdd7da7ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(1)"]},{"policyDefinitionReferenceId":"ACF1109","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7d9ffa23-ad92-4d0d-b1f4-7db274cc2aec","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)"]},{"policyDefinitionReferenceId":"ACF1110","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6182bfa7-0f2a-43f5-834a-a2ddf31c13c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-4"]},{"policyDefinitionReferenceId":"ACF1111","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21de687c-f15e-4e51-bf8d-f35c8619965b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5"]},{"policyDefinitionReferenceId":"ACF1112","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d530aad8-4ee2-45f4-b234-c061dae683c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5"]},{"policyDefinitionReferenceId":"ACF1113","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/562afd61-56be-4313-8fe4-b9564aa4ba7d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5(1)"]},{"policyDefinitionReferenceId":"ACF1114","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c090801-59bc-4454-bb33-e0455133486a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5(2)"]},{"policyDefinitionReferenceId":"ACF1115","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b653845-2ad9-4e09-a4f3-5a7c1d78353d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6"]},{"policyDefinitionReferenceId":"ACF1116","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e47bc51-35d1-44b8-92af-e2f2d8b67635","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6"]},{"policyDefinitionReferenceId":"ACF1117","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7fbfe680-6dbb-4037-963c-a621c5635902","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(1)"]},{"policyDefinitionReferenceId":"ACF1118","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a96f743d-a195-420d-983a-08aa06bc441e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(3)"]},{"policyDefinitionReferenceId":"ACF1119","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/845f6359-b764-4b40-b579-657aefe23c44","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(4)"]},{"policyDefinitionReferenceId":"ACF1120","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c69b870e-857b-458b-af02-bb234f7a00d3","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(5)"]},{"policyDefinitionReferenceId":"ACF1121","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c72b0eb9-1fc2-44e5-a866-e7cb0532f7c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(6)"]},{"policyDefinitionReferenceId":"ACF1122","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/243ec95e-800c-49d4-ba52-1fdd9f6b8b57","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(7)"]},{"policyDefinitionReferenceId":"ACF1123","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03996055-37a4-45a5-8b70-3f1caa45f87d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(10)"]},{"policyDefinitionReferenceId":"ACF1124","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c10152dd-78f8-4335-ae2d-ad92cc028da4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7"]},{"policyDefinitionReferenceId":"ACF1125","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c6ce745a-670e-47d3-a6c4-3cfe5ef00c10","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7"]},{"policyDefinitionReferenceId":"ACF1126","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f37f71b-420f-49bf-9477-9c0196974ecf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7(1)"]},{"policyDefinitionReferenceId":"ACF1127","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3ce328db-aef3-48ed-9f81-2ab7cf839c66","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8"]},{"policyDefinitionReferenceId":"ACF1128","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef212163-3bc4-4e86-bcf8-705127086393","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8"]},{"policyDefinitionReferenceId":"ACF1129","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/71bb965d-4047-4623-afd4-b8189a58df5d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8(1)"]},{"policyDefinitionReferenceId":"ACF1130","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd7c4c1d-51ee-4349-9dab-89a7f8c8d102","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8(1)"]},{"policyDefinitionReferenceId":"ACF1131","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b472a17e-c2bc-493f-b50b-42d55a346962","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9"]},{"policyDefinitionReferenceId":"ACF1132","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05938e10-cdbd-4a54-9b2b-1cbcfc141ad0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(2)"]},{"policyDefinitionReferenceId":"ACF1133","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90b60a09-133d-45bc-86ef-b206a6134bbe","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(3)"]},{"policyDefinitionReferenceId":"ACF1134","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e95f70e-181c-4422-9da2-43079710c789","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(4)"]},{"policyDefinitionReferenceId":"ACF1135","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9c308b6b-2429-4b97-86cf-081b8e737b04","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-10"]},{"policyDefinitionReferenceId":"ACF1136","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/97ed5bac-a92f-4f6d-a8ed-dc094723597c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-11"]},{"policyDefinitionReferenceId":"ACF1137","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4344df62-88ab-4637-b97b-bcaf2ec97e7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1138","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9c284fc0-268a-4f29-af44-3c126674edb4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1139","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ed62522-de00-4dda-9810-5205733d2f34","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1140","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90d8b8ad-8ee3-4db7-913f-2a53fcff5316","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12(1)"]},{"policyDefinitionReferenceId":"ACF1141","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6fdefbf4-93e7-4513-bc95-c1858b7093e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12(3)"]},{"policyDefinitionReferenceId":"ACF1142","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01524fa8-4555-48ce-ba5f-c3b8dcef5147","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-1"]},{"policyDefinitionReferenceId":"ACF1143","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c6de11b-5f51-4f7c-8d83-d2467c8a816e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-1"]},{"policyDefinitionReferenceId":"ACF1144","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2fa15ff1-a693-4ee4-b094-324818dc9a51","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1145","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0724970-9c75-4a64-a225-a28002953f28","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1146","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd83410c-ecb6-4547-8f14-748c3cbdc7ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1147","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fef824a-29a8-4a4c-88fc-420a39c0d541","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1148","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28e62650-c7c2-4786-bdfa-17edc1673902","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(1)"]},{"policyDefinitionReferenceId":"ACF1149","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2e1b855b-a013-481a-aeeb-2bcb129fd35d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(2)"]},{"policyDefinitionReferenceId":"ACF1150","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d630429d-e763-40b1-8fba-d20ba7314afb","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(3)"]},{"policyDefinitionReferenceId":"ACF1151","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/347e3b69-7fb7-47df-a8ef-71a1a7b44bca","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1152","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/beff0acf-7e67-40b2-b1ca-1a0e8205cf1b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1153","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/61cf3125-142c-4754-8a16-41ab4d529635","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1154","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e757ceb9-93b3-45fe-a4f4-f43f64f1ac5a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3(3)"]},{"policyDefinitionReferenceId":"ACF1155","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d33f9f1-12d0-46ad-9fbd-8f8046694977","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3(5)"]},{"policyDefinitionReferenceId":"ACF1156","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d52e864-9a3b-41ee-8f03-520815fe5378","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-5"]},{"policyDefinitionReferenceId":"ACF1157","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/15495367-cf68-464c-bbc3-f53ca5227b7a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-5"]},{"policyDefinitionReferenceId":"ACF1158","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fff50cf2-28eb-45b4-b378-c99412688907","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1159","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0925f098-7877-450b-8ba4-d1e55f2d8795","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1160","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3e797ca6-2aa8-4333-b335-7036f1110c05","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1161","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2f8f6c6-dde4-436b-a79d-bc50e129eb3a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1162","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1163","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/961663a1-8a91-4e59-b6f5-1eee57c0f49c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1164","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0fb8d3ce-9e96-481c-9c68-88d4e3019310","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1165","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47e10916-6c9e-446b-b0bd-ff5fd439d79d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1166","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bb02733d-3cc5-4bb0-a6cd-695ba2c2272e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1167","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cbb2be76-4891-430b-95a7-ca0b0a3d1300","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1168","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82409f9e-1f32-4775-bf07-b99d53a91b06","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7(1)"]},{"policyDefinitionReferenceId":"ACF1169","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e7ba2cb3-5675-4468-8b50-8486bdd998a5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7(3)"]},{"policyDefinitionReferenceId":"ACF1170","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8b78b9b3-ee3c-48e0-a243-ed6dba5b7a12","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-8"]},{"policyDefinitionReferenceId":"ACF1171","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d4820bc-8b61-4982-9501-2123cb776c00","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-8(1)"]},{"policyDefinitionReferenceId":"ACF1172","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b43e946e-a4c8-4b92-8201-4a39331db43c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-9"]},{"policyDefinitionReferenceId":"ACF1173","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4aff9e7-2e60-46fa-86be-506b79033fc5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-9"]},{"policyDefinitionReferenceId":"ACF1174","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/42a9a714-8fbb-43ac-b115-ea12d2bd652f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-1"]},{"policyDefinitionReferenceId":"ACF1175","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6dab4254-c30d-4bb7-ae99-1d21586c063c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-1"]},{"policyDefinitionReferenceId":"ACF1176","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c30690a5-7bf3-467f-b0cd-ef5c7c7449cd","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2"]},{"policyDefinitionReferenceId":"ACF1177","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1178","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7818b8f4-47c6-441a-90ae-12ce04e99893","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1179","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3f9ce557-c8ab-4e6c-bb2c-9b8ed002c46c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1180","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/874e7880-a067-42a7-bcbe-1a340f54c8cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(2)"]},{"policyDefinitionReferenceId":"ACF1181","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21839937-d241-4fa5-95c6-b669253d9ab9","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(3)"]},{"policyDefinitionReferenceId":"ACF1182","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f34f554-da4b-4786-8d66-7915c90893da","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(7)"]},{"policyDefinitionReferenceId":"ACF1183","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5352e3e0-e63a-452e-9e5f-9c1d181cff9c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(7)"]},{"policyDefinitionReferenceId":"ACF1184","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13579d0e-0ab0-4b26-b0fb-d586f6d7ed20","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1185","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6420cd73-b939-43b7-9d99-e8688fea053c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1186","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b95ba3bd-4ded-49ea-9d10-c6f4b680813d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1187","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9f2b2f9e-4ba6-46c3-907f-66db138b6f85","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1188","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bb20548a-c926-4e4d-855c-bcddc6faf95e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1189","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ee45e02a-4140-416c-82c4-fecfea660b9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1190","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c66a3d1e-465b-4f28-9da5-aef701b59892","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1191","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f26a61b-a74d-467c-99cf-63644db144f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1192","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ebd97f7-b105-4f50-8daf-c51465991240","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1193","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f5fd629f-3075-4cae-ab53-bad65495a4ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1194","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc34667f-397e-4a65-9b72-d0358f0b6b09","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1195","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d1e1d65c-1013-4484-bd54-991332e6a0d2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1196","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e7f4ea4-dd62-44f6-8886-ac6137cf52b0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1197","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a20d2eaa-88e2-4907-96a2-8f3a05797e5c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(2)"]},{"policyDefinitionReferenceId":"ACF1198","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f56be5c3-660b-4c61-9078-f67cf072c356","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(4)"]},{"policyDefinitionReferenceId":"ACF1199","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9a08d1c-09b1-48f1-90ea-029bbdf7111e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(6)"]},{"policyDefinitionReferenceId":"ACF1200","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e98fe9d7-2ed3-44f8-93b7-24dca69783ff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-4"]},{"policyDefinitionReferenceId":"ACF1201","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7daef997-fdd3-461b-8807-a608a6dd70f1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-4(1)"]},{"policyDefinitionReferenceId":"ACF1202","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40a2a83b-74f2-4c02-ae65-f460a5d2792a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5"]},{"policyDefinitionReferenceId":"ACF1203","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9012d14-e3e6-4d7b-b926-9f37b5537066","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(1)"]},{"policyDefinitionReferenceId":"ACF1204","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f4f6750-d1ab-4a4c-8dfd-af3237682665","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(2)"]},{"policyDefinitionReferenceId":"ACF1205","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b070cab-0fb8-4e48-ad29-fc90b4c2797c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(3)"]},{"policyDefinitionReferenceId":"ACF1206","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e0de232d-02a0-4652-872d-88afb4ae5e91","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(5)"]},{"policyDefinitionReferenceId":"ACF1207","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8713a0ed-0d1e-4d10-be82-83dffb39830e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(5)"]},{"policyDefinitionReferenceId":"ACF1208","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5ea87673-d06b-456f-a324-8abcee5c159f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1209","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ce669c31-9103-4552-ae9c-cdef4e03580d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1210","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3502c968-c490-4570-8167-1476f955e9b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1211","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a8b9dc8-6b00-4701-aa96-bba3277ebf50","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1212","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/56d970ee-4efc-49c8-8a4e-5916940d784c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6(1)"]},{"policyDefinitionReferenceId":"ACF1213","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/81f11e32-a293-4a58-82cd-134af52e2318","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6(2)"]},{"policyDefinitionReferenceId":"ACF1214","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f714a4e2-b580-47b6-ae8c-f2812d3750f3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7"]},{"policyDefinitionReferenceId":"ACF1215","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88fc93e8-4745-4785-b5a5-b44bb92c44ff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7"]},{"policyDefinitionReferenceId":"ACF1216","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7894fe6a-f5cb-44c8-ba90-c3f254ff9484","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(1)"]},{"policyDefinitionReferenceId":"ACF1217","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/edea4f20-b02c-4115-be75-86c080e5c0ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(1)"]},{"policyDefinitionReferenceId":"ACF1218","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4a1d0394-b9f5-493e-9e83-563fd0ac4df8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(2)"]},{"policyDefinitionReferenceId":"ACF1219","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2a39ac75-622b-4c88-9a3f-45b7373f7ef7","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1220","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40f31a7-81e1-4130-99e5-a02ceea2a1d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1221","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22589a07-0007-486a-86ca-95355081ae2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1222","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb39e62f-6bda-4558-8088-ec03d5670914","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8"]},{"policyDefinitionReferenceId":"ACF1223","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8"]},{"policyDefinitionReferenceId":"ACF1224","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28cfa30b-7f72-47ce-ba3b-eed26c8d2c82","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(1)"]},{"policyDefinitionReferenceId":"ACF1225","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8d096fe0-f510-4486-8b4d-d17dc230980b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(2)"]},{"policyDefinitionReferenceId":"ACF1226","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c158eb1c-ae7e-4081-8057-d527140c4e0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(3)"]},{"policyDefinitionReferenceId":"ACF1227","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03b78f5e-4877-4303-b0f4-eb6583f25768","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(3)"]},{"policyDefinitionReferenceId":"ACF1228","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/39c54140-5902-4079-8bb5-ad31936fe764","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(4)"]},{"policyDefinitionReferenceId":"ACF1229","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03752212-103c-4ab8-a306-7e813022ca9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(5)"]},{"policyDefinitionReferenceId":"ACF1230","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/11158848-f679-4e9b-aa7b-9fb07d945071","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1231","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/244e0c05-cc45-4fe7-bf36-42dcf01f457d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1232","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/396ba986-eac1-4d6d-85c4-d3fda6b78272","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1233","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d79001f-95fe-45d0-8736-f217e78c1f57","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1234","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b293f881-361c-47ed-b997-bc4e2296bc0b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1235","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c49c610b-ece4-44b3-988c-2172b70d6e46","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1236","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ba3ed84-c768-4e18-b87c-34ef1aff1b57","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1237","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e80b6812-0bfa-4383-8223-cdd86a46a890","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10(1)"]},{"policyDefinitionReferenceId":"ACF1238","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1239","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0be51298-f643-4556-88af-d7db90794879","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1240","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/129eb39f-d79a-4503-84cd-92f036b5e429","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1241","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eca4d7b2-65e2-4e04-95d4-c68606b063c3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11(1)"]},{"policyDefinitionReferenceId":"ACF1242","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf3b3293-667a-445e-a722-fa0b0afc0958","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-1"]},{"policyDefinitionReferenceId":"ACF1243","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ca9a4469-d6df-4ab2-a42f-1213c396f0ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-1"]},{"policyDefinitionReferenceId":"ACF1244","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a13a8f8-c163-4b1b-8554-d63569dab937","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1245","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0e45314-57b8-4623-80cd-bbb561f59516","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1246","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/398eb61e-8111-40d5-a0c9-003df28f1753","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1247","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e666db5-b2ef-4b06-aac6-09bfce49151b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1248","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50fc602d-d8e0-444b-a039-ad138ee5deb0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1249","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d3bf4251-0818-42db-950b-afd5b25a51c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1250","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8de614d8-a8b7-4f70-a62a-6d37089a002c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1251","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e2b3730-8c14-4081-8893-19dbb5de7348","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(1)"]},{"policyDefinitionReferenceId":"ACF1252","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a328fd72-8ff5-4f96-8c9c-b30ed95db4ab","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(2)"]},{"policyDefinitionReferenceId":"ACF1253","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0afce0b3-dd9f-42bb-af28-1e4284ba8311","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(3)"]},{"policyDefinitionReferenceId":"ACF1254","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/704e136a-4fe0-427c-b829-cd69957f5d2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(4)"]},{"policyDefinitionReferenceId":"ACF1255","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3793f5e-937f-44f7-bfba-40647ef3efa0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(5)"]},{"policyDefinitionReferenceId":"ACF1256","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/232ab24b-810b-4640-9019-74a7d0d6a980","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(8)"]},{"policyDefinitionReferenceId":"ACF1257","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b958b241-4245-4bd6-bd2d-b8f0779fb543","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1258","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7814506c-382c-4d33-a142-249dd4a0dbff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1259","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d9e18f7-bad9-4d30-8806-a0c9d5e26208","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1260","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/42254fc4-2738-4128-9613-72aaa4f0d9c3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3(1)"]},{"policyDefinitionReferenceId":"ACF1261","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/65aeceb5-a59c-4cb1-8d82-9c474be5d431","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1262","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/831e510e-db41-4c72-888e-a0621ab62265","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1263","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41472613-3b05-49f6-8fe8-525af113ce17","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1264","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd280d4b-50a1-42fb-a479-ece5878acf19","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(1)"]},{"policyDefinitionReferenceId":"ACF1265","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a18adb5b-1db6-4a5b-901a-7d3797d12972","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(2)"]},{"policyDefinitionReferenceId":"ACF1266","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b4a3eb2-c25d-40bf-ad41-5094b6f59cee","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(2)"]},{"policyDefinitionReferenceId":"ACF1267","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e97ba1d-be5d-4953-8da4-0cccf28f4805","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6"]},{"policyDefinitionReferenceId":"ACF1268","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23f6e984-3053-4dfc-ab48-543b764781f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6"]},{"policyDefinitionReferenceId":"ACF1269","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/19b9439d-865d-4474-b17d-97d2702fdb66","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(1)"]},{"policyDefinitionReferenceId":"ACF1270","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53c76a39-2097-408a-b237-b279f7b4614d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(2)"]},{"policyDefinitionReferenceId":"ACF1271","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da3bfb53-9c46-4010-b3db-a7ba1296dada","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(3)"]},{"policyDefinitionReferenceId":"ACF1272","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1273","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e77fcbf2-a1e8-44f1-860e-ed6583761e65","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1274","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2aee175f-cd16-4825-939a-a85349d96210","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1275","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a23d9d53-ad2e-45ef-afd5-e6d10900a737","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(1)"]},{"policyDefinitionReferenceId":"ACF1276","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e214e563-1206-4a43-a56b-ac5880c9c571","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(2)"]},{"policyDefinitionReferenceId":"ACF1277","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dc43e829-3d50-4a0a-aa0f-428d551862aa","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(3)"]},{"policyDefinitionReferenceId":"ACF1278","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8e5ef485-9e16-4c53-a475-fbb8107eac59","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(4)"]},{"policyDefinitionReferenceId":"ACF1279","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8"]},{"policyDefinitionReferenceId":"ACF1280","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa108498-b3a8-4ffb-9e79-1107e76afad3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(1)"]},{"policyDefinitionReferenceId":"ACF1281","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8dc459b3-0e77-45af-8d71-cfd8c9654fe2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(1)"]},{"policyDefinitionReferenceId":"ACF1282","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34042a97-ec6d-4263-93d2-8c1c46823b2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(2)"]},{"policyDefinitionReferenceId":"ACF1283","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9172e76-7f56-46e9-93bf-75d69bdb5491","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(3)"]},{"policyDefinitionReferenceId":"ACF1284","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/942b3e97-6ae3-410e-a794-c9c999b97c0b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1285","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01f7726b-db54-45c2-bcb5-9bd7a43796ee","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1286","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4f9b47a-2116-4e6f-88db-4edbf22753f1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1287","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/819dc6da-289d-476e-8500-7e341ef8677d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1288","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1289","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a724864-956a-496c-b778-637cb1d762cf","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1290","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/92f85ce9-17b7-49ea-85ee-ea7271ea6b82","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1291","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(1)"]},{"policyDefinitionReferenceId":"ACF1292","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d03516cf-0293-489f-9b32-a18f2a79f836","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(2)"]},{"policyDefinitionReferenceId":"ACF1293","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/87f7cd82-2e45-4d0f-9e2f-586b0962d142","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(3)"]},{"policyDefinitionReferenceId":"ACF1294","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/49dbe627-2c1e-438c-979e-dd7a39bbf81d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(5)"]},{"policyDefinitionReferenceId":"ACF1295","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a895fbdb-204d-4302-9689-0a59dc42b3d9","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10"]},{"policyDefinitionReferenceId":"ACF1296","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e57b98a0-a011-4956-a79d-5d17ed8b8e48","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10(2)"]},{"policyDefinitionReferenceId":"ACF1297","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93fd8af1-c161-4bae-9ba9-f62731f76439","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10(4)"]},{"policyDefinitionReferenceId":"ACF1298","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1dc784b5-4895-4d27-9d40-a06b032bd1ee","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-1"]},{"policyDefinitionReferenceId":"ACF1299","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd4e54f7-9ab0-4bae-b6cc-457809948a89","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-1"]},{"policyDefinitionReferenceId":"ACF1300","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/99deec7d-5526-472e-b07c-3645a792026a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2"]},{"policyDefinitionReferenceId":"ACF1301","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"ACF1302","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09828c65-e323-422b-9774-9d5c646124da","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(2)"]},{"policyDefinitionReferenceId":"ACF1303","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/80ca0a27-918a-4604-af9e-723a27ee51e8","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(3)"]},{"policyDefinitionReferenceId":"ACF1304","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(4)"]},{"policyDefinitionReferenceId":"ACF1305","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d9166a8-1722-4b8f-847c-2cf3f2618b3d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(5)"]},{"policyDefinitionReferenceId":"ACF1306","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(8)"]},{"policyDefinitionReferenceId":"ACF1307","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84e622c8-4bed-417c-84c6-b2fb0dd73682","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(9)"]},{"policyDefinitionReferenceId":"ACF1308","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/81817e1c-5347-48dd-965a-40159d008229","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(11)"]},{"policyDefinitionReferenceId":"ACF1309","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f355d62b-39a8-4ba3-abf7-90f71cb3b000","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(12)"]},{"policyDefinitionReferenceId":"ACF1310","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/450d7ede-823d-4931-a99d-57f6a38807dc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-3"]},{"policyDefinitionReferenceId":"ACF1311","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e7568697-0c9e-4ea3-9cec-9e567d14f3c6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1312","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d6a5968-9eef-4c18-8534-376790ab7274","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1313","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36220f5b-79a1-4cdb-8c74-2d2449f9a510","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1314","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef0c8530-efd9-45b8-b753-f03083d06295","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1315","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3aa87116-f1a1-4edb-bfbf-14e036f8d454","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1316","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ce14753-66e5-465d-9841-26ef55c09c0d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4(4)"]},{"policyDefinitionReferenceId":"ACF1317","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8877f519-c166-47b7-81b7-8a8eb4ff3775","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1318","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fced5fda-3bdb-4d73-bfea-0e2c80428b66","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1319","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/66f7ae57-5560-4fc5-85c9-659f204e7a42","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1320","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6f54c732-71d4-4f93-a696-4e373eca3a77","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1321","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb627cc6-3a9d-46b5-96b7-5fca49178a37","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1322","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d1d971e-467e-4278-9633-c74c3d4fecc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1323","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abe8f70b-680f-470c-9b86-a7edfb664ecc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1324","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cfea2b3-7f77-497e-ac20-0752f2ff6eee","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1325","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1845796a-7581-49b2-ae20-443121538e19","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1326","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8605fc00-1bf5-4fb3-984e-c95cec4f231d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1327","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03188d8f-1ae5-4fe1-974d-2d7d32ef937d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1328","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f5c66fdc-3d02-4034-9db5-ba57802609de","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1329","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/498f6234-3e20-4b6a-a880-cbd646d973bd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1330","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f75cedb2-5def-4b31-973e-b69e8c7bd031","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1331","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05460fe2-301f-4ed1-8174-d62c8bb92ff4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1332","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/068260be-a5e6-4b0a-a430-cd27071c226a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1333","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3298d6bf-4bc6-4278-a95d-f7ef3ac6e594","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1334","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44bfdadc-8c2e-4c30-9c99-f005986fabcd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1335","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/382016f3-d4ba-4e15-9716-55077ec4dc2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1336","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/77f56280-e367-432a-a3b9-8ca2aa636a26","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1337","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/463e5220-3f79-4e24-a63f-343e4096cd22","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(3)"]},{"policyDefinitionReferenceId":"ACF1338","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6c59a207-6aed-41dc-83a2-e1ff66e4a4db","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(4)"]},{"policyDefinitionReferenceId":"ACF1339","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/367ae386-db7f-4167-b672-984ff86277c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(6)"]},{"policyDefinitionReferenceId":"ACF1340","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e51ff84b-e5ea-408f-b651-2ecc2933e4c6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(7)"]},{"policyDefinitionReferenceId":"ACF1341","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34cb7e92-fe4c-4826-b51e-8cd203fa5d35","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(8)"]},{"policyDefinitionReferenceId":"ACF1342","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/283a4e29-69d5-4c94-b99e-29acf003c899","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(11)"]},{"policyDefinitionReferenceId":"ACF1343","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c251a55-31eb-4e53-99c6-e9c43c393ac2","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(13)"]},{"policyDefinitionReferenceId":"ACF1344","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c895fe7-2d8e-43a2-838c-3a533a5b355e","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-6"]},{"policyDefinitionReferenceId":"ACF1345","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f86aa129-7c07-4aa4-bbf5-792d93ffd9ea","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-7"]},{"policyDefinitionReferenceId":"ACF1346","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/464dc8ce-2200-4720-87a5-dc5952924cc6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8"]},{"policyDefinitionReferenceId":"ACF1347","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/131a2706-61e9-4916-a164-00e052056462","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(1)"]},{"policyDefinitionReferenceId":"ACF1348","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/855ced56-417b-4d74-9d5f-dd1bc81e22d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(2)"]},{"policyDefinitionReferenceId":"ACF1349","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17641f70-94cd-4a5d-a613-3d1143e20e34","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(3)"]},{"policyDefinitionReferenceId":"ACF1350","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d77fd943-6ba6-4a21-ba07-22b03e347cc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(4)"]},{"policyDefinitionReferenceId":"ACF1351","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bcfb6683-05e5-4ce6-9723-c3fbe9896bdd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-1"]},{"policyDefinitionReferenceId":"ACF1352","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/518cb545-bfa8-43f8-a108-3b7d5037469a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-1"]},{"policyDefinitionReferenceId":"ACF1353","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c785ad59-f78f-44ad-9a7f-d1202318c748","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1354","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9fd92c17-163a-4511-bb96-bbb476449796","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1355","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90e01f69-3074-4de8-ade7-0fef3e7d83e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1356","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8829f8f5-e8be-441e-85c9-85b72a5d0ef3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2(1)"]},{"policyDefinitionReferenceId":"ACF1357","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e4213689-05e8-4241-9d4e-8dd1cdafd105","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2(2)"]},{"policyDefinitionReferenceId":"ACF1358","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/effbaeef-5bf4-400d-895e-ef8cbc0e64c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-3"]},{"policyDefinitionReferenceId":"ACF1359","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47bc7ea0-7d13-4f7c-a154-b903f7194253","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-3(2)"]},{"policyDefinitionReferenceId":"ACF1360","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/be5b05e7-0b82-4ebc-9eda-25e447b1a41e","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1361","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03ed3be1-7276-4452-9a5d-e4168565ac67","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1362","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5d169442-d6ef-439b-8dca-46c2c3248214","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1363","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea3e8156-89a1-45b1-8bd6-938abc79fdfd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(1)"]},{"policyDefinitionReferenceId":"ACF1364","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c615c2a-dc83-4dda-8220-abce7b50c9bc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(2)"]},{"policyDefinitionReferenceId":"ACF1365","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4116891d-72f7-46ee-911c-8056cc8dcbd5","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(3)"]},{"policyDefinitionReferenceId":"ACF1366","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06c45c30-ae44-4f0f-82be-41331da911cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(4)"]},{"policyDefinitionReferenceId":"ACF1367","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/435b2547-6374-4f87-b42d-6e8dbe6ae62a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(6)"]},{"policyDefinitionReferenceId":"ACF1368","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/465f32da-0ace-4603-8d1b-7be5a3a702de","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(8)"]},{"policyDefinitionReferenceId":"ACF1369","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/18cc35ed-a429-486d-8d59-cb47e87304ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-5"]},{"policyDefinitionReferenceId":"ACF1370","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/924e1b2d-c502-478f-bfdb-a7e09a0d5c01","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-5(1)"]},{"policyDefinitionReferenceId":"ACF1371","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9447f354-2c85-4700-93b3-ecdc6cb6a417","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6"]},{"policyDefinitionReferenceId":"ACF1372","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/25b96717-c912-4c00-9143-4e487f411726","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6"]},{"policyDefinitionReferenceId":"ACF1373","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4cca950f-c3b7-492a-8e8f-ea39663c14f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6(1)"]},{"policyDefinitionReferenceId":"ACF1374","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc5c8616-52ef-4e5e-8000-491634ed9249","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7"]},{"policyDefinitionReferenceId":"ACF1375","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/00379355-8932-4b52-b63a-3bc6daf3451a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(1)"]},{"policyDefinitionReferenceId":"ACF1376","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/493a95f3-f2e3-47d0-af02-65e6d6decc2f","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(2)"]},{"policyDefinitionReferenceId":"ACF1377","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68434bd1-e14b-4031-9edb-a4adf5f84a67","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(2)"]},{"policyDefinitionReferenceId":"ACF1378","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/97fceb70-6983-42d0-9331-18ad8253184d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1379","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9442dd2c-a07f-46cd-b55a-553b66ba47ca","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1380","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4319b7e-ea8d-42ff-8a67-ccd462972827","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1381","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e5368258-9684-4567-8126-269f34e65eab","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1382","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/841392b3-40da-4473-b328-4cde49db67b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1383","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d4558451-e16a-4d2d-a066-fe12a6282bb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1384","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/79fbc228-461c-4a45-9004-a865ca0728a7","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1385","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3e495e65-8663-49ca-9b38-9f45e800bc58","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1386","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5120193e-91fd-4f9d-bc6d-194f94734065","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1387","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3007185-3857-43a9-8237-06ca94f1084c","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1388","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c7c575a-d4c5-4f6f-bd49-dee97a8cba55","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1389","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c39e6fda-ae70-4891-a739-be7bba6d1062","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1390","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3b65b63-09ec-4cb5-8028-7dd324d10eb0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(1)"]},{"policyDefinitionReferenceId":"ACF1391","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd6ac1a1-660e-4810-baa8-74e868e2ed47","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(2)"]},{"policyDefinitionReferenceId":"ACF1392","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86dc819f-15e1-43f9-a271-41ae58d4cecc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(3)"]},{"policyDefinitionReferenceId":"ACF1393","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/731856d8-1598-4b75-92de-7d46235747c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(4)"]},{"policyDefinitionReferenceId":"ACF1394","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4db56f68-3f50-45ab-88f3-ca46f5379a94","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-1"]},{"policyDefinitionReferenceId":"ACF1395","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7207a023-a517-41c5-9df2-09d4c6845a05","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-1"]},{"policyDefinitionReferenceId":"ACF1396","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/276af98f-4ff9-4e69-99fb-c9b2452fb85f","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1397","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/391af4ab-1117-46b9-b2c7-78bbd5cd995b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1398","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/443e8f3d-b51a-45d8-95a7-18b0e42f4dc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1399","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2256e638-eb23-480f-9e15-6cf1af0a76b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1400","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a96d5098-a604-4cdf-90b1-ef6449a27424","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1401","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b78ee928-e3c1-4569-ad97-9f8c4b629847","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1402","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a560d32-8075-4fec-9615-9f7c853f4ea9","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2(2)"]},{"policyDefinitionReferenceId":"ACF1403","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/57149289-d52b-4f40-9fe6-5233c1ef80f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2(2)"]},{"policyDefinitionReferenceId":"ACF1404","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13d8f903-0cd6-449f-a172-50f6579c182b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3"]},{"policyDefinitionReferenceId":"ACF1405","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(1)"]},{"policyDefinitionReferenceId":"ACF1406","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0f5339c-9292-43aa-a0bc-d27c6b8e30aa","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(2)"]},{"policyDefinitionReferenceId":"ACF1407","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ff9fbd83-1d8d-4b41-aac2-94cb44b33976","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1408","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c5f56ac6-4bb2-4086-bc41-ad76344ba2c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1409","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d1880188-e51a-4772-b2ab-68f5e8bd27f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1410","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2596a9f-e59f-420d-9625-6e0b536348be","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1411","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/898d4fe8-f743-4333-86b7-0c9245d93e7d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1412","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3492d949-0dbb-4589-88b3-7b59601cc764","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1413","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeedddb6-6bc0-42d5-809b-80048033419d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1414","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ce63a52-e47b-4ae2-adbb-6e40d967f9e6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1415","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/61a1dd98-b259-4840-abd5-fbba7ee0da83","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1416","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/38dfd8a3-5290-4099-88b7-4081f4c4d8ae","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(2)"]},{"policyDefinitionReferenceId":"ACF1417","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7522ed84-70d5-4181-afc0-21e50b1b6d0e","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(3)"]},{"policyDefinitionReferenceId":"ACF1418","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28e633fd-284e-4ea7-88b4-02ca157ed713","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(3)"]},{"policyDefinitionReferenceId":"ACF1419","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6747bf9-2b97-45b8-b162-3c8becb9937d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(6)"]},{"policyDefinitionReferenceId":"ACF1420","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05ae08cc-a282-413b-90c7-21a2c60b8404","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1421","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e539caaa-da8c-41b8-9e1e-449851e2f7a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1422","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea556850-838d-4a37-8ce5-9d7642f95e11","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1423","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7741669e-d4f6-485a-83cb-e70ce7cbbc20","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5(1)"]},{"policyDefinitionReferenceId":"ACF1424","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf55fc87-48e1-4676-a2f8-d9a8cf993283","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5(1)"]},{"policyDefinitionReferenceId":"ACF1425","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5983d99c-f39b-4c32-a3dc-170f19f6941b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-6"]},{"policyDefinitionReferenceId":"ACF1426","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21f639bc-f42b-46b1-8f40-7a2a389c291a","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-1"]},{"policyDefinitionReferenceId":"ACF1427","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc90e44f-d83f-4bdf-900f-3d5eb4111b31","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-1"]},{"policyDefinitionReferenceId":"ACF1428","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a77fcc7-b8d8-451a-ab52-56197913c0c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-2"]},{"policyDefinitionReferenceId":"ACF1429","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b07c9b24-729e-4e85-95fc-f224d2d08a80","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-3"]},{"policyDefinitionReferenceId":"ACF1430","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f559588-5e53-4b14-a7c4-85d28ebc2234","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-3"]},{"policyDefinitionReferenceId":"ACF1431","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7173c52-2b99-4696-a576-63dd5f970ef4","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-4"]},{"policyDefinitionReferenceId":"ACF1432","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1140e542-b80d-4048-af45-3f7245be274b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-4"]},{"policyDefinitionReferenceId":"ACF1433","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b879b41-2728-41c5-ad24-9ee2c37cbe65","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1434","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c18f06b-a68d-41c3-8863-b8cd3acb5f8f","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1435","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa8d221b-d130-4637-ba16-501e666628bb","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1436","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28aab8b4-74fd-4b7c-9080-5a7be525d574","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1437","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d1eb6ed-bf13-4046-b993-b9e2aef0f76c","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5(4)"]},{"policyDefinitionReferenceId":"ACF1438","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40fcc635-52a2-4dbc-9523-80a1f4aa1de6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6"]},{"policyDefinitionReferenceId":"ACF1439","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dce72873-c5f1-47c3-9b4f-6b8207fd5a45","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6"]},{"policyDefinitionReferenceId":"ACF1440","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/881299bf-2a5b-4686-a1b2-321d33679953","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(1)"]},{"policyDefinitionReferenceId":"ACF1441","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6519d7f3-e8a2-4ff3-a935-9a9497152ad7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(2)"]},{"policyDefinitionReferenceId":"ACF1442","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f26049b-2c5a-4841-9ff3-d48a26aae475","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(3)"]},{"policyDefinitionReferenceId":"ACF1443","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cd0ec6fa-a2e7-4361-aee4-a8688659a9ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-7"]},{"policyDefinitionReferenceId":"ACF1444","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/666143df-f5e0-45bd-b554-135f0f93e44e","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-7(1)"]},{"policyDefinitionReferenceId":"ACF1445","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32d07d59-2716-4972-b37b-214a67ac4a37","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-1"]},{"policyDefinitionReferenceId":"ACF1446","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf6850fe-abba-468e-9ef4-d09ec7d983cd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-1"]},{"policyDefinitionReferenceId":"ACF1447","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9783a99-98fe-4a95-873f-29613309fe9a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1448","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/825d6494-e583-42f2-a3f2-6458e6f0004f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1449","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f784d3b0-5f2b-49b7-b9f3-00ba8653ced5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1450","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/134d7a13-ba3e-41e2-b236-91bfcfa24e01","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1451","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3f1e5a3-25c1-4476-8cb6-3955031f8e65","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1452","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82c76455-4d3f-4e09-a654-22e592107e74","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1453","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9693b564-3008-42bc-9d5d-9c7fe198c011","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1454","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ad58985d-ab32-4f99-8bd3-b7e134c90229","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1455","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/068a88d4-e520-434e-baf0-9005a8164e6a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1456","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/733ba9e3-9e7c-440a-a7aa-6196a90a2870","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1457","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f2d9d3e6-8886-4305-865d-639163e5c305","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1458","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c19ceb7-56e9-4488-8ddb-b1eb3aa6d203","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3(1)"]},{"policyDefinitionReferenceId":"ACF1459","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-4"]},{"policyDefinitionReferenceId":"ACF1460","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6f3ce1bb-4f77-4695-8355-70b08d54fdda","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-5"]},{"policyDefinitionReferenceId":"ACF1461","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aafef03e-fea8-470b-88fa-54bd1fcd7064","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1462","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9b1f3a9a-13a1-4b40-8420-36bca6fd8c02","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1463","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/59721f87-ae25-4db0-a2a4-77cc5b25d495","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1464","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41256567-1795-4684-b00b-a1308ce43cac","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6(1)"]},{"policyDefinitionReferenceId":"ACF1465","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6e41554-86b5-4537-9f7f-4fc41a1d1640","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6(4)"]},{"policyDefinitionReferenceId":"ACF1466","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d943a9c-a6f1-401f-a792-740cdb09c451","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8"]},{"policyDefinitionReferenceId":"ACF1467","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5350cbf9-8bdd-4904-b22a-e88be84ca49d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8"]},{"policyDefinitionReferenceId":"ACF1468","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/75603f96-80a1-4757-991d-5a1221765ddd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8(1)"]},{"policyDefinitionReferenceId":"ACF1469","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-9"]},{"policyDefinitionReferenceId":"ACF1470","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c89ba09f-2e0f-44d0-8095-65b05bd151ef","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1471","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7dd0e9ce-1772-41fb-a50a-99977071f916","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1472","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef869332-921d-4c28-9402-3be73e6e50c8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1473","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d7047705-d719-46a7-8bb0-76ad233eba71","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-11"]},{"policyDefinitionReferenceId":"ACF1474","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03ad326e-d7a1-44b1-9a76-e17492efc9e4","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-11(1)"]},{"policyDefinitionReferenceId":"ACF1475","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34a63848-30cf-4081-937e-ce1a1c885501","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-12"]},{"policyDefinitionReferenceId":"ACF1476","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f3c4ac2-3e35-4906-a80b-473b12a622d7","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13"]},{"policyDefinitionReferenceId":"ACF1477","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4862a63c-6c74-4a9d-a221-89af3c374503","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(1)"]},{"policyDefinitionReferenceId":"ACF1478","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f997df46-cfbb-4cc8-aac8-3fecdaf6a183","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(2)"]},{"policyDefinitionReferenceId":"ACF1479","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e327b072-281d-4f75-9c28-4216e5d72f26","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(3)"]},{"policyDefinitionReferenceId":"ACF1480","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/18a767cc-1947-4338-a240-bc058c81164f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14"]},{"policyDefinitionReferenceId":"ACF1481","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/717a1c78-a267-4f56-ac58-ee6c54dc4339","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14"]},{"policyDefinitionReferenceId":"ACF1482","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9df4277e-8c88-4d5c-9b1a-541d53d15d7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14(2)"]},{"policyDefinitionReferenceId":"ACF1483","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5cb81060-3c8a-4968-bcdc-395a1801f6c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-15"]},{"policyDefinitionReferenceId":"ACF1484","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/486b006a-3653-45e8-b41c-a052d3e05456","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-15(1)"]},{"policyDefinitionReferenceId":"ACF1485","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50301354-95d0-4a11-8af5-8039ecf6d38b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-16"]},{"policyDefinitionReferenceId":"ACF1486","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb790345-a51f-43de-934e-98dbfaf9dca5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1487","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c3371d-c30c-4f58-abd9-30b8a8199571","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1488","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d8ef30eb-a44f-47af-8524-ac19a36d41d2","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1489","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0a794f-1444-4c96-9534-e35fc8c39c91","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-18"]},{"policyDefinitionReferenceId":"ACF1490","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e61da80-0957-4892-b70c-609d5eaafb6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-1"]},{"policyDefinitionReferenceId":"ACF1491","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1571dd40-dafc-4ef4-8f55-16eba27efc7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-1"]},{"policyDefinitionReferenceId":"ACF1492","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ad5f307-e045-46f7-8214-5bdb7e973737","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1493","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22b469b3-fccf-42da-aa3b-a28e6fb113ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1494","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ed09d84-3311-4853-8b67-2b55dfa33d09","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1495","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4978d0e-a596-48e7-9f8c-bbf52554ce8d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1496","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ca96127-2f87-46ab-a4fc-0d2a786df1c8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1497","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2e3c5583-1729-4d36-8771-59c32f090a22","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2(3)"]},{"policyDefinitionReferenceId":"ACF1498","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/633988b9-cf2f-4323-8394-f0d2af9cd6e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1499","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e59671ab-9720-4ee2-9c60-170e8c82251e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1500","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9dd5b241-03cb-47d3-a5cd-4b89f9c53c92","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1501","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88817b58-8472-4f6c-81fa-58ce42b67f51","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1502","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e901375c-8f01-4ac8-9183-d5312f47fe63","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4(1)"]},{"policyDefinitionReferenceId":"ACF1503","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c1fa9c2f-d439-4ab9-8b83-81fb1934f81d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1504","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e7c35d0-12d4-4e0c-80a2-8a352537aefd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1505","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/813a10a7-3943-4fe3-8678-00dc52db5490","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1506","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f7d2ff17-d604-4dd9-b607-9ecf63f28ad2","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-1"]},{"policyDefinitionReferenceId":"ACF1507","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86ccd1bf-e7ad-4851-93ce-6ec817469c1e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-1"]},{"policyDefinitionReferenceId":"ACF1508","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/76f500cc-4bca-4583-bda1-6d084dc21086","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1509","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/70792197-9bfc-4813-905a-bd33993e327f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1510","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/79da5b09-0e7e-499e-adda-141b069c7998","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1511","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9eae324-d327-4539-9293-b48e122465f8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3"]},{"policyDefinitionReferenceId":"ACF1512","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5a8324ad-f599-429b-aaed-f9c6e8c987a8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3"]},{"policyDefinitionReferenceId":"ACF1513","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c416970d-b12b-49eb-8af4-fb144cd7c290","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3(3)"]},{"policyDefinitionReferenceId":"ACF1514","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ed5ca00-0e43-434e-a018-7aab91461ba7","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3(3)"]},{"policyDefinitionReferenceId":"ACF1515","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02dd141a-a2b2-49a7-bcbd-ca31142f6211","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1516","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da3cd269-156f-435b-b472-c3af34c032ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1517","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8f5ad423-50d6-4617-b058-69908f5586c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1518","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d58f734-c052-40e9-8b2f-a1c2bff0b815","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1519","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2f13915a-324c-4ab8-b45c-2eefeeefb098","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1520","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f2c513b-eb16-463b-b469-c10e5fa94f0a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1521","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cbddf9c-a3aa-4330-a0f5-4c0c1f1862e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4(2)"]},{"policyDefinitionReferenceId":"ACF1522","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/38b470cc-f939-4a15-80e0-9f0c74f2e2c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1523","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5577a310-2551-49c8-803b-36e0d5e55601","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1524","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/72f1cb4e-2439-4fe8-88ea-b8671ce3c268","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1525","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9be2f688-7a61-45e3-8230-e1ec93893f66","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1526","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/953e6261-a05a-44fd-8246-000e1a3edbb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1527","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2823de66-332f-4bfd-94a3-3eb036cd3b67","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1528","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/deb9797c-22f8-40e8-b342-a84003c924e6","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1529","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d74fdc92-1cb8-4a34-9978-8556425cd14c","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1530","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e8f9566-29f1-49cd-b61f-f8628a3cf993","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1531","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0643e0c-eee5-4113-8684-c608d05c5236","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1532","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2c66299-9017-4d95-8040-8bdbf7901d52","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1533","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bba2a036-fb3b-4261-b1be-a13dfb5fbcaa","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1534","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8b2b263e-cd05-4488-bcbf-4debec7a17d9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-8"]},{"policyDefinitionReferenceId":"ACF1535","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9a165d2-967d-4733-8399-1074270dae2e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-8"]},{"policyDefinitionReferenceId":"ACF1536","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e40d9de-2ad4-4cb5-8945-23143326a502","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-1"]},{"policyDefinitionReferenceId":"ACF1537","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b19454ca-0d70-42c0-acf5-ea1c1e5726d1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-1"]},{"policyDefinitionReferenceId":"ACF1538","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d7658b2-e827-49c3-a2ae-6d2bd0b45874","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1539","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aabb155f-e7a5-4896-a767-e918bfae2ee0","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1540","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f771f8cb-6642-45cc-9a15-8a41cd5c6977","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1541","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/70f6af82-7be6-44aa-9b15-8b9231b2e434","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1542","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eab340d0-3d55-4826-a0e5-feebfeb0131d","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1543","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd00b778-b5b5-49c0-a994-734ea7bd3624","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1544","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/43ced7c9-cd53-456b-b0da-2522649a4271","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1545","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3f4b171a-a56b-4328-8112-32cf7f947ee1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1546","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ce1ea7e-4038-4e53-82f4-63e8859333c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1547","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1548","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3afe6c78-6124-4d95-b85c-eb8c0c9539cb","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1549","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d6976a08-d969-4df2-bb38-29556c2eb48a","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1550","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/902908fb-25a8-4225-a3a5-5603c80066c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1551","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bbda922-0172-4095-89e6-5b4a0bf03af7","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(1)"]},{"policyDefinitionReferenceId":"ACF1552","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/43684572-e4f1-4642-af35-6b933bc506da","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(2)"]},{"policyDefinitionReferenceId":"ACF1553","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e5225fe-cdfb-4fce-9aec-0fe20dd53b62","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(3)"]},{"policyDefinitionReferenceId":"ACF1554","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10984b4e-c93e-48d7-bf20-9c03b04e9eca","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(4)"]},{"policyDefinitionReferenceId":"ACF1555","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5afa8cab-1ed7-4e40-884c-64e0ac2059cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(5)"]},{"policyDefinitionReferenceId":"ACF1556","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/391ff8b3-afed-405e-9f7d-ef2f8168d5da","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(6)"]},{"policyDefinitionReferenceId":"ACF1557","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36fbe499-f2f2-41b6-880e-52d7ea1d94a5","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(8)"]},{"policyDefinitionReferenceId":"ACF1558","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/65592b16-4367-42c5-a26e-d371be450e17","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(10)"]},{"policyDefinitionReferenceId":"ACF1559","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45692294-f074-42bd-ac54-16f1a3c07554","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-1"]},{"policyDefinitionReferenceId":"ACF1560","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e29e0915-5c2f-4d09-8806-048b749ad763","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-1"]},{"policyDefinitionReferenceId":"ACF1561","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40364c3f-c331-4e29-b1e3-2fbe998ba2f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1562","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d4142013-7964-4163-a313-a900301c2cef","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1563","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9afe2edf-232c-4fdf-8e6a-e867a5c525fd","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1564","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/157f0ef9-143f-496d-b8f9-f8c8eeaad801","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1565","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45ce2396-5c76-4654-9737-f8792ab3d26b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1566","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50ad3724-e2ac-4716-afcc-d8eabd97adb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1567","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e72edbf6-aa61-436d-a227-0f32b77194b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1568","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6a8eae8-9854-495a-ac82-d2cd3eac02a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1569","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ad2f8e61-a564-4dfd-8eaa-816f5be8cb34","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1570","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7fcf38d-bb09-4600-be7d-825046eb162a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1571","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b11c985b-f2cd-4bd7-85f4-b52426edf905","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1572","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/04f5fb00-80bb-48a9-a75b-4cb4d4c97c36","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1573","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/58c93053-7b98-4cf0-b99f-1beb985416c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1574","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f935dab-83d6-47b8-85ef-68b8584161b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1575","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93e1bb73-1b08-4dbe-9c62-8e2e92e7ec41","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(1)"]},{"policyDefinitionReferenceId":"ACF1576","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f18c885-ade3-48c5-80b1-8f9216019c18","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(2)"]},{"policyDefinitionReferenceId":"ACF1577","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d922484a-8cfc-4a6b-95a4-77d6a685407f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(8)"]},{"policyDefinitionReferenceId":"ACF1578","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45b7b644-5f91-498e-9d89-7402532d3645","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(9)"]},{"policyDefinitionReferenceId":"ACF1579","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e54c7ef-7457-430b-9a3e-ef8881d4a8e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(10)"]},{"policyDefinitionReferenceId":"ACF1580","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/854db8ac-6adf-42a0-bef3-b73f764f40b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1581","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/742b549b-7a25-465f-b83c-ea1ffb4f4e0e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1582","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cd9e2f38-259b-462c-bfad-0ad7ab4e65c5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1583","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0882d488-8e80-4466-bc0f-0cd15b6cb66d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1584","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5864522b-ff1d-4979-a9f8-58bee1fb174c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1585","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d57f8732-5cdc-4cda-8d27-ab148e1f3a55","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-8"]},{"policyDefinitionReferenceId":"ACF1586","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e3b2fbd-8f37-4766-a64d-3f37703dcb51","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1587","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32820956-9c6d-4376-934c-05cd8525be7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1588","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68ebae26-e0e0-4ecb-8379-aabf633b51e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1589","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86ec7f9b-9478-40ff-8cfd-6a0d510081a8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(1)"]},{"policyDefinitionReferenceId":"ACF1590","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf296b8c-f391-4ea4-9198-be3c9d39dd1f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(1)"]},{"policyDefinitionReferenceId":"ACF1591","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f751cdb7-fbee-406b-969b-815d367cb9b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(2)"]},{"policyDefinitionReferenceId":"ACF1592","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d01ba6c-289f-42fd-a408-494b355b6222","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(4)"]},{"policyDefinitionReferenceId":"ACF1593","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2cd0a426-b5f5-4fe0-9539-a6043cdbc6fa","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(5)"]},{"policyDefinitionReferenceId":"ACF1594","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/042ba2a1-8bb8-45f4-b080-c78cf62b90e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1595","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1e0414e7-6ef5-4182-8076-aa82fbb53341","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1596","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21e25e01-0ae0-41be-919e-04ce92b8e8b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1597","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68b250ec-2e4f-4eee-898a-117a9fda7016","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1598","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae7e1f5e-2d63-4b38-91ef-bce14151cce3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1599","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0004bbf0-5099-4179-869e-e9ffe5fb0945","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10(1)"]},{"policyDefinitionReferenceId":"ACF1600","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c53f3123-d233-44a7-930b-f40d3bfeb7d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1601","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1602","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ddae2e97-a449-499f-a1c8-aea4a7e52ec9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1603","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b909c26-162f-47ce-8e15-0c1f55632eac","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1604","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44dbba23-0b61-478e-89c7-b3084667782f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1605","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0062eb8b-dc75-4718-8ea5-9bb4a9606655","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(1)"]},{"policyDefinitionReferenceId":"ACF1606","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(2)"]},{"policyDefinitionReferenceId":"ACF1607","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/976a74cf-b192-4d35-8cab-2068f272addb","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(8)"]},{"policyDefinitionReferenceId":"ACF1608","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b73b7b3b-677c-4a2a-b949-ad4dc4acd89f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-12"]},{"policyDefinitionReferenceId":"ACF1609","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e93fa71-42ac-41a7-b177-efbfdc53c69f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-15"]},{"policyDefinitionReferenceId":"ACF1610","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9f3fb54-4222-46a1-a308-4874061f8491","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-15"]},{"policyDefinitionReferenceId":"ACF1611","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-16"]},{"policyDefinitionReferenceId":"ACF1612","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2037b3d-8b04-4171-8610-e6d4f1d08db5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1613","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fe2ad78b-8748-4bff-a924-f74dfca93f30","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1614","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8154e3b3-cc52-40be-9407-7756581d71f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1615","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f35e02aa-0a55-49f8-8811-8abfa7e6f2c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-1"]},{"policyDefinitionReferenceId":"ACF1616","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2006457a-48b3-4f7b-8d2e-1532287f9929","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-1"]},{"policyDefinitionReferenceId":"ACF1617","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a631d8f5-eb81-4f9d-9ee1-74431371e4a3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-2"]},{"policyDefinitionReferenceId":"ACF1618","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f52f89aa-4489-4ec4-950e-8c96a036baa9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-3"]},{"policyDefinitionReferenceId":"ACF1619","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c722e569-cb52-45f3-a643-836547d016e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-4"]},{"policyDefinitionReferenceId":"ACF1620","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d17c826b-1dec-43e1-a984-7b71c446649c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-5"]},{"policyDefinitionReferenceId":"ACF1621","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cb9f731-744a-4691-a481-ca77b0411538","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-6"]},{"policyDefinitionReferenceId":"ACF1622","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ecf56554-164d-499a-8d00-206b07c27bed","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1623","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02ce1b22-412a-4528-8630-c42146f917ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1624","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37d079e3-d6aa-4263-a069-dd7ac6dd9684","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1625","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9b66a4d-70a1-4b47-8fa1-289cec68c605","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(3)"]},{"policyDefinitionReferenceId":"ACF1626","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8f6bddd-6d67-439a-88d4-c5fe39a79341","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1627","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd73310d-76fc-422d-bda4-3a077149f179","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1628","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/67de62b4-a737-4781-8861-3baed3c35069","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1629","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c171b095-7756-41de-8644-a062a96043f2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1630","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3643717a-3897-4bfd-8530-c7c96b26b2a0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1631","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74ae9b8e-e7bb-4c9c-992f-c535282f7a2c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(5)"]},{"policyDefinitionReferenceId":"ACF1632","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ce9073a-77fa-48f0-96b1-87aa8e6091c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(7)"]},{"policyDefinitionReferenceId":"ACF1633","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/07557aa0-e02f-4460-9a81-8ecd2fed601a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(8)"]},{"policyDefinitionReferenceId":"ACF1634","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/292a7c44-37fa-4c68-af7c-9d836955ded2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(10)"]},{"policyDefinitionReferenceId":"ACF1635","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(12)"]},{"policyDefinitionReferenceId":"ACF1636","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7b694eed-7081-43c6-867c-41c76c961043","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(13)"]},{"policyDefinitionReferenceId":"ACF1637","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4075bedc-c62a-4635-bede-a01be89807f3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(18)"]},{"policyDefinitionReferenceId":"ACF1638","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/49b99653-32cd-405d-a135-e7d60a9aae1f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(20)"]},{"policyDefinitionReferenceId":"ACF1639","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/78e8e649-50f6-4fe3-99ac-fedc2e63b03f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(21)"]},{"policyDefinitionReferenceId":"ACF1640","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05a289ce-6a20-4b75-a0f3-dc8601b6acd0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8"]},{"policyDefinitionReferenceId":"ACF1641","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d39d4f68-7346-4133-8841-15318a714a24","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"ACF1642","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53397227-5ee3-4b23-9e5e-c8a767ce6928","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-10"]},{"policyDefinitionReferenceId":"ACF1643","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d8d492c-dd7a-46f7-a723-fa66a425b87c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12"]},{"policyDefinitionReferenceId":"ACF1644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7211477-c970-446b-b4af-062f37461147","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(1)"]},{"policyDefinitionReferenceId":"ACF1645","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/afbd0baf-ff1a-4447-a86f-088a97347c0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(2)"]},{"policyDefinitionReferenceId":"ACF1646","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/506814fa-b930-4b10-894e-a45b98c40e1a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(3)"]},{"policyDefinitionReferenceId":"ACF1647","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/791cfc15-6974-42a0-9f4c-2d4b82f4a78c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-13"]},{"policyDefinitionReferenceId":"ACF1648","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3a9eb14b-495a-4ebb-933c-ce4ef5264e32","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-15"]},{"policyDefinitionReferenceId":"ACF1649","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26d292cc-b0b8-4c29-9337-68abc758bf7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-15"]},{"policyDefinitionReferenceId":"ACF1650","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201d3740-bd16-4baf-b4b8-7cda352228b7","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-17"]},{"policyDefinitionReferenceId":"ACF1651","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6db63528-c9ba-491c-8a80-83e1e6977a50","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1652","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6998e84a-2d29-4e10-8962-76754d4f772d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1653","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1654","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a2ee16e-ab1f-414a-800b-d1608835862b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-19"]},{"policyDefinitionReferenceId":"ACF1655","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/121eab72-390e-4629-a7e2-6d6184f57c6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-19"]},{"policyDefinitionReferenceId":"ACF1656","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1cb067d5-c8b5-4113-a7ee-0a493633924b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-20"]},{"policyDefinitionReferenceId":"ACF1657","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90f01329-a100-43c2-af31-098996135d2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-20"]},{"policyDefinitionReferenceId":"ACF1658","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/063b540e-4bdc-4e7a-a569-3a42ddf22098","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-21"]},{"policyDefinitionReferenceId":"ACF1659","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/35a4102f-a778-4a2e-98c2-971056288df8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-22"]},{"policyDefinitionReferenceId":"ACF1660","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/63096613-ce83-43e5-96f4-e588e8813554","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-23"]},{"policyDefinitionReferenceId":"ACF1661","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c643c9a-1be7-4016-a5e7-e4bada052920","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-23(1)"]},{"policyDefinitionReferenceId":"ACF1662","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/165cb91f-7ea8-4ab7-beaf-8636b98c9d15","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-24"]},{"policyDefinitionReferenceId":"ACF1663","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60171210-6dde-40af-a144-bf2670518bfa","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28"]},{"policyDefinitionReferenceId":"ACF1664","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2cdf6b8-9505-4619-b579-309ba72037ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"ACF1665","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5df3a55c-8456-44d4-941e-175f79332512","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-39"]},{"policyDefinitionReferenceId":"ACF1666","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12e30ee3-61e6-4509-8302-a871e8ebb91e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-1"]},{"policyDefinitionReferenceId":"ACF1667","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d61880dc-6e38-4f2a-a30c-3406a98f8220","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-1"]},{"policyDefinitionReferenceId":"ACF1668","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fb0966e-be1d-42c3-baca-60df5c0bcc61","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1669","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48f2f62b-5743-4415-a143-288adc0e078d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1670","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c6108469-57ee-4666-af7e-79ba61c7ae0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1671","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c5bbef7-a316-415b-9b38-29753ce8e698","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1672","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b45fe972-904e-45a4-ac20-673ba027a301","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(1)"]},{"policyDefinitionReferenceId":"ACF1673","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dff0b90d-5a6f-491c-b2f8-b90aa402d844","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(2)"]},{"policyDefinitionReferenceId":"ACF1674","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93e9e233-dd0a-4bde-aea5-1371bce0e002","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(3)"]},{"policyDefinitionReferenceId":"ACF1675","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/facb66e0-1c48-478a-bed5-747a312323e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(3)"]},{"policyDefinitionReferenceId":"ACF1676","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c10fb58b-56a8-489e-9ce3-7ffe24e78e4b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1677","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4a248e1e-040f-43e5-bff2-afc3a57a3923","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1678","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd533cb0-b416-4be7-8e86-4d154824dfd7","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1679","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2cf42a28-193e-41c5-98df-7688e7ef0a88","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1680","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/399cd6ee-0e18-41db-9dea-cde3bd712f38","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"ACF1681","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12623e7e-4736-4b2e-b776-c1600f35f93a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(2)"]},{"policyDefinitionReferenceId":"ACF1682","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/62b638c5-29d7-404b-8d93-f21e4b1ce198","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(7)"]},{"policyDefinitionReferenceId":"ACF1683","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c79fee4-88dd-44ce-bbd4-4de88948c4f8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1684","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16bfdb59-db38-47a5-88a9-2e9371a638cf","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1685","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36b0ef30-366f-4b1b-8652-a3511df11f53","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1686","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e17085c5-0be8-4423-b39b-a52d3d1402e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1687","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a87fc7f-301e-49f3-ba2a-4d74f424fa97","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1688","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/063c3f09-e0f0-4587-8fd5-f4276fae675f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1689","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/de901f2f-a01a-4456-97f0-33cda7966172","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1690","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2567a23-d1c3-4783-99f3-d471302a4d6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(1)"]},{"policyDefinitionReferenceId":"ACF1691","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/71475fb4-49bd-450b-a1a5-f63894c24725","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(2)"]},{"policyDefinitionReferenceId":"ACF1692","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ecda928-9df4-4dd7-8f44-641a91e470e8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(4)"]},{"policyDefinitionReferenceId":"ACF1693","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a450eba6-2efc-4a00-846a-5804a93c6b77","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(5)"]},{"policyDefinitionReferenceId":"ACF1694","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/426c4ac9-ff17-49d0-acd7-a13c157081c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(11)"]},{"policyDefinitionReferenceId":"ACF1695","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13fcf812-ec82-4eda-9b89-498de9efd620","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(14)"]},{"policyDefinitionReferenceId":"ACF1696","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69d2a238-20ab-4206-a6dc-f302bf88b1b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(16)"]},{"policyDefinitionReferenceId":"ACF1697","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9873db2-18ad-46b3-a11a-1a1f8cbf0335","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(18)"]},{"policyDefinitionReferenceId":"ACF1698","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/31b752c1-05a9-432a-8fce-c39b56550119","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(19)"]},{"policyDefinitionReferenceId":"ACF1699","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69c7bee8-bc19-4129-a51e-65a7b39d3e7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(20)"]},{"policyDefinitionReferenceId":"ACF1700","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(22)"]},{"policyDefinitionReferenceId":"ACF1701","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f25bc08f-27cb-43b6-9a23-014d00700426","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(23)"]},{"policyDefinitionReferenceId":"ACF1702","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4dfc0855-92c4-4641-b155-a55ddd962362","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(24)"]},{"policyDefinitionReferenceId":"ACF1703","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/804faf7d-b687-40f7-9f74-79e28adf4205","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1704","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d44b6fa-1134-4ea6-ad4e-9edb68f65429","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1705","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f82e3639-fa2b-4e06-a786-932d8379b972","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1706","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f475ee0e-f560-4c9b-876b-04a77460a404","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1707","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd4a2ac8-868a-4702-a345-6c896c3361ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5(1)"]},{"policyDefinitionReferenceId":"ACF1708","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a1e2c88-13de-4959-8ee7-47e3d74f1f48","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1709","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/025992d6-7fee-4137-9bbf-2ffc39c0686c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1710","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af2a93c8-e6dd-4c94-acdd-4a2eedfc478e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1711","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b083a535-a66a-41ec-ba7f-f9498bf67cde","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1712","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44e543aa-41db-42aa-98eb-8a5eb1db53f0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7"]},{"policyDefinitionReferenceId":"ACF1713","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d87c70b-5012-48e9-994b-e70dd4b8def0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(1)"]},{"policyDefinitionReferenceId":"ACF1714","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e12494fa-b81e-4080-af71-7dbacc2da0ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(2)"]},{"policyDefinitionReferenceId":"ACF1715","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd469ae0-71a8-4adc-aafc-de6949ca3339","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(5)"]},{"policyDefinitionReferenceId":"ACF1716","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e54c325e-42a0-4dcf-b105-046e0f6f590f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(7)"]},{"policyDefinitionReferenceId":"ACF1717","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(14)"]},{"policyDefinitionReferenceId":"ACF1718","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0dced7ab-9ce5-4137-93aa-14c13e06ab17","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(14)"]},{"policyDefinitionReferenceId":"ACF1719","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c13da9b4-fe14-4fe2-853a-5997c9d4215a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8"]},{"policyDefinitionReferenceId":"ACF1720","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44b9a7cd-f36a-491a-a48b-6d04ae7c4221","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8"]},{"policyDefinitionReferenceId":"ACF1721","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8(1)"]},{"policyDefinitionReferenceId":"ACF1722","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1da06bd-25b6-4127-a301-c313d6873fff","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8(2)"]},{"policyDefinitionReferenceId":"ACF1723","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e91927a0-ac1d-44a0-95f8-5185f9dfce9f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-10"]},{"policyDefinitionReferenceId":"ACF1724","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d07594d1-0307-4c08-94db-5d71ff31f0f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-11"]},{"policyDefinitionReferenceId":"ACF1725","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/afc234b5-456b-4aa5-b3e2-ce89108124cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-11"]},{"policyDefinitionReferenceId":"ACF1726","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/baff1279-05e0-4463-9a70-8ba5de4c7aa4","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-12"]},{"policyDefinitionReferenceId":"ACF1727","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/697175a7-9715-4e89-b98b-c6f605888fa3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-16"]}],"policyDefinitionGroups":[{"name":"NIST_SP_800-53_R4_AC-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-1"},{"name":"NIST_SP_800-53_R4_AC-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-10"},{"name":"NIST_SP_800-53_R4_AC-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-11(1)"},{"name":"NIST_SP_800-53_R4_AC-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-11"},{"name":"NIST_SP_800-53_R4_AC-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-12(1)"},{"name":"NIST_SP_800-53_R4_AC-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-12"},{"name":"NIST_SP_800-53_R4_AC-14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-14"},{"name":"NIST_SP_800-53_R4_AC-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_
+ AC-16"},{"name":"NIST_SP_800-53_R4_AC-17(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(1)"},{"name":"NIST_SP_800-53_R4_AC-17(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(2)"},{"name":"NIST_SP_800-53_R4_AC-17(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(3)"},{"name":"NIST_SP_800-53_R4_AC-17(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(4)"},{"name":"NIST_SP_800-53_R4_AC-17(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(9)"},{"name":"NIST_SP_800-53_R4_AC-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17"},{"name":"NIST_SP_800-53_R4_AC-18(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(1)"},{"name":"NIST_SP_800-53_R4_AC-18(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(3)"},{"name":"NIST_SP_800-53_R4_AC-18(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(4)"},{"name":"NIST_SP_800-53_R4_AC-18(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(5)"},{"name":"NIST_SP_800-53_R4_AC-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18"},{"name":"NIST_SP_800-53_R4_AC-19(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-19(5)"},{"name":"NIST_SP_800-53_R4_AC-19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-19"},{"name":"NIST_SP_800-53_R4_AC-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(1)"},{"name":"NIST_SP_800-53_R4_AC-2(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(10)"},{"name":"NIST_SP_800-53_R4_AC-2(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(11)"},{"name":"NIST_SP_800-53_R4_AC-2(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(12)"},{"name":"NIST_SP_800-53_R4_AC-2(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(13)"},{"name":"NIST_SP_800-53_R4_AC-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(2)"},{"name":"NIST_SP_800-53_R4_AC-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(3)"},{"name":"NIST_SP_800-53_R4_AC-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(4)"},{"name":"NIST_SP_800-53_R4_AC-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(5)"},{"name":"NIST_SP_800-53_R4_AC-2(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(7)"},{"name":"NIST_SP_800-53_R4_AC-2(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(9)"},{"name":"NIST_SP_800-53_R4_AC-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2"},{"name":"NIST_SP_800-53_R4_AC-20(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20(1)"},{"name":"NIST_SP_800-53_R4_AC-20(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20(2)"},{"name":"NIST_SP_800-53_R4_AC-20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20"},{"name":"NIST_SP_800-53_R4_AC-21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-21"},{"name":"NIST_SP_800-53_R4_AC-22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-22"},{"name":"NIST_SP_800-53_R4_AC-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-3"},{"name":"NIST_SP_800-53_R4_AC-4(21)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4(21)"},{"name":"NIST_SP_800-53_R4_AC-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4(8)"},{"name":"NIST_SP_800-53_R4_AC-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4"},{"name":"NIST_SP_800-53_R4_AC-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-5"},{"name":"NIST_SP_800-53_R4_AC-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(1)"},{"name":"NIST_SP_800-53_R4_AC-6(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(10)"},{"name":"NIST_SP_800-53_R4_AC-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(2)"},{"name":"NIST_SP_800-53_R4_AC-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(3)"},{"name":"NIST_SP_800-53_R4_AC-6(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(5)"},{"name":"NIST_SP_800-53_R4_AC-6(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(7)"},{"name":"NIST_SP_800-53_R4_AC-6(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(8)"},{"name":"NIST_SP_800-53_R4_AC-6(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(9)"},{"name":"NIST_SP_800-53_R4_AC-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6"},{"name":"NIST_SP_800-53_R4_AC-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-7(2)"},{"name":"NIST_SP_800-53_R4_AC-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-7"},{"name":"NIST_SP_800-53_R4_AC-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-8"},{"name":"NIST_SP_800-53_R4_AT-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-1"},{"name":"NIST_SP_800-53_R4_AT-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-2(2)"},{"name":"NIST_SP_800-53_R4_AT-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-2"},{"name":"NIST_SP_800-53_R4_AT-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3(3)"},{"name":"NIST_SP_800-53_R4_AT-3(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3(4)"},{"name":"NIST_SP_800-53_R4_AT-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3"},{"name":"NIST_SP_800-53_R4_AT-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-4"},{"name":"NIST_SP_800-53_R4_AU-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-1"},{"name":"NIST_SP_800-53_R4_AU-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-10"},{"name":"NIST_SP_800-53_R4_AU-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-11"},{"name":"NIST_SP_800-53_R4_AU-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12(1)"},{"name":"NIST_SP_800-53_R4_AU-12(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12(3)"},{"name":"NIST_SP_800-53_R4_AU-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12"},{"name":"NIST_SP_800-53_R4_AU-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-2(3)"},{"name":"NIST_SP_800-53_R4_AU-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-2"},{"name":"NIST_SP_800-53_R4_AU-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3(1)"},{"name":"NIST_SP_800-53_R4_AU-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3(2)"},{"name":"NIST_SP_800-53_R4_AU-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3"},{"name":"NIST_SP_800-53_R4_AU-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-4"},{"name":"NIST_SP_800-53_R4_AU-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5(1)"},{"name":"NIST_SP_800-53_R4_AU-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5(2)"},{"name":"NIST_SP_800-53_R4_AU-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5"},{"name":"NIST_SP_800-53_R4_AU-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(1)"},{"name":"NIST_SP_800-53_R4_AU-6(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(10)"},{"name":"NIST_SP_800-53_R4_AU-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(3)"},{"name":"NIST_SP_800-53_R4_AU-6(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(4)"},{"name":"NIST_SP_800-53_R4_AU-6(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(5)"},{"name":"NIST_SP_800-53_R4_AU-6(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(6)"},{"name":"NIST_SP_800-53_R4_AU-6(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(7)"},{"name":"NIST_SP_800-53_R4_AU-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6"},{"name":"NIST_SP_800-53_R4_AU-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-7(1)"},{"name":"NIST_SP_800-53_R4_AU-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-7"},{"name":"NIST_SP_800-53_R4_AU-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-8(1)"},{"name":"NIST_SP_800-53_R4_AU-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-8"},{"name":"NIST_SP_800-53_R4_AU-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(2)"},{"name":"NIST_SP_800-53_R4_AU-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(3)"},{"name":"NIST_SP_800-53_R4_AU-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(4)"},{"name":"NIST_SP_800-53_R4_AU-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9"},{"name":"NIST_SP_800-53_R4_CA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-1"},{"name":"NIST_SP_800-53_R4_CA-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(1)"},{"name":"NIST_SP_800-53_R4_CA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(2)"},{"name":"NIST_SP_800-53_R4_CA-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(3)"},{"name":"NIST_SP_800-53_R4_CA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2"},{"name":"NIST_SP_800-53_R4_CA-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3(3)"},{"name":"NIST_SP_800-53_R4_CA-3(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3(5)"},{"name":"NIST_SP_800-53_R4_CA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3"},{"name":"NIST_SP_800-53_R4_CA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-5"},{"name":"NIST_SP_800-53_R4_CA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-6"},{"name":"NIST_SP_800-53_R4_CA-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7(1)"},{"name":"NIST_SP_800-53_R4_CA-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7(3)"},{"name":"NIST_SP_800-53_R4_CA-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7"},{"name":"NIST_SP_800-53_R4_CA-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-8(1)"},{"name":"NIST_SP_800-53_R4_CA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-8"},{"name":"NIST_SP_800-53_R4_CA-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-9"},{"name":"NIST_SP_800-53_R4_CM-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-1"},{"name":"NIST_SP_800-53_R4_CM-10(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-10(1)"},{"name":"NIST_SP_800-53_R4_CM-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-10"},{"name":"NIST_SP_800-53_R4_CM-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-11(1)"},{"name":"NIST_SP_800-53_R4_CM-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-11"},{"name":"NIST_SP_800-53_R4_CM-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(1)"},{"name":"NIST_SP_800-53_R4_CM-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(2)"},{"name":"NIST_SP_800-53_R4_CM-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(3)"},{"name":"NIST_SP_800-53_R4_CM-2(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(7)"},{"name":"NIST_SP_800-53_R4_CM-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2"},{"name":"NIST_SP_800-53_R4_CM-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(1)"},{"name":"NIST_SP_800-53_R4_CM-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(2)"},{"name":"NIST_SP_800-53_R4_CM-3(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(4)"},{"name":"NIST_SP_800-53_R4_CM-3(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(6)"},{"name":"NIST_SP_800-53_R4_CM-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3"},{"name":"NIST_SP_800-53_R4_CM-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-4(1)"},{"name":"NIST_SP_800-53_R4_CM-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-4"},{"name":"NIST_SP_800-53_R4_CM-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(1)"},{"name":"NIST_SP_800-53_R4_CM-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(2)"},{"name":"NIST_SP_800-53_R4_CM-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(3)"},{"name":"NIST_SP_800-53_R4_CM-5(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(5)"},{"name":"NIST_SP_800-53_R4_CM-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5"},{"name":"NIST_SP_800-53_R4_CM-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6(1)"},{"name":"NIST_SP_800-53_R4_CM-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6(2)"},{"name":"NIST_SP_800-53_R4_CM-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6"},{"name":"NIST_SP_800-53_R4_CM-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(1)"},{"name":"NIST_SP_800-53_R4_CM-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(2)"},{"name":"NIST_SP_800-53_R4_CM-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(5)"},{"name":"NIST_SP_800-53_R4_CM-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7"},{"name":"NIST_SP_800-53_R4_CM-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(1)"},{"name":"NIST_SP_800-53_R4_CM-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(2)"},{"name":"NIST_SP_800-53_R4_CM-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(3)"},{"name":"NIST_SP_800-53_R4_CM-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(4)"},{"name":"NIST_SP_800-53_R4_CM-8(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(5)"},{"name":"NIST_SP_800-53_R4_CM-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8"},{"name":"NIST_SP_800-53_R4_CM-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-9"},{"name":"NIST_SP_800-53_R4_CP-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-1"},{"name":"NIST_SP_800-53_R4_CP-10(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10(2)"},{"name":"NIST_SP_800-53_R4_CP-10(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10(4)"},{"name":"NIST_SP_800-53_R4_CP-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10"},{"name":"NIST_SP_800-53_R4_CP-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(1)"},{"name":"NIST_SP_800-53_R4_CP-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(2)"},{"name":"NIST_SP_800-53_R4_CP-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(3)"},{"name":"NIST_SP_800-53_R4_CP-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(4)"},{"name":"NIST_SP_800-53_R4_CP-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(5)"},{"name":"NIST_SP_800-53_R4_CP-2(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(8)"},{"name":"NIST_SP_800-53_R4_CP-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2"},{"name":"NIST_SP_800-53_R4_CP-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-3(1)"},{"name":"NIST_SP_800-53_R4_CP-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-3"},{"name":"NIST_SP_800-53_R4_CP-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4(1)"},{"name":"NIST_SP_800-53_R4_CP-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4(2)"},{"name":"NIST_SP_800-53_R4_CP-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4"},{"name":"NIST_SP_800-53_R4_CP-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(1)"},{"name":"NIST_SP_800-53_R4_CP-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(2)"},{"name":"NIST_SP_800-53_R4_CP-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(3)"},{"name":"NIST_SP_800-53_R4_CP-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6"},{"name":"NIST_SP_800-53_R4_CP-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(1)"},{"name":"NIST_SP_800-53_R4_CP-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(2)"},{"name":"NIST_SP_800-53_R4_CP-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(3)"},{"name":"NIST_SP_800-53_R4_CP-7(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(4)"},{"name":"NIST_SP_800-53_R4_CP-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7"},{"name":"NIST_SP_800-53_R4_CP-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(1)"},{"name":"NIST_SP_800-53_R4_CP-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(2)"},{"name":"NIST_SP_800-53_R4_CP-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(3)"},{"name":"NIST_SP_800-53_R4_CP-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(4)"},{"name":"NIST_SP_800-53_R4_CP-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8"},{"name":"NIST_SP_800-53_R4_CP-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(1)"},{"name":"NIST_SP_800-53_R4_CP-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(2)"},{"name":"NIST_SP_800-53_R4_CP-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(3)"},{"name":"NIST_SP_800-53_R4_CP-9(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(5)"},{"name":"NIST_SP_800-53_R4_CP-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9"},{"name":"NIST_SP_800-53_R4_IA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-1"},{"name":"NIST_SP_800-53_R4_IA-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(1)"},{"name":"NIST_SP_800-53_R4_IA-2(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(11)"},{"name":"NIST_SP_800-53_R4_IA-2(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(12)"},{"name":"NIST_SP_800-53_R4_IA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(2)"},{"name":"NIST_SP_800-53_R4_IA-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(3)"},{"name":"NIST_SP_800-53_R4_IA-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(4)"},{"name":"NIST_SP_800-53_R4_IA-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(5)"},{"name":"NIST_SP_800-53_R4_IA-2(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(8)"},{"name":"NIST_SP_800-53_R4_IA-2(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(9)"},{"name":"NIST_SP_800-53_R4_IA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2"},{"name":"NIST_SP_800-53_R4_IA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-3"},{"name":"NIST_SP_800-53_R4_IA-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-4(4)"},{"name":"NIST_SP_800-53_R4_IA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-4"},{"name":"NIST_SP_800-53_R4_IA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(1)"},{"name":"NIST_SP_800-53_R4_IA-5(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(11)"},{"name":"NIST_SP_800-53_R4_IA-5(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(13)"},{"name":"NIST_SP_800-53_R4_IA-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(2)"},{"name":"NIST_SP_800-53_R4_IA-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(3)"},{"name":"NIST_SP_800-53_R4_IA-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(4)"},{"name":"NIST_SP_800-53_R4_IA-5(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(6)"},{"name":"NIST_SP_800-53_R4_IA-5(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(7)"},{"name":"NIST_SP_800-53_R4_IA-5(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(8)"},{"name":"NIST_SP_800-53_R4_IA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5"},{"name":"NIST_SP_800-53_R4_IA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-6"},{"name":"NIST_SP_800-53_R4_IA-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-7"},{"name":"NIST_SP_800-53_R4_IA-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(1)"},{"name":"NIST_SP_800-53_R4_IA-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(2)"},{"name":"NIST_SP_800-53_R4_IA-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(3)"},{"name":"NIST_SP_800-53_R4_IA-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(4)"},{"name":"NIST_SP_800-53_R4_IA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8"},{"name":"NIST_SP_800-53_R4_IR-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-1"},{"name":"NIST_SP_800-53_R4_IR-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2(1)"},{"name":"NIST_SP_800-53_R4_IR-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2(2)"},{"name":"NIST_SP_800-53_R4_IR-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2"},{"name":"NIST_SP_800-53_R4_IR-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-3(2)"},{"name":"NIST_SP_800-53_R4_IR-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-3"},{"name":"NIST_SP_800-53_R4_IR-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(1)"},{"name":"NIST_SP_800-53_R4_IR-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(2)"},{"name":"NIST_SP_800-53_R4_IR-4(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(3)"},{"name":"NIST_SP_800-53_R4_IR-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(4)"},{"name":"NIST_SP_800-53_R4_IR-4(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(6)"},{"name":"NIST_SP_800-53_R4_IR-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(8)"},{"name":"NIST_SP_800-53_R4_IR-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4"},{"name":"NIST_SP_800-53_R4_IR-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-5(1)"},{"name":"NIST_SP_800-53_R4_IR-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-5"},{"name":"NIST_SP_800-53_R4_IR-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-6(1)"},{"name":"NIST_SP_800-53_R4_IR-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-6"},{"name":"NIST_SP_800-53_R4_IR-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7(1)"},{"name":"NIST_SP_800-53_R4_IR-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7(2)"},{"name":"NIST_SP_800-53_R4_IR-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7"},{"name":"NIST_SP_800-53_R4_IR-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-8"},{"name":"NIST_SP_800-53_R4_IR-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(1)"},{"name":"NIST_SP_800-53_R4_IR-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(2)"},{"name":"NIST_SP_800-53_R4_IR-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(3)"},{"name":"NIST_SP_800-53_R4_IR-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(4)"},{"name":"NIST_SP_800-53_R4_IR-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9"},{"name":"NIST_SP_800-53_R4_MA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-1"},{"name":"NIST_SP_800-53_R4_MA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-2(2)"},{"name":"NIST_SP_800-53_R4_MA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-2"},{"name":"NIST_SP_800-53_R4_MA-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(1)"},{"name":"NIST_SP_800-53_R4_MA-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(2)"},{"name":"NIST_SP_800-53_R4_MA-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(3)"},{"name":"NIST_SP_800-53_R4_MA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3"},{"name":"NIST_SP_800-53_R4_MA-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(2)"},{"name":"NIST_SP_800-53_R4_MA-4(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(3)"},{"name":"NIST_SP_800-53_R4_MA-4(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(6)"},{"name":"NIST_SP_800-53_R4_MA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4"},{"name":"NIST_SP_800-53_R4_MA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-5(1)"},{"name":"NIST_SP_800-53_R4_MA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-5"},{"name":"NIST_SP_800-53_R4_MA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-6"},{"name":"NIST_SP_800-53_R4_MP-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-1"},{"name":"NIST_SP_800-53_R4_MP-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-2"},{"name":"NIST_SP_800-53_R4_MP-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-3"},{"name":"NIST_SP_800-53_R4_MP-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-4"},{"name":"NIST_SP_800-53_R4_MP-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-5(4)"},{"name":"NIST_SP_800-53_R4_MP-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-5"},{"name":"NIST_SP_800-53_R4_MP-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(1)"},{"name":"NIST_SP_800-53_R4_MP-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(2)"},{"name":"NIST_SP_800-53_R4_MP-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(3)"},{"name":"NIST_SP_800-53_R4_MP-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6"},{"name":"NIST_SP_800-53_R4_MP-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-7(1)"},{"name":"NIST_SP_800-53_R4_MP-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-7"},{"name":"NIST_SP_800-53_R4_PE-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-1"},{"name":"NIST_SP_800-53_R4_PE-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-10"},{"name":"NIST_SP_800-53_R4_PE-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-11(1)"},{"name":"NIST_SP_800-53_R4_PE-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-11"},{"name":"NIST_SP_800-53_R4_PE-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-12"},{"name":"NIST_SP_800-53_R4_PE-13(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(1)"},{"name":"NIST_SP_800-53_R4_PE-13(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(2)"},{"name":"NIST_SP_800-53_R4_PE-13(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(3)"},{"name":"NIST_SP_800-53_R4_PE-13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13"},{"name":"NIST_SP_800-53_R4_PE-14(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-14(2)"},{"name":"NIST_SP_800-53_R4_PE-14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-14"},{"name":"NIST_SP_800-53_R4_PE-15(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-15(1)"},{"name":"NIST_SP_800-53_R4_PE-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-15"},{"name":"NIST_SP_800-53_R4_PE-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-16"},{"name":"NIST_SP_800-53_R4_PE-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-17"},{"name":"NIST_SP_800-53_R4_PE-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-18"},{"name":"NIST_SP_800-53_R4_PE-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-2"},{"name":"NIST_SP_800-53_R4_PE-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-3(1)"},{"name":"NIST_SP_800-53_R4_PE-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-3"},{"name":"NIST_SP_800-53_R4_PE-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-4"},{"name":"NIST_SP_800-53_R4_PE-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-5"},{"name":"NIST_SP_800-53_R4_PE-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6(1)"},{"name":"NIST_SP_800-53_R4_PE-6(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6(4)"},{"name":"NIST_SP_800-53_R4_PE-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6"},{"name":"NIST_SP_800-53_R4_PE-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-8(1)"},{"name":"NIST_SP_800-53_R4_PE-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-8"},{"name":"NIST_SP_800-53_R4_PE-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-9"},{"name":"NIST_SP_800-53_R4_PL-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-1"},{"name":"NIST_SP_800-53_R4_PL-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-2(3)"},{"name":"NIST_SP_800-53_R4_PL-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-2"},{"name":"NIST_SP_800-53_R4_PL-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-4(1)"},{"name":"NIST_SP_800-53_R4_PL-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-4"},{"name":"NIST_SP_800-53_R4_PL-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-8"},{"name":"NIST_SP_800-53_R4_PS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-1"},{"name":"NIST_SP_800-53_R4_PS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-2"},{"name":"NIST_SP_800-53_R4_PS-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-3(3)"},{"name":"NIST_SP_800-53_R4_PS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-3"},{"name":"NIST_SP_800-53_R4_PS-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-4(2)"},{"name":"NIST_SP_800-53_R4_PS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-4"},{"name":"NIST_SP_800-53_R4_PS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-5"},{"name":"NIST_SP_800-53_R4_PS-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-6"},{"name":"NIST_SP_800-53_R4_PS-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-7"},{"name":"NIST_SP_800-53_R4_PS-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-8"},{"name":"NIST_SP_800-53_R4_RA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-1"},{"name":"NIST_SP_800-53_R4_RA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-2"},{"name":"NIST_SP_800-53_R4_RA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-3"},{"name":"NIST_SP_800-53_R4_RA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(1)"},{"name":"NIST_SP_800-53_R4_RA-5(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(10)"},{"name":"NIST_SP_800-53_R4_RA-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(2)"},{"name":"NIST_SP_800-53_R4_RA-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(3)"},{"name":"NIST_SP_800-53_R4_RA-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(4)"},{"name":"NIST_SP_800-53_R4_RA-5(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(5)"},{"name":"NIST_SP_800-53_R4_RA-5(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(6)"},{"name":"NIST_SP_800-53_R4_RA-5(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(8)"},{"name":"NIST_SP_800-53_R4_RA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5"},{"name":"NIST_SP_800-53_R4_SA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-1"},{"name":"NIST_SP_800-53_R4_SA-10(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-10(1)"},{"name":"NIST_SP_800-53_R4_SA-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-10"},{"name":"NIST_SP_800-53_R4_SA-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(1)"},{"name":"NIST_SP_800-53_R4_SA-11(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(2)"},{"name":"NIST_SP_800-53_R4_SA-11(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(8)"},{"name":"NIST_SP_800-53_R4_SA-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11"},{"name":"NIST_SP_800-53_R4_SA-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-12"},{"name":"NIST_SP_800-53_R4_SA-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-15"},{"name":"NIST_SP_800-53_R4_SA-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-16"},{"name":"NIST_SP_800-53_R4_SA-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-17"},{"name":"NIST_SP_800-53_R4_SA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-2"},{"name":"NIST_SP_800-53_R4_SA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-3"},{"name":"NIST_SP_800-53_R4_SA-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(1)"},{"name":"NIST_SP_800-53_R4_SA-4(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(10)"},{"name":"NIST_SP_800-53_R4_SA-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(2)"},{"name":"NIST_SP_800-53_R4_SA-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(8)"},{"name":"NIST_SP_800-53_R4_SA-4(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(9)"},{"name":"NIST_SP_800-53_R4_SA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4"},{"name":"NIST_SP_800-53_R4_SA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-5"},{"name":"NIST_SP_800-53_R4_SA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-8"},{"name":"NIST_SP_800-53_R4_SA-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(1)"},{"name":"NIST_SP_800-53_R4_SA-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(2)"},{"name":"NIST_SP_800-53_R4_SA-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(4)"},{"name":"NIST_SP_800-53_R4_SA-9(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(5)"},{"name":"NIST_SP_800-53_R4_SA-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9"},{"name":"NIST_SP_800-53_R4_SC-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-1"},{"name":"NIST_SP_800-53_R4_SC-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-10"},{"name":"NIST_SP_800-53_R4_SC-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(1)"},{"name":"NIST_SP_800-53_R4_SC-12(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(2)"},{"name":"NIST_SP_800-53_R4_SC-12(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(3)"},{"name":"NIST_SP_800-53_R4_SC-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12"},{"name":"NIST_SP_800-53_R4_SC-13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-13"},{"name":"NIST_SP_800-53_R4_SC-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-15"},{"name":"NIST_SP_800-53_R4_SC-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-17"},{"name":"NIST_SP_800-53_R4_SC-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-18"},{"name":"NIST_SP_800-53_R4_SC-19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-19"},{"name":"NIST_SP_800-53_R4_SC-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-2"},{"name":"NIST_SP_800-53_R4_SC-20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-20"},{"name":"NIST_SP_800-53_R4_SC-21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-21"},{"name":"NIST_SP_800-53_R4_SC-22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-22"},{"name":"NIST_SP_800-53_R4_SC-23(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-23(1)"},{"name":"NIST_SP_800-53_R4_SC-23","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-23"},{"name":"NIST_SP_800-53_R4_SC-24","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-24"},{"name":"NIST_SP_800-53_R4_SC-28(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-28(1)"},{"name":"NIST_SP_800-53_R4_SC-28","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-28"},{"name":"NIST_SP_800-53_R4_SC-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-3"},{"name":"NIST_SP_800-53_R4_SC-39","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-39"},{"name":"NIST_SP_800-53_R4_SC-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-4"},{"name":"NIST_SP_800-53_R4_SC-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-5"},{"name":"NIST_SP_800-53_R4_SC-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-6"},{"name":"NIST_SP_800-53_R4_SC-7(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(10)"},{"name":"NIST_SP_800-53_R4_SC-7(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(12)"},{"name":"NIST_SP_800-53_R4_SC-7(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(13)"},{"name":"NIST_SP_800-53_R4_SC-7(18)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(18)"},{"name":"NIST_SP_800-53_R4_SC-7(20)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(20)"},{"name":"NIST_SP_800-53_R4_SC-7(21)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(21)"},{"name":"NIST_SP_800-53_R4_SC-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(3)"},{"name":"NIST_SP_800-53_R4_SC-7(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(4)"},{"name":"NIST_SP_800-53_R4_SC-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(5)"},{"name":"NIST_SP_800-53_R4_SC-7(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(7)"},{"name":"NIST_SP_800-53_R4_SC-7(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(8)"},{"name":"NIST_SP_800-53_R4_SC-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7"},{"name":"NIST_SP_800-53_R4_SC-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-8(1)"},{"name":"NIST_SP_800-53_R4_SC-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-8"},{"name":"NIST_SP_800-53_R4_SI-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-1"},{"name":"NIST_SP_800-53_R4_SI-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-10"},{"name":"NIST_SP_800-53_R4_SI-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-11"},{"name":"NIST_SP_800-53_R4_SI-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-12"},{"name":"NIST_SP_800-53_R4_SI-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-16"},{"name":"NIST_SP_800-53_R4_SI-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(1)"},{"name":"NIST_SP_800-53_R4_SI-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(2)"},{"name":"NIST_SP_800-53_R4_SI-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(3)"},{"name":"NIST_SP_800-53_R4_SI-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2"},{"name":"NIST_SP_800-53_R4_SI-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(1)"},{"name":"NIST_SP_800-53_R4_SI-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(2)"},{"name":"NIST_SP_800-53_R4_SI-3(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(7)"},{"name":"NIST_SP_800-53_R4_SI-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3"},{"name":"NIST_SP_800-53_R4_SI-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(1)"},{"name":"NIST_SP_800-53_R4_SI-4(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(11)"},{"name":"NIST_SP_800-53_R4_SI-4(14)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(14)"},{"name":"NIST_SP_800-53_R4_SI-4(16)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(16)"},{"name":"NIST_SP_800-53_R4_SI-4(18)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(18)"},{"name":"NIST_SP_800-53_R4_SI-4(19)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(19)"},{"name":"NIST_SP_800-53_R4_SI-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(2)"},{"name":"NIST_SP_800-53_R4_SI-4(20)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(20)"},{"name":"NIST_SP_800-53_R4_SI-4(22)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(22)"},{"name":"NIST_SP_800-53_R4_SI-4(23)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(23)"},{"name":"NIST_SP_800-53_R4_SI-4(24)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(24)"},{"name":"NIST_SP_800-53_R4_SI-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(4)"},{"name":"NIST_SP_800-53_R4_SI-4(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(5)"},{"name":"NIST_SP_800-53_R4_SI-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4"},{"name":"NIST_SP_800-53_R4_SI-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-5(1)"},{"name":"NIST_SP_800-53_R4_SI-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-5"},{"name":"NIST_SP_800-53_R4_SI-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-6"},{"name":"NIST_SP_800-53_R4_SI-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(1)"},{"name":"NIST_SP_800-53_R4_SI-7(14)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(14)"},{"name":"NIST_SP_800-53_R4_SI-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(2)"},{"name":"NIST_SP_800-53_R4_SI-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(5)"},{"name":"NIST_SP_800-53_R4_SI-7(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(7)"},{"name":"NIST_SP_800-53_R4_SI-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7"},{"name":"NIST_SP_800-53_R4_SI-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8(1)"},{"name":"NIST_SP_800-53_R4_SI-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8(2)"},{"name":"NIST_SP_800-53_R4_SI-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f","type":"Microsoft.Authorization/policySetDefinitions","name":"cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f"},{"properties":{"displayName":"[Preview]:
+ Audit FedRAMP High controls and deploy specific VM Extensions to support audit
+ requirements","policyType":"BuiltIn","description":"This initiative includes
+ audit and VM Extension deployment policies that address a subset of FedRAMP
+ H controls. Additional policies will be added in upcoming releases. For more
+ information, please visit https://aka.ms/fedramph-blueprint.","metadata":{"category":"Regulatory
+ Compliance","preview":true},"parameters":{"listOfAllowedLocationsForResourcesAndResourceGroups":{"type":"Array","metadata":{"displayName":"Allowed
+ locations for resources and resource groups","description":"This policy enables
+ you to restrict the locations your organization can create resource groups
+ in or deploy resources. Use to enforce your geo-compliance requirements. Excludes
+ resource groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources
+ that use the ''global'' region.","strongType":"location"}},"membersToIncludeInAdministratorsLocalGroup":{"type":"String","metadata":{"displayName":"Members
+ to be included in the Administrators local group","description":"A semicolon-separated
+ list of members that should be included in the Administrators local group.
+ Ex: Administrator; myUser1; myUser2"}},"membersToExcludeInAdministratorsLocalGroup":{"type":"String","metadata":{"displayName":"Members
+ that should be excluded in the Administrators local group","description":"A
+ semicolon-separated list of members that should be excluded in the Administrators
+ local group. Ex: Administrator; myUser1; myUser2"}},"logAnalyticsWorkspaceIdForVMs":{"type":"String","metadata":{"displayName":"Log
+ Analytics Workspace Id that VMs should be configured for","description":"This
+ is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured
+ for."}},"listOfResourceTypes":{"type":"Array","metadata":{"displayName":"List
+ of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerability
+ assessment should be enabled on your SQL managed instances","description":"Audit
+ SQL managed instances which do not have recurring vulnerability assessment
+ scans enabled. Vulnerability assessment can discover, track, and help you
+ remediate potential database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vulnerabilityAssessmentOnServerMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerability
+ assessment should be enabled on your SQL servers","description":"Audit Azure
+ SQL servers which do not have recurring vulnerability assessment scans enabled.
+ Vulnerability assessment can discover, track, and help you remediate potential
+ database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vulnerabilityAssessmentOnVirtualMachinesEffect":{"type":"String","metadata":{"displayName":"Vulnerability
+ Assessment should be enabled on Virtual Machines","description":"Monitors
+ vulnerabilities detected by Azure Security Center Vulnerability Assessment
+ on Virtual Machines"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"geoRedundancyEnabledForStorageAccountsEffect":{"type":"String","metadata":{"displayName":"Geo-redundant
+ storage should be enabled for Storage Accounts","description":"This policy
+ audits any Storage Account with geo-redundant storage not enabled."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"geoRedundancyEnabledForAzureDatabaseForMariaDBEffect":{"type":"String","metadata":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for MariaDB","description":"This
+ policy audits any Azure Database for MariaDB with geo-redundant backup not
+ enabled."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"geoRedundancyEnabledForAzureDatabaseForMySQLEffect":{"type":"String","metadata":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for MySQL","description":"This
+ policy audits any Azure Database for MySQL with geo-redundant backup not enabled."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"geoRedundancyEnabledForAzureDatabaseForPostgreSQLEffect":{"type":"String","metadata":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for PostgreSQL","description":"This
+ policy audits any Azure Database for PostgreSQL with geo-redundant backup
+ not enabled."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"adaptiveNetworkHardeningsMonitoringEffect":{"type":"String","metadata":{"displayName":"Network
+ Security Group Rules for Internet facing virtual machines should be hardened","description":"Enable
+ or disable the monitoring of Internet-facing virtual machines for Network
+ Security Group traffic hardening recommendations"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppEnforceHttpsMonitoringEffect":{"type":"String","metadata":{"displayName":"Web
+ Application should only be accessible over HTTPS","description":"Enable or
+ disable the monitoring of the use of HTTPS in Web App"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"functionAppEnforceHttpsMonitoringEffect":{"type":"String","metadata":{"displayName":"Function
+ App should only be accessible over HTTPS","description":"Enable or disable
+ the monitoring of the use of HTTPS in function App"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"External
+ accounts with write permissions should be removed from your subscription","description":"Enable
+ or disable the monitoring of external acounts with write permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"External
+ accounts with read permissions should be removed from your subscription","description":"Enable
+ or disable the monitoring of external acounts with read permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"External
+ accounts with owner permissions should be removed from your subscription","description":"Enable
+ or disable the monitoring of external acounts with owner permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"Deprecated
+ accounts with owner permissions should be removed from your subscription","description":"Enable
+ or disable the monitoring of deprecated acounts with owner permissions in
+ subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveDeprecatedAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Deprecated
+ accounts should be removed from your subscription","description":"Enable or
+ disable the monitoring of deprecated acounts in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppRestrictCORSAccessMonitoringEffect":{"type":"String","metadata":{"displayName":"CORS
+ should not allow every resource to access your Web Application","description":"Enable
+ or disable the monitoring of CORS restrictions for API Web"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vmssSystemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"System
+ updates on virtual machine scale sets should be installed","description":"Enable
+ or disable virtual machine scale sets reporting of system updates"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForReadPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled on accounts with read permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with read permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled on accounts with owner permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with owner permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForWritePermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled accounts with write permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with write permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect":{"type":"String","metadata":{"displayName":"Long-term
+ geo-redundant backup should be enabled for Azure SQL Databases","description":"This
+ policy audits any Azure SQL Database with long-term geo-redundant backup not
+ enabled."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"previewMonitorUnprotectedWebApplicationInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"deployRequirementsToAuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{}},{"policyDefinitionReferenceId":"auditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"auditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"serviceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"auditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"transparentDataEncryptionOnSqlDatabasesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"auditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{}},{"policyDefinitionReferenceId":"auditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a","parameters":{}},{"policyDefinitionReferenceId":"auditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de","parameters":{}},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"auditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"auditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"anAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesShouldBeRemediatedByAVulnerabilityAssessmentSolution","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"diskEncryptionShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesOnYourSqlDatabasesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"justInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"systemUpdatesShouldBeInstalledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"monitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmShouldNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditLinuxVmPasswdFilePermissions","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"endpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"previewShowAuditResultsFromWindowsVMsThatDoNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatAllowReUseOfThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLinuxVMsThatHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"dDoSProtectionStandardShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"thereShouldBeMoreThanOneOwnerAssignedToYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"aMaximumOf3OwnersShouldBeDesignatedForYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsAgentDeploymentInVmssVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsAgentDeploymentVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"apiAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"VulnerabilityAssessmentshouldbeenabledonVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnVirtualMachinesEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantStorageShouldBeEnabledForStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf045164-79ba-4215-8f95-f8048dc1780b","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForStorageAccountsEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMariaDB","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForMariaDBEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMySQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForMySQLEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgreSQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForPostgreSQLEffect'')]"}}},{"policyDefinitionReferenceId":"allowedLocationsForResourceGroups","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988","parameters":{"listOfAllowedLocations":{"value":"[parameters(''listOfAllowedLocationsForResourcesAndResourceGroups'')]"}}},{"policyDefinitionReferenceId":"allowedLocationsForResources","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","parameters":{"listOfAllowedLocations":{"value":"[parameters(''listOfAllowedLocationsForResourcesAndResourceGroups'')]"}}},{"policyDefinitionReferenceId":"deployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","parameters":{"membersToInclude":{"value":"[parameters(''membersToIncludeInAdministratorsLocalGroup'')]"}}},{"policyDefinitionReferenceId":"DeployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","parameters":{"membersToExclude":{"value":"[parameters(''membersToExcludeInAdministratorsLocalGroup'')]"}}},{"policyDefinitionReferenceId":"auditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdForVMs'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"longtermGeoRedundantBackupEnabledAzureSQLDatabases","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","parameters":{"effect":{"value":"[parameters(''longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/d5264498-16f4-418a-b659-fa7ef418175f","type":"Microsoft.Authorization/policySetDefinitions","name":"d5264498-16f4-418a-b659-fa7ef418175f"},{"properties":{"displayName":"[Preview]:
+ Audit Windows VMs that do not match Azure security baseline settings","policyType":"BuiltIn","description":"This
+ initiative deploys the policy requirements and audits Windows virtual machines
+ with non-compliant Azure security baseline configurations. For more information
+ on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"parameters":{"EnableInsecureGuestLogons":{"type":"String","metadata":{"displayName":"Enable
+ insecure guest logons","description":"Specifies whether the SMB client will
+ allow insecure guest logons to an SMB server."},"defaultValue":"0"},"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain":{"type":"String","metadata":{"displayName":"Allow
+ simultaneous connections to the Internet or a Windows Domain","description":"Specify
+ whether to prevent computers from connecting to both a domain based network
+ and a non-domain based network at the same time. A value of 0 allows simultaneous
+ connections, and a value of 1 blocks them."},"defaultValue":"1"},"TurnOffMulticastNameResolution":{"type":"String","metadata":{"displayName":"Turn
+ off multicast name resolution","description":"Specifies whether LLMNR, a secondary
+ name resolution protocol that transmits using multicast over a local subnet
+ link on a single subnet, is enabled."},"defaultValue":"1"},"AlwaysUseClassicLogon":{"type":"String","metadata":{"displayName":"Always
+ use classic logon","description":"Specifies whether to force the user to log
+ on to the computer using the classic logon screen. This setting only works
+ when the computer is not on a domain."},"defaultValue":"0"},"BootStartDriverInitializationPolicy":{"type":"String","metadata":{"displayName":"Boot-Start
+ Driver Initialization Policy","description":"Specifies which boot-start drivers
+ are initialized based on a classification determined by an Early Launch Antimalware
+ boot-start driver."},"defaultValue":"3"},"EnableWindowsNTPClient":{"type":"String","metadata":{"displayName":"Enable
+ Windows NTP Client","description":"Specifies whether the Windows NTP Client
+ is enabled. Enabling the Windows NTP Client allows your computer to synchronize
+ its computer clock with other NTP servers."},"defaultValue":"1"},"TurnOnConveniencePINSignin":{"type":"String","metadata":{"displayName":"Turn
+ on convenience PIN sign-in","description":"Specifies whether a domain user
+ can sign in using a convenience PIN."},"defaultValue":"0"},"AccountsGuestAccountStatus":{"type":"String","metadata":{"displayName":"Accounts:
+ Guest account status","description":"Specifies whether the local Guest account
+ is disabled."},"defaultValue":"0"},"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"type":"String","metadata":{"displayName":"Audit:
+ Shut down system immediately if unable to log security audits","description":"Audits
+ if the system will shut down when unable to log Security events."},"defaultValue":"0"},"DevicesAllowedToFormatAndEjectRemovableMedia":{"type":"String","metadata":{"displayName":"Devices:
+ Allowed to format and eject removable media","description":"Specifies who
+ is allowed to format and eject removable NTFS media. You can use this policy
+ setting to prevent unauthorized users from removing data on one computer to
+ access it on another computer on which they have local administrator privileges."},"defaultValue":"0"},"MicrosoftNetworkClientDigitallySignCommunicationsAlways":{"type":"String","metadata":{"displayName":"Microsoft
+ network client: Digitally sign communications (always)","description":"Specifies
+ whether packet signing is required by the SMB client component."},"defaultValue":"1"},"MicrosoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers":{"type":"String","metadata":{"displayName":"Microsoft
+ network client: Send unencrypted password to third-party SMB servers","description":"Specifies
+ whether the SMB redirector will send plaintext passwords during authentication
+ to third-party SMB servers that do not support password encryption. It is
+ recommended that you disable this policy setting unless there is a strong
+ business case to enable it."},"defaultValue":"0"},"MicrosoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession":{"type":"String","metadata":{"displayName":"Microsoft
+ network server: Amount of idle time required before suspending session","description":"Specifies
+ the amount of continuous idle time that must pass in an SMB session before
+ the session is suspended because of inactivity. The format of the value is
+ two integers separated by a comma, denoting an inclusive range."},"defaultValue":"1,15"},"MicrosoftNetworkServerDigitallySignCommunicationsAlways":{"type":"String","metadata":{"displayName":"Microsoft
+ network server: Digitally sign communications (always)","description":"Specifies
+ whether packet signing is required by the SMB server component."},"defaultValue":"1"},"MicrosoftNetworkServerDisconnectClientsWhenLogonHoursExpire":{"type":"String","metadata":{"displayName":"Microsoft
+ network server: Disconnect clients when logon hours expire","description":"Specifies
+ whether to disconnect users who are connected to the local computer outside
+ their user account''s valid logon hours. This setting affects the Server Message
+ Block (SMB) component. If you enable this policy setting you should also enable
+ ''Network security: Force logoff when logon hours expire''"},"defaultValue":"1"},"NetworkAccessRemotelyAccessibleRegistryPaths":{"type":"String","metadata":{"displayName":"Network
+ access: Remotely accessible registry paths","description":"Specifies which
+ registry paths will be accessible over the network, regardless of the users
+ or groups listed in the access control list (ACL) of the `winreg` registry
+ key."},"defaultValue":"System\\CurrentControlSet\\Control\\ProductOptions|#|System\\CurrentControlSet\\Control\\Server
+ Applications|#|Software\\Microsoft\\Windows NT\\CurrentVersion"},"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths":{"type":"String","metadata":{"displayName":"Network
+ access: Remotely accessible registry paths and sub-paths","description":"Specifies
+ which registry paths and sub-paths will be accessible over the network, regardless
+ of the users or groups listed in the access control list (ACL) of the `winreg`
+ registry key."},"defaultValue":"System\\CurrentControlSet\\Control\\Print\\Printers|#|System\\CurrentControlSet\\Services\\Eventlog|#|Software\\Microsoft\\OLAP
+ Server|#|Software\\Microsoft\\Windows NT\\CurrentVersion\\Print|#|Software\\Microsoft\\Windows
+ NT\\CurrentVersion\\Windows|#|System\\CurrentControlSet\\Control\\ContentIndex|#|System\\CurrentControlSet\\Control\\Terminal
+ Server|#|System\\CurrentControlSet\\Control\\Terminal Server\\UserConfig|#|System\\CurrentControlSet\\Control\\Terminal
+ Server\\DefaultUserConfiguration|#|Software\\Microsoft\\Windows NT\\CurrentVersion\\Perflib|#|System\\CurrentControlSet\\Services\\SysmonLog"},"NetworkAccessSharesThatCanBeAccessedAnonymously":{"type":"String","metadata":{"displayName":"Network
+ access: Shares that can be accessed anonymously","description":"Specifies
+ which network shares can be accessed by anonymous users. The default configuration
+ for this policy setting has little effect because all users have to be authenticated
+ before they can access shared resources on the server."},"defaultValue":"0"},"NetworkSecurityConfigureEncryptionTypesAllowedForKerberos":{"type":"String","metadata":{"displayName":"Network
+ Security: Configure encryption types allowed for Kerberos","description":"Specifies
+ the encryption types that Kerberos is allowed to use."},"defaultValue":"2147483644"},"NetworkSecurityLANManagerAuthenticationLevel":{"type":"String","metadata":{"displayName":"Network
+ security: LAN Manager authentication level","description":"Specify which challenge-response
+ authentication protocol is used for network logons. This choice affects the
+ level of authentication protocol used by clients, the level of session security
+ negotiated, and the level of authentication accepted by servers."},"defaultValue":"5"},"NetworkSecurityLDAPClientSigningRequirements":{"type":"String","metadata":{"displayName":"Network
+ security: LDAP client signing requirements","description":"Specify the level
+ of data signing that is requested on behalf of clients that issue LDAP BIND
+ requests."},"defaultValue":"1"},"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients":{"type":"String","metadata":{"displayName":"Network
+ security: Minimum session security for NTLM SSP based (including secure RPC)
+ clients","description":"Specifies which behaviors are allowed by clients for
+ applications using the NTLM Security Support Provider (SSP). The SSP Interface
+ (SSPI) is used by applications that need authentication services. See https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers
+ for more information."},"defaultValue":"537395200"},"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers":{"type":"String","metadata":{"displayName":"Network
+ security: Minimum session security for NTLM SSP based (including secure RPC)
+ servers","description":"Specifies which behaviors are allowed by servers for
+ applications using the NTLM Security Support Provider (SSP). The SSP Interface
+ (SSPI) is used by applications that need authentication services."},"defaultValue":"537395200"},"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"type":"String","metadata":{"displayName":"Recovery
+ console: Allow floppy copy and access to all drives and all folders","description":"Specifies
+ whether to make the Recovery Console SET command available, which allows setting
+ of recovery console environment variables."},"defaultValue":"0"},"ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn":{"type":"String","metadata":{"displayName":"Shutdown:
+ Allow system to be shut down without having to log on","description":"Specifies
+ whether a computer can be shut down when a user is not logged on. If this
+ policy setting is enabled, the shutdown command is available on the Windows
+ logon screen."},"defaultValue":"0"},"ShutdownClearVirtualMemoryPagefile":{"type":"String","metadata":{"displayName":"Shutdown:
+ Clear virtual memory pagefile","description":"Specifies whether the virtual
+ memory pagefile is cleared when the system is shut down. When this policy
+ setting is enabled, the system pagefile is cleared each time that the system
+ shuts down properly. For systems with large amounts of RAM, this could result
+ in substantial time needed to complete the shutdown."},"defaultValue":"0"},"SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies":{"type":"String","metadata":{"displayName":"System
+ settings: Use Certificate Rules on Windows Executables for Software Restriction
+ Policies","description":"Specifies whether digital certificates are processed
+ when software restriction policies are enabled and a user or process attempts
+ to run software with an .exe file name extension. It enables or disables certificate
+ rules (a type of software restriction policies rule). For certificate rules
+ to take effect in software restriction policies, you must enable this policy
+ setting."},"defaultValue":"1"},"UACAdminApprovalModeForTheBuiltinAdministratorAccount":{"type":"String","metadata":{"displayName":"UAC:
+ Admin Approval Mode for the Built-in Administrator account","description":"Specifies
+ the behavior of Admin Approval Mode for the built-in Administrator account."},"defaultValue":"1"},"UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode":{"type":"String","metadata":{"displayName":"UAC:
+ Behavior of the elevation prompt for administrators in Admin Approval Mode","description":"Specifies
+ the behavior of the elevation prompt for administrators."},"defaultValue":"2"},"UACDetectApplicationInstallationsAndPromptForElevation":{"type":"String","metadata":{"displayName":"UAC:
+ Detect application installations and prompt for elevation","description":"Specifies
+ the behavior of application installation detection for the computer."},"defaultValue":"1"},"UACRunAllAdministratorsInAdminApprovalMode":{"type":"String","metadata":{"displayName":"UAC:
+ Run all administrators in Admin Approval Mode","description":"Specifies the
+ behavior of all User Account Control (UAC) policy settings for the computer."},"defaultValue":"1"},"EnforcePasswordHistory":{"type":"String","metadata":{"displayName":"Enforce
+ password history","description":"Specifies limits on password reuse - how
+ many times a new password must be created for a user account before the password
+ can be repeated."},"defaultValue":"24"},"MaximumPasswordAge":{"type":"String","metadata":{"displayName":"Maximum
+ password age","description":"Specifies the maximum number of days that may
+ elapse before a user account password must be changed. The format of the value
+ is two integers separated by a comma, denoting an inclusive range."},"defaultValue":"1,70"},"MinimumPasswordAge":{"type":"String","metadata":{"displayName":"Minimum
+ password age","description":"Specifies the minimum number of days that must
+ elapse before a user account password can be changed."},"defaultValue":"1"},"MinimumPasswordLength":{"type":"String","metadata":{"displayName":"Minimum
+ password length","description":"Specifies the minimum number of characters
+ that a user account password may contain."},"defaultValue":"14"},"PasswordMustMeetComplexityRequirements":{"type":"String","metadata":{"displayName":"Password
+ must meet complexity requirements","description":"Specifies whether a user
+ account password must be complex. If required, a complex password must not
+ contain part of user''s account name or full name; be at least 6 characters
+ long; contain a mix of uppercase, lowercase, number, and non-alphabetic characters."},"defaultValue":"1"},"AuditCredentialValidation":{"type":"String","metadata":{"displayName":"Audit
+ Credential Validation","description":"Specifies whether audit events are generated
+ when credentials are submitted for a user account logon request. This setting
+ is especially useful for monitoring unsuccessful attempts, to find brute-force
+ attacks, account enumeration, and potential account compromise events on domain
+ controllers."},"allowedValues":["No Auditing","Success","Failure","Success
+ and Failure"],"defaultValue":"Success and Failure"},"AuditProcessTermination":{"type":"String","metadata":{"displayName":"Audit
+ Process Termination","description":"Specifies whether audit events are generated
+ when a process has exited. Recommended for monitoring termination of critical
+ processes."},"allowedValues":["No Auditing","Success","Failure","Success and
+ Failure"],"defaultValue":"No Auditing"},"AuditGroupMembership":{"type":"String","metadata":{"displayName":"Audit
+ Group Membership","description":"Specifies whether audit events are generated
+ when group memberships are enumerated on the client computer."},"allowedValues":["No
+ Auditing","Success","Failure","Success and Failure"],"defaultValue":"Success"},"AuditDetailedFileShare":{"type":"String","metadata":{"displayName":"Audit
+ Detailed File Share","description":"If this policy setting is enabled, access
+ to all shared files and folders on the system is audited. Auditing for Success
+ can lead to very high volumes of events."},"allowedValues":["No Auditing","Success","Failure","Success
+ and Failure"],"defaultValue":"No Auditing"},"AuditFileShare":{"type":"String","metadata":{"displayName":"Audit
+ File Share","description":"Specifies whether to audit events related to file
+ shares: creation, deletion, modification, and access attempts. Also, it shows
+ failed SMB SPN checks. Event volumes can be high on DCs and File Servers."},"allowedValues":["No
+ Auditing","Success","Failure","Success and Failure"],"defaultValue":"No Auditing"},"AuditFileSystem":{"type":"String","metadata":{"displayName":"Audit
+ File System","description":"Specifies whether audit events are generated when
+ users attempt to access file system objects. Audit events are generated only
+ for objects that have configured system access control lists (SACLs)."},"allowedValues":["No
+ Auditing","Success","Failure","Success and Failure"],"defaultValue":"No Auditing"},"AuditAuthenticationPolicyChange":{"type":"String","metadata":{"displayName":"Audit
+ Authentication Policy Change","description":"Specifies whether audit events
+ are generated when changes are made to authentication policy. This setting
+ is useful for tracking changes in domain-level and forest-level trust and
+ privileges that are granted to user accounts or groups."},"allowedValues":["No
+ Auditing","Success","Failure","Success and Failure"],"defaultValue":"Success"},"AuditAuthorizationPolicyChange":{"type":"String","metadata":{"displayName":"Audit
+ Authorization Policy Change","description":"Specifies whether audit events
+ are generated for assignment and removal of user rights in user right policies,
+ changes in security token object permission, resource attributes changes and
+ Central Access Policy changes for file system objects."},"allowedValues":["No
+ Auditing","Success","Failure","Success and Failure"],"defaultValue":"No Auditing"},"AuditOtherSystemEvents":{"type":"String","metadata":{"displayName":"Audit
+ Other System Events","description":"Specifies whether audit events are generated
+ for Windows Firewall Service and Windows Firewall driver start and stop events,
+ failure events for these services and Windows Firewall Service policy processing
+ failures."},"allowedValues":["No Auditing","Success","Failure","Success and
+ Failure"],"defaultValue":"No Auditing"},"UsersOrGroupsThatMayAccessThisComputerFromTheNetwork":{"type":"String","metadata":{"displayName":"Users
+ or groups that may access this computer from the network","description":"Specifies
+ which remote users on the network are permitted to connect to the computer.
+ This does not include Remote Desktop Connection."},"defaultValue":"Administrators,
+ Authenticated Users"},"UsersOrGroupsThatMayLogOnLocally":{"type":"String","metadata":{"displayName":"Users
+ or groups that may log on locally","description":"Specifies which users or
+ groups can interactively log on to the computer. Users who attempt to log
+ on via Remote Desktop Connection or IIS also require this user right."},"defaultValue":"Administrators"},"UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices":{"type":"String","metadata":{"displayName":"Users
+ or groups that may log on through Remote Desktop Services","description":"Specifies
+ which users or groups are permitted to log on as a Terminal Services client,
+ Remote Desktop, or for Remote Assistance."},"defaultValue":"Administrators,
+ Remote Desktop Users"},"UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork":{"type":"String","metadata":{"displayName":"Users
+ and groups that are denied access to this computer from the network","description":"Specifies
+ which users or groups are explicitly prohibited from connecting to the computer
+ across the network."},"defaultValue":"Guests"},"UsersOrGroupsThatMayManageAuditingAndSecurityLog":{"type":"String","metadata":{"displayName":"Users
+ or groups that may manage auditing and security log","description":"Specifies
+ users and groups permitted to change the auditing options for files and directories
+ and clear the Security log."},"defaultValue":"Administrators"},"UsersOrGroupsThatMayBackUpFilesAndDirectories":{"type":"String","metadata":{"displayName":"Users
+ or groups that may back up files and directories","description":"Specifies
+ users and groups allowed to circumvent file and directory permissions to back
+ up the system."},"defaultValue":"Administrators, Backup Operators"},"UsersOrGroupsThatMayChangeTheSystemTime":{"type":"String","metadata":{"displayName":"Users
+ or groups that may change the system time","description":"Specifies which
+ users and groups are permitted to change the time and date on the internal
+ clock of the computer."},"defaultValue":"Administrators, LOCAL SERVICE"},"UsersOrGroupsThatMayChangeTheTimeZone":{"type":"String","metadata":{"displayName":"Users
+ or groups that may change the time zone","description":"Specifies which users
+ and groups are permitted to change the time zone of the computer."},"defaultValue":"Administrators,
+ LOCAL SERVICE"},"UsersOrGroupsThatMayCreateATokenObject":{"type":"String","metadata":{"displayName":"Users
+ or groups that may create a token object","description":"Specifies which users
+ and groups are permitted to create an access token, which may provide elevated
+ rights to access sensitive data."},"defaultValue":"No One"},"UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob":{"type":"String","metadata":{"displayName":"Users
+ and groups that are denied logging on as a batch job","description":"Specifies
+ which users and groups are explicitly not permitted to log on to the computer
+ as a batch job (i.e. scheduled task)."},"defaultValue":"Guests"},"UsersAndGroupsThatAreDeniedLoggingOnAsAService":{"type":"String","metadata":{"displayName":"Users
+ and groups that are denied logging on as a service","description":"Specifies
+ which service accounts are explicitly not permitted to register a process
+ as a service."},"defaultValue":"Guests"},"UsersAndGroupsThatAreDeniedLocalLogon":{"type":"String","metadata":{"displayName":"Users
+ and groups that are denied local logon","description":"Specifies which users
+ and groups are explicitly not permitted to log on to the computer."},"defaultValue":"Guests"},"UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices":{"type":"String","metadata":{"displayName":"Users
+ and groups that are denied log on through Remote Desktop Services","description":"Specifies
+ which users and groups are explicitly not permitted to log on to the computer
+ via Terminal Services/Remote Desktop Client."},"defaultValue":"Guests"},"UserAndGroupsThatMayForceShutdownFromARemoteSystem":{"type":"String","metadata":{"displayName":"User
+ and groups that may force shutdown from a remote system","description":"Specifies
+ which users and groups are permitted to shut down the computer from a remote
+ location on the network."},"defaultValue":"Administrators"},"UsersAndGroupsThatMayRestoreFilesAndDirectories":{"type":"String","metadata":{"displayName":"Users
+ and groups that may restore files and directories","description":"Specifies
+ which users and groups are permitted to bypass file, directory, registry,
+ and other persistent object permissions when restoring backed up files and
+ directories."},"defaultValue":"Administrators, Backup Operators"},"UsersAndGroupsThatMayShutDownTheSystem":{"type":"String","metadata":{"displayName":"Users
+ and groups that may shut down the system","description":"Specifies which users
+ and groups who are logged on locally to the computers in your environment
+ are permitted to shut down the operating system with the Shut Down command."},"defaultValue":"Administrators"},"UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects":{"type":"String","metadata":{"displayName":"Users
+ or groups that may take ownership of files or other objects","description":"Specifies
+ which users and groups are permitted to take ownership of files, folders,
+ registry keys, processes, or threads. This user right bypasses any permissions
+ that are in place to protect objects to give ownership to the specified user."},"defaultValue":"Administrators"},"SendFileSamplesWhenFurtherAnalysisIsRequired":{"type":"String","metadata":{"displayName":"Send
+ file samples when further analysis is required","description":"Specifies whether
+ and how Windows Defender will submit samples of suspected malware to Microsoft
+ for further analysis when opt-in for MAPS telemetry is set."},"defaultValue":"1"},"AllowIndexingOfEncryptedFiles":{"type":"String","metadata":{"displayName":"Allow
+ indexing of encrypted files","description":"Specifies whether encrypted items
+ are allowed to be indexed."},"defaultValue":"0"},"AllowTelemetry":{"type":"String","metadata":{"displayName":"Allow
+ Telemetry","description":"Specifies configuration of the amount of diagnostic
+ and usage data reported to Microsoft. The data is transmitted securely and
+ sensitive data is not sent."},"defaultValue":"2"},"AllowUnencryptedTraffic":{"type":"String","metadata":{"displayName":"Allow
+ unencrypted traffic","description":"Specifies whether the Windows Remote Management
+ (WinRM) service sends and receives unencrypted messages over the network."},"defaultValue":"0"},"AlwaysInstallWithElevatedPrivileges":{"type":"String","metadata":{"displayName":"Always
+ install with elevated privileges","description":"Specifies whether Windows
+ Installer should use system permissions when it installs any program on the
+ system."},"defaultValue":"0"},"AlwaysPromptForPasswordUponConnection":{"type":"String","metadata":{"displayName":"Always
+ prompt for password upon connection","description":"Specifies whether Terminal
+ Services/Remote Desktop Connection always prompts the client computer for
+ a password upon connection."},"defaultValue":"1"},"ApplicationSpecifyTheMaximumLogFileSizeKB":{"type":"String","metadata":{"displayName":"Application:
+ Specify the maximum log file size (KB)","description":"Specifies the maximum
+ size for the Application event log in kilobytes."},"defaultValue":"32768"},"AutomaticallySendMemoryDumpsForOSgeneratedErrorReports":{"type":"String","metadata":{"displayName":"Automatically
+ send memory dumps for OS-generated error reports","description":"Specifies
+ if memory dumps in support of OS-generated error reports can be sent to Microsoft
+ automatically."},"defaultValue":"1"},"ConfigureDefaultConsent":{"type":"String","metadata":{"displayName":"Configure
+ Default consent","description":"Specifies setting of the default consent handling
+ for error reports sent to Microsoft."},"defaultValue":"4"},"ConfigureWindowsSmartScreen":{"type":"String","metadata":{"displayName":"Configure
+ Windows SmartScreen","description":"Specifies how to manage the behavior of
+ Windows SmartScreen. Windows SmartScreen helps keep PCs safer by warning users
+ before running unrecognized programs downloaded from the Internet. Some information
+ is sent to Microsoft about files and programs run on PCs with this feature
+ enabled."},"defaultValue":"1"},"DisallowDigestAuthentication":{"type":"String","metadata":{"displayName":"Disallow
+ Digest authentication","description":"Specifies whether the Windows Remote
+ Management (WinRM) client will not use Digest authentication."},"defaultValue":"0"},"DisallowWinRMFromStoringRunAsCredentials":{"type":"String","metadata":{"displayName":"Disallow
+ WinRM from storing RunAs credentials","description":"Specifies whether the
+ Windows Remote Management (WinRM) service will not allow RunAs credentials
+ to be stored for any plug-ins."},"defaultValue":"1"},"DoNotAllowPasswordsToBeSaved":{"type":"String","metadata":{"displayName":"Do
+ not allow passwords to be saved","description":"Specifies whether to prevent
+ Remote Desktop Services - Terminal Services clients from saving passwords
+ on a computer."},"defaultValue":"1"},"SecuritySpecifyTheMaximumLogFileSizeKB":{"type":"String","metadata":{"displayName":"Security:
+ Specify the maximum log file size (KB)","description":"Specifies the maximum
+ size for the Security event log in kilobytes."},"defaultValue":"196608"},"SetClientConnectionEncryptionLevel":{"type":"String","metadata":{"displayName":"Set
+ client connection encryption level","description":"Specifies whether to require
+ the use of a specific encryption level to secure communications between client
+ computers and RD Session Host servers during Remote Desktop Protocol (RDP)
+ connections. This policy only applies when you are using native RDP encryption."},"defaultValue":"3"},"SetTheDefaultBehaviorForAutoRun":{"type":"String","metadata":{"displayName":"Set
+ the default behavior for AutoRun","description":"Specifies the default behavior
+ for Autorun commands. Autorun commands are generally stored in autorun.inf
+ files. They often launch the installation program or other routines."},"defaultValue":"1"},"SetupSpecifyTheMaximumLogFileSizeKB":{"type":"String","metadata":{"displayName":"Setup:
+ Specify the maximum log file size (KB)","description":"Specifies the maximum
+ size for the Setup event log in kilobytes."},"defaultValue":"32768"},"SystemSpecifyTheMaximumLogFileSizeKB":{"type":"String","metadata":{"displayName":"System:
+ Specify the maximum log file size (KB)","description":"Specifies the maximum
+ size for the System event log in kilobytes."},"defaultValue":"32768"},"TurnOffDataExecutionPreventionForExplorer":{"type":"String","metadata":{"displayName":"Turn
+ off Data Execution Prevention for Explorer","description":"Specifies whether
+ to turn off Data Execution Prevention for Windows File Explorer. Disabling
+ data execution prevention can allow certain legacy plug-in applications to
+ function without terminating Explorer."},"defaultValue":"0"},"SpecifyTheIntervalToCheckForDefinitionUpdates":{"type":"String","metadata":{"displayName":"Specify
+ the interval to check for definition updates","description":"Specifies an
+ interval at which to check for Windows Defender definition updates. The time
+ value is represented as the number of hours between update checks."},"defaultValue":"8"},"WindowsFirewallDomainUseProfileSettings":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Use profile settings","description":"Specifies whether
+ Windows Firewall with Advanced Security uses the settings for the Domain profile
+ to filter network traffic. If you select Off, Windows Firewall with Advanced
+ Security will not use any of the firewall rules or connection security rules
+ for this profile."},"defaultValue":"1"},"WindowsFirewallDomainBehaviorForOutboundConnections":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Behavior for outbound connections","description":"Specifies
+ the behavior for outbound connections for the Domain profile that do not match
+ an outbound firewall rule. The default value of 0 means to allow connections,
+ and a value of 1 means to block connections."},"defaultValue":"0"},"WindowsFirewallDomainApplyLocalConnectionSecurityRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Apply local connection security rules","description":"Specifies
+ whether local administrators are allowed to create connection security rules
+ that apply together with connection security rules configured by Group Policy
+ for the Domain profile."},"defaultValue":"1"},"WindowsFirewallDomainApplyLocalFirewallRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Apply local firewall rules","description":"Specifies whether
+ local administrators are allowed to create local firewall rules that apply
+ together with firewall rules configured by Group Policy for the Domain profile."},"defaultValue":"1"},"WindowsFirewallDomainDisplayNotifications":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Display notifications","description":"Specifies whether
+ Windows Firewall with Advanced Security displays notifications to the user
+ when a program is blocked from receiving inbound connections, for the Domain
+ profile."},"defaultValue":"1"},"WindowsFirewallPrivateUseProfileSettings":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Use profile settings","description":"Specifies whether
+ Windows Firewall with Advanced Security uses the settings for the Private
+ profile to filter network traffic. If you select Off, Windows Firewall with
+ Advanced Security will not use any of the firewall rules or connection security
+ rules for this profile."},"defaultValue":"1"},"WindowsFirewallPrivateBehaviorForOutboundConnections":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Behavior for outbound connections","description":"Specifies
+ the behavior for outbound connections for the Private profile that do not
+ match an outbound firewall rule. The default value of 0 means to allow connections,
+ and a value of 1 means to block connections."},"defaultValue":"0"},"WindowsFirewallPrivateApplyLocalConnectionSecurityRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Apply local connection security rules","description":"Specifies
+ whether local administrators are allowed to create connection security rules
+ that apply together with connection security rules configured by Group Policy
+ for the Private profile."},"defaultValue":"1"},"WindowsFirewallPrivateApplyLocalFirewallRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Apply local firewall rules","description":"Specifies whether
+ local administrators are allowed to create local firewall rules that apply
+ together with firewall rules configured by Group Policy for the Private profile."},"defaultValue":"1"},"WindowsFirewallPrivateDisplayNotifications":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Display notifications","description":"Specifies whether
+ Windows Firewall with Advanced Security displays notifications to the user
+ when a program is blocked from receiving inbound connections, for the Private
+ profile."},"defaultValue":"1"},"WindowsFirewallPublicUseProfileSettings":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Use profile settings","description":"Specifies whether
+ Windows Firewall with Advanced Security uses the settings for the Public profile
+ to filter network traffic. If you select Off, Windows Firewall with Advanced
+ Security will not use any of the firewall rules or connection security rules
+ for this profile."},"defaultValue":"1"},"WindowsFirewallPublicBehaviorForOutboundConnections":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Behavior for outbound connections","description":"Specifies
+ the behavior for outbound connections for the Public profile that do not match
+ an outbound firewall rule. The default value of 0 means to allow connections,
+ and a value of 1 means to block connections."},"defaultValue":"0"},"WindowsFirewallPublicApplyLocalConnectionSecurityRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Apply local connection security rules","description":"Specifies
+ whether local administrators are allowed to create connection security rules
+ that apply together with connection security rules configured by Group Policy
+ for the Public profile."},"defaultValue":"1"},"WindowsFirewallPublicApplyLocalFirewallRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Apply local firewall rules","description":"Specifies whether
+ local administrators are allowed to create local firewall rules that apply
+ together with firewall rules configured by Group Policy for the Public profile."},"defaultValue":"1"},"WindowsFirewallPublicDisplayNotifications":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Display notifications","description":"Specifies whether
+ Windows Firewall with Advanced Security displays notifications to the user
+ when a program is blocked from receiving inbound connections, for the Public
+ profile."},"defaultValue":"1"},"WindowsFirewallDomainAllowUnicastResponse":{"type":"String","metadata":{"displayName":"Windows
+ Firewall: Domain: Allow unicast response","description":"Specifies whether
+ Windows Firewall with Advanced Security permits the local computer to receive
+ unicast responses to its outgoing multicast or broadcast messages; for the
+ Domain profile."},"defaultValue":"0"},"WindowsFirewallPrivateAllowUnicastResponse":{"type":"String","metadata":{"displayName":"Windows
+ Firewall: Private: Allow unicast response","description":"Specifies whether
+ Windows Firewall with Advanced Security permits the local computer to receive
+ unicast responses to its outgoing multicast or broadcast messages; for the
+ Private profile."},"defaultValue":"0"},"WindowsFirewallPublicAllowUnicastResponse":{"type":"String","metadata":{"displayName":"Windows
+ Firewall: Public: Allow unicast response","description":"Specifies whether
+ Windows Firewall with Advanced Security permits the local computer to receive
+ unicast responses to its outgoing multicast or broadcast messages; for the
+ Public profile."},"defaultValue":"1"}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_AzureBaseline_AdministrativeTemplatesControlPanel","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec7ac234-2af5-4729-94d2-c557c071799d"},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_AdministrativeTemplatesNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/985285b7-b97a-419c-8d48-c88cc934c8d8","parameters":{"EnableInsecureGuestLogons":{"value":"[parameters(''EnableInsecureGuestLogons'')]"},"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain":{"value":"[parameters(''AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain'')]"},"TurnOffMulticastNameResolution":{"value":"[parameters(''TurnOffMulticastNameResolution'')]"}}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_AdministrativeTemplatesSystem","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40917425-69db-4018-8dae-2a0556cef899","parameters":{"AlwaysUseClassicLogon":{"value":"[parameters(''AlwaysUseClassicLogon'')]"},"BootStartDriverInitializationPolicy":{"value":"[parameters(''BootStartDriverInitializationPolicy'')]"},"EnableWindowsNTPClient":{"value":"[parameters(''EnableWindowsNTPClient'')]"},"TurnOnConveniencePINSignin":{"value":"[parameters(''TurnOnConveniencePINSignin'')]"}}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_AdminstrativeTemplatesMSSLegacy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f1f4825d-58fb-4257-8016-8c00e3c9ed9d"},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e5b81f87-9185-4224-bf00-9f505e9f89f3","parameters":{"AccountsGuestAccountStatus":{"value":"[parameters(''AccountsGuestAccountStatus'')]"}}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/498b810c-59cd-4222-9338-352ba146ccf3","parameters":{"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"value":"[parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')]"}}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsDevices","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6481cc21-ed6e-4480-99dd-ea7c5222e897","parameters":{"DevicesAllowedToFormatAndEjectRemovableMedia":{"value":"[parameters(''DevicesAllowedToFormatAndEjectRemovableMedia'')]"}}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsInteractiveLogon","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3750712b-43d0-478e-9966-d2c26f6141b9"},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsMicrosoftNetworkClient","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bbcdd8fa-b600-4ee3-85b8-d184e3339652","parameters":{"MicrosoftNetworkClientDigitallySignCommunicationsAlways":{"value":"[parameters(''MicrosoftNetworkClientDigitallySignCommunicationsAlways'')]"},"MicrosoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers":{"value":"[parameters(''MicrosoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers'')]"},"MicrosoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession":{"value":"[parameters(''MicrosoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession'')]"},"MicrosoftNetworkServerDigitallySignCommunicationsAlways":{"value":"[parameters(''MicrosoftNetworkServerDigitallySignCommunicationsAlways'')]"},"MicrosoftNetworkServerDisconnectClientsWhenLogonHoursExpire":{"value":"[parameters(''MicrosoftNetworkServerDisconnectClientsWhenLogonHoursExpire'')]"}}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsMicrosoftNetworkServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86880e5c-df35-43c5-95ad-7e120635775e"},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsNetworkAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f56a3ab2-89d1-44de-ac0d-2ada5962e22a","parameters":{"NetworkAccessRemotelyAccessibleRegistryPaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPaths'')]"},"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths'')]"},"NetworkAccessSharesThatCanBeAccessedAnonymously":{"value":"[parameters(''NetworkAccessSharesThatCanBeAccessedAnonymously'')]"}}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsNetworkSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36e17963-7202-494a-80c3-f508211c826b","parameters":{"NetworkSecurityConfigureEncryptionTypesAllowedForKerberos":{"value":"[parameters(''NetworkSecurityConfigureEncryptionTypesAllowedForKerberos'')]"},"NetworkSecurityLANManagerAuthenticationLevel":{"value":"[parameters(''NetworkSecurityLANManagerAuthenticationLevel'')]"},"NetworkSecurityLDAPClientSigningRequirements":{"value":"[parameters(''NetworkSecurityLDAPClientSigningRequirements'')]"},"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients":{"value":"[parameters(''NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients'')]"},"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers":{"value":"[parameters(''NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers'')]"}}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsRecoveryconsole","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b","parameters":{"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsShutdown","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f8c20ce-3414-4496-8b26-0e902a1541da","parameters":{"ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn":{"value":"[parameters(''ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn'')]"},"ShutdownClearVirtualMemoryPagefile":{"value":"[parameters(''ShutdownClearVirtualMemoryPagefile'')]"}}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsSystemobjects","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12ae2d24-3805-4b37-9fa9-465968bfbcfa"},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsSystemsettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/437a1f8f-8552-47a8-8b12-a2fee3269dd5","parameters":{"SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies":{"value":"[parameters(''SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies'')]"}}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsUserAccountControl","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e425e402-a050-45e5-b010-bd3f934589fc","parameters":{"UACAdminApprovalModeForTheBuiltinAdministratorAccount":{"value":"[parameters(''UACAdminApprovalModeForTheBuiltinAdministratorAccount'')]"},"UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode":{"value":"[parameters(''UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode'')]"},"UACDetectApplicationInstallationsAndPromptForElevation":{"value":"[parameters(''UACDetectApplicationInstallationsAndPromptForElevation'')]"},"UACRunAllAdministratorsInAdminApprovalMode":{"value":"[parameters(''UACRunAllAdministratorsInAdminApprovalMode'')]"}}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecuritySettingsAccountPolicies","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3d95ab7-f47a-49d8-a347-784177b6c94c","parameters":{"EnforcePasswordHistory":{"value":"[parameters(''EnforcePasswordHistory'')]"},"MaximumPasswordAge":{"value":"[parameters(''MaximumPasswordAge'')]"},"MinimumPasswordAge":{"value":"[parameters(''MinimumPasswordAge'')]"},"MinimumPasswordLength":{"value":"[parameters(''MinimumPasswordLength'')]"},"PasswordMustMeetComplexityRequirements":{"value":"[parameters(''PasswordMustMeetComplexityRequirements'')]"}}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SystemAuditPoliciesAccountLogon","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c1e289c0-ffad-475d-a924-adc058765d65","parameters":{"AuditCredentialValidation":{"value":"[parameters(''AuditCredentialValidation'')]"}}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SystemAuditPoliciesAccountManagement","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29"},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SystemAuditPoliciesDetailedTracking","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/42a07bbf-ffcf-459a-b4b1-30ecd118a505","parameters":{"AuditProcessTermination":{"value":"[parameters(''AuditProcessTermination'')]"}}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SystemAuditPoliciesLogonLogoff","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c04255ee-1b9f-42c1-abaa-bf1553f79930","parameters":{"AuditGroupMembership":{"value":"[parameters(''AuditGroupMembership'')]"}}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SystemAuditPoliciesObjectAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8e170edb-e0f5-497a-bb36-48b3280cec6a","parameters":{"AuditDetailedFileShare":{"value":"[parameters(''AuditDetailedFileShare'')]"},"AuditFileShare":{"value":"[parameters(''AuditFileShare'')]"},"AuditFileSystem":{"value":"[parameters(''AuditFileSystem'')]"}}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SystemAuditPoliciesPolicyChange","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/97b595c8-fd10-400e-8543-28e2b9138b13","parameters":{"AuditAuthenticationPolicyChange":{"value":"[parameters(''AuditAuthenticationPolicyChange'')]"},"AuditAuthorizationPolicyChange":{"value":"[parameters(''AuditAuthorizationPolicyChange'')]"}}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SystemAuditPoliciesPrivilegeUse","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ce2370f6-0ac5-4d85-8ab4-10721cc640b0"},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SystemAuditPoliciesSystem","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8b0158d-4766-490f-bea0-259e52dba473","parameters":{"AuditOtherSystemEvents":{"value":"[parameters(''AuditOtherSystemEvents'')]"}}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_UserRightsAssignment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/815dcc9f-6662-43f2-9a03-1b83e9876f24","parameters":{"UsersOrGroupsThatMayAccessThisComputerFromTheNetwork":{"value":"[parameters(''UsersOrGroupsThatMayAccessThisComputerFromTheNetwork'')]"},"UsersOrGroupsThatMayLogOnLocally":{"value":"[parameters(''UsersOrGroupsThatMayLogOnLocally'')]"},"UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices":{"value":"[parameters(''UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices'')]"},"UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork":{"value":"[parameters(''UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork'')]"},"UsersOrGroupsThatMayManageAuditingAndSecurityLog":{"value":"[parameters(''UsersOrGroupsThatMayManageAuditingAndSecurityLog'')]"},"UsersOrGroupsThatMayBackUpFilesAndDirectories":{"value":"[parameters(''UsersOrGroupsThatMayBackUpFilesAndDirectories'')]"},"UsersOrGroupsThatMayChangeTheSystemTime":{"value":"[parameters(''UsersOrGroupsThatMayChangeTheSystemTime'')]"},"UsersOrGroupsThatMayChangeTheTimeZone":{"value":"[parameters(''UsersOrGroupsThatMayChangeTheTimeZone'')]"},"UsersOrGroupsThatMayCreateATokenObject":{"value":"[parameters(''UsersOrGroupsThatMayCreateATokenObject'')]"},"UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob'')]"},"UsersAndGroupsThatAreDeniedLoggingOnAsAService":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLoggingOnAsAService'')]"},"UsersAndGroupsThatAreDeniedLocalLogon":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLocalLogon'')]"},"UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices'')]"},"UserAndGroupsThatMayForceShutdownFromARemoteSystem":{"value":"[parameters(''UserAndGroupsThatMayForceShutdownFromARemoteSystem'')]"},"UsersAndGroupsThatMayRestoreFilesAndDirectories":{"value":"[parameters(''UsersAndGroupsThatMayRestoreFilesAndDirectories'')]"},"UsersAndGroupsThatMayShutDownTheSystem":{"value":"[parameters(''UsersAndGroupsThatMayShutDownTheSystem'')]"},"UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects":{"value":"[parameters(''UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects'')]"}}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_WindowsComponents","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7040a231-fb65-4412-8c0a-b365f4866c24","parameters":{"SendFileSamplesWhenFurtherAnalysisIsRequired":{"value":"[parameters(''SendFileSamplesWhenFurtherAnalysisIsRequired'')]"},"AllowIndexingOfEncryptedFiles":{"value":"[parameters(''AllowIndexingOfEncryptedFiles'')]"},"AllowTelemetry":{"value":"[parameters(''AllowTelemetry'')]"},"AllowUnencryptedTraffic":{"value":"[parameters(''AllowUnencryptedTraffic'')]"},"AlwaysInstallWithElevatedPrivileges":{"value":"[parameters(''AlwaysInstallWithElevatedPrivileges'')]"},"AlwaysPromptForPasswordUponConnection":{"value":"[parameters(''AlwaysPromptForPasswordUponConnection'')]"},"ApplicationSpecifyTheMaximumLogFileSizeKB":{"value":"[parameters(''ApplicationSpecifyTheMaximumLogFileSizeKB'')]"},"AutomaticallySendMemoryDumpsForOSgeneratedErrorReports":{"value":"[parameters(''AutomaticallySendMemoryDumpsForOSgeneratedErrorReports'')]"},"ConfigureDefaultConsent":{"value":"[parameters(''ConfigureDefaultConsent'')]"},"ConfigureWindowsSmartScreen":{"value":"[parameters(''ConfigureWindowsSmartScreen'')]"},"DisallowDigestAuthentication":{"value":"[parameters(''DisallowDigestAuthentication'')]"},"DisallowWinRMFromStoringRunAsCredentials":{"value":"[parameters(''DisallowWinRMFromStoringRunAsCredentials'')]"},"DoNotAllowPasswordsToBeSaved":{"value":"[parameters(''DoNotAllowPasswordsToBeSaved'')]"},"SecuritySpecifyTheMaximumLogFileSizeKB":{"value":"[parameters(''SecuritySpecifyTheMaximumLogFileSizeKB'')]"},"SetClientConnectionEncryptionLevel":{"value":"[parameters(''SetClientConnectionEncryptionLevel'')]"},"SetTheDefaultBehaviorForAutoRun":{"value":"[parameters(''SetTheDefaultBehaviorForAutoRun'')]"},"SetupSpecifyTheMaximumLogFileSizeKB":{"value":"[parameters(''SetupSpecifyTheMaximumLogFileSizeKB'')]"},"SystemSpecifyTheMaximumLogFileSizeKB":{"value":"[parameters(''SystemSpecifyTheMaximumLogFileSizeKB'')]"},"TurnOffDataExecutionPreventionForExplorer":{"value":"[parameters(''TurnOffDataExecutionPreventionForExplorer'')]"},"SpecifyTheIntervalToCheckForDefinitionUpdates":{"value":"[parameters(''SpecifyTheIntervalToCheckForDefinitionUpdates'')]"}}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_WindowsFirewallProperties","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/909c958d-1b99-4c74-b88f-46a5c5bc34f9","parameters":{"WindowsFirewallDomainUseProfileSettings":{"value":"[parameters(''WindowsFirewallDomainUseProfileSettings'')]"},"WindowsFirewallDomainBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallDomainBehaviorForOutboundConnections'')]"},"WindowsFirewallDomainApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallDomainApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalFirewallRules'')]"},"WindowsFirewallDomainDisplayNotifications":{"value":"[parameters(''WindowsFirewallDomainDisplayNotifications'')]"},"WindowsFirewallPrivateUseProfileSettings":{"value":"[parameters(''WindowsFirewallPrivateUseProfileSettings'')]"},"WindowsFirewallPrivateBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPrivateBehaviorForOutboundConnections'')]"},"WindowsFirewallPrivateApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallPrivateApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalFirewallRules'')]"},"WindowsFirewallPrivateDisplayNotifications":{"value":"[parameters(''WindowsFirewallPrivateDisplayNotifications'')]"},"WindowsFirewallPublicUseProfileSettings":{"value":"[parameters(''WindowsFirewallPublicUseProfileSettings'')]"},"WindowsFirewallPublicBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPublicBehaviorForOutboundConnections'')]"},"WindowsFirewallPublicApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallPublicApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalFirewallRules'')]"},"WindowsFirewallPublicDisplayNotifications":{"value":"[parameters(''WindowsFirewallPublicDisplayNotifications'')]"},"WindowsFirewallDomainAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallDomainAllowUnicastResponse'')]"},"WindowsFirewallPrivateAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPrivateAllowUnicastResponse'')]"},"WindowsFirewallPublicAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPublicAllowUnicastResponse'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_AdministrativeTemplatesControlPanel","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/87b590fe-4a1d-4697-ae74-d4fe72ab786c"},{"policyDefinitionReferenceId":"Audit_AzureBaseline_AdministrativeTemplatesNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7229bd6a-693d-478a-87f0-1dc1af06f3b8"},{"policyDefinitionReferenceId":"Audit_AzureBaseline_AdministrativeTemplatesSystem","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1e8dda3-9fd2-4835-aec3-0e55531fde33"},{"policyDefinitionReferenceId":"Audit_AzureBaseline_AdminstrativeTemplatesMSSLegacy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/97646672-5efa-4622-9b54-740270ad60bf"},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b872a447-cc6f-43b9-bccf-45703cd81607"},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21e2995e-683e-497a-9e81-2f42ad07050a"},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsDevices","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3d7b154e-2700-4c8c-9e46-cb65ac1578c2"},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsInteractiveLogon","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c8abcef9-fc26-482f-b8db-5fa60ee4586d"},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsMicrosoftNetworkClient","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fcbc55c9-f25a-4e55-a6cb-33acb3be778b"},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsMicrosoftNetworkServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6fe4ef56-7576-4dc4-8e9c-26bad4b087ce"},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsNetworkAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30040dab-4e75-4456-8273-14b8f75d91d9"},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsNetworkSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c028d2a-1889-45f6-b821-31f42711ced8"},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsRecoveryconsole","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b"},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsShutdown","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3a77a94-cf41-4ee8-b45c-98be28841c03"},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsSystemobjects","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/620e58b5-ac75-49b4-993f-a9d4f0459636"},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsSystemsettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8a39d1f1-5513-4628-b261-f469a5a3341b"},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsUserAccountControl","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/29829ec2-489d-4925-81b7-bda06b1718e0"},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecuritySettingsAccountPolicies","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ddb53c61-9db4-41d4-a953-2abff5b66c12"},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SystemAuditPoliciesAccountLogon","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc87d811-4a9b-47cc-ae54-0a41abda7768"},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SystemAuditPoliciesAccountManagement","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/225e937e-d32e-4713-ab74-13ce95b3519a"},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SystemAuditPoliciesDetailedTracking","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9a33475-481d-4b81-9116-0bf02ffe67e8"},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SystemAuditPoliciesLogonLogoff","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b3802d79-dd88-4bce-b81d-780218e48280"},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SystemAuditPoliciesObjectAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60aeaf73-a074-417a-905f-7ce9df0ff77b"},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SystemAuditPoliciesPolicyChange","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd4680ed-0559-4a6a-ad10-081d14cbb484"},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SystemAuditPoliciesPrivilegeUse","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f4e96d1-e4f3-4dbb-b767-33ca4df8df7c"},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SystemAuditPoliciesSystem","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7066131b-61a6-4917-a7e4-72e8983f0aa6"},{"policyDefinitionReferenceId":"Audit_AzureBaseline_UserRightsAssignment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c961dac9-5916-42e8-8fb1-703148323994"},{"policyDefinitionReferenceId":"Audit_AzureBaseline_WindowsComponents","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9178b430-2295-406e-bb28-f6a7a2a2f897"},{"policyDefinitionReferenceId":"Audit_AzureBaseline_WindowsFirewallProperties","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8bbd627e-4d25-4906-9a6e-3789780af3ec"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/d618d658-b2d0-410e-9e2e-bfbfd04d09fa","type":"Microsoft.Authorization/policySetDefinitions","name":"d618d658-b2d0-410e-9e2e-bfbfd04d09fa"},{"properties":{"displayName":"Audit
+ Windows VMs that have the specified applications installed","policyType":"BuiltIn","description":"This
+ initiative deploys the policy requirements and audits Windows virtual machines
+ that have the specified applications installed. For more information on Guest
+ Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"parameters":{"ApplicationName":{"type":"String","metadata":{"displayName":"Application
+ names (supports wildcards)","description":"A semicolon-separated list of the
+ names of the applications that should not be installed. e.g. ''Microsoft SQL
+ Server 2014 (64-bit); Microsoft Visual Studio Code'' or ''Microsoft SQL Server
+ 2014*'' (to match any application starting with ''Microsoft SQL Server 2014'')"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_NotInstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2","parameters":{"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}}},{"policyDefinitionReferenceId":"Audit_NotInstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/d7fff7ea-9d47-4952-b854-b7da261e48f2","type":"Microsoft.Authorization/policySetDefinitions","name":"d7fff7ea-9d47-4952-b854-b7da261e48f2"},{"properties":{"displayName":"[Preview]:
+ Audit FedRAMP Moderate controls and deploy specific VM Extensions to support
+ audit requirements","policyType":"BuiltIn","description":"This initiative
+ includes audit and VM Extension deployment policies that address a subset
+ of FedRAMP M controls. Additional policies will be added in upcoming releases.
+ For more information, please visit https://aka.ms/fedrampm-blueprint.","metadata":{"category":"Regulatory
+ Compliance"},"parameters":{"logAnalyticsWorkspaceId":{"type":"String","metadata":{"displayName":"Log
+ Analytics Workspace Id that VMs should be configured for","description":"This
+ is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured
+ for."}},"listOfResourceTypes":{"type":"Array","metadata":{"displayName":"List
+ of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"membersToExclude":{"type":"String","metadata":{"displayName":"Members
+ to exclude","description":"A semicolon-separated list of members that should
+ be excluded in the Administrators local group. Ex: Administrator; myUser1;
+ myUser2"}},"membersToInclude":{"type":"String","metadata":{"displayName":"Members
+ to include","description":"A semicolon-separated list of members that should
+ be included in the Administrators local group. Ex: Administrator; myUser1;
+ myUser2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"MfaShouldBeEnabledOnAccountsWithOwnerPermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"MFAShouldBeEnabledOnAccountsWithReadPermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"MfaShouldBeEnabledAccountsWithWritePermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"SystemUpdatesOnVirtualMachineScaleSetsShouldBeInstalled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{}},{"policyDefinitionReferenceId":"CorsShouldNotAllowEveryResourceToAccessYourWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{}},{"policyDefinitionReferenceId":"DeprecatedAccountsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"DeprecatedAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithReadPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithWritePermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"FunctionAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"WebApplicationShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"ApiAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVmssVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"AMaximumOf3OwnersShouldBeDesignatedForYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"ThereShouldBeMoreThanOneOwnerAssignedToYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"DDoSProtectionStandardShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatAllowReUseOfThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"PreviewShowAuditResultsFromWindowsVMsThatDoNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6","parameters":{}},{"policyDefinitionReferenceId":"EndpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditLinuxVMsThatHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditWindowsVMsThatAllowReUseOfThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployPrerequisitesToAuditWindowsVMsThatDoNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","parameters":{}},{"policyDefinitionReferenceId":"NetworkSecurityGroupRulesForInternetFacingVirtualMachinesShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"MonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"SystemUpdatesShouldBeInstalledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"AdaptiveApplicationControlsShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"JustInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesOnYourSqlDatabasesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"DiskEncryptionShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesShouldBeRemediatedByAVulnerabilityAssessmentSolution","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes'')]"}}},{"policyDefinitionReferenceId":"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AnAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AdvancedDataSecurityShouldBeEnabledOnYourManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"AuditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"AdvancedDataSecurityShouldBeEnabledOnYourSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de","parameters":{}},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a","parameters":{}},{"policyDefinitionReferenceId":"AuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{}},{"policyDefinitionReferenceId":"TransparentDataEncryptionOnSqlDatabasesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"ServiceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"DeployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","parameters":{"membersToExclude":{"value":"[parameters(''membersToExclude'')]"}}},{"policyDefinitionReferenceId":"DeployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","parameters":{"membersToInclude":{"value":"[parameters(''membersToInclude'')]"}}},{"policyDefinitionReferenceId":"DeployRequirementsToAuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{}},{"policyDefinitionReferenceId":"TheNsGsRulesForWebApplicationsOnIaaSShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceId'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/e95f5a9f-57ad-4d03-bb0b-b1d16db93693","type":"Microsoft.Authorization/policySetDefinitions","name":"e95f5a9f-57ad-4d03-bb0b-b1d16db93693"},{"properties":{"displayName":"Audit
+ Windows VMs that do not have the specified Windows PowerShell execution policy","policyType":"BuiltIn","description":"This
+ initiative deploys the policy requirements and audits Windows virtual machines
+ where Windows PowerShell is not configured to use the specified PowerShell
+ execution policy. For more information on Guest Configuration policies, please
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"parameters":{"ExecutionPolicy":{"type":"String","metadata":{"displayName":"PowerShell
+ Execution Policy","description":"The expected PowerShell execution policy."},"allowedValues":["AllSigned","Bypass","Default","RemoteSigned","Restricted","Undefined","Unrestricted"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_WindowsPowerShellExecutionPolicy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e0efc13a-122a-47c5-b817-2ccfe5d12615","parameters":{"ExecutionPolicy":{"value":"[parameters(''ExecutionPolicy'')]"}}},{"policyDefinitionReferenceId":"Audit_WindowsPowerShellExecutionPolicy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8036bd0-c10b-4931-86bb-94a878add855"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/f000289c-47af-4043-87da-91ba9e1a2720","type":"Microsoft.Authorization/policySetDefinitions","name":"f000289c-47af-4043-87da-91ba9e1a2720"},{"properties":{"displayName":"Audit
+ Linux VMs that have the specified applications installed","policyType":"BuiltIn","description":"This
+ initiative deploys the policy requirements and audits Linux virtual machines
+ that have the specified applications installed. For more information on Guest
+ Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"parameters":{"ApplicationName":{"type":"String","metadata":{"displayName":"Application
+ names","description":"A semicolon-separated list of the names of the applications
+ that should not be installed. e.g. ''python; powershell''"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_NotInstalledApplicationLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0","parameters":{"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}}},{"policyDefinitionReferenceId":"Audit_NotInstalledApplicationLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/f48bcc78-5400-4fb0-b913-5140a2e5fa20","type":"Microsoft.Authorization/policySetDefinitions","name":"f48bcc78-5400-4fb0-b913-5140a2e5fa20"},{"properties":{"displayName":"Test
+ Modify initiative","policyType":"Custom","metadata":{"createdBy":"0dc80135-ae53-4da3-8695-220a2d93aad8","createdOn":"2019-08-29T00:36:36.3227701Z","updatedBy":"0dc80135-ae53-4da3-8695-220a2d93aad8","updatedOn":"2019-08-29T00:44:27.7479878Z"},"parameters":{},"policyDefinitions":[{"policyDefinitionReferenceId":"8044870099827093134","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","parameters":{}},{"policyDefinitionReferenceId":"2352795843478363616","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/robgaTestModify","parameters":{}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/55afae72-7df0-417b-9eb7-f756576c854a","type":"Microsoft.Authorization/policySetDefinitions","name":"55afae72-7df0-417b-9eb7-f756576c854a"},{"properties":{"displayName":"test_policysetuepmyg","policyType":"Custom","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T23:32:42.4267049Z","updatedBy":null,"updatedOn":null},"policyDefinitions":[{"policyDefinitionReferenceId":"1","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy7rimd7fmj","parameters":{"allowedLocations":{"value":["eastus"]}},"groupNames":["group1","group2"]},{"policyDefinitionReferenceId":"2","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy7rimd7fmj","parameters":{"allowedLocations":{"value":["eastus"]}},"groupNames":["group1"]}],"policyDefinitionGroups":[{"name":"group1","displayName":"Cost
+ Savings"},{"name":"group2","displayName":"Organizational"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset3jchrd","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset3jchrd"},{"properties":{"displayName":"test_policysetlsj2ud","policyType":"Custom","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T23:31:38.9535237Z","updatedBy":null,"updatedOn":null},"policyDefinitions":[{"policyDefinitionReferenceId":"1","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyjokfikrdz","parameters":{"allowedLocations":{"value":["eastus"]}},"groupNames":["group1","group2"]},{"policyDefinitionReferenceId":"2","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyjokfikrdz","parameters":{"allowedLocations":{"value":["eastus"]}},"groupNames":["group1"]}],"policyDefinitionGroups":[{"name":"group1","displayName":"Cost
+ Savings"},{"name":"group2","displayName":"Organizational"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policysetebwv2g","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policysetebwv2g"},{"properties":{"displayName":"test_policysetdh2uwn","policyType":"Custom","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T23:42:15.7239255Z","updatedBy":null,"updatedOn":null},"policyDefinitions":[{"policyDefinitionReferenceId":"1","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policypatfxx3pj","parameters":{"allowedLocations":{"value":["eastus"]}},"groupNames":["group1","group2"]},{"policyDefinitionReferenceId":"2","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policypatfxx3pj","parameters":{"allowedLocations":{"value":["eastus"]}},"groupNames":["group1"]}],"policyDefinitionGroups":[{"name":"group1","displayName":"Cost
+ Savings"},{"name":"group2","displayName":"Organizational"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policysetf65lk3","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policysetf65lk3"},{"properties":{"displayName":"test_policysetmnrkgg","policyType":"Custom","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T23:19:30.8917085Z","updatedBy":null,"updatedOn":null},"policyDefinitions":[{"policyDefinitionReferenceId":"1","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policysdov2udt3","parameters":{"allowedLocations":{"value":["eastus"]}},"groupNames":["group1","group2"]},{"policyDefinitionReferenceId":"2","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policysdov2udt3","parameters":{"allowedLocations":{"value":["eastus"]}},"groupNames":["group1"]}],"policyDefinitionGroups":[{"name":"group1","displayName":"Cost
+ Savings"},{"name":"group2","displayName":"Organizational"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policysetjmlaev","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policysetjmlaev"},{"properties":{"displayName":"test_policyset4zburu","policyType":"Custom","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T23:26:01.9876716Z","updatedBy":null,"updatedOn":null},"policyDefinitions":[{"policyDefinitionReferenceId":"1","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy47rspm7hp","parameters":{"allowedLocations":{"value":["eastus"]}},"groupNames":["group1","group2"]},{"policyDefinitionReferenceId":"2","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy47rspm7hp","parameters":{"allowedLocations":{"value":["eastus"]}},"groupNames":["group1"]}],"policyDefinitionGroups":[{"name":"group1","displayName":"Cost
+ Savings"},{"name":"group2","displayName":"Organizational"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policysetnhnkrw","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policysetnhnkrw"},{"properties":{"displayName":"test_policysetagnesy","policyType":"Custom","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T23:43:36.3306361Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T23:43:37.7016967Z"},"policyDefinitions":[{"policyDefinitionReferenceId":"1","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policygpylwrwp5","parameters":{"allowedLocations":{"value":["eastus"]}},"groupNames":["group1","group2"]},{"policyDefinitionReferenceId":"2","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policygpylwrwp5","parameters":{"allowedLocations":{"value":["eastus"]}},"groupNames":["group1"]}],"policyDefinitionGroups":[{"name":"group1","displayName":"Updated
+ display name"},{"name":"group2","displayName":"Organizational"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policysetnqjj5n","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policysetnqjj5n"},{"properties":{"displayName":"test_policysetj4tsbo","policyType":"Custom","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T23:45:25.134793Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T23:45:26.926077Z"},"policyDefinitions":[{"policyDefinitionReferenceId":"1","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyxv7afgzeg","parameters":{"allowedLocations":{"value":["eastus"]}},"groupNames":["group1","group2"]},{"policyDefinitionReferenceId":"2","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyxv7afgzeg","parameters":{"allowedLocations":{"value":["eastus"]}},"groupNames":["group1"]}],"policyDefinitionGroups":[{"name":"group1","displayName":"Updated
+ display name"},{"name":"group2","displayName":"Organizational"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policysettdfnvq","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policysettdfnvq"},{"properties":{"displayName":"test_policyset4xc3n5","policyType":"Custom","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T23:44:54.171666Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T23:44:55.6483401Z"},"policyDefinitions":[{"policyDefinitionReferenceId":"1","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policymsn7m4arn","parameters":{"allowedLocations":{"value":["eastus"]}},"groupNames":["group1","group2"]},{"policyDefinitionReferenceId":"2","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policymsn7m4arn","parameters":{"allowedLocations":{"value":["eastus"]}},"groupNames":["group1"]}],"policyDefinitionGroups":[{"name":"group1","displayName":"Updated
+ display name"},{"name":"group2","displayName":"Organizational"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policysetthsize","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policysetthsize"},{"properties":{"displayName":"test_policysetd6tome","policyType":"Custom","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T23:46:09.3034966Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T23:46:10.8618629Z"},"policyDefinitions":[{"policyDefinitionReferenceId":"1","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyc2zy35xy6","parameters":{"allowedLocations":{"value":["eastus"]}},"groupNames":["group1","group2"]},{"policyDefinitionReferenceId":"2","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyc2zy35xy6","parameters":{"allowedLocations":{"value":["eastus"]}},"groupNames":["group1"]}],"policyDefinitionGroups":[{"name":"group1","displayName":"Updated
+ display name"},{"name":"group2","displayName":"Organizational"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policysetwdmua4","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policysetwdmua4"},{"properties":{"displayName":"test_policysetk7pkce","policyType":"Custom","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T23:10:43.6932587Z","updatedBy":null,"updatedOn":null},"policyDefinitions":[{"policyDefinitionReferenceId":"1","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policysv65gfxjh","parameters":{"allowedLocations":{"value":["eastus"]}},"groupNames":["group1","group2"]},{"policyDefinitionReferenceId":"2","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policysv65gfxjh","parameters":{"allowedLocations":{"value":["eastus"]}},"groupNames":["group1"]}],"policyDefinitionGroups":[{"name":"group1","displayName":"Cost
+ Savings"},{"name":"group2","displayName":"Organizational"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policysetxi3o4a","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policysetxi3o4a"}]}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '657275'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 23:47:27 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition delete
+ Connection:
+ - keep-alive
+ Content-Length:
+ - '0'
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: DELETE
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"test_policy000003","policyType":"Custom","mode":"Indexed","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T23:47:11.7027808Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ locations","description":"The list of locations that can be specified when
+ deploying resources"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '763'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 23:47:28 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ x-ms-ratelimit-remaining-subscription-deletes:
+ - '14999'
+ status:
+ code: 200
+ message: OK
+version: 1
diff --git a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policyset_management_group.yaml b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policyset_management_group.yaml
index 1e37564e23d..04cf0a19d7b 100644
--- a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policyset_management_group.yaml
+++ b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policyset_management_group.yaml
@@ -15,8 +15,8 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: POST
@@ -32,7 +32,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:14:42 GMT
+ - Fri, 06 Dec 2019 22:27:22 GMT
expires:
- '-1'
pragma:
@@ -64,8 +64,8 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
@@ -81,7 +81,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:14:52 GMT
+ - Fri, 06 Dec 2019 22:27:32 GMT
expires:
- '-1'
pragma:
@@ -116,8 +116,8 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
@@ -133,7 +133,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:14:55 GMT
+ - Fri, 06 Dec 2019 22:27:34 GMT
expires:
- '-1'
location:
@@ -141,21 +141,15 @@ interactions:
pragma:
- no-cache
request-id:
- - 8eca73df-6574-4566-98f8-f5e4f4ef4581
- server:
- - Microsoft-IIS/10.0
+ - bcb4813e-8d2a-493b-a208-eb5d07592420
strict-transport-security:
- max-age=31536000; includeSubDomains
- x-aspnet-version:
- - 4.0.30319
x-ba-restapi:
- - 1.0.3.1532
+ - 1.0.3.1543
x-content-type-options:
- nosniff
x-ms-ratelimit-remaining-tenant-writes:
- '1199'
- x-powered-by:
- - ASP.NET
status:
code: 202
message: Accepted
@@ -173,66 +167,13 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.0.77
method: GET
uri: https://management.azure.com/providers/Microsoft.Management/operationResults/create/managementGroups/cli-test-mgmt-group000002?api-version=2018-03-01-preview
response:
body:
- string: '{"id":"/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002","type":"/providers/Microsoft.Management/managementGroups","name":"cli-test-mgmt-group000002","status":"Running"}'
- headers:
- cache-control:
- - no-cache
- content-length:
- - '205'
- content-type:
- - application/json; charset=utf-8
- date:
- - Mon, 21 Oct 2019 05:15:06 GMT
- expires:
- - '-1'
- location:
- - https://management.azure.com/providers/Microsoft.Management/operationResults/create/managementGroups/cli-test-mgmt-group000002?api-version=2018-03-01-preview
- pragma:
- - no-cache
- request-id:
- - c60c5905-bb0f-46be-ba83-cdbd98f1ff46
- server:
- - Microsoft-IIS/10.0
- strict-transport-security:
- - max-age=31536000; includeSubDomains
- x-aspnet-version:
- - 4.0.30319
- x-ba-restapi:
- - 1.0.3.1532
- x-content-type-options:
- - nosniff
- x-powered-by:
- - ASP.NET
- status:
- code: 202
- message: Accepted
-- request:
- body: null
- headers:
- Accept:
- - application/json
- Accept-Encoding:
- - gzip, deflate
- CommandName:
- - account management-group create
- Connection:
- - keep-alive
- ParameterSetName:
- - -n
- User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.0.75
- method: GET
- uri: https://management.azure.com/providers/Microsoft.Management/operationResults/create/managementGroups/cli-test-mgmt-group000002?api-version=2018-03-01-preview
- response:
- body:
- string: '{"id":"/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002","type":"/providers/Microsoft.Management/managementGroups","name":"cli-test-mgmt-group000002","status":"Succeeded","properties":{"tenantId":"54826b22-38d6-4fb2-bad9-b7b93a3e9c5a","displayName":"cli-test-mgmt-group000002","details":{"version":1,"updatedTime":"2019-10-21T05:15:03.4252299Z","updatedBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","parent":{"id":"/providers/Microsoft.Management/managementGroups/54826b22-38d6-4fb2-bad9-b7b93a3e9c5a","name":"54826b22-38d6-4fb2-bad9-b7b93a3e9c5a","displayName":"54826b22-38d6-4fb2-bad9-b7b93a3e9c5a"}}}}'
+ string: '{"id":"/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002","type":"/providers/Microsoft.Management/managementGroups","name":"cli-test-mgmt-group000002","status":"Succeeded","properties":{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","displayName":"cli-test-mgmt-group000002","details":{"version":1,"updatedTime":"2019-12-06T22:27:38.8018169Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","parent":{"id":"/providers/Microsoft.Management/managementGroups/72f988bf-86f1-41af-91ab-2d7cd011db47","name":"72f988bf-86f1-41af-91ab-2d7cd011db47","displayName":"72f988bf-86f1-41af-91ab-2d7cd011db47"}}}}'
headers:
cache-control:
- no-cache
@@ -241,29 +182,23 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:15:18 GMT
+ - Fri, 06 Dec 2019 22:27:46 GMT
expires:
- '-1'
pragma:
- no-cache
request-id:
- - bea8cea3-377e-436b-bab4-3d3dd2ebf913
- server:
- - Microsoft-IIS/10.0
+ - 6cbd2adc-681c-4d79-8893-11bebee6ea27
strict-transport-security:
- max-age=31536000; includeSubDomains
transfer-encoding:
- chunked
vary:
- Accept-Encoding,Accept-Encoding
- x-aspnet-version:
- - 4.0.30319
x-ba-restapi:
- - 1.0.3.1532
+ - 1.0.3.1543
x-content-type-options:
- nosniff
- x-powered-by:
- - ASP.NET
status:
code: 200
message: OK
@@ -271,8 +206,8 @@ interactions:
body: '{"properties": {"displayName": "test_policy000004", "description": "desc_for_test_policy_123",
"policyRule": {"if": {"not": {"field": "location", "in": "[parameters(''allowedLocations'')]"}},
"then": {"effect": "deny"}}, "parameters": {"allowedLocations": {"type": "array",
- "metadata": {"description": "The list of locations that can be specified when
- deploying resources", "strongType": "location", "displayName": "Allowed locations"}}}}}'
+ "metadata": {"displayName": "Allowed locations", "description": "The list of
+ locations that can be specified when deploying resources"}}}}}'
headers:
Accept:
- application/json
@@ -283,32 +218,32 @@ interactions:
Connection:
- keep-alive
Content-Length:
- - '440'
+ - '414'
Content-Type:
- application/json; charset=utf-8
ParameterSetName:
- -n --rules --params --display-name --description --management-group
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
- uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policy000004","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"createdBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","createdOn":"2019-10-21T05:16:20.1980098Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000003"}'
+ string: '{"properties":{"displayName":"test_policy000004","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T22:28:49.9073121Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ locations","description":"The list of locations that can be specified when
+ deploying resources"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000003"}'
headers:
cache-control:
- no-cache
content-length:
- - '856'
+ - '832'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:16:19 GMT
+ - Fri, 06 Dec 2019 22:28:50 GMT
expires:
- '-1'
pragma:
@@ -318,15 +253,16 @@ interactions:
x-content-type-options:
- nosniff
x-ms-ratelimit-remaining-tenant-writes:
- - '1199'
+ - '1198'
status:
code: 201
message: Created
- request:
- body: '{"properties": {"mode": "Microsoft.KeyVault.Data", "displayName": "test_data_policy000006",
+ body: '{"properties": {"mode": "Microsoft.DataCatalog.Data", "displayName": "test_data_policy000006",
"description": "desc_for_test_data_policy_123", "policyRule": {"if": {"field":
- "Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType", "equals":
- "RSA"}, "then": {"effect": "audit"}}}}'
+ "Microsoft.DataCatalog.Data/catalog/entity/type", "equals": "SomeEntityType"},
+ "then": {"effect": "ModifyClassifications", "details": {"classificationsToAdd":
+ ["foo"], "classificationsToRemove": ["bar"]}}}}}'
headers:
Accept:
- application/json
@@ -337,30 +273,30 @@ interactions:
Connection:
- keep-alive
Content-Length:
- - '286'
+ - '379'
Content-Type:
- application/json; charset=utf-8
ParameterSetName:
- -n --rules --mode --display-name --description --management-group
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
- uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_data_policy000006","policyType":"Custom","mode":"Microsoft.KeyVault.Data","description":"desc_for_test_data_policy_123","metadata":{"createdBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","createdOn":"2019-10-21T05:16:21.2314523Z","updatedBy":null,"updatedOn":null},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType","equals":"RSA"},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-data-policy000005"}'
+ string: '{"properties":{"displayName":"test_data_policy000006","policyType":"Custom","mode":"Microsoft.DataCatalog.Data","description":"desc_for_test_data_policy_123","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T22:28:53.5093005Z","updatedBy":null,"updatedOn":null},"policyRule":{"if":{"field":"Microsoft.DataCatalog.Data/catalog/entity/type","equals":"SomeEntityType"},"then":{"effect":"ModifyClassifications","details":{"classificationsToAdd":["foo"],"classificationsToRemove":["bar"]}}}},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-data-policy000005"}'
headers:
cache-control:
- no-cache
content-length:
- - '695'
+ - '783'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:16:21 GMT
+ - Fri, 06 Dec 2019 22:28:53 GMT
expires:
- '-1'
pragma:
@@ -395,15 +331,15 @@ interactions:
ParameterSetName:
- -n --definitions --display-name --description --management-group
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
- uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policyset000008","policyType":"Custom","description":"desc_for_test_policyset_123","metadata":{"createdBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","createdOn":"2019-10-21T05:16:22.9815505Z","updatedBy":null,"updatedOn":null},"policyDefinitions":[{"policyDefinitionReferenceId":"3666295227229577423","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"15249318553143829863","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005"}]},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000007"}'
+ string: '{"properties":{"displayName":"test_policyset000008","policyType":"Custom","description":"desc_for_test_policyset_123","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T22:28:57.5457822Z","updatedBy":null,"updatedOn":null},"policyDefinitions":[{"policyDefinitionReferenceId":"14738038015203011213","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"8821142183218087599","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005"}]},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000007"}'
headers:
cache-control:
- no-cache
@@ -412,7 +348,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:16:22 GMT
+ - Fri, 06 Dec 2019 22:28:57 GMT
expires:
- '-1'
pragma:
@@ -422,7 +358,7 @@ interactions:
x-content-type-options:
- nosniff
x-ms-ratelimit-remaining-tenant-writes:
- - '1197'
+ - '1199'
status:
code: 201
message: Created
@@ -440,15 +376,15 @@ interactions:
ParameterSetName:
- -n --display-name --description --management-group
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policyset000008","policyType":"Custom","description":"desc_for_test_policyset_123","metadata":{"createdBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","createdOn":"2019-10-21T05:16:22.9815505Z","updatedBy":null,"updatedOn":null},"policyDefinitions":[{"policyDefinitionReferenceId":"3666295227229577423","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"15249318553143829863","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005"}]},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000007"}'
+ string: '{"properties":{"displayName":"test_policyset000008","policyType":"Custom","description":"desc_for_test_policyset_123","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T22:28:57.5457822Z","updatedBy":null,"updatedOn":null},"policyDefinitions":[{"policyDefinitionReferenceId":"14738038015203011213","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"8821142183218087599","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005"}]},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000007"}'
headers:
cache-control:
- no-cache
@@ -457,7 +393,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:16:23 GMT
+ - Fri, 06 Dec 2019 22:28:58 GMT
expires:
- '-1'
pragma:
@@ -478,7 +414,9 @@ interactions:
"desc_for_test_policyset_123_new", "policyDefinitions": [{"policyDefinitionId":
"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003",
"parameters": {"allowedLocations": {"value": ["australiaeast", "eastus", "japaneast",
- "westus"]}}}, {"policyDefinitionId": "/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005"}]}}'
+ "westus"]}}, "policyDefinitionReferenceId": "14738038015203011213"}, {"policyDefinitionId":
+ "/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005",
+ "policyDefinitionReferenceId": "8821142183218087599"}]}}'
headers:
Accept:
- application/json
@@ -489,21 +427,21 @@ interactions:
Connection:
- keep-alive
Content-Length:
- - '611'
+ - '720'
Content-Type:
- application/json; charset=utf-8
ParameterSetName:
- -n --display-name --description --management-group
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
- uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policyset000008_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","createdOn":"2019-10-21T05:16:22.9815505Z","updatedBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","updatedOn":"2019-10-21T05:16:24.6193468Z"},"policyDefinitions":[{"policyDefinitionReferenceId":"3666295227229577423","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"15249318553143829863","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005"}]},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000007"}'
+ string: '{"properties":{"displayName":"test_policyset000008_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T22:28:57.5457822Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T22:29:01.3097162Z"},"policyDefinitions":[{"policyDefinitionReferenceId":"14738038015203011213","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"8821142183218087599","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005"}]},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000007"}'
headers:
cache-control:
- no-cache
@@ -512,7 +450,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:16:24 GMT
+ - Fri, 06 Dec 2019 22:29:00 GMT
expires:
- '-1'
pragma:
@@ -526,7 +464,7 @@ interactions:
x-content-type-options:
- nosniff
x-ms-ratelimit-remaining-tenant-writes:
- - '1199'
+ - '1198'
status:
code: 200
message: OK
@@ -544,12 +482,12 @@ interactions:
ParameterSetName:
- --management-group
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions?api-version=2019-09-01
response:
body:
string: '{"value":[{"properties":{"displayName":"Audit Windows VMs in which
@@ -596,7 +534,7 @@ interactions:
of regions where Network Watcher should be enabled","description":"To see
a complete list of regions use Get-AzLocation","strongType":"location"},"defaultValue":["eastus"]},"listOfApprovedVMExtensions":{"type":"Array","metadata":{"displayName":"List
of virtual machine extensions that are approved for use","description":"To
- see a complete list of virtual machine extensions, use Get-AzVMExtensionImage"},"defaultValue":["AzureDiskEncryption","AzureDiskEncryptionForLinux","DependencyAgentWindows","DependencyAgentLinux","IaaSAntimalware","IaaSDiagnostics","LinuxDiagnostic","MicrosoftMonitoringAgent","NetworkWatcherAgentLinux","NetworkWatcherAgentWindows","OmsAgentForLinux","VMSnapshot","VMSnapshotLinux"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"CISv110x1x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x1m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1181c5f-672a-477a-979a-7d58aa086233","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x3CISv110x7x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x5CISv110x7x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x6CISv110x7x1CISv110x7x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x9m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x13","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x14CISv110x4x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x15CISv110x4x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x16","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x17","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x18","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x19","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x4m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x5m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x6m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x7m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x10m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x11","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x13","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x17","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{}},{"policyDefinitionReferenceId":"CISv110x6x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfRegionsWhereNetworkWatcherShouldBeEnabled'')]"}}},{"policyDefinitionReferenceId":"CISv110x7x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","parameters":{}},{"policyDefinitionReferenceId":"CISv110x7x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432","parameters":{"approvedExtensions":{"value":"[parameters(''listOfApprovedVMExtensions'')]"}}},{"policyDefinitionReferenceId":"CISv110x8x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","parameters":{}},{"policyDefinitionReferenceId":"CISv110x8x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1a5bb27d-173f-493e-9568-eb56638dde4d","type":"Microsoft.Authorization/policySetDefinitions","name":"1a5bb27d-173f-493e-9568-eb56638dde4d"},{"properties":{"displayName":"[Preview]:
+ see a complete list of virtual machine extensions, use Get-AzVMExtensionImage"},"defaultValue":["AzureDiskEncryption","AzureDiskEncryptionForLinux","DependencyAgentWindows","DependencyAgentLinux","IaaSAntimalware","IaaSDiagnostics","LinuxDiagnostic","MicrosoftMonitoringAgent","NetworkWatcherAgentLinux","NetworkWatcherAgentWindows","OmsAgentForLinux","VMSnapshot","VMSnapshotLinux"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"CISv110x1x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x1m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x23","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1181c5f-672a-477a-979a-7d58aa086233","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x3CISv110x7x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x5CISv110x7x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x6CISv110x7x1CISv110x7x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x9m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x13","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x14CISv110x4x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x15CISv110x4x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x16","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x17","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x18","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x19","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x4m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x5m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x6m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x7m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x10m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x11","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x13","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x14","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e442","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x15","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e446","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x16","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e8f3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x17","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{}},{"policyDefinitionReferenceId":"CISv110x6x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfRegionsWhereNetworkWatcherShouldBeEnabled'')]"}}},{"policyDefinitionReferenceId":"CISv110x7x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","parameters":{}},{"policyDefinitionReferenceId":"CISv110x7x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432","parameters":{"approvedExtensions":{"value":"[parameters(''listOfApprovedVMExtensions'')]"}}},{"policyDefinitionReferenceId":"CISv110x8x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","parameters":{}},{"policyDefinitionReferenceId":"CISv110x8x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x3m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x3mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x4m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x4mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86d97760-d216-4d81-a3ad-163087b2b6c3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x5m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0473e7a-a1ba-4e86-afb2-e829e11b01d8","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x5mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa81768c-cb87-4ce2-bfaa-00baa10d760c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c2e7ca55-f62c-49b2-89a4-d41eb661d2f0","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x6m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10c1859c-e1a7-4df3-ab97-a487fa8059f6","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x6mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/843664e0-7563-41ee-a9cb-7522c382d2c4","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x7m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ab965db2-d2bf-4b64-8b39-c38ec8179461","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x7mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x8m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x8mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x9m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x9mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x10m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x10mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1a5bb27d-173f-493e-9568-eb56638dde4d","type":"Microsoft.Authorization/policySetDefinitions","name":"1a5bb27d-173f-493e-9568-eb56638dde4d"},{"properties":{"displayName":"[Preview]:
Enable Monitoring in Azure Security Center","policyType":"BuiltIn","description":"Monitor
all the available security recommendations in Azure Security Center. This
is the default policy for Azure Security Center.","metadata":{"category":"Security
@@ -662,7 +600,7 @@ interactions:
retention (in days) for logs in Batch accounts","description":"The required
diagnostic logs retention period in days"},"defaultValue":"365"},"metricAlertsInBatchAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Metric
alert rules should be configured on Batch accounts","description":"Enable
- or disable the monitoring of metric alerts in Batch accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"classicComputeVMsMonitoringEffect":{"type":"String","metadata":{"displayName":"Virtual
+ or disable the monitoring of metric alerts in Batch accounts","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"classicComputeVMsMonitoringEffect":{"type":"String","metadata":{"displayName":"Virtual
machines should be migrated to new Azure Resource Manager resources","description":"Enable
or disable the monitoring of classic compute VMs"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"classicStorageAccountsMonitoringEffect":{"type":"String","metadata":{"displayName":"Storage
accounts should be migrated to new Azure Resource Manager resources","description":"Enable
@@ -761,7 +699,25 @@ interactions:
debugging should be turned off for Function App","description":"Enable or
disable the monitoring of remote debugging for Function App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppDisableRemoteDebuggingMonitoringEffect":{"type":"String","metadata":{"displayName":"Remote
debugging should be turned off for Web Application","description":"Enable
- or disable the monitoring of remote debugging for Web App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppDisableWebSocketsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
+ or disable the monitoring of remote debugging for Web App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppAuditFtpsMonitoringEffect":{"type":"String","metadata":{"displayName":"FTPS
+ should be required in your API App","description":"Enable FTPS enforcement
+ for enhanced security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"functionAppAuditFtpsMonitoringEffect":{"type":"String","metadata":{"displayName":"FTPS
+ should be required in your Function App","description":"Enable FTPS enforcement
+ for enhanced security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppAuditFtpsMonitoringEffect":{"type":"String","metadata":{"displayName":"FTPS
+ should be required in your Web App","description":"Enable FTPS enforcement
+ for enhanced security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppUseManagedIdentityMonitoringEffect":{"type":"String","metadata":{"displayName":"A
+ managed identity should be used in your API App","description":"Use a managed
+ identity for enhanced authentication security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"functionAppUseManagedIdentityMonitoringEffect":{"type":"String","metadata":{"displayName":"A
+ managed identity should be used in your Function App","description":"Use a
+ managed identity for enhanced authentication security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppUseManagedIdentityMonitoringEffect":{"type":"String","metadata":{"displayName":"A
+ managed identity should be used in your Web App","description":"Use a managed
+ identity for enhanced authentication security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppRequireLatestTlsMonitoringEffect":{"type":"String","metadata":{"displayName":"Latest
+ TLS version should be used in your API App","description":"Upgrade to the
+ latest TLS version"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"functionAppRequireLatestTlsMonitoringEffect":{"type":"String","metadata":{"displayName":"Latest
+ TLS version should be used in your Function App","description":"Upgrade to
+ the latest TLS version"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppRequireLatestTlsMonitoringEffect":{"type":"String","metadata":{"displayName":"Latest
+ TLS version should be used in your Web App","description":"Upgrade to the
+ latest TLS version"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppDisableWebSocketsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
disable web sockets for API App","description":"[Deprecated] Enable or disable
the monitoring of web sockets for API App","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"functionAppDisableWebSocketsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
disable web sockets for Function App","description":"[Deprecated] Enable or
@@ -887,7 +843,11 @@ interactions:
and control over the TDE Protector, increased security with an HSM-backed
external service, and promotion of separation of duties."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"containerBenchmarkMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities
in container security configurations should be remediated","description":"Enable
- or disable container benchmark monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssEndpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{"effect":{"value":"[parameters(''vmssEndpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInIoTHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInIoTHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInIoTHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceFabricMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"accessRulesInEventHubNamespaceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","parameters":{"effect":{"value":"[parameters(''accessRulesInEventHubNamespaceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"accessRulesInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d","parameters":{"effect":{"value":"[parameters(''accessRulesInEventHubMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"useRbacRulesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{"effect":{"value":"[parameters(''useRbacRulesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInStreamAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"secureTransferToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''secureTransferToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInSqlServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInSqlServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"namespaceAuthorizationRulesInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","parameters":{"effect":{"value":"[parameters(''namespaceAuthorizationRulesInServiceBusMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceBusMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInServiceBusRetentionDays'')]"}}},{"policyDefinitionReferenceId":"clusterProtectionLevelInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{"effect":{"value":"[parameters(''clusterProtectionLevelInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInSearchServiceRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInRedisCacheMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInRedisCacheMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInLogicAppsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInLogicAppsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInLogicAppsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInKeyVaultMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInKeyVaultMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInKeyVaultRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInEventHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInEventHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeStoreMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"classicStorageAccountsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{"effect":{"value":"[parameters(''classicStorageAccountsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"classicComputeVMsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''classicComputeVMsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"metricAlertsInBatchAccountPoolDeleteStart","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","parameters":{"effect":{"value":"[parameters(''metricAlertsInBatchAccountMonitoringEffect'')]"},"metricName":{"value":"PoolDeleteStartEvent"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInBatchAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInBatchAccountMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInBatchAccountRetentionDays'')]"}}},{"policyDefinitionReferenceId":"encryptionOfAutomationAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{"effect":{"value":"[parameters(''encryptionOfAutomationAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSelectiveAppServicesMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSelectiveAppServicesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''sqlDbEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAuditingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAuditingActionsAndGroupsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingActionsAndGroupsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"SqlServerAuditingRetentionDaysMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{"effect":{"value":"[parameters(''SqlServerAuditingRetentionDaysMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnSubnetsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnSubnetsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnVirtualMachinesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemConfigurationsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{"effect":{"value":"[parameters(''systemConfigurationsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"endpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{"effect":{"value":"[parameters(''endpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"serverVulnerabilityAssessment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''serverVulnerabilityAssessmentEffect'')]"}}},{"policyDefinitionReferenceId":"webApplicationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{"effect":{"value":"[parameters(''webApplicationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''nextGenerationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''sqlDbVulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbDataClassificationMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349","parameters":{"effect":{"value":"[parameters(''sqlDbDataClassificationMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateLessThanOwnersMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{"effect":{"value":"[parameters(''identityDesignateLessThanOwnersMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateMoreThanOneOwnerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{"effect":{"value":"[parameters(''identityDesignateMoreThanOneOwnerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''apiAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{"effect":{"value":"[parameters(''functionAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''webAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''apiAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"apiAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","parameters":{"effect":{"value":"[parameters(''apiAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5","parameters":{"effect":{"value":"[parameters(''functionAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vnetEnableDDoSProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{"effect":{"value":"[parameters(''vnetEnableDDoSProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityEmailsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityEmailsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityEmailsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityEmailsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityEmailAdminsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityEmailAdminsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceRbacEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''kubernetesServiceRbacEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServicePspEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94","parameters":{"effect":{"value":"[parameters(''kubernetesServicePspEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceVersionUpToDateMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{"effect":{"value":"[parameters(''kubernetesServiceVersionUpToDateMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceAuthorizedIPRangesEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e246bcf-5f6f-4f87-bc6f-775d4712c7ea","parameters":{"effect":{"value":"[parameters(''kubernetesServiceAuthorizedIPRangesEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"threatDetectionTypesOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{"effect":{"value":"[parameters(''threatDetectionTypesOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"threatDetectionTypesOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{"effect":{"value":"[parameters(''threatDetectionTypesOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToManagementPortsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{"effect":{"value":"[parameters(''restrictAccessToManagementPortsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToAppServicesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a833ff1-d297-4a0f-9944-888428f8e0ff","parameters":{"effect":{"value":"[parameters(''restrictAccessToAppServicesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableIPForwardingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744","parameters":{"effect":{"value":"[parameters(''disableIPForwardingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"containerBenchmarkMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{"effect":{"value":"[parameters(''containerBenchmarkMonitoringEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","type":"Microsoft.Authorization/policySetDefinitions","name":"1f3afdf9-d0c9-4c3d-847f-89da613e70a8"},{"properties":{"displayName":"Audit
+ or disable container benchmark monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"ASCDependencyAgentAuditWindowsEffect":{"type":"String","metadata":{"displayName":"Audit
+ Dependency Agent for Windows VMs monitoring","description":"Enable or disable
+ Dependency Agent for Windows VMs"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"ASCDependencyAgentAuditLinuxEffect":{"type":"String","metadata":{"displayName":"Audit
+ Dependency Agent for Linux VMs monitoring","description":"Enable or disable
+ Dependency Agent for Linux VMs"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssEndpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{"effect":{"value":"[parameters(''vmssEndpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInIoTHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInIoTHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInIoTHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceFabricMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"accessRulesInEventHubNamespaceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","parameters":{"effect":{"value":"[parameters(''accessRulesInEventHubNamespaceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"accessRulesInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d","parameters":{"effect":{"value":"[parameters(''accessRulesInEventHubMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"useRbacRulesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{"effect":{"value":"[parameters(''useRbacRulesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInStreamAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"secureTransferToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''secureTransferToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInSqlServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInSqlServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"namespaceAuthorizationRulesInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","parameters":{"effect":{"value":"[parameters(''namespaceAuthorizationRulesInServiceBusMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceBusMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInServiceBusRetentionDays'')]"}}},{"policyDefinitionReferenceId":"clusterProtectionLevelInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{"effect":{"value":"[parameters(''clusterProtectionLevelInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInSearchServiceRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInRedisCacheMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInRedisCacheMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInLogicAppsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInLogicAppsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInLogicAppsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInKeyVaultMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInKeyVaultMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInKeyVaultRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInEventHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInEventHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeStoreMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"classicStorageAccountsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{"effect":{"value":"[parameters(''classicStorageAccountsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"classicComputeVMsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''classicComputeVMsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInBatchAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInBatchAccountMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInBatchAccountRetentionDays'')]"}}},{"policyDefinitionReferenceId":"encryptionOfAutomationAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{"effect":{"value":"[parameters(''encryptionOfAutomationAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSelectiveAppServicesMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSelectiveAppServicesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''sqlDbEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAuditingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAuditingActionsAndGroupsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingActionsAndGroupsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"SqlServerAuditingRetentionDaysMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{"effect":{"value":"[parameters(''SqlServerAuditingRetentionDaysMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnSubnetsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnSubnetsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnVirtualMachinesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemConfigurationsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{"effect":{"value":"[parameters(''systemConfigurationsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"endpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{"effect":{"value":"[parameters(''endpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"serverVulnerabilityAssessment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''serverVulnerabilityAssessmentEffect'')]"}}},{"policyDefinitionReferenceId":"webApplicationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{"effect":{"value":"[parameters(''webApplicationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''nextGenerationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''sqlDbVulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbDataClassificationMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349","parameters":{"effect":{"value":"[parameters(''sqlDbDataClassificationMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateLessThanOwnersMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{"effect":{"value":"[parameters(''identityDesignateLessThanOwnersMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateMoreThanOneOwnerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{"effect":{"value":"[parameters(''identityDesignateMoreThanOneOwnerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''apiAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{"effect":{"value":"[parameters(''functionAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''webAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppAuditFtpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5","parameters":{"effect":{"value":"[parameters(''apiAppAuditFtpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppAuditFtpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","parameters":{"effect":{"value":"[parameters(''webAppAuditFtpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppAuditFtpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15","parameters":{"effect":{"value":"[parameters(''functionAppAuditFtpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppUseManagedIdentityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","parameters":{"effect":{"value":"[parameters(''apiAppUseManagedIdentityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppUseManagedIdentityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332","parameters":{"effect":{"value":"[parameters(''webAppUseManagedIdentityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppUseManagedIdentityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f","parameters":{"effect":{"value":"[parameters(''functionAppUseManagedIdentityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{"effect":{"value":"[parameters(''apiAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{"effect":{"value":"[parameters(''webAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{"effect":{"value":"[parameters(''functionAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''apiAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"apiAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","parameters":{"effect":{"value":"[parameters(''apiAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5","parameters":{"effect":{"value":"[parameters(''functionAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vnetEnableDDoSProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{"effect":{"value":"[parameters(''vnetEnableDDoSProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityEmailsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityEmailsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityEmailsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityEmailsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityEmailAdminsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityEmailAdminsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceRbacEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''kubernetesServiceRbacEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServicePspEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94","parameters":{"effect":{"value":"[parameters(''kubernetesServicePspEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceVersionUpToDateMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{"effect":{"value":"[parameters(''kubernetesServiceVersionUpToDateMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceAuthorizedIPRangesEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e246bcf-5f6f-4f87-bc6f-775d4712c7ea","parameters":{"effect":{"value":"[parameters(''kubernetesServiceAuthorizedIPRangesEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"threatDetectionTypesOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{"effect":{"value":"[parameters(''threatDetectionTypesOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"threatDetectionTypesOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{"effect":{"value":"[parameters(''threatDetectionTypesOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToManagementPortsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{"effect":{"value":"[parameters(''restrictAccessToManagementPortsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToAppServicesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a833ff1-d297-4a0f-9944-888428f8e0ff","parameters":{"effect":{"value":"[parameters(''restrictAccessToAppServicesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableIPForwardingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744","parameters":{"effect":{"value":"[parameters(''disableIPForwardingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"containerBenchmarkMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{"effect":{"value":"[parameters(''containerBenchmarkMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ASCDependencyAgentAuditWindowsEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2f2ee1de-44aa-4762-b6bd-0893fc3f306d","parameters":{"effect":{"value":"[parameters(''ASCDependencyAgentAuditWindowsEffect'')]"}}},{"policyDefinitionReferenceId":"ASCDependencyAgentAuditLinuxEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/04c4380f-3fae-46e8-96c9-30193528f602","parameters":{"effect":{"value":"[parameters(''ASCDependencyAgentAuditLinuxEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","type":"Microsoft.Authorization/policySetDefinitions","name":"1f3afdf9-d0c9-4c3d-847f-89da613e70a8"},{"properties":{"displayName":"Audit
Windows VMs that do not have the specified applications installed","policyType":"BuiltIn","description":"This
initiative deploys the policy requirements and audits Windows virtual machines
that do not have the specified applications installed. For more information
@@ -903,7 +863,7 @@ interactions:
Additional policies will be added in upcoming releases. For more information,
please visit https://aka.ms/ukofficial-blueprint and https://aka.ms/uknhs-blueprint","metadata":{"category":"Regulatory
Compliance"},"parameters":{"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"List
- of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmEtcPasswdFilePermissionsAreSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnauditedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVmDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorVmVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"AuditEnablementOfEncryptionOfAutomationAccountVariables","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{}},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"AuditTheSettingOfClusterprotectionlevelPropertyToEncryptandsignInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{}},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditVMsThatDoNotUseManagedDisks","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/3937f550-eedd-4639-9c5e-294358be442e","type":"Microsoft.Authorization/policySetDefinitions","name":"3937f550-eedd-4639-9c5e-294358be442e"},{"properties":{"displayName":"[Preview]:
+ of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmEtcPasswdFilePermissionsAreSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"DeployPrerequisitesAuditLinuxVmEtcPasswdFilePermissionsAreSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnauditedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVmDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorVmVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"AuditEnablementOfEncryptionOfAutomationAccountVariables","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{}},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AuditTheSettingOfClusterprotectionlevelPropertyToEncryptandsignInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditVMsThatDoNotUseManagedDisks","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{}},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{}},{"policyDefinitionReferenceId":"AuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"AuditVulnerabilityAssessmentShouldBeEnabledOnSQLServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{}},{"policyDefinitionReferenceId":"AuditVulnerabilityAssessmentShouldBeEnabledOnSQLManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"AudtiAdvancedThreatProtectionTypesAllInSQLManagedInstanceAdvancedDataSecuritySettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{}},{"policyDefinitionReferenceId":"AudtiAdvancedThreatProtectionTypesAllInSQLServerAdvancedDataSecuritySettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{}},{"policyDefinitionReferenceId":"TheNsGsRulesForWebApplicationsOnIaaSShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"MonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"MonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"AuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"MonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingsScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/3937f550-eedd-4639-9c5e-294358be442e","type":"Microsoft.Authorization/policySetDefinitions","name":"3937f550-eedd-4639-9c5e-294358be442e"},{"properties":{"displayName":"[Preview]:
Audit SWIFT CSP-CSCF v2020 controls and deploy specific VM Extensions to support
audit requirements","policyType":"BuiltIn","description":"This initiative
includes audit and VM Extension deployment policies that address a subset
@@ -1086,6 +1046,196 @@ interactions:
machines with older versions on which Windows Defender Exploit Guard is not
available (such as Windows Server 2012 R2) non-compliant. Setting this value
to ''Compliant'' will make these machines compliant."},"allowedValues":["Compliant","Non-Compliant"],"defaultValue":"Non-Compliant"}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_WindowsDefenderExploitGuard","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a7a2bcf-f9be-4e35-9734-4f9657a70f1d","parameters":{"NotAvailableMachineState":{"value":"[parameters(''NotAvailableMachineState'')]"}}},{"policyDefinitionReferenceId":"Audit_WindowsDefenderExploitGuard","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/9d2fd8e6-95c8-410d-add0-43ada4241574","type":"Microsoft.Authorization/policySetDefinitions","name":"9d2fd8e6-95c8-410d-add0-43ada4241574"},{"properties":{"displayName":"Audit
+ HITRUST/HIPAA controls and deploy specific VM Extensions to support audit
+ requirements","policyType":"BuiltIn","description":"This initiative includes
+ policies that address a subset of HITRUST/HIPAA controls. Additional policies
+ will be added in upcoming releases. https://aka.ms/hipaa-blueprint","metadata":{"category":"Regulatory
+ Compliance"},"parameters":{"installedApplicationsOnWindowsVM":{"type":"String","metadata":{"displayName":"Application
+ names (supports wildcards)","description":"A semicolon-separated list of the
+ names of the applications that should be installed. e.g. ''Microsoft SQL Server
+ 2014 (64-bit); Microsoft Visual Studio Code'' or ''Microsoft SQL Server 2014*''
+ (to match any application starting with ''Microsoft SQL Server 2014'')"}},"DeployDiagnosticSettingsforNetworkSecurityGroupsstoragePrefix":{"type":"String","metadata":{"displayName":"Storage
+ Account Prefix for Regional Storage Account to deploy diagnostic settings
+ for Network Security Groups","description":"This prefix will be combined with
+ the network security group location to form the created storage account name."}},"DeployDiagnosticSettingsforNetworkSecurityGroupsrgName":{"type":"String","metadata":{"displayName":"Resource
+ Group Name for Storage Account (must exist) to deploy diagnostic settings
+ for Network Security Groups","description":"The resource group that the storage
+ account will be created in. This resource group must already exist.","strongType":"ExistingResourceGroups"}},"diagnosticsLogsInBatchAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Batch accounts should be enabled","description":"Enable or disable
+ the monitoring of diagnostic logs in Batch accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInBatchAccountRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (in days) for logs in Batch accounts","description":"The required
+ diagnostic logs retention period in days"},"defaultValue":"365"},"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect":{"type":"String","metadata":{"displayName":"SQL
+ managed instance TDE protector should be encrypted with your own key","description":"Enable
+ or disable the monitoring of Transparent Data Encryption (TDE) with your own
+ key support. TDE with your own key support provides increased transparency
+ and control over the TDE Protector, increased security with an HSM-backed
+ external service, and promotion of separation of duties."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diskEncryptionMonitoringEffect":{"type":"String","metadata":{"displayName":"Disk
+ encryption should be applied on virtual machines","description":"Enable or
+ disable the monitoring for VM disk encryption"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInSearchServiceMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Search services should be enabled","description":"Enable or disable
+ the monitoring of diagnostic logs in Azure Search service"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInSearchServiceRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (in days) of logs in Azure Search service","description":"The required
+ diagnostic logs retention period in days"},"defaultValue":"365"},"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerability
+ assessment should be enabled on your SQL managed instances","description":"Audit
+ SQL managed instances which do not have recurring vulnerability assessment
+ scans enabled. Vulnerability assessment can discover, track, and help you
+ remediate potential database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vulnerabilityAssesmentMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities
+ should be remediated by a Vulnerability Assessment solution","description":"Enable
+ or disable the detection of VM vulnerabilities by a vulnerability assessment
+ solution"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"EnableInsecureGuestLogons":{"type":"String","metadata":{"displayName":"Enable
+ insecure guest logons","description":"Specifies whether the SMB client will
+ allow insecure guest logons to an SMB server."},"defaultValue":"0"},"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain":{"type":"String","metadata":{"displayName":"Allow
+ simultaneous connections to the Internet or a Windows Domain","description":"Specify
+ whether to prevent computers from connecting to both a domain based network
+ and a non-domain based network at the same time. A value of 0 allows simultaneous
+ connections, and a value of 1 blocks them."},"defaultValue":"1"},"TurnOffMulticastNameResolution":{"type":"String","metadata":{"displayName":"Turn
+ off multicast name resolution","description":"Specifies whether LLMNR, a secondary
+ name resolution protocol that transmits using multicast over a local subnet
+ link on a single subnet, is enabled."},"defaultValue":"1"},"nextGenerationFirewallMonitoringEffect":{"type":"String","metadata":{"displayName":"Access
+ through Internet facing endpoint should be restricted","description":"Enable
+ or disable overly permissive inbound NSG rules monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect":{"type":"String","metadata":{"displayName":"SQL
+ server TDE protector should be encrypted with your own key","description":"Enable
+ or disable the monitoring of Transparent Data Encryption (TDE) with your own
+ key support. TDE with your own key support provides increased transparency
+ and control over the TDE Protector, increased security with an HSM-backed
+ external service, and promotion of separation of duties."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppDisableRemoteDebuggingMonitoringEffect":{"type":"String","metadata":{"displayName":"Remote
+ debugging should be turned off for API App","description":"Enable or disable
+ the monitoring of remote debugging for API App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"classicComputeVMsMonitoringEffect":{"type":"String","metadata":{"displayName":"Virtual
+ machines should be migrated to new Azure Resource Manager resources","description":"Enable
+ or disable the monitoring of classic compute VMs"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"disableUnrestrictedNetworkToStorageAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Audit
+ unrestricted network access to storage accounts","description":"Enable or
+ disable the monitoring of network access to storage account"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"adaptiveApplicationControlsMonitoringEffect":{"type":"String","metadata":{"displayName":"Adaptive
+ Application Controls should be enabled on virtual machines","description":"Enable
+ or disable the monitoring of application whitelisting in Azure Security Center"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"NetworkAccessRemotelyAccessibleRegistryPaths":{"type":"String","metadata":{"displayName":"Network
+ access: Remotely accessible registry paths","description":"Specifies which
+ registry paths will be accessible over the network, regardless of the users
+ or groups listed in the access control list (ACL) of the `winreg` registry
+ key."},"defaultValue":"System\\CurrentControlSet\\Control\\ProductOptions|#|System\\CurrentControlSet\\Control\\Server
+ Applications|#|Software\\Microsoft\\Windows NT\\CurrentVersion"},"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths":{"type":"String","metadata":{"displayName":"Network
+ access: Remotely accessible registry paths and sub-paths","description":"Specifies
+ which registry paths and sub-paths will be accessible over the network, regardless
+ of the users or groups listed in the access control list (ACL) of the `winreg`
+ registry key."},"defaultValue":"System\\CurrentControlSet\\Control\\Print\\Printers|#|System\\CurrentControlSet\\Services\\Eventlog|#|Software\\Microsoft\\OLAP
+ Server|#|Software\\Microsoft\\Windows NT\\CurrentVersion\\Print|#|Software\\Microsoft\\Windows
+ NT\\CurrentVersion\\Windows|#|System\\CurrentControlSet\\Control\\ContentIndex|#|System\\CurrentControlSet\\Control\\Terminal
+ Server|#|System\\CurrentControlSet\\Control\\Terminal Server\\UserConfig|#|System\\CurrentControlSet\\Control\\Terminal
+ Server\\DefaultUserConfiguration|#|Software\\Microsoft\\Windows NT\\CurrentVersion\\Perflib|#|System\\CurrentControlSet\\Services\\SysmonLog"},"NetworkAccessSharesThatCanBeAccessedAnonymously":{"type":"String","metadata":{"displayName":"Network
+ access: Shares that can be accessed anonymously","description":"Specifies
+ which network shares can be accessed by anonymous users. The default configuration
+ for this policy setting has little effect because all users have to be authenticated
+ before they can access shared resources on the server."},"defaultValue":"0"},"webAppDisableRemoteDebuggingMonitoringEffect":{"type":"String","metadata":{"displayName":"Remote
+ debugging should be turned off for Web Application","description":"Enable
+ or disable the monitoring of remote debugging for Web App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppEnforceHttpsMonitoringEffectV2":{"type":"String","metadata":{"displayName":"API
+ App should only be accessible over HTTPS V2","description":"Enable or disable
+ the monitoring of the use of HTTPS in API App V2"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"identityEnableMFAForWritePermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled accounts with write permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with write permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"jitNetworkAccessMonitoringEffect":{"type":"String","metadata":{"displayName":"Just-In-Time
+ network access control should be applied on virtual machines","description":"Enable
+ or disable the monitoring of network just In time access"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled on accounts with owner permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with owner permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"kubernetesServiceRbacEnabledMonitoringEffect":{"type":"String","metadata":{"displayName":"Role-Based
+ Access Control (RBAC) should be used on Kubernetes Services","description":"Enable
+ or disable the monitoring of Kubernetes Services without RBAC enabled"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"restrictAccessToManagementPortsMonitoringEffect":{"type":"String","metadata":{"displayName":"Management
+ ports should be closed on your virtual machines","description":"Enable or
+ disable the monitoring of open management ports on Virtual Machines"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vmssOsVulnerabilitiesMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities
+ in security configuration on your virtual machine scale sets should be remediated","description":"Enable
+ or disable virtual machine scale sets OS vulnerabilities monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInEventHubMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Event Hub should be enabled","description":"Enable or disable the
+ monitoring of diagnostic logs in Event Hub accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInEventHubRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (in days) of logs in Event Hub accounts","description":"The required
+ diagnostic logs retention period in days"},"defaultValue":"365"},"vmssSystemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"System
+ updates on virtual machine scale sets should be installed","description":"Enable
+ or disable virtual machine scale sets reporting of system updates"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInServiceFabricMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Virtual Machine Scale Sets should be enabled","description":"Enable
+ or disable the monitoring of diagnostic logs in Service Fabric"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"systemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"System
+ updates should be installed on your machines","description":"Enable or disable
+ reporting of system updates"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"DeployAzureBaselineSecurityOptionsAccountsAccountsGuestAccountStatus":{"type":"String","metadata":{"displayName":"Accounts:
+ Guest account status","description":"Specifies whether the local Guest account
+ is disabled."},"defaultValue":"0"},"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"type":"String","metadata":{"displayName":"Recovery
+ console: Allow floppy copy and access to all drives and all folders","description":"Specifies
+ whether to make the Recovery Console SET command available, which allows setting
+ of recovery console environment variables."},"defaultValue":"0"},"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"type":"String","metadata":{"displayName":"Audit:
+ Shut down system immediately if unable to log security audits","description":"Audits
+ if the system will shut down when unable to log Security events."},"defaultValue":"0"},"DeployAzureBaselineSystemAuditPoliciesDetailedTrackingAuditProcessTermination":{"type":"String","metadata":{"displayName":"Audit
+ Process Termination","description":"Specifies whether audit events are generated
+ when a process has exited. Recommended for monitoring termination of critical
+ processes."},"allowedValues":["No Auditing","Success","Failure","Success and
+ Failure"],"defaultValue":"No Auditing"},"WindowsFirewallDomainUseProfileSettings":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Use profile settings","description":"Specifies whether
+ Windows Firewall with Advanced Security uses the settings for the Domain profile
+ to filter network traffic. If you select Off, Windows Firewall with Advanced
+ Security will not use any of the firewall rules or connection security rules
+ for this profile."},"defaultValue":"1"},"WindowsFirewallDomainBehaviorForOutboundConnections":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Behavior for outbound connections","description":"Specifies
+ the behavior for outbound connections for the Domain profile that do not match
+ an outbound firewall rule. The default value of 0 means to allow connections,
+ and a value of 1 means to block connections."},"defaultValue":"0"},"WindowsFirewallDomainApplyLocalConnectionSecurityRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Apply local connection security rules","description":"Specifies
+ whether local administrators are allowed to create connection security rules
+ that apply together with connection security rules configured by Group Policy
+ for the Domain profile."},"defaultValue":"1"},"WindowsFirewallDomainApplyLocalFirewallRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Apply local firewall rules","description":"Specifies whether
+ local administrators are allowed to create local firewall rules that apply
+ together with firewall rules configured by Group Policy for the Domain profile."},"defaultValue":"1"},"WindowsFirewallDomainDisplayNotifications":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Display notifications","description":"Specifies whether
+ Windows Firewall with Advanced Security displays notifications to the user
+ when a program is blocked from receiving inbound connections, for the Domain
+ profile."},"defaultValue":"1"},"WindowsFirewallPrivateUseProfileSettings":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Use profile settings","description":"Specifies whether
+ Windows Firewall with Advanced Security uses the settings for the Private
+ profile to filter network traffic. If you select Off, Windows Firewall with
+ Advanced Security will not use any of the firewall rules or connection security
+ rules for this profile."},"defaultValue":"1"},"WindowsFirewallPrivateBehaviorForOutboundConnections":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Behavior for outbound connections","description":"Specifies
+ the behavior for outbound connections for the Private profile that do not
+ match an outbound firewall rule. The default value of 0 means to allow connections,
+ and a value of 1 means to block connections."},"defaultValue":"0"},"WindowsFirewallPrivateApplyLocalConnectionSecurityRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Apply local connection security rules","description":"Specifies
+ whether local administrators are allowed to create connection security rules
+ that apply together with connection security rules configured by Group Policy
+ for the Private profile."},"defaultValue":"1"},"WindowsFirewallPrivateApplyLocalFirewallRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Apply local firewall rules","description":"Specifies whether
+ local administrators are allowed to create local firewall rules that apply
+ together with firewall rules configured by Group Policy for the Private profile."},"defaultValue":"1"},"WindowsFirewallPrivateDisplayNotifications":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Display notifications","description":"Specifies whether
+ Windows Firewall with Advanced Security displays notifications to the user
+ when a program is blocked from receiving inbound connections, for the Private
+ profile."},"defaultValue":"1"},"WindowsFirewallPublicUseProfileSettings":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Use profile settings","description":"Specifies whether
+ Windows Firewall with Advanced Security uses the settings for the Public profile
+ to filter network traffic. If you select Off, Windows Firewall with Advanced
+ Security will not use any of the firewall rules or connection security rules
+ for this profile."},"defaultValue":"1"},"WindowsFirewallPublicBehaviorForOutboundConnections":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Behavior for outbound connections","description":"Specifies
+ the behavior for outbound connections for the Public profile that do not match
+ an outbound firewall rule. The default value of 0 means to allow connections,
+ and a value of 1 means to block connections."},"defaultValue":"0"},"WindowsFirewallPublicApplyLocalConnectionSecurityRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Apply local connection security rules","description":"Specifies
+ whether local administrators are allowed to create connection security rules
+ that apply together with connection security rules configured by Group Policy
+ for the Public profile."},"defaultValue":"1"},"WindowsFirewallPublicApplyLocalFirewallRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Apply local firewall rules","description":"Specifies whether
+ local administrators are allowed to create local firewall rules that apply
+ together with firewall rules configured by Group Policy for the Public profile."},"defaultValue":"1"},"WindowsFirewallPublicDisplayNotifications":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Display notifications","description":"Specifies whether
+ Windows Firewall with Advanced Security displays notifications to the user
+ when a program is blocked from receiving inbound connections, for the Public
+ profile."},"defaultValue":"1"},"WindowsFirewallDomainAllowUnicastResponse":{"type":"String","metadata":{"displayName":"Windows
+ Firewall: Domain: Allow unicast response","description":"Specifies whether
+ Windows Firewall with Advanced Security permits the local computer to receive
+ unicast responses to its outgoing multicast or broadcast messages; for the
+ Domain profile."},"defaultValue":"0"},"WindowsFirewallPrivateAllowUnicastResponse":{"type":"String","metadata":{"displayName":"Windows
+ Firewall: Private: Allow unicast response","description":"Specifies whether
+ Windows Firewall with Advanced Security permits the local computer to receive
+ unicast responses to its outgoing multicast or broadcast messages; for the
+ Private profile."},"defaultValue":"0"},"WindowsFirewallPublicAllowUnicastResponse":{"type":"String","metadata":{"displayName":"Windows
+ Firewall: Public: Allow unicast response","description":"Specifies whether
+ Windows Firewall with Advanced Security permits the local computer to receive
+ unicast responses to its outgoing multicast or broadcast messages; for the
+ Public profile."},"defaultValue":"1"},"CertificateThumbprints":{"type":"String","metadata":{"displayName":"Certificate
+ thumbprints","description":"A semicolon-separated list of certificate thumbprints
+ that should exist under the Trusted Root certificate store (Cert:\\LocalMachine\\Root).
+ e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"DeploydefaultMicrosoftIaaSAntimalwareextensionforWindowsServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc","parameters":{}},{"policyDefinitionReferenceId":"diagnosticsLogsInBatchAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInBatchAccountMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInBatchAccountRetentionDays'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"RequireencryptiononDataLakeStoreaccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a","parameters":{}},{"policyDefinitionReferenceId":"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"AuditSQLTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"Deploy_InstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6","parameters":{"installedApplication":{"value":"[parameters(''installedApplicationsOnWindowsVM'')]"}}},{"policyDefinitionReferenceId":"Audit_InstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9","parameters":{}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21e2995e-683e-497a-9e81-2f42ad07050a","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/498b810c-59cd-4222-9338-352ba146ccf3","parameters":{"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"value":"[parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SystemAuditPoliciesAccountManagement","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/225e937e-d32e-4713-ab74-13ce95b3519a","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SystemAuditPoliciesAccountManagement","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29","parameters":{}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SystemAuditPoliciesDetailedTracking","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9a33475-481d-4b81-9116-0bf02ffe67e8","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SystemAuditPoliciesDetailedTracking","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/42a07bbf-ffcf-459a-b4b1-30ecd118a505","parameters":{"AuditProcessTermination":{"value":"[parameters(''DeployAzureBaselineSystemAuditPoliciesDetailedTrackingAuditProcessTermination'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInSearchServiceRetentionDays'')]"}}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsMicrosoftNetworkServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6fe4ef56-7576-4dc4-8e9c-26bad4b087ce","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsMicrosoftNetworkServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86880e5c-df35-43c5-95ad-7e120635775e","parameters":{}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_AdministrativeTemplatesNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7229bd6a-693d-478a-87f0-1dc1af06f3b8","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_AdministrativeTemplatesNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/985285b7-b97a-419c-8d48-c88cc934c8d8","parameters":{"EnableInsecureGuestLogons":{"value":"[parameters(''EnableInsecureGuestLogons'')]"},"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain":{"value":"[parameters(''AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain'')]"},"TurnOffMulticastNameResolution":{"value":"[parameters(''TurnOffMulticastNameResolution'')]"}}},{"policyDefinitionReferenceId":"Deploynetworkwatcherwhenvirtualnetworksarecreated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9","parameters":{}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_WindowsFirewallProperties","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8bbd627e-4d25-4906-9a6e-3789780af3ec","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_WindowsFirewallProperties","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/909c958d-1b99-4c74-b88f-46a5c5bc34f9","parameters":{"WindowsFirewallDomainUseProfileSettings":{"value":"[parameters(''WindowsFirewallDomainUseProfileSettings'')]"},"WindowsFirewallDomainBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallDomainBehaviorForOutboundConnections'')]"},"WindowsFirewallDomainApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallDomainApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalFirewallRules'')]"},"WindowsFirewallDomainDisplayNotifications":{"value":"[parameters(''WindowsFirewallDomainDisplayNotifications'')]"},"WindowsFirewallPrivateUseProfileSettings":{"value":"[parameters(''WindowsFirewallPrivateUseProfileSettings'')]"},"WindowsFirewallPrivateBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPrivateBehaviorForOutboundConnections'')]"},"WindowsFirewallPrivateApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallPrivateApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalFirewallRules'')]"},"WindowsFirewallPrivateDisplayNotifications":{"value":"[parameters(''WindowsFirewallPrivateDisplayNotifications'')]"},"WindowsFirewallPublicUseProfileSettings":{"value":"[parameters(''WindowsFirewallPublicUseProfileSettings'')]"},"WindowsFirewallPublicBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPublicBehaviorForOutboundConnections'')]"},"WindowsFirewallPublicApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallPublicApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalFirewallRules'')]"},"WindowsFirewallPublicDisplayNotifications":{"value":"[parameters(''WindowsFirewallPublicDisplayNotifications'')]"},"WindowsFirewallDomainAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallDomainAllowUnicastResponse'')]"},"WindowsFirewallPrivateAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPrivateAllowUnicastResponse'')]"},"WindowsFirewallPublicAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPublicAllowUnicastResponse'')]"}}},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''nextGenerationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''apiAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"classicComputeVMsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''classicComputeVMsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"DeployDiagnosticSettingsforNetworkSecurityGroups","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89","parameters":{"storagePrefix":{"value":"[parameters(''DeployDiagnosticSettingsforNetworkSecurityGroupsstoragePrefix'')]"},"rgName":{"value":"[parameters(''DeployDiagnosticSettingsforNetworkSecurityGroupsrgName'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsNetworkAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30040dab-4e75-4456-8273-14b8f75d91d9","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsNetworkAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f56a3ab2-89d1-44de-ac0d-2ada5962e22a","parameters":{"NetworkAccessRemotelyAccessibleRegistryPaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPaths'')]"},"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths'')]"},"NetworkAccessSharesThatCanBeAccessedAnonymously":{"value":"[parameters(''NetworkAccessSharesThatCanBeAccessedAnonymously'')]"}}},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''webAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"AuditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"Audit_WindowsCertificateInTrustedRoot","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b9ad83-000d-4dc1-bff0-6d54533dd03f","parameters":{}},{"policyDefinitionReferenceId":"Deploy_WindowsCertificateInTrustedRoot","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/106ccbe4-a791-4f33-a44a-06796944b8d5","parameters":{"CertificateThumbprints":{"value":"[parameters(''CertificateThumbprints'')]"}}},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''apiAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceRbacEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''kubernetesServiceRbacEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b872a447-cc6f-43b9-bccf-45703cd81607","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e5b81f87-9185-4224-bf00-9f505e9f89f3","parameters":{"AccountsGuestAccountStatus":{"value":"[parameters(''DeployAzureBaselineSecurityOptionsAccountsAccountsGuestAccountStatus'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToManagementPortsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{"effect":{"value":"[parameters(''restrictAccessToManagementPortsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInEventHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInEventHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceFabricMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsRecoveryconsole","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b"},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsRecoveryconsole","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b","parameters":{"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/a169a624-5599-4385-a696-c8d643089fab","type":"Microsoft.Authorization/policySetDefinitions","name":"a169a624-5599-4385-a696-c8d643089fab"},{"properties":{"displayName":"Audit
Windows Server VMs on which Windows Serial Console is not enabled","policyType":"BuiltIn","description":"This
initiative deploys the policy requirements and audits Windows Server virtual
machines on which Windows Serial Console is not enabled. For more information
@@ -1184,7 +1334,81 @@ interactions:
Analytics workspace ID for VM agent reporting"}},"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"List
of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"listOfMembersToExcludeFromWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"List
of users excluded from Windows VM Administrators group"}},"listOfMembersToIncludeInWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"List
- of users that must be included in Windows VM Administrators group"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditCORSResourceAccessRestrictionsForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentMImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVMSSVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceforVMPreviewReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdforVMreporting'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditMaximumNumberOfOwnersForASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditMinimumNumberOfOwnersForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"PreviewAudiThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVMDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorVMVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"AuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de","parameters":{}},{"policyDefinitionReferenceId":"AuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a","parameters":{}},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingsScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{}},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","parameters":{"MembersToExclude":{"value":"[parameters(''listOfMembersToExcludeFromWindowsVMAdministratorsGroup'')]"}}},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","parameters":{"MembersToInclude":{"value":"[parameters(''listOfMembersToIncludeInWindowsVMAdministratorsGroup'')]"}}},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{}},{"policyDefinitionReferenceId":"TheNsGsRulesForWebApplicationsOnIaaSShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f","type":"Microsoft.Authorization/policySetDefinitions","name":"cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f"},{"properties":{"displayName":"[Preview]:
+ of users that must be included in Windows VM Administrators group"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(2)"]},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"PreviewAuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewAuditCORSResourceAccessRestrictionsForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4"]},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentMImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVMSSVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceforVMPreviewReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdforVMreporting'')]"}},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditMaximumNumberOfOwnersForASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"PreviewAuditMinimumNumberOfOwnersForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-5"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAudiThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3","NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3","NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(2)","NIST_SP_800-53_R4_CM-7(5)","NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"PreviewMonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)","NIST_SP_800-53_R4_SC-7(3)","NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVMDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"PreviewMonitorVMVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}},"groupNames":["NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-16","NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SC-28(1)","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-16","NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SC-28(1)","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"AuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"AuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingsScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)","NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","parameters":{"MembersToExclude":{"value":"[parameters(''listOfMembersToExcludeFromWindowsVMAdministratorsGroup'')]"}},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","parameters":{"MembersToInclude":{"value":"[parameters(''listOfMembersToIncludeInWindowsVMAdministratorsGroup'')]"}},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"TheNsGsRulesForWebApplicationsOnIaaSShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1000","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ef3cc79-733e-48ed-ab6f-7bf439e9b406","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-1"]},{"policyDefinitionReferenceId":"ACF1001","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e26f8c3-4bf3-4191-b8fc-d888805101b7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-1"]},{"policyDefinitionReferenceId":"ACF1002","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/632024c2-8079-439d-a7f6-90af1d78cc65","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1003","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b68b179-3704-4ff7-b51d-7d65374d165d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1004","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c17822dc-736f-4eb4-a97d-e6be662ff835","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1005","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b626abc-26d4-4e22-9de8-3831818526b1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1006","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aae8d54c-4bce-4c04-b3aa-5b65b67caac8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1007","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17200329-bf6c-46d8-ac6d-abf4641c2add","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1008","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8356cfc6-507a-4d20-b818-08038011cd07","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1009","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b26f8610-e615-47c2-abd6-c00b2b0b503a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1010","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/784663a8-1eb0-418a-a98c-24d19bc1bb62","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1011","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7e6a54f3-883f-43d5-87c4-172dfd64a1f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1012","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/efd7b9ae-1db6-4eb6-b0fe-87e6565f9738","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1013","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fd7b917-d83b-4379-af60-51e14e316c61","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(1)"]},{"policyDefinitionReferenceId":"ACF1014","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5dee936c-8037-4df1-ab35-6635733da48c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(2)"]},{"policyDefinitionReferenceId":"ACF1015","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/544a208a-9c3f-40bc-b1d1-d7e144495c14","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(3)"]},{"policyDefinitionReferenceId":"ACF1016","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d8b43277-512e-40c3-ab00-14b3b6e72238","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(4)"]},{"policyDefinitionReferenceId":"ACF1017","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0fc3db37-e59a-48c1-84e9-1780cedb409e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(5)"]},{"policyDefinitionReferenceId":"ACF1018","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9121abf-e698-4ee9-b1cf-71ee528ff07f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1019","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a3ee9b2-3977-459c-b8ce-2db583abd9f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1020","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b291ee8-3140-4cad-beb7-568c077c78ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1021","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a3eb0a3-428d-4669-baff-20a14eb4b551","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(9)"]},{"policyDefinitionReferenceId":"ACF1022","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/411f7e2d-9a0b-4627-a0b9-1700432db47d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(10)"]},{"policyDefinitionReferenceId":"ACF1023","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e55698b6-3dea-4aa9-99b9-d8218c6ab6e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(11)"]},{"policyDefinitionReferenceId":"ACF1024","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84914fb4-12da-4c53-a341-a9fd463bed10","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)"]},{"policyDefinitionReferenceId":"ACF1025","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/adfe020d-0a97-45f4-a39c-696ef99f3a95","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)"]},{"policyDefinitionReferenceId":"ACF1026","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/55419419-c597-4cd4-b51e-009fd2266783","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(13)"]},{"policyDefinitionReferenceId":"ACF1027","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-3"]},{"policyDefinitionReferenceId":"ACF1028","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f171df5c-921b-41e9-b12b-50801c315475","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4"]},{"policyDefinitionReferenceId":"ACF1029","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4(8)"]},{"policyDefinitionReferenceId":"ACF1030","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d3531453-b869-4606-9122-29c1cd6e7ed1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4(21)"]},{"policyDefinitionReferenceId":"ACF1031","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b93a801-fe25-4574-a60d-cb22acffae00","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1032","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa85661-d618-46b8-a20f-ca40a86f0751","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1033","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48540f01-fc11-411a-b160-42807c68896e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1034","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02a5ed00-6d2e-4e97-9a98-46c32c057329","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6"]},{"policyDefinitionReferenceId":"ACF1035","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ca94b046-45e2-444f-a862-dc8ce262a516","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(1)"]},{"policyDefinitionReferenceId":"ACF1036","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a16d673-8cf0-4dcf-b1d5-9b3e114fef71","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(2)"]},{"policyDefinitionReferenceId":"ACF1037","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa4c2a3d-1294-41a3-9ada-0e540471e9fb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(3)"]},{"policyDefinitionReferenceId":"ACF1038","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26692e88-71b7-4a5f-a8ac-9f31dd05bd8e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(5)"]},{"policyDefinitionReferenceId":"ACF1039","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3a7b9de4-a8a2-4672-914d-c5f6752aa7f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"ACF1040","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/54205576-cec9-463f-ba44-b4b3f5d0a84c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"ACF1041","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b3d8d15b-627a-4219-8c96-4d16f788888b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(8)"]},{"policyDefinitionReferenceId":"ACF1042","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/319dc4f0-0fed-4ac9-8fc3-7aeddee82c07","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(9)"]},{"policyDefinitionReferenceId":"ACF1043","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/361a77f6-0f9c-4748-8eec-bc13aaaa2455","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(10)"]},{"policyDefinitionReferenceId":"ACF1044","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0abbac52-57cf-450d-8408-1208d0dd9e90","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7"]},{"policyDefinitionReferenceId":"ACF1045","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/554d2dd6-f3a8-4ad5-b66f-5ce23bd18892","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7"]},{"policyDefinitionReferenceId":"ACF1046","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b1aa965-7502-41f9-92be-3e2fe7cc392a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7(2)"]},{"policyDefinitionReferenceId":"ACF1047","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1048","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/483e7ca9-82b3-45a2-be97-b93163a0deb7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1049","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9adf7ba7-900a-4f35-8d57-9f34aafc405c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1050","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd20184c-b4ec-4ce5-8db6-6e86352d183f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-10"]},{"policyDefinitionReferenceId":"ACF1051","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7cac6ee9-b58b-40c8-a5ce-f0efc3d9b339","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11"]},{"policyDefinitionReferenceId":"ACF1052","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/027cae1c-ec3e-4492-9036-4168d540c42a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11"]},{"policyDefinitionReferenceId":"ACF1053","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7582b19c-9dba-438e-aed8-ede59ac35ba3","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11(1)"]},{"policyDefinitionReferenceId":"ACF1054","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5807e1b4-ba5e-4718-8689-a0ca05a191b2","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12"]},{"policyDefinitionReferenceId":"ACF1055","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/769efd9b-3587-4e22-90ce-65ddcd5bd969","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12(1)"]},{"policyDefinitionReferenceId":"ACF1056","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac43352f-df83-4694-8738-cfce549fd08d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12(1)"]},{"policyDefinitionReferenceId":"ACF1057","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/78255758-6d45-4bf0-a005-7016bc03b13c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-14"]},{"policyDefinitionReferenceId":"ACF1058","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/76e85d08-8fbb-4112-a1c1-93521e6a9254","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-14"]},{"policyDefinitionReferenceId":"ACF1059","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a29b5d9f-4953-4afe-b560-203a6410b6b4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17"]},{"policyDefinitionReferenceId":"ACF1060","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34a987fd-2003-45de-a120-014956581f2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17"]},{"policyDefinitionReferenceId":"ACF1061","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ac22808-a2e8-41c4-9d46-429b50738914","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"ACF1062","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4708723f-e099-4af1-bbf9-b6df7642e444","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(2)"]},{"policyDefinitionReferenceId":"ACF1063","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/593ce201-54b2-4dd0-b34f-c308005d7780","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(3)"]},{"policyDefinitionReferenceId":"ACF1064","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb4d9508-cbf0-4a3c-bb5c-6c95b159f3fb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(4)"]},{"policyDefinitionReferenceId":"ACF1065","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f87b8085-dca9-4cf1-8f7b-9822b997797c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(4)"]},{"policyDefinitionReferenceId":"ACF1066","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4455c2e8-c65d-4acf-895e-304916f90b36","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(9)"]},{"policyDefinitionReferenceId":"ACF1067","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c5e54f6-0127-44d0-8b61-f31dc8dd6190","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18"]},{"policyDefinitionReferenceId":"ACF1068","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d045bca-a0fd-452e-9f41-4ec33769717c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18"]},{"policyDefinitionReferenceId":"ACF1069","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/91c97b44-791e-46e9-bad7-ab7c4949edbb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(1)"]},{"policyDefinitionReferenceId":"ACF1070","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68f837d0-8942-4b1e-9b31-be78b247bda8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(3)"]},{"policyDefinitionReferenceId":"ACF1071","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a437f5b-9ad6-4f28-8861-de404d511ae4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(4)"]},{"policyDefinitionReferenceId":"ACF1072","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1ca29e41-34ec-4e70-aba9-6248aca18c31","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(5)"]},{"policyDefinitionReferenceId":"ACF1073","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ab55cdb0-c7dd-4bd8-ae22-a7cea7594e9c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19"]},{"policyDefinitionReferenceId":"ACF1074","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/27a69937-af92-4198-9b86-08d355c7e59a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19"]},{"policyDefinitionReferenceId":"ACF1075","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fc933d22-04df-48ed-8f87-22a3773d4309","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19(5)"]},{"policyDefinitionReferenceId":"ACF1076","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/98a4bd5f-6436-46d4-ad00-930b5b1dfed4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20"]},{"policyDefinitionReferenceId":"ACF1077","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2dad3668-797a-412e-a798-07d3849a7a79","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20"]},{"policyDefinitionReferenceId":"ACF1078","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b25faf85-8a16-4f28-8e15-d05c0072d64d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(1)"]},{"policyDefinitionReferenceId":"ACF1079","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/85c32733-7d23-4948-88da-058e2c56b60f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(1)"]},{"policyDefinitionReferenceId":"ACF1080","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/852981b4-a380-4704-aa1e-2e52d63445e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(2)"]},{"policyDefinitionReferenceId":"ACF1081","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3867f2a9-23bb-4729-851f-c3ad98580caf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-21"]},{"policyDefinitionReferenceId":"ACF1082","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24d480ef-11a0-4b1b-8e70-4e023bf2be23","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-21"]},{"policyDefinitionReferenceId":"ACF1083","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e319cb6-2ca3-4a58-ad75-e67f484e50ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1084","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d0eb15db-dd1c-4d1d-b200-b12dd6cd060c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1085","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13d117e0-38b0-4bbb-aaab-563be5dd10ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1086","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb321e6f-16a0-4be3-878f-500956e309c5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1087","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/100c82ba-42e9-4d44-a2ba-94b209248583","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-1"]},{"policyDefinitionReferenceId":"ACF1088","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d50f99d-1356-49c0-934a-45f742ba7783","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-1"]},{"policyDefinitionReferenceId":"ACF1089","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef080e67-0d1a-4f76-a0c5-fb9b0358485e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1090","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2fb740e5-cbc7-4d10-8686-d1bf826652b1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1091","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b23bd715-5d1c-4e5c-9759-9cbdf79ded9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1092","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8a29d47b-8604-4667-84ef-90d203fcb305","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2(2)"]},{"policyDefinitionReferenceId":"ACF1093","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a0bdeeb-15f4-47e8-a1da-9f769f845fdf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1094","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4b1853e0-8973-446b-b567-09d901d31a09","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1095","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc3f6f7a-057b-433e-9834-e8c97b0194f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1096","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/420c1477-aa43-49d0-bd7e-c4abdd9addff","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3(3)"]},{"policyDefinitionReferenceId":"ACF1097","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf3e4836-f19e-47eb-a8cd-c3ca150452c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3(4)"]},{"policyDefinitionReferenceId":"ACF1098","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84363adb-dde3-411a-9fc1-36b56737f822","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-4"]},{"policyDefinitionReferenceId":"ACF1099","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01910bab-8639-4bd0-84ef-cc53b24d79ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-4"]},{"policyDefinitionReferenceId":"ACF1100","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4057863c-ca7d-47eb-b1e0-503580cba8a4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-1"]},{"policyDefinitionReferenceId":"ACF1101","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7327b708-f0e0-457d-9d2a-527fcc9c9a65","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-1"]},{"policyDefinitionReferenceId":"ACF1102","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9943c16a-c54c-4b4a-ad28-bfd938cdbf57","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1103","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16feeb31-6377-437e-bbab-d7f73911896d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1104","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdd8d244-18b2-4306-a1d1-df175ae0935f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1105","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b73f57b-587d-4470-a344-0b0ae805f459","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1106","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d2b4feae-61ab-423f-a4c5-0e38ac4464d8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2(3)"]},{"policyDefinitionReferenceId":"ACF1107","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b29ed931-8e21-4779-8458-27916122a904","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3"]},{"policyDefinitionReferenceId":"ACF1108","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9ad559e-c12d-415e-9a78-e50fdd7da7ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(1)"]},{"policyDefinitionReferenceId":"ACF1109","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7d9ffa23-ad92-4d0d-b1f4-7db274cc2aec","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)"]},{"policyDefinitionReferenceId":"ACF1110","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6182bfa7-0f2a-43f5-834a-a2ddf31c13c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-4"]},{"policyDefinitionReferenceId":"ACF1111","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21de687c-f15e-4e51-bf8d-f35c8619965b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5"]},{"policyDefinitionReferenceId":"ACF1112","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d530aad8-4ee2-45f4-b234-c061dae683c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5"]},{"policyDefinitionReferenceId":"ACF1113","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/562afd61-56be-4313-8fe4-b9564aa4ba7d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5(1)"]},{"policyDefinitionReferenceId":"ACF1114","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c090801-59bc-4454-bb33-e0455133486a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5(2)"]},{"policyDefinitionReferenceId":"ACF1115","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b653845-2ad9-4e09-a4f3-5a7c1d78353d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6"]},{"policyDefinitionReferenceId":"ACF1116","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e47bc51-35d1-44b8-92af-e2f2d8b67635","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6"]},{"policyDefinitionReferenceId":"ACF1117","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7fbfe680-6dbb-4037-963c-a621c5635902","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(1)"]},{"policyDefinitionReferenceId":"ACF1118","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a96f743d-a195-420d-983a-08aa06bc441e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(3)"]},{"policyDefinitionReferenceId":"ACF1119","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/845f6359-b764-4b40-b579-657aefe23c44","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(4)"]},{"policyDefinitionReferenceId":"ACF1120","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c69b870e-857b-458b-af02-bb234f7a00d3","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(5)"]},{"policyDefinitionReferenceId":"ACF1121","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c72b0eb9-1fc2-44e5-a866-e7cb0532f7c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(6)"]},{"policyDefinitionReferenceId":"ACF1122","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/243ec95e-800c-49d4-ba52-1fdd9f6b8b57","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(7)"]},{"policyDefinitionReferenceId":"ACF1123","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03996055-37a4-45a5-8b70-3f1caa45f87d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(10)"]},{"policyDefinitionReferenceId":"ACF1124","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c10152dd-78f8-4335-ae2d-ad92cc028da4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7"]},{"policyDefinitionReferenceId":"ACF1125","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c6ce745a-670e-47d3-a6c4-3cfe5ef00c10","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7"]},{"policyDefinitionReferenceId":"ACF1126","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f37f71b-420f-49bf-9477-9c0196974ecf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7(1)"]},{"policyDefinitionReferenceId":"ACF1127","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3ce328db-aef3-48ed-9f81-2ab7cf839c66","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8"]},{"policyDefinitionReferenceId":"ACF1128","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef212163-3bc4-4e86-bcf8-705127086393","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8"]},{"policyDefinitionReferenceId":"ACF1129","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/71bb965d-4047-4623-afd4-b8189a58df5d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8(1)"]},{"policyDefinitionReferenceId":"ACF1130","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd7c4c1d-51ee-4349-9dab-89a7f8c8d102","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8(1)"]},{"policyDefinitionReferenceId":"ACF1131","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b472a17e-c2bc-493f-b50b-42d55a346962","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9"]},{"policyDefinitionReferenceId":"ACF1132","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05938e10-cdbd-4a54-9b2b-1cbcfc141ad0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(2)"]},{"policyDefinitionReferenceId":"ACF1133","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90b60a09-133d-45bc-86ef-b206a6134bbe","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(3)"]},{"policyDefinitionReferenceId":"ACF1134","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e95f70e-181c-4422-9da2-43079710c789","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(4)"]},{"policyDefinitionReferenceId":"ACF1135","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9c308b6b-2429-4b97-86cf-081b8e737b04","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-10"]},{"policyDefinitionReferenceId":"ACF1136","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/97ed5bac-a92f-4f6d-a8ed-dc094723597c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-11"]},{"policyDefinitionReferenceId":"ACF1137","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4344df62-88ab-4637-b97b-bcaf2ec97e7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1138","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9c284fc0-268a-4f29-af44-3c126674edb4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1139","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ed62522-de00-4dda-9810-5205733d2f34","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1140","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90d8b8ad-8ee3-4db7-913f-2a53fcff5316","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12(1)"]},{"policyDefinitionReferenceId":"ACF1141","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6fdefbf4-93e7-4513-bc95-c1858b7093e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12(3)"]},{"policyDefinitionReferenceId":"ACF1142","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01524fa8-4555-48ce-ba5f-c3b8dcef5147","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-1"]},{"policyDefinitionReferenceId":"ACF1143","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c6de11b-5f51-4f7c-8d83-d2467c8a816e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-1"]},{"policyDefinitionReferenceId":"ACF1144","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2fa15ff1-a693-4ee4-b094-324818dc9a51","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1145","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0724970-9c75-4a64-a225-a28002953f28","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1146","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd83410c-ecb6-4547-8f14-748c3cbdc7ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1147","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fef824a-29a8-4a4c-88fc-420a39c0d541","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1148","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28e62650-c7c2-4786-bdfa-17edc1673902","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(1)"]},{"policyDefinitionReferenceId":"ACF1149","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2e1b855b-a013-481a-aeeb-2bcb129fd35d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(2)"]},{"policyDefinitionReferenceId":"ACF1150","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d630429d-e763-40b1-8fba-d20ba7314afb","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(3)"]},{"policyDefinitionReferenceId":"ACF1151","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/347e3b69-7fb7-47df-a8ef-71a1a7b44bca","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1152","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/beff0acf-7e67-40b2-b1ca-1a0e8205cf1b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1153","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/61cf3125-142c-4754-8a16-41ab4d529635","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1154","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e757ceb9-93b3-45fe-a4f4-f43f64f1ac5a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3(3)"]},{"policyDefinitionReferenceId":"ACF1155","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d33f9f1-12d0-46ad-9fbd-8f8046694977","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3(5)"]},{"policyDefinitionReferenceId":"ACF1156","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d52e864-9a3b-41ee-8f03-520815fe5378","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-5"]},{"policyDefinitionReferenceId":"ACF1157","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/15495367-cf68-464c-bbc3-f53ca5227b7a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-5"]},{"policyDefinitionReferenceId":"ACF1158","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fff50cf2-28eb-45b4-b378-c99412688907","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1159","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0925f098-7877-450b-8ba4-d1e55f2d8795","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1160","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3e797ca6-2aa8-4333-b335-7036f1110c05","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1161","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2f8f6c6-dde4-436b-a79d-bc50e129eb3a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1162","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1163","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/961663a1-8a91-4e59-b6f5-1eee57c0f49c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1164","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0fb8d3ce-9e96-481c-9c68-88d4e3019310","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1165","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47e10916-6c9e-446b-b0bd-ff5fd439d79d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1166","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bb02733d-3cc5-4bb0-a6cd-695ba2c2272e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1167","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cbb2be76-4891-430b-95a7-ca0b0a3d1300","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1168","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82409f9e-1f32-4775-bf07-b99d53a91b06","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7(1)"]},{"policyDefinitionReferenceId":"ACF1169","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e7ba2cb3-5675-4468-8b50-8486bdd998a5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7(3)"]},{"policyDefinitionReferenceId":"ACF1170","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8b78b9b3-ee3c-48e0-a243-ed6dba5b7a12","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-8"]},{"policyDefinitionReferenceId":"ACF1171","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d4820bc-8b61-4982-9501-2123cb776c00","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-8(1)"]},{"policyDefinitionReferenceId":"ACF1172","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b43e946e-a4c8-4b92-8201-4a39331db43c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-9"]},{"policyDefinitionReferenceId":"ACF1173","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4aff9e7-2e60-46fa-86be-506b79033fc5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-9"]},{"policyDefinitionReferenceId":"ACF1174","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/42a9a714-8fbb-43ac-b115-ea12d2bd652f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-1"]},{"policyDefinitionReferenceId":"ACF1175","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6dab4254-c30d-4bb7-ae99-1d21586c063c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-1"]},{"policyDefinitionReferenceId":"ACF1176","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c30690a5-7bf3-467f-b0cd-ef5c7c7449cd","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2"]},{"policyDefinitionReferenceId":"ACF1177","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1178","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7818b8f4-47c6-441a-90ae-12ce04e99893","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1179","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3f9ce557-c8ab-4e6c-bb2c-9b8ed002c46c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1180","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/874e7880-a067-42a7-bcbe-1a340f54c8cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(2)"]},{"policyDefinitionReferenceId":"ACF1181","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21839937-d241-4fa5-95c6-b669253d9ab9","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(3)"]},{"policyDefinitionReferenceId":"ACF1182","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f34f554-da4b-4786-8d66-7915c90893da","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(7)"]},{"policyDefinitionReferenceId":"ACF1183","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5352e3e0-e63a-452e-9e5f-9c1d181cff9c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(7)"]},{"policyDefinitionReferenceId":"ACF1184","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13579d0e-0ab0-4b26-b0fb-d586f6d7ed20","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1185","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6420cd73-b939-43b7-9d99-e8688fea053c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1186","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b95ba3bd-4ded-49ea-9d10-c6f4b680813d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1187","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9f2b2f9e-4ba6-46c3-907f-66db138b6f85","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1188","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bb20548a-c926-4e4d-855c-bcddc6faf95e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1189","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ee45e02a-4140-416c-82c4-fecfea660b9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1190","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c66a3d1e-465b-4f28-9da5-aef701b59892","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1191","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f26a61b-a74d-467c-99cf-63644db144f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1192","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ebd97f7-b105-4f50-8daf-c51465991240","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1193","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f5fd629f-3075-4cae-ab53-bad65495a4ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1194","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc34667f-397e-4a65-9b72-d0358f0b6b09","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1195","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d1e1d65c-1013-4484-bd54-991332e6a0d2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1196","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e7f4ea4-dd62-44f6-8886-ac6137cf52b0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1197","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a20d2eaa-88e2-4907-96a2-8f3a05797e5c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(2)"]},{"policyDefinitionReferenceId":"ACF1198","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f56be5c3-660b-4c61-9078-f67cf072c356","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(4)"]},{"policyDefinitionReferenceId":"ACF1199","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9a08d1c-09b1-48f1-90ea-029bbdf7111e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(6)"]},{"policyDefinitionReferenceId":"ACF1200","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e98fe9d7-2ed3-44f8-93b7-24dca69783ff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-4"]},{"policyDefinitionReferenceId":"ACF1201","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7daef997-fdd3-461b-8807-a608a6dd70f1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-4(1)"]},{"policyDefinitionReferenceId":"ACF1202","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40a2a83b-74f2-4c02-ae65-f460a5d2792a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5"]},{"policyDefinitionReferenceId":"ACF1203","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9012d14-e3e6-4d7b-b926-9f37b5537066","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(1)"]},{"policyDefinitionReferenceId":"ACF1204","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f4f6750-d1ab-4a4c-8dfd-af3237682665","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(2)"]},{"policyDefinitionReferenceId":"ACF1205","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b070cab-0fb8-4e48-ad29-fc90b4c2797c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(3)"]},{"policyDefinitionReferenceId":"ACF1206","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e0de232d-02a0-4652-872d-88afb4ae5e91","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(5)"]},{"policyDefinitionReferenceId":"ACF1207","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8713a0ed-0d1e-4d10-be82-83dffb39830e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(5)"]},{"policyDefinitionReferenceId":"ACF1208","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5ea87673-d06b-456f-a324-8abcee5c159f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1209","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ce669c31-9103-4552-ae9c-cdef4e03580d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1210","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3502c968-c490-4570-8167-1476f955e9b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1211","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a8b9dc8-6b00-4701-aa96-bba3277ebf50","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1212","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/56d970ee-4efc-49c8-8a4e-5916940d784c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6(1)"]},{"policyDefinitionReferenceId":"ACF1213","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/81f11e32-a293-4a58-82cd-134af52e2318","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6(2)"]},{"policyDefinitionReferenceId":"ACF1214","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f714a4e2-b580-47b6-ae8c-f2812d3750f3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7"]},{"policyDefinitionReferenceId":"ACF1215","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88fc93e8-4745-4785-b5a5-b44bb92c44ff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7"]},{"policyDefinitionReferenceId":"ACF1216","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7894fe6a-f5cb-44c8-ba90-c3f254ff9484","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(1)"]},{"policyDefinitionReferenceId":"ACF1217","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/edea4f20-b02c-4115-be75-86c080e5c0ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(1)"]},{"policyDefinitionReferenceId":"ACF1218","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4a1d0394-b9f5-493e-9e83-563fd0ac4df8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(2)"]},{"policyDefinitionReferenceId":"ACF1219","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2a39ac75-622b-4c88-9a3f-45b7373f7ef7","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1220","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40f31a7-81e1-4130-99e5-a02ceea2a1d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1221","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22589a07-0007-486a-86ca-95355081ae2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1222","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb39e62f-6bda-4558-8088-ec03d5670914","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8"]},{"policyDefinitionReferenceId":"ACF1223","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8"]},{"policyDefinitionReferenceId":"ACF1224","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28cfa30b-7f72-47ce-ba3b-eed26c8d2c82","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(1)"]},{"policyDefinitionReferenceId":"ACF1225","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8d096fe0-f510-4486-8b4d-d17dc230980b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(2)"]},{"policyDefinitionReferenceId":"ACF1226","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c158eb1c-ae7e-4081-8057-d527140c4e0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(3)"]},{"policyDefinitionReferenceId":"ACF1227","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03b78f5e-4877-4303-b0f4-eb6583f25768","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(3)"]},{"policyDefinitionReferenceId":"ACF1228","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/39c54140-5902-4079-8bb5-ad31936fe764","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(4)"]},{"policyDefinitionReferenceId":"ACF1229","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03752212-103c-4ab8-a306-7e813022ca9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(5)"]},{"policyDefinitionReferenceId":"ACF1230","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/11158848-f679-4e9b-aa7b-9fb07d945071","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1231","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/244e0c05-cc45-4fe7-bf36-42dcf01f457d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1232","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/396ba986-eac1-4d6d-85c4-d3fda6b78272","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1233","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d79001f-95fe-45d0-8736-f217e78c1f57","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1234","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b293f881-361c-47ed-b997-bc4e2296bc0b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1235","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c49c610b-ece4-44b3-988c-2172b70d6e46","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1236","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ba3ed84-c768-4e18-b87c-34ef1aff1b57","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1237","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e80b6812-0bfa-4383-8223-cdd86a46a890","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10(1)"]},{"policyDefinitionReferenceId":"ACF1238","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1239","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0be51298-f643-4556-88af-d7db90794879","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1240","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/129eb39f-d79a-4503-84cd-92f036b5e429","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1241","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eca4d7b2-65e2-4e04-95d4-c68606b063c3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11(1)"]},{"policyDefinitionReferenceId":"ACF1242","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf3b3293-667a-445e-a722-fa0b0afc0958","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-1"]},{"policyDefinitionReferenceId":"ACF1243","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ca9a4469-d6df-4ab2-a42f-1213c396f0ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-1"]},{"policyDefinitionReferenceId":"ACF1244","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a13a8f8-c163-4b1b-8554-d63569dab937","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1245","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0e45314-57b8-4623-80cd-bbb561f59516","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1246","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/398eb61e-8111-40d5-a0c9-003df28f1753","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1247","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e666db5-b2ef-4b06-aac6-09bfce49151b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1248","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50fc602d-d8e0-444b-a039-ad138ee5deb0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1249","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d3bf4251-0818-42db-950b-afd5b25a51c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1250","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8de614d8-a8b7-4f70-a62a-6d37089a002c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1251","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e2b3730-8c14-4081-8893-19dbb5de7348","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(1)"]},{"policyDefinitionReferenceId":"ACF1252","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a328fd72-8ff5-4f96-8c9c-b30ed95db4ab","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(2)"]},{"policyDefinitionReferenceId":"ACF1253","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0afce0b3-dd9f-42bb-af28-1e4284ba8311","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(3)"]},{"policyDefinitionReferenceId":"ACF1254","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/704e136a-4fe0-427c-b829-cd69957f5d2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(4)"]},{"policyDefinitionReferenceId":"ACF1255","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3793f5e-937f-44f7-bfba-40647ef3efa0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(5)"]},{"policyDefinitionReferenceId":"ACF1256","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/232ab24b-810b-4640-9019-74a7d0d6a980","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(8)"]},{"policyDefinitionReferenceId":"ACF1257","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b958b241-4245-4bd6-bd2d-b8f0779fb543","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1258","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7814506c-382c-4d33-a142-249dd4a0dbff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1259","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d9e18f7-bad9-4d30-8806-a0c9d5e26208","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1260","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/42254fc4-2738-4128-9613-72aaa4f0d9c3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3(1)"]},{"policyDefinitionReferenceId":"ACF1261","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/65aeceb5-a59c-4cb1-8d82-9c474be5d431","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1262","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/831e510e-db41-4c72-888e-a0621ab62265","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1263","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41472613-3b05-49f6-8fe8-525af113ce17","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1264","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd280d4b-50a1-42fb-a479-ece5878acf19","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(1)"]},{"policyDefinitionReferenceId":"ACF1265","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a18adb5b-1db6-4a5b-901a-7d3797d12972","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(2)"]},{"policyDefinitionReferenceId":"ACF1266","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b4a3eb2-c25d-40bf-ad41-5094b6f59cee","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(2)"]},{"policyDefinitionReferenceId":"ACF1267","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e97ba1d-be5d-4953-8da4-0cccf28f4805","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6"]},{"policyDefinitionReferenceId":"ACF1268","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23f6e984-3053-4dfc-ab48-543b764781f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6"]},{"policyDefinitionReferenceId":"ACF1269","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/19b9439d-865d-4474-b17d-97d2702fdb66","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(1)"]},{"policyDefinitionReferenceId":"ACF1270","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53c76a39-2097-408a-b237-b279f7b4614d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(2)"]},{"policyDefinitionReferenceId":"ACF1271","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da3bfb53-9c46-4010-b3db-a7ba1296dada","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(3)"]},{"policyDefinitionReferenceId":"ACF1272","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1273","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e77fcbf2-a1e8-44f1-860e-ed6583761e65","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1274","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2aee175f-cd16-4825-939a-a85349d96210","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1275","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a23d9d53-ad2e-45ef-afd5-e6d10900a737","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(1)"]},{"policyDefinitionReferenceId":"ACF1276","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e214e563-1206-4a43-a56b-ac5880c9c571","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(2)"]},{"policyDefinitionReferenceId":"ACF1277","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dc43e829-3d50-4a0a-aa0f-428d551862aa","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(3)"]},{"policyDefinitionReferenceId":"ACF1278","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8e5ef485-9e16-4c53-a475-fbb8107eac59","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(4)"]},{"policyDefinitionReferenceId":"ACF1279","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8"]},{"policyDefinitionReferenceId":"ACF1280","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa108498-b3a8-4ffb-9e79-1107e76afad3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(1)"]},{"policyDefinitionReferenceId":"ACF1281","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8dc459b3-0e77-45af-8d71-cfd8c9654fe2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(1)"]},{"policyDefinitionReferenceId":"ACF1282","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34042a97-ec6d-4263-93d2-8c1c46823b2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(2)"]},{"policyDefinitionReferenceId":"ACF1283","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9172e76-7f56-46e9-93bf-75d69bdb5491","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(3)"]},{"policyDefinitionReferenceId":"ACF1284","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/942b3e97-6ae3-410e-a794-c9c999b97c0b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1285","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01f7726b-db54-45c2-bcb5-9bd7a43796ee","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1286","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4f9b47a-2116-4e6f-88db-4edbf22753f1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1287","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/819dc6da-289d-476e-8500-7e341ef8677d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1288","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1289","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a724864-956a-496c-b778-637cb1d762cf","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1290","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/92f85ce9-17b7-49ea-85ee-ea7271ea6b82","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1291","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(1)"]},{"policyDefinitionReferenceId":"ACF1292","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d03516cf-0293-489f-9b32-a18f2a79f836","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(2)"]},{"policyDefinitionReferenceId":"ACF1293","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/87f7cd82-2e45-4d0f-9e2f-586b0962d142","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(3)"]},{"policyDefinitionReferenceId":"ACF1294","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/49dbe627-2c1e-438c-979e-dd7a39bbf81d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(5)"]},{"policyDefinitionReferenceId":"ACF1295","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a895fbdb-204d-4302-9689-0a59dc42b3d9","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10"]},{"policyDefinitionReferenceId":"ACF1296","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e57b98a0-a011-4956-a79d-5d17ed8b8e48","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10(2)"]},{"policyDefinitionReferenceId":"ACF1297","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93fd8af1-c161-4bae-9ba9-f62731f76439","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10(4)"]},{"policyDefinitionReferenceId":"ACF1298","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1dc784b5-4895-4d27-9d40-a06b032bd1ee","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-1"]},{"policyDefinitionReferenceId":"ACF1299","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd4e54f7-9ab0-4bae-b6cc-457809948a89","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-1"]},{"policyDefinitionReferenceId":"ACF1300","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/99deec7d-5526-472e-b07c-3645a792026a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2"]},{"policyDefinitionReferenceId":"ACF1301","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"ACF1302","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09828c65-e323-422b-9774-9d5c646124da","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(2)"]},{"policyDefinitionReferenceId":"ACF1303","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/80ca0a27-918a-4604-af9e-723a27ee51e8","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(3)"]},{"policyDefinitionReferenceId":"ACF1304","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(4)"]},{"policyDefinitionReferenceId":"ACF1305","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d9166a8-1722-4b8f-847c-2cf3f2618b3d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(5)"]},{"policyDefinitionReferenceId":"ACF1306","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(8)"]},{"policyDefinitionReferenceId":"ACF1307","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84e622c8-4bed-417c-84c6-b2fb0dd73682","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(9)"]},{"policyDefinitionReferenceId":"ACF1308","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/81817e1c-5347-48dd-965a-40159d008229","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(11)"]},{"policyDefinitionReferenceId":"ACF1309","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f355d62b-39a8-4ba3-abf7-90f71cb3b000","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(12)"]},{"policyDefinitionReferenceId":"ACF1310","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/450d7ede-823d-4931-a99d-57f6a38807dc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-3"]},{"policyDefinitionReferenceId":"ACF1311","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e7568697-0c9e-4ea3-9cec-9e567d14f3c6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1312","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d6a5968-9eef-4c18-8534-376790ab7274","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1313","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36220f5b-79a1-4cdb-8c74-2d2449f9a510","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1314","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef0c8530-efd9-45b8-b753-f03083d06295","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1315","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3aa87116-f1a1-4edb-bfbf-14e036f8d454","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1316","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ce14753-66e5-465d-9841-26ef55c09c0d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4(4)"]},{"policyDefinitionReferenceId":"ACF1317","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8877f519-c166-47b7-81b7-8a8eb4ff3775","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1318","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fced5fda-3bdb-4d73-bfea-0e2c80428b66","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1319","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/66f7ae57-5560-4fc5-85c9-659f204e7a42","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1320","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6f54c732-71d4-4f93-a696-4e373eca3a77","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1321","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb627cc6-3a9d-46b5-96b7-5fca49178a37","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1322","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d1d971e-467e-4278-9633-c74c3d4fecc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1323","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abe8f70b-680f-470c-9b86-a7edfb664ecc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1324","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cfea2b3-7f77-497e-ac20-0752f2ff6eee","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1325","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1845796a-7581-49b2-ae20-443121538e19","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1326","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8605fc00-1bf5-4fb3-984e-c95cec4f231d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1327","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03188d8f-1ae5-4fe1-974d-2d7d32ef937d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1328","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f5c66fdc-3d02-4034-9db5-ba57802609de","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1329","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/498f6234-3e20-4b6a-a880-cbd646d973bd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1330","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f75cedb2-5def-4b31-973e-b69e8c7bd031","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1331","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05460fe2-301f-4ed1-8174-d62c8bb92ff4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1332","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/068260be-a5e6-4b0a-a430-cd27071c226a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1333","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3298d6bf-4bc6-4278-a95d-f7ef3ac6e594","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1334","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44bfdadc-8c2e-4c30-9c99-f005986fabcd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1335","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/382016f3-d4ba-4e15-9716-55077ec4dc2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1336","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/77f56280-e367-432a-a3b9-8ca2aa636a26","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1337","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/463e5220-3f79-4e24-a63f-343e4096cd22","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(3)"]},{"policyDefinitionReferenceId":"ACF1338","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6c59a207-6aed-41dc-83a2-e1ff66e4a4db","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(4)"]},{"policyDefinitionReferenceId":"ACF1339","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/367ae386-db7f-4167-b672-984ff86277c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(6)"]},{"policyDefinitionReferenceId":"ACF1340","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e51ff84b-e5ea-408f-b651-2ecc2933e4c6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(7)"]},{"policyDefinitionReferenceId":"ACF1341","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34cb7e92-fe4c-4826-b51e-8cd203fa5d35","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(8)"]},{"policyDefinitionReferenceId":"ACF1342","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/283a4e29-69d5-4c94-b99e-29acf003c899","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(11)"]},{"policyDefinitionReferenceId":"ACF1343","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c251a55-31eb-4e53-99c6-e9c43c393ac2","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(13)"]},{"policyDefinitionReferenceId":"ACF1344","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c895fe7-2d8e-43a2-838c-3a533a5b355e","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-6"]},{"policyDefinitionReferenceId":"ACF1345","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f86aa129-7c07-4aa4-bbf5-792d93ffd9ea","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-7"]},{"policyDefinitionReferenceId":"ACF1346","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/464dc8ce-2200-4720-87a5-dc5952924cc6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8"]},{"policyDefinitionReferenceId":"ACF1347","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/131a2706-61e9-4916-a164-00e052056462","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(1)"]},{"policyDefinitionReferenceId":"ACF1348","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/855ced56-417b-4d74-9d5f-dd1bc81e22d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(2)"]},{"policyDefinitionReferenceId":"ACF1349","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17641f70-94cd-4a5d-a613-3d1143e20e34","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(3)"]},{"policyDefinitionReferenceId":"ACF1350","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d77fd943-6ba6-4a21-ba07-22b03e347cc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(4)"]},{"policyDefinitionReferenceId":"ACF1351","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bcfb6683-05e5-4ce6-9723-c3fbe9896bdd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-1"]},{"policyDefinitionReferenceId":"ACF1352","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/518cb545-bfa8-43f8-a108-3b7d5037469a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-1"]},{"policyDefinitionReferenceId":"ACF1353","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c785ad59-f78f-44ad-9a7f-d1202318c748","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1354","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9fd92c17-163a-4511-bb96-bbb476449796","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1355","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90e01f69-3074-4de8-ade7-0fef3e7d83e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1356","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8829f8f5-e8be-441e-85c9-85b72a5d0ef3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2(1)"]},{"policyDefinitionReferenceId":"ACF1357","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e4213689-05e8-4241-9d4e-8dd1cdafd105","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2(2)"]},{"policyDefinitionReferenceId":"ACF1358","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/effbaeef-5bf4-400d-895e-ef8cbc0e64c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-3"]},{"policyDefinitionReferenceId":"ACF1359","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47bc7ea0-7d13-4f7c-a154-b903f7194253","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-3(2)"]},{"policyDefinitionReferenceId":"ACF1360","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/be5b05e7-0b82-4ebc-9eda-25e447b1a41e","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1361","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03ed3be1-7276-4452-9a5d-e4168565ac67","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1362","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5d169442-d6ef-439b-8dca-46c2c3248214","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1363","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea3e8156-89a1-45b1-8bd6-938abc79fdfd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(1)"]},{"policyDefinitionReferenceId":"ACF1364","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c615c2a-dc83-4dda-8220-abce7b50c9bc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(2)"]},{"policyDefinitionReferenceId":"ACF1365","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4116891d-72f7-46ee-911c-8056cc8dcbd5","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(3)"]},{"policyDefinitionReferenceId":"ACF1366","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06c45c30-ae44-4f0f-82be-41331da911cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(4)"]},{"policyDefinitionReferenceId":"ACF1367","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/435b2547-6374-4f87-b42d-6e8dbe6ae62a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(6)"]},{"policyDefinitionReferenceId":"ACF1368","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/465f32da-0ace-4603-8d1b-7be5a3a702de","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(8)"]},{"policyDefinitionReferenceId":"ACF1369","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/18cc35ed-a429-486d-8d59-cb47e87304ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-5"]},{"policyDefinitionReferenceId":"ACF1370","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/924e1b2d-c502-478f-bfdb-a7e09a0d5c01","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-5(1)"]},{"policyDefinitionReferenceId":"ACF1371","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9447f354-2c85-4700-93b3-ecdc6cb6a417","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6"]},{"policyDefinitionReferenceId":"ACF1372","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/25b96717-c912-4c00-9143-4e487f411726","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6"]},{"policyDefinitionReferenceId":"ACF1373","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4cca950f-c3b7-492a-8e8f-ea39663c14f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6(1)"]},{"policyDefinitionReferenceId":"ACF1374","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc5c8616-52ef-4e5e-8000-491634ed9249","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7"]},{"policyDefinitionReferenceId":"ACF1375","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/00379355-8932-4b52-b63a-3bc6daf3451a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(1)"]},{"policyDefinitionReferenceId":"ACF1376","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/493a95f3-f2e3-47d0-af02-65e6d6decc2f","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(2)"]},{"policyDefinitionReferenceId":"ACF1377","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68434bd1-e14b-4031-9edb-a4adf5f84a67","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(2)"]},{"policyDefinitionReferenceId":"ACF1378","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/97fceb70-6983-42d0-9331-18ad8253184d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1379","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9442dd2c-a07f-46cd-b55a-553b66ba47ca","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1380","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4319b7e-ea8d-42ff-8a67-ccd462972827","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1381","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e5368258-9684-4567-8126-269f34e65eab","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1382","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/841392b3-40da-4473-b328-4cde49db67b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1383","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d4558451-e16a-4d2d-a066-fe12a6282bb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1384","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/79fbc228-461c-4a45-9004-a865ca0728a7","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1385","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3e495e65-8663-49ca-9b38-9f45e800bc58","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1386","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5120193e-91fd-4f9d-bc6d-194f94734065","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1387","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3007185-3857-43a9-8237-06ca94f1084c","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1388","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c7c575a-d4c5-4f6f-bd49-dee97a8cba55","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1389","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c39e6fda-ae70-4891-a739-be7bba6d1062","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1390","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3b65b63-09ec-4cb5-8028-7dd324d10eb0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(1)"]},{"policyDefinitionReferenceId":"ACF1391","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd6ac1a1-660e-4810-baa8-74e868e2ed47","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(2)"]},{"policyDefinitionReferenceId":"ACF1392","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86dc819f-15e1-43f9-a271-41ae58d4cecc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(3)"]},{"policyDefinitionReferenceId":"ACF1393","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/731856d8-1598-4b75-92de-7d46235747c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(4)"]},{"policyDefinitionReferenceId":"ACF1394","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4db56f68-3f50-45ab-88f3-ca46f5379a94","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-1"]},{"policyDefinitionReferenceId":"ACF1395","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7207a023-a517-41c5-9df2-09d4c6845a05","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-1"]},{"policyDefinitionReferenceId":"ACF1396","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/276af98f-4ff9-4e69-99fb-c9b2452fb85f","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1397","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/391af4ab-1117-46b9-b2c7-78bbd5cd995b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1398","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/443e8f3d-b51a-45d8-95a7-18b0e42f4dc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1399","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2256e638-eb23-480f-9e15-6cf1af0a76b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1400","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a96d5098-a604-4cdf-90b1-ef6449a27424","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1401","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b78ee928-e3c1-4569-ad97-9f8c4b629847","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1402","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a560d32-8075-4fec-9615-9f7c853f4ea9","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2(2)"]},{"policyDefinitionReferenceId":"ACF1403","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/57149289-d52b-4f40-9fe6-5233c1ef80f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2(2)"]},{"policyDefinitionReferenceId":"ACF1404","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13d8f903-0cd6-449f-a172-50f6579c182b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3"]},{"policyDefinitionReferenceId":"ACF1405","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(1)"]},{"policyDefinitionReferenceId":"ACF1406","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0f5339c-9292-43aa-a0bc-d27c6b8e30aa","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(2)"]},{"policyDefinitionReferenceId":"ACF1407","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ff9fbd83-1d8d-4b41-aac2-94cb44b33976","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1408","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c5f56ac6-4bb2-4086-bc41-ad76344ba2c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1409","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d1880188-e51a-4772-b2ab-68f5e8bd27f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1410","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2596a9f-e59f-420d-9625-6e0b536348be","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1411","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/898d4fe8-f743-4333-86b7-0c9245d93e7d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1412","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3492d949-0dbb-4589-88b3-7b59601cc764","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1413","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeedddb6-6bc0-42d5-809b-80048033419d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1414","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ce63a52-e47b-4ae2-adbb-6e40d967f9e6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1415","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/61a1dd98-b259-4840-abd5-fbba7ee0da83","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1416","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/38dfd8a3-5290-4099-88b7-4081f4c4d8ae","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(2)"]},{"policyDefinitionReferenceId":"ACF1417","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7522ed84-70d5-4181-afc0-21e50b1b6d0e","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(3)"]},{"policyDefinitionReferenceId":"ACF1418","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28e633fd-284e-4ea7-88b4-02ca157ed713","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(3)"]},{"policyDefinitionReferenceId":"ACF1419","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6747bf9-2b97-45b8-b162-3c8becb9937d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(6)"]},{"policyDefinitionReferenceId":"ACF1420","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05ae08cc-a282-413b-90c7-21a2c60b8404","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1421","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e539caaa-da8c-41b8-9e1e-449851e2f7a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1422","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea556850-838d-4a37-8ce5-9d7642f95e11","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1423","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7741669e-d4f6-485a-83cb-e70ce7cbbc20","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5(1)"]},{"policyDefinitionReferenceId":"ACF1424","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf55fc87-48e1-4676-a2f8-d9a8cf993283","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5(1)"]},{"policyDefinitionReferenceId":"ACF1425","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5983d99c-f39b-4c32-a3dc-170f19f6941b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-6"]},{"policyDefinitionReferenceId":"ACF1426","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21f639bc-f42b-46b1-8f40-7a2a389c291a","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-1"]},{"policyDefinitionReferenceId":"ACF1427","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc90e44f-d83f-4bdf-900f-3d5eb4111b31","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-1"]},{"policyDefinitionReferenceId":"ACF1428","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a77fcc7-b8d8-451a-ab52-56197913c0c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-2"]},{"policyDefinitionReferenceId":"ACF1429","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b07c9b24-729e-4e85-95fc-f224d2d08a80","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-3"]},{"policyDefinitionReferenceId":"ACF1430","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f559588-5e53-4b14-a7c4-85d28ebc2234","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-3"]},{"policyDefinitionReferenceId":"ACF1431","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7173c52-2b99-4696-a576-63dd5f970ef4","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-4"]},{"policyDefinitionReferenceId":"ACF1432","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1140e542-b80d-4048-af45-3f7245be274b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-4"]},{"policyDefinitionReferenceId":"ACF1433","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b879b41-2728-41c5-ad24-9ee2c37cbe65","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1434","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c18f06b-a68d-41c3-8863-b8cd3acb5f8f","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1435","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa8d221b-d130-4637-ba16-501e666628bb","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1436","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28aab8b4-74fd-4b7c-9080-5a7be525d574","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1437","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d1eb6ed-bf13-4046-b993-b9e2aef0f76c","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5(4)"]},{"policyDefinitionReferenceId":"ACF1438","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40fcc635-52a2-4dbc-9523-80a1f4aa1de6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6"]},{"policyDefinitionReferenceId":"ACF1439","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dce72873-c5f1-47c3-9b4f-6b8207fd5a45","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6"]},{"policyDefinitionReferenceId":"ACF1440","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/881299bf-2a5b-4686-a1b2-321d33679953","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(1)"]},{"policyDefinitionReferenceId":"ACF1441","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6519d7f3-e8a2-4ff3-a935-9a9497152ad7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(2)"]},{"policyDefinitionReferenceId":"ACF1442","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f26049b-2c5a-4841-9ff3-d48a26aae475","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(3)"]},{"policyDefinitionReferenceId":"ACF1443","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cd0ec6fa-a2e7-4361-aee4-a8688659a9ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-7"]},{"policyDefinitionReferenceId":"ACF1444","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/666143df-f5e0-45bd-b554-135f0f93e44e","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-7(1)"]},{"policyDefinitionReferenceId":"ACF1445","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32d07d59-2716-4972-b37b-214a67ac4a37","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-1"]},{"policyDefinitionReferenceId":"ACF1446","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf6850fe-abba-468e-9ef4-d09ec7d983cd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-1"]},{"policyDefinitionReferenceId":"ACF1447","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9783a99-98fe-4a95-873f-29613309fe9a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1448","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/825d6494-e583-42f2-a3f2-6458e6f0004f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1449","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f784d3b0-5f2b-49b7-b9f3-00ba8653ced5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1450","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/134d7a13-ba3e-41e2-b236-91bfcfa24e01","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1451","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3f1e5a3-25c1-4476-8cb6-3955031f8e65","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1452","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82c76455-4d3f-4e09-a654-22e592107e74","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1453","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9693b564-3008-42bc-9d5d-9c7fe198c011","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1454","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ad58985d-ab32-4f99-8bd3-b7e134c90229","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1455","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/068a88d4-e520-434e-baf0-9005a8164e6a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1456","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/733ba9e3-9e7c-440a-a7aa-6196a90a2870","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1457","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f2d9d3e6-8886-4305-865d-639163e5c305","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1458","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c19ceb7-56e9-4488-8ddb-b1eb3aa6d203","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3(1)"]},{"policyDefinitionReferenceId":"ACF1459","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-4"]},{"policyDefinitionReferenceId":"ACF1460","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6f3ce1bb-4f77-4695-8355-70b08d54fdda","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-5"]},{"policyDefinitionReferenceId":"ACF1461","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aafef03e-fea8-470b-88fa-54bd1fcd7064","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1462","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9b1f3a9a-13a1-4b40-8420-36bca6fd8c02","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1463","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/59721f87-ae25-4db0-a2a4-77cc5b25d495","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1464","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41256567-1795-4684-b00b-a1308ce43cac","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6(1)"]},{"policyDefinitionReferenceId":"ACF1465","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6e41554-86b5-4537-9f7f-4fc41a1d1640","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6(4)"]},{"policyDefinitionReferenceId":"ACF1466","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d943a9c-a6f1-401f-a792-740cdb09c451","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8"]},{"policyDefinitionReferenceId":"ACF1467","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5350cbf9-8bdd-4904-b22a-e88be84ca49d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8"]},{"policyDefinitionReferenceId":"ACF1468","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/75603f96-80a1-4757-991d-5a1221765ddd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8(1)"]},{"policyDefinitionReferenceId":"ACF1469","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-9"]},{"policyDefinitionReferenceId":"ACF1470","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c89ba09f-2e0f-44d0-8095-65b05bd151ef","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1471","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7dd0e9ce-1772-41fb-a50a-99977071f916","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1472","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef869332-921d-4c28-9402-3be73e6e50c8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1473","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d7047705-d719-46a7-8bb0-76ad233eba71","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-11"]},{"policyDefinitionReferenceId":"ACF1474","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03ad326e-d7a1-44b1-9a76-e17492efc9e4","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-11(1)"]},{"policyDefinitionReferenceId":"ACF1475","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34a63848-30cf-4081-937e-ce1a1c885501","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-12"]},{"policyDefinitionReferenceId":"ACF1476","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f3c4ac2-3e35-4906-a80b-473b12a622d7","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13"]},{"policyDefinitionReferenceId":"ACF1477","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4862a63c-6c74-4a9d-a221-89af3c374503","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(1)"]},{"policyDefinitionReferenceId":"ACF1478","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f997df46-cfbb-4cc8-aac8-3fecdaf6a183","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(2)"]},{"policyDefinitionReferenceId":"ACF1479","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e327b072-281d-4f75-9c28-4216e5d72f26","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(3)"]},{"policyDefinitionReferenceId":"ACF1480","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/18a767cc-1947-4338-a240-bc058c81164f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14"]},{"policyDefinitionReferenceId":"ACF1481","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/717a1c78-a267-4f56-ac58-ee6c54dc4339","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14"]},{"policyDefinitionReferenceId":"ACF1482","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9df4277e-8c88-4d5c-9b1a-541d53d15d7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14(2)"]},{"policyDefinitionReferenceId":"ACF1483","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5cb81060-3c8a-4968-bcdc-395a1801f6c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-15"]},{"policyDefinitionReferenceId":"ACF1484","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/486b006a-3653-45e8-b41c-a052d3e05456","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-15(1)"]},{"policyDefinitionReferenceId":"ACF1485","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50301354-95d0-4a11-8af5-8039ecf6d38b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-16"]},{"policyDefinitionReferenceId":"ACF1486","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb790345-a51f-43de-934e-98dbfaf9dca5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1487","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c3371d-c30c-4f58-abd9-30b8a8199571","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1488","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d8ef30eb-a44f-47af-8524-ac19a36d41d2","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1489","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0a794f-1444-4c96-9534-e35fc8c39c91","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-18"]},{"policyDefinitionReferenceId":"ACF1490","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e61da80-0957-4892-b70c-609d5eaafb6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-1"]},{"policyDefinitionReferenceId":"ACF1491","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1571dd40-dafc-4ef4-8f55-16eba27efc7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-1"]},{"policyDefinitionReferenceId":"ACF1492","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ad5f307-e045-46f7-8214-5bdb7e973737","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1493","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22b469b3-fccf-42da-aa3b-a28e6fb113ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1494","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ed09d84-3311-4853-8b67-2b55dfa33d09","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1495","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4978d0e-a596-48e7-9f8c-bbf52554ce8d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1496","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ca96127-2f87-46ab-a4fc-0d2a786df1c8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1497","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2e3c5583-1729-4d36-8771-59c32f090a22","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2(3)"]},{"policyDefinitionReferenceId":"ACF1498","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/633988b9-cf2f-4323-8394-f0d2af9cd6e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1499","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e59671ab-9720-4ee2-9c60-170e8c82251e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1500","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9dd5b241-03cb-47d3-a5cd-4b89f9c53c92","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1501","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88817b58-8472-4f6c-81fa-58ce42b67f51","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1502","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e901375c-8f01-4ac8-9183-d5312f47fe63","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4(1)"]},{"policyDefinitionReferenceId":"ACF1503","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c1fa9c2f-d439-4ab9-8b83-81fb1934f81d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1504","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e7c35d0-12d4-4e0c-80a2-8a352537aefd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1505","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/813a10a7-3943-4fe3-8678-00dc52db5490","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1506","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f7d2ff17-d604-4dd9-b607-9ecf63f28ad2","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-1"]},{"policyDefinitionReferenceId":"ACF1507","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86ccd1bf-e7ad-4851-93ce-6ec817469c1e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-1"]},{"policyDefinitionReferenceId":"ACF1508","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/76f500cc-4bca-4583-bda1-6d084dc21086","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1509","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/70792197-9bfc-4813-905a-bd33993e327f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1510","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/79da5b09-0e7e-499e-adda-141b069c7998","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1511","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9eae324-d327-4539-9293-b48e122465f8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3"]},{"policyDefinitionReferenceId":"ACF1512","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5a8324ad-f599-429b-aaed-f9c6e8c987a8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3"]},{"policyDefinitionReferenceId":"ACF1513","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c416970d-b12b-49eb-8af4-fb144cd7c290","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3(3)"]},{"policyDefinitionReferenceId":"ACF1514","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ed5ca00-0e43-434e-a018-7aab91461ba7","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3(3)"]},{"policyDefinitionReferenceId":"ACF1515","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02dd141a-a2b2-49a7-bcbd-ca31142f6211","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1516","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da3cd269-156f-435b-b472-c3af34c032ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1517","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8f5ad423-50d6-4617-b058-69908f5586c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1518","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d58f734-c052-40e9-8b2f-a1c2bff0b815","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1519","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2f13915a-324c-4ab8-b45c-2eefeeefb098","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1520","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f2c513b-eb16-463b-b469-c10e5fa94f0a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1521","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cbddf9c-a3aa-4330-a0f5-4c0c1f1862e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4(2)"]},{"policyDefinitionReferenceId":"ACF1522","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/38b470cc-f939-4a15-80e0-9f0c74f2e2c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1523","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5577a310-2551-49c8-803b-36e0d5e55601","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1524","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/72f1cb4e-2439-4fe8-88ea-b8671ce3c268","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1525","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9be2f688-7a61-45e3-8230-e1ec93893f66","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1526","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/953e6261-a05a-44fd-8246-000e1a3edbb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1527","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2823de66-332f-4bfd-94a3-3eb036cd3b67","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1528","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/deb9797c-22f8-40e8-b342-a84003c924e6","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1529","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d74fdc92-1cb8-4a34-9978-8556425cd14c","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1530","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e8f9566-29f1-49cd-b61f-f8628a3cf993","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1531","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0643e0c-eee5-4113-8684-c608d05c5236","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1532","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2c66299-9017-4d95-8040-8bdbf7901d52","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1533","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bba2a036-fb3b-4261-b1be-a13dfb5fbcaa","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1534","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8b2b263e-cd05-4488-bcbf-4debec7a17d9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-8"]},{"policyDefinitionReferenceId":"ACF1535","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9a165d2-967d-4733-8399-1074270dae2e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-8"]},{"policyDefinitionReferenceId":"ACF1536","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e40d9de-2ad4-4cb5-8945-23143326a502","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-1"]},{"policyDefinitionReferenceId":"ACF1537","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b19454ca-0d70-42c0-acf5-ea1c1e5726d1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-1"]},{"policyDefinitionReferenceId":"ACF1538","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d7658b2-e827-49c3-a2ae-6d2bd0b45874","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1539","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aabb155f-e7a5-4896-a767-e918bfae2ee0","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1540","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f771f8cb-6642-45cc-9a15-8a41cd5c6977","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1541","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/70f6af82-7be6-44aa-9b15-8b9231b2e434","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1542","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eab340d0-3d55-4826-a0e5-feebfeb0131d","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1543","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd00b778-b5b5-49c0-a994-734ea7bd3624","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1544","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/43ced7c9-cd53-456b-b0da-2522649a4271","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1545","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3f4b171a-a56b-4328-8112-32cf7f947ee1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1546","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ce1ea7e-4038-4e53-82f4-63e8859333c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1547","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1548","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3afe6c78-6124-4d95-b85c-eb8c0c9539cb","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1549","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d6976a08-d969-4df2-bb38-29556c2eb48a","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1550","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/902908fb-25a8-4225-a3a5-5603c80066c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1551","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bbda922-0172-4095-89e6-5b4a0bf03af7","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(1)"]},{"policyDefinitionReferenceId":"ACF1552","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/43684572-e4f1-4642-af35-6b933bc506da","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(2)"]},{"policyDefinitionReferenceId":"ACF1553","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e5225fe-cdfb-4fce-9aec-0fe20dd53b62","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(3)"]},{"policyDefinitionReferenceId":"ACF1554","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10984b4e-c93e-48d7-bf20-9c03b04e9eca","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(4)"]},{"policyDefinitionReferenceId":"ACF1555","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5afa8cab-1ed7-4e40-884c-64e0ac2059cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(5)"]},{"policyDefinitionReferenceId":"ACF1556","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/391ff8b3-afed-405e-9f7d-ef2f8168d5da","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(6)"]},{"policyDefinitionReferenceId":"ACF1557","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36fbe499-f2f2-41b6-880e-52d7ea1d94a5","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(8)"]},{"policyDefinitionReferenceId":"ACF1558","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/65592b16-4367-42c5-a26e-d371be450e17","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(10)"]},{"policyDefinitionReferenceId":"ACF1559","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45692294-f074-42bd-ac54-16f1a3c07554","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-1"]},{"policyDefinitionReferenceId":"ACF1560","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e29e0915-5c2f-4d09-8806-048b749ad763","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-1"]},{"policyDefinitionReferenceId":"ACF1561","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40364c3f-c331-4e29-b1e3-2fbe998ba2f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1562","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d4142013-7964-4163-a313-a900301c2cef","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1563","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9afe2edf-232c-4fdf-8e6a-e867a5c525fd","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1564","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/157f0ef9-143f-496d-b8f9-f8c8eeaad801","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1565","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45ce2396-5c76-4654-9737-f8792ab3d26b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1566","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50ad3724-e2ac-4716-afcc-d8eabd97adb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1567","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e72edbf6-aa61-436d-a227-0f32b77194b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1568","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6a8eae8-9854-495a-ac82-d2cd3eac02a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1569","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ad2f8e61-a564-4dfd-8eaa-816f5be8cb34","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1570","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7fcf38d-bb09-4600-be7d-825046eb162a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1571","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b11c985b-f2cd-4bd7-85f4-b52426edf905","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1572","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/04f5fb00-80bb-48a9-a75b-4cb4d4c97c36","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1573","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/58c93053-7b98-4cf0-b99f-1beb985416c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1574","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f935dab-83d6-47b8-85ef-68b8584161b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1575","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93e1bb73-1b08-4dbe-9c62-8e2e92e7ec41","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(1)"]},{"policyDefinitionReferenceId":"ACF1576","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f18c885-ade3-48c5-80b1-8f9216019c18","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(2)"]},{"policyDefinitionReferenceId":"ACF1577","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d922484a-8cfc-4a6b-95a4-77d6a685407f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(8)"]},{"policyDefinitionReferenceId":"ACF1578","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45b7b644-5f91-498e-9d89-7402532d3645","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(9)"]},{"policyDefinitionReferenceId":"ACF1579","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e54c7ef-7457-430b-9a3e-ef8881d4a8e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(10)"]},{"policyDefinitionReferenceId":"ACF1580","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/854db8ac-6adf-42a0-bef3-b73f764f40b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1581","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/742b549b-7a25-465f-b83c-ea1ffb4f4e0e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1582","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cd9e2f38-259b-462c-bfad-0ad7ab4e65c5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1583","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0882d488-8e80-4466-bc0f-0cd15b6cb66d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1584","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5864522b-ff1d-4979-a9f8-58bee1fb174c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1585","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d57f8732-5cdc-4cda-8d27-ab148e1f3a55","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-8"]},{"policyDefinitionReferenceId":"ACF1586","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e3b2fbd-8f37-4766-a64d-3f37703dcb51","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1587","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32820956-9c6d-4376-934c-05cd8525be7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1588","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68ebae26-e0e0-4ecb-8379-aabf633b51e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1589","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86ec7f9b-9478-40ff-8cfd-6a0d510081a8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(1)"]},{"policyDefinitionReferenceId":"ACF1590","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf296b8c-f391-4ea4-9198-be3c9d39dd1f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(1)"]},{"policyDefinitionReferenceId":"ACF1591","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f751cdb7-fbee-406b-969b-815d367cb9b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(2)"]},{"policyDefinitionReferenceId":"ACF1592","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d01ba6c-289f-42fd-a408-494b355b6222","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(4)"]},{"policyDefinitionReferenceId":"ACF1593","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2cd0a426-b5f5-4fe0-9539-a6043cdbc6fa","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(5)"]},{"policyDefinitionReferenceId":"ACF1594","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/042ba2a1-8bb8-45f4-b080-c78cf62b90e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1595","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1e0414e7-6ef5-4182-8076-aa82fbb53341","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1596","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21e25e01-0ae0-41be-919e-04ce92b8e8b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1597","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68b250ec-2e4f-4eee-898a-117a9fda7016","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1598","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae7e1f5e-2d63-4b38-91ef-bce14151cce3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1599","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0004bbf0-5099-4179-869e-e9ffe5fb0945","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10(1)"]},{"policyDefinitionReferenceId":"ACF1600","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c53f3123-d233-44a7-930b-f40d3bfeb7d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1601","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1602","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ddae2e97-a449-499f-a1c8-aea4a7e52ec9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1603","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b909c26-162f-47ce-8e15-0c1f55632eac","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1604","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44dbba23-0b61-478e-89c7-b3084667782f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1605","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0062eb8b-dc75-4718-8ea5-9bb4a9606655","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(1)"]},{"policyDefinitionReferenceId":"ACF1606","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(2)"]},{"policyDefinitionReferenceId":"ACF1607","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/976a74cf-b192-4d35-8cab-2068f272addb","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(8)"]},{"policyDefinitionReferenceId":"ACF1608","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b73b7b3b-677c-4a2a-b949-ad4dc4acd89f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-12"]},{"policyDefinitionReferenceId":"ACF1609","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e93fa71-42ac-41a7-b177-efbfdc53c69f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-15"]},{"policyDefinitionReferenceId":"ACF1610","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9f3fb54-4222-46a1-a308-4874061f8491","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-15"]},{"policyDefinitionReferenceId":"ACF1611","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-16"]},{"policyDefinitionReferenceId":"ACF1612","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2037b3d-8b04-4171-8610-e6d4f1d08db5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1613","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fe2ad78b-8748-4bff-a924-f74dfca93f30","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1614","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8154e3b3-cc52-40be-9407-7756581d71f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1615","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f35e02aa-0a55-49f8-8811-8abfa7e6f2c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-1"]},{"policyDefinitionReferenceId":"ACF1616","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2006457a-48b3-4f7b-8d2e-1532287f9929","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-1"]},{"policyDefinitionReferenceId":"ACF1617","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a631d8f5-eb81-4f9d-9ee1-74431371e4a3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-2"]},{"policyDefinitionReferenceId":"ACF1618","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f52f89aa-4489-4ec4-950e-8c96a036baa9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-3"]},{"policyDefinitionReferenceId":"ACF1619","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c722e569-cb52-45f3-a643-836547d016e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-4"]},{"policyDefinitionReferenceId":"ACF1620","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d17c826b-1dec-43e1-a984-7b71c446649c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-5"]},{"policyDefinitionReferenceId":"ACF1621","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cb9f731-744a-4691-a481-ca77b0411538","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-6"]},{"policyDefinitionReferenceId":"ACF1622","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ecf56554-164d-499a-8d00-206b07c27bed","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1623","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02ce1b22-412a-4528-8630-c42146f917ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1624","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37d079e3-d6aa-4263-a069-dd7ac6dd9684","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1625","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9b66a4d-70a1-4b47-8fa1-289cec68c605","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(3)"]},{"policyDefinitionReferenceId":"ACF1626","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8f6bddd-6d67-439a-88d4-c5fe39a79341","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1627","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd73310d-76fc-422d-bda4-3a077149f179","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1628","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/67de62b4-a737-4781-8861-3baed3c35069","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1629","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c171b095-7756-41de-8644-a062a96043f2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1630","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3643717a-3897-4bfd-8530-c7c96b26b2a0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1631","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74ae9b8e-e7bb-4c9c-992f-c535282f7a2c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(5)"]},{"policyDefinitionReferenceId":"ACF1632","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ce9073a-77fa-48f0-96b1-87aa8e6091c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(7)"]},{"policyDefinitionReferenceId":"ACF1633","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/07557aa0-e02f-4460-9a81-8ecd2fed601a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(8)"]},{"policyDefinitionReferenceId":"ACF1634","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/292a7c44-37fa-4c68-af7c-9d836955ded2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(10)"]},{"policyDefinitionReferenceId":"ACF1635","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(12)"]},{"policyDefinitionReferenceId":"ACF1636","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7b694eed-7081-43c6-867c-41c76c961043","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(13)"]},{"policyDefinitionReferenceId":"ACF1637","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4075bedc-c62a-4635-bede-a01be89807f3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(18)"]},{"policyDefinitionReferenceId":"ACF1638","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/49b99653-32cd-405d-a135-e7d60a9aae1f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(20)"]},{"policyDefinitionReferenceId":"ACF1639","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/78e8e649-50f6-4fe3-99ac-fedc2e63b03f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(21)"]},{"policyDefinitionReferenceId":"ACF1640","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05a289ce-6a20-4b75-a0f3-dc8601b6acd0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8"]},{"policyDefinitionReferenceId":"ACF1641","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d39d4f68-7346-4133-8841-15318a714a24","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"ACF1642","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53397227-5ee3-4b23-9e5e-c8a767ce6928","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-10"]},{"policyDefinitionReferenceId":"ACF1643","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d8d492c-dd7a-46f7-a723-fa66a425b87c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12"]},{"policyDefinitionReferenceId":"ACF1644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7211477-c970-446b-b4af-062f37461147","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(1)"]},{"policyDefinitionReferenceId":"ACF1645","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/afbd0baf-ff1a-4447-a86f-088a97347c0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(2)"]},{"policyDefinitionReferenceId":"ACF1646","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/506814fa-b930-4b10-894e-a45b98c40e1a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(3)"]},{"policyDefinitionReferenceId":"ACF1647","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/791cfc15-6974-42a0-9f4c-2d4b82f4a78c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-13"]},{"policyDefinitionReferenceId":"ACF1648","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3a9eb14b-495a-4ebb-933c-ce4ef5264e32","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-15"]},{"policyDefinitionReferenceId":"ACF1649","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26d292cc-b0b8-4c29-9337-68abc758bf7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-15"]},{"policyDefinitionReferenceId":"ACF1650","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201d3740-bd16-4baf-b4b8-7cda352228b7","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-17"]},{"policyDefinitionReferenceId":"ACF1651","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6db63528-c9ba-491c-8a80-83e1e6977a50","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1652","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6998e84a-2d29-4e10-8962-76754d4f772d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1653","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1654","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a2ee16e-ab1f-414a-800b-d1608835862b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-19"]},{"policyDefinitionReferenceId":"ACF1655","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/121eab72-390e-4629-a7e2-6d6184f57c6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-19"]},{"policyDefinitionReferenceId":"ACF1656","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1cb067d5-c8b5-4113-a7ee-0a493633924b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-20"]},{"policyDefinitionReferenceId":"ACF1657","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90f01329-a100-43c2-af31-098996135d2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-20"]},{"policyDefinitionReferenceId":"ACF1658","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/063b540e-4bdc-4e7a-a569-3a42ddf22098","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-21"]},{"policyDefinitionReferenceId":"ACF1659","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/35a4102f-a778-4a2e-98c2-971056288df8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-22"]},{"policyDefinitionReferenceId":"ACF1660","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/63096613-ce83-43e5-96f4-e588e8813554","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-23"]},{"policyDefinitionReferenceId":"ACF1661","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c643c9a-1be7-4016-a5e7-e4bada052920","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-23(1)"]},{"policyDefinitionReferenceId":"ACF1662","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/165cb91f-7ea8-4ab7-beaf-8636b98c9d15","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-24"]},{"policyDefinitionReferenceId":"ACF1663","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60171210-6dde-40af-a144-bf2670518bfa","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28"]},{"policyDefinitionReferenceId":"ACF1664","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2cdf6b8-9505-4619-b579-309ba72037ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"ACF1665","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5df3a55c-8456-44d4-941e-175f79332512","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-39"]},{"policyDefinitionReferenceId":"ACF1666","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12e30ee3-61e6-4509-8302-a871e8ebb91e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-1"]},{"policyDefinitionReferenceId":"ACF1667","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d61880dc-6e38-4f2a-a30c-3406a98f8220","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-1"]},{"policyDefinitionReferenceId":"ACF1668","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fb0966e-be1d-42c3-baca-60df5c0bcc61","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1669","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48f2f62b-5743-4415-a143-288adc0e078d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1670","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c6108469-57ee-4666-af7e-79ba61c7ae0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1671","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c5bbef7-a316-415b-9b38-29753ce8e698","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1672","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b45fe972-904e-45a4-ac20-673ba027a301","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(1)"]},{"policyDefinitionReferenceId":"ACF1673","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dff0b90d-5a6f-491c-b2f8-b90aa402d844","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(2)"]},{"policyDefinitionReferenceId":"ACF1674","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93e9e233-dd0a-4bde-aea5-1371bce0e002","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(3)"]},{"policyDefinitionReferenceId":"ACF1675","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/facb66e0-1c48-478a-bed5-747a312323e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(3)"]},{"policyDefinitionReferenceId":"ACF1676","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c10fb58b-56a8-489e-9ce3-7ffe24e78e4b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1677","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4a248e1e-040f-43e5-bff2-afc3a57a3923","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1678","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd533cb0-b416-4be7-8e86-4d154824dfd7","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1679","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2cf42a28-193e-41c5-98df-7688e7ef0a88","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1680","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/399cd6ee-0e18-41db-9dea-cde3bd712f38","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"ACF1681","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12623e7e-4736-4b2e-b776-c1600f35f93a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(2)"]},{"policyDefinitionReferenceId":"ACF1682","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/62b638c5-29d7-404b-8d93-f21e4b1ce198","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(7)"]},{"policyDefinitionReferenceId":"ACF1683","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c79fee4-88dd-44ce-bbd4-4de88948c4f8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1684","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16bfdb59-db38-47a5-88a9-2e9371a638cf","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1685","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36b0ef30-366f-4b1b-8652-a3511df11f53","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1686","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e17085c5-0be8-4423-b39b-a52d3d1402e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1687","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a87fc7f-301e-49f3-ba2a-4d74f424fa97","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1688","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/063c3f09-e0f0-4587-8fd5-f4276fae675f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1689","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/de901f2f-a01a-4456-97f0-33cda7966172","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1690","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2567a23-d1c3-4783-99f3-d471302a4d6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(1)"]},{"policyDefinitionReferenceId":"ACF1691","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/71475fb4-49bd-450b-a1a5-f63894c24725","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(2)"]},{"policyDefinitionReferenceId":"ACF1692","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ecda928-9df4-4dd7-8f44-641a91e470e8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(4)"]},{"policyDefinitionReferenceId":"ACF1693","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a450eba6-2efc-4a00-846a-5804a93c6b77","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(5)"]},{"policyDefinitionReferenceId":"ACF1694","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/426c4ac9-ff17-49d0-acd7-a13c157081c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(11)"]},{"policyDefinitionReferenceId":"ACF1695","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13fcf812-ec82-4eda-9b89-498de9efd620","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(14)"]},{"policyDefinitionReferenceId":"ACF1696","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69d2a238-20ab-4206-a6dc-f302bf88b1b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(16)"]},{"policyDefinitionReferenceId":"ACF1697","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9873db2-18ad-46b3-a11a-1a1f8cbf0335","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(18)"]},{"policyDefinitionReferenceId":"ACF1698","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/31b752c1-05a9-432a-8fce-c39b56550119","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(19)"]},{"policyDefinitionReferenceId":"ACF1699","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69c7bee8-bc19-4129-a51e-65a7b39d3e7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(20)"]},{"policyDefinitionReferenceId":"ACF1700","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(22)"]},{"policyDefinitionReferenceId":"ACF1701","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f25bc08f-27cb-43b6-9a23-014d00700426","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(23)"]},{"policyDefinitionReferenceId":"ACF1702","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4dfc0855-92c4-4641-b155-a55ddd962362","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(24)"]},{"policyDefinitionReferenceId":"ACF1703","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/804faf7d-b687-40f7-9f74-79e28adf4205","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1704","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d44b6fa-1134-4ea6-ad4e-9edb68f65429","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1705","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f82e3639-fa2b-4e06-a786-932d8379b972","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1706","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f475ee0e-f560-4c9b-876b-04a77460a404","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1707","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd4a2ac8-868a-4702-a345-6c896c3361ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5(1)"]},{"policyDefinitionReferenceId":"ACF1708","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a1e2c88-13de-4959-8ee7-47e3d74f1f48","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1709","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/025992d6-7fee-4137-9bbf-2ffc39c0686c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1710","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af2a93c8-e6dd-4c94-acdd-4a2eedfc478e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1711","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b083a535-a66a-41ec-ba7f-f9498bf67cde","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1712","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44e543aa-41db-42aa-98eb-8a5eb1db53f0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7"]},{"policyDefinitionReferenceId":"ACF1713","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d87c70b-5012-48e9-994b-e70dd4b8def0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(1)"]},{"policyDefinitionReferenceId":"ACF1714","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e12494fa-b81e-4080-af71-7dbacc2da0ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(2)"]},{"policyDefinitionReferenceId":"ACF1715","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd469ae0-71a8-4adc-aafc-de6949ca3339","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(5)"]},{"policyDefinitionReferenceId":"ACF1716","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e54c325e-42a0-4dcf-b105-046e0f6f590f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(7)"]},{"policyDefinitionReferenceId":"ACF1717","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(14)"]},{"policyDefinitionReferenceId":"ACF1718","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0dced7ab-9ce5-4137-93aa-14c13e06ab17","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(14)"]},{"policyDefinitionReferenceId":"ACF1719","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c13da9b4-fe14-4fe2-853a-5997c9d4215a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8"]},{"policyDefinitionReferenceId":"ACF1720","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44b9a7cd-f36a-491a-a48b-6d04ae7c4221","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8"]},{"policyDefinitionReferenceId":"ACF1721","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8(1)"]},{"policyDefinitionReferenceId":"ACF1722","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1da06bd-25b6-4127-a301-c313d6873fff","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8(2)"]},{"policyDefinitionReferenceId":"ACF1723","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e91927a0-ac1d-44a0-95f8-5185f9dfce9f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-10"]},{"policyDefinitionReferenceId":"ACF1724","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d07594d1-0307-4c08-94db-5d71ff31f0f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-11"]},{"policyDefinitionReferenceId":"ACF1725","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/afc234b5-456b-4aa5-b3e2-ce89108124cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-11"]},{"policyDefinitionReferenceId":"ACF1726","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/baff1279-05e0-4463-9a70-8ba5de4c7aa4","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-12"]},{"policyDefinitionReferenceId":"ACF1727","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/697175a7-9715-4e89-b98b-c6f605888fa3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-16"]}],"policyDefinitionGroups":[{"name":"NIST_SP_800-53_R4_AC-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-1"},{"name":"NIST_SP_800-53_R4_AC-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-10"},{"name":"NIST_SP_800-53_R4_AC-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-11(1)"},{"name":"NIST_SP_800-53_R4_AC-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-11"},{"name":"NIST_SP_800-53_R4_AC-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-12(1)"},{"name":"NIST_SP_800-53_R4_AC-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-12"},{"name":"NIST_SP_800-53_R4_AC-14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-14"},{"name":"NIST_SP_800-53_R4_AC-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_
+ AC-16"},{"name":"NIST_SP_800-53_R4_AC-17(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(1)"},{"name":"NIST_SP_800-53_R4_AC-17(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(2)"},{"name":"NIST_SP_800-53_R4_AC-17(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(3)"},{"name":"NIST_SP_800-53_R4_AC-17(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(4)"},{"name":"NIST_SP_800-53_R4_AC-17(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(9)"},{"name":"NIST_SP_800-53_R4_AC-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17"},{"name":"NIST_SP_800-53_R4_AC-18(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(1)"},{"name":"NIST_SP_800-53_R4_AC-18(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(3)"},{"name":"NIST_SP_800-53_R4_AC-18(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(4)"},{"name":"NIST_SP_800-53_R4_AC-18(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(5)"},{"name":"NIST_SP_800-53_R4_AC-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18"},{"name":"NIST_SP_800-53_R4_AC-19(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-19(5)"},{"name":"NIST_SP_800-53_R4_AC-19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-19"},{"name":"NIST_SP_800-53_R4_AC-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(1)"},{"name":"NIST_SP_800-53_R4_AC-2(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(10)"},{"name":"NIST_SP_800-53_R4_AC-2(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(11)"},{"name":"NIST_SP_800-53_R4_AC-2(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(12)"},{"name":"NIST_SP_800-53_R4_AC-2(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(13)"},{"name":"NIST_SP_800-53_R4_AC-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(2)"},{"name":"NIST_SP_800-53_R4_AC-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(3)"},{"name":"NIST_SP_800-53_R4_AC-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(4)"},{"name":"NIST_SP_800-53_R4_AC-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(5)"},{"name":"NIST_SP_800-53_R4_AC-2(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(7)"},{"name":"NIST_SP_800-53_R4_AC-2(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(9)"},{"name":"NIST_SP_800-53_R4_AC-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2"},{"name":"NIST_SP_800-53_R4_AC-20(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20(1)"},{"name":"NIST_SP_800-53_R4_AC-20(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20(2)"},{"name":"NIST_SP_800-53_R4_AC-20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20"},{"name":"NIST_SP_800-53_R4_AC-21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-21"},{"name":"NIST_SP_800-53_R4_AC-22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-22"},{"name":"NIST_SP_800-53_R4_AC-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-3"},{"name":"NIST_SP_800-53_R4_AC-4(21)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4(21)"},{"name":"NIST_SP_800-53_R4_AC-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4(8)"},{"name":"NIST_SP_800-53_R4_AC-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4"},{"name":"NIST_SP_800-53_R4_AC-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-5"},{"name":"NIST_SP_800-53_R4_AC-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(1)"},{"name":"NIST_SP_800-53_R4_AC-6(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(10)"},{"name":"NIST_SP_800-53_R4_AC-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(2)"},{"name":"NIST_SP_800-53_R4_AC-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(3)"},{"name":"NIST_SP_800-53_R4_AC-6(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(5)"},{"name":"NIST_SP_800-53_R4_AC-6(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(7)"},{"name":"NIST_SP_800-53_R4_AC-6(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(8)"},{"name":"NIST_SP_800-53_R4_AC-6(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(9)"},{"name":"NIST_SP_800-53_R4_AC-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6"},{"name":"NIST_SP_800-53_R4_AC-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-7(2)"},{"name":"NIST_SP_800-53_R4_AC-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-7"},{"name":"NIST_SP_800-53_R4_AC-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-8"},{"name":"NIST_SP_800-53_R4_AT-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-1"},{"name":"NIST_SP_800-53_R4_AT-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-2(2)"},{"name":"NIST_SP_800-53_R4_AT-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-2"},{"name":"NIST_SP_800-53_R4_AT-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3(3)"},{"name":"NIST_SP_800-53_R4_AT-3(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3(4)"},{"name":"NIST_SP_800-53_R4_AT-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3"},{"name":"NIST_SP_800-53_R4_AT-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-4"},{"name":"NIST_SP_800-53_R4_AU-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-1"},{"name":"NIST_SP_800-53_R4_AU-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-10"},{"name":"NIST_SP_800-53_R4_AU-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-11"},{"name":"NIST_SP_800-53_R4_AU-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12(1)"},{"name":"NIST_SP_800-53_R4_AU-12(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12(3)"},{"name":"NIST_SP_800-53_R4_AU-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12"},{"name":"NIST_SP_800-53_R4_AU-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-2(3)"},{"name":"NIST_SP_800-53_R4_AU-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-2"},{"name":"NIST_SP_800-53_R4_AU-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3(1)"},{"name":"NIST_SP_800-53_R4_AU-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3(2)"},{"name":"NIST_SP_800-53_R4_AU-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3"},{"name":"NIST_SP_800-53_R4_AU-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-4"},{"name":"NIST_SP_800-53_R4_AU-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5(1)"},{"name":"NIST_SP_800-53_R4_AU-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5(2)"},{"name":"NIST_SP_800-53_R4_AU-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5"},{"name":"NIST_SP_800-53_R4_AU-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(1)"},{"name":"NIST_SP_800-53_R4_AU-6(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(10)"},{"name":"NIST_SP_800-53_R4_AU-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(3)"},{"name":"NIST_SP_800-53_R4_AU-6(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(4)"},{"name":"NIST_SP_800-53_R4_AU-6(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(5)"},{"name":"NIST_SP_800-53_R4_AU-6(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(6)"},{"name":"NIST_SP_800-53_R4_AU-6(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(7)"},{"name":"NIST_SP_800-53_R4_AU-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6"},{"name":"NIST_SP_800-53_R4_AU-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-7(1)"},{"name":"NIST_SP_800-53_R4_AU-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-7"},{"name":"NIST_SP_800-53_R4_AU-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-8(1)"},{"name":"NIST_SP_800-53_R4_AU-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-8"},{"name":"NIST_SP_800-53_R4_AU-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(2)"},{"name":"NIST_SP_800-53_R4_AU-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(3)"},{"name":"NIST_SP_800-53_R4_AU-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(4)"},{"name":"NIST_SP_800-53_R4_AU-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9"},{"name":"NIST_SP_800-53_R4_CA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-1"},{"name":"NIST_SP_800-53_R4_CA-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(1)"},{"name":"NIST_SP_800-53_R4_CA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(2)"},{"name":"NIST_SP_800-53_R4_CA-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(3)"},{"name":"NIST_SP_800-53_R4_CA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2"},{"name":"NIST_SP_800-53_R4_CA-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3(3)"},{"name":"NIST_SP_800-53_R4_CA-3(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3(5)"},{"name":"NIST_SP_800-53_R4_CA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3"},{"name":"NIST_SP_800-53_R4_CA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-5"},{"name":"NIST_SP_800-53_R4_CA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-6"},{"name":"NIST_SP_800-53_R4_CA-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7(1)"},{"name":"NIST_SP_800-53_R4_CA-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7(3)"},{"name":"NIST_SP_800-53_R4_CA-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7"},{"name":"NIST_SP_800-53_R4_CA-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-8(1)"},{"name":"NIST_SP_800-53_R4_CA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-8"},{"name":"NIST_SP_800-53_R4_CA-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-9"},{"name":"NIST_SP_800-53_R4_CM-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-1"},{"name":"NIST_SP_800-53_R4_CM-10(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-10(1)"},{"name":"NIST_SP_800-53_R4_CM-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-10"},{"name":"NIST_SP_800-53_R4_CM-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-11(1)"},{"name":"NIST_SP_800-53_R4_CM-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-11"},{"name":"NIST_SP_800-53_R4_CM-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(1)"},{"name":"NIST_SP_800-53_R4_CM-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(2)"},{"name":"NIST_SP_800-53_R4_CM-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(3)"},{"name":"NIST_SP_800-53_R4_CM-2(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(7)"},{"name":"NIST_SP_800-53_R4_CM-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2"},{"name":"NIST_SP_800-53_R4_CM-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(1)"},{"name":"NIST_SP_800-53_R4_CM-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(2)"},{"name":"NIST_SP_800-53_R4_CM-3(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(4)"},{"name":"NIST_SP_800-53_R4_CM-3(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(6)"},{"name":"NIST_SP_800-53_R4_CM-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3"},{"name":"NIST_SP_800-53_R4_CM-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-4(1)"},{"name":"NIST_SP_800-53_R4_CM-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-4"},{"name":"NIST_SP_800-53_R4_CM-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(1)"},{"name":"NIST_SP_800-53_R4_CM-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(2)"},{"name":"NIST_SP_800-53_R4_CM-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(3)"},{"name":"NIST_SP_800-53_R4_CM-5(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(5)"},{"name":"NIST_SP_800-53_R4_CM-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5"},{"name":"NIST_SP_800-53_R4_CM-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6(1)"},{"name":"NIST_SP_800-53_R4_CM-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6(2)"},{"name":"NIST_SP_800-53_R4_CM-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6"},{"name":"NIST_SP_800-53_R4_CM-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(1)"},{"name":"NIST_SP_800-53_R4_CM-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(2)"},{"name":"NIST_SP_800-53_R4_CM-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(5)"},{"name":"NIST_SP_800-53_R4_CM-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7"},{"name":"NIST_SP_800-53_R4_CM-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(1)"},{"name":"NIST_SP_800-53_R4_CM-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(2)"},{"name":"NIST_SP_800-53_R4_CM-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(3)"},{"name":"NIST_SP_800-53_R4_CM-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(4)"},{"name":"NIST_SP_800-53_R4_CM-8(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(5)"},{"name":"NIST_SP_800-53_R4_CM-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8"},{"name":"NIST_SP_800-53_R4_CM-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-9"},{"name":"NIST_SP_800-53_R4_CP-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-1"},{"name":"NIST_SP_800-53_R4_CP-10(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10(2)"},{"name":"NIST_SP_800-53_R4_CP-10(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10(4)"},{"name":"NIST_SP_800-53_R4_CP-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10"},{"name":"NIST_SP_800-53_R4_CP-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(1)"},{"name":"NIST_SP_800-53_R4_CP-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(2)"},{"name":"NIST_SP_800-53_R4_CP-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(3)"},{"name":"NIST_SP_800-53_R4_CP-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(4)"},{"name":"NIST_SP_800-53_R4_CP-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(5)"},{"name":"NIST_SP_800-53_R4_CP-2(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(8)"},{"name":"NIST_SP_800-53_R4_CP-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2"},{"name":"NIST_SP_800-53_R4_CP-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-3(1)"},{"name":"NIST_SP_800-53_R4_CP-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-3"},{"name":"NIST_SP_800-53_R4_CP-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4(1)"},{"name":"NIST_SP_800-53_R4_CP-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4(2)"},{"name":"NIST_SP_800-53_R4_CP-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4"},{"name":"NIST_SP_800-53_R4_CP-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(1)"},{"name":"NIST_SP_800-53_R4_CP-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(2)"},{"name":"NIST_SP_800-53_R4_CP-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(3)"},{"name":"NIST_SP_800-53_R4_CP-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6"},{"name":"NIST_SP_800-53_R4_CP-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(1)"},{"name":"NIST_SP_800-53_R4_CP-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(2)"},{"name":"NIST_SP_800-53_R4_CP-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(3)"},{"name":"NIST_SP_800-53_R4_CP-7(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(4)"},{"name":"NIST_SP_800-53_R4_CP-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7"},{"name":"NIST_SP_800-53_R4_CP-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(1)"},{"name":"NIST_SP_800-53_R4_CP-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(2)"},{"name":"NIST_SP_800-53_R4_CP-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(3)"},{"name":"NIST_SP_800-53_R4_CP-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(4)"},{"name":"NIST_SP_800-53_R4_CP-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8"},{"name":"NIST_SP_800-53_R4_CP-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(1)"},{"name":"NIST_SP_800-53_R4_CP-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(2)"},{"name":"NIST_SP_800-53_R4_CP-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(3)"},{"name":"NIST_SP_800-53_R4_CP-9(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(5)"},{"name":"NIST_SP_800-53_R4_CP-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9"},{"name":"NIST_SP_800-53_R4_IA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-1"},{"name":"NIST_SP_800-53_R4_IA-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(1)"},{"name":"NIST_SP_800-53_R4_IA-2(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(11)"},{"name":"NIST_SP_800-53_R4_IA-2(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(12)"},{"name":"NIST_SP_800-53_R4_IA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(2)"},{"name":"NIST_SP_800-53_R4_IA-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(3)"},{"name":"NIST_SP_800-53_R4_IA-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(4)"},{"name":"NIST_SP_800-53_R4_IA-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(5)"},{"name":"NIST_SP_800-53_R4_IA-2(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(8)"},{"name":"NIST_SP_800-53_R4_IA-2(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(9)"},{"name":"NIST_SP_800-53_R4_IA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2"},{"name":"NIST_SP_800-53_R4_IA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-3"},{"name":"NIST_SP_800-53_R4_IA-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-4(4)"},{"name":"NIST_SP_800-53_R4_IA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-4"},{"name":"NIST_SP_800-53_R4_IA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(1)"},{"name":"NIST_SP_800-53_R4_IA-5(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(11)"},{"name":"NIST_SP_800-53_R4_IA-5(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(13)"},{"name":"NIST_SP_800-53_R4_IA-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(2)"},{"name":"NIST_SP_800-53_R4_IA-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(3)"},{"name":"NIST_SP_800-53_R4_IA-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(4)"},{"name":"NIST_SP_800-53_R4_IA-5(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(6)"},{"name":"NIST_SP_800-53_R4_IA-5(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(7)"},{"name":"NIST_SP_800-53_R4_IA-5(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(8)"},{"name":"NIST_SP_800-53_R4_IA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5"},{"name":"NIST_SP_800-53_R4_IA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-6"},{"name":"NIST_SP_800-53_R4_IA-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-7"},{"name":"NIST_SP_800-53_R4_IA-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(1)"},{"name":"NIST_SP_800-53_R4_IA-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(2)"},{"name":"NIST_SP_800-53_R4_IA-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(3)"},{"name":"NIST_SP_800-53_R4_IA-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(4)"},{"name":"NIST_SP_800-53_R4_IA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8"},{"name":"NIST_SP_800-53_R4_IR-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-1"},{"name":"NIST_SP_800-53_R4_IR-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2(1)"},{"name":"NIST_SP_800-53_R4_IR-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2(2)"},{"name":"NIST_SP_800-53_R4_IR-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2"},{"name":"NIST_SP_800-53_R4_IR-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-3(2)"},{"name":"NIST_SP_800-53_R4_IR-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-3"},{"name":"NIST_SP_800-53_R4_IR-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(1)"},{"name":"NIST_SP_800-53_R4_IR-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(2)"},{"name":"NIST_SP_800-53_R4_IR-4(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(3)"},{"name":"NIST_SP_800-53_R4_IR-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(4)"},{"name":"NIST_SP_800-53_R4_IR-4(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(6)"},{"name":"NIST_SP_800-53_R4_IR-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(8)"},{"name":"NIST_SP_800-53_R4_IR-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4"},{"name":"NIST_SP_800-53_R4_IR-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-5(1)"},{"name":"NIST_SP_800-53_R4_IR-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-5"},{"name":"NIST_SP_800-53_R4_IR-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-6(1)"},{"name":"NIST_SP_800-53_R4_IR-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-6"},{"name":"NIST_SP_800-53_R4_IR-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7(1)"},{"name":"NIST_SP_800-53_R4_IR-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7(2)"},{"name":"NIST_SP_800-53_R4_IR-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7"},{"name":"NIST_SP_800-53_R4_IR-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-8"},{"name":"NIST_SP_800-53_R4_IR-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(1)"},{"name":"NIST_SP_800-53_R4_IR-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(2)"},{"name":"NIST_SP_800-53_R4_IR-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(3)"},{"name":"NIST_SP_800-53_R4_IR-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(4)"},{"name":"NIST_SP_800-53_R4_IR-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9"},{"name":"NIST_SP_800-53_R4_MA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-1"},{"name":"NIST_SP_800-53_R4_MA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-2(2)"},{"name":"NIST_SP_800-53_R4_MA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-2"},{"name":"NIST_SP_800-53_R4_MA-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(1)"},{"name":"NIST_SP_800-53_R4_MA-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(2)"},{"name":"NIST_SP_800-53_R4_MA-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(3)"},{"name":"NIST_SP_800-53_R4_MA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3"},{"name":"NIST_SP_800-53_R4_MA-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(2)"},{"name":"NIST_SP_800-53_R4_MA-4(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(3)"},{"name":"NIST_SP_800-53_R4_MA-4(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(6)"},{"name":"NIST_SP_800-53_R4_MA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4"},{"name":"NIST_SP_800-53_R4_MA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-5(1)"},{"name":"NIST_SP_800-53_R4_MA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-5"},{"name":"NIST_SP_800-53_R4_MA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-6"},{"name":"NIST_SP_800-53_R4_MP-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-1"},{"name":"NIST_SP_800-53_R4_MP-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-2"},{"name":"NIST_SP_800-53_R4_MP-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-3"},{"name":"NIST_SP_800-53_R4_MP-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-4"},{"name":"NIST_SP_800-53_R4_MP-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-5(4)"},{"name":"NIST_SP_800-53_R4_MP-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-5"},{"name":"NIST_SP_800-53_R4_MP-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(1)"},{"name":"NIST_SP_800-53_R4_MP-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(2)"},{"name":"NIST_SP_800-53_R4_MP-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(3)"},{"name":"NIST_SP_800-53_R4_MP-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6"},{"name":"NIST_SP_800-53_R4_MP-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-7(1)"},{"name":"NIST_SP_800-53_R4_MP-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-7"},{"name":"NIST_SP_800-53_R4_PE-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-1"},{"name":"NIST_SP_800-53_R4_PE-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-10"},{"name":"NIST_SP_800-53_R4_PE-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-11(1)"},{"name":"NIST_SP_800-53_R4_PE-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-11"},{"name":"NIST_SP_800-53_R4_PE-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-12"},{"name":"NIST_SP_800-53_R4_PE-13(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(1)"},{"name":"NIST_SP_800-53_R4_PE-13(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(2)"},{"name":"NIST_SP_800-53_R4_PE-13(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(3)"},{"name":"NIST_SP_800-53_R4_PE-13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13"},{"name":"NIST_SP_800-53_R4_PE-14(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-14(2)"},{"name":"NIST_SP_800-53_R4_PE-14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-14"},{"name":"NIST_SP_800-53_R4_PE-15(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-15(1)"},{"name":"NIST_SP_800-53_R4_PE-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-15"},{"name":"NIST_SP_800-53_R4_PE-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-16"},{"name":"NIST_SP_800-53_R4_PE-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-17"},{"name":"NIST_SP_800-53_R4_PE-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-18"},{"name":"NIST_SP_800-53_R4_PE-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-2"},{"name":"NIST_SP_800-53_R4_PE-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-3(1)"},{"name":"NIST_SP_800-53_R4_PE-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-3"},{"name":"NIST_SP_800-53_R4_PE-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-4"},{"name":"NIST_SP_800-53_R4_PE-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-5"},{"name":"NIST_SP_800-53_R4_PE-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6(1)"},{"name":"NIST_SP_800-53_R4_PE-6(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6(4)"},{"name":"NIST_SP_800-53_R4_PE-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6"},{"name":"NIST_SP_800-53_R4_PE-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-8(1)"},{"name":"NIST_SP_800-53_R4_PE-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-8"},{"name":"NIST_SP_800-53_R4_PE-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-9"},{"name":"NIST_SP_800-53_R4_PL-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-1"},{"name":"NIST_SP_800-53_R4_PL-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-2(3)"},{"name":"NIST_SP_800-53_R4_PL-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-2"},{"name":"NIST_SP_800-53_R4_PL-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-4(1)"},{"name":"NIST_SP_800-53_R4_PL-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-4"},{"name":"NIST_SP_800-53_R4_PL-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-8"},{"name":"NIST_SP_800-53_R4_PS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-1"},{"name":"NIST_SP_800-53_R4_PS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-2"},{"name":"NIST_SP_800-53_R4_PS-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-3(3)"},{"name":"NIST_SP_800-53_R4_PS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-3"},{"name":"NIST_SP_800-53_R4_PS-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-4(2)"},{"name":"NIST_SP_800-53_R4_PS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-4"},{"name":"NIST_SP_800-53_R4_PS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-5"},{"name":"NIST_SP_800-53_R4_PS-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-6"},{"name":"NIST_SP_800-53_R4_PS-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-7"},{"name":"NIST_SP_800-53_R4_PS-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-8"},{"name":"NIST_SP_800-53_R4_RA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-1"},{"name":"NIST_SP_800-53_R4_RA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-2"},{"name":"NIST_SP_800-53_R4_RA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-3"},{"name":"NIST_SP_800-53_R4_RA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(1)"},{"name":"NIST_SP_800-53_R4_RA-5(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(10)"},{"name":"NIST_SP_800-53_R4_RA-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(2)"},{"name":"NIST_SP_800-53_R4_RA-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(3)"},{"name":"NIST_SP_800-53_R4_RA-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(4)"},{"name":"NIST_SP_800-53_R4_RA-5(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(5)"},{"name":"NIST_SP_800-53_R4_RA-5(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(6)"},{"name":"NIST_SP_800-53_R4_RA-5(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(8)"},{"name":"NIST_SP_800-53_R4_RA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5"},{"name":"NIST_SP_800-53_R4_SA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-1"},{"name":"NIST_SP_800-53_R4_SA-10(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-10(1)"},{"name":"NIST_SP_800-53_R4_SA-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-10"},{"name":"NIST_SP_800-53_R4_SA-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(1)"},{"name":"NIST_SP_800-53_R4_SA-11(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(2)"},{"name":"NIST_SP_800-53_R4_SA-11(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(8)"},{"name":"NIST_SP_800-53_R4_SA-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11"},{"name":"NIST_SP_800-53_R4_SA-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-12"},{"name":"NIST_SP_800-53_R4_SA-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-15"},{"name":"NIST_SP_800-53_R4_SA-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-16"},{"name":"NIST_SP_800-53_R4_SA-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-17"},{"name":"NIST_SP_800-53_R4_SA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-2"},{"name":"NIST_SP_800-53_R4_SA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-3"},{"name":"NIST_SP_800-53_R4_SA-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(1)"},{"name":"NIST_SP_800-53_R4_SA-4(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(10)"},{"name":"NIST_SP_800-53_R4_SA-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(2)"},{"name":"NIST_SP_800-53_R4_SA-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(8)"},{"name":"NIST_SP_800-53_R4_SA-4(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(9)"},{"name":"NIST_SP_800-53_R4_SA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4"},{"name":"NIST_SP_800-53_R4_SA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-5"},{"name":"NIST_SP_800-53_R4_SA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-8"},{"name":"NIST_SP_800-53_R4_SA-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(1)"},{"name":"NIST_SP_800-53_R4_SA-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(2)"},{"name":"NIST_SP_800-53_R4_SA-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(4)"},{"name":"NIST_SP_800-53_R4_SA-9(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(5)"},{"name":"NIST_SP_800-53_R4_SA-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9"},{"name":"NIST_SP_800-53_R4_SC-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-1"},{"name":"NIST_SP_800-53_R4_SC-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-10"},{"name":"NIST_SP_800-53_R4_SC-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(1)"},{"name":"NIST_SP_800-53_R4_SC-12(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(2)"},{"name":"NIST_SP_800-53_R4_SC-12(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(3)"},{"name":"NIST_SP_800-53_R4_SC-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12"},{"name":"NIST_SP_800-53_R4_SC-13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-13"},{"name":"NIST_SP_800-53_R4_SC-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-15"},{"name":"NIST_SP_800-53_R4_SC-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-17"},{"name":"NIST_SP_800-53_R4_SC-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-18"},{"name":"NIST_SP_800-53_R4_SC-19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-19"},{"name":"NIST_SP_800-53_R4_SC-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-2"},{"name":"NIST_SP_800-53_R4_SC-20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-20"},{"name":"NIST_SP_800-53_R4_SC-21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-21"},{"name":"NIST_SP_800-53_R4_SC-22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-22"},{"name":"NIST_SP_800-53_R4_SC-23(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-23(1)"},{"name":"NIST_SP_800-53_R4_SC-23","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-23"},{"name":"NIST_SP_800-53_R4_SC-24","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-24"},{"name":"NIST_SP_800-53_R4_SC-28(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-28(1)"},{"name":"NIST_SP_800-53_R4_SC-28","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-28"},{"name":"NIST_SP_800-53_R4_SC-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-3"},{"name":"NIST_SP_800-53_R4_SC-39","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-39"},{"name":"NIST_SP_800-53_R4_SC-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-4"},{"name":"NIST_SP_800-53_R4_SC-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-5"},{"name":"NIST_SP_800-53_R4_SC-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-6"},{"name":"NIST_SP_800-53_R4_SC-7(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(10)"},{"name":"NIST_SP_800-53_R4_SC-7(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(12)"},{"name":"NIST_SP_800-53_R4_SC-7(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(13)"},{"name":"NIST_SP_800-53_R4_SC-7(18)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(18)"},{"name":"NIST_SP_800-53_R4_SC-7(20)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(20)"},{"name":"NIST_SP_800-53_R4_SC-7(21)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(21)"},{"name":"NIST_SP_800-53_R4_SC-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(3)"},{"name":"NIST_SP_800-53_R4_SC-7(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(4)"},{"name":"NIST_SP_800-53_R4_SC-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(5)"},{"name":"NIST_SP_800-53_R4_SC-7(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(7)"},{"name":"NIST_SP_800-53_R4_SC-7(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(8)"},{"name":"NIST_SP_800-53_R4_SC-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7"},{"name":"NIST_SP_800-53_R4_SC-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-8(1)"},{"name":"NIST_SP_800-53_R4_SC-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-8"},{"name":"NIST_SP_800-53_R4_SI-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-1"},{"name":"NIST_SP_800-53_R4_SI-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-10"},{"name":"NIST_SP_800-53_R4_SI-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-11"},{"name":"NIST_SP_800-53_R4_SI-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-12"},{"name":"NIST_SP_800-53_R4_SI-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-16"},{"name":"NIST_SP_800-53_R4_SI-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(1)"},{"name":"NIST_SP_800-53_R4_SI-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(2)"},{"name":"NIST_SP_800-53_R4_SI-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(3)"},{"name":"NIST_SP_800-53_R4_SI-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2"},{"name":"NIST_SP_800-53_R4_SI-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(1)"},{"name":"NIST_SP_800-53_R4_SI-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(2)"},{"name":"NIST_SP_800-53_R4_SI-3(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(7)"},{"name":"NIST_SP_800-53_R4_SI-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3"},{"name":"NIST_SP_800-53_R4_SI-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(1)"},{"name":"NIST_SP_800-53_R4_SI-4(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(11)"},{"name":"NIST_SP_800-53_R4_SI-4(14)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(14)"},{"name":"NIST_SP_800-53_R4_SI-4(16)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(16)"},{"name":"NIST_SP_800-53_R4_SI-4(18)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(18)"},{"name":"NIST_SP_800-53_R4_SI-4(19)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(19)"},{"name":"NIST_SP_800-53_R4_SI-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(2)"},{"name":"NIST_SP_800-53_R4_SI-4(20)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(20)"},{"name":"NIST_SP_800-53_R4_SI-4(22)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(22)"},{"name":"NIST_SP_800-53_R4_SI-4(23)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(23)"},{"name":"NIST_SP_800-53_R4_SI-4(24)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(24)"},{"name":"NIST_SP_800-53_R4_SI-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(4)"},{"name":"NIST_SP_800-53_R4_SI-4(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(5)"},{"name":"NIST_SP_800-53_R4_SI-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4"},{"name":"NIST_SP_800-53_R4_SI-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-5(1)"},{"name":"NIST_SP_800-53_R4_SI-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-5"},{"name":"NIST_SP_800-53_R4_SI-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-6"},{"name":"NIST_SP_800-53_R4_SI-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(1)"},{"name":"NIST_SP_800-53_R4_SI-7(14)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(14)"},{"name":"NIST_SP_800-53_R4_SI-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(2)"},{"name":"NIST_SP_800-53_R4_SI-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(5)"},{"name":"NIST_SP_800-53_R4_SI-7(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(7)"},{"name":"NIST_SP_800-53_R4_SI-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7"},{"name":"NIST_SP_800-53_R4_SI-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8(1)"},{"name":"NIST_SP_800-53_R4_SI-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8(2)"},{"name":"NIST_SP_800-53_R4_SI-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f","type":"Microsoft.Authorization/policySetDefinitions","name":"cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f"},{"properties":{"displayName":"[Preview]:
+ Audit FedRAMP High controls and deploy specific VM Extensions to support audit
+ requirements","policyType":"BuiltIn","description":"This initiative includes
+ audit and VM Extension deployment policies that address a subset of FedRAMP
+ H controls. Additional policies will be added in upcoming releases. For more
+ information, please visit https://aka.ms/fedramph-blueprint.","metadata":{"category":"Regulatory
+ Compliance","preview":true},"parameters":{"listOfAllowedLocationsForResourcesAndResourceGroups":{"type":"Array","metadata":{"displayName":"Allowed
+ locations for resources and resource groups","description":"This policy enables
+ you to restrict the locations your organization can create resource groups
+ in or deploy resources. Use to enforce your geo-compliance requirements. Excludes
+ resource groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources
+ that use the ''global'' region.","strongType":"location"}},"membersToIncludeInAdministratorsLocalGroup":{"type":"String","metadata":{"displayName":"Members
+ to be included in the Administrators local group","description":"A semicolon-separated
+ list of members that should be included in the Administrators local group.
+ Ex: Administrator; myUser1; myUser2"}},"membersToExcludeInAdministratorsLocalGroup":{"type":"String","metadata":{"displayName":"Members
+ that should be excluded in the Administrators local group","description":"A
+ semicolon-separated list of members that should be excluded in the Administrators
+ local group. Ex: Administrator; myUser1; myUser2"}},"logAnalyticsWorkspaceIdForVMs":{"type":"String","metadata":{"displayName":"Log
+ Analytics Workspace Id that VMs should be configured for","description":"This
+ is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured
+ for."}},"listOfResourceTypes":{"type":"Array","metadata":{"displayName":"List
+ of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerability
+ assessment should be enabled on your SQL managed instances","description":"Audit
+ SQL managed instances which do not have recurring vulnerability assessment
+ scans enabled. Vulnerability assessment can discover, track, and help you
+ remediate potential database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vulnerabilityAssessmentOnServerMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerability
+ assessment should be enabled on your SQL servers","description":"Audit Azure
+ SQL servers which do not have recurring vulnerability assessment scans enabled.
+ Vulnerability assessment can discover, track, and help you remediate potential
+ database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vulnerabilityAssessmentOnVirtualMachinesEffect":{"type":"String","metadata":{"displayName":"Vulnerability
+ Assessment should be enabled on Virtual Machines","description":"Monitors
+ vulnerabilities detected by Azure Security Center Vulnerability Assessment
+ on Virtual Machines"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"geoRedundancyEnabledForStorageAccountsEffect":{"type":"String","metadata":{"displayName":"Geo-redundant
+ storage should be enabled for Storage Accounts","description":"This policy
+ audits any Storage Account with geo-redundant storage not enabled."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"geoRedundancyEnabledForAzureDatabaseForMariaDBEffect":{"type":"String","metadata":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for MariaDB","description":"This
+ policy audits any Azure Database for MariaDB with geo-redundant backup not
+ enabled."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"geoRedundancyEnabledForAzureDatabaseForMySQLEffect":{"type":"String","metadata":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for MySQL","description":"This
+ policy audits any Azure Database for MySQL with geo-redundant backup not enabled."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"geoRedundancyEnabledForAzureDatabaseForPostgreSQLEffect":{"type":"String","metadata":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for PostgreSQL","description":"This
+ policy audits any Azure Database for PostgreSQL with geo-redundant backup
+ not enabled."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"adaptiveNetworkHardeningsMonitoringEffect":{"type":"String","metadata":{"displayName":"Network
+ Security Group Rules for Internet facing virtual machines should be hardened","description":"Enable
+ or disable the monitoring of Internet-facing virtual machines for Network
+ Security Group traffic hardening recommendations"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppEnforceHttpsMonitoringEffect":{"type":"String","metadata":{"displayName":"Web
+ Application should only be accessible over HTTPS","description":"Enable or
+ disable the monitoring of the use of HTTPS in Web App"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"functionAppEnforceHttpsMonitoringEffect":{"type":"String","metadata":{"displayName":"Function
+ App should only be accessible over HTTPS","description":"Enable or disable
+ the monitoring of the use of HTTPS in function App"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"External
+ accounts with write permissions should be removed from your subscription","description":"Enable
+ or disable the monitoring of external acounts with write permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"External
+ accounts with read permissions should be removed from your subscription","description":"Enable
+ or disable the monitoring of external acounts with read permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"External
+ accounts with owner permissions should be removed from your subscription","description":"Enable
+ or disable the monitoring of external acounts with owner permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"Deprecated
+ accounts with owner permissions should be removed from your subscription","description":"Enable
+ or disable the monitoring of deprecated acounts with owner permissions in
+ subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveDeprecatedAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Deprecated
+ accounts should be removed from your subscription","description":"Enable or
+ disable the monitoring of deprecated acounts in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppRestrictCORSAccessMonitoringEffect":{"type":"String","metadata":{"displayName":"CORS
+ should not allow every resource to access your Web Application","description":"Enable
+ or disable the monitoring of CORS restrictions for API Web"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vmssSystemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"System
+ updates on virtual machine scale sets should be installed","description":"Enable
+ or disable virtual machine scale sets reporting of system updates"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForReadPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled on accounts with read permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with read permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled on accounts with owner permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with owner permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForWritePermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled accounts with write permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with write permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect":{"type":"String","metadata":{"displayName":"Long-term
+ geo-redundant backup should be enabled for Azure SQL Databases","description":"This
+ policy audits any Azure SQL Database with long-term geo-redundant backup not
+ enabled."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"previewMonitorUnprotectedWebApplicationInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"deployRequirementsToAuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{}},{"policyDefinitionReferenceId":"auditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"auditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"serviceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"auditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"transparentDataEncryptionOnSqlDatabasesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"auditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{}},{"policyDefinitionReferenceId":"auditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a","parameters":{}},{"policyDefinitionReferenceId":"auditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de","parameters":{}},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"auditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"auditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"anAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesShouldBeRemediatedByAVulnerabilityAssessmentSolution","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"diskEncryptionShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesOnYourSqlDatabasesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"justInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"systemUpdatesShouldBeInstalledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"monitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmShouldNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditLinuxVmPasswdFilePermissions","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"endpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"previewShowAuditResultsFromWindowsVMsThatDoNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatAllowReUseOfThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLinuxVMsThatHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"dDoSProtectionStandardShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"thereShouldBeMoreThanOneOwnerAssignedToYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"aMaximumOf3OwnersShouldBeDesignatedForYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsAgentDeploymentInVmssVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsAgentDeploymentVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"apiAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"VulnerabilityAssessmentshouldbeenabledonVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnVirtualMachinesEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantStorageShouldBeEnabledForStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf045164-79ba-4215-8f95-f8048dc1780b","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForStorageAccountsEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMariaDB","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForMariaDBEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMySQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForMySQLEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgreSQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForPostgreSQLEffect'')]"}}},{"policyDefinitionReferenceId":"allowedLocationsForResourceGroups","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988","parameters":{"listOfAllowedLocations":{"value":"[parameters(''listOfAllowedLocationsForResourcesAndResourceGroups'')]"}}},{"policyDefinitionReferenceId":"allowedLocationsForResources","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","parameters":{"listOfAllowedLocations":{"value":"[parameters(''listOfAllowedLocationsForResourcesAndResourceGroups'')]"}}},{"policyDefinitionReferenceId":"deployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","parameters":{"membersToInclude":{"value":"[parameters(''membersToIncludeInAdministratorsLocalGroup'')]"}}},{"policyDefinitionReferenceId":"DeployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","parameters":{"membersToExclude":{"value":"[parameters(''membersToExcludeInAdministratorsLocalGroup'')]"}}},{"policyDefinitionReferenceId":"auditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdForVMs'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"longtermGeoRedundantBackupEnabledAzureSQLDatabases","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","parameters":{"effect":{"value":"[parameters(''longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/d5264498-16f4-418a-b659-fa7ef418175f","type":"Microsoft.Authorization/policySetDefinitions","name":"d5264498-16f4-418a-b659-fa7ef418175f"},{"properties":{"displayName":"[Preview]:
Audit Windows VMs that do not match Azure security baseline settings","policyType":"BuiltIn","description":"This
initiative deploys the policy requirements and audits Windows virtual machines
with non-compliant Azure security baseline configurations. For more information
@@ -1571,16 +1795,16 @@ interactions:
Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration"},"parameters":{"ApplicationName":{"type":"String","metadata":{"displayName":"Application
names","description":"A semicolon-separated list of the names of the applications
- that should not be installed. e.g. ''python; powershell''"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_NotInstalledApplicationLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0","parameters":{"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}}},{"policyDefinitionReferenceId":"Audit_NotInstalledApplicationLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/f48bcc78-5400-4fb0-b913-5140a2e5fa20","type":"Microsoft.Authorization/policySetDefinitions","name":"f48bcc78-5400-4fb0-b913-5140a2e5fa20"},{"properties":{"displayName":"test_policyset000008_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","createdOn":"2019-10-21T05:16:22.9815505Z","updatedBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","updatedOn":"2019-10-21T05:16:24.6193468Z"},"policyDefinitions":[{"policyDefinitionReferenceId":"3666295227229577423","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"15249318553143829863","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005"}]},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000007"}]}'
+ that should not be installed. e.g. ''python; powershell''"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_NotInstalledApplicationLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0","parameters":{"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}}},{"policyDefinitionReferenceId":"Audit_NotInstalledApplicationLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/f48bcc78-5400-4fb0-b913-5140a2e5fa20","type":"Microsoft.Authorization/policySetDefinitions","name":"f48bcc78-5400-4fb0-b913-5140a2e5fa20"},{"properties":{"displayName":"test_policyset000008_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T22:28:57.5457822Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T22:29:01.3097162Z"},"policyDefinitions":[{"policyDefinitionReferenceId":"14738038015203011213","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"8821142183218087599","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005"}]},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000007"}]}'
headers:
cache-control:
- no-cache
content-length:
- - '339752'
+ - '645673'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:16:24 GMT
+ - Fri, 06 Dec 2019 22:29:02 GMT
expires:
- '-1'
pragma:
@@ -1610,15 +1834,15 @@ interactions:
ParameterSetName:
- -n --management-group
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policyset000008_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","createdOn":"2019-10-21T05:16:22.9815505Z","updatedBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","updatedOn":"2019-10-21T05:16:24.6193468Z"},"policyDefinitions":[{"policyDefinitionReferenceId":"3666295227229577423","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"15249318553143829863","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005"}]},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000007"}'
+ string: '{"properties":{"displayName":"test_policyset000008_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T22:28:57.5457822Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T22:29:01.3097162Z"},"policyDefinitions":[{"policyDefinitionReferenceId":"14738038015203011213","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"8821142183218087599","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005"}]},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000007"}'
headers:
cache-control:
- no-cache
@@ -1627,7 +1851,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:16:26 GMT
+ - Fri, 06 Dec 2019 22:29:03 GMT
expires:
- '-1'
pragma:
@@ -1659,15 +1883,15 @@ interactions:
ParameterSetName:
- -n --management-group
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: DELETE
- uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policyset000008_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","createdOn":"2019-10-21T05:16:22.9815505Z","updatedBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","updatedOn":"2019-10-21T05:16:24.6193468Z"},"policyDefinitions":[{"policyDefinitionReferenceId":"3666295227229577423","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"15249318553143829863","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005"}]},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000007"}'
+ string: '{"properties":{"displayName":"test_policyset000008_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T22:28:57.5457822Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T22:29:01.3097162Z"},"policyDefinitions":[{"policyDefinitionReferenceId":"14738038015203011213","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"8821142183218087599","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005"}]},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000007"}'
headers:
cache-control:
- no-cache
@@ -1676,7 +1900,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:16:27 GMT
+ - Fri, 06 Dec 2019 22:29:07 GMT
expires:
- '-1'
pragma:
@@ -1708,12 +1932,12 @@ interactions:
ParameterSetName:
- --management-group
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions?api-version=2019-09-01
response:
body:
string: '{"value":[{"properties":{"displayName":"Audit Windows VMs in which
@@ -1760,7 +1984,7 @@ interactions:
of regions where Network Watcher should be enabled","description":"To see
a complete list of regions use Get-AzLocation","strongType":"location"},"defaultValue":["eastus"]},"listOfApprovedVMExtensions":{"type":"Array","metadata":{"displayName":"List
of virtual machine extensions that are approved for use","description":"To
- see a complete list of virtual machine extensions, use Get-AzVMExtensionImage"},"defaultValue":["AzureDiskEncryption","AzureDiskEncryptionForLinux","DependencyAgentWindows","DependencyAgentLinux","IaaSAntimalware","IaaSDiagnostics","LinuxDiagnostic","MicrosoftMonitoringAgent","NetworkWatcherAgentLinux","NetworkWatcherAgentWindows","OmsAgentForLinux","VMSnapshot","VMSnapshotLinux"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"CISv110x1x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x1m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1181c5f-672a-477a-979a-7d58aa086233","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x3CISv110x7x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x5CISv110x7x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x6CISv110x7x1CISv110x7x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x9m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x13","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x14CISv110x4x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x15CISv110x4x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x16","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x17","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x18","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x19","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x4m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x5m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x6m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x7m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x10m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x11","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x13","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x17","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{}},{"policyDefinitionReferenceId":"CISv110x6x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfRegionsWhereNetworkWatcherShouldBeEnabled'')]"}}},{"policyDefinitionReferenceId":"CISv110x7x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","parameters":{}},{"policyDefinitionReferenceId":"CISv110x7x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432","parameters":{"approvedExtensions":{"value":"[parameters(''listOfApprovedVMExtensions'')]"}}},{"policyDefinitionReferenceId":"CISv110x8x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","parameters":{}},{"policyDefinitionReferenceId":"CISv110x8x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1a5bb27d-173f-493e-9568-eb56638dde4d","type":"Microsoft.Authorization/policySetDefinitions","name":"1a5bb27d-173f-493e-9568-eb56638dde4d"},{"properties":{"displayName":"[Preview]:
+ see a complete list of virtual machine extensions, use Get-AzVMExtensionImage"},"defaultValue":["AzureDiskEncryption","AzureDiskEncryptionForLinux","DependencyAgentWindows","DependencyAgentLinux","IaaSAntimalware","IaaSDiagnostics","LinuxDiagnostic","MicrosoftMonitoringAgent","NetworkWatcherAgentLinux","NetworkWatcherAgentWindows","OmsAgentForLinux","VMSnapshot","VMSnapshotLinux"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"CISv110x1x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x1m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x23","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1181c5f-672a-477a-979a-7d58aa086233","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x3CISv110x7x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x5CISv110x7x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x6CISv110x7x1CISv110x7x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x9m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x13","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x14CISv110x4x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x15CISv110x4x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x16","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x17","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x18","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x19","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x4m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x5m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x6m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x7m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x10m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x11","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x13","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x14","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e442","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x15","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e446","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x16","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e8f3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x17","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{}},{"policyDefinitionReferenceId":"CISv110x6x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfRegionsWhereNetworkWatcherShouldBeEnabled'')]"}}},{"policyDefinitionReferenceId":"CISv110x7x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","parameters":{}},{"policyDefinitionReferenceId":"CISv110x7x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432","parameters":{"approvedExtensions":{"value":"[parameters(''listOfApprovedVMExtensions'')]"}}},{"policyDefinitionReferenceId":"CISv110x8x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","parameters":{}},{"policyDefinitionReferenceId":"CISv110x8x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x3m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x3mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x4m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x4mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86d97760-d216-4d81-a3ad-163087b2b6c3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x5m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0473e7a-a1ba-4e86-afb2-e829e11b01d8","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x5mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa81768c-cb87-4ce2-bfaa-00baa10d760c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c2e7ca55-f62c-49b2-89a4-d41eb661d2f0","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x6m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10c1859c-e1a7-4df3-ab97-a487fa8059f6","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x6mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/843664e0-7563-41ee-a9cb-7522c382d2c4","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x7m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ab965db2-d2bf-4b64-8b39-c38ec8179461","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x7mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x8m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x8mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x9m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x9mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x10m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x10mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1a5bb27d-173f-493e-9568-eb56638dde4d","type":"Microsoft.Authorization/policySetDefinitions","name":"1a5bb27d-173f-493e-9568-eb56638dde4d"},{"properties":{"displayName":"[Preview]:
Enable Monitoring in Azure Security Center","policyType":"BuiltIn","description":"Monitor
all the available security recommendations in Azure Security Center. This
is the default policy for Azure Security Center.","metadata":{"category":"Security
@@ -1826,7 +2050,7 @@ interactions:
retention (in days) for logs in Batch accounts","description":"The required
diagnostic logs retention period in days"},"defaultValue":"365"},"metricAlertsInBatchAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Metric
alert rules should be configured on Batch accounts","description":"Enable
- or disable the monitoring of metric alerts in Batch accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"classicComputeVMsMonitoringEffect":{"type":"String","metadata":{"displayName":"Virtual
+ or disable the monitoring of metric alerts in Batch accounts","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"classicComputeVMsMonitoringEffect":{"type":"String","metadata":{"displayName":"Virtual
machines should be migrated to new Azure Resource Manager resources","description":"Enable
or disable the monitoring of classic compute VMs"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"classicStorageAccountsMonitoringEffect":{"type":"String","metadata":{"displayName":"Storage
accounts should be migrated to new Azure Resource Manager resources","description":"Enable
@@ -1925,7 +2149,25 @@ interactions:
debugging should be turned off for Function App","description":"Enable or
disable the monitoring of remote debugging for Function App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppDisableRemoteDebuggingMonitoringEffect":{"type":"String","metadata":{"displayName":"Remote
debugging should be turned off for Web Application","description":"Enable
- or disable the monitoring of remote debugging for Web App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppDisableWebSocketsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
+ or disable the monitoring of remote debugging for Web App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppAuditFtpsMonitoringEffect":{"type":"String","metadata":{"displayName":"FTPS
+ should be required in your API App","description":"Enable FTPS enforcement
+ for enhanced security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"functionAppAuditFtpsMonitoringEffect":{"type":"String","metadata":{"displayName":"FTPS
+ should be required in your Function App","description":"Enable FTPS enforcement
+ for enhanced security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppAuditFtpsMonitoringEffect":{"type":"String","metadata":{"displayName":"FTPS
+ should be required in your Web App","description":"Enable FTPS enforcement
+ for enhanced security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppUseManagedIdentityMonitoringEffect":{"type":"String","metadata":{"displayName":"A
+ managed identity should be used in your API App","description":"Use a managed
+ identity for enhanced authentication security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"functionAppUseManagedIdentityMonitoringEffect":{"type":"String","metadata":{"displayName":"A
+ managed identity should be used in your Function App","description":"Use a
+ managed identity for enhanced authentication security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppUseManagedIdentityMonitoringEffect":{"type":"String","metadata":{"displayName":"A
+ managed identity should be used in your Web App","description":"Use a managed
+ identity for enhanced authentication security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppRequireLatestTlsMonitoringEffect":{"type":"String","metadata":{"displayName":"Latest
+ TLS version should be used in your API App","description":"Upgrade to the
+ latest TLS version"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"functionAppRequireLatestTlsMonitoringEffect":{"type":"String","metadata":{"displayName":"Latest
+ TLS version should be used in your Function App","description":"Upgrade to
+ the latest TLS version"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppRequireLatestTlsMonitoringEffect":{"type":"String","metadata":{"displayName":"Latest
+ TLS version should be used in your Web App","description":"Upgrade to the
+ latest TLS version"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppDisableWebSocketsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
disable web sockets for API App","description":"[Deprecated] Enable or disable
the monitoring of web sockets for API App","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"functionAppDisableWebSocketsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
disable web sockets for Function App","description":"[Deprecated] Enable or
@@ -2051,7 +2293,11 @@ interactions:
and control over the TDE Protector, increased security with an HSM-backed
external service, and promotion of separation of duties."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"containerBenchmarkMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities
in container security configurations should be remediated","description":"Enable
- or disable container benchmark monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssEndpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{"effect":{"value":"[parameters(''vmssEndpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInIoTHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInIoTHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInIoTHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceFabricMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"accessRulesInEventHubNamespaceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","parameters":{"effect":{"value":"[parameters(''accessRulesInEventHubNamespaceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"accessRulesInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d","parameters":{"effect":{"value":"[parameters(''accessRulesInEventHubMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"useRbacRulesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{"effect":{"value":"[parameters(''useRbacRulesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInStreamAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"secureTransferToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''secureTransferToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInSqlServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInSqlServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"namespaceAuthorizationRulesInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","parameters":{"effect":{"value":"[parameters(''namespaceAuthorizationRulesInServiceBusMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceBusMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInServiceBusRetentionDays'')]"}}},{"policyDefinitionReferenceId":"clusterProtectionLevelInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{"effect":{"value":"[parameters(''clusterProtectionLevelInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInSearchServiceRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInRedisCacheMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInRedisCacheMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInLogicAppsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInLogicAppsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInLogicAppsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInKeyVaultMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInKeyVaultMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInKeyVaultRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInEventHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInEventHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeStoreMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"classicStorageAccountsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{"effect":{"value":"[parameters(''classicStorageAccountsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"classicComputeVMsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''classicComputeVMsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"metricAlertsInBatchAccountPoolDeleteStart","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","parameters":{"effect":{"value":"[parameters(''metricAlertsInBatchAccountMonitoringEffect'')]"},"metricName":{"value":"PoolDeleteStartEvent"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInBatchAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInBatchAccountMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInBatchAccountRetentionDays'')]"}}},{"policyDefinitionReferenceId":"encryptionOfAutomationAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{"effect":{"value":"[parameters(''encryptionOfAutomationAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSelectiveAppServicesMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSelectiveAppServicesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''sqlDbEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAuditingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAuditingActionsAndGroupsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingActionsAndGroupsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"SqlServerAuditingRetentionDaysMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{"effect":{"value":"[parameters(''SqlServerAuditingRetentionDaysMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnSubnetsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnSubnetsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnVirtualMachinesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemConfigurationsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{"effect":{"value":"[parameters(''systemConfigurationsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"endpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{"effect":{"value":"[parameters(''endpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"serverVulnerabilityAssessment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''serverVulnerabilityAssessmentEffect'')]"}}},{"policyDefinitionReferenceId":"webApplicationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{"effect":{"value":"[parameters(''webApplicationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''nextGenerationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''sqlDbVulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbDataClassificationMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349","parameters":{"effect":{"value":"[parameters(''sqlDbDataClassificationMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateLessThanOwnersMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{"effect":{"value":"[parameters(''identityDesignateLessThanOwnersMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateMoreThanOneOwnerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{"effect":{"value":"[parameters(''identityDesignateMoreThanOneOwnerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''apiAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{"effect":{"value":"[parameters(''functionAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''webAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''apiAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"apiAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","parameters":{"effect":{"value":"[parameters(''apiAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5","parameters":{"effect":{"value":"[parameters(''functionAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vnetEnableDDoSProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{"effect":{"value":"[parameters(''vnetEnableDDoSProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityEmailsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityEmailsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityEmailsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityEmailsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityEmailAdminsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityEmailAdminsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceRbacEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''kubernetesServiceRbacEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServicePspEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94","parameters":{"effect":{"value":"[parameters(''kubernetesServicePspEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceVersionUpToDateMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{"effect":{"value":"[parameters(''kubernetesServiceVersionUpToDateMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceAuthorizedIPRangesEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e246bcf-5f6f-4f87-bc6f-775d4712c7ea","parameters":{"effect":{"value":"[parameters(''kubernetesServiceAuthorizedIPRangesEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"threatDetectionTypesOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{"effect":{"value":"[parameters(''threatDetectionTypesOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"threatDetectionTypesOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{"effect":{"value":"[parameters(''threatDetectionTypesOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToManagementPortsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{"effect":{"value":"[parameters(''restrictAccessToManagementPortsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToAppServicesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a833ff1-d297-4a0f-9944-888428f8e0ff","parameters":{"effect":{"value":"[parameters(''restrictAccessToAppServicesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableIPForwardingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744","parameters":{"effect":{"value":"[parameters(''disableIPForwardingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"containerBenchmarkMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{"effect":{"value":"[parameters(''containerBenchmarkMonitoringEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","type":"Microsoft.Authorization/policySetDefinitions","name":"1f3afdf9-d0c9-4c3d-847f-89da613e70a8"},{"properties":{"displayName":"Audit
+ or disable container benchmark monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"ASCDependencyAgentAuditWindowsEffect":{"type":"String","metadata":{"displayName":"Audit
+ Dependency Agent for Windows VMs monitoring","description":"Enable or disable
+ Dependency Agent for Windows VMs"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"ASCDependencyAgentAuditLinuxEffect":{"type":"String","metadata":{"displayName":"Audit
+ Dependency Agent for Linux VMs monitoring","description":"Enable or disable
+ Dependency Agent for Linux VMs"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssEndpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{"effect":{"value":"[parameters(''vmssEndpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInIoTHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInIoTHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInIoTHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceFabricMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"accessRulesInEventHubNamespaceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","parameters":{"effect":{"value":"[parameters(''accessRulesInEventHubNamespaceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"accessRulesInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d","parameters":{"effect":{"value":"[parameters(''accessRulesInEventHubMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"useRbacRulesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{"effect":{"value":"[parameters(''useRbacRulesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInStreamAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"secureTransferToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''secureTransferToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInSqlServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInSqlServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"namespaceAuthorizationRulesInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","parameters":{"effect":{"value":"[parameters(''namespaceAuthorizationRulesInServiceBusMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceBusMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInServiceBusRetentionDays'')]"}}},{"policyDefinitionReferenceId":"clusterProtectionLevelInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{"effect":{"value":"[parameters(''clusterProtectionLevelInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInSearchServiceRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInRedisCacheMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInRedisCacheMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInLogicAppsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInLogicAppsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInLogicAppsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInKeyVaultMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInKeyVaultMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInKeyVaultRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInEventHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInEventHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeStoreMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"classicStorageAccountsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{"effect":{"value":"[parameters(''classicStorageAccountsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"classicComputeVMsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''classicComputeVMsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInBatchAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInBatchAccountMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInBatchAccountRetentionDays'')]"}}},{"policyDefinitionReferenceId":"encryptionOfAutomationAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{"effect":{"value":"[parameters(''encryptionOfAutomationAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSelectiveAppServicesMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSelectiveAppServicesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''sqlDbEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAuditingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAuditingActionsAndGroupsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingActionsAndGroupsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"SqlServerAuditingRetentionDaysMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{"effect":{"value":"[parameters(''SqlServerAuditingRetentionDaysMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnSubnetsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnSubnetsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnVirtualMachinesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemConfigurationsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{"effect":{"value":"[parameters(''systemConfigurationsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"endpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{"effect":{"value":"[parameters(''endpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"serverVulnerabilityAssessment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''serverVulnerabilityAssessmentEffect'')]"}}},{"policyDefinitionReferenceId":"webApplicationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{"effect":{"value":"[parameters(''webApplicationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''nextGenerationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''sqlDbVulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbDataClassificationMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349","parameters":{"effect":{"value":"[parameters(''sqlDbDataClassificationMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateLessThanOwnersMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{"effect":{"value":"[parameters(''identityDesignateLessThanOwnersMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateMoreThanOneOwnerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{"effect":{"value":"[parameters(''identityDesignateMoreThanOneOwnerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''apiAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{"effect":{"value":"[parameters(''functionAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''webAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppAuditFtpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5","parameters":{"effect":{"value":"[parameters(''apiAppAuditFtpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppAuditFtpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","parameters":{"effect":{"value":"[parameters(''webAppAuditFtpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppAuditFtpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15","parameters":{"effect":{"value":"[parameters(''functionAppAuditFtpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppUseManagedIdentityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","parameters":{"effect":{"value":"[parameters(''apiAppUseManagedIdentityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppUseManagedIdentityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332","parameters":{"effect":{"value":"[parameters(''webAppUseManagedIdentityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppUseManagedIdentityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f","parameters":{"effect":{"value":"[parameters(''functionAppUseManagedIdentityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{"effect":{"value":"[parameters(''apiAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{"effect":{"value":"[parameters(''webAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{"effect":{"value":"[parameters(''functionAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''apiAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"apiAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","parameters":{"effect":{"value":"[parameters(''apiAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5","parameters":{"effect":{"value":"[parameters(''functionAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vnetEnableDDoSProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{"effect":{"value":"[parameters(''vnetEnableDDoSProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityEmailsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityEmailsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityEmailsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityEmailsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityEmailAdminsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityEmailAdminsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceRbacEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''kubernetesServiceRbacEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServicePspEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94","parameters":{"effect":{"value":"[parameters(''kubernetesServicePspEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceVersionUpToDateMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{"effect":{"value":"[parameters(''kubernetesServiceVersionUpToDateMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceAuthorizedIPRangesEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e246bcf-5f6f-4f87-bc6f-775d4712c7ea","parameters":{"effect":{"value":"[parameters(''kubernetesServiceAuthorizedIPRangesEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"threatDetectionTypesOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{"effect":{"value":"[parameters(''threatDetectionTypesOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"threatDetectionTypesOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{"effect":{"value":"[parameters(''threatDetectionTypesOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToManagementPortsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{"effect":{"value":"[parameters(''restrictAccessToManagementPortsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToAppServicesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a833ff1-d297-4a0f-9944-888428f8e0ff","parameters":{"effect":{"value":"[parameters(''restrictAccessToAppServicesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableIPForwardingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744","parameters":{"effect":{"value":"[parameters(''disableIPForwardingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"containerBenchmarkMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{"effect":{"value":"[parameters(''containerBenchmarkMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ASCDependencyAgentAuditWindowsEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2f2ee1de-44aa-4762-b6bd-0893fc3f306d","parameters":{"effect":{"value":"[parameters(''ASCDependencyAgentAuditWindowsEffect'')]"}}},{"policyDefinitionReferenceId":"ASCDependencyAgentAuditLinuxEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/04c4380f-3fae-46e8-96c9-30193528f602","parameters":{"effect":{"value":"[parameters(''ASCDependencyAgentAuditLinuxEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","type":"Microsoft.Authorization/policySetDefinitions","name":"1f3afdf9-d0c9-4c3d-847f-89da613e70a8"},{"properties":{"displayName":"Audit
Windows VMs that do not have the specified applications installed","policyType":"BuiltIn","description":"This
initiative deploys the policy requirements and audits Windows virtual machines
that do not have the specified applications installed. For more information
@@ -2067,7 +2313,7 @@ interactions:
Additional policies will be added in upcoming releases. For more information,
please visit https://aka.ms/ukofficial-blueprint and https://aka.ms/uknhs-blueprint","metadata":{"category":"Regulatory
Compliance"},"parameters":{"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"List
- of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmEtcPasswdFilePermissionsAreSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnauditedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVmDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorVmVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"AuditEnablementOfEncryptionOfAutomationAccountVariables","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{}},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"AuditTheSettingOfClusterprotectionlevelPropertyToEncryptandsignInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{}},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditVMsThatDoNotUseManagedDisks","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/3937f550-eedd-4639-9c5e-294358be442e","type":"Microsoft.Authorization/policySetDefinitions","name":"3937f550-eedd-4639-9c5e-294358be442e"},{"properties":{"displayName":"[Preview]:
+ of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmEtcPasswdFilePermissionsAreSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"DeployPrerequisitesAuditLinuxVmEtcPasswdFilePermissionsAreSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnauditedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVmDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorVmVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"AuditEnablementOfEncryptionOfAutomationAccountVariables","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{}},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AuditTheSettingOfClusterprotectionlevelPropertyToEncryptandsignInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditVMsThatDoNotUseManagedDisks","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{}},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{}},{"policyDefinitionReferenceId":"AuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"AuditVulnerabilityAssessmentShouldBeEnabledOnSQLServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{}},{"policyDefinitionReferenceId":"AuditVulnerabilityAssessmentShouldBeEnabledOnSQLManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"AudtiAdvancedThreatProtectionTypesAllInSQLManagedInstanceAdvancedDataSecuritySettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{}},{"policyDefinitionReferenceId":"AudtiAdvancedThreatProtectionTypesAllInSQLServerAdvancedDataSecuritySettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{}},{"policyDefinitionReferenceId":"TheNsGsRulesForWebApplicationsOnIaaSShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"MonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"MonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"AuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"MonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingsScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/3937f550-eedd-4639-9c5e-294358be442e","type":"Microsoft.Authorization/policySetDefinitions","name":"3937f550-eedd-4639-9c5e-294358be442e"},{"properties":{"displayName":"[Preview]:
Audit SWIFT CSP-CSCF v2020 controls and deploy specific VM Extensions to support
audit requirements","policyType":"BuiltIn","description":"This initiative
includes audit and VM Extension deployment policies that address a subset
@@ -2250,43 +2496,233 @@ interactions:
machines with older versions on which Windows Defender Exploit Guard is not
available (such as Windows Server 2012 R2) non-compliant. Setting this value
to ''Compliant'' will make these machines compliant."},"allowedValues":["Compliant","Non-Compliant"],"defaultValue":"Non-Compliant"}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_WindowsDefenderExploitGuard","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a7a2bcf-f9be-4e35-9734-4f9657a70f1d","parameters":{"NotAvailableMachineState":{"value":"[parameters(''NotAvailableMachineState'')]"}}},{"policyDefinitionReferenceId":"Audit_WindowsDefenderExploitGuard","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/9d2fd8e6-95c8-410d-add0-43ada4241574","type":"Microsoft.Authorization/policySetDefinitions","name":"9d2fd8e6-95c8-410d-add0-43ada4241574"},{"properties":{"displayName":"Audit
- Windows Server VMs on which Windows Serial Console is not enabled","policyType":"BuiltIn","description":"This
- initiative deploys the policy requirements and audits Windows Server virtual
- machines on which Windows Serial Console is not enabled. For more information
- on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"parameters":{"EMSPortNumber":{"type":"String","metadata":{"displayName":"EMS
- Port Number","description":"An integer indicating the COM port to be used
- for the Emergency Management Services (EMS) console redirection. For more
- information on EMS settings, please visit https://aka.ms/gcpolwsc"},"allowedValues":["1","2","3","4"],"defaultValue":"1"},"EMSBaudRate":{"type":"String","metadata":{"displayName":"EMS
- Baud Rate","description":"An integer indicating the baud rate to be used for
- the Emergency Management Services (EMS) console redirection. For more information
- on EMS settings, please visit https://aka.ms/gcpolwsc"},"allowedValues":["9600","19200","38400","57600","115200"],"defaultValue":"115200"}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_WindowsSerialConsole","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a031c68-d6ab-406e-a506-697a19c634b0","parameters":{"EMSPortNumber":{"value":"[parameters(''EMSPortNumber'')]"},"EMSBaudRate":{"value":"[parameters(''EMSBaudRate'')]"}}},{"policyDefinitionReferenceId":"Audit_WindowsSerialConsole","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d7ccd0ca-8d78-42af-a43d-6b7f928accbc"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/acb6cd8e-45f5-466f-b3cb-ff6fce525f71","type":"Microsoft.Authorization/policySetDefinitions","name":"acb6cd8e-45f5-466f-b3cb-ff6fce525f71"},{"properties":{"displayName":"Audit
- Windows VMs in which the Administrators group contains any of the specified
- members","policyType":"BuiltIn","description":"This initiative deploys the
- policy requirements and audits Windows virtual machines in which the Administrators
- group contains any of the specified members. For more information on Guest
- Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"parameters":{"MembersToExclude":{"type":"String","metadata":{"displayName":"Members
- to exclude","description":"A semicolon-separated list of members that should
- be excluded in the Administrators local group. Ex: Administrator; myUser1;
- myUser2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_AdministratorsGroupMembersToExclude","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","parameters":{"MembersToExclude":{"value":"[parameters(''MembersToExclude'')]"}}},{"policyDefinitionReferenceId":"Audit_AdministratorsGroupMembersToExclude","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/add1999e-a61c-46d3-b8c3-f35fb8398175","type":"Microsoft.Authorization/policySetDefinitions","name":"add1999e-a61c-46d3-b8c3-f35fb8398175"},{"properties":{"displayName":"[Preview]:
- Audit Windows VMs that contain certificates expiring within the specified
- number of days","policyType":"BuiltIn","description":"This initiative deploys
- the policy requirements and audits Windows virtual machines that contain certificates
- expiring within the specified number of days. For more information on Guest
- Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"parameters":{"CertificateStorePath":{"type":"String","metadata":{"displayName":"Certificate
- store path","description":"The path to the certificate store containing the
- certificates to check the expiration dates of. Default value is ''Cert:''
- which is the root certificate store path, so all certificates on the machine
- will be checked. Other example paths: ''Cert:\\LocalMachine'', ''Cert:\\LocalMachine\\TrustedPublisher'',
- ''Cert:\\CurrentUser''"},"defaultValue":"Cert:"},"ExpirationLimitInDays":{"type":"String","metadata":{"displayName":"Expiration
- limit in days","description":"An integer indicating the number of days within
- which to check for certificates that are expiring. For example, if this value
- is 30, any certificate expiring within the next 30 days will cause this policy
- to be non-compliant."},"defaultValue":"30"},"CertificateThumbprintsToInclude":{"type":"String","metadata":{"displayName":"Certificate
- thumbprints to include","description":"A semicolon-separated list of certificate
- thumbprints to check under the specified path. If a value is not specified,
+ HITRUST/HIPAA controls and deploy specific VM Extensions to support audit
+ requirements","policyType":"BuiltIn","description":"This initiative includes
+ policies that address a subset of HITRUST/HIPAA controls. Additional policies
+ will be added in upcoming releases. https://aka.ms/hipaa-blueprint","metadata":{"category":"Regulatory
+ Compliance"},"parameters":{"installedApplicationsOnWindowsVM":{"type":"String","metadata":{"displayName":"Application
+ names (supports wildcards)","description":"A semicolon-separated list of the
+ names of the applications that should be installed. e.g. ''Microsoft SQL Server
+ 2014 (64-bit); Microsoft Visual Studio Code'' or ''Microsoft SQL Server 2014*''
+ (to match any application starting with ''Microsoft SQL Server 2014'')"}},"DeployDiagnosticSettingsforNetworkSecurityGroupsstoragePrefix":{"type":"String","metadata":{"displayName":"Storage
+ Account Prefix for Regional Storage Account to deploy diagnostic settings
+ for Network Security Groups","description":"This prefix will be combined with
+ the network security group location to form the created storage account name."}},"DeployDiagnosticSettingsforNetworkSecurityGroupsrgName":{"type":"String","metadata":{"displayName":"Resource
+ Group Name for Storage Account (must exist) to deploy diagnostic settings
+ for Network Security Groups","description":"The resource group that the storage
+ account will be created in. This resource group must already exist.","strongType":"ExistingResourceGroups"}},"diagnosticsLogsInBatchAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Batch accounts should be enabled","description":"Enable or disable
+ the monitoring of diagnostic logs in Batch accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInBatchAccountRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (in days) for logs in Batch accounts","description":"The required
+ diagnostic logs retention period in days"},"defaultValue":"365"},"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect":{"type":"String","metadata":{"displayName":"SQL
+ managed instance TDE protector should be encrypted with your own key","description":"Enable
+ or disable the monitoring of Transparent Data Encryption (TDE) with your own
+ key support. TDE with your own key support provides increased transparency
+ and control over the TDE Protector, increased security with an HSM-backed
+ external service, and promotion of separation of duties."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diskEncryptionMonitoringEffect":{"type":"String","metadata":{"displayName":"Disk
+ encryption should be applied on virtual machines","description":"Enable or
+ disable the monitoring for VM disk encryption"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInSearchServiceMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Search services should be enabled","description":"Enable or disable
+ the monitoring of diagnostic logs in Azure Search service"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInSearchServiceRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (in days) of logs in Azure Search service","description":"The required
+ diagnostic logs retention period in days"},"defaultValue":"365"},"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerability
+ assessment should be enabled on your SQL managed instances","description":"Audit
+ SQL managed instances which do not have recurring vulnerability assessment
+ scans enabled. Vulnerability assessment can discover, track, and help you
+ remediate potential database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vulnerabilityAssesmentMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities
+ should be remediated by a Vulnerability Assessment solution","description":"Enable
+ or disable the detection of VM vulnerabilities by a vulnerability assessment
+ solution"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"EnableInsecureGuestLogons":{"type":"String","metadata":{"displayName":"Enable
+ insecure guest logons","description":"Specifies whether the SMB client will
+ allow insecure guest logons to an SMB server."},"defaultValue":"0"},"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain":{"type":"String","metadata":{"displayName":"Allow
+ simultaneous connections to the Internet or a Windows Domain","description":"Specify
+ whether to prevent computers from connecting to both a domain based network
+ and a non-domain based network at the same time. A value of 0 allows simultaneous
+ connections, and a value of 1 blocks them."},"defaultValue":"1"},"TurnOffMulticastNameResolution":{"type":"String","metadata":{"displayName":"Turn
+ off multicast name resolution","description":"Specifies whether LLMNR, a secondary
+ name resolution protocol that transmits using multicast over a local subnet
+ link on a single subnet, is enabled."},"defaultValue":"1"},"nextGenerationFirewallMonitoringEffect":{"type":"String","metadata":{"displayName":"Access
+ through Internet facing endpoint should be restricted","description":"Enable
+ or disable overly permissive inbound NSG rules monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect":{"type":"String","metadata":{"displayName":"SQL
+ server TDE protector should be encrypted with your own key","description":"Enable
+ or disable the monitoring of Transparent Data Encryption (TDE) with your own
+ key support. TDE with your own key support provides increased transparency
+ and control over the TDE Protector, increased security with an HSM-backed
+ external service, and promotion of separation of duties."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppDisableRemoteDebuggingMonitoringEffect":{"type":"String","metadata":{"displayName":"Remote
+ debugging should be turned off for API App","description":"Enable or disable
+ the monitoring of remote debugging for API App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"classicComputeVMsMonitoringEffect":{"type":"String","metadata":{"displayName":"Virtual
+ machines should be migrated to new Azure Resource Manager resources","description":"Enable
+ or disable the monitoring of classic compute VMs"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"disableUnrestrictedNetworkToStorageAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Audit
+ unrestricted network access to storage accounts","description":"Enable or
+ disable the monitoring of network access to storage account"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"adaptiveApplicationControlsMonitoringEffect":{"type":"String","metadata":{"displayName":"Adaptive
+ Application Controls should be enabled on virtual machines","description":"Enable
+ or disable the monitoring of application whitelisting in Azure Security Center"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"NetworkAccessRemotelyAccessibleRegistryPaths":{"type":"String","metadata":{"displayName":"Network
+ access: Remotely accessible registry paths","description":"Specifies which
+ registry paths will be accessible over the network, regardless of the users
+ or groups listed in the access control list (ACL) of the `winreg` registry
+ key."},"defaultValue":"System\\CurrentControlSet\\Control\\ProductOptions|#|System\\CurrentControlSet\\Control\\Server
+ Applications|#|Software\\Microsoft\\Windows NT\\CurrentVersion"},"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths":{"type":"String","metadata":{"displayName":"Network
+ access: Remotely accessible registry paths and sub-paths","description":"Specifies
+ which registry paths and sub-paths will be accessible over the network, regardless
+ of the users or groups listed in the access control list (ACL) of the `winreg`
+ registry key."},"defaultValue":"System\\CurrentControlSet\\Control\\Print\\Printers|#|System\\CurrentControlSet\\Services\\Eventlog|#|Software\\Microsoft\\OLAP
+ Server|#|Software\\Microsoft\\Windows NT\\CurrentVersion\\Print|#|Software\\Microsoft\\Windows
+ NT\\CurrentVersion\\Windows|#|System\\CurrentControlSet\\Control\\ContentIndex|#|System\\CurrentControlSet\\Control\\Terminal
+ Server|#|System\\CurrentControlSet\\Control\\Terminal Server\\UserConfig|#|System\\CurrentControlSet\\Control\\Terminal
+ Server\\DefaultUserConfiguration|#|Software\\Microsoft\\Windows NT\\CurrentVersion\\Perflib|#|System\\CurrentControlSet\\Services\\SysmonLog"},"NetworkAccessSharesThatCanBeAccessedAnonymously":{"type":"String","metadata":{"displayName":"Network
+ access: Shares that can be accessed anonymously","description":"Specifies
+ which network shares can be accessed by anonymous users. The default configuration
+ for this policy setting has little effect because all users have to be authenticated
+ before they can access shared resources on the server."},"defaultValue":"0"},"webAppDisableRemoteDebuggingMonitoringEffect":{"type":"String","metadata":{"displayName":"Remote
+ debugging should be turned off for Web Application","description":"Enable
+ or disable the monitoring of remote debugging for Web App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppEnforceHttpsMonitoringEffectV2":{"type":"String","metadata":{"displayName":"API
+ App should only be accessible over HTTPS V2","description":"Enable or disable
+ the monitoring of the use of HTTPS in API App V2"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"identityEnableMFAForWritePermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled accounts with write permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with write permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"jitNetworkAccessMonitoringEffect":{"type":"String","metadata":{"displayName":"Just-In-Time
+ network access control should be applied on virtual machines","description":"Enable
+ or disable the monitoring of network just In time access"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled on accounts with owner permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with owner permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"kubernetesServiceRbacEnabledMonitoringEffect":{"type":"String","metadata":{"displayName":"Role-Based
+ Access Control (RBAC) should be used on Kubernetes Services","description":"Enable
+ or disable the monitoring of Kubernetes Services without RBAC enabled"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"restrictAccessToManagementPortsMonitoringEffect":{"type":"String","metadata":{"displayName":"Management
+ ports should be closed on your virtual machines","description":"Enable or
+ disable the monitoring of open management ports on Virtual Machines"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vmssOsVulnerabilitiesMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities
+ in security configuration on your virtual machine scale sets should be remediated","description":"Enable
+ or disable virtual machine scale sets OS vulnerabilities monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInEventHubMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Event Hub should be enabled","description":"Enable or disable the
+ monitoring of diagnostic logs in Event Hub accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInEventHubRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (in days) of logs in Event Hub accounts","description":"The required
+ diagnostic logs retention period in days"},"defaultValue":"365"},"vmssSystemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"System
+ updates on virtual machine scale sets should be installed","description":"Enable
+ or disable virtual machine scale sets reporting of system updates"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInServiceFabricMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Virtual Machine Scale Sets should be enabled","description":"Enable
+ or disable the monitoring of diagnostic logs in Service Fabric"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"systemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"System
+ updates should be installed on your machines","description":"Enable or disable
+ reporting of system updates"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"DeployAzureBaselineSecurityOptionsAccountsAccountsGuestAccountStatus":{"type":"String","metadata":{"displayName":"Accounts:
+ Guest account status","description":"Specifies whether the local Guest account
+ is disabled."},"defaultValue":"0"},"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"type":"String","metadata":{"displayName":"Recovery
+ console: Allow floppy copy and access to all drives and all folders","description":"Specifies
+ whether to make the Recovery Console SET command available, which allows setting
+ of recovery console environment variables."},"defaultValue":"0"},"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"type":"String","metadata":{"displayName":"Audit:
+ Shut down system immediately if unable to log security audits","description":"Audits
+ if the system will shut down when unable to log Security events."},"defaultValue":"0"},"DeployAzureBaselineSystemAuditPoliciesDetailedTrackingAuditProcessTermination":{"type":"String","metadata":{"displayName":"Audit
+ Process Termination","description":"Specifies whether audit events are generated
+ when a process has exited. Recommended for monitoring termination of critical
+ processes."},"allowedValues":["No Auditing","Success","Failure","Success and
+ Failure"],"defaultValue":"No Auditing"},"WindowsFirewallDomainUseProfileSettings":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Use profile settings","description":"Specifies whether
+ Windows Firewall with Advanced Security uses the settings for the Domain profile
+ to filter network traffic. If you select Off, Windows Firewall with Advanced
+ Security will not use any of the firewall rules or connection security rules
+ for this profile."},"defaultValue":"1"},"WindowsFirewallDomainBehaviorForOutboundConnections":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Behavior for outbound connections","description":"Specifies
+ the behavior for outbound connections for the Domain profile that do not match
+ an outbound firewall rule. The default value of 0 means to allow connections,
+ and a value of 1 means to block connections."},"defaultValue":"0"},"WindowsFirewallDomainApplyLocalConnectionSecurityRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Apply local connection security rules","description":"Specifies
+ whether local administrators are allowed to create connection security rules
+ that apply together with connection security rules configured by Group Policy
+ for the Domain profile."},"defaultValue":"1"},"WindowsFirewallDomainApplyLocalFirewallRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Apply local firewall rules","description":"Specifies whether
+ local administrators are allowed to create local firewall rules that apply
+ together with firewall rules configured by Group Policy for the Domain profile."},"defaultValue":"1"},"WindowsFirewallDomainDisplayNotifications":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Display notifications","description":"Specifies whether
+ Windows Firewall with Advanced Security displays notifications to the user
+ when a program is blocked from receiving inbound connections, for the Domain
+ profile."},"defaultValue":"1"},"WindowsFirewallPrivateUseProfileSettings":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Use profile settings","description":"Specifies whether
+ Windows Firewall with Advanced Security uses the settings for the Private
+ profile to filter network traffic. If you select Off, Windows Firewall with
+ Advanced Security will not use any of the firewall rules or connection security
+ rules for this profile."},"defaultValue":"1"},"WindowsFirewallPrivateBehaviorForOutboundConnections":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Behavior for outbound connections","description":"Specifies
+ the behavior for outbound connections for the Private profile that do not
+ match an outbound firewall rule. The default value of 0 means to allow connections,
+ and a value of 1 means to block connections."},"defaultValue":"0"},"WindowsFirewallPrivateApplyLocalConnectionSecurityRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Apply local connection security rules","description":"Specifies
+ whether local administrators are allowed to create connection security rules
+ that apply together with connection security rules configured by Group Policy
+ for the Private profile."},"defaultValue":"1"},"WindowsFirewallPrivateApplyLocalFirewallRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Apply local firewall rules","description":"Specifies whether
+ local administrators are allowed to create local firewall rules that apply
+ together with firewall rules configured by Group Policy for the Private profile."},"defaultValue":"1"},"WindowsFirewallPrivateDisplayNotifications":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Display notifications","description":"Specifies whether
+ Windows Firewall with Advanced Security displays notifications to the user
+ when a program is blocked from receiving inbound connections, for the Private
+ profile."},"defaultValue":"1"},"WindowsFirewallPublicUseProfileSettings":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Use profile settings","description":"Specifies whether
+ Windows Firewall with Advanced Security uses the settings for the Public profile
+ to filter network traffic. If you select Off, Windows Firewall with Advanced
+ Security will not use any of the firewall rules or connection security rules
+ for this profile."},"defaultValue":"1"},"WindowsFirewallPublicBehaviorForOutboundConnections":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Behavior for outbound connections","description":"Specifies
+ the behavior for outbound connections for the Public profile that do not match
+ an outbound firewall rule. The default value of 0 means to allow connections,
+ and a value of 1 means to block connections."},"defaultValue":"0"},"WindowsFirewallPublicApplyLocalConnectionSecurityRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Apply local connection security rules","description":"Specifies
+ whether local administrators are allowed to create connection security rules
+ that apply together with connection security rules configured by Group Policy
+ for the Public profile."},"defaultValue":"1"},"WindowsFirewallPublicApplyLocalFirewallRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Apply local firewall rules","description":"Specifies whether
+ local administrators are allowed to create local firewall rules that apply
+ together with firewall rules configured by Group Policy for the Public profile."},"defaultValue":"1"},"WindowsFirewallPublicDisplayNotifications":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Display notifications","description":"Specifies whether
+ Windows Firewall with Advanced Security displays notifications to the user
+ when a program is blocked from receiving inbound connections, for the Public
+ profile."},"defaultValue":"1"},"WindowsFirewallDomainAllowUnicastResponse":{"type":"String","metadata":{"displayName":"Windows
+ Firewall: Domain: Allow unicast response","description":"Specifies whether
+ Windows Firewall with Advanced Security permits the local computer to receive
+ unicast responses to its outgoing multicast or broadcast messages; for the
+ Domain profile."},"defaultValue":"0"},"WindowsFirewallPrivateAllowUnicastResponse":{"type":"String","metadata":{"displayName":"Windows
+ Firewall: Private: Allow unicast response","description":"Specifies whether
+ Windows Firewall with Advanced Security permits the local computer to receive
+ unicast responses to its outgoing multicast or broadcast messages; for the
+ Private profile."},"defaultValue":"0"},"WindowsFirewallPublicAllowUnicastResponse":{"type":"String","metadata":{"displayName":"Windows
+ Firewall: Public: Allow unicast response","description":"Specifies whether
+ Windows Firewall with Advanced Security permits the local computer to receive
+ unicast responses to its outgoing multicast or broadcast messages; for the
+ Public profile."},"defaultValue":"1"},"CertificateThumbprints":{"type":"String","metadata":{"displayName":"Certificate
+ thumbprints","description":"A semicolon-separated list of certificate thumbprints
+ that should exist under the Trusted Root certificate store (Cert:\\LocalMachine\\Root).
+ e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"DeploydefaultMicrosoftIaaSAntimalwareextensionforWindowsServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc","parameters":{}},{"policyDefinitionReferenceId":"diagnosticsLogsInBatchAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInBatchAccountMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInBatchAccountRetentionDays'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"RequireencryptiononDataLakeStoreaccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a","parameters":{}},{"policyDefinitionReferenceId":"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"AuditSQLTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"Deploy_InstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6","parameters":{"installedApplication":{"value":"[parameters(''installedApplicationsOnWindowsVM'')]"}}},{"policyDefinitionReferenceId":"Audit_InstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9","parameters":{}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21e2995e-683e-497a-9e81-2f42ad07050a","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/498b810c-59cd-4222-9338-352ba146ccf3","parameters":{"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"value":"[parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SystemAuditPoliciesAccountManagement","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/225e937e-d32e-4713-ab74-13ce95b3519a","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SystemAuditPoliciesAccountManagement","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29","parameters":{}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SystemAuditPoliciesDetailedTracking","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9a33475-481d-4b81-9116-0bf02ffe67e8","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SystemAuditPoliciesDetailedTracking","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/42a07bbf-ffcf-459a-b4b1-30ecd118a505","parameters":{"AuditProcessTermination":{"value":"[parameters(''DeployAzureBaselineSystemAuditPoliciesDetailedTrackingAuditProcessTermination'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInSearchServiceRetentionDays'')]"}}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsMicrosoftNetworkServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6fe4ef56-7576-4dc4-8e9c-26bad4b087ce","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsMicrosoftNetworkServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86880e5c-df35-43c5-95ad-7e120635775e","parameters":{}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_AdministrativeTemplatesNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7229bd6a-693d-478a-87f0-1dc1af06f3b8","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_AdministrativeTemplatesNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/985285b7-b97a-419c-8d48-c88cc934c8d8","parameters":{"EnableInsecureGuestLogons":{"value":"[parameters(''EnableInsecureGuestLogons'')]"},"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain":{"value":"[parameters(''AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain'')]"},"TurnOffMulticastNameResolution":{"value":"[parameters(''TurnOffMulticastNameResolution'')]"}}},{"policyDefinitionReferenceId":"Deploynetworkwatcherwhenvirtualnetworksarecreated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9","parameters":{}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_WindowsFirewallProperties","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8bbd627e-4d25-4906-9a6e-3789780af3ec","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_WindowsFirewallProperties","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/909c958d-1b99-4c74-b88f-46a5c5bc34f9","parameters":{"WindowsFirewallDomainUseProfileSettings":{"value":"[parameters(''WindowsFirewallDomainUseProfileSettings'')]"},"WindowsFirewallDomainBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallDomainBehaviorForOutboundConnections'')]"},"WindowsFirewallDomainApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallDomainApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalFirewallRules'')]"},"WindowsFirewallDomainDisplayNotifications":{"value":"[parameters(''WindowsFirewallDomainDisplayNotifications'')]"},"WindowsFirewallPrivateUseProfileSettings":{"value":"[parameters(''WindowsFirewallPrivateUseProfileSettings'')]"},"WindowsFirewallPrivateBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPrivateBehaviorForOutboundConnections'')]"},"WindowsFirewallPrivateApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallPrivateApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalFirewallRules'')]"},"WindowsFirewallPrivateDisplayNotifications":{"value":"[parameters(''WindowsFirewallPrivateDisplayNotifications'')]"},"WindowsFirewallPublicUseProfileSettings":{"value":"[parameters(''WindowsFirewallPublicUseProfileSettings'')]"},"WindowsFirewallPublicBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPublicBehaviorForOutboundConnections'')]"},"WindowsFirewallPublicApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallPublicApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalFirewallRules'')]"},"WindowsFirewallPublicDisplayNotifications":{"value":"[parameters(''WindowsFirewallPublicDisplayNotifications'')]"},"WindowsFirewallDomainAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallDomainAllowUnicastResponse'')]"},"WindowsFirewallPrivateAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPrivateAllowUnicastResponse'')]"},"WindowsFirewallPublicAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPublicAllowUnicastResponse'')]"}}},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''nextGenerationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''apiAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"classicComputeVMsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''classicComputeVMsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"DeployDiagnosticSettingsforNetworkSecurityGroups","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89","parameters":{"storagePrefix":{"value":"[parameters(''DeployDiagnosticSettingsforNetworkSecurityGroupsstoragePrefix'')]"},"rgName":{"value":"[parameters(''DeployDiagnosticSettingsforNetworkSecurityGroupsrgName'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsNetworkAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30040dab-4e75-4456-8273-14b8f75d91d9","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsNetworkAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f56a3ab2-89d1-44de-ac0d-2ada5962e22a","parameters":{"NetworkAccessRemotelyAccessibleRegistryPaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPaths'')]"},"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths'')]"},"NetworkAccessSharesThatCanBeAccessedAnonymously":{"value":"[parameters(''NetworkAccessSharesThatCanBeAccessedAnonymously'')]"}}},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''webAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"AuditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"Audit_WindowsCertificateInTrustedRoot","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b9ad83-000d-4dc1-bff0-6d54533dd03f","parameters":{}},{"policyDefinitionReferenceId":"Deploy_WindowsCertificateInTrustedRoot","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/106ccbe4-a791-4f33-a44a-06796944b8d5","parameters":{"CertificateThumbprints":{"value":"[parameters(''CertificateThumbprints'')]"}}},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''apiAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceRbacEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''kubernetesServiceRbacEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b872a447-cc6f-43b9-bccf-45703cd81607","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e5b81f87-9185-4224-bf00-9f505e9f89f3","parameters":{"AccountsGuestAccountStatus":{"value":"[parameters(''DeployAzureBaselineSecurityOptionsAccountsAccountsGuestAccountStatus'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToManagementPortsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{"effect":{"value":"[parameters(''restrictAccessToManagementPortsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInEventHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInEventHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceFabricMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsRecoveryconsole","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b"},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsRecoveryconsole","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b","parameters":{"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/a169a624-5599-4385-a696-c8d643089fab","type":"Microsoft.Authorization/policySetDefinitions","name":"a169a624-5599-4385-a696-c8d643089fab"},{"properties":{"displayName":"Audit
+ Windows Server VMs on which Windows Serial Console is not enabled","policyType":"BuiltIn","description":"This
+ initiative deploys the policy requirements and audits Windows Server virtual
+ machines on which Windows Serial Console is not enabled. For more information
+ on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"parameters":{"EMSPortNumber":{"type":"String","metadata":{"displayName":"EMS
+ Port Number","description":"An integer indicating the COM port to be used
+ for the Emergency Management Services (EMS) console redirection. For more
+ information on EMS settings, please visit https://aka.ms/gcpolwsc"},"allowedValues":["1","2","3","4"],"defaultValue":"1"},"EMSBaudRate":{"type":"String","metadata":{"displayName":"EMS
+ Baud Rate","description":"An integer indicating the baud rate to be used for
+ the Emergency Management Services (EMS) console redirection. For more information
+ on EMS settings, please visit https://aka.ms/gcpolwsc"},"allowedValues":["9600","19200","38400","57600","115200"],"defaultValue":"115200"}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_WindowsSerialConsole","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a031c68-d6ab-406e-a506-697a19c634b0","parameters":{"EMSPortNumber":{"value":"[parameters(''EMSPortNumber'')]"},"EMSBaudRate":{"value":"[parameters(''EMSBaudRate'')]"}}},{"policyDefinitionReferenceId":"Audit_WindowsSerialConsole","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d7ccd0ca-8d78-42af-a43d-6b7f928accbc"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/acb6cd8e-45f5-466f-b3cb-ff6fce525f71","type":"Microsoft.Authorization/policySetDefinitions","name":"acb6cd8e-45f5-466f-b3cb-ff6fce525f71"},{"properties":{"displayName":"Audit
+ Windows VMs in which the Administrators group contains any of the specified
+ members","policyType":"BuiltIn","description":"This initiative deploys the
+ policy requirements and audits Windows virtual machines in which the Administrators
+ group contains any of the specified members. For more information on Guest
+ Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"parameters":{"MembersToExclude":{"type":"String","metadata":{"displayName":"Members
+ to exclude","description":"A semicolon-separated list of members that should
+ be excluded in the Administrators local group. Ex: Administrator; myUser1;
+ myUser2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_AdministratorsGroupMembersToExclude","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","parameters":{"MembersToExclude":{"value":"[parameters(''MembersToExclude'')]"}}},{"policyDefinitionReferenceId":"Audit_AdministratorsGroupMembersToExclude","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/add1999e-a61c-46d3-b8c3-f35fb8398175","type":"Microsoft.Authorization/policySetDefinitions","name":"add1999e-a61c-46d3-b8c3-f35fb8398175"},{"properties":{"displayName":"[Preview]:
+ Audit Windows VMs that contain certificates expiring within the specified
+ number of days","policyType":"BuiltIn","description":"This initiative deploys
+ the policy requirements and audits Windows virtual machines that contain certificates
+ expiring within the specified number of days. For more information on Guest
+ Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"parameters":{"CertificateStorePath":{"type":"String","metadata":{"displayName":"Certificate
+ store path","description":"The path to the certificate store containing the
+ certificates to check the expiration dates of. Default value is ''Cert:''
+ which is the root certificate store path, so all certificates on the machine
+ will be checked. Other example paths: ''Cert:\\LocalMachine'', ''Cert:\\LocalMachine\\TrustedPublisher'',
+ ''Cert:\\CurrentUser''"},"defaultValue":"Cert:"},"ExpirationLimitInDays":{"type":"String","metadata":{"displayName":"Expiration
+ limit in days","description":"An integer indicating the number of days within
+ which to check for certificates that are expiring. For example, if this value
+ is 30, any certificate expiring within the next 30 days will cause this policy
+ to be non-compliant."},"defaultValue":"30"},"CertificateThumbprintsToInclude":{"type":"String","metadata":{"displayName":"Certificate
+ thumbprints to include","description":"A semicolon-separated list of certificate
+ thumbprints to check under the specified path. If a value is not specified,
all certificates under the certificate store path will be checked. If a value
is specified, no certificates other than those with the thumbprints specified
will be checked. e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3"},"defaultValue":""},"CertificateThumbprintsToExclude":{"type":"String","metadata":{"displayName":"Certificate
@@ -2348,7 +2784,81 @@ interactions:
Analytics workspace ID for VM agent reporting"}},"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"List
of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"listOfMembersToExcludeFromWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"List
of users excluded from Windows VM Administrators group"}},"listOfMembersToIncludeInWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"List
- of users that must be included in Windows VM Administrators group"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditCORSResourceAccessRestrictionsForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentMImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVMSSVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceforVMPreviewReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdforVMreporting'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditMaximumNumberOfOwnersForASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditMinimumNumberOfOwnersForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"PreviewAudiThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVMDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorVMVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"AuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de","parameters":{}},{"policyDefinitionReferenceId":"AuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a","parameters":{}},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingsScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{}},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","parameters":{"MembersToExclude":{"value":"[parameters(''listOfMembersToExcludeFromWindowsVMAdministratorsGroup'')]"}}},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","parameters":{"MembersToInclude":{"value":"[parameters(''listOfMembersToIncludeInWindowsVMAdministratorsGroup'')]"}}},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{}},{"policyDefinitionReferenceId":"TheNsGsRulesForWebApplicationsOnIaaSShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f","type":"Microsoft.Authorization/policySetDefinitions","name":"cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f"},{"properties":{"displayName":"[Preview]:
+ of users that must be included in Windows VM Administrators group"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(2)"]},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"PreviewAuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewAuditCORSResourceAccessRestrictionsForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4"]},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentMImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVMSSVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceforVMPreviewReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdforVMreporting'')]"}},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditMaximumNumberOfOwnersForASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"PreviewAuditMinimumNumberOfOwnersForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-5"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAudiThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3","NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3","NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(2)","NIST_SP_800-53_R4_CM-7(5)","NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"PreviewMonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)","NIST_SP_800-53_R4_SC-7(3)","NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVMDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"PreviewMonitorVMVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}},"groupNames":["NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-16","NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SC-28(1)","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-16","NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SC-28(1)","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"AuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"AuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingsScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)","NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","parameters":{"MembersToExclude":{"value":"[parameters(''listOfMembersToExcludeFromWindowsVMAdministratorsGroup'')]"}},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","parameters":{"MembersToInclude":{"value":"[parameters(''listOfMembersToIncludeInWindowsVMAdministratorsGroup'')]"}},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"TheNsGsRulesForWebApplicationsOnIaaSShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1000","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ef3cc79-733e-48ed-ab6f-7bf439e9b406","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-1"]},{"policyDefinitionReferenceId":"ACF1001","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e26f8c3-4bf3-4191-b8fc-d888805101b7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-1"]},{"policyDefinitionReferenceId":"ACF1002","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/632024c2-8079-439d-a7f6-90af1d78cc65","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1003","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b68b179-3704-4ff7-b51d-7d65374d165d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1004","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c17822dc-736f-4eb4-a97d-e6be662ff835","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1005","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b626abc-26d4-4e22-9de8-3831818526b1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1006","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aae8d54c-4bce-4c04-b3aa-5b65b67caac8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1007","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17200329-bf6c-46d8-ac6d-abf4641c2add","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1008","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8356cfc6-507a-4d20-b818-08038011cd07","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1009","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b26f8610-e615-47c2-abd6-c00b2b0b503a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1010","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/784663a8-1eb0-418a-a98c-24d19bc1bb62","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1011","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7e6a54f3-883f-43d5-87c4-172dfd64a1f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1012","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/efd7b9ae-1db6-4eb6-b0fe-87e6565f9738","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1013","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fd7b917-d83b-4379-af60-51e14e316c61","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(1)"]},{"policyDefinitionReferenceId":"ACF1014","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5dee936c-8037-4df1-ab35-6635733da48c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(2)"]},{"policyDefinitionReferenceId":"ACF1015","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/544a208a-9c3f-40bc-b1d1-d7e144495c14","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(3)"]},{"policyDefinitionReferenceId":"ACF1016","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d8b43277-512e-40c3-ab00-14b3b6e72238","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(4)"]},{"policyDefinitionReferenceId":"ACF1017","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0fc3db37-e59a-48c1-84e9-1780cedb409e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(5)"]},{"policyDefinitionReferenceId":"ACF1018","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9121abf-e698-4ee9-b1cf-71ee528ff07f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1019","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a3ee9b2-3977-459c-b8ce-2db583abd9f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1020","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b291ee8-3140-4cad-beb7-568c077c78ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1021","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a3eb0a3-428d-4669-baff-20a14eb4b551","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(9)"]},{"policyDefinitionReferenceId":"ACF1022","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/411f7e2d-9a0b-4627-a0b9-1700432db47d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(10)"]},{"policyDefinitionReferenceId":"ACF1023","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e55698b6-3dea-4aa9-99b9-d8218c6ab6e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(11)"]},{"policyDefinitionReferenceId":"ACF1024","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84914fb4-12da-4c53-a341-a9fd463bed10","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)"]},{"policyDefinitionReferenceId":"ACF1025","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/adfe020d-0a97-45f4-a39c-696ef99f3a95","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)"]},{"policyDefinitionReferenceId":"ACF1026","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/55419419-c597-4cd4-b51e-009fd2266783","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(13)"]},{"policyDefinitionReferenceId":"ACF1027","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-3"]},{"policyDefinitionReferenceId":"ACF1028","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f171df5c-921b-41e9-b12b-50801c315475","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4"]},{"policyDefinitionReferenceId":"ACF1029","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4(8)"]},{"policyDefinitionReferenceId":"ACF1030","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d3531453-b869-4606-9122-29c1cd6e7ed1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4(21)"]},{"policyDefinitionReferenceId":"ACF1031","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b93a801-fe25-4574-a60d-cb22acffae00","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1032","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa85661-d618-46b8-a20f-ca40a86f0751","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1033","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48540f01-fc11-411a-b160-42807c68896e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1034","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02a5ed00-6d2e-4e97-9a98-46c32c057329","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6"]},{"policyDefinitionReferenceId":"ACF1035","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ca94b046-45e2-444f-a862-dc8ce262a516","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(1)"]},{"policyDefinitionReferenceId":"ACF1036","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a16d673-8cf0-4dcf-b1d5-9b3e114fef71","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(2)"]},{"policyDefinitionReferenceId":"ACF1037","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa4c2a3d-1294-41a3-9ada-0e540471e9fb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(3)"]},{"policyDefinitionReferenceId":"ACF1038","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26692e88-71b7-4a5f-a8ac-9f31dd05bd8e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(5)"]},{"policyDefinitionReferenceId":"ACF1039","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3a7b9de4-a8a2-4672-914d-c5f6752aa7f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"ACF1040","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/54205576-cec9-463f-ba44-b4b3f5d0a84c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"ACF1041","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b3d8d15b-627a-4219-8c96-4d16f788888b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(8)"]},{"policyDefinitionReferenceId":"ACF1042","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/319dc4f0-0fed-4ac9-8fc3-7aeddee82c07","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(9)"]},{"policyDefinitionReferenceId":"ACF1043","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/361a77f6-0f9c-4748-8eec-bc13aaaa2455","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(10)"]},{"policyDefinitionReferenceId":"ACF1044","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0abbac52-57cf-450d-8408-1208d0dd9e90","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7"]},{"policyDefinitionReferenceId":"ACF1045","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/554d2dd6-f3a8-4ad5-b66f-5ce23bd18892","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7"]},{"policyDefinitionReferenceId":"ACF1046","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b1aa965-7502-41f9-92be-3e2fe7cc392a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7(2)"]},{"policyDefinitionReferenceId":"ACF1047","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1048","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/483e7ca9-82b3-45a2-be97-b93163a0deb7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1049","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9adf7ba7-900a-4f35-8d57-9f34aafc405c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1050","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd20184c-b4ec-4ce5-8db6-6e86352d183f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-10"]},{"policyDefinitionReferenceId":"ACF1051","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7cac6ee9-b58b-40c8-a5ce-f0efc3d9b339","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11"]},{"policyDefinitionReferenceId":"ACF1052","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/027cae1c-ec3e-4492-9036-4168d540c42a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11"]},{"policyDefinitionReferenceId":"ACF1053","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7582b19c-9dba-438e-aed8-ede59ac35ba3","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11(1)"]},{"policyDefinitionReferenceId":"ACF1054","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5807e1b4-ba5e-4718-8689-a0ca05a191b2","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12"]},{"policyDefinitionReferenceId":"ACF1055","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/769efd9b-3587-4e22-90ce-65ddcd5bd969","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12(1)"]},{"policyDefinitionReferenceId":"ACF1056","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac43352f-df83-4694-8738-cfce549fd08d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12(1)"]},{"policyDefinitionReferenceId":"ACF1057","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/78255758-6d45-4bf0-a005-7016bc03b13c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-14"]},{"policyDefinitionReferenceId":"ACF1058","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/76e85d08-8fbb-4112-a1c1-93521e6a9254","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-14"]},{"policyDefinitionReferenceId":"ACF1059","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a29b5d9f-4953-4afe-b560-203a6410b6b4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17"]},{"policyDefinitionReferenceId":"ACF1060","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34a987fd-2003-45de-a120-014956581f2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17"]},{"policyDefinitionReferenceId":"ACF1061","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ac22808-a2e8-41c4-9d46-429b50738914","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"ACF1062","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4708723f-e099-4af1-bbf9-b6df7642e444","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(2)"]},{"policyDefinitionReferenceId":"ACF1063","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/593ce201-54b2-4dd0-b34f-c308005d7780","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(3)"]},{"policyDefinitionReferenceId":"ACF1064","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb4d9508-cbf0-4a3c-bb5c-6c95b159f3fb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(4)"]},{"policyDefinitionReferenceId":"ACF1065","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f87b8085-dca9-4cf1-8f7b-9822b997797c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(4)"]},{"policyDefinitionReferenceId":"ACF1066","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4455c2e8-c65d-4acf-895e-304916f90b36","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(9)"]},{"policyDefinitionReferenceId":"ACF1067","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c5e54f6-0127-44d0-8b61-f31dc8dd6190","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18"]},{"policyDefinitionReferenceId":"ACF1068","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d045bca-a0fd-452e-9f41-4ec33769717c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18"]},{"policyDefinitionReferenceId":"ACF1069","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/91c97b44-791e-46e9-bad7-ab7c4949edbb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(1)"]},{"policyDefinitionReferenceId":"ACF1070","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68f837d0-8942-4b1e-9b31-be78b247bda8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(3)"]},{"policyDefinitionReferenceId":"ACF1071","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a437f5b-9ad6-4f28-8861-de404d511ae4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(4)"]},{"policyDefinitionReferenceId":"ACF1072","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1ca29e41-34ec-4e70-aba9-6248aca18c31","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(5)"]},{"policyDefinitionReferenceId":"ACF1073","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ab55cdb0-c7dd-4bd8-ae22-a7cea7594e9c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19"]},{"policyDefinitionReferenceId":"ACF1074","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/27a69937-af92-4198-9b86-08d355c7e59a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19"]},{"policyDefinitionReferenceId":"ACF1075","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fc933d22-04df-48ed-8f87-22a3773d4309","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19(5)"]},{"policyDefinitionReferenceId":"ACF1076","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/98a4bd5f-6436-46d4-ad00-930b5b1dfed4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20"]},{"policyDefinitionReferenceId":"ACF1077","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2dad3668-797a-412e-a798-07d3849a7a79","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20"]},{"policyDefinitionReferenceId":"ACF1078","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b25faf85-8a16-4f28-8e15-d05c0072d64d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(1)"]},{"policyDefinitionReferenceId":"ACF1079","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/85c32733-7d23-4948-88da-058e2c56b60f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(1)"]},{"policyDefinitionReferenceId":"ACF1080","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/852981b4-a380-4704-aa1e-2e52d63445e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(2)"]},{"policyDefinitionReferenceId":"ACF1081","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3867f2a9-23bb-4729-851f-c3ad98580caf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-21"]},{"policyDefinitionReferenceId":"ACF1082","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24d480ef-11a0-4b1b-8e70-4e023bf2be23","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-21"]},{"policyDefinitionReferenceId":"ACF1083","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e319cb6-2ca3-4a58-ad75-e67f484e50ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1084","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d0eb15db-dd1c-4d1d-b200-b12dd6cd060c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1085","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13d117e0-38b0-4bbb-aaab-563be5dd10ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1086","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb321e6f-16a0-4be3-878f-500956e309c5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1087","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/100c82ba-42e9-4d44-a2ba-94b209248583","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-1"]},{"policyDefinitionReferenceId":"ACF1088","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d50f99d-1356-49c0-934a-45f742ba7783","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-1"]},{"policyDefinitionReferenceId":"ACF1089","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef080e67-0d1a-4f76-a0c5-fb9b0358485e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1090","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2fb740e5-cbc7-4d10-8686-d1bf826652b1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1091","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b23bd715-5d1c-4e5c-9759-9cbdf79ded9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1092","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8a29d47b-8604-4667-84ef-90d203fcb305","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2(2)"]},{"policyDefinitionReferenceId":"ACF1093","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a0bdeeb-15f4-47e8-a1da-9f769f845fdf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1094","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4b1853e0-8973-446b-b567-09d901d31a09","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1095","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc3f6f7a-057b-433e-9834-e8c97b0194f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1096","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/420c1477-aa43-49d0-bd7e-c4abdd9addff","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3(3)"]},{"policyDefinitionReferenceId":"ACF1097","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf3e4836-f19e-47eb-a8cd-c3ca150452c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3(4)"]},{"policyDefinitionReferenceId":"ACF1098","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84363adb-dde3-411a-9fc1-36b56737f822","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-4"]},{"policyDefinitionReferenceId":"ACF1099","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01910bab-8639-4bd0-84ef-cc53b24d79ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-4"]},{"policyDefinitionReferenceId":"ACF1100","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4057863c-ca7d-47eb-b1e0-503580cba8a4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-1"]},{"policyDefinitionReferenceId":"ACF1101","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7327b708-f0e0-457d-9d2a-527fcc9c9a65","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-1"]},{"policyDefinitionReferenceId":"ACF1102","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9943c16a-c54c-4b4a-ad28-bfd938cdbf57","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1103","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16feeb31-6377-437e-bbab-d7f73911896d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1104","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdd8d244-18b2-4306-a1d1-df175ae0935f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1105","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b73f57b-587d-4470-a344-0b0ae805f459","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1106","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d2b4feae-61ab-423f-a4c5-0e38ac4464d8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2(3)"]},{"policyDefinitionReferenceId":"ACF1107","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b29ed931-8e21-4779-8458-27916122a904","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3"]},{"policyDefinitionReferenceId":"ACF1108","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9ad559e-c12d-415e-9a78-e50fdd7da7ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(1)"]},{"policyDefinitionReferenceId":"ACF1109","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7d9ffa23-ad92-4d0d-b1f4-7db274cc2aec","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)"]},{"policyDefinitionReferenceId":"ACF1110","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6182bfa7-0f2a-43f5-834a-a2ddf31c13c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-4"]},{"policyDefinitionReferenceId":"ACF1111","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21de687c-f15e-4e51-bf8d-f35c8619965b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5"]},{"policyDefinitionReferenceId":"ACF1112","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d530aad8-4ee2-45f4-b234-c061dae683c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5"]},{"policyDefinitionReferenceId":"ACF1113","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/562afd61-56be-4313-8fe4-b9564aa4ba7d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5(1)"]},{"policyDefinitionReferenceId":"ACF1114","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c090801-59bc-4454-bb33-e0455133486a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5(2)"]},{"policyDefinitionReferenceId":"ACF1115","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b653845-2ad9-4e09-a4f3-5a7c1d78353d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6"]},{"policyDefinitionReferenceId":"ACF1116","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e47bc51-35d1-44b8-92af-e2f2d8b67635","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6"]},{"policyDefinitionReferenceId":"ACF1117","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7fbfe680-6dbb-4037-963c-a621c5635902","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(1)"]},{"policyDefinitionReferenceId":"ACF1118","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a96f743d-a195-420d-983a-08aa06bc441e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(3)"]},{"policyDefinitionReferenceId":"ACF1119","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/845f6359-b764-4b40-b579-657aefe23c44","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(4)"]},{"policyDefinitionReferenceId":"ACF1120","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c69b870e-857b-458b-af02-bb234f7a00d3","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(5)"]},{"policyDefinitionReferenceId":"ACF1121","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c72b0eb9-1fc2-44e5-a866-e7cb0532f7c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(6)"]},{"policyDefinitionReferenceId":"ACF1122","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/243ec95e-800c-49d4-ba52-1fdd9f6b8b57","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(7)"]},{"policyDefinitionReferenceId":"ACF1123","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03996055-37a4-45a5-8b70-3f1caa45f87d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(10)"]},{"policyDefinitionReferenceId":"ACF1124","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c10152dd-78f8-4335-ae2d-ad92cc028da4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7"]},{"policyDefinitionReferenceId":"ACF1125","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c6ce745a-670e-47d3-a6c4-3cfe5ef00c10","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7"]},{"policyDefinitionReferenceId":"ACF1126","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f37f71b-420f-49bf-9477-9c0196974ecf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7(1)"]},{"policyDefinitionReferenceId":"ACF1127","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3ce328db-aef3-48ed-9f81-2ab7cf839c66","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8"]},{"policyDefinitionReferenceId":"ACF1128","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef212163-3bc4-4e86-bcf8-705127086393","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8"]},{"policyDefinitionReferenceId":"ACF1129","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/71bb965d-4047-4623-afd4-b8189a58df5d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8(1)"]},{"policyDefinitionReferenceId":"ACF1130","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd7c4c1d-51ee-4349-9dab-89a7f8c8d102","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8(1)"]},{"policyDefinitionReferenceId":"ACF1131","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b472a17e-c2bc-493f-b50b-42d55a346962","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9"]},{"policyDefinitionReferenceId":"ACF1132","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05938e10-cdbd-4a54-9b2b-1cbcfc141ad0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(2)"]},{"policyDefinitionReferenceId":"ACF1133","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90b60a09-133d-45bc-86ef-b206a6134bbe","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(3)"]},{"policyDefinitionReferenceId":"ACF1134","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e95f70e-181c-4422-9da2-43079710c789","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(4)"]},{"policyDefinitionReferenceId":"ACF1135","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9c308b6b-2429-4b97-86cf-081b8e737b04","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-10"]},{"policyDefinitionReferenceId":"ACF1136","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/97ed5bac-a92f-4f6d-a8ed-dc094723597c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-11"]},{"policyDefinitionReferenceId":"ACF1137","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4344df62-88ab-4637-b97b-bcaf2ec97e7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1138","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9c284fc0-268a-4f29-af44-3c126674edb4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1139","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ed62522-de00-4dda-9810-5205733d2f34","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1140","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90d8b8ad-8ee3-4db7-913f-2a53fcff5316","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12(1)"]},{"policyDefinitionReferenceId":"ACF1141","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6fdefbf4-93e7-4513-bc95-c1858b7093e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12(3)"]},{"policyDefinitionReferenceId":"ACF1142","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01524fa8-4555-48ce-ba5f-c3b8dcef5147","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-1"]},{"policyDefinitionReferenceId":"ACF1143","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c6de11b-5f51-4f7c-8d83-d2467c8a816e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-1"]},{"policyDefinitionReferenceId":"ACF1144","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2fa15ff1-a693-4ee4-b094-324818dc9a51","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1145","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0724970-9c75-4a64-a225-a28002953f28","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1146","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd83410c-ecb6-4547-8f14-748c3cbdc7ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1147","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fef824a-29a8-4a4c-88fc-420a39c0d541","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1148","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28e62650-c7c2-4786-bdfa-17edc1673902","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(1)"]},{"policyDefinitionReferenceId":"ACF1149","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2e1b855b-a013-481a-aeeb-2bcb129fd35d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(2)"]},{"policyDefinitionReferenceId":"ACF1150","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d630429d-e763-40b1-8fba-d20ba7314afb","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(3)"]},{"policyDefinitionReferenceId":"ACF1151","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/347e3b69-7fb7-47df-a8ef-71a1a7b44bca","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1152","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/beff0acf-7e67-40b2-b1ca-1a0e8205cf1b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1153","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/61cf3125-142c-4754-8a16-41ab4d529635","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1154","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e757ceb9-93b3-45fe-a4f4-f43f64f1ac5a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3(3)"]},{"policyDefinitionReferenceId":"ACF1155","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d33f9f1-12d0-46ad-9fbd-8f8046694977","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3(5)"]},{"policyDefinitionReferenceId":"ACF1156","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d52e864-9a3b-41ee-8f03-520815fe5378","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-5"]},{"policyDefinitionReferenceId":"ACF1157","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/15495367-cf68-464c-bbc3-f53ca5227b7a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-5"]},{"policyDefinitionReferenceId":"ACF1158","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fff50cf2-28eb-45b4-b378-c99412688907","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1159","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0925f098-7877-450b-8ba4-d1e55f2d8795","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1160","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3e797ca6-2aa8-4333-b335-7036f1110c05","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1161","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2f8f6c6-dde4-436b-a79d-bc50e129eb3a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1162","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1163","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/961663a1-8a91-4e59-b6f5-1eee57c0f49c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1164","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0fb8d3ce-9e96-481c-9c68-88d4e3019310","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1165","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47e10916-6c9e-446b-b0bd-ff5fd439d79d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1166","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bb02733d-3cc5-4bb0-a6cd-695ba2c2272e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1167","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cbb2be76-4891-430b-95a7-ca0b0a3d1300","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1168","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82409f9e-1f32-4775-bf07-b99d53a91b06","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7(1)"]},{"policyDefinitionReferenceId":"ACF1169","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e7ba2cb3-5675-4468-8b50-8486bdd998a5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7(3)"]},{"policyDefinitionReferenceId":"ACF1170","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8b78b9b3-ee3c-48e0-a243-ed6dba5b7a12","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-8"]},{"policyDefinitionReferenceId":"ACF1171","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d4820bc-8b61-4982-9501-2123cb776c00","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-8(1)"]},{"policyDefinitionReferenceId":"ACF1172","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b43e946e-a4c8-4b92-8201-4a39331db43c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-9"]},{"policyDefinitionReferenceId":"ACF1173","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4aff9e7-2e60-46fa-86be-506b79033fc5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-9"]},{"policyDefinitionReferenceId":"ACF1174","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/42a9a714-8fbb-43ac-b115-ea12d2bd652f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-1"]},{"policyDefinitionReferenceId":"ACF1175","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6dab4254-c30d-4bb7-ae99-1d21586c063c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-1"]},{"policyDefinitionReferenceId":"ACF1176","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c30690a5-7bf3-467f-b0cd-ef5c7c7449cd","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2"]},{"policyDefinitionReferenceId":"ACF1177","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1178","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7818b8f4-47c6-441a-90ae-12ce04e99893","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1179","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3f9ce557-c8ab-4e6c-bb2c-9b8ed002c46c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1180","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/874e7880-a067-42a7-bcbe-1a340f54c8cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(2)"]},{"policyDefinitionReferenceId":"ACF1181","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21839937-d241-4fa5-95c6-b669253d9ab9","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(3)"]},{"policyDefinitionReferenceId":"ACF1182","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f34f554-da4b-4786-8d66-7915c90893da","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(7)"]},{"policyDefinitionReferenceId":"ACF1183","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5352e3e0-e63a-452e-9e5f-9c1d181cff9c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(7)"]},{"policyDefinitionReferenceId":"ACF1184","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13579d0e-0ab0-4b26-b0fb-d586f6d7ed20","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1185","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6420cd73-b939-43b7-9d99-e8688fea053c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1186","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b95ba3bd-4ded-49ea-9d10-c6f4b680813d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1187","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9f2b2f9e-4ba6-46c3-907f-66db138b6f85","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1188","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bb20548a-c926-4e4d-855c-bcddc6faf95e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1189","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ee45e02a-4140-416c-82c4-fecfea660b9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1190","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c66a3d1e-465b-4f28-9da5-aef701b59892","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1191","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f26a61b-a74d-467c-99cf-63644db144f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1192","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ebd97f7-b105-4f50-8daf-c51465991240","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1193","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f5fd629f-3075-4cae-ab53-bad65495a4ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1194","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc34667f-397e-4a65-9b72-d0358f0b6b09","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1195","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d1e1d65c-1013-4484-bd54-991332e6a0d2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1196","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e7f4ea4-dd62-44f6-8886-ac6137cf52b0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1197","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a20d2eaa-88e2-4907-96a2-8f3a05797e5c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(2)"]},{"policyDefinitionReferenceId":"ACF1198","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f56be5c3-660b-4c61-9078-f67cf072c356","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(4)"]},{"policyDefinitionReferenceId":"ACF1199","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9a08d1c-09b1-48f1-90ea-029bbdf7111e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(6)"]},{"policyDefinitionReferenceId":"ACF1200","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e98fe9d7-2ed3-44f8-93b7-24dca69783ff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-4"]},{"policyDefinitionReferenceId":"ACF1201","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7daef997-fdd3-461b-8807-a608a6dd70f1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-4(1)"]},{"policyDefinitionReferenceId":"ACF1202","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40a2a83b-74f2-4c02-ae65-f460a5d2792a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5"]},{"policyDefinitionReferenceId":"ACF1203","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9012d14-e3e6-4d7b-b926-9f37b5537066","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(1)"]},{"policyDefinitionReferenceId":"ACF1204","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f4f6750-d1ab-4a4c-8dfd-af3237682665","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(2)"]},{"policyDefinitionReferenceId":"ACF1205","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b070cab-0fb8-4e48-ad29-fc90b4c2797c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(3)"]},{"policyDefinitionReferenceId":"ACF1206","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e0de232d-02a0-4652-872d-88afb4ae5e91","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(5)"]},{"policyDefinitionReferenceId":"ACF1207","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8713a0ed-0d1e-4d10-be82-83dffb39830e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(5)"]},{"policyDefinitionReferenceId":"ACF1208","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5ea87673-d06b-456f-a324-8abcee5c159f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1209","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ce669c31-9103-4552-ae9c-cdef4e03580d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1210","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3502c968-c490-4570-8167-1476f955e9b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1211","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a8b9dc8-6b00-4701-aa96-bba3277ebf50","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1212","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/56d970ee-4efc-49c8-8a4e-5916940d784c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6(1)"]},{"policyDefinitionReferenceId":"ACF1213","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/81f11e32-a293-4a58-82cd-134af52e2318","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6(2)"]},{"policyDefinitionReferenceId":"ACF1214","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f714a4e2-b580-47b6-ae8c-f2812d3750f3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7"]},{"policyDefinitionReferenceId":"ACF1215","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88fc93e8-4745-4785-b5a5-b44bb92c44ff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7"]},{"policyDefinitionReferenceId":"ACF1216","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7894fe6a-f5cb-44c8-ba90-c3f254ff9484","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(1)"]},{"policyDefinitionReferenceId":"ACF1217","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/edea4f20-b02c-4115-be75-86c080e5c0ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(1)"]},{"policyDefinitionReferenceId":"ACF1218","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4a1d0394-b9f5-493e-9e83-563fd0ac4df8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(2)"]},{"policyDefinitionReferenceId":"ACF1219","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2a39ac75-622b-4c88-9a3f-45b7373f7ef7","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1220","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40f31a7-81e1-4130-99e5-a02ceea2a1d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1221","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22589a07-0007-486a-86ca-95355081ae2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1222","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb39e62f-6bda-4558-8088-ec03d5670914","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8"]},{"policyDefinitionReferenceId":"ACF1223","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8"]},{"policyDefinitionReferenceId":"ACF1224","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28cfa30b-7f72-47ce-ba3b-eed26c8d2c82","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(1)"]},{"policyDefinitionReferenceId":"ACF1225","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8d096fe0-f510-4486-8b4d-d17dc230980b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(2)"]},{"policyDefinitionReferenceId":"ACF1226","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c158eb1c-ae7e-4081-8057-d527140c4e0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(3)"]},{"policyDefinitionReferenceId":"ACF1227","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03b78f5e-4877-4303-b0f4-eb6583f25768","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(3)"]},{"policyDefinitionReferenceId":"ACF1228","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/39c54140-5902-4079-8bb5-ad31936fe764","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(4)"]},{"policyDefinitionReferenceId":"ACF1229","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03752212-103c-4ab8-a306-7e813022ca9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(5)"]},{"policyDefinitionReferenceId":"ACF1230","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/11158848-f679-4e9b-aa7b-9fb07d945071","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1231","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/244e0c05-cc45-4fe7-bf36-42dcf01f457d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1232","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/396ba986-eac1-4d6d-85c4-d3fda6b78272","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1233","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d79001f-95fe-45d0-8736-f217e78c1f57","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1234","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b293f881-361c-47ed-b997-bc4e2296bc0b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1235","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c49c610b-ece4-44b3-988c-2172b70d6e46","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1236","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ba3ed84-c768-4e18-b87c-34ef1aff1b57","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1237","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e80b6812-0bfa-4383-8223-cdd86a46a890","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10(1)"]},{"policyDefinitionReferenceId":"ACF1238","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1239","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0be51298-f643-4556-88af-d7db90794879","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1240","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/129eb39f-d79a-4503-84cd-92f036b5e429","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1241","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eca4d7b2-65e2-4e04-95d4-c68606b063c3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11(1)"]},{"policyDefinitionReferenceId":"ACF1242","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf3b3293-667a-445e-a722-fa0b0afc0958","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-1"]},{"policyDefinitionReferenceId":"ACF1243","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ca9a4469-d6df-4ab2-a42f-1213c396f0ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-1"]},{"policyDefinitionReferenceId":"ACF1244","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a13a8f8-c163-4b1b-8554-d63569dab937","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1245","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0e45314-57b8-4623-80cd-bbb561f59516","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1246","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/398eb61e-8111-40d5-a0c9-003df28f1753","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1247","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e666db5-b2ef-4b06-aac6-09bfce49151b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1248","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50fc602d-d8e0-444b-a039-ad138ee5deb0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1249","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d3bf4251-0818-42db-950b-afd5b25a51c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1250","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8de614d8-a8b7-4f70-a62a-6d37089a002c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1251","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e2b3730-8c14-4081-8893-19dbb5de7348","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(1)"]},{"policyDefinitionReferenceId":"ACF1252","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a328fd72-8ff5-4f96-8c9c-b30ed95db4ab","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(2)"]},{"policyDefinitionReferenceId":"ACF1253","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0afce0b3-dd9f-42bb-af28-1e4284ba8311","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(3)"]},{"policyDefinitionReferenceId":"ACF1254","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/704e136a-4fe0-427c-b829-cd69957f5d2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(4)"]},{"policyDefinitionReferenceId":"ACF1255","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3793f5e-937f-44f7-bfba-40647ef3efa0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(5)"]},{"policyDefinitionReferenceId":"ACF1256","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/232ab24b-810b-4640-9019-74a7d0d6a980","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(8)"]},{"policyDefinitionReferenceId":"ACF1257","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b958b241-4245-4bd6-bd2d-b8f0779fb543","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1258","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7814506c-382c-4d33-a142-249dd4a0dbff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1259","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d9e18f7-bad9-4d30-8806-a0c9d5e26208","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1260","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/42254fc4-2738-4128-9613-72aaa4f0d9c3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3(1)"]},{"policyDefinitionReferenceId":"ACF1261","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/65aeceb5-a59c-4cb1-8d82-9c474be5d431","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1262","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/831e510e-db41-4c72-888e-a0621ab62265","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1263","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41472613-3b05-49f6-8fe8-525af113ce17","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1264","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd280d4b-50a1-42fb-a479-ece5878acf19","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(1)"]},{"policyDefinitionReferenceId":"ACF1265","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a18adb5b-1db6-4a5b-901a-7d3797d12972","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(2)"]},{"policyDefinitionReferenceId":"ACF1266","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b4a3eb2-c25d-40bf-ad41-5094b6f59cee","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(2)"]},{"policyDefinitionReferenceId":"ACF1267","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e97ba1d-be5d-4953-8da4-0cccf28f4805","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6"]},{"policyDefinitionReferenceId":"ACF1268","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23f6e984-3053-4dfc-ab48-543b764781f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6"]},{"policyDefinitionReferenceId":"ACF1269","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/19b9439d-865d-4474-b17d-97d2702fdb66","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(1)"]},{"policyDefinitionReferenceId":"ACF1270","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53c76a39-2097-408a-b237-b279f7b4614d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(2)"]},{"policyDefinitionReferenceId":"ACF1271","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da3bfb53-9c46-4010-b3db-a7ba1296dada","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(3)"]},{"policyDefinitionReferenceId":"ACF1272","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1273","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e77fcbf2-a1e8-44f1-860e-ed6583761e65","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1274","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2aee175f-cd16-4825-939a-a85349d96210","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1275","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a23d9d53-ad2e-45ef-afd5-e6d10900a737","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(1)"]},{"policyDefinitionReferenceId":"ACF1276","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e214e563-1206-4a43-a56b-ac5880c9c571","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(2)"]},{"policyDefinitionReferenceId":"ACF1277","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dc43e829-3d50-4a0a-aa0f-428d551862aa","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(3)"]},{"policyDefinitionReferenceId":"ACF1278","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8e5ef485-9e16-4c53-a475-fbb8107eac59","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(4)"]},{"policyDefinitionReferenceId":"ACF1279","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8"]},{"policyDefinitionReferenceId":"ACF1280","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa108498-b3a8-4ffb-9e79-1107e76afad3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(1)"]},{"policyDefinitionReferenceId":"ACF1281","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8dc459b3-0e77-45af-8d71-cfd8c9654fe2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(1)"]},{"policyDefinitionReferenceId":"ACF1282","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34042a97-ec6d-4263-93d2-8c1c46823b2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(2)"]},{"policyDefinitionReferenceId":"ACF1283","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9172e76-7f56-46e9-93bf-75d69bdb5491","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(3)"]},{"policyDefinitionReferenceId":"ACF1284","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/942b3e97-6ae3-410e-a794-c9c999b97c0b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1285","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01f7726b-db54-45c2-bcb5-9bd7a43796ee","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1286","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4f9b47a-2116-4e6f-88db-4edbf22753f1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1287","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/819dc6da-289d-476e-8500-7e341ef8677d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1288","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1289","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a724864-956a-496c-b778-637cb1d762cf","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1290","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/92f85ce9-17b7-49ea-85ee-ea7271ea6b82","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1291","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(1)"]},{"policyDefinitionReferenceId":"ACF1292","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d03516cf-0293-489f-9b32-a18f2a79f836","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(2)"]},{"policyDefinitionReferenceId":"ACF1293","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/87f7cd82-2e45-4d0f-9e2f-586b0962d142","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(3)"]},{"policyDefinitionReferenceId":"ACF1294","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/49dbe627-2c1e-438c-979e-dd7a39bbf81d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(5)"]},{"policyDefinitionReferenceId":"ACF1295","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a895fbdb-204d-4302-9689-0a59dc42b3d9","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10"]},{"policyDefinitionReferenceId":"ACF1296","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e57b98a0-a011-4956-a79d-5d17ed8b8e48","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10(2)"]},{"policyDefinitionReferenceId":"ACF1297","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93fd8af1-c161-4bae-9ba9-f62731f76439","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10(4)"]},{"policyDefinitionReferenceId":"ACF1298","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1dc784b5-4895-4d27-9d40-a06b032bd1ee","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-1"]},{"policyDefinitionReferenceId":"ACF1299","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd4e54f7-9ab0-4bae-b6cc-457809948a89","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-1"]},{"policyDefinitionReferenceId":"ACF1300","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/99deec7d-5526-472e-b07c-3645a792026a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2"]},{"policyDefinitionReferenceId":"ACF1301","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"ACF1302","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09828c65-e323-422b-9774-9d5c646124da","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(2)"]},{"policyDefinitionReferenceId":"ACF1303","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/80ca0a27-918a-4604-af9e-723a27ee51e8","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(3)"]},{"policyDefinitionReferenceId":"ACF1304","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(4)"]},{"policyDefinitionReferenceId":"ACF1305","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d9166a8-1722-4b8f-847c-2cf3f2618b3d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(5)"]},{"policyDefinitionReferenceId":"ACF1306","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(8)"]},{"policyDefinitionReferenceId":"ACF1307","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84e622c8-4bed-417c-84c6-b2fb0dd73682","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(9)"]},{"policyDefinitionReferenceId":"ACF1308","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/81817e1c-5347-48dd-965a-40159d008229","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(11)"]},{"policyDefinitionReferenceId":"ACF1309","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f355d62b-39a8-4ba3-abf7-90f71cb3b000","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(12)"]},{"policyDefinitionReferenceId":"ACF1310","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/450d7ede-823d-4931-a99d-57f6a38807dc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-3"]},{"policyDefinitionReferenceId":"ACF1311","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e7568697-0c9e-4ea3-9cec-9e567d14f3c6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1312","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d6a5968-9eef-4c18-8534-376790ab7274","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1313","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36220f5b-79a1-4cdb-8c74-2d2449f9a510","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1314","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef0c8530-efd9-45b8-b753-f03083d06295","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1315","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3aa87116-f1a1-4edb-bfbf-14e036f8d454","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1316","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ce14753-66e5-465d-9841-26ef55c09c0d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4(4)"]},{"policyDefinitionReferenceId":"ACF1317","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8877f519-c166-47b7-81b7-8a8eb4ff3775","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1318","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fced5fda-3bdb-4d73-bfea-0e2c80428b66","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1319","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/66f7ae57-5560-4fc5-85c9-659f204e7a42","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1320","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6f54c732-71d4-4f93-a696-4e373eca3a77","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1321","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb627cc6-3a9d-46b5-96b7-5fca49178a37","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1322","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d1d971e-467e-4278-9633-c74c3d4fecc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1323","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abe8f70b-680f-470c-9b86-a7edfb664ecc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1324","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cfea2b3-7f77-497e-ac20-0752f2ff6eee","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1325","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1845796a-7581-49b2-ae20-443121538e19","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1326","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8605fc00-1bf5-4fb3-984e-c95cec4f231d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1327","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03188d8f-1ae5-4fe1-974d-2d7d32ef937d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1328","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f5c66fdc-3d02-4034-9db5-ba57802609de","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1329","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/498f6234-3e20-4b6a-a880-cbd646d973bd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1330","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f75cedb2-5def-4b31-973e-b69e8c7bd031","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1331","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05460fe2-301f-4ed1-8174-d62c8bb92ff4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1332","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/068260be-a5e6-4b0a-a430-cd27071c226a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1333","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3298d6bf-4bc6-4278-a95d-f7ef3ac6e594","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1334","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44bfdadc-8c2e-4c30-9c99-f005986fabcd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1335","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/382016f3-d4ba-4e15-9716-55077ec4dc2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1336","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/77f56280-e367-432a-a3b9-8ca2aa636a26","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1337","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/463e5220-3f79-4e24-a63f-343e4096cd22","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(3)"]},{"policyDefinitionReferenceId":"ACF1338","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6c59a207-6aed-41dc-83a2-e1ff66e4a4db","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(4)"]},{"policyDefinitionReferenceId":"ACF1339","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/367ae386-db7f-4167-b672-984ff86277c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(6)"]},{"policyDefinitionReferenceId":"ACF1340","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e51ff84b-e5ea-408f-b651-2ecc2933e4c6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(7)"]},{"policyDefinitionReferenceId":"ACF1341","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34cb7e92-fe4c-4826-b51e-8cd203fa5d35","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(8)"]},{"policyDefinitionReferenceId":"ACF1342","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/283a4e29-69d5-4c94-b99e-29acf003c899","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(11)"]},{"policyDefinitionReferenceId":"ACF1343","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c251a55-31eb-4e53-99c6-e9c43c393ac2","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(13)"]},{"policyDefinitionReferenceId":"ACF1344","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c895fe7-2d8e-43a2-838c-3a533a5b355e","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-6"]},{"policyDefinitionReferenceId":"ACF1345","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f86aa129-7c07-4aa4-bbf5-792d93ffd9ea","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-7"]},{"policyDefinitionReferenceId":"ACF1346","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/464dc8ce-2200-4720-87a5-dc5952924cc6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8"]},{"policyDefinitionReferenceId":"ACF1347","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/131a2706-61e9-4916-a164-00e052056462","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(1)"]},{"policyDefinitionReferenceId":"ACF1348","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/855ced56-417b-4d74-9d5f-dd1bc81e22d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(2)"]},{"policyDefinitionReferenceId":"ACF1349","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17641f70-94cd-4a5d-a613-3d1143e20e34","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(3)"]},{"policyDefinitionReferenceId":"ACF1350","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d77fd943-6ba6-4a21-ba07-22b03e347cc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(4)"]},{"policyDefinitionReferenceId":"ACF1351","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bcfb6683-05e5-4ce6-9723-c3fbe9896bdd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-1"]},{"policyDefinitionReferenceId":"ACF1352","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/518cb545-bfa8-43f8-a108-3b7d5037469a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-1"]},{"policyDefinitionReferenceId":"ACF1353","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c785ad59-f78f-44ad-9a7f-d1202318c748","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1354","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9fd92c17-163a-4511-bb96-bbb476449796","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1355","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90e01f69-3074-4de8-ade7-0fef3e7d83e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1356","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8829f8f5-e8be-441e-85c9-85b72a5d0ef3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2(1)"]},{"policyDefinitionReferenceId":"ACF1357","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e4213689-05e8-4241-9d4e-8dd1cdafd105","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2(2)"]},{"policyDefinitionReferenceId":"ACF1358","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/effbaeef-5bf4-400d-895e-ef8cbc0e64c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-3"]},{"policyDefinitionReferenceId":"ACF1359","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47bc7ea0-7d13-4f7c-a154-b903f7194253","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-3(2)"]},{"policyDefinitionReferenceId":"ACF1360","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/be5b05e7-0b82-4ebc-9eda-25e447b1a41e","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1361","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03ed3be1-7276-4452-9a5d-e4168565ac67","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1362","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5d169442-d6ef-439b-8dca-46c2c3248214","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1363","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea3e8156-89a1-45b1-8bd6-938abc79fdfd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(1)"]},{"policyDefinitionReferenceId":"ACF1364","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c615c2a-dc83-4dda-8220-abce7b50c9bc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(2)"]},{"policyDefinitionReferenceId":"ACF1365","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4116891d-72f7-46ee-911c-8056cc8dcbd5","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(3)"]},{"policyDefinitionReferenceId":"ACF1366","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06c45c30-ae44-4f0f-82be-41331da911cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(4)"]},{"policyDefinitionReferenceId":"ACF1367","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/435b2547-6374-4f87-b42d-6e8dbe6ae62a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(6)"]},{"policyDefinitionReferenceId":"ACF1368","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/465f32da-0ace-4603-8d1b-7be5a3a702de","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(8)"]},{"policyDefinitionReferenceId":"ACF1369","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/18cc35ed-a429-486d-8d59-cb47e87304ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-5"]},{"policyDefinitionReferenceId":"ACF1370","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/924e1b2d-c502-478f-bfdb-a7e09a0d5c01","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-5(1)"]},{"policyDefinitionReferenceId":"ACF1371","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9447f354-2c85-4700-93b3-ecdc6cb6a417","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6"]},{"policyDefinitionReferenceId":"ACF1372","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/25b96717-c912-4c00-9143-4e487f411726","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6"]},{"policyDefinitionReferenceId":"ACF1373","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4cca950f-c3b7-492a-8e8f-ea39663c14f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6(1)"]},{"policyDefinitionReferenceId":"ACF1374","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc5c8616-52ef-4e5e-8000-491634ed9249","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7"]},{"policyDefinitionReferenceId":"ACF1375","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/00379355-8932-4b52-b63a-3bc6daf3451a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(1)"]},{"policyDefinitionReferenceId":"ACF1376","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/493a95f3-f2e3-47d0-af02-65e6d6decc2f","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(2)"]},{"policyDefinitionReferenceId":"ACF1377","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68434bd1-e14b-4031-9edb-a4adf5f84a67","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(2)"]},{"policyDefinitionReferenceId":"ACF1378","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/97fceb70-6983-42d0-9331-18ad8253184d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1379","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9442dd2c-a07f-46cd-b55a-553b66ba47ca","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1380","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4319b7e-ea8d-42ff-8a67-ccd462972827","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1381","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e5368258-9684-4567-8126-269f34e65eab","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1382","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/841392b3-40da-4473-b328-4cde49db67b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1383","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d4558451-e16a-4d2d-a066-fe12a6282bb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1384","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/79fbc228-461c-4a45-9004-a865ca0728a7","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1385","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3e495e65-8663-49ca-9b38-9f45e800bc58","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1386","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5120193e-91fd-4f9d-bc6d-194f94734065","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1387","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3007185-3857-43a9-8237-06ca94f1084c","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1388","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c7c575a-d4c5-4f6f-bd49-dee97a8cba55","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1389","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c39e6fda-ae70-4891-a739-be7bba6d1062","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1390","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3b65b63-09ec-4cb5-8028-7dd324d10eb0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(1)"]},{"policyDefinitionReferenceId":"ACF1391","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd6ac1a1-660e-4810-baa8-74e868e2ed47","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(2)"]},{"policyDefinitionReferenceId":"ACF1392","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86dc819f-15e1-43f9-a271-41ae58d4cecc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(3)"]},{"policyDefinitionReferenceId":"ACF1393","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/731856d8-1598-4b75-92de-7d46235747c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(4)"]},{"policyDefinitionReferenceId":"ACF1394","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4db56f68-3f50-45ab-88f3-ca46f5379a94","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-1"]},{"policyDefinitionReferenceId":"ACF1395","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7207a023-a517-41c5-9df2-09d4c6845a05","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-1"]},{"policyDefinitionReferenceId":"ACF1396","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/276af98f-4ff9-4e69-99fb-c9b2452fb85f","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1397","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/391af4ab-1117-46b9-b2c7-78bbd5cd995b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1398","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/443e8f3d-b51a-45d8-95a7-18b0e42f4dc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1399","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2256e638-eb23-480f-9e15-6cf1af0a76b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1400","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a96d5098-a604-4cdf-90b1-ef6449a27424","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1401","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b78ee928-e3c1-4569-ad97-9f8c4b629847","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1402","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a560d32-8075-4fec-9615-9f7c853f4ea9","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2(2)"]},{"policyDefinitionReferenceId":"ACF1403","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/57149289-d52b-4f40-9fe6-5233c1ef80f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2(2)"]},{"policyDefinitionReferenceId":"ACF1404","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13d8f903-0cd6-449f-a172-50f6579c182b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3"]},{"policyDefinitionReferenceId":"ACF1405","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(1)"]},{"policyDefinitionReferenceId":"ACF1406","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0f5339c-9292-43aa-a0bc-d27c6b8e30aa","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(2)"]},{"policyDefinitionReferenceId":"ACF1407","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ff9fbd83-1d8d-4b41-aac2-94cb44b33976","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1408","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c5f56ac6-4bb2-4086-bc41-ad76344ba2c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1409","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d1880188-e51a-4772-b2ab-68f5e8bd27f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1410","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2596a9f-e59f-420d-9625-6e0b536348be","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1411","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/898d4fe8-f743-4333-86b7-0c9245d93e7d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1412","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3492d949-0dbb-4589-88b3-7b59601cc764","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1413","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeedddb6-6bc0-42d5-809b-80048033419d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1414","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ce63a52-e47b-4ae2-adbb-6e40d967f9e6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1415","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/61a1dd98-b259-4840-abd5-fbba7ee0da83","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1416","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/38dfd8a3-5290-4099-88b7-4081f4c4d8ae","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(2)"]},{"policyDefinitionReferenceId":"ACF1417","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7522ed84-70d5-4181-afc0-21e50b1b6d0e","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(3)"]},{"policyDefinitionReferenceId":"ACF1418","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28e633fd-284e-4ea7-88b4-02ca157ed713","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(3)"]},{"policyDefinitionReferenceId":"ACF1419","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6747bf9-2b97-45b8-b162-3c8becb9937d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(6)"]},{"policyDefinitionReferenceId":"ACF1420","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05ae08cc-a282-413b-90c7-21a2c60b8404","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1421","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e539caaa-da8c-41b8-9e1e-449851e2f7a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1422","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea556850-838d-4a37-8ce5-9d7642f95e11","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1423","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7741669e-d4f6-485a-83cb-e70ce7cbbc20","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5(1)"]},{"policyDefinitionReferenceId":"ACF1424","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf55fc87-48e1-4676-a2f8-d9a8cf993283","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5(1)"]},{"policyDefinitionReferenceId":"ACF1425","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5983d99c-f39b-4c32-a3dc-170f19f6941b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-6"]},{"policyDefinitionReferenceId":"ACF1426","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21f639bc-f42b-46b1-8f40-7a2a389c291a","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-1"]},{"policyDefinitionReferenceId":"ACF1427","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc90e44f-d83f-4bdf-900f-3d5eb4111b31","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-1"]},{"policyDefinitionReferenceId":"ACF1428","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a77fcc7-b8d8-451a-ab52-56197913c0c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-2"]},{"policyDefinitionReferenceId":"ACF1429","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b07c9b24-729e-4e85-95fc-f224d2d08a80","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-3"]},{"policyDefinitionReferenceId":"ACF1430","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f559588-5e53-4b14-a7c4-85d28ebc2234","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-3"]},{"policyDefinitionReferenceId":"ACF1431","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7173c52-2b99-4696-a576-63dd5f970ef4","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-4"]},{"policyDefinitionReferenceId":"ACF1432","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1140e542-b80d-4048-af45-3f7245be274b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-4"]},{"policyDefinitionReferenceId":"ACF1433","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b879b41-2728-41c5-ad24-9ee2c37cbe65","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1434","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c18f06b-a68d-41c3-8863-b8cd3acb5f8f","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1435","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa8d221b-d130-4637-ba16-501e666628bb","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1436","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28aab8b4-74fd-4b7c-9080-5a7be525d574","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1437","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d1eb6ed-bf13-4046-b993-b9e2aef0f76c","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5(4)"]},{"policyDefinitionReferenceId":"ACF1438","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40fcc635-52a2-4dbc-9523-80a1f4aa1de6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6"]},{"policyDefinitionReferenceId":"ACF1439","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dce72873-c5f1-47c3-9b4f-6b8207fd5a45","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6"]},{"policyDefinitionReferenceId":"ACF1440","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/881299bf-2a5b-4686-a1b2-321d33679953","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(1)"]},{"policyDefinitionReferenceId":"ACF1441","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6519d7f3-e8a2-4ff3-a935-9a9497152ad7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(2)"]},{"policyDefinitionReferenceId":"ACF1442","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f26049b-2c5a-4841-9ff3-d48a26aae475","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(3)"]},{"policyDefinitionReferenceId":"ACF1443","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cd0ec6fa-a2e7-4361-aee4-a8688659a9ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-7"]},{"policyDefinitionReferenceId":"ACF1444","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/666143df-f5e0-45bd-b554-135f0f93e44e","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-7(1)"]},{"policyDefinitionReferenceId":"ACF1445","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32d07d59-2716-4972-b37b-214a67ac4a37","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-1"]},{"policyDefinitionReferenceId":"ACF1446","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf6850fe-abba-468e-9ef4-d09ec7d983cd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-1"]},{"policyDefinitionReferenceId":"ACF1447","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9783a99-98fe-4a95-873f-29613309fe9a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1448","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/825d6494-e583-42f2-a3f2-6458e6f0004f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1449","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f784d3b0-5f2b-49b7-b9f3-00ba8653ced5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1450","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/134d7a13-ba3e-41e2-b236-91bfcfa24e01","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1451","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3f1e5a3-25c1-4476-8cb6-3955031f8e65","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1452","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82c76455-4d3f-4e09-a654-22e592107e74","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1453","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9693b564-3008-42bc-9d5d-9c7fe198c011","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1454","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ad58985d-ab32-4f99-8bd3-b7e134c90229","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1455","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/068a88d4-e520-434e-baf0-9005a8164e6a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1456","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/733ba9e3-9e7c-440a-a7aa-6196a90a2870","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1457","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f2d9d3e6-8886-4305-865d-639163e5c305","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1458","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c19ceb7-56e9-4488-8ddb-b1eb3aa6d203","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3(1)"]},{"policyDefinitionReferenceId":"ACF1459","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-4"]},{"policyDefinitionReferenceId":"ACF1460","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6f3ce1bb-4f77-4695-8355-70b08d54fdda","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-5"]},{"policyDefinitionReferenceId":"ACF1461","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aafef03e-fea8-470b-88fa-54bd1fcd7064","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1462","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9b1f3a9a-13a1-4b40-8420-36bca6fd8c02","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1463","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/59721f87-ae25-4db0-a2a4-77cc5b25d495","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1464","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41256567-1795-4684-b00b-a1308ce43cac","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6(1)"]},{"policyDefinitionReferenceId":"ACF1465","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6e41554-86b5-4537-9f7f-4fc41a1d1640","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6(4)"]},{"policyDefinitionReferenceId":"ACF1466","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d943a9c-a6f1-401f-a792-740cdb09c451","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8"]},{"policyDefinitionReferenceId":"ACF1467","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5350cbf9-8bdd-4904-b22a-e88be84ca49d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8"]},{"policyDefinitionReferenceId":"ACF1468","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/75603f96-80a1-4757-991d-5a1221765ddd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8(1)"]},{"policyDefinitionReferenceId":"ACF1469","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-9"]},{"policyDefinitionReferenceId":"ACF1470","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c89ba09f-2e0f-44d0-8095-65b05bd151ef","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1471","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7dd0e9ce-1772-41fb-a50a-99977071f916","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1472","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef869332-921d-4c28-9402-3be73e6e50c8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1473","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d7047705-d719-46a7-8bb0-76ad233eba71","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-11"]},{"policyDefinitionReferenceId":"ACF1474","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03ad326e-d7a1-44b1-9a76-e17492efc9e4","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-11(1)"]},{"policyDefinitionReferenceId":"ACF1475","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34a63848-30cf-4081-937e-ce1a1c885501","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-12"]},{"policyDefinitionReferenceId":"ACF1476","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f3c4ac2-3e35-4906-a80b-473b12a622d7","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13"]},{"policyDefinitionReferenceId":"ACF1477","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4862a63c-6c74-4a9d-a221-89af3c374503","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(1)"]},{"policyDefinitionReferenceId":"ACF1478","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f997df46-cfbb-4cc8-aac8-3fecdaf6a183","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(2)"]},{"policyDefinitionReferenceId":"ACF1479","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e327b072-281d-4f75-9c28-4216e5d72f26","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(3)"]},{"policyDefinitionReferenceId":"ACF1480","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/18a767cc-1947-4338-a240-bc058c81164f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14"]},{"policyDefinitionReferenceId":"ACF1481","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/717a1c78-a267-4f56-ac58-ee6c54dc4339","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14"]},{"policyDefinitionReferenceId":"ACF1482","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9df4277e-8c88-4d5c-9b1a-541d53d15d7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14(2)"]},{"policyDefinitionReferenceId":"ACF1483","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5cb81060-3c8a-4968-bcdc-395a1801f6c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-15"]},{"policyDefinitionReferenceId":"ACF1484","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/486b006a-3653-45e8-b41c-a052d3e05456","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-15(1)"]},{"policyDefinitionReferenceId":"ACF1485","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50301354-95d0-4a11-8af5-8039ecf6d38b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-16"]},{"policyDefinitionReferenceId":"ACF1486","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb790345-a51f-43de-934e-98dbfaf9dca5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1487","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c3371d-c30c-4f58-abd9-30b8a8199571","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1488","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d8ef30eb-a44f-47af-8524-ac19a36d41d2","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1489","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0a794f-1444-4c96-9534-e35fc8c39c91","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-18"]},{"policyDefinitionReferenceId":"ACF1490","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e61da80-0957-4892-b70c-609d5eaafb6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-1"]},{"policyDefinitionReferenceId":"ACF1491","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1571dd40-dafc-4ef4-8f55-16eba27efc7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-1"]},{"policyDefinitionReferenceId":"ACF1492","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ad5f307-e045-46f7-8214-5bdb7e973737","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1493","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22b469b3-fccf-42da-aa3b-a28e6fb113ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1494","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ed09d84-3311-4853-8b67-2b55dfa33d09","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1495","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4978d0e-a596-48e7-9f8c-bbf52554ce8d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1496","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ca96127-2f87-46ab-a4fc-0d2a786df1c8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1497","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2e3c5583-1729-4d36-8771-59c32f090a22","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2(3)"]},{"policyDefinitionReferenceId":"ACF1498","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/633988b9-cf2f-4323-8394-f0d2af9cd6e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1499","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e59671ab-9720-4ee2-9c60-170e8c82251e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1500","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9dd5b241-03cb-47d3-a5cd-4b89f9c53c92","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1501","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88817b58-8472-4f6c-81fa-58ce42b67f51","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1502","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e901375c-8f01-4ac8-9183-d5312f47fe63","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4(1)"]},{"policyDefinitionReferenceId":"ACF1503","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c1fa9c2f-d439-4ab9-8b83-81fb1934f81d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1504","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e7c35d0-12d4-4e0c-80a2-8a352537aefd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1505","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/813a10a7-3943-4fe3-8678-00dc52db5490","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1506","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f7d2ff17-d604-4dd9-b607-9ecf63f28ad2","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-1"]},{"policyDefinitionReferenceId":"ACF1507","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86ccd1bf-e7ad-4851-93ce-6ec817469c1e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-1"]},{"policyDefinitionReferenceId":"ACF1508","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/76f500cc-4bca-4583-bda1-6d084dc21086","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1509","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/70792197-9bfc-4813-905a-bd33993e327f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1510","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/79da5b09-0e7e-499e-adda-141b069c7998","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1511","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9eae324-d327-4539-9293-b48e122465f8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3"]},{"policyDefinitionReferenceId":"ACF1512","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5a8324ad-f599-429b-aaed-f9c6e8c987a8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3"]},{"policyDefinitionReferenceId":"ACF1513","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c416970d-b12b-49eb-8af4-fb144cd7c290","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3(3)"]},{"policyDefinitionReferenceId":"ACF1514","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ed5ca00-0e43-434e-a018-7aab91461ba7","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3(3)"]},{"policyDefinitionReferenceId":"ACF1515","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02dd141a-a2b2-49a7-bcbd-ca31142f6211","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1516","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da3cd269-156f-435b-b472-c3af34c032ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1517","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8f5ad423-50d6-4617-b058-69908f5586c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1518","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d58f734-c052-40e9-8b2f-a1c2bff0b815","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1519","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2f13915a-324c-4ab8-b45c-2eefeeefb098","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1520","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f2c513b-eb16-463b-b469-c10e5fa94f0a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1521","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cbddf9c-a3aa-4330-a0f5-4c0c1f1862e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4(2)"]},{"policyDefinitionReferenceId":"ACF1522","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/38b470cc-f939-4a15-80e0-9f0c74f2e2c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1523","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5577a310-2551-49c8-803b-36e0d5e55601","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1524","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/72f1cb4e-2439-4fe8-88ea-b8671ce3c268","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1525","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9be2f688-7a61-45e3-8230-e1ec93893f66","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1526","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/953e6261-a05a-44fd-8246-000e1a3edbb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1527","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2823de66-332f-4bfd-94a3-3eb036cd3b67","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1528","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/deb9797c-22f8-40e8-b342-a84003c924e6","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1529","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d74fdc92-1cb8-4a34-9978-8556425cd14c","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1530","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e8f9566-29f1-49cd-b61f-f8628a3cf993","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1531","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0643e0c-eee5-4113-8684-c608d05c5236","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1532","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2c66299-9017-4d95-8040-8bdbf7901d52","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1533","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bba2a036-fb3b-4261-b1be-a13dfb5fbcaa","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1534","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8b2b263e-cd05-4488-bcbf-4debec7a17d9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-8"]},{"policyDefinitionReferenceId":"ACF1535","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9a165d2-967d-4733-8399-1074270dae2e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-8"]},{"policyDefinitionReferenceId":"ACF1536","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e40d9de-2ad4-4cb5-8945-23143326a502","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-1"]},{"policyDefinitionReferenceId":"ACF1537","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b19454ca-0d70-42c0-acf5-ea1c1e5726d1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-1"]},{"policyDefinitionReferenceId":"ACF1538","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d7658b2-e827-49c3-a2ae-6d2bd0b45874","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1539","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aabb155f-e7a5-4896-a767-e918bfae2ee0","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1540","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f771f8cb-6642-45cc-9a15-8a41cd5c6977","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1541","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/70f6af82-7be6-44aa-9b15-8b9231b2e434","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1542","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eab340d0-3d55-4826-a0e5-feebfeb0131d","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1543","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd00b778-b5b5-49c0-a994-734ea7bd3624","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1544","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/43ced7c9-cd53-456b-b0da-2522649a4271","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1545","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3f4b171a-a56b-4328-8112-32cf7f947ee1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1546","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ce1ea7e-4038-4e53-82f4-63e8859333c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1547","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1548","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3afe6c78-6124-4d95-b85c-eb8c0c9539cb","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1549","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d6976a08-d969-4df2-bb38-29556c2eb48a","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1550","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/902908fb-25a8-4225-a3a5-5603c80066c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1551","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bbda922-0172-4095-89e6-5b4a0bf03af7","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(1)"]},{"policyDefinitionReferenceId":"ACF1552","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/43684572-e4f1-4642-af35-6b933bc506da","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(2)"]},{"policyDefinitionReferenceId":"ACF1553","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e5225fe-cdfb-4fce-9aec-0fe20dd53b62","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(3)"]},{"policyDefinitionReferenceId":"ACF1554","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10984b4e-c93e-48d7-bf20-9c03b04e9eca","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(4)"]},{"policyDefinitionReferenceId":"ACF1555","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5afa8cab-1ed7-4e40-884c-64e0ac2059cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(5)"]},{"policyDefinitionReferenceId":"ACF1556","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/391ff8b3-afed-405e-9f7d-ef2f8168d5da","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(6)"]},{"policyDefinitionReferenceId":"ACF1557","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36fbe499-f2f2-41b6-880e-52d7ea1d94a5","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(8)"]},{"policyDefinitionReferenceId":"ACF1558","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/65592b16-4367-42c5-a26e-d371be450e17","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(10)"]},{"policyDefinitionReferenceId":"ACF1559","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45692294-f074-42bd-ac54-16f1a3c07554","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-1"]},{"policyDefinitionReferenceId":"ACF1560","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e29e0915-5c2f-4d09-8806-048b749ad763","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-1"]},{"policyDefinitionReferenceId":"ACF1561","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40364c3f-c331-4e29-b1e3-2fbe998ba2f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1562","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d4142013-7964-4163-a313-a900301c2cef","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1563","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9afe2edf-232c-4fdf-8e6a-e867a5c525fd","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1564","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/157f0ef9-143f-496d-b8f9-f8c8eeaad801","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1565","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45ce2396-5c76-4654-9737-f8792ab3d26b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1566","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50ad3724-e2ac-4716-afcc-d8eabd97adb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1567","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e72edbf6-aa61-436d-a227-0f32b77194b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1568","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6a8eae8-9854-495a-ac82-d2cd3eac02a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1569","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ad2f8e61-a564-4dfd-8eaa-816f5be8cb34","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1570","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7fcf38d-bb09-4600-be7d-825046eb162a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1571","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b11c985b-f2cd-4bd7-85f4-b52426edf905","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1572","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/04f5fb00-80bb-48a9-a75b-4cb4d4c97c36","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1573","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/58c93053-7b98-4cf0-b99f-1beb985416c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1574","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f935dab-83d6-47b8-85ef-68b8584161b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1575","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93e1bb73-1b08-4dbe-9c62-8e2e92e7ec41","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(1)"]},{"policyDefinitionReferenceId":"ACF1576","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f18c885-ade3-48c5-80b1-8f9216019c18","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(2)"]},{"policyDefinitionReferenceId":"ACF1577","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d922484a-8cfc-4a6b-95a4-77d6a685407f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(8)"]},{"policyDefinitionReferenceId":"ACF1578","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45b7b644-5f91-498e-9d89-7402532d3645","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(9)"]},{"policyDefinitionReferenceId":"ACF1579","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e54c7ef-7457-430b-9a3e-ef8881d4a8e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(10)"]},{"policyDefinitionReferenceId":"ACF1580","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/854db8ac-6adf-42a0-bef3-b73f764f40b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1581","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/742b549b-7a25-465f-b83c-ea1ffb4f4e0e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1582","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cd9e2f38-259b-462c-bfad-0ad7ab4e65c5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1583","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0882d488-8e80-4466-bc0f-0cd15b6cb66d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1584","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5864522b-ff1d-4979-a9f8-58bee1fb174c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1585","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d57f8732-5cdc-4cda-8d27-ab148e1f3a55","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-8"]},{"policyDefinitionReferenceId":"ACF1586","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e3b2fbd-8f37-4766-a64d-3f37703dcb51","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1587","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32820956-9c6d-4376-934c-05cd8525be7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1588","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68ebae26-e0e0-4ecb-8379-aabf633b51e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1589","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86ec7f9b-9478-40ff-8cfd-6a0d510081a8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(1)"]},{"policyDefinitionReferenceId":"ACF1590","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf296b8c-f391-4ea4-9198-be3c9d39dd1f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(1)"]},{"policyDefinitionReferenceId":"ACF1591","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f751cdb7-fbee-406b-969b-815d367cb9b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(2)"]},{"policyDefinitionReferenceId":"ACF1592","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d01ba6c-289f-42fd-a408-494b355b6222","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(4)"]},{"policyDefinitionReferenceId":"ACF1593","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2cd0a426-b5f5-4fe0-9539-a6043cdbc6fa","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(5)"]},{"policyDefinitionReferenceId":"ACF1594","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/042ba2a1-8bb8-45f4-b080-c78cf62b90e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1595","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1e0414e7-6ef5-4182-8076-aa82fbb53341","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1596","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21e25e01-0ae0-41be-919e-04ce92b8e8b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1597","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68b250ec-2e4f-4eee-898a-117a9fda7016","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1598","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae7e1f5e-2d63-4b38-91ef-bce14151cce3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1599","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0004bbf0-5099-4179-869e-e9ffe5fb0945","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10(1)"]},{"policyDefinitionReferenceId":"ACF1600","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c53f3123-d233-44a7-930b-f40d3bfeb7d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1601","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1602","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ddae2e97-a449-499f-a1c8-aea4a7e52ec9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1603","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b909c26-162f-47ce-8e15-0c1f55632eac","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1604","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44dbba23-0b61-478e-89c7-b3084667782f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1605","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0062eb8b-dc75-4718-8ea5-9bb4a9606655","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(1)"]},{"policyDefinitionReferenceId":"ACF1606","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(2)"]},{"policyDefinitionReferenceId":"ACF1607","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/976a74cf-b192-4d35-8cab-2068f272addb","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(8)"]},{"policyDefinitionReferenceId":"ACF1608","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b73b7b3b-677c-4a2a-b949-ad4dc4acd89f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-12"]},{"policyDefinitionReferenceId":"ACF1609","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e93fa71-42ac-41a7-b177-efbfdc53c69f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-15"]},{"policyDefinitionReferenceId":"ACF1610","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9f3fb54-4222-46a1-a308-4874061f8491","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-15"]},{"policyDefinitionReferenceId":"ACF1611","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-16"]},{"policyDefinitionReferenceId":"ACF1612","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2037b3d-8b04-4171-8610-e6d4f1d08db5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1613","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fe2ad78b-8748-4bff-a924-f74dfca93f30","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1614","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8154e3b3-cc52-40be-9407-7756581d71f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1615","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f35e02aa-0a55-49f8-8811-8abfa7e6f2c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-1"]},{"policyDefinitionReferenceId":"ACF1616","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2006457a-48b3-4f7b-8d2e-1532287f9929","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-1"]},{"policyDefinitionReferenceId":"ACF1617","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a631d8f5-eb81-4f9d-9ee1-74431371e4a3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-2"]},{"policyDefinitionReferenceId":"ACF1618","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f52f89aa-4489-4ec4-950e-8c96a036baa9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-3"]},{"policyDefinitionReferenceId":"ACF1619","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c722e569-cb52-45f3-a643-836547d016e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-4"]},{"policyDefinitionReferenceId":"ACF1620","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d17c826b-1dec-43e1-a984-7b71c446649c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-5"]},{"policyDefinitionReferenceId":"ACF1621","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cb9f731-744a-4691-a481-ca77b0411538","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-6"]},{"policyDefinitionReferenceId":"ACF1622","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ecf56554-164d-499a-8d00-206b07c27bed","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1623","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02ce1b22-412a-4528-8630-c42146f917ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1624","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37d079e3-d6aa-4263-a069-dd7ac6dd9684","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1625","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9b66a4d-70a1-4b47-8fa1-289cec68c605","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(3)"]},{"policyDefinitionReferenceId":"ACF1626","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8f6bddd-6d67-439a-88d4-c5fe39a79341","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1627","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd73310d-76fc-422d-bda4-3a077149f179","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1628","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/67de62b4-a737-4781-8861-3baed3c35069","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1629","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c171b095-7756-41de-8644-a062a96043f2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1630","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3643717a-3897-4bfd-8530-c7c96b26b2a0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1631","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74ae9b8e-e7bb-4c9c-992f-c535282f7a2c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(5)"]},{"policyDefinitionReferenceId":"ACF1632","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ce9073a-77fa-48f0-96b1-87aa8e6091c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(7)"]},{"policyDefinitionReferenceId":"ACF1633","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/07557aa0-e02f-4460-9a81-8ecd2fed601a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(8)"]},{"policyDefinitionReferenceId":"ACF1634","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/292a7c44-37fa-4c68-af7c-9d836955ded2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(10)"]},{"policyDefinitionReferenceId":"ACF1635","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(12)"]},{"policyDefinitionReferenceId":"ACF1636","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7b694eed-7081-43c6-867c-41c76c961043","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(13)"]},{"policyDefinitionReferenceId":"ACF1637","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4075bedc-c62a-4635-bede-a01be89807f3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(18)"]},{"policyDefinitionReferenceId":"ACF1638","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/49b99653-32cd-405d-a135-e7d60a9aae1f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(20)"]},{"policyDefinitionReferenceId":"ACF1639","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/78e8e649-50f6-4fe3-99ac-fedc2e63b03f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(21)"]},{"policyDefinitionReferenceId":"ACF1640","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05a289ce-6a20-4b75-a0f3-dc8601b6acd0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8"]},{"policyDefinitionReferenceId":"ACF1641","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d39d4f68-7346-4133-8841-15318a714a24","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"ACF1642","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53397227-5ee3-4b23-9e5e-c8a767ce6928","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-10"]},{"policyDefinitionReferenceId":"ACF1643","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d8d492c-dd7a-46f7-a723-fa66a425b87c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12"]},{"policyDefinitionReferenceId":"ACF1644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7211477-c970-446b-b4af-062f37461147","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(1)"]},{"policyDefinitionReferenceId":"ACF1645","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/afbd0baf-ff1a-4447-a86f-088a97347c0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(2)"]},{"policyDefinitionReferenceId":"ACF1646","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/506814fa-b930-4b10-894e-a45b98c40e1a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(3)"]},{"policyDefinitionReferenceId":"ACF1647","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/791cfc15-6974-42a0-9f4c-2d4b82f4a78c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-13"]},{"policyDefinitionReferenceId":"ACF1648","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3a9eb14b-495a-4ebb-933c-ce4ef5264e32","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-15"]},{"policyDefinitionReferenceId":"ACF1649","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26d292cc-b0b8-4c29-9337-68abc758bf7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-15"]},{"policyDefinitionReferenceId":"ACF1650","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201d3740-bd16-4baf-b4b8-7cda352228b7","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-17"]},{"policyDefinitionReferenceId":"ACF1651","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6db63528-c9ba-491c-8a80-83e1e6977a50","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1652","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6998e84a-2d29-4e10-8962-76754d4f772d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1653","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1654","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a2ee16e-ab1f-414a-800b-d1608835862b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-19"]},{"policyDefinitionReferenceId":"ACF1655","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/121eab72-390e-4629-a7e2-6d6184f57c6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-19"]},{"policyDefinitionReferenceId":"ACF1656","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1cb067d5-c8b5-4113-a7ee-0a493633924b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-20"]},{"policyDefinitionReferenceId":"ACF1657","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90f01329-a100-43c2-af31-098996135d2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-20"]},{"policyDefinitionReferenceId":"ACF1658","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/063b540e-4bdc-4e7a-a569-3a42ddf22098","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-21"]},{"policyDefinitionReferenceId":"ACF1659","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/35a4102f-a778-4a2e-98c2-971056288df8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-22"]},{"policyDefinitionReferenceId":"ACF1660","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/63096613-ce83-43e5-96f4-e588e8813554","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-23"]},{"policyDefinitionReferenceId":"ACF1661","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c643c9a-1be7-4016-a5e7-e4bada052920","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-23(1)"]},{"policyDefinitionReferenceId":"ACF1662","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/165cb91f-7ea8-4ab7-beaf-8636b98c9d15","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-24"]},{"policyDefinitionReferenceId":"ACF1663","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60171210-6dde-40af-a144-bf2670518bfa","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28"]},{"policyDefinitionReferenceId":"ACF1664","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2cdf6b8-9505-4619-b579-309ba72037ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"ACF1665","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5df3a55c-8456-44d4-941e-175f79332512","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-39"]},{"policyDefinitionReferenceId":"ACF1666","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12e30ee3-61e6-4509-8302-a871e8ebb91e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-1"]},{"policyDefinitionReferenceId":"ACF1667","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d61880dc-6e38-4f2a-a30c-3406a98f8220","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-1"]},{"policyDefinitionReferenceId":"ACF1668","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fb0966e-be1d-42c3-baca-60df5c0bcc61","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1669","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48f2f62b-5743-4415-a143-288adc0e078d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1670","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c6108469-57ee-4666-af7e-79ba61c7ae0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1671","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c5bbef7-a316-415b-9b38-29753ce8e698","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1672","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b45fe972-904e-45a4-ac20-673ba027a301","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(1)"]},{"policyDefinitionReferenceId":"ACF1673","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dff0b90d-5a6f-491c-b2f8-b90aa402d844","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(2)"]},{"policyDefinitionReferenceId":"ACF1674","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93e9e233-dd0a-4bde-aea5-1371bce0e002","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(3)"]},{"policyDefinitionReferenceId":"ACF1675","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/facb66e0-1c48-478a-bed5-747a312323e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(3)"]},{"policyDefinitionReferenceId":"ACF1676","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c10fb58b-56a8-489e-9ce3-7ffe24e78e4b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1677","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4a248e1e-040f-43e5-bff2-afc3a57a3923","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1678","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd533cb0-b416-4be7-8e86-4d154824dfd7","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1679","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2cf42a28-193e-41c5-98df-7688e7ef0a88","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1680","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/399cd6ee-0e18-41db-9dea-cde3bd712f38","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"ACF1681","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12623e7e-4736-4b2e-b776-c1600f35f93a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(2)"]},{"policyDefinitionReferenceId":"ACF1682","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/62b638c5-29d7-404b-8d93-f21e4b1ce198","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(7)"]},{"policyDefinitionReferenceId":"ACF1683","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c79fee4-88dd-44ce-bbd4-4de88948c4f8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1684","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16bfdb59-db38-47a5-88a9-2e9371a638cf","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1685","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36b0ef30-366f-4b1b-8652-a3511df11f53","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1686","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e17085c5-0be8-4423-b39b-a52d3d1402e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1687","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a87fc7f-301e-49f3-ba2a-4d74f424fa97","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1688","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/063c3f09-e0f0-4587-8fd5-f4276fae675f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1689","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/de901f2f-a01a-4456-97f0-33cda7966172","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1690","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2567a23-d1c3-4783-99f3-d471302a4d6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(1)"]},{"policyDefinitionReferenceId":"ACF1691","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/71475fb4-49bd-450b-a1a5-f63894c24725","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(2)"]},{"policyDefinitionReferenceId":"ACF1692","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ecda928-9df4-4dd7-8f44-641a91e470e8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(4)"]},{"policyDefinitionReferenceId":"ACF1693","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a450eba6-2efc-4a00-846a-5804a93c6b77","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(5)"]},{"policyDefinitionReferenceId":"ACF1694","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/426c4ac9-ff17-49d0-acd7-a13c157081c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(11)"]},{"policyDefinitionReferenceId":"ACF1695","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13fcf812-ec82-4eda-9b89-498de9efd620","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(14)"]},{"policyDefinitionReferenceId":"ACF1696","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69d2a238-20ab-4206-a6dc-f302bf88b1b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(16)"]},{"policyDefinitionReferenceId":"ACF1697","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9873db2-18ad-46b3-a11a-1a1f8cbf0335","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(18)"]},{"policyDefinitionReferenceId":"ACF1698","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/31b752c1-05a9-432a-8fce-c39b56550119","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(19)"]},{"policyDefinitionReferenceId":"ACF1699","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69c7bee8-bc19-4129-a51e-65a7b39d3e7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(20)"]},{"policyDefinitionReferenceId":"ACF1700","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(22)"]},{"policyDefinitionReferenceId":"ACF1701","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f25bc08f-27cb-43b6-9a23-014d00700426","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(23)"]},{"policyDefinitionReferenceId":"ACF1702","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4dfc0855-92c4-4641-b155-a55ddd962362","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(24)"]},{"policyDefinitionReferenceId":"ACF1703","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/804faf7d-b687-40f7-9f74-79e28adf4205","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1704","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d44b6fa-1134-4ea6-ad4e-9edb68f65429","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1705","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f82e3639-fa2b-4e06-a786-932d8379b972","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1706","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f475ee0e-f560-4c9b-876b-04a77460a404","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1707","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd4a2ac8-868a-4702-a345-6c896c3361ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5(1)"]},{"policyDefinitionReferenceId":"ACF1708","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a1e2c88-13de-4959-8ee7-47e3d74f1f48","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1709","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/025992d6-7fee-4137-9bbf-2ffc39c0686c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1710","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af2a93c8-e6dd-4c94-acdd-4a2eedfc478e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1711","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b083a535-a66a-41ec-ba7f-f9498bf67cde","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1712","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44e543aa-41db-42aa-98eb-8a5eb1db53f0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7"]},{"policyDefinitionReferenceId":"ACF1713","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d87c70b-5012-48e9-994b-e70dd4b8def0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(1)"]},{"policyDefinitionReferenceId":"ACF1714","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e12494fa-b81e-4080-af71-7dbacc2da0ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(2)"]},{"policyDefinitionReferenceId":"ACF1715","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd469ae0-71a8-4adc-aafc-de6949ca3339","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(5)"]},{"policyDefinitionReferenceId":"ACF1716","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e54c325e-42a0-4dcf-b105-046e0f6f590f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(7)"]},{"policyDefinitionReferenceId":"ACF1717","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(14)"]},{"policyDefinitionReferenceId":"ACF1718","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0dced7ab-9ce5-4137-93aa-14c13e06ab17","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(14)"]},{"policyDefinitionReferenceId":"ACF1719","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c13da9b4-fe14-4fe2-853a-5997c9d4215a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8"]},{"policyDefinitionReferenceId":"ACF1720","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44b9a7cd-f36a-491a-a48b-6d04ae7c4221","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8"]},{"policyDefinitionReferenceId":"ACF1721","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8(1)"]},{"policyDefinitionReferenceId":"ACF1722","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1da06bd-25b6-4127-a301-c313d6873fff","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8(2)"]},{"policyDefinitionReferenceId":"ACF1723","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e91927a0-ac1d-44a0-95f8-5185f9dfce9f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-10"]},{"policyDefinitionReferenceId":"ACF1724","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d07594d1-0307-4c08-94db-5d71ff31f0f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-11"]},{"policyDefinitionReferenceId":"ACF1725","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/afc234b5-456b-4aa5-b3e2-ce89108124cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-11"]},{"policyDefinitionReferenceId":"ACF1726","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/baff1279-05e0-4463-9a70-8ba5de4c7aa4","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-12"]},{"policyDefinitionReferenceId":"ACF1727","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/697175a7-9715-4e89-b98b-c6f605888fa3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-16"]}],"policyDefinitionGroups":[{"name":"NIST_SP_800-53_R4_AC-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-1"},{"name":"NIST_SP_800-53_R4_AC-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-10"},{"name":"NIST_SP_800-53_R4_AC-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-11(1)"},{"name":"NIST_SP_800-53_R4_AC-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-11"},{"name":"NIST_SP_800-53_R4_AC-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-12(1)"},{"name":"NIST_SP_800-53_R4_AC-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-12"},{"name":"NIST_SP_800-53_R4_AC-14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-14"},{"name":"NIST_SP_800-53_R4_AC-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_
+ AC-16"},{"name":"NIST_SP_800-53_R4_AC-17(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(1)"},{"name":"NIST_SP_800-53_R4_AC-17(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(2)"},{"name":"NIST_SP_800-53_R4_AC-17(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(3)"},{"name":"NIST_SP_800-53_R4_AC-17(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(4)"},{"name":"NIST_SP_800-53_R4_AC-17(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(9)"},{"name":"NIST_SP_800-53_R4_AC-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17"},{"name":"NIST_SP_800-53_R4_AC-18(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(1)"},{"name":"NIST_SP_800-53_R4_AC-18(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(3)"},{"name":"NIST_SP_800-53_R4_AC-18(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(4)"},{"name":"NIST_SP_800-53_R4_AC-18(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(5)"},{"name":"NIST_SP_800-53_R4_AC-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18"},{"name":"NIST_SP_800-53_R4_AC-19(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-19(5)"},{"name":"NIST_SP_800-53_R4_AC-19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-19"},{"name":"NIST_SP_800-53_R4_AC-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(1)"},{"name":"NIST_SP_800-53_R4_AC-2(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(10)"},{"name":"NIST_SP_800-53_R4_AC-2(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(11)"},{"name":"NIST_SP_800-53_R4_AC-2(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(12)"},{"name":"NIST_SP_800-53_R4_AC-2(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(13)"},{"name":"NIST_SP_800-53_R4_AC-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(2)"},{"name":"NIST_SP_800-53_R4_AC-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(3)"},{"name":"NIST_SP_800-53_R4_AC-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(4)"},{"name":"NIST_SP_800-53_R4_AC-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(5)"},{"name":"NIST_SP_800-53_R4_AC-2(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(7)"},{"name":"NIST_SP_800-53_R4_AC-2(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(9)"},{"name":"NIST_SP_800-53_R4_AC-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2"},{"name":"NIST_SP_800-53_R4_AC-20(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20(1)"},{"name":"NIST_SP_800-53_R4_AC-20(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20(2)"},{"name":"NIST_SP_800-53_R4_AC-20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20"},{"name":"NIST_SP_800-53_R4_AC-21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-21"},{"name":"NIST_SP_800-53_R4_AC-22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-22"},{"name":"NIST_SP_800-53_R4_AC-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-3"},{"name":"NIST_SP_800-53_R4_AC-4(21)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4(21)"},{"name":"NIST_SP_800-53_R4_AC-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4(8)"},{"name":"NIST_SP_800-53_R4_AC-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4"},{"name":"NIST_SP_800-53_R4_AC-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-5"},{"name":"NIST_SP_800-53_R4_AC-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(1)"},{"name":"NIST_SP_800-53_R4_AC-6(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(10)"},{"name":"NIST_SP_800-53_R4_AC-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(2)"},{"name":"NIST_SP_800-53_R4_AC-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(3)"},{"name":"NIST_SP_800-53_R4_AC-6(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(5)"},{"name":"NIST_SP_800-53_R4_AC-6(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(7)"},{"name":"NIST_SP_800-53_R4_AC-6(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(8)"},{"name":"NIST_SP_800-53_R4_AC-6(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(9)"},{"name":"NIST_SP_800-53_R4_AC-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6"},{"name":"NIST_SP_800-53_R4_AC-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-7(2)"},{"name":"NIST_SP_800-53_R4_AC-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-7"},{"name":"NIST_SP_800-53_R4_AC-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-8"},{"name":"NIST_SP_800-53_R4_AT-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-1"},{"name":"NIST_SP_800-53_R4_AT-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-2(2)"},{"name":"NIST_SP_800-53_R4_AT-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-2"},{"name":"NIST_SP_800-53_R4_AT-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3(3)"},{"name":"NIST_SP_800-53_R4_AT-3(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3(4)"},{"name":"NIST_SP_800-53_R4_AT-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3"},{"name":"NIST_SP_800-53_R4_AT-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-4"},{"name":"NIST_SP_800-53_R4_AU-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-1"},{"name":"NIST_SP_800-53_R4_AU-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-10"},{"name":"NIST_SP_800-53_R4_AU-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-11"},{"name":"NIST_SP_800-53_R4_AU-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12(1)"},{"name":"NIST_SP_800-53_R4_AU-12(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12(3)"},{"name":"NIST_SP_800-53_R4_AU-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12"},{"name":"NIST_SP_800-53_R4_AU-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-2(3)"},{"name":"NIST_SP_800-53_R4_AU-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-2"},{"name":"NIST_SP_800-53_R4_AU-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3(1)"},{"name":"NIST_SP_800-53_R4_AU-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3(2)"},{"name":"NIST_SP_800-53_R4_AU-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3"},{"name":"NIST_SP_800-53_R4_AU-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-4"},{"name":"NIST_SP_800-53_R4_AU-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5(1)"},{"name":"NIST_SP_800-53_R4_AU-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5(2)"},{"name":"NIST_SP_800-53_R4_AU-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5"},{"name":"NIST_SP_800-53_R4_AU-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(1)"},{"name":"NIST_SP_800-53_R4_AU-6(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(10)"},{"name":"NIST_SP_800-53_R4_AU-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(3)"},{"name":"NIST_SP_800-53_R4_AU-6(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(4)"},{"name":"NIST_SP_800-53_R4_AU-6(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(5)"},{"name":"NIST_SP_800-53_R4_AU-6(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(6)"},{"name":"NIST_SP_800-53_R4_AU-6(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(7)"},{"name":"NIST_SP_800-53_R4_AU-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6"},{"name":"NIST_SP_800-53_R4_AU-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-7(1)"},{"name":"NIST_SP_800-53_R4_AU-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-7"},{"name":"NIST_SP_800-53_R4_AU-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-8(1)"},{"name":"NIST_SP_800-53_R4_AU-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-8"},{"name":"NIST_SP_800-53_R4_AU-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(2)"},{"name":"NIST_SP_800-53_R4_AU-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(3)"},{"name":"NIST_SP_800-53_R4_AU-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(4)"},{"name":"NIST_SP_800-53_R4_AU-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9"},{"name":"NIST_SP_800-53_R4_CA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-1"},{"name":"NIST_SP_800-53_R4_CA-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(1)"},{"name":"NIST_SP_800-53_R4_CA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(2)"},{"name":"NIST_SP_800-53_R4_CA-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(3)"},{"name":"NIST_SP_800-53_R4_CA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2"},{"name":"NIST_SP_800-53_R4_CA-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3(3)"},{"name":"NIST_SP_800-53_R4_CA-3(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3(5)"},{"name":"NIST_SP_800-53_R4_CA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3"},{"name":"NIST_SP_800-53_R4_CA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-5"},{"name":"NIST_SP_800-53_R4_CA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-6"},{"name":"NIST_SP_800-53_R4_CA-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7(1)"},{"name":"NIST_SP_800-53_R4_CA-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7(3)"},{"name":"NIST_SP_800-53_R4_CA-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7"},{"name":"NIST_SP_800-53_R4_CA-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-8(1)"},{"name":"NIST_SP_800-53_R4_CA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-8"},{"name":"NIST_SP_800-53_R4_CA-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-9"},{"name":"NIST_SP_800-53_R4_CM-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-1"},{"name":"NIST_SP_800-53_R4_CM-10(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-10(1)"},{"name":"NIST_SP_800-53_R4_CM-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-10"},{"name":"NIST_SP_800-53_R4_CM-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-11(1)"},{"name":"NIST_SP_800-53_R4_CM-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-11"},{"name":"NIST_SP_800-53_R4_CM-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(1)"},{"name":"NIST_SP_800-53_R4_CM-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(2)"},{"name":"NIST_SP_800-53_R4_CM-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(3)"},{"name":"NIST_SP_800-53_R4_CM-2(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(7)"},{"name":"NIST_SP_800-53_R4_CM-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2"},{"name":"NIST_SP_800-53_R4_CM-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(1)"},{"name":"NIST_SP_800-53_R4_CM-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(2)"},{"name":"NIST_SP_800-53_R4_CM-3(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(4)"},{"name":"NIST_SP_800-53_R4_CM-3(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(6)"},{"name":"NIST_SP_800-53_R4_CM-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3"},{"name":"NIST_SP_800-53_R4_CM-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-4(1)"},{"name":"NIST_SP_800-53_R4_CM-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-4"},{"name":"NIST_SP_800-53_R4_CM-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(1)"},{"name":"NIST_SP_800-53_R4_CM-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(2)"},{"name":"NIST_SP_800-53_R4_CM-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(3)"},{"name":"NIST_SP_800-53_R4_CM-5(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(5)"},{"name":"NIST_SP_800-53_R4_CM-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5"},{"name":"NIST_SP_800-53_R4_CM-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6(1)"},{"name":"NIST_SP_800-53_R4_CM-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6(2)"},{"name":"NIST_SP_800-53_R4_CM-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6"},{"name":"NIST_SP_800-53_R4_CM-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(1)"},{"name":"NIST_SP_800-53_R4_CM-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(2)"},{"name":"NIST_SP_800-53_R4_CM-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(5)"},{"name":"NIST_SP_800-53_R4_CM-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7"},{"name":"NIST_SP_800-53_R4_CM-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(1)"},{"name":"NIST_SP_800-53_R4_CM-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(2)"},{"name":"NIST_SP_800-53_R4_CM-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(3)"},{"name":"NIST_SP_800-53_R4_CM-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(4)"},{"name":"NIST_SP_800-53_R4_CM-8(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(5)"},{"name":"NIST_SP_800-53_R4_CM-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8"},{"name":"NIST_SP_800-53_R4_CM-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-9"},{"name":"NIST_SP_800-53_R4_CP-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-1"},{"name":"NIST_SP_800-53_R4_CP-10(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10(2)"},{"name":"NIST_SP_800-53_R4_CP-10(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10(4)"},{"name":"NIST_SP_800-53_R4_CP-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10"},{"name":"NIST_SP_800-53_R4_CP-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(1)"},{"name":"NIST_SP_800-53_R4_CP-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(2)"},{"name":"NIST_SP_800-53_R4_CP-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(3)"},{"name":"NIST_SP_800-53_R4_CP-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(4)"},{"name":"NIST_SP_800-53_R4_CP-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(5)"},{"name":"NIST_SP_800-53_R4_CP-2(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(8)"},{"name":"NIST_SP_800-53_R4_CP-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2"},{"name":"NIST_SP_800-53_R4_CP-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-3(1)"},{"name":"NIST_SP_800-53_R4_CP-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-3"},{"name":"NIST_SP_800-53_R4_CP-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4(1)"},{"name":"NIST_SP_800-53_R4_CP-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4(2)"},{"name":"NIST_SP_800-53_R4_CP-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4"},{"name":"NIST_SP_800-53_R4_CP-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(1)"},{"name":"NIST_SP_800-53_R4_CP-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(2)"},{"name":"NIST_SP_800-53_R4_CP-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(3)"},{"name":"NIST_SP_800-53_R4_CP-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6"},{"name":"NIST_SP_800-53_R4_CP-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(1)"},{"name":"NIST_SP_800-53_R4_CP-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(2)"},{"name":"NIST_SP_800-53_R4_CP-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(3)"},{"name":"NIST_SP_800-53_R4_CP-7(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(4)"},{"name":"NIST_SP_800-53_R4_CP-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7"},{"name":"NIST_SP_800-53_R4_CP-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(1)"},{"name":"NIST_SP_800-53_R4_CP-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(2)"},{"name":"NIST_SP_800-53_R4_CP-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(3)"},{"name":"NIST_SP_800-53_R4_CP-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(4)"},{"name":"NIST_SP_800-53_R4_CP-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8"},{"name":"NIST_SP_800-53_R4_CP-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(1)"},{"name":"NIST_SP_800-53_R4_CP-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(2)"},{"name":"NIST_SP_800-53_R4_CP-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(3)"},{"name":"NIST_SP_800-53_R4_CP-9(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(5)"},{"name":"NIST_SP_800-53_R4_CP-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9"},{"name":"NIST_SP_800-53_R4_IA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-1"},{"name":"NIST_SP_800-53_R4_IA-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(1)"},{"name":"NIST_SP_800-53_R4_IA-2(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(11)"},{"name":"NIST_SP_800-53_R4_IA-2(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(12)"},{"name":"NIST_SP_800-53_R4_IA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(2)"},{"name":"NIST_SP_800-53_R4_IA-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(3)"},{"name":"NIST_SP_800-53_R4_IA-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(4)"},{"name":"NIST_SP_800-53_R4_IA-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(5)"},{"name":"NIST_SP_800-53_R4_IA-2(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(8)"},{"name":"NIST_SP_800-53_R4_IA-2(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(9)"},{"name":"NIST_SP_800-53_R4_IA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2"},{"name":"NIST_SP_800-53_R4_IA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-3"},{"name":"NIST_SP_800-53_R4_IA-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-4(4)"},{"name":"NIST_SP_800-53_R4_IA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-4"},{"name":"NIST_SP_800-53_R4_IA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(1)"},{"name":"NIST_SP_800-53_R4_IA-5(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(11)"},{"name":"NIST_SP_800-53_R4_IA-5(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(13)"},{"name":"NIST_SP_800-53_R4_IA-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(2)"},{"name":"NIST_SP_800-53_R4_IA-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(3)"},{"name":"NIST_SP_800-53_R4_IA-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(4)"},{"name":"NIST_SP_800-53_R4_IA-5(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(6)"},{"name":"NIST_SP_800-53_R4_IA-5(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(7)"},{"name":"NIST_SP_800-53_R4_IA-5(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(8)"},{"name":"NIST_SP_800-53_R4_IA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5"},{"name":"NIST_SP_800-53_R4_IA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-6"},{"name":"NIST_SP_800-53_R4_IA-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-7"},{"name":"NIST_SP_800-53_R4_IA-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(1)"},{"name":"NIST_SP_800-53_R4_IA-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(2)"},{"name":"NIST_SP_800-53_R4_IA-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(3)"},{"name":"NIST_SP_800-53_R4_IA-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(4)"},{"name":"NIST_SP_800-53_R4_IA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8"},{"name":"NIST_SP_800-53_R4_IR-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-1"},{"name":"NIST_SP_800-53_R4_IR-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2(1)"},{"name":"NIST_SP_800-53_R4_IR-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2(2)"},{"name":"NIST_SP_800-53_R4_IR-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2"},{"name":"NIST_SP_800-53_R4_IR-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-3(2)"},{"name":"NIST_SP_800-53_R4_IR-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-3"},{"name":"NIST_SP_800-53_R4_IR-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(1)"},{"name":"NIST_SP_800-53_R4_IR-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(2)"},{"name":"NIST_SP_800-53_R4_IR-4(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(3)"},{"name":"NIST_SP_800-53_R4_IR-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(4)"},{"name":"NIST_SP_800-53_R4_IR-4(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(6)"},{"name":"NIST_SP_800-53_R4_IR-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(8)"},{"name":"NIST_SP_800-53_R4_IR-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4"},{"name":"NIST_SP_800-53_R4_IR-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-5(1)"},{"name":"NIST_SP_800-53_R4_IR-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-5"},{"name":"NIST_SP_800-53_R4_IR-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-6(1)"},{"name":"NIST_SP_800-53_R4_IR-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-6"},{"name":"NIST_SP_800-53_R4_IR-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7(1)"},{"name":"NIST_SP_800-53_R4_IR-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7(2)"},{"name":"NIST_SP_800-53_R4_IR-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7"},{"name":"NIST_SP_800-53_R4_IR-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-8"},{"name":"NIST_SP_800-53_R4_IR-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(1)"},{"name":"NIST_SP_800-53_R4_IR-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(2)"},{"name":"NIST_SP_800-53_R4_IR-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(3)"},{"name":"NIST_SP_800-53_R4_IR-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(4)"},{"name":"NIST_SP_800-53_R4_IR-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9"},{"name":"NIST_SP_800-53_R4_MA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-1"},{"name":"NIST_SP_800-53_R4_MA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-2(2)"},{"name":"NIST_SP_800-53_R4_MA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-2"},{"name":"NIST_SP_800-53_R4_MA-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(1)"},{"name":"NIST_SP_800-53_R4_MA-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(2)"},{"name":"NIST_SP_800-53_R4_MA-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(3)"},{"name":"NIST_SP_800-53_R4_MA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3"},{"name":"NIST_SP_800-53_R4_MA-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(2)"},{"name":"NIST_SP_800-53_R4_MA-4(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(3)"},{"name":"NIST_SP_800-53_R4_MA-4(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(6)"},{"name":"NIST_SP_800-53_R4_MA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4"},{"name":"NIST_SP_800-53_R4_MA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-5(1)"},{"name":"NIST_SP_800-53_R4_MA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-5"},{"name":"NIST_SP_800-53_R4_MA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-6"},{"name":"NIST_SP_800-53_R4_MP-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-1"},{"name":"NIST_SP_800-53_R4_MP-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-2"},{"name":"NIST_SP_800-53_R4_MP-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-3"},{"name":"NIST_SP_800-53_R4_MP-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-4"},{"name":"NIST_SP_800-53_R4_MP-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-5(4)"},{"name":"NIST_SP_800-53_R4_MP-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-5"},{"name":"NIST_SP_800-53_R4_MP-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(1)"},{"name":"NIST_SP_800-53_R4_MP-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(2)"},{"name":"NIST_SP_800-53_R4_MP-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(3)"},{"name":"NIST_SP_800-53_R4_MP-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6"},{"name":"NIST_SP_800-53_R4_MP-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-7(1)"},{"name":"NIST_SP_800-53_R4_MP-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-7"},{"name":"NIST_SP_800-53_R4_PE-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-1"},{"name":"NIST_SP_800-53_R4_PE-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-10"},{"name":"NIST_SP_800-53_R4_PE-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-11(1)"},{"name":"NIST_SP_800-53_R4_PE-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-11"},{"name":"NIST_SP_800-53_R4_PE-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-12"},{"name":"NIST_SP_800-53_R4_PE-13(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(1)"},{"name":"NIST_SP_800-53_R4_PE-13(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(2)"},{"name":"NIST_SP_800-53_R4_PE-13(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(3)"},{"name":"NIST_SP_800-53_R4_PE-13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13"},{"name":"NIST_SP_800-53_R4_PE-14(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-14(2)"},{"name":"NIST_SP_800-53_R4_PE-14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-14"},{"name":"NIST_SP_800-53_R4_PE-15(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-15(1)"},{"name":"NIST_SP_800-53_R4_PE-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-15"},{"name":"NIST_SP_800-53_R4_PE-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-16"},{"name":"NIST_SP_800-53_R4_PE-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-17"},{"name":"NIST_SP_800-53_R4_PE-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-18"},{"name":"NIST_SP_800-53_R4_PE-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-2"},{"name":"NIST_SP_800-53_R4_PE-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-3(1)"},{"name":"NIST_SP_800-53_R4_PE-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-3"},{"name":"NIST_SP_800-53_R4_PE-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-4"},{"name":"NIST_SP_800-53_R4_PE-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-5"},{"name":"NIST_SP_800-53_R4_PE-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6(1)"},{"name":"NIST_SP_800-53_R4_PE-6(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6(4)"},{"name":"NIST_SP_800-53_R4_PE-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6"},{"name":"NIST_SP_800-53_R4_PE-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-8(1)"},{"name":"NIST_SP_800-53_R4_PE-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-8"},{"name":"NIST_SP_800-53_R4_PE-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-9"},{"name":"NIST_SP_800-53_R4_PL-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-1"},{"name":"NIST_SP_800-53_R4_PL-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-2(3)"},{"name":"NIST_SP_800-53_R4_PL-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-2"},{"name":"NIST_SP_800-53_R4_PL-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-4(1)"},{"name":"NIST_SP_800-53_R4_PL-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-4"},{"name":"NIST_SP_800-53_R4_PL-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-8"},{"name":"NIST_SP_800-53_R4_PS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-1"},{"name":"NIST_SP_800-53_R4_PS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-2"},{"name":"NIST_SP_800-53_R4_PS-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-3(3)"},{"name":"NIST_SP_800-53_R4_PS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-3"},{"name":"NIST_SP_800-53_R4_PS-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-4(2)"},{"name":"NIST_SP_800-53_R4_PS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-4"},{"name":"NIST_SP_800-53_R4_PS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-5"},{"name":"NIST_SP_800-53_R4_PS-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-6"},{"name":"NIST_SP_800-53_R4_PS-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-7"},{"name":"NIST_SP_800-53_R4_PS-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-8"},{"name":"NIST_SP_800-53_R4_RA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-1"},{"name":"NIST_SP_800-53_R4_RA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-2"},{"name":"NIST_SP_800-53_R4_RA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-3"},{"name":"NIST_SP_800-53_R4_RA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(1)"},{"name":"NIST_SP_800-53_R4_RA-5(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(10)"},{"name":"NIST_SP_800-53_R4_RA-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(2)"},{"name":"NIST_SP_800-53_R4_RA-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(3)"},{"name":"NIST_SP_800-53_R4_RA-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(4)"},{"name":"NIST_SP_800-53_R4_RA-5(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(5)"},{"name":"NIST_SP_800-53_R4_RA-5(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(6)"},{"name":"NIST_SP_800-53_R4_RA-5(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(8)"},{"name":"NIST_SP_800-53_R4_RA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5"},{"name":"NIST_SP_800-53_R4_SA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-1"},{"name":"NIST_SP_800-53_R4_SA-10(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-10(1)"},{"name":"NIST_SP_800-53_R4_SA-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-10"},{"name":"NIST_SP_800-53_R4_SA-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(1)"},{"name":"NIST_SP_800-53_R4_SA-11(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(2)"},{"name":"NIST_SP_800-53_R4_SA-11(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(8)"},{"name":"NIST_SP_800-53_R4_SA-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11"},{"name":"NIST_SP_800-53_R4_SA-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-12"},{"name":"NIST_SP_800-53_R4_SA-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-15"},{"name":"NIST_SP_800-53_R4_SA-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-16"},{"name":"NIST_SP_800-53_R4_SA-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-17"},{"name":"NIST_SP_800-53_R4_SA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-2"},{"name":"NIST_SP_800-53_R4_SA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-3"},{"name":"NIST_SP_800-53_R4_SA-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(1)"},{"name":"NIST_SP_800-53_R4_SA-4(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(10)"},{"name":"NIST_SP_800-53_R4_SA-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(2)"},{"name":"NIST_SP_800-53_R4_SA-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(8)"},{"name":"NIST_SP_800-53_R4_SA-4(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(9)"},{"name":"NIST_SP_800-53_R4_SA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4"},{"name":"NIST_SP_800-53_R4_SA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-5"},{"name":"NIST_SP_800-53_R4_SA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-8"},{"name":"NIST_SP_800-53_R4_SA-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(1)"},{"name":"NIST_SP_800-53_R4_SA-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(2)"},{"name":"NIST_SP_800-53_R4_SA-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(4)"},{"name":"NIST_SP_800-53_R4_SA-9(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(5)"},{"name":"NIST_SP_800-53_R4_SA-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9"},{"name":"NIST_SP_800-53_R4_SC-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-1"},{"name":"NIST_SP_800-53_R4_SC-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-10"},{"name":"NIST_SP_800-53_R4_SC-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(1)"},{"name":"NIST_SP_800-53_R4_SC-12(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(2)"},{"name":"NIST_SP_800-53_R4_SC-12(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(3)"},{"name":"NIST_SP_800-53_R4_SC-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12"},{"name":"NIST_SP_800-53_R4_SC-13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-13"},{"name":"NIST_SP_800-53_R4_SC-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-15"},{"name":"NIST_SP_800-53_R4_SC-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-17"},{"name":"NIST_SP_800-53_R4_SC-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-18"},{"name":"NIST_SP_800-53_R4_SC-19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-19"},{"name":"NIST_SP_800-53_R4_SC-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-2"},{"name":"NIST_SP_800-53_R4_SC-20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-20"},{"name":"NIST_SP_800-53_R4_SC-21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-21"},{"name":"NIST_SP_800-53_R4_SC-22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-22"},{"name":"NIST_SP_800-53_R4_SC-23(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-23(1)"},{"name":"NIST_SP_800-53_R4_SC-23","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-23"},{"name":"NIST_SP_800-53_R4_SC-24","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-24"},{"name":"NIST_SP_800-53_R4_SC-28(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-28(1)"},{"name":"NIST_SP_800-53_R4_SC-28","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-28"},{"name":"NIST_SP_800-53_R4_SC-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-3"},{"name":"NIST_SP_800-53_R4_SC-39","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-39"},{"name":"NIST_SP_800-53_R4_SC-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-4"},{"name":"NIST_SP_800-53_R4_SC-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-5"},{"name":"NIST_SP_800-53_R4_SC-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-6"},{"name":"NIST_SP_800-53_R4_SC-7(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(10)"},{"name":"NIST_SP_800-53_R4_SC-7(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(12)"},{"name":"NIST_SP_800-53_R4_SC-7(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(13)"},{"name":"NIST_SP_800-53_R4_SC-7(18)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(18)"},{"name":"NIST_SP_800-53_R4_SC-7(20)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(20)"},{"name":"NIST_SP_800-53_R4_SC-7(21)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(21)"},{"name":"NIST_SP_800-53_R4_SC-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(3)"},{"name":"NIST_SP_800-53_R4_SC-7(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(4)"},{"name":"NIST_SP_800-53_R4_SC-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(5)"},{"name":"NIST_SP_800-53_R4_SC-7(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(7)"},{"name":"NIST_SP_800-53_R4_SC-7(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(8)"},{"name":"NIST_SP_800-53_R4_SC-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7"},{"name":"NIST_SP_800-53_R4_SC-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-8(1)"},{"name":"NIST_SP_800-53_R4_SC-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-8"},{"name":"NIST_SP_800-53_R4_SI-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-1"},{"name":"NIST_SP_800-53_R4_SI-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-10"},{"name":"NIST_SP_800-53_R4_SI-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-11"},{"name":"NIST_SP_800-53_R4_SI-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-12"},{"name":"NIST_SP_800-53_R4_SI-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-16"},{"name":"NIST_SP_800-53_R4_SI-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(1)"},{"name":"NIST_SP_800-53_R4_SI-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(2)"},{"name":"NIST_SP_800-53_R4_SI-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(3)"},{"name":"NIST_SP_800-53_R4_SI-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2"},{"name":"NIST_SP_800-53_R4_SI-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(1)"},{"name":"NIST_SP_800-53_R4_SI-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(2)"},{"name":"NIST_SP_800-53_R4_SI-3(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(7)"},{"name":"NIST_SP_800-53_R4_SI-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3"},{"name":"NIST_SP_800-53_R4_SI-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(1)"},{"name":"NIST_SP_800-53_R4_SI-4(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(11)"},{"name":"NIST_SP_800-53_R4_SI-4(14)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(14)"},{"name":"NIST_SP_800-53_R4_SI-4(16)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(16)"},{"name":"NIST_SP_800-53_R4_SI-4(18)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(18)"},{"name":"NIST_SP_800-53_R4_SI-4(19)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(19)"},{"name":"NIST_SP_800-53_R4_SI-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(2)"},{"name":"NIST_SP_800-53_R4_SI-4(20)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(20)"},{"name":"NIST_SP_800-53_R4_SI-4(22)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(22)"},{"name":"NIST_SP_800-53_R4_SI-4(23)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(23)"},{"name":"NIST_SP_800-53_R4_SI-4(24)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(24)"},{"name":"NIST_SP_800-53_R4_SI-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(4)"},{"name":"NIST_SP_800-53_R4_SI-4(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(5)"},{"name":"NIST_SP_800-53_R4_SI-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4"},{"name":"NIST_SP_800-53_R4_SI-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-5(1)"},{"name":"NIST_SP_800-53_R4_SI-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-5"},{"name":"NIST_SP_800-53_R4_SI-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-6"},{"name":"NIST_SP_800-53_R4_SI-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(1)"},{"name":"NIST_SP_800-53_R4_SI-7(14)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(14)"},{"name":"NIST_SP_800-53_R4_SI-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(2)"},{"name":"NIST_SP_800-53_R4_SI-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(5)"},{"name":"NIST_SP_800-53_R4_SI-7(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(7)"},{"name":"NIST_SP_800-53_R4_SI-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7"},{"name":"NIST_SP_800-53_R4_SI-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8(1)"},{"name":"NIST_SP_800-53_R4_SI-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8(2)"},{"name":"NIST_SP_800-53_R4_SI-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f","type":"Microsoft.Authorization/policySetDefinitions","name":"cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f"},{"properties":{"displayName":"[Preview]:
+ Audit FedRAMP High controls and deploy specific VM Extensions to support audit
+ requirements","policyType":"BuiltIn","description":"This initiative includes
+ audit and VM Extension deployment policies that address a subset of FedRAMP
+ H controls. Additional policies will be added in upcoming releases. For more
+ information, please visit https://aka.ms/fedramph-blueprint.","metadata":{"category":"Regulatory
+ Compliance","preview":true},"parameters":{"listOfAllowedLocationsForResourcesAndResourceGroups":{"type":"Array","metadata":{"displayName":"Allowed
+ locations for resources and resource groups","description":"This policy enables
+ you to restrict the locations your organization can create resource groups
+ in or deploy resources. Use to enforce your geo-compliance requirements. Excludes
+ resource groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources
+ that use the ''global'' region.","strongType":"location"}},"membersToIncludeInAdministratorsLocalGroup":{"type":"String","metadata":{"displayName":"Members
+ to be included in the Administrators local group","description":"A semicolon-separated
+ list of members that should be included in the Administrators local group.
+ Ex: Administrator; myUser1; myUser2"}},"membersToExcludeInAdministratorsLocalGroup":{"type":"String","metadata":{"displayName":"Members
+ that should be excluded in the Administrators local group","description":"A
+ semicolon-separated list of members that should be excluded in the Administrators
+ local group. Ex: Administrator; myUser1; myUser2"}},"logAnalyticsWorkspaceIdForVMs":{"type":"String","metadata":{"displayName":"Log
+ Analytics Workspace Id that VMs should be configured for","description":"This
+ is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured
+ for."}},"listOfResourceTypes":{"type":"Array","metadata":{"displayName":"List
+ of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerability
+ assessment should be enabled on your SQL managed instances","description":"Audit
+ SQL managed instances which do not have recurring vulnerability assessment
+ scans enabled. Vulnerability assessment can discover, track, and help you
+ remediate potential database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vulnerabilityAssessmentOnServerMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerability
+ assessment should be enabled on your SQL servers","description":"Audit Azure
+ SQL servers which do not have recurring vulnerability assessment scans enabled.
+ Vulnerability assessment can discover, track, and help you remediate potential
+ database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vulnerabilityAssessmentOnVirtualMachinesEffect":{"type":"String","metadata":{"displayName":"Vulnerability
+ Assessment should be enabled on Virtual Machines","description":"Monitors
+ vulnerabilities detected by Azure Security Center Vulnerability Assessment
+ on Virtual Machines"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"geoRedundancyEnabledForStorageAccountsEffect":{"type":"String","metadata":{"displayName":"Geo-redundant
+ storage should be enabled for Storage Accounts","description":"This policy
+ audits any Storage Account with geo-redundant storage not enabled."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"geoRedundancyEnabledForAzureDatabaseForMariaDBEffect":{"type":"String","metadata":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for MariaDB","description":"This
+ policy audits any Azure Database for MariaDB with geo-redundant backup not
+ enabled."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"geoRedundancyEnabledForAzureDatabaseForMySQLEffect":{"type":"String","metadata":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for MySQL","description":"This
+ policy audits any Azure Database for MySQL with geo-redundant backup not enabled."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"geoRedundancyEnabledForAzureDatabaseForPostgreSQLEffect":{"type":"String","metadata":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for PostgreSQL","description":"This
+ policy audits any Azure Database for PostgreSQL with geo-redundant backup
+ not enabled."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"adaptiveNetworkHardeningsMonitoringEffect":{"type":"String","metadata":{"displayName":"Network
+ Security Group Rules for Internet facing virtual machines should be hardened","description":"Enable
+ or disable the monitoring of Internet-facing virtual machines for Network
+ Security Group traffic hardening recommendations"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppEnforceHttpsMonitoringEffect":{"type":"String","metadata":{"displayName":"Web
+ Application should only be accessible over HTTPS","description":"Enable or
+ disable the monitoring of the use of HTTPS in Web App"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"functionAppEnforceHttpsMonitoringEffect":{"type":"String","metadata":{"displayName":"Function
+ App should only be accessible over HTTPS","description":"Enable or disable
+ the monitoring of the use of HTTPS in function App"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"External
+ accounts with write permissions should be removed from your subscription","description":"Enable
+ or disable the monitoring of external acounts with write permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"External
+ accounts with read permissions should be removed from your subscription","description":"Enable
+ or disable the monitoring of external acounts with read permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"External
+ accounts with owner permissions should be removed from your subscription","description":"Enable
+ or disable the monitoring of external acounts with owner permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"Deprecated
+ accounts with owner permissions should be removed from your subscription","description":"Enable
+ or disable the monitoring of deprecated acounts with owner permissions in
+ subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveDeprecatedAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Deprecated
+ accounts should be removed from your subscription","description":"Enable or
+ disable the monitoring of deprecated acounts in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppRestrictCORSAccessMonitoringEffect":{"type":"String","metadata":{"displayName":"CORS
+ should not allow every resource to access your Web Application","description":"Enable
+ or disable the monitoring of CORS restrictions for API Web"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vmssSystemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"System
+ updates on virtual machine scale sets should be installed","description":"Enable
+ or disable virtual machine scale sets reporting of system updates"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForReadPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled on accounts with read permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with read permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled on accounts with owner permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with owner permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForWritePermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled accounts with write permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with write permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect":{"type":"String","metadata":{"displayName":"Long-term
+ geo-redundant backup should be enabled for Azure SQL Databases","description":"This
+ policy audits any Azure SQL Database with long-term geo-redundant backup not
+ enabled."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"previewMonitorUnprotectedWebApplicationInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"deployRequirementsToAuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{}},{"policyDefinitionReferenceId":"auditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"auditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"serviceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"auditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"transparentDataEncryptionOnSqlDatabasesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"auditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{}},{"policyDefinitionReferenceId":"auditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a","parameters":{}},{"policyDefinitionReferenceId":"auditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de","parameters":{}},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"auditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"auditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"anAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesShouldBeRemediatedByAVulnerabilityAssessmentSolution","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"diskEncryptionShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesOnYourSqlDatabasesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"justInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"systemUpdatesShouldBeInstalledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"monitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmShouldNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditLinuxVmPasswdFilePermissions","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"endpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"previewShowAuditResultsFromWindowsVMsThatDoNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatAllowReUseOfThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLinuxVMsThatHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"dDoSProtectionStandardShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"thereShouldBeMoreThanOneOwnerAssignedToYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"aMaximumOf3OwnersShouldBeDesignatedForYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsAgentDeploymentInVmssVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsAgentDeploymentVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"apiAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"VulnerabilityAssessmentshouldbeenabledonVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnVirtualMachinesEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantStorageShouldBeEnabledForStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf045164-79ba-4215-8f95-f8048dc1780b","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForStorageAccountsEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMariaDB","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForMariaDBEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMySQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForMySQLEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgreSQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForPostgreSQLEffect'')]"}}},{"policyDefinitionReferenceId":"allowedLocationsForResourceGroups","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988","parameters":{"listOfAllowedLocations":{"value":"[parameters(''listOfAllowedLocationsForResourcesAndResourceGroups'')]"}}},{"policyDefinitionReferenceId":"allowedLocationsForResources","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","parameters":{"listOfAllowedLocations":{"value":"[parameters(''listOfAllowedLocationsForResourcesAndResourceGroups'')]"}}},{"policyDefinitionReferenceId":"deployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","parameters":{"membersToInclude":{"value":"[parameters(''membersToIncludeInAdministratorsLocalGroup'')]"}}},{"policyDefinitionReferenceId":"DeployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","parameters":{"membersToExclude":{"value":"[parameters(''membersToExcludeInAdministratorsLocalGroup'')]"}}},{"policyDefinitionReferenceId":"auditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdForVMs'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"longtermGeoRedundantBackupEnabledAzureSQLDatabases","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","parameters":{"effect":{"value":"[parameters(''longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/d5264498-16f4-418a-b659-fa7ef418175f","type":"Microsoft.Authorization/policySetDefinitions","name":"d5264498-16f4-418a-b659-fa7ef418175f"},{"properties":{"displayName":"[Preview]:
Audit Windows VMs that do not match Azure security baseline settings","policyType":"BuiltIn","description":"This
initiative deploys the policy requirements and audits Windows virtual machines
with non-compliant Azure security baseline configurations. For more information
@@ -2740,11 +3250,11 @@ interactions:
cache-control:
- no-cache
content-length:
- - '338561'
+ - '644482'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:16:38 GMT
+ - Fri, 06 Dec 2019 22:29:18 GMT
expires:
- '-1'
pragma:
@@ -2763,9 +3273,9 @@ interactions:
- request:
body: '{"properties": {"displayName": "test_policyset000008_new", "description":
"desc_for_test_policyset_123_new", "parameters": {"allowedLocations": {"type":
- "array", "metadata": {"description": "The list of locations that can be specified
- when deploying resources", "strongType": "location", "displayName": "Allowed
- locations"}}}, "policyDefinitions": [{"policyDefinitionId": "/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003",
+ "array", "metadata": {"displayName": "Allowed locations", "description": "The
+ list of locations that can be specified when deploying resources"}}}, "policyDefinitions":
+ [{"policyDefinitionId": "/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003",
"parameters": {"allowedLocations": {"value": "[parameters(''allowedLocations'')]"}}},
{"policyDefinitionId": "/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005"}]}}'
headers:
@@ -2778,32 +3288,32 @@ interactions:
Connection:
- keep-alive
Content-Length:
- - '813'
+ - '787'
Content-Type:
- application/json; charset=utf-8
ParameterSetName:
- -n --definitions --display-name --description --params --management-group
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
- uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policyset000008_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","createdOn":"2019-10-21T05:16:40.7378837Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"11341061792879908148","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","parameters":{"allowedLocations":{"value":"[parameters(''allowedLocations'')]"}}},{"policyDefinitionReferenceId":"15249318553143829863","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005"}]},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000007"}'
+ string: '{"properties":{"displayName":"test_policyset000008_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T22:29:23.4883894Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ locations","description":"The list of locations that can be specified when
+ deploying resources"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"17701587874268270587","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","parameters":{"allowedLocations":{"value":"[parameters(''allowedLocations'')]"}}},{"policyDefinitionReferenceId":"8821142183218087599","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005"}]},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000007"}'
headers:
cache-control:
- no-cache
content-length:
- - '1325'
+ - '1300'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:16:40 GMT
+ - Fri, 06 Dec 2019 22:29:23 GMT
expires:
- '-1'
pragma:
@@ -2813,7 +3323,7 @@ interactions:
x-content-type-options:
- nosniff
x-ms-ratelimit-remaining-tenant-writes:
- - '1198'
+ - '1199'
status:
code: 201
message: Created
@@ -2831,26 +3341,26 @@ interactions:
ParameterSetName:
- -n --params --management-group
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policyset000008_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","createdOn":"2019-10-21T05:16:40.7378837Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"11341061792879908148","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","parameters":{"allowedLocations":{"value":"[parameters(''allowedLocations'')]"}}},{"policyDefinitionReferenceId":"15249318553143829863","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005"}]},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000007"}'
+ string: '{"properties":{"displayName":"test_policyset000008_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T22:29:23.4883894Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ locations","description":"The list of locations that can be specified when
+ deploying resources"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"17701587874268270587","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","parameters":{"allowedLocations":{"value":"[parameters(''allowedLocations'')]"}}},{"policyDefinitionReferenceId":"8821142183218087599","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005"}]},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000007"}'
headers:
cache-control:
- no-cache
content-length:
- - '1325'
+ - '1300'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:16:41 GMT
+ - Fri, 06 Dec 2019 22:29:23 GMT
expires:
- '-1'
pragma:
@@ -2871,8 +3381,10 @@ interactions:
"desc_for_test_policyset_123_new", "parameters": {"allowedLocations": {"type":
"array", "metadata": {"displayName": "Allowed locations 2"}}}, "policyDefinitions":
[{"policyDefinitionId": "/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003",
- "parameters": {"allowedLocations": {"value": "[parameters(''allowedLocations'')]"}}},
- {"policyDefinitionId": "/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005"}]}}'
+ "parameters": {"allowedLocations": {"value": "[parameters(''allowedLocations'')]"}},
+ "policyDefinitionReferenceId": "17701587874268270587"}, {"policyDefinitionId":
+ "/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005",
+ "policyDefinitionReferenceId": "8821142183218087599"}]}}'
headers:
Accept:
- application/json
@@ -2883,31 +3395,31 @@ interactions:
Connection:
- keep-alive
Content-Length:
- - '702'
+ - '811'
Content-Type:
- application/json; charset=utf-8
ParameterSetName:
- -n --params --management-group
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
- uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policyset000008_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","createdOn":"2019-10-21T05:16:40.7378837Z","updatedBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","updatedOn":"2019-10-21T05:16:42.3370451Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
- locations 2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"11341061792879908148","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","parameters":{"allowedLocations":{"value":"[parameters(''allowedLocations'')]"}}},{"policyDefinitionReferenceId":"15249318553143829863","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005"}]},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000007"}'
+ string: '{"properties":{"displayName":"test_policyset000008_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T22:29:23.4883894Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T22:29:27.5354895Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ locations 2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"17701587874268270587","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","parameters":{"allowedLocations":{"value":"[parameters(''allowedLocations'')]"}}},{"policyDefinitionReferenceId":"8821142183218087599","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005"}]},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000007"}'
headers:
cache-control:
- no-cache
content-length:
- - '1278'
+ - '1277'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:16:41 GMT
+ - Fri, 06 Dec 2019 22:29:26 GMT
expires:
- '-1'
pragma:
@@ -2941,25 +3453,25 @@ interactions:
ParameterSetName:
- -n --management-group
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: DELETE
- uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policyset000008_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","createdOn":"2019-10-21T05:16:40.7378837Z","updatedBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","updatedOn":"2019-10-21T05:16:42.3370451Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
- locations 2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"11341061792879908148","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","parameters":{"allowedLocations":{"value":"[parameters(''allowedLocations'')]"}}},{"policyDefinitionReferenceId":"15249318553143829863","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005"}]},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000007"}'
+ string: '{"properties":{"displayName":"test_policyset000008_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T22:29:23.4883894Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T22:29:27.5354895Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ locations 2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"17701587874268270587","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","parameters":{"allowedLocations":{"value":"[parameters(''allowedLocations'')]"}}},{"policyDefinitionReferenceId":"8821142183218087599","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005"}]},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000007","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000007"}'
headers:
cache-control:
- no-cache
content-length:
- - '1278'
+ - '1277'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:16:43 GMT
+ - Fri, 06 Dec 2019 22:29:29 GMT
expires:
- '-1'
pragma:
@@ -2991,12 +3503,12 @@ interactions:
ParameterSetName:
- --management-group
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policySetDefinitions?api-version=2019-09-01
response:
body:
string: '{"value":[{"properties":{"displayName":"Audit Windows VMs in which
@@ -3043,7 +3555,7 @@ interactions:
of regions where Network Watcher should be enabled","description":"To see
a complete list of regions use Get-AzLocation","strongType":"location"},"defaultValue":["eastus"]},"listOfApprovedVMExtensions":{"type":"Array","metadata":{"displayName":"List
of virtual machine extensions that are approved for use","description":"To
- see a complete list of virtual machine extensions, use Get-AzVMExtensionImage"},"defaultValue":["AzureDiskEncryption","AzureDiskEncryptionForLinux","DependencyAgentWindows","DependencyAgentLinux","IaaSAntimalware","IaaSDiagnostics","LinuxDiagnostic","MicrosoftMonitoringAgent","NetworkWatcherAgentLinux","NetworkWatcherAgentWindows","OmsAgentForLinux","VMSnapshot","VMSnapshotLinux"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"CISv110x1x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x1m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1181c5f-672a-477a-979a-7d58aa086233","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x3CISv110x7x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x5CISv110x7x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x6CISv110x7x1CISv110x7x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x9m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x13","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x14CISv110x4x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x15CISv110x4x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x16","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x17","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x18","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x19","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x4m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x5m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x6m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x7m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x10m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x11","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x13","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x17","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{}},{"policyDefinitionReferenceId":"CISv110x6x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfRegionsWhereNetworkWatcherShouldBeEnabled'')]"}}},{"policyDefinitionReferenceId":"CISv110x7x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","parameters":{}},{"policyDefinitionReferenceId":"CISv110x7x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432","parameters":{"approvedExtensions":{"value":"[parameters(''listOfApprovedVMExtensions'')]"}}},{"policyDefinitionReferenceId":"CISv110x8x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","parameters":{}},{"policyDefinitionReferenceId":"CISv110x8x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1a5bb27d-173f-493e-9568-eb56638dde4d","type":"Microsoft.Authorization/policySetDefinitions","name":"1a5bb27d-173f-493e-9568-eb56638dde4d"},{"properties":{"displayName":"[Preview]:
+ see a complete list of virtual machine extensions, use Get-AzVMExtensionImage"},"defaultValue":["AzureDiskEncryption","AzureDiskEncryptionForLinux","DependencyAgentWindows","DependencyAgentLinux","IaaSAntimalware","IaaSDiagnostics","LinuxDiagnostic","MicrosoftMonitoringAgent","NetworkWatcherAgentLinux","NetworkWatcherAgentWindows","OmsAgentForLinux","VMSnapshot","VMSnapshotLinux"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"CISv110x1x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x1m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x23","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1181c5f-672a-477a-979a-7d58aa086233","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x3CISv110x7x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x5CISv110x7x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x6CISv110x7x1CISv110x7x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x9m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x13","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x14CISv110x4x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x15CISv110x4x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x16","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x17","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x18","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x19","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x4m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x5m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x6m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x7m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x10m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x11","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x13","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x14","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e442","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x15","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e446","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x16","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e8f3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x17","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{}},{"policyDefinitionReferenceId":"CISv110x6x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfRegionsWhereNetworkWatcherShouldBeEnabled'')]"}}},{"policyDefinitionReferenceId":"CISv110x7x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","parameters":{}},{"policyDefinitionReferenceId":"CISv110x7x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432","parameters":{"approvedExtensions":{"value":"[parameters(''listOfApprovedVMExtensions'')]"}}},{"policyDefinitionReferenceId":"CISv110x8x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","parameters":{}},{"policyDefinitionReferenceId":"CISv110x8x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x3m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x3mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x4m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x4mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86d97760-d216-4d81-a3ad-163087b2b6c3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x5m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0473e7a-a1ba-4e86-afb2-e829e11b01d8","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x5mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa81768c-cb87-4ce2-bfaa-00baa10d760c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c2e7ca55-f62c-49b2-89a4-d41eb661d2f0","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x6m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10c1859c-e1a7-4df3-ab97-a487fa8059f6","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x6mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/843664e0-7563-41ee-a9cb-7522c382d2c4","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x7m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ab965db2-d2bf-4b64-8b39-c38ec8179461","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x7mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x8m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x8mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x9m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x9mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x10m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x10mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1a5bb27d-173f-493e-9568-eb56638dde4d","type":"Microsoft.Authorization/policySetDefinitions","name":"1a5bb27d-173f-493e-9568-eb56638dde4d"},{"properties":{"displayName":"[Preview]:
Enable Monitoring in Azure Security Center","policyType":"BuiltIn","description":"Monitor
all the available security recommendations in Azure Security Center. This
is the default policy for Azure Security Center.","metadata":{"category":"Security
@@ -3109,7 +3621,7 @@ interactions:
retention (in days) for logs in Batch accounts","description":"The required
diagnostic logs retention period in days"},"defaultValue":"365"},"metricAlertsInBatchAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Metric
alert rules should be configured on Batch accounts","description":"Enable
- or disable the monitoring of metric alerts in Batch accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"classicComputeVMsMonitoringEffect":{"type":"String","metadata":{"displayName":"Virtual
+ or disable the monitoring of metric alerts in Batch accounts","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"classicComputeVMsMonitoringEffect":{"type":"String","metadata":{"displayName":"Virtual
machines should be migrated to new Azure Resource Manager resources","description":"Enable
or disable the monitoring of classic compute VMs"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"classicStorageAccountsMonitoringEffect":{"type":"String","metadata":{"displayName":"Storage
accounts should be migrated to new Azure Resource Manager resources","description":"Enable
@@ -3208,7 +3720,25 @@ interactions:
debugging should be turned off for Function App","description":"Enable or
disable the monitoring of remote debugging for Function App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppDisableRemoteDebuggingMonitoringEffect":{"type":"String","metadata":{"displayName":"Remote
debugging should be turned off for Web Application","description":"Enable
- or disable the monitoring of remote debugging for Web App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppDisableWebSocketsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
+ or disable the monitoring of remote debugging for Web App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppAuditFtpsMonitoringEffect":{"type":"String","metadata":{"displayName":"FTPS
+ should be required in your API App","description":"Enable FTPS enforcement
+ for enhanced security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"functionAppAuditFtpsMonitoringEffect":{"type":"String","metadata":{"displayName":"FTPS
+ should be required in your Function App","description":"Enable FTPS enforcement
+ for enhanced security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppAuditFtpsMonitoringEffect":{"type":"String","metadata":{"displayName":"FTPS
+ should be required in your Web App","description":"Enable FTPS enforcement
+ for enhanced security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppUseManagedIdentityMonitoringEffect":{"type":"String","metadata":{"displayName":"A
+ managed identity should be used in your API App","description":"Use a managed
+ identity for enhanced authentication security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"functionAppUseManagedIdentityMonitoringEffect":{"type":"String","metadata":{"displayName":"A
+ managed identity should be used in your Function App","description":"Use a
+ managed identity for enhanced authentication security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppUseManagedIdentityMonitoringEffect":{"type":"String","metadata":{"displayName":"A
+ managed identity should be used in your Web App","description":"Use a managed
+ identity for enhanced authentication security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppRequireLatestTlsMonitoringEffect":{"type":"String","metadata":{"displayName":"Latest
+ TLS version should be used in your API App","description":"Upgrade to the
+ latest TLS version"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"functionAppRequireLatestTlsMonitoringEffect":{"type":"String","metadata":{"displayName":"Latest
+ TLS version should be used in your Function App","description":"Upgrade to
+ the latest TLS version"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppRequireLatestTlsMonitoringEffect":{"type":"String","metadata":{"displayName":"Latest
+ TLS version should be used in your Web App","description":"Upgrade to the
+ latest TLS version"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppDisableWebSocketsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
disable web sockets for API App","description":"[Deprecated] Enable or disable
the monitoring of web sockets for API App","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"functionAppDisableWebSocketsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
disable web sockets for Function App","description":"[Deprecated] Enable or
@@ -3334,7 +3864,11 @@ interactions:
and control over the TDE Protector, increased security with an HSM-backed
external service, and promotion of separation of duties."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"containerBenchmarkMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities
in container security configurations should be remediated","description":"Enable
- or disable container benchmark monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssEndpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{"effect":{"value":"[parameters(''vmssEndpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInIoTHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInIoTHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInIoTHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceFabricMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"accessRulesInEventHubNamespaceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","parameters":{"effect":{"value":"[parameters(''accessRulesInEventHubNamespaceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"accessRulesInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d","parameters":{"effect":{"value":"[parameters(''accessRulesInEventHubMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"useRbacRulesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{"effect":{"value":"[parameters(''useRbacRulesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInStreamAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"secureTransferToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''secureTransferToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInSqlServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInSqlServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"namespaceAuthorizationRulesInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","parameters":{"effect":{"value":"[parameters(''namespaceAuthorizationRulesInServiceBusMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceBusMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInServiceBusRetentionDays'')]"}}},{"policyDefinitionReferenceId":"clusterProtectionLevelInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{"effect":{"value":"[parameters(''clusterProtectionLevelInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInSearchServiceRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInRedisCacheMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInRedisCacheMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInLogicAppsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInLogicAppsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInLogicAppsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInKeyVaultMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInKeyVaultMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInKeyVaultRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInEventHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInEventHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeStoreMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"classicStorageAccountsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{"effect":{"value":"[parameters(''classicStorageAccountsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"classicComputeVMsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''classicComputeVMsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"metricAlertsInBatchAccountPoolDeleteStart","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","parameters":{"effect":{"value":"[parameters(''metricAlertsInBatchAccountMonitoringEffect'')]"},"metricName":{"value":"PoolDeleteStartEvent"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInBatchAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInBatchAccountMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInBatchAccountRetentionDays'')]"}}},{"policyDefinitionReferenceId":"encryptionOfAutomationAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{"effect":{"value":"[parameters(''encryptionOfAutomationAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSelectiveAppServicesMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSelectiveAppServicesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''sqlDbEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAuditingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAuditingActionsAndGroupsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingActionsAndGroupsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"SqlServerAuditingRetentionDaysMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{"effect":{"value":"[parameters(''SqlServerAuditingRetentionDaysMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnSubnetsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnSubnetsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnVirtualMachinesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemConfigurationsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{"effect":{"value":"[parameters(''systemConfigurationsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"endpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{"effect":{"value":"[parameters(''endpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"serverVulnerabilityAssessment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''serverVulnerabilityAssessmentEffect'')]"}}},{"policyDefinitionReferenceId":"webApplicationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{"effect":{"value":"[parameters(''webApplicationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''nextGenerationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''sqlDbVulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbDataClassificationMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349","parameters":{"effect":{"value":"[parameters(''sqlDbDataClassificationMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateLessThanOwnersMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{"effect":{"value":"[parameters(''identityDesignateLessThanOwnersMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateMoreThanOneOwnerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{"effect":{"value":"[parameters(''identityDesignateMoreThanOneOwnerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''apiAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{"effect":{"value":"[parameters(''functionAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''webAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''apiAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"apiAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","parameters":{"effect":{"value":"[parameters(''apiAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5","parameters":{"effect":{"value":"[parameters(''functionAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vnetEnableDDoSProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{"effect":{"value":"[parameters(''vnetEnableDDoSProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityEmailsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityEmailsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityEmailsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityEmailsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityEmailAdminsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityEmailAdminsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceRbacEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''kubernetesServiceRbacEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServicePspEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94","parameters":{"effect":{"value":"[parameters(''kubernetesServicePspEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceVersionUpToDateMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{"effect":{"value":"[parameters(''kubernetesServiceVersionUpToDateMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceAuthorizedIPRangesEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e246bcf-5f6f-4f87-bc6f-775d4712c7ea","parameters":{"effect":{"value":"[parameters(''kubernetesServiceAuthorizedIPRangesEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"threatDetectionTypesOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{"effect":{"value":"[parameters(''threatDetectionTypesOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"threatDetectionTypesOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{"effect":{"value":"[parameters(''threatDetectionTypesOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToManagementPortsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{"effect":{"value":"[parameters(''restrictAccessToManagementPortsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToAppServicesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a833ff1-d297-4a0f-9944-888428f8e0ff","parameters":{"effect":{"value":"[parameters(''restrictAccessToAppServicesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableIPForwardingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744","parameters":{"effect":{"value":"[parameters(''disableIPForwardingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"containerBenchmarkMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{"effect":{"value":"[parameters(''containerBenchmarkMonitoringEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","type":"Microsoft.Authorization/policySetDefinitions","name":"1f3afdf9-d0c9-4c3d-847f-89da613e70a8"},{"properties":{"displayName":"Audit
+ or disable container benchmark monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"ASCDependencyAgentAuditWindowsEffect":{"type":"String","metadata":{"displayName":"Audit
+ Dependency Agent for Windows VMs monitoring","description":"Enable or disable
+ Dependency Agent for Windows VMs"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"ASCDependencyAgentAuditLinuxEffect":{"type":"String","metadata":{"displayName":"Audit
+ Dependency Agent for Linux VMs monitoring","description":"Enable or disable
+ Dependency Agent for Linux VMs"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssEndpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{"effect":{"value":"[parameters(''vmssEndpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInIoTHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInIoTHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInIoTHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceFabricMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"accessRulesInEventHubNamespaceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","parameters":{"effect":{"value":"[parameters(''accessRulesInEventHubNamespaceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"accessRulesInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d","parameters":{"effect":{"value":"[parameters(''accessRulesInEventHubMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"useRbacRulesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{"effect":{"value":"[parameters(''useRbacRulesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInStreamAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"secureTransferToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''secureTransferToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInSqlServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInSqlServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"namespaceAuthorizationRulesInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","parameters":{"effect":{"value":"[parameters(''namespaceAuthorizationRulesInServiceBusMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceBusMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInServiceBusRetentionDays'')]"}}},{"policyDefinitionReferenceId":"clusterProtectionLevelInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{"effect":{"value":"[parameters(''clusterProtectionLevelInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInSearchServiceRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInRedisCacheMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInRedisCacheMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInLogicAppsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInLogicAppsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInLogicAppsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInKeyVaultMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInKeyVaultMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInKeyVaultRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInEventHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInEventHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeStoreMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"classicStorageAccountsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{"effect":{"value":"[parameters(''classicStorageAccountsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"classicComputeVMsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''classicComputeVMsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInBatchAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInBatchAccountMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInBatchAccountRetentionDays'')]"}}},{"policyDefinitionReferenceId":"encryptionOfAutomationAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{"effect":{"value":"[parameters(''encryptionOfAutomationAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSelectiveAppServicesMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSelectiveAppServicesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''sqlDbEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAuditingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAuditingActionsAndGroupsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingActionsAndGroupsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"SqlServerAuditingRetentionDaysMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{"effect":{"value":"[parameters(''SqlServerAuditingRetentionDaysMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnSubnetsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnSubnetsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnVirtualMachinesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemConfigurationsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{"effect":{"value":"[parameters(''systemConfigurationsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"endpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{"effect":{"value":"[parameters(''endpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"serverVulnerabilityAssessment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''serverVulnerabilityAssessmentEffect'')]"}}},{"policyDefinitionReferenceId":"webApplicationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{"effect":{"value":"[parameters(''webApplicationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''nextGenerationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''sqlDbVulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbDataClassificationMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349","parameters":{"effect":{"value":"[parameters(''sqlDbDataClassificationMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateLessThanOwnersMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{"effect":{"value":"[parameters(''identityDesignateLessThanOwnersMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateMoreThanOneOwnerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{"effect":{"value":"[parameters(''identityDesignateMoreThanOneOwnerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''apiAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{"effect":{"value":"[parameters(''functionAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''webAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppAuditFtpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5","parameters":{"effect":{"value":"[parameters(''apiAppAuditFtpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppAuditFtpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","parameters":{"effect":{"value":"[parameters(''webAppAuditFtpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppAuditFtpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15","parameters":{"effect":{"value":"[parameters(''functionAppAuditFtpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppUseManagedIdentityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","parameters":{"effect":{"value":"[parameters(''apiAppUseManagedIdentityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppUseManagedIdentityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332","parameters":{"effect":{"value":"[parameters(''webAppUseManagedIdentityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppUseManagedIdentityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f","parameters":{"effect":{"value":"[parameters(''functionAppUseManagedIdentityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{"effect":{"value":"[parameters(''apiAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{"effect":{"value":"[parameters(''webAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{"effect":{"value":"[parameters(''functionAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''apiAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"apiAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","parameters":{"effect":{"value":"[parameters(''apiAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5","parameters":{"effect":{"value":"[parameters(''functionAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vnetEnableDDoSProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{"effect":{"value":"[parameters(''vnetEnableDDoSProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityEmailsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityEmailsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityEmailsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityEmailsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityEmailAdminsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityEmailAdminsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceRbacEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''kubernetesServiceRbacEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServicePspEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94","parameters":{"effect":{"value":"[parameters(''kubernetesServicePspEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceVersionUpToDateMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{"effect":{"value":"[parameters(''kubernetesServiceVersionUpToDateMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceAuthorizedIPRangesEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e246bcf-5f6f-4f87-bc6f-775d4712c7ea","parameters":{"effect":{"value":"[parameters(''kubernetesServiceAuthorizedIPRangesEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"threatDetectionTypesOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{"effect":{"value":"[parameters(''threatDetectionTypesOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"threatDetectionTypesOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{"effect":{"value":"[parameters(''threatDetectionTypesOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToManagementPortsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{"effect":{"value":"[parameters(''restrictAccessToManagementPortsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToAppServicesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a833ff1-d297-4a0f-9944-888428f8e0ff","parameters":{"effect":{"value":"[parameters(''restrictAccessToAppServicesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableIPForwardingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744","parameters":{"effect":{"value":"[parameters(''disableIPForwardingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"containerBenchmarkMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{"effect":{"value":"[parameters(''containerBenchmarkMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ASCDependencyAgentAuditWindowsEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2f2ee1de-44aa-4762-b6bd-0893fc3f306d","parameters":{"effect":{"value":"[parameters(''ASCDependencyAgentAuditWindowsEffect'')]"}}},{"policyDefinitionReferenceId":"ASCDependencyAgentAuditLinuxEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/04c4380f-3fae-46e8-96c9-30193528f602","parameters":{"effect":{"value":"[parameters(''ASCDependencyAgentAuditLinuxEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","type":"Microsoft.Authorization/policySetDefinitions","name":"1f3afdf9-d0c9-4c3d-847f-89da613e70a8"},{"properties":{"displayName":"Audit
Windows VMs that do not have the specified applications installed","policyType":"BuiltIn","description":"This
initiative deploys the policy requirements and audits Windows virtual machines
that do not have the specified applications installed. For more information
@@ -3350,7 +3884,7 @@ interactions:
Additional policies will be added in upcoming releases. For more information,
please visit https://aka.ms/ukofficial-blueprint and https://aka.ms/uknhs-blueprint","metadata":{"category":"Regulatory
Compliance"},"parameters":{"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"List
- of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmEtcPasswdFilePermissionsAreSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnauditedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVmDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorVmVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"AuditEnablementOfEncryptionOfAutomationAccountVariables","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{}},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"AuditTheSettingOfClusterprotectionlevelPropertyToEncryptandsignInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{}},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditVMsThatDoNotUseManagedDisks","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/3937f550-eedd-4639-9c5e-294358be442e","type":"Microsoft.Authorization/policySetDefinitions","name":"3937f550-eedd-4639-9c5e-294358be442e"},{"properties":{"displayName":"[Preview]:
+ of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmEtcPasswdFilePermissionsAreSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"DeployPrerequisitesAuditLinuxVmEtcPasswdFilePermissionsAreSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnauditedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVmDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorVmVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"AuditEnablementOfEncryptionOfAutomationAccountVariables","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{}},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AuditTheSettingOfClusterprotectionlevelPropertyToEncryptandsignInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditVMsThatDoNotUseManagedDisks","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{}},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{}},{"policyDefinitionReferenceId":"AuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"AuditVulnerabilityAssessmentShouldBeEnabledOnSQLServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{}},{"policyDefinitionReferenceId":"AuditVulnerabilityAssessmentShouldBeEnabledOnSQLManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"AudtiAdvancedThreatProtectionTypesAllInSQLManagedInstanceAdvancedDataSecuritySettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{}},{"policyDefinitionReferenceId":"AudtiAdvancedThreatProtectionTypesAllInSQLServerAdvancedDataSecuritySettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{}},{"policyDefinitionReferenceId":"TheNsGsRulesForWebApplicationsOnIaaSShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"MonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"MonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"AuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"MonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingsScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/3937f550-eedd-4639-9c5e-294358be442e","type":"Microsoft.Authorization/policySetDefinitions","name":"3937f550-eedd-4639-9c5e-294358be442e"},{"properties":{"displayName":"[Preview]:
Audit SWIFT CSP-CSCF v2020 controls and deploy specific VM Extensions to support
audit requirements","policyType":"BuiltIn","description":"This initiative
includes audit and VM Extension deployment policies that address a subset
@@ -3533,6 +4067,196 @@ interactions:
machines with older versions on which Windows Defender Exploit Guard is not
available (such as Windows Server 2012 R2) non-compliant. Setting this value
to ''Compliant'' will make these machines compliant."},"allowedValues":["Compliant","Non-Compliant"],"defaultValue":"Non-Compliant"}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_WindowsDefenderExploitGuard","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a7a2bcf-f9be-4e35-9734-4f9657a70f1d","parameters":{"NotAvailableMachineState":{"value":"[parameters(''NotAvailableMachineState'')]"}}},{"policyDefinitionReferenceId":"Audit_WindowsDefenderExploitGuard","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/9d2fd8e6-95c8-410d-add0-43ada4241574","type":"Microsoft.Authorization/policySetDefinitions","name":"9d2fd8e6-95c8-410d-add0-43ada4241574"},{"properties":{"displayName":"Audit
+ HITRUST/HIPAA controls and deploy specific VM Extensions to support audit
+ requirements","policyType":"BuiltIn","description":"This initiative includes
+ policies that address a subset of HITRUST/HIPAA controls. Additional policies
+ will be added in upcoming releases. https://aka.ms/hipaa-blueprint","metadata":{"category":"Regulatory
+ Compliance"},"parameters":{"installedApplicationsOnWindowsVM":{"type":"String","metadata":{"displayName":"Application
+ names (supports wildcards)","description":"A semicolon-separated list of the
+ names of the applications that should be installed. e.g. ''Microsoft SQL Server
+ 2014 (64-bit); Microsoft Visual Studio Code'' or ''Microsoft SQL Server 2014*''
+ (to match any application starting with ''Microsoft SQL Server 2014'')"}},"DeployDiagnosticSettingsforNetworkSecurityGroupsstoragePrefix":{"type":"String","metadata":{"displayName":"Storage
+ Account Prefix for Regional Storage Account to deploy diagnostic settings
+ for Network Security Groups","description":"This prefix will be combined with
+ the network security group location to form the created storage account name."}},"DeployDiagnosticSettingsforNetworkSecurityGroupsrgName":{"type":"String","metadata":{"displayName":"Resource
+ Group Name for Storage Account (must exist) to deploy diagnostic settings
+ for Network Security Groups","description":"The resource group that the storage
+ account will be created in. This resource group must already exist.","strongType":"ExistingResourceGroups"}},"diagnosticsLogsInBatchAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Batch accounts should be enabled","description":"Enable or disable
+ the monitoring of diagnostic logs in Batch accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInBatchAccountRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (in days) for logs in Batch accounts","description":"The required
+ diagnostic logs retention period in days"},"defaultValue":"365"},"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect":{"type":"String","metadata":{"displayName":"SQL
+ managed instance TDE protector should be encrypted with your own key","description":"Enable
+ or disable the monitoring of Transparent Data Encryption (TDE) with your own
+ key support. TDE with your own key support provides increased transparency
+ and control over the TDE Protector, increased security with an HSM-backed
+ external service, and promotion of separation of duties."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diskEncryptionMonitoringEffect":{"type":"String","metadata":{"displayName":"Disk
+ encryption should be applied on virtual machines","description":"Enable or
+ disable the monitoring for VM disk encryption"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInSearchServiceMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Search services should be enabled","description":"Enable or disable
+ the monitoring of diagnostic logs in Azure Search service"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInSearchServiceRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (in days) of logs in Azure Search service","description":"The required
+ diagnostic logs retention period in days"},"defaultValue":"365"},"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerability
+ assessment should be enabled on your SQL managed instances","description":"Audit
+ SQL managed instances which do not have recurring vulnerability assessment
+ scans enabled. Vulnerability assessment can discover, track, and help you
+ remediate potential database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vulnerabilityAssesmentMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities
+ should be remediated by a Vulnerability Assessment solution","description":"Enable
+ or disable the detection of VM vulnerabilities by a vulnerability assessment
+ solution"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"EnableInsecureGuestLogons":{"type":"String","metadata":{"displayName":"Enable
+ insecure guest logons","description":"Specifies whether the SMB client will
+ allow insecure guest logons to an SMB server."},"defaultValue":"0"},"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain":{"type":"String","metadata":{"displayName":"Allow
+ simultaneous connections to the Internet or a Windows Domain","description":"Specify
+ whether to prevent computers from connecting to both a domain based network
+ and a non-domain based network at the same time. A value of 0 allows simultaneous
+ connections, and a value of 1 blocks them."},"defaultValue":"1"},"TurnOffMulticastNameResolution":{"type":"String","metadata":{"displayName":"Turn
+ off multicast name resolution","description":"Specifies whether LLMNR, a secondary
+ name resolution protocol that transmits using multicast over a local subnet
+ link on a single subnet, is enabled."},"defaultValue":"1"},"nextGenerationFirewallMonitoringEffect":{"type":"String","metadata":{"displayName":"Access
+ through Internet facing endpoint should be restricted","description":"Enable
+ or disable overly permissive inbound NSG rules monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect":{"type":"String","metadata":{"displayName":"SQL
+ server TDE protector should be encrypted with your own key","description":"Enable
+ or disable the monitoring of Transparent Data Encryption (TDE) with your own
+ key support. TDE with your own key support provides increased transparency
+ and control over the TDE Protector, increased security with an HSM-backed
+ external service, and promotion of separation of duties."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppDisableRemoteDebuggingMonitoringEffect":{"type":"String","metadata":{"displayName":"Remote
+ debugging should be turned off for API App","description":"Enable or disable
+ the monitoring of remote debugging for API App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"classicComputeVMsMonitoringEffect":{"type":"String","metadata":{"displayName":"Virtual
+ machines should be migrated to new Azure Resource Manager resources","description":"Enable
+ or disable the monitoring of classic compute VMs"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"disableUnrestrictedNetworkToStorageAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Audit
+ unrestricted network access to storage accounts","description":"Enable or
+ disable the monitoring of network access to storage account"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"adaptiveApplicationControlsMonitoringEffect":{"type":"String","metadata":{"displayName":"Adaptive
+ Application Controls should be enabled on virtual machines","description":"Enable
+ or disable the monitoring of application whitelisting in Azure Security Center"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"NetworkAccessRemotelyAccessibleRegistryPaths":{"type":"String","metadata":{"displayName":"Network
+ access: Remotely accessible registry paths","description":"Specifies which
+ registry paths will be accessible over the network, regardless of the users
+ or groups listed in the access control list (ACL) of the `winreg` registry
+ key."},"defaultValue":"System\\CurrentControlSet\\Control\\ProductOptions|#|System\\CurrentControlSet\\Control\\Server
+ Applications|#|Software\\Microsoft\\Windows NT\\CurrentVersion"},"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths":{"type":"String","metadata":{"displayName":"Network
+ access: Remotely accessible registry paths and sub-paths","description":"Specifies
+ which registry paths and sub-paths will be accessible over the network, regardless
+ of the users or groups listed in the access control list (ACL) of the `winreg`
+ registry key."},"defaultValue":"System\\CurrentControlSet\\Control\\Print\\Printers|#|System\\CurrentControlSet\\Services\\Eventlog|#|Software\\Microsoft\\OLAP
+ Server|#|Software\\Microsoft\\Windows NT\\CurrentVersion\\Print|#|Software\\Microsoft\\Windows
+ NT\\CurrentVersion\\Windows|#|System\\CurrentControlSet\\Control\\ContentIndex|#|System\\CurrentControlSet\\Control\\Terminal
+ Server|#|System\\CurrentControlSet\\Control\\Terminal Server\\UserConfig|#|System\\CurrentControlSet\\Control\\Terminal
+ Server\\DefaultUserConfiguration|#|Software\\Microsoft\\Windows NT\\CurrentVersion\\Perflib|#|System\\CurrentControlSet\\Services\\SysmonLog"},"NetworkAccessSharesThatCanBeAccessedAnonymously":{"type":"String","metadata":{"displayName":"Network
+ access: Shares that can be accessed anonymously","description":"Specifies
+ which network shares can be accessed by anonymous users. The default configuration
+ for this policy setting has little effect because all users have to be authenticated
+ before they can access shared resources on the server."},"defaultValue":"0"},"webAppDisableRemoteDebuggingMonitoringEffect":{"type":"String","metadata":{"displayName":"Remote
+ debugging should be turned off for Web Application","description":"Enable
+ or disable the monitoring of remote debugging for Web App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppEnforceHttpsMonitoringEffectV2":{"type":"String","metadata":{"displayName":"API
+ App should only be accessible over HTTPS V2","description":"Enable or disable
+ the monitoring of the use of HTTPS in API App V2"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"identityEnableMFAForWritePermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled accounts with write permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with write permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"jitNetworkAccessMonitoringEffect":{"type":"String","metadata":{"displayName":"Just-In-Time
+ network access control should be applied on virtual machines","description":"Enable
+ or disable the monitoring of network just In time access"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled on accounts with owner permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with owner permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"kubernetesServiceRbacEnabledMonitoringEffect":{"type":"String","metadata":{"displayName":"Role-Based
+ Access Control (RBAC) should be used on Kubernetes Services","description":"Enable
+ or disable the monitoring of Kubernetes Services without RBAC enabled"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"restrictAccessToManagementPortsMonitoringEffect":{"type":"String","metadata":{"displayName":"Management
+ ports should be closed on your virtual machines","description":"Enable or
+ disable the monitoring of open management ports on Virtual Machines"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vmssOsVulnerabilitiesMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities
+ in security configuration on your virtual machine scale sets should be remediated","description":"Enable
+ or disable virtual machine scale sets OS vulnerabilities monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInEventHubMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Event Hub should be enabled","description":"Enable or disable the
+ monitoring of diagnostic logs in Event Hub accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInEventHubRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (in days) of logs in Event Hub accounts","description":"The required
+ diagnostic logs retention period in days"},"defaultValue":"365"},"vmssSystemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"System
+ updates on virtual machine scale sets should be installed","description":"Enable
+ or disable virtual machine scale sets reporting of system updates"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInServiceFabricMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Virtual Machine Scale Sets should be enabled","description":"Enable
+ or disable the monitoring of diagnostic logs in Service Fabric"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"systemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"System
+ updates should be installed on your machines","description":"Enable or disable
+ reporting of system updates"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"DeployAzureBaselineSecurityOptionsAccountsAccountsGuestAccountStatus":{"type":"String","metadata":{"displayName":"Accounts:
+ Guest account status","description":"Specifies whether the local Guest account
+ is disabled."},"defaultValue":"0"},"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"type":"String","metadata":{"displayName":"Recovery
+ console: Allow floppy copy and access to all drives and all folders","description":"Specifies
+ whether to make the Recovery Console SET command available, which allows setting
+ of recovery console environment variables."},"defaultValue":"0"},"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"type":"String","metadata":{"displayName":"Audit:
+ Shut down system immediately if unable to log security audits","description":"Audits
+ if the system will shut down when unable to log Security events."},"defaultValue":"0"},"DeployAzureBaselineSystemAuditPoliciesDetailedTrackingAuditProcessTermination":{"type":"String","metadata":{"displayName":"Audit
+ Process Termination","description":"Specifies whether audit events are generated
+ when a process has exited. Recommended for monitoring termination of critical
+ processes."},"allowedValues":["No Auditing","Success","Failure","Success and
+ Failure"],"defaultValue":"No Auditing"},"WindowsFirewallDomainUseProfileSettings":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Use profile settings","description":"Specifies whether
+ Windows Firewall with Advanced Security uses the settings for the Domain profile
+ to filter network traffic. If you select Off, Windows Firewall with Advanced
+ Security will not use any of the firewall rules or connection security rules
+ for this profile."},"defaultValue":"1"},"WindowsFirewallDomainBehaviorForOutboundConnections":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Behavior for outbound connections","description":"Specifies
+ the behavior for outbound connections for the Domain profile that do not match
+ an outbound firewall rule. The default value of 0 means to allow connections,
+ and a value of 1 means to block connections."},"defaultValue":"0"},"WindowsFirewallDomainApplyLocalConnectionSecurityRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Apply local connection security rules","description":"Specifies
+ whether local administrators are allowed to create connection security rules
+ that apply together with connection security rules configured by Group Policy
+ for the Domain profile."},"defaultValue":"1"},"WindowsFirewallDomainApplyLocalFirewallRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Apply local firewall rules","description":"Specifies whether
+ local administrators are allowed to create local firewall rules that apply
+ together with firewall rules configured by Group Policy for the Domain profile."},"defaultValue":"1"},"WindowsFirewallDomainDisplayNotifications":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Display notifications","description":"Specifies whether
+ Windows Firewall with Advanced Security displays notifications to the user
+ when a program is blocked from receiving inbound connections, for the Domain
+ profile."},"defaultValue":"1"},"WindowsFirewallPrivateUseProfileSettings":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Use profile settings","description":"Specifies whether
+ Windows Firewall with Advanced Security uses the settings for the Private
+ profile to filter network traffic. If you select Off, Windows Firewall with
+ Advanced Security will not use any of the firewall rules or connection security
+ rules for this profile."},"defaultValue":"1"},"WindowsFirewallPrivateBehaviorForOutboundConnections":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Behavior for outbound connections","description":"Specifies
+ the behavior for outbound connections for the Private profile that do not
+ match an outbound firewall rule. The default value of 0 means to allow connections,
+ and a value of 1 means to block connections."},"defaultValue":"0"},"WindowsFirewallPrivateApplyLocalConnectionSecurityRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Apply local connection security rules","description":"Specifies
+ whether local administrators are allowed to create connection security rules
+ that apply together with connection security rules configured by Group Policy
+ for the Private profile."},"defaultValue":"1"},"WindowsFirewallPrivateApplyLocalFirewallRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Apply local firewall rules","description":"Specifies whether
+ local administrators are allowed to create local firewall rules that apply
+ together with firewall rules configured by Group Policy for the Private profile."},"defaultValue":"1"},"WindowsFirewallPrivateDisplayNotifications":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Display notifications","description":"Specifies whether
+ Windows Firewall with Advanced Security displays notifications to the user
+ when a program is blocked from receiving inbound connections, for the Private
+ profile."},"defaultValue":"1"},"WindowsFirewallPublicUseProfileSettings":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Use profile settings","description":"Specifies whether
+ Windows Firewall with Advanced Security uses the settings for the Public profile
+ to filter network traffic. If you select Off, Windows Firewall with Advanced
+ Security will not use any of the firewall rules or connection security rules
+ for this profile."},"defaultValue":"1"},"WindowsFirewallPublicBehaviorForOutboundConnections":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Behavior for outbound connections","description":"Specifies
+ the behavior for outbound connections for the Public profile that do not match
+ an outbound firewall rule. The default value of 0 means to allow connections,
+ and a value of 1 means to block connections."},"defaultValue":"0"},"WindowsFirewallPublicApplyLocalConnectionSecurityRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Apply local connection security rules","description":"Specifies
+ whether local administrators are allowed to create connection security rules
+ that apply together with connection security rules configured by Group Policy
+ for the Public profile."},"defaultValue":"1"},"WindowsFirewallPublicApplyLocalFirewallRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Apply local firewall rules","description":"Specifies whether
+ local administrators are allowed to create local firewall rules that apply
+ together with firewall rules configured by Group Policy for the Public profile."},"defaultValue":"1"},"WindowsFirewallPublicDisplayNotifications":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Display notifications","description":"Specifies whether
+ Windows Firewall with Advanced Security displays notifications to the user
+ when a program is blocked from receiving inbound connections, for the Public
+ profile."},"defaultValue":"1"},"WindowsFirewallDomainAllowUnicastResponse":{"type":"String","metadata":{"displayName":"Windows
+ Firewall: Domain: Allow unicast response","description":"Specifies whether
+ Windows Firewall with Advanced Security permits the local computer to receive
+ unicast responses to its outgoing multicast or broadcast messages; for the
+ Domain profile."},"defaultValue":"0"},"WindowsFirewallPrivateAllowUnicastResponse":{"type":"String","metadata":{"displayName":"Windows
+ Firewall: Private: Allow unicast response","description":"Specifies whether
+ Windows Firewall with Advanced Security permits the local computer to receive
+ unicast responses to its outgoing multicast or broadcast messages; for the
+ Private profile."},"defaultValue":"0"},"WindowsFirewallPublicAllowUnicastResponse":{"type":"String","metadata":{"displayName":"Windows
+ Firewall: Public: Allow unicast response","description":"Specifies whether
+ Windows Firewall with Advanced Security permits the local computer to receive
+ unicast responses to its outgoing multicast or broadcast messages; for the
+ Public profile."},"defaultValue":"1"},"CertificateThumbprints":{"type":"String","metadata":{"displayName":"Certificate
+ thumbprints","description":"A semicolon-separated list of certificate thumbprints
+ that should exist under the Trusted Root certificate store (Cert:\\LocalMachine\\Root).
+ e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"DeploydefaultMicrosoftIaaSAntimalwareextensionforWindowsServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc","parameters":{}},{"policyDefinitionReferenceId":"diagnosticsLogsInBatchAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInBatchAccountMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInBatchAccountRetentionDays'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"RequireencryptiononDataLakeStoreaccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a","parameters":{}},{"policyDefinitionReferenceId":"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"AuditSQLTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"Deploy_InstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6","parameters":{"installedApplication":{"value":"[parameters(''installedApplicationsOnWindowsVM'')]"}}},{"policyDefinitionReferenceId":"Audit_InstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9","parameters":{}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21e2995e-683e-497a-9e81-2f42ad07050a","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/498b810c-59cd-4222-9338-352ba146ccf3","parameters":{"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"value":"[parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SystemAuditPoliciesAccountManagement","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/225e937e-d32e-4713-ab74-13ce95b3519a","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SystemAuditPoliciesAccountManagement","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29","parameters":{}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SystemAuditPoliciesDetailedTracking","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9a33475-481d-4b81-9116-0bf02ffe67e8","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SystemAuditPoliciesDetailedTracking","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/42a07bbf-ffcf-459a-b4b1-30ecd118a505","parameters":{"AuditProcessTermination":{"value":"[parameters(''DeployAzureBaselineSystemAuditPoliciesDetailedTrackingAuditProcessTermination'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInSearchServiceRetentionDays'')]"}}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsMicrosoftNetworkServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6fe4ef56-7576-4dc4-8e9c-26bad4b087ce","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsMicrosoftNetworkServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86880e5c-df35-43c5-95ad-7e120635775e","parameters":{}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_AdministrativeTemplatesNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7229bd6a-693d-478a-87f0-1dc1af06f3b8","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_AdministrativeTemplatesNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/985285b7-b97a-419c-8d48-c88cc934c8d8","parameters":{"EnableInsecureGuestLogons":{"value":"[parameters(''EnableInsecureGuestLogons'')]"},"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain":{"value":"[parameters(''AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain'')]"},"TurnOffMulticastNameResolution":{"value":"[parameters(''TurnOffMulticastNameResolution'')]"}}},{"policyDefinitionReferenceId":"Deploynetworkwatcherwhenvirtualnetworksarecreated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9","parameters":{}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_WindowsFirewallProperties","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8bbd627e-4d25-4906-9a6e-3789780af3ec","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_WindowsFirewallProperties","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/909c958d-1b99-4c74-b88f-46a5c5bc34f9","parameters":{"WindowsFirewallDomainUseProfileSettings":{"value":"[parameters(''WindowsFirewallDomainUseProfileSettings'')]"},"WindowsFirewallDomainBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallDomainBehaviorForOutboundConnections'')]"},"WindowsFirewallDomainApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallDomainApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalFirewallRules'')]"},"WindowsFirewallDomainDisplayNotifications":{"value":"[parameters(''WindowsFirewallDomainDisplayNotifications'')]"},"WindowsFirewallPrivateUseProfileSettings":{"value":"[parameters(''WindowsFirewallPrivateUseProfileSettings'')]"},"WindowsFirewallPrivateBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPrivateBehaviorForOutboundConnections'')]"},"WindowsFirewallPrivateApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallPrivateApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalFirewallRules'')]"},"WindowsFirewallPrivateDisplayNotifications":{"value":"[parameters(''WindowsFirewallPrivateDisplayNotifications'')]"},"WindowsFirewallPublicUseProfileSettings":{"value":"[parameters(''WindowsFirewallPublicUseProfileSettings'')]"},"WindowsFirewallPublicBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPublicBehaviorForOutboundConnections'')]"},"WindowsFirewallPublicApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallPublicApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalFirewallRules'')]"},"WindowsFirewallPublicDisplayNotifications":{"value":"[parameters(''WindowsFirewallPublicDisplayNotifications'')]"},"WindowsFirewallDomainAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallDomainAllowUnicastResponse'')]"},"WindowsFirewallPrivateAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPrivateAllowUnicastResponse'')]"},"WindowsFirewallPublicAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPublicAllowUnicastResponse'')]"}}},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''nextGenerationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''apiAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"classicComputeVMsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''classicComputeVMsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"DeployDiagnosticSettingsforNetworkSecurityGroups","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89","parameters":{"storagePrefix":{"value":"[parameters(''DeployDiagnosticSettingsforNetworkSecurityGroupsstoragePrefix'')]"},"rgName":{"value":"[parameters(''DeployDiagnosticSettingsforNetworkSecurityGroupsrgName'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsNetworkAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30040dab-4e75-4456-8273-14b8f75d91d9","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsNetworkAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f56a3ab2-89d1-44de-ac0d-2ada5962e22a","parameters":{"NetworkAccessRemotelyAccessibleRegistryPaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPaths'')]"},"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths'')]"},"NetworkAccessSharesThatCanBeAccessedAnonymously":{"value":"[parameters(''NetworkAccessSharesThatCanBeAccessedAnonymously'')]"}}},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''webAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"AuditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"Audit_WindowsCertificateInTrustedRoot","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b9ad83-000d-4dc1-bff0-6d54533dd03f","parameters":{}},{"policyDefinitionReferenceId":"Deploy_WindowsCertificateInTrustedRoot","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/106ccbe4-a791-4f33-a44a-06796944b8d5","parameters":{"CertificateThumbprints":{"value":"[parameters(''CertificateThumbprints'')]"}}},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''apiAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceRbacEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''kubernetesServiceRbacEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b872a447-cc6f-43b9-bccf-45703cd81607","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e5b81f87-9185-4224-bf00-9f505e9f89f3","parameters":{"AccountsGuestAccountStatus":{"value":"[parameters(''DeployAzureBaselineSecurityOptionsAccountsAccountsGuestAccountStatus'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToManagementPortsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{"effect":{"value":"[parameters(''restrictAccessToManagementPortsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInEventHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInEventHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceFabricMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsRecoveryconsole","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b"},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsRecoveryconsole","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b","parameters":{"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/a169a624-5599-4385-a696-c8d643089fab","type":"Microsoft.Authorization/policySetDefinitions","name":"a169a624-5599-4385-a696-c8d643089fab"},{"properties":{"displayName":"Audit
Windows Server VMs on which Windows Serial Console is not enabled","policyType":"BuiltIn","description":"This
initiative deploys the policy requirements and audits Windows Server virtual
machines on which Windows Serial Console is not enabled. For more information
@@ -3631,7 +4355,81 @@ interactions:
Analytics workspace ID for VM agent reporting"}},"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"List
of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"listOfMembersToExcludeFromWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"List
of users excluded from Windows VM Administrators group"}},"listOfMembersToIncludeInWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"List
- of users that must be included in Windows VM Administrators group"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditCORSResourceAccessRestrictionsForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentMImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVMSSVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceforVMPreviewReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdforVMreporting'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditMaximumNumberOfOwnersForASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditMinimumNumberOfOwnersForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"PreviewAudiThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVMDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorVMVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"AuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de","parameters":{}},{"policyDefinitionReferenceId":"AuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a","parameters":{}},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingsScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{}},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","parameters":{"MembersToExclude":{"value":"[parameters(''listOfMembersToExcludeFromWindowsVMAdministratorsGroup'')]"}}},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","parameters":{"MembersToInclude":{"value":"[parameters(''listOfMembersToIncludeInWindowsVMAdministratorsGroup'')]"}}},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{}},{"policyDefinitionReferenceId":"TheNsGsRulesForWebApplicationsOnIaaSShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f","type":"Microsoft.Authorization/policySetDefinitions","name":"cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f"},{"properties":{"displayName":"[Preview]:
+ of users that must be included in Windows VM Administrators group"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(2)"]},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"PreviewAuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewAuditCORSResourceAccessRestrictionsForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4"]},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentMImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVMSSVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceforVMPreviewReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdforVMreporting'')]"}},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditMaximumNumberOfOwnersForASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"PreviewAuditMinimumNumberOfOwnersForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-5"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAudiThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3","NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3","NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(2)","NIST_SP_800-53_R4_CM-7(5)","NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"PreviewMonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)","NIST_SP_800-53_R4_SC-7(3)","NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVMDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"PreviewMonitorVMVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}},"groupNames":["NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-16","NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SC-28(1)","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-16","NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SC-28(1)","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"AuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"AuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingsScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)","NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","parameters":{"MembersToExclude":{"value":"[parameters(''listOfMembersToExcludeFromWindowsVMAdministratorsGroup'')]"}},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","parameters":{"MembersToInclude":{"value":"[parameters(''listOfMembersToIncludeInWindowsVMAdministratorsGroup'')]"}},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"TheNsGsRulesForWebApplicationsOnIaaSShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1000","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ef3cc79-733e-48ed-ab6f-7bf439e9b406","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-1"]},{"policyDefinitionReferenceId":"ACF1001","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e26f8c3-4bf3-4191-b8fc-d888805101b7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-1"]},{"policyDefinitionReferenceId":"ACF1002","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/632024c2-8079-439d-a7f6-90af1d78cc65","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1003","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b68b179-3704-4ff7-b51d-7d65374d165d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1004","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c17822dc-736f-4eb4-a97d-e6be662ff835","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1005","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b626abc-26d4-4e22-9de8-3831818526b1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1006","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aae8d54c-4bce-4c04-b3aa-5b65b67caac8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1007","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17200329-bf6c-46d8-ac6d-abf4641c2add","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1008","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8356cfc6-507a-4d20-b818-08038011cd07","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1009","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b26f8610-e615-47c2-abd6-c00b2b0b503a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1010","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/784663a8-1eb0-418a-a98c-24d19bc1bb62","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1011","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7e6a54f3-883f-43d5-87c4-172dfd64a1f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1012","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/efd7b9ae-1db6-4eb6-b0fe-87e6565f9738","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1013","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fd7b917-d83b-4379-af60-51e14e316c61","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(1)"]},{"policyDefinitionReferenceId":"ACF1014","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5dee936c-8037-4df1-ab35-6635733da48c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(2)"]},{"policyDefinitionReferenceId":"ACF1015","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/544a208a-9c3f-40bc-b1d1-d7e144495c14","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(3)"]},{"policyDefinitionReferenceId":"ACF1016","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d8b43277-512e-40c3-ab00-14b3b6e72238","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(4)"]},{"policyDefinitionReferenceId":"ACF1017","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0fc3db37-e59a-48c1-84e9-1780cedb409e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(5)"]},{"policyDefinitionReferenceId":"ACF1018","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9121abf-e698-4ee9-b1cf-71ee528ff07f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1019","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a3ee9b2-3977-459c-b8ce-2db583abd9f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1020","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b291ee8-3140-4cad-beb7-568c077c78ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1021","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a3eb0a3-428d-4669-baff-20a14eb4b551","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(9)"]},{"policyDefinitionReferenceId":"ACF1022","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/411f7e2d-9a0b-4627-a0b9-1700432db47d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(10)"]},{"policyDefinitionReferenceId":"ACF1023","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e55698b6-3dea-4aa9-99b9-d8218c6ab6e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(11)"]},{"policyDefinitionReferenceId":"ACF1024","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84914fb4-12da-4c53-a341-a9fd463bed10","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)"]},{"policyDefinitionReferenceId":"ACF1025","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/adfe020d-0a97-45f4-a39c-696ef99f3a95","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)"]},{"policyDefinitionReferenceId":"ACF1026","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/55419419-c597-4cd4-b51e-009fd2266783","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(13)"]},{"policyDefinitionReferenceId":"ACF1027","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-3"]},{"policyDefinitionReferenceId":"ACF1028","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f171df5c-921b-41e9-b12b-50801c315475","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4"]},{"policyDefinitionReferenceId":"ACF1029","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4(8)"]},{"policyDefinitionReferenceId":"ACF1030","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d3531453-b869-4606-9122-29c1cd6e7ed1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4(21)"]},{"policyDefinitionReferenceId":"ACF1031","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b93a801-fe25-4574-a60d-cb22acffae00","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1032","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa85661-d618-46b8-a20f-ca40a86f0751","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1033","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48540f01-fc11-411a-b160-42807c68896e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1034","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02a5ed00-6d2e-4e97-9a98-46c32c057329","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6"]},{"policyDefinitionReferenceId":"ACF1035","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ca94b046-45e2-444f-a862-dc8ce262a516","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(1)"]},{"policyDefinitionReferenceId":"ACF1036","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a16d673-8cf0-4dcf-b1d5-9b3e114fef71","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(2)"]},{"policyDefinitionReferenceId":"ACF1037","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa4c2a3d-1294-41a3-9ada-0e540471e9fb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(3)"]},{"policyDefinitionReferenceId":"ACF1038","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26692e88-71b7-4a5f-a8ac-9f31dd05bd8e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(5)"]},{"policyDefinitionReferenceId":"ACF1039","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3a7b9de4-a8a2-4672-914d-c5f6752aa7f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"ACF1040","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/54205576-cec9-463f-ba44-b4b3f5d0a84c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"ACF1041","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b3d8d15b-627a-4219-8c96-4d16f788888b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(8)"]},{"policyDefinitionReferenceId":"ACF1042","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/319dc4f0-0fed-4ac9-8fc3-7aeddee82c07","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(9)"]},{"policyDefinitionReferenceId":"ACF1043","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/361a77f6-0f9c-4748-8eec-bc13aaaa2455","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(10)"]},{"policyDefinitionReferenceId":"ACF1044","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0abbac52-57cf-450d-8408-1208d0dd9e90","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7"]},{"policyDefinitionReferenceId":"ACF1045","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/554d2dd6-f3a8-4ad5-b66f-5ce23bd18892","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7"]},{"policyDefinitionReferenceId":"ACF1046","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b1aa965-7502-41f9-92be-3e2fe7cc392a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7(2)"]},{"policyDefinitionReferenceId":"ACF1047","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1048","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/483e7ca9-82b3-45a2-be97-b93163a0deb7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1049","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9adf7ba7-900a-4f35-8d57-9f34aafc405c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1050","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd20184c-b4ec-4ce5-8db6-6e86352d183f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-10"]},{"policyDefinitionReferenceId":"ACF1051","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7cac6ee9-b58b-40c8-a5ce-f0efc3d9b339","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11"]},{"policyDefinitionReferenceId":"ACF1052","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/027cae1c-ec3e-4492-9036-4168d540c42a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11"]},{"policyDefinitionReferenceId":"ACF1053","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7582b19c-9dba-438e-aed8-ede59ac35ba3","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11(1)"]},{"policyDefinitionReferenceId":"ACF1054","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5807e1b4-ba5e-4718-8689-a0ca05a191b2","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12"]},{"policyDefinitionReferenceId":"ACF1055","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/769efd9b-3587-4e22-90ce-65ddcd5bd969","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12(1)"]},{"policyDefinitionReferenceId":"ACF1056","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac43352f-df83-4694-8738-cfce549fd08d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12(1)"]},{"policyDefinitionReferenceId":"ACF1057","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/78255758-6d45-4bf0-a005-7016bc03b13c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-14"]},{"policyDefinitionReferenceId":"ACF1058","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/76e85d08-8fbb-4112-a1c1-93521e6a9254","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-14"]},{"policyDefinitionReferenceId":"ACF1059","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a29b5d9f-4953-4afe-b560-203a6410b6b4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17"]},{"policyDefinitionReferenceId":"ACF1060","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34a987fd-2003-45de-a120-014956581f2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17"]},{"policyDefinitionReferenceId":"ACF1061","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ac22808-a2e8-41c4-9d46-429b50738914","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"ACF1062","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4708723f-e099-4af1-bbf9-b6df7642e444","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(2)"]},{"policyDefinitionReferenceId":"ACF1063","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/593ce201-54b2-4dd0-b34f-c308005d7780","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(3)"]},{"policyDefinitionReferenceId":"ACF1064","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb4d9508-cbf0-4a3c-bb5c-6c95b159f3fb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(4)"]},{"policyDefinitionReferenceId":"ACF1065","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f87b8085-dca9-4cf1-8f7b-9822b997797c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(4)"]},{"policyDefinitionReferenceId":"ACF1066","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4455c2e8-c65d-4acf-895e-304916f90b36","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(9)"]},{"policyDefinitionReferenceId":"ACF1067","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c5e54f6-0127-44d0-8b61-f31dc8dd6190","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18"]},{"policyDefinitionReferenceId":"ACF1068","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d045bca-a0fd-452e-9f41-4ec33769717c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18"]},{"policyDefinitionReferenceId":"ACF1069","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/91c97b44-791e-46e9-bad7-ab7c4949edbb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(1)"]},{"policyDefinitionReferenceId":"ACF1070","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68f837d0-8942-4b1e-9b31-be78b247bda8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(3)"]},{"policyDefinitionReferenceId":"ACF1071","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a437f5b-9ad6-4f28-8861-de404d511ae4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(4)"]},{"policyDefinitionReferenceId":"ACF1072","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1ca29e41-34ec-4e70-aba9-6248aca18c31","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(5)"]},{"policyDefinitionReferenceId":"ACF1073","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ab55cdb0-c7dd-4bd8-ae22-a7cea7594e9c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19"]},{"policyDefinitionReferenceId":"ACF1074","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/27a69937-af92-4198-9b86-08d355c7e59a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19"]},{"policyDefinitionReferenceId":"ACF1075","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fc933d22-04df-48ed-8f87-22a3773d4309","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19(5)"]},{"policyDefinitionReferenceId":"ACF1076","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/98a4bd5f-6436-46d4-ad00-930b5b1dfed4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20"]},{"policyDefinitionReferenceId":"ACF1077","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2dad3668-797a-412e-a798-07d3849a7a79","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20"]},{"policyDefinitionReferenceId":"ACF1078","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b25faf85-8a16-4f28-8e15-d05c0072d64d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(1)"]},{"policyDefinitionReferenceId":"ACF1079","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/85c32733-7d23-4948-88da-058e2c56b60f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(1)"]},{"policyDefinitionReferenceId":"ACF1080","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/852981b4-a380-4704-aa1e-2e52d63445e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(2)"]},{"policyDefinitionReferenceId":"ACF1081","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3867f2a9-23bb-4729-851f-c3ad98580caf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-21"]},{"policyDefinitionReferenceId":"ACF1082","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24d480ef-11a0-4b1b-8e70-4e023bf2be23","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-21"]},{"policyDefinitionReferenceId":"ACF1083","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e319cb6-2ca3-4a58-ad75-e67f484e50ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1084","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d0eb15db-dd1c-4d1d-b200-b12dd6cd060c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1085","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13d117e0-38b0-4bbb-aaab-563be5dd10ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1086","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb321e6f-16a0-4be3-878f-500956e309c5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1087","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/100c82ba-42e9-4d44-a2ba-94b209248583","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-1"]},{"policyDefinitionReferenceId":"ACF1088","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d50f99d-1356-49c0-934a-45f742ba7783","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-1"]},{"policyDefinitionReferenceId":"ACF1089","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef080e67-0d1a-4f76-a0c5-fb9b0358485e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1090","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2fb740e5-cbc7-4d10-8686-d1bf826652b1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1091","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b23bd715-5d1c-4e5c-9759-9cbdf79ded9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1092","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8a29d47b-8604-4667-84ef-90d203fcb305","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2(2)"]},{"policyDefinitionReferenceId":"ACF1093","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a0bdeeb-15f4-47e8-a1da-9f769f845fdf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1094","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4b1853e0-8973-446b-b567-09d901d31a09","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1095","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc3f6f7a-057b-433e-9834-e8c97b0194f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1096","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/420c1477-aa43-49d0-bd7e-c4abdd9addff","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3(3)"]},{"policyDefinitionReferenceId":"ACF1097","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf3e4836-f19e-47eb-a8cd-c3ca150452c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3(4)"]},{"policyDefinitionReferenceId":"ACF1098","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84363adb-dde3-411a-9fc1-36b56737f822","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-4"]},{"policyDefinitionReferenceId":"ACF1099","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01910bab-8639-4bd0-84ef-cc53b24d79ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-4"]},{"policyDefinitionReferenceId":"ACF1100","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4057863c-ca7d-47eb-b1e0-503580cba8a4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-1"]},{"policyDefinitionReferenceId":"ACF1101","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7327b708-f0e0-457d-9d2a-527fcc9c9a65","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-1"]},{"policyDefinitionReferenceId":"ACF1102","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9943c16a-c54c-4b4a-ad28-bfd938cdbf57","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1103","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16feeb31-6377-437e-bbab-d7f73911896d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1104","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdd8d244-18b2-4306-a1d1-df175ae0935f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1105","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b73f57b-587d-4470-a344-0b0ae805f459","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1106","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d2b4feae-61ab-423f-a4c5-0e38ac4464d8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2(3)"]},{"policyDefinitionReferenceId":"ACF1107","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b29ed931-8e21-4779-8458-27916122a904","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3"]},{"policyDefinitionReferenceId":"ACF1108","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9ad559e-c12d-415e-9a78-e50fdd7da7ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(1)"]},{"policyDefinitionReferenceId":"ACF1109","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7d9ffa23-ad92-4d0d-b1f4-7db274cc2aec","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)"]},{"policyDefinitionReferenceId":"ACF1110","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6182bfa7-0f2a-43f5-834a-a2ddf31c13c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-4"]},{"policyDefinitionReferenceId":"ACF1111","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21de687c-f15e-4e51-bf8d-f35c8619965b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5"]},{"policyDefinitionReferenceId":"ACF1112","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d530aad8-4ee2-45f4-b234-c061dae683c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5"]},{"policyDefinitionReferenceId":"ACF1113","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/562afd61-56be-4313-8fe4-b9564aa4ba7d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5(1)"]},{"policyDefinitionReferenceId":"ACF1114","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c090801-59bc-4454-bb33-e0455133486a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5(2)"]},{"policyDefinitionReferenceId":"ACF1115","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b653845-2ad9-4e09-a4f3-5a7c1d78353d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6"]},{"policyDefinitionReferenceId":"ACF1116","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e47bc51-35d1-44b8-92af-e2f2d8b67635","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6"]},{"policyDefinitionReferenceId":"ACF1117","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7fbfe680-6dbb-4037-963c-a621c5635902","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(1)"]},{"policyDefinitionReferenceId":"ACF1118","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a96f743d-a195-420d-983a-08aa06bc441e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(3)"]},{"policyDefinitionReferenceId":"ACF1119","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/845f6359-b764-4b40-b579-657aefe23c44","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(4)"]},{"policyDefinitionReferenceId":"ACF1120","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c69b870e-857b-458b-af02-bb234f7a00d3","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(5)"]},{"policyDefinitionReferenceId":"ACF1121","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c72b0eb9-1fc2-44e5-a866-e7cb0532f7c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(6)"]},{"policyDefinitionReferenceId":"ACF1122","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/243ec95e-800c-49d4-ba52-1fdd9f6b8b57","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(7)"]},{"policyDefinitionReferenceId":"ACF1123","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03996055-37a4-45a5-8b70-3f1caa45f87d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(10)"]},{"policyDefinitionReferenceId":"ACF1124","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c10152dd-78f8-4335-ae2d-ad92cc028da4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7"]},{"policyDefinitionReferenceId":"ACF1125","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c6ce745a-670e-47d3-a6c4-3cfe5ef00c10","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7"]},{"policyDefinitionReferenceId":"ACF1126","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f37f71b-420f-49bf-9477-9c0196974ecf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7(1)"]},{"policyDefinitionReferenceId":"ACF1127","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3ce328db-aef3-48ed-9f81-2ab7cf839c66","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8"]},{"policyDefinitionReferenceId":"ACF1128","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef212163-3bc4-4e86-bcf8-705127086393","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8"]},{"policyDefinitionReferenceId":"ACF1129","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/71bb965d-4047-4623-afd4-b8189a58df5d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8(1)"]},{"policyDefinitionReferenceId":"ACF1130","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd7c4c1d-51ee-4349-9dab-89a7f8c8d102","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8(1)"]},{"policyDefinitionReferenceId":"ACF1131","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b472a17e-c2bc-493f-b50b-42d55a346962","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9"]},{"policyDefinitionReferenceId":"ACF1132","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05938e10-cdbd-4a54-9b2b-1cbcfc141ad0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(2)"]},{"policyDefinitionReferenceId":"ACF1133","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90b60a09-133d-45bc-86ef-b206a6134bbe","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(3)"]},{"policyDefinitionReferenceId":"ACF1134","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e95f70e-181c-4422-9da2-43079710c789","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(4)"]},{"policyDefinitionReferenceId":"ACF1135","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9c308b6b-2429-4b97-86cf-081b8e737b04","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-10"]},{"policyDefinitionReferenceId":"ACF1136","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/97ed5bac-a92f-4f6d-a8ed-dc094723597c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-11"]},{"policyDefinitionReferenceId":"ACF1137","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4344df62-88ab-4637-b97b-bcaf2ec97e7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1138","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9c284fc0-268a-4f29-af44-3c126674edb4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1139","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ed62522-de00-4dda-9810-5205733d2f34","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1140","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90d8b8ad-8ee3-4db7-913f-2a53fcff5316","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12(1)"]},{"policyDefinitionReferenceId":"ACF1141","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6fdefbf4-93e7-4513-bc95-c1858b7093e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12(3)"]},{"policyDefinitionReferenceId":"ACF1142","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01524fa8-4555-48ce-ba5f-c3b8dcef5147","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-1"]},{"policyDefinitionReferenceId":"ACF1143","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c6de11b-5f51-4f7c-8d83-d2467c8a816e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-1"]},{"policyDefinitionReferenceId":"ACF1144","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2fa15ff1-a693-4ee4-b094-324818dc9a51","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1145","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0724970-9c75-4a64-a225-a28002953f28","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1146","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd83410c-ecb6-4547-8f14-748c3cbdc7ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1147","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fef824a-29a8-4a4c-88fc-420a39c0d541","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1148","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28e62650-c7c2-4786-bdfa-17edc1673902","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(1)"]},{"policyDefinitionReferenceId":"ACF1149","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2e1b855b-a013-481a-aeeb-2bcb129fd35d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(2)"]},{"policyDefinitionReferenceId":"ACF1150","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d630429d-e763-40b1-8fba-d20ba7314afb","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(3)"]},{"policyDefinitionReferenceId":"ACF1151","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/347e3b69-7fb7-47df-a8ef-71a1a7b44bca","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1152","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/beff0acf-7e67-40b2-b1ca-1a0e8205cf1b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1153","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/61cf3125-142c-4754-8a16-41ab4d529635","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1154","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e757ceb9-93b3-45fe-a4f4-f43f64f1ac5a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3(3)"]},{"policyDefinitionReferenceId":"ACF1155","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d33f9f1-12d0-46ad-9fbd-8f8046694977","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3(5)"]},{"policyDefinitionReferenceId":"ACF1156","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d52e864-9a3b-41ee-8f03-520815fe5378","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-5"]},{"policyDefinitionReferenceId":"ACF1157","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/15495367-cf68-464c-bbc3-f53ca5227b7a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-5"]},{"policyDefinitionReferenceId":"ACF1158","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fff50cf2-28eb-45b4-b378-c99412688907","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1159","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0925f098-7877-450b-8ba4-d1e55f2d8795","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1160","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3e797ca6-2aa8-4333-b335-7036f1110c05","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1161","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2f8f6c6-dde4-436b-a79d-bc50e129eb3a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1162","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1163","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/961663a1-8a91-4e59-b6f5-1eee57c0f49c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1164","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0fb8d3ce-9e96-481c-9c68-88d4e3019310","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1165","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47e10916-6c9e-446b-b0bd-ff5fd439d79d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1166","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bb02733d-3cc5-4bb0-a6cd-695ba2c2272e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1167","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cbb2be76-4891-430b-95a7-ca0b0a3d1300","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1168","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82409f9e-1f32-4775-bf07-b99d53a91b06","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7(1)"]},{"policyDefinitionReferenceId":"ACF1169","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e7ba2cb3-5675-4468-8b50-8486bdd998a5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7(3)"]},{"policyDefinitionReferenceId":"ACF1170","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8b78b9b3-ee3c-48e0-a243-ed6dba5b7a12","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-8"]},{"policyDefinitionReferenceId":"ACF1171","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d4820bc-8b61-4982-9501-2123cb776c00","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-8(1)"]},{"policyDefinitionReferenceId":"ACF1172","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b43e946e-a4c8-4b92-8201-4a39331db43c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-9"]},{"policyDefinitionReferenceId":"ACF1173","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4aff9e7-2e60-46fa-86be-506b79033fc5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-9"]},{"policyDefinitionReferenceId":"ACF1174","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/42a9a714-8fbb-43ac-b115-ea12d2bd652f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-1"]},{"policyDefinitionReferenceId":"ACF1175","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6dab4254-c30d-4bb7-ae99-1d21586c063c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-1"]},{"policyDefinitionReferenceId":"ACF1176","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c30690a5-7bf3-467f-b0cd-ef5c7c7449cd","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2"]},{"policyDefinitionReferenceId":"ACF1177","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1178","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7818b8f4-47c6-441a-90ae-12ce04e99893","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1179","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3f9ce557-c8ab-4e6c-bb2c-9b8ed002c46c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1180","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/874e7880-a067-42a7-bcbe-1a340f54c8cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(2)"]},{"policyDefinitionReferenceId":"ACF1181","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21839937-d241-4fa5-95c6-b669253d9ab9","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(3)"]},{"policyDefinitionReferenceId":"ACF1182","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f34f554-da4b-4786-8d66-7915c90893da","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(7)"]},{"policyDefinitionReferenceId":"ACF1183","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5352e3e0-e63a-452e-9e5f-9c1d181cff9c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(7)"]},{"policyDefinitionReferenceId":"ACF1184","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13579d0e-0ab0-4b26-b0fb-d586f6d7ed20","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1185","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6420cd73-b939-43b7-9d99-e8688fea053c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1186","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b95ba3bd-4ded-49ea-9d10-c6f4b680813d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1187","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9f2b2f9e-4ba6-46c3-907f-66db138b6f85","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1188","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bb20548a-c926-4e4d-855c-bcddc6faf95e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1189","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ee45e02a-4140-416c-82c4-fecfea660b9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1190","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c66a3d1e-465b-4f28-9da5-aef701b59892","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1191","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f26a61b-a74d-467c-99cf-63644db144f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1192","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ebd97f7-b105-4f50-8daf-c51465991240","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1193","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f5fd629f-3075-4cae-ab53-bad65495a4ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1194","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc34667f-397e-4a65-9b72-d0358f0b6b09","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1195","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d1e1d65c-1013-4484-bd54-991332e6a0d2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1196","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e7f4ea4-dd62-44f6-8886-ac6137cf52b0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1197","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a20d2eaa-88e2-4907-96a2-8f3a05797e5c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(2)"]},{"policyDefinitionReferenceId":"ACF1198","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f56be5c3-660b-4c61-9078-f67cf072c356","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(4)"]},{"policyDefinitionReferenceId":"ACF1199","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9a08d1c-09b1-48f1-90ea-029bbdf7111e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(6)"]},{"policyDefinitionReferenceId":"ACF1200","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e98fe9d7-2ed3-44f8-93b7-24dca69783ff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-4"]},{"policyDefinitionReferenceId":"ACF1201","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7daef997-fdd3-461b-8807-a608a6dd70f1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-4(1)"]},{"policyDefinitionReferenceId":"ACF1202","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40a2a83b-74f2-4c02-ae65-f460a5d2792a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5"]},{"policyDefinitionReferenceId":"ACF1203","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9012d14-e3e6-4d7b-b926-9f37b5537066","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(1)"]},{"policyDefinitionReferenceId":"ACF1204","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f4f6750-d1ab-4a4c-8dfd-af3237682665","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(2)"]},{"policyDefinitionReferenceId":"ACF1205","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b070cab-0fb8-4e48-ad29-fc90b4c2797c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(3)"]},{"policyDefinitionReferenceId":"ACF1206","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e0de232d-02a0-4652-872d-88afb4ae5e91","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(5)"]},{"policyDefinitionReferenceId":"ACF1207","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8713a0ed-0d1e-4d10-be82-83dffb39830e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(5)"]},{"policyDefinitionReferenceId":"ACF1208","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5ea87673-d06b-456f-a324-8abcee5c159f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1209","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ce669c31-9103-4552-ae9c-cdef4e03580d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1210","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3502c968-c490-4570-8167-1476f955e9b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1211","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a8b9dc8-6b00-4701-aa96-bba3277ebf50","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1212","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/56d970ee-4efc-49c8-8a4e-5916940d784c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6(1)"]},{"policyDefinitionReferenceId":"ACF1213","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/81f11e32-a293-4a58-82cd-134af52e2318","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6(2)"]},{"policyDefinitionReferenceId":"ACF1214","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f714a4e2-b580-47b6-ae8c-f2812d3750f3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7"]},{"policyDefinitionReferenceId":"ACF1215","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88fc93e8-4745-4785-b5a5-b44bb92c44ff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7"]},{"policyDefinitionReferenceId":"ACF1216","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7894fe6a-f5cb-44c8-ba90-c3f254ff9484","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(1)"]},{"policyDefinitionReferenceId":"ACF1217","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/edea4f20-b02c-4115-be75-86c080e5c0ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(1)"]},{"policyDefinitionReferenceId":"ACF1218","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4a1d0394-b9f5-493e-9e83-563fd0ac4df8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(2)"]},{"policyDefinitionReferenceId":"ACF1219","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2a39ac75-622b-4c88-9a3f-45b7373f7ef7","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1220","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40f31a7-81e1-4130-99e5-a02ceea2a1d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1221","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22589a07-0007-486a-86ca-95355081ae2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1222","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb39e62f-6bda-4558-8088-ec03d5670914","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8"]},{"policyDefinitionReferenceId":"ACF1223","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8"]},{"policyDefinitionReferenceId":"ACF1224","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28cfa30b-7f72-47ce-ba3b-eed26c8d2c82","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(1)"]},{"policyDefinitionReferenceId":"ACF1225","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8d096fe0-f510-4486-8b4d-d17dc230980b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(2)"]},{"policyDefinitionReferenceId":"ACF1226","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c158eb1c-ae7e-4081-8057-d527140c4e0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(3)"]},{"policyDefinitionReferenceId":"ACF1227","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03b78f5e-4877-4303-b0f4-eb6583f25768","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(3)"]},{"policyDefinitionReferenceId":"ACF1228","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/39c54140-5902-4079-8bb5-ad31936fe764","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(4)"]},{"policyDefinitionReferenceId":"ACF1229","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03752212-103c-4ab8-a306-7e813022ca9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(5)"]},{"policyDefinitionReferenceId":"ACF1230","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/11158848-f679-4e9b-aa7b-9fb07d945071","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1231","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/244e0c05-cc45-4fe7-bf36-42dcf01f457d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1232","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/396ba986-eac1-4d6d-85c4-d3fda6b78272","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1233","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d79001f-95fe-45d0-8736-f217e78c1f57","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1234","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b293f881-361c-47ed-b997-bc4e2296bc0b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1235","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c49c610b-ece4-44b3-988c-2172b70d6e46","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1236","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ba3ed84-c768-4e18-b87c-34ef1aff1b57","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1237","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e80b6812-0bfa-4383-8223-cdd86a46a890","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10(1)"]},{"policyDefinitionReferenceId":"ACF1238","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1239","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0be51298-f643-4556-88af-d7db90794879","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1240","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/129eb39f-d79a-4503-84cd-92f036b5e429","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1241","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eca4d7b2-65e2-4e04-95d4-c68606b063c3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11(1)"]},{"policyDefinitionReferenceId":"ACF1242","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf3b3293-667a-445e-a722-fa0b0afc0958","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-1"]},{"policyDefinitionReferenceId":"ACF1243","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ca9a4469-d6df-4ab2-a42f-1213c396f0ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-1"]},{"policyDefinitionReferenceId":"ACF1244","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a13a8f8-c163-4b1b-8554-d63569dab937","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1245","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0e45314-57b8-4623-80cd-bbb561f59516","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1246","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/398eb61e-8111-40d5-a0c9-003df28f1753","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1247","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e666db5-b2ef-4b06-aac6-09bfce49151b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1248","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50fc602d-d8e0-444b-a039-ad138ee5deb0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1249","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d3bf4251-0818-42db-950b-afd5b25a51c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1250","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8de614d8-a8b7-4f70-a62a-6d37089a002c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1251","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e2b3730-8c14-4081-8893-19dbb5de7348","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(1)"]},{"policyDefinitionReferenceId":"ACF1252","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a328fd72-8ff5-4f96-8c9c-b30ed95db4ab","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(2)"]},{"policyDefinitionReferenceId":"ACF1253","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0afce0b3-dd9f-42bb-af28-1e4284ba8311","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(3)"]},{"policyDefinitionReferenceId":"ACF1254","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/704e136a-4fe0-427c-b829-cd69957f5d2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(4)"]},{"policyDefinitionReferenceId":"ACF1255","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3793f5e-937f-44f7-bfba-40647ef3efa0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(5)"]},{"policyDefinitionReferenceId":"ACF1256","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/232ab24b-810b-4640-9019-74a7d0d6a980","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(8)"]},{"policyDefinitionReferenceId":"ACF1257","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b958b241-4245-4bd6-bd2d-b8f0779fb543","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1258","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7814506c-382c-4d33-a142-249dd4a0dbff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1259","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d9e18f7-bad9-4d30-8806-a0c9d5e26208","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1260","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/42254fc4-2738-4128-9613-72aaa4f0d9c3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3(1)"]},{"policyDefinitionReferenceId":"ACF1261","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/65aeceb5-a59c-4cb1-8d82-9c474be5d431","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1262","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/831e510e-db41-4c72-888e-a0621ab62265","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1263","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41472613-3b05-49f6-8fe8-525af113ce17","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1264","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd280d4b-50a1-42fb-a479-ece5878acf19","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(1)"]},{"policyDefinitionReferenceId":"ACF1265","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a18adb5b-1db6-4a5b-901a-7d3797d12972","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(2)"]},{"policyDefinitionReferenceId":"ACF1266","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b4a3eb2-c25d-40bf-ad41-5094b6f59cee","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(2)"]},{"policyDefinitionReferenceId":"ACF1267","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e97ba1d-be5d-4953-8da4-0cccf28f4805","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6"]},{"policyDefinitionReferenceId":"ACF1268","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23f6e984-3053-4dfc-ab48-543b764781f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6"]},{"policyDefinitionReferenceId":"ACF1269","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/19b9439d-865d-4474-b17d-97d2702fdb66","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(1)"]},{"policyDefinitionReferenceId":"ACF1270","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53c76a39-2097-408a-b237-b279f7b4614d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(2)"]},{"policyDefinitionReferenceId":"ACF1271","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da3bfb53-9c46-4010-b3db-a7ba1296dada","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(3)"]},{"policyDefinitionReferenceId":"ACF1272","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1273","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e77fcbf2-a1e8-44f1-860e-ed6583761e65","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1274","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2aee175f-cd16-4825-939a-a85349d96210","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1275","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a23d9d53-ad2e-45ef-afd5-e6d10900a737","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(1)"]},{"policyDefinitionReferenceId":"ACF1276","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e214e563-1206-4a43-a56b-ac5880c9c571","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(2)"]},{"policyDefinitionReferenceId":"ACF1277","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dc43e829-3d50-4a0a-aa0f-428d551862aa","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(3)"]},{"policyDefinitionReferenceId":"ACF1278","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8e5ef485-9e16-4c53-a475-fbb8107eac59","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(4)"]},{"policyDefinitionReferenceId":"ACF1279","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8"]},{"policyDefinitionReferenceId":"ACF1280","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa108498-b3a8-4ffb-9e79-1107e76afad3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(1)"]},{"policyDefinitionReferenceId":"ACF1281","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8dc459b3-0e77-45af-8d71-cfd8c9654fe2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(1)"]},{"policyDefinitionReferenceId":"ACF1282","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34042a97-ec6d-4263-93d2-8c1c46823b2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(2)"]},{"policyDefinitionReferenceId":"ACF1283","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9172e76-7f56-46e9-93bf-75d69bdb5491","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(3)"]},{"policyDefinitionReferenceId":"ACF1284","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/942b3e97-6ae3-410e-a794-c9c999b97c0b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1285","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01f7726b-db54-45c2-bcb5-9bd7a43796ee","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1286","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4f9b47a-2116-4e6f-88db-4edbf22753f1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1287","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/819dc6da-289d-476e-8500-7e341ef8677d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1288","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1289","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a724864-956a-496c-b778-637cb1d762cf","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1290","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/92f85ce9-17b7-49ea-85ee-ea7271ea6b82","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1291","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(1)"]},{"policyDefinitionReferenceId":"ACF1292","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d03516cf-0293-489f-9b32-a18f2a79f836","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(2)"]},{"policyDefinitionReferenceId":"ACF1293","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/87f7cd82-2e45-4d0f-9e2f-586b0962d142","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(3)"]},{"policyDefinitionReferenceId":"ACF1294","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/49dbe627-2c1e-438c-979e-dd7a39bbf81d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(5)"]},{"policyDefinitionReferenceId":"ACF1295","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a895fbdb-204d-4302-9689-0a59dc42b3d9","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10"]},{"policyDefinitionReferenceId":"ACF1296","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e57b98a0-a011-4956-a79d-5d17ed8b8e48","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10(2)"]},{"policyDefinitionReferenceId":"ACF1297","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93fd8af1-c161-4bae-9ba9-f62731f76439","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10(4)"]},{"policyDefinitionReferenceId":"ACF1298","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1dc784b5-4895-4d27-9d40-a06b032bd1ee","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-1"]},{"policyDefinitionReferenceId":"ACF1299","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd4e54f7-9ab0-4bae-b6cc-457809948a89","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-1"]},{"policyDefinitionReferenceId":"ACF1300","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/99deec7d-5526-472e-b07c-3645a792026a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2"]},{"policyDefinitionReferenceId":"ACF1301","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"ACF1302","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09828c65-e323-422b-9774-9d5c646124da","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(2)"]},{"policyDefinitionReferenceId":"ACF1303","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/80ca0a27-918a-4604-af9e-723a27ee51e8","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(3)"]},{"policyDefinitionReferenceId":"ACF1304","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(4)"]},{"policyDefinitionReferenceId":"ACF1305","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d9166a8-1722-4b8f-847c-2cf3f2618b3d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(5)"]},{"policyDefinitionReferenceId":"ACF1306","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(8)"]},{"policyDefinitionReferenceId":"ACF1307","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84e622c8-4bed-417c-84c6-b2fb0dd73682","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(9)"]},{"policyDefinitionReferenceId":"ACF1308","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/81817e1c-5347-48dd-965a-40159d008229","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(11)"]},{"policyDefinitionReferenceId":"ACF1309","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f355d62b-39a8-4ba3-abf7-90f71cb3b000","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(12)"]},{"policyDefinitionReferenceId":"ACF1310","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/450d7ede-823d-4931-a99d-57f6a38807dc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-3"]},{"policyDefinitionReferenceId":"ACF1311","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e7568697-0c9e-4ea3-9cec-9e567d14f3c6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1312","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d6a5968-9eef-4c18-8534-376790ab7274","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1313","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36220f5b-79a1-4cdb-8c74-2d2449f9a510","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1314","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef0c8530-efd9-45b8-b753-f03083d06295","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1315","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3aa87116-f1a1-4edb-bfbf-14e036f8d454","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1316","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ce14753-66e5-465d-9841-26ef55c09c0d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4(4)"]},{"policyDefinitionReferenceId":"ACF1317","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8877f519-c166-47b7-81b7-8a8eb4ff3775","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1318","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fced5fda-3bdb-4d73-bfea-0e2c80428b66","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1319","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/66f7ae57-5560-4fc5-85c9-659f204e7a42","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1320","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6f54c732-71d4-4f93-a696-4e373eca3a77","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1321","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb627cc6-3a9d-46b5-96b7-5fca49178a37","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1322","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d1d971e-467e-4278-9633-c74c3d4fecc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1323","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abe8f70b-680f-470c-9b86-a7edfb664ecc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1324","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cfea2b3-7f77-497e-ac20-0752f2ff6eee","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1325","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1845796a-7581-49b2-ae20-443121538e19","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1326","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8605fc00-1bf5-4fb3-984e-c95cec4f231d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1327","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03188d8f-1ae5-4fe1-974d-2d7d32ef937d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1328","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f5c66fdc-3d02-4034-9db5-ba57802609de","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1329","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/498f6234-3e20-4b6a-a880-cbd646d973bd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1330","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f75cedb2-5def-4b31-973e-b69e8c7bd031","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1331","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05460fe2-301f-4ed1-8174-d62c8bb92ff4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1332","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/068260be-a5e6-4b0a-a430-cd27071c226a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1333","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3298d6bf-4bc6-4278-a95d-f7ef3ac6e594","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1334","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44bfdadc-8c2e-4c30-9c99-f005986fabcd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1335","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/382016f3-d4ba-4e15-9716-55077ec4dc2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1336","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/77f56280-e367-432a-a3b9-8ca2aa636a26","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1337","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/463e5220-3f79-4e24-a63f-343e4096cd22","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(3)"]},{"policyDefinitionReferenceId":"ACF1338","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6c59a207-6aed-41dc-83a2-e1ff66e4a4db","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(4)"]},{"policyDefinitionReferenceId":"ACF1339","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/367ae386-db7f-4167-b672-984ff86277c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(6)"]},{"policyDefinitionReferenceId":"ACF1340","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e51ff84b-e5ea-408f-b651-2ecc2933e4c6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(7)"]},{"policyDefinitionReferenceId":"ACF1341","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34cb7e92-fe4c-4826-b51e-8cd203fa5d35","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(8)"]},{"policyDefinitionReferenceId":"ACF1342","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/283a4e29-69d5-4c94-b99e-29acf003c899","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(11)"]},{"policyDefinitionReferenceId":"ACF1343","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c251a55-31eb-4e53-99c6-e9c43c393ac2","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(13)"]},{"policyDefinitionReferenceId":"ACF1344","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c895fe7-2d8e-43a2-838c-3a533a5b355e","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-6"]},{"policyDefinitionReferenceId":"ACF1345","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f86aa129-7c07-4aa4-bbf5-792d93ffd9ea","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-7"]},{"policyDefinitionReferenceId":"ACF1346","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/464dc8ce-2200-4720-87a5-dc5952924cc6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8"]},{"policyDefinitionReferenceId":"ACF1347","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/131a2706-61e9-4916-a164-00e052056462","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(1)"]},{"policyDefinitionReferenceId":"ACF1348","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/855ced56-417b-4d74-9d5f-dd1bc81e22d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(2)"]},{"policyDefinitionReferenceId":"ACF1349","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17641f70-94cd-4a5d-a613-3d1143e20e34","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(3)"]},{"policyDefinitionReferenceId":"ACF1350","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d77fd943-6ba6-4a21-ba07-22b03e347cc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(4)"]},{"policyDefinitionReferenceId":"ACF1351","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bcfb6683-05e5-4ce6-9723-c3fbe9896bdd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-1"]},{"policyDefinitionReferenceId":"ACF1352","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/518cb545-bfa8-43f8-a108-3b7d5037469a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-1"]},{"policyDefinitionReferenceId":"ACF1353","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c785ad59-f78f-44ad-9a7f-d1202318c748","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1354","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9fd92c17-163a-4511-bb96-bbb476449796","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1355","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90e01f69-3074-4de8-ade7-0fef3e7d83e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1356","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8829f8f5-e8be-441e-85c9-85b72a5d0ef3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2(1)"]},{"policyDefinitionReferenceId":"ACF1357","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e4213689-05e8-4241-9d4e-8dd1cdafd105","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2(2)"]},{"policyDefinitionReferenceId":"ACF1358","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/effbaeef-5bf4-400d-895e-ef8cbc0e64c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-3"]},{"policyDefinitionReferenceId":"ACF1359","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47bc7ea0-7d13-4f7c-a154-b903f7194253","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-3(2)"]},{"policyDefinitionReferenceId":"ACF1360","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/be5b05e7-0b82-4ebc-9eda-25e447b1a41e","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1361","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03ed3be1-7276-4452-9a5d-e4168565ac67","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1362","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5d169442-d6ef-439b-8dca-46c2c3248214","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1363","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea3e8156-89a1-45b1-8bd6-938abc79fdfd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(1)"]},{"policyDefinitionReferenceId":"ACF1364","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c615c2a-dc83-4dda-8220-abce7b50c9bc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(2)"]},{"policyDefinitionReferenceId":"ACF1365","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4116891d-72f7-46ee-911c-8056cc8dcbd5","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(3)"]},{"policyDefinitionReferenceId":"ACF1366","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06c45c30-ae44-4f0f-82be-41331da911cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(4)"]},{"policyDefinitionReferenceId":"ACF1367","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/435b2547-6374-4f87-b42d-6e8dbe6ae62a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(6)"]},{"policyDefinitionReferenceId":"ACF1368","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/465f32da-0ace-4603-8d1b-7be5a3a702de","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(8)"]},{"policyDefinitionReferenceId":"ACF1369","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/18cc35ed-a429-486d-8d59-cb47e87304ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-5"]},{"policyDefinitionReferenceId":"ACF1370","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/924e1b2d-c502-478f-bfdb-a7e09a0d5c01","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-5(1)"]},{"policyDefinitionReferenceId":"ACF1371","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9447f354-2c85-4700-93b3-ecdc6cb6a417","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6"]},{"policyDefinitionReferenceId":"ACF1372","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/25b96717-c912-4c00-9143-4e487f411726","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6"]},{"policyDefinitionReferenceId":"ACF1373","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4cca950f-c3b7-492a-8e8f-ea39663c14f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6(1)"]},{"policyDefinitionReferenceId":"ACF1374","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc5c8616-52ef-4e5e-8000-491634ed9249","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7"]},{"policyDefinitionReferenceId":"ACF1375","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/00379355-8932-4b52-b63a-3bc6daf3451a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(1)"]},{"policyDefinitionReferenceId":"ACF1376","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/493a95f3-f2e3-47d0-af02-65e6d6decc2f","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(2)"]},{"policyDefinitionReferenceId":"ACF1377","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68434bd1-e14b-4031-9edb-a4adf5f84a67","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(2)"]},{"policyDefinitionReferenceId":"ACF1378","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/97fceb70-6983-42d0-9331-18ad8253184d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1379","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9442dd2c-a07f-46cd-b55a-553b66ba47ca","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1380","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4319b7e-ea8d-42ff-8a67-ccd462972827","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1381","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e5368258-9684-4567-8126-269f34e65eab","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1382","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/841392b3-40da-4473-b328-4cde49db67b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1383","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d4558451-e16a-4d2d-a066-fe12a6282bb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1384","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/79fbc228-461c-4a45-9004-a865ca0728a7","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1385","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3e495e65-8663-49ca-9b38-9f45e800bc58","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1386","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5120193e-91fd-4f9d-bc6d-194f94734065","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1387","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3007185-3857-43a9-8237-06ca94f1084c","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1388","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c7c575a-d4c5-4f6f-bd49-dee97a8cba55","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1389","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c39e6fda-ae70-4891-a739-be7bba6d1062","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1390","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3b65b63-09ec-4cb5-8028-7dd324d10eb0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(1)"]},{"policyDefinitionReferenceId":"ACF1391","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd6ac1a1-660e-4810-baa8-74e868e2ed47","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(2)"]},{"policyDefinitionReferenceId":"ACF1392","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86dc819f-15e1-43f9-a271-41ae58d4cecc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(3)"]},{"policyDefinitionReferenceId":"ACF1393","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/731856d8-1598-4b75-92de-7d46235747c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(4)"]},{"policyDefinitionReferenceId":"ACF1394","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4db56f68-3f50-45ab-88f3-ca46f5379a94","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-1"]},{"policyDefinitionReferenceId":"ACF1395","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7207a023-a517-41c5-9df2-09d4c6845a05","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-1"]},{"policyDefinitionReferenceId":"ACF1396","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/276af98f-4ff9-4e69-99fb-c9b2452fb85f","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1397","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/391af4ab-1117-46b9-b2c7-78bbd5cd995b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1398","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/443e8f3d-b51a-45d8-95a7-18b0e42f4dc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1399","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2256e638-eb23-480f-9e15-6cf1af0a76b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1400","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a96d5098-a604-4cdf-90b1-ef6449a27424","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1401","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b78ee928-e3c1-4569-ad97-9f8c4b629847","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1402","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a560d32-8075-4fec-9615-9f7c853f4ea9","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2(2)"]},{"policyDefinitionReferenceId":"ACF1403","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/57149289-d52b-4f40-9fe6-5233c1ef80f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2(2)"]},{"policyDefinitionReferenceId":"ACF1404","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13d8f903-0cd6-449f-a172-50f6579c182b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3"]},{"policyDefinitionReferenceId":"ACF1405","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(1)"]},{"policyDefinitionReferenceId":"ACF1406","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0f5339c-9292-43aa-a0bc-d27c6b8e30aa","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(2)"]},{"policyDefinitionReferenceId":"ACF1407","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ff9fbd83-1d8d-4b41-aac2-94cb44b33976","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1408","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c5f56ac6-4bb2-4086-bc41-ad76344ba2c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1409","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d1880188-e51a-4772-b2ab-68f5e8bd27f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1410","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2596a9f-e59f-420d-9625-6e0b536348be","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1411","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/898d4fe8-f743-4333-86b7-0c9245d93e7d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1412","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3492d949-0dbb-4589-88b3-7b59601cc764","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1413","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeedddb6-6bc0-42d5-809b-80048033419d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1414","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ce63a52-e47b-4ae2-adbb-6e40d967f9e6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1415","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/61a1dd98-b259-4840-abd5-fbba7ee0da83","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1416","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/38dfd8a3-5290-4099-88b7-4081f4c4d8ae","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(2)"]},{"policyDefinitionReferenceId":"ACF1417","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7522ed84-70d5-4181-afc0-21e50b1b6d0e","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(3)"]},{"policyDefinitionReferenceId":"ACF1418","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28e633fd-284e-4ea7-88b4-02ca157ed713","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(3)"]},{"policyDefinitionReferenceId":"ACF1419","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6747bf9-2b97-45b8-b162-3c8becb9937d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(6)"]},{"policyDefinitionReferenceId":"ACF1420","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05ae08cc-a282-413b-90c7-21a2c60b8404","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1421","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e539caaa-da8c-41b8-9e1e-449851e2f7a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1422","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea556850-838d-4a37-8ce5-9d7642f95e11","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1423","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7741669e-d4f6-485a-83cb-e70ce7cbbc20","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5(1)"]},{"policyDefinitionReferenceId":"ACF1424","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf55fc87-48e1-4676-a2f8-d9a8cf993283","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5(1)"]},{"policyDefinitionReferenceId":"ACF1425","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5983d99c-f39b-4c32-a3dc-170f19f6941b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-6"]},{"policyDefinitionReferenceId":"ACF1426","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21f639bc-f42b-46b1-8f40-7a2a389c291a","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-1"]},{"policyDefinitionReferenceId":"ACF1427","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc90e44f-d83f-4bdf-900f-3d5eb4111b31","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-1"]},{"policyDefinitionReferenceId":"ACF1428","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a77fcc7-b8d8-451a-ab52-56197913c0c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-2"]},{"policyDefinitionReferenceId":"ACF1429","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b07c9b24-729e-4e85-95fc-f224d2d08a80","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-3"]},{"policyDefinitionReferenceId":"ACF1430","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f559588-5e53-4b14-a7c4-85d28ebc2234","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-3"]},{"policyDefinitionReferenceId":"ACF1431","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7173c52-2b99-4696-a576-63dd5f970ef4","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-4"]},{"policyDefinitionReferenceId":"ACF1432","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1140e542-b80d-4048-af45-3f7245be274b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-4"]},{"policyDefinitionReferenceId":"ACF1433","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b879b41-2728-41c5-ad24-9ee2c37cbe65","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1434","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c18f06b-a68d-41c3-8863-b8cd3acb5f8f","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1435","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa8d221b-d130-4637-ba16-501e666628bb","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1436","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28aab8b4-74fd-4b7c-9080-5a7be525d574","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1437","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d1eb6ed-bf13-4046-b993-b9e2aef0f76c","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5(4)"]},{"policyDefinitionReferenceId":"ACF1438","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40fcc635-52a2-4dbc-9523-80a1f4aa1de6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6"]},{"policyDefinitionReferenceId":"ACF1439","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dce72873-c5f1-47c3-9b4f-6b8207fd5a45","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6"]},{"policyDefinitionReferenceId":"ACF1440","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/881299bf-2a5b-4686-a1b2-321d33679953","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(1)"]},{"policyDefinitionReferenceId":"ACF1441","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6519d7f3-e8a2-4ff3-a935-9a9497152ad7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(2)"]},{"policyDefinitionReferenceId":"ACF1442","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f26049b-2c5a-4841-9ff3-d48a26aae475","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(3)"]},{"policyDefinitionReferenceId":"ACF1443","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cd0ec6fa-a2e7-4361-aee4-a8688659a9ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-7"]},{"policyDefinitionReferenceId":"ACF1444","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/666143df-f5e0-45bd-b554-135f0f93e44e","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-7(1)"]},{"policyDefinitionReferenceId":"ACF1445","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32d07d59-2716-4972-b37b-214a67ac4a37","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-1"]},{"policyDefinitionReferenceId":"ACF1446","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf6850fe-abba-468e-9ef4-d09ec7d983cd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-1"]},{"policyDefinitionReferenceId":"ACF1447","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9783a99-98fe-4a95-873f-29613309fe9a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1448","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/825d6494-e583-42f2-a3f2-6458e6f0004f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1449","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f784d3b0-5f2b-49b7-b9f3-00ba8653ced5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1450","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/134d7a13-ba3e-41e2-b236-91bfcfa24e01","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1451","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3f1e5a3-25c1-4476-8cb6-3955031f8e65","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1452","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82c76455-4d3f-4e09-a654-22e592107e74","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1453","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9693b564-3008-42bc-9d5d-9c7fe198c011","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1454","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ad58985d-ab32-4f99-8bd3-b7e134c90229","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1455","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/068a88d4-e520-434e-baf0-9005a8164e6a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1456","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/733ba9e3-9e7c-440a-a7aa-6196a90a2870","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1457","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f2d9d3e6-8886-4305-865d-639163e5c305","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1458","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c19ceb7-56e9-4488-8ddb-b1eb3aa6d203","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3(1)"]},{"policyDefinitionReferenceId":"ACF1459","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-4"]},{"policyDefinitionReferenceId":"ACF1460","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6f3ce1bb-4f77-4695-8355-70b08d54fdda","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-5"]},{"policyDefinitionReferenceId":"ACF1461","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aafef03e-fea8-470b-88fa-54bd1fcd7064","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1462","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9b1f3a9a-13a1-4b40-8420-36bca6fd8c02","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1463","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/59721f87-ae25-4db0-a2a4-77cc5b25d495","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1464","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41256567-1795-4684-b00b-a1308ce43cac","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6(1)"]},{"policyDefinitionReferenceId":"ACF1465","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6e41554-86b5-4537-9f7f-4fc41a1d1640","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6(4)"]},{"policyDefinitionReferenceId":"ACF1466","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d943a9c-a6f1-401f-a792-740cdb09c451","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8"]},{"policyDefinitionReferenceId":"ACF1467","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5350cbf9-8bdd-4904-b22a-e88be84ca49d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8"]},{"policyDefinitionReferenceId":"ACF1468","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/75603f96-80a1-4757-991d-5a1221765ddd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8(1)"]},{"policyDefinitionReferenceId":"ACF1469","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-9"]},{"policyDefinitionReferenceId":"ACF1470","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c89ba09f-2e0f-44d0-8095-65b05bd151ef","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1471","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7dd0e9ce-1772-41fb-a50a-99977071f916","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1472","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef869332-921d-4c28-9402-3be73e6e50c8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1473","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d7047705-d719-46a7-8bb0-76ad233eba71","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-11"]},{"policyDefinitionReferenceId":"ACF1474","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03ad326e-d7a1-44b1-9a76-e17492efc9e4","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-11(1)"]},{"policyDefinitionReferenceId":"ACF1475","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34a63848-30cf-4081-937e-ce1a1c885501","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-12"]},{"policyDefinitionReferenceId":"ACF1476","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f3c4ac2-3e35-4906-a80b-473b12a622d7","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13"]},{"policyDefinitionReferenceId":"ACF1477","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4862a63c-6c74-4a9d-a221-89af3c374503","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(1)"]},{"policyDefinitionReferenceId":"ACF1478","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f997df46-cfbb-4cc8-aac8-3fecdaf6a183","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(2)"]},{"policyDefinitionReferenceId":"ACF1479","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e327b072-281d-4f75-9c28-4216e5d72f26","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(3)"]},{"policyDefinitionReferenceId":"ACF1480","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/18a767cc-1947-4338-a240-bc058c81164f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14"]},{"policyDefinitionReferenceId":"ACF1481","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/717a1c78-a267-4f56-ac58-ee6c54dc4339","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14"]},{"policyDefinitionReferenceId":"ACF1482","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9df4277e-8c88-4d5c-9b1a-541d53d15d7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14(2)"]},{"policyDefinitionReferenceId":"ACF1483","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5cb81060-3c8a-4968-bcdc-395a1801f6c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-15"]},{"policyDefinitionReferenceId":"ACF1484","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/486b006a-3653-45e8-b41c-a052d3e05456","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-15(1)"]},{"policyDefinitionReferenceId":"ACF1485","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50301354-95d0-4a11-8af5-8039ecf6d38b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-16"]},{"policyDefinitionReferenceId":"ACF1486","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb790345-a51f-43de-934e-98dbfaf9dca5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1487","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c3371d-c30c-4f58-abd9-30b8a8199571","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1488","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d8ef30eb-a44f-47af-8524-ac19a36d41d2","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1489","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0a794f-1444-4c96-9534-e35fc8c39c91","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-18"]},{"policyDefinitionReferenceId":"ACF1490","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e61da80-0957-4892-b70c-609d5eaafb6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-1"]},{"policyDefinitionReferenceId":"ACF1491","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1571dd40-dafc-4ef4-8f55-16eba27efc7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-1"]},{"policyDefinitionReferenceId":"ACF1492","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ad5f307-e045-46f7-8214-5bdb7e973737","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1493","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22b469b3-fccf-42da-aa3b-a28e6fb113ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1494","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ed09d84-3311-4853-8b67-2b55dfa33d09","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1495","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4978d0e-a596-48e7-9f8c-bbf52554ce8d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1496","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ca96127-2f87-46ab-a4fc-0d2a786df1c8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1497","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2e3c5583-1729-4d36-8771-59c32f090a22","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2(3)"]},{"policyDefinitionReferenceId":"ACF1498","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/633988b9-cf2f-4323-8394-f0d2af9cd6e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1499","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e59671ab-9720-4ee2-9c60-170e8c82251e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1500","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9dd5b241-03cb-47d3-a5cd-4b89f9c53c92","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1501","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88817b58-8472-4f6c-81fa-58ce42b67f51","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1502","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e901375c-8f01-4ac8-9183-d5312f47fe63","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4(1)"]},{"policyDefinitionReferenceId":"ACF1503","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c1fa9c2f-d439-4ab9-8b83-81fb1934f81d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1504","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e7c35d0-12d4-4e0c-80a2-8a352537aefd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1505","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/813a10a7-3943-4fe3-8678-00dc52db5490","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1506","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f7d2ff17-d604-4dd9-b607-9ecf63f28ad2","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-1"]},{"policyDefinitionReferenceId":"ACF1507","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86ccd1bf-e7ad-4851-93ce-6ec817469c1e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-1"]},{"policyDefinitionReferenceId":"ACF1508","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/76f500cc-4bca-4583-bda1-6d084dc21086","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1509","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/70792197-9bfc-4813-905a-bd33993e327f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1510","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/79da5b09-0e7e-499e-adda-141b069c7998","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1511","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9eae324-d327-4539-9293-b48e122465f8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3"]},{"policyDefinitionReferenceId":"ACF1512","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5a8324ad-f599-429b-aaed-f9c6e8c987a8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3"]},{"policyDefinitionReferenceId":"ACF1513","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c416970d-b12b-49eb-8af4-fb144cd7c290","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3(3)"]},{"policyDefinitionReferenceId":"ACF1514","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ed5ca00-0e43-434e-a018-7aab91461ba7","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3(3)"]},{"policyDefinitionReferenceId":"ACF1515","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02dd141a-a2b2-49a7-bcbd-ca31142f6211","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1516","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da3cd269-156f-435b-b472-c3af34c032ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1517","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8f5ad423-50d6-4617-b058-69908f5586c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1518","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d58f734-c052-40e9-8b2f-a1c2bff0b815","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1519","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2f13915a-324c-4ab8-b45c-2eefeeefb098","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1520","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f2c513b-eb16-463b-b469-c10e5fa94f0a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1521","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cbddf9c-a3aa-4330-a0f5-4c0c1f1862e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4(2)"]},{"policyDefinitionReferenceId":"ACF1522","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/38b470cc-f939-4a15-80e0-9f0c74f2e2c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1523","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5577a310-2551-49c8-803b-36e0d5e55601","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1524","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/72f1cb4e-2439-4fe8-88ea-b8671ce3c268","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1525","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9be2f688-7a61-45e3-8230-e1ec93893f66","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1526","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/953e6261-a05a-44fd-8246-000e1a3edbb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1527","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2823de66-332f-4bfd-94a3-3eb036cd3b67","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1528","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/deb9797c-22f8-40e8-b342-a84003c924e6","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1529","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d74fdc92-1cb8-4a34-9978-8556425cd14c","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1530","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e8f9566-29f1-49cd-b61f-f8628a3cf993","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1531","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0643e0c-eee5-4113-8684-c608d05c5236","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1532","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2c66299-9017-4d95-8040-8bdbf7901d52","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1533","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bba2a036-fb3b-4261-b1be-a13dfb5fbcaa","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1534","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8b2b263e-cd05-4488-bcbf-4debec7a17d9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-8"]},{"policyDefinitionReferenceId":"ACF1535","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9a165d2-967d-4733-8399-1074270dae2e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-8"]},{"policyDefinitionReferenceId":"ACF1536","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e40d9de-2ad4-4cb5-8945-23143326a502","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-1"]},{"policyDefinitionReferenceId":"ACF1537","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b19454ca-0d70-42c0-acf5-ea1c1e5726d1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-1"]},{"policyDefinitionReferenceId":"ACF1538","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d7658b2-e827-49c3-a2ae-6d2bd0b45874","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1539","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aabb155f-e7a5-4896-a767-e918bfae2ee0","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1540","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f771f8cb-6642-45cc-9a15-8a41cd5c6977","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1541","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/70f6af82-7be6-44aa-9b15-8b9231b2e434","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1542","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eab340d0-3d55-4826-a0e5-feebfeb0131d","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1543","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd00b778-b5b5-49c0-a994-734ea7bd3624","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1544","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/43ced7c9-cd53-456b-b0da-2522649a4271","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1545","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3f4b171a-a56b-4328-8112-32cf7f947ee1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1546","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ce1ea7e-4038-4e53-82f4-63e8859333c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1547","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1548","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3afe6c78-6124-4d95-b85c-eb8c0c9539cb","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1549","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d6976a08-d969-4df2-bb38-29556c2eb48a","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1550","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/902908fb-25a8-4225-a3a5-5603c80066c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1551","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bbda922-0172-4095-89e6-5b4a0bf03af7","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(1)"]},{"policyDefinitionReferenceId":"ACF1552","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/43684572-e4f1-4642-af35-6b933bc506da","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(2)"]},{"policyDefinitionReferenceId":"ACF1553","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e5225fe-cdfb-4fce-9aec-0fe20dd53b62","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(3)"]},{"policyDefinitionReferenceId":"ACF1554","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10984b4e-c93e-48d7-bf20-9c03b04e9eca","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(4)"]},{"policyDefinitionReferenceId":"ACF1555","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5afa8cab-1ed7-4e40-884c-64e0ac2059cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(5)"]},{"policyDefinitionReferenceId":"ACF1556","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/391ff8b3-afed-405e-9f7d-ef2f8168d5da","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(6)"]},{"policyDefinitionReferenceId":"ACF1557","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36fbe499-f2f2-41b6-880e-52d7ea1d94a5","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(8)"]},{"policyDefinitionReferenceId":"ACF1558","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/65592b16-4367-42c5-a26e-d371be450e17","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(10)"]},{"policyDefinitionReferenceId":"ACF1559","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45692294-f074-42bd-ac54-16f1a3c07554","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-1"]},{"policyDefinitionReferenceId":"ACF1560","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e29e0915-5c2f-4d09-8806-048b749ad763","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-1"]},{"policyDefinitionReferenceId":"ACF1561","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40364c3f-c331-4e29-b1e3-2fbe998ba2f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1562","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d4142013-7964-4163-a313-a900301c2cef","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1563","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9afe2edf-232c-4fdf-8e6a-e867a5c525fd","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1564","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/157f0ef9-143f-496d-b8f9-f8c8eeaad801","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1565","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45ce2396-5c76-4654-9737-f8792ab3d26b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1566","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50ad3724-e2ac-4716-afcc-d8eabd97adb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1567","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e72edbf6-aa61-436d-a227-0f32b77194b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1568","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6a8eae8-9854-495a-ac82-d2cd3eac02a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1569","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ad2f8e61-a564-4dfd-8eaa-816f5be8cb34","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1570","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7fcf38d-bb09-4600-be7d-825046eb162a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1571","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b11c985b-f2cd-4bd7-85f4-b52426edf905","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1572","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/04f5fb00-80bb-48a9-a75b-4cb4d4c97c36","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1573","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/58c93053-7b98-4cf0-b99f-1beb985416c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1574","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f935dab-83d6-47b8-85ef-68b8584161b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1575","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93e1bb73-1b08-4dbe-9c62-8e2e92e7ec41","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(1)"]},{"policyDefinitionReferenceId":"ACF1576","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f18c885-ade3-48c5-80b1-8f9216019c18","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(2)"]},{"policyDefinitionReferenceId":"ACF1577","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d922484a-8cfc-4a6b-95a4-77d6a685407f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(8)"]},{"policyDefinitionReferenceId":"ACF1578","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45b7b644-5f91-498e-9d89-7402532d3645","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(9)"]},{"policyDefinitionReferenceId":"ACF1579","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e54c7ef-7457-430b-9a3e-ef8881d4a8e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(10)"]},{"policyDefinitionReferenceId":"ACF1580","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/854db8ac-6adf-42a0-bef3-b73f764f40b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1581","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/742b549b-7a25-465f-b83c-ea1ffb4f4e0e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1582","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cd9e2f38-259b-462c-bfad-0ad7ab4e65c5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1583","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0882d488-8e80-4466-bc0f-0cd15b6cb66d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1584","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5864522b-ff1d-4979-a9f8-58bee1fb174c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1585","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d57f8732-5cdc-4cda-8d27-ab148e1f3a55","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-8"]},{"policyDefinitionReferenceId":"ACF1586","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e3b2fbd-8f37-4766-a64d-3f37703dcb51","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1587","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32820956-9c6d-4376-934c-05cd8525be7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1588","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68ebae26-e0e0-4ecb-8379-aabf633b51e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1589","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86ec7f9b-9478-40ff-8cfd-6a0d510081a8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(1)"]},{"policyDefinitionReferenceId":"ACF1590","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf296b8c-f391-4ea4-9198-be3c9d39dd1f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(1)"]},{"policyDefinitionReferenceId":"ACF1591","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f751cdb7-fbee-406b-969b-815d367cb9b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(2)"]},{"policyDefinitionReferenceId":"ACF1592","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d01ba6c-289f-42fd-a408-494b355b6222","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(4)"]},{"policyDefinitionReferenceId":"ACF1593","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2cd0a426-b5f5-4fe0-9539-a6043cdbc6fa","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(5)"]},{"policyDefinitionReferenceId":"ACF1594","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/042ba2a1-8bb8-45f4-b080-c78cf62b90e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1595","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1e0414e7-6ef5-4182-8076-aa82fbb53341","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1596","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21e25e01-0ae0-41be-919e-04ce92b8e8b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1597","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68b250ec-2e4f-4eee-898a-117a9fda7016","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1598","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae7e1f5e-2d63-4b38-91ef-bce14151cce3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1599","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0004bbf0-5099-4179-869e-e9ffe5fb0945","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10(1)"]},{"policyDefinitionReferenceId":"ACF1600","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c53f3123-d233-44a7-930b-f40d3bfeb7d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1601","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1602","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ddae2e97-a449-499f-a1c8-aea4a7e52ec9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1603","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b909c26-162f-47ce-8e15-0c1f55632eac","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1604","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44dbba23-0b61-478e-89c7-b3084667782f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1605","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0062eb8b-dc75-4718-8ea5-9bb4a9606655","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(1)"]},{"policyDefinitionReferenceId":"ACF1606","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(2)"]},{"policyDefinitionReferenceId":"ACF1607","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/976a74cf-b192-4d35-8cab-2068f272addb","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(8)"]},{"policyDefinitionReferenceId":"ACF1608","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b73b7b3b-677c-4a2a-b949-ad4dc4acd89f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-12"]},{"policyDefinitionReferenceId":"ACF1609","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e93fa71-42ac-41a7-b177-efbfdc53c69f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-15"]},{"policyDefinitionReferenceId":"ACF1610","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9f3fb54-4222-46a1-a308-4874061f8491","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-15"]},{"policyDefinitionReferenceId":"ACF1611","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-16"]},{"policyDefinitionReferenceId":"ACF1612","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2037b3d-8b04-4171-8610-e6d4f1d08db5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1613","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fe2ad78b-8748-4bff-a924-f74dfca93f30","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1614","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8154e3b3-cc52-40be-9407-7756581d71f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1615","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f35e02aa-0a55-49f8-8811-8abfa7e6f2c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-1"]},{"policyDefinitionReferenceId":"ACF1616","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2006457a-48b3-4f7b-8d2e-1532287f9929","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-1"]},{"policyDefinitionReferenceId":"ACF1617","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a631d8f5-eb81-4f9d-9ee1-74431371e4a3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-2"]},{"policyDefinitionReferenceId":"ACF1618","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f52f89aa-4489-4ec4-950e-8c96a036baa9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-3"]},{"policyDefinitionReferenceId":"ACF1619","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c722e569-cb52-45f3-a643-836547d016e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-4"]},{"policyDefinitionReferenceId":"ACF1620","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d17c826b-1dec-43e1-a984-7b71c446649c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-5"]},{"policyDefinitionReferenceId":"ACF1621","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cb9f731-744a-4691-a481-ca77b0411538","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-6"]},{"policyDefinitionReferenceId":"ACF1622","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ecf56554-164d-499a-8d00-206b07c27bed","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1623","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02ce1b22-412a-4528-8630-c42146f917ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1624","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37d079e3-d6aa-4263-a069-dd7ac6dd9684","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1625","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9b66a4d-70a1-4b47-8fa1-289cec68c605","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(3)"]},{"policyDefinitionReferenceId":"ACF1626","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8f6bddd-6d67-439a-88d4-c5fe39a79341","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1627","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd73310d-76fc-422d-bda4-3a077149f179","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1628","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/67de62b4-a737-4781-8861-3baed3c35069","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1629","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c171b095-7756-41de-8644-a062a96043f2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1630","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3643717a-3897-4bfd-8530-c7c96b26b2a0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1631","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74ae9b8e-e7bb-4c9c-992f-c535282f7a2c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(5)"]},{"policyDefinitionReferenceId":"ACF1632","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ce9073a-77fa-48f0-96b1-87aa8e6091c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(7)"]},{"policyDefinitionReferenceId":"ACF1633","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/07557aa0-e02f-4460-9a81-8ecd2fed601a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(8)"]},{"policyDefinitionReferenceId":"ACF1634","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/292a7c44-37fa-4c68-af7c-9d836955ded2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(10)"]},{"policyDefinitionReferenceId":"ACF1635","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(12)"]},{"policyDefinitionReferenceId":"ACF1636","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7b694eed-7081-43c6-867c-41c76c961043","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(13)"]},{"policyDefinitionReferenceId":"ACF1637","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4075bedc-c62a-4635-bede-a01be89807f3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(18)"]},{"policyDefinitionReferenceId":"ACF1638","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/49b99653-32cd-405d-a135-e7d60a9aae1f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(20)"]},{"policyDefinitionReferenceId":"ACF1639","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/78e8e649-50f6-4fe3-99ac-fedc2e63b03f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(21)"]},{"policyDefinitionReferenceId":"ACF1640","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05a289ce-6a20-4b75-a0f3-dc8601b6acd0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8"]},{"policyDefinitionReferenceId":"ACF1641","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d39d4f68-7346-4133-8841-15318a714a24","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"ACF1642","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53397227-5ee3-4b23-9e5e-c8a767ce6928","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-10"]},{"policyDefinitionReferenceId":"ACF1643","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d8d492c-dd7a-46f7-a723-fa66a425b87c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12"]},{"policyDefinitionReferenceId":"ACF1644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7211477-c970-446b-b4af-062f37461147","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(1)"]},{"policyDefinitionReferenceId":"ACF1645","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/afbd0baf-ff1a-4447-a86f-088a97347c0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(2)"]},{"policyDefinitionReferenceId":"ACF1646","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/506814fa-b930-4b10-894e-a45b98c40e1a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(3)"]},{"policyDefinitionReferenceId":"ACF1647","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/791cfc15-6974-42a0-9f4c-2d4b82f4a78c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-13"]},{"policyDefinitionReferenceId":"ACF1648","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3a9eb14b-495a-4ebb-933c-ce4ef5264e32","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-15"]},{"policyDefinitionReferenceId":"ACF1649","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26d292cc-b0b8-4c29-9337-68abc758bf7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-15"]},{"policyDefinitionReferenceId":"ACF1650","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201d3740-bd16-4baf-b4b8-7cda352228b7","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-17"]},{"policyDefinitionReferenceId":"ACF1651","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6db63528-c9ba-491c-8a80-83e1e6977a50","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1652","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6998e84a-2d29-4e10-8962-76754d4f772d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1653","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1654","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a2ee16e-ab1f-414a-800b-d1608835862b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-19"]},{"policyDefinitionReferenceId":"ACF1655","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/121eab72-390e-4629-a7e2-6d6184f57c6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-19"]},{"policyDefinitionReferenceId":"ACF1656","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1cb067d5-c8b5-4113-a7ee-0a493633924b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-20"]},{"policyDefinitionReferenceId":"ACF1657","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90f01329-a100-43c2-af31-098996135d2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-20"]},{"policyDefinitionReferenceId":"ACF1658","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/063b540e-4bdc-4e7a-a569-3a42ddf22098","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-21"]},{"policyDefinitionReferenceId":"ACF1659","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/35a4102f-a778-4a2e-98c2-971056288df8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-22"]},{"policyDefinitionReferenceId":"ACF1660","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/63096613-ce83-43e5-96f4-e588e8813554","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-23"]},{"policyDefinitionReferenceId":"ACF1661","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c643c9a-1be7-4016-a5e7-e4bada052920","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-23(1)"]},{"policyDefinitionReferenceId":"ACF1662","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/165cb91f-7ea8-4ab7-beaf-8636b98c9d15","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-24"]},{"policyDefinitionReferenceId":"ACF1663","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60171210-6dde-40af-a144-bf2670518bfa","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28"]},{"policyDefinitionReferenceId":"ACF1664","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2cdf6b8-9505-4619-b579-309ba72037ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"ACF1665","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5df3a55c-8456-44d4-941e-175f79332512","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-39"]},{"policyDefinitionReferenceId":"ACF1666","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12e30ee3-61e6-4509-8302-a871e8ebb91e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-1"]},{"policyDefinitionReferenceId":"ACF1667","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d61880dc-6e38-4f2a-a30c-3406a98f8220","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-1"]},{"policyDefinitionReferenceId":"ACF1668","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fb0966e-be1d-42c3-baca-60df5c0bcc61","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1669","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48f2f62b-5743-4415-a143-288adc0e078d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1670","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c6108469-57ee-4666-af7e-79ba61c7ae0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1671","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c5bbef7-a316-415b-9b38-29753ce8e698","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1672","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b45fe972-904e-45a4-ac20-673ba027a301","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(1)"]},{"policyDefinitionReferenceId":"ACF1673","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dff0b90d-5a6f-491c-b2f8-b90aa402d844","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(2)"]},{"policyDefinitionReferenceId":"ACF1674","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93e9e233-dd0a-4bde-aea5-1371bce0e002","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(3)"]},{"policyDefinitionReferenceId":"ACF1675","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/facb66e0-1c48-478a-bed5-747a312323e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(3)"]},{"policyDefinitionReferenceId":"ACF1676","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c10fb58b-56a8-489e-9ce3-7ffe24e78e4b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1677","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4a248e1e-040f-43e5-bff2-afc3a57a3923","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1678","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd533cb0-b416-4be7-8e86-4d154824dfd7","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1679","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2cf42a28-193e-41c5-98df-7688e7ef0a88","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1680","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/399cd6ee-0e18-41db-9dea-cde3bd712f38","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"ACF1681","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12623e7e-4736-4b2e-b776-c1600f35f93a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(2)"]},{"policyDefinitionReferenceId":"ACF1682","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/62b638c5-29d7-404b-8d93-f21e4b1ce198","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(7)"]},{"policyDefinitionReferenceId":"ACF1683","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c79fee4-88dd-44ce-bbd4-4de88948c4f8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1684","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16bfdb59-db38-47a5-88a9-2e9371a638cf","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1685","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36b0ef30-366f-4b1b-8652-a3511df11f53","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1686","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e17085c5-0be8-4423-b39b-a52d3d1402e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1687","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a87fc7f-301e-49f3-ba2a-4d74f424fa97","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1688","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/063c3f09-e0f0-4587-8fd5-f4276fae675f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1689","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/de901f2f-a01a-4456-97f0-33cda7966172","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1690","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2567a23-d1c3-4783-99f3-d471302a4d6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(1)"]},{"policyDefinitionReferenceId":"ACF1691","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/71475fb4-49bd-450b-a1a5-f63894c24725","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(2)"]},{"policyDefinitionReferenceId":"ACF1692","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ecda928-9df4-4dd7-8f44-641a91e470e8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(4)"]},{"policyDefinitionReferenceId":"ACF1693","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a450eba6-2efc-4a00-846a-5804a93c6b77","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(5)"]},{"policyDefinitionReferenceId":"ACF1694","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/426c4ac9-ff17-49d0-acd7-a13c157081c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(11)"]},{"policyDefinitionReferenceId":"ACF1695","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13fcf812-ec82-4eda-9b89-498de9efd620","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(14)"]},{"policyDefinitionReferenceId":"ACF1696","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69d2a238-20ab-4206-a6dc-f302bf88b1b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(16)"]},{"policyDefinitionReferenceId":"ACF1697","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9873db2-18ad-46b3-a11a-1a1f8cbf0335","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(18)"]},{"policyDefinitionReferenceId":"ACF1698","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/31b752c1-05a9-432a-8fce-c39b56550119","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(19)"]},{"policyDefinitionReferenceId":"ACF1699","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69c7bee8-bc19-4129-a51e-65a7b39d3e7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(20)"]},{"policyDefinitionReferenceId":"ACF1700","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(22)"]},{"policyDefinitionReferenceId":"ACF1701","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f25bc08f-27cb-43b6-9a23-014d00700426","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(23)"]},{"policyDefinitionReferenceId":"ACF1702","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4dfc0855-92c4-4641-b155-a55ddd962362","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(24)"]},{"policyDefinitionReferenceId":"ACF1703","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/804faf7d-b687-40f7-9f74-79e28adf4205","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1704","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d44b6fa-1134-4ea6-ad4e-9edb68f65429","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1705","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f82e3639-fa2b-4e06-a786-932d8379b972","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1706","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f475ee0e-f560-4c9b-876b-04a77460a404","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1707","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd4a2ac8-868a-4702-a345-6c896c3361ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5(1)"]},{"policyDefinitionReferenceId":"ACF1708","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a1e2c88-13de-4959-8ee7-47e3d74f1f48","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1709","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/025992d6-7fee-4137-9bbf-2ffc39c0686c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1710","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af2a93c8-e6dd-4c94-acdd-4a2eedfc478e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1711","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b083a535-a66a-41ec-ba7f-f9498bf67cde","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1712","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44e543aa-41db-42aa-98eb-8a5eb1db53f0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7"]},{"policyDefinitionReferenceId":"ACF1713","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d87c70b-5012-48e9-994b-e70dd4b8def0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(1)"]},{"policyDefinitionReferenceId":"ACF1714","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e12494fa-b81e-4080-af71-7dbacc2da0ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(2)"]},{"policyDefinitionReferenceId":"ACF1715","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd469ae0-71a8-4adc-aafc-de6949ca3339","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(5)"]},{"policyDefinitionReferenceId":"ACF1716","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e54c325e-42a0-4dcf-b105-046e0f6f590f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(7)"]},{"policyDefinitionReferenceId":"ACF1717","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(14)"]},{"policyDefinitionReferenceId":"ACF1718","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0dced7ab-9ce5-4137-93aa-14c13e06ab17","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(14)"]},{"policyDefinitionReferenceId":"ACF1719","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c13da9b4-fe14-4fe2-853a-5997c9d4215a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8"]},{"policyDefinitionReferenceId":"ACF1720","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44b9a7cd-f36a-491a-a48b-6d04ae7c4221","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8"]},{"policyDefinitionReferenceId":"ACF1721","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8(1)"]},{"policyDefinitionReferenceId":"ACF1722","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1da06bd-25b6-4127-a301-c313d6873fff","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8(2)"]},{"policyDefinitionReferenceId":"ACF1723","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e91927a0-ac1d-44a0-95f8-5185f9dfce9f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-10"]},{"policyDefinitionReferenceId":"ACF1724","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d07594d1-0307-4c08-94db-5d71ff31f0f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-11"]},{"policyDefinitionReferenceId":"ACF1725","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/afc234b5-456b-4aa5-b3e2-ce89108124cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-11"]},{"policyDefinitionReferenceId":"ACF1726","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/baff1279-05e0-4463-9a70-8ba5de4c7aa4","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-12"]},{"policyDefinitionReferenceId":"ACF1727","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/697175a7-9715-4e89-b98b-c6f605888fa3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-16"]}],"policyDefinitionGroups":[{"name":"NIST_SP_800-53_R4_AC-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-1"},{"name":"NIST_SP_800-53_R4_AC-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-10"},{"name":"NIST_SP_800-53_R4_AC-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-11(1)"},{"name":"NIST_SP_800-53_R4_AC-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-11"},{"name":"NIST_SP_800-53_R4_AC-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-12(1)"},{"name":"NIST_SP_800-53_R4_AC-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-12"},{"name":"NIST_SP_800-53_R4_AC-14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-14"},{"name":"NIST_SP_800-53_R4_AC-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_
+ AC-16"},{"name":"NIST_SP_800-53_R4_AC-17(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(1)"},{"name":"NIST_SP_800-53_R4_AC-17(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(2)"},{"name":"NIST_SP_800-53_R4_AC-17(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(3)"},{"name":"NIST_SP_800-53_R4_AC-17(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(4)"},{"name":"NIST_SP_800-53_R4_AC-17(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(9)"},{"name":"NIST_SP_800-53_R4_AC-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17"},{"name":"NIST_SP_800-53_R4_AC-18(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(1)"},{"name":"NIST_SP_800-53_R4_AC-18(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(3)"},{"name":"NIST_SP_800-53_R4_AC-18(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(4)"},{"name":"NIST_SP_800-53_R4_AC-18(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(5)"},{"name":"NIST_SP_800-53_R4_AC-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18"},{"name":"NIST_SP_800-53_R4_AC-19(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-19(5)"},{"name":"NIST_SP_800-53_R4_AC-19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-19"},{"name":"NIST_SP_800-53_R4_AC-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(1)"},{"name":"NIST_SP_800-53_R4_AC-2(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(10)"},{"name":"NIST_SP_800-53_R4_AC-2(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(11)"},{"name":"NIST_SP_800-53_R4_AC-2(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(12)"},{"name":"NIST_SP_800-53_R4_AC-2(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(13)"},{"name":"NIST_SP_800-53_R4_AC-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(2)"},{"name":"NIST_SP_800-53_R4_AC-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(3)"},{"name":"NIST_SP_800-53_R4_AC-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(4)"},{"name":"NIST_SP_800-53_R4_AC-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(5)"},{"name":"NIST_SP_800-53_R4_AC-2(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(7)"},{"name":"NIST_SP_800-53_R4_AC-2(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(9)"},{"name":"NIST_SP_800-53_R4_AC-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2"},{"name":"NIST_SP_800-53_R4_AC-20(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20(1)"},{"name":"NIST_SP_800-53_R4_AC-20(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20(2)"},{"name":"NIST_SP_800-53_R4_AC-20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20"},{"name":"NIST_SP_800-53_R4_AC-21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-21"},{"name":"NIST_SP_800-53_R4_AC-22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-22"},{"name":"NIST_SP_800-53_R4_AC-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-3"},{"name":"NIST_SP_800-53_R4_AC-4(21)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4(21)"},{"name":"NIST_SP_800-53_R4_AC-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4(8)"},{"name":"NIST_SP_800-53_R4_AC-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4"},{"name":"NIST_SP_800-53_R4_AC-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-5"},{"name":"NIST_SP_800-53_R4_AC-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(1)"},{"name":"NIST_SP_800-53_R4_AC-6(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(10)"},{"name":"NIST_SP_800-53_R4_AC-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(2)"},{"name":"NIST_SP_800-53_R4_AC-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(3)"},{"name":"NIST_SP_800-53_R4_AC-6(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(5)"},{"name":"NIST_SP_800-53_R4_AC-6(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(7)"},{"name":"NIST_SP_800-53_R4_AC-6(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(8)"},{"name":"NIST_SP_800-53_R4_AC-6(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(9)"},{"name":"NIST_SP_800-53_R4_AC-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6"},{"name":"NIST_SP_800-53_R4_AC-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-7(2)"},{"name":"NIST_SP_800-53_R4_AC-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-7"},{"name":"NIST_SP_800-53_R4_AC-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-8"},{"name":"NIST_SP_800-53_R4_AT-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-1"},{"name":"NIST_SP_800-53_R4_AT-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-2(2)"},{"name":"NIST_SP_800-53_R4_AT-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-2"},{"name":"NIST_SP_800-53_R4_AT-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3(3)"},{"name":"NIST_SP_800-53_R4_AT-3(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3(4)"},{"name":"NIST_SP_800-53_R4_AT-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3"},{"name":"NIST_SP_800-53_R4_AT-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-4"},{"name":"NIST_SP_800-53_R4_AU-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-1"},{"name":"NIST_SP_800-53_R4_AU-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-10"},{"name":"NIST_SP_800-53_R4_AU-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-11"},{"name":"NIST_SP_800-53_R4_AU-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12(1)"},{"name":"NIST_SP_800-53_R4_AU-12(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12(3)"},{"name":"NIST_SP_800-53_R4_AU-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12"},{"name":"NIST_SP_800-53_R4_AU-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-2(3)"},{"name":"NIST_SP_800-53_R4_AU-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-2"},{"name":"NIST_SP_800-53_R4_AU-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3(1)"},{"name":"NIST_SP_800-53_R4_AU-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3(2)"},{"name":"NIST_SP_800-53_R4_AU-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3"},{"name":"NIST_SP_800-53_R4_AU-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-4"},{"name":"NIST_SP_800-53_R4_AU-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5(1)"},{"name":"NIST_SP_800-53_R4_AU-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5(2)"},{"name":"NIST_SP_800-53_R4_AU-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5"},{"name":"NIST_SP_800-53_R4_AU-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(1)"},{"name":"NIST_SP_800-53_R4_AU-6(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(10)"},{"name":"NIST_SP_800-53_R4_AU-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(3)"},{"name":"NIST_SP_800-53_R4_AU-6(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(4)"},{"name":"NIST_SP_800-53_R4_AU-6(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(5)"},{"name":"NIST_SP_800-53_R4_AU-6(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(6)"},{"name":"NIST_SP_800-53_R4_AU-6(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(7)"},{"name":"NIST_SP_800-53_R4_AU-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6"},{"name":"NIST_SP_800-53_R4_AU-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-7(1)"},{"name":"NIST_SP_800-53_R4_AU-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-7"},{"name":"NIST_SP_800-53_R4_AU-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-8(1)"},{"name":"NIST_SP_800-53_R4_AU-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-8"},{"name":"NIST_SP_800-53_R4_AU-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(2)"},{"name":"NIST_SP_800-53_R4_AU-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(3)"},{"name":"NIST_SP_800-53_R4_AU-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(4)"},{"name":"NIST_SP_800-53_R4_AU-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9"},{"name":"NIST_SP_800-53_R4_CA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-1"},{"name":"NIST_SP_800-53_R4_CA-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(1)"},{"name":"NIST_SP_800-53_R4_CA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(2)"},{"name":"NIST_SP_800-53_R4_CA-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(3)"},{"name":"NIST_SP_800-53_R4_CA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2"},{"name":"NIST_SP_800-53_R4_CA-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3(3)"},{"name":"NIST_SP_800-53_R4_CA-3(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3(5)"},{"name":"NIST_SP_800-53_R4_CA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3"},{"name":"NIST_SP_800-53_R4_CA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-5"},{"name":"NIST_SP_800-53_R4_CA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-6"},{"name":"NIST_SP_800-53_R4_CA-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7(1)"},{"name":"NIST_SP_800-53_R4_CA-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7(3)"},{"name":"NIST_SP_800-53_R4_CA-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7"},{"name":"NIST_SP_800-53_R4_CA-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-8(1)"},{"name":"NIST_SP_800-53_R4_CA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-8"},{"name":"NIST_SP_800-53_R4_CA-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-9"},{"name":"NIST_SP_800-53_R4_CM-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-1"},{"name":"NIST_SP_800-53_R4_CM-10(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-10(1)"},{"name":"NIST_SP_800-53_R4_CM-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-10"},{"name":"NIST_SP_800-53_R4_CM-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-11(1)"},{"name":"NIST_SP_800-53_R4_CM-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-11"},{"name":"NIST_SP_800-53_R4_CM-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(1)"},{"name":"NIST_SP_800-53_R4_CM-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(2)"},{"name":"NIST_SP_800-53_R4_CM-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(3)"},{"name":"NIST_SP_800-53_R4_CM-2(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(7)"},{"name":"NIST_SP_800-53_R4_CM-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2"},{"name":"NIST_SP_800-53_R4_CM-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(1)"},{"name":"NIST_SP_800-53_R4_CM-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(2)"},{"name":"NIST_SP_800-53_R4_CM-3(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(4)"},{"name":"NIST_SP_800-53_R4_CM-3(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(6)"},{"name":"NIST_SP_800-53_R4_CM-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3"},{"name":"NIST_SP_800-53_R4_CM-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-4(1)"},{"name":"NIST_SP_800-53_R4_CM-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-4"},{"name":"NIST_SP_800-53_R4_CM-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(1)"},{"name":"NIST_SP_800-53_R4_CM-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(2)"},{"name":"NIST_SP_800-53_R4_CM-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(3)"},{"name":"NIST_SP_800-53_R4_CM-5(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(5)"},{"name":"NIST_SP_800-53_R4_CM-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5"},{"name":"NIST_SP_800-53_R4_CM-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6(1)"},{"name":"NIST_SP_800-53_R4_CM-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6(2)"},{"name":"NIST_SP_800-53_R4_CM-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6"},{"name":"NIST_SP_800-53_R4_CM-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(1)"},{"name":"NIST_SP_800-53_R4_CM-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(2)"},{"name":"NIST_SP_800-53_R4_CM-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(5)"},{"name":"NIST_SP_800-53_R4_CM-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7"},{"name":"NIST_SP_800-53_R4_CM-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(1)"},{"name":"NIST_SP_800-53_R4_CM-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(2)"},{"name":"NIST_SP_800-53_R4_CM-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(3)"},{"name":"NIST_SP_800-53_R4_CM-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(4)"},{"name":"NIST_SP_800-53_R4_CM-8(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(5)"},{"name":"NIST_SP_800-53_R4_CM-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8"},{"name":"NIST_SP_800-53_R4_CM-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-9"},{"name":"NIST_SP_800-53_R4_CP-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-1"},{"name":"NIST_SP_800-53_R4_CP-10(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10(2)"},{"name":"NIST_SP_800-53_R4_CP-10(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10(4)"},{"name":"NIST_SP_800-53_R4_CP-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10"},{"name":"NIST_SP_800-53_R4_CP-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(1)"},{"name":"NIST_SP_800-53_R4_CP-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(2)"},{"name":"NIST_SP_800-53_R4_CP-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(3)"},{"name":"NIST_SP_800-53_R4_CP-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(4)"},{"name":"NIST_SP_800-53_R4_CP-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(5)"},{"name":"NIST_SP_800-53_R4_CP-2(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(8)"},{"name":"NIST_SP_800-53_R4_CP-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2"},{"name":"NIST_SP_800-53_R4_CP-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-3(1)"},{"name":"NIST_SP_800-53_R4_CP-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-3"},{"name":"NIST_SP_800-53_R4_CP-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4(1)"},{"name":"NIST_SP_800-53_R4_CP-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4(2)"},{"name":"NIST_SP_800-53_R4_CP-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4"},{"name":"NIST_SP_800-53_R4_CP-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(1)"},{"name":"NIST_SP_800-53_R4_CP-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(2)"},{"name":"NIST_SP_800-53_R4_CP-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(3)"},{"name":"NIST_SP_800-53_R4_CP-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6"},{"name":"NIST_SP_800-53_R4_CP-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(1)"},{"name":"NIST_SP_800-53_R4_CP-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(2)"},{"name":"NIST_SP_800-53_R4_CP-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(3)"},{"name":"NIST_SP_800-53_R4_CP-7(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(4)"},{"name":"NIST_SP_800-53_R4_CP-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7"},{"name":"NIST_SP_800-53_R4_CP-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(1)"},{"name":"NIST_SP_800-53_R4_CP-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(2)"},{"name":"NIST_SP_800-53_R4_CP-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(3)"},{"name":"NIST_SP_800-53_R4_CP-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(4)"},{"name":"NIST_SP_800-53_R4_CP-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8"},{"name":"NIST_SP_800-53_R4_CP-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(1)"},{"name":"NIST_SP_800-53_R4_CP-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(2)"},{"name":"NIST_SP_800-53_R4_CP-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(3)"},{"name":"NIST_SP_800-53_R4_CP-9(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(5)"},{"name":"NIST_SP_800-53_R4_CP-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9"},{"name":"NIST_SP_800-53_R4_IA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-1"},{"name":"NIST_SP_800-53_R4_IA-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(1)"},{"name":"NIST_SP_800-53_R4_IA-2(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(11)"},{"name":"NIST_SP_800-53_R4_IA-2(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(12)"},{"name":"NIST_SP_800-53_R4_IA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(2)"},{"name":"NIST_SP_800-53_R4_IA-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(3)"},{"name":"NIST_SP_800-53_R4_IA-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(4)"},{"name":"NIST_SP_800-53_R4_IA-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(5)"},{"name":"NIST_SP_800-53_R4_IA-2(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(8)"},{"name":"NIST_SP_800-53_R4_IA-2(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(9)"},{"name":"NIST_SP_800-53_R4_IA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2"},{"name":"NIST_SP_800-53_R4_IA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-3"},{"name":"NIST_SP_800-53_R4_IA-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-4(4)"},{"name":"NIST_SP_800-53_R4_IA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-4"},{"name":"NIST_SP_800-53_R4_IA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(1)"},{"name":"NIST_SP_800-53_R4_IA-5(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(11)"},{"name":"NIST_SP_800-53_R4_IA-5(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(13)"},{"name":"NIST_SP_800-53_R4_IA-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(2)"},{"name":"NIST_SP_800-53_R4_IA-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(3)"},{"name":"NIST_SP_800-53_R4_IA-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(4)"},{"name":"NIST_SP_800-53_R4_IA-5(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(6)"},{"name":"NIST_SP_800-53_R4_IA-5(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(7)"},{"name":"NIST_SP_800-53_R4_IA-5(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(8)"},{"name":"NIST_SP_800-53_R4_IA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5"},{"name":"NIST_SP_800-53_R4_IA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-6"},{"name":"NIST_SP_800-53_R4_IA-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-7"},{"name":"NIST_SP_800-53_R4_IA-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(1)"},{"name":"NIST_SP_800-53_R4_IA-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(2)"},{"name":"NIST_SP_800-53_R4_IA-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(3)"},{"name":"NIST_SP_800-53_R4_IA-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(4)"},{"name":"NIST_SP_800-53_R4_IA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8"},{"name":"NIST_SP_800-53_R4_IR-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-1"},{"name":"NIST_SP_800-53_R4_IR-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2(1)"},{"name":"NIST_SP_800-53_R4_IR-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2(2)"},{"name":"NIST_SP_800-53_R4_IR-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2"},{"name":"NIST_SP_800-53_R4_IR-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-3(2)"},{"name":"NIST_SP_800-53_R4_IR-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-3"},{"name":"NIST_SP_800-53_R4_IR-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(1)"},{"name":"NIST_SP_800-53_R4_IR-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(2)"},{"name":"NIST_SP_800-53_R4_IR-4(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(3)"},{"name":"NIST_SP_800-53_R4_IR-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(4)"},{"name":"NIST_SP_800-53_R4_IR-4(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(6)"},{"name":"NIST_SP_800-53_R4_IR-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(8)"},{"name":"NIST_SP_800-53_R4_IR-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4"},{"name":"NIST_SP_800-53_R4_IR-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-5(1)"},{"name":"NIST_SP_800-53_R4_IR-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-5"},{"name":"NIST_SP_800-53_R4_IR-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-6(1)"},{"name":"NIST_SP_800-53_R4_IR-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-6"},{"name":"NIST_SP_800-53_R4_IR-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7(1)"},{"name":"NIST_SP_800-53_R4_IR-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7(2)"},{"name":"NIST_SP_800-53_R4_IR-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7"},{"name":"NIST_SP_800-53_R4_IR-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-8"},{"name":"NIST_SP_800-53_R4_IR-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(1)"},{"name":"NIST_SP_800-53_R4_IR-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(2)"},{"name":"NIST_SP_800-53_R4_IR-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(3)"},{"name":"NIST_SP_800-53_R4_IR-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(4)"},{"name":"NIST_SP_800-53_R4_IR-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9"},{"name":"NIST_SP_800-53_R4_MA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-1"},{"name":"NIST_SP_800-53_R4_MA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-2(2)"},{"name":"NIST_SP_800-53_R4_MA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-2"},{"name":"NIST_SP_800-53_R4_MA-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(1)"},{"name":"NIST_SP_800-53_R4_MA-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(2)"},{"name":"NIST_SP_800-53_R4_MA-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(3)"},{"name":"NIST_SP_800-53_R4_MA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3"},{"name":"NIST_SP_800-53_R4_MA-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(2)"},{"name":"NIST_SP_800-53_R4_MA-4(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(3)"},{"name":"NIST_SP_800-53_R4_MA-4(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(6)"},{"name":"NIST_SP_800-53_R4_MA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4"},{"name":"NIST_SP_800-53_R4_MA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-5(1)"},{"name":"NIST_SP_800-53_R4_MA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-5"},{"name":"NIST_SP_800-53_R4_MA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-6"},{"name":"NIST_SP_800-53_R4_MP-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-1"},{"name":"NIST_SP_800-53_R4_MP-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-2"},{"name":"NIST_SP_800-53_R4_MP-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-3"},{"name":"NIST_SP_800-53_R4_MP-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-4"},{"name":"NIST_SP_800-53_R4_MP-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-5(4)"},{"name":"NIST_SP_800-53_R4_MP-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-5"},{"name":"NIST_SP_800-53_R4_MP-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(1)"},{"name":"NIST_SP_800-53_R4_MP-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(2)"},{"name":"NIST_SP_800-53_R4_MP-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(3)"},{"name":"NIST_SP_800-53_R4_MP-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6"},{"name":"NIST_SP_800-53_R4_MP-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-7(1)"},{"name":"NIST_SP_800-53_R4_MP-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-7"},{"name":"NIST_SP_800-53_R4_PE-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-1"},{"name":"NIST_SP_800-53_R4_PE-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-10"},{"name":"NIST_SP_800-53_R4_PE-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-11(1)"},{"name":"NIST_SP_800-53_R4_PE-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-11"},{"name":"NIST_SP_800-53_R4_PE-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-12"},{"name":"NIST_SP_800-53_R4_PE-13(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(1)"},{"name":"NIST_SP_800-53_R4_PE-13(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(2)"},{"name":"NIST_SP_800-53_R4_PE-13(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(3)"},{"name":"NIST_SP_800-53_R4_PE-13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13"},{"name":"NIST_SP_800-53_R4_PE-14(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-14(2)"},{"name":"NIST_SP_800-53_R4_PE-14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-14"},{"name":"NIST_SP_800-53_R4_PE-15(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-15(1)"},{"name":"NIST_SP_800-53_R4_PE-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-15"},{"name":"NIST_SP_800-53_R4_PE-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-16"},{"name":"NIST_SP_800-53_R4_PE-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-17"},{"name":"NIST_SP_800-53_R4_PE-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-18"},{"name":"NIST_SP_800-53_R4_PE-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-2"},{"name":"NIST_SP_800-53_R4_PE-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-3(1)"},{"name":"NIST_SP_800-53_R4_PE-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-3"},{"name":"NIST_SP_800-53_R4_PE-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-4"},{"name":"NIST_SP_800-53_R4_PE-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-5"},{"name":"NIST_SP_800-53_R4_PE-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6(1)"},{"name":"NIST_SP_800-53_R4_PE-6(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6(4)"},{"name":"NIST_SP_800-53_R4_PE-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6"},{"name":"NIST_SP_800-53_R4_PE-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-8(1)"},{"name":"NIST_SP_800-53_R4_PE-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-8"},{"name":"NIST_SP_800-53_R4_PE-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-9"},{"name":"NIST_SP_800-53_R4_PL-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-1"},{"name":"NIST_SP_800-53_R4_PL-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-2(3)"},{"name":"NIST_SP_800-53_R4_PL-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-2"},{"name":"NIST_SP_800-53_R4_PL-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-4(1)"},{"name":"NIST_SP_800-53_R4_PL-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-4"},{"name":"NIST_SP_800-53_R4_PL-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-8"},{"name":"NIST_SP_800-53_R4_PS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-1"},{"name":"NIST_SP_800-53_R4_PS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-2"},{"name":"NIST_SP_800-53_R4_PS-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-3(3)"},{"name":"NIST_SP_800-53_R4_PS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-3"},{"name":"NIST_SP_800-53_R4_PS-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-4(2)"},{"name":"NIST_SP_800-53_R4_PS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-4"},{"name":"NIST_SP_800-53_R4_PS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-5"},{"name":"NIST_SP_800-53_R4_PS-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-6"},{"name":"NIST_SP_800-53_R4_PS-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-7"},{"name":"NIST_SP_800-53_R4_PS-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-8"},{"name":"NIST_SP_800-53_R4_RA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-1"},{"name":"NIST_SP_800-53_R4_RA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-2"},{"name":"NIST_SP_800-53_R4_RA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-3"},{"name":"NIST_SP_800-53_R4_RA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(1)"},{"name":"NIST_SP_800-53_R4_RA-5(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(10)"},{"name":"NIST_SP_800-53_R4_RA-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(2)"},{"name":"NIST_SP_800-53_R4_RA-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(3)"},{"name":"NIST_SP_800-53_R4_RA-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(4)"},{"name":"NIST_SP_800-53_R4_RA-5(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(5)"},{"name":"NIST_SP_800-53_R4_RA-5(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(6)"},{"name":"NIST_SP_800-53_R4_RA-5(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(8)"},{"name":"NIST_SP_800-53_R4_RA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5"},{"name":"NIST_SP_800-53_R4_SA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-1"},{"name":"NIST_SP_800-53_R4_SA-10(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-10(1)"},{"name":"NIST_SP_800-53_R4_SA-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-10"},{"name":"NIST_SP_800-53_R4_SA-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(1)"},{"name":"NIST_SP_800-53_R4_SA-11(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(2)"},{"name":"NIST_SP_800-53_R4_SA-11(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(8)"},{"name":"NIST_SP_800-53_R4_SA-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11"},{"name":"NIST_SP_800-53_R4_SA-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-12"},{"name":"NIST_SP_800-53_R4_SA-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-15"},{"name":"NIST_SP_800-53_R4_SA-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-16"},{"name":"NIST_SP_800-53_R4_SA-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-17"},{"name":"NIST_SP_800-53_R4_SA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-2"},{"name":"NIST_SP_800-53_R4_SA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-3"},{"name":"NIST_SP_800-53_R4_SA-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(1)"},{"name":"NIST_SP_800-53_R4_SA-4(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(10)"},{"name":"NIST_SP_800-53_R4_SA-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(2)"},{"name":"NIST_SP_800-53_R4_SA-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(8)"},{"name":"NIST_SP_800-53_R4_SA-4(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(9)"},{"name":"NIST_SP_800-53_R4_SA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4"},{"name":"NIST_SP_800-53_R4_SA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-5"},{"name":"NIST_SP_800-53_R4_SA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-8"},{"name":"NIST_SP_800-53_R4_SA-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(1)"},{"name":"NIST_SP_800-53_R4_SA-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(2)"},{"name":"NIST_SP_800-53_R4_SA-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(4)"},{"name":"NIST_SP_800-53_R4_SA-9(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(5)"},{"name":"NIST_SP_800-53_R4_SA-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9"},{"name":"NIST_SP_800-53_R4_SC-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-1"},{"name":"NIST_SP_800-53_R4_SC-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-10"},{"name":"NIST_SP_800-53_R4_SC-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(1)"},{"name":"NIST_SP_800-53_R4_SC-12(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(2)"},{"name":"NIST_SP_800-53_R4_SC-12(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(3)"},{"name":"NIST_SP_800-53_R4_SC-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12"},{"name":"NIST_SP_800-53_R4_SC-13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-13"},{"name":"NIST_SP_800-53_R4_SC-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-15"},{"name":"NIST_SP_800-53_R4_SC-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-17"},{"name":"NIST_SP_800-53_R4_SC-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-18"},{"name":"NIST_SP_800-53_R4_SC-19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-19"},{"name":"NIST_SP_800-53_R4_SC-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-2"},{"name":"NIST_SP_800-53_R4_SC-20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-20"},{"name":"NIST_SP_800-53_R4_SC-21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-21"},{"name":"NIST_SP_800-53_R4_SC-22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-22"},{"name":"NIST_SP_800-53_R4_SC-23(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-23(1)"},{"name":"NIST_SP_800-53_R4_SC-23","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-23"},{"name":"NIST_SP_800-53_R4_SC-24","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-24"},{"name":"NIST_SP_800-53_R4_SC-28(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-28(1)"},{"name":"NIST_SP_800-53_R4_SC-28","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-28"},{"name":"NIST_SP_800-53_R4_SC-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-3"},{"name":"NIST_SP_800-53_R4_SC-39","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-39"},{"name":"NIST_SP_800-53_R4_SC-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-4"},{"name":"NIST_SP_800-53_R4_SC-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-5"},{"name":"NIST_SP_800-53_R4_SC-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-6"},{"name":"NIST_SP_800-53_R4_SC-7(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(10)"},{"name":"NIST_SP_800-53_R4_SC-7(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(12)"},{"name":"NIST_SP_800-53_R4_SC-7(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(13)"},{"name":"NIST_SP_800-53_R4_SC-7(18)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(18)"},{"name":"NIST_SP_800-53_R4_SC-7(20)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(20)"},{"name":"NIST_SP_800-53_R4_SC-7(21)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(21)"},{"name":"NIST_SP_800-53_R4_SC-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(3)"},{"name":"NIST_SP_800-53_R4_SC-7(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(4)"},{"name":"NIST_SP_800-53_R4_SC-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(5)"},{"name":"NIST_SP_800-53_R4_SC-7(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(7)"},{"name":"NIST_SP_800-53_R4_SC-7(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(8)"},{"name":"NIST_SP_800-53_R4_SC-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7"},{"name":"NIST_SP_800-53_R4_SC-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-8(1)"},{"name":"NIST_SP_800-53_R4_SC-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-8"},{"name":"NIST_SP_800-53_R4_SI-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-1"},{"name":"NIST_SP_800-53_R4_SI-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-10"},{"name":"NIST_SP_800-53_R4_SI-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-11"},{"name":"NIST_SP_800-53_R4_SI-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-12"},{"name":"NIST_SP_800-53_R4_SI-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-16"},{"name":"NIST_SP_800-53_R4_SI-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(1)"},{"name":"NIST_SP_800-53_R4_SI-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(2)"},{"name":"NIST_SP_800-53_R4_SI-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(3)"},{"name":"NIST_SP_800-53_R4_SI-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2"},{"name":"NIST_SP_800-53_R4_SI-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(1)"},{"name":"NIST_SP_800-53_R4_SI-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(2)"},{"name":"NIST_SP_800-53_R4_SI-3(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(7)"},{"name":"NIST_SP_800-53_R4_SI-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3"},{"name":"NIST_SP_800-53_R4_SI-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(1)"},{"name":"NIST_SP_800-53_R4_SI-4(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(11)"},{"name":"NIST_SP_800-53_R4_SI-4(14)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(14)"},{"name":"NIST_SP_800-53_R4_SI-4(16)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(16)"},{"name":"NIST_SP_800-53_R4_SI-4(18)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(18)"},{"name":"NIST_SP_800-53_R4_SI-4(19)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(19)"},{"name":"NIST_SP_800-53_R4_SI-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(2)"},{"name":"NIST_SP_800-53_R4_SI-4(20)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(20)"},{"name":"NIST_SP_800-53_R4_SI-4(22)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(22)"},{"name":"NIST_SP_800-53_R4_SI-4(23)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(23)"},{"name":"NIST_SP_800-53_R4_SI-4(24)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(24)"},{"name":"NIST_SP_800-53_R4_SI-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(4)"},{"name":"NIST_SP_800-53_R4_SI-4(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(5)"},{"name":"NIST_SP_800-53_R4_SI-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4"},{"name":"NIST_SP_800-53_R4_SI-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-5(1)"},{"name":"NIST_SP_800-53_R4_SI-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-5"},{"name":"NIST_SP_800-53_R4_SI-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-6"},{"name":"NIST_SP_800-53_R4_SI-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(1)"},{"name":"NIST_SP_800-53_R4_SI-7(14)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(14)"},{"name":"NIST_SP_800-53_R4_SI-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(2)"},{"name":"NIST_SP_800-53_R4_SI-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(5)"},{"name":"NIST_SP_800-53_R4_SI-7(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(7)"},{"name":"NIST_SP_800-53_R4_SI-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7"},{"name":"NIST_SP_800-53_R4_SI-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8(1)"},{"name":"NIST_SP_800-53_R4_SI-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8(2)"},{"name":"NIST_SP_800-53_R4_SI-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f","type":"Microsoft.Authorization/policySetDefinitions","name":"cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f"},{"properties":{"displayName":"[Preview]:
+ Audit FedRAMP High controls and deploy specific VM Extensions to support audit
+ requirements","policyType":"BuiltIn","description":"This initiative includes
+ audit and VM Extension deployment policies that address a subset of FedRAMP
+ H controls. Additional policies will be added in upcoming releases. For more
+ information, please visit https://aka.ms/fedramph-blueprint.","metadata":{"category":"Regulatory
+ Compliance","preview":true},"parameters":{"listOfAllowedLocationsForResourcesAndResourceGroups":{"type":"Array","metadata":{"displayName":"Allowed
+ locations for resources and resource groups","description":"This policy enables
+ you to restrict the locations your organization can create resource groups
+ in or deploy resources. Use to enforce your geo-compliance requirements. Excludes
+ resource groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources
+ that use the ''global'' region.","strongType":"location"}},"membersToIncludeInAdministratorsLocalGroup":{"type":"String","metadata":{"displayName":"Members
+ to be included in the Administrators local group","description":"A semicolon-separated
+ list of members that should be included in the Administrators local group.
+ Ex: Administrator; myUser1; myUser2"}},"membersToExcludeInAdministratorsLocalGroup":{"type":"String","metadata":{"displayName":"Members
+ that should be excluded in the Administrators local group","description":"A
+ semicolon-separated list of members that should be excluded in the Administrators
+ local group. Ex: Administrator; myUser1; myUser2"}},"logAnalyticsWorkspaceIdForVMs":{"type":"String","metadata":{"displayName":"Log
+ Analytics Workspace Id that VMs should be configured for","description":"This
+ is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured
+ for."}},"listOfResourceTypes":{"type":"Array","metadata":{"displayName":"List
+ of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerability
+ assessment should be enabled on your SQL managed instances","description":"Audit
+ SQL managed instances which do not have recurring vulnerability assessment
+ scans enabled. Vulnerability assessment can discover, track, and help you
+ remediate potential database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vulnerabilityAssessmentOnServerMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerability
+ assessment should be enabled on your SQL servers","description":"Audit Azure
+ SQL servers which do not have recurring vulnerability assessment scans enabled.
+ Vulnerability assessment can discover, track, and help you remediate potential
+ database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vulnerabilityAssessmentOnVirtualMachinesEffect":{"type":"String","metadata":{"displayName":"Vulnerability
+ Assessment should be enabled on Virtual Machines","description":"Monitors
+ vulnerabilities detected by Azure Security Center Vulnerability Assessment
+ on Virtual Machines"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"geoRedundancyEnabledForStorageAccountsEffect":{"type":"String","metadata":{"displayName":"Geo-redundant
+ storage should be enabled for Storage Accounts","description":"This policy
+ audits any Storage Account with geo-redundant storage not enabled."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"geoRedundancyEnabledForAzureDatabaseForMariaDBEffect":{"type":"String","metadata":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for MariaDB","description":"This
+ policy audits any Azure Database for MariaDB with geo-redundant backup not
+ enabled."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"geoRedundancyEnabledForAzureDatabaseForMySQLEffect":{"type":"String","metadata":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for MySQL","description":"This
+ policy audits any Azure Database for MySQL with geo-redundant backup not enabled."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"geoRedundancyEnabledForAzureDatabaseForPostgreSQLEffect":{"type":"String","metadata":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for PostgreSQL","description":"This
+ policy audits any Azure Database for PostgreSQL with geo-redundant backup
+ not enabled."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"adaptiveNetworkHardeningsMonitoringEffect":{"type":"String","metadata":{"displayName":"Network
+ Security Group Rules for Internet facing virtual machines should be hardened","description":"Enable
+ or disable the monitoring of Internet-facing virtual machines for Network
+ Security Group traffic hardening recommendations"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppEnforceHttpsMonitoringEffect":{"type":"String","metadata":{"displayName":"Web
+ Application should only be accessible over HTTPS","description":"Enable or
+ disable the monitoring of the use of HTTPS in Web App"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"functionAppEnforceHttpsMonitoringEffect":{"type":"String","metadata":{"displayName":"Function
+ App should only be accessible over HTTPS","description":"Enable or disable
+ the monitoring of the use of HTTPS in function App"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"External
+ accounts with write permissions should be removed from your subscription","description":"Enable
+ or disable the monitoring of external acounts with write permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"External
+ accounts with read permissions should be removed from your subscription","description":"Enable
+ or disable the monitoring of external acounts with read permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"External
+ accounts with owner permissions should be removed from your subscription","description":"Enable
+ or disable the monitoring of external acounts with owner permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"Deprecated
+ accounts with owner permissions should be removed from your subscription","description":"Enable
+ or disable the monitoring of deprecated acounts with owner permissions in
+ subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveDeprecatedAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Deprecated
+ accounts should be removed from your subscription","description":"Enable or
+ disable the monitoring of deprecated acounts in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppRestrictCORSAccessMonitoringEffect":{"type":"String","metadata":{"displayName":"CORS
+ should not allow every resource to access your Web Application","description":"Enable
+ or disable the monitoring of CORS restrictions for API Web"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vmssSystemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"System
+ updates on virtual machine scale sets should be installed","description":"Enable
+ or disable virtual machine scale sets reporting of system updates"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForReadPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled on accounts with read permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with read permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled on accounts with owner permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with owner permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForWritePermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled accounts with write permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with write permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect":{"type":"String","metadata":{"displayName":"Long-term
+ geo-redundant backup should be enabled for Azure SQL Databases","description":"This
+ policy audits any Azure SQL Database with long-term geo-redundant backup not
+ enabled."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"previewMonitorUnprotectedWebApplicationInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"deployRequirementsToAuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{}},{"policyDefinitionReferenceId":"auditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"auditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"serviceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"auditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"transparentDataEncryptionOnSqlDatabasesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"auditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{}},{"policyDefinitionReferenceId":"auditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a","parameters":{}},{"policyDefinitionReferenceId":"auditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de","parameters":{}},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"auditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"auditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"anAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesShouldBeRemediatedByAVulnerabilityAssessmentSolution","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"diskEncryptionShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesOnYourSqlDatabasesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"justInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"systemUpdatesShouldBeInstalledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"monitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmShouldNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditLinuxVmPasswdFilePermissions","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"endpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"previewShowAuditResultsFromWindowsVMsThatDoNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatAllowReUseOfThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLinuxVMsThatHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"dDoSProtectionStandardShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"thereShouldBeMoreThanOneOwnerAssignedToYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"aMaximumOf3OwnersShouldBeDesignatedForYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsAgentDeploymentInVmssVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsAgentDeploymentVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"apiAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"VulnerabilityAssessmentshouldbeenabledonVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnVirtualMachinesEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantStorageShouldBeEnabledForStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf045164-79ba-4215-8f95-f8048dc1780b","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForStorageAccountsEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMariaDB","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForMariaDBEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMySQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForMySQLEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgreSQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForPostgreSQLEffect'')]"}}},{"policyDefinitionReferenceId":"allowedLocationsForResourceGroups","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988","parameters":{"listOfAllowedLocations":{"value":"[parameters(''listOfAllowedLocationsForResourcesAndResourceGroups'')]"}}},{"policyDefinitionReferenceId":"allowedLocationsForResources","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","parameters":{"listOfAllowedLocations":{"value":"[parameters(''listOfAllowedLocationsForResourcesAndResourceGroups'')]"}}},{"policyDefinitionReferenceId":"deployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","parameters":{"membersToInclude":{"value":"[parameters(''membersToIncludeInAdministratorsLocalGroup'')]"}}},{"policyDefinitionReferenceId":"DeployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","parameters":{"membersToExclude":{"value":"[parameters(''membersToExcludeInAdministratorsLocalGroup'')]"}}},{"policyDefinitionReferenceId":"auditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdForVMs'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"longtermGeoRedundantBackupEnabledAzureSQLDatabases","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","parameters":{"effect":{"value":"[parameters(''longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/d5264498-16f4-418a-b659-fa7ef418175f","type":"Microsoft.Authorization/policySetDefinitions","name":"d5264498-16f4-418a-b659-fa7ef418175f"},{"properties":{"displayName":"[Preview]:
Audit Windows VMs that do not match Azure security baseline settings","policyType":"BuiltIn","description":"This
initiative deploys the policy requirements and audits Windows virtual machines
with non-compliant Azure security baseline configurations. For more information
@@ -4023,11 +4821,11 @@ interactions:
cache-control:
- no-cache
content-length:
- - '338561'
+ - '644482'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:16:54 GMT
+ - Fri, 06 Dec 2019 22:29:41 GMT
expires:
- '-1'
pragma:
@@ -4059,26 +4857,26 @@ interactions:
ParameterSetName:
- -n --management-group
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: DELETE
- uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policy000004","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"createdBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","createdOn":"2019-10-21T05:16:20.1980098Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000003"}'
+ string: '{"properties":{"displayName":"test_policy000004","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T22:28:49.9073121Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ locations","description":"The list of locations that can be specified when
+ deploying resources"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000003"}'
headers:
cache-control:
- no-cache
content-length:
- - '856'
+ - '832'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:16:55 GMT
+ - Fri, 06 Dec 2019 22:29:45 GMT
expires:
- '-1'
pragma:
@@ -4092,7 +4890,7 @@ interactions:
x-content-type-options:
- nosniff
x-ms-ratelimit-remaining-tenant-deletes:
- - '14998'
+ - '14999'
status:
code: 200
message: OK
@@ -4112,24 +4910,24 @@ interactions:
ParameterSetName:
- -n --management-group
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: DELETE
- uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_data_policy000006","policyType":"Custom","mode":"Microsoft.KeyVault.Data","description":"desc_for_test_data_policy_123","metadata":{"createdBy":"21cd756e-e290-4a26-9547-93e8cc1a8923","createdOn":"2019-10-21T05:16:21.2314523Z","updatedBy":null,"updatedOn":null},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType","equals":"RSA"},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-data-policy000005"}'
+ string: '{"properties":{"displayName":"test_data_policy000006","policyType":"Custom","mode":"Microsoft.DataCatalog.Data","description":"desc_for_test_data_policy_123","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T22:28:53.5093005Z","updatedBy":null,"updatedOn":null},"policyRule":{"if":{"field":"Microsoft.DataCatalog.Data/catalog/entity/type","equals":"SomeEntityType"},"then":{"effect":"ModifyClassifications","details":{"classificationsToAdd":["foo"],"classificationsToRemove":["bar"]}}}},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000005","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-data-policy000005"}'
headers:
cache-control:
- no-cache
content-length:
- - '695'
+ - '783'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:17:06 GMT
+ - Fri, 06 Dec 2019 22:29:59 GMT
expires:
- '-1'
pragma:
@@ -4161,23 +4959,52 @@ interactions:
ParameterSetName:
- --management-group
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions?api-version=2019-09-01
response:
body:
- string: '{"value":[{"properties":{"displayName":"Audit virtual machines without
- disaster recovery configured","policyType":"BuiltIn","mode":"All","description":"Audit
+ string: '{"value":[{"properties":{"displayName":"Microsoft Managed Control 1599
+ - Developer Configuration Management | Software / Firmware Integrity Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1599"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0004bbf0-5099-4179-869e-e9ffe5fb0945","type":"Microsoft.Authorization/policyDefinitions","name":"0004bbf0-5099-4179-869e-e9ffe5fb0945"},{"properties":{"displayName":"Audit
+ virtual machines without disaster recovery configured","policyType":"BuiltIn","mode":"All","description":"Audit
virtual machines which do not have disaster recovery configured. To learn
more about disaster recovery, visit https://aka.ms/asr-doc.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Resources/links","existenceCondition":{"field":"name","like":"ASR-Protect-*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","type":"Microsoft.Authorization/policyDefinitions","name":"0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56"},{"properties":{"displayName":"[Deprecated]:
Audit Web Sockets state for a Function App","policyType":"BuiltIn","mode":"All","description":"The
Web Sockets protocol is vulnerable to different types of security threats.
Use of Web Sockets within an Function app must be carefully reviewed.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd","type":"Microsoft.Authorization/policyDefinitions","name":"001802d1-4969-4c82-a700-c29c6c6f9bbd"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd","type":"Microsoft.Authorization/policyDefinitions","name":"001802d1-4969-4c82-a700-c29c6c6f9bbd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1375 - Incident Response Assistance | Automation Support For
+ Availability Of Information / Support","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1375"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/00379355-8932-4b52-b63a-3bc6daf3451a","type":"Microsoft.Authorization/policyDefinitions","name":"00379355-8932-4b52-b63a-3bc6daf3451a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1605 - Developer Security Testing And Evaluation | Static
+ Code Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1605"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0062eb8b-dc75-4718-8ea5-9bb4a9606655","type":"Microsoft.Authorization/policyDefinitions","name":"0062eb8b-dc75-4718-8ea5-9bb4a9606655"},{"properties":{"displayName":"Microsoft
+ Managed Control 1142 - Security Assessment And Authorization Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1142"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/01524fa8-4555-48ce-ba5f-c3b8dcef5147","type":"Microsoft.Authorization/policyDefinitions","name":"01524fa8-4555-48ce-ba5f-c3b8dcef5147"},{"properties":{"displayName":"Microsoft
+ Managed Control 1099 - Security Training Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1099"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/01910bab-8639-4bd0-84ef-cc53b24d79ba","type":"Microsoft.Authorization/policyDefinitions","name":"01910bab-8639-4bd0-84ef-cc53b24d79ba"},{"properties":{"displayName":"Microsoft
+ Managed Control 1285 - Telecommunications Services | Provider Contingency
+ Plan","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1285"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/01f7726b-db54-45c2-bcb5-9bd7a43796ee","type":"Microsoft.Authorization/policyDefinitions","name":"01f7726b-db54-45c2-bcb5-9bd7a43796ee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1709 - Security Function Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1709"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/025992d6-7fee-4137-9bbf-2ffc39c0686c","type":"Microsoft.Authorization/policyDefinitions","name":"025992d6-7fee-4137-9bbf-2ffc39c0686c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1052 - Session Lock","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1052"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/027cae1c-ec3e-4492-9036-4168d540c42a","type":"Microsoft.Authorization/policyDefinitions","name":"027cae1c-ec3e-4492-9036-4168d540c42a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1034 - Least Privilege","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1034"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02a5ed00-6d2e-4e97-9a98-46c32c057329","type":"Microsoft.Authorization/policyDefinitions","name":"02a5ed00-6d2e-4e97-9a98-46c32c057329"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs on which the remote host connection status
does not match the specified one","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -4185,12 +5012,68 @@ interactions:
auditing Windows virtual machines on which the remote host connection status
does not match the specified one. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsRemoteConnection","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02a84be7-c304-421f-9bb7-5d2c26af54ad","type":"Microsoft.Authorization/policyDefinitions","name":"02a84be7-c304-421f-9bb7-5d2c26af54ad"},{"properties":{"displayName":"SQL
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsRemoteConnection","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02a84be7-c304-421f-9bb7-5d2c26af54ad","type":"Microsoft.Authorization/policyDefinitions","name":"02a84be7-c304-421f-9bb7-5d2c26af54ad"},{"properties":{"displayName":"Microsoft
+ Managed Control 1623 - Boundary Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1623"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02ce1b22-412a-4528-8630-c42146f917ed","type":"Microsoft.Authorization/policyDefinitions","name":"02ce1b22-412a-4528-8630-c42146f917ed"},{"properties":{"displayName":"Microsoft
+ Managed Control 1515 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1515"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02dd141a-a2b2-49a7-bcbd-ca31142f6211","type":"Microsoft.Authorization/policyDefinitions","name":"02dd141a-a2b2-49a7-bcbd-ca31142f6211"},{"properties":{"displayName":"Microsoft
+ Managed Control 1327 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1327"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03188d8f-1ae5-4fe1-974d-2d7d32ef937d","type":"Microsoft.Authorization/policyDefinitions","name":"03188d8f-1ae5-4fe1-974d-2d7d32ef937d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1229 - Information System Component Inventory | No Duplicate
+ Accounting Of Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1229"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03752212-103c-4ab8-a306-7e813022ca9d","type":"Microsoft.Authorization/policyDefinitions","name":"03752212-103c-4ab8-a306-7e813022ca9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1123 - Audit Review, Analysis, And Reporting | Audit Level
+ Adjustment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1123"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03996055-37a4-45a5-8b70-3f1caa45f87d","type":"Microsoft.Authorization/policyDefinitions","name":"03996055-37a4-45a5-8b70-3f1caa45f87d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1474 - Emergency Power | Long-Term Alternate Power Supply
+ - Minimal Operational Capability","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1474"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03ad326e-d7a1-44b1-9a76-e17492efc9e4","type":"Microsoft.Authorization/policyDefinitions","name":"03ad326e-d7a1-44b1-9a76-e17492efc9e4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1227 - Information System Component Inventory | Automated
+ Unauthorized Component Detection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1227"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03b78f5e-4877-4303-b0f4-eb6583f25768","type":"Microsoft.Authorization/policyDefinitions","name":"03b78f5e-4877-4303-b0f4-eb6583f25768"},{"properties":{"displayName":"Microsoft
+ Managed Control 1361 - Incident Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1361"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03ed3be1-7276-4452-9a5d-e4168565ac67","type":"Microsoft.Authorization/policyDefinitions","name":"03ed3be1-7276-4452-9a5d-e4168565ac67"},{"properties":{"displayName":"Microsoft
+ Managed Control 1594 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1594"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/042ba2a1-8bb8-45f4-b080-c78cf62b90e9","type":"Microsoft.Authorization/policyDefinitions","name":"042ba2a1-8bb8-45f4-b080-c78cf62b90e9"},{"properties":{"displayName":"SQL
managed instance TDE protector should be encrypted with your own key","policyType":"BuiltIn","mode":"Indexed","description":"Transparent
Data Encryption (TDE) with your own key support provides increased transparency
and control over the TDE Protector, increased security with an HSM-backed
external service, and promotion of separation of duties.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/encryptionProtector","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/managedInstances/encryptionProtector/serverKeyType","equals":"AzureKeyVault"},{"field":"Microsoft.Sql/managedInstances/encryptionProtector/uri","notEquals":""},{"field":"Microsoft.Sql/managedInstances/encryptionProtector/uri","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","type":"Microsoft.Authorization/policyDefinitions","name":"048248b0-55cd-46da-b1ff-39efd52db260"},{"properties":{"displayName":"[Preview]:
+ Network traffic data collection agent should be installed on Linux virtual
+ machines","policyType":"BuiltIn","mode":"Indexed","description":"Security
+ Center uses the Microsoft Monitoring Dependency Agent to collect network traffic
+ data from your Azure virtual machines to enable advanced network protection
+ features such as traffic visualization on the network map, network hardening
+ recommendations and specific network threats.","metadata":{"category":"Monitoring","preview":"true"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable Dependency Agent for Linux VMs monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/04c4380f-3fae-46e8-96c9-30193528f602","type":"Microsoft.Authorization/policyDefinitions","name":"04c4380f-3fae-46e8-96c9-30193528f602"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Service Bus to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Service Bus to stream to a regional Log Analytics
+ workspace when any Service Bus which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.ServiceBus/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e","type":"Microsoft.Authorization/policyDefinitions","name":"04d53d87-841c-4f23-8a5b-21564380b55e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1572 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1572"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/04f5fb00-80bb-48a9-a75b-4cb4d4c97c36","type":"Microsoft.Authorization/policyDefinitions","name":"04f5fb00-80bb-48a9-a75b-4cb4d4c97c36"},{"properties":{"displayName":"[Preview]:
Deploy Log Analytics Agent for Linux VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined
and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log
@@ -4203,7 +5086,10 @@ interactions:
''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77","type":"Microsoft.Authorization/policyDefinitions","name":"053d3325-282c-4e5c-b944-24faffd30d77"},{"properties":{"displayName":"Vulnerability
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77","type":"Microsoft.Authorization/policyDefinitions","name":"053d3325-282c-4e5c-b944-24faffd30d77"},{"properties":{"displayName":"Microsoft
+ Managed Control 1331 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1331"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05460fe2-301f-4ed1-8174-d62c8bb92ff4","type":"Microsoft.Authorization/policyDefinitions","name":"05460fe2-301f-4ed1-8174-d62c8bb92ff4"},{"properties":{"displayName":"Vulnerability
Assessment settings for SQL server should contain an email address to receive
scan reports","policyType":"BuiltIn","mode":"Indexed","description":"Ensure
that an email address is provided for the ''Send scan reports to'' field in
@@ -4216,12 +5102,44 @@ interactions:
your network is compromised","metadata":{"category":"Data Lake"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","type":"Microsoft.Authorization/policyDefinitions","name":"057ef27e-665e-4328-8ea3-04b3122bd9fb"},{"properties":{"displayName":"[Deprecated]:
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","type":"Microsoft.Authorization/policyDefinitions","name":"057ef27e-665e-4328-8ea3-04b3122bd9fb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1132 - Protection Of Audit Information | Audit Backup On Separate
+ Physical Systems / Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1132"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05938e10-cdbd-4a54-9b2b-1cbcfc141ad0","type":"Microsoft.Authorization/policyDefinitions","name":"05938e10-cdbd-4a54-9b2b-1cbcfc141ad0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1223 - Information System Component Inventory","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1223"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a","type":"Microsoft.Authorization/policyDefinitions","name":"05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1640 - Transmission Confidentiality And Integrity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1640"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05a289ce-6a20-4b75-a0f3-dc8601b6acd0","type":"Microsoft.Authorization/policyDefinitions","name":"05a289ce-6a20-4b75-a0f3-dc8601b6acd0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1420 - Maintenance Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1420"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05ae08cc-a282-413b-90c7-21a2c60b8404","type":"Microsoft.Authorization/policyDefinitions","name":"05ae08cc-a282-413b-90c7-21a2c60b8404"},{"properties":{"displayName":"Microsoft
+ Managed Control 1658 - Secure Name / Address Resolution Service (Recursive
+ Or Caching Resolver)","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1658"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/063b540e-4bdc-4e7a-a569-3a42ddf22098","type":"Microsoft.Authorization/policyDefinitions","name":"063b540e-4bdc-4e7a-a569-3a42ddf22098"},{"properties":{"displayName":"Microsoft
+ Managed Control 1688 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1688"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/063c3f09-e0f0-4587-8fd5-f4276fae675f","type":"Microsoft.Authorization/policyDefinitions","name":"063c3f09-e0f0-4587-8fd5-f4276fae675f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1332 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1332"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/068260be-a5e6-4b0a-a430-cd27071c226a","type":"Microsoft.Authorization/policyDefinitions","name":"068260be-a5e6-4b0a-a430-cd27071c226a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1455 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1455"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/068a88d4-e520-434e-baf0-9005a8164e6a","type":"Microsoft.Authorization/policyDefinitions","name":"068a88d4-e520-434e-baf0-9005a8164e6a"},{"properties":{"displayName":"[Deprecated]:
Audit SQL DB Level Audit Setting","policyType":"BuiltIn","mode":"All","description":"Audit
DB level audit setting for SQL databases","metadata":{"category":"SQL","deprecated":true},"parameters":{"setting":{"type":"String","metadata":{"displayName":"Audit
Setting"},"allowedValues":["enabled","disabled"]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Sql/servers/databases/auditingSettings","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/auditingSettings.state","equals":"[parameters(''setting'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"Audit
VMs that do not use managed disks","policyType":"BuiltIn","mode":"All","description":"This
- policy audits VMs that do not use managed disks","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/virtualMachines/osDisk.uri","exists":"True"}]},{"allOf":[{"field":"type","equals":"Microsoft.Compute/VirtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers","exists":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl","exists":"True"}]}]}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a4d"},{"properties":{"displayName":"CORS
+ policy audits VMs that do not use managed disks","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/virtualMachines/osDisk.uri","exists":"True"}]},{"allOf":[{"field":"type","equals":"Microsoft.Compute/VirtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers","exists":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl","exists":"True"}]}]}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a4d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1366 - Incident Handling | Information Correlation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1366"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06c45c30-ae44-4f0f-82be-41331da911cc","type":"Microsoft.Authorization/policyDefinitions","name":"06c45c30-ae44-4f0f-82be-41331da911cc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1633 - Boundary Protection | Route Traffic To Authenticated
+ Proxy Servers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1633"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/07557aa0-e02f-4460-9a81-8ecd2fed601a","type":"Microsoft.Authorization/policyDefinitions","name":"07557aa0-e02f-4460-9a81-8ecd2fed601a"},{"properties":{"displayName":"CORS
should not allow every resource to access your Function Apps","policyType":"BuiltIn","mode":"Indexed","description":"Cross-Origin
Resource Sharing (CORS) should not allow all domains to access your Function
app. Allow only required domains to interact with your Function app.","metadata":{"category":"App
@@ -4240,12 +5158,30 @@ interactions:
''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c","type":"Microsoft.Authorization/policyDefinitions","name":"0868462e-646c-4fe3-9ced-a733534b6a2c"},{"properties":{"displayName":"[Deprecated]:
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c","type":"Microsoft.Authorization/policyDefinitions","name":"0868462e-646c-4fe3-9ced-a733534b6a2c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1583 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1583"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0882d488-8e80-4466-bc0f-0cd15b6cb66d","type":"Microsoft.Authorization/policyDefinitions","name":"0882d488-8e80-4466-bc0f-0cd15b6cb66d"},{"properties":{"displayName":"[Deprecated]:
Audit Web Applications that are not using latest supported PHP Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported PHP version for the latest security classes. Using older
classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c","type":"Microsoft.Authorization/policyDefinitions","name":"08b17839-76c6-4015-90e0-33d9d54d219c"},{"properties":{"displayName":"Network
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c","type":"Microsoft.Authorization/policyDefinitions","name":"08b17839-76c6-4015-90e0-33d9d54d219c"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Search Services to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Search Services to stream to a regional Log Analytics
+ workspace when any Search Services which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Search/searchServices/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d","type":"Microsoft.Authorization/policyDefinitions","name":"08ba64b8-738f-4918-9686-730d2ed79c7d"},{"properties":{"displayName":"Network
Security Group Rules for Internet facing virtual machines should be hardened","policyType":"BuiltIn","mode":"Indexed","description":"Azure
Security Center analyzes the traffic patterns of Internet facing virtual machines
and provides Network Security Group rule recommendations that reduce the potential
@@ -4254,11 +5190,50 @@ interactions:
should be more than one owner assigned to your subscription","policyType":"BuiltIn","mode":"All","description":"It
is recommended to designate more than one subscription owner in order to have
administrator access redundancy.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateMoreThanOneOwner","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","type":"Microsoft.Authorization/policyDefinitions","name":"09024ccc-0c5f-475e-9457-b7c0d9ed487b"},{"properties":{"displayName":"Disk
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateMoreThanOneOwner","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","type":"Microsoft.Authorization/policyDefinitions","name":"09024ccc-0c5f-475e-9457-b7c0d9ed487b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1159 - Security Authorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1159"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0925f098-7877-450b-8ba4-d1e55f2d8795","type":"Microsoft.Authorization/policyDefinitions","name":"0925f098-7877-450b-8ba4-d1e55f2d8795"},{"properties":{"displayName":"Disk
encryption should be applied on virtual machines","policyType":"BuiltIn","mode":"All","description":"VMs
without an enabled disk encryption will be monitored by Azure Security Center
as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","type":"Microsoft.Authorization/policyDefinitions","name":"0961003e-5a0a-4549-abde-af6a37f2724d"},{"properties":{"displayName":"Audit
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","type":"Microsoft.Authorization/policyDefinitions","name":"0961003e-5a0a-4549-abde-af6a37f2724d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1302 - Identification And Authentication (Org. Users) | Network
+ Access To Non-Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1302"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09828c65-e323-422b-9774-9d5c646124da","type":"Microsoft.Authorization/policyDefinitions","name":"09828c65-e323-422b-9774-9d5c646124da"},{"properties":{"displayName":"Configure
+ backup on VMs of a location to an existing central Vault in the same location","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy configures Azure Backup protection on VMs in a given location to an
+ existing central vault in the same location. It applies to only those VMs
+ that are not already configured for backup. It is recommended that this policy
+ is assigned to not more than 200 VMs. If the policy is assigned for more than
+ 200 VMs, it can result in the backup getting triggered a few hours beyond
+ the defined schedule. This policy will be enhanced to support more VM images.","metadata":{"category":"Backup"},"parameters":{"vaultLocation":{"type":"String","metadata":{"displayName":"Location
+ (Specify the location of the VMs that you want to protect)","description":"Specify
+ the location of the VMs that you want to protect. VMs should be backed up
+ to a vault in the same location.\nFor example - southeastasia","strongType":"location"}},"backupPolicyId":{"type":"String","metadata":{"displayName":"Backup
+ Policy (of type Azure VM from a vault in the location chosen above)","description":"Specify
+ the id of the Azure backup policy to configure backup of the virtual machines.
+ The selected Azure backup policy should be of type Azure virtual machine.
+ This policy needs to be in a vault that is present in the location chosen
+ above.\nFor example - /subscriptions//resourceGroups//providers/Microsoft.RecoveryServices/vaults//backupPolicies/","strongType":"Microsoft.RecoveryServices/vaults/backupPolicies"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["deployIfNotExists","auditIfNotExists","disabled"],"defaultValue":"deployIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"location","equals":"[parameters(''vaultLocation'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c","/providers/microsoft.authorization/roleDefinitions/5e467623-bb1f-42f4-a55d-6e525e11384b"],"type":"Microsoft.RecoveryServices/backupprotecteditems","deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"backupPolicyId":{"type":"String"},"fabricName":{"type":"String"},"protectionContainers":{"type":"String"},"protectedItems":{"type":"String"},"sourceResourceId":{"type":"String"}},"resources":[{"apiVersion":"2017-05-10","name":"[concat(''DeployProtection-'',uniqueString(parameters(''protectedItems'')))]","type":"Microsoft.Resources/deployments","resourceGroup":"[first(skip(split(parameters(''backupPolicyId''),
+ ''/''), 4))]","subscriptionId":"[first(skip(split(parameters(''backupPolicyId''),
+ ''/''), 2))]","properties":{"mode":"Incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"backupPolicyId":{"type":"String"},"fabricName":{"type":"String"},"protectionContainers":{"type":"String"},"protectedItems":{"type":"String"},"sourceResourceId":{"type":"String"}},"resources":[{"type":"Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems","name":"[concat(first(skip(split(parameters(''backupPolicyId''),
+ ''/''), 8)), ''/'', parameters(''fabricName''), ''/'',parameters(''protectionContainers''),
+ ''/'', parameters(''protectedItems''))]","apiVersion":"2016-06-01","properties":{"protectedItemType":"Microsoft.Compute/virtualMachines","policyId":"[parameters(''backupPolicyId'')]","sourceResourceId":"[parameters(''sourceResourceId'')]"}}]},"parameters":{"backupPolicyId":{"value":"[parameters(''backupPolicyId'')]"},"fabricName":{"value":"[parameters(''fabricName'')]"},"protectionContainers":{"value":"[parameters(''protectionContainers'')]"},"protectedItems":{"value":"[parameters(''protectedItems'')]"},"sourceResourceId":{"value":"[parameters(''sourceResourceId'')]"}}}}]},"parameters":{"backupPolicyId":{"value":"[parameters(''backupPolicyId'')]"},"fabricName":{"value":"Azure"},"protectionContainers":{"value":"[concat(''iaasvmcontainer;iaasvmcontainerv2;'',
+ resourceGroup().name, '';'' ,field(''name''))]"},"protectedItems":{"value":"[concat(''vm;iaasvmcontainerv2;'',
+ resourceGroup().name, '';'' ,field(''name''))]"},"sourceResourceId":{"value":"[concat(''/subscriptions/'',
+ subscription().subscriptionId, ''/resourceGroups/'', resourceGroup().name,
+ ''/providers/Microsoft.Compute/virtualMachines/'',field(''name''))]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09ce66bc-1220-4153-8104-e3f51c936913","type":"Microsoft.Authorization/policyDefinitions","name":"09ce66bc-1220-4153-8104-e3f51c936913"},{"properties":{"displayName":"Microsoft
+ Managed Control 1654 - Voice Over Internet Protocol","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1654"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a2ee16e-ab1f-414a-800b-d1608835862b","type":"Microsoft.Authorization/policyDefinitions","name":"0a2ee16e-ab1f-414a-800b-d1608835862b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1402 - Controlled Maintenance | Automated Maintenance Activities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1402"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a560d32-8075-4fec-9615-9f7c853f4ea9","type":"Microsoft.Authorization/policyDefinitions","name":"0a560d32-8075-4fec-9615-9f7c853f4ea9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1428 - Media Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1428"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a77fcc7-b8d8-451a-ab52-56197913c0c7","type":"Microsoft.Authorization/policyDefinitions","name":"0a77fcc7-b8d8-451a-ab52-56197913c0c7"},{"properties":{"displayName":"Audit
resource location matches resource group location","policyType":"BuiltIn","mode":"Indexed","description":"Audit
that the resource location matches its resource group location","metadata":{"category":"General"},"policyRule":{"if":{"field":"location","notIn":["[resourcegroup().location]","global"]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a","type":"Microsoft.Authorization/policyDefinitions","name":"0a914e76-4921-4c19-b460-a2d36003525a"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
@@ -4271,13 +5246,26 @@ interactions:
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesAccountManagement","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesAccountManagement"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29","type":"Microsoft.Authorization/policyDefinitions","name":"0a9991e6-21be-49f9-8916-a06d934bcf29"},{"properties":{"displayName":"Email
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29","type":"Microsoft.Authorization/policyDefinitions","name":"0a9991e6-21be-49f9-8916-a06d934bcf29"},{"properties":{"displayName":"Microsoft
+ Managed Control 1044 - Unsuccessful Logon Attempts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1044"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0abbac52-57cf-450d-8408-1208d0dd9e90","type":"Microsoft.Authorization/policyDefinitions","name":"0abbac52-57cf-450d-8408-1208d0dd9e90"},{"properties":{"displayName":"Microsoft
+ Managed Control 1253 - Contingency Plan | Resume Essential Missions / Business
+ Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1253"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0afce0b3-dd9f-42bb-af28-1e4284ba8311","type":"Microsoft.Authorization/policyDefinitions","name":"0afce0b3-dd9f-42bb-af28-1e4284ba8311"},{"properties":{"displayName":"Email
notification to subscription owner for high severity alerts should be enabled","policyType":"BuiltIn","mode":"All","description":"Enable
emailing security alerts to the subscription owner, in order to have them
receive security alert emails from Microsoft. This ensures that they are aware
of any potential security issues and can mitigate the risk in a timely fashion","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertsToAdmins","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","type":"Microsoft.Authorization/policyDefinitions","name":"0b15565f-aa9e-48ba-8619-45960f2c314d"},{"properties":{"displayName":"Key
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertsToAdmins","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","type":"Microsoft.Authorization/policyDefinitions","name":"0b15565f-aa9e-48ba-8619-45960f2c314d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1046 - Automatic Account Lock | Purge / Wipe Mobile Device","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1046"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b1aa965-7502-41f9-92be-3e2fe7cc392a","type":"Microsoft.Authorization/policyDefinitions","name":"0b1aa965-7502-41f9-92be-3e2fe7cc392a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1020 - Account Management | Role-Based Schemes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1020"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b291ee8-3140-4cad-beb7-568c077c78ce","type":"Microsoft.Authorization/policyDefinitions","name":"0b291ee8-3140-4cad-beb7-568c077c78ce"},{"properties":{"displayName":"Key
Vault objects should be recoverable","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits if key vault objects are not recoverable. Soft Delete feature
helps to effectively hold the resources for a given retention period (90 days)
@@ -4286,19 +5274,51 @@ interactions:
state cannot be purged until the retention period of 90 days has passed. These
vaults and objects can still be recovered, assuring customers that the retention
policy will be followed.","metadata":{"category":"Key Vault"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"anyOf":[{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","equals":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","type":"Microsoft.Authorization/policyDefinitions","name":"0b60c0b2-2dc2-4e1c-b5c9-abbed971de53"},{"properties":{"displayName":"SQL
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"anyOf":[{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","equals":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","type":"Microsoft.Authorization/policyDefinitions","name":"0b60c0b2-2dc2-4e1c-b5c9-abbed971de53"},{"properties":{"displayName":"Microsoft
+ Managed Control 1115 - Audit Review, Analysis, And Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1115"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b653845-2ad9-4e09-a4f3-5a7c1d78353d","type":"Microsoft.Authorization/policyDefinitions","name":"0b653845-2ad9-4e09-a4f3-5a7c1d78353d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1239 - User-Installed Software","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1239"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0be51298-f643-4556-88af-d7db90794879","type":"Microsoft.Authorization/policyDefinitions","name":"0be51298-f643-4556-88af-d7db90794879"},{"properties":{"displayName":"Ensure
+ API app has ''Client Certificates (Incoming client certificates)'' set to
+ ''On''","policyType":"BuiltIn","mode":"Indexed","description":"Client certificates
+ allow for the app to request a certificate for incoming requests. Only clients
+ that have a valid certificate will be able to reach the app.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"},{"field":"Microsoft.Web/sites/clientCertEnabled","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886","type":"Microsoft.Authorization/policyDefinitions","name":"0c192fe8-9cbb-4516-85b3-0ade8bd03886"},{"properties":{"displayName":"Microsoft
+ Managed Control 1496 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1496"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0ca96127-2f87-46ab-a4fc-0d2a786df1c8","type":"Microsoft.Authorization/policyDefinitions","name":"0ca96127-2f87-46ab-a4fc-0d2a786df1c8"},{"properties":{"displayName":"SQL
server TDE protector should be encrypted with your own key","policyType":"BuiltIn","mode":"Indexed","description":"Transparent
Data Encryption (TDE) with your own key support provides increased transparency
and control over the TDE Protector, increased security with an HSM-backed
external service, and promotion of separation of duties.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/encryptionProtector","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/servers/encryptionProtector/serverKeyType","equals":"AzureKeyVault"},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","notEquals":""},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","type":"Microsoft.Authorization/policyDefinitions","name":"0d134df8-db83-46fb-ad72-fe0c9428c8dd"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/encryptionProtector","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/servers/encryptionProtector/serverKeyType","equals":"AzureKeyVault"},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","notEquals":""},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","type":"Microsoft.Authorization/policyDefinitions","name":"0d134df8-db83-46fb-ad72-fe0c9428c8dd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1518 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1518"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d58f734-c052-40e9-8b2f-a1c2bff0b815","type":"Microsoft.Authorization/policyDefinitions","name":"0d58f734-c052-40e9-8b2f-a1c2bff0b815"},{"properties":{"displayName":"Microsoft
+ Managed Control 1713 - Software, Firmware, And Information Integrity | Integrity
+ Checks","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1713"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d87c70b-5012-48e9-994b-e70dd4b8def0","type":"Microsoft.Authorization/policyDefinitions","name":"0d87c70b-5012-48e9-994b-e70dd4b8def0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1466 - Visitor Access Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1466"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d943a9c-a6f1-401f-a792-740cdb09c451","type":"Microsoft.Authorization/policyDefinitions","name":"0d943a9c-a6f1-401f-a792-740cdb09c451"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs on which Windows Defender Exploit Guard
is not enabled","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines on which Windows Defender Exploit Guard is not enabled. For
more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDefenderExploitGuard","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053","type":"Microsoft.Authorization/policyDefinitions","name":"0d9b45ff-9ddd-43fc-bf59-fbd1c8423053"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDefenderExploitGuard","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053","type":"Microsoft.Authorization/policyDefinitions","name":"0d9b45ff-9ddd-43fc-bf59-fbd1c8423053"},{"properties":{"displayName":"Managed
+ identity should be used in your Function App","policyType":"BuiltIn","mode":"Indexed","description":"Use
+ a managed identity for enhanced authentication security","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f","type":"Microsoft.Authorization/policyDefinitions","name":"0da106f2-4ca3-48e8-bc85-c638fe6aea8f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1718 - Software, Firmware, And Information Integrity | Binary
+ Or Machine Executable Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1718"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0dced7ab-9ce5-4137-93aa-14c13e06ab17","type":"Microsoft.Authorization/policyDefinitions","name":"0dced7ab-9ce5-4137-93aa-14c13e06ab17"},{"properties":{"displayName":"[Preview]:
Authorized IP ranges should be defined on Kubernetes Services","policyType":"BuiltIn","mode":"All","description":"Restrict
access to the Kubernetes Service Management API by granting API access only
to IP addresses in specific ranges. It is recommended to limit access to authorized
@@ -4308,7 +5328,42 @@ interactions:
debugging should be turned off for Function Apps","policyType":"BuiltIn","mode":"Indexed","description":"Remote
debugging requires inbound ports to be opened on an function app. Remote debugging
should be turned off.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","type":"Microsoft.Authorization/policyDefinitions","name":"0e60b895-3786-45da-8377-9c6b4b6ac5f9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","type":"Microsoft.Authorization/policyDefinitions","name":"0e60b895-3786-45da-8377-9c6b4b6ac5f9"},{"properties":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for MariaDB","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure Database for MariaDB with geo-redundant backup not
+ enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMariaDB/servers"},{"field":"Microsoft.DBforMariaDB/servers/storageProfile.geoRedundantBackup","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","type":"Microsoft.Authorization/policyDefinitions","name":"0ec47710-77ff-4a3d-9181-6aa50af424d0"},{"properties":{"displayName":"Deploy
+ prerequisites to enable Guest Configuration Policy on Windows VMs.","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a system-assigned managed identity and deploys the VM extension
+ for Guest Configuration on Windows VMs. This is a prerequisites for Guest
+ Configuration Policy and must be assigned to the scope before using any Guest
+ Configuration policy. For more information on Guest Configuration policies,
+ please visit https://aka.ms/gcpol.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.Compute/virtualMachines/extensions","name":"AzurePolicyforWindows","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.GuestConfiguration"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"ConfigurationforWindows"}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"resources":[{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}}}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0ecd903d-91e7-4726-83d3-a229d7f2e293","type":"Microsoft.Authorization/policyDefinitions","name":"0ecd903d-91e7-4726-83d3-a229d7f2e293"},{"properties":{"displayName":"Microsoft
+ Managed Control 1601 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1601"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e","type":"Microsoft.Authorization/policyDefinitions","name":"0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1476 - Fire Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1476"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f3c4ac2-3e35-4906-a80b-473b12a622d7","type":"Microsoft.Authorization/policyDefinitions","name":"0f3c4ac2-3e35-4906-a80b-473b12a622d7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1204 - Access Restrictions For Change | Review System Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1204"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f4f6750-d1ab-4a4c-8dfd-af3237682665","type":"Microsoft.Authorization/policyDefinitions","name":"0f4f6750-d1ab-4a4c-8dfd-af3237682665"},{"properties":{"displayName":"Microsoft
+ Managed Control 1430 - Media Marking","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1430"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f559588-5e53-4b14-a7c4-85d28ebc2234","type":"Microsoft.Authorization/policyDefinitions","name":"0f559588-5e53-4b14-a7c4-85d28ebc2234"},{"properties":{"displayName":"Microsoft
+ Managed Control 1574 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1574"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f935dab-83d6-47b8-85ef-68b8584161b9","type":"Microsoft.Authorization/policyDefinitions","name":"0f935dab-83d6-47b8-85ef-68b8584161b9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1164 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1164"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0fb8d3ce-9e96-481c-9c68-88d4e3019310","type":"Microsoft.Authorization/policyDefinitions","name":"0fb8d3ce-9e96-481c-9c68-88d4e3019310"},{"properties":{"displayName":"Microsoft
+ Managed Control 1017 - Account Management | Inactivity Logout","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1017"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0fc3db37-e59a-48c1-84e9-1780cedb409e","type":"Microsoft.Authorization/policyDefinitions","name":"0fc3db37-e59a-48c1-84e9-1780cedb409e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1087 - Security Awareness And Training Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1087"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/100c82ba-42e9-4d44-a2ba-94b209248583","type":"Microsoft.Authorization/policyDefinitions","name":"100c82ba-42e9-4d44-a2ba-94b209248583"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not contain the specified
certificates in Trusted Root","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows VMs that
@@ -4329,10 +5384,27 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprints'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/106ccbe4-a791-4f33-a44a-06796944b8d5","type":"Microsoft.Authorization/policyDefinitions","name":"106ccbe4-a791-4f33-a44a-06796944b8d5"},{"properties":{"displayName":"Custom
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/106ccbe4-a791-4f33-a44a-06796944b8d5","type":"Microsoft.Authorization/policyDefinitions","name":"106ccbe4-a791-4f33-a44a-06796944b8d5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1554 - Vulnerability Scanning | Discoverable Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1554"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/10984b4e-c93e-48d7-bf20-9c03b04e9eca","type":"Microsoft.Authorization/policyDefinitions","name":"10984b4e-c93e-48d7-bf20-9c03b04e9eca"},{"properties":{"displayName":"Ensure
+ that ''.Net Framework'' version is the latest, if used as a part of the Function
+ App","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for .Net Framework software either due to security
+ flaws or to include additional functionality. Using the latest .Net framework
+ version for web apps is recommended in order to to take advantage of security
+ fixes, if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.netFrameworkVersion","in":["v3.0","v4.0"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/10c1859c-e1a7-4df3-ab97-a487fa8059f6","type":"Microsoft.Authorization/policyDefinitions","name":"10c1859c-e1a7-4df3-ab97-a487fa8059f6"},{"properties":{"displayName":"Custom
subscription owner roles should not exist","policyType":"BuiltIn","mode":"All","description":"This
policy ensures that no custom subscription owner roles exist.","metadata":{"category":"General"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Authorization/roleDefinitions"},{"field":"Microsoft.Authorization/roleDefinitions/type","equals":"CustomRole"},{"anyOf":[{"not":{"field":"Microsoft.Authorization/roleDefinitions/permissions[*].actions[*]","notEquals":"*"}},{"not":{"field":"Microsoft.Authorization/roleDefinitions/permissions.actions[*]","notEquals":"*"}}]},{"not":{"field":"Microsoft.Authorization/roleDefinitions/assignableScopes[*]","notIn":["[concat(subscription().id,''/'')]","[subscription().id]","/"]}},{"not":{"field":"Microsoft.Authorization/roleDefinitions/assignableScopes[*]","notLike":"/providers/Microsoft.Management/*"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","type":"Microsoft.Authorization/policyDefinitions","name":"10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Authorization/roleDefinitions"},{"field":"Microsoft.Authorization/roleDefinitions/type","equals":"CustomRole"},{"anyOf":[{"not":{"field":"Microsoft.Authorization/roleDefinitions/permissions[*].actions[*]","notEquals":"*"}},{"not":{"field":"Microsoft.Authorization/roleDefinitions/permissions.actions[*]","notEquals":"*"}}]},{"not":{"field":"Microsoft.Authorization/roleDefinitions/assignableScopes[*]","notIn":["[concat(subscription().id,''/'')]","[subscription().id]","/"]}},{"not":{"field":"Microsoft.Authorization/roleDefinitions/assignableScopes[*]","notLike":"/providers/Microsoft.Management/*"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","type":"Microsoft.Authorization/policyDefinitions","name":"10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1230 - Configuration Management Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1230"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11158848-f679-4e9b-aa7b-9fb07d945071","type":"Microsoft.Authorization/policyDefinitions","name":"11158848-f679-4e9b-aa7b-9fb07d945071"},{"properties":{"displayName":"Microsoft
+ Managed Control 1432 - Media Storage","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1432"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1140e542-b80d-4048-af45-3f7245be274b","type":"Microsoft.Authorization/policyDefinitions","name":"1140e542-b80d-4048-af45-3f7245be274b"},{"properties":{"displayName":"[Preview]:
Audit Dependency Agent Deployment - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports
VMs as non-compliant if the VM Image (OS) is not in the list defined and the
agent is not installed. The list of OS images will be updated over time as
@@ -4340,7 +5412,16 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","type":"Microsoft.Authorization/policyDefinitions","name":"11ac78e3-31bc-4f0c-8434-37ab963cea07"},{"properties":{"displayName":"[Preview]:
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","type":"Microsoft.Authorization/policyDefinitions","name":"11ac78e3-31bc-4f0c-8434-37ab963cea07"},{"properties":{"displayName":"Microsoft
+ Managed Control 1655 - Voice Over Internet Protocol","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1655"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/121eab72-390e-4629-a7e2-6d6184f57c6b","type":"Microsoft.Authorization/policyDefinitions","name":"121eab72-390e-4629-a7e2-6d6184f57c6b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1681 - Malicious Code Protection | Automatic Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1681"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12623e7e-4736-4b2e-b776-c1600f35f93a","type":"Microsoft.Authorization/policyDefinitions","name":"12623e7e-4736-4b2e-b776-c1600f35f93a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1240 - User-Installed Software","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1240"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/129eb39f-d79a-4503-84cd-92f036b5e429","type":"Microsoft.Authorization/policyDefinitions","name":"129eb39f-d79a-4503-84cd-92f036b5e429"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- System objects''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4351,7 +5432,10 @@ interactions:
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsSystemobjects","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsSystemobjects"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12ae2d24-3805-4b37-9fa9-465968bfbcfa","type":"Microsoft.Authorization/policyDefinitions","name":"12ae2d24-3805-4b37-9fa9-465968bfbcfa"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12ae2d24-3805-4b37-9fa9-465968bfbcfa","type":"Microsoft.Authorization/policyDefinitions","name":"12ae2d24-3805-4b37-9fa9-465968bfbcfa"},{"properties":{"displayName":"Microsoft
+ Managed Control 1666 - System And Information Integrity Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1666"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12e30ee3-61e6-4509-8302-a871e8ebb91e","type":"Microsoft.Authorization/policyDefinitions","name":"12e30ee3-61e6-4509-8302-a871e8ebb91e"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that do not have the specified applications
installed","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4371,7 +5455,26 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]bwhitelistedapp;Name","value":"[parameters(''installedApplication'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6","type":"Microsoft.Authorization/policyDefinitions","name":"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6","type":"Microsoft.Authorization/policyDefinitions","name":"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1347 - Identification And Authentication (Non-Org. Users)
+ | Acceptance Of PIV Creds. From Other Agys.","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1347"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/131a2706-61e9-4916-a164-00e052056462","type":"Microsoft.Authorization/policyDefinitions","name":"131a2706-61e9-4916-a164-00e052056462"},{"properties":{"displayName":"Microsoft
+ Managed Control 1450 - Physical Access Authorizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1450"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/134d7a13-ba3e-41e2-b236-91bfcfa24e01","type":"Microsoft.Authorization/policyDefinitions","name":"134d7a13-ba3e-41e2-b236-91bfcfa24e01"},{"properties":{"displayName":"Microsoft
+ Managed Control 1184 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1184"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/13579d0e-0ab0-4b26-b0fb-d586f6d7ed20","type":"Microsoft.Authorization/policyDefinitions","name":"13579d0e-0ab0-4b26-b0fb-d586f6d7ed20"},{"properties":{"displayName":"Microsoft
+ Managed Control 1085 - Publicly Accessible Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1085"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/13d117e0-38b0-4bbb-aaab-563be5dd10ba","type":"Microsoft.Authorization/policyDefinitions","name":"13d117e0-38b0-4bbb-aaab-563be5dd10ba"},{"properties":{"displayName":"Microsoft
+ Managed Control 1404 - Maintenance Tools","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1404"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/13d8f903-0cd6-449f-a172-50f6579c182b","type":"Microsoft.Authorization/policyDefinitions","name":"13d8f903-0cd6-449f-a172-50f6579c182b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1695 - Information System Monitoring | Wireless Intrusion
+ Detection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1695"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/13fcf812-ec82-4eda-9b89-498de9efd620","type":"Microsoft.Authorization/policyDefinitions","name":"13fcf812-ec82-4eda-9b89-498de9efd620"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs in which the Administrators group contains
any of the specified members","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4391,7 +5494,15 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToExclude","value":"[parameters(''MembersToExclude'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","type":"Microsoft.Authorization/policyDefinitions","name":"144f1397-32f9-4598-8c88-118decc3ccba"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","type":"Microsoft.Authorization/policyDefinitions","name":"144f1397-32f9-4598-8c88-118decc3ccba"},{"properties":{"displayName":"Microsoft
+ Managed Control 1157 - Plan Of Action And Milestones","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1157"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/15495367-cf68-464c-bbc3-f53ca5227b7a","type":"Microsoft.Authorization/policyDefinitions","name":"15495367-cf68-464c-bbc3-f53ca5227b7a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1491 - Security Planning Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1491"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1571dd40-dafc-4ef4-8f55-16eba27efc7b","type":"Microsoft.Authorization/policyDefinitions","name":"1571dd40-dafc-4ef4-8f55-16eba27efc7b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1564 - System Development Life Cycle","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1564"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/157f0ef9-143f-496d-b8f9-f8c8eeaad801","type":"Microsoft.Authorization/policyDefinitions","name":"157f0ef9-143f-496d-b8f9-f8c8eeaad801"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not have a minimum password
age of 1 day","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4399,24 +5510,70 @@ interactions:
managed identity and deploys the VM extension for Guest Configuration. This
policy should only be used along with its corresponding audit policy in an
initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","type":"Microsoft.Authorization/policyDefinitions","name":"16390df4-2f73-4b42-af13-c801066763df"},{"properties":{"displayName":"Show
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","type":"Microsoft.Authorization/policyDefinitions","name":"16390df4-2f73-4b42-af13-c801066763df"},{"properties":{"displayName":"Microsoft
+ Managed Control 1662 - Fail In Known State","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1662"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/165cb91f-7ea8-4ab7-beaf-8636b98c9d15","type":"Microsoft.Authorization/policyDefinitions","name":"165cb91f-7ea8-4ab7-beaf-8636b98c9d15"},{"properties":{"displayName":"Microsoft
+ Managed Control 1684 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1684"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16bfdb59-db38-47a5-88a9-2e9371a638cf","type":"Microsoft.Authorization/policyDefinitions","name":"16bfdb59-db38-47a5-88a9-2e9371a638cf"},{"properties":{"displayName":"Show
audit results from Windows VMs that do not have the specified Windows PowerShell
modules installed","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that do not have the specified Windows PowerShell
modules installed. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellModules","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16f9b37c-4408-4c30-bc17-254958f2e2d6","type":"Microsoft.Authorization/policyDefinitions","name":"16f9b37c-4408-4c30-bc17-254958f2e2d6"},{"properties":{"displayName":"Transparent
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellModules","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16f9b37c-4408-4c30-bc17-254958f2e2d6","type":"Microsoft.Authorization/policyDefinitions","name":"16f9b37c-4408-4c30-bc17-254958f2e2d6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1103 - Audit Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1103"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16feeb31-6377-437e-bbab-d7f73911896d","type":"Microsoft.Authorization/policyDefinitions","name":"16feeb31-6377-437e-bbab-d7f73911896d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1007 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1007"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17200329-bf6c-46d8-ac6d-abf4641c2add","type":"Microsoft.Authorization/policyDefinitions","name":"17200329-bf6c-46d8-ac6d-abf4641c2add"},{"properties":{"displayName":"Microsoft
+ Managed Control 1349 - Identification And Authentication (Non-Org. Users)
+ | Use Of FICAM-Approved Products","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1349"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17641f70-94cd-4a5d-a613-3d1143e20e34","type":"Microsoft.Authorization/policyDefinitions","name":"17641f70-94cd-4a5d-a613-3d1143e20e34"},{"properties":{"displayName":"Deploy
+ associations for a managed application","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ an association resource that associates selected resource types to the specified
+ managed application. This policy deployment does not support nested resource
+ types.","metadata":{"category":"Managed Application"},"parameters":{"targetManagedApplicationId":{"type":"String","metadata":{"displayName":"Managed
+ application Id","description":"Resource ID of the managed application to which
+ resources need to be associated."}},"resourceTypesToAssociate":{"type":"Array","metadata":{"displayName":"Resource
+ types to associate","description":"The list of resource types to be associated
+ to the managed application.","strongType":"resourceTypes"}},"associationNamePrefix":{"type":"String","metadata":{"displayName":"Association
+ name prefix","description":"Prefix to be added to the name of the association
+ resource being created."},"defaultValue":"DeployedByPolicy"}},"policyRule":{"if":{"field":"type","in":"[parameters(''resourceTypesToAssociate'')]"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.CustomProviders/Associations","name":"[concat(parameters(''associationNamePrefix''),
+ ''-'', uniqueString(parameters(''targetManagedApplicationId'')))]","roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"associatedResourceName":{"type":"string"},"resourceTypesToAssociate":{"type":"string"},"targetManagedApplicationId":{"type":"string"},"associationNamePrefix":{"type":"string"}},"variables":{"resourceType":"[concat(parameters(''resourceTypesToAssociate''),
+ ''/providers/associations'')]","resourceName":"[concat(parameters(''associatedResourceName''),
+ ''/microsoft.customproviders/'', parameters(''associationNamePrefix''), ''-'',
+ uniqueString(parameters(''targetManagedApplicationId'')))]"},"resources":[{"type":"Microsoft.Resources/deployments","apiVersion":"2017-05-10","name":"[concat(deployment().Name,
+ ''-2'')]","properties":{"mode":"Incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[{"type":"[variables(''resourceType'')]","name":"[variables(''resourceName'')]","apiVersion":"2018-09-01-preview","properties":{"targetResourceId":"[parameters(''targetManagedApplicationId'')]"}}]}}}]},"parameters":{"resourceTypesToAssociate":{"value":"[field(''type'')]"},"associatedResourceName":{"value":"[field(''name'')]"},"targetManagedApplicationId":{"value":"[parameters(''targetManagedApplicationId'')]"},"associationNamePrefix":{"value":"[parameters(''associationNamePrefix'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17763ad9-70c0-4794-9397-53d765932634","type":"Microsoft.Authorization/policyDefinitions","name":"17763ad9-70c0-4794-9397-53d765932634"},{"properties":{"displayName":"Transparent
Data Encryption on SQL databases should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
transparent data encryption status for SQL databases","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"enabled"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"17k78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"Azure
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"enabled"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"17k78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"Microsoft
+ Managed Control 1325 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1325"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1845796a-7581-49b2-ae20-443121538e19","type":"Microsoft.Authorization/policyDefinitions","name":"1845796a-7581-49b2-ae20-443121538e19"},{"properties":{"displayName":"Microsoft
+ Managed Control 1480 - Temperature And Humidity Controls","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1480"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/18a767cc-1947-4338-a240-bc058c81164f","type":"Microsoft.Authorization/policyDefinitions","name":"18a767cc-1947-4338-a240-bc058c81164f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1369 - Incident Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1369"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/18cc35ed-a429-486d-8d59-cb47e87304ed","type":"Microsoft.Authorization/policyDefinitions","name":"18cc35ed-a429-486d-8d59-cb47e87304ed"},{"properties":{"displayName":"Microsoft
+ Managed Control 1269 - Alternate Storage Site | Separation From Primary Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1269"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/19b9439d-865d-4474-b17d-97d2702fdb66","type":"Microsoft.Authorization/policyDefinitions","name":"19b9439d-865d-4474-b17d-97d2702fdb66"},{"properties":{"displayName":"Microsoft
+ Managed Control 1071 - Wireless Access | Restrict Configurations By Users","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1071"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1a437f5b-9ad6-4f28-8861-de404d511ae4","type":"Microsoft.Authorization/policyDefinitions","name":"1a437f5b-9ad6-4f28-8861-de404d511ae4"},{"properties":{"displayName":"Azure
Monitor log profile should collect logs for categories ''write,'' ''delete,''
and ''action''","policyType":"BuiltIn","mode":"All","description":"This policy
ensures that a log profile collects logs for categories ''write,'' ''delete,''
@@ -4431,7 +5588,16 @@ interactions:
SQL managed instances which do not have recurring vulnerability assessment
scans enabled. Vulnerability assessment can discover, track, and help you
remediate potential database vulnerabilities.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/vulnerabilityAssessments/recurringScans.isEnabled","equals":"True"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","type":"Microsoft.Authorization/policyDefinitions","name":"1b7aa243-30e4-4c9e-bca8-d0d3022b634a"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/vulnerabilityAssessments/recurringScans.isEnabled","equals":"True"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","type":"Microsoft.Authorization/policyDefinitions","name":"1b7aa243-30e4-4c9e-bca8-d0d3022b634a"},{"properties":{"displayName":"Ensure
+ that ''PHP version'' is the latest, if used as a part of the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for PHP software either due to security flaws
+ or to include additional functionality. Using the latest PHP version for API
+ apps is recommended in order to to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ PHP version","description":"Latest supported PHP version for App Services"},"defaultValue":"7.3"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PHP"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PHP|'',
+ parameters(''PHPLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":"[parameters(''PHPLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","type":"Microsoft.Authorization/policyDefinitions","name":"1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba"},{"properties":{"displayName":"[Preview]:
Deploy Dependency Agent for Windows VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined
and the agent is not installed. The list of OS images will be updated over
@@ -4439,19 +5605,42 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentWindows","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''),
''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","type":"Microsoft.Authorization/policyDefinitions","name":"1c210e94-a481-4beb-95fa-1571b434fb04"},{"properties":{"displayName":"Virtual
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","type":"Microsoft.Authorization/policyDefinitions","name":"1c210e94-a481-4beb-95fa-1571b434fb04"},{"properties":{"displayName":"Microsoft
+ Managed Control 1072 - Wireless Access | Antennas / Transmission Power Levels","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1072"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1ca29e41-34ec-4e70-aba9-6248aca18c31","type":"Microsoft.Authorization/policyDefinitions","name":"1ca29e41-34ec-4e70-aba9-6248aca18c31"},{"properties":{"displayName":"Microsoft
+ Managed Control 1656 - Secure Name / Address Resolution Service (Authoritative
+ Source)","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1656"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1cb067d5-c8b5-4113-a7ee-0a493633924b","type":"Microsoft.Authorization/policyDefinitions","name":"1cb067d5-c8b5-4113-a7ee-0a493633924b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1592 - External Information System Services | Consistent Interests
+ Of Consumers And Providers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1592"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d01ba6c-289f-42fd-a408-494b355b6222","type":"Microsoft.Authorization/policyDefinitions","name":"1d01ba6c-289f-42fd-a408-494b355b6222"},{"properties":{"displayName":"Microsoft
+ Managed Control 1088 - Security Awareness And Training Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1088"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d50f99d-1356-49c0-934a-45f742ba7783","type":"Microsoft.Authorization/policyDefinitions","name":"1d50f99d-1356-49c0-934a-45f742ba7783"},{"properties":{"displayName":"Microsoft
+ Managed Control 1538 - Security Categorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1538"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d7658b2-e827-49c3-a2ae-6d2bd0b45874","type":"Microsoft.Authorization/policyDefinitions","name":"1d7658b2-e827-49c3-a2ae-6d2bd0b45874"},{"properties":{"displayName":"Virtual
machines should be migrated to new Azure Resource Manager resources","policyType":"BuiltIn","mode":"All","description":"Use
new Azure Resource Manager for your virtual machines to provide security enhancements
such as: stronger access control (RBAC), better auditing, ARM-based deployment
and governance, access to managed identities, access to key vault for secrets,
Azure AD-based authentication and support for tags and resource groups for
easier security management","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.ClassicCompute/virtualMachines","Microsoft.Compute/virtualMachines"]},{"value":"[field(''type'')]","equals":"Microsoft.ClassicCompute/virtualMachines"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","type":"Microsoft.Authorization/policyDefinitions","name":"1d84d5fb-01f6-4d12-ba4f-4a26081d403d"},{"properties":{"displayName":"[Deprecated]:
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.ClassicCompute/virtualMachines","Microsoft.Compute/virtualMachines"]},{"value":"[field(''type'')]","equals":"Microsoft.ClassicCompute/virtualMachines"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","type":"Microsoft.Authorization/policyDefinitions","name":"1d84d5fb-01f6-4d12-ba4f-4a26081d403d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1298 - Identification And Authentication Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1298"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1dc784b5-4895-4d27-9d40-a06b032bd1ee","type":"Microsoft.Authorization/policyDefinitions","name":"1dc784b5-4895-4d27-9d40-a06b032bd1ee"},{"properties":{"displayName":"[Deprecated]:
Audit API Applications that are not using latest supported .NET Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported .NET Framework version for the latest security classes.
Using older classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestDotNet","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb","type":"Microsoft.Authorization/policyDefinitions","name":"1de7b11d-1870-41a5-8181-507e7c663cfb"},{"properties":{"displayName":"Require
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestDotNet","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb","type":"Microsoft.Authorization/policyDefinitions","name":"1de7b11d-1870-41a5-8181-507e7c663cfb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1595 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1595"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1e0414e7-6ef5-4182-8076-aa82fbb53341","type":"Microsoft.Authorization/policyDefinitions","name":"1e0414e7-6ef5-4182-8076-aa82fbb53341"},{"properties":{"displayName":"Require
tag and its value","policyType":"BuiltIn","mode":"Indexed","description":"Enforces
a required tag and its value. Does not apply to resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
@@ -4462,7 +5651,22 @@ interactions:
to enable Azure AD authentication. Azure AD authentication enables simplified
permission management and centralized identity management of database users
and other Microsoft services","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/administrators"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","type":"Microsoft.Authorization/policyDefinitions","name":"1f314764-cb73-4fc9-b863-8eca98ac36e9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/administrators"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","type":"Microsoft.Authorization/policyDefinitions","name":"1f314764-cb73-4fc9-b863-8eca98ac36e9"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Event Hub to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Event Hub to stream to a regional Log Analytics
+ workspace when any Event Hub which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.EventHub/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ArchiveLogs","enabled":true,"retentionPolicy":{"enabled":false,"days":0}},{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"AutoScaleLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"KafkaCoordinatorLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"EventHubVNetConnectionEvent","enabled":"[parameters(''logsEnabled'')]"},{"category":"CustomerManagedKeyUserLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579","type":"Microsoft.Authorization/policyDefinitions","name":"1f6e93e8-6b31-41b1-83f6-36e449a42579"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Shutdown''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4487,24 +5691,47 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Shutdown:
Allow system to be shut down without having to log on;ExpectedValue","value":"[parameters(''ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn'')]"},{"name":"Shutdown:
Clear virtual memory pagefile;ExpectedValue","value":"[parameters(''ShutdownClearVirtualMemoryPagefile'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f8c20ce-3414-4496-8b26-0e902a1541da","type":"Microsoft.Authorization/policyDefinitions","name":"1f8c20ce-3414-4496-8b26-0e902a1541da"},{"properties":{"displayName":"The
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f8c20ce-3414-4496-8b26-0e902a1541da","type":"Microsoft.Authorization/policyDefinitions","name":"1f8c20ce-3414-4496-8b26-0e902a1541da"},{"properties":{"displayName":"Microsoft
+ Managed Control 1616 - System And Communications Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1616"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2006457a-48b3-4f7b-8d2e-1532287f9929","type":"Microsoft.Authorization/policyDefinitions","name":"2006457a-48b3-4f7b-8d2e-1532287f9929"},{"properties":{"displayName":"Microsoft
+ Managed Control 1650 - Public Key Infrastructure Certificates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1650"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/201d3740-bd16-4baf-b4b8-7cda352228b7","type":"Microsoft.Authorization/policyDefinitions","name":"201d3740-bd16-4baf-b4b8-7cda352228b7"},{"properties":{"displayName":"The
NSGs rules for web applications on IaaS should be hardened","policyType":"BuiltIn","mode":"All","description":"Azure
security center has discovered that some of your virtual machines are running
web applications, and the NSGs associated to these virtual machines are overly
permissive with regards to the web application ports","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedWebApplication","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","type":"Microsoft.Authorization/policyDefinitions","name":"201ea587-7c90-41c3-910f-c280ae01cfd6"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedWebApplication","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","type":"Microsoft.Authorization/policyDefinitions","name":"201ea587-7c90-41c3-910f-c280ae01cfd6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1181 - Baseline Configuration | Retention Of Previous Configurations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1181"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21839937-d241-4fa5-95c6-b669253d9ab9","type":"Microsoft.Authorization/policyDefinitions","name":"21839937-d241-4fa5-95c6-b669253d9ab9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1111 - Response To Audit Processing Failures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1111"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21de687c-f15e-4e51-bf8d-f35c8619965b","type":"Microsoft.Authorization/policyDefinitions","name":"21de687c-f15e-4e51-bf8d-f35c8619965b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1596 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1596"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21e25e01-0ae0-41be-919e-04ce92b8e8b8","type":"Microsoft.Authorization/policyDefinitions","name":"21e25e01-0ae0-41be-919e-04ce92b8e8b8"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Audit''","policyType":"BuiltIn","mode":"All","description":"This policy should
only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Security
Options - Audit''. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAudit","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21e2995e-683e-497a-9e81-2f42ad07050a","type":"Microsoft.Authorization/policyDefinitions","name":"21e2995e-683e-497a-9e81-2f42ad07050a"},{"properties":{"displayName":"[Deprecated]:
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAudit","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21e2995e-683e-497a-9e81-2f42ad07050a","type":"Microsoft.Authorization/policyDefinitions","name":"21e2995e-683e-497a-9e81-2f42ad07050a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1426 - Media Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1426"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21f639bc-f42b-46b1-8f40-7a2a389c291a","type":"Microsoft.Authorization/policyDefinitions","name":"21f639bc-f42b-46b1-8f40-7a2a389c291a"},{"properties":{"displayName":"[Deprecated]:
Audit API Apps that are not using custom domains","policyType":"BuiltIn","mode":"All","description":"Use
of custom domains protects a API app from common attacks such as phishing
and other DNS-related attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac","type":"Microsoft.Authorization/policyDefinitions","name":"224da9fe-0d38-4e79-adb3-0a6e2af942ac"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac","type":"Microsoft.Authorization/policyDefinitions","name":"224da9fe-0d38-4e79-adb3-0a6e2af942ac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1399 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1399"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2256e638-eb23-480f-9e15-6cf1af0a76b3","type":"Microsoft.Authorization/policyDefinitions","name":"2256e638-eb23-480f-9e15-6cf1af0a76b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1221 - Least Functionality | Authorized Software / Whitelisting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1221"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22589a07-0007-486a-86ca-95355081ae2a","type":"Microsoft.Authorization/policyDefinitions","name":"22589a07-0007-486a-86ca-95355081ae2a"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Account Management''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -4517,7 +5744,9 @@ interactions:
remote management ports are exposing your VM to a high level of risk from
Internet-based attacks. These attacks attempt to brute force credentials to
gain admin access to the machine.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"restrictAccessToManagementPorts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","type":"Microsoft.Authorization/policyDefinitions","name":"22730e10-96f6-4aac-ad84-9383d35b5917"},{"properties":{"displayName":"Only
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"restrictAccessToManagementPorts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","type":"Microsoft.Authorization/policyDefinitions","name":"22730e10-96f6-4aac-ad84-9383d35b5917"},{"properties":{"displayName":"Microsoft
+ Managed Control 1493 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1493"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22b469b3-fccf-42da-aa3b-a28e6fb113ce","type":"Microsoft.Authorization/policyDefinitions","name":"22b469b3-fccf-42da-aa3b-a28e6fb113ce"},{"properties":{"displayName":"Only
secure connections to your Redis Cache should be enabled","policyType":"BuiltIn","mode":"All","description":"Audit
enabling of only connections via SSL to Redis Cache. Use of secure connections
ensures authentication between the server and the service and protects data
@@ -4532,37 +5761,99 @@ interactions:
Guest Configuration. This policy should only be used along with its corresponding
audit policy in an initiative. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordLength"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","type":"Microsoft.Authorization/policyDefinitions","name":"23020aa6-1135-4be2-bae2-149982b06eca"},{"properties":{"displayName":"Service
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordLength"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","type":"Microsoft.Authorization/policyDefinitions","name":"23020aa6-1135-4be2-bae2-149982b06eca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1256 - Contingency Plan | Identify Critical Assets","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1256"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/232ab24b-810b-4640-9019-74a7d0d6a980","type":"Microsoft.Authorization/policyDefinitions","name":"232ab24b-810b-4640-9019-74a7d0d6a980"},{"properties":{"displayName":"Service
Bus should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Service Bus not configured to use a virtual network service
endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.ServiceBus/namespaces/virtualNetworkRules","existenceCondition":{"field":"Microsoft.ServiceBus/namespaces/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/235359c5-7c52-4b82-9055-01c75cf9f60e","type":"Microsoft.Authorization/policyDefinitions","name":"235359c5-7c52-4b82-9055-01c75cf9f60e"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.ServiceBus/namespaces/virtualNetworkRules","existenceCondition":{"field":"Microsoft.ServiceBus/namespaces/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/235359c5-7c52-4b82-9055-01c75cf9f60e","type":"Microsoft.Authorization/policyDefinitions","name":"235359c5-7c52-4b82-9055-01c75cf9f60e"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Stream Analytics to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Stream Analytics to stream to a regional Log Analytics
+ workspace when any Stream Analytics which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingjobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.StreamAnalytics/streamingjobs/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Execution","enabled":"[parameters(''logsEnabled'')]"},{"category":"Authoring","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673","type":"Microsoft.Authorization/policyDefinitions","name":"237e0f7e-b0e8-4ec4-ad46-8c12cb66d673"},{"properties":{"displayName":"Microsoft
+ Managed Control 1268 - Alternate Storage Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1268"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/23f6e984-3053-4dfc-ab48-543b764781f5","type":"Microsoft.Authorization/policyDefinitions","name":"23f6e984-3053-4dfc-ab48-543b764781f5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1122 - Audit Review, Analysis, And Reporting | Permitted Actions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1122"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/243ec95e-800c-49d4-ba52-1fdd9f6b8b57","type":"Microsoft.Authorization/policyDefinitions","name":"243ec95e-800c-49d4-ba52-1fdd9f6b8b57"},{"properties":{"displayName":"Microsoft
+ Managed Control 1231 - Configuration Management Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1231"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/244e0c05-cc45-4fe7-bf36-42dcf01f457d","type":"Microsoft.Authorization/policyDefinitions","name":"244e0c05-cc45-4fe7-bf36-42dcf01f457d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1082 - Information Sharing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1082"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/24d480ef-11a0-4b1b-8e70-4e023bf2be23","type":"Microsoft.Authorization/policyDefinitions","name":"24d480ef-11a0-4b1b-8e70-4e023bf2be23"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that do not have a maximum password age
of 70 days","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that do not have a maximum password age of 70 days. For more
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","type":"Microsoft.Authorization/policyDefinitions","name":"24dde96d-f0b1-425e-884f-4a1421e2dcdc"},{"properties":{"displayName":"Endpoint
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","type":"Microsoft.Authorization/policyDefinitions","name":"24dde96d-f0b1-425e-884f-4a1421e2dcdc"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Data Lake Storage Gen1 to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Storage Gen1 to stream to a regional
+ Log Analytics workspace when any Data Lake Storage Gen1 which is missing this
+ diagnostic settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeStore/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/25763a0a-5783-4f14-969e-79d4933eb74b","type":"Microsoft.Authorization/policyDefinitions","name":"25763a0a-5783-4f14-969e-79d4933eb74b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1372 - Incident Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1372"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/25b96717-c912-4c00-9143-4e487f411726","type":"Microsoft.Authorization/policyDefinitions","name":"25b96717-c912-4c00-9143-4e487f411726"},{"properties":{"displayName":"Microsoft
+ Managed Control 1038 - Least Privilege | Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1038"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26692e88-71b7-4a5f-a8ac-9f31dd05bd8e","type":"Microsoft.Authorization/policyDefinitions","name":"26692e88-71b7-4a5f-a8ac-9f31dd05bd8e"},{"properties":{"displayName":"Endpoint
protection solution should be installed on virtual machine scale sets","policyType":"BuiltIn","mode":"Indexed","description":"Audit
the existence and health of an endpoint protection solution on your virtual
machines scale sets, to protect them from threats and vulnerabilities.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EndpointProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","type":"Microsoft.Authorization/policyDefinitions","name":"26a828e1-e88f-464e-bbb3-c134a282b9de"},{"properties":{"displayName":"Metric
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EndpointProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","type":"Microsoft.Authorization/policyDefinitions","name":"26a828e1-e88f-464e-bbb3-c134a282b9de"},{"properties":{"displayName":"Microsoft
+ Managed Control 1649 - Collaborative Computing Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1649"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26d292cc-b0b8-4c29-9337-68abc758bf7b","type":"Microsoft.Authorization/policyDefinitions","name":"26d292cc-b0b8-4c29-9337-68abc758bf7b"},{"properties":{"displayName":"Metric
alert rules should be configured on Batch accounts","policyType":"BuiltIn","mode":"Indexed","description":"Audit
configuration of metric alert rules on Batch account to enable the required
metric","metadata":{"category":"Batch"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"metricName":{"type":"String","metadata":{"displayName":"Metric
name","description":"The metric name that an alert rule must be enabled on"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Batch/batchAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/alertRules","existenceScope":"Subscription","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/alertRules/isEnabled","equals":"true"},{"field":"Microsoft.Insights/alertRules/condition.dataSource.metricName","equals":"[parameters(''metricName'')]"},{"field":"Microsoft.Insights/alertRules/condition.dataSource.resourceUri","equals":"[concat(''/subscriptions/'',
subscription().subscriptionId, ''/resourcegroups/'', resourceGroup().name,
- ''/providers/Microsoft.Batch/batchAccounts/'', field(''name''))]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","type":"Microsoft.Authorization/policyDefinitions","name":"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7"},{"properties":{"displayName":"Deploy
+ ''/providers/Microsoft.Batch/batchAccounts/'', field(''name''))]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","type":"Microsoft.Authorization/policyDefinitions","name":"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1396 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1396"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/276af98f-4ff9-4e69-99fb-c9b2452fb85f","type":"Microsoft.Authorization/policyDefinitions","name":"276af98f-4ff9-4e69-99fb-c9b2452fb85f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1074 - Access Control For Mobile Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1074"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/27a69937-af92-4198-9b86-08d355c7e59a","type":"Microsoft.Authorization/policyDefinitions","name":"27a69937-af92-4198-9b86-08d355c7e59a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1527 - Access Agreements","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1527"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2823de66-332f-4bfd-94a3-3eb036cd3b67","type":"Microsoft.Authorization/policyDefinitions","name":"2823de66-332f-4bfd-94a3-3eb036cd3b67"},{"properties":{"displayName":"Deploy
default Microsoft IaaSAntimalware extension for Windows Server","policyType":"BuiltIn","mode":"Indexed","description":"This
policy deploys a Microsoft IaaSAntimalware extension with a default configuration
when a VM is not configured with the antimalware extension.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk"]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"ExclusionsPaths":{"type":"string","defaultValue":"","metadata":{"description":"Semicolon
@@ -4574,7 +5865,25 @@ interactions:
whether scheduled scan setting type is set to Quick or Full (default is Quick)"}},"ScheduledScanSettingsDay":{"type":"string","defaultValue":"7","metadata":{"description":"Day
of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)"}},"ScheduledScanSettingsTime":{"type":"string","defaultValue":"120","metadata":{"description":"When
to perform the scheduled scan, measured in minutes from midnight (0-1440).
- For example: 0 = 12AM, 60 = 1AM, 120 = 2AM."}}},"resources":[{"name":"[concat(parameters(''vmName''),''/IaaSAntimalware'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2017-12-01","properties":{"publisher":"Microsoft.Azure.Security","type":"IaaSAntimalware","typeHandlerVersion":"1.3","autoUpgradeMinorVersion":true,"settings":{"AntimalwareEnabled":true,"RealtimeProtectionEnabled":"[parameters(''RealtimeProtectionEnabled'')]","ScheduledScanSettings":{"isEnabled":"[parameters(''ScheduledScanSettingsIsEnabled'')]","day":"[parameters(''ScheduledScanSettingsDay'')]","time":"[parameters(''ScheduledScanSettingsTime'')]","scanType":"[parameters(''ScheduledScanSettingsScanType'')]"},"Exclusions":{"Extensions":"[parameters(''ExclusionsExtensions'')]","Paths":"[parameters(''ExclusionsPaths'')]","Processes":"[parameters(''ExclusionsProcesses'')]"}}}}]},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"RealtimeProtectionEnabled":{"value":"true"},"ScheduledScanSettingsIsEnabled":{"value":"true"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc","type":"Microsoft.Authorization/policyDefinitions","name":"2835b622-407b-4114-9198-6f7064cbe0dc"},{"properties":{"displayName":"[Preview]:
+ For example: 0 = 12AM, 60 = 1AM, 120 = 2AM."}}},"resources":[{"name":"[concat(parameters(''vmName''),''/IaaSAntimalware'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2017-12-01","properties":{"publisher":"Microsoft.Azure.Security","type":"IaaSAntimalware","typeHandlerVersion":"1.3","autoUpgradeMinorVersion":true,"settings":{"AntimalwareEnabled":true,"RealtimeProtectionEnabled":"[parameters(''RealtimeProtectionEnabled'')]","ScheduledScanSettings":{"isEnabled":"[parameters(''ScheduledScanSettingsIsEnabled'')]","day":"[parameters(''ScheduledScanSettingsDay'')]","time":"[parameters(''ScheduledScanSettingsTime'')]","scanType":"[parameters(''ScheduledScanSettingsScanType'')]"},"Exclusions":{"Extensions":"[parameters(''ExclusionsExtensions'')]","Paths":"[parameters(''ExclusionsPaths'')]","Processes":"[parameters(''ExclusionsProcesses'')]"}}}}]},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"RealtimeProtectionEnabled":{"value":"true"},"ScheduledScanSettingsIsEnabled":{"value":"true"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc","type":"Microsoft.Authorization/policyDefinitions","name":"2835b622-407b-4114-9198-6f7064cbe0dc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1342 - Authenticator Management | Hardware Token-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1342"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/283a4e29-69d5-4c94-b99e-29acf003c899","type":"Microsoft.Authorization/policyDefinitions","name":"283a4e29-69d5-4c94-b99e-29acf003c899"},{"properties":{"displayName":"Microsoft
+ Managed Control 1436 - Media Transport","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1436"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/28aab8b4-74fd-4b7c-9080-5a7be525d574","type":"Microsoft.Authorization/policyDefinitions","name":"28aab8b4-74fd-4b7c-9080-5a7be525d574"},{"properties":{"displayName":"Microsoft
+ Managed Control 1224 - Information System Component Inventory | Updates During
+ Installations / Removals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1224"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/28cfa30b-7f72-47ce-ba3b-eed26c8d2c82","type":"Microsoft.Authorization/policyDefinitions","name":"28cfa30b-7f72-47ce-ba3b-eed26c8d2c82"},{"properties":{"displayName":"Microsoft
+ Managed Control 1148 - Security Assessments | Independent Assessors","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1148"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/28e62650-c7c2-4786-bdfa-17edc1673902","type":"Microsoft.Authorization/policyDefinitions","name":"28e62650-c7c2-4786-bdfa-17edc1673902"},{"properties":{"displayName":"Microsoft
+ Managed Control 1418 - Nonlocal Maintenance | Comparable Security / Sanitization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1418"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/28e633fd-284e-4ea7-88b4-02ca157ed713","type":"Microsoft.Authorization/policyDefinitions","name":"28e633fd-284e-4ea7-88b4-02ca157ed713"},{"properties":{"displayName":"Microsoft
+ Managed Control 1634 - Boundary Protection | Prevent Unauthorized Exfiltration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1634"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/292a7c44-37fa-4c68-af7c-9d836955ded2","type":"Microsoft.Authorization/policyDefinitions","name":"292a7c44-37fa-4c68-af7c-9d836955ded2"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
User Account Control''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -4592,14 +5901,57 @@ interactions:
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"field":"[concat(''tags['',
parameters(''tagName''), '']'')]","exists":"false"},"then":{"effect":"append","details":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498","type":"Microsoft.Authorization/policyDefinitions","name":"2a0e14a6-b0a6-4fab-991a-187a4f81c498"},{"properties":{"displayName":"Unattached
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498","type":"Microsoft.Authorization/policyDefinitions","name":"2a0e14a6-b0a6-4fab-991a-187a4f81c498"},{"properties":{"displayName":"Microsoft
+ Managed Control 1219 - Least Functionality | Authorized Software / Whitelisting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1219"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2a39ac75-622b-4c88-9a3f-45b7373f7ef7","type":"Microsoft.Authorization/policyDefinitions","name":"2a39ac75-622b-4c88-9a3f-45b7373f7ef7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1274 - Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1274"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2aee175f-cd16-4825-939a-a85349d96210","type":"Microsoft.Authorization/policyDefinitions","name":"2aee175f-cd16-4825-939a-a85349d96210"},{"properties":{"displayName":"Microsoft
+ Managed Control 1603 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1603"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2b909c26-162f-47ce-8e15-0c1f55632eac","type":"Microsoft.Authorization/policyDefinitions","name":"2b909c26-162f-47ce-8e15-0c1f55632eac"},{"properties":{"displayName":"Managed
+ identity should be used in your Web App","policyType":"BuiltIn","mode":"Indexed","description":"Use
+ a managed identity for enhanced authentication security","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332","type":"Microsoft.Authorization/policyDefinitions","name":"2b9ad585-36bc-4615-b300-fd4435808332"},{"properties":{"displayName":"Microsoft
+ Managed Control 1434 - Media Transport","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1434"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c18f06b-a68d-41c3-8863-b8cd3acb5f8f","type":"Microsoft.Authorization/policyDefinitions","name":"2c18f06b-a68d-41c3-8863-b8cd3acb5f8f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1343 - Authenticator Management | Expiration Of Cached Authenticators","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1343"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c251a55-31eb-4e53-99c6-e9c43c393ac2","type":"Microsoft.Authorization/policyDefinitions","name":"2c251a55-31eb-4e53-99c6-e9c43c393ac2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1388 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1388"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c7c575a-d4c5-4f6f-bd49-dee97a8cba55","type":"Microsoft.Authorization/policyDefinitions","name":"2c7c575a-d4c5-4f6f-bd49-dee97a8cba55"},{"properties":{"displayName":"Microsoft
+ Managed Control 1344 - Authenticator Feedback","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1344"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c895fe7-2d8e-43a2-838c-3a533a5b355e","type":"Microsoft.Authorization/policyDefinitions","name":"2c895fe7-2d8e-43a2-838c-3a533a5b355e"},{"properties":{"displayName":"Unattached
disks should be encrypted","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any unattached disk without encryption enabled.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/disks"},{"field":"Microsoft.Compute/disks/diskState","equals":"Unattached"},{"anyOf":[{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","exists":"false"},{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","type":"Microsoft.Authorization/policyDefinitions","name":"2c89a2e5-7285-40fe-afe0-ae8654b92fb2"},{"properties":{"displayName":"App
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/disks"},{"field":"Microsoft.Compute/disks/diskState","equals":"Unattached"},{"anyOf":[{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","exists":"false"},{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","type":"Microsoft.Authorization/policyDefinitions","name":"2c89a2e5-7285-40fe-afe0-ae8654b92fb2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1593 - External Information System Services | Processing,
+ Storage, And Service Location","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1593"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2cd0a426-b5f5-4fe0-9539-a6043cdbc6fa","type":"Microsoft.Authorization/policyDefinitions","name":"2cd0a426-b5f5-4fe0-9539-a6043cdbc6fa"},{"properties":{"displayName":"Microsoft
+ Managed Control 1546 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1546"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2ce1ea7e-4038-4e53-82f4-63e8859333c1","type":"Microsoft.Authorization/policyDefinitions","name":"2ce1ea7e-4038-4e53-82f4-63e8859333c1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1414 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1414"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2ce63a52-e47b-4ae2-adbb-6e40d967f9e6","type":"Microsoft.Authorization/policyDefinitions","name":"2ce63a52-e47b-4ae2-adbb-6e40d967f9e6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1679 - Malicious Code Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1679"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2cf42a28-193e-41c5-98df-7688e7ef0a88","type":"Microsoft.Authorization/policyDefinitions","name":"2cf42a28-193e-41c5-98df-7688e7ef0a88"},{"properties":{"displayName":"Microsoft
+ Managed Control 1068 - Wireless Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1068"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d045bca-a0fd-452e-9f41-4ec33769717c","type":"Microsoft.Authorization/policyDefinitions","name":"2d045bca-a0fd-452e-9f41-4ec33769717c"},{"properties":{"displayName":"App
Service should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any App Service not configured to use a virtual network service
endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/virtualNetworkConnections","existenceCondition":{"field":"Microsoft.Web/sites/virtualnetworkconnections/vnetResourceId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d21331d-a4c2-4def-a9ad-ee4e1e023beb","type":"Microsoft.Authorization/policyDefinitions","name":"2d21331d-a4c2-4def-a9ad-ee4e1e023beb"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/virtualNetworkConnections","existenceCondition":{"field":"Microsoft.Web/sites/virtualnetworkconnections/vnetResourceId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d21331d-a4c2-4def-a9ad-ee4e1e023beb","type":"Microsoft.Authorization/policyDefinitions","name":"2d21331d-a4c2-4def-a9ad-ee4e1e023beb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1704 - Security Alerts, Advisories, And Directives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1704"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d44b6fa-1134-4ea6-ad4e-9edb68f65429","type":"Microsoft.Authorization/policyDefinitions","name":"2d44b6fa-1134-4ea6-ad4e-9edb68f65429"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that do not store passwords using reversible
encryption","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
@@ -4613,7 +5965,35 @@ interactions:
initiative. This definition allows Azure Policy to process the results of
auditing Linux virtual machines that allow remote connections from accounts
without passwords. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","type":"Microsoft.Authorization/policyDefinitions","name":"2d67222d-05fd-4526-a171-2ee132ad9e83"},{"properties":{"displayName":"[Deprecated]:
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","type":"Microsoft.Authorization/policyDefinitions","name":"2d67222d-05fd-4526-a171-2ee132ad9e83"},{"properties":{"displayName":"Microsoft
+ Managed Control 1077 - Use Of External Information Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1077"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2dad3668-797a-412e-a798-07d3849a7a79","type":"Microsoft.Authorization/policyDefinitions","name":"2dad3668-797a-412e-a798-07d3849a7a79"},{"properties":{"displayName":"Microsoft
+ Managed Control 1149 - Security Assessments | Specialized Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1149"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2e1b855b-a013-481a-aeeb-2bcb129fd35d","type":"Microsoft.Authorization/policyDefinitions","name":"2e1b855b-a013-481a-aeeb-2bcb129fd35d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1497 - System Security Plan | Plan / Coordinate With Other
+ Organizational Entities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1497"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2e3c5583-1729-4d36-8771-59c32f090a22","type":"Microsoft.Authorization/policyDefinitions","name":"2e3c5583-1729-4d36-8771-59c32f090a22"},{"properties":{"displayName":"Microsoft
+ Managed Control 1000 - Access Control Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1000"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2ef3cc79-733e-48ed-ab6f-7bf439e9b406","type":"Microsoft.Authorization/policyDefinitions","name":"2ef3cc79-733e-48ed-ab6f-7bf439e9b406"},{"properties":{"displayName":"Microsoft
+ Managed Control 1519 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1519"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2f13915a-324c-4ab8-b45c-2eefeeefb098","type":"Microsoft.Authorization/policyDefinitions","name":"2f13915a-324c-4ab8-b45c-2eefeeefb098"},{"properties":{"displayName":"[Preview]:
+ Network traffic data collection agent should be installed on Windows virtual
+ machines","policyType":"BuiltIn","mode":"Indexed","description":"Security
+ Center uses the Microsoft Monitoring Dependency Agent to collect network traffic
+ data from your Azure virtual machines to enable advanced network protection
+ features such as traffic visualization on the network map, network hardening
+ recommendations and specific network threats.","metadata":{"category":"Monitoring","preview":"true"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable Dependency Agent for Windows VMs monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2f2ee1de-44aa-4762-b6bd-0893fc3f306d","type":"Microsoft.Authorization/policyDefinitions","name":"2f2ee1de-44aa-4762-b6bd-0893fc3f306d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1144 - Security Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1144"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fa15ff1-a693-4ee4-b094-324818dc9a51","type":"Microsoft.Authorization/policyDefinitions","name":"2fa15ff1-a693-4ee4-b094-324818dc9a51"},{"properties":{"displayName":"Microsoft
+ Managed Control 1090 - Security Awareness Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1090"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fb740e5-cbc7-4d10-8686-d1bf826652b1","type":"Microsoft.Authorization/policyDefinitions","name":"2fb740e5-cbc7-4d10-8686-d1bf826652b1"},{"properties":{"displayName":"[Deprecated]:
Web Application should only be accessible over HTTPS","policyType":"BuiltIn","mode":"All","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"Security
@@ -4643,7 +6023,14 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[DomainMembership]WindowsDomainMembership;DomainName","value":"[parameters(''DomainName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/315c850a-272d-4502-8935-b79010405970","type":"Microsoft.Authorization/policyDefinitions","name":"315c850a-272d-4502-8935-b79010405970"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/315c850a-272d-4502-8935-b79010405970","type":"Microsoft.Authorization/policyDefinitions","name":"315c850a-272d-4502-8935-b79010405970"},{"properties":{"displayName":"Microsoft
+ Managed Control 1042 - Least Privilege | Auditing Use Of Privileged Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1042"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/319dc4f0-0fed-4ac9-8fc3-7aeddee82c07","type":"Microsoft.Authorization/policyDefinitions","name":"319dc4f0-0fed-4ac9-8fc3-7aeddee82c07"},{"properties":{"displayName":"Microsoft
+ Managed Control 1698 - Information System Monitoring | Individuals Posing
+ Greater Risk","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1698"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/31b752c1-05a9-432a-8fce-c39b56550119","type":"Microsoft.Authorization/policyDefinitions","name":"31b752c1-05a9-432a-8fce-c39b56550119"},{"properties":{"displayName":"[Preview]:
Audit Log Analytics Agent Deployment - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports
VMs as non-compliant if the VM Image (OS) is not in the list defined and the
agent is not installed. The list of OS images will be updated over time as
@@ -4651,7 +6038,13 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","type":"Microsoft.Authorization/policyDefinitions","name":"32133ab0-ee4b-4b44-98d6-042180979d50"},{"properties":{"displayName":"Deploy
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","type":"Microsoft.Authorization/policyDefinitions","name":"32133ab0-ee4b-4b44-98d6-042180979d50"},{"properties":{"displayName":"Microsoft
+ Managed Control 1587 - External Information System Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1587"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32820956-9c6d-4376-934c-05cd8525be7c","type":"Microsoft.Authorization/policyDefinitions","name":"32820956-9c6d-4376-934c-05cd8525be7c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1333 - Authenticator Management | Pki-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1333"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3298d6bf-4bc6-4278-a95d-f7ef3ac6e594","type":"Microsoft.Authorization/policyDefinitions","name":"3298d6bf-4bc6-4278-a95d-f7ef3ac6e594"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs on which the specified services are not
installed and ''Running''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4670,35 +6063,59 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsServiceStatus]WindowsServiceStatus1;ServiceName","value":"[parameters(''ServiceName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32b1e4d4-6cd5-47b4-a935-169da8a5c262","type":"Microsoft.Authorization/policyDefinitions","name":"32b1e4d4-6cd5-47b4-a935-169da8a5c262"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32b1e4d4-6cd5-47b4-a935-169da8a5c262","type":"Microsoft.Authorization/policyDefinitions","name":"32b1e4d4-6cd5-47b4-a935-169da8a5c262"},{"properties":{"displayName":"Microsoft
+ Managed Control 1445 - Physical And Environmental Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1445"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32d07d59-2716-4972-b37b-214a67ac4a37","type":"Microsoft.Authorization/policyDefinitions","name":"32d07d59-2716-4972-b37b-214a67ac4a37"},{"properties":{"displayName":"Microsoft
+ Managed Control 1282 - Telecommunications Services | Single Points Of Failure","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1282"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34042a97-ec6d-4263-93d2-8c1c46823b2a","type":"Microsoft.Authorization/policyDefinitions","name":"34042a97-ec6d-4263-93d2-8c1c46823b2a"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Linux VMs that have accounts without passwords","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Linux virtual machines
that have accounts without passwords. It also creates a system-assigned managed
identity and deploys the VM extension for Guest Configuration. This policy
should only be used along with its corresponding audit policy in an initiative.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid232","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid232"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","type":"Microsoft.Authorization/policyDefinitions","name":"3470477a-b35a-49db-aca5-1073d04524fe"},{"properties":{"displayName":"Audit
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid232","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid232"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","type":"Microsoft.Authorization/policyDefinitions","name":"3470477a-b35a-49db-aca5-1073d04524fe"},{"properties":{"displayName":"Microsoft
+ Managed Control 1151 - System Interconnections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1151"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/347e3b69-7fb7-47df-a8ef-71a1a7b44bca","type":"Microsoft.Authorization/policyDefinitions","name":"347e3b69-7fb7-47df-a8ef-71a1a7b44bca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1412 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1412"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3492d949-0dbb-4589-88b3-7b59601cc764","type":"Microsoft.Authorization/policyDefinitions","name":"3492d949-0dbb-4589-88b3-7b59601cc764"},{"properties":{"displayName":"Microsoft
+ Managed Control 1475 - Emergency Lighting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1475"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34a63848-30cf-4081-937e-ce1a1c885501","type":"Microsoft.Authorization/policyDefinitions","name":"34a63848-30cf-4081-937e-ce1a1c885501"},{"properties":{"displayName":"Microsoft
+ Managed Control 1060 - Remote Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1060"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34a987fd-2003-45de-a120-014956581f2b","type":"Microsoft.Authorization/policyDefinitions","name":"34a987fd-2003-45de-a120-014956581f2b"},{"properties":{"displayName":"Audit
unrestricted network access to storage accounts","policyType":"BuiltIn","mode":"Indexed","description":"Audit
unrestricted network access in your storage account firewall settings. Instead,
configure network rules so only applications from allowed networks can access
the storage account. To allow connections from specific internet or on-premise
clients, access can be granted to traffic from specific Azure virtual networks
or to public internet IP address ranges","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.defaultAction","equals":"Allow"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","type":"Microsoft.Authorization/policyDefinitions","name":"34c877ad-507e-4c82-993e-3452a6e0ad3c"},{"properties":{"displayName":"Diagnostic
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.defaultAction","equals":"Allow"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","type":"Microsoft.Authorization/policyDefinitions","name":"34c877ad-507e-4c82-993e-3452a6e0ad3c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1341 - Authenticator Management | Multiple Information System
+ Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1341"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34cb7e92-fe4c-4826-b51e-8cd203fa5d35","type":"Microsoft.Authorization/policyDefinitions","name":"34cb7e92-fe4c-4826-b51e-8cd203fa5d35"},{"properties":{"displayName":"Diagnostic
logs in Logic Apps should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Logic Apps"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","type":"Microsoft.Authorization/policyDefinitions","name":"34f95f76-5386-4de7-b824-0d8478470c9d"},{"properties":{"displayName":"[Preview]:
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","type":"Microsoft.Authorization/policyDefinitions","name":"34f95f76-5386-4de7-b824-0d8478470c9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1210 - Configuration Settings","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1210"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3502c968-c490-4570-8167-1476f955e9b8","type":"Microsoft.Authorization/policyDefinitions","name":"3502c968-c490-4570-8167-1476f955e9b8"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not have a maximum password
age of 70 days","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4706,31 +6123,51 @@ interactions:
managed identity and deploys the VM extension for Guest Configuration. This
policy should only be used along with its corresponding audit policy in an
initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MaximumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MaximumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","type":"Microsoft.Authorization/policyDefinitions","name":"356a906e-05e5-4625-8729-90771e0ee934"},{"properties":{"displayName":"CORS
should not allow every resource to access your API App","policyType":"BuiltIn","mode":"Indexed","description":"Cross-Origin
Resource Sharing (CORS) should not allow all domains to access your API app.
Allow only required domains to interact with your API app.","metadata":{"category":"App
Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","type":"Microsoft.Authorization/policyDefinitions","name":"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac"},{"properties":{"displayName":"Gateway
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","type":"Microsoft.Authorization/policyDefinitions","name":"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1659 - Architecture And Provisioning For Name / Address Resolution
+ Service","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1659"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/35a4102f-a778-4a2e-98c2-971056288df8","type":"Microsoft.Authorization/policyDefinitions","name":"35a4102f-a778-4a2e-98c2-971056288df8"},{"properties":{"displayName":"Gateway
subnets should not be configured with a network security group","policyType":"BuiltIn","mode":"All","description":"This
policy denies if a gateway subnet is configured with a network security group.
Assigning a network security group to a gateway subnet will cause the gateway
- to stop functioning.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},{"field":"name","equals":"GatewaySubnet"},{"field":"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id","exists":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010","type":"Microsoft.Authorization/policyDefinitions","name":"35f9c03a-cc27-418e-9c0c-539ff999d010"},{"properties":{"displayName":"Deploy
+ to stop functioning.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},{"field":"name","equals":"GatewaySubnet"},{"field":"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id","exists":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010","type":"Microsoft.Authorization/policyDefinitions","name":"35f9c03a-cc27-418e-9c0c-539ff999d010"},{"properties":{"displayName":"Microsoft
+ Managed Control 1043 - Least Privilege | Prohibit Non-Privileged Users From
+ Executing Privileged Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1043"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/361a77f6-0f9c-4748-8eec-bc13aaaa2455","type":"Microsoft.Authorization/policyDefinitions","name":"361a77f6-0f9c-4748-8eec-bc13aaaa2455"},{"properties":{"displayName":"Deploy
Advanced Threat Protection on Storage Accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
policy enables Advanced Threat Protection on Storage Accounts.","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Storage/storageAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"storageAccountName":{"type":"string"}},"resources":[{"apiVersion":"2017-08-01-preview","type":"Microsoft.Storage/storageAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''storageAccountName''),
- ''/Microsoft.Security/current'')]","properties":{"isEnabled":true}}]},"parameters":{"storageAccountName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c","type":"Microsoft.Authorization/policyDefinitions","name":"361c2074-3595-4e5d-8cab-4f21dffc835c"},{"properties":{"displayName":"Automation
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Storage/storageAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"storageAccountName":{"type":"string"}},"resources":[{"apiVersion":"2019-01-01","type":"Microsoft.Storage/storageAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''storageAccountName''),
+ ''/Microsoft.Security/current'')]","properties":{"isEnabled":true}}]},"parameters":{"storageAccountName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c","type":"Microsoft.Authorization/policyDefinitions","name":"361c2074-3595-4e5d-8cab-4f21dffc835c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1313 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1313"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36220f5b-79a1-4cdb-8c74-2d2449f9a510","type":"Microsoft.Authorization/policyDefinitions","name":"36220f5b-79a1-4cdb-8c74-2d2449f9a510"},{"properties":{"displayName":"Microsoft
+ Managed Control 1630 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1630"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3643717a-3897-4bfd-8530-c7c96b26b2a0","type":"Microsoft.Authorization/policyDefinitions","name":"3643717a-3897-4bfd-8530-c7c96b26b2a0"},{"properties":{"displayName":"Automation
account variables should be encrypted","policyType":"BuiltIn","mode":"All","description":"It
is important to enable encryption of Automation account variable assets when
storing sensitive data","metadata":{"category":"Automation"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Automation/automationAccounts/variables"},{"field":"Microsoft.Automation/automationAccounts/variables/isEncrypted","notEquals":"true"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","type":"Microsoft.Authorization/policyDefinitions","name":"3657f5a0-770e-44a3-b44e-9431ba1e9735"},{"properties":{"displayName":"Deploy
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Automation/automationAccounts/variables"},{"field":"Microsoft.Automation/automationAccounts/variables/isEncrypted","notEquals":"true"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","type":"Microsoft.Authorization/policyDefinitions","name":"3657f5a0-770e-44a3-b44e-9431ba1e9735"},{"properties":{"displayName":"Microsoft
+ Managed Control 1339 - Authenticator Management | Protection Of Authenticators","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1339"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/367ae386-db7f-4167-b672-984ff86277c0","type":"Microsoft.Authorization/policyDefinitions","name":"367ae386-db7f-4167-b672-984ff86277c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1685 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1685"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36b0ef30-366f-4b1b-8652-a3511df11f53","type":"Microsoft.Authorization/policyDefinitions","name":"36b0ef30-366f-4b1b-8652-a3511df11f53"},{"properties":{"displayName":"Deploy
Threat Detection on SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy ensures that Threat Detection is enabled on SQL Servers.","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/securityAlertPolicies.state","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"serverName":{"type":"string"}},"variables":{},"resources":[{"name":"[concat(parameters(''serverName''),
''/Default'')]","type":"Microsoft.Sql/servers/securityAlertPolicies","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","emailAccountAdmins":true}}]},"parameters":{"serverName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5","type":"Microsoft.Authorization/policyDefinitions","name":"36d49e87-48c4-4f2e-beed-ba4ed02b71f5"},{"properties":{"displayName":"[Preview]:
@@ -4779,7 +6216,10 @@ interactions:
clients;ExpectedValue","value":"[parameters(''NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients'')]"},{"name":"Network
security: Minimum session security for NTLM SSP based (including secure RPC)
servers;ExpectedValue","value":"[parameters(''NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36e17963-7202-494a-80c3-f508211c826b","type":"Microsoft.Authorization/policyDefinitions","name":"36e17963-7202-494a-80c3-f508211c826b"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36e17963-7202-494a-80c3-f508211c826b","type":"Microsoft.Authorization/policyDefinitions","name":"36e17963-7202-494a-80c3-f508211c826b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1557 - Vulnerability Scanning | Review Historic Audit Logs","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1557"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36fbe499-f2f2-41b6-880e-52d7ea1d94a5","type":"Microsoft.Authorization/policyDefinitions","name":"36fbe499-f2f2-41b6-880e-52d7ea1d94a5"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Interactive Logon''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4790,33 +6230,86 @@ interactions:
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsInteractiveLogon","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsInteractiveLogon"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3750712b-43d0-478e-9966-d2c26f6141b9","type":"Microsoft.Authorization/policyDefinitions","name":"3750712b-43d0-478e-9966-d2c26f6141b9"},{"properties":{"displayName":"Storage
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3750712b-43d0-478e-9966-d2c26f6141b9","type":"Microsoft.Authorization/policyDefinitions","name":"3750712b-43d0-478e-9966-d2c26f6141b9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1624 - Boundary Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1624"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37d079e3-d6aa-4263-a069-dd7ac6dd9684","type":"Microsoft.Authorization/policyDefinitions","name":"37d079e3-d6aa-4263-a069-dd7ac6dd9684"},{"properties":{"displayName":"Storage
accounts should be migrated to new Azure Resource Manager resources","policyType":"BuiltIn","mode":"All","description":"Use
new Azure Resource Manager for your storage accounts to provide security enhancements
such as: stronger access control (RBAC), better auditing, Azure Resource Manager
based deployment and governance, access to managed identities, access to key
vault for secrets, Azure AD-based authentication and support for tags and
resource groups for easier security management","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.ClassicStorage/storageAccounts","Microsoft.Storage/StorageAccounts"]},{"value":"[field(''type'')]","equals":"Microsoft.ClassicStorage/storageAccounts"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","type":"Microsoft.Authorization/policyDefinitions","name":"37e0d2fe-28a5-43d6-a273-67d37d1f5606"},{"properties":{"displayName":"Diagnostic
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.ClassicStorage/storageAccounts","Microsoft.Storage/StorageAccounts"]},{"value":"[field(''type'')]","equals":"Microsoft.ClassicStorage/storageAccounts"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","type":"Microsoft.Authorization/policyDefinitions","name":"37e0d2fe-28a5-43d6-a273-67d37d1f5606"},{"properties":{"displayName":"Microsoft
+ Managed Control 1335 - Authenticator Management | Pki-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1335"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/382016f3-d4ba-4e15-9716-55077ec4dc2a","type":"Microsoft.Authorization/policyDefinitions","name":"382016f3-d4ba-4e15-9716-55077ec4dc2a"},{"properties":{"displayName":"Diagnostic
logs in IoT Hub should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Internet of Things"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Devices/IotHubs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","type":"Microsoft.Authorization/policyDefinitions","name":"383856f8-de7f-44a2-81fc-e5135b5c2aa4"},{"properties":{"displayName":"Advanced
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Devices/IotHubs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","type":"Microsoft.Authorization/policyDefinitions","name":"383856f8-de7f-44a2-81fc-e5135b5c2aa4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1081 - Information Sharing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1081"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3867f2a9-23bb-4729-851f-c3ad98580caf","type":"Microsoft.Authorization/policyDefinitions","name":"3867f2a9-23bb-4729-851f-c3ad98580caf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1522 - Personnel Transfer","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1522"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/38b470cc-f939-4a15-80e0-9f0c74f2e2c9","type":"Microsoft.Authorization/policyDefinitions","name":"38b470cc-f939-4a15-80e0-9f0c74f2e2c9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1416 - Nonlocal Maintenance | Document Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1416"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/38dfd8a3-5290-4099-88b7-4081f4c4d8ae","type":"Microsoft.Authorization/policyDefinitions","name":"38dfd8a3-5290-4099-88b7-4081f4c4d8ae"},{"properties":{"displayName":"Microsoft
+ Managed Control 1397 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1397"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/391af4ab-1117-46b9-b2c7-78bbd5cd995b","type":"Microsoft.Authorization/policyDefinitions","name":"391af4ab-1117-46b9-b2c7-78bbd5cd995b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1556 - Vulnerability Scanning | Automated Trend Analyses","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1556"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/391ff8b3-afed-405e-9f7d-ef2f8168d5da","type":"Microsoft.Authorization/policyDefinitions","name":"391ff8b3-afed-405e-9f7d-ef2f8168d5da"},{"properties":{"displayName":"Advanced
data security settings for SQL managed instance should contain an email address
to receive security alerts","policyType":"BuiltIn","mode":"Indexed","description":"Ensure
that an email address is provided for the ''Send alerts to'' field in the
Advanced Data Security server settings. This email address receives alert
notifications when anomalous activities are detected on SQL managed instances.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","notEquals":""},{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","type":"Microsoft.Authorization/policyDefinitions","name":"3965c43d-b5f4-482e-b74a-d89ee0e0b3a8"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","notEquals":""},{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","type":"Microsoft.Authorization/policyDefinitions","name":"3965c43d-b5f4-482e-b74a-d89ee0e0b3a8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1232 - Configuration Management Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1232"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/396ba986-eac1-4d6d-85c4-d3fda6b78272","type":"Microsoft.Authorization/policyDefinitions","name":"396ba986-eac1-4d6d-85c4-d3fda6b78272"},{"properties":{"displayName":"Microsoft
+ Managed Control 1246 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1246"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/398eb61e-8111-40d5-a0c9-003df28f1753","type":"Microsoft.Authorization/policyDefinitions","name":"398eb61e-8111-40d5-a0c9-003df28f1753"},{"properties":{"displayName":"FTPS
+ only should be required in your Function App","policyType":"BuiltIn","mode":"Indexed","description":"Enable
+ FTPS enforcement for enhanced security","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/ftpsState","equals":"FtpsOnly"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15","type":"Microsoft.Authorization/policyDefinitions","name":"399b2637-a50f-4f95-96f8-3a145476eb15"},{"properties":{"displayName":"Microsoft
+ Managed Control 1680 - Malicious Code Protection | Central Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1680"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/399cd6ee-0e18-41db-9dea-cde3bd712f38","type":"Microsoft.Authorization/policyDefinitions","name":"399cd6ee-0e18-41db-9dea-cde3bd712f38"},{"properties":{"displayName":"Microsoft
+ Managed Control 1228 - Information System Component Inventory | Accountability
+ Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1228"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/39c54140-5902-4079-8bb5-ad31936fe764","type":"Microsoft.Authorization/policyDefinitions","name":"39c54140-5902-4079-8bb5-ad31936fe764"},{"properties":{"displayName":"Microsoft
+ Managed Control 1039 - Least Privilege | Review Of User Privileges","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1039"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3a7b9de4-a8a2-4672-914d-c5f6752aa7f9","type":"Microsoft.Authorization/policyDefinitions","name":"3a7b9de4-a8a2-4672-914d-c5f6752aa7f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1648 - Collaborative Computing Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1648"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3a9eb14b-495a-4ebb-933c-ce4ef5264e32","type":"Microsoft.Authorization/policyDefinitions","name":"3a9eb14b-495a-4ebb-933c-ce4ef5264e32"},{"properties":{"displayName":"Microsoft
+ Managed Control 1315 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1315"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3aa87116-f1a1-4edb-bfbf-14e036f8d454","type":"Microsoft.Authorization/policyDefinitions","name":"3aa87116-f1a1-4edb-bfbf-14e036f8d454"},{"properties":{"displayName":"[Preview]:
Pod Security Policies should be defined on Kubernetes Services","policyType":"BuiltIn","mode":"All","description":"Define
Pod Security Policies to reduce the attack vector by removing unnecessary
application privileges. It is recommended to configure Pod Security Policies
to only allow pods to access the resources which they have permissions to
access.","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","exists":"false"},{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94","type":"Microsoft.Authorization/policyDefinitions","name":"3abeb944-26af-43ee-b83d-32aaf060fb94"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","exists":"false"},{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94","type":"Microsoft.Authorization/policyDefinitions","name":"3abeb944-26af-43ee-b83d-32aaf060fb94"},{"properties":{"displayName":"Microsoft
+ Managed Control 1548 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1548"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3afe6c78-6124-4d95-b85c-eb8c0c9539cb","type":"Microsoft.Authorization/policyDefinitions","name":"3afe6c78-6124-4d95-b85c-eb8c0c9539cb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1266 - Contingency Plan Testing | Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1266"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3b4a3eb2-c25d-40bf-ad41-5094b6f59cee","type":"Microsoft.Authorization/policyDefinitions","name":"3b4a3eb2-c25d-40bf-ad41-5094b6f59cee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1003 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1003"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3b68b179-3704-4ff7-b51d-7d65374d165d","type":"Microsoft.Authorization/policyDefinitions","name":"3b68b179-3704-4ff7-b51d-7d65374d165d"},{"properties":{"displayName":"[Preview]:
Deploy Dependency Agent for Windows VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the
list defined and the agent is not installed. The list of OS images will be
@@ -4846,7 +6339,32 @@ interactions:
in security configuration on your virtual machine scale sets should be remediated","policyType":"BuiltIn","mode":"Indexed","description":"Audit
the OS vulnerabilities on your virtual machine scale sets to protect them
from attacks.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OsVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","type":"Microsoft.Authorization/policyDefinitions","name":"3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OsVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","type":"Microsoft.Authorization/policyDefinitions","name":"3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1621 - Resource Availability","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1621"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3cb9f731-744a-4691-a481-ca77b0411538","type":"Microsoft.Authorization/policyDefinitions","name":"3cb9f731-744a-4691-a481-ca77b0411538"},{"properties":{"displayName":"Microsoft
+ Managed Control 1521 - Personnel Termination | Automated Notification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1521"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3cbddf9c-a3aa-4330-a0f5-4c0c1f1862e5","type":"Microsoft.Authorization/policyDefinitions","name":"3cbddf9c-a3aa-4330-a0f5-4c0c1f1862e5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1127 - Time Stamps","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1127"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3ce328db-aef3-48ed-9f81-2ab7cf839c66","type":"Microsoft.Authorization/policyDefinitions","name":"3ce328db-aef3-48ed-9f81-2ab7cf839c66"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Search Services to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Search Services to stream to a regional Event
+ Hub when any Search Services which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Search/searchServices/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d5da587-71bd-41f5-ac95-dd3330c2d58d","type":"Microsoft.Authorization/policyDefinitions","name":"3d5da587-71bd-41f5-ac95-dd3330c2d58d"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Devices''","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
@@ -4863,22 +6381,43 @@ interactions:
policy assignment''s principal ID.","strongType":"omsWorkspace"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS","16.04-LTS","16.04.0-LTS","14.04.2-LTS","12.04.5-LTS"]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"OmsAgentForLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"resources":[{"name":"[concat(parameters(''vmName''),''/omsPolicy'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2017-12-01","properties":{"publisher":"Microsoft.EnterpriseCloud.Monitoring","type":"OmsAgentForLinux","typeHandlerVersion":"1.4","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
''2015-03-20'').customerId]"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- monitoring for Linux VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38","type":"Microsoft.Authorization/policyDefinitions","name":"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38"},{"properties":{"displayName":"Azure
+ monitoring for Linux VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38","type":"Microsoft.Authorization/policyDefinitions","name":"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38"},{"properties":{"displayName":"Microsoft
+ Managed Control 1385 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1385"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3e495e65-8663-49ca-9b38-9f45e800bc58","type":"Microsoft.Authorization/policyDefinitions","name":"3e495e65-8663-49ca-9b38-9f45e800bc58"},{"properties":{"displayName":"Azure
Monitor solution ''Security and Audit'' must be deployed","policyType":"BuiltIn","mode":"All","description":"This
policy ensures that Security and Audit is deployed.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.OperationsManagement/solutions","existenceCondition":{"allOf":[{"field":"Microsoft.OperationsManagement/solutions/provisioningState","equals":"Succeeded"},{"field":"name","like":"Security(*)"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3e596b57-105f-48a6-be97-03e9243bad6e","type":"Microsoft.Authorization/policyDefinitions","name":"3e596b57-105f-48a6-be97-03e9243bad6e"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.OperationsManagement/solutions","existenceCondition":{"allOf":[{"field":"Microsoft.OperationsManagement/solutions/provisioningState","equals":"Succeeded"},{"field":"name","like":"Security(*)"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3e596b57-105f-48a6-be97-03e9243bad6e","type":"Microsoft.Authorization/policyDefinitions","name":"3e596b57-105f-48a6-be97-03e9243bad6e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1160 - Security Authorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1160"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3e797ca6-2aa8-4333-b335-7036f1110c05","type":"Microsoft.Authorization/policyDefinitions","name":"3e797ca6-2aa8-4333-b335-7036f1110c05"},{"properties":{"displayName":"Microsoft
+ Managed Control 1545 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1545"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3f4b171a-a56b-4328-8112-32cf7f947ee1","type":"Microsoft.Authorization/policyDefinitions","name":"3f4b171a-a56b-4328-8112-32cf7f947ee1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1179 - Baseline Configuration | Reviews And Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1179"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3f9ce557-c8ab-4e6c-bb2c-9b8ed002c46c","type":"Microsoft.Authorization/policyDefinitions","name":"3f9ce557-c8ab-4e6c-bb2c-9b8ed002c46c"},{"properties":{"displayName":"[Deprecated]:
Audit API Applications that are not using latest supported PHP Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported PHP version for the latest security classes. Using older
classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66","type":"Microsoft.Authorization/policyDefinitions","name":"3fe37002-5d00-4b37-a301-da09e3a0ca66"},{"properties":{"displayName":"Secure
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66","type":"Microsoft.Authorization/policyDefinitions","name":"3fe37002-5d00-4b37-a301-da09e3a0ca66"},{"properties":{"displayName":"Microsoft
+ Managed Control 1561 - Allocation Of Resources","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1561"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40364c3f-c331-4e29-b1e3-2fbe998ba2f5","type":"Microsoft.Authorization/policyDefinitions","name":"40364c3f-c331-4e29-b1e3-2fbe998ba2f5"},{"properties":{"displayName":"Secure
transfer to storage accounts should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
requirment of Secure transfer in your storage account. Secure transfer is
an option that forces your storage account to accept requests only from secure
connections (HTTPS). Use of HTTPS ensures authentication between the server
and the service and protects data in transit from network layer attacks such
as man-in-the-middle, eavesdropping, and session-hijacking","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","type":"Microsoft.Authorization/policyDefinitions","name":"404c3081-a854-4457-ae30-26a93ef643f9"},{"properties":{"displayName":"[Preview]:
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","type":"Microsoft.Authorization/policyDefinitions","name":"404c3081-a854-4457-ae30-26a93ef643f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1100 - Audit And Accountability Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1100"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4057863c-ca7d-47eb-b1e0-503580cba8a4","type":"Microsoft.Authorization/policyDefinitions","name":"4057863c-ca7d-47eb-b1e0-503580cba8a4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1637 - Boundary Protection | Fail Secure","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1637"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4075bedc-c62a-4635-bede-a01be89807f3","type":"Microsoft.Authorization/policyDefinitions","name":"4075bedc-c62a-4635-bede-a01be89807f3"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Administrative
Templates - System''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4908,11 +6447,41 @@ interactions:
Driver Initialization Policy;ExpectedValue","value":"[parameters(''BootStartDriverInitializationPolicy'')]"},{"name":"Enable
Windows NTP Client;ExpectedValue","value":"[parameters(''EnableWindowsNTPClient'')]"},{"name":"Turn
on convenience PIN sign-in;ExpectedValue","value":"[parameters(''TurnOnConveniencePINSignin'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40917425-69db-4018-8dae-2a0556cef899","type":"Microsoft.Authorization/policyDefinitions","name":"40917425-69db-4018-8dae-2a0556cef899"},{"properties":{"displayName":"Azure
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40917425-69db-4018-8dae-2a0556cef899","type":"Microsoft.Authorization/policyDefinitions","name":"40917425-69db-4018-8dae-2a0556cef899"},{"properties":{"displayName":"Microsoft
+ Managed Control 1202 - Access Restrictions For Change","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1202"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40a2a83b-74f2-4c02-ae65-f460a5d2792a","type":"Microsoft.Authorization/policyDefinitions","name":"40a2a83b-74f2-4c02-ae65-f460a5d2792a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1438 - Media Sanitization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1438"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40fcc635-52a2-4dbc-9523-80a1f4aa1de6","type":"Microsoft.Authorization/policyDefinitions","name":"40fcc635-52a2-4dbc-9523-80a1f4aa1de6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1365 - Incident Handling | Continuity Of Operations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1365"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4116891d-72f7-46ee-911c-8056cc8dcbd5","type":"Microsoft.Authorization/policyDefinitions","name":"4116891d-72f7-46ee-911c-8056cc8dcbd5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1022 - Account Management | Shared / Group Account Credential
+ Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1022"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/411f7e2d-9a0b-4627-a0b9-1700432db47d","type":"Microsoft.Authorization/policyDefinitions","name":"411f7e2d-9a0b-4627-a0b9-1700432db47d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1464 - Monitoring Physical Access | Intrusion Alarms / Surveillance
+ Equipment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1464"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/41256567-1795-4684-b00b-a1308ce43cac","type":"Microsoft.Authorization/policyDefinitions","name":"41256567-1795-4684-b00b-a1308ce43cac"},{"properties":{"displayName":"Azure
Monitor should collect activity logs from all regions","policyType":"BuiltIn","mode":"All","description":"This
policy audits the Azure Monitor log profile which does not export activities
from all Azure supported regions including global.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiasoutheast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"brazilsouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francesouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japaneast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japanwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreasouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricanorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricawest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southeastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaenorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uksouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"ukwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"global"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","type":"Microsoft.Authorization/policyDefinitions","name":"41388f1c-2db0-4c25-95b2-35d7f5ccbfa9"},{"properties":{"displayName":"Diagnostic
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiasoutheast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"brazilsouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francesouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japaneast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japanwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreasouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricanorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricawest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southeastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaenorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uksouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"ukwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"global"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","type":"Microsoft.Authorization/policyDefinitions","name":"41388f1c-2db0-4c25-95b2-35d7f5ccbfa9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1263 - Contingency Plan Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1263"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/41472613-3b05-49f6-8fe8-525af113ce17","type":"Microsoft.Authorization/policyDefinitions","name":"41472613-3b05-49f6-8fe8-525af113ce17"},{"properties":{"displayName":"Microsoft
+ Managed Control 1096 - Role-Based Security Training | Practical Exercises","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1096"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/420c1477-aa43-49d0-bd7e-c4abdd9addff","type":"Microsoft.Authorization/policyDefinitions","name":"420c1477-aa43-49d0-bd7e-c4abdd9addff"},{"properties":{"displayName":"Microsoft
+ Managed Control 1260 - Contingency Training | Simulated Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1260"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/42254fc4-2738-4128-9613-72aaa4f0d9c3","type":"Microsoft.Authorization/policyDefinitions","name":"42254fc4-2738-4128-9613-72aaa4f0d9c3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1694 - Information System Monitoring | Analyze Communications
+ Traffic Anomalies","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1694"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/426c4ac9-ff17-49d0-acd7-a13c157081c0","type":"Microsoft.Authorization/policyDefinitions","name":"426c4ac9-ff17-49d0-acd7-a13c157081c0"},{"properties":{"displayName":"Diagnostic
logs in Batch accounts should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
@@ -4936,7 +6505,20 @@ interactions:
Process Termination;ExpectedValue'', ''='', parameters(''AuditProcessTermination'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesDetailedTracking"},"AuditProcessTermination":{"value":"[parameters(''AuditProcessTermination'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AuditProcessTermination":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit
Process Termination;ExpectedValue","value":"[parameters(''AuditProcessTermination'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/42a07bbf-ffcf-459a-b4b1-30ecd118a505","type":"Microsoft.Authorization/policyDefinitions","name":"42a07bbf-ffcf-459a-b4b1-30ecd118a505"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/42a07bbf-ffcf-459a-b4b1-30ecd118a505","type":"Microsoft.Authorization/policyDefinitions","name":"42a07bbf-ffcf-459a-b4b1-30ecd118a505"},{"properties":{"displayName":"Microsoft
+ Managed Control 1174 - Configuration Management Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1174"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/42a9a714-8fbb-43ac-b115-ea12d2bd652f","type":"Microsoft.Authorization/policyDefinitions","name":"42a9a714-8fbb-43ac-b115-ea12d2bd652f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1137 - Audit Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1137"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4344df62-88ab-4637-b97b-bcaf2ec97e7c","type":"Microsoft.Authorization/policyDefinitions","name":"4344df62-88ab-4637-b97b-bcaf2ec97e7c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1367 - Incident Handling | Insider Threats - Specific Capabilities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1367"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/435b2547-6374-4f87-b42d-6e8dbe6ae62a","type":"Microsoft.Authorization/policyDefinitions","name":"435b2547-6374-4f87-b42d-6e8dbe6ae62a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1552 - Vulnerability Scanning | Update By Frequency / Prior
+ To New Scan / When Identified","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1552"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/43684572-e4f1-4642-af35-6b933bc506da","type":"Microsoft.Authorization/policyDefinitions","name":"43684572-e4f1-4642-af35-6b933bc506da"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- System settings''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4958,13 +6540,56 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"System
settings: Use Certificate Rules on Windows Executables for Software Restriction
Policies;ExpectedValue","value":"[parameters(''SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/437a1f8f-8552-47a8-8b12-a2fee3269dd5","type":"Microsoft.Authorization/policyDefinitions","name":"437a1f8f-8552-47a8-8b12-a2fee3269dd5"},{"properties":{"displayName":"[Deprecated]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/437a1f8f-8552-47a8-8b12-a2fee3269dd5","type":"Microsoft.Authorization/policyDefinitions","name":"437a1f8f-8552-47a8-8b12-a2fee3269dd5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1544 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1544"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/43ced7c9-cd53-456b-b0da-2522649a4271","type":"Microsoft.Authorization/policyDefinitions","name":"43ced7c9-cd53-456b-b0da-2522649a4271"},{"properties":{"displayName":"Microsoft
+ Managed Control 1398 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1398"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/443e8f3d-b51a-45d8-95a7-18b0e42f4dc4","type":"Microsoft.Authorization/policyDefinitions","name":"443e8f3d-b51a-45d8-95a7-18b0e42f4dc4"},{"properties":{"displayName":"[Deprecated]:
Monitor permissive network access in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Network
Security Groups with too permissive rules will be monitored by Azure Security
Center as recommendations","metadata":{"category":"Security Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"permissiveNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed","type":"Microsoft.Authorization/policyDefinitions","name":"44452482-524f-4bf4-b852-0bff7cc4a3ed"},{"properties":{"displayName":"Require
- SQL Server version 12.0","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy ensures all SQL servers use version 12.0","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers"},{"not":{"field":"Microsoft.Sql/servers/version","equals":"12.0"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf","type":"Microsoft.Authorization/policyDefinitions","name":"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"permissiveNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed","type":"Microsoft.Authorization/policyDefinitions","name":"44452482-524f-4bf4-b852-0bff7cc4a3ed"},{"properties":{"displayName":"Microsoft
+ Managed Control 1066 - Remote Access | Disconnect / Disable Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1066"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4455c2e8-c65d-4acf-895e-304916f90b36","type":"Microsoft.Authorization/policyDefinitions","name":"4455c2e8-c65d-4acf-895e-304916f90b36"},{"properties":{"displayName":"Microsoft
+ Managed Control 1720 - Spam Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1720"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44b9a7cd-f36a-491a-a48b-6d04ae7c4221","type":"Microsoft.Authorization/policyDefinitions","name":"44b9a7cd-f36a-491a-a48b-6d04ae7c4221"},{"properties":{"displayName":"Microsoft
+ Managed Control 1334 - Authenticator Management | Pki-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1334"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44bfdadc-8c2e-4c30-9c99-f005986fabcd","type":"Microsoft.Authorization/policyDefinitions","name":"44bfdadc-8c2e-4c30-9c99-f005986fabcd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1604 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1604"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44dbba23-0b61-478e-89c7-b3084667782f","type":"Microsoft.Authorization/policyDefinitions","name":"44dbba23-0b61-478e-89c7-b3084667782f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1712 - Software, Firmware, And Information Integrity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1712"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44e543aa-41db-42aa-98eb-8a5eb1db53f0","type":"Microsoft.Authorization/policyDefinitions","name":"44e543aa-41db-42aa-98eb-8a5eb1db53f0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1310 - Device Identification And Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1310"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/450d7ede-823d-4931-a99d-57f6a38807dc","type":"Microsoft.Authorization/policyDefinitions","name":"450d7ede-823d-4931-a99d-57f6a38807dc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1559 - System And Services Acquisition Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1559"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/45692294-f074-42bd-ac54-16f1a3c07554","type":"Microsoft.Authorization/policyDefinitions","name":"45692294-f074-42bd-ac54-16f1a3c07554"},{"properties":{"displayName":"Microsoft
+ Managed Control 1578 - Acquisition Process | Functions / Ports / Protocols
+ / Services In Use","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1578"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/45b7b644-5f91-498e-9d89-7402532d3645","type":"Microsoft.Authorization/policyDefinitions","name":"45b7b644-5f91-498e-9d89-7402532d3645"},{"properties":{"displayName":"Microsoft
+ Managed Control 1565 - System Development Life Cycle","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1565"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/45ce2396-5c76-4654-9737-f8792ab3d26b","type":"Microsoft.Authorization/policyDefinitions","name":"45ce2396-5c76-4654-9737-f8792ab3d26b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1337 - Authenticator Management | In-Person Or Trusted Third-Party
+ Registration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1337"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/463e5220-3f79-4e24-a63f-343e4096cd22","type":"Microsoft.Authorization/policyDefinitions","name":"463e5220-3f79-4e24-a63f-343e4096cd22"},{"properties":{"displayName":"[Deprecated]:
+ Require SQL Server version 12.0","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy ensures all SQL servers use version 12.0. This policy is deprecated
+ because it is no longer possible to create an Azure SQL server with any version
+ other than 12.0.","metadata":{"category":"SQL","deprecated":"true"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers"},{"not":{"field":"Microsoft.Sql/servers/version","equals":"12.0"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf","type":"Microsoft.Authorization/policyDefinitions","name":"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1346 - Identification And Authentication (Non-Organizational
+ Users)","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1346"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/464dc8ce-2200-4720-87a5-dc5952924cc6","type":"Microsoft.Authorization/policyDefinitions","name":"464dc8ce-2200-4720-87a5-dc5952924cc6"},{"properties":{"displayName":"[Deprecated]:
Audit Web Applications that are not using latest supported Python Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported Python version for the latest security classes. Using
older classes and types can make your application vulnerable.","metadata":{"category":"Security
@@ -4973,7 +6598,14 @@ interactions:
automatic OS image patching on Virtual Machine Scale Sets","policyType":"BuiltIn","mode":"All","description":"This
policy enforces enabling automatic OS image patching on Virtual Machine Scale
Sets to always keep Virtual Machines secure by safely applying latest security
- patches every month.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgradePolicy.enableAutomaticOSUpgrade","notEquals":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade","notEquals":"True"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"465f0161-0087-490a-9ad9-ad6217f4f43a"},{"properties":{"displayName":"Automatic
+ patches every month.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgradePolicy.enableAutomaticOSUpgrade","notEquals":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade","notEquals":"True"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"465f0161-0087-490a-9ad9-ad6217f4f43a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1368 - Incident Handling | Correlation With External Organizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1368"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/465f32da-0ace-4603-8d1b-7be5a3a702de","type":"Microsoft.Authorization/policyDefinitions","name":"465f32da-0ace-4603-8d1b-7be5a3a702de"},{"properties":{"displayName":"Microsoft
+ Managed Control 1062 - Remote Access | Protection Of Confidentiality / Integrity
+ Using Encryption","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1062"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4708723f-e099-4af1-bbf9-b6df7642e444","type":"Microsoft.Authorization/policyDefinitions","name":"4708723f-e099-4af1-bbf9-b6df7642e444"},{"properties":{"displayName":"Automatic
provisioning of the Log Analytics monitoring agent should be enabled on your
subscription","policyType":"BuiltIn","mode":"All","description":"Enable automatic
provisioning of the Log Analytics monitoring agent in order to collect security
@@ -4982,12 +6614,51 @@ interactions:
Application Controls should be enabled on virtual machines","policyType":"BuiltIn","mode":"All","description":"Possible
Application Whitelist configuration will be monitored by Azure Security Center","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"applicationWhitelisting","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","type":"Microsoft.Authorization/policyDefinitions","name":"47a6b606-51aa-4496-8bb7-64b11cf66adc"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"applicationWhitelisting","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","type":"Microsoft.Authorization/policyDefinitions","name":"47a6b606-51aa-4496-8bb7-64b11cf66adc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1359 - Incident Response Testing | Coordination With Related
+ Plans","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Incident Response control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1359"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/47bc7ea0-7d13-4f7c-a154-b903f7194253","type":"Microsoft.Authorization/policyDefinitions","name":"47bc7ea0-7d13-4f7c-a154-b903f7194253"},{"properties":{"displayName":"Microsoft
+ Managed Control 1165 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1165"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/47e10916-6c9e-446b-b0bd-ff5fd439d79d","type":"Microsoft.Authorization/policyDefinitions","name":"47e10916-6c9e-446b-b0bd-ff5fd439d79d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1048 - System Use Notification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1048"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/483e7ca9-82b3-45a2-be97-b93163a0deb7","type":"Microsoft.Authorization/policyDefinitions","name":"483e7ca9-82b3-45a2-be97-b93163a0deb7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1033 - Separation Of Duties","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1033"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48540f01-fc11-411a-b160-42807c68896e","type":"Microsoft.Authorization/policyDefinitions","name":"48540f01-fc11-411a-b160-42807c68896e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1477 - Fire Protection | Detection Devices / Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1477"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4862a63c-6c74-4a9d-a221-89af3c374503","type":"Microsoft.Authorization/policyDefinitions","name":"4862a63c-6c74-4a9d-a221-89af3c374503"},{"properties":{"displayName":"Microsoft
+ Managed Control 1484 - Water Damage Protection | Automation Support","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1484"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/486b006a-3653-45e8-b41c-a052d3e05456","type":"Microsoft.Authorization/policyDefinitions","name":"486b006a-3653-45e8-b41c-a052d3e05456"},{"properties":{"displayName":"[Deprecated]:
Audit IP restrictions configuration for an API App","policyType":"BuiltIn","mode":"All","description":"IP
Restrictions allow you to define a list of IP addresses that are allowed to
access your app. Use of IP Restrictions protects an API app from common attacks.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53","type":"Microsoft.Authorization/policyDefinitions","name":"48893b84-a2c8-4d9a-badf-835d5d1b7d53"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53","type":"Microsoft.Authorization/policyDefinitions","name":"48893b84-a2c8-4d9a-badf-835d5d1b7d53"},{"properties":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for PostgreSQL","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure Database for PostgreSQL with geo-redundant backup
+ not enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},{"field":"Microsoft.DBforPostgreSQL/servers/storageProfile.geoRedundantBackup","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","type":"Microsoft.Authorization/policyDefinitions","name":"48af4db5-9b8b-401c-8e74-076be876a430"},{"properties":{"displayName":"Microsoft
+ Managed Control 1669 - Flaw Remediation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1669"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48f2f62b-5743-4415-a143-288adc0e078d","type":"Microsoft.Authorization/policyDefinitions","name":"48f2f62b-5743-4415-a143-288adc0e078d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1376 - Incident Response Assistance | Coordination With External
+ Providers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1376"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/493a95f3-f2e3-47d0-af02-65e6d6decc2f","type":"Microsoft.Authorization/policyDefinitions","name":"493a95f3-f2e3-47d0-af02-65e6d6decc2f"},{"properties":{"displayName":"Ensure
+ that ''Java version'' is the latest, if used as a part of the Web app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Java software either due to security flaws
+ or to include additional functionality. Using the latest Java version for
+ web apps is recommended in order to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ Java version","description":"Latest supported Java version for App Services"},"defaultValue":"11"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"JAVA"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","like":"[concat(''*'',
+ parameters(''JavaLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.javaVersion","like":"[concat(parameters(''JavaLatestVersion''),
+ ''*'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","type":"Microsoft.Authorization/policyDefinitions","name":"496223c3-ad65-4ecd-878a-bae78737e9ed"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Audit''","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5003,7 +6674,13 @@ interactions:
''='', parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsAudit"},"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"value":"[parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit:
Shut down system immediately if unable to log security audits;ExpectedValue","value":"[parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/498b810c-59cd-4222-9338-352ba146ccf3","type":"Microsoft.Authorization/policyDefinitions","name":"498b810c-59cd-4222-9338-352ba146ccf3"},{"properties":{"displayName":"Append
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/498b810c-59cd-4222-9338-352ba146ccf3","type":"Microsoft.Authorization/policyDefinitions","name":"498b810c-59cd-4222-9338-352ba146ccf3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1329 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1329"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/498f6234-3e20-4b6a-a880-cbd646d973bd","type":"Microsoft.Authorization/policyDefinitions","name":"498f6234-3e20-4b6a-a880-cbd646d973bd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1638 - Boundary Protection | Dynamic Isolation / Segregation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1638"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49b99653-32cd-405d-a135-e7d60a9aae1f","type":"Microsoft.Authorization/policyDefinitions","name":"49b99653-32cd-405d-a135-e7d60a9aae1f"},{"properties":{"displayName":"Append
tag and its default value to resource groups","policyType":"BuiltIn","mode":"All","description":"Appends
the specified tag and value when any resource group which is missing this
tag is created or updated. Does not modify the tags of resource groups created
@@ -5013,7 +6690,36 @@ interactions:
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"append","details":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71","type":"Microsoft.Authorization/policyDefinitions","name":"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71"},{"properties":{"displayName":"Deploy
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71","type":"Microsoft.Authorization/policyDefinitions","name":"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71"},{"properties":{"displayName":"Microsoft
+ Managed Control 1294 - Information System Backup | Transfer To Alternate Storage
+ Site","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1294"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49dbe627-2c1e-438c-979e-dd7a39bbf81d","type":"Microsoft.Authorization/policyDefinitions","name":"49dbe627-2c1e-438c-979e-dd7a39bbf81d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1218 - Least Functionality | Prevent Program Execution","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1218"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4a1d0394-b9f5-493e-9e83-563fd0ac4df8","type":"Microsoft.Authorization/policyDefinitions","name":"4a1d0394-b9f5-493e-9e83-563fd0ac4df8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1677 - Malicious Code Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1677"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4a248e1e-040f-43e5-bff2-afc3a57a3923","type":"Microsoft.Authorization/policyDefinitions","name":"4a248e1e-040f-43e5-bff2-afc3a57a3923"},{"properties":{"displayName":"Microsoft
+ Managed Control 1094 - Role-Based Security Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1094"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4b1853e0-8973-446b-b567-09d901d31a09","type":"Microsoft.Authorization/policyDefinitions","name":"4b1853e0-8973-446b-b567-09d901d31a09"},{"properties":{"displayName":"Microsoft
+ Managed Control 1114 - Response To Audit Processing Failures | Real-Time Alerts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1114"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4c090801-59bc-4454-bb33-e0455133486a","type":"Microsoft.Authorization/policyDefinitions","name":"4c090801-59bc-4454-bb33-e0455133486a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1364 - Incident Handling | Dynamic Reconfiguration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1364"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4c615c2a-dc83-4dda-8220-abce7b50c9bc","type":"Microsoft.Authorization/policyDefinitions","name":"4c615c2a-dc83-4dda-8220-abce7b50c9bc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1661 - Session Authenticity | Invalidate Session Identifiers
+ At Logout","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1661"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4c643c9a-1be7-4016-a5e7-e4bada052920","type":"Microsoft.Authorization/policyDefinitions","name":"4c643c9a-1be7-4016-a5e7-e4bada052920"},{"properties":{"displayName":"Microsoft
+ Managed Control 1373 - Incident Reporting | Automated Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1373"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4cca950f-c3b7-492a-8e8f-ea39663c14f9","type":"Microsoft.Authorization/policyDefinitions","name":"4cca950f-c3b7-492a-8e8f-ea39663c14f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1632 - Boundary Protection | Prevent Split Tunneling For Remote
+ Devices","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1632"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4ce9073a-77fa-48f0-96b1-87aa8e6091c2","type":"Microsoft.Authorization/policyDefinitions","name":"4ce9073a-77fa-48f0-96b1-87aa8e6091c2"},{"properties":{"displayName":"Deploy
prerequisites to audit Linux VMs that do not have the specified applications
installed","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Linux virtual machines that
@@ -5034,19 +6740,90 @@ interactions:
['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721","type":"Microsoft.Authorization/policyDefinitions","name":"4d1c04de-2172-403f-901b-90608c35c721"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721","type":"Microsoft.Authorization/policyDefinitions","name":"4d1c04de-2172-403f-901b-90608c35c721"},{"properties":{"displayName":"FTPS
+ should be required in your Web App","policyType":"BuiltIn","mode":"Indexed","description":"Enable
+ FTPS enforcement for enhanced security","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/ftpsState","equals":"FtpsOnly"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","type":"Microsoft.Authorization/policyDefinitions","name":"4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1155 - System Interconnections | Restrictions On External
+ System Connections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1155"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d33f9f1-12d0-46ad-9fbd-8f8046694977","type":"Microsoft.Authorization/policyDefinitions","name":"4d33f9f1-12d0-46ad-9fbd-8f8046694977"},{"properties":{"displayName":"Microsoft
+ Managed Control 1156 - Plan Of Action And Milestones","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1156"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d52e864-9a3b-41ee-8f03-520815fe5378","type":"Microsoft.Authorization/policyDefinitions","name":"4d52e864-9a3b-41ee-8f03-520815fe5378"},{"properties":{"displayName":"Microsoft
+ Managed Control 1312 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1312"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d6a5968-9eef-4c18-8534-376790ab7274","type":"Microsoft.Authorization/policyDefinitions","name":"4d6a5968-9eef-4c18-8534-376790ab7274"},{"properties":{"displayName":"[Preview]:
Deploy Dependency Agent for Linux VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined
and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''),
''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee","type":"Microsoft.Authorization/policyDefinitions","name":"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee"},{"properties":{"displayName":"A
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee","type":"Microsoft.Authorization/policyDefinitions","name":"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Data Lake Analytics to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Analytics to stream to a regional Event
+ Hub when any Data Lake Analytics which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeAnalytics/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeAnalytics/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4daddf25-4823-43d4-88eb-2419eb6dcc08","type":"Microsoft.Authorization/policyDefinitions","name":"4daddf25-4823-43d4-88eb-2419eb6dcc08"},{"properties":{"displayName":"Microsoft
+ Managed Control 1394 - System Maintenance Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1394"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4db56f68-3f50-45ab-88f3-ca46f5379a94","type":"Microsoft.Authorization/policyDefinitions","name":"4db56f68-3f50-45ab-88f3-ca46f5379a94"},{"properties":{"displayName":"Microsoft
+ Managed Control 1702 - Information System Monitoring | Indicators Of Compromise","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1702"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4dfc0855-92c4-4641-b155-a55ddd962362","type":"Microsoft.Authorization/policyDefinitions","name":"4dfc0855-92c4-4641-b155-a55ddd962362"},{"properties":{"displayName":"Microsoft
+ Managed Control 1001 - Access Control Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1001"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e26f8c3-4bf3-4191-b8fc-d888805101b7","type":"Microsoft.Authorization/policyDefinitions","name":"4e26f8c3-4bf3-4191-b8fc-d888805101b7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1083 - Publicly Accessible Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1083"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e319cb6-2ca3-4a58-ad75-e67f484e50ec","type":"Microsoft.Authorization/policyDefinitions","name":"4e319cb6-2ca3-4a58-ad75-e67f484e50ec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1579 - Acquisition Process | Use Of Approved Piv Products","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1579"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e54c7ef-7457-430b-9a3e-ef8881d4a8e0","type":"Microsoft.Authorization/policyDefinitions","name":"4e54c7ef-7457-430b-9a3e-ef8881d4a8e0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1247 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1247"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e666db5-b2ef-4b06-aac6-09bfce49151b","type":"Microsoft.Authorization/policyDefinitions","name":"4e666db5-b2ef-4b06-aac6-09bfce49151b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1196 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1196"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e7f4ea4-dd62-44f6-8886-ac6137cf52b0","type":"Microsoft.Authorization/policyDefinitions","name":"4e7f4ea4-dd62-44f6-8886-ac6137cf52b0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1134 - Protection Of Audit Information | Access By Subset
+ Of Privileged Users","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1134"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e95f70e-181c-4422-9da2-43079710c789","type":"Microsoft.Authorization/policyDefinitions","name":"4e95f70e-181c-4422-9da2-43079710c789"},{"properties":{"displayName":"Microsoft
+ Managed Control 1267 - Alternate Storage Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1267"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e97ba1d-be5d-4953-8da4-0cccf28f4805","type":"Microsoft.Authorization/policyDefinitions","name":"4e97ba1d-be5d-4953-8da4-0cccf28f4805"},{"properties":{"displayName":"Microsoft
+ Managed Control 1192 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1192"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4ebd97f7-b105-4f50-8daf-c51465991240","type":"Microsoft.Authorization/policyDefinitions","name":"4ebd97f7-b105-4f50-8daf-c51465991240"},{"properties":{"displayName":"Microsoft
+ Managed Control 1139 - Audit Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1139"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4ed62522-de00-4dda-9810-5205733d2f34","type":"Microsoft.Authorization/policyDefinitions","name":"4ed62522-de00-4dda-9810-5205733d2f34"},{"properties":{"displayName":"A
maximum of 3 owners should be designated for your subscription","policyType":"BuiltIn","mode":"All","description":"It
is recommended to designate up to 3 subscription owners in order to reduce
the potential for breach by a compromised owner.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateLessThanXOwners","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","type":"Microsoft.Authorization/policyDefinitions","name":"4f11b553-d42e-4e3a-89be-32ca364cad4c"},{"properties":{"displayName":"A
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateLessThanXOwners","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","type":"Microsoft.Authorization/policyDefinitions","name":"4f11b553-d42e-4e3a-89be-32ca364cad4c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1442 - Media Sanitization | Nondestructive Techniques","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1442"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f26049b-2c5a-4841-9ff3-d48a26aae475","type":"Microsoft.Authorization/policyDefinitions","name":"4f26049b-2c5a-4841-9ff3-d48a26aae475"},{"properties":{"displayName":"Microsoft
+ Managed Control 1182 - Baseline Configuration | Configure Systems, Components,
+ Or Devices For High-Risk Areas","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1182"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f34f554-da4b-4786-8d66-7915c90893da","type":"Microsoft.Authorization/policyDefinitions","name":"4f34f554-da4b-4786-8d66-7915c90893da"},{"properties":{"displayName":"A
security contact email address should be provided for your subscription","policyType":"BuiltIn","mode":"All","description":"Enter
an email address to receive notifications when Azure Security Center detects
compromised resources","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -5063,7 +6840,17 @@ interactions:
Vulnerability Assessment should be enabled on Virtual Machines","policyType":"BuiltIn","mode":"All","description":"Monitors
vulnerabilities detected by Azure Security Center Vulnerability Assessment
on Virtual Machines","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"serverVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["NotApplicable","OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","type":"Microsoft.Authorization/policyDefinitions","name":"501541f7-f7e7-4cd6-868c-4190fdad3ac9"},{"properties":{"displayName":"A
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"serverVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["NotApplicable","OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","type":"Microsoft.Authorization/policyDefinitions","name":"501541f7-f7e7-4cd6-868c-4190fdad3ac9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1485 - Delivery And Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1485"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50301354-95d0-4a11-8af5-8039ecf6d38b","type":"Microsoft.Authorization/policyDefinitions","name":"50301354-95d0-4a11-8af5-8039ecf6d38b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1646 - Cryptographic Key Establishment And Management | Asymmetric
+ Keys","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1646"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/506814fa-b930-4b10-894e-a45b98c40e1a","type":"Microsoft.Authorization/policyDefinitions","name":"506814fa-b930-4b10-894e-a45b98c40e1a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1566 - System Development Life Cycle","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1566"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50ad3724-e2ac-4716-afcc-d8eabd97adb9","type":"Microsoft.Authorization/policyDefinitions","name":"50ad3724-e2ac-4716-afcc-d8eabd97adb9"},{"properties":{"displayName":"A
custom IPsec/IKE policy must be applied to all Azure virtual network gateway
connections","policyType":"BuiltIn","mode":"All","description":"This policy
ensures that all Azure virtual network gateway connections use a custom Internet
@@ -5075,37 +6862,146 @@ interactions:
Encryption","description":"IKE Encryption"}},"IKEIntegrity":{"type":"Array","metadata":{"displayName":"IKE
Integrity","description":"IKE Integrity"}},"DHGroup":{"type":"Array","metadata":{"displayName":"DH
Group","description":"DH Group"}},"PFSGroup":{"type":"Array","metadata":{"displayName":"PFS
- Group","description":"PFS Group"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/connections"},{"anyOf":[{"field":"Microsoft.Network/connections/ipsecPolicies[*].ipsecEncryption","notIn":"[parameters(''IPsecEncryption'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ipsecIntegrity","notIn":"[parameters(''IPsecIntegrity'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ikeEncryption","notIn":"[parameters(''IKEEncryption'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ikeIntegrity","notIn":"[parameters(''IKEIntegrity'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].dhGroup","notIn":"[parameters(''DHGroup'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].pfsGroup","notIn":"[parameters(''PFSGroup'')]"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50b83b09-03da-41c1-b656-c293c914862b","type":"Microsoft.Authorization/policyDefinitions","name":"50b83b09-03da-41c1-b656-c293c914862b"},{"properties":{"displayName":"Connection
+ Group","description":"PFS Group"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/connections"},{"anyOf":[{"field":"Microsoft.Network/connections/ipsecPolicies[*].ipsecEncryption","notIn":"[parameters(''IPsecEncryption'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ipsecIntegrity","notIn":"[parameters(''IPsecIntegrity'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ikeEncryption","notIn":"[parameters(''IKEEncryption'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ikeIntegrity","notIn":"[parameters(''IKEIntegrity'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].dhGroup","notIn":"[parameters(''DHGroup'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].pfsGroup","notIn":"[parameters(''PFSGroup'')]"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50b83b09-03da-41c1-b656-c293c914862b","type":"Microsoft.Authorization/policyDefinitions","name":"50b83b09-03da-41c1-b656-c293c914862b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1248 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1248"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50fc602d-d8e0-444b-a039-ad138ee5deb0","type":"Microsoft.Authorization/policyDefinitions","name":"50fc602d-d8e0-444b-a039-ad138ee5deb0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1386 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1386"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5120193e-91fd-4f9d-bc6d-194f94734065","type":"Microsoft.Authorization/policyDefinitions","name":"5120193e-91fd-4f9d-bc6d-194f94734065"},{"properties":{"displayName":"Microsoft
+ Managed Control 1352 - Incident Response Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1352"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/518cb545-bfa8-43f8-a108-3b7d5037469a","type":"Microsoft.Authorization/policyDefinitions","name":"518cb545-bfa8-43f8-a108-3b7d5037469a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1642 - Network Disconnect","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1642"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/53397227-5ee3-4b23-9e5e-c8a767ce6928","type":"Microsoft.Authorization/policyDefinitions","name":"53397227-5ee3-4b23-9e5e-c8a767ce6928"},{"properties":{"displayName":"Connection
throttling should be enabled for PostgreSQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy helps audit any PostgreSQL databases in your environment without Connection
throttling enabled. This setting enables temporary connection throttling per
IP for too many invalid password login failures.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"connection_throttling","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd","type":"Microsoft.Authorization/policyDefinitions","name":"5345bb39-67dc-4960-a1bf-427e16b9a0bd"},{"properties":{"displayName":"CORS
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"connection_throttling","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd","type":"Microsoft.Authorization/policyDefinitions","name":"5345bb39-67dc-4960-a1bf-427e16b9a0bd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1467 - Visitor Access Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1467"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5350cbf9-8bdd-4904-b22a-e88be84ca49d","type":"Microsoft.Authorization/policyDefinitions","name":"5350cbf9-8bdd-4904-b22a-e88be84ca49d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1183 - Baseline Configuration | Configure Systems, Components,
+ Or Devices For High-Risk Areas","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1183"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5352e3e0-e63a-452e-9e5f-9c1d181cff9c","type":"Microsoft.Authorization/policyDefinitions","name":"5352e3e0-e63a-452e-9e5f-9c1d181cff9c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1029 - Information Flow Enforcement | Security Policy Filters","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1029"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69","type":"Microsoft.Authorization/policyDefinitions","name":"53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69"},{"properties":{"displayName":"Microsoft
+ Managed Control 1270 - Alternate Storage Site | Recovery Time / Point Objectives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1270"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/53c76a39-2097-408a-b237-b279f7b4614d","type":"Microsoft.Authorization/policyDefinitions","name":"53c76a39-2097-408a-b237-b279f7b4614d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1040 - Least Privilege | Review Of User Privileges","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1040"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/54205576-cec9-463f-ba44-b4b3f5d0a84c","type":"Microsoft.Authorization/policyDefinitions","name":"54205576-cec9-463f-ba44-b4b3f5d0a84c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1015 - Account Management | Disable Inactive Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1015"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/544a208a-9c3f-40bc-b1d1-d7e144495c14","type":"Microsoft.Authorization/policyDefinitions","name":"544a208a-9c3f-40bc-b1d1-d7e144495c14"},{"properties":{"displayName":"Microsoft
+ Managed Control 1026 - Account Management | Disable Accounts For High-Risk
+ Individuals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1026"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/55419419-c597-4cd4-b51e-009fd2266783","type":"Microsoft.Authorization/policyDefinitions","name":"55419419-c597-4cd4-b51e-009fd2266783"},{"properties":{"displayName":"Microsoft
+ Managed Control 1045 - Unsuccessful Logon Attempts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1045"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/554d2dd6-f3a8-4ad5-b66f-5ce23bd18892","type":"Microsoft.Authorization/policyDefinitions","name":"554d2dd6-f3a8-4ad5-b66f-5ce23bd18892"},{"properties":{"displayName":"Microsoft
+ Managed Control 1523 - Personnel Transfer","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1523"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5577a310-2551-49c8-803b-36e0d5e55601","type":"Microsoft.Authorization/policyDefinitions","name":"5577a310-2551-49c8-803b-36e0d5e55601"},{"properties":{"displayName":"Microsoft
+ Managed Control 1113 - Response To Audit Processing Failures | Audit Storage
+ Capacity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1113"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/562afd61-56be-4313-8fe4-b9564aa4ba7d","type":"Microsoft.Authorization/policyDefinitions","name":"562afd61-56be-4313-8fe4-b9564aa4ba7d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1212 - Configuration Settings | Automated Central Management
+ / Application / Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1212"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/56d970ee-4efc-49c8-8a4e-5916940d784c","type":"Microsoft.Authorization/policyDefinitions","name":"56d970ee-4efc-49c8-8a4e-5916940d784c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1403 - Controlled Maintenance | Automated Maintenance Activities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1403"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/57149289-d52b-4f40-9fe6-5233c1ef80f7","type":"Microsoft.Authorization/policyDefinitions","name":"57149289-d52b-4f40-9fe6-5233c1ef80f7"},{"properties":{"displayName":"CORS
should not allow every resource to access your Web Applications","policyType":"BuiltIn","mode":"Indexed","description":"Cross-Origin
Resource Sharing (CORS) should not allow all domains to access your web application.
Allow only required domains to interact with your web app.","metadata":{"category":"App
Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","type":"Microsoft.Authorization/policyDefinitions","name":"5744710e-cc2f-4ee8-8809-3b11e89f4bc9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","type":"Microsoft.Authorization/policyDefinitions","name":"5744710e-cc2f-4ee8-8809-3b11e89f4bc9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1162 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1162"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592","type":"Microsoft.Authorization/policyDefinitions","name":"5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592"},{"properties":{"displayName":"Microsoft
+ Managed Control 1054 - Session Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1054"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5807e1b4-ba5e-4718-8689-a0ca05a191b2","type":"Microsoft.Authorization/policyDefinitions","name":"5807e1b4-ba5e-4718-8689-a0ca05a191b2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1584 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1584"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5864522b-ff1d-4979-a9f8-58bee1fb174c","type":"Microsoft.Authorization/policyDefinitions","name":"5864522b-ff1d-4979-a9f8-58bee1fb174c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1547 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1547"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52","type":"Microsoft.Authorization/policyDefinitions","name":"58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52"},{"properties":{"displayName":"Microsoft
+ Managed Control 1573 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1573"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/58c93053-7b98-4cf0-b99f-1beb985416c2","type":"Microsoft.Authorization/policyDefinitions","name":"58c93053-7b98-4cf0-b99f-1beb985416c2"},{"properties":{"displayName":"[Deprecated]:
+ Ensure Function app is using the latest version of TLS encryption","policyType":"BuiltIn","mode":"Indexed","description":"Please
+ use /providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193
+ instead. The TLS(Transport Layer Security) protocol secures transmission of
+ data over the internet using standard encryption technology. Encryption should
+ be set with the latest version of TLS. App service allows TLS 1.2 by default,
+ which is the recommended TLS level by industry standards, such as PCI DSS","metadata":{"category":"App
+ Service","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/58d94fc1-a072-47c2-bd37-9cdb38e77453","type":"Microsoft.Authorization/policyDefinitions","name":"58d94fc1-a072-47c2-bd37-9cdb38e77453"},{"properties":{"displayName":"Microsoft
+ Managed Control 1063 - Remote Access | Managed Access Control Points","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1063"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/593ce201-54b2-4dd0-b34f-c308005d7780","type":"Microsoft.Authorization/policyDefinitions","name":"593ce201-54b2-4dd0-b34f-c308005d7780"},{"properties":{"displayName":"Microsoft
+ Managed Control 1463 - Monitoring Physical Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1463"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/59721f87-ae25-4db0-a2a4-77cc5b25d495","type":"Microsoft.Authorization/policyDefinitions","name":"59721f87-ae25-4db0-a2a4-77cc5b25d495"},{"properties":{"displayName":"Microsoft
+ Managed Control 1425 - Timely Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1425"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5983d99c-f39b-4c32-a3dc-170f19f6941b","type":"Microsoft.Authorization/policyDefinitions","name":"5983d99c-f39b-4c32-a3dc-170f19f6941b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1512 - Personnel Screening","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1512"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5a8324ad-f599-429b-aaed-f9c6e8c987a8","type":"Microsoft.Authorization/policyDefinitions","name":"5a8324ad-f599-429b-aaed-f9c6e8c987a8"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that do not have a minimum password age
of 1 day","policyType":"BuiltIn","mode":"All","description":"This policy should
only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that do not have a minimum password age of 1 day. For more
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","type":"Microsoft.Authorization/policyDefinitions","name":"5aa11bbc-5c76-4302-80e5-aba46a4282e7"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","type":"Microsoft.Authorization/policyDefinitions","name":"5aa11bbc-5c76-4302-80e5-aba46a4282e7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1032 - Separation Of Duties","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1032"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aa85661-d618-46b8-a20f-ca40a86f0751","type":"Microsoft.Authorization/policyDefinitions","name":"5aa85661-d618-46b8-a20f-ca40a86f0751"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that do not restrict the minimum password
length to 14 characters","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that do not restrict the minimum password
length to 14 characters. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","type":"Microsoft.Authorization/policyDefinitions","name":"5aebc8d1-020d-4037-89a0-02043a7524ec"},{"properties":{"displayName":"Show
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","type":"Microsoft.Authorization/policyDefinitions","name":"5aebc8d1-020d-4037-89a0-02043a7524ec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1555 - Vulnerability Scanning | Privileged Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1555"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5afa8cab-1ed7-4e40-884c-64e0ac2059cc","type":"Microsoft.Authorization/policyDefinitions","name":"5afa8cab-1ed7-4e40-884c-64e0ac2059cc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1205 - Access Restrictions For Change | Signed Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1205"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b070cab-0fb8-4e48-ad29-fc90b4c2797c","type":"Microsoft.Authorization/policyDefinitions","name":"5b070cab-0fb8-4e48-ad29-fc90b4c2797c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1005 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1005"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b626abc-26d4-4e22-9de8-3831818526b1","type":"Microsoft.Authorization/policyDefinitions","name":"5b626abc-26d4-4e22-9de8-3831818526b1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1105 - Audit Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1105"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b73f57b-587d-4470-a344-0b0ae805f459","type":"Microsoft.Authorization/policyDefinitions","name":"5b73f57b-587d-4470-a344-0b0ae805f459"},{"properties":{"displayName":"Show
audit results from Linux VMs that have the specified applications installed","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Linux virtual machines that have the specified applications installed.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"not_installed_application_linux","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8","type":"Microsoft.Authorization/policyDefinitions","name":"5b842acb-0fe7-41b0-9f40-880ec4ad84d8"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"not_installed_application_linux","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8","type":"Microsoft.Authorization/policyDefinitions","name":"5b842acb-0fe7-41b0-9f40-880ec4ad84d8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1433 - Media Transport","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1433"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b879b41-2728-41c5-ad24-9ee2c37cbe65","type":"Microsoft.Authorization/policyDefinitions","name":"5b879b41-2728-41c5-ad24-9ee2c37cbe65"},{"properties":{"displayName":"Ensure
+ WEB app has ''Client Certificates (Incoming client certificates)'' set to
+ ''On''","policyType":"BuiltIn","mode":"Indexed","description":"Client certificates
+ allow for the app to request a certificate for incoming requests. Only clients
+ that have a valid certificate will be able to reach the app.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"},{"field":"Microsoft.Web/sites/clientCertEnabled","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","type":"Microsoft.Authorization/policyDefinitions","name":"5bb220d9-2698-4ee4-8404-b9c30c9df609"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs on which the remote host connection
status does not match the specified one","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5133,7 +7029,10 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;host","value":"[parameters(''host'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;port","value":"[parameters(''port'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;shouldConnect","value":"[parameters(''shouldConnect'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5bb36dda-8a78-4df9-affd-4f05a8612a8a","type":"Microsoft.Authorization/policyDefinitions","name":"5bb36dda-8a78-4df9-affd-4f05a8612a8a"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5bb36dda-8a78-4df9-affd-4f05a8612a8a","type":"Microsoft.Authorization/policyDefinitions","name":"5bb36dda-8a78-4df9-affd-4f05a8612a8a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1551 - Vulnerability Scanning | Update Tool Capability","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1551"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5bbda922-0172-4095-89e6-5b4a0bf03af7","type":"Microsoft.Authorization/policyDefinitions","name":"5bbda922-0172-4095-89e6-5b4a0bf03af7"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Network Security''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -5149,16 +7048,38 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","type":"Microsoft.Authorization/policyDefinitions","name":"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138"},{"properties":{"displayName":"External
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","type":"Microsoft.Authorization/policyDefinitions","name":"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138"},{"properties":{"displayName":"Microsoft
+ Managed Control 1671 - Flaw Remediation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1671"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c5bbef7-a316-415b-9b38-29753ce8e698","type":"Microsoft.Authorization/policyDefinitions","name":"5c5bbef7-a316-415b-9b38-29753ce8e698"},{"properties":{"displayName":"Microsoft
+ Managed Control 1067 - Wireless Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1067"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c5e54f6-0127-44d0-8b61-f31dc8dd6190","type":"Microsoft.Authorization/policyDefinitions","name":"5c5e54f6-0127-44d0-8b61-f31dc8dd6190"},{"properties":{"displayName":"External
accounts with write permissions should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"External
accounts with write privileges should be removed from your subscription in
order to prevent unmonitored access.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","type":"Microsoft.Authorization/policyDefinitions","name":"5c607a2e-c700-4744-8254-d77e7c9eb5e4"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","type":"Microsoft.Authorization/policyDefinitions","name":"5c607a2e-c700-4744-8254-d77e7c9eb5e4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1483 - Water Damage Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1483"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5cb81060-3c8a-4968-bcdc-395a1801f6c1","type":"Microsoft.Authorization/policyDefinitions","name":"5cb81060-3c8a-4968-bcdc-395a1801f6c1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1362 - Incident Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1362"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5d169442-d6ef-439b-8dca-46c2c3248214","type":"Microsoft.Authorization/policyDefinitions","name":"5d169442-d6ef-439b-8dca-46c2c3248214"},{"properties":{"displayName":"Microsoft
+ Managed Control 1014 - Account Management | Removal Of Temporary / Emergency
+ Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1014"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5dee936c-8037-4df1-ab35-6635733da48c","type":"Microsoft.Authorization/policyDefinitions","name":"5dee936c-8037-4df1-ab35-6635733da48c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1665 - Process Isolation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1665"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5df3a55c-8456-44d4-941e-175f79332512","type":"Microsoft.Authorization/policyDefinitions","name":"5df3a55c-8456-44d4-941e-175f79332512"},{"properties":{"displayName":"[Deprecated]:
Function App should only be accessible over HTTPS","policyType":"BuiltIn","mode":"All","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"Security
Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForFunctionApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55","type":"Microsoft.Authorization/policyDefinitions","name":"5df82f4f-773a-4a2d-97a2-422a806f1a55"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForFunctionApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55","type":"Microsoft.Authorization/policyDefinitions","name":"5df82f4f-773a-4a2d-97a2-422a806f1a55"},{"properties":{"displayName":"Microsoft
+ Managed Control 1251 - Contingency Plan | Coordinate With Related Plans","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1251"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e2b3730-8c14-4081-8893-19dbb5de7348","type":"Microsoft.Authorization/policyDefinitions","name":"5e2b3730-8c14-4081-8893-19dbb5de7348"},{"properties":{"displayName":"[Deprecated]:
Audit Web Applications that are not using latest supported .NET Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported .NET Framework version for the latest security classes.
Using older classes and types can make your application vulnerable.","metadata":{"category":"Security
@@ -5170,7 +7091,13 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that do not have the specified applications installed. For
more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WhitelistedApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9","type":"Microsoft.Authorization/policyDefinitions","name":"5e393799-e3ca-4e43-a9a5-0ec4648a57d9"},{"properties":{"displayName":"[Deprecated]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WhitelistedApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9","type":"Microsoft.Authorization/policyDefinitions","name":"5e393799-e3ca-4e43-a9a5-0ec4648a57d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1116 - Audit Review, Analysis, And Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1116"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e47bc51-35d1-44b8-92af-e2f2d8b67635","type":"Microsoft.Authorization/policyDefinitions","name":"5e47bc51-35d1-44b8-92af-e2f2d8b67635"},{"properties":{"displayName":"Microsoft
+ Managed Control 1208 - Configuration Settings","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1208"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ea87673-d06b-456f-a324-8abcee5c159f","type":"Microsoft.Authorization/policyDefinitions","name":"5ea87673-d06b-456f-a324-8abcee5c159f"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation only in India data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation in the following locations only: West India, South India,
Central India","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["westindia","southindia","centralindia"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54","type":"Microsoft.Authorization/policyDefinitions","name":"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54"},{"properties":{"displayName":"[Preview]:
@@ -5188,7 +7115,11 @@ interactions:
''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachineScaleSets/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069","type":"Microsoft.Authorization/policyDefinitions","name":"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069"},{"properties":{"displayName":"External
+ extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069","type":"Microsoft.Authorization/policyDefinitions","name":"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069"},{"properties":{"displayName":"Microsoft
+ Managed Control 1576 - Acquisition Process | Design / Implementation Information
+ For Security Controls","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1576"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5f18c885-ade3-48c5-80b1-8f9216019c18","type":"Microsoft.Authorization/policyDefinitions","name":"5f18c885-ade3-48c5-80b1-8f9216019c18"},{"properties":{"displayName":"External
accounts with read permissions should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"External
accounts with read privileges should be removed from your subscription in
order to prevent unmonitored access.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -5200,7 +7131,10 @@ interactions:
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"field":"[concat(''tags['',
parameters(''tagName''), '']'')]","notEquals":"[parameters(''tagValue'')]"},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"addOrReplace","field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ffd78d9-436d-4b41-a421-5baa819e3008","type":"Microsoft.Authorization/policyDefinitions","name":"5ffd78d9-436d-4b41-a421-5baa819e3008"},{"properties":{"displayName":"[Preview]:
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ffd78d9-436d-4b41-a421-5baa819e3008","type":"Microsoft.Authorization/policyDefinitions","name":"5ffd78d9-436d-4b41-a421-5baa819e3008"},{"properties":{"displayName":"Microsoft
+ Managed Control 1663 - Protection Of Information At Rest","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1663"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/60171210-6dde-40af-a144-bf2670518bfa","type":"Microsoft.Authorization/policyDefinitions","name":"60171210-6dde-40af-a144-bf2670518bfa"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Object Access''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -5226,19 +7160,87 @@ interactions:
a storage account in the same region and resource group as the SQL server
to store scan results, with a ''sqlva'' prefix.","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/securityAlertPolicies.state","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3","/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"serverName":{"type":"string"},"location":{"type":"string"}},"variables":{"serverResourceGroupName":"[resourceGroup().name]","subscriptionId":"[subscription().subscriptionId]","uniqueStorage":"[uniqueString(variables(''subscriptionId''),
variables(''serverResourceGroupName''), parameters(''location''))]","storageName":"[tolower(concat(''sqlva'',
- variables(''uniqueStorage'')))]"},"resources":[{"type":"Microsoft.Storage/storageAccounts","name":"[variables(''storageName'')]","apiVersion":"2016-01-01","location":"[parameters(''location'')]","sku":{"name":"Standard_LRS"},"kind":"Storage","properties":{}},{"name":"[concat(parameters(''serverName''),
+ variables(''uniqueStorage'')))]"},"resources":[{"type":"Microsoft.Storage/storageAccounts","name":"[variables(''storageName'')]","apiVersion":"2019-04-01","location":"[parameters(''location'')]","sku":{"name":"Standard_LRS"},"kind":"StorageV2","properties":{}},{"name":"[concat(parameters(''serverName''),
''/Default'')]","type":"Microsoft.Sql/servers/securityAlertPolicies","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","emailAccountAdmins":true}},{"name":"[concat(parameters(''serverName''),
''/Default'')]","type":"Microsoft.Sql/servers/vulnerabilityAssessments","apiVersion":"2018-06-01-preview","properties":{"storageContainerPath":"[concat(reference(resourceId(''Microsoft.Storage/storageAccounts'',
variables(''storageName''))).primaryEndpoints.blob, ''vulnerability-assessment'')]","storageAccountAccessKey":"[listKeys(resourceId(''Microsoft.Storage/storageAccounts'',
variables(''storageName'')), ''2018-02-01'').keys[0].value]","recurringScans":{"isEnabled":true,"emailSubscriptionAdmins":true,"emails":[]}},"dependsOn":["[concat(''Microsoft.Storage/storageAccounts/'',
variables(''storageName''))]","[concat(''Microsoft.Sql/servers/'', parameters(''serverName''),
- ''/securityAlertPolicies/Default'')]"]}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6","type":"Microsoft.Authorization/policyDefinitions","name":"6134c3db-786f-471e-87bc-8f479dc890f6"},{"properties":{"displayName":"Service
+ ''/securityAlertPolicies/Default'')]"]}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6","type":"Microsoft.Authorization/policyDefinitions","name":"6134c3db-786f-471e-87bc-8f479dc890f6"},{"properties":{"displayName":"Configure
+ time zone on Windows machines.","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to set specified time zone
+ on Windows virtual machines.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"TimeZone":{"type":"String","metadata":{"displayName":"Time
+ zone","description":"The expected time zone"},"allowedValues":["(UTC-12:00)
+ International Date Line West","(UTC-11:00) Coordinated Universal Time-11","(UTC-10:00)
+ Aleutian Islands","(UTC-10:00) Hawaii","(UTC-09:30) Marquesas Islands","(UTC-09:00)
+ Alaska","(UTC-09:00) Coordinated Universal Time-09","(UTC-08:00) Baja California","(UTC-08:00)
+ Coordinated Universal Time-08","(UTC-08:00) Pacific Time (US & Canada)","(UTC-07:00)
+ Arizona","(UTC-07:00) Chihuahua, La Paz, Mazatlan","(UTC-07:00) Mountain Time
+ (US & Canada)","(UTC-06:00) Central America","(UTC-06:00) Central Time (US
+ & Canada)","(UTC-06:00) Easter Island","(UTC-06:00) Guadalajara, Mexico City,
+ Monterrey","(UTC-06:00) Saskatchewan","(UTC-05:00) Bogota, Lima, Quito, Rio
+ Branco","(UTC-05:00) Chetumal","(UTC-05:00) Eastern Time (US & Canada)","(UTC-05:00)
+ Haiti","(UTC-05:00) Havana","(UTC-05:00) Indiana (East)","(UTC-05:00) Turks
+ and Caicos","(UTC-04:00) Asuncion","(UTC-04:00) Atlantic Time (Canada)","(UTC-04:00)
+ Caracas","(UTC-04:00) Cuiaba","(UTC-04:00) Georgetown, La Paz, Manaus, San
+ Juan","(UTC-04:00) Santiago","(UTC-03:30) Newfoundland","(UTC-03:00) Araguaina","(UTC-03:00)
+ Brasilia","(UTC-03:00) Cayenne, Fortaleza","(UTC-03:00) City of Buenos Aires","(UTC-03:00)
+ Greenland","(UTC-03:00) Montevideo","(UTC-03:00) Punta Arenas","(UTC-03:00)
+ Saint Pierre and Miquelon","(UTC-03:00) Salvador","(UTC-02:00) Coordinated
+ Universal Time-02","(UTC-02:00) Mid-Atlantic - Old","(UTC-01:00) Azores","(UTC-01:00)
+ Cabo Verde Is.","(UTC) Coordinated Universal Time","(UTC+00:00) Dublin, Edinburgh,
+ Lisbon, London","(UTC+00:00) Monrovia, Reykjavik","(UTC+00:00) Sao Tome","(UTC+01:00)
+ Casablanca","(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna","(UTC+01:00)
+ Belgrade, Bratislava, Budapest, Ljubljana, Prague","(UTC+01:00) Brussels,
+ Copenhagen, Madrid, Paris","(UTC+01:00) Sarajevo, Skopje, Warsaw, Zagreb","(UTC+01:00)
+ West Central Africa","(UTC+02:00) Amman","(UTC+02:00) Athens, Bucharest","(UTC+02:00)
+ Beirut","(UTC+02:00) Cairo","(UTC+02:00) Chisinau","(UTC+02:00) Damascus","(UTC+02:00)
+ Gaza, Hebron","(UTC+02:00) Harare, Pretoria","(UTC+02:00) Helsinki, Kyiv,
+ Riga, Sofia, Tallinn, Vilnius","(UTC+02:00) Jerusalem","(UTC+02:00) Kaliningrad","(UTC+02:00)
+ Khartoum","(UTC+02:00) Tripoli","(UTC+02:00) Windhoek","(UTC+03:00) Baghdad","(UTC+03:00)
+ Istanbul","(UTC+03:00) Kuwait, Riyadh","(UTC+03:00) Minsk","(UTC+03:00) Moscow,
+ St. Petersburg","(UTC+03:00) Nairobi","(UTC+03:30) Tehran","(UTC+04:00) Abu
+ Dhabi, Muscat","(UTC+04:00) Astrakhan, Ulyanovsk","(UTC+04:00) Baku","(UTC+04:00)
+ Izhevsk, Samara","(UTC+04:00) Port Louis","(UTC+04:00) Saratov","(UTC+04:00)
+ Tbilisi","(UTC+04:00) Volgograd","(UTC+04:00) Yerevan","(UTC+04:30) Kabul","(UTC+05:00)
+ Ashgabat, Tashkent","(UTC+05:00) Ekaterinburg","(UTC+05:00) Islamabad, Karachi","(UTC+05:00)
+ Qyzylorda","(UTC+05:30) Chennai, Kolkata, Mumbai, New Delhi","(UTC+05:30)
+ Sri Jayawardenepura","(UTC+05:45) Kathmandu","(UTC+06:00) Astana","(UTC+06:00)
+ Dhaka","(UTC+06:00) Omsk","(UTC+06:30) Yangon (Rangoon)","(UTC+07:00) Bangkok,
+ Hanoi, Jakarta","(UTC+07:00) Barnaul, Gorno-Altaysk","(UTC+07:00) Hovd","(UTC+07:00)
+ Krasnoyarsk","(UTC+07:00) Novosibirsk","(UTC+07:00) Tomsk","(UTC+08:00) Beijing,
+ Chongqing, Hong Kong, Urumqi","(UTC+08:00) Irkutsk","(UTC+08:00) Kuala Lumpur,
+ Singapore","(UTC+08:00) Perth","(UTC+08:00) Taipei","(UTC+08:00) Ulaanbaatar","(UTC+08:45)
+ Eucla","(UTC+09:00) Chita","(UTC+09:00) Osaka, Sapporo, Tokyo","(UTC+09:00)
+ Pyongyang","(UTC+09:00) Seoul","(UTC+09:00) Yakutsk","(UTC+09:30) Adelaide","(UTC+09:30)
+ Darwin","(UTC+10:00) Brisbane","(UTC+10:00) Canberra, Melbourne, Sydney","(UTC+10:00)
+ Guam, Port Moresby","(UTC+10:00) Hobart","(UTC+10:00) Vladivostok","(UTC+10:30)
+ Lord Howe Island","(UTC+11:00) Bougainville Island","(UTC+11:00) Chokurdakh","(UTC+11:00)
+ Magadan","(UTC+11:00) Norfolk Island","(UTC+11:00) Sakhalin","(UTC+11:00)
+ Solomon Is., New Caledonia","(UTC+12:00) Anadyr, Petropavlovsk-Kamchatsky","(UTC+12:00)
+ Auckland, Wellington","(UTC+12:00) Coordinated Universal Time+12","(UTC+12:00)
+ Fiji","(UTC+12:00) Petropavlovsk-Kamchatsky - Old","(UTC+12:45) Chatham Islands","(UTC+13:00)
+ Coordinated Universal Time+13","(UTC+13:00) Nuku''alofa","(UTC+13:00) Samoa","(UTC+14:00)
+ Kiritimati Island"]}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"SetWindowsTimeZone","existenceCondition":{"allOf":[{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[WindowsTimeZone]WindowsTimeZone1;TimeZone'',
+ ''='', parameters(''TimeZone'')))]"},{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"SetWindowsTimeZone"},"TimeZone":{"value":"[parameters(''TimeZone'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"TimeZone":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","assignmentType":"DeployAndAutoCorrect","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","assignmentType":"DeployAndAutoCorrect","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6141c932-9384-44c6-a395-59e4c057d7c9","type":"Microsoft.Authorization/policyDefinitions","name":"6141c932-9384-44c6-a395-59e4c057d7c9"},{"properties":{"displayName":"Service
Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign","policyType":"BuiltIn","mode":"Indexed","description":"Service
Fabric provides three levels of protection (None, Sign and EncryptAndSign)
for node-to-node communication using a primary cluster certificate. Set the
protection level to ensure that all node-to-node messages are encrypted and
digitally signed","metadata":{"category":"Service Fabric"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceFabric/clusters"},{"anyOf":[{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].name","notEquals":"Security"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name","notEquals":"ClusterProtectionLevel"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value","notEquals":"EncryptAndSign"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","type":"Microsoft.Authorization/policyDefinitions","name":"617c02be-7f02-4efd-8836-3180d47b6c68"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceFabric/clusters"},{"anyOf":[{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].name","notEquals":"Security"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name","notEquals":"ClusterProtectionLevel"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value","notEquals":"EncryptAndSign"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","type":"Microsoft.Authorization/policyDefinitions","name":"617c02be-7f02-4efd-8836-3180d47b6c68"},{"properties":{"displayName":"Microsoft
+ Managed Control 1110 - Audit Storage Capacity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1110"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6182bfa7-0f2a-43f5-834a-a2ddf31c13c7","type":"Microsoft.Authorization/policyDefinitions","name":"6182bfa7-0f2a-43f5-834a-a2ddf31c13c7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1415 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1415"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/61a1dd98-b259-4840-abd5-fbba7ee0da83","type":"Microsoft.Authorization/policyDefinitions","name":"61a1dd98-b259-4840-abd5-fbba7ee0da83"},{"properties":{"displayName":"Microsoft
+ Managed Control 1153 - System Interconnections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1153"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/61cf3125-142c-4754-8a16-41ab4d529635","type":"Microsoft.Authorization/policyDefinitions","name":"61cf3125-142c-4754-8a16-41ab4d529635"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
System objects''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -5246,7 +7248,24 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - System objects''. For more information on Guest
Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsSystemobjects","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/620e58b5-ac75-49b4-993f-a9d4f0459636","type":"Microsoft.Authorization/policyDefinitions","name":"620e58b5-ac75-49b4-993f-a9d4f0459636"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsSystemobjects","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/620e58b5-ac75-49b4-993f-a9d4f0459636","type":"Microsoft.Authorization/policyDefinitions","name":"620e58b5-ac75-49b4-993f-a9d4f0459636"},{"properties":{"displayName":"Microsoft
+ Managed Control 1682 - Malicious Code Protection | Nonsignature-Based Detection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1682"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/62b638c5-29d7-404b-8d93-f21e4b1ce198","type":"Microsoft.Authorization/policyDefinitions","name":"62b638c5-29d7-404b-8d93-f21e4b1ce198"},{"properties":{"displayName":"Microsoft
+ Managed Control 1660 - Session Authenticity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1660"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/63096613-ce83-43e5-96f4-e588e8813554","type":"Microsoft.Authorization/policyDefinitions","name":"63096613-ce83-43e5-96f4-e588e8813554"},{"properties":{"displayName":"Microsoft
+ Managed Control 1002 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1002"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/632024c2-8079-439d-a7f6-90af1d78cc65","type":"Microsoft.Authorization/policyDefinitions","name":"632024c2-8079-439d-a7f6-90af1d78cc65"},{"properties":{"displayName":"Microsoft
+ Managed Control 1498 - Rules Of Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1498"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/633988b9-cf2f-4323-8394-f0d2af9cd6e1","type":"Microsoft.Authorization/policyDefinitions","name":"633988b9-cf2f-4323-8394-f0d2af9cd6e1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1177 - Baseline Configuration | Reviews And Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1177"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc","type":"Microsoft.Authorization/policyDefinitions","name":"63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1185 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1185"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6420cd73-b939-43b7-9d99-e8688fea053c","type":"Microsoft.Authorization/policyDefinitions","name":"6420cd73-b939-43b7-9d99-e8688fea053c"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Devices''","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5263,16 +7282,38 @@ interactions:
Allowed to format and eject removable media;ExpectedValue'', ''='', parameters(''DevicesAllowedToFormatAndEjectRemovableMedia'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsDevices"},"DevicesAllowedToFormatAndEjectRemovableMedia":{"value":"[parameters(''DevicesAllowedToFormatAndEjectRemovableMedia'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"DevicesAllowedToFormatAndEjectRemovableMedia":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Devices:
Allowed to format and eject removable media;ExpectedValue","value":"[parameters(''DevicesAllowedToFormatAndEjectRemovableMedia'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6481cc21-ed6e-4480-99dd-ea7c5222e897","type":"Microsoft.Authorization/policyDefinitions","name":"6481cc21-ed6e-4480-99dd-ea7c5222e897"},{"properties":{"displayName":"[Deprecated]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6481cc21-ed6e-4480-99dd-ea7c5222e897","type":"Microsoft.Authorization/policyDefinitions","name":"6481cc21-ed6e-4480-99dd-ea7c5222e897"},{"properties":{"displayName":"Microsoft
+ Managed Control 1441 - Media Sanitization | Equipment Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1441"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6519d7f3-e8a2-4ff3-a935-9a9497152ad7","type":"Microsoft.Authorization/policyDefinitions","name":"6519d7f3-e8a2-4ff3-a935-9a9497152ad7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1558 - Vulnerability Scanning | Correlate Scanning Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1558"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/65592b16-4367-42c5-a26e-d371be450e17","type":"Microsoft.Authorization/policyDefinitions","name":"65592b16-4367-42c5-a26e-d371be450e17"},{"properties":{"displayName":"[Deprecated]:
Audit missing blob encryption for storage accounts","policyType":"BuiltIn","mode":"All","description":"This
policy is no longer necessary because storage blob encryption is enabled by
default and cannot be turned off.","metadata":{"category":"Security Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759","type":"Microsoft.Authorization/policyDefinitions","name":"655cb504-bcee-4362-bd4c-402e6aa38759"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759","type":"Microsoft.Authorization/policyDefinitions","name":"655cb504-bcee-4362-bd4c-402e6aa38759"},{"properties":{"displayName":"Microsoft
+ Managed Control 1261 - Contingency Plan Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1261"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/65aeceb5-a59c-4cb1-8d82-9c474be5d431","type":"Microsoft.Authorization/policyDefinitions","name":"65aeceb5-a59c-4cb1-8d82-9c474be5d431"},{"properties":{"displayName":"[Deprecated]:
Audit IP restrictions configuration for a Function App","policyType":"BuiltIn","mode":"All","description":"IP
Restrictions allow you to define a list of IP addresses that are allowed to
access your app. Use of IP Restrictions protects a Function app from common
attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90","type":"Microsoft.Authorization/policyDefinitions","name":"664346d9-be92-43fb-a219-d595eeb76a90"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90","type":"Microsoft.Authorization/policyDefinitions","name":"664346d9-be92-43fb-a219-d595eeb76a90"},{"properties":{"displayName":"Microsoft
+ Managed Control 1444 - Media Use | Prohibit Use Without Owner","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1444"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/666143df-f5e0-45bd-b554-135f0f93e44e","type":"Microsoft.Authorization/policyDefinitions","name":"666143df-f5e0-45bd-b554-135f0f93e44e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1319 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1319"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/66f7ae57-5560-4fc5-85c9-659f204e7a42","type":"Microsoft.Authorization/policyDefinitions","name":"66f7ae57-5560-4fc5-85c9-659f204e7a42"},{"properties":{"displayName":"Microsoft
+ Managed Control 1628 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1628"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/67de62b4-a737-4781-8861-3baed3c35069","type":"Microsoft.Authorization/policyDefinitions","name":"67de62b4-a737-4781-8861-3baed3c35069"},{"properties":{"displayName":"Microsoft
+ Managed Control 1377 - Incident Response Assistance | Coordination With External
+ Providers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1377"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68434bd1-e14b-4031-9edb-a4adf5f84a67","type":"Microsoft.Authorization/policyDefinitions","name":"68434bd1-e14b-4031-9edb-a4adf5f84a67"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs on which the Log Analytics agent
is not connected as expected","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5291,7 +7332,35 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LogAnalyticsAgent]LogAnalyticsAgent1;WorkspaceId","value":"[parameters(''WorkspaceId'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68511db2-bd02-41c4-ae6b-1900a012968a","type":"Microsoft.Authorization/policyDefinitions","name":"68511db2-bd02-41c4-ae6b-1900a012968a"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68511db2-bd02-41c4-ae6b-1900a012968a","type":"Microsoft.Authorization/policyDefinitions","name":"68511db2-bd02-41c4-ae6b-1900a012968a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1597 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1597"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68b250ec-2e4f-4eee-898a-117a9fda7016","type":"Microsoft.Authorization/policyDefinitions","name":"68b250ec-2e4f-4eee-898a-117a9fda7016"},{"properties":{"displayName":"Microsoft
+ Managed Control 1588 - External Information System Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1588"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68ebae26-e0e0-4ecb-8379-aabf633b51e9","type":"Microsoft.Authorization/policyDefinitions","name":"68ebae26-e0e0-4ecb-8379-aabf633b51e9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1070 - Wireless Access | Disable Wireless Networking","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1070"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68f837d0-8942-4b1e-9b31-be78b247bda8","type":"Microsoft.Authorization/policyDefinitions","name":"68f837d0-8942-4b1e-9b31-be78b247bda8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1727 - Memory Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1727"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/697175a7-9715-4e89-b98b-c6f605888fa3","type":"Microsoft.Authorization/policyDefinitions","name":"697175a7-9715-4e89-b98b-c6f605888fa3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1652 - Mobile Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1652"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6998e84a-2d29-4e10-8962-76754d4f772d","type":"Microsoft.Authorization/policyDefinitions","name":"6998e84a-2d29-4e10-8962-76754d4f772d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1699 - Information System Monitoring | Privileged Users","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1699"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/69c7bee8-bc19-4129-a51e-65a7b39d3e7c","type":"Microsoft.Authorization/policyDefinitions","name":"69c7bee8-bc19-4129-a51e-65a7b39d3e7c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1696 - Information System Monitoring | Correlate Monitoring
+ Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1696"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/69d2a238-20ab-4206-a6dc-f302bf88b1b8","type":"Microsoft.Authorization/policyDefinitions","name":"69d2a238-20ab-4206-a6dc-f302bf88b1b8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1244 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1244"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a13a8f8-c163-4b1b-8554-d63569dab937","type":"Microsoft.Authorization/policyDefinitions","name":"6a13a8f8-c163-4b1b-8554-d63569dab937"},{"properties":{"displayName":"Microsoft
+ Managed Control 1019 - Account Management | Role-Based Schemes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1019"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a3ee9b2-3977-459c-b8ce-2db583abd9f7","type":"Microsoft.Authorization/policyDefinitions","name":"6a3ee9b2-3977-459c-b8ce-2db583abd9f7"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs on which Windows Defender Exploit
Guard is not enabled","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5318,29 +7387,108 @@ interactions:
Restrictions allow you to define a list of IP addresses that are allowed to
access your app. Use of IP Restrictions protects a web application from common
attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe","type":"Microsoft.Authorization/policyDefinitions","name":"6a8450e2-6c61-43b4-be65-62e3a197bffe"},{"properties":{"displayName":"Deprecated
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe","type":"Microsoft.Authorization/policyDefinitions","name":"6a8450e2-6c61-43b4-be65-62e3a197bffe"},{"properties":{"displayName":"Microsoft
+ Managed Control 1211 - Configuration Settings","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1211"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a8b9dc8-6b00-4701-aa96-bba3277ebf50","type":"Microsoft.Authorization/policyDefinitions","name":"6a8b9dc8-6b00-4701-aa96-bba3277ebf50"},{"properties":{"displayName":"[Deprecated]:
+ Ensure WEB app is using the latest version of TLS encryption ","policyType":"BuiltIn","mode":"Indexed","description":"Please
+ use /providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b
+ instead. The TLS(Transport Layer Security) protocol secures transmission of
+ data over the internet using standard encryption technology. Encryption should
+ be set with the latest version of TLS. App service allows TLS 1.2 by default,
+ which is the recommended TLS level by industry standards, such as PCI DSS.","metadata":{"category":"App
+ Service","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6ad61431-88ce-4357-a0e1-6da43f292bd7","type":"Microsoft.Authorization/policyDefinitions","name":"6ad61431-88ce-4357-a0e1-6da43f292bd7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1653 - Mobile Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1653"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b","type":"Microsoft.Authorization/policyDefinitions","name":"6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b"},{"properties":{"displayName":"Deprecated
accounts should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"Deprecated
accounts should be removed from your subscriptions. Deprecated accounts are
accounts that have been blocked from signing in.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveDeprecatedAccounts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","type":"Microsoft.Authorization/policyDefinitions","name":"6b1cbf55-e8b6-442f-ba4c-7246b6381474"},{"properties":{"displayName":"Not
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveDeprecatedAccounts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","type":"Microsoft.Authorization/policyDefinitions","name":"6b1cbf55-e8b6-442f-ba4c-7246b6381474"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Service Bus to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Service Bus to stream to a regional Event Hub
+ when any Service Bus which is missing this diagnostic settings is created
+ or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.ServiceBus/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b51af03-9277-49a9-a3f8-1c69c9ff7403","type":"Microsoft.Authorization/policyDefinitions","name":"6b51af03-9277-49a9-a3f8-1c69c9ff7403"},{"properties":{"displayName":"Microsoft
+ Managed Control 1031 - Separation Of Duties","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1031"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b93a801-fe25-4574-a60d-cb22acffae00","type":"Microsoft.Authorization/policyDefinitions","name":"6b93a801-fe25-4574-a60d-cb22acffae00"},{"properties":{"displayName":"Not
allowed resource types","policyType":"BuiltIn","mode":"All","description":"This
policy enables you to specify the resource types that your organization cannot
deploy.","metadata":{"category":"General"},"parameters":{"listOfResourceTypesNotAllowed":{"type":"Array","metadata":{"description":"The
list of resource types that cannot be deployed.","displayName":"Not allowed
- resource types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypesNotAllowed'')]"},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749","type":"Microsoft.Authorization/policyDefinitions","name":"6c112d4e-5bc7-47ae-a041-ea2d9dccd749"},{"properties":{"displayName":"Function
+ resource types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypesNotAllowed'')]"},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749","type":"Microsoft.Authorization/policyDefinitions","name":"6c112d4e-5bc7-47ae-a041-ea2d9dccd749"},{"properties":{"displayName":"Microsoft
+ Managed Control 1338 - Authenticator Management | Automated Support For Password
+ Strength Determination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1338"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6c59a207-6aed-41dc-83a2-e1ff66e4a4db","type":"Microsoft.Authorization/policyDefinitions","name":"6c59a207-6aed-41dc-83a2-e1ff66e4a4db"},{"properties":{"displayName":"Microsoft
+ Managed Control 1304 - Identification And Authentication (Org. Users) | Local
+ Access To Non-Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1304"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b","type":"Microsoft.Authorization/policyDefinitions","name":"6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1437 - Media Transport | Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1437"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d1eb6ed-bf13-4046-b993-b9e2aef0f76c","type":"Microsoft.Authorization/policyDefinitions","name":"6d1eb6ed-bf13-4046-b993-b9e2aef0f76c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1171 - Penetration Testing | Independent Penetration Agent
+ Or Team","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1171"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d4820bc-8b61-4982-9501-2123cb776c00","type":"Microsoft.Authorization/policyDefinitions","name":"6d4820bc-8b61-4982-9501-2123cb776c00"},{"properties":{"displayName":"Function
App should only be accessible over HTTPS","policyType":"BuiltIn","mode":"Indexed","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","type":"Microsoft.Authorization/policyDefinitions","name":"6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab"},{"properties":{"displayName":"Email
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","type":"Microsoft.Authorization/policyDefinitions","name":"6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab"},{"properties":{"displayName":"Microsoft
+ Managed Control 1643 - Cryptographic Key Establishment And Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1643"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d8d492c-dd7a-46f7-a723-fa66a425b87c","type":"Microsoft.Authorization/policyDefinitions","name":"6d8d492c-dd7a-46f7-a723-fa66a425b87c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1291 - Information System Backup | Testing For Reliability
+ / Integrity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1291"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912","type":"Microsoft.Authorization/policyDefinitions","name":"6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912"},{"properties":{"displayName":"Microsoft
+ Managed Control 1175 - Configuration Management Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1175"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6dab4254-c30d-4bb7-ae99-1d21586c063c","type":"Microsoft.Authorization/policyDefinitions","name":"6dab4254-c30d-4bb7-ae99-1d21586c063c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1651 - Mobile Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1651"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6db63528-c9ba-491c-8a80-83e1e6977a50","type":"Microsoft.Authorization/policyDefinitions","name":"6db63528-c9ba-491c-8a80-83e1e6977a50"},{"properties":{"displayName":"Email
notification for high severity alerts should be enabled","policyType":"BuiltIn","mode":"All","description":"Enable
emailing security alerts to the security contact, in order to have them receive
security alert emails from Microsoft. This ensures that the right people are
aware of any potential security issues and are able to mitigate the risks","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertNotifications","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","type":"Microsoft.Authorization/policyDefinitions","name":"6e2593d9-add6-4083-9c9b-4b7d2188c899"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertNotifications","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","type":"Microsoft.Authorization/policyDefinitions","name":"6e2593d9-add6-4083-9c9b-4b7d2188c899"},{"properties":{"displayName":"Microsoft
+ Managed Control 1586 - External Information System Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1586"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e3b2fbd-8f37-4766-a64d-3f37703dcb51","type":"Microsoft.Authorization/policyDefinitions","name":"6e3b2fbd-8f37-4766-a64d-3f37703dcb51"},{"properties":{"displayName":"Microsoft
+ Managed Control 1536 - Risk Assessment Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1536"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e40d9de-2ad4-4cb5-8945-23143326a502","type":"Microsoft.Authorization/policyDefinitions","name":"6e40d9de-2ad4-4cb5-8945-23143326a502"},{"properties":{"displayName":"Microsoft
+ Managed Control 1530 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1530"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e8f9566-29f1-49cd-b61f-f8628a3cf993","type":"Microsoft.Authorization/policyDefinitions","name":"6e8f9566-29f1-49cd-b61f-f8628a3cf993"},{"properties":{"displayName":"Microsoft
+ Managed Control 1460 - Access Control For Output Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1460"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6f3ce1bb-4f77-4695-8355-70b08d54fdda","type":"Microsoft.Authorization/policyDefinitions","name":"6f3ce1bb-4f77-4695-8355-70b08d54fdda"},{"properties":{"displayName":"Microsoft
+ Managed Control 1320 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1320"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6f54c732-71d4-4f93-a696-4e373eca3a77","type":"Microsoft.Authorization/policyDefinitions","name":"6f54c732-71d4-4f93-a696-4e373eca3a77"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation only in Japan data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
- resource creation in the following locations only: Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4","type":"Microsoft.Authorization/policyDefinitions","name":"6fdb9205-3462-4cfc-87d8-16c7860b53f4"},{"properties":{"displayName":"[Preview]:
+ resource creation in the following locations only: Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4","type":"Microsoft.Authorization/policyDefinitions","name":"6fdb9205-3462-4cfc-87d8-16c7860b53f4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1141 - Audit Generation | Changes By Authorized Individuals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1141"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fdefbf4-93e7-4513-bc95-c1858b7093e0","type":"Microsoft.Authorization/policyDefinitions","name":"6fdefbf4-93e7-4513-bc95-c1858b7093e0"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Microsoft Network Server''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -5348,7 +7496,19 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - Microsoft Network Server''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkServer","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fe4ef56-7576-4dc4-8e9c-26bad4b087ce","type":"Microsoft.Authorization/policyDefinitions","name":"6fe4ef56-7576-4dc4-8e9c-26bad4b087ce"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkServer","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fe4ef56-7576-4dc4-8e9c-26bad4b087ce","type":"Microsoft.Authorization/policyDefinitions","name":"6fe4ef56-7576-4dc4-8e9c-26bad4b087ce"},{"properties":{"displayName":"Ensure
+ that ''Python version'' is the latest, if used as a part of the Web app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Python software either due to security flaws
+ or to include additional functionality. Using the latest Python version for
+ web apps is recommended in order to to take advantage of security fixes, if
+ any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"WindowsPythonLatestVersion":{"type":"String","metadata":{"displayName":"Windows
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.6"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"Linux
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.8"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PYTHON"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PYTHON|'',
+ parameters(''LinuxPythonLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":"[parameters(''WindowsPythonLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","type":"Microsoft.Authorization/policyDefinitions","name":"7008174a-fd10-4ef0-817e-fc820a951d73"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Windows Components''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
with non-compliant settings in Group Policy category: ''Windows Components''.
@@ -5460,14 +7620,36 @@ interactions:
Specify the maximum log file size (KB);ExpectedValue","value":"[parameters(''SystemSpecifyTheMaximumLogFileSizeKB'')]"},{"name":"Turn
off Data Execution Prevention for Explorer;ExpectedValue","value":"[parameters(''TurnOffDataExecutionPreventionForExplorer'')]"},{"name":"Specify
the interval to check for definition updates;ExpectedValue","value":"[parameters(''SpecifyTheIntervalToCheckForDefinitionUpdates'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7040a231-fb65-4412-8c0a-b365f4866c24","type":"Microsoft.Authorization/policyDefinitions","name":"7040a231-fb65-4412-8c0a-b365f4866c24"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7040a231-fb65-4412-8c0a-b365f4866c24","type":"Microsoft.Authorization/policyDefinitions","name":"7040a231-fb65-4412-8c0a-b365f4866c24"},{"properties":{"displayName":"Microsoft
+ Managed Control 1254 - Contingency Plan | Resume All Missions / Business Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1254"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/704e136a-4fe0-427c-b829-cd69957f5d2b","type":"Microsoft.Authorization/policyDefinitions","name":"704e136a-4fe0-427c-b829-cd69957f5d2b"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- System''","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''System
Audit Policies - System''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7066131b-61a6-4917-a7e4-72e8983f0aa6","type":"Microsoft.Authorization/policyDefinitions","name":"7066131b-61a6-4917-a7e4-72e8983f0aa6"},{"properties":{"displayName":"[Preview]:
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7066131b-61a6-4917-a7e4-72e8983f0aa6","type":"Microsoft.Authorization/policyDefinitions","name":"7066131b-61a6-4917-a7e4-72e8983f0aa6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1509 - Position Risk Designation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1509"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/70792197-9bfc-4813-905a-bd33993e327f","type":"Microsoft.Authorization/policyDefinitions","name":"70792197-9bfc-4813-905a-bd33993e327f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1541 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1541"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/70f6af82-7be6-44aa-9b15-8b9231b2e434","type":"Microsoft.Authorization/policyDefinitions","name":"70f6af82-7be6-44aa-9b15-8b9231b2e434"},{"properties":{"displayName":"Microsoft
+ Managed Control 1691 - Information System Monitoring | Automated Tools For
+ Real-Time Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1691"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/71475fb4-49bd-450b-a1a5-f63894c24725","type":"Microsoft.Authorization/policyDefinitions","name":"71475fb4-49bd-450b-a1a5-f63894c24725"},{"properties":{"displayName":"Microsoft
+ Managed Control 1481 - Temperature And Humidity Controls","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1481"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/717a1c78-a267-4f56-ac58-ee6c54dc4339","type":"Microsoft.Authorization/policyDefinitions","name":"717a1c78-a267-4f56-ac58-ee6c54dc4339"},{"properties":{"displayName":"Microsoft
+ Managed Control 1129 - Time Stamps | Synchronization With Authoritative Time
+ Source","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1129"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/71bb965d-4047-4623-afd4-b8189a58df5d","type":"Microsoft.Authorization/policyDefinitions","name":"71bb965d-4047-4623-afd4-b8189a58df5d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1395 - System Maintenance Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1395"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7207a023-a517-41c5-9df2-09d4c6845a05","type":"Microsoft.Authorization/policyDefinitions","name":"7207a023-a517-41c5-9df2-09d4c6845a05"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs on which the DSC configuration is not
compliant","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
@@ -5482,7 +7664,28 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Administrative
Templates - Network''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesNetwork","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7229bd6a-693d-478a-87f0-1dc1af06f3b8","type":"Microsoft.Authorization/policyDefinitions","name":"7229bd6a-693d-478a-87f0-1dc1af06f3b8"},{"properties":{"displayName":"[Preview]:
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesNetwork","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7229bd6a-693d-478a-87f0-1dc1af06f3b8","type":"Microsoft.Authorization/policyDefinitions","name":"7229bd6a-693d-478a-87f0-1dc1af06f3b8"},{"properties":{"displayName":"Ensure
+ that ''Python version'' is the latest, if used as a part of the Function app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Python software either due to security flaws
+ or to include additional functionality. Using the latest Python version for
+ Function apps is recommended in order to to take advantage of security fixes,
+ if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"WindowsPythonLatestVersion":{"type":"String","metadata":{"displayName":"Windows
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.6"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"Linux
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.8"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PYTHON"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PYTHON|'',
+ parameters(''LinuxPythonLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":"[parameters(''WindowsPythonLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","type":"Microsoft.Authorization/policyDefinitions","name":"7238174a-fd10-4ef0-817e-fc820a951d73"},{"properties":{"displayName":"Ensure
+ that ''PHP version'' is the latest, if used as a part of the WEB app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for PHP software either due to security flaws
+ or to include additional functionality. Using the latest PHP version for web
+ apps is recommended in order to to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ PHP version","description":"Latest supported PHP version for App Services"},"defaultValue":"7.3"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PHP"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PHP|'',
+ parameters(''PHPLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":"[parameters(''PHPLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","type":"Microsoft.Authorization/policyDefinitions","name":"7261b898-8a84-4db8-9e04-18527132abb3"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that allow re-use of the previous
24 passwords","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5490,13 +7693,13 @@ interactions:
managed identity and deploys the VM extension for Guest Configuration. This
policy should only be used along with its corresponding audit policy in an
initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"EnforcePasswordHistory"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"EnforcePasswordHistory"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","type":"Microsoft.Authorization/policyDefinitions","name":"726671ac-c4de-4908-8c7d-6043ae62e3b6"},{"properties":{"displayName":"Add
a tag to resource groups","policyType":"BuiltIn","mode":"All","description":"Adds
the specified tag and value when any resource group missing this tag is created
@@ -5505,17 +7708,60 @@ interactions:
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"add","field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/726aca4c-86e9-4b04-b0c5-073027359532","type":"Microsoft.Authorization/policyDefinitions","name":"726aca4c-86e9-4b04-b0c5-073027359532"},{"properties":{"displayName":"Allowed
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/726aca4c-86e9-4b04-b0c5-073027359532","type":"Microsoft.Authorization/policyDefinitions","name":"726aca4c-86e9-4b04-b0c5-073027359532"},{"properties":{"displayName":"Microsoft
+ Managed Control 1524 - Personnel Transfer","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1524"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/72f1cb4e-2439-4fe8-88ea-b8671ce3c268","type":"Microsoft.Authorization/policyDefinitions","name":"72f1cb4e-2439-4fe8-88ea-b8671ce3c268"},{"properties":{"displayName":"Microsoft
+ Managed Control 1393 - Information Spillage Response | Exposure To Unauthorized
+ Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1393"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/731856d8-1598-4b75-92de-7d46235747c0","type":"Microsoft.Authorization/policyDefinitions","name":"731856d8-1598-4b75-92de-7d46235747c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1101 - Audit And Accountability Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1101"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7327b708-f0e0-457d-9d2a-527fcc9c9a65","type":"Microsoft.Authorization/policyDefinitions","name":"7327b708-f0e0-457d-9d2a-527fcc9c9a65"},{"properties":{"displayName":"Microsoft
+ Managed Control 1456 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1456"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/733ba9e3-9e7c-440a-a7aa-6196a90a2870","type":"Microsoft.Authorization/policyDefinitions","name":"733ba9e3-9e7c-440a-a7aa-6196a90a2870"},{"properties":{"displayName":"Microsoft
+ Managed Control 1581 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1581"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/742b549b-7a25-465f-b83c-ea1ffb4f4e0e","type":"Microsoft.Authorization/policyDefinitions","name":"742b549b-7a25-465f-b83c-ea1ffb4f4e0e"},{"properties":{"displayName":"Allowed
storage account SKUs","policyType":"BuiltIn","mode":"Indexed","description":"This
policy enables you to specify a set of storage account SKUs that your organization
can deploy.","metadata":{"category":"Storage"},"parameters":{"listOfAllowedSKUs":{"type":"Array","metadata":{"description":"The
list of SKUs that can be specified for storage accounts.","displayName":"Allowed
- SKUs","strongType":"StorageSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1","type":"Microsoft.Authorization/policyDefinitions","name":"7433c107-6db4-4ad1-b57a-a76dce0154a1"},{"properties":{"displayName":"[Deprecated]:
+ SKUs","strongType":"StorageSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1","type":"Microsoft.Authorization/policyDefinitions","name":"7433c107-6db4-4ad1-b57a-a76dce0154a1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1631 - Boundary Protection | Deny By Default / Allow By Exception","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1631"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/74ae9b8e-e7bb-4c9c-992f-c535282f7a2c","type":"Microsoft.Authorization/policyDefinitions","name":"74ae9b8e-e7bb-4c9c-992f-c535282f7a2c"},{"properties":{"displayName":"Ensure
+ that ''Python version'' is the latest, if used as a part of the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Python software either due to security flaws
+ or to include additional functionality. Using the latest Python version for
+ Api apps is recommended in order to to take advantage of security fixes, if
+ any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"WindowsPythonLatestVersion":{"type":"String","metadata":{"displayName":"Windows
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.6"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"Linux
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.8"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PYTHON"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PYTHON|'',
+ parameters(''LinuxPythonLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":"[parameters(''WindowsPythonLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","type":"Microsoft.Authorization/policyDefinitions","name":"74c3584d-afae-46f7-a20a-6f8adba71a16"},{"properties":{"displayName":"Microsoft
+ Managed Control 1417 - Nonlocal Maintenance | Comparable Security / Sanitization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1417"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7522ed84-70d5-4181-afc0-21e50b1b6d0e","type":"Microsoft.Authorization/policyDefinitions","name":"7522ed84-70d5-4181-afc0-21e50b1b6d0e"},{"properties":{"displayName":"[Deprecated]:
Audit enabling of diagnostic logs in App Services","policyType":"BuiltIn","mode":"All","description":"Audit
enabling of diagnostic logs on the app. This enables you to recreate activity
trails for investigation purposes if a security incident occurs or your network
is compromised","metadata":{"category":"App Service","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites/config"},{"field":"name","equals":"web"},{"anyOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","notEquals":"true"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac","type":"Microsoft.Authorization/policyDefinitions","name":"752c6934-9bcc-4749-b004-655e676ae2ac"},{"properties":{"displayName":"Vulnerabilities
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites/config"},{"field":"name","equals":"web"},{"anyOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","notEquals":"true"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac","type":"Microsoft.Authorization/policyDefinitions","name":"752c6934-9bcc-4749-b004-655e676ae2ac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1468 - Visitor Access Records | Automated Records Maintenance
+ / Review","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1468"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/75603f96-80a1-4757-991d-5a1221765ddd","type":"Microsoft.Authorization/policyDefinitions","name":"75603f96-80a1-4757-991d-5a1221765ddd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1053 - Session Lock | Pattern-Hiding Displays","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1053"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7582b19c-9dba-438e-aed8-ede59ac35ba3","type":"Microsoft.Authorization/policyDefinitions","name":"7582b19c-9dba-438e-aed8-ede59ac35ba3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1459 - Access Control For Transmission Medium","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1459"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0","type":"Microsoft.Authorization/policyDefinitions","name":"75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0"},{"properties":{"displayName":"Vulnerabilities
should be remediated by a Vulnerability Assessment solution","policyType":"BuiltIn","mode":"All","description":"Monitors
vulnerabilities detected by Vulnerability Assessment solution and VMs without
a Vulnerability Assessment solution in Azure Security Center as recommendations.","metadata":{"category":"Security
@@ -5529,12 +7775,63 @@ interactions:
List of VM images that have supported Linux OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.7"},"resources":[{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","name":"[concat(parameters(''vmName''),
''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0","type":"Microsoft.Authorization/policyDefinitions","name":"765266ab-e40e-4c61-bcb2-5a5275d0b7c0"},{"properties":{"displayName":"Azure
+ extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0","type":"Microsoft.Authorization/policyDefinitions","name":"765266ab-e40e-4c61-bcb2-5a5275d0b7c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1055 - Session Termination| User-Initiated Logouts / Message
+ Displays","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1055"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/769efd9b-3587-4e22-90ce-65ddcd5bd969","type":"Microsoft.Authorization/policyDefinitions","name":"769efd9b-3587-4e22-90ce-65ddcd5bd969"},{"properties":{"displayName":"Audit
+ delegation of scopes to a managing tenant","policyType":"BuiltIn","mode":"All","description":"Audit
+ delegation of scopes to a managing tenant via Azure Lighthouse.","metadata":{"category":"Lighthouse"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ManagedServices/registrationAssignments"},{"value":"true","equals":"true"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/76bed37b-484f-430f-a009-fd7592dff818","type":"Microsoft.Authorization/policyDefinitions","name":"76bed37b-484f-430f-a009-fd7592dff818"},{"properties":{"displayName":"Microsoft
+ Managed Control 1058 - Permitted Actions Without Identification Or Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1058"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/76e85d08-8fbb-4112-a1c1-93521e6a9254","type":"Microsoft.Authorization/policyDefinitions","name":"76e85d08-8fbb-4112-a1c1-93521e6a9254"},{"properties":{"displayName":"Microsoft
+ Managed Control 1508 - Position Risk Designation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1508"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/76f500cc-4bca-4583-bda1-6d084dc21086","type":"Microsoft.Authorization/policyDefinitions","name":"76f500cc-4bca-4583-bda1-6d084dc21086"},{"properties":{"displayName":"Microsoft
+ Managed Control 1423 - Maintenance Personnel | Individuals Without Appropriate
+ Access","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1423"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7741669e-d4f6-485a-83cb-e70ce7cbbc20","type":"Microsoft.Authorization/policyDefinitions","name":"7741669e-d4f6-485a-83cb-e70ce7cbbc20"},{"properties":{"displayName":"Azure
subscriptions should have a log profile for Activity Log","policyType":"BuiltIn","mode":"All","description":"This
policy ensures if a log profile is enabled for exporting activity logs. It
audits if there is no log profile created to export the logs either to a storage
account or to an event hub.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"field":"Microsoft.Insights/logProfiles/categories","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","type":"Microsoft.Authorization/policyDefinitions","name":"7796937f-307b-4598-941c-67d3a05ebfe7"},{"properties":{"displayName":"Deploy
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"field":"Microsoft.Insights/logProfiles/categories","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","type":"Microsoft.Authorization/policyDefinitions","name":"7796937f-307b-4598-941c-67d3a05ebfe7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1336 - Authenticator Management | Pki-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1336"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/77f56280-e367-432a-a3b9-8ca2aa636a26","type":"Microsoft.Authorization/policyDefinitions","name":"77f56280-e367-432a-a3b9-8ca2aa636a26"},{"properties":{"displayName":"Microsoft
+ Managed Control 1258 - Contingency Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1258"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7814506c-382c-4d33-a142-249dd4a0dbff","type":"Microsoft.Authorization/policyDefinitions","name":"7814506c-382c-4d33-a142-249dd4a0dbff"},{"properties":{"displayName":"Microsoft
+ Managed Control 1178 - Baseline Configuration | Reviews And Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1178"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7818b8f4-47c6-441a-90ae-12ce04e99893","type":"Microsoft.Authorization/policyDefinitions","name":"7818b8f4-47c6-441a-90ae-12ce04e99893"},{"properties":{"displayName":"Microsoft
+ Managed Control 1057 - Permitted Actions Without Identification Or Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1057"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/78255758-6d45-4bf0-a005-7016bc03b13c","type":"Microsoft.Authorization/policyDefinitions","name":"78255758-6d45-4bf0-a005-7016bc03b13c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1700 - Information System Monitoring | Unauthorized Network
+ Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1700"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5","type":"Microsoft.Authorization/policyDefinitions","name":"7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1010 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1010"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/784663a8-1eb0-418a-a98c-24d19bc1bb62","type":"Microsoft.Authorization/policyDefinitions","name":"784663a8-1eb0-418a-a98c-24d19bc1bb62"},{"properties":{"displayName":"Microsoft
+ Managed Control 1216 - Least Functionality | Periodic Review","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1216"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7894fe6a-f5cb-44c8-ba90-c3f254ff9484","type":"Microsoft.Authorization/policyDefinitions","name":"7894fe6a-f5cb-44c8-ba90-c3f254ff9484"},{"properties":{"displayName":"Microsoft
+ Managed Control 1639 - Boundary Protection | Isolation Of Information System
+ Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1639"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/78e8e649-50f6-4fe3-99ac-fedc2e63b03f","type":"Microsoft.Authorization/policyDefinitions","name":"78e8e649-50f6-4fe3-99ac-fedc2e63b03f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1647 - Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1647"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/791cfc15-6974-42a0-9f4c-2d4b82f4a78c","type":"Microsoft.Authorization/policyDefinitions","name":"791cfc15-6974-42a0-9f4c-2d4b82f4a78c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1510 - Position Risk Designation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1510"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/79da5b09-0e7e-499e-adda-141b069c7998","type":"Microsoft.Authorization/policyDefinitions","name":"79da5b09-0e7e-499e-adda-141b069c7998"},{"properties":{"displayName":"Microsoft
+ Managed Control 1384 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1384"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/79fbc228-461c-4a45-9004-a865ca0728a7","type":"Microsoft.Authorization/policyDefinitions","name":"79fbc228-461c-4a45-9004-a865ca0728a7"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows Server VMs on which Windows Serial Console
is not enabled","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows Server virtual
@@ -5557,7 +7854,28 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSPortNumber","value":"[parameters(''EMSPortNumber'')]"},{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSBaudRate","value":"[parameters(''EMSBaudRate'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a031c68-d6ab-406e-a506-697a19c634b0","type":"Microsoft.Authorization/policyDefinitions","name":"7a031c68-d6ab-406e-a506-697a19c634b0"},{"properties":{"displayName":"Diagnostic
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a031c68-d6ab-406e-a506-697a19c634b0","type":"Microsoft.Authorization/policyDefinitions","name":"7a031c68-d6ab-406e-a506-697a19c634b0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1093 - Role-Based Security Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1093"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a0bdeeb-15f4-47e8-a1da-9f769f845fdf","type":"Microsoft.Authorization/policyDefinitions","name":"7a0bdeeb-15f4-47e8-a1da-9f769f845fdf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1708 - Security Function Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1708"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a1e2c88-13de-4959-8ee7-47e3d74f1f48","type":"Microsoft.Authorization/policyDefinitions","name":"7a1e2c88-13de-4959-8ee7-47e3d74f1f48"},{"properties":{"displayName":"Microsoft
+ Managed Control 1289 - Information System Backup","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1289"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a724864-956a-496c-b778-637cb1d762cf","type":"Microsoft.Authorization/policyDefinitions","name":"7a724864-956a-496c-b778-637cb1d762cf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1687 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1687"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a87fc7f-301e-49f3-ba2a-4d74f424fa97","type":"Microsoft.Authorization/policyDefinitions","name":"7a87fc7f-301e-49f3-ba2a-4d74f424fa97"},{"properties":{"displayName":"Microsoft
+ Managed Control 1061 - Remote Access | Automated Monitoring / Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1061"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ac22808-a2e8-41c4-9d46-429b50738914","type":"Microsoft.Authorization/policyDefinitions","name":"7ac22808-a2e8-41c4-9d46-429b50738914"},{"properties":{"displayName":"Microsoft
+ Managed Control 1492 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1492"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ad5f307-e045-46f7-8214-5bdb7e973737","type":"Microsoft.Authorization/policyDefinitions","name":"7ad5f307-e045-46f7-8214-5bdb7e973737"},{"properties":{"displayName":"Microsoft
+ Managed Control 1636 - Boundary Protection | Isolation Of Security Tools /
+ Mechanisms / Support Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1636"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7b694eed-7081-43c6-867c-41c76c961043","type":"Microsoft.Authorization/policyDefinitions","name":"7b694eed-7081-43c6-867c-41c76c961043"},{"properties":{"displayName":"Diagnostic
logs in Virtual Machine Scale Sets should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"It
is recommended to enable Logs so that activity trail can be recreated when
investigations are required in the event of an incident or a compromise.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -5566,20 +7884,46 @@ interactions:
policy ensures blob encryption for storage accounts is turned on. It only
applies to Microsoft.Storage resource types, not other storage providers.
This policy is deprecated because storage blob encryption is now enabled by
- default, and can no longer be disabled.","metadata":{"category":"Storage","deprecated":true},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f","type":"Microsoft.Authorization/policyDefinitions","name":"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f"},{"properties":{"displayName":"Show
+ default, and can no longer be disabled.","metadata":{"category":"Storage","deprecated":true},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f","type":"Microsoft.Authorization/policyDefinitions","name":"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1143 - Security Assessment And Authorization Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1143"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7c6de11b-5f51-4f7c-8d83-d2467c8a816e","type":"Microsoft.Authorization/policyDefinitions","name":"7c6de11b-5f51-4f7c-8d83-d2467c8a816e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1051 - Session Lock","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1051"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7cac6ee9-b58b-40c8-a5ce-f0efc3d9b339","type":"Microsoft.Authorization/policyDefinitions","name":"7cac6ee9-b58b-40c8-a5ce-f0efc3d9b339"},{"properties":{"displayName":"Microsoft
+ Managed Control 1279 - Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1279"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0","type":"Microsoft.Authorization/policyDefinitions","name":"7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1109 - Content Of Audit Records | Centralized Management Of
+ Planned Audit Record Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1109"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7d9ffa23-ad92-4d0d-b1f4-7db274cc2aec","type":"Microsoft.Authorization/policyDefinitions","name":"7d9ffa23-ad92-4d0d-b1f4-7db274cc2aec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1201 - Security Impact Analysis | Separate Test Environments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1201"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7daef997-fdd3-461b-8807-a608a6dd70f1","type":"Microsoft.Authorization/policyDefinitions","name":"7daef997-fdd3-461b-8807-a608a6dd70f1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1471 - Emergency Shutoff","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1471"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7dd0e9ce-1772-41fb-a50a-99977071f916","type":"Microsoft.Authorization/policyDefinitions","name":"7dd0e9ce-1772-41fb-a50a-99977071f916"},{"properties":{"displayName":"Show
audit results from Windows VMs that have the specified applications installed","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that have the specified applications installed.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"NotInstalledApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c","type":"Microsoft.Authorization/policyDefinitions","name":"7e56b49b-5990-4159-a734-511ea19b731c"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"NotInstalledApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c","type":"Microsoft.Authorization/policyDefinitions","name":"7e56b49b-5990-4159-a734-511ea19b731c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1011 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1011"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e6a54f3-883f-43d5-87c4-172dfd64a1f5","type":"Microsoft.Authorization/policyDefinitions","name":"7e6a54f3-883f-43d5-87c4-172dfd64a1f5"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that have not restarted within the specified
number of days","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that have not restarted within the specified number of days.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MachineLastBootUpTime","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e84ba44-6d03-46fd-950e-5efa5a1112fa","type":"Microsoft.Authorization/policyDefinitions","name":"7e84ba44-6d03-46fd-950e-5efa5a1112fa"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MachineLastBootUpTime","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e84ba44-6d03-46fd-950e-5efa5a1112fa","type":"Microsoft.Authorization/policyDefinitions","name":"7e84ba44-6d03-46fd-950e-5efa5a1112fa"},{"properties":{"displayName":"Microsoft
+ Managed Control 1692 - Information System Monitoring | Inbound And Outbound
+ Communications Traffic","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1692"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ecda928-9df4-4dd7-8f44-641a91e470e8","type":"Microsoft.Authorization/policyDefinitions","name":"7ecda928-9df4-4dd7-8f44-641a91e470e8"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not have the password complexity
setting enabled","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5588,14 +7932,24 @@ interactions:
Configuration. This policy should only be used along with its corresponding
audit policy in an initiative. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordMustMeetComplexityRequirements"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","type":"Microsoft.Authorization/policyDefinitions","name":"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8"},{"properties":{"displayName":"[Preview]:
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordMustMeetComplexityRequirements"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","type":"Microsoft.Authorization/policyDefinitions","name":"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1191 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1191"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f26a61b-a74d-467c-99cf-63644db144f7","type":"Microsoft.Authorization/policyDefinitions","name":"7f26a61b-a74d-467c-99cf-63644db144f7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1520 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1520"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f2c513b-eb16-463b-b469-c10e5fa94f0a","type":"Microsoft.Authorization/policyDefinitions","name":"7f2c513b-eb16-463b-b469-c10e5fa94f0a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1126 - Audit Reduction And Report Generation | Automatic Processing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1126"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f37f71b-420f-49bf-9477-9c0196974ecf","type":"Microsoft.Authorization/policyDefinitions","name":"7f37f71b-420f-49bf-9477-9c0196974ecf"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Privilege Use''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -5606,13 +7960,28 @@ interactions:
Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPrivilegeUse","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f4e96d1-e4f3-4dbb-b767-33ca4df8df7c","type":"Microsoft.Authorization/policyDefinitions","name":"7f4e96d1-e4f3-4dbb-b767-33ca4df8df7c"},{"properties":{"displayName":"Audit
diagnostic setting","policyType":"BuiltIn","mode":"All","description":"Audit
diagnostic setting for selected resource types","metadata":{"category":"Monitoring"},"parameters":{"listOfResourceTypes":{"type":"Array","metadata":{"displayName":"Resource
- Types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypes'')]"},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","type":"Microsoft.Authorization/policyDefinitions","name":"7f89b1eb-583c-429a-8828-af049802c1d9"},{"properties":{"displayName":"SQL
+ Types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypes'')]"},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","type":"Microsoft.Authorization/policyDefinitions","name":"7f89b1eb-583c-429a-8828-af049802c1d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1117 - Audit Review, Analysis, And Reporting | Process Integration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1117"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7fbfe680-6dbb-4037-963c-a621c5635902","type":"Microsoft.Authorization/policyDefinitions","name":"7fbfe680-6dbb-4037-963c-a621c5635902"},{"properties":{"displayName":"SQL
Auditing settings should have Action-Groups configured to capture critical
activities","policyType":"BuiltIn","mode":"Indexed","description":"The AuditActionsAndGroups
property should contain at least SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,
FAILED_DATABASE_AUTHENTICATION_GROUP, BATCH_COMPLETED_GROUP to ensure a thorough
audit logging","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"FAILED_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"BATCH_COMPLETED_GROUP"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","type":"Microsoft.Authorization/policyDefinitions","name":"7ff426e2-515f-405a-91c8-4f2333442eb5"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"FAILED_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"BATCH_COMPLETED_GROUP"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","type":"Microsoft.Authorization/policyDefinitions","name":"7ff426e2-515f-405a-91c8-4f2333442eb5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1703 - Security Alerts, Advisories, And Directives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1703"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/804faf7d-b687-40f7-9f74-79e28adf4205","type":"Microsoft.Authorization/policyDefinitions","name":"804faf7d-b687-40f7-9f74-79e28adf4205"},{"properties":{"displayName":"Microsoft
+ Managed Control 1303 - Identification And Authentication (Org. Users) | Local
+ Access To Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1303"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/80ca0a27-918a-4604-af9e-723a27ee51e8","type":"Microsoft.Authorization/policyDefinitions","name":"80ca0a27-918a-4604-af9e-723a27ee51e8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1505 - Information Security Architecture","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1505"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/813a10a7-3943-4fe3-8678-00dc52db5490","type":"Microsoft.Authorization/policyDefinitions","name":"813a10a7-3943-4fe3-8678-00dc52db5490"},{"properties":{"displayName":"Microsoft
+ Managed Control 1614 - Developer Security Architecture And Design","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1614"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8154e3b3-cc52-40be-9407-7756581d71f6","type":"Microsoft.Authorization/policyDefinitions","name":"8154e3b3-cc52-40be-9407-7756581d71f6"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''User Rights Assignment''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
with non-compliant settings in Group Policy category: ''User Rights Assignment''.
@@ -5713,7 +8082,35 @@ interactions:
files and directories;ExpectedValue","value":"[parameters(''UsersAndGroupsThatMayRestoreFilesAndDirectories'')]"},{"name":"Shut
down the system;ExpectedValue","value":"[parameters(''UsersAndGroupsThatMayShutDownTheSystem'')]"},{"name":"Take
ownership of files or other objects;ExpectedValue","value":"[parameters(''UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/815dcc9f-6662-43f2-9a03-1b83e9876f24","type":"Microsoft.Authorization/policyDefinitions","name":"815dcc9f-6662-43f2-9a03-1b83e9876f24"},{"properties":{"displayName":"Diagnostic
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/815dcc9f-6662-43f2-9a03-1b83e9876f24","type":"Microsoft.Authorization/policyDefinitions","name":"815dcc9f-6662-43f2-9a03-1b83e9876f24"},{"properties":{"displayName":"Microsoft
+ Managed Control 1308 - Identification And Authentication (Org. Users) | Remote
+ Access - Separate Device","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1308"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/81817e1c-5347-48dd-965a-40159d008229","type":"Microsoft.Authorization/policyDefinitions","name":"81817e1c-5347-48dd-965a-40159d008229"},{"properties":{"displayName":"Microsoft
+ Managed Control 1287 - Information System Backup","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1287"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/819dc6da-289d-476e-8500-7e341ef8677d","type":"Microsoft.Authorization/policyDefinitions","name":"819dc6da-289d-476e-8500-7e341ef8677d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1213 - Configuration Settings | Respond To Unauthorized Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1213"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/81f11e32-a293-4a58-82cd-134af52e2318","type":"Microsoft.Authorization/policyDefinitions","name":"81f11e32-a293-4a58-82cd-134af52e2318"},{"properties":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for MySQL","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure Database for MySQL with geo-redundant backup not enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMySQL/servers"},{"field":"Microsoft.DBforMySQL/servers/storageProfile.geoRedundantBackup","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","type":"Microsoft.Authorization/policyDefinitions","name":"82339799-d096-41ae-8538-b108becf0970"},{"properties":{"displayName":"Microsoft
+ Managed Control 1168 - Continuous Monitoring | Independent Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1168"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/82409f9e-1f32-4775-bf07-b99d53a91b06","type":"Microsoft.Authorization/policyDefinitions","name":"82409f9e-1f32-4775-bf07-b99d53a91b06"},{"properties":{"displayName":"Microsoft
+ Managed Control 1448 - Physical Access Authorizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1448"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/825d6494-e583-42f2-a3f2-6458e6f0004f","type":"Microsoft.Authorization/policyDefinitions","name":"825d6494-e583-42f2-a3f2-6458e6f0004f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1452 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1452"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/82c76455-4d3f-4e09-a654-22e592107e74","type":"Microsoft.Authorization/policyDefinitions","name":"82c76455-4d3f-4e09-a654-22e592107e74"},{"properties":{"displayName":"Microsoft
+ Managed Control 1262 - Contingency Plan Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1262"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/831e510e-db41-4c72-888e-a0621ab62265","type":"Microsoft.Authorization/policyDefinitions","name":"831e510e-db41-4c72-888e-a0621ab62265"},{"properties":{"displayName":"Microsoft
+ Managed Control 1008 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1008"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8356cfc6-507a-4d20-b818-08038011cd07","type":"Microsoft.Authorization/policyDefinitions","name":"8356cfc6-507a-4d20-b818-08038011cd07"},{"properties":{"displayName":"Diagnostic
logs in Event Hub should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
@@ -5725,7 +8122,48 @@ interactions:
policy denies the network interfaces which are configured with any public
IP. Public IP addresses allow internet resources to communicate inbound to
Azure resources, and Azure resources to communicate outbound to the internet.
- This should be reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"not":{"field":"Microsoft.Network/networkInterfaces/ipconfigurations[*].publicIpAddress.id","notLike":"*"}}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114","type":"Microsoft.Authorization/policyDefinitions","name":"83a86a26-fd1f-447c-b59d-e51f44264114"},{"properties":{"displayName":"[Preview]:
+ This should be reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"not":{"field":"Microsoft.Network/networkInterfaces/ipconfigurations[*].publicIpAddress.id","notLike":"*"}}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114","type":"Microsoft.Authorization/policyDefinitions","name":"83a86a26-fd1f-447c-b59d-e51f44264114"},{"properties":{"displayName":"Microsoft
+ Managed Control 1382 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1382"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/841392b3-40da-4473-b328-4cde49db67b3","type":"Microsoft.Authorization/policyDefinitions","name":"841392b3-40da-4473-b328-4cde49db67b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1098 - Security Training Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1098"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/84363adb-dde3-411a-9fc1-36b56737f822","type":"Microsoft.Authorization/policyDefinitions","name":"84363adb-dde3-411a-9fc1-36b56737f822"},{"properties":{"displayName":"Ensure
+ that ''.Net Framework'' version is the latest, if used as a part of the Web
+ app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for .Net Framework software either due to security
+ flaws or to include additional functionality. Using the latest .Net framework
+ version for web apps is recommended in order to to take advantage of security
+ fixes, if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.netFrameworkVersion","in":["v3.0","v4.0"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/843664e0-7563-41ee-a9cb-7522c382d2c4","type":"Microsoft.Authorization/policyDefinitions","name":"843664e0-7563-41ee-a9cb-7522c382d2c4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1119 - Audit Review, Analysis, And Reporting | Central Review
+ And Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1119"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/845f6359-b764-4b40-b579-657aefe23c44","type":"Microsoft.Authorization/policyDefinitions","name":"845f6359-b764-4b40-b579-657aefe23c44"},{"properties":{"displayName":"Microsoft
+ Managed Control 1024 - Account Management | Account Monitoring / Atypical
+ Usage","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1024"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/84914fb4-12da-4c53-a341-a9fd463bed10","type":"Microsoft.Authorization/policyDefinitions","name":"84914fb4-12da-4c53-a341-a9fd463bed10"},{"properties":{"displayName":"Microsoft
+ Managed Control 1307 - Identification And Authentication (Org. Users) | Net.
+ Access To Non-Priv. Accts. - Replay","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1307"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/84e622c8-4bed-417c-84c6-b2fb0dd73682","type":"Microsoft.Authorization/policyDefinitions","name":"84e622c8-4bed-417c-84c6-b2fb0dd73682"},{"properties":{"displayName":"Microsoft
+ Managed Control 1080 - Use Of External Information Systems | Portable Storage
+ Devices","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1080"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/852981b4-a380-4704-aa1e-2e52d63445e5","type":"Microsoft.Authorization/policyDefinitions","name":"852981b4-a380-4704-aa1e-2e52d63445e5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1580 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1580"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/854db8ac-6adf-42a0-bef3-b73f764f40b9","type":"Microsoft.Authorization/policyDefinitions","name":"854db8ac-6adf-42a0-bef3-b73f764f40b9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1348 - Identification And Authentication (Non-Org. Users)
+ | Acceptance Of Third-Party Credentials","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1348"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/855ced56-417b-4d74-9d5f-dd1bc81e22d6","type":"Microsoft.Authorization/policyDefinitions","name":"855ced56-417b-4d74-9d5f-dd1bc81e22d6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1079 - Use Of External Information Systems | Limits On Authorized
+ Use","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1079"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/85c32733-7d23-4948-88da-058e2c56b60f","type":"Microsoft.Authorization/policyDefinitions","name":"85c32733-7d23-4948-88da-058e2c56b60f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1326 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1326"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8605fc00-1bf5-4fb3-984e-c95cec4f231d","type":"Microsoft.Authorization/policyDefinitions","name":"8605fc00-1bf5-4fb3-984e-c95cec4f231d"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Microsoft Network Server''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5743,11 +8181,39 @@ interactions:
updates should be installed on your machines","policyType":"BuiltIn","mode":"All","description":"Missing
security system updates on your servers will be monitored by Azure Security
Center as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"systemUpdates","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","type":"Microsoft.Authorization/policyDefinitions","name":"86b3d65f-7626-441e-b690-81a8b71cff60"},{"properties":{"displayName":"Require
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"systemUpdates","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","type":"Microsoft.Authorization/policyDefinitions","name":"86b3d65f-7626-441e-b690-81a8b71cff60"},{"properties":{"displayName":"Microsoft
+ Managed Control 1507 - Personnel Security Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1507"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86ccd1bf-e7ad-4851-93ce-6ec817469c1e","type":"Microsoft.Authorization/policyDefinitions","name":"86ccd1bf-e7ad-4851-93ce-6ec817469c1e"},{"properties":{"displayName":"Ensure
+ that Register with Azure Active Directory is enabled on API app","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86d97760-d216-4d81-a3ad-163087b2b6c3","type":"Microsoft.Authorization/policyDefinitions","name":"86d97760-d216-4d81-a3ad-163087b2b6c3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1392 - Information Spillage Response | Post-Spill Operations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1392"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86dc819f-15e1-43f9-a271-41ae58d4cecc","type":"Microsoft.Authorization/policyDefinitions","name":"86dc819f-15e1-43f9-a271-41ae58d4cecc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1589 - External Information System Services | Risk Assessments
+ / Organizational Approvals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1589"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86ec7f9b-9478-40ff-8cfd-6a0d510081a8","type":"Microsoft.Authorization/policyDefinitions","name":"86ec7f9b-9478-40ff-8cfd-6a0d510081a8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1207 - Access Restrictions For Change | Limit Production /
+ Operational Privileges","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1207"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8713a0ed-0d1e-4d10-be82-83dffb39830e","type":"Microsoft.Authorization/policyDefinitions","name":"8713a0ed-0d1e-4d10-be82-83dffb39830e"},{"properties":{"displayName":"Require
specified tag","policyType":"BuiltIn","mode":"Indexed","description":"Enforces
existence of a tag. Does not apply to resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","exists":"false"},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/871b6d14-10aa-478d-b590-94f262ecfa99","type":"Microsoft.Authorization/policyDefinitions","name":"871b6d14-10aa-478d-b590-94f262ecfa99"},{"properties":{"displayName":"[Preview]:
+ parameters(''tagName''), '']'')]","exists":"false"},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/871b6d14-10aa-478d-b590-94f262ecfa99","type":"Microsoft.Authorization/policyDefinitions","name":"871b6d14-10aa-478d-b590-94f262ecfa99"},{"properties":{"displayName":"Microsoft
+ Managed Control 1180 - Baseline Configuration | Automation Support For Accuracy
+ / Currency","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1180"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/874e7880-a067-42a7-bcbe-1a340f54c8cc","type":"Microsoft.Authorization/policyDefinitions","name":"874e7880-a067-42a7-bcbe-1a340f54c8cc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1635 - Boundary Protection | Host-Based Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1635"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e","type":"Microsoft.Authorization/policyDefinitions","name":"87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Administrative Templates
- Control Panel''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -5755,7 +8221,18 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Administrative Templates - Control Panel''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesControlPanel","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/87b590fe-4a1d-4697-ae74-d4fe72ab786c","type":"Microsoft.Authorization/policyDefinitions","name":"87b590fe-4a1d-4697-ae74-d4fe72ab786c"},{"properties":{"displayName":"Deploy
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesControlPanel","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/87b590fe-4a1d-4697-ae74-d4fe72ab786c","type":"Microsoft.Authorization/policyDefinitions","name":"87b590fe-4a1d-4697-ae74-d4fe72ab786c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1293 - Information System Backup | Separate Storage For Critical
+ Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1293"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/87f7cd82-2e45-4d0f-9e2f-586b0962d142","type":"Microsoft.Authorization/policyDefinitions","name":"87f7cd82-2e45-4d0f-9e2f-586b0962d142"},{"properties":{"displayName":"Microsoft
+ Managed Control 1440 - Media Sanitization | Review / Approve / Track / Document
+ / Verify","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1440"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/881299bf-2a5b-4686-a1b2-321d33679953","type":"Microsoft.Authorization/policyDefinitions","name":"881299bf-2a5b-4686-a1b2-321d33679953"},{"properties":{"displayName":"Microsoft
+ Managed Control 1356 - Incident Response Training | Simulated Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1356"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8829f8f5-e8be-441e-85c9-85b72a5d0ef3","type":"Microsoft.Authorization/policyDefinitions","name":"8829f8f5-e8be-441e-85c9-85b72a5d0ef3"},{"properties":{"displayName":"Deploy
prerequisites to audit Linux VMs that have the specified applications installed","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Linux virtual machines
that have the specified applications installed. It also creates a system-assigned
@@ -5775,15 +8252,37 @@ interactions:
['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0","type":"Microsoft.Authorization/policyDefinitions","name":"884b209a-963b-4520-8006-d20cb3c213e0"},{"properties":{"displayName":"Network
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0","type":"Microsoft.Authorization/policyDefinitions","name":"884b209a-963b-4520-8006-d20cb3c213e0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1317 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1317"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8877f519-c166-47b7-81b7-8a8eb4ff3775","type":"Microsoft.Authorization/policyDefinitions","name":"8877f519-c166-47b7-81b7-8a8eb4ff3775"},{"properties":{"displayName":"Microsoft
+ Managed Control 1501 - Rules Of Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1501"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88817b58-8472-4f6c-81fa-58ce42b67f51","type":"Microsoft.Authorization/policyDefinitions","name":"88817b58-8472-4f6c-81fa-58ce42b67f51"},{"properties":{"displayName":"Ensure
+ that ''Java version'' is the latest, if used as a part of the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Java either due to security flaws or to include
+ additional functionality. Using the latest Python version for Api apps is
+ recommended in order to to take advantage of security fixes, if any, and/or
+ new functionalities of the latest version.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ Java version","description":"Latest supported Java version for App Services"},"defaultValue":"11"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"JAVA"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","like":"[concat(''*'',
+ parameters(''JavaLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.javaVersion","like":"[concat(parameters(''JavaLatestVersion''),
+ ''*'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","type":"Microsoft.Authorization/policyDefinitions","name":"88999f4c-376a-45c8-bcb3-4058f713cf39"},{"properties":{"displayName":"Network
interfaces should disable IP forwarding","policyType":"BuiltIn","mode":"Indexed","description":"This
policy denies the network interfaces which enabled IP forwarding. The setting
of IP forwarding disables Azure''s check of the source and destination for
- a network interface. This should be reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"field":"Microsoft.Network/networkInterfaces/enableIpForwarding","equals":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900","type":"Microsoft.Authorization/policyDefinitions","name":"88c0b9da-ce96-4b03-9635-f29a937e2900"},{"properties":{"displayName":"SQL
+ a network interface. This should be reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"field":"Microsoft.Network/networkInterfaces/enableIpForwarding","equals":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900","type":"Microsoft.Authorization/policyDefinitions","name":"88c0b9da-ce96-4b03-9635-f29a937e2900"},{"properties":{"displayName":"Microsoft
+ Managed Control 1215 - Least Functionality","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1215"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88fc93e8-4745-4785-b5a5-b44bb92c44ff","type":"Microsoft.Authorization/policyDefinitions","name":"88fc93e8-4745-4785-b5a5-b44bb92c44ff"},{"properties":{"displayName":"SQL
servers should be configured with auditing retention days greater than 90
days.","policyType":"BuiltIn","mode":"Indexed","description":"Audit SQL servers
configured with an auditing retention period of less than 90 days.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/auditingSettings/retentionDays","greater":90}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","type":"Microsoft.Authorization/policyDefinitions","name":"89099bee-89e0-4b26-a5f4-165451757743"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/auditingSettings/retentionDays","greater":90}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","type":"Microsoft.Authorization/policyDefinitions","name":"89099bee-89e0-4b26-a5f4-165451757743"},{"properties":{"displayName":"Microsoft
+ Managed Control 1411 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1411"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/898d4fe8-f743-4333-86b7-0c9245d93e7d","type":"Microsoft.Authorization/policyDefinitions","name":"898d4fe8-f743-4333-86b7-0c9245d93e7d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1092 - Security Awareness Training | Insider Threat","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1092"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8a29d47b-8604-4667-84ef-90d203fcb305","type":"Microsoft.Authorization/policyDefinitions","name":"8a29d47b-8604-4667-84ef-90d203fcb305"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
System settings''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -5797,19 +8296,60 @@ interactions:
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines with a pending reboot. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8b0de57a-f511-4d45-a277-17cb79cb163b","type":"Microsoft.Authorization/policyDefinitions","name":"8b0de57a-f511-4d45-a277-17cb79cb163b"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8b0de57a-f511-4d45-a277-17cb79cb163b","type":"Microsoft.Authorization/policyDefinitions","name":"8b0de57a-f511-4d45-a277-17cb79cb163b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1534 - Personnel Sanctions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1534"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8b2b263e-cd05-4488-bcbf-4debec7a17d9","type":"Microsoft.Authorization/policyDefinitions","name":"8b2b263e-cd05-4488-bcbf-4debec7a17d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1170 - Penetration Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1170"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8b78b9b3-ee3c-48e0-a243-ed6dba5b7a12","type":"Microsoft.Authorization/policyDefinitions","name":"8b78b9b3-ee3c-48e0-a243-ed6dba5b7a12"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Windows Firewall Properties''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Windows Firewall Properties''. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsFirewallProperties","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8bbd627e-4d25-4906-9a6e-3789780af3ec","type":"Microsoft.Authorization/policyDefinitions","name":"8bbd627e-4d25-4906-9a6e-3789780af3ec"},{"properties":{"displayName":"Require
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsFirewallProperties","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8bbd627e-4d25-4906-9a6e-3789780af3ec","type":"Microsoft.Authorization/policyDefinitions","name":"8bbd627e-4d25-4906-9a6e-3789780af3ec"},{"properties":{"displayName":"Ensure
+ that ''HTTP Version'' is the latest, if used to run the Web app","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.http20Enabled","Equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae","type":"Microsoft.Authorization/policyDefinitions","name":"8c122334-9d20-4eb8-89ea-ac9a705b74ae"},{"properties":{"displayName":"Microsoft
+ Managed Control 1458 - Physical Access Control | Information System Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1458"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8c19ceb7-56e9-4488-8ddb-b1eb3aa6d203","type":"Microsoft.Authorization/policyDefinitions","name":"8c19ceb7-56e9-4488-8ddb-b1eb3aa6d203"},{"properties":{"displayName":"Microsoft
+ Managed Control 1683 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1683"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8c79fee4-88dd-44ce-bbd4-4de88948c4f8","type":"Microsoft.Authorization/policyDefinitions","name":"8c79fee4-88dd-44ce-bbd4-4de88948c4f8"},{"properties":{"displayName":"Latest
+ TLS version should be used in your API App","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
+ to the latest TLS version","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","type":"Microsoft.Authorization/policyDefinitions","name":"8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1316 - Identifier Management | Identify User Status","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1316"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ce14753-66e5-465d-9841-26ef55c09c0d","type":"Microsoft.Authorization/policyDefinitions","name":"8ce14753-66e5-465d-9841-26ef55c09c0d"},{"properties":{"displayName":"Require
tag and its value on resource groups","policyType":"BuiltIn","mode":"All","description":"Enforces
a required tag and its value on resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","notEquals":"[parameters(''tagValue'')]"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46","type":"Microsoft.Authorization/policyDefinitions","name":"8ce3da23-7156-49e4-b145-24f95f9dcb46"},{"properties":{"displayName":"[Preview]:
+ parameters(''tagName''), '']'')]","notEquals":"[parameters(''tagValue'')]"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46","type":"Microsoft.Authorization/policyDefinitions","name":"8ce3da23-7156-49e4-b145-24f95f9dcb46"},{"properties":{"displayName":"Microsoft
+ Managed Control 1324 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1324"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8cfea2b3-7f77-497e-ac20-0752f2ff6eee","type":"Microsoft.Authorization/policyDefinitions","name":"8cfea2b3-7f77-497e-ac20-0752f2ff6eee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1225 - Information System Component Inventory | Automated
+ Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1225"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8d096fe0-f510-4486-8b4d-d17dc230980b","type":"Microsoft.Authorization/policyDefinitions","name":"8d096fe0-f510-4486-8b4d-d17dc230980b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1288 - Information System Backup","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1288"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f","type":"Microsoft.Authorization/policyDefinitions","name":"8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1281 - Telecommunications Services | Priority Of Service Provisions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1281"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8dc459b3-0e77-45af-8d71-cfd8c9654fe2","type":"Microsoft.Authorization/policyDefinitions","name":"8dc459b3-0e77-45af-8d71-cfd8c9654fe2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1250 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1250"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8de614d8-a8b7-4f70-a62a-6d37089a002c","type":"Microsoft.Authorization/policyDefinitions","name":"8de614d8-a8b7-4f70-a62a-6d37089a002c"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - Object Access''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5838,7 +8378,22 @@ interactions:
Detailed File Share;ExpectedValue","value":"[parameters(''AuditDetailedFileShare'')]"},{"name":"Audit
File Share;ExpectedValue","value":"[parameters(''AuditFileShare'')]"},{"name":"Audit
File System;ExpectedValue","value":"[parameters(''AuditFileSystem'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8e170edb-e0f5-497a-bb36-48b3280cec6a","type":"Microsoft.Authorization/policyDefinitions","name":"8e170edb-e0f5-497a-bb36-48b3280cec6a"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8e170edb-e0f5-497a-bb36-48b3280cec6a","type":"Microsoft.Authorization/policyDefinitions","name":"8e170edb-e0f5-497a-bb36-48b3280cec6a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1278 - Alternate Processing Site | Preparation For Use","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1278"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8e5ef485-9e16-4c53-a475-fbb8107eac59","type":"Microsoft.Authorization/policyDefinitions","name":"8e5ef485-9e16-4c53-a475-fbb8107eac59"},{"properties":{"displayName":"Microsoft
+ Managed Control 1517 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1517"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8f5ad423-50d6-4617-b058-69908f5586c9","type":"Microsoft.Authorization/policyDefinitions","name":"8f5ad423-50d6-4617-b058-69908f5586c9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1668 - Flaw Remediation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1668"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8fb0966e-be1d-42c3-baca-60df5c0bcc61","type":"Microsoft.Authorization/policyDefinitions","name":"8fb0966e-be1d-42c3-baca-60df5c0bcc61"},{"properties":{"displayName":"Microsoft
+ Managed Control 1013 - Account Management | Automated System Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1013"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8fd7b917-d83b-4379-af60-51e14e316c61","type":"Microsoft.Authorization/policyDefinitions","name":"8fd7b917-d83b-4379-af60-51e14e316c61"},{"properties":{"displayName":"Microsoft
+ Managed Control 1147 - Security Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1147"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8fef824a-29a8-4a4c-88fc-420a39c0d541","type":"Microsoft.Authorization/policyDefinitions","name":"8fef824a-29a8-4a4c-88fc-420a39c0d541"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not store passwords using
reversible encryption","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5846,14 +8401,17 @@ interactions:
system-assigned managed identity and deploys the VM extension for Guest Configuration.
This policy should only be used along with its corresponding audit policy
in an initiative. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"StorePasswordsUsingReversibleEncryption","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"StorePasswordsUsingReversibleEncryption"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","type":"Microsoft.Authorization/policyDefinitions","name":"8ff0b18b-262e-4512-857a-48ad0aeb9a78"},{"properties":{"displayName":"[Preview]:
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"StorePasswordsUsingReversibleEncryption","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"StorePasswordsUsingReversibleEncryption"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","type":"Microsoft.Authorization/policyDefinitions","name":"8ff0b18b-262e-4512-857a-48ad0aeb9a78"},{"properties":{"displayName":"Microsoft
+ Managed Control 1550 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1550"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/902908fb-25a8-4225-a3a5-5603c80066c9","type":"Microsoft.Authorization/policyDefinitions","name":"902908fb-25a8-4225-a3a5-5603c80066c9"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Windows Firewall
Properties''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5986,7 +8544,10 @@ interactions:
Firewall: Domain: Allow unicast response;ExpectedValue","value":"[parameters(''WindowsFirewallDomainAllowUnicastResponse'')]"},{"name":"Windows
Firewall: Private: Allow unicast response;ExpectedValue","value":"[parameters(''WindowsFirewallPrivateAllowUnicastResponse'')]"},{"name":"Windows
Firewall: Public: Allow unicast response;ExpectedValue","value":"[parameters(''WindowsFirewallPublicAllowUnicastResponse'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/909c958d-1b99-4c74-b88f-46a5c5bc34f9","type":"Microsoft.Authorization/policyDefinitions","name":"909c958d-1b99-4c74-b88f-46a5c5bc34f9"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/909c958d-1b99-4c74-b88f-46a5c5bc34f9","type":"Microsoft.Authorization/policyDefinitions","name":"909c958d-1b99-4c74-b88f-46a5c5bc34f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1133 - Protection Of Audit Information | Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1133"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90b60a09-133d-45bc-86ef-b206a6134bbe","type":"Microsoft.Authorization/policyDefinitions","name":"90b60a09-133d-45bc-86ef-b206a6134bbe"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that do not have the specified Windows
PowerShell modules installed","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -6008,19 +8569,40 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellModules]PowerShellModules1;Modules","value":"[parameters(''Modules'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90ba2ee7-4ca8-4673-84d1-c851c50d3baf","type":"Microsoft.Authorization/policyDefinitions","name":"90ba2ee7-4ca8-4673-84d1-c851c50d3baf"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90ba2ee7-4ca8-4673-84d1-c851c50d3baf","type":"Microsoft.Authorization/policyDefinitions","name":"90ba2ee7-4ca8-4673-84d1-c851c50d3baf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1140 - Audit Generation | System-Wide / Time-Correlated Audit
+ Trail","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1140"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90d8b8ad-8ee3-4db7-913f-2a53fcff5316","type":"Microsoft.Authorization/policyDefinitions","name":"90d8b8ad-8ee3-4db7-913f-2a53fcff5316"},{"properties":{"displayName":"Microsoft
+ Managed Control 1355 - Incident Response Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1355"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90e01f69-3074-4de8-ade7-0fef3e7d83e0","type":"Microsoft.Authorization/policyDefinitions","name":"90e01f69-3074-4de8-ade7-0fef3e7d83e0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1657 - Secure Name / Address Resolution Service (Authoritative
+ Source)","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1657"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90f01329-a100-43c2-af31-098996135d2b","type":"Microsoft.Authorization/policyDefinitions","name":"90f01329-a100-43c2-af31-098996135d2b"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Windows Components''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Windows Components''. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsComponents","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9178b430-2295-406e-bb28-f6a7a2a2f897","type":"Microsoft.Authorization/policyDefinitions","name":"9178b430-2295-406e-bb28-f6a7a2a2f897"},{"properties":{"displayName":"MFA
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsComponents","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9178b430-2295-406e-bb28-f6a7a2a2f897","type":"Microsoft.Authorization/policyDefinitions","name":"9178b430-2295-406e-bb28-f6a7a2a2f897"},{"properties":{"displayName":"Microsoft
+ Managed Control 1069 - Wireless Access | Authentication And Encryption","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1069"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/91c97b44-791e-46e9-bad7-ab7c4949edbb","type":"Microsoft.Authorization/policyDefinitions","name":"91c97b44-791e-46e9-bad7-ab7c4949edbb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1370 - Incident Monitoring | Automated Tracking / Data Collection
+ / Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1370"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/924e1b2d-c502-478f-bfdb-a7e09a0d5c01","type":"Microsoft.Authorization/policyDefinitions","name":"924e1b2d-c502-478f-bfdb-a7e09a0d5c01"},{"properties":{"displayName":"MFA
should be enabled accounts with write permissions on your subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor
Authentication (MFA) should be enabled for all subscription accounts with
write privileges to prevent a breach of accounts or resources.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","type":"Microsoft.Authorization/policyDefinitions","name":"9297c21d-2ed6-4474-b48f-163f75654ce3"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","type":"Microsoft.Authorization/policyDefinitions","name":"9297c21d-2ed6-4474-b48f-163f75654ce3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1290 - Information System Backup","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1290"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/92f85ce9-17b7-49ea-85ee-ea7271ea6b82","type":"Microsoft.Authorization/policyDefinitions","name":"92f85ce9-17b7-49ea-85ee-ea7271ea6b82"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that contain certificates expiring within
the specified number of days","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -6048,19 +8630,53 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToInclude","value":"[parameters(''MembersToInclude'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","type":"Microsoft.Authorization/policyDefinitions","name":"93507a81-10a4-4af0-9ee2-34cf25a96e98"},{"properties":{"displayName":"[Deprecated]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","type":"Microsoft.Authorization/policyDefinitions","name":"93507a81-10a4-4af0-9ee2-34cf25a96e98"},{"properties":{"displayName":"Microsoft
+ Managed Control 1575 - Acquisition Process | Functional Properties Of Security
+ Controls","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1575"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93e1bb73-1b08-4dbe-9c62-8e2e92e7ec41","type":"Microsoft.Authorization/policyDefinitions","name":"93e1bb73-1b08-4dbe-9c62-8e2e92e7ec41"},{"properties":{"displayName":"Microsoft
+ Managed Control 1674 - Flaw Remediation | Time To Remediate Flaws / Benchmarks
+ For Corrective Actions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1674"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93e9e233-dd0a-4bde-aea5-1371bce0e002","type":"Microsoft.Authorization/policyDefinitions","name":"93e9e233-dd0a-4bde-aea5-1371bce0e002"},{"properties":{"displayName":"Microsoft
+ Managed Control 1297 - Information System Recovery And Reconstitution | Restore
+ Within Time Period","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1297"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93fd8af1-c161-4bae-9ba9-f62731f76439","type":"Microsoft.Authorization/policyDefinitions","name":"93fd8af1-c161-4bae-9ba9-f62731f76439"},{"properties":{"displayName":"Microsoft
+ Managed Control 1284 - Telecommunications Services | Provider Contingency
+ Plan","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1284"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/942b3e97-6ae3-410e-a794-c9c999b97c0b","type":"Microsoft.Authorization/policyDefinitions","name":"942b3e97-6ae3-410e-a794-c9c999b97c0b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1379 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1379"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9442dd2c-a07f-46cd-b55a-553b66ba47ca","type":"Microsoft.Authorization/policyDefinitions","name":"9442dd2c-a07f-46cd-b55a-553b66ba47ca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1371 - Incident Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1371"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9447f354-2c85-4700-93b3-ecdc6cb6a417","type":"Microsoft.Authorization/policyDefinitions","name":"9447f354-2c85-4700-93b3-ecdc6cb6a417"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation only in European data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
- resource creation in the following locations only: North Europe, West Europe","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["northeurope","westeurope"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b","type":"Microsoft.Authorization/policyDefinitions","name":"94c19f19-8192-48cd-a11b-e37099d3e36b"},{"properties":{"displayName":"Require
+ resource creation in the following locations only: North Europe, West Europe","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["northeurope","westeurope"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b","type":"Microsoft.Authorization/policyDefinitions","name":"94c19f19-8192-48cd-a11b-e37099d3e36b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1526 - Access Agreements","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1526"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/953e6261-a05a-44fd-8246-000e1a3edbb9","type":"Microsoft.Authorization/policyDefinitions","name":"953e6261-a05a-44fd-8246-000e1a3edbb9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1163 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1163"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/961663a1-8a91-4e59-b6f5-1eee57c0f49c","type":"Microsoft.Authorization/policyDefinitions","name":"961663a1-8a91-4e59-b6f5-1eee57c0f49c"},{"properties":{"displayName":"Require
specified tag on resource groups","policyType":"BuiltIn","mode":"All","description":"Enforces
existence of a tag on resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/96670d01-0a4d-4649-9c89-2d3abc0a5025","type":"Microsoft.Authorization/policyDefinitions","name":"96670d01-0a4d-4649-9c89-2d3abc0a5025"},{"properties":{"displayName":"Advanced
+ parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/96670d01-0a4d-4649-9c89-2d3abc0a5025","type":"Microsoft.Authorization/policyDefinitions","name":"96670d01-0a4d-4649-9c89-2d3abc0a5025"},{"properties":{"displayName":"Microsoft
+ Managed Control 1717 - Software, Firmware, And Information Integrity | Binary
+ Or Machine Executable Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1717"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef","type":"Microsoft.Authorization/policyDefinitions","name":"967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef"},{"properties":{"displayName":"Advanced
data security settings for SQL server should contain an email address to receive
security alerts","policyType":"BuiltIn","mode":"Indexed","description":"Ensure
that an email address is provided for the ''Send alerts to'' field in the
Advanced Data Security server settings. This email address receives alert
notifications when anomalous activities are detected on SQL servers.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAddresses[*]","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","type":"Microsoft.Authorization/policyDefinitions","name":"9677b740-f641-4f3c-b9c5-466005c85278"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAddresses[*]","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","type":"Microsoft.Authorization/policyDefinitions","name":"9677b740-f641-4f3c-b9c5-466005c85278"},{"properties":{"displayName":"Microsoft
+ Managed Control 1453 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1453"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9693b564-3008-42bc-9d5d-9c7fe198c011","type":"Microsoft.Authorization/policyDefinitions","name":"9693b564-3008-42bc-9d5d-9c7fe198c011"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Adminstrative Templates
- MSS (Legacy)''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -6068,7 +8684,11 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Adminstrative Templates - MSS (Legacy)''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdminstrativeTemplatesMSSLegacy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97646672-5efa-4622-9b54-740270ad60bf","type":"Microsoft.Authorization/policyDefinitions","name":"97646672-5efa-4622-9b54-740270ad60bf"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdminstrativeTemplatesMSSLegacy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97646672-5efa-4622-9b54-740270ad60bf","type":"Microsoft.Authorization/policyDefinitions","name":"97646672-5efa-4622-9b54-740270ad60bf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1607 - Developer Security Testing And Evaluation | Dynamic
+ Code Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1607"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/976a74cf-b192-4d35-8cab-2068f272addb","type":"Microsoft.Authorization/policyDefinitions","name":"976a74cf-b192-4d35-8cab-2068f272addb"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - Policy Change''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -6093,7 +8713,13 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit
Authentication Policy Change;ExpectedValue","value":"[parameters(''AuditAuthenticationPolicyChange'')]"},{"name":"Audit
Authorization Policy Change;ExpectedValue","value":"[parameters(''AuditAuthorizationPolicyChange'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97b595c8-fd10-400e-8543-28e2b9138b13","type":"Microsoft.Authorization/policyDefinitions","name":"97b595c8-fd10-400e-8543-28e2b9138b13"},{"properties":{"displayName":"[Deprecated]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97b595c8-fd10-400e-8543-28e2b9138b13","type":"Microsoft.Authorization/policyDefinitions","name":"97b595c8-fd10-400e-8543-28e2b9138b13"},{"properties":{"displayName":"Microsoft
+ Managed Control 1136 - Audit Record Retention","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1136"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97ed5bac-a92f-4f6d-a8ed-dc094723597c","type":"Microsoft.Authorization/policyDefinitions","name":"97ed5bac-a92f-4f6d-a8ed-dc094723597c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1378 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1378"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97fceb70-6983-42d0-9331-18ad8253184d","type":"Microsoft.Authorization/policyDefinitions","name":"97fceb70-6983-42d0-9331-18ad8253184d"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation only in United States data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation in the following locations only: Central US, East US, East
US2, North Central US, South Central US, West US","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["centralus","eastus","eastus2","northcentralus","southcentralus","westus"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869","type":"Microsoft.Authorization/policyDefinitions","name":"983211ba-f348-4758-983b-21fa29294869"},{"properties":{"displayName":"[Preview]:
@@ -6123,7 +8749,33 @@ interactions:
insecure guest logons;ExpectedValue","value":"[parameters(''EnableInsecureGuestLogons'')]"},{"name":"Minimize
the number of simultaneous connections to the Internet or a Windows Domain;ExpectedValue","value":"[parameters(''AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain'')]"},{"name":"Turn
off multicast name resolution;ExpectedValue","value":"[parameters(''TurnOffMulticastNameResolution'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/985285b7-b97a-419c-8d48-c88cc934c8d8","type":"Microsoft.Authorization/policyDefinitions","name":"985285b7-b97a-419c-8d48-c88cc934c8d8"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/985285b7-b97a-419c-8d48-c88cc934c8d8","type":"Microsoft.Authorization/policyDefinitions","name":"985285b7-b97a-419c-8d48-c88cc934c8d8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1076 - Use Of External Information Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1076"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/98a4bd5f-6436-46d4-ad00-930b5b1dfed4","type":"Microsoft.Authorization/policyDefinitions","name":"98a4bd5f-6436-46d4-ad00-930b5b1dfed4"},{"properties":{"displayName":"Ensure
+ that ''HTTP Version'' is the latest, if used to run the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for HTTP either due to security flaws or to include
+ additional functionality. Using the latest HTTP version for web apps to take
+ advantage of security fixes, if any, and/or new functionalities of the newer
+ version.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.http20Enabled","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db","type":"Microsoft.Authorization/policyDefinitions","name":"991310cd-e9f3-47bc-b7b6-f57b557d07db"},{"properties":{"displayName":"Microsoft
+ Managed Control 1102 - Audit Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1102"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9943c16a-c54c-4b4a-ad28-bfd938cdbf57","type":"Microsoft.Authorization/policyDefinitions","name":"9943c16a-c54c-4b4a-ad28-bfd938cdbf57"},{"properties":{"displayName":"Microsoft
+ Managed Control 1300 - Identification And Authentication (Organizational Users)","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1300"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/99deec7d-5526-472e-b07c-3645a792026a","type":"Microsoft.Authorization/policyDefinitions","name":"99deec7d-5526-472e-b07c-3645a792026a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1036 - Least Privilege | Non-Privileged Access For Nonsecurity
+ Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1036"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9a16d673-8cf0-4dcf-b1d5-9b3e114fef71","type":"Microsoft.Authorization/policyDefinitions","name":"9a16d673-8cf0-4dcf-b1d5-9b3e114fef71"},{"properties":{"displayName":"FTPS
+ only should be required in your API App","policyType":"BuiltIn","mode":"Indexed","description":"Enable
+ FTPS enforcement for enhanced security","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/ftpsState","equals":"FtpsOnly"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5","type":"Microsoft.Authorization/policyDefinitions","name":"9a1b8c48-453a-4044-86c3-d8bfd823e4f5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1021 - Account Management | Restrictions On Use Of Shared
+ / Group Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1021"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9a3eb0a3-428d-4669-baff-20a14eb4b551","type":"Microsoft.Authorization/policyDefinitions","name":"9a3eb0a3-428d-4669-baff-20a14eb4b551"},{"properties":{"displayName":"Deploy
Diagnostic Settings for Azure SQL Database to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
the diagnostic settings for Azure SQL Database to stream to a regional Event
Hub on any Azure SQL Database which is missing this diagnostic settings is
@@ -6140,21 +8792,84 @@ interactions:
or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"fullName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"resources":[{"type":"Microsoft.Sql/servers/databases/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''fullName''),
''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"QueryStoreRuntimeStatistics","enabled":"[parameters(''logsEnabled'')]"},{"category":"QueryStoreWaitStatistics","enabled":"[parameters(''logsEnabled'')]"},{"category":"Errors","enabled":"[parameters(''logsEnabled'')]"},{"category":"DatabaseWaitStatistics","enabled":"[parameters(''logsEnabled'')]"},{"category":"Blocks","enabled":"[parameters(''logsEnabled'')]"},{"category":"SQLInsights","enabled":"[parameters(''logsEnabled'')]"},{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"SQLSecurityAuditEvents","enabled":"[parameters(''logsEnabled'')]"},{"category":"Timeouts","enabled":"[parameters(''logsEnabled'')]"},{"category":"AutomaticTuning","enabled":"[parameters(''logsEnabled'')]"},{"category":"Deadlocks","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
diagnostic settings for '', parameters(''fullName''))]"}}},"parameters":{"location":{"value":"[field(''location'')]"},"fullName":{"value":"[field(''fullName'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9a7c7a7d-49e5-4213-bea8-6a502b6272e0","type":"Microsoft.Authorization/policyDefinitions","name":"9a7c7a7d-49e5-4213-bea8-6a502b6272e0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1049 - System Use Notification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1049"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9adf7ba7-900a-4f35-8d57-9f34aafc405c","type":"Microsoft.Authorization/policyDefinitions","name":"9adf7ba7-900a-4f35-8d57-9f34aafc405c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1563 - Allocation Of Resources","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1563"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9afe2edf-232c-4fdf-8e6a-e867a5c525fd","type":"Microsoft.Authorization/policyDefinitions","name":"9afe2edf-232c-4fdf-8e6a-e867a5c525fd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1462 - Monitoring Physical Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1462"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9b1f3a9a-13a1-4b40-8420-36bca6fd8c02","type":"Microsoft.Authorization/policyDefinitions","name":"9b1f3a9a-13a1-4b40-8420-36bca6fd8c02"},{"properties":{"displayName":"Microsoft
IaaSAntimalware extension should be deployed on Windows servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Windows server VM without Microsoft IaaSAntimalware extension
deployed.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk"]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","type":"Microsoft.Authorization/policyDefinitions","name":"9b597639-28e4-48eb-b506-56b05d366257"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk"]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","type":"Microsoft.Authorization/policyDefinitions","name":"9b597639-28e4-48eb-b506-56b05d366257"},{"properties":{"displayName":"Microsoft
+ Managed Control 1236 - Software Usage Restrictions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1236"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ba3ed84-c768-4e18-b87c-34ef1aff1b57","type":"Microsoft.Authorization/policyDefinitions","name":"9ba3ed84-c768-4e18-b87c-34ef1aff1b57"},{"properties":{"displayName":"Microsoft
+ Managed Control 1525 - Personnel Transfer","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1525"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9be2f688-7a61-45e3-8230-e1ec93893f66","type":"Microsoft.Authorization/policyDefinitions","name":"9be2f688-7a61-45e3-8230-e1ec93893f66"},{"properties":{"displayName":"[Deprecated]:
Audit API Applications that are not using latest supported Java Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported Java version for the latest security classes. Using older
classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745","type":"Microsoft.Authorization/policyDefinitions","name":"9bfe3727-0a17-471f-a2fe-eddd6b668745"},{"properties":{"displayName":"Access
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745","type":"Microsoft.Authorization/policyDefinitions","name":"9bfe3727-0a17-471f-a2fe-eddd6b668745"},{"properties":{"displayName":"Microsoft
+ Managed Control 1138 - Audit Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1138"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9c284fc0-268a-4f29-af44-3c126674edb4","type":"Microsoft.Authorization/policyDefinitions","name":"9c284fc0-268a-4f29-af44-3c126674edb4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1135 - Non-Repudiation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1135"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9c308b6b-2429-4b97-86cf-081b8e737b04","type":"Microsoft.Authorization/policyDefinitions","name":"9c308b6b-2429-4b97-86cf-081b8e737b04"},{"properties":{"displayName":"Microsoft
+ Managed Control 1489 - Location Of Information System Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1489"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d0a794f-1444-4c96-9534-e35fc8c39c91","type":"Microsoft.Authorization/policyDefinitions","name":"9d0a794f-1444-4c96-9534-e35fc8c39c91"},{"properties":{"displayName":"Ensure
+ that ''Java version'' is the latest, if used as a part of the Funtion app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Java software either due to security flaws
+ or to include additional functionality. Using the latest Java version for
+ Function apps is recommended in order to to take advantage of security fixes,
+ if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ Java version","description":"Latest supported Java version for App Services"},"defaultValue":"11"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"JAVA"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","like":"[concat(''*'',
+ parameters(''JavaLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.javaVersion","like":"[concat(parameters(''JavaLatestVersion''),
+ ''*'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","type":"Microsoft.Authorization/policyDefinitions","name":"9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1322 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1322"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d1d971e-467e-4278-9633-c74c3d4fecc4","type":"Microsoft.Authorization/policyDefinitions","name":"9d1d971e-467e-4278-9633-c74c3d4fecc4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1233 - Configuration Management Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1233"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d79001f-95fe-45d0-8736-f217e78c1f57","type":"Microsoft.Authorization/policyDefinitions","name":"9d79001f-95fe-45d0-8736-f217e78c1f57"},{"properties":{"displayName":"Microsoft
+ Managed Control 1305 - Identification And Authentication (Org. Users) | Group
+ Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1305"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d9166a8-1722-4b8f-847c-2cf3f2618b3d","type":"Microsoft.Authorization/policyDefinitions","name":"9d9166a8-1722-4b8f-847c-2cf3f2618b3d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1259 - Contingency Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1259"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d9e18f7-bad9-4d30-8806-a0c9d5e26208","type":"Microsoft.Authorization/policyDefinitions","name":"9d9e18f7-bad9-4d30-8806-a0c9d5e26208"},{"properties":{"displayName":"Access
through Internet facing endpoint should be restricted","policyType":"BuiltIn","mode":"All","description":"Azure
Security center has identified some of your Network Security Groups'' inbound
rules to be too permissive. Inbound rules should not allow access from ''Any''
or ''Internet'' ranges. This can potentially enable attackers to easily target
your resources.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedNetworkEndpoint","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","type":"Microsoft.Authorization/policyDefinitions","name":"9daedab3-fb2d-461e-b861-71790eead4f6"},{"properties":{"displayName":"Append
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedNetworkEndpoint","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","type":"Microsoft.Authorization/policyDefinitions","name":"9daedab3-fb2d-461e-b861-71790eead4f6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1500 - Rules Of Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1500"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9dd5b241-03cb-47d3-a5cd-4b89f9c53c92","type":"Microsoft.Authorization/policyDefinitions","name":"9dd5b241-03cb-47d3-a5cd-4b89f9c53c92"},{"properties":{"displayName":"Microsoft
+ Managed Control 1482 - Temperature And Humidity Controls | Monitoring With
+ Alarms / Notifications","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1482"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9df4277e-8c88-4d5c-9b1a-541d53d15d7b","type":"Microsoft.Authorization/policyDefinitions","name":"9df4277e-8c88-4d5c-9b1a-541d53d15d7b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1553 - Vulnerability Scanning | Breadth / Depth Of Coverage","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1553"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9e5225fe-cdfb-4fce-9aec-0fe20dd53b62","type":"Microsoft.Authorization/policyDefinitions","name":"9e5225fe-cdfb-4fce-9aec-0fe20dd53b62"},{"properties":{"displayName":"Microsoft
+ Managed Control 1490 - Security Planning Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1490"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9e61da80-0957-4892-b70c-609d5eaafb6b","type":"Microsoft.Authorization/policyDefinitions","name":"9e61da80-0957-4892-b70c-609d5eaafb6b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1504 - Information Security Architecture","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1504"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9e7c35d0-12d4-4e0c-80a2-8a352537aefd","type":"Microsoft.Authorization/policyDefinitions","name":"9e7c35d0-12d4-4e0c-80a2-8a352537aefd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1609 - Development Process, Standards, And Tools","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1609"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9e93fa71-42ac-41a7-b177-efbfdc53c69f","type":"Microsoft.Authorization/policyDefinitions","name":"9e93fa71-42ac-41a7-b177-efbfdc53c69f"},{"properties":{"displayName":"Append
tag and its value from the resource group","policyType":"BuiltIn","mode":"Indexed","description":"Appends
the specified tag with its value from the resource group when any resource
which is missing this tag is created or updated. Does not modify the tags
@@ -6163,13 +8878,25 @@ interactions:
of tags on existing resources (see https://aka.ms/modifydoc).","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"allOf":[{"field":"[concat(''tags['',
parameters(''tagName''), '']'')]","exists":"false"},{"value":"[resourceGroup().tags[parameters(''tagName'')]]","notEquals":""}]},"then":{"effect":"append","details":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[resourceGroup().tags[parameters(''tagName'')]]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ea02ca2-71db-412d-8b00-7c7ca9fcd32d","type":"Microsoft.Authorization/policyDefinitions","name":"9ea02ca2-71db-412d-8b00-7c7ca9fcd32d"},{"properties":{"displayName":"Show
+ parameters(''tagName''), '']'')]","value":"[resourceGroup().tags[parameters(''tagName'')]]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ea02ca2-71db-412d-8b00-7c7ca9fcd32d","type":"Microsoft.Authorization/policyDefinitions","name":"9ea02ca2-71db-412d-8b00-7c7ca9fcd32d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1494 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1494"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ed09d84-3311-4853-8b67-2b55dfa33d09","type":"Microsoft.Authorization/policyDefinitions","name":"9ed09d84-3311-4853-8b67-2b55dfa33d09"},{"properties":{"displayName":"Microsoft
+ Managed Control 1514 - Personnel Screening | Information With Special Protection
+ Measures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1514"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ed5ca00-0e43-434e-a018-7aab91461ba7","type":"Microsoft.Authorization/policyDefinitions","name":"9ed5ca00-0e43-434e-a018-7aab91461ba7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1187 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1187"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9f2b2f9e-4ba6-46c3-907f-66db138b6f85","type":"Microsoft.Authorization/policyDefinitions","name":"9f2b2f9e-4ba6-46c3-907f-66db138b6f85"},{"properties":{"displayName":"Show
audit results from Windows VMs that are not set to the specified time zone","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that are not set to the specified time zone.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsTimeZone","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9f658460-46b7-43af-8565-94fc0662be38","type":"Microsoft.Authorization/policyDefinitions","name":"9f658460-46b7-43af-8565-94fc0662be38"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsTimeZone","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9f658460-46b7-43af-8565-94fc0662be38","type":"Microsoft.Authorization/policyDefinitions","name":"9f658460-46b7-43af-8565-94fc0662be38"},{"properties":{"displayName":"Microsoft
+ Managed Control 1354 - Incident Response Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1354"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9fd92c17-163a-4511-bb96-bbb476449796","type":"Microsoft.Authorization/policyDefinitions","name":"9fd92c17-163a-4511-bb96-bbb476449796"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs on which the Log Analytics agent is not
connected as expected","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -6177,14 +8904,22 @@ interactions:
auditing Windows virtual machines on which the Log Analytics agent is not
connected to the specified workspaces. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsLogAnalyticsAgentConnection","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a030a57e-4639-4e8f-ade9-a92f33afe7ee","type":"Microsoft.Authorization/policyDefinitions","name":"a030a57e-4639-4e8f-ade9-a92f33afe7ee"},{"properties":{"displayName":"Allowed
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsLogAnalyticsAgentConnection","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a030a57e-4639-4e8f-ade9-a92f33afe7ee","type":"Microsoft.Authorization/policyDefinitions","name":"a030a57e-4639-4e8f-ade9-a92f33afe7ee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1145 - Security Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1145"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a0724970-9c75-4a64-a225-a28002953f28","type":"Microsoft.Authorization/policyDefinitions","name":"a0724970-9c75-4a64-a225-a28002953f28"},{"properties":{"displayName":"Allowed
resource types","policyType":"BuiltIn","mode":"Indexed","description":"This
policy enables you to specify the resource types that your organization can
deploy. Only resource types that support ''tags'' and ''location'' will be
affected by this policy. To restrict all resources please duplicate this policy
and change the ''mode'' to ''All''.","metadata":{"category":"General"},"parameters":{"listOfResourceTypesAllowed":{"type":"Array","metadata":{"description":"The
list of resource types that can be deployed.","displayName":"Allowed resource
- types","strongType":"resourceTypes"}}},"policyRule":{"if":{"not":{"field":"type","in":"[parameters(''listOfResourceTypesAllowed'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c","type":"Microsoft.Authorization/policyDefinitions","name":"a08ec900-254a-4555-9bf5-e42af04b5c5c"},{"properties":{"displayName":"Security
+ types","strongType":"resourceTypes"}}},"policyRule":{"if":{"not":{"field":"type","in":"[parameters(''listOfResourceTypesAllowed'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c","type":"Microsoft.Authorization/policyDefinitions","name":"a08ec900-254a-4555-9bf5-e42af04b5c5c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1245 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1245"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a0e45314-57b8-4623-80cd-bbb561f59516","type":"Microsoft.Authorization/policyDefinitions","name":"a0e45314-57b8-4623-80cd-bbb561f59516"},{"properties":{"displayName":"Microsoft
+ Managed Control 1406 - Maintenance Tools | Inspect Media","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1406"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a0f5339c-9292-43aa-a0bc-d27c6b8e30aa","type":"Microsoft.Authorization/policyDefinitions","name":"a0f5339c-9292-43aa-a0bc-d27c6b8e30aa"},{"properties":{"displayName":"Security
Center standard pricing tier should be selected","policyType":"BuiltIn","mode":"All","description":"The
standard pricing tier enables threat detection for networks and virtual machines,
providing threat intelligence, anomaly detection, and behavior analytics in
@@ -6197,20 +8932,72 @@ interactions:
security model, you shoud create access policies at the entity level for queues
and topics to provide access to only the specific entity","metadata":{"category":"Service
Bus"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceBus/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","type":"Microsoft.Authorization/policyDefinitions","name":"a1817ec0-a368-432a-8057-8371e17ac6ee"},{"properties":{"displayName":"[Preview]:
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceBus/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","type":"Microsoft.Authorization/policyDefinitions","name":"a1817ec0-a368-432a-8057-8371e17ac6ee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1265 - Contingency Plan Testing | Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1265"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a18adb5b-1db6-4a5b-901a-7d3797d12972","type":"Microsoft.Authorization/policyDefinitions","name":"a18adb5b-1db6-4a5b-901a-7d3797d12972"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Logic Apps to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Logic Apps to stream to a regional Event Hub when
+ any Logic Apps which is missing this diagnostic settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Logic/workflows/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"WorkflowRuntime","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1dae6c7-13f3-48ea-a149-ff8442661f60","type":"Microsoft.Authorization/policyDefinitions","name":"a1dae6c7-13f3-48ea-a149-ff8442661f60"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Administrative Templates
- System''","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Administrative
Templates - System''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1e8dda3-9fd2-4835-aec3-0e55531fde33","type":"Microsoft.Authorization/policyDefinitions","name":"a1e8dda3-9fd2-4835-aec3-0e55531fde33"},{"properties":{"displayName":"Show
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1e8dda3-9fd2-4835-aec3-0e55531fde33","type":"Microsoft.Authorization/policyDefinitions","name":"a1e8dda3-9fd2-4835-aec3-0e55531fde33"},{"properties":{"displayName":"Microsoft
+ Managed Control 1612 - Developer Security Architecture And Design","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1612"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2037b3d-8b04-4171-8610-e6d4f1d08db5","type":"Microsoft.Authorization/policyDefinitions","name":"a2037b3d-8b04-4171-8610-e6d4f1d08db5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1197 - Configuration Change Control | Test / Validate / Document
+ Changes","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1197"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a20d2eaa-88e2-4907-96a2-8f3a05797e5c","type":"Microsoft.Authorization/policyDefinitions","name":"a20d2eaa-88e2-4907-96a2-8f3a05797e5c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1275 - Alternate Processing Site | Separation From Primary
+ Site","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1275"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a23d9d53-ad2e-45ef-afd5-e6d10900a737","type":"Microsoft.Authorization/policyDefinitions","name":"a23d9d53-ad2e-45ef-afd5-e6d10900a737"},{"properties":{"displayName":"Microsoft
+ Managed Control 1690 - Information System Monitoring | System-Wide Intrusion
+ Detection System","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1690"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2567a23-d1c3-4783-99f3-d471302a4d6b","type":"Microsoft.Authorization/policyDefinitions","name":"a2567a23-d1c3-4783-99f3-d471302a4d6b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1410 - Maintenance Tools | Prevent Unauthorized Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1410"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2596a9f-e59f-420d-9625-6e0b536348be","type":"Microsoft.Authorization/policyDefinitions","name":"a2596a9f-e59f-420d-9625-6e0b536348be"},{"properties":{"displayName":"Microsoft
+ Managed Control 1059 - Remote Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1059"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a29b5d9f-4953-4afe-b560-203a6410b6b4","type":"Microsoft.Authorization/policyDefinitions","name":"a29b5d9f-4953-4afe-b560-203a6410b6b4"},{"properties":{"displayName":"Show
audit results from Windows VMs that are not joined to the specified domain","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that are not joined to the specified domain.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDomainMembership","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a29ee95c-0395-4515-9851-cc04ffe82a91","type":"Microsoft.Authorization/policyDefinitions","name":"a29ee95c-0395-4515-9851-cc04ffe82a91"},{"properties":{"displayName":"Audit
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDomainMembership","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a29ee95c-0395-4515-9851-cc04ffe82a91","type":"Microsoft.Authorization/policyDefinitions","name":"a29ee95c-0395-4515-9851-cc04ffe82a91"},{"properties":{"displayName":"Microsoft
+ Managed Control 1532 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1532"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2c66299-9017-4d95-8040-8bdbf7901d52","type":"Microsoft.Authorization/policyDefinitions","name":"a2c66299-9017-4d95-8040-8bdbf7901d52"},{"properties":{"displayName":"Microsoft
+ Managed Control 1664 - Protection Of Information At Rest | Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1664"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2cdf6b8-9505-4619-b579-309ba72037ac","type":"Microsoft.Authorization/policyDefinitions","name":"a2cdf6b8-9505-4619-b579-309ba72037ac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1252 - Contingency Plan | Capacity Planning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1252"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a328fd72-8ff5-4f96-8c9c-b30ed95db4ab","type":"Microsoft.Authorization/policyDefinitions","name":"a328fd72-8ff5-4f96-8c9c-b30ed95db4ab"},{"properties":{"displayName":"Microsoft
+ Managed Control 1238 - User-Installed Software","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1238"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1","type":"Microsoft.Authorization/policyDefinitions","name":"a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1693 - Information System Monitoring | System-Generated Alerts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1693"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a450eba6-2efc-4a00-846a-5804a93c6b77","type":"Microsoft.Authorization/policyDefinitions","name":"a450eba6-2efc-4a00-846a-5804a93c6b77"},{"properties":{"displayName":"Audit
usage of custom RBAC rules","policyType":"BuiltIn","mode":"All","description":"Audit
built-in roles such as ''Owner, Contributer, Reader'' instead of custom RBAC
roles, which are error prone. Using custom roles is treated as an exception
@@ -6219,7 +9006,10 @@ interactions:
Application should only be accessible over HTTPS","policyType":"BuiltIn","mode":"Indexed","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","type":"Microsoft.Authorization/policyDefinitions","name":"a4af4a39-4135-47fb-b175-47fbdf85311d"},{"properties":{"displayName":"Auditing
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","type":"Microsoft.Authorization/policyDefinitions","name":"a4af4a39-4135-47fb-b175-47fbdf85311d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1617 - Application Partitioning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1617"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a631d8f5-eb81-4f9d-9ee1-74431371e4a3","type":"Microsoft.Authorization/policyDefinitions","name":"a631d8f5-eb81-4f9d-9ee1-74431371e4a3"},{"properties":{"displayName":"Auditing
should be enabled on advanced data security settings on SQL Server","policyType":"BuiltIn","mode":"Indexed","description":"Auditing
tracks database events and writes them to an audit log in the Azure storage
account. It also helps to maintain regulatory compliance, understand database
@@ -6230,21 +9020,49 @@ interactions:
Log Analytics agent should be installed on virtual machines","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Windows/Linux virtual machines if the Log Analytics agent
is not installed.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","in":["MicrosoftMonitoringAgent","OmsAgentForLinux"]},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"},{"field":"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be","type":"Microsoft.Authorization/policyDefinitions","name":"a70ca396-0a34-413a-88e1-b956c1e683be"},{"properties":{"displayName":"DDoS
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","in":["MicrosoftMonitoringAgent","OmsAgentForLinux"]},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"},{"field":"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be","type":"Microsoft.Authorization/policyDefinitions","name":"a70ca396-0a34-413a-88e1-b956c1e683be"},{"properties":{"displayName":"Microsoft
+ Managed Control 1431 - Media Storage","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1431"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7173c52-2b99-4696-a576-63dd5f970ef4","type":"Microsoft.Authorization/policyDefinitions","name":"a7173c52-2b99-4696-a576-63dd5f970ef4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1644 - Cryptographic Key Establishment And Management | Availability","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1644"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7211477-c970-446b-b4af-062f37461147","type":"Microsoft.Authorization/policyDefinitions","name":"a7211477-c970-446b-b4af-062f37461147"},{"properties":{"displayName":"Microsoft
+ Managed Control 1027 - Access Enforcement","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1027"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c","type":"Microsoft.Authorization/policyDefinitions","name":"a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c"},{"properties":{"displayName":"DDoS
Protection Standard should be enabled","policyType":"BuiltIn","mode":"All","description":"DDoS
protection standard should be enabled for all virtual networks with a subnet
that is part of an application gateway with a public IP.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"microsoft.network/virtualNetworks"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableDDoSProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","type":"Microsoft.Authorization/policyDefinitions","name":"a7aca53f-2ed4-4466-a25e-0b45ade68efd"},{"properties":{"displayName":"Require
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"microsoft.network/virtualNetworks"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableDDoSProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","type":"Microsoft.Authorization/policyDefinitions","name":"a7aca53f-2ed4-4466-a25e-0b45ade68efd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1570 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1570"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7fcf38d-bb09-4600-be7d-825046eb162a","type":"Microsoft.Authorization/policyDefinitions","name":"a7fcf38d-bb09-4600-be7d-825046eb162a"},{"properties":{"displayName":"Require
encryption on Data Lake Store accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
policy ensures encryption is enabled on all Data Lake Store accounts","metadata":{"category":"Data
- Lake"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},{"field":"Microsoft.DataLakeStore/accounts/encryptionState","equals":"Disabled"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"a7ff3161-0087-490a-9ad9-ad6217f4f43a"},{"properties":{"displayName":"[Deprecated]
+ Lake"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},{"field":"Microsoft.DataLakeStore/accounts/encryptionState","equals":"Disabled"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"a7ff3161-0087-490a-9ad9-ad6217f4f43a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1295 - Information System Recovery And Reconstitution","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1295"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a895fbdb-204d-4302-9689-0a59dc42b3d9","type":"Microsoft.Authorization/policyDefinitions","name":"a895fbdb-204d-4302-9689-0a59dc42b3d9"},{"properties":{"displayName":"[Deprecated]
Monitor unencrypted SQL databases in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Unencrypted
SQL databases will be monitored by Azure Security Center as recommendations.
This policy is deprecated and replaced by the following policy: Transparent
Data Encryption on SQL databases should be enabled''","metadata":{"category":"Security
Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16","type":"Microsoft.Authorization/policyDefinitions","name":"a8bef009-a5c9-4d0f-90d7-6018734e8a16"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16","type":"Microsoft.Authorization/policyDefinitions","name":"a8bef009-a5c9-4d0f-90d7-6018734e8a16"},{"properties":{"displayName":"Microsoft
+ Managed Control 1283 - Telecommunications Services | Separation Of Primary
+ / Alternate Providers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1283"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9172e76-7f56-46e9-93bf-75d69bdb5491","type":"Microsoft.Authorization/policyDefinitions","name":"a9172e76-7f56-46e9-93bf-75d69bdb5491"},{"properties":{"displayName":"Microsoft
+ Managed Control 1400 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1400"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a96d5098-a604-4cdf-90b1-ef6449a27424","type":"Microsoft.Authorization/policyDefinitions","name":"a96d5098-a604-4cdf-90b1-ef6449a27424"},{"properties":{"displayName":"Microsoft
+ Managed Control 1118 - Audit Review, Analysis, And Reporting | Correlate Audit
+ Repositories","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1118"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a96f743d-a195-420d-983a-08aa06bc441e","type":"Microsoft.Authorization/policyDefinitions","name":"a96f743d-a195-420d-983a-08aa06bc441e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1199 - Configuration Change Control | Cryptography Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1199"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9a08d1c-09b1-48f1-90ea-029bbdf7111e","type":"Microsoft.Authorization/policyDefinitions","name":"a9a08d1c-09b1-48f1-90ea-029bbdf7111e"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Detailed Tracking''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -6257,22 +9075,60 @@ interactions:
policy creates a network watcher resource in regions with virtual networks.
You need to ensure existence of a resource group named networkWatcherRG, which
will be used to deploy network watcher instances.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/virtualNetworks"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Network/networkWatchers","resourceGroupName":"networkWatcherRG","existenceCondition":{"field":"location","equals":"[field(''location'')]"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json","contentVersion":"1.0.0.0","parameters":{"location":{"type":"string"}},"resources":[{"apiVersion":"2016-09-01","type":"Microsoft.Network/networkWatchers","name":"[concat(''networkWatcher_'',
- parameters(''location''))]","location":"[parameters(''location'')]"}]},"parameters":{"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9","type":"Microsoft.Authorization/policyDefinitions","name":"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9"},{"properties":{"displayName":"MFA
+ parameters(''location''))]","location":"[parameters(''location'')]"}]},"parameters":{"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9","type":"Microsoft.Authorization/policyDefinitions","name":"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1511 - Personnel Screening","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1511"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9eae324-d327-4539-9293-b48e122465f8","type":"Microsoft.Authorization/policyDefinitions","name":"a9eae324-d327-4539-9293-b48e122465f8"},{"properties":{"displayName":"MFA
should be enabled on accounts with owner permissions on your subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor
Authentication (MFA) should be enabled for all subscription accounts with
owner permissions to prevent a breach of accounts or resources.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","type":"Microsoft.Authorization/policyDefinitions","name":"aa633080-8b72-40c4-a2d7-d00c03e80bed"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","type":"Microsoft.Authorization/policyDefinitions","name":"aa633080-8b72-40c4-a2d7-d00c03e80bed"},{"properties":{"displayName":"Ensure
+ that Register with Azure Active Directory is enabled on WEB App","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aa81768c-cb87-4ce2-bfaa-00baa10d760c","type":"Microsoft.Authorization/policyDefinitions","name":"aa81768c-cb87-4ce2-bfaa-00baa10d760c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1539 - Security Categorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1539"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aabb155f-e7a5-4896-a767-e918bfae2ee0","type":"Microsoft.Authorization/policyDefinitions","name":"aabb155f-e7a5-4896-a767-e918bfae2ee0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1006 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1006"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aae8d54c-4bce-4c04-b3aa-5b65b67caac8","type":"Microsoft.Authorization/policyDefinitions","name":"aae8d54c-4bce-4c04-b3aa-5b65b67caac8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1461 - Monitoring Physical Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1461"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aafef03e-fea8-470b-88fa-54bd1fcd7064","type":"Microsoft.Authorization/policyDefinitions","name":"aafef03e-fea8-470b-88fa-54bd1fcd7064"},{"properties":{"displayName":"Microsoft
+ Managed Control 1073 - Access Control For Mobile Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1073"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ab55cdb0-c7dd-4bd8-ae22-a7cea7594e9c","type":"Microsoft.Authorization/policyDefinitions","name":"ab55cdb0-c7dd-4bd8-ae22-a7cea7594e9c"},{"properties":{"displayName":"Ensure
+ that ''PHP version'' is the latest, if used as a part of the Function app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for PHP software either due to security flaws
+ or to include additional functionality. Using the latest PHP version for Function
+ apps is recommended in order to to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ PHP version","description":"Latest supported PHP version for App Services"},"defaultValue":"7.3"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PHP"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PHP|'',
+ parameters(''PHPLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":"[parameters(''PHPLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ab965db2-d2bf-4b64-8b39-c38ec8179461","type":"Microsoft.Authorization/policyDefinitions","name":"ab965db2-d2bf-4b64-8b39-c38ec8179461"},{"properties":{"displayName":"[Deprecated]:
Automatic provisioning of security monitoring agent","policyType":"BuiltIn","mode":"All","description":"Installs
security agent on VMs for advanced security alerts and preventions in Azure
Security Center. Applies only for subscriptions that use Azure Security Center.","metadata":{"category":"Security
- Center","deprecated":true},"parameters":{},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Security/complianceResults","name":"securityAgent","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24","type":"Microsoft.Authorization/policyDefinitions","name":"abcc6037-1fc4-47f6-aac5-89706589be24"},{"properties":{"displayName":"Advanced
+ Center","deprecated":true},"parameters":{},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Security/complianceResults","name":"securityAgent","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24","type":"Microsoft.Authorization/policyDefinitions","name":"abcc6037-1fc4-47f6-aac5-89706589be24"},{"properties":{"displayName":"Microsoft
+ Managed Control 1323 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1323"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abe8f70b-680f-470c-9b86-a7edfb664ecc","type":"Microsoft.Authorization/policyDefinitions","name":"abe8f70b-680f-470c-9b86-a7edfb664ecc"},{"properties":{"displayName":"Advanced
data security should be enabled on your SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"Audit
SQL servers without Advanced Data Security","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/state","equals":"Enabled"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","type":"Microsoft.Authorization/policyDefinitions","name":"abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9"},{"properties":{"displayName":"Advanced
data security should be enabled on your SQL managed instances","policyType":"BuiltIn","mode":"Indexed","description":"Audit
SQL managed instances without Advanced Data Security","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/state","equals":"Enabled"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","type":"Microsoft.Authorization/policyDefinitions","name":"abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/state","equals":"Enabled"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","type":"Microsoft.Authorization/policyDefinitions","name":"abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1056 - Session Termination | User-Initiated Logouts / Message
+ Displays","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1056"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac43352f-df83-4694-8738-cfce549fd08d","type":"Microsoft.Authorization/policyDefinitions","name":"ac43352f-df83-4694-8738-cfce549fd08d"},{"properties":{"displayName":"[Preview]:
Role-Based Access Control (RBAC) should be used on Kubernetes Services","policyType":"BuiltIn","mode":"All","description":"To
provide granular filtering on the actions that users can perform, use Role-Based
Access Control (RBAC) to manage permissions in Kubernetes Service Clusters
@@ -6281,18 +9137,38 @@ interactions:
or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/enableRBAC","exists":"false"},{"field":"Microsoft.ContainerService/managedClusters/enableRBAC","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","type":"Microsoft.Authorization/policyDefinitions","name":"ac4a19c2-fa67-49b4-8ae5-0b2e78c49457"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation if ''environment'' tag value in allowed values","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation if the ''environment'' tag is set to one of the following
- values: production, dev, test, staging","metadata":{"category":"Tags","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags[''environment'']","in":["production","dev","test","staging"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9","type":"Microsoft.Authorization/policyDefinitions","name":"ac7e5fc0-c029-4b12-91d4-a8500ce697f9"},{"properties":{"displayName":"SQL
+ values: production, dev, test, staging","metadata":{"category":"Tags","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags[''environment'']","in":["production","dev","test","staging"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9","type":"Microsoft.Authorization/policyDefinitions","name":"ac7e5fc0-c029-4b12-91d4-a8500ce697f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1569 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1569"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ad2f8e61-a564-4dfd-8eaa-816f5be8cb34","type":"Microsoft.Authorization/policyDefinitions","name":"ad2f8e61-a564-4dfd-8eaa-816f5be8cb34"},{"properties":{"displayName":"Microsoft
+ Managed Control 1454 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1454"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ad58985d-ab32-4f99-8bd3-b7e134c90229","type":"Microsoft.Authorization/policyDefinitions","name":"ad58985d-ab32-4f99-8bd3-b7e134c90229"},{"properties":{"displayName":"Microsoft
+ Managed Control 1025 - Account Management | Account Monitoring / Atypical
+ Usage","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1025"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/adfe020d-0a97-45f4-a39c-696ef99f3a95","type":"Microsoft.Authorization/policyDefinitions","name":"adfe020d-0a97-45f4-a39c-696ef99f3a95"},{"properties":{"displayName":"Microsoft
+ Managed Control 1272 - Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1272"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8","type":"Microsoft.Authorization/policyDefinitions","name":"ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8"},{"properties":{"displayName":"SQL
Server should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any SQL Server not configured to use a virtual network service
endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/virtualNetworkRules","existenceCondition":{"field":"Microsoft.Sql/servers/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ae5d2f14-d830-42b6-9899-df6cfe9c71a3","type":"Microsoft.Authorization/policyDefinitions","name":"ae5d2f14-d830-42b6-9899-df6cfe9c71a3"},{"properties":{"displayName":"Email
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/virtualNetworkRules","existenceCondition":{"field":"Microsoft.Sql/servers/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ae5d2f14-d830-42b6-9899-df6cfe9c71a3","type":"Microsoft.Authorization/policyDefinitions","name":"ae5d2f14-d830-42b6-9899-df6cfe9c71a3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1598 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1598"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ae7e1f5e-2d63-4b38-91ef-bce14151cce3","type":"Microsoft.Authorization/policyDefinitions","name":"ae7e1f5e-2d63-4b38-91ef-bce14151cce3"},{"properties":{"displayName":"Email
notifications to admins and subscription owners should be enabled in SQL managed
instance advanced data security settings","policyType":"BuiltIn","mode":"Indexed","description":"Audit
that ''email notification to admins and subscription owners'' is enabled in
the SQL managed instance advanced threat protection settings. This ensures
that any detections of anomalous activities on SQL managed instance are reported
as soon as possible to the admins.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","type":"Microsoft.Authorization/policyDefinitions","name":"aeb23562-188d-47cb-80b8-551f16ef9fff"},{"properties":{"displayName":"Monitor
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","type":"Microsoft.Authorization/policyDefinitions","name":"aeb23562-188d-47cb-80b8-551f16ef9fff"},{"properties":{"displayName":"Microsoft
+ Managed Control 1413 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1413"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aeedddb6-6bc0-42d5-809b-80048033419d","type":"Microsoft.Authorization/policyDefinitions","name":"aeedddb6-6bc0-42d5-809b-80048033419d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1710 - Security Function Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1710"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/af2a93c8-e6dd-4c94-acdd-4a2eedfc478e","type":"Microsoft.Authorization/policyDefinitions","name":"af2a93c8-e6dd-4c94-acdd-4a2eedfc478e"},{"properties":{"displayName":"Monitor
missing Endpoint Protection in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Servers
without an installed Endpoint Protection agent will be monitored by Azure
Security Center as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -6302,22 +9178,50 @@ interactions:
Security Center as recommendations. This policy is deprecated and replaced
by the following policy: ''Auditing should be enabled on advanced data security
settings on SQL Server''","metadata":{"category":"Security Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"auditing","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d","type":"Microsoft.Authorization/policyDefinitions","name":"af8051bf-258b-44e2-a2bf-165330459f9d"},{"properties":{"displayName":"Activity
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"auditing","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d","type":"Microsoft.Authorization/policyDefinitions","name":"af8051bf-258b-44e2-a2bf-165330459f9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1645 - Cryptographic Key Establishment And Management | Symmetric
+ Keys","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1645"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/afbd0baf-ff1a-4447-a86f-088a97347c0c","type":"Microsoft.Authorization/policyDefinitions","name":"afbd0baf-ff1a-4447-a86f-088a97347c0c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1725 - Error Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1725"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/afc234b5-456b-4aa5-b3e2-ce89108124cc","type":"Microsoft.Authorization/policyDefinitions","name":"afc234b5-456b-4aa5-b3e2-ce89108124cc"},{"properties":{"displayName":"Activity
log should be retained for at least one year","policyType":"BuiltIn","mode":"All","description":"This
policy audits the activity log if the retention is not set for 365 days or
forever (retention days set to 0).","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"true"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"365"}]},{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"false"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"0"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","type":"Microsoft.Authorization/policyDefinitions","name":"b02aacc0-b073-424e-8298-42b22829ee0a"},{"properties":{"displayName":"Just-In-Time
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"true"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"365"}]},{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"false"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"0"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","type":"Microsoft.Authorization/policyDefinitions","name":"b02aacc0-b073-424e-8298-42b22829ee0a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1429 - Media Marking","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1429"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b07c9b24-729e-4e85-95fc-f224d2d08a80","type":"Microsoft.Authorization/policyDefinitions","name":"b07c9b24-729e-4e85-95fc-f224d2d08a80"},{"properties":{"displayName":"Microsoft
+ Managed Control 1711 - Security Function Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1711"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b083a535-a66a-41ec-ba7f-f9498bf67cde","type":"Microsoft.Authorization/policyDefinitions","name":"b083a535-a66a-41ec-ba7f-f9498bf67cde"},{"properties":{"displayName":"Just-In-Time
network access control should be applied on virtual machines","policyType":"BuiltIn","mode":"All","description":"Possible
network Just In Time (JIT) access will be monitored by Azure Security Center
as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"jitNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","type":"Microsoft.Authorization/policyDefinitions","name":"b0f33259-77d7-4c9e-aac6-3aabcfae693c"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"jitNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","type":"Microsoft.Authorization/policyDefinitions","name":"b0f33259-77d7-4c9e-aac6-3aabcfae693c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1571 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1571"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b11c985b-f2cd-4bd7-85f4-b52426edf905","type":"Microsoft.Authorization/policyDefinitions","name":"b11c985b-f2cd-4bd7-85f4-b52426edf905"},{"properties":{"displayName":"[Preview]:
Show audit results from Linux VMs that do not have the passwd file permissions
set to 0644","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Linux
virtual machines that do not have the passwd file permissions set to 0644.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","type":"Microsoft.Authorization/policyDefinitions","name":"b18175dd-c599-4c64-83ba-bb018a06d35b"},{"properties":{"displayName":"All
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","type":"Microsoft.Authorization/policyDefinitions","name":"b18175dd-c599-4c64-83ba-bb018a06d35b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1537 - Risk Assessment Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1537"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b19454ca-0d70-42c0-acf5-ea1c1e5726d1","type":"Microsoft.Authorization/policyDefinitions","name":"b19454ca-0d70-42c0-acf5-ea1c1e5726d1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1091 - Security Awareness Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1091"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b23bd715-5d1c-4e5c-9759-9cbdf79ded9d","type":"Microsoft.Authorization/policyDefinitions","name":"b23bd715-5d1c-4e5c-9759-9cbdf79ded9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1078 - Use Of External Information Systems | Limits On Authorized
+ Use","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1078"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b25faf85-8a16-4f28-8e15-d05c0072d64d","type":"Microsoft.Authorization/policyDefinitions","name":"b25faf85-8a16-4f28-8e15-d05c0072d64d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1009 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1009"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b26f8610-e615-47c2-abd6-c00b2b0b503a","type":"Microsoft.Authorization/policyDefinitions","name":"b26f8610-e615-47c2-abd6-c00b2b0b503a"},{"properties":{"displayName":"All
authorization rules except RootManageSharedAccessKey should be removed from
Event Hub namespace","policyType":"BuiltIn","mode":"All","description":"Event
Hub clients should not use a namespace level access policy that provides access
@@ -6325,7 +9229,13 @@ interactions:
security model, you shoud create access policies at the entity level for queues
and topics to provide access to only the specific entity","metadata":{"category":"Event
Hub"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.EventHub/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","type":"Microsoft.Authorization/policyDefinitions","name":"b278e460-7cfc-4451-8294-cccc40a940d7"},{"properties":{"displayName":"Deploy
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.EventHub/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","type":"Microsoft.Authorization/policyDefinitions","name":"b278e460-7cfc-4451-8294-cccc40a940d7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1234 - Software Usage Restrictions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1234"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b293f881-361c-47ed-b997-bc4e2296bc0b","type":"Microsoft.Authorization/policyDefinitions","name":"b293f881-361c-47ed-b997-bc4e2296bc0b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1107 - Content Of Audit Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1107"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b29ed931-8e21-4779-8458-27916122a904","type":"Microsoft.Authorization/policyDefinitions","name":"b29ed931-8e21-4779-8458-27916122a904"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows web servers that are not using secure communication
protocols","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Windows web servers that
@@ -6352,14 +9262,29 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''System Audit Policies - Logon-Logoff''. For more information on
Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesLogonLogoff","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b3802d79-dd88-4bce-b81d-780218e48280","type":"Microsoft.Authorization/policyDefinitions","name":"b3802d79-dd88-4bce-b81d-780218e48280"},{"properties":{"displayName":"Diagnostic
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesLogonLogoff","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b3802d79-dd88-4bce-b81d-780218e48280","type":"Microsoft.Authorization/policyDefinitions","name":"b3802d79-dd88-4bce-b81d-780218e48280"},{"properties":{"displayName":"Microsoft
+ Managed Control 1041 - Least Privilege | Privilege Levels For Code Execution","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1041"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b3d8d15b-627a-4219-8c96-4d16f788888b","type":"Microsoft.Authorization/policyDefinitions","name":"b3d8d15b-627a-4219-8c96-4d16f788888b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1380 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1380"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4319b7e-ea8d-42ff-8a67-ccd462972827","type":"Microsoft.Authorization/policyDefinitions","name":"b4319b7e-ea8d-42ff-8a67-ccd462972827"},{"properties":{"displayName":"Diagnostic
logs in Search services should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Search"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","type":"Microsoft.Authorization/policyDefinitions","name":"b4330a05-a843-4bc8-bf9a-cacce50c67f4"},{"properties":{"displayName":"[Deprecated]:
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","type":"Microsoft.Authorization/policyDefinitions","name":"b4330a05-a843-4bc8-bf9a-cacce50c67f4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1172 - Internal System Connections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1172"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b43e946e-a4c8-4b92-8201-4a39331db43c","type":"Microsoft.Authorization/policyDefinitions","name":"b43e946e-a4c8-4b92-8201-4a39331db43c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1672 - Flaw Remediation | Central Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1672"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b45fe972-904e-45a4-ac20-673ba027a301","type":"Microsoft.Authorization/policyDefinitions","name":"b45fe972-904e-45a4-ac20-673ba027a301"},{"properties":{"displayName":"Microsoft
+ Managed Control 1131 - Protection Of Audit Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1131"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b472a17e-c2bc-493f-b50b-42d55a346962","type":"Microsoft.Authorization/policyDefinitions","name":"b472a17e-c2bc-493f-b50b-42d55a346962"},{"properties":{"displayName":"[Deprecated]:
Audit Web Sockets state for an API App","policyType":"BuiltIn","mode":"All","description":"The
Web Sockets protocol is vulnerable to different types of security threats.
Use of Web Sockets within an API app must be carefully reviewed.","metadata":{"category":"Security
@@ -6368,7 +9293,10 @@ interactions:
security contact phone number should be provided for your subscription","policyType":"BuiltIn","mode":"All","description":"Enter
a phone number to receive notifications when Azure Security Center detects
compromised resources","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/phone","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","type":"Microsoft.Authorization/policyDefinitions","name":"b4d66858-c922-44e3-9566-5cdb7a7be744"},{"properties":{"displayName":"Service
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/phone","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","type":"Microsoft.Authorization/policyDefinitions","name":"b4d66858-c922-44e3-9566-5cdb7a7be744"},{"properties":{"displayName":"Microsoft
+ Managed Control 1286 - Telecommunications Services | Provider Contingency
+ Plan","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1286"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4f9b47a-2116-4e6f-88db-4edbf22753f1","type":"Microsoft.Authorization/policyDefinitions","name":"b4f9b47a-2116-4e6f-88db-4edbf22753f1"},{"properties":{"displayName":"Service
Fabric clusters should only use Azure Active Directory for client authentication","policyType":"BuiltIn","mode":"Indexed","description":"Audit
usage of client authentication only via Azure Active Directory in Service
Fabric","metadata":{"category":"Service Fabric"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -6376,20 +9304,34 @@ interactions:
Advanced Threat Protection for Cosmos DB Accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
policy enables Advanced Threat Protection across Cosmos DB accounts.","metadata":{"category":"Cosmos
DB"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"cosmosDbAccountName":{"type":"string"}},"resources":[{"apiVersion":"2017-08-01-preview","type":"Microsoft.DocumentDB/databaseAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''cosmosDbAccountName''),
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"cosmosDbAccountName":{"type":"string"}},"resources":[{"apiVersion":"2019-01-01","type":"Microsoft.DocumentDB/databaseAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''cosmosDbAccountName''),
''/Microsoft.Security/current'')]","properties":{"isEnabled":true}}]},"parameters":{"cosmosDbAccountName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656","type":"Microsoft.Authorization/policyDefinitions","name":"b5f04e03-92a3-4b09-9410-2cc5e5047656"},{"properties":{"displayName":"Diagnostic
logs in App Services should be enabled","policyType":"BuiltIn","mode":"All","description":"Audit
enabling of diagnostic logs on the app. This enables you to recreate activity
trails for investigation purposes if a security incident occurs or your network
is compromised","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","notContains":"functionapp"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"allOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","type":"Microsoft.Authorization/policyDefinitions","name":"b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0"},{"properties":{"displayName":"Network
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","notContains":"functionapp"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"allOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","type":"Microsoft.Authorization/policyDefinitions","name":"b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1419 - Nonlocal Maintenance | Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1419"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6747bf9-2b97-45b8-b162-3c8becb9937d","type":"Microsoft.Authorization/policyDefinitions","name":"b6747bf9-2b97-45b8-b162-3c8becb9937d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1301 - Identification And Authentication (Org. Users) | Network
+ Access To Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1301"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08","type":"Microsoft.Authorization/policyDefinitions","name":"b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08"},{"properties":{"displayName":"Microsoft
+ Managed Control 1568 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1568"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6a8eae8-9854-495a-ac82-d2cd3eac02a6","type":"Microsoft.Authorization/policyDefinitions","name":"b6a8eae8-9854-495a-ac82-d2cd3eac02a6"},{"properties":{"displayName":"Network
Watcher should be enabled","policyType":"BuiltIn","mode":"All","description":"Network
Watcher is a regional service that enables you to monitor and diagnose conditions
at a network scenario level in, to, and from Azure. Scenario level monitoring
enables you to diagnose problems at an end to end network level view. Network
diagnostic and visualization tools available with Network Watcher help you
understand, diagnose, and gain insights to your network in Azure.","metadata":{"category":"Network"},"parameters":{"listOfLocations":{"type":"Array","metadata":{"displayName":"Locations","description":"Audit
- if Network Watcher is not enabled for region(s).","strongType":"location"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Network/networkWatchers","resourceGroupName":"NetworkWatcherRG","existenceCondition":{"field":"location","in":"[parameters(''listOfLocations'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","type":"Microsoft.Authorization/policyDefinitions","name":"b6e2945c-0b7b-40f5-9233-7a5323b5cdc6"},{"properties":{"displayName":"API
+ if Network Watcher is not enabled for region(s).","strongType":"location"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Network/networkWatchers","resourceGroupName":"NetworkWatcherRG","existenceCondition":{"field":"location","in":"[parameters(''listOfLocations'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","type":"Microsoft.Authorization/policyDefinitions","name":"b6e2945c-0b7b-40f5-9233-7a5323b5cdc6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1608 - Supply Chain Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1608"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b73b7b3b-677c-4a2a-b949-ad4dc4acd89f","type":"Microsoft.Authorization/policyDefinitions","name":"b73b7b3b-677c-4a2a-b949-ad4dc4acd89f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1401 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1401"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b78ee928-e3c1-4569-ad97-9f8c4b629847","type":"Microsoft.Authorization/policyDefinitions","name":"b78ee928-e3c1-4569-ad97-9f8c4b629847"},{"properties":{"displayName":"API
App should only be accessible over HTTPS","policyType":"BuiltIn","mode":"Indexed","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -6419,7 +9361,37 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Security
Options - Accounts''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAccounts","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b872a447-cc6f-43b9-bccf-45703cd81607","type":"Microsoft.Authorization/policyDefinitions","name":"b872a447-cc6f-43b9-bccf-45703cd81607"},{"properties":{"displayName":"[Preview]:
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAccounts","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b872a447-cc6f-43b9-bccf-45703cd81607","type":"Microsoft.Authorization/policyDefinitions","name":"b872a447-cc6f-43b9-bccf-45703cd81607"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Logic Apps to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Logic Apps to stream to a regional Log Analytics
+ workspace when any Logic Apps which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Logic/workflows/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"WorkflowRuntime","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721","type":"Microsoft.Authorization/policyDefinitions","name":"b889a06c-ec72-4b03-910a-cb169ee18721"},{"properties":{"displayName":"Microsoft
+ Managed Control 1257 - Contingency Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1257"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b958b241-4245-4bd6-bd2d-b8f0779fb543","type":"Microsoft.Authorization/policyDefinitions","name":"b958b241-4245-4bd6-bd2d-b8f0779fb543"},{"properties":{"displayName":"Microsoft
+ Managed Control 1186 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1186"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b95ba3bd-4ded-49ea-9d10-c6f4b680813d","type":"Microsoft.Authorization/policyDefinitions","name":"b95ba3bd-4ded-49ea-9d10-c6f4b680813d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1447 - Physical Access Authorizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1447"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b9783a99-98fe-4a95-873f-29613309fe9a","type":"Microsoft.Authorization/policyDefinitions","name":"b9783a99-98fe-4a95-873f-29613309fe9a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1625 - Boundary Protection | Access Points","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1625"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b9b66a4d-70a1-4b47-8fa1-289cec68c605","type":"Microsoft.Authorization/policyDefinitions","name":"b9b66a4d-70a1-4b47-8fa1-289cec68c605"},{"properties":{"displayName":"Microsoft
+ Managed Control 1610 - Development Process, Standards, And Tools","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1610"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b9f3fb54-4222-46a1-a308-4874061f8491","type":"Microsoft.Authorization/policyDefinitions","name":"b9f3fb54-4222-46a1-a308-4874061f8491"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Recovery console''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -6427,7 +9399,23 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - Recovery console''. For more information on
Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsRecoveryconsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b","type":"Microsoft.Authorization/policyDefinitions","name":"ba12366f-f9a6-42b8-9d98-157d0b1a837b"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsRecoveryconsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b","type":"Microsoft.Authorization/policyDefinitions","name":"ba12366f-f9a6-42b8-9d98-157d0b1a837b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1606 - Developer Security Testing And Evaluation | Threat
+ And Vulnerability Analyses","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1606"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca","type":"Microsoft.Authorization/policyDefinitions","name":"baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1726 - Information Handling And Retention","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1726"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/baff1279-05e0-4463-9a70-8ba5de4c7aa4","type":"Microsoft.Authorization/policyDefinitions","name":"baff1279-05e0-4463-9a70-8ba5de4c7aa4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1166 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1166"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bb02733d-3cc5-4bb0-a6cd-695ba2c2272e","type":"Microsoft.Authorization/policyDefinitions","name":"bb02733d-3cc5-4bb0-a6cd-695ba2c2272e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1188 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1188"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bb20548a-c926-4e4d-855c-bcddc6faf95e","type":"Microsoft.Authorization/policyDefinitions","name":"bb20548a-c926-4e4d-855c-bcddc6faf95e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1533 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1533"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bba2a036-fb3b-4261-b1be-a13dfb5fbcaa","type":"Microsoft.Authorization/policyDefinitions","name":"bba2a036-fb3b-4261-b1be-a13dfb5fbcaa"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Microsoft Network Client''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -6476,7 +9464,14 @@ interactions:
the latest supported Python version for the latest security classes. Using
older classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPython","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644","type":"Microsoft.Authorization/policyDefinitions","name":"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPython","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644","type":"Microsoft.Authorization/policyDefinitions","name":"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644"},{"properties":{"displayName":"Microsoft
+ Managed Control 1194 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1194"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc34667f-397e-4a65-9b72-d0358f0b6b09","type":"Microsoft.Authorization/policyDefinitions","name":"bc34667f-397e-4a65-9b72-d0358f0b6b09"},{"properties":{"displayName":"Microsoft
+ Managed Control 1095 - Role-Based Security Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1095"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc3f6f7a-057b-433e-9834-e8c97b0194f6","type":"Microsoft.Authorization/policyDefinitions","name":"bc3f6f7a-057b-433e-9834-e8c97b0194f6"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Account Logon''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -6484,7 +9479,16 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''System Audit Policies - Account Logon''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesAccountLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc87d811-4a9b-47cc-ae54-0a41abda7768","type":"Microsoft.Authorization/policyDefinitions","name":"bc87d811-4a9b-47cc-ae54-0a41abda7768"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesAccountLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc87d811-4a9b-47cc-ae54-0a41abda7768","type":"Microsoft.Authorization/policyDefinitions","name":"bc87d811-4a9b-47cc-ae54-0a41abda7768"},{"properties":{"displayName":"Microsoft
+ Managed Control 1427 - Media Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1427"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc90e44f-d83f-4bdf-900f-3d5eb4111b31","type":"Microsoft.Authorization/policyDefinitions","name":"bc90e44f-d83f-4bdf-900f-3d5eb4111b31"},{"properties":{"displayName":"Microsoft
+ Managed Control 1351 - Incident Response Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1351"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bcfb6683-05e5-4ce6-9723-c3fbe9896bdd","type":"Microsoft.Authorization/policyDefinitions","name":"bcfb6683-05e5-4ce6-9723-c3fbe9896bdd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1050 - Concurrent Session Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1050"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bd20184c-b4ec-4ce5-8db6-6e86352d183f","type":"Microsoft.Authorization/policyDefinitions","name":"bd20184c-b4ec-4ce5-8db6-6e86352d183f"},{"properties":{"displayName":"[Preview]:
IP Forwarding on your virtual machine should be disabled","policyType":"BuiltIn","mode":"All","description":"Enabling
IP forwarding on a virtual machine''s NIC allows the machine to receive traffic
addressed to other destinations. IP forwarding is rarely required (e.g., when
@@ -6509,7 +9513,38 @@ interactions:
the latest supported Java version for the latest security classes. Using older
classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6","type":"Microsoft.Authorization/policyDefinitions","name":"be0a7681-bed4-48dc-9ff3-f0171ee170b6"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6","type":"Microsoft.Authorization/policyDefinitions","name":"be0a7681-bed4-48dc-9ff3-f0171ee170b6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1360 - Incident Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1360"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/be5b05e7-0b82-4ebc-9eda-25e447b1a41e","type":"Microsoft.Authorization/policyDefinitions","name":"be5b05e7-0b82-4ebc-9eda-25e447b1a41e"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Key Vault to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Key Vault to stream to a regional Log Analytics
+ workspace when any Key Vault which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.KeyVault/vaults/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"AuditEvent","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47","type":"Microsoft.Authorization/policyDefinitions","name":"bef3f64c-5290-43b7-85b0-9b254eef4c47"},{"properties":{"displayName":"Microsoft
+ Managed Control 1152 - System Interconnections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1152"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/beff0acf-7e67-40b2-b1ca-1a0e8205cf1b","type":"Microsoft.Authorization/policyDefinitions","name":"beff0acf-7e67-40b2-b1ca-1a0e8205cf1b"},{"properties":{"displayName":"Geo-redundant
+ storage should be enabled for Storage Accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Storage Account with geo-redundant storage not enabled.","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":["Standard_GRS","Standard_RAGRS","Standard_GZRS","Standard_RAGZRS"]}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bf045164-79ba-4215-8f95-f8048dc1780b","type":"Microsoft.Authorization/policyDefinitions","name":"bf045164-79ba-4215-8f95-f8048dc1780b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1590 - External Information System Services | Risk Assessments
+ / Organizational Approvals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1590"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bf296b8c-f391-4ea4-9198-be3c9d39dd1f","type":"Microsoft.Authorization/policyDefinitions","name":"bf296b8c-f391-4ea4-9198-be3c9d39dd1f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1446 - Physical And Environmental Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1446"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bf6850fe-abba-468e-9ef4-d09ec7d983cd","type":"Microsoft.Authorization/policyDefinitions","name":"bf6850fe-abba-468e-9ef4-d09ec7d983cd"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - Logon-Logoff''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -6530,7 +9565,41 @@ interactions:
policy governs the virtual machine extensions that are not approved.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"approvedExtensions":{"type":"Array","metadata":{"description":"The
list of approved extension types that can be installed. Example: AzureDiskEncryption","displayName":"Approved
- extensions"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines/extensions"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","notIn":"[parameters(''approvedExtensions'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432","type":"Microsoft.Authorization/policyDefinitions","name":"c0e996f8-39cf-4af9-9f45-83fbde810432"},{"properties":{"displayName":"[Deprecated]:
+ extensions"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines/extensions"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","notIn":"[parameters(''approvedExtensions'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432","type":"Microsoft.Authorization/policyDefinitions","name":"c0e996f8-39cf-4af9-9f45-83fbde810432"},{"properties":{"displayName":"Microsoft
+ Managed Control 1124 - Audit Reduction And Report Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1124"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c10152dd-78f8-4335-ae2d-ad92cc028da4","type":"Microsoft.Authorization/policyDefinitions","name":"c10152dd-78f8-4335-ae2d-ad92cc028da4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1676 - Malicious Code Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1676"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c10fb58b-56a8-489e-9ce3-7ffe24e78e4b","type":"Microsoft.Authorization/policyDefinitions","name":"c10fb58b-56a8-489e-9ce3-7ffe24e78e4b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1719 - Spam Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1719"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c13da9b4-fe14-4fe2-853a-5997c9d4215a","type":"Microsoft.Authorization/policyDefinitions","name":"c13da9b4-fe14-4fe2-853a-5997c9d4215a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1226 - Information System Component Inventory | Automated
+ Unauthorized Component Detection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1226"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c158eb1c-ae7e-4081-8057-d527140c4e0c","type":"Microsoft.Authorization/policyDefinitions","name":"c158eb1c-ae7e-4081-8057-d527140c4e0c"},{"properties":{"displayName":"Deploy
+ associations for a custom provider","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ an association resource that associates selected resource types to the specified
+ custom provider. This policy deployment does not support nested resource types.","metadata":{"category":"Custom
+ Provider"},"parameters":{"targetCustomProviderId":{"type":"String","metadata":{"displayName":"Custom
+ provider Id","description":"Resource ID of the Custom provider to which resources
+ need to be associated."}},"resourceTypesToAssociate":{"type":"Array","metadata":{"displayName":"Resource
+ types to associate","description":"The list of resource types to be associated
+ to the custom provider.","strongType":"resourceTypes"}},"associationNamePrefix":{"type":"String","metadata":{"displayName":"Association
+ name prefix","description":"Prefix to be added to the name of the association
+ resource being created."},"defaultValue":"DeployedByPolicy"}},"policyRule":{"if":{"field":"type","in":"[parameters(''resourceTypesToAssociate'')]"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.CustomProviders/Associations","name":"[concat(parameters(''associationNamePrefix''),
+ ''-'', uniqueString(parameters(''targetCustomProviderId'')))]","roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"associatedResourceName":{"type":"string"},"resourceTypesToAssociate":{"type":"string"},"targetCustomProviderId":{"type":"string"},"associationNamePrefix":{"type":"string"}},"variables":{"resourceType":"[concat(parameters(''resourceTypesToAssociate''),
+ ''/providers/associations'')]","resourceName":"[concat(parameters(''associatedResourceName''),
+ ''/microsoft.customproviders/'', parameters(''associationNamePrefix''), ''-'',
+ uniqueString(parameters(''targetCustomProviderId'')))]"},"resources":[{"type":"Microsoft.Resources/deployments","apiVersion":"2017-05-10","name":"[concat(deployment().Name,
+ ''-2'')]","properties":{"mode":"Incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[{"type":"[variables(''resourceType'')]","name":"[variables(''resourceName'')]","apiVersion":"2018-09-01-preview","properties":{"targetResourceId":"[parameters(''targetCustomProviderId'')]"}}]}}}]},"parameters":{"resourceTypesToAssociate":{"value":"[field(''type'')]"},"associatedResourceName":{"value":"[field(''name'')]"},"targetCustomProviderId":{"value":"[parameters(''targetCustomProviderId'')]"},"associationNamePrefix":{"value":"[parameters(''associationNamePrefix'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c15c281f-ea5c-44cd-90b8-fc3c14d13f0c","type":"Microsoft.Authorization/policyDefinitions","name":"c15c281f-ea5c-44cd-90b8-fc3c14d13f0c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1629 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1629"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c171b095-7756-41de-8644-a062a96043f2","type":"Microsoft.Authorization/policyDefinitions","name":"c171b095-7756-41de-8644-a062a96043f2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1004 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1004"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c17822dc-736f-4eb4-a97d-e6be662ff835","type":"Microsoft.Authorization/policyDefinitions","name":"c17822dc-736f-4eb4-a97d-e6be662ff835"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation only in Asia data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation in the following locations only: East Asia, Southeast Asia,
West India, South India, Central India, Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["eastasia","southeastasia","westindia","southindia","centralindia","japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94","type":"Microsoft.Authorization/policyDefinitions","name":"c1b9cbed-08e3-427d-b9ce-7c535b1e9b94"},{"properties":{"displayName":"[Preview]:
@@ -6552,7 +9621,9 @@ interactions:
Credential Validation;ExpectedValue'', ''='', parameters(''AuditCredentialValidation'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesAccountLogon"},"AuditCredentialValidation":{"value":"[parameters(''AuditCredentialValidation'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AuditCredentialValidation":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit
Credential Validation;ExpectedValue","value":"[parameters(''AuditCredentialValidation'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1e289c0-ffad-475d-a924-adc058765d65","type":"Microsoft.Authorization/policyDefinitions","name":"c1e289c0-ffad-475d-a924-adc058765d65"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1e289c0-ffad-475d-a924-adc058765d65","type":"Microsoft.Authorization/policyDefinitions","name":"c1e289c0-ffad-475d-a924-adc058765d65"},{"properties":{"displayName":"Microsoft
+ Managed Control 1503 - Information Security Architecture","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1503"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1fa9c2f-d439-4ab9-8b83-81fb1934f81d","type":"Microsoft.Authorization/policyDefinitions","name":"c1fa9c2f-d439-4ab9-8b83-81fb1934f81d"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that are not set to the specified time
zone","policyType":"BuiltIn","mode":"Indexed","description":"This policy creates
a Guest Configuration assignment to audit Windows virtual machines that are
@@ -6627,7 +9698,24 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines on which the specified services are not installed and ''Running''.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsServiceStatus","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a","type":"Microsoft.Authorization/policyDefinitions","name":"c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a"},{"properties":{"displayName":"System
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsServiceStatus","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a","type":"Microsoft.Authorization/policyDefinitions","name":"c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a"},{"properties":{"displayName":"Ensure
+ that ''.Net Framework'' version is the latest, if used as a part of the API
+ app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for .Net Framework software either due to security
+ flaws or to include additional functionality. Using the latest .Net framework
+ version for web apps is recommended in order to to take advantage of security
+ fixes, if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.netFrameworkVersion","in":["v3.0","v4.0"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c2e7ca55-f62c-49b2-89a4-d41eb661d2f0","type":"Microsoft.Authorization/policyDefinitions","name":"c2e7ca55-f62c-49b2-89a4-d41eb661d2f0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1176 - Baseline Configuration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1176"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c30690a5-7bf3-467f-b0cd-ef5c7c7449cd","type":"Microsoft.Authorization/policyDefinitions","name":"c30690a5-7bf3-467f-b0cd-ef5c7c7449cd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1389 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1389"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c39e6fda-ae70-4891-a739-be7bba6d1062","type":"Microsoft.Authorization/policyDefinitions","name":"c39e6fda-ae70-4891-a739-be7bba6d1062"},{"properties":{"displayName":"Microsoft
+ Managed Control 1390 - Information Spillage Response | Responsible Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1390"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c3b65b63-09ec-4cb5-8028-7dd324d10eb0","type":"Microsoft.Authorization/policyDefinitions","name":"c3b65b63-09ec-4cb5-8028-7dd324d10eb0"},{"properties":{"displayName":"System
updates on virtual machine scale sets should be installed","policyType":"BuiltIn","mode":"Indexed","description":"Audit
whether there are any missing system security updates and critical updates
that should be installed to ensure that your Windows and Linux virtual machine
@@ -6639,6 +9727,13 @@ interactions:
auditing Linux virtual machines that have accounts without passwords. For
more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid232","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","type":"Microsoft.Authorization/policyDefinitions","name":"c40c9087-1981-4e73-9f53-39743eda9d05"},{"properties":{"displayName":"Microsoft
+ Managed Control 1220 - Least Functionality | Authorized Software / Whitelisting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1220"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c40f31a7-81e1-4130-99e5-a02ceea2a1d6","type":"Microsoft.Authorization/policyDefinitions","name":"c40f31a7-81e1-4130-99e5-a02ceea2a1d6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1513 - Personnel Screening | Information With Special Protection
+ Measures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1513"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c416970d-b12b-49eb-8af4-fb144cd7c290","type":"Microsoft.Authorization/policyDefinitions","name":"c416970d-b12b-49eb-8af4-fb144cd7c290"},{"properties":{"displayName":"Microsoft
Antimalware for Azure should be configured to automatically update protection
signatures","policyType":"BuiltIn","mode":"Indexed","description":"This policy
audits any Windows virtual machine not configured with automatic update of
@@ -6647,7 +9742,22 @@ interactions:
Container Registry should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Container Registry not configured to use a virtual network
service endpoint.","metadata":{"category":"Network","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerRegistry/registries"},{"anyOf":[{"field":"Microsoft.ContainerRegistry/registries/networkRuleSet.defaultAction","notEquals":"Deny"},{"field":"Microsoft.ContainerRegistry/registries/networkRuleSet.virtualNetworkRules[*].action","exists":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c4857be7-912a-4c75-87e6-e30292bcdf78","type":"Microsoft.Authorization/policyDefinitions","name":"c4857be7-912a-4c75-87e6-e30292bcdf78"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerRegistry/registries"},{"anyOf":[{"field":"Microsoft.ContainerRegistry/registries/networkRuleSet.defaultAction","notEquals":"Deny"},{"field":"Microsoft.ContainerRegistry/registries/networkRuleSet.virtualNetworkRules[*].action","exists":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c4857be7-912a-4c75-87e6-e30292bcdf78","type":"Microsoft.Authorization/policyDefinitions","name":"c4857be7-912a-4c75-87e6-e30292bcdf78"},{"properties":{"displayName":"Microsoft
+ Managed Control 1235 - Software Usage Restrictions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1235"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c49c610b-ece4-44b3-988c-2172b70d6e46","type":"Microsoft.Authorization/policyDefinitions","name":"c49c610b-ece4-44b3-988c-2172b70d6e46"},{"properties":{"displayName":"Microsoft
+ Managed Control 1173 - Internal System Connections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1173"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c4aff9e7-2e60-46fa-86be-506b79033fc5","type":"Microsoft.Authorization/policyDefinitions","name":"c4aff9e7-2e60-46fa-86be-506b79033fc5"},{"properties":{"displayName":"Managed
+ identity should be used in your API App","policyType":"BuiltIn","mode":"Indexed","description":"Use
+ a managed identity for enhanced authentication security","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","type":"Microsoft.Authorization/policyDefinitions","name":"c4d441f8-f9d9-4a9e-9cef-e82117cb3eef"},{"properties":{"displayName":"Microsoft
+ Managed Control 1600 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1600"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c53f3123-d233-44a7-930b-f40d3bfeb7d6","type":"Microsoft.Authorization/policyDefinitions","name":"c53f3123-d233-44a7-930b-f40d3bfeb7d6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1408 - Maintenance Tools | Prevent Unauthorized Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1408"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c5f56ac6-4bb2-4086-bc41-ad76344ba2c2","type":"Microsoft.Authorization/policyDefinitions","name":"c5f56ac6-4bb2-4086-bc41-ad76344ba2c2"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that contain certificates expiring
within the specified number of days","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -6688,19 +9798,60 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateStorePath","value":"[parameters(''CertificateStorePath'')]"},{"name":"[CertificateStore]CertificateStore1;ExpirationLimitInDays","value":"[parameters(''ExpirationLimitInDays'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprintsToInclude'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToExclude","value":"[parameters(''CertificateThumbprintsToExclude'')]"},{"name":"[CertificateStore]CertificateStore1;IncludeExpiredCertificates","value":"[parameters(''IncludeExpiredCertificates'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c5fbc59e-fb6f-494f-81e2-d99a671bdaa8","type":"Microsoft.Authorization/policyDefinitions","name":"c5fbc59e-fb6f-494f-81e2-d99a671bdaa8"},{"properties":{"displayName":"Email
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c5fbc59e-fb6f-494f-81e2-d99a671bdaa8","type":"Microsoft.Authorization/policyDefinitions","name":"c5fbc59e-fb6f-494f-81e2-d99a671bdaa8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1670 - Flaw Remediation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1670"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c6108469-57ee-4666-af7e-79ba61c7ae0c","type":"Microsoft.Authorization/policyDefinitions","name":"c6108469-57ee-4666-af7e-79ba61c7ae0c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1190 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1190"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c66a3d1e-465b-4f28-9da5-aef701b59892","type":"Microsoft.Authorization/policyDefinitions","name":"c66a3d1e-465b-4f28-9da5-aef701b59892"},{"properties":{"displayName":"Microsoft
+ Managed Control 1120 - Audit Review, Analysis, And Reporting | Integration
+ / Scanning And Monitoring Capabilities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1120"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c69b870e-857b-458b-af02-bb234f7a00d3","type":"Microsoft.Authorization/policyDefinitions","name":"c69b870e-857b-458b-af02-bb234f7a00d3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1125 - Audit Reduction And Report Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1125"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c6ce745a-670e-47d3-a6c4-3cfe5ef00c10","type":"Microsoft.Authorization/policyDefinitions","name":"c6ce745a-670e-47d3-a6c4-3cfe5ef00c10"},{"properties":{"displayName":"Microsoft
+ Managed Control 1619 - Information In Shared Resources","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1619"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c722e569-cb52-45f3-a643-836547d016e1","type":"Microsoft.Authorization/policyDefinitions","name":"c722e569-cb52-45f3-a643-836547d016e1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1121 - Audit Review, Analysis, And Reporting | Correlation
+ With Physical Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1121"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c72b0eb9-1fc2-44e5-a866-e7cb0532f7c1","type":"Microsoft.Authorization/policyDefinitions","name":"c72b0eb9-1fc2-44e5-a866-e7cb0532f7c1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1353 - Incident Response Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1353"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c785ad59-f78f-44ad-9a7f-d1202318c748","type":"Microsoft.Authorization/policyDefinitions","name":"c785ad59-f78f-44ad-9a7f-d1202318c748"},{"properties":{"displayName":"Email
notifications to admins and subscription owners should be enabled in SQL server
advanced data security settings","policyType":"BuiltIn","mode":"Indexed","description":"Audit
that ''email notification to admins and subscription owners'' is enabled in
the SQL server advanced threat protection settings. This ensures that any
detections of anomalous activities on SQL server are reported as soon as possible
to the admins.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","type":"Microsoft.Authorization/policyDefinitions","name":"c8343d2f-fdc9-4a97-b76f-fc71d1163bfc"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","type":"Microsoft.Authorization/policyDefinitions","name":"c8343d2f-fdc9-4a97-b76f-fc71d1163bfc"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Batch Account to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Batch Account to stream to a regional Log Analytics
+ workspace when any Batch Account which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Batch/batchAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Batch/batchAccounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ServiceLog","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5","type":"Microsoft.Authorization/policyDefinitions","name":"c84e5349-db6d-4769-805e-e14037dab9b5"},{"properties":{"displayName":"[Deprecated]:
API App should only be accessible over HTTPS","policyType":"BuiltIn","mode":"All","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"Security
Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForApiApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d","type":"Microsoft.Authorization/policyDefinitions","name":"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForApiApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d","type":"Microsoft.Authorization/policyDefinitions","name":"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1470 - Emergency Shutoff","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1470"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c89ba09f-2e0f-44d0-8095-65b05bd151ef","type":"Microsoft.Authorization/policyDefinitions","name":"c89ba09f-2e0f-44d0-8095-65b05bd151ef"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Interactive Logon''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -6708,7 +9859,10 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - Interactive Logon''. For more information on
Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsInteractiveLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8abcef9-fc26-482f-b8db-5fa60ee4586d","type":"Microsoft.Authorization/policyDefinitions","name":"c8abcef9-fc26-482f-b8db-5fa60ee4586d"},{"properties":{"displayName":"Diagnostic
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsInteractiveLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8abcef9-fc26-482f-b8db-5fa60ee4586d","type":"Microsoft.Authorization/policyDefinitions","name":"c8abcef9-fc26-482f-b8db-5fa60ee4586d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1018 - Account Management | Role-Based Schemes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1018"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c9121abf-e698-4ee9-b1cf-71ee528ff07f","type":"Microsoft.Authorization/policyDefinitions","name":"c9121abf-e698-4ee9-b1cf-71ee528ff07f"},{"properties":{"displayName":"Diagnostic
logs in Data Lake Analytics should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
@@ -6729,13 +9883,13 @@ interactions:
and deploys the VM extension for Guest Configuration. This policy should only
be used along with its corresponding audit policy in an initiative. For more
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPendingReboot"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPendingReboot"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c96f3246-4382-4264-bf6b-af0b35e23c3c","type":"Microsoft.Authorization/policyDefinitions","name":"c96f3246-4382-4264-bf6b-af0b35e23c3c"},{"properties":{"displayName":"Deploy
Diagnostic Settings for Network Security Groups","policyType":"BuiltIn","mode":"Indexed","description":"This
policy automatically deploys diagnostic settings to network security groups.
@@ -6757,11 +9911,30 @@ interactions:
service work as intended, allow the set of trusted Microsoft services to bypass
the network rules. These services will then use strong authentication to access
the storage account.","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","exists":"true"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","notContains":"AzureServices"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","type":"Microsoft.Authorization/policyDefinitions","name":"c9d007d0-c057-4772-b18c-01e546713bcd"},{"properties":{"displayName":"Remote
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","exists":"true"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","notContains":"AzureServices"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","type":"Microsoft.Authorization/policyDefinitions","name":"c9d007d0-c057-4772-b18c-01e546713bcd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1035 - Least Privilege | Authorize Access To Security Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1035"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ca94b046-45e2-444f-a862-dc8ce262a516","type":"Microsoft.Authorization/policyDefinitions","name":"ca94b046-45e2-444f-a862-dc8ce262a516"},{"properties":{"displayName":"Microsoft
+ Managed Control 1243 - Contingency Planning Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1243"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ca9a4469-d6df-4ab2-a42f-1213c396f0ec","type":"Microsoft.Authorization/policyDefinitions","name":"ca9a4469-d6df-4ab2-a42f-1213c396f0ec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1306 - Identification And Authentication (Org. Users) | Net.
+ Access To Priv. Accts. - Replay","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1306"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff","type":"Microsoft.Authorization/policyDefinitions","name":"cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff"},{"properties":{"displayName":"Remote
debugging should be turned off for Web Applications","policyType":"BuiltIn","mode":"Indexed","description":"Remote
debugging requires inbound ports to be opened on a web application. Remote
debugging should be turned off.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","type":"Microsoft.Authorization/policyDefinitions","name":"cb510bfd-1cba-4d9f-a230-cb0976f4bb71"},{"properties":{"displayName":"Show
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","type":"Microsoft.Authorization/policyDefinitions","name":"cb510bfd-1cba-4d9f-a230-cb0976f4bb71"},{"properties":{"displayName":"Microsoft
+ Managed Control 1486 - Alternate Work Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1486"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cb790345-a51f-43de-934e-98dbfaf9dca5","type":"Microsoft.Authorization/policyDefinitions","name":"cb790345-a51f-43de-934e-98dbfaf9dca5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1167 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1167"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cbb2be76-4891-430b-95a7-ca0b0a3d1300","type":"Microsoft.Authorization/policyDefinitions","name":"cbb2be76-4891-430b-95a7-ca0b0a3d1300"},{"properties":{"displayName":"Microsoft
+ Managed Control 1374 - Incident Response Assistance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1374"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cc5c8616-52ef-4e5e-8000-491634ed9249","type":"Microsoft.Authorization/policyDefinitions","name":"cc5c8616-52ef-4e5e-8000-491634ed9249"},{"properties":{"displayName":"Show
audit results from Windows VMs in which the Administrators group does not
contain only the specified members","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -6780,7 +9953,10 @@ interactions:
policy enables you to specify a set of virtual machine SKUs that your organization
can deploy.","metadata":{"category":"Compute"},"parameters":{"listOfAllowedSKUs":{"type":"Array","metadata":{"description":"The
list of SKUs that can be specified for virtual machines.","displayName":"Allowed
- SKUs","strongType":"VMSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"field":"Microsoft.Compute/virtualMachines/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3","type":"Microsoft.Authorization/policyDefinitions","name":"cccc23c7-8427-4f53-ad12-b6a63eb452b3"},{"properties":{"displayName":"Inherit
+ SKUs","strongType":"VMSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"field":"Microsoft.Compute/virtualMachines/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3","type":"Microsoft.Authorization/policyDefinitions","name":"cccc23c7-8427-4f53-ad12-b6a63eb452b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1443 - Media Use","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1443"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd0ec6fa-a2e7-4361-aee4-a8688659a9ed","type":"Microsoft.Authorization/policyDefinitions","name":"cd0ec6fa-a2e7-4361-aee4-a8688659a9ed"},{"properties":{"displayName":"Inherit
a tag from the resource group","policyType":"BuiltIn","mode":"Indexed","description":"Adds
or replaces the specified tag and value from the parent resource group when
any resource is created or updated. Existing resources can be remediated by
@@ -6789,13 +9965,19 @@ interactions:
parameters(''tagName''), '']'')]","notEquals":"[resourceGroup().tags[parameters(''tagName'')]]"},{"value":"[resourceGroup().tags[parameters(''tagName'')]]","notEquals":""}]},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"addOrReplace","field":"[concat(''tags['',
parameters(''tagName''), '']'')]","value":"[resourceGroup().tags[parameters(''tagName'')]]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd3aa116-8754-49c9-a813-ad46512ece54","type":"Microsoft.Authorization/policyDefinitions","name":"cd3aa116-8754-49c9-a813-ad46512ece54"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation if ''department'' tag set","policyType":"BuiltIn","mode":"Indexed","description":"Allows
- resource creation only if the ''department'' tag is set","metadata":{"category":"Tags","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags","containsKey":"department"}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064","type":"Microsoft.Authorization/policyDefinitions","name":"cd8dc879-a2ae-43c3-8211-1877c5755064"},{"properties":{"displayName":"[Preview]:
+ resource creation only if the ''department'' tag is set","metadata":{"category":"Tags","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags","containsKey":"department"}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064","type":"Microsoft.Authorization/policyDefinitions","name":"cd8dc879-a2ae-43c3-8211-1877c5755064"},{"properties":{"displayName":"Microsoft
+ Managed Control 1582 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1582"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd9e2f38-259b-462c-bfad-0ad7ab4e65c5","type":"Microsoft.Authorization/policyDefinitions","name":"cd9e2f38-259b-462c-bfad-0ad7ab4e65c5"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that allow re-use of the previous 24 passwords","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that allow re-use of the previous 24 passwords.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","type":"Microsoft.Authorization/policyDefinitions","name":"cdbf72d9-ac9c-4026-8a3a-491a5ac59293"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","type":"Microsoft.Authorization/policyDefinitions","name":"cdbf72d9-ac9c-4026-8a3a-491a5ac59293"},{"properties":{"displayName":"Microsoft
+ Managed Control 1104 - Audit Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1104"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cdd8d244-18b2-4306-a1d1-df175ae0935f","type":"Microsoft.Authorization/policyDefinitions","name":"cdd8d244-18b2-4306-a1d1-df175ae0935f"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - Privilege Use''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -6806,14 +9988,37 @@ interactions:
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPrivilegeUse","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesPrivilegeUse"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ce2370f6-0ac5-4d85-8ab4-10721cc640b0","type":"Microsoft.Authorization/policyDefinitions","name":"ce2370f6-0ac5-4d85-8ab4-10721cc640b0"},{"properties":{"displayName":"Diagnostic
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ce2370f6-0ac5-4d85-8ab4-10721cc640b0","type":"Microsoft.Authorization/policyDefinitions","name":"ce2370f6-0ac5-4d85-8ab4-10721cc640b0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1209 - Configuration Settings","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1209"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ce669c31-9103-4552-ae9c-cdef4e03580d","type":"Microsoft.Authorization/policyDefinitions","name":"ce669c31-9103-4552-ae9c-cdef4e03580d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1242 - Contingency Planning Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1242"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf3b3293-667a-445e-a722-fa0b0afc0958","type":"Microsoft.Authorization/policyDefinitions","name":"cf3b3293-667a-445e-a722-fa0b0afc0958"},{"properties":{"displayName":"Microsoft
+ Managed Control 1097 - Role-Based Security Training | Suspicious Communications
+ And Anomalous System Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1097"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf3e4836-f19e-47eb-a8cd-c3ca150452c0","type":"Microsoft.Authorization/policyDefinitions","name":"cf3e4836-f19e-47eb-a8cd-c3ca150452c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1424 - Maintenance Personnel | Individuals Without Appropriate
+ Access","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1424"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf55fc87-48e1-4676-a2f8-d9a8cf993283","type":"Microsoft.Authorization/policyDefinitions","name":"cf55fc87-48e1-4676-a2f8-d9a8cf993283"},{"properties":{"displayName":"Diagnostic
logs in Key Vault should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Key Vault"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","type":"Microsoft.Authorization/policyDefinitions","name":"cf820ca0-f99e-4f3e-84fb-66e913812d21"},{"properties":{"displayName":"Add
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","type":"Microsoft.Authorization/policyDefinitions","name":"cf820ca0-f99e-4f3e-84fb-66e913812d21"},{"properties":{"displayName":"Microsoft
+ Managed Control 1292 - Information System Backup | Test Restoration Using
+ Sampling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1292"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d03516cf-0293-489f-9b32-a18f2a79f836","type":"Microsoft.Authorization/policyDefinitions","name":"d03516cf-0293-489f-9b32-a18f2a79f836"},{"properties":{"displayName":"Microsoft
+ Managed Control 1724 - Error Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1724"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d07594d1-0307-4c08-94db-5d71ff31f0f6","type":"Microsoft.Authorization/policyDefinitions","name":"d07594d1-0307-4c08-94db-5d71ff31f0f6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1084 - Publicly Accessible Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1084"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d0eb15db-dd1c-4d1d-b200-b12dd6cd060c","type":"Microsoft.Authorization/policyDefinitions","name":"d0eb15db-dd1c-4d1d-b200-b12dd6cd060c"},{"properties":{"displayName":"Add
or replace a tag on resource groups","policyType":"BuiltIn","mode":"All","description":"Adds
or replaces the specified tag and value when any resource group is created
or updated. Existing resource groups can be remediated by triggering a remediation
@@ -6829,11 +10034,30 @@ interactions:
connections between your database server and your client applications helps
protect against ''man-in-the-middle'' attacks by encrypting the data stream
between the server and your application","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","type":"Microsoft.Authorization/policyDefinitions","name":"d158790f-bfb0-486c-8631-2dc6b4e8e6af"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","type":"Microsoft.Authorization/policyDefinitions","name":"d158790f-bfb0-486c-8631-2dc6b4e8e6af"},{"properties":{"displayName":"Microsoft
+ Managed Control 1620 - Denial Of Service Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1620"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d17c826b-1dec-43e1-a984-7b71c446649c","type":"Microsoft.Authorization/policyDefinitions","name":"d17c826b-1dec-43e1-a984-7b71c446649c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1409 - Maintenance Tools | Prevent Unauthorized Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1409"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d1880188-e51a-4772-b2ab-68f5e8bd27f6","type":"Microsoft.Authorization/policyDefinitions","name":"d1880188-e51a-4772-b2ab-68f5e8bd27f6"},{"properties":{"displayName":"[Deprecated]:
Audit Function Apps that are not using custom domains","policyType":"BuiltIn","mode":"All","description":"Use
of custom domains protects a Function app from common attacks such as phishing
and other DNS-related attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c","type":"Microsoft.Authorization/policyDefinitions","name":"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c","type":"Microsoft.Authorization/policyDefinitions","name":"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1195 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1195"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d1e1d65c-1013-4484-bd54-991332e6a0d2","type":"Microsoft.Authorization/policyDefinitions","name":"d1e1d65c-1013-4484-bd54-991332e6a0d2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1721 - Spam Protection | Central Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1721"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a","type":"Microsoft.Authorization/policyDefinitions","name":"d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1106 - Audit Events | Reviews And Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1106"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d2b4feae-61ab-423f-a4c5-0e38ac4464d8","type":"Microsoft.Authorization/policyDefinitions","name":"d2b4feae-61ab-423f-a4c5-0e38ac4464d8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1030 - Information Flow Enforcement | Physical / Logical Separation
+ Of Information Flows","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1030"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d3531453-b869-4606-9122-29c1cd6e7ed1","type":"Microsoft.Authorization/policyDefinitions","name":"d3531453-b869-4606-9122-29c1cd6e7ed1"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs on which the DSC configuration is
not compliant","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows VMs on which
@@ -6843,30 +10067,127 @@ interactions:
Configuration. This policy should only be used along with its corresponding
audit policy in an initiative. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDscConfiguration","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDscConfiguration"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d38b4c26-9d2e-47d7-aefe-18d859a8706a","type":"Microsoft.Authorization/policyDefinitions","name":"d38b4c26-9d2e-47d7-aefe-18d859a8706a"},{"properties":{"displayName":"Virtual
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDscConfiguration","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDscConfiguration"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d38b4c26-9d2e-47d7-aefe-18d859a8706a","type":"Microsoft.Authorization/policyDefinitions","name":"d38b4c26-9d2e-47d7-aefe-18d859a8706a"},{"properties":{"displayName":"Long-term
+ geo-redundant backup should be enabled for Azure SQL Databases","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure SQL Database with long-term geo-redundant backup not
+ enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies","name":"default","existenceCondition":{"anyOf":[{"field":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies/weeklyRetention","notEquals":"PT0S"},{"field":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies/monthlyRetention","notEquals":"PT0S"},{"field":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies/yearlyRetention","notEquals":"PT0S"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","type":"Microsoft.Authorization/policyDefinitions","name":"d38fc420-0735-4ef3-ac11-c806f651a570"},{"properties":{"displayName":"Microsoft
+ Managed Control 1641 - Transmission Confidentiality And Integrity | Cryptographic
+ Or Alternate Physical Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1641"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d39d4f68-7346-4133-8841-15318a714a24","type":"Microsoft.Authorization/policyDefinitions","name":"d39d4f68-7346-4133-8841-15318a714a24"},{"properties":{"displayName":"Microsoft
+ Managed Control 1249 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1249"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d3bf4251-0818-42db-950b-afd5b25a51c2","type":"Microsoft.Authorization/policyDefinitions","name":"d3bf4251-0818-42db-950b-afd5b25a51c2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1562 - Allocation Of Resources","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1562"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d4142013-7964-4163-a313-a900301c2cef","type":"Microsoft.Authorization/policyDefinitions","name":"d4142013-7964-4163-a313-a900301c2cef"},{"properties":{"displayName":"Virtual
machines should be connected to an approved virtual network","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any virtual machine connected to a virtual network that is not
approved.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"virtualNetworkId":{"type":"String","metadata":{"displayName":"Virtual
- network Id","description":"Resource Id of the virtual network. Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroupName/providers/Microsoft.Network/virtualNetworks/Name"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"not":{"field":"Microsoft.Network/networkInterfaces/ipconfigurations[*].subnet.id","like":"[concat(parameters(''virtualNetworkId''),''/*'')]"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d416745a-506c-48b6-8ab1-83cb814bcaa3","type":"Microsoft.Authorization/policyDefinitions","name":"d416745a-506c-48b6-8ab1-83cb814bcaa3"},{"properties":{"displayName":"Event
+ network Id","description":"Resource Id of the virtual network. Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroupName/providers/Microsoft.Network/virtualNetworks/Name"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"not":{"field":"Microsoft.Network/networkInterfaces/ipconfigurations[*].subnet.id","like":"[concat(parameters(''virtualNetworkId''),''/*'')]"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d416745a-506c-48b6-8ab1-83cb814bcaa3","type":"Microsoft.Authorization/policyDefinitions","name":"d416745a-506c-48b6-8ab1-83cb814bcaa3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1383 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1383"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d4558451-e16a-4d2d-a066-fe12a6282bb9","type":"Microsoft.Authorization/policyDefinitions","name":"d4558451-e16a-4d2d-a066-fe12a6282bb9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1112 - Response To Audit Processing Failures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1112"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d530aad8-4ee2-45f4-b234-c061dae683c0","type":"Microsoft.Authorization/policyDefinitions","name":"d530aad8-4ee2-45f4-b234-c061dae683c0"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Data Lake Analytics to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Analytics to stream to a regional Log
+ Analytics workspace when any Data Lake Analytics which is missing this diagnostic
+ settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeAnalytics/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeAnalytics/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03","type":"Microsoft.Authorization/policyDefinitions","name":"d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03"},{"properties":{"displayName":"Microsoft
+ Managed Control 1585 - Security Engineering Principles","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1585"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d57f8732-5cdc-4cda-8d27-ab148e1f3a55","type":"Microsoft.Authorization/policyDefinitions","name":"d57f8732-5cdc-4cda-8d27-ab148e1f3a55"},{"properties":{"displayName":"Microsoft
+ Managed Control 1667 - System And Information Integrity Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1667"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d61880dc-6e38-4f2a-a30c-3406a98f8220","type":"Microsoft.Authorization/policyDefinitions","name":"d61880dc-6e38-4f2a-a30c-3406a98f8220"},{"properties":{"displayName":"Microsoft
+ Managed Control 1150 - Security Assessments | External Organizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1150"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d630429d-e763-40b1-8fba-d20ba7314afb","type":"Microsoft.Authorization/policyDefinitions","name":"d630429d-e763-40b1-8fba-d20ba7314afb"},{"properties":{"displayName":"Event
Hub should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Event Hub not configured to use a virtual network service
endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.EventHub/namespaces/virtualNetworkRules","existenceCondition":{"field":"Microsoft.EventHub/namespaces/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d63edb4a-c612-454d-b47d-191a724fcbf0","type":"Microsoft.Authorization/policyDefinitions","name":"d63edb4a-c612-454d-b47d-191a724fcbf0"},{"properties":{"displayName":"Show
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.EventHub/namespaces/virtualNetworkRules","existenceCondition":{"field":"Microsoft.EventHub/namespaces/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d63edb4a-c612-454d-b47d-191a724fcbf0","type":"Microsoft.Authorization/policyDefinitions","name":"d63edb4a-c612-454d-b47d-191a724fcbf0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1549 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1549"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d6976a08-d969-4df2-bb38-29556c2eb48a","type":"Microsoft.Authorization/policyDefinitions","name":"d6976a08-d969-4df2-bb38-29556c2eb48a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1473 - Emergency Power","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1473"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d7047705-d719-46a7-8bb0-76ad233eba71","type":"Microsoft.Authorization/policyDefinitions","name":"d7047705-d719-46a7-8bb0-76ad233eba71"},{"properties":{"displayName":"Microsoft
+ Managed Control 1529 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1529"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d74fdc92-1cb8-4a34-9978-8556425cd14c","type":"Microsoft.Authorization/policyDefinitions","name":"d74fdc92-1cb8-4a34-9978-8556425cd14c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1350 - Identification And Authentication (Non-Org. Users)
+ | Use Of FICAM-Issued Profiles","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1350"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d77fd943-6ba6-4a21-ba07-22b03e347cc4","type":"Microsoft.Authorization/policyDefinitions","name":"d77fd943-6ba6-4a21-ba07-22b03e347cc4"},{"properties":{"displayName":"Show
audit results from Windows Server VMs on which Windows Serial Console is not
enabled","policyType":"BuiltIn","mode":"All","description":"This policy should
only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
Server virtual machines on which Windows Serial Console is not enabled. For
more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsSerialConsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d7ccd0ca-8d78-42af-a43d-6b7f928accbc","type":"Microsoft.Authorization/policyDefinitions","name":"d7ccd0ca-8d78-42af-a43d-6b7f928accbc"},{"properties":{"displayName":"[Deprecated]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsSerialConsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d7ccd0ca-8d78-42af-a43d-6b7f928accbc","type":"Microsoft.Authorization/policyDefinitions","name":"d7ccd0ca-8d78-42af-a43d-6b7f928accbc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1016 - Account Management | Automated Audit Actions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1016"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d8b43277-512e-40c3-ab00-14b3b6e72238","type":"Microsoft.Authorization/policyDefinitions","name":"d8b43277-512e-40c3-ab00-14b3b6e72238"},{"properties":{"displayName":"Microsoft
+ Managed Control 1488 - Alternate Work Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1488"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d8ef30eb-a44f-47af-8524-ac19a36d41d2","type":"Microsoft.Authorization/policyDefinitions","name":"d8ef30eb-a44f-47af-8524-ac19a36d41d2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1577 - Acquisition Process | Continuous Monitoring Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1577"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d922484a-8cfc-4a6b-95a4-77d6a685407f","type":"Microsoft.Authorization/policyDefinitions","name":"d922484a-8cfc-4a6b-95a4-77d6a685407f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1271 - Alternate Storage Site | Accessibility","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1271"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/da3bfb53-9c46-4010-b3db-a7ba1296dada","type":"Microsoft.Authorization/policyDefinitions","name":"da3bfb53-9c46-4010-b3db-a7ba1296dada"},{"properties":{"displayName":"Microsoft
+ Managed Control 1516 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1516"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/da3cd269-156f-435b-b472-c3af34c032ed","type":"Microsoft.Authorization/policyDefinitions","name":"da3cd269-156f-435b-b472-c3af34c032ed"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Batch Account to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Batch Account to stream to a regional Event Hub
+ when any Batch Account which is missing this diagnostic settings is created
+ or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Batch/batchAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Batch/batchAccounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ServiceLog","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/db51110f-0865-4a6e-b274-e2e07a5b2cd7","type":"Microsoft.Authorization/policyDefinitions","name":"db51110f-0865-4a6e-b274-e2e07a5b2cd7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1277 - Alternate Processing Site | Priority Of Service","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1277"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dc43e829-3d50-4a0a-aa0f-428d551862aa","type":"Microsoft.Authorization/policyDefinitions","name":"dc43e829-3d50-4a0a-aa0f-428d551862aa"},{"properties":{"displayName":"Microsoft
+ Managed Control 1439 - Media Sanitization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1439"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dce72873-c5f1-47c3-9b4f-6b8207fd5a45","type":"Microsoft.Authorization/policyDefinitions","name":"dce72873-c5f1-47c3-9b4f-6b8207fd5a45"},{"properties":{"displayName":"Microsoft
+ Managed Control 1264 - Contingency Plan Testing | Coordinate With Related
+ Plans","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1264"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd280d4b-50a1-42fb-a479-ece5878acf19","type":"Microsoft.Authorization/policyDefinitions","name":"dd280d4b-50a1-42fb-a479-ece5878acf19"},{"properties":{"displayName":"[Deprecated]:
Audit Web Applications that are not using custom domains","policyType":"BuiltIn","mode":"All","description":"Use
of custom domains protects a web application from common attacks such as phishing
and other DNS-related attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -6878,7 +10199,23 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''System Audit Policies - Policy Change''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPolicyChange","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd4680ed-0559-4a6a-ad10-081d14cbb484","type":"Microsoft.Authorization/policyDefinitions","name":"dd4680ed-0559-4a6a-ad10-081d14cbb484"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPolicyChange","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd4680ed-0559-4a6a-ad10-081d14cbb484","type":"Microsoft.Authorization/policyDefinitions","name":"dd4680ed-0559-4a6a-ad10-081d14cbb484"},{"properties":{"displayName":"Microsoft
+ Managed Control 1715 - Software, Firmware, And Information Integrity | Automated
+ Response To Integrity Violations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1715"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd469ae0-71a8-4adc-aafc-de6949ca3339","type":"Microsoft.Authorization/policyDefinitions","name":"dd469ae0-71a8-4adc-aafc-de6949ca3339"},{"properties":{"displayName":"Microsoft
+ Managed Control 1678 - Malicious Code Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1678"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd533cb0-b416-4be7-8e86-4d154824dfd7","type":"Microsoft.Authorization/policyDefinitions","name":"dd533cb0-b416-4be7-8e86-4d154824dfd7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1391 - Information Spillage Response | Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1391"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd6ac1a1-660e-4810-baa8-74e868e2ed47","type":"Microsoft.Authorization/policyDefinitions","name":"dd6ac1a1-660e-4810-baa8-74e868e2ed47"},{"properties":{"displayName":"Microsoft
+ Managed Control 1146 - Security Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1146"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd83410c-ecb6-4547-8f14-748c3cbdc7ac","type":"Microsoft.Authorization/policyDefinitions","name":"dd83410c-ecb6-4547-8f14-748c3cbdc7ac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1602 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1602"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ddae2e97-a449-499f-a1c8-aea4a7e52ec9","type":"Microsoft.Authorization/policyDefinitions","name":"ddae2e97-a449-499f-a1c8-aea4a7e52ec9"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Settings
- Account Policies''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -6903,13 +10240,26 @@ interactions:
''='', parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsRecoveryconsole"},"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Recovery
console: Allow floppy copy and access to all drives and all folders;ExpectedValue","value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b","type":"Microsoft.Authorization/policyDefinitions","name":"ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b"},{"properties":{"displayName":"[Deprecated]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b","type":"Microsoft.Authorization/policyDefinitions","name":"ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1689 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1689"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/de901f2f-a01a-4456-97f0-33cda7966172","type":"Microsoft.Authorization/policyDefinitions","name":"de901f2f-a01a-4456-97f0-33cda7966172"},{"properties":{"displayName":"Microsoft
+ Managed Control 1528 - Access Agreements","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1528"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/deb9797c-22f8-40e8-b342-a84003c924e6","type":"Microsoft.Authorization/policyDefinitions","name":"deb9797c-22f8-40e8-b342-a84003c924e6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1673 - Flaw Remediation | Automated Flaw Remediation Status","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1673"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dff0b90d-5a6f-491c-b2f8-b90aa402d844","type":"Microsoft.Authorization/policyDefinitions","name":"dff0b90d-5a6f-491c-b2f8-b90aa402d844"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation only in Japan data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation in the following locations only: Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697","type":"Microsoft.Authorization/policyDefinitions","name":"e01598e8-6538-41ed-95e8-8b29746cd697"},{"properties":{"displayName":"Cosmos
DB should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Cosmos DB not configured to use a virtual network service
endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"field":"Microsoft.DocumentDB/databaseAccounts/virtualNetworkRules[*].id","exists":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9","type":"Microsoft.Authorization/policyDefinitions","name":"e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9"},{"properties":{"displayName":"Deploy
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"field":"Microsoft.DocumentDB/databaseAccounts/virtualNetworkRules[*].id","exists":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9","type":"Microsoft.Authorization/policyDefinitions","name":"e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1206 - Access Restrictions For Change | Limit Production /
+ Operational Privileges","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1206"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0de232d-02a0-4652-872d-88afb4ae5e91","type":"Microsoft.Authorization/policyDefinitions","name":"e0de232d-02a0-4652-872d-88afb4ae5e91"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that do not have the specified Windows
PowerShell execution policy","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -6927,11 +10277,36 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellExecutionPolicy]PowerShellExecutionPolicy1;ExecutionPolicy","value":"[parameters(''ExecutionPolicy'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0efc13a-122a-47c5-b817-2ccfe5d12615","type":"Microsoft.Authorization/policyDefinitions","name":"e0efc13a-122a-47c5-b817-2ccfe5d12615"},{"properties":{"displayName":"Vulnerabilities
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0efc13a-122a-47c5-b817-2ccfe5d12615","type":"Microsoft.Authorization/policyDefinitions","name":"e0efc13a-122a-47c5-b817-2ccfe5d12615"},{"properties":{"displayName":"Microsoft
+ Managed Control 1714 - Software, Firmware, And Information Integrity | Automated
+ Notifications Of Integrity Violations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1714"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e12494fa-b81e-4080-af71-7dbacc2da0ec","type":"Microsoft.Authorization/policyDefinitions","name":"e12494fa-b81e-4080-af71-7dbacc2da0ec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1686 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1686"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e17085c5-0be8-4423-b39b-a52d3d1402e5","type":"Microsoft.Authorization/policyDefinitions","name":"e17085c5-0be8-4423-b39b-a52d3d1402e5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1722 - Spam Protection | Automatic Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1722"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1da06bd-25b6-4127-a301-c313d6873fff","type":"Microsoft.Authorization/policyDefinitions","name":"e1da06bd-25b6-4127-a301-c313d6873fff"},{"properties":{"displayName":"Vulnerabilities
in security configuration on your machines should be remediated","policyType":"BuiltIn","mode":"All","description":"Servers
which do not satisfy the configured baseline will be monitored by Azure Security
Center as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"osVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","type":"Microsoft.Authorization/policyDefinitions","name":"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"osVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","type":"Microsoft.Authorization/policyDefinitions","name":"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15"},{"properties":{"displayName":"Microsoft
+ Managed Control 1047 - System Use Notification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1047"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62","type":"Microsoft.Authorization/policyDefinitions","name":"e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62"},{"properties":{"displayName":"Microsoft
+ Managed Control 1276 - Alternate Processing Site | Accessibility","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1276"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e214e563-1206-4a43-a56b-ac5880c9c571","type":"Microsoft.Authorization/policyDefinitions","name":"e214e563-1206-4a43-a56b-ac5880c9c571"},{"properties":{"displayName":"Microsoft
+ Managed Control 1560 - System And Services Acquisition Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1560"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e29e0915-5c2f-4d09-8806-048b749ad763","type":"Microsoft.Authorization/policyDefinitions","name":"e29e0915-5c2f-4d09-8806-048b749ad763"},{"properties":{"displayName":"Ensure
+ that ''HTTP Version'' is the latest, if used to run the Function app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for HTTP either due to security flaws or to include
+ additional functionality. Using the latest HTTP version for web apps to take
+ advantage of security fixes, if any, and/or new functionalities of the newer
+ version.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.http20Enabled","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c","type":"Microsoft.Authorization/policyDefinitions","name":"e2c1c086-2d84-4019-bff3-c44ccd95113c"},{"properties":{"displayName":"[Preview]:
Audit Dependency Agent Deployment in VMSS - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports
VMSS as non-compliant if the VM Image (OS) is not in the list defined and
the agent is not installed. The list of OS images will be updated over time
@@ -6939,7 +10314,16 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10","type":"Microsoft.Authorization/policyDefinitions","name":"e2dd799a-a932-4e9d-ac17-d473bc3c6c10"},{"properties":{"displayName":"Azure
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10","type":"Microsoft.Authorization/policyDefinitions","name":"e2dd799a-a932-4e9d-ac17-d473bc3c6c10"},{"properties":{"displayName":"Microsoft
+ Managed Control 1161 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1161"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2f8f6c6-dde4-436b-a79d-bc50e129eb3a","type":"Microsoft.Authorization/policyDefinitions","name":"e2f8f6c6-dde4-436b-a79d-bc50e129eb3a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1387 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1387"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3007185-3857-43a9-8237-06ca94f1084c","type":"Microsoft.Authorization/policyDefinitions","name":"e3007185-3857-43a9-8237-06ca94f1084c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1479 - Fire Protection | Automatic Fire Suppression","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1479"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e327b072-281d-4f75-9c28-4216e5d72f26","type":"Microsoft.Authorization/policyDefinitions","name":"e327b072-281d-4f75-9c28-4216e5d72f26"},{"properties":{"displayName":"Azure
VPN gateways should not use ''basic'' SKU","policyType":"BuiltIn","mode":"All","description":"This
policy ensures that VPN gateways do not use ''basic'' SKU.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/virtualNetworkGateways"},{"field":"Microsoft.Network/virtualNetworkGateways/gatewayType","equals":"Vpn"},{"field":"Microsoft.Network/virtualNetworkGateways/sku.tier","equals":"Basic"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e345b6c3-24bd-4c93-9bbb-7e5e49a17b78","type":"Microsoft.Authorization/policyDefinitions","name":"e345b6c3-24bd-4c93-9bbb-7e5e49a17b78"},{"properties":{"displayName":"MFA
@@ -6990,7 +10374,13 @@ interactions:
password age;ExpectedValue","value":"[parameters(''MinimumPasswordAge'')]"},{"name":"Minimum
password length;ExpectedValue","value":"[parameters(''MinimumPasswordLength'')]"},{"name":"Password
must meet complexity requirements;ExpectedValue","value":"[parameters(''PasswordMustMeetComplexityRequirements'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3d95ab7-f47a-49d8-a347-784177b6c94c","type":"Microsoft.Authorization/policyDefinitions","name":"e3d95ab7-f47a-49d8-a347-784177b6c94c"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3d95ab7-f47a-49d8-a347-784177b6c94c","type":"Microsoft.Authorization/policyDefinitions","name":"e3d95ab7-f47a-49d8-a347-784177b6c94c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1451 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1451"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3f1e5a3-25c1-4476-8cb6-3955031f8e65","type":"Microsoft.Authorization/policyDefinitions","name":"e3f1e5a3-25c1-4476-8cb6-3955031f8e65"},{"properties":{"displayName":"Microsoft
+ Managed Control 1357 - Incident Response Training | Automated Training Environments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1357"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e4213689-05e8-4241-9d4e-8dd1cdafd105","type":"Microsoft.Authorization/policyDefinitions","name":"e4213689-05e8-4241-9d4e-8dd1cdafd105"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- User Account Control''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -7022,14 +10412,36 @@ interactions:
Approval Mode;ExpectedValue","value":"[parameters(''UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode'')]"},{"name":"User
Account Control: Detect application installations and prompt for elevation;ExpectedValue","value":"[parameters(''UACDetectApplicationInstallationsAndPromptForElevation'')]"},{"name":"User
Account Control: Run all administrators in Admin Approval Mode;ExpectedValue","value":"[parameters(''UACRunAllAdministratorsInAdminApprovalMode'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e425e402-a050-45e5-b010-bd3f934589fc","type":"Microsoft.Authorization/policyDefinitions","name":"e425e402-a050-45e5-b010-bd3f934589fc"},{"properties":{"displayName":"Allowed
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e425e402-a050-45e5-b010-bd3f934589fc","type":"Microsoft.Authorization/policyDefinitions","name":"e425e402-a050-45e5-b010-bd3f934589fc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1340 - Authenticator Management | No Embedded Unencrypted
+ Static Authenticators","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1340"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e51ff84b-e5ea-408f-b651-2ecc2933e4c6","type":"Microsoft.Authorization/policyDefinitions","name":"e51ff84b-e5ea-408f-b651-2ecc2933e4c6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1381 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1381"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e5368258-9684-4567-8126-269f34e65eab","type":"Microsoft.Authorization/policyDefinitions","name":"e5368258-9684-4567-8126-269f34e65eab"},{"properties":{"displayName":"Microsoft
+ Managed Control 1421 - Maintenance Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1421"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e539caaa-da8c-41b8-9e1e-449851e2f7a6","type":"Microsoft.Authorization/policyDefinitions","name":"e539caaa-da8c-41b8-9e1e-449851e2f7a6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1716 - Software, Firmware, And Information Integrity | Integration
+ Of Detection And Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1716"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e54c325e-42a0-4dcf-b105-046e0f6f590f","type":"Microsoft.Authorization/policyDefinitions","name":"e54c325e-42a0-4dcf-b105-046e0f6f590f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1023 - Account Management | Usage Conditions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1023"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e55698b6-3dea-4aa9-99b9-d8218c6ab6e5","type":"Microsoft.Authorization/policyDefinitions","name":"e55698b6-3dea-4aa9-99b9-d8218c6ab6e5"},{"properties":{"displayName":"Allowed
locations","policyType":"BuiltIn","mode":"Indexed","description":"This policy
enables you to restrict the locations your organization can specify when deploying
resources. Use to enforce your geo-compliance requirements. Excludes resource
groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources that
use the ''global'' region.","metadata":{"category":"General"},"parameters":{"listOfAllowedLocations":{"type":"Array","metadata":{"description":"The
list of locations that can be specified when deploying resources.","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"allOf":[{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"},{"field":"location","notEquals":"global"},{"field":"type","notEquals":"Microsoft.AzureActiveDirectory/b2cDirectories"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","type":"Microsoft.Authorization/policyDefinitions","name":"e56962a6-4747-49cd-b67b-bf8b01975c4c"},{"properties":{"displayName":"[Preview]:
+ locations"}}},"policyRule":{"if":{"allOf":[{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"},{"field":"location","notEquals":"global"},{"field":"type","notEquals":"Microsoft.AzureActiveDirectory/b2cDirectories"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","type":"Microsoft.Authorization/policyDefinitions","name":"e56962a6-4747-49cd-b67b-bf8b01975c4c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1296 - Information System Recovery And Reconstitution | Transaction
+ Recovery","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1296"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e57b98a0-a011-4956-a79d-5d17ed8b8e48","type":"Microsoft.Authorization/policyDefinitions","name":"e57b98a0-a011-4956-a79d-5d17ed8b8e48"},{"properties":{"displayName":"Microsoft
+ Managed Control 1499 - Rules Of Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1499"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e59671ab-9720-4ee2-9c60-170e8c82251e","type":"Microsoft.Authorization/policyDefinitions","name":"e59671ab-9720-4ee2-9c60-170e8c82251e"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Accounts''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -7049,29 +10461,49 @@ interactions:
the latest supported Node.js version for the latest security classes. Using
older classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestNodeJS","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008","type":"Microsoft.Authorization/policyDefinitions","name":"e67687e8-08d5-4e7f-8226-5b4753bba008"},{"properties":{"displayName":"Subnets
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestNodeJS","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008","type":"Microsoft.Authorization/policyDefinitions","name":"e67687e8-08d5-4e7f-8226-5b4753bba008"},{"properties":{"displayName":"Microsoft
+ Managed Control 1465 - Monitoring Physical Access | Monitoring Physical Access
+ To Information Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1465"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e6e41554-86b5-4537-9f7f-4fc41a1d1640","type":"Microsoft.Authorization/policyDefinitions","name":"e6e41554-86b5-4537-9f7f-4fc41a1d1640"},{"properties":{"displayName":"Subnets
should be associated with a Network Security Group","policyType":"BuiltIn","mode":"All","description":"Protect
your subnet from potential threats by restricting access to it with a Network
Security Group (NSG). NSGs contain a list of Access Control List (ACL) rules
that allow or deny network traffic to your subnet.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnSubnets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","type":"Microsoft.Authorization/policyDefinitions","name":"e71308d3-144b-4262-b144-efdc3cc90517"},{"properties":{"displayName":"Advanced
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnSubnets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","type":"Microsoft.Authorization/policyDefinitions","name":"e71308d3-144b-4262-b144-efdc3cc90517"},{"properties":{"displayName":"Microsoft
+ Managed Control 1567 - System Development Life Cycle","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1567"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e72edbf6-aa61-436d-a227-0f32b77194b3","type":"Microsoft.Authorization/policyDefinitions","name":"e72edbf6-aa61-436d-a227-0f32b77194b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1311 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1311"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e7568697-0c9e-4ea3-9cec-9e567d14f3c6","type":"Microsoft.Authorization/policyDefinitions","name":"e7568697-0c9e-4ea3-9cec-9e567d14f3c6"},{"properties":{"displayName":"Advanced
Threat Protection types should be set to ''All'' in SQL server Advanced Data
Security settings","policyType":"BuiltIn","mode":"Indexed","description":"It
is recommended to enable all Advanced Threat Protection types on your SQL
servers. Enabling all types protects against SQL injection, database vulnerabilities,
and any other anomalous activities.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/disabledAlerts[*]","equals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","type":"Microsoft.Authorization/policyDefinitions","name":"e756b945-1b1b-480b-8de8-9a0859d5f7ad"},{"properties":{"displayName":"Allowed
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/disabledAlerts[*]","equals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","type":"Microsoft.Authorization/policyDefinitions","name":"e756b945-1b1b-480b-8de8-9a0859d5f7ad"},{"properties":{"displayName":"Microsoft
+ Managed Control 1154 - System Interconnections | Unclassified Non-National
+ Security System Connections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1154"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e757ceb9-93b3-45fe-a4f4-f43f64f1ac5a","type":"Microsoft.Authorization/policyDefinitions","name":"e757ceb9-93b3-45fe-a4f4-f43f64f1ac5a"},{"properties":{"displayName":"Allowed
locations for resource groups","policyType":"BuiltIn","mode":"All","description":"This
policy enables you to restrict the locations your organization can create
resource groups in. Use to enforce your geo-compliance requirements.","metadata":{"category":"General"},"parameters":{"listOfAllowedLocations":{"type":"Array","metadata":{"description":"The
list of locations that resource groups can be created in.","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988","type":"Microsoft.Authorization/policyDefinitions","name":"e765b5de-1225-4ba3-bd56-1ac6695af988"},{"properties":{"displayName":"[Deprecated]:
+ locations"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988","type":"Microsoft.Authorization/policyDefinitions","name":"e765b5de-1225-4ba3-bd56-1ac6695af988"},{"properties":{"displayName":"Microsoft
+ Managed Control 1273 - Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1273"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e77fcbf2-a1e8-44f1-860e-ed6583761e65","type":"Microsoft.Authorization/policyDefinitions","name":"e77fcbf2-a1e8-44f1-860e-ed6583761e65"},{"properties":{"displayName":"[Deprecated]:
Audit Web Sockets state for a Web Application","policyType":"BuiltIn","mode":"All","description":"The
Web Sockets protocol is vulnerable to different types of security threats.
Use of Web Sockets within a web application must be carefully reviewed.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e","type":"Microsoft.Authorization/policyDefinitions","name":"e797f851-8be7-4c40-bb56-2e3395215b0e"},{"properties":{"displayName":"Enforce
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e","type":"Microsoft.Authorization/policyDefinitions","name":"e797f851-8be7-4c40-bb56-2e3395215b0e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1169 - Continuous Monitoring | Trend Analyses","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1169"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e7ba2cb3-5675-4468-8b50-8486bdd998a5","type":"Microsoft.Authorization/policyDefinitions","name":"e7ba2cb3-5675-4468-8b50-8486bdd998a5"},{"properties":{"displayName":"Enforce
SSL connection should be enabled for MySQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any MySQL server that is not enforcing SSL connection. Azure
Database for MySQL supports connecting your Azure Database for MySQL server
@@ -7079,16 +10511,52 @@ interactions:
between your database server and your client applications helps protect against
''man in the middle'' attacks by encrypting the data stream between the server
and your application.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMySQL/servers"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","type":"Microsoft.Authorization/policyDefinitions","name":"e802a67a-daf5-4436-9ea6-f6d821dd0c5d"},{"properties":{"displayName":"Vulnerabilities
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMySQL/servers"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","type":"Microsoft.Authorization/policyDefinitions","name":"e802a67a-daf5-4436-9ea6-f6d821dd0c5d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1237 - Software Usage Restrictions | Open Source Software","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1237"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e80b6812-0bfa-4383-8223-cdd86a46a890","type":"Microsoft.Authorization/policyDefinitions","name":"e80b6812-0bfa-4383-8223-cdd86a46a890"},{"properties":{"displayName":"Vulnerabilities
in container security configurations should be remediated","policyType":"BuiltIn","mode":"All","description":"Audit
vulnerabilities in security configuration on machines with Docker installed
and display as recommendations in Azure Security Center.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ContainerBenchmark","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","type":"Microsoft.Authorization/policyDefinitions","name":"e8cbc669-f12d-49eb-93e7-9273119e9933"},{"properties":{"displayName":"Remote
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ContainerBenchmark","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","type":"Microsoft.Authorization/policyDefinitions","name":"e8cbc669-f12d-49eb-93e7-9273119e9933"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Data Lake Storage Gen1 to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Storage Gen1 to stream to a regional
+ Event Hub when any Data Lake Storage Gen1 which is missing this diagnostic
+ settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeStore/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e8d096bc-85de-4c5f-8cfb-857bd1b9d62d","type":"Microsoft.Authorization/policyDefinitions","name":"e8d096bc-85de-4c5f-8cfb-857bd1b9d62d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1626 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1626"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e8f6bddd-6d67-439a-88d4-c5fe39a79341","type":"Microsoft.Authorization/policyDefinitions","name":"e8f6bddd-6d67-439a-88d4-c5fe39a79341"},{"properties":{"displayName":"Microsoft
+ Managed Control 1502 - Rules Of Behavior | Social Media And Networking Restrictions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1502"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e901375c-8f01-4ac8-9183-d5312f47fe63","type":"Microsoft.Authorization/policyDefinitions","name":"e901375c-8f01-4ac8-9183-d5312f47fe63"},{"properties":{"displayName":"Microsoft
+ Managed Control 1723 - Information Input Validation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1723"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e91927a0-ac1d-44a0-95f8-5185f9dfce9f","type":"Microsoft.Authorization/policyDefinitions","name":"e91927a0-ac1d-44a0-95f8-5185f9dfce9f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1200 - Security Impact Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1200"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e98fe9d7-2ed3-44f8-93b7-24dca69783ff","type":"Microsoft.Authorization/policyDefinitions","name":"e98fe9d7-2ed3-44f8-93b7-24dca69783ff"},{"properties":{"displayName":"Microsoft
+ Managed Control 1487 - Alternate Work Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1487"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e9c3371d-c30c-4f58-abd9-30b8a8199571","type":"Microsoft.Authorization/policyDefinitions","name":"e9c3371d-c30c-4f58-abd9-30b8a8199571"},{"properties":{"displayName":"Remote
debugging should be turned off for API Apps","policyType":"BuiltIn","mode":"Indexed","description":"Remote
debugging requires inbound ports to be opened on an API apps. Remote debugging
should be turned off.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","type":"Microsoft.Authorization/policyDefinitions","name":"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e"},{"properties":{"displayName":"Inherit
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","type":"Microsoft.Authorization/policyDefinitions","name":"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1363 - Incident Handling | Automated Incident Handling Processes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1363"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ea3e8156-89a1-45b1-8bd6-938abc79fdfd","type":"Microsoft.Authorization/policyDefinitions","name":"ea3e8156-89a1-45b1-8bd6-938abc79fdfd"},{"properties":{"displayName":"Inherit
a tag from the resource group if missing","policyType":"BuiltIn","mode":"Indexed","description":"Adds
the specified tag with its value from the parent resource group when any resource
missing this tag is created or updated. Existing resources can be remediated
@@ -7100,7 +10568,24 @@ interactions:
Vault should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Key Vault not configured to use a virtual network service
endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"anyOf":[{"field":"Microsoft.KeyVault/vaults/networkAcls.defaultAction","notEquals":"Deny"},{"field":"Microsoft.KeyVault/vaults/networkAcls.virtualNetworkRules[*].id","exists":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ea4d6841-2173-4317-9747-ff522a45120f","type":"Microsoft.Authorization/policyDefinitions","name":"ea4d6841-2173-4317-9747-ff522a45120f"},{"properties":{"displayName":"Log
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"anyOf":[{"field":"Microsoft.KeyVault/vaults/networkAcls.defaultAction","notEquals":"Deny"},{"field":"Microsoft.KeyVault/vaults/networkAcls.virtualNetworkRules[*].id","exists":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ea4d6841-2173-4317-9747-ff522a45120f","type":"Microsoft.Authorization/policyDefinitions","name":"ea4d6841-2173-4317-9747-ff522a45120f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1422 - Maintenance Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1422"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ea556850-838d-4a37-8ce5-9d7642f95e11","type":"Microsoft.Authorization/policyDefinitions","name":"ea556850-838d-4a37-8ce5-9d7642f95e11"},{"properties":{"displayName":"Microsoft
+ Managed Control 1542 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1542"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eab340d0-3d55-4826-a0e5-feebfeb0131d","type":"Microsoft.Authorization/policyDefinitions","name":"eab340d0-3d55-4826-a0e5-feebfeb0131d"},{"properties":{"displayName":"Ensure
+ Function app has ''Client Certificates (Incoming client certificates)'' set
+ to ''On''","policyType":"BuiltIn","mode":"Indexed","description":"Client certificates
+ allow for the app to request a certificate for incoming requests. Only clients
+ that have a valid certificate will be able to reach the app.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"},{"field":"Microsoft.Web/sites/clientCertEnabled","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c","type":"Microsoft.Authorization/policyDefinitions","name":"eaebaea7-8013-4ceb-9d14-7eb32271373c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1064 - Remote Access | Privileged Commands / Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1064"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eb4d9508-cbf0-4a3c-bb5c-6c95b159f3fb","type":"Microsoft.Authorization/policyDefinitions","name":"eb4d9508-cbf0-4a3c-bb5c-6c95b159f3fb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1321 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1321"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eb627cc6-3a9d-46b5-96b7-5fca49178a37","type":"Microsoft.Authorization/policyDefinitions","name":"eb627cc6-3a9d-46b5-96b7-5fca49178a37"},{"properties":{"displayName":"Log
checkpoints should be enabled for PostgreSQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy helps audit any PostgreSQL databases in your environment without log_checkpoints
setting enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -7130,13 +10615,13 @@ interactions:
Configuration. This policy should only be used along with its corresponding
audit policy in an initiative. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid110"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid110"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","type":"Microsoft.Authorization/policyDefinitions","name":"ec49586f-4939-402d-a29e-6ff502b20592"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Administrative
Templates - Control Panel''","policyType":"BuiltIn","mode":"Indexed","description":"This
@@ -7148,7 +10633,13 @@ interactions:
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesControlPanel","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_AdministrativeTemplatesControlPanel"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ec7ac234-2af5-4729-94d2-c557c071799d","type":"Microsoft.Authorization/policyDefinitions","name":"ec7ac234-2af5-4729-94d2-c557c071799d"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ec7ac234-2af5-4729-94d2-c557c071799d","type":"Microsoft.Authorization/policyDefinitions","name":"ec7ac234-2af5-4729-94d2-c557c071799d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1241 - User-Installed Software | Alerts For Unauthorized Installations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1241"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eca4d7b2-65e2-4e04-95d4-c68606b063c3","type":"Microsoft.Authorization/policyDefinitions","name":"eca4d7b2-65e2-4e04-95d4-c68606b063c3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1622 - Boundary Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1622"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ecf56554-164d-499a-8d00-206b07c27bed","type":"Microsoft.Authorization/policyDefinitions","name":"ecf56554-164d-499a-8d00-206b07c27bed"},{"properties":{"displayName":"Deploy
Diagnostic Settings for Key Vault to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
the diagnostic settings for Key Vault to stream to a regional Event Hub when
any Key Vault which is missing this diagnostic settings is created or updated.","metadata":{"category":"Key
@@ -7164,16 +10655,78 @@ interactions:
logs","description":"Whether to enable logs stream to the Event Hub - True
or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vaultName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"resources":[{"type":"Microsoft.KeyVault/vaults/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''vaultName''),
''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"AuditEvent","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- diagnostic settings for '', parameters(''vaultName''))]"}}},"parameters":{"location":{"value":"[field(''location'')]"},"vaultName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ed7c8c13-51e7-49d1-8a43-8490431a0da2","type":"Microsoft.Authorization/policyDefinitions","name":"ed7c8c13-51e7-49d1-8a43-8490431a0da2"},{"properties":{"displayName":"Vulnerability
+ diagnostic settings for '', parameters(''vaultName''))]"}}},"parameters":{"location":{"value":"[field(''location'')]"},"vaultName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ed7c8c13-51e7-49d1-8a43-8490431a0da2","type":"Microsoft.Authorization/policyDefinitions","name":"ed7c8c13-51e7-49d1-8a43-8490431a0da2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1217 - Least Functionality | Periodic Review","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1217"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/edea4f20-b02c-4115-be75-86c080e5c0ed","type":"Microsoft.Authorization/policyDefinitions","name":"edea4f20-b02c-4115-be75-86c080e5c0ed"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Stream Analytics to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Stream Analytics to stream to a regional Event
+ Hub when any Stream Analytics which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingjobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.StreamAnalytics/streamingjobs/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Execution","enabled":"[parameters(''logsEnabled'')]"},{"category":"Authoring","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/edf3780c-3d70-40fe-b17e-ab72013dafca","type":"Microsoft.Authorization/policyDefinitions","name":"edf3780c-3d70-40fe-b17e-ab72013dafca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1189 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1189"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ee45e02a-4140-416c-82c4-fecfea660b9d","type":"Microsoft.Authorization/policyDefinitions","name":"ee45e02a-4140-416c-82c4-fecfea660b9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1089 - Security Awareness Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1089"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef080e67-0d1a-4f76-a0c5-fb9b0358485e","type":"Microsoft.Authorization/policyDefinitions","name":"ef080e67-0d1a-4f76-a0c5-fb9b0358485e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1314 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1314"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef0c8530-efd9-45b8-b753-f03083d06295","type":"Microsoft.Authorization/policyDefinitions","name":"ef0c8530-efd9-45b8-b753-f03083d06295"},{"properties":{"displayName":"Microsoft
+ Managed Control 1128 - Time Stamps","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1128"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef212163-3bc4-4e86-bcf8-705127086393","type":"Microsoft.Authorization/policyDefinitions","name":"ef212163-3bc4-4e86-bcf8-705127086393"},{"properties":{"displayName":"Vulnerability
assessment should be enabled on your SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"Audit
Azure SQL servers which do not have recurring vulnerability assessment scans
enabled. Vulnerability assessment can discover, track, and help you remediate
potential database vulnerabilities.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/vulnerabilityAssessments/recurringScans.isEnabled","equals":"True"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","type":"Microsoft.Authorization/policyDefinitions","name":"ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9"},{"properties":{"displayName":"The
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/vulnerabilityAssessments/recurringScans.isEnabled","equals":"True"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","type":"Microsoft.Authorization/policyDefinitions","name":"ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Event Hub to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Event Hub to stream to a regional Event Hub when
+ any Event Hub which is missing this diagnostic settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.EventHub/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ArchiveLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"AutoScaleLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"KafkaCoordinatorLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"EventHubVNetConnectionEvent","enabled":"[parameters(''logsEnabled'')]"},{"category":"CustomerManagedKeyUserLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef7b61ef-b8e4-4c91-8e78-6946c6b0023f","type":"Microsoft.Authorization/policyDefinitions","name":"ef7b61ef-b8e4-4c91-8e78-6946c6b0023f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1472 - Emergency Shutoff","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1472"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef869332-921d-4c28-9402-3be73e6e50c8","type":"Microsoft.Authorization/policyDefinitions","name":"ef869332-921d-4c28-9402-3be73e6e50c8"},{"properties":{"displayName":"The
Log Analytics agent should be installed on Virtual Machine Scale Sets","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Windows/Linux Virtual Machine Scale Sets if the Log Analytics
agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","in":["MicrosoftMonitoringAgent","OmsAgentForLinux"]},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/provisioningState","equals":"Succeeded"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/settings.workspaceId","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf","type":"Microsoft.Authorization/policyDefinitions","name":"efbde977-ba53-4479-b8e9-10b957924fbf"},{"properties":{"displayName":"Deploy
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","in":["MicrosoftMonitoringAgent","OmsAgentForLinux"]},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/provisioningState","equals":"Succeeded"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/settings.workspaceId","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf","type":"Microsoft.Authorization/policyDefinitions","name":"efbde977-ba53-4479-b8e9-10b957924fbf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1012 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1012"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/efd7b9ae-1db6-4eb6-b0fe-87e6565f9738","type":"Microsoft.Authorization/policyDefinitions","name":"efd7b9ae-1db6-4eb6-b0fe-87e6565f9738"},{"properties":{"displayName":"Microsoft
+ Managed Control 1358 - Incident Response Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1358"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/effbaeef-5bf4-400d-895e-ef8cbc0e64c7","type":"Microsoft.Authorization/policyDefinitions","name":"effbaeef-5bf4-400d-895e-ef8cbc0e64c7"},{"properties":{"displayName":"Ensure
+ that Register with Azure Active Directory is enabled on Function App","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0473e7a-a1ba-4e86-afb2-e829e11b01d8","type":"Microsoft.Authorization/policyDefinitions","name":"f0473e7a-a1ba-4e86-afb2-e829e11b01d8"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that have the specified applications installed","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
that have the specified applications installed. It also creates a system-assigned
@@ -7192,7 +10745,16 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]NotInstalledApplicationResource1;Name","value":"[parameters(''ApplicationName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2","type":"Microsoft.Authorization/policyDefinitions","name":"f0633351-c7b2-41ff-9981-508fc08553c2"},{"properties":{"displayName":"Virtual
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2","type":"Microsoft.Authorization/policyDefinitions","name":"f0633351-c7b2-41ff-9981-508fc08553c2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1531 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1531"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0643e0c-eee5-4113-8684-c608d05c5236","type":"Microsoft.Authorization/policyDefinitions","name":"f0643e0c-eee5-4113-8684-c608d05c5236"},{"properties":{"displayName":"Latest
+ TLS version should be used in your Web App","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
+ to the latest TLS version","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","type":"Microsoft.Authorization/policyDefinitions","name":"f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1028 - Information Flow Enforcement","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1028"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f171df5c-921b-41e9-b12b-50801c315475","type":"Microsoft.Authorization/policyDefinitions","name":"f171df5c-921b-41e9-b12b-50801c315475"},{"properties":{"displayName":"Virtual
networks should use specified virtual network gateway","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any virtual network if the default route does not point to the
specified virtual network gateway.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -7207,13 +10769,13 @@ interactions:
managed identity and deploys the VM extension for Guest Configuration. This
policy should only be used along with its corresponding audit policy in an
initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid121"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid121"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","type":"Microsoft.Authorization/policyDefinitions","name":"f19aa1c1-6b91-4c27-ae6a-970279f03db9"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Adminstrative
Templates - MSS (Legacy)''","policyType":"BuiltIn","mode":"Indexed","description":"This
@@ -7225,7 +10787,24 @@ interactions:
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdminstrativeTemplatesMSSLegacy","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_AdminstrativeTemplatesMSSLegacy"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f1f4825d-58fb-4257-8016-8c00e3c9ed9d","type":"Microsoft.Authorization/policyDefinitions","name":"f1f4825d-58fb-4257-8016-8c00e3c9ed9d"},{"properties":{"displayName":"Show
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f1f4825d-58fb-4257-8016-8c00e3c9ed9d","type":"Microsoft.Authorization/policyDefinitions","name":"f1f4825d-58fb-4257-8016-8c00e3c9ed9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1701 - Information System Monitoring | Host-Based Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1701"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f25bc08f-27cb-43b6-9a23-014d00700426","type":"Microsoft.Authorization/policyDefinitions","name":"f25bc08f-27cb-43b6-9a23-014d00700426"},{"properties":{"displayName":"Microsoft
+ Managed Control 1457 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1457"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f2d9d3e6-8886-4305-865d-639163e5c305","type":"Microsoft.Authorization/policyDefinitions","name":"f2d9d3e6-8886-4305-865d-639163e5c305"},{"properties":{"displayName":"Microsoft
+ Managed Control 1309 - Identification And Authentication (Org. Users) | Acceptance
+ Of Piv Credentials","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1309"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f355d62b-39a8-4ba3-abf7-90f71cb3b000","type":"Microsoft.Authorization/policyDefinitions","name":"f355d62b-39a8-4ba3-abf7-90f71cb3b000"},{"properties":{"displayName":"Microsoft
+ Managed Control 1615 - System And Communications Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1615"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f35e02aa-0a55-49f8-8811-8abfa7e6f2c0","type":"Microsoft.Authorization/policyDefinitions","name":"f35e02aa-0a55-49f8-8811-8abfa7e6f2c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1255 - Contingency Plan | Continue Essential Missions / Business
+ Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1255"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f3793f5e-937f-44f7-bfba-40647ef3efa0","type":"Microsoft.Authorization/policyDefinitions","name":"f3793f5e-937f-44f7-bfba-40647ef3efa0"},{"properties":{"displayName":"Show
audit results from Windows VMs in which the Administrators group does not
contain all of the specified members","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -7241,7 +10820,10 @@ interactions:
VMs that do not contain the specified certificates in the Trusted Root Certification
Authorities certificate store (Cert:\\LocalMachine\\Root). For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsCertificateInTrustedRoot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f3b9ad83-000d-4dc1-bff0-6d54533dd03f","type":"Microsoft.Authorization/policyDefinitions","name":"f3b9ad83-000d-4dc1-bff0-6d54533dd03f"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsCertificateInTrustedRoot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f3b9ad83-000d-4dc1-bff0-6d54533dd03f","type":"Microsoft.Authorization/policyDefinitions","name":"f3b9ad83-000d-4dc1-bff0-6d54533dd03f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1706 - Security Alerts, Advisories, And Directives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1706"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f475ee0e-f560-4c9b-876b-04a77460a404","type":"Microsoft.Authorization/policyDefinitions","name":"f475ee0e-f560-4c9b-876b-04a77460a404"},{"properties":{"displayName":"[Preview]:
Audit Log Analytics Workspace for VM - Report Mismatch","policyType":"BuiltIn","mode":"Indexed","description":"Reports
VMs as non-compliant if they not logging to the LA workspace specified in
the policy/initiative assignment.","metadata":{"category":"Monitoring"},"parameters":{"logAnalyticsWorkspaceId":{"type":"String","metadata":{"displayName":"Log
@@ -7258,7 +10840,9 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that do not have the password complexity setting enabled.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","type":"Microsoft.Authorization/policyDefinitions","name":"f48b2913-1dc5-4834-8c72-ccc1dfd819bb"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","type":"Microsoft.Authorization/policyDefinitions","name":"f48b2913-1dc5-4834-8c72-ccc1dfd819bb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1495 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1495"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f4978d0e-a596-48e7-9f8c-bbf52554ce8d","type":"Microsoft.Authorization/policyDefinitions","name":"f4978d0e-a596-48e7-9f8c-bbf52554ce8d"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that have not restarted within the
specified number of days","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -7293,7 +10877,13 @@ interactions:
0, 3)]","storageName":"[tolower(concat(''sqlaudit'', variables(''locationCode''),
variables(''uniqueStorage'')))]","createStorageAccountDeploymentName":"[concat(''sqlServerAuditingStorageAccount-'',
uniqueString(variables(''locationCode''), parameters(''serverName'')))]"},"resources":[{"apiVersion":"2017-05-10","name":"[variables(''createStorageAccountDeploymentName'')]","type":"Microsoft.Resources/deployments","resourceGroup":"[parameters(''storageAccountsResourceGroup'')]","properties":{"mode":"Incremental","parameters":{"location":{"value":"[parameters(''location'')]"},"storageName":{"value":"[variables(''storageName'')]"}},"templateLink":{"uri":"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json","contentVersion":"1.0.0.0"}}},{"name":"[concat(parameters(''serverName''),
- ''/Default'')]","type":"Microsoft.Sql/servers/auditingSettings","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","storageEndpoint":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountEndPoint.value]","storageAccountAccessKey":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountKey.value]","retentionDays":"[variables(''retentionDays'')]","auditActionsAndGroups":null,"storageAccountSubscriptionId":"[subscription().subscriptionId]","isStorageSecondaryKeyInUse":false}}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"auditRetentionDays":{"value":"[parameters(''retentionDays'')]"},"storageAccountsResourceGroup":{"value":"[parameters(''storageAccountsResourceGroup'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036","type":"Microsoft.Authorization/policyDefinitions","name":"f4c68484-132f-41f9-9b6d-3e4b1cb55036"},{"properties":{"displayName":"[Preview]:
+ ''/Default'')]","type":"Microsoft.Sql/servers/auditingSettings","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","storageEndpoint":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountEndPoint.value]","storageAccountAccessKey":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountKey.value]","retentionDays":"[variables(''retentionDays'')]","auditActionsAndGroups":null,"storageAccountSubscriptionId":"[subscription().subscriptionId]","isStorageSecondaryKeyInUse":false}}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"auditRetentionDays":{"value":"[parameters(''retentionDays'')]"},"storageAccountsResourceGroup":{"value":"[parameters(''storageAccountsResourceGroup'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036","type":"Microsoft.Authorization/policyDefinitions","name":"f4c68484-132f-41f9-9b6d-3e4b1cb55036"},{"properties":{"displayName":"Microsoft
+ Managed Control 1469 - Power Equipment And Cabling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1469"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd","type":"Microsoft.Authorization/policyDefinitions","name":"f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1618 - Security Function Isolation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1618"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f52f89aa-4489-4ec4-950e-8c96a036baa9","type":"Microsoft.Authorization/policyDefinitions","name":"f52f89aa-4489-4ec4-950e-8c96a036baa9"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Network Access''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -7329,13 +10919,42 @@ interactions:
access: Remotely accessible registry paths;ExpectedValue","value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPaths'')]"},{"name":"Network
access: Remotely accessible registry paths and sub-paths;ExpectedValue","value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths'')]"},{"name":"Network
access: Shares that can be accessed anonymously;ExpectedValue","value":"[parameters(''NetworkAccessSharesThatCanBeAccessedAnonymously'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f56a3ab2-89d1-44de-ac0d-2ada5962e22a","type":"Microsoft.Authorization/policyDefinitions","name":"f56a3ab2-89d1-44de-ac0d-2ada5962e22a"},{"properties":{"displayName":"Virtual
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f56a3ab2-89d1-44de-ac0d-2ada5962e22a","type":"Microsoft.Authorization/policyDefinitions","name":"f56a3ab2-89d1-44de-ac0d-2ada5962e22a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1198 - Configuration Change Control | Security Representative","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1198"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f56be5c3-660b-4c61-9078-f67cf072c356","type":"Microsoft.Authorization/policyDefinitions","name":"f56be5c3-660b-4c61-9078-f67cf072c356"},{"properties":{"displayName":"Microsoft
+ Managed Control 1328 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1328"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f5c66fdc-3d02-4034-9db5-ba57802609de","type":"Microsoft.Authorization/policyDefinitions","name":"f5c66fdc-3d02-4034-9db5-ba57802609de"},{"properties":{"displayName":"Microsoft
+ Managed Control 1193 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1193"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f5fd629f-3075-4cae-ab53-bad65495a4ac","type":"Microsoft.Authorization/policyDefinitions","name":"f5fd629f-3075-4cae-ab53-bad65495a4ac"},{"properties":{"displayName":"Virtual
machines should be associated with a Network Security Group","policyType":"BuiltIn","mode":"All","description":"Protect
your VM from potential threats by restricting access to it with a Network
Security Group (NSG). NSGs contain a list of Access Control List (ACL) rules
that allow or deny network traffic to your VM from other instances, in or
outside the same subnet.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnVirtualMachines","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","type":"Microsoft.Authorization/policyDefinitions","name":"f6de0be7-9a8a-4b8a-b349-43cf02d22f7c"},{"properties":{"displayName":"Show
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnVirtualMachines","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","type":"Microsoft.Authorization/policyDefinitions","name":"f6de0be7-9a8a-4b8a-b349-43cf02d22f7c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1214 - Least Functionality","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1214"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f714a4e2-b580-47b6-ae8c-f2812d3750f3","type":"Microsoft.Authorization/policyDefinitions","name":"f714a4e2-b580-47b6-ae8c-f2812d3750f3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1591 - External Information System Services | Ident. Of Functions
+ / Ports / Protocols / Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1591"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f751cdb7-fbee-406b-969b-815d367cb9b3","type":"Microsoft.Authorization/policyDefinitions","name":"f751cdb7-fbee-406b-969b-815d367cb9b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1330 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1330"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f75cedb2-5def-4b31-973e-b69e8c7bd031","type":"Microsoft.Authorization/policyDefinitions","name":"f75cedb2-5def-4b31-973e-b69e8c7bd031"},{"properties":{"displayName":"Microsoft
+ Managed Control 1540 - Security Categorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1540"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f771f8cb-6642-45cc-9a15-8a41cd5c6977","type":"Microsoft.Authorization/policyDefinitions","name":"f771f8cb-6642-45cc-9a15-8a41cd5c6977"},{"properties":{"displayName":"Microsoft
+ Managed Control 1449 - Physical Access Authorizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1449"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f784d3b0-5f2b-49b7-b9f3-00ba8653ced5","type":"Microsoft.Authorization/policyDefinitions","name":"f784d3b0-5f2b-49b7-b9f3-00ba8653ced5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1506 - Personnel Security Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1506"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f7d2ff17-d604-4dd9-b607-9ecf63f28ad2","type":"Microsoft.Authorization/policyDefinitions","name":"f7d2ff17-d604-4dd9-b607-9ecf63f28ad2"},{"properties":{"displayName":"Show
audit results from Windows VMs that do not have the specified Windows PowerShell
execution policy","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -7343,11 +10962,20 @@ interactions:
auditing Windows virtual machines where Windows PowerShell is not configured
to use the specified PowerShell execution policy. For more information on
Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellExecutionPolicy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8036bd0-c10b-4931-86bb-94a878add855","type":"Microsoft.Authorization/policyDefinitions","name":"f8036bd0-c10b-4931-86bb-94a878add855"},{"properties":{"displayName":"External
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellExecutionPolicy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8036bd0-c10b-4931-86bb-94a878add855","type":"Microsoft.Authorization/policyDefinitions","name":"f8036bd0-c10b-4931-86bb-94a878add855"},{"properties":{"displayName":"Microsoft
+ Managed Control 1705 - Security Alerts, Advisories, And Directives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1705"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f82e3639-fa2b-4e06-a786-932d8379b972","type":"Microsoft.Authorization/policyDefinitions","name":"f82e3639-fa2b-4e06-a786-932d8379b972"},{"properties":{"displayName":"External
accounts with owner permissions should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"External
accounts with owner permissions should be removed from your subscription in
order to prevent unmonitored access.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","type":"Microsoft.Authorization/policyDefinitions","name":"f8456c1c-aa66-4dfb-861a-25d127b775c9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","type":"Microsoft.Authorization/policyDefinitions","name":"f8456c1c-aa66-4dfb-861a-25d127b775c9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1345 - Cryptographic Module Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1345"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f86aa129-7c07-4aa4-bbf5-792d93ffd9ea","type":"Microsoft.Authorization/policyDefinitions","name":"f86aa129-7c07-4aa4-bbf5-792d93ffd9ea"},{"properties":{"displayName":"Microsoft
+ Managed Control 1065 - Remote Access | Privileged Commands / Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1065"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f87b8085-dca9-4cf1-8f7b-9822b997797c","type":"Microsoft.Authorization/policyDefinitions","name":"f87b8085-dca9-4cf1-8f7b-9822b997797c"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - System''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -7372,20 +11000,69 @@ interactions:
your network is compromised","metadata":{"category":"Service Bus"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","type":"Microsoft.Authorization/policyDefinitions","name":"f8d36e2f-389b-4ee4-898d-21aeb69a0f45"},{"properties":{"displayName":"Diagnostic
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","type":"Microsoft.Authorization/policyDefinitions","name":"f8d36e2f-389b-4ee4-898d-21aeb69a0f45"},{"properties":{"displayName":"Microsoft
+ Managed Control 1203 - Access Restrictions For Change | Automated Access Enforcement
+ / Auditing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1203"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9012d14-e3e6-4d7b-b926-9f37b5537066","type":"Microsoft.Authorization/policyDefinitions","name":"f9012d14-e3e6-4d7b-b926-9f37b5537066"},{"properties":{"displayName":"Microsoft
+ Managed Control 1697 - Information System Monitoring | Analyze Traffic / Covert
+ Exfiltration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1697"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9873db2-18ad-46b3-a11a-1a1f8cbf0335","type":"Microsoft.Authorization/policyDefinitions","name":"f9873db2-18ad-46b3-a11a-1a1f8cbf0335"},{"properties":{"displayName":"Microsoft
+ Managed Control 1478 - Fire Protection | Suppression Devices / Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1478"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f997df46-cfbb-4cc8-aac8-3fecdaf6a183","type":"Microsoft.Authorization/policyDefinitions","name":"f997df46-cfbb-4cc8-aac8-3fecdaf6a183"},{"properties":{"displayName":"Microsoft
+ Managed Control 1535 - Personnel Sanctions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1535"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9a165d2-967d-4733-8399-1074270dae2e","type":"Microsoft.Authorization/policyDefinitions","name":"f9a165d2-967d-4733-8399-1074270dae2e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1108 - Content Of Audit Records | Additional Audit Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1108"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9ad559e-c12d-415e-9a78-e50fdd7da7ba","type":"Microsoft.Authorization/policyDefinitions","name":"f9ad559e-c12d-415e-9a78-e50fdd7da7ba"},{"properties":{"displayName":"Diagnostic
logs in Azure Stream Analytics should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Stream Analytics"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingJobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","type":"Microsoft.Authorization/policyDefinitions","name":"f9be5368-9bf5-4b84-9e0a-7850da98bb46"},{"properties":{"displayName":"[Preview]:
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingJobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","type":"Microsoft.Authorization/policyDefinitions","name":"f9be5368-9bf5-4b84-9e0a-7850da98bb46"},{"properties":{"displayName":"Latest
+ TLS version should be used in your Function App","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
+ to the latest TLS version","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","type":"Microsoft.Authorization/policyDefinitions","name":"f9d614c5-c173-4d56-95a7-b4437057d193"},{"properties":{"displayName":"Microsoft
+ Managed Control 1280 - Telecommunications Services | Priority Of Service Provisions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1280"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fa108498-b3a8-4ffb-9e79-1107e76afad3","type":"Microsoft.Authorization/policyDefinitions","name":"fa108498-b3a8-4ffb-9e79-1107e76afad3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1037 - Least Privilege | Network Access To Privileged Commands","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1037"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fa4c2a3d-1294-41a3-9ada-0e540471e9fb","type":"Microsoft.Authorization/policyDefinitions","name":"fa4c2a3d-1294-41a3-9ada-0e540471e9fb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1435 - Media Transport","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1435"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fa8d221b-d130-4637-ba16-501e666628bb","type":"Microsoft.Authorization/policyDefinitions","name":"fa8d221b-d130-4637-ba16-501e666628bb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1675 - Flaw Remediation | Time To Remediate Flaws / Benchmarks
+ For Corrective Actions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1675"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/facb66e0-1c48-478a-bed5-747a312323e1","type":"Microsoft.Authorization/policyDefinitions","name":"facb66e0-1c48-478a-bed5-747a312323e1"},{"properties":{"displayName":"Deploy
+ prerequisites to enable Guest Configuration Policy on Linux VMs.","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a system-assigned managed identity and deploys the VM extension
+ for Guest Configuration on Linux VMs. This is a prerequisites for Guest Configuration
+ Policy and must be assigned to the scope before using any Guest Configuration
+ policy. For more information on Guest Configuration policies, please visit
+ https://aka.ms/gcpol.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.Compute/virtualMachines/extensions","name":"AzurePolicyforLinux","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.GuestConfiguration"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"ConfigurationforLinux"}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"resources":[{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}}}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb27e9e0-526e-4ae1-89f2-a2a0bf0f8a50","type":"Microsoft.Authorization/policyDefinitions","name":"fb27e9e0-526e-4ae1-89f2-a2a0bf0f8a50"},{"properties":{"displayName":"Microsoft
+ Managed Control 1086 - Publicly Accessible Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1086"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb321e6f-16a0-4be3-878f-500956e309c5","type":"Microsoft.Authorization/policyDefinitions","name":"fb321e6f-16a0-4be3-878f-500956e309c5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1222 - Information System Component Inventory","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1222"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb39e62f-6bda-4558-8088-ec03d5670914","type":"Microsoft.Authorization/policyDefinitions","name":"fb39e62f-6bda-4558-8088-ec03d5670914"},{"properties":{"displayName":"[Preview]:
Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
your Kubernetes service cluster to a later Kubernetes version to protect against
known vulnerabilities in your current Kubernetes version. Vulnerability CVE-2019-9946
has been patched in Kubernetes versions 1.11.9+, 1.12.7+, 1.13.5+, and 1.14.0+","metadata":{"category":"Security
Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.13.4","1.13.3","1.13.2","1.13.1","1.13.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.12.6","1.12.5","1.12.4","1.12.3","1.12.2","1.12.1","1.12.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.11.8","1.11.7","1.11.6","1.11.5","1.11.4","1.11.3","1.11.2","1.11.1","1.11.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.10.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.9.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.8.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.7.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.6.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.5.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.4.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.3.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.2.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.1.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.0.*"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","type":"Microsoft.Authorization/policyDefinitions","name":"fb893a29-21bb-418c-a157-e99480ec364c"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.13.4","1.13.3","1.13.2","1.13.1","1.13.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.12.6","1.12.5","1.12.4","1.12.3","1.12.2","1.12.1","1.12.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.11.8","1.11.7","1.11.6","1.11.5","1.11.4","1.11.3","1.11.2","1.11.1","1.11.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.10.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.9.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.8.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.7.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.6.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.5.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.4.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.3.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.2.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.1.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.0.*"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","type":"Microsoft.Authorization/policyDefinitions","name":"fb893a29-21bb-418c-a157-e99480ec364c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1075 - Access Control For Mobile Devices | Full Device / Container-Based Encryption","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1075"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fc933d22-04df-48ed-8f87-22a3773d4309","type":"Microsoft.Authorization/policyDefinitions","name":"fc933d22-04df-48ed-8f87-22a3773d4309"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Microsoft Network Client''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -7393,7 +11070,35 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - Microsoft Network Client''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkClient","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fcbc55c9-f25a-4e55-a6cb-33acb3be778b","type":"Microsoft.Authorization/policyDefinitions","name":"fcbc55c9-f25a-4e55-a6cb-33acb3be778b"},{"properties":{"displayName":"Show
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkClient","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fcbc55c9-f25a-4e55-a6cb-33acb3be778b","type":"Microsoft.Authorization/policyDefinitions","name":"fcbc55c9-f25a-4e55-a6cb-33acb3be778b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1318 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1318"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fced5fda-3bdb-4d73-bfea-0e2c80428b66","type":"Microsoft.Authorization/policyDefinitions","name":"fced5fda-3bdb-4d73-bfea-0e2c80428b66"},{"properties":{"displayName":"Microsoft
+ Managed Control 1543 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1543"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd00b778-b5b5-49c0-a994-734ea7bd3624","type":"Microsoft.Authorization/policyDefinitions","name":"fd00b778-b5b5-49c0-a994-734ea7bd3624"},{"properties":{"displayName":"Microsoft
+ Managed Control 1707 - Security Alerts, Advisories, And Directives | Automated
+ Alerts And Advisories","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1707"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd4a2ac8-868a-4702-a345-6c896c3361ce","type":"Microsoft.Authorization/policyDefinitions","name":"fd4a2ac8-868a-4702-a345-6c896c3361ce"},{"properties":{"displayName":"Microsoft
+ Managed Control 1299 - Identification And Authentication Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1299"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd4e54f7-9ab0-4bae-b6cc-457809948a89","type":"Microsoft.Authorization/policyDefinitions","name":"fd4e54f7-9ab0-4bae-b6cc-457809948a89"},{"properties":{"displayName":"Microsoft
+ Managed Control 1627 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1627"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd73310d-76fc-422d-bda4-3a077149f179","type":"Microsoft.Authorization/policyDefinitions","name":"fd73310d-76fc-422d-bda4-3a077149f179"},{"properties":{"displayName":"Microsoft
+ Managed Control 1130 - Time Stamps | Synchronization With Authoritative Time
+ Source","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1130"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd7c4c1d-51ee-4349-9dab-89a7f8c8d102","type":"Microsoft.Authorization/policyDefinitions","name":"fd7c4c1d-51ee-4349-9dab-89a7f8c8d102"},{"properties":{"displayName":"Microsoft
+ Managed Control 1611 - Developer-Provided Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1611"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f","type":"Microsoft.Authorization/policyDefinitions","name":"fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1405 - Maintenance Tools | Inspect Tools","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1405"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b","type":"Microsoft.Authorization/policyDefinitions","name":"fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1613 - Developer Security Architecture And Design","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1613"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fe2ad78b-8748-4bff-a924-f74dfca93f30","type":"Microsoft.Authorization/policyDefinitions","name":"fe2ad78b-8748-4bff-a924-f74dfca93f30"},{"properties":{"displayName":"Show
audit results from Linux VMs that do not have the specified applications installed","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
@@ -7403,8 +11108,20 @@ interactions:
on your SQL databases should be remediated","policyType":"BuiltIn","mode":"Indexed","description":"Monitor
Vulnerability Assessment scan results and recommendations for how to remediate
database vulnerabilities.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Sql/servers/databases","Microsoft.Sql/managedinstances/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"sqlVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","type":"Microsoft.Authorization/policyDefinitions","name":"feedbf84-6b99-488c-acc2-71c829aa5ffc"},{"properties":{"displayName":"[Limited
- Preview]: Ensure containers listen only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Sql/servers/databases","Microsoft.Sql/managedinstances/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"sqlVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","type":"Microsoft.Authorization/policyDefinitions","name":"feedbf84-6b99-488c-acc2-71c829aa5ffc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1407 - Maintenance Tools | Prevent Unauthorized Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1407"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ff9fbd83-1d8d-4b41-aac2-94cb44b33976","type":"Microsoft.Authorization/policyDefinitions","name":"ff9fbd83-1d8d-4b41-aac2-94cb44b33976"},{"properties":{"displayName":"Microsoft
+ Managed Control 1158 - Security Authorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1158"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fff50cf2-28eb-45b4-b378-c99412688907","type":"Microsoft.Authorization/policyDefinitions","name":"fff50cf2-28eb-45b4-b378-c99412688907"},{"properties":{"displayName":"[Preview]:
+ Manage certificate validity period","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the maximum validity period for certificates in months.","metadata":{"category":"Key
+ Vault","preview":true},"parameters":{"maximumValidityInMonths":{"type":"Integer","metadata":{"displayName":"The
+ maximum validity in months","description":"The limit to how long a certificate
+ may be valid for. Certificates with lengthy validity periods aren''t best
+ practice."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/properties.validityInMonths","greater":"[parameters(''maximumValidityInMonths'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560","type":"Microsoft.Authorization/policyDefinitions","name":"0a075868-4c26-42ef-914c-5bc007359560"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Ensure containers listen only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces containers to listen only on allowed ports in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
@@ -7412,8 +11129,25 @@ interactions:
service"},"parameters":{"allowedContainerPortsRegex":{"type":"String","metadata":{"displayName":"Allowed
container ports regex","description":"Regex representing container ports allowed
in Kubernetes cluster. E.g. Regex for allowing ports 443,446 is ^(443|446)$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerAllowedPorts","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-allowed-ports/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedContainerPortsRegex":"[parameters(''allowedContainerPortsRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f636243-1b1c-4d50-880f-310f6199f2cb","type":"Microsoft.Authorization/policyDefinitions","name":"0f636243-1b1c-4d50-880f-310f6199f2cb"},{"properties":{"displayName":"[Limited
- Preview]: Enforce labels on pods in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerAllowedPorts","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-allowed-ports/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedContainerPortsRegex":"[parameters(''allowedContainerPortsRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f636243-1b1c-4d50-880f-310f6199f2cb","type":"Microsoft.Authorization/policyDefinitions","name":"0f636243-1b1c-4d50-880f-310f6199f2cb"},{"properties":{"displayName":"[Preview]:
+ Manage allowed certificate key types","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the allowed key types for certificates.","metadata":{"category":"Key
+ Vault","preview":true},"parameters":{"allowedKeyTypes":{"type":"Array","metadata":{"displayName":"Allowed
+ key types","description":"The list of allowed certificate key types."},"allowedValues":["RSA","RSA-HSM","EC","EC-HSM"],"defaultValue":["RSA","RSA-HSM"]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType","notIn":"[parameters(''allowedKeyTypes'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f","type":"Microsoft.Authorization/policyDefinitions","name":"1151cede-290b-4ba0-8b38-0ad145ac888f"},{"properties":{"displayName":"[Preview]:
+ Manage certificate lifetime action triggers","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the configuration for certificate lifetime action triggers
+ before certificate expiration.","metadata":{"category":"Key Vault","preview":true},"parameters":{"maximumPercentageLife":{"type":"Integer","metadata":{"displayName":"The
+ maximum lifetime percentage","description":"Enter the percentage of lifetime
+ of the certificate when you want to trigger the policy action. For example,
+ to trigger a policy action at 80% of the certificate''s valid life, enter
+ ''80''."}},"minimumDaysBeforeExpiry":{"type":"Integer","metadata":{"displayName":"The
+ minimum days before expiry","description":"Enter the days before expiration
+ of the certificate when you want to trigger the policy action. For example,
+ to trigger a policy action 90 days before the certificate''s expiration, enter
+ ''90''."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.daysBeforeExpiry","exists":"True"},{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.daysBeforeExpiry","less":"[parameters(''minimumDaysBeforeExpiry'')]"}]},{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.lifetimePercentage","exists":"True"},{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.lifetimePercentage","greater":"[parameters(''maximumPercentageLife'')]"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417","type":"Microsoft.Authorization/policyDefinitions","name":"12ef42cb-9903-4e39-9c26-422d29570417"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Enforce labels on pods in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces the specified labels are provided for pods in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
@@ -7421,8 +11155,20 @@ interactions:
service"},"parameters":{"commaSeparatedListOfLabels":{"type":"String","metadata":{"displayName":"Comma-separated
list of labels","description":"A comma-separated list of labels to be specified
on Pods in Kubernetes cluster. E.g. test1,test2"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"PodEnforceLabels","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/pod-enforce-labels/limited-preview/gatekeeperpolicy.rego","policyParameters":{"commaSeparatedListOfLabels":"[parameters(''commaSeparatedListOfLabels'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16c6ca72-89d2-4798-b87e-496f9de7fcb7","type":"Microsoft.Authorization/policyDefinitions","name":"16c6ca72-89d2-4798-b87e-496f9de7fcb7"},{"properties":{"displayName":"[Limited
- Preview]: Ensure services listen only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"PodEnforceLabels","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/pod-enforce-labels/limited-preview/gatekeeperpolicy.rego","policyParameters":{"commaSeparatedListOfLabels":"[parameters(''commaSeparatedListOfLabels'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16c6ca72-89d2-4798-b87e-496f9de7fcb7","type":"Microsoft.Authorization/policyDefinitions","name":"16c6ca72-89d2-4798-b87e-496f9de7fcb7"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Enforce HTTPS ingress in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces HTTPS ingress in a Kubernetes cluster. For instructions on
+ using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-https-only/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-https-only/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d","type":"Microsoft.Authorization/policyDefinitions","name":"1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Ensure services listen only on allowed ports in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces services to listen only on allowed ports in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"allowedServicePortsList":{"type":"Array","metadata":{"displayName":"Allowed
+ service ports list","description":"The list of service ports allowed in a
+ Kubernetes cluster."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/service-allowed-ports/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/service-allowed-ports/constraint.yaml","values":{"allowedServicePorts":"[parameters(''allowedServicePortsList'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/233a2a17-77ca-4fb1-9b6b-69223d272a44","type":"Microsoft.Authorization/policyDefinitions","name":"233a2a17-77ca-4fb1-9b6b-69223d272a44"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Ensure services listen only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces services to listen only on allowed ports in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
@@ -7431,14 +11177,34 @@ interactions:
service ports regex","description":"Regex representing service ports allowed
in Kubernetes cluster. E.g. Regex for allowing ports 443,446 is ^(443|446)$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ServiceAllowedPorts","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/service-allowed-ports/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedServicePortsRegex":"[parameters(''allowedServicePortsRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/25dee3db-6ce0-4c02-ab5d-245887b24077","type":"Microsoft.Authorization/policyDefinitions","name":"25dee3db-6ce0-4c02-ab5d-245887b24077"},{"properties":{"displayName":"[Limited
- Preview]: Enforce HTTPS ingress in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ Preview]: [AKS] Enforce HTTPS ingress in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces HTTPS ingress in an Azure Kubernetes Service cluster. Limited
Preview policies only work for registered subscriptions. To register, please
go to https://aka.ms/akspolicyonboarding. For instruction on using this policy,
please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"HttpsIngressOnly","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-https-only/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fbff515-eecc-4b7e-9b63-fcc7138b7dc3","type":"Microsoft.Authorization/policyDefinitions","name":"2fbff515-eecc-4b7e-9b63-fcc7138b7dc3"},{"properties":{"displayName":"[Limited
- Preview]: Ensure only allowed container images in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"HttpsIngressOnly","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-https-only/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fbff515-eecc-4b7e-9b63-fcc7138b7dc3","type":"Microsoft.Authorization/policyDefinitions","name":"2fbff515-eecc-4b7e-9b63-fcc7138b7dc3"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Enforce internal load balancers in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces load balancers do not have public IPs in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/load-balancer-no-public-ips/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/load-balancer-no-public-ips/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e","type":"Microsoft.Authorization/policyDefinitions","name":"3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Ensure containers listen only on allowed ports in Kubernetes
+ cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces containers to listen only on allowed ports in a Kubernetes
+ cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"allowedContainerPortsList":{"type":"Array","metadata":{"displayName":"Allowed
+ container ports list","description":"The list of container ports allowed in
+ a Kubernetes cluster."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-ports/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-ports/constraint.yaml","values":{"allowedContainerPorts":"[parameters(''allowedContainerPortsList'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/440b515e-a580-421e-abeb-b159a61ddcbc","type":"Microsoft.Authorization/policyDefinitions","name":"440b515e-a580-421e-abeb-b159a61ddcbc"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Enforce labels on pods in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces the specified labels are provided for pods in a Kubernetes
+ cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"labelsList":{"type":"Array","metadata":{"displayName":"List
+ of labels","description":"The list of labels to be specified on Pods in a
+ Kubernetes cluster."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/pod-enforce-labels/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/pod-enforce-labels/constraint.yaml","values":{"labels":"[parameters(''labelsList'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/46592696-4c7b-4bf3-9e45-6c2763bdc0a6","type":"Microsoft.Authorization/policyDefinitions","name":"46592696-4c7b-4bf3-9e45-6c2763bdc0a6"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Ensure only allowed container images in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy ensures only allowed container images are running in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
@@ -7448,43 +11214,104 @@ interactions:
allowed in Kubernetes cluster. E.g. Regex of azure container registry images
is ^.+azurecr.io/.+$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerAllowedImages","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-allowed-images/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedContainerImagesRegex":"[parameters(''allowedContainerImagesRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5f86cb6e-c4da-441b-807c-44bd0cc14e66","type":"Microsoft.Authorization/policyDefinitions","name":"5f86cb6e-c4da-441b-807c-44bd0cc14e66"},{"properties":{"displayName":"[Limited
- Preview]: Do not allow privileged containers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ Preview]: [AKS] Do not allow privileged containers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy does not allow privileged containers creation in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerNoPrivilege","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-no-privilege/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ce7ac02-a5c6-45d6-8d1b-844feb1c1531","type":"Microsoft.Authorization/policyDefinitions","name":"7ce7ac02-a5c6-45d6-8d1b-844feb1c1531"},{"properties":{"displayName":"[Limited
- Preview]: Ensure CPU and memory resource limits defined on containers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerNoPrivilege","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-no-privilege/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ce7ac02-a5c6-45d6-8d1b-844feb1c1531","type":"Microsoft.Authorization/policyDefinitions","name":"7ce7ac02-a5c6-45d6-8d1b-844feb1c1531"},{"properties":{"displayName":"[Preview]:
+ Manage certificates issued by an integrated CA","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages certificates are issued by a specified key vault integrated
+ Certificate Authority.","metadata":{"category":"Key Vault","preview":true},"parameters":{"allowedCAs":{"type":"Array","metadata":{"displayName":"Allowed
+ Azure Key Vault Supported CAs","description":"The list of allowed certificate
+ authorities supported by Azure Key Vault."},"allowedValues":["DigiCert","GlobalSign"],"defaultValue":["DigiCert","GlobalSign"]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/issuer.name","notIn":"[parameters(''allowedCAs'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82","type":"Microsoft.Authorization/policyDefinitions","name":"8e826246-c976-48f6-b03e-619bb92b3d82"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Do not allow privileged containers in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy does not allow privileged containers creation in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-no-privilege/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-no-privilege/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4","type":"Microsoft.Authorization/policyDefinitions","name":"95edb821-ddaf-4404-9732-666045e056b4"},{"properties":{"displayName":"[Preview]:
+ Manage certificates issued by a non-integrated CA","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages certificates are issued by a specified non-integrated Certificate
+ Authority.","metadata":{"category":"Key Vault","preview":true},"parameters":{"caCommonName":{"type":"String","metadata":{"displayName":"The
+ common name of the certificate authority","description":"The common name (CN)
+ of the Certificate Authority (CA) provider. For example, for an issuer CN
+ = Contoso, OU = .., DC = .., you can specify Contoso"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/issuer.commonName","notContains":"[parameters(''caCommonName'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341","type":"Microsoft.Authorization/policyDefinitions","name":"a22f4a40-01d3-4c7d-8071-da157eeff341"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Ensure CPU and memory resource limits defined on containers
+ in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy ensures CPU and memory resource limits are defined on containers in
an Azure Kubernetes Service cluster. Limited Preview policies only work for
registered subscriptions. To register, please go to https://aka.ms/akspolicyonboarding.
For instruction on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerResourceLimits","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-resource-limits/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2d3ed81-8d11-4079-80a5-1faadc0024f4","type":"Microsoft.Authorization/policyDefinitions","name":"a2d3ed81-8d11-4079-80a5-1faadc0024f4"},{"properties":{"displayName":"[Limited
- Preview]: Enforce internal load balancers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ Preview]: [AKS] Enforce internal load balancers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces load balancers do not have public IPs in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"LoadBalancersInternal","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/loadbalancer-no-publicips/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a74d8f00-2fd9-4ce4-968e-0ee1eb821698","type":"Microsoft.Authorization/policyDefinitions","name":"a74d8f00-2fd9-4ce4-968e-0ee1eb821698"},{"properties":{"displayName":"[Limited
- Preview]: Enforce unique ingress hostnames across namespaces in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"LoadBalancersInternal","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/loadbalancer-no-publicips/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a74d8f00-2fd9-4ce4-968e-0ee1eb821698","type":"Microsoft.Authorization/policyDefinitions","name":"a74d8f00-2fd9-4ce4-968e-0ee1eb821698"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Enforce unique ingress hostnames across namespaces in Kubernetes
+ cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces unique ingress hostnames across namespaces in a Kubernetes
+ cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-hostnames-conflict/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-hostnames-conflict/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b2fd3e59-6390-4f2b-8247-ea676bd03e2d","type":"Microsoft.Authorization/policyDefinitions","name":"b2fd3e59-6390-4f2b-8247-ea676bd03e2d"},{"properties":{"displayName":"[Preview]:
+ Manage allowed curve names for elliptic curve cryptography certificates","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the allowed elliptic curve names for elliptic curve cryptography
+ certificates.","metadata":{"category":"Key Vault","preview":true},"parameters":{"allowedECNames":{"type":"Array","metadata":{"displayName":"Allowed
+ elliptic curve names","description":"The list of allowed curve names for elliptic
+ curve cryptography certificates."},"allowedValues":["P-256","P-256K","P-384","P-521"],"defaultValue":["P-256","P-256K","P-384","P-521"]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType","in":["EC","EC-HSM"]},{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.ellipticCurveName","notIn":"[parameters(''allowedECNames'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf","type":"Microsoft.Authorization/policyDefinitions","name":"bd78111f-4953-4367-9fd5-7e08808b54bf"},{"properties":{"displayName":"[Preview]:
+ Manage minimum key size for RSA certificates","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the minimum key size for RSA certificates.","metadata":{"category":"Key
+ Vault","preview":true},"parameters":{"minimumRSAKeySize":{"type":"Integer","metadata":{"displayName":"Minimum
+ RSA key size","description":"The minimum key size for RSA certificates."},"allowedValues":[2048,3072,4096]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType","in":["RSA","RSA-HSM"]},{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keySize","less":"[parameters(''minimumRSAKeySize'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0","type":"Microsoft.Authorization/policyDefinitions","name":"cee51871-e572-4576-855c-047c820360f0"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Enforce unique ingress hostnames across namespaces in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces unique ingress hostnames across namespaces in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"UniqueIngressHostnames","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-hostnames-conflict/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d011d9f7-ba32-4005-b727-b3d09371ca60","type":"Microsoft.Authorization/policyDefinitions","name":"d011d9f7-ba32-4005-b727-b3d09371ca60"}]}'
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"UniqueIngressHostnames","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-hostnames-conflict/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d011d9f7-ba32-4005-b727-b3d09371ca60","type":"Microsoft.Authorization/policyDefinitions","name":"d011d9f7-ba32-4005-b727-b3d09371ca60"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Ensure container CPU and memory resource limits do not exceed
+ the specified limits in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy ensures container CPU and memory resource limits are defined and do
+ not exceed the specified limits in a Kubernetes cluster. For instructions
+ on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"cpuLimit":{"type":"String","metadata":{"displayName":"Max
+ allowed CPU units","description":"The maximum CPU units allowed for a container.
+ E.g. 200m. For more information, please refer https://aka.ms/k8s-policy-pod-limits"}},"memoryLimit":{"type":"String","metadata":{"displayName":"Max
+ allowed memory bytes","description":"The maximum memory bytes allowed for
+ a container. E.g. 1Gi. For more information, please refer https://aka.ms/k8s-policy-pod-limits"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-resource-limits/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-resource-limits/constraint.yaml","values":{"cpuLimit":"[parameters(''cpuLimit'')]","memoryLimit":"[parameters(''memoryLimit'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e345eecc-fa47-480f-9e88-67dcc122b164","type":"Microsoft.Authorization/policyDefinitions","name":"e345eecc-fa47-480f-9e88-67dcc122b164"},{"properties":{"displayName":"[Preview]:
+ Manage certificates that are within a specified number of days of expiration","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages certificates that are within a specified number of days to
+ their expiration date.","metadata":{"category":"Key Vault","preview":true},"parameters":{"daysToExpire":{"type":"Integer","metadata":{"displayName":"Days
+ to expire","description":"The number of days for a certificate to expire."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/attributes.expiresOn","lessOrEquals":"[addDays(utcNow(),
+ parameters(''daysToExpire''))]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427","type":"Microsoft.Authorization/policyDefinitions","name":"f772fb64-8e40-40ad-87bc-7706e1949427"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Ensure only allowed container images in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy ensures only allowed container images are running in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"allowedContainerImagesRegex":{"type":"String","metadata":{"displayName":"Allowed
+ container images regex","description":"Regex representing container images
+ allowed in a Kubernetes cluster. E.g. Regex for azure container registry images
+ is ^.+azurecr.io/.+$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-images/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-images/constraint.yaml","values":{"allowedContainerImagesRegex":"[parameters(''allowedContainerImagesRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/febd0533-8e55-448f-b837-bd0e06f16469","type":"Microsoft.Authorization/policyDefinitions","name":"febd0533-8e55-448f-b837-bd0e06f16469"}]}'
headers:
cache-control:
- no-cache
content-length:
- - '907940'
+ - '1630719'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:17:18 GMT
+ - Fri, 06 Dec 2019 22:30:11 GMT
expires:
- '-1'
pragma:
@@ -7514,23 +11341,52 @@ interactions:
ParameterSetName:
- --management-group
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions?api-version=2019-09-01
response:
body:
- string: '{"value":[{"properties":{"displayName":"Audit virtual machines without
- disaster recovery configured","policyType":"BuiltIn","mode":"All","description":"Audit
+ string: '{"value":[{"properties":{"displayName":"Microsoft Managed Control 1599
+ - Developer Configuration Management | Software / Firmware Integrity Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1599"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0004bbf0-5099-4179-869e-e9ffe5fb0945","type":"Microsoft.Authorization/policyDefinitions","name":"0004bbf0-5099-4179-869e-e9ffe5fb0945"},{"properties":{"displayName":"Audit
+ virtual machines without disaster recovery configured","policyType":"BuiltIn","mode":"All","description":"Audit
virtual machines which do not have disaster recovery configured. To learn
more about disaster recovery, visit https://aka.ms/asr-doc.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Resources/links","existenceCondition":{"field":"name","like":"ASR-Protect-*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","type":"Microsoft.Authorization/policyDefinitions","name":"0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56"},{"properties":{"displayName":"[Deprecated]:
Audit Web Sockets state for a Function App","policyType":"BuiltIn","mode":"All","description":"The
Web Sockets protocol is vulnerable to different types of security threats.
Use of Web Sockets within an Function app must be carefully reviewed.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd","type":"Microsoft.Authorization/policyDefinitions","name":"001802d1-4969-4c82-a700-c29c6c6f9bbd"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd","type":"Microsoft.Authorization/policyDefinitions","name":"001802d1-4969-4c82-a700-c29c6c6f9bbd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1375 - Incident Response Assistance | Automation Support For
+ Availability Of Information / Support","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1375"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/00379355-8932-4b52-b63a-3bc6daf3451a","type":"Microsoft.Authorization/policyDefinitions","name":"00379355-8932-4b52-b63a-3bc6daf3451a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1605 - Developer Security Testing And Evaluation | Static
+ Code Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1605"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0062eb8b-dc75-4718-8ea5-9bb4a9606655","type":"Microsoft.Authorization/policyDefinitions","name":"0062eb8b-dc75-4718-8ea5-9bb4a9606655"},{"properties":{"displayName":"Microsoft
+ Managed Control 1142 - Security Assessment And Authorization Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1142"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/01524fa8-4555-48ce-ba5f-c3b8dcef5147","type":"Microsoft.Authorization/policyDefinitions","name":"01524fa8-4555-48ce-ba5f-c3b8dcef5147"},{"properties":{"displayName":"Microsoft
+ Managed Control 1099 - Security Training Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1099"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/01910bab-8639-4bd0-84ef-cc53b24d79ba","type":"Microsoft.Authorization/policyDefinitions","name":"01910bab-8639-4bd0-84ef-cc53b24d79ba"},{"properties":{"displayName":"Microsoft
+ Managed Control 1285 - Telecommunications Services | Provider Contingency
+ Plan","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1285"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/01f7726b-db54-45c2-bcb5-9bd7a43796ee","type":"Microsoft.Authorization/policyDefinitions","name":"01f7726b-db54-45c2-bcb5-9bd7a43796ee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1709 - Security Function Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1709"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/025992d6-7fee-4137-9bbf-2ffc39c0686c","type":"Microsoft.Authorization/policyDefinitions","name":"025992d6-7fee-4137-9bbf-2ffc39c0686c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1052 - Session Lock","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1052"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/027cae1c-ec3e-4492-9036-4168d540c42a","type":"Microsoft.Authorization/policyDefinitions","name":"027cae1c-ec3e-4492-9036-4168d540c42a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1034 - Least Privilege","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1034"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02a5ed00-6d2e-4e97-9a98-46c32c057329","type":"Microsoft.Authorization/policyDefinitions","name":"02a5ed00-6d2e-4e97-9a98-46c32c057329"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs on which the remote host connection status
does not match the specified one","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -7538,12 +11394,68 @@ interactions:
auditing Windows virtual machines on which the remote host connection status
does not match the specified one. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsRemoteConnection","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02a84be7-c304-421f-9bb7-5d2c26af54ad","type":"Microsoft.Authorization/policyDefinitions","name":"02a84be7-c304-421f-9bb7-5d2c26af54ad"},{"properties":{"displayName":"SQL
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsRemoteConnection","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02a84be7-c304-421f-9bb7-5d2c26af54ad","type":"Microsoft.Authorization/policyDefinitions","name":"02a84be7-c304-421f-9bb7-5d2c26af54ad"},{"properties":{"displayName":"Microsoft
+ Managed Control 1623 - Boundary Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1623"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02ce1b22-412a-4528-8630-c42146f917ed","type":"Microsoft.Authorization/policyDefinitions","name":"02ce1b22-412a-4528-8630-c42146f917ed"},{"properties":{"displayName":"Microsoft
+ Managed Control 1515 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1515"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02dd141a-a2b2-49a7-bcbd-ca31142f6211","type":"Microsoft.Authorization/policyDefinitions","name":"02dd141a-a2b2-49a7-bcbd-ca31142f6211"},{"properties":{"displayName":"Microsoft
+ Managed Control 1327 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1327"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03188d8f-1ae5-4fe1-974d-2d7d32ef937d","type":"Microsoft.Authorization/policyDefinitions","name":"03188d8f-1ae5-4fe1-974d-2d7d32ef937d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1229 - Information System Component Inventory | No Duplicate
+ Accounting Of Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1229"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03752212-103c-4ab8-a306-7e813022ca9d","type":"Microsoft.Authorization/policyDefinitions","name":"03752212-103c-4ab8-a306-7e813022ca9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1123 - Audit Review, Analysis, And Reporting | Audit Level
+ Adjustment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1123"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03996055-37a4-45a5-8b70-3f1caa45f87d","type":"Microsoft.Authorization/policyDefinitions","name":"03996055-37a4-45a5-8b70-3f1caa45f87d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1474 - Emergency Power | Long-Term Alternate Power Supply
+ - Minimal Operational Capability","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1474"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03ad326e-d7a1-44b1-9a76-e17492efc9e4","type":"Microsoft.Authorization/policyDefinitions","name":"03ad326e-d7a1-44b1-9a76-e17492efc9e4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1227 - Information System Component Inventory | Automated
+ Unauthorized Component Detection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1227"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03b78f5e-4877-4303-b0f4-eb6583f25768","type":"Microsoft.Authorization/policyDefinitions","name":"03b78f5e-4877-4303-b0f4-eb6583f25768"},{"properties":{"displayName":"Microsoft
+ Managed Control 1361 - Incident Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1361"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03ed3be1-7276-4452-9a5d-e4168565ac67","type":"Microsoft.Authorization/policyDefinitions","name":"03ed3be1-7276-4452-9a5d-e4168565ac67"},{"properties":{"displayName":"Microsoft
+ Managed Control 1594 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1594"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/042ba2a1-8bb8-45f4-b080-c78cf62b90e9","type":"Microsoft.Authorization/policyDefinitions","name":"042ba2a1-8bb8-45f4-b080-c78cf62b90e9"},{"properties":{"displayName":"SQL
managed instance TDE protector should be encrypted with your own key","policyType":"BuiltIn","mode":"Indexed","description":"Transparent
Data Encryption (TDE) with your own key support provides increased transparency
and control over the TDE Protector, increased security with an HSM-backed
external service, and promotion of separation of duties.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/encryptionProtector","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/managedInstances/encryptionProtector/serverKeyType","equals":"AzureKeyVault"},{"field":"Microsoft.Sql/managedInstances/encryptionProtector/uri","notEquals":""},{"field":"Microsoft.Sql/managedInstances/encryptionProtector/uri","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","type":"Microsoft.Authorization/policyDefinitions","name":"048248b0-55cd-46da-b1ff-39efd52db260"},{"properties":{"displayName":"[Preview]:
+ Network traffic data collection agent should be installed on Linux virtual
+ machines","policyType":"BuiltIn","mode":"Indexed","description":"Security
+ Center uses the Microsoft Monitoring Dependency Agent to collect network traffic
+ data from your Azure virtual machines to enable advanced network protection
+ features such as traffic visualization on the network map, network hardening
+ recommendations and specific network threats.","metadata":{"category":"Monitoring","preview":"true"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable Dependency Agent for Linux VMs monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/04c4380f-3fae-46e8-96c9-30193528f602","type":"Microsoft.Authorization/policyDefinitions","name":"04c4380f-3fae-46e8-96c9-30193528f602"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Service Bus to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Service Bus to stream to a regional Log Analytics
+ workspace when any Service Bus which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.ServiceBus/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e","type":"Microsoft.Authorization/policyDefinitions","name":"04d53d87-841c-4f23-8a5b-21564380b55e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1572 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1572"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/04f5fb00-80bb-48a9-a75b-4cb4d4c97c36","type":"Microsoft.Authorization/policyDefinitions","name":"04f5fb00-80bb-48a9-a75b-4cb4d4c97c36"},{"properties":{"displayName":"[Preview]:
Deploy Log Analytics Agent for Linux VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined
and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log
@@ -7556,7 +11468,10 @@ interactions:
''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77","type":"Microsoft.Authorization/policyDefinitions","name":"053d3325-282c-4e5c-b944-24faffd30d77"},{"properties":{"displayName":"Vulnerability
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77","type":"Microsoft.Authorization/policyDefinitions","name":"053d3325-282c-4e5c-b944-24faffd30d77"},{"properties":{"displayName":"Microsoft
+ Managed Control 1331 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1331"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05460fe2-301f-4ed1-8174-d62c8bb92ff4","type":"Microsoft.Authorization/policyDefinitions","name":"05460fe2-301f-4ed1-8174-d62c8bb92ff4"},{"properties":{"displayName":"Vulnerability
Assessment settings for SQL server should contain an email address to receive
scan reports","policyType":"BuiltIn","mode":"Indexed","description":"Ensure
that an email address is provided for the ''Send scan reports to'' field in
@@ -7569,12 +11484,44 @@ interactions:
your network is compromised","metadata":{"category":"Data Lake"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","type":"Microsoft.Authorization/policyDefinitions","name":"057ef27e-665e-4328-8ea3-04b3122bd9fb"},{"properties":{"displayName":"[Deprecated]:
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","type":"Microsoft.Authorization/policyDefinitions","name":"057ef27e-665e-4328-8ea3-04b3122bd9fb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1132 - Protection Of Audit Information | Audit Backup On Separate
+ Physical Systems / Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1132"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05938e10-cdbd-4a54-9b2b-1cbcfc141ad0","type":"Microsoft.Authorization/policyDefinitions","name":"05938e10-cdbd-4a54-9b2b-1cbcfc141ad0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1223 - Information System Component Inventory","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1223"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a","type":"Microsoft.Authorization/policyDefinitions","name":"05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1640 - Transmission Confidentiality And Integrity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1640"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05a289ce-6a20-4b75-a0f3-dc8601b6acd0","type":"Microsoft.Authorization/policyDefinitions","name":"05a289ce-6a20-4b75-a0f3-dc8601b6acd0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1420 - Maintenance Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1420"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05ae08cc-a282-413b-90c7-21a2c60b8404","type":"Microsoft.Authorization/policyDefinitions","name":"05ae08cc-a282-413b-90c7-21a2c60b8404"},{"properties":{"displayName":"Microsoft
+ Managed Control 1658 - Secure Name / Address Resolution Service (Recursive
+ Or Caching Resolver)","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1658"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/063b540e-4bdc-4e7a-a569-3a42ddf22098","type":"Microsoft.Authorization/policyDefinitions","name":"063b540e-4bdc-4e7a-a569-3a42ddf22098"},{"properties":{"displayName":"Microsoft
+ Managed Control 1688 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1688"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/063c3f09-e0f0-4587-8fd5-f4276fae675f","type":"Microsoft.Authorization/policyDefinitions","name":"063c3f09-e0f0-4587-8fd5-f4276fae675f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1332 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1332"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/068260be-a5e6-4b0a-a430-cd27071c226a","type":"Microsoft.Authorization/policyDefinitions","name":"068260be-a5e6-4b0a-a430-cd27071c226a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1455 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1455"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/068a88d4-e520-434e-baf0-9005a8164e6a","type":"Microsoft.Authorization/policyDefinitions","name":"068a88d4-e520-434e-baf0-9005a8164e6a"},{"properties":{"displayName":"[Deprecated]:
Audit SQL DB Level Audit Setting","policyType":"BuiltIn","mode":"All","description":"Audit
DB level audit setting for SQL databases","metadata":{"category":"SQL","deprecated":true},"parameters":{"setting":{"type":"String","metadata":{"displayName":"Audit
Setting"},"allowedValues":["enabled","disabled"]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Sql/servers/databases/auditingSettings","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/auditingSettings.state","equals":"[parameters(''setting'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"Audit
VMs that do not use managed disks","policyType":"BuiltIn","mode":"All","description":"This
- policy audits VMs that do not use managed disks","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/virtualMachines/osDisk.uri","exists":"True"}]},{"allOf":[{"field":"type","equals":"Microsoft.Compute/VirtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers","exists":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl","exists":"True"}]}]}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a4d"},{"properties":{"displayName":"CORS
+ policy audits VMs that do not use managed disks","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/virtualMachines/osDisk.uri","exists":"True"}]},{"allOf":[{"field":"type","equals":"Microsoft.Compute/VirtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers","exists":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl","exists":"True"}]}]}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a4d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1366 - Incident Handling | Information Correlation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1366"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06c45c30-ae44-4f0f-82be-41331da911cc","type":"Microsoft.Authorization/policyDefinitions","name":"06c45c30-ae44-4f0f-82be-41331da911cc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1633 - Boundary Protection | Route Traffic To Authenticated
+ Proxy Servers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1633"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/07557aa0-e02f-4460-9a81-8ecd2fed601a","type":"Microsoft.Authorization/policyDefinitions","name":"07557aa0-e02f-4460-9a81-8ecd2fed601a"},{"properties":{"displayName":"CORS
should not allow every resource to access your Function Apps","policyType":"BuiltIn","mode":"Indexed","description":"Cross-Origin
Resource Sharing (CORS) should not allow all domains to access your Function
app. Allow only required domains to interact with your Function app.","metadata":{"category":"App
@@ -7593,12 +11540,30 @@ interactions:
''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c","type":"Microsoft.Authorization/policyDefinitions","name":"0868462e-646c-4fe3-9ced-a733534b6a2c"},{"properties":{"displayName":"[Deprecated]:
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c","type":"Microsoft.Authorization/policyDefinitions","name":"0868462e-646c-4fe3-9ced-a733534b6a2c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1583 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1583"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0882d488-8e80-4466-bc0f-0cd15b6cb66d","type":"Microsoft.Authorization/policyDefinitions","name":"0882d488-8e80-4466-bc0f-0cd15b6cb66d"},{"properties":{"displayName":"[Deprecated]:
Audit Web Applications that are not using latest supported PHP Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported PHP version for the latest security classes. Using older
classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c","type":"Microsoft.Authorization/policyDefinitions","name":"08b17839-76c6-4015-90e0-33d9d54d219c"},{"properties":{"displayName":"Network
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c","type":"Microsoft.Authorization/policyDefinitions","name":"08b17839-76c6-4015-90e0-33d9d54d219c"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Search Services to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Search Services to stream to a regional Log Analytics
+ workspace when any Search Services which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Search/searchServices/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d","type":"Microsoft.Authorization/policyDefinitions","name":"08ba64b8-738f-4918-9686-730d2ed79c7d"},{"properties":{"displayName":"Network
Security Group Rules for Internet facing virtual machines should be hardened","policyType":"BuiltIn","mode":"Indexed","description":"Azure
Security Center analyzes the traffic patterns of Internet facing virtual machines
and provides Network Security Group rule recommendations that reduce the potential
@@ -7607,11 +11572,50 @@ interactions:
should be more than one owner assigned to your subscription","policyType":"BuiltIn","mode":"All","description":"It
is recommended to designate more than one subscription owner in order to have
administrator access redundancy.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateMoreThanOneOwner","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","type":"Microsoft.Authorization/policyDefinitions","name":"09024ccc-0c5f-475e-9457-b7c0d9ed487b"},{"properties":{"displayName":"Disk
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateMoreThanOneOwner","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","type":"Microsoft.Authorization/policyDefinitions","name":"09024ccc-0c5f-475e-9457-b7c0d9ed487b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1159 - Security Authorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1159"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0925f098-7877-450b-8ba4-d1e55f2d8795","type":"Microsoft.Authorization/policyDefinitions","name":"0925f098-7877-450b-8ba4-d1e55f2d8795"},{"properties":{"displayName":"Disk
encryption should be applied on virtual machines","policyType":"BuiltIn","mode":"All","description":"VMs
without an enabled disk encryption will be monitored by Azure Security Center
as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","type":"Microsoft.Authorization/policyDefinitions","name":"0961003e-5a0a-4549-abde-af6a37f2724d"},{"properties":{"displayName":"Audit
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","type":"Microsoft.Authorization/policyDefinitions","name":"0961003e-5a0a-4549-abde-af6a37f2724d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1302 - Identification And Authentication (Org. Users) | Network
+ Access To Non-Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1302"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09828c65-e323-422b-9774-9d5c646124da","type":"Microsoft.Authorization/policyDefinitions","name":"09828c65-e323-422b-9774-9d5c646124da"},{"properties":{"displayName":"Configure
+ backup on VMs of a location to an existing central Vault in the same location","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy configures Azure Backup protection on VMs in a given location to an
+ existing central vault in the same location. It applies to only those VMs
+ that are not already configured for backup. It is recommended that this policy
+ is assigned to not more than 200 VMs. If the policy is assigned for more than
+ 200 VMs, it can result in the backup getting triggered a few hours beyond
+ the defined schedule. This policy will be enhanced to support more VM images.","metadata":{"category":"Backup"},"parameters":{"vaultLocation":{"type":"String","metadata":{"displayName":"Location
+ (Specify the location of the VMs that you want to protect)","description":"Specify
+ the location of the VMs that you want to protect. VMs should be backed up
+ to a vault in the same location.\nFor example - southeastasia","strongType":"location"}},"backupPolicyId":{"type":"String","metadata":{"displayName":"Backup
+ Policy (of type Azure VM from a vault in the location chosen above)","description":"Specify
+ the id of the Azure backup policy to configure backup of the virtual machines.
+ The selected Azure backup policy should be of type Azure virtual machine.
+ This policy needs to be in a vault that is present in the location chosen
+ above.\nFor example - /subscriptions//resourceGroups//providers/Microsoft.RecoveryServices/vaults//backupPolicies/","strongType":"Microsoft.RecoveryServices/vaults/backupPolicies"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["deployIfNotExists","auditIfNotExists","disabled"],"defaultValue":"deployIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"location","equals":"[parameters(''vaultLocation'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c","/providers/microsoft.authorization/roleDefinitions/5e467623-bb1f-42f4-a55d-6e525e11384b"],"type":"Microsoft.RecoveryServices/backupprotecteditems","deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"backupPolicyId":{"type":"String"},"fabricName":{"type":"String"},"protectionContainers":{"type":"String"},"protectedItems":{"type":"String"},"sourceResourceId":{"type":"String"}},"resources":[{"apiVersion":"2017-05-10","name":"[concat(''DeployProtection-'',uniqueString(parameters(''protectedItems'')))]","type":"Microsoft.Resources/deployments","resourceGroup":"[first(skip(split(parameters(''backupPolicyId''),
+ ''/''), 4))]","subscriptionId":"[first(skip(split(parameters(''backupPolicyId''),
+ ''/''), 2))]","properties":{"mode":"Incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"backupPolicyId":{"type":"String"},"fabricName":{"type":"String"},"protectionContainers":{"type":"String"},"protectedItems":{"type":"String"},"sourceResourceId":{"type":"String"}},"resources":[{"type":"Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems","name":"[concat(first(skip(split(parameters(''backupPolicyId''),
+ ''/''), 8)), ''/'', parameters(''fabricName''), ''/'',parameters(''protectionContainers''),
+ ''/'', parameters(''protectedItems''))]","apiVersion":"2016-06-01","properties":{"protectedItemType":"Microsoft.Compute/virtualMachines","policyId":"[parameters(''backupPolicyId'')]","sourceResourceId":"[parameters(''sourceResourceId'')]"}}]},"parameters":{"backupPolicyId":{"value":"[parameters(''backupPolicyId'')]"},"fabricName":{"value":"[parameters(''fabricName'')]"},"protectionContainers":{"value":"[parameters(''protectionContainers'')]"},"protectedItems":{"value":"[parameters(''protectedItems'')]"},"sourceResourceId":{"value":"[parameters(''sourceResourceId'')]"}}}}]},"parameters":{"backupPolicyId":{"value":"[parameters(''backupPolicyId'')]"},"fabricName":{"value":"Azure"},"protectionContainers":{"value":"[concat(''iaasvmcontainer;iaasvmcontainerv2;'',
+ resourceGroup().name, '';'' ,field(''name''))]"},"protectedItems":{"value":"[concat(''vm;iaasvmcontainerv2;'',
+ resourceGroup().name, '';'' ,field(''name''))]"},"sourceResourceId":{"value":"[concat(''/subscriptions/'',
+ subscription().subscriptionId, ''/resourceGroups/'', resourceGroup().name,
+ ''/providers/Microsoft.Compute/virtualMachines/'',field(''name''))]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09ce66bc-1220-4153-8104-e3f51c936913","type":"Microsoft.Authorization/policyDefinitions","name":"09ce66bc-1220-4153-8104-e3f51c936913"},{"properties":{"displayName":"Microsoft
+ Managed Control 1654 - Voice Over Internet Protocol","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1654"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a2ee16e-ab1f-414a-800b-d1608835862b","type":"Microsoft.Authorization/policyDefinitions","name":"0a2ee16e-ab1f-414a-800b-d1608835862b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1402 - Controlled Maintenance | Automated Maintenance Activities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1402"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a560d32-8075-4fec-9615-9f7c853f4ea9","type":"Microsoft.Authorization/policyDefinitions","name":"0a560d32-8075-4fec-9615-9f7c853f4ea9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1428 - Media Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1428"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a77fcc7-b8d8-451a-ab52-56197913c0c7","type":"Microsoft.Authorization/policyDefinitions","name":"0a77fcc7-b8d8-451a-ab52-56197913c0c7"},{"properties":{"displayName":"Audit
resource location matches resource group location","policyType":"BuiltIn","mode":"Indexed","description":"Audit
that the resource location matches its resource group location","metadata":{"category":"General"},"policyRule":{"if":{"field":"location","notIn":["[resourcegroup().location]","global"]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a","type":"Microsoft.Authorization/policyDefinitions","name":"0a914e76-4921-4c19-b460-a2d36003525a"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
@@ -7624,13 +11628,26 @@ interactions:
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesAccountManagement","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesAccountManagement"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29","type":"Microsoft.Authorization/policyDefinitions","name":"0a9991e6-21be-49f9-8916-a06d934bcf29"},{"properties":{"displayName":"Email
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29","type":"Microsoft.Authorization/policyDefinitions","name":"0a9991e6-21be-49f9-8916-a06d934bcf29"},{"properties":{"displayName":"Microsoft
+ Managed Control 1044 - Unsuccessful Logon Attempts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1044"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0abbac52-57cf-450d-8408-1208d0dd9e90","type":"Microsoft.Authorization/policyDefinitions","name":"0abbac52-57cf-450d-8408-1208d0dd9e90"},{"properties":{"displayName":"Microsoft
+ Managed Control 1253 - Contingency Plan | Resume Essential Missions / Business
+ Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1253"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0afce0b3-dd9f-42bb-af28-1e4284ba8311","type":"Microsoft.Authorization/policyDefinitions","name":"0afce0b3-dd9f-42bb-af28-1e4284ba8311"},{"properties":{"displayName":"Email
notification to subscription owner for high severity alerts should be enabled","policyType":"BuiltIn","mode":"All","description":"Enable
emailing security alerts to the subscription owner, in order to have them
receive security alert emails from Microsoft. This ensures that they are aware
of any potential security issues and can mitigate the risk in a timely fashion","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertsToAdmins","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","type":"Microsoft.Authorization/policyDefinitions","name":"0b15565f-aa9e-48ba-8619-45960f2c314d"},{"properties":{"displayName":"Key
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertsToAdmins","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","type":"Microsoft.Authorization/policyDefinitions","name":"0b15565f-aa9e-48ba-8619-45960f2c314d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1046 - Automatic Account Lock | Purge / Wipe Mobile Device","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1046"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b1aa965-7502-41f9-92be-3e2fe7cc392a","type":"Microsoft.Authorization/policyDefinitions","name":"0b1aa965-7502-41f9-92be-3e2fe7cc392a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1020 - Account Management | Role-Based Schemes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1020"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b291ee8-3140-4cad-beb7-568c077c78ce","type":"Microsoft.Authorization/policyDefinitions","name":"0b291ee8-3140-4cad-beb7-568c077c78ce"},{"properties":{"displayName":"Key
Vault objects should be recoverable","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits if key vault objects are not recoverable. Soft Delete feature
helps to effectively hold the resources for a given retention period (90 days)
@@ -7639,19 +11656,51 @@ interactions:
state cannot be purged until the retention period of 90 days has passed. These
vaults and objects can still be recovered, assuring customers that the retention
policy will be followed.","metadata":{"category":"Key Vault"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"anyOf":[{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","equals":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","type":"Microsoft.Authorization/policyDefinitions","name":"0b60c0b2-2dc2-4e1c-b5c9-abbed971de53"},{"properties":{"displayName":"SQL
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"anyOf":[{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","equals":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","type":"Microsoft.Authorization/policyDefinitions","name":"0b60c0b2-2dc2-4e1c-b5c9-abbed971de53"},{"properties":{"displayName":"Microsoft
+ Managed Control 1115 - Audit Review, Analysis, And Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1115"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b653845-2ad9-4e09-a4f3-5a7c1d78353d","type":"Microsoft.Authorization/policyDefinitions","name":"0b653845-2ad9-4e09-a4f3-5a7c1d78353d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1239 - User-Installed Software","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1239"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0be51298-f643-4556-88af-d7db90794879","type":"Microsoft.Authorization/policyDefinitions","name":"0be51298-f643-4556-88af-d7db90794879"},{"properties":{"displayName":"Ensure
+ API app has ''Client Certificates (Incoming client certificates)'' set to
+ ''On''","policyType":"BuiltIn","mode":"Indexed","description":"Client certificates
+ allow for the app to request a certificate for incoming requests. Only clients
+ that have a valid certificate will be able to reach the app.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"},{"field":"Microsoft.Web/sites/clientCertEnabled","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886","type":"Microsoft.Authorization/policyDefinitions","name":"0c192fe8-9cbb-4516-85b3-0ade8bd03886"},{"properties":{"displayName":"Microsoft
+ Managed Control 1496 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1496"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0ca96127-2f87-46ab-a4fc-0d2a786df1c8","type":"Microsoft.Authorization/policyDefinitions","name":"0ca96127-2f87-46ab-a4fc-0d2a786df1c8"},{"properties":{"displayName":"SQL
server TDE protector should be encrypted with your own key","policyType":"BuiltIn","mode":"Indexed","description":"Transparent
Data Encryption (TDE) with your own key support provides increased transparency
and control over the TDE Protector, increased security with an HSM-backed
external service, and promotion of separation of duties.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/encryptionProtector","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/servers/encryptionProtector/serverKeyType","equals":"AzureKeyVault"},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","notEquals":""},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","type":"Microsoft.Authorization/policyDefinitions","name":"0d134df8-db83-46fb-ad72-fe0c9428c8dd"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/encryptionProtector","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/servers/encryptionProtector/serverKeyType","equals":"AzureKeyVault"},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","notEquals":""},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","type":"Microsoft.Authorization/policyDefinitions","name":"0d134df8-db83-46fb-ad72-fe0c9428c8dd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1518 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1518"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d58f734-c052-40e9-8b2f-a1c2bff0b815","type":"Microsoft.Authorization/policyDefinitions","name":"0d58f734-c052-40e9-8b2f-a1c2bff0b815"},{"properties":{"displayName":"Microsoft
+ Managed Control 1713 - Software, Firmware, And Information Integrity | Integrity
+ Checks","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1713"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d87c70b-5012-48e9-994b-e70dd4b8def0","type":"Microsoft.Authorization/policyDefinitions","name":"0d87c70b-5012-48e9-994b-e70dd4b8def0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1466 - Visitor Access Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1466"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d943a9c-a6f1-401f-a792-740cdb09c451","type":"Microsoft.Authorization/policyDefinitions","name":"0d943a9c-a6f1-401f-a792-740cdb09c451"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs on which Windows Defender Exploit Guard
is not enabled","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines on which Windows Defender Exploit Guard is not enabled. For
more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDefenderExploitGuard","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053","type":"Microsoft.Authorization/policyDefinitions","name":"0d9b45ff-9ddd-43fc-bf59-fbd1c8423053"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDefenderExploitGuard","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053","type":"Microsoft.Authorization/policyDefinitions","name":"0d9b45ff-9ddd-43fc-bf59-fbd1c8423053"},{"properties":{"displayName":"Managed
+ identity should be used in your Function App","policyType":"BuiltIn","mode":"Indexed","description":"Use
+ a managed identity for enhanced authentication security","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f","type":"Microsoft.Authorization/policyDefinitions","name":"0da106f2-4ca3-48e8-bc85-c638fe6aea8f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1718 - Software, Firmware, And Information Integrity | Binary
+ Or Machine Executable Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1718"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0dced7ab-9ce5-4137-93aa-14c13e06ab17","type":"Microsoft.Authorization/policyDefinitions","name":"0dced7ab-9ce5-4137-93aa-14c13e06ab17"},{"properties":{"displayName":"[Preview]:
Authorized IP ranges should be defined on Kubernetes Services","policyType":"BuiltIn","mode":"All","description":"Restrict
access to the Kubernetes Service Management API by granting API access only
to IP addresses in specific ranges. It is recommended to limit access to authorized
@@ -7661,7 +11710,42 @@ interactions:
debugging should be turned off for Function Apps","policyType":"BuiltIn","mode":"Indexed","description":"Remote
debugging requires inbound ports to be opened on an function app. Remote debugging
should be turned off.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","type":"Microsoft.Authorization/policyDefinitions","name":"0e60b895-3786-45da-8377-9c6b4b6ac5f9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","type":"Microsoft.Authorization/policyDefinitions","name":"0e60b895-3786-45da-8377-9c6b4b6ac5f9"},{"properties":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for MariaDB","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure Database for MariaDB with geo-redundant backup not
+ enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMariaDB/servers"},{"field":"Microsoft.DBforMariaDB/servers/storageProfile.geoRedundantBackup","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","type":"Microsoft.Authorization/policyDefinitions","name":"0ec47710-77ff-4a3d-9181-6aa50af424d0"},{"properties":{"displayName":"Deploy
+ prerequisites to enable Guest Configuration Policy on Windows VMs.","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a system-assigned managed identity and deploys the VM extension
+ for Guest Configuration on Windows VMs. This is a prerequisites for Guest
+ Configuration Policy and must be assigned to the scope before using any Guest
+ Configuration policy. For more information on Guest Configuration policies,
+ please visit https://aka.ms/gcpol.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.Compute/virtualMachines/extensions","name":"AzurePolicyforWindows","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.GuestConfiguration"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"ConfigurationforWindows"}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"resources":[{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}}}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0ecd903d-91e7-4726-83d3-a229d7f2e293","type":"Microsoft.Authorization/policyDefinitions","name":"0ecd903d-91e7-4726-83d3-a229d7f2e293"},{"properties":{"displayName":"Microsoft
+ Managed Control 1601 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1601"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e","type":"Microsoft.Authorization/policyDefinitions","name":"0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1476 - Fire Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1476"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f3c4ac2-3e35-4906-a80b-473b12a622d7","type":"Microsoft.Authorization/policyDefinitions","name":"0f3c4ac2-3e35-4906-a80b-473b12a622d7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1204 - Access Restrictions For Change | Review System Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1204"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f4f6750-d1ab-4a4c-8dfd-af3237682665","type":"Microsoft.Authorization/policyDefinitions","name":"0f4f6750-d1ab-4a4c-8dfd-af3237682665"},{"properties":{"displayName":"Microsoft
+ Managed Control 1430 - Media Marking","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1430"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f559588-5e53-4b14-a7c4-85d28ebc2234","type":"Microsoft.Authorization/policyDefinitions","name":"0f559588-5e53-4b14-a7c4-85d28ebc2234"},{"properties":{"displayName":"Microsoft
+ Managed Control 1574 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1574"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f935dab-83d6-47b8-85ef-68b8584161b9","type":"Microsoft.Authorization/policyDefinitions","name":"0f935dab-83d6-47b8-85ef-68b8584161b9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1164 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1164"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0fb8d3ce-9e96-481c-9c68-88d4e3019310","type":"Microsoft.Authorization/policyDefinitions","name":"0fb8d3ce-9e96-481c-9c68-88d4e3019310"},{"properties":{"displayName":"Microsoft
+ Managed Control 1017 - Account Management | Inactivity Logout","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1017"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0fc3db37-e59a-48c1-84e9-1780cedb409e","type":"Microsoft.Authorization/policyDefinitions","name":"0fc3db37-e59a-48c1-84e9-1780cedb409e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1087 - Security Awareness And Training Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1087"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/100c82ba-42e9-4d44-a2ba-94b209248583","type":"Microsoft.Authorization/policyDefinitions","name":"100c82ba-42e9-4d44-a2ba-94b209248583"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not contain the specified
certificates in Trusted Root","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows VMs that
@@ -7682,10 +11766,27 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprints'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/106ccbe4-a791-4f33-a44a-06796944b8d5","type":"Microsoft.Authorization/policyDefinitions","name":"106ccbe4-a791-4f33-a44a-06796944b8d5"},{"properties":{"displayName":"Custom
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/106ccbe4-a791-4f33-a44a-06796944b8d5","type":"Microsoft.Authorization/policyDefinitions","name":"106ccbe4-a791-4f33-a44a-06796944b8d5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1554 - Vulnerability Scanning | Discoverable Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1554"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/10984b4e-c93e-48d7-bf20-9c03b04e9eca","type":"Microsoft.Authorization/policyDefinitions","name":"10984b4e-c93e-48d7-bf20-9c03b04e9eca"},{"properties":{"displayName":"Ensure
+ that ''.Net Framework'' version is the latest, if used as a part of the Function
+ App","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for .Net Framework software either due to security
+ flaws or to include additional functionality. Using the latest .Net framework
+ version for web apps is recommended in order to to take advantage of security
+ fixes, if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.netFrameworkVersion","in":["v3.0","v4.0"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/10c1859c-e1a7-4df3-ab97-a487fa8059f6","type":"Microsoft.Authorization/policyDefinitions","name":"10c1859c-e1a7-4df3-ab97-a487fa8059f6"},{"properties":{"displayName":"Custom
subscription owner roles should not exist","policyType":"BuiltIn","mode":"All","description":"This
policy ensures that no custom subscription owner roles exist.","metadata":{"category":"General"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Authorization/roleDefinitions"},{"field":"Microsoft.Authorization/roleDefinitions/type","equals":"CustomRole"},{"anyOf":[{"not":{"field":"Microsoft.Authorization/roleDefinitions/permissions[*].actions[*]","notEquals":"*"}},{"not":{"field":"Microsoft.Authorization/roleDefinitions/permissions.actions[*]","notEquals":"*"}}]},{"not":{"field":"Microsoft.Authorization/roleDefinitions/assignableScopes[*]","notIn":["[concat(subscription().id,''/'')]","[subscription().id]","/"]}},{"not":{"field":"Microsoft.Authorization/roleDefinitions/assignableScopes[*]","notLike":"/providers/Microsoft.Management/*"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","type":"Microsoft.Authorization/policyDefinitions","name":"10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Authorization/roleDefinitions"},{"field":"Microsoft.Authorization/roleDefinitions/type","equals":"CustomRole"},{"anyOf":[{"not":{"field":"Microsoft.Authorization/roleDefinitions/permissions[*].actions[*]","notEquals":"*"}},{"not":{"field":"Microsoft.Authorization/roleDefinitions/permissions.actions[*]","notEquals":"*"}}]},{"not":{"field":"Microsoft.Authorization/roleDefinitions/assignableScopes[*]","notIn":["[concat(subscription().id,''/'')]","[subscription().id]","/"]}},{"not":{"field":"Microsoft.Authorization/roleDefinitions/assignableScopes[*]","notLike":"/providers/Microsoft.Management/*"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","type":"Microsoft.Authorization/policyDefinitions","name":"10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1230 - Configuration Management Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1230"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11158848-f679-4e9b-aa7b-9fb07d945071","type":"Microsoft.Authorization/policyDefinitions","name":"11158848-f679-4e9b-aa7b-9fb07d945071"},{"properties":{"displayName":"Microsoft
+ Managed Control 1432 - Media Storage","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1432"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1140e542-b80d-4048-af45-3f7245be274b","type":"Microsoft.Authorization/policyDefinitions","name":"1140e542-b80d-4048-af45-3f7245be274b"},{"properties":{"displayName":"[Preview]:
Audit Dependency Agent Deployment - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports
VMs as non-compliant if the VM Image (OS) is not in the list defined and the
agent is not installed. The list of OS images will be updated over time as
@@ -7693,7 +11794,16 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","type":"Microsoft.Authorization/policyDefinitions","name":"11ac78e3-31bc-4f0c-8434-37ab963cea07"},{"properties":{"displayName":"[Preview]:
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","type":"Microsoft.Authorization/policyDefinitions","name":"11ac78e3-31bc-4f0c-8434-37ab963cea07"},{"properties":{"displayName":"Microsoft
+ Managed Control 1655 - Voice Over Internet Protocol","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1655"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/121eab72-390e-4629-a7e2-6d6184f57c6b","type":"Microsoft.Authorization/policyDefinitions","name":"121eab72-390e-4629-a7e2-6d6184f57c6b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1681 - Malicious Code Protection | Automatic Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1681"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12623e7e-4736-4b2e-b776-c1600f35f93a","type":"Microsoft.Authorization/policyDefinitions","name":"12623e7e-4736-4b2e-b776-c1600f35f93a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1240 - User-Installed Software","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1240"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/129eb39f-d79a-4503-84cd-92f036b5e429","type":"Microsoft.Authorization/policyDefinitions","name":"129eb39f-d79a-4503-84cd-92f036b5e429"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- System objects''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -7704,7 +11814,10 @@ interactions:
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsSystemobjects","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsSystemobjects"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12ae2d24-3805-4b37-9fa9-465968bfbcfa","type":"Microsoft.Authorization/policyDefinitions","name":"12ae2d24-3805-4b37-9fa9-465968bfbcfa"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12ae2d24-3805-4b37-9fa9-465968bfbcfa","type":"Microsoft.Authorization/policyDefinitions","name":"12ae2d24-3805-4b37-9fa9-465968bfbcfa"},{"properties":{"displayName":"Microsoft
+ Managed Control 1666 - System And Information Integrity Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1666"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12e30ee3-61e6-4509-8302-a871e8ebb91e","type":"Microsoft.Authorization/policyDefinitions","name":"12e30ee3-61e6-4509-8302-a871e8ebb91e"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that do not have the specified applications
installed","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Windows virtual machines
@@ -7724,7 +11837,26 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]bwhitelistedapp;Name","value":"[parameters(''installedApplication'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6","type":"Microsoft.Authorization/policyDefinitions","name":"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6","type":"Microsoft.Authorization/policyDefinitions","name":"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1347 - Identification And Authentication (Non-Org. Users)
+ | Acceptance Of PIV Creds. From Other Agys.","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1347"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/131a2706-61e9-4916-a164-00e052056462","type":"Microsoft.Authorization/policyDefinitions","name":"131a2706-61e9-4916-a164-00e052056462"},{"properties":{"displayName":"Microsoft
+ Managed Control 1450 - Physical Access Authorizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1450"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/134d7a13-ba3e-41e2-b236-91bfcfa24e01","type":"Microsoft.Authorization/policyDefinitions","name":"134d7a13-ba3e-41e2-b236-91bfcfa24e01"},{"properties":{"displayName":"Microsoft
+ Managed Control 1184 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1184"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/13579d0e-0ab0-4b26-b0fb-d586f6d7ed20","type":"Microsoft.Authorization/policyDefinitions","name":"13579d0e-0ab0-4b26-b0fb-d586f6d7ed20"},{"properties":{"displayName":"Microsoft
+ Managed Control 1085 - Publicly Accessible Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1085"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/13d117e0-38b0-4bbb-aaab-563be5dd10ba","type":"Microsoft.Authorization/policyDefinitions","name":"13d117e0-38b0-4bbb-aaab-563be5dd10ba"},{"properties":{"displayName":"Microsoft
+ Managed Control 1404 - Maintenance Tools","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1404"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/13d8f903-0cd6-449f-a172-50f6579c182b","type":"Microsoft.Authorization/policyDefinitions","name":"13d8f903-0cd6-449f-a172-50f6579c182b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1695 - Information System Monitoring | Wireless Intrusion
+ Detection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1695"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/13fcf812-ec82-4eda-9b89-498de9efd620","type":"Microsoft.Authorization/policyDefinitions","name":"13fcf812-ec82-4eda-9b89-498de9efd620"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs in which the Administrators group contains
any of the specified members","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -7744,7 +11876,15 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToExclude","value":"[parameters(''MembersToExclude'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","type":"Microsoft.Authorization/policyDefinitions","name":"144f1397-32f9-4598-8c88-118decc3ccba"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","type":"Microsoft.Authorization/policyDefinitions","name":"144f1397-32f9-4598-8c88-118decc3ccba"},{"properties":{"displayName":"Microsoft
+ Managed Control 1157 - Plan Of Action And Milestones","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1157"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/15495367-cf68-464c-bbc3-f53ca5227b7a","type":"Microsoft.Authorization/policyDefinitions","name":"15495367-cf68-464c-bbc3-f53ca5227b7a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1491 - Security Planning Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1491"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1571dd40-dafc-4ef4-8f55-16eba27efc7b","type":"Microsoft.Authorization/policyDefinitions","name":"1571dd40-dafc-4ef4-8f55-16eba27efc7b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1564 - System Development Life Cycle","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1564"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/157f0ef9-143f-496d-b8f9-f8c8eeaad801","type":"Microsoft.Authorization/policyDefinitions","name":"157f0ef9-143f-496d-b8f9-f8c8eeaad801"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not have a minimum password
age of 1 day","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -7752,24 +11892,70 @@ interactions:
managed identity and deploys the VM extension for Guest Configuration. This
policy should only be used along with its corresponding audit policy in an
initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","type":"Microsoft.Authorization/policyDefinitions","name":"16390df4-2f73-4b42-af13-c801066763df"},{"properties":{"displayName":"Show
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","type":"Microsoft.Authorization/policyDefinitions","name":"16390df4-2f73-4b42-af13-c801066763df"},{"properties":{"displayName":"Microsoft
+ Managed Control 1662 - Fail In Known State","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1662"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/165cb91f-7ea8-4ab7-beaf-8636b98c9d15","type":"Microsoft.Authorization/policyDefinitions","name":"165cb91f-7ea8-4ab7-beaf-8636b98c9d15"},{"properties":{"displayName":"Microsoft
+ Managed Control 1684 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1684"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16bfdb59-db38-47a5-88a9-2e9371a638cf","type":"Microsoft.Authorization/policyDefinitions","name":"16bfdb59-db38-47a5-88a9-2e9371a638cf"},{"properties":{"displayName":"Show
audit results from Windows VMs that do not have the specified Windows PowerShell
modules installed","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that do not have the specified Windows PowerShell
modules installed. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellModules","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16f9b37c-4408-4c30-bc17-254958f2e2d6","type":"Microsoft.Authorization/policyDefinitions","name":"16f9b37c-4408-4c30-bc17-254958f2e2d6"},{"properties":{"displayName":"Transparent
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellModules","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16f9b37c-4408-4c30-bc17-254958f2e2d6","type":"Microsoft.Authorization/policyDefinitions","name":"16f9b37c-4408-4c30-bc17-254958f2e2d6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1103 - Audit Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1103"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16feeb31-6377-437e-bbab-d7f73911896d","type":"Microsoft.Authorization/policyDefinitions","name":"16feeb31-6377-437e-bbab-d7f73911896d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1007 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1007"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17200329-bf6c-46d8-ac6d-abf4641c2add","type":"Microsoft.Authorization/policyDefinitions","name":"17200329-bf6c-46d8-ac6d-abf4641c2add"},{"properties":{"displayName":"Microsoft
+ Managed Control 1349 - Identification And Authentication (Non-Org. Users)
+ | Use Of FICAM-Approved Products","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1349"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17641f70-94cd-4a5d-a613-3d1143e20e34","type":"Microsoft.Authorization/policyDefinitions","name":"17641f70-94cd-4a5d-a613-3d1143e20e34"},{"properties":{"displayName":"Deploy
+ associations for a managed application","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ an association resource that associates selected resource types to the specified
+ managed application. This policy deployment does not support nested resource
+ types.","metadata":{"category":"Managed Application"},"parameters":{"targetManagedApplicationId":{"type":"String","metadata":{"displayName":"Managed
+ application Id","description":"Resource ID of the managed application to which
+ resources need to be associated."}},"resourceTypesToAssociate":{"type":"Array","metadata":{"displayName":"Resource
+ types to associate","description":"The list of resource types to be associated
+ to the managed application.","strongType":"resourceTypes"}},"associationNamePrefix":{"type":"String","metadata":{"displayName":"Association
+ name prefix","description":"Prefix to be added to the name of the association
+ resource being created."},"defaultValue":"DeployedByPolicy"}},"policyRule":{"if":{"field":"type","in":"[parameters(''resourceTypesToAssociate'')]"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.CustomProviders/Associations","name":"[concat(parameters(''associationNamePrefix''),
+ ''-'', uniqueString(parameters(''targetManagedApplicationId'')))]","roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"associatedResourceName":{"type":"string"},"resourceTypesToAssociate":{"type":"string"},"targetManagedApplicationId":{"type":"string"},"associationNamePrefix":{"type":"string"}},"variables":{"resourceType":"[concat(parameters(''resourceTypesToAssociate''),
+ ''/providers/associations'')]","resourceName":"[concat(parameters(''associatedResourceName''),
+ ''/microsoft.customproviders/'', parameters(''associationNamePrefix''), ''-'',
+ uniqueString(parameters(''targetManagedApplicationId'')))]"},"resources":[{"type":"Microsoft.Resources/deployments","apiVersion":"2017-05-10","name":"[concat(deployment().Name,
+ ''-2'')]","properties":{"mode":"Incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[{"type":"[variables(''resourceType'')]","name":"[variables(''resourceName'')]","apiVersion":"2018-09-01-preview","properties":{"targetResourceId":"[parameters(''targetManagedApplicationId'')]"}}]}}}]},"parameters":{"resourceTypesToAssociate":{"value":"[field(''type'')]"},"associatedResourceName":{"value":"[field(''name'')]"},"targetManagedApplicationId":{"value":"[parameters(''targetManagedApplicationId'')]"},"associationNamePrefix":{"value":"[parameters(''associationNamePrefix'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17763ad9-70c0-4794-9397-53d765932634","type":"Microsoft.Authorization/policyDefinitions","name":"17763ad9-70c0-4794-9397-53d765932634"},{"properties":{"displayName":"Transparent
Data Encryption on SQL databases should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
transparent data encryption status for SQL databases","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"enabled"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"17k78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"Azure
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"enabled"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"17k78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"Microsoft
+ Managed Control 1325 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1325"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1845796a-7581-49b2-ae20-443121538e19","type":"Microsoft.Authorization/policyDefinitions","name":"1845796a-7581-49b2-ae20-443121538e19"},{"properties":{"displayName":"Microsoft
+ Managed Control 1480 - Temperature And Humidity Controls","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1480"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/18a767cc-1947-4338-a240-bc058c81164f","type":"Microsoft.Authorization/policyDefinitions","name":"18a767cc-1947-4338-a240-bc058c81164f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1369 - Incident Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1369"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/18cc35ed-a429-486d-8d59-cb47e87304ed","type":"Microsoft.Authorization/policyDefinitions","name":"18cc35ed-a429-486d-8d59-cb47e87304ed"},{"properties":{"displayName":"Microsoft
+ Managed Control 1269 - Alternate Storage Site | Separation From Primary Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1269"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/19b9439d-865d-4474-b17d-97d2702fdb66","type":"Microsoft.Authorization/policyDefinitions","name":"19b9439d-865d-4474-b17d-97d2702fdb66"},{"properties":{"displayName":"Microsoft
+ Managed Control 1071 - Wireless Access | Restrict Configurations By Users","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1071"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1a437f5b-9ad6-4f28-8861-de404d511ae4","type":"Microsoft.Authorization/policyDefinitions","name":"1a437f5b-9ad6-4f28-8861-de404d511ae4"},{"properties":{"displayName":"Azure
Monitor log profile should collect logs for categories ''write,'' ''delete,''
and ''action''","policyType":"BuiltIn","mode":"All","description":"This policy
ensures that a log profile collects logs for categories ''write,'' ''delete,''
@@ -7784,7 +11970,16 @@ interactions:
SQL managed instances which do not have recurring vulnerability assessment
scans enabled. Vulnerability assessment can discover, track, and help you
remediate potential database vulnerabilities.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/vulnerabilityAssessments/recurringScans.isEnabled","equals":"True"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","type":"Microsoft.Authorization/policyDefinitions","name":"1b7aa243-30e4-4c9e-bca8-d0d3022b634a"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/vulnerabilityAssessments/recurringScans.isEnabled","equals":"True"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","type":"Microsoft.Authorization/policyDefinitions","name":"1b7aa243-30e4-4c9e-bca8-d0d3022b634a"},{"properties":{"displayName":"Ensure
+ that ''PHP version'' is the latest, if used as a part of the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for PHP software either due to security flaws
+ or to include additional functionality. Using the latest PHP version for API
+ apps is recommended in order to to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ PHP version","description":"Latest supported PHP version for App Services"},"defaultValue":"7.3"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PHP"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PHP|'',
+ parameters(''PHPLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":"[parameters(''PHPLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","type":"Microsoft.Authorization/policyDefinitions","name":"1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba"},{"properties":{"displayName":"[Preview]:
Deploy Dependency Agent for Windows VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined
and the agent is not installed. The list of OS images will be updated over
@@ -7792,19 +11987,42 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentWindows","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''),
''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","type":"Microsoft.Authorization/policyDefinitions","name":"1c210e94-a481-4beb-95fa-1571b434fb04"},{"properties":{"displayName":"Virtual
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","type":"Microsoft.Authorization/policyDefinitions","name":"1c210e94-a481-4beb-95fa-1571b434fb04"},{"properties":{"displayName":"Microsoft
+ Managed Control 1072 - Wireless Access | Antennas / Transmission Power Levels","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1072"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1ca29e41-34ec-4e70-aba9-6248aca18c31","type":"Microsoft.Authorization/policyDefinitions","name":"1ca29e41-34ec-4e70-aba9-6248aca18c31"},{"properties":{"displayName":"Microsoft
+ Managed Control 1656 - Secure Name / Address Resolution Service (Authoritative
+ Source)","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1656"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1cb067d5-c8b5-4113-a7ee-0a493633924b","type":"Microsoft.Authorization/policyDefinitions","name":"1cb067d5-c8b5-4113-a7ee-0a493633924b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1592 - External Information System Services | Consistent Interests
+ Of Consumers And Providers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1592"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d01ba6c-289f-42fd-a408-494b355b6222","type":"Microsoft.Authorization/policyDefinitions","name":"1d01ba6c-289f-42fd-a408-494b355b6222"},{"properties":{"displayName":"Microsoft
+ Managed Control 1088 - Security Awareness And Training Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1088"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d50f99d-1356-49c0-934a-45f742ba7783","type":"Microsoft.Authorization/policyDefinitions","name":"1d50f99d-1356-49c0-934a-45f742ba7783"},{"properties":{"displayName":"Microsoft
+ Managed Control 1538 - Security Categorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1538"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d7658b2-e827-49c3-a2ae-6d2bd0b45874","type":"Microsoft.Authorization/policyDefinitions","name":"1d7658b2-e827-49c3-a2ae-6d2bd0b45874"},{"properties":{"displayName":"Virtual
machines should be migrated to new Azure Resource Manager resources","policyType":"BuiltIn","mode":"All","description":"Use
new Azure Resource Manager for your virtual machines to provide security enhancements
such as: stronger access control (RBAC), better auditing, ARM-based deployment
and governance, access to managed identities, access to key vault for secrets,
Azure AD-based authentication and support for tags and resource groups for
easier security management","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.ClassicCompute/virtualMachines","Microsoft.Compute/virtualMachines"]},{"value":"[field(''type'')]","equals":"Microsoft.ClassicCompute/virtualMachines"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","type":"Microsoft.Authorization/policyDefinitions","name":"1d84d5fb-01f6-4d12-ba4f-4a26081d403d"},{"properties":{"displayName":"[Deprecated]:
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.ClassicCompute/virtualMachines","Microsoft.Compute/virtualMachines"]},{"value":"[field(''type'')]","equals":"Microsoft.ClassicCompute/virtualMachines"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","type":"Microsoft.Authorization/policyDefinitions","name":"1d84d5fb-01f6-4d12-ba4f-4a26081d403d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1298 - Identification And Authentication Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1298"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1dc784b5-4895-4d27-9d40-a06b032bd1ee","type":"Microsoft.Authorization/policyDefinitions","name":"1dc784b5-4895-4d27-9d40-a06b032bd1ee"},{"properties":{"displayName":"[Deprecated]:
Audit API Applications that are not using latest supported .NET Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported .NET Framework version for the latest security classes.
Using older classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestDotNet","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb","type":"Microsoft.Authorization/policyDefinitions","name":"1de7b11d-1870-41a5-8181-507e7c663cfb"},{"properties":{"displayName":"Require
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestDotNet","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb","type":"Microsoft.Authorization/policyDefinitions","name":"1de7b11d-1870-41a5-8181-507e7c663cfb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1595 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1595"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1e0414e7-6ef5-4182-8076-aa82fbb53341","type":"Microsoft.Authorization/policyDefinitions","name":"1e0414e7-6ef5-4182-8076-aa82fbb53341"},{"properties":{"displayName":"Require
tag and its value","policyType":"BuiltIn","mode":"Indexed","description":"Enforces
a required tag and its value. Does not apply to resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
@@ -7815,7 +12033,22 @@ interactions:
to enable Azure AD authentication. Azure AD authentication enables simplified
permission management and centralized identity management of database users
and other Microsoft services","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/administrators"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","type":"Microsoft.Authorization/policyDefinitions","name":"1f314764-cb73-4fc9-b863-8eca98ac36e9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/administrators"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","type":"Microsoft.Authorization/policyDefinitions","name":"1f314764-cb73-4fc9-b863-8eca98ac36e9"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Event Hub to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Event Hub to stream to a regional Log Analytics
+ workspace when any Event Hub which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.EventHub/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ArchiveLogs","enabled":true,"retentionPolicy":{"enabled":false,"days":0}},{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"AutoScaleLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"KafkaCoordinatorLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"EventHubVNetConnectionEvent","enabled":"[parameters(''logsEnabled'')]"},{"category":"CustomerManagedKeyUserLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579","type":"Microsoft.Authorization/policyDefinitions","name":"1f6e93e8-6b31-41b1-83f6-36e449a42579"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Shutdown''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -7840,24 +12073,47 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Shutdown:
Allow system to be shut down without having to log on;ExpectedValue","value":"[parameters(''ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn'')]"},{"name":"Shutdown:
Clear virtual memory pagefile;ExpectedValue","value":"[parameters(''ShutdownClearVirtualMemoryPagefile'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f8c20ce-3414-4496-8b26-0e902a1541da","type":"Microsoft.Authorization/policyDefinitions","name":"1f8c20ce-3414-4496-8b26-0e902a1541da"},{"properties":{"displayName":"The
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f8c20ce-3414-4496-8b26-0e902a1541da","type":"Microsoft.Authorization/policyDefinitions","name":"1f8c20ce-3414-4496-8b26-0e902a1541da"},{"properties":{"displayName":"Microsoft
+ Managed Control 1616 - System And Communications Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1616"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2006457a-48b3-4f7b-8d2e-1532287f9929","type":"Microsoft.Authorization/policyDefinitions","name":"2006457a-48b3-4f7b-8d2e-1532287f9929"},{"properties":{"displayName":"Microsoft
+ Managed Control 1650 - Public Key Infrastructure Certificates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1650"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/201d3740-bd16-4baf-b4b8-7cda352228b7","type":"Microsoft.Authorization/policyDefinitions","name":"201d3740-bd16-4baf-b4b8-7cda352228b7"},{"properties":{"displayName":"The
NSGs rules for web applications on IaaS should be hardened","policyType":"BuiltIn","mode":"All","description":"Azure
security center has discovered that some of your virtual machines are running
web applications, and the NSGs associated to these virtual machines are overly
permissive with regards to the web application ports","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedWebApplication","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","type":"Microsoft.Authorization/policyDefinitions","name":"201ea587-7c90-41c3-910f-c280ae01cfd6"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedWebApplication","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","type":"Microsoft.Authorization/policyDefinitions","name":"201ea587-7c90-41c3-910f-c280ae01cfd6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1181 - Baseline Configuration | Retention Of Previous Configurations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1181"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21839937-d241-4fa5-95c6-b669253d9ab9","type":"Microsoft.Authorization/policyDefinitions","name":"21839937-d241-4fa5-95c6-b669253d9ab9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1111 - Response To Audit Processing Failures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1111"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21de687c-f15e-4e51-bf8d-f35c8619965b","type":"Microsoft.Authorization/policyDefinitions","name":"21de687c-f15e-4e51-bf8d-f35c8619965b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1596 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1596"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21e25e01-0ae0-41be-919e-04ce92b8e8b8","type":"Microsoft.Authorization/policyDefinitions","name":"21e25e01-0ae0-41be-919e-04ce92b8e8b8"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Audit''","policyType":"BuiltIn","mode":"All","description":"This policy should
only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Security
Options - Audit''. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAudit","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21e2995e-683e-497a-9e81-2f42ad07050a","type":"Microsoft.Authorization/policyDefinitions","name":"21e2995e-683e-497a-9e81-2f42ad07050a"},{"properties":{"displayName":"[Deprecated]:
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAudit","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21e2995e-683e-497a-9e81-2f42ad07050a","type":"Microsoft.Authorization/policyDefinitions","name":"21e2995e-683e-497a-9e81-2f42ad07050a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1426 - Media Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1426"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21f639bc-f42b-46b1-8f40-7a2a389c291a","type":"Microsoft.Authorization/policyDefinitions","name":"21f639bc-f42b-46b1-8f40-7a2a389c291a"},{"properties":{"displayName":"[Deprecated]:
Audit API Apps that are not using custom domains","policyType":"BuiltIn","mode":"All","description":"Use
of custom domains protects a API app from common attacks such as phishing
and other DNS-related attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac","type":"Microsoft.Authorization/policyDefinitions","name":"224da9fe-0d38-4e79-adb3-0a6e2af942ac"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac","type":"Microsoft.Authorization/policyDefinitions","name":"224da9fe-0d38-4e79-adb3-0a6e2af942ac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1399 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1399"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2256e638-eb23-480f-9e15-6cf1af0a76b3","type":"Microsoft.Authorization/policyDefinitions","name":"2256e638-eb23-480f-9e15-6cf1af0a76b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1221 - Least Functionality | Authorized Software / Whitelisting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1221"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22589a07-0007-486a-86ca-95355081ae2a","type":"Microsoft.Authorization/policyDefinitions","name":"22589a07-0007-486a-86ca-95355081ae2a"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Account Management''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -7870,7 +12126,9 @@ interactions:
remote management ports are exposing your VM to a high level of risk from
Internet-based attacks. These attacks attempt to brute force credentials to
gain admin access to the machine.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"restrictAccessToManagementPorts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","type":"Microsoft.Authorization/policyDefinitions","name":"22730e10-96f6-4aac-ad84-9383d35b5917"},{"properties":{"displayName":"Only
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"restrictAccessToManagementPorts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","type":"Microsoft.Authorization/policyDefinitions","name":"22730e10-96f6-4aac-ad84-9383d35b5917"},{"properties":{"displayName":"Microsoft
+ Managed Control 1493 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1493"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22b469b3-fccf-42da-aa3b-a28e6fb113ce","type":"Microsoft.Authorization/policyDefinitions","name":"22b469b3-fccf-42da-aa3b-a28e6fb113ce"},{"properties":{"displayName":"Only
secure connections to your Redis Cache should be enabled","policyType":"BuiltIn","mode":"All","description":"Audit
enabling of only connections via SSL to Redis Cache. Use of secure connections
ensures authentication between the server and the service and protects data
@@ -7885,37 +12143,99 @@ interactions:
Guest Configuration. This policy should only be used along with its corresponding
audit policy in an initiative. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordLength"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","type":"Microsoft.Authorization/policyDefinitions","name":"23020aa6-1135-4be2-bae2-149982b06eca"},{"properties":{"displayName":"Service
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordLength"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","type":"Microsoft.Authorization/policyDefinitions","name":"23020aa6-1135-4be2-bae2-149982b06eca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1256 - Contingency Plan | Identify Critical Assets","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1256"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/232ab24b-810b-4640-9019-74a7d0d6a980","type":"Microsoft.Authorization/policyDefinitions","name":"232ab24b-810b-4640-9019-74a7d0d6a980"},{"properties":{"displayName":"Service
Bus should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Service Bus not configured to use a virtual network service
endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.ServiceBus/namespaces/virtualNetworkRules","existenceCondition":{"field":"Microsoft.ServiceBus/namespaces/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/235359c5-7c52-4b82-9055-01c75cf9f60e","type":"Microsoft.Authorization/policyDefinitions","name":"235359c5-7c52-4b82-9055-01c75cf9f60e"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.ServiceBus/namespaces/virtualNetworkRules","existenceCondition":{"field":"Microsoft.ServiceBus/namespaces/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/235359c5-7c52-4b82-9055-01c75cf9f60e","type":"Microsoft.Authorization/policyDefinitions","name":"235359c5-7c52-4b82-9055-01c75cf9f60e"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Stream Analytics to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Stream Analytics to stream to a regional Log Analytics
+ workspace when any Stream Analytics which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingjobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.StreamAnalytics/streamingjobs/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Execution","enabled":"[parameters(''logsEnabled'')]"},{"category":"Authoring","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673","type":"Microsoft.Authorization/policyDefinitions","name":"237e0f7e-b0e8-4ec4-ad46-8c12cb66d673"},{"properties":{"displayName":"Microsoft
+ Managed Control 1268 - Alternate Storage Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1268"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/23f6e984-3053-4dfc-ab48-543b764781f5","type":"Microsoft.Authorization/policyDefinitions","name":"23f6e984-3053-4dfc-ab48-543b764781f5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1122 - Audit Review, Analysis, And Reporting | Permitted Actions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1122"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/243ec95e-800c-49d4-ba52-1fdd9f6b8b57","type":"Microsoft.Authorization/policyDefinitions","name":"243ec95e-800c-49d4-ba52-1fdd9f6b8b57"},{"properties":{"displayName":"Microsoft
+ Managed Control 1231 - Configuration Management Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1231"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/244e0c05-cc45-4fe7-bf36-42dcf01f457d","type":"Microsoft.Authorization/policyDefinitions","name":"244e0c05-cc45-4fe7-bf36-42dcf01f457d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1082 - Information Sharing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1082"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/24d480ef-11a0-4b1b-8e70-4e023bf2be23","type":"Microsoft.Authorization/policyDefinitions","name":"24d480ef-11a0-4b1b-8e70-4e023bf2be23"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that do not have a maximum password age
of 70 days","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that do not have a maximum password age of 70 days. For more
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","type":"Microsoft.Authorization/policyDefinitions","name":"24dde96d-f0b1-425e-884f-4a1421e2dcdc"},{"properties":{"displayName":"Endpoint
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","type":"Microsoft.Authorization/policyDefinitions","name":"24dde96d-f0b1-425e-884f-4a1421e2dcdc"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Data Lake Storage Gen1 to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Storage Gen1 to stream to a regional
+ Log Analytics workspace when any Data Lake Storage Gen1 which is missing this
+ diagnostic settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeStore/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/25763a0a-5783-4f14-969e-79d4933eb74b","type":"Microsoft.Authorization/policyDefinitions","name":"25763a0a-5783-4f14-969e-79d4933eb74b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1372 - Incident Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1372"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/25b96717-c912-4c00-9143-4e487f411726","type":"Microsoft.Authorization/policyDefinitions","name":"25b96717-c912-4c00-9143-4e487f411726"},{"properties":{"displayName":"Microsoft
+ Managed Control 1038 - Least Privilege | Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1038"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26692e88-71b7-4a5f-a8ac-9f31dd05bd8e","type":"Microsoft.Authorization/policyDefinitions","name":"26692e88-71b7-4a5f-a8ac-9f31dd05bd8e"},{"properties":{"displayName":"Endpoint
protection solution should be installed on virtual machine scale sets","policyType":"BuiltIn","mode":"Indexed","description":"Audit
the existence and health of an endpoint protection solution on your virtual
machines scale sets, to protect them from threats and vulnerabilities.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EndpointProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","type":"Microsoft.Authorization/policyDefinitions","name":"26a828e1-e88f-464e-bbb3-c134a282b9de"},{"properties":{"displayName":"Metric
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EndpointProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","type":"Microsoft.Authorization/policyDefinitions","name":"26a828e1-e88f-464e-bbb3-c134a282b9de"},{"properties":{"displayName":"Microsoft
+ Managed Control 1649 - Collaborative Computing Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1649"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26d292cc-b0b8-4c29-9337-68abc758bf7b","type":"Microsoft.Authorization/policyDefinitions","name":"26d292cc-b0b8-4c29-9337-68abc758bf7b"},{"properties":{"displayName":"Metric
alert rules should be configured on Batch accounts","policyType":"BuiltIn","mode":"Indexed","description":"Audit
configuration of metric alert rules on Batch account to enable the required
metric","metadata":{"category":"Batch"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"metricName":{"type":"String","metadata":{"displayName":"Metric
name","description":"The metric name that an alert rule must be enabled on"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Batch/batchAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/alertRules","existenceScope":"Subscription","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/alertRules/isEnabled","equals":"true"},{"field":"Microsoft.Insights/alertRules/condition.dataSource.metricName","equals":"[parameters(''metricName'')]"},{"field":"Microsoft.Insights/alertRules/condition.dataSource.resourceUri","equals":"[concat(''/subscriptions/'',
subscription().subscriptionId, ''/resourcegroups/'', resourceGroup().name,
- ''/providers/Microsoft.Batch/batchAccounts/'', field(''name''))]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","type":"Microsoft.Authorization/policyDefinitions","name":"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7"},{"properties":{"displayName":"Deploy
+ ''/providers/Microsoft.Batch/batchAccounts/'', field(''name''))]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","type":"Microsoft.Authorization/policyDefinitions","name":"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1396 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1396"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/276af98f-4ff9-4e69-99fb-c9b2452fb85f","type":"Microsoft.Authorization/policyDefinitions","name":"276af98f-4ff9-4e69-99fb-c9b2452fb85f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1074 - Access Control For Mobile Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1074"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/27a69937-af92-4198-9b86-08d355c7e59a","type":"Microsoft.Authorization/policyDefinitions","name":"27a69937-af92-4198-9b86-08d355c7e59a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1527 - Access Agreements","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1527"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2823de66-332f-4bfd-94a3-3eb036cd3b67","type":"Microsoft.Authorization/policyDefinitions","name":"2823de66-332f-4bfd-94a3-3eb036cd3b67"},{"properties":{"displayName":"Deploy
default Microsoft IaaSAntimalware extension for Windows Server","policyType":"BuiltIn","mode":"Indexed","description":"This
policy deploys a Microsoft IaaSAntimalware extension with a default configuration
when a VM is not configured with the antimalware extension.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk"]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"ExclusionsPaths":{"type":"string","defaultValue":"","metadata":{"description":"Semicolon
@@ -7927,7 +12247,25 @@ interactions:
whether scheduled scan setting type is set to Quick or Full (default is Quick)"}},"ScheduledScanSettingsDay":{"type":"string","defaultValue":"7","metadata":{"description":"Day
of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)"}},"ScheduledScanSettingsTime":{"type":"string","defaultValue":"120","metadata":{"description":"When
to perform the scheduled scan, measured in minutes from midnight (0-1440).
- For example: 0 = 12AM, 60 = 1AM, 120 = 2AM."}}},"resources":[{"name":"[concat(parameters(''vmName''),''/IaaSAntimalware'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2017-12-01","properties":{"publisher":"Microsoft.Azure.Security","type":"IaaSAntimalware","typeHandlerVersion":"1.3","autoUpgradeMinorVersion":true,"settings":{"AntimalwareEnabled":true,"RealtimeProtectionEnabled":"[parameters(''RealtimeProtectionEnabled'')]","ScheduledScanSettings":{"isEnabled":"[parameters(''ScheduledScanSettingsIsEnabled'')]","day":"[parameters(''ScheduledScanSettingsDay'')]","time":"[parameters(''ScheduledScanSettingsTime'')]","scanType":"[parameters(''ScheduledScanSettingsScanType'')]"},"Exclusions":{"Extensions":"[parameters(''ExclusionsExtensions'')]","Paths":"[parameters(''ExclusionsPaths'')]","Processes":"[parameters(''ExclusionsProcesses'')]"}}}}]},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"RealtimeProtectionEnabled":{"value":"true"},"ScheduledScanSettingsIsEnabled":{"value":"true"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc","type":"Microsoft.Authorization/policyDefinitions","name":"2835b622-407b-4114-9198-6f7064cbe0dc"},{"properties":{"displayName":"[Preview]:
+ For example: 0 = 12AM, 60 = 1AM, 120 = 2AM."}}},"resources":[{"name":"[concat(parameters(''vmName''),''/IaaSAntimalware'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2017-12-01","properties":{"publisher":"Microsoft.Azure.Security","type":"IaaSAntimalware","typeHandlerVersion":"1.3","autoUpgradeMinorVersion":true,"settings":{"AntimalwareEnabled":true,"RealtimeProtectionEnabled":"[parameters(''RealtimeProtectionEnabled'')]","ScheduledScanSettings":{"isEnabled":"[parameters(''ScheduledScanSettingsIsEnabled'')]","day":"[parameters(''ScheduledScanSettingsDay'')]","time":"[parameters(''ScheduledScanSettingsTime'')]","scanType":"[parameters(''ScheduledScanSettingsScanType'')]"},"Exclusions":{"Extensions":"[parameters(''ExclusionsExtensions'')]","Paths":"[parameters(''ExclusionsPaths'')]","Processes":"[parameters(''ExclusionsProcesses'')]"}}}}]},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"RealtimeProtectionEnabled":{"value":"true"},"ScheduledScanSettingsIsEnabled":{"value":"true"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc","type":"Microsoft.Authorization/policyDefinitions","name":"2835b622-407b-4114-9198-6f7064cbe0dc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1342 - Authenticator Management | Hardware Token-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1342"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/283a4e29-69d5-4c94-b99e-29acf003c899","type":"Microsoft.Authorization/policyDefinitions","name":"283a4e29-69d5-4c94-b99e-29acf003c899"},{"properties":{"displayName":"Microsoft
+ Managed Control 1436 - Media Transport","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1436"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/28aab8b4-74fd-4b7c-9080-5a7be525d574","type":"Microsoft.Authorization/policyDefinitions","name":"28aab8b4-74fd-4b7c-9080-5a7be525d574"},{"properties":{"displayName":"Microsoft
+ Managed Control 1224 - Information System Component Inventory | Updates During
+ Installations / Removals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1224"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/28cfa30b-7f72-47ce-ba3b-eed26c8d2c82","type":"Microsoft.Authorization/policyDefinitions","name":"28cfa30b-7f72-47ce-ba3b-eed26c8d2c82"},{"properties":{"displayName":"Microsoft
+ Managed Control 1148 - Security Assessments | Independent Assessors","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1148"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/28e62650-c7c2-4786-bdfa-17edc1673902","type":"Microsoft.Authorization/policyDefinitions","name":"28e62650-c7c2-4786-bdfa-17edc1673902"},{"properties":{"displayName":"Microsoft
+ Managed Control 1418 - Nonlocal Maintenance | Comparable Security / Sanitization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1418"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/28e633fd-284e-4ea7-88b4-02ca157ed713","type":"Microsoft.Authorization/policyDefinitions","name":"28e633fd-284e-4ea7-88b4-02ca157ed713"},{"properties":{"displayName":"Microsoft
+ Managed Control 1634 - Boundary Protection | Prevent Unauthorized Exfiltration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1634"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/292a7c44-37fa-4c68-af7c-9d836955ded2","type":"Microsoft.Authorization/policyDefinitions","name":"292a7c44-37fa-4c68-af7c-9d836955ded2"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
User Account Control''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -7945,14 +12283,57 @@ interactions:
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"field":"[concat(''tags['',
parameters(''tagName''), '']'')]","exists":"false"},"then":{"effect":"append","details":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498","type":"Microsoft.Authorization/policyDefinitions","name":"2a0e14a6-b0a6-4fab-991a-187a4f81c498"},{"properties":{"displayName":"Unattached
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498","type":"Microsoft.Authorization/policyDefinitions","name":"2a0e14a6-b0a6-4fab-991a-187a4f81c498"},{"properties":{"displayName":"Microsoft
+ Managed Control 1219 - Least Functionality | Authorized Software / Whitelisting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1219"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2a39ac75-622b-4c88-9a3f-45b7373f7ef7","type":"Microsoft.Authorization/policyDefinitions","name":"2a39ac75-622b-4c88-9a3f-45b7373f7ef7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1274 - Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1274"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2aee175f-cd16-4825-939a-a85349d96210","type":"Microsoft.Authorization/policyDefinitions","name":"2aee175f-cd16-4825-939a-a85349d96210"},{"properties":{"displayName":"Microsoft
+ Managed Control 1603 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1603"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2b909c26-162f-47ce-8e15-0c1f55632eac","type":"Microsoft.Authorization/policyDefinitions","name":"2b909c26-162f-47ce-8e15-0c1f55632eac"},{"properties":{"displayName":"Managed
+ identity should be used in your Web App","policyType":"BuiltIn","mode":"Indexed","description":"Use
+ a managed identity for enhanced authentication security","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332","type":"Microsoft.Authorization/policyDefinitions","name":"2b9ad585-36bc-4615-b300-fd4435808332"},{"properties":{"displayName":"Microsoft
+ Managed Control 1434 - Media Transport","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1434"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c18f06b-a68d-41c3-8863-b8cd3acb5f8f","type":"Microsoft.Authorization/policyDefinitions","name":"2c18f06b-a68d-41c3-8863-b8cd3acb5f8f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1343 - Authenticator Management | Expiration Of Cached Authenticators","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1343"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c251a55-31eb-4e53-99c6-e9c43c393ac2","type":"Microsoft.Authorization/policyDefinitions","name":"2c251a55-31eb-4e53-99c6-e9c43c393ac2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1388 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1388"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c7c575a-d4c5-4f6f-bd49-dee97a8cba55","type":"Microsoft.Authorization/policyDefinitions","name":"2c7c575a-d4c5-4f6f-bd49-dee97a8cba55"},{"properties":{"displayName":"Microsoft
+ Managed Control 1344 - Authenticator Feedback","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1344"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c895fe7-2d8e-43a2-838c-3a533a5b355e","type":"Microsoft.Authorization/policyDefinitions","name":"2c895fe7-2d8e-43a2-838c-3a533a5b355e"},{"properties":{"displayName":"Unattached
disks should be encrypted","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any unattached disk without encryption enabled.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/disks"},{"field":"Microsoft.Compute/disks/diskState","equals":"Unattached"},{"anyOf":[{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","exists":"false"},{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","type":"Microsoft.Authorization/policyDefinitions","name":"2c89a2e5-7285-40fe-afe0-ae8654b92fb2"},{"properties":{"displayName":"App
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/disks"},{"field":"Microsoft.Compute/disks/diskState","equals":"Unattached"},{"anyOf":[{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","exists":"false"},{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","type":"Microsoft.Authorization/policyDefinitions","name":"2c89a2e5-7285-40fe-afe0-ae8654b92fb2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1593 - External Information System Services | Processing,
+ Storage, And Service Location","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1593"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2cd0a426-b5f5-4fe0-9539-a6043cdbc6fa","type":"Microsoft.Authorization/policyDefinitions","name":"2cd0a426-b5f5-4fe0-9539-a6043cdbc6fa"},{"properties":{"displayName":"Microsoft
+ Managed Control 1546 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1546"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2ce1ea7e-4038-4e53-82f4-63e8859333c1","type":"Microsoft.Authorization/policyDefinitions","name":"2ce1ea7e-4038-4e53-82f4-63e8859333c1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1414 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1414"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2ce63a52-e47b-4ae2-adbb-6e40d967f9e6","type":"Microsoft.Authorization/policyDefinitions","name":"2ce63a52-e47b-4ae2-adbb-6e40d967f9e6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1679 - Malicious Code Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1679"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2cf42a28-193e-41c5-98df-7688e7ef0a88","type":"Microsoft.Authorization/policyDefinitions","name":"2cf42a28-193e-41c5-98df-7688e7ef0a88"},{"properties":{"displayName":"Microsoft
+ Managed Control 1068 - Wireless Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1068"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d045bca-a0fd-452e-9f41-4ec33769717c","type":"Microsoft.Authorization/policyDefinitions","name":"2d045bca-a0fd-452e-9f41-4ec33769717c"},{"properties":{"displayName":"App
Service should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any App Service not configured to use a virtual network service
endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/virtualNetworkConnections","existenceCondition":{"field":"Microsoft.Web/sites/virtualnetworkconnections/vnetResourceId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d21331d-a4c2-4def-a9ad-ee4e1e023beb","type":"Microsoft.Authorization/policyDefinitions","name":"2d21331d-a4c2-4def-a9ad-ee4e1e023beb"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/virtualNetworkConnections","existenceCondition":{"field":"Microsoft.Web/sites/virtualnetworkconnections/vnetResourceId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d21331d-a4c2-4def-a9ad-ee4e1e023beb","type":"Microsoft.Authorization/policyDefinitions","name":"2d21331d-a4c2-4def-a9ad-ee4e1e023beb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1704 - Security Alerts, Advisories, And Directives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1704"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d44b6fa-1134-4ea6-ad4e-9edb68f65429","type":"Microsoft.Authorization/policyDefinitions","name":"2d44b6fa-1134-4ea6-ad4e-9edb68f65429"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that do not store passwords using reversible
encryption","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
@@ -7966,7 +12347,35 @@ interactions:
initiative. This definition allows Azure Policy to process the results of
auditing Linux virtual machines that allow remote connections from accounts
without passwords. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","type":"Microsoft.Authorization/policyDefinitions","name":"2d67222d-05fd-4526-a171-2ee132ad9e83"},{"properties":{"displayName":"[Deprecated]:
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","type":"Microsoft.Authorization/policyDefinitions","name":"2d67222d-05fd-4526-a171-2ee132ad9e83"},{"properties":{"displayName":"Microsoft
+ Managed Control 1077 - Use Of External Information Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1077"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2dad3668-797a-412e-a798-07d3849a7a79","type":"Microsoft.Authorization/policyDefinitions","name":"2dad3668-797a-412e-a798-07d3849a7a79"},{"properties":{"displayName":"Microsoft
+ Managed Control 1149 - Security Assessments | Specialized Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1149"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2e1b855b-a013-481a-aeeb-2bcb129fd35d","type":"Microsoft.Authorization/policyDefinitions","name":"2e1b855b-a013-481a-aeeb-2bcb129fd35d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1497 - System Security Plan | Plan / Coordinate With Other
+ Organizational Entities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1497"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2e3c5583-1729-4d36-8771-59c32f090a22","type":"Microsoft.Authorization/policyDefinitions","name":"2e3c5583-1729-4d36-8771-59c32f090a22"},{"properties":{"displayName":"Microsoft
+ Managed Control 1000 - Access Control Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1000"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2ef3cc79-733e-48ed-ab6f-7bf439e9b406","type":"Microsoft.Authorization/policyDefinitions","name":"2ef3cc79-733e-48ed-ab6f-7bf439e9b406"},{"properties":{"displayName":"Microsoft
+ Managed Control 1519 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1519"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2f13915a-324c-4ab8-b45c-2eefeeefb098","type":"Microsoft.Authorization/policyDefinitions","name":"2f13915a-324c-4ab8-b45c-2eefeeefb098"},{"properties":{"displayName":"[Preview]:
+ Network traffic data collection agent should be installed on Windows virtual
+ machines","policyType":"BuiltIn","mode":"Indexed","description":"Security
+ Center uses the Microsoft Monitoring Dependency Agent to collect network traffic
+ data from your Azure virtual machines to enable advanced network protection
+ features such as traffic visualization on the network map, network hardening
+ recommendations and specific network threats.","metadata":{"category":"Monitoring","preview":"true"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable Dependency Agent for Windows VMs monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2f2ee1de-44aa-4762-b6bd-0893fc3f306d","type":"Microsoft.Authorization/policyDefinitions","name":"2f2ee1de-44aa-4762-b6bd-0893fc3f306d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1144 - Security Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1144"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fa15ff1-a693-4ee4-b094-324818dc9a51","type":"Microsoft.Authorization/policyDefinitions","name":"2fa15ff1-a693-4ee4-b094-324818dc9a51"},{"properties":{"displayName":"Microsoft
+ Managed Control 1090 - Security Awareness Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1090"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fb740e5-cbc7-4d10-8686-d1bf826652b1","type":"Microsoft.Authorization/policyDefinitions","name":"2fb740e5-cbc7-4d10-8686-d1bf826652b1"},{"properties":{"displayName":"[Deprecated]:
Web Application should only be accessible over HTTPS","policyType":"BuiltIn","mode":"All","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"Security
@@ -7996,7 +12405,14 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[DomainMembership]WindowsDomainMembership;DomainName","value":"[parameters(''DomainName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/315c850a-272d-4502-8935-b79010405970","type":"Microsoft.Authorization/policyDefinitions","name":"315c850a-272d-4502-8935-b79010405970"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/315c850a-272d-4502-8935-b79010405970","type":"Microsoft.Authorization/policyDefinitions","name":"315c850a-272d-4502-8935-b79010405970"},{"properties":{"displayName":"Microsoft
+ Managed Control 1042 - Least Privilege | Auditing Use Of Privileged Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1042"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/319dc4f0-0fed-4ac9-8fc3-7aeddee82c07","type":"Microsoft.Authorization/policyDefinitions","name":"319dc4f0-0fed-4ac9-8fc3-7aeddee82c07"},{"properties":{"displayName":"Microsoft
+ Managed Control 1698 - Information System Monitoring | Individuals Posing
+ Greater Risk","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1698"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/31b752c1-05a9-432a-8fce-c39b56550119","type":"Microsoft.Authorization/policyDefinitions","name":"31b752c1-05a9-432a-8fce-c39b56550119"},{"properties":{"displayName":"[Preview]:
Audit Log Analytics Agent Deployment - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports
VMs as non-compliant if the VM Image (OS) is not in the list defined and the
agent is not installed. The list of OS images will be updated over time as
@@ -8004,7 +12420,13 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","type":"Microsoft.Authorization/policyDefinitions","name":"32133ab0-ee4b-4b44-98d6-042180979d50"},{"properties":{"displayName":"Deploy
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","type":"Microsoft.Authorization/policyDefinitions","name":"32133ab0-ee4b-4b44-98d6-042180979d50"},{"properties":{"displayName":"Microsoft
+ Managed Control 1587 - External Information System Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1587"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32820956-9c6d-4376-934c-05cd8525be7c","type":"Microsoft.Authorization/policyDefinitions","name":"32820956-9c6d-4376-934c-05cd8525be7c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1333 - Authenticator Management | Pki-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1333"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3298d6bf-4bc6-4278-a95d-f7ef3ac6e594","type":"Microsoft.Authorization/policyDefinitions","name":"3298d6bf-4bc6-4278-a95d-f7ef3ac6e594"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs on which the specified services are not
installed and ''Running''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -8023,35 +12445,59 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsServiceStatus]WindowsServiceStatus1;ServiceName","value":"[parameters(''ServiceName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32b1e4d4-6cd5-47b4-a935-169da8a5c262","type":"Microsoft.Authorization/policyDefinitions","name":"32b1e4d4-6cd5-47b4-a935-169da8a5c262"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32b1e4d4-6cd5-47b4-a935-169da8a5c262","type":"Microsoft.Authorization/policyDefinitions","name":"32b1e4d4-6cd5-47b4-a935-169da8a5c262"},{"properties":{"displayName":"Microsoft
+ Managed Control 1445 - Physical And Environmental Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1445"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32d07d59-2716-4972-b37b-214a67ac4a37","type":"Microsoft.Authorization/policyDefinitions","name":"32d07d59-2716-4972-b37b-214a67ac4a37"},{"properties":{"displayName":"Microsoft
+ Managed Control 1282 - Telecommunications Services | Single Points Of Failure","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1282"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34042a97-ec6d-4263-93d2-8c1c46823b2a","type":"Microsoft.Authorization/policyDefinitions","name":"34042a97-ec6d-4263-93d2-8c1c46823b2a"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Linux VMs that have accounts without passwords","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Linux virtual machines
that have accounts without passwords. It also creates a system-assigned managed
identity and deploys the VM extension for Guest Configuration. This policy
should only be used along with its corresponding audit policy in an initiative.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid232","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid232"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","type":"Microsoft.Authorization/policyDefinitions","name":"3470477a-b35a-49db-aca5-1073d04524fe"},{"properties":{"displayName":"Audit
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid232","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid232"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","type":"Microsoft.Authorization/policyDefinitions","name":"3470477a-b35a-49db-aca5-1073d04524fe"},{"properties":{"displayName":"Microsoft
+ Managed Control 1151 - System Interconnections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1151"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/347e3b69-7fb7-47df-a8ef-71a1a7b44bca","type":"Microsoft.Authorization/policyDefinitions","name":"347e3b69-7fb7-47df-a8ef-71a1a7b44bca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1412 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1412"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3492d949-0dbb-4589-88b3-7b59601cc764","type":"Microsoft.Authorization/policyDefinitions","name":"3492d949-0dbb-4589-88b3-7b59601cc764"},{"properties":{"displayName":"Microsoft
+ Managed Control 1475 - Emergency Lighting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1475"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34a63848-30cf-4081-937e-ce1a1c885501","type":"Microsoft.Authorization/policyDefinitions","name":"34a63848-30cf-4081-937e-ce1a1c885501"},{"properties":{"displayName":"Microsoft
+ Managed Control 1060 - Remote Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1060"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34a987fd-2003-45de-a120-014956581f2b","type":"Microsoft.Authorization/policyDefinitions","name":"34a987fd-2003-45de-a120-014956581f2b"},{"properties":{"displayName":"Audit
unrestricted network access to storage accounts","policyType":"BuiltIn","mode":"Indexed","description":"Audit
unrestricted network access in your storage account firewall settings. Instead,
configure network rules so only applications from allowed networks can access
the storage account. To allow connections from specific internet or on-premise
clients, access can be granted to traffic from specific Azure virtual networks
or to public internet IP address ranges","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.defaultAction","equals":"Allow"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","type":"Microsoft.Authorization/policyDefinitions","name":"34c877ad-507e-4c82-993e-3452a6e0ad3c"},{"properties":{"displayName":"Diagnostic
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.defaultAction","equals":"Allow"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","type":"Microsoft.Authorization/policyDefinitions","name":"34c877ad-507e-4c82-993e-3452a6e0ad3c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1341 - Authenticator Management | Multiple Information System
+ Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1341"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34cb7e92-fe4c-4826-b51e-8cd203fa5d35","type":"Microsoft.Authorization/policyDefinitions","name":"34cb7e92-fe4c-4826-b51e-8cd203fa5d35"},{"properties":{"displayName":"Diagnostic
logs in Logic Apps should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Logic Apps"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","type":"Microsoft.Authorization/policyDefinitions","name":"34f95f76-5386-4de7-b824-0d8478470c9d"},{"properties":{"displayName":"[Preview]:
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","type":"Microsoft.Authorization/policyDefinitions","name":"34f95f76-5386-4de7-b824-0d8478470c9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1210 - Configuration Settings","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1210"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3502c968-c490-4570-8167-1476f955e9b8","type":"Microsoft.Authorization/policyDefinitions","name":"3502c968-c490-4570-8167-1476f955e9b8"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not have a maximum password
age of 70 days","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -8059,31 +12505,51 @@ interactions:
managed identity and deploys the VM extension for Guest Configuration. This
policy should only be used along with its corresponding audit policy in an
initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MaximumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MaximumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","type":"Microsoft.Authorization/policyDefinitions","name":"356a906e-05e5-4625-8729-90771e0ee934"},{"properties":{"displayName":"CORS
should not allow every resource to access your API App","policyType":"BuiltIn","mode":"Indexed","description":"Cross-Origin
Resource Sharing (CORS) should not allow all domains to access your API app.
Allow only required domains to interact with your API app.","metadata":{"category":"App
Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","type":"Microsoft.Authorization/policyDefinitions","name":"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac"},{"properties":{"displayName":"Gateway
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","type":"Microsoft.Authorization/policyDefinitions","name":"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1659 - Architecture And Provisioning For Name / Address Resolution
+ Service","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1659"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/35a4102f-a778-4a2e-98c2-971056288df8","type":"Microsoft.Authorization/policyDefinitions","name":"35a4102f-a778-4a2e-98c2-971056288df8"},{"properties":{"displayName":"Gateway
subnets should not be configured with a network security group","policyType":"BuiltIn","mode":"All","description":"This
policy denies if a gateway subnet is configured with a network security group.
Assigning a network security group to a gateway subnet will cause the gateway
- to stop functioning.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},{"field":"name","equals":"GatewaySubnet"},{"field":"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id","exists":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010","type":"Microsoft.Authorization/policyDefinitions","name":"35f9c03a-cc27-418e-9c0c-539ff999d010"},{"properties":{"displayName":"Deploy
+ to stop functioning.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},{"field":"name","equals":"GatewaySubnet"},{"field":"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id","exists":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010","type":"Microsoft.Authorization/policyDefinitions","name":"35f9c03a-cc27-418e-9c0c-539ff999d010"},{"properties":{"displayName":"Microsoft
+ Managed Control 1043 - Least Privilege | Prohibit Non-Privileged Users From
+ Executing Privileged Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1043"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/361a77f6-0f9c-4748-8eec-bc13aaaa2455","type":"Microsoft.Authorization/policyDefinitions","name":"361a77f6-0f9c-4748-8eec-bc13aaaa2455"},{"properties":{"displayName":"Deploy
Advanced Threat Protection on Storage Accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
policy enables Advanced Threat Protection on Storage Accounts.","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Storage/storageAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"storageAccountName":{"type":"string"}},"resources":[{"apiVersion":"2017-08-01-preview","type":"Microsoft.Storage/storageAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''storageAccountName''),
- ''/Microsoft.Security/current'')]","properties":{"isEnabled":true}}]},"parameters":{"storageAccountName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c","type":"Microsoft.Authorization/policyDefinitions","name":"361c2074-3595-4e5d-8cab-4f21dffc835c"},{"properties":{"displayName":"Automation
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Storage/storageAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"storageAccountName":{"type":"string"}},"resources":[{"apiVersion":"2019-01-01","type":"Microsoft.Storage/storageAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''storageAccountName''),
+ ''/Microsoft.Security/current'')]","properties":{"isEnabled":true}}]},"parameters":{"storageAccountName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c","type":"Microsoft.Authorization/policyDefinitions","name":"361c2074-3595-4e5d-8cab-4f21dffc835c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1313 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1313"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36220f5b-79a1-4cdb-8c74-2d2449f9a510","type":"Microsoft.Authorization/policyDefinitions","name":"36220f5b-79a1-4cdb-8c74-2d2449f9a510"},{"properties":{"displayName":"Microsoft
+ Managed Control 1630 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1630"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3643717a-3897-4bfd-8530-c7c96b26b2a0","type":"Microsoft.Authorization/policyDefinitions","name":"3643717a-3897-4bfd-8530-c7c96b26b2a0"},{"properties":{"displayName":"Automation
account variables should be encrypted","policyType":"BuiltIn","mode":"All","description":"It
is important to enable encryption of Automation account variable assets when
storing sensitive data","metadata":{"category":"Automation"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Automation/automationAccounts/variables"},{"field":"Microsoft.Automation/automationAccounts/variables/isEncrypted","notEquals":"true"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","type":"Microsoft.Authorization/policyDefinitions","name":"3657f5a0-770e-44a3-b44e-9431ba1e9735"},{"properties":{"displayName":"Deploy
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Automation/automationAccounts/variables"},{"field":"Microsoft.Automation/automationAccounts/variables/isEncrypted","notEquals":"true"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","type":"Microsoft.Authorization/policyDefinitions","name":"3657f5a0-770e-44a3-b44e-9431ba1e9735"},{"properties":{"displayName":"Microsoft
+ Managed Control 1339 - Authenticator Management | Protection Of Authenticators","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1339"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/367ae386-db7f-4167-b672-984ff86277c0","type":"Microsoft.Authorization/policyDefinitions","name":"367ae386-db7f-4167-b672-984ff86277c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1685 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1685"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36b0ef30-366f-4b1b-8652-a3511df11f53","type":"Microsoft.Authorization/policyDefinitions","name":"36b0ef30-366f-4b1b-8652-a3511df11f53"},{"properties":{"displayName":"Deploy
Threat Detection on SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy ensures that Threat Detection is enabled on SQL Servers.","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/securityAlertPolicies.state","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"serverName":{"type":"string"}},"variables":{},"resources":[{"name":"[concat(parameters(''serverName''),
''/Default'')]","type":"Microsoft.Sql/servers/securityAlertPolicies","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","emailAccountAdmins":true}}]},"parameters":{"serverName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5","type":"Microsoft.Authorization/policyDefinitions","name":"36d49e87-48c4-4f2e-beed-ba4ed02b71f5"},{"properties":{"displayName":"[Preview]:
@@ -8132,7 +12598,10 @@ interactions:
clients;ExpectedValue","value":"[parameters(''NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients'')]"},{"name":"Network
security: Minimum session security for NTLM SSP based (including secure RPC)
servers;ExpectedValue","value":"[parameters(''NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36e17963-7202-494a-80c3-f508211c826b","type":"Microsoft.Authorization/policyDefinitions","name":"36e17963-7202-494a-80c3-f508211c826b"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36e17963-7202-494a-80c3-f508211c826b","type":"Microsoft.Authorization/policyDefinitions","name":"36e17963-7202-494a-80c3-f508211c826b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1557 - Vulnerability Scanning | Review Historic Audit Logs","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1557"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36fbe499-f2f2-41b6-880e-52d7ea1d94a5","type":"Microsoft.Authorization/policyDefinitions","name":"36fbe499-f2f2-41b6-880e-52d7ea1d94a5"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Interactive Logon''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -8143,33 +12612,86 @@ interactions:
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsInteractiveLogon","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsInteractiveLogon"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3750712b-43d0-478e-9966-d2c26f6141b9","type":"Microsoft.Authorization/policyDefinitions","name":"3750712b-43d0-478e-9966-d2c26f6141b9"},{"properties":{"displayName":"Storage
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3750712b-43d0-478e-9966-d2c26f6141b9","type":"Microsoft.Authorization/policyDefinitions","name":"3750712b-43d0-478e-9966-d2c26f6141b9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1624 - Boundary Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1624"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37d079e3-d6aa-4263-a069-dd7ac6dd9684","type":"Microsoft.Authorization/policyDefinitions","name":"37d079e3-d6aa-4263-a069-dd7ac6dd9684"},{"properties":{"displayName":"Storage
accounts should be migrated to new Azure Resource Manager resources","policyType":"BuiltIn","mode":"All","description":"Use
new Azure Resource Manager for your storage accounts to provide security enhancements
such as: stronger access control (RBAC), better auditing, Azure Resource Manager
based deployment and governance, access to managed identities, access to key
vault for secrets, Azure AD-based authentication and support for tags and
resource groups for easier security management","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.ClassicStorage/storageAccounts","Microsoft.Storage/StorageAccounts"]},{"value":"[field(''type'')]","equals":"Microsoft.ClassicStorage/storageAccounts"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","type":"Microsoft.Authorization/policyDefinitions","name":"37e0d2fe-28a5-43d6-a273-67d37d1f5606"},{"properties":{"displayName":"Diagnostic
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.ClassicStorage/storageAccounts","Microsoft.Storage/StorageAccounts"]},{"value":"[field(''type'')]","equals":"Microsoft.ClassicStorage/storageAccounts"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","type":"Microsoft.Authorization/policyDefinitions","name":"37e0d2fe-28a5-43d6-a273-67d37d1f5606"},{"properties":{"displayName":"Microsoft
+ Managed Control 1335 - Authenticator Management | Pki-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1335"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/382016f3-d4ba-4e15-9716-55077ec4dc2a","type":"Microsoft.Authorization/policyDefinitions","name":"382016f3-d4ba-4e15-9716-55077ec4dc2a"},{"properties":{"displayName":"Diagnostic
logs in IoT Hub should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Internet of Things"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Devices/IotHubs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","type":"Microsoft.Authorization/policyDefinitions","name":"383856f8-de7f-44a2-81fc-e5135b5c2aa4"},{"properties":{"displayName":"Advanced
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Devices/IotHubs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","type":"Microsoft.Authorization/policyDefinitions","name":"383856f8-de7f-44a2-81fc-e5135b5c2aa4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1081 - Information Sharing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1081"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3867f2a9-23bb-4729-851f-c3ad98580caf","type":"Microsoft.Authorization/policyDefinitions","name":"3867f2a9-23bb-4729-851f-c3ad98580caf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1522 - Personnel Transfer","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1522"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/38b470cc-f939-4a15-80e0-9f0c74f2e2c9","type":"Microsoft.Authorization/policyDefinitions","name":"38b470cc-f939-4a15-80e0-9f0c74f2e2c9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1416 - Nonlocal Maintenance | Document Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1416"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/38dfd8a3-5290-4099-88b7-4081f4c4d8ae","type":"Microsoft.Authorization/policyDefinitions","name":"38dfd8a3-5290-4099-88b7-4081f4c4d8ae"},{"properties":{"displayName":"Microsoft
+ Managed Control 1397 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1397"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/391af4ab-1117-46b9-b2c7-78bbd5cd995b","type":"Microsoft.Authorization/policyDefinitions","name":"391af4ab-1117-46b9-b2c7-78bbd5cd995b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1556 - Vulnerability Scanning | Automated Trend Analyses","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1556"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/391ff8b3-afed-405e-9f7d-ef2f8168d5da","type":"Microsoft.Authorization/policyDefinitions","name":"391ff8b3-afed-405e-9f7d-ef2f8168d5da"},{"properties":{"displayName":"Advanced
data security settings for SQL managed instance should contain an email address
to receive security alerts","policyType":"BuiltIn","mode":"Indexed","description":"Ensure
that an email address is provided for the ''Send alerts to'' field in the
Advanced Data Security server settings. This email address receives alert
notifications when anomalous activities are detected on SQL managed instances.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","notEquals":""},{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","type":"Microsoft.Authorization/policyDefinitions","name":"3965c43d-b5f4-482e-b74a-d89ee0e0b3a8"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","notEquals":""},{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","type":"Microsoft.Authorization/policyDefinitions","name":"3965c43d-b5f4-482e-b74a-d89ee0e0b3a8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1232 - Configuration Management Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1232"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/396ba986-eac1-4d6d-85c4-d3fda6b78272","type":"Microsoft.Authorization/policyDefinitions","name":"396ba986-eac1-4d6d-85c4-d3fda6b78272"},{"properties":{"displayName":"Microsoft
+ Managed Control 1246 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1246"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/398eb61e-8111-40d5-a0c9-003df28f1753","type":"Microsoft.Authorization/policyDefinitions","name":"398eb61e-8111-40d5-a0c9-003df28f1753"},{"properties":{"displayName":"FTPS
+ only should be required in your Function App","policyType":"BuiltIn","mode":"Indexed","description":"Enable
+ FTPS enforcement for enhanced security","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/ftpsState","equals":"FtpsOnly"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15","type":"Microsoft.Authorization/policyDefinitions","name":"399b2637-a50f-4f95-96f8-3a145476eb15"},{"properties":{"displayName":"Microsoft
+ Managed Control 1680 - Malicious Code Protection | Central Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1680"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/399cd6ee-0e18-41db-9dea-cde3bd712f38","type":"Microsoft.Authorization/policyDefinitions","name":"399cd6ee-0e18-41db-9dea-cde3bd712f38"},{"properties":{"displayName":"Microsoft
+ Managed Control 1228 - Information System Component Inventory | Accountability
+ Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1228"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/39c54140-5902-4079-8bb5-ad31936fe764","type":"Microsoft.Authorization/policyDefinitions","name":"39c54140-5902-4079-8bb5-ad31936fe764"},{"properties":{"displayName":"Microsoft
+ Managed Control 1039 - Least Privilege | Review Of User Privileges","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1039"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3a7b9de4-a8a2-4672-914d-c5f6752aa7f9","type":"Microsoft.Authorization/policyDefinitions","name":"3a7b9de4-a8a2-4672-914d-c5f6752aa7f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1648 - Collaborative Computing Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1648"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3a9eb14b-495a-4ebb-933c-ce4ef5264e32","type":"Microsoft.Authorization/policyDefinitions","name":"3a9eb14b-495a-4ebb-933c-ce4ef5264e32"},{"properties":{"displayName":"Microsoft
+ Managed Control 1315 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1315"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3aa87116-f1a1-4edb-bfbf-14e036f8d454","type":"Microsoft.Authorization/policyDefinitions","name":"3aa87116-f1a1-4edb-bfbf-14e036f8d454"},{"properties":{"displayName":"[Preview]:
Pod Security Policies should be defined on Kubernetes Services","policyType":"BuiltIn","mode":"All","description":"Define
Pod Security Policies to reduce the attack vector by removing unnecessary
application privileges. It is recommended to configure Pod Security Policies
to only allow pods to access the resources which they have permissions to
access.","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","exists":"false"},{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94","type":"Microsoft.Authorization/policyDefinitions","name":"3abeb944-26af-43ee-b83d-32aaf060fb94"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","exists":"false"},{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94","type":"Microsoft.Authorization/policyDefinitions","name":"3abeb944-26af-43ee-b83d-32aaf060fb94"},{"properties":{"displayName":"Microsoft
+ Managed Control 1548 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1548"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3afe6c78-6124-4d95-b85c-eb8c0c9539cb","type":"Microsoft.Authorization/policyDefinitions","name":"3afe6c78-6124-4d95-b85c-eb8c0c9539cb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1266 - Contingency Plan Testing | Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1266"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3b4a3eb2-c25d-40bf-ad41-5094b6f59cee","type":"Microsoft.Authorization/policyDefinitions","name":"3b4a3eb2-c25d-40bf-ad41-5094b6f59cee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1003 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1003"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3b68b179-3704-4ff7-b51d-7d65374d165d","type":"Microsoft.Authorization/policyDefinitions","name":"3b68b179-3704-4ff7-b51d-7d65374d165d"},{"properties":{"displayName":"[Preview]:
Deploy Dependency Agent for Windows VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the
list defined and the agent is not installed. The list of OS images will be
@@ -8199,7 +12721,32 @@ interactions:
in security configuration on your virtual machine scale sets should be remediated","policyType":"BuiltIn","mode":"Indexed","description":"Audit
the OS vulnerabilities on your virtual machine scale sets to protect them
from attacks.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OsVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","type":"Microsoft.Authorization/policyDefinitions","name":"3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OsVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","type":"Microsoft.Authorization/policyDefinitions","name":"3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1621 - Resource Availability","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1621"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3cb9f731-744a-4691-a481-ca77b0411538","type":"Microsoft.Authorization/policyDefinitions","name":"3cb9f731-744a-4691-a481-ca77b0411538"},{"properties":{"displayName":"Microsoft
+ Managed Control 1521 - Personnel Termination | Automated Notification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1521"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3cbddf9c-a3aa-4330-a0f5-4c0c1f1862e5","type":"Microsoft.Authorization/policyDefinitions","name":"3cbddf9c-a3aa-4330-a0f5-4c0c1f1862e5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1127 - Time Stamps","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1127"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3ce328db-aef3-48ed-9f81-2ab7cf839c66","type":"Microsoft.Authorization/policyDefinitions","name":"3ce328db-aef3-48ed-9f81-2ab7cf839c66"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Search Services to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Search Services to stream to a regional Event
+ Hub when any Search Services which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Search/searchServices/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d5da587-71bd-41f5-ac95-dd3330c2d58d","type":"Microsoft.Authorization/policyDefinitions","name":"3d5da587-71bd-41f5-ac95-dd3330c2d58d"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Devices''","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
@@ -8216,22 +12763,43 @@ interactions:
policy assignment''s principal ID.","strongType":"omsWorkspace"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS","16.04-LTS","16.04.0-LTS","14.04.2-LTS","12.04.5-LTS"]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"OmsAgentForLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"resources":[{"name":"[concat(parameters(''vmName''),''/omsPolicy'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2017-12-01","properties":{"publisher":"Microsoft.EnterpriseCloud.Monitoring","type":"OmsAgentForLinux","typeHandlerVersion":"1.4","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
''2015-03-20'').customerId]"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- monitoring for Linux VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38","type":"Microsoft.Authorization/policyDefinitions","name":"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38"},{"properties":{"displayName":"Azure
+ monitoring for Linux VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38","type":"Microsoft.Authorization/policyDefinitions","name":"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38"},{"properties":{"displayName":"Microsoft
+ Managed Control 1385 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1385"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3e495e65-8663-49ca-9b38-9f45e800bc58","type":"Microsoft.Authorization/policyDefinitions","name":"3e495e65-8663-49ca-9b38-9f45e800bc58"},{"properties":{"displayName":"Azure
Monitor solution ''Security and Audit'' must be deployed","policyType":"BuiltIn","mode":"All","description":"This
policy ensures that Security and Audit is deployed.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.OperationsManagement/solutions","existenceCondition":{"allOf":[{"field":"Microsoft.OperationsManagement/solutions/provisioningState","equals":"Succeeded"},{"field":"name","like":"Security(*)"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3e596b57-105f-48a6-be97-03e9243bad6e","type":"Microsoft.Authorization/policyDefinitions","name":"3e596b57-105f-48a6-be97-03e9243bad6e"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.OperationsManagement/solutions","existenceCondition":{"allOf":[{"field":"Microsoft.OperationsManagement/solutions/provisioningState","equals":"Succeeded"},{"field":"name","like":"Security(*)"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3e596b57-105f-48a6-be97-03e9243bad6e","type":"Microsoft.Authorization/policyDefinitions","name":"3e596b57-105f-48a6-be97-03e9243bad6e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1160 - Security Authorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1160"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3e797ca6-2aa8-4333-b335-7036f1110c05","type":"Microsoft.Authorization/policyDefinitions","name":"3e797ca6-2aa8-4333-b335-7036f1110c05"},{"properties":{"displayName":"Microsoft
+ Managed Control 1545 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1545"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3f4b171a-a56b-4328-8112-32cf7f947ee1","type":"Microsoft.Authorization/policyDefinitions","name":"3f4b171a-a56b-4328-8112-32cf7f947ee1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1179 - Baseline Configuration | Reviews And Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1179"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3f9ce557-c8ab-4e6c-bb2c-9b8ed002c46c","type":"Microsoft.Authorization/policyDefinitions","name":"3f9ce557-c8ab-4e6c-bb2c-9b8ed002c46c"},{"properties":{"displayName":"[Deprecated]:
Audit API Applications that are not using latest supported PHP Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported PHP version for the latest security classes. Using older
classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66","type":"Microsoft.Authorization/policyDefinitions","name":"3fe37002-5d00-4b37-a301-da09e3a0ca66"},{"properties":{"displayName":"Secure
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66","type":"Microsoft.Authorization/policyDefinitions","name":"3fe37002-5d00-4b37-a301-da09e3a0ca66"},{"properties":{"displayName":"Microsoft
+ Managed Control 1561 - Allocation Of Resources","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1561"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40364c3f-c331-4e29-b1e3-2fbe998ba2f5","type":"Microsoft.Authorization/policyDefinitions","name":"40364c3f-c331-4e29-b1e3-2fbe998ba2f5"},{"properties":{"displayName":"Secure
transfer to storage accounts should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
requirment of Secure transfer in your storage account. Secure transfer is
an option that forces your storage account to accept requests only from secure
connections (HTTPS). Use of HTTPS ensures authentication between the server
and the service and protects data in transit from network layer attacks such
as man-in-the-middle, eavesdropping, and session-hijacking","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","type":"Microsoft.Authorization/policyDefinitions","name":"404c3081-a854-4457-ae30-26a93ef643f9"},{"properties":{"displayName":"[Preview]:
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","type":"Microsoft.Authorization/policyDefinitions","name":"404c3081-a854-4457-ae30-26a93ef643f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1100 - Audit And Accountability Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1100"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4057863c-ca7d-47eb-b1e0-503580cba8a4","type":"Microsoft.Authorization/policyDefinitions","name":"4057863c-ca7d-47eb-b1e0-503580cba8a4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1637 - Boundary Protection | Fail Secure","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1637"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4075bedc-c62a-4635-bede-a01be89807f3","type":"Microsoft.Authorization/policyDefinitions","name":"4075bedc-c62a-4635-bede-a01be89807f3"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Administrative
Templates - System''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -8261,11 +12829,41 @@ interactions:
Driver Initialization Policy;ExpectedValue","value":"[parameters(''BootStartDriverInitializationPolicy'')]"},{"name":"Enable
Windows NTP Client;ExpectedValue","value":"[parameters(''EnableWindowsNTPClient'')]"},{"name":"Turn
on convenience PIN sign-in;ExpectedValue","value":"[parameters(''TurnOnConveniencePINSignin'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40917425-69db-4018-8dae-2a0556cef899","type":"Microsoft.Authorization/policyDefinitions","name":"40917425-69db-4018-8dae-2a0556cef899"},{"properties":{"displayName":"Azure
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40917425-69db-4018-8dae-2a0556cef899","type":"Microsoft.Authorization/policyDefinitions","name":"40917425-69db-4018-8dae-2a0556cef899"},{"properties":{"displayName":"Microsoft
+ Managed Control 1202 - Access Restrictions For Change","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1202"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40a2a83b-74f2-4c02-ae65-f460a5d2792a","type":"Microsoft.Authorization/policyDefinitions","name":"40a2a83b-74f2-4c02-ae65-f460a5d2792a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1438 - Media Sanitization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1438"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40fcc635-52a2-4dbc-9523-80a1f4aa1de6","type":"Microsoft.Authorization/policyDefinitions","name":"40fcc635-52a2-4dbc-9523-80a1f4aa1de6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1365 - Incident Handling | Continuity Of Operations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1365"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4116891d-72f7-46ee-911c-8056cc8dcbd5","type":"Microsoft.Authorization/policyDefinitions","name":"4116891d-72f7-46ee-911c-8056cc8dcbd5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1022 - Account Management | Shared / Group Account Credential
+ Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1022"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/411f7e2d-9a0b-4627-a0b9-1700432db47d","type":"Microsoft.Authorization/policyDefinitions","name":"411f7e2d-9a0b-4627-a0b9-1700432db47d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1464 - Monitoring Physical Access | Intrusion Alarms / Surveillance
+ Equipment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1464"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/41256567-1795-4684-b00b-a1308ce43cac","type":"Microsoft.Authorization/policyDefinitions","name":"41256567-1795-4684-b00b-a1308ce43cac"},{"properties":{"displayName":"Azure
Monitor should collect activity logs from all regions","policyType":"BuiltIn","mode":"All","description":"This
policy audits the Azure Monitor log profile which does not export activities
from all Azure supported regions including global.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiasoutheast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"brazilsouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francesouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japaneast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japanwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreasouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricanorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricawest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southeastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaenorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uksouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"ukwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"global"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","type":"Microsoft.Authorization/policyDefinitions","name":"41388f1c-2db0-4c25-95b2-35d7f5ccbfa9"},{"properties":{"displayName":"Diagnostic
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiasoutheast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"brazilsouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francesouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japaneast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japanwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreasouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricanorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricawest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southeastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaenorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uksouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"ukwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"global"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","type":"Microsoft.Authorization/policyDefinitions","name":"41388f1c-2db0-4c25-95b2-35d7f5ccbfa9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1263 - Contingency Plan Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1263"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/41472613-3b05-49f6-8fe8-525af113ce17","type":"Microsoft.Authorization/policyDefinitions","name":"41472613-3b05-49f6-8fe8-525af113ce17"},{"properties":{"displayName":"Microsoft
+ Managed Control 1096 - Role-Based Security Training | Practical Exercises","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1096"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/420c1477-aa43-49d0-bd7e-c4abdd9addff","type":"Microsoft.Authorization/policyDefinitions","name":"420c1477-aa43-49d0-bd7e-c4abdd9addff"},{"properties":{"displayName":"Microsoft
+ Managed Control 1260 - Contingency Training | Simulated Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1260"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/42254fc4-2738-4128-9613-72aaa4f0d9c3","type":"Microsoft.Authorization/policyDefinitions","name":"42254fc4-2738-4128-9613-72aaa4f0d9c3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1694 - Information System Monitoring | Analyze Communications
+ Traffic Anomalies","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1694"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/426c4ac9-ff17-49d0-acd7-a13c157081c0","type":"Microsoft.Authorization/policyDefinitions","name":"426c4ac9-ff17-49d0-acd7-a13c157081c0"},{"properties":{"displayName":"Diagnostic
logs in Batch accounts should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
@@ -8289,7 +12887,20 @@ interactions:
Process Termination;ExpectedValue'', ''='', parameters(''AuditProcessTermination'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesDetailedTracking"},"AuditProcessTermination":{"value":"[parameters(''AuditProcessTermination'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AuditProcessTermination":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit
Process Termination;ExpectedValue","value":"[parameters(''AuditProcessTermination'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/42a07bbf-ffcf-459a-b4b1-30ecd118a505","type":"Microsoft.Authorization/policyDefinitions","name":"42a07bbf-ffcf-459a-b4b1-30ecd118a505"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/42a07bbf-ffcf-459a-b4b1-30ecd118a505","type":"Microsoft.Authorization/policyDefinitions","name":"42a07bbf-ffcf-459a-b4b1-30ecd118a505"},{"properties":{"displayName":"Microsoft
+ Managed Control 1174 - Configuration Management Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1174"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/42a9a714-8fbb-43ac-b115-ea12d2bd652f","type":"Microsoft.Authorization/policyDefinitions","name":"42a9a714-8fbb-43ac-b115-ea12d2bd652f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1137 - Audit Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1137"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4344df62-88ab-4637-b97b-bcaf2ec97e7c","type":"Microsoft.Authorization/policyDefinitions","name":"4344df62-88ab-4637-b97b-bcaf2ec97e7c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1367 - Incident Handling | Insider Threats - Specific Capabilities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1367"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/435b2547-6374-4f87-b42d-6e8dbe6ae62a","type":"Microsoft.Authorization/policyDefinitions","name":"435b2547-6374-4f87-b42d-6e8dbe6ae62a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1552 - Vulnerability Scanning | Update By Frequency / Prior
+ To New Scan / When Identified","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1552"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/43684572-e4f1-4642-af35-6b933bc506da","type":"Microsoft.Authorization/policyDefinitions","name":"43684572-e4f1-4642-af35-6b933bc506da"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- System settings''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -8311,13 +12922,56 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"System
settings: Use Certificate Rules on Windows Executables for Software Restriction
Policies;ExpectedValue","value":"[parameters(''SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/437a1f8f-8552-47a8-8b12-a2fee3269dd5","type":"Microsoft.Authorization/policyDefinitions","name":"437a1f8f-8552-47a8-8b12-a2fee3269dd5"},{"properties":{"displayName":"[Deprecated]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/437a1f8f-8552-47a8-8b12-a2fee3269dd5","type":"Microsoft.Authorization/policyDefinitions","name":"437a1f8f-8552-47a8-8b12-a2fee3269dd5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1544 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1544"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/43ced7c9-cd53-456b-b0da-2522649a4271","type":"Microsoft.Authorization/policyDefinitions","name":"43ced7c9-cd53-456b-b0da-2522649a4271"},{"properties":{"displayName":"Microsoft
+ Managed Control 1398 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1398"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/443e8f3d-b51a-45d8-95a7-18b0e42f4dc4","type":"Microsoft.Authorization/policyDefinitions","name":"443e8f3d-b51a-45d8-95a7-18b0e42f4dc4"},{"properties":{"displayName":"[Deprecated]:
Monitor permissive network access in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Network
Security Groups with too permissive rules will be monitored by Azure Security
Center as recommendations","metadata":{"category":"Security Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"permissiveNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed","type":"Microsoft.Authorization/policyDefinitions","name":"44452482-524f-4bf4-b852-0bff7cc4a3ed"},{"properties":{"displayName":"Require
- SQL Server version 12.0","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy ensures all SQL servers use version 12.0","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers"},{"not":{"field":"Microsoft.Sql/servers/version","equals":"12.0"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf","type":"Microsoft.Authorization/policyDefinitions","name":"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"permissiveNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed","type":"Microsoft.Authorization/policyDefinitions","name":"44452482-524f-4bf4-b852-0bff7cc4a3ed"},{"properties":{"displayName":"Microsoft
+ Managed Control 1066 - Remote Access | Disconnect / Disable Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1066"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4455c2e8-c65d-4acf-895e-304916f90b36","type":"Microsoft.Authorization/policyDefinitions","name":"4455c2e8-c65d-4acf-895e-304916f90b36"},{"properties":{"displayName":"Microsoft
+ Managed Control 1720 - Spam Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1720"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44b9a7cd-f36a-491a-a48b-6d04ae7c4221","type":"Microsoft.Authorization/policyDefinitions","name":"44b9a7cd-f36a-491a-a48b-6d04ae7c4221"},{"properties":{"displayName":"Microsoft
+ Managed Control 1334 - Authenticator Management | Pki-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1334"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44bfdadc-8c2e-4c30-9c99-f005986fabcd","type":"Microsoft.Authorization/policyDefinitions","name":"44bfdadc-8c2e-4c30-9c99-f005986fabcd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1604 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1604"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44dbba23-0b61-478e-89c7-b3084667782f","type":"Microsoft.Authorization/policyDefinitions","name":"44dbba23-0b61-478e-89c7-b3084667782f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1712 - Software, Firmware, And Information Integrity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1712"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44e543aa-41db-42aa-98eb-8a5eb1db53f0","type":"Microsoft.Authorization/policyDefinitions","name":"44e543aa-41db-42aa-98eb-8a5eb1db53f0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1310 - Device Identification And Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1310"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/450d7ede-823d-4931-a99d-57f6a38807dc","type":"Microsoft.Authorization/policyDefinitions","name":"450d7ede-823d-4931-a99d-57f6a38807dc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1559 - System And Services Acquisition Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1559"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/45692294-f074-42bd-ac54-16f1a3c07554","type":"Microsoft.Authorization/policyDefinitions","name":"45692294-f074-42bd-ac54-16f1a3c07554"},{"properties":{"displayName":"Microsoft
+ Managed Control 1578 - Acquisition Process | Functions / Ports / Protocols
+ / Services In Use","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1578"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/45b7b644-5f91-498e-9d89-7402532d3645","type":"Microsoft.Authorization/policyDefinitions","name":"45b7b644-5f91-498e-9d89-7402532d3645"},{"properties":{"displayName":"Microsoft
+ Managed Control 1565 - System Development Life Cycle","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1565"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/45ce2396-5c76-4654-9737-f8792ab3d26b","type":"Microsoft.Authorization/policyDefinitions","name":"45ce2396-5c76-4654-9737-f8792ab3d26b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1337 - Authenticator Management | In-Person Or Trusted Third-Party
+ Registration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1337"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/463e5220-3f79-4e24-a63f-343e4096cd22","type":"Microsoft.Authorization/policyDefinitions","name":"463e5220-3f79-4e24-a63f-343e4096cd22"},{"properties":{"displayName":"[Deprecated]:
+ Require SQL Server version 12.0","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy ensures all SQL servers use version 12.0. This policy is deprecated
+ because it is no longer possible to create an Azure SQL server with any version
+ other than 12.0.","metadata":{"category":"SQL","deprecated":"true"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers"},{"not":{"field":"Microsoft.Sql/servers/version","equals":"12.0"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf","type":"Microsoft.Authorization/policyDefinitions","name":"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1346 - Identification And Authentication (Non-Organizational
+ Users)","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1346"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/464dc8ce-2200-4720-87a5-dc5952924cc6","type":"Microsoft.Authorization/policyDefinitions","name":"464dc8ce-2200-4720-87a5-dc5952924cc6"},{"properties":{"displayName":"[Deprecated]:
Audit Web Applications that are not using latest supported Python Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported Python version for the latest security classes. Using
older classes and types can make your application vulnerable.","metadata":{"category":"Security
@@ -8326,7 +12980,14 @@ interactions:
automatic OS image patching on Virtual Machine Scale Sets","policyType":"BuiltIn","mode":"All","description":"This
policy enforces enabling automatic OS image patching on Virtual Machine Scale
Sets to always keep Virtual Machines secure by safely applying latest security
- patches every month.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgradePolicy.enableAutomaticOSUpgrade","notEquals":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade","notEquals":"True"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"465f0161-0087-490a-9ad9-ad6217f4f43a"},{"properties":{"displayName":"Automatic
+ patches every month.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgradePolicy.enableAutomaticOSUpgrade","notEquals":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade","notEquals":"True"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"465f0161-0087-490a-9ad9-ad6217f4f43a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1368 - Incident Handling | Correlation With External Organizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1368"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/465f32da-0ace-4603-8d1b-7be5a3a702de","type":"Microsoft.Authorization/policyDefinitions","name":"465f32da-0ace-4603-8d1b-7be5a3a702de"},{"properties":{"displayName":"Microsoft
+ Managed Control 1062 - Remote Access | Protection Of Confidentiality / Integrity
+ Using Encryption","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1062"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4708723f-e099-4af1-bbf9-b6df7642e444","type":"Microsoft.Authorization/policyDefinitions","name":"4708723f-e099-4af1-bbf9-b6df7642e444"},{"properties":{"displayName":"Automatic
provisioning of the Log Analytics monitoring agent should be enabled on your
subscription","policyType":"BuiltIn","mode":"All","description":"Enable automatic
provisioning of the Log Analytics monitoring agent in order to collect security
@@ -8335,12 +12996,51 @@ interactions:
Application Controls should be enabled on virtual machines","policyType":"BuiltIn","mode":"All","description":"Possible
Application Whitelist configuration will be monitored by Azure Security Center","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"applicationWhitelisting","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","type":"Microsoft.Authorization/policyDefinitions","name":"47a6b606-51aa-4496-8bb7-64b11cf66adc"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"applicationWhitelisting","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","type":"Microsoft.Authorization/policyDefinitions","name":"47a6b606-51aa-4496-8bb7-64b11cf66adc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1359 - Incident Response Testing | Coordination With Related
+ Plans","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Incident Response control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1359"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/47bc7ea0-7d13-4f7c-a154-b903f7194253","type":"Microsoft.Authorization/policyDefinitions","name":"47bc7ea0-7d13-4f7c-a154-b903f7194253"},{"properties":{"displayName":"Microsoft
+ Managed Control 1165 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1165"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/47e10916-6c9e-446b-b0bd-ff5fd439d79d","type":"Microsoft.Authorization/policyDefinitions","name":"47e10916-6c9e-446b-b0bd-ff5fd439d79d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1048 - System Use Notification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1048"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/483e7ca9-82b3-45a2-be97-b93163a0deb7","type":"Microsoft.Authorization/policyDefinitions","name":"483e7ca9-82b3-45a2-be97-b93163a0deb7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1033 - Separation Of Duties","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1033"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48540f01-fc11-411a-b160-42807c68896e","type":"Microsoft.Authorization/policyDefinitions","name":"48540f01-fc11-411a-b160-42807c68896e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1477 - Fire Protection | Detection Devices / Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1477"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4862a63c-6c74-4a9d-a221-89af3c374503","type":"Microsoft.Authorization/policyDefinitions","name":"4862a63c-6c74-4a9d-a221-89af3c374503"},{"properties":{"displayName":"Microsoft
+ Managed Control 1484 - Water Damage Protection | Automation Support","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1484"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/486b006a-3653-45e8-b41c-a052d3e05456","type":"Microsoft.Authorization/policyDefinitions","name":"486b006a-3653-45e8-b41c-a052d3e05456"},{"properties":{"displayName":"[Deprecated]:
Audit IP restrictions configuration for an API App","policyType":"BuiltIn","mode":"All","description":"IP
Restrictions allow you to define a list of IP addresses that are allowed to
access your app. Use of IP Restrictions protects an API app from common attacks.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53","type":"Microsoft.Authorization/policyDefinitions","name":"48893b84-a2c8-4d9a-badf-835d5d1b7d53"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53","type":"Microsoft.Authorization/policyDefinitions","name":"48893b84-a2c8-4d9a-badf-835d5d1b7d53"},{"properties":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for PostgreSQL","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure Database for PostgreSQL with geo-redundant backup
+ not enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},{"field":"Microsoft.DBforPostgreSQL/servers/storageProfile.geoRedundantBackup","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","type":"Microsoft.Authorization/policyDefinitions","name":"48af4db5-9b8b-401c-8e74-076be876a430"},{"properties":{"displayName":"Microsoft
+ Managed Control 1669 - Flaw Remediation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1669"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48f2f62b-5743-4415-a143-288adc0e078d","type":"Microsoft.Authorization/policyDefinitions","name":"48f2f62b-5743-4415-a143-288adc0e078d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1376 - Incident Response Assistance | Coordination With External
+ Providers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1376"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/493a95f3-f2e3-47d0-af02-65e6d6decc2f","type":"Microsoft.Authorization/policyDefinitions","name":"493a95f3-f2e3-47d0-af02-65e6d6decc2f"},{"properties":{"displayName":"Ensure
+ that ''Java version'' is the latest, if used as a part of the Web app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Java software either due to security flaws
+ or to include additional functionality. Using the latest Java version for
+ web apps is recommended in order to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ Java version","description":"Latest supported Java version for App Services"},"defaultValue":"11"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"JAVA"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","like":"[concat(''*'',
+ parameters(''JavaLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.javaVersion","like":"[concat(parameters(''JavaLatestVersion''),
+ ''*'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","type":"Microsoft.Authorization/policyDefinitions","name":"496223c3-ad65-4ecd-878a-bae78737e9ed"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Audit''","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Windows virtual machines
@@ -8356,7 +13056,13 @@ interactions:
''='', parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsAudit"},"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"value":"[parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit:
Shut down system immediately if unable to log security audits;ExpectedValue","value":"[parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/498b810c-59cd-4222-9338-352ba146ccf3","type":"Microsoft.Authorization/policyDefinitions","name":"498b810c-59cd-4222-9338-352ba146ccf3"},{"properties":{"displayName":"Append
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/498b810c-59cd-4222-9338-352ba146ccf3","type":"Microsoft.Authorization/policyDefinitions","name":"498b810c-59cd-4222-9338-352ba146ccf3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1329 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1329"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/498f6234-3e20-4b6a-a880-cbd646d973bd","type":"Microsoft.Authorization/policyDefinitions","name":"498f6234-3e20-4b6a-a880-cbd646d973bd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1638 - Boundary Protection | Dynamic Isolation / Segregation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1638"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49b99653-32cd-405d-a135-e7d60a9aae1f","type":"Microsoft.Authorization/policyDefinitions","name":"49b99653-32cd-405d-a135-e7d60a9aae1f"},{"properties":{"displayName":"Append
tag and its default value to resource groups","policyType":"BuiltIn","mode":"All","description":"Appends
the specified tag and value when any resource group which is missing this
tag is created or updated. Does not modify the tags of resource groups created
@@ -8366,7 +13072,36 @@ interactions:
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"append","details":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71","type":"Microsoft.Authorization/policyDefinitions","name":"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71"},{"properties":{"displayName":"Deploy
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71","type":"Microsoft.Authorization/policyDefinitions","name":"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71"},{"properties":{"displayName":"Microsoft
+ Managed Control 1294 - Information System Backup | Transfer To Alternate Storage
+ Site","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1294"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49dbe627-2c1e-438c-979e-dd7a39bbf81d","type":"Microsoft.Authorization/policyDefinitions","name":"49dbe627-2c1e-438c-979e-dd7a39bbf81d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1218 - Least Functionality | Prevent Program Execution","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1218"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4a1d0394-b9f5-493e-9e83-563fd0ac4df8","type":"Microsoft.Authorization/policyDefinitions","name":"4a1d0394-b9f5-493e-9e83-563fd0ac4df8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1677 - Malicious Code Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1677"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4a248e1e-040f-43e5-bff2-afc3a57a3923","type":"Microsoft.Authorization/policyDefinitions","name":"4a248e1e-040f-43e5-bff2-afc3a57a3923"},{"properties":{"displayName":"Microsoft
+ Managed Control 1094 - Role-Based Security Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1094"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4b1853e0-8973-446b-b567-09d901d31a09","type":"Microsoft.Authorization/policyDefinitions","name":"4b1853e0-8973-446b-b567-09d901d31a09"},{"properties":{"displayName":"Microsoft
+ Managed Control 1114 - Response To Audit Processing Failures | Real-Time Alerts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1114"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4c090801-59bc-4454-bb33-e0455133486a","type":"Microsoft.Authorization/policyDefinitions","name":"4c090801-59bc-4454-bb33-e0455133486a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1364 - Incident Handling | Dynamic Reconfiguration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1364"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4c615c2a-dc83-4dda-8220-abce7b50c9bc","type":"Microsoft.Authorization/policyDefinitions","name":"4c615c2a-dc83-4dda-8220-abce7b50c9bc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1661 - Session Authenticity | Invalidate Session Identifiers
+ At Logout","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1661"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4c643c9a-1be7-4016-a5e7-e4bada052920","type":"Microsoft.Authorization/policyDefinitions","name":"4c643c9a-1be7-4016-a5e7-e4bada052920"},{"properties":{"displayName":"Microsoft
+ Managed Control 1373 - Incident Reporting | Automated Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1373"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4cca950f-c3b7-492a-8e8f-ea39663c14f9","type":"Microsoft.Authorization/policyDefinitions","name":"4cca950f-c3b7-492a-8e8f-ea39663c14f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1632 - Boundary Protection | Prevent Split Tunneling For Remote
+ Devices","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1632"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4ce9073a-77fa-48f0-96b1-87aa8e6091c2","type":"Microsoft.Authorization/policyDefinitions","name":"4ce9073a-77fa-48f0-96b1-87aa8e6091c2"},{"properties":{"displayName":"Deploy
prerequisites to audit Linux VMs that do not have the specified applications
installed","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Linux virtual machines that
@@ -8387,19 +13122,90 @@ interactions:
['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721","type":"Microsoft.Authorization/policyDefinitions","name":"4d1c04de-2172-403f-901b-90608c35c721"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721","type":"Microsoft.Authorization/policyDefinitions","name":"4d1c04de-2172-403f-901b-90608c35c721"},{"properties":{"displayName":"FTPS
+ should be required in your Web App","policyType":"BuiltIn","mode":"Indexed","description":"Enable
+ FTPS enforcement for enhanced security","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/ftpsState","equals":"FtpsOnly"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","type":"Microsoft.Authorization/policyDefinitions","name":"4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1155 - System Interconnections | Restrictions On External
+ System Connections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1155"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d33f9f1-12d0-46ad-9fbd-8f8046694977","type":"Microsoft.Authorization/policyDefinitions","name":"4d33f9f1-12d0-46ad-9fbd-8f8046694977"},{"properties":{"displayName":"Microsoft
+ Managed Control 1156 - Plan Of Action And Milestones","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1156"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d52e864-9a3b-41ee-8f03-520815fe5378","type":"Microsoft.Authorization/policyDefinitions","name":"4d52e864-9a3b-41ee-8f03-520815fe5378"},{"properties":{"displayName":"Microsoft
+ Managed Control 1312 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1312"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d6a5968-9eef-4c18-8534-376790ab7274","type":"Microsoft.Authorization/policyDefinitions","name":"4d6a5968-9eef-4c18-8534-376790ab7274"},{"properties":{"displayName":"[Preview]:
Deploy Dependency Agent for Linux VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined
and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''),
''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee","type":"Microsoft.Authorization/policyDefinitions","name":"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee"},{"properties":{"displayName":"A
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee","type":"Microsoft.Authorization/policyDefinitions","name":"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Data Lake Analytics to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Analytics to stream to a regional Event
+ Hub when any Data Lake Analytics which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeAnalytics/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeAnalytics/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4daddf25-4823-43d4-88eb-2419eb6dcc08","type":"Microsoft.Authorization/policyDefinitions","name":"4daddf25-4823-43d4-88eb-2419eb6dcc08"},{"properties":{"displayName":"Microsoft
+ Managed Control 1394 - System Maintenance Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1394"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4db56f68-3f50-45ab-88f3-ca46f5379a94","type":"Microsoft.Authorization/policyDefinitions","name":"4db56f68-3f50-45ab-88f3-ca46f5379a94"},{"properties":{"displayName":"Microsoft
+ Managed Control 1702 - Information System Monitoring | Indicators Of Compromise","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1702"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4dfc0855-92c4-4641-b155-a55ddd962362","type":"Microsoft.Authorization/policyDefinitions","name":"4dfc0855-92c4-4641-b155-a55ddd962362"},{"properties":{"displayName":"Microsoft
+ Managed Control 1001 - Access Control Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1001"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e26f8c3-4bf3-4191-b8fc-d888805101b7","type":"Microsoft.Authorization/policyDefinitions","name":"4e26f8c3-4bf3-4191-b8fc-d888805101b7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1083 - Publicly Accessible Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1083"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e319cb6-2ca3-4a58-ad75-e67f484e50ec","type":"Microsoft.Authorization/policyDefinitions","name":"4e319cb6-2ca3-4a58-ad75-e67f484e50ec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1579 - Acquisition Process | Use Of Approved Piv Products","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1579"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e54c7ef-7457-430b-9a3e-ef8881d4a8e0","type":"Microsoft.Authorization/policyDefinitions","name":"4e54c7ef-7457-430b-9a3e-ef8881d4a8e0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1247 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1247"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e666db5-b2ef-4b06-aac6-09bfce49151b","type":"Microsoft.Authorization/policyDefinitions","name":"4e666db5-b2ef-4b06-aac6-09bfce49151b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1196 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1196"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e7f4ea4-dd62-44f6-8886-ac6137cf52b0","type":"Microsoft.Authorization/policyDefinitions","name":"4e7f4ea4-dd62-44f6-8886-ac6137cf52b0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1134 - Protection Of Audit Information | Access By Subset
+ Of Privileged Users","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1134"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e95f70e-181c-4422-9da2-43079710c789","type":"Microsoft.Authorization/policyDefinitions","name":"4e95f70e-181c-4422-9da2-43079710c789"},{"properties":{"displayName":"Microsoft
+ Managed Control 1267 - Alternate Storage Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1267"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e97ba1d-be5d-4953-8da4-0cccf28f4805","type":"Microsoft.Authorization/policyDefinitions","name":"4e97ba1d-be5d-4953-8da4-0cccf28f4805"},{"properties":{"displayName":"Microsoft
+ Managed Control 1192 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1192"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4ebd97f7-b105-4f50-8daf-c51465991240","type":"Microsoft.Authorization/policyDefinitions","name":"4ebd97f7-b105-4f50-8daf-c51465991240"},{"properties":{"displayName":"Microsoft
+ Managed Control 1139 - Audit Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1139"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4ed62522-de00-4dda-9810-5205733d2f34","type":"Microsoft.Authorization/policyDefinitions","name":"4ed62522-de00-4dda-9810-5205733d2f34"},{"properties":{"displayName":"A
maximum of 3 owners should be designated for your subscription","policyType":"BuiltIn","mode":"All","description":"It
is recommended to designate up to 3 subscription owners in order to reduce
the potential for breach by a compromised owner.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateLessThanXOwners","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","type":"Microsoft.Authorization/policyDefinitions","name":"4f11b553-d42e-4e3a-89be-32ca364cad4c"},{"properties":{"displayName":"A
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateLessThanXOwners","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","type":"Microsoft.Authorization/policyDefinitions","name":"4f11b553-d42e-4e3a-89be-32ca364cad4c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1442 - Media Sanitization | Nondestructive Techniques","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1442"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f26049b-2c5a-4841-9ff3-d48a26aae475","type":"Microsoft.Authorization/policyDefinitions","name":"4f26049b-2c5a-4841-9ff3-d48a26aae475"},{"properties":{"displayName":"Microsoft
+ Managed Control 1182 - Baseline Configuration | Configure Systems, Components,
+ Or Devices For High-Risk Areas","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1182"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f34f554-da4b-4786-8d66-7915c90893da","type":"Microsoft.Authorization/policyDefinitions","name":"4f34f554-da4b-4786-8d66-7915c90893da"},{"properties":{"displayName":"A
security contact email address should be provided for your subscription","policyType":"BuiltIn","mode":"All","description":"Enter
an email address to receive notifications when Azure Security Center detects
compromised resources","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -8416,7 +13222,17 @@ interactions:
Vulnerability Assessment should be enabled on Virtual Machines","policyType":"BuiltIn","mode":"All","description":"Monitors
vulnerabilities detected by Azure Security Center Vulnerability Assessment
on Virtual Machines","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"serverVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["NotApplicable","OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","type":"Microsoft.Authorization/policyDefinitions","name":"501541f7-f7e7-4cd6-868c-4190fdad3ac9"},{"properties":{"displayName":"A
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"serverVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["NotApplicable","OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","type":"Microsoft.Authorization/policyDefinitions","name":"501541f7-f7e7-4cd6-868c-4190fdad3ac9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1485 - Delivery And Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1485"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50301354-95d0-4a11-8af5-8039ecf6d38b","type":"Microsoft.Authorization/policyDefinitions","name":"50301354-95d0-4a11-8af5-8039ecf6d38b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1646 - Cryptographic Key Establishment And Management | Asymmetric
+ Keys","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1646"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/506814fa-b930-4b10-894e-a45b98c40e1a","type":"Microsoft.Authorization/policyDefinitions","name":"506814fa-b930-4b10-894e-a45b98c40e1a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1566 - System Development Life Cycle","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1566"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50ad3724-e2ac-4716-afcc-d8eabd97adb9","type":"Microsoft.Authorization/policyDefinitions","name":"50ad3724-e2ac-4716-afcc-d8eabd97adb9"},{"properties":{"displayName":"A
custom IPsec/IKE policy must be applied to all Azure virtual network gateway
connections","policyType":"BuiltIn","mode":"All","description":"This policy
ensures that all Azure virtual network gateway connections use a custom Internet
@@ -8428,37 +13244,146 @@ interactions:
Encryption","description":"IKE Encryption"}},"IKEIntegrity":{"type":"Array","metadata":{"displayName":"IKE
Integrity","description":"IKE Integrity"}},"DHGroup":{"type":"Array","metadata":{"displayName":"DH
Group","description":"DH Group"}},"PFSGroup":{"type":"Array","metadata":{"displayName":"PFS
- Group","description":"PFS Group"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/connections"},{"anyOf":[{"field":"Microsoft.Network/connections/ipsecPolicies[*].ipsecEncryption","notIn":"[parameters(''IPsecEncryption'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ipsecIntegrity","notIn":"[parameters(''IPsecIntegrity'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ikeEncryption","notIn":"[parameters(''IKEEncryption'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ikeIntegrity","notIn":"[parameters(''IKEIntegrity'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].dhGroup","notIn":"[parameters(''DHGroup'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].pfsGroup","notIn":"[parameters(''PFSGroup'')]"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50b83b09-03da-41c1-b656-c293c914862b","type":"Microsoft.Authorization/policyDefinitions","name":"50b83b09-03da-41c1-b656-c293c914862b"},{"properties":{"displayName":"Connection
+ Group","description":"PFS Group"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/connections"},{"anyOf":[{"field":"Microsoft.Network/connections/ipsecPolicies[*].ipsecEncryption","notIn":"[parameters(''IPsecEncryption'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ipsecIntegrity","notIn":"[parameters(''IPsecIntegrity'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ikeEncryption","notIn":"[parameters(''IKEEncryption'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ikeIntegrity","notIn":"[parameters(''IKEIntegrity'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].dhGroup","notIn":"[parameters(''DHGroup'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].pfsGroup","notIn":"[parameters(''PFSGroup'')]"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50b83b09-03da-41c1-b656-c293c914862b","type":"Microsoft.Authorization/policyDefinitions","name":"50b83b09-03da-41c1-b656-c293c914862b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1248 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1248"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50fc602d-d8e0-444b-a039-ad138ee5deb0","type":"Microsoft.Authorization/policyDefinitions","name":"50fc602d-d8e0-444b-a039-ad138ee5deb0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1386 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1386"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5120193e-91fd-4f9d-bc6d-194f94734065","type":"Microsoft.Authorization/policyDefinitions","name":"5120193e-91fd-4f9d-bc6d-194f94734065"},{"properties":{"displayName":"Microsoft
+ Managed Control 1352 - Incident Response Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1352"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/518cb545-bfa8-43f8-a108-3b7d5037469a","type":"Microsoft.Authorization/policyDefinitions","name":"518cb545-bfa8-43f8-a108-3b7d5037469a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1642 - Network Disconnect","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1642"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/53397227-5ee3-4b23-9e5e-c8a767ce6928","type":"Microsoft.Authorization/policyDefinitions","name":"53397227-5ee3-4b23-9e5e-c8a767ce6928"},{"properties":{"displayName":"Connection
throttling should be enabled for PostgreSQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy helps audit any PostgreSQL databases in your environment without Connection
throttling enabled. This setting enables temporary connection throttling per
IP for too many invalid password login failures.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"connection_throttling","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd","type":"Microsoft.Authorization/policyDefinitions","name":"5345bb39-67dc-4960-a1bf-427e16b9a0bd"},{"properties":{"displayName":"CORS
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"connection_throttling","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd","type":"Microsoft.Authorization/policyDefinitions","name":"5345bb39-67dc-4960-a1bf-427e16b9a0bd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1467 - Visitor Access Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1467"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5350cbf9-8bdd-4904-b22a-e88be84ca49d","type":"Microsoft.Authorization/policyDefinitions","name":"5350cbf9-8bdd-4904-b22a-e88be84ca49d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1183 - Baseline Configuration | Configure Systems, Components,
+ Or Devices For High-Risk Areas","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1183"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5352e3e0-e63a-452e-9e5f-9c1d181cff9c","type":"Microsoft.Authorization/policyDefinitions","name":"5352e3e0-e63a-452e-9e5f-9c1d181cff9c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1029 - Information Flow Enforcement | Security Policy Filters","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1029"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69","type":"Microsoft.Authorization/policyDefinitions","name":"53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69"},{"properties":{"displayName":"Microsoft
+ Managed Control 1270 - Alternate Storage Site | Recovery Time / Point Objectives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1270"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/53c76a39-2097-408a-b237-b279f7b4614d","type":"Microsoft.Authorization/policyDefinitions","name":"53c76a39-2097-408a-b237-b279f7b4614d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1040 - Least Privilege | Review Of User Privileges","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1040"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/54205576-cec9-463f-ba44-b4b3f5d0a84c","type":"Microsoft.Authorization/policyDefinitions","name":"54205576-cec9-463f-ba44-b4b3f5d0a84c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1015 - Account Management | Disable Inactive Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1015"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/544a208a-9c3f-40bc-b1d1-d7e144495c14","type":"Microsoft.Authorization/policyDefinitions","name":"544a208a-9c3f-40bc-b1d1-d7e144495c14"},{"properties":{"displayName":"Microsoft
+ Managed Control 1026 - Account Management | Disable Accounts For High-Risk
+ Individuals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1026"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/55419419-c597-4cd4-b51e-009fd2266783","type":"Microsoft.Authorization/policyDefinitions","name":"55419419-c597-4cd4-b51e-009fd2266783"},{"properties":{"displayName":"Microsoft
+ Managed Control 1045 - Unsuccessful Logon Attempts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1045"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/554d2dd6-f3a8-4ad5-b66f-5ce23bd18892","type":"Microsoft.Authorization/policyDefinitions","name":"554d2dd6-f3a8-4ad5-b66f-5ce23bd18892"},{"properties":{"displayName":"Microsoft
+ Managed Control 1523 - Personnel Transfer","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1523"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5577a310-2551-49c8-803b-36e0d5e55601","type":"Microsoft.Authorization/policyDefinitions","name":"5577a310-2551-49c8-803b-36e0d5e55601"},{"properties":{"displayName":"Microsoft
+ Managed Control 1113 - Response To Audit Processing Failures | Audit Storage
+ Capacity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1113"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/562afd61-56be-4313-8fe4-b9564aa4ba7d","type":"Microsoft.Authorization/policyDefinitions","name":"562afd61-56be-4313-8fe4-b9564aa4ba7d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1212 - Configuration Settings | Automated Central Management
+ / Application / Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1212"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/56d970ee-4efc-49c8-8a4e-5916940d784c","type":"Microsoft.Authorization/policyDefinitions","name":"56d970ee-4efc-49c8-8a4e-5916940d784c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1403 - Controlled Maintenance | Automated Maintenance Activities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1403"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/57149289-d52b-4f40-9fe6-5233c1ef80f7","type":"Microsoft.Authorization/policyDefinitions","name":"57149289-d52b-4f40-9fe6-5233c1ef80f7"},{"properties":{"displayName":"CORS
should not allow every resource to access your Web Applications","policyType":"BuiltIn","mode":"Indexed","description":"Cross-Origin
Resource Sharing (CORS) should not allow all domains to access your web application.
Allow only required domains to interact with your web app.","metadata":{"category":"App
Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","type":"Microsoft.Authorization/policyDefinitions","name":"5744710e-cc2f-4ee8-8809-3b11e89f4bc9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","type":"Microsoft.Authorization/policyDefinitions","name":"5744710e-cc2f-4ee8-8809-3b11e89f4bc9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1162 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1162"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592","type":"Microsoft.Authorization/policyDefinitions","name":"5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592"},{"properties":{"displayName":"Microsoft
+ Managed Control 1054 - Session Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1054"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5807e1b4-ba5e-4718-8689-a0ca05a191b2","type":"Microsoft.Authorization/policyDefinitions","name":"5807e1b4-ba5e-4718-8689-a0ca05a191b2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1584 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1584"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5864522b-ff1d-4979-a9f8-58bee1fb174c","type":"Microsoft.Authorization/policyDefinitions","name":"5864522b-ff1d-4979-a9f8-58bee1fb174c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1547 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1547"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52","type":"Microsoft.Authorization/policyDefinitions","name":"58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52"},{"properties":{"displayName":"Microsoft
+ Managed Control 1573 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1573"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/58c93053-7b98-4cf0-b99f-1beb985416c2","type":"Microsoft.Authorization/policyDefinitions","name":"58c93053-7b98-4cf0-b99f-1beb985416c2"},{"properties":{"displayName":"[Deprecated]:
+ Ensure Function app is using the latest version of TLS encryption","policyType":"BuiltIn","mode":"Indexed","description":"Please
+ use /providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193
+ instead. The TLS(Transport Layer Security) protocol secures transmission of
+ data over the internet using standard encryption technology. Encryption should
+ be set with the latest version of TLS. App service allows TLS 1.2 by default,
+ which is the recommended TLS level by industry standards, such as PCI DSS","metadata":{"category":"App
+ Service","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/58d94fc1-a072-47c2-bd37-9cdb38e77453","type":"Microsoft.Authorization/policyDefinitions","name":"58d94fc1-a072-47c2-bd37-9cdb38e77453"},{"properties":{"displayName":"Microsoft
+ Managed Control 1063 - Remote Access | Managed Access Control Points","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1063"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/593ce201-54b2-4dd0-b34f-c308005d7780","type":"Microsoft.Authorization/policyDefinitions","name":"593ce201-54b2-4dd0-b34f-c308005d7780"},{"properties":{"displayName":"Microsoft
+ Managed Control 1463 - Monitoring Physical Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1463"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/59721f87-ae25-4db0-a2a4-77cc5b25d495","type":"Microsoft.Authorization/policyDefinitions","name":"59721f87-ae25-4db0-a2a4-77cc5b25d495"},{"properties":{"displayName":"Microsoft
+ Managed Control 1425 - Timely Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1425"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5983d99c-f39b-4c32-a3dc-170f19f6941b","type":"Microsoft.Authorization/policyDefinitions","name":"5983d99c-f39b-4c32-a3dc-170f19f6941b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1512 - Personnel Screening","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1512"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5a8324ad-f599-429b-aaed-f9c6e8c987a8","type":"Microsoft.Authorization/policyDefinitions","name":"5a8324ad-f599-429b-aaed-f9c6e8c987a8"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that do not have a minimum password age
of 1 day","policyType":"BuiltIn","mode":"All","description":"This policy should
only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that do not have a minimum password age of 1 day. For more
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","type":"Microsoft.Authorization/policyDefinitions","name":"5aa11bbc-5c76-4302-80e5-aba46a4282e7"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","type":"Microsoft.Authorization/policyDefinitions","name":"5aa11bbc-5c76-4302-80e5-aba46a4282e7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1032 - Separation Of Duties","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1032"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aa85661-d618-46b8-a20f-ca40a86f0751","type":"Microsoft.Authorization/policyDefinitions","name":"5aa85661-d618-46b8-a20f-ca40a86f0751"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that do not restrict the minimum password
length to 14 characters","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that do not restrict the minimum password
length to 14 characters. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","type":"Microsoft.Authorization/policyDefinitions","name":"5aebc8d1-020d-4037-89a0-02043a7524ec"},{"properties":{"displayName":"Show
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","type":"Microsoft.Authorization/policyDefinitions","name":"5aebc8d1-020d-4037-89a0-02043a7524ec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1555 - Vulnerability Scanning | Privileged Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1555"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5afa8cab-1ed7-4e40-884c-64e0ac2059cc","type":"Microsoft.Authorization/policyDefinitions","name":"5afa8cab-1ed7-4e40-884c-64e0ac2059cc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1205 - Access Restrictions For Change | Signed Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1205"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b070cab-0fb8-4e48-ad29-fc90b4c2797c","type":"Microsoft.Authorization/policyDefinitions","name":"5b070cab-0fb8-4e48-ad29-fc90b4c2797c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1005 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1005"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b626abc-26d4-4e22-9de8-3831818526b1","type":"Microsoft.Authorization/policyDefinitions","name":"5b626abc-26d4-4e22-9de8-3831818526b1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1105 - Audit Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1105"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b73f57b-587d-4470-a344-0b0ae805f459","type":"Microsoft.Authorization/policyDefinitions","name":"5b73f57b-587d-4470-a344-0b0ae805f459"},{"properties":{"displayName":"Show
audit results from Linux VMs that have the specified applications installed","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Linux virtual machines that have the specified applications installed.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"not_installed_application_linux","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8","type":"Microsoft.Authorization/policyDefinitions","name":"5b842acb-0fe7-41b0-9f40-880ec4ad84d8"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"not_installed_application_linux","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8","type":"Microsoft.Authorization/policyDefinitions","name":"5b842acb-0fe7-41b0-9f40-880ec4ad84d8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1433 - Media Transport","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1433"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b879b41-2728-41c5-ad24-9ee2c37cbe65","type":"Microsoft.Authorization/policyDefinitions","name":"5b879b41-2728-41c5-ad24-9ee2c37cbe65"},{"properties":{"displayName":"Ensure
+ WEB app has ''Client Certificates (Incoming client certificates)'' set to
+ ''On''","policyType":"BuiltIn","mode":"Indexed","description":"Client certificates
+ allow for the app to request a certificate for incoming requests. Only clients
+ that have a valid certificate will be able to reach the app.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"},{"field":"Microsoft.Web/sites/clientCertEnabled","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","type":"Microsoft.Authorization/policyDefinitions","name":"5bb220d9-2698-4ee4-8404-b9c30c9df609"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs on which the remote host connection
status does not match the specified one","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -8486,7 +13411,10 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;host","value":"[parameters(''host'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;port","value":"[parameters(''port'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;shouldConnect","value":"[parameters(''shouldConnect'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5bb36dda-8a78-4df9-affd-4f05a8612a8a","type":"Microsoft.Authorization/policyDefinitions","name":"5bb36dda-8a78-4df9-affd-4f05a8612a8a"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5bb36dda-8a78-4df9-affd-4f05a8612a8a","type":"Microsoft.Authorization/policyDefinitions","name":"5bb36dda-8a78-4df9-affd-4f05a8612a8a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1551 - Vulnerability Scanning | Update Tool Capability","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1551"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5bbda922-0172-4095-89e6-5b4a0bf03af7","type":"Microsoft.Authorization/policyDefinitions","name":"5bbda922-0172-4095-89e6-5b4a0bf03af7"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Network Security''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -8502,16 +13430,38 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","type":"Microsoft.Authorization/policyDefinitions","name":"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138"},{"properties":{"displayName":"External
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","type":"Microsoft.Authorization/policyDefinitions","name":"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138"},{"properties":{"displayName":"Microsoft
+ Managed Control 1671 - Flaw Remediation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1671"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c5bbef7-a316-415b-9b38-29753ce8e698","type":"Microsoft.Authorization/policyDefinitions","name":"5c5bbef7-a316-415b-9b38-29753ce8e698"},{"properties":{"displayName":"Microsoft
+ Managed Control 1067 - Wireless Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1067"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c5e54f6-0127-44d0-8b61-f31dc8dd6190","type":"Microsoft.Authorization/policyDefinitions","name":"5c5e54f6-0127-44d0-8b61-f31dc8dd6190"},{"properties":{"displayName":"External
accounts with write permissions should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"External
accounts with write privileges should be removed from your subscription in
order to prevent unmonitored access.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","type":"Microsoft.Authorization/policyDefinitions","name":"5c607a2e-c700-4744-8254-d77e7c9eb5e4"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","type":"Microsoft.Authorization/policyDefinitions","name":"5c607a2e-c700-4744-8254-d77e7c9eb5e4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1483 - Water Damage Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1483"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5cb81060-3c8a-4968-bcdc-395a1801f6c1","type":"Microsoft.Authorization/policyDefinitions","name":"5cb81060-3c8a-4968-bcdc-395a1801f6c1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1362 - Incident Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1362"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5d169442-d6ef-439b-8dca-46c2c3248214","type":"Microsoft.Authorization/policyDefinitions","name":"5d169442-d6ef-439b-8dca-46c2c3248214"},{"properties":{"displayName":"Microsoft
+ Managed Control 1014 - Account Management | Removal Of Temporary / Emergency
+ Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1014"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5dee936c-8037-4df1-ab35-6635733da48c","type":"Microsoft.Authorization/policyDefinitions","name":"5dee936c-8037-4df1-ab35-6635733da48c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1665 - Process Isolation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1665"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5df3a55c-8456-44d4-941e-175f79332512","type":"Microsoft.Authorization/policyDefinitions","name":"5df3a55c-8456-44d4-941e-175f79332512"},{"properties":{"displayName":"[Deprecated]:
Function App should only be accessible over HTTPS","policyType":"BuiltIn","mode":"All","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"Security
Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForFunctionApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55","type":"Microsoft.Authorization/policyDefinitions","name":"5df82f4f-773a-4a2d-97a2-422a806f1a55"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForFunctionApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55","type":"Microsoft.Authorization/policyDefinitions","name":"5df82f4f-773a-4a2d-97a2-422a806f1a55"},{"properties":{"displayName":"Microsoft
+ Managed Control 1251 - Contingency Plan | Coordinate With Related Plans","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1251"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e2b3730-8c14-4081-8893-19dbb5de7348","type":"Microsoft.Authorization/policyDefinitions","name":"5e2b3730-8c14-4081-8893-19dbb5de7348"},{"properties":{"displayName":"[Deprecated]:
Audit Web Applications that are not using latest supported .NET Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported .NET Framework version for the latest security classes.
Using older classes and types can make your application vulnerable.","metadata":{"category":"Security
@@ -8523,7 +13473,13 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that do not have the specified applications installed. For
more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WhitelistedApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9","type":"Microsoft.Authorization/policyDefinitions","name":"5e393799-e3ca-4e43-a9a5-0ec4648a57d9"},{"properties":{"displayName":"[Deprecated]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WhitelistedApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9","type":"Microsoft.Authorization/policyDefinitions","name":"5e393799-e3ca-4e43-a9a5-0ec4648a57d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1116 - Audit Review, Analysis, And Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1116"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e47bc51-35d1-44b8-92af-e2f2d8b67635","type":"Microsoft.Authorization/policyDefinitions","name":"5e47bc51-35d1-44b8-92af-e2f2d8b67635"},{"properties":{"displayName":"Microsoft
+ Managed Control 1208 - Configuration Settings","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1208"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ea87673-d06b-456f-a324-8abcee5c159f","type":"Microsoft.Authorization/policyDefinitions","name":"5ea87673-d06b-456f-a324-8abcee5c159f"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation only in India data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation in the following locations only: West India, South India,
Central India","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["westindia","southindia","centralindia"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54","type":"Microsoft.Authorization/policyDefinitions","name":"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54"},{"properties":{"displayName":"[Preview]:
@@ -8541,7 +13497,11 @@ interactions:
''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachineScaleSets/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069","type":"Microsoft.Authorization/policyDefinitions","name":"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069"},{"properties":{"displayName":"External
+ extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069","type":"Microsoft.Authorization/policyDefinitions","name":"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069"},{"properties":{"displayName":"Microsoft
+ Managed Control 1576 - Acquisition Process | Design / Implementation Information
+ For Security Controls","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1576"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5f18c885-ade3-48c5-80b1-8f9216019c18","type":"Microsoft.Authorization/policyDefinitions","name":"5f18c885-ade3-48c5-80b1-8f9216019c18"},{"properties":{"displayName":"External
accounts with read permissions should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"External
accounts with read privileges should be removed from your subscription in
order to prevent unmonitored access.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -8553,7 +13513,10 @@ interactions:
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"field":"[concat(''tags['',
parameters(''tagName''), '']'')]","notEquals":"[parameters(''tagValue'')]"},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"addOrReplace","field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ffd78d9-436d-4b41-a421-5baa819e3008","type":"Microsoft.Authorization/policyDefinitions","name":"5ffd78d9-436d-4b41-a421-5baa819e3008"},{"properties":{"displayName":"[Preview]:
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ffd78d9-436d-4b41-a421-5baa819e3008","type":"Microsoft.Authorization/policyDefinitions","name":"5ffd78d9-436d-4b41-a421-5baa819e3008"},{"properties":{"displayName":"Microsoft
+ Managed Control 1663 - Protection Of Information At Rest","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1663"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/60171210-6dde-40af-a144-bf2670518bfa","type":"Microsoft.Authorization/policyDefinitions","name":"60171210-6dde-40af-a144-bf2670518bfa"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Object Access''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -8579,19 +13542,87 @@ interactions:
a storage account in the same region and resource group as the SQL server
to store scan results, with a ''sqlva'' prefix.","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/securityAlertPolicies.state","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3","/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"serverName":{"type":"string"},"location":{"type":"string"}},"variables":{"serverResourceGroupName":"[resourceGroup().name]","subscriptionId":"[subscription().subscriptionId]","uniqueStorage":"[uniqueString(variables(''subscriptionId''),
variables(''serverResourceGroupName''), parameters(''location''))]","storageName":"[tolower(concat(''sqlva'',
- variables(''uniqueStorage'')))]"},"resources":[{"type":"Microsoft.Storage/storageAccounts","name":"[variables(''storageName'')]","apiVersion":"2016-01-01","location":"[parameters(''location'')]","sku":{"name":"Standard_LRS"},"kind":"Storage","properties":{}},{"name":"[concat(parameters(''serverName''),
+ variables(''uniqueStorage'')))]"},"resources":[{"type":"Microsoft.Storage/storageAccounts","name":"[variables(''storageName'')]","apiVersion":"2019-04-01","location":"[parameters(''location'')]","sku":{"name":"Standard_LRS"},"kind":"StorageV2","properties":{}},{"name":"[concat(parameters(''serverName''),
''/Default'')]","type":"Microsoft.Sql/servers/securityAlertPolicies","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","emailAccountAdmins":true}},{"name":"[concat(parameters(''serverName''),
''/Default'')]","type":"Microsoft.Sql/servers/vulnerabilityAssessments","apiVersion":"2018-06-01-preview","properties":{"storageContainerPath":"[concat(reference(resourceId(''Microsoft.Storage/storageAccounts'',
variables(''storageName''))).primaryEndpoints.blob, ''vulnerability-assessment'')]","storageAccountAccessKey":"[listKeys(resourceId(''Microsoft.Storage/storageAccounts'',
variables(''storageName'')), ''2018-02-01'').keys[0].value]","recurringScans":{"isEnabled":true,"emailSubscriptionAdmins":true,"emails":[]}},"dependsOn":["[concat(''Microsoft.Storage/storageAccounts/'',
variables(''storageName''))]","[concat(''Microsoft.Sql/servers/'', parameters(''serverName''),
- ''/securityAlertPolicies/Default'')]"]}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6","type":"Microsoft.Authorization/policyDefinitions","name":"6134c3db-786f-471e-87bc-8f479dc890f6"},{"properties":{"displayName":"Service
+ ''/securityAlertPolicies/Default'')]"]}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6","type":"Microsoft.Authorization/policyDefinitions","name":"6134c3db-786f-471e-87bc-8f479dc890f6"},{"properties":{"displayName":"Configure
+ time zone on Windows machines.","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to set specified time zone
+ on Windows virtual machines.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"TimeZone":{"type":"String","metadata":{"displayName":"Time
+ zone","description":"The expected time zone"},"allowedValues":["(UTC-12:00)
+ International Date Line West","(UTC-11:00) Coordinated Universal Time-11","(UTC-10:00)
+ Aleutian Islands","(UTC-10:00) Hawaii","(UTC-09:30) Marquesas Islands","(UTC-09:00)
+ Alaska","(UTC-09:00) Coordinated Universal Time-09","(UTC-08:00) Baja California","(UTC-08:00)
+ Coordinated Universal Time-08","(UTC-08:00) Pacific Time (US & Canada)","(UTC-07:00)
+ Arizona","(UTC-07:00) Chihuahua, La Paz, Mazatlan","(UTC-07:00) Mountain Time
+ (US & Canada)","(UTC-06:00) Central America","(UTC-06:00) Central Time (US
+ & Canada)","(UTC-06:00) Easter Island","(UTC-06:00) Guadalajara, Mexico City,
+ Monterrey","(UTC-06:00) Saskatchewan","(UTC-05:00) Bogota, Lima, Quito, Rio
+ Branco","(UTC-05:00) Chetumal","(UTC-05:00) Eastern Time (US & Canada)","(UTC-05:00)
+ Haiti","(UTC-05:00) Havana","(UTC-05:00) Indiana (East)","(UTC-05:00) Turks
+ and Caicos","(UTC-04:00) Asuncion","(UTC-04:00) Atlantic Time (Canada)","(UTC-04:00)
+ Caracas","(UTC-04:00) Cuiaba","(UTC-04:00) Georgetown, La Paz, Manaus, San
+ Juan","(UTC-04:00) Santiago","(UTC-03:30) Newfoundland","(UTC-03:00) Araguaina","(UTC-03:00)
+ Brasilia","(UTC-03:00) Cayenne, Fortaleza","(UTC-03:00) City of Buenos Aires","(UTC-03:00)
+ Greenland","(UTC-03:00) Montevideo","(UTC-03:00) Punta Arenas","(UTC-03:00)
+ Saint Pierre and Miquelon","(UTC-03:00) Salvador","(UTC-02:00) Coordinated
+ Universal Time-02","(UTC-02:00) Mid-Atlantic - Old","(UTC-01:00) Azores","(UTC-01:00)
+ Cabo Verde Is.","(UTC) Coordinated Universal Time","(UTC+00:00) Dublin, Edinburgh,
+ Lisbon, London","(UTC+00:00) Monrovia, Reykjavik","(UTC+00:00) Sao Tome","(UTC+01:00)
+ Casablanca","(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna","(UTC+01:00)
+ Belgrade, Bratislava, Budapest, Ljubljana, Prague","(UTC+01:00) Brussels,
+ Copenhagen, Madrid, Paris","(UTC+01:00) Sarajevo, Skopje, Warsaw, Zagreb","(UTC+01:00)
+ West Central Africa","(UTC+02:00) Amman","(UTC+02:00) Athens, Bucharest","(UTC+02:00)
+ Beirut","(UTC+02:00) Cairo","(UTC+02:00) Chisinau","(UTC+02:00) Damascus","(UTC+02:00)
+ Gaza, Hebron","(UTC+02:00) Harare, Pretoria","(UTC+02:00) Helsinki, Kyiv,
+ Riga, Sofia, Tallinn, Vilnius","(UTC+02:00) Jerusalem","(UTC+02:00) Kaliningrad","(UTC+02:00)
+ Khartoum","(UTC+02:00) Tripoli","(UTC+02:00) Windhoek","(UTC+03:00) Baghdad","(UTC+03:00)
+ Istanbul","(UTC+03:00) Kuwait, Riyadh","(UTC+03:00) Minsk","(UTC+03:00) Moscow,
+ St. Petersburg","(UTC+03:00) Nairobi","(UTC+03:30) Tehran","(UTC+04:00) Abu
+ Dhabi, Muscat","(UTC+04:00) Astrakhan, Ulyanovsk","(UTC+04:00) Baku","(UTC+04:00)
+ Izhevsk, Samara","(UTC+04:00) Port Louis","(UTC+04:00) Saratov","(UTC+04:00)
+ Tbilisi","(UTC+04:00) Volgograd","(UTC+04:00) Yerevan","(UTC+04:30) Kabul","(UTC+05:00)
+ Ashgabat, Tashkent","(UTC+05:00) Ekaterinburg","(UTC+05:00) Islamabad, Karachi","(UTC+05:00)
+ Qyzylorda","(UTC+05:30) Chennai, Kolkata, Mumbai, New Delhi","(UTC+05:30)
+ Sri Jayawardenepura","(UTC+05:45) Kathmandu","(UTC+06:00) Astana","(UTC+06:00)
+ Dhaka","(UTC+06:00) Omsk","(UTC+06:30) Yangon (Rangoon)","(UTC+07:00) Bangkok,
+ Hanoi, Jakarta","(UTC+07:00) Barnaul, Gorno-Altaysk","(UTC+07:00) Hovd","(UTC+07:00)
+ Krasnoyarsk","(UTC+07:00) Novosibirsk","(UTC+07:00) Tomsk","(UTC+08:00) Beijing,
+ Chongqing, Hong Kong, Urumqi","(UTC+08:00) Irkutsk","(UTC+08:00) Kuala Lumpur,
+ Singapore","(UTC+08:00) Perth","(UTC+08:00) Taipei","(UTC+08:00) Ulaanbaatar","(UTC+08:45)
+ Eucla","(UTC+09:00) Chita","(UTC+09:00) Osaka, Sapporo, Tokyo","(UTC+09:00)
+ Pyongyang","(UTC+09:00) Seoul","(UTC+09:00) Yakutsk","(UTC+09:30) Adelaide","(UTC+09:30)
+ Darwin","(UTC+10:00) Brisbane","(UTC+10:00) Canberra, Melbourne, Sydney","(UTC+10:00)
+ Guam, Port Moresby","(UTC+10:00) Hobart","(UTC+10:00) Vladivostok","(UTC+10:30)
+ Lord Howe Island","(UTC+11:00) Bougainville Island","(UTC+11:00) Chokurdakh","(UTC+11:00)
+ Magadan","(UTC+11:00) Norfolk Island","(UTC+11:00) Sakhalin","(UTC+11:00)
+ Solomon Is., New Caledonia","(UTC+12:00) Anadyr, Petropavlovsk-Kamchatsky","(UTC+12:00)
+ Auckland, Wellington","(UTC+12:00) Coordinated Universal Time+12","(UTC+12:00)
+ Fiji","(UTC+12:00) Petropavlovsk-Kamchatsky - Old","(UTC+12:45) Chatham Islands","(UTC+13:00)
+ Coordinated Universal Time+13","(UTC+13:00) Nuku''alofa","(UTC+13:00) Samoa","(UTC+14:00)
+ Kiritimati Island"]}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"SetWindowsTimeZone","existenceCondition":{"allOf":[{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[WindowsTimeZone]WindowsTimeZone1;TimeZone'',
+ ''='', parameters(''TimeZone'')))]"},{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"SetWindowsTimeZone"},"TimeZone":{"value":"[parameters(''TimeZone'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"TimeZone":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","assignmentType":"DeployAndAutoCorrect","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","assignmentType":"DeployAndAutoCorrect","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6141c932-9384-44c6-a395-59e4c057d7c9","type":"Microsoft.Authorization/policyDefinitions","name":"6141c932-9384-44c6-a395-59e4c057d7c9"},{"properties":{"displayName":"Service
Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign","policyType":"BuiltIn","mode":"Indexed","description":"Service
Fabric provides three levels of protection (None, Sign and EncryptAndSign)
for node-to-node communication using a primary cluster certificate. Set the
protection level to ensure that all node-to-node messages are encrypted and
digitally signed","metadata":{"category":"Service Fabric"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceFabric/clusters"},{"anyOf":[{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].name","notEquals":"Security"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name","notEquals":"ClusterProtectionLevel"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value","notEquals":"EncryptAndSign"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","type":"Microsoft.Authorization/policyDefinitions","name":"617c02be-7f02-4efd-8836-3180d47b6c68"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceFabric/clusters"},{"anyOf":[{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].name","notEquals":"Security"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name","notEquals":"ClusterProtectionLevel"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value","notEquals":"EncryptAndSign"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","type":"Microsoft.Authorization/policyDefinitions","name":"617c02be-7f02-4efd-8836-3180d47b6c68"},{"properties":{"displayName":"Microsoft
+ Managed Control 1110 - Audit Storage Capacity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1110"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6182bfa7-0f2a-43f5-834a-a2ddf31c13c7","type":"Microsoft.Authorization/policyDefinitions","name":"6182bfa7-0f2a-43f5-834a-a2ddf31c13c7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1415 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1415"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/61a1dd98-b259-4840-abd5-fbba7ee0da83","type":"Microsoft.Authorization/policyDefinitions","name":"61a1dd98-b259-4840-abd5-fbba7ee0da83"},{"properties":{"displayName":"Microsoft
+ Managed Control 1153 - System Interconnections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1153"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/61cf3125-142c-4754-8a16-41ab4d529635","type":"Microsoft.Authorization/policyDefinitions","name":"61cf3125-142c-4754-8a16-41ab4d529635"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
System objects''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -8599,7 +13630,24 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - System objects''. For more information on Guest
Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsSystemobjects","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/620e58b5-ac75-49b4-993f-a9d4f0459636","type":"Microsoft.Authorization/policyDefinitions","name":"620e58b5-ac75-49b4-993f-a9d4f0459636"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsSystemobjects","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/620e58b5-ac75-49b4-993f-a9d4f0459636","type":"Microsoft.Authorization/policyDefinitions","name":"620e58b5-ac75-49b4-993f-a9d4f0459636"},{"properties":{"displayName":"Microsoft
+ Managed Control 1682 - Malicious Code Protection | Nonsignature-Based Detection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1682"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/62b638c5-29d7-404b-8d93-f21e4b1ce198","type":"Microsoft.Authorization/policyDefinitions","name":"62b638c5-29d7-404b-8d93-f21e4b1ce198"},{"properties":{"displayName":"Microsoft
+ Managed Control 1660 - Session Authenticity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1660"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/63096613-ce83-43e5-96f4-e588e8813554","type":"Microsoft.Authorization/policyDefinitions","name":"63096613-ce83-43e5-96f4-e588e8813554"},{"properties":{"displayName":"Microsoft
+ Managed Control 1002 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1002"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/632024c2-8079-439d-a7f6-90af1d78cc65","type":"Microsoft.Authorization/policyDefinitions","name":"632024c2-8079-439d-a7f6-90af1d78cc65"},{"properties":{"displayName":"Microsoft
+ Managed Control 1498 - Rules Of Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1498"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/633988b9-cf2f-4323-8394-f0d2af9cd6e1","type":"Microsoft.Authorization/policyDefinitions","name":"633988b9-cf2f-4323-8394-f0d2af9cd6e1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1177 - Baseline Configuration | Reviews And Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1177"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc","type":"Microsoft.Authorization/policyDefinitions","name":"63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1185 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1185"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6420cd73-b939-43b7-9d99-e8688fea053c","type":"Microsoft.Authorization/policyDefinitions","name":"6420cd73-b939-43b7-9d99-e8688fea053c"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Devices''","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Windows virtual machines
@@ -8616,16 +13664,38 @@ interactions:
Allowed to format and eject removable media;ExpectedValue'', ''='', parameters(''DevicesAllowedToFormatAndEjectRemovableMedia'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsDevices"},"DevicesAllowedToFormatAndEjectRemovableMedia":{"value":"[parameters(''DevicesAllowedToFormatAndEjectRemovableMedia'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"DevicesAllowedToFormatAndEjectRemovableMedia":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Devices:
Allowed to format and eject removable media;ExpectedValue","value":"[parameters(''DevicesAllowedToFormatAndEjectRemovableMedia'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6481cc21-ed6e-4480-99dd-ea7c5222e897","type":"Microsoft.Authorization/policyDefinitions","name":"6481cc21-ed6e-4480-99dd-ea7c5222e897"},{"properties":{"displayName":"[Deprecated]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6481cc21-ed6e-4480-99dd-ea7c5222e897","type":"Microsoft.Authorization/policyDefinitions","name":"6481cc21-ed6e-4480-99dd-ea7c5222e897"},{"properties":{"displayName":"Microsoft
+ Managed Control 1441 - Media Sanitization | Equipment Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1441"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6519d7f3-e8a2-4ff3-a935-9a9497152ad7","type":"Microsoft.Authorization/policyDefinitions","name":"6519d7f3-e8a2-4ff3-a935-9a9497152ad7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1558 - Vulnerability Scanning | Correlate Scanning Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1558"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/65592b16-4367-42c5-a26e-d371be450e17","type":"Microsoft.Authorization/policyDefinitions","name":"65592b16-4367-42c5-a26e-d371be450e17"},{"properties":{"displayName":"[Deprecated]:
Audit missing blob encryption for storage accounts","policyType":"BuiltIn","mode":"All","description":"This
policy is no longer necessary because storage blob encryption is enabled by
default and cannot be turned off.","metadata":{"category":"Security Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759","type":"Microsoft.Authorization/policyDefinitions","name":"655cb504-bcee-4362-bd4c-402e6aa38759"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759","type":"Microsoft.Authorization/policyDefinitions","name":"655cb504-bcee-4362-bd4c-402e6aa38759"},{"properties":{"displayName":"Microsoft
+ Managed Control 1261 - Contingency Plan Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1261"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/65aeceb5-a59c-4cb1-8d82-9c474be5d431","type":"Microsoft.Authorization/policyDefinitions","name":"65aeceb5-a59c-4cb1-8d82-9c474be5d431"},{"properties":{"displayName":"[Deprecated]:
Audit IP restrictions configuration for a Function App","policyType":"BuiltIn","mode":"All","description":"IP
Restrictions allow you to define a list of IP addresses that are allowed to
access your app. Use of IP Restrictions protects a Function app from common
attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90","type":"Microsoft.Authorization/policyDefinitions","name":"664346d9-be92-43fb-a219-d595eeb76a90"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90","type":"Microsoft.Authorization/policyDefinitions","name":"664346d9-be92-43fb-a219-d595eeb76a90"},{"properties":{"displayName":"Microsoft
+ Managed Control 1444 - Media Use | Prohibit Use Without Owner","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1444"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/666143df-f5e0-45bd-b554-135f0f93e44e","type":"Microsoft.Authorization/policyDefinitions","name":"666143df-f5e0-45bd-b554-135f0f93e44e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1319 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1319"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/66f7ae57-5560-4fc5-85c9-659f204e7a42","type":"Microsoft.Authorization/policyDefinitions","name":"66f7ae57-5560-4fc5-85c9-659f204e7a42"},{"properties":{"displayName":"Microsoft
+ Managed Control 1628 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1628"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/67de62b4-a737-4781-8861-3baed3c35069","type":"Microsoft.Authorization/policyDefinitions","name":"67de62b4-a737-4781-8861-3baed3c35069"},{"properties":{"displayName":"Microsoft
+ Managed Control 1377 - Incident Response Assistance | Coordination With External
+ Providers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1377"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68434bd1-e14b-4031-9edb-a4adf5f84a67","type":"Microsoft.Authorization/policyDefinitions","name":"68434bd1-e14b-4031-9edb-a4adf5f84a67"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs on which the Log Analytics agent
is not connected as expected","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -8644,7 +13714,35 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LogAnalyticsAgent]LogAnalyticsAgent1;WorkspaceId","value":"[parameters(''WorkspaceId'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68511db2-bd02-41c4-ae6b-1900a012968a","type":"Microsoft.Authorization/policyDefinitions","name":"68511db2-bd02-41c4-ae6b-1900a012968a"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68511db2-bd02-41c4-ae6b-1900a012968a","type":"Microsoft.Authorization/policyDefinitions","name":"68511db2-bd02-41c4-ae6b-1900a012968a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1597 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1597"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68b250ec-2e4f-4eee-898a-117a9fda7016","type":"Microsoft.Authorization/policyDefinitions","name":"68b250ec-2e4f-4eee-898a-117a9fda7016"},{"properties":{"displayName":"Microsoft
+ Managed Control 1588 - External Information System Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1588"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68ebae26-e0e0-4ecb-8379-aabf633b51e9","type":"Microsoft.Authorization/policyDefinitions","name":"68ebae26-e0e0-4ecb-8379-aabf633b51e9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1070 - Wireless Access | Disable Wireless Networking","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1070"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68f837d0-8942-4b1e-9b31-be78b247bda8","type":"Microsoft.Authorization/policyDefinitions","name":"68f837d0-8942-4b1e-9b31-be78b247bda8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1727 - Memory Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1727"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/697175a7-9715-4e89-b98b-c6f605888fa3","type":"Microsoft.Authorization/policyDefinitions","name":"697175a7-9715-4e89-b98b-c6f605888fa3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1652 - Mobile Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1652"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6998e84a-2d29-4e10-8962-76754d4f772d","type":"Microsoft.Authorization/policyDefinitions","name":"6998e84a-2d29-4e10-8962-76754d4f772d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1699 - Information System Monitoring | Privileged Users","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1699"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/69c7bee8-bc19-4129-a51e-65a7b39d3e7c","type":"Microsoft.Authorization/policyDefinitions","name":"69c7bee8-bc19-4129-a51e-65a7b39d3e7c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1696 - Information System Monitoring | Correlate Monitoring
+ Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1696"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/69d2a238-20ab-4206-a6dc-f302bf88b1b8","type":"Microsoft.Authorization/policyDefinitions","name":"69d2a238-20ab-4206-a6dc-f302bf88b1b8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1244 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1244"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a13a8f8-c163-4b1b-8554-d63569dab937","type":"Microsoft.Authorization/policyDefinitions","name":"6a13a8f8-c163-4b1b-8554-d63569dab937"},{"properties":{"displayName":"Microsoft
+ Managed Control 1019 - Account Management | Role-Based Schemes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1019"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a3ee9b2-3977-459c-b8ce-2db583abd9f7","type":"Microsoft.Authorization/policyDefinitions","name":"6a3ee9b2-3977-459c-b8ce-2db583abd9f7"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs on which Windows Defender Exploit
Guard is not enabled","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -8671,29 +13769,108 @@ interactions:
Restrictions allow you to define a list of IP addresses that are allowed to
access your app. Use of IP Restrictions protects a web application from common
attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe","type":"Microsoft.Authorization/policyDefinitions","name":"6a8450e2-6c61-43b4-be65-62e3a197bffe"},{"properties":{"displayName":"Deprecated
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe","type":"Microsoft.Authorization/policyDefinitions","name":"6a8450e2-6c61-43b4-be65-62e3a197bffe"},{"properties":{"displayName":"Microsoft
+ Managed Control 1211 - Configuration Settings","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1211"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a8b9dc8-6b00-4701-aa96-bba3277ebf50","type":"Microsoft.Authorization/policyDefinitions","name":"6a8b9dc8-6b00-4701-aa96-bba3277ebf50"},{"properties":{"displayName":"[Deprecated]:
+ Ensure WEB app is using the latest version of TLS encryption ","policyType":"BuiltIn","mode":"Indexed","description":"Please
+ use /providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b
+ instead. The TLS(Transport Layer Security) protocol secures transmission of
+ data over the internet using standard encryption technology. Encryption should
+ be set with the latest version of TLS. App service allows TLS 1.2 by default,
+ which is the recommended TLS level by industry standards, such as PCI DSS.","metadata":{"category":"App
+ Service","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6ad61431-88ce-4357-a0e1-6da43f292bd7","type":"Microsoft.Authorization/policyDefinitions","name":"6ad61431-88ce-4357-a0e1-6da43f292bd7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1653 - Mobile Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1653"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b","type":"Microsoft.Authorization/policyDefinitions","name":"6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b"},{"properties":{"displayName":"Deprecated
accounts should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"Deprecated
accounts should be removed from your subscriptions. Deprecated accounts are
accounts that have been blocked from signing in.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveDeprecatedAccounts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","type":"Microsoft.Authorization/policyDefinitions","name":"6b1cbf55-e8b6-442f-ba4c-7246b6381474"},{"properties":{"displayName":"Not
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveDeprecatedAccounts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","type":"Microsoft.Authorization/policyDefinitions","name":"6b1cbf55-e8b6-442f-ba4c-7246b6381474"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Service Bus to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Service Bus to stream to a regional Event Hub
+ when any Service Bus which is missing this diagnostic settings is created
+ or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.ServiceBus/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b51af03-9277-49a9-a3f8-1c69c9ff7403","type":"Microsoft.Authorization/policyDefinitions","name":"6b51af03-9277-49a9-a3f8-1c69c9ff7403"},{"properties":{"displayName":"Microsoft
+ Managed Control 1031 - Separation Of Duties","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1031"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b93a801-fe25-4574-a60d-cb22acffae00","type":"Microsoft.Authorization/policyDefinitions","name":"6b93a801-fe25-4574-a60d-cb22acffae00"},{"properties":{"displayName":"Not
allowed resource types","policyType":"BuiltIn","mode":"All","description":"This
policy enables you to specify the resource types that your organization cannot
deploy.","metadata":{"category":"General"},"parameters":{"listOfResourceTypesNotAllowed":{"type":"Array","metadata":{"description":"The
list of resource types that cannot be deployed.","displayName":"Not allowed
- resource types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypesNotAllowed'')]"},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749","type":"Microsoft.Authorization/policyDefinitions","name":"6c112d4e-5bc7-47ae-a041-ea2d9dccd749"},{"properties":{"displayName":"Function
+ resource types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypesNotAllowed'')]"},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749","type":"Microsoft.Authorization/policyDefinitions","name":"6c112d4e-5bc7-47ae-a041-ea2d9dccd749"},{"properties":{"displayName":"Microsoft
+ Managed Control 1338 - Authenticator Management | Automated Support For Password
+ Strength Determination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1338"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6c59a207-6aed-41dc-83a2-e1ff66e4a4db","type":"Microsoft.Authorization/policyDefinitions","name":"6c59a207-6aed-41dc-83a2-e1ff66e4a4db"},{"properties":{"displayName":"Microsoft
+ Managed Control 1304 - Identification And Authentication (Org. Users) | Local
+ Access To Non-Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1304"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b","type":"Microsoft.Authorization/policyDefinitions","name":"6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1437 - Media Transport | Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1437"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d1eb6ed-bf13-4046-b993-b9e2aef0f76c","type":"Microsoft.Authorization/policyDefinitions","name":"6d1eb6ed-bf13-4046-b993-b9e2aef0f76c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1171 - Penetration Testing | Independent Penetration Agent
+ Or Team","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1171"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d4820bc-8b61-4982-9501-2123cb776c00","type":"Microsoft.Authorization/policyDefinitions","name":"6d4820bc-8b61-4982-9501-2123cb776c00"},{"properties":{"displayName":"Function
App should only be accessible over HTTPS","policyType":"BuiltIn","mode":"Indexed","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","type":"Microsoft.Authorization/policyDefinitions","name":"6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab"},{"properties":{"displayName":"Email
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","type":"Microsoft.Authorization/policyDefinitions","name":"6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab"},{"properties":{"displayName":"Microsoft
+ Managed Control 1643 - Cryptographic Key Establishment And Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1643"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d8d492c-dd7a-46f7-a723-fa66a425b87c","type":"Microsoft.Authorization/policyDefinitions","name":"6d8d492c-dd7a-46f7-a723-fa66a425b87c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1291 - Information System Backup | Testing For Reliability
+ / Integrity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1291"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912","type":"Microsoft.Authorization/policyDefinitions","name":"6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912"},{"properties":{"displayName":"Microsoft
+ Managed Control 1175 - Configuration Management Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1175"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6dab4254-c30d-4bb7-ae99-1d21586c063c","type":"Microsoft.Authorization/policyDefinitions","name":"6dab4254-c30d-4bb7-ae99-1d21586c063c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1651 - Mobile Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1651"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6db63528-c9ba-491c-8a80-83e1e6977a50","type":"Microsoft.Authorization/policyDefinitions","name":"6db63528-c9ba-491c-8a80-83e1e6977a50"},{"properties":{"displayName":"Email
notification for high severity alerts should be enabled","policyType":"BuiltIn","mode":"All","description":"Enable
emailing security alerts to the security contact, in order to have them receive
security alert emails from Microsoft. This ensures that the right people are
aware of any potential security issues and are able to mitigate the risks","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertNotifications","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","type":"Microsoft.Authorization/policyDefinitions","name":"6e2593d9-add6-4083-9c9b-4b7d2188c899"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertNotifications","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","type":"Microsoft.Authorization/policyDefinitions","name":"6e2593d9-add6-4083-9c9b-4b7d2188c899"},{"properties":{"displayName":"Microsoft
+ Managed Control 1586 - External Information System Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1586"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e3b2fbd-8f37-4766-a64d-3f37703dcb51","type":"Microsoft.Authorization/policyDefinitions","name":"6e3b2fbd-8f37-4766-a64d-3f37703dcb51"},{"properties":{"displayName":"Microsoft
+ Managed Control 1536 - Risk Assessment Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1536"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e40d9de-2ad4-4cb5-8945-23143326a502","type":"Microsoft.Authorization/policyDefinitions","name":"6e40d9de-2ad4-4cb5-8945-23143326a502"},{"properties":{"displayName":"Microsoft
+ Managed Control 1530 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1530"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e8f9566-29f1-49cd-b61f-f8628a3cf993","type":"Microsoft.Authorization/policyDefinitions","name":"6e8f9566-29f1-49cd-b61f-f8628a3cf993"},{"properties":{"displayName":"Microsoft
+ Managed Control 1460 - Access Control For Output Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1460"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6f3ce1bb-4f77-4695-8355-70b08d54fdda","type":"Microsoft.Authorization/policyDefinitions","name":"6f3ce1bb-4f77-4695-8355-70b08d54fdda"},{"properties":{"displayName":"Microsoft
+ Managed Control 1320 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1320"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6f54c732-71d4-4f93-a696-4e373eca3a77","type":"Microsoft.Authorization/policyDefinitions","name":"6f54c732-71d4-4f93-a696-4e373eca3a77"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation only in Japan data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
- resource creation in the following locations only: Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4","type":"Microsoft.Authorization/policyDefinitions","name":"6fdb9205-3462-4cfc-87d8-16c7860b53f4"},{"properties":{"displayName":"[Preview]:
+ resource creation in the following locations only: Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4","type":"Microsoft.Authorization/policyDefinitions","name":"6fdb9205-3462-4cfc-87d8-16c7860b53f4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1141 - Audit Generation | Changes By Authorized Individuals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1141"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fdefbf4-93e7-4513-bc95-c1858b7093e0","type":"Microsoft.Authorization/policyDefinitions","name":"6fdefbf4-93e7-4513-bc95-c1858b7093e0"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Microsoft Network Server''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -8701,7 +13878,19 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - Microsoft Network Server''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkServer","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fe4ef56-7576-4dc4-8e9c-26bad4b087ce","type":"Microsoft.Authorization/policyDefinitions","name":"6fe4ef56-7576-4dc4-8e9c-26bad4b087ce"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkServer","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fe4ef56-7576-4dc4-8e9c-26bad4b087ce","type":"Microsoft.Authorization/policyDefinitions","name":"6fe4ef56-7576-4dc4-8e9c-26bad4b087ce"},{"properties":{"displayName":"Ensure
+ that ''Python version'' is the latest, if used as a part of the Web app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Python software either due to security flaws
+ or to include additional functionality. Using the latest Python version for
+ web apps is recommended in order to to take advantage of security fixes, if
+ any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"WindowsPythonLatestVersion":{"type":"String","metadata":{"displayName":"Windows
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.6"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"Linux
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.8"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PYTHON"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PYTHON|'',
+ parameters(''LinuxPythonLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":"[parameters(''WindowsPythonLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","type":"Microsoft.Authorization/policyDefinitions","name":"7008174a-fd10-4ef0-817e-fc820a951d73"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Windows Components''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
with non-compliant settings in Group Policy category: ''Windows Components''.
@@ -8813,14 +14002,36 @@ interactions:
Specify the maximum log file size (KB);ExpectedValue","value":"[parameters(''SystemSpecifyTheMaximumLogFileSizeKB'')]"},{"name":"Turn
off Data Execution Prevention for Explorer;ExpectedValue","value":"[parameters(''TurnOffDataExecutionPreventionForExplorer'')]"},{"name":"Specify
the interval to check for definition updates;ExpectedValue","value":"[parameters(''SpecifyTheIntervalToCheckForDefinitionUpdates'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7040a231-fb65-4412-8c0a-b365f4866c24","type":"Microsoft.Authorization/policyDefinitions","name":"7040a231-fb65-4412-8c0a-b365f4866c24"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7040a231-fb65-4412-8c0a-b365f4866c24","type":"Microsoft.Authorization/policyDefinitions","name":"7040a231-fb65-4412-8c0a-b365f4866c24"},{"properties":{"displayName":"Microsoft
+ Managed Control 1254 - Contingency Plan | Resume All Missions / Business Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1254"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/704e136a-4fe0-427c-b829-cd69957f5d2b","type":"Microsoft.Authorization/policyDefinitions","name":"704e136a-4fe0-427c-b829-cd69957f5d2b"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- System''","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''System
Audit Policies - System''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7066131b-61a6-4917-a7e4-72e8983f0aa6","type":"Microsoft.Authorization/policyDefinitions","name":"7066131b-61a6-4917-a7e4-72e8983f0aa6"},{"properties":{"displayName":"[Preview]:
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7066131b-61a6-4917-a7e4-72e8983f0aa6","type":"Microsoft.Authorization/policyDefinitions","name":"7066131b-61a6-4917-a7e4-72e8983f0aa6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1509 - Position Risk Designation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1509"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/70792197-9bfc-4813-905a-bd33993e327f","type":"Microsoft.Authorization/policyDefinitions","name":"70792197-9bfc-4813-905a-bd33993e327f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1541 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1541"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/70f6af82-7be6-44aa-9b15-8b9231b2e434","type":"Microsoft.Authorization/policyDefinitions","name":"70f6af82-7be6-44aa-9b15-8b9231b2e434"},{"properties":{"displayName":"Microsoft
+ Managed Control 1691 - Information System Monitoring | Automated Tools For
+ Real-Time Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1691"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/71475fb4-49bd-450b-a1a5-f63894c24725","type":"Microsoft.Authorization/policyDefinitions","name":"71475fb4-49bd-450b-a1a5-f63894c24725"},{"properties":{"displayName":"Microsoft
+ Managed Control 1481 - Temperature And Humidity Controls","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1481"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/717a1c78-a267-4f56-ac58-ee6c54dc4339","type":"Microsoft.Authorization/policyDefinitions","name":"717a1c78-a267-4f56-ac58-ee6c54dc4339"},{"properties":{"displayName":"Microsoft
+ Managed Control 1129 - Time Stamps | Synchronization With Authoritative Time
+ Source","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1129"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/71bb965d-4047-4623-afd4-b8189a58df5d","type":"Microsoft.Authorization/policyDefinitions","name":"71bb965d-4047-4623-afd4-b8189a58df5d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1395 - System Maintenance Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1395"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7207a023-a517-41c5-9df2-09d4c6845a05","type":"Microsoft.Authorization/policyDefinitions","name":"7207a023-a517-41c5-9df2-09d4c6845a05"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs on which the DSC configuration is not
compliant","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
@@ -8835,7 +14046,28 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Administrative
Templates - Network''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesNetwork","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7229bd6a-693d-478a-87f0-1dc1af06f3b8","type":"Microsoft.Authorization/policyDefinitions","name":"7229bd6a-693d-478a-87f0-1dc1af06f3b8"},{"properties":{"displayName":"[Preview]:
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesNetwork","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7229bd6a-693d-478a-87f0-1dc1af06f3b8","type":"Microsoft.Authorization/policyDefinitions","name":"7229bd6a-693d-478a-87f0-1dc1af06f3b8"},{"properties":{"displayName":"Ensure
+ that ''Python version'' is the latest, if used as a part of the Function app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Python software either due to security flaws
+ or to include additional functionality. Using the latest Python version for
+ Function apps is recommended in order to to take advantage of security fixes,
+ if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"WindowsPythonLatestVersion":{"type":"String","metadata":{"displayName":"Windows
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.6"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"Linux
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.8"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PYTHON"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PYTHON|'',
+ parameters(''LinuxPythonLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":"[parameters(''WindowsPythonLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","type":"Microsoft.Authorization/policyDefinitions","name":"7238174a-fd10-4ef0-817e-fc820a951d73"},{"properties":{"displayName":"Ensure
+ that ''PHP version'' is the latest, if used as a part of the WEB app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for PHP software either due to security flaws
+ or to include additional functionality. Using the latest PHP version for web
+ apps is recommended in order to to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ PHP version","description":"Latest supported PHP version for App Services"},"defaultValue":"7.3"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PHP"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PHP|'',
+ parameters(''PHPLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":"[parameters(''PHPLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","type":"Microsoft.Authorization/policyDefinitions","name":"7261b898-8a84-4db8-9e04-18527132abb3"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that allow re-use of the previous
24 passwords","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -8843,13 +14075,13 @@ interactions:
managed identity and deploys the VM extension for Guest Configuration. This
policy should only be used along with its corresponding audit policy in an
initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"EnforcePasswordHistory"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"EnforcePasswordHistory"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","type":"Microsoft.Authorization/policyDefinitions","name":"726671ac-c4de-4908-8c7d-6043ae62e3b6"},{"properties":{"displayName":"Add
a tag to resource groups","policyType":"BuiltIn","mode":"All","description":"Adds
the specified tag and value when any resource group missing this tag is created
@@ -8858,17 +14090,60 @@ interactions:
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"add","field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/726aca4c-86e9-4b04-b0c5-073027359532","type":"Microsoft.Authorization/policyDefinitions","name":"726aca4c-86e9-4b04-b0c5-073027359532"},{"properties":{"displayName":"Allowed
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/726aca4c-86e9-4b04-b0c5-073027359532","type":"Microsoft.Authorization/policyDefinitions","name":"726aca4c-86e9-4b04-b0c5-073027359532"},{"properties":{"displayName":"Microsoft
+ Managed Control 1524 - Personnel Transfer","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1524"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/72f1cb4e-2439-4fe8-88ea-b8671ce3c268","type":"Microsoft.Authorization/policyDefinitions","name":"72f1cb4e-2439-4fe8-88ea-b8671ce3c268"},{"properties":{"displayName":"Microsoft
+ Managed Control 1393 - Information Spillage Response | Exposure To Unauthorized
+ Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1393"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/731856d8-1598-4b75-92de-7d46235747c0","type":"Microsoft.Authorization/policyDefinitions","name":"731856d8-1598-4b75-92de-7d46235747c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1101 - Audit And Accountability Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1101"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7327b708-f0e0-457d-9d2a-527fcc9c9a65","type":"Microsoft.Authorization/policyDefinitions","name":"7327b708-f0e0-457d-9d2a-527fcc9c9a65"},{"properties":{"displayName":"Microsoft
+ Managed Control 1456 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1456"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/733ba9e3-9e7c-440a-a7aa-6196a90a2870","type":"Microsoft.Authorization/policyDefinitions","name":"733ba9e3-9e7c-440a-a7aa-6196a90a2870"},{"properties":{"displayName":"Microsoft
+ Managed Control 1581 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1581"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/742b549b-7a25-465f-b83c-ea1ffb4f4e0e","type":"Microsoft.Authorization/policyDefinitions","name":"742b549b-7a25-465f-b83c-ea1ffb4f4e0e"},{"properties":{"displayName":"Allowed
storage account SKUs","policyType":"BuiltIn","mode":"Indexed","description":"This
policy enables you to specify a set of storage account SKUs that your organization
can deploy.","metadata":{"category":"Storage"},"parameters":{"listOfAllowedSKUs":{"type":"Array","metadata":{"description":"The
list of SKUs that can be specified for storage accounts.","displayName":"Allowed
- SKUs","strongType":"StorageSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1","type":"Microsoft.Authorization/policyDefinitions","name":"7433c107-6db4-4ad1-b57a-a76dce0154a1"},{"properties":{"displayName":"[Deprecated]:
+ SKUs","strongType":"StorageSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1","type":"Microsoft.Authorization/policyDefinitions","name":"7433c107-6db4-4ad1-b57a-a76dce0154a1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1631 - Boundary Protection | Deny By Default / Allow By Exception","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1631"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/74ae9b8e-e7bb-4c9c-992f-c535282f7a2c","type":"Microsoft.Authorization/policyDefinitions","name":"74ae9b8e-e7bb-4c9c-992f-c535282f7a2c"},{"properties":{"displayName":"Ensure
+ that ''Python version'' is the latest, if used as a part of the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Python software either due to security flaws
+ or to include additional functionality. Using the latest Python version for
+ Api apps is recommended in order to to take advantage of security fixes, if
+ any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"WindowsPythonLatestVersion":{"type":"String","metadata":{"displayName":"Windows
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.6"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"Linux
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.8"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PYTHON"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PYTHON|'',
+ parameters(''LinuxPythonLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":"[parameters(''WindowsPythonLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","type":"Microsoft.Authorization/policyDefinitions","name":"74c3584d-afae-46f7-a20a-6f8adba71a16"},{"properties":{"displayName":"Microsoft
+ Managed Control 1417 - Nonlocal Maintenance | Comparable Security / Sanitization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1417"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7522ed84-70d5-4181-afc0-21e50b1b6d0e","type":"Microsoft.Authorization/policyDefinitions","name":"7522ed84-70d5-4181-afc0-21e50b1b6d0e"},{"properties":{"displayName":"[Deprecated]:
Audit enabling of diagnostic logs in App Services","policyType":"BuiltIn","mode":"All","description":"Audit
enabling of diagnostic logs on the app. This enables you to recreate activity
trails for investigation purposes if a security incident occurs or your network
is compromised","metadata":{"category":"App Service","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites/config"},{"field":"name","equals":"web"},{"anyOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","notEquals":"true"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac","type":"Microsoft.Authorization/policyDefinitions","name":"752c6934-9bcc-4749-b004-655e676ae2ac"},{"properties":{"displayName":"Vulnerabilities
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites/config"},{"field":"name","equals":"web"},{"anyOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","notEquals":"true"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac","type":"Microsoft.Authorization/policyDefinitions","name":"752c6934-9bcc-4749-b004-655e676ae2ac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1468 - Visitor Access Records | Automated Records Maintenance
+ / Review","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1468"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/75603f96-80a1-4757-991d-5a1221765ddd","type":"Microsoft.Authorization/policyDefinitions","name":"75603f96-80a1-4757-991d-5a1221765ddd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1053 - Session Lock | Pattern-Hiding Displays","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1053"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7582b19c-9dba-438e-aed8-ede59ac35ba3","type":"Microsoft.Authorization/policyDefinitions","name":"7582b19c-9dba-438e-aed8-ede59ac35ba3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1459 - Access Control For Transmission Medium","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1459"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0","type":"Microsoft.Authorization/policyDefinitions","name":"75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0"},{"properties":{"displayName":"Vulnerabilities
should be remediated by a Vulnerability Assessment solution","policyType":"BuiltIn","mode":"All","description":"Monitors
vulnerabilities detected by Vulnerability Assessment solution and VMs without
a Vulnerability Assessment solution in Azure Security Center as recommendations.","metadata":{"category":"Security
@@ -8882,12 +14157,63 @@ interactions:
List of VM images that have supported Linux OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.7"},"resources":[{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","name":"[concat(parameters(''vmName''),
''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0","type":"Microsoft.Authorization/policyDefinitions","name":"765266ab-e40e-4c61-bcb2-5a5275d0b7c0"},{"properties":{"displayName":"Azure
+ extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0","type":"Microsoft.Authorization/policyDefinitions","name":"765266ab-e40e-4c61-bcb2-5a5275d0b7c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1055 - Session Termination| User-Initiated Logouts / Message
+ Displays","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1055"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/769efd9b-3587-4e22-90ce-65ddcd5bd969","type":"Microsoft.Authorization/policyDefinitions","name":"769efd9b-3587-4e22-90ce-65ddcd5bd969"},{"properties":{"displayName":"Audit
+ delegation of scopes to a managing tenant","policyType":"BuiltIn","mode":"All","description":"Audit
+ delegation of scopes to a managing tenant via Azure Lighthouse.","metadata":{"category":"Lighthouse"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ManagedServices/registrationAssignments"},{"value":"true","equals":"true"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/76bed37b-484f-430f-a009-fd7592dff818","type":"Microsoft.Authorization/policyDefinitions","name":"76bed37b-484f-430f-a009-fd7592dff818"},{"properties":{"displayName":"Microsoft
+ Managed Control 1058 - Permitted Actions Without Identification Or Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1058"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/76e85d08-8fbb-4112-a1c1-93521e6a9254","type":"Microsoft.Authorization/policyDefinitions","name":"76e85d08-8fbb-4112-a1c1-93521e6a9254"},{"properties":{"displayName":"Microsoft
+ Managed Control 1508 - Position Risk Designation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1508"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/76f500cc-4bca-4583-bda1-6d084dc21086","type":"Microsoft.Authorization/policyDefinitions","name":"76f500cc-4bca-4583-bda1-6d084dc21086"},{"properties":{"displayName":"Microsoft
+ Managed Control 1423 - Maintenance Personnel | Individuals Without Appropriate
+ Access","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1423"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7741669e-d4f6-485a-83cb-e70ce7cbbc20","type":"Microsoft.Authorization/policyDefinitions","name":"7741669e-d4f6-485a-83cb-e70ce7cbbc20"},{"properties":{"displayName":"Azure
subscriptions should have a log profile for Activity Log","policyType":"BuiltIn","mode":"All","description":"This
policy ensures if a log profile is enabled for exporting activity logs. It
audits if there is no log profile created to export the logs either to a storage
account or to an event hub.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"field":"Microsoft.Insights/logProfiles/categories","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","type":"Microsoft.Authorization/policyDefinitions","name":"7796937f-307b-4598-941c-67d3a05ebfe7"},{"properties":{"displayName":"Deploy
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"field":"Microsoft.Insights/logProfiles/categories","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","type":"Microsoft.Authorization/policyDefinitions","name":"7796937f-307b-4598-941c-67d3a05ebfe7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1336 - Authenticator Management | Pki-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1336"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/77f56280-e367-432a-a3b9-8ca2aa636a26","type":"Microsoft.Authorization/policyDefinitions","name":"77f56280-e367-432a-a3b9-8ca2aa636a26"},{"properties":{"displayName":"Microsoft
+ Managed Control 1258 - Contingency Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1258"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7814506c-382c-4d33-a142-249dd4a0dbff","type":"Microsoft.Authorization/policyDefinitions","name":"7814506c-382c-4d33-a142-249dd4a0dbff"},{"properties":{"displayName":"Microsoft
+ Managed Control 1178 - Baseline Configuration | Reviews And Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1178"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7818b8f4-47c6-441a-90ae-12ce04e99893","type":"Microsoft.Authorization/policyDefinitions","name":"7818b8f4-47c6-441a-90ae-12ce04e99893"},{"properties":{"displayName":"Microsoft
+ Managed Control 1057 - Permitted Actions Without Identification Or Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1057"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/78255758-6d45-4bf0-a005-7016bc03b13c","type":"Microsoft.Authorization/policyDefinitions","name":"78255758-6d45-4bf0-a005-7016bc03b13c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1700 - Information System Monitoring | Unauthorized Network
+ Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1700"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5","type":"Microsoft.Authorization/policyDefinitions","name":"7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1010 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1010"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/784663a8-1eb0-418a-a98c-24d19bc1bb62","type":"Microsoft.Authorization/policyDefinitions","name":"784663a8-1eb0-418a-a98c-24d19bc1bb62"},{"properties":{"displayName":"Microsoft
+ Managed Control 1216 - Least Functionality | Periodic Review","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1216"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7894fe6a-f5cb-44c8-ba90-c3f254ff9484","type":"Microsoft.Authorization/policyDefinitions","name":"7894fe6a-f5cb-44c8-ba90-c3f254ff9484"},{"properties":{"displayName":"Microsoft
+ Managed Control 1639 - Boundary Protection | Isolation Of Information System
+ Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1639"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/78e8e649-50f6-4fe3-99ac-fedc2e63b03f","type":"Microsoft.Authorization/policyDefinitions","name":"78e8e649-50f6-4fe3-99ac-fedc2e63b03f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1647 - Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1647"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/791cfc15-6974-42a0-9f4c-2d4b82f4a78c","type":"Microsoft.Authorization/policyDefinitions","name":"791cfc15-6974-42a0-9f4c-2d4b82f4a78c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1510 - Position Risk Designation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1510"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/79da5b09-0e7e-499e-adda-141b069c7998","type":"Microsoft.Authorization/policyDefinitions","name":"79da5b09-0e7e-499e-adda-141b069c7998"},{"properties":{"displayName":"Microsoft
+ Managed Control 1384 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1384"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/79fbc228-461c-4a45-9004-a865ca0728a7","type":"Microsoft.Authorization/policyDefinitions","name":"79fbc228-461c-4a45-9004-a865ca0728a7"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows Server VMs on which Windows Serial Console
is not enabled","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows Server virtual
@@ -8910,7 +14236,28 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSPortNumber","value":"[parameters(''EMSPortNumber'')]"},{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSBaudRate","value":"[parameters(''EMSBaudRate'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a031c68-d6ab-406e-a506-697a19c634b0","type":"Microsoft.Authorization/policyDefinitions","name":"7a031c68-d6ab-406e-a506-697a19c634b0"},{"properties":{"displayName":"Diagnostic
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a031c68-d6ab-406e-a506-697a19c634b0","type":"Microsoft.Authorization/policyDefinitions","name":"7a031c68-d6ab-406e-a506-697a19c634b0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1093 - Role-Based Security Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1093"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a0bdeeb-15f4-47e8-a1da-9f769f845fdf","type":"Microsoft.Authorization/policyDefinitions","name":"7a0bdeeb-15f4-47e8-a1da-9f769f845fdf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1708 - Security Function Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1708"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a1e2c88-13de-4959-8ee7-47e3d74f1f48","type":"Microsoft.Authorization/policyDefinitions","name":"7a1e2c88-13de-4959-8ee7-47e3d74f1f48"},{"properties":{"displayName":"Microsoft
+ Managed Control 1289 - Information System Backup","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1289"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a724864-956a-496c-b778-637cb1d762cf","type":"Microsoft.Authorization/policyDefinitions","name":"7a724864-956a-496c-b778-637cb1d762cf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1687 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1687"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a87fc7f-301e-49f3-ba2a-4d74f424fa97","type":"Microsoft.Authorization/policyDefinitions","name":"7a87fc7f-301e-49f3-ba2a-4d74f424fa97"},{"properties":{"displayName":"Microsoft
+ Managed Control 1061 - Remote Access | Automated Monitoring / Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1061"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ac22808-a2e8-41c4-9d46-429b50738914","type":"Microsoft.Authorization/policyDefinitions","name":"7ac22808-a2e8-41c4-9d46-429b50738914"},{"properties":{"displayName":"Microsoft
+ Managed Control 1492 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1492"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ad5f307-e045-46f7-8214-5bdb7e973737","type":"Microsoft.Authorization/policyDefinitions","name":"7ad5f307-e045-46f7-8214-5bdb7e973737"},{"properties":{"displayName":"Microsoft
+ Managed Control 1636 - Boundary Protection | Isolation Of Security Tools /
+ Mechanisms / Support Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1636"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7b694eed-7081-43c6-867c-41c76c961043","type":"Microsoft.Authorization/policyDefinitions","name":"7b694eed-7081-43c6-867c-41c76c961043"},{"properties":{"displayName":"Diagnostic
logs in Virtual Machine Scale Sets should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"It
is recommended to enable Logs so that activity trail can be recreated when
investigations are required in the event of an incident or a compromise.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -8919,20 +14266,46 @@ interactions:
policy ensures blob encryption for storage accounts is turned on. It only
applies to Microsoft.Storage resource types, not other storage providers.
This policy is deprecated because storage blob encryption is now enabled by
- default, and can no longer be disabled.","metadata":{"category":"Storage","deprecated":true},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f","type":"Microsoft.Authorization/policyDefinitions","name":"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f"},{"properties":{"displayName":"Show
+ default, and can no longer be disabled.","metadata":{"category":"Storage","deprecated":true},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f","type":"Microsoft.Authorization/policyDefinitions","name":"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1143 - Security Assessment And Authorization Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1143"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7c6de11b-5f51-4f7c-8d83-d2467c8a816e","type":"Microsoft.Authorization/policyDefinitions","name":"7c6de11b-5f51-4f7c-8d83-d2467c8a816e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1051 - Session Lock","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1051"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7cac6ee9-b58b-40c8-a5ce-f0efc3d9b339","type":"Microsoft.Authorization/policyDefinitions","name":"7cac6ee9-b58b-40c8-a5ce-f0efc3d9b339"},{"properties":{"displayName":"Microsoft
+ Managed Control 1279 - Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1279"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0","type":"Microsoft.Authorization/policyDefinitions","name":"7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1109 - Content Of Audit Records | Centralized Management Of
+ Planned Audit Record Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1109"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7d9ffa23-ad92-4d0d-b1f4-7db274cc2aec","type":"Microsoft.Authorization/policyDefinitions","name":"7d9ffa23-ad92-4d0d-b1f4-7db274cc2aec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1201 - Security Impact Analysis | Separate Test Environments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1201"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7daef997-fdd3-461b-8807-a608a6dd70f1","type":"Microsoft.Authorization/policyDefinitions","name":"7daef997-fdd3-461b-8807-a608a6dd70f1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1471 - Emergency Shutoff","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1471"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7dd0e9ce-1772-41fb-a50a-99977071f916","type":"Microsoft.Authorization/policyDefinitions","name":"7dd0e9ce-1772-41fb-a50a-99977071f916"},{"properties":{"displayName":"Show
audit results from Windows VMs that have the specified applications installed","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that have the specified applications installed.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"NotInstalledApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c","type":"Microsoft.Authorization/policyDefinitions","name":"7e56b49b-5990-4159-a734-511ea19b731c"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"NotInstalledApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c","type":"Microsoft.Authorization/policyDefinitions","name":"7e56b49b-5990-4159-a734-511ea19b731c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1011 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1011"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e6a54f3-883f-43d5-87c4-172dfd64a1f5","type":"Microsoft.Authorization/policyDefinitions","name":"7e6a54f3-883f-43d5-87c4-172dfd64a1f5"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that have not restarted within the specified
number of days","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that have not restarted within the specified number of days.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MachineLastBootUpTime","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e84ba44-6d03-46fd-950e-5efa5a1112fa","type":"Microsoft.Authorization/policyDefinitions","name":"7e84ba44-6d03-46fd-950e-5efa5a1112fa"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MachineLastBootUpTime","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e84ba44-6d03-46fd-950e-5efa5a1112fa","type":"Microsoft.Authorization/policyDefinitions","name":"7e84ba44-6d03-46fd-950e-5efa5a1112fa"},{"properties":{"displayName":"Microsoft
+ Managed Control 1692 - Information System Monitoring | Inbound And Outbound
+ Communications Traffic","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1692"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ecda928-9df4-4dd7-8f44-641a91e470e8","type":"Microsoft.Authorization/policyDefinitions","name":"7ecda928-9df4-4dd7-8f44-641a91e470e8"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not have the password complexity
setting enabled","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -8941,14 +14314,24 @@ interactions:
Configuration. This policy should only be used along with its corresponding
audit policy in an initiative. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordMustMeetComplexityRequirements"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","type":"Microsoft.Authorization/policyDefinitions","name":"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8"},{"properties":{"displayName":"[Preview]:
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordMustMeetComplexityRequirements"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","type":"Microsoft.Authorization/policyDefinitions","name":"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1191 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1191"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f26a61b-a74d-467c-99cf-63644db144f7","type":"Microsoft.Authorization/policyDefinitions","name":"7f26a61b-a74d-467c-99cf-63644db144f7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1520 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1520"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f2c513b-eb16-463b-b469-c10e5fa94f0a","type":"Microsoft.Authorization/policyDefinitions","name":"7f2c513b-eb16-463b-b469-c10e5fa94f0a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1126 - Audit Reduction And Report Generation | Automatic Processing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1126"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f37f71b-420f-49bf-9477-9c0196974ecf","type":"Microsoft.Authorization/policyDefinitions","name":"7f37f71b-420f-49bf-9477-9c0196974ecf"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Privilege Use''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -8959,13 +14342,28 @@ interactions:
Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPrivilegeUse","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f4e96d1-e4f3-4dbb-b767-33ca4df8df7c","type":"Microsoft.Authorization/policyDefinitions","name":"7f4e96d1-e4f3-4dbb-b767-33ca4df8df7c"},{"properties":{"displayName":"Audit
diagnostic setting","policyType":"BuiltIn","mode":"All","description":"Audit
diagnostic setting for selected resource types","metadata":{"category":"Monitoring"},"parameters":{"listOfResourceTypes":{"type":"Array","metadata":{"displayName":"Resource
- Types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypes'')]"},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","type":"Microsoft.Authorization/policyDefinitions","name":"7f89b1eb-583c-429a-8828-af049802c1d9"},{"properties":{"displayName":"SQL
+ Types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypes'')]"},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","type":"Microsoft.Authorization/policyDefinitions","name":"7f89b1eb-583c-429a-8828-af049802c1d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1117 - Audit Review, Analysis, And Reporting | Process Integration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1117"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7fbfe680-6dbb-4037-963c-a621c5635902","type":"Microsoft.Authorization/policyDefinitions","name":"7fbfe680-6dbb-4037-963c-a621c5635902"},{"properties":{"displayName":"SQL
Auditing settings should have Action-Groups configured to capture critical
activities","policyType":"BuiltIn","mode":"Indexed","description":"The AuditActionsAndGroups
property should contain at least SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,
FAILED_DATABASE_AUTHENTICATION_GROUP, BATCH_COMPLETED_GROUP to ensure a thorough
audit logging","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"FAILED_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"BATCH_COMPLETED_GROUP"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","type":"Microsoft.Authorization/policyDefinitions","name":"7ff426e2-515f-405a-91c8-4f2333442eb5"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"FAILED_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"BATCH_COMPLETED_GROUP"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","type":"Microsoft.Authorization/policyDefinitions","name":"7ff426e2-515f-405a-91c8-4f2333442eb5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1703 - Security Alerts, Advisories, And Directives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1703"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/804faf7d-b687-40f7-9f74-79e28adf4205","type":"Microsoft.Authorization/policyDefinitions","name":"804faf7d-b687-40f7-9f74-79e28adf4205"},{"properties":{"displayName":"Microsoft
+ Managed Control 1303 - Identification And Authentication (Org. Users) | Local
+ Access To Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1303"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/80ca0a27-918a-4604-af9e-723a27ee51e8","type":"Microsoft.Authorization/policyDefinitions","name":"80ca0a27-918a-4604-af9e-723a27ee51e8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1505 - Information Security Architecture","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1505"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/813a10a7-3943-4fe3-8678-00dc52db5490","type":"Microsoft.Authorization/policyDefinitions","name":"813a10a7-3943-4fe3-8678-00dc52db5490"},{"properties":{"displayName":"Microsoft
+ Managed Control 1614 - Developer Security Architecture And Design","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1614"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8154e3b3-cc52-40be-9407-7756581d71f6","type":"Microsoft.Authorization/policyDefinitions","name":"8154e3b3-cc52-40be-9407-7756581d71f6"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''User Rights Assignment''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
with non-compliant settings in Group Policy category: ''User Rights Assignment''.
@@ -9066,7 +14464,35 @@ interactions:
files and directories;ExpectedValue","value":"[parameters(''UsersAndGroupsThatMayRestoreFilesAndDirectories'')]"},{"name":"Shut
down the system;ExpectedValue","value":"[parameters(''UsersAndGroupsThatMayShutDownTheSystem'')]"},{"name":"Take
ownership of files or other objects;ExpectedValue","value":"[parameters(''UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/815dcc9f-6662-43f2-9a03-1b83e9876f24","type":"Microsoft.Authorization/policyDefinitions","name":"815dcc9f-6662-43f2-9a03-1b83e9876f24"},{"properties":{"displayName":"Diagnostic
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/815dcc9f-6662-43f2-9a03-1b83e9876f24","type":"Microsoft.Authorization/policyDefinitions","name":"815dcc9f-6662-43f2-9a03-1b83e9876f24"},{"properties":{"displayName":"Microsoft
+ Managed Control 1308 - Identification And Authentication (Org. Users) | Remote
+ Access - Separate Device","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1308"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/81817e1c-5347-48dd-965a-40159d008229","type":"Microsoft.Authorization/policyDefinitions","name":"81817e1c-5347-48dd-965a-40159d008229"},{"properties":{"displayName":"Microsoft
+ Managed Control 1287 - Information System Backup","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1287"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/819dc6da-289d-476e-8500-7e341ef8677d","type":"Microsoft.Authorization/policyDefinitions","name":"819dc6da-289d-476e-8500-7e341ef8677d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1213 - Configuration Settings | Respond To Unauthorized Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1213"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/81f11e32-a293-4a58-82cd-134af52e2318","type":"Microsoft.Authorization/policyDefinitions","name":"81f11e32-a293-4a58-82cd-134af52e2318"},{"properties":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for MySQL","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure Database for MySQL with geo-redundant backup not enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMySQL/servers"},{"field":"Microsoft.DBforMySQL/servers/storageProfile.geoRedundantBackup","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","type":"Microsoft.Authorization/policyDefinitions","name":"82339799-d096-41ae-8538-b108becf0970"},{"properties":{"displayName":"Microsoft
+ Managed Control 1168 - Continuous Monitoring | Independent Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1168"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/82409f9e-1f32-4775-bf07-b99d53a91b06","type":"Microsoft.Authorization/policyDefinitions","name":"82409f9e-1f32-4775-bf07-b99d53a91b06"},{"properties":{"displayName":"Microsoft
+ Managed Control 1448 - Physical Access Authorizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1448"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/825d6494-e583-42f2-a3f2-6458e6f0004f","type":"Microsoft.Authorization/policyDefinitions","name":"825d6494-e583-42f2-a3f2-6458e6f0004f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1452 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1452"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/82c76455-4d3f-4e09-a654-22e592107e74","type":"Microsoft.Authorization/policyDefinitions","name":"82c76455-4d3f-4e09-a654-22e592107e74"},{"properties":{"displayName":"Microsoft
+ Managed Control 1262 - Contingency Plan Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1262"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/831e510e-db41-4c72-888e-a0621ab62265","type":"Microsoft.Authorization/policyDefinitions","name":"831e510e-db41-4c72-888e-a0621ab62265"},{"properties":{"displayName":"Microsoft
+ Managed Control 1008 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1008"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8356cfc6-507a-4d20-b818-08038011cd07","type":"Microsoft.Authorization/policyDefinitions","name":"8356cfc6-507a-4d20-b818-08038011cd07"},{"properties":{"displayName":"Diagnostic
logs in Event Hub should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
@@ -9078,7 +14504,48 @@ interactions:
policy denies the network interfaces which are configured with any public
IP. Public IP addresses allow internet resources to communicate inbound to
Azure resources, and Azure resources to communicate outbound to the internet.
- This should be reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"not":{"field":"Microsoft.Network/networkInterfaces/ipconfigurations[*].publicIpAddress.id","notLike":"*"}}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114","type":"Microsoft.Authorization/policyDefinitions","name":"83a86a26-fd1f-447c-b59d-e51f44264114"},{"properties":{"displayName":"[Preview]:
+ This should be reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"not":{"field":"Microsoft.Network/networkInterfaces/ipconfigurations[*].publicIpAddress.id","notLike":"*"}}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114","type":"Microsoft.Authorization/policyDefinitions","name":"83a86a26-fd1f-447c-b59d-e51f44264114"},{"properties":{"displayName":"Microsoft
+ Managed Control 1382 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1382"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/841392b3-40da-4473-b328-4cde49db67b3","type":"Microsoft.Authorization/policyDefinitions","name":"841392b3-40da-4473-b328-4cde49db67b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1098 - Security Training Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1098"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/84363adb-dde3-411a-9fc1-36b56737f822","type":"Microsoft.Authorization/policyDefinitions","name":"84363adb-dde3-411a-9fc1-36b56737f822"},{"properties":{"displayName":"Ensure
+ that ''.Net Framework'' version is the latest, if used as a part of the Web
+ app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for .Net Framework software either due to security
+ flaws or to include additional functionality. Using the latest .Net framework
+ version for web apps is recommended in order to to take advantage of security
+ fixes, if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.netFrameworkVersion","in":["v3.0","v4.0"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/843664e0-7563-41ee-a9cb-7522c382d2c4","type":"Microsoft.Authorization/policyDefinitions","name":"843664e0-7563-41ee-a9cb-7522c382d2c4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1119 - Audit Review, Analysis, And Reporting | Central Review
+ And Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1119"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/845f6359-b764-4b40-b579-657aefe23c44","type":"Microsoft.Authorization/policyDefinitions","name":"845f6359-b764-4b40-b579-657aefe23c44"},{"properties":{"displayName":"Microsoft
+ Managed Control 1024 - Account Management | Account Monitoring / Atypical
+ Usage","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1024"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/84914fb4-12da-4c53-a341-a9fd463bed10","type":"Microsoft.Authorization/policyDefinitions","name":"84914fb4-12da-4c53-a341-a9fd463bed10"},{"properties":{"displayName":"Microsoft
+ Managed Control 1307 - Identification And Authentication (Org. Users) | Net.
+ Access To Non-Priv. Accts. - Replay","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1307"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/84e622c8-4bed-417c-84c6-b2fb0dd73682","type":"Microsoft.Authorization/policyDefinitions","name":"84e622c8-4bed-417c-84c6-b2fb0dd73682"},{"properties":{"displayName":"Microsoft
+ Managed Control 1080 - Use Of External Information Systems | Portable Storage
+ Devices","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1080"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/852981b4-a380-4704-aa1e-2e52d63445e5","type":"Microsoft.Authorization/policyDefinitions","name":"852981b4-a380-4704-aa1e-2e52d63445e5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1580 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1580"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/854db8ac-6adf-42a0-bef3-b73f764f40b9","type":"Microsoft.Authorization/policyDefinitions","name":"854db8ac-6adf-42a0-bef3-b73f764f40b9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1348 - Identification And Authentication (Non-Org. Users)
+ | Acceptance Of Third-Party Credentials","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1348"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/855ced56-417b-4d74-9d5f-dd1bc81e22d6","type":"Microsoft.Authorization/policyDefinitions","name":"855ced56-417b-4d74-9d5f-dd1bc81e22d6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1079 - Use Of External Information Systems | Limits On Authorized
+ Use","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1079"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/85c32733-7d23-4948-88da-058e2c56b60f","type":"Microsoft.Authorization/policyDefinitions","name":"85c32733-7d23-4948-88da-058e2c56b60f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1326 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1326"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8605fc00-1bf5-4fb3-984e-c95cec4f231d","type":"Microsoft.Authorization/policyDefinitions","name":"8605fc00-1bf5-4fb3-984e-c95cec4f231d"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Microsoft Network Server''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -9096,11 +14563,39 @@ interactions:
updates should be installed on your machines","policyType":"BuiltIn","mode":"All","description":"Missing
security system updates on your servers will be monitored by Azure Security
Center as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"systemUpdates","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","type":"Microsoft.Authorization/policyDefinitions","name":"86b3d65f-7626-441e-b690-81a8b71cff60"},{"properties":{"displayName":"Require
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"systemUpdates","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","type":"Microsoft.Authorization/policyDefinitions","name":"86b3d65f-7626-441e-b690-81a8b71cff60"},{"properties":{"displayName":"Microsoft
+ Managed Control 1507 - Personnel Security Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1507"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86ccd1bf-e7ad-4851-93ce-6ec817469c1e","type":"Microsoft.Authorization/policyDefinitions","name":"86ccd1bf-e7ad-4851-93ce-6ec817469c1e"},{"properties":{"displayName":"Ensure
+ that Register with Azure Active Directory is enabled on API app","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86d97760-d216-4d81-a3ad-163087b2b6c3","type":"Microsoft.Authorization/policyDefinitions","name":"86d97760-d216-4d81-a3ad-163087b2b6c3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1392 - Information Spillage Response | Post-Spill Operations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1392"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86dc819f-15e1-43f9-a271-41ae58d4cecc","type":"Microsoft.Authorization/policyDefinitions","name":"86dc819f-15e1-43f9-a271-41ae58d4cecc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1589 - External Information System Services | Risk Assessments
+ / Organizational Approvals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1589"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86ec7f9b-9478-40ff-8cfd-6a0d510081a8","type":"Microsoft.Authorization/policyDefinitions","name":"86ec7f9b-9478-40ff-8cfd-6a0d510081a8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1207 - Access Restrictions For Change | Limit Production /
+ Operational Privileges","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1207"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8713a0ed-0d1e-4d10-be82-83dffb39830e","type":"Microsoft.Authorization/policyDefinitions","name":"8713a0ed-0d1e-4d10-be82-83dffb39830e"},{"properties":{"displayName":"Require
specified tag","policyType":"BuiltIn","mode":"Indexed","description":"Enforces
existence of a tag. Does not apply to resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","exists":"false"},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/871b6d14-10aa-478d-b590-94f262ecfa99","type":"Microsoft.Authorization/policyDefinitions","name":"871b6d14-10aa-478d-b590-94f262ecfa99"},{"properties":{"displayName":"[Preview]:
+ parameters(''tagName''), '']'')]","exists":"false"},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/871b6d14-10aa-478d-b590-94f262ecfa99","type":"Microsoft.Authorization/policyDefinitions","name":"871b6d14-10aa-478d-b590-94f262ecfa99"},{"properties":{"displayName":"Microsoft
+ Managed Control 1180 - Baseline Configuration | Automation Support For Accuracy
+ / Currency","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1180"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/874e7880-a067-42a7-bcbe-1a340f54c8cc","type":"Microsoft.Authorization/policyDefinitions","name":"874e7880-a067-42a7-bcbe-1a340f54c8cc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1635 - Boundary Protection | Host-Based Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1635"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e","type":"Microsoft.Authorization/policyDefinitions","name":"87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Administrative Templates
- Control Panel''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -9108,7 +14603,18 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Administrative Templates - Control Panel''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesControlPanel","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/87b590fe-4a1d-4697-ae74-d4fe72ab786c","type":"Microsoft.Authorization/policyDefinitions","name":"87b590fe-4a1d-4697-ae74-d4fe72ab786c"},{"properties":{"displayName":"Deploy
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesControlPanel","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/87b590fe-4a1d-4697-ae74-d4fe72ab786c","type":"Microsoft.Authorization/policyDefinitions","name":"87b590fe-4a1d-4697-ae74-d4fe72ab786c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1293 - Information System Backup | Separate Storage For Critical
+ Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1293"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/87f7cd82-2e45-4d0f-9e2f-586b0962d142","type":"Microsoft.Authorization/policyDefinitions","name":"87f7cd82-2e45-4d0f-9e2f-586b0962d142"},{"properties":{"displayName":"Microsoft
+ Managed Control 1440 - Media Sanitization | Review / Approve / Track / Document
+ / Verify","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1440"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/881299bf-2a5b-4686-a1b2-321d33679953","type":"Microsoft.Authorization/policyDefinitions","name":"881299bf-2a5b-4686-a1b2-321d33679953"},{"properties":{"displayName":"Microsoft
+ Managed Control 1356 - Incident Response Training | Simulated Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1356"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8829f8f5-e8be-441e-85c9-85b72a5d0ef3","type":"Microsoft.Authorization/policyDefinitions","name":"8829f8f5-e8be-441e-85c9-85b72a5d0ef3"},{"properties":{"displayName":"Deploy
prerequisites to audit Linux VMs that have the specified applications installed","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Linux virtual machines
that have the specified applications installed. It also creates a system-assigned
@@ -9128,15 +14634,37 @@ interactions:
['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0","type":"Microsoft.Authorization/policyDefinitions","name":"884b209a-963b-4520-8006-d20cb3c213e0"},{"properties":{"displayName":"Network
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0","type":"Microsoft.Authorization/policyDefinitions","name":"884b209a-963b-4520-8006-d20cb3c213e0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1317 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1317"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8877f519-c166-47b7-81b7-8a8eb4ff3775","type":"Microsoft.Authorization/policyDefinitions","name":"8877f519-c166-47b7-81b7-8a8eb4ff3775"},{"properties":{"displayName":"Microsoft
+ Managed Control 1501 - Rules Of Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1501"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88817b58-8472-4f6c-81fa-58ce42b67f51","type":"Microsoft.Authorization/policyDefinitions","name":"88817b58-8472-4f6c-81fa-58ce42b67f51"},{"properties":{"displayName":"Ensure
+ that ''Java version'' is the latest, if used as a part of the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Java either due to security flaws or to include
+ additional functionality. Using the latest Python version for Api apps is
+ recommended in order to to take advantage of security fixes, if any, and/or
+ new functionalities of the latest version.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ Java version","description":"Latest supported Java version for App Services"},"defaultValue":"11"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"JAVA"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","like":"[concat(''*'',
+ parameters(''JavaLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.javaVersion","like":"[concat(parameters(''JavaLatestVersion''),
+ ''*'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","type":"Microsoft.Authorization/policyDefinitions","name":"88999f4c-376a-45c8-bcb3-4058f713cf39"},{"properties":{"displayName":"Network
interfaces should disable IP forwarding","policyType":"BuiltIn","mode":"Indexed","description":"This
policy denies the network interfaces which enabled IP forwarding. The setting
of IP forwarding disables Azure''s check of the source and destination for
- a network interface. This should be reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"field":"Microsoft.Network/networkInterfaces/enableIpForwarding","equals":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900","type":"Microsoft.Authorization/policyDefinitions","name":"88c0b9da-ce96-4b03-9635-f29a937e2900"},{"properties":{"displayName":"SQL
+ a network interface. This should be reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"field":"Microsoft.Network/networkInterfaces/enableIpForwarding","equals":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900","type":"Microsoft.Authorization/policyDefinitions","name":"88c0b9da-ce96-4b03-9635-f29a937e2900"},{"properties":{"displayName":"Microsoft
+ Managed Control 1215 - Least Functionality","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1215"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88fc93e8-4745-4785-b5a5-b44bb92c44ff","type":"Microsoft.Authorization/policyDefinitions","name":"88fc93e8-4745-4785-b5a5-b44bb92c44ff"},{"properties":{"displayName":"SQL
servers should be configured with auditing retention days greater than 90
days.","policyType":"BuiltIn","mode":"Indexed","description":"Audit SQL servers
configured with an auditing retention period of less than 90 days.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/auditingSettings/retentionDays","greater":90}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","type":"Microsoft.Authorization/policyDefinitions","name":"89099bee-89e0-4b26-a5f4-165451757743"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/auditingSettings/retentionDays","greater":90}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","type":"Microsoft.Authorization/policyDefinitions","name":"89099bee-89e0-4b26-a5f4-165451757743"},{"properties":{"displayName":"Microsoft
+ Managed Control 1411 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1411"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/898d4fe8-f743-4333-86b7-0c9245d93e7d","type":"Microsoft.Authorization/policyDefinitions","name":"898d4fe8-f743-4333-86b7-0c9245d93e7d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1092 - Security Awareness Training | Insider Threat","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1092"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8a29d47b-8604-4667-84ef-90d203fcb305","type":"Microsoft.Authorization/policyDefinitions","name":"8a29d47b-8604-4667-84ef-90d203fcb305"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
System settings''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -9150,19 +14678,60 @@ interactions:
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines with a pending reboot. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8b0de57a-f511-4d45-a277-17cb79cb163b","type":"Microsoft.Authorization/policyDefinitions","name":"8b0de57a-f511-4d45-a277-17cb79cb163b"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8b0de57a-f511-4d45-a277-17cb79cb163b","type":"Microsoft.Authorization/policyDefinitions","name":"8b0de57a-f511-4d45-a277-17cb79cb163b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1534 - Personnel Sanctions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1534"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8b2b263e-cd05-4488-bcbf-4debec7a17d9","type":"Microsoft.Authorization/policyDefinitions","name":"8b2b263e-cd05-4488-bcbf-4debec7a17d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1170 - Penetration Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1170"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8b78b9b3-ee3c-48e0-a243-ed6dba5b7a12","type":"Microsoft.Authorization/policyDefinitions","name":"8b78b9b3-ee3c-48e0-a243-ed6dba5b7a12"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Windows Firewall Properties''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Windows Firewall Properties''. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsFirewallProperties","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8bbd627e-4d25-4906-9a6e-3789780af3ec","type":"Microsoft.Authorization/policyDefinitions","name":"8bbd627e-4d25-4906-9a6e-3789780af3ec"},{"properties":{"displayName":"Require
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsFirewallProperties","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8bbd627e-4d25-4906-9a6e-3789780af3ec","type":"Microsoft.Authorization/policyDefinitions","name":"8bbd627e-4d25-4906-9a6e-3789780af3ec"},{"properties":{"displayName":"Ensure
+ that ''HTTP Version'' is the latest, if used to run the Web app","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.http20Enabled","Equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae","type":"Microsoft.Authorization/policyDefinitions","name":"8c122334-9d20-4eb8-89ea-ac9a705b74ae"},{"properties":{"displayName":"Microsoft
+ Managed Control 1458 - Physical Access Control | Information System Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1458"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8c19ceb7-56e9-4488-8ddb-b1eb3aa6d203","type":"Microsoft.Authorization/policyDefinitions","name":"8c19ceb7-56e9-4488-8ddb-b1eb3aa6d203"},{"properties":{"displayName":"Microsoft
+ Managed Control 1683 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1683"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8c79fee4-88dd-44ce-bbd4-4de88948c4f8","type":"Microsoft.Authorization/policyDefinitions","name":"8c79fee4-88dd-44ce-bbd4-4de88948c4f8"},{"properties":{"displayName":"Latest
+ TLS version should be used in your API App","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
+ to the latest TLS version","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","type":"Microsoft.Authorization/policyDefinitions","name":"8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1316 - Identifier Management | Identify User Status","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1316"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ce14753-66e5-465d-9841-26ef55c09c0d","type":"Microsoft.Authorization/policyDefinitions","name":"8ce14753-66e5-465d-9841-26ef55c09c0d"},{"properties":{"displayName":"Require
tag and its value on resource groups","policyType":"BuiltIn","mode":"All","description":"Enforces
a required tag and its value on resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","notEquals":"[parameters(''tagValue'')]"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46","type":"Microsoft.Authorization/policyDefinitions","name":"8ce3da23-7156-49e4-b145-24f95f9dcb46"},{"properties":{"displayName":"[Preview]:
+ parameters(''tagName''), '']'')]","notEquals":"[parameters(''tagValue'')]"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46","type":"Microsoft.Authorization/policyDefinitions","name":"8ce3da23-7156-49e4-b145-24f95f9dcb46"},{"properties":{"displayName":"Microsoft
+ Managed Control 1324 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1324"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8cfea2b3-7f77-497e-ac20-0752f2ff6eee","type":"Microsoft.Authorization/policyDefinitions","name":"8cfea2b3-7f77-497e-ac20-0752f2ff6eee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1225 - Information System Component Inventory | Automated
+ Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1225"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8d096fe0-f510-4486-8b4d-d17dc230980b","type":"Microsoft.Authorization/policyDefinitions","name":"8d096fe0-f510-4486-8b4d-d17dc230980b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1288 - Information System Backup","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1288"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f","type":"Microsoft.Authorization/policyDefinitions","name":"8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1281 - Telecommunications Services | Priority Of Service Provisions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1281"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8dc459b3-0e77-45af-8d71-cfd8c9654fe2","type":"Microsoft.Authorization/policyDefinitions","name":"8dc459b3-0e77-45af-8d71-cfd8c9654fe2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1250 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1250"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8de614d8-a8b7-4f70-a62a-6d37089a002c","type":"Microsoft.Authorization/policyDefinitions","name":"8de614d8-a8b7-4f70-a62a-6d37089a002c"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - Object Access''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -9191,7 +14760,22 @@ interactions:
Detailed File Share;ExpectedValue","value":"[parameters(''AuditDetailedFileShare'')]"},{"name":"Audit
File Share;ExpectedValue","value":"[parameters(''AuditFileShare'')]"},{"name":"Audit
File System;ExpectedValue","value":"[parameters(''AuditFileSystem'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8e170edb-e0f5-497a-bb36-48b3280cec6a","type":"Microsoft.Authorization/policyDefinitions","name":"8e170edb-e0f5-497a-bb36-48b3280cec6a"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8e170edb-e0f5-497a-bb36-48b3280cec6a","type":"Microsoft.Authorization/policyDefinitions","name":"8e170edb-e0f5-497a-bb36-48b3280cec6a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1278 - Alternate Processing Site | Preparation For Use","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1278"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8e5ef485-9e16-4c53-a475-fbb8107eac59","type":"Microsoft.Authorization/policyDefinitions","name":"8e5ef485-9e16-4c53-a475-fbb8107eac59"},{"properties":{"displayName":"Microsoft
+ Managed Control 1517 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1517"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8f5ad423-50d6-4617-b058-69908f5586c9","type":"Microsoft.Authorization/policyDefinitions","name":"8f5ad423-50d6-4617-b058-69908f5586c9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1668 - Flaw Remediation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1668"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8fb0966e-be1d-42c3-baca-60df5c0bcc61","type":"Microsoft.Authorization/policyDefinitions","name":"8fb0966e-be1d-42c3-baca-60df5c0bcc61"},{"properties":{"displayName":"Microsoft
+ Managed Control 1013 - Account Management | Automated System Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1013"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8fd7b917-d83b-4379-af60-51e14e316c61","type":"Microsoft.Authorization/policyDefinitions","name":"8fd7b917-d83b-4379-af60-51e14e316c61"},{"properties":{"displayName":"Microsoft
+ Managed Control 1147 - Security Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1147"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8fef824a-29a8-4a4c-88fc-420a39c0d541","type":"Microsoft.Authorization/policyDefinitions","name":"8fef824a-29a8-4a4c-88fc-420a39c0d541"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not store passwords using
reversible encryption","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -9199,14 +14783,17 @@ interactions:
system-assigned managed identity and deploys the VM extension for Guest Configuration.
This policy should only be used along with its corresponding audit policy
in an initiative. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"StorePasswordsUsingReversibleEncryption","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"StorePasswordsUsingReversibleEncryption"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","type":"Microsoft.Authorization/policyDefinitions","name":"8ff0b18b-262e-4512-857a-48ad0aeb9a78"},{"properties":{"displayName":"[Preview]:
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"StorePasswordsUsingReversibleEncryption","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"StorePasswordsUsingReversibleEncryption"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","type":"Microsoft.Authorization/policyDefinitions","name":"8ff0b18b-262e-4512-857a-48ad0aeb9a78"},{"properties":{"displayName":"Microsoft
+ Managed Control 1550 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1550"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/902908fb-25a8-4225-a3a5-5603c80066c9","type":"Microsoft.Authorization/policyDefinitions","name":"902908fb-25a8-4225-a3a5-5603c80066c9"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Windows Firewall
Properties''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -9339,7 +14926,10 @@ interactions:
Firewall: Domain: Allow unicast response;ExpectedValue","value":"[parameters(''WindowsFirewallDomainAllowUnicastResponse'')]"},{"name":"Windows
Firewall: Private: Allow unicast response;ExpectedValue","value":"[parameters(''WindowsFirewallPrivateAllowUnicastResponse'')]"},{"name":"Windows
Firewall: Public: Allow unicast response;ExpectedValue","value":"[parameters(''WindowsFirewallPublicAllowUnicastResponse'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/909c958d-1b99-4c74-b88f-46a5c5bc34f9","type":"Microsoft.Authorization/policyDefinitions","name":"909c958d-1b99-4c74-b88f-46a5c5bc34f9"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/909c958d-1b99-4c74-b88f-46a5c5bc34f9","type":"Microsoft.Authorization/policyDefinitions","name":"909c958d-1b99-4c74-b88f-46a5c5bc34f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1133 - Protection Of Audit Information | Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1133"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90b60a09-133d-45bc-86ef-b206a6134bbe","type":"Microsoft.Authorization/policyDefinitions","name":"90b60a09-133d-45bc-86ef-b206a6134bbe"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that do not have the specified Windows
PowerShell modules installed","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -9361,19 +14951,40 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellModules]PowerShellModules1;Modules","value":"[parameters(''Modules'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90ba2ee7-4ca8-4673-84d1-c851c50d3baf","type":"Microsoft.Authorization/policyDefinitions","name":"90ba2ee7-4ca8-4673-84d1-c851c50d3baf"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90ba2ee7-4ca8-4673-84d1-c851c50d3baf","type":"Microsoft.Authorization/policyDefinitions","name":"90ba2ee7-4ca8-4673-84d1-c851c50d3baf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1140 - Audit Generation | System-Wide / Time-Correlated Audit
+ Trail","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1140"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90d8b8ad-8ee3-4db7-913f-2a53fcff5316","type":"Microsoft.Authorization/policyDefinitions","name":"90d8b8ad-8ee3-4db7-913f-2a53fcff5316"},{"properties":{"displayName":"Microsoft
+ Managed Control 1355 - Incident Response Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1355"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90e01f69-3074-4de8-ade7-0fef3e7d83e0","type":"Microsoft.Authorization/policyDefinitions","name":"90e01f69-3074-4de8-ade7-0fef3e7d83e0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1657 - Secure Name / Address Resolution Service (Authoritative
+ Source)","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1657"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90f01329-a100-43c2-af31-098996135d2b","type":"Microsoft.Authorization/policyDefinitions","name":"90f01329-a100-43c2-af31-098996135d2b"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Windows Components''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Windows Components''. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsComponents","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9178b430-2295-406e-bb28-f6a7a2a2f897","type":"Microsoft.Authorization/policyDefinitions","name":"9178b430-2295-406e-bb28-f6a7a2a2f897"},{"properties":{"displayName":"MFA
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsComponents","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9178b430-2295-406e-bb28-f6a7a2a2f897","type":"Microsoft.Authorization/policyDefinitions","name":"9178b430-2295-406e-bb28-f6a7a2a2f897"},{"properties":{"displayName":"Microsoft
+ Managed Control 1069 - Wireless Access | Authentication And Encryption","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1069"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/91c97b44-791e-46e9-bad7-ab7c4949edbb","type":"Microsoft.Authorization/policyDefinitions","name":"91c97b44-791e-46e9-bad7-ab7c4949edbb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1370 - Incident Monitoring | Automated Tracking / Data Collection
+ / Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1370"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/924e1b2d-c502-478f-bfdb-a7e09a0d5c01","type":"Microsoft.Authorization/policyDefinitions","name":"924e1b2d-c502-478f-bfdb-a7e09a0d5c01"},{"properties":{"displayName":"MFA
should be enabled accounts with write permissions on your subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor
Authentication (MFA) should be enabled for all subscription accounts with
write privileges to prevent a breach of accounts or resources.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","type":"Microsoft.Authorization/policyDefinitions","name":"9297c21d-2ed6-4474-b48f-163f75654ce3"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","type":"Microsoft.Authorization/policyDefinitions","name":"9297c21d-2ed6-4474-b48f-163f75654ce3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1290 - Information System Backup","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1290"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/92f85ce9-17b7-49ea-85ee-ea7271ea6b82","type":"Microsoft.Authorization/policyDefinitions","name":"92f85ce9-17b7-49ea-85ee-ea7271ea6b82"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that contain certificates expiring within
the specified number of days","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -9401,19 +15012,53 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToInclude","value":"[parameters(''MembersToInclude'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","type":"Microsoft.Authorization/policyDefinitions","name":"93507a81-10a4-4af0-9ee2-34cf25a96e98"},{"properties":{"displayName":"[Deprecated]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","type":"Microsoft.Authorization/policyDefinitions","name":"93507a81-10a4-4af0-9ee2-34cf25a96e98"},{"properties":{"displayName":"Microsoft
+ Managed Control 1575 - Acquisition Process | Functional Properties Of Security
+ Controls","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1575"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93e1bb73-1b08-4dbe-9c62-8e2e92e7ec41","type":"Microsoft.Authorization/policyDefinitions","name":"93e1bb73-1b08-4dbe-9c62-8e2e92e7ec41"},{"properties":{"displayName":"Microsoft
+ Managed Control 1674 - Flaw Remediation | Time To Remediate Flaws / Benchmarks
+ For Corrective Actions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1674"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93e9e233-dd0a-4bde-aea5-1371bce0e002","type":"Microsoft.Authorization/policyDefinitions","name":"93e9e233-dd0a-4bde-aea5-1371bce0e002"},{"properties":{"displayName":"Microsoft
+ Managed Control 1297 - Information System Recovery And Reconstitution | Restore
+ Within Time Period","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1297"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93fd8af1-c161-4bae-9ba9-f62731f76439","type":"Microsoft.Authorization/policyDefinitions","name":"93fd8af1-c161-4bae-9ba9-f62731f76439"},{"properties":{"displayName":"Microsoft
+ Managed Control 1284 - Telecommunications Services | Provider Contingency
+ Plan","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1284"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/942b3e97-6ae3-410e-a794-c9c999b97c0b","type":"Microsoft.Authorization/policyDefinitions","name":"942b3e97-6ae3-410e-a794-c9c999b97c0b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1379 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1379"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9442dd2c-a07f-46cd-b55a-553b66ba47ca","type":"Microsoft.Authorization/policyDefinitions","name":"9442dd2c-a07f-46cd-b55a-553b66ba47ca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1371 - Incident Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1371"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9447f354-2c85-4700-93b3-ecdc6cb6a417","type":"Microsoft.Authorization/policyDefinitions","name":"9447f354-2c85-4700-93b3-ecdc6cb6a417"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation only in European data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
- resource creation in the following locations only: North Europe, West Europe","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["northeurope","westeurope"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b","type":"Microsoft.Authorization/policyDefinitions","name":"94c19f19-8192-48cd-a11b-e37099d3e36b"},{"properties":{"displayName":"Require
+ resource creation in the following locations only: North Europe, West Europe","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["northeurope","westeurope"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b","type":"Microsoft.Authorization/policyDefinitions","name":"94c19f19-8192-48cd-a11b-e37099d3e36b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1526 - Access Agreements","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1526"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/953e6261-a05a-44fd-8246-000e1a3edbb9","type":"Microsoft.Authorization/policyDefinitions","name":"953e6261-a05a-44fd-8246-000e1a3edbb9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1163 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1163"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/961663a1-8a91-4e59-b6f5-1eee57c0f49c","type":"Microsoft.Authorization/policyDefinitions","name":"961663a1-8a91-4e59-b6f5-1eee57c0f49c"},{"properties":{"displayName":"Require
specified tag on resource groups","policyType":"BuiltIn","mode":"All","description":"Enforces
existence of a tag on resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/96670d01-0a4d-4649-9c89-2d3abc0a5025","type":"Microsoft.Authorization/policyDefinitions","name":"96670d01-0a4d-4649-9c89-2d3abc0a5025"},{"properties":{"displayName":"Advanced
+ parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/96670d01-0a4d-4649-9c89-2d3abc0a5025","type":"Microsoft.Authorization/policyDefinitions","name":"96670d01-0a4d-4649-9c89-2d3abc0a5025"},{"properties":{"displayName":"Microsoft
+ Managed Control 1717 - Software, Firmware, And Information Integrity | Binary
+ Or Machine Executable Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1717"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef","type":"Microsoft.Authorization/policyDefinitions","name":"967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef"},{"properties":{"displayName":"Advanced
data security settings for SQL server should contain an email address to receive
security alerts","policyType":"BuiltIn","mode":"Indexed","description":"Ensure
that an email address is provided for the ''Send alerts to'' field in the
Advanced Data Security server settings. This email address receives alert
notifications when anomalous activities are detected on SQL servers.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAddresses[*]","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","type":"Microsoft.Authorization/policyDefinitions","name":"9677b740-f641-4f3c-b9c5-466005c85278"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAddresses[*]","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","type":"Microsoft.Authorization/policyDefinitions","name":"9677b740-f641-4f3c-b9c5-466005c85278"},{"properties":{"displayName":"Microsoft
+ Managed Control 1453 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1453"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9693b564-3008-42bc-9d5d-9c7fe198c011","type":"Microsoft.Authorization/policyDefinitions","name":"9693b564-3008-42bc-9d5d-9c7fe198c011"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Adminstrative Templates
- MSS (Legacy)''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -9421,7 +15066,11 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Adminstrative Templates - MSS (Legacy)''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdminstrativeTemplatesMSSLegacy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97646672-5efa-4622-9b54-740270ad60bf","type":"Microsoft.Authorization/policyDefinitions","name":"97646672-5efa-4622-9b54-740270ad60bf"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdminstrativeTemplatesMSSLegacy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97646672-5efa-4622-9b54-740270ad60bf","type":"Microsoft.Authorization/policyDefinitions","name":"97646672-5efa-4622-9b54-740270ad60bf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1607 - Developer Security Testing And Evaluation | Dynamic
+ Code Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1607"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/976a74cf-b192-4d35-8cab-2068f272addb","type":"Microsoft.Authorization/policyDefinitions","name":"976a74cf-b192-4d35-8cab-2068f272addb"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - Policy Change''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -9446,7 +15095,13 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit
Authentication Policy Change;ExpectedValue","value":"[parameters(''AuditAuthenticationPolicyChange'')]"},{"name":"Audit
Authorization Policy Change;ExpectedValue","value":"[parameters(''AuditAuthorizationPolicyChange'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97b595c8-fd10-400e-8543-28e2b9138b13","type":"Microsoft.Authorization/policyDefinitions","name":"97b595c8-fd10-400e-8543-28e2b9138b13"},{"properties":{"displayName":"[Deprecated]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97b595c8-fd10-400e-8543-28e2b9138b13","type":"Microsoft.Authorization/policyDefinitions","name":"97b595c8-fd10-400e-8543-28e2b9138b13"},{"properties":{"displayName":"Microsoft
+ Managed Control 1136 - Audit Record Retention","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1136"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97ed5bac-a92f-4f6d-a8ed-dc094723597c","type":"Microsoft.Authorization/policyDefinitions","name":"97ed5bac-a92f-4f6d-a8ed-dc094723597c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1378 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1378"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97fceb70-6983-42d0-9331-18ad8253184d","type":"Microsoft.Authorization/policyDefinitions","name":"97fceb70-6983-42d0-9331-18ad8253184d"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation only in United States data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation in the following locations only: Central US, East US, East
US2, North Central US, South Central US, West US","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["centralus","eastus","eastus2","northcentralus","southcentralus","westus"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869","type":"Microsoft.Authorization/policyDefinitions","name":"983211ba-f348-4758-983b-21fa29294869"},{"properties":{"displayName":"[Preview]:
@@ -9476,7 +15131,33 @@ interactions:
insecure guest logons;ExpectedValue","value":"[parameters(''EnableInsecureGuestLogons'')]"},{"name":"Minimize
the number of simultaneous connections to the Internet or a Windows Domain;ExpectedValue","value":"[parameters(''AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain'')]"},{"name":"Turn
off multicast name resolution;ExpectedValue","value":"[parameters(''TurnOffMulticastNameResolution'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/985285b7-b97a-419c-8d48-c88cc934c8d8","type":"Microsoft.Authorization/policyDefinitions","name":"985285b7-b97a-419c-8d48-c88cc934c8d8"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/985285b7-b97a-419c-8d48-c88cc934c8d8","type":"Microsoft.Authorization/policyDefinitions","name":"985285b7-b97a-419c-8d48-c88cc934c8d8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1076 - Use Of External Information Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1076"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/98a4bd5f-6436-46d4-ad00-930b5b1dfed4","type":"Microsoft.Authorization/policyDefinitions","name":"98a4bd5f-6436-46d4-ad00-930b5b1dfed4"},{"properties":{"displayName":"Ensure
+ that ''HTTP Version'' is the latest, if used to run the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for HTTP either due to security flaws or to include
+ additional functionality. Using the latest HTTP version for web apps to take
+ advantage of security fixes, if any, and/or new functionalities of the newer
+ version.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.http20Enabled","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db","type":"Microsoft.Authorization/policyDefinitions","name":"991310cd-e9f3-47bc-b7b6-f57b557d07db"},{"properties":{"displayName":"Microsoft
+ Managed Control 1102 - Audit Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1102"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9943c16a-c54c-4b4a-ad28-bfd938cdbf57","type":"Microsoft.Authorization/policyDefinitions","name":"9943c16a-c54c-4b4a-ad28-bfd938cdbf57"},{"properties":{"displayName":"Microsoft
+ Managed Control 1300 - Identification And Authentication (Organizational Users)","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1300"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/99deec7d-5526-472e-b07c-3645a792026a","type":"Microsoft.Authorization/policyDefinitions","name":"99deec7d-5526-472e-b07c-3645a792026a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1036 - Least Privilege | Non-Privileged Access For Nonsecurity
+ Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1036"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9a16d673-8cf0-4dcf-b1d5-9b3e114fef71","type":"Microsoft.Authorization/policyDefinitions","name":"9a16d673-8cf0-4dcf-b1d5-9b3e114fef71"},{"properties":{"displayName":"FTPS
+ only should be required in your API App","policyType":"BuiltIn","mode":"Indexed","description":"Enable
+ FTPS enforcement for enhanced security","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/ftpsState","equals":"FtpsOnly"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5","type":"Microsoft.Authorization/policyDefinitions","name":"9a1b8c48-453a-4044-86c3-d8bfd823e4f5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1021 - Account Management | Restrictions On Use Of Shared
+ / Group Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1021"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9a3eb0a3-428d-4669-baff-20a14eb4b551","type":"Microsoft.Authorization/policyDefinitions","name":"9a3eb0a3-428d-4669-baff-20a14eb4b551"},{"properties":{"displayName":"Deploy
Diagnostic Settings for Azure SQL Database to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
the diagnostic settings for Azure SQL Database to stream to a regional Event
Hub on any Azure SQL Database which is missing this diagnostic settings is
@@ -9493,21 +15174,84 @@ interactions:
or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"fullName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"resources":[{"type":"Microsoft.Sql/servers/databases/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''fullName''),
''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"QueryStoreRuntimeStatistics","enabled":"[parameters(''logsEnabled'')]"},{"category":"QueryStoreWaitStatistics","enabled":"[parameters(''logsEnabled'')]"},{"category":"Errors","enabled":"[parameters(''logsEnabled'')]"},{"category":"DatabaseWaitStatistics","enabled":"[parameters(''logsEnabled'')]"},{"category":"Blocks","enabled":"[parameters(''logsEnabled'')]"},{"category":"SQLInsights","enabled":"[parameters(''logsEnabled'')]"},{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"SQLSecurityAuditEvents","enabled":"[parameters(''logsEnabled'')]"},{"category":"Timeouts","enabled":"[parameters(''logsEnabled'')]"},{"category":"AutomaticTuning","enabled":"[parameters(''logsEnabled'')]"},{"category":"Deadlocks","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
diagnostic settings for '', parameters(''fullName''))]"}}},"parameters":{"location":{"value":"[field(''location'')]"},"fullName":{"value":"[field(''fullName'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9a7c7a7d-49e5-4213-bea8-6a502b6272e0","type":"Microsoft.Authorization/policyDefinitions","name":"9a7c7a7d-49e5-4213-bea8-6a502b6272e0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1049 - System Use Notification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1049"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9adf7ba7-900a-4f35-8d57-9f34aafc405c","type":"Microsoft.Authorization/policyDefinitions","name":"9adf7ba7-900a-4f35-8d57-9f34aafc405c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1563 - Allocation Of Resources","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1563"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9afe2edf-232c-4fdf-8e6a-e867a5c525fd","type":"Microsoft.Authorization/policyDefinitions","name":"9afe2edf-232c-4fdf-8e6a-e867a5c525fd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1462 - Monitoring Physical Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1462"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9b1f3a9a-13a1-4b40-8420-36bca6fd8c02","type":"Microsoft.Authorization/policyDefinitions","name":"9b1f3a9a-13a1-4b40-8420-36bca6fd8c02"},{"properties":{"displayName":"Microsoft
IaaSAntimalware extension should be deployed on Windows servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Windows server VM without Microsoft IaaSAntimalware extension
deployed.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk"]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","type":"Microsoft.Authorization/policyDefinitions","name":"9b597639-28e4-48eb-b506-56b05d366257"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk"]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","type":"Microsoft.Authorization/policyDefinitions","name":"9b597639-28e4-48eb-b506-56b05d366257"},{"properties":{"displayName":"Microsoft
+ Managed Control 1236 - Software Usage Restrictions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1236"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ba3ed84-c768-4e18-b87c-34ef1aff1b57","type":"Microsoft.Authorization/policyDefinitions","name":"9ba3ed84-c768-4e18-b87c-34ef1aff1b57"},{"properties":{"displayName":"Microsoft
+ Managed Control 1525 - Personnel Transfer","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1525"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9be2f688-7a61-45e3-8230-e1ec93893f66","type":"Microsoft.Authorization/policyDefinitions","name":"9be2f688-7a61-45e3-8230-e1ec93893f66"},{"properties":{"displayName":"[Deprecated]:
Audit API Applications that are not using latest supported Java Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported Java version for the latest security classes. Using older
classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745","type":"Microsoft.Authorization/policyDefinitions","name":"9bfe3727-0a17-471f-a2fe-eddd6b668745"},{"properties":{"displayName":"Access
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745","type":"Microsoft.Authorization/policyDefinitions","name":"9bfe3727-0a17-471f-a2fe-eddd6b668745"},{"properties":{"displayName":"Microsoft
+ Managed Control 1138 - Audit Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1138"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9c284fc0-268a-4f29-af44-3c126674edb4","type":"Microsoft.Authorization/policyDefinitions","name":"9c284fc0-268a-4f29-af44-3c126674edb4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1135 - Non-Repudiation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1135"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9c308b6b-2429-4b97-86cf-081b8e737b04","type":"Microsoft.Authorization/policyDefinitions","name":"9c308b6b-2429-4b97-86cf-081b8e737b04"},{"properties":{"displayName":"Microsoft
+ Managed Control 1489 - Location Of Information System Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1489"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d0a794f-1444-4c96-9534-e35fc8c39c91","type":"Microsoft.Authorization/policyDefinitions","name":"9d0a794f-1444-4c96-9534-e35fc8c39c91"},{"properties":{"displayName":"Ensure
+ that ''Java version'' is the latest, if used as a part of the Funtion app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Java software either due to security flaws
+ or to include additional functionality. Using the latest Java version for
+ Function apps is recommended in order to to take advantage of security fixes,
+ if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ Java version","description":"Latest supported Java version for App Services"},"defaultValue":"11"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"JAVA"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","like":"[concat(''*'',
+ parameters(''JavaLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.javaVersion","like":"[concat(parameters(''JavaLatestVersion''),
+ ''*'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","type":"Microsoft.Authorization/policyDefinitions","name":"9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1322 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1322"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d1d971e-467e-4278-9633-c74c3d4fecc4","type":"Microsoft.Authorization/policyDefinitions","name":"9d1d971e-467e-4278-9633-c74c3d4fecc4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1233 - Configuration Management Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1233"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d79001f-95fe-45d0-8736-f217e78c1f57","type":"Microsoft.Authorization/policyDefinitions","name":"9d79001f-95fe-45d0-8736-f217e78c1f57"},{"properties":{"displayName":"Microsoft
+ Managed Control 1305 - Identification And Authentication (Org. Users) | Group
+ Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1305"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d9166a8-1722-4b8f-847c-2cf3f2618b3d","type":"Microsoft.Authorization/policyDefinitions","name":"9d9166a8-1722-4b8f-847c-2cf3f2618b3d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1259 - Contingency Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1259"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d9e18f7-bad9-4d30-8806-a0c9d5e26208","type":"Microsoft.Authorization/policyDefinitions","name":"9d9e18f7-bad9-4d30-8806-a0c9d5e26208"},{"properties":{"displayName":"Access
through Internet facing endpoint should be restricted","policyType":"BuiltIn","mode":"All","description":"Azure
Security center has identified some of your Network Security Groups'' inbound
rules to be too permissive. Inbound rules should not allow access from ''Any''
or ''Internet'' ranges. This can potentially enable attackers to easily target
your resources.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedNetworkEndpoint","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","type":"Microsoft.Authorization/policyDefinitions","name":"9daedab3-fb2d-461e-b861-71790eead4f6"},{"properties":{"displayName":"Append
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedNetworkEndpoint","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","type":"Microsoft.Authorization/policyDefinitions","name":"9daedab3-fb2d-461e-b861-71790eead4f6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1500 - Rules Of Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1500"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9dd5b241-03cb-47d3-a5cd-4b89f9c53c92","type":"Microsoft.Authorization/policyDefinitions","name":"9dd5b241-03cb-47d3-a5cd-4b89f9c53c92"},{"properties":{"displayName":"Microsoft
+ Managed Control 1482 - Temperature And Humidity Controls | Monitoring With
+ Alarms / Notifications","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1482"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9df4277e-8c88-4d5c-9b1a-541d53d15d7b","type":"Microsoft.Authorization/policyDefinitions","name":"9df4277e-8c88-4d5c-9b1a-541d53d15d7b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1553 - Vulnerability Scanning | Breadth / Depth Of Coverage","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1553"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9e5225fe-cdfb-4fce-9aec-0fe20dd53b62","type":"Microsoft.Authorization/policyDefinitions","name":"9e5225fe-cdfb-4fce-9aec-0fe20dd53b62"},{"properties":{"displayName":"Microsoft
+ Managed Control 1490 - Security Planning Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1490"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9e61da80-0957-4892-b70c-609d5eaafb6b","type":"Microsoft.Authorization/policyDefinitions","name":"9e61da80-0957-4892-b70c-609d5eaafb6b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1504 - Information Security Architecture","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1504"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9e7c35d0-12d4-4e0c-80a2-8a352537aefd","type":"Microsoft.Authorization/policyDefinitions","name":"9e7c35d0-12d4-4e0c-80a2-8a352537aefd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1609 - Development Process, Standards, And Tools","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1609"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9e93fa71-42ac-41a7-b177-efbfdc53c69f","type":"Microsoft.Authorization/policyDefinitions","name":"9e93fa71-42ac-41a7-b177-efbfdc53c69f"},{"properties":{"displayName":"Append
tag and its value from the resource group","policyType":"BuiltIn","mode":"Indexed","description":"Appends
the specified tag with its value from the resource group when any resource
which is missing this tag is created or updated. Does not modify the tags
@@ -9516,13 +15260,25 @@ interactions:
of tags on existing resources (see https://aka.ms/modifydoc).","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"allOf":[{"field":"[concat(''tags['',
parameters(''tagName''), '']'')]","exists":"false"},{"value":"[resourceGroup().tags[parameters(''tagName'')]]","notEquals":""}]},"then":{"effect":"append","details":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[resourceGroup().tags[parameters(''tagName'')]]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ea02ca2-71db-412d-8b00-7c7ca9fcd32d","type":"Microsoft.Authorization/policyDefinitions","name":"9ea02ca2-71db-412d-8b00-7c7ca9fcd32d"},{"properties":{"displayName":"Show
+ parameters(''tagName''), '']'')]","value":"[resourceGroup().tags[parameters(''tagName'')]]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ea02ca2-71db-412d-8b00-7c7ca9fcd32d","type":"Microsoft.Authorization/policyDefinitions","name":"9ea02ca2-71db-412d-8b00-7c7ca9fcd32d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1494 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1494"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ed09d84-3311-4853-8b67-2b55dfa33d09","type":"Microsoft.Authorization/policyDefinitions","name":"9ed09d84-3311-4853-8b67-2b55dfa33d09"},{"properties":{"displayName":"Microsoft
+ Managed Control 1514 - Personnel Screening | Information With Special Protection
+ Measures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1514"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ed5ca00-0e43-434e-a018-7aab91461ba7","type":"Microsoft.Authorization/policyDefinitions","name":"9ed5ca00-0e43-434e-a018-7aab91461ba7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1187 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1187"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9f2b2f9e-4ba6-46c3-907f-66db138b6f85","type":"Microsoft.Authorization/policyDefinitions","name":"9f2b2f9e-4ba6-46c3-907f-66db138b6f85"},{"properties":{"displayName":"Show
audit results from Windows VMs that are not set to the specified time zone","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that are not set to the specified time zone.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsTimeZone","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9f658460-46b7-43af-8565-94fc0662be38","type":"Microsoft.Authorization/policyDefinitions","name":"9f658460-46b7-43af-8565-94fc0662be38"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsTimeZone","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9f658460-46b7-43af-8565-94fc0662be38","type":"Microsoft.Authorization/policyDefinitions","name":"9f658460-46b7-43af-8565-94fc0662be38"},{"properties":{"displayName":"Microsoft
+ Managed Control 1354 - Incident Response Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1354"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9fd92c17-163a-4511-bb96-bbb476449796","type":"Microsoft.Authorization/policyDefinitions","name":"9fd92c17-163a-4511-bb96-bbb476449796"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs on which the Log Analytics agent is not
connected as expected","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -9530,14 +15286,22 @@ interactions:
auditing Windows virtual machines on which the Log Analytics agent is not
connected to the specified workspaces. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsLogAnalyticsAgentConnection","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a030a57e-4639-4e8f-ade9-a92f33afe7ee","type":"Microsoft.Authorization/policyDefinitions","name":"a030a57e-4639-4e8f-ade9-a92f33afe7ee"},{"properties":{"displayName":"Allowed
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsLogAnalyticsAgentConnection","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a030a57e-4639-4e8f-ade9-a92f33afe7ee","type":"Microsoft.Authorization/policyDefinitions","name":"a030a57e-4639-4e8f-ade9-a92f33afe7ee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1145 - Security Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1145"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a0724970-9c75-4a64-a225-a28002953f28","type":"Microsoft.Authorization/policyDefinitions","name":"a0724970-9c75-4a64-a225-a28002953f28"},{"properties":{"displayName":"Allowed
resource types","policyType":"BuiltIn","mode":"Indexed","description":"This
policy enables you to specify the resource types that your organization can
deploy. Only resource types that support ''tags'' and ''location'' will be
affected by this policy. To restrict all resources please duplicate this policy
and change the ''mode'' to ''All''.","metadata":{"category":"General"},"parameters":{"listOfResourceTypesAllowed":{"type":"Array","metadata":{"description":"The
list of resource types that can be deployed.","displayName":"Allowed resource
- types","strongType":"resourceTypes"}}},"policyRule":{"if":{"not":{"field":"type","in":"[parameters(''listOfResourceTypesAllowed'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c","type":"Microsoft.Authorization/policyDefinitions","name":"a08ec900-254a-4555-9bf5-e42af04b5c5c"},{"properties":{"displayName":"Security
+ types","strongType":"resourceTypes"}}},"policyRule":{"if":{"not":{"field":"type","in":"[parameters(''listOfResourceTypesAllowed'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c","type":"Microsoft.Authorization/policyDefinitions","name":"a08ec900-254a-4555-9bf5-e42af04b5c5c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1245 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1245"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a0e45314-57b8-4623-80cd-bbb561f59516","type":"Microsoft.Authorization/policyDefinitions","name":"a0e45314-57b8-4623-80cd-bbb561f59516"},{"properties":{"displayName":"Microsoft
+ Managed Control 1406 - Maintenance Tools | Inspect Media","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1406"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a0f5339c-9292-43aa-a0bc-d27c6b8e30aa","type":"Microsoft.Authorization/policyDefinitions","name":"a0f5339c-9292-43aa-a0bc-d27c6b8e30aa"},{"properties":{"displayName":"Security
Center standard pricing tier should be selected","policyType":"BuiltIn","mode":"All","description":"The
standard pricing tier enables threat detection for networks and virtual machines,
providing threat intelligence, anomaly detection, and behavior analytics in
@@ -9550,20 +15314,72 @@ interactions:
security model, you shoud create access policies at the entity level for queues
and topics to provide access to only the specific entity","metadata":{"category":"Service
Bus"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceBus/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","type":"Microsoft.Authorization/policyDefinitions","name":"a1817ec0-a368-432a-8057-8371e17ac6ee"},{"properties":{"displayName":"[Preview]:
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceBus/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","type":"Microsoft.Authorization/policyDefinitions","name":"a1817ec0-a368-432a-8057-8371e17ac6ee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1265 - Contingency Plan Testing | Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1265"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a18adb5b-1db6-4a5b-901a-7d3797d12972","type":"Microsoft.Authorization/policyDefinitions","name":"a18adb5b-1db6-4a5b-901a-7d3797d12972"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Logic Apps to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Logic Apps to stream to a regional Event Hub when
+ any Logic Apps which is missing this diagnostic settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Logic/workflows/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"WorkflowRuntime","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1dae6c7-13f3-48ea-a149-ff8442661f60","type":"Microsoft.Authorization/policyDefinitions","name":"a1dae6c7-13f3-48ea-a149-ff8442661f60"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Administrative Templates
- System''","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Administrative
Templates - System''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1e8dda3-9fd2-4835-aec3-0e55531fde33","type":"Microsoft.Authorization/policyDefinitions","name":"a1e8dda3-9fd2-4835-aec3-0e55531fde33"},{"properties":{"displayName":"Show
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1e8dda3-9fd2-4835-aec3-0e55531fde33","type":"Microsoft.Authorization/policyDefinitions","name":"a1e8dda3-9fd2-4835-aec3-0e55531fde33"},{"properties":{"displayName":"Microsoft
+ Managed Control 1612 - Developer Security Architecture And Design","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1612"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2037b3d-8b04-4171-8610-e6d4f1d08db5","type":"Microsoft.Authorization/policyDefinitions","name":"a2037b3d-8b04-4171-8610-e6d4f1d08db5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1197 - Configuration Change Control | Test / Validate / Document
+ Changes","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1197"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a20d2eaa-88e2-4907-96a2-8f3a05797e5c","type":"Microsoft.Authorization/policyDefinitions","name":"a20d2eaa-88e2-4907-96a2-8f3a05797e5c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1275 - Alternate Processing Site | Separation From Primary
+ Site","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1275"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a23d9d53-ad2e-45ef-afd5-e6d10900a737","type":"Microsoft.Authorization/policyDefinitions","name":"a23d9d53-ad2e-45ef-afd5-e6d10900a737"},{"properties":{"displayName":"Microsoft
+ Managed Control 1690 - Information System Monitoring | System-Wide Intrusion
+ Detection System","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1690"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2567a23-d1c3-4783-99f3-d471302a4d6b","type":"Microsoft.Authorization/policyDefinitions","name":"a2567a23-d1c3-4783-99f3-d471302a4d6b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1410 - Maintenance Tools | Prevent Unauthorized Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1410"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2596a9f-e59f-420d-9625-6e0b536348be","type":"Microsoft.Authorization/policyDefinitions","name":"a2596a9f-e59f-420d-9625-6e0b536348be"},{"properties":{"displayName":"Microsoft
+ Managed Control 1059 - Remote Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1059"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a29b5d9f-4953-4afe-b560-203a6410b6b4","type":"Microsoft.Authorization/policyDefinitions","name":"a29b5d9f-4953-4afe-b560-203a6410b6b4"},{"properties":{"displayName":"Show
audit results from Windows VMs that are not joined to the specified domain","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that are not joined to the specified domain.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDomainMembership","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a29ee95c-0395-4515-9851-cc04ffe82a91","type":"Microsoft.Authorization/policyDefinitions","name":"a29ee95c-0395-4515-9851-cc04ffe82a91"},{"properties":{"displayName":"Audit
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDomainMembership","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a29ee95c-0395-4515-9851-cc04ffe82a91","type":"Microsoft.Authorization/policyDefinitions","name":"a29ee95c-0395-4515-9851-cc04ffe82a91"},{"properties":{"displayName":"Microsoft
+ Managed Control 1532 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1532"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2c66299-9017-4d95-8040-8bdbf7901d52","type":"Microsoft.Authorization/policyDefinitions","name":"a2c66299-9017-4d95-8040-8bdbf7901d52"},{"properties":{"displayName":"Microsoft
+ Managed Control 1664 - Protection Of Information At Rest | Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1664"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2cdf6b8-9505-4619-b579-309ba72037ac","type":"Microsoft.Authorization/policyDefinitions","name":"a2cdf6b8-9505-4619-b579-309ba72037ac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1252 - Contingency Plan | Capacity Planning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1252"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a328fd72-8ff5-4f96-8c9c-b30ed95db4ab","type":"Microsoft.Authorization/policyDefinitions","name":"a328fd72-8ff5-4f96-8c9c-b30ed95db4ab"},{"properties":{"displayName":"Microsoft
+ Managed Control 1238 - User-Installed Software","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1238"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1","type":"Microsoft.Authorization/policyDefinitions","name":"a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1693 - Information System Monitoring | System-Generated Alerts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1693"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a450eba6-2efc-4a00-846a-5804a93c6b77","type":"Microsoft.Authorization/policyDefinitions","name":"a450eba6-2efc-4a00-846a-5804a93c6b77"},{"properties":{"displayName":"Audit
usage of custom RBAC rules","policyType":"BuiltIn","mode":"All","description":"Audit
built-in roles such as ''Owner, Contributer, Reader'' instead of custom RBAC
roles, which are error prone. Using custom roles is treated as an exception
@@ -9572,7 +15388,10 @@ interactions:
Application should only be accessible over HTTPS","policyType":"BuiltIn","mode":"Indexed","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","type":"Microsoft.Authorization/policyDefinitions","name":"a4af4a39-4135-47fb-b175-47fbdf85311d"},{"properties":{"displayName":"Auditing
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","type":"Microsoft.Authorization/policyDefinitions","name":"a4af4a39-4135-47fb-b175-47fbdf85311d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1617 - Application Partitioning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1617"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a631d8f5-eb81-4f9d-9ee1-74431371e4a3","type":"Microsoft.Authorization/policyDefinitions","name":"a631d8f5-eb81-4f9d-9ee1-74431371e4a3"},{"properties":{"displayName":"Auditing
should be enabled on advanced data security settings on SQL Server","policyType":"BuiltIn","mode":"Indexed","description":"Auditing
tracks database events and writes them to an audit log in the Azure storage
account. It also helps to maintain regulatory compliance, understand database
@@ -9583,21 +15402,49 @@ interactions:
Log Analytics agent should be installed on virtual machines","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Windows/Linux virtual machines if the Log Analytics agent
is not installed.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","in":["MicrosoftMonitoringAgent","OmsAgentForLinux"]},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"},{"field":"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be","type":"Microsoft.Authorization/policyDefinitions","name":"a70ca396-0a34-413a-88e1-b956c1e683be"},{"properties":{"displayName":"DDoS
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","in":["MicrosoftMonitoringAgent","OmsAgentForLinux"]},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"},{"field":"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be","type":"Microsoft.Authorization/policyDefinitions","name":"a70ca396-0a34-413a-88e1-b956c1e683be"},{"properties":{"displayName":"Microsoft
+ Managed Control 1431 - Media Storage","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1431"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7173c52-2b99-4696-a576-63dd5f970ef4","type":"Microsoft.Authorization/policyDefinitions","name":"a7173c52-2b99-4696-a576-63dd5f970ef4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1644 - Cryptographic Key Establishment And Management | Availability","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1644"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7211477-c970-446b-b4af-062f37461147","type":"Microsoft.Authorization/policyDefinitions","name":"a7211477-c970-446b-b4af-062f37461147"},{"properties":{"displayName":"Microsoft
+ Managed Control 1027 - Access Enforcement","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1027"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c","type":"Microsoft.Authorization/policyDefinitions","name":"a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c"},{"properties":{"displayName":"DDoS
Protection Standard should be enabled","policyType":"BuiltIn","mode":"All","description":"DDoS
protection standard should be enabled for all virtual networks with a subnet
that is part of an application gateway with a public IP.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"microsoft.network/virtualNetworks"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableDDoSProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","type":"Microsoft.Authorization/policyDefinitions","name":"a7aca53f-2ed4-4466-a25e-0b45ade68efd"},{"properties":{"displayName":"Require
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"microsoft.network/virtualNetworks"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableDDoSProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","type":"Microsoft.Authorization/policyDefinitions","name":"a7aca53f-2ed4-4466-a25e-0b45ade68efd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1570 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1570"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7fcf38d-bb09-4600-be7d-825046eb162a","type":"Microsoft.Authorization/policyDefinitions","name":"a7fcf38d-bb09-4600-be7d-825046eb162a"},{"properties":{"displayName":"Require
encryption on Data Lake Store accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
policy ensures encryption is enabled on all Data Lake Store accounts","metadata":{"category":"Data
- Lake"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},{"field":"Microsoft.DataLakeStore/accounts/encryptionState","equals":"Disabled"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"a7ff3161-0087-490a-9ad9-ad6217f4f43a"},{"properties":{"displayName":"[Deprecated]
+ Lake"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},{"field":"Microsoft.DataLakeStore/accounts/encryptionState","equals":"Disabled"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"a7ff3161-0087-490a-9ad9-ad6217f4f43a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1295 - Information System Recovery And Reconstitution","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1295"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a895fbdb-204d-4302-9689-0a59dc42b3d9","type":"Microsoft.Authorization/policyDefinitions","name":"a895fbdb-204d-4302-9689-0a59dc42b3d9"},{"properties":{"displayName":"[Deprecated]
Monitor unencrypted SQL databases in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Unencrypted
SQL databases will be monitored by Azure Security Center as recommendations.
This policy is deprecated and replaced by the following policy: Transparent
Data Encryption on SQL databases should be enabled''","metadata":{"category":"Security
Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16","type":"Microsoft.Authorization/policyDefinitions","name":"a8bef009-a5c9-4d0f-90d7-6018734e8a16"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16","type":"Microsoft.Authorization/policyDefinitions","name":"a8bef009-a5c9-4d0f-90d7-6018734e8a16"},{"properties":{"displayName":"Microsoft
+ Managed Control 1283 - Telecommunications Services | Separation Of Primary
+ / Alternate Providers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1283"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9172e76-7f56-46e9-93bf-75d69bdb5491","type":"Microsoft.Authorization/policyDefinitions","name":"a9172e76-7f56-46e9-93bf-75d69bdb5491"},{"properties":{"displayName":"Microsoft
+ Managed Control 1400 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1400"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a96d5098-a604-4cdf-90b1-ef6449a27424","type":"Microsoft.Authorization/policyDefinitions","name":"a96d5098-a604-4cdf-90b1-ef6449a27424"},{"properties":{"displayName":"Microsoft
+ Managed Control 1118 - Audit Review, Analysis, And Reporting | Correlate Audit
+ Repositories","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1118"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a96f743d-a195-420d-983a-08aa06bc441e","type":"Microsoft.Authorization/policyDefinitions","name":"a96f743d-a195-420d-983a-08aa06bc441e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1199 - Configuration Change Control | Cryptography Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1199"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9a08d1c-09b1-48f1-90ea-029bbdf7111e","type":"Microsoft.Authorization/policyDefinitions","name":"a9a08d1c-09b1-48f1-90ea-029bbdf7111e"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Detailed Tracking''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -9610,22 +15457,60 @@ interactions:
policy creates a network watcher resource in regions with virtual networks.
You need to ensure existence of a resource group named networkWatcherRG, which
will be used to deploy network watcher instances.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/virtualNetworks"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Network/networkWatchers","resourceGroupName":"networkWatcherRG","existenceCondition":{"field":"location","equals":"[field(''location'')]"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json","contentVersion":"1.0.0.0","parameters":{"location":{"type":"string"}},"resources":[{"apiVersion":"2016-09-01","type":"Microsoft.Network/networkWatchers","name":"[concat(''networkWatcher_'',
- parameters(''location''))]","location":"[parameters(''location'')]"}]},"parameters":{"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9","type":"Microsoft.Authorization/policyDefinitions","name":"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9"},{"properties":{"displayName":"MFA
+ parameters(''location''))]","location":"[parameters(''location'')]"}]},"parameters":{"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9","type":"Microsoft.Authorization/policyDefinitions","name":"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1511 - Personnel Screening","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1511"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9eae324-d327-4539-9293-b48e122465f8","type":"Microsoft.Authorization/policyDefinitions","name":"a9eae324-d327-4539-9293-b48e122465f8"},{"properties":{"displayName":"MFA
should be enabled on accounts with owner permissions on your subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor
Authentication (MFA) should be enabled for all subscription accounts with
owner permissions to prevent a breach of accounts or resources.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","type":"Microsoft.Authorization/policyDefinitions","name":"aa633080-8b72-40c4-a2d7-d00c03e80bed"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","type":"Microsoft.Authorization/policyDefinitions","name":"aa633080-8b72-40c4-a2d7-d00c03e80bed"},{"properties":{"displayName":"Ensure
+ that Register with Azure Active Directory is enabled on WEB App","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aa81768c-cb87-4ce2-bfaa-00baa10d760c","type":"Microsoft.Authorization/policyDefinitions","name":"aa81768c-cb87-4ce2-bfaa-00baa10d760c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1539 - Security Categorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1539"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aabb155f-e7a5-4896-a767-e918bfae2ee0","type":"Microsoft.Authorization/policyDefinitions","name":"aabb155f-e7a5-4896-a767-e918bfae2ee0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1006 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1006"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aae8d54c-4bce-4c04-b3aa-5b65b67caac8","type":"Microsoft.Authorization/policyDefinitions","name":"aae8d54c-4bce-4c04-b3aa-5b65b67caac8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1461 - Monitoring Physical Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1461"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aafef03e-fea8-470b-88fa-54bd1fcd7064","type":"Microsoft.Authorization/policyDefinitions","name":"aafef03e-fea8-470b-88fa-54bd1fcd7064"},{"properties":{"displayName":"Microsoft
+ Managed Control 1073 - Access Control For Mobile Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1073"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ab55cdb0-c7dd-4bd8-ae22-a7cea7594e9c","type":"Microsoft.Authorization/policyDefinitions","name":"ab55cdb0-c7dd-4bd8-ae22-a7cea7594e9c"},{"properties":{"displayName":"Ensure
+ that ''PHP version'' is the latest, if used as a part of the Function app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for PHP software either due to security flaws
+ or to include additional functionality. Using the latest PHP version for Function
+ apps is recommended in order to to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ PHP version","description":"Latest supported PHP version for App Services"},"defaultValue":"7.3"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PHP"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PHP|'',
+ parameters(''PHPLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":"[parameters(''PHPLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ab965db2-d2bf-4b64-8b39-c38ec8179461","type":"Microsoft.Authorization/policyDefinitions","name":"ab965db2-d2bf-4b64-8b39-c38ec8179461"},{"properties":{"displayName":"[Deprecated]:
Automatic provisioning of security monitoring agent","policyType":"BuiltIn","mode":"All","description":"Installs
security agent on VMs for advanced security alerts and preventions in Azure
Security Center. Applies only for subscriptions that use Azure Security Center.","metadata":{"category":"Security
- Center","deprecated":true},"parameters":{},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Security/complianceResults","name":"securityAgent","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24","type":"Microsoft.Authorization/policyDefinitions","name":"abcc6037-1fc4-47f6-aac5-89706589be24"},{"properties":{"displayName":"Advanced
+ Center","deprecated":true},"parameters":{},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Security/complianceResults","name":"securityAgent","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24","type":"Microsoft.Authorization/policyDefinitions","name":"abcc6037-1fc4-47f6-aac5-89706589be24"},{"properties":{"displayName":"Microsoft
+ Managed Control 1323 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1323"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abe8f70b-680f-470c-9b86-a7edfb664ecc","type":"Microsoft.Authorization/policyDefinitions","name":"abe8f70b-680f-470c-9b86-a7edfb664ecc"},{"properties":{"displayName":"Advanced
data security should be enabled on your SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"Audit
SQL servers without Advanced Data Security","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/state","equals":"Enabled"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","type":"Microsoft.Authorization/policyDefinitions","name":"abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9"},{"properties":{"displayName":"Advanced
data security should be enabled on your SQL managed instances","policyType":"BuiltIn","mode":"Indexed","description":"Audit
SQL managed instances without Advanced Data Security","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/state","equals":"Enabled"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","type":"Microsoft.Authorization/policyDefinitions","name":"abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/state","equals":"Enabled"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","type":"Microsoft.Authorization/policyDefinitions","name":"abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1056 - Session Termination | User-Initiated Logouts / Message
+ Displays","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1056"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac43352f-df83-4694-8738-cfce549fd08d","type":"Microsoft.Authorization/policyDefinitions","name":"ac43352f-df83-4694-8738-cfce549fd08d"},{"properties":{"displayName":"[Preview]:
Role-Based Access Control (RBAC) should be used on Kubernetes Services","policyType":"BuiltIn","mode":"All","description":"To
provide granular filtering on the actions that users can perform, use Role-Based
Access Control (RBAC) to manage permissions in Kubernetes Service Clusters
@@ -9634,18 +15519,38 @@ interactions:
or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/enableRBAC","exists":"false"},{"field":"Microsoft.ContainerService/managedClusters/enableRBAC","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","type":"Microsoft.Authorization/policyDefinitions","name":"ac4a19c2-fa67-49b4-8ae5-0b2e78c49457"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation if ''environment'' tag value in allowed values","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation if the ''environment'' tag is set to one of the following
- values: production, dev, test, staging","metadata":{"category":"Tags","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags[''environment'']","in":["production","dev","test","staging"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9","type":"Microsoft.Authorization/policyDefinitions","name":"ac7e5fc0-c029-4b12-91d4-a8500ce697f9"},{"properties":{"displayName":"SQL
+ values: production, dev, test, staging","metadata":{"category":"Tags","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags[''environment'']","in":["production","dev","test","staging"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9","type":"Microsoft.Authorization/policyDefinitions","name":"ac7e5fc0-c029-4b12-91d4-a8500ce697f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1569 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1569"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ad2f8e61-a564-4dfd-8eaa-816f5be8cb34","type":"Microsoft.Authorization/policyDefinitions","name":"ad2f8e61-a564-4dfd-8eaa-816f5be8cb34"},{"properties":{"displayName":"Microsoft
+ Managed Control 1454 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1454"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ad58985d-ab32-4f99-8bd3-b7e134c90229","type":"Microsoft.Authorization/policyDefinitions","name":"ad58985d-ab32-4f99-8bd3-b7e134c90229"},{"properties":{"displayName":"Microsoft
+ Managed Control 1025 - Account Management | Account Monitoring / Atypical
+ Usage","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1025"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/adfe020d-0a97-45f4-a39c-696ef99f3a95","type":"Microsoft.Authorization/policyDefinitions","name":"adfe020d-0a97-45f4-a39c-696ef99f3a95"},{"properties":{"displayName":"Microsoft
+ Managed Control 1272 - Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1272"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8","type":"Microsoft.Authorization/policyDefinitions","name":"ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8"},{"properties":{"displayName":"SQL
Server should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any SQL Server not configured to use a virtual network service
endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/virtualNetworkRules","existenceCondition":{"field":"Microsoft.Sql/servers/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ae5d2f14-d830-42b6-9899-df6cfe9c71a3","type":"Microsoft.Authorization/policyDefinitions","name":"ae5d2f14-d830-42b6-9899-df6cfe9c71a3"},{"properties":{"displayName":"Email
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/virtualNetworkRules","existenceCondition":{"field":"Microsoft.Sql/servers/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ae5d2f14-d830-42b6-9899-df6cfe9c71a3","type":"Microsoft.Authorization/policyDefinitions","name":"ae5d2f14-d830-42b6-9899-df6cfe9c71a3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1598 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1598"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ae7e1f5e-2d63-4b38-91ef-bce14151cce3","type":"Microsoft.Authorization/policyDefinitions","name":"ae7e1f5e-2d63-4b38-91ef-bce14151cce3"},{"properties":{"displayName":"Email
notifications to admins and subscription owners should be enabled in SQL managed
instance advanced data security settings","policyType":"BuiltIn","mode":"Indexed","description":"Audit
that ''email notification to admins and subscription owners'' is enabled in
the SQL managed instance advanced threat protection settings. This ensures
that any detections of anomalous activities on SQL managed instance are reported
as soon as possible to the admins.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","type":"Microsoft.Authorization/policyDefinitions","name":"aeb23562-188d-47cb-80b8-551f16ef9fff"},{"properties":{"displayName":"Monitor
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","type":"Microsoft.Authorization/policyDefinitions","name":"aeb23562-188d-47cb-80b8-551f16ef9fff"},{"properties":{"displayName":"Microsoft
+ Managed Control 1413 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1413"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aeedddb6-6bc0-42d5-809b-80048033419d","type":"Microsoft.Authorization/policyDefinitions","name":"aeedddb6-6bc0-42d5-809b-80048033419d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1710 - Security Function Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1710"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/af2a93c8-e6dd-4c94-acdd-4a2eedfc478e","type":"Microsoft.Authorization/policyDefinitions","name":"af2a93c8-e6dd-4c94-acdd-4a2eedfc478e"},{"properties":{"displayName":"Monitor
missing Endpoint Protection in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Servers
without an installed Endpoint Protection agent will be monitored by Azure
Security Center as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -9655,22 +15560,50 @@ interactions:
Security Center as recommendations. This policy is deprecated and replaced
by the following policy: ''Auditing should be enabled on advanced data security
settings on SQL Server''","metadata":{"category":"Security Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"auditing","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d","type":"Microsoft.Authorization/policyDefinitions","name":"af8051bf-258b-44e2-a2bf-165330459f9d"},{"properties":{"displayName":"Activity
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"auditing","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d","type":"Microsoft.Authorization/policyDefinitions","name":"af8051bf-258b-44e2-a2bf-165330459f9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1645 - Cryptographic Key Establishment And Management | Symmetric
+ Keys","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1645"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/afbd0baf-ff1a-4447-a86f-088a97347c0c","type":"Microsoft.Authorization/policyDefinitions","name":"afbd0baf-ff1a-4447-a86f-088a97347c0c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1725 - Error Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1725"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/afc234b5-456b-4aa5-b3e2-ce89108124cc","type":"Microsoft.Authorization/policyDefinitions","name":"afc234b5-456b-4aa5-b3e2-ce89108124cc"},{"properties":{"displayName":"Activity
log should be retained for at least one year","policyType":"BuiltIn","mode":"All","description":"This
policy audits the activity log if the retention is not set for 365 days or
forever (retention days set to 0).","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"true"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"365"}]},{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"false"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"0"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","type":"Microsoft.Authorization/policyDefinitions","name":"b02aacc0-b073-424e-8298-42b22829ee0a"},{"properties":{"displayName":"Just-In-Time
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"true"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"365"}]},{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"false"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"0"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","type":"Microsoft.Authorization/policyDefinitions","name":"b02aacc0-b073-424e-8298-42b22829ee0a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1429 - Media Marking","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1429"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b07c9b24-729e-4e85-95fc-f224d2d08a80","type":"Microsoft.Authorization/policyDefinitions","name":"b07c9b24-729e-4e85-95fc-f224d2d08a80"},{"properties":{"displayName":"Microsoft
+ Managed Control 1711 - Security Function Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1711"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b083a535-a66a-41ec-ba7f-f9498bf67cde","type":"Microsoft.Authorization/policyDefinitions","name":"b083a535-a66a-41ec-ba7f-f9498bf67cde"},{"properties":{"displayName":"Just-In-Time
network access control should be applied on virtual machines","policyType":"BuiltIn","mode":"All","description":"Possible
network Just In Time (JIT) access will be monitored by Azure Security Center
as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"jitNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","type":"Microsoft.Authorization/policyDefinitions","name":"b0f33259-77d7-4c9e-aac6-3aabcfae693c"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"jitNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","type":"Microsoft.Authorization/policyDefinitions","name":"b0f33259-77d7-4c9e-aac6-3aabcfae693c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1571 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1571"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b11c985b-f2cd-4bd7-85f4-b52426edf905","type":"Microsoft.Authorization/policyDefinitions","name":"b11c985b-f2cd-4bd7-85f4-b52426edf905"},{"properties":{"displayName":"[Preview]:
Show audit results from Linux VMs that do not have the passwd file permissions
set to 0644","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Linux
virtual machines that do not have the passwd file permissions set to 0644.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","type":"Microsoft.Authorization/policyDefinitions","name":"b18175dd-c599-4c64-83ba-bb018a06d35b"},{"properties":{"displayName":"All
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","type":"Microsoft.Authorization/policyDefinitions","name":"b18175dd-c599-4c64-83ba-bb018a06d35b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1537 - Risk Assessment Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1537"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b19454ca-0d70-42c0-acf5-ea1c1e5726d1","type":"Microsoft.Authorization/policyDefinitions","name":"b19454ca-0d70-42c0-acf5-ea1c1e5726d1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1091 - Security Awareness Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1091"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b23bd715-5d1c-4e5c-9759-9cbdf79ded9d","type":"Microsoft.Authorization/policyDefinitions","name":"b23bd715-5d1c-4e5c-9759-9cbdf79ded9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1078 - Use Of External Information Systems | Limits On Authorized
+ Use","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1078"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b25faf85-8a16-4f28-8e15-d05c0072d64d","type":"Microsoft.Authorization/policyDefinitions","name":"b25faf85-8a16-4f28-8e15-d05c0072d64d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1009 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1009"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b26f8610-e615-47c2-abd6-c00b2b0b503a","type":"Microsoft.Authorization/policyDefinitions","name":"b26f8610-e615-47c2-abd6-c00b2b0b503a"},{"properties":{"displayName":"All
authorization rules except RootManageSharedAccessKey should be removed from
Event Hub namespace","policyType":"BuiltIn","mode":"All","description":"Event
Hub clients should not use a namespace level access policy that provides access
@@ -9678,7 +15611,13 @@ interactions:
security model, you shoud create access policies at the entity level for queues
and topics to provide access to only the specific entity","metadata":{"category":"Event
Hub"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.EventHub/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","type":"Microsoft.Authorization/policyDefinitions","name":"b278e460-7cfc-4451-8294-cccc40a940d7"},{"properties":{"displayName":"Deploy
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.EventHub/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","type":"Microsoft.Authorization/policyDefinitions","name":"b278e460-7cfc-4451-8294-cccc40a940d7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1234 - Software Usage Restrictions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1234"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b293f881-361c-47ed-b997-bc4e2296bc0b","type":"Microsoft.Authorization/policyDefinitions","name":"b293f881-361c-47ed-b997-bc4e2296bc0b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1107 - Content Of Audit Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1107"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b29ed931-8e21-4779-8458-27916122a904","type":"Microsoft.Authorization/policyDefinitions","name":"b29ed931-8e21-4779-8458-27916122a904"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows web servers that are not using secure communication
protocols","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Windows web servers that
@@ -9705,14 +15644,29 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''System Audit Policies - Logon-Logoff''. For more information on
Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesLogonLogoff","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b3802d79-dd88-4bce-b81d-780218e48280","type":"Microsoft.Authorization/policyDefinitions","name":"b3802d79-dd88-4bce-b81d-780218e48280"},{"properties":{"displayName":"Diagnostic
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesLogonLogoff","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b3802d79-dd88-4bce-b81d-780218e48280","type":"Microsoft.Authorization/policyDefinitions","name":"b3802d79-dd88-4bce-b81d-780218e48280"},{"properties":{"displayName":"Microsoft
+ Managed Control 1041 - Least Privilege | Privilege Levels For Code Execution","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1041"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b3d8d15b-627a-4219-8c96-4d16f788888b","type":"Microsoft.Authorization/policyDefinitions","name":"b3d8d15b-627a-4219-8c96-4d16f788888b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1380 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1380"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4319b7e-ea8d-42ff-8a67-ccd462972827","type":"Microsoft.Authorization/policyDefinitions","name":"b4319b7e-ea8d-42ff-8a67-ccd462972827"},{"properties":{"displayName":"Diagnostic
logs in Search services should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Search"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","type":"Microsoft.Authorization/policyDefinitions","name":"b4330a05-a843-4bc8-bf9a-cacce50c67f4"},{"properties":{"displayName":"[Deprecated]:
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","type":"Microsoft.Authorization/policyDefinitions","name":"b4330a05-a843-4bc8-bf9a-cacce50c67f4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1172 - Internal System Connections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1172"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b43e946e-a4c8-4b92-8201-4a39331db43c","type":"Microsoft.Authorization/policyDefinitions","name":"b43e946e-a4c8-4b92-8201-4a39331db43c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1672 - Flaw Remediation | Central Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1672"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b45fe972-904e-45a4-ac20-673ba027a301","type":"Microsoft.Authorization/policyDefinitions","name":"b45fe972-904e-45a4-ac20-673ba027a301"},{"properties":{"displayName":"Microsoft
+ Managed Control 1131 - Protection Of Audit Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1131"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b472a17e-c2bc-493f-b50b-42d55a346962","type":"Microsoft.Authorization/policyDefinitions","name":"b472a17e-c2bc-493f-b50b-42d55a346962"},{"properties":{"displayName":"[Deprecated]:
Audit Web Sockets state for an API App","policyType":"BuiltIn","mode":"All","description":"The
Web Sockets protocol is vulnerable to different types of security threats.
Use of Web Sockets within an API app must be carefully reviewed.","metadata":{"category":"Security
@@ -9721,7 +15675,10 @@ interactions:
security contact phone number should be provided for your subscription","policyType":"BuiltIn","mode":"All","description":"Enter
a phone number to receive notifications when Azure Security Center detects
compromised resources","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/phone","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","type":"Microsoft.Authorization/policyDefinitions","name":"b4d66858-c922-44e3-9566-5cdb7a7be744"},{"properties":{"displayName":"Service
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/phone","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","type":"Microsoft.Authorization/policyDefinitions","name":"b4d66858-c922-44e3-9566-5cdb7a7be744"},{"properties":{"displayName":"Microsoft
+ Managed Control 1286 - Telecommunications Services | Provider Contingency
+ Plan","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1286"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4f9b47a-2116-4e6f-88db-4edbf22753f1","type":"Microsoft.Authorization/policyDefinitions","name":"b4f9b47a-2116-4e6f-88db-4edbf22753f1"},{"properties":{"displayName":"Service
Fabric clusters should only use Azure Active Directory for client authentication","policyType":"BuiltIn","mode":"Indexed","description":"Audit
usage of client authentication only via Azure Active Directory in Service
Fabric","metadata":{"category":"Service Fabric"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -9729,20 +15686,34 @@ interactions:
Advanced Threat Protection for Cosmos DB Accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
policy enables Advanced Threat Protection across Cosmos DB accounts.","metadata":{"category":"Cosmos
DB"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"cosmosDbAccountName":{"type":"string"}},"resources":[{"apiVersion":"2017-08-01-preview","type":"Microsoft.DocumentDB/databaseAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''cosmosDbAccountName''),
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"cosmosDbAccountName":{"type":"string"}},"resources":[{"apiVersion":"2019-01-01","type":"Microsoft.DocumentDB/databaseAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''cosmosDbAccountName''),
''/Microsoft.Security/current'')]","properties":{"isEnabled":true}}]},"parameters":{"cosmosDbAccountName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656","type":"Microsoft.Authorization/policyDefinitions","name":"b5f04e03-92a3-4b09-9410-2cc5e5047656"},{"properties":{"displayName":"Diagnostic
logs in App Services should be enabled","policyType":"BuiltIn","mode":"All","description":"Audit
enabling of diagnostic logs on the app. This enables you to recreate activity
trails for investigation purposes if a security incident occurs or your network
is compromised","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","notContains":"functionapp"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"allOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","type":"Microsoft.Authorization/policyDefinitions","name":"b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0"},{"properties":{"displayName":"Network
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","notContains":"functionapp"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"allOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","type":"Microsoft.Authorization/policyDefinitions","name":"b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1419 - Nonlocal Maintenance | Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1419"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6747bf9-2b97-45b8-b162-3c8becb9937d","type":"Microsoft.Authorization/policyDefinitions","name":"b6747bf9-2b97-45b8-b162-3c8becb9937d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1301 - Identification And Authentication (Org. Users) | Network
+ Access To Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1301"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08","type":"Microsoft.Authorization/policyDefinitions","name":"b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08"},{"properties":{"displayName":"Microsoft
+ Managed Control 1568 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1568"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6a8eae8-9854-495a-ac82-d2cd3eac02a6","type":"Microsoft.Authorization/policyDefinitions","name":"b6a8eae8-9854-495a-ac82-d2cd3eac02a6"},{"properties":{"displayName":"Network
Watcher should be enabled","policyType":"BuiltIn","mode":"All","description":"Network
Watcher is a regional service that enables you to monitor and diagnose conditions
at a network scenario level in, to, and from Azure. Scenario level monitoring
enables you to diagnose problems at an end to end network level view. Network
diagnostic and visualization tools available with Network Watcher help you
understand, diagnose, and gain insights to your network in Azure.","metadata":{"category":"Network"},"parameters":{"listOfLocations":{"type":"Array","metadata":{"displayName":"Locations","description":"Audit
- if Network Watcher is not enabled for region(s).","strongType":"location"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Network/networkWatchers","resourceGroupName":"NetworkWatcherRG","existenceCondition":{"field":"location","in":"[parameters(''listOfLocations'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","type":"Microsoft.Authorization/policyDefinitions","name":"b6e2945c-0b7b-40f5-9233-7a5323b5cdc6"},{"properties":{"displayName":"API
+ if Network Watcher is not enabled for region(s).","strongType":"location"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Network/networkWatchers","resourceGroupName":"NetworkWatcherRG","existenceCondition":{"field":"location","in":"[parameters(''listOfLocations'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","type":"Microsoft.Authorization/policyDefinitions","name":"b6e2945c-0b7b-40f5-9233-7a5323b5cdc6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1608 - Supply Chain Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1608"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b73b7b3b-677c-4a2a-b949-ad4dc4acd89f","type":"Microsoft.Authorization/policyDefinitions","name":"b73b7b3b-677c-4a2a-b949-ad4dc4acd89f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1401 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1401"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b78ee928-e3c1-4569-ad97-9f8c4b629847","type":"Microsoft.Authorization/policyDefinitions","name":"b78ee928-e3c1-4569-ad97-9f8c4b629847"},{"properties":{"displayName":"API
App should only be accessible over HTTPS","policyType":"BuiltIn","mode":"Indexed","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -9772,7 +15743,37 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Security
Options - Accounts''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAccounts","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b872a447-cc6f-43b9-bccf-45703cd81607","type":"Microsoft.Authorization/policyDefinitions","name":"b872a447-cc6f-43b9-bccf-45703cd81607"},{"properties":{"displayName":"[Preview]:
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAccounts","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b872a447-cc6f-43b9-bccf-45703cd81607","type":"Microsoft.Authorization/policyDefinitions","name":"b872a447-cc6f-43b9-bccf-45703cd81607"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Logic Apps to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Logic Apps to stream to a regional Log Analytics
+ workspace when any Logic Apps which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Logic/workflows/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"WorkflowRuntime","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721","type":"Microsoft.Authorization/policyDefinitions","name":"b889a06c-ec72-4b03-910a-cb169ee18721"},{"properties":{"displayName":"Microsoft
+ Managed Control 1257 - Contingency Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1257"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b958b241-4245-4bd6-bd2d-b8f0779fb543","type":"Microsoft.Authorization/policyDefinitions","name":"b958b241-4245-4bd6-bd2d-b8f0779fb543"},{"properties":{"displayName":"Microsoft
+ Managed Control 1186 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1186"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b95ba3bd-4ded-49ea-9d10-c6f4b680813d","type":"Microsoft.Authorization/policyDefinitions","name":"b95ba3bd-4ded-49ea-9d10-c6f4b680813d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1447 - Physical Access Authorizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1447"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b9783a99-98fe-4a95-873f-29613309fe9a","type":"Microsoft.Authorization/policyDefinitions","name":"b9783a99-98fe-4a95-873f-29613309fe9a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1625 - Boundary Protection | Access Points","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1625"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b9b66a4d-70a1-4b47-8fa1-289cec68c605","type":"Microsoft.Authorization/policyDefinitions","name":"b9b66a4d-70a1-4b47-8fa1-289cec68c605"},{"properties":{"displayName":"Microsoft
+ Managed Control 1610 - Development Process, Standards, And Tools","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1610"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b9f3fb54-4222-46a1-a308-4874061f8491","type":"Microsoft.Authorization/policyDefinitions","name":"b9f3fb54-4222-46a1-a308-4874061f8491"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Recovery console''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -9780,7 +15781,23 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - Recovery console''. For more information on
Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsRecoveryconsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b","type":"Microsoft.Authorization/policyDefinitions","name":"ba12366f-f9a6-42b8-9d98-157d0b1a837b"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsRecoveryconsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b","type":"Microsoft.Authorization/policyDefinitions","name":"ba12366f-f9a6-42b8-9d98-157d0b1a837b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1606 - Developer Security Testing And Evaluation | Threat
+ And Vulnerability Analyses","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1606"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca","type":"Microsoft.Authorization/policyDefinitions","name":"baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1726 - Information Handling And Retention","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1726"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/baff1279-05e0-4463-9a70-8ba5de4c7aa4","type":"Microsoft.Authorization/policyDefinitions","name":"baff1279-05e0-4463-9a70-8ba5de4c7aa4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1166 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1166"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bb02733d-3cc5-4bb0-a6cd-695ba2c2272e","type":"Microsoft.Authorization/policyDefinitions","name":"bb02733d-3cc5-4bb0-a6cd-695ba2c2272e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1188 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1188"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bb20548a-c926-4e4d-855c-bcddc6faf95e","type":"Microsoft.Authorization/policyDefinitions","name":"bb20548a-c926-4e4d-855c-bcddc6faf95e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1533 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1533"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bba2a036-fb3b-4261-b1be-a13dfb5fbcaa","type":"Microsoft.Authorization/policyDefinitions","name":"bba2a036-fb3b-4261-b1be-a13dfb5fbcaa"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Microsoft Network Client''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -9829,7 +15846,14 @@ interactions:
the latest supported Python version for the latest security classes. Using
older classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPython","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644","type":"Microsoft.Authorization/policyDefinitions","name":"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPython","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644","type":"Microsoft.Authorization/policyDefinitions","name":"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644"},{"properties":{"displayName":"Microsoft
+ Managed Control 1194 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1194"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc34667f-397e-4a65-9b72-d0358f0b6b09","type":"Microsoft.Authorization/policyDefinitions","name":"bc34667f-397e-4a65-9b72-d0358f0b6b09"},{"properties":{"displayName":"Microsoft
+ Managed Control 1095 - Role-Based Security Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1095"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc3f6f7a-057b-433e-9834-e8c97b0194f6","type":"Microsoft.Authorization/policyDefinitions","name":"bc3f6f7a-057b-433e-9834-e8c97b0194f6"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Account Logon''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -9837,7 +15861,16 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''System Audit Policies - Account Logon''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesAccountLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc87d811-4a9b-47cc-ae54-0a41abda7768","type":"Microsoft.Authorization/policyDefinitions","name":"bc87d811-4a9b-47cc-ae54-0a41abda7768"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesAccountLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc87d811-4a9b-47cc-ae54-0a41abda7768","type":"Microsoft.Authorization/policyDefinitions","name":"bc87d811-4a9b-47cc-ae54-0a41abda7768"},{"properties":{"displayName":"Microsoft
+ Managed Control 1427 - Media Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1427"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc90e44f-d83f-4bdf-900f-3d5eb4111b31","type":"Microsoft.Authorization/policyDefinitions","name":"bc90e44f-d83f-4bdf-900f-3d5eb4111b31"},{"properties":{"displayName":"Microsoft
+ Managed Control 1351 - Incident Response Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1351"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bcfb6683-05e5-4ce6-9723-c3fbe9896bdd","type":"Microsoft.Authorization/policyDefinitions","name":"bcfb6683-05e5-4ce6-9723-c3fbe9896bdd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1050 - Concurrent Session Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1050"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bd20184c-b4ec-4ce5-8db6-6e86352d183f","type":"Microsoft.Authorization/policyDefinitions","name":"bd20184c-b4ec-4ce5-8db6-6e86352d183f"},{"properties":{"displayName":"[Preview]:
IP Forwarding on your virtual machine should be disabled","policyType":"BuiltIn","mode":"All","description":"Enabling
IP forwarding on a virtual machine''s NIC allows the machine to receive traffic
addressed to other destinations. IP forwarding is rarely required (e.g., when
@@ -9862,7 +15895,38 @@ interactions:
the latest supported Java version for the latest security classes. Using older
classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6","type":"Microsoft.Authorization/policyDefinitions","name":"be0a7681-bed4-48dc-9ff3-f0171ee170b6"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6","type":"Microsoft.Authorization/policyDefinitions","name":"be0a7681-bed4-48dc-9ff3-f0171ee170b6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1360 - Incident Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1360"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/be5b05e7-0b82-4ebc-9eda-25e447b1a41e","type":"Microsoft.Authorization/policyDefinitions","name":"be5b05e7-0b82-4ebc-9eda-25e447b1a41e"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Key Vault to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Key Vault to stream to a regional Log Analytics
+ workspace when any Key Vault which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.KeyVault/vaults/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"AuditEvent","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47","type":"Microsoft.Authorization/policyDefinitions","name":"bef3f64c-5290-43b7-85b0-9b254eef4c47"},{"properties":{"displayName":"Microsoft
+ Managed Control 1152 - System Interconnections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1152"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/beff0acf-7e67-40b2-b1ca-1a0e8205cf1b","type":"Microsoft.Authorization/policyDefinitions","name":"beff0acf-7e67-40b2-b1ca-1a0e8205cf1b"},{"properties":{"displayName":"Geo-redundant
+ storage should be enabled for Storage Accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Storage Account with geo-redundant storage not enabled.","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":["Standard_GRS","Standard_RAGRS","Standard_GZRS","Standard_RAGZRS"]}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bf045164-79ba-4215-8f95-f8048dc1780b","type":"Microsoft.Authorization/policyDefinitions","name":"bf045164-79ba-4215-8f95-f8048dc1780b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1590 - External Information System Services | Risk Assessments
+ / Organizational Approvals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1590"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bf296b8c-f391-4ea4-9198-be3c9d39dd1f","type":"Microsoft.Authorization/policyDefinitions","name":"bf296b8c-f391-4ea4-9198-be3c9d39dd1f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1446 - Physical And Environmental Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1446"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bf6850fe-abba-468e-9ef4-d09ec7d983cd","type":"Microsoft.Authorization/policyDefinitions","name":"bf6850fe-abba-468e-9ef4-d09ec7d983cd"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - Logon-Logoff''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -9883,7 +15947,41 @@ interactions:
policy governs the virtual machine extensions that are not approved.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"approvedExtensions":{"type":"Array","metadata":{"description":"The
list of approved extension types that can be installed. Example: AzureDiskEncryption","displayName":"Approved
- extensions"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines/extensions"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","notIn":"[parameters(''approvedExtensions'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432","type":"Microsoft.Authorization/policyDefinitions","name":"c0e996f8-39cf-4af9-9f45-83fbde810432"},{"properties":{"displayName":"[Deprecated]:
+ extensions"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines/extensions"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","notIn":"[parameters(''approvedExtensions'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432","type":"Microsoft.Authorization/policyDefinitions","name":"c0e996f8-39cf-4af9-9f45-83fbde810432"},{"properties":{"displayName":"Microsoft
+ Managed Control 1124 - Audit Reduction And Report Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1124"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c10152dd-78f8-4335-ae2d-ad92cc028da4","type":"Microsoft.Authorization/policyDefinitions","name":"c10152dd-78f8-4335-ae2d-ad92cc028da4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1676 - Malicious Code Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1676"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c10fb58b-56a8-489e-9ce3-7ffe24e78e4b","type":"Microsoft.Authorization/policyDefinitions","name":"c10fb58b-56a8-489e-9ce3-7ffe24e78e4b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1719 - Spam Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1719"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c13da9b4-fe14-4fe2-853a-5997c9d4215a","type":"Microsoft.Authorization/policyDefinitions","name":"c13da9b4-fe14-4fe2-853a-5997c9d4215a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1226 - Information System Component Inventory | Automated
+ Unauthorized Component Detection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1226"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c158eb1c-ae7e-4081-8057-d527140c4e0c","type":"Microsoft.Authorization/policyDefinitions","name":"c158eb1c-ae7e-4081-8057-d527140c4e0c"},{"properties":{"displayName":"Deploy
+ associations for a custom provider","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ an association resource that associates selected resource types to the specified
+ custom provider. This policy deployment does not support nested resource types.","metadata":{"category":"Custom
+ Provider"},"parameters":{"targetCustomProviderId":{"type":"String","metadata":{"displayName":"Custom
+ provider Id","description":"Resource ID of the Custom provider to which resources
+ need to be associated."}},"resourceTypesToAssociate":{"type":"Array","metadata":{"displayName":"Resource
+ types to associate","description":"The list of resource types to be associated
+ to the custom provider.","strongType":"resourceTypes"}},"associationNamePrefix":{"type":"String","metadata":{"displayName":"Association
+ name prefix","description":"Prefix to be added to the name of the association
+ resource being created."},"defaultValue":"DeployedByPolicy"}},"policyRule":{"if":{"field":"type","in":"[parameters(''resourceTypesToAssociate'')]"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.CustomProviders/Associations","name":"[concat(parameters(''associationNamePrefix''),
+ ''-'', uniqueString(parameters(''targetCustomProviderId'')))]","roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"associatedResourceName":{"type":"string"},"resourceTypesToAssociate":{"type":"string"},"targetCustomProviderId":{"type":"string"},"associationNamePrefix":{"type":"string"}},"variables":{"resourceType":"[concat(parameters(''resourceTypesToAssociate''),
+ ''/providers/associations'')]","resourceName":"[concat(parameters(''associatedResourceName''),
+ ''/microsoft.customproviders/'', parameters(''associationNamePrefix''), ''-'',
+ uniqueString(parameters(''targetCustomProviderId'')))]"},"resources":[{"type":"Microsoft.Resources/deployments","apiVersion":"2017-05-10","name":"[concat(deployment().Name,
+ ''-2'')]","properties":{"mode":"Incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[{"type":"[variables(''resourceType'')]","name":"[variables(''resourceName'')]","apiVersion":"2018-09-01-preview","properties":{"targetResourceId":"[parameters(''targetCustomProviderId'')]"}}]}}}]},"parameters":{"resourceTypesToAssociate":{"value":"[field(''type'')]"},"associatedResourceName":{"value":"[field(''name'')]"},"targetCustomProviderId":{"value":"[parameters(''targetCustomProviderId'')]"},"associationNamePrefix":{"value":"[parameters(''associationNamePrefix'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c15c281f-ea5c-44cd-90b8-fc3c14d13f0c","type":"Microsoft.Authorization/policyDefinitions","name":"c15c281f-ea5c-44cd-90b8-fc3c14d13f0c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1629 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1629"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c171b095-7756-41de-8644-a062a96043f2","type":"Microsoft.Authorization/policyDefinitions","name":"c171b095-7756-41de-8644-a062a96043f2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1004 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1004"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c17822dc-736f-4eb4-a97d-e6be662ff835","type":"Microsoft.Authorization/policyDefinitions","name":"c17822dc-736f-4eb4-a97d-e6be662ff835"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation only in Asia data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation in the following locations only: East Asia, Southeast Asia,
West India, South India, Central India, Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["eastasia","southeastasia","westindia","southindia","centralindia","japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94","type":"Microsoft.Authorization/policyDefinitions","name":"c1b9cbed-08e3-427d-b9ce-7c535b1e9b94"},{"properties":{"displayName":"[Preview]:
@@ -9905,7 +16003,9 @@ interactions:
Credential Validation;ExpectedValue'', ''='', parameters(''AuditCredentialValidation'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesAccountLogon"},"AuditCredentialValidation":{"value":"[parameters(''AuditCredentialValidation'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AuditCredentialValidation":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit
Credential Validation;ExpectedValue","value":"[parameters(''AuditCredentialValidation'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1e289c0-ffad-475d-a924-adc058765d65","type":"Microsoft.Authorization/policyDefinitions","name":"c1e289c0-ffad-475d-a924-adc058765d65"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1e289c0-ffad-475d-a924-adc058765d65","type":"Microsoft.Authorization/policyDefinitions","name":"c1e289c0-ffad-475d-a924-adc058765d65"},{"properties":{"displayName":"Microsoft
+ Managed Control 1503 - Information Security Architecture","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1503"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1fa9c2f-d439-4ab9-8b83-81fb1934f81d","type":"Microsoft.Authorization/policyDefinitions","name":"c1fa9c2f-d439-4ab9-8b83-81fb1934f81d"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that are not set to the specified time
zone","policyType":"BuiltIn","mode":"Indexed","description":"This policy creates
a Guest Configuration assignment to audit Windows virtual machines that are
@@ -9980,7 +16080,24 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines on which the specified services are not installed and ''Running''.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsServiceStatus","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a","type":"Microsoft.Authorization/policyDefinitions","name":"c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a"},{"properties":{"displayName":"System
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsServiceStatus","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a","type":"Microsoft.Authorization/policyDefinitions","name":"c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a"},{"properties":{"displayName":"Ensure
+ that ''.Net Framework'' version is the latest, if used as a part of the API
+ app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for .Net Framework software either due to security
+ flaws or to include additional functionality. Using the latest .Net framework
+ version for web apps is recommended in order to to take advantage of security
+ fixes, if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.netFrameworkVersion","in":["v3.0","v4.0"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c2e7ca55-f62c-49b2-89a4-d41eb661d2f0","type":"Microsoft.Authorization/policyDefinitions","name":"c2e7ca55-f62c-49b2-89a4-d41eb661d2f0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1176 - Baseline Configuration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1176"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c30690a5-7bf3-467f-b0cd-ef5c7c7449cd","type":"Microsoft.Authorization/policyDefinitions","name":"c30690a5-7bf3-467f-b0cd-ef5c7c7449cd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1389 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1389"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c39e6fda-ae70-4891-a739-be7bba6d1062","type":"Microsoft.Authorization/policyDefinitions","name":"c39e6fda-ae70-4891-a739-be7bba6d1062"},{"properties":{"displayName":"Microsoft
+ Managed Control 1390 - Information Spillage Response | Responsible Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1390"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c3b65b63-09ec-4cb5-8028-7dd324d10eb0","type":"Microsoft.Authorization/policyDefinitions","name":"c3b65b63-09ec-4cb5-8028-7dd324d10eb0"},{"properties":{"displayName":"System
updates on virtual machine scale sets should be installed","policyType":"BuiltIn","mode":"Indexed","description":"Audit
whether there are any missing system security updates and critical updates
that should be installed to ensure that your Windows and Linux virtual machine
@@ -9992,6 +16109,13 @@ interactions:
auditing Linux virtual machines that have accounts without passwords. For
more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid232","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","type":"Microsoft.Authorization/policyDefinitions","name":"c40c9087-1981-4e73-9f53-39743eda9d05"},{"properties":{"displayName":"Microsoft
+ Managed Control 1220 - Least Functionality | Authorized Software / Whitelisting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1220"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c40f31a7-81e1-4130-99e5-a02ceea2a1d6","type":"Microsoft.Authorization/policyDefinitions","name":"c40f31a7-81e1-4130-99e5-a02ceea2a1d6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1513 - Personnel Screening | Information With Special Protection
+ Measures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1513"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c416970d-b12b-49eb-8af4-fb144cd7c290","type":"Microsoft.Authorization/policyDefinitions","name":"c416970d-b12b-49eb-8af4-fb144cd7c290"},{"properties":{"displayName":"Microsoft
Antimalware for Azure should be configured to automatically update protection
signatures","policyType":"BuiltIn","mode":"Indexed","description":"This policy
audits any Windows virtual machine not configured with automatic update of
@@ -10000,7 +16124,22 @@ interactions:
Container Registry should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Container Registry not configured to use a virtual network
service endpoint.","metadata":{"category":"Network","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerRegistry/registries"},{"anyOf":[{"field":"Microsoft.ContainerRegistry/registries/networkRuleSet.defaultAction","notEquals":"Deny"},{"field":"Microsoft.ContainerRegistry/registries/networkRuleSet.virtualNetworkRules[*].action","exists":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c4857be7-912a-4c75-87e6-e30292bcdf78","type":"Microsoft.Authorization/policyDefinitions","name":"c4857be7-912a-4c75-87e6-e30292bcdf78"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerRegistry/registries"},{"anyOf":[{"field":"Microsoft.ContainerRegistry/registries/networkRuleSet.defaultAction","notEquals":"Deny"},{"field":"Microsoft.ContainerRegistry/registries/networkRuleSet.virtualNetworkRules[*].action","exists":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c4857be7-912a-4c75-87e6-e30292bcdf78","type":"Microsoft.Authorization/policyDefinitions","name":"c4857be7-912a-4c75-87e6-e30292bcdf78"},{"properties":{"displayName":"Microsoft
+ Managed Control 1235 - Software Usage Restrictions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1235"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c49c610b-ece4-44b3-988c-2172b70d6e46","type":"Microsoft.Authorization/policyDefinitions","name":"c49c610b-ece4-44b3-988c-2172b70d6e46"},{"properties":{"displayName":"Microsoft
+ Managed Control 1173 - Internal System Connections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1173"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c4aff9e7-2e60-46fa-86be-506b79033fc5","type":"Microsoft.Authorization/policyDefinitions","name":"c4aff9e7-2e60-46fa-86be-506b79033fc5"},{"properties":{"displayName":"Managed
+ identity should be used in your API App","policyType":"BuiltIn","mode":"Indexed","description":"Use
+ a managed identity for enhanced authentication security","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","type":"Microsoft.Authorization/policyDefinitions","name":"c4d441f8-f9d9-4a9e-9cef-e82117cb3eef"},{"properties":{"displayName":"Microsoft
+ Managed Control 1600 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1600"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c53f3123-d233-44a7-930b-f40d3bfeb7d6","type":"Microsoft.Authorization/policyDefinitions","name":"c53f3123-d233-44a7-930b-f40d3bfeb7d6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1408 - Maintenance Tools | Prevent Unauthorized Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1408"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c5f56ac6-4bb2-4086-bc41-ad76344ba2c2","type":"Microsoft.Authorization/policyDefinitions","name":"c5f56ac6-4bb2-4086-bc41-ad76344ba2c2"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that contain certificates expiring
within the specified number of days","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -10041,19 +16180,60 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateStorePath","value":"[parameters(''CertificateStorePath'')]"},{"name":"[CertificateStore]CertificateStore1;ExpirationLimitInDays","value":"[parameters(''ExpirationLimitInDays'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprintsToInclude'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToExclude","value":"[parameters(''CertificateThumbprintsToExclude'')]"},{"name":"[CertificateStore]CertificateStore1;IncludeExpiredCertificates","value":"[parameters(''IncludeExpiredCertificates'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c5fbc59e-fb6f-494f-81e2-d99a671bdaa8","type":"Microsoft.Authorization/policyDefinitions","name":"c5fbc59e-fb6f-494f-81e2-d99a671bdaa8"},{"properties":{"displayName":"Email
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c5fbc59e-fb6f-494f-81e2-d99a671bdaa8","type":"Microsoft.Authorization/policyDefinitions","name":"c5fbc59e-fb6f-494f-81e2-d99a671bdaa8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1670 - Flaw Remediation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1670"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c6108469-57ee-4666-af7e-79ba61c7ae0c","type":"Microsoft.Authorization/policyDefinitions","name":"c6108469-57ee-4666-af7e-79ba61c7ae0c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1190 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1190"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c66a3d1e-465b-4f28-9da5-aef701b59892","type":"Microsoft.Authorization/policyDefinitions","name":"c66a3d1e-465b-4f28-9da5-aef701b59892"},{"properties":{"displayName":"Microsoft
+ Managed Control 1120 - Audit Review, Analysis, And Reporting | Integration
+ / Scanning And Monitoring Capabilities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1120"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c69b870e-857b-458b-af02-bb234f7a00d3","type":"Microsoft.Authorization/policyDefinitions","name":"c69b870e-857b-458b-af02-bb234f7a00d3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1125 - Audit Reduction And Report Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1125"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c6ce745a-670e-47d3-a6c4-3cfe5ef00c10","type":"Microsoft.Authorization/policyDefinitions","name":"c6ce745a-670e-47d3-a6c4-3cfe5ef00c10"},{"properties":{"displayName":"Microsoft
+ Managed Control 1619 - Information In Shared Resources","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1619"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c722e569-cb52-45f3-a643-836547d016e1","type":"Microsoft.Authorization/policyDefinitions","name":"c722e569-cb52-45f3-a643-836547d016e1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1121 - Audit Review, Analysis, And Reporting | Correlation
+ With Physical Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1121"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c72b0eb9-1fc2-44e5-a866-e7cb0532f7c1","type":"Microsoft.Authorization/policyDefinitions","name":"c72b0eb9-1fc2-44e5-a866-e7cb0532f7c1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1353 - Incident Response Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1353"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c785ad59-f78f-44ad-9a7f-d1202318c748","type":"Microsoft.Authorization/policyDefinitions","name":"c785ad59-f78f-44ad-9a7f-d1202318c748"},{"properties":{"displayName":"Email
notifications to admins and subscription owners should be enabled in SQL server
advanced data security settings","policyType":"BuiltIn","mode":"Indexed","description":"Audit
that ''email notification to admins and subscription owners'' is enabled in
the SQL server advanced threat protection settings. This ensures that any
detections of anomalous activities on SQL server are reported as soon as possible
to the admins.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","type":"Microsoft.Authorization/policyDefinitions","name":"c8343d2f-fdc9-4a97-b76f-fc71d1163bfc"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","type":"Microsoft.Authorization/policyDefinitions","name":"c8343d2f-fdc9-4a97-b76f-fc71d1163bfc"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Batch Account to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Batch Account to stream to a regional Log Analytics
+ workspace when any Batch Account which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Batch/batchAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Batch/batchAccounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ServiceLog","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5","type":"Microsoft.Authorization/policyDefinitions","name":"c84e5349-db6d-4769-805e-e14037dab9b5"},{"properties":{"displayName":"[Deprecated]:
API App should only be accessible over HTTPS","policyType":"BuiltIn","mode":"All","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"Security
Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForApiApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d","type":"Microsoft.Authorization/policyDefinitions","name":"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForApiApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d","type":"Microsoft.Authorization/policyDefinitions","name":"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1470 - Emergency Shutoff","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1470"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c89ba09f-2e0f-44d0-8095-65b05bd151ef","type":"Microsoft.Authorization/policyDefinitions","name":"c89ba09f-2e0f-44d0-8095-65b05bd151ef"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Interactive Logon''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -10061,7 +16241,10 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - Interactive Logon''. For more information on
Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsInteractiveLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8abcef9-fc26-482f-b8db-5fa60ee4586d","type":"Microsoft.Authorization/policyDefinitions","name":"c8abcef9-fc26-482f-b8db-5fa60ee4586d"},{"properties":{"displayName":"Diagnostic
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsInteractiveLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8abcef9-fc26-482f-b8db-5fa60ee4586d","type":"Microsoft.Authorization/policyDefinitions","name":"c8abcef9-fc26-482f-b8db-5fa60ee4586d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1018 - Account Management | Role-Based Schemes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1018"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c9121abf-e698-4ee9-b1cf-71ee528ff07f","type":"Microsoft.Authorization/policyDefinitions","name":"c9121abf-e698-4ee9-b1cf-71ee528ff07f"},{"properties":{"displayName":"Diagnostic
logs in Data Lake Analytics should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
@@ -10082,13 +16265,13 @@ interactions:
and deploys the VM extension for Guest Configuration. This policy should only
be used along with its corresponding audit policy in an initiative. For more
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPendingReboot"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPendingReboot"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c96f3246-4382-4264-bf6b-af0b35e23c3c","type":"Microsoft.Authorization/policyDefinitions","name":"c96f3246-4382-4264-bf6b-af0b35e23c3c"},{"properties":{"displayName":"Deploy
Diagnostic Settings for Network Security Groups","policyType":"BuiltIn","mode":"Indexed","description":"This
policy automatically deploys diagnostic settings to network security groups.
@@ -10110,11 +16293,30 @@ interactions:
service work as intended, allow the set of trusted Microsoft services to bypass
the network rules. These services will then use strong authentication to access
the storage account.","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","exists":"true"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","notContains":"AzureServices"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","type":"Microsoft.Authorization/policyDefinitions","name":"c9d007d0-c057-4772-b18c-01e546713bcd"},{"properties":{"displayName":"Remote
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","exists":"true"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","notContains":"AzureServices"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","type":"Microsoft.Authorization/policyDefinitions","name":"c9d007d0-c057-4772-b18c-01e546713bcd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1035 - Least Privilege | Authorize Access To Security Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1035"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ca94b046-45e2-444f-a862-dc8ce262a516","type":"Microsoft.Authorization/policyDefinitions","name":"ca94b046-45e2-444f-a862-dc8ce262a516"},{"properties":{"displayName":"Microsoft
+ Managed Control 1243 - Contingency Planning Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1243"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ca9a4469-d6df-4ab2-a42f-1213c396f0ec","type":"Microsoft.Authorization/policyDefinitions","name":"ca9a4469-d6df-4ab2-a42f-1213c396f0ec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1306 - Identification And Authentication (Org. Users) | Net.
+ Access To Priv. Accts. - Replay","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1306"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff","type":"Microsoft.Authorization/policyDefinitions","name":"cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff"},{"properties":{"displayName":"Remote
debugging should be turned off for Web Applications","policyType":"BuiltIn","mode":"Indexed","description":"Remote
debugging requires inbound ports to be opened on a web application. Remote
debugging should be turned off.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","type":"Microsoft.Authorization/policyDefinitions","name":"cb510bfd-1cba-4d9f-a230-cb0976f4bb71"},{"properties":{"displayName":"Show
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","type":"Microsoft.Authorization/policyDefinitions","name":"cb510bfd-1cba-4d9f-a230-cb0976f4bb71"},{"properties":{"displayName":"Microsoft
+ Managed Control 1486 - Alternate Work Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1486"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cb790345-a51f-43de-934e-98dbfaf9dca5","type":"Microsoft.Authorization/policyDefinitions","name":"cb790345-a51f-43de-934e-98dbfaf9dca5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1167 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1167"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cbb2be76-4891-430b-95a7-ca0b0a3d1300","type":"Microsoft.Authorization/policyDefinitions","name":"cbb2be76-4891-430b-95a7-ca0b0a3d1300"},{"properties":{"displayName":"Microsoft
+ Managed Control 1374 - Incident Response Assistance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1374"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cc5c8616-52ef-4e5e-8000-491634ed9249","type":"Microsoft.Authorization/policyDefinitions","name":"cc5c8616-52ef-4e5e-8000-491634ed9249"},{"properties":{"displayName":"Show
audit results from Windows VMs in which the Administrators group does not
contain only the specified members","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -10133,7 +16335,10 @@ interactions:
policy enables you to specify a set of virtual machine SKUs that your organization
can deploy.","metadata":{"category":"Compute"},"parameters":{"listOfAllowedSKUs":{"type":"Array","metadata":{"description":"The
list of SKUs that can be specified for virtual machines.","displayName":"Allowed
- SKUs","strongType":"VMSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"field":"Microsoft.Compute/virtualMachines/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3","type":"Microsoft.Authorization/policyDefinitions","name":"cccc23c7-8427-4f53-ad12-b6a63eb452b3"},{"properties":{"displayName":"Inherit
+ SKUs","strongType":"VMSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"field":"Microsoft.Compute/virtualMachines/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3","type":"Microsoft.Authorization/policyDefinitions","name":"cccc23c7-8427-4f53-ad12-b6a63eb452b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1443 - Media Use","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1443"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd0ec6fa-a2e7-4361-aee4-a8688659a9ed","type":"Microsoft.Authorization/policyDefinitions","name":"cd0ec6fa-a2e7-4361-aee4-a8688659a9ed"},{"properties":{"displayName":"Inherit
a tag from the resource group","policyType":"BuiltIn","mode":"Indexed","description":"Adds
or replaces the specified tag and value from the parent resource group when
any resource is created or updated. Existing resources can be remediated by
@@ -10142,13 +16347,19 @@ interactions:
parameters(''tagName''), '']'')]","notEquals":"[resourceGroup().tags[parameters(''tagName'')]]"},{"value":"[resourceGroup().tags[parameters(''tagName'')]]","notEquals":""}]},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"addOrReplace","field":"[concat(''tags['',
parameters(''tagName''), '']'')]","value":"[resourceGroup().tags[parameters(''tagName'')]]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd3aa116-8754-49c9-a813-ad46512ece54","type":"Microsoft.Authorization/policyDefinitions","name":"cd3aa116-8754-49c9-a813-ad46512ece54"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation if ''department'' tag set","policyType":"BuiltIn","mode":"Indexed","description":"Allows
- resource creation only if the ''department'' tag is set","metadata":{"category":"Tags","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags","containsKey":"department"}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064","type":"Microsoft.Authorization/policyDefinitions","name":"cd8dc879-a2ae-43c3-8211-1877c5755064"},{"properties":{"displayName":"[Preview]:
+ resource creation only if the ''department'' tag is set","metadata":{"category":"Tags","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags","containsKey":"department"}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064","type":"Microsoft.Authorization/policyDefinitions","name":"cd8dc879-a2ae-43c3-8211-1877c5755064"},{"properties":{"displayName":"Microsoft
+ Managed Control 1582 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1582"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd9e2f38-259b-462c-bfad-0ad7ab4e65c5","type":"Microsoft.Authorization/policyDefinitions","name":"cd9e2f38-259b-462c-bfad-0ad7ab4e65c5"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that allow re-use of the previous 24 passwords","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that allow re-use of the previous 24 passwords.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","type":"Microsoft.Authorization/policyDefinitions","name":"cdbf72d9-ac9c-4026-8a3a-491a5ac59293"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","type":"Microsoft.Authorization/policyDefinitions","name":"cdbf72d9-ac9c-4026-8a3a-491a5ac59293"},{"properties":{"displayName":"Microsoft
+ Managed Control 1104 - Audit Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1104"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cdd8d244-18b2-4306-a1d1-df175ae0935f","type":"Microsoft.Authorization/policyDefinitions","name":"cdd8d244-18b2-4306-a1d1-df175ae0935f"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - Privilege Use''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -10159,14 +16370,37 @@ interactions:
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPrivilegeUse","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesPrivilegeUse"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ce2370f6-0ac5-4d85-8ab4-10721cc640b0","type":"Microsoft.Authorization/policyDefinitions","name":"ce2370f6-0ac5-4d85-8ab4-10721cc640b0"},{"properties":{"displayName":"Diagnostic
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ce2370f6-0ac5-4d85-8ab4-10721cc640b0","type":"Microsoft.Authorization/policyDefinitions","name":"ce2370f6-0ac5-4d85-8ab4-10721cc640b0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1209 - Configuration Settings","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1209"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ce669c31-9103-4552-ae9c-cdef4e03580d","type":"Microsoft.Authorization/policyDefinitions","name":"ce669c31-9103-4552-ae9c-cdef4e03580d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1242 - Contingency Planning Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1242"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf3b3293-667a-445e-a722-fa0b0afc0958","type":"Microsoft.Authorization/policyDefinitions","name":"cf3b3293-667a-445e-a722-fa0b0afc0958"},{"properties":{"displayName":"Microsoft
+ Managed Control 1097 - Role-Based Security Training | Suspicious Communications
+ And Anomalous System Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1097"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf3e4836-f19e-47eb-a8cd-c3ca150452c0","type":"Microsoft.Authorization/policyDefinitions","name":"cf3e4836-f19e-47eb-a8cd-c3ca150452c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1424 - Maintenance Personnel | Individuals Without Appropriate
+ Access","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1424"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf55fc87-48e1-4676-a2f8-d9a8cf993283","type":"Microsoft.Authorization/policyDefinitions","name":"cf55fc87-48e1-4676-a2f8-d9a8cf993283"},{"properties":{"displayName":"Diagnostic
logs in Key Vault should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Key Vault"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","type":"Microsoft.Authorization/policyDefinitions","name":"cf820ca0-f99e-4f3e-84fb-66e913812d21"},{"properties":{"displayName":"Add
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","type":"Microsoft.Authorization/policyDefinitions","name":"cf820ca0-f99e-4f3e-84fb-66e913812d21"},{"properties":{"displayName":"Microsoft
+ Managed Control 1292 - Information System Backup | Test Restoration Using
+ Sampling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1292"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d03516cf-0293-489f-9b32-a18f2a79f836","type":"Microsoft.Authorization/policyDefinitions","name":"d03516cf-0293-489f-9b32-a18f2a79f836"},{"properties":{"displayName":"Microsoft
+ Managed Control 1724 - Error Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1724"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d07594d1-0307-4c08-94db-5d71ff31f0f6","type":"Microsoft.Authorization/policyDefinitions","name":"d07594d1-0307-4c08-94db-5d71ff31f0f6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1084 - Publicly Accessible Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1084"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d0eb15db-dd1c-4d1d-b200-b12dd6cd060c","type":"Microsoft.Authorization/policyDefinitions","name":"d0eb15db-dd1c-4d1d-b200-b12dd6cd060c"},{"properties":{"displayName":"Add
or replace a tag on resource groups","policyType":"BuiltIn","mode":"All","description":"Adds
or replaces the specified tag and value when any resource group is created
or updated. Existing resource groups can be remediated by triggering a remediation
@@ -10182,11 +16416,30 @@ interactions:
connections between your database server and your client applications helps
protect against ''man-in-the-middle'' attacks by encrypting the data stream
between the server and your application","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","type":"Microsoft.Authorization/policyDefinitions","name":"d158790f-bfb0-486c-8631-2dc6b4e8e6af"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","type":"Microsoft.Authorization/policyDefinitions","name":"d158790f-bfb0-486c-8631-2dc6b4e8e6af"},{"properties":{"displayName":"Microsoft
+ Managed Control 1620 - Denial Of Service Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1620"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d17c826b-1dec-43e1-a984-7b71c446649c","type":"Microsoft.Authorization/policyDefinitions","name":"d17c826b-1dec-43e1-a984-7b71c446649c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1409 - Maintenance Tools | Prevent Unauthorized Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1409"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d1880188-e51a-4772-b2ab-68f5e8bd27f6","type":"Microsoft.Authorization/policyDefinitions","name":"d1880188-e51a-4772-b2ab-68f5e8bd27f6"},{"properties":{"displayName":"[Deprecated]:
Audit Function Apps that are not using custom domains","policyType":"BuiltIn","mode":"All","description":"Use
of custom domains protects a Function app from common attacks such as phishing
and other DNS-related attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c","type":"Microsoft.Authorization/policyDefinitions","name":"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c","type":"Microsoft.Authorization/policyDefinitions","name":"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1195 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1195"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d1e1d65c-1013-4484-bd54-991332e6a0d2","type":"Microsoft.Authorization/policyDefinitions","name":"d1e1d65c-1013-4484-bd54-991332e6a0d2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1721 - Spam Protection | Central Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1721"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a","type":"Microsoft.Authorization/policyDefinitions","name":"d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1106 - Audit Events | Reviews And Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1106"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d2b4feae-61ab-423f-a4c5-0e38ac4464d8","type":"Microsoft.Authorization/policyDefinitions","name":"d2b4feae-61ab-423f-a4c5-0e38ac4464d8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1030 - Information Flow Enforcement | Physical / Logical Separation
+ Of Information Flows","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1030"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d3531453-b869-4606-9122-29c1cd6e7ed1","type":"Microsoft.Authorization/policyDefinitions","name":"d3531453-b869-4606-9122-29c1cd6e7ed1"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs on which the DSC configuration is
not compliant","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows VMs on which
@@ -10196,30 +16449,127 @@ interactions:
Configuration. This policy should only be used along with its corresponding
audit policy in an initiative. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDscConfiguration","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDscConfiguration"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d38b4c26-9d2e-47d7-aefe-18d859a8706a","type":"Microsoft.Authorization/policyDefinitions","name":"d38b4c26-9d2e-47d7-aefe-18d859a8706a"},{"properties":{"displayName":"Virtual
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDscConfiguration","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDscConfiguration"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d38b4c26-9d2e-47d7-aefe-18d859a8706a","type":"Microsoft.Authorization/policyDefinitions","name":"d38b4c26-9d2e-47d7-aefe-18d859a8706a"},{"properties":{"displayName":"Long-term
+ geo-redundant backup should be enabled for Azure SQL Databases","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure SQL Database with long-term geo-redundant backup not
+ enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies","name":"default","existenceCondition":{"anyOf":[{"field":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies/weeklyRetention","notEquals":"PT0S"},{"field":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies/monthlyRetention","notEquals":"PT0S"},{"field":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies/yearlyRetention","notEquals":"PT0S"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","type":"Microsoft.Authorization/policyDefinitions","name":"d38fc420-0735-4ef3-ac11-c806f651a570"},{"properties":{"displayName":"Microsoft
+ Managed Control 1641 - Transmission Confidentiality And Integrity | Cryptographic
+ Or Alternate Physical Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1641"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d39d4f68-7346-4133-8841-15318a714a24","type":"Microsoft.Authorization/policyDefinitions","name":"d39d4f68-7346-4133-8841-15318a714a24"},{"properties":{"displayName":"Microsoft
+ Managed Control 1249 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1249"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d3bf4251-0818-42db-950b-afd5b25a51c2","type":"Microsoft.Authorization/policyDefinitions","name":"d3bf4251-0818-42db-950b-afd5b25a51c2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1562 - Allocation Of Resources","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1562"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d4142013-7964-4163-a313-a900301c2cef","type":"Microsoft.Authorization/policyDefinitions","name":"d4142013-7964-4163-a313-a900301c2cef"},{"properties":{"displayName":"Virtual
machines should be connected to an approved virtual network","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any virtual machine connected to a virtual network that is not
approved.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"virtualNetworkId":{"type":"String","metadata":{"displayName":"Virtual
- network Id","description":"Resource Id of the virtual network. Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroupName/providers/Microsoft.Network/virtualNetworks/Name"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"not":{"field":"Microsoft.Network/networkInterfaces/ipconfigurations[*].subnet.id","like":"[concat(parameters(''virtualNetworkId''),''/*'')]"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d416745a-506c-48b6-8ab1-83cb814bcaa3","type":"Microsoft.Authorization/policyDefinitions","name":"d416745a-506c-48b6-8ab1-83cb814bcaa3"},{"properties":{"displayName":"Event
+ network Id","description":"Resource Id of the virtual network. Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroupName/providers/Microsoft.Network/virtualNetworks/Name"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"not":{"field":"Microsoft.Network/networkInterfaces/ipconfigurations[*].subnet.id","like":"[concat(parameters(''virtualNetworkId''),''/*'')]"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d416745a-506c-48b6-8ab1-83cb814bcaa3","type":"Microsoft.Authorization/policyDefinitions","name":"d416745a-506c-48b6-8ab1-83cb814bcaa3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1383 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1383"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d4558451-e16a-4d2d-a066-fe12a6282bb9","type":"Microsoft.Authorization/policyDefinitions","name":"d4558451-e16a-4d2d-a066-fe12a6282bb9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1112 - Response To Audit Processing Failures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1112"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d530aad8-4ee2-45f4-b234-c061dae683c0","type":"Microsoft.Authorization/policyDefinitions","name":"d530aad8-4ee2-45f4-b234-c061dae683c0"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Data Lake Analytics to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Analytics to stream to a regional Log
+ Analytics workspace when any Data Lake Analytics which is missing this diagnostic
+ settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeAnalytics/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeAnalytics/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03","type":"Microsoft.Authorization/policyDefinitions","name":"d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03"},{"properties":{"displayName":"Microsoft
+ Managed Control 1585 - Security Engineering Principles","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1585"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d57f8732-5cdc-4cda-8d27-ab148e1f3a55","type":"Microsoft.Authorization/policyDefinitions","name":"d57f8732-5cdc-4cda-8d27-ab148e1f3a55"},{"properties":{"displayName":"Microsoft
+ Managed Control 1667 - System And Information Integrity Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1667"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d61880dc-6e38-4f2a-a30c-3406a98f8220","type":"Microsoft.Authorization/policyDefinitions","name":"d61880dc-6e38-4f2a-a30c-3406a98f8220"},{"properties":{"displayName":"Microsoft
+ Managed Control 1150 - Security Assessments | External Organizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1150"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d630429d-e763-40b1-8fba-d20ba7314afb","type":"Microsoft.Authorization/policyDefinitions","name":"d630429d-e763-40b1-8fba-d20ba7314afb"},{"properties":{"displayName":"Event
Hub should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Event Hub not configured to use a virtual network service
endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.EventHub/namespaces/virtualNetworkRules","existenceCondition":{"field":"Microsoft.EventHub/namespaces/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d63edb4a-c612-454d-b47d-191a724fcbf0","type":"Microsoft.Authorization/policyDefinitions","name":"d63edb4a-c612-454d-b47d-191a724fcbf0"},{"properties":{"displayName":"Show
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.EventHub/namespaces/virtualNetworkRules","existenceCondition":{"field":"Microsoft.EventHub/namespaces/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d63edb4a-c612-454d-b47d-191a724fcbf0","type":"Microsoft.Authorization/policyDefinitions","name":"d63edb4a-c612-454d-b47d-191a724fcbf0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1549 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1549"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d6976a08-d969-4df2-bb38-29556c2eb48a","type":"Microsoft.Authorization/policyDefinitions","name":"d6976a08-d969-4df2-bb38-29556c2eb48a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1473 - Emergency Power","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1473"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d7047705-d719-46a7-8bb0-76ad233eba71","type":"Microsoft.Authorization/policyDefinitions","name":"d7047705-d719-46a7-8bb0-76ad233eba71"},{"properties":{"displayName":"Microsoft
+ Managed Control 1529 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1529"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d74fdc92-1cb8-4a34-9978-8556425cd14c","type":"Microsoft.Authorization/policyDefinitions","name":"d74fdc92-1cb8-4a34-9978-8556425cd14c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1350 - Identification And Authentication (Non-Org. Users)
+ | Use Of FICAM-Issued Profiles","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1350"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d77fd943-6ba6-4a21-ba07-22b03e347cc4","type":"Microsoft.Authorization/policyDefinitions","name":"d77fd943-6ba6-4a21-ba07-22b03e347cc4"},{"properties":{"displayName":"Show
audit results from Windows Server VMs on which Windows Serial Console is not
enabled","policyType":"BuiltIn","mode":"All","description":"This policy should
only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
Server virtual machines on which Windows Serial Console is not enabled. For
more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsSerialConsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d7ccd0ca-8d78-42af-a43d-6b7f928accbc","type":"Microsoft.Authorization/policyDefinitions","name":"d7ccd0ca-8d78-42af-a43d-6b7f928accbc"},{"properties":{"displayName":"[Deprecated]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsSerialConsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d7ccd0ca-8d78-42af-a43d-6b7f928accbc","type":"Microsoft.Authorization/policyDefinitions","name":"d7ccd0ca-8d78-42af-a43d-6b7f928accbc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1016 - Account Management | Automated Audit Actions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1016"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d8b43277-512e-40c3-ab00-14b3b6e72238","type":"Microsoft.Authorization/policyDefinitions","name":"d8b43277-512e-40c3-ab00-14b3b6e72238"},{"properties":{"displayName":"Microsoft
+ Managed Control 1488 - Alternate Work Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1488"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d8ef30eb-a44f-47af-8524-ac19a36d41d2","type":"Microsoft.Authorization/policyDefinitions","name":"d8ef30eb-a44f-47af-8524-ac19a36d41d2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1577 - Acquisition Process | Continuous Monitoring Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1577"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d922484a-8cfc-4a6b-95a4-77d6a685407f","type":"Microsoft.Authorization/policyDefinitions","name":"d922484a-8cfc-4a6b-95a4-77d6a685407f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1271 - Alternate Storage Site | Accessibility","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1271"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/da3bfb53-9c46-4010-b3db-a7ba1296dada","type":"Microsoft.Authorization/policyDefinitions","name":"da3bfb53-9c46-4010-b3db-a7ba1296dada"},{"properties":{"displayName":"Microsoft
+ Managed Control 1516 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1516"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/da3cd269-156f-435b-b472-c3af34c032ed","type":"Microsoft.Authorization/policyDefinitions","name":"da3cd269-156f-435b-b472-c3af34c032ed"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Batch Account to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Batch Account to stream to a regional Event Hub
+ when any Batch Account which is missing this diagnostic settings is created
+ or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Batch/batchAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Batch/batchAccounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ServiceLog","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/db51110f-0865-4a6e-b274-e2e07a5b2cd7","type":"Microsoft.Authorization/policyDefinitions","name":"db51110f-0865-4a6e-b274-e2e07a5b2cd7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1277 - Alternate Processing Site | Priority Of Service","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1277"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dc43e829-3d50-4a0a-aa0f-428d551862aa","type":"Microsoft.Authorization/policyDefinitions","name":"dc43e829-3d50-4a0a-aa0f-428d551862aa"},{"properties":{"displayName":"Microsoft
+ Managed Control 1439 - Media Sanitization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1439"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dce72873-c5f1-47c3-9b4f-6b8207fd5a45","type":"Microsoft.Authorization/policyDefinitions","name":"dce72873-c5f1-47c3-9b4f-6b8207fd5a45"},{"properties":{"displayName":"Microsoft
+ Managed Control 1264 - Contingency Plan Testing | Coordinate With Related
+ Plans","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1264"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd280d4b-50a1-42fb-a479-ece5878acf19","type":"Microsoft.Authorization/policyDefinitions","name":"dd280d4b-50a1-42fb-a479-ece5878acf19"},{"properties":{"displayName":"[Deprecated]:
Audit Web Applications that are not using custom domains","policyType":"BuiltIn","mode":"All","description":"Use
of custom domains protects a web application from common attacks such as phishing
and other DNS-related attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -10231,7 +16581,23 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''System Audit Policies - Policy Change''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPolicyChange","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd4680ed-0559-4a6a-ad10-081d14cbb484","type":"Microsoft.Authorization/policyDefinitions","name":"dd4680ed-0559-4a6a-ad10-081d14cbb484"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPolicyChange","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd4680ed-0559-4a6a-ad10-081d14cbb484","type":"Microsoft.Authorization/policyDefinitions","name":"dd4680ed-0559-4a6a-ad10-081d14cbb484"},{"properties":{"displayName":"Microsoft
+ Managed Control 1715 - Software, Firmware, And Information Integrity | Automated
+ Response To Integrity Violations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1715"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd469ae0-71a8-4adc-aafc-de6949ca3339","type":"Microsoft.Authorization/policyDefinitions","name":"dd469ae0-71a8-4adc-aafc-de6949ca3339"},{"properties":{"displayName":"Microsoft
+ Managed Control 1678 - Malicious Code Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1678"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd533cb0-b416-4be7-8e86-4d154824dfd7","type":"Microsoft.Authorization/policyDefinitions","name":"dd533cb0-b416-4be7-8e86-4d154824dfd7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1391 - Information Spillage Response | Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1391"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd6ac1a1-660e-4810-baa8-74e868e2ed47","type":"Microsoft.Authorization/policyDefinitions","name":"dd6ac1a1-660e-4810-baa8-74e868e2ed47"},{"properties":{"displayName":"Microsoft
+ Managed Control 1146 - Security Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1146"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd83410c-ecb6-4547-8f14-748c3cbdc7ac","type":"Microsoft.Authorization/policyDefinitions","name":"dd83410c-ecb6-4547-8f14-748c3cbdc7ac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1602 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1602"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ddae2e97-a449-499f-a1c8-aea4a7e52ec9","type":"Microsoft.Authorization/policyDefinitions","name":"ddae2e97-a449-499f-a1c8-aea4a7e52ec9"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Settings
- Account Policies''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -10256,13 +16622,26 @@ interactions:
''='', parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsRecoveryconsole"},"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Recovery
console: Allow floppy copy and access to all drives and all folders;ExpectedValue","value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b","type":"Microsoft.Authorization/policyDefinitions","name":"ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b"},{"properties":{"displayName":"[Deprecated]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b","type":"Microsoft.Authorization/policyDefinitions","name":"ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1689 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1689"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/de901f2f-a01a-4456-97f0-33cda7966172","type":"Microsoft.Authorization/policyDefinitions","name":"de901f2f-a01a-4456-97f0-33cda7966172"},{"properties":{"displayName":"Microsoft
+ Managed Control 1528 - Access Agreements","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1528"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/deb9797c-22f8-40e8-b342-a84003c924e6","type":"Microsoft.Authorization/policyDefinitions","name":"deb9797c-22f8-40e8-b342-a84003c924e6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1673 - Flaw Remediation | Automated Flaw Remediation Status","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1673"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dff0b90d-5a6f-491c-b2f8-b90aa402d844","type":"Microsoft.Authorization/policyDefinitions","name":"dff0b90d-5a6f-491c-b2f8-b90aa402d844"},{"properties":{"displayName":"[Deprecated]:
Allow resource creation only in Japan data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation in the following locations only: Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697","type":"Microsoft.Authorization/policyDefinitions","name":"e01598e8-6538-41ed-95e8-8b29746cd697"},{"properties":{"displayName":"Cosmos
DB should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Cosmos DB not configured to use a virtual network service
endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"field":"Microsoft.DocumentDB/databaseAccounts/virtualNetworkRules[*].id","exists":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9","type":"Microsoft.Authorization/policyDefinitions","name":"e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9"},{"properties":{"displayName":"Deploy
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"field":"Microsoft.DocumentDB/databaseAccounts/virtualNetworkRules[*].id","exists":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9","type":"Microsoft.Authorization/policyDefinitions","name":"e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1206 - Access Restrictions For Change | Limit Production /
+ Operational Privileges","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1206"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0de232d-02a0-4652-872d-88afb4ae5e91","type":"Microsoft.Authorization/policyDefinitions","name":"e0de232d-02a0-4652-872d-88afb4ae5e91"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that do not have the specified Windows
PowerShell execution policy","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -10280,11 +16659,36 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellExecutionPolicy]PowerShellExecutionPolicy1;ExecutionPolicy","value":"[parameters(''ExecutionPolicy'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0efc13a-122a-47c5-b817-2ccfe5d12615","type":"Microsoft.Authorization/policyDefinitions","name":"e0efc13a-122a-47c5-b817-2ccfe5d12615"},{"properties":{"displayName":"Vulnerabilities
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0efc13a-122a-47c5-b817-2ccfe5d12615","type":"Microsoft.Authorization/policyDefinitions","name":"e0efc13a-122a-47c5-b817-2ccfe5d12615"},{"properties":{"displayName":"Microsoft
+ Managed Control 1714 - Software, Firmware, And Information Integrity | Automated
+ Notifications Of Integrity Violations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1714"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e12494fa-b81e-4080-af71-7dbacc2da0ec","type":"Microsoft.Authorization/policyDefinitions","name":"e12494fa-b81e-4080-af71-7dbacc2da0ec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1686 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1686"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e17085c5-0be8-4423-b39b-a52d3d1402e5","type":"Microsoft.Authorization/policyDefinitions","name":"e17085c5-0be8-4423-b39b-a52d3d1402e5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1722 - Spam Protection | Automatic Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1722"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1da06bd-25b6-4127-a301-c313d6873fff","type":"Microsoft.Authorization/policyDefinitions","name":"e1da06bd-25b6-4127-a301-c313d6873fff"},{"properties":{"displayName":"Vulnerabilities
in security configuration on your machines should be remediated","policyType":"BuiltIn","mode":"All","description":"Servers
which do not satisfy the configured baseline will be monitored by Azure Security
Center as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"osVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","type":"Microsoft.Authorization/policyDefinitions","name":"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"osVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","type":"Microsoft.Authorization/policyDefinitions","name":"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15"},{"properties":{"displayName":"Microsoft
+ Managed Control 1047 - System Use Notification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1047"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62","type":"Microsoft.Authorization/policyDefinitions","name":"e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62"},{"properties":{"displayName":"Microsoft
+ Managed Control 1276 - Alternate Processing Site | Accessibility","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1276"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e214e563-1206-4a43-a56b-ac5880c9c571","type":"Microsoft.Authorization/policyDefinitions","name":"e214e563-1206-4a43-a56b-ac5880c9c571"},{"properties":{"displayName":"Microsoft
+ Managed Control 1560 - System And Services Acquisition Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1560"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e29e0915-5c2f-4d09-8806-048b749ad763","type":"Microsoft.Authorization/policyDefinitions","name":"e29e0915-5c2f-4d09-8806-048b749ad763"},{"properties":{"displayName":"Ensure
+ that ''HTTP Version'' is the latest, if used to run the Function app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for HTTP either due to security flaws or to include
+ additional functionality. Using the latest HTTP version for web apps to take
+ advantage of security fixes, if any, and/or new functionalities of the newer
+ version.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.http20Enabled","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c","type":"Microsoft.Authorization/policyDefinitions","name":"e2c1c086-2d84-4019-bff3-c44ccd95113c"},{"properties":{"displayName":"[Preview]:
Audit Dependency Agent Deployment in VMSS - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports
VMSS as non-compliant if the VM Image (OS) is not in the list defined and
the agent is not installed. The list of OS images will be updated over time
@@ -10292,7 +16696,16 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10","type":"Microsoft.Authorization/policyDefinitions","name":"e2dd799a-a932-4e9d-ac17-d473bc3c6c10"},{"properties":{"displayName":"Azure
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10","type":"Microsoft.Authorization/policyDefinitions","name":"e2dd799a-a932-4e9d-ac17-d473bc3c6c10"},{"properties":{"displayName":"Microsoft
+ Managed Control 1161 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1161"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2f8f6c6-dde4-436b-a79d-bc50e129eb3a","type":"Microsoft.Authorization/policyDefinitions","name":"e2f8f6c6-dde4-436b-a79d-bc50e129eb3a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1387 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1387"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3007185-3857-43a9-8237-06ca94f1084c","type":"Microsoft.Authorization/policyDefinitions","name":"e3007185-3857-43a9-8237-06ca94f1084c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1479 - Fire Protection | Automatic Fire Suppression","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1479"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e327b072-281d-4f75-9c28-4216e5d72f26","type":"Microsoft.Authorization/policyDefinitions","name":"e327b072-281d-4f75-9c28-4216e5d72f26"},{"properties":{"displayName":"Azure
VPN gateways should not use ''basic'' SKU","policyType":"BuiltIn","mode":"All","description":"This
policy ensures that VPN gateways do not use ''basic'' SKU.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/virtualNetworkGateways"},{"field":"Microsoft.Network/virtualNetworkGateways/gatewayType","equals":"Vpn"},{"field":"Microsoft.Network/virtualNetworkGateways/sku.tier","equals":"Basic"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e345b6c3-24bd-4c93-9bbb-7e5e49a17b78","type":"Microsoft.Authorization/policyDefinitions","name":"e345b6c3-24bd-4c93-9bbb-7e5e49a17b78"},{"properties":{"displayName":"MFA
@@ -10343,7 +16756,13 @@ interactions:
password age;ExpectedValue","value":"[parameters(''MinimumPasswordAge'')]"},{"name":"Minimum
password length;ExpectedValue","value":"[parameters(''MinimumPasswordLength'')]"},{"name":"Password
must meet complexity requirements;ExpectedValue","value":"[parameters(''PasswordMustMeetComplexityRequirements'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3d95ab7-f47a-49d8-a347-784177b6c94c","type":"Microsoft.Authorization/policyDefinitions","name":"e3d95ab7-f47a-49d8-a347-784177b6c94c"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3d95ab7-f47a-49d8-a347-784177b6c94c","type":"Microsoft.Authorization/policyDefinitions","name":"e3d95ab7-f47a-49d8-a347-784177b6c94c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1451 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1451"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3f1e5a3-25c1-4476-8cb6-3955031f8e65","type":"Microsoft.Authorization/policyDefinitions","name":"e3f1e5a3-25c1-4476-8cb6-3955031f8e65"},{"properties":{"displayName":"Microsoft
+ Managed Control 1357 - Incident Response Training | Automated Training Environments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1357"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e4213689-05e8-4241-9d4e-8dd1cdafd105","type":"Microsoft.Authorization/policyDefinitions","name":"e4213689-05e8-4241-9d4e-8dd1cdafd105"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- User Account Control''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -10375,14 +16794,36 @@ interactions:
Approval Mode;ExpectedValue","value":"[parameters(''UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode'')]"},{"name":"User
Account Control: Detect application installations and prompt for elevation;ExpectedValue","value":"[parameters(''UACDetectApplicationInstallationsAndPromptForElevation'')]"},{"name":"User
Account Control: Run all administrators in Admin Approval Mode;ExpectedValue","value":"[parameters(''UACRunAllAdministratorsInAdminApprovalMode'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e425e402-a050-45e5-b010-bd3f934589fc","type":"Microsoft.Authorization/policyDefinitions","name":"e425e402-a050-45e5-b010-bd3f934589fc"},{"properties":{"displayName":"Allowed
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e425e402-a050-45e5-b010-bd3f934589fc","type":"Microsoft.Authorization/policyDefinitions","name":"e425e402-a050-45e5-b010-bd3f934589fc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1340 - Authenticator Management | No Embedded Unencrypted
+ Static Authenticators","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1340"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e51ff84b-e5ea-408f-b651-2ecc2933e4c6","type":"Microsoft.Authorization/policyDefinitions","name":"e51ff84b-e5ea-408f-b651-2ecc2933e4c6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1381 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1381"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e5368258-9684-4567-8126-269f34e65eab","type":"Microsoft.Authorization/policyDefinitions","name":"e5368258-9684-4567-8126-269f34e65eab"},{"properties":{"displayName":"Microsoft
+ Managed Control 1421 - Maintenance Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1421"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e539caaa-da8c-41b8-9e1e-449851e2f7a6","type":"Microsoft.Authorization/policyDefinitions","name":"e539caaa-da8c-41b8-9e1e-449851e2f7a6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1716 - Software, Firmware, And Information Integrity | Integration
+ Of Detection And Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1716"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e54c325e-42a0-4dcf-b105-046e0f6f590f","type":"Microsoft.Authorization/policyDefinitions","name":"e54c325e-42a0-4dcf-b105-046e0f6f590f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1023 - Account Management | Usage Conditions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1023"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e55698b6-3dea-4aa9-99b9-d8218c6ab6e5","type":"Microsoft.Authorization/policyDefinitions","name":"e55698b6-3dea-4aa9-99b9-d8218c6ab6e5"},{"properties":{"displayName":"Allowed
locations","policyType":"BuiltIn","mode":"Indexed","description":"This policy
enables you to restrict the locations your organization can specify when deploying
resources. Use to enforce your geo-compliance requirements. Excludes resource
groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources that
use the ''global'' region.","metadata":{"category":"General"},"parameters":{"listOfAllowedLocations":{"type":"Array","metadata":{"description":"The
list of locations that can be specified when deploying resources.","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"allOf":[{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"},{"field":"location","notEquals":"global"},{"field":"type","notEquals":"Microsoft.AzureActiveDirectory/b2cDirectories"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","type":"Microsoft.Authorization/policyDefinitions","name":"e56962a6-4747-49cd-b67b-bf8b01975c4c"},{"properties":{"displayName":"[Preview]:
+ locations"}}},"policyRule":{"if":{"allOf":[{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"},{"field":"location","notEquals":"global"},{"field":"type","notEquals":"Microsoft.AzureActiveDirectory/b2cDirectories"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","type":"Microsoft.Authorization/policyDefinitions","name":"e56962a6-4747-49cd-b67b-bf8b01975c4c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1296 - Information System Recovery And Reconstitution | Transaction
+ Recovery","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1296"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e57b98a0-a011-4956-a79d-5d17ed8b8e48","type":"Microsoft.Authorization/policyDefinitions","name":"e57b98a0-a011-4956-a79d-5d17ed8b8e48"},{"properties":{"displayName":"Microsoft
+ Managed Control 1499 - Rules Of Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1499"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e59671ab-9720-4ee2-9c60-170e8c82251e","type":"Microsoft.Authorization/policyDefinitions","name":"e59671ab-9720-4ee2-9c60-170e8c82251e"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Accounts''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -10402,29 +16843,49 @@ interactions:
the latest supported Node.js version for the latest security classes. Using
older classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestNodeJS","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008","type":"Microsoft.Authorization/policyDefinitions","name":"e67687e8-08d5-4e7f-8226-5b4753bba008"},{"properties":{"displayName":"Subnets
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestNodeJS","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008","type":"Microsoft.Authorization/policyDefinitions","name":"e67687e8-08d5-4e7f-8226-5b4753bba008"},{"properties":{"displayName":"Microsoft
+ Managed Control 1465 - Monitoring Physical Access | Monitoring Physical Access
+ To Information Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1465"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e6e41554-86b5-4537-9f7f-4fc41a1d1640","type":"Microsoft.Authorization/policyDefinitions","name":"e6e41554-86b5-4537-9f7f-4fc41a1d1640"},{"properties":{"displayName":"Subnets
should be associated with a Network Security Group","policyType":"BuiltIn","mode":"All","description":"Protect
your subnet from potential threats by restricting access to it with a Network
Security Group (NSG). NSGs contain a list of Access Control List (ACL) rules
that allow or deny network traffic to your subnet.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnSubnets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","type":"Microsoft.Authorization/policyDefinitions","name":"e71308d3-144b-4262-b144-efdc3cc90517"},{"properties":{"displayName":"Advanced
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnSubnets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","type":"Microsoft.Authorization/policyDefinitions","name":"e71308d3-144b-4262-b144-efdc3cc90517"},{"properties":{"displayName":"Microsoft
+ Managed Control 1567 - System Development Life Cycle","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1567"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e72edbf6-aa61-436d-a227-0f32b77194b3","type":"Microsoft.Authorization/policyDefinitions","name":"e72edbf6-aa61-436d-a227-0f32b77194b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1311 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1311"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e7568697-0c9e-4ea3-9cec-9e567d14f3c6","type":"Microsoft.Authorization/policyDefinitions","name":"e7568697-0c9e-4ea3-9cec-9e567d14f3c6"},{"properties":{"displayName":"Advanced
Threat Protection types should be set to ''All'' in SQL server Advanced Data
Security settings","policyType":"BuiltIn","mode":"Indexed","description":"It
is recommended to enable all Advanced Threat Protection types on your SQL
servers. Enabling all types protects against SQL injection, database vulnerabilities,
and any other anomalous activities.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/disabledAlerts[*]","equals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","type":"Microsoft.Authorization/policyDefinitions","name":"e756b945-1b1b-480b-8de8-9a0859d5f7ad"},{"properties":{"displayName":"Allowed
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/disabledAlerts[*]","equals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","type":"Microsoft.Authorization/policyDefinitions","name":"e756b945-1b1b-480b-8de8-9a0859d5f7ad"},{"properties":{"displayName":"Microsoft
+ Managed Control 1154 - System Interconnections | Unclassified Non-National
+ Security System Connections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1154"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e757ceb9-93b3-45fe-a4f4-f43f64f1ac5a","type":"Microsoft.Authorization/policyDefinitions","name":"e757ceb9-93b3-45fe-a4f4-f43f64f1ac5a"},{"properties":{"displayName":"Allowed
locations for resource groups","policyType":"BuiltIn","mode":"All","description":"This
policy enables you to restrict the locations your organization can create
resource groups in. Use to enforce your geo-compliance requirements.","metadata":{"category":"General"},"parameters":{"listOfAllowedLocations":{"type":"Array","metadata":{"description":"The
list of locations that resource groups can be created in.","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988","type":"Microsoft.Authorization/policyDefinitions","name":"e765b5de-1225-4ba3-bd56-1ac6695af988"},{"properties":{"displayName":"[Deprecated]:
+ locations"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988","type":"Microsoft.Authorization/policyDefinitions","name":"e765b5de-1225-4ba3-bd56-1ac6695af988"},{"properties":{"displayName":"Microsoft
+ Managed Control 1273 - Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1273"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e77fcbf2-a1e8-44f1-860e-ed6583761e65","type":"Microsoft.Authorization/policyDefinitions","name":"e77fcbf2-a1e8-44f1-860e-ed6583761e65"},{"properties":{"displayName":"[Deprecated]:
Audit Web Sockets state for a Web Application","policyType":"BuiltIn","mode":"All","description":"The
Web Sockets protocol is vulnerable to different types of security threats.
Use of Web Sockets within a web application must be carefully reviewed.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e","type":"Microsoft.Authorization/policyDefinitions","name":"e797f851-8be7-4c40-bb56-2e3395215b0e"},{"properties":{"displayName":"Enforce
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e","type":"Microsoft.Authorization/policyDefinitions","name":"e797f851-8be7-4c40-bb56-2e3395215b0e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1169 - Continuous Monitoring | Trend Analyses","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1169"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e7ba2cb3-5675-4468-8b50-8486bdd998a5","type":"Microsoft.Authorization/policyDefinitions","name":"e7ba2cb3-5675-4468-8b50-8486bdd998a5"},{"properties":{"displayName":"Enforce
SSL connection should be enabled for MySQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any MySQL server that is not enforcing SSL connection. Azure
Database for MySQL supports connecting your Azure Database for MySQL server
@@ -10432,16 +16893,52 @@ interactions:
between your database server and your client applications helps protect against
''man in the middle'' attacks by encrypting the data stream between the server
and your application.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMySQL/servers"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","type":"Microsoft.Authorization/policyDefinitions","name":"e802a67a-daf5-4436-9ea6-f6d821dd0c5d"},{"properties":{"displayName":"Vulnerabilities
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMySQL/servers"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","type":"Microsoft.Authorization/policyDefinitions","name":"e802a67a-daf5-4436-9ea6-f6d821dd0c5d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1237 - Software Usage Restrictions | Open Source Software","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1237"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e80b6812-0bfa-4383-8223-cdd86a46a890","type":"Microsoft.Authorization/policyDefinitions","name":"e80b6812-0bfa-4383-8223-cdd86a46a890"},{"properties":{"displayName":"Vulnerabilities
in container security configurations should be remediated","policyType":"BuiltIn","mode":"All","description":"Audit
vulnerabilities in security configuration on machines with Docker installed
and display as recommendations in Azure Security Center.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ContainerBenchmark","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","type":"Microsoft.Authorization/policyDefinitions","name":"e8cbc669-f12d-49eb-93e7-9273119e9933"},{"properties":{"displayName":"Remote
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ContainerBenchmark","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","type":"Microsoft.Authorization/policyDefinitions","name":"e8cbc669-f12d-49eb-93e7-9273119e9933"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Data Lake Storage Gen1 to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Storage Gen1 to stream to a regional
+ Event Hub when any Data Lake Storage Gen1 which is missing this diagnostic
+ settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeStore/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e8d096bc-85de-4c5f-8cfb-857bd1b9d62d","type":"Microsoft.Authorization/policyDefinitions","name":"e8d096bc-85de-4c5f-8cfb-857bd1b9d62d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1626 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1626"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e8f6bddd-6d67-439a-88d4-c5fe39a79341","type":"Microsoft.Authorization/policyDefinitions","name":"e8f6bddd-6d67-439a-88d4-c5fe39a79341"},{"properties":{"displayName":"Microsoft
+ Managed Control 1502 - Rules Of Behavior | Social Media And Networking Restrictions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1502"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e901375c-8f01-4ac8-9183-d5312f47fe63","type":"Microsoft.Authorization/policyDefinitions","name":"e901375c-8f01-4ac8-9183-d5312f47fe63"},{"properties":{"displayName":"Microsoft
+ Managed Control 1723 - Information Input Validation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1723"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e91927a0-ac1d-44a0-95f8-5185f9dfce9f","type":"Microsoft.Authorization/policyDefinitions","name":"e91927a0-ac1d-44a0-95f8-5185f9dfce9f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1200 - Security Impact Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1200"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e98fe9d7-2ed3-44f8-93b7-24dca69783ff","type":"Microsoft.Authorization/policyDefinitions","name":"e98fe9d7-2ed3-44f8-93b7-24dca69783ff"},{"properties":{"displayName":"Microsoft
+ Managed Control 1487 - Alternate Work Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1487"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e9c3371d-c30c-4f58-abd9-30b8a8199571","type":"Microsoft.Authorization/policyDefinitions","name":"e9c3371d-c30c-4f58-abd9-30b8a8199571"},{"properties":{"displayName":"Remote
debugging should be turned off for API Apps","policyType":"BuiltIn","mode":"Indexed","description":"Remote
debugging requires inbound ports to be opened on an API apps. Remote debugging
should be turned off.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","type":"Microsoft.Authorization/policyDefinitions","name":"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e"},{"properties":{"displayName":"Inherit
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","type":"Microsoft.Authorization/policyDefinitions","name":"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1363 - Incident Handling | Automated Incident Handling Processes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1363"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ea3e8156-89a1-45b1-8bd6-938abc79fdfd","type":"Microsoft.Authorization/policyDefinitions","name":"ea3e8156-89a1-45b1-8bd6-938abc79fdfd"},{"properties":{"displayName":"Inherit
a tag from the resource group if missing","policyType":"BuiltIn","mode":"Indexed","description":"Adds
the specified tag with its value from the parent resource group when any resource
missing this tag is created or updated. Existing resources can be remediated
@@ -10453,7 +16950,24 @@ interactions:
Vault should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Key Vault not configured to use a virtual network service
endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"anyOf":[{"field":"Microsoft.KeyVault/vaults/networkAcls.defaultAction","notEquals":"Deny"},{"field":"Microsoft.KeyVault/vaults/networkAcls.virtualNetworkRules[*].id","exists":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ea4d6841-2173-4317-9747-ff522a45120f","type":"Microsoft.Authorization/policyDefinitions","name":"ea4d6841-2173-4317-9747-ff522a45120f"},{"properties":{"displayName":"Log
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"anyOf":[{"field":"Microsoft.KeyVault/vaults/networkAcls.defaultAction","notEquals":"Deny"},{"field":"Microsoft.KeyVault/vaults/networkAcls.virtualNetworkRules[*].id","exists":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ea4d6841-2173-4317-9747-ff522a45120f","type":"Microsoft.Authorization/policyDefinitions","name":"ea4d6841-2173-4317-9747-ff522a45120f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1422 - Maintenance Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1422"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ea556850-838d-4a37-8ce5-9d7642f95e11","type":"Microsoft.Authorization/policyDefinitions","name":"ea556850-838d-4a37-8ce5-9d7642f95e11"},{"properties":{"displayName":"Microsoft
+ Managed Control 1542 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1542"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eab340d0-3d55-4826-a0e5-feebfeb0131d","type":"Microsoft.Authorization/policyDefinitions","name":"eab340d0-3d55-4826-a0e5-feebfeb0131d"},{"properties":{"displayName":"Ensure
+ Function app has ''Client Certificates (Incoming client certificates)'' set
+ to ''On''","policyType":"BuiltIn","mode":"Indexed","description":"Client certificates
+ allow for the app to request a certificate for incoming requests. Only clients
+ that have a valid certificate will be able to reach the app.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"},{"field":"Microsoft.Web/sites/clientCertEnabled","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c","type":"Microsoft.Authorization/policyDefinitions","name":"eaebaea7-8013-4ceb-9d14-7eb32271373c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1064 - Remote Access | Privileged Commands / Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1064"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eb4d9508-cbf0-4a3c-bb5c-6c95b159f3fb","type":"Microsoft.Authorization/policyDefinitions","name":"eb4d9508-cbf0-4a3c-bb5c-6c95b159f3fb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1321 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1321"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eb627cc6-3a9d-46b5-96b7-5fca49178a37","type":"Microsoft.Authorization/policyDefinitions","name":"eb627cc6-3a9d-46b5-96b7-5fca49178a37"},{"properties":{"displayName":"Log
checkpoints should be enabled for PostgreSQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy helps audit any PostgreSQL databases in your environment without log_checkpoints
setting enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -10483,13 +16997,13 @@ interactions:
Configuration. This policy should only be used along with its corresponding
audit policy in an initiative. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid110"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid110"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","type":"Microsoft.Authorization/policyDefinitions","name":"ec49586f-4939-402d-a29e-6ff502b20592"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Administrative
Templates - Control Panel''","policyType":"BuiltIn","mode":"Indexed","description":"This
@@ -10501,7 +17015,13 @@ interactions:
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesControlPanel","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_AdministrativeTemplatesControlPanel"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ec7ac234-2af5-4729-94d2-c557c071799d","type":"Microsoft.Authorization/policyDefinitions","name":"ec7ac234-2af5-4729-94d2-c557c071799d"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ec7ac234-2af5-4729-94d2-c557c071799d","type":"Microsoft.Authorization/policyDefinitions","name":"ec7ac234-2af5-4729-94d2-c557c071799d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1241 - User-Installed Software | Alerts For Unauthorized Installations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1241"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eca4d7b2-65e2-4e04-95d4-c68606b063c3","type":"Microsoft.Authorization/policyDefinitions","name":"eca4d7b2-65e2-4e04-95d4-c68606b063c3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1622 - Boundary Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1622"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ecf56554-164d-499a-8d00-206b07c27bed","type":"Microsoft.Authorization/policyDefinitions","name":"ecf56554-164d-499a-8d00-206b07c27bed"},{"properties":{"displayName":"Deploy
Diagnostic Settings for Key Vault to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
the diagnostic settings for Key Vault to stream to a regional Event Hub when
any Key Vault which is missing this diagnostic settings is created or updated.","metadata":{"category":"Key
@@ -10517,16 +17037,78 @@ interactions:
logs","description":"Whether to enable logs stream to the Event Hub - True
or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vaultName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"resources":[{"type":"Microsoft.KeyVault/vaults/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''vaultName''),
''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"AuditEvent","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- diagnostic settings for '', parameters(''vaultName''))]"}}},"parameters":{"location":{"value":"[field(''location'')]"},"vaultName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ed7c8c13-51e7-49d1-8a43-8490431a0da2","type":"Microsoft.Authorization/policyDefinitions","name":"ed7c8c13-51e7-49d1-8a43-8490431a0da2"},{"properties":{"displayName":"Vulnerability
+ diagnostic settings for '', parameters(''vaultName''))]"}}},"parameters":{"location":{"value":"[field(''location'')]"},"vaultName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ed7c8c13-51e7-49d1-8a43-8490431a0da2","type":"Microsoft.Authorization/policyDefinitions","name":"ed7c8c13-51e7-49d1-8a43-8490431a0da2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1217 - Least Functionality | Periodic Review","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1217"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/edea4f20-b02c-4115-be75-86c080e5c0ed","type":"Microsoft.Authorization/policyDefinitions","name":"edea4f20-b02c-4115-be75-86c080e5c0ed"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Stream Analytics to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Stream Analytics to stream to a regional Event
+ Hub when any Stream Analytics which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingjobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.StreamAnalytics/streamingjobs/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Execution","enabled":"[parameters(''logsEnabled'')]"},{"category":"Authoring","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/edf3780c-3d70-40fe-b17e-ab72013dafca","type":"Microsoft.Authorization/policyDefinitions","name":"edf3780c-3d70-40fe-b17e-ab72013dafca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1189 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1189"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ee45e02a-4140-416c-82c4-fecfea660b9d","type":"Microsoft.Authorization/policyDefinitions","name":"ee45e02a-4140-416c-82c4-fecfea660b9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1089 - Security Awareness Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1089"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef080e67-0d1a-4f76-a0c5-fb9b0358485e","type":"Microsoft.Authorization/policyDefinitions","name":"ef080e67-0d1a-4f76-a0c5-fb9b0358485e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1314 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1314"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef0c8530-efd9-45b8-b753-f03083d06295","type":"Microsoft.Authorization/policyDefinitions","name":"ef0c8530-efd9-45b8-b753-f03083d06295"},{"properties":{"displayName":"Microsoft
+ Managed Control 1128 - Time Stamps","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1128"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef212163-3bc4-4e86-bcf8-705127086393","type":"Microsoft.Authorization/policyDefinitions","name":"ef212163-3bc4-4e86-bcf8-705127086393"},{"properties":{"displayName":"Vulnerability
assessment should be enabled on your SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"Audit
Azure SQL servers which do not have recurring vulnerability assessment scans
enabled. Vulnerability assessment can discover, track, and help you remediate
potential database vulnerabilities.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/vulnerabilityAssessments/recurringScans.isEnabled","equals":"True"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","type":"Microsoft.Authorization/policyDefinitions","name":"ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9"},{"properties":{"displayName":"The
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/vulnerabilityAssessments/recurringScans.isEnabled","equals":"True"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","type":"Microsoft.Authorization/policyDefinitions","name":"ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Event Hub to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Event Hub to stream to a regional Event Hub when
+ any Event Hub which is missing this diagnostic settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.EventHub/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ArchiveLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"AutoScaleLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"KafkaCoordinatorLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"EventHubVNetConnectionEvent","enabled":"[parameters(''logsEnabled'')]"},{"category":"CustomerManagedKeyUserLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef7b61ef-b8e4-4c91-8e78-6946c6b0023f","type":"Microsoft.Authorization/policyDefinitions","name":"ef7b61ef-b8e4-4c91-8e78-6946c6b0023f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1472 - Emergency Shutoff","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1472"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef869332-921d-4c28-9402-3be73e6e50c8","type":"Microsoft.Authorization/policyDefinitions","name":"ef869332-921d-4c28-9402-3be73e6e50c8"},{"properties":{"displayName":"The
Log Analytics agent should be installed on Virtual Machine Scale Sets","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Windows/Linux Virtual Machine Scale Sets if the Log Analytics
agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","in":["MicrosoftMonitoringAgent","OmsAgentForLinux"]},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/provisioningState","equals":"Succeeded"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/settings.workspaceId","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf","type":"Microsoft.Authorization/policyDefinitions","name":"efbde977-ba53-4479-b8e9-10b957924fbf"},{"properties":{"displayName":"Deploy
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","in":["MicrosoftMonitoringAgent","OmsAgentForLinux"]},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/provisioningState","equals":"Succeeded"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/settings.workspaceId","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf","type":"Microsoft.Authorization/policyDefinitions","name":"efbde977-ba53-4479-b8e9-10b957924fbf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1012 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1012"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/efd7b9ae-1db6-4eb6-b0fe-87e6565f9738","type":"Microsoft.Authorization/policyDefinitions","name":"efd7b9ae-1db6-4eb6-b0fe-87e6565f9738"},{"properties":{"displayName":"Microsoft
+ Managed Control 1358 - Incident Response Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1358"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/effbaeef-5bf4-400d-895e-ef8cbc0e64c7","type":"Microsoft.Authorization/policyDefinitions","name":"effbaeef-5bf4-400d-895e-ef8cbc0e64c7"},{"properties":{"displayName":"Ensure
+ that Register with Azure Active Directory is enabled on Function App","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0473e7a-a1ba-4e86-afb2-e829e11b01d8","type":"Microsoft.Authorization/policyDefinitions","name":"f0473e7a-a1ba-4e86-afb2-e829e11b01d8"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that have the specified applications installed","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
that have the specified applications installed. It also creates a system-assigned
@@ -10545,7 +17127,16 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]NotInstalledApplicationResource1;Name","value":"[parameters(''ApplicationName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2","type":"Microsoft.Authorization/policyDefinitions","name":"f0633351-c7b2-41ff-9981-508fc08553c2"},{"properties":{"displayName":"Virtual
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2","type":"Microsoft.Authorization/policyDefinitions","name":"f0633351-c7b2-41ff-9981-508fc08553c2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1531 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1531"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0643e0c-eee5-4113-8684-c608d05c5236","type":"Microsoft.Authorization/policyDefinitions","name":"f0643e0c-eee5-4113-8684-c608d05c5236"},{"properties":{"displayName":"Latest
+ TLS version should be used in your Web App","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
+ to the latest TLS version","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","type":"Microsoft.Authorization/policyDefinitions","name":"f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1028 - Information Flow Enforcement","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1028"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f171df5c-921b-41e9-b12b-50801c315475","type":"Microsoft.Authorization/policyDefinitions","name":"f171df5c-921b-41e9-b12b-50801c315475"},{"properties":{"displayName":"Virtual
networks should use specified virtual network gateway","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any virtual network if the default route does not point to the
specified virtual network gateway.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -10560,13 +17151,13 @@ interactions:
managed identity and deploys the VM extension for Guest Configuration. This
policy should only be used along with its corresponding audit policy in an
initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid121"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid121"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","type":"Microsoft.Authorization/policyDefinitions","name":"f19aa1c1-6b91-4c27-ae6a-970279f03db9"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Adminstrative
Templates - MSS (Legacy)''","policyType":"BuiltIn","mode":"Indexed","description":"This
@@ -10578,7 +17169,24 @@ interactions:
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdminstrativeTemplatesMSSLegacy","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_AdminstrativeTemplatesMSSLegacy"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f1f4825d-58fb-4257-8016-8c00e3c9ed9d","type":"Microsoft.Authorization/policyDefinitions","name":"f1f4825d-58fb-4257-8016-8c00e3c9ed9d"},{"properties":{"displayName":"Show
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f1f4825d-58fb-4257-8016-8c00e3c9ed9d","type":"Microsoft.Authorization/policyDefinitions","name":"f1f4825d-58fb-4257-8016-8c00e3c9ed9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1701 - Information System Monitoring | Host-Based Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1701"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f25bc08f-27cb-43b6-9a23-014d00700426","type":"Microsoft.Authorization/policyDefinitions","name":"f25bc08f-27cb-43b6-9a23-014d00700426"},{"properties":{"displayName":"Microsoft
+ Managed Control 1457 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1457"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f2d9d3e6-8886-4305-865d-639163e5c305","type":"Microsoft.Authorization/policyDefinitions","name":"f2d9d3e6-8886-4305-865d-639163e5c305"},{"properties":{"displayName":"Microsoft
+ Managed Control 1309 - Identification And Authentication (Org. Users) | Acceptance
+ Of Piv Credentials","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1309"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f355d62b-39a8-4ba3-abf7-90f71cb3b000","type":"Microsoft.Authorization/policyDefinitions","name":"f355d62b-39a8-4ba3-abf7-90f71cb3b000"},{"properties":{"displayName":"Microsoft
+ Managed Control 1615 - System And Communications Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1615"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f35e02aa-0a55-49f8-8811-8abfa7e6f2c0","type":"Microsoft.Authorization/policyDefinitions","name":"f35e02aa-0a55-49f8-8811-8abfa7e6f2c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1255 - Contingency Plan | Continue Essential Missions / Business
+ Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1255"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f3793f5e-937f-44f7-bfba-40647ef3efa0","type":"Microsoft.Authorization/policyDefinitions","name":"f3793f5e-937f-44f7-bfba-40647ef3efa0"},{"properties":{"displayName":"Show
audit results from Windows VMs in which the Administrators group does not
contain all of the specified members","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -10594,7 +17202,10 @@ interactions:
VMs that do not contain the specified certificates in the Trusted Root Certification
Authorities certificate store (Cert:\\LocalMachine\\Root). For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsCertificateInTrustedRoot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f3b9ad83-000d-4dc1-bff0-6d54533dd03f","type":"Microsoft.Authorization/policyDefinitions","name":"f3b9ad83-000d-4dc1-bff0-6d54533dd03f"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsCertificateInTrustedRoot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f3b9ad83-000d-4dc1-bff0-6d54533dd03f","type":"Microsoft.Authorization/policyDefinitions","name":"f3b9ad83-000d-4dc1-bff0-6d54533dd03f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1706 - Security Alerts, Advisories, And Directives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1706"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f475ee0e-f560-4c9b-876b-04a77460a404","type":"Microsoft.Authorization/policyDefinitions","name":"f475ee0e-f560-4c9b-876b-04a77460a404"},{"properties":{"displayName":"[Preview]:
Audit Log Analytics Workspace for VM - Report Mismatch","policyType":"BuiltIn","mode":"Indexed","description":"Reports
VMs as non-compliant if they not logging to the LA workspace specified in
the policy/initiative assignment.","metadata":{"category":"Monitoring"},"parameters":{"logAnalyticsWorkspaceId":{"type":"String","metadata":{"displayName":"Log
@@ -10611,7 +17222,9 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that do not have the password complexity setting enabled.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","type":"Microsoft.Authorization/policyDefinitions","name":"f48b2913-1dc5-4834-8c72-ccc1dfd819bb"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","type":"Microsoft.Authorization/policyDefinitions","name":"f48b2913-1dc5-4834-8c72-ccc1dfd819bb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1495 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1495"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f4978d0e-a596-48e7-9f8c-bbf52554ce8d","type":"Microsoft.Authorization/policyDefinitions","name":"f4978d0e-a596-48e7-9f8c-bbf52554ce8d"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that have not restarted within the
specified number of days","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -10646,7 +17259,13 @@ interactions:
0, 3)]","storageName":"[tolower(concat(''sqlaudit'', variables(''locationCode''),
variables(''uniqueStorage'')))]","createStorageAccountDeploymentName":"[concat(''sqlServerAuditingStorageAccount-'',
uniqueString(variables(''locationCode''), parameters(''serverName'')))]"},"resources":[{"apiVersion":"2017-05-10","name":"[variables(''createStorageAccountDeploymentName'')]","type":"Microsoft.Resources/deployments","resourceGroup":"[parameters(''storageAccountsResourceGroup'')]","properties":{"mode":"Incremental","parameters":{"location":{"value":"[parameters(''location'')]"},"storageName":{"value":"[variables(''storageName'')]"}},"templateLink":{"uri":"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json","contentVersion":"1.0.0.0"}}},{"name":"[concat(parameters(''serverName''),
- ''/Default'')]","type":"Microsoft.Sql/servers/auditingSettings","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","storageEndpoint":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountEndPoint.value]","storageAccountAccessKey":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountKey.value]","retentionDays":"[variables(''retentionDays'')]","auditActionsAndGroups":null,"storageAccountSubscriptionId":"[subscription().subscriptionId]","isStorageSecondaryKeyInUse":false}}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"auditRetentionDays":{"value":"[parameters(''retentionDays'')]"},"storageAccountsResourceGroup":{"value":"[parameters(''storageAccountsResourceGroup'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036","type":"Microsoft.Authorization/policyDefinitions","name":"f4c68484-132f-41f9-9b6d-3e4b1cb55036"},{"properties":{"displayName":"[Preview]:
+ ''/Default'')]","type":"Microsoft.Sql/servers/auditingSettings","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","storageEndpoint":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountEndPoint.value]","storageAccountAccessKey":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountKey.value]","retentionDays":"[variables(''retentionDays'')]","auditActionsAndGroups":null,"storageAccountSubscriptionId":"[subscription().subscriptionId]","isStorageSecondaryKeyInUse":false}}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"auditRetentionDays":{"value":"[parameters(''retentionDays'')]"},"storageAccountsResourceGroup":{"value":"[parameters(''storageAccountsResourceGroup'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036","type":"Microsoft.Authorization/policyDefinitions","name":"f4c68484-132f-41f9-9b6d-3e4b1cb55036"},{"properties":{"displayName":"Microsoft
+ Managed Control 1469 - Power Equipment And Cabling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1469"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd","type":"Microsoft.Authorization/policyDefinitions","name":"f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1618 - Security Function Isolation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1618"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f52f89aa-4489-4ec4-950e-8c96a036baa9","type":"Microsoft.Authorization/policyDefinitions","name":"f52f89aa-4489-4ec4-950e-8c96a036baa9"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Network Access''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -10682,13 +17301,42 @@ interactions:
access: Remotely accessible registry paths;ExpectedValue","value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPaths'')]"},{"name":"Network
access: Remotely accessible registry paths and sub-paths;ExpectedValue","value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths'')]"},{"name":"Network
access: Shares that can be accessed anonymously;ExpectedValue","value":"[parameters(''NetworkAccessSharesThatCanBeAccessedAnonymously'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f56a3ab2-89d1-44de-ac0d-2ada5962e22a","type":"Microsoft.Authorization/policyDefinitions","name":"f56a3ab2-89d1-44de-ac0d-2ada5962e22a"},{"properties":{"displayName":"Virtual
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f56a3ab2-89d1-44de-ac0d-2ada5962e22a","type":"Microsoft.Authorization/policyDefinitions","name":"f56a3ab2-89d1-44de-ac0d-2ada5962e22a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1198 - Configuration Change Control | Security Representative","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1198"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f56be5c3-660b-4c61-9078-f67cf072c356","type":"Microsoft.Authorization/policyDefinitions","name":"f56be5c3-660b-4c61-9078-f67cf072c356"},{"properties":{"displayName":"Microsoft
+ Managed Control 1328 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1328"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f5c66fdc-3d02-4034-9db5-ba57802609de","type":"Microsoft.Authorization/policyDefinitions","name":"f5c66fdc-3d02-4034-9db5-ba57802609de"},{"properties":{"displayName":"Microsoft
+ Managed Control 1193 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1193"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f5fd629f-3075-4cae-ab53-bad65495a4ac","type":"Microsoft.Authorization/policyDefinitions","name":"f5fd629f-3075-4cae-ab53-bad65495a4ac"},{"properties":{"displayName":"Virtual
machines should be associated with a Network Security Group","policyType":"BuiltIn","mode":"All","description":"Protect
your VM from potential threats by restricting access to it with a Network
Security Group (NSG). NSGs contain a list of Access Control List (ACL) rules
that allow or deny network traffic to your VM from other instances, in or
outside the same subnet.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnVirtualMachines","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","type":"Microsoft.Authorization/policyDefinitions","name":"f6de0be7-9a8a-4b8a-b349-43cf02d22f7c"},{"properties":{"displayName":"Show
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnVirtualMachines","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","type":"Microsoft.Authorization/policyDefinitions","name":"f6de0be7-9a8a-4b8a-b349-43cf02d22f7c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1214 - Least Functionality","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1214"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f714a4e2-b580-47b6-ae8c-f2812d3750f3","type":"Microsoft.Authorization/policyDefinitions","name":"f714a4e2-b580-47b6-ae8c-f2812d3750f3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1591 - External Information System Services | Ident. Of Functions
+ / Ports / Protocols / Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1591"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f751cdb7-fbee-406b-969b-815d367cb9b3","type":"Microsoft.Authorization/policyDefinitions","name":"f751cdb7-fbee-406b-969b-815d367cb9b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1330 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1330"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f75cedb2-5def-4b31-973e-b69e8c7bd031","type":"Microsoft.Authorization/policyDefinitions","name":"f75cedb2-5def-4b31-973e-b69e8c7bd031"},{"properties":{"displayName":"Microsoft
+ Managed Control 1540 - Security Categorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1540"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f771f8cb-6642-45cc-9a15-8a41cd5c6977","type":"Microsoft.Authorization/policyDefinitions","name":"f771f8cb-6642-45cc-9a15-8a41cd5c6977"},{"properties":{"displayName":"Microsoft
+ Managed Control 1449 - Physical Access Authorizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1449"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f784d3b0-5f2b-49b7-b9f3-00ba8653ced5","type":"Microsoft.Authorization/policyDefinitions","name":"f784d3b0-5f2b-49b7-b9f3-00ba8653ced5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1506 - Personnel Security Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1506"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f7d2ff17-d604-4dd9-b607-9ecf63f28ad2","type":"Microsoft.Authorization/policyDefinitions","name":"f7d2ff17-d604-4dd9-b607-9ecf63f28ad2"},{"properties":{"displayName":"Show
audit results from Windows VMs that do not have the specified Windows PowerShell
execution policy","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -10696,11 +17344,20 @@ interactions:
auditing Windows virtual machines where Windows PowerShell is not configured
to use the specified PowerShell execution policy. For more information on
Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellExecutionPolicy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8036bd0-c10b-4931-86bb-94a878add855","type":"Microsoft.Authorization/policyDefinitions","name":"f8036bd0-c10b-4931-86bb-94a878add855"},{"properties":{"displayName":"External
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellExecutionPolicy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8036bd0-c10b-4931-86bb-94a878add855","type":"Microsoft.Authorization/policyDefinitions","name":"f8036bd0-c10b-4931-86bb-94a878add855"},{"properties":{"displayName":"Microsoft
+ Managed Control 1705 - Security Alerts, Advisories, And Directives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1705"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f82e3639-fa2b-4e06-a786-932d8379b972","type":"Microsoft.Authorization/policyDefinitions","name":"f82e3639-fa2b-4e06-a786-932d8379b972"},{"properties":{"displayName":"External
accounts with owner permissions should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"External
accounts with owner permissions should be removed from your subscription in
order to prevent unmonitored access.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","type":"Microsoft.Authorization/policyDefinitions","name":"f8456c1c-aa66-4dfb-861a-25d127b775c9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","type":"Microsoft.Authorization/policyDefinitions","name":"f8456c1c-aa66-4dfb-861a-25d127b775c9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1345 - Cryptographic Module Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1345"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f86aa129-7c07-4aa4-bbf5-792d93ffd9ea","type":"Microsoft.Authorization/policyDefinitions","name":"f86aa129-7c07-4aa4-bbf5-792d93ffd9ea"},{"properties":{"displayName":"Microsoft
+ Managed Control 1065 - Remote Access | Privileged Commands / Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1065"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f87b8085-dca9-4cf1-8f7b-9822b997797c","type":"Microsoft.Authorization/policyDefinitions","name":"f87b8085-dca9-4cf1-8f7b-9822b997797c"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - System''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -10725,20 +17382,69 @@ interactions:
your network is compromised","metadata":{"category":"Service Bus"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","type":"Microsoft.Authorization/policyDefinitions","name":"f8d36e2f-389b-4ee4-898d-21aeb69a0f45"},{"properties":{"displayName":"Diagnostic
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","type":"Microsoft.Authorization/policyDefinitions","name":"f8d36e2f-389b-4ee4-898d-21aeb69a0f45"},{"properties":{"displayName":"Microsoft
+ Managed Control 1203 - Access Restrictions For Change | Automated Access Enforcement
+ / Auditing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1203"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9012d14-e3e6-4d7b-b926-9f37b5537066","type":"Microsoft.Authorization/policyDefinitions","name":"f9012d14-e3e6-4d7b-b926-9f37b5537066"},{"properties":{"displayName":"Microsoft
+ Managed Control 1697 - Information System Monitoring | Analyze Traffic / Covert
+ Exfiltration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1697"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9873db2-18ad-46b3-a11a-1a1f8cbf0335","type":"Microsoft.Authorization/policyDefinitions","name":"f9873db2-18ad-46b3-a11a-1a1f8cbf0335"},{"properties":{"displayName":"Microsoft
+ Managed Control 1478 - Fire Protection | Suppression Devices / Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1478"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f997df46-cfbb-4cc8-aac8-3fecdaf6a183","type":"Microsoft.Authorization/policyDefinitions","name":"f997df46-cfbb-4cc8-aac8-3fecdaf6a183"},{"properties":{"displayName":"Microsoft
+ Managed Control 1535 - Personnel Sanctions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1535"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9a165d2-967d-4733-8399-1074270dae2e","type":"Microsoft.Authorization/policyDefinitions","name":"f9a165d2-967d-4733-8399-1074270dae2e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1108 - Content Of Audit Records | Additional Audit Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1108"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9ad559e-c12d-415e-9a78-e50fdd7da7ba","type":"Microsoft.Authorization/policyDefinitions","name":"f9ad559e-c12d-415e-9a78-e50fdd7da7ba"},{"properties":{"displayName":"Diagnostic
logs in Azure Stream Analytics should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Stream Analytics"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingJobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","type":"Microsoft.Authorization/policyDefinitions","name":"f9be5368-9bf5-4b84-9e0a-7850da98bb46"},{"properties":{"displayName":"[Preview]:
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingJobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","type":"Microsoft.Authorization/policyDefinitions","name":"f9be5368-9bf5-4b84-9e0a-7850da98bb46"},{"properties":{"displayName":"Latest
+ TLS version should be used in your Function App","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
+ to the latest TLS version","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","type":"Microsoft.Authorization/policyDefinitions","name":"f9d614c5-c173-4d56-95a7-b4437057d193"},{"properties":{"displayName":"Microsoft
+ Managed Control 1280 - Telecommunications Services | Priority Of Service Provisions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1280"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fa108498-b3a8-4ffb-9e79-1107e76afad3","type":"Microsoft.Authorization/policyDefinitions","name":"fa108498-b3a8-4ffb-9e79-1107e76afad3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1037 - Least Privilege | Network Access To Privileged Commands","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1037"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fa4c2a3d-1294-41a3-9ada-0e540471e9fb","type":"Microsoft.Authorization/policyDefinitions","name":"fa4c2a3d-1294-41a3-9ada-0e540471e9fb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1435 - Media Transport","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1435"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fa8d221b-d130-4637-ba16-501e666628bb","type":"Microsoft.Authorization/policyDefinitions","name":"fa8d221b-d130-4637-ba16-501e666628bb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1675 - Flaw Remediation | Time To Remediate Flaws / Benchmarks
+ For Corrective Actions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1675"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/facb66e0-1c48-478a-bed5-747a312323e1","type":"Microsoft.Authorization/policyDefinitions","name":"facb66e0-1c48-478a-bed5-747a312323e1"},{"properties":{"displayName":"Deploy
+ prerequisites to enable Guest Configuration Policy on Linux VMs.","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a system-assigned managed identity and deploys the VM extension
+ for Guest Configuration on Linux VMs. This is a prerequisites for Guest Configuration
+ Policy and must be assigned to the scope before using any Guest Configuration
+ policy. For more information on Guest Configuration policies, please visit
+ https://aka.ms/gcpol.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.Compute/virtualMachines/extensions","name":"AzurePolicyforLinux","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.GuestConfiguration"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"ConfigurationforLinux"}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"resources":[{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}}}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb27e9e0-526e-4ae1-89f2-a2a0bf0f8a50","type":"Microsoft.Authorization/policyDefinitions","name":"fb27e9e0-526e-4ae1-89f2-a2a0bf0f8a50"},{"properties":{"displayName":"Microsoft
+ Managed Control 1086 - Publicly Accessible Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1086"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb321e6f-16a0-4be3-878f-500956e309c5","type":"Microsoft.Authorization/policyDefinitions","name":"fb321e6f-16a0-4be3-878f-500956e309c5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1222 - Information System Component Inventory","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1222"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb39e62f-6bda-4558-8088-ec03d5670914","type":"Microsoft.Authorization/policyDefinitions","name":"fb39e62f-6bda-4558-8088-ec03d5670914"},{"properties":{"displayName":"[Preview]:
Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
your Kubernetes service cluster to a later Kubernetes version to protect against
known vulnerabilities in your current Kubernetes version. Vulnerability CVE-2019-9946
has been patched in Kubernetes versions 1.11.9+, 1.12.7+, 1.13.5+, and 1.14.0+","metadata":{"category":"Security
Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.13.4","1.13.3","1.13.2","1.13.1","1.13.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.12.6","1.12.5","1.12.4","1.12.3","1.12.2","1.12.1","1.12.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.11.8","1.11.7","1.11.6","1.11.5","1.11.4","1.11.3","1.11.2","1.11.1","1.11.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.10.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.9.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.8.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.7.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.6.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.5.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.4.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.3.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.2.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.1.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.0.*"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","type":"Microsoft.Authorization/policyDefinitions","name":"fb893a29-21bb-418c-a157-e99480ec364c"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.13.4","1.13.3","1.13.2","1.13.1","1.13.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.12.6","1.12.5","1.12.4","1.12.3","1.12.2","1.12.1","1.12.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.11.8","1.11.7","1.11.6","1.11.5","1.11.4","1.11.3","1.11.2","1.11.1","1.11.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.10.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.9.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.8.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.7.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.6.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.5.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.4.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.3.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.2.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.1.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.0.*"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","type":"Microsoft.Authorization/policyDefinitions","name":"fb893a29-21bb-418c-a157-e99480ec364c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1075 - Access Control For Mobile Devices | Full Device / Container-Based Encryption","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1075"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fc933d22-04df-48ed-8f87-22a3773d4309","type":"Microsoft.Authorization/policyDefinitions","name":"fc933d22-04df-48ed-8f87-22a3773d4309"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Microsoft Network Client''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -10746,7 +17452,35 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - Microsoft Network Client''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkClient","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fcbc55c9-f25a-4e55-a6cb-33acb3be778b","type":"Microsoft.Authorization/policyDefinitions","name":"fcbc55c9-f25a-4e55-a6cb-33acb3be778b"},{"properties":{"displayName":"Show
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkClient","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fcbc55c9-f25a-4e55-a6cb-33acb3be778b","type":"Microsoft.Authorization/policyDefinitions","name":"fcbc55c9-f25a-4e55-a6cb-33acb3be778b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1318 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1318"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fced5fda-3bdb-4d73-bfea-0e2c80428b66","type":"Microsoft.Authorization/policyDefinitions","name":"fced5fda-3bdb-4d73-bfea-0e2c80428b66"},{"properties":{"displayName":"Microsoft
+ Managed Control 1543 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1543"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd00b778-b5b5-49c0-a994-734ea7bd3624","type":"Microsoft.Authorization/policyDefinitions","name":"fd00b778-b5b5-49c0-a994-734ea7bd3624"},{"properties":{"displayName":"Microsoft
+ Managed Control 1707 - Security Alerts, Advisories, And Directives | Automated
+ Alerts And Advisories","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1707"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd4a2ac8-868a-4702-a345-6c896c3361ce","type":"Microsoft.Authorization/policyDefinitions","name":"fd4a2ac8-868a-4702-a345-6c896c3361ce"},{"properties":{"displayName":"Microsoft
+ Managed Control 1299 - Identification And Authentication Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1299"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd4e54f7-9ab0-4bae-b6cc-457809948a89","type":"Microsoft.Authorization/policyDefinitions","name":"fd4e54f7-9ab0-4bae-b6cc-457809948a89"},{"properties":{"displayName":"Microsoft
+ Managed Control 1627 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1627"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd73310d-76fc-422d-bda4-3a077149f179","type":"Microsoft.Authorization/policyDefinitions","name":"fd73310d-76fc-422d-bda4-3a077149f179"},{"properties":{"displayName":"Microsoft
+ Managed Control 1130 - Time Stamps | Synchronization With Authoritative Time
+ Source","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1130"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd7c4c1d-51ee-4349-9dab-89a7f8c8d102","type":"Microsoft.Authorization/policyDefinitions","name":"fd7c4c1d-51ee-4349-9dab-89a7f8c8d102"},{"properties":{"displayName":"Microsoft
+ Managed Control 1611 - Developer-Provided Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1611"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f","type":"Microsoft.Authorization/policyDefinitions","name":"fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1405 - Maintenance Tools | Inspect Tools","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1405"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b","type":"Microsoft.Authorization/policyDefinitions","name":"fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1613 - Developer Security Architecture And Design","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1613"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fe2ad78b-8748-4bff-a924-f74dfca93f30","type":"Microsoft.Authorization/policyDefinitions","name":"fe2ad78b-8748-4bff-a924-f74dfca93f30"},{"properties":{"displayName":"Show
audit results from Linux VMs that do not have the specified applications installed","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
@@ -10756,8 +17490,20 @@ interactions:
on your SQL databases should be remediated","policyType":"BuiltIn","mode":"Indexed","description":"Monitor
Vulnerability Assessment scan results and recommendations for how to remediate
database vulnerabilities.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Sql/servers/databases","Microsoft.Sql/managedinstances/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"sqlVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","type":"Microsoft.Authorization/policyDefinitions","name":"feedbf84-6b99-488c-acc2-71c829aa5ffc"},{"properties":{"displayName":"[Limited
- Preview]: Ensure containers listen only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Sql/servers/databases","Microsoft.Sql/managedinstances/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"sqlVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","type":"Microsoft.Authorization/policyDefinitions","name":"feedbf84-6b99-488c-acc2-71c829aa5ffc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1407 - Maintenance Tools | Prevent Unauthorized Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1407"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ff9fbd83-1d8d-4b41-aac2-94cb44b33976","type":"Microsoft.Authorization/policyDefinitions","name":"ff9fbd83-1d8d-4b41-aac2-94cb44b33976"},{"properties":{"displayName":"Microsoft
+ Managed Control 1158 - Security Authorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1158"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fff50cf2-28eb-45b4-b378-c99412688907","type":"Microsoft.Authorization/policyDefinitions","name":"fff50cf2-28eb-45b4-b378-c99412688907"},{"properties":{"displayName":"[Preview]:
+ Manage certificate validity period","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the maximum validity period for certificates in months.","metadata":{"category":"Key
+ Vault","preview":true},"parameters":{"maximumValidityInMonths":{"type":"Integer","metadata":{"displayName":"The
+ maximum validity in months","description":"The limit to how long a certificate
+ may be valid for. Certificates with lengthy validity periods aren''t best
+ practice."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/properties.validityInMonths","greater":"[parameters(''maximumValidityInMonths'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560","type":"Microsoft.Authorization/policyDefinitions","name":"0a075868-4c26-42ef-914c-5bc007359560"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Ensure containers listen only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces containers to listen only on allowed ports in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
@@ -10765,8 +17511,25 @@ interactions:
service"},"parameters":{"allowedContainerPortsRegex":{"type":"String","metadata":{"displayName":"Allowed
container ports regex","description":"Regex representing container ports allowed
in Kubernetes cluster. E.g. Regex for allowing ports 443,446 is ^(443|446)$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerAllowedPorts","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-allowed-ports/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedContainerPortsRegex":"[parameters(''allowedContainerPortsRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f636243-1b1c-4d50-880f-310f6199f2cb","type":"Microsoft.Authorization/policyDefinitions","name":"0f636243-1b1c-4d50-880f-310f6199f2cb"},{"properties":{"displayName":"[Limited
- Preview]: Enforce labels on pods in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerAllowedPorts","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-allowed-ports/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedContainerPortsRegex":"[parameters(''allowedContainerPortsRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f636243-1b1c-4d50-880f-310f6199f2cb","type":"Microsoft.Authorization/policyDefinitions","name":"0f636243-1b1c-4d50-880f-310f6199f2cb"},{"properties":{"displayName":"[Preview]:
+ Manage allowed certificate key types","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the allowed key types for certificates.","metadata":{"category":"Key
+ Vault","preview":true},"parameters":{"allowedKeyTypes":{"type":"Array","metadata":{"displayName":"Allowed
+ key types","description":"The list of allowed certificate key types."},"allowedValues":["RSA","RSA-HSM","EC","EC-HSM"],"defaultValue":["RSA","RSA-HSM"]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType","notIn":"[parameters(''allowedKeyTypes'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f","type":"Microsoft.Authorization/policyDefinitions","name":"1151cede-290b-4ba0-8b38-0ad145ac888f"},{"properties":{"displayName":"[Preview]:
+ Manage certificate lifetime action triggers","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the configuration for certificate lifetime action triggers
+ before certificate expiration.","metadata":{"category":"Key Vault","preview":true},"parameters":{"maximumPercentageLife":{"type":"Integer","metadata":{"displayName":"The
+ maximum lifetime percentage","description":"Enter the percentage of lifetime
+ of the certificate when you want to trigger the policy action. For example,
+ to trigger a policy action at 80% of the certificate''s valid life, enter
+ ''80''."}},"minimumDaysBeforeExpiry":{"type":"Integer","metadata":{"displayName":"The
+ minimum days before expiry","description":"Enter the days before expiration
+ of the certificate when you want to trigger the policy action. For example,
+ to trigger a policy action 90 days before the certificate''s expiration, enter
+ ''90''."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.daysBeforeExpiry","exists":"True"},{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.daysBeforeExpiry","less":"[parameters(''minimumDaysBeforeExpiry'')]"}]},{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.lifetimePercentage","exists":"True"},{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.lifetimePercentage","greater":"[parameters(''maximumPercentageLife'')]"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417","type":"Microsoft.Authorization/policyDefinitions","name":"12ef42cb-9903-4e39-9c26-422d29570417"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Enforce labels on pods in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces the specified labels are provided for pods in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
@@ -10774,8 +17537,20 @@ interactions:
service"},"parameters":{"commaSeparatedListOfLabels":{"type":"String","metadata":{"displayName":"Comma-separated
list of labels","description":"A comma-separated list of labels to be specified
on Pods in Kubernetes cluster. E.g. test1,test2"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"PodEnforceLabels","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/pod-enforce-labels/limited-preview/gatekeeperpolicy.rego","policyParameters":{"commaSeparatedListOfLabels":"[parameters(''commaSeparatedListOfLabels'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16c6ca72-89d2-4798-b87e-496f9de7fcb7","type":"Microsoft.Authorization/policyDefinitions","name":"16c6ca72-89d2-4798-b87e-496f9de7fcb7"},{"properties":{"displayName":"[Limited
- Preview]: Ensure services listen only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"PodEnforceLabels","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/pod-enforce-labels/limited-preview/gatekeeperpolicy.rego","policyParameters":{"commaSeparatedListOfLabels":"[parameters(''commaSeparatedListOfLabels'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16c6ca72-89d2-4798-b87e-496f9de7fcb7","type":"Microsoft.Authorization/policyDefinitions","name":"16c6ca72-89d2-4798-b87e-496f9de7fcb7"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Enforce HTTPS ingress in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces HTTPS ingress in a Kubernetes cluster. For instructions on
+ using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-https-only/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-https-only/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d","type":"Microsoft.Authorization/policyDefinitions","name":"1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Ensure services listen only on allowed ports in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces services to listen only on allowed ports in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"allowedServicePortsList":{"type":"Array","metadata":{"displayName":"Allowed
+ service ports list","description":"The list of service ports allowed in a
+ Kubernetes cluster."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/service-allowed-ports/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/service-allowed-ports/constraint.yaml","values":{"allowedServicePorts":"[parameters(''allowedServicePortsList'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/233a2a17-77ca-4fb1-9b6b-69223d272a44","type":"Microsoft.Authorization/policyDefinitions","name":"233a2a17-77ca-4fb1-9b6b-69223d272a44"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Ensure services listen only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces services to listen only on allowed ports in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
@@ -10784,14 +17559,34 @@ interactions:
service ports regex","description":"Regex representing service ports allowed
in Kubernetes cluster. E.g. Regex for allowing ports 443,446 is ^(443|446)$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ServiceAllowedPorts","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/service-allowed-ports/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedServicePortsRegex":"[parameters(''allowedServicePortsRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/25dee3db-6ce0-4c02-ab5d-245887b24077","type":"Microsoft.Authorization/policyDefinitions","name":"25dee3db-6ce0-4c02-ab5d-245887b24077"},{"properties":{"displayName":"[Limited
- Preview]: Enforce HTTPS ingress in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ Preview]: [AKS] Enforce HTTPS ingress in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces HTTPS ingress in an Azure Kubernetes Service cluster. Limited
Preview policies only work for registered subscriptions. To register, please
go to https://aka.ms/akspolicyonboarding. For instruction on using this policy,
please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"HttpsIngressOnly","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-https-only/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fbff515-eecc-4b7e-9b63-fcc7138b7dc3","type":"Microsoft.Authorization/policyDefinitions","name":"2fbff515-eecc-4b7e-9b63-fcc7138b7dc3"},{"properties":{"displayName":"[Limited
- Preview]: Ensure only allowed container images in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"HttpsIngressOnly","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-https-only/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fbff515-eecc-4b7e-9b63-fcc7138b7dc3","type":"Microsoft.Authorization/policyDefinitions","name":"2fbff515-eecc-4b7e-9b63-fcc7138b7dc3"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Enforce internal load balancers in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces load balancers do not have public IPs in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/load-balancer-no-public-ips/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/load-balancer-no-public-ips/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e","type":"Microsoft.Authorization/policyDefinitions","name":"3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Ensure containers listen only on allowed ports in Kubernetes
+ cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces containers to listen only on allowed ports in a Kubernetes
+ cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"allowedContainerPortsList":{"type":"Array","metadata":{"displayName":"Allowed
+ container ports list","description":"The list of container ports allowed in
+ a Kubernetes cluster."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-ports/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-ports/constraint.yaml","values":{"allowedContainerPorts":"[parameters(''allowedContainerPortsList'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/440b515e-a580-421e-abeb-b159a61ddcbc","type":"Microsoft.Authorization/policyDefinitions","name":"440b515e-a580-421e-abeb-b159a61ddcbc"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Enforce labels on pods in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces the specified labels are provided for pods in a Kubernetes
+ cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"labelsList":{"type":"Array","metadata":{"displayName":"List
+ of labels","description":"The list of labels to be specified on Pods in a
+ Kubernetes cluster."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/pod-enforce-labels/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/pod-enforce-labels/constraint.yaml","values":{"labels":"[parameters(''labelsList'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/46592696-4c7b-4bf3-9e45-6c2763bdc0a6","type":"Microsoft.Authorization/policyDefinitions","name":"46592696-4c7b-4bf3-9e45-6c2763bdc0a6"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Ensure only allowed container images in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy ensures only allowed container images are running in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
@@ -10801,43 +17596,104 @@ interactions:
allowed in Kubernetes cluster. E.g. Regex of azure container registry images
is ^.+azurecr.io/.+$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerAllowedImages","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-allowed-images/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedContainerImagesRegex":"[parameters(''allowedContainerImagesRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5f86cb6e-c4da-441b-807c-44bd0cc14e66","type":"Microsoft.Authorization/policyDefinitions","name":"5f86cb6e-c4da-441b-807c-44bd0cc14e66"},{"properties":{"displayName":"[Limited
- Preview]: Do not allow privileged containers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ Preview]: [AKS] Do not allow privileged containers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy does not allow privileged containers creation in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerNoPrivilege","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-no-privilege/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ce7ac02-a5c6-45d6-8d1b-844feb1c1531","type":"Microsoft.Authorization/policyDefinitions","name":"7ce7ac02-a5c6-45d6-8d1b-844feb1c1531"},{"properties":{"displayName":"[Limited
- Preview]: Ensure CPU and memory resource limits defined on containers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerNoPrivilege","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-no-privilege/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ce7ac02-a5c6-45d6-8d1b-844feb1c1531","type":"Microsoft.Authorization/policyDefinitions","name":"7ce7ac02-a5c6-45d6-8d1b-844feb1c1531"},{"properties":{"displayName":"[Preview]:
+ Manage certificates issued by an integrated CA","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages certificates are issued by a specified key vault integrated
+ Certificate Authority.","metadata":{"category":"Key Vault","preview":true},"parameters":{"allowedCAs":{"type":"Array","metadata":{"displayName":"Allowed
+ Azure Key Vault Supported CAs","description":"The list of allowed certificate
+ authorities supported by Azure Key Vault."},"allowedValues":["DigiCert","GlobalSign"],"defaultValue":["DigiCert","GlobalSign"]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/issuer.name","notIn":"[parameters(''allowedCAs'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82","type":"Microsoft.Authorization/policyDefinitions","name":"8e826246-c976-48f6-b03e-619bb92b3d82"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Do not allow privileged containers in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy does not allow privileged containers creation in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-no-privilege/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-no-privilege/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4","type":"Microsoft.Authorization/policyDefinitions","name":"95edb821-ddaf-4404-9732-666045e056b4"},{"properties":{"displayName":"[Preview]:
+ Manage certificates issued by a non-integrated CA","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages certificates are issued by a specified non-integrated Certificate
+ Authority.","metadata":{"category":"Key Vault","preview":true},"parameters":{"caCommonName":{"type":"String","metadata":{"displayName":"The
+ common name of the certificate authority","description":"The common name (CN)
+ of the Certificate Authority (CA) provider. For example, for an issuer CN
+ = Contoso, OU = .., DC = .., you can specify Contoso"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/issuer.commonName","notContains":"[parameters(''caCommonName'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341","type":"Microsoft.Authorization/policyDefinitions","name":"a22f4a40-01d3-4c7d-8071-da157eeff341"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Ensure CPU and memory resource limits defined on containers
+ in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy ensures CPU and memory resource limits are defined on containers in
an Azure Kubernetes Service cluster. Limited Preview policies only work for
registered subscriptions. To register, please go to https://aka.ms/akspolicyonboarding.
For instruction on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerResourceLimits","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-resource-limits/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2d3ed81-8d11-4079-80a5-1faadc0024f4","type":"Microsoft.Authorization/policyDefinitions","name":"a2d3ed81-8d11-4079-80a5-1faadc0024f4"},{"properties":{"displayName":"[Limited
- Preview]: Enforce internal load balancers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ Preview]: [AKS] Enforce internal load balancers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces load balancers do not have public IPs in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"LoadBalancersInternal","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/loadbalancer-no-publicips/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a74d8f00-2fd9-4ce4-968e-0ee1eb821698","type":"Microsoft.Authorization/policyDefinitions","name":"a74d8f00-2fd9-4ce4-968e-0ee1eb821698"},{"properties":{"displayName":"[Limited
- Preview]: Enforce unique ingress hostnames across namespaces in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"LoadBalancersInternal","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/loadbalancer-no-publicips/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a74d8f00-2fd9-4ce4-968e-0ee1eb821698","type":"Microsoft.Authorization/policyDefinitions","name":"a74d8f00-2fd9-4ce4-968e-0ee1eb821698"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Enforce unique ingress hostnames across namespaces in Kubernetes
+ cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces unique ingress hostnames across namespaces in a Kubernetes
+ cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-hostnames-conflict/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-hostnames-conflict/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b2fd3e59-6390-4f2b-8247-ea676bd03e2d","type":"Microsoft.Authorization/policyDefinitions","name":"b2fd3e59-6390-4f2b-8247-ea676bd03e2d"},{"properties":{"displayName":"[Preview]:
+ Manage allowed curve names for elliptic curve cryptography certificates","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the allowed elliptic curve names for elliptic curve cryptography
+ certificates.","metadata":{"category":"Key Vault","preview":true},"parameters":{"allowedECNames":{"type":"Array","metadata":{"displayName":"Allowed
+ elliptic curve names","description":"The list of allowed curve names for elliptic
+ curve cryptography certificates."},"allowedValues":["P-256","P-256K","P-384","P-521"],"defaultValue":["P-256","P-256K","P-384","P-521"]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType","in":["EC","EC-HSM"]},{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.ellipticCurveName","notIn":"[parameters(''allowedECNames'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf","type":"Microsoft.Authorization/policyDefinitions","name":"bd78111f-4953-4367-9fd5-7e08808b54bf"},{"properties":{"displayName":"[Preview]:
+ Manage minimum key size for RSA certificates","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the minimum key size for RSA certificates.","metadata":{"category":"Key
+ Vault","preview":true},"parameters":{"minimumRSAKeySize":{"type":"Integer","metadata":{"displayName":"Minimum
+ RSA key size","description":"The minimum key size for RSA certificates."},"allowedValues":[2048,3072,4096]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType","in":["RSA","RSA-HSM"]},{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keySize","less":"[parameters(''minimumRSAKeySize'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0","type":"Microsoft.Authorization/policyDefinitions","name":"cee51871-e572-4576-855c-047c820360f0"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Enforce unique ingress hostnames across namespaces in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces unique ingress hostnames across namespaces in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"UniqueIngressHostnames","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-hostnames-conflict/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d011d9f7-ba32-4005-b727-b3d09371ca60","type":"Microsoft.Authorization/policyDefinitions","name":"d011d9f7-ba32-4005-b727-b3d09371ca60"}]}'
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"UniqueIngressHostnames","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-hostnames-conflict/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d011d9f7-ba32-4005-b727-b3d09371ca60","type":"Microsoft.Authorization/policyDefinitions","name":"d011d9f7-ba32-4005-b727-b3d09371ca60"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Ensure container CPU and memory resource limits do not exceed
+ the specified limits in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy ensures container CPU and memory resource limits are defined and do
+ not exceed the specified limits in a Kubernetes cluster. For instructions
+ on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"cpuLimit":{"type":"String","metadata":{"displayName":"Max
+ allowed CPU units","description":"The maximum CPU units allowed for a container.
+ E.g. 200m. For more information, please refer https://aka.ms/k8s-policy-pod-limits"}},"memoryLimit":{"type":"String","metadata":{"displayName":"Max
+ allowed memory bytes","description":"The maximum memory bytes allowed for
+ a container. E.g. 1Gi. For more information, please refer https://aka.ms/k8s-policy-pod-limits"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-resource-limits/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-resource-limits/constraint.yaml","values":{"cpuLimit":"[parameters(''cpuLimit'')]","memoryLimit":"[parameters(''memoryLimit'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e345eecc-fa47-480f-9e88-67dcc122b164","type":"Microsoft.Authorization/policyDefinitions","name":"e345eecc-fa47-480f-9e88-67dcc122b164"},{"properties":{"displayName":"[Preview]:
+ Manage certificates that are within a specified number of days of expiration","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages certificates that are within a specified number of days to
+ their expiration date.","metadata":{"category":"Key Vault","preview":true},"parameters":{"daysToExpire":{"type":"Integer","metadata":{"displayName":"Days
+ to expire","description":"The number of days for a certificate to expire."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/attributes.expiresOn","lessOrEquals":"[addDays(utcNow(),
+ parameters(''daysToExpire''))]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427","type":"Microsoft.Authorization/policyDefinitions","name":"f772fb64-8e40-40ad-87bc-7706e1949427"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Ensure only allowed container images in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy ensures only allowed container images are running in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"allowedContainerImagesRegex":{"type":"String","metadata":{"displayName":"Allowed
+ container images regex","description":"Regex representing container images
+ allowed in a Kubernetes cluster. E.g. Regex for azure container registry images
+ is ^.+azurecr.io/.+$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-images/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-images/constraint.yaml","values":{"allowedContainerImagesRegex":"[parameters(''allowedContainerImagesRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/febd0533-8e55-448f-b837-bd0e06f16469","type":"Microsoft.Authorization/policyDefinitions","name":"febd0533-8e55-448f-b837-bd0e06f16469"}]}'
headers:
cache-control:
- no-cache
content-length:
- - '907940'
+ - '1630719'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:17:19 GMT
+ - Fri, 06 Dec 2019 22:30:14 GMT
expires:
- '-1'
pragma:
@@ -10869,8 +17725,8 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: POST
@@ -10886,7 +17742,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:17:27 GMT
+ - Fri, 06 Dec 2019 22:30:18 GMT
expires:
- '-1'
pragma:
@@ -10918,8 +17774,8 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-resource/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
@@ -10935,7 +17791,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:17:37 GMT
+ - Fri, 06 Dec 2019 22:30:29 GMT
expires:
- '-1'
pragma:
@@ -10967,8 +17823,8 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: DELETE
@@ -10984,7 +17840,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:17:42 GMT
+ - Fri, 06 Dec 2019 22:30:32 GMT
expires:
- '-1'
location:
@@ -10992,74 +17848,15 @@ interactions:
pragma:
- no-cache
request-id:
- - 0e047624-0bcf-4dd4-aea4-381a568c88ee
- server:
- - Microsoft-IIS/10.0
+ - 4759160e-fbe1-40b0-bab0-5b2d74a26885
strict-transport-security:
- max-age=31536000; includeSubDomains
- x-aspnet-version:
- - 4.0.30319
x-ba-restapi:
- - 1.0.3.1532
+ - 1.0.3.1543
x-content-type-options:
- nosniff
x-ms-ratelimit-remaining-tenant-deletes:
- '14999'
- x-powered-by:
- - ASP.NET
- status:
- code: 202
- message: Accepted
-- request:
- body: null
- headers:
- Accept:
- - application/json
- Accept-Encoding:
- - gzip, deflate
- CommandName:
- - account management-group delete
- Connection:
- - keep-alive
- ParameterSetName:
- - -n
- User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.0.75
- method: GET
- uri: https://management.azure.com/providers/Microsoft.Management/operationResults/delete/managementGroups/cli-test-mgmt-group000002?api-version=2018-03-01-preview
- response:
- body:
- string: '{"id":"/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002","type":"/providers/Microsoft.Management/managementGroups","name":"cli-test-mgmt-group000002","status":"NotStarted"}'
- headers:
- cache-control:
- - no-cache
- content-length:
- - '208'
- content-type:
- - application/json; charset=utf-8
- date:
- - Mon, 21 Oct 2019 05:17:53 GMT
- expires:
- - '-1'
- location:
- - https://management.azure.com/providers/Microsoft.Management/operationResults/delete/managementGroups/cli-test-mgmt-group000002?api-version=2018-03-01-preview
- pragma:
- - no-cache
- request-id:
- - fd557320-fb3f-42ee-8655-82f14a19868e
- server:
- - Microsoft-IIS/10.0
- strict-transport-security:
- - max-age=31536000; includeSubDomains
- x-aspnet-version:
- - 4.0.30319
- x-ba-restapi:
- - 1.0.3.1532
- x-content-type-options:
- - nosniff
- x-powered-by:
- - ASP.NET
status:
code: 202
message: Accepted
@@ -11077,8 +17874,8 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
- azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.0.75
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-managementgroups/0.2.0 Azure-SDK-For-Python AZURECLI/2.0.77
method: GET
uri: https://management.azure.com/providers/Microsoft.Management/operationResults/delete/managementGroups/cli-test-mgmt-group000002?api-version=2018-03-01-preview
response:
@@ -11092,29 +17889,23 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 21 Oct 2019 05:18:04 GMT
+ - Fri, 06 Dec 2019 22:30:43 GMT
expires:
- '-1'
pragma:
- no-cache
request-id:
- - 823a1aca-a94d-4789-9202-81f1686ae638
- server:
- - Microsoft-IIS/10.0
+ - b9ca3cd9-a46c-4ef9-8e6c-36210d758867
strict-transport-security:
- max-age=31536000; includeSubDomains
transfer-encoding:
- chunked
vary:
- Accept-Encoding,Accept-Encoding
- x-aspnet-version:
- - 4.0.30319
x-ba-restapi:
- - 1.0.3.1532
+ - 1.0.3.1543
x-content-type-options:
- nosniff
- x-powered-by:
- - ASP.NET
status:
code: 200
message: OK
diff --git a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policyset_subscription_id.yaml b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policyset_subscription_id.yaml
index fbb74b02f19..96d2f37f790 100644
--- a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policyset_subscription_id.yaml
+++ b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policyset_subscription_id.yaml
@@ -3,8 +3,8 @@ interactions:
body: '{"properties": {"displayName": "test_policy000003", "description": "desc_for_test_policy_123",
"policyRule": {"if": {"not": {"field": "location", "in": "[parameters(''allowedLocations'')]"}},
"then": {"effect": "deny"}}, "parameters": {"allowedLocations": {"type": "array",
- "metadata": {"description": "The list of locations that can be specified when
- deploying resources", "strongType": "location", "displayName": "Allowed locations"}}}}}'
+ "metadata": {"displayName": "Allowed locations", "description": "The list of
+ locations that can be specified when deploying resources"}}}}}'
headers:
Accept:
- application/json
@@ -15,32 +15,32 @@ interactions:
Connection:
- keep-alive
Content-Length:
- - '440'
+ - '414'
Content-Type:
- application/json; charset=utf-8
ParameterSetName:
- -n --rules --params --display-name --description --subscription
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policy000003","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-06T22:45:03.3091814Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'
+ string: '{"properties":{"displayName":"test_policy000003","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T23:11:32.3665105Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ locations","description":"The list of locations that can be specified when
+ deploying resources"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'
headers:
cache-control:
- no-cache
content-length:
- - '828'
+ - '804'
content-type:
- application/json; charset=utf-8
date:
- - Fri, 06 Sep 2019 22:45:03 GMT
+ - Fri, 06 Dec 2019 23:11:32 GMT
expires:
- '-1'
pragma:
@@ -55,10 +55,11 @@ interactions:
code: 201
message: Created
- request:
- body: '{"properties": {"mode": "Microsoft.KeyVault.Data", "displayName": "test_data_policy000005",
+ body: '{"properties": {"mode": "Microsoft.DataCatalog.Data", "displayName": "test_data_policy000005",
"description": "desc_for_test_data_policy_123", "policyRule": {"if": {"field":
- "Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType", "equals":
- "RSA"}, "then": {"effect": "audit"}}}}'
+ "Microsoft.DataCatalog.Data/catalog/entity/type", "equals": "SomeEntityType"},
+ "then": {"effect": "ModifyClassifications", "details": {"classificationsToAdd":
+ ["foo"], "classificationsToRemove": ["bar"]}}}}}'
headers:
Accept:
- application/json
@@ -69,30 +70,30 @@ interactions:
Connection:
- keep-alive
Content-Length:
- - '286'
+ - '379'
Content-Type:
- application/json; charset=utf-8
ParameterSetName:
- -n --rules --mode --display-name --description --subscription
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_data_policy000005","policyType":"Custom","mode":"Microsoft.KeyVault.Data","description":"desc_for_test_data_policy_123","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-06T22:45:04.053915Z","updatedBy":null,"updatedOn":null},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType","equals":"RSA"},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-data-policy000004"}'
+ string: '{"properties":{"displayName":"test_data_policy000005","policyType":"Custom","mode":"Microsoft.DataCatalog.Data","description":"desc_for_test_data_policy_123","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T23:11:33.6963766Z","updatedBy":null,"updatedOn":null},"policyRule":{"if":{"field":"Microsoft.DataCatalog.Data/catalog/entity/type","equals":"SomeEntityType"},"then":{"effect":"ModifyClassifications","details":{"classificationsToAdd":["foo"],"classificationsToRemove":["bar"]}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-data-policy000004"}'
headers:
cache-control:
- no-cache
content-length:
- - '666'
+ - '755'
content-type:
- application/json; charset=utf-8
date:
- - Fri, 06 Sep 2019 22:45:03 GMT
+ - Fri, 06 Dec 2019 23:11:33 GMT
expires:
- '-1'
pragma:
@@ -127,24 +128,24 @@ interactions:
ParameterSetName:
- -n --definitions --display-name --description --subscription
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policyset000007","policyType":"Custom","description":"desc_for_test_policyset_123","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-06T22:45:05.9971505Z","updatedBy":null,"updatedOn":null},"policyDefinitions":[{"policyDefinitionReferenceId":"11861501872653762150","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"13574159396463637772","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000006"}'
+ string: '{"properties":{"displayName":"test_policyset000007","policyType":"Custom","description":"desc_for_test_policyset_123","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T23:11:36.1917474Z","updatedBy":null,"updatedOn":null},"policyDefinitions":[{"policyDefinitionReferenceId":"18306635568777899405","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"8275565420913215288","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000006"}'
headers:
cache-control:
- no-cache
content-length:
- - '1039'
+ - '1038'
content-type:
- application/json; charset=utf-8
date:
- - Fri, 06 Sep 2019 22:45:06 GMT
+ - Fri, 06 Dec 2019 23:11:35 GMT
expires:
- '-1'
pragma:
@@ -172,24 +173,24 @@ interactions:
ParameterSetName:
- -n --display-name --description --subscription
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policyset000007","policyType":"Custom","description":"desc_for_test_policyset_123","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-06T22:45:05.9971505Z","updatedBy":null,"updatedOn":null},"policyDefinitions":[{"policyDefinitionReferenceId":"11861501872653762150","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"13574159396463637772","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000006"}'
+ string: '{"properties":{"displayName":"test_policyset000007","policyType":"Custom","description":"desc_for_test_policyset_123","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T23:11:36.1917474Z","updatedBy":null,"updatedOn":null},"policyDefinitions":[{"policyDefinitionReferenceId":"18306635568777899405","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"8275565420913215288","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000006"}'
headers:
cache-control:
- no-cache
content-length:
- - '1039'
+ - '1038'
content-type:
- application/json; charset=utf-8
date:
- - Fri, 06 Sep 2019 22:45:06 GMT
+ - Fri, 06 Dec 2019 23:11:36 GMT
expires:
- '-1'
pragma:
@@ -210,7 +211,9 @@ interactions:
"desc_for_test_policyset_123_new", "policyDefinitions": [{"policyDefinitionId":
"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002",
"parameters": {"allowedLocations": {"value": ["australiaeast", "eastus", "japaneast",
- "westus"]}}}, {"policyDefinitionId": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]}}'
+ "westus"]}}, "policyDefinitionReferenceId": "18306635568777899405"}, {"policyDefinitionId":
+ "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004",
+ "policyDefinitionReferenceId": "8275565420913215288"}]}}'
headers:
Accept:
- application/json
@@ -221,21 +224,21 @@ interactions:
Connection:
- keep-alive
Content-Length:
- - '555'
+ - '664'
Content-Type:
- application/json; charset=utf-8
ParameterSetName:
- -n --display-name --description --subscription
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policyset000007_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-06T22:45:05.9971505Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-06T22:45:07.099992Z"},"policyDefinitions":[{"policyDefinitionReferenceId":"11861501872653762150","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"13574159396463637772","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000006"}'
+ string: '{"properties":{"displayName":"test_policyset000007_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T23:11:36.1917474Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T23:11:38.4154394Z"},"policyDefinitions":[{"policyDefinitionReferenceId":"18306635568777899405","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"8275565420913215288","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000006"}'
headers:
cache-control:
- no-cache
@@ -244,7 +247,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Fri, 06 Sep 2019 22:45:07 GMT
+ - Fri, 06 Dec 2019 23:11:37 GMT
expires:
- '-1'
pragma:
@@ -276,12 +279,12 @@ interactions:
ParameterSetName:
- --subscription
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions?api-version=2019-09-01
response:
body:
string: '{"value":[{"properties":{"displayName":"Audit Windows VMs in which
@@ -324,7 +327,11 @@ interactions:
a subset of CIS Microsoft Azure Foundations Benchmark recommendations. Additional
policies will be added in upcoming releases. For more information, please
visit https://aka.ms/cisazure-blueprint.","metadata":{"category":"Regulatory
- Compliance"},"parameters":{},"policyDefinitions":[{"policyDefinitionReferenceId":"CISv110x1x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x1m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x3CISv110x7x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x5CISv110x7x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x6CISv110x7x1CISv110x7x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x15CISv110x4x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x5m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x10m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{}},{"policyDefinitionReferenceId":"CISv110x8x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1a5bb27d-173f-493e-9568-eb56638dde4d","type":"Microsoft.Authorization/policySetDefinitions","name":"1a5bb27d-173f-493e-9568-eb56638dde4d"},{"properties":{"displayName":"[Preview]:
+ Compliance"},"parameters":{"listOfRegionsWhereNetworkWatcherShouldBeEnabled":{"type":"Array","metadata":{"displayName":"List
+ of regions where Network Watcher should be enabled","description":"To see
+ a complete list of regions use Get-AzLocation","strongType":"location"},"defaultValue":["eastus"]},"listOfApprovedVMExtensions":{"type":"Array","metadata":{"displayName":"List
+ of virtual machine extensions that are approved for use","description":"To
+ see a complete list of virtual machine extensions, use Get-AzVMExtensionImage"},"defaultValue":["AzureDiskEncryption","AzureDiskEncryptionForLinux","DependencyAgentWindows","DependencyAgentLinux","IaaSAntimalware","IaaSDiagnostics","LinuxDiagnostic","MicrosoftMonitoringAgent","NetworkWatcherAgentLinux","NetworkWatcherAgentWindows","OmsAgentForLinux","VMSnapshot","VMSnapshotLinux"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"CISv110x1x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x1m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x23","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1181c5f-672a-477a-979a-7d58aa086233","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x3CISv110x7x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x5CISv110x7x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x6CISv110x7x1CISv110x7x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x9m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x13","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x14CISv110x4x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x15CISv110x4x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x16","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x17","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x18","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x19","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x4m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x5m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x6m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x7m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x10m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x11","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x13","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x14","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e442","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x15","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e446","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x16","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e8f3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x17","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{}},{"policyDefinitionReferenceId":"CISv110x6x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfRegionsWhereNetworkWatcherShouldBeEnabled'')]"}}},{"policyDefinitionReferenceId":"CISv110x7x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","parameters":{}},{"policyDefinitionReferenceId":"CISv110x7x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432","parameters":{"approvedExtensions":{"value":"[parameters(''listOfApprovedVMExtensions'')]"}}},{"policyDefinitionReferenceId":"CISv110x8x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","parameters":{}},{"policyDefinitionReferenceId":"CISv110x8x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x3m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x3mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x4m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x4mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86d97760-d216-4d81-a3ad-163087b2b6c3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x5m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0473e7a-a1ba-4e86-afb2-e829e11b01d8","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x5mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa81768c-cb87-4ce2-bfaa-00baa10d760c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c2e7ca55-f62c-49b2-89a4-d41eb661d2f0","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x6m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10c1859c-e1a7-4df3-ab97-a487fa8059f6","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x6mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/843664e0-7563-41ee-a9cb-7522c382d2c4","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x7m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ab965db2-d2bf-4b64-8b39-c38ec8179461","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x7mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x8m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x8mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x9m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x9mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x10m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x10mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1a5bb27d-173f-493e-9568-eb56638dde4d","type":"Microsoft.Authorization/policySetDefinitions","name":"1a5bb27d-173f-493e-9568-eb56638dde4d"},{"properties":{"displayName":"[Preview]:
Enable Monitoring in Azure Security Center","policyType":"BuiltIn","description":"Monitor
all the available security recommendations in Azure Security Center. This
is the default policy for Azure Security Center.","metadata":{"category":"Security
@@ -390,7 +397,7 @@ interactions:
retention (in days) for logs in Batch accounts","description":"The required
diagnostic logs retention period in days"},"defaultValue":"365"},"metricAlertsInBatchAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Metric
alert rules should be configured on Batch accounts","description":"Enable
- or disable the monitoring of metric alerts in Batch accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"classicComputeVMsMonitoringEffect":{"type":"String","metadata":{"displayName":"Virtual
+ or disable the monitoring of metric alerts in Batch accounts","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"classicComputeVMsMonitoringEffect":{"type":"String","metadata":{"displayName":"Virtual
machines should be migrated to new Azure Resource Manager resources","description":"Enable
or disable the monitoring of classic compute VMs"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"classicStorageAccountsMonitoringEffect":{"type":"String","metadata":{"displayName":"Storage
accounts should be migrated to new Azure Resource Manager resources","description":"Enable
@@ -489,7 +496,25 @@ interactions:
debugging should be turned off for Function App","description":"Enable or
disable the monitoring of remote debugging for Function App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppDisableRemoteDebuggingMonitoringEffect":{"type":"String","metadata":{"displayName":"Remote
debugging should be turned off for Web Application","description":"Enable
- or disable the monitoring of remote debugging for Web App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppDisableWebSocketsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
+ or disable the monitoring of remote debugging for Web App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppAuditFtpsMonitoringEffect":{"type":"String","metadata":{"displayName":"FTPS
+ should be required in your API App","description":"Enable FTPS enforcement
+ for enhanced security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"functionAppAuditFtpsMonitoringEffect":{"type":"String","metadata":{"displayName":"FTPS
+ should be required in your Function App","description":"Enable FTPS enforcement
+ for enhanced security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppAuditFtpsMonitoringEffect":{"type":"String","metadata":{"displayName":"FTPS
+ should be required in your Web App","description":"Enable FTPS enforcement
+ for enhanced security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppUseManagedIdentityMonitoringEffect":{"type":"String","metadata":{"displayName":"A
+ managed identity should be used in your API App","description":"Use a managed
+ identity for enhanced authentication security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"functionAppUseManagedIdentityMonitoringEffect":{"type":"String","metadata":{"displayName":"A
+ managed identity should be used in your Function App","description":"Use a
+ managed identity for enhanced authentication security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppUseManagedIdentityMonitoringEffect":{"type":"String","metadata":{"displayName":"A
+ managed identity should be used in your Web App","description":"Use a managed
+ identity for enhanced authentication security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppRequireLatestTlsMonitoringEffect":{"type":"String","metadata":{"displayName":"Latest
+ TLS version should be used in your API App","description":"Upgrade to the
+ latest TLS version"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"functionAppRequireLatestTlsMonitoringEffect":{"type":"String","metadata":{"displayName":"Latest
+ TLS version should be used in your Function App","description":"Upgrade to
+ the latest TLS version"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppRequireLatestTlsMonitoringEffect":{"type":"String","metadata":{"displayName":"Latest
+ TLS version should be used in your Web App","description":"Upgrade to the
+ latest TLS version"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppDisableWebSocketsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
disable web sockets for API App","description":"[Deprecated] Enable or disable
the monitoring of web sockets for API App","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"functionAppDisableWebSocketsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
disable web sockets for Function App","description":"[Deprecated] Enable or
@@ -615,7 +640,11 @@ interactions:
and control over the TDE Protector, increased security with an HSM-backed
external service, and promotion of separation of duties."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"containerBenchmarkMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities
in container security configurations should be remediated","description":"Enable
- or disable container benchmark monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssEndpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{"effect":{"value":"[parameters(''vmssEndpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInIoTHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInIoTHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInIoTHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceFabricMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"accessRulesInEventHubNamespaceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","parameters":{"effect":{"value":"[parameters(''accessRulesInEventHubNamespaceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"accessRulesInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d","parameters":{"effect":{"value":"[parameters(''accessRulesInEventHubMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"useRbacRulesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{"effect":{"value":"[parameters(''useRbacRulesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInStreamAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"secureTransferToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''secureTransferToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInSqlServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInSqlServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"namespaceAuthorizationRulesInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","parameters":{"effect":{"value":"[parameters(''namespaceAuthorizationRulesInServiceBusMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceBusMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInServiceBusRetentionDays'')]"}}},{"policyDefinitionReferenceId":"clusterProtectionLevelInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{"effect":{"value":"[parameters(''clusterProtectionLevelInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInSearchServiceRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInRedisCacheMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInRedisCacheMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInLogicAppsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInLogicAppsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInLogicAppsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInKeyVaultMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInKeyVaultMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInKeyVaultRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInEventHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInEventHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeStoreMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"classicStorageAccountsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{"effect":{"value":"[parameters(''classicStorageAccountsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"classicComputeVMsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''classicComputeVMsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"metricAlertsInBatchAccountPoolDeleteStart","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","parameters":{"effect":{"value":"[parameters(''metricAlertsInBatchAccountMonitoringEffect'')]"},"metricName":{"value":"PoolDeleteStartEvent"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInBatchAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInBatchAccountMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInBatchAccountRetentionDays'')]"}}},{"policyDefinitionReferenceId":"encryptionOfAutomationAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{"effect":{"value":"[parameters(''encryptionOfAutomationAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSelectiveAppServicesMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSelectiveAppServicesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''sqlDbEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAuditingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAuditingActionsAndGroupsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingActionsAndGroupsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"SqlServerAuditingRetentionDaysMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{"effect":{"value":"[parameters(''SqlServerAuditingRetentionDaysMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnSubnetsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnSubnetsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnVirtualMachinesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemConfigurationsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{"effect":{"value":"[parameters(''systemConfigurationsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"endpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{"effect":{"value":"[parameters(''endpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"serverVulnerabilityAssessment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''serverVulnerabilityAssessmentEffect'')]"}}},{"policyDefinitionReferenceId":"webApplicationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{"effect":{"value":"[parameters(''webApplicationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''nextGenerationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''sqlDbVulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbDataClassificationMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349","parameters":{"effect":{"value":"[parameters(''sqlDbDataClassificationMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateLessThanOwnersMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{"effect":{"value":"[parameters(''identityDesignateLessThanOwnersMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateMoreThanOneOwnerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{"effect":{"value":"[parameters(''identityDesignateMoreThanOneOwnerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''apiAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{"effect":{"value":"[parameters(''functionAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''webAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''apiAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"apiAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","parameters":{"effect":{"value":"[parameters(''apiAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5","parameters":{"effect":{"value":"[parameters(''functionAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vnetEnableDDoSProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{"effect":{"value":"[parameters(''vnetEnableDDoSProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityEmailsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityEmailsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityEmailsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityEmailsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityEmailAdminsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityEmailAdminsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceRbacEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''kubernetesServiceRbacEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServicePspEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94","parameters":{"effect":{"value":"[parameters(''kubernetesServicePspEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceVersionUpToDateMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{"effect":{"value":"[parameters(''kubernetesServiceVersionUpToDateMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceAuthorizedIPRangesEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e246bcf-5f6f-4f87-bc6f-775d4712c7ea","parameters":{"effect":{"value":"[parameters(''kubernetesServiceAuthorizedIPRangesEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"threatDetectionTypesOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{"effect":{"value":"[parameters(''threatDetectionTypesOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"threatDetectionTypesOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{"effect":{"value":"[parameters(''threatDetectionTypesOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToManagementPortsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{"effect":{"value":"[parameters(''restrictAccessToManagementPortsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToAppServicesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a833ff1-d297-4a0f-9944-888428f8e0ff","parameters":{"effect":{"value":"[parameters(''restrictAccessToAppServicesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableIPForwardingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744","parameters":{"effect":{"value":"[parameters(''disableIPForwardingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"containerBenchmarkMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{"effect":{"value":"[parameters(''containerBenchmarkMonitoringEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","type":"Microsoft.Authorization/policySetDefinitions","name":"1f3afdf9-d0c9-4c3d-847f-89da613e70a8"},{"properties":{"displayName":"Audit
+ or disable container benchmark monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"ASCDependencyAgentAuditWindowsEffect":{"type":"String","metadata":{"displayName":"Audit
+ Dependency Agent for Windows VMs monitoring","description":"Enable or disable
+ Dependency Agent for Windows VMs"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"ASCDependencyAgentAuditLinuxEffect":{"type":"String","metadata":{"displayName":"Audit
+ Dependency Agent for Linux VMs monitoring","description":"Enable or disable
+ Dependency Agent for Linux VMs"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssEndpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{"effect":{"value":"[parameters(''vmssEndpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInIoTHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInIoTHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInIoTHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceFabricMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"accessRulesInEventHubNamespaceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","parameters":{"effect":{"value":"[parameters(''accessRulesInEventHubNamespaceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"accessRulesInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d","parameters":{"effect":{"value":"[parameters(''accessRulesInEventHubMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"useRbacRulesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{"effect":{"value":"[parameters(''useRbacRulesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInStreamAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"secureTransferToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''secureTransferToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInSqlServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInSqlServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"namespaceAuthorizationRulesInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","parameters":{"effect":{"value":"[parameters(''namespaceAuthorizationRulesInServiceBusMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceBusMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInServiceBusRetentionDays'')]"}}},{"policyDefinitionReferenceId":"clusterProtectionLevelInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{"effect":{"value":"[parameters(''clusterProtectionLevelInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInSearchServiceRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInRedisCacheMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInRedisCacheMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInLogicAppsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInLogicAppsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInLogicAppsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInKeyVaultMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInKeyVaultMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInKeyVaultRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInEventHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInEventHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeStoreMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"classicStorageAccountsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{"effect":{"value":"[parameters(''classicStorageAccountsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"classicComputeVMsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''classicComputeVMsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInBatchAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInBatchAccountMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInBatchAccountRetentionDays'')]"}}},{"policyDefinitionReferenceId":"encryptionOfAutomationAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{"effect":{"value":"[parameters(''encryptionOfAutomationAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSelectiveAppServicesMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSelectiveAppServicesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''sqlDbEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAuditingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAuditingActionsAndGroupsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingActionsAndGroupsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"SqlServerAuditingRetentionDaysMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{"effect":{"value":"[parameters(''SqlServerAuditingRetentionDaysMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnSubnetsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnSubnetsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnVirtualMachinesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemConfigurationsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{"effect":{"value":"[parameters(''systemConfigurationsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"endpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{"effect":{"value":"[parameters(''endpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"serverVulnerabilityAssessment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''serverVulnerabilityAssessmentEffect'')]"}}},{"policyDefinitionReferenceId":"webApplicationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{"effect":{"value":"[parameters(''webApplicationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''nextGenerationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''sqlDbVulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbDataClassificationMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349","parameters":{"effect":{"value":"[parameters(''sqlDbDataClassificationMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateLessThanOwnersMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{"effect":{"value":"[parameters(''identityDesignateLessThanOwnersMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateMoreThanOneOwnerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{"effect":{"value":"[parameters(''identityDesignateMoreThanOneOwnerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''apiAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{"effect":{"value":"[parameters(''functionAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''webAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppAuditFtpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5","parameters":{"effect":{"value":"[parameters(''apiAppAuditFtpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppAuditFtpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","parameters":{"effect":{"value":"[parameters(''webAppAuditFtpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppAuditFtpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15","parameters":{"effect":{"value":"[parameters(''functionAppAuditFtpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppUseManagedIdentityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","parameters":{"effect":{"value":"[parameters(''apiAppUseManagedIdentityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppUseManagedIdentityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332","parameters":{"effect":{"value":"[parameters(''webAppUseManagedIdentityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppUseManagedIdentityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f","parameters":{"effect":{"value":"[parameters(''functionAppUseManagedIdentityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{"effect":{"value":"[parameters(''apiAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{"effect":{"value":"[parameters(''webAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{"effect":{"value":"[parameters(''functionAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''apiAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"apiAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","parameters":{"effect":{"value":"[parameters(''apiAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5","parameters":{"effect":{"value":"[parameters(''functionAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vnetEnableDDoSProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{"effect":{"value":"[parameters(''vnetEnableDDoSProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityEmailsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityEmailsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityEmailsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityEmailsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityEmailAdminsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityEmailAdminsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceRbacEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''kubernetesServiceRbacEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServicePspEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94","parameters":{"effect":{"value":"[parameters(''kubernetesServicePspEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceVersionUpToDateMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{"effect":{"value":"[parameters(''kubernetesServiceVersionUpToDateMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceAuthorizedIPRangesEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e246bcf-5f6f-4f87-bc6f-775d4712c7ea","parameters":{"effect":{"value":"[parameters(''kubernetesServiceAuthorizedIPRangesEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"threatDetectionTypesOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{"effect":{"value":"[parameters(''threatDetectionTypesOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"threatDetectionTypesOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{"effect":{"value":"[parameters(''threatDetectionTypesOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToManagementPortsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{"effect":{"value":"[parameters(''restrictAccessToManagementPortsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToAppServicesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a833ff1-d297-4a0f-9944-888428f8e0ff","parameters":{"effect":{"value":"[parameters(''restrictAccessToAppServicesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableIPForwardingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744","parameters":{"effect":{"value":"[parameters(''disableIPForwardingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"containerBenchmarkMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{"effect":{"value":"[parameters(''containerBenchmarkMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ASCDependencyAgentAuditWindowsEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2f2ee1de-44aa-4762-b6bd-0893fc3f306d","parameters":{"effect":{"value":"[parameters(''ASCDependencyAgentAuditWindowsEffect'')]"}}},{"policyDefinitionReferenceId":"ASCDependencyAgentAuditLinuxEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/04c4380f-3fae-46e8-96c9-30193528f602","parameters":{"effect":{"value":"[parameters(''ASCDependencyAgentAuditLinuxEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","type":"Microsoft.Authorization/policySetDefinitions","name":"1f3afdf9-d0c9-4c3d-847f-89da613e70a8"},{"properties":{"displayName":"Audit
Windows VMs that do not have the specified applications installed","policyType":"BuiltIn","description":"This
initiative deploys the policy requirements and audits Windows virtual machines
that do not have the specified applications installed. For more information
@@ -631,7 +660,7 @@ interactions:
Additional policies will be added in upcoming releases. For more information,
please visit https://aka.ms/ukofficial-blueprint and https://aka.ms/uknhs-blueprint","metadata":{"category":"Regulatory
Compliance"},"parameters":{"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"List
- of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmEtcPasswdFilePermissionsAreSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnauditedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVmDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorVmVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"AuditEnablementOfEncryptionOfAutomationAccountVariables","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{}},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"AuditTheSettingOfClusterprotectionlevelPropertyToEncryptandsignInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{}},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditVMsThatDoNotUseManagedDisks","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/3937f550-eedd-4639-9c5e-294358be442e","type":"Microsoft.Authorization/policySetDefinitions","name":"3937f550-eedd-4639-9c5e-294358be442e"},{"properties":{"displayName":"[Preview]:
+ of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmEtcPasswdFilePermissionsAreSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"DeployPrerequisitesAuditLinuxVmEtcPasswdFilePermissionsAreSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnauditedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVmDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorVmVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"AuditEnablementOfEncryptionOfAutomationAccountVariables","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{}},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AuditTheSettingOfClusterprotectionlevelPropertyToEncryptandsignInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditVMsThatDoNotUseManagedDisks","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{}},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{}},{"policyDefinitionReferenceId":"AuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"AuditVulnerabilityAssessmentShouldBeEnabledOnSQLServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{}},{"policyDefinitionReferenceId":"AuditVulnerabilityAssessmentShouldBeEnabledOnSQLManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"AudtiAdvancedThreatProtectionTypesAllInSQLManagedInstanceAdvancedDataSecuritySettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{}},{"policyDefinitionReferenceId":"AudtiAdvancedThreatProtectionTypesAllInSQLServerAdvancedDataSecuritySettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{}},{"policyDefinitionReferenceId":"TheNsGsRulesForWebApplicationsOnIaaSShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"MonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"MonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"AuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"MonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingsScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/3937f550-eedd-4639-9c5e-294358be442e","type":"Microsoft.Authorization/policySetDefinitions","name":"3937f550-eedd-4639-9c5e-294358be442e"},{"properties":{"displayName":"[Preview]:
Audit SWIFT CSP-CSCF v2020 controls and deploy specific VM Extensions to support
audit requirements","policyType":"BuiltIn","description":"This initiative
includes audit and VM Extension deployment policies that address a subset
@@ -814,6 +843,196 @@ interactions:
machines with older versions on which Windows Defender Exploit Guard is not
available (such as Windows Server 2012 R2) non-compliant. Setting this value
to ''Compliant'' will make these machines compliant."},"allowedValues":["Compliant","Non-Compliant"],"defaultValue":"Non-Compliant"}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_WindowsDefenderExploitGuard","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a7a2bcf-f9be-4e35-9734-4f9657a70f1d","parameters":{"NotAvailableMachineState":{"value":"[parameters(''NotAvailableMachineState'')]"}}},{"policyDefinitionReferenceId":"Audit_WindowsDefenderExploitGuard","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/9d2fd8e6-95c8-410d-add0-43ada4241574","type":"Microsoft.Authorization/policySetDefinitions","name":"9d2fd8e6-95c8-410d-add0-43ada4241574"},{"properties":{"displayName":"Audit
+ HITRUST/HIPAA controls and deploy specific VM Extensions to support audit
+ requirements","policyType":"BuiltIn","description":"This initiative includes
+ policies that address a subset of HITRUST/HIPAA controls. Additional policies
+ will be added in upcoming releases. https://aka.ms/hipaa-blueprint","metadata":{"category":"Regulatory
+ Compliance"},"parameters":{"installedApplicationsOnWindowsVM":{"type":"String","metadata":{"displayName":"Application
+ names (supports wildcards)","description":"A semicolon-separated list of the
+ names of the applications that should be installed. e.g. ''Microsoft SQL Server
+ 2014 (64-bit); Microsoft Visual Studio Code'' or ''Microsoft SQL Server 2014*''
+ (to match any application starting with ''Microsoft SQL Server 2014'')"}},"DeployDiagnosticSettingsforNetworkSecurityGroupsstoragePrefix":{"type":"String","metadata":{"displayName":"Storage
+ Account Prefix for Regional Storage Account to deploy diagnostic settings
+ for Network Security Groups","description":"This prefix will be combined with
+ the network security group location to form the created storage account name."}},"DeployDiagnosticSettingsforNetworkSecurityGroupsrgName":{"type":"String","metadata":{"displayName":"Resource
+ Group Name for Storage Account (must exist) to deploy diagnostic settings
+ for Network Security Groups","description":"The resource group that the storage
+ account will be created in. This resource group must already exist.","strongType":"ExistingResourceGroups"}},"diagnosticsLogsInBatchAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Batch accounts should be enabled","description":"Enable or disable
+ the monitoring of diagnostic logs in Batch accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInBatchAccountRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (in days) for logs in Batch accounts","description":"The required
+ diagnostic logs retention period in days"},"defaultValue":"365"},"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect":{"type":"String","metadata":{"displayName":"SQL
+ managed instance TDE protector should be encrypted with your own key","description":"Enable
+ or disable the monitoring of Transparent Data Encryption (TDE) with your own
+ key support. TDE with your own key support provides increased transparency
+ and control over the TDE Protector, increased security with an HSM-backed
+ external service, and promotion of separation of duties."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diskEncryptionMonitoringEffect":{"type":"String","metadata":{"displayName":"Disk
+ encryption should be applied on virtual machines","description":"Enable or
+ disable the monitoring for VM disk encryption"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInSearchServiceMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Search services should be enabled","description":"Enable or disable
+ the monitoring of diagnostic logs in Azure Search service"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInSearchServiceRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (in days) of logs in Azure Search service","description":"The required
+ diagnostic logs retention period in days"},"defaultValue":"365"},"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerability
+ assessment should be enabled on your SQL managed instances","description":"Audit
+ SQL managed instances which do not have recurring vulnerability assessment
+ scans enabled. Vulnerability assessment can discover, track, and help you
+ remediate potential database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vulnerabilityAssesmentMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities
+ should be remediated by a Vulnerability Assessment solution","description":"Enable
+ or disable the detection of VM vulnerabilities by a vulnerability assessment
+ solution"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"EnableInsecureGuestLogons":{"type":"String","metadata":{"displayName":"Enable
+ insecure guest logons","description":"Specifies whether the SMB client will
+ allow insecure guest logons to an SMB server."},"defaultValue":"0"},"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain":{"type":"String","metadata":{"displayName":"Allow
+ simultaneous connections to the Internet or a Windows Domain","description":"Specify
+ whether to prevent computers from connecting to both a domain based network
+ and a non-domain based network at the same time. A value of 0 allows simultaneous
+ connections, and a value of 1 blocks them."},"defaultValue":"1"},"TurnOffMulticastNameResolution":{"type":"String","metadata":{"displayName":"Turn
+ off multicast name resolution","description":"Specifies whether LLMNR, a secondary
+ name resolution protocol that transmits using multicast over a local subnet
+ link on a single subnet, is enabled."},"defaultValue":"1"},"nextGenerationFirewallMonitoringEffect":{"type":"String","metadata":{"displayName":"Access
+ through Internet facing endpoint should be restricted","description":"Enable
+ or disable overly permissive inbound NSG rules monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect":{"type":"String","metadata":{"displayName":"SQL
+ server TDE protector should be encrypted with your own key","description":"Enable
+ or disable the monitoring of Transparent Data Encryption (TDE) with your own
+ key support. TDE with your own key support provides increased transparency
+ and control over the TDE Protector, increased security with an HSM-backed
+ external service, and promotion of separation of duties."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppDisableRemoteDebuggingMonitoringEffect":{"type":"String","metadata":{"displayName":"Remote
+ debugging should be turned off for API App","description":"Enable or disable
+ the monitoring of remote debugging for API App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"classicComputeVMsMonitoringEffect":{"type":"String","metadata":{"displayName":"Virtual
+ machines should be migrated to new Azure Resource Manager resources","description":"Enable
+ or disable the monitoring of classic compute VMs"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"disableUnrestrictedNetworkToStorageAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Audit
+ unrestricted network access to storage accounts","description":"Enable or
+ disable the monitoring of network access to storage account"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"adaptiveApplicationControlsMonitoringEffect":{"type":"String","metadata":{"displayName":"Adaptive
+ Application Controls should be enabled on virtual machines","description":"Enable
+ or disable the monitoring of application whitelisting in Azure Security Center"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"NetworkAccessRemotelyAccessibleRegistryPaths":{"type":"String","metadata":{"displayName":"Network
+ access: Remotely accessible registry paths","description":"Specifies which
+ registry paths will be accessible over the network, regardless of the users
+ or groups listed in the access control list (ACL) of the `winreg` registry
+ key."},"defaultValue":"System\\CurrentControlSet\\Control\\ProductOptions|#|System\\CurrentControlSet\\Control\\Server
+ Applications|#|Software\\Microsoft\\Windows NT\\CurrentVersion"},"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths":{"type":"String","metadata":{"displayName":"Network
+ access: Remotely accessible registry paths and sub-paths","description":"Specifies
+ which registry paths and sub-paths will be accessible over the network, regardless
+ of the users or groups listed in the access control list (ACL) of the `winreg`
+ registry key."},"defaultValue":"System\\CurrentControlSet\\Control\\Print\\Printers|#|System\\CurrentControlSet\\Services\\Eventlog|#|Software\\Microsoft\\OLAP
+ Server|#|Software\\Microsoft\\Windows NT\\CurrentVersion\\Print|#|Software\\Microsoft\\Windows
+ NT\\CurrentVersion\\Windows|#|System\\CurrentControlSet\\Control\\ContentIndex|#|System\\CurrentControlSet\\Control\\Terminal
+ Server|#|System\\CurrentControlSet\\Control\\Terminal Server\\UserConfig|#|System\\CurrentControlSet\\Control\\Terminal
+ Server\\DefaultUserConfiguration|#|Software\\Microsoft\\Windows NT\\CurrentVersion\\Perflib|#|System\\CurrentControlSet\\Services\\SysmonLog"},"NetworkAccessSharesThatCanBeAccessedAnonymously":{"type":"String","metadata":{"displayName":"Network
+ access: Shares that can be accessed anonymously","description":"Specifies
+ which network shares can be accessed by anonymous users. The default configuration
+ for this policy setting has little effect because all users have to be authenticated
+ before they can access shared resources on the server."},"defaultValue":"0"},"webAppDisableRemoteDebuggingMonitoringEffect":{"type":"String","metadata":{"displayName":"Remote
+ debugging should be turned off for Web Application","description":"Enable
+ or disable the monitoring of remote debugging for Web App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppEnforceHttpsMonitoringEffectV2":{"type":"String","metadata":{"displayName":"API
+ App should only be accessible over HTTPS V2","description":"Enable or disable
+ the monitoring of the use of HTTPS in API App V2"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"identityEnableMFAForWritePermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled accounts with write permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with write permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"jitNetworkAccessMonitoringEffect":{"type":"String","metadata":{"displayName":"Just-In-Time
+ network access control should be applied on virtual machines","description":"Enable
+ or disable the monitoring of network just In time access"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled on accounts with owner permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with owner permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"kubernetesServiceRbacEnabledMonitoringEffect":{"type":"String","metadata":{"displayName":"Role-Based
+ Access Control (RBAC) should be used on Kubernetes Services","description":"Enable
+ or disable the monitoring of Kubernetes Services without RBAC enabled"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"restrictAccessToManagementPortsMonitoringEffect":{"type":"String","metadata":{"displayName":"Management
+ ports should be closed on your virtual machines","description":"Enable or
+ disable the monitoring of open management ports on Virtual Machines"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vmssOsVulnerabilitiesMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities
+ in security configuration on your virtual machine scale sets should be remediated","description":"Enable
+ or disable virtual machine scale sets OS vulnerabilities monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInEventHubMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Event Hub should be enabled","description":"Enable or disable the
+ monitoring of diagnostic logs in Event Hub accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInEventHubRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (in days) of logs in Event Hub accounts","description":"The required
+ diagnostic logs retention period in days"},"defaultValue":"365"},"vmssSystemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"System
+ updates on virtual machine scale sets should be installed","description":"Enable
+ or disable virtual machine scale sets reporting of system updates"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInServiceFabricMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Virtual Machine Scale Sets should be enabled","description":"Enable
+ or disable the monitoring of diagnostic logs in Service Fabric"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"systemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"System
+ updates should be installed on your machines","description":"Enable or disable
+ reporting of system updates"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"DeployAzureBaselineSecurityOptionsAccountsAccountsGuestAccountStatus":{"type":"String","metadata":{"displayName":"Accounts:
+ Guest account status","description":"Specifies whether the local Guest account
+ is disabled."},"defaultValue":"0"},"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"type":"String","metadata":{"displayName":"Recovery
+ console: Allow floppy copy and access to all drives and all folders","description":"Specifies
+ whether to make the Recovery Console SET command available, which allows setting
+ of recovery console environment variables."},"defaultValue":"0"},"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"type":"String","metadata":{"displayName":"Audit:
+ Shut down system immediately if unable to log security audits","description":"Audits
+ if the system will shut down when unable to log Security events."},"defaultValue":"0"},"DeployAzureBaselineSystemAuditPoliciesDetailedTrackingAuditProcessTermination":{"type":"String","metadata":{"displayName":"Audit
+ Process Termination","description":"Specifies whether audit events are generated
+ when a process has exited. Recommended for monitoring termination of critical
+ processes."},"allowedValues":["No Auditing","Success","Failure","Success and
+ Failure"],"defaultValue":"No Auditing"},"WindowsFirewallDomainUseProfileSettings":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Use profile settings","description":"Specifies whether
+ Windows Firewall with Advanced Security uses the settings for the Domain profile
+ to filter network traffic. If you select Off, Windows Firewall with Advanced
+ Security will not use any of the firewall rules or connection security rules
+ for this profile."},"defaultValue":"1"},"WindowsFirewallDomainBehaviorForOutboundConnections":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Behavior for outbound connections","description":"Specifies
+ the behavior for outbound connections for the Domain profile that do not match
+ an outbound firewall rule. The default value of 0 means to allow connections,
+ and a value of 1 means to block connections."},"defaultValue":"0"},"WindowsFirewallDomainApplyLocalConnectionSecurityRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Apply local connection security rules","description":"Specifies
+ whether local administrators are allowed to create connection security rules
+ that apply together with connection security rules configured by Group Policy
+ for the Domain profile."},"defaultValue":"1"},"WindowsFirewallDomainApplyLocalFirewallRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Apply local firewall rules","description":"Specifies whether
+ local administrators are allowed to create local firewall rules that apply
+ together with firewall rules configured by Group Policy for the Domain profile."},"defaultValue":"1"},"WindowsFirewallDomainDisplayNotifications":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Display notifications","description":"Specifies whether
+ Windows Firewall with Advanced Security displays notifications to the user
+ when a program is blocked from receiving inbound connections, for the Domain
+ profile."},"defaultValue":"1"},"WindowsFirewallPrivateUseProfileSettings":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Use profile settings","description":"Specifies whether
+ Windows Firewall with Advanced Security uses the settings for the Private
+ profile to filter network traffic. If you select Off, Windows Firewall with
+ Advanced Security will not use any of the firewall rules or connection security
+ rules for this profile."},"defaultValue":"1"},"WindowsFirewallPrivateBehaviorForOutboundConnections":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Behavior for outbound connections","description":"Specifies
+ the behavior for outbound connections for the Private profile that do not
+ match an outbound firewall rule. The default value of 0 means to allow connections,
+ and a value of 1 means to block connections."},"defaultValue":"0"},"WindowsFirewallPrivateApplyLocalConnectionSecurityRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Apply local connection security rules","description":"Specifies
+ whether local administrators are allowed to create connection security rules
+ that apply together with connection security rules configured by Group Policy
+ for the Private profile."},"defaultValue":"1"},"WindowsFirewallPrivateApplyLocalFirewallRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Apply local firewall rules","description":"Specifies whether
+ local administrators are allowed to create local firewall rules that apply
+ together with firewall rules configured by Group Policy for the Private profile."},"defaultValue":"1"},"WindowsFirewallPrivateDisplayNotifications":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Display notifications","description":"Specifies whether
+ Windows Firewall with Advanced Security displays notifications to the user
+ when a program is blocked from receiving inbound connections, for the Private
+ profile."},"defaultValue":"1"},"WindowsFirewallPublicUseProfileSettings":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Use profile settings","description":"Specifies whether
+ Windows Firewall with Advanced Security uses the settings for the Public profile
+ to filter network traffic. If you select Off, Windows Firewall with Advanced
+ Security will not use any of the firewall rules or connection security rules
+ for this profile."},"defaultValue":"1"},"WindowsFirewallPublicBehaviorForOutboundConnections":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Behavior for outbound connections","description":"Specifies
+ the behavior for outbound connections for the Public profile that do not match
+ an outbound firewall rule. The default value of 0 means to allow connections,
+ and a value of 1 means to block connections."},"defaultValue":"0"},"WindowsFirewallPublicApplyLocalConnectionSecurityRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Apply local connection security rules","description":"Specifies
+ whether local administrators are allowed to create connection security rules
+ that apply together with connection security rules configured by Group Policy
+ for the Public profile."},"defaultValue":"1"},"WindowsFirewallPublicApplyLocalFirewallRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Apply local firewall rules","description":"Specifies whether
+ local administrators are allowed to create local firewall rules that apply
+ together with firewall rules configured by Group Policy for the Public profile."},"defaultValue":"1"},"WindowsFirewallPublicDisplayNotifications":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Display notifications","description":"Specifies whether
+ Windows Firewall with Advanced Security displays notifications to the user
+ when a program is blocked from receiving inbound connections, for the Public
+ profile."},"defaultValue":"1"},"WindowsFirewallDomainAllowUnicastResponse":{"type":"String","metadata":{"displayName":"Windows
+ Firewall: Domain: Allow unicast response","description":"Specifies whether
+ Windows Firewall with Advanced Security permits the local computer to receive
+ unicast responses to its outgoing multicast or broadcast messages; for the
+ Domain profile."},"defaultValue":"0"},"WindowsFirewallPrivateAllowUnicastResponse":{"type":"String","metadata":{"displayName":"Windows
+ Firewall: Private: Allow unicast response","description":"Specifies whether
+ Windows Firewall with Advanced Security permits the local computer to receive
+ unicast responses to its outgoing multicast or broadcast messages; for the
+ Private profile."},"defaultValue":"0"},"WindowsFirewallPublicAllowUnicastResponse":{"type":"String","metadata":{"displayName":"Windows
+ Firewall: Public: Allow unicast response","description":"Specifies whether
+ Windows Firewall with Advanced Security permits the local computer to receive
+ unicast responses to its outgoing multicast or broadcast messages; for the
+ Public profile."},"defaultValue":"1"},"CertificateThumbprints":{"type":"String","metadata":{"displayName":"Certificate
+ thumbprints","description":"A semicolon-separated list of certificate thumbprints
+ that should exist under the Trusted Root certificate store (Cert:\\LocalMachine\\Root).
+ e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"DeploydefaultMicrosoftIaaSAntimalwareextensionforWindowsServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc","parameters":{}},{"policyDefinitionReferenceId":"diagnosticsLogsInBatchAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInBatchAccountMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInBatchAccountRetentionDays'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"RequireencryptiononDataLakeStoreaccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a","parameters":{}},{"policyDefinitionReferenceId":"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"AuditSQLTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"Deploy_InstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6","parameters":{"installedApplication":{"value":"[parameters(''installedApplicationsOnWindowsVM'')]"}}},{"policyDefinitionReferenceId":"Audit_InstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9","parameters":{}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21e2995e-683e-497a-9e81-2f42ad07050a","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/498b810c-59cd-4222-9338-352ba146ccf3","parameters":{"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"value":"[parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SystemAuditPoliciesAccountManagement","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/225e937e-d32e-4713-ab74-13ce95b3519a","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SystemAuditPoliciesAccountManagement","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29","parameters":{}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SystemAuditPoliciesDetailedTracking","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9a33475-481d-4b81-9116-0bf02ffe67e8","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SystemAuditPoliciesDetailedTracking","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/42a07bbf-ffcf-459a-b4b1-30ecd118a505","parameters":{"AuditProcessTermination":{"value":"[parameters(''DeployAzureBaselineSystemAuditPoliciesDetailedTrackingAuditProcessTermination'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInSearchServiceRetentionDays'')]"}}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsMicrosoftNetworkServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6fe4ef56-7576-4dc4-8e9c-26bad4b087ce","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsMicrosoftNetworkServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86880e5c-df35-43c5-95ad-7e120635775e","parameters":{}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_AdministrativeTemplatesNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7229bd6a-693d-478a-87f0-1dc1af06f3b8","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_AdministrativeTemplatesNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/985285b7-b97a-419c-8d48-c88cc934c8d8","parameters":{"EnableInsecureGuestLogons":{"value":"[parameters(''EnableInsecureGuestLogons'')]"},"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain":{"value":"[parameters(''AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain'')]"},"TurnOffMulticastNameResolution":{"value":"[parameters(''TurnOffMulticastNameResolution'')]"}}},{"policyDefinitionReferenceId":"Deploynetworkwatcherwhenvirtualnetworksarecreated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9","parameters":{}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_WindowsFirewallProperties","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8bbd627e-4d25-4906-9a6e-3789780af3ec","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_WindowsFirewallProperties","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/909c958d-1b99-4c74-b88f-46a5c5bc34f9","parameters":{"WindowsFirewallDomainUseProfileSettings":{"value":"[parameters(''WindowsFirewallDomainUseProfileSettings'')]"},"WindowsFirewallDomainBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallDomainBehaviorForOutboundConnections'')]"},"WindowsFirewallDomainApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallDomainApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalFirewallRules'')]"},"WindowsFirewallDomainDisplayNotifications":{"value":"[parameters(''WindowsFirewallDomainDisplayNotifications'')]"},"WindowsFirewallPrivateUseProfileSettings":{"value":"[parameters(''WindowsFirewallPrivateUseProfileSettings'')]"},"WindowsFirewallPrivateBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPrivateBehaviorForOutboundConnections'')]"},"WindowsFirewallPrivateApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallPrivateApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalFirewallRules'')]"},"WindowsFirewallPrivateDisplayNotifications":{"value":"[parameters(''WindowsFirewallPrivateDisplayNotifications'')]"},"WindowsFirewallPublicUseProfileSettings":{"value":"[parameters(''WindowsFirewallPublicUseProfileSettings'')]"},"WindowsFirewallPublicBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPublicBehaviorForOutboundConnections'')]"},"WindowsFirewallPublicApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallPublicApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalFirewallRules'')]"},"WindowsFirewallPublicDisplayNotifications":{"value":"[parameters(''WindowsFirewallPublicDisplayNotifications'')]"},"WindowsFirewallDomainAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallDomainAllowUnicastResponse'')]"},"WindowsFirewallPrivateAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPrivateAllowUnicastResponse'')]"},"WindowsFirewallPublicAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPublicAllowUnicastResponse'')]"}}},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''nextGenerationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''apiAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"classicComputeVMsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''classicComputeVMsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"DeployDiagnosticSettingsforNetworkSecurityGroups","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89","parameters":{"storagePrefix":{"value":"[parameters(''DeployDiagnosticSettingsforNetworkSecurityGroupsstoragePrefix'')]"},"rgName":{"value":"[parameters(''DeployDiagnosticSettingsforNetworkSecurityGroupsrgName'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsNetworkAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30040dab-4e75-4456-8273-14b8f75d91d9","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsNetworkAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f56a3ab2-89d1-44de-ac0d-2ada5962e22a","parameters":{"NetworkAccessRemotelyAccessibleRegistryPaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPaths'')]"},"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths'')]"},"NetworkAccessSharesThatCanBeAccessedAnonymously":{"value":"[parameters(''NetworkAccessSharesThatCanBeAccessedAnonymously'')]"}}},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''webAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"AuditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"Audit_WindowsCertificateInTrustedRoot","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b9ad83-000d-4dc1-bff0-6d54533dd03f","parameters":{}},{"policyDefinitionReferenceId":"Deploy_WindowsCertificateInTrustedRoot","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/106ccbe4-a791-4f33-a44a-06796944b8d5","parameters":{"CertificateThumbprints":{"value":"[parameters(''CertificateThumbprints'')]"}}},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''apiAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceRbacEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''kubernetesServiceRbacEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b872a447-cc6f-43b9-bccf-45703cd81607","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e5b81f87-9185-4224-bf00-9f505e9f89f3","parameters":{"AccountsGuestAccountStatus":{"value":"[parameters(''DeployAzureBaselineSecurityOptionsAccountsAccountsGuestAccountStatus'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToManagementPortsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{"effect":{"value":"[parameters(''restrictAccessToManagementPortsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInEventHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInEventHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceFabricMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsRecoveryconsole","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b"},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsRecoveryconsole","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b","parameters":{"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/a169a624-5599-4385-a696-c8d643089fab","type":"Microsoft.Authorization/policySetDefinitions","name":"a169a624-5599-4385-a696-c8d643089fab"},{"properties":{"displayName":"Audit
Windows Server VMs on which Windows Serial Console is not enabled","policyType":"BuiltIn","description":"This
initiative deploys the policy requirements and audits Windows Server virtual
machines on which Windows Serial Console is not enabled. For more information
@@ -912,7 +1131,81 @@ interactions:
Analytics workspace ID for VM agent reporting"}},"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"List
of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"listOfMembersToExcludeFromWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"List
of users excluded from Windows VM Administrators group"}},"listOfMembersToIncludeInWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"List
- of users that must be included in Windows VM Administrators group"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditCORSResourceAccessRestrictionsForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentMImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVMSSVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceforVMPreviewReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdforVMreporting'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditMaximumNumberOfOwnersForASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditMinimumNumberOfOwnersForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"PreviewAudiThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVMDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorVMVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"AuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de","parameters":{}},{"policyDefinitionReferenceId":"AuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a","parameters":{}},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingsScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{}},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","parameters":{"MembersToExclude":{"value":"[parameters(''listOfMembersToExcludeFromWindowsVMAdministratorsGroup'')]"}}},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","parameters":{"MembersToInclude":{"value":"[parameters(''listOfMembersToIncludeInWindowsVMAdministratorsGroup'')]"}}},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{}},{"policyDefinitionReferenceId":"TheNsGsRulesForWebApplicationsOnIaaSShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f","type":"Microsoft.Authorization/policySetDefinitions","name":"cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f"},{"properties":{"displayName":"[Preview]:
+ of users that must be included in Windows VM Administrators group"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(2)"]},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"PreviewAuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewAuditCORSResourceAccessRestrictionsForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4"]},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentMImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVMSSVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceforVMPreviewReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdforVMreporting'')]"}},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditMaximumNumberOfOwnersForASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"PreviewAuditMinimumNumberOfOwnersForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-5"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAudiThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3","NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3","NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(2)","NIST_SP_800-53_R4_CM-7(5)","NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"PreviewMonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)","NIST_SP_800-53_R4_SC-7(3)","NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVMDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"PreviewMonitorVMVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}},"groupNames":["NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-16","NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SC-28(1)","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-16","NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SC-28(1)","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"AuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"AuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingsScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)","NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","parameters":{"MembersToExclude":{"value":"[parameters(''listOfMembersToExcludeFromWindowsVMAdministratorsGroup'')]"}},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","parameters":{"MembersToInclude":{"value":"[parameters(''listOfMembersToIncludeInWindowsVMAdministratorsGroup'')]"}},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"TheNsGsRulesForWebApplicationsOnIaaSShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1000","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ef3cc79-733e-48ed-ab6f-7bf439e9b406","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-1"]},{"policyDefinitionReferenceId":"ACF1001","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e26f8c3-4bf3-4191-b8fc-d888805101b7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-1"]},{"policyDefinitionReferenceId":"ACF1002","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/632024c2-8079-439d-a7f6-90af1d78cc65","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1003","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b68b179-3704-4ff7-b51d-7d65374d165d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1004","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c17822dc-736f-4eb4-a97d-e6be662ff835","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1005","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b626abc-26d4-4e22-9de8-3831818526b1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1006","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aae8d54c-4bce-4c04-b3aa-5b65b67caac8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1007","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17200329-bf6c-46d8-ac6d-abf4641c2add","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1008","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8356cfc6-507a-4d20-b818-08038011cd07","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1009","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b26f8610-e615-47c2-abd6-c00b2b0b503a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1010","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/784663a8-1eb0-418a-a98c-24d19bc1bb62","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1011","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7e6a54f3-883f-43d5-87c4-172dfd64a1f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1012","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/efd7b9ae-1db6-4eb6-b0fe-87e6565f9738","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1013","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fd7b917-d83b-4379-af60-51e14e316c61","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(1)"]},{"policyDefinitionReferenceId":"ACF1014","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5dee936c-8037-4df1-ab35-6635733da48c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(2)"]},{"policyDefinitionReferenceId":"ACF1015","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/544a208a-9c3f-40bc-b1d1-d7e144495c14","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(3)"]},{"policyDefinitionReferenceId":"ACF1016","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d8b43277-512e-40c3-ab00-14b3b6e72238","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(4)"]},{"policyDefinitionReferenceId":"ACF1017","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0fc3db37-e59a-48c1-84e9-1780cedb409e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(5)"]},{"policyDefinitionReferenceId":"ACF1018","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9121abf-e698-4ee9-b1cf-71ee528ff07f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1019","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a3ee9b2-3977-459c-b8ce-2db583abd9f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1020","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b291ee8-3140-4cad-beb7-568c077c78ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1021","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a3eb0a3-428d-4669-baff-20a14eb4b551","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(9)"]},{"policyDefinitionReferenceId":"ACF1022","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/411f7e2d-9a0b-4627-a0b9-1700432db47d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(10)"]},{"policyDefinitionReferenceId":"ACF1023","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e55698b6-3dea-4aa9-99b9-d8218c6ab6e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(11)"]},{"policyDefinitionReferenceId":"ACF1024","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84914fb4-12da-4c53-a341-a9fd463bed10","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)"]},{"policyDefinitionReferenceId":"ACF1025","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/adfe020d-0a97-45f4-a39c-696ef99f3a95","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)"]},{"policyDefinitionReferenceId":"ACF1026","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/55419419-c597-4cd4-b51e-009fd2266783","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(13)"]},{"policyDefinitionReferenceId":"ACF1027","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-3"]},{"policyDefinitionReferenceId":"ACF1028","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f171df5c-921b-41e9-b12b-50801c315475","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4"]},{"policyDefinitionReferenceId":"ACF1029","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4(8)"]},{"policyDefinitionReferenceId":"ACF1030","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d3531453-b869-4606-9122-29c1cd6e7ed1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4(21)"]},{"policyDefinitionReferenceId":"ACF1031","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b93a801-fe25-4574-a60d-cb22acffae00","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1032","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa85661-d618-46b8-a20f-ca40a86f0751","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1033","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48540f01-fc11-411a-b160-42807c68896e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1034","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02a5ed00-6d2e-4e97-9a98-46c32c057329","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6"]},{"policyDefinitionReferenceId":"ACF1035","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ca94b046-45e2-444f-a862-dc8ce262a516","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(1)"]},{"policyDefinitionReferenceId":"ACF1036","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a16d673-8cf0-4dcf-b1d5-9b3e114fef71","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(2)"]},{"policyDefinitionReferenceId":"ACF1037","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa4c2a3d-1294-41a3-9ada-0e540471e9fb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(3)"]},{"policyDefinitionReferenceId":"ACF1038","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26692e88-71b7-4a5f-a8ac-9f31dd05bd8e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(5)"]},{"policyDefinitionReferenceId":"ACF1039","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3a7b9de4-a8a2-4672-914d-c5f6752aa7f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"ACF1040","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/54205576-cec9-463f-ba44-b4b3f5d0a84c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"ACF1041","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b3d8d15b-627a-4219-8c96-4d16f788888b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(8)"]},{"policyDefinitionReferenceId":"ACF1042","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/319dc4f0-0fed-4ac9-8fc3-7aeddee82c07","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(9)"]},{"policyDefinitionReferenceId":"ACF1043","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/361a77f6-0f9c-4748-8eec-bc13aaaa2455","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(10)"]},{"policyDefinitionReferenceId":"ACF1044","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0abbac52-57cf-450d-8408-1208d0dd9e90","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7"]},{"policyDefinitionReferenceId":"ACF1045","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/554d2dd6-f3a8-4ad5-b66f-5ce23bd18892","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7"]},{"policyDefinitionReferenceId":"ACF1046","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b1aa965-7502-41f9-92be-3e2fe7cc392a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7(2)"]},{"policyDefinitionReferenceId":"ACF1047","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1048","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/483e7ca9-82b3-45a2-be97-b93163a0deb7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1049","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9adf7ba7-900a-4f35-8d57-9f34aafc405c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1050","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd20184c-b4ec-4ce5-8db6-6e86352d183f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-10"]},{"policyDefinitionReferenceId":"ACF1051","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7cac6ee9-b58b-40c8-a5ce-f0efc3d9b339","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11"]},{"policyDefinitionReferenceId":"ACF1052","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/027cae1c-ec3e-4492-9036-4168d540c42a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11"]},{"policyDefinitionReferenceId":"ACF1053","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7582b19c-9dba-438e-aed8-ede59ac35ba3","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11(1)"]},{"policyDefinitionReferenceId":"ACF1054","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5807e1b4-ba5e-4718-8689-a0ca05a191b2","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12"]},{"policyDefinitionReferenceId":"ACF1055","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/769efd9b-3587-4e22-90ce-65ddcd5bd969","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12(1)"]},{"policyDefinitionReferenceId":"ACF1056","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac43352f-df83-4694-8738-cfce549fd08d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12(1)"]},{"policyDefinitionReferenceId":"ACF1057","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/78255758-6d45-4bf0-a005-7016bc03b13c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-14"]},{"policyDefinitionReferenceId":"ACF1058","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/76e85d08-8fbb-4112-a1c1-93521e6a9254","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-14"]},{"policyDefinitionReferenceId":"ACF1059","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a29b5d9f-4953-4afe-b560-203a6410b6b4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17"]},{"policyDefinitionReferenceId":"ACF1060","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34a987fd-2003-45de-a120-014956581f2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17"]},{"policyDefinitionReferenceId":"ACF1061","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ac22808-a2e8-41c4-9d46-429b50738914","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"ACF1062","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4708723f-e099-4af1-bbf9-b6df7642e444","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(2)"]},{"policyDefinitionReferenceId":"ACF1063","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/593ce201-54b2-4dd0-b34f-c308005d7780","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(3)"]},{"policyDefinitionReferenceId":"ACF1064","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb4d9508-cbf0-4a3c-bb5c-6c95b159f3fb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(4)"]},{"policyDefinitionReferenceId":"ACF1065","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f87b8085-dca9-4cf1-8f7b-9822b997797c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(4)"]},{"policyDefinitionReferenceId":"ACF1066","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4455c2e8-c65d-4acf-895e-304916f90b36","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(9)"]},{"policyDefinitionReferenceId":"ACF1067","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c5e54f6-0127-44d0-8b61-f31dc8dd6190","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18"]},{"policyDefinitionReferenceId":"ACF1068","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d045bca-a0fd-452e-9f41-4ec33769717c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18"]},{"policyDefinitionReferenceId":"ACF1069","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/91c97b44-791e-46e9-bad7-ab7c4949edbb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(1)"]},{"policyDefinitionReferenceId":"ACF1070","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68f837d0-8942-4b1e-9b31-be78b247bda8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(3)"]},{"policyDefinitionReferenceId":"ACF1071","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a437f5b-9ad6-4f28-8861-de404d511ae4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(4)"]},{"policyDefinitionReferenceId":"ACF1072","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1ca29e41-34ec-4e70-aba9-6248aca18c31","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(5)"]},{"policyDefinitionReferenceId":"ACF1073","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ab55cdb0-c7dd-4bd8-ae22-a7cea7594e9c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19"]},{"policyDefinitionReferenceId":"ACF1074","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/27a69937-af92-4198-9b86-08d355c7e59a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19"]},{"policyDefinitionReferenceId":"ACF1075","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fc933d22-04df-48ed-8f87-22a3773d4309","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19(5)"]},{"policyDefinitionReferenceId":"ACF1076","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/98a4bd5f-6436-46d4-ad00-930b5b1dfed4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20"]},{"policyDefinitionReferenceId":"ACF1077","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2dad3668-797a-412e-a798-07d3849a7a79","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20"]},{"policyDefinitionReferenceId":"ACF1078","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b25faf85-8a16-4f28-8e15-d05c0072d64d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(1)"]},{"policyDefinitionReferenceId":"ACF1079","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/85c32733-7d23-4948-88da-058e2c56b60f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(1)"]},{"policyDefinitionReferenceId":"ACF1080","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/852981b4-a380-4704-aa1e-2e52d63445e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(2)"]},{"policyDefinitionReferenceId":"ACF1081","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3867f2a9-23bb-4729-851f-c3ad98580caf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-21"]},{"policyDefinitionReferenceId":"ACF1082","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24d480ef-11a0-4b1b-8e70-4e023bf2be23","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-21"]},{"policyDefinitionReferenceId":"ACF1083","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e319cb6-2ca3-4a58-ad75-e67f484e50ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1084","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d0eb15db-dd1c-4d1d-b200-b12dd6cd060c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1085","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13d117e0-38b0-4bbb-aaab-563be5dd10ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1086","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb321e6f-16a0-4be3-878f-500956e309c5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1087","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/100c82ba-42e9-4d44-a2ba-94b209248583","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-1"]},{"policyDefinitionReferenceId":"ACF1088","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d50f99d-1356-49c0-934a-45f742ba7783","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-1"]},{"policyDefinitionReferenceId":"ACF1089","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef080e67-0d1a-4f76-a0c5-fb9b0358485e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1090","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2fb740e5-cbc7-4d10-8686-d1bf826652b1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1091","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b23bd715-5d1c-4e5c-9759-9cbdf79ded9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1092","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8a29d47b-8604-4667-84ef-90d203fcb305","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2(2)"]},{"policyDefinitionReferenceId":"ACF1093","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a0bdeeb-15f4-47e8-a1da-9f769f845fdf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1094","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4b1853e0-8973-446b-b567-09d901d31a09","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1095","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc3f6f7a-057b-433e-9834-e8c97b0194f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1096","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/420c1477-aa43-49d0-bd7e-c4abdd9addff","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3(3)"]},{"policyDefinitionReferenceId":"ACF1097","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf3e4836-f19e-47eb-a8cd-c3ca150452c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3(4)"]},{"policyDefinitionReferenceId":"ACF1098","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84363adb-dde3-411a-9fc1-36b56737f822","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-4"]},{"policyDefinitionReferenceId":"ACF1099","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01910bab-8639-4bd0-84ef-cc53b24d79ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-4"]},{"policyDefinitionReferenceId":"ACF1100","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4057863c-ca7d-47eb-b1e0-503580cba8a4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-1"]},{"policyDefinitionReferenceId":"ACF1101","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7327b708-f0e0-457d-9d2a-527fcc9c9a65","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-1"]},{"policyDefinitionReferenceId":"ACF1102","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9943c16a-c54c-4b4a-ad28-bfd938cdbf57","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1103","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16feeb31-6377-437e-bbab-d7f73911896d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1104","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdd8d244-18b2-4306-a1d1-df175ae0935f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1105","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b73f57b-587d-4470-a344-0b0ae805f459","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1106","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d2b4feae-61ab-423f-a4c5-0e38ac4464d8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2(3)"]},{"policyDefinitionReferenceId":"ACF1107","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b29ed931-8e21-4779-8458-27916122a904","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3"]},{"policyDefinitionReferenceId":"ACF1108","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9ad559e-c12d-415e-9a78-e50fdd7da7ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(1)"]},{"policyDefinitionReferenceId":"ACF1109","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7d9ffa23-ad92-4d0d-b1f4-7db274cc2aec","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)"]},{"policyDefinitionReferenceId":"ACF1110","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6182bfa7-0f2a-43f5-834a-a2ddf31c13c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-4"]},{"policyDefinitionReferenceId":"ACF1111","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21de687c-f15e-4e51-bf8d-f35c8619965b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5"]},{"policyDefinitionReferenceId":"ACF1112","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d530aad8-4ee2-45f4-b234-c061dae683c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5"]},{"policyDefinitionReferenceId":"ACF1113","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/562afd61-56be-4313-8fe4-b9564aa4ba7d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5(1)"]},{"policyDefinitionReferenceId":"ACF1114","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c090801-59bc-4454-bb33-e0455133486a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5(2)"]},{"policyDefinitionReferenceId":"ACF1115","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b653845-2ad9-4e09-a4f3-5a7c1d78353d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6"]},{"policyDefinitionReferenceId":"ACF1116","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e47bc51-35d1-44b8-92af-e2f2d8b67635","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6"]},{"policyDefinitionReferenceId":"ACF1117","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7fbfe680-6dbb-4037-963c-a621c5635902","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(1)"]},{"policyDefinitionReferenceId":"ACF1118","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a96f743d-a195-420d-983a-08aa06bc441e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(3)"]},{"policyDefinitionReferenceId":"ACF1119","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/845f6359-b764-4b40-b579-657aefe23c44","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(4)"]},{"policyDefinitionReferenceId":"ACF1120","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c69b870e-857b-458b-af02-bb234f7a00d3","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(5)"]},{"policyDefinitionReferenceId":"ACF1121","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c72b0eb9-1fc2-44e5-a866-e7cb0532f7c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(6)"]},{"policyDefinitionReferenceId":"ACF1122","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/243ec95e-800c-49d4-ba52-1fdd9f6b8b57","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(7)"]},{"policyDefinitionReferenceId":"ACF1123","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03996055-37a4-45a5-8b70-3f1caa45f87d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(10)"]},{"policyDefinitionReferenceId":"ACF1124","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c10152dd-78f8-4335-ae2d-ad92cc028da4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7"]},{"policyDefinitionReferenceId":"ACF1125","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c6ce745a-670e-47d3-a6c4-3cfe5ef00c10","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7"]},{"policyDefinitionReferenceId":"ACF1126","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f37f71b-420f-49bf-9477-9c0196974ecf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7(1)"]},{"policyDefinitionReferenceId":"ACF1127","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3ce328db-aef3-48ed-9f81-2ab7cf839c66","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8"]},{"policyDefinitionReferenceId":"ACF1128","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef212163-3bc4-4e86-bcf8-705127086393","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8"]},{"policyDefinitionReferenceId":"ACF1129","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/71bb965d-4047-4623-afd4-b8189a58df5d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8(1)"]},{"policyDefinitionReferenceId":"ACF1130","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd7c4c1d-51ee-4349-9dab-89a7f8c8d102","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8(1)"]},{"policyDefinitionReferenceId":"ACF1131","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b472a17e-c2bc-493f-b50b-42d55a346962","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9"]},{"policyDefinitionReferenceId":"ACF1132","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05938e10-cdbd-4a54-9b2b-1cbcfc141ad0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(2)"]},{"policyDefinitionReferenceId":"ACF1133","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90b60a09-133d-45bc-86ef-b206a6134bbe","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(3)"]},{"policyDefinitionReferenceId":"ACF1134","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e95f70e-181c-4422-9da2-43079710c789","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(4)"]},{"policyDefinitionReferenceId":"ACF1135","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9c308b6b-2429-4b97-86cf-081b8e737b04","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-10"]},{"policyDefinitionReferenceId":"ACF1136","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/97ed5bac-a92f-4f6d-a8ed-dc094723597c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-11"]},{"policyDefinitionReferenceId":"ACF1137","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4344df62-88ab-4637-b97b-bcaf2ec97e7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1138","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9c284fc0-268a-4f29-af44-3c126674edb4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1139","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ed62522-de00-4dda-9810-5205733d2f34","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1140","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90d8b8ad-8ee3-4db7-913f-2a53fcff5316","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12(1)"]},{"policyDefinitionReferenceId":"ACF1141","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6fdefbf4-93e7-4513-bc95-c1858b7093e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12(3)"]},{"policyDefinitionReferenceId":"ACF1142","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01524fa8-4555-48ce-ba5f-c3b8dcef5147","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-1"]},{"policyDefinitionReferenceId":"ACF1143","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c6de11b-5f51-4f7c-8d83-d2467c8a816e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-1"]},{"policyDefinitionReferenceId":"ACF1144","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2fa15ff1-a693-4ee4-b094-324818dc9a51","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1145","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0724970-9c75-4a64-a225-a28002953f28","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1146","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd83410c-ecb6-4547-8f14-748c3cbdc7ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1147","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fef824a-29a8-4a4c-88fc-420a39c0d541","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1148","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28e62650-c7c2-4786-bdfa-17edc1673902","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(1)"]},{"policyDefinitionReferenceId":"ACF1149","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2e1b855b-a013-481a-aeeb-2bcb129fd35d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(2)"]},{"policyDefinitionReferenceId":"ACF1150","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d630429d-e763-40b1-8fba-d20ba7314afb","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(3)"]},{"policyDefinitionReferenceId":"ACF1151","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/347e3b69-7fb7-47df-a8ef-71a1a7b44bca","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1152","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/beff0acf-7e67-40b2-b1ca-1a0e8205cf1b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1153","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/61cf3125-142c-4754-8a16-41ab4d529635","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1154","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e757ceb9-93b3-45fe-a4f4-f43f64f1ac5a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3(3)"]},{"policyDefinitionReferenceId":"ACF1155","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d33f9f1-12d0-46ad-9fbd-8f8046694977","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3(5)"]},{"policyDefinitionReferenceId":"ACF1156","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d52e864-9a3b-41ee-8f03-520815fe5378","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-5"]},{"policyDefinitionReferenceId":"ACF1157","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/15495367-cf68-464c-bbc3-f53ca5227b7a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-5"]},{"policyDefinitionReferenceId":"ACF1158","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fff50cf2-28eb-45b4-b378-c99412688907","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1159","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0925f098-7877-450b-8ba4-d1e55f2d8795","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1160","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3e797ca6-2aa8-4333-b335-7036f1110c05","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1161","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2f8f6c6-dde4-436b-a79d-bc50e129eb3a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1162","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1163","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/961663a1-8a91-4e59-b6f5-1eee57c0f49c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1164","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0fb8d3ce-9e96-481c-9c68-88d4e3019310","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1165","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47e10916-6c9e-446b-b0bd-ff5fd439d79d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1166","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bb02733d-3cc5-4bb0-a6cd-695ba2c2272e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1167","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cbb2be76-4891-430b-95a7-ca0b0a3d1300","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1168","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82409f9e-1f32-4775-bf07-b99d53a91b06","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7(1)"]},{"policyDefinitionReferenceId":"ACF1169","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e7ba2cb3-5675-4468-8b50-8486bdd998a5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7(3)"]},{"policyDefinitionReferenceId":"ACF1170","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8b78b9b3-ee3c-48e0-a243-ed6dba5b7a12","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-8"]},{"policyDefinitionReferenceId":"ACF1171","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d4820bc-8b61-4982-9501-2123cb776c00","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-8(1)"]},{"policyDefinitionReferenceId":"ACF1172","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b43e946e-a4c8-4b92-8201-4a39331db43c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-9"]},{"policyDefinitionReferenceId":"ACF1173","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4aff9e7-2e60-46fa-86be-506b79033fc5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-9"]},{"policyDefinitionReferenceId":"ACF1174","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/42a9a714-8fbb-43ac-b115-ea12d2bd652f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-1"]},{"policyDefinitionReferenceId":"ACF1175","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6dab4254-c30d-4bb7-ae99-1d21586c063c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-1"]},{"policyDefinitionReferenceId":"ACF1176","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c30690a5-7bf3-467f-b0cd-ef5c7c7449cd","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2"]},{"policyDefinitionReferenceId":"ACF1177","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1178","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7818b8f4-47c6-441a-90ae-12ce04e99893","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1179","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3f9ce557-c8ab-4e6c-bb2c-9b8ed002c46c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1180","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/874e7880-a067-42a7-bcbe-1a340f54c8cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(2)"]},{"policyDefinitionReferenceId":"ACF1181","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21839937-d241-4fa5-95c6-b669253d9ab9","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(3)"]},{"policyDefinitionReferenceId":"ACF1182","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f34f554-da4b-4786-8d66-7915c90893da","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(7)"]},{"policyDefinitionReferenceId":"ACF1183","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5352e3e0-e63a-452e-9e5f-9c1d181cff9c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(7)"]},{"policyDefinitionReferenceId":"ACF1184","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13579d0e-0ab0-4b26-b0fb-d586f6d7ed20","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1185","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6420cd73-b939-43b7-9d99-e8688fea053c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1186","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b95ba3bd-4ded-49ea-9d10-c6f4b680813d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1187","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9f2b2f9e-4ba6-46c3-907f-66db138b6f85","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1188","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bb20548a-c926-4e4d-855c-bcddc6faf95e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1189","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ee45e02a-4140-416c-82c4-fecfea660b9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1190","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c66a3d1e-465b-4f28-9da5-aef701b59892","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1191","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f26a61b-a74d-467c-99cf-63644db144f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1192","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ebd97f7-b105-4f50-8daf-c51465991240","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1193","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f5fd629f-3075-4cae-ab53-bad65495a4ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1194","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc34667f-397e-4a65-9b72-d0358f0b6b09","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1195","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d1e1d65c-1013-4484-bd54-991332e6a0d2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1196","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e7f4ea4-dd62-44f6-8886-ac6137cf52b0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1197","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a20d2eaa-88e2-4907-96a2-8f3a05797e5c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(2)"]},{"policyDefinitionReferenceId":"ACF1198","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f56be5c3-660b-4c61-9078-f67cf072c356","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(4)"]},{"policyDefinitionReferenceId":"ACF1199","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9a08d1c-09b1-48f1-90ea-029bbdf7111e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(6)"]},{"policyDefinitionReferenceId":"ACF1200","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e98fe9d7-2ed3-44f8-93b7-24dca69783ff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-4"]},{"policyDefinitionReferenceId":"ACF1201","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7daef997-fdd3-461b-8807-a608a6dd70f1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-4(1)"]},{"policyDefinitionReferenceId":"ACF1202","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40a2a83b-74f2-4c02-ae65-f460a5d2792a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5"]},{"policyDefinitionReferenceId":"ACF1203","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9012d14-e3e6-4d7b-b926-9f37b5537066","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(1)"]},{"policyDefinitionReferenceId":"ACF1204","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f4f6750-d1ab-4a4c-8dfd-af3237682665","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(2)"]},{"policyDefinitionReferenceId":"ACF1205","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b070cab-0fb8-4e48-ad29-fc90b4c2797c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(3)"]},{"policyDefinitionReferenceId":"ACF1206","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e0de232d-02a0-4652-872d-88afb4ae5e91","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(5)"]},{"policyDefinitionReferenceId":"ACF1207","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8713a0ed-0d1e-4d10-be82-83dffb39830e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(5)"]},{"policyDefinitionReferenceId":"ACF1208","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5ea87673-d06b-456f-a324-8abcee5c159f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1209","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ce669c31-9103-4552-ae9c-cdef4e03580d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1210","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3502c968-c490-4570-8167-1476f955e9b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1211","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a8b9dc8-6b00-4701-aa96-bba3277ebf50","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1212","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/56d970ee-4efc-49c8-8a4e-5916940d784c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6(1)"]},{"policyDefinitionReferenceId":"ACF1213","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/81f11e32-a293-4a58-82cd-134af52e2318","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6(2)"]},{"policyDefinitionReferenceId":"ACF1214","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f714a4e2-b580-47b6-ae8c-f2812d3750f3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7"]},{"policyDefinitionReferenceId":"ACF1215","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88fc93e8-4745-4785-b5a5-b44bb92c44ff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7"]},{"policyDefinitionReferenceId":"ACF1216","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7894fe6a-f5cb-44c8-ba90-c3f254ff9484","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(1)"]},{"policyDefinitionReferenceId":"ACF1217","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/edea4f20-b02c-4115-be75-86c080e5c0ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(1)"]},{"policyDefinitionReferenceId":"ACF1218","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4a1d0394-b9f5-493e-9e83-563fd0ac4df8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(2)"]},{"policyDefinitionReferenceId":"ACF1219","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2a39ac75-622b-4c88-9a3f-45b7373f7ef7","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1220","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40f31a7-81e1-4130-99e5-a02ceea2a1d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1221","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22589a07-0007-486a-86ca-95355081ae2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1222","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb39e62f-6bda-4558-8088-ec03d5670914","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8"]},{"policyDefinitionReferenceId":"ACF1223","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8"]},{"policyDefinitionReferenceId":"ACF1224","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28cfa30b-7f72-47ce-ba3b-eed26c8d2c82","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(1)"]},{"policyDefinitionReferenceId":"ACF1225","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8d096fe0-f510-4486-8b4d-d17dc230980b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(2)"]},{"policyDefinitionReferenceId":"ACF1226","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c158eb1c-ae7e-4081-8057-d527140c4e0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(3)"]},{"policyDefinitionReferenceId":"ACF1227","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03b78f5e-4877-4303-b0f4-eb6583f25768","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(3)"]},{"policyDefinitionReferenceId":"ACF1228","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/39c54140-5902-4079-8bb5-ad31936fe764","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(4)"]},{"policyDefinitionReferenceId":"ACF1229","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03752212-103c-4ab8-a306-7e813022ca9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(5)"]},{"policyDefinitionReferenceId":"ACF1230","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/11158848-f679-4e9b-aa7b-9fb07d945071","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1231","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/244e0c05-cc45-4fe7-bf36-42dcf01f457d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1232","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/396ba986-eac1-4d6d-85c4-d3fda6b78272","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1233","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d79001f-95fe-45d0-8736-f217e78c1f57","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1234","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b293f881-361c-47ed-b997-bc4e2296bc0b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1235","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c49c610b-ece4-44b3-988c-2172b70d6e46","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1236","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ba3ed84-c768-4e18-b87c-34ef1aff1b57","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1237","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e80b6812-0bfa-4383-8223-cdd86a46a890","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10(1)"]},{"policyDefinitionReferenceId":"ACF1238","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1239","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0be51298-f643-4556-88af-d7db90794879","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1240","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/129eb39f-d79a-4503-84cd-92f036b5e429","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1241","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eca4d7b2-65e2-4e04-95d4-c68606b063c3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11(1)"]},{"policyDefinitionReferenceId":"ACF1242","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf3b3293-667a-445e-a722-fa0b0afc0958","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-1"]},{"policyDefinitionReferenceId":"ACF1243","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ca9a4469-d6df-4ab2-a42f-1213c396f0ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-1"]},{"policyDefinitionReferenceId":"ACF1244","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a13a8f8-c163-4b1b-8554-d63569dab937","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1245","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0e45314-57b8-4623-80cd-bbb561f59516","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1246","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/398eb61e-8111-40d5-a0c9-003df28f1753","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1247","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e666db5-b2ef-4b06-aac6-09bfce49151b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1248","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50fc602d-d8e0-444b-a039-ad138ee5deb0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1249","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d3bf4251-0818-42db-950b-afd5b25a51c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1250","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8de614d8-a8b7-4f70-a62a-6d37089a002c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1251","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e2b3730-8c14-4081-8893-19dbb5de7348","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(1)"]},{"policyDefinitionReferenceId":"ACF1252","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a328fd72-8ff5-4f96-8c9c-b30ed95db4ab","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(2)"]},{"policyDefinitionReferenceId":"ACF1253","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0afce0b3-dd9f-42bb-af28-1e4284ba8311","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(3)"]},{"policyDefinitionReferenceId":"ACF1254","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/704e136a-4fe0-427c-b829-cd69957f5d2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(4)"]},{"policyDefinitionReferenceId":"ACF1255","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3793f5e-937f-44f7-bfba-40647ef3efa0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(5)"]},{"policyDefinitionReferenceId":"ACF1256","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/232ab24b-810b-4640-9019-74a7d0d6a980","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(8)"]},{"policyDefinitionReferenceId":"ACF1257","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b958b241-4245-4bd6-bd2d-b8f0779fb543","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1258","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7814506c-382c-4d33-a142-249dd4a0dbff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1259","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d9e18f7-bad9-4d30-8806-a0c9d5e26208","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1260","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/42254fc4-2738-4128-9613-72aaa4f0d9c3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3(1)"]},{"policyDefinitionReferenceId":"ACF1261","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/65aeceb5-a59c-4cb1-8d82-9c474be5d431","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1262","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/831e510e-db41-4c72-888e-a0621ab62265","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1263","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41472613-3b05-49f6-8fe8-525af113ce17","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1264","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd280d4b-50a1-42fb-a479-ece5878acf19","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(1)"]},{"policyDefinitionReferenceId":"ACF1265","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a18adb5b-1db6-4a5b-901a-7d3797d12972","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(2)"]},{"policyDefinitionReferenceId":"ACF1266","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b4a3eb2-c25d-40bf-ad41-5094b6f59cee","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(2)"]},{"policyDefinitionReferenceId":"ACF1267","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e97ba1d-be5d-4953-8da4-0cccf28f4805","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6"]},{"policyDefinitionReferenceId":"ACF1268","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23f6e984-3053-4dfc-ab48-543b764781f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6"]},{"policyDefinitionReferenceId":"ACF1269","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/19b9439d-865d-4474-b17d-97d2702fdb66","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(1)"]},{"policyDefinitionReferenceId":"ACF1270","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53c76a39-2097-408a-b237-b279f7b4614d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(2)"]},{"policyDefinitionReferenceId":"ACF1271","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da3bfb53-9c46-4010-b3db-a7ba1296dada","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(3)"]},{"policyDefinitionReferenceId":"ACF1272","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1273","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e77fcbf2-a1e8-44f1-860e-ed6583761e65","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1274","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2aee175f-cd16-4825-939a-a85349d96210","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1275","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a23d9d53-ad2e-45ef-afd5-e6d10900a737","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(1)"]},{"policyDefinitionReferenceId":"ACF1276","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e214e563-1206-4a43-a56b-ac5880c9c571","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(2)"]},{"policyDefinitionReferenceId":"ACF1277","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dc43e829-3d50-4a0a-aa0f-428d551862aa","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(3)"]},{"policyDefinitionReferenceId":"ACF1278","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8e5ef485-9e16-4c53-a475-fbb8107eac59","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(4)"]},{"policyDefinitionReferenceId":"ACF1279","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8"]},{"policyDefinitionReferenceId":"ACF1280","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa108498-b3a8-4ffb-9e79-1107e76afad3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(1)"]},{"policyDefinitionReferenceId":"ACF1281","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8dc459b3-0e77-45af-8d71-cfd8c9654fe2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(1)"]},{"policyDefinitionReferenceId":"ACF1282","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34042a97-ec6d-4263-93d2-8c1c46823b2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(2)"]},{"policyDefinitionReferenceId":"ACF1283","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9172e76-7f56-46e9-93bf-75d69bdb5491","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(3)"]},{"policyDefinitionReferenceId":"ACF1284","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/942b3e97-6ae3-410e-a794-c9c999b97c0b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1285","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01f7726b-db54-45c2-bcb5-9bd7a43796ee","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1286","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4f9b47a-2116-4e6f-88db-4edbf22753f1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1287","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/819dc6da-289d-476e-8500-7e341ef8677d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1288","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1289","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a724864-956a-496c-b778-637cb1d762cf","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1290","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/92f85ce9-17b7-49ea-85ee-ea7271ea6b82","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1291","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(1)"]},{"policyDefinitionReferenceId":"ACF1292","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d03516cf-0293-489f-9b32-a18f2a79f836","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(2)"]},{"policyDefinitionReferenceId":"ACF1293","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/87f7cd82-2e45-4d0f-9e2f-586b0962d142","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(3)"]},{"policyDefinitionReferenceId":"ACF1294","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/49dbe627-2c1e-438c-979e-dd7a39bbf81d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(5)"]},{"policyDefinitionReferenceId":"ACF1295","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a895fbdb-204d-4302-9689-0a59dc42b3d9","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10"]},{"policyDefinitionReferenceId":"ACF1296","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e57b98a0-a011-4956-a79d-5d17ed8b8e48","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10(2)"]},{"policyDefinitionReferenceId":"ACF1297","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93fd8af1-c161-4bae-9ba9-f62731f76439","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10(4)"]},{"policyDefinitionReferenceId":"ACF1298","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1dc784b5-4895-4d27-9d40-a06b032bd1ee","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-1"]},{"policyDefinitionReferenceId":"ACF1299","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd4e54f7-9ab0-4bae-b6cc-457809948a89","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-1"]},{"policyDefinitionReferenceId":"ACF1300","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/99deec7d-5526-472e-b07c-3645a792026a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2"]},{"policyDefinitionReferenceId":"ACF1301","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"ACF1302","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09828c65-e323-422b-9774-9d5c646124da","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(2)"]},{"policyDefinitionReferenceId":"ACF1303","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/80ca0a27-918a-4604-af9e-723a27ee51e8","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(3)"]},{"policyDefinitionReferenceId":"ACF1304","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(4)"]},{"policyDefinitionReferenceId":"ACF1305","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d9166a8-1722-4b8f-847c-2cf3f2618b3d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(5)"]},{"policyDefinitionReferenceId":"ACF1306","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(8)"]},{"policyDefinitionReferenceId":"ACF1307","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84e622c8-4bed-417c-84c6-b2fb0dd73682","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(9)"]},{"policyDefinitionReferenceId":"ACF1308","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/81817e1c-5347-48dd-965a-40159d008229","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(11)"]},{"policyDefinitionReferenceId":"ACF1309","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f355d62b-39a8-4ba3-abf7-90f71cb3b000","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(12)"]},{"policyDefinitionReferenceId":"ACF1310","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/450d7ede-823d-4931-a99d-57f6a38807dc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-3"]},{"policyDefinitionReferenceId":"ACF1311","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e7568697-0c9e-4ea3-9cec-9e567d14f3c6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1312","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d6a5968-9eef-4c18-8534-376790ab7274","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1313","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36220f5b-79a1-4cdb-8c74-2d2449f9a510","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1314","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef0c8530-efd9-45b8-b753-f03083d06295","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1315","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3aa87116-f1a1-4edb-bfbf-14e036f8d454","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1316","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ce14753-66e5-465d-9841-26ef55c09c0d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4(4)"]},{"policyDefinitionReferenceId":"ACF1317","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8877f519-c166-47b7-81b7-8a8eb4ff3775","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1318","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fced5fda-3bdb-4d73-bfea-0e2c80428b66","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1319","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/66f7ae57-5560-4fc5-85c9-659f204e7a42","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1320","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6f54c732-71d4-4f93-a696-4e373eca3a77","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1321","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb627cc6-3a9d-46b5-96b7-5fca49178a37","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1322","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d1d971e-467e-4278-9633-c74c3d4fecc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1323","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abe8f70b-680f-470c-9b86-a7edfb664ecc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1324","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cfea2b3-7f77-497e-ac20-0752f2ff6eee","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1325","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1845796a-7581-49b2-ae20-443121538e19","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1326","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8605fc00-1bf5-4fb3-984e-c95cec4f231d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1327","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03188d8f-1ae5-4fe1-974d-2d7d32ef937d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1328","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f5c66fdc-3d02-4034-9db5-ba57802609de","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1329","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/498f6234-3e20-4b6a-a880-cbd646d973bd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1330","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f75cedb2-5def-4b31-973e-b69e8c7bd031","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1331","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05460fe2-301f-4ed1-8174-d62c8bb92ff4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1332","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/068260be-a5e6-4b0a-a430-cd27071c226a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1333","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3298d6bf-4bc6-4278-a95d-f7ef3ac6e594","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1334","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44bfdadc-8c2e-4c30-9c99-f005986fabcd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1335","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/382016f3-d4ba-4e15-9716-55077ec4dc2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1336","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/77f56280-e367-432a-a3b9-8ca2aa636a26","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1337","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/463e5220-3f79-4e24-a63f-343e4096cd22","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(3)"]},{"policyDefinitionReferenceId":"ACF1338","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6c59a207-6aed-41dc-83a2-e1ff66e4a4db","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(4)"]},{"policyDefinitionReferenceId":"ACF1339","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/367ae386-db7f-4167-b672-984ff86277c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(6)"]},{"policyDefinitionReferenceId":"ACF1340","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e51ff84b-e5ea-408f-b651-2ecc2933e4c6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(7)"]},{"policyDefinitionReferenceId":"ACF1341","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34cb7e92-fe4c-4826-b51e-8cd203fa5d35","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(8)"]},{"policyDefinitionReferenceId":"ACF1342","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/283a4e29-69d5-4c94-b99e-29acf003c899","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(11)"]},{"policyDefinitionReferenceId":"ACF1343","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c251a55-31eb-4e53-99c6-e9c43c393ac2","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(13)"]},{"policyDefinitionReferenceId":"ACF1344","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c895fe7-2d8e-43a2-838c-3a533a5b355e","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-6"]},{"policyDefinitionReferenceId":"ACF1345","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f86aa129-7c07-4aa4-bbf5-792d93ffd9ea","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-7"]},{"policyDefinitionReferenceId":"ACF1346","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/464dc8ce-2200-4720-87a5-dc5952924cc6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8"]},{"policyDefinitionReferenceId":"ACF1347","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/131a2706-61e9-4916-a164-00e052056462","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(1)"]},{"policyDefinitionReferenceId":"ACF1348","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/855ced56-417b-4d74-9d5f-dd1bc81e22d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(2)"]},{"policyDefinitionReferenceId":"ACF1349","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17641f70-94cd-4a5d-a613-3d1143e20e34","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(3)"]},{"policyDefinitionReferenceId":"ACF1350","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d77fd943-6ba6-4a21-ba07-22b03e347cc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(4)"]},{"policyDefinitionReferenceId":"ACF1351","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bcfb6683-05e5-4ce6-9723-c3fbe9896bdd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-1"]},{"policyDefinitionReferenceId":"ACF1352","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/518cb545-bfa8-43f8-a108-3b7d5037469a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-1"]},{"policyDefinitionReferenceId":"ACF1353","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c785ad59-f78f-44ad-9a7f-d1202318c748","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1354","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9fd92c17-163a-4511-bb96-bbb476449796","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1355","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90e01f69-3074-4de8-ade7-0fef3e7d83e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1356","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8829f8f5-e8be-441e-85c9-85b72a5d0ef3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2(1)"]},{"policyDefinitionReferenceId":"ACF1357","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e4213689-05e8-4241-9d4e-8dd1cdafd105","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2(2)"]},{"policyDefinitionReferenceId":"ACF1358","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/effbaeef-5bf4-400d-895e-ef8cbc0e64c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-3"]},{"policyDefinitionReferenceId":"ACF1359","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47bc7ea0-7d13-4f7c-a154-b903f7194253","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-3(2)"]},{"policyDefinitionReferenceId":"ACF1360","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/be5b05e7-0b82-4ebc-9eda-25e447b1a41e","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1361","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03ed3be1-7276-4452-9a5d-e4168565ac67","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1362","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5d169442-d6ef-439b-8dca-46c2c3248214","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1363","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea3e8156-89a1-45b1-8bd6-938abc79fdfd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(1)"]},{"policyDefinitionReferenceId":"ACF1364","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c615c2a-dc83-4dda-8220-abce7b50c9bc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(2)"]},{"policyDefinitionReferenceId":"ACF1365","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4116891d-72f7-46ee-911c-8056cc8dcbd5","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(3)"]},{"policyDefinitionReferenceId":"ACF1366","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06c45c30-ae44-4f0f-82be-41331da911cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(4)"]},{"policyDefinitionReferenceId":"ACF1367","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/435b2547-6374-4f87-b42d-6e8dbe6ae62a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(6)"]},{"policyDefinitionReferenceId":"ACF1368","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/465f32da-0ace-4603-8d1b-7be5a3a702de","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(8)"]},{"policyDefinitionReferenceId":"ACF1369","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/18cc35ed-a429-486d-8d59-cb47e87304ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-5"]},{"policyDefinitionReferenceId":"ACF1370","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/924e1b2d-c502-478f-bfdb-a7e09a0d5c01","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-5(1)"]},{"policyDefinitionReferenceId":"ACF1371","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9447f354-2c85-4700-93b3-ecdc6cb6a417","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6"]},{"policyDefinitionReferenceId":"ACF1372","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/25b96717-c912-4c00-9143-4e487f411726","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6"]},{"policyDefinitionReferenceId":"ACF1373","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4cca950f-c3b7-492a-8e8f-ea39663c14f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6(1)"]},{"policyDefinitionReferenceId":"ACF1374","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc5c8616-52ef-4e5e-8000-491634ed9249","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7"]},{"policyDefinitionReferenceId":"ACF1375","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/00379355-8932-4b52-b63a-3bc6daf3451a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(1)"]},{"policyDefinitionReferenceId":"ACF1376","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/493a95f3-f2e3-47d0-af02-65e6d6decc2f","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(2)"]},{"policyDefinitionReferenceId":"ACF1377","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68434bd1-e14b-4031-9edb-a4adf5f84a67","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(2)"]},{"policyDefinitionReferenceId":"ACF1378","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/97fceb70-6983-42d0-9331-18ad8253184d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1379","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9442dd2c-a07f-46cd-b55a-553b66ba47ca","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1380","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4319b7e-ea8d-42ff-8a67-ccd462972827","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1381","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e5368258-9684-4567-8126-269f34e65eab","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1382","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/841392b3-40da-4473-b328-4cde49db67b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1383","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d4558451-e16a-4d2d-a066-fe12a6282bb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1384","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/79fbc228-461c-4a45-9004-a865ca0728a7","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1385","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3e495e65-8663-49ca-9b38-9f45e800bc58","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1386","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5120193e-91fd-4f9d-bc6d-194f94734065","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1387","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3007185-3857-43a9-8237-06ca94f1084c","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1388","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c7c575a-d4c5-4f6f-bd49-dee97a8cba55","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1389","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c39e6fda-ae70-4891-a739-be7bba6d1062","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1390","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3b65b63-09ec-4cb5-8028-7dd324d10eb0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(1)"]},{"policyDefinitionReferenceId":"ACF1391","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd6ac1a1-660e-4810-baa8-74e868e2ed47","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(2)"]},{"policyDefinitionReferenceId":"ACF1392","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86dc819f-15e1-43f9-a271-41ae58d4cecc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(3)"]},{"policyDefinitionReferenceId":"ACF1393","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/731856d8-1598-4b75-92de-7d46235747c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(4)"]},{"policyDefinitionReferenceId":"ACF1394","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4db56f68-3f50-45ab-88f3-ca46f5379a94","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-1"]},{"policyDefinitionReferenceId":"ACF1395","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7207a023-a517-41c5-9df2-09d4c6845a05","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-1"]},{"policyDefinitionReferenceId":"ACF1396","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/276af98f-4ff9-4e69-99fb-c9b2452fb85f","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1397","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/391af4ab-1117-46b9-b2c7-78bbd5cd995b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1398","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/443e8f3d-b51a-45d8-95a7-18b0e42f4dc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1399","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2256e638-eb23-480f-9e15-6cf1af0a76b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1400","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a96d5098-a604-4cdf-90b1-ef6449a27424","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1401","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b78ee928-e3c1-4569-ad97-9f8c4b629847","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1402","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a560d32-8075-4fec-9615-9f7c853f4ea9","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2(2)"]},{"policyDefinitionReferenceId":"ACF1403","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/57149289-d52b-4f40-9fe6-5233c1ef80f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2(2)"]},{"policyDefinitionReferenceId":"ACF1404","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13d8f903-0cd6-449f-a172-50f6579c182b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3"]},{"policyDefinitionReferenceId":"ACF1405","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(1)"]},{"policyDefinitionReferenceId":"ACF1406","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0f5339c-9292-43aa-a0bc-d27c6b8e30aa","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(2)"]},{"policyDefinitionReferenceId":"ACF1407","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ff9fbd83-1d8d-4b41-aac2-94cb44b33976","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1408","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c5f56ac6-4bb2-4086-bc41-ad76344ba2c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1409","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d1880188-e51a-4772-b2ab-68f5e8bd27f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1410","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2596a9f-e59f-420d-9625-6e0b536348be","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1411","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/898d4fe8-f743-4333-86b7-0c9245d93e7d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1412","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3492d949-0dbb-4589-88b3-7b59601cc764","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1413","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeedddb6-6bc0-42d5-809b-80048033419d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1414","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ce63a52-e47b-4ae2-adbb-6e40d967f9e6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1415","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/61a1dd98-b259-4840-abd5-fbba7ee0da83","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1416","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/38dfd8a3-5290-4099-88b7-4081f4c4d8ae","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(2)"]},{"policyDefinitionReferenceId":"ACF1417","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7522ed84-70d5-4181-afc0-21e50b1b6d0e","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(3)"]},{"policyDefinitionReferenceId":"ACF1418","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28e633fd-284e-4ea7-88b4-02ca157ed713","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(3)"]},{"policyDefinitionReferenceId":"ACF1419","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6747bf9-2b97-45b8-b162-3c8becb9937d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(6)"]},{"policyDefinitionReferenceId":"ACF1420","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05ae08cc-a282-413b-90c7-21a2c60b8404","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1421","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e539caaa-da8c-41b8-9e1e-449851e2f7a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1422","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea556850-838d-4a37-8ce5-9d7642f95e11","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1423","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7741669e-d4f6-485a-83cb-e70ce7cbbc20","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5(1)"]},{"policyDefinitionReferenceId":"ACF1424","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf55fc87-48e1-4676-a2f8-d9a8cf993283","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5(1)"]},{"policyDefinitionReferenceId":"ACF1425","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5983d99c-f39b-4c32-a3dc-170f19f6941b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-6"]},{"policyDefinitionReferenceId":"ACF1426","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21f639bc-f42b-46b1-8f40-7a2a389c291a","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-1"]},{"policyDefinitionReferenceId":"ACF1427","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc90e44f-d83f-4bdf-900f-3d5eb4111b31","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-1"]},{"policyDefinitionReferenceId":"ACF1428","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a77fcc7-b8d8-451a-ab52-56197913c0c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-2"]},{"policyDefinitionReferenceId":"ACF1429","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b07c9b24-729e-4e85-95fc-f224d2d08a80","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-3"]},{"policyDefinitionReferenceId":"ACF1430","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f559588-5e53-4b14-a7c4-85d28ebc2234","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-3"]},{"policyDefinitionReferenceId":"ACF1431","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7173c52-2b99-4696-a576-63dd5f970ef4","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-4"]},{"policyDefinitionReferenceId":"ACF1432","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1140e542-b80d-4048-af45-3f7245be274b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-4"]},{"policyDefinitionReferenceId":"ACF1433","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b879b41-2728-41c5-ad24-9ee2c37cbe65","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1434","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c18f06b-a68d-41c3-8863-b8cd3acb5f8f","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1435","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa8d221b-d130-4637-ba16-501e666628bb","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1436","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28aab8b4-74fd-4b7c-9080-5a7be525d574","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1437","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d1eb6ed-bf13-4046-b993-b9e2aef0f76c","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5(4)"]},{"policyDefinitionReferenceId":"ACF1438","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40fcc635-52a2-4dbc-9523-80a1f4aa1de6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6"]},{"policyDefinitionReferenceId":"ACF1439","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dce72873-c5f1-47c3-9b4f-6b8207fd5a45","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6"]},{"policyDefinitionReferenceId":"ACF1440","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/881299bf-2a5b-4686-a1b2-321d33679953","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(1)"]},{"policyDefinitionReferenceId":"ACF1441","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6519d7f3-e8a2-4ff3-a935-9a9497152ad7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(2)"]},{"policyDefinitionReferenceId":"ACF1442","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f26049b-2c5a-4841-9ff3-d48a26aae475","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(3)"]},{"policyDefinitionReferenceId":"ACF1443","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cd0ec6fa-a2e7-4361-aee4-a8688659a9ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-7"]},{"policyDefinitionReferenceId":"ACF1444","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/666143df-f5e0-45bd-b554-135f0f93e44e","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-7(1)"]},{"policyDefinitionReferenceId":"ACF1445","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32d07d59-2716-4972-b37b-214a67ac4a37","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-1"]},{"policyDefinitionReferenceId":"ACF1446","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf6850fe-abba-468e-9ef4-d09ec7d983cd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-1"]},{"policyDefinitionReferenceId":"ACF1447","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9783a99-98fe-4a95-873f-29613309fe9a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1448","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/825d6494-e583-42f2-a3f2-6458e6f0004f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1449","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f784d3b0-5f2b-49b7-b9f3-00ba8653ced5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1450","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/134d7a13-ba3e-41e2-b236-91bfcfa24e01","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1451","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3f1e5a3-25c1-4476-8cb6-3955031f8e65","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1452","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82c76455-4d3f-4e09-a654-22e592107e74","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1453","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9693b564-3008-42bc-9d5d-9c7fe198c011","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1454","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ad58985d-ab32-4f99-8bd3-b7e134c90229","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1455","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/068a88d4-e520-434e-baf0-9005a8164e6a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1456","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/733ba9e3-9e7c-440a-a7aa-6196a90a2870","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1457","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f2d9d3e6-8886-4305-865d-639163e5c305","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1458","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c19ceb7-56e9-4488-8ddb-b1eb3aa6d203","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3(1)"]},{"policyDefinitionReferenceId":"ACF1459","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-4"]},{"policyDefinitionReferenceId":"ACF1460","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6f3ce1bb-4f77-4695-8355-70b08d54fdda","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-5"]},{"policyDefinitionReferenceId":"ACF1461","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aafef03e-fea8-470b-88fa-54bd1fcd7064","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1462","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9b1f3a9a-13a1-4b40-8420-36bca6fd8c02","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1463","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/59721f87-ae25-4db0-a2a4-77cc5b25d495","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1464","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41256567-1795-4684-b00b-a1308ce43cac","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6(1)"]},{"policyDefinitionReferenceId":"ACF1465","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6e41554-86b5-4537-9f7f-4fc41a1d1640","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6(4)"]},{"policyDefinitionReferenceId":"ACF1466","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d943a9c-a6f1-401f-a792-740cdb09c451","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8"]},{"policyDefinitionReferenceId":"ACF1467","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5350cbf9-8bdd-4904-b22a-e88be84ca49d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8"]},{"policyDefinitionReferenceId":"ACF1468","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/75603f96-80a1-4757-991d-5a1221765ddd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8(1)"]},{"policyDefinitionReferenceId":"ACF1469","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-9"]},{"policyDefinitionReferenceId":"ACF1470","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c89ba09f-2e0f-44d0-8095-65b05bd151ef","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1471","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7dd0e9ce-1772-41fb-a50a-99977071f916","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1472","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef869332-921d-4c28-9402-3be73e6e50c8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1473","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d7047705-d719-46a7-8bb0-76ad233eba71","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-11"]},{"policyDefinitionReferenceId":"ACF1474","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03ad326e-d7a1-44b1-9a76-e17492efc9e4","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-11(1)"]},{"policyDefinitionReferenceId":"ACF1475","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34a63848-30cf-4081-937e-ce1a1c885501","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-12"]},{"policyDefinitionReferenceId":"ACF1476","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f3c4ac2-3e35-4906-a80b-473b12a622d7","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13"]},{"policyDefinitionReferenceId":"ACF1477","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4862a63c-6c74-4a9d-a221-89af3c374503","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(1)"]},{"policyDefinitionReferenceId":"ACF1478","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f997df46-cfbb-4cc8-aac8-3fecdaf6a183","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(2)"]},{"policyDefinitionReferenceId":"ACF1479","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e327b072-281d-4f75-9c28-4216e5d72f26","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(3)"]},{"policyDefinitionReferenceId":"ACF1480","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/18a767cc-1947-4338-a240-bc058c81164f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14"]},{"policyDefinitionReferenceId":"ACF1481","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/717a1c78-a267-4f56-ac58-ee6c54dc4339","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14"]},{"policyDefinitionReferenceId":"ACF1482","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9df4277e-8c88-4d5c-9b1a-541d53d15d7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14(2)"]},{"policyDefinitionReferenceId":"ACF1483","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5cb81060-3c8a-4968-bcdc-395a1801f6c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-15"]},{"policyDefinitionReferenceId":"ACF1484","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/486b006a-3653-45e8-b41c-a052d3e05456","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-15(1)"]},{"policyDefinitionReferenceId":"ACF1485","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50301354-95d0-4a11-8af5-8039ecf6d38b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-16"]},{"policyDefinitionReferenceId":"ACF1486","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb790345-a51f-43de-934e-98dbfaf9dca5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1487","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c3371d-c30c-4f58-abd9-30b8a8199571","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1488","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d8ef30eb-a44f-47af-8524-ac19a36d41d2","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1489","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0a794f-1444-4c96-9534-e35fc8c39c91","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-18"]},{"policyDefinitionReferenceId":"ACF1490","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e61da80-0957-4892-b70c-609d5eaafb6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-1"]},{"policyDefinitionReferenceId":"ACF1491","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1571dd40-dafc-4ef4-8f55-16eba27efc7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-1"]},{"policyDefinitionReferenceId":"ACF1492","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ad5f307-e045-46f7-8214-5bdb7e973737","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1493","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22b469b3-fccf-42da-aa3b-a28e6fb113ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1494","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ed09d84-3311-4853-8b67-2b55dfa33d09","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1495","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4978d0e-a596-48e7-9f8c-bbf52554ce8d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1496","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ca96127-2f87-46ab-a4fc-0d2a786df1c8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1497","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2e3c5583-1729-4d36-8771-59c32f090a22","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2(3)"]},{"policyDefinitionReferenceId":"ACF1498","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/633988b9-cf2f-4323-8394-f0d2af9cd6e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1499","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e59671ab-9720-4ee2-9c60-170e8c82251e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1500","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9dd5b241-03cb-47d3-a5cd-4b89f9c53c92","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1501","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88817b58-8472-4f6c-81fa-58ce42b67f51","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1502","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e901375c-8f01-4ac8-9183-d5312f47fe63","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4(1)"]},{"policyDefinitionReferenceId":"ACF1503","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c1fa9c2f-d439-4ab9-8b83-81fb1934f81d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1504","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e7c35d0-12d4-4e0c-80a2-8a352537aefd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1505","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/813a10a7-3943-4fe3-8678-00dc52db5490","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1506","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f7d2ff17-d604-4dd9-b607-9ecf63f28ad2","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-1"]},{"policyDefinitionReferenceId":"ACF1507","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86ccd1bf-e7ad-4851-93ce-6ec817469c1e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-1"]},{"policyDefinitionReferenceId":"ACF1508","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/76f500cc-4bca-4583-bda1-6d084dc21086","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1509","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/70792197-9bfc-4813-905a-bd33993e327f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1510","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/79da5b09-0e7e-499e-adda-141b069c7998","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1511","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9eae324-d327-4539-9293-b48e122465f8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3"]},{"policyDefinitionReferenceId":"ACF1512","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5a8324ad-f599-429b-aaed-f9c6e8c987a8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3"]},{"policyDefinitionReferenceId":"ACF1513","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c416970d-b12b-49eb-8af4-fb144cd7c290","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3(3)"]},{"policyDefinitionReferenceId":"ACF1514","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ed5ca00-0e43-434e-a018-7aab91461ba7","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3(3)"]},{"policyDefinitionReferenceId":"ACF1515","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02dd141a-a2b2-49a7-bcbd-ca31142f6211","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1516","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da3cd269-156f-435b-b472-c3af34c032ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1517","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8f5ad423-50d6-4617-b058-69908f5586c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1518","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d58f734-c052-40e9-8b2f-a1c2bff0b815","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1519","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2f13915a-324c-4ab8-b45c-2eefeeefb098","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1520","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f2c513b-eb16-463b-b469-c10e5fa94f0a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1521","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cbddf9c-a3aa-4330-a0f5-4c0c1f1862e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4(2)"]},{"policyDefinitionReferenceId":"ACF1522","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/38b470cc-f939-4a15-80e0-9f0c74f2e2c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1523","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5577a310-2551-49c8-803b-36e0d5e55601","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1524","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/72f1cb4e-2439-4fe8-88ea-b8671ce3c268","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1525","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9be2f688-7a61-45e3-8230-e1ec93893f66","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1526","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/953e6261-a05a-44fd-8246-000e1a3edbb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1527","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2823de66-332f-4bfd-94a3-3eb036cd3b67","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1528","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/deb9797c-22f8-40e8-b342-a84003c924e6","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1529","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d74fdc92-1cb8-4a34-9978-8556425cd14c","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1530","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e8f9566-29f1-49cd-b61f-f8628a3cf993","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1531","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0643e0c-eee5-4113-8684-c608d05c5236","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1532","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2c66299-9017-4d95-8040-8bdbf7901d52","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1533","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bba2a036-fb3b-4261-b1be-a13dfb5fbcaa","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1534","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8b2b263e-cd05-4488-bcbf-4debec7a17d9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-8"]},{"policyDefinitionReferenceId":"ACF1535","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9a165d2-967d-4733-8399-1074270dae2e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-8"]},{"policyDefinitionReferenceId":"ACF1536","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e40d9de-2ad4-4cb5-8945-23143326a502","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-1"]},{"policyDefinitionReferenceId":"ACF1537","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b19454ca-0d70-42c0-acf5-ea1c1e5726d1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-1"]},{"policyDefinitionReferenceId":"ACF1538","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d7658b2-e827-49c3-a2ae-6d2bd0b45874","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1539","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aabb155f-e7a5-4896-a767-e918bfae2ee0","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1540","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f771f8cb-6642-45cc-9a15-8a41cd5c6977","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1541","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/70f6af82-7be6-44aa-9b15-8b9231b2e434","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1542","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eab340d0-3d55-4826-a0e5-feebfeb0131d","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1543","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd00b778-b5b5-49c0-a994-734ea7bd3624","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1544","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/43ced7c9-cd53-456b-b0da-2522649a4271","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1545","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3f4b171a-a56b-4328-8112-32cf7f947ee1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1546","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ce1ea7e-4038-4e53-82f4-63e8859333c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1547","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1548","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3afe6c78-6124-4d95-b85c-eb8c0c9539cb","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1549","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d6976a08-d969-4df2-bb38-29556c2eb48a","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1550","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/902908fb-25a8-4225-a3a5-5603c80066c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1551","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bbda922-0172-4095-89e6-5b4a0bf03af7","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(1)"]},{"policyDefinitionReferenceId":"ACF1552","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/43684572-e4f1-4642-af35-6b933bc506da","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(2)"]},{"policyDefinitionReferenceId":"ACF1553","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e5225fe-cdfb-4fce-9aec-0fe20dd53b62","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(3)"]},{"policyDefinitionReferenceId":"ACF1554","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10984b4e-c93e-48d7-bf20-9c03b04e9eca","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(4)"]},{"policyDefinitionReferenceId":"ACF1555","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5afa8cab-1ed7-4e40-884c-64e0ac2059cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(5)"]},{"policyDefinitionReferenceId":"ACF1556","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/391ff8b3-afed-405e-9f7d-ef2f8168d5da","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(6)"]},{"policyDefinitionReferenceId":"ACF1557","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36fbe499-f2f2-41b6-880e-52d7ea1d94a5","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(8)"]},{"policyDefinitionReferenceId":"ACF1558","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/65592b16-4367-42c5-a26e-d371be450e17","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(10)"]},{"policyDefinitionReferenceId":"ACF1559","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45692294-f074-42bd-ac54-16f1a3c07554","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-1"]},{"policyDefinitionReferenceId":"ACF1560","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e29e0915-5c2f-4d09-8806-048b749ad763","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-1"]},{"policyDefinitionReferenceId":"ACF1561","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40364c3f-c331-4e29-b1e3-2fbe998ba2f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1562","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d4142013-7964-4163-a313-a900301c2cef","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1563","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9afe2edf-232c-4fdf-8e6a-e867a5c525fd","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1564","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/157f0ef9-143f-496d-b8f9-f8c8eeaad801","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1565","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45ce2396-5c76-4654-9737-f8792ab3d26b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1566","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50ad3724-e2ac-4716-afcc-d8eabd97adb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1567","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e72edbf6-aa61-436d-a227-0f32b77194b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1568","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6a8eae8-9854-495a-ac82-d2cd3eac02a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1569","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ad2f8e61-a564-4dfd-8eaa-816f5be8cb34","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1570","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7fcf38d-bb09-4600-be7d-825046eb162a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1571","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b11c985b-f2cd-4bd7-85f4-b52426edf905","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1572","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/04f5fb00-80bb-48a9-a75b-4cb4d4c97c36","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1573","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/58c93053-7b98-4cf0-b99f-1beb985416c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1574","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f935dab-83d6-47b8-85ef-68b8584161b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1575","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93e1bb73-1b08-4dbe-9c62-8e2e92e7ec41","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(1)"]},{"policyDefinitionReferenceId":"ACF1576","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f18c885-ade3-48c5-80b1-8f9216019c18","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(2)"]},{"policyDefinitionReferenceId":"ACF1577","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d922484a-8cfc-4a6b-95a4-77d6a685407f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(8)"]},{"policyDefinitionReferenceId":"ACF1578","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45b7b644-5f91-498e-9d89-7402532d3645","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(9)"]},{"policyDefinitionReferenceId":"ACF1579","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e54c7ef-7457-430b-9a3e-ef8881d4a8e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(10)"]},{"policyDefinitionReferenceId":"ACF1580","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/854db8ac-6adf-42a0-bef3-b73f764f40b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1581","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/742b549b-7a25-465f-b83c-ea1ffb4f4e0e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1582","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cd9e2f38-259b-462c-bfad-0ad7ab4e65c5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1583","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0882d488-8e80-4466-bc0f-0cd15b6cb66d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1584","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5864522b-ff1d-4979-a9f8-58bee1fb174c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1585","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d57f8732-5cdc-4cda-8d27-ab148e1f3a55","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-8"]},{"policyDefinitionReferenceId":"ACF1586","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e3b2fbd-8f37-4766-a64d-3f37703dcb51","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1587","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32820956-9c6d-4376-934c-05cd8525be7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1588","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68ebae26-e0e0-4ecb-8379-aabf633b51e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1589","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86ec7f9b-9478-40ff-8cfd-6a0d510081a8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(1)"]},{"policyDefinitionReferenceId":"ACF1590","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf296b8c-f391-4ea4-9198-be3c9d39dd1f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(1)"]},{"policyDefinitionReferenceId":"ACF1591","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f751cdb7-fbee-406b-969b-815d367cb9b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(2)"]},{"policyDefinitionReferenceId":"ACF1592","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d01ba6c-289f-42fd-a408-494b355b6222","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(4)"]},{"policyDefinitionReferenceId":"ACF1593","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2cd0a426-b5f5-4fe0-9539-a6043cdbc6fa","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(5)"]},{"policyDefinitionReferenceId":"ACF1594","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/042ba2a1-8bb8-45f4-b080-c78cf62b90e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1595","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1e0414e7-6ef5-4182-8076-aa82fbb53341","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1596","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21e25e01-0ae0-41be-919e-04ce92b8e8b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1597","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68b250ec-2e4f-4eee-898a-117a9fda7016","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1598","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae7e1f5e-2d63-4b38-91ef-bce14151cce3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1599","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0004bbf0-5099-4179-869e-e9ffe5fb0945","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10(1)"]},{"policyDefinitionReferenceId":"ACF1600","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c53f3123-d233-44a7-930b-f40d3bfeb7d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1601","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1602","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ddae2e97-a449-499f-a1c8-aea4a7e52ec9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1603","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b909c26-162f-47ce-8e15-0c1f55632eac","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1604","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44dbba23-0b61-478e-89c7-b3084667782f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1605","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0062eb8b-dc75-4718-8ea5-9bb4a9606655","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(1)"]},{"policyDefinitionReferenceId":"ACF1606","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(2)"]},{"policyDefinitionReferenceId":"ACF1607","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/976a74cf-b192-4d35-8cab-2068f272addb","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(8)"]},{"policyDefinitionReferenceId":"ACF1608","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b73b7b3b-677c-4a2a-b949-ad4dc4acd89f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-12"]},{"policyDefinitionReferenceId":"ACF1609","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e93fa71-42ac-41a7-b177-efbfdc53c69f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-15"]},{"policyDefinitionReferenceId":"ACF1610","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9f3fb54-4222-46a1-a308-4874061f8491","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-15"]},{"policyDefinitionReferenceId":"ACF1611","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-16"]},{"policyDefinitionReferenceId":"ACF1612","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2037b3d-8b04-4171-8610-e6d4f1d08db5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1613","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fe2ad78b-8748-4bff-a924-f74dfca93f30","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1614","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8154e3b3-cc52-40be-9407-7756581d71f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1615","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f35e02aa-0a55-49f8-8811-8abfa7e6f2c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-1"]},{"policyDefinitionReferenceId":"ACF1616","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2006457a-48b3-4f7b-8d2e-1532287f9929","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-1"]},{"policyDefinitionReferenceId":"ACF1617","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a631d8f5-eb81-4f9d-9ee1-74431371e4a3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-2"]},{"policyDefinitionReferenceId":"ACF1618","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f52f89aa-4489-4ec4-950e-8c96a036baa9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-3"]},{"policyDefinitionReferenceId":"ACF1619","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c722e569-cb52-45f3-a643-836547d016e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-4"]},{"policyDefinitionReferenceId":"ACF1620","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d17c826b-1dec-43e1-a984-7b71c446649c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-5"]},{"policyDefinitionReferenceId":"ACF1621","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cb9f731-744a-4691-a481-ca77b0411538","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-6"]},{"policyDefinitionReferenceId":"ACF1622","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ecf56554-164d-499a-8d00-206b07c27bed","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1623","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02ce1b22-412a-4528-8630-c42146f917ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1624","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37d079e3-d6aa-4263-a069-dd7ac6dd9684","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1625","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9b66a4d-70a1-4b47-8fa1-289cec68c605","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(3)"]},{"policyDefinitionReferenceId":"ACF1626","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8f6bddd-6d67-439a-88d4-c5fe39a79341","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1627","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd73310d-76fc-422d-bda4-3a077149f179","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1628","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/67de62b4-a737-4781-8861-3baed3c35069","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1629","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c171b095-7756-41de-8644-a062a96043f2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1630","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3643717a-3897-4bfd-8530-c7c96b26b2a0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1631","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74ae9b8e-e7bb-4c9c-992f-c535282f7a2c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(5)"]},{"policyDefinitionReferenceId":"ACF1632","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ce9073a-77fa-48f0-96b1-87aa8e6091c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(7)"]},{"policyDefinitionReferenceId":"ACF1633","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/07557aa0-e02f-4460-9a81-8ecd2fed601a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(8)"]},{"policyDefinitionReferenceId":"ACF1634","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/292a7c44-37fa-4c68-af7c-9d836955ded2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(10)"]},{"policyDefinitionReferenceId":"ACF1635","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(12)"]},{"policyDefinitionReferenceId":"ACF1636","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7b694eed-7081-43c6-867c-41c76c961043","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(13)"]},{"policyDefinitionReferenceId":"ACF1637","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4075bedc-c62a-4635-bede-a01be89807f3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(18)"]},{"policyDefinitionReferenceId":"ACF1638","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/49b99653-32cd-405d-a135-e7d60a9aae1f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(20)"]},{"policyDefinitionReferenceId":"ACF1639","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/78e8e649-50f6-4fe3-99ac-fedc2e63b03f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(21)"]},{"policyDefinitionReferenceId":"ACF1640","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05a289ce-6a20-4b75-a0f3-dc8601b6acd0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8"]},{"policyDefinitionReferenceId":"ACF1641","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d39d4f68-7346-4133-8841-15318a714a24","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"ACF1642","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53397227-5ee3-4b23-9e5e-c8a767ce6928","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-10"]},{"policyDefinitionReferenceId":"ACF1643","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d8d492c-dd7a-46f7-a723-fa66a425b87c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12"]},{"policyDefinitionReferenceId":"ACF1644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7211477-c970-446b-b4af-062f37461147","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(1)"]},{"policyDefinitionReferenceId":"ACF1645","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/afbd0baf-ff1a-4447-a86f-088a97347c0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(2)"]},{"policyDefinitionReferenceId":"ACF1646","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/506814fa-b930-4b10-894e-a45b98c40e1a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(3)"]},{"policyDefinitionReferenceId":"ACF1647","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/791cfc15-6974-42a0-9f4c-2d4b82f4a78c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-13"]},{"policyDefinitionReferenceId":"ACF1648","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3a9eb14b-495a-4ebb-933c-ce4ef5264e32","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-15"]},{"policyDefinitionReferenceId":"ACF1649","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26d292cc-b0b8-4c29-9337-68abc758bf7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-15"]},{"policyDefinitionReferenceId":"ACF1650","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201d3740-bd16-4baf-b4b8-7cda352228b7","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-17"]},{"policyDefinitionReferenceId":"ACF1651","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6db63528-c9ba-491c-8a80-83e1e6977a50","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1652","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6998e84a-2d29-4e10-8962-76754d4f772d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1653","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1654","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a2ee16e-ab1f-414a-800b-d1608835862b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-19"]},{"policyDefinitionReferenceId":"ACF1655","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/121eab72-390e-4629-a7e2-6d6184f57c6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-19"]},{"policyDefinitionReferenceId":"ACF1656","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1cb067d5-c8b5-4113-a7ee-0a493633924b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-20"]},{"policyDefinitionReferenceId":"ACF1657","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90f01329-a100-43c2-af31-098996135d2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-20"]},{"policyDefinitionReferenceId":"ACF1658","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/063b540e-4bdc-4e7a-a569-3a42ddf22098","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-21"]},{"policyDefinitionReferenceId":"ACF1659","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/35a4102f-a778-4a2e-98c2-971056288df8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-22"]},{"policyDefinitionReferenceId":"ACF1660","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/63096613-ce83-43e5-96f4-e588e8813554","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-23"]},{"policyDefinitionReferenceId":"ACF1661","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c643c9a-1be7-4016-a5e7-e4bada052920","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-23(1)"]},{"policyDefinitionReferenceId":"ACF1662","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/165cb91f-7ea8-4ab7-beaf-8636b98c9d15","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-24"]},{"policyDefinitionReferenceId":"ACF1663","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60171210-6dde-40af-a144-bf2670518bfa","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28"]},{"policyDefinitionReferenceId":"ACF1664","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2cdf6b8-9505-4619-b579-309ba72037ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"ACF1665","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5df3a55c-8456-44d4-941e-175f79332512","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-39"]},{"policyDefinitionReferenceId":"ACF1666","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12e30ee3-61e6-4509-8302-a871e8ebb91e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-1"]},{"policyDefinitionReferenceId":"ACF1667","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d61880dc-6e38-4f2a-a30c-3406a98f8220","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-1"]},{"policyDefinitionReferenceId":"ACF1668","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fb0966e-be1d-42c3-baca-60df5c0bcc61","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1669","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48f2f62b-5743-4415-a143-288adc0e078d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1670","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c6108469-57ee-4666-af7e-79ba61c7ae0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1671","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c5bbef7-a316-415b-9b38-29753ce8e698","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1672","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b45fe972-904e-45a4-ac20-673ba027a301","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(1)"]},{"policyDefinitionReferenceId":"ACF1673","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dff0b90d-5a6f-491c-b2f8-b90aa402d844","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(2)"]},{"policyDefinitionReferenceId":"ACF1674","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93e9e233-dd0a-4bde-aea5-1371bce0e002","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(3)"]},{"policyDefinitionReferenceId":"ACF1675","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/facb66e0-1c48-478a-bed5-747a312323e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(3)"]},{"policyDefinitionReferenceId":"ACF1676","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c10fb58b-56a8-489e-9ce3-7ffe24e78e4b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1677","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4a248e1e-040f-43e5-bff2-afc3a57a3923","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1678","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd533cb0-b416-4be7-8e86-4d154824dfd7","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1679","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2cf42a28-193e-41c5-98df-7688e7ef0a88","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1680","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/399cd6ee-0e18-41db-9dea-cde3bd712f38","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"ACF1681","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12623e7e-4736-4b2e-b776-c1600f35f93a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(2)"]},{"policyDefinitionReferenceId":"ACF1682","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/62b638c5-29d7-404b-8d93-f21e4b1ce198","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(7)"]},{"policyDefinitionReferenceId":"ACF1683","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c79fee4-88dd-44ce-bbd4-4de88948c4f8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1684","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16bfdb59-db38-47a5-88a9-2e9371a638cf","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1685","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36b0ef30-366f-4b1b-8652-a3511df11f53","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1686","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e17085c5-0be8-4423-b39b-a52d3d1402e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1687","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a87fc7f-301e-49f3-ba2a-4d74f424fa97","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1688","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/063c3f09-e0f0-4587-8fd5-f4276fae675f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1689","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/de901f2f-a01a-4456-97f0-33cda7966172","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1690","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2567a23-d1c3-4783-99f3-d471302a4d6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(1)"]},{"policyDefinitionReferenceId":"ACF1691","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/71475fb4-49bd-450b-a1a5-f63894c24725","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(2)"]},{"policyDefinitionReferenceId":"ACF1692","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ecda928-9df4-4dd7-8f44-641a91e470e8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(4)"]},{"policyDefinitionReferenceId":"ACF1693","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a450eba6-2efc-4a00-846a-5804a93c6b77","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(5)"]},{"policyDefinitionReferenceId":"ACF1694","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/426c4ac9-ff17-49d0-acd7-a13c157081c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(11)"]},{"policyDefinitionReferenceId":"ACF1695","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13fcf812-ec82-4eda-9b89-498de9efd620","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(14)"]},{"policyDefinitionReferenceId":"ACF1696","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69d2a238-20ab-4206-a6dc-f302bf88b1b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(16)"]},{"policyDefinitionReferenceId":"ACF1697","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9873db2-18ad-46b3-a11a-1a1f8cbf0335","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(18)"]},{"policyDefinitionReferenceId":"ACF1698","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/31b752c1-05a9-432a-8fce-c39b56550119","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(19)"]},{"policyDefinitionReferenceId":"ACF1699","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69c7bee8-bc19-4129-a51e-65a7b39d3e7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(20)"]},{"policyDefinitionReferenceId":"ACF1700","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(22)"]},{"policyDefinitionReferenceId":"ACF1701","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f25bc08f-27cb-43b6-9a23-014d00700426","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(23)"]},{"policyDefinitionReferenceId":"ACF1702","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4dfc0855-92c4-4641-b155-a55ddd962362","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(24)"]},{"policyDefinitionReferenceId":"ACF1703","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/804faf7d-b687-40f7-9f74-79e28adf4205","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1704","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d44b6fa-1134-4ea6-ad4e-9edb68f65429","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1705","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f82e3639-fa2b-4e06-a786-932d8379b972","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1706","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f475ee0e-f560-4c9b-876b-04a77460a404","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1707","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd4a2ac8-868a-4702-a345-6c896c3361ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5(1)"]},{"policyDefinitionReferenceId":"ACF1708","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a1e2c88-13de-4959-8ee7-47e3d74f1f48","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1709","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/025992d6-7fee-4137-9bbf-2ffc39c0686c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1710","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af2a93c8-e6dd-4c94-acdd-4a2eedfc478e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1711","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b083a535-a66a-41ec-ba7f-f9498bf67cde","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1712","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44e543aa-41db-42aa-98eb-8a5eb1db53f0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7"]},{"policyDefinitionReferenceId":"ACF1713","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d87c70b-5012-48e9-994b-e70dd4b8def0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(1)"]},{"policyDefinitionReferenceId":"ACF1714","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e12494fa-b81e-4080-af71-7dbacc2da0ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(2)"]},{"policyDefinitionReferenceId":"ACF1715","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd469ae0-71a8-4adc-aafc-de6949ca3339","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(5)"]},{"policyDefinitionReferenceId":"ACF1716","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e54c325e-42a0-4dcf-b105-046e0f6f590f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(7)"]},{"policyDefinitionReferenceId":"ACF1717","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(14)"]},{"policyDefinitionReferenceId":"ACF1718","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0dced7ab-9ce5-4137-93aa-14c13e06ab17","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(14)"]},{"policyDefinitionReferenceId":"ACF1719","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c13da9b4-fe14-4fe2-853a-5997c9d4215a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8"]},{"policyDefinitionReferenceId":"ACF1720","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44b9a7cd-f36a-491a-a48b-6d04ae7c4221","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8"]},{"policyDefinitionReferenceId":"ACF1721","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8(1)"]},{"policyDefinitionReferenceId":"ACF1722","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1da06bd-25b6-4127-a301-c313d6873fff","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8(2)"]},{"policyDefinitionReferenceId":"ACF1723","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e91927a0-ac1d-44a0-95f8-5185f9dfce9f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-10"]},{"policyDefinitionReferenceId":"ACF1724","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d07594d1-0307-4c08-94db-5d71ff31f0f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-11"]},{"policyDefinitionReferenceId":"ACF1725","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/afc234b5-456b-4aa5-b3e2-ce89108124cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-11"]},{"policyDefinitionReferenceId":"ACF1726","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/baff1279-05e0-4463-9a70-8ba5de4c7aa4","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-12"]},{"policyDefinitionReferenceId":"ACF1727","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/697175a7-9715-4e89-b98b-c6f605888fa3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-16"]}],"policyDefinitionGroups":[{"name":"NIST_SP_800-53_R4_AC-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-1"},{"name":"NIST_SP_800-53_R4_AC-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-10"},{"name":"NIST_SP_800-53_R4_AC-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-11(1)"},{"name":"NIST_SP_800-53_R4_AC-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-11"},{"name":"NIST_SP_800-53_R4_AC-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-12(1)"},{"name":"NIST_SP_800-53_R4_AC-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-12"},{"name":"NIST_SP_800-53_R4_AC-14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-14"},{"name":"NIST_SP_800-53_R4_AC-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_
+ AC-16"},{"name":"NIST_SP_800-53_R4_AC-17(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(1)"},{"name":"NIST_SP_800-53_R4_AC-17(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(2)"},{"name":"NIST_SP_800-53_R4_AC-17(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(3)"},{"name":"NIST_SP_800-53_R4_AC-17(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(4)"},{"name":"NIST_SP_800-53_R4_AC-17(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(9)"},{"name":"NIST_SP_800-53_R4_AC-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17"},{"name":"NIST_SP_800-53_R4_AC-18(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(1)"},{"name":"NIST_SP_800-53_R4_AC-18(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(3)"},{"name":"NIST_SP_800-53_R4_AC-18(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(4)"},{"name":"NIST_SP_800-53_R4_AC-18(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(5)"},{"name":"NIST_SP_800-53_R4_AC-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18"},{"name":"NIST_SP_800-53_R4_AC-19(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-19(5)"},{"name":"NIST_SP_800-53_R4_AC-19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-19"},{"name":"NIST_SP_800-53_R4_AC-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(1)"},{"name":"NIST_SP_800-53_R4_AC-2(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(10)"},{"name":"NIST_SP_800-53_R4_AC-2(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(11)"},{"name":"NIST_SP_800-53_R4_AC-2(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(12)"},{"name":"NIST_SP_800-53_R4_AC-2(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(13)"},{"name":"NIST_SP_800-53_R4_AC-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(2)"},{"name":"NIST_SP_800-53_R4_AC-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(3)"},{"name":"NIST_SP_800-53_R4_AC-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(4)"},{"name":"NIST_SP_800-53_R4_AC-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(5)"},{"name":"NIST_SP_800-53_R4_AC-2(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(7)"},{"name":"NIST_SP_800-53_R4_AC-2(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(9)"},{"name":"NIST_SP_800-53_R4_AC-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2"},{"name":"NIST_SP_800-53_R4_AC-20(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20(1)"},{"name":"NIST_SP_800-53_R4_AC-20(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20(2)"},{"name":"NIST_SP_800-53_R4_AC-20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20"},{"name":"NIST_SP_800-53_R4_AC-21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-21"},{"name":"NIST_SP_800-53_R4_AC-22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-22"},{"name":"NIST_SP_800-53_R4_AC-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-3"},{"name":"NIST_SP_800-53_R4_AC-4(21)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4(21)"},{"name":"NIST_SP_800-53_R4_AC-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4(8)"},{"name":"NIST_SP_800-53_R4_AC-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4"},{"name":"NIST_SP_800-53_R4_AC-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-5"},{"name":"NIST_SP_800-53_R4_AC-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(1)"},{"name":"NIST_SP_800-53_R4_AC-6(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(10)"},{"name":"NIST_SP_800-53_R4_AC-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(2)"},{"name":"NIST_SP_800-53_R4_AC-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(3)"},{"name":"NIST_SP_800-53_R4_AC-6(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(5)"},{"name":"NIST_SP_800-53_R4_AC-6(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(7)"},{"name":"NIST_SP_800-53_R4_AC-6(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(8)"},{"name":"NIST_SP_800-53_R4_AC-6(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(9)"},{"name":"NIST_SP_800-53_R4_AC-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6"},{"name":"NIST_SP_800-53_R4_AC-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-7(2)"},{"name":"NIST_SP_800-53_R4_AC-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-7"},{"name":"NIST_SP_800-53_R4_AC-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-8"},{"name":"NIST_SP_800-53_R4_AT-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-1"},{"name":"NIST_SP_800-53_R4_AT-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-2(2)"},{"name":"NIST_SP_800-53_R4_AT-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-2"},{"name":"NIST_SP_800-53_R4_AT-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3(3)"},{"name":"NIST_SP_800-53_R4_AT-3(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3(4)"},{"name":"NIST_SP_800-53_R4_AT-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3"},{"name":"NIST_SP_800-53_R4_AT-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-4"},{"name":"NIST_SP_800-53_R4_AU-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-1"},{"name":"NIST_SP_800-53_R4_AU-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-10"},{"name":"NIST_SP_800-53_R4_AU-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-11"},{"name":"NIST_SP_800-53_R4_AU-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12(1)"},{"name":"NIST_SP_800-53_R4_AU-12(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12(3)"},{"name":"NIST_SP_800-53_R4_AU-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12"},{"name":"NIST_SP_800-53_R4_AU-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-2(3)"},{"name":"NIST_SP_800-53_R4_AU-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-2"},{"name":"NIST_SP_800-53_R4_AU-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3(1)"},{"name":"NIST_SP_800-53_R4_AU-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3(2)"},{"name":"NIST_SP_800-53_R4_AU-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3"},{"name":"NIST_SP_800-53_R4_AU-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-4"},{"name":"NIST_SP_800-53_R4_AU-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5(1)"},{"name":"NIST_SP_800-53_R4_AU-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5(2)"},{"name":"NIST_SP_800-53_R4_AU-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5"},{"name":"NIST_SP_800-53_R4_AU-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(1)"},{"name":"NIST_SP_800-53_R4_AU-6(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(10)"},{"name":"NIST_SP_800-53_R4_AU-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(3)"},{"name":"NIST_SP_800-53_R4_AU-6(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(4)"},{"name":"NIST_SP_800-53_R4_AU-6(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(5)"},{"name":"NIST_SP_800-53_R4_AU-6(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(6)"},{"name":"NIST_SP_800-53_R4_AU-6(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(7)"},{"name":"NIST_SP_800-53_R4_AU-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6"},{"name":"NIST_SP_800-53_R4_AU-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-7(1)"},{"name":"NIST_SP_800-53_R4_AU-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-7"},{"name":"NIST_SP_800-53_R4_AU-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-8(1)"},{"name":"NIST_SP_800-53_R4_AU-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-8"},{"name":"NIST_SP_800-53_R4_AU-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(2)"},{"name":"NIST_SP_800-53_R4_AU-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(3)"},{"name":"NIST_SP_800-53_R4_AU-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(4)"},{"name":"NIST_SP_800-53_R4_AU-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9"},{"name":"NIST_SP_800-53_R4_CA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-1"},{"name":"NIST_SP_800-53_R4_CA-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(1)"},{"name":"NIST_SP_800-53_R4_CA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(2)"},{"name":"NIST_SP_800-53_R4_CA-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(3)"},{"name":"NIST_SP_800-53_R4_CA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2"},{"name":"NIST_SP_800-53_R4_CA-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3(3)"},{"name":"NIST_SP_800-53_R4_CA-3(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3(5)"},{"name":"NIST_SP_800-53_R4_CA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3"},{"name":"NIST_SP_800-53_R4_CA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-5"},{"name":"NIST_SP_800-53_R4_CA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-6"},{"name":"NIST_SP_800-53_R4_CA-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7(1)"},{"name":"NIST_SP_800-53_R4_CA-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7(3)"},{"name":"NIST_SP_800-53_R4_CA-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7"},{"name":"NIST_SP_800-53_R4_CA-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-8(1)"},{"name":"NIST_SP_800-53_R4_CA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-8"},{"name":"NIST_SP_800-53_R4_CA-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-9"},{"name":"NIST_SP_800-53_R4_CM-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-1"},{"name":"NIST_SP_800-53_R4_CM-10(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-10(1)"},{"name":"NIST_SP_800-53_R4_CM-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-10"},{"name":"NIST_SP_800-53_R4_CM-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-11(1)"},{"name":"NIST_SP_800-53_R4_CM-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-11"},{"name":"NIST_SP_800-53_R4_CM-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(1)"},{"name":"NIST_SP_800-53_R4_CM-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(2)"},{"name":"NIST_SP_800-53_R4_CM-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(3)"},{"name":"NIST_SP_800-53_R4_CM-2(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(7)"},{"name":"NIST_SP_800-53_R4_CM-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2"},{"name":"NIST_SP_800-53_R4_CM-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(1)"},{"name":"NIST_SP_800-53_R4_CM-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(2)"},{"name":"NIST_SP_800-53_R4_CM-3(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(4)"},{"name":"NIST_SP_800-53_R4_CM-3(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(6)"},{"name":"NIST_SP_800-53_R4_CM-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3"},{"name":"NIST_SP_800-53_R4_CM-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-4(1)"},{"name":"NIST_SP_800-53_R4_CM-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-4"},{"name":"NIST_SP_800-53_R4_CM-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(1)"},{"name":"NIST_SP_800-53_R4_CM-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(2)"},{"name":"NIST_SP_800-53_R4_CM-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(3)"},{"name":"NIST_SP_800-53_R4_CM-5(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(5)"},{"name":"NIST_SP_800-53_R4_CM-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5"},{"name":"NIST_SP_800-53_R4_CM-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6(1)"},{"name":"NIST_SP_800-53_R4_CM-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6(2)"},{"name":"NIST_SP_800-53_R4_CM-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6"},{"name":"NIST_SP_800-53_R4_CM-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(1)"},{"name":"NIST_SP_800-53_R4_CM-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(2)"},{"name":"NIST_SP_800-53_R4_CM-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(5)"},{"name":"NIST_SP_800-53_R4_CM-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7"},{"name":"NIST_SP_800-53_R4_CM-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(1)"},{"name":"NIST_SP_800-53_R4_CM-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(2)"},{"name":"NIST_SP_800-53_R4_CM-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(3)"},{"name":"NIST_SP_800-53_R4_CM-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(4)"},{"name":"NIST_SP_800-53_R4_CM-8(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(5)"},{"name":"NIST_SP_800-53_R4_CM-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8"},{"name":"NIST_SP_800-53_R4_CM-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-9"},{"name":"NIST_SP_800-53_R4_CP-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-1"},{"name":"NIST_SP_800-53_R4_CP-10(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10(2)"},{"name":"NIST_SP_800-53_R4_CP-10(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10(4)"},{"name":"NIST_SP_800-53_R4_CP-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10"},{"name":"NIST_SP_800-53_R4_CP-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(1)"},{"name":"NIST_SP_800-53_R4_CP-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(2)"},{"name":"NIST_SP_800-53_R4_CP-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(3)"},{"name":"NIST_SP_800-53_R4_CP-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(4)"},{"name":"NIST_SP_800-53_R4_CP-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(5)"},{"name":"NIST_SP_800-53_R4_CP-2(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(8)"},{"name":"NIST_SP_800-53_R4_CP-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2"},{"name":"NIST_SP_800-53_R4_CP-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-3(1)"},{"name":"NIST_SP_800-53_R4_CP-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-3"},{"name":"NIST_SP_800-53_R4_CP-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4(1)"},{"name":"NIST_SP_800-53_R4_CP-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4(2)"},{"name":"NIST_SP_800-53_R4_CP-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4"},{"name":"NIST_SP_800-53_R4_CP-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(1)"},{"name":"NIST_SP_800-53_R4_CP-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(2)"},{"name":"NIST_SP_800-53_R4_CP-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(3)"},{"name":"NIST_SP_800-53_R4_CP-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6"},{"name":"NIST_SP_800-53_R4_CP-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(1)"},{"name":"NIST_SP_800-53_R4_CP-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(2)"},{"name":"NIST_SP_800-53_R4_CP-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(3)"},{"name":"NIST_SP_800-53_R4_CP-7(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(4)"},{"name":"NIST_SP_800-53_R4_CP-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7"},{"name":"NIST_SP_800-53_R4_CP-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(1)"},{"name":"NIST_SP_800-53_R4_CP-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(2)"},{"name":"NIST_SP_800-53_R4_CP-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(3)"},{"name":"NIST_SP_800-53_R4_CP-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(4)"},{"name":"NIST_SP_800-53_R4_CP-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8"},{"name":"NIST_SP_800-53_R4_CP-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(1)"},{"name":"NIST_SP_800-53_R4_CP-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(2)"},{"name":"NIST_SP_800-53_R4_CP-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(3)"},{"name":"NIST_SP_800-53_R4_CP-9(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(5)"},{"name":"NIST_SP_800-53_R4_CP-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9"},{"name":"NIST_SP_800-53_R4_IA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-1"},{"name":"NIST_SP_800-53_R4_IA-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(1)"},{"name":"NIST_SP_800-53_R4_IA-2(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(11)"},{"name":"NIST_SP_800-53_R4_IA-2(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(12)"},{"name":"NIST_SP_800-53_R4_IA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(2)"},{"name":"NIST_SP_800-53_R4_IA-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(3)"},{"name":"NIST_SP_800-53_R4_IA-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(4)"},{"name":"NIST_SP_800-53_R4_IA-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(5)"},{"name":"NIST_SP_800-53_R4_IA-2(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(8)"},{"name":"NIST_SP_800-53_R4_IA-2(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(9)"},{"name":"NIST_SP_800-53_R4_IA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2"},{"name":"NIST_SP_800-53_R4_IA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-3"},{"name":"NIST_SP_800-53_R4_IA-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-4(4)"},{"name":"NIST_SP_800-53_R4_IA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-4"},{"name":"NIST_SP_800-53_R4_IA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(1)"},{"name":"NIST_SP_800-53_R4_IA-5(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(11)"},{"name":"NIST_SP_800-53_R4_IA-5(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(13)"},{"name":"NIST_SP_800-53_R4_IA-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(2)"},{"name":"NIST_SP_800-53_R4_IA-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(3)"},{"name":"NIST_SP_800-53_R4_IA-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(4)"},{"name":"NIST_SP_800-53_R4_IA-5(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(6)"},{"name":"NIST_SP_800-53_R4_IA-5(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(7)"},{"name":"NIST_SP_800-53_R4_IA-5(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(8)"},{"name":"NIST_SP_800-53_R4_IA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5"},{"name":"NIST_SP_800-53_R4_IA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-6"},{"name":"NIST_SP_800-53_R4_IA-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-7"},{"name":"NIST_SP_800-53_R4_IA-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(1)"},{"name":"NIST_SP_800-53_R4_IA-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(2)"},{"name":"NIST_SP_800-53_R4_IA-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(3)"},{"name":"NIST_SP_800-53_R4_IA-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(4)"},{"name":"NIST_SP_800-53_R4_IA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8"},{"name":"NIST_SP_800-53_R4_IR-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-1"},{"name":"NIST_SP_800-53_R4_IR-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2(1)"},{"name":"NIST_SP_800-53_R4_IR-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2(2)"},{"name":"NIST_SP_800-53_R4_IR-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2"},{"name":"NIST_SP_800-53_R4_IR-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-3(2)"},{"name":"NIST_SP_800-53_R4_IR-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-3"},{"name":"NIST_SP_800-53_R4_IR-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(1)"},{"name":"NIST_SP_800-53_R4_IR-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(2)"},{"name":"NIST_SP_800-53_R4_IR-4(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(3)"},{"name":"NIST_SP_800-53_R4_IR-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(4)"},{"name":"NIST_SP_800-53_R4_IR-4(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(6)"},{"name":"NIST_SP_800-53_R4_IR-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(8)"},{"name":"NIST_SP_800-53_R4_IR-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4"},{"name":"NIST_SP_800-53_R4_IR-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-5(1)"},{"name":"NIST_SP_800-53_R4_IR-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-5"},{"name":"NIST_SP_800-53_R4_IR-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-6(1)"},{"name":"NIST_SP_800-53_R4_IR-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-6"},{"name":"NIST_SP_800-53_R4_IR-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7(1)"},{"name":"NIST_SP_800-53_R4_IR-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7(2)"},{"name":"NIST_SP_800-53_R4_IR-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7"},{"name":"NIST_SP_800-53_R4_IR-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-8"},{"name":"NIST_SP_800-53_R4_IR-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(1)"},{"name":"NIST_SP_800-53_R4_IR-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(2)"},{"name":"NIST_SP_800-53_R4_IR-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(3)"},{"name":"NIST_SP_800-53_R4_IR-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(4)"},{"name":"NIST_SP_800-53_R4_IR-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9"},{"name":"NIST_SP_800-53_R4_MA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-1"},{"name":"NIST_SP_800-53_R4_MA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-2(2)"},{"name":"NIST_SP_800-53_R4_MA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-2"},{"name":"NIST_SP_800-53_R4_MA-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(1)"},{"name":"NIST_SP_800-53_R4_MA-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(2)"},{"name":"NIST_SP_800-53_R4_MA-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(3)"},{"name":"NIST_SP_800-53_R4_MA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3"},{"name":"NIST_SP_800-53_R4_MA-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(2)"},{"name":"NIST_SP_800-53_R4_MA-4(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(3)"},{"name":"NIST_SP_800-53_R4_MA-4(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(6)"},{"name":"NIST_SP_800-53_R4_MA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4"},{"name":"NIST_SP_800-53_R4_MA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-5(1)"},{"name":"NIST_SP_800-53_R4_MA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-5"},{"name":"NIST_SP_800-53_R4_MA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-6"},{"name":"NIST_SP_800-53_R4_MP-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-1"},{"name":"NIST_SP_800-53_R4_MP-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-2"},{"name":"NIST_SP_800-53_R4_MP-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-3"},{"name":"NIST_SP_800-53_R4_MP-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-4"},{"name":"NIST_SP_800-53_R4_MP-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-5(4)"},{"name":"NIST_SP_800-53_R4_MP-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-5"},{"name":"NIST_SP_800-53_R4_MP-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(1)"},{"name":"NIST_SP_800-53_R4_MP-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(2)"},{"name":"NIST_SP_800-53_R4_MP-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(3)"},{"name":"NIST_SP_800-53_R4_MP-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6"},{"name":"NIST_SP_800-53_R4_MP-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-7(1)"},{"name":"NIST_SP_800-53_R4_MP-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-7"},{"name":"NIST_SP_800-53_R4_PE-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-1"},{"name":"NIST_SP_800-53_R4_PE-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-10"},{"name":"NIST_SP_800-53_R4_PE-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-11(1)"},{"name":"NIST_SP_800-53_R4_PE-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-11"},{"name":"NIST_SP_800-53_R4_PE-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-12"},{"name":"NIST_SP_800-53_R4_PE-13(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(1)"},{"name":"NIST_SP_800-53_R4_PE-13(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(2)"},{"name":"NIST_SP_800-53_R4_PE-13(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(3)"},{"name":"NIST_SP_800-53_R4_PE-13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13"},{"name":"NIST_SP_800-53_R4_PE-14(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-14(2)"},{"name":"NIST_SP_800-53_R4_PE-14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-14"},{"name":"NIST_SP_800-53_R4_PE-15(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-15(1)"},{"name":"NIST_SP_800-53_R4_PE-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-15"},{"name":"NIST_SP_800-53_R4_PE-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-16"},{"name":"NIST_SP_800-53_R4_PE-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-17"},{"name":"NIST_SP_800-53_R4_PE-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-18"},{"name":"NIST_SP_800-53_R4_PE-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-2"},{"name":"NIST_SP_800-53_R4_PE-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-3(1)"},{"name":"NIST_SP_800-53_R4_PE-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-3"},{"name":"NIST_SP_800-53_R4_PE-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-4"},{"name":"NIST_SP_800-53_R4_PE-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-5"},{"name":"NIST_SP_800-53_R4_PE-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6(1)"},{"name":"NIST_SP_800-53_R4_PE-6(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6(4)"},{"name":"NIST_SP_800-53_R4_PE-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6"},{"name":"NIST_SP_800-53_R4_PE-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-8(1)"},{"name":"NIST_SP_800-53_R4_PE-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-8"},{"name":"NIST_SP_800-53_R4_PE-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-9"},{"name":"NIST_SP_800-53_R4_PL-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-1"},{"name":"NIST_SP_800-53_R4_PL-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-2(3)"},{"name":"NIST_SP_800-53_R4_PL-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-2"},{"name":"NIST_SP_800-53_R4_PL-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-4(1)"},{"name":"NIST_SP_800-53_R4_PL-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-4"},{"name":"NIST_SP_800-53_R4_PL-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-8"},{"name":"NIST_SP_800-53_R4_PS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-1"},{"name":"NIST_SP_800-53_R4_PS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-2"},{"name":"NIST_SP_800-53_R4_PS-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-3(3)"},{"name":"NIST_SP_800-53_R4_PS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-3"},{"name":"NIST_SP_800-53_R4_PS-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-4(2)"},{"name":"NIST_SP_800-53_R4_PS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-4"},{"name":"NIST_SP_800-53_R4_PS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-5"},{"name":"NIST_SP_800-53_R4_PS-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-6"},{"name":"NIST_SP_800-53_R4_PS-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-7"},{"name":"NIST_SP_800-53_R4_PS-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-8"},{"name":"NIST_SP_800-53_R4_RA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-1"},{"name":"NIST_SP_800-53_R4_RA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-2"},{"name":"NIST_SP_800-53_R4_RA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-3"},{"name":"NIST_SP_800-53_R4_RA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(1)"},{"name":"NIST_SP_800-53_R4_RA-5(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(10)"},{"name":"NIST_SP_800-53_R4_RA-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(2)"},{"name":"NIST_SP_800-53_R4_RA-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(3)"},{"name":"NIST_SP_800-53_R4_RA-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(4)"},{"name":"NIST_SP_800-53_R4_RA-5(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(5)"},{"name":"NIST_SP_800-53_R4_RA-5(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(6)"},{"name":"NIST_SP_800-53_R4_RA-5(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(8)"},{"name":"NIST_SP_800-53_R4_RA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5"},{"name":"NIST_SP_800-53_R4_SA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-1"},{"name":"NIST_SP_800-53_R4_SA-10(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-10(1)"},{"name":"NIST_SP_800-53_R4_SA-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-10"},{"name":"NIST_SP_800-53_R4_SA-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(1)"},{"name":"NIST_SP_800-53_R4_SA-11(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(2)"},{"name":"NIST_SP_800-53_R4_SA-11(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(8)"},{"name":"NIST_SP_800-53_R4_SA-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11"},{"name":"NIST_SP_800-53_R4_SA-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-12"},{"name":"NIST_SP_800-53_R4_SA-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-15"},{"name":"NIST_SP_800-53_R4_SA-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-16"},{"name":"NIST_SP_800-53_R4_SA-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-17"},{"name":"NIST_SP_800-53_R4_SA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-2"},{"name":"NIST_SP_800-53_R4_SA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-3"},{"name":"NIST_SP_800-53_R4_SA-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(1)"},{"name":"NIST_SP_800-53_R4_SA-4(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(10)"},{"name":"NIST_SP_800-53_R4_SA-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(2)"},{"name":"NIST_SP_800-53_R4_SA-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(8)"},{"name":"NIST_SP_800-53_R4_SA-4(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(9)"},{"name":"NIST_SP_800-53_R4_SA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4"},{"name":"NIST_SP_800-53_R4_SA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-5"},{"name":"NIST_SP_800-53_R4_SA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-8"},{"name":"NIST_SP_800-53_R4_SA-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(1)"},{"name":"NIST_SP_800-53_R4_SA-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(2)"},{"name":"NIST_SP_800-53_R4_SA-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(4)"},{"name":"NIST_SP_800-53_R4_SA-9(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(5)"},{"name":"NIST_SP_800-53_R4_SA-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9"},{"name":"NIST_SP_800-53_R4_SC-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-1"},{"name":"NIST_SP_800-53_R4_SC-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-10"},{"name":"NIST_SP_800-53_R4_SC-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(1)"},{"name":"NIST_SP_800-53_R4_SC-12(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(2)"},{"name":"NIST_SP_800-53_R4_SC-12(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(3)"},{"name":"NIST_SP_800-53_R4_SC-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12"},{"name":"NIST_SP_800-53_R4_SC-13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-13"},{"name":"NIST_SP_800-53_R4_SC-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-15"},{"name":"NIST_SP_800-53_R4_SC-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-17"},{"name":"NIST_SP_800-53_R4_SC-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-18"},{"name":"NIST_SP_800-53_R4_SC-19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-19"},{"name":"NIST_SP_800-53_R4_SC-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-2"},{"name":"NIST_SP_800-53_R4_SC-20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-20"},{"name":"NIST_SP_800-53_R4_SC-21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-21"},{"name":"NIST_SP_800-53_R4_SC-22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-22"},{"name":"NIST_SP_800-53_R4_SC-23(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-23(1)"},{"name":"NIST_SP_800-53_R4_SC-23","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-23"},{"name":"NIST_SP_800-53_R4_SC-24","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-24"},{"name":"NIST_SP_800-53_R4_SC-28(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-28(1)"},{"name":"NIST_SP_800-53_R4_SC-28","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-28"},{"name":"NIST_SP_800-53_R4_SC-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-3"},{"name":"NIST_SP_800-53_R4_SC-39","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-39"},{"name":"NIST_SP_800-53_R4_SC-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-4"},{"name":"NIST_SP_800-53_R4_SC-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-5"},{"name":"NIST_SP_800-53_R4_SC-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-6"},{"name":"NIST_SP_800-53_R4_SC-7(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(10)"},{"name":"NIST_SP_800-53_R4_SC-7(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(12)"},{"name":"NIST_SP_800-53_R4_SC-7(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(13)"},{"name":"NIST_SP_800-53_R4_SC-7(18)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(18)"},{"name":"NIST_SP_800-53_R4_SC-7(20)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(20)"},{"name":"NIST_SP_800-53_R4_SC-7(21)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(21)"},{"name":"NIST_SP_800-53_R4_SC-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(3)"},{"name":"NIST_SP_800-53_R4_SC-7(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(4)"},{"name":"NIST_SP_800-53_R4_SC-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(5)"},{"name":"NIST_SP_800-53_R4_SC-7(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(7)"},{"name":"NIST_SP_800-53_R4_SC-7(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(8)"},{"name":"NIST_SP_800-53_R4_SC-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7"},{"name":"NIST_SP_800-53_R4_SC-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-8(1)"},{"name":"NIST_SP_800-53_R4_SC-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-8"},{"name":"NIST_SP_800-53_R4_SI-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-1"},{"name":"NIST_SP_800-53_R4_SI-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-10"},{"name":"NIST_SP_800-53_R4_SI-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-11"},{"name":"NIST_SP_800-53_R4_SI-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-12"},{"name":"NIST_SP_800-53_R4_SI-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-16"},{"name":"NIST_SP_800-53_R4_SI-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(1)"},{"name":"NIST_SP_800-53_R4_SI-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(2)"},{"name":"NIST_SP_800-53_R4_SI-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(3)"},{"name":"NIST_SP_800-53_R4_SI-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2"},{"name":"NIST_SP_800-53_R4_SI-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(1)"},{"name":"NIST_SP_800-53_R4_SI-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(2)"},{"name":"NIST_SP_800-53_R4_SI-3(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(7)"},{"name":"NIST_SP_800-53_R4_SI-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3"},{"name":"NIST_SP_800-53_R4_SI-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(1)"},{"name":"NIST_SP_800-53_R4_SI-4(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(11)"},{"name":"NIST_SP_800-53_R4_SI-4(14)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(14)"},{"name":"NIST_SP_800-53_R4_SI-4(16)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(16)"},{"name":"NIST_SP_800-53_R4_SI-4(18)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(18)"},{"name":"NIST_SP_800-53_R4_SI-4(19)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(19)"},{"name":"NIST_SP_800-53_R4_SI-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(2)"},{"name":"NIST_SP_800-53_R4_SI-4(20)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(20)"},{"name":"NIST_SP_800-53_R4_SI-4(22)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(22)"},{"name":"NIST_SP_800-53_R4_SI-4(23)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(23)"},{"name":"NIST_SP_800-53_R4_SI-4(24)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(24)"},{"name":"NIST_SP_800-53_R4_SI-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(4)"},{"name":"NIST_SP_800-53_R4_SI-4(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(5)"},{"name":"NIST_SP_800-53_R4_SI-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4"},{"name":"NIST_SP_800-53_R4_SI-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-5(1)"},{"name":"NIST_SP_800-53_R4_SI-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-5"},{"name":"NIST_SP_800-53_R4_SI-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-6"},{"name":"NIST_SP_800-53_R4_SI-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(1)"},{"name":"NIST_SP_800-53_R4_SI-7(14)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(14)"},{"name":"NIST_SP_800-53_R4_SI-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(2)"},{"name":"NIST_SP_800-53_R4_SI-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(5)"},{"name":"NIST_SP_800-53_R4_SI-7(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(7)"},{"name":"NIST_SP_800-53_R4_SI-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7"},{"name":"NIST_SP_800-53_R4_SI-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8(1)"},{"name":"NIST_SP_800-53_R4_SI-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8(2)"},{"name":"NIST_SP_800-53_R4_SI-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f","type":"Microsoft.Authorization/policySetDefinitions","name":"cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f"},{"properties":{"displayName":"[Preview]:
+ Audit FedRAMP High controls and deploy specific VM Extensions to support audit
+ requirements","policyType":"BuiltIn","description":"This initiative includes
+ audit and VM Extension deployment policies that address a subset of FedRAMP
+ H controls. Additional policies will be added in upcoming releases. For more
+ information, please visit https://aka.ms/fedramph-blueprint.","metadata":{"category":"Regulatory
+ Compliance","preview":true},"parameters":{"listOfAllowedLocationsForResourcesAndResourceGroups":{"type":"Array","metadata":{"displayName":"Allowed
+ locations for resources and resource groups","description":"This policy enables
+ you to restrict the locations your organization can create resource groups
+ in or deploy resources. Use to enforce your geo-compliance requirements. Excludes
+ resource groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources
+ that use the ''global'' region.","strongType":"location"}},"membersToIncludeInAdministratorsLocalGroup":{"type":"String","metadata":{"displayName":"Members
+ to be included in the Administrators local group","description":"A semicolon-separated
+ list of members that should be included in the Administrators local group.
+ Ex: Administrator; myUser1; myUser2"}},"membersToExcludeInAdministratorsLocalGroup":{"type":"String","metadata":{"displayName":"Members
+ that should be excluded in the Administrators local group","description":"A
+ semicolon-separated list of members that should be excluded in the Administrators
+ local group. Ex: Administrator; myUser1; myUser2"}},"logAnalyticsWorkspaceIdForVMs":{"type":"String","metadata":{"displayName":"Log
+ Analytics Workspace Id that VMs should be configured for","description":"This
+ is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured
+ for."}},"listOfResourceTypes":{"type":"Array","metadata":{"displayName":"List
+ of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerability
+ assessment should be enabled on your SQL managed instances","description":"Audit
+ SQL managed instances which do not have recurring vulnerability assessment
+ scans enabled. Vulnerability assessment can discover, track, and help you
+ remediate potential database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vulnerabilityAssessmentOnServerMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerability
+ assessment should be enabled on your SQL servers","description":"Audit Azure
+ SQL servers which do not have recurring vulnerability assessment scans enabled.
+ Vulnerability assessment can discover, track, and help you remediate potential
+ database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vulnerabilityAssessmentOnVirtualMachinesEffect":{"type":"String","metadata":{"displayName":"Vulnerability
+ Assessment should be enabled on Virtual Machines","description":"Monitors
+ vulnerabilities detected by Azure Security Center Vulnerability Assessment
+ on Virtual Machines"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"geoRedundancyEnabledForStorageAccountsEffect":{"type":"String","metadata":{"displayName":"Geo-redundant
+ storage should be enabled for Storage Accounts","description":"This policy
+ audits any Storage Account with geo-redundant storage not enabled."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"geoRedundancyEnabledForAzureDatabaseForMariaDBEffect":{"type":"String","metadata":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for MariaDB","description":"This
+ policy audits any Azure Database for MariaDB with geo-redundant backup not
+ enabled."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"geoRedundancyEnabledForAzureDatabaseForMySQLEffect":{"type":"String","metadata":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for MySQL","description":"This
+ policy audits any Azure Database for MySQL with geo-redundant backup not enabled."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"geoRedundancyEnabledForAzureDatabaseForPostgreSQLEffect":{"type":"String","metadata":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for PostgreSQL","description":"This
+ policy audits any Azure Database for PostgreSQL with geo-redundant backup
+ not enabled."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"adaptiveNetworkHardeningsMonitoringEffect":{"type":"String","metadata":{"displayName":"Network
+ Security Group Rules for Internet facing virtual machines should be hardened","description":"Enable
+ or disable the monitoring of Internet-facing virtual machines for Network
+ Security Group traffic hardening recommendations"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppEnforceHttpsMonitoringEffect":{"type":"String","metadata":{"displayName":"Web
+ Application should only be accessible over HTTPS","description":"Enable or
+ disable the monitoring of the use of HTTPS in Web App"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"functionAppEnforceHttpsMonitoringEffect":{"type":"String","metadata":{"displayName":"Function
+ App should only be accessible over HTTPS","description":"Enable or disable
+ the monitoring of the use of HTTPS in function App"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"External
+ accounts with write permissions should be removed from your subscription","description":"Enable
+ or disable the monitoring of external acounts with write permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"External
+ accounts with read permissions should be removed from your subscription","description":"Enable
+ or disable the monitoring of external acounts with read permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"External
+ accounts with owner permissions should be removed from your subscription","description":"Enable
+ or disable the monitoring of external acounts with owner permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"Deprecated
+ accounts with owner permissions should be removed from your subscription","description":"Enable
+ or disable the monitoring of deprecated acounts with owner permissions in
+ subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveDeprecatedAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Deprecated
+ accounts should be removed from your subscription","description":"Enable or
+ disable the monitoring of deprecated acounts in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppRestrictCORSAccessMonitoringEffect":{"type":"String","metadata":{"displayName":"CORS
+ should not allow every resource to access your Web Application","description":"Enable
+ or disable the monitoring of CORS restrictions for API Web"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vmssSystemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"System
+ updates on virtual machine scale sets should be installed","description":"Enable
+ or disable virtual machine scale sets reporting of system updates"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForReadPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled on accounts with read permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with read permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled on accounts with owner permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with owner permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForWritePermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled accounts with write permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with write permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect":{"type":"String","metadata":{"displayName":"Long-term
+ geo-redundant backup should be enabled for Azure SQL Databases","description":"This
+ policy audits any Azure SQL Database with long-term geo-redundant backup not
+ enabled."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"previewMonitorUnprotectedWebApplicationInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"deployRequirementsToAuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{}},{"policyDefinitionReferenceId":"auditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"auditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"serviceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"auditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"transparentDataEncryptionOnSqlDatabasesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"auditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{}},{"policyDefinitionReferenceId":"auditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a","parameters":{}},{"policyDefinitionReferenceId":"auditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de","parameters":{}},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"auditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"auditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"anAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesShouldBeRemediatedByAVulnerabilityAssessmentSolution","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"diskEncryptionShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesOnYourSqlDatabasesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"justInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"systemUpdatesShouldBeInstalledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"monitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmShouldNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditLinuxVmPasswdFilePermissions","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"endpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"previewShowAuditResultsFromWindowsVMsThatDoNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatAllowReUseOfThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLinuxVMsThatHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"dDoSProtectionStandardShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"thereShouldBeMoreThanOneOwnerAssignedToYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"aMaximumOf3OwnersShouldBeDesignatedForYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsAgentDeploymentInVmssVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsAgentDeploymentVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"apiAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"VulnerabilityAssessmentshouldbeenabledonVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnVirtualMachinesEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantStorageShouldBeEnabledForStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf045164-79ba-4215-8f95-f8048dc1780b","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForStorageAccountsEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMariaDB","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForMariaDBEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMySQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForMySQLEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgreSQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForPostgreSQLEffect'')]"}}},{"policyDefinitionReferenceId":"allowedLocationsForResourceGroups","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988","parameters":{"listOfAllowedLocations":{"value":"[parameters(''listOfAllowedLocationsForResourcesAndResourceGroups'')]"}}},{"policyDefinitionReferenceId":"allowedLocationsForResources","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","parameters":{"listOfAllowedLocations":{"value":"[parameters(''listOfAllowedLocationsForResourcesAndResourceGroups'')]"}}},{"policyDefinitionReferenceId":"deployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","parameters":{"membersToInclude":{"value":"[parameters(''membersToIncludeInAdministratorsLocalGroup'')]"}}},{"policyDefinitionReferenceId":"DeployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","parameters":{"membersToExclude":{"value":"[parameters(''membersToExcludeInAdministratorsLocalGroup'')]"}}},{"policyDefinitionReferenceId":"auditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdForVMs'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"longtermGeoRedundantBackupEnabledAzureSQLDatabases","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","parameters":{"effect":{"value":"[parameters(''longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/d5264498-16f4-418a-b659-fa7ef418175f","type":"Microsoft.Authorization/policySetDefinitions","name":"d5264498-16f4-418a-b659-fa7ef418175f"},{"properties":{"displayName":"[Preview]:
Audit Windows VMs that do not match Azure security baseline settings","policyType":"BuiltIn","description":"This
initiative deploys the policy requirements and audits Windows virtual machines
with non-compliant Azure security baseline configurations. For more information
@@ -1270,7 +1563,23 @@ interactions:
names (supports wildcards)","description":"A semicolon-separated list of the
names of the applications that should not be installed. e.g. ''Microsoft SQL
Server 2014 (64-bit); Microsoft Visual Studio Code'' or ''Microsoft SQL Server
- 2014*'' (to match any application starting with ''Microsoft SQL Server 2014'')"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_NotInstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2","parameters":{"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}}},{"policyDefinitionReferenceId":"Audit_NotInstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/d7fff7ea-9d47-4952-b854-b7da261e48f2","type":"Microsoft.Authorization/policySetDefinitions","name":"d7fff7ea-9d47-4952-b854-b7da261e48f2"},{"properties":{"displayName":"Audit
+ 2014*'' (to match any application starting with ''Microsoft SQL Server 2014'')"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_NotInstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2","parameters":{"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}}},{"policyDefinitionReferenceId":"Audit_NotInstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/d7fff7ea-9d47-4952-b854-b7da261e48f2","type":"Microsoft.Authorization/policySetDefinitions","name":"d7fff7ea-9d47-4952-b854-b7da261e48f2"},{"properties":{"displayName":"[Preview]:
+ Audit FedRAMP Moderate controls and deploy specific VM Extensions to support
+ audit requirements","policyType":"BuiltIn","description":"This initiative
+ includes audit and VM Extension deployment policies that address a subset
+ of FedRAMP M controls. Additional policies will be added in upcoming releases.
+ For more information, please visit https://aka.ms/fedrampm-blueprint.","metadata":{"category":"Regulatory
+ Compliance"},"parameters":{"logAnalyticsWorkspaceId":{"type":"String","metadata":{"displayName":"Log
+ Analytics Workspace Id that VMs should be configured for","description":"This
+ is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured
+ for."}},"listOfResourceTypes":{"type":"Array","metadata":{"displayName":"List
+ of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"membersToExclude":{"type":"String","metadata":{"displayName":"Members
+ to exclude","description":"A semicolon-separated list of members that should
+ be excluded in the Administrators local group. Ex: Administrator; myUser1;
+ myUser2"}},"membersToInclude":{"type":"String","metadata":{"displayName":"Members
+ to include","description":"A semicolon-separated list of members that should
+ be included in the Administrators local group. Ex: Administrator; myUser1;
+ myUser2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"MfaShouldBeEnabledOnAccountsWithOwnerPermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"MFAShouldBeEnabledOnAccountsWithReadPermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"MfaShouldBeEnabledAccountsWithWritePermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"SystemUpdatesOnVirtualMachineScaleSetsShouldBeInstalled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{}},{"policyDefinitionReferenceId":"CorsShouldNotAllowEveryResourceToAccessYourWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{}},{"policyDefinitionReferenceId":"DeprecatedAccountsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"DeprecatedAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithReadPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithWritePermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"FunctionAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"WebApplicationShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"ApiAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVmssVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"AMaximumOf3OwnersShouldBeDesignatedForYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"ThereShouldBeMoreThanOneOwnerAssignedToYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"DDoSProtectionStandardShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatAllowReUseOfThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"PreviewShowAuditResultsFromWindowsVMsThatDoNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6","parameters":{}},{"policyDefinitionReferenceId":"EndpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditLinuxVMsThatHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditWindowsVMsThatAllowReUseOfThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployPrerequisitesToAuditWindowsVMsThatDoNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","parameters":{}},{"policyDefinitionReferenceId":"NetworkSecurityGroupRulesForInternetFacingVirtualMachinesShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"MonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"SystemUpdatesShouldBeInstalledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"AdaptiveApplicationControlsShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"JustInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesOnYourSqlDatabasesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"DiskEncryptionShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesShouldBeRemediatedByAVulnerabilityAssessmentSolution","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes'')]"}}},{"policyDefinitionReferenceId":"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AnAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AdvancedDataSecurityShouldBeEnabledOnYourManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"AuditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"AdvancedDataSecurityShouldBeEnabledOnYourSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de","parameters":{}},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a","parameters":{}},{"policyDefinitionReferenceId":"AuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{}},{"policyDefinitionReferenceId":"TransparentDataEncryptionOnSqlDatabasesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"ServiceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"DeployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","parameters":{"membersToExclude":{"value":"[parameters(''membersToExclude'')]"}}},{"policyDefinitionReferenceId":"DeployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","parameters":{"membersToInclude":{"value":"[parameters(''membersToInclude'')]"}}},{"policyDefinitionReferenceId":"DeployRequirementsToAuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{}},{"policyDefinitionReferenceId":"TheNsGsRulesForWebApplicationsOnIaaSShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceId'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/e95f5a9f-57ad-4d03-bb0b-b1d16db93693","type":"Microsoft.Authorization/policySetDefinitions","name":"e95f5a9f-57ad-4d03-bb0b-b1d16db93693"},{"properties":{"displayName":"Audit
Windows VMs that do not have the specified Windows PowerShell execution policy","policyType":"BuiltIn","description":"This
initiative deploys the policy requirements and audits Windows virtual machines
where Windows PowerShell is not configured to use the specified PowerShell
@@ -1283,21 +1592,18 @@ interactions:
Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration"},"parameters":{"ApplicationName":{"type":"String","metadata":{"displayName":"Application
names","description":"A semicolon-separated list of the names of the applications
- that should not be installed. e.g. ''python; powershell''"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_NotInstalledApplicationLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0","parameters":{"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}}},{"policyDefinitionReferenceId":"Audit_NotInstalledApplicationLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/f48bcc78-5400-4fb0-b913-5140a2e5fa20","type":"Microsoft.Authorization/policySetDefinitions","name":"f48bcc78-5400-4fb0-b913-5140a2e5fa20"},{"properties":{"displayName":"jilim
- ttt","policyType":"Custom","metadata":{},"parameters":{},"policyDefinitions":[{"policyDefinitionReferenceId":"7915382897531231755","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","parameters":{"listOfAllowedLocations":{"value":["japaneast","japanwest"]}}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/3613bdc8-6f75-461c-a1e8-06b1fcf6905b","type":"Microsoft.Authorization/policySetDefinitions","name":"3613bdc8-6f75-461c-a1e8-06b1fcf6905b"},{"properties":{"displayName":"test_policyset000007_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-06T22:45:05.9971505Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-06T22:45:07.099992Z"},"policyDefinitions":[{"policyDefinitionReferenceId":"11861501872653762150","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"13574159396463637772","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000006"},{"properties":{"displayName":"jilim
- set","policyType":"Custom","description":"1","metadata":{"parameterScopes":{"omsWorkspace":"/subscriptions/00000000-0000-0000-0000-000000000000","resourceGroups":"/subscriptions/00000000-0000-0000-0000-000000000000","resourceGroup":"/subscriptions/00000000-0000-0000-0000-000000000000"}},"parameters":{"ALLOWEDSTORAGESKU_1":{"type":"String","metadata":{"displayName":"Strong
- type (string, av)","description":null,"strongType":"storageSkus"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"11816456642448143785","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/9c1ba477-ff0c-41ea-8a5d-826c4ca18208","parameters":{"omsWorkspace":{"value":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/jilim/providers/microsoft.operationalinsights/workspaces/jilimabc"}}},{"policyDefinitionReferenceId":"7095696909984450251","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/e6440295-d0ac-472b-949b-1cf289618198","parameters":{"locations":{"value":["australiaeast"]},"location":{"value":"australiaeast"},"resourceGroups":{"value":["jilim"]},"resourceGroup":{"value":"jilim"},"tags":{"value":["a"]},"tag":{"value":"a"},"allowedLocations":{"value":["eastus"]},"allowedLocation":{"value":"eastus"},"allowedStorageSkus":{"value":["Standard_LRS"]},"allowedStorageSku":{"value":"[parameters(''ALLOWEDSTORAGESKU_1'')]"},"allowedTags":{"value":["FirstName"]},"allowedTag":{"value":"FirstName"}}}]},"id":"/providers/Microsoft.Management/managementGroups/PolicyUIMG/providers/Microsoft.Authorization/policySetDefinitions/482fc09c-82af-48b9-96e0-6e750f0153db","type":"Microsoft.Authorization/policySetDefinitions","name":"482fc09c-82af-48b9-96e0-6e750f0153db"},{"properties":{"displayName":"test
- init2","policyType":"Custom","metadata":{},"parameters":{},"policyDefinitions":[{"policyDefinitionReferenceId":"9388605824103837052","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/20929e43-ae09-4aac-b8ce-05a42434a1ec","parameters":{"allowedLocations":{"value":["London"]}}},{"policyDefinitionReferenceId":"15255467709018494198","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/c8a0e9e0-f0e9-4d4c-8214-aace6218110e","parameters":{"allowedLocations":{"value":["London"]}}}]},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest5/providers/Microsoft.Authorization/policySetDefinitions/21e27984-a6b2-43de-a786-643b7df0c0b2","type":"Microsoft.Authorization/policySetDefinitions","name":"21e27984-a6b2-43de-a786-643b7df0c0b2"},{"properties":{"displayName":"test
- init","policyType":"Custom","metadata":{"parameterScopes":{"allowedLocations":"/providers/Microsoft.Management/managementGroups/AzGovTest5","listOfAllowedSKUs":"/subscriptions/00000000-0000-0000-0000-000000000000"}},"parameters":{},"policyDefinitions":[{"policyDefinitionReferenceId":"11677931907622429588","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovTest3/providers/Microsoft.Authorization/policyDefinitions/99b560dc-8924-4ba4-8467-adf1fdf04660","parameters":{}},{"policyDefinitionReferenceId":"17175752026273514153","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovTest5/providers/Microsoft.Authorization/policyDefinitions/e1d7de9f-42f0-4af1-9ee0-0187bfce08d5","parameters":{"allowedLocations":{"value":["australiacentral","australiacentral2","australiaeast","australiasoutheast","brazilsouth","canadacentral","canadaeast","centralindia","centralus","eastasia","eastus","eastus2","francecentral","francesouth","global","japaneast","japanwest","koreacentral","koreasouth","northcentralus","northeurope","southcentralus","southindia","southeastasia","uksouth","ukwest","westcentralus","westeurope","westindia","westus","westus2"]}}},{"policyDefinitionReferenceId":"17602706772987440385","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovTest3/providers/Microsoft.Authorization/policyDefinitions/ced9d1e5-109c-4e0b-a447-afbf649db203","parameters":{"listOfAllowedSKUs":{"value":["Premium_LRS"]}}},{"policyDefinitionReferenceId":"9371630468206030356","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovTest3/providers/Microsoft.Authorization/policyDefinitions/ced9d1e5-109c-4e0b-a447-afbf649db22a","parameters":{"listOfAllowedSKUs":{"value":["Standard_A8m_v2"]}}}]},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest5/providers/Microsoft.Authorization/policySetDefinitions/8a3978dc-2d90-477d-91e6-8746066f9061","type":"Microsoft.Authorization/policySetDefinitions","name":"8a3978dc-2d90-477d-91e6-8746066f9061"}]}'
+ that should not be installed. e.g. ''python; powershell''"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_NotInstalledApplicationLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0","parameters":{"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}}},{"policyDefinitionReferenceId":"Audit_NotInstalledApplicationLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/f48bcc78-5400-4fb0-b913-5140a2e5fa20","type":"Microsoft.Authorization/policySetDefinitions","name":"f48bcc78-5400-4fb0-b913-5140a2e5fa20"},{"properties":{"displayName":"Test
+ Modify initiative","policyType":"Custom","metadata":{"createdBy":"0dc80135-ae53-4da3-8695-220a2d93aad8","createdOn":"2019-08-29T00:36:36.3227701Z","updatedBy":"0dc80135-ae53-4da3-8695-220a2d93aad8","updatedOn":"2019-08-29T00:44:27.7479878Z"},"parameters":{},"policyDefinitions":[{"policyDefinitionReferenceId":"8044870099827093134","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","parameters":{}},{"policyDefinitionReferenceId":"2352795843478363616","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/robgaTestModify","parameters":{}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/55afae72-7df0-417b-9eb7-f756576c854a","type":"Microsoft.Authorization/policySetDefinitions","name":"55afae72-7df0-417b-9eb7-f756576c854a"},{"properties":{"displayName":"test_policyset000007_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T23:11:36.1917474Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T23:11:38.4154394Z"},"policyDefinitions":[{"policyDefinitionReferenceId":"18306635568777899405","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"8275565420913215288","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000006"},{"properties":{"displayName":"test_policysetk7pkce","policyType":"Custom","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T23:10:43.6932587Z","updatedBy":null,"updatedOn":null},"policyDefinitions":[{"policyDefinitionReferenceId":"1","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policysv65gfxjh","parameters":{"allowedLocations":{"value":["eastus"]}},"groupNames":["group1","group2"]},{"policyDefinitionReferenceId":"2","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policysv65gfxjh","parameters":{"allowedLocations":{"value":["eastus"]}},"groupNames":["group1"]}],"policyDefinitionGroups":[{"name":"group1","displayName":"Cost
+ Savings"},{"name":"group2","displayName":"Organizational"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policysetxi3o4a","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policysetxi3o4a"}]}'
headers:
cache-control:
- no-cache
content-length:
- - '318436'
+ - '647709'
content-type:
- application/json; charset=utf-8
date:
- - Fri, 06 Sep 2019 22:45:07 GMT
+ - Fri, 06 Dec 2019 23:11:39 GMT
expires:
- '-1'
pragma:
@@ -1327,15 +1633,15 @@ interactions:
ParameterSetName:
- -n --subscription
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policyset000007_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-06T22:45:05.9971505Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-06T22:45:07.099992Z"},"policyDefinitions":[{"policyDefinitionReferenceId":"11861501872653762150","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"13574159396463637772","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000006"}'
+ string: '{"properties":{"displayName":"test_policyset000007_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T23:11:36.1917474Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T23:11:38.4154394Z"},"policyDefinitions":[{"policyDefinitionReferenceId":"18306635568777899405","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"8275565420913215288","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000006"}'
headers:
cache-control:
- no-cache
@@ -1344,7 +1650,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Fri, 06 Sep 2019 22:45:08 GMT
+ - Fri, 06 Dec 2019 23:11:40 GMT
expires:
- '-1'
pragma:
@@ -1376,15 +1682,15 @@ interactions:
ParameterSetName:
- -n --subscription
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: DELETE
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policyset000007_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-06T22:45:05.9971505Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-06T22:45:07.099992Z"},"policyDefinitions":[{"policyDefinitionReferenceId":"11861501872653762150","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"13574159396463637772","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000006"}'
+ string: '{"properties":{"displayName":"test_policyset000007_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T23:11:36.1917474Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T23:11:38.4154394Z"},"policyDefinitions":[{"policyDefinitionReferenceId":"18306635568777899405","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},{"policyDefinitionReferenceId":"8275565420913215288","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000006"}'
headers:
cache-control:
- no-cache
@@ -1393,7 +1699,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Fri, 06 Sep 2019 22:45:08 GMT
+ - Fri, 06 Dec 2019 23:11:42 GMT
expires:
- '-1'
pragma:
@@ -1425,12 +1731,12 @@ interactions:
ParameterSetName:
- --subscription
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions?api-version=2019-09-01
response:
body:
string: '{"value":[{"properties":{"displayName":"Audit Windows VMs in which
@@ -1473,7 +1779,11 @@ interactions:
a subset of CIS Microsoft Azure Foundations Benchmark recommendations. Additional
policies will be added in upcoming releases. For more information, please
visit https://aka.ms/cisazure-blueprint.","metadata":{"category":"Regulatory
- Compliance"},"parameters":{},"policyDefinitions":[{"policyDefinitionReferenceId":"CISv110x1x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x1m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x3CISv110x7x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x5CISv110x7x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x6CISv110x7x1CISv110x7x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x15CISv110x4x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x5m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x10m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{}},{"policyDefinitionReferenceId":"CISv110x8x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1a5bb27d-173f-493e-9568-eb56638dde4d","type":"Microsoft.Authorization/policySetDefinitions","name":"1a5bb27d-173f-493e-9568-eb56638dde4d"},{"properties":{"displayName":"[Preview]:
+ Compliance"},"parameters":{"listOfRegionsWhereNetworkWatcherShouldBeEnabled":{"type":"Array","metadata":{"displayName":"List
+ of regions where Network Watcher should be enabled","description":"To see
+ a complete list of regions use Get-AzLocation","strongType":"location"},"defaultValue":["eastus"]},"listOfApprovedVMExtensions":{"type":"Array","metadata":{"displayName":"List
+ of virtual machine extensions that are approved for use","description":"To
+ see a complete list of virtual machine extensions, use Get-AzVMExtensionImage"},"defaultValue":["AzureDiskEncryption","AzureDiskEncryptionForLinux","DependencyAgentWindows","DependencyAgentLinux","IaaSAntimalware","IaaSDiagnostics","LinuxDiagnostic","MicrosoftMonitoringAgent","NetworkWatcherAgentLinux","NetworkWatcherAgentWindows","OmsAgentForLinux","VMSnapshot","VMSnapshotLinux"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"CISv110x1x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x1m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x23","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1181c5f-672a-477a-979a-7d58aa086233","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x3CISv110x7x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x5CISv110x7x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x6CISv110x7x1CISv110x7x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x9m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x13","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x14CISv110x4x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x15CISv110x4x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x16","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x17","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x18","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x19","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x4m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x5m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x6m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x7m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x10m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x11","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x13","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x14","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e442","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x15","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e446","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x16","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e8f3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x17","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{}},{"policyDefinitionReferenceId":"CISv110x6x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfRegionsWhereNetworkWatcherShouldBeEnabled'')]"}}},{"policyDefinitionReferenceId":"CISv110x7x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","parameters":{}},{"policyDefinitionReferenceId":"CISv110x7x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432","parameters":{"approvedExtensions":{"value":"[parameters(''listOfApprovedVMExtensions'')]"}}},{"policyDefinitionReferenceId":"CISv110x8x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","parameters":{}},{"policyDefinitionReferenceId":"CISv110x8x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x3m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x3mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x4m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x4mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86d97760-d216-4d81-a3ad-163087b2b6c3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x5m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0473e7a-a1ba-4e86-afb2-e829e11b01d8","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x5mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa81768c-cb87-4ce2-bfaa-00baa10d760c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c2e7ca55-f62c-49b2-89a4-d41eb661d2f0","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x6m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10c1859c-e1a7-4df3-ab97-a487fa8059f6","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x6mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/843664e0-7563-41ee-a9cb-7522c382d2c4","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x7m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ab965db2-d2bf-4b64-8b39-c38ec8179461","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x7mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x8m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x8mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x9m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x9mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x10m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x10mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1a5bb27d-173f-493e-9568-eb56638dde4d","type":"Microsoft.Authorization/policySetDefinitions","name":"1a5bb27d-173f-493e-9568-eb56638dde4d"},{"properties":{"displayName":"[Preview]:
Enable Monitoring in Azure Security Center","policyType":"BuiltIn","description":"Monitor
all the available security recommendations in Azure Security Center. This
is the default policy for Azure Security Center.","metadata":{"category":"Security
@@ -1539,7 +1849,7 @@ interactions:
retention (in days) for logs in Batch accounts","description":"The required
diagnostic logs retention period in days"},"defaultValue":"365"},"metricAlertsInBatchAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Metric
alert rules should be configured on Batch accounts","description":"Enable
- or disable the monitoring of metric alerts in Batch accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"classicComputeVMsMonitoringEffect":{"type":"String","metadata":{"displayName":"Virtual
+ or disable the monitoring of metric alerts in Batch accounts","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"classicComputeVMsMonitoringEffect":{"type":"String","metadata":{"displayName":"Virtual
machines should be migrated to new Azure Resource Manager resources","description":"Enable
or disable the monitoring of classic compute VMs"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"classicStorageAccountsMonitoringEffect":{"type":"String","metadata":{"displayName":"Storage
accounts should be migrated to new Azure Resource Manager resources","description":"Enable
@@ -1638,7 +1948,25 @@ interactions:
debugging should be turned off for Function App","description":"Enable or
disable the monitoring of remote debugging for Function App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppDisableRemoteDebuggingMonitoringEffect":{"type":"String","metadata":{"displayName":"Remote
debugging should be turned off for Web Application","description":"Enable
- or disable the monitoring of remote debugging for Web App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppDisableWebSocketsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
+ or disable the monitoring of remote debugging for Web App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppAuditFtpsMonitoringEffect":{"type":"String","metadata":{"displayName":"FTPS
+ should be required in your API App","description":"Enable FTPS enforcement
+ for enhanced security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"functionAppAuditFtpsMonitoringEffect":{"type":"String","metadata":{"displayName":"FTPS
+ should be required in your Function App","description":"Enable FTPS enforcement
+ for enhanced security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppAuditFtpsMonitoringEffect":{"type":"String","metadata":{"displayName":"FTPS
+ should be required in your Web App","description":"Enable FTPS enforcement
+ for enhanced security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppUseManagedIdentityMonitoringEffect":{"type":"String","metadata":{"displayName":"A
+ managed identity should be used in your API App","description":"Use a managed
+ identity for enhanced authentication security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"functionAppUseManagedIdentityMonitoringEffect":{"type":"String","metadata":{"displayName":"A
+ managed identity should be used in your Function App","description":"Use a
+ managed identity for enhanced authentication security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppUseManagedIdentityMonitoringEffect":{"type":"String","metadata":{"displayName":"A
+ managed identity should be used in your Web App","description":"Use a managed
+ identity for enhanced authentication security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppRequireLatestTlsMonitoringEffect":{"type":"String","metadata":{"displayName":"Latest
+ TLS version should be used in your API App","description":"Upgrade to the
+ latest TLS version"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"functionAppRequireLatestTlsMonitoringEffect":{"type":"String","metadata":{"displayName":"Latest
+ TLS version should be used in your Function App","description":"Upgrade to
+ the latest TLS version"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppRequireLatestTlsMonitoringEffect":{"type":"String","metadata":{"displayName":"Latest
+ TLS version should be used in your Web App","description":"Upgrade to the
+ latest TLS version"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppDisableWebSocketsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
disable web sockets for API App","description":"[Deprecated] Enable or disable
the monitoring of web sockets for API App","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"functionAppDisableWebSocketsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
disable web sockets for Function App","description":"[Deprecated] Enable or
@@ -1764,7 +2092,11 @@ interactions:
and control over the TDE Protector, increased security with an HSM-backed
external service, and promotion of separation of duties."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"containerBenchmarkMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities
in container security configurations should be remediated","description":"Enable
- or disable container benchmark monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssEndpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{"effect":{"value":"[parameters(''vmssEndpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInIoTHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInIoTHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInIoTHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceFabricMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"accessRulesInEventHubNamespaceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","parameters":{"effect":{"value":"[parameters(''accessRulesInEventHubNamespaceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"accessRulesInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d","parameters":{"effect":{"value":"[parameters(''accessRulesInEventHubMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"useRbacRulesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{"effect":{"value":"[parameters(''useRbacRulesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInStreamAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"secureTransferToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''secureTransferToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInSqlServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInSqlServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"namespaceAuthorizationRulesInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","parameters":{"effect":{"value":"[parameters(''namespaceAuthorizationRulesInServiceBusMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceBusMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInServiceBusRetentionDays'')]"}}},{"policyDefinitionReferenceId":"clusterProtectionLevelInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{"effect":{"value":"[parameters(''clusterProtectionLevelInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInSearchServiceRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInRedisCacheMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInRedisCacheMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInLogicAppsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInLogicAppsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInLogicAppsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInKeyVaultMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInKeyVaultMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInKeyVaultRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInEventHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInEventHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeStoreMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"classicStorageAccountsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{"effect":{"value":"[parameters(''classicStorageAccountsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"classicComputeVMsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''classicComputeVMsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"metricAlertsInBatchAccountPoolDeleteStart","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","parameters":{"effect":{"value":"[parameters(''metricAlertsInBatchAccountMonitoringEffect'')]"},"metricName":{"value":"PoolDeleteStartEvent"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInBatchAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInBatchAccountMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInBatchAccountRetentionDays'')]"}}},{"policyDefinitionReferenceId":"encryptionOfAutomationAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{"effect":{"value":"[parameters(''encryptionOfAutomationAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSelectiveAppServicesMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSelectiveAppServicesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''sqlDbEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAuditingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAuditingActionsAndGroupsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingActionsAndGroupsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"SqlServerAuditingRetentionDaysMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{"effect":{"value":"[parameters(''SqlServerAuditingRetentionDaysMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnSubnetsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnSubnetsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnVirtualMachinesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemConfigurationsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{"effect":{"value":"[parameters(''systemConfigurationsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"endpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{"effect":{"value":"[parameters(''endpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"serverVulnerabilityAssessment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''serverVulnerabilityAssessmentEffect'')]"}}},{"policyDefinitionReferenceId":"webApplicationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{"effect":{"value":"[parameters(''webApplicationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''nextGenerationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''sqlDbVulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbDataClassificationMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349","parameters":{"effect":{"value":"[parameters(''sqlDbDataClassificationMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateLessThanOwnersMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{"effect":{"value":"[parameters(''identityDesignateLessThanOwnersMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateMoreThanOneOwnerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{"effect":{"value":"[parameters(''identityDesignateMoreThanOneOwnerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''apiAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{"effect":{"value":"[parameters(''functionAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''webAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''apiAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"apiAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","parameters":{"effect":{"value":"[parameters(''apiAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5","parameters":{"effect":{"value":"[parameters(''functionAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vnetEnableDDoSProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{"effect":{"value":"[parameters(''vnetEnableDDoSProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityEmailsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityEmailsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityEmailsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityEmailsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityEmailAdminsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityEmailAdminsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceRbacEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''kubernetesServiceRbacEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServicePspEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94","parameters":{"effect":{"value":"[parameters(''kubernetesServicePspEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceVersionUpToDateMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{"effect":{"value":"[parameters(''kubernetesServiceVersionUpToDateMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceAuthorizedIPRangesEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e246bcf-5f6f-4f87-bc6f-775d4712c7ea","parameters":{"effect":{"value":"[parameters(''kubernetesServiceAuthorizedIPRangesEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"threatDetectionTypesOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{"effect":{"value":"[parameters(''threatDetectionTypesOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"threatDetectionTypesOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{"effect":{"value":"[parameters(''threatDetectionTypesOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToManagementPortsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{"effect":{"value":"[parameters(''restrictAccessToManagementPortsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToAppServicesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a833ff1-d297-4a0f-9944-888428f8e0ff","parameters":{"effect":{"value":"[parameters(''restrictAccessToAppServicesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableIPForwardingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744","parameters":{"effect":{"value":"[parameters(''disableIPForwardingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"containerBenchmarkMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{"effect":{"value":"[parameters(''containerBenchmarkMonitoringEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","type":"Microsoft.Authorization/policySetDefinitions","name":"1f3afdf9-d0c9-4c3d-847f-89da613e70a8"},{"properties":{"displayName":"Audit
+ or disable container benchmark monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"ASCDependencyAgentAuditWindowsEffect":{"type":"String","metadata":{"displayName":"Audit
+ Dependency Agent for Windows VMs monitoring","description":"Enable or disable
+ Dependency Agent for Windows VMs"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"ASCDependencyAgentAuditLinuxEffect":{"type":"String","metadata":{"displayName":"Audit
+ Dependency Agent for Linux VMs monitoring","description":"Enable or disable
+ Dependency Agent for Linux VMs"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssEndpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{"effect":{"value":"[parameters(''vmssEndpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInIoTHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInIoTHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInIoTHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceFabricMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"accessRulesInEventHubNamespaceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","parameters":{"effect":{"value":"[parameters(''accessRulesInEventHubNamespaceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"accessRulesInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d","parameters":{"effect":{"value":"[parameters(''accessRulesInEventHubMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"useRbacRulesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{"effect":{"value":"[parameters(''useRbacRulesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInStreamAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"secureTransferToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''secureTransferToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInSqlServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInSqlServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"namespaceAuthorizationRulesInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","parameters":{"effect":{"value":"[parameters(''namespaceAuthorizationRulesInServiceBusMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceBusMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInServiceBusRetentionDays'')]"}}},{"policyDefinitionReferenceId":"clusterProtectionLevelInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{"effect":{"value":"[parameters(''clusterProtectionLevelInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInSearchServiceRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInRedisCacheMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInRedisCacheMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInLogicAppsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInLogicAppsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInLogicAppsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInKeyVaultMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInKeyVaultMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInKeyVaultRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInEventHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInEventHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeStoreMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"classicStorageAccountsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{"effect":{"value":"[parameters(''classicStorageAccountsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"classicComputeVMsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''classicComputeVMsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInBatchAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInBatchAccountMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInBatchAccountRetentionDays'')]"}}},{"policyDefinitionReferenceId":"encryptionOfAutomationAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{"effect":{"value":"[parameters(''encryptionOfAutomationAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSelectiveAppServicesMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSelectiveAppServicesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''sqlDbEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAuditingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAuditingActionsAndGroupsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingActionsAndGroupsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"SqlServerAuditingRetentionDaysMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{"effect":{"value":"[parameters(''SqlServerAuditingRetentionDaysMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnSubnetsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnSubnetsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnVirtualMachinesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemConfigurationsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{"effect":{"value":"[parameters(''systemConfigurationsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"endpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{"effect":{"value":"[parameters(''endpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"serverVulnerabilityAssessment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''serverVulnerabilityAssessmentEffect'')]"}}},{"policyDefinitionReferenceId":"webApplicationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{"effect":{"value":"[parameters(''webApplicationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''nextGenerationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''sqlDbVulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbDataClassificationMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349","parameters":{"effect":{"value":"[parameters(''sqlDbDataClassificationMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateLessThanOwnersMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{"effect":{"value":"[parameters(''identityDesignateLessThanOwnersMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateMoreThanOneOwnerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{"effect":{"value":"[parameters(''identityDesignateMoreThanOneOwnerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''apiAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{"effect":{"value":"[parameters(''functionAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''webAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppAuditFtpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5","parameters":{"effect":{"value":"[parameters(''apiAppAuditFtpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppAuditFtpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","parameters":{"effect":{"value":"[parameters(''webAppAuditFtpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppAuditFtpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15","parameters":{"effect":{"value":"[parameters(''functionAppAuditFtpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppUseManagedIdentityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","parameters":{"effect":{"value":"[parameters(''apiAppUseManagedIdentityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppUseManagedIdentityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332","parameters":{"effect":{"value":"[parameters(''webAppUseManagedIdentityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppUseManagedIdentityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f","parameters":{"effect":{"value":"[parameters(''functionAppUseManagedIdentityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{"effect":{"value":"[parameters(''apiAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{"effect":{"value":"[parameters(''webAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{"effect":{"value":"[parameters(''functionAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''apiAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"apiAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","parameters":{"effect":{"value":"[parameters(''apiAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5","parameters":{"effect":{"value":"[parameters(''functionAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vnetEnableDDoSProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{"effect":{"value":"[parameters(''vnetEnableDDoSProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityEmailsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityEmailsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityEmailsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityEmailsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityEmailAdminsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityEmailAdminsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceRbacEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''kubernetesServiceRbacEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServicePspEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94","parameters":{"effect":{"value":"[parameters(''kubernetesServicePspEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceVersionUpToDateMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{"effect":{"value":"[parameters(''kubernetesServiceVersionUpToDateMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceAuthorizedIPRangesEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e246bcf-5f6f-4f87-bc6f-775d4712c7ea","parameters":{"effect":{"value":"[parameters(''kubernetesServiceAuthorizedIPRangesEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"threatDetectionTypesOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{"effect":{"value":"[parameters(''threatDetectionTypesOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"threatDetectionTypesOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{"effect":{"value":"[parameters(''threatDetectionTypesOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToManagementPortsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{"effect":{"value":"[parameters(''restrictAccessToManagementPortsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToAppServicesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a833ff1-d297-4a0f-9944-888428f8e0ff","parameters":{"effect":{"value":"[parameters(''restrictAccessToAppServicesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableIPForwardingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744","parameters":{"effect":{"value":"[parameters(''disableIPForwardingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"containerBenchmarkMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{"effect":{"value":"[parameters(''containerBenchmarkMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ASCDependencyAgentAuditWindowsEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2f2ee1de-44aa-4762-b6bd-0893fc3f306d","parameters":{"effect":{"value":"[parameters(''ASCDependencyAgentAuditWindowsEffect'')]"}}},{"policyDefinitionReferenceId":"ASCDependencyAgentAuditLinuxEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/04c4380f-3fae-46e8-96c9-30193528f602","parameters":{"effect":{"value":"[parameters(''ASCDependencyAgentAuditLinuxEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","type":"Microsoft.Authorization/policySetDefinitions","name":"1f3afdf9-d0c9-4c3d-847f-89da613e70a8"},{"properties":{"displayName":"Audit
Windows VMs that do not have the specified applications installed","policyType":"BuiltIn","description":"This
initiative deploys the policy requirements and audits Windows virtual machines
that do not have the specified applications installed. For more information
@@ -1780,7 +2112,7 @@ interactions:
Additional policies will be added in upcoming releases. For more information,
please visit https://aka.ms/ukofficial-blueprint and https://aka.ms/uknhs-blueprint","metadata":{"category":"Regulatory
Compliance"},"parameters":{"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"List
- of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmEtcPasswdFilePermissionsAreSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnauditedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVmDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorVmVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"AuditEnablementOfEncryptionOfAutomationAccountVariables","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{}},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"AuditTheSettingOfClusterprotectionlevelPropertyToEncryptandsignInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{}},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditVMsThatDoNotUseManagedDisks","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/3937f550-eedd-4639-9c5e-294358be442e","type":"Microsoft.Authorization/policySetDefinitions","name":"3937f550-eedd-4639-9c5e-294358be442e"},{"properties":{"displayName":"[Preview]:
+ of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmEtcPasswdFilePermissionsAreSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"DeployPrerequisitesAuditLinuxVmEtcPasswdFilePermissionsAreSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnauditedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVmDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorVmVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"AuditEnablementOfEncryptionOfAutomationAccountVariables","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{}},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AuditTheSettingOfClusterprotectionlevelPropertyToEncryptandsignInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditVMsThatDoNotUseManagedDisks","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{}},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{}},{"policyDefinitionReferenceId":"AuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"AuditVulnerabilityAssessmentShouldBeEnabledOnSQLServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{}},{"policyDefinitionReferenceId":"AuditVulnerabilityAssessmentShouldBeEnabledOnSQLManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"AudtiAdvancedThreatProtectionTypesAllInSQLManagedInstanceAdvancedDataSecuritySettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{}},{"policyDefinitionReferenceId":"AudtiAdvancedThreatProtectionTypesAllInSQLServerAdvancedDataSecuritySettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{}},{"policyDefinitionReferenceId":"TheNsGsRulesForWebApplicationsOnIaaSShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"MonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"MonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"AuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"MonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingsScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/3937f550-eedd-4639-9c5e-294358be442e","type":"Microsoft.Authorization/policySetDefinitions","name":"3937f550-eedd-4639-9c5e-294358be442e"},{"properties":{"displayName":"[Preview]:
Audit SWIFT CSP-CSCF v2020 controls and deploy specific VM Extensions to support
audit requirements","policyType":"BuiltIn","description":"This initiative
includes audit and VM Extension deployment policies that address a subset
@@ -1963,6 +2295,196 @@ interactions:
machines with older versions on which Windows Defender Exploit Guard is not
available (such as Windows Server 2012 R2) non-compliant. Setting this value
to ''Compliant'' will make these machines compliant."},"allowedValues":["Compliant","Non-Compliant"],"defaultValue":"Non-Compliant"}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_WindowsDefenderExploitGuard","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a7a2bcf-f9be-4e35-9734-4f9657a70f1d","parameters":{"NotAvailableMachineState":{"value":"[parameters(''NotAvailableMachineState'')]"}}},{"policyDefinitionReferenceId":"Audit_WindowsDefenderExploitGuard","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/9d2fd8e6-95c8-410d-add0-43ada4241574","type":"Microsoft.Authorization/policySetDefinitions","name":"9d2fd8e6-95c8-410d-add0-43ada4241574"},{"properties":{"displayName":"Audit
+ HITRUST/HIPAA controls and deploy specific VM Extensions to support audit
+ requirements","policyType":"BuiltIn","description":"This initiative includes
+ policies that address a subset of HITRUST/HIPAA controls. Additional policies
+ will be added in upcoming releases. https://aka.ms/hipaa-blueprint","metadata":{"category":"Regulatory
+ Compliance"},"parameters":{"installedApplicationsOnWindowsVM":{"type":"String","metadata":{"displayName":"Application
+ names (supports wildcards)","description":"A semicolon-separated list of the
+ names of the applications that should be installed. e.g. ''Microsoft SQL Server
+ 2014 (64-bit); Microsoft Visual Studio Code'' or ''Microsoft SQL Server 2014*''
+ (to match any application starting with ''Microsoft SQL Server 2014'')"}},"DeployDiagnosticSettingsforNetworkSecurityGroupsstoragePrefix":{"type":"String","metadata":{"displayName":"Storage
+ Account Prefix for Regional Storage Account to deploy diagnostic settings
+ for Network Security Groups","description":"This prefix will be combined with
+ the network security group location to form the created storage account name."}},"DeployDiagnosticSettingsforNetworkSecurityGroupsrgName":{"type":"String","metadata":{"displayName":"Resource
+ Group Name for Storage Account (must exist) to deploy diagnostic settings
+ for Network Security Groups","description":"The resource group that the storage
+ account will be created in. This resource group must already exist.","strongType":"ExistingResourceGroups"}},"diagnosticsLogsInBatchAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Batch accounts should be enabled","description":"Enable or disable
+ the monitoring of diagnostic logs in Batch accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInBatchAccountRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (in days) for logs in Batch accounts","description":"The required
+ diagnostic logs retention period in days"},"defaultValue":"365"},"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect":{"type":"String","metadata":{"displayName":"SQL
+ managed instance TDE protector should be encrypted with your own key","description":"Enable
+ or disable the monitoring of Transparent Data Encryption (TDE) with your own
+ key support. TDE with your own key support provides increased transparency
+ and control over the TDE Protector, increased security with an HSM-backed
+ external service, and promotion of separation of duties."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diskEncryptionMonitoringEffect":{"type":"String","metadata":{"displayName":"Disk
+ encryption should be applied on virtual machines","description":"Enable or
+ disable the monitoring for VM disk encryption"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInSearchServiceMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Search services should be enabled","description":"Enable or disable
+ the monitoring of diagnostic logs in Azure Search service"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInSearchServiceRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (in days) of logs in Azure Search service","description":"The required
+ diagnostic logs retention period in days"},"defaultValue":"365"},"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerability
+ assessment should be enabled on your SQL managed instances","description":"Audit
+ SQL managed instances which do not have recurring vulnerability assessment
+ scans enabled. Vulnerability assessment can discover, track, and help you
+ remediate potential database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vulnerabilityAssesmentMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities
+ should be remediated by a Vulnerability Assessment solution","description":"Enable
+ or disable the detection of VM vulnerabilities by a vulnerability assessment
+ solution"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"EnableInsecureGuestLogons":{"type":"String","metadata":{"displayName":"Enable
+ insecure guest logons","description":"Specifies whether the SMB client will
+ allow insecure guest logons to an SMB server."},"defaultValue":"0"},"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain":{"type":"String","metadata":{"displayName":"Allow
+ simultaneous connections to the Internet or a Windows Domain","description":"Specify
+ whether to prevent computers from connecting to both a domain based network
+ and a non-domain based network at the same time. A value of 0 allows simultaneous
+ connections, and a value of 1 blocks them."},"defaultValue":"1"},"TurnOffMulticastNameResolution":{"type":"String","metadata":{"displayName":"Turn
+ off multicast name resolution","description":"Specifies whether LLMNR, a secondary
+ name resolution protocol that transmits using multicast over a local subnet
+ link on a single subnet, is enabled."},"defaultValue":"1"},"nextGenerationFirewallMonitoringEffect":{"type":"String","metadata":{"displayName":"Access
+ through Internet facing endpoint should be restricted","description":"Enable
+ or disable overly permissive inbound NSG rules monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect":{"type":"String","metadata":{"displayName":"SQL
+ server TDE protector should be encrypted with your own key","description":"Enable
+ or disable the monitoring of Transparent Data Encryption (TDE) with your own
+ key support. TDE with your own key support provides increased transparency
+ and control over the TDE Protector, increased security with an HSM-backed
+ external service, and promotion of separation of duties."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppDisableRemoteDebuggingMonitoringEffect":{"type":"String","metadata":{"displayName":"Remote
+ debugging should be turned off for API App","description":"Enable or disable
+ the monitoring of remote debugging for API App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"classicComputeVMsMonitoringEffect":{"type":"String","metadata":{"displayName":"Virtual
+ machines should be migrated to new Azure Resource Manager resources","description":"Enable
+ or disable the monitoring of classic compute VMs"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"disableUnrestrictedNetworkToStorageAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Audit
+ unrestricted network access to storage accounts","description":"Enable or
+ disable the monitoring of network access to storage account"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"adaptiveApplicationControlsMonitoringEffect":{"type":"String","metadata":{"displayName":"Adaptive
+ Application Controls should be enabled on virtual machines","description":"Enable
+ or disable the monitoring of application whitelisting in Azure Security Center"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"NetworkAccessRemotelyAccessibleRegistryPaths":{"type":"String","metadata":{"displayName":"Network
+ access: Remotely accessible registry paths","description":"Specifies which
+ registry paths will be accessible over the network, regardless of the users
+ or groups listed in the access control list (ACL) of the `winreg` registry
+ key."},"defaultValue":"System\\CurrentControlSet\\Control\\ProductOptions|#|System\\CurrentControlSet\\Control\\Server
+ Applications|#|Software\\Microsoft\\Windows NT\\CurrentVersion"},"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths":{"type":"String","metadata":{"displayName":"Network
+ access: Remotely accessible registry paths and sub-paths","description":"Specifies
+ which registry paths and sub-paths will be accessible over the network, regardless
+ of the users or groups listed in the access control list (ACL) of the `winreg`
+ registry key."},"defaultValue":"System\\CurrentControlSet\\Control\\Print\\Printers|#|System\\CurrentControlSet\\Services\\Eventlog|#|Software\\Microsoft\\OLAP
+ Server|#|Software\\Microsoft\\Windows NT\\CurrentVersion\\Print|#|Software\\Microsoft\\Windows
+ NT\\CurrentVersion\\Windows|#|System\\CurrentControlSet\\Control\\ContentIndex|#|System\\CurrentControlSet\\Control\\Terminal
+ Server|#|System\\CurrentControlSet\\Control\\Terminal Server\\UserConfig|#|System\\CurrentControlSet\\Control\\Terminal
+ Server\\DefaultUserConfiguration|#|Software\\Microsoft\\Windows NT\\CurrentVersion\\Perflib|#|System\\CurrentControlSet\\Services\\SysmonLog"},"NetworkAccessSharesThatCanBeAccessedAnonymously":{"type":"String","metadata":{"displayName":"Network
+ access: Shares that can be accessed anonymously","description":"Specifies
+ which network shares can be accessed by anonymous users. The default configuration
+ for this policy setting has little effect because all users have to be authenticated
+ before they can access shared resources on the server."},"defaultValue":"0"},"webAppDisableRemoteDebuggingMonitoringEffect":{"type":"String","metadata":{"displayName":"Remote
+ debugging should be turned off for Web Application","description":"Enable
+ or disable the monitoring of remote debugging for Web App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppEnforceHttpsMonitoringEffectV2":{"type":"String","metadata":{"displayName":"API
+ App should only be accessible over HTTPS V2","description":"Enable or disable
+ the monitoring of the use of HTTPS in API App V2"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"identityEnableMFAForWritePermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled accounts with write permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with write permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"jitNetworkAccessMonitoringEffect":{"type":"String","metadata":{"displayName":"Just-In-Time
+ network access control should be applied on virtual machines","description":"Enable
+ or disable the monitoring of network just In time access"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled on accounts with owner permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with owner permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"kubernetesServiceRbacEnabledMonitoringEffect":{"type":"String","metadata":{"displayName":"Role-Based
+ Access Control (RBAC) should be used on Kubernetes Services","description":"Enable
+ or disable the monitoring of Kubernetes Services without RBAC enabled"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"restrictAccessToManagementPortsMonitoringEffect":{"type":"String","metadata":{"displayName":"Management
+ ports should be closed on your virtual machines","description":"Enable or
+ disable the monitoring of open management ports on Virtual Machines"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vmssOsVulnerabilitiesMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities
+ in security configuration on your virtual machine scale sets should be remediated","description":"Enable
+ or disable virtual machine scale sets OS vulnerabilities monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInEventHubMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Event Hub should be enabled","description":"Enable or disable the
+ monitoring of diagnostic logs in Event Hub accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInEventHubRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (in days) of logs in Event Hub accounts","description":"The required
+ diagnostic logs retention period in days"},"defaultValue":"365"},"vmssSystemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"System
+ updates on virtual machine scale sets should be installed","description":"Enable
+ or disable virtual machine scale sets reporting of system updates"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInServiceFabricMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Virtual Machine Scale Sets should be enabled","description":"Enable
+ or disable the monitoring of diagnostic logs in Service Fabric"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"systemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"System
+ updates should be installed on your machines","description":"Enable or disable
+ reporting of system updates"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"DeployAzureBaselineSecurityOptionsAccountsAccountsGuestAccountStatus":{"type":"String","metadata":{"displayName":"Accounts:
+ Guest account status","description":"Specifies whether the local Guest account
+ is disabled."},"defaultValue":"0"},"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"type":"String","metadata":{"displayName":"Recovery
+ console: Allow floppy copy and access to all drives and all folders","description":"Specifies
+ whether to make the Recovery Console SET command available, which allows setting
+ of recovery console environment variables."},"defaultValue":"0"},"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"type":"String","metadata":{"displayName":"Audit:
+ Shut down system immediately if unable to log security audits","description":"Audits
+ if the system will shut down when unable to log Security events."},"defaultValue":"0"},"DeployAzureBaselineSystemAuditPoliciesDetailedTrackingAuditProcessTermination":{"type":"String","metadata":{"displayName":"Audit
+ Process Termination","description":"Specifies whether audit events are generated
+ when a process has exited. Recommended for monitoring termination of critical
+ processes."},"allowedValues":["No Auditing","Success","Failure","Success and
+ Failure"],"defaultValue":"No Auditing"},"WindowsFirewallDomainUseProfileSettings":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Use profile settings","description":"Specifies whether
+ Windows Firewall with Advanced Security uses the settings for the Domain profile
+ to filter network traffic. If you select Off, Windows Firewall with Advanced
+ Security will not use any of the firewall rules or connection security rules
+ for this profile."},"defaultValue":"1"},"WindowsFirewallDomainBehaviorForOutboundConnections":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Behavior for outbound connections","description":"Specifies
+ the behavior for outbound connections for the Domain profile that do not match
+ an outbound firewall rule. The default value of 0 means to allow connections,
+ and a value of 1 means to block connections."},"defaultValue":"0"},"WindowsFirewallDomainApplyLocalConnectionSecurityRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Apply local connection security rules","description":"Specifies
+ whether local administrators are allowed to create connection security rules
+ that apply together with connection security rules configured by Group Policy
+ for the Domain profile."},"defaultValue":"1"},"WindowsFirewallDomainApplyLocalFirewallRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Apply local firewall rules","description":"Specifies whether
+ local administrators are allowed to create local firewall rules that apply
+ together with firewall rules configured by Group Policy for the Domain profile."},"defaultValue":"1"},"WindowsFirewallDomainDisplayNotifications":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Display notifications","description":"Specifies whether
+ Windows Firewall with Advanced Security displays notifications to the user
+ when a program is blocked from receiving inbound connections, for the Domain
+ profile."},"defaultValue":"1"},"WindowsFirewallPrivateUseProfileSettings":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Use profile settings","description":"Specifies whether
+ Windows Firewall with Advanced Security uses the settings for the Private
+ profile to filter network traffic. If you select Off, Windows Firewall with
+ Advanced Security will not use any of the firewall rules or connection security
+ rules for this profile."},"defaultValue":"1"},"WindowsFirewallPrivateBehaviorForOutboundConnections":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Behavior for outbound connections","description":"Specifies
+ the behavior for outbound connections for the Private profile that do not
+ match an outbound firewall rule. The default value of 0 means to allow connections,
+ and a value of 1 means to block connections."},"defaultValue":"0"},"WindowsFirewallPrivateApplyLocalConnectionSecurityRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Apply local connection security rules","description":"Specifies
+ whether local administrators are allowed to create connection security rules
+ that apply together with connection security rules configured by Group Policy
+ for the Private profile."},"defaultValue":"1"},"WindowsFirewallPrivateApplyLocalFirewallRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Apply local firewall rules","description":"Specifies whether
+ local administrators are allowed to create local firewall rules that apply
+ together with firewall rules configured by Group Policy for the Private profile."},"defaultValue":"1"},"WindowsFirewallPrivateDisplayNotifications":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Display notifications","description":"Specifies whether
+ Windows Firewall with Advanced Security displays notifications to the user
+ when a program is blocked from receiving inbound connections, for the Private
+ profile."},"defaultValue":"1"},"WindowsFirewallPublicUseProfileSettings":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Use profile settings","description":"Specifies whether
+ Windows Firewall with Advanced Security uses the settings for the Public profile
+ to filter network traffic. If you select Off, Windows Firewall with Advanced
+ Security will not use any of the firewall rules or connection security rules
+ for this profile."},"defaultValue":"1"},"WindowsFirewallPublicBehaviorForOutboundConnections":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Behavior for outbound connections","description":"Specifies
+ the behavior for outbound connections for the Public profile that do not match
+ an outbound firewall rule. The default value of 0 means to allow connections,
+ and a value of 1 means to block connections."},"defaultValue":"0"},"WindowsFirewallPublicApplyLocalConnectionSecurityRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Apply local connection security rules","description":"Specifies
+ whether local administrators are allowed to create connection security rules
+ that apply together with connection security rules configured by Group Policy
+ for the Public profile."},"defaultValue":"1"},"WindowsFirewallPublicApplyLocalFirewallRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Apply local firewall rules","description":"Specifies whether
+ local administrators are allowed to create local firewall rules that apply
+ together with firewall rules configured by Group Policy for the Public profile."},"defaultValue":"1"},"WindowsFirewallPublicDisplayNotifications":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Display notifications","description":"Specifies whether
+ Windows Firewall with Advanced Security displays notifications to the user
+ when a program is blocked from receiving inbound connections, for the Public
+ profile."},"defaultValue":"1"},"WindowsFirewallDomainAllowUnicastResponse":{"type":"String","metadata":{"displayName":"Windows
+ Firewall: Domain: Allow unicast response","description":"Specifies whether
+ Windows Firewall with Advanced Security permits the local computer to receive
+ unicast responses to its outgoing multicast or broadcast messages; for the
+ Domain profile."},"defaultValue":"0"},"WindowsFirewallPrivateAllowUnicastResponse":{"type":"String","metadata":{"displayName":"Windows
+ Firewall: Private: Allow unicast response","description":"Specifies whether
+ Windows Firewall with Advanced Security permits the local computer to receive
+ unicast responses to its outgoing multicast or broadcast messages; for the
+ Private profile."},"defaultValue":"0"},"WindowsFirewallPublicAllowUnicastResponse":{"type":"String","metadata":{"displayName":"Windows
+ Firewall: Public: Allow unicast response","description":"Specifies whether
+ Windows Firewall with Advanced Security permits the local computer to receive
+ unicast responses to its outgoing multicast or broadcast messages; for the
+ Public profile."},"defaultValue":"1"},"CertificateThumbprints":{"type":"String","metadata":{"displayName":"Certificate
+ thumbprints","description":"A semicolon-separated list of certificate thumbprints
+ that should exist under the Trusted Root certificate store (Cert:\\LocalMachine\\Root).
+ e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"DeploydefaultMicrosoftIaaSAntimalwareextensionforWindowsServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc","parameters":{}},{"policyDefinitionReferenceId":"diagnosticsLogsInBatchAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInBatchAccountMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInBatchAccountRetentionDays'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"RequireencryptiononDataLakeStoreaccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a","parameters":{}},{"policyDefinitionReferenceId":"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"AuditSQLTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"Deploy_InstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6","parameters":{"installedApplication":{"value":"[parameters(''installedApplicationsOnWindowsVM'')]"}}},{"policyDefinitionReferenceId":"Audit_InstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9","parameters":{}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21e2995e-683e-497a-9e81-2f42ad07050a","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/498b810c-59cd-4222-9338-352ba146ccf3","parameters":{"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"value":"[parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SystemAuditPoliciesAccountManagement","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/225e937e-d32e-4713-ab74-13ce95b3519a","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SystemAuditPoliciesAccountManagement","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29","parameters":{}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SystemAuditPoliciesDetailedTracking","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9a33475-481d-4b81-9116-0bf02ffe67e8","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SystemAuditPoliciesDetailedTracking","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/42a07bbf-ffcf-459a-b4b1-30ecd118a505","parameters":{"AuditProcessTermination":{"value":"[parameters(''DeployAzureBaselineSystemAuditPoliciesDetailedTrackingAuditProcessTermination'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInSearchServiceRetentionDays'')]"}}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsMicrosoftNetworkServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6fe4ef56-7576-4dc4-8e9c-26bad4b087ce","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsMicrosoftNetworkServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86880e5c-df35-43c5-95ad-7e120635775e","parameters":{}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_AdministrativeTemplatesNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7229bd6a-693d-478a-87f0-1dc1af06f3b8","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_AdministrativeTemplatesNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/985285b7-b97a-419c-8d48-c88cc934c8d8","parameters":{"EnableInsecureGuestLogons":{"value":"[parameters(''EnableInsecureGuestLogons'')]"},"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain":{"value":"[parameters(''AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain'')]"},"TurnOffMulticastNameResolution":{"value":"[parameters(''TurnOffMulticastNameResolution'')]"}}},{"policyDefinitionReferenceId":"Deploynetworkwatcherwhenvirtualnetworksarecreated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9","parameters":{}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_WindowsFirewallProperties","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8bbd627e-4d25-4906-9a6e-3789780af3ec","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_WindowsFirewallProperties","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/909c958d-1b99-4c74-b88f-46a5c5bc34f9","parameters":{"WindowsFirewallDomainUseProfileSettings":{"value":"[parameters(''WindowsFirewallDomainUseProfileSettings'')]"},"WindowsFirewallDomainBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallDomainBehaviorForOutboundConnections'')]"},"WindowsFirewallDomainApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallDomainApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalFirewallRules'')]"},"WindowsFirewallDomainDisplayNotifications":{"value":"[parameters(''WindowsFirewallDomainDisplayNotifications'')]"},"WindowsFirewallPrivateUseProfileSettings":{"value":"[parameters(''WindowsFirewallPrivateUseProfileSettings'')]"},"WindowsFirewallPrivateBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPrivateBehaviorForOutboundConnections'')]"},"WindowsFirewallPrivateApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallPrivateApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalFirewallRules'')]"},"WindowsFirewallPrivateDisplayNotifications":{"value":"[parameters(''WindowsFirewallPrivateDisplayNotifications'')]"},"WindowsFirewallPublicUseProfileSettings":{"value":"[parameters(''WindowsFirewallPublicUseProfileSettings'')]"},"WindowsFirewallPublicBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPublicBehaviorForOutboundConnections'')]"},"WindowsFirewallPublicApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallPublicApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalFirewallRules'')]"},"WindowsFirewallPublicDisplayNotifications":{"value":"[parameters(''WindowsFirewallPublicDisplayNotifications'')]"},"WindowsFirewallDomainAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallDomainAllowUnicastResponse'')]"},"WindowsFirewallPrivateAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPrivateAllowUnicastResponse'')]"},"WindowsFirewallPublicAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPublicAllowUnicastResponse'')]"}}},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''nextGenerationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''apiAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"classicComputeVMsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''classicComputeVMsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"DeployDiagnosticSettingsforNetworkSecurityGroups","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89","parameters":{"storagePrefix":{"value":"[parameters(''DeployDiagnosticSettingsforNetworkSecurityGroupsstoragePrefix'')]"},"rgName":{"value":"[parameters(''DeployDiagnosticSettingsforNetworkSecurityGroupsrgName'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsNetworkAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30040dab-4e75-4456-8273-14b8f75d91d9","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsNetworkAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f56a3ab2-89d1-44de-ac0d-2ada5962e22a","parameters":{"NetworkAccessRemotelyAccessibleRegistryPaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPaths'')]"},"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths'')]"},"NetworkAccessSharesThatCanBeAccessedAnonymously":{"value":"[parameters(''NetworkAccessSharesThatCanBeAccessedAnonymously'')]"}}},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''webAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"AuditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"Audit_WindowsCertificateInTrustedRoot","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b9ad83-000d-4dc1-bff0-6d54533dd03f","parameters":{}},{"policyDefinitionReferenceId":"Deploy_WindowsCertificateInTrustedRoot","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/106ccbe4-a791-4f33-a44a-06796944b8d5","parameters":{"CertificateThumbprints":{"value":"[parameters(''CertificateThumbprints'')]"}}},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''apiAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceRbacEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''kubernetesServiceRbacEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b872a447-cc6f-43b9-bccf-45703cd81607","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e5b81f87-9185-4224-bf00-9f505e9f89f3","parameters":{"AccountsGuestAccountStatus":{"value":"[parameters(''DeployAzureBaselineSecurityOptionsAccountsAccountsGuestAccountStatus'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToManagementPortsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{"effect":{"value":"[parameters(''restrictAccessToManagementPortsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInEventHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInEventHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceFabricMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsRecoveryconsole","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b"},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsRecoveryconsole","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b","parameters":{"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/a169a624-5599-4385-a696-c8d643089fab","type":"Microsoft.Authorization/policySetDefinitions","name":"a169a624-5599-4385-a696-c8d643089fab"},{"properties":{"displayName":"Audit
Windows Server VMs on which Windows Serial Console is not enabled","policyType":"BuiltIn","description":"This
initiative deploys the policy requirements and audits Windows Server virtual
machines on which Windows Serial Console is not enabled. For more information
@@ -2061,7 +2583,81 @@ interactions:
Analytics workspace ID for VM agent reporting"}},"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"List
of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"listOfMembersToExcludeFromWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"List
of users excluded from Windows VM Administrators group"}},"listOfMembersToIncludeInWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"List
- of users that must be included in Windows VM Administrators group"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditCORSResourceAccessRestrictionsForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentMImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVMSSVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceforVMPreviewReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdforVMreporting'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditMaximumNumberOfOwnersForASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditMinimumNumberOfOwnersForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"PreviewAudiThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVMDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorVMVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"AuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de","parameters":{}},{"policyDefinitionReferenceId":"AuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a","parameters":{}},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingsScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{}},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","parameters":{"MembersToExclude":{"value":"[parameters(''listOfMembersToExcludeFromWindowsVMAdministratorsGroup'')]"}}},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","parameters":{"MembersToInclude":{"value":"[parameters(''listOfMembersToIncludeInWindowsVMAdministratorsGroup'')]"}}},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{}},{"policyDefinitionReferenceId":"TheNsGsRulesForWebApplicationsOnIaaSShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f","type":"Microsoft.Authorization/policySetDefinitions","name":"cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f"},{"properties":{"displayName":"[Preview]:
+ of users that must be included in Windows VM Administrators group"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(2)"]},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"PreviewAuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewAuditCORSResourceAccessRestrictionsForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4"]},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentMImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVMSSVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceforVMPreviewReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdforVMreporting'')]"}},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditMaximumNumberOfOwnersForASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"PreviewAuditMinimumNumberOfOwnersForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-5"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAudiThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3","NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3","NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(2)","NIST_SP_800-53_R4_CM-7(5)","NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"PreviewMonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)","NIST_SP_800-53_R4_SC-7(3)","NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVMDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"PreviewMonitorVMVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}},"groupNames":["NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-16","NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SC-28(1)","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-16","NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SC-28(1)","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"AuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"AuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingsScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)","NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","parameters":{"MembersToExclude":{"value":"[parameters(''listOfMembersToExcludeFromWindowsVMAdministratorsGroup'')]"}},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","parameters":{"MembersToInclude":{"value":"[parameters(''listOfMembersToIncludeInWindowsVMAdministratorsGroup'')]"}},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"TheNsGsRulesForWebApplicationsOnIaaSShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1000","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ef3cc79-733e-48ed-ab6f-7bf439e9b406","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-1"]},{"policyDefinitionReferenceId":"ACF1001","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e26f8c3-4bf3-4191-b8fc-d888805101b7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-1"]},{"policyDefinitionReferenceId":"ACF1002","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/632024c2-8079-439d-a7f6-90af1d78cc65","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1003","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b68b179-3704-4ff7-b51d-7d65374d165d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1004","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c17822dc-736f-4eb4-a97d-e6be662ff835","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1005","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b626abc-26d4-4e22-9de8-3831818526b1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1006","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aae8d54c-4bce-4c04-b3aa-5b65b67caac8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1007","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17200329-bf6c-46d8-ac6d-abf4641c2add","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1008","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8356cfc6-507a-4d20-b818-08038011cd07","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1009","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b26f8610-e615-47c2-abd6-c00b2b0b503a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1010","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/784663a8-1eb0-418a-a98c-24d19bc1bb62","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1011","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7e6a54f3-883f-43d5-87c4-172dfd64a1f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1012","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/efd7b9ae-1db6-4eb6-b0fe-87e6565f9738","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1013","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fd7b917-d83b-4379-af60-51e14e316c61","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(1)"]},{"policyDefinitionReferenceId":"ACF1014","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5dee936c-8037-4df1-ab35-6635733da48c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(2)"]},{"policyDefinitionReferenceId":"ACF1015","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/544a208a-9c3f-40bc-b1d1-d7e144495c14","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(3)"]},{"policyDefinitionReferenceId":"ACF1016","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d8b43277-512e-40c3-ab00-14b3b6e72238","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(4)"]},{"policyDefinitionReferenceId":"ACF1017","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0fc3db37-e59a-48c1-84e9-1780cedb409e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(5)"]},{"policyDefinitionReferenceId":"ACF1018","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9121abf-e698-4ee9-b1cf-71ee528ff07f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1019","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a3ee9b2-3977-459c-b8ce-2db583abd9f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1020","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b291ee8-3140-4cad-beb7-568c077c78ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1021","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a3eb0a3-428d-4669-baff-20a14eb4b551","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(9)"]},{"policyDefinitionReferenceId":"ACF1022","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/411f7e2d-9a0b-4627-a0b9-1700432db47d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(10)"]},{"policyDefinitionReferenceId":"ACF1023","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e55698b6-3dea-4aa9-99b9-d8218c6ab6e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(11)"]},{"policyDefinitionReferenceId":"ACF1024","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84914fb4-12da-4c53-a341-a9fd463bed10","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)"]},{"policyDefinitionReferenceId":"ACF1025","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/adfe020d-0a97-45f4-a39c-696ef99f3a95","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)"]},{"policyDefinitionReferenceId":"ACF1026","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/55419419-c597-4cd4-b51e-009fd2266783","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(13)"]},{"policyDefinitionReferenceId":"ACF1027","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-3"]},{"policyDefinitionReferenceId":"ACF1028","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f171df5c-921b-41e9-b12b-50801c315475","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4"]},{"policyDefinitionReferenceId":"ACF1029","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4(8)"]},{"policyDefinitionReferenceId":"ACF1030","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d3531453-b869-4606-9122-29c1cd6e7ed1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4(21)"]},{"policyDefinitionReferenceId":"ACF1031","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b93a801-fe25-4574-a60d-cb22acffae00","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1032","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa85661-d618-46b8-a20f-ca40a86f0751","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1033","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48540f01-fc11-411a-b160-42807c68896e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1034","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02a5ed00-6d2e-4e97-9a98-46c32c057329","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6"]},{"policyDefinitionReferenceId":"ACF1035","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ca94b046-45e2-444f-a862-dc8ce262a516","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(1)"]},{"policyDefinitionReferenceId":"ACF1036","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a16d673-8cf0-4dcf-b1d5-9b3e114fef71","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(2)"]},{"policyDefinitionReferenceId":"ACF1037","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa4c2a3d-1294-41a3-9ada-0e540471e9fb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(3)"]},{"policyDefinitionReferenceId":"ACF1038","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26692e88-71b7-4a5f-a8ac-9f31dd05bd8e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(5)"]},{"policyDefinitionReferenceId":"ACF1039","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3a7b9de4-a8a2-4672-914d-c5f6752aa7f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"ACF1040","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/54205576-cec9-463f-ba44-b4b3f5d0a84c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"ACF1041","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b3d8d15b-627a-4219-8c96-4d16f788888b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(8)"]},{"policyDefinitionReferenceId":"ACF1042","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/319dc4f0-0fed-4ac9-8fc3-7aeddee82c07","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(9)"]},{"policyDefinitionReferenceId":"ACF1043","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/361a77f6-0f9c-4748-8eec-bc13aaaa2455","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(10)"]},{"policyDefinitionReferenceId":"ACF1044","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0abbac52-57cf-450d-8408-1208d0dd9e90","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7"]},{"policyDefinitionReferenceId":"ACF1045","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/554d2dd6-f3a8-4ad5-b66f-5ce23bd18892","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7"]},{"policyDefinitionReferenceId":"ACF1046","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b1aa965-7502-41f9-92be-3e2fe7cc392a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7(2)"]},{"policyDefinitionReferenceId":"ACF1047","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1048","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/483e7ca9-82b3-45a2-be97-b93163a0deb7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1049","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9adf7ba7-900a-4f35-8d57-9f34aafc405c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1050","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd20184c-b4ec-4ce5-8db6-6e86352d183f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-10"]},{"policyDefinitionReferenceId":"ACF1051","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7cac6ee9-b58b-40c8-a5ce-f0efc3d9b339","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11"]},{"policyDefinitionReferenceId":"ACF1052","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/027cae1c-ec3e-4492-9036-4168d540c42a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11"]},{"policyDefinitionReferenceId":"ACF1053","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7582b19c-9dba-438e-aed8-ede59ac35ba3","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11(1)"]},{"policyDefinitionReferenceId":"ACF1054","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5807e1b4-ba5e-4718-8689-a0ca05a191b2","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12"]},{"policyDefinitionReferenceId":"ACF1055","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/769efd9b-3587-4e22-90ce-65ddcd5bd969","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12(1)"]},{"policyDefinitionReferenceId":"ACF1056","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac43352f-df83-4694-8738-cfce549fd08d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12(1)"]},{"policyDefinitionReferenceId":"ACF1057","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/78255758-6d45-4bf0-a005-7016bc03b13c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-14"]},{"policyDefinitionReferenceId":"ACF1058","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/76e85d08-8fbb-4112-a1c1-93521e6a9254","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-14"]},{"policyDefinitionReferenceId":"ACF1059","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a29b5d9f-4953-4afe-b560-203a6410b6b4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17"]},{"policyDefinitionReferenceId":"ACF1060","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34a987fd-2003-45de-a120-014956581f2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17"]},{"policyDefinitionReferenceId":"ACF1061","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ac22808-a2e8-41c4-9d46-429b50738914","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"ACF1062","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4708723f-e099-4af1-bbf9-b6df7642e444","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(2)"]},{"policyDefinitionReferenceId":"ACF1063","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/593ce201-54b2-4dd0-b34f-c308005d7780","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(3)"]},{"policyDefinitionReferenceId":"ACF1064","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb4d9508-cbf0-4a3c-bb5c-6c95b159f3fb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(4)"]},{"policyDefinitionReferenceId":"ACF1065","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f87b8085-dca9-4cf1-8f7b-9822b997797c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(4)"]},{"policyDefinitionReferenceId":"ACF1066","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4455c2e8-c65d-4acf-895e-304916f90b36","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(9)"]},{"policyDefinitionReferenceId":"ACF1067","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c5e54f6-0127-44d0-8b61-f31dc8dd6190","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18"]},{"policyDefinitionReferenceId":"ACF1068","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d045bca-a0fd-452e-9f41-4ec33769717c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18"]},{"policyDefinitionReferenceId":"ACF1069","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/91c97b44-791e-46e9-bad7-ab7c4949edbb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(1)"]},{"policyDefinitionReferenceId":"ACF1070","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68f837d0-8942-4b1e-9b31-be78b247bda8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(3)"]},{"policyDefinitionReferenceId":"ACF1071","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a437f5b-9ad6-4f28-8861-de404d511ae4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(4)"]},{"policyDefinitionReferenceId":"ACF1072","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1ca29e41-34ec-4e70-aba9-6248aca18c31","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(5)"]},{"policyDefinitionReferenceId":"ACF1073","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ab55cdb0-c7dd-4bd8-ae22-a7cea7594e9c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19"]},{"policyDefinitionReferenceId":"ACF1074","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/27a69937-af92-4198-9b86-08d355c7e59a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19"]},{"policyDefinitionReferenceId":"ACF1075","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fc933d22-04df-48ed-8f87-22a3773d4309","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19(5)"]},{"policyDefinitionReferenceId":"ACF1076","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/98a4bd5f-6436-46d4-ad00-930b5b1dfed4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20"]},{"policyDefinitionReferenceId":"ACF1077","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2dad3668-797a-412e-a798-07d3849a7a79","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20"]},{"policyDefinitionReferenceId":"ACF1078","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b25faf85-8a16-4f28-8e15-d05c0072d64d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(1)"]},{"policyDefinitionReferenceId":"ACF1079","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/85c32733-7d23-4948-88da-058e2c56b60f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(1)"]},{"policyDefinitionReferenceId":"ACF1080","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/852981b4-a380-4704-aa1e-2e52d63445e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(2)"]},{"policyDefinitionReferenceId":"ACF1081","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3867f2a9-23bb-4729-851f-c3ad98580caf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-21"]},{"policyDefinitionReferenceId":"ACF1082","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24d480ef-11a0-4b1b-8e70-4e023bf2be23","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-21"]},{"policyDefinitionReferenceId":"ACF1083","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e319cb6-2ca3-4a58-ad75-e67f484e50ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1084","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d0eb15db-dd1c-4d1d-b200-b12dd6cd060c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1085","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13d117e0-38b0-4bbb-aaab-563be5dd10ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1086","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb321e6f-16a0-4be3-878f-500956e309c5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1087","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/100c82ba-42e9-4d44-a2ba-94b209248583","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-1"]},{"policyDefinitionReferenceId":"ACF1088","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d50f99d-1356-49c0-934a-45f742ba7783","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-1"]},{"policyDefinitionReferenceId":"ACF1089","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef080e67-0d1a-4f76-a0c5-fb9b0358485e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1090","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2fb740e5-cbc7-4d10-8686-d1bf826652b1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1091","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b23bd715-5d1c-4e5c-9759-9cbdf79ded9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1092","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8a29d47b-8604-4667-84ef-90d203fcb305","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2(2)"]},{"policyDefinitionReferenceId":"ACF1093","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a0bdeeb-15f4-47e8-a1da-9f769f845fdf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1094","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4b1853e0-8973-446b-b567-09d901d31a09","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1095","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc3f6f7a-057b-433e-9834-e8c97b0194f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1096","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/420c1477-aa43-49d0-bd7e-c4abdd9addff","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3(3)"]},{"policyDefinitionReferenceId":"ACF1097","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf3e4836-f19e-47eb-a8cd-c3ca150452c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3(4)"]},{"policyDefinitionReferenceId":"ACF1098","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84363adb-dde3-411a-9fc1-36b56737f822","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-4"]},{"policyDefinitionReferenceId":"ACF1099","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01910bab-8639-4bd0-84ef-cc53b24d79ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-4"]},{"policyDefinitionReferenceId":"ACF1100","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4057863c-ca7d-47eb-b1e0-503580cba8a4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-1"]},{"policyDefinitionReferenceId":"ACF1101","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7327b708-f0e0-457d-9d2a-527fcc9c9a65","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-1"]},{"policyDefinitionReferenceId":"ACF1102","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9943c16a-c54c-4b4a-ad28-bfd938cdbf57","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1103","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16feeb31-6377-437e-bbab-d7f73911896d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1104","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdd8d244-18b2-4306-a1d1-df175ae0935f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1105","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b73f57b-587d-4470-a344-0b0ae805f459","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1106","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d2b4feae-61ab-423f-a4c5-0e38ac4464d8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2(3)"]},{"policyDefinitionReferenceId":"ACF1107","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b29ed931-8e21-4779-8458-27916122a904","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3"]},{"policyDefinitionReferenceId":"ACF1108","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9ad559e-c12d-415e-9a78-e50fdd7da7ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(1)"]},{"policyDefinitionReferenceId":"ACF1109","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7d9ffa23-ad92-4d0d-b1f4-7db274cc2aec","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)"]},{"policyDefinitionReferenceId":"ACF1110","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6182bfa7-0f2a-43f5-834a-a2ddf31c13c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-4"]},{"policyDefinitionReferenceId":"ACF1111","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21de687c-f15e-4e51-bf8d-f35c8619965b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5"]},{"policyDefinitionReferenceId":"ACF1112","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d530aad8-4ee2-45f4-b234-c061dae683c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5"]},{"policyDefinitionReferenceId":"ACF1113","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/562afd61-56be-4313-8fe4-b9564aa4ba7d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5(1)"]},{"policyDefinitionReferenceId":"ACF1114","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c090801-59bc-4454-bb33-e0455133486a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5(2)"]},{"policyDefinitionReferenceId":"ACF1115","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b653845-2ad9-4e09-a4f3-5a7c1d78353d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6"]},{"policyDefinitionReferenceId":"ACF1116","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e47bc51-35d1-44b8-92af-e2f2d8b67635","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6"]},{"policyDefinitionReferenceId":"ACF1117","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7fbfe680-6dbb-4037-963c-a621c5635902","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(1)"]},{"policyDefinitionReferenceId":"ACF1118","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a96f743d-a195-420d-983a-08aa06bc441e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(3)"]},{"policyDefinitionReferenceId":"ACF1119","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/845f6359-b764-4b40-b579-657aefe23c44","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(4)"]},{"policyDefinitionReferenceId":"ACF1120","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c69b870e-857b-458b-af02-bb234f7a00d3","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(5)"]},{"policyDefinitionReferenceId":"ACF1121","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c72b0eb9-1fc2-44e5-a866-e7cb0532f7c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(6)"]},{"policyDefinitionReferenceId":"ACF1122","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/243ec95e-800c-49d4-ba52-1fdd9f6b8b57","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(7)"]},{"policyDefinitionReferenceId":"ACF1123","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03996055-37a4-45a5-8b70-3f1caa45f87d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(10)"]},{"policyDefinitionReferenceId":"ACF1124","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c10152dd-78f8-4335-ae2d-ad92cc028da4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7"]},{"policyDefinitionReferenceId":"ACF1125","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c6ce745a-670e-47d3-a6c4-3cfe5ef00c10","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7"]},{"policyDefinitionReferenceId":"ACF1126","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f37f71b-420f-49bf-9477-9c0196974ecf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7(1)"]},{"policyDefinitionReferenceId":"ACF1127","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3ce328db-aef3-48ed-9f81-2ab7cf839c66","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8"]},{"policyDefinitionReferenceId":"ACF1128","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef212163-3bc4-4e86-bcf8-705127086393","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8"]},{"policyDefinitionReferenceId":"ACF1129","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/71bb965d-4047-4623-afd4-b8189a58df5d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8(1)"]},{"policyDefinitionReferenceId":"ACF1130","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd7c4c1d-51ee-4349-9dab-89a7f8c8d102","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8(1)"]},{"policyDefinitionReferenceId":"ACF1131","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b472a17e-c2bc-493f-b50b-42d55a346962","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9"]},{"policyDefinitionReferenceId":"ACF1132","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05938e10-cdbd-4a54-9b2b-1cbcfc141ad0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(2)"]},{"policyDefinitionReferenceId":"ACF1133","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90b60a09-133d-45bc-86ef-b206a6134bbe","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(3)"]},{"policyDefinitionReferenceId":"ACF1134","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e95f70e-181c-4422-9da2-43079710c789","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(4)"]},{"policyDefinitionReferenceId":"ACF1135","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9c308b6b-2429-4b97-86cf-081b8e737b04","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-10"]},{"policyDefinitionReferenceId":"ACF1136","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/97ed5bac-a92f-4f6d-a8ed-dc094723597c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-11"]},{"policyDefinitionReferenceId":"ACF1137","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4344df62-88ab-4637-b97b-bcaf2ec97e7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1138","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9c284fc0-268a-4f29-af44-3c126674edb4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1139","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ed62522-de00-4dda-9810-5205733d2f34","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1140","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90d8b8ad-8ee3-4db7-913f-2a53fcff5316","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12(1)"]},{"policyDefinitionReferenceId":"ACF1141","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6fdefbf4-93e7-4513-bc95-c1858b7093e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12(3)"]},{"policyDefinitionReferenceId":"ACF1142","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01524fa8-4555-48ce-ba5f-c3b8dcef5147","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-1"]},{"policyDefinitionReferenceId":"ACF1143","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c6de11b-5f51-4f7c-8d83-d2467c8a816e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-1"]},{"policyDefinitionReferenceId":"ACF1144","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2fa15ff1-a693-4ee4-b094-324818dc9a51","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1145","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0724970-9c75-4a64-a225-a28002953f28","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1146","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd83410c-ecb6-4547-8f14-748c3cbdc7ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1147","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fef824a-29a8-4a4c-88fc-420a39c0d541","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1148","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28e62650-c7c2-4786-bdfa-17edc1673902","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(1)"]},{"policyDefinitionReferenceId":"ACF1149","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2e1b855b-a013-481a-aeeb-2bcb129fd35d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(2)"]},{"policyDefinitionReferenceId":"ACF1150","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d630429d-e763-40b1-8fba-d20ba7314afb","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(3)"]},{"policyDefinitionReferenceId":"ACF1151","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/347e3b69-7fb7-47df-a8ef-71a1a7b44bca","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1152","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/beff0acf-7e67-40b2-b1ca-1a0e8205cf1b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1153","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/61cf3125-142c-4754-8a16-41ab4d529635","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1154","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e757ceb9-93b3-45fe-a4f4-f43f64f1ac5a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3(3)"]},{"policyDefinitionReferenceId":"ACF1155","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d33f9f1-12d0-46ad-9fbd-8f8046694977","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3(5)"]},{"policyDefinitionReferenceId":"ACF1156","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d52e864-9a3b-41ee-8f03-520815fe5378","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-5"]},{"policyDefinitionReferenceId":"ACF1157","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/15495367-cf68-464c-bbc3-f53ca5227b7a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-5"]},{"policyDefinitionReferenceId":"ACF1158","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fff50cf2-28eb-45b4-b378-c99412688907","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1159","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0925f098-7877-450b-8ba4-d1e55f2d8795","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1160","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3e797ca6-2aa8-4333-b335-7036f1110c05","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1161","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2f8f6c6-dde4-436b-a79d-bc50e129eb3a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1162","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1163","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/961663a1-8a91-4e59-b6f5-1eee57c0f49c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1164","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0fb8d3ce-9e96-481c-9c68-88d4e3019310","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1165","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47e10916-6c9e-446b-b0bd-ff5fd439d79d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1166","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bb02733d-3cc5-4bb0-a6cd-695ba2c2272e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1167","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cbb2be76-4891-430b-95a7-ca0b0a3d1300","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1168","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82409f9e-1f32-4775-bf07-b99d53a91b06","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7(1)"]},{"policyDefinitionReferenceId":"ACF1169","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e7ba2cb3-5675-4468-8b50-8486bdd998a5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7(3)"]},{"policyDefinitionReferenceId":"ACF1170","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8b78b9b3-ee3c-48e0-a243-ed6dba5b7a12","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-8"]},{"policyDefinitionReferenceId":"ACF1171","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d4820bc-8b61-4982-9501-2123cb776c00","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-8(1)"]},{"policyDefinitionReferenceId":"ACF1172","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b43e946e-a4c8-4b92-8201-4a39331db43c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-9"]},{"policyDefinitionReferenceId":"ACF1173","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4aff9e7-2e60-46fa-86be-506b79033fc5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-9"]},{"policyDefinitionReferenceId":"ACF1174","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/42a9a714-8fbb-43ac-b115-ea12d2bd652f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-1"]},{"policyDefinitionReferenceId":"ACF1175","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6dab4254-c30d-4bb7-ae99-1d21586c063c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-1"]},{"policyDefinitionReferenceId":"ACF1176","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c30690a5-7bf3-467f-b0cd-ef5c7c7449cd","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2"]},{"policyDefinitionReferenceId":"ACF1177","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1178","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7818b8f4-47c6-441a-90ae-12ce04e99893","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1179","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3f9ce557-c8ab-4e6c-bb2c-9b8ed002c46c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1180","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/874e7880-a067-42a7-bcbe-1a340f54c8cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(2)"]},{"policyDefinitionReferenceId":"ACF1181","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21839937-d241-4fa5-95c6-b669253d9ab9","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(3)"]},{"policyDefinitionReferenceId":"ACF1182","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f34f554-da4b-4786-8d66-7915c90893da","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(7)"]},{"policyDefinitionReferenceId":"ACF1183","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5352e3e0-e63a-452e-9e5f-9c1d181cff9c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(7)"]},{"policyDefinitionReferenceId":"ACF1184","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13579d0e-0ab0-4b26-b0fb-d586f6d7ed20","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1185","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6420cd73-b939-43b7-9d99-e8688fea053c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1186","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b95ba3bd-4ded-49ea-9d10-c6f4b680813d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1187","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9f2b2f9e-4ba6-46c3-907f-66db138b6f85","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1188","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bb20548a-c926-4e4d-855c-bcddc6faf95e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1189","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ee45e02a-4140-416c-82c4-fecfea660b9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1190","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c66a3d1e-465b-4f28-9da5-aef701b59892","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1191","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f26a61b-a74d-467c-99cf-63644db144f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1192","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ebd97f7-b105-4f50-8daf-c51465991240","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1193","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f5fd629f-3075-4cae-ab53-bad65495a4ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1194","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc34667f-397e-4a65-9b72-d0358f0b6b09","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1195","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d1e1d65c-1013-4484-bd54-991332e6a0d2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1196","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e7f4ea4-dd62-44f6-8886-ac6137cf52b0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1197","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a20d2eaa-88e2-4907-96a2-8f3a05797e5c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(2)"]},{"policyDefinitionReferenceId":"ACF1198","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f56be5c3-660b-4c61-9078-f67cf072c356","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(4)"]},{"policyDefinitionReferenceId":"ACF1199","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9a08d1c-09b1-48f1-90ea-029bbdf7111e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(6)"]},{"policyDefinitionReferenceId":"ACF1200","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e98fe9d7-2ed3-44f8-93b7-24dca69783ff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-4"]},{"policyDefinitionReferenceId":"ACF1201","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7daef997-fdd3-461b-8807-a608a6dd70f1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-4(1)"]},{"policyDefinitionReferenceId":"ACF1202","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40a2a83b-74f2-4c02-ae65-f460a5d2792a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5"]},{"policyDefinitionReferenceId":"ACF1203","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9012d14-e3e6-4d7b-b926-9f37b5537066","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(1)"]},{"policyDefinitionReferenceId":"ACF1204","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f4f6750-d1ab-4a4c-8dfd-af3237682665","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(2)"]},{"policyDefinitionReferenceId":"ACF1205","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b070cab-0fb8-4e48-ad29-fc90b4c2797c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(3)"]},{"policyDefinitionReferenceId":"ACF1206","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e0de232d-02a0-4652-872d-88afb4ae5e91","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(5)"]},{"policyDefinitionReferenceId":"ACF1207","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8713a0ed-0d1e-4d10-be82-83dffb39830e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(5)"]},{"policyDefinitionReferenceId":"ACF1208","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5ea87673-d06b-456f-a324-8abcee5c159f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1209","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ce669c31-9103-4552-ae9c-cdef4e03580d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1210","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3502c968-c490-4570-8167-1476f955e9b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1211","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a8b9dc8-6b00-4701-aa96-bba3277ebf50","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1212","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/56d970ee-4efc-49c8-8a4e-5916940d784c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6(1)"]},{"policyDefinitionReferenceId":"ACF1213","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/81f11e32-a293-4a58-82cd-134af52e2318","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6(2)"]},{"policyDefinitionReferenceId":"ACF1214","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f714a4e2-b580-47b6-ae8c-f2812d3750f3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7"]},{"policyDefinitionReferenceId":"ACF1215","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88fc93e8-4745-4785-b5a5-b44bb92c44ff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7"]},{"policyDefinitionReferenceId":"ACF1216","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7894fe6a-f5cb-44c8-ba90-c3f254ff9484","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(1)"]},{"policyDefinitionReferenceId":"ACF1217","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/edea4f20-b02c-4115-be75-86c080e5c0ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(1)"]},{"policyDefinitionReferenceId":"ACF1218","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4a1d0394-b9f5-493e-9e83-563fd0ac4df8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(2)"]},{"policyDefinitionReferenceId":"ACF1219","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2a39ac75-622b-4c88-9a3f-45b7373f7ef7","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1220","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40f31a7-81e1-4130-99e5-a02ceea2a1d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1221","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22589a07-0007-486a-86ca-95355081ae2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1222","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb39e62f-6bda-4558-8088-ec03d5670914","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8"]},{"policyDefinitionReferenceId":"ACF1223","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8"]},{"policyDefinitionReferenceId":"ACF1224","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28cfa30b-7f72-47ce-ba3b-eed26c8d2c82","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(1)"]},{"policyDefinitionReferenceId":"ACF1225","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8d096fe0-f510-4486-8b4d-d17dc230980b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(2)"]},{"policyDefinitionReferenceId":"ACF1226","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c158eb1c-ae7e-4081-8057-d527140c4e0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(3)"]},{"policyDefinitionReferenceId":"ACF1227","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03b78f5e-4877-4303-b0f4-eb6583f25768","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(3)"]},{"policyDefinitionReferenceId":"ACF1228","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/39c54140-5902-4079-8bb5-ad31936fe764","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(4)"]},{"policyDefinitionReferenceId":"ACF1229","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03752212-103c-4ab8-a306-7e813022ca9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(5)"]},{"policyDefinitionReferenceId":"ACF1230","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/11158848-f679-4e9b-aa7b-9fb07d945071","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1231","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/244e0c05-cc45-4fe7-bf36-42dcf01f457d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1232","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/396ba986-eac1-4d6d-85c4-d3fda6b78272","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1233","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d79001f-95fe-45d0-8736-f217e78c1f57","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1234","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b293f881-361c-47ed-b997-bc4e2296bc0b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1235","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c49c610b-ece4-44b3-988c-2172b70d6e46","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1236","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ba3ed84-c768-4e18-b87c-34ef1aff1b57","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1237","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e80b6812-0bfa-4383-8223-cdd86a46a890","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10(1)"]},{"policyDefinitionReferenceId":"ACF1238","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1239","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0be51298-f643-4556-88af-d7db90794879","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1240","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/129eb39f-d79a-4503-84cd-92f036b5e429","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1241","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eca4d7b2-65e2-4e04-95d4-c68606b063c3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11(1)"]},{"policyDefinitionReferenceId":"ACF1242","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf3b3293-667a-445e-a722-fa0b0afc0958","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-1"]},{"policyDefinitionReferenceId":"ACF1243","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ca9a4469-d6df-4ab2-a42f-1213c396f0ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-1"]},{"policyDefinitionReferenceId":"ACF1244","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a13a8f8-c163-4b1b-8554-d63569dab937","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1245","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0e45314-57b8-4623-80cd-bbb561f59516","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1246","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/398eb61e-8111-40d5-a0c9-003df28f1753","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1247","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e666db5-b2ef-4b06-aac6-09bfce49151b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1248","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50fc602d-d8e0-444b-a039-ad138ee5deb0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1249","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d3bf4251-0818-42db-950b-afd5b25a51c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1250","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8de614d8-a8b7-4f70-a62a-6d37089a002c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1251","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e2b3730-8c14-4081-8893-19dbb5de7348","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(1)"]},{"policyDefinitionReferenceId":"ACF1252","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a328fd72-8ff5-4f96-8c9c-b30ed95db4ab","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(2)"]},{"policyDefinitionReferenceId":"ACF1253","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0afce0b3-dd9f-42bb-af28-1e4284ba8311","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(3)"]},{"policyDefinitionReferenceId":"ACF1254","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/704e136a-4fe0-427c-b829-cd69957f5d2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(4)"]},{"policyDefinitionReferenceId":"ACF1255","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3793f5e-937f-44f7-bfba-40647ef3efa0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(5)"]},{"policyDefinitionReferenceId":"ACF1256","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/232ab24b-810b-4640-9019-74a7d0d6a980","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(8)"]},{"policyDefinitionReferenceId":"ACF1257","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b958b241-4245-4bd6-bd2d-b8f0779fb543","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1258","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7814506c-382c-4d33-a142-249dd4a0dbff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1259","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d9e18f7-bad9-4d30-8806-a0c9d5e26208","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1260","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/42254fc4-2738-4128-9613-72aaa4f0d9c3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3(1)"]},{"policyDefinitionReferenceId":"ACF1261","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/65aeceb5-a59c-4cb1-8d82-9c474be5d431","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1262","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/831e510e-db41-4c72-888e-a0621ab62265","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1263","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41472613-3b05-49f6-8fe8-525af113ce17","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1264","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd280d4b-50a1-42fb-a479-ece5878acf19","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(1)"]},{"policyDefinitionReferenceId":"ACF1265","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a18adb5b-1db6-4a5b-901a-7d3797d12972","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(2)"]},{"policyDefinitionReferenceId":"ACF1266","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b4a3eb2-c25d-40bf-ad41-5094b6f59cee","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(2)"]},{"policyDefinitionReferenceId":"ACF1267","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e97ba1d-be5d-4953-8da4-0cccf28f4805","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6"]},{"policyDefinitionReferenceId":"ACF1268","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23f6e984-3053-4dfc-ab48-543b764781f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6"]},{"policyDefinitionReferenceId":"ACF1269","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/19b9439d-865d-4474-b17d-97d2702fdb66","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(1)"]},{"policyDefinitionReferenceId":"ACF1270","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53c76a39-2097-408a-b237-b279f7b4614d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(2)"]},{"policyDefinitionReferenceId":"ACF1271","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da3bfb53-9c46-4010-b3db-a7ba1296dada","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(3)"]},{"policyDefinitionReferenceId":"ACF1272","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1273","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e77fcbf2-a1e8-44f1-860e-ed6583761e65","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1274","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2aee175f-cd16-4825-939a-a85349d96210","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1275","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a23d9d53-ad2e-45ef-afd5-e6d10900a737","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(1)"]},{"policyDefinitionReferenceId":"ACF1276","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e214e563-1206-4a43-a56b-ac5880c9c571","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(2)"]},{"policyDefinitionReferenceId":"ACF1277","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dc43e829-3d50-4a0a-aa0f-428d551862aa","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(3)"]},{"policyDefinitionReferenceId":"ACF1278","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8e5ef485-9e16-4c53-a475-fbb8107eac59","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(4)"]},{"policyDefinitionReferenceId":"ACF1279","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8"]},{"policyDefinitionReferenceId":"ACF1280","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa108498-b3a8-4ffb-9e79-1107e76afad3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(1)"]},{"policyDefinitionReferenceId":"ACF1281","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8dc459b3-0e77-45af-8d71-cfd8c9654fe2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(1)"]},{"policyDefinitionReferenceId":"ACF1282","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34042a97-ec6d-4263-93d2-8c1c46823b2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(2)"]},{"policyDefinitionReferenceId":"ACF1283","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9172e76-7f56-46e9-93bf-75d69bdb5491","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(3)"]},{"policyDefinitionReferenceId":"ACF1284","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/942b3e97-6ae3-410e-a794-c9c999b97c0b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1285","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01f7726b-db54-45c2-bcb5-9bd7a43796ee","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1286","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4f9b47a-2116-4e6f-88db-4edbf22753f1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1287","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/819dc6da-289d-476e-8500-7e341ef8677d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1288","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1289","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a724864-956a-496c-b778-637cb1d762cf","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1290","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/92f85ce9-17b7-49ea-85ee-ea7271ea6b82","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1291","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(1)"]},{"policyDefinitionReferenceId":"ACF1292","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d03516cf-0293-489f-9b32-a18f2a79f836","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(2)"]},{"policyDefinitionReferenceId":"ACF1293","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/87f7cd82-2e45-4d0f-9e2f-586b0962d142","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(3)"]},{"policyDefinitionReferenceId":"ACF1294","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/49dbe627-2c1e-438c-979e-dd7a39bbf81d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(5)"]},{"policyDefinitionReferenceId":"ACF1295","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a895fbdb-204d-4302-9689-0a59dc42b3d9","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10"]},{"policyDefinitionReferenceId":"ACF1296","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e57b98a0-a011-4956-a79d-5d17ed8b8e48","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10(2)"]},{"policyDefinitionReferenceId":"ACF1297","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93fd8af1-c161-4bae-9ba9-f62731f76439","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10(4)"]},{"policyDefinitionReferenceId":"ACF1298","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1dc784b5-4895-4d27-9d40-a06b032bd1ee","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-1"]},{"policyDefinitionReferenceId":"ACF1299","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd4e54f7-9ab0-4bae-b6cc-457809948a89","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-1"]},{"policyDefinitionReferenceId":"ACF1300","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/99deec7d-5526-472e-b07c-3645a792026a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2"]},{"policyDefinitionReferenceId":"ACF1301","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"ACF1302","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09828c65-e323-422b-9774-9d5c646124da","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(2)"]},{"policyDefinitionReferenceId":"ACF1303","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/80ca0a27-918a-4604-af9e-723a27ee51e8","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(3)"]},{"policyDefinitionReferenceId":"ACF1304","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(4)"]},{"policyDefinitionReferenceId":"ACF1305","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d9166a8-1722-4b8f-847c-2cf3f2618b3d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(5)"]},{"policyDefinitionReferenceId":"ACF1306","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(8)"]},{"policyDefinitionReferenceId":"ACF1307","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84e622c8-4bed-417c-84c6-b2fb0dd73682","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(9)"]},{"policyDefinitionReferenceId":"ACF1308","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/81817e1c-5347-48dd-965a-40159d008229","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(11)"]},{"policyDefinitionReferenceId":"ACF1309","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f355d62b-39a8-4ba3-abf7-90f71cb3b000","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(12)"]},{"policyDefinitionReferenceId":"ACF1310","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/450d7ede-823d-4931-a99d-57f6a38807dc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-3"]},{"policyDefinitionReferenceId":"ACF1311","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e7568697-0c9e-4ea3-9cec-9e567d14f3c6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1312","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d6a5968-9eef-4c18-8534-376790ab7274","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1313","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36220f5b-79a1-4cdb-8c74-2d2449f9a510","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1314","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef0c8530-efd9-45b8-b753-f03083d06295","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1315","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3aa87116-f1a1-4edb-bfbf-14e036f8d454","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1316","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ce14753-66e5-465d-9841-26ef55c09c0d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4(4)"]},{"policyDefinitionReferenceId":"ACF1317","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8877f519-c166-47b7-81b7-8a8eb4ff3775","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1318","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fced5fda-3bdb-4d73-bfea-0e2c80428b66","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1319","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/66f7ae57-5560-4fc5-85c9-659f204e7a42","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1320","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6f54c732-71d4-4f93-a696-4e373eca3a77","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1321","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb627cc6-3a9d-46b5-96b7-5fca49178a37","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1322","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d1d971e-467e-4278-9633-c74c3d4fecc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1323","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abe8f70b-680f-470c-9b86-a7edfb664ecc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1324","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cfea2b3-7f77-497e-ac20-0752f2ff6eee","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1325","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1845796a-7581-49b2-ae20-443121538e19","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1326","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8605fc00-1bf5-4fb3-984e-c95cec4f231d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1327","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03188d8f-1ae5-4fe1-974d-2d7d32ef937d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1328","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f5c66fdc-3d02-4034-9db5-ba57802609de","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1329","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/498f6234-3e20-4b6a-a880-cbd646d973bd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1330","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f75cedb2-5def-4b31-973e-b69e8c7bd031","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1331","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05460fe2-301f-4ed1-8174-d62c8bb92ff4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1332","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/068260be-a5e6-4b0a-a430-cd27071c226a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1333","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3298d6bf-4bc6-4278-a95d-f7ef3ac6e594","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1334","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44bfdadc-8c2e-4c30-9c99-f005986fabcd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1335","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/382016f3-d4ba-4e15-9716-55077ec4dc2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1336","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/77f56280-e367-432a-a3b9-8ca2aa636a26","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1337","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/463e5220-3f79-4e24-a63f-343e4096cd22","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(3)"]},{"policyDefinitionReferenceId":"ACF1338","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6c59a207-6aed-41dc-83a2-e1ff66e4a4db","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(4)"]},{"policyDefinitionReferenceId":"ACF1339","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/367ae386-db7f-4167-b672-984ff86277c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(6)"]},{"policyDefinitionReferenceId":"ACF1340","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e51ff84b-e5ea-408f-b651-2ecc2933e4c6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(7)"]},{"policyDefinitionReferenceId":"ACF1341","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34cb7e92-fe4c-4826-b51e-8cd203fa5d35","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(8)"]},{"policyDefinitionReferenceId":"ACF1342","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/283a4e29-69d5-4c94-b99e-29acf003c899","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(11)"]},{"policyDefinitionReferenceId":"ACF1343","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c251a55-31eb-4e53-99c6-e9c43c393ac2","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(13)"]},{"policyDefinitionReferenceId":"ACF1344","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c895fe7-2d8e-43a2-838c-3a533a5b355e","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-6"]},{"policyDefinitionReferenceId":"ACF1345","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f86aa129-7c07-4aa4-bbf5-792d93ffd9ea","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-7"]},{"policyDefinitionReferenceId":"ACF1346","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/464dc8ce-2200-4720-87a5-dc5952924cc6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8"]},{"policyDefinitionReferenceId":"ACF1347","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/131a2706-61e9-4916-a164-00e052056462","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(1)"]},{"policyDefinitionReferenceId":"ACF1348","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/855ced56-417b-4d74-9d5f-dd1bc81e22d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(2)"]},{"policyDefinitionReferenceId":"ACF1349","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17641f70-94cd-4a5d-a613-3d1143e20e34","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(3)"]},{"policyDefinitionReferenceId":"ACF1350","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d77fd943-6ba6-4a21-ba07-22b03e347cc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(4)"]},{"policyDefinitionReferenceId":"ACF1351","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bcfb6683-05e5-4ce6-9723-c3fbe9896bdd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-1"]},{"policyDefinitionReferenceId":"ACF1352","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/518cb545-bfa8-43f8-a108-3b7d5037469a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-1"]},{"policyDefinitionReferenceId":"ACF1353","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c785ad59-f78f-44ad-9a7f-d1202318c748","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1354","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9fd92c17-163a-4511-bb96-bbb476449796","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1355","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90e01f69-3074-4de8-ade7-0fef3e7d83e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1356","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8829f8f5-e8be-441e-85c9-85b72a5d0ef3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2(1)"]},{"policyDefinitionReferenceId":"ACF1357","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e4213689-05e8-4241-9d4e-8dd1cdafd105","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2(2)"]},{"policyDefinitionReferenceId":"ACF1358","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/effbaeef-5bf4-400d-895e-ef8cbc0e64c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-3"]},{"policyDefinitionReferenceId":"ACF1359","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47bc7ea0-7d13-4f7c-a154-b903f7194253","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-3(2)"]},{"policyDefinitionReferenceId":"ACF1360","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/be5b05e7-0b82-4ebc-9eda-25e447b1a41e","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1361","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03ed3be1-7276-4452-9a5d-e4168565ac67","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1362","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5d169442-d6ef-439b-8dca-46c2c3248214","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1363","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea3e8156-89a1-45b1-8bd6-938abc79fdfd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(1)"]},{"policyDefinitionReferenceId":"ACF1364","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c615c2a-dc83-4dda-8220-abce7b50c9bc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(2)"]},{"policyDefinitionReferenceId":"ACF1365","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4116891d-72f7-46ee-911c-8056cc8dcbd5","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(3)"]},{"policyDefinitionReferenceId":"ACF1366","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06c45c30-ae44-4f0f-82be-41331da911cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(4)"]},{"policyDefinitionReferenceId":"ACF1367","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/435b2547-6374-4f87-b42d-6e8dbe6ae62a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(6)"]},{"policyDefinitionReferenceId":"ACF1368","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/465f32da-0ace-4603-8d1b-7be5a3a702de","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(8)"]},{"policyDefinitionReferenceId":"ACF1369","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/18cc35ed-a429-486d-8d59-cb47e87304ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-5"]},{"policyDefinitionReferenceId":"ACF1370","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/924e1b2d-c502-478f-bfdb-a7e09a0d5c01","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-5(1)"]},{"policyDefinitionReferenceId":"ACF1371","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9447f354-2c85-4700-93b3-ecdc6cb6a417","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6"]},{"policyDefinitionReferenceId":"ACF1372","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/25b96717-c912-4c00-9143-4e487f411726","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6"]},{"policyDefinitionReferenceId":"ACF1373","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4cca950f-c3b7-492a-8e8f-ea39663c14f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6(1)"]},{"policyDefinitionReferenceId":"ACF1374","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc5c8616-52ef-4e5e-8000-491634ed9249","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7"]},{"policyDefinitionReferenceId":"ACF1375","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/00379355-8932-4b52-b63a-3bc6daf3451a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(1)"]},{"policyDefinitionReferenceId":"ACF1376","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/493a95f3-f2e3-47d0-af02-65e6d6decc2f","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(2)"]},{"policyDefinitionReferenceId":"ACF1377","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68434bd1-e14b-4031-9edb-a4adf5f84a67","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(2)"]},{"policyDefinitionReferenceId":"ACF1378","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/97fceb70-6983-42d0-9331-18ad8253184d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1379","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9442dd2c-a07f-46cd-b55a-553b66ba47ca","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1380","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4319b7e-ea8d-42ff-8a67-ccd462972827","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1381","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e5368258-9684-4567-8126-269f34e65eab","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1382","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/841392b3-40da-4473-b328-4cde49db67b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1383","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d4558451-e16a-4d2d-a066-fe12a6282bb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1384","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/79fbc228-461c-4a45-9004-a865ca0728a7","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1385","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3e495e65-8663-49ca-9b38-9f45e800bc58","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1386","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5120193e-91fd-4f9d-bc6d-194f94734065","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1387","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3007185-3857-43a9-8237-06ca94f1084c","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1388","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c7c575a-d4c5-4f6f-bd49-dee97a8cba55","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1389","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c39e6fda-ae70-4891-a739-be7bba6d1062","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1390","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3b65b63-09ec-4cb5-8028-7dd324d10eb0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(1)"]},{"policyDefinitionReferenceId":"ACF1391","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd6ac1a1-660e-4810-baa8-74e868e2ed47","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(2)"]},{"policyDefinitionReferenceId":"ACF1392","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86dc819f-15e1-43f9-a271-41ae58d4cecc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(3)"]},{"policyDefinitionReferenceId":"ACF1393","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/731856d8-1598-4b75-92de-7d46235747c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(4)"]},{"policyDefinitionReferenceId":"ACF1394","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4db56f68-3f50-45ab-88f3-ca46f5379a94","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-1"]},{"policyDefinitionReferenceId":"ACF1395","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7207a023-a517-41c5-9df2-09d4c6845a05","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-1"]},{"policyDefinitionReferenceId":"ACF1396","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/276af98f-4ff9-4e69-99fb-c9b2452fb85f","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1397","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/391af4ab-1117-46b9-b2c7-78bbd5cd995b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1398","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/443e8f3d-b51a-45d8-95a7-18b0e42f4dc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1399","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2256e638-eb23-480f-9e15-6cf1af0a76b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1400","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a96d5098-a604-4cdf-90b1-ef6449a27424","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1401","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b78ee928-e3c1-4569-ad97-9f8c4b629847","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1402","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a560d32-8075-4fec-9615-9f7c853f4ea9","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2(2)"]},{"policyDefinitionReferenceId":"ACF1403","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/57149289-d52b-4f40-9fe6-5233c1ef80f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2(2)"]},{"policyDefinitionReferenceId":"ACF1404","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13d8f903-0cd6-449f-a172-50f6579c182b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3"]},{"policyDefinitionReferenceId":"ACF1405","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(1)"]},{"policyDefinitionReferenceId":"ACF1406","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0f5339c-9292-43aa-a0bc-d27c6b8e30aa","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(2)"]},{"policyDefinitionReferenceId":"ACF1407","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ff9fbd83-1d8d-4b41-aac2-94cb44b33976","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1408","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c5f56ac6-4bb2-4086-bc41-ad76344ba2c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1409","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d1880188-e51a-4772-b2ab-68f5e8bd27f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1410","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2596a9f-e59f-420d-9625-6e0b536348be","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1411","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/898d4fe8-f743-4333-86b7-0c9245d93e7d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1412","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3492d949-0dbb-4589-88b3-7b59601cc764","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1413","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeedddb6-6bc0-42d5-809b-80048033419d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1414","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ce63a52-e47b-4ae2-adbb-6e40d967f9e6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1415","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/61a1dd98-b259-4840-abd5-fbba7ee0da83","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1416","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/38dfd8a3-5290-4099-88b7-4081f4c4d8ae","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(2)"]},{"policyDefinitionReferenceId":"ACF1417","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7522ed84-70d5-4181-afc0-21e50b1b6d0e","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(3)"]},{"policyDefinitionReferenceId":"ACF1418","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28e633fd-284e-4ea7-88b4-02ca157ed713","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(3)"]},{"policyDefinitionReferenceId":"ACF1419","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6747bf9-2b97-45b8-b162-3c8becb9937d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(6)"]},{"policyDefinitionReferenceId":"ACF1420","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05ae08cc-a282-413b-90c7-21a2c60b8404","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1421","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e539caaa-da8c-41b8-9e1e-449851e2f7a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1422","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea556850-838d-4a37-8ce5-9d7642f95e11","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1423","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7741669e-d4f6-485a-83cb-e70ce7cbbc20","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5(1)"]},{"policyDefinitionReferenceId":"ACF1424","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf55fc87-48e1-4676-a2f8-d9a8cf993283","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5(1)"]},{"policyDefinitionReferenceId":"ACF1425","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5983d99c-f39b-4c32-a3dc-170f19f6941b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-6"]},{"policyDefinitionReferenceId":"ACF1426","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21f639bc-f42b-46b1-8f40-7a2a389c291a","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-1"]},{"policyDefinitionReferenceId":"ACF1427","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc90e44f-d83f-4bdf-900f-3d5eb4111b31","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-1"]},{"policyDefinitionReferenceId":"ACF1428","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a77fcc7-b8d8-451a-ab52-56197913c0c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-2"]},{"policyDefinitionReferenceId":"ACF1429","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b07c9b24-729e-4e85-95fc-f224d2d08a80","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-3"]},{"policyDefinitionReferenceId":"ACF1430","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f559588-5e53-4b14-a7c4-85d28ebc2234","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-3"]},{"policyDefinitionReferenceId":"ACF1431","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7173c52-2b99-4696-a576-63dd5f970ef4","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-4"]},{"policyDefinitionReferenceId":"ACF1432","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1140e542-b80d-4048-af45-3f7245be274b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-4"]},{"policyDefinitionReferenceId":"ACF1433","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b879b41-2728-41c5-ad24-9ee2c37cbe65","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1434","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c18f06b-a68d-41c3-8863-b8cd3acb5f8f","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1435","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa8d221b-d130-4637-ba16-501e666628bb","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1436","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28aab8b4-74fd-4b7c-9080-5a7be525d574","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1437","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d1eb6ed-bf13-4046-b993-b9e2aef0f76c","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5(4)"]},{"policyDefinitionReferenceId":"ACF1438","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40fcc635-52a2-4dbc-9523-80a1f4aa1de6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6"]},{"policyDefinitionReferenceId":"ACF1439","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dce72873-c5f1-47c3-9b4f-6b8207fd5a45","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6"]},{"policyDefinitionReferenceId":"ACF1440","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/881299bf-2a5b-4686-a1b2-321d33679953","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(1)"]},{"policyDefinitionReferenceId":"ACF1441","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6519d7f3-e8a2-4ff3-a935-9a9497152ad7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(2)"]},{"policyDefinitionReferenceId":"ACF1442","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f26049b-2c5a-4841-9ff3-d48a26aae475","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(3)"]},{"policyDefinitionReferenceId":"ACF1443","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cd0ec6fa-a2e7-4361-aee4-a8688659a9ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-7"]},{"policyDefinitionReferenceId":"ACF1444","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/666143df-f5e0-45bd-b554-135f0f93e44e","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-7(1)"]},{"policyDefinitionReferenceId":"ACF1445","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32d07d59-2716-4972-b37b-214a67ac4a37","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-1"]},{"policyDefinitionReferenceId":"ACF1446","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf6850fe-abba-468e-9ef4-d09ec7d983cd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-1"]},{"policyDefinitionReferenceId":"ACF1447","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9783a99-98fe-4a95-873f-29613309fe9a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1448","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/825d6494-e583-42f2-a3f2-6458e6f0004f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1449","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f784d3b0-5f2b-49b7-b9f3-00ba8653ced5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1450","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/134d7a13-ba3e-41e2-b236-91bfcfa24e01","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1451","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3f1e5a3-25c1-4476-8cb6-3955031f8e65","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1452","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82c76455-4d3f-4e09-a654-22e592107e74","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1453","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9693b564-3008-42bc-9d5d-9c7fe198c011","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1454","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ad58985d-ab32-4f99-8bd3-b7e134c90229","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1455","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/068a88d4-e520-434e-baf0-9005a8164e6a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1456","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/733ba9e3-9e7c-440a-a7aa-6196a90a2870","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1457","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f2d9d3e6-8886-4305-865d-639163e5c305","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1458","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c19ceb7-56e9-4488-8ddb-b1eb3aa6d203","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3(1)"]},{"policyDefinitionReferenceId":"ACF1459","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-4"]},{"policyDefinitionReferenceId":"ACF1460","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6f3ce1bb-4f77-4695-8355-70b08d54fdda","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-5"]},{"policyDefinitionReferenceId":"ACF1461","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aafef03e-fea8-470b-88fa-54bd1fcd7064","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1462","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9b1f3a9a-13a1-4b40-8420-36bca6fd8c02","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1463","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/59721f87-ae25-4db0-a2a4-77cc5b25d495","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1464","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41256567-1795-4684-b00b-a1308ce43cac","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6(1)"]},{"policyDefinitionReferenceId":"ACF1465","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6e41554-86b5-4537-9f7f-4fc41a1d1640","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6(4)"]},{"policyDefinitionReferenceId":"ACF1466","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d943a9c-a6f1-401f-a792-740cdb09c451","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8"]},{"policyDefinitionReferenceId":"ACF1467","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5350cbf9-8bdd-4904-b22a-e88be84ca49d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8"]},{"policyDefinitionReferenceId":"ACF1468","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/75603f96-80a1-4757-991d-5a1221765ddd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8(1)"]},{"policyDefinitionReferenceId":"ACF1469","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-9"]},{"policyDefinitionReferenceId":"ACF1470","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c89ba09f-2e0f-44d0-8095-65b05bd151ef","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1471","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7dd0e9ce-1772-41fb-a50a-99977071f916","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1472","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef869332-921d-4c28-9402-3be73e6e50c8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1473","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d7047705-d719-46a7-8bb0-76ad233eba71","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-11"]},{"policyDefinitionReferenceId":"ACF1474","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03ad326e-d7a1-44b1-9a76-e17492efc9e4","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-11(1)"]},{"policyDefinitionReferenceId":"ACF1475","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34a63848-30cf-4081-937e-ce1a1c885501","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-12"]},{"policyDefinitionReferenceId":"ACF1476","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f3c4ac2-3e35-4906-a80b-473b12a622d7","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13"]},{"policyDefinitionReferenceId":"ACF1477","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4862a63c-6c74-4a9d-a221-89af3c374503","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(1)"]},{"policyDefinitionReferenceId":"ACF1478","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f997df46-cfbb-4cc8-aac8-3fecdaf6a183","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(2)"]},{"policyDefinitionReferenceId":"ACF1479","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e327b072-281d-4f75-9c28-4216e5d72f26","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(3)"]},{"policyDefinitionReferenceId":"ACF1480","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/18a767cc-1947-4338-a240-bc058c81164f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14"]},{"policyDefinitionReferenceId":"ACF1481","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/717a1c78-a267-4f56-ac58-ee6c54dc4339","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14"]},{"policyDefinitionReferenceId":"ACF1482","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9df4277e-8c88-4d5c-9b1a-541d53d15d7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14(2)"]},{"policyDefinitionReferenceId":"ACF1483","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5cb81060-3c8a-4968-bcdc-395a1801f6c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-15"]},{"policyDefinitionReferenceId":"ACF1484","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/486b006a-3653-45e8-b41c-a052d3e05456","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-15(1)"]},{"policyDefinitionReferenceId":"ACF1485","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50301354-95d0-4a11-8af5-8039ecf6d38b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-16"]},{"policyDefinitionReferenceId":"ACF1486","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb790345-a51f-43de-934e-98dbfaf9dca5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1487","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c3371d-c30c-4f58-abd9-30b8a8199571","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1488","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d8ef30eb-a44f-47af-8524-ac19a36d41d2","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1489","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0a794f-1444-4c96-9534-e35fc8c39c91","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-18"]},{"policyDefinitionReferenceId":"ACF1490","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e61da80-0957-4892-b70c-609d5eaafb6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-1"]},{"policyDefinitionReferenceId":"ACF1491","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1571dd40-dafc-4ef4-8f55-16eba27efc7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-1"]},{"policyDefinitionReferenceId":"ACF1492","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ad5f307-e045-46f7-8214-5bdb7e973737","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1493","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22b469b3-fccf-42da-aa3b-a28e6fb113ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1494","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ed09d84-3311-4853-8b67-2b55dfa33d09","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1495","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4978d0e-a596-48e7-9f8c-bbf52554ce8d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1496","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ca96127-2f87-46ab-a4fc-0d2a786df1c8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1497","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2e3c5583-1729-4d36-8771-59c32f090a22","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2(3)"]},{"policyDefinitionReferenceId":"ACF1498","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/633988b9-cf2f-4323-8394-f0d2af9cd6e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1499","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e59671ab-9720-4ee2-9c60-170e8c82251e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1500","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9dd5b241-03cb-47d3-a5cd-4b89f9c53c92","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1501","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88817b58-8472-4f6c-81fa-58ce42b67f51","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1502","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e901375c-8f01-4ac8-9183-d5312f47fe63","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4(1)"]},{"policyDefinitionReferenceId":"ACF1503","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c1fa9c2f-d439-4ab9-8b83-81fb1934f81d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1504","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e7c35d0-12d4-4e0c-80a2-8a352537aefd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1505","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/813a10a7-3943-4fe3-8678-00dc52db5490","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1506","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f7d2ff17-d604-4dd9-b607-9ecf63f28ad2","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-1"]},{"policyDefinitionReferenceId":"ACF1507","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86ccd1bf-e7ad-4851-93ce-6ec817469c1e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-1"]},{"policyDefinitionReferenceId":"ACF1508","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/76f500cc-4bca-4583-bda1-6d084dc21086","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1509","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/70792197-9bfc-4813-905a-bd33993e327f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1510","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/79da5b09-0e7e-499e-adda-141b069c7998","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1511","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9eae324-d327-4539-9293-b48e122465f8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3"]},{"policyDefinitionReferenceId":"ACF1512","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5a8324ad-f599-429b-aaed-f9c6e8c987a8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3"]},{"policyDefinitionReferenceId":"ACF1513","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c416970d-b12b-49eb-8af4-fb144cd7c290","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3(3)"]},{"policyDefinitionReferenceId":"ACF1514","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ed5ca00-0e43-434e-a018-7aab91461ba7","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3(3)"]},{"policyDefinitionReferenceId":"ACF1515","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02dd141a-a2b2-49a7-bcbd-ca31142f6211","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1516","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da3cd269-156f-435b-b472-c3af34c032ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1517","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8f5ad423-50d6-4617-b058-69908f5586c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1518","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d58f734-c052-40e9-8b2f-a1c2bff0b815","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1519","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2f13915a-324c-4ab8-b45c-2eefeeefb098","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1520","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f2c513b-eb16-463b-b469-c10e5fa94f0a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1521","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cbddf9c-a3aa-4330-a0f5-4c0c1f1862e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4(2)"]},{"policyDefinitionReferenceId":"ACF1522","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/38b470cc-f939-4a15-80e0-9f0c74f2e2c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1523","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5577a310-2551-49c8-803b-36e0d5e55601","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1524","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/72f1cb4e-2439-4fe8-88ea-b8671ce3c268","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1525","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9be2f688-7a61-45e3-8230-e1ec93893f66","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1526","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/953e6261-a05a-44fd-8246-000e1a3edbb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1527","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2823de66-332f-4bfd-94a3-3eb036cd3b67","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1528","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/deb9797c-22f8-40e8-b342-a84003c924e6","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1529","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d74fdc92-1cb8-4a34-9978-8556425cd14c","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1530","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e8f9566-29f1-49cd-b61f-f8628a3cf993","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1531","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0643e0c-eee5-4113-8684-c608d05c5236","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1532","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2c66299-9017-4d95-8040-8bdbf7901d52","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1533","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bba2a036-fb3b-4261-b1be-a13dfb5fbcaa","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1534","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8b2b263e-cd05-4488-bcbf-4debec7a17d9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-8"]},{"policyDefinitionReferenceId":"ACF1535","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9a165d2-967d-4733-8399-1074270dae2e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-8"]},{"policyDefinitionReferenceId":"ACF1536","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e40d9de-2ad4-4cb5-8945-23143326a502","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-1"]},{"policyDefinitionReferenceId":"ACF1537","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b19454ca-0d70-42c0-acf5-ea1c1e5726d1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-1"]},{"policyDefinitionReferenceId":"ACF1538","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d7658b2-e827-49c3-a2ae-6d2bd0b45874","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1539","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aabb155f-e7a5-4896-a767-e918bfae2ee0","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1540","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f771f8cb-6642-45cc-9a15-8a41cd5c6977","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1541","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/70f6af82-7be6-44aa-9b15-8b9231b2e434","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1542","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eab340d0-3d55-4826-a0e5-feebfeb0131d","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1543","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd00b778-b5b5-49c0-a994-734ea7bd3624","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1544","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/43ced7c9-cd53-456b-b0da-2522649a4271","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1545","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3f4b171a-a56b-4328-8112-32cf7f947ee1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1546","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ce1ea7e-4038-4e53-82f4-63e8859333c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1547","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1548","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3afe6c78-6124-4d95-b85c-eb8c0c9539cb","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1549","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d6976a08-d969-4df2-bb38-29556c2eb48a","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1550","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/902908fb-25a8-4225-a3a5-5603c80066c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1551","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bbda922-0172-4095-89e6-5b4a0bf03af7","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(1)"]},{"policyDefinitionReferenceId":"ACF1552","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/43684572-e4f1-4642-af35-6b933bc506da","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(2)"]},{"policyDefinitionReferenceId":"ACF1553","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e5225fe-cdfb-4fce-9aec-0fe20dd53b62","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(3)"]},{"policyDefinitionReferenceId":"ACF1554","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10984b4e-c93e-48d7-bf20-9c03b04e9eca","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(4)"]},{"policyDefinitionReferenceId":"ACF1555","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5afa8cab-1ed7-4e40-884c-64e0ac2059cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(5)"]},{"policyDefinitionReferenceId":"ACF1556","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/391ff8b3-afed-405e-9f7d-ef2f8168d5da","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(6)"]},{"policyDefinitionReferenceId":"ACF1557","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36fbe499-f2f2-41b6-880e-52d7ea1d94a5","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(8)"]},{"policyDefinitionReferenceId":"ACF1558","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/65592b16-4367-42c5-a26e-d371be450e17","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(10)"]},{"policyDefinitionReferenceId":"ACF1559","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45692294-f074-42bd-ac54-16f1a3c07554","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-1"]},{"policyDefinitionReferenceId":"ACF1560","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e29e0915-5c2f-4d09-8806-048b749ad763","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-1"]},{"policyDefinitionReferenceId":"ACF1561","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40364c3f-c331-4e29-b1e3-2fbe998ba2f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1562","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d4142013-7964-4163-a313-a900301c2cef","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1563","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9afe2edf-232c-4fdf-8e6a-e867a5c525fd","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1564","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/157f0ef9-143f-496d-b8f9-f8c8eeaad801","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1565","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45ce2396-5c76-4654-9737-f8792ab3d26b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1566","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50ad3724-e2ac-4716-afcc-d8eabd97adb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1567","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e72edbf6-aa61-436d-a227-0f32b77194b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1568","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6a8eae8-9854-495a-ac82-d2cd3eac02a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1569","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ad2f8e61-a564-4dfd-8eaa-816f5be8cb34","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1570","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7fcf38d-bb09-4600-be7d-825046eb162a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1571","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b11c985b-f2cd-4bd7-85f4-b52426edf905","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1572","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/04f5fb00-80bb-48a9-a75b-4cb4d4c97c36","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1573","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/58c93053-7b98-4cf0-b99f-1beb985416c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1574","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f935dab-83d6-47b8-85ef-68b8584161b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1575","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93e1bb73-1b08-4dbe-9c62-8e2e92e7ec41","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(1)"]},{"policyDefinitionReferenceId":"ACF1576","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f18c885-ade3-48c5-80b1-8f9216019c18","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(2)"]},{"policyDefinitionReferenceId":"ACF1577","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d922484a-8cfc-4a6b-95a4-77d6a685407f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(8)"]},{"policyDefinitionReferenceId":"ACF1578","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45b7b644-5f91-498e-9d89-7402532d3645","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(9)"]},{"policyDefinitionReferenceId":"ACF1579","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e54c7ef-7457-430b-9a3e-ef8881d4a8e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(10)"]},{"policyDefinitionReferenceId":"ACF1580","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/854db8ac-6adf-42a0-bef3-b73f764f40b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1581","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/742b549b-7a25-465f-b83c-ea1ffb4f4e0e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1582","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cd9e2f38-259b-462c-bfad-0ad7ab4e65c5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1583","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0882d488-8e80-4466-bc0f-0cd15b6cb66d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1584","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5864522b-ff1d-4979-a9f8-58bee1fb174c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1585","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d57f8732-5cdc-4cda-8d27-ab148e1f3a55","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-8"]},{"policyDefinitionReferenceId":"ACF1586","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e3b2fbd-8f37-4766-a64d-3f37703dcb51","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1587","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32820956-9c6d-4376-934c-05cd8525be7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1588","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68ebae26-e0e0-4ecb-8379-aabf633b51e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1589","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86ec7f9b-9478-40ff-8cfd-6a0d510081a8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(1)"]},{"policyDefinitionReferenceId":"ACF1590","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf296b8c-f391-4ea4-9198-be3c9d39dd1f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(1)"]},{"policyDefinitionReferenceId":"ACF1591","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f751cdb7-fbee-406b-969b-815d367cb9b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(2)"]},{"policyDefinitionReferenceId":"ACF1592","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d01ba6c-289f-42fd-a408-494b355b6222","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(4)"]},{"policyDefinitionReferenceId":"ACF1593","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2cd0a426-b5f5-4fe0-9539-a6043cdbc6fa","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(5)"]},{"policyDefinitionReferenceId":"ACF1594","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/042ba2a1-8bb8-45f4-b080-c78cf62b90e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1595","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1e0414e7-6ef5-4182-8076-aa82fbb53341","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1596","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21e25e01-0ae0-41be-919e-04ce92b8e8b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1597","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68b250ec-2e4f-4eee-898a-117a9fda7016","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1598","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae7e1f5e-2d63-4b38-91ef-bce14151cce3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1599","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0004bbf0-5099-4179-869e-e9ffe5fb0945","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10(1)"]},{"policyDefinitionReferenceId":"ACF1600","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c53f3123-d233-44a7-930b-f40d3bfeb7d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1601","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1602","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ddae2e97-a449-499f-a1c8-aea4a7e52ec9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1603","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b909c26-162f-47ce-8e15-0c1f55632eac","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1604","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44dbba23-0b61-478e-89c7-b3084667782f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1605","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0062eb8b-dc75-4718-8ea5-9bb4a9606655","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(1)"]},{"policyDefinitionReferenceId":"ACF1606","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(2)"]},{"policyDefinitionReferenceId":"ACF1607","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/976a74cf-b192-4d35-8cab-2068f272addb","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(8)"]},{"policyDefinitionReferenceId":"ACF1608","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b73b7b3b-677c-4a2a-b949-ad4dc4acd89f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-12"]},{"policyDefinitionReferenceId":"ACF1609","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e93fa71-42ac-41a7-b177-efbfdc53c69f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-15"]},{"policyDefinitionReferenceId":"ACF1610","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9f3fb54-4222-46a1-a308-4874061f8491","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-15"]},{"policyDefinitionReferenceId":"ACF1611","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-16"]},{"policyDefinitionReferenceId":"ACF1612","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2037b3d-8b04-4171-8610-e6d4f1d08db5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1613","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fe2ad78b-8748-4bff-a924-f74dfca93f30","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1614","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8154e3b3-cc52-40be-9407-7756581d71f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1615","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f35e02aa-0a55-49f8-8811-8abfa7e6f2c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-1"]},{"policyDefinitionReferenceId":"ACF1616","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2006457a-48b3-4f7b-8d2e-1532287f9929","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-1"]},{"policyDefinitionReferenceId":"ACF1617","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a631d8f5-eb81-4f9d-9ee1-74431371e4a3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-2"]},{"policyDefinitionReferenceId":"ACF1618","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f52f89aa-4489-4ec4-950e-8c96a036baa9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-3"]},{"policyDefinitionReferenceId":"ACF1619","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c722e569-cb52-45f3-a643-836547d016e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-4"]},{"policyDefinitionReferenceId":"ACF1620","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d17c826b-1dec-43e1-a984-7b71c446649c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-5"]},{"policyDefinitionReferenceId":"ACF1621","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cb9f731-744a-4691-a481-ca77b0411538","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-6"]},{"policyDefinitionReferenceId":"ACF1622","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ecf56554-164d-499a-8d00-206b07c27bed","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1623","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02ce1b22-412a-4528-8630-c42146f917ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1624","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37d079e3-d6aa-4263-a069-dd7ac6dd9684","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1625","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9b66a4d-70a1-4b47-8fa1-289cec68c605","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(3)"]},{"policyDefinitionReferenceId":"ACF1626","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8f6bddd-6d67-439a-88d4-c5fe39a79341","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1627","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd73310d-76fc-422d-bda4-3a077149f179","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1628","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/67de62b4-a737-4781-8861-3baed3c35069","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1629","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c171b095-7756-41de-8644-a062a96043f2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1630","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3643717a-3897-4bfd-8530-c7c96b26b2a0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1631","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74ae9b8e-e7bb-4c9c-992f-c535282f7a2c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(5)"]},{"policyDefinitionReferenceId":"ACF1632","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ce9073a-77fa-48f0-96b1-87aa8e6091c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(7)"]},{"policyDefinitionReferenceId":"ACF1633","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/07557aa0-e02f-4460-9a81-8ecd2fed601a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(8)"]},{"policyDefinitionReferenceId":"ACF1634","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/292a7c44-37fa-4c68-af7c-9d836955ded2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(10)"]},{"policyDefinitionReferenceId":"ACF1635","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(12)"]},{"policyDefinitionReferenceId":"ACF1636","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7b694eed-7081-43c6-867c-41c76c961043","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(13)"]},{"policyDefinitionReferenceId":"ACF1637","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4075bedc-c62a-4635-bede-a01be89807f3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(18)"]},{"policyDefinitionReferenceId":"ACF1638","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/49b99653-32cd-405d-a135-e7d60a9aae1f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(20)"]},{"policyDefinitionReferenceId":"ACF1639","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/78e8e649-50f6-4fe3-99ac-fedc2e63b03f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(21)"]},{"policyDefinitionReferenceId":"ACF1640","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05a289ce-6a20-4b75-a0f3-dc8601b6acd0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8"]},{"policyDefinitionReferenceId":"ACF1641","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d39d4f68-7346-4133-8841-15318a714a24","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"ACF1642","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53397227-5ee3-4b23-9e5e-c8a767ce6928","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-10"]},{"policyDefinitionReferenceId":"ACF1643","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d8d492c-dd7a-46f7-a723-fa66a425b87c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12"]},{"policyDefinitionReferenceId":"ACF1644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7211477-c970-446b-b4af-062f37461147","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(1)"]},{"policyDefinitionReferenceId":"ACF1645","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/afbd0baf-ff1a-4447-a86f-088a97347c0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(2)"]},{"policyDefinitionReferenceId":"ACF1646","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/506814fa-b930-4b10-894e-a45b98c40e1a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(3)"]},{"policyDefinitionReferenceId":"ACF1647","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/791cfc15-6974-42a0-9f4c-2d4b82f4a78c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-13"]},{"policyDefinitionReferenceId":"ACF1648","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3a9eb14b-495a-4ebb-933c-ce4ef5264e32","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-15"]},{"policyDefinitionReferenceId":"ACF1649","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26d292cc-b0b8-4c29-9337-68abc758bf7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-15"]},{"policyDefinitionReferenceId":"ACF1650","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201d3740-bd16-4baf-b4b8-7cda352228b7","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-17"]},{"policyDefinitionReferenceId":"ACF1651","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6db63528-c9ba-491c-8a80-83e1e6977a50","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1652","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6998e84a-2d29-4e10-8962-76754d4f772d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1653","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1654","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a2ee16e-ab1f-414a-800b-d1608835862b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-19"]},{"policyDefinitionReferenceId":"ACF1655","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/121eab72-390e-4629-a7e2-6d6184f57c6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-19"]},{"policyDefinitionReferenceId":"ACF1656","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1cb067d5-c8b5-4113-a7ee-0a493633924b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-20"]},{"policyDefinitionReferenceId":"ACF1657","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90f01329-a100-43c2-af31-098996135d2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-20"]},{"policyDefinitionReferenceId":"ACF1658","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/063b540e-4bdc-4e7a-a569-3a42ddf22098","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-21"]},{"policyDefinitionReferenceId":"ACF1659","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/35a4102f-a778-4a2e-98c2-971056288df8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-22"]},{"policyDefinitionReferenceId":"ACF1660","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/63096613-ce83-43e5-96f4-e588e8813554","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-23"]},{"policyDefinitionReferenceId":"ACF1661","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c643c9a-1be7-4016-a5e7-e4bada052920","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-23(1)"]},{"policyDefinitionReferenceId":"ACF1662","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/165cb91f-7ea8-4ab7-beaf-8636b98c9d15","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-24"]},{"policyDefinitionReferenceId":"ACF1663","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60171210-6dde-40af-a144-bf2670518bfa","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28"]},{"policyDefinitionReferenceId":"ACF1664","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2cdf6b8-9505-4619-b579-309ba72037ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"ACF1665","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5df3a55c-8456-44d4-941e-175f79332512","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-39"]},{"policyDefinitionReferenceId":"ACF1666","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12e30ee3-61e6-4509-8302-a871e8ebb91e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-1"]},{"policyDefinitionReferenceId":"ACF1667","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d61880dc-6e38-4f2a-a30c-3406a98f8220","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-1"]},{"policyDefinitionReferenceId":"ACF1668","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fb0966e-be1d-42c3-baca-60df5c0bcc61","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1669","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48f2f62b-5743-4415-a143-288adc0e078d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1670","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c6108469-57ee-4666-af7e-79ba61c7ae0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1671","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c5bbef7-a316-415b-9b38-29753ce8e698","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1672","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b45fe972-904e-45a4-ac20-673ba027a301","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(1)"]},{"policyDefinitionReferenceId":"ACF1673","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dff0b90d-5a6f-491c-b2f8-b90aa402d844","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(2)"]},{"policyDefinitionReferenceId":"ACF1674","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93e9e233-dd0a-4bde-aea5-1371bce0e002","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(3)"]},{"policyDefinitionReferenceId":"ACF1675","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/facb66e0-1c48-478a-bed5-747a312323e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(3)"]},{"policyDefinitionReferenceId":"ACF1676","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c10fb58b-56a8-489e-9ce3-7ffe24e78e4b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1677","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4a248e1e-040f-43e5-bff2-afc3a57a3923","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1678","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd533cb0-b416-4be7-8e86-4d154824dfd7","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1679","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2cf42a28-193e-41c5-98df-7688e7ef0a88","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1680","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/399cd6ee-0e18-41db-9dea-cde3bd712f38","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"ACF1681","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12623e7e-4736-4b2e-b776-c1600f35f93a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(2)"]},{"policyDefinitionReferenceId":"ACF1682","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/62b638c5-29d7-404b-8d93-f21e4b1ce198","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(7)"]},{"policyDefinitionReferenceId":"ACF1683","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c79fee4-88dd-44ce-bbd4-4de88948c4f8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1684","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16bfdb59-db38-47a5-88a9-2e9371a638cf","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1685","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36b0ef30-366f-4b1b-8652-a3511df11f53","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1686","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e17085c5-0be8-4423-b39b-a52d3d1402e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1687","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a87fc7f-301e-49f3-ba2a-4d74f424fa97","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1688","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/063c3f09-e0f0-4587-8fd5-f4276fae675f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1689","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/de901f2f-a01a-4456-97f0-33cda7966172","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1690","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2567a23-d1c3-4783-99f3-d471302a4d6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(1)"]},{"policyDefinitionReferenceId":"ACF1691","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/71475fb4-49bd-450b-a1a5-f63894c24725","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(2)"]},{"policyDefinitionReferenceId":"ACF1692","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ecda928-9df4-4dd7-8f44-641a91e470e8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(4)"]},{"policyDefinitionReferenceId":"ACF1693","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a450eba6-2efc-4a00-846a-5804a93c6b77","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(5)"]},{"policyDefinitionReferenceId":"ACF1694","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/426c4ac9-ff17-49d0-acd7-a13c157081c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(11)"]},{"policyDefinitionReferenceId":"ACF1695","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13fcf812-ec82-4eda-9b89-498de9efd620","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(14)"]},{"policyDefinitionReferenceId":"ACF1696","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69d2a238-20ab-4206-a6dc-f302bf88b1b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(16)"]},{"policyDefinitionReferenceId":"ACF1697","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9873db2-18ad-46b3-a11a-1a1f8cbf0335","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(18)"]},{"policyDefinitionReferenceId":"ACF1698","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/31b752c1-05a9-432a-8fce-c39b56550119","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(19)"]},{"policyDefinitionReferenceId":"ACF1699","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69c7bee8-bc19-4129-a51e-65a7b39d3e7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(20)"]},{"policyDefinitionReferenceId":"ACF1700","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(22)"]},{"policyDefinitionReferenceId":"ACF1701","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f25bc08f-27cb-43b6-9a23-014d00700426","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(23)"]},{"policyDefinitionReferenceId":"ACF1702","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4dfc0855-92c4-4641-b155-a55ddd962362","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(24)"]},{"policyDefinitionReferenceId":"ACF1703","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/804faf7d-b687-40f7-9f74-79e28adf4205","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1704","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d44b6fa-1134-4ea6-ad4e-9edb68f65429","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1705","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f82e3639-fa2b-4e06-a786-932d8379b972","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1706","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f475ee0e-f560-4c9b-876b-04a77460a404","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1707","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd4a2ac8-868a-4702-a345-6c896c3361ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5(1)"]},{"policyDefinitionReferenceId":"ACF1708","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a1e2c88-13de-4959-8ee7-47e3d74f1f48","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1709","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/025992d6-7fee-4137-9bbf-2ffc39c0686c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1710","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af2a93c8-e6dd-4c94-acdd-4a2eedfc478e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1711","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b083a535-a66a-41ec-ba7f-f9498bf67cde","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1712","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44e543aa-41db-42aa-98eb-8a5eb1db53f0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7"]},{"policyDefinitionReferenceId":"ACF1713","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d87c70b-5012-48e9-994b-e70dd4b8def0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(1)"]},{"policyDefinitionReferenceId":"ACF1714","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e12494fa-b81e-4080-af71-7dbacc2da0ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(2)"]},{"policyDefinitionReferenceId":"ACF1715","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd469ae0-71a8-4adc-aafc-de6949ca3339","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(5)"]},{"policyDefinitionReferenceId":"ACF1716","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e54c325e-42a0-4dcf-b105-046e0f6f590f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(7)"]},{"policyDefinitionReferenceId":"ACF1717","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(14)"]},{"policyDefinitionReferenceId":"ACF1718","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0dced7ab-9ce5-4137-93aa-14c13e06ab17","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(14)"]},{"policyDefinitionReferenceId":"ACF1719","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c13da9b4-fe14-4fe2-853a-5997c9d4215a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8"]},{"policyDefinitionReferenceId":"ACF1720","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44b9a7cd-f36a-491a-a48b-6d04ae7c4221","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8"]},{"policyDefinitionReferenceId":"ACF1721","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8(1)"]},{"policyDefinitionReferenceId":"ACF1722","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1da06bd-25b6-4127-a301-c313d6873fff","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8(2)"]},{"policyDefinitionReferenceId":"ACF1723","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e91927a0-ac1d-44a0-95f8-5185f9dfce9f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-10"]},{"policyDefinitionReferenceId":"ACF1724","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d07594d1-0307-4c08-94db-5d71ff31f0f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-11"]},{"policyDefinitionReferenceId":"ACF1725","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/afc234b5-456b-4aa5-b3e2-ce89108124cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-11"]},{"policyDefinitionReferenceId":"ACF1726","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/baff1279-05e0-4463-9a70-8ba5de4c7aa4","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-12"]},{"policyDefinitionReferenceId":"ACF1727","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/697175a7-9715-4e89-b98b-c6f605888fa3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-16"]}],"policyDefinitionGroups":[{"name":"NIST_SP_800-53_R4_AC-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-1"},{"name":"NIST_SP_800-53_R4_AC-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-10"},{"name":"NIST_SP_800-53_R4_AC-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-11(1)"},{"name":"NIST_SP_800-53_R4_AC-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-11"},{"name":"NIST_SP_800-53_R4_AC-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-12(1)"},{"name":"NIST_SP_800-53_R4_AC-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-12"},{"name":"NIST_SP_800-53_R4_AC-14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-14"},{"name":"NIST_SP_800-53_R4_AC-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_
+ AC-16"},{"name":"NIST_SP_800-53_R4_AC-17(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(1)"},{"name":"NIST_SP_800-53_R4_AC-17(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(2)"},{"name":"NIST_SP_800-53_R4_AC-17(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(3)"},{"name":"NIST_SP_800-53_R4_AC-17(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(4)"},{"name":"NIST_SP_800-53_R4_AC-17(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(9)"},{"name":"NIST_SP_800-53_R4_AC-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17"},{"name":"NIST_SP_800-53_R4_AC-18(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(1)"},{"name":"NIST_SP_800-53_R4_AC-18(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(3)"},{"name":"NIST_SP_800-53_R4_AC-18(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(4)"},{"name":"NIST_SP_800-53_R4_AC-18(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(5)"},{"name":"NIST_SP_800-53_R4_AC-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18"},{"name":"NIST_SP_800-53_R4_AC-19(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-19(5)"},{"name":"NIST_SP_800-53_R4_AC-19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-19"},{"name":"NIST_SP_800-53_R4_AC-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(1)"},{"name":"NIST_SP_800-53_R4_AC-2(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(10)"},{"name":"NIST_SP_800-53_R4_AC-2(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(11)"},{"name":"NIST_SP_800-53_R4_AC-2(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(12)"},{"name":"NIST_SP_800-53_R4_AC-2(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(13)"},{"name":"NIST_SP_800-53_R4_AC-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(2)"},{"name":"NIST_SP_800-53_R4_AC-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(3)"},{"name":"NIST_SP_800-53_R4_AC-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(4)"},{"name":"NIST_SP_800-53_R4_AC-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(5)"},{"name":"NIST_SP_800-53_R4_AC-2(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(7)"},{"name":"NIST_SP_800-53_R4_AC-2(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(9)"},{"name":"NIST_SP_800-53_R4_AC-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2"},{"name":"NIST_SP_800-53_R4_AC-20(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20(1)"},{"name":"NIST_SP_800-53_R4_AC-20(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20(2)"},{"name":"NIST_SP_800-53_R4_AC-20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20"},{"name":"NIST_SP_800-53_R4_AC-21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-21"},{"name":"NIST_SP_800-53_R4_AC-22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-22"},{"name":"NIST_SP_800-53_R4_AC-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-3"},{"name":"NIST_SP_800-53_R4_AC-4(21)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4(21)"},{"name":"NIST_SP_800-53_R4_AC-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4(8)"},{"name":"NIST_SP_800-53_R4_AC-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4"},{"name":"NIST_SP_800-53_R4_AC-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-5"},{"name":"NIST_SP_800-53_R4_AC-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(1)"},{"name":"NIST_SP_800-53_R4_AC-6(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(10)"},{"name":"NIST_SP_800-53_R4_AC-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(2)"},{"name":"NIST_SP_800-53_R4_AC-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(3)"},{"name":"NIST_SP_800-53_R4_AC-6(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(5)"},{"name":"NIST_SP_800-53_R4_AC-6(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(7)"},{"name":"NIST_SP_800-53_R4_AC-6(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(8)"},{"name":"NIST_SP_800-53_R4_AC-6(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(9)"},{"name":"NIST_SP_800-53_R4_AC-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6"},{"name":"NIST_SP_800-53_R4_AC-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-7(2)"},{"name":"NIST_SP_800-53_R4_AC-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-7"},{"name":"NIST_SP_800-53_R4_AC-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-8"},{"name":"NIST_SP_800-53_R4_AT-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-1"},{"name":"NIST_SP_800-53_R4_AT-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-2(2)"},{"name":"NIST_SP_800-53_R4_AT-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-2"},{"name":"NIST_SP_800-53_R4_AT-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3(3)"},{"name":"NIST_SP_800-53_R4_AT-3(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3(4)"},{"name":"NIST_SP_800-53_R4_AT-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3"},{"name":"NIST_SP_800-53_R4_AT-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-4"},{"name":"NIST_SP_800-53_R4_AU-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-1"},{"name":"NIST_SP_800-53_R4_AU-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-10"},{"name":"NIST_SP_800-53_R4_AU-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-11"},{"name":"NIST_SP_800-53_R4_AU-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12(1)"},{"name":"NIST_SP_800-53_R4_AU-12(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12(3)"},{"name":"NIST_SP_800-53_R4_AU-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12"},{"name":"NIST_SP_800-53_R4_AU-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-2(3)"},{"name":"NIST_SP_800-53_R4_AU-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-2"},{"name":"NIST_SP_800-53_R4_AU-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3(1)"},{"name":"NIST_SP_800-53_R4_AU-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3(2)"},{"name":"NIST_SP_800-53_R4_AU-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3"},{"name":"NIST_SP_800-53_R4_AU-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-4"},{"name":"NIST_SP_800-53_R4_AU-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5(1)"},{"name":"NIST_SP_800-53_R4_AU-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5(2)"},{"name":"NIST_SP_800-53_R4_AU-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5"},{"name":"NIST_SP_800-53_R4_AU-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(1)"},{"name":"NIST_SP_800-53_R4_AU-6(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(10)"},{"name":"NIST_SP_800-53_R4_AU-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(3)"},{"name":"NIST_SP_800-53_R4_AU-6(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(4)"},{"name":"NIST_SP_800-53_R4_AU-6(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(5)"},{"name":"NIST_SP_800-53_R4_AU-6(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(6)"},{"name":"NIST_SP_800-53_R4_AU-6(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(7)"},{"name":"NIST_SP_800-53_R4_AU-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6"},{"name":"NIST_SP_800-53_R4_AU-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-7(1)"},{"name":"NIST_SP_800-53_R4_AU-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-7"},{"name":"NIST_SP_800-53_R4_AU-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-8(1)"},{"name":"NIST_SP_800-53_R4_AU-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-8"},{"name":"NIST_SP_800-53_R4_AU-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(2)"},{"name":"NIST_SP_800-53_R4_AU-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(3)"},{"name":"NIST_SP_800-53_R4_AU-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(4)"},{"name":"NIST_SP_800-53_R4_AU-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9"},{"name":"NIST_SP_800-53_R4_CA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-1"},{"name":"NIST_SP_800-53_R4_CA-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(1)"},{"name":"NIST_SP_800-53_R4_CA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(2)"},{"name":"NIST_SP_800-53_R4_CA-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(3)"},{"name":"NIST_SP_800-53_R4_CA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2"},{"name":"NIST_SP_800-53_R4_CA-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3(3)"},{"name":"NIST_SP_800-53_R4_CA-3(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3(5)"},{"name":"NIST_SP_800-53_R4_CA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3"},{"name":"NIST_SP_800-53_R4_CA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-5"},{"name":"NIST_SP_800-53_R4_CA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-6"},{"name":"NIST_SP_800-53_R4_CA-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7(1)"},{"name":"NIST_SP_800-53_R4_CA-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7(3)"},{"name":"NIST_SP_800-53_R4_CA-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7"},{"name":"NIST_SP_800-53_R4_CA-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-8(1)"},{"name":"NIST_SP_800-53_R4_CA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-8"},{"name":"NIST_SP_800-53_R4_CA-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-9"},{"name":"NIST_SP_800-53_R4_CM-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-1"},{"name":"NIST_SP_800-53_R4_CM-10(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-10(1)"},{"name":"NIST_SP_800-53_R4_CM-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-10"},{"name":"NIST_SP_800-53_R4_CM-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-11(1)"},{"name":"NIST_SP_800-53_R4_CM-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-11"},{"name":"NIST_SP_800-53_R4_CM-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(1)"},{"name":"NIST_SP_800-53_R4_CM-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(2)"},{"name":"NIST_SP_800-53_R4_CM-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(3)"},{"name":"NIST_SP_800-53_R4_CM-2(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(7)"},{"name":"NIST_SP_800-53_R4_CM-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2"},{"name":"NIST_SP_800-53_R4_CM-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(1)"},{"name":"NIST_SP_800-53_R4_CM-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(2)"},{"name":"NIST_SP_800-53_R4_CM-3(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(4)"},{"name":"NIST_SP_800-53_R4_CM-3(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(6)"},{"name":"NIST_SP_800-53_R4_CM-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3"},{"name":"NIST_SP_800-53_R4_CM-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-4(1)"},{"name":"NIST_SP_800-53_R4_CM-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-4"},{"name":"NIST_SP_800-53_R4_CM-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(1)"},{"name":"NIST_SP_800-53_R4_CM-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(2)"},{"name":"NIST_SP_800-53_R4_CM-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(3)"},{"name":"NIST_SP_800-53_R4_CM-5(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(5)"},{"name":"NIST_SP_800-53_R4_CM-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5"},{"name":"NIST_SP_800-53_R4_CM-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6(1)"},{"name":"NIST_SP_800-53_R4_CM-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6(2)"},{"name":"NIST_SP_800-53_R4_CM-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6"},{"name":"NIST_SP_800-53_R4_CM-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(1)"},{"name":"NIST_SP_800-53_R4_CM-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(2)"},{"name":"NIST_SP_800-53_R4_CM-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(5)"},{"name":"NIST_SP_800-53_R4_CM-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7"},{"name":"NIST_SP_800-53_R4_CM-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(1)"},{"name":"NIST_SP_800-53_R4_CM-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(2)"},{"name":"NIST_SP_800-53_R4_CM-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(3)"},{"name":"NIST_SP_800-53_R4_CM-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(4)"},{"name":"NIST_SP_800-53_R4_CM-8(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(5)"},{"name":"NIST_SP_800-53_R4_CM-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8"},{"name":"NIST_SP_800-53_R4_CM-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-9"},{"name":"NIST_SP_800-53_R4_CP-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-1"},{"name":"NIST_SP_800-53_R4_CP-10(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10(2)"},{"name":"NIST_SP_800-53_R4_CP-10(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10(4)"},{"name":"NIST_SP_800-53_R4_CP-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10"},{"name":"NIST_SP_800-53_R4_CP-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(1)"},{"name":"NIST_SP_800-53_R4_CP-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(2)"},{"name":"NIST_SP_800-53_R4_CP-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(3)"},{"name":"NIST_SP_800-53_R4_CP-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(4)"},{"name":"NIST_SP_800-53_R4_CP-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(5)"},{"name":"NIST_SP_800-53_R4_CP-2(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(8)"},{"name":"NIST_SP_800-53_R4_CP-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2"},{"name":"NIST_SP_800-53_R4_CP-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-3(1)"},{"name":"NIST_SP_800-53_R4_CP-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-3"},{"name":"NIST_SP_800-53_R4_CP-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4(1)"},{"name":"NIST_SP_800-53_R4_CP-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4(2)"},{"name":"NIST_SP_800-53_R4_CP-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4"},{"name":"NIST_SP_800-53_R4_CP-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(1)"},{"name":"NIST_SP_800-53_R4_CP-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(2)"},{"name":"NIST_SP_800-53_R4_CP-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(3)"},{"name":"NIST_SP_800-53_R4_CP-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6"},{"name":"NIST_SP_800-53_R4_CP-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(1)"},{"name":"NIST_SP_800-53_R4_CP-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(2)"},{"name":"NIST_SP_800-53_R4_CP-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(3)"},{"name":"NIST_SP_800-53_R4_CP-7(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(4)"},{"name":"NIST_SP_800-53_R4_CP-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7"},{"name":"NIST_SP_800-53_R4_CP-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(1)"},{"name":"NIST_SP_800-53_R4_CP-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(2)"},{"name":"NIST_SP_800-53_R4_CP-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(3)"},{"name":"NIST_SP_800-53_R4_CP-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(4)"},{"name":"NIST_SP_800-53_R4_CP-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8"},{"name":"NIST_SP_800-53_R4_CP-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(1)"},{"name":"NIST_SP_800-53_R4_CP-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(2)"},{"name":"NIST_SP_800-53_R4_CP-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(3)"},{"name":"NIST_SP_800-53_R4_CP-9(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(5)"},{"name":"NIST_SP_800-53_R4_CP-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9"},{"name":"NIST_SP_800-53_R4_IA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-1"},{"name":"NIST_SP_800-53_R4_IA-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(1)"},{"name":"NIST_SP_800-53_R4_IA-2(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(11)"},{"name":"NIST_SP_800-53_R4_IA-2(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(12)"},{"name":"NIST_SP_800-53_R4_IA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(2)"},{"name":"NIST_SP_800-53_R4_IA-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(3)"},{"name":"NIST_SP_800-53_R4_IA-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(4)"},{"name":"NIST_SP_800-53_R4_IA-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(5)"},{"name":"NIST_SP_800-53_R4_IA-2(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(8)"},{"name":"NIST_SP_800-53_R4_IA-2(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(9)"},{"name":"NIST_SP_800-53_R4_IA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2"},{"name":"NIST_SP_800-53_R4_IA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-3"},{"name":"NIST_SP_800-53_R4_IA-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-4(4)"},{"name":"NIST_SP_800-53_R4_IA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-4"},{"name":"NIST_SP_800-53_R4_IA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(1)"},{"name":"NIST_SP_800-53_R4_IA-5(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(11)"},{"name":"NIST_SP_800-53_R4_IA-5(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(13)"},{"name":"NIST_SP_800-53_R4_IA-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(2)"},{"name":"NIST_SP_800-53_R4_IA-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(3)"},{"name":"NIST_SP_800-53_R4_IA-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(4)"},{"name":"NIST_SP_800-53_R4_IA-5(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(6)"},{"name":"NIST_SP_800-53_R4_IA-5(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(7)"},{"name":"NIST_SP_800-53_R4_IA-5(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(8)"},{"name":"NIST_SP_800-53_R4_IA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5"},{"name":"NIST_SP_800-53_R4_IA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-6"},{"name":"NIST_SP_800-53_R4_IA-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-7"},{"name":"NIST_SP_800-53_R4_IA-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(1)"},{"name":"NIST_SP_800-53_R4_IA-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(2)"},{"name":"NIST_SP_800-53_R4_IA-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(3)"},{"name":"NIST_SP_800-53_R4_IA-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(4)"},{"name":"NIST_SP_800-53_R4_IA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8"},{"name":"NIST_SP_800-53_R4_IR-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-1"},{"name":"NIST_SP_800-53_R4_IR-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2(1)"},{"name":"NIST_SP_800-53_R4_IR-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2(2)"},{"name":"NIST_SP_800-53_R4_IR-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2"},{"name":"NIST_SP_800-53_R4_IR-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-3(2)"},{"name":"NIST_SP_800-53_R4_IR-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-3"},{"name":"NIST_SP_800-53_R4_IR-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(1)"},{"name":"NIST_SP_800-53_R4_IR-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(2)"},{"name":"NIST_SP_800-53_R4_IR-4(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(3)"},{"name":"NIST_SP_800-53_R4_IR-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(4)"},{"name":"NIST_SP_800-53_R4_IR-4(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(6)"},{"name":"NIST_SP_800-53_R4_IR-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(8)"},{"name":"NIST_SP_800-53_R4_IR-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4"},{"name":"NIST_SP_800-53_R4_IR-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-5(1)"},{"name":"NIST_SP_800-53_R4_IR-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-5"},{"name":"NIST_SP_800-53_R4_IR-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-6(1)"},{"name":"NIST_SP_800-53_R4_IR-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-6"},{"name":"NIST_SP_800-53_R4_IR-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7(1)"},{"name":"NIST_SP_800-53_R4_IR-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7(2)"},{"name":"NIST_SP_800-53_R4_IR-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7"},{"name":"NIST_SP_800-53_R4_IR-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-8"},{"name":"NIST_SP_800-53_R4_IR-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(1)"},{"name":"NIST_SP_800-53_R4_IR-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(2)"},{"name":"NIST_SP_800-53_R4_IR-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(3)"},{"name":"NIST_SP_800-53_R4_IR-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(4)"},{"name":"NIST_SP_800-53_R4_IR-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9"},{"name":"NIST_SP_800-53_R4_MA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-1"},{"name":"NIST_SP_800-53_R4_MA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-2(2)"},{"name":"NIST_SP_800-53_R4_MA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-2"},{"name":"NIST_SP_800-53_R4_MA-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(1)"},{"name":"NIST_SP_800-53_R4_MA-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(2)"},{"name":"NIST_SP_800-53_R4_MA-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(3)"},{"name":"NIST_SP_800-53_R4_MA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3"},{"name":"NIST_SP_800-53_R4_MA-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(2)"},{"name":"NIST_SP_800-53_R4_MA-4(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(3)"},{"name":"NIST_SP_800-53_R4_MA-4(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(6)"},{"name":"NIST_SP_800-53_R4_MA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4"},{"name":"NIST_SP_800-53_R4_MA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-5(1)"},{"name":"NIST_SP_800-53_R4_MA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-5"},{"name":"NIST_SP_800-53_R4_MA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-6"},{"name":"NIST_SP_800-53_R4_MP-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-1"},{"name":"NIST_SP_800-53_R4_MP-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-2"},{"name":"NIST_SP_800-53_R4_MP-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-3"},{"name":"NIST_SP_800-53_R4_MP-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-4"},{"name":"NIST_SP_800-53_R4_MP-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-5(4)"},{"name":"NIST_SP_800-53_R4_MP-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-5"},{"name":"NIST_SP_800-53_R4_MP-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(1)"},{"name":"NIST_SP_800-53_R4_MP-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(2)"},{"name":"NIST_SP_800-53_R4_MP-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(3)"},{"name":"NIST_SP_800-53_R4_MP-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6"},{"name":"NIST_SP_800-53_R4_MP-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-7(1)"},{"name":"NIST_SP_800-53_R4_MP-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-7"},{"name":"NIST_SP_800-53_R4_PE-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-1"},{"name":"NIST_SP_800-53_R4_PE-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-10"},{"name":"NIST_SP_800-53_R4_PE-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-11(1)"},{"name":"NIST_SP_800-53_R4_PE-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-11"},{"name":"NIST_SP_800-53_R4_PE-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-12"},{"name":"NIST_SP_800-53_R4_PE-13(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(1)"},{"name":"NIST_SP_800-53_R4_PE-13(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(2)"},{"name":"NIST_SP_800-53_R4_PE-13(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(3)"},{"name":"NIST_SP_800-53_R4_PE-13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13"},{"name":"NIST_SP_800-53_R4_PE-14(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-14(2)"},{"name":"NIST_SP_800-53_R4_PE-14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-14"},{"name":"NIST_SP_800-53_R4_PE-15(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-15(1)"},{"name":"NIST_SP_800-53_R4_PE-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-15"},{"name":"NIST_SP_800-53_R4_PE-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-16"},{"name":"NIST_SP_800-53_R4_PE-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-17"},{"name":"NIST_SP_800-53_R4_PE-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-18"},{"name":"NIST_SP_800-53_R4_PE-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-2"},{"name":"NIST_SP_800-53_R4_PE-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-3(1)"},{"name":"NIST_SP_800-53_R4_PE-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-3"},{"name":"NIST_SP_800-53_R4_PE-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-4"},{"name":"NIST_SP_800-53_R4_PE-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-5"},{"name":"NIST_SP_800-53_R4_PE-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6(1)"},{"name":"NIST_SP_800-53_R4_PE-6(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6(4)"},{"name":"NIST_SP_800-53_R4_PE-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6"},{"name":"NIST_SP_800-53_R4_PE-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-8(1)"},{"name":"NIST_SP_800-53_R4_PE-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-8"},{"name":"NIST_SP_800-53_R4_PE-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-9"},{"name":"NIST_SP_800-53_R4_PL-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-1"},{"name":"NIST_SP_800-53_R4_PL-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-2(3)"},{"name":"NIST_SP_800-53_R4_PL-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-2"},{"name":"NIST_SP_800-53_R4_PL-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-4(1)"},{"name":"NIST_SP_800-53_R4_PL-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-4"},{"name":"NIST_SP_800-53_R4_PL-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-8"},{"name":"NIST_SP_800-53_R4_PS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-1"},{"name":"NIST_SP_800-53_R4_PS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-2"},{"name":"NIST_SP_800-53_R4_PS-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-3(3)"},{"name":"NIST_SP_800-53_R4_PS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-3"},{"name":"NIST_SP_800-53_R4_PS-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-4(2)"},{"name":"NIST_SP_800-53_R4_PS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-4"},{"name":"NIST_SP_800-53_R4_PS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-5"},{"name":"NIST_SP_800-53_R4_PS-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-6"},{"name":"NIST_SP_800-53_R4_PS-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-7"},{"name":"NIST_SP_800-53_R4_PS-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-8"},{"name":"NIST_SP_800-53_R4_RA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-1"},{"name":"NIST_SP_800-53_R4_RA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-2"},{"name":"NIST_SP_800-53_R4_RA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-3"},{"name":"NIST_SP_800-53_R4_RA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(1)"},{"name":"NIST_SP_800-53_R4_RA-5(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(10)"},{"name":"NIST_SP_800-53_R4_RA-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(2)"},{"name":"NIST_SP_800-53_R4_RA-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(3)"},{"name":"NIST_SP_800-53_R4_RA-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(4)"},{"name":"NIST_SP_800-53_R4_RA-5(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(5)"},{"name":"NIST_SP_800-53_R4_RA-5(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(6)"},{"name":"NIST_SP_800-53_R4_RA-5(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(8)"},{"name":"NIST_SP_800-53_R4_RA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5"},{"name":"NIST_SP_800-53_R4_SA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-1"},{"name":"NIST_SP_800-53_R4_SA-10(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-10(1)"},{"name":"NIST_SP_800-53_R4_SA-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-10"},{"name":"NIST_SP_800-53_R4_SA-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(1)"},{"name":"NIST_SP_800-53_R4_SA-11(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(2)"},{"name":"NIST_SP_800-53_R4_SA-11(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(8)"},{"name":"NIST_SP_800-53_R4_SA-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11"},{"name":"NIST_SP_800-53_R4_SA-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-12"},{"name":"NIST_SP_800-53_R4_SA-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-15"},{"name":"NIST_SP_800-53_R4_SA-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-16"},{"name":"NIST_SP_800-53_R4_SA-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-17"},{"name":"NIST_SP_800-53_R4_SA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-2"},{"name":"NIST_SP_800-53_R4_SA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-3"},{"name":"NIST_SP_800-53_R4_SA-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(1)"},{"name":"NIST_SP_800-53_R4_SA-4(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(10)"},{"name":"NIST_SP_800-53_R4_SA-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(2)"},{"name":"NIST_SP_800-53_R4_SA-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(8)"},{"name":"NIST_SP_800-53_R4_SA-4(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(9)"},{"name":"NIST_SP_800-53_R4_SA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4"},{"name":"NIST_SP_800-53_R4_SA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-5"},{"name":"NIST_SP_800-53_R4_SA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-8"},{"name":"NIST_SP_800-53_R4_SA-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(1)"},{"name":"NIST_SP_800-53_R4_SA-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(2)"},{"name":"NIST_SP_800-53_R4_SA-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(4)"},{"name":"NIST_SP_800-53_R4_SA-9(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(5)"},{"name":"NIST_SP_800-53_R4_SA-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9"},{"name":"NIST_SP_800-53_R4_SC-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-1"},{"name":"NIST_SP_800-53_R4_SC-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-10"},{"name":"NIST_SP_800-53_R4_SC-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(1)"},{"name":"NIST_SP_800-53_R4_SC-12(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(2)"},{"name":"NIST_SP_800-53_R4_SC-12(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(3)"},{"name":"NIST_SP_800-53_R4_SC-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12"},{"name":"NIST_SP_800-53_R4_SC-13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-13"},{"name":"NIST_SP_800-53_R4_SC-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-15"},{"name":"NIST_SP_800-53_R4_SC-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-17"},{"name":"NIST_SP_800-53_R4_SC-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-18"},{"name":"NIST_SP_800-53_R4_SC-19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-19"},{"name":"NIST_SP_800-53_R4_SC-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-2"},{"name":"NIST_SP_800-53_R4_SC-20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-20"},{"name":"NIST_SP_800-53_R4_SC-21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-21"},{"name":"NIST_SP_800-53_R4_SC-22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-22"},{"name":"NIST_SP_800-53_R4_SC-23(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-23(1)"},{"name":"NIST_SP_800-53_R4_SC-23","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-23"},{"name":"NIST_SP_800-53_R4_SC-24","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-24"},{"name":"NIST_SP_800-53_R4_SC-28(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-28(1)"},{"name":"NIST_SP_800-53_R4_SC-28","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-28"},{"name":"NIST_SP_800-53_R4_SC-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-3"},{"name":"NIST_SP_800-53_R4_SC-39","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-39"},{"name":"NIST_SP_800-53_R4_SC-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-4"},{"name":"NIST_SP_800-53_R4_SC-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-5"},{"name":"NIST_SP_800-53_R4_SC-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-6"},{"name":"NIST_SP_800-53_R4_SC-7(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(10)"},{"name":"NIST_SP_800-53_R4_SC-7(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(12)"},{"name":"NIST_SP_800-53_R4_SC-7(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(13)"},{"name":"NIST_SP_800-53_R4_SC-7(18)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(18)"},{"name":"NIST_SP_800-53_R4_SC-7(20)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(20)"},{"name":"NIST_SP_800-53_R4_SC-7(21)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(21)"},{"name":"NIST_SP_800-53_R4_SC-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(3)"},{"name":"NIST_SP_800-53_R4_SC-7(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(4)"},{"name":"NIST_SP_800-53_R4_SC-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(5)"},{"name":"NIST_SP_800-53_R4_SC-7(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(7)"},{"name":"NIST_SP_800-53_R4_SC-7(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(8)"},{"name":"NIST_SP_800-53_R4_SC-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7"},{"name":"NIST_SP_800-53_R4_SC-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-8(1)"},{"name":"NIST_SP_800-53_R4_SC-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-8"},{"name":"NIST_SP_800-53_R4_SI-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-1"},{"name":"NIST_SP_800-53_R4_SI-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-10"},{"name":"NIST_SP_800-53_R4_SI-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-11"},{"name":"NIST_SP_800-53_R4_SI-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-12"},{"name":"NIST_SP_800-53_R4_SI-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-16"},{"name":"NIST_SP_800-53_R4_SI-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(1)"},{"name":"NIST_SP_800-53_R4_SI-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(2)"},{"name":"NIST_SP_800-53_R4_SI-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(3)"},{"name":"NIST_SP_800-53_R4_SI-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2"},{"name":"NIST_SP_800-53_R4_SI-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(1)"},{"name":"NIST_SP_800-53_R4_SI-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(2)"},{"name":"NIST_SP_800-53_R4_SI-3(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(7)"},{"name":"NIST_SP_800-53_R4_SI-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3"},{"name":"NIST_SP_800-53_R4_SI-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(1)"},{"name":"NIST_SP_800-53_R4_SI-4(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(11)"},{"name":"NIST_SP_800-53_R4_SI-4(14)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(14)"},{"name":"NIST_SP_800-53_R4_SI-4(16)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(16)"},{"name":"NIST_SP_800-53_R4_SI-4(18)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(18)"},{"name":"NIST_SP_800-53_R4_SI-4(19)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(19)"},{"name":"NIST_SP_800-53_R4_SI-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(2)"},{"name":"NIST_SP_800-53_R4_SI-4(20)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(20)"},{"name":"NIST_SP_800-53_R4_SI-4(22)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(22)"},{"name":"NIST_SP_800-53_R4_SI-4(23)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(23)"},{"name":"NIST_SP_800-53_R4_SI-4(24)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(24)"},{"name":"NIST_SP_800-53_R4_SI-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(4)"},{"name":"NIST_SP_800-53_R4_SI-4(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(5)"},{"name":"NIST_SP_800-53_R4_SI-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4"},{"name":"NIST_SP_800-53_R4_SI-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-5(1)"},{"name":"NIST_SP_800-53_R4_SI-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-5"},{"name":"NIST_SP_800-53_R4_SI-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-6"},{"name":"NIST_SP_800-53_R4_SI-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(1)"},{"name":"NIST_SP_800-53_R4_SI-7(14)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(14)"},{"name":"NIST_SP_800-53_R4_SI-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(2)"},{"name":"NIST_SP_800-53_R4_SI-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(5)"},{"name":"NIST_SP_800-53_R4_SI-7(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(7)"},{"name":"NIST_SP_800-53_R4_SI-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7"},{"name":"NIST_SP_800-53_R4_SI-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8(1)"},{"name":"NIST_SP_800-53_R4_SI-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8(2)"},{"name":"NIST_SP_800-53_R4_SI-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f","type":"Microsoft.Authorization/policySetDefinitions","name":"cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f"},{"properties":{"displayName":"[Preview]:
+ Audit FedRAMP High controls and deploy specific VM Extensions to support audit
+ requirements","policyType":"BuiltIn","description":"This initiative includes
+ audit and VM Extension deployment policies that address a subset of FedRAMP
+ H controls. Additional policies will be added in upcoming releases. For more
+ information, please visit https://aka.ms/fedramph-blueprint.","metadata":{"category":"Regulatory
+ Compliance","preview":true},"parameters":{"listOfAllowedLocationsForResourcesAndResourceGroups":{"type":"Array","metadata":{"displayName":"Allowed
+ locations for resources and resource groups","description":"This policy enables
+ you to restrict the locations your organization can create resource groups
+ in or deploy resources. Use to enforce your geo-compliance requirements. Excludes
+ resource groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources
+ that use the ''global'' region.","strongType":"location"}},"membersToIncludeInAdministratorsLocalGroup":{"type":"String","metadata":{"displayName":"Members
+ to be included in the Administrators local group","description":"A semicolon-separated
+ list of members that should be included in the Administrators local group.
+ Ex: Administrator; myUser1; myUser2"}},"membersToExcludeInAdministratorsLocalGroup":{"type":"String","metadata":{"displayName":"Members
+ that should be excluded in the Administrators local group","description":"A
+ semicolon-separated list of members that should be excluded in the Administrators
+ local group. Ex: Administrator; myUser1; myUser2"}},"logAnalyticsWorkspaceIdForVMs":{"type":"String","metadata":{"displayName":"Log
+ Analytics Workspace Id that VMs should be configured for","description":"This
+ is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured
+ for."}},"listOfResourceTypes":{"type":"Array","metadata":{"displayName":"List
+ of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerability
+ assessment should be enabled on your SQL managed instances","description":"Audit
+ SQL managed instances which do not have recurring vulnerability assessment
+ scans enabled. Vulnerability assessment can discover, track, and help you
+ remediate potential database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vulnerabilityAssessmentOnServerMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerability
+ assessment should be enabled on your SQL servers","description":"Audit Azure
+ SQL servers which do not have recurring vulnerability assessment scans enabled.
+ Vulnerability assessment can discover, track, and help you remediate potential
+ database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vulnerabilityAssessmentOnVirtualMachinesEffect":{"type":"String","metadata":{"displayName":"Vulnerability
+ Assessment should be enabled on Virtual Machines","description":"Monitors
+ vulnerabilities detected by Azure Security Center Vulnerability Assessment
+ on Virtual Machines"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"geoRedundancyEnabledForStorageAccountsEffect":{"type":"String","metadata":{"displayName":"Geo-redundant
+ storage should be enabled for Storage Accounts","description":"This policy
+ audits any Storage Account with geo-redundant storage not enabled."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"geoRedundancyEnabledForAzureDatabaseForMariaDBEffect":{"type":"String","metadata":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for MariaDB","description":"This
+ policy audits any Azure Database for MariaDB with geo-redundant backup not
+ enabled."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"geoRedundancyEnabledForAzureDatabaseForMySQLEffect":{"type":"String","metadata":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for MySQL","description":"This
+ policy audits any Azure Database for MySQL with geo-redundant backup not enabled."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"geoRedundancyEnabledForAzureDatabaseForPostgreSQLEffect":{"type":"String","metadata":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for PostgreSQL","description":"This
+ policy audits any Azure Database for PostgreSQL with geo-redundant backup
+ not enabled."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"adaptiveNetworkHardeningsMonitoringEffect":{"type":"String","metadata":{"displayName":"Network
+ Security Group Rules for Internet facing virtual machines should be hardened","description":"Enable
+ or disable the monitoring of Internet-facing virtual machines for Network
+ Security Group traffic hardening recommendations"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppEnforceHttpsMonitoringEffect":{"type":"String","metadata":{"displayName":"Web
+ Application should only be accessible over HTTPS","description":"Enable or
+ disable the monitoring of the use of HTTPS in Web App"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"functionAppEnforceHttpsMonitoringEffect":{"type":"String","metadata":{"displayName":"Function
+ App should only be accessible over HTTPS","description":"Enable or disable
+ the monitoring of the use of HTTPS in function App"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"External
+ accounts with write permissions should be removed from your subscription","description":"Enable
+ or disable the monitoring of external acounts with write permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"External
+ accounts with read permissions should be removed from your subscription","description":"Enable
+ or disable the monitoring of external acounts with read permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"External
+ accounts with owner permissions should be removed from your subscription","description":"Enable
+ or disable the monitoring of external acounts with owner permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"Deprecated
+ accounts with owner permissions should be removed from your subscription","description":"Enable
+ or disable the monitoring of deprecated acounts with owner permissions in
+ subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveDeprecatedAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Deprecated
+ accounts should be removed from your subscription","description":"Enable or
+ disable the monitoring of deprecated acounts in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppRestrictCORSAccessMonitoringEffect":{"type":"String","metadata":{"displayName":"CORS
+ should not allow every resource to access your Web Application","description":"Enable
+ or disable the monitoring of CORS restrictions for API Web"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vmssSystemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"System
+ updates on virtual machine scale sets should be installed","description":"Enable
+ or disable virtual machine scale sets reporting of system updates"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForReadPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled on accounts with read permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with read permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled on accounts with owner permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with owner permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForWritePermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled accounts with write permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with write permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect":{"type":"String","metadata":{"displayName":"Long-term
+ geo-redundant backup should be enabled for Azure SQL Databases","description":"This
+ policy audits any Azure SQL Database with long-term geo-redundant backup not
+ enabled."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"previewMonitorUnprotectedWebApplicationInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"deployRequirementsToAuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{}},{"policyDefinitionReferenceId":"auditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"auditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"serviceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"auditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"transparentDataEncryptionOnSqlDatabasesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"auditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{}},{"policyDefinitionReferenceId":"auditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a","parameters":{}},{"policyDefinitionReferenceId":"auditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de","parameters":{}},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"auditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"auditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"anAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesShouldBeRemediatedByAVulnerabilityAssessmentSolution","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"diskEncryptionShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesOnYourSqlDatabasesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"justInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"systemUpdatesShouldBeInstalledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"monitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmShouldNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditLinuxVmPasswdFilePermissions","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"endpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"previewShowAuditResultsFromWindowsVMsThatDoNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatAllowReUseOfThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLinuxVMsThatHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"dDoSProtectionStandardShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"thereShouldBeMoreThanOneOwnerAssignedToYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"aMaximumOf3OwnersShouldBeDesignatedForYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsAgentDeploymentInVmssVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsAgentDeploymentVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"apiAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"VulnerabilityAssessmentshouldbeenabledonVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnVirtualMachinesEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantStorageShouldBeEnabledForStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf045164-79ba-4215-8f95-f8048dc1780b","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForStorageAccountsEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMariaDB","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForMariaDBEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMySQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForMySQLEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgreSQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForPostgreSQLEffect'')]"}}},{"policyDefinitionReferenceId":"allowedLocationsForResourceGroups","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988","parameters":{"listOfAllowedLocations":{"value":"[parameters(''listOfAllowedLocationsForResourcesAndResourceGroups'')]"}}},{"policyDefinitionReferenceId":"allowedLocationsForResources","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","parameters":{"listOfAllowedLocations":{"value":"[parameters(''listOfAllowedLocationsForResourcesAndResourceGroups'')]"}}},{"policyDefinitionReferenceId":"deployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","parameters":{"membersToInclude":{"value":"[parameters(''membersToIncludeInAdministratorsLocalGroup'')]"}}},{"policyDefinitionReferenceId":"DeployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","parameters":{"membersToExclude":{"value":"[parameters(''membersToExcludeInAdministratorsLocalGroup'')]"}}},{"policyDefinitionReferenceId":"auditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdForVMs'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"longtermGeoRedundantBackupEnabledAzureSQLDatabases","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","parameters":{"effect":{"value":"[parameters(''longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/d5264498-16f4-418a-b659-fa7ef418175f","type":"Microsoft.Authorization/policySetDefinitions","name":"d5264498-16f4-418a-b659-fa7ef418175f"},{"properties":{"displayName":"[Preview]:
Audit Windows VMs that do not match Azure security baseline settings","policyType":"BuiltIn","description":"This
initiative deploys the policy requirements and audits Windows virtual machines
with non-compliant Azure security baseline configurations. For more information
@@ -2419,7 +3015,23 @@ interactions:
names (supports wildcards)","description":"A semicolon-separated list of the
names of the applications that should not be installed. e.g. ''Microsoft SQL
Server 2014 (64-bit); Microsoft Visual Studio Code'' or ''Microsoft SQL Server
- 2014*'' (to match any application starting with ''Microsoft SQL Server 2014'')"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_NotInstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2","parameters":{"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}}},{"policyDefinitionReferenceId":"Audit_NotInstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/d7fff7ea-9d47-4952-b854-b7da261e48f2","type":"Microsoft.Authorization/policySetDefinitions","name":"d7fff7ea-9d47-4952-b854-b7da261e48f2"},{"properties":{"displayName":"Audit
+ 2014*'' (to match any application starting with ''Microsoft SQL Server 2014'')"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_NotInstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2","parameters":{"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}}},{"policyDefinitionReferenceId":"Audit_NotInstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/d7fff7ea-9d47-4952-b854-b7da261e48f2","type":"Microsoft.Authorization/policySetDefinitions","name":"d7fff7ea-9d47-4952-b854-b7da261e48f2"},{"properties":{"displayName":"[Preview]:
+ Audit FedRAMP Moderate controls and deploy specific VM Extensions to support
+ audit requirements","policyType":"BuiltIn","description":"This initiative
+ includes audit and VM Extension deployment policies that address a subset
+ of FedRAMP M controls. Additional policies will be added in upcoming releases.
+ For more information, please visit https://aka.ms/fedrampm-blueprint.","metadata":{"category":"Regulatory
+ Compliance"},"parameters":{"logAnalyticsWorkspaceId":{"type":"String","metadata":{"displayName":"Log
+ Analytics Workspace Id that VMs should be configured for","description":"This
+ is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured
+ for."}},"listOfResourceTypes":{"type":"Array","metadata":{"displayName":"List
+ of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"membersToExclude":{"type":"String","metadata":{"displayName":"Members
+ to exclude","description":"A semicolon-separated list of members that should
+ be excluded in the Administrators local group. Ex: Administrator; myUser1;
+ myUser2"}},"membersToInclude":{"type":"String","metadata":{"displayName":"Members
+ to include","description":"A semicolon-separated list of members that should
+ be included in the Administrators local group. Ex: Administrator; myUser1;
+ myUser2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"MfaShouldBeEnabledOnAccountsWithOwnerPermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"MFAShouldBeEnabledOnAccountsWithReadPermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"MfaShouldBeEnabledAccountsWithWritePermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"SystemUpdatesOnVirtualMachineScaleSetsShouldBeInstalled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{}},{"policyDefinitionReferenceId":"CorsShouldNotAllowEveryResourceToAccessYourWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{}},{"policyDefinitionReferenceId":"DeprecatedAccountsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"DeprecatedAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithReadPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithWritePermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"FunctionAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"WebApplicationShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"ApiAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVmssVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"AMaximumOf3OwnersShouldBeDesignatedForYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"ThereShouldBeMoreThanOneOwnerAssignedToYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"DDoSProtectionStandardShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatAllowReUseOfThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"PreviewShowAuditResultsFromWindowsVMsThatDoNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6","parameters":{}},{"policyDefinitionReferenceId":"EndpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditLinuxVMsThatHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditWindowsVMsThatAllowReUseOfThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployPrerequisitesToAuditWindowsVMsThatDoNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","parameters":{}},{"policyDefinitionReferenceId":"NetworkSecurityGroupRulesForInternetFacingVirtualMachinesShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"MonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"SystemUpdatesShouldBeInstalledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"AdaptiveApplicationControlsShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"JustInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesOnYourSqlDatabasesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"DiskEncryptionShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesShouldBeRemediatedByAVulnerabilityAssessmentSolution","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes'')]"}}},{"policyDefinitionReferenceId":"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AnAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AdvancedDataSecurityShouldBeEnabledOnYourManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"AuditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"AdvancedDataSecurityShouldBeEnabledOnYourSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de","parameters":{}},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a","parameters":{}},{"policyDefinitionReferenceId":"AuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{}},{"policyDefinitionReferenceId":"TransparentDataEncryptionOnSqlDatabasesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"ServiceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"DeployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","parameters":{"membersToExclude":{"value":"[parameters(''membersToExclude'')]"}}},{"policyDefinitionReferenceId":"DeployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","parameters":{"membersToInclude":{"value":"[parameters(''membersToInclude'')]"}}},{"policyDefinitionReferenceId":"DeployRequirementsToAuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{}},{"policyDefinitionReferenceId":"TheNsGsRulesForWebApplicationsOnIaaSShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceId'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/e95f5a9f-57ad-4d03-bb0b-b1d16db93693","type":"Microsoft.Authorization/policySetDefinitions","name":"e95f5a9f-57ad-4d03-bb0b-b1d16db93693"},{"properties":{"displayName":"Audit
Windows VMs that do not have the specified Windows PowerShell execution policy","policyType":"BuiltIn","description":"This
initiative deploys the policy requirements and audits Windows virtual machines
where Windows PowerShell is not configured to use the specified PowerShell
@@ -2432,21 +3044,18 @@ interactions:
Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration"},"parameters":{"ApplicationName":{"type":"String","metadata":{"displayName":"Application
names","description":"A semicolon-separated list of the names of the applications
- that should not be installed. e.g. ''python; powershell''"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_NotInstalledApplicationLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0","parameters":{"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}}},{"policyDefinitionReferenceId":"Audit_NotInstalledApplicationLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/f48bcc78-5400-4fb0-b913-5140a2e5fa20","type":"Microsoft.Authorization/policySetDefinitions","name":"f48bcc78-5400-4fb0-b913-5140a2e5fa20"},{"properties":{"displayName":"jilim
- ttt","policyType":"Custom","metadata":{},"parameters":{},"policyDefinitions":[{"policyDefinitionReferenceId":"7915382897531231755","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","parameters":{"listOfAllowedLocations":{"value":["japaneast","japanwest"]}}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/3613bdc8-6f75-461c-a1e8-06b1fcf6905b","type":"Microsoft.Authorization/policySetDefinitions","name":"3613bdc8-6f75-461c-a1e8-06b1fcf6905b"},{"properties":{"displayName":"jilim
- set","policyType":"Custom","description":"1","metadata":{"parameterScopes":{"omsWorkspace":"/subscriptions/00000000-0000-0000-0000-000000000000","resourceGroups":"/subscriptions/00000000-0000-0000-0000-000000000000","resourceGroup":"/subscriptions/00000000-0000-0000-0000-000000000000"}},"parameters":{"ALLOWEDSTORAGESKU_1":{"type":"String","metadata":{"displayName":"Strong
- type (string, av)","description":null,"strongType":"storageSkus"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"11816456642448143785","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/9c1ba477-ff0c-41ea-8a5d-826c4ca18208","parameters":{"omsWorkspace":{"value":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/jilim/providers/microsoft.operationalinsights/workspaces/jilimabc"}}},{"policyDefinitionReferenceId":"7095696909984450251","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/e6440295-d0ac-472b-949b-1cf289618198","parameters":{"locations":{"value":["australiaeast"]},"location":{"value":"australiaeast"},"resourceGroups":{"value":["jilim"]},"resourceGroup":{"value":"jilim"},"tags":{"value":["a"]},"tag":{"value":"a"},"allowedLocations":{"value":["eastus"]},"allowedLocation":{"value":"eastus"},"allowedStorageSkus":{"value":["Standard_LRS"]},"allowedStorageSku":{"value":"[parameters(''ALLOWEDSTORAGESKU_1'')]"},"allowedTags":{"value":["FirstName"]},"allowedTag":{"value":"FirstName"}}}]},"id":"/providers/Microsoft.Management/managementGroups/PolicyUIMG/providers/Microsoft.Authorization/policySetDefinitions/482fc09c-82af-48b9-96e0-6e750f0153db","type":"Microsoft.Authorization/policySetDefinitions","name":"482fc09c-82af-48b9-96e0-6e750f0153db"},{"properties":{"displayName":"test
- init2","policyType":"Custom","metadata":{},"parameters":{},"policyDefinitions":[{"policyDefinitionReferenceId":"9388605824103837052","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/20929e43-ae09-4aac-b8ce-05a42434a1ec","parameters":{"allowedLocations":{"value":["London"]}}},{"policyDefinitionReferenceId":"15255467709018494198","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/c8a0e9e0-f0e9-4d4c-8214-aace6218110e","parameters":{"allowedLocations":{"value":["London"]}}}]},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest5/providers/Microsoft.Authorization/policySetDefinitions/21e27984-a6b2-43de-a786-643b7df0c0b2","type":"Microsoft.Authorization/policySetDefinitions","name":"21e27984-a6b2-43de-a786-643b7df0c0b2"},{"properties":{"displayName":"test
- init","policyType":"Custom","metadata":{"parameterScopes":{"allowedLocations":"/providers/Microsoft.Management/managementGroups/AzGovTest5","listOfAllowedSKUs":"/subscriptions/00000000-0000-0000-0000-000000000000"}},"parameters":{},"policyDefinitions":[{"policyDefinitionReferenceId":"11677931907622429588","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovTest3/providers/Microsoft.Authorization/policyDefinitions/99b560dc-8924-4ba4-8467-adf1fdf04660","parameters":{}},{"policyDefinitionReferenceId":"17175752026273514153","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovTest5/providers/Microsoft.Authorization/policyDefinitions/e1d7de9f-42f0-4af1-9ee0-0187bfce08d5","parameters":{"allowedLocations":{"value":["australiacentral","australiacentral2","australiaeast","australiasoutheast","brazilsouth","canadacentral","canadaeast","centralindia","centralus","eastasia","eastus","eastus2","francecentral","francesouth","global","japaneast","japanwest","koreacentral","koreasouth","northcentralus","northeurope","southcentralus","southindia","southeastasia","uksouth","ukwest","westcentralus","westeurope","westindia","westus","westus2"]}}},{"policyDefinitionReferenceId":"17602706772987440385","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovTest3/providers/Microsoft.Authorization/policyDefinitions/ced9d1e5-109c-4e0b-a447-afbf649db203","parameters":{"listOfAllowedSKUs":{"value":["Premium_LRS"]}}},{"policyDefinitionReferenceId":"9371630468206030356","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovTest3/providers/Microsoft.Authorization/policyDefinitions/ced9d1e5-109c-4e0b-a447-afbf649db22a","parameters":{"listOfAllowedSKUs":{"value":["Standard_A8m_v2"]}}}]},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest5/providers/Microsoft.Authorization/policySetDefinitions/8a3978dc-2d90-477d-91e6-8746066f9061","type":"Microsoft.Authorization/policySetDefinitions","name":"8a3978dc-2d90-477d-91e6-8746066f9061"}]}'
+ that should not be installed. e.g. ''python; powershell''"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_NotInstalledApplicationLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0","parameters":{"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}}},{"policyDefinitionReferenceId":"Audit_NotInstalledApplicationLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/f48bcc78-5400-4fb0-b913-5140a2e5fa20","type":"Microsoft.Authorization/policySetDefinitions","name":"f48bcc78-5400-4fb0-b913-5140a2e5fa20"},{"properties":{"displayName":"Test
+ Modify initiative","policyType":"Custom","metadata":{"createdBy":"0dc80135-ae53-4da3-8695-220a2d93aad8","createdOn":"2019-08-29T00:36:36.3227701Z","updatedBy":"0dc80135-ae53-4da3-8695-220a2d93aad8","updatedOn":"2019-08-29T00:44:27.7479878Z"},"parameters":{},"policyDefinitions":[{"policyDefinitionReferenceId":"8044870099827093134","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","parameters":{}},{"policyDefinitionReferenceId":"2352795843478363616","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/robgaTestModify","parameters":{}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/55afae72-7df0-417b-9eb7-f756576c854a","type":"Microsoft.Authorization/policySetDefinitions","name":"55afae72-7df0-417b-9eb7-f756576c854a"},{"properties":{"displayName":"test_policysetk7pkce","policyType":"Custom","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T23:10:43.6932587Z","updatedBy":null,"updatedOn":null},"policyDefinitions":[{"policyDefinitionReferenceId":"1","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policysv65gfxjh","parameters":{"allowedLocations":{"value":["eastus"]}},"groupNames":["group1","group2"]},{"policyDefinitionReferenceId":"2","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policysv65gfxjh","parameters":{"allowedLocations":{"value":["eastus"]}},"groupNames":["group1"]}],"policyDefinitionGroups":[{"name":"group1","displayName":"Cost
+ Savings"},{"name":"group2","displayName":"Organizational"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policysetxi3o4a","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policysetxi3o4a"}]}'
headers:
cache-control:
- no-cache
content-length:
- - '317329'
+ - '646602'
content-type:
- application/json; charset=utf-8
date:
- - Fri, 06 Sep 2019 22:45:19 GMT
+ - Fri, 06 Dec 2019 23:11:52 GMT
expires:
- '-1'
pragma:
@@ -2465,9 +3074,9 @@ interactions:
- request:
body: '{"properties": {"displayName": "test_policyset000007_new", "description":
"desc_for_test_policyset_123_new", "parameters": {"allowedLocations": {"type":
- "array", "metadata": {"description": "The list of locations that can be specified
- when deploying resources", "strongType": "location", "displayName": "Allowed
- locations"}}}, "policyDefinitions": [{"policyDefinitionId": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002",
+ "array", "metadata": {"displayName": "Allowed locations", "description": "The
+ list of locations that can be specified when deploying resources"}}}, "policyDefinitions":
+ [{"policyDefinitionId": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002",
"parameters": {"allowedLocations": {"value": "[parameters(''allowedLocations'')]"}}},
{"policyDefinitionId": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]}}'
headers:
@@ -2480,32 +3089,32 @@ interactions:
Connection:
- keep-alive
Content-Length:
- - '757'
+ - '731'
Content-Type:
- application/json; charset=utf-8
ParameterSetName:
- -n --definitions --display-name --description --params --subscription
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policyset000007_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-06T22:45:21.6728181Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"15420791460629678248","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":"[parameters(''allowedLocations'')]"}}},{"policyDefinitionReferenceId":"13574159396463637772","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000006"}'
+ string: '{"properties":{"displayName":"test_policyset000007_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T23:11:56.8861385Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ locations","description":"The list of locations that can be specified when
+ deploying resources"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"1977514887578602726","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":"[parameters(''allowedLocations'')]"}}},{"policyDefinitionReferenceId":"8275565420913215288","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000006"}'
headers:
cache-control:
- no-cache
content-length:
- - '1241'
+ - '1215'
content-type:
- application/json; charset=utf-8
date:
- - Fri, 06 Sep 2019 22:45:21 GMT
+ - Fri, 06 Dec 2019 23:11:56 GMT
expires:
- '-1'
pragma:
@@ -2533,26 +3142,26 @@ interactions:
ParameterSetName:
- -n --params --subscription
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policyset000007_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-06T22:45:21.6728181Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"15420791460629678248","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":"[parameters(''allowedLocations'')]"}}},{"policyDefinitionReferenceId":"13574159396463637772","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000006"}'
+ string: '{"properties":{"displayName":"test_policyset000007_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T23:11:56.8861385Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ locations","description":"The list of locations that can be specified when
+ deploying resources"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"1977514887578602726","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":"[parameters(''allowedLocations'')]"}}},{"policyDefinitionReferenceId":"8275565420913215288","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000006"}'
headers:
cache-control:
- no-cache
content-length:
- - '1241'
+ - '1215'
content-type:
- application/json; charset=utf-8
date:
- - Fri, 06 Sep 2019 22:45:21 GMT
+ - Fri, 06 Dec 2019 23:11:57 GMT
expires:
- '-1'
pragma:
@@ -2573,8 +3182,10 @@ interactions:
"desc_for_test_policyset_123_new", "parameters": {"allowedLocations": {"type":
"array", "metadata": {"displayName": "Allowed locations 2"}}}, "policyDefinitions":
[{"policyDefinitionId": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002",
- "parameters": {"allowedLocations": {"value": "[parameters(''allowedLocations'')]"}}},
- {"policyDefinitionId": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]}}'
+ "parameters": {"allowedLocations": {"value": "[parameters(''allowedLocations'')]"}},
+ "policyDefinitionReferenceId": "1977514887578602726"}, {"policyDefinitionId":
+ "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004",
+ "policyDefinitionReferenceId": "8275565420913215288"}]}}'
headers:
Accept:
- application/json
@@ -2585,31 +3196,31 @@ interactions:
Connection:
- keep-alive
Content-Length:
- - '646'
+ - '754'
Content-Type:
- application/json; charset=utf-8
ParameterSetName:
- -n --params --subscription
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: PUT
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policyset000007_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-06T22:45:21.6728181Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-06T22:45:23.0371683Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
- locations 2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"15420791460629678248","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":"[parameters(''allowedLocations'')]"}}},{"policyDefinitionReferenceId":"13574159396463637772","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000006"}'
+ string: '{"properties":{"displayName":"test_policyset000007_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T23:11:56.8861385Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T23:11:59.0976136Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ locations 2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"1977514887578602726","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":"[parameters(''allowedLocations'')]"}}},{"policyDefinitionReferenceId":"8275565420913215288","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000006"}'
headers:
cache-control:
- no-cache
content-length:
- - '1194'
+ - '1192'
content-type:
- application/json; charset=utf-8
date:
- - Fri, 06 Sep 2019 22:45:22 GMT
+ - Fri, 06 Dec 2019 23:11:58 GMT
expires:
- '-1'
pragma:
@@ -2623,7 +3234,7 @@ interactions:
x-content-type-options:
- nosniff
x-ms-ratelimit-remaining-subscription-writes:
- - '1199'
+ - '1198'
status:
code: 200
message: OK
@@ -2643,25 +3254,25 @@ interactions:
ParameterSetName:
- -n --subscription
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: DELETE
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policyset000007_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-06T22:45:21.6728181Z","updatedBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","updatedOn":"2019-09-06T22:45:23.0371683Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
- locations 2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"15420791460629678248","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":"[parameters(''allowedLocations'')]"}}},{"policyDefinitionReferenceId":"13574159396463637772","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000006"}'
+ string: '{"properties":{"displayName":"test_policyset000007_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T23:11:56.8861385Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-06T23:11:59.0976136Z"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ locations 2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"1977514887578602726","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":"[parameters(''allowedLocations'')]"}}},{"policyDefinitionReferenceId":"8275565420913215288","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000006","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000006"}'
headers:
cache-control:
- no-cache
content-length:
- - '1194'
+ - '1192'
content-type:
- application/json; charset=utf-8
date:
- - Fri, 06 Sep 2019 22:45:23 GMT
+ - Fri, 06 Dec 2019 23:12:00 GMT
expires:
- '-1'
pragma:
@@ -2693,12 +3304,12 @@ interactions:
ParameterSetName:
- --subscription
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions?api-version=2019-09-01
response:
body:
string: '{"value":[{"properties":{"displayName":"Audit Windows VMs in which
@@ -2741,7 +3352,11 @@ interactions:
a subset of CIS Microsoft Azure Foundations Benchmark recommendations. Additional
policies will be added in upcoming releases. For more information, please
visit https://aka.ms/cisazure-blueprint.","metadata":{"category":"Regulatory
- Compliance"},"parameters":{},"policyDefinitions":[{"policyDefinitionReferenceId":"CISv110x1x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x1m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x3CISv110x7x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x5CISv110x7x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x6CISv110x7x1CISv110x7x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x15CISv110x4x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x5m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x10m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{}},{"policyDefinitionReferenceId":"CISv110x8x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1a5bb27d-173f-493e-9568-eb56638dde4d","type":"Microsoft.Authorization/policySetDefinitions","name":"1a5bb27d-173f-493e-9568-eb56638dde4d"},{"properties":{"displayName":"[Preview]:
+ Compliance"},"parameters":{"listOfRegionsWhereNetworkWatcherShouldBeEnabled":{"type":"Array","metadata":{"displayName":"List
+ of regions where Network Watcher should be enabled","description":"To see
+ a complete list of regions use Get-AzLocation","strongType":"location"},"defaultValue":["eastus"]},"listOfApprovedVMExtensions":{"type":"Array","metadata":{"displayName":"List
+ of virtual machine extensions that are approved for use","description":"To
+ see a complete list of virtual machine extensions, use Get-AzVMExtensionImage"},"defaultValue":["AzureDiskEncryption","AzureDiskEncryptionForLinux","DependencyAgentWindows","DependencyAgentLinux","IaaSAntimalware","IaaSDiagnostics","LinuxDiagnostic","MicrosoftMonitoringAgent","NetworkWatcherAgentLinux","NetworkWatcherAgentWindows","OmsAgentForLinux","VMSnapshot","VMSnapshotLinux"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"CISv110x1x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x1m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x3mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x1x23","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1181c5f-672a-477a-979a-7d58aa086233","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x3CISv110x7x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x5CISv110x7x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x6CISv110x7x1CISv110x7x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x9m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x13","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x14CISv110x4x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x15CISv110x4x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x16","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x17","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x18","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","parameters":{}},{"policyDefinitionReferenceId":"CISv110x2x19","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x3x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x4m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x5m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x6m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x7m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x10m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x11","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x12","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x13","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x14","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e442","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x15","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e446","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x16","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e8f3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x4x17","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","parameters":{}},{"policyDefinitionReferenceId":"CISv110x5x1x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{}},{"policyDefinitionReferenceId":"CISv110x6x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","parameters":{"listOfLocations":{"value":"[parameters(''listOfRegionsWhereNetworkWatcherShouldBeEnabled'')]"}}},{"policyDefinitionReferenceId":"CISv110x7x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","parameters":{}},{"policyDefinitionReferenceId":"CISv110x7x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432","parameters":{"approvedExtensions":{"value":"[parameters(''listOfApprovedVMExtensions'')]"}}},{"policyDefinitionReferenceId":"CISv110x8x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","parameters":{}},{"policyDefinitionReferenceId":"CISv110x8x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x2","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x3m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x3mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x4","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x4m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x4mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x5","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86d97760-d216-4d81-a3ad-163087b2b6c3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x5m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0473e7a-a1ba-4e86-afb2-e829e11b01d8","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x5mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa81768c-cb87-4ce2-bfaa-00baa10d760c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x6","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c2e7ca55-f62c-49b2-89a4-d41eb661d2f0","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x6m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10c1859c-e1a7-4df3-ab97-a487fa8059f6","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x6mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/843664e0-7563-41ee-a9cb-7522c382d2c4","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x7","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x7m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ab965db2-d2bf-4b64-8b39-c38ec8179461","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x7mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x8","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x8m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x8mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x9","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x9m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x9mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x10","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x10m","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c","parameters":{}},{"policyDefinitionReferenceId":"CISv110x9x10mm","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1a5bb27d-173f-493e-9568-eb56638dde4d","type":"Microsoft.Authorization/policySetDefinitions","name":"1a5bb27d-173f-493e-9568-eb56638dde4d"},{"properties":{"displayName":"[Preview]:
Enable Monitoring in Azure Security Center","policyType":"BuiltIn","description":"Monitor
all the available security recommendations in Azure Security Center. This
is the default policy for Azure Security Center.","metadata":{"category":"Security
@@ -2807,7 +3422,7 @@ interactions:
retention (in days) for logs in Batch accounts","description":"The required
diagnostic logs retention period in days"},"defaultValue":"365"},"metricAlertsInBatchAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Metric
alert rules should be configured on Batch accounts","description":"Enable
- or disable the monitoring of metric alerts in Batch accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"classicComputeVMsMonitoringEffect":{"type":"String","metadata":{"displayName":"Virtual
+ or disable the monitoring of metric alerts in Batch accounts","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"classicComputeVMsMonitoringEffect":{"type":"String","metadata":{"displayName":"Virtual
machines should be migrated to new Azure Resource Manager resources","description":"Enable
or disable the monitoring of classic compute VMs"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"classicStorageAccountsMonitoringEffect":{"type":"String","metadata":{"displayName":"Storage
accounts should be migrated to new Azure Resource Manager resources","description":"Enable
@@ -2906,7 +3521,25 @@ interactions:
debugging should be turned off for Function App","description":"Enable or
disable the monitoring of remote debugging for Function App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppDisableRemoteDebuggingMonitoringEffect":{"type":"String","metadata":{"displayName":"Remote
debugging should be turned off for Web Application","description":"Enable
- or disable the monitoring of remote debugging for Web App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppDisableWebSocketsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
+ or disable the monitoring of remote debugging for Web App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppAuditFtpsMonitoringEffect":{"type":"String","metadata":{"displayName":"FTPS
+ should be required in your API App","description":"Enable FTPS enforcement
+ for enhanced security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"functionAppAuditFtpsMonitoringEffect":{"type":"String","metadata":{"displayName":"FTPS
+ should be required in your Function App","description":"Enable FTPS enforcement
+ for enhanced security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppAuditFtpsMonitoringEffect":{"type":"String","metadata":{"displayName":"FTPS
+ should be required in your Web App","description":"Enable FTPS enforcement
+ for enhanced security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppUseManagedIdentityMonitoringEffect":{"type":"String","metadata":{"displayName":"A
+ managed identity should be used in your API App","description":"Use a managed
+ identity for enhanced authentication security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"functionAppUseManagedIdentityMonitoringEffect":{"type":"String","metadata":{"displayName":"A
+ managed identity should be used in your Function App","description":"Use a
+ managed identity for enhanced authentication security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppUseManagedIdentityMonitoringEffect":{"type":"String","metadata":{"displayName":"A
+ managed identity should be used in your Web App","description":"Use a managed
+ identity for enhanced authentication security"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppRequireLatestTlsMonitoringEffect":{"type":"String","metadata":{"displayName":"Latest
+ TLS version should be used in your API App","description":"Upgrade to the
+ latest TLS version"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"functionAppRequireLatestTlsMonitoringEffect":{"type":"String","metadata":{"displayName":"Latest
+ TLS version should be used in your Function App","description":"Upgrade to
+ the latest TLS version"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppRequireLatestTlsMonitoringEffect":{"type":"String","metadata":{"displayName":"Latest
+ TLS version should be used in your Web App","description":"Upgrade to the
+ latest TLS version"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppDisableWebSocketsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
disable web sockets for API App","description":"[Deprecated] Enable or disable
the monitoring of web sockets for API App","deprecated":true},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"Disabled"},"functionAppDisableWebSocketsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor
disable web sockets for Function App","description":"[Deprecated] Enable or
@@ -3032,7 +3665,11 @@ interactions:
and control over the TDE Protector, increased security with an HSM-backed
external service, and promotion of separation of duties."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"containerBenchmarkMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities
in container security configurations should be remediated","description":"Enable
- or disable container benchmark monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssEndpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{"effect":{"value":"[parameters(''vmssEndpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInIoTHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInIoTHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInIoTHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceFabricMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"accessRulesInEventHubNamespaceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","parameters":{"effect":{"value":"[parameters(''accessRulesInEventHubNamespaceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"accessRulesInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d","parameters":{"effect":{"value":"[parameters(''accessRulesInEventHubMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"useRbacRulesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{"effect":{"value":"[parameters(''useRbacRulesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInStreamAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"secureTransferToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''secureTransferToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInSqlServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInSqlServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"namespaceAuthorizationRulesInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","parameters":{"effect":{"value":"[parameters(''namespaceAuthorizationRulesInServiceBusMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceBusMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInServiceBusRetentionDays'')]"}}},{"policyDefinitionReferenceId":"clusterProtectionLevelInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{"effect":{"value":"[parameters(''clusterProtectionLevelInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInSearchServiceRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInRedisCacheMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInRedisCacheMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInLogicAppsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInLogicAppsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInLogicAppsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInKeyVaultMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInKeyVaultMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInKeyVaultRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInEventHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInEventHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeStoreMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"classicStorageAccountsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{"effect":{"value":"[parameters(''classicStorageAccountsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"classicComputeVMsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''classicComputeVMsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"metricAlertsInBatchAccountPoolDeleteStart","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","parameters":{"effect":{"value":"[parameters(''metricAlertsInBatchAccountMonitoringEffect'')]"},"metricName":{"value":"PoolDeleteStartEvent"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInBatchAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInBatchAccountMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInBatchAccountRetentionDays'')]"}}},{"policyDefinitionReferenceId":"encryptionOfAutomationAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{"effect":{"value":"[parameters(''encryptionOfAutomationAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSelectiveAppServicesMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSelectiveAppServicesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''sqlDbEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAuditingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAuditingActionsAndGroupsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingActionsAndGroupsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"SqlServerAuditingRetentionDaysMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{"effect":{"value":"[parameters(''SqlServerAuditingRetentionDaysMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnSubnetsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnSubnetsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnVirtualMachinesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemConfigurationsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{"effect":{"value":"[parameters(''systemConfigurationsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"endpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{"effect":{"value":"[parameters(''endpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"serverVulnerabilityAssessment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''serverVulnerabilityAssessmentEffect'')]"}}},{"policyDefinitionReferenceId":"webApplicationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{"effect":{"value":"[parameters(''webApplicationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''nextGenerationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''sqlDbVulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbDataClassificationMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349","parameters":{"effect":{"value":"[parameters(''sqlDbDataClassificationMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateLessThanOwnersMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{"effect":{"value":"[parameters(''identityDesignateLessThanOwnersMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateMoreThanOneOwnerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{"effect":{"value":"[parameters(''identityDesignateMoreThanOneOwnerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''apiAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{"effect":{"value":"[parameters(''functionAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''webAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''apiAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"apiAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","parameters":{"effect":{"value":"[parameters(''apiAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5","parameters":{"effect":{"value":"[parameters(''functionAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vnetEnableDDoSProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{"effect":{"value":"[parameters(''vnetEnableDDoSProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityEmailsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityEmailsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityEmailsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityEmailsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityEmailAdminsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityEmailAdminsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceRbacEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''kubernetesServiceRbacEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServicePspEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94","parameters":{"effect":{"value":"[parameters(''kubernetesServicePspEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceVersionUpToDateMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{"effect":{"value":"[parameters(''kubernetesServiceVersionUpToDateMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceAuthorizedIPRangesEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e246bcf-5f6f-4f87-bc6f-775d4712c7ea","parameters":{"effect":{"value":"[parameters(''kubernetesServiceAuthorizedIPRangesEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"threatDetectionTypesOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{"effect":{"value":"[parameters(''threatDetectionTypesOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"threatDetectionTypesOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{"effect":{"value":"[parameters(''threatDetectionTypesOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToManagementPortsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{"effect":{"value":"[parameters(''restrictAccessToManagementPortsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToAppServicesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a833ff1-d297-4a0f-9944-888428f8e0ff","parameters":{"effect":{"value":"[parameters(''restrictAccessToAppServicesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableIPForwardingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744","parameters":{"effect":{"value":"[parameters(''disableIPForwardingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"containerBenchmarkMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{"effect":{"value":"[parameters(''containerBenchmarkMonitoringEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","type":"Microsoft.Authorization/policySetDefinitions","name":"1f3afdf9-d0c9-4c3d-847f-89da613e70a8"},{"properties":{"displayName":"Audit
+ or disable container benchmark monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"ASCDependencyAgentAuditWindowsEffect":{"type":"String","metadata":{"displayName":"Audit
+ Dependency Agent for Windows VMs monitoring","description":"Enable or disable
+ Dependency Agent for Windows VMs"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"ASCDependencyAgentAuditLinuxEffect":{"type":"String","metadata":{"displayName":"Audit
+ Dependency Agent for Linux VMs monitoring","description":"Enable or disable
+ Dependency Agent for Linux VMs"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssEndpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{"effect":{"value":"[parameters(''vmssEndpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInIoTHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInIoTHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInIoTHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceFabricMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"accessRulesInEventHubNamespaceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","parameters":{"effect":{"value":"[parameters(''accessRulesInEventHubNamespaceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"accessRulesInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d","parameters":{"effect":{"value":"[parameters(''accessRulesInEventHubMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"useRbacRulesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{"effect":{"value":"[parameters(''useRbacRulesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInStreamAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"secureTransferToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''secureTransferToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInSqlServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInSqlServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"namespaceAuthorizationRulesInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","parameters":{"effect":{"value":"[parameters(''namespaceAuthorizationRulesInServiceBusMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceBusMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInServiceBusRetentionDays'')]"}}},{"policyDefinitionReferenceId":"clusterProtectionLevelInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{"effect":{"value":"[parameters(''clusterProtectionLevelInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInSearchServiceRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInRedisCacheMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInRedisCacheMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInLogicAppsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInLogicAppsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInLogicAppsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInKeyVaultMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInKeyVaultMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInKeyVaultRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInEventHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInEventHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeStoreMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"classicStorageAccountsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{"effect":{"value":"[parameters(''classicStorageAccountsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"classicComputeVMsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''classicComputeVMsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInBatchAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInBatchAccountMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInBatchAccountRetentionDays'')]"}}},{"policyDefinitionReferenceId":"encryptionOfAutomationAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{"effect":{"value":"[parameters(''encryptionOfAutomationAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSelectiveAppServicesMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSelectiveAppServicesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''sqlDbEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAuditingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAuditingActionsAndGroupsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingActionsAndGroupsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"SqlServerAuditingRetentionDaysMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","parameters":{"effect":{"value":"[parameters(''SqlServerAuditingRetentionDaysMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnSubnetsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnSubnetsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsOnVirtualMachinesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsOnVirtualMachinesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemConfigurationsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{"effect":{"value":"[parameters(''systemConfigurationsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"endpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{"effect":{"value":"[parameters(''endpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"serverVulnerabilityAssessment","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''serverVulnerabilityAssessmentEffect'')]"}}},{"policyDefinitionReferenceId":"webApplicationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{"effect":{"value":"[parameters(''webApplicationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''nextGenerationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''sqlDbVulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbDataClassificationMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349","parameters":{"effect":{"value":"[parameters(''sqlDbDataClassificationMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateLessThanOwnersMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{"effect":{"value":"[parameters(''identityDesignateLessThanOwnersMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateMoreThanOneOwnerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{"effect":{"value":"[parameters(''identityDesignateMoreThanOneOwnerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''apiAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{"effect":{"value":"[parameters(''functionAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''webAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppAuditFtpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5","parameters":{"effect":{"value":"[parameters(''apiAppAuditFtpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppAuditFtpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","parameters":{"effect":{"value":"[parameters(''webAppAuditFtpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppAuditFtpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15","parameters":{"effect":{"value":"[parameters(''functionAppAuditFtpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppUseManagedIdentityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","parameters":{"effect":{"value":"[parameters(''apiAppUseManagedIdentityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppUseManagedIdentityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332","parameters":{"effect":{"value":"[parameters(''webAppUseManagedIdentityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppUseManagedIdentityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f","parameters":{"effect":{"value":"[parameters(''functionAppUseManagedIdentityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","parameters":{"effect":{"value":"[parameters(''apiAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","parameters":{"effect":{"value":"[parameters(''webAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppRequireLatestTlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","parameters":{"effect":{"value":"[parameters(''functionAppRequireLatestTlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''apiAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"apiAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","parameters":{"effect":{"value":"[parameters(''apiAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5","parameters":{"effect":{"value":"[parameters(''functionAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vnetEnableDDoSProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{"effect":{"value":"[parameters(''vnetEnableDDoSProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityEmailsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityEmailsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityEmailsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityEmailsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlManagedInstanceAdvancedDataSecurityMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{"effect":{"value":"[parameters(''sqlManagedInstanceAdvancedDataSecurityMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAdvancedDataSecurityEmailAdminsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","parameters":{"effect":{"value":"[parameters(''sqlServerAdvancedDataSecurityEmailAdminsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceRbacEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''kubernetesServiceRbacEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServicePspEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94","parameters":{"effect":{"value":"[parameters(''kubernetesServicePspEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceVersionUpToDateMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","parameters":{"effect":{"value":"[parameters(''kubernetesServiceVersionUpToDateMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceAuthorizedIPRangesEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e246bcf-5f6f-4f87-bc6f-775d4712c7ea","parameters":{"effect":{"value":"[parameters(''kubernetesServiceAuthorizedIPRangesEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"threatDetectionTypesOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{"effect":{"value":"[parameters(''threatDetectionTypesOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"threatDetectionTypesOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{"effect":{"value":"[parameters(''threatDetectionTypesOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToManagementPortsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{"effect":{"value":"[parameters(''restrictAccessToManagementPortsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToAppServicesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a833ff1-d297-4a0f-9944-888428f8e0ff","parameters":{"effect":{"value":"[parameters(''restrictAccessToAppServicesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableIPForwardingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744","parameters":{"effect":{"value":"[parameters(''disableIPForwardingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"containerBenchmarkMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","parameters":{"effect":{"value":"[parameters(''containerBenchmarkMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ASCDependencyAgentAuditWindowsEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2f2ee1de-44aa-4762-b6bd-0893fc3f306d","parameters":{"effect":{"value":"[parameters(''ASCDependencyAgentAuditWindowsEffect'')]"}}},{"policyDefinitionReferenceId":"ASCDependencyAgentAuditLinuxEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/04c4380f-3fae-46e8-96c9-30193528f602","parameters":{"effect":{"value":"[parameters(''ASCDependencyAgentAuditLinuxEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","type":"Microsoft.Authorization/policySetDefinitions","name":"1f3afdf9-d0c9-4c3d-847f-89da613e70a8"},{"properties":{"displayName":"Audit
Windows VMs that do not have the specified applications installed","policyType":"BuiltIn","description":"This
initiative deploys the policy requirements and audits Windows virtual machines
that do not have the specified applications installed. For more information
@@ -3048,7 +3685,7 @@ interactions:
Additional policies will be added in upcoming releases. For more information,
please visit https://aka.ms/ukofficial-blueprint and https://aka.ms/uknhs-blueprint","metadata":{"category":"Regulatory
Compliance"},"parameters":{"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"List
- of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmEtcPasswdFilePermissionsAreSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnauditedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVmDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorVmVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"AuditEnablementOfEncryptionOfAutomationAccountVariables","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{}},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"AuditTheSettingOfClusterprotectionlevelPropertyToEncryptandsignInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{}},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditVMsThatDoNotUseManagedDisks","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/3937f550-eedd-4639-9c5e-294358be442e","type":"Microsoft.Authorization/policySetDefinitions","name":"3937f550-eedd-4639-9c5e-294358be442e"},{"properties":{"displayName":"[Preview]:
+ of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmEtcPasswdFilePermissionsAreSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"DeployPrerequisitesAuditLinuxVmEtcPasswdFilePermissionsAreSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnauditedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVmDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorVmVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"AuditEnablementOfEncryptionOfAutomationAccountVariables","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{}},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AuditTheSettingOfClusterprotectionlevelPropertyToEncryptandsignInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditVMsThatDoNotUseManagedDisks","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{}},{"policyDefinitionReferenceId":"AuditUseOfClassicVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{}},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{}},{"policyDefinitionReferenceId":"AuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"AuditVulnerabilityAssessmentShouldBeEnabledOnSQLServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{}},{"policyDefinitionReferenceId":"AuditVulnerabilityAssessmentShouldBeEnabledOnSQLManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"AudtiAdvancedThreatProtectionTypesAllInSQLManagedInstanceAdvancedDataSecuritySettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","parameters":{}},{"policyDefinitionReferenceId":"AudtiAdvancedThreatProtectionTypesAllInSQLServerAdvancedDataSecuritySettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","parameters":{}},{"policyDefinitionReferenceId":"TheNsGsRulesForWebApplicationsOnIaaSShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"MonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"MonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"AuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"MonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"AuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"AuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingsScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/3937f550-eedd-4639-9c5e-294358be442e","type":"Microsoft.Authorization/policySetDefinitions","name":"3937f550-eedd-4639-9c5e-294358be442e"},{"properties":{"displayName":"[Preview]:
Audit SWIFT CSP-CSCF v2020 controls and deploy specific VM Extensions to support
audit requirements","policyType":"BuiltIn","description":"This initiative
includes audit and VM Extension deployment policies that address a subset
@@ -3231,6 +3868,196 @@ interactions:
machines with older versions on which Windows Defender Exploit Guard is not
available (such as Windows Server 2012 R2) non-compliant. Setting this value
to ''Compliant'' will make these machines compliant."},"allowedValues":["Compliant","Non-Compliant"],"defaultValue":"Non-Compliant"}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_WindowsDefenderExploitGuard","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a7a2bcf-f9be-4e35-9734-4f9657a70f1d","parameters":{"NotAvailableMachineState":{"value":"[parameters(''NotAvailableMachineState'')]"}}},{"policyDefinitionReferenceId":"Audit_WindowsDefenderExploitGuard","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/9d2fd8e6-95c8-410d-add0-43ada4241574","type":"Microsoft.Authorization/policySetDefinitions","name":"9d2fd8e6-95c8-410d-add0-43ada4241574"},{"properties":{"displayName":"Audit
+ HITRUST/HIPAA controls and deploy specific VM Extensions to support audit
+ requirements","policyType":"BuiltIn","description":"This initiative includes
+ policies that address a subset of HITRUST/HIPAA controls. Additional policies
+ will be added in upcoming releases. https://aka.ms/hipaa-blueprint","metadata":{"category":"Regulatory
+ Compliance"},"parameters":{"installedApplicationsOnWindowsVM":{"type":"String","metadata":{"displayName":"Application
+ names (supports wildcards)","description":"A semicolon-separated list of the
+ names of the applications that should be installed. e.g. ''Microsoft SQL Server
+ 2014 (64-bit); Microsoft Visual Studio Code'' or ''Microsoft SQL Server 2014*''
+ (to match any application starting with ''Microsoft SQL Server 2014'')"}},"DeployDiagnosticSettingsforNetworkSecurityGroupsstoragePrefix":{"type":"String","metadata":{"displayName":"Storage
+ Account Prefix for Regional Storage Account to deploy diagnostic settings
+ for Network Security Groups","description":"This prefix will be combined with
+ the network security group location to form the created storage account name."}},"DeployDiagnosticSettingsforNetworkSecurityGroupsrgName":{"type":"String","metadata":{"displayName":"Resource
+ Group Name for Storage Account (must exist) to deploy diagnostic settings
+ for Network Security Groups","description":"The resource group that the storage
+ account will be created in. This resource group must already exist.","strongType":"ExistingResourceGroups"}},"diagnosticsLogsInBatchAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Batch accounts should be enabled","description":"Enable or disable
+ the monitoring of diagnostic logs in Batch accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInBatchAccountRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (in days) for logs in Batch accounts","description":"The required
+ diagnostic logs retention period in days"},"defaultValue":"365"},"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect":{"type":"String","metadata":{"displayName":"SQL
+ managed instance TDE protector should be encrypted with your own key","description":"Enable
+ or disable the monitoring of Transparent Data Encryption (TDE) with your own
+ key support. TDE with your own key support provides increased transparency
+ and control over the TDE Protector, increased security with an HSM-backed
+ external service, and promotion of separation of duties."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diskEncryptionMonitoringEffect":{"type":"String","metadata":{"displayName":"Disk
+ encryption should be applied on virtual machines","description":"Enable or
+ disable the monitoring for VM disk encryption"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInSearchServiceMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Search services should be enabled","description":"Enable or disable
+ the monitoring of diagnostic logs in Azure Search service"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInSearchServiceRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (in days) of logs in Azure Search service","description":"The required
+ diagnostic logs retention period in days"},"defaultValue":"365"},"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerability
+ assessment should be enabled on your SQL managed instances","description":"Audit
+ SQL managed instances which do not have recurring vulnerability assessment
+ scans enabled. Vulnerability assessment can discover, track, and help you
+ remediate potential database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vulnerabilityAssesmentMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities
+ should be remediated by a Vulnerability Assessment solution","description":"Enable
+ or disable the detection of VM vulnerabilities by a vulnerability assessment
+ solution"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"EnableInsecureGuestLogons":{"type":"String","metadata":{"displayName":"Enable
+ insecure guest logons","description":"Specifies whether the SMB client will
+ allow insecure guest logons to an SMB server."},"defaultValue":"0"},"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain":{"type":"String","metadata":{"displayName":"Allow
+ simultaneous connections to the Internet or a Windows Domain","description":"Specify
+ whether to prevent computers from connecting to both a domain based network
+ and a non-domain based network at the same time. A value of 0 allows simultaneous
+ connections, and a value of 1 blocks them."},"defaultValue":"1"},"TurnOffMulticastNameResolution":{"type":"String","metadata":{"displayName":"Turn
+ off multicast name resolution","description":"Specifies whether LLMNR, a secondary
+ name resolution protocol that transmits using multicast over a local subnet
+ link on a single subnet, is enabled."},"defaultValue":"1"},"nextGenerationFirewallMonitoringEffect":{"type":"String","metadata":{"displayName":"Access
+ through Internet facing endpoint should be restricted","description":"Enable
+ or disable overly permissive inbound NSG rules monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect":{"type":"String","metadata":{"displayName":"SQL
+ server TDE protector should be encrypted with your own key","description":"Enable
+ or disable the monitoring of Transparent Data Encryption (TDE) with your own
+ key support. TDE with your own key support provides increased transparency
+ and control over the TDE Protector, increased security with an HSM-backed
+ external service, and promotion of separation of duties."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppDisableRemoteDebuggingMonitoringEffect":{"type":"String","metadata":{"displayName":"Remote
+ debugging should be turned off for API App","description":"Enable or disable
+ the monitoring of remote debugging for API App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"classicComputeVMsMonitoringEffect":{"type":"String","metadata":{"displayName":"Virtual
+ machines should be migrated to new Azure Resource Manager resources","description":"Enable
+ or disable the monitoring of classic compute VMs"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"disableUnrestrictedNetworkToStorageAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Audit
+ unrestricted network access to storage accounts","description":"Enable or
+ disable the monitoring of network access to storage account"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"adaptiveApplicationControlsMonitoringEffect":{"type":"String","metadata":{"displayName":"Adaptive
+ Application Controls should be enabled on virtual machines","description":"Enable
+ or disable the monitoring of application whitelisting in Azure Security Center"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"NetworkAccessRemotelyAccessibleRegistryPaths":{"type":"String","metadata":{"displayName":"Network
+ access: Remotely accessible registry paths","description":"Specifies which
+ registry paths will be accessible over the network, regardless of the users
+ or groups listed in the access control list (ACL) of the `winreg` registry
+ key."},"defaultValue":"System\\CurrentControlSet\\Control\\ProductOptions|#|System\\CurrentControlSet\\Control\\Server
+ Applications|#|Software\\Microsoft\\Windows NT\\CurrentVersion"},"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths":{"type":"String","metadata":{"displayName":"Network
+ access: Remotely accessible registry paths and sub-paths","description":"Specifies
+ which registry paths and sub-paths will be accessible over the network, regardless
+ of the users or groups listed in the access control list (ACL) of the `winreg`
+ registry key."},"defaultValue":"System\\CurrentControlSet\\Control\\Print\\Printers|#|System\\CurrentControlSet\\Services\\Eventlog|#|Software\\Microsoft\\OLAP
+ Server|#|Software\\Microsoft\\Windows NT\\CurrentVersion\\Print|#|Software\\Microsoft\\Windows
+ NT\\CurrentVersion\\Windows|#|System\\CurrentControlSet\\Control\\ContentIndex|#|System\\CurrentControlSet\\Control\\Terminal
+ Server|#|System\\CurrentControlSet\\Control\\Terminal Server\\UserConfig|#|System\\CurrentControlSet\\Control\\Terminal
+ Server\\DefaultUserConfiguration|#|Software\\Microsoft\\Windows NT\\CurrentVersion\\Perflib|#|System\\CurrentControlSet\\Services\\SysmonLog"},"NetworkAccessSharesThatCanBeAccessedAnonymously":{"type":"String","metadata":{"displayName":"Network
+ access: Shares that can be accessed anonymously","description":"Specifies
+ which network shares can be accessed by anonymous users. The default configuration
+ for this policy setting has little effect because all users have to be authenticated
+ before they can access shared resources on the server."},"defaultValue":"0"},"webAppDisableRemoteDebuggingMonitoringEffect":{"type":"String","metadata":{"displayName":"Remote
+ debugging should be turned off for Web Application","description":"Enable
+ or disable the monitoring of remote debugging for Web App"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"apiAppEnforceHttpsMonitoringEffectV2":{"type":"String","metadata":{"displayName":"API
+ App should only be accessible over HTTPS V2","description":"Enable or disable
+ the monitoring of the use of HTTPS in API App V2"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"identityEnableMFAForWritePermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled accounts with write permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with write permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"jitNetworkAccessMonitoringEffect":{"type":"String","metadata":{"displayName":"Just-In-Time
+ network access control should be applied on virtual machines","description":"Enable
+ or disable the monitoring of network just In time access"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled on accounts with owner permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with owner permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"kubernetesServiceRbacEnabledMonitoringEffect":{"type":"String","metadata":{"displayName":"Role-Based
+ Access Control (RBAC) should be used on Kubernetes Services","description":"Enable
+ or disable the monitoring of Kubernetes Services without RBAC enabled"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"restrictAccessToManagementPortsMonitoringEffect":{"type":"String","metadata":{"displayName":"Management
+ ports should be closed on your virtual machines","description":"Enable or
+ disable the monitoring of open management ports on Virtual Machines"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vmssOsVulnerabilitiesMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerabilities
+ in security configuration on your virtual machine scale sets should be remediated","description":"Enable
+ or disable virtual machine scale sets OS vulnerabilities monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInEventHubMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Event Hub should be enabled","description":"Enable or disable the
+ monitoring of diagnostic logs in Event Hub accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInEventHubRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (in days) of logs in Event Hub accounts","description":"The required
+ diagnostic logs retention period in days"},"defaultValue":"365"},"vmssSystemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"System
+ updates on virtual machine scale sets should be installed","description":"Enable
+ or disable virtual machine scale sets reporting of system updates"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInServiceFabricMonitoringEffect":{"type":"String","metadata":{"displayName":"Diagnostic
+ logs in Virtual Machine Scale Sets should be enabled","description":"Enable
+ or disable the monitoring of diagnostic logs in Service Fabric"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"systemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"System
+ updates should be installed on your machines","description":"Enable or disable
+ reporting of system updates"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"DeployAzureBaselineSecurityOptionsAccountsAccountsGuestAccountStatus":{"type":"String","metadata":{"displayName":"Accounts:
+ Guest account status","description":"Specifies whether the local Guest account
+ is disabled."},"defaultValue":"0"},"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"type":"String","metadata":{"displayName":"Recovery
+ console: Allow floppy copy and access to all drives and all folders","description":"Specifies
+ whether to make the Recovery Console SET command available, which allows setting
+ of recovery console environment variables."},"defaultValue":"0"},"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"type":"String","metadata":{"displayName":"Audit:
+ Shut down system immediately if unable to log security audits","description":"Audits
+ if the system will shut down when unable to log Security events."},"defaultValue":"0"},"DeployAzureBaselineSystemAuditPoliciesDetailedTrackingAuditProcessTermination":{"type":"String","metadata":{"displayName":"Audit
+ Process Termination","description":"Specifies whether audit events are generated
+ when a process has exited. Recommended for monitoring termination of critical
+ processes."},"allowedValues":["No Auditing","Success","Failure","Success and
+ Failure"],"defaultValue":"No Auditing"},"WindowsFirewallDomainUseProfileSettings":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Use profile settings","description":"Specifies whether
+ Windows Firewall with Advanced Security uses the settings for the Domain profile
+ to filter network traffic. If you select Off, Windows Firewall with Advanced
+ Security will not use any of the firewall rules or connection security rules
+ for this profile."},"defaultValue":"1"},"WindowsFirewallDomainBehaviorForOutboundConnections":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Behavior for outbound connections","description":"Specifies
+ the behavior for outbound connections for the Domain profile that do not match
+ an outbound firewall rule. The default value of 0 means to allow connections,
+ and a value of 1 means to block connections."},"defaultValue":"0"},"WindowsFirewallDomainApplyLocalConnectionSecurityRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Apply local connection security rules","description":"Specifies
+ whether local administrators are allowed to create connection security rules
+ that apply together with connection security rules configured by Group Policy
+ for the Domain profile."},"defaultValue":"1"},"WindowsFirewallDomainApplyLocalFirewallRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Apply local firewall rules","description":"Specifies whether
+ local administrators are allowed to create local firewall rules that apply
+ together with firewall rules configured by Group Policy for the Domain profile."},"defaultValue":"1"},"WindowsFirewallDomainDisplayNotifications":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Display notifications","description":"Specifies whether
+ Windows Firewall with Advanced Security displays notifications to the user
+ when a program is blocked from receiving inbound connections, for the Domain
+ profile."},"defaultValue":"1"},"WindowsFirewallPrivateUseProfileSettings":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Use profile settings","description":"Specifies whether
+ Windows Firewall with Advanced Security uses the settings for the Private
+ profile to filter network traffic. If you select Off, Windows Firewall with
+ Advanced Security will not use any of the firewall rules or connection security
+ rules for this profile."},"defaultValue":"1"},"WindowsFirewallPrivateBehaviorForOutboundConnections":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Behavior for outbound connections","description":"Specifies
+ the behavior for outbound connections for the Private profile that do not
+ match an outbound firewall rule. The default value of 0 means to allow connections,
+ and a value of 1 means to block connections."},"defaultValue":"0"},"WindowsFirewallPrivateApplyLocalConnectionSecurityRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Apply local connection security rules","description":"Specifies
+ whether local administrators are allowed to create connection security rules
+ that apply together with connection security rules configured by Group Policy
+ for the Private profile."},"defaultValue":"1"},"WindowsFirewallPrivateApplyLocalFirewallRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Apply local firewall rules","description":"Specifies whether
+ local administrators are allowed to create local firewall rules that apply
+ together with firewall rules configured by Group Policy for the Private profile."},"defaultValue":"1"},"WindowsFirewallPrivateDisplayNotifications":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Display notifications","description":"Specifies whether
+ Windows Firewall with Advanced Security displays notifications to the user
+ when a program is blocked from receiving inbound connections, for the Private
+ profile."},"defaultValue":"1"},"WindowsFirewallPublicUseProfileSettings":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Use profile settings","description":"Specifies whether
+ Windows Firewall with Advanced Security uses the settings for the Public profile
+ to filter network traffic. If you select Off, Windows Firewall with Advanced
+ Security will not use any of the firewall rules or connection security rules
+ for this profile."},"defaultValue":"1"},"WindowsFirewallPublicBehaviorForOutboundConnections":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Behavior for outbound connections","description":"Specifies
+ the behavior for outbound connections for the Public profile that do not match
+ an outbound firewall rule. The default value of 0 means to allow connections,
+ and a value of 1 means to block connections."},"defaultValue":"0"},"WindowsFirewallPublicApplyLocalConnectionSecurityRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Apply local connection security rules","description":"Specifies
+ whether local administrators are allowed to create connection security rules
+ that apply together with connection security rules configured by Group Policy
+ for the Public profile."},"defaultValue":"1"},"WindowsFirewallPublicApplyLocalFirewallRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Apply local firewall rules","description":"Specifies whether
+ local administrators are allowed to create local firewall rules that apply
+ together with firewall rules configured by Group Policy for the Public profile."},"defaultValue":"1"},"WindowsFirewallPublicDisplayNotifications":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Display notifications","description":"Specifies whether
+ Windows Firewall with Advanced Security displays notifications to the user
+ when a program is blocked from receiving inbound connections, for the Public
+ profile."},"defaultValue":"1"},"WindowsFirewallDomainAllowUnicastResponse":{"type":"String","metadata":{"displayName":"Windows
+ Firewall: Domain: Allow unicast response","description":"Specifies whether
+ Windows Firewall with Advanced Security permits the local computer to receive
+ unicast responses to its outgoing multicast or broadcast messages; for the
+ Domain profile."},"defaultValue":"0"},"WindowsFirewallPrivateAllowUnicastResponse":{"type":"String","metadata":{"displayName":"Windows
+ Firewall: Private: Allow unicast response","description":"Specifies whether
+ Windows Firewall with Advanced Security permits the local computer to receive
+ unicast responses to its outgoing multicast or broadcast messages; for the
+ Private profile."},"defaultValue":"0"},"WindowsFirewallPublicAllowUnicastResponse":{"type":"String","metadata":{"displayName":"Windows
+ Firewall: Public: Allow unicast response","description":"Specifies whether
+ Windows Firewall with Advanced Security permits the local computer to receive
+ unicast responses to its outgoing multicast or broadcast messages; for the
+ Public profile."},"defaultValue":"1"},"CertificateThumbprints":{"type":"String","metadata":{"displayName":"Certificate
+ thumbprints","description":"A semicolon-separated list of certificate thumbprints
+ that should exist under the Trusted Root certificate store (Cert:\\LocalMachine\\Root).
+ e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"DeploydefaultMicrosoftIaaSAntimalwareextensionforWindowsServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc","parameters":{}},{"policyDefinitionReferenceId":"diagnosticsLogsInBatchAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInBatchAccountMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInBatchAccountRetentionDays'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"RequireencryptiononDataLakeStoreaccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a","parameters":{}},{"policyDefinitionReferenceId":"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","parameters":{"effect":{"value":"[parameters(''ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"AuditSQLTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"Deploy_InstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6","parameters":{"installedApplication":{"value":"[parameters(''installedApplicationsOnWindowsVM'')]"}}},{"policyDefinitionReferenceId":"Audit_InstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9","parameters":{}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21e2995e-683e-497a-9e81-2f42ad07050a","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsAudit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/498b810c-59cd-4222-9338-352ba146ccf3","parameters":{"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"value":"[parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SystemAuditPoliciesAccountManagement","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/225e937e-d32e-4713-ab74-13ce95b3519a","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SystemAuditPoliciesAccountManagement","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29","parameters":{}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SystemAuditPoliciesDetailedTracking","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9a33475-481d-4b81-9116-0bf02ffe67e8","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SystemAuditPoliciesDetailedTracking","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/42a07bbf-ffcf-459a-b4b1-30ecd118a505","parameters":{"AuditProcessTermination":{"value":"[parameters(''DeployAzureBaselineSystemAuditPoliciesDetailedTrackingAuditProcessTermination'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInSearchServiceRetentionDays'')]"}}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsMicrosoftNetworkServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6fe4ef56-7576-4dc4-8e9c-26bad4b087ce","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsMicrosoftNetworkServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86880e5c-df35-43c5-95ad-7e120635775e","parameters":{}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_AdministrativeTemplatesNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7229bd6a-693d-478a-87f0-1dc1af06f3b8","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_AdministrativeTemplatesNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/985285b7-b97a-419c-8d48-c88cc934c8d8","parameters":{"EnableInsecureGuestLogons":{"value":"[parameters(''EnableInsecureGuestLogons'')]"},"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain":{"value":"[parameters(''AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain'')]"},"TurnOffMulticastNameResolution":{"value":"[parameters(''TurnOffMulticastNameResolution'')]"}}},{"policyDefinitionReferenceId":"Deploynetworkwatcherwhenvirtualnetworksarecreated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9","parameters":{}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_WindowsFirewallProperties","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8bbd627e-4d25-4906-9a6e-3789780af3ec","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_WindowsFirewallProperties","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/909c958d-1b99-4c74-b88f-46a5c5bc34f9","parameters":{"WindowsFirewallDomainUseProfileSettings":{"value":"[parameters(''WindowsFirewallDomainUseProfileSettings'')]"},"WindowsFirewallDomainBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallDomainBehaviorForOutboundConnections'')]"},"WindowsFirewallDomainApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallDomainApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalFirewallRules'')]"},"WindowsFirewallDomainDisplayNotifications":{"value":"[parameters(''WindowsFirewallDomainDisplayNotifications'')]"},"WindowsFirewallPrivateUseProfileSettings":{"value":"[parameters(''WindowsFirewallPrivateUseProfileSettings'')]"},"WindowsFirewallPrivateBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPrivateBehaviorForOutboundConnections'')]"},"WindowsFirewallPrivateApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallPrivateApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalFirewallRules'')]"},"WindowsFirewallPrivateDisplayNotifications":{"value":"[parameters(''WindowsFirewallPrivateDisplayNotifications'')]"},"WindowsFirewallPublicUseProfileSettings":{"value":"[parameters(''WindowsFirewallPublicUseProfileSettings'')]"},"WindowsFirewallPublicBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPublicBehaviorForOutboundConnections'')]"},"WindowsFirewallPublicApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallPublicApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalFirewallRules'')]"},"WindowsFirewallPublicDisplayNotifications":{"value":"[parameters(''WindowsFirewallPublicDisplayNotifications'')]"},"WindowsFirewallDomainAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallDomainAllowUnicastResponse'')]"},"WindowsFirewallPrivateAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPrivateAllowUnicastResponse'')]"},"WindowsFirewallPublicAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPublicAllowUnicastResponse'')]"}}},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''nextGenerationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","parameters":{"effect":{"value":"[parameters(''ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"apiAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{"effect":{"value":"[parameters(''apiAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"classicComputeVMsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''classicComputeVMsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"DeployDiagnosticSettingsforNetworkSecurityGroups","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89","parameters":{"storagePrefix":{"value":"[parameters(''DeployDiagnosticSettingsforNetworkSecurityGroupsstoragePrefix'')]"},"rgName":{"value":"[parameters(''DeployDiagnosticSettingsforNetworkSecurityGroupsrgName'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsNetworkAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/30040dab-4e75-4456-8273-14b8f75d91d9","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsNetworkAccess","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f56a3ab2-89d1-44de-ac0d-2ada5962e22a","parameters":{"NetworkAccessRemotelyAccessibleRegistryPaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPaths'')]"},"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths'')]"},"NetworkAccessSharesThatCanBeAccessedAnonymously":{"value":"[parameters(''NetworkAccessSharesThatCanBeAccessedAnonymously'')]"}}},{"policyDefinitionReferenceId":"webAppDisableRemoteDebuggingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{"effect":{"value":"[parameters(''webAppDisableRemoteDebuggingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"AuditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"Audit_WindowsCertificateInTrustedRoot","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b9ad83-000d-4dc1-bff0-6d54533dd03f","parameters":{}},{"policyDefinitionReferenceId":"Deploy_WindowsCertificateInTrustedRoot","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/106ccbe4-a791-4f33-a44a-06796944b8d5","parameters":{"CertificateThumbprints":{"value":"[parameters(''CertificateThumbprints'')]"}}},{"policyDefinitionReferenceId":"apiAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{"effect":{"value":"[parameters(''apiAppEnforceHttpsMonitoringEffectV2'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"kubernetesServiceRbacEnabledMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","parameters":{"effect":{"value":"[parameters(''kubernetesServiceRbacEnabledMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b872a447-cc6f-43b9-bccf-45703cd81607","parameters":{}},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e5b81f87-9185-4224-bf00-9f505e9f89f3","parameters":{"AccountsGuestAccountStatus":{"value":"[parameters(''DeployAzureBaselineSecurityOptionsAccountsAccountsGuestAccountStatus'')]"}}},{"policyDefinitionReferenceId":"restrictAccessToManagementPortsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","parameters":{"effect":{"value":"[parameters(''restrictAccessToManagementPortsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssOsVulnerabilitiesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{"effect":{"value":"[parameters(''vmssOsVulnerabilitiesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInEventHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInEventHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceFabricMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"Audit_AzureBaseline_SecurityOptionsRecoveryconsole","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b"},{"policyDefinitionReferenceId":"Deploy_AzureBaseline_SecurityOptionsRecoveryconsole","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b","parameters":{"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/a169a624-5599-4385-a696-c8d643089fab","type":"Microsoft.Authorization/policySetDefinitions","name":"a169a624-5599-4385-a696-c8d643089fab"},{"properties":{"displayName":"Audit
Windows Server VMs on which Windows Serial Console is not enabled","policyType":"BuiltIn","description":"This
initiative deploys the policy requirements and audits Windows Server virtual
machines on which Windows Serial Console is not enabled. For more information
@@ -3329,7 +4156,81 @@ interactions:
Analytics workspace ID for VM agent reporting"}},"listOfResourceTypesWithDiagnosticLogsEnabled":{"type":"Array","metadata":{"displayName":"List
of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"listOfMembersToExcludeFromWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"List
of users excluded from Windows VM Administrators group"}},"listOfMembersToIncludeInWindowsVMAdministratorsGroup":{"type":"String","metadata":{"displayName":"List
- of users that must be included in Windows VM Administrators group"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditCORSResourceAccessRestrictionsForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentMImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVMSSVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceforVMPreviewReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdforVMreporting'')]"}}},{"policyDefinitionReferenceId":"PreviewAuditMaximumNumberOfOwnersForASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditMinimumNumberOfOwnersForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"PreviewAudiThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVMDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorVMVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}}},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"AuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de","parameters":{}},{"policyDefinitionReferenceId":"AuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a","parameters":{}},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingsScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{}},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","parameters":{"MembersToExclude":{"value":"[parameters(''listOfMembersToExcludeFromWindowsVMAdministratorsGroup'')]"}}},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","parameters":{"MembersToInclude":{"value":"[parameters(''listOfMembersToIncludeInWindowsVMAdministratorsGroup'')]"}}},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{}},{"policyDefinitionReferenceId":"TheNsGsRulesForWebApplicationsOnIaaSShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f","type":"Microsoft.Authorization/policySetDefinitions","name":"cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f"},{"properties":{"displayName":"[Preview]:
+ of users that must be included in Windows VM Administrators group"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(2)"]},{"policyDefinitionReferenceId":"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"PreviewAuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewAuditCORSResourceAccessRestrictionsForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4"]},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditHttpsOnlyAccessForAnApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentMImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVMSSVmImageOSUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceforVMPreviewReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdforVMreporting'')]"}},"groupNames":["NIST_SP_800-53_R4_AU-3(2)","NIST_SP_800-53_R4_AU-6(4)","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"PreviewAuditMaximumNumberOfOwnersForASubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"PreviewAuditMinimumNumberOfOwnersForSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditRemoteDebuggingStateForAnAPIApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-5"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewAuditThatLinuxVMsHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAudiThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewAuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3","NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsCannotreUseThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewDeployVMExtensionToAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5","NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3","NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(2)","NIST_SP_800-53_R4_CM-7(5)","NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"PreviewMonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)","NIST_SP_800-53_R4_SC-7(3)","NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"PreviewMonitorUnencryptedVMDisksInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"PreviewMonitorVMVulnerabilitiesInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypesWithDiagnosticLogsEnabled'')]"}},"groupNames":["NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"AuditEnablingOfOnlySecureConnectionsToYourRedisCache","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"AuditSQLManagedInstancesWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-16","NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SC-28(1)","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"AuditSQLServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"AuditSQLServersWithoutAdvancedDataSecurity","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-16","NIST_SP_800-53_R4_AU-5","NIST_SP_800-53_R4_AU-12","NIST_SP_800-53_R4_RA-5","NIST_SP_800-53_R4_SC-28(1)","NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"AuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"AuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"AuditThatWindowsWebServersAreUsingsScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"AuditTransparentDataEncryptionStatus","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)","NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","parameters":{"MembersToExclude":{"value":"[parameters(''listOfMembersToExcludeFromWindowsVMAdministratorsGroup'')]"}},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","parameters":{"MembersToInclude":{"value":"[parameters(''listOfMembersToIncludeInWindowsVMAdministratorsGroup'')]"}},"groupNames":["NIST_SP_800-53_R4_AC-5","NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"DeployVMExtensionToAuditThatWindowsWebServersAreUsingScureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"TheNsGsRulesForWebApplicationsOnIaaSShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1000","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ef3cc79-733e-48ed-ab6f-7bf439e9b406","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-1"]},{"policyDefinitionReferenceId":"ACF1001","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e26f8c3-4bf3-4191-b8fc-d888805101b7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-1"]},{"policyDefinitionReferenceId":"ACF1002","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/632024c2-8079-439d-a7f6-90af1d78cc65","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1003","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b68b179-3704-4ff7-b51d-7d65374d165d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1004","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c17822dc-736f-4eb4-a97d-e6be662ff835","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1005","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b626abc-26d4-4e22-9de8-3831818526b1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1006","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aae8d54c-4bce-4c04-b3aa-5b65b67caac8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1007","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17200329-bf6c-46d8-ac6d-abf4641c2add","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1008","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8356cfc6-507a-4d20-b818-08038011cd07","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1009","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b26f8610-e615-47c2-abd6-c00b2b0b503a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1010","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/784663a8-1eb0-418a-a98c-24d19bc1bb62","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1011","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7e6a54f3-883f-43d5-87c4-172dfd64a1f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1012","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/efd7b9ae-1db6-4eb6-b0fe-87e6565f9738","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2"]},{"policyDefinitionReferenceId":"ACF1013","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fd7b917-d83b-4379-af60-51e14e316c61","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(1)"]},{"policyDefinitionReferenceId":"ACF1014","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5dee936c-8037-4df1-ab35-6635733da48c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(2)"]},{"policyDefinitionReferenceId":"ACF1015","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/544a208a-9c3f-40bc-b1d1-d7e144495c14","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(3)"]},{"policyDefinitionReferenceId":"ACF1016","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d8b43277-512e-40c3-ab00-14b3b6e72238","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(4)"]},{"policyDefinitionReferenceId":"ACF1017","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0fc3db37-e59a-48c1-84e9-1780cedb409e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(5)"]},{"policyDefinitionReferenceId":"ACF1018","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9121abf-e698-4ee9-b1cf-71ee528ff07f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1019","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a3ee9b2-3977-459c-b8ce-2db583abd9f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1020","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b291ee8-3140-4cad-beb7-568c077c78ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(7)"]},{"policyDefinitionReferenceId":"ACF1021","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a3eb0a3-428d-4669-baff-20a14eb4b551","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(9)"]},{"policyDefinitionReferenceId":"ACF1022","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/411f7e2d-9a0b-4627-a0b9-1700432db47d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(10)"]},{"policyDefinitionReferenceId":"ACF1023","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e55698b6-3dea-4aa9-99b9-d8218c6ab6e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(11)"]},{"policyDefinitionReferenceId":"ACF1024","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84914fb4-12da-4c53-a341-a9fd463bed10","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)"]},{"policyDefinitionReferenceId":"ACF1025","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/adfe020d-0a97-45f4-a39c-696ef99f3a95","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(12)"]},{"policyDefinitionReferenceId":"ACF1026","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/55419419-c597-4cd4-b51e-009fd2266783","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-2(13)"]},{"policyDefinitionReferenceId":"ACF1027","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-3"]},{"policyDefinitionReferenceId":"ACF1028","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f171df5c-921b-41e9-b12b-50801c315475","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4"]},{"policyDefinitionReferenceId":"ACF1029","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4(8)"]},{"policyDefinitionReferenceId":"ACF1030","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d3531453-b869-4606-9122-29c1cd6e7ed1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-4(21)"]},{"policyDefinitionReferenceId":"ACF1031","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b93a801-fe25-4574-a60d-cb22acffae00","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1032","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa85661-d618-46b8-a20f-ca40a86f0751","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1033","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48540f01-fc11-411a-b160-42807c68896e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-5"]},{"policyDefinitionReferenceId":"ACF1034","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02a5ed00-6d2e-4e97-9a98-46c32c057329","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6"]},{"policyDefinitionReferenceId":"ACF1035","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ca94b046-45e2-444f-a862-dc8ce262a516","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(1)"]},{"policyDefinitionReferenceId":"ACF1036","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9a16d673-8cf0-4dcf-b1d5-9b3e114fef71","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(2)"]},{"policyDefinitionReferenceId":"ACF1037","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa4c2a3d-1294-41a3-9ada-0e540471e9fb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(3)"]},{"policyDefinitionReferenceId":"ACF1038","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26692e88-71b7-4a5f-a8ac-9f31dd05bd8e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(5)"]},{"policyDefinitionReferenceId":"ACF1039","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3a7b9de4-a8a2-4672-914d-c5f6752aa7f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"ACF1040","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/54205576-cec9-463f-ba44-b4b3f5d0a84c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(7)"]},{"policyDefinitionReferenceId":"ACF1041","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b3d8d15b-627a-4219-8c96-4d16f788888b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(8)"]},{"policyDefinitionReferenceId":"ACF1042","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/319dc4f0-0fed-4ac9-8fc3-7aeddee82c07","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(9)"]},{"policyDefinitionReferenceId":"ACF1043","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/361a77f6-0f9c-4748-8eec-bc13aaaa2455","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-6(10)"]},{"policyDefinitionReferenceId":"ACF1044","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0abbac52-57cf-450d-8408-1208d0dd9e90","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7"]},{"policyDefinitionReferenceId":"ACF1045","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/554d2dd6-f3a8-4ad5-b66f-5ce23bd18892","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7"]},{"policyDefinitionReferenceId":"ACF1046","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b1aa965-7502-41f9-92be-3e2fe7cc392a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-7(2)"]},{"policyDefinitionReferenceId":"ACF1047","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1048","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/483e7ca9-82b3-45a2-be97-b93163a0deb7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1049","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9adf7ba7-900a-4f35-8d57-9f34aafc405c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-8"]},{"policyDefinitionReferenceId":"ACF1050","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bd20184c-b4ec-4ce5-8db6-6e86352d183f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-10"]},{"policyDefinitionReferenceId":"ACF1051","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7cac6ee9-b58b-40c8-a5ce-f0efc3d9b339","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11"]},{"policyDefinitionReferenceId":"ACF1052","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/027cae1c-ec3e-4492-9036-4168d540c42a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11"]},{"policyDefinitionReferenceId":"ACF1053","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7582b19c-9dba-438e-aed8-ede59ac35ba3","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-11(1)"]},{"policyDefinitionReferenceId":"ACF1054","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5807e1b4-ba5e-4718-8689-a0ca05a191b2","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12"]},{"policyDefinitionReferenceId":"ACF1055","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/769efd9b-3587-4e22-90ce-65ddcd5bd969","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12(1)"]},{"policyDefinitionReferenceId":"ACF1056","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ac43352f-df83-4694-8738-cfce549fd08d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-12(1)"]},{"policyDefinitionReferenceId":"ACF1057","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/78255758-6d45-4bf0-a005-7016bc03b13c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-14"]},{"policyDefinitionReferenceId":"ACF1058","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/76e85d08-8fbb-4112-a1c1-93521e6a9254","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-14"]},{"policyDefinitionReferenceId":"ACF1059","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a29b5d9f-4953-4afe-b560-203a6410b6b4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17"]},{"policyDefinitionReferenceId":"ACF1060","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34a987fd-2003-45de-a120-014956581f2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17"]},{"policyDefinitionReferenceId":"ACF1061","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ac22808-a2e8-41c4-9d46-429b50738914","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(1)"]},{"policyDefinitionReferenceId":"ACF1062","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4708723f-e099-4af1-bbf9-b6df7642e444","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(2)"]},{"policyDefinitionReferenceId":"ACF1063","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/593ce201-54b2-4dd0-b34f-c308005d7780","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(3)"]},{"policyDefinitionReferenceId":"ACF1064","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb4d9508-cbf0-4a3c-bb5c-6c95b159f3fb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(4)"]},{"policyDefinitionReferenceId":"ACF1065","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f87b8085-dca9-4cf1-8f7b-9822b997797c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(4)"]},{"policyDefinitionReferenceId":"ACF1066","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4455c2e8-c65d-4acf-895e-304916f90b36","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-17(9)"]},{"policyDefinitionReferenceId":"ACF1067","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c5e54f6-0127-44d0-8b61-f31dc8dd6190","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18"]},{"policyDefinitionReferenceId":"ACF1068","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d045bca-a0fd-452e-9f41-4ec33769717c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18"]},{"policyDefinitionReferenceId":"ACF1069","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/91c97b44-791e-46e9-bad7-ab7c4949edbb","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(1)"]},{"policyDefinitionReferenceId":"ACF1070","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68f837d0-8942-4b1e-9b31-be78b247bda8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(3)"]},{"policyDefinitionReferenceId":"ACF1071","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1a437f5b-9ad6-4f28-8861-de404d511ae4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(4)"]},{"policyDefinitionReferenceId":"ACF1072","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1ca29e41-34ec-4e70-aba9-6248aca18c31","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-18(5)"]},{"policyDefinitionReferenceId":"ACF1073","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ab55cdb0-c7dd-4bd8-ae22-a7cea7594e9c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19"]},{"policyDefinitionReferenceId":"ACF1074","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/27a69937-af92-4198-9b86-08d355c7e59a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19"]},{"policyDefinitionReferenceId":"ACF1075","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fc933d22-04df-48ed-8f87-22a3773d4309","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-19(5)"]},{"policyDefinitionReferenceId":"ACF1076","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/98a4bd5f-6436-46d4-ad00-930b5b1dfed4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20"]},{"policyDefinitionReferenceId":"ACF1077","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2dad3668-797a-412e-a798-07d3849a7a79","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20"]},{"policyDefinitionReferenceId":"ACF1078","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b25faf85-8a16-4f28-8e15-d05c0072d64d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(1)"]},{"policyDefinitionReferenceId":"ACF1079","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/85c32733-7d23-4948-88da-058e2c56b60f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(1)"]},{"policyDefinitionReferenceId":"ACF1080","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/852981b4-a380-4704-aa1e-2e52d63445e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-20(2)"]},{"policyDefinitionReferenceId":"ACF1081","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3867f2a9-23bb-4729-851f-c3ad98580caf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-21"]},{"policyDefinitionReferenceId":"ACF1082","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24d480ef-11a0-4b1b-8e70-4e023bf2be23","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-21"]},{"policyDefinitionReferenceId":"ACF1083","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e319cb6-2ca3-4a58-ad75-e67f484e50ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1084","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d0eb15db-dd1c-4d1d-b200-b12dd6cd060c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1085","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13d117e0-38b0-4bbb-aaab-563be5dd10ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1086","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb321e6f-16a0-4be3-878f-500956e309c5","parameters":{},"groupNames":["NIST_SP_800-53_R4_AC-22"]},{"policyDefinitionReferenceId":"ACF1087","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/100c82ba-42e9-4d44-a2ba-94b209248583","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-1"]},{"policyDefinitionReferenceId":"ACF1088","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d50f99d-1356-49c0-934a-45f742ba7783","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-1"]},{"policyDefinitionReferenceId":"ACF1089","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef080e67-0d1a-4f76-a0c5-fb9b0358485e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1090","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2fb740e5-cbc7-4d10-8686-d1bf826652b1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1091","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b23bd715-5d1c-4e5c-9759-9cbdf79ded9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2"]},{"policyDefinitionReferenceId":"ACF1092","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8a29d47b-8604-4667-84ef-90d203fcb305","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-2(2)"]},{"policyDefinitionReferenceId":"ACF1093","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a0bdeeb-15f4-47e8-a1da-9f769f845fdf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1094","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4b1853e0-8973-446b-b567-09d901d31a09","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1095","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc3f6f7a-057b-433e-9834-e8c97b0194f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3"]},{"policyDefinitionReferenceId":"ACF1096","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/420c1477-aa43-49d0-bd7e-c4abdd9addff","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3(3)"]},{"policyDefinitionReferenceId":"ACF1097","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf3e4836-f19e-47eb-a8cd-c3ca150452c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-3(4)"]},{"policyDefinitionReferenceId":"ACF1098","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84363adb-dde3-411a-9fc1-36b56737f822","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-4"]},{"policyDefinitionReferenceId":"ACF1099","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01910bab-8639-4bd0-84ef-cc53b24d79ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AT-4"]},{"policyDefinitionReferenceId":"ACF1100","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4057863c-ca7d-47eb-b1e0-503580cba8a4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-1"]},{"policyDefinitionReferenceId":"ACF1101","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7327b708-f0e0-457d-9d2a-527fcc9c9a65","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-1"]},{"policyDefinitionReferenceId":"ACF1102","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9943c16a-c54c-4b4a-ad28-bfd938cdbf57","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1103","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16feeb31-6377-437e-bbab-d7f73911896d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1104","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdd8d244-18b2-4306-a1d1-df175ae0935f","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1105","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b73f57b-587d-4470-a344-0b0ae805f459","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2"]},{"policyDefinitionReferenceId":"ACF1106","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d2b4feae-61ab-423f-a4c5-0e38ac4464d8","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-2(3)"]},{"policyDefinitionReferenceId":"ACF1107","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b29ed931-8e21-4779-8458-27916122a904","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3"]},{"policyDefinitionReferenceId":"ACF1108","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9ad559e-c12d-415e-9a78-e50fdd7da7ba","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(1)"]},{"policyDefinitionReferenceId":"ACF1109","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7d9ffa23-ad92-4d0d-b1f4-7db274cc2aec","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-3(2)"]},{"policyDefinitionReferenceId":"ACF1110","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6182bfa7-0f2a-43f5-834a-a2ddf31c13c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-4"]},{"policyDefinitionReferenceId":"ACF1111","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21de687c-f15e-4e51-bf8d-f35c8619965b","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5"]},{"policyDefinitionReferenceId":"ACF1112","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d530aad8-4ee2-45f4-b234-c061dae683c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5"]},{"policyDefinitionReferenceId":"ACF1113","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/562afd61-56be-4313-8fe4-b9564aa4ba7d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5(1)"]},{"policyDefinitionReferenceId":"ACF1114","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c090801-59bc-4454-bb33-e0455133486a","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-5(2)"]},{"policyDefinitionReferenceId":"ACF1115","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0b653845-2ad9-4e09-a4f3-5a7c1d78353d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6"]},{"policyDefinitionReferenceId":"ACF1116","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e47bc51-35d1-44b8-92af-e2f2d8b67635","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6"]},{"policyDefinitionReferenceId":"ACF1117","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7fbfe680-6dbb-4037-963c-a621c5635902","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(1)"]},{"policyDefinitionReferenceId":"ACF1118","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a96f743d-a195-420d-983a-08aa06bc441e","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(3)"]},{"policyDefinitionReferenceId":"ACF1119","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/845f6359-b764-4b40-b579-657aefe23c44","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(4)"]},{"policyDefinitionReferenceId":"ACF1120","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c69b870e-857b-458b-af02-bb234f7a00d3","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(5)"]},{"policyDefinitionReferenceId":"ACF1121","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c72b0eb9-1fc2-44e5-a866-e7cb0532f7c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(6)"]},{"policyDefinitionReferenceId":"ACF1122","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/243ec95e-800c-49d4-ba52-1fdd9f6b8b57","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(7)"]},{"policyDefinitionReferenceId":"ACF1123","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03996055-37a4-45a5-8b70-3f1caa45f87d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-6(10)"]},{"policyDefinitionReferenceId":"ACF1124","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c10152dd-78f8-4335-ae2d-ad92cc028da4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7"]},{"policyDefinitionReferenceId":"ACF1125","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c6ce745a-670e-47d3-a6c4-3cfe5ef00c10","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7"]},{"policyDefinitionReferenceId":"ACF1126","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f37f71b-420f-49bf-9477-9c0196974ecf","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-7(1)"]},{"policyDefinitionReferenceId":"ACF1127","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3ce328db-aef3-48ed-9f81-2ab7cf839c66","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8"]},{"policyDefinitionReferenceId":"ACF1128","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef212163-3bc4-4e86-bcf8-705127086393","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8"]},{"policyDefinitionReferenceId":"ACF1129","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/71bb965d-4047-4623-afd4-b8189a58df5d","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8(1)"]},{"policyDefinitionReferenceId":"ACF1130","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd7c4c1d-51ee-4349-9dab-89a7f8c8d102","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-8(1)"]},{"policyDefinitionReferenceId":"ACF1131","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b472a17e-c2bc-493f-b50b-42d55a346962","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9"]},{"policyDefinitionReferenceId":"ACF1132","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05938e10-cdbd-4a54-9b2b-1cbcfc141ad0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(2)"]},{"policyDefinitionReferenceId":"ACF1133","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90b60a09-133d-45bc-86ef-b206a6134bbe","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(3)"]},{"policyDefinitionReferenceId":"ACF1134","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e95f70e-181c-4422-9da2-43079710c789","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-9(4)"]},{"policyDefinitionReferenceId":"ACF1135","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9c308b6b-2429-4b97-86cf-081b8e737b04","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-10"]},{"policyDefinitionReferenceId":"ACF1136","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/97ed5bac-a92f-4f6d-a8ed-dc094723597c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-11"]},{"policyDefinitionReferenceId":"ACF1137","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4344df62-88ab-4637-b97b-bcaf2ec97e7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1138","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9c284fc0-268a-4f29-af44-3c126674edb4","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1139","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ed62522-de00-4dda-9810-5205733d2f34","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12"]},{"policyDefinitionReferenceId":"ACF1140","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90d8b8ad-8ee3-4db7-913f-2a53fcff5316","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12(1)"]},{"policyDefinitionReferenceId":"ACF1141","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6fdefbf4-93e7-4513-bc95-c1858b7093e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_AU-12(3)"]},{"policyDefinitionReferenceId":"ACF1142","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01524fa8-4555-48ce-ba5f-c3b8dcef5147","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-1"]},{"policyDefinitionReferenceId":"ACF1143","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c6de11b-5f51-4f7c-8d83-d2467c8a816e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-1"]},{"policyDefinitionReferenceId":"ACF1144","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2fa15ff1-a693-4ee4-b094-324818dc9a51","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1145","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0724970-9c75-4a64-a225-a28002953f28","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1146","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd83410c-ecb6-4547-8f14-748c3cbdc7ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1147","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fef824a-29a8-4a4c-88fc-420a39c0d541","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2"]},{"policyDefinitionReferenceId":"ACF1148","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28e62650-c7c2-4786-bdfa-17edc1673902","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(1)"]},{"policyDefinitionReferenceId":"ACF1149","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2e1b855b-a013-481a-aeeb-2bcb129fd35d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(2)"]},{"policyDefinitionReferenceId":"ACF1150","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d630429d-e763-40b1-8fba-d20ba7314afb","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-2(3)"]},{"policyDefinitionReferenceId":"ACF1151","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/347e3b69-7fb7-47df-a8ef-71a1a7b44bca","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1152","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/beff0acf-7e67-40b2-b1ca-1a0e8205cf1b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1153","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/61cf3125-142c-4754-8a16-41ab4d529635","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3"]},{"policyDefinitionReferenceId":"ACF1154","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e757ceb9-93b3-45fe-a4f4-f43f64f1ac5a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3(3)"]},{"policyDefinitionReferenceId":"ACF1155","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d33f9f1-12d0-46ad-9fbd-8f8046694977","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-3(5)"]},{"policyDefinitionReferenceId":"ACF1156","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d52e864-9a3b-41ee-8f03-520815fe5378","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-5"]},{"policyDefinitionReferenceId":"ACF1157","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/15495367-cf68-464c-bbc3-f53ca5227b7a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-5"]},{"policyDefinitionReferenceId":"ACF1158","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fff50cf2-28eb-45b4-b378-c99412688907","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1159","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0925f098-7877-450b-8ba4-d1e55f2d8795","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1160","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3e797ca6-2aa8-4333-b335-7036f1110c05","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-6"]},{"policyDefinitionReferenceId":"ACF1161","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2f8f6c6-dde4-436b-a79d-bc50e129eb3a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1162","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1163","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/961663a1-8a91-4e59-b6f5-1eee57c0f49c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1164","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0fb8d3ce-9e96-481c-9c68-88d4e3019310","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1165","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47e10916-6c9e-446b-b0bd-ff5fd439d79d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1166","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bb02733d-3cc5-4bb0-a6cd-695ba2c2272e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1167","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cbb2be76-4891-430b-95a7-ca0b0a3d1300","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7"]},{"policyDefinitionReferenceId":"ACF1168","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82409f9e-1f32-4775-bf07-b99d53a91b06","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7(1)"]},{"policyDefinitionReferenceId":"ACF1169","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e7ba2cb3-5675-4468-8b50-8486bdd998a5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-7(3)"]},{"policyDefinitionReferenceId":"ACF1170","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8b78b9b3-ee3c-48e0-a243-ed6dba5b7a12","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-8"]},{"policyDefinitionReferenceId":"ACF1171","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d4820bc-8b61-4982-9501-2123cb776c00","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-8(1)"]},{"policyDefinitionReferenceId":"ACF1172","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b43e946e-a4c8-4b92-8201-4a39331db43c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-9"]},{"policyDefinitionReferenceId":"ACF1173","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c4aff9e7-2e60-46fa-86be-506b79033fc5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CA-9"]},{"policyDefinitionReferenceId":"ACF1174","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/42a9a714-8fbb-43ac-b115-ea12d2bd652f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-1"]},{"policyDefinitionReferenceId":"ACF1175","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6dab4254-c30d-4bb7-ae99-1d21586c063c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-1"]},{"policyDefinitionReferenceId":"ACF1176","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c30690a5-7bf3-467f-b0cd-ef5c7c7449cd","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2"]},{"policyDefinitionReferenceId":"ACF1177","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1178","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7818b8f4-47c6-441a-90ae-12ce04e99893","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1179","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3f9ce557-c8ab-4e6c-bb2c-9b8ed002c46c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(1)"]},{"policyDefinitionReferenceId":"ACF1180","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/874e7880-a067-42a7-bcbe-1a340f54c8cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(2)"]},{"policyDefinitionReferenceId":"ACF1181","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21839937-d241-4fa5-95c6-b669253d9ab9","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(3)"]},{"policyDefinitionReferenceId":"ACF1182","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f34f554-da4b-4786-8d66-7915c90893da","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(7)"]},{"policyDefinitionReferenceId":"ACF1183","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5352e3e0-e63a-452e-9e5f-9c1d181cff9c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-2(7)"]},{"policyDefinitionReferenceId":"ACF1184","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13579d0e-0ab0-4b26-b0fb-d586f6d7ed20","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1185","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6420cd73-b939-43b7-9d99-e8688fea053c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1186","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b95ba3bd-4ded-49ea-9d10-c6f4b680813d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1187","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9f2b2f9e-4ba6-46c3-907f-66db138b6f85","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1188","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bb20548a-c926-4e4d-855c-bcddc6faf95e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1189","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ee45e02a-4140-416c-82c4-fecfea660b9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1190","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c66a3d1e-465b-4f28-9da5-aef701b59892","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3"]},{"policyDefinitionReferenceId":"ACF1191","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f26a61b-a74d-467c-99cf-63644db144f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1192","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ebd97f7-b105-4f50-8daf-c51465991240","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1193","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f5fd629f-3075-4cae-ab53-bad65495a4ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1194","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc34667f-397e-4a65-9b72-d0358f0b6b09","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1195","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d1e1d65c-1013-4484-bd54-991332e6a0d2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1196","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e7f4ea4-dd62-44f6-8886-ac6137cf52b0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(1)"]},{"policyDefinitionReferenceId":"ACF1197","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a20d2eaa-88e2-4907-96a2-8f3a05797e5c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(2)"]},{"policyDefinitionReferenceId":"ACF1198","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f56be5c3-660b-4c61-9078-f67cf072c356","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(4)"]},{"policyDefinitionReferenceId":"ACF1199","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9a08d1c-09b1-48f1-90ea-029bbdf7111e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-3(6)"]},{"policyDefinitionReferenceId":"ACF1200","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e98fe9d7-2ed3-44f8-93b7-24dca69783ff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-4"]},{"policyDefinitionReferenceId":"ACF1201","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7daef997-fdd3-461b-8807-a608a6dd70f1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-4(1)"]},{"policyDefinitionReferenceId":"ACF1202","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40a2a83b-74f2-4c02-ae65-f460a5d2792a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5"]},{"policyDefinitionReferenceId":"ACF1203","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9012d14-e3e6-4d7b-b926-9f37b5537066","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(1)"]},{"policyDefinitionReferenceId":"ACF1204","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f4f6750-d1ab-4a4c-8dfd-af3237682665","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(2)"]},{"policyDefinitionReferenceId":"ACF1205","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b070cab-0fb8-4e48-ad29-fc90b4c2797c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(3)"]},{"policyDefinitionReferenceId":"ACF1206","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e0de232d-02a0-4652-872d-88afb4ae5e91","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(5)"]},{"policyDefinitionReferenceId":"ACF1207","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8713a0ed-0d1e-4d10-be82-83dffb39830e","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-5(5)"]},{"policyDefinitionReferenceId":"ACF1208","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5ea87673-d06b-456f-a324-8abcee5c159f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1209","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ce669c31-9103-4552-ae9c-cdef4e03580d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1210","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3502c968-c490-4570-8167-1476f955e9b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1211","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a8b9dc8-6b00-4701-aa96-bba3277ebf50","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6"]},{"policyDefinitionReferenceId":"ACF1212","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/56d970ee-4efc-49c8-8a4e-5916940d784c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6(1)"]},{"policyDefinitionReferenceId":"ACF1213","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/81f11e32-a293-4a58-82cd-134af52e2318","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-6(2)"]},{"policyDefinitionReferenceId":"ACF1214","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f714a4e2-b580-47b6-ae8c-f2812d3750f3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7"]},{"policyDefinitionReferenceId":"ACF1215","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88fc93e8-4745-4785-b5a5-b44bb92c44ff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7"]},{"policyDefinitionReferenceId":"ACF1216","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7894fe6a-f5cb-44c8-ba90-c3f254ff9484","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(1)"]},{"policyDefinitionReferenceId":"ACF1217","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/edea4f20-b02c-4115-be75-86c080e5c0ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(1)"]},{"policyDefinitionReferenceId":"ACF1218","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4a1d0394-b9f5-493e-9e83-563fd0ac4df8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(2)"]},{"policyDefinitionReferenceId":"ACF1219","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2a39ac75-622b-4c88-9a3f-45b7373f7ef7","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1220","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40f31a7-81e1-4130-99e5-a02ceea2a1d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1221","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22589a07-0007-486a-86ca-95355081ae2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-7(5)"]},{"policyDefinitionReferenceId":"ACF1222","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fb39e62f-6bda-4558-8088-ec03d5670914","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8"]},{"policyDefinitionReferenceId":"ACF1223","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8"]},{"policyDefinitionReferenceId":"ACF1224","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28cfa30b-7f72-47ce-ba3b-eed26c8d2c82","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(1)"]},{"policyDefinitionReferenceId":"ACF1225","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8d096fe0-f510-4486-8b4d-d17dc230980b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(2)"]},{"policyDefinitionReferenceId":"ACF1226","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c158eb1c-ae7e-4081-8057-d527140c4e0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(3)"]},{"policyDefinitionReferenceId":"ACF1227","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03b78f5e-4877-4303-b0f4-eb6583f25768","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(3)"]},{"policyDefinitionReferenceId":"ACF1228","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/39c54140-5902-4079-8bb5-ad31936fe764","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(4)"]},{"policyDefinitionReferenceId":"ACF1229","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03752212-103c-4ab8-a306-7e813022ca9d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-8(5)"]},{"policyDefinitionReferenceId":"ACF1230","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/11158848-f679-4e9b-aa7b-9fb07d945071","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1231","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/244e0c05-cc45-4fe7-bf36-42dcf01f457d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1232","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/396ba986-eac1-4d6d-85c4-d3fda6b78272","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1233","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d79001f-95fe-45d0-8736-f217e78c1f57","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-9"]},{"policyDefinitionReferenceId":"ACF1234","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b293f881-361c-47ed-b997-bc4e2296bc0b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1235","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c49c610b-ece4-44b3-988c-2172b70d6e46","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1236","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ba3ed84-c768-4e18-b87c-34ef1aff1b57","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10"]},{"policyDefinitionReferenceId":"ACF1237","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e80b6812-0bfa-4383-8223-cdd86a46a890","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-10(1)"]},{"policyDefinitionReferenceId":"ACF1238","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1239","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0be51298-f643-4556-88af-d7db90794879","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1240","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/129eb39f-d79a-4503-84cd-92f036b5e429","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11"]},{"policyDefinitionReferenceId":"ACF1241","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eca4d7b2-65e2-4e04-95d4-c68606b063c3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CM-11(1)"]},{"policyDefinitionReferenceId":"ACF1242","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf3b3293-667a-445e-a722-fa0b0afc0958","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-1"]},{"policyDefinitionReferenceId":"ACF1243","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ca9a4469-d6df-4ab2-a42f-1213c396f0ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-1"]},{"policyDefinitionReferenceId":"ACF1244","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6a13a8f8-c163-4b1b-8554-d63569dab937","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1245","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0e45314-57b8-4623-80cd-bbb561f59516","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1246","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/398eb61e-8111-40d5-a0c9-003df28f1753","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1247","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e666db5-b2ef-4b06-aac6-09bfce49151b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1248","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50fc602d-d8e0-444b-a039-ad138ee5deb0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1249","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d3bf4251-0818-42db-950b-afd5b25a51c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1250","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8de614d8-a8b7-4f70-a62a-6d37089a002c","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2"]},{"policyDefinitionReferenceId":"ACF1251","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e2b3730-8c14-4081-8893-19dbb5de7348","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(1)"]},{"policyDefinitionReferenceId":"ACF1252","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a328fd72-8ff5-4f96-8c9c-b30ed95db4ab","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(2)"]},{"policyDefinitionReferenceId":"ACF1253","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0afce0b3-dd9f-42bb-af28-1e4284ba8311","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(3)"]},{"policyDefinitionReferenceId":"ACF1254","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/704e136a-4fe0-427c-b829-cd69957f5d2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(4)"]},{"policyDefinitionReferenceId":"ACF1255","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3793f5e-937f-44f7-bfba-40647ef3efa0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(5)"]},{"policyDefinitionReferenceId":"ACF1256","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/232ab24b-810b-4640-9019-74a7d0d6a980","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-2(8)"]},{"policyDefinitionReferenceId":"ACF1257","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b958b241-4245-4bd6-bd2d-b8f0779fb543","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1258","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7814506c-382c-4d33-a142-249dd4a0dbff","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1259","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d9e18f7-bad9-4d30-8806-a0c9d5e26208","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3"]},{"policyDefinitionReferenceId":"ACF1260","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/42254fc4-2738-4128-9613-72aaa4f0d9c3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-3(1)"]},{"policyDefinitionReferenceId":"ACF1261","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/65aeceb5-a59c-4cb1-8d82-9c474be5d431","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1262","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/831e510e-db41-4c72-888e-a0621ab62265","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1263","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41472613-3b05-49f6-8fe8-525af113ce17","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4"]},{"policyDefinitionReferenceId":"ACF1264","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd280d4b-50a1-42fb-a479-ece5878acf19","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(1)"]},{"policyDefinitionReferenceId":"ACF1265","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a18adb5b-1db6-4a5b-901a-7d3797d12972","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(2)"]},{"policyDefinitionReferenceId":"ACF1266","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3b4a3eb2-c25d-40bf-ad41-5094b6f59cee","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-4(2)"]},{"policyDefinitionReferenceId":"ACF1267","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e97ba1d-be5d-4953-8da4-0cccf28f4805","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6"]},{"policyDefinitionReferenceId":"ACF1268","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23f6e984-3053-4dfc-ab48-543b764781f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6"]},{"policyDefinitionReferenceId":"ACF1269","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/19b9439d-865d-4474-b17d-97d2702fdb66","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(1)"]},{"policyDefinitionReferenceId":"ACF1270","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53c76a39-2097-408a-b237-b279f7b4614d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(2)"]},{"policyDefinitionReferenceId":"ACF1271","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da3bfb53-9c46-4010-b3db-a7ba1296dada","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-6(3)"]},{"policyDefinitionReferenceId":"ACF1272","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1273","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e77fcbf2-a1e8-44f1-860e-ed6583761e65","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1274","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2aee175f-cd16-4825-939a-a85349d96210","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7"]},{"policyDefinitionReferenceId":"ACF1275","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a23d9d53-ad2e-45ef-afd5-e6d10900a737","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(1)"]},{"policyDefinitionReferenceId":"ACF1276","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e214e563-1206-4a43-a56b-ac5880c9c571","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(2)"]},{"policyDefinitionReferenceId":"ACF1277","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dc43e829-3d50-4a0a-aa0f-428d551862aa","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(3)"]},{"policyDefinitionReferenceId":"ACF1278","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8e5ef485-9e16-4c53-a475-fbb8107eac59","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-7(4)"]},{"policyDefinitionReferenceId":"ACF1279","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8"]},{"policyDefinitionReferenceId":"ACF1280","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa108498-b3a8-4ffb-9e79-1107e76afad3","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(1)"]},{"policyDefinitionReferenceId":"ACF1281","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8dc459b3-0e77-45af-8d71-cfd8c9654fe2","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(1)"]},{"policyDefinitionReferenceId":"ACF1282","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34042a97-ec6d-4263-93d2-8c1c46823b2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(2)"]},{"policyDefinitionReferenceId":"ACF1283","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9172e76-7f56-46e9-93bf-75d69bdb5491","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(3)"]},{"policyDefinitionReferenceId":"ACF1284","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/942b3e97-6ae3-410e-a794-c9c999b97c0b","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1285","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/01f7726b-db54-45c2-bcb5-9bd7a43796ee","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1286","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4f9b47a-2116-4e6f-88db-4edbf22753f1","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-8(4)"]},{"policyDefinitionReferenceId":"ACF1287","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/819dc6da-289d-476e-8500-7e341ef8677d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1288","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1289","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a724864-956a-496c-b778-637cb1d762cf","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1290","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/92f85ce9-17b7-49ea-85ee-ea7271ea6b82","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9"]},{"policyDefinitionReferenceId":"ACF1291","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(1)"]},{"policyDefinitionReferenceId":"ACF1292","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d03516cf-0293-489f-9b32-a18f2a79f836","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(2)"]},{"policyDefinitionReferenceId":"ACF1293","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/87f7cd82-2e45-4d0f-9e2f-586b0962d142","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(3)"]},{"policyDefinitionReferenceId":"ACF1294","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/49dbe627-2c1e-438c-979e-dd7a39bbf81d","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-9(5)"]},{"policyDefinitionReferenceId":"ACF1295","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a895fbdb-204d-4302-9689-0a59dc42b3d9","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10"]},{"policyDefinitionReferenceId":"ACF1296","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e57b98a0-a011-4956-a79d-5d17ed8b8e48","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10(2)"]},{"policyDefinitionReferenceId":"ACF1297","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93fd8af1-c161-4bae-9ba9-f62731f76439","parameters":{},"groupNames":["NIST_SP_800-53_R4_CP-10(4)"]},{"policyDefinitionReferenceId":"ACF1298","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1dc784b5-4895-4d27-9d40-a06b032bd1ee","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-1"]},{"policyDefinitionReferenceId":"ACF1299","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd4e54f7-9ab0-4bae-b6cc-457809948a89","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-1"]},{"policyDefinitionReferenceId":"ACF1300","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/99deec7d-5526-472e-b07c-3645a792026a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2"]},{"policyDefinitionReferenceId":"ACF1301","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(1)"]},{"policyDefinitionReferenceId":"ACF1302","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09828c65-e323-422b-9774-9d5c646124da","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(2)"]},{"policyDefinitionReferenceId":"ACF1303","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/80ca0a27-918a-4604-af9e-723a27ee51e8","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(3)"]},{"policyDefinitionReferenceId":"ACF1304","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(4)"]},{"policyDefinitionReferenceId":"ACF1305","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d9166a8-1722-4b8f-847c-2cf3f2618b3d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(5)"]},{"policyDefinitionReferenceId":"ACF1306","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(8)"]},{"policyDefinitionReferenceId":"ACF1307","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/84e622c8-4bed-417c-84c6-b2fb0dd73682","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(9)"]},{"policyDefinitionReferenceId":"ACF1308","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/81817e1c-5347-48dd-965a-40159d008229","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(11)"]},{"policyDefinitionReferenceId":"ACF1309","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f355d62b-39a8-4ba3-abf7-90f71cb3b000","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-2(12)"]},{"policyDefinitionReferenceId":"ACF1310","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/450d7ede-823d-4931-a99d-57f6a38807dc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-3"]},{"policyDefinitionReferenceId":"ACF1311","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e7568697-0c9e-4ea3-9cec-9e567d14f3c6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1312","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4d6a5968-9eef-4c18-8534-376790ab7274","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1313","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36220f5b-79a1-4cdb-8c74-2d2449f9a510","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1314","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef0c8530-efd9-45b8-b753-f03083d06295","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1315","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3aa87116-f1a1-4edb-bfbf-14e036f8d454","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4"]},{"policyDefinitionReferenceId":"ACF1316","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ce14753-66e5-465d-9841-26ef55c09c0d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-4(4)"]},{"policyDefinitionReferenceId":"ACF1317","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8877f519-c166-47b7-81b7-8a8eb4ff3775","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1318","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fced5fda-3bdb-4d73-bfea-0e2c80428b66","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1319","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/66f7ae57-5560-4fc5-85c9-659f204e7a42","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1320","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6f54c732-71d4-4f93-a696-4e373eca3a77","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1321","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eb627cc6-3a9d-46b5-96b7-5fca49178a37","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1322","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d1d971e-467e-4278-9633-c74c3d4fecc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1323","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abe8f70b-680f-470c-9b86-a7edfb664ecc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1324","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8cfea2b3-7f77-497e-ac20-0752f2ff6eee","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1325","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1845796a-7581-49b2-ae20-443121538e19","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1326","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8605fc00-1bf5-4fb3-984e-c95cec4f231d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5"]},{"policyDefinitionReferenceId":"ACF1327","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03188d8f-1ae5-4fe1-974d-2d7d32ef937d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1328","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f5c66fdc-3d02-4034-9db5-ba57802609de","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1329","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/498f6234-3e20-4b6a-a880-cbd646d973bd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1330","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f75cedb2-5def-4b31-973e-b69e8c7bd031","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1331","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05460fe2-301f-4ed1-8174-d62c8bb92ff4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1332","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/068260be-a5e6-4b0a-a430-cd27071c226a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(1)"]},{"policyDefinitionReferenceId":"ACF1333","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3298d6bf-4bc6-4278-a95d-f7ef3ac6e594","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1334","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44bfdadc-8c2e-4c30-9c99-f005986fabcd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1335","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/382016f3-d4ba-4e15-9716-55077ec4dc2a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1336","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/77f56280-e367-432a-a3b9-8ca2aa636a26","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(2)"]},{"policyDefinitionReferenceId":"ACF1337","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/463e5220-3f79-4e24-a63f-343e4096cd22","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(3)"]},{"policyDefinitionReferenceId":"ACF1338","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6c59a207-6aed-41dc-83a2-e1ff66e4a4db","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(4)"]},{"policyDefinitionReferenceId":"ACF1339","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/367ae386-db7f-4167-b672-984ff86277c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(6)"]},{"policyDefinitionReferenceId":"ACF1340","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e51ff84b-e5ea-408f-b651-2ecc2933e4c6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(7)"]},{"policyDefinitionReferenceId":"ACF1341","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34cb7e92-fe4c-4826-b51e-8cd203fa5d35","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(8)"]},{"policyDefinitionReferenceId":"ACF1342","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/283a4e29-69d5-4c94-b99e-29acf003c899","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(11)"]},{"policyDefinitionReferenceId":"ACF1343","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c251a55-31eb-4e53-99c6-e9c43c393ac2","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-5(13)"]},{"policyDefinitionReferenceId":"ACF1344","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c895fe7-2d8e-43a2-838c-3a533a5b355e","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-6"]},{"policyDefinitionReferenceId":"ACF1345","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f86aa129-7c07-4aa4-bbf5-792d93ffd9ea","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-7"]},{"policyDefinitionReferenceId":"ACF1346","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/464dc8ce-2200-4720-87a5-dc5952924cc6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8"]},{"policyDefinitionReferenceId":"ACF1347","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/131a2706-61e9-4916-a164-00e052056462","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(1)"]},{"policyDefinitionReferenceId":"ACF1348","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/855ced56-417b-4d74-9d5f-dd1bc81e22d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(2)"]},{"policyDefinitionReferenceId":"ACF1349","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17641f70-94cd-4a5d-a613-3d1143e20e34","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(3)"]},{"policyDefinitionReferenceId":"ACF1350","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d77fd943-6ba6-4a21-ba07-22b03e347cc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_IA-8(4)"]},{"policyDefinitionReferenceId":"ACF1351","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bcfb6683-05e5-4ce6-9723-c3fbe9896bdd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-1"]},{"policyDefinitionReferenceId":"ACF1352","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/518cb545-bfa8-43f8-a108-3b7d5037469a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-1"]},{"policyDefinitionReferenceId":"ACF1353","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c785ad59-f78f-44ad-9a7f-d1202318c748","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1354","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9fd92c17-163a-4511-bb96-bbb476449796","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1355","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90e01f69-3074-4de8-ade7-0fef3e7d83e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2"]},{"policyDefinitionReferenceId":"ACF1356","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8829f8f5-e8be-441e-85c9-85b72a5d0ef3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2(1)"]},{"policyDefinitionReferenceId":"ACF1357","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e4213689-05e8-4241-9d4e-8dd1cdafd105","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-2(2)"]},{"policyDefinitionReferenceId":"ACF1358","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/effbaeef-5bf4-400d-895e-ef8cbc0e64c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-3"]},{"policyDefinitionReferenceId":"ACF1359","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47bc7ea0-7d13-4f7c-a154-b903f7194253","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-3(2)"]},{"policyDefinitionReferenceId":"ACF1360","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/be5b05e7-0b82-4ebc-9eda-25e447b1a41e","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1361","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03ed3be1-7276-4452-9a5d-e4168565ac67","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1362","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5d169442-d6ef-439b-8dca-46c2c3248214","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4"]},{"policyDefinitionReferenceId":"ACF1363","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea3e8156-89a1-45b1-8bd6-938abc79fdfd","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(1)"]},{"policyDefinitionReferenceId":"ACF1364","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c615c2a-dc83-4dda-8220-abce7b50c9bc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(2)"]},{"policyDefinitionReferenceId":"ACF1365","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4116891d-72f7-46ee-911c-8056cc8dcbd5","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(3)"]},{"policyDefinitionReferenceId":"ACF1366","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06c45c30-ae44-4f0f-82be-41331da911cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(4)"]},{"policyDefinitionReferenceId":"ACF1367","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/435b2547-6374-4f87-b42d-6e8dbe6ae62a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(6)"]},{"policyDefinitionReferenceId":"ACF1368","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/465f32da-0ace-4603-8d1b-7be5a3a702de","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-4(8)"]},{"policyDefinitionReferenceId":"ACF1369","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/18cc35ed-a429-486d-8d59-cb47e87304ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-5"]},{"policyDefinitionReferenceId":"ACF1370","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/924e1b2d-c502-478f-bfdb-a7e09a0d5c01","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-5(1)"]},{"policyDefinitionReferenceId":"ACF1371","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9447f354-2c85-4700-93b3-ecdc6cb6a417","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6"]},{"policyDefinitionReferenceId":"ACF1372","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/25b96717-c912-4c00-9143-4e487f411726","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6"]},{"policyDefinitionReferenceId":"ACF1373","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4cca950f-c3b7-492a-8e8f-ea39663c14f9","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-6(1)"]},{"policyDefinitionReferenceId":"ACF1374","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cc5c8616-52ef-4e5e-8000-491634ed9249","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7"]},{"policyDefinitionReferenceId":"ACF1375","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/00379355-8932-4b52-b63a-3bc6daf3451a","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(1)"]},{"policyDefinitionReferenceId":"ACF1376","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/493a95f3-f2e3-47d0-af02-65e6d6decc2f","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(2)"]},{"policyDefinitionReferenceId":"ACF1377","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68434bd1-e14b-4031-9edb-a4adf5f84a67","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-7(2)"]},{"policyDefinitionReferenceId":"ACF1378","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/97fceb70-6983-42d0-9331-18ad8253184d","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1379","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9442dd2c-a07f-46cd-b55a-553b66ba47ca","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1380","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4319b7e-ea8d-42ff-8a67-ccd462972827","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1381","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e5368258-9684-4567-8126-269f34e65eab","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1382","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/841392b3-40da-4473-b328-4cde49db67b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1383","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d4558451-e16a-4d2d-a066-fe12a6282bb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-8"]},{"policyDefinitionReferenceId":"ACF1384","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/79fbc228-461c-4a45-9004-a865ca0728a7","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1385","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3e495e65-8663-49ca-9b38-9f45e800bc58","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1386","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5120193e-91fd-4f9d-bc6d-194f94734065","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1387","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3007185-3857-43a9-8237-06ca94f1084c","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1388","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c7c575a-d4c5-4f6f-bd49-dee97a8cba55","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1389","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c39e6fda-ae70-4891-a739-be7bba6d1062","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9"]},{"policyDefinitionReferenceId":"ACF1390","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3b65b63-09ec-4cb5-8028-7dd324d10eb0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(1)"]},{"policyDefinitionReferenceId":"ACF1391","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd6ac1a1-660e-4810-baa8-74e868e2ed47","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(2)"]},{"policyDefinitionReferenceId":"ACF1392","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86dc819f-15e1-43f9-a271-41ae58d4cecc","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(3)"]},{"policyDefinitionReferenceId":"ACF1393","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/731856d8-1598-4b75-92de-7d46235747c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_IR-9(4)"]},{"policyDefinitionReferenceId":"ACF1394","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4db56f68-3f50-45ab-88f3-ca46f5379a94","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-1"]},{"policyDefinitionReferenceId":"ACF1395","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7207a023-a517-41c5-9df2-09d4c6845a05","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-1"]},{"policyDefinitionReferenceId":"ACF1396","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/276af98f-4ff9-4e69-99fb-c9b2452fb85f","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1397","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/391af4ab-1117-46b9-b2c7-78bbd5cd995b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1398","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/443e8f3d-b51a-45d8-95a7-18b0e42f4dc4","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1399","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2256e638-eb23-480f-9e15-6cf1af0a76b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1400","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a96d5098-a604-4cdf-90b1-ef6449a27424","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1401","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b78ee928-e3c1-4569-ad97-9f8c4b629847","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2"]},{"policyDefinitionReferenceId":"ACF1402","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a560d32-8075-4fec-9615-9f7c853f4ea9","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2(2)"]},{"policyDefinitionReferenceId":"ACF1403","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/57149289-d52b-4f40-9fe6-5233c1ef80f7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-2(2)"]},{"policyDefinitionReferenceId":"ACF1404","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13d8f903-0cd6-449f-a172-50f6579c182b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3"]},{"policyDefinitionReferenceId":"ACF1405","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(1)"]},{"policyDefinitionReferenceId":"ACF1406","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a0f5339c-9292-43aa-a0bc-d27c6b8e30aa","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(2)"]},{"policyDefinitionReferenceId":"ACF1407","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ff9fbd83-1d8d-4b41-aac2-94cb44b33976","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1408","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c5f56ac6-4bb2-4086-bc41-ad76344ba2c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1409","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d1880188-e51a-4772-b2ab-68f5e8bd27f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1410","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2596a9f-e59f-420d-9625-6e0b536348be","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-3(3)"]},{"policyDefinitionReferenceId":"ACF1411","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/898d4fe8-f743-4333-86b7-0c9245d93e7d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1412","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3492d949-0dbb-4589-88b3-7b59601cc764","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1413","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aeedddb6-6bc0-42d5-809b-80048033419d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1414","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ce63a52-e47b-4ae2-adbb-6e40d967f9e6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1415","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/61a1dd98-b259-4840-abd5-fbba7ee0da83","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4"]},{"policyDefinitionReferenceId":"ACF1416","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/38dfd8a3-5290-4099-88b7-4081f4c4d8ae","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(2)"]},{"policyDefinitionReferenceId":"ACF1417","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7522ed84-70d5-4181-afc0-21e50b1b6d0e","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(3)"]},{"policyDefinitionReferenceId":"ACF1418","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28e633fd-284e-4ea7-88b4-02ca157ed713","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(3)"]},{"policyDefinitionReferenceId":"ACF1419","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6747bf9-2b97-45b8-b162-3c8becb9937d","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-4(6)"]},{"policyDefinitionReferenceId":"ACF1420","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05ae08cc-a282-413b-90c7-21a2c60b8404","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1421","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e539caaa-da8c-41b8-9e1e-449851e2f7a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1422","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ea556850-838d-4a37-8ce5-9d7642f95e11","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5"]},{"policyDefinitionReferenceId":"ACF1423","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7741669e-d4f6-485a-83cb-e70ce7cbbc20","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5(1)"]},{"policyDefinitionReferenceId":"ACF1424","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf55fc87-48e1-4676-a2f8-d9a8cf993283","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-5(1)"]},{"policyDefinitionReferenceId":"ACF1425","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5983d99c-f39b-4c32-a3dc-170f19f6941b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MA-6"]},{"policyDefinitionReferenceId":"ACF1426","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21f639bc-f42b-46b1-8f40-7a2a389c291a","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-1"]},{"policyDefinitionReferenceId":"ACF1427","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bc90e44f-d83f-4bdf-900f-3d5eb4111b31","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-1"]},{"policyDefinitionReferenceId":"ACF1428","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a77fcc7-b8d8-451a-ab52-56197913c0c7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-2"]},{"policyDefinitionReferenceId":"ACF1429","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b07c9b24-729e-4e85-95fc-f224d2d08a80","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-3"]},{"policyDefinitionReferenceId":"ACF1430","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f559588-5e53-4b14-a7c4-85d28ebc2234","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-3"]},{"policyDefinitionReferenceId":"ACF1431","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7173c52-2b99-4696-a576-63dd5f970ef4","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-4"]},{"policyDefinitionReferenceId":"ACF1432","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1140e542-b80d-4048-af45-3f7245be274b","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-4"]},{"policyDefinitionReferenceId":"ACF1433","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b879b41-2728-41c5-ad24-9ee2c37cbe65","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1434","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2c18f06b-a68d-41c3-8863-b8cd3acb5f8f","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1435","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fa8d221b-d130-4637-ba16-501e666628bb","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1436","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/28aab8b4-74fd-4b7c-9080-5a7be525d574","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5"]},{"policyDefinitionReferenceId":"ACF1437","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d1eb6ed-bf13-4046-b993-b9e2aef0f76c","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-5(4)"]},{"policyDefinitionReferenceId":"ACF1438","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40fcc635-52a2-4dbc-9523-80a1f4aa1de6","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6"]},{"policyDefinitionReferenceId":"ACF1439","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dce72873-c5f1-47c3-9b4f-6b8207fd5a45","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6"]},{"policyDefinitionReferenceId":"ACF1440","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/881299bf-2a5b-4686-a1b2-321d33679953","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(1)"]},{"policyDefinitionReferenceId":"ACF1441","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6519d7f3-e8a2-4ff3-a935-9a9497152ad7","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(2)"]},{"policyDefinitionReferenceId":"ACF1442","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f26049b-2c5a-4841-9ff3-d48a26aae475","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-6(3)"]},{"policyDefinitionReferenceId":"ACF1443","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cd0ec6fa-a2e7-4361-aee4-a8688659a9ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-7"]},{"policyDefinitionReferenceId":"ACF1444","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/666143df-f5e0-45bd-b554-135f0f93e44e","parameters":{},"groupNames":["NIST_SP_800-53_R4_MP-7(1)"]},{"policyDefinitionReferenceId":"ACF1445","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32d07d59-2716-4972-b37b-214a67ac4a37","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-1"]},{"policyDefinitionReferenceId":"ACF1446","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf6850fe-abba-468e-9ef4-d09ec7d983cd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-1"]},{"policyDefinitionReferenceId":"ACF1447","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9783a99-98fe-4a95-873f-29613309fe9a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1448","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/825d6494-e583-42f2-a3f2-6458e6f0004f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1449","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f784d3b0-5f2b-49b7-b9f3-00ba8653ced5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1450","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/134d7a13-ba3e-41e2-b236-91bfcfa24e01","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-2"]},{"policyDefinitionReferenceId":"ACF1451","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3f1e5a3-25c1-4476-8cb6-3955031f8e65","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1452","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82c76455-4d3f-4e09-a654-22e592107e74","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1453","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9693b564-3008-42bc-9d5d-9c7fe198c011","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1454","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ad58985d-ab32-4f99-8bd3-b7e134c90229","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1455","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/068a88d4-e520-434e-baf0-9005a8164e6a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1456","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/733ba9e3-9e7c-440a-a7aa-6196a90a2870","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1457","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f2d9d3e6-8886-4305-865d-639163e5c305","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3"]},{"policyDefinitionReferenceId":"ACF1458","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c19ceb7-56e9-4488-8ddb-b1eb3aa6d203","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-3(1)"]},{"policyDefinitionReferenceId":"ACF1459","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-4"]},{"policyDefinitionReferenceId":"ACF1460","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6f3ce1bb-4f77-4695-8355-70b08d54fdda","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-5"]},{"policyDefinitionReferenceId":"ACF1461","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aafef03e-fea8-470b-88fa-54bd1fcd7064","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1462","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9b1f3a9a-13a1-4b40-8420-36bca6fd8c02","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1463","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/59721f87-ae25-4db0-a2a4-77cc5b25d495","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6"]},{"policyDefinitionReferenceId":"ACF1464","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/41256567-1795-4684-b00b-a1308ce43cac","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6(1)"]},{"policyDefinitionReferenceId":"ACF1465","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e6e41554-86b5-4537-9f7f-4fc41a1d1640","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-6(4)"]},{"policyDefinitionReferenceId":"ACF1466","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d943a9c-a6f1-401f-a792-740cdb09c451","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8"]},{"policyDefinitionReferenceId":"ACF1467","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5350cbf9-8bdd-4904-b22a-e88be84ca49d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8"]},{"policyDefinitionReferenceId":"ACF1468","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/75603f96-80a1-4757-991d-5a1221765ddd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-8(1)"]},{"policyDefinitionReferenceId":"ACF1469","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-9"]},{"policyDefinitionReferenceId":"ACF1470","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c89ba09f-2e0f-44d0-8095-65b05bd151ef","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1471","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7dd0e9ce-1772-41fb-a50a-99977071f916","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1472","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef869332-921d-4c28-9402-3be73e6e50c8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-10"]},{"policyDefinitionReferenceId":"ACF1473","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d7047705-d719-46a7-8bb0-76ad233eba71","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-11"]},{"policyDefinitionReferenceId":"ACF1474","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/03ad326e-d7a1-44b1-9a76-e17492efc9e4","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-11(1)"]},{"policyDefinitionReferenceId":"ACF1475","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34a63848-30cf-4081-937e-ce1a1c885501","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-12"]},{"policyDefinitionReferenceId":"ACF1476","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f3c4ac2-3e35-4906-a80b-473b12a622d7","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13"]},{"policyDefinitionReferenceId":"ACF1477","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4862a63c-6c74-4a9d-a221-89af3c374503","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(1)"]},{"policyDefinitionReferenceId":"ACF1478","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f997df46-cfbb-4cc8-aac8-3fecdaf6a183","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(2)"]},{"policyDefinitionReferenceId":"ACF1479","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e327b072-281d-4f75-9c28-4216e5d72f26","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-13(3)"]},{"policyDefinitionReferenceId":"ACF1480","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/18a767cc-1947-4338-a240-bc058c81164f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14"]},{"policyDefinitionReferenceId":"ACF1481","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/717a1c78-a267-4f56-ac58-ee6c54dc4339","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14"]},{"policyDefinitionReferenceId":"ACF1482","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9df4277e-8c88-4d5c-9b1a-541d53d15d7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-14(2)"]},{"policyDefinitionReferenceId":"ACF1483","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5cb81060-3c8a-4968-bcdc-395a1801f6c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-15"]},{"policyDefinitionReferenceId":"ACF1484","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/486b006a-3653-45e8-b41c-a052d3e05456","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-15(1)"]},{"policyDefinitionReferenceId":"ACF1485","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50301354-95d0-4a11-8af5-8039ecf6d38b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-16"]},{"policyDefinitionReferenceId":"ACF1486","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb790345-a51f-43de-934e-98dbfaf9dca5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1487","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c3371d-c30c-4f58-abd9-30b8a8199571","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1488","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d8ef30eb-a44f-47af-8524-ac19a36d41d2","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-17"]},{"policyDefinitionReferenceId":"ACF1489","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9d0a794f-1444-4c96-9534-e35fc8c39c91","parameters":{},"groupNames":["NIST_SP_800-53_R4_PE-18"]},{"policyDefinitionReferenceId":"ACF1490","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e61da80-0957-4892-b70c-609d5eaafb6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-1"]},{"policyDefinitionReferenceId":"ACF1491","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1571dd40-dafc-4ef4-8f55-16eba27efc7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-1"]},{"policyDefinitionReferenceId":"ACF1492","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ad5f307-e045-46f7-8214-5bdb7e973737","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1493","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22b469b3-fccf-42da-aa3b-a28e6fb113ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1494","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ed09d84-3311-4853-8b67-2b55dfa33d09","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1495","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4978d0e-a596-48e7-9f8c-bbf52554ce8d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1496","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ca96127-2f87-46ab-a4fc-0d2a786df1c8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2"]},{"policyDefinitionReferenceId":"ACF1497","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2e3c5583-1729-4d36-8771-59c32f090a22","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-2(3)"]},{"policyDefinitionReferenceId":"ACF1498","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/633988b9-cf2f-4323-8394-f0d2af9cd6e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1499","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e59671ab-9720-4ee2-9c60-170e8c82251e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1500","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9dd5b241-03cb-47d3-a5cd-4b89f9c53c92","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1501","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/88817b58-8472-4f6c-81fa-58ce42b67f51","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4"]},{"policyDefinitionReferenceId":"ACF1502","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e901375c-8f01-4ac8-9183-d5312f47fe63","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-4(1)"]},{"policyDefinitionReferenceId":"ACF1503","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c1fa9c2f-d439-4ab9-8b83-81fb1934f81d","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1504","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e7c35d0-12d4-4e0c-80a2-8a352537aefd","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1505","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/813a10a7-3943-4fe3-8678-00dc52db5490","parameters":{},"groupNames":["NIST_SP_800-53_R4_PL-8"]},{"policyDefinitionReferenceId":"ACF1506","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f7d2ff17-d604-4dd9-b607-9ecf63f28ad2","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-1"]},{"policyDefinitionReferenceId":"ACF1507","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86ccd1bf-e7ad-4851-93ce-6ec817469c1e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-1"]},{"policyDefinitionReferenceId":"ACF1508","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/76f500cc-4bca-4583-bda1-6d084dc21086","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1509","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/70792197-9bfc-4813-905a-bd33993e327f","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1510","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/79da5b09-0e7e-499e-adda-141b069c7998","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-2"]},{"policyDefinitionReferenceId":"ACF1511","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a9eae324-d327-4539-9293-b48e122465f8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3"]},{"policyDefinitionReferenceId":"ACF1512","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5a8324ad-f599-429b-aaed-f9c6e8c987a8","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3"]},{"policyDefinitionReferenceId":"ACF1513","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c416970d-b12b-49eb-8af4-fb144cd7c290","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3(3)"]},{"policyDefinitionReferenceId":"ACF1514","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9ed5ca00-0e43-434e-a018-7aab91461ba7","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-3(3)"]},{"policyDefinitionReferenceId":"ACF1515","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02dd141a-a2b2-49a7-bcbd-ca31142f6211","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1516","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/da3cd269-156f-435b-b472-c3af34c032ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1517","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8f5ad423-50d6-4617-b058-69908f5586c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1518","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d58f734-c052-40e9-8b2f-a1c2bff0b815","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1519","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2f13915a-324c-4ab8-b45c-2eefeeefb098","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1520","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f2c513b-eb16-463b-b469-c10e5fa94f0a","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4"]},{"policyDefinitionReferenceId":"ACF1521","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cbddf9c-a3aa-4330-a0f5-4c0c1f1862e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-4(2)"]},{"policyDefinitionReferenceId":"ACF1522","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/38b470cc-f939-4a15-80e0-9f0c74f2e2c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1523","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5577a310-2551-49c8-803b-36e0d5e55601","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1524","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/72f1cb4e-2439-4fe8-88ea-b8671ce3c268","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1525","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9be2f688-7a61-45e3-8230-e1ec93893f66","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-5"]},{"policyDefinitionReferenceId":"ACF1526","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/953e6261-a05a-44fd-8246-000e1a3edbb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1527","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2823de66-332f-4bfd-94a3-3eb036cd3b67","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1528","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/deb9797c-22f8-40e8-b342-a84003c924e6","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-6"]},{"policyDefinitionReferenceId":"ACF1529","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d74fdc92-1cb8-4a34-9978-8556425cd14c","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1530","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e8f9566-29f1-49cd-b61f-f8628a3cf993","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1531","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0643e0c-eee5-4113-8684-c608d05c5236","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1532","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2c66299-9017-4d95-8040-8bdbf7901d52","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1533","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bba2a036-fb3b-4261-b1be-a13dfb5fbcaa","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-7"]},{"policyDefinitionReferenceId":"ACF1534","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8b2b263e-cd05-4488-bcbf-4debec7a17d9","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-8"]},{"policyDefinitionReferenceId":"ACF1535","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9a165d2-967d-4733-8399-1074270dae2e","parameters":{},"groupNames":["NIST_SP_800-53_R4_PS-8"]},{"policyDefinitionReferenceId":"ACF1536","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e40d9de-2ad4-4cb5-8945-23143326a502","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-1"]},{"policyDefinitionReferenceId":"ACF1537","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b19454ca-0d70-42c0-acf5-ea1c1e5726d1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-1"]},{"policyDefinitionReferenceId":"ACF1538","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d7658b2-e827-49c3-a2ae-6d2bd0b45874","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1539","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aabb155f-e7a5-4896-a767-e918bfae2ee0","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1540","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f771f8cb-6642-45cc-9a15-8a41cd5c6977","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-2"]},{"policyDefinitionReferenceId":"ACF1541","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/70f6af82-7be6-44aa-9b15-8b9231b2e434","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1542","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/eab340d0-3d55-4826-a0e5-feebfeb0131d","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1543","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd00b778-b5b5-49c0-a994-734ea7bd3624","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1544","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/43ced7c9-cd53-456b-b0da-2522649a4271","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1545","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3f4b171a-a56b-4328-8112-32cf7f947ee1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-3"]},{"policyDefinitionReferenceId":"ACF1546","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2ce1ea7e-4038-4e53-82f4-63e8859333c1","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1547","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1548","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3afe6c78-6124-4d95-b85c-eb8c0c9539cb","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1549","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d6976a08-d969-4df2-bb38-29556c2eb48a","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1550","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/902908fb-25a8-4225-a3a5-5603c80066c9","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5"]},{"policyDefinitionReferenceId":"ACF1551","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5bbda922-0172-4095-89e6-5b4a0bf03af7","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(1)"]},{"policyDefinitionReferenceId":"ACF1552","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/43684572-e4f1-4642-af35-6b933bc506da","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(2)"]},{"policyDefinitionReferenceId":"ACF1553","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e5225fe-cdfb-4fce-9aec-0fe20dd53b62","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(3)"]},{"policyDefinitionReferenceId":"ACF1554","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/10984b4e-c93e-48d7-bf20-9c03b04e9eca","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(4)"]},{"policyDefinitionReferenceId":"ACF1555","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5afa8cab-1ed7-4e40-884c-64e0ac2059cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(5)"]},{"policyDefinitionReferenceId":"ACF1556","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/391ff8b3-afed-405e-9f7d-ef2f8168d5da","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(6)"]},{"policyDefinitionReferenceId":"ACF1557","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36fbe499-f2f2-41b6-880e-52d7ea1d94a5","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(8)"]},{"policyDefinitionReferenceId":"ACF1558","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/65592b16-4367-42c5-a26e-d371be450e17","parameters":{},"groupNames":["NIST_SP_800-53_R4_RA-5(10)"]},{"policyDefinitionReferenceId":"ACF1559","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45692294-f074-42bd-ac54-16f1a3c07554","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-1"]},{"policyDefinitionReferenceId":"ACF1560","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e29e0915-5c2f-4d09-8806-048b749ad763","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-1"]},{"policyDefinitionReferenceId":"ACF1561","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/40364c3f-c331-4e29-b1e3-2fbe998ba2f5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1562","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d4142013-7964-4163-a313-a900301c2cef","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1563","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9afe2edf-232c-4fdf-8e6a-e867a5c525fd","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-2"]},{"policyDefinitionReferenceId":"ACF1564","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/157f0ef9-143f-496d-b8f9-f8c8eeaad801","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1565","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45ce2396-5c76-4654-9737-f8792ab3d26b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1566","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/50ad3724-e2ac-4716-afcc-d8eabd97adb9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1567","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e72edbf6-aa61-436d-a227-0f32b77194b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-3"]},{"policyDefinitionReferenceId":"ACF1568","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b6a8eae8-9854-495a-ac82-d2cd3eac02a6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1569","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ad2f8e61-a564-4dfd-8eaa-816f5be8cb34","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1570","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7fcf38d-bb09-4600-be7d-825046eb162a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1571","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b11c985b-f2cd-4bd7-85f4-b52426edf905","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1572","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/04f5fb00-80bb-48a9-a75b-4cb4d4c97c36","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1573","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/58c93053-7b98-4cf0-b99f-1beb985416c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1574","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0f935dab-83d6-47b8-85ef-68b8584161b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4"]},{"policyDefinitionReferenceId":"ACF1575","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93e1bb73-1b08-4dbe-9c62-8e2e92e7ec41","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(1)"]},{"policyDefinitionReferenceId":"ACF1576","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f18c885-ade3-48c5-80b1-8f9216019c18","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(2)"]},{"policyDefinitionReferenceId":"ACF1577","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d922484a-8cfc-4a6b-95a4-77d6a685407f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(8)"]},{"policyDefinitionReferenceId":"ACF1578","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/45b7b644-5f91-498e-9d89-7402532d3645","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(9)"]},{"policyDefinitionReferenceId":"ACF1579","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4e54c7ef-7457-430b-9a3e-ef8881d4a8e0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-4(10)"]},{"policyDefinitionReferenceId":"ACF1580","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/854db8ac-6adf-42a0-bef3-b73f764f40b9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1581","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/742b549b-7a25-465f-b83c-ea1ffb4f4e0e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1582","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cd9e2f38-259b-462c-bfad-0ad7ab4e65c5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1583","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0882d488-8e80-4466-bc0f-0cd15b6cb66d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1584","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5864522b-ff1d-4979-a9f8-58bee1fb174c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-5"]},{"policyDefinitionReferenceId":"ACF1585","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d57f8732-5cdc-4cda-8d27-ab148e1f3a55","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-8"]},{"policyDefinitionReferenceId":"ACF1586","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6e3b2fbd-8f37-4766-a64d-3f37703dcb51","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1587","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32820956-9c6d-4376-934c-05cd8525be7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1588","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68ebae26-e0e0-4ecb-8379-aabf633b51e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9"]},{"policyDefinitionReferenceId":"ACF1589","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86ec7f9b-9478-40ff-8cfd-6a0d510081a8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(1)"]},{"policyDefinitionReferenceId":"ACF1590","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf296b8c-f391-4ea4-9198-be3c9d39dd1f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(1)"]},{"policyDefinitionReferenceId":"ACF1591","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f751cdb7-fbee-406b-969b-815d367cb9b3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(2)"]},{"policyDefinitionReferenceId":"ACF1592","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d01ba6c-289f-42fd-a408-494b355b6222","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(4)"]},{"policyDefinitionReferenceId":"ACF1593","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2cd0a426-b5f5-4fe0-9539-a6043cdbc6fa","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-9(5)"]},{"policyDefinitionReferenceId":"ACF1594","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/042ba2a1-8bb8-45f4-b080-c78cf62b90e9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1595","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1e0414e7-6ef5-4182-8076-aa82fbb53341","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1596","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/21e25e01-0ae0-41be-919e-04ce92b8e8b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1597","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/68b250ec-2e4f-4eee-898a-117a9fda7016","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1598","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ae7e1f5e-2d63-4b38-91ef-bce14151cce3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10"]},{"policyDefinitionReferenceId":"ACF1599","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0004bbf0-5099-4179-869e-e9ffe5fb0945","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-10(1)"]},{"policyDefinitionReferenceId":"ACF1600","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c53f3123-d233-44a7-930b-f40d3bfeb7d6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1601","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1602","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ddae2e97-a449-499f-a1c8-aea4a7e52ec9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1603","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2b909c26-162f-47ce-8e15-0c1f55632eac","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1604","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44dbba23-0b61-478e-89c7-b3084667782f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11"]},{"policyDefinitionReferenceId":"ACF1605","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0062eb8b-dc75-4718-8ea5-9bb4a9606655","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(1)"]},{"policyDefinitionReferenceId":"ACF1606","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(2)"]},{"policyDefinitionReferenceId":"ACF1607","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/976a74cf-b192-4d35-8cab-2068f272addb","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-11(8)"]},{"policyDefinitionReferenceId":"ACF1608","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b73b7b3b-677c-4a2a-b949-ad4dc4acd89f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-12"]},{"policyDefinitionReferenceId":"ACF1609","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9e93fa71-42ac-41a7-b177-efbfdc53c69f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-15"]},{"policyDefinitionReferenceId":"ACF1610","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9f3fb54-4222-46a1-a308-4874061f8491","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-15"]},{"policyDefinitionReferenceId":"ACF1611","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-16"]},{"policyDefinitionReferenceId":"ACF1612","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2037b3d-8b04-4171-8610-e6d4f1d08db5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1613","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fe2ad78b-8748-4bff-a924-f74dfca93f30","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1614","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8154e3b3-cc52-40be-9407-7756581d71f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SA-17"]},{"policyDefinitionReferenceId":"ACF1615","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f35e02aa-0a55-49f8-8811-8abfa7e6f2c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-1"]},{"policyDefinitionReferenceId":"ACF1616","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2006457a-48b3-4f7b-8d2e-1532287f9929","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-1"]},{"policyDefinitionReferenceId":"ACF1617","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a631d8f5-eb81-4f9d-9ee1-74431371e4a3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-2"]},{"policyDefinitionReferenceId":"ACF1618","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f52f89aa-4489-4ec4-950e-8c96a036baa9","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-3"]},{"policyDefinitionReferenceId":"ACF1619","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c722e569-cb52-45f3-a643-836547d016e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-4"]},{"policyDefinitionReferenceId":"ACF1620","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d17c826b-1dec-43e1-a984-7b71c446649c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-5"]},{"policyDefinitionReferenceId":"ACF1621","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3cb9f731-744a-4691-a481-ca77b0411538","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-6"]},{"policyDefinitionReferenceId":"ACF1622","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ecf56554-164d-499a-8d00-206b07c27bed","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1623","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/02ce1b22-412a-4528-8630-c42146f917ed","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1624","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37d079e3-d6aa-4263-a069-dd7ac6dd9684","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7"]},{"policyDefinitionReferenceId":"ACF1625","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b9b66a4d-70a1-4b47-8fa1-289cec68c605","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(3)"]},{"policyDefinitionReferenceId":"ACF1626","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e8f6bddd-6d67-439a-88d4-c5fe39a79341","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1627","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd73310d-76fc-422d-bda4-3a077149f179","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1628","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/67de62b4-a737-4781-8861-3baed3c35069","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1629","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c171b095-7756-41de-8644-a062a96043f2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1630","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3643717a-3897-4bfd-8530-c7c96b26b2a0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(4)"]},{"policyDefinitionReferenceId":"ACF1631","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/74ae9b8e-e7bb-4c9c-992f-c535282f7a2c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(5)"]},{"policyDefinitionReferenceId":"ACF1632","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4ce9073a-77fa-48f0-96b1-87aa8e6091c2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(7)"]},{"policyDefinitionReferenceId":"ACF1633","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/07557aa0-e02f-4460-9a81-8ecd2fed601a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(8)"]},{"policyDefinitionReferenceId":"ACF1634","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/292a7c44-37fa-4c68-af7c-9d836955ded2","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(10)"]},{"policyDefinitionReferenceId":"ACF1635","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(12)"]},{"policyDefinitionReferenceId":"ACF1636","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7b694eed-7081-43c6-867c-41c76c961043","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(13)"]},{"policyDefinitionReferenceId":"ACF1637","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4075bedc-c62a-4635-bede-a01be89807f3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(18)"]},{"policyDefinitionReferenceId":"ACF1638","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/49b99653-32cd-405d-a135-e7d60a9aae1f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(20)"]},{"policyDefinitionReferenceId":"ACF1639","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/78e8e649-50f6-4fe3-99ac-fedc2e63b03f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-7(21)"]},{"policyDefinitionReferenceId":"ACF1640","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/05a289ce-6a20-4b75-a0f3-dc8601b6acd0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8"]},{"policyDefinitionReferenceId":"ACF1641","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d39d4f68-7346-4133-8841-15318a714a24","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-8(1)"]},{"policyDefinitionReferenceId":"ACF1642","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/53397227-5ee3-4b23-9e5e-c8a767ce6928","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-10"]},{"policyDefinitionReferenceId":"ACF1643","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d8d492c-dd7a-46f7-a723-fa66a425b87c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12"]},{"policyDefinitionReferenceId":"ACF1644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7211477-c970-446b-b4af-062f37461147","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(1)"]},{"policyDefinitionReferenceId":"ACF1645","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/afbd0baf-ff1a-4447-a86f-088a97347c0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(2)"]},{"policyDefinitionReferenceId":"ACF1646","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/506814fa-b930-4b10-894e-a45b98c40e1a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-12(3)"]},{"policyDefinitionReferenceId":"ACF1647","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/791cfc15-6974-42a0-9f4c-2d4b82f4a78c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-13"]},{"policyDefinitionReferenceId":"ACF1648","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3a9eb14b-495a-4ebb-933c-ce4ef5264e32","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-15"]},{"policyDefinitionReferenceId":"ACF1649","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26d292cc-b0b8-4c29-9337-68abc758bf7b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-15"]},{"policyDefinitionReferenceId":"ACF1650","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201d3740-bd16-4baf-b4b8-7cda352228b7","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-17"]},{"policyDefinitionReferenceId":"ACF1651","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6db63528-c9ba-491c-8a80-83e1e6977a50","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1652","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6998e84a-2d29-4e10-8962-76754d4f772d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1653","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-18"]},{"policyDefinitionReferenceId":"ACF1654","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0a2ee16e-ab1f-414a-800b-d1608835862b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-19"]},{"policyDefinitionReferenceId":"ACF1655","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/121eab72-390e-4629-a7e2-6d6184f57c6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-19"]},{"policyDefinitionReferenceId":"ACF1656","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1cb067d5-c8b5-4113-a7ee-0a493633924b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-20"]},{"policyDefinitionReferenceId":"ACF1657","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/90f01329-a100-43c2-af31-098996135d2b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-20"]},{"policyDefinitionReferenceId":"ACF1658","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/063b540e-4bdc-4e7a-a569-3a42ddf22098","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-21"]},{"policyDefinitionReferenceId":"ACF1659","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/35a4102f-a778-4a2e-98c2-971056288df8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-22"]},{"policyDefinitionReferenceId":"ACF1660","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/63096613-ce83-43e5-96f4-e588e8813554","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-23"]},{"policyDefinitionReferenceId":"ACF1661","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4c643c9a-1be7-4016-a5e7-e4bada052920","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-23(1)"]},{"policyDefinitionReferenceId":"ACF1662","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/165cb91f-7ea8-4ab7-beaf-8636b98c9d15","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-24"]},{"policyDefinitionReferenceId":"ACF1663","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60171210-6dde-40af-a144-bf2670518bfa","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28"]},{"policyDefinitionReferenceId":"ACF1664","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2cdf6b8-9505-4619-b579-309ba72037ac","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-28(1)"]},{"policyDefinitionReferenceId":"ACF1665","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5df3a55c-8456-44d4-941e-175f79332512","parameters":{},"groupNames":["NIST_SP_800-53_R4_SC-39"]},{"policyDefinitionReferenceId":"ACF1666","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12e30ee3-61e6-4509-8302-a871e8ebb91e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-1"]},{"policyDefinitionReferenceId":"ACF1667","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d61880dc-6e38-4f2a-a30c-3406a98f8220","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-1"]},{"policyDefinitionReferenceId":"ACF1668","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8fb0966e-be1d-42c3-baca-60df5c0bcc61","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1669","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48f2f62b-5743-4415-a143-288adc0e078d","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1670","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c6108469-57ee-4666-af7e-79ba61c7ae0c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1671","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c5bbef7-a316-415b-9b38-29753ce8e698","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2"]},{"policyDefinitionReferenceId":"ACF1672","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b45fe972-904e-45a4-ac20-673ba027a301","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(1)"]},{"policyDefinitionReferenceId":"ACF1673","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dff0b90d-5a6f-491c-b2f8-b90aa402d844","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(2)"]},{"policyDefinitionReferenceId":"ACF1674","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93e9e233-dd0a-4bde-aea5-1371bce0e002","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(3)"]},{"policyDefinitionReferenceId":"ACF1675","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/facb66e0-1c48-478a-bed5-747a312323e1","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-2(3)"]},{"policyDefinitionReferenceId":"ACF1676","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c10fb58b-56a8-489e-9ce3-7ffe24e78e4b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1677","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4a248e1e-040f-43e5-bff2-afc3a57a3923","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1678","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd533cb0-b416-4be7-8e86-4d154824dfd7","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1679","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2cf42a28-193e-41c5-98df-7688e7ef0a88","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3"]},{"policyDefinitionReferenceId":"ACF1680","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/399cd6ee-0e18-41db-9dea-cde3bd712f38","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(1)"]},{"policyDefinitionReferenceId":"ACF1681","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12623e7e-4736-4b2e-b776-c1600f35f93a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(2)"]},{"policyDefinitionReferenceId":"ACF1682","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/62b638c5-29d7-404b-8d93-f21e4b1ce198","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-3(7)"]},{"policyDefinitionReferenceId":"ACF1683","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8c79fee4-88dd-44ce-bbd4-4de88948c4f8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1684","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16bfdb59-db38-47a5-88a9-2e9371a638cf","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1685","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36b0ef30-366f-4b1b-8652-a3511df11f53","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1686","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e17085c5-0be8-4423-b39b-a52d3d1402e5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1687","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a87fc7f-301e-49f3-ba2a-4d74f424fa97","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1688","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/063c3f09-e0f0-4587-8fd5-f4276fae675f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1689","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/de901f2f-a01a-4456-97f0-33cda7966172","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4"]},{"policyDefinitionReferenceId":"ACF1690","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a2567a23-d1c3-4783-99f3-d471302a4d6b","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(1)"]},{"policyDefinitionReferenceId":"ACF1691","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/71475fb4-49bd-450b-a1a5-f63894c24725","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(2)"]},{"policyDefinitionReferenceId":"ACF1692","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ecda928-9df4-4dd7-8f44-641a91e470e8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(4)"]},{"policyDefinitionReferenceId":"ACF1693","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a450eba6-2efc-4a00-846a-5804a93c6b77","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(5)"]},{"policyDefinitionReferenceId":"ACF1694","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/426c4ac9-ff17-49d0-acd7-a13c157081c0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(11)"]},{"policyDefinitionReferenceId":"ACF1695","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/13fcf812-ec82-4eda-9b89-498de9efd620","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(14)"]},{"policyDefinitionReferenceId":"ACF1696","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69d2a238-20ab-4206-a6dc-f302bf88b1b8","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(16)"]},{"policyDefinitionReferenceId":"ACF1697","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9873db2-18ad-46b3-a11a-1a1f8cbf0335","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(18)"]},{"policyDefinitionReferenceId":"ACF1698","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/31b752c1-05a9-432a-8fce-c39b56550119","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(19)"]},{"policyDefinitionReferenceId":"ACF1699","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/69c7bee8-bc19-4129-a51e-65a7b39d3e7c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(20)"]},{"policyDefinitionReferenceId":"ACF1700","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(22)"]},{"policyDefinitionReferenceId":"ACF1701","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f25bc08f-27cb-43b6-9a23-014d00700426","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(23)"]},{"policyDefinitionReferenceId":"ACF1702","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4dfc0855-92c4-4641-b155-a55ddd962362","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-4(24)"]},{"policyDefinitionReferenceId":"ACF1703","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/804faf7d-b687-40f7-9f74-79e28adf4205","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1704","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d44b6fa-1134-4ea6-ad4e-9edb68f65429","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1705","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f82e3639-fa2b-4e06-a786-932d8379b972","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1706","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f475ee0e-f560-4c9b-876b-04a77460a404","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5"]},{"policyDefinitionReferenceId":"ACF1707","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/fd4a2ac8-868a-4702-a345-6c896c3361ce","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-5(1)"]},{"policyDefinitionReferenceId":"ACF1708","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7a1e2c88-13de-4959-8ee7-47e3d74f1f48","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1709","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/025992d6-7fee-4137-9bbf-2ffc39c0686c","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1710","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af2a93c8-e6dd-4c94-acdd-4a2eedfc478e","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1711","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b083a535-a66a-41ec-ba7f-f9498bf67cde","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-6"]},{"policyDefinitionReferenceId":"ACF1712","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44e543aa-41db-42aa-98eb-8a5eb1db53f0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7"]},{"policyDefinitionReferenceId":"ACF1713","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0d87c70b-5012-48e9-994b-e70dd4b8def0","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(1)"]},{"policyDefinitionReferenceId":"ACF1714","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e12494fa-b81e-4080-af71-7dbacc2da0ec","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(2)"]},{"policyDefinitionReferenceId":"ACF1715","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/dd469ae0-71a8-4adc-aafc-de6949ca3339","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(5)"]},{"policyDefinitionReferenceId":"ACF1716","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e54c325e-42a0-4dcf-b105-046e0f6f590f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(7)"]},{"policyDefinitionReferenceId":"ACF1717","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(14)"]},{"policyDefinitionReferenceId":"ACF1718","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0dced7ab-9ce5-4137-93aa-14c13e06ab17","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-7(14)"]},{"policyDefinitionReferenceId":"ACF1719","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c13da9b4-fe14-4fe2-853a-5997c9d4215a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8"]},{"policyDefinitionReferenceId":"ACF1720","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44b9a7cd-f36a-491a-a48b-6d04ae7c4221","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8"]},{"policyDefinitionReferenceId":"ACF1721","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8(1)"]},{"policyDefinitionReferenceId":"ACF1722","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1da06bd-25b6-4127-a301-c313d6873fff","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-8(2)"]},{"policyDefinitionReferenceId":"ACF1723","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e91927a0-ac1d-44a0-95f8-5185f9dfce9f","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-10"]},{"policyDefinitionReferenceId":"ACF1724","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d07594d1-0307-4c08-94db-5d71ff31f0f6","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-11"]},{"policyDefinitionReferenceId":"ACF1725","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/afc234b5-456b-4aa5-b3e2-ce89108124cc","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-11"]},{"policyDefinitionReferenceId":"ACF1726","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/baff1279-05e0-4463-9a70-8ba5de4c7aa4","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-12"]},{"policyDefinitionReferenceId":"ACF1727","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/697175a7-9715-4e89-b98b-c6f605888fa3","parameters":{},"groupNames":["NIST_SP_800-53_R4_SI-16"]}],"policyDefinitionGroups":[{"name":"NIST_SP_800-53_R4_AC-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-1"},{"name":"NIST_SP_800-53_R4_AC-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-10"},{"name":"NIST_SP_800-53_R4_AC-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-11(1)"},{"name":"NIST_SP_800-53_R4_AC-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-11"},{"name":"NIST_SP_800-53_R4_AC-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-12(1)"},{"name":"NIST_SP_800-53_R4_AC-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-12"},{"name":"NIST_SP_800-53_R4_AC-14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-14"},{"name":"NIST_SP_800-53_R4_AC-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_
+ AC-16"},{"name":"NIST_SP_800-53_R4_AC-17(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(1)"},{"name":"NIST_SP_800-53_R4_AC-17(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(2)"},{"name":"NIST_SP_800-53_R4_AC-17(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(3)"},{"name":"NIST_SP_800-53_R4_AC-17(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(4)"},{"name":"NIST_SP_800-53_R4_AC-17(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(9)"},{"name":"NIST_SP_800-53_R4_AC-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17"},{"name":"NIST_SP_800-53_R4_AC-18(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(1)"},{"name":"NIST_SP_800-53_R4_AC-18(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(3)"},{"name":"NIST_SP_800-53_R4_AC-18(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(4)"},{"name":"NIST_SP_800-53_R4_AC-18(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(5)"},{"name":"NIST_SP_800-53_R4_AC-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18"},{"name":"NIST_SP_800-53_R4_AC-19(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-19(5)"},{"name":"NIST_SP_800-53_R4_AC-19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-19"},{"name":"NIST_SP_800-53_R4_AC-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(1)"},{"name":"NIST_SP_800-53_R4_AC-2(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(10)"},{"name":"NIST_SP_800-53_R4_AC-2(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(11)"},{"name":"NIST_SP_800-53_R4_AC-2(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(12)"},{"name":"NIST_SP_800-53_R4_AC-2(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(13)"},{"name":"NIST_SP_800-53_R4_AC-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(2)"},{"name":"NIST_SP_800-53_R4_AC-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(3)"},{"name":"NIST_SP_800-53_R4_AC-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(4)"},{"name":"NIST_SP_800-53_R4_AC-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(5)"},{"name":"NIST_SP_800-53_R4_AC-2(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(7)"},{"name":"NIST_SP_800-53_R4_AC-2(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(9)"},{"name":"NIST_SP_800-53_R4_AC-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2"},{"name":"NIST_SP_800-53_R4_AC-20(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20(1)"},{"name":"NIST_SP_800-53_R4_AC-20(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20(2)"},{"name":"NIST_SP_800-53_R4_AC-20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20"},{"name":"NIST_SP_800-53_R4_AC-21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-21"},{"name":"NIST_SP_800-53_R4_AC-22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-22"},{"name":"NIST_SP_800-53_R4_AC-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-3"},{"name":"NIST_SP_800-53_R4_AC-4(21)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4(21)"},{"name":"NIST_SP_800-53_R4_AC-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4(8)"},{"name":"NIST_SP_800-53_R4_AC-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4"},{"name":"NIST_SP_800-53_R4_AC-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-5"},{"name":"NIST_SP_800-53_R4_AC-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(1)"},{"name":"NIST_SP_800-53_R4_AC-6(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(10)"},{"name":"NIST_SP_800-53_R4_AC-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(2)"},{"name":"NIST_SP_800-53_R4_AC-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(3)"},{"name":"NIST_SP_800-53_R4_AC-6(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(5)"},{"name":"NIST_SP_800-53_R4_AC-6(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(7)"},{"name":"NIST_SP_800-53_R4_AC-6(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(8)"},{"name":"NIST_SP_800-53_R4_AC-6(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(9)"},{"name":"NIST_SP_800-53_R4_AC-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6"},{"name":"NIST_SP_800-53_R4_AC-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-7(2)"},{"name":"NIST_SP_800-53_R4_AC-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-7"},{"name":"NIST_SP_800-53_R4_AC-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-8"},{"name":"NIST_SP_800-53_R4_AT-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-1"},{"name":"NIST_SP_800-53_R4_AT-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-2(2)"},{"name":"NIST_SP_800-53_R4_AT-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-2"},{"name":"NIST_SP_800-53_R4_AT-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3(3)"},{"name":"NIST_SP_800-53_R4_AT-3(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3(4)"},{"name":"NIST_SP_800-53_R4_AT-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3"},{"name":"NIST_SP_800-53_R4_AT-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-4"},{"name":"NIST_SP_800-53_R4_AU-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-1"},{"name":"NIST_SP_800-53_R4_AU-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-10"},{"name":"NIST_SP_800-53_R4_AU-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-11"},{"name":"NIST_SP_800-53_R4_AU-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12(1)"},{"name":"NIST_SP_800-53_R4_AU-12(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12(3)"},{"name":"NIST_SP_800-53_R4_AU-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12"},{"name":"NIST_SP_800-53_R4_AU-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-2(3)"},{"name":"NIST_SP_800-53_R4_AU-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-2"},{"name":"NIST_SP_800-53_R4_AU-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3(1)"},{"name":"NIST_SP_800-53_R4_AU-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3(2)"},{"name":"NIST_SP_800-53_R4_AU-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3"},{"name":"NIST_SP_800-53_R4_AU-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-4"},{"name":"NIST_SP_800-53_R4_AU-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5(1)"},{"name":"NIST_SP_800-53_R4_AU-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5(2)"},{"name":"NIST_SP_800-53_R4_AU-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5"},{"name":"NIST_SP_800-53_R4_AU-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(1)"},{"name":"NIST_SP_800-53_R4_AU-6(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(10)"},{"name":"NIST_SP_800-53_R4_AU-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(3)"},{"name":"NIST_SP_800-53_R4_AU-6(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(4)"},{"name":"NIST_SP_800-53_R4_AU-6(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(5)"},{"name":"NIST_SP_800-53_R4_AU-6(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(6)"},{"name":"NIST_SP_800-53_R4_AU-6(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(7)"},{"name":"NIST_SP_800-53_R4_AU-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6"},{"name":"NIST_SP_800-53_R4_AU-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-7(1)"},{"name":"NIST_SP_800-53_R4_AU-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-7"},{"name":"NIST_SP_800-53_R4_AU-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-8(1)"},{"name":"NIST_SP_800-53_R4_AU-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-8"},{"name":"NIST_SP_800-53_R4_AU-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(2)"},{"name":"NIST_SP_800-53_R4_AU-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(3)"},{"name":"NIST_SP_800-53_R4_AU-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(4)"},{"name":"NIST_SP_800-53_R4_AU-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9"},{"name":"NIST_SP_800-53_R4_CA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-1"},{"name":"NIST_SP_800-53_R4_CA-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(1)"},{"name":"NIST_SP_800-53_R4_CA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(2)"},{"name":"NIST_SP_800-53_R4_CA-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(3)"},{"name":"NIST_SP_800-53_R4_CA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2"},{"name":"NIST_SP_800-53_R4_CA-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3(3)"},{"name":"NIST_SP_800-53_R4_CA-3(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3(5)"},{"name":"NIST_SP_800-53_R4_CA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3"},{"name":"NIST_SP_800-53_R4_CA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-5"},{"name":"NIST_SP_800-53_R4_CA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-6"},{"name":"NIST_SP_800-53_R4_CA-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7(1)"},{"name":"NIST_SP_800-53_R4_CA-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7(3)"},{"name":"NIST_SP_800-53_R4_CA-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7"},{"name":"NIST_SP_800-53_R4_CA-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-8(1)"},{"name":"NIST_SP_800-53_R4_CA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-8"},{"name":"NIST_SP_800-53_R4_CA-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-9"},{"name":"NIST_SP_800-53_R4_CM-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-1"},{"name":"NIST_SP_800-53_R4_CM-10(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-10(1)"},{"name":"NIST_SP_800-53_R4_CM-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-10"},{"name":"NIST_SP_800-53_R4_CM-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-11(1)"},{"name":"NIST_SP_800-53_R4_CM-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-11"},{"name":"NIST_SP_800-53_R4_CM-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(1)"},{"name":"NIST_SP_800-53_R4_CM-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(2)"},{"name":"NIST_SP_800-53_R4_CM-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(3)"},{"name":"NIST_SP_800-53_R4_CM-2(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(7)"},{"name":"NIST_SP_800-53_R4_CM-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2"},{"name":"NIST_SP_800-53_R4_CM-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(1)"},{"name":"NIST_SP_800-53_R4_CM-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(2)"},{"name":"NIST_SP_800-53_R4_CM-3(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(4)"},{"name":"NIST_SP_800-53_R4_CM-3(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(6)"},{"name":"NIST_SP_800-53_R4_CM-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3"},{"name":"NIST_SP_800-53_R4_CM-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-4(1)"},{"name":"NIST_SP_800-53_R4_CM-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-4"},{"name":"NIST_SP_800-53_R4_CM-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(1)"},{"name":"NIST_SP_800-53_R4_CM-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(2)"},{"name":"NIST_SP_800-53_R4_CM-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(3)"},{"name":"NIST_SP_800-53_R4_CM-5(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(5)"},{"name":"NIST_SP_800-53_R4_CM-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5"},{"name":"NIST_SP_800-53_R4_CM-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6(1)"},{"name":"NIST_SP_800-53_R4_CM-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6(2)"},{"name":"NIST_SP_800-53_R4_CM-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6"},{"name":"NIST_SP_800-53_R4_CM-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(1)"},{"name":"NIST_SP_800-53_R4_CM-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(2)"},{"name":"NIST_SP_800-53_R4_CM-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(5)"},{"name":"NIST_SP_800-53_R4_CM-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7"},{"name":"NIST_SP_800-53_R4_CM-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(1)"},{"name":"NIST_SP_800-53_R4_CM-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(2)"},{"name":"NIST_SP_800-53_R4_CM-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(3)"},{"name":"NIST_SP_800-53_R4_CM-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(4)"},{"name":"NIST_SP_800-53_R4_CM-8(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(5)"},{"name":"NIST_SP_800-53_R4_CM-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8"},{"name":"NIST_SP_800-53_R4_CM-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-9"},{"name":"NIST_SP_800-53_R4_CP-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-1"},{"name":"NIST_SP_800-53_R4_CP-10(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10(2)"},{"name":"NIST_SP_800-53_R4_CP-10(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10(4)"},{"name":"NIST_SP_800-53_R4_CP-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10"},{"name":"NIST_SP_800-53_R4_CP-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(1)"},{"name":"NIST_SP_800-53_R4_CP-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(2)"},{"name":"NIST_SP_800-53_R4_CP-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(3)"},{"name":"NIST_SP_800-53_R4_CP-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(4)"},{"name":"NIST_SP_800-53_R4_CP-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(5)"},{"name":"NIST_SP_800-53_R4_CP-2(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(8)"},{"name":"NIST_SP_800-53_R4_CP-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2"},{"name":"NIST_SP_800-53_R4_CP-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-3(1)"},{"name":"NIST_SP_800-53_R4_CP-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-3"},{"name":"NIST_SP_800-53_R4_CP-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4(1)"},{"name":"NIST_SP_800-53_R4_CP-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4(2)"},{"name":"NIST_SP_800-53_R4_CP-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4"},{"name":"NIST_SP_800-53_R4_CP-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(1)"},{"name":"NIST_SP_800-53_R4_CP-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(2)"},{"name":"NIST_SP_800-53_R4_CP-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(3)"},{"name":"NIST_SP_800-53_R4_CP-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6"},{"name":"NIST_SP_800-53_R4_CP-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(1)"},{"name":"NIST_SP_800-53_R4_CP-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(2)"},{"name":"NIST_SP_800-53_R4_CP-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(3)"},{"name":"NIST_SP_800-53_R4_CP-7(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(4)"},{"name":"NIST_SP_800-53_R4_CP-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7"},{"name":"NIST_SP_800-53_R4_CP-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(1)"},{"name":"NIST_SP_800-53_R4_CP-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(2)"},{"name":"NIST_SP_800-53_R4_CP-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(3)"},{"name":"NIST_SP_800-53_R4_CP-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(4)"},{"name":"NIST_SP_800-53_R4_CP-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8"},{"name":"NIST_SP_800-53_R4_CP-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(1)"},{"name":"NIST_SP_800-53_R4_CP-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(2)"},{"name":"NIST_SP_800-53_R4_CP-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(3)"},{"name":"NIST_SP_800-53_R4_CP-9(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(5)"},{"name":"NIST_SP_800-53_R4_CP-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9"},{"name":"NIST_SP_800-53_R4_IA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-1"},{"name":"NIST_SP_800-53_R4_IA-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(1)"},{"name":"NIST_SP_800-53_R4_IA-2(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(11)"},{"name":"NIST_SP_800-53_R4_IA-2(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(12)"},{"name":"NIST_SP_800-53_R4_IA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(2)"},{"name":"NIST_SP_800-53_R4_IA-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(3)"},{"name":"NIST_SP_800-53_R4_IA-2(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(4)"},{"name":"NIST_SP_800-53_R4_IA-2(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(5)"},{"name":"NIST_SP_800-53_R4_IA-2(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(8)"},{"name":"NIST_SP_800-53_R4_IA-2(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(9)"},{"name":"NIST_SP_800-53_R4_IA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2"},{"name":"NIST_SP_800-53_R4_IA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-3"},{"name":"NIST_SP_800-53_R4_IA-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-4(4)"},{"name":"NIST_SP_800-53_R4_IA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-4"},{"name":"NIST_SP_800-53_R4_IA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(1)"},{"name":"NIST_SP_800-53_R4_IA-5(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(11)"},{"name":"NIST_SP_800-53_R4_IA-5(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(13)"},{"name":"NIST_SP_800-53_R4_IA-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(2)"},{"name":"NIST_SP_800-53_R4_IA-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(3)"},{"name":"NIST_SP_800-53_R4_IA-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(4)"},{"name":"NIST_SP_800-53_R4_IA-5(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(6)"},{"name":"NIST_SP_800-53_R4_IA-5(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(7)"},{"name":"NIST_SP_800-53_R4_IA-5(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(8)"},{"name":"NIST_SP_800-53_R4_IA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5"},{"name":"NIST_SP_800-53_R4_IA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-6"},{"name":"NIST_SP_800-53_R4_IA-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-7"},{"name":"NIST_SP_800-53_R4_IA-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(1)"},{"name":"NIST_SP_800-53_R4_IA-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(2)"},{"name":"NIST_SP_800-53_R4_IA-8(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(3)"},{"name":"NIST_SP_800-53_R4_IA-8(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(4)"},{"name":"NIST_SP_800-53_R4_IA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8"},{"name":"NIST_SP_800-53_R4_IR-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-1"},{"name":"NIST_SP_800-53_R4_IR-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2(1)"},{"name":"NIST_SP_800-53_R4_IR-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2(2)"},{"name":"NIST_SP_800-53_R4_IR-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2"},{"name":"NIST_SP_800-53_R4_IR-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-3(2)"},{"name":"NIST_SP_800-53_R4_IR-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-3"},{"name":"NIST_SP_800-53_R4_IR-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(1)"},{"name":"NIST_SP_800-53_R4_IR-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(2)"},{"name":"NIST_SP_800-53_R4_IR-4(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(3)"},{"name":"NIST_SP_800-53_R4_IR-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(4)"},{"name":"NIST_SP_800-53_R4_IR-4(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(6)"},{"name":"NIST_SP_800-53_R4_IR-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(8)"},{"name":"NIST_SP_800-53_R4_IR-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4"},{"name":"NIST_SP_800-53_R4_IR-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-5(1)"},{"name":"NIST_SP_800-53_R4_IR-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-5"},{"name":"NIST_SP_800-53_R4_IR-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-6(1)"},{"name":"NIST_SP_800-53_R4_IR-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-6"},{"name":"NIST_SP_800-53_R4_IR-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7(1)"},{"name":"NIST_SP_800-53_R4_IR-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7(2)"},{"name":"NIST_SP_800-53_R4_IR-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7"},{"name":"NIST_SP_800-53_R4_IR-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-8"},{"name":"NIST_SP_800-53_R4_IR-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(1)"},{"name":"NIST_SP_800-53_R4_IR-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(2)"},{"name":"NIST_SP_800-53_R4_IR-9(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(3)"},{"name":"NIST_SP_800-53_R4_IR-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(4)"},{"name":"NIST_SP_800-53_R4_IR-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9"},{"name":"NIST_SP_800-53_R4_MA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-1"},{"name":"NIST_SP_800-53_R4_MA-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-2(2)"},{"name":"NIST_SP_800-53_R4_MA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-2"},{"name":"NIST_SP_800-53_R4_MA-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(1)"},{"name":"NIST_SP_800-53_R4_MA-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(2)"},{"name":"NIST_SP_800-53_R4_MA-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(3)"},{"name":"NIST_SP_800-53_R4_MA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3"},{"name":"NIST_SP_800-53_R4_MA-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(2)"},{"name":"NIST_SP_800-53_R4_MA-4(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(3)"},{"name":"NIST_SP_800-53_R4_MA-4(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(6)"},{"name":"NIST_SP_800-53_R4_MA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4"},{"name":"NIST_SP_800-53_R4_MA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-5(1)"},{"name":"NIST_SP_800-53_R4_MA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-5"},{"name":"NIST_SP_800-53_R4_MA-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-6"},{"name":"NIST_SP_800-53_R4_MP-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-1"},{"name":"NIST_SP_800-53_R4_MP-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-2"},{"name":"NIST_SP_800-53_R4_MP-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-3"},{"name":"NIST_SP_800-53_R4_MP-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-4"},{"name":"NIST_SP_800-53_R4_MP-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-5(4)"},{"name":"NIST_SP_800-53_R4_MP-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-5"},{"name":"NIST_SP_800-53_R4_MP-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(1)"},{"name":"NIST_SP_800-53_R4_MP-6(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(2)"},{"name":"NIST_SP_800-53_R4_MP-6(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(3)"},{"name":"NIST_SP_800-53_R4_MP-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6"},{"name":"NIST_SP_800-53_R4_MP-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-7(1)"},{"name":"NIST_SP_800-53_R4_MP-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-7"},{"name":"NIST_SP_800-53_R4_PE-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-1"},{"name":"NIST_SP_800-53_R4_PE-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-10"},{"name":"NIST_SP_800-53_R4_PE-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-11(1)"},{"name":"NIST_SP_800-53_R4_PE-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-11"},{"name":"NIST_SP_800-53_R4_PE-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-12"},{"name":"NIST_SP_800-53_R4_PE-13(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(1)"},{"name":"NIST_SP_800-53_R4_PE-13(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(2)"},{"name":"NIST_SP_800-53_R4_PE-13(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(3)"},{"name":"NIST_SP_800-53_R4_PE-13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13"},{"name":"NIST_SP_800-53_R4_PE-14(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-14(2)"},{"name":"NIST_SP_800-53_R4_PE-14","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-14"},{"name":"NIST_SP_800-53_R4_PE-15(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-15(1)"},{"name":"NIST_SP_800-53_R4_PE-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-15"},{"name":"NIST_SP_800-53_R4_PE-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-16"},{"name":"NIST_SP_800-53_R4_PE-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-17"},{"name":"NIST_SP_800-53_R4_PE-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-18"},{"name":"NIST_SP_800-53_R4_PE-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-2"},{"name":"NIST_SP_800-53_R4_PE-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-3(1)"},{"name":"NIST_SP_800-53_R4_PE-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-3"},{"name":"NIST_SP_800-53_R4_PE-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-4"},{"name":"NIST_SP_800-53_R4_PE-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-5"},{"name":"NIST_SP_800-53_R4_PE-6(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6(1)"},{"name":"NIST_SP_800-53_R4_PE-6(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6(4)"},{"name":"NIST_SP_800-53_R4_PE-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6"},{"name":"NIST_SP_800-53_R4_PE-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-8(1)"},{"name":"NIST_SP_800-53_R4_PE-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-8"},{"name":"NIST_SP_800-53_R4_PE-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-9"},{"name":"NIST_SP_800-53_R4_PL-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-1"},{"name":"NIST_SP_800-53_R4_PL-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-2(3)"},{"name":"NIST_SP_800-53_R4_PL-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-2"},{"name":"NIST_SP_800-53_R4_PL-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-4(1)"},{"name":"NIST_SP_800-53_R4_PL-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-4"},{"name":"NIST_SP_800-53_R4_PL-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-8"},{"name":"NIST_SP_800-53_R4_PS-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-1"},{"name":"NIST_SP_800-53_R4_PS-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-2"},{"name":"NIST_SP_800-53_R4_PS-3(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-3(3)"},{"name":"NIST_SP_800-53_R4_PS-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-3"},{"name":"NIST_SP_800-53_R4_PS-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-4(2)"},{"name":"NIST_SP_800-53_R4_PS-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-4"},{"name":"NIST_SP_800-53_R4_PS-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-5"},{"name":"NIST_SP_800-53_R4_PS-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-6"},{"name":"NIST_SP_800-53_R4_PS-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-7"},{"name":"NIST_SP_800-53_R4_PS-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-8"},{"name":"NIST_SP_800-53_R4_RA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-1"},{"name":"NIST_SP_800-53_R4_RA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-2"},{"name":"NIST_SP_800-53_R4_RA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-3"},{"name":"NIST_SP_800-53_R4_RA-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(1)"},{"name":"NIST_SP_800-53_R4_RA-5(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(10)"},{"name":"NIST_SP_800-53_R4_RA-5(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(2)"},{"name":"NIST_SP_800-53_R4_RA-5(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(3)"},{"name":"NIST_SP_800-53_R4_RA-5(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(4)"},{"name":"NIST_SP_800-53_R4_RA-5(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(5)"},{"name":"NIST_SP_800-53_R4_RA-5(6)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(6)"},{"name":"NIST_SP_800-53_R4_RA-5(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(8)"},{"name":"NIST_SP_800-53_R4_RA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5"},{"name":"NIST_SP_800-53_R4_SA-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-1"},{"name":"NIST_SP_800-53_R4_SA-10(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-10(1)"},{"name":"NIST_SP_800-53_R4_SA-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-10"},{"name":"NIST_SP_800-53_R4_SA-11(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(1)"},{"name":"NIST_SP_800-53_R4_SA-11(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(2)"},{"name":"NIST_SP_800-53_R4_SA-11(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(8)"},{"name":"NIST_SP_800-53_R4_SA-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11"},{"name":"NIST_SP_800-53_R4_SA-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-12"},{"name":"NIST_SP_800-53_R4_SA-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-15"},{"name":"NIST_SP_800-53_R4_SA-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-16"},{"name":"NIST_SP_800-53_R4_SA-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-17"},{"name":"NIST_SP_800-53_R4_SA-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-2"},{"name":"NIST_SP_800-53_R4_SA-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-3"},{"name":"NIST_SP_800-53_R4_SA-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(1)"},{"name":"NIST_SP_800-53_R4_SA-4(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(10)"},{"name":"NIST_SP_800-53_R4_SA-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(2)"},{"name":"NIST_SP_800-53_R4_SA-4(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(8)"},{"name":"NIST_SP_800-53_R4_SA-4(9)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(9)"},{"name":"NIST_SP_800-53_R4_SA-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4"},{"name":"NIST_SP_800-53_R4_SA-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-5"},{"name":"NIST_SP_800-53_R4_SA-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-8"},{"name":"NIST_SP_800-53_R4_SA-9(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(1)"},{"name":"NIST_SP_800-53_R4_SA-9(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(2)"},{"name":"NIST_SP_800-53_R4_SA-9(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(4)"},{"name":"NIST_SP_800-53_R4_SA-9(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(5)"},{"name":"NIST_SP_800-53_R4_SA-9","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9"},{"name":"NIST_SP_800-53_R4_SC-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-1"},{"name":"NIST_SP_800-53_R4_SC-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-10"},{"name":"NIST_SP_800-53_R4_SC-12(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(1)"},{"name":"NIST_SP_800-53_R4_SC-12(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(2)"},{"name":"NIST_SP_800-53_R4_SC-12(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(3)"},{"name":"NIST_SP_800-53_R4_SC-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12"},{"name":"NIST_SP_800-53_R4_SC-13","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-13"},{"name":"NIST_SP_800-53_R4_SC-15","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-15"},{"name":"NIST_SP_800-53_R4_SC-17","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-17"},{"name":"NIST_SP_800-53_R4_SC-18","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-18"},{"name":"NIST_SP_800-53_R4_SC-19","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-19"},{"name":"NIST_SP_800-53_R4_SC-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-2"},{"name":"NIST_SP_800-53_R4_SC-20","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-20"},{"name":"NIST_SP_800-53_R4_SC-21","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-21"},{"name":"NIST_SP_800-53_R4_SC-22","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-22"},{"name":"NIST_SP_800-53_R4_SC-23(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-23(1)"},{"name":"NIST_SP_800-53_R4_SC-23","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-23"},{"name":"NIST_SP_800-53_R4_SC-24","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-24"},{"name":"NIST_SP_800-53_R4_SC-28(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-28(1)"},{"name":"NIST_SP_800-53_R4_SC-28","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-28"},{"name":"NIST_SP_800-53_R4_SC-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-3"},{"name":"NIST_SP_800-53_R4_SC-39","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-39"},{"name":"NIST_SP_800-53_R4_SC-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-4"},{"name":"NIST_SP_800-53_R4_SC-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-5"},{"name":"NIST_SP_800-53_R4_SC-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-6"},{"name":"NIST_SP_800-53_R4_SC-7(10)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(10)"},{"name":"NIST_SP_800-53_R4_SC-7(12)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(12)"},{"name":"NIST_SP_800-53_R4_SC-7(13)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(13)"},{"name":"NIST_SP_800-53_R4_SC-7(18)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(18)"},{"name":"NIST_SP_800-53_R4_SC-7(20)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(20)"},{"name":"NIST_SP_800-53_R4_SC-7(21)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(21)"},{"name":"NIST_SP_800-53_R4_SC-7(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(3)"},{"name":"NIST_SP_800-53_R4_SC-7(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(4)"},{"name":"NIST_SP_800-53_R4_SC-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(5)"},{"name":"NIST_SP_800-53_R4_SC-7(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(7)"},{"name":"NIST_SP_800-53_R4_SC-7(8)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(8)"},{"name":"NIST_SP_800-53_R4_SC-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7"},{"name":"NIST_SP_800-53_R4_SC-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-8(1)"},{"name":"NIST_SP_800-53_R4_SC-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-8"},{"name":"NIST_SP_800-53_R4_SI-1","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-1"},{"name":"NIST_SP_800-53_R4_SI-10","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-10"},{"name":"NIST_SP_800-53_R4_SI-11","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-11"},{"name":"NIST_SP_800-53_R4_SI-12","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-12"},{"name":"NIST_SP_800-53_R4_SI-16","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-16"},{"name":"NIST_SP_800-53_R4_SI-2(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(1)"},{"name":"NIST_SP_800-53_R4_SI-2(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(2)"},{"name":"NIST_SP_800-53_R4_SI-2(3)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(3)"},{"name":"NIST_SP_800-53_R4_SI-2","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2"},{"name":"NIST_SP_800-53_R4_SI-3(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(1)"},{"name":"NIST_SP_800-53_R4_SI-3(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(2)"},{"name":"NIST_SP_800-53_R4_SI-3(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(7)"},{"name":"NIST_SP_800-53_R4_SI-3","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3"},{"name":"NIST_SP_800-53_R4_SI-4(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(1)"},{"name":"NIST_SP_800-53_R4_SI-4(11)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(11)"},{"name":"NIST_SP_800-53_R4_SI-4(14)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(14)"},{"name":"NIST_SP_800-53_R4_SI-4(16)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(16)"},{"name":"NIST_SP_800-53_R4_SI-4(18)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(18)"},{"name":"NIST_SP_800-53_R4_SI-4(19)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(19)"},{"name":"NIST_SP_800-53_R4_SI-4(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(2)"},{"name":"NIST_SP_800-53_R4_SI-4(20)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(20)"},{"name":"NIST_SP_800-53_R4_SI-4(22)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(22)"},{"name":"NIST_SP_800-53_R4_SI-4(23)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(23)"},{"name":"NIST_SP_800-53_R4_SI-4(24)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(24)"},{"name":"NIST_SP_800-53_R4_SI-4(4)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(4)"},{"name":"NIST_SP_800-53_R4_SI-4(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(5)"},{"name":"NIST_SP_800-53_R4_SI-4","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4"},{"name":"NIST_SP_800-53_R4_SI-5(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-5(1)"},{"name":"NIST_SP_800-53_R4_SI-5","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-5"},{"name":"NIST_SP_800-53_R4_SI-6","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-6"},{"name":"NIST_SP_800-53_R4_SI-7(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(1)"},{"name":"NIST_SP_800-53_R4_SI-7(14)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(14)"},{"name":"NIST_SP_800-53_R4_SI-7(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(2)"},{"name":"NIST_SP_800-53_R4_SI-7(5)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(5)"},{"name":"NIST_SP_800-53_R4_SI-7(7)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(7)"},{"name":"NIST_SP_800-53_R4_SI-7","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7"},{"name":"NIST_SP_800-53_R4_SI-8(1)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8(1)"},{"name":"NIST_SP_800-53_R4_SI-8(2)","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8(2)"},{"name":"NIST_SP_800-53_R4_SI-8","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f","type":"Microsoft.Authorization/policySetDefinitions","name":"cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f"},{"properties":{"displayName":"[Preview]:
+ Audit FedRAMP High controls and deploy specific VM Extensions to support audit
+ requirements","policyType":"BuiltIn","description":"This initiative includes
+ audit and VM Extension deployment policies that address a subset of FedRAMP
+ H controls. Additional policies will be added in upcoming releases. For more
+ information, please visit https://aka.ms/fedramph-blueprint.","metadata":{"category":"Regulatory
+ Compliance","preview":true},"parameters":{"listOfAllowedLocationsForResourcesAndResourceGroups":{"type":"Array","metadata":{"displayName":"Allowed
+ locations for resources and resource groups","description":"This policy enables
+ you to restrict the locations your organization can create resource groups
+ in or deploy resources. Use to enforce your geo-compliance requirements. Excludes
+ resource groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources
+ that use the ''global'' region.","strongType":"location"}},"membersToIncludeInAdministratorsLocalGroup":{"type":"String","metadata":{"displayName":"Members
+ to be included in the Administrators local group","description":"A semicolon-separated
+ list of members that should be included in the Administrators local group.
+ Ex: Administrator; myUser1; myUser2"}},"membersToExcludeInAdministratorsLocalGroup":{"type":"String","metadata":{"displayName":"Members
+ that should be excluded in the Administrators local group","description":"A
+ semicolon-separated list of members that should be excluded in the Administrators
+ local group. Ex: Administrator; myUser1; myUser2"}},"logAnalyticsWorkspaceIdForVMs":{"type":"String","metadata":{"displayName":"Log
+ Analytics Workspace Id that VMs should be configured for","description":"This
+ is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured
+ for."}},"listOfResourceTypes":{"type":"Array","metadata":{"displayName":"List
+ of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerability
+ assessment should be enabled on your SQL managed instances","description":"Audit
+ SQL managed instances which do not have recurring vulnerability assessment
+ scans enabled. Vulnerability assessment can discover, track, and help you
+ remediate potential database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vulnerabilityAssessmentOnServerMonitoringEffect":{"type":"String","metadata":{"displayName":"Vulnerability
+ assessment should be enabled on your SQL servers","description":"Audit Azure
+ SQL servers which do not have recurring vulnerability assessment scans enabled.
+ Vulnerability assessment can discover, track, and help you remediate potential
+ database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vulnerabilityAssessmentOnVirtualMachinesEffect":{"type":"String","metadata":{"displayName":"Vulnerability
+ Assessment should be enabled on Virtual Machines","description":"Monitors
+ vulnerabilities detected by Azure Security Center Vulnerability Assessment
+ on Virtual Machines"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"geoRedundancyEnabledForStorageAccountsEffect":{"type":"String","metadata":{"displayName":"Geo-redundant
+ storage should be enabled for Storage Accounts","description":"This policy
+ audits any Storage Account with geo-redundant storage not enabled."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"geoRedundancyEnabledForAzureDatabaseForMariaDBEffect":{"type":"String","metadata":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for MariaDB","description":"This
+ policy audits any Azure Database for MariaDB with geo-redundant backup not
+ enabled."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"geoRedundancyEnabledForAzureDatabaseForMySQLEffect":{"type":"String","metadata":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for MySQL","description":"This
+ policy audits any Azure Database for MySQL with geo-redundant backup not enabled."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"geoRedundancyEnabledForAzureDatabaseForPostgreSQLEffect":{"type":"String","metadata":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for PostgreSQL","description":"This
+ policy audits any Azure Database for PostgreSQL with geo-redundant backup
+ not enabled."},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"adaptiveNetworkHardeningsMonitoringEffect":{"type":"String","metadata":{"displayName":"Network
+ Security Group Rules for Internet facing virtual machines should be hardened","description":"Enable
+ or disable the monitoring of Internet-facing virtual machines for Network
+ Security Group traffic hardening recommendations"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppEnforceHttpsMonitoringEffect":{"type":"String","metadata":{"displayName":"Web
+ Application should only be accessible over HTTPS","description":"Enable or
+ disable the monitoring of the use of HTTPS in Web App"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"functionAppEnforceHttpsMonitoringEffect":{"type":"String","metadata":{"displayName":"Function
+ App should only be accessible over HTTPS","description":"Enable or disable
+ the monitoring of the use of HTTPS in function App"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"External
+ accounts with write permissions should be removed from your subscription","description":"Enable
+ or disable the monitoring of external acounts with write permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"External
+ accounts with read permissions should be removed from your subscription","description":"Enable
+ or disable the monitoring of external acounts with read permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"External
+ accounts with owner permissions should be removed from your subscription","description":"Enable
+ or disable the monitoring of external acounts with owner permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"Deprecated
+ accounts with owner permissions should be removed from your subscription","description":"Enable
+ or disable the monitoring of deprecated acounts with owner permissions in
+ subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveDeprecatedAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Deprecated
+ accounts should be removed from your subscription","description":"Enable or
+ disable the monitoring of deprecated acounts in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webAppRestrictCORSAccessMonitoringEffect":{"type":"String","metadata":{"displayName":"CORS
+ should not allow every resource to access your Web Application","description":"Enable
+ or disable the monitoring of CORS restrictions for API Web"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vmssSystemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"System
+ updates on virtual machine scale sets should be installed","description":"Enable
+ or disable virtual machine scale sets reporting of system updates"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForReadPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled on accounts with read permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with read permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled on accounts with owner permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with owner permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForWritePermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"MFA
+ should be enabled accounts with write permissions on your subscription","description":"Enable
+ or disable the monitoring of MFA for accounts with write permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect":{"type":"String","metadata":{"displayName":"Long-term
+ geo-redundant backup should be enabled for Azure SQL Databases","description":"This
+ policy audits any Azure SQL Database with long-term geo-redundant backup not
+ enabled."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"previewMonitorUnprotectedWebApplicationInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"deployRequirementsToAuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{}},{"policyDefinitionReferenceId":"auditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"auditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"serviceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"auditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"transparentDataEncryptionOnSqlDatabasesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"auditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{}},{"policyDefinitionReferenceId":"auditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a","parameters":{}},{"policyDefinitionReferenceId":"auditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de","parameters":{}},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"auditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"advancedDataSecurityShouldBeEnabledOnYourManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"auditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"anAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesShouldBeRemediatedByAVulnerabilityAssessmentSolution","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"previewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"diskEncryptionShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesOnYourSqlDatabasesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"justInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"systemUpdatesShouldBeInstalledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"monitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmShouldNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmPasswordsMustBeAtLeast14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmEnforcesPasswordComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmMinimumPasswordAge1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmMaximumPasswordAge70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditWindowsVmShouldNotAllowPrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditLinuxVmPasswdFilePermissions","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"previewDeployVmExtensionToAuditLinuxVmAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployVmExtensionToAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"endpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"previewShowAuditResultsFromWindowsVMsThatDoNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"previewAuditWindowsVMsThatAllowReUseOfThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLinuxVMsThatHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"dDoSProtectionStandardShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"remoteDebuggingShouldBeTurnedOffForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"thereShouldBeMoreThanOneOwnerAssignedToYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"aMaximumOf3OwnersShouldBeDesignatedForYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsAgentDeploymentInVmssVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsAgentDeploymentVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"apiAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnManagedInstanceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnManagedInstanceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssessmentOnServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"VulnerabilityAssessmentshouldbeenabledonVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssessmentOnVirtualMachinesEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantStorageShouldBeEnabledForStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bf045164-79ba-4215-8f95-f8048dc1780b","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForStorageAccountsEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMariaDB","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForMariaDBEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMySQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForMySQLEffect'')]"}}},{"policyDefinitionReferenceId":"geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgreSQL","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","parameters":{"effect":{"value":"[parameters(''geoRedundancyEnabledForAzureDatabaseForPostgreSQLEffect'')]"}}},{"policyDefinitionReferenceId":"allowedLocationsForResourceGroups","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988","parameters":{"listOfAllowedLocations":{"value":"[parameters(''listOfAllowedLocationsForResourcesAndResourceGroups'')]"}}},{"policyDefinitionReferenceId":"allowedLocationsForResources","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","parameters":{"listOfAllowedLocations":{"value":"[parameters(''listOfAllowedLocationsForResourcesAndResourceGroups'')]"}}},{"policyDefinitionReferenceId":"deployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","parameters":{"membersToInclude":{"value":"[parameters(''membersToIncludeInAdministratorsLocalGroup'')]"}}},{"policyDefinitionReferenceId":"DeployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","parameters":{"membersToExclude":{"value":"[parameters(''membersToExcludeInAdministratorsLocalGroup'')]"}}},{"policyDefinitionReferenceId":"auditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes'')]"}}},{"policyDefinitionReferenceId":"adaptiveNetworkHardeningsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{"effect":{"value":"[parameters(''adaptiveNetworkHardeningsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"previewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceIdForVMs'')]"}}},{"policyDefinitionReferenceId":"webAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{"effect":{"value":"[parameters(''webAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"functionAppEnforceHttpsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{"effect":{"value":"[parameters(''functionAppEnforceHttpsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webAppRestrictCORSAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{"effect":{"value":"[parameters(''webAppRestrictCORSAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vmssSystemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{"effect":{"value":"[parameters(''vmssSystemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"longtermGeoRedundantBackupEnabledAzureSQLDatabases","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","parameters":{"effect":{"value":"[parameters(''longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/d5264498-16f4-418a-b659-fa7ef418175f","type":"Microsoft.Authorization/policySetDefinitions","name":"d5264498-16f4-418a-b659-fa7ef418175f"},{"properties":{"displayName":"[Preview]:
Audit Windows VMs that do not match Azure security baseline settings","policyType":"BuiltIn","description":"This
initiative deploys the policy requirements and audits Windows virtual machines
with non-compliant Azure security baseline configurations. For more information
@@ -3687,7 +4588,23 @@ interactions:
names (supports wildcards)","description":"A semicolon-separated list of the
names of the applications that should not be installed. e.g. ''Microsoft SQL
Server 2014 (64-bit); Microsoft Visual Studio Code'' or ''Microsoft SQL Server
- 2014*'' (to match any application starting with ''Microsoft SQL Server 2014'')"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_NotInstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2","parameters":{"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}}},{"policyDefinitionReferenceId":"Audit_NotInstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/d7fff7ea-9d47-4952-b854-b7da261e48f2","type":"Microsoft.Authorization/policySetDefinitions","name":"d7fff7ea-9d47-4952-b854-b7da261e48f2"},{"properties":{"displayName":"Audit
+ 2014*'' (to match any application starting with ''Microsoft SQL Server 2014'')"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_NotInstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2","parameters":{"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}}},{"policyDefinitionReferenceId":"Audit_NotInstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/d7fff7ea-9d47-4952-b854-b7da261e48f2","type":"Microsoft.Authorization/policySetDefinitions","name":"d7fff7ea-9d47-4952-b854-b7da261e48f2"},{"properties":{"displayName":"[Preview]:
+ Audit FedRAMP Moderate controls and deploy specific VM Extensions to support
+ audit requirements","policyType":"BuiltIn","description":"This initiative
+ includes audit and VM Extension deployment policies that address a subset
+ of FedRAMP M controls. Additional policies will be added in upcoming releases.
+ For more information, please visit https://aka.ms/fedrampm-blueprint.","metadata":{"category":"Regulatory
+ Compliance"},"parameters":{"logAnalyticsWorkspaceId":{"type":"String","metadata":{"displayName":"Log
+ Analytics Workspace Id that VMs should be configured for","description":"This
+ is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured
+ for."}},"listOfResourceTypes":{"type":"Array","metadata":{"displayName":"List
+ of resource types that should have diagnostic logs enabled"},"allowedValues":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"],"defaultValue":["Microsoft.AnalysisServices/servers","Microsoft.ApiManagement/service","Microsoft.Network/applicationGateways","Microsoft.Automation/automationAccounts","Microsoft.ContainerInstance/containerGroups","Microsoft.ContainerRegistry/registries","Microsoft.ContainerService/managedClusters","Microsoft.Batch/batchAccounts","Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.DocumentDB/databaseAccounts","Microsoft.DataFactory/factories","Microsoft.DataLakeAnalytics/accounts","Microsoft.DataLakeStore/accounts","Microsoft.EventGrid/eventSubscriptions","Microsoft.EventGrid/topics","Microsoft.EventHub/namespaces","Microsoft.Network/expressRouteCircuits","Microsoft.Network/azureFirewalls","Microsoft.HDInsight/clusters","Microsoft.Devices/IotHubs","Microsoft.KeyVault/vaults","Microsoft.Network/loadBalancers","Microsoft.Logic/integrationAccounts","Microsoft.Logic/workflows","Microsoft.DBforMySQL/servers","Microsoft.Network/networkInterfaces","Microsoft.Network/networkSecurityGroups","Microsoft.DBforPostgreSQL/servers","Microsoft.PowerBIDedicated/capacities","Microsoft.Network/publicIPAddresses","Microsoft.RecoveryServices/vaults","Microsoft.Cache/redis","Microsoft.Relay/namespaces","Microsoft.Search/searchServices","Microsoft.ServiceBus/namespaces","Microsoft.SignalRService/SignalR","Microsoft.Sql/servers/databases","Microsoft.Sql/servers/elasticPools","Microsoft.StreamAnalytics/streamingjobs","Microsoft.TimeSeriesInsights/environments","Microsoft.Network/trafficManagerProfiles","Microsoft.Compute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets","Microsoft.Network/virtualNetworks","Microsoft.Network/virtualNetworkGateways"]},"membersToExclude":{"type":"String","metadata":{"displayName":"Members
+ to exclude","description":"A semicolon-separated list of members that should
+ be excluded in the Administrators local group. Ex: Administrator; myUser1;
+ myUser2"}},"membersToInclude":{"type":"String","metadata":{"displayName":"Members
+ to include","description":"A semicolon-separated list of members that should
+ be included in the Administrators local group. Ex: Administrator; myUser1;
+ myUser2"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"MfaShouldBeEnabledOnAccountsWithOwnerPermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{}},{"policyDefinitionReferenceId":"MFAShouldBeEnabledOnAccountsWithReadPermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{}},{"policyDefinitionReferenceId":"MfaShouldBeEnabledAccountsWithWritePermissionsOnYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{}},{"policyDefinitionReferenceId":"SystemUpdatesOnVirtualMachineScaleSetsShouldBeInstalled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","parameters":{}},{"policyDefinitionReferenceId":"CorsShouldNotAllowEveryResourceToAccessYourWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","parameters":{}},{"policyDefinitionReferenceId":"DeprecatedAccountsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{}},{"policyDefinitionReferenceId":"DeprecatedAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithReadPermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{}},{"policyDefinitionReferenceId":"ExternalAccountsWithWritePermissionsShouldBeRemovedFromYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{}},{"policyDefinitionReferenceId":"FunctionAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","parameters":{}},{"policyDefinitionReferenceId":"WebApplicationShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","parameters":{}},{"policyDefinitionReferenceId":"ApiAppShouldOnlyBeAccessibleOverHttps","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsAgentDeploymentInVmssVmImageOsUnlisted","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{}},{"policyDefinitionReferenceId":"AMaximumOf3OwnersShouldBeDesignatedForYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{}},{"policyDefinitionReferenceId":"ThereShouldBeMoreThanOneOwnerAssignedToYourSubscription","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForFunctionApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForWebApplication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","parameters":{}},{"policyDefinitionReferenceId":"RemoteDebuggingShouldBeTurnedOffForApiApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","parameters":{}},{"policyDefinitionReferenceId":"DDoSProtectionStandardShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatAllowReUseOfThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","parameters":{}},{"policyDefinitionReferenceId":"PreviewShowAuditResultsFromWindowsVMsThatDoNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6","parameters":{}},{"policyDefinitionReferenceId":"EndpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditLinuxVMsThatHaveAccountsWithoutPasswords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditWindowsVMsThatAllowReUseOfThePrevious24Passwords","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","parameters":{}},{"policyDefinitionReferenceId":"PreviewDeployPrerequisitesToAuditWindowsVMsThatDoNotStorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","parameters":{}},{"policyDefinitionReferenceId":"NetworkSecurityGroupRulesForInternetFacingVirtualMachinesShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","parameters":{}},{"policyDefinitionReferenceId":"MonitorMissingEndpointProtectionInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{}},{"policyDefinitionReferenceId":"SystemUpdatesShouldBeInstalledOnYourMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{}},{"policyDefinitionReferenceId":"AdaptiveApplicationControlsShouldBeEnabledOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{}},{"policyDefinitionReferenceId":"JustInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesOnYourSqlDatabasesShouldBeRemediated","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{}},{"policyDefinitionReferenceId":"DiskEncryptionShouldBeAppliedOnVirtualMachines","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{}},{"policyDefinitionReferenceId":"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{}},{"policyDefinitionReferenceId":"VulnerabilitiesShouldBeRemediatedByAVulnerabilityAssessmentSolution","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{}},{"policyDefinitionReferenceId":"AuditDiagnosticSetting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","parameters":{"listOfResourceTypes":{"value":"[parameters(''listOfResourceTypes'')]"}}},{"policyDefinitionReferenceId":"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{}},{"policyDefinitionReferenceId":"AnAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{}},{"policyDefinitionReferenceId":"AuditSecureTransferToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{}},{"policyDefinitionReferenceId":"AdvancedDataSecurityShouldBeEnabledOnYourManagedInstances","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","parameters":{}},{"policyDefinitionReferenceId":"AuditSqlServerLevelAuditingSettings","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{}},{"policyDefinitionReferenceId":"AdvancedDataSecurityShouldBeEnabledOnYourSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","parameters":{}},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de","parameters":{}},{"policyDefinitionReferenceId":"AuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a","parameters":{}},{"policyDefinitionReferenceId":"AuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","parameters":{}},{"policyDefinitionReferenceId":"TransparentDataEncryptionOnSqlDatabasesShouldBeEnabled","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{}},{"policyDefinitionReferenceId":"AuditUnrestrictedNetworkAccessToStorageAccounts","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{}},{"policyDefinitionReferenceId":"ServiceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{}},{"policyDefinitionReferenceId":"AuditUsageOfCustomRBACRules","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{}},{"policyDefinitionReferenceId":"AuditVirtualMachinesWithoutDisasterRecoveryConfigured","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","parameters":{}},{"policyDefinitionReferenceId":"DeployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","parameters":{"membersToExclude":{"value":"[parameters(''membersToExclude'')]"}}},{"policyDefinitionReferenceId":"DeployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","parameters":{"membersToInclude":{"value":"[parameters(''membersToInclude'')]"}}},{"policyDefinitionReferenceId":"DeployRequirementsToAuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","parameters":{}},{"policyDefinitionReferenceId":"TheNsGsRulesForWebApplicationsOnIaaSShouldBeHardened","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{}},{"policyDefinitionReferenceId":"PreviewAuditLogAnalyticsWorkspaceForVmReportMismatch","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","parameters":{"logAnalyticsWorkspaceId":{"value":"[parameters(''logAnalyticsWorkspaceId'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/e95f5a9f-57ad-4d03-bb0b-b1d16db93693","type":"Microsoft.Authorization/policySetDefinitions","name":"e95f5a9f-57ad-4d03-bb0b-b1d16db93693"},{"properties":{"displayName":"Audit
Windows VMs that do not have the specified Windows PowerShell execution policy","policyType":"BuiltIn","description":"This
initiative deploys the policy requirements and audits Windows virtual machines
where Windows PowerShell is not configured to use the specified PowerShell
@@ -3700,21 +4617,18 @@ interactions:
Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration"},"parameters":{"ApplicationName":{"type":"String","metadata":{"displayName":"Application
names","description":"A semicolon-separated list of the names of the applications
- that should not be installed. e.g. ''python; powershell''"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_NotInstalledApplicationLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0","parameters":{"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}}},{"policyDefinitionReferenceId":"Audit_NotInstalledApplicationLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/f48bcc78-5400-4fb0-b913-5140a2e5fa20","type":"Microsoft.Authorization/policySetDefinitions","name":"f48bcc78-5400-4fb0-b913-5140a2e5fa20"},{"properties":{"displayName":"jilim
- ttt","policyType":"Custom","metadata":{},"parameters":{},"policyDefinitions":[{"policyDefinitionReferenceId":"7915382897531231755","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","parameters":{"listOfAllowedLocations":{"value":["japaneast","japanwest"]}}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/3613bdc8-6f75-461c-a1e8-06b1fcf6905b","type":"Microsoft.Authorization/policySetDefinitions","name":"3613bdc8-6f75-461c-a1e8-06b1fcf6905b"},{"properties":{"displayName":"jilim
- set","policyType":"Custom","description":"1","metadata":{"parameterScopes":{"omsWorkspace":"/subscriptions/00000000-0000-0000-0000-000000000000","resourceGroups":"/subscriptions/00000000-0000-0000-0000-000000000000","resourceGroup":"/subscriptions/00000000-0000-0000-0000-000000000000"}},"parameters":{"ALLOWEDSTORAGESKU_1":{"type":"String","metadata":{"displayName":"Strong
- type (string, av)","description":null,"strongType":"storageSkus"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"11816456642448143785","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/9c1ba477-ff0c-41ea-8a5d-826c4ca18208","parameters":{"omsWorkspace":{"value":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/jilim/providers/microsoft.operationalinsights/workspaces/jilimabc"}}},{"policyDefinitionReferenceId":"7095696909984450251","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/e6440295-d0ac-472b-949b-1cf289618198","parameters":{"locations":{"value":["australiaeast"]},"location":{"value":"australiaeast"},"resourceGroups":{"value":["jilim"]},"resourceGroup":{"value":"jilim"},"tags":{"value":["a"]},"tag":{"value":"a"},"allowedLocations":{"value":["eastus"]},"allowedLocation":{"value":"eastus"},"allowedStorageSkus":{"value":["Standard_LRS"]},"allowedStorageSku":{"value":"[parameters(''ALLOWEDSTORAGESKU_1'')]"},"allowedTags":{"value":["FirstName"]},"allowedTag":{"value":"FirstName"}}}]},"id":"/providers/Microsoft.Management/managementGroups/PolicyUIMG/providers/Microsoft.Authorization/policySetDefinitions/482fc09c-82af-48b9-96e0-6e750f0153db","type":"Microsoft.Authorization/policySetDefinitions","name":"482fc09c-82af-48b9-96e0-6e750f0153db"},{"properties":{"displayName":"test
- init2","policyType":"Custom","metadata":{},"parameters":{},"policyDefinitions":[{"policyDefinitionReferenceId":"9388605824103837052","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/20929e43-ae09-4aac-b8ce-05a42434a1ec","parameters":{"allowedLocations":{"value":["London"]}}},{"policyDefinitionReferenceId":"15255467709018494198","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/c8a0e9e0-f0e9-4d4c-8214-aace6218110e","parameters":{"allowedLocations":{"value":["London"]}}}]},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest5/providers/Microsoft.Authorization/policySetDefinitions/21e27984-a6b2-43de-a786-643b7df0c0b2","type":"Microsoft.Authorization/policySetDefinitions","name":"21e27984-a6b2-43de-a786-643b7df0c0b2"},{"properties":{"displayName":"test
- init","policyType":"Custom","metadata":{"parameterScopes":{"allowedLocations":"/providers/Microsoft.Management/managementGroups/AzGovTest5","listOfAllowedSKUs":"/subscriptions/00000000-0000-0000-0000-000000000000"}},"parameters":{},"policyDefinitions":[{"policyDefinitionReferenceId":"11677931907622429588","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovTest3/providers/Microsoft.Authorization/policyDefinitions/99b560dc-8924-4ba4-8467-adf1fdf04660","parameters":{}},{"policyDefinitionReferenceId":"17175752026273514153","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovTest5/providers/Microsoft.Authorization/policyDefinitions/e1d7de9f-42f0-4af1-9ee0-0187bfce08d5","parameters":{"allowedLocations":{"value":["australiacentral","australiacentral2","australiaeast","australiasoutheast","brazilsouth","canadacentral","canadaeast","centralindia","centralus","eastasia","eastus","eastus2","francecentral","francesouth","global","japaneast","japanwest","koreacentral","koreasouth","northcentralus","northeurope","southcentralus","southindia","southeastasia","uksouth","ukwest","westcentralus","westeurope","westindia","westus","westus2"]}}},{"policyDefinitionReferenceId":"17602706772987440385","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovTest3/providers/Microsoft.Authorization/policyDefinitions/ced9d1e5-109c-4e0b-a447-afbf649db203","parameters":{"listOfAllowedSKUs":{"value":["Premium_LRS"]}}},{"policyDefinitionReferenceId":"9371630468206030356","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/AzGovTest3/providers/Microsoft.Authorization/policyDefinitions/ced9d1e5-109c-4e0b-a447-afbf649db22a","parameters":{"listOfAllowedSKUs":{"value":["Standard_A8m_v2"]}}}]},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest5/providers/Microsoft.Authorization/policySetDefinitions/8a3978dc-2d90-477d-91e6-8746066f9061","type":"Microsoft.Authorization/policySetDefinitions","name":"8a3978dc-2d90-477d-91e6-8746066f9061"}]}'
+ that should not be installed. e.g. ''python; powershell''"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_NotInstalledApplicationLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0","parameters":{"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}}},{"policyDefinitionReferenceId":"Audit_NotInstalledApplicationLinux","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/f48bcc78-5400-4fb0-b913-5140a2e5fa20","type":"Microsoft.Authorization/policySetDefinitions","name":"f48bcc78-5400-4fb0-b913-5140a2e5fa20"},{"properties":{"displayName":"Test
+ Modify initiative","policyType":"Custom","metadata":{"createdBy":"0dc80135-ae53-4da3-8695-220a2d93aad8","createdOn":"2019-08-29T00:36:36.3227701Z","updatedBy":"0dc80135-ae53-4da3-8695-220a2d93aad8","updatedOn":"2019-08-29T00:44:27.7479878Z"},"parameters":{},"policyDefinitions":[{"policyDefinitionReferenceId":"8044870099827093134","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","parameters":{}},{"policyDefinitionReferenceId":"2352795843478363616","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/robgaTestModify","parameters":{}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/55afae72-7df0-417b-9eb7-f756576c854a","type":"Microsoft.Authorization/policySetDefinitions","name":"55afae72-7df0-417b-9eb7-f756576c854a"},{"properties":{"displayName":"test_policysetk7pkce","policyType":"Custom","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T23:10:43.6932587Z","updatedBy":null,"updatedOn":null},"policyDefinitions":[{"policyDefinitionReferenceId":"1","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policysv65gfxjh","parameters":{"allowedLocations":{"value":["eastus"]}},"groupNames":["group1","group2"]},{"policyDefinitionReferenceId":"2","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policysv65gfxjh","parameters":{"allowedLocations":{"value":["eastus"]}},"groupNames":["group1"]}],"policyDefinitionGroups":[{"name":"group1","displayName":"Cost
+ Savings"},{"name":"group2","displayName":"Organizational"}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policysetxi3o4a","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policysetxi3o4a"}]}'
headers:
cache-control:
- no-cache
content-length:
- - '317329'
+ - '646602'
content-type:
- application/json; charset=utf-8
date:
- - Fri, 06 Sep 2019 22:45:34 GMT
+ - Fri, 06 Dec 2019 23:12:10 GMT
expires:
- '-1'
pragma:
@@ -3746,26 +4660,26 @@ interactions:
ParameterSetName:
- -n --subscription
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: DELETE
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_policy000003","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-06T22:45:03.3091814Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'
+ string: '{"properties":{"displayName":"test_policy000003","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T23:11:32.3665105Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ locations","description":"The list of locations that can be specified when
+ deploying resources"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'
headers:
cache-control:
- no-cache
content-length:
- - '828'
+ - '804'
content-type:
- application/json; charset=utf-8
date:
- - Fri, 06 Sep 2019 22:45:34 GMT
+ - Fri, 06 Dec 2019 23:12:12 GMT
expires:
- '-1'
pragma:
@@ -3799,24 +4713,24 @@ interactions:
ParameterSetName:
- -n --subscription
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: DELETE
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"test_data_policy000005","policyType":"Custom","mode":"Microsoft.KeyVault.Data","description":"desc_for_test_data_policy_123","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-06T22:45:04.053915Z","updatedBy":null,"updatedOn":null},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType","equals":"RSA"},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-data-policy000004"}'
+ string: '{"properties":{"displayName":"test_data_policy000005","policyType":"Custom","mode":"Microsoft.DataCatalog.Data","description":"desc_for_test_data_policy_123","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T23:11:33.6963766Z","updatedBy":null,"updatedOn":null},"policyRule":{"if":{"field":"Microsoft.DataCatalog.Data/catalog/entity/type","equals":"SomeEntityType"},"then":{"effect":"ModifyClassifications","details":{"classificationsToAdd":["foo"],"classificationsToRemove":["bar"]}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policy000004","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-data-policy000004"}'
headers:
cache-control:
- no-cache
content-length:
- - '666'
+ - '755'
content-type:
- application/json; charset=utf-8
date:
- - Fri, 06 Sep 2019 22:45:45 GMT
+ - Fri, 06 Dec 2019 23:12:24 GMT
expires:
- '-1'
pragma:
@@ -3848,23 +4762,52 @@ interactions:
ParameterSetName:
- --subscription
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions?api-version=2019-09-01
response:
body:
- string: '{"value":[{"properties":{"displayName":"Audit virtual machines without
- disaster recovery configured","policyType":"BuiltIn","mode":"All","description":"Audit
+ string: '{"value":[{"properties":{"displayName":"Microsoft Managed Control 1599
+ - Developer Configuration Management | Software / Firmware Integrity Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1599"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0004bbf0-5099-4179-869e-e9ffe5fb0945","type":"Microsoft.Authorization/policyDefinitions","name":"0004bbf0-5099-4179-869e-e9ffe5fb0945"},{"properties":{"displayName":"Audit
+ virtual machines without disaster recovery configured","policyType":"BuiltIn","mode":"All","description":"Audit
virtual machines which do not have disaster recovery configured. To learn
more about disaster recovery, visit https://aka.ms/asr-doc.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Resources/links","existenceCondition":{"field":"name","like":"ASR-Protect-*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","type":"Microsoft.Authorization/policyDefinitions","name":"0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56"},{"properties":{"displayName":"[Deprecated]:
Audit Web Sockets state for a Function App","policyType":"BuiltIn","mode":"All","description":"The
Web Sockets protocol is vulnerable to different types of security threats.
Use of Web Sockets within an Function app must be carefully reviewed.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd","type":"Microsoft.Authorization/policyDefinitions","name":"001802d1-4969-4c82-a700-c29c6c6f9bbd"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd","type":"Microsoft.Authorization/policyDefinitions","name":"001802d1-4969-4c82-a700-c29c6c6f9bbd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1375 - Incident Response Assistance | Automation Support For
+ Availability Of Information / Support","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1375"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/00379355-8932-4b52-b63a-3bc6daf3451a","type":"Microsoft.Authorization/policyDefinitions","name":"00379355-8932-4b52-b63a-3bc6daf3451a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1605 - Developer Security Testing And Evaluation | Static
+ Code Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1605"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0062eb8b-dc75-4718-8ea5-9bb4a9606655","type":"Microsoft.Authorization/policyDefinitions","name":"0062eb8b-dc75-4718-8ea5-9bb4a9606655"},{"properties":{"displayName":"Microsoft
+ Managed Control 1142 - Security Assessment And Authorization Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1142"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/01524fa8-4555-48ce-ba5f-c3b8dcef5147","type":"Microsoft.Authorization/policyDefinitions","name":"01524fa8-4555-48ce-ba5f-c3b8dcef5147"},{"properties":{"displayName":"Microsoft
+ Managed Control 1099 - Security Training Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1099"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/01910bab-8639-4bd0-84ef-cc53b24d79ba","type":"Microsoft.Authorization/policyDefinitions","name":"01910bab-8639-4bd0-84ef-cc53b24d79ba"},{"properties":{"displayName":"Microsoft
+ Managed Control 1285 - Telecommunications Services | Provider Contingency
+ Plan","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1285"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/01f7726b-db54-45c2-bcb5-9bd7a43796ee","type":"Microsoft.Authorization/policyDefinitions","name":"01f7726b-db54-45c2-bcb5-9bd7a43796ee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1709 - Security Function Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1709"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/025992d6-7fee-4137-9bbf-2ffc39c0686c","type":"Microsoft.Authorization/policyDefinitions","name":"025992d6-7fee-4137-9bbf-2ffc39c0686c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1052 - Session Lock","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1052"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/027cae1c-ec3e-4492-9036-4168d540c42a","type":"Microsoft.Authorization/policyDefinitions","name":"027cae1c-ec3e-4492-9036-4168d540c42a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1034 - Least Privilege","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1034"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02a5ed00-6d2e-4e97-9a98-46c32c057329","type":"Microsoft.Authorization/policyDefinitions","name":"02a5ed00-6d2e-4e97-9a98-46c32c057329"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs on which the remote host connection status
does not match the specified one","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -3872,12 +4815,68 @@ interactions:
auditing Windows virtual machines on which the remote host connection status
does not match the specified one. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsRemoteConnection","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02a84be7-c304-421f-9bb7-5d2c26af54ad","type":"Microsoft.Authorization/policyDefinitions","name":"02a84be7-c304-421f-9bb7-5d2c26af54ad"},{"properties":{"displayName":"SQL
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsRemoteConnection","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02a84be7-c304-421f-9bb7-5d2c26af54ad","type":"Microsoft.Authorization/policyDefinitions","name":"02a84be7-c304-421f-9bb7-5d2c26af54ad"},{"properties":{"displayName":"Microsoft
+ Managed Control 1623 - Boundary Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1623"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02ce1b22-412a-4528-8630-c42146f917ed","type":"Microsoft.Authorization/policyDefinitions","name":"02ce1b22-412a-4528-8630-c42146f917ed"},{"properties":{"displayName":"Microsoft
+ Managed Control 1515 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1515"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02dd141a-a2b2-49a7-bcbd-ca31142f6211","type":"Microsoft.Authorization/policyDefinitions","name":"02dd141a-a2b2-49a7-bcbd-ca31142f6211"},{"properties":{"displayName":"Microsoft
+ Managed Control 1327 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1327"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03188d8f-1ae5-4fe1-974d-2d7d32ef937d","type":"Microsoft.Authorization/policyDefinitions","name":"03188d8f-1ae5-4fe1-974d-2d7d32ef937d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1229 - Information System Component Inventory | No Duplicate
+ Accounting Of Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1229"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03752212-103c-4ab8-a306-7e813022ca9d","type":"Microsoft.Authorization/policyDefinitions","name":"03752212-103c-4ab8-a306-7e813022ca9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1123 - Audit Review, Analysis, And Reporting | Audit Level
+ Adjustment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1123"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03996055-37a4-45a5-8b70-3f1caa45f87d","type":"Microsoft.Authorization/policyDefinitions","name":"03996055-37a4-45a5-8b70-3f1caa45f87d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1474 - Emergency Power | Long-Term Alternate Power Supply
+ - Minimal Operational Capability","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1474"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03ad326e-d7a1-44b1-9a76-e17492efc9e4","type":"Microsoft.Authorization/policyDefinitions","name":"03ad326e-d7a1-44b1-9a76-e17492efc9e4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1227 - Information System Component Inventory | Automated
+ Unauthorized Component Detection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1227"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03b78f5e-4877-4303-b0f4-eb6583f25768","type":"Microsoft.Authorization/policyDefinitions","name":"03b78f5e-4877-4303-b0f4-eb6583f25768"},{"properties":{"displayName":"Microsoft
+ Managed Control 1361 - Incident Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1361"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03ed3be1-7276-4452-9a5d-e4168565ac67","type":"Microsoft.Authorization/policyDefinitions","name":"03ed3be1-7276-4452-9a5d-e4168565ac67"},{"properties":{"displayName":"Microsoft
+ Managed Control 1594 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1594"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/042ba2a1-8bb8-45f4-b080-c78cf62b90e9","type":"Microsoft.Authorization/policyDefinitions","name":"042ba2a1-8bb8-45f4-b080-c78cf62b90e9"},{"properties":{"displayName":"SQL
managed instance TDE protector should be encrypted with your own key","policyType":"BuiltIn","mode":"Indexed","description":"Transparent
Data Encryption (TDE) with your own key support provides increased transparency
and control over the TDE Protector, increased security with an HSM-backed
external service, and promotion of separation of duties.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/encryptionProtector","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/managedInstances/encryptionProtector/serverKeyType","equals":"AzureKeyVault"},{"field":"Microsoft.Sql/managedInstances/encryptionProtector/uri","notEquals":""},{"field":"Microsoft.Sql/managedInstances/encryptionProtector/uri","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","type":"Microsoft.Authorization/policyDefinitions","name":"048248b0-55cd-46da-b1ff-39efd52db260"},{"properties":{"displayName":"[Preview]:
+ Network traffic data collection agent should be installed on Linux virtual
+ machines","policyType":"BuiltIn","mode":"Indexed","description":"Security
+ Center uses the Microsoft Monitoring Dependency Agent to collect network traffic
+ data from your Azure virtual machines to enable advanced network protection
+ features such as traffic visualization on the network map, network hardening
+ recommendations and specific network threats.","metadata":{"category":"Monitoring","preview":"true"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable Dependency Agent for Linux VMs monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/04c4380f-3fae-46e8-96c9-30193528f602","type":"Microsoft.Authorization/policyDefinitions","name":"04c4380f-3fae-46e8-96c9-30193528f602"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Service Bus to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Service Bus to stream to a regional Log Analytics
+ workspace when any Service Bus which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.ServiceBus/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e","type":"Microsoft.Authorization/policyDefinitions","name":"04d53d87-841c-4f23-8a5b-21564380b55e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1572 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1572"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/04f5fb00-80bb-48a9-a75b-4cb4d4c97c36","type":"Microsoft.Authorization/policyDefinitions","name":"04f5fb00-80bb-48a9-a75b-4cb4d4c97c36"},{"properties":{"displayName":"[Preview]:
Deploy Log Analytics Agent for Linux VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined
and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log
@@ -3890,19 +4889,60 @@ interactions:
''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77","type":"Microsoft.Authorization/policyDefinitions","name":"053d3325-282c-4e5c-b944-24faffd30d77"},{"properties":{"displayName":"Diagnostic
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77","type":"Microsoft.Authorization/policyDefinitions","name":"053d3325-282c-4e5c-b944-24faffd30d77"},{"properties":{"displayName":"Microsoft
+ Managed Control 1331 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1331"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05460fe2-301f-4ed1-8174-d62c8bb92ff4","type":"Microsoft.Authorization/policyDefinitions","name":"05460fe2-301f-4ed1-8174-d62c8bb92ff4"},{"properties":{"displayName":"Vulnerability
+ Assessment settings for SQL server should contain an email address to receive
+ scan reports","policyType":"BuiltIn","mode":"Indexed","description":"Ensure
+ that an email address is provided for the ''Send scan reports to'' field in
+ the Vulnerability Assessment settings. This email address receives scan result
+ summary after a periodic scan runs on SQL servers.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/vulnerabilityAssessments/default.recurringScans.emails[*]","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9","type":"Microsoft.Authorization/policyDefinitions","name":"057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9"},{"properties":{"displayName":"Diagnostic
logs in Azure Data Lake Store should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Data Lake"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","type":"Microsoft.Authorization/policyDefinitions","name":"057ef27e-665e-4328-8ea3-04b3122bd9fb"},{"properties":{"displayName":"Audit
- SQL DB Level Audit Setting","policyType":"BuiltIn","mode":"All","description":"Audit
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","type":"Microsoft.Authorization/policyDefinitions","name":"057ef27e-665e-4328-8ea3-04b3122bd9fb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1132 - Protection Of Audit Information | Audit Backup On Separate
+ Physical Systems / Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1132"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05938e10-cdbd-4a54-9b2b-1cbcfc141ad0","type":"Microsoft.Authorization/policyDefinitions","name":"05938e10-cdbd-4a54-9b2b-1cbcfc141ad0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1223 - Information System Component Inventory","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1223"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a","type":"Microsoft.Authorization/policyDefinitions","name":"05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1640 - Transmission Confidentiality And Integrity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1640"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05a289ce-6a20-4b75-a0f3-dc8601b6acd0","type":"Microsoft.Authorization/policyDefinitions","name":"05a289ce-6a20-4b75-a0f3-dc8601b6acd0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1420 - Maintenance Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1420"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05ae08cc-a282-413b-90c7-21a2c60b8404","type":"Microsoft.Authorization/policyDefinitions","name":"05ae08cc-a282-413b-90c7-21a2c60b8404"},{"properties":{"displayName":"Microsoft
+ Managed Control 1658 - Secure Name / Address Resolution Service (Recursive
+ Or Caching Resolver)","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1658"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/063b540e-4bdc-4e7a-a569-3a42ddf22098","type":"Microsoft.Authorization/policyDefinitions","name":"063b540e-4bdc-4e7a-a569-3a42ddf22098"},{"properties":{"displayName":"Microsoft
+ Managed Control 1688 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1688"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/063c3f09-e0f0-4587-8fd5-f4276fae675f","type":"Microsoft.Authorization/policyDefinitions","name":"063c3f09-e0f0-4587-8fd5-f4276fae675f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1332 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1332"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/068260be-a5e6-4b0a-a430-cd27071c226a","type":"Microsoft.Authorization/policyDefinitions","name":"068260be-a5e6-4b0a-a430-cd27071c226a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1455 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1455"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/068a88d4-e520-434e-baf0-9005a8164e6a","type":"Microsoft.Authorization/policyDefinitions","name":"068a88d4-e520-434e-baf0-9005a8164e6a"},{"properties":{"displayName":"[Deprecated]:
+ Audit SQL DB Level Audit Setting","policyType":"BuiltIn","mode":"All","description":"Audit
DB level audit setting for SQL databases","metadata":{"category":"SQL","deprecated":true},"parameters":{"setting":{"type":"String","metadata":{"displayName":"Audit
Setting"},"allowedValues":["enabled","disabled"]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Sql/servers/databases/auditingSettings","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/auditingSettings.state","equals":"[parameters(''setting'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"Audit
VMs that do not use managed disks","policyType":"BuiltIn","mode":"All","description":"This
- policy audits VMs that do not use managed disks","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/virtualMachines/osDisk.uri","exists":"True"}]},{"allOf":[{"field":"type","equals":"Microsoft.Compute/VirtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers","exists":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl","exists":"True"}]}]}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a4d"},{"properties":{"displayName":"CORS
+ policy audits VMs that do not use managed disks","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/virtualMachines/osDisk.uri","exists":"True"}]},{"allOf":[{"field":"type","equals":"Microsoft.Compute/VirtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers","exists":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl","exists":"True"}]}]}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a4d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1366 - Incident Handling | Information Correlation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1366"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06c45c30-ae44-4f0f-82be-41331da911cc","type":"Microsoft.Authorization/policyDefinitions","name":"06c45c30-ae44-4f0f-82be-41331da911cc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1633 - Boundary Protection | Route Traffic To Authenticated
+ Proxy Servers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1633"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/07557aa0-e02f-4460-9a81-8ecd2fed601a","type":"Microsoft.Authorization/policyDefinitions","name":"07557aa0-e02f-4460-9a81-8ecd2fed601a"},{"properties":{"displayName":"CORS
should not allow every resource to access your Function Apps","policyType":"BuiltIn","mode":"Indexed","description":"Cross-Origin
Resource Sharing (CORS) should not allow all domains to access your Function
app. Allow only required domains to interact with your Function app.","metadata":{"category":"App
@@ -3921,12 +4961,30 @@ interactions:
''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c","type":"Microsoft.Authorization/policyDefinitions","name":"0868462e-646c-4fe3-9ced-a733534b6a2c"},{"properties":{"displayName":"[Deprecated]:
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c","type":"Microsoft.Authorization/policyDefinitions","name":"0868462e-646c-4fe3-9ced-a733534b6a2c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1583 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1583"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0882d488-8e80-4466-bc0f-0cd15b6cb66d","type":"Microsoft.Authorization/policyDefinitions","name":"0882d488-8e80-4466-bc0f-0cd15b6cb66d"},{"properties":{"displayName":"[Deprecated]:
Audit Web Applications that are not using latest supported PHP Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported PHP version for the latest security classes. Using older
classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c","type":"Microsoft.Authorization/policyDefinitions","name":"08b17839-76c6-4015-90e0-33d9d54d219c"},{"properties":{"displayName":"Network
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c","type":"Microsoft.Authorization/policyDefinitions","name":"08b17839-76c6-4015-90e0-33d9d54d219c"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Search Services to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Search Services to stream to a regional Log Analytics
+ workspace when any Search Services which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Search/searchServices/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d","type":"Microsoft.Authorization/policyDefinitions","name":"08ba64b8-738f-4918-9686-730d2ed79c7d"},{"properties":{"displayName":"Network
Security Group Rules for Internet facing virtual machines should be hardened","policyType":"BuiltIn","mode":"Indexed","description":"Azure
Security Center analyzes the traffic patterns of Internet facing virtual machines
and provides Network Security Group rule recommendations that reduce the potential
@@ -3935,11 +4993,50 @@ interactions:
should be more than one owner assigned to your subscription","policyType":"BuiltIn","mode":"All","description":"It
is recommended to designate more than one subscription owner in order to have
administrator access redundancy.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateMoreThanOneOwner","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","type":"Microsoft.Authorization/policyDefinitions","name":"09024ccc-0c5f-475e-9457-b7c0d9ed487b"},{"properties":{"displayName":"Disk
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateMoreThanOneOwner","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","type":"Microsoft.Authorization/policyDefinitions","name":"09024ccc-0c5f-475e-9457-b7c0d9ed487b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1159 - Security Authorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1159"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0925f098-7877-450b-8ba4-d1e55f2d8795","type":"Microsoft.Authorization/policyDefinitions","name":"0925f098-7877-450b-8ba4-d1e55f2d8795"},{"properties":{"displayName":"Disk
encryption should be applied on virtual machines","policyType":"BuiltIn","mode":"All","description":"VMs
without an enabled disk encryption will be monitored by Azure Security Center
as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","type":"Microsoft.Authorization/policyDefinitions","name":"0961003e-5a0a-4549-abde-af6a37f2724d"},{"properties":{"displayName":"Audit
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","type":"Microsoft.Authorization/policyDefinitions","name":"0961003e-5a0a-4549-abde-af6a37f2724d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1302 - Identification And Authentication (Org. Users) | Network
+ Access To Non-Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1302"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09828c65-e323-422b-9774-9d5c646124da","type":"Microsoft.Authorization/policyDefinitions","name":"09828c65-e323-422b-9774-9d5c646124da"},{"properties":{"displayName":"Configure
+ backup on VMs of a location to an existing central Vault in the same location","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy configures Azure Backup protection on VMs in a given location to an
+ existing central vault in the same location. It applies to only those VMs
+ that are not already configured for backup. It is recommended that this policy
+ is assigned to not more than 200 VMs. If the policy is assigned for more than
+ 200 VMs, it can result in the backup getting triggered a few hours beyond
+ the defined schedule. This policy will be enhanced to support more VM images.","metadata":{"category":"Backup"},"parameters":{"vaultLocation":{"type":"String","metadata":{"displayName":"Location
+ (Specify the location of the VMs that you want to protect)","description":"Specify
+ the location of the VMs that you want to protect. VMs should be backed up
+ to a vault in the same location.\nFor example - southeastasia","strongType":"location"}},"backupPolicyId":{"type":"String","metadata":{"displayName":"Backup
+ Policy (of type Azure VM from a vault in the location chosen above)","description":"Specify
+ the id of the Azure backup policy to configure backup of the virtual machines.
+ The selected Azure backup policy should be of type Azure virtual machine.
+ This policy needs to be in a vault that is present in the location chosen
+ above.\nFor example - /subscriptions//resourceGroups//providers/Microsoft.RecoveryServices/vaults//backupPolicies/","strongType":"Microsoft.RecoveryServices/vaults/backupPolicies"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["deployIfNotExists","auditIfNotExists","disabled"],"defaultValue":"deployIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"location","equals":"[parameters(''vaultLocation'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c","/providers/microsoft.authorization/roleDefinitions/5e467623-bb1f-42f4-a55d-6e525e11384b"],"type":"Microsoft.RecoveryServices/backupprotecteditems","deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"backupPolicyId":{"type":"String"},"fabricName":{"type":"String"},"protectionContainers":{"type":"String"},"protectedItems":{"type":"String"},"sourceResourceId":{"type":"String"}},"resources":[{"apiVersion":"2017-05-10","name":"[concat(''DeployProtection-'',uniqueString(parameters(''protectedItems'')))]","type":"Microsoft.Resources/deployments","resourceGroup":"[first(skip(split(parameters(''backupPolicyId''),
+ ''/''), 4))]","subscriptionId":"[first(skip(split(parameters(''backupPolicyId''),
+ ''/''), 2))]","properties":{"mode":"Incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"backupPolicyId":{"type":"String"},"fabricName":{"type":"String"},"protectionContainers":{"type":"String"},"protectedItems":{"type":"String"},"sourceResourceId":{"type":"String"}},"resources":[{"type":"Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems","name":"[concat(first(skip(split(parameters(''backupPolicyId''),
+ ''/''), 8)), ''/'', parameters(''fabricName''), ''/'',parameters(''protectionContainers''),
+ ''/'', parameters(''protectedItems''))]","apiVersion":"2016-06-01","properties":{"protectedItemType":"Microsoft.Compute/virtualMachines","policyId":"[parameters(''backupPolicyId'')]","sourceResourceId":"[parameters(''sourceResourceId'')]"}}]},"parameters":{"backupPolicyId":{"value":"[parameters(''backupPolicyId'')]"},"fabricName":{"value":"[parameters(''fabricName'')]"},"protectionContainers":{"value":"[parameters(''protectionContainers'')]"},"protectedItems":{"value":"[parameters(''protectedItems'')]"},"sourceResourceId":{"value":"[parameters(''sourceResourceId'')]"}}}}]},"parameters":{"backupPolicyId":{"value":"[parameters(''backupPolicyId'')]"},"fabricName":{"value":"Azure"},"protectionContainers":{"value":"[concat(''iaasvmcontainer;iaasvmcontainerv2;'',
+ resourceGroup().name, '';'' ,field(''name''))]"},"protectedItems":{"value":"[concat(''vm;iaasvmcontainerv2;'',
+ resourceGroup().name, '';'' ,field(''name''))]"},"sourceResourceId":{"value":"[concat(''/subscriptions/'',
+ subscription().subscriptionId, ''/resourceGroups/'', resourceGroup().name,
+ ''/providers/Microsoft.Compute/virtualMachines/'',field(''name''))]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09ce66bc-1220-4153-8104-e3f51c936913","type":"Microsoft.Authorization/policyDefinitions","name":"09ce66bc-1220-4153-8104-e3f51c936913"},{"properties":{"displayName":"Microsoft
+ Managed Control 1654 - Voice Over Internet Protocol","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1654"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a2ee16e-ab1f-414a-800b-d1608835862b","type":"Microsoft.Authorization/policyDefinitions","name":"0a2ee16e-ab1f-414a-800b-d1608835862b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1402 - Controlled Maintenance | Automated Maintenance Activities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1402"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a560d32-8075-4fec-9615-9f7c853f4ea9","type":"Microsoft.Authorization/policyDefinitions","name":"0a560d32-8075-4fec-9615-9f7c853f4ea9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1428 - Media Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1428"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a77fcc7-b8d8-451a-ab52-56197913c0c7","type":"Microsoft.Authorization/policyDefinitions","name":"0a77fcc7-b8d8-451a-ab52-56197913c0c7"},{"properties":{"displayName":"Audit
resource location matches resource group location","policyType":"BuiltIn","mode":"Indexed","description":"Audit
that the resource location matches its resource group location","metadata":{"category":"General"},"policyRule":{"if":{"field":"location","notIn":["[resourcegroup().location]","global"]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a","type":"Microsoft.Authorization/policyDefinitions","name":"0a914e76-4921-4c19-b460-a2d36003525a"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
@@ -3952,13 +5049,26 @@ interactions:
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesAccountManagement","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesAccountManagement"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29","type":"Microsoft.Authorization/policyDefinitions","name":"0a9991e6-21be-49f9-8916-a06d934bcf29"},{"properties":{"displayName":"Email
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29","type":"Microsoft.Authorization/policyDefinitions","name":"0a9991e6-21be-49f9-8916-a06d934bcf29"},{"properties":{"displayName":"Microsoft
+ Managed Control 1044 - Unsuccessful Logon Attempts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1044"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0abbac52-57cf-450d-8408-1208d0dd9e90","type":"Microsoft.Authorization/policyDefinitions","name":"0abbac52-57cf-450d-8408-1208d0dd9e90"},{"properties":{"displayName":"Microsoft
+ Managed Control 1253 - Contingency Plan | Resume Essential Missions / Business
+ Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1253"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0afce0b3-dd9f-42bb-af28-1e4284ba8311","type":"Microsoft.Authorization/policyDefinitions","name":"0afce0b3-dd9f-42bb-af28-1e4284ba8311"},{"properties":{"displayName":"Email
notification to subscription owner for high severity alerts should be enabled","policyType":"BuiltIn","mode":"All","description":"Enable
emailing security alerts to the subscription owner, in order to have them
receive security alert emails from Microsoft. This ensures that they are aware
of any potential security issues and can mitigate the risk in a timely fashion","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertsToAdmins","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","type":"Microsoft.Authorization/policyDefinitions","name":"0b15565f-aa9e-48ba-8619-45960f2c314d"},{"properties":{"displayName":"Key
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertsToAdmins","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","type":"Microsoft.Authorization/policyDefinitions","name":"0b15565f-aa9e-48ba-8619-45960f2c314d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1046 - Automatic Account Lock | Purge / Wipe Mobile Device","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1046"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b1aa965-7502-41f9-92be-3e2fe7cc392a","type":"Microsoft.Authorization/policyDefinitions","name":"0b1aa965-7502-41f9-92be-3e2fe7cc392a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1020 - Account Management | Role-Based Schemes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1020"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b291ee8-3140-4cad-beb7-568c077c78ce","type":"Microsoft.Authorization/policyDefinitions","name":"0b291ee8-3140-4cad-beb7-568c077c78ce"},{"properties":{"displayName":"Key
Vault objects should be recoverable","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits if key vault objects are not recoverable. Soft Delete feature
helps to effectively hold the resources for a given retention period (90 days)
@@ -3967,19 +5077,51 @@ interactions:
state cannot be purged until the retention period of 90 days has passed. These
vaults and objects can still be recovered, assuring customers that the retention
policy will be followed.","metadata":{"category":"Key Vault"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"anyOf":[{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","equals":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","type":"Microsoft.Authorization/policyDefinitions","name":"0b60c0b2-2dc2-4e1c-b5c9-abbed971de53"},{"properties":{"displayName":"SQL
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"anyOf":[{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","equals":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","type":"Microsoft.Authorization/policyDefinitions","name":"0b60c0b2-2dc2-4e1c-b5c9-abbed971de53"},{"properties":{"displayName":"Microsoft
+ Managed Control 1115 - Audit Review, Analysis, And Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1115"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b653845-2ad9-4e09-a4f3-5a7c1d78353d","type":"Microsoft.Authorization/policyDefinitions","name":"0b653845-2ad9-4e09-a4f3-5a7c1d78353d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1239 - User-Installed Software","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1239"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0be51298-f643-4556-88af-d7db90794879","type":"Microsoft.Authorization/policyDefinitions","name":"0be51298-f643-4556-88af-d7db90794879"},{"properties":{"displayName":"Ensure
+ API app has ''Client Certificates (Incoming client certificates)'' set to
+ ''On''","policyType":"BuiltIn","mode":"Indexed","description":"Client certificates
+ allow for the app to request a certificate for incoming requests. Only clients
+ that have a valid certificate will be able to reach the app.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"},{"field":"Microsoft.Web/sites/clientCertEnabled","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886","type":"Microsoft.Authorization/policyDefinitions","name":"0c192fe8-9cbb-4516-85b3-0ade8bd03886"},{"properties":{"displayName":"Microsoft
+ Managed Control 1496 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1496"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0ca96127-2f87-46ab-a4fc-0d2a786df1c8","type":"Microsoft.Authorization/policyDefinitions","name":"0ca96127-2f87-46ab-a4fc-0d2a786df1c8"},{"properties":{"displayName":"SQL
server TDE protector should be encrypted with your own key","policyType":"BuiltIn","mode":"Indexed","description":"Transparent
Data Encryption (TDE) with your own key support provides increased transparency
and control over the TDE Protector, increased security with an HSM-backed
external service, and promotion of separation of duties.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/encryptionProtector","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/servers/encryptionProtector/serverKeyType","equals":"AzureKeyVault"},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","notEquals":""},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","type":"Microsoft.Authorization/policyDefinitions","name":"0d134df8-db83-46fb-ad72-fe0c9428c8dd"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/encryptionProtector","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/servers/encryptionProtector/serverKeyType","equals":"AzureKeyVault"},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","notEquals":""},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","type":"Microsoft.Authorization/policyDefinitions","name":"0d134df8-db83-46fb-ad72-fe0c9428c8dd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1518 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1518"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d58f734-c052-40e9-8b2f-a1c2bff0b815","type":"Microsoft.Authorization/policyDefinitions","name":"0d58f734-c052-40e9-8b2f-a1c2bff0b815"},{"properties":{"displayName":"Microsoft
+ Managed Control 1713 - Software, Firmware, And Information Integrity | Integrity
+ Checks","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1713"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d87c70b-5012-48e9-994b-e70dd4b8def0","type":"Microsoft.Authorization/policyDefinitions","name":"0d87c70b-5012-48e9-994b-e70dd4b8def0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1466 - Visitor Access Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1466"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d943a9c-a6f1-401f-a792-740cdb09c451","type":"Microsoft.Authorization/policyDefinitions","name":"0d943a9c-a6f1-401f-a792-740cdb09c451"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs on which Windows Defender Exploit Guard
is not enabled","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines on which Windows Defender Exploit Guard is not enabled. For
more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDefenderExploitGuard","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053","type":"Microsoft.Authorization/policyDefinitions","name":"0d9b45ff-9ddd-43fc-bf59-fbd1c8423053"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDefenderExploitGuard","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053","type":"Microsoft.Authorization/policyDefinitions","name":"0d9b45ff-9ddd-43fc-bf59-fbd1c8423053"},{"properties":{"displayName":"Managed
+ identity should be used in your Function App","policyType":"BuiltIn","mode":"Indexed","description":"Use
+ a managed identity for enhanced authentication security","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f","type":"Microsoft.Authorization/policyDefinitions","name":"0da106f2-4ca3-48e8-bc85-c638fe6aea8f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1718 - Software, Firmware, And Information Integrity | Binary
+ Or Machine Executable Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1718"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0dced7ab-9ce5-4137-93aa-14c13e06ab17","type":"Microsoft.Authorization/policyDefinitions","name":"0dced7ab-9ce5-4137-93aa-14c13e06ab17"},{"properties":{"displayName":"[Preview]:
Authorized IP ranges should be defined on Kubernetes Services","policyType":"BuiltIn","mode":"All","description":"Restrict
access to the Kubernetes Service Management API by granting API access only
to IP addresses in specific ranges. It is recommended to limit access to authorized
@@ -3989,7 +5131,42 @@ interactions:
debugging should be turned off for Function Apps","policyType":"BuiltIn","mode":"Indexed","description":"Remote
debugging requires inbound ports to be opened on an function app. Remote debugging
should be turned off.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","type":"Microsoft.Authorization/policyDefinitions","name":"0e60b895-3786-45da-8377-9c6b4b6ac5f9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","type":"Microsoft.Authorization/policyDefinitions","name":"0e60b895-3786-45da-8377-9c6b4b6ac5f9"},{"properties":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for MariaDB","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure Database for MariaDB with geo-redundant backup not
+ enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMariaDB/servers"},{"field":"Microsoft.DBforMariaDB/servers/storageProfile.geoRedundantBackup","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","type":"Microsoft.Authorization/policyDefinitions","name":"0ec47710-77ff-4a3d-9181-6aa50af424d0"},{"properties":{"displayName":"Deploy
+ prerequisites to enable Guest Configuration Policy on Windows VMs.","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a system-assigned managed identity and deploys the VM extension
+ for Guest Configuration on Windows VMs. This is a prerequisites for Guest
+ Configuration Policy and must be assigned to the scope before using any Guest
+ Configuration policy. For more information on Guest Configuration policies,
+ please visit https://aka.ms/gcpol.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.Compute/virtualMachines/extensions","name":"AzurePolicyforWindows","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.GuestConfiguration"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"ConfigurationforWindows"}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"resources":[{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}}}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0ecd903d-91e7-4726-83d3-a229d7f2e293","type":"Microsoft.Authorization/policyDefinitions","name":"0ecd903d-91e7-4726-83d3-a229d7f2e293"},{"properties":{"displayName":"Microsoft
+ Managed Control 1601 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1601"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e","type":"Microsoft.Authorization/policyDefinitions","name":"0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1476 - Fire Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1476"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f3c4ac2-3e35-4906-a80b-473b12a622d7","type":"Microsoft.Authorization/policyDefinitions","name":"0f3c4ac2-3e35-4906-a80b-473b12a622d7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1204 - Access Restrictions For Change | Review System Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1204"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f4f6750-d1ab-4a4c-8dfd-af3237682665","type":"Microsoft.Authorization/policyDefinitions","name":"0f4f6750-d1ab-4a4c-8dfd-af3237682665"},{"properties":{"displayName":"Microsoft
+ Managed Control 1430 - Media Marking","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1430"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f559588-5e53-4b14-a7c4-85d28ebc2234","type":"Microsoft.Authorization/policyDefinitions","name":"0f559588-5e53-4b14-a7c4-85d28ebc2234"},{"properties":{"displayName":"Microsoft
+ Managed Control 1574 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1574"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f935dab-83d6-47b8-85ef-68b8584161b9","type":"Microsoft.Authorization/policyDefinitions","name":"0f935dab-83d6-47b8-85ef-68b8584161b9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1164 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1164"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0fb8d3ce-9e96-481c-9c68-88d4e3019310","type":"Microsoft.Authorization/policyDefinitions","name":"0fb8d3ce-9e96-481c-9c68-88d4e3019310"},{"properties":{"displayName":"Microsoft
+ Managed Control 1017 - Account Management | Inactivity Logout","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1017"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0fc3db37-e59a-48c1-84e9-1780cedb409e","type":"Microsoft.Authorization/policyDefinitions","name":"0fc3db37-e59a-48c1-84e9-1780cedb409e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1087 - Security Awareness And Training Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1087"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/100c82ba-42e9-4d44-a2ba-94b209248583","type":"Microsoft.Authorization/policyDefinitions","name":"100c82ba-42e9-4d44-a2ba-94b209248583"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not contain the specified
certificates in Trusted Root","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows VMs that
@@ -4003,14 +5180,34 @@ interactions:
thumbprints","description":"A semicolon-separated list of certificate thumbprints
that should exist under the Trusted Root certificate store (Cert:\\LocalMachine\\Root).
e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsCertificateInTrustedRoot","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude'',
- ''='', parameters(''CertificateThumbprints'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsCertificateInTrustedRoot"},"CertificateThumbprints":{"value":"[parameters(''CertificateThumbprints'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"CertificateThumbprints":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprints'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprints'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/106ccbe4-a791-4f33-a44a-06796944b8d5","type":"Microsoft.Authorization/policyDefinitions","name":"106ccbe4-a791-4f33-a44a-06796944b8d5"},{"properties":{"displayName":"[Preview]:
+ ''='', parameters(''CertificateThumbprints'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsCertificateInTrustedRoot"},"CertificateThumbprints":{"value":"[parameters(''CertificateThumbprints'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"CertificateThumbprints":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprints'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprints'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/106ccbe4-a791-4f33-a44a-06796944b8d5","type":"Microsoft.Authorization/policyDefinitions","name":"106ccbe4-a791-4f33-a44a-06796944b8d5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1554 - Vulnerability Scanning | Discoverable Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1554"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/10984b4e-c93e-48d7-bf20-9c03b04e9eca","type":"Microsoft.Authorization/policyDefinitions","name":"10984b4e-c93e-48d7-bf20-9c03b04e9eca"},{"properties":{"displayName":"Ensure
+ that ''.Net Framework'' version is the latest, if used as a part of the Function
+ App","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for .Net Framework software either due to security
+ flaws or to include additional functionality. Using the latest .Net framework
+ version for web apps is recommended in order to to take advantage of security
+ fixes, if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.netFrameworkVersion","in":["v3.0","v4.0"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/10c1859c-e1a7-4df3-ab97-a487fa8059f6","type":"Microsoft.Authorization/policyDefinitions","name":"10c1859c-e1a7-4df3-ab97-a487fa8059f6"},{"properties":{"displayName":"Custom
+ subscription owner roles should not exist","policyType":"BuiltIn","mode":"All","description":"This
+ policy ensures that no custom subscription owner roles exist.","metadata":{"category":"General"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Authorization/roleDefinitions"},{"field":"Microsoft.Authorization/roleDefinitions/type","equals":"CustomRole"},{"anyOf":[{"not":{"field":"Microsoft.Authorization/roleDefinitions/permissions[*].actions[*]","notEquals":"*"}},{"not":{"field":"Microsoft.Authorization/roleDefinitions/permissions.actions[*]","notEquals":"*"}}]},{"not":{"field":"Microsoft.Authorization/roleDefinitions/assignableScopes[*]","notIn":["[concat(subscription().id,''/'')]","[subscription().id]","/"]}},{"not":{"field":"Microsoft.Authorization/roleDefinitions/assignableScopes[*]","notLike":"/providers/Microsoft.Management/*"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","type":"Microsoft.Authorization/policyDefinitions","name":"10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1230 - Configuration Management Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1230"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11158848-f679-4e9b-aa7b-9fb07d945071","type":"Microsoft.Authorization/policyDefinitions","name":"11158848-f679-4e9b-aa7b-9fb07d945071"},{"properties":{"displayName":"Microsoft
+ Managed Control 1432 - Media Storage","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1432"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1140e542-b80d-4048-af45-3f7245be274b","type":"Microsoft.Authorization/policyDefinitions","name":"1140e542-b80d-4048-af45-3f7245be274b"},{"properties":{"displayName":"[Preview]:
Audit Dependency Agent Deployment - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports
VMs as non-compliant if the VM Image (OS) is not in the list defined and the
agent is not installed. The list of OS images will be updated over time as
@@ -4018,7 +5215,16 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","type":"Microsoft.Authorization/policyDefinitions","name":"11ac78e3-31bc-4f0c-8434-37ab963cea07"},{"properties":{"displayName":"[Preview]:
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","type":"Microsoft.Authorization/policyDefinitions","name":"11ac78e3-31bc-4f0c-8434-37ab963cea07"},{"properties":{"displayName":"Microsoft
+ Managed Control 1655 - Voice Over Internet Protocol","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1655"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/121eab72-390e-4629-a7e2-6d6184f57c6b","type":"Microsoft.Authorization/policyDefinitions","name":"121eab72-390e-4629-a7e2-6d6184f57c6b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1681 - Malicious Code Protection | Automatic Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1681"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12623e7e-4736-4b2e-b776-c1600f35f93a","type":"Microsoft.Authorization/policyDefinitions","name":"12623e7e-4736-4b2e-b776-c1600f35f93a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1240 - User-Installed Software","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1240"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/129eb39f-d79a-4503-84cd-92f036b5e429","type":"Microsoft.Authorization/policyDefinitions","name":"129eb39f-d79a-4503-84cd-92f036b5e429"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- System objects''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4029,7 +5235,10 @@ interactions:
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsSystemobjects","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsSystemobjects"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12ae2d24-3805-4b37-9fa9-465968bfbcfa","type":"Microsoft.Authorization/policyDefinitions","name":"12ae2d24-3805-4b37-9fa9-465968bfbcfa"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12ae2d24-3805-4b37-9fa9-465968bfbcfa","type":"Microsoft.Authorization/policyDefinitions","name":"12ae2d24-3805-4b37-9fa9-465968bfbcfa"},{"properties":{"displayName":"Microsoft
+ Managed Control 1666 - System And Information Integrity Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1666"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12e30ee3-61e6-4509-8302-a871e8ebb91e","type":"Microsoft.Authorization/policyDefinitions","name":"12e30ee3-61e6-4509-8302-a871e8ebb91e"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that do not have the specified applications
installed","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4042,14 +5251,33 @@ interactions:
names of the applications that should be installed. e.g. ''Microsoft SQL Server
2014 (64-bit); Microsoft Visual Studio Code'' or ''Microsoft SQL Server 2014*''
(to match any application starting with ''Microsoft SQL Server 2014'')"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WhitelistedApplication","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[InstalledApplication]bwhitelistedapp;Name'',
- ''='', parameters(''installedApplication'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WhitelistedApplication"},"installedApplication":{"value":"[parameters(''installedApplication'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"installedApplication":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]bwhitelistedapp;Name","value":"[parameters(''installedApplication'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]bwhitelistedapp;Name","value":"[parameters(''installedApplication'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6","type":"Microsoft.Authorization/policyDefinitions","name":"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6"},{"properties":{"displayName":"Deploy
+ ''='', parameters(''installedApplication'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WhitelistedApplication"},"installedApplication":{"value":"[parameters(''installedApplication'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"installedApplication":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]bwhitelistedapp;Name","value":"[parameters(''installedApplication'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]bwhitelistedapp;Name","value":"[parameters(''installedApplication'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6","type":"Microsoft.Authorization/policyDefinitions","name":"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1347 - Identification And Authentication (Non-Org. Users)
+ | Acceptance Of PIV Creds. From Other Agys.","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1347"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/131a2706-61e9-4916-a164-00e052056462","type":"Microsoft.Authorization/policyDefinitions","name":"131a2706-61e9-4916-a164-00e052056462"},{"properties":{"displayName":"Microsoft
+ Managed Control 1450 - Physical Access Authorizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1450"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/134d7a13-ba3e-41e2-b236-91bfcfa24e01","type":"Microsoft.Authorization/policyDefinitions","name":"134d7a13-ba3e-41e2-b236-91bfcfa24e01"},{"properties":{"displayName":"Microsoft
+ Managed Control 1184 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1184"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/13579d0e-0ab0-4b26-b0fb-d586f6d7ed20","type":"Microsoft.Authorization/policyDefinitions","name":"13579d0e-0ab0-4b26-b0fb-d586f6d7ed20"},{"properties":{"displayName":"Microsoft
+ Managed Control 1085 - Publicly Accessible Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1085"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/13d117e0-38b0-4bbb-aaab-563be5dd10ba","type":"Microsoft.Authorization/policyDefinitions","name":"13d117e0-38b0-4bbb-aaab-563be5dd10ba"},{"properties":{"displayName":"Microsoft
+ Managed Control 1404 - Maintenance Tools","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1404"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/13d8f903-0cd6-449f-a172-50f6579c182b","type":"Microsoft.Authorization/policyDefinitions","name":"13d8f903-0cd6-449f-a172-50f6579c182b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1695 - Information System Monitoring | Wireless Intrusion
+ Detection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1695"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/13fcf812-ec82-4eda-9b89-498de9efd620","type":"Microsoft.Authorization/policyDefinitions","name":"13fcf812-ec82-4eda-9b89-498de9efd620"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs in which the Administrators group contains
any of the specified members","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4062,14 +5290,22 @@ interactions:
to exclude","description":"A semicolon-separated list of members that should
be excluded in the Administrators local group. Ex: Administrator; myUser1;
myUser2"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AdministratorsGroupMembersToExclude","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[LocalGroup]AdministratorsGroup;MembersToExclude'',
- ''='', parameters(''MembersToExclude'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AdministratorsGroupMembersToExclude"},"MembersToExclude":{"value":"[parameters(''MembersToExclude'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"MembersToExclude":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToExclude","value":"[parameters(''MembersToExclude'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToExclude","value":"[parameters(''MembersToExclude'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","type":"Microsoft.Authorization/policyDefinitions","name":"144f1397-32f9-4598-8c88-118decc3ccba"},{"properties":{"displayName":"[Preview]:
+ ''='', parameters(''MembersToExclude'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AdministratorsGroupMembersToExclude"},"MembersToExclude":{"value":"[parameters(''MembersToExclude'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"MembersToExclude":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToExclude","value":"[parameters(''MembersToExclude'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToExclude","value":"[parameters(''MembersToExclude'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","type":"Microsoft.Authorization/policyDefinitions","name":"144f1397-32f9-4598-8c88-118decc3ccba"},{"properties":{"displayName":"Microsoft
+ Managed Control 1157 - Plan Of Action And Milestones","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1157"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/15495367-cf68-464c-bbc3-f53ca5227b7a","type":"Microsoft.Authorization/policyDefinitions","name":"15495367-cf68-464c-bbc3-f53ca5227b7a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1491 - Security Planning Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1491"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1571dd40-dafc-4ef4-8f55-16eba27efc7b","type":"Microsoft.Authorization/policyDefinitions","name":"1571dd40-dafc-4ef4-8f55-16eba27efc7b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1564 - System Development Life Cycle","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1564"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/157f0ef9-143f-496d-b8f9-f8c8eeaad801","type":"Microsoft.Authorization/policyDefinitions","name":"157f0ef9-143f-496d-b8f9-f8c8eeaad801"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not have a minimum password
age of 1 day","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4077,24 +5313,70 @@ interactions:
managed identity and deploys the VM extension for Guest Configuration. This
policy should only be used along with its corresponding audit policy in an
initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","type":"Microsoft.Authorization/policyDefinitions","name":"16390df4-2f73-4b42-af13-c801066763df"},{"properties":{"displayName":"Show
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","type":"Microsoft.Authorization/policyDefinitions","name":"16390df4-2f73-4b42-af13-c801066763df"},{"properties":{"displayName":"Microsoft
+ Managed Control 1662 - Fail In Known State","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1662"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/165cb91f-7ea8-4ab7-beaf-8636b98c9d15","type":"Microsoft.Authorization/policyDefinitions","name":"165cb91f-7ea8-4ab7-beaf-8636b98c9d15"},{"properties":{"displayName":"Microsoft
+ Managed Control 1684 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1684"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16bfdb59-db38-47a5-88a9-2e9371a638cf","type":"Microsoft.Authorization/policyDefinitions","name":"16bfdb59-db38-47a5-88a9-2e9371a638cf"},{"properties":{"displayName":"Show
audit results from Windows VMs that do not have the specified Windows PowerShell
modules installed","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that do not have the specified Windows PowerShell
modules installed. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellModules","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16f9b37c-4408-4c30-bc17-254958f2e2d6","type":"Microsoft.Authorization/policyDefinitions","name":"16f9b37c-4408-4c30-bc17-254958f2e2d6"},{"properties":{"displayName":"Transparent
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellModules","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16f9b37c-4408-4c30-bc17-254958f2e2d6","type":"Microsoft.Authorization/policyDefinitions","name":"16f9b37c-4408-4c30-bc17-254958f2e2d6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1103 - Audit Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1103"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16feeb31-6377-437e-bbab-d7f73911896d","type":"Microsoft.Authorization/policyDefinitions","name":"16feeb31-6377-437e-bbab-d7f73911896d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1007 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1007"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17200329-bf6c-46d8-ac6d-abf4641c2add","type":"Microsoft.Authorization/policyDefinitions","name":"17200329-bf6c-46d8-ac6d-abf4641c2add"},{"properties":{"displayName":"Microsoft
+ Managed Control 1349 - Identification And Authentication (Non-Org. Users)
+ | Use Of FICAM-Approved Products","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1349"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17641f70-94cd-4a5d-a613-3d1143e20e34","type":"Microsoft.Authorization/policyDefinitions","name":"17641f70-94cd-4a5d-a613-3d1143e20e34"},{"properties":{"displayName":"Deploy
+ associations for a managed application","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ an association resource that associates selected resource types to the specified
+ managed application. This policy deployment does not support nested resource
+ types.","metadata":{"category":"Managed Application"},"parameters":{"targetManagedApplicationId":{"type":"String","metadata":{"displayName":"Managed
+ application Id","description":"Resource ID of the managed application to which
+ resources need to be associated."}},"resourceTypesToAssociate":{"type":"Array","metadata":{"displayName":"Resource
+ types to associate","description":"The list of resource types to be associated
+ to the managed application.","strongType":"resourceTypes"}},"associationNamePrefix":{"type":"String","metadata":{"displayName":"Association
+ name prefix","description":"Prefix to be added to the name of the association
+ resource being created."},"defaultValue":"DeployedByPolicy"}},"policyRule":{"if":{"field":"type","in":"[parameters(''resourceTypesToAssociate'')]"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.CustomProviders/Associations","name":"[concat(parameters(''associationNamePrefix''),
+ ''-'', uniqueString(parameters(''targetManagedApplicationId'')))]","roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"associatedResourceName":{"type":"string"},"resourceTypesToAssociate":{"type":"string"},"targetManagedApplicationId":{"type":"string"},"associationNamePrefix":{"type":"string"}},"variables":{"resourceType":"[concat(parameters(''resourceTypesToAssociate''),
+ ''/providers/associations'')]","resourceName":"[concat(parameters(''associatedResourceName''),
+ ''/microsoft.customproviders/'', parameters(''associationNamePrefix''), ''-'',
+ uniqueString(parameters(''targetManagedApplicationId'')))]"},"resources":[{"type":"Microsoft.Resources/deployments","apiVersion":"2017-05-10","name":"[concat(deployment().Name,
+ ''-2'')]","properties":{"mode":"Incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[{"type":"[variables(''resourceType'')]","name":"[variables(''resourceName'')]","apiVersion":"2018-09-01-preview","properties":{"targetResourceId":"[parameters(''targetManagedApplicationId'')]"}}]}}}]},"parameters":{"resourceTypesToAssociate":{"value":"[field(''type'')]"},"associatedResourceName":{"value":"[field(''name'')]"},"targetManagedApplicationId":{"value":"[parameters(''targetManagedApplicationId'')]"},"associationNamePrefix":{"value":"[parameters(''associationNamePrefix'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17763ad9-70c0-4794-9397-53d765932634","type":"Microsoft.Authorization/policyDefinitions","name":"17763ad9-70c0-4794-9397-53d765932634"},{"properties":{"displayName":"Transparent
Data Encryption on SQL databases should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
transparent data encryption status for SQL databases","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"enabled"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"17k78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"Azure
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"enabled"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"17k78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"Microsoft
+ Managed Control 1325 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1325"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1845796a-7581-49b2-ae20-443121538e19","type":"Microsoft.Authorization/policyDefinitions","name":"1845796a-7581-49b2-ae20-443121538e19"},{"properties":{"displayName":"Microsoft
+ Managed Control 1480 - Temperature And Humidity Controls","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1480"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/18a767cc-1947-4338-a240-bc058c81164f","type":"Microsoft.Authorization/policyDefinitions","name":"18a767cc-1947-4338-a240-bc058c81164f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1369 - Incident Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1369"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/18cc35ed-a429-486d-8d59-cb47e87304ed","type":"Microsoft.Authorization/policyDefinitions","name":"18cc35ed-a429-486d-8d59-cb47e87304ed"},{"properties":{"displayName":"Microsoft
+ Managed Control 1269 - Alternate Storage Site | Separation From Primary Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1269"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/19b9439d-865d-4474-b17d-97d2702fdb66","type":"Microsoft.Authorization/policyDefinitions","name":"19b9439d-865d-4474-b17d-97d2702fdb66"},{"properties":{"displayName":"Microsoft
+ Managed Control 1071 - Wireless Access | Restrict Configurations By Users","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1071"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1a437f5b-9ad6-4f28-8861-de404d511ae4","type":"Microsoft.Authorization/policyDefinitions","name":"1a437f5b-9ad6-4f28-8861-de404d511ae4"},{"properties":{"displayName":"Azure
Monitor log profile should collect logs for categories ''write,'' ''delete,''
and ''action''","policyType":"BuiltIn","mode":"All","description":"This policy
ensures that a log profile collects logs for categories ''write,'' ''delete,''
@@ -4109,7 +5391,16 @@ interactions:
SQL managed instances which do not have recurring vulnerability assessment
scans enabled. Vulnerability assessment can discover, track, and help you
remediate potential database vulnerabilities.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/vulnerabilityAssessments/recurringScans.isEnabled","equals":"True"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","type":"Microsoft.Authorization/policyDefinitions","name":"1b7aa243-30e4-4c9e-bca8-d0d3022b634a"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/vulnerabilityAssessments/recurringScans.isEnabled","equals":"True"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","type":"Microsoft.Authorization/policyDefinitions","name":"1b7aa243-30e4-4c9e-bca8-d0d3022b634a"},{"properties":{"displayName":"Ensure
+ that ''PHP version'' is the latest, if used as a part of the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for PHP software either due to security flaws
+ or to include additional functionality. Using the latest PHP version for API
+ apps is recommended in order to to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ PHP version","description":"Latest supported PHP version for App Services"},"defaultValue":"7.3"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PHP"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PHP|'',
+ parameters(''PHPLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":"[parameters(''PHPLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","type":"Microsoft.Authorization/policyDefinitions","name":"1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba"},{"properties":{"displayName":"[Preview]:
Deploy Dependency Agent for Windows VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined
and the agent is not installed. The list of OS images will be updated over
@@ -4117,21 +5408,44 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentWindows","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''),
''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","type":"Microsoft.Authorization/policyDefinitions","name":"1c210e94-a481-4beb-95fa-1571b434fb04"},{"properties":{"displayName":"Virtual
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","type":"Microsoft.Authorization/policyDefinitions","name":"1c210e94-a481-4beb-95fa-1571b434fb04"},{"properties":{"displayName":"Microsoft
+ Managed Control 1072 - Wireless Access | Antennas / Transmission Power Levels","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1072"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1ca29e41-34ec-4e70-aba9-6248aca18c31","type":"Microsoft.Authorization/policyDefinitions","name":"1ca29e41-34ec-4e70-aba9-6248aca18c31"},{"properties":{"displayName":"Microsoft
+ Managed Control 1656 - Secure Name / Address Resolution Service (Authoritative
+ Source)","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1656"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1cb067d5-c8b5-4113-a7ee-0a493633924b","type":"Microsoft.Authorization/policyDefinitions","name":"1cb067d5-c8b5-4113-a7ee-0a493633924b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1592 - External Information System Services | Consistent Interests
+ Of Consumers And Providers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1592"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d01ba6c-289f-42fd-a408-494b355b6222","type":"Microsoft.Authorization/policyDefinitions","name":"1d01ba6c-289f-42fd-a408-494b355b6222"},{"properties":{"displayName":"Microsoft
+ Managed Control 1088 - Security Awareness And Training Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1088"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d50f99d-1356-49c0-934a-45f742ba7783","type":"Microsoft.Authorization/policyDefinitions","name":"1d50f99d-1356-49c0-934a-45f742ba7783"},{"properties":{"displayName":"Microsoft
+ Managed Control 1538 - Security Categorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1538"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d7658b2-e827-49c3-a2ae-6d2bd0b45874","type":"Microsoft.Authorization/policyDefinitions","name":"1d7658b2-e827-49c3-a2ae-6d2bd0b45874"},{"properties":{"displayName":"Virtual
machines should be migrated to new Azure Resource Manager resources","policyType":"BuiltIn","mode":"All","description":"Use
new Azure Resource Manager for your virtual machines to provide security enhancements
such as: stronger access control (RBAC), better auditing, ARM-based deployment
and governance, access to managed identities, access to key vault for secrets,
Azure AD-based authentication and support for tags and resource groups for
easier security management","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.classicCompute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","type":"Microsoft.Authorization/policyDefinitions","name":"1d84d5fb-01f6-4d12-ba4f-4a26081d403d"},{"properties":{"displayName":"[Deprecated]:
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.ClassicCompute/virtualMachines","Microsoft.Compute/virtualMachines"]},{"value":"[field(''type'')]","equals":"Microsoft.ClassicCompute/virtualMachines"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","type":"Microsoft.Authorization/policyDefinitions","name":"1d84d5fb-01f6-4d12-ba4f-4a26081d403d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1298 - Identification And Authentication Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1298"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1dc784b5-4895-4d27-9d40-a06b032bd1ee","type":"Microsoft.Authorization/policyDefinitions","name":"1dc784b5-4895-4d27-9d40-a06b032bd1ee"},{"properties":{"displayName":"[Deprecated]:
Audit API Applications that are not using latest supported .NET Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported .NET Framework version for the latest security classes.
Using older classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestDotNet","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb","type":"Microsoft.Authorization/policyDefinitions","name":"1de7b11d-1870-41a5-8181-507e7c663cfb"},{"properties":{"displayName":"Require
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestDotNet","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb","type":"Microsoft.Authorization/policyDefinitions","name":"1de7b11d-1870-41a5-8181-507e7c663cfb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1595 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1595"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1e0414e7-6ef5-4182-8076-aa82fbb53341","type":"Microsoft.Authorization/policyDefinitions","name":"1e0414e7-6ef5-4182-8076-aa82fbb53341"},{"properties":{"displayName":"Require
tag and its value","policyType":"BuiltIn","mode":"Indexed","description":"Enforces
- a required tag and its value. Does not apply to resource groups.","metadata":{"category":"General"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ a required tag and its value. Does not apply to resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"not":{"field":"[concat(''tags['',
parameters(''tagName''), '']'')]","equals":"[parameters(''tagValue'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62","type":"Microsoft.Authorization/policyDefinitions","name":"1e30110a-5ceb-460c-a204-c1c3969c6d62"},{"properties":{"displayName":"An
@@ -4140,7 +5454,22 @@ interactions:
to enable Azure AD authentication. Azure AD authentication enables simplified
permission management and centralized identity management of database users
and other Microsoft services","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/administrators"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","type":"Microsoft.Authorization/policyDefinitions","name":"1f314764-cb73-4fc9-b863-8eca98ac36e9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/administrators"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","type":"Microsoft.Authorization/policyDefinitions","name":"1f314764-cb73-4fc9-b863-8eca98ac36e9"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Event Hub to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Event Hub to stream to a regional Log Analytics
+ workspace when any Event Hub which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.EventHub/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ArchiveLogs","enabled":true,"retentionPolicy":{"enabled":false,"days":0}},{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"AutoScaleLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"KafkaCoordinatorLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"EventHubVNetConnectionEvent","enabled":"[parameters(''logsEnabled'')]"},{"category":"CustomerManagedKeyUserLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579","type":"Microsoft.Authorization/policyDefinitions","name":"1f6e93e8-6b31-41b1-83f6-36e449a42579"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Shutdown''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4165,24 +5494,47 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Shutdown:
Allow system to be shut down without having to log on;ExpectedValue","value":"[parameters(''ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn'')]"},{"name":"Shutdown:
Clear virtual memory pagefile;ExpectedValue","value":"[parameters(''ShutdownClearVirtualMemoryPagefile'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f8c20ce-3414-4496-8b26-0e902a1541da","type":"Microsoft.Authorization/policyDefinitions","name":"1f8c20ce-3414-4496-8b26-0e902a1541da"},{"properties":{"displayName":"The
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f8c20ce-3414-4496-8b26-0e902a1541da","type":"Microsoft.Authorization/policyDefinitions","name":"1f8c20ce-3414-4496-8b26-0e902a1541da"},{"properties":{"displayName":"Microsoft
+ Managed Control 1616 - System And Communications Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1616"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2006457a-48b3-4f7b-8d2e-1532287f9929","type":"Microsoft.Authorization/policyDefinitions","name":"2006457a-48b3-4f7b-8d2e-1532287f9929"},{"properties":{"displayName":"Microsoft
+ Managed Control 1650 - Public Key Infrastructure Certificates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1650"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/201d3740-bd16-4baf-b4b8-7cda352228b7","type":"Microsoft.Authorization/policyDefinitions","name":"201d3740-bd16-4baf-b4b8-7cda352228b7"},{"properties":{"displayName":"The
NSGs rules for web applications on IaaS should be hardened","policyType":"BuiltIn","mode":"All","description":"Azure
security center has discovered that some of your virtual machines are running
web applications, and the NSGs associated to these virtual machines are overly
permissive with regards to the web application ports","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedWebApplication","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","type":"Microsoft.Authorization/policyDefinitions","name":"201ea587-7c90-41c3-910f-c280ae01cfd6"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedWebApplication","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","type":"Microsoft.Authorization/policyDefinitions","name":"201ea587-7c90-41c3-910f-c280ae01cfd6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1181 - Baseline Configuration | Retention Of Previous Configurations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1181"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21839937-d241-4fa5-95c6-b669253d9ab9","type":"Microsoft.Authorization/policyDefinitions","name":"21839937-d241-4fa5-95c6-b669253d9ab9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1111 - Response To Audit Processing Failures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1111"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21de687c-f15e-4e51-bf8d-f35c8619965b","type":"Microsoft.Authorization/policyDefinitions","name":"21de687c-f15e-4e51-bf8d-f35c8619965b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1596 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1596"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21e25e01-0ae0-41be-919e-04ce92b8e8b8","type":"Microsoft.Authorization/policyDefinitions","name":"21e25e01-0ae0-41be-919e-04ce92b8e8b8"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Audit''","policyType":"BuiltIn","mode":"All","description":"This policy should
only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Security
Options - Audit''. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAudit","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21e2995e-683e-497a-9e81-2f42ad07050a","type":"Microsoft.Authorization/policyDefinitions","name":"21e2995e-683e-497a-9e81-2f42ad07050a"},{"properties":{"displayName":"[Deprecated]:
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAudit","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21e2995e-683e-497a-9e81-2f42ad07050a","type":"Microsoft.Authorization/policyDefinitions","name":"21e2995e-683e-497a-9e81-2f42ad07050a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1426 - Media Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1426"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21f639bc-f42b-46b1-8f40-7a2a389c291a","type":"Microsoft.Authorization/policyDefinitions","name":"21f639bc-f42b-46b1-8f40-7a2a389c291a"},{"properties":{"displayName":"[Deprecated]:
Audit API Apps that are not using custom domains","policyType":"BuiltIn","mode":"All","description":"Use
of custom domains protects a API app from common attacks such as phishing
and other DNS-related attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac","type":"Microsoft.Authorization/policyDefinitions","name":"224da9fe-0d38-4e79-adb3-0a6e2af942ac"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac","type":"Microsoft.Authorization/policyDefinitions","name":"224da9fe-0d38-4e79-adb3-0a6e2af942ac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1399 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1399"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2256e638-eb23-480f-9e15-6cf1af0a76b3","type":"Microsoft.Authorization/policyDefinitions","name":"2256e638-eb23-480f-9e15-6cf1af0a76b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1221 - Least Functionality | Authorized Software / Whitelisting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1221"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22589a07-0007-486a-86ca-95355081ae2a","type":"Microsoft.Authorization/policyDefinitions","name":"22589a07-0007-486a-86ca-95355081ae2a"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Account Management''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -4195,7 +5547,9 @@ interactions:
remote management ports are exposing your VM to a high level of risk from
Internet-based attacks. These attacks attempt to brute force credentials to
gain admin access to the machine.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"restrictAccessToManagementPorts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","type":"Microsoft.Authorization/policyDefinitions","name":"22730e10-96f6-4aac-ad84-9383d35b5917"},{"properties":{"displayName":"Only
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"restrictAccessToManagementPorts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","type":"Microsoft.Authorization/policyDefinitions","name":"22730e10-96f6-4aac-ad84-9383d35b5917"},{"properties":{"displayName":"Microsoft
+ Managed Control 1493 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1493"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22b469b3-fccf-42da-aa3b-a28e6fb113ce","type":"Microsoft.Authorization/policyDefinitions","name":"22b469b3-fccf-42da-aa3b-a28e6fb113ce"},{"properties":{"displayName":"Only
secure connections to your Redis Cache should be enabled","policyType":"BuiltIn","mode":"All","description":"Audit
enabling of only connections via SSL to Redis Cache. Use of secure connections
ensures authentication between the server and the service and protects data
@@ -4210,33 +5564,99 @@ interactions:
Guest Configuration. This policy should only be used along with its corresponding
audit policy in an initiative. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordLength"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","type":"Microsoft.Authorization/policyDefinitions","name":"23020aa6-1135-4be2-bae2-149982b06eca"},{"properties":{"displayName":"[Preview]:
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordLength"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","type":"Microsoft.Authorization/policyDefinitions","name":"23020aa6-1135-4be2-bae2-149982b06eca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1256 - Contingency Plan | Identify Critical Assets","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1256"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/232ab24b-810b-4640-9019-74a7d0d6a980","type":"Microsoft.Authorization/policyDefinitions","name":"232ab24b-810b-4640-9019-74a7d0d6a980"},{"properties":{"displayName":"Service
+ Bus should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Service Bus not configured to use a virtual network service
+ endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.ServiceBus/namespaces/virtualNetworkRules","existenceCondition":{"field":"Microsoft.ServiceBus/namespaces/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/235359c5-7c52-4b82-9055-01c75cf9f60e","type":"Microsoft.Authorization/policyDefinitions","name":"235359c5-7c52-4b82-9055-01c75cf9f60e"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Stream Analytics to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Stream Analytics to stream to a regional Log Analytics
+ workspace when any Stream Analytics which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingjobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.StreamAnalytics/streamingjobs/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Execution","enabled":"[parameters(''logsEnabled'')]"},{"category":"Authoring","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673","type":"Microsoft.Authorization/policyDefinitions","name":"237e0f7e-b0e8-4ec4-ad46-8c12cb66d673"},{"properties":{"displayName":"Microsoft
+ Managed Control 1268 - Alternate Storage Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1268"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/23f6e984-3053-4dfc-ab48-543b764781f5","type":"Microsoft.Authorization/policyDefinitions","name":"23f6e984-3053-4dfc-ab48-543b764781f5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1122 - Audit Review, Analysis, And Reporting | Permitted Actions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1122"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/243ec95e-800c-49d4-ba52-1fdd9f6b8b57","type":"Microsoft.Authorization/policyDefinitions","name":"243ec95e-800c-49d4-ba52-1fdd9f6b8b57"},{"properties":{"displayName":"Microsoft
+ Managed Control 1231 - Configuration Management Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1231"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/244e0c05-cc45-4fe7-bf36-42dcf01f457d","type":"Microsoft.Authorization/policyDefinitions","name":"244e0c05-cc45-4fe7-bf36-42dcf01f457d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1082 - Information Sharing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1082"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/24d480ef-11a0-4b1b-8e70-4e023bf2be23","type":"Microsoft.Authorization/policyDefinitions","name":"24d480ef-11a0-4b1b-8e70-4e023bf2be23"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that do not have a maximum password age
of 70 days","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that do not have a maximum password age of 70 days. For more
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","type":"Microsoft.Authorization/policyDefinitions","name":"24dde96d-f0b1-425e-884f-4a1421e2dcdc"},{"properties":{"displayName":"Endpoint
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","type":"Microsoft.Authorization/policyDefinitions","name":"24dde96d-f0b1-425e-884f-4a1421e2dcdc"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Data Lake Storage Gen1 to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Storage Gen1 to stream to a regional
+ Log Analytics workspace when any Data Lake Storage Gen1 which is missing this
+ diagnostic settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeStore/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/25763a0a-5783-4f14-969e-79d4933eb74b","type":"Microsoft.Authorization/policyDefinitions","name":"25763a0a-5783-4f14-969e-79d4933eb74b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1372 - Incident Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1372"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/25b96717-c912-4c00-9143-4e487f411726","type":"Microsoft.Authorization/policyDefinitions","name":"25b96717-c912-4c00-9143-4e487f411726"},{"properties":{"displayName":"Microsoft
+ Managed Control 1038 - Least Privilege | Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1038"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26692e88-71b7-4a5f-a8ac-9f31dd05bd8e","type":"Microsoft.Authorization/policyDefinitions","name":"26692e88-71b7-4a5f-a8ac-9f31dd05bd8e"},{"properties":{"displayName":"Endpoint
protection solution should be installed on virtual machine scale sets","policyType":"BuiltIn","mode":"Indexed","description":"Audit
the existence and health of an endpoint protection solution on your virtual
machines scale sets, to protect them from threats and vulnerabilities.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EndpointProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","type":"Microsoft.Authorization/policyDefinitions","name":"26a828e1-e88f-464e-bbb3-c134a282b9de"},{"properties":{"displayName":"Metric
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EndpointProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","type":"Microsoft.Authorization/policyDefinitions","name":"26a828e1-e88f-464e-bbb3-c134a282b9de"},{"properties":{"displayName":"Microsoft
+ Managed Control 1649 - Collaborative Computing Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1649"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26d292cc-b0b8-4c29-9337-68abc758bf7b","type":"Microsoft.Authorization/policyDefinitions","name":"26d292cc-b0b8-4c29-9337-68abc758bf7b"},{"properties":{"displayName":"Metric
alert rules should be configured on Batch accounts","policyType":"BuiltIn","mode":"Indexed","description":"Audit
configuration of metric alert rules on Batch account to enable the required
metric","metadata":{"category":"Batch"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"metricName":{"type":"String","metadata":{"displayName":"Metric
name","description":"The metric name that an alert rule must be enabled on"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Batch/batchAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/alertRules","existenceScope":"Subscription","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/alertRules/isEnabled","equals":"true"},{"field":"Microsoft.Insights/alertRules/condition.dataSource.metricName","equals":"[parameters(''metricName'')]"},{"field":"Microsoft.Insights/alertRules/condition.dataSource.resourceUri","equals":"[concat(''/subscriptions/'',
subscription().subscriptionId, ''/resourcegroups/'', resourceGroup().name,
- ''/providers/Microsoft.Batch/batchAccounts/'', field(''name''))]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","type":"Microsoft.Authorization/policyDefinitions","name":"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7"},{"properties":{"displayName":"Deploy
+ ''/providers/Microsoft.Batch/batchAccounts/'', field(''name''))]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","type":"Microsoft.Authorization/policyDefinitions","name":"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1396 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1396"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/276af98f-4ff9-4e69-99fb-c9b2452fb85f","type":"Microsoft.Authorization/policyDefinitions","name":"276af98f-4ff9-4e69-99fb-c9b2452fb85f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1074 - Access Control For Mobile Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1074"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/27a69937-af92-4198-9b86-08d355c7e59a","type":"Microsoft.Authorization/policyDefinitions","name":"27a69937-af92-4198-9b86-08d355c7e59a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1527 - Access Agreements","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1527"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2823de66-332f-4bfd-94a3-3eb036cd3b67","type":"Microsoft.Authorization/policyDefinitions","name":"2823de66-332f-4bfd-94a3-3eb036cd3b67"},{"properties":{"displayName":"Deploy
default Microsoft IaaSAntimalware extension for Windows Server","policyType":"BuiltIn","mode":"Indexed","description":"This
policy deploys a Microsoft IaaSAntimalware extension with a default configuration
when a VM is not configured with the antimalware extension.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk"]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"ExclusionsPaths":{"type":"string","defaultValue":"","metadata":{"description":"Semicolon
@@ -4248,7 +5668,25 @@ interactions:
whether scheduled scan setting type is set to Quick or Full (default is Quick)"}},"ScheduledScanSettingsDay":{"type":"string","defaultValue":"7","metadata":{"description":"Day
of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)"}},"ScheduledScanSettingsTime":{"type":"string","defaultValue":"120","metadata":{"description":"When
to perform the scheduled scan, measured in minutes from midnight (0-1440).
- For example: 0 = 12AM, 60 = 1AM, 120 = 2AM."}}},"resources":[{"name":"[concat(parameters(''vmName''),''/IaaSAntimalware'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2017-12-01","properties":{"publisher":"Microsoft.Azure.Security","type":"IaaSAntimalware","typeHandlerVersion":"1.3","autoUpgradeMinorVersion":true,"settings":{"AntimalwareEnabled":true,"RealtimeProtectionEnabled":"[parameters(''RealtimeProtectionEnabled'')]","ScheduledScanSettings":{"isEnabled":"[parameters(''ScheduledScanSettingsIsEnabled'')]","day":"[parameters(''ScheduledScanSettingsDay'')]","time":"[parameters(''ScheduledScanSettingsTime'')]","scanType":"[parameters(''ScheduledScanSettingsScanType'')]"},"Exclusions":{"Extensions":"[parameters(''ExclusionsExtensions'')]","Paths":"[parameters(''ExclusionsPaths'')]","Processes":"[parameters(''ExclusionsProcesses'')]"}}}}]},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"RealtimeProtectionEnabled":{"value":"true"},"ScheduledScanSettingsIsEnabled":{"value":"true"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc","type":"Microsoft.Authorization/policyDefinitions","name":"2835b622-407b-4114-9198-6f7064cbe0dc"},{"properties":{"displayName":"[Preview]:
+ For example: 0 = 12AM, 60 = 1AM, 120 = 2AM."}}},"resources":[{"name":"[concat(parameters(''vmName''),''/IaaSAntimalware'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2017-12-01","properties":{"publisher":"Microsoft.Azure.Security","type":"IaaSAntimalware","typeHandlerVersion":"1.3","autoUpgradeMinorVersion":true,"settings":{"AntimalwareEnabled":true,"RealtimeProtectionEnabled":"[parameters(''RealtimeProtectionEnabled'')]","ScheduledScanSettings":{"isEnabled":"[parameters(''ScheduledScanSettingsIsEnabled'')]","day":"[parameters(''ScheduledScanSettingsDay'')]","time":"[parameters(''ScheduledScanSettingsTime'')]","scanType":"[parameters(''ScheduledScanSettingsScanType'')]"},"Exclusions":{"Extensions":"[parameters(''ExclusionsExtensions'')]","Paths":"[parameters(''ExclusionsPaths'')]","Processes":"[parameters(''ExclusionsProcesses'')]"}}}}]},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"RealtimeProtectionEnabled":{"value":"true"},"ScheduledScanSettingsIsEnabled":{"value":"true"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc","type":"Microsoft.Authorization/policyDefinitions","name":"2835b622-407b-4114-9198-6f7064cbe0dc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1342 - Authenticator Management | Hardware Token-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1342"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/283a4e29-69d5-4c94-b99e-29acf003c899","type":"Microsoft.Authorization/policyDefinitions","name":"283a4e29-69d5-4c94-b99e-29acf003c899"},{"properties":{"displayName":"Microsoft
+ Managed Control 1436 - Media Transport","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1436"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/28aab8b4-74fd-4b7c-9080-5a7be525d574","type":"Microsoft.Authorization/policyDefinitions","name":"28aab8b4-74fd-4b7c-9080-5a7be525d574"},{"properties":{"displayName":"Microsoft
+ Managed Control 1224 - Information System Component Inventory | Updates During
+ Installations / Removals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1224"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/28cfa30b-7f72-47ce-ba3b-eed26c8d2c82","type":"Microsoft.Authorization/policyDefinitions","name":"28cfa30b-7f72-47ce-ba3b-eed26c8d2c82"},{"properties":{"displayName":"Microsoft
+ Managed Control 1148 - Security Assessments | Independent Assessors","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1148"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/28e62650-c7c2-4786-bdfa-17edc1673902","type":"Microsoft.Authorization/policyDefinitions","name":"28e62650-c7c2-4786-bdfa-17edc1673902"},{"properties":{"displayName":"Microsoft
+ Managed Control 1418 - Nonlocal Maintenance | Comparable Security / Sanitization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1418"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/28e633fd-284e-4ea7-88b4-02ca157ed713","type":"Microsoft.Authorization/policyDefinitions","name":"28e633fd-284e-4ea7-88b4-02ca157ed713"},{"properties":{"displayName":"Microsoft
+ Managed Control 1634 - Boundary Protection | Prevent Unauthorized Exfiltration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1634"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/292a7c44-37fa-4c68-af7c-9d836955ded2","type":"Microsoft.Authorization/policyDefinitions","name":"292a7c44-37fa-4c68-af7c-9d836955ded2"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
User Account Control''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -4261,14 +5699,62 @@ interactions:
the specified tag and value when any resource which is missing this tag is
created or updated. Does not modify the tags of resources created before this
policy was applied until those resources are changed. Does not apply to resource
- groups.","metadata":{"category":"General"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ groups. New ''modify'' effect policies are available that support remediation
+ of tags on existing resources (see https://aka.ms/modifydoc).","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"field":"[concat(''tags['',
parameters(''tagName''), '']'')]","exists":"false"},"then":{"effect":"append","details":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498","type":"Microsoft.Authorization/policyDefinitions","name":"2a0e14a6-b0a6-4fab-991a-187a4f81c498"},{"properties":{"displayName":"Unattached
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498","type":"Microsoft.Authorization/policyDefinitions","name":"2a0e14a6-b0a6-4fab-991a-187a4f81c498"},{"properties":{"displayName":"Microsoft
+ Managed Control 1219 - Least Functionality | Authorized Software / Whitelisting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1219"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2a39ac75-622b-4c88-9a3f-45b7373f7ef7","type":"Microsoft.Authorization/policyDefinitions","name":"2a39ac75-622b-4c88-9a3f-45b7373f7ef7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1274 - Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1274"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2aee175f-cd16-4825-939a-a85349d96210","type":"Microsoft.Authorization/policyDefinitions","name":"2aee175f-cd16-4825-939a-a85349d96210"},{"properties":{"displayName":"Microsoft
+ Managed Control 1603 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1603"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2b909c26-162f-47ce-8e15-0c1f55632eac","type":"Microsoft.Authorization/policyDefinitions","name":"2b909c26-162f-47ce-8e15-0c1f55632eac"},{"properties":{"displayName":"Managed
+ identity should be used in your Web App","policyType":"BuiltIn","mode":"Indexed","description":"Use
+ a managed identity for enhanced authentication security","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332","type":"Microsoft.Authorization/policyDefinitions","name":"2b9ad585-36bc-4615-b300-fd4435808332"},{"properties":{"displayName":"Microsoft
+ Managed Control 1434 - Media Transport","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1434"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c18f06b-a68d-41c3-8863-b8cd3acb5f8f","type":"Microsoft.Authorization/policyDefinitions","name":"2c18f06b-a68d-41c3-8863-b8cd3acb5f8f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1343 - Authenticator Management | Expiration Of Cached Authenticators","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1343"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c251a55-31eb-4e53-99c6-e9c43c393ac2","type":"Microsoft.Authorization/policyDefinitions","name":"2c251a55-31eb-4e53-99c6-e9c43c393ac2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1388 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1388"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c7c575a-d4c5-4f6f-bd49-dee97a8cba55","type":"Microsoft.Authorization/policyDefinitions","name":"2c7c575a-d4c5-4f6f-bd49-dee97a8cba55"},{"properties":{"displayName":"Microsoft
+ Managed Control 1344 - Authenticator Feedback","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1344"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c895fe7-2d8e-43a2-838c-3a533a5b355e","type":"Microsoft.Authorization/policyDefinitions","name":"2c895fe7-2d8e-43a2-838c-3a533a5b355e"},{"properties":{"displayName":"Unattached
disks should be encrypted","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any unattached disk without encryption enabled.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/disks"},{"field":"Microsoft.Compute/disks/diskState","equals":"Unattached"},{"anyOf":[{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","exists":"false"},{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","type":"Microsoft.Authorization/policyDefinitions","name":"2c89a2e5-7285-40fe-afe0-ae8654b92fb2"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/disks"},{"field":"Microsoft.Compute/disks/diskState","equals":"Unattached"},{"anyOf":[{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","exists":"false"},{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","type":"Microsoft.Authorization/policyDefinitions","name":"2c89a2e5-7285-40fe-afe0-ae8654b92fb2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1593 - External Information System Services | Processing,
+ Storage, And Service Location","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1593"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2cd0a426-b5f5-4fe0-9539-a6043cdbc6fa","type":"Microsoft.Authorization/policyDefinitions","name":"2cd0a426-b5f5-4fe0-9539-a6043cdbc6fa"},{"properties":{"displayName":"Microsoft
+ Managed Control 1546 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1546"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2ce1ea7e-4038-4e53-82f4-63e8859333c1","type":"Microsoft.Authorization/policyDefinitions","name":"2ce1ea7e-4038-4e53-82f4-63e8859333c1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1414 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1414"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2ce63a52-e47b-4ae2-adbb-6e40d967f9e6","type":"Microsoft.Authorization/policyDefinitions","name":"2ce63a52-e47b-4ae2-adbb-6e40d967f9e6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1679 - Malicious Code Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1679"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2cf42a28-193e-41c5-98df-7688e7ef0a88","type":"Microsoft.Authorization/policyDefinitions","name":"2cf42a28-193e-41c5-98df-7688e7ef0a88"},{"properties":{"displayName":"Microsoft
+ Managed Control 1068 - Wireless Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1068"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d045bca-a0fd-452e-9f41-4ec33769717c","type":"Microsoft.Authorization/policyDefinitions","name":"2d045bca-a0fd-452e-9f41-4ec33769717c"},{"properties":{"displayName":"App
+ Service should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any App Service not configured to use a virtual network service
+ endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/virtualNetworkConnections","existenceCondition":{"field":"Microsoft.Web/sites/virtualnetworkconnections/vnetResourceId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d21331d-a4c2-4def-a9ad-ee4e1e023beb","type":"Microsoft.Authorization/policyDefinitions","name":"2d21331d-a4c2-4def-a9ad-ee4e1e023beb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1704 - Security Alerts, Advisories, And Directives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1704"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d44b6fa-1134-4ea6-ad4e-9edb68f65429","type":"Microsoft.Authorization/policyDefinitions","name":"2d44b6fa-1134-4ea6-ad4e-9edb68f65429"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that do not store passwords using reversible
encryption","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
@@ -4282,7 +5768,35 @@ interactions:
initiative. This definition allows Azure Policy to process the results of
auditing Linux virtual machines that allow remote connections from accounts
without passwords. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","type":"Microsoft.Authorization/policyDefinitions","name":"2d67222d-05fd-4526-a171-2ee132ad9e83"},{"properties":{"displayName":"[Deprecated]:
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","type":"Microsoft.Authorization/policyDefinitions","name":"2d67222d-05fd-4526-a171-2ee132ad9e83"},{"properties":{"displayName":"Microsoft
+ Managed Control 1077 - Use Of External Information Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1077"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2dad3668-797a-412e-a798-07d3849a7a79","type":"Microsoft.Authorization/policyDefinitions","name":"2dad3668-797a-412e-a798-07d3849a7a79"},{"properties":{"displayName":"Microsoft
+ Managed Control 1149 - Security Assessments | Specialized Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1149"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2e1b855b-a013-481a-aeeb-2bcb129fd35d","type":"Microsoft.Authorization/policyDefinitions","name":"2e1b855b-a013-481a-aeeb-2bcb129fd35d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1497 - System Security Plan | Plan / Coordinate With Other
+ Organizational Entities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1497"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2e3c5583-1729-4d36-8771-59c32f090a22","type":"Microsoft.Authorization/policyDefinitions","name":"2e3c5583-1729-4d36-8771-59c32f090a22"},{"properties":{"displayName":"Microsoft
+ Managed Control 1000 - Access Control Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1000"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2ef3cc79-733e-48ed-ab6f-7bf439e9b406","type":"Microsoft.Authorization/policyDefinitions","name":"2ef3cc79-733e-48ed-ab6f-7bf439e9b406"},{"properties":{"displayName":"Microsoft
+ Managed Control 1519 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1519"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2f13915a-324c-4ab8-b45c-2eefeeefb098","type":"Microsoft.Authorization/policyDefinitions","name":"2f13915a-324c-4ab8-b45c-2eefeeefb098"},{"properties":{"displayName":"[Preview]:
+ Network traffic data collection agent should be installed on Windows virtual
+ machines","policyType":"BuiltIn","mode":"Indexed","description":"Security
+ Center uses the Microsoft Monitoring Dependency Agent to collect network traffic
+ data from your Azure virtual machines to enable advanced network protection
+ features such as traffic visualization on the network map, network hardening
+ recommendations and specific network threats.","metadata":{"category":"Monitoring","preview":"true"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable Dependency Agent for Windows VMs monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2f2ee1de-44aa-4762-b6bd-0893fc3f306d","type":"Microsoft.Authorization/policyDefinitions","name":"2f2ee1de-44aa-4762-b6bd-0893fc3f306d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1144 - Security Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1144"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fa15ff1-a693-4ee4-b094-324818dc9a51","type":"Microsoft.Authorization/policyDefinitions","name":"2fa15ff1-a693-4ee4-b094-324818dc9a51"},{"properties":{"displayName":"Microsoft
+ Managed Control 1090 - Security Awareness Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1090"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fb740e5-cbc7-4d10-8686-d1bf826652b1","type":"Microsoft.Authorization/policyDefinitions","name":"2fb740e5-cbc7-4d10-8686-d1bf826652b1"},{"properties":{"displayName":"[Deprecated]:
Web Application should only be accessible over HTTPS","policyType":"BuiltIn","mode":"All","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"Security
@@ -4305,14 +5819,21 @@ interactions:
https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"DomainName":{"type":"String","metadata":{"displayName":"Domain
Name (FQDN)","description":"The fully qualified domain name (FQDN) that the
Windows VMs should be joined to"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDomainMembership","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[DomainMembership]WindowsDomainMembership;DomainName'',
- ''='', parameters(''DomainName'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDomainMembership"},"DomainName":{"value":"[parameters(''DomainName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"DomainName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[DomainMembership]WindowsDomainMembership;DomainName","value":"[parameters(''DomainName'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[DomainMembership]WindowsDomainMembership;DomainName","value":"[parameters(''DomainName'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/315c850a-272d-4502-8935-b79010405970","type":"Microsoft.Authorization/policyDefinitions","name":"315c850a-272d-4502-8935-b79010405970"},{"properties":{"displayName":"[Preview]:
+ ''='', parameters(''DomainName'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDomainMembership"},"DomainName":{"value":"[parameters(''DomainName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"DomainName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[DomainMembership]WindowsDomainMembership;DomainName","value":"[parameters(''DomainName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[DomainMembership]WindowsDomainMembership;DomainName","value":"[parameters(''DomainName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/315c850a-272d-4502-8935-b79010405970","type":"Microsoft.Authorization/policyDefinitions","name":"315c850a-272d-4502-8935-b79010405970"},{"properties":{"displayName":"Microsoft
+ Managed Control 1042 - Least Privilege | Auditing Use Of Privileged Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1042"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/319dc4f0-0fed-4ac9-8fc3-7aeddee82c07","type":"Microsoft.Authorization/policyDefinitions","name":"319dc4f0-0fed-4ac9-8fc3-7aeddee82c07"},{"properties":{"displayName":"Microsoft
+ Managed Control 1698 - Information System Monitoring | Individuals Posing
+ Greater Risk","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1698"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/31b752c1-05a9-432a-8fce-c39b56550119","type":"Microsoft.Authorization/policyDefinitions","name":"31b752c1-05a9-432a-8fce-c39b56550119"},{"properties":{"displayName":"[Preview]:
Audit Log Analytics Agent Deployment - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports
VMs as non-compliant if the VM Image (OS) is not in the list defined and the
agent is not installed. The list of OS images will be updated over time as
@@ -4320,7 +5841,13 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","type":"Microsoft.Authorization/policyDefinitions","name":"32133ab0-ee4b-4b44-98d6-042180979d50"},{"properties":{"displayName":"Deploy
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","type":"Microsoft.Authorization/policyDefinitions","name":"32133ab0-ee4b-4b44-98d6-042180979d50"},{"properties":{"displayName":"Microsoft
+ Managed Control 1587 - External Information System Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1587"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32820956-9c6d-4376-934c-05cd8525be7c","type":"Microsoft.Authorization/policyDefinitions","name":"32820956-9c6d-4376-934c-05cd8525be7c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1333 - Authenticator Management | Pki-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1333"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3298d6bf-4bc6-4278-a95d-f7ef3ac6e594","type":"Microsoft.Authorization/policyDefinitions","name":"3298d6bf-4bc6-4278-a95d-f7ef3ac6e594"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs on which the specified services are not
installed and ''Running''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4332,42 +5859,66 @@ interactions:
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"ServiceName":{"type":"String","metadata":{"displayName":"Service
names (supports wildcards)","description":"A semicolon-separated list of the
names of the services that should be installed and ''Running''. e.g. ''WinRm;Wi*''"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsServiceStatus","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[WindowsServiceStatus]WindowsServiceStatus1;ServiceName'',
- ''='', parameters(''ServiceName'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsServiceStatus"},"ServiceName":{"value":"[parameters(''ServiceName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ServiceName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsServiceStatus]WindowsServiceStatus1;ServiceName","value":"[parameters(''ServiceName'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsServiceStatus]WindowsServiceStatus1;ServiceName","value":"[parameters(''ServiceName'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32b1e4d4-6cd5-47b4-a935-169da8a5c262","type":"Microsoft.Authorization/policyDefinitions","name":"32b1e4d4-6cd5-47b4-a935-169da8a5c262"},{"properties":{"displayName":"[Preview]:
+ ''='', parameters(''ServiceName'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsServiceStatus"},"ServiceName":{"value":"[parameters(''ServiceName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ServiceName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsServiceStatus]WindowsServiceStatus1;ServiceName","value":"[parameters(''ServiceName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsServiceStatus]WindowsServiceStatus1;ServiceName","value":"[parameters(''ServiceName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32b1e4d4-6cd5-47b4-a935-169da8a5c262","type":"Microsoft.Authorization/policyDefinitions","name":"32b1e4d4-6cd5-47b4-a935-169da8a5c262"},{"properties":{"displayName":"Microsoft
+ Managed Control 1445 - Physical And Environmental Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1445"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32d07d59-2716-4972-b37b-214a67ac4a37","type":"Microsoft.Authorization/policyDefinitions","name":"32d07d59-2716-4972-b37b-214a67ac4a37"},{"properties":{"displayName":"Microsoft
+ Managed Control 1282 - Telecommunications Services | Single Points Of Failure","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1282"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34042a97-ec6d-4263-93d2-8c1c46823b2a","type":"Microsoft.Authorization/policyDefinitions","name":"34042a97-ec6d-4263-93d2-8c1c46823b2a"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Linux VMs that have accounts without passwords","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Linux virtual machines
that have accounts without passwords. It also creates a system-assigned managed
identity and deploys the VM extension for Guest Configuration. This policy
should only be used along with its corresponding audit policy in an initiative.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid232","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid232"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","type":"Microsoft.Authorization/policyDefinitions","name":"3470477a-b35a-49db-aca5-1073d04524fe"},{"properties":{"displayName":"Audit
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid232","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid232"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","type":"Microsoft.Authorization/policyDefinitions","name":"3470477a-b35a-49db-aca5-1073d04524fe"},{"properties":{"displayName":"Microsoft
+ Managed Control 1151 - System Interconnections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1151"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/347e3b69-7fb7-47df-a8ef-71a1a7b44bca","type":"Microsoft.Authorization/policyDefinitions","name":"347e3b69-7fb7-47df-a8ef-71a1a7b44bca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1412 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1412"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3492d949-0dbb-4589-88b3-7b59601cc764","type":"Microsoft.Authorization/policyDefinitions","name":"3492d949-0dbb-4589-88b3-7b59601cc764"},{"properties":{"displayName":"Microsoft
+ Managed Control 1475 - Emergency Lighting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1475"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34a63848-30cf-4081-937e-ce1a1c885501","type":"Microsoft.Authorization/policyDefinitions","name":"34a63848-30cf-4081-937e-ce1a1c885501"},{"properties":{"displayName":"Microsoft
+ Managed Control 1060 - Remote Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1060"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34a987fd-2003-45de-a120-014956581f2b","type":"Microsoft.Authorization/policyDefinitions","name":"34a987fd-2003-45de-a120-014956581f2b"},{"properties":{"displayName":"Audit
unrestricted network access to storage accounts","policyType":"BuiltIn","mode":"Indexed","description":"Audit
unrestricted network access in your storage account firewall settings. Instead,
configure network rules so only applications from allowed networks can access
the storage account. To allow connections from specific internet or on-premise
clients, access can be granted to traffic from specific Azure virtual networks
or to public internet IP address ranges","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.defaultAction","equals":"Allow"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","type":"Microsoft.Authorization/policyDefinitions","name":"34c877ad-507e-4c82-993e-3452a6e0ad3c"},{"properties":{"displayName":"Diagnostic
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.defaultAction","equals":"Allow"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","type":"Microsoft.Authorization/policyDefinitions","name":"34c877ad-507e-4c82-993e-3452a6e0ad3c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1341 - Authenticator Management | Multiple Information System
+ Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1341"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34cb7e92-fe4c-4826-b51e-8cd203fa5d35","type":"Microsoft.Authorization/policyDefinitions","name":"34cb7e92-fe4c-4826-b51e-8cd203fa5d35"},{"properties":{"displayName":"Diagnostic
logs in Logic Apps should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Logic Apps"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","type":"Microsoft.Authorization/policyDefinitions","name":"34f95f76-5386-4de7-b824-0d8478470c9d"},{"properties":{"displayName":"[Preview]:
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","type":"Microsoft.Authorization/policyDefinitions","name":"34f95f76-5386-4de7-b824-0d8478470c9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1210 - Configuration Settings","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1210"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3502c968-c490-4570-8167-1476f955e9b8","type":"Microsoft.Authorization/policyDefinitions","name":"3502c968-c490-4570-8167-1476f955e9b8"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not have a maximum password
age of 70 days","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4375,31 +5926,51 @@ interactions:
managed identity and deploys the VM extension for Guest Configuration. This
policy should only be used along with its corresponding audit policy in an
initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MaximumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MaximumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","type":"Microsoft.Authorization/policyDefinitions","name":"356a906e-05e5-4625-8729-90771e0ee934"},{"properties":{"displayName":"CORS
should not allow every resource to access your API App","policyType":"BuiltIn","mode":"Indexed","description":"Cross-Origin
Resource Sharing (CORS) should not allow all domains to access your API app.
Allow only required domains to interact with your API app.","metadata":{"category":"App
Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","type":"Microsoft.Authorization/policyDefinitions","name":"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac"},{"properties":{"displayName":"Gateway
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","type":"Microsoft.Authorization/policyDefinitions","name":"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1659 - Architecture And Provisioning For Name / Address Resolution
+ Service","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1659"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/35a4102f-a778-4a2e-98c2-971056288df8","type":"Microsoft.Authorization/policyDefinitions","name":"35a4102f-a778-4a2e-98c2-971056288df8"},{"properties":{"displayName":"Gateway
subnets should not be configured with a network security group","policyType":"BuiltIn","mode":"All","description":"This
policy denies if a gateway subnet is configured with a network security group.
Assigning a network security group to a gateway subnet will cause the gateway
- to stop functioning.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},{"field":"name","equals":"GatewaySubnet"},{"field":"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id","exists":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010","type":"Microsoft.Authorization/policyDefinitions","name":"35f9c03a-cc27-418e-9c0c-539ff999d010"},{"properties":{"displayName":"Deploy
+ to stop functioning.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},{"field":"name","equals":"GatewaySubnet"},{"field":"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id","exists":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010","type":"Microsoft.Authorization/policyDefinitions","name":"35f9c03a-cc27-418e-9c0c-539ff999d010"},{"properties":{"displayName":"Microsoft
+ Managed Control 1043 - Least Privilege | Prohibit Non-Privileged Users From
+ Executing Privileged Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1043"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/361a77f6-0f9c-4748-8eec-bc13aaaa2455","type":"Microsoft.Authorization/policyDefinitions","name":"361a77f6-0f9c-4748-8eec-bc13aaaa2455"},{"properties":{"displayName":"Deploy
Advanced Threat Protection on Storage Accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
policy enables Advanced Threat Protection on Storage Accounts.","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Storage/storageAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"storageAccountName":{"type":"string"}},"resources":[{"apiVersion":"2017-08-01-preview","type":"Microsoft.Storage/storageAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''storageAccountName''),
- ''/Microsoft.Security/current'')]","properties":{"isEnabled":true}}]},"parameters":{"storageAccountName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c","type":"Microsoft.Authorization/policyDefinitions","name":"361c2074-3595-4e5d-8cab-4f21dffc835c"},{"properties":{"displayName":"Automation
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Storage/storageAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"storageAccountName":{"type":"string"}},"resources":[{"apiVersion":"2019-01-01","type":"Microsoft.Storage/storageAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''storageAccountName''),
+ ''/Microsoft.Security/current'')]","properties":{"isEnabled":true}}]},"parameters":{"storageAccountName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c","type":"Microsoft.Authorization/policyDefinitions","name":"361c2074-3595-4e5d-8cab-4f21dffc835c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1313 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1313"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36220f5b-79a1-4cdb-8c74-2d2449f9a510","type":"Microsoft.Authorization/policyDefinitions","name":"36220f5b-79a1-4cdb-8c74-2d2449f9a510"},{"properties":{"displayName":"Microsoft
+ Managed Control 1630 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1630"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3643717a-3897-4bfd-8530-c7c96b26b2a0","type":"Microsoft.Authorization/policyDefinitions","name":"3643717a-3897-4bfd-8530-c7c96b26b2a0"},{"properties":{"displayName":"Automation
account variables should be encrypted","policyType":"BuiltIn","mode":"All","description":"It
is important to enable encryption of Automation account variable assets when
storing sensitive data","metadata":{"category":"Automation"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Automation/automationAccounts/variables"},{"field":"Microsoft.Automation/automationAccounts/variables/isEncrypted","notEquals":"true"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","type":"Microsoft.Authorization/policyDefinitions","name":"3657f5a0-770e-44a3-b44e-9431ba1e9735"},{"properties":{"displayName":"Deploy
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Automation/automationAccounts/variables"},{"field":"Microsoft.Automation/automationAccounts/variables/isEncrypted","notEquals":"true"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","type":"Microsoft.Authorization/policyDefinitions","name":"3657f5a0-770e-44a3-b44e-9431ba1e9735"},{"properties":{"displayName":"Microsoft
+ Managed Control 1339 - Authenticator Management | Protection Of Authenticators","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1339"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/367ae386-db7f-4167-b672-984ff86277c0","type":"Microsoft.Authorization/policyDefinitions","name":"367ae386-db7f-4167-b672-984ff86277c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1685 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1685"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36b0ef30-366f-4b1b-8652-a3511df11f53","type":"Microsoft.Authorization/policyDefinitions","name":"36b0ef30-366f-4b1b-8652-a3511df11f53"},{"properties":{"displayName":"Deploy
Threat Detection on SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy ensures that Threat Detection is enabled on SQL Servers.","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/securityAlertPolicies.state","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"serverName":{"type":"string"}},"variables":{},"resources":[{"name":"[concat(parameters(''serverName''),
''/Default'')]","type":"Microsoft.Sql/servers/securityAlertPolicies","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","emailAccountAdmins":true}}]},"parameters":{"serverName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5","type":"Microsoft.Authorization/policyDefinitions","name":"36d49e87-48c4-4f2e-beed-ba4ed02b71f5"},{"properties":{"displayName":"[Preview]:
@@ -4448,7 +6019,10 @@ interactions:
clients;ExpectedValue","value":"[parameters(''NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients'')]"},{"name":"Network
security: Minimum session security for NTLM SSP based (including secure RPC)
servers;ExpectedValue","value":"[parameters(''NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36e17963-7202-494a-80c3-f508211c826b","type":"Microsoft.Authorization/policyDefinitions","name":"36e17963-7202-494a-80c3-f508211c826b"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36e17963-7202-494a-80c3-f508211c826b","type":"Microsoft.Authorization/policyDefinitions","name":"36e17963-7202-494a-80c3-f508211c826b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1557 - Vulnerability Scanning | Review Historic Audit Logs","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1557"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36fbe499-f2f2-41b6-880e-52d7ea1d94a5","type":"Microsoft.Authorization/policyDefinitions","name":"36fbe499-f2f2-41b6-880e-52d7ea1d94a5"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Interactive Logon''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4459,33 +6033,86 @@ interactions:
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsInteractiveLogon","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsInteractiveLogon"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3750712b-43d0-478e-9966-d2c26f6141b9","type":"Microsoft.Authorization/policyDefinitions","name":"3750712b-43d0-478e-9966-d2c26f6141b9"},{"properties":{"displayName":"Storage
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3750712b-43d0-478e-9966-d2c26f6141b9","type":"Microsoft.Authorization/policyDefinitions","name":"3750712b-43d0-478e-9966-d2c26f6141b9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1624 - Boundary Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1624"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37d079e3-d6aa-4263-a069-dd7ac6dd9684","type":"Microsoft.Authorization/policyDefinitions","name":"37d079e3-d6aa-4263-a069-dd7ac6dd9684"},{"properties":{"displayName":"Storage
accounts should be migrated to new Azure Resource Manager resources","policyType":"BuiltIn","mode":"All","description":"Use
new Azure Resource Manager for your storage accounts to provide security enhancements
such as: stronger access control (RBAC), better auditing, Azure Resource Manager
based deployment and governance, access to managed identities, access to key
vault for secrets, Azure AD-based authentication and support for tags and
resource groups for easier security management","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.classicStorage/storageAccounts"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","type":"Microsoft.Authorization/policyDefinitions","name":"37e0d2fe-28a5-43d6-a273-67d37d1f5606"},{"properties":{"displayName":"Diagnostic
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.ClassicStorage/storageAccounts","Microsoft.Storage/StorageAccounts"]},{"value":"[field(''type'')]","equals":"Microsoft.ClassicStorage/storageAccounts"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","type":"Microsoft.Authorization/policyDefinitions","name":"37e0d2fe-28a5-43d6-a273-67d37d1f5606"},{"properties":{"displayName":"Microsoft
+ Managed Control 1335 - Authenticator Management | Pki-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1335"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/382016f3-d4ba-4e15-9716-55077ec4dc2a","type":"Microsoft.Authorization/policyDefinitions","name":"382016f3-d4ba-4e15-9716-55077ec4dc2a"},{"properties":{"displayName":"Diagnostic
logs in IoT Hub should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Internet of Things"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Devices/IotHubs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","type":"Microsoft.Authorization/policyDefinitions","name":"383856f8-de7f-44a2-81fc-e5135b5c2aa4"},{"properties":{"displayName":"Advanced
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Devices/IotHubs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","type":"Microsoft.Authorization/policyDefinitions","name":"383856f8-de7f-44a2-81fc-e5135b5c2aa4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1081 - Information Sharing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1081"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3867f2a9-23bb-4729-851f-c3ad98580caf","type":"Microsoft.Authorization/policyDefinitions","name":"3867f2a9-23bb-4729-851f-c3ad98580caf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1522 - Personnel Transfer","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1522"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/38b470cc-f939-4a15-80e0-9f0c74f2e2c9","type":"Microsoft.Authorization/policyDefinitions","name":"38b470cc-f939-4a15-80e0-9f0c74f2e2c9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1416 - Nonlocal Maintenance | Document Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1416"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/38dfd8a3-5290-4099-88b7-4081f4c4d8ae","type":"Microsoft.Authorization/policyDefinitions","name":"38dfd8a3-5290-4099-88b7-4081f4c4d8ae"},{"properties":{"displayName":"Microsoft
+ Managed Control 1397 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1397"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/391af4ab-1117-46b9-b2c7-78bbd5cd995b","type":"Microsoft.Authorization/policyDefinitions","name":"391af4ab-1117-46b9-b2c7-78bbd5cd995b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1556 - Vulnerability Scanning | Automated Trend Analyses","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1556"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/391ff8b3-afed-405e-9f7d-ef2f8168d5da","type":"Microsoft.Authorization/policyDefinitions","name":"391ff8b3-afed-405e-9f7d-ef2f8168d5da"},{"properties":{"displayName":"Advanced
data security settings for SQL managed instance should contain an email address
to receive security alerts","policyType":"BuiltIn","mode":"Indexed","description":"Ensure
that an email address is provided for the ''Send alerts to'' field in the
Advanced Data Security server settings. This email address receives alert
notifications when anomalous activities are detected on SQL managed instances.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","notEquals":""},{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","type":"Microsoft.Authorization/policyDefinitions","name":"3965c43d-b5f4-482e-b74a-d89ee0e0b3a8"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","notEquals":""},{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","type":"Microsoft.Authorization/policyDefinitions","name":"3965c43d-b5f4-482e-b74a-d89ee0e0b3a8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1232 - Configuration Management Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1232"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/396ba986-eac1-4d6d-85c4-d3fda6b78272","type":"Microsoft.Authorization/policyDefinitions","name":"396ba986-eac1-4d6d-85c4-d3fda6b78272"},{"properties":{"displayName":"Microsoft
+ Managed Control 1246 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1246"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/398eb61e-8111-40d5-a0c9-003df28f1753","type":"Microsoft.Authorization/policyDefinitions","name":"398eb61e-8111-40d5-a0c9-003df28f1753"},{"properties":{"displayName":"FTPS
+ only should be required in your Function App","policyType":"BuiltIn","mode":"Indexed","description":"Enable
+ FTPS enforcement for enhanced security","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/ftpsState","equals":"FtpsOnly"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15","type":"Microsoft.Authorization/policyDefinitions","name":"399b2637-a50f-4f95-96f8-3a145476eb15"},{"properties":{"displayName":"Microsoft
+ Managed Control 1680 - Malicious Code Protection | Central Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1680"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/399cd6ee-0e18-41db-9dea-cde3bd712f38","type":"Microsoft.Authorization/policyDefinitions","name":"399cd6ee-0e18-41db-9dea-cde3bd712f38"},{"properties":{"displayName":"Microsoft
+ Managed Control 1228 - Information System Component Inventory | Accountability
+ Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1228"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/39c54140-5902-4079-8bb5-ad31936fe764","type":"Microsoft.Authorization/policyDefinitions","name":"39c54140-5902-4079-8bb5-ad31936fe764"},{"properties":{"displayName":"Microsoft
+ Managed Control 1039 - Least Privilege | Review Of User Privileges","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1039"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3a7b9de4-a8a2-4672-914d-c5f6752aa7f9","type":"Microsoft.Authorization/policyDefinitions","name":"3a7b9de4-a8a2-4672-914d-c5f6752aa7f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1648 - Collaborative Computing Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1648"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3a9eb14b-495a-4ebb-933c-ce4ef5264e32","type":"Microsoft.Authorization/policyDefinitions","name":"3a9eb14b-495a-4ebb-933c-ce4ef5264e32"},{"properties":{"displayName":"Microsoft
+ Managed Control 1315 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1315"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3aa87116-f1a1-4edb-bfbf-14e036f8d454","type":"Microsoft.Authorization/policyDefinitions","name":"3aa87116-f1a1-4edb-bfbf-14e036f8d454"},{"properties":{"displayName":"[Preview]:
Pod Security Policies should be defined on Kubernetes Services","policyType":"BuiltIn","mode":"All","description":"Define
Pod Security Policies to reduce the attack vector by removing unnecessary
application privileges. It is recommended to configure Pod Security Policies
to only allow pods to access the resources which they have permissions to
access.","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","exists":"false"},{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94","type":"Microsoft.Authorization/policyDefinitions","name":"3abeb944-26af-43ee-b83d-32aaf060fb94"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","exists":"false"},{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94","type":"Microsoft.Authorization/policyDefinitions","name":"3abeb944-26af-43ee-b83d-32aaf060fb94"},{"properties":{"displayName":"Microsoft
+ Managed Control 1548 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1548"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3afe6c78-6124-4d95-b85c-eb8c0c9539cb","type":"Microsoft.Authorization/policyDefinitions","name":"3afe6c78-6124-4d95-b85c-eb8c0c9539cb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1266 - Contingency Plan Testing | Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1266"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3b4a3eb2-c25d-40bf-ad41-5094b6f59cee","type":"Microsoft.Authorization/policyDefinitions","name":"3b4a3eb2-c25d-40bf-ad41-5094b6f59cee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1003 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1003"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3b68b179-3704-4ff7-b51d-7d65374d165d","type":"Microsoft.Authorization/policyDefinitions","name":"3b68b179-3704-4ff7-b51d-7d65374d165d"},{"properties":{"displayName":"[Preview]:
Deploy Dependency Agent for Windows VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the
list defined and the agent is not installed. The list of OS images will be
@@ -4515,15 +6142,40 @@ interactions:
in security configuration on your virtual machine scale sets should be remediated","policyType":"BuiltIn","mode":"Indexed","description":"Audit
the OS vulnerabilities on your virtual machine scale sets to protect them
from attacks.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OsVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","type":"Microsoft.Authorization/policyDefinitions","name":"3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OsVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","type":"Microsoft.Authorization/policyDefinitions","name":"3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1621 - Resource Availability","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1621"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3cb9f731-744a-4691-a481-ca77b0411538","type":"Microsoft.Authorization/policyDefinitions","name":"3cb9f731-744a-4691-a481-ca77b0411538"},{"properties":{"displayName":"Microsoft
+ Managed Control 1521 - Personnel Termination | Automated Notification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1521"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3cbddf9c-a3aa-4330-a0f5-4c0c1f1862e5","type":"Microsoft.Authorization/policyDefinitions","name":"3cbddf9c-a3aa-4330-a0f5-4c0c1f1862e5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1127 - Time Stamps","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1127"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3ce328db-aef3-48ed-9f81-2ab7cf839c66","type":"Microsoft.Authorization/policyDefinitions","name":"3ce328db-aef3-48ed-9f81-2ab7cf839c66"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Search Services to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Search Services to stream to a regional Event
+ Hub when any Search Services which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Search/searchServices/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d5da587-71bd-41f5-ac95-dd3330c2d58d","type":"Microsoft.Authorization/policyDefinitions","name":"3d5da587-71bd-41f5-ac95-dd3330c2d58d"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Devices''","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Security
Options - Devices''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsDevices","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d7b154e-2700-4c8c-9e46-cb65ac1578c2","type":"Microsoft.Authorization/policyDefinitions","name":"3d7b154e-2700-4c8c-9e46-cb65ac1578c2"},{"properties":{"displayName":"Deploy
- default Log Analytics Agent for Ubuntu VMs","policyType":"BuiltIn","mode":"Indexed","description":"This
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsDevices","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d7b154e-2700-4c8c-9e46-cb65ac1578c2","type":"Microsoft.Authorization/policyDefinitions","name":"3d7b154e-2700-4c8c-9e46-cb65ac1578c2"},{"properties":{"displayName":"[Deprecated]:
+ Deploy default Log Analytics Agent for Ubuntu VMs","policyType":"BuiltIn","mode":"Indexed","description":"This
policy deploys the Log Analytics Agent on Ubuntu VMs, and connects to the
selected Log Analytics workspace","metadata":{"category":"Compute","deprecated":true},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log
Analytics workspace","description":"Select Log Analytics workspace from dropdown
@@ -4532,22 +6184,43 @@ interactions:
policy assignment''s principal ID.","strongType":"omsWorkspace"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS","16.04-LTS","16.04.0-LTS","14.04.2-LTS","12.04.5-LTS"]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"OmsAgentForLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"resources":[{"name":"[concat(parameters(''vmName''),''/omsPolicy'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2017-12-01","properties":{"publisher":"Microsoft.EnterpriseCloud.Monitoring","type":"OmsAgentForLinux","typeHandlerVersion":"1.4","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
''2015-03-20'').customerId]"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- monitoring for Linux VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38","type":"Microsoft.Authorization/policyDefinitions","name":"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38"},{"properties":{"displayName":"Azure
+ monitoring for Linux VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38","type":"Microsoft.Authorization/policyDefinitions","name":"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38"},{"properties":{"displayName":"Microsoft
+ Managed Control 1385 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1385"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3e495e65-8663-49ca-9b38-9f45e800bc58","type":"Microsoft.Authorization/policyDefinitions","name":"3e495e65-8663-49ca-9b38-9f45e800bc58"},{"properties":{"displayName":"Azure
Monitor solution ''Security and Audit'' must be deployed","policyType":"BuiltIn","mode":"All","description":"This
policy ensures that Security and Audit is deployed.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.OperationsManagement/solutions","existenceCondition":{"allOf":[{"field":"Microsoft.OperationsManagement/solutions/provisioningState","equals":"Succeeded"},{"field":"name","like":"Security(*)"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3e596b57-105f-48a6-be97-03e9243bad6e","type":"Microsoft.Authorization/policyDefinitions","name":"3e596b57-105f-48a6-be97-03e9243bad6e"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.OperationsManagement/solutions","existenceCondition":{"allOf":[{"field":"Microsoft.OperationsManagement/solutions/provisioningState","equals":"Succeeded"},{"field":"name","like":"Security(*)"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3e596b57-105f-48a6-be97-03e9243bad6e","type":"Microsoft.Authorization/policyDefinitions","name":"3e596b57-105f-48a6-be97-03e9243bad6e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1160 - Security Authorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1160"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3e797ca6-2aa8-4333-b335-7036f1110c05","type":"Microsoft.Authorization/policyDefinitions","name":"3e797ca6-2aa8-4333-b335-7036f1110c05"},{"properties":{"displayName":"Microsoft
+ Managed Control 1545 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1545"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3f4b171a-a56b-4328-8112-32cf7f947ee1","type":"Microsoft.Authorization/policyDefinitions","name":"3f4b171a-a56b-4328-8112-32cf7f947ee1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1179 - Baseline Configuration | Reviews And Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1179"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3f9ce557-c8ab-4e6c-bb2c-9b8ed002c46c","type":"Microsoft.Authorization/policyDefinitions","name":"3f9ce557-c8ab-4e6c-bb2c-9b8ed002c46c"},{"properties":{"displayName":"[Deprecated]:
Audit API Applications that are not using latest supported PHP Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported PHP version for the latest security classes. Using older
classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66","type":"Microsoft.Authorization/policyDefinitions","name":"3fe37002-5d00-4b37-a301-da09e3a0ca66"},{"properties":{"displayName":"Secure
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66","type":"Microsoft.Authorization/policyDefinitions","name":"3fe37002-5d00-4b37-a301-da09e3a0ca66"},{"properties":{"displayName":"Microsoft
+ Managed Control 1561 - Allocation Of Resources","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1561"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40364c3f-c331-4e29-b1e3-2fbe998ba2f5","type":"Microsoft.Authorization/policyDefinitions","name":"40364c3f-c331-4e29-b1e3-2fbe998ba2f5"},{"properties":{"displayName":"Secure
transfer to storage accounts should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
requirment of Secure transfer in your storage account. Secure transfer is
an option that forces your storage account to accept requests only from secure
connections (HTTPS). Use of HTTPS ensures authentication between the server
and the service and protects data in transit from network layer attacks such
as man-in-the-middle, eavesdropping, and session-hijacking","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","type":"Microsoft.Authorization/policyDefinitions","name":"404c3081-a854-4457-ae30-26a93ef643f9"},{"properties":{"displayName":"[Preview]:
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","type":"Microsoft.Authorization/policyDefinitions","name":"404c3081-a854-4457-ae30-26a93ef643f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1100 - Audit And Accountability Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1100"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4057863c-ca7d-47eb-b1e0-503580cba8a4","type":"Microsoft.Authorization/policyDefinitions","name":"4057863c-ca7d-47eb-b1e0-503580cba8a4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1637 - Boundary Protection | Fail Secure","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1637"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4075bedc-c62a-4635-bede-a01be89807f3","type":"Microsoft.Authorization/policyDefinitions","name":"4075bedc-c62a-4635-bede-a01be89807f3"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Administrative
Templates - System''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4577,11 +6250,41 @@ interactions:
Driver Initialization Policy;ExpectedValue","value":"[parameters(''BootStartDriverInitializationPolicy'')]"},{"name":"Enable
Windows NTP Client;ExpectedValue","value":"[parameters(''EnableWindowsNTPClient'')]"},{"name":"Turn
on convenience PIN sign-in;ExpectedValue","value":"[parameters(''TurnOnConveniencePINSignin'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40917425-69db-4018-8dae-2a0556cef899","type":"Microsoft.Authorization/policyDefinitions","name":"40917425-69db-4018-8dae-2a0556cef899"},{"properties":{"displayName":"Azure
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40917425-69db-4018-8dae-2a0556cef899","type":"Microsoft.Authorization/policyDefinitions","name":"40917425-69db-4018-8dae-2a0556cef899"},{"properties":{"displayName":"Microsoft
+ Managed Control 1202 - Access Restrictions For Change","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1202"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40a2a83b-74f2-4c02-ae65-f460a5d2792a","type":"Microsoft.Authorization/policyDefinitions","name":"40a2a83b-74f2-4c02-ae65-f460a5d2792a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1438 - Media Sanitization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1438"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40fcc635-52a2-4dbc-9523-80a1f4aa1de6","type":"Microsoft.Authorization/policyDefinitions","name":"40fcc635-52a2-4dbc-9523-80a1f4aa1de6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1365 - Incident Handling | Continuity Of Operations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1365"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4116891d-72f7-46ee-911c-8056cc8dcbd5","type":"Microsoft.Authorization/policyDefinitions","name":"4116891d-72f7-46ee-911c-8056cc8dcbd5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1022 - Account Management | Shared / Group Account Credential
+ Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1022"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/411f7e2d-9a0b-4627-a0b9-1700432db47d","type":"Microsoft.Authorization/policyDefinitions","name":"411f7e2d-9a0b-4627-a0b9-1700432db47d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1464 - Monitoring Physical Access | Intrusion Alarms / Surveillance
+ Equipment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1464"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/41256567-1795-4684-b00b-a1308ce43cac","type":"Microsoft.Authorization/policyDefinitions","name":"41256567-1795-4684-b00b-a1308ce43cac"},{"properties":{"displayName":"Azure
Monitor should collect activity logs from all regions","policyType":"BuiltIn","mode":"All","description":"This
policy audits the Azure Monitor log profile which does not export activities
from all Azure supported regions including global.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiasoutheast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"brazilsouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francesouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japaneast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japanwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreasouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricanorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricawest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southeastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaenorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uksouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"ukwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"global"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","type":"Microsoft.Authorization/policyDefinitions","name":"41388f1c-2db0-4c25-95b2-35d7f5ccbfa9"},{"properties":{"displayName":"Diagnostic
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiasoutheast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"brazilsouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francesouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japaneast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japanwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreasouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricanorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricawest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southeastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaenorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uksouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"ukwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"global"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","type":"Microsoft.Authorization/policyDefinitions","name":"41388f1c-2db0-4c25-95b2-35d7f5ccbfa9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1263 - Contingency Plan Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1263"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/41472613-3b05-49f6-8fe8-525af113ce17","type":"Microsoft.Authorization/policyDefinitions","name":"41472613-3b05-49f6-8fe8-525af113ce17"},{"properties":{"displayName":"Microsoft
+ Managed Control 1096 - Role-Based Security Training | Practical Exercises","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1096"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/420c1477-aa43-49d0-bd7e-c4abdd9addff","type":"Microsoft.Authorization/policyDefinitions","name":"420c1477-aa43-49d0-bd7e-c4abdd9addff"},{"properties":{"displayName":"Microsoft
+ Managed Control 1260 - Contingency Training | Simulated Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1260"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/42254fc4-2738-4128-9613-72aaa4f0d9c3","type":"Microsoft.Authorization/policyDefinitions","name":"42254fc4-2738-4128-9613-72aaa4f0d9c3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1694 - Information System Monitoring | Analyze Communications
+ Traffic Anomalies","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1694"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/426c4ac9-ff17-49d0-acd7-a13c157081c0","type":"Microsoft.Authorization/policyDefinitions","name":"426c4ac9-ff17-49d0-acd7-a13c157081c0"},{"properties":{"displayName":"Diagnostic
logs in Batch accounts should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
@@ -4605,7 +6308,20 @@ interactions:
Process Termination;ExpectedValue'', ''='', parameters(''AuditProcessTermination'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesDetailedTracking"},"AuditProcessTermination":{"value":"[parameters(''AuditProcessTermination'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AuditProcessTermination":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit
Process Termination;ExpectedValue","value":"[parameters(''AuditProcessTermination'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/42a07bbf-ffcf-459a-b4b1-30ecd118a505","type":"Microsoft.Authorization/policyDefinitions","name":"42a07bbf-ffcf-459a-b4b1-30ecd118a505"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/42a07bbf-ffcf-459a-b4b1-30ecd118a505","type":"Microsoft.Authorization/policyDefinitions","name":"42a07bbf-ffcf-459a-b4b1-30ecd118a505"},{"properties":{"displayName":"Microsoft
+ Managed Control 1174 - Configuration Management Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1174"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/42a9a714-8fbb-43ac-b115-ea12d2bd652f","type":"Microsoft.Authorization/policyDefinitions","name":"42a9a714-8fbb-43ac-b115-ea12d2bd652f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1137 - Audit Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1137"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4344df62-88ab-4637-b97b-bcaf2ec97e7c","type":"Microsoft.Authorization/policyDefinitions","name":"4344df62-88ab-4637-b97b-bcaf2ec97e7c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1367 - Incident Handling | Insider Threats - Specific Capabilities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1367"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/435b2547-6374-4f87-b42d-6e8dbe6ae62a","type":"Microsoft.Authorization/policyDefinitions","name":"435b2547-6374-4f87-b42d-6e8dbe6ae62a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1552 - Vulnerability Scanning | Update By Frequency / Prior
+ To New Scan / When Identified","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1552"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/43684572-e4f1-4642-af35-6b933bc506da","type":"Microsoft.Authorization/policyDefinitions","name":"43684572-e4f1-4642-af35-6b933bc506da"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- System settings''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4627,13 +6343,56 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"System
settings: Use Certificate Rules on Windows Executables for Software Restriction
Policies;ExpectedValue","value":"[parameters(''SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/437a1f8f-8552-47a8-8b12-a2fee3269dd5","type":"Microsoft.Authorization/policyDefinitions","name":"437a1f8f-8552-47a8-8b12-a2fee3269dd5"},{"properties":{"displayName":"[Deprecated]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/437a1f8f-8552-47a8-8b12-a2fee3269dd5","type":"Microsoft.Authorization/policyDefinitions","name":"437a1f8f-8552-47a8-8b12-a2fee3269dd5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1544 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1544"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/43ced7c9-cd53-456b-b0da-2522649a4271","type":"Microsoft.Authorization/policyDefinitions","name":"43ced7c9-cd53-456b-b0da-2522649a4271"},{"properties":{"displayName":"Microsoft
+ Managed Control 1398 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1398"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/443e8f3d-b51a-45d8-95a7-18b0e42f4dc4","type":"Microsoft.Authorization/policyDefinitions","name":"443e8f3d-b51a-45d8-95a7-18b0e42f4dc4"},{"properties":{"displayName":"[Deprecated]:
Monitor permissive network access in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Network
Security Groups with too permissive rules will be monitored by Azure Security
Center as recommendations","metadata":{"category":"Security Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"permissiveNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed","type":"Microsoft.Authorization/policyDefinitions","name":"44452482-524f-4bf4-b852-0bff7cc4a3ed"},{"properties":{"displayName":"Require
- SQL Server version 12.0","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy ensures all SQL servers use version 12.0","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers"},{"not":{"field":"Microsoft.Sql/servers/version","equals":"12.0"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf","type":"Microsoft.Authorization/policyDefinitions","name":"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"permissiveNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed","type":"Microsoft.Authorization/policyDefinitions","name":"44452482-524f-4bf4-b852-0bff7cc4a3ed"},{"properties":{"displayName":"Microsoft
+ Managed Control 1066 - Remote Access | Disconnect / Disable Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1066"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4455c2e8-c65d-4acf-895e-304916f90b36","type":"Microsoft.Authorization/policyDefinitions","name":"4455c2e8-c65d-4acf-895e-304916f90b36"},{"properties":{"displayName":"Microsoft
+ Managed Control 1720 - Spam Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1720"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44b9a7cd-f36a-491a-a48b-6d04ae7c4221","type":"Microsoft.Authorization/policyDefinitions","name":"44b9a7cd-f36a-491a-a48b-6d04ae7c4221"},{"properties":{"displayName":"Microsoft
+ Managed Control 1334 - Authenticator Management | Pki-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1334"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44bfdadc-8c2e-4c30-9c99-f005986fabcd","type":"Microsoft.Authorization/policyDefinitions","name":"44bfdadc-8c2e-4c30-9c99-f005986fabcd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1604 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1604"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44dbba23-0b61-478e-89c7-b3084667782f","type":"Microsoft.Authorization/policyDefinitions","name":"44dbba23-0b61-478e-89c7-b3084667782f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1712 - Software, Firmware, And Information Integrity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1712"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44e543aa-41db-42aa-98eb-8a5eb1db53f0","type":"Microsoft.Authorization/policyDefinitions","name":"44e543aa-41db-42aa-98eb-8a5eb1db53f0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1310 - Device Identification And Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1310"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/450d7ede-823d-4931-a99d-57f6a38807dc","type":"Microsoft.Authorization/policyDefinitions","name":"450d7ede-823d-4931-a99d-57f6a38807dc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1559 - System And Services Acquisition Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1559"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/45692294-f074-42bd-ac54-16f1a3c07554","type":"Microsoft.Authorization/policyDefinitions","name":"45692294-f074-42bd-ac54-16f1a3c07554"},{"properties":{"displayName":"Microsoft
+ Managed Control 1578 - Acquisition Process | Functions / Ports / Protocols
+ / Services In Use","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1578"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/45b7b644-5f91-498e-9d89-7402532d3645","type":"Microsoft.Authorization/policyDefinitions","name":"45b7b644-5f91-498e-9d89-7402532d3645"},{"properties":{"displayName":"Microsoft
+ Managed Control 1565 - System Development Life Cycle","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1565"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/45ce2396-5c76-4654-9737-f8792ab3d26b","type":"Microsoft.Authorization/policyDefinitions","name":"45ce2396-5c76-4654-9737-f8792ab3d26b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1337 - Authenticator Management | In-Person Or Trusted Third-Party
+ Registration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1337"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/463e5220-3f79-4e24-a63f-343e4096cd22","type":"Microsoft.Authorization/policyDefinitions","name":"463e5220-3f79-4e24-a63f-343e4096cd22"},{"properties":{"displayName":"[Deprecated]:
+ Require SQL Server version 12.0","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy ensures all SQL servers use version 12.0. This policy is deprecated
+ because it is no longer possible to create an Azure SQL server with any version
+ other than 12.0.","metadata":{"category":"SQL","deprecated":"true"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers"},{"not":{"field":"Microsoft.Sql/servers/version","equals":"12.0"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf","type":"Microsoft.Authorization/policyDefinitions","name":"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1346 - Identification And Authentication (Non-Organizational
+ Users)","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1346"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/464dc8ce-2200-4720-87a5-dc5952924cc6","type":"Microsoft.Authorization/policyDefinitions","name":"464dc8ce-2200-4720-87a5-dc5952924cc6"},{"properties":{"displayName":"[Deprecated]:
Audit Web Applications that are not using latest supported Python Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported Python version for the latest security classes. Using
older classes and types can make your application vulnerable.","metadata":{"category":"Security
@@ -4642,7 +6401,14 @@ interactions:
automatic OS image patching on Virtual Machine Scale Sets","policyType":"BuiltIn","mode":"All","description":"This
policy enforces enabling automatic OS image patching on Virtual Machine Scale
Sets to always keep Virtual Machines secure by safely applying latest security
- patches every month.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgradePolicy.enableAutomaticOSUpgrade","notEquals":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade","notEquals":"True"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"465f0161-0087-490a-9ad9-ad6217f4f43a"},{"properties":{"displayName":"Automatic
+ patches every month.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgradePolicy.enableAutomaticOSUpgrade","notEquals":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade","notEquals":"True"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"465f0161-0087-490a-9ad9-ad6217f4f43a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1368 - Incident Handling | Correlation With External Organizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1368"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/465f32da-0ace-4603-8d1b-7be5a3a702de","type":"Microsoft.Authorization/policyDefinitions","name":"465f32da-0ace-4603-8d1b-7be5a3a702de"},{"properties":{"displayName":"Microsoft
+ Managed Control 1062 - Remote Access | Protection Of Confidentiality / Integrity
+ Using Encryption","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1062"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4708723f-e099-4af1-bbf9-b6df7642e444","type":"Microsoft.Authorization/policyDefinitions","name":"4708723f-e099-4af1-bbf9-b6df7642e444"},{"properties":{"displayName":"Automatic
provisioning of the Log Analytics monitoring agent should be enabled on your
subscription","policyType":"BuiltIn","mode":"All","description":"Enable automatic
provisioning of the Log Analytics monitoring agent in order to collect security
@@ -4651,12 +6417,51 @@ interactions:
Application Controls should be enabled on virtual machines","policyType":"BuiltIn","mode":"All","description":"Possible
Application Whitelist configuration will be monitored by Azure Security Center","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"applicationWhitelisting","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","type":"Microsoft.Authorization/policyDefinitions","name":"47a6b606-51aa-4496-8bb7-64b11cf66adc"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"applicationWhitelisting","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","type":"Microsoft.Authorization/policyDefinitions","name":"47a6b606-51aa-4496-8bb7-64b11cf66adc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1359 - Incident Response Testing | Coordination With Related
+ Plans","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Incident Response control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1359"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/47bc7ea0-7d13-4f7c-a154-b903f7194253","type":"Microsoft.Authorization/policyDefinitions","name":"47bc7ea0-7d13-4f7c-a154-b903f7194253"},{"properties":{"displayName":"Microsoft
+ Managed Control 1165 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1165"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/47e10916-6c9e-446b-b0bd-ff5fd439d79d","type":"Microsoft.Authorization/policyDefinitions","name":"47e10916-6c9e-446b-b0bd-ff5fd439d79d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1048 - System Use Notification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1048"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/483e7ca9-82b3-45a2-be97-b93163a0deb7","type":"Microsoft.Authorization/policyDefinitions","name":"483e7ca9-82b3-45a2-be97-b93163a0deb7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1033 - Separation Of Duties","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1033"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48540f01-fc11-411a-b160-42807c68896e","type":"Microsoft.Authorization/policyDefinitions","name":"48540f01-fc11-411a-b160-42807c68896e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1477 - Fire Protection | Detection Devices / Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1477"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4862a63c-6c74-4a9d-a221-89af3c374503","type":"Microsoft.Authorization/policyDefinitions","name":"4862a63c-6c74-4a9d-a221-89af3c374503"},{"properties":{"displayName":"Microsoft
+ Managed Control 1484 - Water Damage Protection | Automation Support","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1484"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/486b006a-3653-45e8-b41c-a052d3e05456","type":"Microsoft.Authorization/policyDefinitions","name":"486b006a-3653-45e8-b41c-a052d3e05456"},{"properties":{"displayName":"[Deprecated]:
Audit IP restrictions configuration for an API App","policyType":"BuiltIn","mode":"All","description":"IP
Restrictions allow you to define a list of IP addresses that are allowed to
access your app. Use of IP Restrictions protects an API app from common attacks.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53","type":"Microsoft.Authorization/policyDefinitions","name":"48893b84-a2c8-4d9a-badf-835d5d1b7d53"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53","type":"Microsoft.Authorization/policyDefinitions","name":"48893b84-a2c8-4d9a-badf-835d5d1b7d53"},{"properties":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for PostgreSQL","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure Database for PostgreSQL with geo-redundant backup
+ not enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},{"field":"Microsoft.DBforPostgreSQL/servers/storageProfile.geoRedundantBackup","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","type":"Microsoft.Authorization/policyDefinitions","name":"48af4db5-9b8b-401c-8e74-076be876a430"},{"properties":{"displayName":"Microsoft
+ Managed Control 1669 - Flaw Remediation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1669"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48f2f62b-5743-4415-a143-288adc0e078d","type":"Microsoft.Authorization/policyDefinitions","name":"48f2f62b-5743-4415-a143-288adc0e078d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1376 - Incident Response Assistance | Coordination With External
+ Providers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1376"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/493a95f3-f2e3-47d0-af02-65e6d6decc2f","type":"Microsoft.Authorization/policyDefinitions","name":"493a95f3-f2e3-47d0-af02-65e6d6decc2f"},{"properties":{"displayName":"Ensure
+ that ''Java version'' is the latest, if used as a part of the Web app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Java software either due to security flaws
+ or to include additional functionality. Using the latest Java version for
+ web apps is recommended in order to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ Java version","description":"Latest supported Java version for App Services"},"defaultValue":"11"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"JAVA"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","like":"[concat(''*'',
+ parameters(''JavaLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.javaVersion","like":"[concat(parameters(''JavaLatestVersion''),
+ ''*'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","type":"Microsoft.Authorization/policyDefinitions","name":"496223c3-ad65-4ecd-878a-bae78737e9ed"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Audit''","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4672,15 +6477,52 @@ interactions:
''='', parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsAudit"},"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"value":"[parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit:
Shut down system immediately if unable to log security audits;ExpectedValue","value":"[parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/498b810c-59cd-4222-9338-352ba146ccf3","type":"Microsoft.Authorization/policyDefinitions","name":"498b810c-59cd-4222-9338-352ba146ccf3"},{"properties":{"displayName":"Append
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/498b810c-59cd-4222-9338-352ba146ccf3","type":"Microsoft.Authorization/policyDefinitions","name":"498b810c-59cd-4222-9338-352ba146ccf3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1329 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1329"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/498f6234-3e20-4b6a-a880-cbd646d973bd","type":"Microsoft.Authorization/policyDefinitions","name":"498f6234-3e20-4b6a-a880-cbd646d973bd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1638 - Boundary Protection | Dynamic Isolation / Segregation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1638"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49b99653-32cd-405d-a135-e7d60a9aae1f","type":"Microsoft.Authorization/policyDefinitions","name":"49b99653-32cd-405d-a135-e7d60a9aae1f"},{"properties":{"displayName":"Append
tag and its default value to resource groups","policyType":"BuiltIn","mode":"All","description":"Appends
the specified tag and value when any resource group which is missing this
tag is created or updated. Does not modify the tags of resource groups created
- before this policy was applied until those resource groups are changed.","metadata":{"category":"General"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ before this policy was applied until those resource groups are changed. New
+ ''modify'' effect policies are available that support remediation of tags
+ on existing resources (see https://aka.ms/modifydoc).","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
- Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","exists":"false"},{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"}]},"then":{"effect":"append","details":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71","type":"Microsoft.Authorization/policyDefinitions","name":"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71"},{"properties":{"displayName":"Deploy
+ Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"append","details":[{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71","type":"Microsoft.Authorization/policyDefinitions","name":"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71"},{"properties":{"displayName":"Microsoft
+ Managed Control 1294 - Information System Backup | Transfer To Alternate Storage
+ Site","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1294"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49dbe627-2c1e-438c-979e-dd7a39bbf81d","type":"Microsoft.Authorization/policyDefinitions","name":"49dbe627-2c1e-438c-979e-dd7a39bbf81d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1218 - Least Functionality | Prevent Program Execution","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1218"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4a1d0394-b9f5-493e-9e83-563fd0ac4df8","type":"Microsoft.Authorization/policyDefinitions","name":"4a1d0394-b9f5-493e-9e83-563fd0ac4df8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1677 - Malicious Code Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1677"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4a248e1e-040f-43e5-bff2-afc3a57a3923","type":"Microsoft.Authorization/policyDefinitions","name":"4a248e1e-040f-43e5-bff2-afc3a57a3923"},{"properties":{"displayName":"Microsoft
+ Managed Control 1094 - Role-Based Security Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1094"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4b1853e0-8973-446b-b567-09d901d31a09","type":"Microsoft.Authorization/policyDefinitions","name":"4b1853e0-8973-446b-b567-09d901d31a09"},{"properties":{"displayName":"Microsoft
+ Managed Control 1114 - Response To Audit Processing Failures | Real-Time Alerts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1114"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4c090801-59bc-4454-bb33-e0455133486a","type":"Microsoft.Authorization/policyDefinitions","name":"4c090801-59bc-4454-bb33-e0455133486a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1364 - Incident Handling | Dynamic Reconfiguration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1364"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4c615c2a-dc83-4dda-8220-abce7b50c9bc","type":"Microsoft.Authorization/policyDefinitions","name":"4c615c2a-dc83-4dda-8220-abce7b50c9bc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1661 - Session Authenticity | Invalidate Session Identifiers
+ At Logout","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1661"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4c643c9a-1be7-4016-a5e7-e4bada052920","type":"Microsoft.Authorization/policyDefinitions","name":"4c643c9a-1be7-4016-a5e7-e4bada052920"},{"properties":{"displayName":"Microsoft
+ Managed Control 1373 - Incident Reporting | Automated Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1373"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4cca950f-c3b7-492a-8e8f-ea39663c14f9","type":"Microsoft.Authorization/policyDefinitions","name":"4cca950f-c3b7-492a-8e8f-ea39663c14f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1632 - Boundary Protection | Prevent Split Tunneling For Remote
+ Devices","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1632"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4ce9073a-77fa-48f0-96b1-87aa8e6091c2","type":"Microsoft.Authorization/policyDefinitions","name":"4ce9073a-77fa-48f0-96b1-87aa8e6091c2"},{"properties":{"displayName":"Deploy
prerequisites to audit Linux VMs that do not have the specified applications
installed","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Linux virtual machines that
@@ -4692,66 +6534,277 @@ interactions:
names","description":"A semicolon-separated list of the names of the applications
that should be installed. e.g. ''python; powershell''"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"installed_application_linux","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent'',
''='', concat(''packages: ['', replace(parameters(''ApplicationName''), '';'',
- '',''), '']'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"installed_application_linux"},"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ApplicationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ '',''), '']'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"installed_application_linux"},"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ApplicationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent","value":"[concat(''packages:
- ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent","value":"[concat(''packages:
- ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721","type":"Microsoft.Authorization/policyDefinitions","name":"4d1c04de-2172-403f-901b-90608c35c721"},{"properties":{"displayName":"[Preview]:
+ ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721","type":"Microsoft.Authorization/policyDefinitions","name":"4d1c04de-2172-403f-901b-90608c35c721"},{"properties":{"displayName":"FTPS
+ should be required in your Web App","policyType":"BuiltIn","mode":"Indexed","description":"Enable
+ FTPS enforcement for enhanced security","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/ftpsState","equals":"FtpsOnly"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","type":"Microsoft.Authorization/policyDefinitions","name":"4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1155 - System Interconnections | Restrictions On External
+ System Connections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1155"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d33f9f1-12d0-46ad-9fbd-8f8046694977","type":"Microsoft.Authorization/policyDefinitions","name":"4d33f9f1-12d0-46ad-9fbd-8f8046694977"},{"properties":{"displayName":"Microsoft
+ Managed Control 1156 - Plan Of Action And Milestones","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1156"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d52e864-9a3b-41ee-8f03-520815fe5378","type":"Microsoft.Authorization/policyDefinitions","name":"4d52e864-9a3b-41ee-8f03-520815fe5378"},{"properties":{"displayName":"Microsoft
+ Managed Control 1312 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1312"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d6a5968-9eef-4c18-8534-376790ab7274","type":"Microsoft.Authorization/policyDefinitions","name":"4d6a5968-9eef-4c18-8534-376790ab7274"},{"properties":{"displayName":"[Preview]:
Deploy Dependency Agent for Linux VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined
and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''),
''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee","type":"Microsoft.Authorization/policyDefinitions","name":"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee"},{"properties":{"displayName":"A
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee","type":"Microsoft.Authorization/policyDefinitions","name":"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Data Lake Analytics to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Analytics to stream to a regional Event
+ Hub when any Data Lake Analytics which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeAnalytics/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeAnalytics/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4daddf25-4823-43d4-88eb-2419eb6dcc08","type":"Microsoft.Authorization/policyDefinitions","name":"4daddf25-4823-43d4-88eb-2419eb6dcc08"},{"properties":{"displayName":"Microsoft
+ Managed Control 1394 - System Maintenance Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1394"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4db56f68-3f50-45ab-88f3-ca46f5379a94","type":"Microsoft.Authorization/policyDefinitions","name":"4db56f68-3f50-45ab-88f3-ca46f5379a94"},{"properties":{"displayName":"Microsoft
+ Managed Control 1702 - Information System Monitoring | Indicators Of Compromise","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1702"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4dfc0855-92c4-4641-b155-a55ddd962362","type":"Microsoft.Authorization/policyDefinitions","name":"4dfc0855-92c4-4641-b155-a55ddd962362"},{"properties":{"displayName":"Microsoft
+ Managed Control 1001 - Access Control Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1001"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e26f8c3-4bf3-4191-b8fc-d888805101b7","type":"Microsoft.Authorization/policyDefinitions","name":"4e26f8c3-4bf3-4191-b8fc-d888805101b7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1083 - Publicly Accessible Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1083"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e319cb6-2ca3-4a58-ad75-e67f484e50ec","type":"Microsoft.Authorization/policyDefinitions","name":"4e319cb6-2ca3-4a58-ad75-e67f484e50ec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1579 - Acquisition Process | Use Of Approved Piv Products","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1579"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e54c7ef-7457-430b-9a3e-ef8881d4a8e0","type":"Microsoft.Authorization/policyDefinitions","name":"4e54c7ef-7457-430b-9a3e-ef8881d4a8e0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1247 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1247"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e666db5-b2ef-4b06-aac6-09bfce49151b","type":"Microsoft.Authorization/policyDefinitions","name":"4e666db5-b2ef-4b06-aac6-09bfce49151b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1196 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1196"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e7f4ea4-dd62-44f6-8886-ac6137cf52b0","type":"Microsoft.Authorization/policyDefinitions","name":"4e7f4ea4-dd62-44f6-8886-ac6137cf52b0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1134 - Protection Of Audit Information | Access By Subset
+ Of Privileged Users","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1134"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e95f70e-181c-4422-9da2-43079710c789","type":"Microsoft.Authorization/policyDefinitions","name":"4e95f70e-181c-4422-9da2-43079710c789"},{"properties":{"displayName":"Microsoft
+ Managed Control 1267 - Alternate Storage Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1267"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e97ba1d-be5d-4953-8da4-0cccf28f4805","type":"Microsoft.Authorization/policyDefinitions","name":"4e97ba1d-be5d-4953-8da4-0cccf28f4805"},{"properties":{"displayName":"Microsoft
+ Managed Control 1192 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1192"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4ebd97f7-b105-4f50-8daf-c51465991240","type":"Microsoft.Authorization/policyDefinitions","name":"4ebd97f7-b105-4f50-8daf-c51465991240"},{"properties":{"displayName":"Microsoft
+ Managed Control 1139 - Audit Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1139"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4ed62522-de00-4dda-9810-5205733d2f34","type":"Microsoft.Authorization/policyDefinitions","name":"4ed62522-de00-4dda-9810-5205733d2f34"},{"properties":{"displayName":"A
maximum of 3 owners should be designated for your subscription","policyType":"BuiltIn","mode":"All","description":"It
is recommended to designate up to 3 subscription owners in order to reduce
the potential for breach by a compromised owner.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateLessThanXOwners","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","type":"Microsoft.Authorization/policyDefinitions","name":"4f11b553-d42e-4e3a-89be-32ca364cad4c"},{"properties":{"displayName":"A
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateLessThanXOwners","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","type":"Microsoft.Authorization/policyDefinitions","name":"4f11b553-d42e-4e3a-89be-32ca364cad4c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1442 - Media Sanitization | Nondestructive Techniques","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1442"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f26049b-2c5a-4841-9ff3-d48a26aae475","type":"Microsoft.Authorization/policyDefinitions","name":"4f26049b-2c5a-4841-9ff3-d48a26aae475"},{"properties":{"displayName":"Microsoft
+ Managed Control 1182 - Baseline Configuration | Configure Systems, Components,
+ Or Devices For High-Risk Areas","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1182"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f34f554-da4b-4786-8d66-7915c90893da","type":"Microsoft.Authorization/policyDefinitions","name":"4f34f554-da4b-4786-8d66-7915c90893da"},{"properties":{"displayName":"A
security contact email address should be provided for your subscription","policyType":"BuiltIn","mode":"All","description":"Enter
an email address to receive notifications when Azure Security Center detects
compromised resources","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/email","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","type":"Microsoft.Authorization/policyDefinitions","name":"4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7"},{"properties":{"displayName":"[Preview]
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/email","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","type":"Microsoft.Authorization/policyDefinitions","name":"4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7"},{"properties":{"displayName":"Add
+ a tag to resources","policyType":"BuiltIn","mode":"Indexed","description":"Adds
+ the specified tag and value when any resource missing this tag is created
+ or updated. Existing resources can be remediated by triggering a remediation
+ task. If the tag exists with a different value it will not be changed. Does
+ not modify tags on resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
+ Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","exists":"false"},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"add","field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f9dc7db-30c1-420c-b61a-e1d640128d26","type":"Microsoft.Authorization/policyDefinitions","name":"4f9dc7db-30c1-420c-b61a-e1d640128d26"},{"properties":{"displayName":"[Preview]
Vulnerability Assessment should be enabled on Virtual Machines","policyType":"BuiltIn","mode":"All","description":"Monitors
vulnerabilities detected by Azure Security Center Vulnerability Assessment
on Virtual Machines","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"serverVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["NotApplicable","OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","type":"Microsoft.Authorization/policyDefinitions","name":"501541f7-f7e7-4cd6-868c-4190fdad3ac9"},{"properties":{"displayName":"Connection
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"serverVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["NotApplicable","OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","type":"Microsoft.Authorization/policyDefinitions","name":"501541f7-f7e7-4cd6-868c-4190fdad3ac9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1485 - Delivery And Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1485"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50301354-95d0-4a11-8af5-8039ecf6d38b","type":"Microsoft.Authorization/policyDefinitions","name":"50301354-95d0-4a11-8af5-8039ecf6d38b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1646 - Cryptographic Key Establishment And Management | Asymmetric
+ Keys","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1646"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/506814fa-b930-4b10-894e-a45b98c40e1a","type":"Microsoft.Authorization/policyDefinitions","name":"506814fa-b930-4b10-894e-a45b98c40e1a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1566 - System Development Life Cycle","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1566"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50ad3724-e2ac-4716-afcc-d8eabd97adb9","type":"Microsoft.Authorization/policyDefinitions","name":"50ad3724-e2ac-4716-afcc-d8eabd97adb9"},{"properties":{"displayName":"A
+ custom IPsec/IKE policy must be applied to all Azure virtual network gateway
+ connections","policyType":"BuiltIn","mode":"All","description":"This policy
+ ensures that all Azure virtual network gateway connections use a custom Internet
+ Protocol Security(Ipsec)/Internet Key Exchange(IKE) policy. Supported algorithms
+ and key strengths - https://aka.ms/AA62kb0","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"IPsecEncryption":{"type":"Array","metadata":{"displayName":"IPsec
+ Encryption","description":"IPsec Encryption"}},"IPsecIntegrity":{"type":"Array","metadata":{"displayName":"IPsec
+ Integrity","description":"IPsec Integrity"}},"IKEEncryption":{"type":"Array","metadata":{"displayName":"IKE
+ Encryption","description":"IKE Encryption"}},"IKEIntegrity":{"type":"Array","metadata":{"displayName":"IKE
+ Integrity","description":"IKE Integrity"}},"DHGroup":{"type":"Array","metadata":{"displayName":"DH
+ Group","description":"DH Group"}},"PFSGroup":{"type":"Array","metadata":{"displayName":"PFS
+ Group","description":"PFS Group"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/connections"},{"anyOf":[{"field":"Microsoft.Network/connections/ipsecPolicies[*].ipsecEncryption","notIn":"[parameters(''IPsecEncryption'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ipsecIntegrity","notIn":"[parameters(''IPsecIntegrity'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ikeEncryption","notIn":"[parameters(''IKEEncryption'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ikeIntegrity","notIn":"[parameters(''IKEIntegrity'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].dhGroup","notIn":"[parameters(''DHGroup'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].pfsGroup","notIn":"[parameters(''PFSGroup'')]"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50b83b09-03da-41c1-b656-c293c914862b","type":"Microsoft.Authorization/policyDefinitions","name":"50b83b09-03da-41c1-b656-c293c914862b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1248 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1248"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50fc602d-d8e0-444b-a039-ad138ee5deb0","type":"Microsoft.Authorization/policyDefinitions","name":"50fc602d-d8e0-444b-a039-ad138ee5deb0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1386 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1386"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5120193e-91fd-4f9d-bc6d-194f94734065","type":"Microsoft.Authorization/policyDefinitions","name":"5120193e-91fd-4f9d-bc6d-194f94734065"},{"properties":{"displayName":"Microsoft
+ Managed Control 1352 - Incident Response Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1352"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/518cb545-bfa8-43f8-a108-3b7d5037469a","type":"Microsoft.Authorization/policyDefinitions","name":"518cb545-bfa8-43f8-a108-3b7d5037469a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1642 - Network Disconnect","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1642"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/53397227-5ee3-4b23-9e5e-c8a767ce6928","type":"Microsoft.Authorization/policyDefinitions","name":"53397227-5ee3-4b23-9e5e-c8a767ce6928"},{"properties":{"displayName":"Connection
throttling should be enabled for PostgreSQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy helps audit any PostgreSQL databases in your environment without Connection
throttling enabled. This setting enables temporary connection throttling per
IP for too many invalid password login failures.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"connection_throttling","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd","type":"Microsoft.Authorization/policyDefinitions","name":"5345bb39-67dc-4960-a1bf-427e16b9a0bd"},{"properties":{"displayName":"CORS
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"connection_throttling","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd","type":"Microsoft.Authorization/policyDefinitions","name":"5345bb39-67dc-4960-a1bf-427e16b9a0bd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1467 - Visitor Access Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1467"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5350cbf9-8bdd-4904-b22a-e88be84ca49d","type":"Microsoft.Authorization/policyDefinitions","name":"5350cbf9-8bdd-4904-b22a-e88be84ca49d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1183 - Baseline Configuration | Configure Systems, Components,
+ Or Devices For High-Risk Areas","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1183"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5352e3e0-e63a-452e-9e5f-9c1d181cff9c","type":"Microsoft.Authorization/policyDefinitions","name":"5352e3e0-e63a-452e-9e5f-9c1d181cff9c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1029 - Information Flow Enforcement | Security Policy Filters","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1029"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69","type":"Microsoft.Authorization/policyDefinitions","name":"53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69"},{"properties":{"displayName":"Microsoft
+ Managed Control 1270 - Alternate Storage Site | Recovery Time / Point Objectives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1270"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/53c76a39-2097-408a-b237-b279f7b4614d","type":"Microsoft.Authorization/policyDefinitions","name":"53c76a39-2097-408a-b237-b279f7b4614d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1040 - Least Privilege | Review Of User Privileges","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1040"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/54205576-cec9-463f-ba44-b4b3f5d0a84c","type":"Microsoft.Authorization/policyDefinitions","name":"54205576-cec9-463f-ba44-b4b3f5d0a84c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1015 - Account Management | Disable Inactive Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1015"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/544a208a-9c3f-40bc-b1d1-d7e144495c14","type":"Microsoft.Authorization/policyDefinitions","name":"544a208a-9c3f-40bc-b1d1-d7e144495c14"},{"properties":{"displayName":"Microsoft
+ Managed Control 1026 - Account Management | Disable Accounts For High-Risk
+ Individuals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1026"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/55419419-c597-4cd4-b51e-009fd2266783","type":"Microsoft.Authorization/policyDefinitions","name":"55419419-c597-4cd4-b51e-009fd2266783"},{"properties":{"displayName":"Microsoft
+ Managed Control 1045 - Unsuccessful Logon Attempts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1045"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/554d2dd6-f3a8-4ad5-b66f-5ce23bd18892","type":"Microsoft.Authorization/policyDefinitions","name":"554d2dd6-f3a8-4ad5-b66f-5ce23bd18892"},{"properties":{"displayName":"Microsoft
+ Managed Control 1523 - Personnel Transfer","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1523"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5577a310-2551-49c8-803b-36e0d5e55601","type":"Microsoft.Authorization/policyDefinitions","name":"5577a310-2551-49c8-803b-36e0d5e55601"},{"properties":{"displayName":"Microsoft
+ Managed Control 1113 - Response To Audit Processing Failures | Audit Storage
+ Capacity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1113"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/562afd61-56be-4313-8fe4-b9564aa4ba7d","type":"Microsoft.Authorization/policyDefinitions","name":"562afd61-56be-4313-8fe4-b9564aa4ba7d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1212 - Configuration Settings | Automated Central Management
+ / Application / Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1212"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/56d970ee-4efc-49c8-8a4e-5916940d784c","type":"Microsoft.Authorization/policyDefinitions","name":"56d970ee-4efc-49c8-8a4e-5916940d784c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1403 - Controlled Maintenance | Automated Maintenance Activities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1403"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/57149289-d52b-4f40-9fe6-5233c1ef80f7","type":"Microsoft.Authorization/policyDefinitions","name":"57149289-d52b-4f40-9fe6-5233c1ef80f7"},{"properties":{"displayName":"CORS
should not allow every resource to access your Web Applications","policyType":"BuiltIn","mode":"Indexed","description":"Cross-Origin
Resource Sharing (CORS) should not allow all domains to access your web application.
Allow only required domains to interact with your web app.","metadata":{"category":"App
Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","type":"Microsoft.Authorization/policyDefinitions","name":"5744710e-cc2f-4ee8-8809-3b11e89f4bc9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","type":"Microsoft.Authorization/policyDefinitions","name":"5744710e-cc2f-4ee8-8809-3b11e89f4bc9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1162 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1162"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592","type":"Microsoft.Authorization/policyDefinitions","name":"5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592"},{"properties":{"displayName":"Microsoft
+ Managed Control 1054 - Session Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1054"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5807e1b4-ba5e-4718-8689-a0ca05a191b2","type":"Microsoft.Authorization/policyDefinitions","name":"5807e1b4-ba5e-4718-8689-a0ca05a191b2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1584 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1584"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5864522b-ff1d-4979-a9f8-58bee1fb174c","type":"Microsoft.Authorization/policyDefinitions","name":"5864522b-ff1d-4979-a9f8-58bee1fb174c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1547 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1547"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52","type":"Microsoft.Authorization/policyDefinitions","name":"58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52"},{"properties":{"displayName":"Microsoft
+ Managed Control 1573 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1573"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/58c93053-7b98-4cf0-b99f-1beb985416c2","type":"Microsoft.Authorization/policyDefinitions","name":"58c93053-7b98-4cf0-b99f-1beb985416c2"},{"properties":{"displayName":"[Deprecated]:
+ Ensure Function app is using the latest version of TLS encryption","policyType":"BuiltIn","mode":"Indexed","description":"Please
+ use /providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193
+ instead. The TLS(Transport Layer Security) protocol secures transmission of
+ data over the internet using standard encryption technology. Encryption should
+ be set with the latest version of TLS. App service allows TLS 1.2 by default,
+ which is the recommended TLS level by industry standards, such as PCI DSS","metadata":{"category":"App
+ Service","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/58d94fc1-a072-47c2-bd37-9cdb38e77453","type":"Microsoft.Authorization/policyDefinitions","name":"58d94fc1-a072-47c2-bd37-9cdb38e77453"},{"properties":{"displayName":"Microsoft
+ Managed Control 1063 - Remote Access | Managed Access Control Points","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1063"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/593ce201-54b2-4dd0-b34f-c308005d7780","type":"Microsoft.Authorization/policyDefinitions","name":"593ce201-54b2-4dd0-b34f-c308005d7780"},{"properties":{"displayName":"Microsoft
+ Managed Control 1463 - Monitoring Physical Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1463"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/59721f87-ae25-4db0-a2a4-77cc5b25d495","type":"Microsoft.Authorization/policyDefinitions","name":"59721f87-ae25-4db0-a2a4-77cc5b25d495"},{"properties":{"displayName":"Microsoft
+ Managed Control 1425 - Timely Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1425"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5983d99c-f39b-4c32-a3dc-170f19f6941b","type":"Microsoft.Authorization/policyDefinitions","name":"5983d99c-f39b-4c32-a3dc-170f19f6941b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1512 - Personnel Screening","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1512"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5a8324ad-f599-429b-aaed-f9c6e8c987a8","type":"Microsoft.Authorization/policyDefinitions","name":"5a8324ad-f599-429b-aaed-f9c6e8c987a8"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that do not have a minimum password age
of 1 day","policyType":"BuiltIn","mode":"All","description":"This policy should
only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that do not have a minimum password age of 1 day. For more
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","type":"Microsoft.Authorization/policyDefinitions","name":"5aa11bbc-5c76-4302-80e5-aba46a4282e7"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","type":"Microsoft.Authorization/policyDefinitions","name":"5aa11bbc-5c76-4302-80e5-aba46a4282e7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1032 - Separation Of Duties","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1032"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aa85661-d618-46b8-a20f-ca40a86f0751","type":"Microsoft.Authorization/policyDefinitions","name":"5aa85661-d618-46b8-a20f-ca40a86f0751"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that do not restrict the minimum password
length to 14 characters","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that do not restrict the minimum password
length to 14 characters. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","type":"Microsoft.Authorization/policyDefinitions","name":"5aebc8d1-020d-4037-89a0-02043a7524ec"},{"properties":{"displayName":"Show
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","type":"Microsoft.Authorization/policyDefinitions","name":"5aebc8d1-020d-4037-89a0-02043a7524ec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1555 - Vulnerability Scanning | Privileged Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1555"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5afa8cab-1ed7-4e40-884c-64e0ac2059cc","type":"Microsoft.Authorization/policyDefinitions","name":"5afa8cab-1ed7-4e40-884c-64e0ac2059cc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1205 - Access Restrictions For Change | Signed Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1205"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b070cab-0fb8-4e48-ad29-fc90b4c2797c","type":"Microsoft.Authorization/policyDefinitions","name":"5b070cab-0fb8-4e48-ad29-fc90b4c2797c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1005 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1005"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b626abc-26d4-4e22-9de8-3831818526b1","type":"Microsoft.Authorization/policyDefinitions","name":"5b626abc-26d4-4e22-9de8-3831818526b1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1105 - Audit Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1105"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b73f57b-587d-4470-a344-0b0ae805f459","type":"Microsoft.Authorization/policyDefinitions","name":"5b73f57b-587d-4470-a344-0b0ae805f459"},{"properties":{"displayName":"Show
audit results from Linux VMs that have the specified applications installed","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Linux virtual machines that have the specified applications installed.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"not_installed_application_linux","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8","type":"Microsoft.Authorization/policyDefinitions","name":"5b842acb-0fe7-41b0-9f40-880ec4ad84d8"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"not_installed_application_linux","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8","type":"Microsoft.Authorization/policyDefinitions","name":"5b842acb-0fe7-41b0-9f40-880ec4ad84d8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1433 - Media Transport","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1433"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b879b41-2728-41c5-ad24-9ee2c37cbe65","type":"Microsoft.Authorization/policyDefinitions","name":"5b879b41-2728-41c5-ad24-9ee2c37cbe65"},{"properties":{"displayName":"Ensure
+ WEB app has ''Client Certificates (Incoming client certificates)'' set to
+ ''On''","policyType":"BuiltIn","mode":"Indexed","description":"Client certificates
+ allow for the app to request a certificate for incoming requests. Only clients
+ that have a valid certificate will be able to reach the app.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"},{"field":"Microsoft.Web/sites/clientCertEnabled","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","type":"Microsoft.Authorization/policyDefinitions","name":"5bb220d9-2698-4ee4-8404-b9c30c9df609"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs on which the remote host connection
status does not match the specified one","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4772,14 +6825,17 @@ interactions:
so the machine will be non-compliant if it can establish a connection."},"allowedValues":["True","False"],"defaultValue":"False"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsRemoteConnection","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[WindowsRemoteConnection]WindowsRemoteConnection1;host'',
''='', parameters(''host''), '','', ''[WindowsRemoteConnection]WindowsRemoteConnection1;port'',
''='', parameters(''port''), '','', ''[WindowsRemoteConnection]WindowsRemoteConnection1;shouldConnect'',
- ''='', parameters(''shouldConnect'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsRemoteConnection"},"host":{"value":"[parameters(''host'')]"},"port":{"value":"[parameters(''port'')]"},"shouldConnect":{"value":"[parameters(''shouldConnect'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"host":{"type":"string"},"port":{"type":"string"},"shouldConnect":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;host","value":"[parameters(''host'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;port","value":"[parameters(''port'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;shouldConnect","value":"[parameters(''shouldConnect'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;host","value":"[parameters(''host'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;port","value":"[parameters(''port'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;shouldConnect","value":"[parameters(''shouldConnect'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5bb36dda-8a78-4df9-affd-4f05a8612a8a","type":"Microsoft.Authorization/policyDefinitions","name":"5bb36dda-8a78-4df9-affd-4f05a8612a8a"},{"properties":{"displayName":"[Preview]:
+ ''='', parameters(''shouldConnect'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsRemoteConnection"},"host":{"value":"[parameters(''host'')]"},"port":{"value":"[parameters(''port'')]"},"shouldConnect":{"value":"[parameters(''shouldConnect'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"host":{"type":"string"},"port":{"type":"string"},"shouldConnect":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;host","value":"[parameters(''host'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;port","value":"[parameters(''port'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;shouldConnect","value":"[parameters(''shouldConnect'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;host","value":"[parameters(''host'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;port","value":"[parameters(''port'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;shouldConnect","value":"[parameters(''shouldConnect'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5bb36dda-8a78-4df9-affd-4f05a8612a8a","type":"Microsoft.Authorization/policyDefinitions","name":"5bb36dda-8a78-4df9-affd-4f05a8612a8a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1551 - Vulnerability Scanning | Update Tool Capability","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1551"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5bbda922-0172-4095-89e6-5b4a0bf03af7","type":"Microsoft.Authorization/policyDefinitions","name":"5bbda922-0172-4095-89e6-5b4a0bf03af7"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Network Security''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -4795,16 +6851,38 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","type":"Microsoft.Authorization/policyDefinitions","name":"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138"},{"properties":{"displayName":"External
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","type":"Microsoft.Authorization/policyDefinitions","name":"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138"},{"properties":{"displayName":"Microsoft
+ Managed Control 1671 - Flaw Remediation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1671"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c5bbef7-a316-415b-9b38-29753ce8e698","type":"Microsoft.Authorization/policyDefinitions","name":"5c5bbef7-a316-415b-9b38-29753ce8e698"},{"properties":{"displayName":"Microsoft
+ Managed Control 1067 - Wireless Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1067"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c5e54f6-0127-44d0-8b61-f31dc8dd6190","type":"Microsoft.Authorization/policyDefinitions","name":"5c5e54f6-0127-44d0-8b61-f31dc8dd6190"},{"properties":{"displayName":"External
accounts with write permissions should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"External
accounts with write privileges should be removed from your subscription in
order to prevent unmonitored access.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","type":"Microsoft.Authorization/policyDefinitions","name":"5c607a2e-c700-4744-8254-d77e7c9eb5e4"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","type":"Microsoft.Authorization/policyDefinitions","name":"5c607a2e-c700-4744-8254-d77e7c9eb5e4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1483 - Water Damage Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1483"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5cb81060-3c8a-4968-bcdc-395a1801f6c1","type":"Microsoft.Authorization/policyDefinitions","name":"5cb81060-3c8a-4968-bcdc-395a1801f6c1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1362 - Incident Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1362"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5d169442-d6ef-439b-8dca-46c2c3248214","type":"Microsoft.Authorization/policyDefinitions","name":"5d169442-d6ef-439b-8dca-46c2c3248214"},{"properties":{"displayName":"Microsoft
+ Managed Control 1014 - Account Management | Removal Of Temporary / Emergency
+ Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1014"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5dee936c-8037-4df1-ab35-6635733da48c","type":"Microsoft.Authorization/policyDefinitions","name":"5dee936c-8037-4df1-ab35-6635733da48c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1665 - Process Isolation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1665"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5df3a55c-8456-44d4-941e-175f79332512","type":"Microsoft.Authorization/policyDefinitions","name":"5df3a55c-8456-44d4-941e-175f79332512"},{"properties":{"displayName":"[Deprecated]:
Function App should only be accessible over HTTPS","policyType":"BuiltIn","mode":"All","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"Security
Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForFunctionApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55","type":"Microsoft.Authorization/policyDefinitions","name":"5df82f4f-773a-4a2d-97a2-422a806f1a55"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForFunctionApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55","type":"Microsoft.Authorization/policyDefinitions","name":"5df82f4f-773a-4a2d-97a2-422a806f1a55"},{"properties":{"displayName":"Microsoft
+ Managed Control 1251 - Contingency Plan | Coordinate With Related Plans","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1251"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e2b3730-8c14-4081-8893-19dbb5de7348","type":"Microsoft.Authorization/policyDefinitions","name":"5e2b3730-8c14-4081-8893-19dbb5de7348"},{"properties":{"displayName":"[Deprecated]:
Audit Web Applications that are not using latest supported .NET Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported .NET Framework version for the latest security classes.
Using older classes and types can make your application vulnerable.","metadata":{"category":"Security
@@ -4816,8 +6894,14 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that do not have the specified applications installed. For
more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WhitelistedApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9","type":"Microsoft.Authorization/policyDefinitions","name":"5e393799-e3ca-4e43-a9a5-0ec4648a57d9"},{"properties":{"displayName":"Allow
- resource creation only in India data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WhitelistedApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9","type":"Microsoft.Authorization/policyDefinitions","name":"5e393799-e3ca-4e43-a9a5-0ec4648a57d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1116 - Audit Review, Analysis, And Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1116"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e47bc51-35d1-44b8-92af-e2f2d8b67635","type":"Microsoft.Authorization/policyDefinitions","name":"5e47bc51-35d1-44b8-92af-e2f2d8b67635"},{"properties":{"displayName":"Microsoft
+ Managed Control 1208 - Configuration Settings","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1208"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ea87673-d06b-456f-a324-8abcee5c159f","type":"Microsoft.Authorization/policyDefinitions","name":"5ea87673-d06b-456f-a324-8abcee5c159f"},{"properties":{"displayName":"[Deprecated]:
+ Allow resource creation only in India data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation in the following locations only: West India, South India,
Central India","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["westindia","southindia","centralindia"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54","type":"Microsoft.Authorization/policyDefinitions","name":"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54"},{"properties":{"displayName":"[Preview]:
Deploy Log Analytics Agent for Linux VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
@@ -4834,11 +6918,26 @@ interactions:
''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachineScaleSets/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069","type":"Microsoft.Authorization/policyDefinitions","name":"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069"},{"properties":{"displayName":"External
+ extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069","type":"Microsoft.Authorization/policyDefinitions","name":"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069"},{"properties":{"displayName":"Microsoft
+ Managed Control 1576 - Acquisition Process | Design / Implementation Information
+ For Security Controls","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1576"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5f18c885-ade3-48c5-80b1-8f9216019c18","type":"Microsoft.Authorization/policyDefinitions","name":"5f18c885-ade3-48c5-80b1-8f9216019c18"},{"properties":{"displayName":"External
accounts with read permissions should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"External
accounts with read privileges should be removed from your subscription in
order to prevent unmonitored access.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithReadPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","type":"Microsoft.Authorization/policyDefinitions","name":"5f76cf89-fbf2-47fd-a3f4-b891fa780b60"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithReadPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","type":"Microsoft.Authorization/policyDefinitions","name":"5f76cf89-fbf2-47fd-a3f4-b891fa780b60"},{"properties":{"displayName":"Add
+ or replace a tag on resources","policyType":"BuiltIn","mode":"Indexed","description":"Adds
+ or replaces the specified tag and value when any resource is created or updated.
+ Existing resources can be remediated by triggering a remediation task. Does
+ not modify tags on resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
+ Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","notEquals":"[parameters(''tagValue'')]"},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"addOrReplace","field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ffd78d9-436d-4b41-a421-5baa819e3008","type":"Microsoft.Authorization/policyDefinitions","name":"5ffd78d9-436d-4b41-a421-5baa819e3008"},{"properties":{"displayName":"Microsoft
+ Managed Control 1663 - Protection Of Information At Rest","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1663"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/60171210-6dde-40af-a144-bf2670518bfa","type":"Microsoft.Authorization/policyDefinitions","name":"60171210-6dde-40af-a144-bf2670518bfa"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Object Access''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -4846,7 +6945,11 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''System Audit Policies - Object Access''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesObjectAccess","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/60aeaf73-a074-417a-905f-7ce9df0ff77b","type":"Microsoft.Authorization/policyDefinitions","name":"60aeaf73-a074-417a-905f-7ce9df0ff77b"},{"properties":{"displayName":"Show
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesObjectAccess","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/60aeaf73-a074-417a-905f-7ce9df0ff77b","type":"Microsoft.Authorization/policyDefinitions","name":"60aeaf73-a074-417a-905f-7ce9df0ff77b"},{"properties":{"displayName":"Storage
+ Accounts should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Storage Account not configured to use a virtual network
+ service endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"anyOf":[{"field":"Microsoft.Storage/storageAccounts/networkAcls.defaultAction","notEquals":"Deny"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.virtualNetworkRules[*].id","exists":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/60d21c4f-21a3-4d94-85f4-b924e6aeeda4","type":"Microsoft.Authorization/policyDefinitions","name":"60d21c4f-21a3-4d94-85f4-b924e6aeeda4"},{"properties":{"displayName":"Show
audit results from Windows web servers that are not using secure communication
protocols","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
@@ -4860,19 +6963,87 @@ interactions:
a storage account in the same region and resource group as the SQL server
to store scan results, with a ''sqlva'' prefix.","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/securityAlertPolicies.state","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3","/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"serverName":{"type":"string"},"location":{"type":"string"}},"variables":{"serverResourceGroupName":"[resourceGroup().name]","subscriptionId":"[subscription().subscriptionId]","uniqueStorage":"[uniqueString(variables(''subscriptionId''),
variables(''serverResourceGroupName''), parameters(''location''))]","storageName":"[tolower(concat(''sqlva'',
- variables(''uniqueStorage'')))]"},"resources":[{"type":"Microsoft.Storage/storageAccounts","name":"[variables(''storageName'')]","apiVersion":"2016-01-01","location":"[parameters(''location'')]","sku":{"name":"Standard_LRS"},"kind":"Storage","properties":{}},{"name":"[concat(parameters(''serverName''),
+ variables(''uniqueStorage'')))]"},"resources":[{"type":"Microsoft.Storage/storageAccounts","name":"[variables(''storageName'')]","apiVersion":"2019-04-01","location":"[parameters(''location'')]","sku":{"name":"Standard_LRS"},"kind":"StorageV2","properties":{}},{"name":"[concat(parameters(''serverName''),
''/Default'')]","type":"Microsoft.Sql/servers/securityAlertPolicies","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","emailAccountAdmins":true}},{"name":"[concat(parameters(''serverName''),
''/Default'')]","type":"Microsoft.Sql/servers/vulnerabilityAssessments","apiVersion":"2018-06-01-preview","properties":{"storageContainerPath":"[concat(reference(resourceId(''Microsoft.Storage/storageAccounts'',
variables(''storageName''))).primaryEndpoints.blob, ''vulnerability-assessment'')]","storageAccountAccessKey":"[listKeys(resourceId(''Microsoft.Storage/storageAccounts'',
variables(''storageName'')), ''2018-02-01'').keys[0].value]","recurringScans":{"isEnabled":true,"emailSubscriptionAdmins":true,"emails":[]}},"dependsOn":["[concat(''Microsoft.Storage/storageAccounts/'',
variables(''storageName''))]","[concat(''Microsoft.Sql/servers/'', parameters(''serverName''),
- ''/securityAlertPolicies/Default'')]"]}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6","type":"Microsoft.Authorization/policyDefinitions","name":"6134c3db-786f-471e-87bc-8f479dc890f6"},{"properties":{"displayName":"Service
+ ''/securityAlertPolicies/Default'')]"]}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6","type":"Microsoft.Authorization/policyDefinitions","name":"6134c3db-786f-471e-87bc-8f479dc890f6"},{"properties":{"displayName":"Configure
+ time zone on Windows machines.","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to set specified time zone
+ on Windows virtual machines.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"TimeZone":{"type":"String","metadata":{"displayName":"Time
+ zone","description":"The expected time zone"},"allowedValues":["(UTC-12:00)
+ International Date Line West","(UTC-11:00) Coordinated Universal Time-11","(UTC-10:00)
+ Aleutian Islands","(UTC-10:00) Hawaii","(UTC-09:30) Marquesas Islands","(UTC-09:00)
+ Alaska","(UTC-09:00) Coordinated Universal Time-09","(UTC-08:00) Baja California","(UTC-08:00)
+ Coordinated Universal Time-08","(UTC-08:00) Pacific Time (US & Canada)","(UTC-07:00)
+ Arizona","(UTC-07:00) Chihuahua, La Paz, Mazatlan","(UTC-07:00) Mountain Time
+ (US & Canada)","(UTC-06:00) Central America","(UTC-06:00) Central Time (US
+ & Canada)","(UTC-06:00) Easter Island","(UTC-06:00) Guadalajara, Mexico City,
+ Monterrey","(UTC-06:00) Saskatchewan","(UTC-05:00) Bogota, Lima, Quito, Rio
+ Branco","(UTC-05:00) Chetumal","(UTC-05:00) Eastern Time (US & Canada)","(UTC-05:00)
+ Haiti","(UTC-05:00) Havana","(UTC-05:00) Indiana (East)","(UTC-05:00) Turks
+ and Caicos","(UTC-04:00) Asuncion","(UTC-04:00) Atlantic Time (Canada)","(UTC-04:00)
+ Caracas","(UTC-04:00) Cuiaba","(UTC-04:00) Georgetown, La Paz, Manaus, San
+ Juan","(UTC-04:00) Santiago","(UTC-03:30) Newfoundland","(UTC-03:00) Araguaina","(UTC-03:00)
+ Brasilia","(UTC-03:00) Cayenne, Fortaleza","(UTC-03:00) City of Buenos Aires","(UTC-03:00)
+ Greenland","(UTC-03:00) Montevideo","(UTC-03:00) Punta Arenas","(UTC-03:00)
+ Saint Pierre and Miquelon","(UTC-03:00) Salvador","(UTC-02:00) Coordinated
+ Universal Time-02","(UTC-02:00) Mid-Atlantic - Old","(UTC-01:00) Azores","(UTC-01:00)
+ Cabo Verde Is.","(UTC) Coordinated Universal Time","(UTC+00:00) Dublin, Edinburgh,
+ Lisbon, London","(UTC+00:00) Monrovia, Reykjavik","(UTC+00:00) Sao Tome","(UTC+01:00)
+ Casablanca","(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna","(UTC+01:00)
+ Belgrade, Bratislava, Budapest, Ljubljana, Prague","(UTC+01:00) Brussels,
+ Copenhagen, Madrid, Paris","(UTC+01:00) Sarajevo, Skopje, Warsaw, Zagreb","(UTC+01:00)
+ West Central Africa","(UTC+02:00) Amman","(UTC+02:00) Athens, Bucharest","(UTC+02:00)
+ Beirut","(UTC+02:00) Cairo","(UTC+02:00) Chisinau","(UTC+02:00) Damascus","(UTC+02:00)
+ Gaza, Hebron","(UTC+02:00) Harare, Pretoria","(UTC+02:00) Helsinki, Kyiv,
+ Riga, Sofia, Tallinn, Vilnius","(UTC+02:00) Jerusalem","(UTC+02:00) Kaliningrad","(UTC+02:00)
+ Khartoum","(UTC+02:00) Tripoli","(UTC+02:00) Windhoek","(UTC+03:00) Baghdad","(UTC+03:00)
+ Istanbul","(UTC+03:00) Kuwait, Riyadh","(UTC+03:00) Minsk","(UTC+03:00) Moscow,
+ St. Petersburg","(UTC+03:00) Nairobi","(UTC+03:30) Tehran","(UTC+04:00) Abu
+ Dhabi, Muscat","(UTC+04:00) Astrakhan, Ulyanovsk","(UTC+04:00) Baku","(UTC+04:00)
+ Izhevsk, Samara","(UTC+04:00) Port Louis","(UTC+04:00) Saratov","(UTC+04:00)
+ Tbilisi","(UTC+04:00) Volgograd","(UTC+04:00) Yerevan","(UTC+04:30) Kabul","(UTC+05:00)
+ Ashgabat, Tashkent","(UTC+05:00) Ekaterinburg","(UTC+05:00) Islamabad, Karachi","(UTC+05:00)
+ Qyzylorda","(UTC+05:30) Chennai, Kolkata, Mumbai, New Delhi","(UTC+05:30)
+ Sri Jayawardenepura","(UTC+05:45) Kathmandu","(UTC+06:00) Astana","(UTC+06:00)
+ Dhaka","(UTC+06:00) Omsk","(UTC+06:30) Yangon (Rangoon)","(UTC+07:00) Bangkok,
+ Hanoi, Jakarta","(UTC+07:00) Barnaul, Gorno-Altaysk","(UTC+07:00) Hovd","(UTC+07:00)
+ Krasnoyarsk","(UTC+07:00) Novosibirsk","(UTC+07:00) Tomsk","(UTC+08:00) Beijing,
+ Chongqing, Hong Kong, Urumqi","(UTC+08:00) Irkutsk","(UTC+08:00) Kuala Lumpur,
+ Singapore","(UTC+08:00) Perth","(UTC+08:00) Taipei","(UTC+08:00) Ulaanbaatar","(UTC+08:45)
+ Eucla","(UTC+09:00) Chita","(UTC+09:00) Osaka, Sapporo, Tokyo","(UTC+09:00)
+ Pyongyang","(UTC+09:00) Seoul","(UTC+09:00) Yakutsk","(UTC+09:30) Adelaide","(UTC+09:30)
+ Darwin","(UTC+10:00) Brisbane","(UTC+10:00) Canberra, Melbourne, Sydney","(UTC+10:00)
+ Guam, Port Moresby","(UTC+10:00) Hobart","(UTC+10:00) Vladivostok","(UTC+10:30)
+ Lord Howe Island","(UTC+11:00) Bougainville Island","(UTC+11:00) Chokurdakh","(UTC+11:00)
+ Magadan","(UTC+11:00) Norfolk Island","(UTC+11:00) Sakhalin","(UTC+11:00)
+ Solomon Is., New Caledonia","(UTC+12:00) Anadyr, Petropavlovsk-Kamchatsky","(UTC+12:00)
+ Auckland, Wellington","(UTC+12:00) Coordinated Universal Time+12","(UTC+12:00)
+ Fiji","(UTC+12:00) Petropavlovsk-Kamchatsky - Old","(UTC+12:45) Chatham Islands","(UTC+13:00)
+ Coordinated Universal Time+13","(UTC+13:00) Nuku''alofa","(UTC+13:00) Samoa","(UTC+14:00)
+ Kiritimati Island"]}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"SetWindowsTimeZone","existenceCondition":{"allOf":[{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[WindowsTimeZone]WindowsTimeZone1;TimeZone'',
+ ''='', parameters(''TimeZone'')))]"},{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"SetWindowsTimeZone"},"TimeZone":{"value":"[parameters(''TimeZone'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"TimeZone":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","assignmentType":"DeployAndAutoCorrect","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","assignmentType":"DeployAndAutoCorrect","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6141c932-9384-44c6-a395-59e4c057d7c9","type":"Microsoft.Authorization/policyDefinitions","name":"6141c932-9384-44c6-a395-59e4c057d7c9"},{"properties":{"displayName":"Service
Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign","policyType":"BuiltIn","mode":"Indexed","description":"Service
Fabric provides three levels of protection (None, Sign and EncryptAndSign)
for node-to-node communication using a primary cluster certificate. Set the
protection level to ensure that all node-to-node messages are encrypted and
digitally signed","metadata":{"category":"Service Fabric"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceFabric/clusters"},{"anyOf":[{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].name","notEquals":"Security"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name","notEquals":"ClusterProtectionLevel"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value","notEquals":"EncryptAndSign"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","type":"Microsoft.Authorization/policyDefinitions","name":"617c02be-7f02-4efd-8836-3180d47b6c68"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceFabric/clusters"},{"anyOf":[{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].name","notEquals":"Security"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name","notEquals":"ClusterProtectionLevel"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value","notEquals":"EncryptAndSign"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","type":"Microsoft.Authorization/policyDefinitions","name":"617c02be-7f02-4efd-8836-3180d47b6c68"},{"properties":{"displayName":"Microsoft
+ Managed Control 1110 - Audit Storage Capacity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1110"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6182bfa7-0f2a-43f5-834a-a2ddf31c13c7","type":"Microsoft.Authorization/policyDefinitions","name":"6182bfa7-0f2a-43f5-834a-a2ddf31c13c7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1415 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1415"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/61a1dd98-b259-4840-abd5-fbba7ee0da83","type":"Microsoft.Authorization/policyDefinitions","name":"61a1dd98-b259-4840-abd5-fbba7ee0da83"},{"properties":{"displayName":"Microsoft
+ Managed Control 1153 - System Interconnections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1153"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/61cf3125-142c-4754-8a16-41ab4d529635","type":"Microsoft.Authorization/policyDefinitions","name":"61cf3125-142c-4754-8a16-41ab4d529635"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
System objects''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -4880,7 +7051,24 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - System objects''. For more information on Guest
Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsSystemobjects","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/620e58b5-ac75-49b4-993f-a9d4f0459636","type":"Microsoft.Authorization/policyDefinitions","name":"620e58b5-ac75-49b4-993f-a9d4f0459636"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsSystemobjects","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/620e58b5-ac75-49b4-993f-a9d4f0459636","type":"Microsoft.Authorization/policyDefinitions","name":"620e58b5-ac75-49b4-993f-a9d4f0459636"},{"properties":{"displayName":"Microsoft
+ Managed Control 1682 - Malicious Code Protection | Nonsignature-Based Detection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1682"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/62b638c5-29d7-404b-8d93-f21e4b1ce198","type":"Microsoft.Authorization/policyDefinitions","name":"62b638c5-29d7-404b-8d93-f21e4b1ce198"},{"properties":{"displayName":"Microsoft
+ Managed Control 1660 - Session Authenticity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1660"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/63096613-ce83-43e5-96f4-e588e8813554","type":"Microsoft.Authorization/policyDefinitions","name":"63096613-ce83-43e5-96f4-e588e8813554"},{"properties":{"displayName":"Microsoft
+ Managed Control 1002 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1002"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/632024c2-8079-439d-a7f6-90af1d78cc65","type":"Microsoft.Authorization/policyDefinitions","name":"632024c2-8079-439d-a7f6-90af1d78cc65"},{"properties":{"displayName":"Microsoft
+ Managed Control 1498 - Rules Of Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1498"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/633988b9-cf2f-4323-8394-f0d2af9cd6e1","type":"Microsoft.Authorization/policyDefinitions","name":"633988b9-cf2f-4323-8394-f0d2af9cd6e1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1177 - Baseline Configuration | Reviews And Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1177"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc","type":"Microsoft.Authorization/policyDefinitions","name":"63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1185 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1185"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6420cd73-b939-43b7-9d99-e8688fea053c","type":"Microsoft.Authorization/policyDefinitions","name":"6420cd73-b939-43b7-9d99-e8688fea053c"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Devices''","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4897,16 +7085,38 @@ interactions:
Allowed to format and eject removable media;ExpectedValue'', ''='', parameters(''DevicesAllowedToFormatAndEjectRemovableMedia'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsDevices"},"DevicesAllowedToFormatAndEjectRemovableMedia":{"value":"[parameters(''DevicesAllowedToFormatAndEjectRemovableMedia'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"DevicesAllowedToFormatAndEjectRemovableMedia":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Devices:
Allowed to format and eject removable media;ExpectedValue","value":"[parameters(''DevicesAllowedToFormatAndEjectRemovableMedia'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6481cc21-ed6e-4480-99dd-ea7c5222e897","type":"Microsoft.Authorization/policyDefinitions","name":"6481cc21-ed6e-4480-99dd-ea7c5222e897"},{"properties":{"displayName":"[Deprecated]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6481cc21-ed6e-4480-99dd-ea7c5222e897","type":"Microsoft.Authorization/policyDefinitions","name":"6481cc21-ed6e-4480-99dd-ea7c5222e897"},{"properties":{"displayName":"Microsoft
+ Managed Control 1441 - Media Sanitization | Equipment Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1441"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6519d7f3-e8a2-4ff3-a935-9a9497152ad7","type":"Microsoft.Authorization/policyDefinitions","name":"6519d7f3-e8a2-4ff3-a935-9a9497152ad7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1558 - Vulnerability Scanning | Correlate Scanning Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1558"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/65592b16-4367-42c5-a26e-d371be450e17","type":"Microsoft.Authorization/policyDefinitions","name":"65592b16-4367-42c5-a26e-d371be450e17"},{"properties":{"displayName":"[Deprecated]:
Audit missing blob encryption for storage accounts","policyType":"BuiltIn","mode":"All","description":"This
policy is no longer necessary because storage blob encryption is enabled by
default and cannot be turned off.","metadata":{"category":"Security Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759","type":"Microsoft.Authorization/policyDefinitions","name":"655cb504-bcee-4362-bd4c-402e6aa38759"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759","type":"Microsoft.Authorization/policyDefinitions","name":"655cb504-bcee-4362-bd4c-402e6aa38759"},{"properties":{"displayName":"Microsoft
+ Managed Control 1261 - Contingency Plan Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1261"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/65aeceb5-a59c-4cb1-8d82-9c474be5d431","type":"Microsoft.Authorization/policyDefinitions","name":"65aeceb5-a59c-4cb1-8d82-9c474be5d431"},{"properties":{"displayName":"[Deprecated]:
Audit IP restrictions configuration for a Function App","policyType":"BuiltIn","mode":"All","description":"IP
Restrictions allow you to define a list of IP addresses that are allowed to
access your app. Use of IP Restrictions protects a Function app from common
attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90","type":"Microsoft.Authorization/policyDefinitions","name":"664346d9-be92-43fb-a219-d595eeb76a90"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90","type":"Microsoft.Authorization/policyDefinitions","name":"664346d9-be92-43fb-a219-d595eeb76a90"},{"properties":{"displayName":"Microsoft
+ Managed Control 1444 - Media Use | Prohibit Use Without Owner","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1444"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/666143df-f5e0-45bd-b554-135f0f93e44e","type":"Microsoft.Authorization/policyDefinitions","name":"666143df-f5e0-45bd-b554-135f0f93e44e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1319 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1319"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/66f7ae57-5560-4fc5-85c9-659f204e7a42","type":"Microsoft.Authorization/policyDefinitions","name":"66f7ae57-5560-4fc5-85c9-659f204e7a42"},{"properties":{"displayName":"Microsoft
+ Managed Control 1628 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1628"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/67de62b4-a737-4781-8861-3baed3c35069","type":"Microsoft.Authorization/policyDefinitions","name":"67de62b4-a737-4781-8861-3baed3c35069"},{"properties":{"displayName":"Microsoft
+ Managed Control 1377 - Incident Response Assistance | Coordination With External
+ Providers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1377"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68434bd1-e14b-4031-9edb-a4adf5f84a67","type":"Microsoft.Authorization/policyDefinitions","name":"68434bd1-e14b-4031-9edb-a4adf5f84a67"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs on which the Log Analytics agent
is not connected as expected","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4918,14 +7128,42 @@ interactions:
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"WorkspaceId":{"type":"String","metadata":{"displayName":"Connected
workspace IDs","description":"A semicolon-separated list of the workspace
IDs that the Log Analytics agent should be connected to"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsLogAnalyticsAgentConnection","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[LogAnalyticsAgent]LogAnalyticsAgent1;WorkspaceId'',
- ''='', parameters(''WorkspaceId'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsLogAnalyticsAgentConnection"},"WorkspaceId":{"value":"[parameters(''WorkspaceId'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"WorkspaceId":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LogAnalyticsAgent]LogAnalyticsAgent1;WorkspaceId","value":"[parameters(''WorkspaceId'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LogAnalyticsAgent]LogAnalyticsAgent1;WorkspaceId","value":"[parameters(''WorkspaceId'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68511db2-bd02-41c4-ae6b-1900a012968a","type":"Microsoft.Authorization/policyDefinitions","name":"68511db2-bd02-41c4-ae6b-1900a012968a"},{"properties":{"displayName":"[Preview]:
+ ''='', parameters(''WorkspaceId'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsLogAnalyticsAgentConnection"},"WorkspaceId":{"value":"[parameters(''WorkspaceId'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"WorkspaceId":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LogAnalyticsAgent]LogAnalyticsAgent1;WorkspaceId","value":"[parameters(''WorkspaceId'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LogAnalyticsAgent]LogAnalyticsAgent1;WorkspaceId","value":"[parameters(''WorkspaceId'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68511db2-bd02-41c4-ae6b-1900a012968a","type":"Microsoft.Authorization/policyDefinitions","name":"68511db2-bd02-41c4-ae6b-1900a012968a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1597 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1597"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68b250ec-2e4f-4eee-898a-117a9fda7016","type":"Microsoft.Authorization/policyDefinitions","name":"68b250ec-2e4f-4eee-898a-117a9fda7016"},{"properties":{"displayName":"Microsoft
+ Managed Control 1588 - External Information System Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1588"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68ebae26-e0e0-4ecb-8379-aabf633b51e9","type":"Microsoft.Authorization/policyDefinitions","name":"68ebae26-e0e0-4ecb-8379-aabf633b51e9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1070 - Wireless Access | Disable Wireless Networking","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1070"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68f837d0-8942-4b1e-9b31-be78b247bda8","type":"Microsoft.Authorization/policyDefinitions","name":"68f837d0-8942-4b1e-9b31-be78b247bda8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1727 - Memory Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1727"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/697175a7-9715-4e89-b98b-c6f605888fa3","type":"Microsoft.Authorization/policyDefinitions","name":"697175a7-9715-4e89-b98b-c6f605888fa3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1652 - Mobile Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1652"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6998e84a-2d29-4e10-8962-76754d4f772d","type":"Microsoft.Authorization/policyDefinitions","name":"6998e84a-2d29-4e10-8962-76754d4f772d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1699 - Information System Monitoring | Privileged Users","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1699"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/69c7bee8-bc19-4129-a51e-65a7b39d3e7c","type":"Microsoft.Authorization/policyDefinitions","name":"69c7bee8-bc19-4129-a51e-65a7b39d3e7c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1696 - Information System Monitoring | Correlate Monitoring
+ Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1696"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/69d2a238-20ab-4206-a6dc-f302bf88b1b8","type":"Microsoft.Authorization/policyDefinitions","name":"69d2a238-20ab-4206-a6dc-f302bf88b1b8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1244 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1244"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a13a8f8-c163-4b1b-8554-d63569dab937","type":"Microsoft.Authorization/policyDefinitions","name":"6a13a8f8-c163-4b1b-8554-d63569dab937"},{"properties":{"displayName":"Microsoft
+ Managed Control 1019 - Account Management | Role-Based Schemes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1019"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a3ee9b2-3977-459c-b8ce-2db583abd9f7","type":"Microsoft.Authorization/policyDefinitions","name":"6a3ee9b2-3977-459c-b8ce-2db583abd9f7"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs on which Windows Defender Exploit
Guard is not enabled","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -4940,41 +7178,120 @@ interactions:
machines with older versions on which Windows Defender Exploit Guard is not
available (such as Windows Server 2012 R2) non-compliant. Setting this value
to ''Compliant'' will make these machines compliant."},"allowedValues":["Compliant","Non-Compliant"],"defaultValue":"Non-Compliant"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDefenderExploitGuard","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[WindowsDefenderExploitGuard]WindowsDefenderExploitGuard1;NotAvailableMachineState'',
- ''='', parameters(''NotAvailableMachineState'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDefenderExploitGuard"},"NotAvailableMachineState":{"value":"[parameters(''NotAvailableMachineState'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"NotAvailableMachineState":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsDefenderExploitGuard]WindowsDefenderExploitGuard1;NotAvailableMachineState","value":"[parameters(''NotAvailableMachineState'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsDefenderExploitGuard]WindowsDefenderExploitGuard1;NotAvailableMachineState","value":"[parameters(''NotAvailableMachineState'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''='', parameters(''NotAvailableMachineState'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDefenderExploitGuard"},"NotAvailableMachineState":{"value":"[parameters(''NotAvailableMachineState'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"NotAvailableMachineState":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsDefenderExploitGuard]WindowsDefenderExploitGuard1;NotAvailableMachineState","value":"[parameters(''NotAvailableMachineState'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsDefenderExploitGuard]WindowsDefenderExploitGuard1;NotAvailableMachineState","value":"[parameters(''NotAvailableMachineState'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a7a2bcf-f9be-4e35-9734-4f9657a70f1d","type":"Microsoft.Authorization/policyDefinitions","name":"6a7a2bcf-f9be-4e35-9734-4f9657a70f1d"},{"properties":{"displayName":"[Deprecated]:
Audit IP restrictions configuration for a Web Application","policyType":"BuiltIn","mode":"All","description":"IP
Restrictions allow you to define a list of IP addresses that are allowed to
access your app. Use of IP Restrictions protects a web application from common
attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe","type":"Microsoft.Authorization/policyDefinitions","name":"6a8450e2-6c61-43b4-be65-62e3a197bffe"},{"properties":{"displayName":"Deprecated
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe","type":"Microsoft.Authorization/policyDefinitions","name":"6a8450e2-6c61-43b4-be65-62e3a197bffe"},{"properties":{"displayName":"Microsoft
+ Managed Control 1211 - Configuration Settings","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1211"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a8b9dc8-6b00-4701-aa96-bba3277ebf50","type":"Microsoft.Authorization/policyDefinitions","name":"6a8b9dc8-6b00-4701-aa96-bba3277ebf50"},{"properties":{"displayName":"[Deprecated]:
+ Ensure WEB app is using the latest version of TLS encryption ","policyType":"BuiltIn","mode":"Indexed","description":"Please
+ use /providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b
+ instead. The TLS(Transport Layer Security) protocol secures transmission of
+ data over the internet using standard encryption technology. Encryption should
+ be set with the latest version of TLS. App service allows TLS 1.2 by default,
+ which is the recommended TLS level by industry standards, such as PCI DSS.","metadata":{"category":"App
+ Service","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6ad61431-88ce-4357-a0e1-6da43f292bd7","type":"Microsoft.Authorization/policyDefinitions","name":"6ad61431-88ce-4357-a0e1-6da43f292bd7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1653 - Mobile Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1653"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b","type":"Microsoft.Authorization/policyDefinitions","name":"6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b"},{"properties":{"displayName":"Deprecated
accounts should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"Deprecated
accounts should be removed from your subscriptions. Deprecated accounts are
accounts that have been blocked from signing in.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveDeprecatedAccounts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","type":"Microsoft.Authorization/policyDefinitions","name":"6b1cbf55-e8b6-442f-ba4c-7246b6381474"},{"properties":{"displayName":"Not
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveDeprecatedAccounts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","type":"Microsoft.Authorization/policyDefinitions","name":"6b1cbf55-e8b6-442f-ba4c-7246b6381474"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Service Bus to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Service Bus to stream to a regional Event Hub
+ when any Service Bus which is missing this diagnostic settings is created
+ or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.ServiceBus/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b51af03-9277-49a9-a3f8-1c69c9ff7403","type":"Microsoft.Authorization/policyDefinitions","name":"6b51af03-9277-49a9-a3f8-1c69c9ff7403"},{"properties":{"displayName":"Microsoft
+ Managed Control 1031 - Separation Of Duties","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1031"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b93a801-fe25-4574-a60d-cb22acffae00","type":"Microsoft.Authorization/policyDefinitions","name":"6b93a801-fe25-4574-a60d-cb22acffae00"},{"properties":{"displayName":"Not
allowed resource types","policyType":"BuiltIn","mode":"All","description":"This
policy enables you to specify the resource types that your organization cannot
deploy.","metadata":{"category":"General"},"parameters":{"listOfResourceTypesNotAllowed":{"type":"Array","metadata":{"description":"The
list of resource types that cannot be deployed.","displayName":"Not allowed
- resource types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypesNotAllowed'')]"},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749","type":"Microsoft.Authorization/policyDefinitions","name":"6c112d4e-5bc7-47ae-a041-ea2d9dccd749"},{"properties":{"displayName":"Function
+ resource types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypesNotAllowed'')]"},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749","type":"Microsoft.Authorization/policyDefinitions","name":"6c112d4e-5bc7-47ae-a041-ea2d9dccd749"},{"properties":{"displayName":"Microsoft
+ Managed Control 1338 - Authenticator Management | Automated Support For Password
+ Strength Determination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1338"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6c59a207-6aed-41dc-83a2-e1ff66e4a4db","type":"Microsoft.Authorization/policyDefinitions","name":"6c59a207-6aed-41dc-83a2-e1ff66e4a4db"},{"properties":{"displayName":"Microsoft
+ Managed Control 1304 - Identification And Authentication (Org. Users) | Local
+ Access To Non-Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1304"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b","type":"Microsoft.Authorization/policyDefinitions","name":"6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1437 - Media Transport | Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1437"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d1eb6ed-bf13-4046-b993-b9e2aef0f76c","type":"Microsoft.Authorization/policyDefinitions","name":"6d1eb6ed-bf13-4046-b993-b9e2aef0f76c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1171 - Penetration Testing | Independent Penetration Agent
+ Or Team","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1171"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d4820bc-8b61-4982-9501-2123cb776c00","type":"Microsoft.Authorization/policyDefinitions","name":"6d4820bc-8b61-4982-9501-2123cb776c00"},{"properties":{"displayName":"Function
App should only be accessible over HTTPS","policyType":"BuiltIn","mode":"Indexed","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","type":"Microsoft.Authorization/policyDefinitions","name":"6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab"},{"properties":{"displayName":"Email
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","type":"Microsoft.Authorization/policyDefinitions","name":"6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab"},{"properties":{"displayName":"Microsoft
+ Managed Control 1643 - Cryptographic Key Establishment And Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1643"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d8d492c-dd7a-46f7-a723-fa66a425b87c","type":"Microsoft.Authorization/policyDefinitions","name":"6d8d492c-dd7a-46f7-a723-fa66a425b87c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1291 - Information System Backup | Testing For Reliability
+ / Integrity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1291"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912","type":"Microsoft.Authorization/policyDefinitions","name":"6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912"},{"properties":{"displayName":"Microsoft
+ Managed Control 1175 - Configuration Management Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1175"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6dab4254-c30d-4bb7-ae99-1d21586c063c","type":"Microsoft.Authorization/policyDefinitions","name":"6dab4254-c30d-4bb7-ae99-1d21586c063c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1651 - Mobile Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1651"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6db63528-c9ba-491c-8a80-83e1e6977a50","type":"Microsoft.Authorization/policyDefinitions","name":"6db63528-c9ba-491c-8a80-83e1e6977a50"},{"properties":{"displayName":"Email
notification for high severity alerts should be enabled","policyType":"BuiltIn","mode":"All","description":"Enable
emailing security alerts to the security contact, in order to have them receive
security alert emails from Microsoft. This ensures that the right people are
aware of any potential security issues and are able to mitigate the risks","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertNotifications","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","type":"Microsoft.Authorization/policyDefinitions","name":"6e2593d9-add6-4083-9c9b-4b7d2188c899"},{"properties":{"displayName":"Allow
- resource creation only in Japan data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
- resource creation in the following locations only: Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4","type":"Microsoft.Authorization/policyDefinitions","name":"6fdb9205-3462-4cfc-87d8-16c7860b53f4"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertNotifications","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","type":"Microsoft.Authorization/policyDefinitions","name":"6e2593d9-add6-4083-9c9b-4b7d2188c899"},{"properties":{"displayName":"Microsoft
+ Managed Control 1586 - External Information System Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1586"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e3b2fbd-8f37-4766-a64d-3f37703dcb51","type":"Microsoft.Authorization/policyDefinitions","name":"6e3b2fbd-8f37-4766-a64d-3f37703dcb51"},{"properties":{"displayName":"Microsoft
+ Managed Control 1536 - Risk Assessment Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1536"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e40d9de-2ad4-4cb5-8945-23143326a502","type":"Microsoft.Authorization/policyDefinitions","name":"6e40d9de-2ad4-4cb5-8945-23143326a502"},{"properties":{"displayName":"Microsoft
+ Managed Control 1530 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1530"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e8f9566-29f1-49cd-b61f-f8628a3cf993","type":"Microsoft.Authorization/policyDefinitions","name":"6e8f9566-29f1-49cd-b61f-f8628a3cf993"},{"properties":{"displayName":"Microsoft
+ Managed Control 1460 - Access Control For Output Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1460"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6f3ce1bb-4f77-4695-8355-70b08d54fdda","type":"Microsoft.Authorization/policyDefinitions","name":"6f3ce1bb-4f77-4695-8355-70b08d54fdda"},{"properties":{"displayName":"Microsoft
+ Managed Control 1320 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1320"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6f54c732-71d4-4f93-a696-4e373eca3a77","type":"Microsoft.Authorization/policyDefinitions","name":"6f54c732-71d4-4f93-a696-4e373eca3a77"},{"properties":{"displayName":"[Deprecated]:
+ Allow resource creation only in Japan data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ resource creation in the following locations only: Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4","type":"Microsoft.Authorization/policyDefinitions","name":"6fdb9205-3462-4cfc-87d8-16c7860b53f4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1141 - Audit Generation | Changes By Authorized Individuals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1141"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fdefbf4-93e7-4513-bc95-c1858b7093e0","type":"Microsoft.Authorization/policyDefinitions","name":"6fdefbf4-93e7-4513-bc95-c1858b7093e0"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Microsoft Network Server''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -4982,7 +7299,19 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - Microsoft Network Server''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkServer","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fe4ef56-7576-4dc4-8e9c-26bad4b087ce","type":"Microsoft.Authorization/policyDefinitions","name":"6fe4ef56-7576-4dc4-8e9c-26bad4b087ce"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkServer","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fe4ef56-7576-4dc4-8e9c-26bad4b087ce","type":"Microsoft.Authorization/policyDefinitions","name":"6fe4ef56-7576-4dc4-8e9c-26bad4b087ce"},{"properties":{"displayName":"Ensure
+ that ''Python version'' is the latest, if used as a part of the Web app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Python software either due to security flaws
+ or to include additional functionality. Using the latest Python version for
+ web apps is recommended in order to to take advantage of security fixes, if
+ any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"WindowsPythonLatestVersion":{"type":"String","metadata":{"displayName":"Windows
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.6"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"Linux
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.8"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PYTHON"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PYTHON|'',
+ parameters(''LinuxPythonLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":"[parameters(''WindowsPythonLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","type":"Microsoft.Authorization/policyDefinitions","name":"7008174a-fd10-4ef0-817e-fc820a951d73"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Windows Components''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
with non-compliant settings in Group Policy category: ''Windows Components''.
@@ -5094,14 +7423,36 @@ interactions:
Specify the maximum log file size (KB);ExpectedValue","value":"[parameters(''SystemSpecifyTheMaximumLogFileSizeKB'')]"},{"name":"Turn
off Data Execution Prevention for Explorer;ExpectedValue","value":"[parameters(''TurnOffDataExecutionPreventionForExplorer'')]"},{"name":"Specify
the interval to check for definition updates;ExpectedValue","value":"[parameters(''SpecifyTheIntervalToCheckForDefinitionUpdates'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7040a231-fb65-4412-8c0a-b365f4866c24","type":"Microsoft.Authorization/policyDefinitions","name":"7040a231-fb65-4412-8c0a-b365f4866c24"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7040a231-fb65-4412-8c0a-b365f4866c24","type":"Microsoft.Authorization/policyDefinitions","name":"7040a231-fb65-4412-8c0a-b365f4866c24"},{"properties":{"displayName":"Microsoft
+ Managed Control 1254 - Contingency Plan | Resume All Missions / Business Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1254"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/704e136a-4fe0-427c-b829-cd69957f5d2b","type":"Microsoft.Authorization/policyDefinitions","name":"704e136a-4fe0-427c-b829-cd69957f5d2b"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- System''","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''System
Audit Policies - System''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7066131b-61a6-4917-a7e4-72e8983f0aa6","type":"Microsoft.Authorization/policyDefinitions","name":"7066131b-61a6-4917-a7e4-72e8983f0aa6"},{"properties":{"displayName":"[Preview]:
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7066131b-61a6-4917-a7e4-72e8983f0aa6","type":"Microsoft.Authorization/policyDefinitions","name":"7066131b-61a6-4917-a7e4-72e8983f0aa6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1509 - Position Risk Designation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1509"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/70792197-9bfc-4813-905a-bd33993e327f","type":"Microsoft.Authorization/policyDefinitions","name":"70792197-9bfc-4813-905a-bd33993e327f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1541 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1541"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/70f6af82-7be6-44aa-9b15-8b9231b2e434","type":"Microsoft.Authorization/policyDefinitions","name":"70f6af82-7be6-44aa-9b15-8b9231b2e434"},{"properties":{"displayName":"Microsoft
+ Managed Control 1691 - Information System Monitoring | Automated Tools For
+ Real-Time Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1691"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/71475fb4-49bd-450b-a1a5-f63894c24725","type":"Microsoft.Authorization/policyDefinitions","name":"71475fb4-49bd-450b-a1a5-f63894c24725"},{"properties":{"displayName":"Microsoft
+ Managed Control 1481 - Temperature And Humidity Controls","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1481"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/717a1c78-a267-4f56-ac58-ee6c54dc4339","type":"Microsoft.Authorization/policyDefinitions","name":"717a1c78-a267-4f56-ac58-ee6c54dc4339"},{"properties":{"displayName":"Microsoft
+ Managed Control 1129 - Time Stamps | Synchronization With Authoritative Time
+ Source","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1129"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/71bb965d-4047-4623-afd4-b8189a58df5d","type":"Microsoft.Authorization/policyDefinitions","name":"71bb965d-4047-4623-afd4-b8189a58df5d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1395 - System Maintenance Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1395"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7207a023-a517-41c5-9df2-09d4c6845a05","type":"Microsoft.Authorization/policyDefinitions","name":"7207a023-a517-41c5-9df2-09d4c6845a05"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs on which the DSC configuration is not
compliant","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
@@ -5116,7 +7467,28 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Administrative
Templates - Network''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesNetwork","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7229bd6a-693d-478a-87f0-1dc1af06f3b8","type":"Microsoft.Authorization/policyDefinitions","name":"7229bd6a-693d-478a-87f0-1dc1af06f3b8"},{"properties":{"displayName":"[Preview]:
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesNetwork","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7229bd6a-693d-478a-87f0-1dc1af06f3b8","type":"Microsoft.Authorization/policyDefinitions","name":"7229bd6a-693d-478a-87f0-1dc1af06f3b8"},{"properties":{"displayName":"Ensure
+ that ''Python version'' is the latest, if used as a part of the Function app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Python software either due to security flaws
+ or to include additional functionality. Using the latest Python version for
+ Function apps is recommended in order to to take advantage of security fixes,
+ if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"WindowsPythonLatestVersion":{"type":"String","metadata":{"displayName":"Windows
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.6"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"Linux
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.8"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PYTHON"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PYTHON|'',
+ parameters(''LinuxPythonLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":"[parameters(''WindowsPythonLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","type":"Microsoft.Authorization/policyDefinitions","name":"7238174a-fd10-4ef0-817e-fc820a951d73"},{"properties":{"displayName":"Ensure
+ that ''PHP version'' is the latest, if used as a part of the WEB app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for PHP software either due to security flaws
+ or to include additional functionality. Using the latest PHP version for web
+ apps is recommended in order to to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ PHP version","description":"Latest supported PHP version for App Services"},"defaultValue":"7.3"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PHP"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PHP|'',
+ parameters(''PHPLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":"[parameters(''PHPLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","type":"Microsoft.Authorization/policyDefinitions","name":"7261b898-8a84-4db8-9e04-18527132abb3"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that allow re-use of the previous
24 passwords","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5124,24 +7496,75 @@ interactions:
managed identity and deploys the VM extension for Guest Configuration. This
policy should only be used along with its corresponding audit policy in an
initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"EnforcePasswordHistory"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","type":"Microsoft.Authorization/policyDefinitions","name":"726671ac-c4de-4908-8c7d-6043ae62e3b6"},{"properties":{"displayName":"Allowed
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"EnforcePasswordHistory"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","type":"Microsoft.Authorization/policyDefinitions","name":"726671ac-c4de-4908-8c7d-6043ae62e3b6"},{"properties":{"displayName":"Add
+ a tag to resource groups","policyType":"BuiltIn","mode":"All","description":"Adds
+ the specified tag and value when any resource group missing this tag is created
+ or updated. Existing resource groups can be remediated by triggering a remediation
+ task. If the tag exists with a different value it will not be changed.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
+ Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"add","field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/726aca4c-86e9-4b04-b0c5-073027359532","type":"Microsoft.Authorization/policyDefinitions","name":"726aca4c-86e9-4b04-b0c5-073027359532"},{"properties":{"displayName":"Microsoft
+ Managed Control 1524 - Personnel Transfer","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1524"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/72f1cb4e-2439-4fe8-88ea-b8671ce3c268","type":"Microsoft.Authorization/policyDefinitions","name":"72f1cb4e-2439-4fe8-88ea-b8671ce3c268"},{"properties":{"displayName":"Microsoft
+ Managed Control 1393 - Information Spillage Response | Exposure To Unauthorized
+ Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1393"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/731856d8-1598-4b75-92de-7d46235747c0","type":"Microsoft.Authorization/policyDefinitions","name":"731856d8-1598-4b75-92de-7d46235747c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1101 - Audit And Accountability Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1101"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7327b708-f0e0-457d-9d2a-527fcc9c9a65","type":"Microsoft.Authorization/policyDefinitions","name":"7327b708-f0e0-457d-9d2a-527fcc9c9a65"},{"properties":{"displayName":"Microsoft
+ Managed Control 1456 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1456"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/733ba9e3-9e7c-440a-a7aa-6196a90a2870","type":"Microsoft.Authorization/policyDefinitions","name":"733ba9e3-9e7c-440a-a7aa-6196a90a2870"},{"properties":{"displayName":"Microsoft
+ Managed Control 1581 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1581"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/742b549b-7a25-465f-b83c-ea1ffb4f4e0e","type":"Microsoft.Authorization/policyDefinitions","name":"742b549b-7a25-465f-b83c-ea1ffb4f4e0e"},{"properties":{"displayName":"Allowed
storage account SKUs","policyType":"BuiltIn","mode":"Indexed","description":"This
policy enables you to specify a set of storage account SKUs that your organization
can deploy.","metadata":{"category":"Storage"},"parameters":{"listOfAllowedSKUs":{"type":"Array","metadata":{"description":"The
list of SKUs that can be specified for storage accounts.","displayName":"Allowed
- SKUs","strongType":"StorageSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1","type":"Microsoft.Authorization/policyDefinitions","name":"7433c107-6db4-4ad1-b57a-a76dce0154a1"},{"properties":{"displayName":"[Deprecated]:
+ SKUs","strongType":"StorageSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1","type":"Microsoft.Authorization/policyDefinitions","name":"7433c107-6db4-4ad1-b57a-a76dce0154a1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1631 - Boundary Protection | Deny By Default / Allow By Exception","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1631"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/74ae9b8e-e7bb-4c9c-992f-c535282f7a2c","type":"Microsoft.Authorization/policyDefinitions","name":"74ae9b8e-e7bb-4c9c-992f-c535282f7a2c"},{"properties":{"displayName":"Ensure
+ that ''Python version'' is the latest, if used as a part of the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Python software either due to security flaws
+ or to include additional functionality. Using the latest Python version for
+ Api apps is recommended in order to to take advantage of security fixes, if
+ any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"WindowsPythonLatestVersion":{"type":"String","metadata":{"displayName":"Windows
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.6"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"Linux
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.8"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PYTHON"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PYTHON|'',
+ parameters(''LinuxPythonLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":"[parameters(''WindowsPythonLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","type":"Microsoft.Authorization/policyDefinitions","name":"74c3584d-afae-46f7-a20a-6f8adba71a16"},{"properties":{"displayName":"Microsoft
+ Managed Control 1417 - Nonlocal Maintenance | Comparable Security / Sanitization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1417"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7522ed84-70d5-4181-afc0-21e50b1b6d0e","type":"Microsoft.Authorization/policyDefinitions","name":"7522ed84-70d5-4181-afc0-21e50b1b6d0e"},{"properties":{"displayName":"[Deprecated]:
Audit enabling of diagnostic logs in App Services","policyType":"BuiltIn","mode":"All","description":"Audit
enabling of diagnostic logs on the app. This enables you to recreate activity
trails for investigation purposes if a security incident occurs or your network
is compromised","metadata":{"category":"App Service","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites/config"},{"field":"name","equals":"web"},{"anyOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","notEquals":"true"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac","type":"Microsoft.Authorization/policyDefinitions","name":"752c6934-9bcc-4749-b004-655e676ae2ac"},{"properties":{"displayName":"Vulnerabilities
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites/config"},{"field":"name","equals":"web"},{"anyOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","notEquals":"true"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac","type":"Microsoft.Authorization/policyDefinitions","name":"752c6934-9bcc-4749-b004-655e676ae2ac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1468 - Visitor Access Records | Automated Records Maintenance
+ / Review","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1468"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/75603f96-80a1-4757-991d-5a1221765ddd","type":"Microsoft.Authorization/policyDefinitions","name":"75603f96-80a1-4757-991d-5a1221765ddd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1053 - Session Lock | Pattern-Hiding Displays","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1053"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7582b19c-9dba-438e-aed8-ede59ac35ba3","type":"Microsoft.Authorization/policyDefinitions","name":"7582b19c-9dba-438e-aed8-ede59ac35ba3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1459 - Access Control For Transmission Medium","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1459"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0","type":"Microsoft.Authorization/policyDefinitions","name":"75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0"},{"properties":{"displayName":"Vulnerabilities
should be remediated by a Vulnerability Assessment solution","policyType":"BuiltIn","mode":"All","description":"Monitors
vulnerabilities detected by Vulnerability Assessment solution and VMs without
a Vulnerability Assessment solution in Azure Security Center as recommendations.","metadata":{"category":"Security
@@ -5155,12 +7578,63 @@ interactions:
List of VM images that have supported Linux OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.7"},"resources":[{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","name":"[concat(parameters(''vmName''),
''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0","type":"Microsoft.Authorization/policyDefinitions","name":"765266ab-e40e-4c61-bcb2-5a5275d0b7c0"},{"properties":{"displayName":"Azure
+ extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0","type":"Microsoft.Authorization/policyDefinitions","name":"765266ab-e40e-4c61-bcb2-5a5275d0b7c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1055 - Session Termination| User-Initiated Logouts / Message
+ Displays","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1055"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/769efd9b-3587-4e22-90ce-65ddcd5bd969","type":"Microsoft.Authorization/policyDefinitions","name":"769efd9b-3587-4e22-90ce-65ddcd5bd969"},{"properties":{"displayName":"Audit
+ delegation of scopes to a managing tenant","policyType":"BuiltIn","mode":"All","description":"Audit
+ delegation of scopes to a managing tenant via Azure Lighthouse.","metadata":{"category":"Lighthouse"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ManagedServices/registrationAssignments"},{"value":"true","equals":"true"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/76bed37b-484f-430f-a009-fd7592dff818","type":"Microsoft.Authorization/policyDefinitions","name":"76bed37b-484f-430f-a009-fd7592dff818"},{"properties":{"displayName":"Microsoft
+ Managed Control 1058 - Permitted Actions Without Identification Or Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1058"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/76e85d08-8fbb-4112-a1c1-93521e6a9254","type":"Microsoft.Authorization/policyDefinitions","name":"76e85d08-8fbb-4112-a1c1-93521e6a9254"},{"properties":{"displayName":"Microsoft
+ Managed Control 1508 - Position Risk Designation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1508"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/76f500cc-4bca-4583-bda1-6d084dc21086","type":"Microsoft.Authorization/policyDefinitions","name":"76f500cc-4bca-4583-bda1-6d084dc21086"},{"properties":{"displayName":"Microsoft
+ Managed Control 1423 - Maintenance Personnel | Individuals Without Appropriate
+ Access","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1423"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7741669e-d4f6-485a-83cb-e70ce7cbbc20","type":"Microsoft.Authorization/policyDefinitions","name":"7741669e-d4f6-485a-83cb-e70ce7cbbc20"},{"properties":{"displayName":"Azure
subscriptions should have a log profile for Activity Log","policyType":"BuiltIn","mode":"All","description":"This
policy ensures if a log profile is enabled for exporting activity logs. It
audits if there is no log profile created to export the logs either to a storage
account or to an event hub.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"field":"Microsoft.Insights/logProfiles/categories","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","type":"Microsoft.Authorization/policyDefinitions","name":"7796937f-307b-4598-941c-67d3a05ebfe7"},{"properties":{"displayName":"Deploy
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"field":"Microsoft.Insights/logProfiles/categories","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","type":"Microsoft.Authorization/policyDefinitions","name":"7796937f-307b-4598-941c-67d3a05ebfe7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1336 - Authenticator Management | Pki-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1336"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/77f56280-e367-432a-a3b9-8ca2aa636a26","type":"Microsoft.Authorization/policyDefinitions","name":"77f56280-e367-432a-a3b9-8ca2aa636a26"},{"properties":{"displayName":"Microsoft
+ Managed Control 1258 - Contingency Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1258"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7814506c-382c-4d33-a142-249dd4a0dbff","type":"Microsoft.Authorization/policyDefinitions","name":"7814506c-382c-4d33-a142-249dd4a0dbff"},{"properties":{"displayName":"Microsoft
+ Managed Control 1178 - Baseline Configuration | Reviews And Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1178"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7818b8f4-47c6-441a-90ae-12ce04e99893","type":"Microsoft.Authorization/policyDefinitions","name":"7818b8f4-47c6-441a-90ae-12ce04e99893"},{"properties":{"displayName":"Microsoft
+ Managed Control 1057 - Permitted Actions Without Identification Or Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1057"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/78255758-6d45-4bf0-a005-7016bc03b13c","type":"Microsoft.Authorization/policyDefinitions","name":"78255758-6d45-4bf0-a005-7016bc03b13c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1700 - Information System Monitoring | Unauthorized Network
+ Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1700"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5","type":"Microsoft.Authorization/policyDefinitions","name":"7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1010 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1010"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/784663a8-1eb0-418a-a98c-24d19bc1bb62","type":"Microsoft.Authorization/policyDefinitions","name":"784663a8-1eb0-418a-a98c-24d19bc1bb62"},{"properties":{"displayName":"Microsoft
+ Managed Control 1216 - Least Functionality | Periodic Review","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1216"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7894fe6a-f5cb-44c8-ba90-c3f254ff9484","type":"Microsoft.Authorization/policyDefinitions","name":"7894fe6a-f5cb-44c8-ba90-c3f254ff9484"},{"properties":{"displayName":"Microsoft
+ Managed Control 1639 - Boundary Protection | Isolation Of Information System
+ Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1639"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/78e8e649-50f6-4fe3-99ac-fedc2e63b03f","type":"Microsoft.Authorization/policyDefinitions","name":"78e8e649-50f6-4fe3-99ac-fedc2e63b03f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1647 - Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1647"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/791cfc15-6974-42a0-9f4c-2d4b82f4a78c","type":"Microsoft.Authorization/policyDefinitions","name":"791cfc15-6974-42a0-9f4c-2d4b82f4a78c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1510 - Position Risk Designation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1510"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/79da5b09-0e7e-499e-adda-141b069c7998","type":"Microsoft.Authorization/policyDefinitions","name":"79da5b09-0e7e-499e-adda-141b069c7998"},{"properties":{"displayName":"Microsoft
+ Managed Control 1384 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1384"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/79fbc228-461c-4a45-9004-a865ca0728a7","type":"Microsoft.Authorization/policyDefinitions","name":"79fbc228-461c-4a45-9004-a865ca0728a7"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows Server VMs on which Windows Serial Console
is not enabled","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows Server virtual
@@ -5176,14 +7650,35 @@ interactions:
the Emergency Management Services (EMS) console redirection. For more information
on EMS settings, please visit https://aka.ms/gcpolwsc"},"allowedValues":["9600","19200","38400","57600","115200"],"defaultValue":"115200"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsSerialConsole","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[WindowsSerialConsole]WindowsSerialConsole;EMSPortNumber'',
''='', parameters(''EMSPortNumber''), '','', ''[WindowsSerialConsole]WindowsSerialConsole;EMSBaudRate'',
- ''='', parameters(''EMSBaudRate'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsSerialConsole"},"EMSPortNumber":{"value":"[parameters(''EMSPortNumber'')]"},"EMSBaudRate":{"value":"[parameters(''EMSBaudRate'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"EMSPortNumber":{"type":"string"},"EMSBaudRate":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSPortNumber","value":"[parameters(''EMSPortNumber'')]"},{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSBaudRate","value":"[parameters(''EMSBaudRate'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSPortNumber","value":"[parameters(''EMSPortNumber'')]"},{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSBaudRate","value":"[parameters(''EMSBaudRate'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a031c68-d6ab-406e-a506-697a19c634b0","type":"Microsoft.Authorization/policyDefinitions","name":"7a031c68-d6ab-406e-a506-697a19c634b0"},{"properties":{"displayName":"Diagnostic
+ ''='', parameters(''EMSBaudRate'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsSerialConsole"},"EMSPortNumber":{"value":"[parameters(''EMSPortNumber'')]"},"EMSBaudRate":{"value":"[parameters(''EMSBaudRate'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"EMSPortNumber":{"type":"string"},"EMSBaudRate":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSPortNumber","value":"[parameters(''EMSPortNumber'')]"},{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSBaudRate","value":"[parameters(''EMSBaudRate'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSPortNumber","value":"[parameters(''EMSPortNumber'')]"},{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSBaudRate","value":"[parameters(''EMSBaudRate'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a031c68-d6ab-406e-a506-697a19c634b0","type":"Microsoft.Authorization/policyDefinitions","name":"7a031c68-d6ab-406e-a506-697a19c634b0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1093 - Role-Based Security Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1093"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a0bdeeb-15f4-47e8-a1da-9f769f845fdf","type":"Microsoft.Authorization/policyDefinitions","name":"7a0bdeeb-15f4-47e8-a1da-9f769f845fdf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1708 - Security Function Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1708"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a1e2c88-13de-4959-8ee7-47e3d74f1f48","type":"Microsoft.Authorization/policyDefinitions","name":"7a1e2c88-13de-4959-8ee7-47e3d74f1f48"},{"properties":{"displayName":"Microsoft
+ Managed Control 1289 - Information System Backup","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1289"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a724864-956a-496c-b778-637cb1d762cf","type":"Microsoft.Authorization/policyDefinitions","name":"7a724864-956a-496c-b778-637cb1d762cf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1687 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1687"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a87fc7f-301e-49f3-ba2a-4d74f424fa97","type":"Microsoft.Authorization/policyDefinitions","name":"7a87fc7f-301e-49f3-ba2a-4d74f424fa97"},{"properties":{"displayName":"Microsoft
+ Managed Control 1061 - Remote Access | Automated Monitoring / Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1061"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ac22808-a2e8-41c4-9d46-429b50738914","type":"Microsoft.Authorization/policyDefinitions","name":"7ac22808-a2e8-41c4-9d46-429b50738914"},{"properties":{"displayName":"Microsoft
+ Managed Control 1492 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1492"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ad5f307-e045-46f7-8214-5bdb7e973737","type":"Microsoft.Authorization/policyDefinitions","name":"7ad5f307-e045-46f7-8214-5bdb7e973737"},{"properties":{"displayName":"Microsoft
+ Managed Control 1636 - Boundary Protection | Isolation Of Security Tools /
+ Mechanisms / Support Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1636"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7b694eed-7081-43c6-867c-41c76c961043","type":"Microsoft.Authorization/policyDefinitions","name":"7b694eed-7081-43c6-867c-41c76c961043"},{"properties":{"displayName":"Diagnostic
logs in Virtual Machine Scale Sets should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"It
is recommended to enable Logs so that activity trail can be recreated when
investigations are required in the event of an incident or a compromise.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -5192,20 +7687,46 @@ interactions:
policy ensures blob encryption for storage accounts is turned on. It only
applies to Microsoft.Storage resource types, not other storage providers.
This policy is deprecated because storage blob encryption is now enabled by
- default, and can no longer be disabled.","metadata":{"category":"Storage","deprecated":true},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f","type":"Microsoft.Authorization/policyDefinitions","name":"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f"},{"properties":{"displayName":"Show
+ default, and can no longer be disabled.","metadata":{"category":"Storage","deprecated":true},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f","type":"Microsoft.Authorization/policyDefinitions","name":"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1143 - Security Assessment And Authorization Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1143"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7c6de11b-5f51-4f7c-8d83-d2467c8a816e","type":"Microsoft.Authorization/policyDefinitions","name":"7c6de11b-5f51-4f7c-8d83-d2467c8a816e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1051 - Session Lock","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1051"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7cac6ee9-b58b-40c8-a5ce-f0efc3d9b339","type":"Microsoft.Authorization/policyDefinitions","name":"7cac6ee9-b58b-40c8-a5ce-f0efc3d9b339"},{"properties":{"displayName":"Microsoft
+ Managed Control 1279 - Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1279"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0","type":"Microsoft.Authorization/policyDefinitions","name":"7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1109 - Content Of Audit Records | Centralized Management Of
+ Planned Audit Record Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1109"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7d9ffa23-ad92-4d0d-b1f4-7db274cc2aec","type":"Microsoft.Authorization/policyDefinitions","name":"7d9ffa23-ad92-4d0d-b1f4-7db274cc2aec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1201 - Security Impact Analysis | Separate Test Environments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1201"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7daef997-fdd3-461b-8807-a608a6dd70f1","type":"Microsoft.Authorization/policyDefinitions","name":"7daef997-fdd3-461b-8807-a608a6dd70f1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1471 - Emergency Shutoff","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1471"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7dd0e9ce-1772-41fb-a50a-99977071f916","type":"Microsoft.Authorization/policyDefinitions","name":"7dd0e9ce-1772-41fb-a50a-99977071f916"},{"properties":{"displayName":"Show
audit results from Windows VMs that have the specified applications installed","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that have the specified applications installed.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"NotInstalledApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c","type":"Microsoft.Authorization/policyDefinitions","name":"7e56b49b-5990-4159-a734-511ea19b731c"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"NotInstalledApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c","type":"Microsoft.Authorization/policyDefinitions","name":"7e56b49b-5990-4159-a734-511ea19b731c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1011 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1011"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e6a54f3-883f-43d5-87c4-172dfd64a1f5","type":"Microsoft.Authorization/policyDefinitions","name":"7e6a54f3-883f-43d5-87c4-172dfd64a1f5"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that have not restarted within the specified
number of days","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that have not restarted within the specified number of days.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MachineLastBootUpTime","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e84ba44-6d03-46fd-950e-5efa5a1112fa","type":"Microsoft.Authorization/policyDefinitions","name":"7e84ba44-6d03-46fd-950e-5efa5a1112fa"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MachineLastBootUpTime","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e84ba44-6d03-46fd-950e-5efa5a1112fa","type":"Microsoft.Authorization/policyDefinitions","name":"7e84ba44-6d03-46fd-950e-5efa5a1112fa"},{"properties":{"displayName":"Microsoft
+ Managed Control 1692 - Information System Monitoring | Inbound And Outbound
+ Communications Traffic","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1692"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ecda928-9df4-4dd7-8f44-641a91e470e8","type":"Microsoft.Authorization/policyDefinitions","name":"7ecda928-9df4-4dd7-8f44-641a91e470e8"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not have the password complexity
setting enabled","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5214,14 +7735,24 @@ interactions:
Configuration. This policy should only be used along with its corresponding
audit policy in an initiative. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordMustMeetComplexityRequirements"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","type":"Microsoft.Authorization/policyDefinitions","name":"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8"},{"properties":{"displayName":"[Preview]:
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordMustMeetComplexityRequirements"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","type":"Microsoft.Authorization/policyDefinitions","name":"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1191 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1191"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f26a61b-a74d-467c-99cf-63644db144f7","type":"Microsoft.Authorization/policyDefinitions","name":"7f26a61b-a74d-467c-99cf-63644db144f7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1520 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1520"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f2c513b-eb16-463b-b469-c10e5fa94f0a","type":"Microsoft.Authorization/policyDefinitions","name":"7f2c513b-eb16-463b-b469-c10e5fa94f0a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1126 - Audit Reduction And Report Generation | Automatic Processing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1126"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f37f71b-420f-49bf-9477-9c0196974ecf","type":"Microsoft.Authorization/policyDefinitions","name":"7f37f71b-420f-49bf-9477-9c0196974ecf"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Privilege Use''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -5232,13 +7763,28 @@ interactions:
Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPrivilegeUse","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f4e96d1-e4f3-4dbb-b767-33ca4df8df7c","type":"Microsoft.Authorization/policyDefinitions","name":"7f4e96d1-e4f3-4dbb-b767-33ca4df8df7c"},{"properties":{"displayName":"Audit
diagnostic setting","policyType":"BuiltIn","mode":"All","description":"Audit
diagnostic setting for selected resource types","metadata":{"category":"Monitoring"},"parameters":{"listOfResourceTypes":{"type":"Array","metadata":{"displayName":"Resource
- Types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypes'')]"},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","type":"Microsoft.Authorization/policyDefinitions","name":"7f89b1eb-583c-429a-8828-af049802c1d9"},{"properties":{"displayName":"SQL
+ Types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypes'')]"},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","type":"Microsoft.Authorization/policyDefinitions","name":"7f89b1eb-583c-429a-8828-af049802c1d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1117 - Audit Review, Analysis, And Reporting | Process Integration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1117"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7fbfe680-6dbb-4037-963c-a621c5635902","type":"Microsoft.Authorization/policyDefinitions","name":"7fbfe680-6dbb-4037-963c-a621c5635902"},{"properties":{"displayName":"SQL
Auditing settings should have Action-Groups configured to capture critical
activities","policyType":"BuiltIn","mode":"Indexed","description":"The AuditActionsAndGroups
property should contain at least SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,
FAILED_DATABASE_AUTHENTICATION_GROUP, BATCH_COMPLETED_GROUP to ensure a thorough
audit logging","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"FAILED_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"BATCH_COMPLETED_GROUP"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","type":"Microsoft.Authorization/policyDefinitions","name":"7ff426e2-515f-405a-91c8-4f2333442eb5"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"FAILED_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"BATCH_COMPLETED_GROUP"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","type":"Microsoft.Authorization/policyDefinitions","name":"7ff426e2-515f-405a-91c8-4f2333442eb5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1703 - Security Alerts, Advisories, And Directives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1703"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/804faf7d-b687-40f7-9f74-79e28adf4205","type":"Microsoft.Authorization/policyDefinitions","name":"804faf7d-b687-40f7-9f74-79e28adf4205"},{"properties":{"displayName":"Microsoft
+ Managed Control 1303 - Identification And Authentication (Org. Users) | Local
+ Access To Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1303"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/80ca0a27-918a-4604-af9e-723a27ee51e8","type":"Microsoft.Authorization/policyDefinitions","name":"80ca0a27-918a-4604-af9e-723a27ee51e8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1505 - Information Security Architecture","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1505"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/813a10a7-3943-4fe3-8678-00dc52db5490","type":"Microsoft.Authorization/policyDefinitions","name":"813a10a7-3943-4fe3-8678-00dc52db5490"},{"properties":{"displayName":"Microsoft
+ Managed Control 1614 - Developer Security Architecture And Design","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1614"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8154e3b3-cc52-40be-9407-7756581d71f6","type":"Microsoft.Authorization/policyDefinitions","name":"8154e3b3-cc52-40be-9407-7756581d71f6"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''User Rights Assignment''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
with non-compliant settings in Group Policy category: ''User Rights Assignment''.
@@ -5339,7 +7885,35 @@ interactions:
files and directories;ExpectedValue","value":"[parameters(''UsersAndGroupsThatMayRestoreFilesAndDirectories'')]"},{"name":"Shut
down the system;ExpectedValue","value":"[parameters(''UsersAndGroupsThatMayShutDownTheSystem'')]"},{"name":"Take
ownership of files or other objects;ExpectedValue","value":"[parameters(''UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/815dcc9f-6662-43f2-9a03-1b83e9876f24","type":"Microsoft.Authorization/policyDefinitions","name":"815dcc9f-6662-43f2-9a03-1b83e9876f24"},{"properties":{"displayName":"Diagnostic
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/815dcc9f-6662-43f2-9a03-1b83e9876f24","type":"Microsoft.Authorization/policyDefinitions","name":"815dcc9f-6662-43f2-9a03-1b83e9876f24"},{"properties":{"displayName":"Microsoft
+ Managed Control 1308 - Identification And Authentication (Org. Users) | Remote
+ Access - Separate Device","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1308"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/81817e1c-5347-48dd-965a-40159d008229","type":"Microsoft.Authorization/policyDefinitions","name":"81817e1c-5347-48dd-965a-40159d008229"},{"properties":{"displayName":"Microsoft
+ Managed Control 1287 - Information System Backup","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1287"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/819dc6da-289d-476e-8500-7e341ef8677d","type":"Microsoft.Authorization/policyDefinitions","name":"819dc6da-289d-476e-8500-7e341ef8677d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1213 - Configuration Settings | Respond To Unauthorized Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1213"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/81f11e32-a293-4a58-82cd-134af52e2318","type":"Microsoft.Authorization/policyDefinitions","name":"81f11e32-a293-4a58-82cd-134af52e2318"},{"properties":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for MySQL","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure Database for MySQL with geo-redundant backup not enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMySQL/servers"},{"field":"Microsoft.DBforMySQL/servers/storageProfile.geoRedundantBackup","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","type":"Microsoft.Authorization/policyDefinitions","name":"82339799-d096-41ae-8538-b108becf0970"},{"properties":{"displayName":"Microsoft
+ Managed Control 1168 - Continuous Monitoring | Independent Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1168"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/82409f9e-1f32-4775-bf07-b99d53a91b06","type":"Microsoft.Authorization/policyDefinitions","name":"82409f9e-1f32-4775-bf07-b99d53a91b06"},{"properties":{"displayName":"Microsoft
+ Managed Control 1448 - Physical Access Authorizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1448"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/825d6494-e583-42f2-a3f2-6458e6f0004f","type":"Microsoft.Authorization/policyDefinitions","name":"825d6494-e583-42f2-a3f2-6458e6f0004f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1452 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1452"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/82c76455-4d3f-4e09-a654-22e592107e74","type":"Microsoft.Authorization/policyDefinitions","name":"82c76455-4d3f-4e09-a654-22e592107e74"},{"properties":{"displayName":"Microsoft
+ Managed Control 1262 - Contingency Plan Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1262"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/831e510e-db41-4c72-888e-a0621ab62265","type":"Microsoft.Authorization/policyDefinitions","name":"831e510e-db41-4c72-888e-a0621ab62265"},{"properties":{"displayName":"Microsoft
+ Managed Control 1008 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1008"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8356cfc6-507a-4d20-b818-08038011cd07","type":"Microsoft.Authorization/policyDefinitions","name":"8356cfc6-507a-4d20-b818-08038011cd07"},{"properties":{"displayName":"Diagnostic
logs in Event Hub should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
@@ -5351,7 +7925,48 @@ interactions:
policy denies the network interfaces which are configured with any public
IP. Public IP addresses allow internet resources to communicate inbound to
Azure resources, and Azure resources to communicate outbound to the internet.
- This should be reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"not":{"field":"Microsoft.Network/networkInterfaces/ipconfigurations[*].publicIpAddress.id","notLike":"*"}}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114","type":"Microsoft.Authorization/policyDefinitions","name":"83a86a26-fd1f-447c-b59d-e51f44264114"},{"properties":{"displayName":"[Preview]:
+ This should be reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"not":{"field":"Microsoft.Network/networkInterfaces/ipconfigurations[*].publicIpAddress.id","notLike":"*"}}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114","type":"Microsoft.Authorization/policyDefinitions","name":"83a86a26-fd1f-447c-b59d-e51f44264114"},{"properties":{"displayName":"Microsoft
+ Managed Control 1382 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1382"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/841392b3-40da-4473-b328-4cde49db67b3","type":"Microsoft.Authorization/policyDefinitions","name":"841392b3-40da-4473-b328-4cde49db67b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1098 - Security Training Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1098"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/84363adb-dde3-411a-9fc1-36b56737f822","type":"Microsoft.Authorization/policyDefinitions","name":"84363adb-dde3-411a-9fc1-36b56737f822"},{"properties":{"displayName":"Ensure
+ that ''.Net Framework'' version is the latest, if used as a part of the Web
+ app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for .Net Framework software either due to security
+ flaws or to include additional functionality. Using the latest .Net framework
+ version for web apps is recommended in order to to take advantage of security
+ fixes, if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.netFrameworkVersion","in":["v3.0","v4.0"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/843664e0-7563-41ee-a9cb-7522c382d2c4","type":"Microsoft.Authorization/policyDefinitions","name":"843664e0-7563-41ee-a9cb-7522c382d2c4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1119 - Audit Review, Analysis, And Reporting | Central Review
+ And Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1119"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/845f6359-b764-4b40-b579-657aefe23c44","type":"Microsoft.Authorization/policyDefinitions","name":"845f6359-b764-4b40-b579-657aefe23c44"},{"properties":{"displayName":"Microsoft
+ Managed Control 1024 - Account Management | Account Monitoring / Atypical
+ Usage","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1024"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/84914fb4-12da-4c53-a341-a9fd463bed10","type":"Microsoft.Authorization/policyDefinitions","name":"84914fb4-12da-4c53-a341-a9fd463bed10"},{"properties":{"displayName":"Microsoft
+ Managed Control 1307 - Identification And Authentication (Org. Users) | Net.
+ Access To Non-Priv. Accts. - Replay","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1307"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/84e622c8-4bed-417c-84c6-b2fb0dd73682","type":"Microsoft.Authorization/policyDefinitions","name":"84e622c8-4bed-417c-84c6-b2fb0dd73682"},{"properties":{"displayName":"Microsoft
+ Managed Control 1080 - Use Of External Information Systems | Portable Storage
+ Devices","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1080"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/852981b4-a380-4704-aa1e-2e52d63445e5","type":"Microsoft.Authorization/policyDefinitions","name":"852981b4-a380-4704-aa1e-2e52d63445e5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1580 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1580"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/854db8ac-6adf-42a0-bef3-b73f764f40b9","type":"Microsoft.Authorization/policyDefinitions","name":"854db8ac-6adf-42a0-bef3-b73f764f40b9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1348 - Identification And Authentication (Non-Org. Users)
+ | Acceptance Of Third-Party Credentials","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1348"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/855ced56-417b-4d74-9d5f-dd1bc81e22d6","type":"Microsoft.Authorization/policyDefinitions","name":"855ced56-417b-4d74-9d5f-dd1bc81e22d6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1079 - Use Of External Information Systems | Limits On Authorized
+ Use","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1079"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/85c32733-7d23-4948-88da-058e2c56b60f","type":"Microsoft.Authorization/policyDefinitions","name":"85c32733-7d23-4948-88da-058e2c56b60f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1326 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1326"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8605fc00-1bf5-4fb3-984e-c95cec4f231d","type":"Microsoft.Authorization/policyDefinitions","name":"8605fc00-1bf5-4fb3-984e-c95cec4f231d"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Microsoft Network Server''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5369,11 +7984,39 @@ interactions:
updates should be installed on your machines","policyType":"BuiltIn","mode":"All","description":"Missing
security system updates on your servers will be monitored by Azure Security
Center as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"systemUpdates","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","type":"Microsoft.Authorization/policyDefinitions","name":"86b3d65f-7626-441e-b690-81a8b71cff60"},{"properties":{"displayName":"Require
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"systemUpdates","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","type":"Microsoft.Authorization/policyDefinitions","name":"86b3d65f-7626-441e-b690-81a8b71cff60"},{"properties":{"displayName":"Microsoft
+ Managed Control 1507 - Personnel Security Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1507"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86ccd1bf-e7ad-4851-93ce-6ec817469c1e","type":"Microsoft.Authorization/policyDefinitions","name":"86ccd1bf-e7ad-4851-93ce-6ec817469c1e"},{"properties":{"displayName":"Ensure
+ that Register with Azure Active Directory is enabled on API app","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86d97760-d216-4d81-a3ad-163087b2b6c3","type":"Microsoft.Authorization/policyDefinitions","name":"86d97760-d216-4d81-a3ad-163087b2b6c3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1392 - Information Spillage Response | Post-Spill Operations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1392"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86dc819f-15e1-43f9-a271-41ae58d4cecc","type":"Microsoft.Authorization/policyDefinitions","name":"86dc819f-15e1-43f9-a271-41ae58d4cecc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1589 - External Information System Services | Risk Assessments
+ / Organizational Approvals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1589"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86ec7f9b-9478-40ff-8cfd-6a0d510081a8","type":"Microsoft.Authorization/policyDefinitions","name":"86ec7f9b-9478-40ff-8cfd-6a0d510081a8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1207 - Access Restrictions For Change | Limit Production /
+ Operational Privileges","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1207"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8713a0ed-0d1e-4d10-be82-83dffb39830e","type":"Microsoft.Authorization/policyDefinitions","name":"8713a0ed-0d1e-4d10-be82-83dffb39830e"},{"properties":{"displayName":"Require
specified tag","policyType":"BuiltIn","mode":"Indexed","description":"Enforces
- existence of a tag. Does not apply to resource groups.","metadata":{"category":"General"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ existence of a tag. Does not apply to resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","exists":"false"},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/871b6d14-10aa-478d-b590-94f262ecfa99","type":"Microsoft.Authorization/policyDefinitions","name":"871b6d14-10aa-478d-b590-94f262ecfa99"},{"properties":{"displayName":"[Preview]:
+ parameters(''tagName''), '']'')]","exists":"false"},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/871b6d14-10aa-478d-b590-94f262ecfa99","type":"Microsoft.Authorization/policyDefinitions","name":"871b6d14-10aa-478d-b590-94f262ecfa99"},{"properties":{"displayName":"Microsoft
+ Managed Control 1180 - Baseline Configuration | Automation Support For Accuracy
+ / Currency","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1180"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/874e7880-a067-42a7-bcbe-1a340f54c8cc","type":"Microsoft.Authorization/policyDefinitions","name":"874e7880-a067-42a7-bcbe-1a340f54c8cc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1635 - Boundary Protection | Host-Based Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1635"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e","type":"Microsoft.Authorization/policyDefinitions","name":"87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Administrative Templates
- Control Panel''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -5381,7 +8024,18 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Administrative Templates - Control Panel''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesControlPanel","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/87b590fe-4a1d-4697-ae74-d4fe72ab786c","type":"Microsoft.Authorization/policyDefinitions","name":"87b590fe-4a1d-4697-ae74-d4fe72ab786c"},{"properties":{"displayName":"Deploy
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesControlPanel","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/87b590fe-4a1d-4697-ae74-d4fe72ab786c","type":"Microsoft.Authorization/policyDefinitions","name":"87b590fe-4a1d-4697-ae74-d4fe72ab786c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1293 - Information System Backup | Separate Storage For Critical
+ Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1293"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/87f7cd82-2e45-4d0f-9e2f-586b0962d142","type":"Microsoft.Authorization/policyDefinitions","name":"87f7cd82-2e45-4d0f-9e2f-586b0962d142"},{"properties":{"displayName":"Microsoft
+ Managed Control 1440 - Media Sanitization | Review / Approve / Track / Document
+ / Verify","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1440"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/881299bf-2a5b-4686-a1b2-321d33679953","type":"Microsoft.Authorization/policyDefinitions","name":"881299bf-2a5b-4686-a1b2-321d33679953"},{"properties":{"displayName":"Microsoft
+ Managed Control 1356 - Incident Response Training | Simulated Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1356"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8829f8f5-e8be-441e-85c9-85b72a5d0ef3","type":"Microsoft.Authorization/policyDefinitions","name":"8829f8f5-e8be-441e-85c9-85b72a5d0ef3"},{"properties":{"displayName":"Deploy
prerequisites to audit Linux VMs that have the specified applications installed","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Linux virtual machines
that have the specified applications installed. It also creates a system-assigned
@@ -5392,24 +8046,46 @@ interactions:
names","description":"A semicolon-separated list of the names of the applications
that should not be installed. e.g. ''python; powershell''"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"not_installed_application_linux","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent'',
''='', concat(''packages: ['', replace(parameters(''ApplicationName''), '';'',
- '',''), '']'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"not_installed_application_linux"},"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ApplicationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ '',''), '']'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"not_installed_application_linux"},"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ApplicationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent","value":"[concat(''packages:
- ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent","value":"[concat(''packages:
- ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0","type":"Microsoft.Authorization/policyDefinitions","name":"884b209a-963b-4520-8006-d20cb3c213e0"},{"properties":{"displayName":"Network
+ ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0","type":"Microsoft.Authorization/policyDefinitions","name":"884b209a-963b-4520-8006-d20cb3c213e0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1317 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1317"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8877f519-c166-47b7-81b7-8a8eb4ff3775","type":"Microsoft.Authorization/policyDefinitions","name":"8877f519-c166-47b7-81b7-8a8eb4ff3775"},{"properties":{"displayName":"Microsoft
+ Managed Control 1501 - Rules Of Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1501"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88817b58-8472-4f6c-81fa-58ce42b67f51","type":"Microsoft.Authorization/policyDefinitions","name":"88817b58-8472-4f6c-81fa-58ce42b67f51"},{"properties":{"displayName":"Ensure
+ that ''Java version'' is the latest, if used as a part of the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Java either due to security flaws or to include
+ additional functionality. Using the latest Python version for Api apps is
+ recommended in order to to take advantage of security fixes, if any, and/or
+ new functionalities of the latest version.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ Java version","description":"Latest supported Java version for App Services"},"defaultValue":"11"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"JAVA"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","like":"[concat(''*'',
+ parameters(''JavaLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.javaVersion","like":"[concat(parameters(''JavaLatestVersion''),
+ ''*'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","type":"Microsoft.Authorization/policyDefinitions","name":"88999f4c-376a-45c8-bcb3-4058f713cf39"},{"properties":{"displayName":"Network
interfaces should disable IP forwarding","policyType":"BuiltIn","mode":"Indexed","description":"This
policy denies the network interfaces which enabled IP forwarding. The setting
of IP forwarding disables Azure''s check of the source and destination for
- a network interface. This should be reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"field":"Microsoft.Network/networkInterfaces/enableIpForwarding","equals":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900","type":"Microsoft.Authorization/policyDefinitions","name":"88c0b9da-ce96-4b03-9635-f29a937e2900"},{"properties":{"displayName":"SQL
+ a network interface. This should be reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"field":"Microsoft.Network/networkInterfaces/enableIpForwarding","equals":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900","type":"Microsoft.Authorization/policyDefinitions","name":"88c0b9da-ce96-4b03-9635-f29a937e2900"},{"properties":{"displayName":"Microsoft
+ Managed Control 1215 - Least Functionality","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1215"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88fc93e8-4745-4785-b5a5-b44bb92c44ff","type":"Microsoft.Authorization/policyDefinitions","name":"88fc93e8-4745-4785-b5a5-b44bb92c44ff"},{"properties":{"displayName":"SQL
servers should be configured with auditing retention days greater than 90
days.","policyType":"BuiltIn","mode":"Indexed","description":"Audit SQL servers
configured with an auditing retention period of less than 90 days.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/auditingSettings/retentionDays","greater":90}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","type":"Microsoft.Authorization/policyDefinitions","name":"89099bee-89e0-4b26-a5f4-165451757743"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/auditingSettings/retentionDays","greater":90}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","type":"Microsoft.Authorization/policyDefinitions","name":"89099bee-89e0-4b26-a5f4-165451757743"},{"properties":{"displayName":"Microsoft
+ Managed Control 1411 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1411"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/898d4fe8-f743-4333-86b7-0c9245d93e7d","type":"Microsoft.Authorization/policyDefinitions","name":"898d4fe8-f743-4333-86b7-0c9245d93e7d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1092 - Security Awareness Training | Insider Threat","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1092"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8a29d47b-8604-4667-84ef-90d203fcb305","type":"Microsoft.Authorization/policyDefinitions","name":"8a29d47b-8604-4667-84ef-90d203fcb305"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
System settings''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -5423,19 +8099,60 @@ interactions:
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines with a pending reboot. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8b0de57a-f511-4d45-a277-17cb79cb163b","type":"Microsoft.Authorization/policyDefinitions","name":"8b0de57a-f511-4d45-a277-17cb79cb163b"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8b0de57a-f511-4d45-a277-17cb79cb163b","type":"Microsoft.Authorization/policyDefinitions","name":"8b0de57a-f511-4d45-a277-17cb79cb163b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1534 - Personnel Sanctions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1534"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8b2b263e-cd05-4488-bcbf-4debec7a17d9","type":"Microsoft.Authorization/policyDefinitions","name":"8b2b263e-cd05-4488-bcbf-4debec7a17d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1170 - Penetration Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1170"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8b78b9b3-ee3c-48e0-a243-ed6dba5b7a12","type":"Microsoft.Authorization/policyDefinitions","name":"8b78b9b3-ee3c-48e0-a243-ed6dba5b7a12"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Windows Firewall Properties''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Windows Firewall Properties''. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsFirewallProperties","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8bbd627e-4d25-4906-9a6e-3789780af3ec","type":"Microsoft.Authorization/policyDefinitions","name":"8bbd627e-4d25-4906-9a6e-3789780af3ec"},{"properties":{"displayName":"Require
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsFirewallProperties","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8bbd627e-4d25-4906-9a6e-3789780af3ec","type":"Microsoft.Authorization/policyDefinitions","name":"8bbd627e-4d25-4906-9a6e-3789780af3ec"},{"properties":{"displayName":"Ensure
+ that ''HTTP Version'' is the latest, if used to run the Web app","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.http20Enabled","Equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae","type":"Microsoft.Authorization/policyDefinitions","name":"8c122334-9d20-4eb8-89ea-ac9a705b74ae"},{"properties":{"displayName":"Microsoft
+ Managed Control 1458 - Physical Access Control | Information System Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1458"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8c19ceb7-56e9-4488-8ddb-b1eb3aa6d203","type":"Microsoft.Authorization/policyDefinitions","name":"8c19ceb7-56e9-4488-8ddb-b1eb3aa6d203"},{"properties":{"displayName":"Microsoft
+ Managed Control 1683 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1683"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8c79fee4-88dd-44ce-bbd4-4de88948c4f8","type":"Microsoft.Authorization/policyDefinitions","name":"8c79fee4-88dd-44ce-bbd4-4de88948c4f8"},{"properties":{"displayName":"Latest
+ TLS version should be used in your API App","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
+ to the latest TLS version","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","type":"Microsoft.Authorization/policyDefinitions","name":"8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1316 - Identifier Management | Identify User Status","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1316"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ce14753-66e5-465d-9841-26ef55c09c0d","type":"Microsoft.Authorization/policyDefinitions","name":"8ce14753-66e5-465d-9841-26ef55c09c0d"},{"properties":{"displayName":"Require
tag and its value on resource groups","policyType":"BuiltIn","mode":"All","description":"Enforces
- a required tag and its value on resource groups.","metadata":{"category":"General"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ a required tag and its value on resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
- Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","notEquals":"[parameters(''tagValue'')]"},{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46","type":"Microsoft.Authorization/policyDefinitions","name":"8ce3da23-7156-49e4-b145-24f95f9dcb46"},{"properties":{"displayName":"[Preview]:
+ Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","notEquals":"[parameters(''tagValue'')]"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46","type":"Microsoft.Authorization/policyDefinitions","name":"8ce3da23-7156-49e4-b145-24f95f9dcb46"},{"properties":{"displayName":"Microsoft
+ Managed Control 1324 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1324"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8cfea2b3-7f77-497e-ac20-0752f2ff6eee","type":"Microsoft.Authorization/policyDefinitions","name":"8cfea2b3-7f77-497e-ac20-0752f2ff6eee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1225 - Information System Component Inventory | Automated
+ Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1225"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8d096fe0-f510-4486-8b4d-d17dc230980b","type":"Microsoft.Authorization/policyDefinitions","name":"8d096fe0-f510-4486-8b4d-d17dc230980b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1288 - Information System Backup","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1288"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f","type":"Microsoft.Authorization/policyDefinitions","name":"8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1281 - Telecommunications Services | Priority Of Service Provisions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1281"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8dc459b3-0e77-45af-8d71-cfd8c9654fe2","type":"Microsoft.Authorization/policyDefinitions","name":"8dc459b3-0e77-45af-8d71-cfd8c9654fe2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1250 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1250"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8de614d8-a8b7-4f70-a62a-6d37089a002c","type":"Microsoft.Authorization/policyDefinitions","name":"8de614d8-a8b7-4f70-a62a-6d37089a002c"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - Object Access''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5464,7 +8181,22 @@ interactions:
Detailed File Share;ExpectedValue","value":"[parameters(''AuditDetailedFileShare'')]"},{"name":"Audit
File Share;ExpectedValue","value":"[parameters(''AuditFileShare'')]"},{"name":"Audit
File System;ExpectedValue","value":"[parameters(''AuditFileSystem'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8e170edb-e0f5-497a-bb36-48b3280cec6a","type":"Microsoft.Authorization/policyDefinitions","name":"8e170edb-e0f5-497a-bb36-48b3280cec6a"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8e170edb-e0f5-497a-bb36-48b3280cec6a","type":"Microsoft.Authorization/policyDefinitions","name":"8e170edb-e0f5-497a-bb36-48b3280cec6a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1278 - Alternate Processing Site | Preparation For Use","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1278"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8e5ef485-9e16-4c53-a475-fbb8107eac59","type":"Microsoft.Authorization/policyDefinitions","name":"8e5ef485-9e16-4c53-a475-fbb8107eac59"},{"properties":{"displayName":"Microsoft
+ Managed Control 1517 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1517"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8f5ad423-50d6-4617-b058-69908f5586c9","type":"Microsoft.Authorization/policyDefinitions","name":"8f5ad423-50d6-4617-b058-69908f5586c9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1668 - Flaw Remediation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1668"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8fb0966e-be1d-42c3-baca-60df5c0bcc61","type":"Microsoft.Authorization/policyDefinitions","name":"8fb0966e-be1d-42c3-baca-60df5c0bcc61"},{"properties":{"displayName":"Microsoft
+ Managed Control 1013 - Account Management | Automated System Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1013"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8fd7b917-d83b-4379-af60-51e14e316c61","type":"Microsoft.Authorization/policyDefinitions","name":"8fd7b917-d83b-4379-af60-51e14e316c61"},{"properties":{"displayName":"Microsoft
+ Managed Control 1147 - Security Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1147"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8fef824a-29a8-4a4c-88fc-420a39c0d541","type":"Microsoft.Authorization/policyDefinitions","name":"8fef824a-29a8-4a4c-88fc-420a39c0d541"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not store passwords using
reversible encryption","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5472,14 +8204,17 @@ interactions:
system-assigned managed identity and deploys the VM extension for Guest Configuration.
This policy should only be used along with its corresponding audit policy
in an initiative. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"StorePasswordsUsingReversibleEncryption","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"StorePasswordsUsingReversibleEncryption"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","type":"Microsoft.Authorization/policyDefinitions","name":"8ff0b18b-262e-4512-857a-48ad0aeb9a78"},{"properties":{"displayName":"[Preview]:
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"StorePasswordsUsingReversibleEncryption","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"StorePasswordsUsingReversibleEncryption"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","type":"Microsoft.Authorization/policyDefinitions","name":"8ff0b18b-262e-4512-857a-48ad0aeb9a78"},{"properties":{"displayName":"Microsoft
+ Managed Control 1550 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1550"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/902908fb-25a8-4225-a3a5-5603c80066c9","type":"Microsoft.Authorization/policyDefinitions","name":"902908fb-25a8-4225-a3a5-5603c80066c9"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Windows Firewall
Properties''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5612,7 +8347,10 @@ interactions:
Firewall: Domain: Allow unicast response;ExpectedValue","value":"[parameters(''WindowsFirewallDomainAllowUnicastResponse'')]"},{"name":"Windows
Firewall: Private: Allow unicast response;ExpectedValue","value":"[parameters(''WindowsFirewallPrivateAllowUnicastResponse'')]"},{"name":"Windows
Firewall: Public: Allow unicast response;ExpectedValue","value":"[parameters(''WindowsFirewallPublicAllowUnicastResponse'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/909c958d-1b99-4c74-b88f-46a5c5bc34f9","type":"Microsoft.Authorization/policyDefinitions","name":"909c958d-1b99-4c74-b88f-46a5c5bc34f9"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/909c958d-1b99-4c74-b88f-46a5c5bc34f9","type":"Microsoft.Authorization/policyDefinitions","name":"909c958d-1b99-4c74-b88f-46a5c5bc34f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1133 - Protection Of Audit Information | Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1133"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90b60a09-133d-45bc-86ef-b206a6134bbe","type":"Microsoft.Authorization/policyDefinitions","name":"90b60a09-133d-45bc-86ef-b206a6134bbe"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that do not have the specified Windows
PowerShell modules installed","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5627,26 +8365,47 @@ interactions:
of a module that should be installed by including a comma after the module
name, followed by the desired version. e.g. PSDscResources; SqlServerDsc,
12.0.0.0; ComputerManagementDsc, 6.1.0.0"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellModules","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[PowerShellModules]PowerShellModules1;Modules'',
- ''='', parameters(''Modules'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPowerShellModules"},"Modules":{"value":"[parameters(''Modules'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"Modules":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellModules]PowerShellModules1;Modules","value":"[parameters(''Modules'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellModules]PowerShellModules1;Modules","value":"[parameters(''Modules'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90ba2ee7-4ca8-4673-84d1-c851c50d3baf","type":"Microsoft.Authorization/policyDefinitions","name":"90ba2ee7-4ca8-4673-84d1-c851c50d3baf"},{"properties":{"displayName":"[Preview]:
+ ''='', parameters(''Modules'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPowerShellModules"},"Modules":{"value":"[parameters(''Modules'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"Modules":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellModules]PowerShellModules1;Modules","value":"[parameters(''Modules'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellModules]PowerShellModules1;Modules","value":"[parameters(''Modules'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90ba2ee7-4ca8-4673-84d1-c851c50d3baf","type":"Microsoft.Authorization/policyDefinitions","name":"90ba2ee7-4ca8-4673-84d1-c851c50d3baf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1140 - Audit Generation | System-Wide / Time-Correlated Audit
+ Trail","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1140"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90d8b8ad-8ee3-4db7-913f-2a53fcff5316","type":"Microsoft.Authorization/policyDefinitions","name":"90d8b8ad-8ee3-4db7-913f-2a53fcff5316"},{"properties":{"displayName":"Microsoft
+ Managed Control 1355 - Incident Response Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1355"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90e01f69-3074-4de8-ade7-0fef3e7d83e0","type":"Microsoft.Authorization/policyDefinitions","name":"90e01f69-3074-4de8-ade7-0fef3e7d83e0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1657 - Secure Name / Address Resolution Service (Authoritative
+ Source)","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1657"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90f01329-a100-43c2-af31-098996135d2b","type":"Microsoft.Authorization/policyDefinitions","name":"90f01329-a100-43c2-af31-098996135d2b"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Windows Components''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Windows Components''. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsComponents","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9178b430-2295-406e-bb28-f6a7a2a2f897","type":"Microsoft.Authorization/policyDefinitions","name":"9178b430-2295-406e-bb28-f6a7a2a2f897"},{"properties":{"displayName":"MFA
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsComponents","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9178b430-2295-406e-bb28-f6a7a2a2f897","type":"Microsoft.Authorization/policyDefinitions","name":"9178b430-2295-406e-bb28-f6a7a2a2f897"},{"properties":{"displayName":"Microsoft
+ Managed Control 1069 - Wireless Access | Authentication And Encryption","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1069"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/91c97b44-791e-46e9-bad7-ab7c4949edbb","type":"Microsoft.Authorization/policyDefinitions","name":"91c97b44-791e-46e9-bad7-ab7c4949edbb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1370 - Incident Monitoring | Automated Tracking / Data Collection
+ / Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1370"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/924e1b2d-c502-478f-bfdb-a7e09a0d5c01","type":"Microsoft.Authorization/policyDefinitions","name":"924e1b2d-c502-478f-bfdb-a7e09a0d5c01"},{"properties":{"displayName":"MFA
should be enabled accounts with write permissions on your subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor
Authentication (MFA) should be enabled for all subscription accounts with
write privileges to prevent a breach of accounts or resources.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","type":"Microsoft.Authorization/policyDefinitions","name":"9297c21d-2ed6-4474-b48f-163f75654ce3"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","type":"Microsoft.Authorization/policyDefinitions","name":"9297c21d-2ed6-4474-b48f-163f75654ce3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1290 - Information System Backup","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1290"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/92f85ce9-17b7-49ea-85ee-ea7271ea6b82","type":"Microsoft.Authorization/policyDefinitions","name":"92f85ce9-17b7-49ea-85ee-ea7271ea6b82"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that contain certificates expiring within
the specified number of days","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -5667,26 +8426,60 @@ interactions:
to include","description":"A semicolon-separated list of members that should
be included in the Administrators local group. Ex: Administrator; myUser1;
myUser2"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AdministratorsGroupMembersToInclude","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[LocalGroup]AdministratorsGroup;MembersToInclude'',
- ''='', parameters(''MembersToInclude'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AdministratorsGroupMembersToInclude"},"MembersToInclude":{"value":"[parameters(''MembersToInclude'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"MembersToInclude":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToInclude","value":"[parameters(''MembersToInclude'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToInclude","value":"[parameters(''MembersToInclude'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","type":"Microsoft.Authorization/policyDefinitions","name":"93507a81-10a4-4af0-9ee2-34cf25a96e98"},{"properties":{"displayName":"Allow
- resource creation only in European data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
- resource creation in the following locations only: North Europe, West Europe","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["northeurope","westeurope"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b","type":"Microsoft.Authorization/policyDefinitions","name":"94c19f19-8192-48cd-a11b-e37099d3e36b"},{"properties":{"displayName":"Require
+ ''='', parameters(''MembersToInclude'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AdministratorsGroupMembersToInclude"},"MembersToInclude":{"value":"[parameters(''MembersToInclude'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"MembersToInclude":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToInclude","value":"[parameters(''MembersToInclude'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToInclude","value":"[parameters(''MembersToInclude'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","type":"Microsoft.Authorization/policyDefinitions","name":"93507a81-10a4-4af0-9ee2-34cf25a96e98"},{"properties":{"displayName":"Microsoft
+ Managed Control 1575 - Acquisition Process | Functional Properties Of Security
+ Controls","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1575"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93e1bb73-1b08-4dbe-9c62-8e2e92e7ec41","type":"Microsoft.Authorization/policyDefinitions","name":"93e1bb73-1b08-4dbe-9c62-8e2e92e7ec41"},{"properties":{"displayName":"Microsoft
+ Managed Control 1674 - Flaw Remediation | Time To Remediate Flaws / Benchmarks
+ For Corrective Actions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1674"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93e9e233-dd0a-4bde-aea5-1371bce0e002","type":"Microsoft.Authorization/policyDefinitions","name":"93e9e233-dd0a-4bde-aea5-1371bce0e002"},{"properties":{"displayName":"Microsoft
+ Managed Control 1297 - Information System Recovery And Reconstitution | Restore
+ Within Time Period","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1297"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93fd8af1-c161-4bae-9ba9-f62731f76439","type":"Microsoft.Authorization/policyDefinitions","name":"93fd8af1-c161-4bae-9ba9-f62731f76439"},{"properties":{"displayName":"Microsoft
+ Managed Control 1284 - Telecommunications Services | Provider Contingency
+ Plan","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1284"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/942b3e97-6ae3-410e-a794-c9c999b97c0b","type":"Microsoft.Authorization/policyDefinitions","name":"942b3e97-6ae3-410e-a794-c9c999b97c0b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1379 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1379"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9442dd2c-a07f-46cd-b55a-553b66ba47ca","type":"Microsoft.Authorization/policyDefinitions","name":"9442dd2c-a07f-46cd-b55a-553b66ba47ca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1371 - Incident Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1371"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9447f354-2c85-4700-93b3-ecdc6cb6a417","type":"Microsoft.Authorization/policyDefinitions","name":"9447f354-2c85-4700-93b3-ecdc6cb6a417"},{"properties":{"displayName":"[Deprecated]:
+ Allow resource creation only in European data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ resource creation in the following locations only: North Europe, West Europe","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["northeurope","westeurope"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b","type":"Microsoft.Authorization/policyDefinitions","name":"94c19f19-8192-48cd-a11b-e37099d3e36b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1526 - Access Agreements","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1526"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/953e6261-a05a-44fd-8246-000e1a3edbb9","type":"Microsoft.Authorization/policyDefinitions","name":"953e6261-a05a-44fd-8246-000e1a3edbb9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1163 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1163"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/961663a1-8a91-4e59-b6f5-1eee57c0f49c","type":"Microsoft.Authorization/policyDefinitions","name":"961663a1-8a91-4e59-b6f5-1eee57c0f49c"},{"properties":{"displayName":"Require
specified tag on resource groups","policyType":"BuiltIn","mode":"All","description":"Enforces
- existence of a tag on resource groups.","metadata":{"category":"General"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ existence of a tag on resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/96670d01-0a4d-4649-9c89-2d3abc0a5025","type":"Microsoft.Authorization/policyDefinitions","name":"96670d01-0a4d-4649-9c89-2d3abc0a5025"},{"properties":{"displayName":"Advanced
+ parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/96670d01-0a4d-4649-9c89-2d3abc0a5025","type":"Microsoft.Authorization/policyDefinitions","name":"96670d01-0a4d-4649-9c89-2d3abc0a5025"},{"properties":{"displayName":"Microsoft
+ Managed Control 1717 - Software, Firmware, And Information Integrity | Binary
+ Or Machine Executable Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1717"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef","type":"Microsoft.Authorization/policyDefinitions","name":"967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef"},{"properties":{"displayName":"Advanced
data security settings for SQL server should contain an email address to receive
security alerts","policyType":"BuiltIn","mode":"Indexed","description":"Ensure
that an email address is provided for the ''Send alerts to'' field in the
Advanced Data Security server settings. This email address receives alert
notifications when anomalous activities are detected on SQL servers.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAddresses[*]","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","type":"Microsoft.Authorization/policyDefinitions","name":"9677b740-f641-4f3c-b9c5-466005c85278"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAddresses[*]","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","type":"Microsoft.Authorization/policyDefinitions","name":"9677b740-f641-4f3c-b9c5-466005c85278"},{"properties":{"displayName":"Microsoft
+ Managed Control 1453 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1453"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9693b564-3008-42bc-9d5d-9c7fe198c011","type":"Microsoft.Authorization/policyDefinitions","name":"9693b564-3008-42bc-9d5d-9c7fe198c011"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Adminstrative Templates
- MSS (Legacy)''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -5694,7 +8487,11 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Adminstrative Templates - MSS (Legacy)''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdminstrativeTemplatesMSSLegacy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97646672-5efa-4622-9b54-740270ad60bf","type":"Microsoft.Authorization/policyDefinitions","name":"97646672-5efa-4622-9b54-740270ad60bf"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdminstrativeTemplatesMSSLegacy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97646672-5efa-4622-9b54-740270ad60bf","type":"Microsoft.Authorization/policyDefinitions","name":"97646672-5efa-4622-9b54-740270ad60bf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1607 - Developer Security Testing And Evaluation | Dynamic
+ Code Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1607"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/976a74cf-b192-4d35-8cab-2068f272addb","type":"Microsoft.Authorization/policyDefinitions","name":"976a74cf-b192-4d35-8cab-2068f272addb"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - Policy Change''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -5719,8 +8516,14 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit
Authentication Policy Change;ExpectedValue","value":"[parameters(''AuditAuthenticationPolicyChange'')]"},{"name":"Audit
Authorization Policy Change;ExpectedValue","value":"[parameters(''AuditAuthorizationPolicyChange'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97b595c8-fd10-400e-8543-28e2b9138b13","type":"Microsoft.Authorization/policyDefinitions","name":"97b595c8-fd10-400e-8543-28e2b9138b13"},{"properties":{"displayName":"Allow
- resource creation only in United States data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97b595c8-fd10-400e-8543-28e2b9138b13","type":"Microsoft.Authorization/policyDefinitions","name":"97b595c8-fd10-400e-8543-28e2b9138b13"},{"properties":{"displayName":"Microsoft
+ Managed Control 1136 - Audit Record Retention","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1136"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97ed5bac-a92f-4f6d-a8ed-dc094723597c","type":"Microsoft.Authorization/policyDefinitions","name":"97ed5bac-a92f-4f6d-a8ed-dc094723597c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1378 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1378"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97fceb70-6983-42d0-9331-18ad8253184d","type":"Microsoft.Authorization/policyDefinitions","name":"97fceb70-6983-42d0-9331-18ad8253184d"},{"properties":{"displayName":"[Deprecated]:
+ Allow resource creation only in United States data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation in the following locations only: Central US, East US, East
US2, North Central US, South Central US, West US","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["centralus","eastus","eastus2","northcentralus","southcentralus","westus"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869","type":"Microsoft.Authorization/policyDefinitions","name":"983211ba-f348-4758-983b-21fa29294869"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Administrative
@@ -5749,7 +8552,33 @@ interactions:
insecure guest logons;ExpectedValue","value":"[parameters(''EnableInsecureGuestLogons'')]"},{"name":"Minimize
the number of simultaneous connections to the Internet or a Windows Domain;ExpectedValue","value":"[parameters(''AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain'')]"},{"name":"Turn
off multicast name resolution;ExpectedValue","value":"[parameters(''TurnOffMulticastNameResolution'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/985285b7-b97a-419c-8d48-c88cc934c8d8","type":"Microsoft.Authorization/policyDefinitions","name":"985285b7-b97a-419c-8d48-c88cc934c8d8"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/985285b7-b97a-419c-8d48-c88cc934c8d8","type":"Microsoft.Authorization/policyDefinitions","name":"985285b7-b97a-419c-8d48-c88cc934c8d8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1076 - Use Of External Information Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1076"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/98a4bd5f-6436-46d4-ad00-930b5b1dfed4","type":"Microsoft.Authorization/policyDefinitions","name":"98a4bd5f-6436-46d4-ad00-930b5b1dfed4"},{"properties":{"displayName":"Ensure
+ that ''HTTP Version'' is the latest, if used to run the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for HTTP either due to security flaws or to include
+ additional functionality. Using the latest HTTP version for web apps to take
+ advantage of security fixes, if any, and/or new functionalities of the newer
+ version.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.http20Enabled","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db","type":"Microsoft.Authorization/policyDefinitions","name":"991310cd-e9f3-47bc-b7b6-f57b557d07db"},{"properties":{"displayName":"Microsoft
+ Managed Control 1102 - Audit Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1102"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9943c16a-c54c-4b4a-ad28-bfd938cdbf57","type":"Microsoft.Authorization/policyDefinitions","name":"9943c16a-c54c-4b4a-ad28-bfd938cdbf57"},{"properties":{"displayName":"Microsoft
+ Managed Control 1300 - Identification And Authentication (Organizational Users)","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1300"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/99deec7d-5526-472e-b07c-3645a792026a","type":"Microsoft.Authorization/policyDefinitions","name":"99deec7d-5526-472e-b07c-3645a792026a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1036 - Least Privilege | Non-Privileged Access For Nonsecurity
+ Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1036"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9a16d673-8cf0-4dcf-b1d5-9b3e114fef71","type":"Microsoft.Authorization/policyDefinitions","name":"9a16d673-8cf0-4dcf-b1d5-9b3e114fef71"},{"properties":{"displayName":"FTPS
+ only should be required in your API App","policyType":"BuiltIn","mode":"Indexed","description":"Enable
+ FTPS enforcement for enhanced security","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/ftpsState","equals":"FtpsOnly"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5","type":"Microsoft.Authorization/policyDefinitions","name":"9a1b8c48-453a-4044-86c3-d8bfd823e4f5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1021 - Account Management | Restrictions On Use Of Shared
+ / Group Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1021"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9a3eb0a3-428d-4669-baff-20a14eb4b551","type":"Microsoft.Authorization/policyDefinitions","name":"9a3eb0a3-428d-4669-baff-20a14eb4b551"},{"properties":{"displayName":"Deploy
Diagnostic Settings for Azure SQL Database to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
the diagnostic settings for Azure SQL Database to stream to a regional Event
Hub on any Azure SQL Database which is missing this diagnostic settings is
@@ -5766,35 +8595,111 @@ interactions:
or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"fullName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"resources":[{"type":"Microsoft.Sql/servers/databases/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''fullName''),
''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"QueryStoreRuntimeStatistics","enabled":"[parameters(''logsEnabled'')]"},{"category":"QueryStoreWaitStatistics","enabled":"[parameters(''logsEnabled'')]"},{"category":"Errors","enabled":"[parameters(''logsEnabled'')]"},{"category":"DatabaseWaitStatistics","enabled":"[parameters(''logsEnabled'')]"},{"category":"Blocks","enabled":"[parameters(''logsEnabled'')]"},{"category":"SQLInsights","enabled":"[parameters(''logsEnabled'')]"},{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"SQLSecurityAuditEvents","enabled":"[parameters(''logsEnabled'')]"},{"category":"Timeouts","enabled":"[parameters(''logsEnabled'')]"},{"category":"AutomaticTuning","enabled":"[parameters(''logsEnabled'')]"},{"category":"Deadlocks","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
diagnostic settings for '', parameters(''fullName''))]"}}},"parameters":{"location":{"value":"[field(''location'')]"},"fullName":{"value":"[field(''fullName'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9a7c7a7d-49e5-4213-bea8-6a502b6272e0","type":"Microsoft.Authorization/policyDefinitions","name":"9a7c7a7d-49e5-4213-bea8-6a502b6272e0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1049 - System Use Notification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1049"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9adf7ba7-900a-4f35-8d57-9f34aafc405c","type":"Microsoft.Authorization/policyDefinitions","name":"9adf7ba7-900a-4f35-8d57-9f34aafc405c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1563 - Allocation Of Resources","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1563"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9afe2edf-232c-4fdf-8e6a-e867a5c525fd","type":"Microsoft.Authorization/policyDefinitions","name":"9afe2edf-232c-4fdf-8e6a-e867a5c525fd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1462 - Monitoring Physical Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1462"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9b1f3a9a-13a1-4b40-8420-36bca6fd8c02","type":"Microsoft.Authorization/policyDefinitions","name":"9b1f3a9a-13a1-4b40-8420-36bca6fd8c02"},{"properties":{"displayName":"Microsoft
IaaSAntimalware extension should be deployed on Windows servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Windows server VM without Microsoft IaaSAntimalware extension
deployed.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk"]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","type":"Microsoft.Authorization/policyDefinitions","name":"9b597639-28e4-48eb-b506-56b05d366257"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk"]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","type":"Microsoft.Authorization/policyDefinitions","name":"9b597639-28e4-48eb-b506-56b05d366257"},{"properties":{"displayName":"Microsoft
+ Managed Control 1236 - Software Usage Restrictions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1236"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ba3ed84-c768-4e18-b87c-34ef1aff1b57","type":"Microsoft.Authorization/policyDefinitions","name":"9ba3ed84-c768-4e18-b87c-34ef1aff1b57"},{"properties":{"displayName":"Microsoft
+ Managed Control 1525 - Personnel Transfer","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1525"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9be2f688-7a61-45e3-8230-e1ec93893f66","type":"Microsoft.Authorization/policyDefinitions","name":"9be2f688-7a61-45e3-8230-e1ec93893f66"},{"properties":{"displayName":"[Deprecated]:
Audit API Applications that are not using latest supported Java Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported Java version for the latest security classes. Using older
classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745","type":"Microsoft.Authorization/policyDefinitions","name":"9bfe3727-0a17-471f-a2fe-eddd6b668745"},{"properties":{"displayName":"Access
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745","type":"Microsoft.Authorization/policyDefinitions","name":"9bfe3727-0a17-471f-a2fe-eddd6b668745"},{"properties":{"displayName":"Microsoft
+ Managed Control 1138 - Audit Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1138"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9c284fc0-268a-4f29-af44-3c126674edb4","type":"Microsoft.Authorization/policyDefinitions","name":"9c284fc0-268a-4f29-af44-3c126674edb4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1135 - Non-Repudiation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1135"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9c308b6b-2429-4b97-86cf-081b8e737b04","type":"Microsoft.Authorization/policyDefinitions","name":"9c308b6b-2429-4b97-86cf-081b8e737b04"},{"properties":{"displayName":"Microsoft
+ Managed Control 1489 - Location Of Information System Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1489"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d0a794f-1444-4c96-9534-e35fc8c39c91","type":"Microsoft.Authorization/policyDefinitions","name":"9d0a794f-1444-4c96-9534-e35fc8c39c91"},{"properties":{"displayName":"Ensure
+ that ''Java version'' is the latest, if used as a part of the Funtion app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Java software either due to security flaws
+ or to include additional functionality. Using the latest Java version for
+ Function apps is recommended in order to to take advantage of security fixes,
+ if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ Java version","description":"Latest supported Java version for App Services"},"defaultValue":"11"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"JAVA"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","like":"[concat(''*'',
+ parameters(''JavaLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.javaVersion","like":"[concat(parameters(''JavaLatestVersion''),
+ ''*'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","type":"Microsoft.Authorization/policyDefinitions","name":"9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1322 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1322"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d1d971e-467e-4278-9633-c74c3d4fecc4","type":"Microsoft.Authorization/policyDefinitions","name":"9d1d971e-467e-4278-9633-c74c3d4fecc4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1233 - Configuration Management Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1233"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d79001f-95fe-45d0-8736-f217e78c1f57","type":"Microsoft.Authorization/policyDefinitions","name":"9d79001f-95fe-45d0-8736-f217e78c1f57"},{"properties":{"displayName":"Microsoft
+ Managed Control 1305 - Identification And Authentication (Org. Users) | Group
+ Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1305"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d9166a8-1722-4b8f-847c-2cf3f2618b3d","type":"Microsoft.Authorization/policyDefinitions","name":"9d9166a8-1722-4b8f-847c-2cf3f2618b3d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1259 - Contingency Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1259"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d9e18f7-bad9-4d30-8806-a0c9d5e26208","type":"Microsoft.Authorization/policyDefinitions","name":"9d9e18f7-bad9-4d30-8806-a0c9d5e26208"},{"properties":{"displayName":"Access
through Internet facing endpoint should be restricted","policyType":"BuiltIn","mode":"All","description":"Azure
Security center has identified some of your Network Security Groups'' inbound
rules to be too permissive. Inbound rules should not allow access from ''Any''
or ''Internet'' ranges. This can potentially enable attackers to easily target
your resources.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedNetworkEndpoint","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","type":"Microsoft.Authorization/policyDefinitions","name":"9daedab3-fb2d-461e-b861-71790eead4f6"},{"properties":{"displayName":"Append
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedNetworkEndpoint","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","type":"Microsoft.Authorization/policyDefinitions","name":"9daedab3-fb2d-461e-b861-71790eead4f6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1500 - Rules Of Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1500"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9dd5b241-03cb-47d3-a5cd-4b89f9c53c92","type":"Microsoft.Authorization/policyDefinitions","name":"9dd5b241-03cb-47d3-a5cd-4b89f9c53c92"},{"properties":{"displayName":"Microsoft
+ Managed Control 1482 - Temperature And Humidity Controls | Monitoring With
+ Alarms / Notifications","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1482"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9df4277e-8c88-4d5c-9b1a-541d53d15d7b","type":"Microsoft.Authorization/policyDefinitions","name":"9df4277e-8c88-4d5c-9b1a-541d53d15d7b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1553 - Vulnerability Scanning | Breadth / Depth Of Coverage","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1553"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9e5225fe-cdfb-4fce-9aec-0fe20dd53b62","type":"Microsoft.Authorization/policyDefinitions","name":"9e5225fe-cdfb-4fce-9aec-0fe20dd53b62"},{"properties":{"displayName":"Microsoft
+ Managed Control 1490 - Security Planning Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1490"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9e61da80-0957-4892-b70c-609d5eaafb6b","type":"Microsoft.Authorization/policyDefinitions","name":"9e61da80-0957-4892-b70c-609d5eaafb6b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1504 - Information Security Architecture","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1504"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9e7c35d0-12d4-4e0c-80a2-8a352537aefd","type":"Microsoft.Authorization/policyDefinitions","name":"9e7c35d0-12d4-4e0c-80a2-8a352537aefd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1609 - Development Process, Standards, And Tools","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1609"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9e93fa71-42ac-41a7-b177-efbfdc53c69f","type":"Microsoft.Authorization/policyDefinitions","name":"9e93fa71-42ac-41a7-b177-efbfdc53c69f"},{"properties":{"displayName":"Append
tag and its value from the resource group","policyType":"BuiltIn","mode":"Indexed","description":"Appends
the specified tag with its value from the resource group when any resource
which is missing this tag is created or updated. Does not modify the tags
of resources created before this policy was applied until those resources
- are changed.","metadata":{"category":"General"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ are changed. New ''modify'' effect policies are available that support remediation
+ of tags on existing resources (see https://aka.ms/modifydoc).","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"allOf":[{"field":"[concat(''tags['',
parameters(''tagName''), '']'')]","exists":"false"},{"value":"[resourceGroup().tags[parameters(''tagName'')]]","notEquals":""}]},"then":{"effect":"append","details":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[resourceGroup().tags[parameters(''tagName'')]]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ea02ca2-71db-412d-8b00-7c7ca9fcd32d","type":"Microsoft.Authorization/policyDefinitions","name":"9ea02ca2-71db-412d-8b00-7c7ca9fcd32d"},{"properties":{"displayName":"Show
+ parameters(''tagName''), '']'')]","value":"[resourceGroup().tags[parameters(''tagName'')]]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ea02ca2-71db-412d-8b00-7c7ca9fcd32d","type":"Microsoft.Authorization/policyDefinitions","name":"9ea02ca2-71db-412d-8b00-7c7ca9fcd32d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1494 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1494"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ed09d84-3311-4853-8b67-2b55dfa33d09","type":"Microsoft.Authorization/policyDefinitions","name":"9ed09d84-3311-4853-8b67-2b55dfa33d09"},{"properties":{"displayName":"Microsoft
+ Managed Control 1514 - Personnel Screening | Information With Special Protection
+ Measures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1514"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ed5ca00-0e43-434e-a018-7aab91461ba7","type":"Microsoft.Authorization/policyDefinitions","name":"9ed5ca00-0e43-434e-a018-7aab91461ba7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1187 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1187"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9f2b2f9e-4ba6-46c3-907f-66db138b6f85","type":"Microsoft.Authorization/policyDefinitions","name":"9f2b2f9e-4ba6-46c3-907f-66db138b6f85"},{"properties":{"displayName":"Show
audit results from Windows VMs that are not set to the specified time zone","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that are not set to the specified time zone.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsTimeZone","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9f658460-46b7-43af-8565-94fc0662be38","type":"Microsoft.Authorization/policyDefinitions","name":"9f658460-46b7-43af-8565-94fc0662be38"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsTimeZone","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9f658460-46b7-43af-8565-94fc0662be38","type":"Microsoft.Authorization/policyDefinitions","name":"9f658460-46b7-43af-8565-94fc0662be38"},{"properties":{"displayName":"Microsoft
+ Managed Control 1354 - Incident Response Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1354"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9fd92c17-163a-4511-bb96-bbb476449796","type":"Microsoft.Authorization/policyDefinitions","name":"9fd92c17-163a-4511-bb96-bbb476449796"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs on which the Log Analytics agent is not
connected as expected","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -5802,14 +8707,22 @@ interactions:
auditing Windows virtual machines on which the Log Analytics agent is not
connected to the specified workspaces. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsLogAnalyticsAgentConnection","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a030a57e-4639-4e8f-ade9-a92f33afe7ee","type":"Microsoft.Authorization/policyDefinitions","name":"a030a57e-4639-4e8f-ade9-a92f33afe7ee"},{"properties":{"displayName":"Allowed
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsLogAnalyticsAgentConnection","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a030a57e-4639-4e8f-ade9-a92f33afe7ee","type":"Microsoft.Authorization/policyDefinitions","name":"a030a57e-4639-4e8f-ade9-a92f33afe7ee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1145 - Security Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1145"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a0724970-9c75-4a64-a225-a28002953f28","type":"Microsoft.Authorization/policyDefinitions","name":"a0724970-9c75-4a64-a225-a28002953f28"},{"properties":{"displayName":"Allowed
resource types","policyType":"BuiltIn","mode":"Indexed","description":"This
policy enables you to specify the resource types that your organization can
deploy. Only resource types that support ''tags'' and ''location'' will be
affected by this policy. To restrict all resources please duplicate this policy
and change the ''mode'' to ''All''.","metadata":{"category":"General"},"parameters":{"listOfResourceTypesAllowed":{"type":"Array","metadata":{"description":"The
list of resource types that can be deployed.","displayName":"Allowed resource
- types","strongType":"resourceTypes"}}},"policyRule":{"if":{"not":{"field":"type","in":"[parameters(''listOfResourceTypesAllowed'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c","type":"Microsoft.Authorization/policyDefinitions","name":"a08ec900-254a-4555-9bf5-e42af04b5c5c"},{"properties":{"displayName":"Security
+ types","strongType":"resourceTypes"}}},"policyRule":{"if":{"not":{"field":"type","in":"[parameters(''listOfResourceTypesAllowed'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c","type":"Microsoft.Authorization/policyDefinitions","name":"a08ec900-254a-4555-9bf5-e42af04b5c5c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1245 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1245"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a0e45314-57b8-4623-80cd-bbb561f59516","type":"Microsoft.Authorization/policyDefinitions","name":"a0e45314-57b8-4623-80cd-bbb561f59516"},{"properties":{"displayName":"Microsoft
+ Managed Control 1406 - Maintenance Tools | Inspect Media","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1406"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a0f5339c-9292-43aa-a0bc-d27c6b8e30aa","type":"Microsoft.Authorization/policyDefinitions","name":"a0f5339c-9292-43aa-a0bc-d27c6b8e30aa"},{"properties":{"displayName":"Security
Center standard pricing tier should be selected","policyType":"BuiltIn","mode":"All","description":"The
standard pricing tier enables threat detection for networks and virtual machines,
providing threat intelligence, anomaly detection, and behavior analytics in
@@ -5822,20 +8735,72 @@ interactions:
security model, you shoud create access policies at the entity level for queues
and topics to provide access to only the specific entity","metadata":{"category":"Service
Bus"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceBus/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","type":"Microsoft.Authorization/policyDefinitions","name":"a1817ec0-a368-432a-8057-8371e17ac6ee"},{"properties":{"displayName":"[Preview]:
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceBus/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","type":"Microsoft.Authorization/policyDefinitions","name":"a1817ec0-a368-432a-8057-8371e17ac6ee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1265 - Contingency Plan Testing | Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1265"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a18adb5b-1db6-4a5b-901a-7d3797d12972","type":"Microsoft.Authorization/policyDefinitions","name":"a18adb5b-1db6-4a5b-901a-7d3797d12972"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Logic Apps to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Logic Apps to stream to a regional Event Hub when
+ any Logic Apps which is missing this diagnostic settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Logic/workflows/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"WorkflowRuntime","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1dae6c7-13f3-48ea-a149-ff8442661f60","type":"Microsoft.Authorization/policyDefinitions","name":"a1dae6c7-13f3-48ea-a149-ff8442661f60"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Administrative Templates
- System''","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Administrative
Templates - System''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1e8dda3-9fd2-4835-aec3-0e55531fde33","type":"Microsoft.Authorization/policyDefinitions","name":"a1e8dda3-9fd2-4835-aec3-0e55531fde33"},{"properties":{"displayName":"Show
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1e8dda3-9fd2-4835-aec3-0e55531fde33","type":"Microsoft.Authorization/policyDefinitions","name":"a1e8dda3-9fd2-4835-aec3-0e55531fde33"},{"properties":{"displayName":"Microsoft
+ Managed Control 1612 - Developer Security Architecture And Design","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1612"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2037b3d-8b04-4171-8610-e6d4f1d08db5","type":"Microsoft.Authorization/policyDefinitions","name":"a2037b3d-8b04-4171-8610-e6d4f1d08db5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1197 - Configuration Change Control | Test / Validate / Document
+ Changes","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1197"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a20d2eaa-88e2-4907-96a2-8f3a05797e5c","type":"Microsoft.Authorization/policyDefinitions","name":"a20d2eaa-88e2-4907-96a2-8f3a05797e5c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1275 - Alternate Processing Site | Separation From Primary
+ Site","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1275"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a23d9d53-ad2e-45ef-afd5-e6d10900a737","type":"Microsoft.Authorization/policyDefinitions","name":"a23d9d53-ad2e-45ef-afd5-e6d10900a737"},{"properties":{"displayName":"Microsoft
+ Managed Control 1690 - Information System Monitoring | System-Wide Intrusion
+ Detection System","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1690"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2567a23-d1c3-4783-99f3-d471302a4d6b","type":"Microsoft.Authorization/policyDefinitions","name":"a2567a23-d1c3-4783-99f3-d471302a4d6b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1410 - Maintenance Tools | Prevent Unauthorized Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1410"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2596a9f-e59f-420d-9625-6e0b536348be","type":"Microsoft.Authorization/policyDefinitions","name":"a2596a9f-e59f-420d-9625-6e0b536348be"},{"properties":{"displayName":"Microsoft
+ Managed Control 1059 - Remote Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1059"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a29b5d9f-4953-4afe-b560-203a6410b6b4","type":"Microsoft.Authorization/policyDefinitions","name":"a29b5d9f-4953-4afe-b560-203a6410b6b4"},{"properties":{"displayName":"Show
audit results from Windows VMs that are not joined to the specified domain","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that are not joined to the specified domain.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDomainMembership","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a29ee95c-0395-4515-9851-cc04ffe82a91","type":"Microsoft.Authorization/policyDefinitions","name":"a29ee95c-0395-4515-9851-cc04ffe82a91"},{"properties":{"displayName":"Audit
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDomainMembership","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a29ee95c-0395-4515-9851-cc04ffe82a91","type":"Microsoft.Authorization/policyDefinitions","name":"a29ee95c-0395-4515-9851-cc04ffe82a91"},{"properties":{"displayName":"Microsoft
+ Managed Control 1532 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1532"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2c66299-9017-4d95-8040-8bdbf7901d52","type":"Microsoft.Authorization/policyDefinitions","name":"a2c66299-9017-4d95-8040-8bdbf7901d52"},{"properties":{"displayName":"Microsoft
+ Managed Control 1664 - Protection Of Information At Rest | Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1664"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2cdf6b8-9505-4619-b579-309ba72037ac","type":"Microsoft.Authorization/policyDefinitions","name":"a2cdf6b8-9505-4619-b579-309ba72037ac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1252 - Contingency Plan | Capacity Planning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1252"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a328fd72-8ff5-4f96-8c9c-b30ed95db4ab","type":"Microsoft.Authorization/policyDefinitions","name":"a328fd72-8ff5-4f96-8c9c-b30ed95db4ab"},{"properties":{"displayName":"Microsoft
+ Managed Control 1238 - User-Installed Software","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1238"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1","type":"Microsoft.Authorization/policyDefinitions","name":"a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1693 - Information System Monitoring | System-Generated Alerts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1693"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a450eba6-2efc-4a00-846a-5804a93c6b77","type":"Microsoft.Authorization/policyDefinitions","name":"a450eba6-2efc-4a00-846a-5804a93c6b77"},{"properties":{"displayName":"Audit
usage of custom RBAC rules","policyType":"BuiltIn","mode":"All","description":"Audit
built-in roles such as ''Owner, Contributer, Reader'' instead of custom RBAC
roles, which are error prone. Using custom roles is treated as an exception
@@ -5844,28 +8809,63 @@ interactions:
Application should only be accessible over HTTPS","policyType":"BuiltIn","mode":"Indexed","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","type":"Microsoft.Authorization/policyDefinitions","name":"a4af4a39-4135-47fb-b175-47fbdf85311d"},{"properties":{"displayName":"Auditing
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","type":"Microsoft.Authorization/policyDefinitions","name":"a4af4a39-4135-47fb-b175-47fbdf85311d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1617 - Application Partitioning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1617"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a631d8f5-eb81-4f9d-9ee1-74431371e4a3","type":"Microsoft.Authorization/policyDefinitions","name":"a631d8f5-eb81-4f9d-9ee1-74431371e4a3"},{"properties":{"displayName":"Auditing
should be enabled on advanced data security settings on SQL Server","policyType":"BuiltIn","mode":"Indexed","description":"Auditing
tracks database events and writes them to an audit log in the Azure storage
account. It also helps to maintain regulatory compliance, understand database
activity, and gain insight into discrepancies and anomalies that could indicate
business concerns or suspected security violations.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"setting":{"type":"String","metadata":{"displayName":"Desired
- Auditing setting"},"allowedValues":["enabled","disabled"],"defaultValue":"enabled"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"field":"Microsoft.Sql/auditingSettings.state","equals":"[parameters(''setting'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","type":"Microsoft.Authorization/policyDefinitions","name":"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9"},{"properties":{"displayName":"DDoS
+ Auditing setting"},"allowedValues":["enabled","disabled"],"defaultValue":"enabled"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"field":"Microsoft.Sql/auditingSettings.state","equals":"[parameters(''setting'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","type":"Microsoft.Authorization/policyDefinitions","name":"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9"},{"properties":{"displayName":"The
+ Log Analytics agent should be installed on virtual machines","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Windows/Linux virtual machines if the Log Analytics agent
+ is not installed.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","in":["MicrosoftMonitoringAgent","OmsAgentForLinux"]},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"},{"field":"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be","type":"Microsoft.Authorization/policyDefinitions","name":"a70ca396-0a34-413a-88e1-b956c1e683be"},{"properties":{"displayName":"Microsoft
+ Managed Control 1431 - Media Storage","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1431"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7173c52-2b99-4696-a576-63dd5f970ef4","type":"Microsoft.Authorization/policyDefinitions","name":"a7173c52-2b99-4696-a576-63dd5f970ef4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1644 - Cryptographic Key Establishment And Management | Availability","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1644"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7211477-c970-446b-b4af-062f37461147","type":"Microsoft.Authorization/policyDefinitions","name":"a7211477-c970-446b-b4af-062f37461147"},{"properties":{"displayName":"Microsoft
+ Managed Control 1027 - Access Enforcement","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1027"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c","type":"Microsoft.Authorization/policyDefinitions","name":"a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c"},{"properties":{"displayName":"DDoS
Protection Standard should be enabled","policyType":"BuiltIn","mode":"All","description":"DDoS
protection standard should be enabled for all virtual networks with a subnet
that is part of an application gateway with a public IP.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"microsoft.network/virtualNetworks"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableDDoSProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","type":"Microsoft.Authorization/policyDefinitions","name":"a7aca53f-2ed4-4466-a25e-0b45ade68efd"},{"properties":{"displayName":"Require
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"microsoft.network/virtualNetworks"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableDDoSProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","type":"Microsoft.Authorization/policyDefinitions","name":"a7aca53f-2ed4-4466-a25e-0b45ade68efd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1570 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1570"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7fcf38d-bb09-4600-be7d-825046eb162a","type":"Microsoft.Authorization/policyDefinitions","name":"a7fcf38d-bb09-4600-be7d-825046eb162a"},{"properties":{"displayName":"Require
encryption on Data Lake Store accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
policy ensures encryption is enabled on all Data Lake Store accounts","metadata":{"category":"Data
- Lake"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},{"field":"Microsoft.DataLakeStore/accounts/encryptionState","equals":"Disabled"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"a7ff3161-0087-490a-9ad9-ad6217f4f43a"},{"properties":{"displayName":"[Deprecated]
+ Lake"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},{"field":"Microsoft.DataLakeStore/accounts/encryptionState","equals":"Disabled"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"a7ff3161-0087-490a-9ad9-ad6217f4f43a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1295 - Information System Recovery And Reconstitution","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1295"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a895fbdb-204d-4302-9689-0a59dc42b3d9","type":"Microsoft.Authorization/policyDefinitions","name":"a895fbdb-204d-4302-9689-0a59dc42b3d9"},{"properties":{"displayName":"[Deprecated]
Monitor unencrypted SQL databases in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Unencrypted
SQL databases will be monitored by Azure Security Center as recommendations.
This policy is deprecated and replaced by the following policy: Transparent
Data Encryption on SQL databases should be enabled''","metadata":{"category":"Security
Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16","type":"Microsoft.Authorization/policyDefinitions","name":"a8bef009-a5c9-4d0f-90d7-6018734e8a16"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16","type":"Microsoft.Authorization/policyDefinitions","name":"a8bef009-a5c9-4d0f-90d7-6018734e8a16"},{"properties":{"displayName":"Microsoft
+ Managed Control 1283 - Telecommunications Services | Separation Of Primary
+ / Alternate Providers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1283"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9172e76-7f56-46e9-93bf-75d69bdb5491","type":"Microsoft.Authorization/policyDefinitions","name":"a9172e76-7f56-46e9-93bf-75d69bdb5491"},{"properties":{"displayName":"Microsoft
+ Managed Control 1400 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1400"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a96d5098-a604-4cdf-90b1-ef6449a27424","type":"Microsoft.Authorization/policyDefinitions","name":"a96d5098-a604-4cdf-90b1-ef6449a27424"},{"properties":{"displayName":"Microsoft
+ Managed Control 1118 - Audit Review, Analysis, And Reporting | Correlate Audit
+ Repositories","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1118"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a96f743d-a195-420d-983a-08aa06bc441e","type":"Microsoft.Authorization/policyDefinitions","name":"a96f743d-a195-420d-983a-08aa06bc441e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1199 - Configuration Change Control | Cryptography Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1199"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9a08d1c-09b1-48f1-90ea-029bbdf7111e","type":"Microsoft.Authorization/policyDefinitions","name":"a9a08d1c-09b1-48f1-90ea-029bbdf7111e"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Detailed Tracking''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -5878,38 +8878,100 @@ interactions:
policy creates a network watcher resource in regions with virtual networks.
You need to ensure existence of a resource group named networkWatcherRG, which
will be used to deploy network watcher instances.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/virtualNetworks"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Network/networkWatchers","resourceGroupName":"networkWatcherRG","existenceCondition":{"field":"location","equals":"[field(''location'')]"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json","contentVersion":"1.0.0.0","parameters":{"location":{"type":"string"}},"resources":[{"apiVersion":"2016-09-01","type":"Microsoft.Network/networkWatchers","name":"[concat(''networkWatcher_'',
- parameters(''location''))]","location":"[parameters(''location'')]"}]},"parameters":{"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9","type":"Microsoft.Authorization/policyDefinitions","name":"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9"},{"properties":{"displayName":"MFA
+ parameters(''location''))]","location":"[parameters(''location'')]"}]},"parameters":{"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9","type":"Microsoft.Authorization/policyDefinitions","name":"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1511 - Personnel Screening","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1511"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9eae324-d327-4539-9293-b48e122465f8","type":"Microsoft.Authorization/policyDefinitions","name":"a9eae324-d327-4539-9293-b48e122465f8"},{"properties":{"displayName":"MFA
should be enabled on accounts with owner permissions on your subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor
Authentication (MFA) should be enabled for all subscription accounts with
owner permissions to prevent a breach of accounts or resources.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","type":"Microsoft.Authorization/policyDefinitions","name":"aa633080-8b72-40c4-a2d7-d00c03e80bed"},{"properties":{"displayName":"Automatic
- provisioning of security monitoring agent","policyType":"BuiltIn","mode":"All","description":"Installs
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","type":"Microsoft.Authorization/policyDefinitions","name":"aa633080-8b72-40c4-a2d7-d00c03e80bed"},{"properties":{"displayName":"Ensure
+ that Register with Azure Active Directory is enabled on WEB App","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aa81768c-cb87-4ce2-bfaa-00baa10d760c","type":"Microsoft.Authorization/policyDefinitions","name":"aa81768c-cb87-4ce2-bfaa-00baa10d760c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1539 - Security Categorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1539"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aabb155f-e7a5-4896-a767-e918bfae2ee0","type":"Microsoft.Authorization/policyDefinitions","name":"aabb155f-e7a5-4896-a767-e918bfae2ee0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1006 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1006"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aae8d54c-4bce-4c04-b3aa-5b65b67caac8","type":"Microsoft.Authorization/policyDefinitions","name":"aae8d54c-4bce-4c04-b3aa-5b65b67caac8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1461 - Monitoring Physical Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1461"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aafef03e-fea8-470b-88fa-54bd1fcd7064","type":"Microsoft.Authorization/policyDefinitions","name":"aafef03e-fea8-470b-88fa-54bd1fcd7064"},{"properties":{"displayName":"Microsoft
+ Managed Control 1073 - Access Control For Mobile Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1073"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ab55cdb0-c7dd-4bd8-ae22-a7cea7594e9c","type":"Microsoft.Authorization/policyDefinitions","name":"ab55cdb0-c7dd-4bd8-ae22-a7cea7594e9c"},{"properties":{"displayName":"Ensure
+ that ''PHP version'' is the latest, if used as a part of the Function app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for PHP software either due to security flaws
+ or to include additional functionality. Using the latest PHP version for Function
+ apps is recommended in order to to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ PHP version","description":"Latest supported PHP version for App Services"},"defaultValue":"7.3"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PHP"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PHP|'',
+ parameters(''PHPLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":"[parameters(''PHPLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ab965db2-d2bf-4b64-8b39-c38ec8179461","type":"Microsoft.Authorization/policyDefinitions","name":"ab965db2-d2bf-4b64-8b39-c38ec8179461"},{"properties":{"displayName":"[Deprecated]:
+ Automatic provisioning of security monitoring agent","policyType":"BuiltIn","mode":"All","description":"Installs
security agent on VMs for advanced security alerts and preventions in Azure
Security Center. Applies only for subscriptions that use Azure Security Center.","metadata":{"category":"Security
- Center","deprecated":true},"parameters":{},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Security/complianceResults","name":"securityAgent","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24","type":"Microsoft.Authorization/policyDefinitions","name":"abcc6037-1fc4-47f6-aac5-89706589be24"},{"properties":{"displayName":"Advanced
+ Center","deprecated":true},"parameters":{},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Security/complianceResults","name":"securityAgent","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24","type":"Microsoft.Authorization/policyDefinitions","name":"abcc6037-1fc4-47f6-aac5-89706589be24"},{"properties":{"displayName":"Microsoft
+ Managed Control 1323 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1323"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abe8f70b-680f-470c-9b86-a7edfb664ecc","type":"Microsoft.Authorization/policyDefinitions","name":"abe8f70b-680f-470c-9b86-a7edfb664ecc"},{"properties":{"displayName":"Advanced
data security should be enabled on your SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"Audit
SQL servers without Advanced Data Security","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/state","equals":"Enabled"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","type":"Microsoft.Authorization/policyDefinitions","name":"abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9"},{"properties":{"displayName":"Advanced
data security should be enabled on your SQL managed instances","policyType":"BuiltIn","mode":"Indexed","description":"Audit
SQL managed instances without Advanced Data Security","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/state","equals":"Enabled"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","type":"Microsoft.Authorization/policyDefinitions","name":"abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/state","equals":"Enabled"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","type":"Microsoft.Authorization/policyDefinitions","name":"abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1056 - Session Termination | User-Initiated Logouts / Message
+ Displays","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1056"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac43352f-df83-4694-8738-cfce549fd08d","type":"Microsoft.Authorization/policyDefinitions","name":"ac43352f-df83-4694-8738-cfce549fd08d"},{"properties":{"displayName":"[Preview]:
Role-Based Access Control (RBAC) should be used on Kubernetes Services","policyType":"BuiltIn","mode":"All","description":"To
provide granular filtering on the actions that users can perform, use Role-Based
Access Control (RBAC) to manage permissions in Kubernetes Service Clusters
and configure relevant authorization policies.","metadata":{"category":"Security
Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/enableRBAC","exists":"false"},{"field":"Microsoft.ContainerService/managedClusters/enableRBAC","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","type":"Microsoft.Authorization/policyDefinitions","name":"ac4a19c2-fa67-49b4-8ae5-0b2e78c49457"},{"properties":{"displayName":"Allow
- resource creation if ''environment'' tag value in allowed values","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/enableRBAC","exists":"false"},{"field":"Microsoft.ContainerService/managedClusters/enableRBAC","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","type":"Microsoft.Authorization/policyDefinitions","name":"ac4a19c2-fa67-49b4-8ae5-0b2e78c49457"},{"properties":{"displayName":"[Deprecated]:
+ Allow resource creation if ''environment'' tag value in allowed values","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation if the ''environment'' tag is set to one of the following
- values: production, dev, test, staging","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags.environment","in":["production","dev","test","staging"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9","type":"Microsoft.Authorization/policyDefinitions","name":"ac7e5fc0-c029-4b12-91d4-a8500ce697f9"},{"properties":{"displayName":"Email
+ values: production, dev, test, staging","metadata":{"category":"Tags","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags[''environment'']","in":["production","dev","test","staging"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9","type":"Microsoft.Authorization/policyDefinitions","name":"ac7e5fc0-c029-4b12-91d4-a8500ce697f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1569 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1569"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ad2f8e61-a564-4dfd-8eaa-816f5be8cb34","type":"Microsoft.Authorization/policyDefinitions","name":"ad2f8e61-a564-4dfd-8eaa-816f5be8cb34"},{"properties":{"displayName":"Microsoft
+ Managed Control 1454 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1454"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ad58985d-ab32-4f99-8bd3-b7e134c90229","type":"Microsoft.Authorization/policyDefinitions","name":"ad58985d-ab32-4f99-8bd3-b7e134c90229"},{"properties":{"displayName":"Microsoft
+ Managed Control 1025 - Account Management | Account Monitoring / Atypical
+ Usage","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1025"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/adfe020d-0a97-45f4-a39c-696ef99f3a95","type":"Microsoft.Authorization/policyDefinitions","name":"adfe020d-0a97-45f4-a39c-696ef99f3a95"},{"properties":{"displayName":"Microsoft
+ Managed Control 1272 - Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1272"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8","type":"Microsoft.Authorization/policyDefinitions","name":"ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8"},{"properties":{"displayName":"SQL
+ Server should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any SQL Server not configured to use a virtual network service
+ endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/virtualNetworkRules","existenceCondition":{"field":"Microsoft.Sql/servers/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ae5d2f14-d830-42b6-9899-df6cfe9c71a3","type":"Microsoft.Authorization/policyDefinitions","name":"ae5d2f14-d830-42b6-9899-df6cfe9c71a3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1598 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1598"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ae7e1f5e-2d63-4b38-91ef-bce14151cce3","type":"Microsoft.Authorization/policyDefinitions","name":"ae7e1f5e-2d63-4b38-91ef-bce14151cce3"},{"properties":{"displayName":"Email
notifications to admins and subscription owners should be enabled in SQL managed
instance advanced data security settings","policyType":"BuiltIn","mode":"Indexed","description":"Audit
that ''email notification to admins and subscription owners'' is enabled in
the SQL managed instance advanced threat protection settings. This ensures
that any detections of anomalous activities on SQL managed instance are reported
as soon as possible to the admins.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","type":"Microsoft.Authorization/policyDefinitions","name":"aeb23562-188d-47cb-80b8-551f16ef9fff"},{"properties":{"displayName":"Monitor
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","type":"Microsoft.Authorization/policyDefinitions","name":"aeb23562-188d-47cb-80b8-551f16ef9fff"},{"properties":{"displayName":"Microsoft
+ Managed Control 1413 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1413"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aeedddb6-6bc0-42d5-809b-80048033419d","type":"Microsoft.Authorization/policyDefinitions","name":"aeedddb6-6bc0-42d5-809b-80048033419d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1710 - Security Function Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1710"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/af2a93c8-e6dd-4c94-acdd-4a2eedfc478e","type":"Microsoft.Authorization/policyDefinitions","name":"af2a93c8-e6dd-4c94-acdd-4a2eedfc478e"},{"properties":{"displayName":"Monitor
missing Endpoint Protection in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Servers
without an installed Endpoint Protection agent will be monitored by Azure
Security Center as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -5919,22 +8981,50 @@ interactions:
Security Center as recommendations. This policy is deprecated and replaced
by the following policy: ''Auditing should be enabled on advanced data security
settings on SQL Server''","metadata":{"category":"Security Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"auditing","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d","type":"Microsoft.Authorization/policyDefinitions","name":"af8051bf-258b-44e2-a2bf-165330459f9d"},{"properties":{"displayName":"Activity
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"auditing","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d","type":"Microsoft.Authorization/policyDefinitions","name":"af8051bf-258b-44e2-a2bf-165330459f9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1645 - Cryptographic Key Establishment And Management | Symmetric
+ Keys","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1645"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/afbd0baf-ff1a-4447-a86f-088a97347c0c","type":"Microsoft.Authorization/policyDefinitions","name":"afbd0baf-ff1a-4447-a86f-088a97347c0c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1725 - Error Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1725"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/afc234b5-456b-4aa5-b3e2-ce89108124cc","type":"Microsoft.Authorization/policyDefinitions","name":"afc234b5-456b-4aa5-b3e2-ce89108124cc"},{"properties":{"displayName":"Activity
log should be retained for at least one year","policyType":"BuiltIn","mode":"All","description":"This
policy audits the activity log if the retention is not set for 365 days or
forever (retention days set to 0).","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"true"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"365"}]},{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"false"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"0"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","type":"Microsoft.Authorization/policyDefinitions","name":"b02aacc0-b073-424e-8298-42b22829ee0a"},{"properties":{"displayName":"Just-In-Time
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"true"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"365"}]},{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"false"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"0"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","type":"Microsoft.Authorization/policyDefinitions","name":"b02aacc0-b073-424e-8298-42b22829ee0a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1429 - Media Marking","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1429"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b07c9b24-729e-4e85-95fc-f224d2d08a80","type":"Microsoft.Authorization/policyDefinitions","name":"b07c9b24-729e-4e85-95fc-f224d2d08a80"},{"properties":{"displayName":"Microsoft
+ Managed Control 1711 - Security Function Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1711"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b083a535-a66a-41ec-ba7f-f9498bf67cde","type":"Microsoft.Authorization/policyDefinitions","name":"b083a535-a66a-41ec-ba7f-f9498bf67cde"},{"properties":{"displayName":"Just-In-Time
network access control should be applied on virtual machines","policyType":"BuiltIn","mode":"All","description":"Possible
network Just In Time (JIT) access will be monitored by Azure Security Center
as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"jitNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","type":"Microsoft.Authorization/policyDefinitions","name":"b0f33259-77d7-4c9e-aac6-3aabcfae693c"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"jitNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","type":"Microsoft.Authorization/policyDefinitions","name":"b0f33259-77d7-4c9e-aac6-3aabcfae693c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1571 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1571"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b11c985b-f2cd-4bd7-85f4-b52426edf905","type":"Microsoft.Authorization/policyDefinitions","name":"b11c985b-f2cd-4bd7-85f4-b52426edf905"},{"properties":{"displayName":"[Preview]:
Show audit results from Linux VMs that do not have the passwd file permissions
set to 0644","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Linux
virtual machines that do not have the passwd file permissions set to 0644.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","type":"Microsoft.Authorization/policyDefinitions","name":"b18175dd-c599-4c64-83ba-bb018a06d35b"},{"properties":{"displayName":"All
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","type":"Microsoft.Authorization/policyDefinitions","name":"b18175dd-c599-4c64-83ba-bb018a06d35b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1537 - Risk Assessment Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1537"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b19454ca-0d70-42c0-acf5-ea1c1e5726d1","type":"Microsoft.Authorization/policyDefinitions","name":"b19454ca-0d70-42c0-acf5-ea1c1e5726d1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1091 - Security Awareness Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1091"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b23bd715-5d1c-4e5c-9759-9cbdf79ded9d","type":"Microsoft.Authorization/policyDefinitions","name":"b23bd715-5d1c-4e5c-9759-9cbdf79ded9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1078 - Use Of External Information Systems | Limits On Authorized
+ Use","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1078"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b25faf85-8a16-4f28-8e15-d05c0072d64d","type":"Microsoft.Authorization/policyDefinitions","name":"b25faf85-8a16-4f28-8e15-d05c0072d64d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1009 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1009"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b26f8610-e615-47c2-abd6-c00b2b0b503a","type":"Microsoft.Authorization/policyDefinitions","name":"b26f8610-e615-47c2-abd6-c00b2b0b503a"},{"properties":{"displayName":"All
authorization rules except RootManageSharedAccessKey should be removed from
Event Hub namespace","policyType":"BuiltIn","mode":"All","description":"Event
Hub clients should not use a namespace level access policy that provides access
@@ -5942,7 +9032,13 @@ interactions:
security model, you shoud create access policies at the entity level for queues
and topics to provide access to only the specific entity","metadata":{"category":"Event
Hub"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.EventHub/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","type":"Microsoft.Authorization/policyDefinitions","name":"b278e460-7cfc-4451-8294-cccc40a940d7"},{"properties":{"displayName":"Deploy
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.EventHub/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","type":"Microsoft.Authorization/policyDefinitions","name":"b278e460-7cfc-4451-8294-cccc40a940d7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1234 - Software Usage Restrictions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1234"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b293f881-361c-47ed-b997-bc4e2296bc0b","type":"Microsoft.Authorization/policyDefinitions","name":"b293f881-361c-47ed-b997-bc4e2296bc0b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1107 - Content Of Audit Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1107"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b29ed931-8e21-4779-8458-27916122a904","type":"Microsoft.Authorization/policyDefinitions","name":"b29ed931-8e21-4779-8458-27916122a904"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows web servers that are not using secure communication
protocols","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Windows web servers that
@@ -5954,13 +9050,13 @@ interactions:
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"MinimumTLSVersion":{"type":"String","metadata":{"displayName":"Minimum
TLS version","description":"The minimum TLS protocol version that should be
enabled. Windows web servers with lower TLS versions will be marked as non-compliant."},"allowedValues":["1.1","1.2"],"defaultValue":"1.1"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AuditSecureProtocol","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"anyOf":[{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[SecureWebServer]s1;MinimumTLSVersion'',
- ''='', parameters(''MinimumTLSVersion'')))]"},{"allOf":[{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":""},{"value":"[parameters(''MinimumTLSVersion'')]","equals":"1.1"}]}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AuditSecureProtocol"},"MinimumTLSVersion":{"value":"[parameters(''MinimumTLSVersion'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"MinimumTLSVersion":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[SecureWebServer]s1;MinimumTLSVersion","value":"[parameters(''MinimumTLSVersion'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[SecureWebServer]s1;MinimumTLSVersion","value":"[parameters(''MinimumTLSVersion'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''='', parameters(''MinimumTLSVersion'')))]"},{"allOf":[{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":""},{"value":"[parameters(''MinimumTLSVersion'')]","equals":"1.1"}]}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AuditSecureProtocol"},"MinimumTLSVersion":{"value":"[parameters(''MinimumTLSVersion'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"MinimumTLSVersion":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[SecureWebServer]s1;MinimumTLSVersion","value":"[parameters(''MinimumTLSVersion'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[SecureWebServer]s1;MinimumTLSVersion","value":"[parameters(''MinimumTLSVersion'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","type":"Microsoft.Authorization/policyDefinitions","name":"b2fc8f91-866d-4434-9089-5ebfe38d6fd8"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Logon-Logoff''","policyType":"BuiltIn","mode":"All","description":"This
@@ -5969,14 +9065,29 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''System Audit Policies - Logon-Logoff''. For more information on
Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesLogonLogoff","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b3802d79-dd88-4bce-b81d-780218e48280","type":"Microsoft.Authorization/policyDefinitions","name":"b3802d79-dd88-4bce-b81d-780218e48280"},{"properties":{"displayName":"Diagnostic
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesLogonLogoff","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b3802d79-dd88-4bce-b81d-780218e48280","type":"Microsoft.Authorization/policyDefinitions","name":"b3802d79-dd88-4bce-b81d-780218e48280"},{"properties":{"displayName":"Microsoft
+ Managed Control 1041 - Least Privilege | Privilege Levels For Code Execution","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1041"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b3d8d15b-627a-4219-8c96-4d16f788888b","type":"Microsoft.Authorization/policyDefinitions","name":"b3d8d15b-627a-4219-8c96-4d16f788888b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1380 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1380"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4319b7e-ea8d-42ff-8a67-ccd462972827","type":"Microsoft.Authorization/policyDefinitions","name":"b4319b7e-ea8d-42ff-8a67-ccd462972827"},{"properties":{"displayName":"Diagnostic
logs in Search services should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Search"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","type":"Microsoft.Authorization/policyDefinitions","name":"b4330a05-a843-4bc8-bf9a-cacce50c67f4"},{"properties":{"displayName":"[Deprecated]:
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","type":"Microsoft.Authorization/policyDefinitions","name":"b4330a05-a843-4bc8-bf9a-cacce50c67f4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1172 - Internal System Connections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1172"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b43e946e-a4c8-4b92-8201-4a39331db43c","type":"Microsoft.Authorization/policyDefinitions","name":"b43e946e-a4c8-4b92-8201-4a39331db43c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1672 - Flaw Remediation | Central Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1672"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b45fe972-904e-45a4-ac20-673ba027a301","type":"Microsoft.Authorization/policyDefinitions","name":"b45fe972-904e-45a4-ac20-673ba027a301"},{"properties":{"displayName":"Microsoft
+ Managed Control 1131 - Protection Of Audit Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1131"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b472a17e-c2bc-493f-b50b-42d55a346962","type":"Microsoft.Authorization/policyDefinitions","name":"b472a17e-c2bc-493f-b50b-42d55a346962"},{"properties":{"displayName":"[Deprecated]:
Audit Web Sockets state for an API App","policyType":"BuiltIn","mode":"All","description":"The
Web Sockets protocol is vulnerable to different types of security threats.
Use of Web Sockets within an API app must be carefully reviewed.","metadata":{"category":"Security
@@ -5985,7 +9096,10 @@ interactions:
security contact phone number should be provided for your subscription","policyType":"BuiltIn","mode":"All","description":"Enter
a phone number to receive notifications when Azure Security Center detects
compromised resources","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/phone","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","type":"Microsoft.Authorization/policyDefinitions","name":"b4d66858-c922-44e3-9566-5cdb7a7be744"},{"properties":{"displayName":"Service
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/phone","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","type":"Microsoft.Authorization/policyDefinitions","name":"b4d66858-c922-44e3-9566-5cdb7a7be744"},{"properties":{"displayName":"Microsoft
+ Managed Control 1286 - Telecommunications Services | Provider Contingency
+ Plan","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1286"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4f9b47a-2116-4e6f-88db-4edbf22753f1","type":"Microsoft.Authorization/policyDefinitions","name":"b4f9b47a-2116-4e6f-88db-4edbf22753f1"},{"properties":{"displayName":"Service
Fabric clusters should only use Azure Active Directory for client authentication","policyType":"BuiltIn","mode":"Indexed","description":"Audit
usage of client authentication only via Azure Active Directory in Service
Fabric","metadata":{"category":"Service Fabric"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -5993,20 +9107,34 @@ interactions:
Advanced Threat Protection for Cosmos DB Accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
policy enables Advanced Threat Protection across Cosmos DB accounts.","metadata":{"category":"Cosmos
DB"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"cosmosDbAccountName":{"type":"string"}},"resources":[{"apiVersion":"2017-08-01-preview","type":"Microsoft.DocumentDB/databaseAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''cosmosDbAccountName''),
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"cosmosDbAccountName":{"type":"string"}},"resources":[{"apiVersion":"2019-01-01","type":"Microsoft.DocumentDB/databaseAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''cosmosDbAccountName''),
''/Microsoft.Security/current'')]","properties":{"isEnabled":true}}]},"parameters":{"cosmosDbAccountName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656","type":"Microsoft.Authorization/policyDefinitions","name":"b5f04e03-92a3-4b09-9410-2cc5e5047656"},{"properties":{"displayName":"Diagnostic
logs in App Services should be enabled","policyType":"BuiltIn","mode":"All","description":"Audit
enabling of diagnostic logs on the app. This enables you to recreate activity
trails for investigation purposes if a security incident occurs or your network
is compromised","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","notContains":"functionapp"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"allOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","type":"Microsoft.Authorization/policyDefinitions","name":"b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0"},{"properties":{"displayName":"Network
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","notContains":"functionapp"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"allOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","type":"Microsoft.Authorization/policyDefinitions","name":"b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1419 - Nonlocal Maintenance | Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1419"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6747bf9-2b97-45b8-b162-3c8becb9937d","type":"Microsoft.Authorization/policyDefinitions","name":"b6747bf9-2b97-45b8-b162-3c8becb9937d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1301 - Identification And Authentication (Org. Users) | Network
+ Access To Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1301"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08","type":"Microsoft.Authorization/policyDefinitions","name":"b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08"},{"properties":{"displayName":"Microsoft
+ Managed Control 1568 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1568"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6a8eae8-9854-495a-ac82-d2cd3eac02a6","type":"Microsoft.Authorization/policyDefinitions","name":"b6a8eae8-9854-495a-ac82-d2cd3eac02a6"},{"properties":{"displayName":"Network
Watcher should be enabled","policyType":"BuiltIn","mode":"All","description":"Network
Watcher is a regional service that enables you to monitor and diagnose conditions
at a network scenario level in, to, and from Azure. Scenario level monitoring
enables you to diagnose problems at an end to end network level view. Network
diagnostic and visualization tools available with Network Watcher help you
understand, diagnose, and gain insights to your network in Azure.","metadata":{"category":"Network"},"parameters":{"listOfLocations":{"type":"Array","metadata":{"displayName":"Locations","description":"Audit
- if Network Watcher is not enabled for region(s).","strongType":"location"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Network/networkWatchers","resourceGroupName":"NetworkWatcherRG","existenceCondition":{"field":"location","in":"[parameters(''listOfLocations'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","type":"Microsoft.Authorization/policyDefinitions","name":"b6e2945c-0b7b-40f5-9233-7a5323b5cdc6"},{"properties":{"displayName":"API
+ if Network Watcher is not enabled for region(s).","strongType":"location"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Network/networkWatchers","resourceGroupName":"NetworkWatcherRG","existenceCondition":{"field":"location","in":"[parameters(''listOfLocations'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","type":"Microsoft.Authorization/policyDefinitions","name":"b6e2945c-0b7b-40f5-9233-7a5323b5cdc6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1608 - Supply Chain Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1608"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b73b7b3b-677c-4a2a-b949-ad4dc4acd89f","type":"Microsoft.Authorization/policyDefinitions","name":"b73b7b3b-677c-4a2a-b949-ad4dc4acd89f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1401 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1401"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b78ee928-e3c1-4569-ad97-9f8c4b629847","type":"Microsoft.Authorization/policyDefinitions","name":"b78ee928-e3c1-4569-ad97-9f8c4b629847"},{"properties":{"displayName":"API
App should only be accessible over HTTPS","policyType":"BuiltIn","mode":"Indexed","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -6022,13 +9150,13 @@ interactions:
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"Members":{"type":"String","metadata":{"displayName":"Members","description":"A
semicolon-separated list of all the expected members of the Administrators
local group. Ex: Administrator; myUser1; myUser2"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AdministratorsGroupMembers","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[LocalGroup]AdministratorsGroup;Members'',
- ''='', parameters(''Members'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AdministratorsGroupMembers"},"Members":{"value":"[parameters(''Members'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"Members":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;Members","value":"[parameters(''Members'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;Members","value":"[parameters(''Members'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''='', parameters(''Members'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AdministratorsGroupMembers"},"Members":{"value":"[parameters(''Members'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"Members":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;Members","value":"[parameters(''Members'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;Members","value":"[parameters(''Members'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b821191b-3a12-44bc-9c38-212138a29ff3","type":"Microsoft.Authorization/policyDefinitions","name":"b821191b-3a12-44bc-9c38-212138a29ff3"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Accounts''","policyType":"BuiltIn","mode":"All","description":"This policy
@@ -6036,7 +9164,37 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Security
Options - Accounts''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAccounts","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b872a447-cc6f-43b9-bccf-45703cd81607","type":"Microsoft.Authorization/policyDefinitions","name":"b872a447-cc6f-43b9-bccf-45703cd81607"},{"properties":{"displayName":"[Preview]:
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAccounts","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b872a447-cc6f-43b9-bccf-45703cd81607","type":"Microsoft.Authorization/policyDefinitions","name":"b872a447-cc6f-43b9-bccf-45703cd81607"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Logic Apps to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Logic Apps to stream to a regional Log Analytics
+ workspace when any Logic Apps which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Logic/workflows/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"WorkflowRuntime","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721","type":"Microsoft.Authorization/policyDefinitions","name":"b889a06c-ec72-4b03-910a-cb169ee18721"},{"properties":{"displayName":"Microsoft
+ Managed Control 1257 - Contingency Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1257"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b958b241-4245-4bd6-bd2d-b8f0779fb543","type":"Microsoft.Authorization/policyDefinitions","name":"b958b241-4245-4bd6-bd2d-b8f0779fb543"},{"properties":{"displayName":"Microsoft
+ Managed Control 1186 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1186"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b95ba3bd-4ded-49ea-9d10-c6f4b680813d","type":"Microsoft.Authorization/policyDefinitions","name":"b95ba3bd-4ded-49ea-9d10-c6f4b680813d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1447 - Physical Access Authorizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1447"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b9783a99-98fe-4a95-873f-29613309fe9a","type":"Microsoft.Authorization/policyDefinitions","name":"b9783a99-98fe-4a95-873f-29613309fe9a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1625 - Boundary Protection | Access Points","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1625"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b9b66a4d-70a1-4b47-8fa1-289cec68c605","type":"Microsoft.Authorization/policyDefinitions","name":"b9b66a4d-70a1-4b47-8fa1-289cec68c605"},{"properties":{"displayName":"Microsoft
+ Managed Control 1610 - Development Process, Standards, And Tools","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1610"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b9f3fb54-4222-46a1-a308-4874061f8491","type":"Microsoft.Authorization/policyDefinitions","name":"b9f3fb54-4222-46a1-a308-4874061f8491"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Recovery console''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -6044,7 +9202,23 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - Recovery console''. For more information on
Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsRecoveryconsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b","type":"Microsoft.Authorization/policyDefinitions","name":"ba12366f-f9a6-42b8-9d98-157d0b1a837b"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsRecoveryconsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b","type":"Microsoft.Authorization/policyDefinitions","name":"ba12366f-f9a6-42b8-9d98-157d0b1a837b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1606 - Developer Security Testing And Evaluation | Threat
+ And Vulnerability Analyses","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1606"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca","type":"Microsoft.Authorization/policyDefinitions","name":"baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1726 - Information Handling And Retention","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1726"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/baff1279-05e0-4463-9a70-8ba5de4c7aa4","type":"Microsoft.Authorization/policyDefinitions","name":"baff1279-05e0-4463-9a70-8ba5de4c7aa4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1166 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1166"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bb02733d-3cc5-4bb0-a6cd-695ba2c2272e","type":"Microsoft.Authorization/policyDefinitions","name":"bb02733d-3cc5-4bb0-a6cd-695ba2c2272e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1188 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1188"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bb20548a-c926-4e4d-855c-bcddc6faf95e","type":"Microsoft.Authorization/policyDefinitions","name":"bb20548a-c926-4e4d-855c-bcddc6faf95e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1533 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1533"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bba2a036-fb3b-4261-b1be-a13dfb5fbcaa","type":"Microsoft.Authorization/policyDefinitions","name":"bba2a036-fb3b-4261-b1be-a13dfb5fbcaa"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Microsoft Network Client''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -6093,7 +9267,14 @@ interactions:
the latest supported Python version for the latest security classes. Using
older classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPython","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644","type":"Microsoft.Authorization/policyDefinitions","name":"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPython","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644","type":"Microsoft.Authorization/policyDefinitions","name":"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644"},{"properties":{"displayName":"Microsoft
+ Managed Control 1194 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1194"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc34667f-397e-4a65-9b72-d0358f0b6b09","type":"Microsoft.Authorization/policyDefinitions","name":"bc34667f-397e-4a65-9b72-d0358f0b6b09"},{"properties":{"displayName":"Microsoft
+ Managed Control 1095 - Role-Based Security Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1095"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc3f6f7a-057b-433e-9834-e8c97b0194f6","type":"Microsoft.Authorization/policyDefinitions","name":"bc3f6f7a-057b-433e-9834-e8c97b0194f6"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Account Logon''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -6101,7 +9282,16 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''System Audit Policies - Account Logon''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesAccountLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc87d811-4a9b-47cc-ae54-0a41abda7768","type":"Microsoft.Authorization/policyDefinitions","name":"bc87d811-4a9b-47cc-ae54-0a41abda7768"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesAccountLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc87d811-4a9b-47cc-ae54-0a41abda7768","type":"Microsoft.Authorization/policyDefinitions","name":"bc87d811-4a9b-47cc-ae54-0a41abda7768"},{"properties":{"displayName":"Microsoft
+ Managed Control 1427 - Media Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1427"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc90e44f-d83f-4bdf-900f-3d5eb4111b31","type":"Microsoft.Authorization/policyDefinitions","name":"bc90e44f-d83f-4bdf-900f-3d5eb4111b31"},{"properties":{"displayName":"Microsoft
+ Managed Control 1351 - Incident Response Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1351"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bcfb6683-05e5-4ce6-9723-c3fbe9896bdd","type":"Microsoft.Authorization/policyDefinitions","name":"bcfb6683-05e5-4ce6-9723-c3fbe9896bdd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1050 - Concurrent Session Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1050"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bd20184c-b4ec-4ce5-8db6-6e86352d183f","type":"Microsoft.Authorization/policyDefinitions","name":"bd20184c-b4ec-4ce5-8db6-6e86352d183f"},{"properties":{"displayName":"[Preview]:
IP Forwarding on your virtual machine should be disabled","policyType":"BuiltIn","mode":"All","description":"Enabling
IP forwarding on a virtual machine''s NIC allows the machine to receive traffic
addressed to other destinations. IP forwarding is rarely required (e.g., when
@@ -6126,7 +9316,38 @@ interactions:
the latest supported Java version for the latest security classes. Using older
classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6","type":"Microsoft.Authorization/policyDefinitions","name":"be0a7681-bed4-48dc-9ff3-f0171ee170b6"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6","type":"Microsoft.Authorization/policyDefinitions","name":"be0a7681-bed4-48dc-9ff3-f0171ee170b6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1360 - Incident Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1360"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/be5b05e7-0b82-4ebc-9eda-25e447b1a41e","type":"Microsoft.Authorization/policyDefinitions","name":"be5b05e7-0b82-4ebc-9eda-25e447b1a41e"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Key Vault to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Key Vault to stream to a regional Log Analytics
+ workspace when any Key Vault which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.KeyVault/vaults/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"AuditEvent","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47","type":"Microsoft.Authorization/policyDefinitions","name":"bef3f64c-5290-43b7-85b0-9b254eef4c47"},{"properties":{"displayName":"Microsoft
+ Managed Control 1152 - System Interconnections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1152"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/beff0acf-7e67-40b2-b1ca-1a0e8205cf1b","type":"Microsoft.Authorization/policyDefinitions","name":"beff0acf-7e67-40b2-b1ca-1a0e8205cf1b"},{"properties":{"displayName":"Geo-redundant
+ storage should be enabled for Storage Accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Storage Account with geo-redundant storage not enabled.","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":["Standard_GRS","Standard_RAGRS","Standard_GZRS","Standard_RAGZRS"]}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bf045164-79ba-4215-8f95-f8048dc1780b","type":"Microsoft.Authorization/policyDefinitions","name":"bf045164-79ba-4215-8f95-f8048dc1780b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1590 - External Information System Services | Risk Assessments
+ / Organizational Approvals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1590"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bf296b8c-f391-4ea4-9198-be3c9d39dd1f","type":"Microsoft.Authorization/policyDefinitions","name":"bf296b8c-f391-4ea4-9198-be3c9d39dd1f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1446 - Physical And Environmental Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1446"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bf6850fe-abba-468e-9ef4-d09ec7d983cd","type":"Microsoft.Authorization/policyDefinitions","name":"bf6850fe-abba-468e-9ef4-d09ec7d983cd"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - Logon-Logoff''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -6147,8 +9368,42 @@ interactions:
policy governs the virtual machine extensions that are not approved.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"approvedExtensions":{"type":"Array","metadata":{"description":"The
list of approved extension types that can be installed. Example: AzureDiskEncryption","displayName":"Approved
- extensions"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines/extensions"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","notIn":"[parameters(''approvedExtensions'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432","type":"Microsoft.Authorization/policyDefinitions","name":"c0e996f8-39cf-4af9-9f45-83fbde810432"},{"properties":{"displayName":"Allow
- resource creation only in Asia data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ extensions"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines/extensions"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","notIn":"[parameters(''approvedExtensions'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432","type":"Microsoft.Authorization/policyDefinitions","name":"c0e996f8-39cf-4af9-9f45-83fbde810432"},{"properties":{"displayName":"Microsoft
+ Managed Control 1124 - Audit Reduction And Report Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1124"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c10152dd-78f8-4335-ae2d-ad92cc028da4","type":"Microsoft.Authorization/policyDefinitions","name":"c10152dd-78f8-4335-ae2d-ad92cc028da4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1676 - Malicious Code Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1676"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c10fb58b-56a8-489e-9ce3-7ffe24e78e4b","type":"Microsoft.Authorization/policyDefinitions","name":"c10fb58b-56a8-489e-9ce3-7ffe24e78e4b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1719 - Spam Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1719"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c13da9b4-fe14-4fe2-853a-5997c9d4215a","type":"Microsoft.Authorization/policyDefinitions","name":"c13da9b4-fe14-4fe2-853a-5997c9d4215a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1226 - Information System Component Inventory | Automated
+ Unauthorized Component Detection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1226"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c158eb1c-ae7e-4081-8057-d527140c4e0c","type":"Microsoft.Authorization/policyDefinitions","name":"c158eb1c-ae7e-4081-8057-d527140c4e0c"},{"properties":{"displayName":"Deploy
+ associations for a custom provider","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ an association resource that associates selected resource types to the specified
+ custom provider. This policy deployment does not support nested resource types.","metadata":{"category":"Custom
+ Provider"},"parameters":{"targetCustomProviderId":{"type":"String","metadata":{"displayName":"Custom
+ provider Id","description":"Resource ID of the Custom provider to which resources
+ need to be associated."}},"resourceTypesToAssociate":{"type":"Array","metadata":{"displayName":"Resource
+ types to associate","description":"The list of resource types to be associated
+ to the custom provider.","strongType":"resourceTypes"}},"associationNamePrefix":{"type":"String","metadata":{"displayName":"Association
+ name prefix","description":"Prefix to be added to the name of the association
+ resource being created."},"defaultValue":"DeployedByPolicy"}},"policyRule":{"if":{"field":"type","in":"[parameters(''resourceTypesToAssociate'')]"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.CustomProviders/Associations","name":"[concat(parameters(''associationNamePrefix''),
+ ''-'', uniqueString(parameters(''targetCustomProviderId'')))]","roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"associatedResourceName":{"type":"string"},"resourceTypesToAssociate":{"type":"string"},"targetCustomProviderId":{"type":"string"},"associationNamePrefix":{"type":"string"}},"variables":{"resourceType":"[concat(parameters(''resourceTypesToAssociate''),
+ ''/providers/associations'')]","resourceName":"[concat(parameters(''associatedResourceName''),
+ ''/microsoft.customproviders/'', parameters(''associationNamePrefix''), ''-'',
+ uniqueString(parameters(''targetCustomProviderId'')))]"},"resources":[{"type":"Microsoft.Resources/deployments","apiVersion":"2017-05-10","name":"[concat(deployment().Name,
+ ''-2'')]","properties":{"mode":"Incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[{"type":"[variables(''resourceType'')]","name":"[variables(''resourceName'')]","apiVersion":"2018-09-01-preview","properties":{"targetResourceId":"[parameters(''targetCustomProviderId'')]"}}]}}}]},"parameters":{"resourceTypesToAssociate":{"value":"[field(''type'')]"},"associatedResourceName":{"value":"[field(''name'')]"},"targetCustomProviderId":{"value":"[parameters(''targetCustomProviderId'')]"},"associationNamePrefix":{"value":"[parameters(''associationNamePrefix'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c15c281f-ea5c-44cd-90b8-fc3c14d13f0c","type":"Microsoft.Authorization/policyDefinitions","name":"c15c281f-ea5c-44cd-90b8-fc3c14d13f0c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1629 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1629"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c171b095-7756-41de-8644-a062a96043f2","type":"Microsoft.Authorization/policyDefinitions","name":"c171b095-7756-41de-8644-a062a96043f2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1004 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1004"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c17822dc-736f-4eb4-a97d-e6be662ff835","type":"Microsoft.Authorization/policyDefinitions","name":"c17822dc-736f-4eb4-a97d-e6be662ff835"},{"properties":{"displayName":"[Deprecated]:
+ Allow resource creation only in Asia data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation in the following locations only: East Asia, Southeast Asia,
West India, South India, Central India, Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["eastasia","southeastasia","westindia","southindia","centralindia","japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94","type":"Microsoft.Authorization/policyDefinitions","name":"c1b9cbed-08e3-427d-b9ce-7c535b1e9b94"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
@@ -6169,7 +9424,9 @@ interactions:
Credential Validation;ExpectedValue'', ''='', parameters(''AuditCredentialValidation'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesAccountLogon"},"AuditCredentialValidation":{"value":"[parameters(''AuditCredentialValidation'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AuditCredentialValidation":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit
Credential Validation;ExpectedValue","value":"[parameters(''AuditCredentialValidation'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1e289c0-ffad-475d-a924-adc058765d65","type":"Microsoft.Authorization/policyDefinitions","name":"c1e289c0-ffad-475d-a924-adc058765d65"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1e289c0-ffad-475d-a924-adc058765d65","type":"Microsoft.Authorization/policyDefinitions","name":"c1e289c0-ffad-475d-a924-adc058765d65"},{"properties":{"displayName":"Microsoft
+ Managed Control 1503 - Information Security Architecture","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1503"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1fa9c2f-d439-4ab9-8b83-81fb1934f81d","type":"Microsoft.Authorization/policyDefinitions","name":"c1fa9c2f-d439-4ab9-8b83-81fb1934f81d"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that are not set to the specified time
zone","policyType":"BuiltIn","mode":"Indexed","description":"This policy creates
a Guest Configuration assignment to audit Windows virtual machines that are
@@ -6230,13 +9487,13 @@ interactions:
Fiji","(UTC+12:00) Petropavlovsk-Kamchatsky - Old","(UTC+12:45) Chatham Islands","(UTC+13:00)
Coordinated Universal Time+13","(UTC+13:00) Nuku''alofa","(UTC+13:00) Samoa","(UTC+14:00)
Kiritimati Island"]}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsTimeZone","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[WindowsTimeZone]WindowsTimeZone1;TimeZone'',
- ''='', parameters(''TimeZone'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsTimeZone"},"TimeZone":{"value":"[parameters(''TimeZone'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"TimeZone":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''='', parameters(''TimeZone'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsTimeZone"},"TimeZone":{"value":"[parameters(''TimeZone'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"TimeZone":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c21f7060-c148-41cf-a68b-0ab3e14c764c","type":"Microsoft.Authorization/policyDefinitions","name":"c21f7060-c148-41cf-a68b-0ab3e14c764c"},{"properties":{"displayName":"Show
audit results from Windows VMs on which the specified services are not installed
and ''Running''","policyType":"BuiltIn","mode":"All","description":"This policy
@@ -6244,7 +9501,24 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines on which the specified services are not installed and ''Running''.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsServiceStatus","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a","type":"Microsoft.Authorization/policyDefinitions","name":"c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a"},{"properties":{"displayName":"System
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsServiceStatus","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a","type":"Microsoft.Authorization/policyDefinitions","name":"c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a"},{"properties":{"displayName":"Ensure
+ that ''.Net Framework'' version is the latest, if used as a part of the API
+ app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for .Net Framework software either due to security
+ flaws or to include additional functionality. Using the latest .Net framework
+ version for web apps is recommended in order to to take advantage of security
+ fixes, if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.netFrameworkVersion","in":["v3.0","v4.0"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c2e7ca55-f62c-49b2-89a4-d41eb661d2f0","type":"Microsoft.Authorization/policyDefinitions","name":"c2e7ca55-f62c-49b2-89a4-d41eb661d2f0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1176 - Baseline Configuration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1176"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c30690a5-7bf3-467f-b0cd-ef5c7c7449cd","type":"Microsoft.Authorization/policyDefinitions","name":"c30690a5-7bf3-467f-b0cd-ef5c7c7449cd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1389 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1389"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c39e6fda-ae70-4891-a739-be7bba6d1062","type":"Microsoft.Authorization/policyDefinitions","name":"c39e6fda-ae70-4891-a739-be7bba6d1062"},{"properties":{"displayName":"Microsoft
+ Managed Control 1390 - Information Spillage Response | Responsible Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1390"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c3b65b63-09ec-4cb5-8028-7dd324d10eb0","type":"Microsoft.Authorization/policyDefinitions","name":"c3b65b63-09ec-4cb5-8028-7dd324d10eb0"},{"properties":{"displayName":"System
updates on virtual machine scale sets should be installed","policyType":"BuiltIn","mode":"Indexed","description":"Audit
whether there are any missing system security updates and critical updates
that should be installed to ensure that your Windows and Linux virtual machine
@@ -6256,11 +9530,37 @@ interactions:
auditing Linux virtual machines that have accounts without passwords. For
more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid232","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","type":"Microsoft.Authorization/policyDefinitions","name":"c40c9087-1981-4e73-9f53-39743eda9d05"},{"properties":{"displayName":"Microsoft
+ Managed Control 1220 - Least Functionality | Authorized Software / Whitelisting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1220"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c40f31a7-81e1-4130-99e5-a02ceea2a1d6","type":"Microsoft.Authorization/policyDefinitions","name":"c40f31a7-81e1-4130-99e5-a02ceea2a1d6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1513 - Personnel Screening | Information With Special Protection
+ Measures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1513"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c416970d-b12b-49eb-8af4-fb144cd7c290","type":"Microsoft.Authorization/policyDefinitions","name":"c416970d-b12b-49eb-8af4-fb144cd7c290"},{"properties":{"displayName":"Microsoft
Antimalware for Azure should be configured to automatically update protection
signatures","policyType":"BuiltIn","mode":"Indexed","description":"This policy
audits any Windows virtual machine not configured with automatic update of
Microsoft Antimalware protection signatures.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType","equals":"Windows"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"},{"field":"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c43e4a30-77cb-48ab-a4dd-93f175c63b57","type":"Microsoft.Authorization/policyDefinitions","name":"c43e4a30-77cb-48ab-a4dd-93f175c63b57"},{"properties":{"displayName":"[Preview]:
+ Container Registry should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Container Registry not configured to use a virtual network
+ service endpoint.","metadata":{"category":"Network","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerRegistry/registries"},{"anyOf":[{"field":"Microsoft.ContainerRegistry/registries/networkRuleSet.defaultAction","notEquals":"Deny"},{"field":"Microsoft.ContainerRegistry/registries/networkRuleSet.virtualNetworkRules[*].action","exists":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c4857be7-912a-4c75-87e6-e30292bcdf78","type":"Microsoft.Authorization/policyDefinitions","name":"c4857be7-912a-4c75-87e6-e30292bcdf78"},{"properties":{"displayName":"Microsoft
+ Managed Control 1235 - Software Usage Restrictions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1235"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c49c610b-ece4-44b3-988c-2172b70d6e46","type":"Microsoft.Authorization/policyDefinitions","name":"c49c610b-ece4-44b3-988c-2172b70d6e46"},{"properties":{"displayName":"Microsoft
+ Managed Control 1173 - Internal System Connections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1173"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c4aff9e7-2e60-46fa-86be-506b79033fc5","type":"Microsoft.Authorization/policyDefinitions","name":"c4aff9e7-2e60-46fa-86be-506b79033fc5"},{"properties":{"displayName":"Managed
+ identity should be used in your API App","policyType":"BuiltIn","mode":"Indexed","description":"Use
+ a managed identity for enhanced authentication security","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","type":"Microsoft.Authorization/policyDefinitions","name":"c4d441f8-f9d9-4a9e-9cef-e82117cb3eef"},{"properties":{"displayName":"Microsoft
+ Managed Control 1600 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1600"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c53f3123-d233-44a7-930b-f40d3bfeb7d6","type":"Microsoft.Authorization/policyDefinitions","name":"c53f3123-d233-44a7-930b-f40d3bfeb7d6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1408 - Maintenance Tools | Prevent Unauthorized Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1408"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c5f56ac6-4bb2-4086-bc41-ad76344ba2c2","type":"Microsoft.Authorization/policyDefinitions","name":"c5f56ac6-4bb2-4086-bc41-ad76344ba2c2"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that contain certificates expiring
within the specified number of days","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -6294,26 +9594,67 @@ interactions:
''='', parameters(''ExpirationLimitInDays''), '','', ''[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude'',
''='', parameters(''CertificateThumbprintsToInclude''), '','', ''[CertificateStore]CertificateStore1;CertificateThumbprintsToExclude'',
''='', parameters(''CertificateThumbprintsToExclude''), '','', ''[CertificateStore]CertificateStore1;IncludeExpiredCertificates'',
- ''='', parameters(''IncludeExpiredCertificates'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"CertificateExpiration"},"CertificateStorePath":{"value":"[parameters(''CertificateStorePath'')]"},"ExpirationLimitInDays":{"value":"[parameters(''ExpirationLimitInDays'')]"},"CertificateThumbprintsToInclude":{"value":"[parameters(''CertificateThumbprintsToInclude'')]"},"CertificateThumbprintsToExclude":{"value":"[parameters(''CertificateThumbprintsToExclude'')]"},"IncludeExpiredCertificates":{"value":"[parameters(''IncludeExpiredCertificates'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"CertificateStorePath":{"type":"string"},"ExpirationLimitInDays":{"type":"string"},"CertificateThumbprintsToInclude":{"type":"string"},"CertificateThumbprintsToExclude":{"type":"string"},"IncludeExpiredCertificates":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateStorePath","value":"[parameters(''CertificateStorePath'')]"},{"name":"[CertificateStore]CertificateStore1;ExpirationLimitInDays","value":"[parameters(''ExpirationLimitInDays'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprintsToInclude'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToExclude","value":"[parameters(''CertificateThumbprintsToExclude'')]"},{"name":"[CertificateStore]CertificateStore1;IncludeExpiredCertificates","value":"[parameters(''IncludeExpiredCertificates'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateStorePath","value":"[parameters(''CertificateStorePath'')]"},{"name":"[CertificateStore]CertificateStore1;ExpirationLimitInDays","value":"[parameters(''ExpirationLimitInDays'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprintsToInclude'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToExclude","value":"[parameters(''CertificateThumbprintsToExclude'')]"},{"name":"[CertificateStore]CertificateStore1;IncludeExpiredCertificates","value":"[parameters(''IncludeExpiredCertificates'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c5fbc59e-fb6f-494f-81e2-d99a671bdaa8","type":"Microsoft.Authorization/policyDefinitions","name":"c5fbc59e-fb6f-494f-81e2-d99a671bdaa8"},{"properties":{"displayName":"Email
+ ''='', parameters(''IncludeExpiredCertificates'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"CertificateExpiration"},"CertificateStorePath":{"value":"[parameters(''CertificateStorePath'')]"},"ExpirationLimitInDays":{"value":"[parameters(''ExpirationLimitInDays'')]"},"CertificateThumbprintsToInclude":{"value":"[parameters(''CertificateThumbprintsToInclude'')]"},"CertificateThumbprintsToExclude":{"value":"[parameters(''CertificateThumbprintsToExclude'')]"},"IncludeExpiredCertificates":{"value":"[parameters(''IncludeExpiredCertificates'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"CertificateStorePath":{"type":"string"},"ExpirationLimitInDays":{"type":"string"},"CertificateThumbprintsToInclude":{"type":"string"},"CertificateThumbprintsToExclude":{"type":"string"},"IncludeExpiredCertificates":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateStorePath","value":"[parameters(''CertificateStorePath'')]"},{"name":"[CertificateStore]CertificateStore1;ExpirationLimitInDays","value":"[parameters(''ExpirationLimitInDays'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprintsToInclude'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToExclude","value":"[parameters(''CertificateThumbprintsToExclude'')]"},{"name":"[CertificateStore]CertificateStore1;IncludeExpiredCertificates","value":"[parameters(''IncludeExpiredCertificates'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateStorePath","value":"[parameters(''CertificateStorePath'')]"},{"name":"[CertificateStore]CertificateStore1;ExpirationLimitInDays","value":"[parameters(''ExpirationLimitInDays'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprintsToInclude'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToExclude","value":"[parameters(''CertificateThumbprintsToExclude'')]"},{"name":"[CertificateStore]CertificateStore1;IncludeExpiredCertificates","value":"[parameters(''IncludeExpiredCertificates'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c5fbc59e-fb6f-494f-81e2-d99a671bdaa8","type":"Microsoft.Authorization/policyDefinitions","name":"c5fbc59e-fb6f-494f-81e2-d99a671bdaa8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1670 - Flaw Remediation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1670"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c6108469-57ee-4666-af7e-79ba61c7ae0c","type":"Microsoft.Authorization/policyDefinitions","name":"c6108469-57ee-4666-af7e-79ba61c7ae0c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1190 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1190"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c66a3d1e-465b-4f28-9da5-aef701b59892","type":"Microsoft.Authorization/policyDefinitions","name":"c66a3d1e-465b-4f28-9da5-aef701b59892"},{"properties":{"displayName":"Microsoft
+ Managed Control 1120 - Audit Review, Analysis, And Reporting | Integration
+ / Scanning And Monitoring Capabilities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1120"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c69b870e-857b-458b-af02-bb234f7a00d3","type":"Microsoft.Authorization/policyDefinitions","name":"c69b870e-857b-458b-af02-bb234f7a00d3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1125 - Audit Reduction And Report Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1125"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c6ce745a-670e-47d3-a6c4-3cfe5ef00c10","type":"Microsoft.Authorization/policyDefinitions","name":"c6ce745a-670e-47d3-a6c4-3cfe5ef00c10"},{"properties":{"displayName":"Microsoft
+ Managed Control 1619 - Information In Shared Resources","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1619"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c722e569-cb52-45f3-a643-836547d016e1","type":"Microsoft.Authorization/policyDefinitions","name":"c722e569-cb52-45f3-a643-836547d016e1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1121 - Audit Review, Analysis, And Reporting | Correlation
+ With Physical Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1121"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c72b0eb9-1fc2-44e5-a866-e7cb0532f7c1","type":"Microsoft.Authorization/policyDefinitions","name":"c72b0eb9-1fc2-44e5-a866-e7cb0532f7c1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1353 - Incident Response Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1353"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c785ad59-f78f-44ad-9a7f-d1202318c748","type":"Microsoft.Authorization/policyDefinitions","name":"c785ad59-f78f-44ad-9a7f-d1202318c748"},{"properties":{"displayName":"Email
notifications to admins and subscription owners should be enabled in SQL server
advanced data security settings","policyType":"BuiltIn","mode":"Indexed","description":"Audit
that ''email notification to admins and subscription owners'' is enabled in
the SQL server advanced threat protection settings. This ensures that any
detections of anomalous activities on SQL server are reported as soon as possible
to the admins.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","type":"Microsoft.Authorization/policyDefinitions","name":"c8343d2f-fdc9-4a97-b76f-fc71d1163bfc"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","type":"Microsoft.Authorization/policyDefinitions","name":"c8343d2f-fdc9-4a97-b76f-fc71d1163bfc"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Batch Account to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Batch Account to stream to a regional Log Analytics
+ workspace when any Batch Account which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Batch/batchAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Batch/batchAccounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ServiceLog","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5","type":"Microsoft.Authorization/policyDefinitions","name":"c84e5349-db6d-4769-805e-e14037dab9b5"},{"properties":{"displayName":"[Deprecated]:
API App should only be accessible over HTTPS","policyType":"BuiltIn","mode":"All","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"Security
Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForApiApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d","type":"Microsoft.Authorization/policyDefinitions","name":"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForApiApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d","type":"Microsoft.Authorization/policyDefinitions","name":"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1470 - Emergency Shutoff","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1470"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c89ba09f-2e0f-44d0-8095-65b05bd151ef","type":"Microsoft.Authorization/policyDefinitions","name":"c89ba09f-2e0f-44d0-8095-65b05bd151ef"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Interactive Logon''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -6321,7 +9662,10 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - Interactive Logon''. For more information on
Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsInteractiveLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8abcef9-fc26-482f-b8db-5fa60ee4586d","type":"Microsoft.Authorization/policyDefinitions","name":"c8abcef9-fc26-482f-b8db-5fa60ee4586d"},{"properties":{"displayName":"Diagnostic
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsInteractiveLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8abcef9-fc26-482f-b8db-5fa60ee4586d","type":"Microsoft.Authorization/policyDefinitions","name":"c8abcef9-fc26-482f-b8db-5fa60ee4586d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1018 - Account Management | Role-Based Schemes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1018"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c9121abf-e698-4ee9-b1cf-71ee528ff07f","type":"Microsoft.Authorization/policyDefinitions","name":"c9121abf-e698-4ee9-b1cf-71ee528ff07f"},{"properties":{"displayName":"Diagnostic
logs in Data Lake Analytics should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
@@ -6342,13 +9686,13 @@ interactions:
and deploys the VM extension for Guest Configuration. This policy should only
be used along with its corresponding audit policy in an initiative. For more
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPendingReboot"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPendingReboot"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c96f3246-4382-4264-bf6b-af0b35e23c3c","type":"Microsoft.Authorization/policyDefinitions","name":"c96f3246-4382-4264-bf6b-af0b35e23c3c"},{"properties":{"displayName":"Deploy
Diagnostic Settings for Network Security Groups","policyType":"BuiltIn","mode":"Indexed","description":"This
policy automatically deploys diagnostic settings to network security groups.
@@ -6370,11 +9714,30 @@ interactions:
service work as intended, allow the set of trusted Microsoft services to bypass
the network rules. These services will then use strong authentication to access
the storage account.","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","exists":"true"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","notContains":"AzureServices"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","type":"Microsoft.Authorization/policyDefinitions","name":"c9d007d0-c057-4772-b18c-01e546713bcd"},{"properties":{"displayName":"Remote
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","exists":"true"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","notContains":"AzureServices"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","type":"Microsoft.Authorization/policyDefinitions","name":"c9d007d0-c057-4772-b18c-01e546713bcd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1035 - Least Privilege | Authorize Access To Security Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1035"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ca94b046-45e2-444f-a862-dc8ce262a516","type":"Microsoft.Authorization/policyDefinitions","name":"ca94b046-45e2-444f-a862-dc8ce262a516"},{"properties":{"displayName":"Microsoft
+ Managed Control 1243 - Contingency Planning Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1243"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ca9a4469-d6df-4ab2-a42f-1213c396f0ec","type":"Microsoft.Authorization/policyDefinitions","name":"ca9a4469-d6df-4ab2-a42f-1213c396f0ec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1306 - Identification And Authentication (Org. Users) | Net.
+ Access To Priv. Accts. - Replay","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1306"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff","type":"Microsoft.Authorization/policyDefinitions","name":"cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff"},{"properties":{"displayName":"Remote
debugging should be turned off for Web Applications","policyType":"BuiltIn","mode":"Indexed","description":"Remote
debugging requires inbound ports to be opened on a web application. Remote
debugging should be turned off.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","type":"Microsoft.Authorization/policyDefinitions","name":"cb510bfd-1cba-4d9f-a230-cb0976f4bb71"},{"properties":{"displayName":"Show
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","type":"Microsoft.Authorization/policyDefinitions","name":"cb510bfd-1cba-4d9f-a230-cb0976f4bb71"},{"properties":{"displayName":"Microsoft
+ Managed Control 1486 - Alternate Work Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1486"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cb790345-a51f-43de-934e-98dbfaf9dca5","type":"Microsoft.Authorization/policyDefinitions","name":"cb790345-a51f-43de-934e-98dbfaf9dca5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1167 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1167"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cbb2be76-4891-430b-95a7-ca0b0a3d1300","type":"Microsoft.Authorization/policyDefinitions","name":"cbb2be76-4891-430b-95a7-ca0b0a3d1300"},{"properties":{"displayName":"Microsoft
+ Managed Control 1374 - Incident Response Assistance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1374"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cc5c8616-52ef-4e5e-8000-491634ed9249","type":"Microsoft.Authorization/policyDefinitions","name":"cc5c8616-52ef-4e5e-8000-491634ed9249"},{"properties":{"displayName":"Show
audit results from Windows VMs in which the Administrators group does not
contain only the specified members","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -6393,15 +9756,31 @@ interactions:
policy enables you to specify a set of virtual machine SKUs that your organization
can deploy.","metadata":{"category":"Compute"},"parameters":{"listOfAllowedSKUs":{"type":"Array","metadata":{"description":"The
list of SKUs that can be specified for virtual machines.","displayName":"Allowed
- SKUs","strongType":"VMSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"field":"Microsoft.Compute/virtualMachines/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3","type":"Microsoft.Authorization/policyDefinitions","name":"cccc23c7-8427-4f53-ad12-b6a63eb452b3"},{"properties":{"displayName":"Allow
- resource creation if ''department'' tag set","policyType":"BuiltIn","mode":"Indexed","description":"Allows
- resource creation only if the ''department'' tag is set","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags","containsKey":"department"}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064","type":"Microsoft.Authorization/policyDefinitions","name":"cd8dc879-a2ae-43c3-8211-1877c5755064"},{"properties":{"displayName":"[Preview]:
+ SKUs","strongType":"VMSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"field":"Microsoft.Compute/virtualMachines/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3","type":"Microsoft.Authorization/policyDefinitions","name":"cccc23c7-8427-4f53-ad12-b6a63eb452b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1443 - Media Use","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1443"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd0ec6fa-a2e7-4361-aee4-a8688659a9ed","type":"Microsoft.Authorization/policyDefinitions","name":"cd0ec6fa-a2e7-4361-aee4-a8688659a9ed"},{"properties":{"displayName":"Inherit
+ a tag from the resource group","policyType":"BuiltIn","mode":"Indexed","description":"Adds
+ or replaces the specified tag and value from the parent resource group when
+ any resource is created or updated. Existing resources can be remediated by
+ triggering a remediation task.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"allOf":[{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","notEquals":"[resourceGroup().tags[parameters(''tagName'')]]"},{"value":"[resourceGroup().tags[parameters(''tagName'')]]","notEquals":""}]},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"addOrReplace","field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","value":"[resourceGroup().tags[parameters(''tagName'')]]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd3aa116-8754-49c9-a813-ad46512ece54","type":"Microsoft.Authorization/policyDefinitions","name":"cd3aa116-8754-49c9-a813-ad46512ece54"},{"properties":{"displayName":"[Deprecated]:
+ Allow resource creation if ''department'' tag set","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ resource creation only if the ''department'' tag is set","metadata":{"category":"Tags","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags","containsKey":"department"}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064","type":"Microsoft.Authorization/policyDefinitions","name":"cd8dc879-a2ae-43c3-8211-1877c5755064"},{"properties":{"displayName":"Microsoft
+ Managed Control 1582 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1582"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd9e2f38-259b-462c-bfad-0ad7ab4e65c5","type":"Microsoft.Authorization/policyDefinitions","name":"cd9e2f38-259b-462c-bfad-0ad7ab4e65c5"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that allow re-use of the previous 24 passwords","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that allow re-use of the previous 24 passwords.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","type":"Microsoft.Authorization/policyDefinitions","name":"cdbf72d9-ac9c-4026-8a3a-491a5ac59293"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","type":"Microsoft.Authorization/policyDefinitions","name":"cdbf72d9-ac9c-4026-8a3a-491a5ac59293"},{"properties":{"displayName":"Microsoft
+ Managed Control 1104 - Audit Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1104"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cdd8d244-18b2-4306-a1d1-df175ae0935f","type":"Microsoft.Authorization/policyDefinitions","name":"cdd8d244-18b2-4306-a1d1-df175ae0935f"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - Privilege Use''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -6412,14 +9791,45 @@ interactions:
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPrivilegeUse","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesPrivilegeUse"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ce2370f6-0ac5-4d85-8ab4-10721cc640b0","type":"Microsoft.Authorization/policyDefinitions","name":"ce2370f6-0ac5-4d85-8ab4-10721cc640b0"},{"properties":{"displayName":"Diagnostic
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ce2370f6-0ac5-4d85-8ab4-10721cc640b0","type":"Microsoft.Authorization/policyDefinitions","name":"ce2370f6-0ac5-4d85-8ab4-10721cc640b0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1209 - Configuration Settings","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1209"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ce669c31-9103-4552-ae9c-cdef4e03580d","type":"Microsoft.Authorization/policyDefinitions","name":"ce669c31-9103-4552-ae9c-cdef4e03580d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1242 - Contingency Planning Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1242"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf3b3293-667a-445e-a722-fa0b0afc0958","type":"Microsoft.Authorization/policyDefinitions","name":"cf3b3293-667a-445e-a722-fa0b0afc0958"},{"properties":{"displayName":"Microsoft
+ Managed Control 1097 - Role-Based Security Training | Suspicious Communications
+ And Anomalous System Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1097"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf3e4836-f19e-47eb-a8cd-c3ca150452c0","type":"Microsoft.Authorization/policyDefinitions","name":"cf3e4836-f19e-47eb-a8cd-c3ca150452c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1424 - Maintenance Personnel | Individuals Without Appropriate
+ Access","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1424"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf55fc87-48e1-4676-a2f8-d9a8cf993283","type":"Microsoft.Authorization/policyDefinitions","name":"cf55fc87-48e1-4676-a2f8-d9a8cf993283"},{"properties":{"displayName":"Diagnostic
logs in Key Vault should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Key Vault"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","type":"Microsoft.Authorization/policyDefinitions","name":"cf820ca0-f99e-4f3e-84fb-66e913812d21"},{"properties":{"displayName":"Enforce
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","type":"Microsoft.Authorization/policyDefinitions","name":"cf820ca0-f99e-4f3e-84fb-66e913812d21"},{"properties":{"displayName":"Microsoft
+ Managed Control 1292 - Information System Backup | Test Restoration Using
+ Sampling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1292"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d03516cf-0293-489f-9b32-a18f2a79f836","type":"Microsoft.Authorization/policyDefinitions","name":"d03516cf-0293-489f-9b32-a18f2a79f836"},{"properties":{"displayName":"Microsoft
+ Managed Control 1724 - Error Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1724"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d07594d1-0307-4c08-94db-5d71ff31f0f6","type":"Microsoft.Authorization/policyDefinitions","name":"d07594d1-0307-4c08-94db-5d71ff31f0f6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1084 - Publicly Accessible Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1084"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d0eb15db-dd1c-4d1d-b200-b12dd6cd060c","type":"Microsoft.Authorization/policyDefinitions","name":"d0eb15db-dd1c-4d1d-b200-b12dd6cd060c"},{"properties":{"displayName":"Add
+ or replace a tag on resource groups","policyType":"BuiltIn","mode":"All","description":"Adds
+ or replaces the specified tag and value when any resource group is created
+ or updated. Existing resource groups can be remediated by triggering a remediation
+ task.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
+ Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","notEquals":"[parameters(''tagValue'')]"}]},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"addOrReplace","field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d157c373-a6c4-483d-aaad-570756956268","type":"Microsoft.Authorization/policyDefinitions","name":"d157c373-a6c4-483d-aaad-570756956268"},{"properties":{"displayName":"Enforce
SSL connection should be enabled for PostgreSQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any PostgreSQL server that is not enforcing SSL connection.
Azure Database for PostgreSQL prefers connecting your client applications
@@ -6427,11 +9837,30 @@ interactions:
connections between your database server and your client applications helps
protect against ''man-in-the-middle'' attacks by encrypting the data stream
between the server and your application","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","type":"Microsoft.Authorization/policyDefinitions","name":"d158790f-bfb0-486c-8631-2dc6b4e8e6af"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","type":"Microsoft.Authorization/policyDefinitions","name":"d158790f-bfb0-486c-8631-2dc6b4e8e6af"},{"properties":{"displayName":"Microsoft
+ Managed Control 1620 - Denial Of Service Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1620"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d17c826b-1dec-43e1-a984-7b71c446649c","type":"Microsoft.Authorization/policyDefinitions","name":"d17c826b-1dec-43e1-a984-7b71c446649c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1409 - Maintenance Tools | Prevent Unauthorized Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1409"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d1880188-e51a-4772-b2ab-68f5e8bd27f6","type":"Microsoft.Authorization/policyDefinitions","name":"d1880188-e51a-4772-b2ab-68f5e8bd27f6"},{"properties":{"displayName":"[Deprecated]:
Audit Function Apps that are not using custom domains","policyType":"BuiltIn","mode":"All","description":"Use
of custom domains protects a Function app from common attacks such as phishing
and other DNS-related attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c","type":"Microsoft.Authorization/policyDefinitions","name":"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c","type":"Microsoft.Authorization/policyDefinitions","name":"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1195 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1195"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d1e1d65c-1013-4484-bd54-991332e6a0d2","type":"Microsoft.Authorization/policyDefinitions","name":"d1e1d65c-1013-4484-bd54-991332e6a0d2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1721 - Spam Protection | Central Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1721"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a","type":"Microsoft.Authorization/policyDefinitions","name":"d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1106 - Audit Events | Reviews And Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1106"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d2b4feae-61ab-423f-a4c5-0e38ac4464d8","type":"Microsoft.Authorization/policyDefinitions","name":"d2b4feae-61ab-423f-a4c5-0e38ac4464d8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1030 - Information Flow Enforcement | Physical / Logical Separation
+ Of Information Flows","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1030"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d3531453-b869-4606-9122-29c1cd6e7ed1","type":"Microsoft.Authorization/policyDefinitions","name":"d3531453-b869-4606-9122-29c1cd6e7ed1"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs on which the DSC configuration is
not compliant","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows VMs on which
@@ -6441,21 +9870,127 @@ interactions:
Configuration. This policy should only be used along with its corresponding
audit policy in an initiative. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDscConfiguration","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDscConfiguration"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d38b4c26-9d2e-47d7-aefe-18d859a8706a","type":"Microsoft.Authorization/policyDefinitions","name":"d38b4c26-9d2e-47d7-aefe-18d859a8706a"},{"properties":{"displayName":"Show
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDscConfiguration","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDscConfiguration"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d38b4c26-9d2e-47d7-aefe-18d859a8706a","type":"Microsoft.Authorization/policyDefinitions","name":"d38b4c26-9d2e-47d7-aefe-18d859a8706a"},{"properties":{"displayName":"Long-term
+ geo-redundant backup should be enabled for Azure SQL Databases","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure SQL Database with long-term geo-redundant backup not
+ enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies","name":"default","existenceCondition":{"anyOf":[{"field":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies/weeklyRetention","notEquals":"PT0S"},{"field":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies/monthlyRetention","notEquals":"PT0S"},{"field":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies/yearlyRetention","notEquals":"PT0S"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","type":"Microsoft.Authorization/policyDefinitions","name":"d38fc420-0735-4ef3-ac11-c806f651a570"},{"properties":{"displayName":"Microsoft
+ Managed Control 1641 - Transmission Confidentiality And Integrity | Cryptographic
+ Or Alternate Physical Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1641"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d39d4f68-7346-4133-8841-15318a714a24","type":"Microsoft.Authorization/policyDefinitions","name":"d39d4f68-7346-4133-8841-15318a714a24"},{"properties":{"displayName":"Microsoft
+ Managed Control 1249 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1249"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d3bf4251-0818-42db-950b-afd5b25a51c2","type":"Microsoft.Authorization/policyDefinitions","name":"d3bf4251-0818-42db-950b-afd5b25a51c2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1562 - Allocation Of Resources","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1562"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d4142013-7964-4163-a313-a900301c2cef","type":"Microsoft.Authorization/policyDefinitions","name":"d4142013-7964-4163-a313-a900301c2cef"},{"properties":{"displayName":"Virtual
+ machines should be connected to an approved virtual network","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any virtual machine connected to a virtual network that is not
+ approved.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"virtualNetworkId":{"type":"String","metadata":{"displayName":"Virtual
+ network Id","description":"Resource Id of the virtual network. Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroupName/providers/Microsoft.Network/virtualNetworks/Name"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"not":{"field":"Microsoft.Network/networkInterfaces/ipconfigurations[*].subnet.id","like":"[concat(parameters(''virtualNetworkId''),''/*'')]"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d416745a-506c-48b6-8ab1-83cb814bcaa3","type":"Microsoft.Authorization/policyDefinitions","name":"d416745a-506c-48b6-8ab1-83cb814bcaa3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1383 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1383"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d4558451-e16a-4d2d-a066-fe12a6282bb9","type":"Microsoft.Authorization/policyDefinitions","name":"d4558451-e16a-4d2d-a066-fe12a6282bb9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1112 - Response To Audit Processing Failures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1112"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d530aad8-4ee2-45f4-b234-c061dae683c0","type":"Microsoft.Authorization/policyDefinitions","name":"d530aad8-4ee2-45f4-b234-c061dae683c0"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Data Lake Analytics to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Analytics to stream to a regional Log
+ Analytics workspace when any Data Lake Analytics which is missing this diagnostic
+ settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeAnalytics/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeAnalytics/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03","type":"Microsoft.Authorization/policyDefinitions","name":"d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03"},{"properties":{"displayName":"Microsoft
+ Managed Control 1585 - Security Engineering Principles","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1585"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d57f8732-5cdc-4cda-8d27-ab148e1f3a55","type":"Microsoft.Authorization/policyDefinitions","name":"d57f8732-5cdc-4cda-8d27-ab148e1f3a55"},{"properties":{"displayName":"Microsoft
+ Managed Control 1667 - System And Information Integrity Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1667"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d61880dc-6e38-4f2a-a30c-3406a98f8220","type":"Microsoft.Authorization/policyDefinitions","name":"d61880dc-6e38-4f2a-a30c-3406a98f8220"},{"properties":{"displayName":"Microsoft
+ Managed Control 1150 - Security Assessments | External Organizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1150"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d630429d-e763-40b1-8fba-d20ba7314afb","type":"Microsoft.Authorization/policyDefinitions","name":"d630429d-e763-40b1-8fba-d20ba7314afb"},{"properties":{"displayName":"Event
+ Hub should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Event Hub not configured to use a virtual network service
+ endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.EventHub/namespaces/virtualNetworkRules","existenceCondition":{"field":"Microsoft.EventHub/namespaces/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d63edb4a-c612-454d-b47d-191a724fcbf0","type":"Microsoft.Authorization/policyDefinitions","name":"d63edb4a-c612-454d-b47d-191a724fcbf0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1549 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1549"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d6976a08-d969-4df2-bb38-29556c2eb48a","type":"Microsoft.Authorization/policyDefinitions","name":"d6976a08-d969-4df2-bb38-29556c2eb48a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1473 - Emergency Power","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1473"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d7047705-d719-46a7-8bb0-76ad233eba71","type":"Microsoft.Authorization/policyDefinitions","name":"d7047705-d719-46a7-8bb0-76ad233eba71"},{"properties":{"displayName":"Microsoft
+ Managed Control 1529 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1529"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d74fdc92-1cb8-4a34-9978-8556425cd14c","type":"Microsoft.Authorization/policyDefinitions","name":"d74fdc92-1cb8-4a34-9978-8556425cd14c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1350 - Identification And Authentication (Non-Org. Users)
+ | Use Of FICAM-Issued Profiles","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1350"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d77fd943-6ba6-4a21-ba07-22b03e347cc4","type":"Microsoft.Authorization/policyDefinitions","name":"d77fd943-6ba6-4a21-ba07-22b03e347cc4"},{"properties":{"displayName":"Show
audit results from Windows Server VMs on which Windows Serial Console is not
enabled","policyType":"BuiltIn","mode":"All","description":"This policy should
only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
Server virtual machines on which Windows Serial Console is not enabled. For
more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsSerialConsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d7ccd0ca-8d78-42af-a43d-6b7f928accbc","type":"Microsoft.Authorization/policyDefinitions","name":"d7ccd0ca-8d78-42af-a43d-6b7f928accbc"},{"properties":{"displayName":"[Deprecated]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsSerialConsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d7ccd0ca-8d78-42af-a43d-6b7f928accbc","type":"Microsoft.Authorization/policyDefinitions","name":"d7ccd0ca-8d78-42af-a43d-6b7f928accbc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1016 - Account Management | Automated Audit Actions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1016"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d8b43277-512e-40c3-ab00-14b3b6e72238","type":"Microsoft.Authorization/policyDefinitions","name":"d8b43277-512e-40c3-ab00-14b3b6e72238"},{"properties":{"displayName":"Microsoft
+ Managed Control 1488 - Alternate Work Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1488"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d8ef30eb-a44f-47af-8524-ac19a36d41d2","type":"Microsoft.Authorization/policyDefinitions","name":"d8ef30eb-a44f-47af-8524-ac19a36d41d2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1577 - Acquisition Process | Continuous Monitoring Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1577"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d922484a-8cfc-4a6b-95a4-77d6a685407f","type":"Microsoft.Authorization/policyDefinitions","name":"d922484a-8cfc-4a6b-95a4-77d6a685407f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1271 - Alternate Storage Site | Accessibility","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1271"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/da3bfb53-9c46-4010-b3db-a7ba1296dada","type":"Microsoft.Authorization/policyDefinitions","name":"da3bfb53-9c46-4010-b3db-a7ba1296dada"},{"properties":{"displayName":"Microsoft
+ Managed Control 1516 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1516"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/da3cd269-156f-435b-b472-c3af34c032ed","type":"Microsoft.Authorization/policyDefinitions","name":"da3cd269-156f-435b-b472-c3af34c032ed"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Batch Account to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Batch Account to stream to a regional Event Hub
+ when any Batch Account which is missing this diagnostic settings is created
+ or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Batch/batchAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Batch/batchAccounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ServiceLog","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/db51110f-0865-4a6e-b274-e2e07a5b2cd7","type":"Microsoft.Authorization/policyDefinitions","name":"db51110f-0865-4a6e-b274-e2e07a5b2cd7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1277 - Alternate Processing Site | Priority Of Service","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1277"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dc43e829-3d50-4a0a-aa0f-428d551862aa","type":"Microsoft.Authorization/policyDefinitions","name":"dc43e829-3d50-4a0a-aa0f-428d551862aa"},{"properties":{"displayName":"Microsoft
+ Managed Control 1439 - Media Sanitization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1439"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dce72873-c5f1-47c3-9b4f-6b8207fd5a45","type":"Microsoft.Authorization/policyDefinitions","name":"dce72873-c5f1-47c3-9b4f-6b8207fd5a45"},{"properties":{"displayName":"Microsoft
+ Managed Control 1264 - Contingency Plan Testing | Coordinate With Related
+ Plans","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1264"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd280d4b-50a1-42fb-a479-ece5878acf19","type":"Microsoft.Authorization/policyDefinitions","name":"dd280d4b-50a1-42fb-a479-ece5878acf19"},{"properties":{"displayName":"[Deprecated]:
Audit Web Applications that are not using custom domains","policyType":"BuiltIn","mode":"All","description":"Use
of custom domains protects a web application from common attacks such as phishing
and other DNS-related attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -6467,7 +10002,23 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''System Audit Policies - Policy Change''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPolicyChange","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd4680ed-0559-4a6a-ad10-081d14cbb484","type":"Microsoft.Authorization/policyDefinitions","name":"dd4680ed-0559-4a6a-ad10-081d14cbb484"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPolicyChange","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd4680ed-0559-4a6a-ad10-081d14cbb484","type":"Microsoft.Authorization/policyDefinitions","name":"dd4680ed-0559-4a6a-ad10-081d14cbb484"},{"properties":{"displayName":"Microsoft
+ Managed Control 1715 - Software, Firmware, And Information Integrity | Automated
+ Response To Integrity Violations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1715"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd469ae0-71a8-4adc-aafc-de6949ca3339","type":"Microsoft.Authorization/policyDefinitions","name":"dd469ae0-71a8-4adc-aafc-de6949ca3339"},{"properties":{"displayName":"Microsoft
+ Managed Control 1678 - Malicious Code Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1678"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd533cb0-b416-4be7-8e86-4d154824dfd7","type":"Microsoft.Authorization/policyDefinitions","name":"dd533cb0-b416-4be7-8e86-4d154824dfd7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1391 - Information Spillage Response | Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1391"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd6ac1a1-660e-4810-baa8-74e868e2ed47","type":"Microsoft.Authorization/policyDefinitions","name":"dd6ac1a1-660e-4810-baa8-74e868e2ed47"},{"properties":{"displayName":"Microsoft
+ Managed Control 1146 - Security Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1146"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd83410c-ecb6-4547-8f14-748c3cbdc7ac","type":"Microsoft.Authorization/policyDefinitions","name":"dd83410c-ecb6-4547-8f14-748c3cbdc7ac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1602 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1602"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ddae2e97-a449-499f-a1c8-aea4a7e52ec9","type":"Microsoft.Authorization/policyDefinitions","name":"ddae2e97-a449-499f-a1c8-aea4a7e52ec9"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Settings
- Account Policies''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -6492,9 +10043,26 @@ interactions:
''='', parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsRecoveryconsole"},"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Recovery
console: Allow floppy copy and access to all drives and all folders;ExpectedValue","value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b","type":"Microsoft.Authorization/policyDefinitions","name":"ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b"},{"properties":{"displayName":"Allow
- resource creation only in Japan data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
- resource creation in the following locations only: Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697","type":"Microsoft.Authorization/policyDefinitions","name":"e01598e8-6538-41ed-95e8-8b29746cd697"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b","type":"Microsoft.Authorization/policyDefinitions","name":"ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1689 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1689"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/de901f2f-a01a-4456-97f0-33cda7966172","type":"Microsoft.Authorization/policyDefinitions","name":"de901f2f-a01a-4456-97f0-33cda7966172"},{"properties":{"displayName":"Microsoft
+ Managed Control 1528 - Access Agreements","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1528"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/deb9797c-22f8-40e8-b342-a84003c924e6","type":"Microsoft.Authorization/policyDefinitions","name":"deb9797c-22f8-40e8-b342-a84003c924e6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1673 - Flaw Remediation | Automated Flaw Remediation Status","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1673"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dff0b90d-5a6f-491c-b2f8-b90aa402d844","type":"Microsoft.Authorization/policyDefinitions","name":"dff0b90d-5a6f-491c-b2f8-b90aa402d844"},{"properties":{"displayName":"[Deprecated]:
+ Allow resource creation only in Japan data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ resource creation in the following locations only: Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697","type":"Microsoft.Authorization/policyDefinitions","name":"e01598e8-6538-41ed-95e8-8b29746cd697"},{"properties":{"displayName":"Cosmos
+ DB should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Cosmos DB not configured to use a virtual network service
+ endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"field":"Microsoft.DocumentDB/databaseAccounts/virtualNetworkRules[*].id","exists":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9","type":"Microsoft.Authorization/policyDefinitions","name":"e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1206 - Access Restrictions For Change | Limit Production /
+ Operational Privileges","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1206"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0de232d-02a0-4652-872d-88afb4ae5e91","type":"Microsoft.Authorization/policyDefinitions","name":"e0de232d-02a0-4652-872d-88afb4ae5e91"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that do not have the specified Windows
PowerShell execution policy","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -6505,18 +10073,43 @@ interactions:
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"ExecutionPolicy":{"type":"String","metadata":{"displayName":"PowerShell
Execution Policy","description":"The expected PowerShell execution policy."},"allowedValues":["AllSigned","Bypass","Default","RemoteSigned","Restricted","Undefined","Unrestricted"]}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellExecutionPolicy","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[PowerShellExecutionPolicy]PowerShellExecutionPolicy1;ExecutionPolicy'',
- ''='', parameters(''ExecutionPolicy'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPowerShellExecutionPolicy"},"ExecutionPolicy":{"value":"[parameters(''ExecutionPolicy'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ExecutionPolicy":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellExecutionPolicy]PowerShellExecutionPolicy1;ExecutionPolicy","value":"[parameters(''ExecutionPolicy'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellExecutionPolicy]PowerShellExecutionPolicy1;ExecutionPolicy","value":"[parameters(''ExecutionPolicy'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0efc13a-122a-47c5-b817-2ccfe5d12615","type":"Microsoft.Authorization/policyDefinitions","name":"e0efc13a-122a-47c5-b817-2ccfe5d12615"},{"properties":{"displayName":"Vulnerabilities
+ ''='', parameters(''ExecutionPolicy'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPowerShellExecutionPolicy"},"ExecutionPolicy":{"value":"[parameters(''ExecutionPolicy'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ExecutionPolicy":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellExecutionPolicy]PowerShellExecutionPolicy1;ExecutionPolicy","value":"[parameters(''ExecutionPolicy'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellExecutionPolicy]PowerShellExecutionPolicy1;ExecutionPolicy","value":"[parameters(''ExecutionPolicy'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0efc13a-122a-47c5-b817-2ccfe5d12615","type":"Microsoft.Authorization/policyDefinitions","name":"e0efc13a-122a-47c5-b817-2ccfe5d12615"},{"properties":{"displayName":"Microsoft
+ Managed Control 1714 - Software, Firmware, And Information Integrity | Automated
+ Notifications Of Integrity Violations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1714"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e12494fa-b81e-4080-af71-7dbacc2da0ec","type":"Microsoft.Authorization/policyDefinitions","name":"e12494fa-b81e-4080-af71-7dbacc2da0ec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1686 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1686"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e17085c5-0be8-4423-b39b-a52d3d1402e5","type":"Microsoft.Authorization/policyDefinitions","name":"e17085c5-0be8-4423-b39b-a52d3d1402e5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1722 - Spam Protection | Automatic Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1722"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1da06bd-25b6-4127-a301-c313d6873fff","type":"Microsoft.Authorization/policyDefinitions","name":"e1da06bd-25b6-4127-a301-c313d6873fff"},{"properties":{"displayName":"Vulnerabilities
in security configuration on your machines should be remediated","policyType":"BuiltIn","mode":"All","description":"Servers
which do not satisfy the configured baseline will be monitored by Azure Security
Center as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"osVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","type":"Microsoft.Authorization/policyDefinitions","name":"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"osVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","type":"Microsoft.Authorization/policyDefinitions","name":"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15"},{"properties":{"displayName":"Microsoft
+ Managed Control 1047 - System Use Notification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1047"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62","type":"Microsoft.Authorization/policyDefinitions","name":"e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62"},{"properties":{"displayName":"Microsoft
+ Managed Control 1276 - Alternate Processing Site | Accessibility","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1276"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e214e563-1206-4a43-a56b-ac5880c9c571","type":"Microsoft.Authorization/policyDefinitions","name":"e214e563-1206-4a43-a56b-ac5880c9c571"},{"properties":{"displayName":"Microsoft
+ Managed Control 1560 - System And Services Acquisition Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1560"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e29e0915-5c2f-4d09-8806-048b749ad763","type":"Microsoft.Authorization/policyDefinitions","name":"e29e0915-5c2f-4d09-8806-048b749ad763"},{"properties":{"displayName":"Ensure
+ that ''HTTP Version'' is the latest, if used to run the Function app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for HTTP either due to security flaws or to include
+ additional functionality. Using the latest HTTP version for web apps to take
+ advantage of security fixes, if any, and/or new functionalities of the newer
+ version.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.http20Enabled","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c","type":"Microsoft.Authorization/policyDefinitions","name":"e2c1c086-2d84-4019-bff3-c44ccd95113c"},{"properties":{"displayName":"[Preview]:
Audit Dependency Agent Deployment in VMSS - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports
VMSS as non-compliant if the VM Image (OS) is not in the list defined and
the agent is not installed. The list of OS images will be updated over time
@@ -6524,7 +10117,19 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10","type":"Microsoft.Authorization/policyDefinitions","name":"e2dd799a-a932-4e9d-ac17-d473bc3c6c10"},{"properties":{"displayName":"MFA
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10","type":"Microsoft.Authorization/policyDefinitions","name":"e2dd799a-a932-4e9d-ac17-d473bc3c6c10"},{"properties":{"displayName":"Microsoft
+ Managed Control 1161 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1161"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2f8f6c6-dde4-436b-a79d-bc50e129eb3a","type":"Microsoft.Authorization/policyDefinitions","name":"e2f8f6c6-dde4-436b-a79d-bc50e129eb3a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1387 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1387"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3007185-3857-43a9-8237-06ca94f1084c","type":"Microsoft.Authorization/policyDefinitions","name":"e3007185-3857-43a9-8237-06ca94f1084c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1479 - Fire Protection | Automatic Fire Suppression","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1479"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e327b072-281d-4f75-9c28-4216e5d72f26","type":"Microsoft.Authorization/policyDefinitions","name":"e327b072-281d-4f75-9c28-4216e5d72f26"},{"properties":{"displayName":"Azure
+ VPN gateways should not use ''basic'' SKU","policyType":"BuiltIn","mode":"All","description":"This
+ policy ensures that VPN gateways do not use ''basic'' SKU.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/virtualNetworkGateways"},{"field":"Microsoft.Network/virtualNetworkGateways/gatewayType","equals":"Vpn"},{"field":"Microsoft.Network/virtualNetworkGateways/sku.tier","equals":"Basic"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e345b6c3-24bd-4c93-9bbb-7e5e49a17b78","type":"Microsoft.Authorization/policyDefinitions","name":"e345b6c3-24bd-4c93-9bbb-7e5e49a17b78"},{"properties":{"displayName":"MFA
should be enabled on accounts with read permissions on your subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor
Authentication (MFA) should be enabled for all subscription accounts with
read privileges to prevent a breach of accounts or resources.","metadata":{"category":"Security
@@ -6572,7 +10177,13 @@ interactions:
password age;ExpectedValue","value":"[parameters(''MinimumPasswordAge'')]"},{"name":"Minimum
password length;ExpectedValue","value":"[parameters(''MinimumPasswordLength'')]"},{"name":"Password
must meet complexity requirements;ExpectedValue","value":"[parameters(''PasswordMustMeetComplexityRequirements'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3d95ab7-f47a-49d8-a347-784177b6c94c","type":"Microsoft.Authorization/policyDefinitions","name":"e3d95ab7-f47a-49d8-a347-784177b6c94c"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3d95ab7-f47a-49d8-a347-784177b6c94c","type":"Microsoft.Authorization/policyDefinitions","name":"e3d95ab7-f47a-49d8-a347-784177b6c94c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1451 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1451"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3f1e5a3-25c1-4476-8cb6-3955031f8e65","type":"Microsoft.Authorization/policyDefinitions","name":"e3f1e5a3-25c1-4476-8cb6-3955031f8e65"},{"properties":{"displayName":"Microsoft
+ Managed Control 1357 - Incident Response Training | Automated Training Environments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1357"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e4213689-05e8-4241-9d4e-8dd1cdafd105","type":"Microsoft.Authorization/policyDefinitions","name":"e4213689-05e8-4241-9d4e-8dd1cdafd105"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- User Account Control''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -6604,14 +10215,36 @@ interactions:
Approval Mode;ExpectedValue","value":"[parameters(''UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode'')]"},{"name":"User
Account Control: Detect application installations and prompt for elevation;ExpectedValue","value":"[parameters(''UACDetectApplicationInstallationsAndPromptForElevation'')]"},{"name":"User
Account Control: Run all administrators in Admin Approval Mode;ExpectedValue","value":"[parameters(''UACRunAllAdministratorsInAdminApprovalMode'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e425e402-a050-45e5-b010-bd3f934589fc","type":"Microsoft.Authorization/policyDefinitions","name":"e425e402-a050-45e5-b010-bd3f934589fc"},{"properties":{"displayName":"Allowed
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e425e402-a050-45e5-b010-bd3f934589fc","type":"Microsoft.Authorization/policyDefinitions","name":"e425e402-a050-45e5-b010-bd3f934589fc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1340 - Authenticator Management | No Embedded Unencrypted
+ Static Authenticators","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1340"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e51ff84b-e5ea-408f-b651-2ecc2933e4c6","type":"Microsoft.Authorization/policyDefinitions","name":"e51ff84b-e5ea-408f-b651-2ecc2933e4c6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1381 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1381"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e5368258-9684-4567-8126-269f34e65eab","type":"Microsoft.Authorization/policyDefinitions","name":"e5368258-9684-4567-8126-269f34e65eab"},{"properties":{"displayName":"Microsoft
+ Managed Control 1421 - Maintenance Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1421"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e539caaa-da8c-41b8-9e1e-449851e2f7a6","type":"Microsoft.Authorization/policyDefinitions","name":"e539caaa-da8c-41b8-9e1e-449851e2f7a6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1716 - Software, Firmware, And Information Integrity | Integration
+ Of Detection And Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1716"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e54c325e-42a0-4dcf-b105-046e0f6f590f","type":"Microsoft.Authorization/policyDefinitions","name":"e54c325e-42a0-4dcf-b105-046e0f6f590f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1023 - Account Management | Usage Conditions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1023"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e55698b6-3dea-4aa9-99b9-d8218c6ab6e5","type":"Microsoft.Authorization/policyDefinitions","name":"e55698b6-3dea-4aa9-99b9-d8218c6ab6e5"},{"properties":{"displayName":"Allowed
locations","policyType":"BuiltIn","mode":"Indexed","description":"This policy
enables you to restrict the locations your organization can specify when deploying
resources. Use to enforce your geo-compliance requirements. Excludes resource
groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources that
use the ''global'' region.","metadata":{"category":"General"},"parameters":{"listOfAllowedLocations":{"type":"Array","metadata":{"description":"The
list of locations that can be specified when deploying resources.","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"allOf":[{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"},{"field":"location","notEquals":"global"},{"field":"type","notEquals":"Microsoft.AzureActiveDirectory/b2cDirectories"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","type":"Microsoft.Authorization/policyDefinitions","name":"e56962a6-4747-49cd-b67b-bf8b01975c4c"},{"properties":{"displayName":"[Preview]:
+ locations"}}},"policyRule":{"if":{"allOf":[{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"},{"field":"location","notEquals":"global"},{"field":"type","notEquals":"Microsoft.AzureActiveDirectory/b2cDirectories"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","type":"Microsoft.Authorization/policyDefinitions","name":"e56962a6-4747-49cd-b67b-bf8b01975c4c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1296 - Information System Recovery And Reconstitution | Transaction
+ Recovery","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1296"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e57b98a0-a011-4956-a79d-5d17ed8b8e48","type":"Microsoft.Authorization/policyDefinitions","name":"e57b98a0-a011-4956-a79d-5d17ed8b8e48"},{"properties":{"displayName":"Microsoft
+ Managed Control 1499 - Rules Of Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1499"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e59671ab-9720-4ee2-9c60-170e8c82251e","type":"Microsoft.Authorization/policyDefinitions","name":"e59671ab-9720-4ee2-9c60-170e8c82251e"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Accounts''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -6631,29 +10264,49 @@ interactions:
the latest supported Node.js version for the latest security classes. Using
older classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestNodeJS","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008","type":"Microsoft.Authorization/policyDefinitions","name":"e67687e8-08d5-4e7f-8226-5b4753bba008"},{"properties":{"displayName":"Subnets
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestNodeJS","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008","type":"Microsoft.Authorization/policyDefinitions","name":"e67687e8-08d5-4e7f-8226-5b4753bba008"},{"properties":{"displayName":"Microsoft
+ Managed Control 1465 - Monitoring Physical Access | Monitoring Physical Access
+ To Information Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1465"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e6e41554-86b5-4537-9f7f-4fc41a1d1640","type":"Microsoft.Authorization/policyDefinitions","name":"e6e41554-86b5-4537-9f7f-4fc41a1d1640"},{"properties":{"displayName":"Subnets
should be associated with a Network Security Group","policyType":"BuiltIn","mode":"All","description":"Protect
your subnet from potential threats by restricting access to it with a Network
Security Group (NSG). NSGs contain a list of Access Control List (ACL) rules
that allow or deny network traffic to your subnet.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnSubnets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","type":"Microsoft.Authorization/policyDefinitions","name":"e71308d3-144b-4262-b144-efdc3cc90517"},{"properties":{"displayName":"Advanced
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnSubnets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","type":"Microsoft.Authorization/policyDefinitions","name":"e71308d3-144b-4262-b144-efdc3cc90517"},{"properties":{"displayName":"Microsoft
+ Managed Control 1567 - System Development Life Cycle","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1567"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e72edbf6-aa61-436d-a227-0f32b77194b3","type":"Microsoft.Authorization/policyDefinitions","name":"e72edbf6-aa61-436d-a227-0f32b77194b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1311 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1311"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e7568697-0c9e-4ea3-9cec-9e567d14f3c6","type":"Microsoft.Authorization/policyDefinitions","name":"e7568697-0c9e-4ea3-9cec-9e567d14f3c6"},{"properties":{"displayName":"Advanced
Threat Protection types should be set to ''All'' in SQL server Advanced Data
Security settings","policyType":"BuiltIn","mode":"Indexed","description":"It
is recommended to enable all Advanced Threat Protection types on your SQL
servers. Enabling all types protects against SQL injection, database vulnerabilities,
and any other anomalous activities.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/disabledAlerts[*]","equals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","type":"Microsoft.Authorization/policyDefinitions","name":"e756b945-1b1b-480b-8de8-9a0859d5f7ad"},{"properties":{"displayName":"Allowed
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/disabledAlerts[*]","equals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","type":"Microsoft.Authorization/policyDefinitions","name":"e756b945-1b1b-480b-8de8-9a0859d5f7ad"},{"properties":{"displayName":"Microsoft
+ Managed Control 1154 - System Interconnections | Unclassified Non-National
+ Security System Connections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1154"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e757ceb9-93b3-45fe-a4f4-f43f64f1ac5a","type":"Microsoft.Authorization/policyDefinitions","name":"e757ceb9-93b3-45fe-a4f4-f43f64f1ac5a"},{"properties":{"displayName":"Allowed
locations for resource groups","policyType":"BuiltIn","mode":"All","description":"This
policy enables you to restrict the locations your organization can create
resource groups in. Use to enforce your geo-compliance requirements.","metadata":{"category":"General"},"parameters":{"listOfAllowedLocations":{"type":"Array","metadata":{"description":"The
list of locations that resource groups can be created in.","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"allOf":[{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"},{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988","type":"Microsoft.Authorization/policyDefinitions","name":"e765b5de-1225-4ba3-bd56-1ac6695af988"},{"properties":{"displayName":"[Deprecated]:
+ locations"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988","type":"Microsoft.Authorization/policyDefinitions","name":"e765b5de-1225-4ba3-bd56-1ac6695af988"},{"properties":{"displayName":"Microsoft
+ Managed Control 1273 - Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1273"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e77fcbf2-a1e8-44f1-860e-ed6583761e65","type":"Microsoft.Authorization/policyDefinitions","name":"e77fcbf2-a1e8-44f1-860e-ed6583761e65"},{"properties":{"displayName":"[Deprecated]:
Audit Web Sockets state for a Web Application","policyType":"BuiltIn","mode":"All","description":"The
Web Sockets protocol is vulnerable to different types of security threats.
Use of Web Sockets within a web application must be carefully reviewed.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e","type":"Microsoft.Authorization/policyDefinitions","name":"e797f851-8be7-4c40-bb56-2e3395215b0e"},{"properties":{"displayName":"Enforce
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e","type":"Microsoft.Authorization/policyDefinitions","name":"e797f851-8be7-4c40-bb56-2e3395215b0e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1169 - Continuous Monitoring | Trend Analyses","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1169"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e7ba2cb3-5675-4468-8b50-8486bdd998a5","type":"Microsoft.Authorization/policyDefinitions","name":"e7ba2cb3-5675-4468-8b50-8486bdd998a5"},{"properties":{"displayName":"Enforce
SSL connection should be enabled for MySQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any MySQL server that is not enforcing SSL connection. Azure
Database for MySQL supports connecting your Azure Database for MySQL server
@@ -6661,16 +10314,97 @@ interactions:
between your database server and your client applications helps protect against
''man in the middle'' attacks by encrypting the data stream between the server
and your application.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMySQL/servers"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","type":"Microsoft.Authorization/policyDefinitions","name":"e802a67a-daf5-4436-9ea6-f6d821dd0c5d"},{"properties":{"displayName":"Vulnerabilities
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMySQL/servers"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","type":"Microsoft.Authorization/policyDefinitions","name":"e802a67a-daf5-4436-9ea6-f6d821dd0c5d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1237 - Software Usage Restrictions | Open Source Software","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1237"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e80b6812-0bfa-4383-8223-cdd86a46a890","type":"Microsoft.Authorization/policyDefinitions","name":"e80b6812-0bfa-4383-8223-cdd86a46a890"},{"properties":{"displayName":"Vulnerabilities
in container security configurations should be remediated","policyType":"BuiltIn","mode":"All","description":"Audit
vulnerabilities in security configuration on machines with Docker installed
and display as recommendations in Azure Security Center.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ContainerBenchmark","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","type":"Microsoft.Authorization/policyDefinitions","name":"e8cbc669-f12d-49eb-93e7-9273119e9933"},{"properties":{"displayName":"Remote
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ContainerBenchmark","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","type":"Microsoft.Authorization/policyDefinitions","name":"e8cbc669-f12d-49eb-93e7-9273119e9933"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Data Lake Storage Gen1 to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Storage Gen1 to stream to a regional
+ Event Hub when any Data Lake Storage Gen1 which is missing this diagnostic
+ settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeStore/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e8d096bc-85de-4c5f-8cfb-857bd1b9d62d","type":"Microsoft.Authorization/policyDefinitions","name":"e8d096bc-85de-4c5f-8cfb-857bd1b9d62d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1626 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1626"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e8f6bddd-6d67-439a-88d4-c5fe39a79341","type":"Microsoft.Authorization/policyDefinitions","name":"e8f6bddd-6d67-439a-88d4-c5fe39a79341"},{"properties":{"displayName":"Microsoft
+ Managed Control 1502 - Rules Of Behavior | Social Media And Networking Restrictions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1502"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e901375c-8f01-4ac8-9183-d5312f47fe63","type":"Microsoft.Authorization/policyDefinitions","name":"e901375c-8f01-4ac8-9183-d5312f47fe63"},{"properties":{"displayName":"Microsoft
+ Managed Control 1723 - Information Input Validation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1723"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e91927a0-ac1d-44a0-95f8-5185f9dfce9f","type":"Microsoft.Authorization/policyDefinitions","name":"e91927a0-ac1d-44a0-95f8-5185f9dfce9f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1200 - Security Impact Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1200"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e98fe9d7-2ed3-44f8-93b7-24dca69783ff","type":"Microsoft.Authorization/policyDefinitions","name":"e98fe9d7-2ed3-44f8-93b7-24dca69783ff"},{"properties":{"displayName":"Microsoft
+ Managed Control 1487 - Alternate Work Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1487"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e9c3371d-c30c-4f58-abd9-30b8a8199571","type":"Microsoft.Authorization/policyDefinitions","name":"e9c3371d-c30c-4f58-abd9-30b8a8199571"},{"properties":{"displayName":"Remote
debugging should be turned off for API Apps","policyType":"BuiltIn","mode":"Indexed","description":"Remote
debugging requires inbound ports to be opened on an API apps. Remote debugging
should be turned off.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","type":"Microsoft.Authorization/policyDefinitions","name":"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e"},{"properties":{"displayName":"Deprecated
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","type":"Microsoft.Authorization/policyDefinitions","name":"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1363 - Incident Handling | Automated Incident Handling Processes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1363"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ea3e8156-89a1-45b1-8bd6-938abc79fdfd","type":"Microsoft.Authorization/policyDefinitions","name":"ea3e8156-89a1-45b1-8bd6-938abc79fdfd"},{"properties":{"displayName":"Inherit
+ a tag from the resource group if missing","policyType":"BuiltIn","mode":"Indexed","description":"Adds
+ the specified tag with its value from the parent resource group when any resource
+ missing this tag is created or updated. Existing resources can be remediated
+ by triggering a remediation task. If the tag exists with a different value
+ it will not be changed.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"allOf":[{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","exists":"false"},{"value":"[resourceGroup().tags[parameters(''tagName'')]]","notEquals":""}]},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"add","field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","value":"[resourceGroup().tags[parameters(''tagName'')]]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ea3f2387-9b95-492a-a190-fcdc54f7b070","type":"Microsoft.Authorization/policyDefinitions","name":"ea3f2387-9b95-492a-a190-fcdc54f7b070"},{"properties":{"displayName":"Key
+ Vault should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Key Vault not configured to use a virtual network service
+ endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"anyOf":[{"field":"Microsoft.KeyVault/vaults/networkAcls.defaultAction","notEquals":"Deny"},{"field":"Microsoft.KeyVault/vaults/networkAcls.virtualNetworkRules[*].id","exists":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ea4d6841-2173-4317-9747-ff522a45120f","type":"Microsoft.Authorization/policyDefinitions","name":"ea4d6841-2173-4317-9747-ff522a45120f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1422 - Maintenance Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1422"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ea556850-838d-4a37-8ce5-9d7642f95e11","type":"Microsoft.Authorization/policyDefinitions","name":"ea556850-838d-4a37-8ce5-9d7642f95e11"},{"properties":{"displayName":"Microsoft
+ Managed Control 1542 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1542"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eab340d0-3d55-4826-a0e5-feebfeb0131d","type":"Microsoft.Authorization/policyDefinitions","name":"eab340d0-3d55-4826-a0e5-feebfeb0131d"},{"properties":{"displayName":"Ensure
+ Function app has ''Client Certificates (Incoming client certificates)'' set
+ to ''On''","policyType":"BuiltIn","mode":"Indexed","description":"Client certificates
+ allow for the app to request a certificate for incoming requests. Only clients
+ that have a valid certificate will be able to reach the app.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"},{"field":"Microsoft.Web/sites/clientCertEnabled","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c","type":"Microsoft.Authorization/policyDefinitions","name":"eaebaea7-8013-4ceb-9d14-7eb32271373c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1064 - Remote Access | Privileged Commands / Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1064"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eb4d9508-cbf0-4a3c-bb5c-6c95b159f3fb","type":"Microsoft.Authorization/policyDefinitions","name":"eb4d9508-cbf0-4a3c-bb5c-6c95b159f3fb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1321 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1321"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eb627cc6-3a9d-46b5-96b7-5fca49178a37","type":"Microsoft.Authorization/policyDefinitions","name":"eb627cc6-3a9d-46b5-96b7-5fca49178a37"},{"properties":{"displayName":"Log
+ checkpoints should be enabled for PostgreSQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy helps audit any PostgreSQL databases in your environment without log_checkpoints
+ setting enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"log_checkpoints","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d","type":"Microsoft.Authorization/policyDefinitions","name":"eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d"},{"properties":{"displayName":"Log
+ connections should be enabled for PostgreSQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy helps audit any PostgreSQL databases in your environment without log_connections
+ setting enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"log_connections","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e442","type":"Microsoft.Authorization/policyDefinitions","name":"eb6f77b9-bd53-4e35-a23d-7f65d5f0e442"},{"properties":{"displayName":"Disconnections
+ should be logged for PostgreSQL database servers.","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy helps audit any PostgreSQL databases in your environment without log_disconnections
+ enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"log_disconnections","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e446","type":"Microsoft.Authorization/policyDefinitions","name":"eb6f77b9-bd53-4e35-a23d-7f65d5f0e446"},{"properties":{"displayName":"Log
+ duration should be enabled for PostgreSQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy helps audit any PostgreSQL databases in your environment without log_duration
+ setting enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"log_duration","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e8f3","type":"Microsoft.Authorization/policyDefinitions","name":"eb6f77b9-bd53-4e35-a23d-7f65d5f0e8f3"},{"properties":{"displayName":"Deprecated
accounts with owner permissions should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"Deprecated
accounts with owner permissions should be removed from your subscription. Deprecated
accounts are accounts that have been blocked from signing in.","metadata":{"category":"Security
@@ -6684,13 +10418,13 @@ interactions:
Configuration. This policy should only be used along with its corresponding
audit policy in an initiative. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid110"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid110"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","type":"Microsoft.Authorization/policyDefinitions","name":"ec49586f-4939-402d-a29e-6ff502b20592"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Administrative
Templates - Control Panel''","policyType":"BuiltIn","mode":"Indexed","description":"This
@@ -6702,7 +10436,13 @@ interactions:
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesControlPanel","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_AdministrativeTemplatesControlPanel"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ec7ac234-2af5-4729-94d2-c557c071799d","type":"Microsoft.Authorization/policyDefinitions","name":"ec7ac234-2af5-4729-94d2-c557c071799d"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ec7ac234-2af5-4729-94d2-c557c071799d","type":"Microsoft.Authorization/policyDefinitions","name":"ec7ac234-2af5-4729-94d2-c557c071799d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1241 - User-Installed Software | Alerts For Unauthorized Installations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1241"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eca4d7b2-65e2-4e04-95d4-c68606b063c3","type":"Microsoft.Authorization/policyDefinitions","name":"eca4d7b2-65e2-4e04-95d4-c68606b063c3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1622 - Boundary Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1622"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ecf56554-164d-499a-8d00-206b07c27bed","type":"Microsoft.Authorization/policyDefinitions","name":"ecf56554-164d-499a-8d00-206b07c27bed"},{"properties":{"displayName":"Deploy
Diagnostic Settings for Key Vault to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
the diagnostic settings for Key Vault to stream to a regional Event Hub when
any Key Vault which is missing this diagnostic settings is created or updated.","metadata":{"category":"Key
@@ -6718,12 +10458,78 @@ interactions:
logs","description":"Whether to enable logs stream to the Event Hub - True
or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vaultName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"resources":[{"type":"Microsoft.KeyVault/vaults/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''vaultName''),
''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"AuditEvent","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- diagnostic settings for '', parameters(''vaultName''))]"}}},"parameters":{"location":{"value":"[field(''location'')]"},"vaultName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ed7c8c13-51e7-49d1-8a43-8490431a0da2","type":"Microsoft.Authorization/policyDefinitions","name":"ed7c8c13-51e7-49d1-8a43-8490431a0da2"},{"properties":{"displayName":"Vulnerability
+ diagnostic settings for '', parameters(''vaultName''))]"}}},"parameters":{"location":{"value":"[field(''location'')]"},"vaultName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ed7c8c13-51e7-49d1-8a43-8490431a0da2","type":"Microsoft.Authorization/policyDefinitions","name":"ed7c8c13-51e7-49d1-8a43-8490431a0da2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1217 - Least Functionality | Periodic Review","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1217"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/edea4f20-b02c-4115-be75-86c080e5c0ed","type":"Microsoft.Authorization/policyDefinitions","name":"edea4f20-b02c-4115-be75-86c080e5c0ed"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Stream Analytics to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Stream Analytics to stream to a regional Event
+ Hub when any Stream Analytics which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingjobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.StreamAnalytics/streamingjobs/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Execution","enabled":"[parameters(''logsEnabled'')]"},{"category":"Authoring","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/edf3780c-3d70-40fe-b17e-ab72013dafca","type":"Microsoft.Authorization/policyDefinitions","name":"edf3780c-3d70-40fe-b17e-ab72013dafca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1189 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1189"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ee45e02a-4140-416c-82c4-fecfea660b9d","type":"Microsoft.Authorization/policyDefinitions","name":"ee45e02a-4140-416c-82c4-fecfea660b9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1089 - Security Awareness Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1089"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef080e67-0d1a-4f76-a0c5-fb9b0358485e","type":"Microsoft.Authorization/policyDefinitions","name":"ef080e67-0d1a-4f76-a0c5-fb9b0358485e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1314 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1314"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef0c8530-efd9-45b8-b753-f03083d06295","type":"Microsoft.Authorization/policyDefinitions","name":"ef0c8530-efd9-45b8-b753-f03083d06295"},{"properties":{"displayName":"Microsoft
+ Managed Control 1128 - Time Stamps","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1128"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef212163-3bc4-4e86-bcf8-705127086393","type":"Microsoft.Authorization/policyDefinitions","name":"ef212163-3bc4-4e86-bcf8-705127086393"},{"properties":{"displayName":"Vulnerability
assessment should be enabled on your SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"Audit
Azure SQL servers which do not have recurring vulnerability assessment scans
enabled. Vulnerability assessment can discover, track, and help you remediate
potential database vulnerabilities.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/vulnerabilityAssessments/recurringScans.isEnabled","equals":"True"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","type":"Microsoft.Authorization/policyDefinitions","name":"ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Event Hub to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Event Hub to stream to a regional Event Hub when
+ any Event Hub which is missing this diagnostic settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.EventHub/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ArchiveLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"AutoScaleLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"KafkaCoordinatorLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"EventHubVNetConnectionEvent","enabled":"[parameters(''logsEnabled'')]"},{"category":"CustomerManagedKeyUserLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef7b61ef-b8e4-4c91-8e78-6946c6b0023f","type":"Microsoft.Authorization/policyDefinitions","name":"ef7b61ef-b8e4-4c91-8e78-6946c6b0023f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1472 - Emergency Shutoff","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1472"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef869332-921d-4c28-9402-3be73e6e50c8","type":"Microsoft.Authorization/policyDefinitions","name":"ef869332-921d-4c28-9402-3be73e6e50c8"},{"properties":{"displayName":"The
+ Log Analytics agent should be installed on Virtual Machine Scale Sets","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Windows/Linux Virtual Machine Scale Sets if the Log Analytics
+ agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","in":["MicrosoftMonitoringAgent","OmsAgentForLinux"]},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/provisioningState","equals":"Succeeded"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/settings.workspaceId","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf","type":"Microsoft.Authorization/policyDefinitions","name":"efbde977-ba53-4479-b8e9-10b957924fbf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1012 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1012"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/efd7b9ae-1db6-4eb6-b0fe-87e6565f9738","type":"Microsoft.Authorization/policyDefinitions","name":"efd7b9ae-1db6-4eb6-b0fe-87e6565f9738"},{"properties":{"displayName":"Microsoft
+ Managed Control 1358 - Incident Response Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1358"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/effbaeef-5bf4-400d-895e-ef8cbc0e64c7","type":"Microsoft.Authorization/policyDefinitions","name":"effbaeef-5bf4-400d-895e-ef8cbc0e64c7"},{"properties":{"displayName":"Ensure
+ that Register with Azure Active Directory is enabled on Function App","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0473e7a-a1ba-4e86-afb2-e829e11b01d8","type":"Microsoft.Authorization/policyDefinitions","name":"f0473e7a-a1ba-4e86-afb2-e829e11b01d8"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that have the specified applications installed","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
that have the specified applications installed. It also creates a system-assigned
@@ -6735,14 +10541,30 @@ interactions:
names of the applications that should not be installed. e.g. ''Microsoft SQL
Server 2014 (64-bit); Microsoft Visual Studio Code'' or ''Microsoft SQL Server
2014*'' (to match any application starting with ''Microsoft SQL Server 2014'')"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"NotInstalledApplication","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[InstalledApplication]NotInstalledApplicationResource1;Name'',
- ''='', parameters(''ApplicationName'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"NotInstalledApplication"},"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ApplicationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]NotInstalledApplicationResource1;Name","value":"[parameters(''ApplicationName'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]NotInstalledApplicationResource1;Name","value":"[parameters(''ApplicationName'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2","type":"Microsoft.Authorization/policyDefinitions","name":"f0633351-c7b2-41ff-9981-508fc08553c2"},{"properties":{"displayName":"[Preview]:
+ ''='', parameters(''ApplicationName'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"NotInstalledApplication"},"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ApplicationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]NotInstalledApplicationResource1;Name","value":"[parameters(''ApplicationName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]NotInstalledApplicationResource1;Name","value":"[parameters(''ApplicationName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2","type":"Microsoft.Authorization/policyDefinitions","name":"f0633351-c7b2-41ff-9981-508fc08553c2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1531 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1531"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0643e0c-eee5-4113-8684-c608d05c5236","type":"Microsoft.Authorization/policyDefinitions","name":"f0643e0c-eee5-4113-8684-c608d05c5236"},{"properties":{"displayName":"Latest
+ TLS version should be used in your Web App","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
+ to the latest TLS version","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","type":"Microsoft.Authorization/policyDefinitions","name":"f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1028 - Information Flow Enforcement","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1028"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f171df5c-921b-41e9-b12b-50801c315475","type":"Microsoft.Authorization/policyDefinitions","name":"f171df5c-921b-41e9-b12b-50801c315475"},{"properties":{"displayName":"Virtual
+ networks should use specified virtual network gateway","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any virtual network if the default route does not point to the
+ specified virtual network gateway.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"virtualNetworkGatewayId":{"type":"String","metadata":{"displayName":"Virtual
+ network gateway Id","description":"Resource Id of the virtual network gateway.
+ Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroup/providers/Microsoft.Network/virtualNetworkGateways/Name"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/virtualNetworks"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Network/virtualNetworks/subnets","name":"GatewaySubnet","existenceCondition":{"not":{"field":"Microsoft.Network/virtualNetworks/subnets/ipConfigurations[*].id","notContains":"[concat(parameters(''virtualNetworkGatewayId''),
+ ''/'')]"}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f1776c76-f58c-4245-a8d0-2b207198dc8b","type":"Microsoft.Authorization/policyDefinitions","name":"f1776c76-f58c-4245-a8d0-2b207198dc8b"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Linux VMs that do not have the passwd file permissions
set to 0644","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Linux virtual machines that
@@ -6750,13 +10572,13 @@ interactions:
managed identity and deploys the VM extension for Guest Configuration. This
policy should only be used along with its corresponding audit policy in an
initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid121"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid121"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","type":"Microsoft.Authorization/policyDefinitions","name":"f19aa1c1-6b91-4c27-ae6a-970279f03db9"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Adminstrative
Templates - MSS (Legacy)''","policyType":"BuiltIn","mode":"Indexed","description":"This
@@ -6768,7 +10590,24 @@ interactions:
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdminstrativeTemplatesMSSLegacy","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_AdminstrativeTemplatesMSSLegacy"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f1f4825d-58fb-4257-8016-8c00e3c9ed9d","type":"Microsoft.Authorization/policyDefinitions","name":"f1f4825d-58fb-4257-8016-8c00e3c9ed9d"},{"properties":{"displayName":"Show
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f1f4825d-58fb-4257-8016-8c00e3c9ed9d","type":"Microsoft.Authorization/policyDefinitions","name":"f1f4825d-58fb-4257-8016-8c00e3c9ed9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1701 - Information System Monitoring | Host-Based Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1701"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f25bc08f-27cb-43b6-9a23-014d00700426","type":"Microsoft.Authorization/policyDefinitions","name":"f25bc08f-27cb-43b6-9a23-014d00700426"},{"properties":{"displayName":"Microsoft
+ Managed Control 1457 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1457"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f2d9d3e6-8886-4305-865d-639163e5c305","type":"Microsoft.Authorization/policyDefinitions","name":"f2d9d3e6-8886-4305-865d-639163e5c305"},{"properties":{"displayName":"Microsoft
+ Managed Control 1309 - Identification And Authentication (Org. Users) | Acceptance
+ Of Piv Credentials","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1309"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f355d62b-39a8-4ba3-abf7-90f71cb3b000","type":"Microsoft.Authorization/policyDefinitions","name":"f355d62b-39a8-4ba3-abf7-90f71cb3b000"},{"properties":{"displayName":"Microsoft
+ Managed Control 1615 - System And Communications Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1615"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f35e02aa-0a55-49f8-8811-8abfa7e6f2c0","type":"Microsoft.Authorization/policyDefinitions","name":"f35e02aa-0a55-49f8-8811-8abfa7e6f2c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1255 - Contingency Plan | Continue Essential Missions / Business
+ Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1255"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f3793f5e-937f-44f7-bfba-40647ef3efa0","type":"Microsoft.Authorization/policyDefinitions","name":"f3793f5e-937f-44f7-bfba-40647ef3efa0"},{"properties":{"displayName":"Show
audit results from Windows VMs in which the Administrators group does not
contain all of the specified members","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -6784,7 +10623,10 @@ interactions:
VMs that do not contain the specified certificates in the Trusted Root Certification
Authorities certificate store (Cert:\\LocalMachine\\Root). For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsCertificateInTrustedRoot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f3b9ad83-000d-4dc1-bff0-6d54533dd03f","type":"Microsoft.Authorization/policyDefinitions","name":"f3b9ad83-000d-4dc1-bff0-6d54533dd03f"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsCertificateInTrustedRoot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f3b9ad83-000d-4dc1-bff0-6d54533dd03f","type":"Microsoft.Authorization/policyDefinitions","name":"f3b9ad83-000d-4dc1-bff0-6d54533dd03f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1706 - Security Alerts, Advisories, And Directives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1706"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f475ee0e-f560-4c9b-876b-04a77460a404","type":"Microsoft.Authorization/policyDefinitions","name":"f475ee0e-f560-4c9b-876b-04a77460a404"},{"properties":{"displayName":"[Preview]:
Audit Log Analytics Workspace for VM - Report Mismatch","policyType":"BuiltIn","mode":"Indexed","description":"Reports
VMs as non-compliant if they not logging to the LA workspace specified in
the policy/initiative assignment.","metadata":{"category":"Monitoring"},"parameters":{"logAnalyticsWorkspaceId":{"type":"String","metadata":{"displayName":"Log
@@ -6801,7 +10643,9 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that do not have the password complexity setting enabled.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","type":"Microsoft.Authorization/policyDefinitions","name":"f48b2913-1dc5-4834-8c72-ccc1dfd819bb"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","type":"Microsoft.Authorization/policyDefinitions","name":"f48b2913-1dc5-4834-8c72-ccc1dfd819bb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1495 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1495"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f4978d0e-a596-48e7-9f8c-bbf52554ce8d","type":"Microsoft.Authorization/policyDefinitions","name":"f4978d0e-a596-48e7-9f8c-bbf52554ce8d"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that have not restarted within the
specified number of days","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -6813,13 +10657,13 @@ interactions:
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"NumberOfDays":{"type":"String","metadata":{"displayName":"Number
of days","description":"The number of days without restart until the machine
is considered non-compliant"},"defaultValue":"12"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MachineLastBootUpTime","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[MachineUpTime]MachineLastBootUpTime;NumberOfDays'',
- ''='', parameters(''NumberOfDays'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MachineLastBootUpTime"},"NumberOfDays":{"value":"[parameters(''NumberOfDays'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"NumberOfDays":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[MachineUpTime]MachineLastBootUpTime;NumberOfDays","value":"[parameters(''NumberOfDays'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[MachineUpTime]MachineLastBootUpTime;NumberOfDays","value":"[parameters(''NumberOfDays'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''='', parameters(''NumberOfDays'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MachineLastBootUpTime"},"NumberOfDays":{"value":"[parameters(''NumberOfDays'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"NumberOfDays":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[MachineUpTime]MachineLastBootUpTime;NumberOfDays","value":"[parameters(''NumberOfDays'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[MachineUpTime]MachineLastBootUpTime;NumberOfDays","value":"[parameters(''NumberOfDays'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f4b245d4-46c9-42be-9b1a-49e2b5b94194","type":"Microsoft.Authorization/policyDefinitions","name":"f4b245d4-46c9-42be-9b1a-49e2b5b94194"},{"properties":{"displayName":"Deploy
Auditing on SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy ensures that Auditing is enabled on SQL Servers for enhanced security
@@ -6836,7 +10680,13 @@ interactions:
0, 3)]","storageName":"[tolower(concat(''sqlaudit'', variables(''locationCode''),
variables(''uniqueStorage'')))]","createStorageAccountDeploymentName":"[concat(''sqlServerAuditingStorageAccount-'',
uniqueString(variables(''locationCode''), parameters(''serverName'')))]"},"resources":[{"apiVersion":"2017-05-10","name":"[variables(''createStorageAccountDeploymentName'')]","type":"Microsoft.Resources/deployments","resourceGroup":"[parameters(''storageAccountsResourceGroup'')]","properties":{"mode":"Incremental","parameters":{"location":{"value":"[parameters(''location'')]"},"storageName":{"value":"[variables(''storageName'')]"}},"templateLink":{"uri":"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json","contentVersion":"1.0.0.0"}}},{"name":"[concat(parameters(''serverName''),
- ''/Default'')]","type":"Microsoft.Sql/servers/auditingSettings","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","storageEndpoint":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountEndPoint.value]","storageAccountAccessKey":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountKey.value]","retentionDays":"[variables(''retentionDays'')]","auditActionsAndGroups":null,"storageAccountSubscriptionId":"[subscription().subscriptionId]","isStorageSecondaryKeyInUse":false}}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"auditRetentionDays":{"value":"[parameters(''retentionDays'')]"},"storageAccountsResourceGroup":{"value":"[parameters(''storageAccountsResourceGroup'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036","type":"Microsoft.Authorization/policyDefinitions","name":"f4c68484-132f-41f9-9b6d-3e4b1cb55036"},{"properties":{"displayName":"[Preview]:
+ ''/Default'')]","type":"Microsoft.Sql/servers/auditingSettings","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","storageEndpoint":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountEndPoint.value]","storageAccountAccessKey":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountKey.value]","retentionDays":"[variables(''retentionDays'')]","auditActionsAndGroups":null,"storageAccountSubscriptionId":"[subscription().subscriptionId]","isStorageSecondaryKeyInUse":false}}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"auditRetentionDays":{"value":"[parameters(''retentionDays'')]"},"storageAccountsResourceGroup":{"value":"[parameters(''storageAccountsResourceGroup'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036","type":"Microsoft.Authorization/policyDefinitions","name":"f4c68484-132f-41f9-9b6d-3e4b1cb55036"},{"properties":{"displayName":"Microsoft
+ Managed Control 1469 - Power Equipment And Cabling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1469"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd","type":"Microsoft.Authorization/policyDefinitions","name":"f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1618 - Security Function Isolation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1618"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f52f89aa-4489-4ec4-950e-8c96a036baa9","type":"Microsoft.Authorization/policyDefinitions","name":"f52f89aa-4489-4ec4-950e-8c96a036baa9"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Network Access''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -6872,13 +10722,42 @@ interactions:
access: Remotely accessible registry paths;ExpectedValue","value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPaths'')]"},{"name":"Network
access: Remotely accessible registry paths and sub-paths;ExpectedValue","value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths'')]"},{"name":"Network
access: Shares that can be accessed anonymously;ExpectedValue","value":"[parameters(''NetworkAccessSharesThatCanBeAccessedAnonymously'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f56a3ab2-89d1-44de-ac0d-2ada5962e22a","type":"Microsoft.Authorization/policyDefinitions","name":"f56a3ab2-89d1-44de-ac0d-2ada5962e22a"},{"properties":{"displayName":"Virtual
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f56a3ab2-89d1-44de-ac0d-2ada5962e22a","type":"Microsoft.Authorization/policyDefinitions","name":"f56a3ab2-89d1-44de-ac0d-2ada5962e22a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1198 - Configuration Change Control | Security Representative","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1198"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f56be5c3-660b-4c61-9078-f67cf072c356","type":"Microsoft.Authorization/policyDefinitions","name":"f56be5c3-660b-4c61-9078-f67cf072c356"},{"properties":{"displayName":"Microsoft
+ Managed Control 1328 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1328"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f5c66fdc-3d02-4034-9db5-ba57802609de","type":"Microsoft.Authorization/policyDefinitions","name":"f5c66fdc-3d02-4034-9db5-ba57802609de"},{"properties":{"displayName":"Microsoft
+ Managed Control 1193 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1193"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f5fd629f-3075-4cae-ab53-bad65495a4ac","type":"Microsoft.Authorization/policyDefinitions","name":"f5fd629f-3075-4cae-ab53-bad65495a4ac"},{"properties":{"displayName":"Virtual
machines should be associated with a Network Security Group","policyType":"BuiltIn","mode":"All","description":"Protect
your VM from potential threats by restricting access to it with a Network
Security Group (NSG). NSGs contain a list of Access Control List (ACL) rules
that allow or deny network traffic to your VM from other instances, in or
outside the same subnet.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnVirtualMachines","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","type":"Microsoft.Authorization/policyDefinitions","name":"f6de0be7-9a8a-4b8a-b349-43cf02d22f7c"},{"properties":{"displayName":"Show
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnVirtualMachines","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","type":"Microsoft.Authorization/policyDefinitions","name":"f6de0be7-9a8a-4b8a-b349-43cf02d22f7c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1214 - Least Functionality","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1214"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f714a4e2-b580-47b6-ae8c-f2812d3750f3","type":"Microsoft.Authorization/policyDefinitions","name":"f714a4e2-b580-47b6-ae8c-f2812d3750f3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1591 - External Information System Services | Ident. Of Functions
+ / Ports / Protocols / Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1591"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f751cdb7-fbee-406b-969b-815d367cb9b3","type":"Microsoft.Authorization/policyDefinitions","name":"f751cdb7-fbee-406b-969b-815d367cb9b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1330 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1330"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f75cedb2-5def-4b31-973e-b69e8c7bd031","type":"Microsoft.Authorization/policyDefinitions","name":"f75cedb2-5def-4b31-973e-b69e8c7bd031"},{"properties":{"displayName":"Microsoft
+ Managed Control 1540 - Security Categorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1540"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f771f8cb-6642-45cc-9a15-8a41cd5c6977","type":"Microsoft.Authorization/policyDefinitions","name":"f771f8cb-6642-45cc-9a15-8a41cd5c6977"},{"properties":{"displayName":"Microsoft
+ Managed Control 1449 - Physical Access Authorizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1449"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f784d3b0-5f2b-49b7-b9f3-00ba8653ced5","type":"Microsoft.Authorization/policyDefinitions","name":"f784d3b0-5f2b-49b7-b9f3-00ba8653ced5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1506 - Personnel Security Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1506"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f7d2ff17-d604-4dd9-b607-9ecf63f28ad2","type":"Microsoft.Authorization/policyDefinitions","name":"f7d2ff17-d604-4dd9-b607-9ecf63f28ad2"},{"properties":{"displayName":"Show
audit results from Windows VMs that do not have the specified Windows PowerShell
execution policy","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -6886,11 +10765,20 @@ interactions:
auditing Windows virtual machines where Windows PowerShell is not configured
to use the specified PowerShell execution policy. For more information on
Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellExecutionPolicy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8036bd0-c10b-4931-86bb-94a878add855","type":"Microsoft.Authorization/policyDefinitions","name":"f8036bd0-c10b-4931-86bb-94a878add855"},{"properties":{"displayName":"External
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellExecutionPolicy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8036bd0-c10b-4931-86bb-94a878add855","type":"Microsoft.Authorization/policyDefinitions","name":"f8036bd0-c10b-4931-86bb-94a878add855"},{"properties":{"displayName":"Microsoft
+ Managed Control 1705 - Security Alerts, Advisories, And Directives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1705"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f82e3639-fa2b-4e06-a786-932d8379b972","type":"Microsoft.Authorization/policyDefinitions","name":"f82e3639-fa2b-4e06-a786-932d8379b972"},{"properties":{"displayName":"External
accounts with owner permissions should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"External
accounts with owner permissions should be removed from your subscription in
order to prevent unmonitored access.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","type":"Microsoft.Authorization/policyDefinitions","name":"f8456c1c-aa66-4dfb-861a-25d127b775c9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","type":"Microsoft.Authorization/policyDefinitions","name":"f8456c1c-aa66-4dfb-861a-25d127b775c9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1345 - Cryptographic Module Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1345"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f86aa129-7c07-4aa4-bbf5-792d93ffd9ea","type":"Microsoft.Authorization/policyDefinitions","name":"f86aa129-7c07-4aa4-bbf5-792d93ffd9ea"},{"properties":{"displayName":"Microsoft
+ Managed Control 1065 - Remote Access | Privileged Commands / Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1065"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f87b8085-dca9-4cf1-8f7b-9822b997797c","type":"Microsoft.Authorization/policyDefinitions","name":"f87b8085-dca9-4cf1-8f7b-9822b997797c"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - System''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -6915,20 +10803,69 @@ interactions:
your network is compromised","metadata":{"category":"Service Bus"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","type":"Microsoft.Authorization/policyDefinitions","name":"f8d36e2f-389b-4ee4-898d-21aeb69a0f45"},{"properties":{"displayName":"Diagnostic
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","type":"Microsoft.Authorization/policyDefinitions","name":"f8d36e2f-389b-4ee4-898d-21aeb69a0f45"},{"properties":{"displayName":"Microsoft
+ Managed Control 1203 - Access Restrictions For Change | Automated Access Enforcement
+ / Auditing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1203"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9012d14-e3e6-4d7b-b926-9f37b5537066","type":"Microsoft.Authorization/policyDefinitions","name":"f9012d14-e3e6-4d7b-b926-9f37b5537066"},{"properties":{"displayName":"Microsoft
+ Managed Control 1697 - Information System Monitoring | Analyze Traffic / Covert
+ Exfiltration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1697"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9873db2-18ad-46b3-a11a-1a1f8cbf0335","type":"Microsoft.Authorization/policyDefinitions","name":"f9873db2-18ad-46b3-a11a-1a1f8cbf0335"},{"properties":{"displayName":"Microsoft
+ Managed Control 1478 - Fire Protection | Suppression Devices / Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1478"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f997df46-cfbb-4cc8-aac8-3fecdaf6a183","type":"Microsoft.Authorization/policyDefinitions","name":"f997df46-cfbb-4cc8-aac8-3fecdaf6a183"},{"properties":{"displayName":"Microsoft
+ Managed Control 1535 - Personnel Sanctions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1535"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9a165d2-967d-4733-8399-1074270dae2e","type":"Microsoft.Authorization/policyDefinitions","name":"f9a165d2-967d-4733-8399-1074270dae2e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1108 - Content Of Audit Records | Additional Audit Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1108"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9ad559e-c12d-415e-9a78-e50fdd7da7ba","type":"Microsoft.Authorization/policyDefinitions","name":"f9ad559e-c12d-415e-9a78-e50fdd7da7ba"},{"properties":{"displayName":"Diagnostic
logs in Azure Stream Analytics should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Stream Analytics"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingJobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","type":"Microsoft.Authorization/policyDefinitions","name":"f9be5368-9bf5-4b84-9e0a-7850da98bb46"},{"properties":{"displayName":"[Preview]:
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingJobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","type":"Microsoft.Authorization/policyDefinitions","name":"f9be5368-9bf5-4b84-9e0a-7850da98bb46"},{"properties":{"displayName":"Latest
+ TLS version should be used in your Function App","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
+ to the latest TLS version","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","type":"Microsoft.Authorization/policyDefinitions","name":"f9d614c5-c173-4d56-95a7-b4437057d193"},{"properties":{"displayName":"Microsoft
+ Managed Control 1280 - Telecommunications Services | Priority Of Service Provisions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1280"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fa108498-b3a8-4ffb-9e79-1107e76afad3","type":"Microsoft.Authorization/policyDefinitions","name":"fa108498-b3a8-4ffb-9e79-1107e76afad3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1037 - Least Privilege | Network Access To Privileged Commands","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1037"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fa4c2a3d-1294-41a3-9ada-0e540471e9fb","type":"Microsoft.Authorization/policyDefinitions","name":"fa4c2a3d-1294-41a3-9ada-0e540471e9fb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1435 - Media Transport","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1435"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fa8d221b-d130-4637-ba16-501e666628bb","type":"Microsoft.Authorization/policyDefinitions","name":"fa8d221b-d130-4637-ba16-501e666628bb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1675 - Flaw Remediation | Time To Remediate Flaws / Benchmarks
+ For Corrective Actions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1675"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/facb66e0-1c48-478a-bed5-747a312323e1","type":"Microsoft.Authorization/policyDefinitions","name":"facb66e0-1c48-478a-bed5-747a312323e1"},{"properties":{"displayName":"Deploy
+ prerequisites to enable Guest Configuration Policy on Linux VMs.","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a system-assigned managed identity and deploys the VM extension
+ for Guest Configuration on Linux VMs. This is a prerequisites for Guest Configuration
+ Policy and must be assigned to the scope before using any Guest Configuration
+ policy. For more information on Guest Configuration policies, please visit
+ https://aka.ms/gcpol.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.Compute/virtualMachines/extensions","name":"AzurePolicyforLinux","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.GuestConfiguration"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"ConfigurationforLinux"}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"resources":[{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}}}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb27e9e0-526e-4ae1-89f2-a2a0bf0f8a50","type":"Microsoft.Authorization/policyDefinitions","name":"fb27e9e0-526e-4ae1-89f2-a2a0bf0f8a50"},{"properties":{"displayName":"Microsoft
+ Managed Control 1086 - Publicly Accessible Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1086"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb321e6f-16a0-4be3-878f-500956e309c5","type":"Microsoft.Authorization/policyDefinitions","name":"fb321e6f-16a0-4be3-878f-500956e309c5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1222 - Information System Component Inventory","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1222"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb39e62f-6bda-4558-8088-ec03d5670914","type":"Microsoft.Authorization/policyDefinitions","name":"fb39e62f-6bda-4558-8088-ec03d5670914"},{"properties":{"displayName":"[Preview]:
Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
your Kubernetes service cluster to a later Kubernetes version to protect against
known vulnerabilities in your current Kubernetes version. Vulnerability CVE-2019-9946
has been patched in Kubernetes versions 1.11.9+, 1.12.7+, 1.13.5+, and 1.14.0+","metadata":{"category":"Security
Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.13.4","1.13.3","1.13.2","1.13.1","1.13.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.12.6","1.12.5","1.12.4","1.12.3","1.12.2","1.12.1","1.12.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.11.8","1.11.7","1.11.6","1.11.5","1.11.4","1.11.3","1.11.2","1.11.1","1.11.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.10.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.9.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.8.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.7.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.6.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.5.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.4.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.3.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.2.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.1.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.0.*"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","type":"Microsoft.Authorization/policyDefinitions","name":"fb893a29-21bb-418c-a157-e99480ec364c"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.13.4","1.13.3","1.13.2","1.13.1","1.13.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.12.6","1.12.5","1.12.4","1.12.3","1.12.2","1.12.1","1.12.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.11.8","1.11.7","1.11.6","1.11.5","1.11.4","1.11.3","1.11.2","1.11.1","1.11.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.10.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.9.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.8.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.7.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.6.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.5.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.4.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.3.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.2.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.1.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.0.*"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","type":"Microsoft.Authorization/policyDefinitions","name":"fb893a29-21bb-418c-a157-e99480ec364c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1075 - Access Control For Mobile Devices | Full Device / Container-Based Encryption","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1075"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fc933d22-04df-48ed-8f87-22a3773d4309","type":"Microsoft.Authorization/policyDefinitions","name":"fc933d22-04df-48ed-8f87-22a3773d4309"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Microsoft Network Client''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -6936,7 +10873,35 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - Microsoft Network Client''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkClient","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fcbc55c9-f25a-4e55-a6cb-33acb3be778b","type":"Microsoft.Authorization/policyDefinitions","name":"fcbc55c9-f25a-4e55-a6cb-33acb3be778b"},{"properties":{"displayName":"Show
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkClient","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fcbc55c9-f25a-4e55-a6cb-33acb3be778b","type":"Microsoft.Authorization/policyDefinitions","name":"fcbc55c9-f25a-4e55-a6cb-33acb3be778b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1318 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1318"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fced5fda-3bdb-4d73-bfea-0e2c80428b66","type":"Microsoft.Authorization/policyDefinitions","name":"fced5fda-3bdb-4d73-bfea-0e2c80428b66"},{"properties":{"displayName":"Microsoft
+ Managed Control 1543 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1543"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd00b778-b5b5-49c0-a994-734ea7bd3624","type":"Microsoft.Authorization/policyDefinitions","name":"fd00b778-b5b5-49c0-a994-734ea7bd3624"},{"properties":{"displayName":"Microsoft
+ Managed Control 1707 - Security Alerts, Advisories, And Directives | Automated
+ Alerts And Advisories","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1707"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd4a2ac8-868a-4702-a345-6c896c3361ce","type":"Microsoft.Authorization/policyDefinitions","name":"fd4a2ac8-868a-4702-a345-6c896c3361ce"},{"properties":{"displayName":"Microsoft
+ Managed Control 1299 - Identification And Authentication Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1299"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd4e54f7-9ab0-4bae-b6cc-457809948a89","type":"Microsoft.Authorization/policyDefinitions","name":"fd4e54f7-9ab0-4bae-b6cc-457809948a89"},{"properties":{"displayName":"Microsoft
+ Managed Control 1627 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1627"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd73310d-76fc-422d-bda4-3a077149f179","type":"Microsoft.Authorization/policyDefinitions","name":"fd73310d-76fc-422d-bda4-3a077149f179"},{"properties":{"displayName":"Microsoft
+ Managed Control 1130 - Time Stamps | Synchronization With Authoritative Time
+ Source","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1130"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd7c4c1d-51ee-4349-9dab-89a7f8c8d102","type":"Microsoft.Authorization/policyDefinitions","name":"fd7c4c1d-51ee-4349-9dab-89a7f8c8d102"},{"properties":{"displayName":"Microsoft
+ Managed Control 1611 - Developer-Provided Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1611"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f","type":"Microsoft.Authorization/policyDefinitions","name":"fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1405 - Maintenance Tools | Inspect Tools","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1405"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b","type":"Microsoft.Authorization/policyDefinitions","name":"fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1613 - Developer Security Architecture And Design","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1613"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fe2ad78b-8748-4bff-a924-f74dfca93f30","type":"Microsoft.Authorization/policyDefinitions","name":"fe2ad78b-8748-4bff-a924-f74dfca93f30"},{"properties":{"displayName":"Show
audit results from Linux VMs that do not have the specified applications installed","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
@@ -6946,8 +10911,20 @@ interactions:
on your SQL databases should be remediated","policyType":"BuiltIn","mode":"Indexed","description":"Monitor
Vulnerability Assessment scan results and recommendations for how to remediate
database vulnerabilities.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Sql/servers/databases","Microsoft.Sql/managedinstances/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"sqlVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","type":"Microsoft.Authorization/policyDefinitions","name":"feedbf84-6b99-488c-acc2-71c829aa5ffc"},{"properties":{"displayName":"[Limited
- Preview]: Ensure containers listen only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Sql/servers/databases","Microsoft.Sql/managedinstances/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"sqlVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","type":"Microsoft.Authorization/policyDefinitions","name":"feedbf84-6b99-488c-acc2-71c829aa5ffc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1407 - Maintenance Tools | Prevent Unauthorized Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1407"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ff9fbd83-1d8d-4b41-aac2-94cb44b33976","type":"Microsoft.Authorization/policyDefinitions","name":"ff9fbd83-1d8d-4b41-aac2-94cb44b33976"},{"properties":{"displayName":"Microsoft
+ Managed Control 1158 - Security Authorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1158"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fff50cf2-28eb-45b4-b378-c99412688907","type":"Microsoft.Authorization/policyDefinitions","name":"fff50cf2-28eb-45b4-b378-c99412688907"},{"properties":{"displayName":"[Preview]:
+ Manage certificate validity period","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the maximum validity period for certificates in months.","metadata":{"category":"Key
+ Vault","preview":true},"parameters":{"maximumValidityInMonths":{"type":"Integer","metadata":{"displayName":"The
+ maximum validity in months","description":"The limit to how long a certificate
+ may be valid for. Certificates with lengthy validity periods aren''t best
+ practice."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/properties.validityInMonths","greater":"[parameters(''maximumValidityInMonths'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560","type":"Microsoft.Authorization/policyDefinitions","name":"0a075868-4c26-42ef-914c-5bc007359560"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Ensure containers listen only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces containers to listen only on allowed ports in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
@@ -6955,8 +10932,25 @@ interactions:
service"},"parameters":{"allowedContainerPortsRegex":{"type":"String","metadata":{"displayName":"Allowed
container ports regex","description":"Regex representing container ports allowed
in Kubernetes cluster. E.g. Regex for allowing ports 443,446 is ^(443|446)$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerAllowedPorts","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-allowed-ports/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedContainerPortsRegex":"[parameters(''allowedContainerPortsRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f636243-1b1c-4d50-880f-310f6199f2cb","type":"Microsoft.Authorization/policyDefinitions","name":"0f636243-1b1c-4d50-880f-310f6199f2cb"},{"properties":{"displayName":"[Limited
- Preview]: Enforce labels on pods in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerAllowedPorts","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-allowed-ports/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedContainerPortsRegex":"[parameters(''allowedContainerPortsRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f636243-1b1c-4d50-880f-310f6199f2cb","type":"Microsoft.Authorization/policyDefinitions","name":"0f636243-1b1c-4d50-880f-310f6199f2cb"},{"properties":{"displayName":"[Preview]:
+ Manage allowed certificate key types","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the allowed key types for certificates.","metadata":{"category":"Key
+ Vault","preview":true},"parameters":{"allowedKeyTypes":{"type":"Array","metadata":{"displayName":"Allowed
+ key types","description":"The list of allowed certificate key types."},"allowedValues":["RSA","RSA-HSM","EC","EC-HSM"],"defaultValue":["RSA","RSA-HSM"]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType","notIn":"[parameters(''allowedKeyTypes'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f","type":"Microsoft.Authorization/policyDefinitions","name":"1151cede-290b-4ba0-8b38-0ad145ac888f"},{"properties":{"displayName":"[Preview]:
+ Manage certificate lifetime action triggers","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the configuration for certificate lifetime action triggers
+ before certificate expiration.","metadata":{"category":"Key Vault","preview":true},"parameters":{"maximumPercentageLife":{"type":"Integer","metadata":{"displayName":"The
+ maximum lifetime percentage","description":"Enter the percentage of lifetime
+ of the certificate when you want to trigger the policy action. For example,
+ to trigger a policy action at 80% of the certificate''s valid life, enter
+ ''80''."}},"minimumDaysBeforeExpiry":{"type":"Integer","metadata":{"displayName":"The
+ minimum days before expiry","description":"Enter the days before expiration
+ of the certificate when you want to trigger the policy action. For example,
+ to trigger a policy action 90 days before the certificate''s expiration, enter
+ ''90''."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.daysBeforeExpiry","exists":"True"},{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.daysBeforeExpiry","less":"[parameters(''minimumDaysBeforeExpiry'')]"}]},{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.lifetimePercentage","exists":"True"},{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.lifetimePercentage","greater":"[parameters(''maximumPercentageLife'')]"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417","type":"Microsoft.Authorization/policyDefinitions","name":"12ef42cb-9903-4e39-9c26-422d29570417"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Enforce labels on pods in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces the specified labels are provided for pods in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
@@ -6964,8 +10958,20 @@ interactions:
service"},"parameters":{"commaSeparatedListOfLabels":{"type":"String","metadata":{"displayName":"Comma-separated
list of labels","description":"A comma-separated list of labels to be specified
on Pods in Kubernetes cluster. E.g. test1,test2"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"PodEnforceLabels","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/pod-enforce-labels/limited-preview/gatekeeperpolicy.rego","policyParameters":{"commaSeparatedListOfLabels":"[parameters(''commaSeparatedListOfLabels'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16c6ca72-89d2-4798-b87e-496f9de7fcb7","type":"Microsoft.Authorization/policyDefinitions","name":"16c6ca72-89d2-4798-b87e-496f9de7fcb7"},{"properties":{"displayName":"[Limited
- Preview]: Ensure services listen only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"PodEnforceLabels","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/pod-enforce-labels/limited-preview/gatekeeperpolicy.rego","policyParameters":{"commaSeparatedListOfLabels":"[parameters(''commaSeparatedListOfLabels'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16c6ca72-89d2-4798-b87e-496f9de7fcb7","type":"Microsoft.Authorization/policyDefinitions","name":"16c6ca72-89d2-4798-b87e-496f9de7fcb7"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Enforce HTTPS ingress in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces HTTPS ingress in a Kubernetes cluster. For instructions on
+ using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-https-only/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-https-only/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d","type":"Microsoft.Authorization/policyDefinitions","name":"1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Ensure services listen only on allowed ports in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces services to listen only on allowed ports in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"allowedServicePortsList":{"type":"Array","metadata":{"displayName":"Allowed
+ service ports list","description":"The list of service ports allowed in a
+ Kubernetes cluster."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/service-allowed-ports/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/service-allowed-ports/constraint.yaml","values":{"allowedServicePorts":"[parameters(''allowedServicePortsList'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/233a2a17-77ca-4fb1-9b6b-69223d272a44","type":"Microsoft.Authorization/policyDefinitions","name":"233a2a17-77ca-4fb1-9b6b-69223d272a44"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Ensure services listen only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces services to listen only on allowed ports in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
@@ -6974,14 +10980,34 @@ interactions:
service ports regex","description":"Regex representing service ports allowed
in Kubernetes cluster. E.g. Regex for allowing ports 443,446 is ^(443|446)$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ServiceAllowedPorts","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/service-allowed-ports/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedServicePortsRegex":"[parameters(''allowedServicePortsRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/25dee3db-6ce0-4c02-ab5d-245887b24077","type":"Microsoft.Authorization/policyDefinitions","name":"25dee3db-6ce0-4c02-ab5d-245887b24077"},{"properties":{"displayName":"[Limited
- Preview]: Enforce HTTPS ingress in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ Preview]: [AKS] Enforce HTTPS ingress in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces HTTPS ingress in an Azure Kubernetes Service cluster. Limited
Preview policies only work for registered subscriptions. To register, please
go to https://aka.ms/akspolicyonboarding. For instruction on using this policy,
please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"HttpsIngressOnly","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-https-only/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fbff515-eecc-4b7e-9b63-fcc7138b7dc3","type":"Microsoft.Authorization/policyDefinitions","name":"2fbff515-eecc-4b7e-9b63-fcc7138b7dc3"},{"properties":{"displayName":"[Limited
- Preview]: Ensure only allowed container images in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"HttpsIngressOnly","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-https-only/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fbff515-eecc-4b7e-9b63-fcc7138b7dc3","type":"Microsoft.Authorization/policyDefinitions","name":"2fbff515-eecc-4b7e-9b63-fcc7138b7dc3"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Enforce internal load balancers in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces load balancers do not have public IPs in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/load-balancer-no-public-ips/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/load-balancer-no-public-ips/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e","type":"Microsoft.Authorization/policyDefinitions","name":"3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Ensure containers listen only on allowed ports in Kubernetes
+ cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces containers to listen only on allowed ports in a Kubernetes
+ cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"allowedContainerPortsList":{"type":"Array","metadata":{"displayName":"Allowed
+ container ports list","description":"The list of container ports allowed in
+ a Kubernetes cluster."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-ports/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-ports/constraint.yaml","values":{"allowedContainerPorts":"[parameters(''allowedContainerPortsList'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/440b515e-a580-421e-abeb-b159a61ddcbc","type":"Microsoft.Authorization/policyDefinitions","name":"440b515e-a580-421e-abeb-b159a61ddcbc"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Enforce labels on pods in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces the specified labels are provided for pods in a Kubernetes
+ cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"labelsList":{"type":"Array","metadata":{"displayName":"List
+ of labels","description":"The list of labels to be specified on Pods in a
+ Kubernetes cluster."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/pod-enforce-labels/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/pod-enforce-labels/constraint.yaml","values":{"labels":"[parameters(''labelsList'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/46592696-4c7b-4bf3-9e45-6c2763bdc0a6","type":"Microsoft.Authorization/policyDefinitions","name":"46592696-4c7b-4bf3-9e45-6c2763bdc0a6"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Ensure only allowed container images in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy ensures only allowed container images are running in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
@@ -6991,70 +11017,141 @@ interactions:
allowed in Kubernetes cluster. E.g. Regex of azure container registry images
is ^.+azurecr.io/.+$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerAllowedImages","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-allowed-images/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedContainerImagesRegex":"[parameters(''allowedContainerImagesRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5f86cb6e-c4da-441b-807c-44bd0cc14e66","type":"Microsoft.Authorization/policyDefinitions","name":"5f86cb6e-c4da-441b-807c-44bd0cc14e66"},{"properties":{"displayName":"[Limited
- Preview]: Do not allow privileged containers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ Preview]: [AKS] Do not allow privileged containers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy does not allow privileged containers creation in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerNoPrivilege","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-no-privilege/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ce7ac02-a5c6-45d6-8d1b-844feb1c1531","type":"Microsoft.Authorization/policyDefinitions","name":"7ce7ac02-a5c6-45d6-8d1b-844feb1c1531"},{"properties":{"displayName":"[Limited
- Preview]: Ensure CPU and memory resource limits defined on containers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerNoPrivilege","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-no-privilege/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ce7ac02-a5c6-45d6-8d1b-844feb1c1531","type":"Microsoft.Authorization/policyDefinitions","name":"7ce7ac02-a5c6-45d6-8d1b-844feb1c1531"},{"properties":{"displayName":"[Preview]:
+ Manage certificates issued by an integrated CA","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages certificates are issued by a specified key vault integrated
+ Certificate Authority.","metadata":{"category":"Key Vault","preview":true},"parameters":{"allowedCAs":{"type":"Array","metadata":{"displayName":"Allowed
+ Azure Key Vault Supported CAs","description":"The list of allowed certificate
+ authorities supported by Azure Key Vault."},"allowedValues":["DigiCert","GlobalSign"],"defaultValue":["DigiCert","GlobalSign"]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/issuer.name","notIn":"[parameters(''allowedCAs'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82","type":"Microsoft.Authorization/policyDefinitions","name":"8e826246-c976-48f6-b03e-619bb92b3d82"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Do not allow privileged containers in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy does not allow privileged containers creation in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-no-privilege/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-no-privilege/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4","type":"Microsoft.Authorization/policyDefinitions","name":"95edb821-ddaf-4404-9732-666045e056b4"},{"properties":{"displayName":"[Preview]:
+ Manage certificates issued by a non-integrated CA","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages certificates are issued by a specified non-integrated Certificate
+ Authority.","metadata":{"category":"Key Vault","preview":true},"parameters":{"caCommonName":{"type":"String","metadata":{"displayName":"The
+ common name of the certificate authority","description":"The common name (CN)
+ of the Certificate Authority (CA) provider. For example, for an issuer CN
+ = Contoso, OU = .., DC = .., you can specify Contoso"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/issuer.commonName","notContains":"[parameters(''caCommonName'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341","type":"Microsoft.Authorization/policyDefinitions","name":"a22f4a40-01d3-4c7d-8071-da157eeff341"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Ensure CPU and memory resource limits defined on containers
+ in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy ensures CPU and memory resource limits are defined on containers in
an Azure Kubernetes Service cluster. Limited Preview policies only work for
registered subscriptions. To register, please go to https://aka.ms/akspolicyonboarding.
For instruction on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerResourceLimits","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-resource-limits/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2d3ed81-8d11-4079-80a5-1faadc0024f4","type":"Microsoft.Authorization/policyDefinitions","name":"a2d3ed81-8d11-4079-80a5-1faadc0024f4"},{"properties":{"displayName":"[Limited
- Preview]: Enforce internal load balancers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ Preview]: [AKS] Enforce internal load balancers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces load balancers do not have public IPs in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"LoadBalancersInternal","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/loadbalancer-no-publicips/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a74d8f00-2fd9-4ce4-968e-0ee1eb821698","type":"Microsoft.Authorization/policyDefinitions","name":"a74d8f00-2fd9-4ce4-968e-0ee1eb821698"},{"properties":{"displayName":"[Limited
- Preview]: Enforce unique ingress hostnames across namespaces in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"LoadBalancersInternal","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/loadbalancer-no-publicips/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a74d8f00-2fd9-4ce4-968e-0ee1eb821698","type":"Microsoft.Authorization/policyDefinitions","name":"a74d8f00-2fd9-4ce4-968e-0ee1eb821698"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Enforce unique ingress hostnames across namespaces in Kubernetes
+ cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces unique ingress hostnames across namespaces in a Kubernetes
+ cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-hostnames-conflict/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-hostnames-conflict/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b2fd3e59-6390-4f2b-8247-ea676bd03e2d","type":"Microsoft.Authorization/policyDefinitions","name":"b2fd3e59-6390-4f2b-8247-ea676bd03e2d"},{"properties":{"displayName":"[Preview]:
+ Manage allowed curve names for elliptic curve cryptography certificates","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the allowed elliptic curve names for elliptic curve cryptography
+ certificates.","metadata":{"category":"Key Vault","preview":true},"parameters":{"allowedECNames":{"type":"Array","metadata":{"displayName":"Allowed
+ elliptic curve names","description":"The list of allowed curve names for elliptic
+ curve cryptography certificates."},"allowedValues":["P-256","P-256K","P-384","P-521"],"defaultValue":["P-256","P-256K","P-384","P-521"]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType","in":["EC","EC-HSM"]},{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.ellipticCurveName","notIn":"[parameters(''allowedECNames'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf","type":"Microsoft.Authorization/policyDefinitions","name":"bd78111f-4953-4367-9fd5-7e08808b54bf"},{"properties":{"displayName":"[Preview]:
+ Manage minimum key size for RSA certificates","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the minimum key size for RSA certificates.","metadata":{"category":"Key
+ Vault","preview":true},"parameters":{"minimumRSAKeySize":{"type":"Integer","metadata":{"displayName":"Minimum
+ RSA key size","description":"The minimum key size for RSA certificates."},"allowedValues":[2048,3072,4096]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType","in":["RSA","RSA-HSM"]},{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keySize","less":"[parameters(''minimumRSAKeySize'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0","type":"Microsoft.Authorization/policyDefinitions","name":"cee51871-e572-4576-855c-047c820360f0"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Enforce unique ingress hostnames across namespaces in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces unique ingress hostnames across namespaces in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"UniqueIngressHostnames","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-hostnames-conflict/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d011d9f7-ba32-4005-b727-b3d09371ca60","type":"Microsoft.Authorization/policyDefinitions","name":"d011d9f7-ba32-4005-b727-b3d09371ca60"},{"properties":{"displayName":"jilim
- single allowed location","policyType":"Custom","mode":"All","description":"This
- policy enables you to restrict the locations your organization can specify
- when deploying resources. Use to enforce your geo-compliance requirements.
- Excludes resource groups, Microsoft.AzureActiveDirectory/b2cDirectories, and
- resources that use the ''global'' region.","metadata":{"category":"Test"},"parameters":{"allowedLocation":{"type":"String","metadata":{"displayName":"Allowed
- location","description":"The location that can be specified when deploying
- resources.","strongType":"location"}}},"policyRule":{"if":{"allOf":[{"field":"location","notEquals":"[parameters(''allowedLocation'')]"},{"field":"location","notEquals":"global"},{"field":"type","notEquals":"Microsoft.AzureActiveDirectory/b2cDirectories"}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/14bee682-2231-4113-bb3a-c067a49c6035","type":"Microsoft.Authorization/policyDefinitions","name":"14bee682-2231-4113-bb3a-c067a49c6035"},{"properties":{"displayName":"jilim
- test","policyType":"Custom","mode":"All","metadata":{"createdBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","createdOn":"2019-06-28T00:42:23.9594435Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
- locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/8a333d4f-45e8-4adf-b777-0f3be1fc4663","type":"Microsoft.Authorization/policyDefinitions","name":"8a333d4f-45e8-4adf-b777-0f3be1fc4663"},{"properties":{"displayName":"VMs
- with no Managed Disk","policyType":"Custom","mode":"All","description":"Deny
- all VMs with no Managed Disk","metadata":{"category":"General"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.compute/virtualmachines"},{"field":"Microsoft.Compute/virtualMachines/storageProfile.dataDisks[*].managedDisk.id","notlike":"*"}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/95696b24-404f-4376-a9a6-7fa8ba91e4d5","type":"Microsoft.Authorization/policyDefinitions","name":"95696b24-404f-4376-a9a6-7fa8ba91e4d5"},{"properties":{"displayName":"rohitbh
- def [2]","policyType":"Custom","mode":"All","metadata":{"category":"Test","createdBy":"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e","createdOn":"2019-04-30T23:58:47.6628901Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
- locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest5/providers/Microsoft.Authorization/policyDefinitions/5786a43d-b79a-4f5d-a7b8-b43925a693e0","type":"Microsoft.Authorization/policyDefinitions","name":"5786a43d-b79a-4f5d-a7b8-b43925a693e0"},{"properties":{"displayName":"Azure
- KeyVault Allowed Locations","policyType":"Custom","mode":"All","description":"Azure
- KeyVault Allowed Locations","metadata":{"category":"Key Vault"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
- locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest5/providers/Microsoft.Authorization/policyDefinitions/e1d7de9f-42f0-4af1-9ee0-0187bfce08d5","type":"Microsoft.Authorization/policyDefinitions","name":"e1d7de9f-42f0-4af1-9ee0-0187bfce08d5"},{"properties":{"displayName":"[AMP
- demo] - KeyVault - Deny certificates that expire in x number of days","policyType":"Custom","mode":"Microsoft.KeyVault.Data","description":"This
- policy will mark any vault containing certificates that expire within x number
- days as non-compliant. \nDrilling down to the non-compliant vault will show
- which certificates do not meet the policy requirement. ","metadata":{"category":"DataPlane","createdBy":"0d81b461-6bb0-4909-a102-d51803a7d275","createdOn":"2019-08-07T21:39:25.287951Z","updatedBy":"0d81b461-6bb0-4909-a102-d51803a7d275","updatedOn":"2019-08-07T21:53:34.3584975Z"},"parameters":{"daysToExpire":{"type":"Integer","metadata":{"displayName":"Days
- to expire","description":"The number of days for a certificate to expire."}}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/attributes/expiresOn","lessOrEquals":"[addDays(utcNow(),
- parameters(''daysToExpire''))]"},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3520924f-7a65-4cbf-83e6-e2ed67bbf0da","type":"Microsoft.Authorization/policyDefinitions","name":"3520924f-7a65-4cbf-83e6-e2ed67bbf0da"},{"properties":{"displayName":"[AMP
- demo] - KeyVault - Audit RSA type certificates","policyType":"Custom","mode":"Microsoft.KeyVault.Data","description":"Audit
- RSA type certificates","metadata":{"category":"DataPlane","createdBy":"0d81b461-6bb0-4909-a102-d51803a7d275","createdOn":"2019-08-07T19:08:39.2161644Z","updatedBy":"0d81b461-6bb0-4909-a102-d51803a7d275","updatedOn":"2019-08-07T21:43:16.414584Z"},"parameters":{},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties/keyType","equals":"RSA"},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ab108bc4-32df-4677-8b38-fa8b2905df59","type":"Microsoft.Authorization/policyDefinitions","name":"ab108bc4-32df-4677-8b38-fa8b2905df59"},{"properties":{"displayName":"testDisplay","policyType":"Custom","mode":"Microsoft.KeyVault.Data","description":"Updated
- Unit test junk: sorry for littering. Please delete me!","metadata":{"testName":"testValue","createdBy":"5549abd9-7aae-41fa-a276-5060abe448d5","createdOn":"2019-07-15T20:36:45.266863Z","updatedBy":"5549abd9-7aae-41fa-a276-5060abe448d5","updatedOn":"2019-07-15T20:36:46.9168436Z"},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties/keyType","equals":"RSA"},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ps4472","type":"Microsoft.Authorization/policyDefinitions","name":"ps4472"},{"properties":{"policyType":"Custom","mode":"Microsoft.KeyVault.Data","description":"Unit
- test junk: sorry for littering. Please delete me!","metadata":{"createdBy":"5549abd9-7aae-41fa-a276-5060abe448d5","createdOn":"2019-07-15T20:15:59.703567Z","updatedBy":null,"updatedOn":null},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties/keyType","equals":"RSA"},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ps7414","type":"Microsoft.Authorization/policyDefinitions","name":"ps7414"},{"properties":{"policyType":"Custom","mode":"Microsoft.KeyVault.Data","description":"Unit
- test junk: sorry for littering. Please delete me!","metadata":{"createdBy":"5549abd9-7aae-41fa-a276-5060abe448d5","createdOn":"2019-07-15T20:19:56.533839Z","updatedBy":null,"updatedOn":null},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties/keyType","equals":"RSA"},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ps8243","type":"Microsoft.Authorization/policyDefinitions","name":"ps8243"}]}'
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"UniqueIngressHostnames","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-hostnames-conflict/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d011d9f7-ba32-4005-b727-b3d09371ca60","type":"Microsoft.Authorization/policyDefinitions","name":"d011d9f7-ba32-4005-b727-b3d09371ca60"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Ensure container CPU and memory resource limits do not exceed
+ the specified limits in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy ensures container CPU and memory resource limits are defined and do
+ not exceed the specified limits in a Kubernetes cluster. For instructions
+ on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"cpuLimit":{"type":"String","metadata":{"displayName":"Max
+ allowed CPU units","description":"The maximum CPU units allowed for a container.
+ E.g. 200m. For more information, please refer https://aka.ms/k8s-policy-pod-limits"}},"memoryLimit":{"type":"String","metadata":{"displayName":"Max
+ allowed memory bytes","description":"The maximum memory bytes allowed for
+ a container. E.g. 1Gi. For more information, please refer https://aka.ms/k8s-policy-pod-limits"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-resource-limits/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-resource-limits/constraint.yaml","values":{"cpuLimit":"[parameters(''cpuLimit'')]","memoryLimit":"[parameters(''memoryLimit'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e345eecc-fa47-480f-9e88-67dcc122b164","type":"Microsoft.Authorization/policyDefinitions","name":"e345eecc-fa47-480f-9e88-67dcc122b164"},{"properties":{"displayName":"[Preview]:
+ Manage certificates that are within a specified number of days of expiration","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages certificates that are within a specified number of days to
+ their expiration date.","metadata":{"category":"Key Vault","preview":true},"parameters":{"daysToExpire":{"type":"Integer","metadata":{"displayName":"Days
+ to expire","description":"The number of days for a certificate to expire."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/attributes.expiresOn","lessOrEquals":"[addDays(utcNow(),
+ parameters(''daysToExpire''))]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427","type":"Microsoft.Authorization/policyDefinitions","name":"f772fb64-8e40-40ad-87bc-7706e1949427"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Ensure only allowed container images in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy ensures only allowed container images are running in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"allowedContainerImagesRegex":{"type":"String","metadata":{"displayName":"Allowed
+ container images regex","description":"Regex representing container images
+ allowed in a Kubernetes cluster. E.g. Regex for azure container registry images
+ is ^.+azurecr.io/.+$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-images/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-images/constraint.yaml","values":{"allowedContainerImagesRegex":"[parameters(''allowedContainerImagesRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/febd0533-8e55-448f-b837-bd0e06f16469","type":"Microsoft.Authorization/policyDefinitions","name":"febd0533-8e55-448f-b837-bd0e06f16469"},{"properties":{"displayName":"Replace
+ tag without becoming compliant","policyType":"Custom","mode":"Indexed","description":"","metadata":{"category":"Tags","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-21T00:28:28.0537053Z","updatedBy":null,"updatedOn":null},"parameters":{},"policyRule":{"if":{"value":"true","equals":"true"},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"addOrReplace","field":"tags.mockTag","value":"mockValue"}]}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/270f0d11-af30-4c15-95f7-28ba884518f0","type":"Microsoft.Authorization/policyDefinitions","name":"270f0d11-af30-4c15-95f7-28ba884518f0"},{"properties":{"displayName":"rohitbh:
+ Key vault access policy","policyType":"Custom","mode":"All","description":"definition
+ description","metadata":{"createdBy":"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e","createdOn":"2019-03-26T00:11:44.907552Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-12T22:08:39.7776262Z"},"parameters":{"userObjectId":{"type":"String","metadata":{"displayName":"User
+ Object ID","description":"The GUID for the user which should have access"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"field":"Microsoft.Keyvault/vaults/accessPolicies[*].objectId","notEquals":"[parameters(''userObjectId'')]"}]},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.KeyVault/vaults","name":"current","deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"objectId":{"type":"string"},"keyVaultName":{"type":"string"},"secretsPermissions":{"type":"array","defaultValue":["list"]},"tenantId":{"type":"string"},"location":{"type":"string"},"sku":{"type":"object"},"existingAccessPolicies":{"type":"array","defaultValue":[]}},"variables":{"accessPolicies":[{"tenantId":"[parameters(''tenantId'')]","objectId":"[parameters(''objectId'')]","permissions":{"secrets":"[parameters(''secretsPermissions'')]"}}]},"resources":[{"type":"Microsoft.KeyVault/vaults","name":"[parameters(''keyVaultName'')]","location":"[parameters(''location'')]","apiVersion":"2018-02-14","properties":{"sku":"[parameters(''sku'')]","tenantId":"[parameters(''tenantId'')]","accessPolicies":"[concat(parameters(''existingAccessPolicies''),
+ variables(''accessPolicies''))]"}}]},"parameters":{"objectId":{"value":"[parameters(''userObjectId'')]"},"tenantId":{"value":"[field(''Microsoft.Keyvault/vaults/tenantId'')]"},"keyVaultName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"sku":{"value":"[field(''Microsoft.Keyvault/vaults/sku'')]"},"existingAccessPolicies":{"value":"[field(''Microsoft.Keyvault/vaults/accessPolicies'')]"}}}},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/f25e0fa2-a7c8-4377-a976-54943a77a395"]}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3863c624-094c-480d-bc42-74970b55e5e1","type":"Microsoft.Authorization/policyDefinitions","name":"3863c624-094c-480d-bc42-74970b55e5e1"},{"properties":{"displayName":"test_policyi2bpufgaf","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T23:00:17.8237178Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ locations","description":"The list of locations that can be specified when
+ deploying resources"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyffg5bcs7r","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyffg5bcs7r"},{"properties":{"displayName":"test_policyem3nif7gi","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T21:51:40.6097535Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ locations","description":"The list of locations that can be specified when
+ deploying resources"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policykavffx3v6","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policykavffx3v6"},{"properties":{"displayName":"test_policyxyp6wrek6","policyType":"Custom","mode":"Indexed","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T23:10:41.492753Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ locations","description":"The list of locations that can be specified when
+ deploying resources"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policysv65gfxjh","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policysv65gfxjh"},{"properties":{"displayName":"test_policypwlcy5gtj","policyType":"Custom","mode":"Indexed","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T22:59:11.5176138Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ locations","description":"The list of locations that can be specified when
+ deploying resources"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policytac4g2rrq","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policytac4g2rrq"},{"properties":{"displayName":"testDisplay","policyType":"Custom","mode":"Indexed","description":"Updated
+ Unit test junk: sorry for littering. Please delete me!","metadata":{"testName":"testValue","createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-02T22:35:27.2634648Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-02T22:35:29.2696603Z"},"policyRule":{"if":{"source":"action","equals":"Microsoft.Resources/Subscriptions/ResourceGroups/write"},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ps7866","type":"Microsoft.Authorization/policyDefinitions","name":"ps7866"},{"properties":{"displayName":"robga
+ test modify","policyType":"Custom","mode":"Indexed","metadata":{"createdBy":"0dc80135-ae53-4da3-8695-220a2d93aad8","createdOn":"2019-08-06T13:52:23.9266854Z","updatedBy":"0dc80135-ae53-4da3-8695-220a2d93aad8","updatedOn":"2019-08-28T17:18:53.3118044Z"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"tags.testModify","exists":"false"}]},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"add","field":"tags.testModify","value":"addModifyOperation"}]}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/robgaTestModify","type":"Microsoft.Authorization/policyDefinitions","name":"robgaTestModify"},{"properties":{"displayName":"Audit
+ tag at MG","policyType":"Custom","mode":"All","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-19T21:02:29.3038974Z","updatedBy":null,"updatedOn":null},"parameters":{},"policyRule":{"if":{"not":{"field":"tags.Test","equals":"UnitTest"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/03ae6c12-b46a-43f1-9f3d-c20620473106","type":"Microsoft.Authorization/policyDefinitions","name":"03ae6c12-b46a-43f1-9f3d-c20620473106"},{"properties":{"displayName":"\"metadata\":
+ { \"category\": \"testResourcesGrid\" },","policyType":"Custom","mode":"All","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-19T20:48:36.8149755Z","updatedBy":null,"updatedOn":null},"parameters":{},"policyRule":{"if":{"not":{"field":"tags.testResourcesGrid","equals":"testResourcesGrid"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/4bba2e95-2749-431f-95ff-d032a3ae57f6","type":"Microsoft.Authorization/policyDefinitions","name":"4bba2e95-2749-431f-95ff-d032a3ae57f6"},{"properties":{"displayName":"CaleC
+ - Technical Owner Email Tag on RG","policyType":"Custom","mode":"All","metadata":{"category":"Test","createdBy":"b8890a11-51b6-457d-99f0-b36fde28fa4f","createdOn":"2019-11-13T21:16:37.0623117Z","updatedBy":null,"updatedOn":null},"parameters":{"namePattern":{"type":"String","metadata":{"displayName":"Pattern
+ matching","description":"Pattern to use for names. Can include wildcard (*)."}},"tagName":{"type":"String","metadata":{"displayName":"tagName","description":"Technical
+ Owner Email Address"},"defaultValue":"TechnicalOwnerEmail"}},"policyRule":{"if":{"allOf":[{"not":{"field":"[concat(''tags['',parameters(''tagName''),
+ '']'')]","like":"[parameters(''namePattern'')]"}},{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/54d50b8c-c4c6-4552-9e50-19925aedcf44","type":"Microsoft.Authorization/policyDefinitions","name":"54d50b8c-c4c6-4552-9e50-19925aedcf44"},{"properties":{"displayName":"rohitbh
+ def","policyType":"Custom","mode":"All","metadata":{"category":"Test","createdBy":"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e","createdOn":"2019-03-28T00:13:27.0393653Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/5b51a7de-acd9-42cd-81bd-32d9c01968e9","type":"Microsoft.Authorization/policyDefinitions","name":"5b51a7de-acd9-42cd-81bd-32d9c01968e9"},{"properties":{"displayName":"jilim
+ audit subscriptions without security contacts","policyType":"Custom","mode":"All","metadata":{"createdBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","createdOn":"2019-06-07T20:59:59.7600143Z","updatedBy":null,"updatedOn":null},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/Subscriptions"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Security/securityContacts"}}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/67d90168-f067-43df-bd57-bca4b46df3a0","type":"Microsoft.Authorization/policyDefinitions","name":"67d90168-f067-43df-bd57-bca4b46df3a0"},{"properties":{"displayName":"Empty
+ deployment on each KeyVault resource","policyType":"Custom","mode":"Indexed","description":"Deploys
+ an empty deployment (with one output) on each KeyVault vault. Used for some
+ PolicyInsights SDK tests.","metadata":{"category":"SDK Tests","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-21T17:43:12.9974078Z","updatedBy":null,"updatedOn":null},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Authorization/policyAssignments","name":"notExists","roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/f25e0fa2-a7c8-4377-a976-54943a77a395"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[],"outputs":{"constantOutput":{"type":"string","value":"someConstantValue"}}}}}}}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/78a38c70-5549-49bd-8a16-fe3619e5d2cf","type":"Microsoft.Authorization/policyDefinitions","name":"78a38c70-5549-49bd-8a16-fe3619e5d2cf"},{"properties":{"displayName":"CaleC
+ - Ensure principal is member of role","policyType":"Custom","mode":"All","metadata":{"category":"Test","createdBy":"b8890a11-51b6-457d-99f0-b36fde28fa4f","createdOn":"2019-11-08T01:55:56.4678953Z","updatedBy":"b8890a11-51b6-457d-99f0-b36fde28fa4f","updatedOn":"2019-11-13T21:19:54.5769298Z"},"parameters":{"roleDefinitionId":{"type":"String","metadata":{"displayName":"Approved
+ Role Definition","description":"The role definition id to add the principal
+ to."}},"principalId":{"type":"String","metadata":{"displayName":"Principal
+ Id","description":"Principal Id to add to roles"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Authorization/roleDefinitions"},{"field":"name","equals":"[parameters(''roleDefinitionId'')]"}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Authorization/roleAssignments","deploymentScope":"subscription","existenceScope":"subscription","existenceCondition":{"allOf":[{"field":"Microsoft.Authorization/roleAssignments/principalId","equals":"[parameters(''principalId'')]"},{"field":"Microsoft.Authorization/roleAssignments/roleDefinitionId","equals":"[concat(subscription().id,
+ ''/providers/Microsoft.Authorization/roleDefinitions/'', parameters(''roleDefinitionId''))]"}]},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635"],"deployment":{"location":"eastus","properties":{"mode":"incremental","parameters":{"roleId":{"value":"[parameters(''roleDefinitionId'')]"},"principalId":{"value":"[parameters(''principalId'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"principalId":{"type":"string"},"roleId":{"type":"string"}},"resources":[{"name":"[guid(subscription().id,
+ parameters(''roleId''), parameters(''principalId''))]","type":"Microsoft.Authorization/roleAssignments","apiVersion":"2019-04-01-preview","properties":{"principalId":"[parameters(''principalId'')]","roleDefinitionId":"[concat(subscription().id,
+ ''/providers/Microsoft.Authorization/roleDefinitions/'', parameters(''roleId''))]"}}]}}}}}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/906ef7c2-27f9-48f4-b111-1f0aca8697cd","type":"Microsoft.Authorization/policyDefinitions","name":"906ef7c2-27f9-48f4-b111-1f0aca8697cd"},{"properties":{"displayName":"jilim
+ mg test 2","policyType":"Custom","mode":"All","metadata":{"createdBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","createdOn":"2019-04-01T18:34:15.5651057Z","updatedBy":null,"updatedOn":null},"policyRule":{"if":{"source":"action","equals":"Microsoft.Compute/virtualMachines/write"},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/jilim
+ mg test 2","type":"Microsoft.Authorization/policyDefinitions","name":"jilim
+ mg test 2"},{"properties":{"displayName":"jilim mg test","policyType":"Custom","mode":"All","metadata":{"createdBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","createdOn":"2019-04-01T18:00:41.0087033Z","updatedBy":null,"updatedOn":null},"policyRule":{"if":{"source":"action","equals":"Microsoft.Compute/virtualMachines/write"},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/jilimmgtest","type":"Microsoft.Authorization/policyDefinitions","name":"jilimmgtest"},{"properties":{"displayName":"test_data_policyb6lq","policyType":"Custom","mode":"Microsoft.DataCatalog.Data","description":"desc_for_test_data_policy_123","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T23:00:19.2517621Z","updatedBy":null,"updatedOn":null},"policyRule":{"if":{"field":"Microsoft.DataCatalog.Data/catalog/entity/type","equals":"SomeEntityType"},"then":{"effect":"ModifyClassifications","details":{"classificationsToAdd":["foo"],"classificationsToRemove":["bar"]}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policyb7jp","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-data-policyb7jp"}]}'
headers:
cache-control:
- no-cache
content-length:
- - '883134'
+ - '1648124'
content-type:
- application/json; charset=utf-8
date:
- - Fri, 06 Sep 2019 22:45:56 GMT
+ - Fri, 06 Dec 2019 23:12:36 GMT
expires:
- '-1'
pragma:
@@ -7084,23 +11181,52 @@ interactions:
ParameterSetName:
- --subscription
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions?api-version=2019-09-01
response:
body:
- string: '{"value":[{"properties":{"displayName":"Audit virtual machines without
- disaster recovery configured","policyType":"BuiltIn","mode":"All","description":"Audit
+ string: '{"value":[{"properties":{"displayName":"Microsoft Managed Control 1599
+ - Developer Configuration Management | Software / Firmware Integrity Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1599"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0004bbf0-5099-4179-869e-e9ffe5fb0945","type":"Microsoft.Authorization/policyDefinitions","name":"0004bbf0-5099-4179-869e-e9ffe5fb0945"},{"properties":{"displayName":"Audit
+ virtual machines without disaster recovery configured","policyType":"BuiltIn","mode":"All","description":"Audit
virtual machines which do not have disaster recovery configured. To learn
more about disaster recovery, visit https://aka.ms/asr-doc.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Resources/links","existenceCondition":{"field":"name","like":"ASR-Protect-*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","type":"Microsoft.Authorization/policyDefinitions","name":"0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56"},{"properties":{"displayName":"[Deprecated]:
Audit Web Sockets state for a Function App","policyType":"BuiltIn","mode":"All","description":"The
Web Sockets protocol is vulnerable to different types of security threats.
Use of Web Sockets within an Function app must be carefully reviewed.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd","type":"Microsoft.Authorization/policyDefinitions","name":"001802d1-4969-4c82-a700-c29c6c6f9bbd"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd","type":"Microsoft.Authorization/policyDefinitions","name":"001802d1-4969-4c82-a700-c29c6c6f9bbd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1375 - Incident Response Assistance | Automation Support For
+ Availability Of Information / Support","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1375"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/00379355-8932-4b52-b63a-3bc6daf3451a","type":"Microsoft.Authorization/policyDefinitions","name":"00379355-8932-4b52-b63a-3bc6daf3451a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1605 - Developer Security Testing And Evaluation | Static
+ Code Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1605"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0062eb8b-dc75-4718-8ea5-9bb4a9606655","type":"Microsoft.Authorization/policyDefinitions","name":"0062eb8b-dc75-4718-8ea5-9bb4a9606655"},{"properties":{"displayName":"Microsoft
+ Managed Control 1142 - Security Assessment And Authorization Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1142"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/01524fa8-4555-48ce-ba5f-c3b8dcef5147","type":"Microsoft.Authorization/policyDefinitions","name":"01524fa8-4555-48ce-ba5f-c3b8dcef5147"},{"properties":{"displayName":"Microsoft
+ Managed Control 1099 - Security Training Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1099"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/01910bab-8639-4bd0-84ef-cc53b24d79ba","type":"Microsoft.Authorization/policyDefinitions","name":"01910bab-8639-4bd0-84ef-cc53b24d79ba"},{"properties":{"displayName":"Microsoft
+ Managed Control 1285 - Telecommunications Services | Provider Contingency
+ Plan","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1285"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/01f7726b-db54-45c2-bcb5-9bd7a43796ee","type":"Microsoft.Authorization/policyDefinitions","name":"01f7726b-db54-45c2-bcb5-9bd7a43796ee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1709 - Security Function Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1709"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/025992d6-7fee-4137-9bbf-2ffc39c0686c","type":"Microsoft.Authorization/policyDefinitions","name":"025992d6-7fee-4137-9bbf-2ffc39c0686c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1052 - Session Lock","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1052"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/027cae1c-ec3e-4492-9036-4168d540c42a","type":"Microsoft.Authorization/policyDefinitions","name":"027cae1c-ec3e-4492-9036-4168d540c42a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1034 - Least Privilege","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1034"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02a5ed00-6d2e-4e97-9a98-46c32c057329","type":"Microsoft.Authorization/policyDefinitions","name":"02a5ed00-6d2e-4e97-9a98-46c32c057329"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs on which the remote host connection status
does not match the specified one","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -7108,12 +11234,68 @@ interactions:
auditing Windows virtual machines on which the remote host connection status
does not match the specified one. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsRemoteConnection","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02a84be7-c304-421f-9bb7-5d2c26af54ad","type":"Microsoft.Authorization/policyDefinitions","name":"02a84be7-c304-421f-9bb7-5d2c26af54ad"},{"properties":{"displayName":"SQL
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsRemoteConnection","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02a84be7-c304-421f-9bb7-5d2c26af54ad","type":"Microsoft.Authorization/policyDefinitions","name":"02a84be7-c304-421f-9bb7-5d2c26af54ad"},{"properties":{"displayName":"Microsoft
+ Managed Control 1623 - Boundary Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1623"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02ce1b22-412a-4528-8630-c42146f917ed","type":"Microsoft.Authorization/policyDefinitions","name":"02ce1b22-412a-4528-8630-c42146f917ed"},{"properties":{"displayName":"Microsoft
+ Managed Control 1515 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1515"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02dd141a-a2b2-49a7-bcbd-ca31142f6211","type":"Microsoft.Authorization/policyDefinitions","name":"02dd141a-a2b2-49a7-bcbd-ca31142f6211"},{"properties":{"displayName":"Microsoft
+ Managed Control 1327 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1327"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03188d8f-1ae5-4fe1-974d-2d7d32ef937d","type":"Microsoft.Authorization/policyDefinitions","name":"03188d8f-1ae5-4fe1-974d-2d7d32ef937d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1229 - Information System Component Inventory | No Duplicate
+ Accounting Of Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1229"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03752212-103c-4ab8-a306-7e813022ca9d","type":"Microsoft.Authorization/policyDefinitions","name":"03752212-103c-4ab8-a306-7e813022ca9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1123 - Audit Review, Analysis, And Reporting | Audit Level
+ Adjustment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1123"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03996055-37a4-45a5-8b70-3f1caa45f87d","type":"Microsoft.Authorization/policyDefinitions","name":"03996055-37a4-45a5-8b70-3f1caa45f87d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1474 - Emergency Power | Long-Term Alternate Power Supply
+ - Minimal Operational Capability","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1474"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03ad326e-d7a1-44b1-9a76-e17492efc9e4","type":"Microsoft.Authorization/policyDefinitions","name":"03ad326e-d7a1-44b1-9a76-e17492efc9e4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1227 - Information System Component Inventory | Automated
+ Unauthorized Component Detection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1227"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03b78f5e-4877-4303-b0f4-eb6583f25768","type":"Microsoft.Authorization/policyDefinitions","name":"03b78f5e-4877-4303-b0f4-eb6583f25768"},{"properties":{"displayName":"Microsoft
+ Managed Control 1361 - Incident Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1361"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03ed3be1-7276-4452-9a5d-e4168565ac67","type":"Microsoft.Authorization/policyDefinitions","name":"03ed3be1-7276-4452-9a5d-e4168565ac67"},{"properties":{"displayName":"Microsoft
+ Managed Control 1594 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1594"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/042ba2a1-8bb8-45f4-b080-c78cf62b90e9","type":"Microsoft.Authorization/policyDefinitions","name":"042ba2a1-8bb8-45f4-b080-c78cf62b90e9"},{"properties":{"displayName":"SQL
managed instance TDE protector should be encrypted with your own key","policyType":"BuiltIn","mode":"Indexed","description":"Transparent
Data Encryption (TDE) with your own key support provides increased transparency
and control over the TDE Protector, increased security with an HSM-backed
external service, and promotion of separation of duties.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/encryptionProtector","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/managedInstances/encryptionProtector/serverKeyType","equals":"AzureKeyVault"},{"field":"Microsoft.Sql/managedInstances/encryptionProtector/uri","notEquals":""},{"field":"Microsoft.Sql/managedInstances/encryptionProtector/uri","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","type":"Microsoft.Authorization/policyDefinitions","name":"048248b0-55cd-46da-b1ff-39efd52db260"},{"properties":{"displayName":"[Preview]:
+ Network traffic data collection agent should be installed on Linux virtual
+ machines","policyType":"BuiltIn","mode":"Indexed","description":"Security
+ Center uses the Microsoft Monitoring Dependency Agent to collect network traffic
+ data from your Azure virtual machines to enable advanced network protection
+ features such as traffic visualization on the network map, network hardening
+ recommendations and specific network threats.","metadata":{"category":"Monitoring","preview":"true"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable Dependency Agent for Linux VMs monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/04c4380f-3fae-46e8-96c9-30193528f602","type":"Microsoft.Authorization/policyDefinitions","name":"04c4380f-3fae-46e8-96c9-30193528f602"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Service Bus to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Service Bus to stream to a regional Log Analytics
+ workspace when any Service Bus which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.ServiceBus/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e","type":"Microsoft.Authorization/policyDefinitions","name":"04d53d87-841c-4f23-8a5b-21564380b55e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1572 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1572"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/04f5fb00-80bb-48a9-a75b-4cb4d4c97c36","type":"Microsoft.Authorization/policyDefinitions","name":"04f5fb00-80bb-48a9-a75b-4cb4d4c97c36"},{"properties":{"displayName":"[Preview]:
Deploy Log Analytics Agent for Linux VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined
and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log
@@ -7126,19 +11308,60 @@ interactions:
''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77","type":"Microsoft.Authorization/policyDefinitions","name":"053d3325-282c-4e5c-b944-24faffd30d77"},{"properties":{"displayName":"Diagnostic
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77","type":"Microsoft.Authorization/policyDefinitions","name":"053d3325-282c-4e5c-b944-24faffd30d77"},{"properties":{"displayName":"Microsoft
+ Managed Control 1331 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1331"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05460fe2-301f-4ed1-8174-d62c8bb92ff4","type":"Microsoft.Authorization/policyDefinitions","name":"05460fe2-301f-4ed1-8174-d62c8bb92ff4"},{"properties":{"displayName":"Vulnerability
+ Assessment settings for SQL server should contain an email address to receive
+ scan reports","policyType":"BuiltIn","mode":"Indexed","description":"Ensure
+ that an email address is provided for the ''Send scan reports to'' field in
+ the Vulnerability Assessment settings. This email address receives scan result
+ summary after a periodic scan runs on SQL servers.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/vulnerabilityAssessments/default.recurringScans.emails[*]","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9","type":"Microsoft.Authorization/policyDefinitions","name":"057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9"},{"properties":{"displayName":"Diagnostic
logs in Azure Data Lake Store should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Data Lake"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","type":"Microsoft.Authorization/policyDefinitions","name":"057ef27e-665e-4328-8ea3-04b3122bd9fb"},{"properties":{"displayName":"Audit
- SQL DB Level Audit Setting","policyType":"BuiltIn","mode":"All","description":"Audit
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","type":"Microsoft.Authorization/policyDefinitions","name":"057ef27e-665e-4328-8ea3-04b3122bd9fb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1132 - Protection Of Audit Information | Audit Backup On Separate
+ Physical Systems / Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1132"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05938e10-cdbd-4a54-9b2b-1cbcfc141ad0","type":"Microsoft.Authorization/policyDefinitions","name":"05938e10-cdbd-4a54-9b2b-1cbcfc141ad0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1223 - Information System Component Inventory","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1223"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a","type":"Microsoft.Authorization/policyDefinitions","name":"05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1640 - Transmission Confidentiality And Integrity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1640"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05a289ce-6a20-4b75-a0f3-dc8601b6acd0","type":"Microsoft.Authorization/policyDefinitions","name":"05a289ce-6a20-4b75-a0f3-dc8601b6acd0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1420 - Maintenance Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1420"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05ae08cc-a282-413b-90c7-21a2c60b8404","type":"Microsoft.Authorization/policyDefinitions","name":"05ae08cc-a282-413b-90c7-21a2c60b8404"},{"properties":{"displayName":"Microsoft
+ Managed Control 1658 - Secure Name / Address Resolution Service (Recursive
+ Or Caching Resolver)","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1658"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/063b540e-4bdc-4e7a-a569-3a42ddf22098","type":"Microsoft.Authorization/policyDefinitions","name":"063b540e-4bdc-4e7a-a569-3a42ddf22098"},{"properties":{"displayName":"Microsoft
+ Managed Control 1688 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1688"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/063c3f09-e0f0-4587-8fd5-f4276fae675f","type":"Microsoft.Authorization/policyDefinitions","name":"063c3f09-e0f0-4587-8fd5-f4276fae675f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1332 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1332"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/068260be-a5e6-4b0a-a430-cd27071c226a","type":"Microsoft.Authorization/policyDefinitions","name":"068260be-a5e6-4b0a-a430-cd27071c226a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1455 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1455"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/068a88d4-e520-434e-baf0-9005a8164e6a","type":"Microsoft.Authorization/policyDefinitions","name":"068a88d4-e520-434e-baf0-9005a8164e6a"},{"properties":{"displayName":"[Deprecated]:
+ Audit SQL DB Level Audit Setting","policyType":"BuiltIn","mode":"All","description":"Audit
DB level audit setting for SQL databases","metadata":{"category":"SQL","deprecated":true},"parameters":{"setting":{"type":"String","metadata":{"displayName":"Audit
Setting"},"allowedValues":["enabled","disabled"]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Sql/servers/databases/auditingSettings","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/auditingSettings.state","equals":"[parameters(''setting'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"Audit
VMs that do not use managed disks","policyType":"BuiltIn","mode":"All","description":"This
- policy audits VMs that do not use managed disks","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/virtualMachines/osDisk.uri","exists":"True"}]},{"allOf":[{"field":"type","equals":"Microsoft.Compute/VirtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers","exists":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl","exists":"True"}]}]}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a4d"},{"properties":{"displayName":"CORS
+ policy audits VMs that do not use managed disks","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/virtualMachines/osDisk.uri","exists":"True"}]},{"allOf":[{"field":"type","equals":"Microsoft.Compute/VirtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers","exists":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl","exists":"True"}]}]}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a4d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1366 - Incident Handling | Information Correlation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1366"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06c45c30-ae44-4f0f-82be-41331da911cc","type":"Microsoft.Authorization/policyDefinitions","name":"06c45c30-ae44-4f0f-82be-41331da911cc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1633 - Boundary Protection | Route Traffic To Authenticated
+ Proxy Servers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1633"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/07557aa0-e02f-4460-9a81-8ecd2fed601a","type":"Microsoft.Authorization/policyDefinitions","name":"07557aa0-e02f-4460-9a81-8ecd2fed601a"},{"properties":{"displayName":"CORS
should not allow every resource to access your Function Apps","policyType":"BuiltIn","mode":"Indexed","description":"Cross-Origin
Resource Sharing (CORS) should not allow all domains to access your Function
app. Allow only required domains to interact with your Function app.","metadata":{"category":"App
@@ -7157,12 +11380,30 @@ interactions:
''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c","type":"Microsoft.Authorization/policyDefinitions","name":"0868462e-646c-4fe3-9ced-a733534b6a2c"},{"properties":{"displayName":"[Deprecated]:
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c","type":"Microsoft.Authorization/policyDefinitions","name":"0868462e-646c-4fe3-9ced-a733534b6a2c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1583 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1583"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0882d488-8e80-4466-bc0f-0cd15b6cb66d","type":"Microsoft.Authorization/policyDefinitions","name":"0882d488-8e80-4466-bc0f-0cd15b6cb66d"},{"properties":{"displayName":"[Deprecated]:
Audit Web Applications that are not using latest supported PHP Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported PHP version for the latest security classes. Using older
classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c","type":"Microsoft.Authorization/policyDefinitions","name":"08b17839-76c6-4015-90e0-33d9d54d219c"},{"properties":{"displayName":"Network
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c","type":"Microsoft.Authorization/policyDefinitions","name":"08b17839-76c6-4015-90e0-33d9d54d219c"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Search Services to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Search Services to stream to a regional Log Analytics
+ workspace when any Search Services which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Search/searchServices/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d","type":"Microsoft.Authorization/policyDefinitions","name":"08ba64b8-738f-4918-9686-730d2ed79c7d"},{"properties":{"displayName":"Network
Security Group Rules for Internet facing virtual machines should be hardened","policyType":"BuiltIn","mode":"Indexed","description":"Azure
Security Center analyzes the traffic patterns of Internet facing virtual machines
and provides Network Security Group rule recommendations that reduce the potential
@@ -7171,11 +11412,50 @@ interactions:
should be more than one owner assigned to your subscription","policyType":"BuiltIn","mode":"All","description":"It
is recommended to designate more than one subscription owner in order to have
administrator access redundancy.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateMoreThanOneOwner","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","type":"Microsoft.Authorization/policyDefinitions","name":"09024ccc-0c5f-475e-9457-b7c0d9ed487b"},{"properties":{"displayName":"Disk
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateMoreThanOneOwner","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","type":"Microsoft.Authorization/policyDefinitions","name":"09024ccc-0c5f-475e-9457-b7c0d9ed487b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1159 - Security Authorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1159"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0925f098-7877-450b-8ba4-d1e55f2d8795","type":"Microsoft.Authorization/policyDefinitions","name":"0925f098-7877-450b-8ba4-d1e55f2d8795"},{"properties":{"displayName":"Disk
encryption should be applied on virtual machines","policyType":"BuiltIn","mode":"All","description":"VMs
without an enabled disk encryption will be monitored by Azure Security Center
as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","type":"Microsoft.Authorization/policyDefinitions","name":"0961003e-5a0a-4549-abde-af6a37f2724d"},{"properties":{"displayName":"Audit
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","type":"Microsoft.Authorization/policyDefinitions","name":"0961003e-5a0a-4549-abde-af6a37f2724d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1302 - Identification And Authentication (Org. Users) | Network
+ Access To Non-Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1302"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09828c65-e323-422b-9774-9d5c646124da","type":"Microsoft.Authorization/policyDefinitions","name":"09828c65-e323-422b-9774-9d5c646124da"},{"properties":{"displayName":"Configure
+ backup on VMs of a location to an existing central Vault in the same location","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy configures Azure Backup protection on VMs in a given location to an
+ existing central vault in the same location. It applies to only those VMs
+ that are not already configured for backup. It is recommended that this policy
+ is assigned to not more than 200 VMs. If the policy is assigned for more than
+ 200 VMs, it can result in the backup getting triggered a few hours beyond
+ the defined schedule. This policy will be enhanced to support more VM images.","metadata":{"category":"Backup"},"parameters":{"vaultLocation":{"type":"String","metadata":{"displayName":"Location
+ (Specify the location of the VMs that you want to protect)","description":"Specify
+ the location of the VMs that you want to protect. VMs should be backed up
+ to a vault in the same location.\nFor example - southeastasia","strongType":"location"}},"backupPolicyId":{"type":"String","metadata":{"displayName":"Backup
+ Policy (of type Azure VM from a vault in the location chosen above)","description":"Specify
+ the id of the Azure backup policy to configure backup of the virtual machines.
+ The selected Azure backup policy should be of type Azure virtual machine.
+ This policy needs to be in a vault that is present in the location chosen
+ above.\nFor example - /subscriptions//resourceGroups//providers/Microsoft.RecoveryServices/vaults//backupPolicies/","strongType":"Microsoft.RecoveryServices/vaults/backupPolicies"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["deployIfNotExists","auditIfNotExists","disabled"],"defaultValue":"deployIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"location","equals":"[parameters(''vaultLocation'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c","/providers/microsoft.authorization/roleDefinitions/5e467623-bb1f-42f4-a55d-6e525e11384b"],"type":"Microsoft.RecoveryServices/backupprotecteditems","deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"backupPolicyId":{"type":"String"},"fabricName":{"type":"String"},"protectionContainers":{"type":"String"},"protectedItems":{"type":"String"},"sourceResourceId":{"type":"String"}},"resources":[{"apiVersion":"2017-05-10","name":"[concat(''DeployProtection-'',uniqueString(parameters(''protectedItems'')))]","type":"Microsoft.Resources/deployments","resourceGroup":"[first(skip(split(parameters(''backupPolicyId''),
+ ''/''), 4))]","subscriptionId":"[first(skip(split(parameters(''backupPolicyId''),
+ ''/''), 2))]","properties":{"mode":"Incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"backupPolicyId":{"type":"String"},"fabricName":{"type":"String"},"protectionContainers":{"type":"String"},"protectedItems":{"type":"String"},"sourceResourceId":{"type":"String"}},"resources":[{"type":"Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems","name":"[concat(first(skip(split(parameters(''backupPolicyId''),
+ ''/''), 8)), ''/'', parameters(''fabricName''), ''/'',parameters(''protectionContainers''),
+ ''/'', parameters(''protectedItems''))]","apiVersion":"2016-06-01","properties":{"protectedItemType":"Microsoft.Compute/virtualMachines","policyId":"[parameters(''backupPolicyId'')]","sourceResourceId":"[parameters(''sourceResourceId'')]"}}]},"parameters":{"backupPolicyId":{"value":"[parameters(''backupPolicyId'')]"},"fabricName":{"value":"[parameters(''fabricName'')]"},"protectionContainers":{"value":"[parameters(''protectionContainers'')]"},"protectedItems":{"value":"[parameters(''protectedItems'')]"},"sourceResourceId":{"value":"[parameters(''sourceResourceId'')]"}}}}]},"parameters":{"backupPolicyId":{"value":"[parameters(''backupPolicyId'')]"},"fabricName":{"value":"Azure"},"protectionContainers":{"value":"[concat(''iaasvmcontainer;iaasvmcontainerv2;'',
+ resourceGroup().name, '';'' ,field(''name''))]"},"protectedItems":{"value":"[concat(''vm;iaasvmcontainerv2;'',
+ resourceGroup().name, '';'' ,field(''name''))]"},"sourceResourceId":{"value":"[concat(''/subscriptions/'',
+ subscription().subscriptionId, ''/resourceGroups/'', resourceGroup().name,
+ ''/providers/Microsoft.Compute/virtualMachines/'',field(''name''))]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09ce66bc-1220-4153-8104-e3f51c936913","type":"Microsoft.Authorization/policyDefinitions","name":"09ce66bc-1220-4153-8104-e3f51c936913"},{"properties":{"displayName":"Microsoft
+ Managed Control 1654 - Voice Over Internet Protocol","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1654"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a2ee16e-ab1f-414a-800b-d1608835862b","type":"Microsoft.Authorization/policyDefinitions","name":"0a2ee16e-ab1f-414a-800b-d1608835862b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1402 - Controlled Maintenance | Automated Maintenance Activities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1402"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a560d32-8075-4fec-9615-9f7c853f4ea9","type":"Microsoft.Authorization/policyDefinitions","name":"0a560d32-8075-4fec-9615-9f7c853f4ea9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1428 - Media Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1428"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a77fcc7-b8d8-451a-ab52-56197913c0c7","type":"Microsoft.Authorization/policyDefinitions","name":"0a77fcc7-b8d8-451a-ab52-56197913c0c7"},{"properties":{"displayName":"Audit
resource location matches resource group location","policyType":"BuiltIn","mode":"Indexed","description":"Audit
that the resource location matches its resource group location","metadata":{"category":"General"},"policyRule":{"if":{"field":"location","notIn":["[resourcegroup().location]","global"]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a","type":"Microsoft.Authorization/policyDefinitions","name":"0a914e76-4921-4c19-b460-a2d36003525a"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
@@ -7188,13 +11468,26 @@ interactions:
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesAccountManagement","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesAccountManagement"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29","type":"Microsoft.Authorization/policyDefinitions","name":"0a9991e6-21be-49f9-8916-a06d934bcf29"},{"properties":{"displayName":"Email
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29","type":"Microsoft.Authorization/policyDefinitions","name":"0a9991e6-21be-49f9-8916-a06d934bcf29"},{"properties":{"displayName":"Microsoft
+ Managed Control 1044 - Unsuccessful Logon Attempts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1044"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0abbac52-57cf-450d-8408-1208d0dd9e90","type":"Microsoft.Authorization/policyDefinitions","name":"0abbac52-57cf-450d-8408-1208d0dd9e90"},{"properties":{"displayName":"Microsoft
+ Managed Control 1253 - Contingency Plan | Resume Essential Missions / Business
+ Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1253"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0afce0b3-dd9f-42bb-af28-1e4284ba8311","type":"Microsoft.Authorization/policyDefinitions","name":"0afce0b3-dd9f-42bb-af28-1e4284ba8311"},{"properties":{"displayName":"Email
notification to subscription owner for high severity alerts should be enabled","policyType":"BuiltIn","mode":"All","description":"Enable
emailing security alerts to the subscription owner, in order to have them
receive security alert emails from Microsoft. This ensures that they are aware
of any potential security issues and can mitigate the risk in a timely fashion","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertsToAdmins","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","type":"Microsoft.Authorization/policyDefinitions","name":"0b15565f-aa9e-48ba-8619-45960f2c314d"},{"properties":{"displayName":"Key
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertsToAdmins","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","type":"Microsoft.Authorization/policyDefinitions","name":"0b15565f-aa9e-48ba-8619-45960f2c314d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1046 - Automatic Account Lock | Purge / Wipe Mobile Device","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1046"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b1aa965-7502-41f9-92be-3e2fe7cc392a","type":"Microsoft.Authorization/policyDefinitions","name":"0b1aa965-7502-41f9-92be-3e2fe7cc392a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1020 - Account Management | Role-Based Schemes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1020"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b291ee8-3140-4cad-beb7-568c077c78ce","type":"Microsoft.Authorization/policyDefinitions","name":"0b291ee8-3140-4cad-beb7-568c077c78ce"},{"properties":{"displayName":"Key
Vault objects should be recoverable","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits if key vault objects are not recoverable. Soft Delete feature
helps to effectively hold the resources for a given retention period (90 days)
@@ -7203,19 +11496,51 @@ interactions:
state cannot be purged until the retention period of 90 days has passed. These
vaults and objects can still be recovered, assuring customers that the retention
policy will be followed.","metadata":{"category":"Key Vault"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"anyOf":[{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","equals":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","type":"Microsoft.Authorization/policyDefinitions","name":"0b60c0b2-2dc2-4e1c-b5c9-abbed971de53"},{"properties":{"displayName":"SQL
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"anyOf":[{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","equals":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","type":"Microsoft.Authorization/policyDefinitions","name":"0b60c0b2-2dc2-4e1c-b5c9-abbed971de53"},{"properties":{"displayName":"Microsoft
+ Managed Control 1115 - Audit Review, Analysis, And Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1115"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b653845-2ad9-4e09-a4f3-5a7c1d78353d","type":"Microsoft.Authorization/policyDefinitions","name":"0b653845-2ad9-4e09-a4f3-5a7c1d78353d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1239 - User-Installed Software","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1239"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0be51298-f643-4556-88af-d7db90794879","type":"Microsoft.Authorization/policyDefinitions","name":"0be51298-f643-4556-88af-d7db90794879"},{"properties":{"displayName":"Ensure
+ API app has ''Client Certificates (Incoming client certificates)'' set to
+ ''On''","policyType":"BuiltIn","mode":"Indexed","description":"Client certificates
+ allow for the app to request a certificate for incoming requests. Only clients
+ that have a valid certificate will be able to reach the app.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"},{"field":"Microsoft.Web/sites/clientCertEnabled","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886","type":"Microsoft.Authorization/policyDefinitions","name":"0c192fe8-9cbb-4516-85b3-0ade8bd03886"},{"properties":{"displayName":"Microsoft
+ Managed Control 1496 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1496"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0ca96127-2f87-46ab-a4fc-0d2a786df1c8","type":"Microsoft.Authorization/policyDefinitions","name":"0ca96127-2f87-46ab-a4fc-0d2a786df1c8"},{"properties":{"displayName":"SQL
server TDE protector should be encrypted with your own key","policyType":"BuiltIn","mode":"Indexed","description":"Transparent
Data Encryption (TDE) with your own key support provides increased transparency
and control over the TDE Protector, increased security with an HSM-backed
external service, and promotion of separation of duties.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/encryptionProtector","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/servers/encryptionProtector/serverKeyType","equals":"AzureKeyVault"},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","notEquals":""},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","type":"Microsoft.Authorization/policyDefinitions","name":"0d134df8-db83-46fb-ad72-fe0c9428c8dd"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/encryptionProtector","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/servers/encryptionProtector/serverKeyType","equals":"AzureKeyVault"},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","notEquals":""},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","type":"Microsoft.Authorization/policyDefinitions","name":"0d134df8-db83-46fb-ad72-fe0c9428c8dd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1518 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1518"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d58f734-c052-40e9-8b2f-a1c2bff0b815","type":"Microsoft.Authorization/policyDefinitions","name":"0d58f734-c052-40e9-8b2f-a1c2bff0b815"},{"properties":{"displayName":"Microsoft
+ Managed Control 1713 - Software, Firmware, And Information Integrity | Integrity
+ Checks","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1713"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d87c70b-5012-48e9-994b-e70dd4b8def0","type":"Microsoft.Authorization/policyDefinitions","name":"0d87c70b-5012-48e9-994b-e70dd4b8def0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1466 - Visitor Access Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1466"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d943a9c-a6f1-401f-a792-740cdb09c451","type":"Microsoft.Authorization/policyDefinitions","name":"0d943a9c-a6f1-401f-a792-740cdb09c451"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs on which Windows Defender Exploit Guard
is not enabled","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines on which Windows Defender Exploit Guard is not enabled. For
more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDefenderExploitGuard","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053","type":"Microsoft.Authorization/policyDefinitions","name":"0d9b45ff-9ddd-43fc-bf59-fbd1c8423053"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDefenderExploitGuard","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053","type":"Microsoft.Authorization/policyDefinitions","name":"0d9b45ff-9ddd-43fc-bf59-fbd1c8423053"},{"properties":{"displayName":"Managed
+ identity should be used in your Function App","policyType":"BuiltIn","mode":"Indexed","description":"Use
+ a managed identity for enhanced authentication security","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f","type":"Microsoft.Authorization/policyDefinitions","name":"0da106f2-4ca3-48e8-bc85-c638fe6aea8f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1718 - Software, Firmware, And Information Integrity | Binary
+ Or Machine Executable Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1718"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0dced7ab-9ce5-4137-93aa-14c13e06ab17","type":"Microsoft.Authorization/policyDefinitions","name":"0dced7ab-9ce5-4137-93aa-14c13e06ab17"},{"properties":{"displayName":"[Preview]:
Authorized IP ranges should be defined on Kubernetes Services","policyType":"BuiltIn","mode":"All","description":"Restrict
access to the Kubernetes Service Management API by granting API access only
to IP addresses in specific ranges. It is recommended to limit access to authorized
@@ -7225,7 +11550,42 @@ interactions:
debugging should be turned off for Function Apps","policyType":"BuiltIn","mode":"Indexed","description":"Remote
debugging requires inbound ports to be opened on an function app. Remote debugging
should be turned off.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","type":"Microsoft.Authorization/policyDefinitions","name":"0e60b895-3786-45da-8377-9c6b4b6ac5f9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","type":"Microsoft.Authorization/policyDefinitions","name":"0e60b895-3786-45da-8377-9c6b4b6ac5f9"},{"properties":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for MariaDB","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure Database for MariaDB with geo-redundant backup not
+ enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMariaDB/servers"},{"field":"Microsoft.DBforMariaDB/servers/storageProfile.geoRedundantBackup","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","type":"Microsoft.Authorization/policyDefinitions","name":"0ec47710-77ff-4a3d-9181-6aa50af424d0"},{"properties":{"displayName":"Deploy
+ prerequisites to enable Guest Configuration Policy on Windows VMs.","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a system-assigned managed identity and deploys the VM extension
+ for Guest Configuration on Windows VMs. This is a prerequisites for Guest
+ Configuration Policy and must be assigned to the scope before using any Guest
+ Configuration policy. For more information on Guest Configuration policies,
+ please visit https://aka.ms/gcpol.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.Compute/virtualMachines/extensions","name":"AzurePolicyforWindows","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.GuestConfiguration"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"ConfigurationforWindows"}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"resources":[{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}}}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0ecd903d-91e7-4726-83d3-a229d7f2e293","type":"Microsoft.Authorization/policyDefinitions","name":"0ecd903d-91e7-4726-83d3-a229d7f2e293"},{"properties":{"displayName":"Microsoft
+ Managed Control 1601 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1601"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e","type":"Microsoft.Authorization/policyDefinitions","name":"0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1476 - Fire Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1476"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f3c4ac2-3e35-4906-a80b-473b12a622d7","type":"Microsoft.Authorization/policyDefinitions","name":"0f3c4ac2-3e35-4906-a80b-473b12a622d7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1204 - Access Restrictions For Change | Review System Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1204"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f4f6750-d1ab-4a4c-8dfd-af3237682665","type":"Microsoft.Authorization/policyDefinitions","name":"0f4f6750-d1ab-4a4c-8dfd-af3237682665"},{"properties":{"displayName":"Microsoft
+ Managed Control 1430 - Media Marking","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1430"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f559588-5e53-4b14-a7c4-85d28ebc2234","type":"Microsoft.Authorization/policyDefinitions","name":"0f559588-5e53-4b14-a7c4-85d28ebc2234"},{"properties":{"displayName":"Microsoft
+ Managed Control 1574 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1574"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f935dab-83d6-47b8-85ef-68b8584161b9","type":"Microsoft.Authorization/policyDefinitions","name":"0f935dab-83d6-47b8-85ef-68b8584161b9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1164 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1164"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0fb8d3ce-9e96-481c-9c68-88d4e3019310","type":"Microsoft.Authorization/policyDefinitions","name":"0fb8d3ce-9e96-481c-9c68-88d4e3019310"},{"properties":{"displayName":"Microsoft
+ Managed Control 1017 - Account Management | Inactivity Logout","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1017"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0fc3db37-e59a-48c1-84e9-1780cedb409e","type":"Microsoft.Authorization/policyDefinitions","name":"0fc3db37-e59a-48c1-84e9-1780cedb409e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1087 - Security Awareness And Training Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1087"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/100c82ba-42e9-4d44-a2ba-94b209248583","type":"Microsoft.Authorization/policyDefinitions","name":"100c82ba-42e9-4d44-a2ba-94b209248583"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not contain the specified
certificates in Trusted Root","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows VMs that
@@ -7239,14 +11599,34 @@ interactions:
thumbprints","description":"A semicolon-separated list of certificate thumbprints
that should exist under the Trusted Root certificate store (Cert:\\LocalMachine\\Root).
e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsCertificateInTrustedRoot","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude'',
- ''='', parameters(''CertificateThumbprints'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsCertificateInTrustedRoot"},"CertificateThumbprints":{"value":"[parameters(''CertificateThumbprints'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"CertificateThumbprints":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprints'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprints'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/106ccbe4-a791-4f33-a44a-06796944b8d5","type":"Microsoft.Authorization/policyDefinitions","name":"106ccbe4-a791-4f33-a44a-06796944b8d5"},{"properties":{"displayName":"[Preview]:
+ ''='', parameters(''CertificateThumbprints'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsCertificateInTrustedRoot"},"CertificateThumbprints":{"value":"[parameters(''CertificateThumbprints'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"CertificateThumbprints":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprints'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprints'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/106ccbe4-a791-4f33-a44a-06796944b8d5","type":"Microsoft.Authorization/policyDefinitions","name":"106ccbe4-a791-4f33-a44a-06796944b8d5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1554 - Vulnerability Scanning | Discoverable Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1554"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/10984b4e-c93e-48d7-bf20-9c03b04e9eca","type":"Microsoft.Authorization/policyDefinitions","name":"10984b4e-c93e-48d7-bf20-9c03b04e9eca"},{"properties":{"displayName":"Ensure
+ that ''.Net Framework'' version is the latest, if used as a part of the Function
+ App","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for .Net Framework software either due to security
+ flaws or to include additional functionality. Using the latest .Net framework
+ version for web apps is recommended in order to to take advantage of security
+ fixes, if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.netFrameworkVersion","in":["v3.0","v4.0"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/10c1859c-e1a7-4df3-ab97-a487fa8059f6","type":"Microsoft.Authorization/policyDefinitions","name":"10c1859c-e1a7-4df3-ab97-a487fa8059f6"},{"properties":{"displayName":"Custom
+ subscription owner roles should not exist","policyType":"BuiltIn","mode":"All","description":"This
+ policy ensures that no custom subscription owner roles exist.","metadata":{"category":"General"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Authorization/roleDefinitions"},{"field":"Microsoft.Authorization/roleDefinitions/type","equals":"CustomRole"},{"anyOf":[{"not":{"field":"Microsoft.Authorization/roleDefinitions/permissions[*].actions[*]","notEquals":"*"}},{"not":{"field":"Microsoft.Authorization/roleDefinitions/permissions.actions[*]","notEquals":"*"}}]},{"not":{"field":"Microsoft.Authorization/roleDefinitions/assignableScopes[*]","notIn":["[concat(subscription().id,''/'')]","[subscription().id]","/"]}},{"not":{"field":"Microsoft.Authorization/roleDefinitions/assignableScopes[*]","notLike":"/providers/Microsoft.Management/*"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","type":"Microsoft.Authorization/policyDefinitions","name":"10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1230 - Configuration Management Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1230"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11158848-f679-4e9b-aa7b-9fb07d945071","type":"Microsoft.Authorization/policyDefinitions","name":"11158848-f679-4e9b-aa7b-9fb07d945071"},{"properties":{"displayName":"Microsoft
+ Managed Control 1432 - Media Storage","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1432"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1140e542-b80d-4048-af45-3f7245be274b","type":"Microsoft.Authorization/policyDefinitions","name":"1140e542-b80d-4048-af45-3f7245be274b"},{"properties":{"displayName":"[Preview]:
Audit Dependency Agent Deployment - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports
VMs as non-compliant if the VM Image (OS) is not in the list defined and the
agent is not installed. The list of OS images will be updated over time as
@@ -7254,7 +11634,16 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","type":"Microsoft.Authorization/policyDefinitions","name":"11ac78e3-31bc-4f0c-8434-37ab963cea07"},{"properties":{"displayName":"[Preview]:
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","type":"Microsoft.Authorization/policyDefinitions","name":"11ac78e3-31bc-4f0c-8434-37ab963cea07"},{"properties":{"displayName":"Microsoft
+ Managed Control 1655 - Voice Over Internet Protocol","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1655"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/121eab72-390e-4629-a7e2-6d6184f57c6b","type":"Microsoft.Authorization/policyDefinitions","name":"121eab72-390e-4629-a7e2-6d6184f57c6b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1681 - Malicious Code Protection | Automatic Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1681"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12623e7e-4736-4b2e-b776-c1600f35f93a","type":"Microsoft.Authorization/policyDefinitions","name":"12623e7e-4736-4b2e-b776-c1600f35f93a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1240 - User-Installed Software","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1240"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/129eb39f-d79a-4503-84cd-92f036b5e429","type":"Microsoft.Authorization/policyDefinitions","name":"129eb39f-d79a-4503-84cd-92f036b5e429"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- System objects''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -7265,7 +11654,10 @@ interactions:
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsSystemobjects","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsSystemobjects"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12ae2d24-3805-4b37-9fa9-465968bfbcfa","type":"Microsoft.Authorization/policyDefinitions","name":"12ae2d24-3805-4b37-9fa9-465968bfbcfa"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12ae2d24-3805-4b37-9fa9-465968bfbcfa","type":"Microsoft.Authorization/policyDefinitions","name":"12ae2d24-3805-4b37-9fa9-465968bfbcfa"},{"properties":{"displayName":"Microsoft
+ Managed Control 1666 - System And Information Integrity Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1666"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12e30ee3-61e6-4509-8302-a871e8ebb91e","type":"Microsoft.Authorization/policyDefinitions","name":"12e30ee3-61e6-4509-8302-a871e8ebb91e"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that do not have the specified applications
installed","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Windows virtual machines
@@ -7278,14 +11670,33 @@ interactions:
names of the applications that should be installed. e.g. ''Microsoft SQL Server
2014 (64-bit); Microsoft Visual Studio Code'' or ''Microsoft SQL Server 2014*''
(to match any application starting with ''Microsoft SQL Server 2014'')"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WhitelistedApplication","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[InstalledApplication]bwhitelistedapp;Name'',
- ''='', parameters(''installedApplication'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WhitelistedApplication"},"installedApplication":{"value":"[parameters(''installedApplication'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"installedApplication":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]bwhitelistedapp;Name","value":"[parameters(''installedApplication'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]bwhitelistedapp;Name","value":"[parameters(''installedApplication'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6","type":"Microsoft.Authorization/policyDefinitions","name":"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6"},{"properties":{"displayName":"Deploy
+ ''='', parameters(''installedApplication'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WhitelistedApplication"},"installedApplication":{"value":"[parameters(''installedApplication'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"installedApplication":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]bwhitelistedapp;Name","value":"[parameters(''installedApplication'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]bwhitelistedapp;Name","value":"[parameters(''installedApplication'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6","type":"Microsoft.Authorization/policyDefinitions","name":"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1347 - Identification And Authentication (Non-Org. Users)
+ | Acceptance Of PIV Creds. From Other Agys.","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1347"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/131a2706-61e9-4916-a164-00e052056462","type":"Microsoft.Authorization/policyDefinitions","name":"131a2706-61e9-4916-a164-00e052056462"},{"properties":{"displayName":"Microsoft
+ Managed Control 1450 - Physical Access Authorizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1450"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/134d7a13-ba3e-41e2-b236-91bfcfa24e01","type":"Microsoft.Authorization/policyDefinitions","name":"134d7a13-ba3e-41e2-b236-91bfcfa24e01"},{"properties":{"displayName":"Microsoft
+ Managed Control 1184 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1184"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/13579d0e-0ab0-4b26-b0fb-d586f6d7ed20","type":"Microsoft.Authorization/policyDefinitions","name":"13579d0e-0ab0-4b26-b0fb-d586f6d7ed20"},{"properties":{"displayName":"Microsoft
+ Managed Control 1085 - Publicly Accessible Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1085"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/13d117e0-38b0-4bbb-aaab-563be5dd10ba","type":"Microsoft.Authorization/policyDefinitions","name":"13d117e0-38b0-4bbb-aaab-563be5dd10ba"},{"properties":{"displayName":"Microsoft
+ Managed Control 1404 - Maintenance Tools","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1404"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/13d8f903-0cd6-449f-a172-50f6579c182b","type":"Microsoft.Authorization/policyDefinitions","name":"13d8f903-0cd6-449f-a172-50f6579c182b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1695 - Information System Monitoring | Wireless Intrusion
+ Detection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1695"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/13fcf812-ec82-4eda-9b89-498de9efd620","type":"Microsoft.Authorization/policyDefinitions","name":"13fcf812-ec82-4eda-9b89-498de9efd620"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs in which the Administrators group contains
any of the specified members","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -7298,14 +11709,22 @@ interactions:
to exclude","description":"A semicolon-separated list of members that should
be excluded in the Administrators local group. Ex: Administrator; myUser1;
myUser2"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AdministratorsGroupMembersToExclude","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[LocalGroup]AdministratorsGroup;MembersToExclude'',
- ''='', parameters(''MembersToExclude'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AdministratorsGroupMembersToExclude"},"MembersToExclude":{"value":"[parameters(''MembersToExclude'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"MembersToExclude":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToExclude","value":"[parameters(''MembersToExclude'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToExclude","value":"[parameters(''MembersToExclude'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","type":"Microsoft.Authorization/policyDefinitions","name":"144f1397-32f9-4598-8c88-118decc3ccba"},{"properties":{"displayName":"[Preview]:
+ ''='', parameters(''MembersToExclude'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AdministratorsGroupMembersToExclude"},"MembersToExclude":{"value":"[parameters(''MembersToExclude'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"MembersToExclude":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToExclude","value":"[parameters(''MembersToExclude'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToExclude","value":"[parameters(''MembersToExclude'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","type":"Microsoft.Authorization/policyDefinitions","name":"144f1397-32f9-4598-8c88-118decc3ccba"},{"properties":{"displayName":"Microsoft
+ Managed Control 1157 - Plan Of Action And Milestones","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1157"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/15495367-cf68-464c-bbc3-f53ca5227b7a","type":"Microsoft.Authorization/policyDefinitions","name":"15495367-cf68-464c-bbc3-f53ca5227b7a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1491 - Security Planning Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1491"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1571dd40-dafc-4ef4-8f55-16eba27efc7b","type":"Microsoft.Authorization/policyDefinitions","name":"1571dd40-dafc-4ef4-8f55-16eba27efc7b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1564 - System Development Life Cycle","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1564"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/157f0ef9-143f-496d-b8f9-f8c8eeaad801","type":"Microsoft.Authorization/policyDefinitions","name":"157f0ef9-143f-496d-b8f9-f8c8eeaad801"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not have a minimum password
age of 1 day","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -7313,24 +11732,70 @@ interactions:
managed identity and deploys the VM extension for Guest Configuration. This
policy should only be used along with its corresponding audit policy in an
initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","type":"Microsoft.Authorization/policyDefinitions","name":"16390df4-2f73-4b42-af13-c801066763df"},{"properties":{"displayName":"Show
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","type":"Microsoft.Authorization/policyDefinitions","name":"16390df4-2f73-4b42-af13-c801066763df"},{"properties":{"displayName":"Microsoft
+ Managed Control 1662 - Fail In Known State","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1662"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/165cb91f-7ea8-4ab7-beaf-8636b98c9d15","type":"Microsoft.Authorization/policyDefinitions","name":"165cb91f-7ea8-4ab7-beaf-8636b98c9d15"},{"properties":{"displayName":"Microsoft
+ Managed Control 1684 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1684"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16bfdb59-db38-47a5-88a9-2e9371a638cf","type":"Microsoft.Authorization/policyDefinitions","name":"16bfdb59-db38-47a5-88a9-2e9371a638cf"},{"properties":{"displayName":"Show
audit results from Windows VMs that do not have the specified Windows PowerShell
modules installed","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that do not have the specified Windows PowerShell
modules installed. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellModules","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16f9b37c-4408-4c30-bc17-254958f2e2d6","type":"Microsoft.Authorization/policyDefinitions","name":"16f9b37c-4408-4c30-bc17-254958f2e2d6"},{"properties":{"displayName":"Transparent
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellModules","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16f9b37c-4408-4c30-bc17-254958f2e2d6","type":"Microsoft.Authorization/policyDefinitions","name":"16f9b37c-4408-4c30-bc17-254958f2e2d6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1103 - Audit Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1103"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16feeb31-6377-437e-bbab-d7f73911896d","type":"Microsoft.Authorization/policyDefinitions","name":"16feeb31-6377-437e-bbab-d7f73911896d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1007 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1007"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17200329-bf6c-46d8-ac6d-abf4641c2add","type":"Microsoft.Authorization/policyDefinitions","name":"17200329-bf6c-46d8-ac6d-abf4641c2add"},{"properties":{"displayName":"Microsoft
+ Managed Control 1349 - Identification And Authentication (Non-Org. Users)
+ | Use Of FICAM-Approved Products","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1349"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17641f70-94cd-4a5d-a613-3d1143e20e34","type":"Microsoft.Authorization/policyDefinitions","name":"17641f70-94cd-4a5d-a613-3d1143e20e34"},{"properties":{"displayName":"Deploy
+ associations for a managed application","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ an association resource that associates selected resource types to the specified
+ managed application. This policy deployment does not support nested resource
+ types.","metadata":{"category":"Managed Application"},"parameters":{"targetManagedApplicationId":{"type":"String","metadata":{"displayName":"Managed
+ application Id","description":"Resource ID of the managed application to which
+ resources need to be associated."}},"resourceTypesToAssociate":{"type":"Array","metadata":{"displayName":"Resource
+ types to associate","description":"The list of resource types to be associated
+ to the managed application.","strongType":"resourceTypes"}},"associationNamePrefix":{"type":"String","metadata":{"displayName":"Association
+ name prefix","description":"Prefix to be added to the name of the association
+ resource being created."},"defaultValue":"DeployedByPolicy"}},"policyRule":{"if":{"field":"type","in":"[parameters(''resourceTypesToAssociate'')]"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.CustomProviders/Associations","name":"[concat(parameters(''associationNamePrefix''),
+ ''-'', uniqueString(parameters(''targetManagedApplicationId'')))]","roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"associatedResourceName":{"type":"string"},"resourceTypesToAssociate":{"type":"string"},"targetManagedApplicationId":{"type":"string"},"associationNamePrefix":{"type":"string"}},"variables":{"resourceType":"[concat(parameters(''resourceTypesToAssociate''),
+ ''/providers/associations'')]","resourceName":"[concat(parameters(''associatedResourceName''),
+ ''/microsoft.customproviders/'', parameters(''associationNamePrefix''), ''-'',
+ uniqueString(parameters(''targetManagedApplicationId'')))]"},"resources":[{"type":"Microsoft.Resources/deployments","apiVersion":"2017-05-10","name":"[concat(deployment().Name,
+ ''-2'')]","properties":{"mode":"Incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[{"type":"[variables(''resourceType'')]","name":"[variables(''resourceName'')]","apiVersion":"2018-09-01-preview","properties":{"targetResourceId":"[parameters(''targetManagedApplicationId'')]"}}]}}}]},"parameters":{"resourceTypesToAssociate":{"value":"[field(''type'')]"},"associatedResourceName":{"value":"[field(''name'')]"},"targetManagedApplicationId":{"value":"[parameters(''targetManagedApplicationId'')]"},"associationNamePrefix":{"value":"[parameters(''associationNamePrefix'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17763ad9-70c0-4794-9397-53d765932634","type":"Microsoft.Authorization/policyDefinitions","name":"17763ad9-70c0-4794-9397-53d765932634"},{"properties":{"displayName":"Transparent
Data Encryption on SQL databases should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
transparent data encryption status for SQL databases","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"enabled"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"17k78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"Azure
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"enabled"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"17k78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"Microsoft
+ Managed Control 1325 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1325"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1845796a-7581-49b2-ae20-443121538e19","type":"Microsoft.Authorization/policyDefinitions","name":"1845796a-7581-49b2-ae20-443121538e19"},{"properties":{"displayName":"Microsoft
+ Managed Control 1480 - Temperature And Humidity Controls","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1480"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/18a767cc-1947-4338-a240-bc058c81164f","type":"Microsoft.Authorization/policyDefinitions","name":"18a767cc-1947-4338-a240-bc058c81164f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1369 - Incident Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1369"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/18cc35ed-a429-486d-8d59-cb47e87304ed","type":"Microsoft.Authorization/policyDefinitions","name":"18cc35ed-a429-486d-8d59-cb47e87304ed"},{"properties":{"displayName":"Microsoft
+ Managed Control 1269 - Alternate Storage Site | Separation From Primary Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1269"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/19b9439d-865d-4474-b17d-97d2702fdb66","type":"Microsoft.Authorization/policyDefinitions","name":"19b9439d-865d-4474-b17d-97d2702fdb66"},{"properties":{"displayName":"Microsoft
+ Managed Control 1071 - Wireless Access | Restrict Configurations By Users","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1071"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1a437f5b-9ad6-4f28-8861-de404d511ae4","type":"Microsoft.Authorization/policyDefinitions","name":"1a437f5b-9ad6-4f28-8861-de404d511ae4"},{"properties":{"displayName":"Azure
Monitor log profile should collect logs for categories ''write,'' ''delete,''
and ''action''","policyType":"BuiltIn","mode":"All","description":"This policy
ensures that a log profile collects logs for categories ''write,'' ''delete,''
@@ -7345,7 +11810,16 @@ interactions:
SQL managed instances which do not have recurring vulnerability assessment
scans enabled. Vulnerability assessment can discover, track, and help you
remediate potential database vulnerabilities.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/vulnerabilityAssessments/recurringScans.isEnabled","equals":"True"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","type":"Microsoft.Authorization/policyDefinitions","name":"1b7aa243-30e4-4c9e-bca8-d0d3022b634a"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/vulnerabilityAssessments/recurringScans.isEnabled","equals":"True"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","type":"Microsoft.Authorization/policyDefinitions","name":"1b7aa243-30e4-4c9e-bca8-d0d3022b634a"},{"properties":{"displayName":"Ensure
+ that ''PHP version'' is the latest, if used as a part of the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for PHP software either due to security flaws
+ or to include additional functionality. Using the latest PHP version for API
+ apps is recommended in order to to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ PHP version","description":"Latest supported PHP version for App Services"},"defaultValue":"7.3"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PHP"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PHP|'',
+ parameters(''PHPLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":"[parameters(''PHPLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","type":"Microsoft.Authorization/policyDefinitions","name":"1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba"},{"properties":{"displayName":"[Preview]:
Deploy Dependency Agent for Windows VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined
and the agent is not installed. The list of OS images will be updated over
@@ -7353,21 +11827,44 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentWindows","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''),
''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","type":"Microsoft.Authorization/policyDefinitions","name":"1c210e94-a481-4beb-95fa-1571b434fb04"},{"properties":{"displayName":"Virtual
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","type":"Microsoft.Authorization/policyDefinitions","name":"1c210e94-a481-4beb-95fa-1571b434fb04"},{"properties":{"displayName":"Microsoft
+ Managed Control 1072 - Wireless Access | Antennas / Transmission Power Levels","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1072"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1ca29e41-34ec-4e70-aba9-6248aca18c31","type":"Microsoft.Authorization/policyDefinitions","name":"1ca29e41-34ec-4e70-aba9-6248aca18c31"},{"properties":{"displayName":"Microsoft
+ Managed Control 1656 - Secure Name / Address Resolution Service (Authoritative
+ Source)","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1656"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1cb067d5-c8b5-4113-a7ee-0a493633924b","type":"Microsoft.Authorization/policyDefinitions","name":"1cb067d5-c8b5-4113-a7ee-0a493633924b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1592 - External Information System Services | Consistent Interests
+ Of Consumers And Providers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1592"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d01ba6c-289f-42fd-a408-494b355b6222","type":"Microsoft.Authorization/policyDefinitions","name":"1d01ba6c-289f-42fd-a408-494b355b6222"},{"properties":{"displayName":"Microsoft
+ Managed Control 1088 - Security Awareness And Training Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1088"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d50f99d-1356-49c0-934a-45f742ba7783","type":"Microsoft.Authorization/policyDefinitions","name":"1d50f99d-1356-49c0-934a-45f742ba7783"},{"properties":{"displayName":"Microsoft
+ Managed Control 1538 - Security Categorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1538"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d7658b2-e827-49c3-a2ae-6d2bd0b45874","type":"Microsoft.Authorization/policyDefinitions","name":"1d7658b2-e827-49c3-a2ae-6d2bd0b45874"},{"properties":{"displayName":"Virtual
machines should be migrated to new Azure Resource Manager resources","policyType":"BuiltIn","mode":"All","description":"Use
new Azure Resource Manager for your virtual machines to provide security enhancements
such as: stronger access control (RBAC), better auditing, ARM-based deployment
and governance, access to managed identities, access to key vault for secrets,
Azure AD-based authentication and support for tags and resource groups for
easier security management","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.classicCompute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","type":"Microsoft.Authorization/policyDefinitions","name":"1d84d5fb-01f6-4d12-ba4f-4a26081d403d"},{"properties":{"displayName":"[Deprecated]:
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.ClassicCompute/virtualMachines","Microsoft.Compute/virtualMachines"]},{"value":"[field(''type'')]","equals":"Microsoft.ClassicCompute/virtualMachines"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","type":"Microsoft.Authorization/policyDefinitions","name":"1d84d5fb-01f6-4d12-ba4f-4a26081d403d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1298 - Identification And Authentication Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1298"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1dc784b5-4895-4d27-9d40-a06b032bd1ee","type":"Microsoft.Authorization/policyDefinitions","name":"1dc784b5-4895-4d27-9d40-a06b032bd1ee"},{"properties":{"displayName":"[Deprecated]:
Audit API Applications that are not using latest supported .NET Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported .NET Framework version for the latest security classes.
Using older classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestDotNet","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb","type":"Microsoft.Authorization/policyDefinitions","name":"1de7b11d-1870-41a5-8181-507e7c663cfb"},{"properties":{"displayName":"Require
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestDotNet","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb","type":"Microsoft.Authorization/policyDefinitions","name":"1de7b11d-1870-41a5-8181-507e7c663cfb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1595 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1595"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1e0414e7-6ef5-4182-8076-aa82fbb53341","type":"Microsoft.Authorization/policyDefinitions","name":"1e0414e7-6ef5-4182-8076-aa82fbb53341"},{"properties":{"displayName":"Require
tag and its value","policyType":"BuiltIn","mode":"Indexed","description":"Enforces
- a required tag and its value. Does not apply to resource groups.","metadata":{"category":"General"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ a required tag and its value. Does not apply to resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"not":{"field":"[concat(''tags['',
parameters(''tagName''), '']'')]","equals":"[parameters(''tagValue'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62","type":"Microsoft.Authorization/policyDefinitions","name":"1e30110a-5ceb-460c-a204-c1c3969c6d62"},{"properties":{"displayName":"An
@@ -7376,7 +11873,22 @@ interactions:
to enable Azure AD authentication. Azure AD authentication enables simplified
permission management and centralized identity management of database users
and other Microsoft services","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/administrators"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","type":"Microsoft.Authorization/policyDefinitions","name":"1f314764-cb73-4fc9-b863-8eca98ac36e9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/administrators"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","type":"Microsoft.Authorization/policyDefinitions","name":"1f314764-cb73-4fc9-b863-8eca98ac36e9"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Event Hub to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Event Hub to stream to a regional Log Analytics
+ workspace when any Event Hub which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.EventHub/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ArchiveLogs","enabled":true,"retentionPolicy":{"enabled":false,"days":0}},{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"AutoScaleLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"KafkaCoordinatorLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"EventHubVNetConnectionEvent","enabled":"[parameters(''logsEnabled'')]"},{"category":"CustomerManagedKeyUserLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579","type":"Microsoft.Authorization/policyDefinitions","name":"1f6e93e8-6b31-41b1-83f6-36e449a42579"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Shutdown''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -7401,24 +11913,47 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Shutdown:
Allow system to be shut down without having to log on;ExpectedValue","value":"[parameters(''ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn'')]"},{"name":"Shutdown:
Clear virtual memory pagefile;ExpectedValue","value":"[parameters(''ShutdownClearVirtualMemoryPagefile'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f8c20ce-3414-4496-8b26-0e902a1541da","type":"Microsoft.Authorization/policyDefinitions","name":"1f8c20ce-3414-4496-8b26-0e902a1541da"},{"properties":{"displayName":"The
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f8c20ce-3414-4496-8b26-0e902a1541da","type":"Microsoft.Authorization/policyDefinitions","name":"1f8c20ce-3414-4496-8b26-0e902a1541da"},{"properties":{"displayName":"Microsoft
+ Managed Control 1616 - System And Communications Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1616"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2006457a-48b3-4f7b-8d2e-1532287f9929","type":"Microsoft.Authorization/policyDefinitions","name":"2006457a-48b3-4f7b-8d2e-1532287f9929"},{"properties":{"displayName":"Microsoft
+ Managed Control 1650 - Public Key Infrastructure Certificates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1650"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/201d3740-bd16-4baf-b4b8-7cda352228b7","type":"Microsoft.Authorization/policyDefinitions","name":"201d3740-bd16-4baf-b4b8-7cda352228b7"},{"properties":{"displayName":"The
NSGs rules for web applications on IaaS should be hardened","policyType":"BuiltIn","mode":"All","description":"Azure
security center has discovered that some of your virtual machines are running
web applications, and the NSGs associated to these virtual machines are overly
permissive with regards to the web application ports","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedWebApplication","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","type":"Microsoft.Authorization/policyDefinitions","name":"201ea587-7c90-41c3-910f-c280ae01cfd6"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedWebApplication","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","type":"Microsoft.Authorization/policyDefinitions","name":"201ea587-7c90-41c3-910f-c280ae01cfd6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1181 - Baseline Configuration | Retention Of Previous Configurations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1181"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21839937-d241-4fa5-95c6-b669253d9ab9","type":"Microsoft.Authorization/policyDefinitions","name":"21839937-d241-4fa5-95c6-b669253d9ab9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1111 - Response To Audit Processing Failures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1111"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21de687c-f15e-4e51-bf8d-f35c8619965b","type":"Microsoft.Authorization/policyDefinitions","name":"21de687c-f15e-4e51-bf8d-f35c8619965b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1596 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1596"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21e25e01-0ae0-41be-919e-04ce92b8e8b8","type":"Microsoft.Authorization/policyDefinitions","name":"21e25e01-0ae0-41be-919e-04ce92b8e8b8"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Audit''","policyType":"BuiltIn","mode":"All","description":"This policy should
only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Security
Options - Audit''. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAudit","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21e2995e-683e-497a-9e81-2f42ad07050a","type":"Microsoft.Authorization/policyDefinitions","name":"21e2995e-683e-497a-9e81-2f42ad07050a"},{"properties":{"displayName":"[Deprecated]:
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAudit","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21e2995e-683e-497a-9e81-2f42ad07050a","type":"Microsoft.Authorization/policyDefinitions","name":"21e2995e-683e-497a-9e81-2f42ad07050a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1426 - Media Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1426"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21f639bc-f42b-46b1-8f40-7a2a389c291a","type":"Microsoft.Authorization/policyDefinitions","name":"21f639bc-f42b-46b1-8f40-7a2a389c291a"},{"properties":{"displayName":"[Deprecated]:
Audit API Apps that are not using custom domains","policyType":"BuiltIn","mode":"All","description":"Use
of custom domains protects a API app from common attacks such as phishing
and other DNS-related attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac","type":"Microsoft.Authorization/policyDefinitions","name":"224da9fe-0d38-4e79-adb3-0a6e2af942ac"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac","type":"Microsoft.Authorization/policyDefinitions","name":"224da9fe-0d38-4e79-adb3-0a6e2af942ac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1399 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1399"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2256e638-eb23-480f-9e15-6cf1af0a76b3","type":"Microsoft.Authorization/policyDefinitions","name":"2256e638-eb23-480f-9e15-6cf1af0a76b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1221 - Least Functionality | Authorized Software / Whitelisting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1221"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22589a07-0007-486a-86ca-95355081ae2a","type":"Microsoft.Authorization/policyDefinitions","name":"22589a07-0007-486a-86ca-95355081ae2a"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Account Management''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -7431,7 +11966,9 @@ interactions:
remote management ports are exposing your VM to a high level of risk from
Internet-based attacks. These attacks attempt to brute force credentials to
gain admin access to the machine.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"restrictAccessToManagementPorts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","type":"Microsoft.Authorization/policyDefinitions","name":"22730e10-96f6-4aac-ad84-9383d35b5917"},{"properties":{"displayName":"Only
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"restrictAccessToManagementPorts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","type":"Microsoft.Authorization/policyDefinitions","name":"22730e10-96f6-4aac-ad84-9383d35b5917"},{"properties":{"displayName":"Microsoft
+ Managed Control 1493 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1493"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22b469b3-fccf-42da-aa3b-a28e6fb113ce","type":"Microsoft.Authorization/policyDefinitions","name":"22b469b3-fccf-42da-aa3b-a28e6fb113ce"},{"properties":{"displayName":"Only
secure connections to your Redis Cache should be enabled","policyType":"BuiltIn","mode":"All","description":"Audit
enabling of only connections via SSL to Redis Cache. Use of secure connections
ensures authentication between the server and the service and protects data
@@ -7446,33 +11983,99 @@ interactions:
Guest Configuration. This policy should only be used along with its corresponding
audit policy in an initiative. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordLength"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","type":"Microsoft.Authorization/policyDefinitions","name":"23020aa6-1135-4be2-bae2-149982b06eca"},{"properties":{"displayName":"[Preview]:
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordLength"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","type":"Microsoft.Authorization/policyDefinitions","name":"23020aa6-1135-4be2-bae2-149982b06eca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1256 - Contingency Plan | Identify Critical Assets","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1256"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/232ab24b-810b-4640-9019-74a7d0d6a980","type":"Microsoft.Authorization/policyDefinitions","name":"232ab24b-810b-4640-9019-74a7d0d6a980"},{"properties":{"displayName":"Service
+ Bus should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Service Bus not configured to use a virtual network service
+ endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.ServiceBus/namespaces/virtualNetworkRules","existenceCondition":{"field":"Microsoft.ServiceBus/namespaces/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/235359c5-7c52-4b82-9055-01c75cf9f60e","type":"Microsoft.Authorization/policyDefinitions","name":"235359c5-7c52-4b82-9055-01c75cf9f60e"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Stream Analytics to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Stream Analytics to stream to a regional Log Analytics
+ workspace when any Stream Analytics which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingjobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.StreamAnalytics/streamingjobs/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Execution","enabled":"[parameters(''logsEnabled'')]"},{"category":"Authoring","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673","type":"Microsoft.Authorization/policyDefinitions","name":"237e0f7e-b0e8-4ec4-ad46-8c12cb66d673"},{"properties":{"displayName":"Microsoft
+ Managed Control 1268 - Alternate Storage Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1268"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/23f6e984-3053-4dfc-ab48-543b764781f5","type":"Microsoft.Authorization/policyDefinitions","name":"23f6e984-3053-4dfc-ab48-543b764781f5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1122 - Audit Review, Analysis, And Reporting | Permitted Actions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1122"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/243ec95e-800c-49d4-ba52-1fdd9f6b8b57","type":"Microsoft.Authorization/policyDefinitions","name":"243ec95e-800c-49d4-ba52-1fdd9f6b8b57"},{"properties":{"displayName":"Microsoft
+ Managed Control 1231 - Configuration Management Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1231"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/244e0c05-cc45-4fe7-bf36-42dcf01f457d","type":"Microsoft.Authorization/policyDefinitions","name":"244e0c05-cc45-4fe7-bf36-42dcf01f457d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1082 - Information Sharing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1082"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/24d480ef-11a0-4b1b-8e70-4e023bf2be23","type":"Microsoft.Authorization/policyDefinitions","name":"24d480ef-11a0-4b1b-8e70-4e023bf2be23"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that do not have a maximum password age
of 70 days","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that do not have a maximum password age of 70 days. For more
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","type":"Microsoft.Authorization/policyDefinitions","name":"24dde96d-f0b1-425e-884f-4a1421e2dcdc"},{"properties":{"displayName":"Endpoint
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","type":"Microsoft.Authorization/policyDefinitions","name":"24dde96d-f0b1-425e-884f-4a1421e2dcdc"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Data Lake Storage Gen1 to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Storage Gen1 to stream to a regional
+ Log Analytics workspace when any Data Lake Storage Gen1 which is missing this
+ diagnostic settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeStore/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/25763a0a-5783-4f14-969e-79d4933eb74b","type":"Microsoft.Authorization/policyDefinitions","name":"25763a0a-5783-4f14-969e-79d4933eb74b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1372 - Incident Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1372"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/25b96717-c912-4c00-9143-4e487f411726","type":"Microsoft.Authorization/policyDefinitions","name":"25b96717-c912-4c00-9143-4e487f411726"},{"properties":{"displayName":"Microsoft
+ Managed Control 1038 - Least Privilege | Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1038"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26692e88-71b7-4a5f-a8ac-9f31dd05bd8e","type":"Microsoft.Authorization/policyDefinitions","name":"26692e88-71b7-4a5f-a8ac-9f31dd05bd8e"},{"properties":{"displayName":"Endpoint
protection solution should be installed on virtual machine scale sets","policyType":"BuiltIn","mode":"Indexed","description":"Audit
the existence and health of an endpoint protection solution on your virtual
machines scale sets, to protect them from threats and vulnerabilities.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EndpointProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","type":"Microsoft.Authorization/policyDefinitions","name":"26a828e1-e88f-464e-bbb3-c134a282b9de"},{"properties":{"displayName":"Metric
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EndpointProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","type":"Microsoft.Authorization/policyDefinitions","name":"26a828e1-e88f-464e-bbb3-c134a282b9de"},{"properties":{"displayName":"Microsoft
+ Managed Control 1649 - Collaborative Computing Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1649"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26d292cc-b0b8-4c29-9337-68abc758bf7b","type":"Microsoft.Authorization/policyDefinitions","name":"26d292cc-b0b8-4c29-9337-68abc758bf7b"},{"properties":{"displayName":"Metric
alert rules should be configured on Batch accounts","policyType":"BuiltIn","mode":"Indexed","description":"Audit
configuration of metric alert rules on Batch account to enable the required
metric","metadata":{"category":"Batch"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"metricName":{"type":"String","metadata":{"displayName":"Metric
name","description":"The metric name that an alert rule must be enabled on"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Batch/batchAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/alertRules","existenceScope":"Subscription","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/alertRules/isEnabled","equals":"true"},{"field":"Microsoft.Insights/alertRules/condition.dataSource.metricName","equals":"[parameters(''metricName'')]"},{"field":"Microsoft.Insights/alertRules/condition.dataSource.resourceUri","equals":"[concat(''/subscriptions/'',
subscription().subscriptionId, ''/resourcegroups/'', resourceGroup().name,
- ''/providers/Microsoft.Batch/batchAccounts/'', field(''name''))]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","type":"Microsoft.Authorization/policyDefinitions","name":"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7"},{"properties":{"displayName":"Deploy
+ ''/providers/Microsoft.Batch/batchAccounts/'', field(''name''))]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","type":"Microsoft.Authorization/policyDefinitions","name":"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1396 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1396"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/276af98f-4ff9-4e69-99fb-c9b2452fb85f","type":"Microsoft.Authorization/policyDefinitions","name":"276af98f-4ff9-4e69-99fb-c9b2452fb85f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1074 - Access Control For Mobile Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1074"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/27a69937-af92-4198-9b86-08d355c7e59a","type":"Microsoft.Authorization/policyDefinitions","name":"27a69937-af92-4198-9b86-08d355c7e59a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1527 - Access Agreements","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1527"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2823de66-332f-4bfd-94a3-3eb036cd3b67","type":"Microsoft.Authorization/policyDefinitions","name":"2823de66-332f-4bfd-94a3-3eb036cd3b67"},{"properties":{"displayName":"Deploy
default Microsoft IaaSAntimalware extension for Windows Server","policyType":"BuiltIn","mode":"Indexed","description":"This
policy deploys a Microsoft IaaSAntimalware extension with a default configuration
when a VM is not configured with the antimalware extension.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk"]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"ExclusionsPaths":{"type":"string","defaultValue":"","metadata":{"description":"Semicolon
@@ -7484,7 +12087,25 @@ interactions:
whether scheduled scan setting type is set to Quick or Full (default is Quick)"}},"ScheduledScanSettingsDay":{"type":"string","defaultValue":"7","metadata":{"description":"Day
of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)"}},"ScheduledScanSettingsTime":{"type":"string","defaultValue":"120","metadata":{"description":"When
to perform the scheduled scan, measured in minutes from midnight (0-1440).
- For example: 0 = 12AM, 60 = 1AM, 120 = 2AM."}}},"resources":[{"name":"[concat(parameters(''vmName''),''/IaaSAntimalware'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2017-12-01","properties":{"publisher":"Microsoft.Azure.Security","type":"IaaSAntimalware","typeHandlerVersion":"1.3","autoUpgradeMinorVersion":true,"settings":{"AntimalwareEnabled":true,"RealtimeProtectionEnabled":"[parameters(''RealtimeProtectionEnabled'')]","ScheduledScanSettings":{"isEnabled":"[parameters(''ScheduledScanSettingsIsEnabled'')]","day":"[parameters(''ScheduledScanSettingsDay'')]","time":"[parameters(''ScheduledScanSettingsTime'')]","scanType":"[parameters(''ScheduledScanSettingsScanType'')]"},"Exclusions":{"Extensions":"[parameters(''ExclusionsExtensions'')]","Paths":"[parameters(''ExclusionsPaths'')]","Processes":"[parameters(''ExclusionsProcesses'')]"}}}}]},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"RealtimeProtectionEnabled":{"value":"true"},"ScheduledScanSettingsIsEnabled":{"value":"true"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc","type":"Microsoft.Authorization/policyDefinitions","name":"2835b622-407b-4114-9198-6f7064cbe0dc"},{"properties":{"displayName":"[Preview]:
+ For example: 0 = 12AM, 60 = 1AM, 120 = 2AM."}}},"resources":[{"name":"[concat(parameters(''vmName''),''/IaaSAntimalware'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2017-12-01","properties":{"publisher":"Microsoft.Azure.Security","type":"IaaSAntimalware","typeHandlerVersion":"1.3","autoUpgradeMinorVersion":true,"settings":{"AntimalwareEnabled":true,"RealtimeProtectionEnabled":"[parameters(''RealtimeProtectionEnabled'')]","ScheduledScanSettings":{"isEnabled":"[parameters(''ScheduledScanSettingsIsEnabled'')]","day":"[parameters(''ScheduledScanSettingsDay'')]","time":"[parameters(''ScheduledScanSettingsTime'')]","scanType":"[parameters(''ScheduledScanSettingsScanType'')]"},"Exclusions":{"Extensions":"[parameters(''ExclusionsExtensions'')]","Paths":"[parameters(''ExclusionsPaths'')]","Processes":"[parameters(''ExclusionsProcesses'')]"}}}}]},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"RealtimeProtectionEnabled":{"value":"true"},"ScheduledScanSettingsIsEnabled":{"value":"true"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc","type":"Microsoft.Authorization/policyDefinitions","name":"2835b622-407b-4114-9198-6f7064cbe0dc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1342 - Authenticator Management | Hardware Token-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1342"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/283a4e29-69d5-4c94-b99e-29acf003c899","type":"Microsoft.Authorization/policyDefinitions","name":"283a4e29-69d5-4c94-b99e-29acf003c899"},{"properties":{"displayName":"Microsoft
+ Managed Control 1436 - Media Transport","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1436"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/28aab8b4-74fd-4b7c-9080-5a7be525d574","type":"Microsoft.Authorization/policyDefinitions","name":"28aab8b4-74fd-4b7c-9080-5a7be525d574"},{"properties":{"displayName":"Microsoft
+ Managed Control 1224 - Information System Component Inventory | Updates During
+ Installations / Removals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1224"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/28cfa30b-7f72-47ce-ba3b-eed26c8d2c82","type":"Microsoft.Authorization/policyDefinitions","name":"28cfa30b-7f72-47ce-ba3b-eed26c8d2c82"},{"properties":{"displayName":"Microsoft
+ Managed Control 1148 - Security Assessments | Independent Assessors","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1148"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/28e62650-c7c2-4786-bdfa-17edc1673902","type":"Microsoft.Authorization/policyDefinitions","name":"28e62650-c7c2-4786-bdfa-17edc1673902"},{"properties":{"displayName":"Microsoft
+ Managed Control 1418 - Nonlocal Maintenance | Comparable Security / Sanitization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1418"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/28e633fd-284e-4ea7-88b4-02ca157ed713","type":"Microsoft.Authorization/policyDefinitions","name":"28e633fd-284e-4ea7-88b4-02ca157ed713"},{"properties":{"displayName":"Microsoft
+ Managed Control 1634 - Boundary Protection | Prevent Unauthorized Exfiltration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1634"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/292a7c44-37fa-4c68-af7c-9d836955ded2","type":"Microsoft.Authorization/policyDefinitions","name":"292a7c44-37fa-4c68-af7c-9d836955ded2"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
User Account Control''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -7497,14 +12118,62 @@ interactions:
the specified tag and value when any resource which is missing this tag is
created or updated. Does not modify the tags of resources created before this
policy was applied until those resources are changed. Does not apply to resource
- groups.","metadata":{"category":"General"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ groups. New ''modify'' effect policies are available that support remediation
+ of tags on existing resources (see https://aka.ms/modifydoc).","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"field":"[concat(''tags['',
parameters(''tagName''), '']'')]","exists":"false"},"then":{"effect":"append","details":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498","type":"Microsoft.Authorization/policyDefinitions","name":"2a0e14a6-b0a6-4fab-991a-187a4f81c498"},{"properties":{"displayName":"Unattached
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498","type":"Microsoft.Authorization/policyDefinitions","name":"2a0e14a6-b0a6-4fab-991a-187a4f81c498"},{"properties":{"displayName":"Microsoft
+ Managed Control 1219 - Least Functionality | Authorized Software / Whitelisting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1219"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2a39ac75-622b-4c88-9a3f-45b7373f7ef7","type":"Microsoft.Authorization/policyDefinitions","name":"2a39ac75-622b-4c88-9a3f-45b7373f7ef7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1274 - Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1274"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2aee175f-cd16-4825-939a-a85349d96210","type":"Microsoft.Authorization/policyDefinitions","name":"2aee175f-cd16-4825-939a-a85349d96210"},{"properties":{"displayName":"Microsoft
+ Managed Control 1603 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1603"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2b909c26-162f-47ce-8e15-0c1f55632eac","type":"Microsoft.Authorization/policyDefinitions","name":"2b909c26-162f-47ce-8e15-0c1f55632eac"},{"properties":{"displayName":"Managed
+ identity should be used in your Web App","policyType":"BuiltIn","mode":"Indexed","description":"Use
+ a managed identity for enhanced authentication security","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332","type":"Microsoft.Authorization/policyDefinitions","name":"2b9ad585-36bc-4615-b300-fd4435808332"},{"properties":{"displayName":"Microsoft
+ Managed Control 1434 - Media Transport","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1434"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c18f06b-a68d-41c3-8863-b8cd3acb5f8f","type":"Microsoft.Authorization/policyDefinitions","name":"2c18f06b-a68d-41c3-8863-b8cd3acb5f8f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1343 - Authenticator Management | Expiration Of Cached Authenticators","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1343"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c251a55-31eb-4e53-99c6-e9c43c393ac2","type":"Microsoft.Authorization/policyDefinitions","name":"2c251a55-31eb-4e53-99c6-e9c43c393ac2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1388 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1388"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c7c575a-d4c5-4f6f-bd49-dee97a8cba55","type":"Microsoft.Authorization/policyDefinitions","name":"2c7c575a-d4c5-4f6f-bd49-dee97a8cba55"},{"properties":{"displayName":"Microsoft
+ Managed Control 1344 - Authenticator Feedback","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1344"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c895fe7-2d8e-43a2-838c-3a533a5b355e","type":"Microsoft.Authorization/policyDefinitions","name":"2c895fe7-2d8e-43a2-838c-3a533a5b355e"},{"properties":{"displayName":"Unattached
disks should be encrypted","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any unattached disk without encryption enabled.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/disks"},{"field":"Microsoft.Compute/disks/diskState","equals":"Unattached"},{"anyOf":[{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","exists":"false"},{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","type":"Microsoft.Authorization/policyDefinitions","name":"2c89a2e5-7285-40fe-afe0-ae8654b92fb2"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/disks"},{"field":"Microsoft.Compute/disks/diskState","equals":"Unattached"},{"anyOf":[{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","exists":"false"},{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","type":"Microsoft.Authorization/policyDefinitions","name":"2c89a2e5-7285-40fe-afe0-ae8654b92fb2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1593 - External Information System Services | Processing,
+ Storage, And Service Location","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1593"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2cd0a426-b5f5-4fe0-9539-a6043cdbc6fa","type":"Microsoft.Authorization/policyDefinitions","name":"2cd0a426-b5f5-4fe0-9539-a6043cdbc6fa"},{"properties":{"displayName":"Microsoft
+ Managed Control 1546 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1546"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2ce1ea7e-4038-4e53-82f4-63e8859333c1","type":"Microsoft.Authorization/policyDefinitions","name":"2ce1ea7e-4038-4e53-82f4-63e8859333c1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1414 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1414"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2ce63a52-e47b-4ae2-adbb-6e40d967f9e6","type":"Microsoft.Authorization/policyDefinitions","name":"2ce63a52-e47b-4ae2-adbb-6e40d967f9e6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1679 - Malicious Code Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1679"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2cf42a28-193e-41c5-98df-7688e7ef0a88","type":"Microsoft.Authorization/policyDefinitions","name":"2cf42a28-193e-41c5-98df-7688e7ef0a88"},{"properties":{"displayName":"Microsoft
+ Managed Control 1068 - Wireless Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1068"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d045bca-a0fd-452e-9f41-4ec33769717c","type":"Microsoft.Authorization/policyDefinitions","name":"2d045bca-a0fd-452e-9f41-4ec33769717c"},{"properties":{"displayName":"App
+ Service should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any App Service not configured to use a virtual network service
+ endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/virtualNetworkConnections","existenceCondition":{"field":"Microsoft.Web/sites/virtualnetworkconnections/vnetResourceId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d21331d-a4c2-4def-a9ad-ee4e1e023beb","type":"Microsoft.Authorization/policyDefinitions","name":"2d21331d-a4c2-4def-a9ad-ee4e1e023beb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1704 - Security Alerts, Advisories, And Directives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1704"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d44b6fa-1134-4ea6-ad4e-9edb68f65429","type":"Microsoft.Authorization/policyDefinitions","name":"2d44b6fa-1134-4ea6-ad4e-9edb68f65429"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that do not store passwords using reversible
encryption","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
@@ -7518,7 +12187,35 @@ interactions:
initiative. This definition allows Azure Policy to process the results of
auditing Linux virtual machines that allow remote connections from accounts
without passwords. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","type":"Microsoft.Authorization/policyDefinitions","name":"2d67222d-05fd-4526-a171-2ee132ad9e83"},{"properties":{"displayName":"[Deprecated]:
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","type":"Microsoft.Authorization/policyDefinitions","name":"2d67222d-05fd-4526-a171-2ee132ad9e83"},{"properties":{"displayName":"Microsoft
+ Managed Control 1077 - Use Of External Information Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1077"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2dad3668-797a-412e-a798-07d3849a7a79","type":"Microsoft.Authorization/policyDefinitions","name":"2dad3668-797a-412e-a798-07d3849a7a79"},{"properties":{"displayName":"Microsoft
+ Managed Control 1149 - Security Assessments | Specialized Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1149"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2e1b855b-a013-481a-aeeb-2bcb129fd35d","type":"Microsoft.Authorization/policyDefinitions","name":"2e1b855b-a013-481a-aeeb-2bcb129fd35d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1497 - System Security Plan | Plan / Coordinate With Other
+ Organizational Entities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1497"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2e3c5583-1729-4d36-8771-59c32f090a22","type":"Microsoft.Authorization/policyDefinitions","name":"2e3c5583-1729-4d36-8771-59c32f090a22"},{"properties":{"displayName":"Microsoft
+ Managed Control 1000 - Access Control Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1000"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2ef3cc79-733e-48ed-ab6f-7bf439e9b406","type":"Microsoft.Authorization/policyDefinitions","name":"2ef3cc79-733e-48ed-ab6f-7bf439e9b406"},{"properties":{"displayName":"Microsoft
+ Managed Control 1519 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1519"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2f13915a-324c-4ab8-b45c-2eefeeefb098","type":"Microsoft.Authorization/policyDefinitions","name":"2f13915a-324c-4ab8-b45c-2eefeeefb098"},{"properties":{"displayName":"[Preview]:
+ Network traffic data collection agent should be installed on Windows virtual
+ machines","policyType":"BuiltIn","mode":"Indexed","description":"Security
+ Center uses the Microsoft Monitoring Dependency Agent to collect network traffic
+ data from your Azure virtual machines to enable advanced network protection
+ features such as traffic visualization on the network map, network hardening
+ recommendations and specific network threats.","metadata":{"category":"Monitoring","preview":"true"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable Dependency Agent for Windows VMs monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2f2ee1de-44aa-4762-b6bd-0893fc3f306d","type":"Microsoft.Authorization/policyDefinitions","name":"2f2ee1de-44aa-4762-b6bd-0893fc3f306d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1144 - Security Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1144"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fa15ff1-a693-4ee4-b094-324818dc9a51","type":"Microsoft.Authorization/policyDefinitions","name":"2fa15ff1-a693-4ee4-b094-324818dc9a51"},{"properties":{"displayName":"Microsoft
+ Managed Control 1090 - Security Awareness Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1090"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fb740e5-cbc7-4d10-8686-d1bf826652b1","type":"Microsoft.Authorization/policyDefinitions","name":"2fb740e5-cbc7-4d10-8686-d1bf826652b1"},{"properties":{"displayName":"[Deprecated]:
Web Application should only be accessible over HTTPS","policyType":"BuiltIn","mode":"All","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"Security
@@ -7541,14 +12238,21 @@ interactions:
https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"DomainName":{"type":"String","metadata":{"displayName":"Domain
Name (FQDN)","description":"The fully qualified domain name (FQDN) that the
Windows VMs should be joined to"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDomainMembership","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[DomainMembership]WindowsDomainMembership;DomainName'',
- ''='', parameters(''DomainName'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDomainMembership"},"DomainName":{"value":"[parameters(''DomainName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"DomainName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[DomainMembership]WindowsDomainMembership;DomainName","value":"[parameters(''DomainName'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[DomainMembership]WindowsDomainMembership;DomainName","value":"[parameters(''DomainName'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/315c850a-272d-4502-8935-b79010405970","type":"Microsoft.Authorization/policyDefinitions","name":"315c850a-272d-4502-8935-b79010405970"},{"properties":{"displayName":"[Preview]:
+ ''='', parameters(''DomainName'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDomainMembership"},"DomainName":{"value":"[parameters(''DomainName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"DomainName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[DomainMembership]WindowsDomainMembership;DomainName","value":"[parameters(''DomainName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[DomainMembership]WindowsDomainMembership;DomainName","value":"[parameters(''DomainName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/315c850a-272d-4502-8935-b79010405970","type":"Microsoft.Authorization/policyDefinitions","name":"315c850a-272d-4502-8935-b79010405970"},{"properties":{"displayName":"Microsoft
+ Managed Control 1042 - Least Privilege | Auditing Use Of Privileged Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1042"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/319dc4f0-0fed-4ac9-8fc3-7aeddee82c07","type":"Microsoft.Authorization/policyDefinitions","name":"319dc4f0-0fed-4ac9-8fc3-7aeddee82c07"},{"properties":{"displayName":"Microsoft
+ Managed Control 1698 - Information System Monitoring | Individuals Posing
+ Greater Risk","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1698"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/31b752c1-05a9-432a-8fce-c39b56550119","type":"Microsoft.Authorization/policyDefinitions","name":"31b752c1-05a9-432a-8fce-c39b56550119"},{"properties":{"displayName":"[Preview]:
Audit Log Analytics Agent Deployment - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports
VMs as non-compliant if the VM Image (OS) is not in the list defined and the
agent is not installed. The list of OS images will be updated over time as
@@ -7556,7 +12260,13 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","type":"Microsoft.Authorization/policyDefinitions","name":"32133ab0-ee4b-4b44-98d6-042180979d50"},{"properties":{"displayName":"Deploy
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","type":"Microsoft.Authorization/policyDefinitions","name":"32133ab0-ee4b-4b44-98d6-042180979d50"},{"properties":{"displayName":"Microsoft
+ Managed Control 1587 - External Information System Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1587"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32820956-9c6d-4376-934c-05cd8525be7c","type":"Microsoft.Authorization/policyDefinitions","name":"32820956-9c6d-4376-934c-05cd8525be7c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1333 - Authenticator Management | Pki-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1333"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3298d6bf-4bc6-4278-a95d-f7ef3ac6e594","type":"Microsoft.Authorization/policyDefinitions","name":"3298d6bf-4bc6-4278-a95d-f7ef3ac6e594"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs on which the specified services are not
installed and ''Running''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -7568,42 +12278,66 @@ interactions:
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"ServiceName":{"type":"String","metadata":{"displayName":"Service
names (supports wildcards)","description":"A semicolon-separated list of the
names of the services that should be installed and ''Running''. e.g. ''WinRm;Wi*''"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsServiceStatus","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[WindowsServiceStatus]WindowsServiceStatus1;ServiceName'',
- ''='', parameters(''ServiceName'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsServiceStatus"},"ServiceName":{"value":"[parameters(''ServiceName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ServiceName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsServiceStatus]WindowsServiceStatus1;ServiceName","value":"[parameters(''ServiceName'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsServiceStatus]WindowsServiceStatus1;ServiceName","value":"[parameters(''ServiceName'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32b1e4d4-6cd5-47b4-a935-169da8a5c262","type":"Microsoft.Authorization/policyDefinitions","name":"32b1e4d4-6cd5-47b4-a935-169da8a5c262"},{"properties":{"displayName":"[Preview]:
+ ''='', parameters(''ServiceName'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsServiceStatus"},"ServiceName":{"value":"[parameters(''ServiceName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ServiceName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsServiceStatus]WindowsServiceStatus1;ServiceName","value":"[parameters(''ServiceName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsServiceStatus]WindowsServiceStatus1;ServiceName","value":"[parameters(''ServiceName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32b1e4d4-6cd5-47b4-a935-169da8a5c262","type":"Microsoft.Authorization/policyDefinitions","name":"32b1e4d4-6cd5-47b4-a935-169da8a5c262"},{"properties":{"displayName":"Microsoft
+ Managed Control 1445 - Physical And Environmental Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1445"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32d07d59-2716-4972-b37b-214a67ac4a37","type":"Microsoft.Authorization/policyDefinitions","name":"32d07d59-2716-4972-b37b-214a67ac4a37"},{"properties":{"displayName":"Microsoft
+ Managed Control 1282 - Telecommunications Services | Single Points Of Failure","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1282"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34042a97-ec6d-4263-93d2-8c1c46823b2a","type":"Microsoft.Authorization/policyDefinitions","name":"34042a97-ec6d-4263-93d2-8c1c46823b2a"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Linux VMs that have accounts without passwords","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Linux virtual machines
that have accounts without passwords. It also creates a system-assigned managed
identity and deploys the VM extension for Guest Configuration. This policy
should only be used along with its corresponding audit policy in an initiative.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid232","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid232"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","type":"Microsoft.Authorization/policyDefinitions","name":"3470477a-b35a-49db-aca5-1073d04524fe"},{"properties":{"displayName":"Audit
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid232","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid232"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","type":"Microsoft.Authorization/policyDefinitions","name":"3470477a-b35a-49db-aca5-1073d04524fe"},{"properties":{"displayName":"Microsoft
+ Managed Control 1151 - System Interconnections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1151"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/347e3b69-7fb7-47df-a8ef-71a1a7b44bca","type":"Microsoft.Authorization/policyDefinitions","name":"347e3b69-7fb7-47df-a8ef-71a1a7b44bca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1412 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1412"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3492d949-0dbb-4589-88b3-7b59601cc764","type":"Microsoft.Authorization/policyDefinitions","name":"3492d949-0dbb-4589-88b3-7b59601cc764"},{"properties":{"displayName":"Microsoft
+ Managed Control 1475 - Emergency Lighting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1475"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34a63848-30cf-4081-937e-ce1a1c885501","type":"Microsoft.Authorization/policyDefinitions","name":"34a63848-30cf-4081-937e-ce1a1c885501"},{"properties":{"displayName":"Microsoft
+ Managed Control 1060 - Remote Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1060"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34a987fd-2003-45de-a120-014956581f2b","type":"Microsoft.Authorization/policyDefinitions","name":"34a987fd-2003-45de-a120-014956581f2b"},{"properties":{"displayName":"Audit
unrestricted network access to storage accounts","policyType":"BuiltIn","mode":"Indexed","description":"Audit
unrestricted network access in your storage account firewall settings. Instead,
configure network rules so only applications from allowed networks can access
the storage account. To allow connections from specific internet or on-premise
clients, access can be granted to traffic from specific Azure virtual networks
or to public internet IP address ranges","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.defaultAction","equals":"Allow"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","type":"Microsoft.Authorization/policyDefinitions","name":"34c877ad-507e-4c82-993e-3452a6e0ad3c"},{"properties":{"displayName":"Diagnostic
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.defaultAction","equals":"Allow"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","type":"Microsoft.Authorization/policyDefinitions","name":"34c877ad-507e-4c82-993e-3452a6e0ad3c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1341 - Authenticator Management | Multiple Information System
+ Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1341"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34cb7e92-fe4c-4826-b51e-8cd203fa5d35","type":"Microsoft.Authorization/policyDefinitions","name":"34cb7e92-fe4c-4826-b51e-8cd203fa5d35"},{"properties":{"displayName":"Diagnostic
logs in Logic Apps should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Logic Apps"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","type":"Microsoft.Authorization/policyDefinitions","name":"34f95f76-5386-4de7-b824-0d8478470c9d"},{"properties":{"displayName":"[Preview]:
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","type":"Microsoft.Authorization/policyDefinitions","name":"34f95f76-5386-4de7-b824-0d8478470c9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1210 - Configuration Settings","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1210"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3502c968-c490-4570-8167-1476f955e9b8","type":"Microsoft.Authorization/policyDefinitions","name":"3502c968-c490-4570-8167-1476f955e9b8"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not have a maximum password
age of 70 days","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -7611,31 +12345,51 @@ interactions:
managed identity and deploys the VM extension for Guest Configuration. This
policy should only be used along with its corresponding audit policy in an
initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MaximumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MaximumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","type":"Microsoft.Authorization/policyDefinitions","name":"356a906e-05e5-4625-8729-90771e0ee934"},{"properties":{"displayName":"CORS
should not allow every resource to access your API App","policyType":"BuiltIn","mode":"Indexed","description":"Cross-Origin
Resource Sharing (CORS) should not allow all domains to access your API app.
Allow only required domains to interact with your API app.","metadata":{"category":"App
Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","type":"Microsoft.Authorization/policyDefinitions","name":"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac"},{"properties":{"displayName":"Gateway
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","type":"Microsoft.Authorization/policyDefinitions","name":"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1659 - Architecture And Provisioning For Name / Address Resolution
+ Service","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1659"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/35a4102f-a778-4a2e-98c2-971056288df8","type":"Microsoft.Authorization/policyDefinitions","name":"35a4102f-a778-4a2e-98c2-971056288df8"},{"properties":{"displayName":"Gateway
subnets should not be configured with a network security group","policyType":"BuiltIn","mode":"All","description":"This
policy denies if a gateway subnet is configured with a network security group.
Assigning a network security group to a gateway subnet will cause the gateway
- to stop functioning.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},{"field":"name","equals":"GatewaySubnet"},{"field":"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id","exists":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010","type":"Microsoft.Authorization/policyDefinitions","name":"35f9c03a-cc27-418e-9c0c-539ff999d010"},{"properties":{"displayName":"Deploy
+ to stop functioning.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},{"field":"name","equals":"GatewaySubnet"},{"field":"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id","exists":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010","type":"Microsoft.Authorization/policyDefinitions","name":"35f9c03a-cc27-418e-9c0c-539ff999d010"},{"properties":{"displayName":"Microsoft
+ Managed Control 1043 - Least Privilege | Prohibit Non-Privileged Users From
+ Executing Privileged Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1043"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/361a77f6-0f9c-4748-8eec-bc13aaaa2455","type":"Microsoft.Authorization/policyDefinitions","name":"361a77f6-0f9c-4748-8eec-bc13aaaa2455"},{"properties":{"displayName":"Deploy
Advanced Threat Protection on Storage Accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
policy enables Advanced Threat Protection on Storage Accounts.","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Storage/storageAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"storageAccountName":{"type":"string"}},"resources":[{"apiVersion":"2017-08-01-preview","type":"Microsoft.Storage/storageAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''storageAccountName''),
- ''/Microsoft.Security/current'')]","properties":{"isEnabled":true}}]},"parameters":{"storageAccountName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c","type":"Microsoft.Authorization/policyDefinitions","name":"361c2074-3595-4e5d-8cab-4f21dffc835c"},{"properties":{"displayName":"Automation
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Storage/storageAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"storageAccountName":{"type":"string"}},"resources":[{"apiVersion":"2019-01-01","type":"Microsoft.Storage/storageAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''storageAccountName''),
+ ''/Microsoft.Security/current'')]","properties":{"isEnabled":true}}]},"parameters":{"storageAccountName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c","type":"Microsoft.Authorization/policyDefinitions","name":"361c2074-3595-4e5d-8cab-4f21dffc835c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1313 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1313"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36220f5b-79a1-4cdb-8c74-2d2449f9a510","type":"Microsoft.Authorization/policyDefinitions","name":"36220f5b-79a1-4cdb-8c74-2d2449f9a510"},{"properties":{"displayName":"Microsoft
+ Managed Control 1630 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1630"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3643717a-3897-4bfd-8530-c7c96b26b2a0","type":"Microsoft.Authorization/policyDefinitions","name":"3643717a-3897-4bfd-8530-c7c96b26b2a0"},{"properties":{"displayName":"Automation
account variables should be encrypted","policyType":"BuiltIn","mode":"All","description":"It
is important to enable encryption of Automation account variable assets when
storing sensitive data","metadata":{"category":"Automation"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Automation/automationAccounts/variables"},{"field":"Microsoft.Automation/automationAccounts/variables/isEncrypted","notEquals":"true"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","type":"Microsoft.Authorization/policyDefinitions","name":"3657f5a0-770e-44a3-b44e-9431ba1e9735"},{"properties":{"displayName":"Deploy
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Automation/automationAccounts/variables"},{"field":"Microsoft.Automation/automationAccounts/variables/isEncrypted","notEquals":"true"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","type":"Microsoft.Authorization/policyDefinitions","name":"3657f5a0-770e-44a3-b44e-9431ba1e9735"},{"properties":{"displayName":"Microsoft
+ Managed Control 1339 - Authenticator Management | Protection Of Authenticators","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1339"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/367ae386-db7f-4167-b672-984ff86277c0","type":"Microsoft.Authorization/policyDefinitions","name":"367ae386-db7f-4167-b672-984ff86277c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1685 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1685"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36b0ef30-366f-4b1b-8652-a3511df11f53","type":"Microsoft.Authorization/policyDefinitions","name":"36b0ef30-366f-4b1b-8652-a3511df11f53"},{"properties":{"displayName":"Deploy
Threat Detection on SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy ensures that Threat Detection is enabled on SQL Servers.","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/securityAlertPolicies.state","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"serverName":{"type":"string"}},"variables":{},"resources":[{"name":"[concat(parameters(''serverName''),
''/Default'')]","type":"Microsoft.Sql/servers/securityAlertPolicies","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","emailAccountAdmins":true}}]},"parameters":{"serverName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5","type":"Microsoft.Authorization/policyDefinitions","name":"36d49e87-48c4-4f2e-beed-ba4ed02b71f5"},{"properties":{"displayName":"[Preview]:
@@ -7684,7 +12438,10 @@ interactions:
clients;ExpectedValue","value":"[parameters(''NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients'')]"},{"name":"Network
security: Minimum session security for NTLM SSP based (including secure RPC)
servers;ExpectedValue","value":"[parameters(''NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36e17963-7202-494a-80c3-f508211c826b","type":"Microsoft.Authorization/policyDefinitions","name":"36e17963-7202-494a-80c3-f508211c826b"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36e17963-7202-494a-80c3-f508211c826b","type":"Microsoft.Authorization/policyDefinitions","name":"36e17963-7202-494a-80c3-f508211c826b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1557 - Vulnerability Scanning | Review Historic Audit Logs","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1557"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36fbe499-f2f2-41b6-880e-52d7ea1d94a5","type":"Microsoft.Authorization/policyDefinitions","name":"36fbe499-f2f2-41b6-880e-52d7ea1d94a5"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Interactive Logon''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -7695,33 +12452,86 @@ interactions:
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsInteractiveLogon","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsInteractiveLogon"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3750712b-43d0-478e-9966-d2c26f6141b9","type":"Microsoft.Authorization/policyDefinitions","name":"3750712b-43d0-478e-9966-d2c26f6141b9"},{"properties":{"displayName":"Storage
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3750712b-43d0-478e-9966-d2c26f6141b9","type":"Microsoft.Authorization/policyDefinitions","name":"3750712b-43d0-478e-9966-d2c26f6141b9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1624 - Boundary Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1624"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37d079e3-d6aa-4263-a069-dd7ac6dd9684","type":"Microsoft.Authorization/policyDefinitions","name":"37d079e3-d6aa-4263-a069-dd7ac6dd9684"},{"properties":{"displayName":"Storage
accounts should be migrated to new Azure Resource Manager resources","policyType":"BuiltIn","mode":"All","description":"Use
new Azure Resource Manager for your storage accounts to provide security enhancements
such as: stronger access control (RBAC), better auditing, Azure Resource Manager
based deployment and governance, access to managed identities, access to key
vault for secrets, Azure AD-based authentication and support for tags and
resource groups for easier security management","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.classicStorage/storageAccounts"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","type":"Microsoft.Authorization/policyDefinitions","name":"37e0d2fe-28a5-43d6-a273-67d37d1f5606"},{"properties":{"displayName":"Diagnostic
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.ClassicStorage/storageAccounts","Microsoft.Storage/StorageAccounts"]},{"value":"[field(''type'')]","equals":"Microsoft.ClassicStorage/storageAccounts"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","type":"Microsoft.Authorization/policyDefinitions","name":"37e0d2fe-28a5-43d6-a273-67d37d1f5606"},{"properties":{"displayName":"Microsoft
+ Managed Control 1335 - Authenticator Management | Pki-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1335"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/382016f3-d4ba-4e15-9716-55077ec4dc2a","type":"Microsoft.Authorization/policyDefinitions","name":"382016f3-d4ba-4e15-9716-55077ec4dc2a"},{"properties":{"displayName":"Diagnostic
logs in IoT Hub should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Internet of Things"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Devices/IotHubs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","type":"Microsoft.Authorization/policyDefinitions","name":"383856f8-de7f-44a2-81fc-e5135b5c2aa4"},{"properties":{"displayName":"Advanced
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Devices/IotHubs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","type":"Microsoft.Authorization/policyDefinitions","name":"383856f8-de7f-44a2-81fc-e5135b5c2aa4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1081 - Information Sharing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1081"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3867f2a9-23bb-4729-851f-c3ad98580caf","type":"Microsoft.Authorization/policyDefinitions","name":"3867f2a9-23bb-4729-851f-c3ad98580caf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1522 - Personnel Transfer","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1522"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/38b470cc-f939-4a15-80e0-9f0c74f2e2c9","type":"Microsoft.Authorization/policyDefinitions","name":"38b470cc-f939-4a15-80e0-9f0c74f2e2c9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1416 - Nonlocal Maintenance | Document Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1416"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/38dfd8a3-5290-4099-88b7-4081f4c4d8ae","type":"Microsoft.Authorization/policyDefinitions","name":"38dfd8a3-5290-4099-88b7-4081f4c4d8ae"},{"properties":{"displayName":"Microsoft
+ Managed Control 1397 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1397"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/391af4ab-1117-46b9-b2c7-78bbd5cd995b","type":"Microsoft.Authorization/policyDefinitions","name":"391af4ab-1117-46b9-b2c7-78bbd5cd995b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1556 - Vulnerability Scanning | Automated Trend Analyses","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1556"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/391ff8b3-afed-405e-9f7d-ef2f8168d5da","type":"Microsoft.Authorization/policyDefinitions","name":"391ff8b3-afed-405e-9f7d-ef2f8168d5da"},{"properties":{"displayName":"Advanced
data security settings for SQL managed instance should contain an email address
to receive security alerts","policyType":"BuiltIn","mode":"Indexed","description":"Ensure
that an email address is provided for the ''Send alerts to'' field in the
Advanced Data Security server settings. This email address receives alert
notifications when anomalous activities are detected on SQL managed instances.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","notEquals":""},{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","type":"Microsoft.Authorization/policyDefinitions","name":"3965c43d-b5f4-482e-b74a-d89ee0e0b3a8"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","notEquals":""},{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","type":"Microsoft.Authorization/policyDefinitions","name":"3965c43d-b5f4-482e-b74a-d89ee0e0b3a8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1232 - Configuration Management Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1232"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/396ba986-eac1-4d6d-85c4-d3fda6b78272","type":"Microsoft.Authorization/policyDefinitions","name":"396ba986-eac1-4d6d-85c4-d3fda6b78272"},{"properties":{"displayName":"Microsoft
+ Managed Control 1246 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1246"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/398eb61e-8111-40d5-a0c9-003df28f1753","type":"Microsoft.Authorization/policyDefinitions","name":"398eb61e-8111-40d5-a0c9-003df28f1753"},{"properties":{"displayName":"FTPS
+ only should be required in your Function App","policyType":"BuiltIn","mode":"Indexed","description":"Enable
+ FTPS enforcement for enhanced security","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/ftpsState","equals":"FtpsOnly"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15","type":"Microsoft.Authorization/policyDefinitions","name":"399b2637-a50f-4f95-96f8-3a145476eb15"},{"properties":{"displayName":"Microsoft
+ Managed Control 1680 - Malicious Code Protection | Central Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1680"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/399cd6ee-0e18-41db-9dea-cde3bd712f38","type":"Microsoft.Authorization/policyDefinitions","name":"399cd6ee-0e18-41db-9dea-cde3bd712f38"},{"properties":{"displayName":"Microsoft
+ Managed Control 1228 - Information System Component Inventory | Accountability
+ Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1228"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/39c54140-5902-4079-8bb5-ad31936fe764","type":"Microsoft.Authorization/policyDefinitions","name":"39c54140-5902-4079-8bb5-ad31936fe764"},{"properties":{"displayName":"Microsoft
+ Managed Control 1039 - Least Privilege | Review Of User Privileges","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1039"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3a7b9de4-a8a2-4672-914d-c5f6752aa7f9","type":"Microsoft.Authorization/policyDefinitions","name":"3a7b9de4-a8a2-4672-914d-c5f6752aa7f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1648 - Collaborative Computing Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1648"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3a9eb14b-495a-4ebb-933c-ce4ef5264e32","type":"Microsoft.Authorization/policyDefinitions","name":"3a9eb14b-495a-4ebb-933c-ce4ef5264e32"},{"properties":{"displayName":"Microsoft
+ Managed Control 1315 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1315"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3aa87116-f1a1-4edb-bfbf-14e036f8d454","type":"Microsoft.Authorization/policyDefinitions","name":"3aa87116-f1a1-4edb-bfbf-14e036f8d454"},{"properties":{"displayName":"[Preview]:
Pod Security Policies should be defined on Kubernetes Services","policyType":"BuiltIn","mode":"All","description":"Define
Pod Security Policies to reduce the attack vector by removing unnecessary
application privileges. It is recommended to configure Pod Security Policies
to only allow pods to access the resources which they have permissions to
access.","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","exists":"false"},{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94","type":"Microsoft.Authorization/policyDefinitions","name":"3abeb944-26af-43ee-b83d-32aaf060fb94"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","exists":"false"},{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94","type":"Microsoft.Authorization/policyDefinitions","name":"3abeb944-26af-43ee-b83d-32aaf060fb94"},{"properties":{"displayName":"Microsoft
+ Managed Control 1548 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1548"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3afe6c78-6124-4d95-b85c-eb8c0c9539cb","type":"Microsoft.Authorization/policyDefinitions","name":"3afe6c78-6124-4d95-b85c-eb8c0c9539cb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1266 - Contingency Plan Testing | Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1266"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3b4a3eb2-c25d-40bf-ad41-5094b6f59cee","type":"Microsoft.Authorization/policyDefinitions","name":"3b4a3eb2-c25d-40bf-ad41-5094b6f59cee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1003 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1003"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3b68b179-3704-4ff7-b51d-7d65374d165d","type":"Microsoft.Authorization/policyDefinitions","name":"3b68b179-3704-4ff7-b51d-7d65374d165d"},{"properties":{"displayName":"[Preview]:
Deploy Dependency Agent for Windows VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the
list defined and the agent is not installed. The list of OS images will be
@@ -7751,15 +12561,40 @@ interactions:
in security configuration on your virtual machine scale sets should be remediated","policyType":"BuiltIn","mode":"Indexed","description":"Audit
the OS vulnerabilities on your virtual machine scale sets to protect them
from attacks.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OsVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","type":"Microsoft.Authorization/policyDefinitions","name":"3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OsVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","type":"Microsoft.Authorization/policyDefinitions","name":"3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1621 - Resource Availability","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1621"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3cb9f731-744a-4691-a481-ca77b0411538","type":"Microsoft.Authorization/policyDefinitions","name":"3cb9f731-744a-4691-a481-ca77b0411538"},{"properties":{"displayName":"Microsoft
+ Managed Control 1521 - Personnel Termination | Automated Notification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1521"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3cbddf9c-a3aa-4330-a0f5-4c0c1f1862e5","type":"Microsoft.Authorization/policyDefinitions","name":"3cbddf9c-a3aa-4330-a0f5-4c0c1f1862e5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1127 - Time Stamps","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1127"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3ce328db-aef3-48ed-9f81-2ab7cf839c66","type":"Microsoft.Authorization/policyDefinitions","name":"3ce328db-aef3-48ed-9f81-2ab7cf839c66"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Search Services to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Search Services to stream to a regional Event
+ Hub when any Search Services which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Search/searchServices/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d5da587-71bd-41f5-ac95-dd3330c2d58d","type":"Microsoft.Authorization/policyDefinitions","name":"3d5da587-71bd-41f5-ac95-dd3330c2d58d"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Devices''","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Security
Options - Devices''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsDevices","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d7b154e-2700-4c8c-9e46-cb65ac1578c2","type":"Microsoft.Authorization/policyDefinitions","name":"3d7b154e-2700-4c8c-9e46-cb65ac1578c2"},{"properties":{"displayName":"Deploy
- default Log Analytics Agent for Ubuntu VMs","policyType":"BuiltIn","mode":"Indexed","description":"This
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsDevices","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d7b154e-2700-4c8c-9e46-cb65ac1578c2","type":"Microsoft.Authorization/policyDefinitions","name":"3d7b154e-2700-4c8c-9e46-cb65ac1578c2"},{"properties":{"displayName":"[Deprecated]:
+ Deploy default Log Analytics Agent for Ubuntu VMs","policyType":"BuiltIn","mode":"Indexed","description":"This
policy deploys the Log Analytics Agent on Ubuntu VMs, and connects to the
selected Log Analytics workspace","metadata":{"category":"Compute","deprecated":true},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log
Analytics workspace","description":"Select Log Analytics workspace from dropdown
@@ -7768,22 +12603,43 @@ interactions:
policy assignment''s principal ID.","strongType":"omsWorkspace"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS","16.04-LTS","16.04.0-LTS","14.04.2-LTS","12.04.5-LTS"]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"OmsAgentForLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"resources":[{"name":"[concat(parameters(''vmName''),''/omsPolicy'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2017-12-01","properties":{"publisher":"Microsoft.EnterpriseCloud.Monitoring","type":"OmsAgentForLinux","typeHandlerVersion":"1.4","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
''2015-03-20'').customerId]"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- monitoring for Linux VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38","type":"Microsoft.Authorization/policyDefinitions","name":"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38"},{"properties":{"displayName":"Azure
+ monitoring for Linux VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38","type":"Microsoft.Authorization/policyDefinitions","name":"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38"},{"properties":{"displayName":"Microsoft
+ Managed Control 1385 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1385"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3e495e65-8663-49ca-9b38-9f45e800bc58","type":"Microsoft.Authorization/policyDefinitions","name":"3e495e65-8663-49ca-9b38-9f45e800bc58"},{"properties":{"displayName":"Azure
Monitor solution ''Security and Audit'' must be deployed","policyType":"BuiltIn","mode":"All","description":"This
policy ensures that Security and Audit is deployed.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.OperationsManagement/solutions","existenceCondition":{"allOf":[{"field":"Microsoft.OperationsManagement/solutions/provisioningState","equals":"Succeeded"},{"field":"name","like":"Security(*)"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3e596b57-105f-48a6-be97-03e9243bad6e","type":"Microsoft.Authorization/policyDefinitions","name":"3e596b57-105f-48a6-be97-03e9243bad6e"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.OperationsManagement/solutions","existenceCondition":{"allOf":[{"field":"Microsoft.OperationsManagement/solutions/provisioningState","equals":"Succeeded"},{"field":"name","like":"Security(*)"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3e596b57-105f-48a6-be97-03e9243bad6e","type":"Microsoft.Authorization/policyDefinitions","name":"3e596b57-105f-48a6-be97-03e9243bad6e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1160 - Security Authorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1160"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3e797ca6-2aa8-4333-b335-7036f1110c05","type":"Microsoft.Authorization/policyDefinitions","name":"3e797ca6-2aa8-4333-b335-7036f1110c05"},{"properties":{"displayName":"Microsoft
+ Managed Control 1545 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1545"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3f4b171a-a56b-4328-8112-32cf7f947ee1","type":"Microsoft.Authorization/policyDefinitions","name":"3f4b171a-a56b-4328-8112-32cf7f947ee1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1179 - Baseline Configuration | Reviews And Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1179"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3f9ce557-c8ab-4e6c-bb2c-9b8ed002c46c","type":"Microsoft.Authorization/policyDefinitions","name":"3f9ce557-c8ab-4e6c-bb2c-9b8ed002c46c"},{"properties":{"displayName":"[Deprecated]:
Audit API Applications that are not using latest supported PHP Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported PHP version for the latest security classes. Using older
classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66","type":"Microsoft.Authorization/policyDefinitions","name":"3fe37002-5d00-4b37-a301-da09e3a0ca66"},{"properties":{"displayName":"Secure
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66","type":"Microsoft.Authorization/policyDefinitions","name":"3fe37002-5d00-4b37-a301-da09e3a0ca66"},{"properties":{"displayName":"Microsoft
+ Managed Control 1561 - Allocation Of Resources","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1561"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40364c3f-c331-4e29-b1e3-2fbe998ba2f5","type":"Microsoft.Authorization/policyDefinitions","name":"40364c3f-c331-4e29-b1e3-2fbe998ba2f5"},{"properties":{"displayName":"Secure
transfer to storage accounts should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
requirment of Secure transfer in your storage account. Secure transfer is
an option that forces your storage account to accept requests only from secure
connections (HTTPS). Use of HTTPS ensures authentication between the server
and the service and protects data in transit from network layer attacks such
as man-in-the-middle, eavesdropping, and session-hijacking","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","type":"Microsoft.Authorization/policyDefinitions","name":"404c3081-a854-4457-ae30-26a93ef643f9"},{"properties":{"displayName":"[Preview]:
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","type":"Microsoft.Authorization/policyDefinitions","name":"404c3081-a854-4457-ae30-26a93ef643f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1100 - Audit And Accountability Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1100"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4057863c-ca7d-47eb-b1e0-503580cba8a4","type":"Microsoft.Authorization/policyDefinitions","name":"4057863c-ca7d-47eb-b1e0-503580cba8a4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1637 - Boundary Protection | Fail Secure","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1637"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4075bedc-c62a-4635-bede-a01be89807f3","type":"Microsoft.Authorization/policyDefinitions","name":"4075bedc-c62a-4635-bede-a01be89807f3"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Administrative
Templates - System''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -7813,11 +12669,41 @@ interactions:
Driver Initialization Policy;ExpectedValue","value":"[parameters(''BootStartDriverInitializationPolicy'')]"},{"name":"Enable
Windows NTP Client;ExpectedValue","value":"[parameters(''EnableWindowsNTPClient'')]"},{"name":"Turn
on convenience PIN sign-in;ExpectedValue","value":"[parameters(''TurnOnConveniencePINSignin'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40917425-69db-4018-8dae-2a0556cef899","type":"Microsoft.Authorization/policyDefinitions","name":"40917425-69db-4018-8dae-2a0556cef899"},{"properties":{"displayName":"Azure
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40917425-69db-4018-8dae-2a0556cef899","type":"Microsoft.Authorization/policyDefinitions","name":"40917425-69db-4018-8dae-2a0556cef899"},{"properties":{"displayName":"Microsoft
+ Managed Control 1202 - Access Restrictions For Change","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1202"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40a2a83b-74f2-4c02-ae65-f460a5d2792a","type":"Microsoft.Authorization/policyDefinitions","name":"40a2a83b-74f2-4c02-ae65-f460a5d2792a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1438 - Media Sanitization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1438"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40fcc635-52a2-4dbc-9523-80a1f4aa1de6","type":"Microsoft.Authorization/policyDefinitions","name":"40fcc635-52a2-4dbc-9523-80a1f4aa1de6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1365 - Incident Handling | Continuity Of Operations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1365"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4116891d-72f7-46ee-911c-8056cc8dcbd5","type":"Microsoft.Authorization/policyDefinitions","name":"4116891d-72f7-46ee-911c-8056cc8dcbd5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1022 - Account Management | Shared / Group Account Credential
+ Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1022"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/411f7e2d-9a0b-4627-a0b9-1700432db47d","type":"Microsoft.Authorization/policyDefinitions","name":"411f7e2d-9a0b-4627-a0b9-1700432db47d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1464 - Monitoring Physical Access | Intrusion Alarms / Surveillance
+ Equipment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1464"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/41256567-1795-4684-b00b-a1308ce43cac","type":"Microsoft.Authorization/policyDefinitions","name":"41256567-1795-4684-b00b-a1308ce43cac"},{"properties":{"displayName":"Azure
Monitor should collect activity logs from all regions","policyType":"BuiltIn","mode":"All","description":"This
policy audits the Azure Monitor log profile which does not export activities
from all Azure supported regions including global.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiasoutheast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"brazilsouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francesouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japaneast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japanwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreasouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricanorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricawest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southeastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaenorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uksouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"ukwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"global"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","type":"Microsoft.Authorization/policyDefinitions","name":"41388f1c-2db0-4c25-95b2-35d7f5ccbfa9"},{"properties":{"displayName":"Diagnostic
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiasoutheast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"brazilsouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francesouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japaneast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japanwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreasouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricanorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricawest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southeastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaenorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uksouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"ukwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"global"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","type":"Microsoft.Authorization/policyDefinitions","name":"41388f1c-2db0-4c25-95b2-35d7f5ccbfa9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1263 - Contingency Plan Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1263"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/41472613-3b05-49f6-8fe8-525af113ce17","type":"Microsoft.Authorization/policyDefinitions","name":"41472613-3b05-49f6-8fe8-525af113ce17"},{"properties":{"displayName":"Microsoft
+ Managed Control 1096 - Role-Based Security Training | Practical Exercises","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1096"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/420c1477-aa43-49d0-bd7e-c4abdd9addff","type":"Microsoft.Authorization/policyDefinitions","name":"420c1477-aa43-49d0-bd7e-c4abdd9addff"},{"properties":{"displayName":"Microsoft
+ Managed Control 1260 - Contingency Training | Simulated Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1260"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/42254fc4-2738-4128-9613-72aaa4f0d9c3","type":"Microsoft.Authorization/policyDefinitions","name":"42254fc4-2738-4128-9613-72aaa4f0d9c3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1694 - Information System Monitoring | Analyze Communications
+ Traffic Anomalies","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1694"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/426c4ac9-ff17-49d0-acd7-a13c157081c0","type":"Microsoft.Authorization/policyDefinitions","name":"426c4ac9-ff17-49d0-acd7-a13c157081c0"},{"properties":{"displayName":"Diagnostic
logs in Batch accounts should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
@@ -7841,7 +12727,20 @@ interactions:
Process Termination;ExpectedValue'', ''='', parameters(''AuditProcessTermination'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesDetailedTracking"},"AuditProcessTermination":{"value":"[parameters(''AuditProcessTermination'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AuditProcessTermination":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit
Process Termination;ExpectedValue","value":"[parameters(''AuditProcessTermination'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/42a07bbf-ffcf-459a-b4b1-30ecd118a505","type":"Microsoft.Authorization/policyDefinitions","name":"42a07bbf-ffcf-459a-b4b1-30ecd118a505"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/42a07bbf-ffcf-459a-b4b1-30ecd118a505","type":"Microsoft.Authorization/policyDefinitions","name":"42a07bbf-ffcf-459a-b4b1-30ecd118a505"},{"properties":{"displayName":"Microsoft
+ Managed Control 1174 - Configuration Management Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1174"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/42a9a714-8fbb-43ac-b115-ea12d2bd652f","type":"Microsoft.Authorization/policyDefinitions","name":"42a9a714-8fbb-43ac-b115-ea12d2bd652f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1137 - Audit Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1137"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4344df62-88ab-4637-b97b-bcaf2ec97e7c","type":"Microsoft.Authorization/policyDefinitions","name":"4344df62-88ab-4637-b97b-bcaf2ec97e7c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1367 - Incident Handling | Insider Threats - Specific Capabilities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1367"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/435b2547-6374-4f87-b42d-6e8dbe6ae62a","type":"Microsoft.Authorization/policyDefinitions","name":"435b2547-6374-4f87-b42d-6e8dbe6ae62a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1552 - Vulnerability Scanning | Update By Frequency / Prior
+ To New Scan / When Identified","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1552"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/43684572-e4f1-4642-af35-6b933bc506da","type":"Microsoft.Authorization/policyDefinitions","name":"43684572-e4f1-4642-af35-6b933bc506da"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- System settings''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -7863,13 +12762,56 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"System
settings: Use Certificate Rules on Windows Executables for Software Restriction
Policies;ExpectedValue","value":"[parameters(''SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/437a1f8f-8552-47a8-8b12-a2fee3269dd5","type":"Microsoft.Authorization/policyDefinitions","name":"437a1f8f-8552-47a8-8b12-a2fee3269dd5"},{"properties":{"displayName":"[Deprecated]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/437a1f8f-8552-47a8-8b12-a2fee3269dd5","type":"Microsoft.Authorization/policyDefinitions","name":"437a1f8f-8552-47a8-8b12-a2fee3269dd5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1544 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1544"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/43ced7c9-cd53-456b-b0da-2522649a4271","type":"Microsoft.Authorization/policyDefinitions","name":"43ced7c9-cd53-456b-b0da-2522649a4271"},{"properties":{"displayName":"Microsoft
+ Managed Control 1398 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1398"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/443e8f3d-b51a-45d8-95a7-18b0e42f4dc4","type":"Microsoft.Authorization/policyDefinitions","name":"443e8f3d-b51a-45d8-95a7-18b0e42f4dc4"},{"properties":{"displayName":"[Deprecated]:
Monitor permissive network access in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Network
Security Groups with too permissive rules will be monitored by Azure Security
Center as recommendations","metadata":{"category":"Security Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"permissiveNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed","type":"Microsoft.Authorization/policyDefinitions","name":"44452482-524f-4bf4-b852-0bff7cc4a3ed"},{"properties":{"displayName":"Require
- SQL Server version 12.0","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy ensures all SQL servers use version 12.0","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers"},{"not":{"field":"Microsoft.Sql/servers/version","equals":"12.0"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf","type":"Microsoft.Authorization/policyDefinitions","name":"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"permissiveNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed","type":"Microsoft.Authorization/policyDefinitions","name":"44452482-524f-4bf4-b852-0bff7cc4a3ed"},{"properties":{"displayName":"Microsoft
+ Managed Control 1066 - Remote Access | Disconnect / Disable Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1066"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4455c2e8-c65d-4acf-895e-304916f90b36","type":"Microsoft.Authorization/policyDefinitions","name":"4455c2e8-c65d-4acf-895e-304916f90b36"},{"properties":{"displayName":"Microsoft
+ Managed Control 1720 - Spam Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1720"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44b9a7cd-f36a-491a-a48b-6d04ae7c4221","type":"Microsoft.Authorization/policyDefinitions","name":"44b9a7cd-f36a-491a-a48b-6d04ae7c4221"},{"properties":{"displayName":"Microsoft
+ Managed Control 1334 - Authenticator Management | Pki-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1334"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44bfdadc-8c2e-4c30-9c99-f005986fabcd","type":"Microsoft.Authorization/policyDefinitions","name":"44bfdadc-8c2e-4c30-9c99-f005986fabcd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1604 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1604"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44dbba23-0b61-478e-89c7-b3084667782f","type":"Microsoft.Authorization/policyDefinitions","name":"44dbba23-0b61-478e-89c7-b3084667782f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1712 - Software, Firmware, And Information Integrity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1712"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44e543aa-41db-42aa-98eb-8a5eb1db53f0","type":"Microsoft.Authorization/policyDefinitions","name":"44e543aa-41db-42aa-98eb-8a5eb1db53f0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1310 - Device Identification And Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1310"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/450d7ede-823d-4931-a99d-57f6a38807dc","type":"Microsoft.Authorization/policyDefinitions","name":"450d7ede-823d-4931-a99d-57f6a38807dc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1559 - System And Services Acquisition Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1559"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/45692294-f074-42bd-ac54-16f1a3c07554","type":"Microsoft.Authorization/policyDefinitions","name":"45692294-f074-42bd-ac54-16f1a3c07554"},{"properties":{"displayName":"Microsoft
+ Managed Control 1578 - Acquisition Process | Functions / Ports / Protocols
+ / Services In Use","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1578"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/45b7b644-5f91-498e-9d89-7402532d3645","type":"Microsoft.Authorization/policyDefinitions","name":"45b7b644-5f91-498e-9d89-7402532d3645"},{"properties":{"displayName":"Microsoft
+ Managed Control 1565 - System Development Life Cycle","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1565"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/45ce2396-5c76-4654-9737-f8792ab3d26b","type":"Microsoft.Authorization/policyDefinitions","name":"45ce2396-5c76-4654-9737-f8792ab3d26b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1337 - Authenticator Management | In-Person Or Trusted Third-Party
+ Registration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1337"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/463e5220-3f79-4e24-a63f-343e4096cd22","type":"Microsoft.Authorization/policyDefinitions","name":"463e5220-3f79-4e24-a63f-343e4096cd22"},{"properties":{"displayName":"[Deprecated]:
+ Require SQL Server version 12.0","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy ensures all SQL servers use version 12.0. This policy is deprecated
+ because it is no longer possible to create an Azure SQL server with any version
+ other than 12.0.","metadata":{"category":"SQL","deprecated":"true"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers"},{"not":{"field":"Microsoft.Sql/servers/version","equals":"12.0"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf","type":"Microsoft.Authorization/policyDefinitions","name":"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1346 - Identification And Authentication (Non-Organizational
+ Users)","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1346"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/464dc8ce-2200-4720-87a5-dc5952924cc6","type":"Microsoft.Authorization/policyDefinitions","name":"464dc8ce-2200-4720-87a5-dc5952924cc6"},{"properties":{"displayName":"[Deprecated]:
Audit Web Applications that are not using latest supported Python Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported Python version for the latest security classes. Using
older classes and types can make your application vulnerable.","metadata":{"category":"Security
@@ -7878,7 +12820,14 @@ interactions:
automatic OS image patching on Virtual Machine Scale Sets","policyType":"BuiltIn","mode":"All","description":"This
policy enforces enabling automatic OS image patching on Virtual Machine Scale
Sets to always keep Virtual Machines secure by safely applying latest security
- patches every month.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgradePolicy.enableAutomaticOSUpgrade","notEquals":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade","notEquals":"True"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"465f0161-0087-490a-9ad9-ad6217f4f43a"},{"properties":{"displayName":"Automatic
+ patches every month.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgradePolicy.enableAutomaticOSUpgrade","notEquals":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade","notEquals":"True"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"465f0161-0087-490a-9ad9-ad6217f4f43a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1368 - Incident Handling | Correlation With External Organizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1368"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/465f32da-0ace-4603-8d1b-7be5a3a702de","type":"Microsoft.Authorization/policyDefinitions","name":"465f32da-0ace-4603-8d1b-7be5a3a702de"},{"properties":{"displayName":"Microsoft
+ Managed Control 1062 - Remote Access | Protection Of Confidentiality / Integrity
+ Using Encryption","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1062"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4708723f-e099-4af1-bbf9-b6df7642e444","type":"Microsoft.Authorization/policyDefinitions","name":"4708723f-e099-4af1-bbf9-b6df7642e444"},{"properties":{"displayName":"Automatic
provisioning of the Log Analytics monitoring agent should be enabled on your
subscription","policyType":"BuiltIn","mode":"All","description":"Enable automatic
provisioning of the Log Analytics monitoring agent in order to collect security
@@ -7887,12 +12836,51 @@ interactions:
Application Controls should be enabled on virtual machines","policyType":"BuiltIn","mode":"All","description":"Possible
Application Whitelist configuration will be monitored by Azure Security Center","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"applicationWhitelisting","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","type":"Microsoft.Authorization/policyDefinitions","name":"47a6b606-51aa-4496-8bb7-64b11cf66adc"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"applicationWhitelisting","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","type":"Microsoft.Authorization/policyDefinitions","name":"47a6b606-51aa-4496-8bb7-64b11cf66adc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1359 - Incident Response Testing | Coordination With Related
+ Plans","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Incident Response control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1359"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/47bc7ea0-7d13-4f7c-a154-b903f7194253","type":"Microsoft.Authorization/policyDefinitions","name":"47bc7ea0-7d13-4f7c-a154-b903f7194253"},{"properties":{"displayName":"Microsoft
+ Managed Control 1165 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1165"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/47e10916-6c9e-446b-b0bd-ff5fd439d79d","type":"Microsoft.Authorization/policyDefinitions","name":"47e10916-6c9e-446b-b0bd-ff5fd439d79d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1048 - System Use Notification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1048"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/483e7ca9-82b3-45a2-be97-b93163a0deb7","type":"Microsoft.Authorization/policyDefinitions","name":"483e7ca9-82b3-45a2-be97-b93163a0deb7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1033 - Separation Of Duties","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1033"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48540f01-fc11-411a-b160-42807c68896e","type":"Microsoft.Authorization/policyDefinitions","name":"48540f01-fc11-411a-b160-42807c68896e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1477 - Fire Protection | Detection Devices / Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1477"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4862a63c-6c74-4a9d-a221-89af3c374503","type":"Microsoft.Authorization/policyDefinitions","name":"4862a63c-6c74-4a9d-a221-89af3c374503"},{"properties":{"displayName":"Microsoft
+ Managed Control 1484 - Water Damage Protection | Automation Support","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1484"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/486b006a-3653-45e8-b41c-a052d3e05456","type":"Microsoft.Authorization/policyDefinitions","name":"486b006a-3653-45e8-b41c-a052d3e05456"},{"properties":{"displayName":"[Deprecated]:
Audit IP restrictions configuration for an API App","policyType":"BuiltIn","mode":"All","description":"IP
Restrictions allow you to define a list of IP addresses that are allowed to
access your app. Use of IP Restrictions protects an API app from common attacks.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53","type":"Microsoft.Authorization/policyDefinitions","name":"48893b84-a2c8-4d9a-badf-835d5d1b7d53"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53","type":"Microsoft.Authorization/policyDefinitions","name":"48893b84-a2c8-4d9a-badf-835d5d1b7d53"},{"properties":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for PostgreSQL","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure Database for PostgreSQL with geo-redundant backup
+ not enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},{"field":"Microsoft.DBforPostgreSQL/servers/storageProfile.geoRedundantBackup","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","type":"Microsoft.Authorization/policyDefinitions","name":"48af4db5-9b8b-401c-8e74-076be876a430"},{"properties":{"displayName":"Microsoft
+ Managed Control 1669 - Flaw Remediation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1669"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48f2f62b-5743-4415-a143-288adc0e078d","type":"Microsoft.Authorization/policyDefinitions","name":"48f2f62b-5743-4415-a143-288adc0e078d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1376 - Incident Response Assistance | Coordination With External
+ Providers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1376"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/493a95f3-f2e3-47d0-af02-65e6d6decc2f","type":"Microsoft.Authorization/policyDefinitions","name":"493a95f3-f2e3-47d0-af02-65e6d6decc2f"},{"properties":{"displayName":"Ensure
+ that ''Java version'' is the latest, if used as a part of the Web app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Java software either due to security flaws
+ or to include additional functionality. Using the latest Java version for
+ web apps is recommended in order to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ Java version","description":"Latest supported Java version for App Services"},"defaultValue":"11"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"JAVA"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","like":"[concat(''*'',
+ parameters(''JavaLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.javaVersion","like":"[concat(parameters(''JavaLatestVersion''),
+ ''*'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","type":"Microsoft.Authorization/policyDefinitions","name":"496223c3-ad65-4ecd-878a-bae78737e9ed"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Audit''","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Windows virtual machines
@@ -7908,15 +12896,52 @@ interactions:
''='', parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsAudit"},"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"value":"[parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit:
Shut down system immediately if unable to log security audits;ExpectedValue","value":"[parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/498b810c-59cd-4222-9338-352ba146ccf3","type":"Microsoft.Authorization/policyDefinitions","name":"498b810c-59cd-4222-9338-352ba146ccf3"},{"properties":{"displayName":"Append
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/498b810c-59cd-4222-9338-352ba146ccf3","type":"Microsoft.Authorization/policyDefinitions","name":"498b810c-59cd-4222-9338-352ba146ccf3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1329 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1329"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/498f6234-3e20-4b6a-a880-cbd646d973bd","type":"Microsoft.Authorization/policyDefinitions","name":"498f6234-3e20-4b6a-a880-cbd646d973bd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1638 - Boundary Protection | Dynamic Isolation / Segregation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1638"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49b99653-32cd-405d-a135-e7d60a9aae1f","type":"Microsoft.Authorization/policyDefinitions","name":"49b99653-32cd-405d-a135-e7d60a9aae1f"},{"properties":{"displayName":"Append
tag and its default value to resource groups","policyType":"BuiltIn","mode":"All","description":"Appends
the specified tag and value when any resource group which is missing this
tag is created or updated. Does not modify the tags of resource groups created
- before this policy was applied until those resource groups are changed.","metadata":{"category":"General"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ before this policy was applied until those resource groups are changed. New
+ ''modify'' effect policies are available that support remediation of tags
+ on existing resources (see https://aka.ms/modifydoc).","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
- Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","exists":"false"},{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"}]},"then":{"effect":"append","details":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71","type":"Microsoft.Authorization/policyDefinitions","name":"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71"},{"properties":{"displayName":"Deploy
+ Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"append","details":[{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71","type":"Microsoft.Authorization/policyDefinitions","name":"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71"},{"properties":{"displayName":"Microsoft
+ Managed Control 1294 - Information System Backup | Transfer To Alternate Storage
+ Site","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1294"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49dbe627-2c1e-438c-979e-dd7a39bbf81d","type":"Microsoft.Authorization/policyDefinitions","name":"49dbe627-2c1e-438c-979e-dd7a39bbf81d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1218 - Least Functionality | Prevent Program Execution","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1218"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4a1d0394-b9f5-493e-9e83-563fd0ac4df8","type":"Microsoft.Authorization/policyDefinitions","name":"4a1d0394-b9f5-493e-9e83-563fd0ac4df8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1677 - Malicious Code Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1677"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4a248e1e-040f-43e5-bff2-afc3a57a3923","type":"Microsoft.Authorization/policyDefinitions","name":"4a248e1e-040f-43e5-bff2-afc3a57a3923"},{"properties":{"displayName":"Microsoft
+ Managed Control 1094 - Role-Based Security Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1094"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4b1853e0-8973-446b-b567-09d901d31a09","type":"Microsoft.Authorization/policyDefinitions","name":"4b1853e0-8973-446b-b567-09d901d31a09"},{"properties":{"displayName":"Microsoft
+ Managed Control 1114 - Response To Audit Processing Failures | Real-Time Alerts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1114"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4c090801-59bc-4454-bb33-e0455133486a","type":"Microsoft.Authorization/policyDefinitions","name":"4c090801-59bc-4454-bb33-e0455133486a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1364 - Incident Handling | Dynamic Reconfiguration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1364"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4c615c2a-dc83-4dda-8220-abce7b50c9bc","type":"Microsoft.Authorization/policyDefinitions","name":"4c615c2a-dc83-4dda-8220-abce7b50c9bc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1661 - Session Authenticity | Invalidate Session Identifiers
+ At Logout","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1661"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4c643c9a-1be7-4016-a5e7-e4bada052920","type":"Microsoft.Authorization/policyDefinitions","name":"4c643c9a-1be7-4016-a5e7-e4bada052920"},{"properties":{"displayName":"Microsoft
+ Managed Control 1373 - Incident Reporting | Automated Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1373"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4cca950f-c3b7-492a-8e8f-ea39663c14f9","type":"Microsoft.Authorization/policyDefinitions","name":"4cca950f-c3b7-492a-8e8f-ea39663c14f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1632 - Boundary Protection | Prevent Split Tunneling For Remote
+ Devices","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1632"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4ce9073a-77fa-48f0-96b1-87aa8e6091c2","type":"Microsoft.Authorization/policyDefinitions","name":"4ce9073a-77fa-48f0-96b1-87aa8e6091c2"},{"properties":{"displayName":"Deploy
prerequisites to audit Linux VMs that do not have the specified applications
installed","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Linux virtual machines that
@@ -7928,66 +12953,277 @@ interactions:
names","description":"A semicolon-separated list of the names of the applications
that should be installed. e.g. ''python; powershell''"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"installed_application_linux","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent'',
''='', concat(''packages: ['', replace(parameters(''ApplicationName''), '';'',
- '',''), '']'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"installed_application_linux"},"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ApplicationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ '',''), '']'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"installed_application_linux"},"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ApplicationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent","value":"[concat(''packages:
- ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent","value":"[concat(''packages:
- ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721","type":"Microsoft.Authorization/policyDefinitions","name":"4d1c04de-2172-403f-901b-90608c35c721"},{"properties":{"displayName":"[Preview]:
+ ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721","type":"Microsoft.Authorization/policyDefinitions","name":"4d1c04de-2172-403f-901b-90608c35c721"},{"properties":{"displayName":"FTPS
+ should be required in your Web App","policyType":"BuiltIn","mode":"Indexed","description":"Enable
+ FTPS enforcement for enhanced security","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/ftpsState","equals":"FtpsOnly"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","type":"Microsoft.Authorization/policyDefinitions","name":"4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1155 - System Interconnections | Restrictions On External
+ System Connections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1155"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d33f9f1-12d0-46ad-9fbd-8f8046694977","type":"Microsoft.Authorization/policyDefinitions","name":"4d33f9f1-12d0-46ad-9fbd-8f8046694977"},{"properties":{"displayName":"Microsoft
+ Managed Control 1156 - Plan Of Action And Milestones","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1156"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d52e864-9a3b-41ee-8f03-520815fe5378","type":"Microsoft.Authorization/policyDefinitions","name":"4d52e864-9a3b-41ee-8f03-520815fe5378"},{"properties":{"displayName":"Microsoft
+ Managed Control 1312 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1312"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d6a5968-9eef-4c18-8534-376790ab7274","type":"Microsoft.Authorization/policyDefinitions","name":"4d6a5968-9eef-4c18-8534-376790ab7274"},{"properties":{"displayName":"[Preview]:
Deploy Dependency Agent for Linux VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined
and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''),
''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee","type":"Microsoft.Authorization/policyDefinitions","name":"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee"},{"properties":{"displayName":"A
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee","type":"Microsoft.Authorization/policyDefinitions","name":"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Data Lake Analytics to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Analytics to stream to a regional Event
+ Hub when any Data Lake Analytics which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeAnalytics/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeAnalytics/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4daddf25-4823-43d4-88eb-2419eb6dcc08","type":"Microsoft.Authorization/policyDefinitions","name":"4daddf25-4823-43d4-88eb-2419eb6dcc08"},{"properties":{"displayName":"Microsoft
+ Managed Control 1394 - System Maintenance Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1394"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4db56f68-3f50-45ab-88f3-ca46f5379a94","type":"Microsoft.Authorization/policyDefinitions","name":"4db56f68-3f50-45ab-88f3-ca46f5379a94"},{"properties":{"displayName":"Microsoft
+ Managed Control 1702 - Information System Monitoring | Indicators Of Compromise","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1702"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4dfc0855-92c4-4641-b155-a55ddd962362","type":"Microsoft.Authorization/policyDefinitions","name":"4dfc0855-92c4-4641-b155-a55ddd962362"},{"properties":{"displayName":"Microsoft
+ Managed Control 1001 - Access Control Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1001"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e26f8c3-4bf3-4191-b8fc-d888805101b7","type":"Microsoft.Authorization/policyDefinitions","name":"4e26f8c3-4bf3-4191-b8fc-d888805101b7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1083 - Publicly Accessible Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1083"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e319cb6-2ca3-4a58-ad75-e67f484e50ec","type":"Microsoft.Authorization/policyDefinitions","name":"4e319cb6-2ca3-4a58-ad75-e67f484e50ec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1579 - Acquisition Process | Use Of Approved Piv Products","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1579"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e54c7ef-7457-430b-9a3e-ef8881d4a8e0","type":"Microsoft.Authorization/policyDefinitions","name":"4e54c7ef-7457-430b-9a3e-ef8881d4a8e0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1247 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1247"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e666db5-b2ef-4b06-aac6-09bfce49151b","type":"Microsoft.Authorization/policyDefinitions","name":"4e666db5-b2ef-4b06-aac6-09bfce49151b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1196 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1196"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e7f4ea4-dd62-44f6-8886-ac6137cf52b0","type":"Microsoft.Authorization/policyDefinitions","name":"4e7f4ea4-dd62-44f6-8886-ac6137cf52b0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1134 - Protection Of Audit Information | Access By Subset
+ Of Privileged Users","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1134"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e95f70e-181c-4422-9da2-43079710c789","type":"Microsoft.Authorization/policyDefinitions","name":"4e95f70e-181c-4422-9da2-43079710c789"},{"properties":{"displayName":"Microsoft
+ Managed Control 1267 - Alternate Storage Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1267"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e97ba1d-be5d-4953-8da4-0cccf28f4805","type":"Microsoft.Authorization/policyDefinitions","name":"4e97ba1d-be5d-4953-8da4-0cccf28f4805"},{"properties":{"displayName":"Microsoft
+ Managed Control 1192 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1192"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4ebd97f7-b105-4f50-8daf-c51465991240","type":"Microsoft.Authorization/policyDefinitions","name":"4ebd97f7-b105-4f50-8daf-c51465991240"},{"properties":{"displayName":"Microsoft
+ Managed Control 1139 - Audit Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1139"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4ed62522-de00-4dda-9810-5205733d2f34","type":"Microsoft.Authorization/policyDefinitions","name":"4ed62522-de00-4dda-9810-5205733d2f34"},{"properties":{"displayName":"A
maximum of 3 owners should be designated for your subscription","policyType":"BuiltIn","mode":"All","description":"It
is recommended to designate up to 3 subscription owners in order to reduce
the potential for breach by a compromised owner.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateLessThanXOwners","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","type":"Microsoft.Authorization/policyDefinitions","name":"4f11b553-d42e-4e3a-89be-32ca364cad4c"},{"properties":{"displayName":"A
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateLessThanXOwners","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","type":"Microsoft.Authorization/policyDefinitions","name":"4f11b553-d42e-4e3a-89be-32ca364cad4c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1442 - Media Sanitization | Nondestructive Techniques","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1442"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f26049b-2c5a-4841-9ff3-d48a26aae475","type":"Microsoft.Authorization/policyDefinitions","name":"4f26049b-2c5a-4841-9ff3-d48a26aae475"},{"properties":{"displayName":"Microsoft
+ Managed Control 1182 - Baseline Configuration | Configure Systems, Components,
+ Or Devices For High-Risk Areas","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1182"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f34f554-da4b-4786-8d66-7915c90893da","type":"Microsoft.Authorization/policyDefinitions","name":"4f34f554-da4b-4786-8d66-7915c90893da"},{"properties":{"displayName":"A
security contact email address should be provided for your subscription","policyType":"BuiltIn","mode":"All","description":"Enter
an email address to receive notifications when Azure Security Center detects
compromised resources","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/email","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","type":"Microsoft.Authorization/policyDefinitions","name":"4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7"},{"properties":{"displayName":"[Preview]
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/email","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","type":"Microsoft.Authorization/policyDefinitions","name":"4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7"},{"properties":{"displayName":"Add
+ a tag to resources","policyType":"BuiltIn","mode":"Indexed","description":"Adds
+ the specified tag and value when any resource missing this tag is created
+ or updated. Existing resources can be remediated by triggering a remediation
+ task. If the tag exists with a different value it will not be changed. Does
+ not modify tags on resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
+ Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","exists":"false"},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"add","field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f9dc7db-30c1-420c-b61a-e1d640128d26","type":"Microsoft.Authorization/policyDefinitions","name":"4f9dc7db-30c1-420c-b61a-e1d640128d26"},{"properties":{"displayName":"[Preview]
Vulnerability Assessment should be enabled on Virtual Machines","policyType":"BuiltIn","mode":"All","description":"Monitors
vulnerabilities detected by Azure Security Center Vulnerability Assessment
on Virtual Machines","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"serverVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["NotApplicable","OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","type":"Microsoft.Authorization/policyDefinitions","name":"501541f7-f7e7-4cd6-868c-4190fdad3ac9"},{"properties":{"displayName":"Connection
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"serverVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["NotApplicable","OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","type":"Microsoft.Authorization/policyDefinitions","name":"501541f7-f7e7-4cd6-868c-4190fdad3ac9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1485 - Delivery And Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1485"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50301354-95d0-4a11-8af5-8039ecf6d38b","type":"Microsoft.Authorization/policyDefinitions","name":"50301354-95d0-4a11-8af5-8039ecf6d38b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1646 - Cryptographic Key Establishment And Management | Asymmetric
+ Keys","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1646"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/506814fa-b930-4b10-894e-a45b98c40e1a","type":"Microsoft.Authorization/policyDefinitions","name":"506814fa-b930-4b10-894e-a45b98c40e1a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1566 - System Development Life Cycle","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1566"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50ad3724-e2ac-4716-afcc-d8eabd97adb9","type":"Microsoft.Authorization/policyDefinitions","name":"50ad3724-e2ac-4716-afcc-d8eabd97adb9"},{"properties":{"displayName":"A
+ custom IPsec/IKE policy must be applied to all Azure virtual network gateway
+ connections","policyType":"BuiltIn","mode":"All","description":"This policy
+ ensures that all Azure virtual network gateway connections use a custom Internet
+ Protocol Security(Ipsec)/Internet Key Exchange(IKE) policy. Supported algorithms
+ and key strengths - https://aka.ms/AA62kb0","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"IPsecEncryption":{"type":"Array","metadata":{"displayName":"IPsec
+ Encryption","description":"IPsec Encryption"}},"IPsecIntegrity":{"type":"Array","metadata":{"displayName":"IPsec
+ Integrity","description":"IPsec Integrity"}},"IKEEncryption":{"type":"Array","metadata":{"displayName":"IKE
+ Encryption","description":"IKE Encryption"}},"IKEIntegrity":{"type":"Array","metadata":{"displayName":"IKE
+ Integrity","description":"IKE Integrity"}},"DHGroup":{"type":"Array","metadata":{"displayName":"DH
+ Group","description":"DH Group"}},"PFSGroup":{"type":"Array","metadata":{"displayName":"PFS
+ Group","description":"PFS Group"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/connections"},{"anyOf":[{"field":"Microsoft.Network/connections/ipsecPolicies[*].ipsecEncryption","notIn":"[parameters(''IPsecEncryption'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ipsecIntegrity","notIn":"[parameters(''IPsecIntegrity'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ikeEncryption","notIn":"[parameters(''IKEEncryption'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ikeIntegrity","notIn":"[parameters(''IKEIntegrity'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].dhGroup","notIn":"[parameters(''DHGroup'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].pfsGroup","notIn":"[parameters(''PFSGroup'')]"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50b83b09-03da-41c1-b656-c293c914862b","type":"Microsoft.Authorization/policyDefinitions","name":"50b83b09-03da-41c1-b656-c293c914862b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1248 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1248"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50fc602d-d8e0-444b-a039-ad138ee5deb0","type":"Microsoft.Authorization/policyDefinitions","name":"50fc602d-d8e0-444b-a039-ad138ee5deb0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1386 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1386"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5120193e-91fd-4f9d-bc6d-194f94734065","type":"Microsoft.Authorization/policyDefinitions","name":"5120193e-91fd-4f9d-bc6d-194f94734065"},{"properties":{"displayName":"Microsoft
+ Managed Control 1352 - Incident Response Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1352"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/518cb545-bfa8-43f8-a108-3b7d5037469a","type":"Microsoft.Authorization/policyDefinitions","name":"518cb545-bfa8-43f8-a108-3b7d5037469a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1642 - Network Disconnect","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1642"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/53397227-5ee3-4b23-9e5e-c8a767ce6928","type":"Microsoft.Authorization/policyDefinitions","name":"53397227-5ee3-4b23-9e5e-c8a767ce6928"},{"properties":{"displayName":"Connection
throttling should be enabled for PostgreSQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy helps audit any PostgreSQL databases in your environment without Connection
throttling enabled. This setting enables temporary connection throttling per
IP for too many invalid password login failures.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"connection_throttling","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd","type":"Microsoft.Authorization/policyDefinitions","name":"5345bb39-67dc-4960-a1bf-427e16b9a0bd"},{"properties":{"displayName":"CORS
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"connection_throttling","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd","type":"Microsoft.Authorization/policyDefinitions","name":"5345bb39-67dc-4960-a1bf-427e16b9a0bd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1467 - Visitor Access Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1467"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5350cbf9-8bdd-4904-b22a-e88be84ca49d","type":"Microsoft.Authorization/policyDefinitions","name":"5350cbf9-8bdd-4904-b22a-e88be84ca49d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1183 - Baseline Configuration | Configure Systems, Components,
+ Or Devices For High-Risk Areas","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1183"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5352e3e0-e63a-452e-9e5f-9c1d181cff9c","type":"Microsoft.Authorization/policyDefinitions","name":"5352e3e0-e63a-452e-9e5f-9c1d181cff9c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1029 - Information Flow Enforcement | Security Policy Filters","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1029"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69","type":"Microsoft.Authorization/policyDefinitions","name":"53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69"},{"properties":{"displayName":"Microsoft
+ Managed Control 1270 - Alternate Storage Site | Recovery Time / Point Objectives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1270"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/53c76a39-2097-408a-b237-b279f7b4614d","type":"Microsoft.Authorization/policyDefinitions","name":"53c76a39-2097-408a-b237-b279f7b4614d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1040 - Least Privilege | Review Of User Privileges","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1040"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/54205576-cec9-463f-ba44-b4b3f5d0a84c","type":"Microsoft.Authorization/policyDefinitions","name":"54205576-cec9-463f-ba44-b4b3f5d0a84c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1015 - Account Management | Disable Inactive Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1015"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/544a208a-9c3f-40bc-b1d1-d7e144495c14","type":"Microsoft.Authorization/policyDefinitions","name":"544a208a-9c3f-40bc-b1d1-d7e144495c14"},{"properties":{"displayName":"Microsoft
+ Managed Control 1026 - Account Management | Disable Accounts For High-Risk
+ Individuals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1026"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/55419419-c597-4cd4-b51e-009fd2266783","type":"Microsoft.Authorization/policyDefinitions","name":"55419419-c597-4cd4-b51e-009fd2266783"},{"properties":{"displayName":"Microsoft
+ Managed Control 1045 - Unsuccessful Logon Attempts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1045"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/554d2dd6-f3a8-4ad5-b66f-5ce23bd18892","type":"Microsoft.Authorization/policyDefinitions","name":"554d2dd6-f3a8-4ad5-b66f-5ce23bd18892"},{"properties":{"displayName":"Microsoft
+ Managed Control 1523 - Personnel Transfer","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1523"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5577a310-2551-49c8-803b-36e0d5e55601","type":"Microsoft.Authorization/policyDefinitions","name":"5577a310-2551-49c8-803b-36e0d5e55601"},{"properties":{"displayName":"Microsoft
+ Managed Control 1113 - Response To Audit Processing Failures | Audit Storage
+ Capacity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1113"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/562afd61-56be-4313-8fe4-b9564aa4ba7d","type":"Microsoft.Authorization/policyDefinitions","name":"562afd61-56be-4313-8fe4-b9564aa4ba7d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1212 - Configuration Settings | Automated Central Management
+ / Application / Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1212"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/56d970ee-4efc-49c8-8a4e-5916940d784c","type":"Microsoft.Authorization/policyDefinitions","name":"56d970ee-4efc-49c8-8a4e-5916940d784c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1403 - Controlled Maintenance | Automated Maintenance Activities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1403"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/57149289-d52b-4f40-9fe6-5233c1ef80f7","type":"Microsoft.Authorization/policyDefinitions","name":"57149289-d52b-4f40-9fe6-5233c1ef80f7"},{"properties":{"displayName":"CORS
should not allow every resource to access your Web Applications","policyType":"BuiltIn","mode":"Indexed","description":"Cross-Origin
Resource Sharing (CORS) should not allow all domains to access your web application.
Allow only required domains to interact with your web app.","metadata":{"category":"App
Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","type":"Microsoft.Authorization/policyDefinitions","name":"5744710e-cc2f-4ee8-8809-3b11e89f4bc9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","type":"Microsoft.Authorization/policyDefinitions","name":"5744710e-cc2f-4ee8-8809-3b11e89f4bc9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1162 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1162"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592","type":"Microsoft.Authorization/policyDefinitions","name":"5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592"},{"properties":{"displayName":"Microsoft
+ Managed Control 1054 - Session Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1054"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5807e1b4-ba5e-4718-8689-a0ca05a191b2","type":"Microsoft.Authorization/policyDefinitions","name":"5807e1b4-ba5e-4718-8689-a0ca05a191b2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1584 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1584"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5864522b-ff1d-4979-a9f8-58bee1fb174c","type":"Microsoft.Authorization/policyDefinitions","name":"5864522b-ff1d-4979-a9f8-58bee1fb174c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1547 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1547"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52","type":"Microsoft.Authorization/policyDefinitions","name":"58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52"},{"properties":{"displayName":"Microsoft
+ Managed Control 1573 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1573"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/58c93053-7b98-4cf0-b99f-1beb985416c2","type":"Microsoft.Authorization/policyDefinitions","name":"58c93053-7b98-4cf0-b99f-1beb985416c2"},{"properties":{"displayName":"[Deprecated]:
+ Ensure Function app is using the latest version of TLS encryption","policyType":"BuiltIn","mode":"Indexed","description":"Please
+ use /providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193
+ instead. The TLS(Transport Layer Security) protocol secures transmission of
+ data over the internet using standard encryption technology. Encryption should
+ be set with the latest version of TLS. App service allows TLS 1.2 by default,
+ which is the recommended TLS level by industry standards, such as PCI DSS","metadata":{"category":"App
+ Service","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/58d94fc1-a072-47c2-bd37-9cdb38e77453","type":"Microsoft.Authorization/policyDefinitions","name":"58d94fc1-a072-47c2-bd37-9cdb38e77453"},{"properties":{"displayName":"Microsoft
+ Managed Control 1063 - Remote Access | Managed Access Control Points","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1063"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/593ce201-54b2-4dd0-b34f-c308005d7780","type":"Microsoft.Authorization/policyDefinitions","name":"593ce201-54b2-4dd0-b34f-c308005d7780"},{"properties":{"displayName":"Microsoft
+ Managed Control 1463 - Monitoring Physical Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1463"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/59721f87-ae25-4db0-a2a4-77cc5b25d495","type":"Microsoft.Authorization/policyDefinitions","name":"59721f87-ae25-4db0-a2a4-77cc5b25d495"},{"properties":{"displayName":"Microsoft
+ Managed Control 1425 - Timely Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1425"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5983d99c-f39b-4c32-a3dc-170f19f6941b","type":"Microsoft.Authorization/policyDefinitions","name":"5983d99c-f39b-4c32-a3dc-170f19f6941b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1512 - Personnel Screening","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1512"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5a8324ad-f599-429b-aaed-f9c6e8c987a8","type":"Microsoft.Authorization/policyDefinitions","name":"5a8324ad-f599-429b-aaed-f9c6e8c987a8"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that do not have a minimum password age
of 1 day","policyType":"BuiltIn","mode":"All","description":"This policy should
only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that do not have a minimum password age of 1 day. For more
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","type":"Microsoft.Authorization/policyDefinitions","name":"5aa11bbc-5c76-4302-80e5-aba46a4282e7"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","type":"Microsoft.Authorization/policyDefinitions","name":"5aa11bbc-5c76-4302-80e5-aba46a4282e7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1032 - Separation Of Duties","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1032"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aa85661-d618-46b8-a20f-ca40a86f0751","type":"Microsoft.Authorization/policyDefinitions","name":"5aa85661-d618-46b8-a20f-ca40a86f0751"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that do not restrict the minimum password
length to 14 characters","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that do not restrict the minimum password
length to 14 characters. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","type":"Microsoft.Authorization/policyDefinitions","name":"5aebc8d1-020d-4037-89a0-02043a7524ec"},{"properties":{"displayName":"Show
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","type":"Microsoft.Authorization/policyDefinitions","name":"5aebc8d1-020d-4037-89a0-02043a7524ec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1555 - Vulnerability Scanning | Privileged Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1555"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5afa8cab-1ed7-4e40-884c-64e0ac2059cc","type":"Microsoft.Authorization/policyDefinitions","name":"5afa8cab-1ed7-4e40-884c-64e0ac2059cc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1205 - Access Restrictions For Change | Signed Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1205"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b070cab-0fb8-4e48-ad29-fc90b4c2797c","type":"Microsoft.Authorization/policyDefinitions","name":"5b070cab-0fb8-4e48-ad29-fc90b4c2797c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1005 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1005"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b626abc-26d4-4e22-9de8-3831818526b1","type":"Microsoft.Authorization/policyDefinitions","name":"5b626abc-26d4-4e22-9de8-3831818526b1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1105 - Audit Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1105"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b73f57b-587d-4470-a344-0b0ae805f459","type":"Microsoft.Authorization/policyDefinitions","name":"5b73f57b-587d-4470-a344-0b0ae805f459"},{"properties":{"displayName":"Show
audit results from Linux VMs that have the specified applications installed","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Linux virtual machines that have the specified applications installed.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"not_installed_application_linux","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8","type":"Microsoft.Authorization/policyDefinitions","name":"5b842acb-0fe7-41b0-9f40-880ec4ad84d8"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"not_installed_application_linux","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8","type":"Microsoft.Authorization/policyDefinitions","name":"5b842acb-0fe7-41b0-9f40-880ec4ad84d8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1433 - Media Transport","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1433"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b879b41-2728-41c5-ad24-9ee2c37cbe65","type":"Microsoft.Authorization/policyDefinitions","name":"5b879b41-2728-41c5-ad24-9ee2c37cbe65"},{"properties":{"displayName":"Ensure
+ WEB app has ''Client Certificates (Incoming client certificates)'' set to
+ ''On''","policyType":"BuiltIn","mode":"Indexed","description":"Client certificates
+ allow for the app to request a certificate for incoming requests. Only clients
+ that have a valid certificate will be able to reach the app.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"},{"field":"Microsoft.Web/sites/clientCertEnabled","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","type":"Microsoft.Authorization/policyDefinitions","name":"5bb220d9-2698-4ee4-8404-b9c30c9df609"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs on which the remote host connection
status does not match the specified one","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -8008,14 +13244,17 @@ interactions:
so the machine will be non-compliant if it can establish a connection."},"allowedValues":["True","False"],"defaultValue":"False"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsRemoteConnection","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[WindowsRemoteConnection]WindowsRemoteConnection1;host'',
''='', parameters(''host''), '','', ''[WindowsRemoteConnection]WindowsRemoteConnection1;port'',
''='', parameters(''port''), '','', ''[WindowsRemoteConnection]WindowsRemoteConnection1;shouldConnect'',
- ''='', parameters(''shouldConnect'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsRemoteConnection"},"host":{"value":"[parameters(''host'')]"},"port":{"value":"[parameters(''port'')]"},"shouldConnect":{"value":"[parameters(''shouldConnect'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"host":{"type":"string"},"port":{"type":"string"},"shouldConnect":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;host","value":"[parameters(''host'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;port","value":"[parameters(''port'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;shouldConnect","value":"[parameters(''shouldConnect'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;host","value":"[parameters(''host'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;port","value":"[parameters(''port'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;shouldConnect","value":"[parameters(''shouldConnect'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5bb36dda-8a78-4df9-affd-4f05a8612a8a","type":"Microsoft.Authorization/policyDefinitions","name":"5bb36dda-8a78-4df9-affd-4f05a8612a8a"},{"properties":{"displayName":"[Preview]:
+ ''='', parameters(''shouldConnect'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsRemoteConnection"},"host":{"value":"[parameters(''host'')]"},"port":{"value":"[parameters(''port'')]"},"shouldConnect":{"value":"[parameters(''shouldConnect'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"host":{"type":"string"},"port":{"type":"string"},"shouldConnect":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;host","value":"[parameters(''host'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;port","value":"[parameters(''port'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;shouldConnect","value":"[parameters(''shouldConnect'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;host","value":"[parameters(''host'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;port","value":"[parameters(''port'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;shouldConnect","value":"[parameters(''shouldConnect'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5bb36dda-8a78-4df9-affd-4f05a8612a8a","type":"Microsoft.Authorization/policyDefinitions","name":"5bb36dda-8a78-4df9-affd-4f05a8612a8a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1551 - Vulnerability Scanning | Update Tool Capability","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1551"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5bbda922-0172-4095-89e6-5b4a0bf03af7","type":"Microsoft.Authorization/policyDefinitions","name":"5bbda922-0172-4095-89e6-5b4a0bf03af7"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Network Security''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -8031,16 +13270,38 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","type":"Microsoft.Authorization/policyDefinitions","name":"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138"},{"properties":{"displayName":"External
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","type":"Microsoft.Authorization/policyDefinitions","name":"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138"},{"properties":{"displayName":"Microsoft
+ Managed Control 1671 - Flaw Remediation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1671"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c5bbef7-a316-415b-9b38-29753ce8e698","type":"Microsoft.Authorization/policyDefinitions","name":"5c5bbef7-a316-415b-9b38-29753ce8e698"},{"properties":{"displayName":"Microsoft
+ Managed Control 1067 - Wireless Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1067"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c5e54f6-0127-44d0-8b61-f31dc8dd6190","type":"Microsoft.Authorization/policyDefinitions","name":"5c5e54f6-0127-44d0-8b61-f31dc8dd6190"},{"properties":{"displayName":"External
accounts with write permissions should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"External
accounts with write privileges should be removed from your subscription in
order to prevent unmonitored access.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","type":"Microsoft.Authorization/policyDefinitions","name":"5c607a2e-c700-4744-8254-d77e7c9eb5e4"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","type":"Microsoft.Authorization/policyDefinitions","name":"5c607a2e-c700-4744-8254-d77e7c9eb5e4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1483 - Water Damage Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1483"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5cb81060-3c8a-4968-bcdc-395a1801f6c1","type":"Microsoft.Authorization/policyDefinitions","name":"5cb81060-3c8a-4968-bcdc-395a1801f6c1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1362 - Incident Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1362"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5d169442-d6ef-439b-8dca-46c2c3248214","type":"Microsoft.Authorization/policyDefinitions","name":"5d169442-d6ef-439b-8dca-46c2c3248214"},{"properties":{"displayName":"Microsoft
+ Managed Control 1014 - Account Management | Removal Of Temporary / Emergency
+ Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1014"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5dee936c-8037-4df1-ab35-6635733da48c","type":"Microsoft.Authorization/policyDefinitions","name":"5dee936c-8037-4df1-ab35-6635733da48c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1665 - Process Isolation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1665"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5df3a55c-8456-44d4-941e-175f79332512","type":"Microsoft.Authorization/policyDefinitions","name":"5df3a55c-8456-44d4-941e-175f79332512"},{"properties":{"displayName":"[Deprecated]:
Function App should only be accessible over HTTPS","policyType":"BuiltIn","mode":"All","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"Security
Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForFunctionApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55","type":"Microsoft.Authorization/policyDefinitions","name":"5df82f4f-773a-4a2d-97a2-422a806f1a55"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForFunctionApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55","type":"Microsoft.Authorization/policyDefinitions","name":"5df82f4f-773a-4a2d-97a2-422a806f1a55"},{"properties":{"displayName":"Microsoft
+ Managed Control 1251 - Contingency Plan | Coordinate With Related Plans","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1251"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e2b3730-8c14-4081-8893-19dbb5de7348","type":"Microsoft.Authorization/policyDefinitions","name":"5e2b3730-8c14-4081-8893-19dbb5de7348"},{"properties":{"displayName":"[Deprecated]:
Audit Web Applications that are not using latest supported .NET Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported .NET Framework version for the latest security classes.
Using older classes and types can make your application vulnerable.","metadata":{"category":"Security
@@ -8052,8 +13313,14 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that do not have the specified applications installed. For
more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WhitelistedApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9","type":"Microsoft.Authorization/policyDefinitions","name":"5e393799-e3ca-4e43-a9a5-0ec4648a57d9"},{"properties":{"displayName":"Allow
- resource creation only in India data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WhitelistedApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9","type":"Microsoft.Authorization/policyDefinitions","name":"5e393799-e3ca-4e43-a9a5-0ec4648a57d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1116 - Audit Review, Analysis, And Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1116"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e47bc51-35d1-44b8-92af-e2f2d8b67635","type":"Microsoft.Authorization/policyDefinitions","name":"5e47bc51-35d1-44b8-92af-e2f2d8b67635"},{"properties":{"displayName":"Microsoft
+ Managed Control 1208 - Configuration Settings","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1208"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ea87673-d06b-456f-a324-8abcee5c159f","type":"Microsoft.Authorization/policyDefinitions","name":"5ea87673-d06b-456f-a324-8abcee5c159f"},{"properties":{"displayName":"[Deprecated]:
+ Allow resource creation only in India data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation in the following locations only: West India, South India,
Central India","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["westindia","southindia","centralindia"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54","type":"Microsoft.Authorization/policyDefinitions","name":"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54"},{"properties":{"displayName":"[Preview]:
Deploy Log Analytics Agent for Linux VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
@@ -8070,11 +13337,26 @@ interactions:
''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachineScaleSets/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069","type":"Microsoft.Authorization/policyDefinitions","name":"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069"},{"properties":{"displayName":"External
+ extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069","type":"Microsoft.Authorization/policyDefinitions","name":"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069"},{"properties":{"displayName":"Microsoft
+ Managed Control 1576 - Acquisition Process | Design / Implementation Information
+ For Security Controls","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1576"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5f18c885-ade3-48c5-80b1-8f9216019c18","type":"Microsoft.Authorization/policyDefinitions","name":"5f18c885-ade3-48c5-80b1-8f9216019c18"},{"properties":{"displayName":"External
accounts with read permissions should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"External
accounts with read privileges should be removed from your subscription in
order to prevent unmonitored access.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithReadPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","type":"Microsoft.Authorization/policyDefinitions","name":"5f76cf89-fbf2-47fd-a3f4-b891fa780b60"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithReadPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","type":"Microsoft.Authorization/policyDefinitions","name":"5f76cf89-fbf2-47fd-a3f4-b891fa780b60"},{"properties":{"displayName":"Add
+ or replace a tag on resources","policyType":"BuiltIn","mode":"Indexed","description":"Adds
+ or replaces the specified tag and value when any resource is created or updated.
+ Existing resources can be remediated by triggering a remediation task. Does
+ not modify tags on resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
+ Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","notEquals":"[parameters(''tagValue'')]"},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"addOrReplace","field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ffd78d9-436d-4b41-a421-5baa819e3008","type":"Microsoft.Authorization/policyDefinitions","name":"5ffd78d9-436d-4b41-a421-5baa819e3008"},{"properties":{"displayName":"Microsoft
+ Managed Control 1663 - Protection Of Information At Rest","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1663"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/60171210-6dde-40af-a144-bf2670518bfa","type":"Microsoft.Authorization/policyDefinitions","name":"60171210-6dde-40af-a144-bf2670518bfa"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Object Access''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -8082,7 +13364,11 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''System Audit Policies - Object Access''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesObjectAccess","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/60aeaf73-a074-417a-905f-7ce9df0ff77b","type":"Microsoft.Authorization/policyDefinitions","name":"60aeaf73-a074-417a-905f-7ce9df0ff77b"},{"properties":{"displayName":"Show
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesObjectAccess","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/60aeaf73-a074-417a-905f-7ce9df0ff77b","type":"Microsoft.Authorization/policyDefinitions","name":"60aeaf73-a074-417a-905f-7ce9df0ff77b"},{"properties":{"displayName":"Storage
+ Accounts should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Storage Account not configured to use a virtual network
+ service endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"anyOf":[{"field":"Microsoft.Storage/storageAccounts/networkAcls.defaultAction","notEquals":"Deny"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.virtualNetworkRules[*].id","exists":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/60d21c4f-21a3-4d94-85f4-b924e6aeeda4","type":"Microsoft.Authorization/policyDefinitions","name":"60d21c4f-21a3-4d94-85f4-b924e6aeeda4"},{"properties":{"displayName":"Show
audit results from Windows web servers that are not using secure communication
protocols","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
@@ -8096,19 +13382,87 @@ interactions:
a storage account in the same region and resource group as the SQL server
to store scan results, with a ''sqlva'' prefix.","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/securityAlertPolicies.state","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3","/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"serverName":{"type":"string"},"location":{"type":"string"}},"variables":{"serverResourceGroupName":"[resourceGroup().name]","subscriptionId":"[subscription().subscriptionId]","uniqueStorage":"[uniqueString(variables(''subscriptionId''),
variables(''serverResourceGroupName''), parameters(''location''))]","storageName":"[tolower(concat(''sqlva'',
- variables(''uniqueStorage'')))]"},"resources":[{"type":"Microsoft.Storage/storageAccounts","name":"[variables(''storageName'')]","apiVersion":"2016-01-01","location":"[parameters(''location'')]","sku":{"name":"Standard_LRS"},"kind":"Storage","properties":{}},{"name":"[concat(parameters(''serverName''),
+ variables(''uniqueStorage'')))]"},"resources":[{"type":"Microsoft.Storage/storageAccounts","name":"[variables(''storageName'')]","apiVersion":"2019-04-01","location":"[parameters(''location'')]","sku":{"name":"Standard_LRS"},"kind":"StorageV2","properties":{}},{"name":"[concat(parameters(''serverName''),
''/Default'')]","type":"Microsoft.Sql/servers/securityAlertPolicies","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","emailAccountAdmins":true}},{"name":"[concat(parameters(''serverName''),
''/Default'')]","type":"Microsoft.Sql/servers/vulnerabilityAssessments","apiVersion":"2018-06-01-preview","properties":{"storageContainerPath":"[concat(reference(resourceId(''Microsoft.Storage/storageAccounts'',
variables(''storageName''))).primaryEndpoints.blob, ''vulnerability-assessment'')]","storageAccountAccessKey":"[listKeys(resourceId(''Microsoft.Storage/storageAccounts'',
variables(''storageName'')), ''2018-02-01'').keys[0].value]","recurringScans":{"isEnabled":true,"emailSubscriptionAdmins":true,"emails":[]}},"dependsOn":["[concat(''Microsoft.Storage/storageAccounts/'',
variables(''storageName''))]","[concat(''Microsoft.Sql/servers/'', parameters(''serverName''),
- ''/securityAlertPolicies/Default'')]"]}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6","type":"Microsoft.Authorization/policyDefinitions","name":"6134c3db-786f-471e-87bc-8f479dc890f6"},{"properties":{"displayName":"Service
+ ''/securityAlertPolicies/Default'')]"]}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6","type":"Microsoft.Authorization/policyDefinitions","name":"6134c3db-786f-471e-87bc-8f479dc890f6"},{"properties":{"displayName":"Configure
+ time zone on Windows machines.","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to set specified time zone
+ on Windows virtual machines.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"TimeZone":{"type":"String","metadata":{"displayName":"Time
+ zone","description":"The expected time zone"},"allowedValues":["(UTC-12:00)
+ International Date Line West","(UTC-11:00) Coordinated Universal Time-11","(UTC-10:00)
+ Aleutian Islands","(UTC-10:00) Hawaii","(UTC-09:30) Marquesas Islands","(UTC-09:00)
+ Alaska","(UTC-09:00) Coordinated Universal Time-09","(UTC-08:00) Baja California","(UTC-08:00)
+ Coordinated Universal Time-08","(UTC-08:00) Pacific Time (US & Canada)","(UTC-07:00)
+ Arizona","(UTC-07:00) Chihuahua, La Paz, Mazatlan","(UTC-07:00) Mountain Time
+ (US & Canada)","(UTC-06:00) Central America","(UTC-06:00) Central Time (US
+ & Canada)","(UTC-06:00) Easter Island","(UTC-06:00) Guadalajara, Mexico City,
+ Monterrey","(UTC-06:00) Saskatchewan","(UTC-05:00) Bogota, Lima, Quito, Rio
+ Branco","(UTC-05:00) Chetumal","(UTC-05:00) Eastern Time (US & Canada)","(UTC-05:00)
+ Haiti","(UTC-05:00) Havana","(UTC-05:00) Indiana (East)","(UTC-05:00) Turks
+ and Caicos","(UTC-04:00) Asuncion","(UTC-04:00) Atlantic Time (Canada)","(UTC-04:00)
+ Caracas","(UTC-04:00) Cuiaba","(UTC-04:00) Georgetown, La Paz, Manaus, San
+ Juan","(UTC-04:00) Santiago","(UTC-03:30) Newfoundland","(UTC-03:00) Araguaina","(UTC-03:00)
+ Brasilia","(UTC-03:00) Cayenne, Fortaleza","(UTC-03:00) City of Buenos Aires","(UTC-03:00)
+ Greenland","(UTC-03:00) Montevideo","(UTC-03:00) Punta Arenas","(UTC-03:00)
+ Saint Pierre and Miquelon","(UTC-03:00) Salvador","(UTC-02:00) Coordinated
+ Universal Time-02","(UTC-02:00) Mid-Atlantic - Old","(UTC-01:00) Azores","(UTC-01:00)
+ Cabo Verde Is.","(UTC) Coordinated Universal Time","(UTC+00:00) Dublin, Edinburgh,
+ Lisbon, London","(UTC+00:00) Monrovia, Reykjavik","(UTC+00:00) Sao Tome","(UTC+01:00)
+ Casablanca","(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna","(UTC+01:00)
+ Belgrade, Bratislava, Budapest, Ljubljana, Prague","(UTC+01:00) Brussels,
+ Copenhagen, Madrid, Paris","(UTC+01:00) Sarajevo, Skopje, Warsaw, Zagreb","(UTC+01:00)
+ West Central Africa","(UTC+02:00) Amman","(UTC+02:00) Athens, Bucharest","(UTC+02:00)
+ Beirut","(UTC+02:00) Cairo","(UTC+02:00) Chisinau","(UTC+02:00) Damascus","(UTC+02:00)
+ Gaza, Hebron","(UTC+02:00) Harare, Pretoria","(UTC+02:00) Helsinki, Kyiv,
+ Riga, Sofia, Tallinn, Vilnius","(UTC+02:00) Jerusalem","(UTC+02:00) Kaliningrad","(UTC+02:00)
+ Khartoum","(UTC+02:00) Tripoli","(UTC+02:00) Windhoek","(UTC+03:00) Baghdad","(UTC+03:00)
+ Istanbul","(UTC+03:00) Kuwait, Riyadh","(UTC+03:00) Minsk","(UTC+03:00) Moscow,
+ St. Petersburg","(UTC+03:00) Nairobi","(UTC+03:30) Tehran","(UTC+04:00) Abu
+ Dhabi, Muscat","(UTC+04:00) Astrakhan, Ulyanovsk","(UTC+04:00) Baku","(UTC+04:00)
+ Izhevsk, Samara","(UTC+04:00) Port Louis","(UTC+04:00) Saratov","(UTC+04:00)
+ Tbilisi","(UTC+04:00) Volgograd","(UTC+04:00) Yerevan","(UTC+04:30) Kabul","(UTC+05:00)
+ Ashgabat, Tashkent","(UTC+05:00) Ekaterinburg","(UTC+05:00) Islamabad, Karachi","(UTC+05:00)
+ Qyzylorda","(UTC+05:30) Chennai, Kolkata, Mumbai, New Delhi","(UTC+05:30)
+ Sri Jayawardenepura","(UTC+05:45) Kathmandu","(UTC+06:00) Astana","(UTC+06:00)
+ Dhaka","(UTC+06:00) Omsk","(UTC+06:30) Yangon (Rangoon)","(UTC+07:00) Bangkok,
+ Hanoi, Jakarta","(UTC+07:00) Barnaul, Gorno-Altaysk","(UTC+07:00) Hovd","(UTC+07:00)
+ Krasnoyarsk","(UTC+07:00) Novosibirsk","(UTC+07:00) Tomsk","(UTC+08:00) Beijing,
+ Chongqing, Hong Kong, Urumqi","(UTC+08:00) Irkutsk","(UTC+08:00) Kuala Lumpur,
+ Singapore","(UTC+08:00) Perth","(UTC+08:00) Taipei","(UTC+08:00) Ulaanbaatar","(UTC+08:45)
+ Eucla","(UTC+09:00) Chita","(UTC+09:00) Osaka, Sapporo, Tokyo","(UTC+09:00)
+ Pyongyang","(UTC+09:00) Seoul","(UTC+09:00) Yakutsk","(UTC+09:30) Adelaide","(UTC+09:30)
+ Darwin","(UTC+10:00) Brisbane","(UTC+10:00) Canberra, Melbourne, Sydney","(UTC+10:00)
+ Guam, Port Moresby","(UTC+10:00) Hobart","(UTC+10:00) Vladivostok","(UTC+10:30)
+ Lord Howe Island","(UTC+11:00) Bougainville Island","(UTC+11:00) Chokurdakh","(UTC+11:00)
+ Magadan","(UTC+11:00) Norfolk Island","(UTC+11:00) Sakhalin","(UTC+11:00)
+ Solomon Is., New Caledonia","(UTC+12:00) Anadyr, Petropavlovsk-Kamchatsky","(UTC+12:00)
+ Auckland, Wellington","(UTC+12:00) Coordinated Universal Time+12","(UTC+12:00)
+ Fiji","(UTC+12:00) Petropavlovsk-Kamchatsky - Old","(UTC+12:45) Chatham Islands","(UTC+13:00)
+ Coordinated Universal Time+13","(UTC+13:00) Nuku''alofa","(UTC+13:00) Samoa","(UTC+14:00)
+ Kiritimati Island"]}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"SetWindowsTimeZone","existenceCondition":{"allOf":[{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[WindowsTimeZone]WindowsTimeZone1;TimeZone'',
+ ''='', parameters(''TimeZone'')))]"},{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"SetWindowsTimeZone"},"TimeZone":{"value":"[parameters(''TimeZone'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"TimeZone":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","assignmentType":"DeployAndAutoCorrect","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","assignmentType":"DeployAndAutoCorrect","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6141c932-9384-44c6-a395-59e4c057d7c9","type":"Microsoft.Authorization/policyDefinitions","name":"6141c932-9384-44c6-a395-59e4c057d7c9"},{"properties":{"displayName":"Service
Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign","policyType":"BuiltIn","mode":"Indexed","description":"Service
Fabric provides three levels of protection (None, Sign and EncryptAndSign)
for node-to-node communication using a primary cluster certificate. Set the
protection level to ensure that all node-to-node messages are encrypted and
digitally signed","metadata":{"category":"Service Fabric"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceFabric/clusters"},{"anyOf":[{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].name","notEquals":"Security"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name","notEquals":"ClusterProtectionLevel"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value","notEquals":"EncryptAndSign"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","type":"Microsoft.Authorization/policyDefinitions","name":"617c02be-7f02-4efd-8836-3180d47b6c68"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceFabric/clusters"},{"anyOf":[{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].name","notEquals":"Security"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name","notEquals":"ClusterProtectionLevel"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value","notEquals":"EncryptAndSign"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","type":"Microsoft.Authorization/policyDefinitions","name":"617c02be-7f02-4efd-8836-3180d47b6c68"},{"properties":{"displayName":"Microsoft
+ Managed Control 1110 - Audit Storage Capacity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1110"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6182bfa7-0f2a-43f5-834a-a2ddf31c13c7","type":"Microsoft.Authorization/policyDefinitions","name":"6182bfa7-0f2a-43f5-834a-a2ddf31c13c7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1415 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1415"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/61a1dd98-b259-4840-abd5-fbba7ee0da83","type":"Microsoft.Authorization/policyDefinitions","name":"61a1dd98-b259-4840-abd5-fbba7ee0da83"},{"properties":{"displayName":"Microsoft
+ Managed Control 1153 - System Interconnections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1153"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/61cf3125-142c-4754-8a16-41ab4d529635","type":"Microsoft.Authorization/policyDefinitions","name":"61cf3125-142c-4754-8a16-41ab4d529635"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
System objects''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -8116,7 +13470,24 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - System objects''. For more information on Guest
Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsSystemobjects","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/620e58b5-ac75-49b4-993f-a9d4f0459636","type":"Microsoft.Authorization/policyDefinitions","name":"620e58b5-ac75-49b4-993f-a9d4f0459636"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsSystemobjects","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/620e58b5-ac75-49b4-993f-a9d4f0459636","type":"Microsoft.Authorization/policyDefinitions","name":"620e58b5-ac75-49b4-993f-a9d4f0459636"},{"properties":{"displayName":"Microsoft
+ Managed Control 1682 - Malicious Code Protection | Nonsignature-Based Detection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1682"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/62b638c5-29d7-404b-8d93-f21e4b1ce198","type":"Microsoft.Authorization/policyDefinitions","name":"62b638c5-29d7-404b-8d93-f21e4b1ce198"},{"properties":{"displayName":"Microsoft
+ Managed Control 1660 - Session Authenticity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1660"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/63096613-ce83-43e5-96f4-e588e8813554","type":"Microsoft.Authorization/policyDefinitions","name":"63096613-ce83-43e5-96f4-e588e8813554"},{"properties":{"displayName":"Microsoft
+ Managed Control 1002 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1002"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/632024c2-8079-439d-a7f6-90af1d78cc65","type":"Microsoft.Authorization/policyDefinitions","name":"632024c2-8079-439d-a7f6-90af1d78cc65"},{"properties":{"displayName":"Microsoft
+ Managed Control 1498 - Rules Of Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1498"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/633988b9-cf2f-4323-8394-f0d2af9cd6e1","type":"Microsoft.Authorization/policyDefinitions","name":"633988b9-cf2f-4323-8394-f0d2af9cd6e1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1177 - Baseline Configuration | Reviews And Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1177"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc","type":"Microsoft.Authorization/policyDefinitions","name":"63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1185 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1185"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6420cd73-b939-43b7-9d99-e8688fea053c","type":"Microsoft.Authorization/policyDefinitions","name":"6420cd73-b939-43b7-9d99-e8688fea053c"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Devices''","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Windows virtual machines
@@ -8133,16 +13504,38 @@ interactions:
Allowed to format and eject removable media;ExpectedValue'', ''='', parameters(''DevicesAllowedToFormatAndEjectRemovableMedia'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsDevices"},"DevicesAllowedToFormatAndEjectRemovableMedia":{"value":"[parameters(''DevicesAllowedToFormatAndEjectRemovableMedia'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"DevicesAllowedToFormatAndEjectRemovableMedia":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Devices:
Allowed to format and eject removable media;ExpectedValue","value":"[parameters(''DevicesAllowedToFormatAndEjectRemovableMedia'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6481cc21-ed6e-4480-99dd-ea7c5222e897","type":"Microsoft.Authorization/policyDefinitions","name":"6481cc21-ed6e-4480-99dd-ea7c5222e897"},{"properties":{"displayName":"[Deprecated]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6481cc21-ed6e-4480-99dd-ea7c5222e897","type":"Microsoft.Authorization/policyDefinitions","name":"6481cc21-ed6e-4480-99dd-ea7c5222e897"},{"properties":{"displayName":"Microsoft
+ Managed Control 1441 - Media Sanitization | Equipment Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1441"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6519d7f3-e8a2-4ff3-a935-9a9497152ad7","type":"Microsoft.Authorization/policyDefinitions","name":"6519d7f3-e8a2-4ff3-a935-9a9497152ad7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1558 - Vulnerability Scanning | Correlate Scanning Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1558"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/65592b16-4367-42c5-a26e-d371be450e17","type":"Microsoft.Authorization/policyDefinitions","name":"65592b16-4367-42c5-a26e-d371be450e17"},{"properties":{"displayName":"[Deprecated]:
Audit missing blob encryption for storage accounts","policyType":"BuiltIn","mode":"All","description":"This
policy is no longer necessary because storage blob encryption is enabled by
default and cannot be turned off.","metadata":{"category":"Security Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759","type":"Microsoft.Authorization/policyDefinitions","name":"655cb504-bcee-4362-bd4c-402e6aa38759"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759","type":"Microsoft.Authorization/policyDefinitions","name":"655cb504-bcee-4362-bd4c-402e6aa38759"},{"properties":{"displayName":"Microsoft
+ Managed Control 1261 - Contingency Plan Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1261"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/65aeceb5-a59c-4cb1-8d82-9c474be5d431","type":"Microsoft.Authorization/policyDefinitions","name":"65aeceb5-a59c-4cb1-8d82-9c474be5d431"},{"properties":{"displayName":"[Deprecated]:
Audit IP restrictions configuration for a Function App","policyType":"BuiltIn","mode":"All","description":"IP
Restrictions allow you to define a list of IP addresses that are allowed to
access your app. Use of IP Restrictions protects a Function app from common
attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90","type":"Microsoft.Authorization/policyDefinitions","name":"664346d9-be92-43fb-a219-d595eeb76a90"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90","type":"Microsoft.Authorization/policyDefinitions","name":"664346d9-be92-43fb-a219-d595eeb76a90"},{"properties":{"displayName":"Microsoft
+ Managed Control 1444 - Media Use | Prohibit Use Without Owner","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1444"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/666143df-f5e0-45bd-b554-135f0f93e44e","type":"Microsoft.Authorization/policyDefinitions","name":"666143df-f5e0-45bd-b554-135f0f93e44e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1319 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1319"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/66f7ae57-5560-4fc5-85c9-659f204e7a42","type":"Microsoft.Authorization/policyDefinitions","name":"66f7ae57-5560-4fc5-85c9-659f204e7a42"},{"properties":{"displayName":"Microsoft
+ Managed Control 1628 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1628"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/67de62b4-a737-4781-8861-3baed3c35069","type":"Microsoft.Authorization/policyDefinitions","name":"67de62b4-a737-4781-8861-3baed3c35069"},{"properties":{"displayName":"Microsoft
+ Managed Control 1377 - Incident Response Assistance | Coordination With External
+ Providers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1377"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68434bd1-e14b-4031-9edb-a4adf5f84a67","type":"Microsoft.Authorization/policyDefinitions","name":"68434bd1-e14b-4031-9edb-a4adf5f84a67"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs on which the Log Analytics agent
is not connected as expected","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -8154,14 +13547,42 @@ interactions:
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"WorkspaceId":{"type":"String","metadata":{"displayName":"Connected
workspace IDs","description":"A semicolon-separated list of the workspace
IDs that the Log Analytics agent should be connected to"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsLogAnalyticsAgentConnection","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[LogAnalyticsAgent]LogAnalyticsAgent1;WorkspaceId'',
- ''='', parameters(''WorkspaceId'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsLogAnalyticsAgentConnection"},"WorkspaceId":{"value":"[parameters(''WorkspaceId'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"WorkspaceId":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LogAnalyticsAgent]LogAnalyticsAgent1;WorkspaceId","value":"[parameters(''WorkspaceId'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LogAnalyticsAgent]LogAnalyticsAgent1;WorkspaceId","value":"[parameters(''WorkspaceId'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68511db2-bd02-41c4-ae6b-1900a012968a","type":"Microsoft.Authorization/policyDefinitions","name":"68511db2-bd02-41c4-ae6b-1900a012968a"},{"properties":{"displayName":"[Preview]:
+ ''='', parameters(''WorkspaceId'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsLogAnalyticsAgentConnection"},"WorkspaceId":{"value":"[parameters(''WorkspaceId'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"WorkspaceId":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LogAnalyticsAgent]LogAnalyticsAgent1;WorkspaceId","value":"[parameters(''WorkspaceId'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LogAnalyticsAgent]LogAnalyticsAgent1;WorkspaceId","value":"[parameters(''WorkspaceId'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68511db2-bd02-41c4-ae6b-1900a012968a","type":"Microsoft.Authorization/policyDefinitions","name":"68511db2-bd02-41c4-ae6b-1900a012968a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1597 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1597"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68b250ec-2e4f-4eee-898a-117a9fda7016","type":"Microsoft.Authorization/policyDefinitions","name":"68b250ec-2e4f-4eee-898a-117a9fda7016"},{"properties":{"displayName":"Microsoft
+ Managed Control 1588 - External Information System Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1588"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68ebae26-e0e0-4ecb-8379-aabf633b51e9","type":"Microsoft.Authorization/policyDefinitions","name":"68ebae26-e0e0-4ecb-8379-aabf633b51e9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1070 - Wireless Access | Disable Wireless Networking","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1070"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68f837d0-8942-4b1e-9b31-be78b247bda8","type":"Microsoft.Authorization/policyDefinitions","name":"68f837d0-8942-4b1e-9b31-be78b247bda8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1727 - Memory Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1727"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/697175a7-9715-4e89-b98b-c6f605888fa3","type":"Microsoft.Authorization/policyDefinitions","name":"697175a7-9715-4e89-b98b-c6f605888fa3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1652 - Mobile Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1652"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6998e84a-2d29-4e10-8962-76754d4f772d","type":"Microsoft.Authorization/policyDefinitions","name":"6998e84a-2d29-4e10-8962-76754d4f772d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1699 - Information System Monitoring | Privileged Users","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1699"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/69c7bee8-bc19-4129-a51e-65a7b39d3e7c","type":"Microsoft.Authorization/policyDefinitions","name":"69c7bee8-bc19-4129-a51e-65a7b39d3e7c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1696 - Information System Monitoring | Correlate Monitoring
+ Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1696"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/69d2a238-20ab-4206-a6dc-f302bf88b1b8","type":"Microsoft.Authorization/policyDefinitions","name":"69d2a238-20ab-4206-a6dc-f302bf88b1b8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1244 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1244"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a13a8f8-c163-4b1b-8554-d63569dab937","type":"Microsoft.Authorization/policyDefinitions","name":"6a13a8f8-c163-4b1b-8554-d63569dab937"},{"properties":{"displayName":"Microsoft
+ Managed Control 1019 - Account Management | Role-Based Schemes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1019"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a3ee9b2-3977-459c-b8ce-2db583abd9f7","type":"Microsoft.Authorization/policyDefinitions","name":"6a3ee9b2-3977-459c-b8ce-2db583abd9f7"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs on which Windows Defender Exploit
Guard is not enabled","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -8176,41 +13597,120 @@ interactions:
machines with older versions on which Windows Defender Exploit Guard is not
available (such as Windows Server 2012 R2) non-compliant. Setting this value
to ''Compliant'' will make these machines compliant."},"allowedValues":["Compliant","Non-Compliant"],"defaultValue":"Non-Compliant"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDefenderExploitGuard","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[WindowsDefenderExploitGuard]WindowsDefenderExploitGuard1;NotAvailableMachineState'',
- ''='', parameters(''NotAvailableMachineState'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDefenderExploitGuard"},"NotAvailableMachineState":{"value":"[parameters(''NotAvailableMachineState'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"NotAvailableMachineState":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsDefenderExploitGuard]WindowsDefenderExploitGuard1;NotAvailableMachineState","value":"[parameters(''NotAvailableMachineState'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsDefenderExploitGuard]WindowsDefenderExploitGuard1;NotAvailableMachineState","value":"[parameters(''NotAvailableMachineState'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''='', parameters(''NotAvailableMachineState'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDefenderExploitGuard"},"NotAvailableMachineState":{"value":"[parameters(''NotAvailableMachineState'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"NotAvailableMachineState":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsDefenderExploitGuard]WindowsDefenderExploitGuard1;NotAvailableMachineState","value":"[parameters(''NotAvailableMachineState'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsDefenderExploitGuard]WindowsDefenderExploitGuard1;NotAvailableMachineState","value":"[parameters(''NotAvailableMachineState'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a7a2bcf-f9be-4e35-9734-4f9657a70f1d","type":"Microsoft.Authorization/policyDefinitions","name":"6a7a2bcf-f9be-4e35-9734-4f9657a70f1d"},{"properties":{"displayName":"[Deprecated]:
Audit IP restrictions configuration for a Web Application","policyType":"BuiltIn","mode":"All","description":"IP
Restrictions allow you to define a list of IP addresses that are allowed to
access your app. Use of IP Restrictions protects a web application from common
attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe","type":"Microsoft.Authorization/policyDefinitions","name":"6a8450e2-6c61-43b4-be65-62e3a197bffe"},{"properties":{"displayName":"Deprecated
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe","type":"Microsoft.Authorization/policyDefinitions","name":"6a8450e2-6c61-43b4-be65-62e3a197bffe"},{"properties":{"displayName":"Microsoft
+ Managed Control 1211 - Configuration Settings","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1211"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a8b9dc8-6b00-4701-aa96-bba3277ebf50","type":"Microsoft.Authorization/policyDefinitions","name":"6a8b9dc8-6b00-4701-aa96-bba3277ebf50"},{"properties":{"displayName":"[Deprecated]:
+ Ensure WEB app is using the latest version of TLS encryption ","policyType":"BuiltIn","mode":"Indexed","description":"Please
+ use /providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b
+ instead. The TLS(Transport Layer Security) protocol secures transmission of
+ data over the internet using standard encryption technology. Encryption should
+ be set with the latest version of TLS. App service allows TLS 1.2 by default,
+ which is the recommended TLS level by industry standards, such as PCI DSS.","metadata":{"category":"App
+ Service","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6ad61431-88ce-4357-a0e1-6da43f292bd7","type":"Microsoft.Authorization/policyDefinitions","name":"6ad61431-88ce-4357-a0e1-6da43f292bd7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1653 - Mobile Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1653"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b","type":"Microsoft.Authorization/policyDefinitions","name":"6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b"},{"properties":{"displayName":"Deprecated
accounts should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"Deprecated
accounts should be removed from your subscriptions. Deprecated accounts are
accounts that have been blocked from signing in.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveDeprecatedAccounts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","type":"Microsoft.Authorization/policyDefinitions","name":"6b1cbf55-e8b6-442f-ba4c-7246b6381474"},{"properties":{"displayName":"Not
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveDeprecatedAccounts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","type":"Microsoft.Authorization/policyDefinitions","name":"6b1cbf55-e8b6-442f-ba4c-7246b6381474"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Service Bus to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Service Bus to stream to a regional Event Hub
+ when any Service Bus which is missing this diagnostic settings is created
+ or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.ServiceBus/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b51af03-9277-49a9-a3f8-1c69c9ff7403","type":"Microsoft.Authorization/policyDefinitions","name":"6b51af03-9277-49a9-a3f8-1c69c9ff7403"},{"properties":{"displayName":"Microsoft
+ Managed Control 1031 - Separation Of Duties","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1031"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b93a801-fe25-4574-a60d-cb22acffae00","type":"Microsoft.Authorization/policyDefinitions","name":"6b93a801-fe25-4574-a60d-cb22acffae00"},{"properties":{"displayName":"Not
allowed resource types","policyType":"BuiltIn","mode":"All","description":"This
policy enables you to specify the resource types that your organization cannot
deploy.","metadata":{"category":"General"},"parameters":{"listOfResourceTypesNotAllowed":{"type":"Array","metadata":{"description":"The
list of resource types that cannot be deployed.","displayName":"Not allowed
- resource types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypesNotAllowed'')]"},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749","type":"Microsoft.Authorization/policyDefinitions","name":"6c112d4e-5bc7-47ae-a041-ea2d9dccd749"},{"properties":{"displayName":"Function
+ resource types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypesNotAllowed'')]"},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749","type":"Microsoft.Authorization/policyDefinitions","name":"6c112d4e-5bc7-47ae-a041-ea2d9dccd749"},{"properties":{"displayName":"Microsoft
+ Managed Control 1338 - Authenticator Management | Automated Support For Password
+ Strength Determination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1338"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6c59a207-6aed-41dc-83a2-e1ff66e4a4db","type":"Microsoft.Authorization/policyDefinitions","name":"6c59a207-6aed-41dc-83a2-e1ff66e4a4db"},{"properties":{"displayName":"Microsoft
+ Managed Control 1304 - Identification And Authentication (Org. Users) | Local
+ Access To Non-Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1304"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b","type":"Microsoft.Authorization/policyDefinitions","name":"6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1437 - Media Transport | Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1437"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d1eb6ed-bf13-4046-b993-b9e2aef0f76c","type":"Microsoft.Authorization/policyDefinitions","name":"6d1eb6ed-bf13-4046-b993-b9e2aef0f76c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1171 - Penetration Testing | Independent Penetration Agent
+ Or Team","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1171"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d4820bc-8b61-4982-9501-2123cb776c00","type":"Microsoft.Authorization/policyDefinitions","name":"6d4820bc-8b61-4982-9501-2123cb776c00"},{"properties":{"displayName":"Function
App should only be accessible over HTTPS","policyType":"BuiltIn","mode":"Indexed","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","type":"Microsoft.Authorization/policyDefinitions","name":"6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab"},{"properties":{"displayName":"Email
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","type":"Microsoft.Authorization/policyDefinitions","name":"6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab"},{"properties":{"displayName":"Microsoft
+ Managed Control 1643 - Cryptographic Key Establishment And Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1643"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d8d492c-dd7a-46f7-a723-fa66a425b87c","type":"Microsoft.Authorization/policyDefinitions","name":"6d8d492c-dd7a-46f7-a723-fa66a425b87c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1291 - Information System Backup | Testing For Reliability
+ / Integrity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1291"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912","type":"Microsoft.Authorization/policyDefinitions","name":"6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912"},{"properties":{"displayName":"Microsoft
+ Managed Control 1175 - Configuration Management Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1175"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6dab4254-c30d-4bb7-ae99-1d21586c063c","type":"Microsoft.Authorization/policyDefinitions","name":"6dab4254-c30d-4bb7-ae99-1d21586c063c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1651 - Mobile Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1651"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6db63528-c9ba-491c-8a80-83e1e6977a50","type":"Microsoft.Authorization/policyDefinitions","name":"6db63528-c9ba-491c-8a80-83e1e6977a50"},{"properties":{"displayName":"Email
notification for high severity alerts should be enabled","policyType":"BuiltIn","mode":"All","description":"Enable
emailing security alerts to the security contact, in order to have them receive
security alert emails from Microsoft. This ensures that the right people are
aware of any potential security issues and are able to mitigate the risks","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertNotifications","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","type":"Microsoft.Authorization/policyDefinitions","name":"6e2593d9-add6-4083-9c9b-4b7d2188c899"},{"properties":{"displayName":"Allow
- resource creation only in Japan data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
- resource creation in the following locations only: Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4","type":"Microsoft.Authorization/policyDefinitions","name":"6fdb9205-3462-4cfc-87d8-16c7860b53f4"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertNotifications","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","type":"Microsoft.Authorization/policyDefinitions","name":"6e2593d9-add6-4083-9c9b-4b7d2188c899"},{"properties":{"displayName":"Microsoft
+ Managed Control 1586 - External Information System Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1586"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e3b2fbd-8f37-4766-a64d-3f37703dcb51","type":"Microsoft.Authorization/policyDefinitions","name":"6e3b2fbd-8f37-4766-a64d-3f37703dcb51"},{"properties":{"displayName":"Microsoft
+ Managed Control 1536 - Risk Assessment Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1536"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e40d9de-2ad4-4cb5-8945-23143326a502","type":"Microsoft.Authorization/policyDefinitions","name":"6e40d9de-2ad4-4cb5-8945-23143326a502"},{"properties":{"displayName":"Microsoft
+ Managed Control 1530 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1530"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e8f9566-29f1-49cd-b61f-f8628a3cf993","type":"Microsoft.Authorization/policyDefinitions","name":"6e8f9566-29f1-49cd-b61f-f8628a3cf993"},{"properties":{"displayName":"Microsoft
+ Managed Control 1460 - Access Control For Output Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1460"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6f3ce1bb-4f77-4695-8355-70b08d54fdda","type":"Microsoft.Authorization/policyDefinitions","name":"6f3ce1bb-4f77-4695-8355-70b08d54fdda"},{"properties":{"displayName":"Microsoft
+ Managed Control 1320 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1320"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6f54c732-71d4-4f93-a696-4e373eca3a77","type":"Microsoft.Authorization/policyDefinitions","name":"6f54c732-71d4-4f93-a696-4e373eca3a77"},{"properties":{"displayName":"[Deprecated]:
+ Allow resource creation only in Japan data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ resource creation in the following locations only: Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4","type":"Microsoft.Authorization/policyDefinitions","name":"6fdb9205-3462-4cfc-87d8-16c7860b53f4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1141 - Audit Generation | Changes By Authorized Individuals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1141"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fdefbf4-93e7-4513-bc95-c1858b7093e0","type":"Microsoft.Authorization/policyDefinitions","name":"6fdefbf4-93e7-4513-bc95-c1858b7093e0"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Microsoft Network Server''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -8218,7 +13718,19 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - Microsoft Network Server''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkServer","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fe4ef56-7576-4dc4-8e9c-26bad4b087ce","type":"Microsoft.Authorization/policyDefinitions","name":"6fe4ef56-7576-4dc4-8e9c-26bad4b087ce"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkServer","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fe4ef56-7576-4dc4-8e9c-26bad4b087ce","type":"Microsoft.Authorization/policyDefinitions","name":"6fe4ef56-7576-4dc4-8e9c-26bad4b087ce"},{"properties":{"displayName":"Ensure
+ that ''Python version'' is the latest, if used as a part of the Web app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Python software either due to security flaws
+ or to include additional functionality. Using the latest Python version for
+ web apps is recommended in order to to take advantage of security fixes, if
+ any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"WindowsPythonLatestVersion":{"type":"String","metadata":{"displayName":"Windows
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.6"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"Linux
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.8"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PYTHON"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PYTHON|'',
+ parameters(''LinuxPythonLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":"[parameters(''WindowsPythonLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","type":"Microsoft.Authorization/policyDefinitions","name":"7008174a-fd10-4ef0-817e-fc820a951d73"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Windows Components''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
with non-compliant settings in Group Policy category: ''Windows Components''.
@@ -8330,14 +13842,36 @@ interactions:
Specify the maximum log file size (KB);ExpectedValue","value":"[parameters(''SystemSpecifyTheMaximumLogFileSizeKB'')]"},{"name":"Turn
off Data Execution Prevention for Explorer;ExpectedValue","value":"[parameters(''TurnOffDataExecutionPreventionForExplorer'')]"},{"name":"Specify
the interval to check for definition updates;ExpectedValue","value":"[parameters(''SpecifyTheIntervalToCheckForDefinitionUpdates'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7040a231-fb65-4412-8c0a-b365f4866c24","type":"Microsoft.Authorization/policyDefinitions","name":"7040a231-fb65-4412-8c0a-b365f4866c24"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7040a231-fb65-4412-8c0a-b365f4866c24","type":"Microsoft.Authorization/policyDefinitions","name":"7040a231-fb65-4412-8c0a-b365f4866c24"},{"properties":{"displayName":"Microsoft
+ Managed Control 1254 - Contingency Plan | Resume All Missions / Business Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1254"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/704e136a-4fe0-427c-b829-cd69957f5d2b","type":"Microsoft.Authorization/policyDefinitions","name":"704e136a-4fe0-427c-b829-cd69957f5d2b"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- System''","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''System
Audit Policies - System''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7066131b-61a6-4917-a7e4-72e8983f0aa6","type":"Microsoft.Authorization/policyDefinitions","name":"7066131b-61a6-4917-a7e4-72e8983f0aa6"},{"properties":{"displayName":"[Preview]:
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7066131b-61a6-4917-a7e4-72e8983f0aa6","type":"Microsoft.Authorization/policyDefinitions","name":"7066131b-61a6-4917-a7e4-72e8983f0aa6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1509 - Position Risk Designation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1509"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/70792197-9bfc-4813-905a-bd33993e327f","type":"Microsoft.Authorization/policyDefinitions","name":"70792197-9bfc-4813-905a-bd33993e327f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1541 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1541"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/70f6af82-7be6-44aa-9b15-8b9231b2e434","type":"Microsoft.Authorization/policyDefinitions","name":"70f6af82-7be6-44aa-9b15-8b9231b2e434"},{"properties":{"displayName":"Microsoft
+ Managed Control 1691 - Information System Monitoring | Automated Tools For
+ Real-Time Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1691"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/71475fb4-49bd-450b-a1a5-f63894c24725","type":"Microsoft.Authorization/policyDefinitions","name":"71475fb4-49bd-450b-a1a5-f63894c24725"},{"properties":{"displayName":"Microsoft
+ Managed Control 1481 - Temperature And Humidity Controls","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1481"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/717a1c78-a267-4f56-ac58-ee6c54dc4339","type":"Microsoft.Authorization/policyDefinitions","name":"717a1c78-a267-4f56-ac58-ee6c54dc4339"},{"properties":{"displayName":"Microsoft
+ Managed Control 1129 - Time Stamps | Synchronization With Authoritative Time
+ Source","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1129"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/71bb965d-4047-4623-afd4-b8189a58df5d","type":"Microsoft.Authorization/policyDefinitions","name":"71bb965d-4047-4623-afd4-b8189a58df5d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1395 - System Maintenance Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1395"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7207a023-a517-41c5-9df2-09d4c6845a05","type":"Microsoft.Authorization/policyDefinitions","name":"7207a023-a517-41c5-9df2-09d4c6845a05"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs on which the DSC configuration is not
compliant","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
@@ -8352,7 +13886,28 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Administrative
Templates - Network''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesNetwork","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7229bd6a-693d-478a-87f0-1dc1af06f3b8","type":"Microsoft.Authorization/policyDefinitions","name":"7229bd6a-693d-478a-87f0-1dc1af06f3b8"},{"properties":{"displayName":"[Preview]:
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesNetwork","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7229bd6a-693d-478a-87f0-1dc1af06f3b8","type":"Microsoft.Authorization/policyDefinitions","name":"7229bd6a-693d-478a-87f0-1dc1af06f3b8"},{"properties":{"displayName":"Ensure
+ that ''Python version'' is the latest, if used as a part of the Function app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Python software either due to security flaws
+ or to include additional functionality. Using the latest Python version for
+ Function apps is recommended in order to to take advantage of security fixes,
+ if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"WindowsPythonLatestVersion":{"type":"String","metadata":{"displayName":"Windows
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.6"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"Linux
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.8"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PYTHON"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PYTHON|'',
+ parameters(''LinuxPythonLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":"[parameters(''WindowsPythonLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","type":"Microsoft.Authorization/policyDefinitions","name":"7238174a-fd10-4ef0-817e-fc820a951d73"},{"properties":{"displayName":"Ensure
+ that ''PHP version'' is the latest, if used as a part of the WEB app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for PHP software either due to security flaws
+ or to include additional functionality. Using the latest PHP version for web
+ apps is recommended in order to to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ PHP version","description":"Latest supported PHP version for App Services"},"defaultValue":"7.3"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PHP"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PHP|'',
+ parameters(''PHPLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":"[parameters(''PHPLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","type":"Microsoft.Authorization/policyDefinitions","name":"7261b898-8a84-4db8-9e04-18527132abb3"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that allow re-use of the previous
24 passwords","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -8360,24 +13915,75 @@ interactions:
managed identity and deploys the VM extension for Guest Configuration. This
policy should only be used along with its corresponding audit policy in an
initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"EnforcePasswordHistory"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","type":"Microsoft.Authorization/policyDefinitions","name":"726671ac-c4de-4908-8c7d-6043ae62e3b6"},{"properties":{"displayName":"Allowed
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"EnforcePasswordHistory"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","type":"Microsoft.Authorization/policyDefinitions","name":"726671ac-c4de-4908-8c7d-6043ae62e3b6"},{"properties":{"displayName":"Add
+ a tag to resource groups","policyType":"BuiltIn","mode":"All","description":"Adds
+ the specified tag and value when any resource group missing this tag is created
+ or updated. Existing resource groups can be remediated by triggering a remediation
+ task. If the tag exists with a different value it will not be changed.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
+ Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"add","field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/726aca4c-86e9-4b04-b0c5-073027359532","type":"Microsoft.Authorization/policyDefinitions","name":"726aca4c-86e9-4b04-b0c5-073027359532"},{"properties":{"displayName":"Microsoft
+ Managed Control 1524 - Personnel Transfer","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1524"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/72f1cb4e-2439-4fe8-88ea-b8671ce3c268","type":"Microsoft.Authorization/policyDefinitions","name":"72f1cb4e-2439-4fe8-88ea-b8671ce3c268"},{"properties":{"displayName":"Microsoft
+ Managed Control 1393 - Information Spillage Response | Exposure To Unauthorized
+ Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1393"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/731856d8-1598-4b75-92de-7d46235747c0","type":"Microsoft.Authorization/policyDefinitions","name":"731856d8-1598-4b75-92de-7d46235747c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1101 - Audit And Accountability Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1101"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7327b708-f0e0-457d-9d2a-527fcc9c9a65","type":"Microsoft.Authorization/policyDefinitions","name":"7327b708-f0e0-457d-9d2a-527fcc9c9a65"},{"properties":{"displayName":"Microsoft
+ Managed Control 1456 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1456"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/733ba9e3-9e7c-440a-a7aa-6196a90a2870","type":"Microsoft.Authorization/policyDefinitions","name":"733ba9e3-9e7c-440a-a7aa-6196a90a2870"},{"properties":{"displayName":"Microsoft
+ Managed Control 1581 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1581"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/742b549b-7a25-465f-b83c-ea1ffb4f4e0e","type":"Microsoft.Authorization/policyDefinitions","name":"742b549b-7a25-465f-b83c-ea1ffb4f4e0e"},{"properties":{"displayName":"Allowed
storage account SKUs","policyType":"BuiltIn","mode":"Indexed","description":"This
policy enables you to specify a set of storage account SKUs that your organization
can deploy.","metadata":{"category":"Storage"},"parameters":{"listOfAllowedSKUs":{"type":"Array","metadata":{"description":"The
list of SKUs that can be specified for storage accounts.","displayName":"Allowed
- SKUs","strongType":"StorageSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1","type":"Microsoft.Authorization/policyDefinitions","name":"7433c107-6db4-4ad1-b57a-a76dce0154a1"},{"properties":{"displayName":"[Deprecated]:
+ SKUs","strongType":"StorageSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1","type":"Microsoft.Authorization/policyDefinitions","name":"7433c107-6db4-4ad1-b57a-a76dce0154a1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1631 - Boundary Protection | Deny By Default / Allow By Exception","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1631"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/74ae9b8e-e7bb-4c9c-992f-c535282f7a2c","type":"Microsoft.Authorization/policyDefinitions","name":"74ae9b8e-e7bb-4c9c-992f-c535282f7a2c"},{"properties":{"displayName":"Ensure
+ that ''Python version'' is the latest, if used as a part of the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Python software either due to security flaws
+ or to include additional functionality. Using the latest Python version for
+ Api apps is recommended in order to to take advantage of security fixes, if
+ any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"WindowsPythonLatestVersion":{"type":"String","metadata":{"displayName":"Windows
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.6"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"Linux
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.8"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PYTHON"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PYTHON|'',
+ parameters(''LinuxPythonLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":"[parameters(''WindowsPythonLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","type":"Microsoft.Authorization/policyDefinitions","name":"74c3584d-afae-46f7-a20a-6f8adba71a16"},{"properties":{"displayName":"Microsoft
+ Managed Control 1417 - Nonlocal Maintenance | Comparable Security / Sanitization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1417"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7522ed84-70d5-4181-afc0-21e50b1b6d0e","type":"Microsoft.Authorization/policyDefinitions","name":"7522ed84-70d5-4181-afc0-21e50b1b6d0e"},{"properties":{"displayName":"[Deprecated]:
Audit enabling of diagnostic logs in App Services","policyType":"BuiltIn","mode":"All","description":"Audit
enabling of diagnostic logs on the app. This enables you to recreate activity
trails for investigation purposes if a security incident occurs or your network
is compromised","metadata":{"category":"App Service","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites/config"},{"field":"name","equals":"web"},{"anyOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","notEquals":"true"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac","type":"Microsoft.Authorization/policyDefinitions","name":"752c6934-9bcc-4749-b004-655e676ae2ac"},{"properties":{"displayName":"Vulnerabilities
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites/config"},{"field":"name","equals":"web"},{"anyOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","notEquals":"true"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac","type":"Microsoft.Authorization/policyDefinitions","name":"752c6934-9bcc-4749-b004-655e676ae2ac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1468 - Visitor Access Records | Automated Records Maintenance
+ / Review","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1468"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/75603f96-80a1-4757-991d-5a1221765ddd","type":"Microsoft.Authorization/policyDefinitions","name":"75603f96-80a1-4757-991d-5a1221765ddd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1053 - Session Lock | Pattern-Hiding Displays","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1053"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7582b19c-9dba-438e-aed8-ede59ac35ba3","type":"Microsoft.Authorization/policyDefinitions","name":"7582b19c-9dba-438e-aed8-ede59ac35ba3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1459 - Access Control For Transmission Medium","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1459"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0","type":"Microsoft.Authorization/policyDefinitions","name":"75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0"},{"properties":{"displayName":"Vulnerabilities
should be remediated by a Vulnerability Assessment solution","policyType":"BuiltIn","mode":"All","description":"Monitors
vulnerabilities detected by Vulnerability Assessment solution and VMs without
a Vulnerability Assessment solution in Azure Security Center as recommendations.","metadata":{"category":"Security
@@ -8391,12 +13997,63 @@ interactions:
List of VM images that have supported Linux OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.7"},"resources":[{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","name":"[concat(parameters(''vmName''),
''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0","type":"Microsoft.Authorization/policyDefinitions","name":"765266ab-e40e-4c61-bcb2-5a5275d0b7c0"},{"properties":{"displayName":"Azure
+ extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0","type":"Microsoft.Authorization/policyDefinitions","name":"765266ab-e40e-4c61-bcb2-5a5275d0b7c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1055 - Session Termination| User-Initiated Logouts / Message
+ Displays","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1055"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/769efd9b-3587-4e22-90ce-65ddcd5bd969","type":"Microsoft.Authorization/policyDefinitions","name":"769efd9b-3587-4e22-90ce-65ddcd5bd969"},{"properties":{"displayName":"Audit
+ delegation of scopes to a managing tenant","policyType":"BuiltIn","mode":"All","description":"Audit
+ delegation of scopes to a managing tenant via Azure Lighthouse.","metadata":{"category":"Lighthouse"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ManagedServices/registrationAssignments"},{"value":"true","equals":"true"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/76bed37b-484f-430f-a009-fd7592dff818","type":"Microsoft.Authorization/policyDefinitions","name":"76bed37b-484f-430f-a009-fd7592dff818"},{"properties":{"displayName":"Microsoft
+ Managed Control 1058 - Permitted Actions Without Identification Or Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1058"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/76e85d08-8fbb-4112-a1c1-93521e6a9254","type":"Microsoft.Authorization/policyDefinitions","name":"76e85d08-8fbb-4112-a1c1-93521e6a9254"},{"properties":{"displayName":"Microsoft
+ Managed Control 1508 - Position Risk Designation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1508"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/76f500cc-4bca-4583-bda1-6d084dc21086","type":"Microsoft.Authorization/policyDefinitions","name":"76f500cc-4bca-4583-bda1-6d084dc21086"},{"properties":{"displayName":"Microsoft
+ Managed Control 1423 - Maintenance Personnel | Individuals Without Appropriate
+ Access","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1423"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7741669e-d4f6-485a-83cb-e70ce7cbbc20","type":"Microsoft.Authorization/policyDefinitions","name":"7741669e-d4f6-485a-83cb-e70ce7cbbc20"},{"properties":{"displayName":"Azure
subscriptions should have a log profile for Activity Log","policyType":"BuiltIn","mode":"All","description":"This
policy ensures if a log profile is enabled for exporting activity logs. It
audits if there is no log profile created to export the logs either to a storage
account or to an event hub.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"field":"Microsoft.Insights/logProfiles/categories","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","type":"Microsoft.Authorization/policyDefinitions","name":"7796937f-307b-4598-941c-67d3a05ebfe7"},{"properties":{"displayName":"Deploy
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"field":"Microsoft.Insights/logProfiles/categories","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","type":"Microsoft.Authorization/policyDefinitions","name":"7796937f-307b-4598-941c-67d3a05ebfe7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1336 - Authenticator Management | Pki-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1336"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/77f56280-e367-432a-a3b9-8ca2aa636a26","type":"Microsoft.Authorization/policyDefinitions","name":"77f56280-e367-432a-a3b9-8ca2aa636a26"},{"properties":{"displayName":"Microsoft
+ Managed Control 1258 - Contingency Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1258"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7814506c-382c-4d33-a142-249dd4a0dbff","type":"Microsoft.Authorization/policyDefinitions","name":"7814506c-382c-4d33-a142-249dd4a0dbff"},{"properties":{"displayName":"Microsoft
+ Managed Control 1178 - Baseline Configuration | Reviews And Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1178"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7818b8f4-47c6-441a-90ae-12ce04e99893","type":"Microsoft.Authorization/policyDefinitions","name":"7818b8f4-47c6-441a-90ae-12ce04e99893"},{"properties":{"displayName":"Microsoft
+ Managed Control 1057 - Permitted Actions Without Identification Or Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1057"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/78255758-6d45-4bf0-a005-7016bc03b13c","type":"Microsoft.Authorization/policyDefinitions","name":"78255758-6d45-4bf0-a005-7016bc03b13c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1700 - Information System Monitoring | Unauthorized Network
+ Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1700"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5","type":"Microsoft.Authorization/policyDefinitions","name":"7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1010 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1010"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/784663a8-1eb0-418a-a98c-24d19bc1bb62","type":"Microsoft.Authorization/policyDefinitions","name":"784663a8-1eb0-418a-a98c-24d19bc1bb62"},{"properties":{"displayName":"Microsoft
+ Managed Control 1216 - Least Functionality | Periodic Review","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1216"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7894fe6a-f5cb-44c8-ba90-c3f254ff9484","type":"Microsoft.Authorization/policyDefinitions","name":"7894fe6a-f5cb-44c8-ba90-c3f254ff9484"},{"properties":{"displayName":"Microsoft
+ Managed Control 1639 - Boundary Protection | Isolation Of Information System
+ Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1639"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/78e8e649-50f6-4fe3-99ac-fedc2e63b03f","type":"Microsoft.Authorization/policyDefinitions","name":"78e8e649-50f6-4fe3-99ac-fedc2e63b03f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1647 - Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1647"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/791cfc15-6974-42a0-9f4c-2d4b82f4a78c","type":"Microsoft.Authorization/policyDefinitions","name":"791cfc15-6974-42a0-9f4c-2d4b82f4a78c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1510 - Position Risk Designation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1510"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/79da5b09-0e7e-499e-adda-141b069c7998","type":"Microsoft.Authorization/policyDefinitions","name":"79da5b09-0e7e-499e-adda-141b069c7998"},{"properties":{"displayName":"Microsoft
+ Managed Control 1384 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1384"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/79fbc228-461c-4a45-9004-a865ca0728a7","type":"Microsoft.Authorization/policyDefinitions","name":"79fbc228-461c-4a45-9004-a865ca0728a7"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows Server VMs on which Windows Serial Console
is not enabled","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows Server virtual
@@ -8412,14 +14069,35 @@ interactions:
the Emergency Management Services (EMS) console redirection. For more information
on EMS settings, please visit https://aka.ms/gcpolwsc"},"allowedValues":["9600","19200","38400","57600","115200"],"defaultValue":"115200"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsSerialConsole","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[WindowsSerialConsole]WindowsSerialConsole;EMSPortNumber'',
''='', parameters(''EMSPortNumber''), '','', ''[WindowsSerialConsole]WindowsSerialConsole;EMSBaudRate'',
- ''='', parameters(''EMSBaudRate'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsSerialConsole"},"EMSPortNumber":{"value":"[parameters(''EMSPortNumber'')]"},"EMSBaudRate":{"value":"[parameters(''EMSBaudRate'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"EMSPortNumber":{"type":"string"},"EMSBaudRate":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSPortNumber","value":"[parameters(''EMSPortNumber'')]"},{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSBaudRate","value":"[parameters(''EMSBaudRate'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSPortNumber","value":"[parameters(''EMSPortNumber'')]"},{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSBaudRate","value":"[parameters(''EMSBaudRate'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a031c68-d6ab-406e-a506-697a19c634b0","type":"Microsoft.Authorization/policyDefinitions","name":"7a031c68-d6ab-406e-a506-697a19c634b0"},{"properties":{"displayName":"Diagnostic
+ ''='', parameters(''EMSBaudRate'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsSerialConsole"},"EMSPortNumber":{"value":"[parameters(''EMSPortNumber'')]"},"EMSBaudRate":{"value":"[parameters(''EMSBaudRate'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"EMSPortNumber":{"type":"string"},"EMSBaudRate":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSPortNumber","value":"[parameters(''EMSPortNumber'')]"},{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSBaudRate","value":"[parameters(''EMSBaudRate'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSPortNumber","value":"[parameters(''EMSPortNumber'')]"},{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSBaudRate","value":"[parameters(''EMSBaudRate'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a031c68-d6ab-406e-a506-697a19c634b0","type":"Microsoft.Authorization/policyDefinitions","name":"7a031c68-d6ab-406e-a506-697a19c634b0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1093 - Role-Based Security Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1093"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a0bdeeb-15f4-47e8-a1da-9f769f845fdf","type":"Microsoft.Authorization/policyDefinitions","name":"7a0bdeeb-15f4-47e8-a1da-9f769f845fdf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1708 - Security Function Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1708"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a1e2c88-13de-4959-8ee7-47e3d74f1f48","type":"Microsoft.Authorization/policyDefinitions","name":"7a1e2c88-13de-4959-8ee7-47e3d74f1f48"},{"properties":{"displayName":"Microsoft
+ Managed Control 1289 - Information System Backup","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1289"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a724864-956a-496c-b778-637cb1d762cf","type":"Microsoft.Authorization/policyDefinitions","name":"7a724864-956a-496c-b778-637cb1d762cf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1687 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1687"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a87fc7f-301e-49f3-ba2a-4d74f424fa97","type":"Microsoft.Authorization/policyDefinitions","name":"7a87fc7f-301e-49f3-ba2a-4d74f424fa97"},{"properties":{"displayName":"Microsoft
+ Managed Control 1061 - Remote Access | Automated Monitoring / Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1061"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ac22808-a2e8-41c4-9d46-429b50738914","type":"Microsoft.Authorization/policyDefinitions","name":"7ac22808-a2e8-41c4-9d46-429b50738914"},{"properties":{"displayName":"Microsoft
+ Managed Control 1492 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1492"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ad5f307-e045-46f7-8214-5bdb7e973737","type":"Microsoft.Authorization/policyDefinitions","name":"7ad5f307-e045-46f7-8214-5bdb7e973737"},{"properties":{"displayName":"Microsoft
+ Managed Control 1636 - Boundary Protection | Isolation Of Security Tools /
+ Mechanisms / Support Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1636"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7b694eed-7081-43c6-867c-41c76c961043","type":"Microsoft.Authorization/policyDefinitions","name":"7b694eed-7081-43c6-867c-41c76c961043"},{"properties":{"displayName":"Diagnostic
logs in Virtual Machine Scale Sets should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"It
is recommended to enable Logs so that activity trail can be recreated when
investigations are required in the event of an incident or a compromise.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -8428,20 +14106,46 @@ interactions:
policy ensures blob encryption for storage accounts is turned on. It only
applies to Microsoft.Storage resource types, not other storage providers.
This policy is deprecated because storage blob encryption is now enabled by
- default, and can no longer be disabled.","metadata":{"category":"Storage","deprecated":true},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f","type":"Microsoft.Authorization/policyDefinitions","name":"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f"},{"properties":{"displayName":"Show
+ default, and can no longer be disabled.","metadata":{"category":"Storage","deprecated":true},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f","type":"Microsoft.Authorization/policyDefinitions","name":"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1143 - Security Assessment And Authorization Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1143"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7c6de11b-5f51-4f7c-8d83-d2467c8a816e","type":"Microsoft.Authorization/policyDefinitions","name":"7c6de11b-5f51-4f7c-8d83-d2467c8a816e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1051 - Session Lock","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1051"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7cac6ee9-b58b-40c8-a5ce-f0efc3d9b339","type":"Microsoft.Authorization/policyDefinitions","name":"7cac6ee9-b58b-40c8-a5ce-f0efc3d9b339"},{"properties":{"displayName":"Microsoft
+ Managed Control 1279 - Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1279"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0","type":"Microsoft.Authorization/policyDefinitions","name":"7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1109 - Content Of Audit Records | Centralized Management Of
+ Planned Audit Record Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1109"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7d9ffa23-ad92-4d0d-b1f4-7db274cc2aec","type":"Microsoft.Authorization/policyDefinitions","name":"7d9ffa23-ad92-4d0d-b1f4-7db274cc2aec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1201 - Security Impact Analysis | Separate Test Environments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1201"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7daef997-fdd3-461b-8807-a608a6dd70f1","type":"Microsoft.Authorization/policyDefinitions","name":"7daef997-fdd3-461b-8807-a608a6dd70f1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1471 - Emergency Shutoff","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1471"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7dd0e9ce-1772-41fb-a50a-99977071f916","type":"Microsoft.Authorization/policyDefinitions","name":"7dd0e9ce-1772-41fb-a50a-99977071f916"},{"properties":{"displayName":"Show
audit results from Windows VMs that have the specified applications installed","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that have the specified applications installed.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"NotInstalledApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c","type":"Microsoft.Authorization/policyDefinitions","name":"7e56b49b-5990-4159-a734-511ea19b731c"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"NotInstalledApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c","type":"Microsoft.Authorization/policyDefinitions","name":"7e56b49b-5990-4159-a734-511ea19b731c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1011 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1011"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e6a54f3-883f-43d5-87c4-172dfd64a1f5","type":"Microsoft.Authorization/policyDefinitions","name":"7e6a54f3-883f-43d5-87c4-172dfd64a1f5"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that have not restarted within the specified
number of days","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that have not restarted within the specified number of days.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MachineLastBootUpTime","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e84ba44-6d03-46fd-950e-5efa5a1112fa","type":"Microsoft.Authorization/policyDefinitions","name":"7e84ba44-6d03-46fd-950e-5efa5a1112fa"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MachineLastBootUpTime","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e84ba44-6d03-46fd-950e-5efa5a1112fa","type":"Microsoft.Authorization/policyDefinitions","name":"7e84ba44-6d03-46fd-950e-5efa5a1112fa"},{"properties":{"displayName":"Microsoft
+ Managed Control 1692 - Information System Monitoring | Inbound And Outbound
+ Communications Traffic","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1692"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ecda928-9df4-4dd7-8f44-641a91e470e8","type":"Microsoft.Authorization/policyDefinitions","name":"7ecda928-9df4-4dd7-8f44-641a91e470e8"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not have the password complexity
setting enabled","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -8450,14 +14154,24 @@ interactions:
Configuration. This policy should only be used along with its corresponding
audit policy in an initiative. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordMustMeetComplexityRequirements"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","type":"Microsoft.Authorization/policyDefinitions","name":"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8"},{"properties":{"displayName":"[Preview]:
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordMustMeetComplexityRequirements"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","type":"Microsoft.Authorization/policyDefinitions","name":"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1191 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1191"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f26a61b-a74d-467c-99cf-63644db144f7","type":"Microsoft.Authorization/policyDefinitions","name":"7f26a61b-a74d-467c-99cf-63644db144f7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1520 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1520"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f2c513b-eb16-463b-b469-c10e5fa94f0a","type":"Microsoft.Authorization/policyDefinitions","name":"7f2c513b-eb16-463b-b469-c10e5fa94f0a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1126 - Audit Reduction And Report Generation | Automatic Processing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1126"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f37f71b-420f-49bf-9477-9c0196974ecf","type":"Microsoft.Authorization/policyDefinitions","name":"7f37f71b-420f-49bf-9477-9c0196974ecf"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Privilege Use''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -8468,13 +14182,28 @@ interactions:
Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPrivilegeUse","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f4e96d1-e4f3-4dbb-b767-33ca4df8df7c","type":"Microsoft.Authorization/policyDefinitions","name":"7f4e96d1-e4f3-4dbb-b767-33ca4df8df7c"},{"properties":{"displayName":"Audit
diagnostic setting","policyType":"BuiltIn","mode":"All","description":"Audit
diagnostic setting for selected resource types","metadata":{"category":"Monitoring"},"parameters":{"listOfResourceTypes":{"type":"Array","metadata":{"displayName":"Resource
- Types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypes'')]"},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","type":"Microsoft.Authorization/policyDefinitions","name":"7f89b1eb-583c-429a-8828-af049802c1d9"},{"properties":{"displayName":"SQL
+ Types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypes'')]"},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","type":"Microsoft.Authorization/policyDefinitions","name":"7f89b1eb-583c-429a-8828-af049802c1d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1117 - Audit Review, Analysis, And Reporting | Process Integration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1117"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7fbfe680-6dbb-4037-963c-a621c5635902","type":"Microsoft.Authorization/policyDefinitions","name":"7fbfe680-6dbb-4037-963c-a621c5635902"},{"properties":{"displayName":"SQL
Auditing settings should have Action-Groups configured to capture critical
activities","policyType":"BuiltIn","mode":"Indexed","description":"The AuditActionsAndGroups
property should contain at least SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,
FAILED_DATABASE_AUTHENTICATION_GROUP, BATCH_COMPLETED_GROUP to ensure a thorough
audit logging","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"FAILED_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"BATCH_COMPLETED_GROUP"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","type":"Microsoft.Authorization/policyDefinitions","name":"7ff426e2-515f-405a-91c8-4f2333442eb5"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"FAILED_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"BATCH_COMPLETED_GROUP"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","type":"Microsoft.Authorization/policyDefinitions","name":"7ff426e2-515f-405a-91c8-4f2333442eb5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1703 - Security Alerts, Advisories, And Directives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1703"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/804faf7d-b687-40f7-9f74-79e28adf4205","type":"Microsoft.Authorization/policyDefinitions","name":"804faf7d-b687-40f7-9f74-79e28adf4205"},{"properties":{"displayName":"Microsoft
+ Managed Control 1303 - Identification And Authentication (Org. Users) | Local
+ Access To Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1303"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/80ca0a27-918a-4604-af9e-723a27ee51e8","type":"Microsoft.Authorization/policyDefinitions","name":"80ca0a27-918a-4604-af9e-723a27ee51e8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1505 - Information Security Architecture","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1505"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/813a10a7-3943-4fe3-8678-00dc52db5490","type":"Microsoft.Authorization/policyDefinitions","name":"813a10a7-3943-4fe3-8678-00dc52db5490"},{"properties":{"displayName":"Microsoft
+ Managed Control 1614 - Developer Security Architecture And Design","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1614"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8154e3b3-cc52-40be-9407-7756581d71f6","type":"Microsoft.Authorization/policyDefinitions","name":"8154e3b3-cc52-40be-9407-7756581d71f6"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''User Rights Assignment''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
with non-compliant settings in Group Policy category: ''User Rights Assignment''.
@@ -8575,7 +14304,35 @@ interactions:
files and directories;ExpectedValue","value":"[parameters(''UsersAndGroupsThatMayRestoreFilesAndDirectories'')]"},{"name":"Shut
down the system;ExpectedValue","value":"[parameters(''UsersAndGroupsThatMayShutDownTheSystem'')]"},{"name":"Take
ownership of files or other objects;ExpectedValue","value":"[parameters(''UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/815dcc9f-6662-43f2-9a03-1b83e9876f24","type":"Microsoft.Authorization/policyDefinitions","name":"815dcc9f-6662-43f2-9a03-1b83e9876f24"},{"properties":{"displayName":"Diagnostic
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/815dcc9f-6662-43f2-9a03-1b83e9876f24","type":"Microsoft.Authorization/policyDefinitions","name":"815dcc9f-6662-43f2-9a03-1b83e9876f24"},{"properties":{"displayName":"Microsoft
+ Managed Control 1308 - Identification And Authentication (Org. Users) | Remote
+ Access - Separate Device","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1308"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/81817e1c-5347-48dd-965a-40159d008229","type":"Microsoft.Authorization/policyDefinitions","name":"81817e1c-5347-48dd-965a-40159d008229"},{"properties":{"displayName":"Microsoft
+ Managed Control 1287 - Information System Backup","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1287"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/819dc6da-289d-476e-8500-7e341ef8677d","type":"Microsoft.Authorization/policyDefinitions","name":"819dc6da-289d-476e-8500-7e341ef8677d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1213 - Configuration Settings | Respond To Unauthorized Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1213"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/81f11e32-a293-4a58-82cd-134af52e2318","type":"Microsoft.Authorization/policyDefinitions","name":"81f11e32-a293-4a58-82cd-134af52e2318"},{"properties":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for MySQL","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure Database for MySQL with geo-redundant backup not enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMySQL/servers"},{"field":"Microsoft.DBforMySQL/servers/storageProfile.geoRedundantBackup","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","type":"Microsoft.Authorization/policyDefinitions","name":"82339799-d096-41ae-8538-b108becf0970"},{"properties":{"displayName":"Microsoft
+ Managed Control 1168 - Continuous Monitoring | Independent Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1168"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/82409f9e-1f32-4775-bf07-b99d53a91b06","type":"Microsoft.Authorization/policyDefinitions","name":"82409f9e-1f32-4775-bf07-b99d53a91b06"},{"properties":{"displayName":"Microsoft
+ Managed Control 1448 - Physical Access Authorizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1448"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/825d6494-e583-42f2-a3f2-6458e6f0004f","type":"Microsoft.Authorization/policyDefinitions","name":"825d6494-e583-42f2-a3f2-6458e6f0004f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1452 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1452"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/82c76455-4d3f-4e09-a654-22e592107e74","type":"Microsoft.Authorization/policyDefinitions","name":"82c76455-4d3f-4e09-a654-22e592107e74"},{"properties":{"displayName":"Microsoft
+ Managed Control 1262 - Contingency Plan Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1262"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/831e510e-db41-4c72-888e-a0621ab62265","type":"Microsoft.Authorization/policyDefinitions","name":"831e510e-db41-4c72-888e-a0621ab62265"},{"properties":{"displayName":"Microsoft
+ Managed Control 1008 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1008"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8356cfc6-507a-4d20-b818-08038011cd07","type":"Microsoft.Authorization/policyDefinitions","name":"8356cfc6-507a-4d20-b818-08038011cd07"},{"properties":{"displayName":"Diagnostic
logs in Event Hub should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
@@ -8587,7 +14344,48 @@ interactions:
policy denies the network interfaces which are configured with any public
IP. Public IP addresses allow internet resources to communicate inbound to
Azure resources, and Azure resources to communicate outbound to the internet.
- This should be reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"not":{"field":"Microsoft.Network/networkInterfaces/ipconfigurations[*].publicIpAddress.id","notLike":"*"}}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114","type":"Microsoft.Authorization/policyDefinitions","name":"83a86a26-fd1f-447c-b59d-e51f44264114"},{"properties":{"displayName":"[Preview]:
+ This should be reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"not":{"field":"Microsoft.Network/networkInterfaces/ipconfigurations[*].publicIpAddress.id","notLike":"*"}}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114","type":"Microsoft.Authorization/policyDefinitions","name":"83a86a26-fd1f-447c-b59d-e51f44264114"},{"properties":{"displayName":"Microsoft
+ Managed Control 1382 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1382"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/841392b3-40da-4473-b328-4cde49db67b3","type":"Microsoft.Authorization/policyDefinitions","name":"841392b3-40da-4473-b328-4cde49db67b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1098 - Security Training Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1098"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/84363adb-dde3-411a-9fc1-36b56737f822","type":"Microsoft.Authorization/policyDefinitions","name":"84363adb-dde3-411a-9fc1-36b56737f822"},{"properties":{"displayName":"Ensure
+ that ''.Net Framework'' version is the latest, if used as a part of the Web
+ app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for .Net Framework software either due to security
+ flaws or to include additional functionality. Using the latest .Net framework
+ version for web apps is recommended in order to to take advantage of security
+ fixes, if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.netFrameworkVersion","in":["v3.0","v4.0"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/843664e0-7563-41ee-a9cb-7522c382d2c4","type":"Microsoft.Authorization/policyDefinitions","name":"843664e0-7563-41ee-a9cb-7522c382d2c4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1119 - Audit Review, Analysis, And Reporting | Central Review
+ And Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1119"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/845f6359-b764-4b40-b579-657aefe23c44","type":"Microsoft.Authorization/policyDefinitions","name":"845f6359-b764-4b40-b579-657aefe23c44"},{"properties":{"displayName":"Microsoft
+ Managed Control 1024 - Account Management | Account Monitoring / Atypical
+ Usage","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1024"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/84914fb4-12da-4c53-a341-a9fd463bed10","type":"Microsoft.Authorization/policyDefinitions","name":"84914fb4-12da-4c53-a341-a9fd463bed10"},{"properties":{"displayName":"Microsoft
+ Managed Control 1307 - Identification And Authentication (Org. Users) | Net.
+ Access To Non-Priv. Accts. - Replay","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1307"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/84e622c8-4bed-417c-84c6-b2fb0dd73682","type":"Microsoft.Authorization/policyDefinitions","name":"84e622c8-4bed-417c-84c6-b2fb0dd73682"},{"properties":{"displayName":"Microsoft
+ Managed Control 1080 - Use Of External Information Systems | Portable Storage
+ Devices","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1080"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/852981b4-a380-4704-aa1e-2e52d63445e5","type":"Microsoft.Authorization/policyDefinitions","name":"852981b4-a380-4704-aa1e-2e52d63445e5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1580 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1580"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/854db8ac-6adf-42a0-bef3-b73f764f40b9","type":"Microsoft.Authorization/policyDefinitions","name":"854db8ac-6adf-42a0-bef3-b73f764f40b9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1348 - Identification And Authentication (Non-Org. Users)
+ | Acceptance Of Third-Party Credentials","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1348"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/855ced56-417b-4d74-9d5f-dd1bc81e22d6","type":"Microsoft.Authorization/policyDefinitions","name":"855ced56-417b-4d74-9d5f-dd1bc81e22d6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1079 - Use Of External Information Systems | Limits On Authorized
+ Use","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1079"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/85c32733-7d23-4948-88da-058e2c56b60f","type":"Microsoft.Authorization/policyDefinitions","name":"85c32733-7d23-4948-88da-058e2c56b60f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1326 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1326"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8605fc00-1bf5-4fb3-984e-c95cec4f231d","type":"Microsoft.Authorization/policyDefinitions","name":"8605fc00-1bf5-4fb3-984e-c95cec4f231d"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Microsoft Network Server''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -8605,11 +14403,39 @@ interactions:
updates should be installed on your machines","policyType":"BuiltIn","mode":"All","description":"Missing
security system updates on your servers will be monitored by Azure Security
Center as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"systemUpdates","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","type":"Microsoft.Authorization/policyDefinitions","name":"86b3d65f-7626-441e-b690-81a8b71cff60"},{"properties":{"displayName":"Require
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"systemUpdates","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","type":"Microsoft.Authorization/policyDefinitions","name":"86b3d65f-7626-441e-b690-81a8b71cff60"},{"properties":{"displayName":"Microsoft
+ Managed Control 1507 - Personnel Security Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1507"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86ccd1bf-e7ad-4851-93ce-6ec817469c1e","type":"Microsoft.Authorization/policyDefinitions","name":"86ccd1bf-e7ad-4851-93ce-6ec817469c1e"},{"properties":{"displayName":"Ensure
+ that Register with Azure Active Directory is enabled on API app","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86d97760-d216-4d81-a3ad-163087b2b6c3","type":"Microsoft.Authorization/policyDefinitions","name":"86d97760-d216-4d81-a3ad-163087b2b6c3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1392 - Information Spillage Response | Post-Spill Operations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1392"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86dc819f-15e1-43f9-a271-41ae58d4cecc","type":"Microsoft.Authorization/policyDefinitions","name":"86dc819f-15e1-43f9-a271-41ae58d4cecc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1589 - External Information System Services | Risk Assessments
+ / Organizational Approvals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1589"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86ec7f9b-9478-40ff-8cfd-6a0d510081a8","type":"Microsoft.Authorization/policyDefinitions","name":"86ec7f9b-9478-40ff-8cfd-6a0d510081a8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1207 - Access Restrictions For Change | Limit Production /
+ Operational Privileges","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1207"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8713a0ed-0d1e-4d10-be82-83dffb39830e","type":"Microsoft.Authorization/policyDefinitions","name":"8713a0ed-0d1e-4d10-be82-83dffb39830e"},{"properties":{"displayName":"Require
specified tag","policyType":"BuiltIn","mode":"Indexed","description":"Enforces
- existence of a tag. Does not apply to resource groups.","metadata":{"category":"General"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ existence of a tag. Does not apply to resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","exists":"false"},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/871b6d14-10aa-478d-b590-94f262ecfa99","type":"Microsoft.Authorization/policyDefinitions","name":"871b6d14-10aa-478d-b590-94f262ecfa99"},{"properties":{"displayName":"[Preview]:
+ parameters(''tagName''), '']'')]","exists":"false"},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/871b6d14-10aa-478d-b590-94f262ecfa99","type":"Microsoft.Authorization/policyDefinitions","name":"871b6d14-10aa-478d-b590-94f262ecfa99"},{"properties":{"displayName":"Microsoft
+ Managed Control 1180 - Baseline Configuration | Automation Support For Accuracy
+ / Currency","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1180"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/874e7880-a067-42a7-bcbe-1a340f54c8cc","type":"Microsoft.Authorization/policyDefinitions","name":"874e7880-a067-42a7-bcbe-1a340f54c8cc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1635 - Boundary Protection | Host-Based Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1635"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e","type":"Microsoft.Authorization/policyDefinitions","name":"87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Administrative Templates
- Control Panel''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -8617,7 +14443,18 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Administrative Templates - Control Panel''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesControlPanel","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/87b590fe-4a1d-4697-ae74-d4fe72ab786c","type":"Microsoft.Authorization/policyDefinitions","name":"87b590fe-4a1d-4697-ae74-d4fe72ab786c"},{"properties":{"displayName":"Deploy
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesControlPanel","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/87b590fe-4a1d-4697-ae74-d4fe72ab786c","type":"Microsoft.Authorization/policyDefinitions","name":"87b590fe-4a1d-4697-ae74-d4fe72ab786c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1293 - Information System Backup | Separate Storage For Critical
+ Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1293"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/87f7cd82-2e45-4d0f-9e2f-586b0962d142","type":"Microsoft.Authorization/policyDefinitions","name":"87f7cd82-2e45-4d0f-9e2f-586b0962d142"},{"properties":{"displayName":"Microsoft
+ Managed Control 1440 - Media Sanitization | Review / Approve / Track / Document
+ / Verify","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1440"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/881299bf-2a5b-4686-a1b2-321d33679953","type":"Microsoft.Authorization/policyDefinitions","name":"881299bf-2a5b-4686-a1b2-321d33679953"},{"properties":{"displayName":"Microsoft
+ Managed Control 1356 - Incident Response Training | Simulated Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1356"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8829f8f5-e8be-441e-85c9-85b72a5d0ef3","type":"Microsoft.Authorization/policyDefinitions","name":"8829f8f5-e8be-441e-85c9-85b72a5d0ef3"},{"properties":{"displayName":"Deploy
prerequisites to audit Linux VMs that have the specified applications installed","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Linux virtual machines
that have the specified applications installed. It also creates a system-assigned
@@ -8628,24 +14465,46 @@ interactions:
names","description":"A semicolon-separated list of the names of the applications
that should not be installed. e.g. ''python; powershell''"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"not_installed_application_linux","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent'',
''='', concat(''packages: ['', replace(parameters(''ApplicationName''), '';'',
- '',''), '']'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"not_installed_application_linux"},"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ApplicationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ '',''), '']'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"not_installed_application_linux"},"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ApplicationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent","value":"[concat(''packages:
- ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent","value":"[concat(''packages:
- ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0","type":"Microsoft.Authorization/policyDefinitions","name":"884b209a-963b-4520-8006-d20cb3c213e0"},{"properties":{"displayName":"Network
+ ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0","type":"Microsoft.Authorization/policyDefinitions","name":"884b209a-963b-4520-8006-d20cb3c213e0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1317 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1317"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8877f519-c166-47b7-81b7-8a8eb4ff3775","type":"Microsoft.Authorization/policyDefinitions","name":"8877f519-c166-47b7-81b7-8a8eb4ff3775"},{"properties":{"displayName":"Microsoft
+ Managed Control 1501 - Rules Of Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1501"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88817b58-8472-4f6c-81fa-58ce42b67f51","type":"Microsoft.Authorization/policyDefinitions","name":"88817b58-8472-4f6c-81fa-58ce42b67f51"},{"properties":{"displayName":"Ensure
+ that ''Java version'' is the latest, if used as a part of the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Java either due to security flaws or to include
+ additional functionality. Using the latest Python version for Api apps is
+ recommended in order to to take advantage of security fixes, if any, and/or
+ new functionalities of the latest version.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ Java version","description":"Latest supported Java version for App Services"},"defaultValue":"11"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"JAVA"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","like":"[concat(''*'',
+ parameters(''JavaLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.javaVersion","like":"[concat(parameters(''JavaLatestVersion''),
+ ''*'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","type":"Microsoft.Authorization/policyDefinitions","name":"88999f4c-376a-45c8-bcb3-4058f713cf39"},{"properties":{"displayName":"Network
interfaces should disable IP forwarding","policyType":"BuiltIn","mode":"Indexed","description":"This
policy denies the network interfaces which enabled IP forwarding. The setting
of IP forwarding disables Azure''s check of the source and destination for
- a network interface. This should be reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"field":"Microsoft.Network/networkInterfaces/enableIpForwarding","equals":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900","type":"Microsoft.Authorization/policyDefinitions","name":"88c0b9da-ce96-4b03-9635-f29a937e2900"},{"properties":{"displayName":"SQL
+ a network interface. This should be reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"field":"Microsoft.Network/networkInterfaces/enableIpForwarding","equals":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900","type":"Microsoft.Authorization/policyDefinitions","name":"88c0b9da-ce96-4b03-9635-f29a937e2900"},{"properties":{"displayName":"Microsoft
+ Managed Control 1215 - Least Functionality","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1215"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88fc93e8-4745-4785-b5a5-b44bb92c44ff","type":"Microsoft.Authorization/policyDefinitions","name":"88fc93e8-4745-4785-b5a5-b44bb92c44ff"},{"properties":{"displayName":"SQL
servers should be configured with auditing retention days greater than 90
days.","policyType":"BuiltIn","mode":"Indexed","description":"Audit SQL servers
configured with an auditing retention period of less than 90 days.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/auditingSettings/retentionDays","greater":90}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","type":"Microsoft.Authorization/policyDefinitions","name":"89099bee-89e0-4b26-a5f4-165451757743"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/auditingSettings/retentionDays","greater":90}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","type":"Microsoft.Authorization/policyDefinitions","name":"89099bee-89e0-4b26-a5f4-165451757743"},{"properties":{"displayName":"Microsoft
+ Managed Control 1411 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1411"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/898d4fe8-f743-4333-86b7-0c9245d93e7d","type":"Microsoft.Authorization/policyDefinitions","name":"898d4fe8-f743-4333-86b7-0c9245d93e7d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1092 - Security Awareness Training | Insider Threat","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1092"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8a29d47b-8604-4667-84ef-90d203fcb305","type":"Microsoft.Authorization/policyDefinitions","name":"8a29d47b-8604-4667-84ef-90d203fcb305"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
System settings''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -8659,19 +14518,60 @@ interactions:
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines with a pending reboot. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8b0de57a-f511-4d45-a277-17cb79cb163b","type":"Microsoft.Authorization/policyDefinitions","name":"8b0de57a-f511-4d45-a277-17cb79cb163b"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8b0de57a-f511-4d45-a277-17cb79cb163b","type":"Microsoft.Authorization/policyDefinitions","name":"8b0de57a-f511-4d45-a277-17cb79cb163b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1534 - Personnel Sanctions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1534"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8b2b263e-cd05-4488-bcbf-4debec7a17d9","type":"Microsoft.Authorization/policyDefinitions","name":"8b2b263e-cd05-4488-bcbf-4debec7a17d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1170 - Penetration Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1170"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8b78b9b3-ee3c-48e0-a243-ed6dba5b7a12","type":"Microsoft.Authorization/policyDefinitions","name":"8b78b9b3-ee3c-48e0-a243-ed6dba5b7a12"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Windows Firewall Properties''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Windows Firewall Properties''. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsFirewallProperties","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8bbd627e-4d25-4906-9a6e-3789780af3ec","type":"Microsoft.Authorization/policyDefinitions","name":"8bbd627e-4d25-4906-9a6e-3789780af3ec"},{"properties":{"displayName":"Require
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsFirewallProperties","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8bbd627e-4d25-4906-9a6e-3789780af3ec","type":"Microsoft.Authorization/policyDefinitions","name":"8bbd627e-4d25-4906-9a6e-3789780af3ec"},{"properties":{"displayName":"Ensure
+ that ''HTTP Version'' is the latest, if used to run the Web app","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.http20Enabled","Equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae","type":"Microsoft.Authorization/policyDefinitions","name":"8c122334-9d20-4eb8-89ea-ac9a705b74ae"},{"properties":{"displayName":"Microsoft
+ Managed Control 1458 - Physical Access Control | Information System Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1458"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8c19ceb7-56e9-4488-8ddb-b1eb3aa6d203","type":"Microsoft.Authorization/policyDefinitions","name":"8c19ceb7-56e9-4488-8ddb-b1eb3aa6d203"},{"properties":{"displayName":"Microsoft
+ Managed Control 1683 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1683"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8c79fee4-88dd-44ce-bbd4-4de88948c4f8","type":"Microsoft.Authorization/policyDefinitions","name":"8c79fee4-88dd-44ce-bbd4-4de88948c4f8"},{"properties":{"displayName":"Latest
+ TLS version should be used in your API App","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
+ to the latest TLS version","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","type":"Microsoft.Authorization/policyDefinitions","name":"8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1316 - Identifier Management | Identify User Status","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1316"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ce14753-66e5-465d-9841-26ef55c09c0d","type":"Microsoft.Authorization/policyDefinitions","name":"8ce14753-66e5-465d-9841-26ef55c09c0d"},{"properties":{"displayName":"Require
tag and its value on resource groups","policyType":"BuiltIn","mode":"All","description":"Enforces
- a required tag and its value on resource groups.","metadata":{"category":"General"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ a required tag and its value on resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
- Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","notEquals":"[parameters(''tagValue'')]"},{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46","type":"Microsoft.Authorization/policyDefinitions","name":"8ce3da23-7156-49e4-b145-24f95f9dcb46"},{"properties":{"displayName":"[Preview]:
+ Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","notEquals":"[parameters(''tagValue'')]"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46","type":"Microsoft.Authorization/policyDefinitions","name":"8ce3da23-7156-49e4-b145-24f95f9dcb46"},{"properties":{"displayName":"Microsoft
+ Managed Control 1324 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1324"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8cfea2b3-7f77-497e-ac20-0752f2ff6eee","type":"Microsoft.Authorization/policyDefinitions","name":"8cfea2b3-7f77-497e-ac20-0752f2ff6eee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1225 - Information System Component Inventory | Automated
+ Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1225"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8d096fe0-f510-4486-8b4d-d17dc230980b","type":"Microsoft.Authorization/policyDefinitions","name":"8d096fe0-f510-4486-8b4d-d17dc230980b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1288 - Information System Backup","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1288"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f","type":"Microsoft.Authorization/policyDefinitions","name":"8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1281 - Telecommunications Services | Priority Of Service Provisions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1281"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8dc459b3-0e77-45af-8d71-cfd8c9654fe2","type":"Microsoft.Authorization/policyDefinitions","name":"8dc459b3-0e77-45af-8d71-cfd8c9654fe2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1250 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1250"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8de614d8-a8b7-4f70-a62a-6d37089a002c","type":"Microsoft.Authorization/policyDefinitions","name":"8de614d8-a8b7-4f70-a62a-6d37089a002c"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - Object Access''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -8700,7 +14600,22 @@ interactions:
Detailed File Share;ExpectedValue","value":"[parameters(''AuditDetailedFileShare'')]"},{"name":"Audit
File Share;ExpectedValue","value":"[parameters(''AuditFileShare'')]"},{"name":"Audit
File System;ExpectedValue","value":"[parameters(''AuditFileSystem'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8e170edb-e0f5-497a-bb36-48b3280cec6a","type":"Microsoft.Authorization/policyDefinitions","name":"8e170edb-e0f5-497a-bb36-48b3280cec6a"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8e170edb-e0f5-497a-bb36-48b3280cec6a","type":"Microsoft.Authorization/policyDefinitions","name":"8e170edb-e0f5-497a-bb36-48b3280cec6a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1278 - Alternate Processing Site | Preparation For Use","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1278"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8e5ef485-9e16-4c53-a475-fbb8107eac59","type":"Microsoft.Authorization/policyDefinitions","name":"8e5ef485-9e16-4c53-a475-fbb8107eac59"},{"properties":{"displayName":"Microsoft
+ Managed Control 1517 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1517"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8f5ad423-50d6-4617-b058-69908f5586c9","type":"Microsoft.Authorization/policyDefinitions","name":"8f5ad423-50d6-4617-b058-69908f5586c9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1668 - Flaw Remediation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1668"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8fb0966e-be1d-42c3-baca-60df5c0bcc61","type":"Microsoft.Authorization/policyDefinitions","name":"8fb0966e-be1d-42c3-baca-60df5c0bcc61"},{"properties":{"displayName":"Microsoft
+ Managed Control 1013 - Account Management | Automated System Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1013"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8fd7b917-d83b-4379-af60-51e14e316c61","type":"Microsoft.Authorization/policyDefinitions","name":"8fd7b917-d83b-4379-af60-51e14e316c61"},{"properties":{"displayName":"Microsoft
+ Managed Control 1147 - Security Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1147"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8fef824a-29a8-4a4c-88fc-420a39c0d541","type":"Microsoft.Authorization/policyDefinitions","name":"8fef824a-29a8-4a4c-88fc-420a39c0d541"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not store passwords using
reversible encryption","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -8708,14 +14623,17 @@ interactions:
system-assigned managed identity and deploys the VM extension for Guest Configuration.
This policy should only be used along with its corresponding audit policy
in an initiative. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"StorePasswordsUsingReversibleEncryption","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"StorePasswordsUsingReversibleEncryption"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","type":"Microsoft.Authorization/policyDefinitions","name":"8ff0b18b-262e-4512-857a-48ad0aeb9a78"},{"properties":{"displayName":"[Preview]:
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"StorePasswordsUsingReversibleEncryption","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"StorePasswordsUsingReversibleEncryption"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","type":"Microsoft.Authorization/policyDefinitions","name":"8ff0b18b-262e-4512-857a-48ad0aeb9a78"},{"properties":{"displayName":"Microsoft
+ Managed Control 1550 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1550"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/902908fb-25a8-4225-a3a5-5603c80066c9","type":"Microsoft.Authorization/policyDefinitions","name":"902908fb-25a8-4225-a3a5-5603c80066c9"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Windows Firewall
Properties''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -8848,7 +14766,10 @@ interactions:
Firewall: Domain: Allow unicast response;ExpectedValue","value":"[parameters(''WindowsFirewallDomainAllowUnicastResponse'')]"},{"name":"Windows
Firewall: Private: Allow unicast response;ExpectedValue","value":"[parameters(''WindowsFirewallPrivateAllowUnicastResponse'')]"},{"name":"Windows
Firewall: Public: Allow unicast response;ExpectedValue","value":"[parameters(''WindowsFirewallPublicAllowUnicastResponse'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/909c958d-1b99-4c74-b88f-46a5c5bc34f9","type":"Microsoft.Authorization/policyDefinitions","name":"909c958d-1b99-4c74-b88f-46a5c5bc34f9"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/909c958d-1b99-4c74-b88f-46a5c5bc34f9","type":"Microsoft.Authorization/policyDefinitions","name":"909c958d-1b99-4c74-b88f-46a5c5bc34f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1133 - Protection Of Audit Information | Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1133"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90b60a09-133d-45bc-86ef-b206a6134bbe","type":"Microsoft.Authorization/policyDefinitions","name":"90b60a09-133d-45bc-86ef-b206a6134bbe"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that do not have the specified Windows
PowerShell modules installed","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -8863,26 +14784,47 @@ interactions:
of a module that should be installed by including a comma after the module
name, followed by the desired version. e.g. PSDscResources; SqlServerDsc,
12.0.0.0; ComputerManagementDsc, 6.1.0.0"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellModules","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[PowerShellModules]PowerShellModules1;Modules'',
- ''='', parameters(''Modules'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPowerShellModules"},"Modules":{"value":"[parameters(''Modules'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"Modules":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellModules]PowerShellModules1;Modules","value":"[parameters(''Modules'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellModules]PowerShellModules1;Modules","value":"[parameters(''Modules'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90ba2ee7-4ca8-4673-84d1-c851c50d3baf","type":"Microsoft.Authorization/policyDefinitions","name":"90ba2ee7-4ca8-4673-84d1-c851c50d3baf"},{"properties":{"displayName":"[Preview]:
+ ''='', parameters(''Modules'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPowerShellModules"},"Modules":{"value":"[parameters(''Modules'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"Modules":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellModules]PowerShellModules1;Modules","value":"[parameters(''Modules'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellModules]PowerShellModules1;Modules","value":"[parameters(''Modules'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90ba2ee7-4ca8-4673-84d1-c851c50d3baf","type":"Microsoft.Authorization/policyDefinitions","name":"90ba2ee7-4ca8-4673-84d1-c851c50d3baf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1140 - Audit Generation | System-Wide / Time-Correlated Audit
+ Trail","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1140"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90d8b8ad-8ee3-4db7-913f-2a53fcff5316","type":"Microsoft.Authorization/policyDefinitions","name":"90d8b8ad-8ee3-4db7-913f-2a53fcff5316"},{"properties":{"displayName":"Microsoft
+ Managed Control 1355 - Incident Response Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1355"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90e01f69-3074-4de8-ade7-0fef3e7d83e0","type":"Microsoft.Authorization/policyDefinitions","name":"90e01f69-3074-4de8-ade7-0fef3e7d83e0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1657 - Secure Name / Address Resolution Service (Authoritative
+ Source)","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1657"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90f01329-a100-43c2-af31-098996135d2b","type":"Microsoft.Authorization/policyDefinitions","name":"90f01329-a100-43c2-af31-098996135d2b"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Windows Components''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Windows Components''. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsComponents","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9178b430-2295-406e-bb28-f6a7a2a2f897","type":"Microsoft.Authorization/policyDefinitions","name":"9178b430-2295-406e-bb28-f6a7a2a2f897"},{"properties":{"displayName":"MFA
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsComponents","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9178b430-2295-406e-bb28-f6a7a2a2f897","type":"Microsoft.Authorization/policyDefinitions","name":"9178b430-2295-406e-bb28-f6a7a2a2f897"},{"properties":{"displayName":"Microsoft
+ Managed Control 1069 - Wireless Access | Authentication And Encryption","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1069"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/91c97b44-791e-46e9-bad7-ab7c4949edbb","type":"Microsoft.Authorization/policyDefinitions","name":"91c97b44-791e-46e9-bad7-ab7c4949edbb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1370 - Incident Monitoring | Automated Tracking / Data Collection
+ / Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1370"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/924e1b2d-c502-478f-bfdb-a7e09a0d5c01","type":"Microsoft.Authorization/policyDefinitions","name":"924e1b2d-c502-478f-bfdb-a7e09a0d5c01"},{"properties":{"displayName":"MFA
should be enabled accounts with write permissions on your subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor
Authentication (MFA) should be enabled for all subscription accounts with
write privileges to prevent a breach of accounts or resources.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","type":"Microsoft.Authorization/policyDefinitions","name":"9297c21d-2ed6-4474-b48f-163f75654ce3"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","type":"Microsoft.Authorization/policyDefinitions","name":"9297c21d-2ed6-4474-b48f-163f75654ce3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1290 - Information System Backup","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1290"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/92f85ce9-17b7-49ea-85ee-ea7271ea6b82","type":"Microsoft.Authorization/policyDefinitions","name":"92f85ce9-17b7-49ea-85ee-ea7271ea6b82"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that contain certificates expiring within
the specified number of days","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -8903,26 +14845,60 @@ interactions:
to include","description":"A semicolon-separated list of members that should
be included in the Administrators local group. Ex: Administrator; myUser1;
myUser2"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AdministratorsGroupMembersToInclude","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[LocalGroup]AdministratorsGroup;MembersToInclude'',
- ''='', parameters(''MembersToInclude'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AdministratorsGroupMembersToInclude"},"MembersToInclude":{"value":"[parameters(''MembersToInclude'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"MembersToInclude":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToInclude","value":"[parameters(''MembersToInclude'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToInclude","value":"[parameters(''MembersToInclude'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","type":"Microsoft.Authorization/policyDefinitions","name":"93507a81-10a4-4af0-9ee2-34cf25a96e98"},{"properties":{"displayName":"Allow
- resource creation only in European data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
- resource creation in the following locations only: North Europe, West Europe","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["northeurope","westeurope"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b","type":"Microsoft.Authorization/policyDefinitions","name":"94c19f19-8192-48cd-a11b-e37099d3e36b"},{"properties":{"displayName":"Require
+ ''='', parameters(''MembersToInclude'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AdministratorsGroupMembersToInclude"},"MembersToInclude":{"value":"[parameters(''MembersToInclude'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"MembersToInclude":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToInclude","value":"[parameters(''MembersToInclude'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToInclude","value":"[parameters(''MembersToInclude'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","type":"Microsoft.Authorization/policyDefinitions","name":"93507a81-10a4-4af0-9ee2-34cf25a96e98"},{"properties":{"displayName":"Microsoft
+ Managed Control 1575 - Acquisition Process | Functional Properties Of Security
+ Controls","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1575"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93e1bb73-1b08-4dbe-9c62-8e2e92e7ec41","type":"Microsoft.Authorization/policyDefinitions","name":"93e1bb73-1b08-4dbe-9c62-8e2e92e7ec41"},{"properties":{"displayName":"Microsoft
+ Managed Control 1674 - Flaw Remediation | Time To Remediate Flaws / Benchmarks
+ For Corrective Actions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1674"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93e9e233-dd0a-4bde-aea5-1371bce0e002","type":"Microsoft.Authorization/policyDefinitions","name":"93e9e233-dd0a-4bde-aea5-1371bce0e002"},{"properties":{"displayName":"Microsoft
+ Managed Control 1297 - Information System Recovery And Reconstitution | Restore
+ Within Time Period","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1297"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93fd8af1-c161-4bae-9ba9-f62731f76439","type":"Microsoft.Authorization/policyDefinitions","name":"93fd8af1-c161-4bae-9ba9-f62731f76439"},{"properties":{"displayName":"Microsoft
+ Managed Control 1284 - Telecommunications Services | Provider Contingency
+ Plan","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1284"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/942b3e97-6ae3-410e-a794-c9c999b97c0b","type":"Microsoft.Authorization/policyDefinitions","name":"942b3e97-6ae3-410e-a794-c9c999b97c0b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1379 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1379"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9442dd2c-a07f-46cd-b55a-553b66ba47ca","type":"Microsoft.Authorization/policyDefinitions","name":"9442dd2c-a07f-46cd-b55a-553b66ba47ca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1371 - Incident Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1371"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9447f354-2c85-4700-93b3-ecdc6cb6a417","type":"Microsoft.Authorization/policyDefinitions","name":"9447f354-2c85-4700-93b3-ecdc6cb6a417"},{"properties":{"displayName":"[Deprecated]:
+ Allow resource creation only in European data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ resource creation in the following locations only: North Europe, West Europe","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["northeurope","westeurope"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b","type":"Microsoft.Authorization/policyDefinitions","name":"94c19f19-8192-48cd-a11b-e37099d3e36b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1526 - Access Agreements","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1526"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/953e6261-a05a-44fd-8246-000e1a3edbb9","type":"Microsoft.Authorization/policyDefinitions","name":"953e6261-a05a-44fd-8246-000e1a3edbb9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1163 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1163"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/961663a1-8a91-4e59-b6f5-1eee57c0f49c","type":"Microsoft.Authorization/policyDefinitions","name":"961663a1-8a91-4e59-b6f5-1eee57c0f49c"},{"properties":{"displayName":"Require
specified tag on resource groups","policyType":"BuiltIn","mode":"All","description":"Enforces
- existence of a tag on resource groups.","metadata":{"category":"General"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ existence of a tag on resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/96670d01-0a4d-4649-9c89-2d3abc0a5025","type":"Microsoft.Authorization/policyDefinitions","name":"96670d01-0a4d-4649-9c89-2d3abc0a5025"},{"properties":{"displayName":"Advanced
+ parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/96670d01-0a4d-4649-9c89-2d3abc0a5025","type":"Microsoft.Authorization/policyDefinitions","name":"96670d01-0a4d-4649-9c89-2d3abc0a5025"},{"properties":{"displayName":"Microsoft
+ Managed Control 1717 - Software, Firmware, And Information Integrity | Binary
+ Or Machine Executable Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1717"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef","type":"Microsoft.Authorization/policyDefinitions","name":"967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef"},{"properties":{"displayName":"Advanced
data security settings for SQL server should contain an email address to receive
security alerts","policyType":"BuiltIn","mode":"Indexed","description":"Ensure
that an email address is provided for the ''Send alerts to'' field in the
Advanced Data Security server settings. This email address receives alert
notifications when anomalous activities are detected on SQL servers.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAddresses[*]","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","type":"Microsoft.Authorization/policyDefinitions","name":"9677b740-f641-4f3c-b9c5-466005c85278"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAddresses[*]","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","type":"Microsoft.Authorization/policyDefinitions","name":"9677b740-f641-4f3c-b9c5-466005c85278"},{"properties":{"displayName":"Microsoft
+ Managed Control 1453 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1453"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9693b564-3008-42bc-9d5d-9c7fe198c011","type":"Microsoft.Authorization/policyDefinitions","name":"9693b564-3008-42bc-9d5d-9c7fe198c011"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Adminstrative Templates
- MSS (Legacy)''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -8930,7 +14906,11 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Adminstrative Templates - MSS (Legacy)''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdminstrativeTemplatesMSSLegacy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97646672-5efa-4622-9b54-740270ad60bf","type":"Microsoft.Authorization/policyDefinitions","name":"97646672-5efa-4622-9b54-740270ad60bf"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdminstrativeTemplatesMSSLegacy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97646672-5efa-4622-9b54-740270ad60bf","type":"Microsoft.Authorization/policyDefinitions","name":"97646672-5efa-4622-9b54-740270ad60bf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1607 - Developer Security Testing And Evaluation | Dynamic
+ Code Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1607"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/976a74cf-b192-4d35-8cab-2068f272addb","type":"Microsoft.Authorization/policyDefinitions","name":"976a74cf-b192-4d35-8cab-2068f272addb"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - Policy Change''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -8955,8 +14935,14 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit
Authentication Policy Change;ExpectedValue","value":"[parameters(''AuditAuthenticationPolicyChange'')]"},{"name":"Audit
Authorization Policy Change;ExpectedValue","value":"[parameters(''AuditAuthorizationPolicyChange'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97b595c8-fd10-400e-8543-28e2b9138b13","type":"Microsoft.Authorization/policyDefinitions","name":"97b595c8-fd10-400e-8543-28e2b9138b13"},{"properties":{"displayName":"Allow
- resource creation only in United States data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97b595c8-fd10-400e-8543-28e2b9138b13","type":"Microsoft.Authorization/policyDefinitions","name":"97b595c8-fd10-400e-8543-28e2b9138b13"},{"properties":{"displayName":"Microsoft
+ Managed Control 1136 - Audit Record Retention","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1136"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97ed5bac-a92f-4f6d-a8ed-dc094723597c","type":"Microsoft.Authorization/policyDefinitions","name":"97ed5bac-a92f-4f6d-a8ed-dc094723597c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1378 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1378"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97fceb70-6983-42d0-9331-18ad8253184d","type":"Microsoft.Authorization/policyDefinitions","name":"97fceb70-6983-42d0-9331-18ad8253184d"},{"properties":{"displayName":"[Deprecated]:
+ Allow resource creation only in United States data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation in the following locations only: Central US, East US, East
US2, North Central US, South Central US, West US","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["centralus","eastus","eastus2","northcentralus","southcentralus","westus"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869","type":"Microsoft.Authorization/policyDefinitions","name":"983211ba-f348-4758-983b-21fa29294869"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Administrative
@@ -8985,7 +14971,33 @@ interactions:
insecure guest logons;ExpectedValue","value":"[parameters(''EnableInsecureGuestLogons'')]"},{"name":"Minimize
the number of simultaneous connections to the Internet or a Windows Domain;ExpectedValue","value":"[parameters(''AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain'')]"},{"name":"Turn
off multicast name resolution;ExpectedValue","value":"[parameters(''TurnOffMulticastNameResolution'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/985285b7-b97a-419c-8d48-c88cc934c8d8","type":"Microsoft.Authorization/policyDefinitions","name":"985285b7-b97a-419c-8d48-c88cc934c8d8"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/985285b7-b97a-419c-8d48-c88cc934c8d8","type":"Microsoft.Authorization/policyDefinitions","name":"985285b7-b97a-419c-8d48-c88cc934c8d8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1076 - Use Of External Information Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1076"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/98a4bd5f-6436-46d4-ad00-930b5b1dfed4","type":"Microsoft.Authorization/policyDefinitions","name":"98a4bd5f-6436-46d4-ad00-930b5b1dfed4"},{"properties":{"displayName":"Ensure
+ that ''HTTP Version'' is the latest, if used to run the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for HTTP either due to security flaws or to include
+ additional functionality. Using the latest HTTP version for web apps to take
+ advantage of security fixes, if any, and/or new functionalities of the newer
+ version.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.http20Enabled","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db","type":"Microsoft.Authorization/policyDefinitions","name":"991310cd-e9f3-47bc-b7b6-f57b557d07db"},{"properties":{"displayName":"Microsoft
+ Managed Control 1102 - Audit Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1102"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9943c16a-c54c-4b4a-ad28-bfd938cdbf57","type":"Microsoft.Authorization/policyDefinitions","name":"9943c16a-c54c-4b4a-ad28-bfd938cdbf57"},{"properties":{"displayName":"Microsoft
+ Managed Control 1300 - Identification And Authentication (Organizational Users)","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1300"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/99deec7d-5526-472e-b07c-3645a792026a","type":"Microsoft.Authorization/policyDefinitions","name":"99deec7d-5526-472e-b07c-3645a792026a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1036 - Least Privilege | Non-Privileged Access For Nonsecurity
+ Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1036"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9a16d673-8cf0-4dcf-b1d5-9b3e114fef71","type":"Microsoft.Authorization/policyDefinitions","name":"9a16d673-8cf0-4dcf-b1d5-9b3e114fef71"},{"properties":{"displayName":"FTPS
+ only should be required in your API App","policyType":"BuiltIn","mode":"Indexed","description":"Enable
+ FTPS enforcement for enhanced security","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/ftpsState","equals":"FtpsOnly"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5","type":"Microsoft.Authorization/policyDefinitions","name":"9a1b8c48-453a-4044-86c3-d8bfd823e4f5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1021 - Account Management | Restrictions On Use Of Shared
+ / Group Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1021"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9a3eb0a3-428d-4669-baff-20a14eb4b551","type":"Microsoft.Authorization/policyDefinitions","name":"9a3eb0a3-428d-4669-baff-20a14eb4b551"},{"properties":{"displayName":"Deploy
Diagnostic Settings for Azure SQL Database to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
the diagnostic settings for Azure SQL Database to stream to a regional Event
Hub on any Azure SQL Database which is missing this diagnostic settings is
@@ -9002,35 +15014,111 @@ interactions:
or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"fullName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"resources":[{"type":"Microsoft.Sql/servers/databases/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''fullName''),
''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"QueryStoreRuntimeStatistics","enabled":"[parameters(''logsEnabled'')]"},{"category":"QueryStoreWaitStatistics","enabled":"[parameters(''logsEnabled'')]"},{"category":"Errors","enabled":"[parameters(''logsEnabled'')]"},{"category":"DatabaseWaitStatistics","enabled":"[parameters(''logsEnabled'')]"},{"category":"Blocks","enabled":"[parameters(''logsEnabled'')]"},{"category":"SQLInsights","enabled":"[parameters(''logsEnabled'')]"},{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"SQLSecurityAuditEvents","enabled":"[parameters(''logsEnabled'')]"},{"category":"Timeouts","enabled":"[parameters(''logsEnabled'')]"},{"category":"AutomaticTuning","enabled":"[parameters(''logsEnabled'')]"},{"category":"Deadlocks","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
diagnostic settings for '', parameters(''fullName''))]"}}},"parameters":{"location":{"value":"[field(''location'')]"},"fullName":{"value":"[field(''fullName'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9a7c7a7d-49e5-4213-bea8-6a502b6272e0","type":"Microsoft.Authorization/policyDefinitions","name":"9a7c7a7d-49e5-4213-bea8-6a502b6272e0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1049 - System Use Notification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1049"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9adf7ba7-900a-4f35-8d57-9f34aafc405c","type":"Microsoft.Authorization/policyDefinitions","name":"9adf7ba7-900a-4f35-8d57-9f34aafc405c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1563 - Allocation Of Resources","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1563"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9afe2edf-232c-4fdf-8e6a-e867a5c525fd","type":"Microsoft.Authorization/policyDefinitions","name":"9afe2edf-232c-4fdf-8e6a-e867a5c525fd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1462 - Monitoring Physical Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1462"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9b1f3a9a-13a1-4b40-8420-36bca6fd8c02","type":"Microsoft.Authorization/policyDefinitions","name":"9b1f3a9a-13a1-4b40-8420-36bca6fd8c02"},{"properties":{"displayName":"Microsoft
IaaSAntimalware extension should be deployed on Windows servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Windows server VM without Microsoft IaaSAntimalware extension
deployed.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk"]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","type":"Microsoft.Authorization/policyDefinitions","name":"9b597639-28e4-48eb-b506-56b05d366257"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk"]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","type":"Microsoft.Authorization/policyDefinitions","name":"9b597639-28e4-48eb-b506-56b05d366257"},{"properties":{"displayName":"Microsoft
+ Managed Control 1236 - Software Usage Restrictions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1236"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ba3ed84-c768-4e18-b87c-34ef1aff1b57","type":"Microsoft.Authorization/policyDefinitions","name":"9ba3ed84-c768-4e18-b87c-34ef1aff1b57"},{"properties":{"displayName":"Microsoft
+ Managed Control 1525 - Personnel Transfer","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1525"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9be2f688-7a61-45e3-8230-e1ec93893f66","type":"Microsoft.Authorization/policyDefinitions","name":"9be2f688-7a61-45e3-8230-e1ec93893f66"},{"properties":{"displayName":"[Deprecated]:
Audit API Applications that are not using latest supported Java Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported Java version for the latest security classes. Using older
classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745","type":"Microsoft.Authorization/policyDefinitions","name":"9bfe3727-0a17-471f-a2fe-eddd6b668745"},{"properties":{"displayName":"Access
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745","type":"Microsoft.Authorization/policyDefinitions","name":"9bfe3727-0a17-471f-a2fe-eddd6b668745"},{"properties":{"displayName":"Microsoft
+ Managed Control 1138 - Audit Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1138"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9c284fc0-268a-4f29-af44-3c126674edb4","type":"Microsoft.Authorization/policyDefinitions","name":"9c284fc0-268a-4f29-af44-3c126674edb4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1135 - Non-Repudiation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1135"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9c308b6b-2429-4b97-86cf-081b8e737b04","type":"Microsoft.Authorization/policyDefinitions","name":"9c308b6b-2429-4b97-86cf-081b8e737b04"},{"properties":{"displayName":"Microsoft
+ Managed Control 1489 - Location Of Information System Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1489"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d0a794f-1444-4c96-9534-e35fc8c39c91","type":"Microsoft.Authorization/policyDefinitions","name":"9d0a794f-1444-4c96-9534-e35fc8c39c91"},{"properties":{"displayName":"Ensure
+ that ''Java version'' is the latest, if used as a part of the Funtion app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Java software either due to security flaws
+ or to include additional functionality. Using the latest Java version for
+ Function apps is recommended in order to to take advantage of security fixes,
+ if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ Java version","description":"Latest supported Java version for App Services"},"defaultValue":"11"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"JAVA"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","like":"[concat(''*'',
+ parameters(''JavaLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.javaVersion","like":"[concat(parameters(''JavaLatestVersion''),
+ ''*'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","type":"Microsoft.Authorization/policyDefinitions","name":"9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1322 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1322"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d1d971e-467e-4278-9633-c74c3d4fecc4","type":"Microsoft.Authorization/policyDefinitions","name":"9d1d971e-467e-4278-9633-c74c3d4fecc4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1233 - Configuration Management Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1233"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d79001f-95fe-45d0-8736-f217e78c1f57","type":"Microsoft.Authorization/policyDefinitions","name":"9d79001f-95fe-45d0-8736-f217e78c1f57"},{"properties":{"displayName":"Microsoft
+ Managed Control 1305 - Identification And Authentication (Org. Users) | Group
+ Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1305"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d9166a8-1722-4b8f-847c-2cf3f2618b3d","type":"Microsoft.Authorization/policyDefinitions","name":"9d9166a8-1722-4b8f-847c-2cf3f2618b3d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1259 - Contingency Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1259"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d9e18f7-bad9-4d30-8806-a0c9d5e26208","type":"Microsoft.Authorization/policyDefinitions","name":"9d9e18f7-bad9-4d30-8806-a0c9d5e26208"},{"properties":{"displayName":"Access
through Internet facing endpoint should be restricted","policyType":"BuiltIn","mode":"All","description":"Azure
Security center has identified some of your Network Security Groups'' inbound
rules to be too permissive. Inbound rules should not allow access from ''Any''
or ''Internet'' ranges. This can potentially enable attackers to easily target
your resources.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedNetworkEndpoint","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","type":"Microsoft.Authorization/policyDefinitions","name":"9daedab3-fb2d-461e-b861-71790eead4f6"},{"properties":{"displayName":"Append
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedNetworkEndpoint","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","type":"Microsoft.Authorization/policyDefinitions","name":"9daedab3-fb2d-461e-b861-71790eead4f6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1500 - Rules Of Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1500"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9dd5b241-03cb-47d3-a5cd-4b89f9c53c92","type":"Microsoft.Authorization/policyDefinitions","name":"9dd5b241-03cb-47d3-a5cd-4b89f9c53c92"},{"properties":{"displayName":"Microsoft
+ Managed Control 1482 - Temperature And Humidity Controls | Monitoring With
+ Alarms / Notifications","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1482"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9df4277e-8c88-4d5c-9b1a-541d53d15d7b","type":"Microsoft.Authorization/policyDefinitions","name":"9df4277e-8c88-4d5c-9b1a-541d53d15d7b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1553 - Vulnerability Scanning | Breadth / Depth Of Coverage","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1553"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9e5225fe-cdfb-4fce-9aec-0fe20dd53b62","type":"Microsoft.Authorization/policyDefinitions","name":"9e5225fe-cdfb-4fce-9aec-0fe20dd53b62"},{"properties":{"displayName":"Microsoft
+ Managed Control 1490 - Security Planning Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1490"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9e61da80-0957-4892-b70c-609d5eaafb6b","type":"Microsoft.Authorization/policyDefinitions","name":"9e61da80-0957-4892-b70c-609d5eaafb6b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1504 - Information Security Architecture","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1504"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9e7c35d0-12d4-4e0c-80a2-8a352537aefd","type":"Microsoft.Authorization/policyDefinitions","name":"9e7c35d0-12d4-4e0c-80a2-8a352537aefd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1609 - Development Process, Standards, And Tools","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1609"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9e93fa71-42ac-41a7-b177-efbfdc53c69f","type":"Microsoft.Authorization/policyDefinitions","name":"9e93fa71-42ac-41a7-b177-efbfdc53c69f"},{"properties":{"displayName":"Append
tag and its value from the resource group","policyType":"BuiltIn","mode":"Indexed","description":"Appends
the specified tag with its value from the resource group when any resource
which is missing this tag is created or updated. Does not modify the tags
of resources created before this policy was applied until those resources
- are changed.","metadata":{"category":"General"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ are changed. New ''modify'' effect policies are available that support remediation
+ of tags on existing resources (see https://aka.ms/modifydoc).","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"allOf":[{"field":"[concat(''tags['',
parameters(''tagName''), '']'')]","exists":"false"},{"value":"[resourceGroup().tags[parameters(''tagName'')]]","notEquals":""}]},"then":{"effect":"append","details":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[resourceGroup().tags[parameters(''tagName'')]]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ea02ca2-71db-412d-8b00-7c7ca9fcd32d","type":"Microsoft.Authorization/policyDefinitions","name":"9ea02ca2-71db-412d-8b00-7c7ca9fcd32d"},{"properties":{"displayName":"Show
+ parameters(''tagName''), '']'')]","value":"[resourceGroup().tags[parameters(''tagName'')]]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ea02ca2-71db-412d-8b00-7c7ca9fcd32d","type":"Microsoft.Authorization/policyDefinitions","name":"9ea02ca2-71db-412d-8b00-7c7ca9fcd32d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1494 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1494"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ed09d84-3311-4853-8b67-2b55dfa33d09","type":"Microsoft.Authorization/policyDefinitions","name":"9ed09d84-3311-4853-8b67-2b55dfa33d09"},{"properties":{"displayName":"Microsoft
+ Managed Control 1514 - Personnel Screening | Information With Special Protection
+ Measures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1514"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ed5ca00-0e43-434e-a018-7aab91461ba7","type":"Microsoft.Authorization/policyDefinitions","name":"9ed5ca00-0e43-434e-a018-7aab91461ba7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1187 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1187"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9f2b2f9e-4ba6-46c3-907f-66db138b6f85","type":"Microsoft.Authorization/policyDefinitions","name":"9f2b2f9e-4ba6-46c3-907f-66db138b6f85"},{"properties":{"displayName":"Show
audit results from Windows VMs that are not set to the specified time zone","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that are not set to the specified time zone.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsTimeZone","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9f658460-46b7-43af-8565-94fc0662be38","type":"Microsoft.Authorization/policyDefinitions","name":"9f658460-46b7-43af-8565-94fc0662be38"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsTimeZone","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9f658460-46b7-43af-8565-94fc0662be38","type":"Microsoft.Authorization/policyDefinitions","name":"9f658460-46b7-43af-8565-94fc0662be38"},{"properties":{"displayName":"Microsoft
+ Managed Control 1354 - Incident Response Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1354"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9fd92c17-163a-4511-bb96-bbb476449796","type":"Microsoft.Authorization/policyDefinitions","name":"9fd92c17-163a-4511-bb96-bbb476449796"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs on which the Log Analytics agent is not
connected as expected","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -9038,14 +15126,22 @@ interactions:
auditing Windows virtual machines on which the Log Analytics agent is not
connected to the specified workspaces. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsLogAnalyticsAgentConnection","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a030a57e-4639-4e8f-ade9-a92f33afe7ee","type":"Microsoft.Authorization/policyDefinitions","name":"a030a57e-4639-4e8f-ade9-a92f33afe7ee"},{"properties":{"displayName":"Allowed
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsLogAnalyticsAgentConnection","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a030a57e-4639-4e8f-ade9-a92f33afe7ee","type":"Microsoft.Authorization/policyDefinitions","name":"a030a57e-4639-4e8f-ade9-a92f33afe7ee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1145 - Security Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1145"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a0724970-9c75-4a64-a225-a28002953f28","type":"Microsoft.Authorization/policyDefinitions","name":"a0724970-9c75-4a64-a225-a28002953f28"},{"properties":{"displayName":"Allowed
resource types","policyType":"BuiltIn","mode":"Indexed","description":"This
policy enables you to specify the resource types that your organization can
deploy. Only resource types that support ''tags'' and ''location'' will be
affected by this policy. To restrict all resources please duplicate this policy
and change the ''mode'' to ''All''.","metadata":{"category":"General"},"parameters":{"listOfResourceTypesAllowed":{"type":"Array","metadata":{"description":"The
list of resource types that can be deployed.","displayName":"Allowed resource
- types","strongType":"resourceTypes"}}},"policyRule":{"if":{"not":{"field":"type","in":"[parameters(''listOfResourceTypesAllowed'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c","type":"Microsoft.Authorization/policyDefinitions","name":"a08ec900-254a-4555-9bf5-e42af04b5c5c"},{"properties":{"displayName":"Security
+ types","strongType":"resourceTypes"}}},"policyRule":{"if":{"not":{"field":"type","in":"[parameters(''listOfResourceTypesAllowed'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c","type":"Microsoft.Authorization/policyDefinitions","name":"a08ec900-254a-4555-9bf5-e42af04b5c5c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1245 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1245"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a0e45314-57b8-4623-80cd-bbb561f59516","type":"Microsoft.Authorization/policyDefinitions","name":"a0e45314-57b8-4623-80cd-bbb561f59516"},{"properties":{"displayName":"Microsoft
+ Managed Control 1406 - Maintenance Tools | Inspect Media","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1406"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a0f5339c-9292-43aa-a0bc-d27c6b8e30aa","type":"Microsoft.Authorization/policyDefinitions","name":"a0f5339c-9292-43aa-a0bc-d27c6b8e30aa"},{"properties":{"displayName":"Security
Center standard pricing tier should be selected","policyType":"BuiltIn","mode":"All","description":"The
standard pricing tier enables threat detection for networks and virtual machines,
providing threat intelligence, anomaly detection, and behavior analytics in
@@ -9058,20 +15154,72 @@ interactions:
security model, you shoud create access policies at the entity level for queues
and topics to provide access to only the specific entity","metadata":{"category":"Service
Bus"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceBus/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","type":"Microsoft.Authorization/policyDefinitions","name":"a1817ec0-a368-432a-8057-8371e17ac6ee"},{"properties":{"displayName":"[Preview]:
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceBus/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","type":"Microsoft.Authorization/policyDefinitions","name":"a1817ec0-a368-432a-8057-8371e17ac6ee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1265 - Contingency Plan Testing | Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1265"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a18adb5b-1db6-4a5b-901a-7d3797d12972","type":"Microsoft.Authorization/policyDefinitions","name":"a18adb5b-1db6-4a5b-901a-7d3797d12972"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Logic Apps to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Logic Apps to stream to a regional Event Hub when
+ any Logic Apps which is missing this diagnostic settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Logic/workflows/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"WorkflowRuntime","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1dae6c7-13f3-48ea-a149-ff8442661f60","type":"Microsoft.Authorization/policyDefinitions","name":"a1dae6c7-13f3-48ea-a149-ff8442661f60"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Administrative Templates
- System''","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Administrative
Templates - System''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1e8dda3-9fd2-4835-aec3-0e55531fde33","type":"Microsoft.Authorization/policyDefinitions","name":"a1e8dda3-9fd2-4835-aec3-0e55531fde33"},{"properties":{"displayName":"Show
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1e8dda3-9fd2-4835-aec3-0e55531fde33","type":"Microsoft.Authorization/policyDefinitions","name":"a1e8dda3-9fd2-4835-aec3-0e55531fde33"},{"properties":{"displayName":"Microsoft
+ Managed Control 1612 - Developer Security Architecture And Design","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1612"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2037b3d-8b04-4171-8610-e6d4f1d08db5","type":"Microsoft.Authorization/policyDefinitions","name":"a2037b3d-8b04-4171-8610-e6d4f1d08db5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1197 - Configuration Change Control | Test / Validate / Document
+ Changes","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1197"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a20d2eaa-88e2-4907-96a2-8f3a05797e5c","type":"Microsoft.Authorization/policyDefinitions","name":"a20d2eaa-88e2-4907-96a2-8f3a05797e5c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1275 - Alternate Processing Site | Separation From Primary
+ Site","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1275"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a23d9d53-ad2e-45ef-afd5-e6d10900a737","type":"Microsoft.Authorization/policyDefinitions","name":"a23d9d53-ad2e-45ef-afd5-e6d10900a737"},{"properties":{"displayName":"Microsoft
+ Managed Control 1690 - Information System Monitoring | System-Wide Intrusion
+ Detection System","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1690"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2567a23-d1c3-4783-99f3-d471302a4d6b","type":"Microsoft.Authorization/policyDefinitions","name":"a2567a23-d1c3-4783-99f3-d471302a4d6b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1410 - Maintenance Tools | Prevent Unauthorized Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1410"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2596a9f-e59f-420d-9625-6e0b536348be","type":"Microsoft.Authorization/policyDefinitions","name":"a2596a9f-e59f-420d-9625-6e0b536348be"},{"properties":{"displayName":"Microsoft
+ Managed Control 1059 - Remote Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1059"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a29b5d9f-4953-4afe-b560-203a6410b6b4","type":"Microsoft.Authorization/policyDefinitions","name":"a29b5d9f-4953-4afe-b560-203a6410b6b4"},{"properties":{"displayName":"Show
audit results from Windows VMs that are not joined to the specified domain","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that are not joined to the specified domain.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDomainMembership","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a29ee95c-0395-4515-9851-cc04ffe82a91","type":"Microsoft.Authorization/policyDefinitions","name":"a29ee95c-0395-4515-9851-cc04ffe82a91"},{"properties":{"displayName":"Audit
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDomainMembership","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a29ee95c-0395-4515-9851-cc04ffe82a91","type":"Microsoft.Authorization/policyDefinitions","name":"a29ee95c-0395-4515-9851-cc04ffe82a91"},{"properties":{"displayName":"Microsoft
+ Managed Control 1532 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1532"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2c66299-9017-4d95-8040-8bdbf7901d52","type":"Microsoft.Authorization/policyDefinitions","name":"a2c66299-9017-4d95-8040-8bdbf7901d52"},{"properties":{"displayName":"Microsoft
+ Managed Control 1664 - Protection Of Information At Rest | Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1664"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2cdf6b8-9505-4619-b579-309ba72037ac","type":"Microsoft.Authorization/policyDefinitions","name":"a2cdf6b8-9505-4619-b579-309ba72037ac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1252 - Contingency Plan | Capacity Planning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1252"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a328fd72-8ff5-4f96-8c9c-b30ed95db4ab","type":"Microsoft.Authorization/policyDefinitions","name":"a328fd72-8ff5-4f96-8c9c-b30ed95db4ab"},{"properties":{"displayName":"Microsoft
+ Managed Control 1238 - User-Installed Software","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1238"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1","type":"Microsoft.Authorization/policyDefinitions","name":"a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1693 - Information System Monitoring | System-Generated Alerts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1693"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a450eba6-2efc-4a00-846a-5804a93c6b77","type":"Microsoft.Authorization/policyDefinitions","name":"a450eba6-2efc-4a00-846a-5804a93c6b77"},{"properties":{"displayName":"Audit
usage of custom RBAC rules","policyType":"BuiltIn","mode":"All","description":"Audit
built-in roles such as ''Owner, Contributer, Reader'' instead of custom RBAC
roles, which are error prone. Using custom roles is treated as an exception
@@ -9080,28 +15228,63 @@ interactions:
Application should only be accessible over HTTPS","policyType":"BuiltIn","mode":"Indexed","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","type":"Microsoft.Authorization/policyDefinitions","name":"a4af4a39-4135-47fb-b175-47fbdf85311d"},{"properties":{"displayName":"Auditing
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","type":"Microsoft.Authorization/policyDefinitions","name":"a4af4a39-4135-47fb-b175-47fbdf85311d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1617 - Application Partitioning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1617"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a631d8f5-eb81-4f9d-9ee1-74431371e4a3","type":"Microsoft.Authorization/policyDefinitions","name":"a631d8f5-eb81-4f9d-9ee1-74431371e4a3"},{"properties":{"displayName":"Auditing
should be enabled on advanced data security settings on SQL Server","policyType":"BuiltIn","mode":"Indexed","description":"Auditing
tracks database events and writes them to an audit log in the Azure storage
account. It also helps to maintain regulatory compliance, understand database
activity, and gain insight into discrepancies and anomalies that could indicate
business concerns or suspected security violations.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"setting":{"type":"String","metadata":{"displayName":"Desired
- Auditing setting"},"allowedValues":["enabled","disabled"],"defaultValue":"enabled"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"field":"Microsoft.Sql/auditingSettings.state","equals":"[parameters(''setting'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","type":"Microsoft.Authorization/policyDefinitions","name":"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9"},{"properties":{"displayName":"DDoS
+ Auditing setting"},"allowedValues":["enabled","disabled"],"defaultValue":"enabled"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"field":"Microsoft.Sql/auditingSettings.state","equals":"[parameters(''setting'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","type":"Microsoft.Authorization/policyDefinitions","name":"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9"},{"properties":{"displayName":"The
+ Log Analytics agent should be installed on virtual machines","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Windows/Linux virtual machines if the Log Analytics agent
+ is not installed.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","in":["MicrosoftMonitoringAgent","OmsAgentForLinux"]},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"},{"field":"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be","type":"Microsoft.Authorization/policyDefinitions","name":"a70ca396-0a34-413a-88e1-b956c1e683be"},{"properties":{"displayName":"Microsoft
+ Managed Control 1431 - Media Storage","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1431"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7173c52-2b99-4696-a576-63dd5f970ef4","type":"Microsoft.Authorization/policyDefinitions","name":"a7173c52-2b99-4696-a576-63dd5f970ef4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1644 - Cryptographic Key Establishment And Management | Availability","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1644"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7211477-c970-446b-b4af-062f37461147","type":"Microsoft.Authorization/policyDefinitions","name":"a7211477-c970-446b-b4af-062f37461147"},{"properties":{"displayName":"Microsoft
+ Managed Control 1027 - Access Enforcement","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1027"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c","type":"Microsoft.Authorization/policyDefinitions","name":"a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c"},{"properties":{"displayName":"DDoS
Protection Standard should be enabled","policyType":"BuiltIn","mode":"All","description":"DDoS
protection standard should be enabled for all virtual networks with a subnet
that is part of an application gateway with a public IP.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"microsoft.network/virtualNetworks"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableDDoSProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","type":"Microsoft.Authorization/policyDefinitions","name":"a7aca53f-2ed4-4466-a25e-0b45ade68efd"},{"properties":{"displayName":"Require
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"microsoft.network/virtualNetworks"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableDDoSProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","type":"Microsoft.Authorization/policyDefinitions","name":"a7aca53f-2ed4-4466-a25e-0b45ade68efd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1570 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1570"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7fcf38d-bb09-4600-be7d-825046eb162a","type":"Microsoft.Authorization/policyDefinitions","name":"a7fcf38d-bb09-4600-be7d-825046eb162a"},{"properties":{"displayName":"Require
encryption on Data Lake Store accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
policy ensures encryption is enabled on all Data Lake Store accounts","metadata":{"category":"Data
- Lake"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},{"field":"Microsoft.DataLakeStore/accounts/encryptionState","equals":"Disabled"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"a7ff3161-0087-490a-9ad9-ad6217f4f43a"},{"properties":{"displayName":"[Deprecated]
+ Lake"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},{"field":"Microsoft.DataLakeStore/accounts/encryptionState","equals":"Disabled"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"a7ff3161-0087-490a-9ad9-ad6217f4f43a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1295 - Information System Recovery And Reconstitution","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1295"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a895fbdb-204d-4302-9689-0a59dc42b3d9","type":"Microsoft.Authorization/policyDefinitions","name":"a895fbdb-204d-4302-9689-0a59dc42b3d9"},{"properties":{"displayName":"[Deprecated]
Monitor unencrypted SQL databases in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Unencrypted
SQL databases will be monitored by Azure Security Center as recommendations.
This policy is deprecated and replaced by the following policy: Transparent
Data Encryption on SQL databases should be enabled''","metadata":{"category":"Security
Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16","type":"Microsoft.Authorization/policyDefinitions","name":"a8bef009-a5c9-4d0f-90d7-6018734e8a16"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16","type":"Microsoft.Authorization/policyDefinitions","name":"a8bef009-a5c9-4d0f-90d7-6018734e8a16"},{"properties":{"displayName":"Microsoft
+ Managed Control 1283 - Telecommunications Services | Separation Of Primary
+ / Alternate Providers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1283"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9172e76-7f56-46e9-93bf-75d69bdb5491","type":"Microsoft.Authorization/policyDefinitions","name":"a9172e76-7f56-46e9-93bf-75d69bdb5491"},{"properties":{"displayName":"Microsoft
+ Managed Control 1400 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1400"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a96d5098-a604-4cdf-90b1-ef6449a27424","type":"Microsoft.Authorization/policyDefinitions","name":"a96d5098-a604-4cdf-90b1-ef6449a27424"},{"properties":{"displayName":"Microsoft
+ Managed Control 1118 - Audit Review, Analysis, And Reporting | Correlate Audit
+ Repositories","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1118"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a96f743d-a195-420d-983a-08aa06bc441e","type":"Microsoft.Authorization/policyDefinitions","name":"a96f743d-a195-420d-983a-08aa06bc441e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1199 - Configuration Change Control | Cryptography Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1199"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9a08d1c-09b1-48f1-90ea-029bbdf7111e","type":"Microsoft.Authorization/policyDefinitions","name":"a9a08d1c-09b1-48f1-90ea-029bbdf7111e"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Detailed Tracking''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -9114,38 +15297,100 @@ interactions:
policy creates a network watcher resource in regions with virtual networks.
You need to ensure existence of a resource group named networkWatcherRG, which
will be used to deploy network watcher instances.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/virtualNetworks"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Network/networkWatchers","resourceGroupName":"networkWatcherRG","existenceCondition":{"field":"location","equals":"[field(''location'')]"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json","contentVersion":"1.0.0.0","parameters":{"location":{"type":"string"}},"resources":[{"apiVersion":"2016-09-01","type":"Microsoft.Network/networkWatchers","name":"[concat(''networkWatcher_'',
- parameters(''location''))]","location":"[parameters(''location'')]"}]},"parameters":{"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9","type":"Microsoft.Authorization/policyDefinitions","name":"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9"},{"properties":{"displayName":"MFA
+ parameters(''location''))]","location":"[parameters(''location'')]"}]},"parameters":{"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9","type":"Microsoft.Authorization/policyDefinitions","name":"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1511 - Personnel Screening","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1511"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9eae324-d327-4539-9293-b48e122465f8","type":"Microsoft.Authorization/policyDefinitions","name":"a9eae324-d327-4539-9293-b48e122465f8"},{"properties":{"displayName":"MFA
should be enabled on accounts with owner permissions on your subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor
Authentication (MFA) should be enabled for all subscription accounts with
owner permissions to prevent a breach of accounts or resources.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","type":"Microsoft.Authorization/policyDefinitions","name":"aa633080-8b72-40c4-a2d7-d00c03e80bed"},{"properties":{"displayName":"Automatic
- provisioning of security monitoring agent","policyType":"BuiltIn","mode":"All","description":"Installs
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","type":"Microsoft.Authorization/policyDefinitions","name":"aa633080-8b72-40c4-a2d7-d00c03e80bed"},{"properties":{"displayName":"Ensure
+ that Register with Azure Active Directory is enabled on WEB App","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aa81768c-cb87-4ce2-bfaa-00baa10d760c","type":"Microsoft.Authorization/policyDefinitions","name":"aa81768c-cb87-4ce2-bfaa-00baa10d760c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1539 - Security Categorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1539"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aabb155f-e7a5-4896-a767-e918bfae2ee0","type":"Microsoft.Authorization/policyDefinitions","name":"aabb155f-e7a5-4896-a767-e918bfae2ee0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1006 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1006"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aae8d54c-4bce-4c04-b3aa-5b65b67caac8","type":"Microsoft.Authorization/policyDefinitions","name":"aae8d54c-4bce-4c04-b3aa-5b65b67caac8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1461 - Monitoring Physical Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1461"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aafef03e-fea8-470b-88fa-54bd1fcd7064","type":"Microsoft.Authorization/policyDefinitions","name":"aafef03e-fea8-470b-88fa-54bd1fcd7064"},{"properties":{"displayName":"Microsoft
+ Managed Control 1073 - Access Control For Mobile Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1073"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ab55cdb0-c7dd-4bd8-ae22-a7cea7594e9c","type":"Microsoft.Authorization/policyDefinitions","name":"ab55cdb0-c7dd-4bd8-ae22-a7cea7594e9c"},{"properties":{"displayName":"Ensure
+ that ''PHP version'' is the latest, if used as a part of the Function app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for PHP software either due to security flaws
+ or to include additional functionality. Using the latest PHP version for Function
+ apps is recommended in order to to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ PHP version","description":"Latest supported PHP version for App Services"},"defaultValue":"7.3"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PHP"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PHP|'',
+ parameters(''PHPLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":"[parameters(''PHPLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ab965db2-d2bf-4b64-8b39-c38ec8179461","type":"Microsoft.Authorization/policyDefinitions","name":"ab965db2-d2bf-4b64-8b39-c38ec8179461"},{"properties":{"displayName":"[Deprecated]:
+ Automatic provisioning of security monitoring agent","policyType":"BuiltIn","mode":"All","description":"Installs
security agent on VMs for advanced security alerts and preventions in Azure
Security Center. Applies only for subscriptions that use Azure Security Center.","metadata":{"category":"Security
- Center","deprecated":true},"parameters":{},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Security/complianceResults","name":"securityAgent","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24","type":"Microsoft.Authorization/policyDefinitions","name":"abcc6037-1fc4-47f6-aac5-89706589be24"},{"properties":{"displayName":"Advanced
+ Center","deprecated":true},"parameters":{},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Security/complianceResults","name":"securityAgent","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24","type":"Microsoft.Authorization/policyDefinitions","name":"abcc6037-1fc4-47f6-aac5-89706589be24"},{"properties":{"displayName":"Microsoft
+ Managed Control 1323 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1323"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abe8f70b-680f-470c-9b86-a7edfb664ecc","type":"Microsoft.Authorization/policyDefinitions","name":"abe8f70b-680f-470c-9b86-a7edfb664ecc"},{"properties":{"displayName":"Advanced
data security should be enabled on your SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"Audit
SQL servers without Advanced Data Security","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/state","equals":"Enabled"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","type":"Microsoft.Authorization/policyDefinitions","name":"abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9"},{"properties":{"displayName":"Advanced
data security should be enabled on your SQL managed instances","policyType":"BuiltIn","mode":"Indexed","description":"Audit
SQL managed instances without Advanced Data Security","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/state","equals":"Enabled"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","type":"Microsoft.Authorization/policyDefinitions","name":"abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/state","equals":"Enabled"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","type":"Microsoft.Authorization/policyDefinitions","name":"abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1056 - Session Termination | User-Initiated Logouts / Message
+ Displays","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1056"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac43352f-df83-4694-8738-cfce549fd08d","type":"Microsoft.Authorization/policyDefinitions","name":"ac43352f-df83-4694-8738-cfce549fd08d"},{"properties":{"displayName":"[Preview]:
Role-Based Access Control (RBAC) should be used on Kubernetes Services","policyType":"BuiltIn","mode":"All","description":"To
provide granular filtering on the actions that users can perform, use Role-Based
Access Control (RBAC) to manage permissions in Kubernetes Service Clusters
and configure relevant authorization policies.","metadata":{"category":"Security
Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/enableRBAC","exists":"false"},{"field":"Microsoft.ContainerService/managedClusters/enableRBAC","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","type":"Microsoft.Authorization/policyDefinitions","name":"ac4a19c2-fa67-49b4-8ae5-0b2e78c49457"},{"properties":{"displayName":"Allow
- resource creation if ''environment'' tag value in allowed values","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/enableRBAC","exists":"false"},{"field":"Microsoft.ContainerService/managedClusters/enableRBAC","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","type":"Microsoft.Authorization/policyDefinitions","name":"ac4a19c2-fa67-49b4-8ae5-0b2e78c49457"},{"properties":{"displayName":"[Deprecated]:
+ Allow resource creation if ''environment'' tag value in allowed values","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation if the ''environment'' tag is set to one of the following
- values: production, dev, test, staging","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags.environment","in":["production","dev","test","staging"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9","type":"Microsoft.Authorization/policyDefinitions","name":"ac7e5fc0-c029-4b12-91d4-a8500ce697f9"},{"properties":{"displayName":"Email
+ values: production, dev, test, staging","metadata":{"category":"Tags","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags[''environment'']","in":["production","dev","test","staging"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9","type":"Microsoft.Authorization/policyDefinitions","name":"ac7e5fc0-c029-4b12-91d4-a8500ce697f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1569 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1569"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ad2f8e61-a564-4dfd-8eaa-816f5be8cb34","type":"Microsoft.Authorization/policyDefinitions","name":"ad2f8e61-a564-4dfd-8eaa-816f5be8cb34"},{"properties":{"displayName":"Microsoft
+ Managed Control 1454 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1454"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ad58985d-ab32-4f99-8bd3-b7e134c90229","type":"Microsoft.Authorization/policyDefinitions","name":"ad58985d-ab32-4f99-8bd3-b7e134c90229"},{"properties":{"displayName":"Microsoft
+ Managed Control 1025 - Account Management | Account Monitoring / Atypical
+ Usage","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1025"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/adfe020d-0a97-45f4-a39c-696ef99f3a95","type":"Microsoft.Authorization/policyDefinitions","name":"adfe020d-0a97-45f4-a39c-696ef99f3a95"},{"properties":{"displayName":"Microsoft
+ Managed Control 1272 - Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1272"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8","type":"Microsoft.Authorization/policyDefinitions","name":"ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8"},{"properties":{"displayName":"SQL
+ Server should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any SQL Server not configured to use a virtual network service
+ endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/virtualNetworkRules","existenceCondition":{"field":"Microsoft.Sql/servers/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ae5d2f14-d830-42b6-9899-df6cfe9c71a3","type":"Microsoft.Authorization/policyDefinitions","name":"ae5d2f14-d830-42b6-9899-df6cfe9c71a3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1598 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1598"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ae7e1f5e-2d63-4b38-91ef-bce14151cce3","type":"Microsoft.Authorization/policyDefinitions","name":"ae7e1f5e-2d63-4b38-91ef-bce14151cce3"},{"properties":{"displayName":"Email
notifications to admins and subscription owners should be enabled in SQL managed
instance advanced data security settings","policyType":"BuiltIn","mode":"Indexed","description":"Audit
that ''email notification to admins and subscription owners'' is enabled in
the SQL managed instance advanced threat protection settings. This ensures
that any detections of anomalous activities on SQL managed instance are reported
as soon as possible to the admins.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","type":"Microsoft.Authorization/policyDefinitions","name":"aeb23562-188d-47cb-80b8-551f16ef9fff"},{"properties":{"displayName":"Monitor
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","type":"Microsoft.Authorization/policyDefinitions","name":"aeb23562-188d-47cb-80b8-551f16ef9fff"},{"properties":{"displayName":"Microsoft
+ Managed Control 1413 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1413"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aeedddb6-6bc0-42d5-809b-80048033419d","type":"Microsoft.Authorization/policyDefinitions","name":"aeedddb6-6bc0-42d5-809b-80048033419d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1710 - Security Function Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1710"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/af2a93c8-e6dd-4c94-acdd-4a2eedfc478e","type":"Microsoft.Authorization/policyDefinitions","name":"af2a93c8-e6dd-4c94-acdd-4a2eedfc478e"},{"properties":{"displayName":"Monitor
missing Endpoint Protection in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Servers
without an installed Endpoint Protection agent will be monitored by Azure
Security Center as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -9155,22 +15400,50 @@ interactions:
Security Center as recommendations. This policy is deprecated and replaced
by the following policy: ''Auditing should be enabled on advanced data security
settings on SQL Server''","metadata":{"category":"Security Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"auditing","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d","type":"Microsoft.Authorization/policyDefinitions","name":"af8051bf-258b-44e2-a2bf-165330459f9d"},{"properties":{"displayName":"Activity
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"auditing","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d","type":"Microsoft.Authorization/policyDefinitions","name":"af8051bf-258b-44e2-a2bf-165330459f9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1645 - Cryptographic Key Establishment And Management | Symmetric
+ Keys","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1645"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/afbd0baf-ff1a-4447-a86f-088a97347c0c","type":"Microsoft.Authorization/policyDefinitions","name":"afbd0baf-ff1a-4447-a86f-088a97347c0c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1725 - Error Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1725"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/afc234b5-456b-4aa5-b3e2-ce89108124cc","type":"Microsoft.Authorization/policyDefinitions","name":"afc234b5-456b-4aa5-b3e2-ce89108124cc"},{"properties":{"displayName":"Activity
log should be retained for at least one year","policyType":"BuiltIn","mode":"All","description":"This
policy audits the activity log if the retention is not set for 365 days or
forever (retention days set to 0).","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"true"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"365"}]},{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"false"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"0"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","type":"Microsoft.Authorization/policyDefinitions","name":"b02aacc0-b073-424e-8298-42b22829ee0a"},{"properties":{"displayName":"Just-In-Time
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"true"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"365"}]},{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"false"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"0"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","type":"Microsoft.Authorization/policyDefinitions","name":"b02aacc0-b073-424e-8298-42b22829ee0a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1429 - Media Marking","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1429"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b07c9b24-729e-4e85-95fc-f224d2d08a80","type":"Microsoft.Authorization/policyDefinitions","name":"b07c9b24-729e-4e85-95fc-f224d2d08a80"},{"properties":{"displayName":"Microsoft
+ Managed Control 1711 - Security Function Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1711"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b083a535-a66a-41ec-ba7f-f9498bf67cde","type":"Microsoft.Authorization/policyDefinitions","name":"b083a535-a66a-41ec-ba7f-f9498bf67cde"},{"properties":{"displayName":"Just-In-Time
network access control should be applied on virtual machines","policyType":"BuiltIn","mode":"All","description":"Possible
network Just In Time (JIT) access will be monitored by Azure Security Center
as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"jitNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","type":"Microsoft.Authorization/policyDefinitions","name":"b0f33259-77d7-4c9e-aac6-3aabcfae693c"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"jitNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","type":"Microsoft.Authorization/policyDefinitions","name":"b0f33259-77d7-4c9e-aac6-3aabcfae693c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1571 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1571"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b11c985b-f2cd-4bd7-85f4-b52426edf905","type":"Microsoft.Authorization/policyDefinitions","name":"b11c985b-f2cd-4bd7-85f4-b52426edf905"},{"properties":{"displayName":"[Preview]:
Show audit results from Linux VMs that do not have the passwd file permissions
set to 0644","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Linux
virtual machines that do not have the passwd file permissions set to 0644.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","type":"Microsoft.Authorization/policyDefinitions","name":"b18175dd-c599-4c64-83ba-bb018a06d35b"},{"properties":{"displayName":"All
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","type":"Microsoft.Authorization/policyDefinitions","name":"b18175dd-c599-4c64-83ba-bb018a06d35b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1537 - Risk Assessment Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1537"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b19454ca-0d70-42c0-acf5-ea1c1e5726d1","type":"Microsoft.Authorization/policyDefinitions","name":"b19454ca-0d70-42c0-acf5-ea1c1e5726d1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1091 - Security Awareness Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1091"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b23bd715-5d1c-4e5c-9759-9cbdf79ded9d","type":"Microsoft.Authorization/policyDefinitions","name":"b23bd715-5d1c-4e5c-9759-9cbdf79ded9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1078 - Use Of External Information Systems | Limits On Authorized
+ Use","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1078"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b25faf85-8a16-4f28-8e15-d05c0072d64d","type":"Microsoft.Authorization/policyDefinitions","name":"b25faf85-8a16-4f28-8e15-d05c0072d64d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1009 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1009"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b26f8610-e615-47c2-abd6-c00b2b0b503a","type":"Microsoft.Authorization/policyDefinitions","name":"b26f8610-e615-47c2-abd6-c00b2b0b503a"},{"properties":{"displayName":"All
authorization rules except RootManageSharedAccessKey should be removed from
Event Hub namespace","policyType":"BuiltIn","mode":"All","description":"Event
Hub clients should not use a namespace level access policy that provides access
@@ -9178,7 +15451,13 @@ interactions:
security model, you shoud create access policies at the entity level for queues
and topics to provide access to only the specific entity","metadata":{"category":"Event
Hub"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.EventHub/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","type":"Microsoft.Authorization/policyDefinitions","name":"b278e460-7cfc-4451-8294-cccc40a940d7"},{"properties":{"displayName":"Deploy
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.EventHub/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","type":"Microsoft.Authorization/policyDefinitions","name":"b278e460-7cfc-4451-8294-cccc40a940d7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1234 - Software Usage Restrictions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1234"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b293f881-361c-47ed-b997-bc4e2296bc0b","type":"Microsoft.Authorization/policyDefinitions","name":"b293f881-361c-47ed-b997-bc4e2296bc0b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1107 - Content Of Audit Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1107"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b29ed931-8e21-4779-8458-27916122a904","type":"Microsoft.Authorization/policyDefinitions","name":"b29ed931-8e21-4779-8458-27916122a904"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows web servers that are not using secure communication
protocols","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Windows web servers that
@@ -9190,13 +15469,13 @@ interactions:
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"MinimumTLSVersion":{"type":"String","metadata":{"displayName":"Minimum
TLS version","description":"The minimum TLS protocol version that should be
enabled. Windows web servers with lower TLS versions will be marked as non-compliant."},"allowedValues":["1.1","1.2"],"defaultValue":"1.1"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AuditSecureProtocol","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"anyOf":[{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[SecureWebServer]s1;MinimumTLSVersion'',
- ''='', parameters(''MinimumTLSVersion'')))]"},{"allOf":[{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":""},{"value":"[parameters(''MinimumTLSVersion'')]","equals":"1.1"}]}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AuditSecureProtocol"},"MinimumTLSVersion":{"value":"[parameters(''MinimumTLSVersion'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"MinimumTLSVersion":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[SecureWebServer]s1;MinimumTLSVersion","value":"[parameters(''MinimumTLSVersion'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[SecureWebServer]s1;MinimumTLSVersion","value":"[parameters(''MinimumTLSVersion'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''='', parameters(''MinimumTLSVersion'')))]"},{"allOf":[{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":""},{"value":"[parameters(''MinimumTLSVersion'')]","equals":"1.1"}]}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AuditSecureProtocol"},"MinimumTLSVersion":{"value":"[parameters(''MinimumTLSVersion'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"MinimumTLSVersion":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[SecureWebServer]s1;MinimumTLSVersion","value":"[parameters(''MinimumTLSVersion'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[SecureWebServer]s1;MinimumTLSVersion","value":"[parameters(''MinimumTLSVersion'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","type":"Microsoft.Authorization/policyDefinitions","name":"b2fc8f91-866d-4434-9089-5ebfe38d6fd8"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Logon-Logoff''","policyType":"BuiltIn","mode":"All","description":"This
@@ -9205,14 +15484,29 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''System Audit Policies - Logon-Logoff''. For more information on
Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesLogonLogoff","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b3802d79-dd88-4bce-b81d-780218e48280","type":"Microsoft.Authorization/policyDefinitions","name":"b3802d79-dd88-4bce-b81d-780218e48280"},{"properties":{"displayName":"Diagnostic
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesLogonLogoff","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b3802d79-dd88-4bce-b81d-780218e48280","type":"Microsoft.Authorization/policyDefinitions","name":"b3802d79-dd88-4bce-b81d-780218e48280"},{"properties":{"displayName":"Microsoft
+ Managed Control 1041 - Least Privilege | Privilege Levels For Code Execution","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1041"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b3d8d15b-627a-4219-8c96-4d16f788888b","type":"Microsoft.Authorization/policyDefinitions","name":"b3d8d15b-627a-4219-8c96-4d16f788888b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1380 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1380"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4319b7e-ea8d-42ff-8a67-ccd462972827","type":"Microsoft.Authorization/policyDefinitions","name":"b4319b7e-ea8d-42ff-8a67-ccd462972827"},{"properties":{"displayName":"Diagnostic
logs in Search services should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Search"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","type":"Microsoft.Authorization/policyDefinitions","name":"b4330a05-a843-4bc8-bf9a-cacce50c67f4"},{"properties":{"displayName":"[Deprecated]:
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","type":"Microsoft.Authorization/policyDefinitions","name":"b4330a05-a843-4bc8-bf9a-cacce50c67f4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1172 - Internal System Connections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1172"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b43e946e-a4c8-4b92-8201-4a39331db43c","type":"Microsoft.Authorization/policyDefinitions","name":"b43e946e-a4c8-4b92-8201-4a39331db43c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1672 - Flaw Remediation | Central Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1672"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b45fe972-904e-45a4-ac20-673ba027a301","type":"Microsoft.Authorization/policyDefinitions","name":"b45fe972-904e-45a4-ac20-673ba027a301"},{"properties":{"displayName":"Microsoft
+ Managed Control 1131 - Protection Of Audit Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1131"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b472a17e-c2bc-493f-b50b-42d55a346962","type":"Microsoft.Authorization/policyDefinitions","name":"b472a17e-c2bc-493f-b50b-42d55a346962"},{"properties":{"displayName":"[Deprecated]:
Audit Web Sockets state for an API App","policyType":"BuiltIn","mode":"All","description":"The
Web Sockets protocol is vulnerable to different types of security threats.
Use of Web Sockets within an API app must be carefully reviewed.","metadata":{"category":"Security
@@ -9221,7 +15515,10 @@ interactions:
security contact phone number should be provided for your subscription","policyType":"BuiltIn","mode":"All","description":"Enter
a phone number to receive notifications when Azure Security Center detects
compromised resources","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/phone","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","type":"Microsoft.Authorization/policyDefinitions","name":"b4d66858-c922-44e3-9566-5cdb7a7be744"},{"properties":{"displayName":"Service
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/phone","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","type":"Microsoft.Authorization/policyDefinitions","name":"b4d66858-c922-44e3-9566-5cdb7a7be744"},{"properties":{"displayName":"Microsoft
+ Managed Control 1286 - Telecommunications Services | Provider Contingency
+ Plan","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1286"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4f9b47a-2116-4e6f-88db-4edbf22753f1","type":"Microsoft.Authorization/policyDefinitions","name":"b4f9b47a-2116-4e6f-88db-4edbf22753f1"},{"properties":{"displayName":"Service
Fabric clusters should only use Azure Active Directory for client authentication","policyType":"BuiltIn","mode":"Indexed","description":"Audit
usage of client authentication only via Azure Active Directory in Service
Fabric","metadata":{"category":"Service Fabric"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -9229,20 +15526,34 @@ interactions:
Advanced Threat Protection for Cosmos DB Accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
policy enables Advanced Threat Protection across Cosmos DB accounts.","metadata":{"category":"Cosmos
DB"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"cosmosDbAccountName":{"type":"string"}},"resources":[{"apiVersion":"2017-08-01-preview","type":"Microsoft.DocumentDB/databaseAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''cosmosDbAccountName''),
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"cosmosDbAccountName":{"type":"string"}},"resources":[{"apiVersion":"2019-01-01","type":"Microsoft.DocumentDB/databaseAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''cosmosDbAccountName''),
''/Microsoft.Security/current'')]","properties":{"isEnabled":true}}]},"parameters":{"cosmosDbAccountName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656","type":"Microsoft.Authorization/policyDefinitions","name":"b5f04e03-92a3-4b09-9410-2cc5e5047656"},{"properties":{"displayName":"Diagnostic
logs in App Services should be enabled","policyType":"BuiltIn","mode":"All","description":"Audit
enabling of diagnostic logs on the app. This enables you to recreate activity
trails for investigation purposes if a security incident occurs or your network
is compromised","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","notContains":"functionapp"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"allOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","type":"Microsoft.Authorization/policyDefinitions","name":"b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0"},{"properties":{"displayName":"Network
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","notContains":"functionapp"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"allOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","type":"Microsoft.Authorization/policyDefinitions","name":"b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1419 - Nonlocal Maintenance | Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1419"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6747bf9-2b97-45b8-b162-3c8becb9937d","type":"Microsoft.Authorization/policyDefinitions","name":"b6747bf9-2b97-45b8-b162-3c8becb9937d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1301 - Identification And Authentication (Org. Users) | Network
+ Access To Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1301"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08","type":"Microsoft.Authorization/policyDefinitions","name":"b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08"},{"properties":{"displayName":"Microsoft
+ Managed Control 1568 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1568"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6a8eae8-9854-495a-ac82-d2cd3eac02a6","type":"Microsoft.Authorization/policyDefinitions","name":"b6a8eae8-9854-495a-ac82-d2cd3eac02a6"},{"properties":{"displayName":"Network
Watcher should be enabled","policyType":"BuiltIn","mode":"All","description":"Network
Watcher is a regional service that enables you to monitor and diagnose conditions
at a network scenario level in, to, and from Azure. Scenario level monitoring
enables you to diagnose problems at an end to end network level view. Network
diagnostic and visualization tools available with Network Watcher help you
understand, diagnose, and gain insights to your network in Azure.","metadata":{"category":"Network"},"parameters":{"listOfLocations":{"type":"Array","metadata":{"displayName":"Locations","description":"Audit
- if Network Watcher is not enabled for region(s).","strongType":"location"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Network/networkWatchers","resourceGroupName":"NetworkWatcherRG","existenceCondition":{"field":"location","in":"[parameters(''listOfLocations'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","type":"Microsoft.Authorization/policyDefinitions","name":"b6e2945c-0b7b-40f5-9233-7a5323b5cdc6"},{"properties":{"displayName":"API
+ if Network Watcher is not enabled for region(s).","strongType":"location"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Network/networkWatchers","resourceGroupName":"NetworkWatcherRG","existenceCondition":{"field":"location","in":"[parameters(''listOfLocations'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","type":"Microsoft.Authorization/policyDefinitions","name":"b6e2945c-0b7b-40f5-9233-7a5323b5cdc6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1608 - Supply Chain Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1608"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b73b7b3b-677c-4a2a-b949-ad4dc4acd89f","type":"Microsoft.Authorization/policyDefinitions","name":"b73b7b3b-677c-4a2a-b949-ad4dc4acd89f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1401 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1401"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b78ee928-e3c1-4569-ad97-9f8c4b629847","type":"Microsoft.Authorization/policyDefinitions","name":"b78ee928-e3c1-4569-ad97-9f8c4b629847"},{"properties":{"displayName":"API
App should only be accessible over HTTPS","policyType":"BuiltIn","mode":"Indexed","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -9258,13 +15569,13 @@ interactions:
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"Members":{"type":"String","metadata":{"displayName":"Members","description":"A
semicolon-separated list of all the expected members of the Administrators
local group. Ex: Administrator; myUser1; myUser2"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AdministratorsGroupMembers","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[LocalGroup]AdministratorsGroup;Members'',
- ''='', parameters(''Members'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AdministratorsGroupMembers"},"Members":{"value":"[parameters(''Members'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"Members":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;Members","value":"[parameters(''Members'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;Members","value":"[parameters(''Members'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''='', parameters(''Members'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AdministratorsGroupMembers"},"Members":{"value":"[parameters(''Members'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"Members":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;Members","value":"[parameters(''Members'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;Members","value":"[parameters(''Members'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b821191b-3a12-44bc-9c38-212138a29ff3","type":"Microsoft.Authorization/policyDefinitions","name":"b821191b-3a12-44bc-9c38-212138a29ff3"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Accounts''","policyType":"BuiltIn","mode":"All","description":"This policy
@@ -9272,7 +15583,37 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Security
Options - Accounts''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAccounts","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b872a447-cc6f-43b9-bccf-45703cd81607","type":"Microsoft.Authorization/policyDefinitions","name":"b872a447-cc6f-43b9-bccf-45703cd81607"},{"properties":{"displayName":"[Preview]:
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAccounts","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b872a447-cc6f-43b9-bccf-45703cd81607","type":"Microsoft.Authorization/policyDefinitions","name":"b872a447-cc6f-43b9-bccf-45703cd81607"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Logic Apps to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Logic Apps to stream to a regional Log Analytics
+ workspace when any Logic Apps which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Logic/workflows/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"WorkflowRuntime","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721","type":"Microsoft.Authorization/policyDefinitions","name":"b889a06c-ec72-4b03-910a-cb169ee18721"},{"properties":{"displayName":"Microsoft
+ Managed Control 1257 - Contingency Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1257"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b958b241-4245-4bd6-bd2d-b8f0779fb543","type":"Microsoft.Authorization/policyDefinitions","name":"b958b241-4245-4bd6-bd2d-b8f0779fb543"},{"properties":{"displayName":"Microsoft
+ Managed Control 1186 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1186"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b95ba3bd-4ded-49ea-9d10-c6f4b680813d","type":"Microsoft.Authorization/policyDefinitions","name":"b95ba3bd-4ded-49ea-9d10-c6f4b680813d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1447 - Physical Access Authorizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1447"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b9783a99-98fe-4a95-873f-29613309fe9a","type":"Microsoft.Authorization/policyDefinitions","name":"b9783a99-98fe-4a95-873f-29613309fe9a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1625 - Boundary Protection | Access Points","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1625"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b9b66a4d-70a1-4b47-8fa1-289cec68c605","type":"Microsoft.Authorization/policyDefinitions","name":"b9b66a4d-70a1-4b47-8fa1-289cec68c605"},{"properties":{"displayName":"Microsoft
+ Managed Control 1610 - Development Process, Standards, And Tools","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1610"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b9f3fb54-4222-46a1-a308-4874061f8491","type":"Microsoft.Authorization/policyDefinitions","name":"b9f3fb54-4222-46a1-a308-4874061f8491"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Recovery console''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -9280,7 +15621,23 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - Recovery console''. For more information on
Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsRecoveryconsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b","type":"Microsoft.Authorization/policyDefinitions","name":"ba12366f-f9a6-42b8-9d98-157d0b1a837b"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsRecoveryconsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b","type":"Microsoft.Authorization/policyDefinitions","name":"ba12366f-f9a6-42b8-9d98-157d0b1a837b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1606 - Developer Security Testing And Evaluation | Threat
+ And Vulnerability Analyses","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1606"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca","type":"Microsoft.Authorization/policyDefinitions","name":"baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1726 - Information Handling And Retention","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1726"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/baff1279-05e0-4463-9a70-8ba5de4c7aa4","type":"Microsoft.Authorization/policyDefinitions","name":"baff1279-05e0-4463-9a70-8ba5de4c7aa4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1166 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1166"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bb02733d-3cc5-4bb0-a6cd-695ba2c2272e","type":"Microsoft.Authorization/policyDefinitions","name":"bb02733d-3cc5-4bb0-a6cd-695ba2c2272e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1188 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1188"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bb20548a-c926-4e4d-855c-bcddc6faf95e","type":"Microsoft.Authorization/policyDefinitions","name":"bb20548a-c926-4e4d-855c-bcddc6faf95e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1533 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1533"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bba2a036-fb3b-4261-b1be-a13dfb5fbcaa","type":"Microsoft.Authorization/policyDefinitions","name":"bba2a036-fb3b-4261-b1be-a13dfb5fbcaa"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Microsoft Network Client''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -9329,7 +15686,14 @@ interactions:
the latest supported Python version for the latest security classes. Using
older classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPython","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644","type":"Microsoft.Authorization/policyDefinitions","name":"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPython","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644","type":"Microsoft.Authorization/policyDefinitions","name":"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644"},{"properties":{"displayName":"Microsoft
+ Managed Control 1194 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1194"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc34667f-397e-4a65-9b72-d0358f0b6b09","type":"Microsoft.Authorization/policyDefinitions","name":"bc34667f-397e-4a65-9b72-d0358f0b6b09"},{"properties":{"displayName":"Microsoft
+ Managed Control 1095 - Role-Based Security Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1095"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc3f6f7a-057b-433e-9834-e8c97b0194f6","type":"Microsoft.Authorization/policyDefinitions","name":"bc3f6f7a-057b-433e-9834-e8c97b0194f6"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Account Logon''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -9337,7 +15701,16 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''System Audit Policies - Account Logon''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesAccountLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc87d811-4a9b-47cc-ae54-0a41abda7768","type":"Microsoft.Authorization/policyDefinitions","name":"bc87d811-4a9b-47cc-ae54-0a41abda7768"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesAccountLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc87d811-4a9b-47cc-ae54-0a41abda7768","type":"Microsoft.Authorization/policyDefinitions","name":"bc87d811-4a9b-47cc-ae54-0a41abda7768"},{"properties":{"displayName":"Microsoft
+ Managed Control 1427 - Media Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1427"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc90e44f-d83f-4bdf-900f-3d5eb4111b31","type":"Microsoft.Authorization/policyDefinitions","name":"bc90e44f-d83f-4bdf-900f-3d5eb4111b31"},{"properties":{"displayName":"Microsoft
+ Managed Control 1351 - Incident Response Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1351"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bcfb6683-05e5-4ce6-9723-c3fbe9896bdd","type":"Microsoft.Authorization/policyDefinitions","name":"bcfb6683-05e5-4ce6-9723-c3fbe9896bdd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1050 - Concurrent Session Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1050"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bd20184c-b4ec-4ce5-8db6-6e86352d183f","type":"Microsoft.Authorization/policyDefinitions","name":"bd20184c-b4ec-4ce5-8db6-6e86352d183f"},{"properties":{"displayName":"[Preview]:
IP Forwarding on your virtual machine should be disabled","policyType":"BuiltIn","mode":"All","description":"Enabling
IP forwarding on a virtual machine''s NIC allows the machine to receive traffic
addressed to other destinations. IP forwarding is rarely required (e.g., when
@@ -9362,7 +15735,38 @@ interactions:
the latest supported Java version for the latest security classes. Using older
classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6","type":"Microsoft.Authorization/policyDefinitions","name":"be0a7681-bed4-48dc-9ff3-f0171ee170b6"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6","type":"Microsoft.Authorization/policyDefinitions","name":"be0a7681-bed4-48dc-9ff3-f0171ee170b6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1360 - Incident Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1360"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/be5b05e7-0b82-4ebc-9eda-25e447b1a41e","type":"Microsoft.Authorization/policyDefinitions","name":"be5b05e7-0b82-4ebc-9eda-25e447b1a41e"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Key Vault to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Key Vault to stream to a regional Log Analytics
+ workspace when any Key Vault which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.KeyVault/vaults/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"AuditEvent","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47","type":"Microsoft.Authorization/policyDefinitions","name":"bef3f64c-5290-43b7-85b0-9b254eef4c47"},{"properties":{"displayName":"Microsoft
+ Managed Control 1152 - System Interconnections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1152"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/beff0acf-7e67-40b2-b1ca-1a0e8205cf1b","type":"Microsoft.Authorization/policyDefinitions","name":"beff0acf-7e67-40b2-b1ca-1a0e8205cf1b"},{"properties":{"displayName":"Geo-redundant
+ storage should be enabled for Storage Accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Storage Account with geo-redundant storage not enabled.","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":["Standard_GRS","Standard_RAGRS","Standard_GZRS","Standard_RAGZRS"]}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bf045164-79ba-4215-8f95-f8048dc1780b","type":"Microsoft.Authorization/policyDefinitions","name":"bf045164-79ba-4215-8f95-f8048dc1780b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1590 - External Information System Services | Risk Assessments
+ / Organizational Approvals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1590"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bf296b8c-f391-4ea4-9198-be3c9d39dd1f","type":"Microsoft.Authorization/policyDefinitions","name":"bf296b8c-f391-4ea4-9198-be3c9d39dd1f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1446 - Physical And Environmental Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1446"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bf6850fe-abba-468e-9ef4-d09ec7d983cd","type":"Microsoft.Authorization/policyDefinitions","name":"bf6850fe-abba-468e-9ef4-d09ec7d983cd"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - Logon-Logoff''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -9383,8 +15787,42 @@ interactions:
policy governs the virtual machine extensions that are not approved.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"approvedExtensions":{"type":"Array","metadata":{"description":"The
list of approved extension types that can be installed. Example: AzureDiskEncryption","displayName":"Approved
- extensions"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines/extensions"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","notIn":"[parameters(''approvedExtensions'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432","type":"Microsoft.Authorization/policyDefinitions","name":"c0e996f8-39cf-4af9-9f45-83fbde810432"},{"properties":{"displayName":"Allow
- resource creation only in Asia data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ extensions"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines/extensions"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","notIn":"[parameters(''approvedExtensions'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432","type":"Microsoft.Authorization/policyDefinitions","name":"c0e996f8-39cf-4af9-9f45-83fbde810432"},{"properties":{"displayName":"Microsoft
+ Managed Control 1124 - Audit Reduction And Report Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1124"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c10152dd-78f8-4335-ae2d-ad92cc028da4","type":"Microsoft.Authorization/policyDefinitions","name":"c10152dd-78f8-4335-ae2d-ad92cc028da4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1676 - Malicious Code Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1676"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c10fb58b-56a8-489e-9ce3-7ffe24e78e4b","type":"Microsoft.Authorization/policyDefinitions","name":"c10fb58b-56a8-489e-9ce3-7ffe24e78e4b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1719 - Spam Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1719"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c13da9b4-fe14-4fe2-853a-5997c9d4215a","type":"Microsoft.Authorization/policyDefinitions","name":"c13da9b4-fe14-4fe2-853a-5997c9d4215a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1226 - Information System Component Inventory | Automated
+ Unauthorized Component Detection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1226"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c158eb1c-ae7e-4081-8057-d527140c4e0c","type":"Microsoft.Authorization/policyDefinitions","name":"c158eb1c-ae7e-4081-8057-d527140c4e0c"},{"properties":{"displayName":"Deploy
+ associations for a custom provider","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ an association resource that associates selected resource types to the specified
+ custom provider. This policy deployment does not support nested resource types.","metadata":{"category":"Custom
+ Provider"},"parameters":{"targetCustomProviderId":{"type":"String","metadata":{"displayName":"Custom
+ provider Id","description":"Resource ID of the Custom provider to which resources
+ need to be associated."}},"resourceTypesToAssociate":{"type":"Array","metadata":{"displayName":"Resource
+ types to associate","description":"The list of resource types to be associated
+ to the custom provider.","strongType":"resourceTypes"}},"associationNamePrefix":{"type":"String","metadata":{"displayName":"Association
+ name prefix","description":"Prefix to be added to the name of the association
+ resource being created."},"defaultValue":"DeployedByPolicy"}},"policyRule":{"if":{"field":"type","in":"[parameters(''resourceTypesToAssociate'')]"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.CustomProviders/Associations","name":"[concat(parameters(''associationNamePrefix''),
+ ''-'', uniqueString(parameters(''targetCustomProviderId'')))]","roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"associatedResourceName":{"type":"string"},"resourceTypesToAssociate":{"type":"string"},"targetCustomProviderId":{"type":"string"},"associationNamePrefix":{"type":"string"}},"variables":{"resourceType":"[concat(parameters(''resourceTypesToAssociate''),
+ ''/providers/associations'')]","resourceName":"[concat(parameters(''associatedResourceName''),
+ ''/microsoft.customproviders/'', parameters(''associationNamePrefix''), ''-'',
+ uniqueString(parameters(''targetCustomProviderId'')))]"},"resources":[{"type":"Microsoft.Resources/deployments","apiVersion":"2017-05-10","name":"[concat(deployment().Name,
+ ''-2'')]","properties":{"mode":"Incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[{"type":"[variables(''resourceType'')]","name":"[variables(''resourceName'')]","apiVersion":"2018-09-01-preview","properties":{"targetResourceId":"[parameters(''targetCustomProviderId'')]"}}]}}}]},"parameters":{"resourceTypesToAssociate":{"value":"[field(''type'')]"},"associatedResourceName":{"value":"[field(''name'')]"},"targetCustomProviderId":{"value":"[parameters(''targetCustomProviderId'')]"},"associationNamePrefix":{"value":"[parameters(''associationNamePrefix'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c15c281f-ea5c-44cd-90b8-fc3c14d13f0c","type":"Microsoft.Authorization/policyDefinitions","name":"c15c281f-ea5c-44cd-90b8-fc3c14d13f0c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1629 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1629"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c171b095-7756-41de-8644-a062a96043f2","type":"Microsoft.Authorization/policyDefinitions","name":"c171b095-7756-41de-8644-a062a96043f2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1004 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1004"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c17822dc-736f-4eb4-a97d-e6be662ff835","type":"Microsoft.Authorization/policyDefinitions","name":"c17822dc-736f-4eb4-a97d-e6be662ff835"},{"properties":{"displayName":"[Deprecated]:
+ Allow resource creation only in Asia data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation in the following locations only: East Asia, Southeast Asia,
West India, South India, Central India, Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["eastasia","southeastasia","westindia","southindia","centralindia","japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94","type":"Microsoft.Authorization/policyDefinitions","name":"c1b9cbed-08e3-427d-b9ce-7c535b1e9b94"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
@@ -9405,7 +15843,9 @@ interactions:
Credential Validation;ExpectedValue'', ''='', parameters(''AuditCredentialValidation'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesAccountLogon"},"AuditCredentialValidation":{"value":"[parameters(''AuditCredentialValidation'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AuditCredentialValidation":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit
Credential Validation;ExpectedValue","value":"[parameters(''AuditCredentialValidation'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1e289c0-ffad-475d-a924-adc058765d65","type":"Microsoft.Authorization/policyDefinitions","name":"c1e289c0-ffad-475d-a924-adc058765d65"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1e289c0-ffad-475d-a924-adc058765d65","type":"Microsoft.Authorization/policyDefinitions","name":"c1e289c0-ffad-475d-a924-adc058765d65"},{"properties":{"displayName":"Microsoft
+ Managed Control 1503 - Information Security Architecture","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1503"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1fa9c2f-d439-4ab9-8b83-81fb1934f81d","type":"Microsoft.Authorization/policyDefinitions","name":"c1fa9c2f-d439-4ab9-8b83-81fb1934f81d"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that are not set to the specified time
zone","policyType":"BuiltIn","mode":"Indexed","description":"This policy creates
a Guest Configuration assignment to audit Windows virtual machines that are
@@ -9466,13 +15906,13 @@ interactions:
Fiji","(UTC+12:00) Petropavlovsk-Kamchatsky - Old","(UTC+12:45) Chatham Islands","(UTC+13:00)
Coordinated Universal Time+13","(UTC+13:00) Nuku''alofa","(UTC+13:00) Samoa","(UTC+14:00)
Kiritimati Island"]}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsTimeZone","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[WindowsTimeZone]WindowsTimeZone1;TimeZone'',
- ''='', parameters(''TimeZone'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsTimeZone"},"TimeZone":{"value":"[parameters(''TimeZone'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"TimeZone":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''='', parameters(''TimeZone'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsTimeZone"},"TimeZone":{"value":"[parameters(''TimeZone'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"TimeZone":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c21f7060-c148-41cf-a68b-0ab3e14c764c","type":"Microsoft.Authorization/policyDefinitions","name":"c21f7060-c148-41cf-a68b-0ab3e14c764c"},{"properties":{"displayName":"Show
audit results from Windows VMs on which the specified services are not installed
and ''Running''","policyType":"BuiltIn","mode":"All","description":"This policy
@@ -9480,7 +15920,24 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines on which the specified services are not installed and ''Running''.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsServiceStatus","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a","type":"Microsoft.Authorization/policyDefinitions","name":"c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a"},{"properties":{"displayName":"System
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsServiceStatus","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a","type":"Microsoft.Authorization/policyDefinitions","name":"c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a"},{"properties":{"displayName":"Ensure
+ that ''.Net Framework'' version is the latest, if used as a part of the API
+ app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for .Net Framework software either due to security
+ flaws or to include additional functionality. Using the latest .Net framework
+ version for web apps is recommended in order to to take advantage of security
+ fixes, if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.netFrameworkVersion","in":["v3.0","v4.0"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c2e7ca55-f62c-49b2-89a4-d41eb661d2f0","type":"Microsoft.Authorization/policyDefinitions","name":"c2e7ca55-f62c-49b2-89a4-d41eb661d2f0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1176 - Baseline Configuration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1176"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c30690a5-7bf3-467f-b0cd-ef5c7c7449cd","type":"Microsoft.Authorization/policyDefinitions","name":"c30690a5-7bf3-467f-b0cd-ef5c7c7449cd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1389 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1389"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c39e6fda-ae70-4891-a739-be7bba6d1062","type":"Microsoft.Authorization/policyDefinitions","name":"c39e6fda-ae70-4891-a739-be7bba6d1062"},{"properties":{"displayName":"Microsoft
+ Managed Control 1390 - Information Spillage Response | Responsible Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1390"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c3b65b63-09ec-4cb5-8028-7dd324d10eb0","type":"Microsoft.Authorization/policyDefinitions","name":"c3b65b63-09ec-4cb5-8028-7dd324d10eb0"},{"properties":{"displayName":"System
updates on virtual machine scale sets should be installed","policyType":"BuiltIn","mode":"Indexed","description":"Audit
whether there are any missing system security updates and critical updates
that should be installed to ensure that your Windows and Linux virtual machine
@@ -9492,11 +15949,37 @@ interactions:
auditing Linux virtual machines that have accounts without passwords. For
more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid232","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","type":"Microsoft.Authorization/policyDefinitions","name":"c40c9087-1981-4e73-9f53-39743eda9d05"},{"properties":{"displayName":"Microsoft
+ Managed Control 1220 - Least Functionality | Authorized Software / Whitelisting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1220"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c40f31a7-81e1-4130-99e5-a02ceea2a1d6","type":"Microsoft.Authorization/policyDefinitions","name":"c40f31a7-81e1-4130-99e5-a02ceea2a1d6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1513 - Personnel Screening | Information With Special Protection
+ Measures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1513"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c416970d-b12b-49eb-8af4-fb144cd7c290","type":"Microsoft.Authorization/policyDefinitions","name":"c416970d-b12b-49eb-8af4-fb144cd7c290"},{"properties":{"displayName":"Microsoft
Antimalware for Azure should be configured to automatically update protection
signatures","policyType":"BuiltIn","mode":"Indexed","description":"This policy
audits any Windows virtual machine not configured with automatic update of
Microsoft Antimalware protection signatures.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType","equals":"Windows"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"},{"field":"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c43e4a30-77cb-48ab-a4dd-93f175c63b57","type":"Microsoft.Authorization/policyDefinitions","name":"c43e4a30-77cb-48ab-a4dd-93f175c63b57"},{"properties":{"displayName":"[Preview]:
+ Container Registry should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Container Registry not configured to use a virtual network
+ service endpoint.","metadata":{"category":"Network","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerRegistry/registries"},{"anyOf":[{"field":"Microsoft.ContainerRegistry/registries/networkRuleSet.defaultAction","notEquals":"Deny"},{"field":"Microsoft.ContainerRegistry/registries/networkRuleSet.virtualNetworkRules[*].action","exists":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c4857be7-912a-4c75-87e6-e30292bcdf78","type":"Microsoft.Authorization/policyDefinitions","name":"c4857be7-912a-4c75-87e6-e30292bcdf78"},{"properties":{"displayName":"Microsoft
+ Managed Control 1235 - Software Usage Restrictions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1235"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c49c610b-ece4-44b3-988c-2172b70d6e46","type":"Microsoft.Authorization/policyDefinitions","name":"c49c610b-ece4-44b3-988c-2172b70d6e46"},{"properties":{"displayName":"Microsoft
+ Managed Control 1173 - Internal System Connections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1173"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c4aff9e7-2e60-46fa-86be-506b79033fc5","type":"Microsoft.Authorization/policyDefinitions","name":"c4aff9e7-2e60-46fa-86be-506b79033fc5"},{"properties":{"displayName":"Managed
+ identity should be used in your API App","policyType":"BuiltIn","mode":"Indexed","description":"Use
+ a managed identity for enhanced authentication security","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","type":"Microsoft.Authorization/policyDefinitions","name":"c4d441f8-f9d9-4a9e-9cef-e82117cb3eef"},{"properties":{"displayName":"Microsoft
+ Managed Control 1600 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1600"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c53f3123-d233-44a7-930b-f40d3bfeb7d6","type":"Microsoft.Authorization/policyDefinitions","name":"c53f3123-d233-44a7-930b-f40d3bfeb7d6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1408 - Maintenance Tools | Prevent Unauthorized Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1408"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c5f56ac6-4bb2-4086-bc41-ad76344ba2c2","type":"Microsoft.Authorization/policyDefinitions","name":"c5f56ac6-4bb2-4086-bc41-ad76344ba2c2"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that contain certificates expiring
within the specified number of days","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -9530,26 +16013,67 @@ interactions:
''='', parameters(''ExpirationLimitInDays''), '','', ''[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude'',
''='', parameters(''CertificateThumbprintsToInclude''), '','', ''[CertificateStore]CertificateStore1;CertificateThumbprintsToExclude'',
''='', parameters(''CertificateThumbprintsToExclude''), '','', ''[CertificateStore]CertificateStore1;IncludeExpiredCertificates'',
- ''='', parameters(''IncludeExpiredCertificates'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"CertificateExpiration"},"CertificateStorePath":{"value":"[parameters(''CertificateStorePath'')]"},"ExpirationLimitInDays":{"value":"[parameters(''ExpirationLimitInDays'')]"},"CertificateThumbprintsToInclude":{"value":"[parameters(''CertificateThumbprintsToInclude'')]"},"CertificateThumbprintsToExclude":{"value":"[parameters(''CertificateThumbprintsToExclude'')]"},"IncludeExpiredCertificates":{"value":"[parameters(''IncludeExpiredCertificates'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"CertificateStorePath":{"type":"string"},"ExpirationLimitInDays":{"type":"string"},"CertificateThumbprintsToInclude":{"type":"string"},"CertificateThumbprintsToExclude":{"type":"string"},"IncludeExpiredCertificates":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateStorePath","value":"[parameters(''CertificateStorePath'')]"},{"name":"[CertificateStore]CertificateStore1;ExpirationLimitInDays","value":"[parameters(''ExpirationLimitInDays'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprintsToInclude'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToExclude","value":"[parameters(''CertificateThumbprintsToExclude'')]"},{"name":"[CertificateStore]CertificateStore1;IncludeExpiredCertificates","value":"[parameters(''IncludeExpiredCertificates'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateStorePath","value":"[parameters(''CertificateStorePath'')]"},{"name":"[CertificateStore]CertificateStore1;ExpirationLimitInDays","value":"[parameters(''ExpirationLimitInDays'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprintsToInclude'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToExclude","value":"[parameters(''CertificateThumbprintsToExclude'')]"},{"name":"[CertificateStore]CertificateStore1;IncludeExpiredCertificates","value":"[parameters(''IncludeExpiredCertificates'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c5fbc59e-fb6f-494f-81e2-d99a671bdaa8","type":"Microsoft.Authorization/policyDefinitions","name":"c5fbc59e-fb6f-494f-81e2-d99a671bdaa8"},{"properties":{"displayName":"Email
+ ''='', parameters(''IncludeExpiredCertificates'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"CertificateExpiration"},"CertificateStorePath":{"value":"[parameters(''CertificateStorePath'')]"},"ExpirationLimitInDays":{"value":"[parameters(''ExpirationLimitInDays'')]"},"CertificateThumbprintsToInclude":{"value":"[parameters(''CertificateThumbprintsToInclude'')]"},"CertificateThumbprintsToExclude":{"value":"[parameters(''CertificateThumbprintsToExclude'')]"},"IncludeExpiredCertificates":{"value":"[parameters(''IncludeExpiredCertificates'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"CertificateStorePath":{"type":"string"},"ExpirationLimitInDays":{"type":"string"},"CertificateThumbprintsToInclude":{"type":"string"},"CertificateThumbprintsToExclude":{"type":"string"},"IncludeExpiredCertificates":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateStorePath","value":"[parameters(''CertificateStorePath'')]"},{"name":"[CertificateStore]CertificateStore1;ExpirationLimitInDays","value":"[parameters(''ExpirationLimitInDays'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprintsToInclude'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToExclude","value":"[parameters(''CertificateThumbprintsToExclude'')]"},{"name":"[CertificateStore]CertificateStore1;IncludeExpiredCertificates","value":"[parameters(''IncludeExpiredCertificates'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateStorePath","value":"[parameters(''CertificateStorePath'')]"},{"name":"[CertificateStore]CertificateStore1;ExpirationLimitInDays","value":"[parameters(''ExpirationLimitInDays'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprintsToInclude'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToExclude","value":"[parameters(''CertificateThumbprintsToExclude'')]"},{"name":"[CertificateStore]CertificateStore1;IncludeExpiredCertificates","value":"[parameters(''IncludeExpiredCertificates'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c5fbc59e-fb6f-494f-81e2-d99a671bdaa8","type":"Microsoft.Authorization/policyDefinitions","name":"c5fbc59e-fb6f-494f-81e2-d99a671bdaa8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1670 - Flaw Remediation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1670"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c6108469-57ee-4666-af7e-79ba61c7ae0c","type":"Microsoft.Authorization/policyDefinitions","name":"c6108469-57ee-4666-af7e-79ba61c7ae0c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1190 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1190"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c66a3d1e-465b-4f28-9da5-aef701b59892","type":"Microsoft.Authorization/policyDefinitions","name":"c66a3d1e-465b-4f28-9da5-aef701b59892"},{"properties":{"displayName":"Microsoft
+ Managed Control 1120 - Audit Review, Analysis, And Reporting | Integration
+ / Scanning And Monitoring Capabilities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1120"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c69b870e-857b-458b-af02-bb234f7a00d3","type":"Microsoft.Authorization/policyDefinitions","name":"c69b870e-857b-458b-af02-bb234f7a00d3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1125 - Audit Reduction And Report Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1125"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c6ce745a-670e-47d3-a6c4-3cfe5ef00c10","type":"Microsoft.Authorization/policyDefinitions","name":"c6ce745a-670e-47d3-a6c4-3cfe5ef00c10"},{"properties":{"displayName":"Microsoft
+ Managed Control 1619 - Information In Shared Resources","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1619"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c722e569-cb52-45f3-a643-836547d016e1","type":"Microsoft.Authorization/policyDefinitions","name":"c722e569-cb52-45f3-a643-836547d016e1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1121 - Audit Review, Analysis, And Reporting | Correlation
+ With Physical Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1121"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c72b0eb9-1fc2-44e5-a866-e7cb0532f7c1","type":"Microsoft.Authorization/policyDefinitions","name":"c72b0eb9-1fc2-44e5-a866-e7cb0532f7c1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1353 - Incident Response Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1353"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c785ad59-f78f-44ad-9a7f-d1202318c748","type":"Microsoft.Authorization/policyDefinitions","name":"c785ad59-f78f-44ad-9a7f-d1202318c748"},{"properties":{"displayName":"Email
notifications to admins and subscription owners should be enabled in SQL server
advanced data security settings","policyType":"BuiltIn","mode":"Indexed","description":"Audit
that ''email notification to admins and subscription owners'' is enabled in
the SQL server advanced threat protection settings. This ensures that any
detections of anomalous activities on SQL server are reported as soon as possible
to the admins.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","type":"Microsoft.Authorization/policyDefinitions","name":"c8343d2f-fdc9-4a97-b76f-fc71d1163bfc"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","type":"Microsoft.Authorization/policyDefinitions","name":"c8343d2f-fdc9-4a97-b76f-fc71d1163bfc"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Batch Account to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Batch Account to stream to a regional Log Analytics
+ workspace when any Batch Account which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Batch/batchAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Batch/batchAccounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ServiceLog","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5","type":"Microsoft.Authorization/policyDefinitions","name":"c84e5349-db6d-4769-805e-e14037dab9b5"},{"properties":{"displayName":"[Deprecated]:
API App should only be accessible over HTTPS","policyType":"BuiltIn","mode":"All","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"Security
Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForApiApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d","type":"Microsoft.Authorization/policyDefinitions","name":"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForApiApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d","type":"Microsoft.Authorization/policyDefinitions","name":"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1470 - Emergency Shutoff","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1470"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c89ba09f-2e0f-44d0-8095-65b05bd151ef","type":"Microsoft.Authorization/policyDefinitions","name":"c89ba09f-2e0f-44d0-8095-65b05bd151ef"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Interactive Logon''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -9557,7 +16081,10 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - Interactive Logon''. For more information on
Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsInteractiveLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8abcef9-fc26-482f-b8db-5fa60ee4586d","type":"Microsoft.Authorization/policyDefinitions","name":"c8abcef9-fc26-482f-b8db-5fa60ee4586d"},{"properties":{"displayName":"Diagnostic
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsInteractiveLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8abcef9-fc26-482f-b8db-5fa60ee4586d","type":"Microsoft.Authorization/policyDefinitions","name":"c8abcef9-fc26-482f-b8db-5fa60ee4586d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1018 - Account Management | Role-Based Schemes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1018"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c9121abf-e698-4ee9-b1cf-71ee528ff07f","type":"Microsoft.Authorization/policyDefinitions","name":"c9121abf-e698-4ee9-b1cf-71ee528ff07f"},{"properties":{"displayName":"Diagnostic
logs in Data Lake Analytics should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
@@ -9578,13 +16105,13 @@ interactions:
and deploys the VM extension for Guest Configuration. This policy should only
be used along with its corresponding audit policy in an initiative. For more
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPendingReboot"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPendingReboot"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c96f3246-4382-4264-bf6b-af0b35e23c3c","type":"Microsoft.Authorization/policyDefinitions","name":"c96f3246-4382-4264-bf6b-af0b35e23c3c"},{"properties":{"displayName":"Deploy
Diagnostic Settings for Network Security Groups","policyType":"BuiltIn","mode":"Indexed","description":"This
policy automatically deploys diagnostic settings to network security groups.
@@ -9606,11 +16133,30 @@ interactions:
service work as intended, allow the set of trusted Microsoft services to bypass
the network rules. These services will then use strong authentication to access
the storage account.","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","exists":"true"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","notContains":"AzureServices"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","type":"Microsoft.Authorization/policyDefinitions","name":"c9d007d0-c057-4772-b18c-01e546713bcd"},{"properties":{"displayName":"Remote
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","exists":"true"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","notContains":"AzureServices"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","type":"Microsoft.Authorization/policyDefinitions","name":"c9d007d0-c057-4772-b18c-01e546713bcd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1035 - Least Privilege | Authorize Access To Security Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1035"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ca94b046-45e2-444f-a862-dc8ce262a516","type":"Microsoft.Authorization/policyDefinitions","name":"ca94b046-45e2-444f-a862-dc8ce262a516"},{"properties":{"displayName":"Microsoft
+ Managed Control 1243 - Contingency Planning Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1243"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ca9a4469-d6df-4ab2-a42f-1213c396f0ec","type":"Microsoft.Authorization/policyDefinitions","name":"ca9a4469-d6df-4ab2-a42f-1213c396f0ec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1306 - Identification And Authentication (Org. Users) | Net.
+ Access To Priv. Accts. - Replay","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1306"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff","type":"Microsoft.Authorization/policyDefinitions","name":"cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff"},{"properties":{"displayName":"Remote
debugging should be turned off for Web Applications","policyType":"BuiltIn","mode":"Indexed","description":"Remote
debugging requires inbound ports to be opened on a web application. Remote
debugging should be turned off.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","type":"Microsoft.Authorization/policyDefinitions","name":"cb510bfd-1cba-4d9f-a230-cb0976f4bb71"},{"properties":{"displayName":"Show
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","type":"Microsoft.Authorization/policyDefinitions","name":"cb510bfd-1cba-4d9f-a230-cb0976f4bb71"},{"properties":{"displayName":"Microsoft
+ Managed Control 1486 - Alternate Work Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1486"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cb790345-a51f-43de-934e-98dbfaf9dca5","type":"Microsoft.Authorization/policyDefinitions","name":"cb790345-a51f-43de-934e-98dbfaf9dca5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1167 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1167"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cbb2be76-4891-430b-95a7-ca0b0a3d1300","type":"Microsoft.Authorization/policyDefinitions","name":"cbb2be76-4891-430b-95a7-ca0b0a3d1300"},{"properties":{"displayName":"Microsoft
+ Managed Control 1374 - Incident Response Assistance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1374"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cc5c8616-52ef-4e5e-8000-491634ed9249","type":"Microsoft.Authorization/policyDefinitions","name":"cc5c8616-52ef-4e5e-8000-491634ed9249"},{"properties":{"displayName":"Show
audit results from Windows VMs in which the Administrators group does not
contain only the specified members","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -9629,15 +16175,31 @@ interactions:
policy enables you to specify a set of virtual machine SKUs that your organization
can deploy.","metadata":{"category":"Compute"},"parameters":{"listOfAllowedSKUs":{"type":"Array","metadata":{"description":"The
list of SKUs that can be specified for virtual machines.","displayName":"Allowed
- SKUs","strongType":"VMSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"field":"Microsoft.Compute/virtualMachines/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3","type":"Microsoft.Authorization/policyDefinitions","name":"cccc23c7-8427-4f53-ad12-b6a63eb452b3"},{"properties":{"displayName":"Allow
- resource creation if ''department'' tag set","policyType":"BuiltIn","mode":"Indexed","description":"Allows
- resource creation only if the ''department'' tag is set","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags","containsKey":"department"}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064","type":"Microsoft.Authorization/policyDefinitions","name":"cd8dc879-a2ae-43c3-8211-1877c5755064"},{"properties":{"displayName":"[Preview]:
+ SKUs","strongType":"VMSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"field":"Microsoft.Compute/virtualMachines/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3","type":"Microsoft.Authorization/policyDefinitions","name":"cccc23c7-8427-4f53-ad12-b6a63eb452b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1443 - Media Use","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1443"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd0ec6fa-a2e7-4361-aee4-a8688659a9ed","type":"Microsoft.Authorization/policyDefinitions","name":"cd0ec6fa-a2e7-4361-aee4-a8688659a9ed"},{"properties":{"displayName":"Inherit
+ a tag from the resource group","policyType":"BuiltIn","mode":"Indexed","description":"Adds
+ or replaces the specified tag and value from the parent resource group when
+ any resource is created or updated. Existing resources can be remediated by
+ triggering a remediation task.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"allOf":[{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","notEquals":"[resourceGroup().tags[parameters(''tagName'')]]"},{"value":"[resourceGroup().tags[parameters(''tagName'')]]","notEquals":""}]},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"addOrReplace","field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","value":"[resourceGroup().tags[parameters(''tagName'')]]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd3aa116-8754-49c9-a813-ad46512ece54","type":"Microsoft.Authorization/policyDefinitions","name":"cd3aa116-8754-49c9-a813-ad46512ece54"},{"properties":{"displayName":"[Deprecated]:
+ Allow resource creation if ''department'' tag set","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ resource creation only if the ''department'' tag is set","metadata":{"category":"Tags","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags","containsKey":"department"}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064","type":"Microsoft.Authorization/policyDefinitions","name":"cd8dc879-a2ae-43c3-8211-1877c5755064"},{"properties":{"displayName":"Microsoft
+ Managed Control 1582 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1582"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd9e2f38-259b-462c-bfad-0ad7ab4e65c5","type":"Microsoft.Authorization/policyDefinitions","name":"cd9e2f38-259b-462c-bfad-0ad7ab4e65c5"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that allow re-use of the previous 24 passwords","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that allow re-use of the previous 24 passwords.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","type":"Microsoft.Authorization/policyDefinitions","name":"cdbf72d9-ac9c-4026-8a3a-491a5ac59293"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","type":"Microsoft.Authorization/policyDefinitions","name":"cdbf72d9-ac9c-4026-8a3a-491a5ac59293"},{"properties":{"displayName":"Microsoft
+ Managed Control 1104 - Audit Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1104"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cdd8d244-18b2-4306-a1d1-df175ae0935f","type":"Microsoft.Authorization/policyDefinitions","name":"cdd8d244-18b2-4306-a1d1-df175ae0935f"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - Privilege Use''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -9648,14 +16210,45 @@ interactions:
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPrivilegeUse","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesPrivilegeUse"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ce2370f6-0ac5-4d85-8ab4-10721cc640b0","type":"Microsoft.Authorization/policyDefinitions","name":"ce2370f6-0ac5-4d85-8ab4-10721cc640b0"},{"properties":{"displayName":"Diagnostic
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ce2370f6-0ac5-4d85-8ab4-10721cc640b0","type":"Microsoft.Authorization/policyDefinitions","name":"ce2370f6-0ac5-4d85-8ab4-10721cc640b0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1209 - Configuration Settings","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1209"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ce669c31-9103-4552-ae9c-cdef4e03580d","type":"Microsoft.Authorization/policyDefinitions","name":"ce669c31-9103-4552-ae9c-cdef4e03580d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1242 - Contingency Planning Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1242"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf3b3293-667a-445e-a722-fa0b0afc0958","type":"Microsoft.Authorization/policyDefinitions","name":"cf3b3293-667a-445e-a722-fa0b0afc0958"},{"properties":{"displayName":"Microsoft
+ Managed Control 1097 - Role-Based Security Training | Suspicious Communications
+ And Anomalous System Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1097"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf3e4836-f19e-47eb-a8cd-c3ca150452c0","type":"Microsoft.Authorization/policyDefinitions","name":"cf3e4836-f19e-47eb-a8cd-c3ca150452c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1424 - Maintenance Personnel | Individuals Without Appropriate
+ Access","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1424"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf55fc87-48e1-4676-a2f8-d9a8cf993283","type":"Microsoft.Authorization/policyDefinitions","name":"cf55fc87-48e1-4676-a2f8-d9a8cf993283"},{"properties":{"displayName":"Diagnostic
logs in Key Vault should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Key Vault"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","type":"Microsoft.Authorization/policyDefinitions","name":"cf820ca0-f99e-4f3e-84fb-66e913812d21"},{"properties":{"displayName":"Enforce
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","type":"Microsoft.Authorization/policyDefinitions","name":"cf820ca0-f99e-4f3e-84fb-66e913812d21"},{"properties":{"displayName":"Microsoft
+ Managed Control 1292 - Information System Backup | Test Restoration Using
+ Sampling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1292"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d03516cf-0293-489f-9b32-a18f2a79f836","type":"Microsoft.Authorization/policyDefinitions","name":"d03516cf-0293-489f-9b32-a18f2a79f836"},{"properties":{"displayName":"Microsoft
+ Managed Control 1724 - Error Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1724"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d07594d1-0307-4c08-94db-5d71ff31f0f6","type":"Microsoft.Authorization/policyDefinitions","name":"d07594d1-0307-4c08-94db-5d71ff31f0f6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1084 - Publicly Accessible Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1084"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d0eb15db-dd1c-4d1d-b200-b12dd6cd060c","type":"Microsoft.Authorization/policyDefinitions","name":"d0eb15db-dd1c-4d1d-b200-b12dd6cd060c"},{"properties":{"displayName":"Add
+ or replace a tag on resource groups","policyType":"BuiltIn","mode":"All","description":"Adds
+ or replaces the specified tag and value when any resource group is created
+ or updated. Existing resource groups can be remediated by triggering a remediation
+ task.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
+ Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","notEquals":"[parameters(''tagValue'')]"}]},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"addOrReplace","field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d157c373-a6c4-483d-aaad-570756956268","type":"Microsoft.Authorization/policyDefinitions","name":"d157c373-a6c4-483d-aaad-570756956268"},{"properties":{"displayName":"Enforce
SSL connection should be enabled for PostgreSQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any PostgreSQL server that is not enforcing SSL connection.
Azure Database for PostgreSQL prefers connecting your client applications
@@ -9663,11 +16256,30 @@ interactions:
connections between your database server and your client applications helps
protect against ''man-in-the-middle'' attacks by encrypting the data stream
between the server and your application","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","type":"Microsoft.Authorization/policyDefinitions","name":"d158790f-bfb0-486c-8631-2dc6b4e8e6af"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","type":"Microsoft.Authorization/policyDefinitions","name":"d158790f-bfb0-486c-8631-2dc6b4e8e6af"},{"properties":{"displayName":"Microsoft
+ Managed Control 1620 - Denial Of Service Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1620"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d17c826b-1dec-43e1-a984-7b71c446649c","type":"Microsoft.Authorization/policyDefinitions","name":"d17c826b-1dec-43e1-a984-7b71c446649c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1409 - Maintenance Tools | Prevent Unauthorized Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1409"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d1880188-e51a-4772-b2ab-68f5e8bd27f6","type":"Microsoft.Authorization/policyDefinitions","name":"d1880188-e51a-4772-b2ab-68f5e8bd27f6"},{"properties":{"displayName":"[Deprecated]:
Audit Function Apps that are not using custom domains","policyType":"BuiltIn","mode":"All","description":"Use
of custom domains protects a Function app from common attacks such as phishing
and other DNS-related attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c","type":"Microsoft.Authorization/policyDefinitions","name":"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c","type":"Microsoft.Authorization/policyDefinitions","name":"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1195 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1195"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d1e1d65c-1013-4484-bd54-991332e6a0d2","type":"Microsoft.Authorization/policyDefinitions","name":"d1e1d65c-1013-4484-bd54-991332e6a0d2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1721 - Spam Protection | Central Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1721"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a","type":"Microsoft.Authorization/policyDefinitions","name":"d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1106 - Audit Events | Reviews And Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1106"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d2b4feae-61ab-423f-a4c5-0e38ac4464d8","type":"Microsoft.Authorization/policyDefinitions","name":"d2b4feae-61ab-423f-a4c5-0e38ac4464d8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1030 - Information Flow Enforcement | Physical / Logical Separation
+ Of Information Flows","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1030"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d3531453-b869-4606-9122-29c1cd6e7ed1","type":"Microsoft.Authorization/policyDefinitions","name":"d3531453-b869-4606-9122-29c1cd6e7ed1"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs on which the DSC configuration is
not compliant","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows VMs on which
@@ -9677,21 +16289,127 @@ interactions:
Configuration. This policy should only be used along with its corresponding
audit policy in an initiative. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDscConfiguration","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDscConfiguration"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d38b4c26-9d2e-47d7-aefe-18d859a8706a","type":"Microsoft.Authorization/policyDefinitions","name":"d38b4c26-9d2e-47d7-aefe-18d859a8706a"},{"properties":{"displayName":"Show
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDscConfiguration","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDscConfiguration"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d38b4c26-9d2e-47d7-aefe-18d859a8706a","type":"Microsoft.Authorization/policyDefinitions","name":"d38b4c26-9d2e-47d7-aefe-18d859a8706a"},{"properties":{"displayName":"Long-term
+ geo-redundant backup should be enabled for Azure SQL Databases","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure SQL Database with long-term geo-redundant backup not
+ enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies","name":"default","existenceCondition":{"anyOf":[{"field":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies/weeklyRetention","notEquals":"PT0S"},{"field":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies/monthlyRetention","notEquals":"PT0S"},{"field":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies/yearlyRetention","notEquals":"PT0S"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","type":"Microsoft.Authorization/policyDefinitions","name":"d38fc420-0735-4ef3-ac11-c806f651a570"},{"properties":{"displayName":"Microsoft
+ Managed Control 1641 - Transmission Confidentiality And Integrity | Cryptographic
+ Or Alternate Physical Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1641"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d39d4f68-7346-4133-8841-15318a714a24","type":"Microsoft.Authorization/policyDefinitions","name":"d39d4f68-7346-4133-8841-15318a714a24"},{"properties":{"displayName":"Microsoft
+ Managed Control 1249 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1249"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d3bf4251-0818-42db-950b-afd5b25a51c2","type":"Microsoft.Authorization/policyDefinitions","name":"d3bf4251-0818-42db-950b-afd5b25a51c2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1562 - Allocation Of Resources","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1562"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d4142013-7964-4163-a313-a900301c2cef","type":"Microsoft.Authorization/policyDefinitions","name":"d4142013-7964-4163-a313-a900301c2cef"},{"properties":{"displayName":"Virtual
+ machines should be connected to an approved virtual network","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any virtual machine connected to a virtual network that is not
+ approved.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"virtualNetworkId":{"type":"String","metadata":{"displayName":"Virtual
+ network Id","description":"Resource Id of the virtual network. Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroupName/providers/Microsoft.Network/virtualNetworks/Name"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"not":{"field":"Microsoft.Network/networkInterfaces/ipconfigurations[*].subnet.id","like":"[concat(parameters(''virtualNetworkId''),''/*'')]"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d416745a-506c-48b6-8ab1-83cb814bcaa3","type":"Microsoft.Authorization/policyDefinitions","name":"d416745a-506c-48b6-8ab1-83cb814bcaa3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1383 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1383"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d4558451-e16a-4d2d-a066-fe12a6282bb9","type":"Microsoft.Authorization/policyDefinitions","name":"d4558451-e16a-4d2d-a066-fe12a6282bb9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1112 - Response To Audit Processing Failures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1112"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d530aad8-4ee2-45f4-b234-c061dae683c0","type":"Microsoft.Authorization/policyDefinitions","name":"d530aad8-4ee2-45f4-b234-c061dae683c0"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Data Lake Analytics to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Analytics to stream to a regional Log
+ Analytics workspace when any Data Lake Analytics which is missing this diagnostic
+ settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeAnalytics/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeAnalytics/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03","type":"Microsoft.Authorization/policyDefinitions","name":"d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03"},{"properties":{"displayName":"Microsoft
+ Managed Control 1585 - Security Engineering Principles","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1585"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d57f8732-5cdc-4cda-8d27-ab148e1f3a55","type":"Microsoft.Authorization/policyDefinitions","name":"d57f8732-5cdc-4cda-8d27-ab148e1f3a55"},{"properties":{"displayName":"Microsoft
+ Managed Control 1667 - System And Information Integrity Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1667"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d61880dc-6e38-4f2a-a30c-3406a98f8220","type":"Microsoft.Authorization/policyDefinitions","name":"d61880dc-6e38-4f2a-a30c-3406a98f8220"},{"properties":{"displayName":"Microsoft
+ Managed Control 1150 - Security Assessments | External Organizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1150"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d630429d-e763-40b1-8fba-d20ba7314afb","type":"Microsoft.Authorization/policyDefinitions","name":"d630429d-e763-40b1-8fba-d20ba7314afb"},{"properties":{"displayName":"Event
+ Hub should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Event Hub not configured to use a virtual network service
+ endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.EventHub/namespaces/virtualNetworkRules","existenceCondition":{"field":"Microsoft.EventHub/namespaces/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d63edb4a-c612-454d-b47d-191a724fcbf0","type":"Microsoft.Authorization/policyDefinitions","name":"d63edb4a-c612-454d-b47d-191a724fcbf0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1549 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1549"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d6976a08-d969-4df2-bb38-29556c2eb48a","type":"Microsoft.Authorization/policyDefinitions","name":"d6976a08-d969-4df2-bb38-29556c2eb48a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1473 - Emergency Power","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1473"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d7047705-d719-46a7-8bb0-76ad233eba71","type":"Microsoft.Authorization/policyDefinitions","name":"d7047705-d719-46a7-8bb0-76ad233eba71"},{"properties":{"displayName":"Microsoft
+ Managed Control 1529 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1529"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d74fdc92-1cb8-4a34-9978-8556425cd14c","type":"Microsoft.Authorization/policyDefinitions","name":"d74fdc92-1cb8-4a34-9978-8556425cd14c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1350 - Identification And Authentication (Non-Org. Users)
+ | Use Of FICAM-Issued Profiles","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1350"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d77fd943-6ba6-4a21-ba07-22b03e347cc4","type":"Microsoft.Authorization/policyDefinitions","name":"d77fd943-6ba6-4a21-ba07-22b03e347cc4"},{"properties":{"displayName":"Show
audit results from Windows Server VMs on which Windows Serial Console is not
enabled","policyType":"BuiltIn","mode":"All","description":"This policy should
only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
Server virtual machines on which Windows Serial Console is not enabled. For
more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsSerialConsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d7ccd0ca-8d78-42af-a43d-6b7f928accbc","type":"Microsoft.Authorization/policyDefinitions","name":"d7ccd0ca-8d78-42af-a43d-6b7f928accbc"},{"properties":{"displayName":"[Deprecated]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsSerialConsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d7ccd0ca-8d78-42af-a43d-6b7f928accbc","type":"Microsoft.Authorization/policyDefinitions","name":"d7ccd0ca-8d78-42af-a43d-6b7f928accbc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1016 - Account Management | Automated Audit Actions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1016"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d8b43277-512e-40c3-ab00-14b3b6e72238","type":"Microsoft.Authorization/policyDefinitions","name":"d8b43277-512e-40c3-ab00-14b3b6e72238"},{"properties":{"displayName":"Microsoft
+ Managed Control 1488 - Alternate Work Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1488"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d8ef30eb-a44f-47af-8524-ac19a36d41d2","type":"Microsoft.Authorization/policyDefinitions","name":"d8ef30eb-a44f-47af-8524-ac19a36d41d2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1577 - Acquisition Process | Continuous Monitoring Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1577"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d922484a-8cfc-4a6b-95a4-77d6a685407f","type":"Microsoft.Authorization/policyDefinitions","name":"d922484a-8cfc-4a6b-95a4-77d6a685407f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1271 - Alternate Storage Site | Accessibility","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1271"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/da3bfb53-9c46-4010-b3db-a7ba1296dada","type":"Microsoft.Authorization/policyDefinitions","name":"da3bfb53-9c46-4010-b3db-a7ba1296dada"},{"properties":{"displayName":"Microsoft
+ Managed Control 1516 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1516"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/da3cd269-156f-435b-b472-c3af34c032ed","type":"Microsoft.Authorization/policyDefinitions","name":"da3cd269-156f-435b-b472-c3af34c032ed"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Batch Account to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Batch Account to stream to a regional Event Hub
+ when any Batch Account which is missing this diagnostic settings is created
+ or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Batch/batchAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Batch/batchAccounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ServiceLog","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/db51110f-0865-4a6e-b274-e2e07a5b2cd7","type":"Microsoft.Authorization/policyDefinitions","name":"db51110f-0865-4a6e-b274-e2e07a5b2cd7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1277 - Alternate Processing Site | Priority Of Service","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1277"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dc43e829-3d50-4a0a-aa0f-428d551862aa","type":"Microsoft.Authorization/policyDefinitions","name":"dc43e829-3d50-4a0a-aa0f-428d551862aa"},{"properties":{"displayName":"Microsoft
+ Managed Control 1439 - Media Sanitization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1439"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dce72873-c5f1-47c3-9b4f-6b8207fd5a45","type":"Microsoft.Authorization/policyDefinitions","name":"dce72873-c5f1-47c3-9b4f-6b8207fd5a45"},{"properties":{"displayName":"Microsoft
+ Managed Control 1264 - Contingency Plan Testing | Coordinate With Related
+ Plans","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1264"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd280d4b-50a1-42fb-a479-ece5878acf19","type":"Microsoft.Authorization/policyDefinitions","name":"dd280d4b-50a1-42fb-a479-ece5878acf19"},{"properties":{"displayName":"[Deprecated]:
Audit Web Applications that are not using custom domains","policyType":"BuiltIn","mode":"All","description":"Use
of custom domains protects a web application from common attacks such as phishing
and other DNS-related attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -9703,7 +16421,23 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''System Audit Policies - Policy Change''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPolicyChange","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd4680ed-0559-4a6a-ad10-081d14cbb484","type":"Microsoft.Authorization/policyDefinitions","name":"dd4680ed-0559-4a6a-ad10-081d14cbb484"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPolicyChange","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd4680ed-0559-4a6a-ad10-081d14cbb484","type":"Microsoft.Authorization/policyDefinitions","name":"dd4680ed-0559-4a6a-ad10-081d14cbb484"},{"properties":{"displayName":"Microsoft
+ Managed Control 1715 - Software, Firmware, And Information Integrity | Automated
+ Response To Integrity Violations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1715"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd469ae0-71a8-4adc-aafc-de6949ca3339","type":"Microsoft.Authorization/policyDefinitions","name":"dd469ae0-71a8-4adc-aafc-de6949ca3339"},{"properties":{"displayName":"Microsoft
+ Managed Control 1678 - Malicious Code Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1678"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd533cb0-b416-4be7-8e86-4d154824dfd7","type":"Microsoft.Authorization/policyDefinitions","name":"dd533cb0-b416-4be7-8e86-4d154824dfd7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1391 - Information Spillage Response | Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1391"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd6ac1a1-660e-4810-baa8-74e868e2ed47","type":"Microsoft.Authorization/policyDefinitions","name":"dd6ac1a1-660e-4810-baa8-74e868e2ed47"},{"properties":{"displayName":"Microsoft
+ Managed Control 1146 - Security Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1146"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd83410c-ecb6-4547-8f14-748c3cbdc7ac","type":"Microsoft.Authorization/policyDefinitions","name":"dd83410c-ecb6-4547-8f14-748c3cbdc7ac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1602 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1602"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ddae2e97-a449-499f-a1c8-aea4a7e52ec9","type":"Microsoft.Authorization/policyDefinitions","name":"ddae2e97-a449-499f-a1c8-aea4a7e52ec9"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Settings
- Account Policies''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -9728,9 +16462,26 @@ interactions:
''='', parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsRecoveryconsole"},"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Recovery
console: Allow floppy copy and access to all drives and all folders;ExpectedValue","value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b","type":"Microsoft.Authorization/policyDefinitions","name":"ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b"},{"properties":{"displayName":"Allow
- resource creation only in Japan data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
- resource creation in the following locations only: Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697","type":"Microsoft.Authorization/policyDefinitions","name":"e01598e8-6538-41ed-95e8-8b29746cd697"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b","type":"Microsoft.Authorization/policyDefinitions","name":"ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1689 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1689"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/de901f2f-a01a-4456-97f0-33cda7966172","type":"Microsoft.Authorization/policyDefinitions","name":"de901f2f-a01a-4456-97f0-33cda7966172"},{"properties":{"displayName":"Microsoft
+ Managed Control 1528 - Access Agreements","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1528"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/deb9797c-22f8-40e8-b342-a84003c924e6","type":"Microsoft.Authorization/policyDefinitions","name":"deb9797c-22f8-40e8-b342-a84003c924e6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1673 - Flaw Remediation | Automated Flaw Remediation Status","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1673"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dff0b90d-5a6f-491c-b2f8-b90aa402d844","type":"Microsoft.Authorization/policyDefinitions","name":"dff0b90d-5a6f-491c-b2f8-b90aa402d844"},{"properties":{"displayName":"[Deprecated]:
+ Allow resource creation only in Japan data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ resource creation in the following locations only: Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697","type":"Microsoft.Authorization/policyDefinitions","name":"e01598e8-6538-41ed-95e8-8b29746cd697"},{"properties":{"displayName":"Cosmos
+ DB should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Cosmos DB not configured to use a virtual network service
+ endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"field":"Microsoft.DocumentDB/databaseAccounts/virtualNetworkRules[*].id","exists":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9","type":"Microsoft.Authorization/policyDefinitions","name":"e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1206 - Access Restrictions For Change | Limit Production /
+ Operational Privileges","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1206"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0de232d-02a0-4652-872d-88afb4ae5e91","type":"Microsoft.Authorization/policyDefinitions","name":"e0de232d-02a0-4652-872d-88afb4ae5e91"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that do not have the specified Windows
PowerShell execution policy","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -9741,18 +16492,43 @@ interactions:
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"ExecutionPolicy":{"type":"String","metadata":{"displayName":"PowerShell
Execution Policy","description":"The expected PowerShell execution policy."},"allowedValues":["AllSigned","Bypass","Default","RemoteSigned","Restricted","Undefined","Unrestricted"]}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellExecutionPolicy","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[PowerShellExecutionPolicy]PowerShellExecutionPolicy1;ExecutionPolicy'',
- ''='', parameters(''ExecutionPolicy'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPowerShellExecutionPolicy"},"ExecutionPolicy":{"value":"[parameters(''ExecutionPolicy'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ExecutionPolicy":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellExecutionPolicy]PowerShellExecutionPolicy1;ExecutionPolicy","value":"[parameters(''ExecutionPolicy'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellExecutionPolicy]PowerShellExecutionPolicy1;ExecutionPolicy","value":"[parameters(''ExecutionPolicy'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0efc13a-122a-47c5-b817-2ccfe5d12615","type":"Microsoft.Authorization/policyDefinitions","name":"e0efc13a-122a-47c5-b817-2ccfe5d12615"},{"properties":{"displayName":"Vulnerabilities
+ ''='', parameters(''ExecutionPolicy'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPowerShellExecutionPolicy"},"ExecutionPolicy":{"value":"[parameters(''ExecutionPolicy'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ExecutionPolicy":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellExecutionPolicy]PowerShellExecutionPolicy1;ExecutionPolicy","value":"[parameters(''ExecutionPolicy'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellExecutionPolicy]PowerShellExecutionPolicy1;ExecutionPolicy","value":"[parameters(''ExecutionPolicy'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0efc13a-122a-47c5-b817-2ccfe5d12615","type":"Microsoft.Authorization/policyDefinitions","name":"e0efc13a-122a-47c5-b817-2ccfe5d12615"},{"properties":{"displayName":"Microsoft
+ Managed Control 1714 - Software, Firmware, And Information Integrity | Automated
+ Notifications Of Integrity Violations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1714"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e12494fa-b81e-4080-af71-7dbacc2da0ec","type":"Microsoft.Authorization/policyDefinitions","name":"e12494fa-b81e-4080-af71-7dbacc2da0ec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1686 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1686"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e17085c5-0be8-4423-b39b-a52d3d1402e5","type":"Microsoft.Authorization/policyDefinitions","name":"e17085c5-0be8-4423-b39b-a52d3d1402e5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1722 - Spam Protection | Automatic Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1722"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1da06bd-25b6-4127-a301-c313d6873fff","type":"Microsoft.Authorization/policyDefinitions","name":"e1da06bd-25b6-4127-a301-c313d6873fff"},{"properties":{"displayName":"Vulnerabilities
in security configuration on your machines should be remediated","policyType":"BuiltIn","mode":"All","description":"Servers
which do not satisfy the configured baseline will be monitored by Azure Security
Center as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"osVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","type":"Microsoft.Authorization/policyDefinitions","name":"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"osVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","type":"Microsoft.Authorization/policyDefinitions","name":"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15"},{"properties":{"displayName":"Microsoft
+ Managed Control 1047 - System Use Notification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1047"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62","type":"Microsoft.Authorization/policyDefinitions","name":"e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62"},{"properties":{"displayName":"Microsoft
+ Managed Control 1276 - Alternate Processing Site | Accessibility","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1276"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e214e563-1206-4a43-a56b-ac5880c9c571","type":"Microsoft.Authorization/policyDefinitions","name":"e214e563-1206-4a43-a56b-ac5880c9c571"},{"properties":{"displayName":"Microsoft
+ Managed Control 1560 - System And Services Acquisition Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1560"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e29e0915-5c2f-4d09-8806-048b749ad763","type":"Microsoft.Authorization/policyDefinitions","name":"e29e0915-5c2f-4d09-8806-048b749ad763"},{"properties":{"displayName":"Ensure
+ that ''HTTP Version'' is the latest, if used to run the Function app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for HTTP either due to security flaws or to include
+ additional functionality. Using the latest HTTP version for web apps to take
+ advantage of security fixes, if any, and/or new functionalities of the newer
+ version.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.http20Enabled","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c","type":"Microsoft.Authorization/policyDefinitions","name":"e2c1c086-2d84-4019-bff3-c44ccd95113c"},{"properties":{"displayName":"[Preview]:
Audit Dependency Agent Deployment in VMSS - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports
VMSS as non-compliant if the VM Image (OS) is not in the list defined and
the agent is not installed. The list of OS images will be updated over time
@@ -9760,7 +16536,19 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10","type":"Microsoft.Authorization/policyDefinitions","name":"e2dd799a-a932-4e9d-ac17-d473bc3c6c10"},{"properties":{"displayName":"MFA
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10","type":"Microsoft.Authorization/policyDefinitions","name":"e2dd799a-a932-4e9d-ac17-d473bc3c6c10"},{"properties":{"displayName":"Microsoft
+ Managed Control 1161 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1161"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2f8f6c6-dde4-436b-a79d-bc50e129eb3a","type":"Microsoft.Authorization/policyDefinitions","name":"e2f8f6c6-dde4-436b-a79d-bc50e129eb3a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1387 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1387"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3007185-3857-43a9-8237-06ca94f1084c","type":"Microsoft.Authorization/policyDefinitions","name":"e3007185-3857-43a9-8237-06ca94f1084c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1479 - Fire Protection | Automatic Fire Suppression","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1479"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e327b072-281d-4f75-9c28-4216e5d72f26","type":"Microsoft.Authorization/policyDefinitions","name":"e327b072-281d-4f75-9c28-4216e5d72f26"},{"properties":{"displayName":"Azure
+ VPN gateways should not use ''basic'' SKU","policyType":"BuiltIn","mode":"All","description":"This
+ policy ensures that VPN gateways do not use ''basic'' SKU.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/virtualNetworkGateways"},{"field":"Microsoft.Network/virtualNetworkGateways/gatewayType","equals":"Vpn"},{"field":"Microsoft.Network/virtualNetworkGateways/sku.tier","equals":"Basic"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e345b6c3-24bd-4c93-9bbb-7e5e49a17b78","type":"Microsoft.Authorization/policyDefinitions","name":"e345b6c3-24bd-4c93-9bbb-7e5e49a17b78"},{"properties":{"displayName":"MFA
should be enabled on accounts with read permissions on your subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor
Authentication (MFA) should be enabled for all subscription accounts with
read privileges to prevent a breach of accounts or resources.","metadata":{"category":"Security
@@ -9808,7 +16596,13 @@ interactions:
password age;ExpectedValue","value":"[parameters(''MinimumPasswordAge'')]"},{"name":"Minimum
password length;ExpectedValue","value":"[parameters(''MinimumPasswordLength'')]"},{"name":"Password
must meet complexity requirements;ExpectedValue","value":"[parameters(''PasswordMustMeetComplexityRequirements'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3d95ab7-f47a-49d8-a347-784177b6c94c","type":"Microsoft.Authorization/policyDefinitions","name":"e3d95ab7-f47a-49d8-a347-784177b6c94c"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3d95ab7-f47a-49d8-a347-784177b6c94c","type":"Microsoft.Authorization/policyDefinitions","name":"e3d95ab7-f47a-49d8-a347-784177b6c94c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1451 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1451"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3f1e5a3-25c1-4476-8cb6-3955031f8e65","type":"Microsoft.Authorization/policyDefinitions","name":"e3f1e5a3-25c1-4476-8cb6-3955031f8e65"},{"properties":{"displayName":"Microsoft
+ Managed Control 1357 - Incident Response Training | Automated Training Environments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1357"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e4213689-05e8-4241-9d4e-8dd1cdafd105","type":"Microsoft.Authorization/policyDefinitions","name":"e4213689-05e8-4241-9d4e-8dd1cdafd105"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- User Account Control''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -9840,14 +16634,36 @@ interactions:
Approval Mode;ExpectedValue","value":"[parameters(''UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode'')]"},{"name":"User
Account Control: Detect application installations and prompt for elevation;ExpectedValue","value":"[parameters(''UACDetectApplicationInstallationsAndPromptForElevation'')]"},{"name":"User
Account Control: Run all administrators in Admin Approval Mode;ExpectedValue","value":"[parameters(''UACRunAllAdministratorsInAdminApprovalMode'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e425e402-a050-45e5-b010-bd3f934589fc","type":"Microsoft.Authorization/policyDefinitions","name":"e425e402-a050-45e5-b010-bd3f934589fc"},{"properties":{"displayName":"Allowed
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e425e402-a050-45e5-b010-bd3f934589fc","type":"Microsoft.Authorization/policyDefinitions","name":"e425e402-a050-45e5-b010-bd3f934589fc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1340 - Authenticator Management | No Embedded Unencrypted
+ Static Authenticators","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1340"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e51ff84b-e5ea-408f-b651-2ecc2933e4c6","type":"Microsoft.Authorization/policyDefinitions","name":"e51ff84b-e5ea-408f-b651-2ecc2933e4c6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1381 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1381"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e5368258-9684-4567-8126-269f34e65eab","type":"Microsoft.Authorization/policyDefinitions","name":"e5368258-9684-4567-8126-269f34e65eab"},{"properties":{"displayName":"Microsoft
+ Managed Control 1421 - Maintenance Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1421"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e539caaa-da8c-41b8-9e1e-449851e2f7a6","type":"Microsoft.Authorization/policyDefinitions","name":"e539caaa-da8c-41b8-9e1e-449851e2f7a6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1716 - Software, Firmware, And Information Integrity | Integration
+ Of Detection And Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1716"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e54c325e-42a0-4dcf-b105-046e0f6f590f","type":"Microsoft.Authorization/policyDefinitions","name":"e54c325e-42a0-4dcf-b105-046e0f6f590f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1023 - Account Management | Usage Conditions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1023"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e55698b6-3dea-4aa9-99b9-d8218c6ab6e5","type":"Microsoft.Authorization/policyDefinitions","name":"e55698b6-3dea-4aa9-99b9-d8218c6ab6e5"},{"properties":{"displayName":"Allowed
locations","policyType":"BuiltIn","mode":"Indexed","description":"This policy
enables you to restrict the locations your organization can specify when deploying
resources. Use to enforce your geo-compliance requirements. Excludes resource
groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources that
use the ''global'' region.","metadata":{"category":"General"},"parameters":{"listOfAllowedLocations":{"type":"Array","metadata":{"description":"The
list of locations that can be specified when deploying resources.","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"allOf":[{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"},{"field":"location","notEquals":"global"},{"field":"type","notEquals":"Microsoft.AzureActiveDirectory/b2cDirectories"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","type":"Microsoft.Authorization/policyDefinitions","name":"e56962a6-4747-49cd-b67b-bf8b01975c4c"},{"properties":{"displayName":"[Preview]:
+ locations"}}},"policyRule":{"if":{"allOf":[{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"},{"field":"location","notEquals":"global"},{"field":"type","notEquals":"Microsoft.AzureActiveDirectory/b2cDirectories"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","type":"Microsoft.Authorization/policyDefinitions","name":"e56962a6-4747-49cd-b67b-bf8b01975c4c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1296 - Information System Recovery And Reconstitution | Transaction
+ Recovery","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1296"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e57b98a0-a011-4956-a79d-5d17ed8b8e48","type":"Microsoft.Authorization/policyDefinitions","name":"e57b98a0-a011-4956-a79d-5d17ed8b8e48"},{"properties":{"displayName":"Microsoft
+ Managed Control 1499 - Rules Of Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1499"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e59671ab-9720-4ee2-9c60-170e8c82251e","type":"Microsoft.Authorization/policyDefinitions","name":"e59671ab-9720-4ee2-9c60-170e8c82251e"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Accounts''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -9867,29 +16683,49 @@ interactions:
the latest supported Node.js version for the latest security classes. Using
older classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestNodeJS","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008","type":"Microsoft.Authorization/policyDefinitions","name":"e67687e8-08d5-4e7f-8226-5b4753bba008"},{"properties":{"displayName":"Subnets
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestNodeJS","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008","type":"Microsoft.Authorization/policyDefinitions","name":"e67687e8-08d5-4e7f-8226-5b4753bba008"},{"properties":{"displayName":"Microsoft
+ Managed Control 1465 - Monitoring Physical Access | Monitoring Physical Access
+ To Information Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1465"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e6e41554-86b5-4537-9f7f-4fc41a1d1640","type":"Microsoft.Authorization/policyDefinitions","name":"e6e41554-86b5-4537-9f7f-4fc41a1d1640"},{"properties":{"displayName":"Subnets
should be associated with a Network Security Group","policyType":"BuiltIn","mode":"All","description":"Protect
your subnet from potential threats by restricting access to it with a Network
Security Group (NSG). NSGs contain a list of Access Control List (ACL) rules
that allow or deny network traffic to your subnet.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnSubnets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","type":"Microsoft.Authorization/policyDefinitions","name":"e71308d3-144b-4262-b144-efdc3cc90517"},{"properties":{"displayName":"Advanced
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnSubnets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","type":"Microsoft.Authorization/policyDefinitions","name":"e71308d3-144b-4262-b144-efdc3cc90517"},{"properties":{"displayName":"Microsoft
+ Managed Control 1567 - System Development Life Cycle","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1567"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e72edbf6-aa61-436d-a227-0f32b77194b3","type":"Microsoft.Authorization/policyDefinitions","name":"e72edbf6-aa61-436d-a227-0f32b77194b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1311 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1311"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e7568697-0c9e-4ea3-9cec-9e567d14f3c6","type":"Microsoft.Authorization/policyDefinitions","name":"e7568697-0c9e-4ea3-9cec-9e567d14f3c6"},{"properties":{"displayName":"Advanced
Threat Protection types should be set to ''All'' in SQL server Advanced Data
Security settings","policyType":"BuiltIn","mode":"Indexed","description":"It
is recommended to enable all Advanced Threat Protection types on your SQL
servers. Enabling all types protects against SQL injection, database vulnerabilities,
and any other anomalous activities.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/disabledAlerts[*]","equals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","type":"Microsoft.Authorization/policyDefinitions","name":"e756b945-1b1b-480b-8de8-9a0859d5f7ad"},{"properties":{"displayName":"Allowed
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/disabledAlerts[*]","equals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","type":"Microsoft.Authorization/policyDefinitions","name":"e756b945-1b1b-480b-8de8-9a0859d5f7ad"},{"properties":{"displayName":"Microsoft
+ Managed Control 1154 - System Interconnections | Unclassified Non-National
+ Security System Connections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1154"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e757ceb9-93b3-45fe-a4f4-f43f64f1ac5a","type":"Microsoft.Authorization/policyDefinitions","name":"e757ceb9-93b3-45fe-a4f4-f43f64f1ac5a"},{"properties":{"displayName":"Allowed
locations for resource groups","policyType":"BuiltIn","mode":"All","description":"This
policy enables you to restrict the locations your organization can create
resource groups in. Use to enforce your geo-compliance requirements.","metadata":{"category":"General"},"parameters":{"listOfAllowedLocations":{"type":"Array","metadata":{"description":"The
list of locations that resource groups can be created in.","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"allOf":[{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"},{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988","type":"Microsoft.Authorization/policyDefinitions","name":"e765b5de-1225-4ba3-bd56-1ac6695af988"},{"properties":{"displayName":"[Deprecated]:
+ locations"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988","type":"Microsoft.Authorization/policyDefinitions","name":"e765b5de-1225-4ba3-bd56-1ac6695af988"},{"properties":{"displayName":"Microsoft
+ Managed Control 1273 - Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1273"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e77fcbf2-a1e8-44f1-860e-ed6583761e65","type":"Microsoft.Authorization/policyDefinitions","name":"e77fcbf2-a1e8-44f1-860e-ed6583761e65"},{"properties":{"displayName":"[Deprecated]:
Audit Web Sockets state for a Web Application","policyType":"BuiltIn","mode":"All","description":"The
Web Sockets protocol is vulnerable to different types of security threats.
Use of Web Sockets within a web application must be carefully reviewed.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e","type":"Microsoft.Authorization/policyDefinitions","name":"e797f851-8be7-4c40-bb56-2e3395215b0e"},{"properties":{"displayName":"Enforce
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e","type":"Microsoft.Authorization/policyDefinitions","name":"e797f851-8be7-4c40-bb56-2e3395215b0e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1169 - Continuous Monitoring | Trend Analyses","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1169"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e7ba2cb3-5675-4468-8b50-8486bdd998a5","type":"Microsoft.Authorization/policyDefinitions","name":"e7ba2cb3-5675-4468-8b50-8486bdd998a5"},{"properties":{"displayName":"Enforce
SSL connection should be enabled for MySQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any MySQL server that is not enforcing SSL connection. Azure
Database for MySQL supports connecting your Azure Database for MySQL server
@@ -9897,16 +16733,97 @@ interactions:
between your database server and your client applications helps protect against
''man in the middle'' attacks by encrypting the data stream between the server
and your application.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMySQL/servers"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","type":"Microsoft.Authorization/policyDefinitions","name":"e802a67a-daf5-4436-9ea6-f6d821dd0c5d"},{"properties":{"displayName":"Vulnerabilities
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMySQL/servers"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","type":"Microsoft.Authorization/policyDefinitions","name":"e802a67a-daf5-4436-9ea6-f6d821dd0c5d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1237 - Software Usage Restrictions | Open Source Software","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1237"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e80b6812-0bfa-4383-8223-cdd86a46a890","type":"Microsoft.Authorization/policyDefinitions","name":"e80b6812-0bfa-4383-8223-cdd86a46a890"},{"properties":{"displayName":"Vulnerabilities
in container security configurations should be remediated","policyType":"BuiltIn","mode":"All","description":"Audit
vulnerabilities in security configuration on machines with Docker installed
and display as recommendations in Azure Security Center.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ContainerBenchmark","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","type":"Microsoft.Authorization/policyDefinitions","name":"e8cbc669-f12d-49eb-93e7-9273119e9933"},{"properties":{"displayName":"Remote
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ContainerBenchmark","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","type":"Microsoft.Authorization/policyDefinitions","name":"e8cbc669-f12d-49eb-93e7-9273119e9933"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Data Lake Storage Gen1 to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Storage Gen1 to stream to a regional
+ Event Hub when any Data Lake Storage Gen1 which is missing this diagnostic
+ settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeStore/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e8d096bc-85de-4c5f-8cfb-857bd1b9d62d","type":"Microsoft.Authorization/policyDefinitions","name":"e8d096bc-85de-4c5f-8cfb-857bd1b9d62d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1626 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1626"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e8f6bddd-6d67-439a-88d4-c5fe39a79341","type":"Microsoft.Authorization/policyDefinitions","name":"e8f6bddd-6d67-439a-88d4-c5fe39a79341"},{"properties":{"displayName":"Microsoft
+ Managed Control 1502 - Rules Of Behavior | Social Media And Networking Restrictions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1502"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e901375c-8f01-4ac8-9183-d5312f47fe63","type":"Microsoft.Authorization/policyDefinitions","name":"e901375c-8f01-4ac8-9183-d5312f47fe63"},{"properties":{"displayName":"Microsoft
+ Managed Control 1723 - Information Input Validation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1723"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e91927a0-ac1d-44a0-95f8-5185f9dfce9f","type":"Microsoft.Authorization/policyDefinitions","name":"e91927a0-ac1d-44a0-95f8-5185f9dfce9f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1200 - Security Impact Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1200"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e98fe9d7-2ed3-44f8-93b7-24dca69783ff","type":"Microsoft.Authorization/policyDefinitions","name":"e98fe9d7-2ed3-44f8-93b7-24dca69783ff"},{"properties":{"displayName":"Microsoft
+ Managed Control 1487 - Alternate Work Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1487"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e9c3371d-c30c-4f58-abd9-30b8a8199571","type":"Microsoft.Authorization/policyDefinitions","name":"e9c3371d-c30c-4f58-abd9-30b8a8199571"},{"properties":{"displayName":"Remote
debugging should be turned off for API Apps","policyType":"BuiltIn","mode":"Indexed","description":"Remote
debugging requires inbound ports to be opened on an API apps. Remote debugging
should be turned off.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","type":"Microsoft.Authorization/policyDefinitions","name":"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e"},{"properties":{"displayName":"Deprecated
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","type":"Microsoft.Authorization/policyDefinitions","name":"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1363 - Incident Handling | Automated Incident Handling Processes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1363"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ea3e8156-89a1-45b1-8bd6-938abc79fdfd","type":"Microsoft.Authorization/policyDefinitions","name":"ea3e8156-89a1-45b1-8bd6-938abc79fdfd"},{"properties":{"displayName":"Inherit
+ a tag from the resource group if missing","policyType":"BuiltIn","mode":"Indexed","description":"Adds
+ the specified tag with its value from the parent resource group when any resource
+ missing this tag is created or updated. Existing resources can be remediated
+ by triggering a remediation task. If the tag exists with a different value
+ it will not be changed.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"allOf":[{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","exists":"false"},{"value":"[resourceGroup().tags[parameters(''tagName'')]]","notEquals":""}]},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"add","field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","value":"[resourceGroup().tags[parameters(''tagName'')]]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ea3f2387-9b95-492a-a190-fcdc54f7b070","type":"Microsoft.Authorization/policyDefinitions","name":"ea3f2387-9b95-492a-a190-fcdc54f7b070"},{"properties":{"displayName":"Key
+ Vault should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Key Vault not configured to use a virtual network service
+ endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"anyOf":[{"field":"Microsoft.KeyVault/vaults/networkAcls.defaultAction","notEquals":"Deny"},{"field":"Microsoft.KeyVault/vaults/networkAcls.virtualNetworkRules[*].id","exists":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ea4d6841-2173-4317-9747-ff522a45120f","type":"Microsoft.Authorization/policyDefinitions","name":"ea4d6841-2173-4317-9747-ff522a45120f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1422 - Maintenance Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1422"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ea556850-838d-4a37-8ce5-9d7642f95e11","type":"Microsoft.Authorization/policyDefinitions","name":"ea556850-838d-4a37-8ce5-9d7642f95e11"},{"properties":{"displayName":"Microsoft
+ Managed Control 1542 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1542"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eab340d0-3d55-4826-a0e5-feebfeb0131d","type":"Microsoft.Authorization/policyDefinitions","name":"eab340d0-3d55-4826-a0e5-feebfeb0131d"},{"properties":{"displayName":"Ensure
+ Function app has ''Client Certificates (Incoming client certificates)'' set
+ to ''On''","policyType":"BuiltIn","mode":"Indexed","description":"Client certificates
+ allow for the app to request a certificate for incoming requests. Only clients
+ that have a valid certificate will be able to reach the app.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"},{"field":"Microsoft.Web/sites/clientCertEnabled","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c","type":"Microsoft.Authorization/policyDefinitions","name":"eaebaea7-8013-4ceb-9d14-7eb32271373c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1064 - Remote Access | Privileged Commands / Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1064"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eb4d9508-cbf0-4a3c-bb5c-6c95b159f3fb","type":"Microsoft.Authorization/policyDefinitions","name":"eb4d9508-cbf0-4a3c-bb5c-6c95b159f3fb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1321 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1321"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eb627cc6-3a9d-46b5-96b7-5fca49178a37","type":"Microsoft.Authorization/policyDefinitions","name":"eb627cc6-3a9d-46b5-96b7-5fca49178a37"},{"properties":{"displayName":"Log
+ checkpoints should be enabled for PostgreSQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy helps audit any PostgreSQL databases in your environment without log_checkpoints
+ setting enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"log_checkpoints","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d","type":"Microsoft.Authorization/policyDefinitions","name":"eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d"},{"properties":{"displayName":"Log
+ connections should be enabled for PostgreSQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy helps audit any PostgreSQL databases in your environment without log_connections
+ setting enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"log_connections","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e442","type":"Microsoft.Authorization/policyDefinitions","name":"eb6f77b9-bd53-4e35-a23d-7f65d5f0e442"},{"properties":{"displayName":"Disconnections
+ should be logged for PostgreSQL database servers.","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy helps audit any PostgreSQL databases in your environment without log_disconnections
+ enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"log_disconnections","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e446","type":"Microsoft.Authorization/policyDefinitions","name":"eb6f77b9-bd53-4e35-a23d-7f65d5f0e446"},{"properties":{"displayName":"Log
+ duration should be enabled for PostgreSQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy helps audit any PostgreSQL databases in your environment without log_duration
+ setting enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"log_duration","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e8f3","type":"Microsoft.Authorization/policyDefinitions","name":"eb6f77b9-bd53-4e35-a23d-7f65d5f0e8f3"},{"properties":{"displayName":"Deprecated
accounts with owner permissions should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"Deprecated
accounts with owner permissions should be removed from your subscription. Deprecated
accounts are accounts that have been blocked from signing in.","metadata":{"category":"Security
@@ -9920,13 +16837,13 @@ interactions:
Configuration. This policy should only be used along with its corresponding
audit policy in an initiative. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid110"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid110"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","type":"Microsoft.Authorization/policyDefinitions","name":"ec49586f-4939-402d-a29e-6ff502b20592"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Administrative
Templates - Control Panel''","policyType":"BuiltIn","mode":"Indexed","description":"This
@@ -9938,7 +16855,13 @@ interactions:
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesControlPanel","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_AdministrativeTemplatesControlPanel"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ec7ac234-2af5-4729-94d2-c557c071799d","type":"Microsoft.Authorization/policyDefinitions","name":"ec7ac234-2af5-4729-94d2-c557c071799d"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ec7ac234-2af5-4729-94d2-c557c071799d","type":"Microsoft.Authorization/policyDefinitions","name":"ec7ac234-2af5-4729-94d2-c557c071799d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1241 - User-Installed Software | Alerts For Unauthorized Installations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1241"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eca4d7b2-65e2-4e04-95d4-c68606b063c3","type":"Microsoft.Authorization/policyDefinitions","name":"eca4d7b2-65e2-4e04-95d4-c68606b063c3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1622 - Boundary Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1622"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ecf56554-164d-499a-8d00-206b07c27bed","type":"Microsoft.Authorization/policyDefinitions","name":"ecf56554-164d-499a-8d00-206b07c27bed"},{"properties":{"displayName":"Deploy
Diagnostic Settings for Key Vault to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
the diagnostic settings for Key Vault to stream to a regional Event Hub when
any Key Vault which is missing this diagnostic settings is created or updated.","metadata":{"category":"Key
@@ -9954,12 +16877,78 @@ interactions:
logs","description":"Whether to enable logs stream to the Event Hub - True
or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vaultName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"resources":[{"type":"Microsoft.KeyVault/vaults/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''vaultName''),
''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"AuditEvent","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- diagnostic settings for '', parameters(''vaultName''))]"}}},"parameters":{"location":{"value":"[field(''location'')]"},"vaultName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ed7c8c13-51e7-49d1-8a43-8490431a0da2","type":"Microsoft.Authorization/policyDefinitions","name":"ed7c8c13-51e7-49d1-8a43-8490431a0da2"},{"properties":{"displayName":"Vulnerability
+ diagnostic settings for '', parameters(''vaultName''))]"}}},"parameters":{"location":{"value":"[field(''location'')]"},"vaultName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ed7c8c13-51e7-49d1-8a43-8490431a0da2","type":"Microsoft.Authorization/policyDefinitions","name":"ed7c8c13-51e7-49d1-8a43-8490431a0da2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1217 - Least Functionality | Periodic Review","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1217"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/edea4f20-b02c-4115-be75-86c080e5c0ed","type":"Microsoft.Authorization/policyDefinitions","name":"edea4f20-b02c-4115-be75-86c080e5c0ed"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Stream Analytics to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Stream Analytics to stream to a regional Event
+ Hub when any Stream Analytics which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingjobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.StreamAnalytics/streamingjobs/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Execution","enabled":"[parameters(''logsEnabled'')]"},{"category":"Authoring","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/edf3780c-3d70-40fe-b17e-ab72013dafca","type":"Microsoft.Authorization/policyDefinitions","name":"edf3780c-3d70-40fe-b17e-ab72013dafca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1189 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1189"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ee45e02a-4140-416c-82c4-fecfea660b9d","type":"Microsoft.Authorization/policyDefinitions","name":"ee45e02a-4140-416c-82c4-fecfea660b9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1089 - Security Awareness Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1089"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef080e67-0d1a-4f76-a0c5-fb9b0358485e","type":"Microsoft.Authorization/policyDefinitions","name":"ef080e67-0d1a-4f76-a0c5-fb9b0358485e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1314 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1314"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef0c8530-efd9-45b8-b753-f03083d06295","type":"Microsoft.Authorization/policyDefinitions","name":"ef0c8530-efd9-45b8-b753-f03083d06295"},{"properties":{"displayName":"Microsoft
+ Managed Control 1128 - Time Stamps","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1128"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef212163-3bc4-4e86-bcf8-705127086393","type":"Microsoft.Authorization/policyDefinitions","name":"ef212163-3bc4-4e86-bcf8-705127086393"},{"properties":{"displayName":"Vulnerability
assessment should be enabled on your SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"Audit
Azure SQL servers which do not have recurring vulnerability assessment scans
enabled. Vulnerability assessment can discover, track, and help you remediate
potential database vulnerabilities.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/vulnerabilityAssessments/recurringScans.isEnabled","equals":"True"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","type":"Microsoft.Authorization/policyDefinitions","name":"ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Event Hub to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Event Hub to stream to a regional Event Hub when
+ any Event Hub which is missing this diagnostic settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.EventHub/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ArchiveLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"AutoScaleLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"KafkaCoordinatorLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"EventHubVNetConnectionEvent","enabled":"[parameters(''logsEnabled'')]"},{"category":"CustomerManagedKeyUserLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef7b61ef-b8e4-4c91-8e78-6946c6b0023f","type":"Microsoft.Authorization/policyDefinitions","name":"ef7b61ef-b8e4-4c91-8e78-6946c6b0023f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1472 - Emergency Shutoff","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1472"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef869332-921d-4c28-9402-3be73e6e50c8","type":"Microsoft.Authorization/policyDefinitions","name":"ef869332-921d-4c28-9402-3be73e6e50c8"},{"properties":{"displayName":"The
+ Log Analytics agent should be installed on Virtual Machine Scale Sets","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Windows/Linux Virtual Machine Scale Sets if the Log Analytics
+ agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","in":["MicrosoftMonitoringAgent","OmsAgentForLinux"]},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/provisioningState","equals":"Succeeded"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/settings.workspaceId","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf","type":"Microsoft.Authorization/policyDefinitions","name":"efbde977-ba53-4479-b8e9-10b957924fbf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1012 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1012"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/efd7b9ae-1db6-4eb6-b0fe-87e6565f9738","type":"Microsoft.Authorization/policyDefinitions","name":"efd7b9ae-1db6-4eb6-b0fe-87e6565f9738"},{"properties":{"displayName":"Microsoft
+ Managed Control 1358 - Incident Response Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1358"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/effbaeef-5bf4-400d-895e-ef8cbc0e64c7","type":"Microsoft.Authorization/policyDefinitions","name":"effbaeef-5bf4-400d-895e-ef8cbc0e64c7"},{"properties":{"displayName":"Ensure
+ that Register with Azure Active Directory is enabled on Function App","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0473e7a-a1ba-4e86-afb2-e829e11b01d8","type":"Microsoft.Authorization/policyDefinitions","name":"f0473e7a-a1ba-4e86-afb2-e829e11b01d8"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that have the specified applications installed","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
that have the specified applications installed. It also creates a system-assigned
@@ -9971,14 +16960,30 @@ interactions:
names of the applications that should not be installed. e.g. ''Microsoft SQL
Server 2014 (64-bit); Microsoft Visual Studio Code'' or ''Microsoft SQL Server
2014*'' (to match any application starting with ''Microsoft SQL Server 2014'')"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"NotInstalledApplication","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[InstalledApplication]NotInstalledApplicationResource1;Name'',
- ''='', parameters(''ApplicationName'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"NotInstalledApplication"},"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ApplicationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]NotInstalledApplicationResource1;Name","value":"[parameters(''ApplicationName'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]NotInstalledApplicationResource1;Name","value":"[parameters(''ApplicationName'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2","type":"Microsoft.Authorization/policyDefinitions","name":"f0633351-c7b2-41ff-9981-508fc08553c2"},{"properties":{"displayName":"[Preview]:
+ ''='', parameters(''ApplicationName'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"NotInstalledApplication"},"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ApplicationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]NotInstalledApplicationResource1;Name","value":"[parameters(''ApplicationName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]NotInstalledApplicationResource1;Name","value":"[parameters(''ApplicationName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2","type":"Microsoft.Authorization/policyDefinitions","name":"f0633351-c7b2-41ff-9981-508fc08553c2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1531 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1531"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0643e0c-eee5-4113-8684-c608d05c5236","type":"Microsoft.Authorization/policyDefinitions","name":"f0643e0c-eee5-4113-8684-c608d05c5236"},{"properties":{"displayName":"Latest
+ TLS version should be used in your Web App","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
+ to the latest TLS version","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","type":"Microsoft.Authorization/policyDefinitions","name":"f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1028 - Information Flow Enforcement","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1028"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f171df5c-921b-41e9-b12b-50801c315475","type":"Microsoft.Authorization/policyDefinitions","name":"f171df5c-921b-41e9-b12b-50801c315475"},{"properties":{"displayName":"Virtual
+ networks should use specified virtual network gateway","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any virtual network if the default route does not point to the
+ specified virtual network gateway.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"virtualNetworkGatewayId":{"type":"String","metadata":{"displayName":"Virtual
+ network gateway Id","description":"Resource Id of the virtual network gateway.
+ Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroup/providers/Microsoft.Network/virtualNetworkGateways/Name"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/virtualNetworks"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Network/virtualNetworks/subnets","name":"GatewaySubnet","existenceCondition":{"not":{"field":"Microsoft.Network/virtualNetworks/subnets/ipConfigurations[*].id","notContains":"[concat(parameters(''virtualNetworkGatewayId''),
+ ''/'')]"}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f1776c76-f58c-4245-a8d0-2b207198dc8b","type":"Microsoft.Authorization/policyDefinitions","name":"f1776c76-f58c-4245-a8d0-2b207198dc8b"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Linux VMs that do not have the passwd file permissions
set to 0644","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Linux virtual machines that
@@ -9986,13 +16991,13 @@ interactions:
managed identity and deploys the VM extension for Guest Configuration. This
policy should only be used along with its corresponding audit policy in an
initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid121"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid121"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","type":"Microsoft.Authorization/policyDefinitions","name":"f19aa1c1-6b91-4c27-ae6a-970279f03db9"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Adminstrative
Templates - MSS (Legacy)''","policyType":"BuiltIn","mode":"Indexed","description":"This
@@ -10004,7 +17009,24 @@ interactions:
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdminstrativeTemplatesMSSLegacy","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_AdminstrativeTemplatesMSSLegacy"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f1f4825d-58fb-4257-8016-8c00e3c9ed9d","type":"Microsoft.Authorization/policyDefinitions","name":"f1f4825d-58fb-4257-8016-8c00e3c9ed9d"},{"properties":{"displayName":"Show
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f1f4825d-58fb-4257-8016-8c00e3c9ed9d","type":"Microsoft.Authorization/policyDefinitions","name":"f1f4825d-58fb-4257-8016-8c00e3c9ed9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1701 - Information System Monitoring | Host-Based Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1701"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f25bc08f-27cb-43b6-9a23-014d00700426","type":"Microsoft.Authorization/policyDefinitions","name":"f25bc08f-27cb-43b6-9a23-014d00700426"},{"properties":{"displayName":"Microsoft
+ Managed Control 1457 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1457"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f2d9d3e6-8886-4305-865d-639163e5c305","type":"Microsoft.Authorization/policyDefinitions","name":"f2d9d3e6-8886-4305-865d-639163e5c305"},{"properties":{"displayName":"Microsoft
+ Managed Control 1309 - Identification And Authentication (Org. Users) | Acceptance
+ Of Piv Credentials","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1309"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f355d62b-39a8-4ba3-abf7-90f71cb3b000","type":"Microsoft.Authorization/policyDefinitions","name":"f355d62b-39a8-4ba3-abf7-90f71cb3b000"},{"properties":{"displayName":"Microsoft
+ Managed Control 1615 - System And Communications Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1615"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f35e02aa-0a55-49f8-8811-8abfa7e6f2c0","type":"Microsoft.Authorization/policyDefinitions","name":"f35e02aa-0a55-49f8-8811-8abfa7e6f2c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1255 - Contingency Plan | Continue Essential Missions / Business
+ Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1255"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f3793f5e-937f-44f7-bfba-40647ef3efa0","type":"Microsoft.Authorization/policyDefinitions","name":"f3793f5e-937f-44f7-bfba-40647ef3efa0"},{"properties":{"displayName":"Show
audit results from Windows VMs in which the Administrators group does not
contain all of the specified members","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -10020,7 +17042,10 @@ interactions:
VMs that do not contain the specified certificates in the Trusted Root Certification
Authorities certificate store (Cert:\\LocalMachine\\Root). For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsCertificateInTrustedRoot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f3b9ad83-000d-4dc1-bff0-6d54533dd03f","type":"Microsoft.Authorization/policyDefinitions","name":"f3b9ad83-000d-4dc1-bff0-6d54533dd03f"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsCertificateInTrustedRoot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f3b9ad83-000d-4dc1-bff0-6d54533dd03f","type":"Microsoft.Authorization/policyDefinitions","name":"f3b9ad83-000d-4dc1-bff0-6d54533dd03f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1706 - Security Alerts, Advisories, And Directives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1706"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f475ee0e-f560-4c9b-876b-04a77460a404","type":"Microsoft.Authorization/policyDefinitions","name":"f475ee0e-f560-4c9b-876b-04a77460a404"},{"properties":{"displayName":"[Preview]:
Audit Log Analytics Workspace for VM - Report Mismatch","policyType":"BuiltIn","mode":"Indexed","description":"Reports
VMs as non-compliant if they not logging to the LA workspace specified in
the policy/initiative assignment.","metadata":{"category":"Monitoring"},"parameters":{"logAnalyticsWorkspaceId":{"type":"String","metadata":{"displayName":"Log
@@ -10037,7 +17062,9 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that do not have the password complexity setting enabled.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","type":"Microsoft.Authorization/policyDefinitions","name":"f48b2913-1dc5-4834-8c72-ccc1dfd819bb"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","type":"Microsoft.Authorization/policyDefinitions","name":"f48b2913-1dc5-4834-8c72-ccc1dfd819bb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1495 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1495"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f4978d0e-a596-48e7-9f8c-bbf52554ce8d","type":"Microsoft.Authorization/policyDefinitions","name":"f4978d0e-a596-48e7-9f8c-bbf52554ce8d"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that have not restarted within the
specified number of days","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -10049,13 +17076,13 @@ interactions:
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"NumberOfDays":{"type":"String","metadata":{"displayName":"Number
of days","description":"The number of days without restart until the machine
is considered non-compliant"},"defaultValue":"12"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MachineLastBootUpTime","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[MachineUpTime]MachineLastBootUpTime;NumberOfDays'',
- ''='', parameters(''NumberOfDays'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MachineLastBootUpTime"},"NumberOfDays":{"value":"[parameters(''NumberOfDays'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"NumberOfDays":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[MachineUpTime]MachineLastBootUpTime;NumberOfDays","value":"[parameters(''NumberOfDays'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[MachineUpTime]MachineLastBootUpTime;NumberOfDays","value":"[parameters(''NumberOfDays'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''='', parameters(''NumberOfDays'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MachineLastBootUpTime"},"NumberOfDays":{"value":"[parameters(''NumberOfDays'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"NumberOfDays":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[MachineUpTime]MachineLastBootUpTime;NumberOfDays","value":"[parameters(''NumberOfDays'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[MachineUpTime]MachineLastBootUpTime;NumberOfDays","value":"[parameters(''NumberOfDays'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f4b245d4-46c9-42be-9b1a-49e2b5b94194","type":"Microsoft.Authorization/policyDefinitions","name":"f4b245d4-46c9-42be-9b1a-49e2b5b94194"},{"properties":{"displayName":"Deploy
Auditing on SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy ensures that Auditing is enabled on SQL Servers for enhanced security
@@ -10072,7 +17099,13 @@ interactions:
0, 3)]","storageName":"[tolower(concat(''sqlaudit'', variables(''locationCode''),
variables(''uniqueStorage'')))]","createStorageAccountDeploymentName":"[concat(''sqlServerAuditingStorageAccount-'',
uniqueString(variables(''locationCode''), parameters(''serverName'')))]"},"resources":[{"apiVersion":"2017-05-10","name":"[variables(''createStorageAccountDeploymentName'')]","type":"Microsoft.Resources/deployments","resourceGroup":"[parameters(''storageAccountsResourceGroup'')]","properties":{"mode":"Incremental","parameters":{"location":{"value":"[parameters(''location'')]"},"storageName":{"value":"[variables(''storageName'')]"}},"templateLink":{"uri":"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json","contentVersion":"1.0.0.0"}}},{"name":"[concat(parameters(''serverName''),
- ''/Default'')]","type":"Microsoft.Sql/servers/auditingSettings","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","storageEndpoint":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountEndPoint.value]","storageAccountAccessKey":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountKey.value]","retentionDays":"[variables(''retentionDays'')]","auditActionsAndGroups":null,"storageAccountSubscriptionId":"[subscription().subscriptionId]","isStorageSecondaryKeyInUse":false}}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"auditRetentionDays":{"value":"[parameters(''retentionDays'')]"},"storageAccountsResourceGroup":{"value":"[parameters(''storageAccountsResourceGroup'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036","type":"Microsoft.Authorization/policyDefinitions","name":"f4c68484-132f-41f9-9b6d-3e4b1cb55036"},{"properties":{"displayName":"[Preview]:
+ ''/Default'')]","type":"Microsoft.Sql/servers/auditingSettings","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","storageEndpoint":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountEndPoint.value]","storageAccountAccessKey":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountKey.value]","retentionDays":"[variables(''retentionDays'')]","auditActionsAndGroups":null,"storageAccountSubscriptionId":"[subscription().subscriptionId]","isStorageSecondaryKeyInUse":false}}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"auditRetentionDays":{"value":"[parameters(''retentionDays'')]"},"storageAccountsResourceGroup":{"value":"[parameters(''storageAccountsResourceGroup'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036","type":"Microsoft.Authorization/policyDefinitions","name":"f4c68484-132f-41f9-9b6d-3e4b1cb55036"},{"properties":{"displayName":"Microsoft
+ Managed Control 1469 - Power Equipment And Cabling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1469"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd","type":"Microsoft.Authorization/policyDefinitions","name":"f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1618 - Security Function Isolation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1618"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f52f89aa-4489-4ec4-950e-8c96a036baa9","type":"Microsoft.Authorization/policyDefinitions","name":"f52f89aa-4489-4ec4-950e-8c96a036baa9"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Network Access''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -10108,13 +17141,42 @@ interactions:
access: Remotely accessible registry paths;ExpectedValue","value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPaths'')]"},{"name":"Network
access: Remotely accessible registry paths and sub-paths;ExpectedValue","value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths'')]"},{"name":"Network
access: Shares that can be accessed anonymously;ExpectedValue","value":"[parameters(''NetworkAccessSharesThatCanBeAccessedAnonymously'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f56a3ab2-89d1-44de-ac0d-2ada5962e22a","type":"Microsoft.Authorization/policyDefinitions","name":"f56a3ab2-89d1-44de-ac0d-2ada5962e22a"},{"properties":{"displayName":"Virtual
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f56a3ab2-89d1-44de-ac0d-2ada5962e22a","type":"Microsoft.Authorization/policyDefinitions","name":"f56a3ab2-89d1-44de-ac0d-2ada5962e22a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1198 - Configuration Change Control | Security Representative","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1198"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f56be5c3-660b-4c61-9078-f67cf072c356","type":"Microsoft.Authorization/policyDefinitions","name":"f56be5c3-660b-4c61-9078-f67cf072c356"},{"properties":{"displayName":"Microsoft
+ Managed Control 1328 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1328"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f5c66fdc-3d02-4034-9db5-ba57802609de","type":"Microsoft.Authorization/policyDefinitions","name":"f5c66fdc-3d02-4034-9db5-ba57802609de"},{"properties":{"displayName":"Microsoft
+ Managed Control 1193 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1193"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f5fd629f-3075-4cae-ab53-bad65495a4ac","type":"Microsoft.Authorization/policyDefinitions","name":"f5fd629f-3075-4cae-ab53-bad65495a4ac"},{"properties":{"displayName":"Virtual
machines should be associated with a Network Security Group","policyType":"BuiltIn","mode":"All","description":"Protect
your VM from potential threats by restricting access to it with a Network
Security Group (NSG). NSGs contain a list of Access Control List (ACL) rules
that allow or deny network traffic to your VM from other instances, in or
outside the same subnet.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnVirtualMachines","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","type":"Microsoft.Authorization/policyDefinitions","name":"f6de0be7-9a8a-4b8a-b349-43cf02d22f7c"},{"properties":{"displayName":"Show
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnVirtualMachines","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","type":"Microsoft.Authorization/policyDefinitions","name":"f6de0be7-9a8a-4b8a-b349-43cf02d22f7c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1214 - Least Functionality","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1214"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f714a4e2-b580-47b6-ae8c-f2812d3750f3","type":"Microsoft.Authorization/policyDefinitions","name":"f714a4e2-b580-47b6-ae8c-f2812d3750f3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1591 - External Information System Services | Ident. Of Functions
+ / Ports / Protocols / Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1591"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f751cdb7-fbee-406b-969b-815d367cb9b3","type":"Microsoft.Authorization/policyDefinitions","name":"f751cdb7-fbee-406b-969b-815d367cb9b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1330 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1330"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f75cedb2-5def-4b31-973e-b69e8c7bd031","type":"Microsoft.Authorization/policyDefinitions","name":"f75cedb2-5def-4b31-973e-b69e8c7bd031"},{"properties":{"displayName":"Microsoft
+ Managed Control 1540 - Security Categorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1540"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f771f8cb-6642-45cc-9a15-8a41cd5c6977","type":"Microsoft.Authorization/policyDefinitions","name":"f771f8cb-6642-45cc-9a15-8a41cd5c6977"},{"properties":{"displayName":"Microsoft
+ Managed Control 1449 - Physical Access Authorizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1449"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f784d3b0-5f2b-49b7-b9f3-00ba8653ced5","type":"Microsoft.Authorization/policyDefinitions","name":"f784d3b0-5f2b-49b7-b9f3-00ba8653ced5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1506 - Personnel Security Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1506"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f7d2ff17-d604-4dd9-b607-9ecf63f28ad2","type":"Microsoft.Authorization/policyDefinitions","name":"f7d2ff17-d604-4dd9-b607-9ecf63f28ad2"},{"properties":{"displayName":"Show
audit results from Windows VMs that do not have the specified Windows PowerShell
execution policy","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -10122,11 +17184,20 @@ interactions:
auditing Windows virtual machines where Windows PowerShell is not configured
to use the specified PowerShell execution policy. For more information on
Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellExecutionPolicy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8036bd0-c10b-4931-86bb-94a878add855","type":"Microsoft.Authorization/policyDefinitions","name":"f8036bd0-c10b-4931-86bb-94a878add855"},{"properties":{"displayName":"External
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellExecutionPolicy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8036bd0-c10b-4931-86bb-94a878add855","type":"Microsoft.Authorization/policyDefinitions","name":"f8036bd0-c10b-4931-86bb-94a878add855"},{"properties":{"displayName":"Microsoft
+ Managed Control 1705 - Security Alerts, Advisories, And Directives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1705"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f82e3639-fa2b-4e06-a786-932d8379b972","type":"Microsoft.Authorization/policyDefinitions","name":"f82e3639-fa2b-4e06-a786-932d8379b972"},{"properties":{"displayName":"External
accounts with owner permissions should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"External
accounts with owner permissions should be removed from your subscription in
order to prevent unmonitored access.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","type":"Microsoft.Authorization/policyDefinitions","name":"f8456c1c-aa66-4dfb-861a-25d127b775c9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","type":"Microsoft.Authorization/policyDefinitions","name":"f8456c1c-aa66-4dfb-861a-25d127b775c9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1345 - Cryptographic Module Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1345"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f86aa129-7c07-4aa4-bbf5-792d93ffd9ea","type":"Microsoft.Authorization/policyDefinitions","name":"f86aa129-7c07-4aa4-bbf5-792d93ffd9ea"},{"properties":{"displayName":"Microsoft
+ Managed Control 1065 - Remote Access | Privileged Commands / Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1065"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f87b8085-dca9-4cf1-8f7b-9822b997797c","type":"Microsoft.Authorization/policyDefinitions","name":"f87b8085-dca9-4cf1-8f7b-9822b997797c"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - System''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -10151,20 +17222,69 @@ interactions:
your network is compromised","metadata":{"category":"Service Bus"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","type":"Microsoft.Authorization/policyDefinitions","name":"f8d36e2f-389b-4ee4-898d-21aeb69a0f45"},{"properties":{"displayName":"Diagnostic
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","type":"Microsoft.Authorization/policyDefinitions","name":"f8d36e2f-389b-4ee4-898d-21aeb69a0f45"},{"properties":{"displayName":"Microsoft
+ Managed Control 1203 - Access Restrictions For Change | Automated Access Enforcement
+ / Auditing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1203"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9012d14-e3e6-4d7b-b926-9f37b5537066","type":"Microsoft.Authorization/policyDefinitions","name":"f9012d14-e3e6-4d7b-b926-9f37b5537066"},{"properties":{"displayName":"Microsoft
+ Managed Control 1697 - Information System Monitoring | Analyze Traffic / Covert
+ Exfiltration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1697"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9873db2-18ad-46b3-a11a-1a1f8cbf0335","type":"Microsoft.Authorization/policyDefinitions","name":"f9873db2-18ad-46b3-a11a-1a1f8cbf0335"},{"properties":{"displayName":"Microsoft
+ Managed Control 1478 - Fire Protection | Suppression Devices / Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1478"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f997df46-cfbb-4cc8-aac8-3fecdaf6a183","type":"Microsoft.Authorization/policyDefinitions","name":"f997df46-cfbb-4cc8-aac8-3fecdaf6a183"},{"properties":{"displayName":"Microsoft
+ Managed Control 1535 - Personnel Sanctions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1535"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9a165d2-967d-4733-8399-1074270dae2e","type":"Microsoft.Authorization/policyDefinitions","name":"f9a165d2-967d-4733-8399-1074270dae2e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1108 - Content Of Audit Records | Additional Audit Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1108"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9ad559e-c12d-415e-9a78-e50fdd7da7ba","type":"Microsoft.Authorization/policyDefinitions","name":"f9ad559e-c12d-415e-9a78-e50fdd7da7ba"},{"properties":{"displayName":"Diagnostic
logs in Azure Stream Analytics should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Stream Analytics"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingJobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","type":"Microsoft.Authorization/policyDefinitions","name":"f9be5368-9bf5-4b84-9e0a-7850da98bb46"},{"properties":{"displayName":"[Preview]:
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingJobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","type":"Microsoft.Authorization/policyDefinitions","name":"f9be5368-9bf5-4b84-9e0a-7850da98bb46"},{"properties":{"displayName":"Latest
+ TLS version should be used in your Function App","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
+ to the latest TLS version","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","type":"Microsoft.Authorization/policyDefinitions","name":"f9d614c5-c173-4d56-95a7-b4437057d193"},{"properties":{"displayName":"Microsoft
+ Managed Control 1280 - Telecommunications Services | Priority Of Service Provisions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1280"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fa108498-b3a8-4ffb-9e79-1107e76afad3","type":"Microsoft.Authorization/policyDefinitions","name":"fa108498-b3a8-4ffb-9e79-1107e76afad3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1037 - Least Privilege | Network Access To Privileged Commands","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1037"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fa4c2a3d-1294-41a3-9ada-0e540471e9fb","type":"Microsoft.Authorization/policyDefinitions","name":"fa4c2a3d-1294-41a3-9ada-0e540471e9fb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1435 - Media Transport","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1435"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fa8d221b-d130-4637-ba16-501e666628bb","type":"Microsoft.Authorization/policyDefinitions","name":"fa8d221b-d130-4637-ba16-501e666628bb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1675 - Flaw Remediation | Time To Remediate Flaws / Benchmarks
+ For Corrective Actions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1675"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/facb66e0-1c48-478a-bed5-747a312323e1","type":"Microsoft.Authorization/policyDefinitions","name":"facb66e0-1c48-478a-bed5-747a312323e1"},{"properties":{"displayName":"Deploy
+ prerequisites to enable Guest Configuration Policy on Linux VMs.","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a system-assigned managed identity and deploys the VM extension
+ for Guest Configuration on Linux VMs. This is a prerequisites for Guest Configuration
+ Policy and must be assigned to the scope before using any Guest Configuration
+ policy. For more information on Guest Configuration policies, please visit
+ https://aka.ms/gcpol.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.Compute/virtualMachines/extensions","name":"AzurePolicyforLinux","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.GuestConfiguration"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"ConfigurationforLinux"}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"resources":[{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}}}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb27e9e0-526e-4ae1-89f2-a2a0bf0f8a50","type":"Microsoft.Authorization/policyDefinitions","name":"fb27e9e0-526e-4ae1-89f2-a2a0bf0f8a50"},{"properties":{"displayName":"Microsoft
+ Managed Control 1086 - Publicly Accessible Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1086"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb321e6f-16a0-4be3-878f-500956e309c5","type":"Microsoft.Authorization/policyDefinitions","name":"fb321e6f-16a0-4be3-878f-500956e309c5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1222 - Information System Component Inventory","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1222"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb39e62f-6bda-4558-8088-ec03d5670914","type":"Microsoft.Authorization/policyDefinitions","name":"fb39e62f-6bda-4558-8088-ec03d5670914"},{"properties":{"displayName":"[Preview]:
Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
your Kubernetes service cluster to a later Kubernetes version to protect against
known vulnerabilities in your current Kubernetes version. Vulnerability CVE-2019-9946
has been patched in Kubernetes versions 1.11.9+, 1.12.7+, 1.13.5+, and 1.14.0+","metadata":{"category":"Security
Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.13.4","1.13.3","1.13.2","1.13.1","1.13.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.12.6","1.12.5","1.12.4","1.12.3","1.12.2","1.12.1","1.12.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.11.8","1.11.7","1.11.6","1.11.5","1.11.4","1.11.3","1.11.2","1.11.1","1.11.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.10.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.9.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.8.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.7.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.6.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.5.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.4.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.3.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.2.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.1.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.0.*"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","type":"Microsoft.Authorization/policyDefinitions","name":"fb893a29-21bb-418c-a157-e99480ec364c"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.13.4","1.13.3","1.13.2","1.13.1","1.13.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.12.6","1.12.5","1.12.4","1.12.3","1.12.2","1.12.1","1.12.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.11.8","1.11.7","1.11.6","1.11.5","1.11.4","1.11.3","1.11.2","1.11.1","1.11.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.10.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.9.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.8.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.7.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.6.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.5.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.4.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.3.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.2.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.1.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.0.*"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","type":"Microsoft.Authorization/policyDefinitions","name":"fb893a29-21bb-418c-a157-e99480ec364c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1075 - Access Control For Mobile Devices | Full Device / Container-Based Encryption","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1075"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fc933d22-04df-48ed-8f87-22a3773d4309","type":"Microsoft.Authorization/policyDefinitions","name":"fc933d22-04df-48ed-8f87-22a3773d4309"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Microsoft Network Client''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -10172,7 +17292,35 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - Microsoft Network Client''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkClient","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fcbc55c9-f25a-4e55-a6cb-33acb3be778b","type":"Microsoft.Authorization/policyDefinitions","name":"fcbc55c9-f25a-4e55-a6cb-33acb3be778b"},{"properties":{"displayName":"Show
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkClient","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fcbc55c9-f25a-4e55-a6cb-33acb3be778b","type":"Microsoft.Authorization/policyDefinitions","name":"fcbc55c9-f25a-4e55-a6cb-33acb3be778b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1318 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1318"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fced5fda-3bdb-4d73-bfea-0e2c80428b66","type":"Microsoft.Authorization/policyDefinitions","name":"fced5fda-3bdb-4d73-bfea-0e2c80428b66"},{"properties":{"displayName":"Microsoft
+ Managed Control 1543 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1543"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd00b778-b5b5-49c0-a994-734ea7bd3624","type":"Microsoft.Authorization/policyDefinitions","name":"fd00b778-b5b5-49c0-a994-734ea7bd3624"},{"properties":{"displayName":"Microsoft
+ Managed Control 1707 - Security Alerts, Advisories, And Directives | Automated
+ Alerts And Advisories","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1707"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd4a2ac8-868a-4702-a345-6c896c3361ce","type":"Microsoft.Authorization/policyDefinitions","name":"fd4a2ac8-868a-4702-a345-6c896c3361ce"},{"properties":{"displayName":"Microsoft
+ Managed Control 1299 - Identification And Authentication Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1299"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd4e54f7-9ab0-4bae-b6cc-457809948a89","type":"Microsoft.Authorization/policyDefinitions","name":"fd4e54f7-9ab0-4bae-b6cc-457809948a89"},{"properties":{"displayName":"Microsoft
+ Managed Control 1627 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1627"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd73310d-76fc-422d-bda4-3a077149f179","type":"Microsoft.Authorization/policyDefinitions","name":"fd73310d-76fc-422d-bda4-3a077149f179"},{"properties":{"displayName":"Microsoft
+ Managed Control 1130 - Time Stamps | Synchronization With Authoritative Time
+ Source","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1130"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd7c4c1d-51ee-4349-9dab-89a7f8c8d102","type":"Microsoft.Authorization/policyDefinitions","name":"fd7c4c1d-51ee-4349-9dab-89a7f8c8d102"},{"properties":{"displayName":"Microsoft
+ Managed Control 1611 - Developer-Provided Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1611"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f","type":"Microsoft.Authorization/policyDefinitions","name":"fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1405 - Maintenance Tools | Inspect Tools","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1405"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b","type":"Microsoft.Authorization/policyDefinitions","name":"fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1613 - Developer Security Architecture And Design","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1613"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fe2ad78b-8748-4bff-a924-f74dfca93f30","type":"Microsoft.Authorization/policyDefinitions","name":"fe2ad78b-8748-4bff-a924-f74dfca93f30"},{"properties":{"displayName":"Show
audit results from Linux VMs that do not have the specified applications installed","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
@@ -10182,8 +17330,20 @@ interactions:
on your SQL databases should be remediated","policyType":"BuiltIn","mode":"Indexed","description":"Monitor
Vulnerability Assessment scan results and recommendations for how to remediate
database vulnerabilities.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Sql/servers/databases","Microsoft.Sql/managedinstances/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"sqlVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","type":"Microsoft.Authorization/policyDefinitions","name":"feedbf84-6b99-488c-acc2-71c829aa5ffc"},{"properties":{"displayName":"[Limited
- Preview]: Ensure containers listen only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Sql/servers/databases","Microsoft.Sql/managedinstances/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"sqlVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","type":"Microsoft.Authorization/policyDefinitions","name":"feedbf84-6b99-488c-acc2-71c829aa5ffc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1407 - Maintenance Tools | Prevent Unauthorized Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1407"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ff9fbd83-1d8d-4b41-aac2-94cb44b33976","type":"Microsoft.Authorization/policyDefinitions","name":"ff9fbd83-1d8d-4b41-aac2-94cb44b33976"},{"properties":{"displayName":"Microsoft
+ Managed Control 1158 - Security Authorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1158"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fff50cf2-28eb-45b4-b378-c99412688907","type":"Microsoft.Authorization/policyDefinitions","name":"fff50cf2-28eb-45b4-b378-c99412688907"},{"properties":{"displayName":"[Preview]:
+ Manage certificate validity period","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the maximum validity period for certificates in months.","metadata":{"category":"Key
+ Vault","preview":true},"parameters":{"maximumValidityInMonths":{"type":"Integer","metadata":{"displayName":"The
+ maximum validity in months","description":"The limit to how long a certificate
+ may be valid for. Certificates with lengthy validity periods aren''t best
+ practice."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/properties.validityInMonths","greater":"[parameters(''maximumValidityInMonths'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560","type":"Microsoft.Authorization/policyDefinitions","name":"0a075868-4c26-42ef-914c-5bc007359560"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Ensure containers listen only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces containers to listen only on allowed ports in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
@@ -10191,8 +17351,25 @@ interactions:
service"},"parameters":{"allowedContainerPortsRegex":{"type":"String","metadata":{"displayName":"Allowed
container ports regex","description":"Regex representing container ports allowed
in Kubernetes cluster. E.g. Regex for allowing ports 443,446 is ^(443|446)$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerAllowedPorts","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-allowed-ports/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedContainerPortsRegex":"[parameters(''allowedContainerPortsRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f636243-1b1c-4d50-880f-310f6199f2cb","type":"Microsoft.Authorization/policyDefinitions","name":"0f636243-1b1c-4d50-880f-310f6199f2cb"},{"properties":{"displayName":"[Limited
- Preview]: Enforce labels on pods in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerAllowedPorts","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-allowed-ports/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedContainerPortsRegex":"[parameters(''allowedContainerPortsRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f636243-1b1c-4d50-880f-310f6199f2cb","type":"Microsoft.Authorization/policyDefinitions","name":"0f636243-1b1c-4d50-880f-310f6199f2cb"},{"properties":{"displayName":"[Preview]:
+ Manage allowed certificate key types","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the allowed key types for certificates.","metadata":{"category":"Key
+ Vault","preview":true},"parameters":{"allowedKeyTypes":{"type":"Array","metadata":{"displayName":"Allowed
+ key types","description":"The list of allowed certificate key types."},"allowedValues":["RSA","RSA-HSM","EC","EC-HSM"],"defaultValue":["RSA","RSA-HSM"]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType","notIn":"[parameters(''allowedKeyTypes'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f","type":"Microsoft.Authorization/policyDefinitions","name":"1151cede-290b-4ba0-8b38-0ad145ac888f"},{"properties":{"displayName":"[Preview]:
+ Manage certificate lifetime action triggers","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the configuration for certificate lifetime action triggers
+ before certificate expiration.","metadata":{"category":"Key Vault","preview":true},"parameters":{"maximumPercentageLife":{"type":"Integer","metadata":{"displayName":"The
+ maximum lifetime percentage","description":"Enter the percentage of lifetime
+ of the certificate when you want to trigger the policy action. For example,
+ to trigger a policy action at 80% of the certificate''s valid life, enter
+ ''80''."}},"minimumDaysBeforeExpiry":{"type":"Integer","metadata":{"displayName":"The
+ minimum days before expiry","description":"Enter the days before expiration
+ of the certificate when you want to trigger the policy action. For example,
+ to trigger a policy action 90 days before the certificate''s expiration, enter
+ ''90''."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.daysBeforeExpiry","exists":"True"},{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.daysBeforeExpiry","less":"[parameters(''minimumDaysBeforeExpiry'')]"}]},{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.lifetimePercentage","exists":"True"},{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.lifetimePercentage","greater":"[parameters(''maximumPercentageLife'')]"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417","type":"Microsoft.Authorization/policyDefinitions","name":"12ef42cb-9903-4e39-9c26-422d29570417"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Enforce labels on pods in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces the specified labels are provided for pods in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
@@ -10200,8 +17377,20 @@ interactions:
service"},"parameters":{"commaSeparatedListOfLabels":{"type":"String","metadata":{"displayName":"Comma-separated
list of labels","description":"A comma-separated list of labels to be specified
on Pods in Kubernetes cluster. E.g. test1,test2"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"PodEnforceLabels","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/pod-enforce-labels/limited-preview/gatekeeperpolicy.rego","policyParameters":{"commaSeparatedListOfLabels":"[parameters(''commaSeparatedListOfLabels'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16c6ca72-89d2-4798-b87e-496f9de7fcb7","type":"Microsoft.Authorization/policyDefinitions","name":"16c6ca72-89d2-4798-b87e-496f9de7fcb7"},{"properties":{"displayName":"[Limited
- Preview]: Ensure services listen only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"PodEnforceLabels","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/pod-enforce-labels/limited-preview/gatekeeperpolicy.rego","policyParameters":{"commaSeparatedListOfLabels":"[parameters(''commaSeparatedListOfLabels'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16c6ca72-89d2-4798-b87e-496f9de7fcb7","type":"Microsoft.Authorization/policyDefinitions","name":"16c6ca72-89d2-4798-b87e-496f9de7fcb7"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Enforce HTTPS ingress in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces HTTPS ingress in a Kubernetes cluster. For instructions on
+ using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-https-only/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-https-only/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d","type":"Microsoft.Authorization/policyDefinitions","name":"1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Ensure services listen only on allowed ports in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces services to listen only on allowed ports in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"allowedServicePortsList":{"type":"Array","metadata":{"displayName":"Allowed
+ service ports list","description":"The list of service ports allowed in a
+ Kubernetes cluster."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/service-allowed-ports/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/service-allowed-ports/constraint.yaml","values":{"allowedServicePorts":"[parameters(''allowedServicePortsList'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/233a2a17-77ca-4fb1-9b6b-69223d272a44","type":"Microsoft.Authorization/policyDefinitions","name":"233a2a17-77ca-4fb1-9b6b-69223d272a44"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Ensure services listen only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces services to listen only on allowed ports in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
@@ -10210,14 +17399,34 @@ interactions:
service ports regex","description":"Regex representing service ports allowed
in Kubernetes cluster. E.g. Regex for allowing ports 443,446 is ^(443|446)$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ServiceAllowedPorts","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/service-allowed-ports/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedServicePortsRegex":"[parameters(''allowedServicePortsRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/25dee3db-6ce0-4c02-ab5d-245887b24077","type":"Microsoft.Authorization/policyDefinitions","name":"25dee3db-6ce0-4c02-ab5d-245887b24077"},{"properties":{"displayName":"[Limited
- Preview]: Enforce HTTPS ingress in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ Preview]: [AKS] Enforce HTTPS ingress in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces HTTPS ingress in an Azure Kubernetes Service cluster. Limited
Preview policies only work for registered subscriptions. To register, please
go to https://aka.ms/akspolicyonboarding. For instruction on using this policy,
please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"HttpsIngressOnly","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-https-only/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fbff515-eecc-4b7e-9b63-fcc7138b7dc3","type":"Microsoft.Authorization/policyDefinitions","name":"2fbff515-eecc-4b7e-9b63-fcc7138b7dc3"},{"properties":{"displayName":"[Limited
- Preview]: Ensure only allowed container images in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"HttpsIngressOnly","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-https-only/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fbff515-eecc-4b7e-9b63-fcc7138b7dc3","type":"Microsoft.Authorization/policyDefinitions","name":"2fbff515-eecc-4b7e-9b63-fcc7138b7dc3"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Enforce internal load balancers in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces load balancers do not have public IPs in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/load-balancer-no-public-ips/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/load-balancer-no-public-ips/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e","type":"Microsoft.Authorization/policyDefinitions","name":"3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Ensure containers listen only on allowed ports in Kubernetes
+ cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces containers to listen only on allowed ports in a Kubernetes
+ cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"allowedContainerPortsList":{"type":"Array","metadata":{"displayName":"Allowed
+ container ports list","description":"The list of container ports allowed in
+ a Kubernetes cluster."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-ports/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-ports/constraint.yaml","values":{"allowedContainerPorts":"[parameters(''allowedContainerPortsList'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/440b515e-a580-421e-abeb-b159a61ddcbc","type":"Microsoft.Authorization/policyDefinitions","name":"440b515e-a580-421e-abeb-b159a61ddcbc"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Enforce labels on pods in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces the specified labels are provided for pods in a Kubernetes
+ cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"labelsList":{"type":"Array","metadata":{"displayName":"List
+ of labels","description":"The list of labels to be specified on Pods in a
+ Kubernetes cluster."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/pod-enforce-labels/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/pod-enforce-labels/constraint.yaml","values":{"labels":"[parameters(''labelsList'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/46592696-4c7b-4bf3-9e45-6c2763bdc0a6","type":"Microsoft.Authorization/policyDefinitions","name":"46592696-4c7b-4bf3-9e45-6c2763bdc0a6"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Ensure only allowed container images in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy ensures only allowed container images are running in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
@@ -10227,70 +17436,141 @@ interactions:
allowed in Kubernetes cluster. E.g. Regex of azure container registry images
is ^.+azurecr.io/.+$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerAllowedImages","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-allowed-images/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedContainerImagesRegex":"[parameters(''allowedContainerImagesRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5f86cb6e-c4da-441b-807c-44bd0cc14e66","type":"Microsoft.Authorization/policyDefinitions","name":"5f86cb6e-c4da-441b-807c-44bd0cc14e66"},{"properties":{"displayName":"[Limited
- Preview]: Do not allow privileged containers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ Preview]: [AKS] Do not allow privileged containers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy does not allow privileged containers creation in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerNoPrivilege","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-no-privilege/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ce7ac02-a5c6-45d6-8d1b-844feb1c1531","type":"Microsoft.Authorization/policyDefinitions","name":"7ce7ac02-a5c6-45d6-8d1b-844feb1c1531"},{"properties":{"displayName":"[Limited
- Preview]: Ensure CPU and memory resource limits defined on containers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerNoPrivilege","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-no-privilege/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ce7ac02-a5c6-45d6-8d1b-844feb1c1531","type":"Microsoft.Authorization/policyDefinitions","name":"7ce7ac02-a5c6-45d6-8d1b-844feb1c1531"},{"properties":{"displayName":"[Preview]:
+ Manage certificates issued by an integrated CA","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages certificates are issued by a specified key vault integrated
+ Certificate Authority.","metadata":{"category":"Key Vault","preview":true},"parameters":{"allowedCAs":{"type":"Array","metadata":{"displayName":"Allowed
+ Azure Key Vault Supported CAs","description":"The list of allowed certificate
+ authorities supported by Azure Key Vault."},"allowedValues":["DigiCert","GlobalSign"],"defaultValue":["DigiCert","GlobalSign"]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/issuer.name","notIn":"[parameters(''allowedCAs'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82","type":"Microsoft.Authorization/policyDefinitions","name":"8e826246-c976-48f6-b03e-619bb92b3d82"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Do not allow privileged containers in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy does not allow privileged containers creation in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-no-privilege/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-no-privilege/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4","type":"Microsoft.Authorization/policyDefinitions","name":"95edb821-ddaf-4404-9732-666045e056b4"},{"properties":{"displayName":"[Preview]:
+ Manage certificates issued by a non-integrated CA","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages certificates are issued by a specified non-integrated Certificate
+ Authority.","metadata":{"category":"Key Vault","preview":true},"parameters":{"caCommonName":{"type":"String","metadata":{"displayName":"The
+ common name of the certificate authority","description":"The common name (CN)
+ of the Certificate Authority (CA) provider. For example, for an issuer CN
+ = Contoso, OU = .., DC = .., you can specify Contoso"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/issuer.commonName","notContains":"[parameters(''caCommonName'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341","type":"Microsoft.Authorization/policyDefinitions","name":"a22f4a40-01d3-4c7d-8071-da157eeff341"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Ensure CPU and memory resource limits defined on containers
+ in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy ensures CPU and memory resource limits are defined on containers in
an Azure Kubernetes Service cluster. Limited Preview policies only work for
registered subscriptions. To register, please go to https://aka.ms/akspolicyonboarding.
For instruction on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerResourceLimits","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-resource-limits/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2d3ed81-8d11-4079-80a5-1faadc0024f4","type":"Microsoft.Authorization/policyDefinitions","name":"a2d3ed81-8d11-4079-80a5-1faadc0024f4"},{"properties":{"displayName":"[Limited
- Preview]: Enforce internal load balancers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ Preview]: [AKS] Enforce internal load balancers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces load balancers do not have public IPs in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"LoadBalancersInternal","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/loadbalancer-no-publicips/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a74d8f00-2fd9-4ce4-968e-0ee1eb821698","type":"Microsoft.Authorization/policyDefinitions","name":"a74d8f00-2fd9-4ce4-968e-0ee1eb821698"},{"properties":{"displayName":"[Limited
- Preview]: Enforce unique ingress hostnames across namespaces in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"LoadBalancersInternal","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/loadbalancer-no-publicips/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a74d8f00-2fd9-4ce4-968e-0ee1eb821698","type":"Microsoft.Authorization/policyDefinitions","name":"a74d8f00-2fd9-4ce4-968e-0ee1eb821698"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Enforce unique ingress hostnames across namespaces in Kubernetes
+ cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces unique ingress hostnames across namespaces in a Kubernetes
+ cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-hostnames-conflict/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-hostnames-conflict/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b2fd3e59-6390-4f2b-8247-ea676bd03e2d","type":"Microsoft.Authorization/policyDefinitions","name":"b2fd3e59-6390-4f2b-8247-ea676bd03e2d"},{"properties":{"displayName":"[Preview]:
+ Manage allowed curve names for elliptic curve cryptography certificates","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the allowed elliptic curve names for elliptic curve cryptography
+ certificates.","metadata":{"category":"Key Vault","preview":true},"parameters":{"allowedECNames":{"type":"Array","metadata":{"displayName":"Allowed
+ elliptic curve names","description":"The list of allowed curve names for elliptic
+ curve cryptography certificates."},"allowedValues":["P-256","P-256K","P-384","P-521"],"defaultValue":["P-256","P-256K","P-384","P-521"]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType","in":["EC","EC-HSM"]},{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.ellipticCurveName","notIn":"[parameters(''allowedECNames'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf","type":"Microsoft.Authorization/policyDefinitions","name":"bd78111f-4953-4367-9fd5-7e08808b54bf"},{"properties":{"displayName":"[Preview]:
+ Manage minimum key size for RSA certificates","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the minimum key size for RSA certificates.","metadata":{"category":"Key
+ Vault","preview":true},"parameters":{"minimumRSAKeySize":{"type":"Integer","metadata":{"displayName":"Minimum
+ RSA key size","description":"The minimum key size for RSA certificates."},"allowedValues":[2048,3072,4096]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType","in":["RSA","RSA-HSM"]},{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keySize","less":"[parameters(''minimumRSAKeySize'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0","type":"Microsoft.Authorization/policyDefinitions","name":"cee51871-e572-4576-855c-047c820360f0"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Enforce unique ingress hostnames across namespaces in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces unique ingress hostnames across namespaces in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"UniqueIngressHostnames","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-hostnames-conflict/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d011d9f7-ba32-4005-b727-b3d09371ca60","type":"Microsoft.Authorization/policyDefinitions","name":"d011d9f7-ba32-4005-b727-b3d09371ca60"},{"properties":{"displayName":"jilim
- single allowed location","policyType":"Custom","mode":"All","description":"This
- policy enables you to restrict the locations your organization can specify
- when deploying resources. Use to enforce your geo-compliance requirements.
- Excludes resource groups, Microsoft.AzureActiveDirectory/b2cDirectories, and
- resources that use the ''global'' region.","metadata":{"category":"Test"},"parameters":{"allowedLocation":{"type":"String","metadata":{"displayName":"Allowed
- location","description":"The location that can be specified when deploying
- resources.","strongType":"location"}}},"policyRule":{"if":{"allOf":[{"field":"location","notEquals":"[parameters(''allowedLocation'')]"},{"field":"location","notEquals":"global"},{"field":"type","notEquals":"Microsoft.AzureActiveDirectory/b2cDirectories"}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/14bee682-2231-4113-bb3a-c067a49c6035","type":"Microsoft.Authorization/policyDefinitions","name":"14bee682-2231-4113-bb3a-c067a49c6035"},{"properties":{"displayName":"jilim
- test","policyType":"Custom","mode":"All","metadata":{"createdBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","createdOn":"2019-06-28T00:42:23.9594435Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
- locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/8a333d4f-45e8-4adf-b777-0f3be1fc4663","type":"Microsoft.Authorization/policyDefinitions","name":"8a333d4f-45e8-4adf-b777-0f3be1fc4663"},{"properties":{"displayName":"VMs
- with no Managed Disk","policyType":"Custom","mode":"All","description":"Deny
- all VMs with no Managed Disk","metadata":{"category":"General"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.compute/virtualmachines"},{"field":"Microsoft.Compute/virtualMachines/storageProfile.dataDisks[*].managedDisk.id","notlike":"*"}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/95696b24-404f-4376-a9a6-7fa8ba91e4d5","type":"Microsoft.Authorization/policyDefinitions","name":"95696b24-404f-4376-a9a6-7fa8ba91e4d5"},{"properties":{"displayName":"rohitbh
- def [2]","policyType":"Custom","mode":"All","metadata":{"category":"Test","createdBy":"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e","createdOn":"2019-04-30T23:58:47.6628901Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
- locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest5/providers/Microsoft.Authorization/policyDefinitions/5786a43d-b79a-4f5d-a7b8-b43925a693e0","type":"Microsoft.Authorization/policyDefinitions","name":"5786a43d-b79a-4f5d-a7b8-b43925a693e0"},{"properties":{"displayName":"Azure
- KeyVault Allowed Locations","policyType":"Custom","mode":"All","description":"Azure
- KeyVault Allowed Locations","metadata":{"category":"Key Vault"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
- locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest5/providers/Microsoft.Authorization/policyDefinitions/e1d7de9f-42f0-4af1-9ee0-0187bfce08d5","type":"Microsoft.Authorization/policyDefinitions","name":"e1d7de9f-42f0-4af1-9ee0-0187bfce08d5"},{"properties":{"displayName":"[AMP
- demo] - KeyVault - Deny certificates that expire in x number of days","policyType":"Custom","mode":"Microsoft.KeyVault.Data","description":"This
- policy will mark any vault containing certificates that expire within x number
- days as non-compliant. \nDrilling down to the non-compliant vault will show
- which certificates do not meet the policy requirement. ","metadata":{"category":"DataPlane","createdBy":"0d81b461-6bb0-4909-a102-d51803a7d275","createdOn":"2019-08-07T21:39:25.287951Z","updatedBy":"0d81b461-6bb0-4909-a102-d51803a7d275","updatedOn":"2019-08-07T21:53:34.3584975Z"},"parameters":{"daysToExpire":{"type":"Integer","metadata":{"displayName":"Days
- to expire","description":"The number of days for a certificate to expire."}}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/attributes/expiresOn","lessOrEquals":"[addDays(utcNow(),
- parameters(''daysToExpire''))]"},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3520924f-7a65-4cbf-83e6-e2ed67bbf0da","type":"Microsoft.Authorization/policyDefinitions","name":"3520924f-7a65-4cbf-83e6-e2ed67bbf0da"},{"properties":{"displayName":"[AMP
- demo] - KeyVault - Audit RSA type certificates","policyType":"Custom","mode":"Microsoft.KeyVault.Data","description":"Audit
- RSA type certificates","metadata":{"category":"DataPlane","createdBy":"0d81b461-6bb0-4909-a102-d51803a7d275","createdOn":"2019-08-07T19:08:39.2161644Z","updatedBy":"0d81b461-6bb0-4909-a102-d51803a7d275","updatedOn":"2019-08-07T21:43:16.414584Z"},"parameters":{},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties/keyType","equals":"RSA"},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ab108bc4-32df-4677-8b38-fa8b2905df59","type":"Microsoft.Authorization/policyDefinitions","name":"ab108bc4-32df-4677-8b38-fa8b2905df59"},{"properties":{"displayName":"testDisplay","policyType":"Custom","mode":"Microsoft.KeyVault.Data","description":"Updated
- Unit test junk: sorry for littering. Please delete me!","metadata":{"testName":"testValue","createdBy":"5549abd9-7aae-41fa-a276-5060abe448d5","createdOn":"2019-07-15T20:36:45.266863Z","updatedBy":"5549abd9-7aae-41fa-a276-5060abe448d5","updatedOn":"2019-07-15T20:36:46.9168436Z"},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties/keyType","equals":"RSA"},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ps4472","type":"Microsoft.Authorization/policyDefinitions","name":"ps4472"},{"properties":{"policyType":"Custom","mode":"Microsoft.KeyVault.Data","description":"Unit
- test junk: sorry for littering. Please delete me!","metadata":{"createdBy":"5549abd9-7aae-41fa-a276-5060abe448d5","createdOn":"2019-07-15T20:15:59.703567Z","updatedBy":null,"updatedOn":null},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties/keyType","equals":"RSA"},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ps7414","type":"Microsoft.Authorization/policyDefinitions","name":"ps7414"},{"properties":{"policyType":"Custom","mode":"Microsoft.KeyVault.Data","description":"Unit
- test junk: sorry for littering. Please delete me!","metadata":{"createdBy":"5549abd9-7aae-41fa-a276-5060abe448d5","createdOn":"2019-07-15T20:19:56.533839Z","updatedBy":null,"updatedOn":null},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties/keyType","equals":"RSA"},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ps8243","type":"Microsoft.Authorization/policyDefinitions","name":"ps8243"}]}'
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"UniqueIngressHostnames","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-hostnames-conflict/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d011d9f7-ba32-4005-b727-b3d09371ca60","type":"Microsoft.Authorization/policyDefinitions","name":"d011d9f7-ba32-4005-b727-b3d09371ca60"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Ensure container CPU and memory resource limits do not exceed
+ the specified limits in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy ensures container CPU and memory resource limits are defined and do
+ not exceed the specified limits in a Kubernetes cluster. For instructions
+ on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"cpuLimit":{"type":"String","metadata":{"displayName":"Max
+ allowed CPU units","description":"The maximum CPU units allowed for a container.
+ E.g. 200m. For more information, please refer https://aka.ms/k8s-policy-pod-limits"}},"memoryLimit":{"type":"String","metadata":{"displayName":"Max
+ allowed memory bytes","description":"The maximum memory bytes allowed for
+ a container. E.g. 1Gi. For more information, please refer https://aka.ms/k8s-policy-pod-limits"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-resource-limits/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-resource-limits/constraint.yaml","values":{"cpuLimit":"[parameters(''cpuLimit'')]","memoryLimit":"[parameters(''memoryLimit'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e345eecc-fa47-480f-9e88-67dcc122b164","type":"Microsoft.Authorization/policyDefinitions","name":"e345eecc-fa47-480f-9e88-67dcc122b164"},{"properties":{"displayName":"[Preview]:
+ Manage certificates that are within a specified number of days of expiration","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages certificates that are within a specified number of days to
+ their expiration date.","metadata":{"category":"Key Vault","preview":true},"parameters":{"daysToExpire":{"type":"Integer","metadata":{"displayName":"Days
+ to expire","description":"The number of days for a certificate to expire."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/attributes.expiresOn","lessOrEquals":"[addDays(utcNow(),
+ parameters(''daysToExpire''))]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427","type":"Microsoft.Authorization/policyDefinitions","name":"f772fb64-8e40-40ad-87bc-7706e1949427"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Ensure only allowed container images in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy ensures only allowed container images are running in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"allowedContainerImagesRegex":{"type":"String","metadata":{"displayName":"Allowed
+ container images regex","description":"Regex representing container images
+ allowed in a Kubernetes cluster. E.g. Regex for azure container registry images
+ is ^.+azurecr.io/.+$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-images/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-images/constraint.yaml","values":{"allowedContainerImagesRegex":"[parameters(''allowedContainerImagesRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/febd0533-8e55-448f-b837-bd0e06f16469","type":"Microsoft.Authorization/policyDefinitions","name":"febd0533-8e55-448f-b837-bd0e06f16469"},{"properties":{"displayName":"Replace
+ tag without becoming compliant","policyType":"Custom","mode":"Indexed","description":"","metadata":{"category":"Tags","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-21T00:28:28.0537053Z","updatedBy":null,"updatedOn":null},"parameters":{},"policyRule":{"if":{"value":"true","equals":"true"},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"addOrReplace","field":"tags.mockTag","value":"mockValue"}]}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/270f0d11-af30-4c15-95f7-28ba884518f0","type":"Microsoft.Authorization/policyDefinitions","name":"270f0d11-af30-4c15-95f7-28ba884518f0"},{"properties":{"displayName":"rohitbh:
+ Key vault access policy","policyType":"Custom","mode":"All","description":"definition
+ description","metadata":{"createdBy":"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e","createdOn":"2019-03-26T00:11:44.907552Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-12T22:08:39.7776262Z"},"parameters":{"userObjectId":{"type":"String","metadata":{"displayName":"User
+ Object ID","description":"The GUID for the user which should have access"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"field":"Microsoft.Keyvault/vaults/accessPolicies[*].objectId","notEquals":"[parameters(''userObjectId'')]"}]},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.KeyVault/vaults","name":"current","deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"objectId":{"type":"string"},"keyVaultName":{"type":"string"},"secretsPermissions":{"type":"array","defaultValue":["list"]},"tenantId":{"type":"string"},"location":{"type":"string"},"sku":{"type":"object"},"existingAccessPolicies":{"type":"array","defaultValue":[]}},"variables":{"accessPolicies":[{"tenantId":"[parameters(''tenantId'')]","objectId":"[parameters(''objectId'')]","permissions":{"secrets":"[parameters(''secretsPermissions'')]"}}]},"resources":[{"type":"Microsoft.KeyVault/vaults","name":"[parameters(''keyVaultName'')]","location":"[parameters(''location'')]","apiVersion":"2018-02-14","properties":{"sku":"[parameters(''sku'')]","tenantId":"[parameters(''tenantId'')]","accessPolicies":"[concat(parameters(''existingAccessPolicies''),
+ variables(''accessPolicies''))]"}}]},"parameters":{"objectId":{"value":"[parameters(''userObjectId'')]"},"tenantId":{"value":"[field(''Microsoft.Keyvault/vaults/tenantId'')]"},"keyVaultName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"sku":{"value":"[field(''Microsoft.Keyvault/vaults/sku'')]"},"existingAccessPolicies":{"value":"[field(''Microsoft.Keyvault/vaults/accessPolicies'')]"}}}},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/f25e0fa2-a7c8-4377-a976-54943a77a395"]}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3863c624-094c-480d-bc42-74970b55e5e1","type":"Microsoft.Authorization/policyDefinitions","name":"3863c624-094c-480d-bc42-74970b55e5e1"},{"properties":{"displayName":"test_policyi2bpufgaf","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T23:00:17.8237178Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ locations","description":"The list of locations that can be specified when
+ deploying resources"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyffg5bcs7r","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyffg5bcs7r"},{"properties":{"displayName":"test_policyem3nif7gi","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T21:51:40.6097535Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ locations","description":"The list of locations that can be specified when
+ deploying resources"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policykavffx3v6","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policykavffx3v6"},{"properties":{"displayName":"test_policyxyp6wrek6","policyType":"Custom","mode":"Indexed","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T23:10:41.492753Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ locations","description":"The list of locations that can be specified when
+ deploying resources"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policysv65gfxjh","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policysv65gfxjh"},{"properties":{"displayName":"test_policypwlcy5gtj","policyType":"Custom","mode":"Indexed","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T22:59:11.5176138Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ locations","description":"The list of locations that can be specified when
+ deploying resources"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policytac4g2rrq","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policytac4g2rrq"},{"properties":{"displayName":"testDisplay","policyType":"Custom","mode":"Indexed","description":"Updated
+ Unit test junk: sorry for littering. Please delete me!","metadata":{"testName":"testValue","createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-02T22:35:27.2634648Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-02T22:35:29.2696603Z"},"policyRule":{"if":{"source":"action","equals":"Microsoft.Resources/Subscriptions/ResourceGroups/write"},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ps7866","type":"Microsoft.Authorization/policyDefinitions","name":"ps7866"},{"properties":{"displayName":"robga
+ test modify","policyType":"Custom","mode":"Indexed","metadata":{"createdBy":"0dc80135-ae53-4da3-8695-220a2d93aad8","createdOn":"2019-08-06T13:52:23.9266854Z","updatedBy":"0dc80135-ae53-4da3-8695-220a2d93aad8","updatedOn":"2019-08-28T17:18:53.3118044Z"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"tags.testModify","exists":"false"}]},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"add","field":"tags.testModify","value":"addModifyOperation"}]}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/robgaTestModify","type":"Microsoft.Authorization/policyDefinitions","name":"robgaTestModify"},{"properties":{"displayName":"Audit
+ tag at MG","policyType":"Custom","mode":"All","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-19T21:02:29.3038974Z","updatedBy":null,"updatedOn":null},"parameters":{},"policyRule":{"if":{"not":{"field":"tags.Test","equals":"UnitTest"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/03ae6c12-b46a-43f1-9f3d-c20620473106","type":"Microsoft.Authorization/policyDefinitions","name":"03ae6c12-b46a-43f1-9f3d-c20620473106"},{"properties":{"displayName":"\"metadata\":
+ { \"category\": \"testResourcesGrid\" },","policyType":"Custom","mode":"All","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-19T20:48:36.8149755Z","updatedBy":null,"updatedOn":null},"parameters":{},"policyRule":{"if":{"not":{"field":"tags.testResourcesGrid","equals":"testResourcesGrid"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/4bba2e95-2749-431f-95ff-d032a3ae57f6","type":"Microsoft.Authorization/policyDefinitions","name":"4bba2e95-2749-431f-95ff-d032a3ae57f6"},{"properties":{"displayName":"CaleC
+ - Technical Owner Email Tag on RG","policyType":"Custom","mode":"All","metadata":{"category":"Test","createdBy":"b8890a11-51b6-457d-99f0-b36fde28fa4f","createdOn":"2019-11-13T21:16:37.0623117Z","updatedBy":null,"updatedOn":null},"parameters":{"namePattern":{"type":"String","metadata":{"displayName":"Pattern
+ matching","description":"Pattern to use for names. Can include wildcard (*)."}},"tagName":{"type":"String","metadata":{"displayName":"tagName","description":"Technical
+ Owner Email Address"},"defaultValue":"TechnicalOwnerEmail"}},"policyRule":{"if":{"allOf":[{"not":{"field":"[concat(''tags['',parameters(''tagName''),
+ '']'')]","like":"[parameters(''namePattern'')]"}},{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/54d50b8c-c4c6-4552-9e50-19925aedcf44","type":"Microsoft.Authorization/policyDefinitions","name":"54d50b8c-c4c6-4552-9e50-19925aedcf44"},{"properties":{"displayName":"rohitbh
+ def","policyType":"Custom","mode":"All","metadata":{"category":"Test","createdBy":"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e","createdOn":"2019-03-28T00:13:27.0393653Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/5b51a7de-acd9-42cd-81bd-32d9c01968e9","type":"Microsoft.Authorization/policyDefinitions","name":"5b51a7de-acd9-42cd-81bd-32d9c01968e9"},{"properties":{"displayName":"jilim
+ audit subscriptions without security contacts","policyType":"Custom","mode":"All","metadata":{"createdBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","createdOn":"2019-06-07T20:59:59.7600143Z","updatedBy":null,"updatedOn":null},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/Subscriptions"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Security/securityContacts"}}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/67d90168-f067-43df-bd57-bca4b46df3a0","type":"Microsoft.Authorization/policyDefinitions","name":"67d90168-f067-43df-bd57-bca4b46df3a0"},{"properties":{"displayName":"Empty
+ deployment on each KeyVault resource","policyType":"Custom","mode":"Indexed","description":"Deploys
+ an empty deployment (with one output) on each KeyVault vault. Used for some
+ PolicyInsights SDK tests.","metadata":{"category":"SDK Tests","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-21T17:43:12.9974078Z","updatedBy":null,"updatedOn":null},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Authorization/policyAssignments","name":"notExists","roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/f25e0fa2-a7c8-4377-a976-54943a77a395"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[],"outputs":{"constantOutput":{"type":"string","value":"someConstantValue"}}}}}}}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/78a38c70-5549-49bd-8a16-fe3619e5d2cf","type":"Microsoft.Authorization/policyDefinitions","name":"78a38c70-5549-49bd-8a16-fe3619e5d2cf"},{"properties":{"displayName":"CaleC
+ - Ensure principal is member of role","policyType":"Custom","mode":"All","metadata":{"category":"Test","createdBy":"b8890a11-51b6-457d-99f0-b36fde28fa4f","createdOn":"2019-11-08T01:55:56.4678953Z","updatedBy":"b8890a11-51b6-457d-99f0-b36fde28fa4f","updatedOn":"2019-11-13T21:19:54.5769298Z"},"parameters":{"roleDefinitionId":{"type":"String","metadata":{"displayName":"Approved
+ Role Definition","description":"The role definition id to add the principal
+ to."}},"principalId":{"type":"String","metadata":{"displayName":"Principal
+ Id","description":"Principal Id to add to roles"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Authorization/roleDefinitions"},{"field":"name","equals":"[parameters(''roleDefinitionId'')]"}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Authorization/roleAssignments","deploymentScope":"subscription","existenceScope":"subscription","existenceCondition":{"allOf":[{"field":"Microsoft.Authorization/roleAssignments/principalId","equals":"[parameters(''principalId'')]"},{"field":"Microsoft.Authorization/roleAssignments/roleDefinitionId","equals":"[concat(subscription().id,
+ ''/providers/Microsoft.Authorization/roleDefinitions/'', parameters(''roleDefinitionId''))]"}]},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635"],"deployment":{"location":"eastus","properties":{"mode":"incremental","parameters":{"roleId":{"value":"[parameters(''roleDefinitionId'')]"},"principalId":{"value":"[parameters(''principalId'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"principalId":{"type":"string"},"roleId":{"type":"string"}},"resources":[{"name":"[guid(subscription().id,
+ parameters(''roleId''), parameters(''principalId''))]","type":"Microsoft.Authorization/roleAssignments","apiVersion":"2019-04-01-preview","properties":{"principalId":"[parameters(''principalId'')]","roleDefinitionId":"[concat(subscription().id,
+ ''/providers/Microsoft.Authorization/roleDefinitions/'', parameters(''roleId''))]"}}]}}}}}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/906ef7c2-27f9-48f4-b111-1f0aca8697cd","type":"Microsoft.Authorization/policyDefinitions","name":"906ef7c2-27f9-48f4-b111-1f0aca8697cd"},{"properties":{"displayName":"jilim
+ mg test 2","policyType":"Custom","mode":"All","metadata":{"createdBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","createdOn":"2019-04-01T18:34:15.5651057Z","updatedBy":null,"updatedOn":null},"policyRule":{"if":{"source":"action","equals":"Microsoft.Compute/virtualMachines/write"},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/jilim
+ mg test 2","type":"Microsoft.Authorization/policyDefinitions","name":"jilim
+ mg test 2"},{"properties":{"displayName":"jilim mg test","policyType":"Custom","mode":"All","metadata":{"createdBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","createdOn":"2019-04-01T18:00:41.0087033Z","updatedBy":null,"updatedOn":null},"policyRule":{"if":{"source":"action","equals":"Microsoft.Compute/virtualMachines/write"},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/jilimmgtest","type":"Microsoft.Authorization/policyDefinitions","name":"jilimmgtest"},{"properties":{"displayName":"test_data_policyb6lq","policyType":"Custom","mode":"Microsoft.DataCatalog.Data","description":"desc_for_test_data_policy_123","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T23:00:19.2517621Z","updatedBy":null,"updatedOn":null},"policyRule":{"if":{"field":"Microsoft.DataCatalog.Data/catalog/entity/type","equals":"SomeEntityType"},"then":{"effect":"ModifyClassifications","details":{"classificationsToAdd":["foo"],"classificationsToRemove":["bar"]}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-data-policyb7jp","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-data-policyb7jp"}]}'
headers:
cache-control:
- no-cache
content-length:
- - '883134'
+ - '1648124'
content-type:
- application/json; charset=utf-8
date:
- - Fri, 06 Sep 2019 22:45:57 GMT
+ - Fri, 06 Dec 2019 23:12:38 GMT
expires:
- '-1'
pragma:
diff --git a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_show_built_in_policy.yaml b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_show_built_in_policy.yaml
index af8c2be2971..9a3d5536e92 100644
--- a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_show_built_in_policy.yaml
+++ b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_show_built_in_policy.yaml
@@ -13,23 +13,52 @@ interactions:
ParameterSetName:
- --query
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions?api-version=2019-09-01
response:
body:
- string: '{"value":[{"properties":{"displayName":"Audit virtual machines without
- disaster recovery configured","policyType":"BuiltIn","mode":"All","description":"Audit
+ string: '{"value":[{"properties":{"displayName":"Microsoft Managed Control 1599
+ - Developer Configuration Management | Software / Firmware Integrity Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1599"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0004bbf0-5099-4179-869e-e9ffe5fb0945","type":"Microsoft.Authorization/policyDefinitions","name":"0004bbf0-5099-4179-869e-e9ffe5fb0945"},{"properties":{"displayName":"Audit
+ virtual machines without disaster recovery configured","policyType":"BuiltIn","mode":"All","description":"Audit
virtual machines which do not have disaster recovery configured. To learn
more about disaster recovery, visit https://aka.ms/asr-doc.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Resources/links","existenceCondition":{"field":"name","like":"ASR-Protect-*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56","type":"Microsoft.Authorization/policyDefinitions","name":"0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56"},{"properties":{"displayName":"[Deprecated]:
Audit Web Sockets state for a Function App","policyType":"BuiltIn","mode":"All","description":"The
Web Sockets protocol is vulnerable to different types of security threats.
Use of Web Sockets within an Function app must be carefully reviewed.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd","type":"Microsoft.Authorization/policyDefinitions","name":"001802d1-4969-4c82-a700-c29c6c6f9bbd"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd","type":"Microsoft.Authorization/policyDefinitions","name":"001802d1-4969-4c82-a700-c29c6c6f9bbd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1375 - Incident Response Assistance | Automation Support For
+ Availability Of Information / Support","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1375"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/00379355-8932-4b52-b63a-3bc6daf3451a","type":"Microsoft.Authorization/policyDefinitions","name":"00379355-8932-4b52-b63a-3bc6daf3451a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1605 - Developer Security Testing And Evaluation | Static
+ Code Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1605"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0062eb8b-dc75-4718-8ea5-9bb4a9606655","type":"Microsoft.Authorization/policyDefinitions","name":"0062eb8b-dc75-4718-8ea5-9bb4a9606655"},{"properties":{"displayName":"Microsoft
+ Managed Control 1142 - Security Assessment And Authorization Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1142"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/01524fa8-4555-48ce-ba5f-c3b8dcef5147","type":"Microsoft.Authorization/policyDefinitions","name":"01524fa8-4555-48ce-ba5f-c3b8dcef5147"},{"properties":{"displayName":"Microsoft
+ Managed Control 1099 - Security Training Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1099"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/01910bab-8639-4bd0-84ef-cc53b24d79ba","type":"Microsoft.Authorization/policyDefinitions","name":"01910bab-8639-4bd0-84ef-cc53b24d79ba"},{"properties":{"displayName":"Microsoft
+ Managed Control 1285 - Telecommunications Services | Provider Contingency
+ Plan","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1285"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/01f7726b-db54-45c2-bcb5-9bd7a43796ee","type":"Microsoft.Authorization/policyDefinitions","name":"01f7726b-db54-45c2-bcb5-9bd7a43796ee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1709 - Security Function Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1709"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/025992d6-7fee-4137-9bbf-2ffc39c0686c","type":"Microsoft.Authorization/policyDefinitions","name":"025992d6-7fee-4137-9bbf-2ffc39c0686c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1052 - Session Lock","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1052"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/027cae1c-ec3e-4492-9036-4168d540c42a","type":"Microsoft.Authorization/policyDefinitions","name":"027cae1c-ec3e-4492-9036-4168d540c42a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1034 - Least Privilege","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1034"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02a5ed00-6d2e-4e97-9a98-46c32c057329","type":"Microsoft.Authorization/policyDefinitions","name":"02a5ed00-6d2e-4e97-9a98-46c32c057329"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs on which the remote host connection status
does not match the specified one","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -37,12 +66,68 @@ interactions:
auditing Windows virtual machines on which the remote host connection status
does not match the specified one. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsRemoteConnection","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02a84be7-c304-421f-9bb7-5d2c26af54ad","type":"Microsoft.Authorization/policyDefinitions","name":"02a84be7-c304-421f-9bb7-5d2c26af54ad"},{"properties":{"displayName":"SQL
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsRemoteConnection","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02a84be7-c304-421f-9bb7-5d2c26af54ad","type":"Microsoft.Authorization/policyDefinitions","name":"02a84be7-c304-421f-9bb7-5d2c26af54ad"},{"properties":{"displayName":"Microsoft
+ Managed Control 1623 - Boundary Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1623"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02ce1b22-412a-4528-8630-c42146f917ed","type":"Microsoft.Authorization/policyDefinitions","name":"02ce1b22-412a-4528-8630-c42146f917ed"},{"properties":{"displayName":"Microsoft
+ Managed Control 1515 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1515"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/02dd141a-a2b2-49a7-bcbd-ca31142f6211","type":"Microsoft.Authorization/policyDefinitions","name":"02dd141a-a2b2-49a7-bcbd-ca31142f6211"},{"properties":{"displayName":"Microsoft
+ Managed Control 1327 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1327"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03188d8f-1ae5-4fe1-974d-2d7d32ef937d","type":"Microsoft.Authorization/policyDefinitions","name":"03188d8f-1ae5-4fe1-974d-2d7d32ef937d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1229 - Information System Component Inventory | No Duplicate
+ Accounting Of Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1229"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03752212-103c-4ab8-a306-7e813022ca9d","type":"Microsoft.Authorization/policyDefinitions","name":"03752212-103c-4ab8-a306-7e813022ca9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1123 - Audit Review, Analysis, And Reporting | Audit Level
+ Adjustment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1123"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03996055-37a4-45a5-8b70-3f1caa45f87d","type":"Microsoft.Authorization/policyDefinitions","name":"03996055-37a4-45a5-8b70-3f1caa45f87d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1474 - Emergency Power | Long-Term Alternate Power Supply
+ - Minimal Operational Capability","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1474"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03ad326e-d7a1-44b1-9a76-e17492efc9e4","type":"Microsoft.Authorization/policyDefinitions","name":"03ad326e-d7a1-44b1-9a76-e17492efc9e4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1227 - Information System Component Inventory | Automated
+ Unauthorized Component Detection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1227"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03b78f5e-4877-4303-b0f4-eb6583f25768","type":"Microsoft.Authorization/policyDefinitions","name":"03b78f5e-4877-4303-b0f4-eb6583f25768"},{"properties":{"displayName":"Microsoft
+ Managed Control 1361 - Incident Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1361"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/03ed3be1-7276-4452-9a5d-e4168565ac67","type":"Microsoft.Authorization/policyDefinitions","name":"03ed3be1-7276-4452-9a5d-e4168565ac67"},{"properties":{"displayName":"Microsoft
+ Managed Control 1594 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1594"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/042ba2a1-8bb8-45f4-b080-c78cf62b90e9","type":"Microsoft.Authorization/policyDefinitions","name":"042ba2a1-8bb8-45f4-b080-c78cf62b90e9"},{"properties":{"displayName":"SQL
managed instance TDE protector should be encrypted with your own key","policyType":"BuiltIn","mode":"Indexed","description":"Transparent
Data Encryption (TDE) with your own key support provides increased transparency
and control over the TDE Protector, increased security with an HSM-backed
external service, and promotion of separation of duties.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/encryptionProtector","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/managedInstances/encryptionProtector/serverKeyType","equals":"AzureKeyVault"},{"field":"Microsoft.Sql/managedInstances/encryptionProtector/uri","notEquals":""},{"field":"Microsoft.Sql/managedInstances/encryptionProtector/uri","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260","type":"Microsoft.Authorization/policyDefinitions","name":"048248b0-55cd-46da-b1ff-39efd52db260"},{"properties":{"displayName":"[Preview]:
+ Network traffic data collection agent should be installed on Linux virtual
+ machines","policyType":"BuiltIn","mode":"Indexed","description":"Security
+ Center uses the Microsoft Monitoring Dependency Agent to collect network traffic
+ data from your Azure virtual machines to enable advanced network protection
+ features such as traffic visualization on the network map, network hardening
+ recommendations and specific network threats.","metadata":{"category":"Monitoring","preview":"true"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable Dependency Agent for Linux VMs monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/04c4380f-3fae-46e8-96c9-30193528f602","type":"Microsoft.Authorization/policyDefinitions","name":"04c4380f-3fae-46e8-96c9-30193528f602"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Service Bus to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Service Bus to stream to a regional Log Analytics
+ workspace when any Service Bus which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.ServiceBus/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e","type":"Microsoft.Authorization/policyDefinitions","name":"04d53d87-841c-4f23-8a5b-21564380b55e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1572 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1572"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/04f5fb00-80bb-48a9-a75b-4cb4d4c97c36","type":"Microsoft.Authorization/policyDefinitions","name":"04f5fb00-80bb-48a9-a75b-4cb4d4c97c36"},{"properties":{"displayName":"[Preview]:
Deploy Log Analytics Agent for Linux VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined
and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log
@@ -55,19 +140,60 @@ interactions:
''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77","type":"Microsoft.Authorization/policyDefinitions","name":"053d3325-282c-4e5c-b944-24faffd30d77"},{"properties":{"displayName":"Diagnostic
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77","type":"Microsoft.Authorization/policyDefinitions","name":"053d3325-282c-4e5c-b944-24faffd30d77"},{"properties":{"displayName":"Microsoft
+ Managed Control 1331 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1331"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05460fe2-301f-4ed1-8174-d62c8bb92ff4","type":"Microsoft.Authorization/policyDefinitions","name":"05460fe2-301f-4ed1-8174-d62c8bb92ff4"},{"properties":{"displayName":"Vulnerability
+ Assessment settings for SQL server should contain an email address to receive
+ scan reports","policyType":"BuiltIn","mode":"Indexed","description":"Ensure
+ that an email address is provided for the ''Send scan reports to'' field in
+ the Vulnerability Assessment settings. This email address receives scan result
+ summary after a periodic scan runs on SQL servers.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/vulnerabilityAssessments/default.recurringScans.emails[*]","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9","type":"Microsoft.Authorization/policyDefinitions","name":"057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9"},{"properties":{"displayName":"Diagnostic
logs in Azure Data Lake Store should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Data Lake"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","type":"Microsoft.Authorization/policyDefinitions","name":"057ef27e-665e-4328-8ea3-04b3122bd9fb"},{"properties":{"displayName":"Audit
- SQL DB Level Audit Setting","policyType":"BuiltIn","mode":"All","description":"Audit
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","type":"Microsoft.Authorization/policyDefinitions","name":"057ef27e-665e-4328-8ea3-04b3122bd9fb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1132 - Protection Of Audit Information | Audit Backup On Separate
+ Physical Systems / Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1132"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05938e10-cdbd-4a54-9b2b-1cbcfc141ad0","type":"Microsoft.Authorization/policyDefinitions","name":"05938e10-cdbd-4a54-9b2b-1cbcfc141ad0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1223 - Information System Component Inventory","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1223"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a","type":"Microsoft.Authorization/policyDefinitions","name":"05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1640 - Transmission Confidentiality And Integrity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1640"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05a289ce-6a20-4b75-a0f3-dc8601b6acd0","type":"Microsoft.Authorization/policyDefinitions","name":"05a289ce-6a20-4b75-a0f3-dc8601b6acd0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1420 - Maintenance Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1420"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/05ae08cc-a282-413b-90c7-21a2c60b8404","type":"Microsoft.Authorization/policyDefinitions","name":"05ae08cc-a282-413b-90c7-21a2c60b8404"},{"properties":{"displayName":"Microsoft
+ Managed Control 1658 - Secure Name / Address Resolution Service (Recursive
+ Or Caching Resolver)","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1658"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/063b540e-4bdc-4e7a-a569-3a42ddf22098","type":"Microsoft.Authorization/policyDefinitions","name":"063b540e-4bdc-4e7a-a569-3a42ddf22098"},{"properties":{"displayName":"Microsoft
+ Managed Control 1688 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1688"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/063c3f09-e0f0-4587-8fd5-f4276fae675f","type":"Microsoft.Authorization/policyDefinitions","name":"063c3f09-e0f0-4587-8fd5-f4276fae675f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1332 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1332"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/068260be-a5e6-4b0a-a430-cd27071c226a","type":"Microsoft.Authorization/policyDefinitions","name":"068260be-a5e6-4b0a-a430-cd27071c226a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1455 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1455"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/068a88d4-e520-434e-baf0-9005a8164e6a","type":"Microsoft.Authorization/policyDefinitions","name":"068a88d4-e520-434e-baf0-9005a8164e6a"},{"properties":{"displayName":"[Deprecated]:
+ Audit SQL DB Level Audit Setting","policyType":"BuiltIn","mode":"All","description":"Audit
DB level audit setting for SQL databases","metadata":{"category":"SQL","deprecated":true},"parameters":{"setting":{"type":"String","metadata":{"displayName":"Audit
Setting"},"allowedValues":["enabled","disabled"]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Sql/servers/databases/auditingSettings","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/auditingSettings.state","equals":"[parameters(''setting'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"Audit
VMs that do not use managed disks","policyType":"BuiltIn","mode":"All","description":"This
- policy audits VMs that do not use managed disks","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/virtualMachines/osDisk.uri","exists":"True"}]},{"allOf":[{"field":"type","equals":"Microsoft.Compute/VirtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers","exists":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl","exists":"True"}]}]}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a4d"},{"properties":{"displayName":"CORS
+ policy audits VMs that do not use managed disks","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/virtualMachines/osDisk.uri","exists":"True"}]},{"allOf":[{"field":"type","equals":"Microsoft.Compute/VirtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers","exists":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl","exists":"True"}]}]}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a4d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1366 - Incident Handling | Information Correlation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1366"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06c45c30-ae44-4f0f-82be-41331da911cc","type":"Microsoft.Authorization/policyDefinitions","name":"06c45c30-ae44-4f0f-82be-41331da911cc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1633 - Boundary Protection | Route Traffic To Authenticated
+ Proxy Servers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1633"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/07557aa0-e02f-4460-9a81-8ecd2fed601a","type":"Microsoft.Authorization/policyDefinitions","name":"07557aa0-e02f-4460-9a81-8ecd2fed601a"},{"properties":{"displayName":"CORS
should not allow every resource to access your Function Apps","policyType":"BuiltIn","mode":"Indexed","description":"Cross-Origin
Resource Sharing (CORS) should not allow all domains to access your Function
app. Allow only required domains to interact with your Function app.","metadata":{"category":"App
@@ -86,12 +212,30 @@ interactions:
''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c","type":"Microsoft.Authorization/policyDefinitions","name":"0868462e-646c-4fe3-9ced-a733534b6a2c"},{"properties":{"displayName":"[Deprecated]:
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c","type":"Microsoft.Authorization/policyDefinitions","name":"0868462e-646c-4fe3-9ced-a733534b6a2c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1583 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1583"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0882d488-8e80-4466-bc0f-0cd15b6cb66d","type":"Microsoft.Authorization/policyDefinitions","name":"0882d488-8e80-4466-bc0f-0cd15b6cb66d"},{"properties":{"displayName":"[Deprecated]:
Audit Web Applications that are not using latest supported PHP Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported PHP version for the latest security classes. Using older
classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c","type":"Microsoft.Authorization/policyDefinitions","name":"08b17839-76c6-4015-90e0-33d9d54d219c"},{"properties":{"displayName":"Network
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c","type":"Microsoft.Authorization/policyDefinitions","name":"08b17839-76c6-4015-90e0-33d9d54d219c"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Search Services to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Search Services to stream to a regional Log Analytics
+ workspace when any Search Services which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Search/searchServices/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d","type":"Microsoft.Authorization/policyDefinitions","name":"08ba64b8-738f-4918-9686-730d2ed79c7d"},{"properties":{"displayName":"Network
Security Group Rules for Internet facing virtual machines should be hardened","policyType":"BuiltIn","mode":"Indexed","description":"Azure
Security Center analyzes the traffic patterns of Internet facing virtual machines
and provides Network Security Group rule recommendations that reduce the potential
@@ -100,11 +244,50 @@ interactions:
should be more than one owner assigned to your subscription","policyType":"BuiltIn","mode":"All","description":"It
is recommended to designate more than one subscription owner in order to have
administrator access redundancy.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateMoreThanOneOwner","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","type":"Microsoft.Authorization/policyDefinitions","name":"09024ccc-0c5f-475e-9457-b7c0d9ed487b"},{"properties":{"displayName":"Disk
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateMoreThanOneOwner","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","type":"Microsoft.Authorization/policyDefinitions","name":"09024ccc-0c5f-475e-9457-b7c0d9ed487b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1159 - Security Authorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1159"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0925f098-7877-450b-8ba4-d1e55f2d8795","type":"Microsoft.Authorization/policyDefinitions","name":"0925f098-7877-450b-8ba4-d1e55f2d8795"},{"properties":{"displayName":"Disk
encryption should be applied on virtual machines","policyType":"BuiltIn","mode":"All","description":"VMs
without an enabled disk encryption will be monitored by Azure Security Center
as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","type":"Microsoft.Authorization/policyDefinitions","name":"0961003e-5a0a-4549-abde-af6a37f2724d"},{"properties":{"displayName":"Audit
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","type":"Microsoft.Authorization/policyDefinitions","name":"0961003e-5a0a-4549-abde-af6a37f2724d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1302 - Identification And Authentication (Org. Users) | Network
+ Access To Non-Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1302"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09828c65-e323-422b-9774-9d5c646124da","type":"Microsoft.Authorization/policyDefinitions","name":"09828c65-e323-422b-9774-9d5c646124da"},{"properties":{"displayName":"Configure
+ backup on VMs of a location to an existing central Vault in the same location","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy configures Azure Backup protection on VMs in a given location to an
+ existing central vault in the same location. It applies to only those VMs
+ that are not already configured for backup. It is recommended that this policy
+ is assigned to not more than 200 VMs. If the policy is assigned for more than
+ 200 VMs, it can result in the backup getting triggered a few hours beyond
+ the defined schedule. This policy will be enhanced to support more VM images.","metadata":{"category":"Backup"},"parameters":{"vaultLocation":{"type":"String","metadata":{"displayName":"Location
+ (Specify the location of the VMs that you want to protect)","description":"Specify
+ the location of the VMs that you want to protect. VMs should be backed up
+ to a vault in the same location.\nFor example - southeastasia","strongType":"location"}},"backupPolicyId":{"type":"String","metadata":{"displayName":"Backup
+ Policy (of type Azure VM from a vault in the location chosen above)","description":"Specify
+ the id of the Azure backup policy to configure backup of the virtual machines.
+ The selected Azure backup policy should be of type Azure virtual machine.
+ This policy needs to be in a vault that is present in the location chosen
+ above.\nFor example - /subscriptions//resourceGroups//providers/Microsoft.RecoveryServices/vaults//backupPolicies/","strongType":"Microsoft.RecoveryServices/vaults/backupPolicies"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["deployIfNotExists","auditIfNotExists","disabled"],"defaultValue":"deployIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"location","equals":"[parameters(''vaultLocation'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c","/providers/microsoft.authorization/roleDefinitions/5e467623-bb1f-42f4-a55d-6e525e11384b"],"type":"Microsoft.RecoveryServices/backupprotecteditems","deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"backupPolicyId":{"type":"String"},"fabricName":{"type":"String"},"protectionContainers":{"type":"String"},"protectedItems":{"type":"String"},"sourceResourceId":{"type":"String"}},"resources":[{"apiVersion":"2017-05-10","name":"[concat(''DeployProtection-'',uniqueString(parameters(''protectedItems'')))]","type":"Microsoft.Resources/deployments","resourceGroup":"[first(skip(split(parameters(''backupPolicyId''),
+ ''/''), 4))]","subscriptionId":"[first(skip(split(parameters(''backupPolicyId''),
+ ''/''), 2))]","properties":{"mode":"Incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"backupPolicyId":{"type":"String"},"fabricName":{"type":"String"},"protectionContainers":{"type":"String"},"protectedItems":{"type":"String"},"sourceResourceId":{"type":"String"}},"resources":[{"type":"Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems","name":"[concat(first(skip(split(parameters(''backupPolicyId''),
+ ''/''), 8)), ''/'', parameters(''fabricName''), ''/'',parameters(''protectionContainers''),
+ ''/'', parameters(''protectedItems''))]","apiVersion":"2016-06-01","properties":{"protectedItemType":"Microsoft.Compute/virtualMachines","policyId":"[parameters(''backupPolicyId'')]","sourceResourceId":"[parameters(''sourceResourceId'')]"}}]},"parameters":{"backupPolicyId":{"value":"[parameters(''backupPolicyId'')]"},"fabricName":{"value":"[parameters(''fabricName'')]"},"protectionContainers":{"value":"[parameters(''protectionContainers'')]"},"protectedItems":{"value":"[parameters(''protectedItems'')]"},"sourceResourceId":{"value":"[parameters(''sourceResourceId'')]"}}}}]},"parameters":{"backupPolicyId":{"value":"[parameters(''backupPolicyId'')]"},"fabricName":{"value":"Azure"},"protectionContainers":{"value":"[concat(''iaasvmcontainer;iaasvmcontainerv2;'',
+ resourceGroup().name, '';'' ,field(''name''))]"},"protectedItems":{"value":"[concat(''vm;iaasvmcontainerv2;'',
+ resourceGroup().name, '';'' ,field(''name''))]"},"sourceResourceId":{"value":"[concat(''/subscriptions/'',
+ subscription().subscriptionId, ''/resourceGroups/'', resourceGroup().name,
+ ''/providers/Microsoft.Compute/virtualMachines/'',field(''name''))]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09ce66bc-1220-4153-8104-e3f51c936913","type":"Microsoft.Authorization/policyDefinitions","name":"09ce66bc-1220-4153-8104-e3f51c936913"},{"properties":{"displayName":"Microsoft
+ Managed Control 1654 - Voice Over Internet Protocol","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1654"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a2ee16e-ab1f-414a-800b-d1608835862b","type":"Microsoft.Authorization/policyDefinitions","name":"0a2ee16e-ab1f-414a-800b-d1608835862b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1402 - Controlled Maintenance | Automated Maintenance Activities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1402"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a560d32-8075-4fec-9615-9f7c853f4ea9","type":"Microsoft.Authorization/policyDefinitions","name":"0a560d32-8075-4fec-9615-9f7c853f4ea9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1428 - Media Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1428"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a77fcc7-b8d8-451a-ab52-56197913c0c7","type":"Microsoft.Authorization/policyDefinitions","name":"0a77fcc7-b8d8-451a-ab52-56197913c0c7"},{"properties":{"displayName":"Audit
resource location matches resource group location","policyType":"BuiltIn","mode":"Indexed","description":"Audit
that the resource location matches its resource group location","metadata":{"category":"General"},"policyRule":{"if":{"field":"location","notIn":["[resourcegroup().location]","global"]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a","type":"Microsoft.Authorization/policyDefinitions","name":"0a914e76-4921-4c19-b460-a2d36003525a"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
@@ -117,13 +300,26 @@ interactions:
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesAccountManagement","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesAccountManagement"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29","type":"Microsoft.Authorization/policyDefinitions","name":"0a9991e6-21be-49f9-8916-a06d934bcf29"},{"properties":{"displayName":"Email
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29","type":"Microsoft.Authorization/policyDefinitions","name":"0a9991e6-21be-49f9-8916-a06d934bcf29"},{"properties":{"displayName":"Microsoft
+ Managed Control 1044 - Unsuccessful Logon Attempts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1044"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0abbac52-57cf-450d-8408-1208d0dd9e90","type":"Microsoft.Authorization/policyDefinitions","name":"0abbac52-57cf-450d-8408-1208d0dd9e90"},{"properties":{"displayName":"Microsoft
+ Managed Control 1253 - Contingency Plan | Resume Essential Missions / Business
+ Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1253"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0afce0b3-dd9f-42bb-af28-1e4284ba8311","type":"Microsoft.Authorization/policyDefinitions","name":"0afce0b3-dd9f-42bb-af28-1e4284ba8311"},{"properties":{"displayName":"Email
notification to subscription owner for high severity alerts should be enabled","policyType":"BuiltIn","mode":"All","description":"Enable
emailing security alerts to the subscription owner, in order to have them
receive security alert emails from Microsoft. This ensures that they are aware
of any potential security issues and can mitigate the risk in a timely fashion","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertsToAdmins","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","type":"Microsoft.Authorization/policyDefinitions","name":"0b15565f-aa9e-48ba-8619-45960f2c314d"},{"properties":{"displayName":"Key
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertsToAdmins","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","type":"Microsoft.Authorization/policyDefinitions","name":"0b15565f-aa9e-48ba-8619-45960f2c314d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1046 - Automatic Account Lock | Purge / Wipe Mobile Device","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1046"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b1aa965-7502-41f9-92be-3e2fe7cc392a","type":"Microsoft.Authorization/policyDefinitions","name":"0b1aa965-7502-41f9-92be-3e2fe7cc392a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1020 - Account Management | Role-Based Schemes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1020"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b291ee8-3140-4cad-beb7-568c077c78ce","type":"Microsoft.Authorization/policyDefinitions","name":"0b291ee8-3140-4cad-beb7-568c077c78ce"},{"properties":{"displayName":"Key
Vault objects should be recoverable","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits if key vault objects are not recoverable. Soft Delete feature
helps to effectively hold the resources for a given retention period (90 days)
@@ -132,19 +328,51 @@ interactions:
state cannot be purged until the retention period of 90 days has passed. These
vaults and objects can still be recovered, assuring customers that the retention
policy will be followed.","metadata":{"category":"Key Vault"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"anyOf":[{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","equals":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","type":"Microsoft.Authorization/policyDefinitions","name":"0b60c0b2-2dc2-4e1c-b5c9-abbed971de53"},{"properties":{"displayName":"SQL
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"anyOf":[{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","equals":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","type":"Microsoft.Authorization/policyDefinitions","name":"0b60c0b2-2dc2-4e1c-b5c9-abbed971de53"},{"properties":{"displayName":"Microsoft
+ Managed Control 1115 - Audit Review, Analysis, And Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1115"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b653845-2ad9-4e09-a4f3-5a7c1d78353d","type":"Microsoft.Authorization/policyDefinitions","name":"0b653845-2ad9-4e09-a4f3-5a7c1d78353d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1239 - User-Installed Software","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1239"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0be51298-f643-4556-88af-d7db90794879","type":"Microsoft.Authorization/policyDefinitions","name":"0be51298-f643-4556-88af-d7db90794879"},{"properties":{"displayName":"Ensure
+ API app has ''Client Certificates (Incoming client certificates)'' set to
+ ''On''","policyType":"BuiltIn","mode":"Indexed","description":"Client certificates
+ allow for the app to request a certificate for incoming requests. Only clients
+ that have a valid certificate will be able to reach the app.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"},{"field":"Microsoft.Web/sites/clientCertEnabled","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886","type":"Microsoft.Authorization/policyDefinitions","name":"0c192fe8-9cbb-4516-85b3-0ade8bd03886"},{"properties":{"displayName":"Microsoft
+ Managed Control 1496 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1496"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0ca96127-2f87-46ab-a4fc-0d2a786df1c8","type":"Microsoft.Authorization/policyDefinitions","name":"0ca96127-2f87-46ab-a4fc-0d2a786df1c8"},{"properties":{"displayName":"SQL
server TDE protector should be encrypted with your own key","policyType":"BuiltIn","mode":"Indexed","description":"Transparent
Data Encryption (TDE) with your own key support provides increased transparency
and control over the TDE Protector, increased security with an HSM-backed
external service, and promotion of separation of duties.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/encryptionProtector","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/servers/encryptionProtector/serverKeyType","equals":"AzureKeyVault"},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","notEquals":""},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","type":"Microsoft.Authorization/policyDefinitions","name":"0d134df8-db83-46fb-ad72-fe0c9428c8dd"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/encryptionProtector","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/servers/encryptionProtector/serverKeyType","equals":"AzureKeyVault"},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","notEquals":""},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","type":"Microsoft.Authorization/policyDefinitions","name":"0d134df8-db83-46fb-ad72-fe0c9428c8dd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1518 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1518"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d58f734-c052-40e9-8b2f-a1c2bff0b815","type":"Microsoft.Authorization/policyDefinitions","name":"0d58f734-c052-40e9-8b2f-a1c2bff0b815"},{"properties":{"displayName":"Microsoft
+ Managed Control 1713 - Software, Firmware, And Information Integrity | Integrity
+ Checks","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1713"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d87c70b-5012-48e9-994b-e70dd4b8def0","type":"Microsoft.Authorization/policyDefinitions","name":"0d87c70b-5012-48e9-994b-e70dd4b8def0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1466 - Visitor Access Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1466"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d943a9c-a6f1-401f-a792-740cdb09c451","type":"Microsoft.Authorization/policyDefinitions","name":"0d943a9c-a6f1-401f-a792-740cdb09c451"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs on which Windows Defender Exploit Guard
is not enabled","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines on which Windows Defender Exploit Guard is not enabled. For
more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDefenderExploitGuard","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053","type":"Microsoft.Authorization/policyDefinitions","name":"0d9b45ff-9ddd-43fc-bf59-fbd1c8423053"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDefenderExploitGuard","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053","type":"Microsoft.Authorization/policyDefinitions","name":"0d9b45ff-9ddd-43fc-bf59-fbd1c8423053"},{"properties":{"displayName":"Managed
+ identity should be used in your Function App","policyType":"BuiltIn","mode":"Indexed","description":"Use
+ a managed identity for enhanced authentication security","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f","type":"Microsoft.Authorization/policyDefinitions","name":"0da106f2-4ca3-48e8-bc85-c638fe6aea8f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1718 - Software, Firmware, And Information Integrity | Binary
+ Or Machine Executable Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1718"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0dced7ab-9ce5-4137-93aa-14c13e06ab17","type":"Microsoft.Authorization/policyDefinitions","name":"0dced7ab-9ce5-4137-93aa-14c13e06ab17"},{"properties":{"displayName":"[Preview]:
Authorized IP ranges should be defined on Kubernetes Services","policyType":"BuiltIn","mode":"All","description":"Restrict
access to the Kubernetes Service Management API by granting API access only
to IP addresses in specific ranges. It is recommended to limit access to authorized
@@ -154,7 +382,42 @@ interactions:
debugging should be turned off for Function Apps","policyType":"BuiltIn","mode":"Indexed","description":"Remote
debugging requires inbound ports to be opened on an function app. Remote debugging
should be turned off.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","type":"Microsoft.Authorization/policyDefinitions","name":"0e60b895-3786-45da-8377-9c6b4b6ac5f9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","type":"Microsoft.Authorization/policyDefinitions","name":"0e60b895-3786-45da-8377-9c6b4b6ac5f9"},{"properties":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for MariaDB","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure Database for MariaDB with geo-redundant backup not
+ enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMariaDB/servers"},{"field":"Microsoft.DBforMariaDB/servers/storageProfile.geoRedundantBackup","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","type":"Microsoft.Authorization/policyDefinitions","name":"0ec47710-77ff-4a3d-9181-6aa50af424d0"},{"properties":{"displayName":"Deploy
+ prerequisites to enable Guest Configuration Policy on Windows VMs.","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a system-assigned managed identity and deploys the VM extension
+ for Guest Configuration on Windows VMs. This is a prerequisites for Guest
+ Configuration Policy and must be assigned to the scope before using any Guest
+ Configuration policy. For more information on Guest Configuration policies,
+ please visit https://aka.ms/gcpol.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.Compute/virtualMachines/extensions","name":"AzurePolicyforWindows","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.GuestConfiguration"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"ConfigurationforWindows"}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"resources":[{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}}}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0ecd903d-91e7-4726-83d3-a229d7f2e293","type":"Microsoft.Authorization/policyDefinitions","name":"0ecd903d-91e7-4726-83d3-a229d7f2e293"},{"properties":{"displayName":"Microsoft
+ Managed Control 1601 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1601"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e","type":"Microsoft.Authorization/policyDefinitions","name":"0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1476 - Fire Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1476"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f3c4ac2-3e35-4906-a80b-473b12a622d7","type":"Microsoft.Authorization/policyDefinitions","name":"0f3c4ac2-3e35-4906-a80b-473b12a622d7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1204 - Access Restrictions For Change | Review System Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1204"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f4f6750-d1ab-4a4c-8dfd-af3237682665","type":"Microsoft.Authorization/policyDefinitions","name":"0f4f6750-d1ab-4a4c-8dfd-af3237682665"},{"properties":{"displayName":"Microsoft
+ Managed Control 1430 - Media Marking","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1430"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f559588-5e53-4b14-a7c4-85d28ebc2234","type":"Microsoft.Authorization/policyDefinitions","name":"0f559588-5e53-4b14-a7c4-85d28ebc2234"},{"properties":{"displayName":"Microsoft
+ Managed Control 1574 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1574"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f935dab-83d6-47b8-85ef-68b8584161b9","type":"Microsoft.Authorization/policyDefinitions","name":"0f935dab-83d6-47b8-85ef-68b8584161b9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1164 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1164"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0fb8d3ce-9e96-481c-9c68-88d4e3019310","type":"Microsoft.Authorization/policyDefinitions","name":"0fb8d3ce-9e96-481c-9c68-88d4e3019310"},{"properties":{"displayName":"Microsoft
+ Managed Control 1017 - Account Management | Inactivity Logout","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1017"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0fc3db37-e59a-48c1-84e9-1780cedb409e","type":"Microsoft.Authorization/policyDefinitions","name":"0fc3db37-e59a-48c1-84e9-1780cedb409e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1087 - Security Awareness And Training Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1087"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/100c82ba-42e9-4d44-a2ba-94b209248583","type":"Microsoft.Authorization/policyDefinitions","name":"100c82ba-42e9-4d44-a2ba-94b209248583"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not contain the specified
certificates in Trusted Root","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows VMs that
@@ -168,14 +431,34 @@ interactions:
thumbprints","description":"A semicolon-separated list of certificate thumbprints
that should exist under the Trusted Root certificate store (Cert:\\LocalMachine\\Root).
e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsCertificateInTrustedRoot","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude'',
- ''='', parameters(''CertificateThumbprints'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsCertificateInTrustedRoot"},"CertificateThumbprints":{"value":"[parameters(''CertificateThumbprints'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"CertificateThumbprints":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprints'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprints'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/106ccbe4-a791-4f33-a44a-06796944b8d5","type":"Microsoft.Authorization/policyDefinitions","name":"106ccbe4-a791-4f33-a44a-06796944b8d5"},{"properties":{"displayName":"[Preview]:
+ ''='', parameters(''CertificateThumbprints'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsCertificateInTrustedRoot"},"CertificateThumbprints":{"value":"[parameters(''CertificateThumbprints'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"CertificateThumbprints":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprints'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprints'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/106ccbe4-a791-4f33-a44a-06796944b8d5","type":"Microsoft.Authorization/policyDefinitions","name":"106ccbe4-a791-4f33-a44a-06796944b8d5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1554 - Vulnerability Scanning | Discoverable Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1554"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/10984b4e-c93e-48d7-bf20-9c03b04e9eca","type":"Microsoft.Authorization/policyDefinitions","name":"10984b4e-c93e-48d7-bf20-9c03b04e9eca"},{"properties":{"displayName":"Ensure
+ that ''.Net Framework'' version is the latest, if used as a part of the Function
+ App","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for .Net Framework software either due to security
+ flaws or to include additional functionality. Using the latest .Net framework
+ version for web apps is recommended in order to to take advantage of security
+ fixes, if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.netFrameworkVersion","in":["v3.0","v4.0"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/10c1859c-e1a7-4df3-ab97-a487fa8059f6","type":"Microsoft.Authorization/policyDefinitions","name":"10c1859c-e1a7-4df3-ab97-a487fa8059f6"},{"properties":{"displayName":"Custom
+ subscription owner roles should not exist","policyType":"BuiltIn","mode":"All","description":"This
+ policy ensures that no custom subscription owner roles exist.","metadata":{"category":"General"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Authorization/roleDefinitions"},{"field":"Microsoft.Authorization/roleDefinitions/type","equals":"CustomRole"},{"anyOf":[{"not":{"field":"Microsoft.Authorization/roleDefinitions/permissions[*].actions[*]","notEquals":"*"}},{"not":{"field":"Microsoft.Authorization/roleDefinitions/permissions.actions[*]","notEquals":"*"}}]},{"not":{"field":"Microsoft.Authorization/roleDefinitions/assignableScopes[*]","notIn":["[concat(subscription().id,''/'')]","[subscription().id]","/"]}},{"not":{"field":"Microsoft.Authorization/roleDefinitions/assignableScopes[*]","notLike":"/providers/Microsoft.Management/*"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","type":"Microsoft.Authorization/policyDefinitions","name":"10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1230 - Configuration Management Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1230"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11158848-f679-4e9b-aa7b-9fb07d945071","type":"Microsoft.Authorization/policyDefinitions","name":"11158848-f679-4e9b-aa7b-9fb07d945071"},{"properties":{"displayName":"Microsoft
+ Managed Control 1432 - Media Storage","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1432"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1140e542-b80d-4048-af45-3f7245be274b","type":"Microsoft.Authorization/policyDefinitions","name":"1140e542-b80d-4048-af45-3f7245be274b"},{"properties":{"displayName":"[Preview]:
Audit Dependency Agent Deployment - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports
VMs as non-compliant if the VM Image (OS) is not in the list defined and the
agent is not installed. The list of OS images will be updated over time as
@@ -183,7 +466,16 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","type":"Microsoft.Authorization/policyDefinitions","name":"11ac78e3-31bc-4f0c-8434-37ab963cea07"},{"properties":{"displayName":"[Preview]:
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","type":"Microsoft.Authorization/policyDefinitions","name":"11ac78e3-31bc-4f0c-8434-37ab963cea07"},{"properties":{"displayName":"Microsoft
+ Managed Control 1655 - Voice Over Internet Protocol","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1655"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/121eab72-390e-4629-a7e2-6d6184f57c6b","type":"Microsoft.Authorization/policyDefinitions","name":"121eab72-390e-4629-a7e2-6d6184f57c6b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1681 - Malicious Code Protection | Automatic Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1681"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12623e7e-4736-4b2e-b776-c1600f35f93a","type":"Microsoft.Authorization/policyDefinitions","name":"12623e7e-4736-4b2e-b776-c1600f35f93a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1240 - User-Installed Software","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1240"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/129eb39f-d79a-4503-84cd-92f036b5e429","type":"Microsoft.Authorization/policyDefinitions","name":"129eb39f-d79a-4503-84cd-92f036b5e429"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- System objects''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -194,7 +486,10 @@ interactions:
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsSystemobjects","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsSystemobjects"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12ae2d24-3805-4b37-9fa9-465968bfbcfa","type":"Microsoft.Authorization/policyDefinitions","name":"12ae2d24-3805-4b37-9fa9-465968bfbcfa"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12ae2d24-3805-4b37-9fa9-465968bfbcfa","type":"Microsoft.Authorization/policyDefinitions","name":"12ae2d24-3805-4b37-9fa9-465968bfbcfa"},{"properties":{"displayName":"Microsoft
+ Managed Control 1666 - System And Information Integrity Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1666"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12e30ee3-61e6-4509-8302-a871e8ebb91e","type":"Microsoft.Authorization/policyDefinitions","name":"12e30ee3-61e6-4509-8302-a871e8ebb91e"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that do not have the specified applications
installed","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Windows virtual machines
@@ -207,14 +502,33 @@ interactions:
names of the applications that should be installed. e.g. ''Microsoft SQL Server
2014 (64-bit); Microsoft Visual Studio Code'' or ''Microsoft SQL Server 2014*''
(to match any application starting with ''Microsoft SQL Server 2014'')"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WhitelistedApplication","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[InstalledApplication]bwhitelistedapp;Name'',
- ''='', parameters(''installedApplication'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WhitelistedApplication"},"installedApplication":{"value":"[parameters(''installedApplication'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"installedApplication":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]bwhitelistedapp;Name","value":"[parameters(''installedApplication'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]bwhitelistedapp;Name","value":"[parameters(''installedApplication'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6","type":"Microsoft.Authorization/policyDefinitions","name":"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6"},{"properties":{"displayName":"Deploy
+ ''='', parameters(''installedApplication'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WhitelistedApplication"},"installedApplication":{"value":"[parameters(''installedApplication'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"installedApplication":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]bwhitelistedapp;Name","value":"[parameters(''installedApplication'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]bwhitelistedapp;Name","value":"[parameters(''installedApplication'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6","type":"Microsoft.Authorization/policyDefinitions","name":"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1347 - Identification And Authentication (Non-Org. Users)
+ | Acceptance Of PIV Creds. From Other Agys.","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1347"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/131a2706-61e9-4916-a164-00e052056462","type":"Microsoft.Authorization/policyDefinitions","name":"131a2706-61e9-4916-a164-00e052056462"},{"properties":{"displayName":"Microsoft
+ Managed Control 1450 - Physical Access Authorizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1450"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/134d7a13-ba3e-41e2-b236-91bfcfa24e01","type":"Microsoft.Authorization/policyDefinitions","name":"134d7a13-ba3e-41e2-b236-91bfcfa24e01"},{"properties":{"displayName":"Microsoft
+ Managed Control 1184 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1184"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/13579d0e-0ab0-4b26-b0fb-d586f6d7ed20","type":"Microsoft.Authorization/policyDefinitions","name":"13579d0e-0ab0-4b26-b0fb-d586f6d7ed20"},{"properties":{"displayName":"Microsoft
+ Managed Control 1085 - Publicly Accessible Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1085"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/13d117e0-38b0-4bbb-aaab-563be5dd10ba","type":"Microsoft.Authorization/policyDefinitions","name":"13d117e0-38b0-4bbb-aaab-563be5dd10ba"},{"properties":{"displayName":"Microsoft
+ Managed Control 1404 - Maintenance Tools","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1404"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/13d8f903-0cd6-449f-a172-50f6579c182b","type":"Microsoft.Authorization/policyDefinitions","name":"13d8f903-0cd6-449f-a172-50f6579c182b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1695 - Information System Monitoring | Wireless Intrusion
+ Detection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1695"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/13fcf812-ec82-4eda-9b89-498de9efd620","type":"Microsoft.Authorization/policyDefinitions","name":"13fcf812-ec82-4eda-9b89-498de9efd620"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs in which the Administrators group contains
any of the specified members","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -227,14 +541,22 @@ interactions:
to exclude","description":"A semicolon-separated list of members that should
be excluded in the Administrators local group. Ex: Administrator; myUser1;
myUser2"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AdministratorsGroupMembersToExclude","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[LocalGroup]AdministratorsGroup;MembersToExclude'',
- ''='', parameters(''MembersToExclude'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AdministratorsGroupMembersToExclude"},"MembersToExclude":{"value":"[parameters(''MembersToExclude'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"MembersToExclude":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToExclude","value":"[parameters(''MembersToExclude'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToExclude","value":"[parameters(''MembersToExclude'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","type":"Microsoft.Authorization/policyDefinitions","name":"144f1397-32f9-4598-8c88-118decc3ccba"},{"properties":{"displayName":"[Preview]:
+ ''='', parameters(''MembersToExclude'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AdministratorsGroupMembersToExclude"},"MembersToExclude":{"value":"[parameters(''MembersToExclude'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"MembersToExclude":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToExclude","value":"[parameters(''MembersToExclude'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToExclude","value":"[parameters(''MembersToExclude'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","type":"Microsoft.Authorization/policyDefinitions","name":"144f1397-32f9-4598-8c88-118decc3ccba"},{"properties":{"displayName":"Microsoft
+ Managed Control 1157 - Plan Of Action And Milestones","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1157"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/15495367-cf68-464c-bbc3-f53ca5227b7a","type":"Microsoft.Authorization/policyDefinitions","name":"15495367-cf68-464c-bbc3-f53ca5227b7a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1491 - Security Planning Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1491"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1571dd40-dafc-4ef4-8f55-16eba27efc7b","type":"Microsoft.Authorization/policyDefinitions","name":"1571dd40-dafc-4ef4-8f55-16eba27efc7b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1564 - System Development Life Cycle","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1564"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/157f0ef9-143f-496d-b8f9-f8c8eeaad801","type":"Microsoft.Authorization/policyDefinitions","name":"157f0ef9-143f-496d-b8f9-f8c8eeaad801"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not have a minimum password
age of 1 day","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -242,24 +564,70 @@ interactions:
managed identity and deploys the VM extension for Guest Configuration. This
policy should only be used along with its corresponding audit policy in an
initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","type":"Microsoft.Authorization/policyDefinitions","name":"16390df4-2f73-4b42-af13-c801066763df"},{"properties":{"displayName":"Show
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","type":"Microsoft.Authorization/policyDefinitions","name":"16390df4-2f73-4b42-af13-c801066763df"},{"properties":{"displayName":"Microsoft
+ Managed Control 1662 - Fail In Known State","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1662"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/165cb91f-7ea8-4ab7-beaf-8636b98c9d15","type":"Microsoft.Authorization/policyDefinitions","name":"165cb91f-7ea8-4ab7-beaf-8636b98c9d15"},{"properties":{"displayName":"Microsoft
+ Managed Control 1684 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1684"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16bfdb59-db38-47a5-88a9-2e9371a638cf","type":"Microsoft.Authorization/policyDefinitions","name":"16bfdb59-db38-47a5-88a9-2e9371a638cf"},{"properties":{"displayName":"Show
audit results from Windows VMs that do not have the specified Windows PowerShell
modules installed","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that do not have the specified Windows PowerShell
modules installed. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellModules","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16f9b37c-4408-4c30-bc17-254958f2e2d6","type":"Microsoft.Authorization/policyDefinitions","name":"16f9b37c-4408-4c30-bc17-254958f2e2d6"},{"properties":{"displayName":"Transparent
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellModules","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16f9b37c-4408-4c30-bc17-254958f2e2d6","type":"Microsoft.Authorization/policyDefinitions","name":"16f9b37c-4408-4c30-bc17-254958f2e2d6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1103 - Audit Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1103"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16feeb31-6377-437e-bbab-d7f73911896d","type":"Microsoft.Authorization/policyDefinitions","name":"16feeb31-6377-437e-bbab-d7f73911896d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1007 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1007"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17200329-bf6c-46d8-ac6d-abf4641c2add","type":"Microsoft.Authorization/policyDefinitions","name":"17200329-bf6c-46d8-ac6d-abf4641c2add"},{"properties":{"displayName":"Microsoft
+ Managed Control 1349 - Identification And Authentication (Non-Org. Users)
+ | Use Of FICAM-Approved Products","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1349"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17641f70-94cd-4a5d-a613-3d1143e20e34","type":"Microsoft.Authorization/policyDefinitions","name":"17641f70-94cd-4a5d-a613-3d1143e20e34"},{"properties":{"displayName":"Deploy
+ associations for a managed application","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ an association resource that associates selected resource types to the specified
+ managed application. This policy deployment does not support nested resource
+ types.","metadata":{"category":"Managed Application"},"parameters":{"targetManagedApplicationId":{"type":"String","metadata":{"displayName":"Managed
+ application Id","description":"Resource ID of the managed application to which
+ resources need to be associated."}},"resourceTypesToAssociate":{"type":"Array","metadata":{"displayName":"Resource
+ types to associate","description":"The list of resource types to be associated
+ to the managed application.","strongType":"resourceTypes"}},"associationNamePrefix":{"type":"String","metadata":{"displayName":"Association
+ name prefix","description":"Prefix to be added to the name of the association
+ resource being created."},"defaultValue":"DeployedByPolicy"}},"policyRule":{"if":{"field":"type","in":"[parameters(''resourceTypesToAssociate'')]"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.CustomProviders/Associations","name":"[concat(parameters(''associationNamePrefix''),
+ ''-'', uniqueString(parameters(''targetManagedApplicationId'')))]","roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"associatedResourceName":{"type":"string"},"resourceTypesToAssociate":{"type":"string"},"targetManagedApplicationId":{"type":"string"},"associationNamePrefix":{"type":"string"}},"variables":{"resourceType":"[concat(parameters(''resourceTypesToAssociate''),
+ ''/providers/associations'')]","resourceName":"[concat(parameters(''associatedResourceName''),
+ ''/microsoft.customproviders/'', parameters(''associationNamePrefix''), ''-'',
+ uniqueString(parameters(''targetManagedApplicationId'')))]"},"resources":[{"type":"Microsoft.Resources/deployments","apiVersion":"2017-05-10","name":"[concat(deployment().Name,
+ ''-2'')]","properties":{"mode":"Incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[{"type":"[variables(''resourceType'')]","name":"[variables(''resourceName'')]","apiVersion":"2018-09-01-preview","properties":{"targetResourceId":"[parameters(''targetManagedApplicationId'')]"}}]}}}]},"parameters":{"resourceTypesToAssociate":{"value":"[field(''type'')]"},"associatedResourceName":{"value":"[field(''name'')]"},"targetManagedApplicationId":{"value":"[parameters(''targetManagedApplicationId'')]"},"associationNamePrefix":{"value":"[parameters(''associationNamePrefix'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17763ad9-70c0-4794-9397-53d765932634","type":"Microsoft.Authorization/policyDefinitions","name":"17763ad9-70c0-4794-9397-53d765932634"},{"properties":{"displayName":"Transparent
Data Encryption on SQL databases should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
transparent data encryption status for SQL databases","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"enabled"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"17k78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"Azure
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"enabled"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"17k78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"Microsoft
+ Managed Control 1325 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1325"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1845796a-7581-49b2-ae20-443121538e19","type":"Microsoft.Authorization/policyDefinitions","name":"1845796a-7581-49b2-ae20-443121538e19"},{"properties":{"displayName":"Microsoft
+ Managed Control 1480 - Temperature And Humidity Controls","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1480"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/18a767cc-1947-4338-a240-bc058c81164f","type":"Microsoft.Authorization/policyDefinitions","name":"18a767cc-1947-4338-a240-bc058c81164f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1369 - Incident Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1369"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/18cc35ed-a429-486d-8d59-cb47e87304ed","type":"Microsoft.Authorization/policyDefinitions","name":"18cc35ed-a429-486d-8d59-cb47e87304ed"},{"properties":{"displayName":"Microsoft
+ Managed Control 1269 - Alternate Storage Site | Separation From Primary Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1269"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/19b9439d-865d-4474-b17d-97d2702fdb66","type":"Microsoft.Authorization/policyDefinitions","name":"19b9439d-865d-4474-b17d-97d2702fdb66"},{"properties":{"displayName":"Microsoft
+ Managed Control 1071 - Wireless Access | Restrict Configurations By Users","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1071"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1a437f5b-9ad6-4f28-8861-de404d511ae4","type":"Microsoft.Authorization/policyDefinitions","name":"1a437f5b-9ad6-4f28-8861-de404d511ae4"},{"properties":{"displayName":"Azure
Monitor log profile should collect logs for categories ''write,'' ''delete,''
and ''action''","policyType":"BuiltIn","mode":"All","description":"This policy
ensures that a log profile collects logs for categories ''write,'' ''delete,''
@@ -274,7 +642,16 @@ interactions:
SQL managed instances which do not have recurring vulnerability assessment
scans enabled. Vulnerability assessment can discover, track, and help you
remediate potential database vulnerabilities.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/vulnerabilityAssessments/recurringScans.isEnabled","equals":"True"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","type":"Microsoft.Authorization/policyDefinitions","name":"1b7aa243-30e4-4c9e-bca8-d0d3022b634a"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/vulnerabilityAssessments/recurringScans.isEnabled","equals":"True"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","type":"Microsoft.Authorization/policyDefinitions","name":"1b7aa243-30e4-4c9e-bca8-d0d3022b634a"},{"properties":{"displayName":"Ensure
+ that ''PHP version'' is the latest, if used as a part of the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for PHP software either due to security flaws
+ or to include additional functionality. Using the latest PHP version for API
+ apps is recommended in order to to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ PHP version","description":"Latest supported PHP version for App Services"},"defaultValue":"7.3"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PHP"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PHP|'',
+ parameters(''PHPLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":"[parameters(''PHPLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","type":"Microsoft.Authorization/policyDefinitions","name":"1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba"},{"properties":{"displayName":"[Preview]:
Deploy Dependency Agent for Windows VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined
and the agent is not installed. The list of OS images will be updated over
@@ -282,21 +659,44 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentWindows","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''),
''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","type":"Microsoft.Authorization/policyDefinitions","name":"1c210e94-a481-4beb-95fa-1571b434fb04"},{"properties":{"displayName":"Virtual
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","type":"Microsoft.Authorization/policyDefinitions","name":"1c210e94-a481-4beb-95fa-1571b434fb04"},{"properties":{"displayName":"Microsoft
+ Managed Control 1072 - Wireless Access | Antennas / Transmission Power Levels","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1072"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1ca29e41-34ec-4e70-aba9-6248aca18c31","type":"Microsoft.Authorization/policyDefinitions","name":"1ca29e41-34ec-4e70-aba9-6248aca18c31"},{"properties":{"displayName":"Microsoft
+ Managed Control 1656 - Secure Name / Address Resolution Service (Authoritative
+ Source)","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1656"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1cb067d5-c8b5-4113-a7ee-0a493633924b","type":"Microsoft.Authorization/policyDefinitions","name":"1cb067d5-c8b5-4113-a7ee-0a493633924b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1592 - External Information System Services | Consistent Interests
+ Of Consumers And Providers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1592"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d01ba6c-289f-42fd-a408-494b355b6222","type":"Microsoft.Authorization/policyDefinitions","name":"1d01ba6c-289f-42fd-a408-494b355b6222"},{"properties":{"displayName":"Microsoft
+ Managed Control 1088 - Security Awareness And Training Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1088"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d50f99d-1356-49c0-934a-45f742ba7783","type":"Microsoft.Authorization/policyDefinitions","name":"1d50f99d-1356-49c0-934a-45f742ba7783"},{"properties":{"displayName":"Microsoft
+ Managed Control 1538 - Security Categorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1538"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d7658b2-e827-49c3-a2ae-6d2bd0b45874","type":"Microsoft.Authorization/policyDefinitions","name":"1d7658b2-e827-49c3-a2ae-6d2bd0b45874"},{"properties":{"displayName":"Virtual
machines should be migrated to new Azure Resource Manager resources","policyType":"BuiltIn","mode":"All","description":"Use
new Azure Resource Manager for your virtual machines to provide security enhancements
such as: stronger access control (RBAC), better auditing, ARM-based deployment
and governance, access to managed identities, access to key vault for secrets,
Azure AD-based authentication and support for tags and resource groups for
easier security management","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.classicCompute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","type":"Microsoft.Authorization/policyDefinitions","name":"1d84d5fb-01f6-4d12-ba4f-4a26081d403d"},{"properties":{"displayName":"[Deprecated]:
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.ClassicCompute/virtualMachines","Microsoft.Compute/virtualMachines"]},{"value":"[field(''type'')]","equals":"Microsoft.ClassicCompute/virtualMachines"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","type":"Microsoft.Authorization/policyDefinitions","name":"1d84d5fb-01f6-4d12-ba4f-4a26081d403d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1298 - Identification And Authentication Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1298"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1dc784b5-4895-4d27-9d40-a06b032bd1ee","type":"Microsoft.Authorization/policyDefinitions","name":"1dc784b5-4895-4d27-9d40-a06b032bd1ee"},{"properties":{"displayName":"[Deprecated]:
Audit API Applications that are not using latest supported .NET Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported .NET Framework version for the latest security classes.
Using older classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestDotNet","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb","type":"Microsoft.Authorization/policyDefinitions","name":"1de7b11d-1870-41a5-8181-507e7c663cfb"},{"properties":{"displayName":"Require
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestDotNet","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb","type":"Microsoft.Authorization/policyDefinitions","name":"1de7b11d-1870-41a5-8181-507e7c663cfb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1595 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1595"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1e0414e7-6ef5-4182-8076-aa82fbb53341","type":"Microsoft.Authorization/policyDefinitions","name":"1e0414e7-6ef5-4182-8076-aa82fbb53341"},{"properties":{"displayName":"Require
tag and its value","policyType":"BuiltIn","mode":"Indexed","description":"Enforces
- a required tag and its value. Does not apply to resource groups.","metadata":{"category":"General"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ a required tag and its value. Does not apply to resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"not":{"field":"[concat(''tags['',
parameters(''tagName''), '']'')]","equals":"[parameters(''tagValue'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62","type":"Microsoft.Authorization/policyDefinitions","name":"1e30110a-5ceb-460c-a204-c1c3969c6d62"},{"properties":{"displayName":"An
@@ -305,7 +705,22 @@ interactions:
to enable Azure AD authentication. Azure AD authentication enables simplified
permission management and centralized identity management of database users
and other Microsoft services","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/administrators"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","type":"Microsoft.Authorization/policyDefinitions","name":"1f314764-cb73-4fc9-b863-8eca98ac36e9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/administrators"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","type":"Microsoft.Authorization/policyDefinitions","name":"1f314764-cb73-4fc9-b863-8eca98ac36e9"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Event Hub to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Event Hub to stream to a regional Log Analytics
+ workspace when any Event Hub which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.EventHub/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ArchiveLogs","enabled":true,"retentionPolicy":{"enabled":false,"days":0}},{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"AutoScaleLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"KafkaCoordinatorLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"EventHubVNetConnectionEvent","enabled":"[parameters(''logsEnabled'')]"},{"category":"CustomerManagedKeyUserLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579","type":"Microsoft.Authorization/policyDefinitions","name":"1f6e93e8-6b31-41b1-83f6-36e449a42579"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Shutdown''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -330,24 +745,47 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Shutdown:
Allow system to be shut down without having to log on;ExpectedValue","value":"[parameters(''ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn'')]"},{"name":"Shutdown:
Clear virtual memory pagefile;ExpectedValue","value":"[parameters(''ShutdownClearVirtualMemoryPagefile'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f8c20ce-3414-4496-8b26-0e902a1541da","type":"Microsoft.Authorization/policyDefinitions","name":"1f8c20ce-3414-4496-8b26-0e902a1541da"},{"properties":{"displayName":"The
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f8c20ce-3414-4496-8b26-0e902a1541da","type":"Microsoft.Authorization/policyDefinitions","name":"1f8c20ce-3414-4496-8b26-0e902a1541da"},{"properties":{"displayName":"Microsoft
+ Managed Control 1616 - System And Communications Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1616"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2006457a-48b3-4f7b-8d2e-1532287f9929","type":"Microsoft.Authorization/policyDefinitions","name":"2006457a-48b3-4f7b-8d2e-1532287f9929"},{"properties":{"displayName":"Microsoft
+ Managed Control 1650 - Public Key Infrastructure Certificates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1650"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/201d3740-bd16-4baf-b4b8-7cda352228b7","type":"Microsoft.Authorization/policyDefinitions","name":"201d3740-bd16-4baf-b4b8-7cda352228b7"},{"properties":{"displayName":"The
NSGs rules for web applications on IaaS should be hardened","policyType":"BuiltIn","mode":"All","description":"Azure
security center has discovered that some of your virtual machines are running
web applications, and the NSGs associated to these virtual machines are overly
permissive with regards to the web application ports","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedWebApplication","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","type":"Microsoft.Authorization/policyDefinitions","name":"201ea587-7c90-41c3-910f-c280ae01cfd6"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedWebApplication","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","type":"Microsoft.Authorization/policyDefinitions","name":"201ea587-7c90-41c3-910f-c280ae01cfd6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1181 - Baseline Configuration | Retention Of Previous Configurations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1181"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21839937-d241-4fa5-95c6-b669253d9ab9","type":"Microsoft.Authorization/policyDefinitions","name":"21839937-d241-4fa5-95c6-b669253d9ab9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1111 - Response To Audit Processing Failures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1111"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21de687c-f15e-4e51-bf8d-f35c8619965b","type":"Microsoft.Authorization/policyDefinitions","name":"21de687c-f15e-4e51-bf8d-f35c8619965b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1596 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1596"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21e25e01-0ae0-41be-919e-04ce92b8e8b8","type":"Microsoft.Authorization/policyDefinitions","name":"21e25e01-0ae0-41be-919e-04ce92b8e8b8"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Audit''","policyType":"BuiltIn","mode":"All","description":"This policy should
only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Security
Options - Audit''. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAudit","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21e2995e-683e-497a-9e81-2f42ad07050a","type":"Microsoft.Authorization/policyDefinitions","name":"21e2995e-683e-497a-9e81-2f42ad07050a"},{"properties":{"displayName":"[Deprecated]:
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAudit","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21e2995e-683e-497a-9e81-2f42ad07050a","type":"Microsoft.Authorization/policyDefinitions","name":"21e2995e-683e-497a-9e81-2f42ad07050a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1426 - Media Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1426"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21f639bc-f42b-46b1-8f40-7a2a389c291a","type":"Microsoft.Authorization/policyDefinitions","name":"21f639bc-f42b-46b1-8f40-7a2a389c291a"},{"properties":{"displayName":"[Deprecated]:
Audit API Apps that are not using custom domains","policyType":"BuiltIn","mode":"All","description":"Use
of custom domains protects a API app from common attacks such as phishing
and other DNS-related attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac","type":"Microsoft.Authorization/policyDefinitions","name":"224da9fe-0d38-4e79-adb3-0a6e2af942ac"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac","type":"Microsoft.Authorization/policyDefinitions","name":"224da9fe-0d38-4e79-adb3-0a6e2af942ac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1399 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1399"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2256e638-eb23-480f-9e15-6cf1af0a76b3","type":"Microsoft.Authorization/policyDefinitions","name":"2256e638-eb23-480f-9e15-6cf1af0a76b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1221 - Least Functionality | Authorized Software / Whitelisting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1221"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22589a07-0007-486a-86ca-95355081ae2a","type":"Microsoft.Authorization/policyDefinitions","name":"22589a07-0007-486a-86ca-95355081ae2a"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Account Management''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -360,7 +798,9 @@ interactions:
remote management ports are exposing your VM to a high level of risk from
Internet-based attacks. These attacks attempt to brute force credentials to
gain admin access to the machine.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"restrictAccessToManagementPorts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","type":"Microsoft.Authorization/policyDefinitions","name":"22730e10-96f6-4aac-ad84-9383d35b5917"},{"properties":{"displayName":"Only
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"restrictAccessToManagementPorts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","type":"Microsoft.Authorization/policyDefinitions","name":"22730e10-96f6-4aac-ad84-9383d35b5917"},{"properties":{"displayName":"Microsoft
+ Managed Control 1493 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1493"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22b469b3-fccf-42da-aa3b-a28e6fb113ce","type":"Microsoft.Authorization/policyDefinitions","name":"22b469b3-fccf-42da-aa3b-a28e6fb113ce"},{"properties":{"displayName":"Only
secure connections to your Redis Cache should be enabled","policyType":"BuiltIn","mode":"All","description":"Audit
enabling of only connections via SSL to Redis Cache. Use of secure connections
ensures authentication between the server and the service and protects data
@@ -375,33 +815,99 @@ interactions:
Guest Configuration. This policy should only be used along with its corresponding
audit policy in an initiative. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordLength"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","type":"Microsoft.Authorization/policyDefinitions","name":"23020aa6-1135-4be2-bae2-149982b06eca"},{"properties":{"displayName":"[Preview]:
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordLength"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","type":"Microsoft.Authorization/policyDefinitions","name":"23020aa6-1135-4be2-bae2-149982b06eca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1256 - Contingency Plan | Identify Critical Assets","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1256"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/232ab24b-810b-4640-9019-74a7d0d6a980","type":"Microsoft.Authorization/policyDefinitions","name":"232ab24b-810b-4640-9019-74a7d0d6a980"},{"properties":{"displayName":"Service
+ Bus should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Service Bus not configured to use a virtual network service
+ endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.ServiceBus/namespaces/virtualNetworkRules","existenceCondition":{"field":"Microsoft.ServiceBus/namespaces/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/235359c5-7c52-4b82-9055-01c75cf9f60e","type":"Microsoft.Authorization/policyDefinitions","name":"235359c5-7c52-4b82-9055-01c75cf9f60e"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Stream Analytics to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Stream Analytics to stream to a regional Log Analytics
+ workspace when any Stream Analytics which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingjobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.StreamAnalytics/streamingjobs/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Execution","enabled":"[parameters(''logsEnabled'')]"},{"category":"Authoring","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673","type":"Microsoft.Authorization/policyDefinitions","name":"237e0f7e-b0e8-4ec4-ad46-8c12cb66d673"},{"properties":{"displayName":"Microsoft
+ Managed Control 1268 - Alternate Storage Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1268"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/23f6e984-3053-4dfc-ab48-543b764781f5","type":"Microsoft.Authorization/policyDefinitions","name":"23f6e984-3053-4dfc-ab48-543b764781f5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1122 - Audit Review, Analysis, And Reporting | Permitted Actions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1122"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/243ec95e-800c-49d4-ba52-1fdd9f6b8b57","type":"Microsoft.Authorization/policyDefinitions","name":"243ec95e-800c-49d4-ba52-1fdd9f6b8b57"},{"properties":{"displayName":"Microsoft
+ Managed Control 1231 - Configuration Management Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1231"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/244e0c05-cc45-4fe7-bf36-42dcf01f457d","type":"Microsoft.Authorization/policyDefinitions","name":"244e0c05-cc45-4fe7-bf36-42dcf01f457d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1082 - Information Sharing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1082"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/24d480ef-11a0-4b1b-8e70-4e023bf2be23","type":"Microsoft.Authorization/policyDefinitions","name":"24d480ef-11a0-4b1b-8e70-4e023bf2be23"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that do not have a maximum password age
of 70 days","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that do not have a maximum password age of 70 days. For more
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","type":"Microsoft.Authorization/policyDefinitions","name":"24dde96d-f0b1-425e-884f-4a1421e2dcdc"},{"properties":{"displayName":"Endpoint
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","type":"Microsoft.Authorization/policyDefinitions","name":"24dde96d-f0b1-425e-884f-4a1421e2dcdc"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Data Lake Storage Gen1 to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Storage Gen1 to stream to a regional
+ Log Analytics workspace when any Data Lake Storage Gen1 which is missing this
+ diagnostic settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeStore/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/25763a0a-5783-4f14-969e-79d4933eb74b","type":"Microsoft.Authorization/policyDefinitions","name":"25763a0a-5783-4f14-969e-79d4933eb74b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1372 - Incident Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1372"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/25b96717-c912-4c00-9143-4e487f411726","type":"Microsoft.Authorization/policyDefinitions","name":"25b96717-c912-4c00-9143-4e487f411726"},{"properties":{"displayName":"Microsoft
+ Managed Control 1038 - Least Privilege | Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1038"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26692e88-71b7-4a5f-a8ac-9f31dd05bd8e","type":"Microsoft.Authorization/policyDefinitions","name":"26692e88-71b7-4a5f-a8ac-9f31dd05bd8e"},{"properties":{"displayName":"Endpoint
protection solution should be installed on virtual machine scale sets","policyType":"BuiltIn","mode":"Indexed","description":"Audit
the existence and health of an endpoint protection solution on your virtual
machines scale sets, to protect them from threats and vulnerabilities.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EndpointProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","type":"Microsoft.Authorization/policyDefinitions","name":"26a828e1-e88f-464e-bbb3-c134a282b9de"},{"properties":{"displayName":"Metric
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EndpointProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","type":"Microsoft.Authorization/policyDefinitions","name":"26a828e1-e88f-464e-bbb3-c134a282b9de"},{"properties":{"displayName":"Microsoft
+ Managed Control 1649 - Collaborative Computing Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1649"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26d292cc-b0b8-4c29-9337-68abc758bf7b","type":"Microsoft.Authorization/policyDefinitions","name":"26d292cc-b0b8-4c29-9337-68abc758bf7b"},{"properties":{"displayName":"Metric
alert rules should be configured on Batch accounts","policyType":"BuiltIn","mode":"Indexed","description":"Audit
configuration of metric alert rules on Batch account to enable the required
metric","metadata":{"category":"Batch"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"metricName":{"type":"String","metadata":{"displayName":"Metric
name","description":"The metric name that an alert rule must be enabled on"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Batch/batchAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/alertRules","existenceScope":"Subscription","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/alertRules/isEnabled","equals":"true"},{"field":"Microsoft.Insights/alertRules/condition.dataSource.metricName","equals":"[parameters(''metricName'')]"},{"field":"Microsoft.Insights/alertRules/condition.dataSource.resourceUri","equals":"[concat(''/subscriptions/'',
subscription().subscriptionId, ''/resourcegroups/'', resourceGroup().name,
- ''/providers/Microsoft.Batch/batchAccounts/'', field(''name''))]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","type":"Microsoft.Authorization/policyDefinitions","name":"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7"},{"properties":{"displayName":"Deploy
+ ''/providers/Microsoft.Batch/batchAccounts/'', field(''name''))]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","type":"Microsoft.Authorization/policyDefinitions","name":"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1396 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1396"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/276af98f-4ff9-4e69-99fb-c9b2452fb85f","type":"Microsoft.Authorization/policyDefinitions","name":"276af98f-4ff9-4e69-99fb-c9b2452fb85f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1074 - Access Control For Mobile Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1074"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/27a69937-af92-4198-9b86-08d355c7e59a","type":"Microsoft.Authorization/policyDefinitions","name":"27a69937-af92-4198-9b86-08d355c7e59a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1527 - Access Agreements","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1527"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2823de66-332f-4bfd-94a3-3eb036cd3b67","type":"Microsoft.Authorization/policyDefinitions","name":"2823de66-332f-4bfd-94a3-3eb036cd3b67"},{"properties":{"displayName":"Deploy
default Microsoft IaaSAntimalware extension for Windows Server","policyType":"BuiltIn","mode":"Indexed","description":"This
policy deploys a Microsoft IaaSAntimalware extension with a default configuration
when a VM is not configured with the antimalware extension.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk"]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"ExclusionsPaths":{"type":"string","defaultValue":"","metadata":{"description":"Semicolon
@@ -413,7 +919,25 @@ interactions:
whether scheduled scan setting type is set to Quick or Full (default is Quick)"}},"ScheduledScanSettingsDay":{"type":"string","defaultValue":"7","metadata":{"description":"Day
of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)"}},"ScheduledScanSettingsTime":{"type":"string","defaultValue":"120","metadata":{"description":"When
to perform the scheduled scan, measured in minutes from midnight (0-1440).
- For example: 0 = 12AM, 60 = 1AM, 120 = 2AM."}}},"resources":[{"name":"[concat(parameters(''vmName''),''/IaaSAntimalware'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2017-12-01","properties":{"publisher":"Microsoft.Azure.Security","type":"IaaSAntimalware","typeHandlerVersion":"1.3","autoUpgradeMinorVersion":true,"settings":{"AntimalwareEnabled":true,"RealtimeProtectionEnabled":"[parameters(''RealtimeProtectionEnabled'')]","ScheduledScanSettings":{"isEnabled":"[parameters(''ScheduledScanSettingsIsEnabled'')]","day":"[parameters(''ScheduledScanSettingsDay'')]","time":"[parameters(''ScheduledScanSettingsTime'')]","scanType":"[parameters(''ScheduledScanSettingsScanType'')]"},"Exclusions":{"Extensions":"[parameters(''ExclusionsExtensions'')]","Paths":"[parameters(''ExclusionsPaths'')]","Processes":"[parameters(''ExclusionsProcesses'')]"}}}}]},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"RealtimeProtectionEnabled":{"value":"true"},"ScheduledScanSettingsIsEnabled":{"value":"true"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc","type":"Microsoft.Authorization/policyDefinitions","name":"2835b622-407b-4114-9198-6f7064cbe0dc"},{"properties":{"displayName":"[Preview]:
+ For example: 0 = 12AM, 60 = 1AM, 120 = 2AM."}}},"resources":[{"name":"[concat(parameters(''vmName''),''/IaaSAntimalware'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2017-12-01","properties":{"publisher":"Microsoft.Azure.Security","type":"IaaSAntimalware","typeHandlerVersion":"1.3","autoUpgradeMinorVersion":true,"settings":{"AntimalwareEnabled":true,"RealtimeProtectionEnabled":"[parameters(''RealtimeProtectionEnabled'')]","ScheduledScanSettings":{"isEnabled":"[parameters(''ScheduledScanSettingsIsEnabled'')]","day":"[parameters(''ScheduledScanSettingsDay'')]","time":"[parameters(''ScheduledScanSettingsTime'')]","scanType":"[parameters(''ScheduledScanSettingsScanType'')]"},"Exclusions":{"Extensions":"[parameters(''ExclusionsExtensions'')]","Paths":"[parameters(''ExclusionsPaths'')]","Processes":"[parameters(''ExclusionsProcesses'')]"}}}}]},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"RealtimeProtectionEnabled":{"value":"true"},"ScheduledScanSettingsIsEnabled":{"value":"true"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc","type":"Microsoft.Authorization/policyDefinitions","name":"2835b622-407b-4114-9198-6f7064cbe0dc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1342 - Authenticator Management | Hardware Token-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1342"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/283a4e29-69d5-4c94-b99e-29acf003c899","type":"Microsoft.Authorization/policyDefinitions","name":"283a4e29-69d5-4c94-b99e-29acf003c899"},{"properties":{"displayName":"Microsoft
+ Managed Control 1436 - Media Transport","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1436"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/28aab8b4-74fd-4b7c-9080-5a7be525d574","type":"Microsoft.Authorization/policyDefinitions","name":"28aab8b4-74fd-4b7c-9080-5a7be525d574"},{"properties":{"displayName":"Microsoft
+ Managed Control 1224 - Information System Component Inventory | Updates During
+ Installations / Removals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1224"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/28cfa30b-7f72-47ce-ba3b-eed26c8d2c82","type":"Microsoft.Authorization/policyDefinitions","name":"28cfa30b-7f72-47ce-ba3b-eed26c8d2c82"},{"properties":{"displayName":"Microsoft
+ Managed Control 1148 - Security Assessments | Independent Assessors","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1148"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/28e62650-c7c2-4786-bdfa-17edc1673902","type":"Microsoft.Authorization/policyDefinitions","name":"28e62650-c7c2-4786-bdfa-17edc1673902"},{"properties":{"displayName":"Microsoft
+ Managed Control 1418 - Nonlocal Maintenance | Comparable Security / Sanitization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1418"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/28e633fd-284e-4ea7-88b4-02ca157ed713","type":"Microsoft.Authorization/policyDefinitions","name":"28e633fd-284e-4ea7-88b4-02ca157ed713"},{"properties":{"displayName":"Microsoft
+ Managed Control 1634 - Boundary Protection | Prevent Unauthorized Exfiltration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1634"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/292a7c44-37fa-4c68-af7c-9d836955ded2","type":"Microsoft.Authorization/policyDefinitions","name":"292a7c44-37fa-4c68-af7c-9d836955ded2"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
User Account Control''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -426,14 +950,62 @@ interactions:
the specified tag and value when any resource which is missing this tag is
created or updated. Does not modify the tags of resources created before this
policy was applied until those resources are changed. Does not apply to resource
- groups.","metadata":{"category":"General"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ groups. New ''modify'' effect policies are available that support remediation
+ of tags on existing resources (see https://aka.ms/modifydoc).","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"field":"[concat(''tags['',
parameters(''tagName''), '']'')]","exists":"false"},"then":{"effect":"append","details":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498","type":"Microsoft.Authorization/policyDefinitions","name":"2a0e14a6-b0a6-4fab-991a-187a4f81c498"},{"properties":{"displayName":"Unattached
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498","type":"Microsoft.Authorization/policyDefinitions","name":"2a0e14a6-b0a6-4fab-991a-187a4f81c498"},{"properties":{"displayName":"Microsoft
+ Managed Control 1219 - Least Functionality | Authorized Software / Whitelisting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1219"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2a39ac75-622b-4c88-9a3f-45b7373f7ef7","type":"Microsoft.Authorization/policyDefinitions","name":"2a39ac75-622b-4c88-9a3f-45b7373f7ef7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1274 - Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1274"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2aee175f-cd16-4825-939a-a85349d96210","type":"Microsoft.Authorization/policyDefinitions","name":"2aee175f-cd16-4825-939a-a85349d96210"},{"properties":{"displayName":"Microsoft
+ Managed Control 1603 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1603"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2b909c26-162f-47ce-8e15-0c1f55632eac","type":"Microsoft.Authorization/policyDefinitions","name":"2b909c26-162f-47ce-8e15-0c1f55632eac"},{"properties":{"displayName":"Managed
+ identity should be used in your Web App","policyType":"BuiltIn","mode":"Indexed","description":"Use
+ a managed identity for enhanced authentication security","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332","type":"Microsoft.Authorization/policyDefinitions","name":"2b9ad585-36bc-4615-b300-fd4435808332"},{"properties":{"displayName":"Microsoft
+ Managed Control 1434 - Media Transport","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1434"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c18f06b-a68d-41c3-8863-b8cd3acb5f8f","type":"Microsoft.Authorization/policyDefinitions","name":"2c18f06b-a68d-41c3-8863-b8cd3acb5f8f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1343 - Authenticator Management | Expiration Of Cached Authenticators","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1343"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c251a55-31eb-4e53-99c6-e9c43c393ac2","type":"Microsoft.Authorization/policyDefinitions","name":"2c251a55-31eb-4e53-99c6-e9c43c393ac2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1388 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1388"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c7c575a-d4c5-4f6f-bd49-dee97a8cba55","type":"Microsoft.Authorization/policyDefinitions","name":"2c7c575a-d4c5-4f6f-bd49-dee97a8cba55"},{"properties":{"displayName":"Microsoft
+ Managed Control 1344 - Authenticator Feedback","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1344"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c895fe7-2d8e-43a2-838c-3a533a5b355e","type":"Microsoft.Authorization/policyDefinitions","name":"2c895fe7-2d8e-43a2-838c-3a533a5b355e"},{"properties":{"displayName":"Unattached
disks should be encrypted","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any unattached disk without encryption enabled.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/disks"},{"field":"Microsoft.Compute/disks/diskState","equals":"Unattached"},{"anyOf":[{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","exists":"false"},{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","type":"Microsoft.Authorization/policyDefinitions","name":"2c89a2e5-7285-40fe-afe0-ae8654b92fb2"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/disks"},{"field":"Microsoft.Compute/disks/diskState","equals":"Unattached"},{"anyOf":[{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","exists":"false"},{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","type":"Microsoft.Authorization/policyDefinitions","name":"2c89a2e5-7285-40fe-afe0-ae8654b92fb2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1593 - External Information System Services | Processing,
+ Storage, And Service Location","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1593"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2cd0a426-b5f5-4fe0-9539-a6043cdbc6fa","type":"Microsoft.Authorization/policyDefinitions","name":"2cd0a426-b5f5-4fe0-9539-a6043cdbc6fa"},{"properties":{"displayName":"Microsoft
+ Managed Control 1546 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1546"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2ce1ea7e-4038-4e53-82f4-63e8859333c1","type":"Microsoft.Authorization/policyDefinitions","name":"2ce1ea7e-4038-4e53-82f4-63e8859333c1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1414 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1414"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2ce63a52-e47b-4ae2-adbb-6e40d967f9e6","type":"Microsoft.Authorization/policyDefinitions","name":"2ce63a52-e47b-4ae2-adbb-6e40d967f9e6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1679 - Malicious Code Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1679"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2cf42a28-193e-41c5-98df-7688e7ef0a88","type":"Microsoft.Authorization/policyDefinitions","name":"2cf42a28-193e-41c5-98df-7688e7ef0a88"},{"properties":{"displayName":"Microsoft
+ Managed Control 1068 - Wireless Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1068"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d045bca-a0fd-452e-9f41-4ec33769717c","type":"Microsoft.Authorization/policyDefinitions","name":"2d045bca-a0fd-452e-9f41-4ec33769717c"},{"properties":{"displayName":"App
+ Service should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any App Service not configured to use a virtual network service
+ endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/virtualNetworkConnections","existenceCondition":{"field":"Microsoft.Web/sites/virtualnetworkconnections/vnetResourceId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d21331d-a4c2-4def-a9ad-ee4e1e023beb","type":"Microsoft.Authorization/policyDefinitions","name":"2d21331d-a4c2-4def-a9ad-ee4e1e023beb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1704 - Security Alerts, Advisories, And Directives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1704"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d44b6fa-1134-4ea6-ad4e-9edb68f65429","type":"Microsoft.Authorization/policyDefinitions","name":"2d44b6fa-1134-4ea6-ad4e-9edb68f65429"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that do not store passwords using reversible
encryption","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
@@ -447,7 +1019,35 @@ interactions:
initiative. This definition allows Azure Policy to process the results of
auditing Linux virtual machines that allow remote connections from accounts
without passwords. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","type":"Microsoft.Authorization/policyDefinitions","name":"2d67222d-05fd-4526-a171-2ee132ad9e83"},{"properties":{"displayName":"[Deprecated]:
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","type":"Microsoft.Authorization/policyDefinitions","name":"2d67222d-05fd-4526-a171-2ee132ad9e83"},{"properties":{"displayName":"Microsoft
+ Managed Control 1077 - Use Of External Information Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1077"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2dad3668-797a-412e-a798-07d3849a7a79","type":"Microsoft.Authorization/policyDefinitions","name":"2dad3668-797a-412e-a798-07d3849a7a79"},{"properties":{"displayName":"Microsoft
+ Managed Control 1149 - Security Assessments | Specialized Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1149"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2e1b855b-a013-481a-aeeb-2bcb129fd35d","type":"Microsoft.Authorization/policyDefinitions","name":"2e1b855b-a013-481a-aeeb-2bcb129fd35d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1497 - System Security Plan | Plan / Coordinate With Other
+ Organizational Entities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1497"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2e3c5583-1729-4d36-8771-59c32f090a22","type":"Microsoft.Authorization/policyDefinitions","name":"2e3c5583-1729-4d36-8771-59c32f090a22"},{"properties":{"displayName":"Microsoft
+ Managed Control 1000 - Access Control Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1000"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2ef3cc79-733e-48ed-ab6f-7bf439e9b406","type":"Microsoft.Authorization/policyDefinitions","name":"2ef3cc79-733e-48ed-ab6f-7bf439e9b406"},{"properties":{"displayName":"Microsoft
+ Managed Control 1519 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1519"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2f13915a-324c-4ab8-b45c-2eefeeefb098","type":"Microsoft.Authorization/policyDefinitions","name":"2f13915a-324c-4ab8-b45c-2eefeeefb098"},{"properties":{"displayName":"[Preview]:
+ Network traffic data collection agent should be installed on Windows virtual
+ machines","policyType":"BuiltIn","mode":"Indexed","description":"Security
+ Center uses the Microsoft Monitoring Dependency Agent to collect network traffic
+ data from your Azure virtual machines to enable advanced network protection
+ features such as traffic visualization on the network map, network hardening
+ recommendations and specific network threats.","metadata":{"category":"Monitoring","preview":"true"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable Dependency Agent for Windows VMs monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2f2ee1de-44aa-4762-b6bd-0893fc3f306d","type":"Microsoft.Authorization/policyDefinitions","name":"2f2ee1de-44aa-4762-b6bd-0893fc3f306d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1144 - Security Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1144"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fa15ff1-a693-4ee4-b094-324818dc9a51","type":"Microsoft.Authorization/policyDefinitions","name":"2fa15ff1-a693-4ee4-b094-324818dc9a51"},{"properties":{"displayName":"Microsoft
+ Managed Control 1090 - Security Awareness Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1090"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fb740e5-cbc7-4d10-8686-d1bf826652b1","type":"Microsoft.Authorization/policyDefinitions","name":"2fb740e5-cbc7-4d10-8686-d1bf826652b1"},{"properties":{"displayName":"[Deprecated]:
Web Application should only be accessible over HTTPS","policyType":"BuiltIn","mode":"All","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"Security
@@ -470,14 +1070,21 @@ interactions:
https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"DomainName":{"type":"String","metadata":{"displayName":"Domain
Name (FQDN)","description":"The fully qualified domain name (FQDN) that the
Windows VMs should be joined to"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDomainMembership","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[DomainMembership]WindowsDomainMembership;DomainName'',
- ''='', parameters(''DomainName'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDomainMembership"},"DomainName":{"value":"[parameters(''DomainName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"DomainName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[DomainMembership]WindowsDomainMembership;DomainName","value":"[parameters(''DomainName'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[DomainMembership]WindowsDomainMembership;DomainName","value":"[parameters(''DomainName'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/315c850a-272d-4502-8935-b79010405970","type":"Microsoft.Authorization/policyDefinitions","name":"315c850a-272d-4502-8935-b79010405970"},{"properties":{"displayName":"[Preview]:
+ ''='', parameters(''DomainName'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDomainMembership"},"DomainName":{"value":"[parameters(''DomainName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"DomainName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[DomainMembership]WindowsDomainMembership;DomainName","value":"[parameters(''DomainName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[DomainMembership]WindowsDomainMembership;DomainName","value":"[parameters(''DomainName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/315c850a-272d-4502-8935-b79010405970","type":"Microsoft.Authorization/policyDefinitions","name":"315c850a-272d-4502-8935-b79010405970"},{"properties":{"displayName":"Microsoft
+ Managed Control 1042 - Least Privilege | Auditing Use Of Privileged Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1042"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/319dc4f0-0fed-4ac9-8fc3-7aeddee82c07","type":"Microsoft.Authorization/policyDefinitions","name":"319dc4f0-0fed-4ac9-8fc3-7aeddee82c07"},{"properties":{"displayName":"Microsoft
+ Managed Control 1698 - Information System Monitoring | Individuals Posing
+ Greater Risk","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1698"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/31b752c1-05a9-432a-8fce-c39b56550119","type":"Microsoft.Authorization/policyDefinitions","name":"31b752c1-05a9-432a-8fce-c39b56550119"},{"properties":{"displayName":"[Preview]:
Audit Log Analytics Agent Deployment - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports
VMs as non-compliant if the VM Image (OS) is not in the list defined and the
agent is not installed. The list of OS images will be updated over time as
@@ -485,7 +1092,13 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","type":"Microsoft.Authorization/policyDefinitions","name":"32133ab0-ee4b-4b44-98d6-042180979d50"},{"properties":{"displayName":"Deploy
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","type":"Microsoft.Authorization/policyDefinitions","name":"32133ab0-ee4b-4b44-98d6-042180979d50"},{"properties":{"displayName":"Microsoft
+ Managed Control 1587 - External Information System Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1587"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32820956-9c6d-4376-934c-05cd8525be7c","type":"Microsoft.Authorization/policyDefinitions","name":"32820956-9c6d-4376-934c-05cd8525be7c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1333 - Authenticator Management | Pki-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1333"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3298d6bf-4bc6-4278-a95d-f7ef3ac6e594","type":"Microsoft.Authorization/policyDefinitions","name":"3298d6bf-4bc6-4278-a95d-f7ef3ac6e594"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs on which the specified services are not
installed and ''Running''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -497,42 +1110,66 @@ interactions:
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"ServiceName":{"type":"String","metadata":{"displayName":"Service
names (supports wildcards)","description":"A semicolon-separated list of the
names of the services that should be installed and ''Running''. e.g. ''WinRm;Wi*''"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsServiceStatus","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[WindowsServiceStatus]WindowsServiceStatus1;ServiceName'',
- ''='', parameters(''ServiceName'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsServiceStatus"},"ServiceName":{"value":"[parameters(''ServiceName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ServiceName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsServiceStatus]WindowsServiceStatus1;ServiceName","value":"[parameters(''ServiceName'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsServiceStatus]WindowsServiceStatus1;ServiceName","value":"[parameters(''ServiceName'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32b1e4d4-6cd5-47b4-a935-169da8a5c262","type":"Microsoft.Authorization/policyDefinitions","name":"32b1e4d4-6cd5-47b4-a935-169da8a5c262"},{"properties":{"displayName":"[Preview]:
+ ''='', parameters(''ServiceName'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsServiceStatus"},"ServiceName":{"value":"[parameters(''ServiceName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ServiceName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsServiceStatus]WindowsServiceStatus1;ServiceName","value":"[parameters(''ServiceName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsServiceStatus]WindowsServiceStatus1;ServiceName","value":"[parameters(''ServiceName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32b1e4d4-6cd5-47b4-a935-169da8a5c262","type":"Microsoft.Authorization/policyDefinitions","name":"32b1e4d4-6cd5-47b4-a935-169da8a5c262"},{"properties":{"displayName":"Microsoft
+ Managed Control 1445 - Physical And Environmental Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1445"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32d07d59-2716-4972-b37b-214a67ac4a37","type":"Microsoft.Authorization/policyDefinitions","name":"32d07d59-2716-4972-b37b-214a67ac4a37"},{"properties":{"displayName":"Microsoft
+ Managed Control 1282 - Telecommunications Services | Single Points Of Failure","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1282"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34042a97-ec6d-4263-93d2-8c1c46823b2a","type":"Microsoft.Authorization/policyDefinitions","name":"34042a97-ec6d-4263-93d2-8c1c46823b2a"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Linux VMs that have accounts without passwords","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Linux virtual machines
that have accounts without passwords. It also creates a system-assigned managed
identity and deploys the VM extension for Guest Configuration. This policy
should only be used along with its corresponding audit policy in an initiative.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid232","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid232"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","type":"Microsoft.Authorization/policyDefinitions","name":"3470477a-b35a-49db-aca5-1073d04524fe"},{"properties":{"displayName":"Audit
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid232","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid232"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","type":"Microsoft.Authorization/policyDefinitions","name":"3470477a-b35a-49db-aca5-1073d04524fe"},{"properties":{"displayName":"Microsoft
+ Managed Control 1151 - System Interconnections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1151"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/347e3b69-7fb7-47df-a8ef-71a1a7b44bca","type":"Microsoft.Authorization/policyDefinitions","name":"347e3b69-7fb7-47df-a8ef-71a1a7b44bca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1412 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1412"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3492d949-0dbb-4589-88b3-7b59601cc764","type":"Microsoft.Authorization/policyDefinitions","name":"3492d949-0dbb-4589-88b3-7b59601cc764"},{"properties":{"displayName":"Microsoft
+ Managed Control 1475 - Emergency Lighting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1475"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34a63848-30cf-4081-937e-ce1a1c885501","type":"Microsoft.Authorization/policyDefinitions","name":"34a63848-30cf-4081-937e-ce1a1c885501"},{"properties":{"displayName":"Microsoft
+ Managed Control 1060 - Remote Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1060"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34a987fd-2003-45de-a120-014956581f2b","type":"Microsoft.Authorization/policyDefinitions","name":"34a987fd-2003-45de-a120-014956581f2b"},{"properties":{"displayName":"Audit
unrestricted network access to storage accounts","policyType":"BuiltIn","mode":"Indexed","description":"Audit
unrestricted network access in your storage account firewall settings. Instead,
configure network rules so only applications from allowed networks can access
the storage account. To allow connections from specific internet or on-premise
clients, access can be granted to traffic from specific Azure virtual networks
or to public internet IP address ranges","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.defaultAction","equals":"Allow"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","type":"Microsoft.Authorization/policyDefinitions","name":"34c877ad-507e-4c82-993e-3452a6e0ad3c"},{"properties":{"displayName":"Diagnostic
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.defaultAction","equals":"Allow"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","type":"Microsoft.Authorization/policyDefinitions","name":"34c877ad-507e-4c82-993e-3452a6e0ad3c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1341 - Authenticator Management | Multiple Information System
+ Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1341"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34cb7e92-fe4c-4826-b51e-8cd203fa5d35","type":"Microsoft.Authorization/policyDefinitions","name":"34cb7e92-fe4c-4826-b51e-8cd203fa5d35"},{"properties":{"displayName":"Diagnostic
logs in Logic Apps should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Logic Apps"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","type":"Microsoft.Authorization/policyDefinitions","name":"34f95f76-5386-4de7-b824-0d8478470c9d"},{"properties":{"displayName":"[Preview]:
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","type":"Microsoft.Authorization/policyDefinitions","name":"34f95f76-5386-4de7-b824-0d8478470c9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1210 - Configuration Settings","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1210"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3502c968-c490-4570-8167-1476f955e9b8","type":"Microsoft.Authorization/policyDefinitions","name":"3502c968-c490-4570-8167-1476f955e9b8"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not have a maximum password
age of 70 days","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -540,31 +1177,51 @@ interactions:
managed identity and deploys the VM extension for Guest Configuration. This
policy should only be used along with its corresponding audit policy in an
initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MaximumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MaximumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","type":"Microsoft.Authorization/policyDefinitions","name":"356a906e-05e5-4625-8729-90771e0ee934"},{"properties":{"displayName":"CORS
should not allow every resource to access your API App","policyType":"BuiltIn","mode":"Indexed","description":"Cross-Origin
Resource Sharing (CORS) should not allow all domains to access your API app.
Allow only required domains to interact with your API app.","metadata":{"category":"App
Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","type":"Microsoft.Authorization/policyDefinitions","name":"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac"},{"properties":{"displayName":"Gateway
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","type":"Microsoft.Authorization/policyDefinitions","name":"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1659 - Architecture And Provisioning For Name / Address Resolution
+ Service","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1659"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/35a4102f-a778-4a2e-98c2-971056288df8","type":"Microsoft.Authorization/policyDefinitions","name":"35a4102f-a778-4a2e-98c2-971056288df8"},{"properties":{"displayName":"Gateway
subnets should not be configured with a network security group","policyType":"BuiltIn","mode":"All","description":"This
policy denies if a gateway subnet is configured with a network security group.
Assigning a network security group to a gateway subnet will cause the gateway
- to stop functioning.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},{"field":"name","equals":"GatewaySubnet"},{"field":"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id","exists":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010","type":"Microsoft.Authorization/policyDefinitions","name":"35f9c03a-cc27-418e-9c0c-539ff999d010"},{"properties":{"displayName":"Deploy
+ to stop functioning.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},{"field":"name","equals":"GatewaySubnet"},{"field":"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id","exists":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010","type":"Microsoft.Authorization/policyDefinitions","name":"35f9c03a-cc27-418e-9c0c-539ff999d010"},{"properties":{"displayName":"Microsoft
+ Managed Control 1043 - Least Privilege | Prohibit Non-Privileged Users From
+ Executing Privileged Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1043"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/361a77f6-0f9c-4748-8eec-bc13aaaa2455","type":"Microsoft.Authorization/policyDefinitions","name":"361a77f6-0f9c-4748-8eec-bc13aaaa2455"},{"properties":{"displayName":"Deploy
Advanced Threat Protection on Storage Accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
policy enables Advanced Threat Protection on Storage Accounts.","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Storage/storageAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"storageAccountName":{"type":"string"}},"resources":[{"apiVersion":"2017-08-01-preview","type":"Microsoft.Storage/storageAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''storageAccountName''),
- ''/Microsoft.Security/current'')]","properties":{"isEnabled":true}}]},"parameters":{"storageAccountName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c","type":"Microsoft.Authorization/policyDefinitions","name":"361c2074-3595-4e5d-8cab-4f21dffc835c"},{"properties":{"displayName":"Automation
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Storage/storageAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"storageAccountName":{"type":"string"}},"resources":[{"apiVersion":"2019-01-01","type":"Microsoft.Storage/storageAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''storageAccountName''),
+ ''/Microsoft.Security/current'')]","properties":{"isEnabled":true}}]},"parameters":{"storageAccountName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c","type":"Microsoft.Authorization/policyDefinitions","name":"361c2074-3595-4e5d-8cab-4f21dffc835c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1313 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1313"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36220f5b-79a1-4cdb-8c74-2d2449f9a510","type":"Microsoft.Authorization/policyDefinitions","name":"36220f5b-79a1-4cdb-8c74-2d2449f9a510"},{"properties":{"displayName":"Microsoft
+ Managed Control 1630 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1630"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3643717a-3897-4bfd-8530-c7c96b26b2a0","type":"Microsoft.Authorization/policyDefinitions","name":"3643717a-3897-4bfd-8530-c7c96b26b2a0"},{"properties":{"displayName":"Automation
account variables should be encrypted","policyType":"BuiltIn","mode":"All","description":"It
is important to enable encryption of Automation account variable assets when
storing sensitive data","metadata":{"category":"Automation"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Automation/automationAccounts/variables"},{"field":"Microsoft.Automation/automationAccounts/variables/isEncrypted","notEquals":"true"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","type":"Microsoft.Authorization/policyDefinitions","name":"3657f5a0-770e-44a3-b44e-9431ba1e9735"},{"properties":{"displayName":"Deploy
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Automation/automationAccounts/variables"},{"field":"Microsoft.Automation/automationAccounts/variables/isEncrypted","notEquals":"true"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","type":"Microsoft.Authorization/policyDefinitions","name":"3657f5a0-770e-44a3-b44e-9431ba1e9735"},{"properties":{"displayName":"Microsoft
+ Managed Control 1339 - Authenticator Management | Protection Of Authenticators","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1339"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/367ae386-db7f-4167-b672-984ff86277c0","type":"Microsoft.Authorization/policyDefinitions","name":"367ae386-db7f-4167-b672-984ff86277c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1685 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1685"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36b0ef30-366f-4b1b-8652-a3511df11f53","type":"Microsoft.Authorization/policyDefinitions","name":"36b0ef30-366f-4b1b-8652-a3511df11f53"},{"properties":{"displayName":"Deploy
Threat Detection on SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy ensures that Threat Detection is enabled on SQL Servers.","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/securityAlertPolicies.state","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"serverName":{"type":"string"}},"variables":{},"resources":[{"name":"[concat(parameters(''serverName''),
''/Default'')]","type":"Microsoft.Sql/servers/securityAlertPolicies","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","emailAccountAdmins":true}}]},"parameters":{"serverName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5","type":"Microsoft.Authorization/policyDefinitions","name":"36d49e87-48c4-4f2e-beed-ba4ed02b71f5"},{"properties":{"displayName":"[Preview]:
@@ -613,7 +1270,10 @@ interactions:
clients;ExpectedValue","value":"[parameters(''NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients'')]"},{"name":"Network
security: Minimum session security for NTLM SSP based (including secure RPC)
servers;ExpectedValue","value":"[parameters(''NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36e17963-7202-494a-80c3-f508211c826b","type":"Microsoft.Authorization/policyDefinitions","name":"36e17963-7202-494a-80c3-f508211c826b"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36e17963-7202-494a-80c3-f508211c826b","type":"Microsoft.Authorization/policyDefinitions","name":"36e17963-7202-494a-80c3-f508211c826b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1557 - Vulnerability Scanning | Review Historic Audit Logs","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1557"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36fbe499-f2f2-41b6-880e-52d7ea1d94a5","type":"Microsoft.Authorization/policyDefinitions","name":"36fbe499-f2f2-41b6-880e-52d7ea1d94a5"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Interactive Logon''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -624,33 +1284,86 @@ interactions:
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsInteractiveLogon","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsInteractiveLogon"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3750712b-43d0-478e-9966-d2c26f6141b9","type":"Microsoft.Authorization/policyDefinitions","name":"3750712b-43d0-478e-9966-d2c26f6141b9"},{"properties":{"displayName":"Storage
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3750712b-43d0-478e-9966-d2c26f6141b9","type":"Microsoft.Authorization/policyDefinitions","name":"3750712b-43d0-478e-9966-d2c26f6141b9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1624 - Boundary Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1624"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37d079e3-d6aa-4263-a069-dd7ac6dd9684","type":"Microsoft.Authorization/policyDefinitions","name":"37d079e3-d6aa-4263-a069-dd7ac6dd9684"},{"properties":{"displayName":"Storage
accounts should be migrated to new Azure Resource Manager resources","policyType":"BuiltIn","mode":"All","description":"Use
new Azure Resource Manager for your storage accounts to provide security enhancements
such as: stronger access control (RBAC), better auditing, Azure Resource Manager
based deployment and governance, access to managed identities, access to key
vault for secrets, Azure AD-based authentication and support for tags and
resource groups for easier security management","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.classicStorage/storageAccounts"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","type":"Microsoft.Authorization/policyDefinitions","name":"37e0d2fe-28a5-43d6-a273-67d37d1f5606"},{"properties":{"displayName":"Diagnostic
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.ClassicStorage/storageAccounts","Microsoft.Storage/StorageAccounts"]},{"value":"[field(''type'')]","equals":"Microsoft.ClassicStorage/storageAccounts"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","type":"Microsoft.Authorization/policyDefinitions","name":"37e0d2fe-28a5-43d6-a273-67d37d1f5606"},{"properties":{"displayName":"Microsoft
+ Managed Control 1335 - Authenticator Management | Pki-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1335"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/382016f3-d4ba-4e15-9716-55077ec4dc2a","type":"Microsoft.Authorization/policyDefinitions","name":"382016f3-d4ba-4e15-9716-55077ec4dc2a"},{"properties":{"displayName":"Diagnostic
logs in IoT Hub should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Internet of Things"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Devices/IotHubs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","type":"Microsoft.Authorization/policyDefinitions","name":"383856f8-de7f-44a2-81fc-e5135b5c2aa4"},{"properties":{"displayName":"Advanced
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Devices/IotHubs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","type":"Microsoft.Authorization/policyDefinitions","name":"383856f8-de7f-44a2-81fc-e5135b5c2aa4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1081 - Information Sharing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1081"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3867f2a9-23bb-4729-851f-c3ad98580caf","type":"Microsoft.Authorization/policyDefinitions","name":"3867f2a9-23bb-4729-851f-c3ad98580caf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1522 - Personnel Transfer","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1522"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/38b470cc-f939-4a15-80e0-9f0c74f2e2c9","type":"Microsoft.Authorization/policyDefinitions","name":"38b470cc-f939-4a15-80e0-9f0c74f2e2c9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1416 - Nonlocal Maintenance | Document Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1416"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/38dfd8a3-5290-4099-88b7-4081f4c4d8ae","type":"Microsoft.Authorization/policyDefinitions","name":"38dfd8a3-5290-4099-88b7-4081f4c4d8ae"},{"properties":{"displayName":"Microsoft
+ Managed Control 1397 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1397"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/391af4ab-1117-46b9-b2c7-78bbd5cd995b","type":"Microsoft.Authorization/policyDefinitions","name":"391af4ab-1117-46b9-b2c7-78bbd5cd995b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1556 - Vulnerability Scanning | Automated Trend Analyses","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1556"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/391ff8b3-afed-405e-9f7d-ef2f8168d5da","type":"Microsoft.Authorization/policyDefinitions","name":"391ff8b3-afed-405e-9f7d-ef2f8168d5da"},{"properties":{"displayName":"Advanced
data security settings for SQL managed instance should contain an email address
to receive security alerts","policyType":"BuiltIn","mode":"Indexed","description":"Ensure
that an email address is provided for the ''Send alerts to'' field in the
Advanced Data Security server settings. This email address receives alert
notifications when anomalous activities are detected on SQL managed instances.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","notEquals":""},{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","type":"Microsoft.Authorization/policyDefinitions","name":"3965c43d-b5f4-482e-b74a-d89ee0e0b3a8"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","notEquals":""},{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","type":"Microsoft.Authorization/policyDefinitions","name":"3965c43d-b5f4-482e-b74a-d89ee0e0b3a8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1232 - Configuration Management Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1232"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/396ba986-eac1-4d6d-85c4-d3fda6b78272","type":"Microsoft.Authorization/policyDefinitions","name":"396ba986-eac1-4d6d-85c4-d3fda6b78272"},{"properties":{"displayName":"Microsoft
+ Managed Control 1246 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1246"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/398eb61e-8111-40d5-a0c9-003df28f1753","type":"Microsoft.Authorization/policyDefinitions","name":"398eb61e-8111-40d5-a0c9-003df28f1753"},{"properties":{"displayName":"FTPS
+ only should be required in your Function App","policyType":"BuiltIn","mode":"Indexed","description":"Enable
+ FTPS enforcement for enhanced security","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/ftpsState","equals":"FtpsOnly"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15","type":"Microsoft.Authorization/policyDefinitions","name":"399b2637-a50f-4f95-96f8-3a145476eb15"},{"properties":{"displayName":"Microsoft
+ Managed Control 1680 - Malicious Code Protection | Central Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1680"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/399cd6ee-0e18-41db-9dea-cde3bd712f38","type":"Microsoft.Authorization/policyDefinitions","name":"399cd6ee-0e18-41db-9dea-cde3bd712f38"},{"properties":{"displayName":"Microsoft
+ Managed Control 1228 - Information System Component Inventory | Accountability
+ Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1228"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/39c54140-5902-4079-8bb5-ad31936fe764","type":"Microsoft.Authorization/policyDefinitions","name":"39c54140-5902-4079-8bb5-ad31936fe764"},{"properties":{"displayName":"Microsoft
+ Managed Control 1039 - Least Privilege | Review Of User Privileges","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1039"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3a7b9de4-a8a2-4672-914d-c5f6752aa7f9","type":"Microsoft.Authorization/policyDefinitions","name":"3a7b9de4-a8a2-4672-914d-c5f6752aa7f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1648 - Collaborative Computing Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1648"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3a9eb14b-495a-4ebb-933c-ce4ef5264e32","type":"Microsoft.Authorization/policyDefinitions","name":"3a9eb14b-495a-4ebb-933c-ce4ef5264e32"},{"properties":{"displayName":"Microsoft
+ Managed Control 1315 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1315"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3aa87116-f1a1-4edb-bfbf-14e036f8d454","type":"Microsoft.Authorization/policyDefinitions","name":"3aa87116-f1a1-4edb-bfbf-14e036f8d454"},{"properties":{"displayName":"[Preview]:
Pod Security Policies should be defined on Kubernetes Services","policyType":"BuiltIn","mode":"All","description":"Define
Pod Security Policies to reduce the attack vector by removing unnecessary
application privileges. It is recommended to configure Pod Security Policies
to only allow pods to access the resources which they have permissions to
access.","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","exists":"false"},{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94","type":"Microsoft.Authorization/policyDefinitions","name":"3abeb944-26af-43ee-b83d-32aaf060fb94"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","exists":"false"},{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94","type":"Microsoft.Authorization/policyDefinitions","name":"3abeb944-26af-43ee-b83d-32aaf060fb94"},{"properties":{"displayName":"Microsoft
+ Managed Control 1548 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1548"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3afe6c78-6124-4d95-b85c-eb8c0c9539cb","type":"Microsoft.Authorization/policyDefinitions","name":"3afe6c78-6124-4d95-b85c-eb8c0c9539cb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1266 - Contingency Plan Testing | Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1266"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3b4a3eb2-c25d-40bf-ad41-5094b6f59cee","type":"Microsoft.Authorization/policyDefinitions","name":"3b4a3eb2-c25d-40bf-ad41-5094b6f59cee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1003 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1003"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3b68b179-3704-4ff7-b51d-7d65374d165d","type":"Microsoft.Authorization/policyDefinitions","name":"3b68b179-3704-4ff7-b51d-7d65374d165d"},{"properties":{"displayName":"[Preview]:
Deploy Dependency Agent for Windows VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the
list defined and the agent is not installed. The list of OS images will be
@@ -680,15 +1393,40 @@ interactions:
in security configuration on your virtual machine scale sets should be remediated","policyType":"BuiltIn","mode":"Indexed","description":"Audit
the OS vulnerabilities on your virtual machine scale sets to protect them
from attacks.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OsVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","type":"Microsoft.Authorization/policyDefinitions","name":"3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OsVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","type":"Microsoft.Authorization/policyDefinitions","name":"3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1621 - Resource Availability","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1621"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3cb9f731-744a-4691-a481-ca77b0411538","type":"Microsoft.Authorization/policyDefinitions","name":"3cb9f731-744a-4691-a481-ca77b0411538"},{"properties":{"displayName":"Microsoft
+ Managed Control 1521 - Personnel Termination | Automated Notification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1521"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3cbddf9c-a3aa-4330-a0f5-4c0c1f1862e5","type":"Microsoft.Authorization/policyDefinitions","name":"3cbddf9c-a3aa-4330-a0f5-4c0c1f1862e5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1127 - Time Stamps","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1127"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3ce328db-aef3-48ed-9f81-2ab7cf839c66","type":"Microsoft.Authorization/policyDefinitions","name":"3ce328db-aef3-48ed-9f81-2ab7cf839c66"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Search Services to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Search Services to stream to a regional Event
+ Hub when any Search Services which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Search/searchServices/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d5da587-71bd-41f5-ac95-dd3330c2d58d","type":"Microsoft.Authorization/policyDefinitions","name":"3d5da587-71bd-41f5-ac95-dd3330c2d58d"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Devices''","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Security
Options - Devices''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsDevices","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d7b154e-2700-4c8c-9e46-cb65ac1578c2","type":"Microsoft.Authorization/policyDefinitions","name":"3d7b154e-2700-4c8c-9e46-cb65ac1578c2"},{"properties":{"displayName":"Deploy
- default Log Analytics Agent for Ubuntu VMs","policyType":"BuiltIn","mode":"Indexed","description":"This
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsDevices","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d7b154e-2700-4c8c-9e46-cb65ac1578c2","type":"Microsoft.Authorization/policyDefinitions","name":"3d7b154e-2700-4c8c-9e46-cb65ac1578c2"},{"properties":{"displayName":"[Deprecated]:
+ Deploy default Log Analytics Agent for Ubuntu VMs","policyType":"BuiltIn","mode":"Indexed","description":"This
policy deploys the Log Analytics Agent on Ubuntu VMs, and connects to the
selected Log Analytics workspace","metadata":{"category":"Compute","deprecated":true},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log
Analytics workspace","description":"Select Log Analytics workspace from dropdown
@@ -697,22 +1435,43 @@ interactions:
policy assignment''s principal ID.","strongType":"omsWorkspace"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS","16.04-LTS","16.04.0-LTS","14.04.2-LTS","12.04.5-LTS"]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"OmsAgentForLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"resources":[{"name":"[concat(parameters(''vmName''),''/omsPolicy'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2017-12-01","properties":{"publisher":"Microsoft.EnterpriseCloud.Monitoring","type":"OmsAgentForLinux","typeHandlerVersion":"1.4","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
''2015-03-20'').customerId]"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- monitoring for Linux VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38","type":"Microsoft.Authorization/policyDefinitions","name":"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38"},{"properties":{"displayName":"Azure
+ monitoring for Linux VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38","type":"Microsoft.Authorization/policyDefinitions","name":"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38"},{"properties":{"displayName":"Microsoft
+ Managed Control 1385 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1385"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3e495e65-8663-49ca-9b38-9f45e800bc58","type":"Microsoft.Authorization/policyDefinitions","name":"3e495e65-8663-49ca-9b38-9f45e800bc58"},{"properties":{"displayName":"Azure
Monitor solution ''Security and Audit'' must be deployed","policyType":"BuiltIn","mode":"All","description":"This
policy ensures that Security and Audit is deployed.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.OperationsManagement/solutions","existenceCondition":{"allOf":[{"field":"Microsoft.OperationsManagement/solutions/provisioningState","equals":"Succeeded"},{"field":"name","like":"Security(*)"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3e596b57-105f-48a6-be97-03e9243bad6e","type":"Microsoft.Authorization/policyDefinitions","name":"3e596b57-105f-48a6-be97-03e9243bad6e"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.OperationsManagement/solutions","existenceCondition":{"allOf":[{"field":"Microsoft.OperationsManagement/solutions/provisioningState","equals":"Succeeded"},{"field":"name","like":"Security(*)"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3e596b57-105f-48a6-be97-03e9243bad6e","type":"Microsoft.Authorization/policyDefinitions","name":"3e596b57-105f-48a6-be97-03e9243bad6e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1160 - Security Authorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1160"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3e797ca6-2aa8-4333-b335-7036f1110c05","type":"Microsoft.Authorization/policyDefinitions","name":"3e797ca6-2aa8-4333-b335-7036f1110c05"},{"properties":{"displayName":"Microsoft
+ Managed Control 1545 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1545"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3f4b171a-a56b-4328-8112-32cf7f947ee1","type":"Microsoft.Authorization/policyDefinitions","name":"3f4b171a-a56b-4328-8112-32cf7f947ee1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1179 - Baseline Configuration | Reviews And Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1179"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3f9ce557-c8ab-4e6c-bb2c-9b8ed002c46c","type":"Microsoft.Authorization/policyDefinitions","name":"3f9ce557-c8ab-4e6c-bb2c-9b8ed002c46c"},{"properties":{"displayName":"[Deprecated]:
Audit API Applications that are not using latest supported PHP Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported PHP version for the latest security classes. Using older
classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66","type":"Microsoft.Authorization/policyDefinitions","name":"3fe37002-5d00-4b37-a301-da09e3a0ca66"},{"properties":{"displayName":"Secure
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66","type":"Microsoft.Authorization/policyDefinitions","name":"3fe37002-5d00-4b37-a301-da09e3a0ca66"},{"properties":{"displayName":"Microsoft
+ Managed Control 1561 - Allocation Of Resources","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1561"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40364c3f-c331-4e29-b1e3-2fbe998ba2f5","type":"Microsoft.Authorization/policyDefinitions","name":"40364c3f-c331-4e29-b1e3-2fbe998ba2f5"},{"properties":{"displayName":"Secure
transfer to storage accounts should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
requirment of Secure transfer in your storage account. Secure transfer is
an option that forces your storage account to accept requests only from secure
connections (HTTPS). Use of HTTPS ensures authentication between the server
and the service and protects data in transit from network layer attacks such
as man-in-the-middle, eavesdropping, and session-hijacking","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","type":"Microsoft.Authorization/policyDefinitions","name":"404c3081-a854-4457-ae30-26a93ef643f9"},{"properties":{"displayName":"[Preview]:
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","type":"Microsoft.Authorization/policyDefinitions","name":"404c3081-a854-4457-ae30-26a93ef643f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1100 - Audit And Accountability Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1100"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4057863c-ca7d-47eb-b1e0-503580cba8a4","type":"Microsoft.Authorization/policyDefinitions","name":"4057863c-ca7d-47eb-b1e0-503580cba8a4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1637 - Boundary Protection | Fail Secure","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1637"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4075bedc-c62a-4635-bede-a01be89807f3","type":"Microsoft.Authorization/policyDefinitions","name":"4075bedc-c62a-4635-bede-a01be89807f3"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Administrative
Templates - System''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -742,11 +1501,41 @@ interactions:
Driver Initialization Policy;ExpectedValue","value":"[parameters(''BootStartDriverInitializationPolicy'')]"},{"name":"Enable
Windows NTP Client;ExpectedValue","value":"[parameters(''EnableWindowsNTPClient'')]"},{"name":"Turn
on convenience PIN sign-in;ExpectedValue","value":"[parameters(''TurnOnConveniencePINSignin'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40917425-69db-4018-8dae-2a0556cef899","type":"Microsoft.Authorization/policyDefinitions","name":"40917425-69db-4018-8dae-2a0556cef899"},{"properties":{"displayName":"Azure
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40917425-69db-4018-8dae-2a0556cef899","type":"Microsoft.Authorization/policyDefinitions","name":"40917425-69db-4018-8dae-2a0556cef899"},{"properties":{"displayName":"Microsoft
+ Managed Control 1202 - Access Restrictions For Change","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1202"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40a2a83b-74f2-4c02-ae65-f460a5d2792a","type":"Microsoft.Authorization/policyDefinitions","name":"40a2a83b-74f2-4c02-ae65-f460a5d2792a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1438 - Media Sanitization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1438"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40fcc635-52a2-4dbc-9523-80a1f4aa1de6","type":"Microsoft.Authorization/policyDefinitions","name":"40fcc635-52a2-4dbc-9523-80a1f4aa1de6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1365 - Incident Handling | Continuity Of Operations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1365"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4116891d-72f7-46ee-911c-8056cc8dcbd5","type":"Microsoft.Authorization/policyDefinitions","name":"4116891d-72f7-46ee-911c-8056cc8dcbd5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1022 - Account Management | Shared / Group Account Credential
+ Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1022"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/411f7e2d-9a0b-4627-a0b9-1700432db47d","type":"Microsoft.Authorization/policyDefinitions","name":"411f7e2d-9a0b-4627-a0b9-1700432db47d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1464 - Monitoring Physical Access | Intrusion Alarms / Surveillance
+ Equipment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1464"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/41256567-1795-4684-b00b-a1308ce43cac","type":"Microsoft.Authorization/policyDefinitions","name":"41256567-1795-4684-b00b-a1308ce43cac"},{"properties":{"displayName":"Azure
Monitor should collect activity logs from all regions","policyType":"BuiltIn","mode":"All","description":"This
policy audits the Azure Monitor log profile which does not export activities
from all Azure supported regions including global.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiasoutheast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"brazilsouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francesouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japaneast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japanwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreasouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricanorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricawest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southeastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaenorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uksouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"ukwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"global"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","type":"Microsoft.Authorization/policyDefinitions","name":"41388f1c-2db0-4c25-95b2-35d7f5ccbfa9"},{"properties":{"displayName":"Diagnostic
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiasoutheast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"brazilsouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francesouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japaneast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japanwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreasouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricanorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricawest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southeastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaenorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uksouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"ukwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"global"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","type":"Microsoft.Authorization/policyDefinitions","name":"41388f1c-2db0-4c25-95b2-35d7f5ccbfa9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1263 - Contingency Plan Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1263"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/41472613-3b05-49f6-8fe8-525af113ce17","type":"Microsoft.Authorization/policyDefinitions","name":"41472613-3b05-49f6-8fe8-525af113ce17"},{"properties":{"displayName":"Microsoft
+ Managed Control 1096 - Role-Based Security Training | Practical Exercises","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1096"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/420c1477-aa43-49d0-bd7e-c4abdd9addff","type":"Microsoft.Authorization/policyDefinitions","name":"420c1477-aa43-49d0-bd7e-c4abdd9addff"},{"properties":{"displayName":"Microsoft
+ Managed Control 1260 - Contingency Training | Simulated Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1260"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/42254fc4-2738-4128-9613-72aaa4f0d9c3","type":"Microsoft.Authorization/policyDefinitions","name":"42254fc4-2738-4128-9613-72aaa4f0d9c3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1694 - Information System Monitoring | Analyze Communications
+ Traffic Anomalies","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1694"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/426c4ac9-ff17-49d0-acd7-a13c157081c0","type":"Microsoft.Authorization/policyDefinitions","name":"426c4ac9-ff17-49d0-acd7-a13c157081c0"},{"properties":{"displayName":"Diagnostic
logs in Batch accounts should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
@@ -770,7 +1559,20 @@ interactions:
Process Termination;ExpectedValue'', ''='', parameters(''AuditProcessTermination'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesDetailedTracking"},"AuditProcessTermination":{"value":"[parameters(''AuditProcessTermination'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AuditProcessTermination":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit
Process Termination;ExpectedValue","value":"[parameters(''AuditProcessTermination'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/42a07bbf-ffcf-459a-b4b1-30ecd118a505","type":"Microsoft.Authorization/policyDefinitions","name":"42a07bbf-ffcf-459a-b4b1-30ecd118a505"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/42a07bbf-ffcf-459a-b4b1-30ecd118a505","type":"Microsoft.Authorization/policyDefinitions","name":"42a07bbf-ffcf-459a-b4b1-30ecd118a505"},{"properties":{"displayName":"Microsoft
+ Managed Control 1174 - Configuration Management Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1174"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/42a9a714-8fbb-43ac-b115-ea12d2bd652f","type":"Microsoft.Authorization/policyDefinitions","name":"42a9a714-8fbb-43ac-b115-ea12d2bd652f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1137 - Audit Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1137"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4344df62-88ab-4637-b97b-bcaf2ec97e7c","type":"Microsoft.Authorization/policyDefinitions","name":"4344df62-88ab-4637-b97b-bcaf2ec97e7c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1367 - Incident Handling | Insider Threats - Specific Capabilities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1367"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/435b2547-6374-4f87-b42d-6e8dbe6ae62a","type":"Microsoft.Authorization/policyDefinitions","name":"435b2547-6374-4f87-b42d-6e8dbe6ae62a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1552 - Vulnerability Scanning | Update By Frequency / Prior
+ To New Scan / When Identified","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1552"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/43684572-e4f1-4642-af35-6b933bc506da","type":"Microsoft.Authorization/policyDefinitions","name":"43684572-e4f1-4642-af35-6b933bc506da"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- System settings''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -792,13 +1594,56 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"System
settings: Use Certificate Rules on Windows Executables for Software Restriction
Policies;ExpectedValue","value":"[parameters(''SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/437a1f8f-8552-47a8-8b12-a2fee3269dd5","type":"Microsoft.Authorization/policyDefinitions","name":"437a1f8f-8552-47a8-8b12-a2fee3269dd5"},{"properties":{"displayName":"[Deprecated]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/437a1f8f-8552-47a8-8b12-a2fee3269dd5","type":"Microsoft.Authorization/policyDefinitions","name":"437a1f8f-8552-47a8-8b12-a2fee3269dd5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1544 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1544"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/43ced7c9-cd53-456b-b0da-2522649a4271","type":"Microsoft.Authorization/policyDefinitions","name":"43ced7c9-cd53-456b-b0da-2522649a4271"},{"properties":{"displayName":"Microsoft
+ Managed Control 1398 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1398"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/443e8f3d-b51a-45d8-95a7-18b0e42f4dc4","type":"Microsoft.Authorization/policyDefinitions","name":"443e8f3d-b51a-45d8-95a7-18b0e42f4dc4"},{"properties":{"displayName":"[Deprecated]:
Monitor permissive network access in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Network
Security Groups with too permissive rules will be monitored by Azure Security
Center as recommendations","metadata":{"category":"Security Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"permissiveNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed","type":"Microsoft.Authorization/policyDefinitions","name":"44452482-524f-4bf4-b852-0bff7cc4a3ed"},{"properties":{"displayName":"Require
- SQL Server version 12.0","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy ensures all SQL servers use version 12.0","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers"},{"not":{"field":"Microsoft.Sql/servers/version","equals":"12.0"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf","type":"Microsoft.Authorization/policyDefinitions","name":"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"permissiveNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed","type":"Microsoft.Authorization/policyDefinitions","name":"44452482-524f-4bf4-b852-0bff7cc4a3ed"},{"properties":{"displayName":"Microsoft
+ Managed Control 1066 - Remote Access | Disconnect / Disable Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1066"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4455c2e8-c65d-4acf-895e-304916f90b36","type":"Microsoft.Authorization/policyDefinitions","name":"4455c2e8-c65d-4acf-895e-304916f90b36"},{"properties":{"displayName":"Microsoft
+ Managed Control 1720 - Spam Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1720"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44b9a7cd-f36a-491a-a48b-6d04ae7c4221","type":"Microsoft.Authorization/policyDefinitions","name":"44b9a7cd-f36a-491a-a48b-6d04ae7c4221"},{"properties":{"displayName":"Microsoft
+ Managed Control 1334 - Authenticator Management | Pki-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1334"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44bfdadc-8c2e-4c30-9c99-f005986fabcd","type":"Microsoft.Authorization/policyDefinitions","name":"44bfdadc-8c2e-4c30-9c99-f005986fabcd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1604 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1604"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44dbba23-0b61-478e-89c7-b3084667782f","type":"Microsoft.Authorization/policyDefinitions","name":"44dbba23-0b61-478e-89c7-b3084667782f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1712 - Software, Firmware, And Information Integrity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1712"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44e543aa-41db-42aa-98eb-8a5eb1db53f0","type":"Microsoft.Authorization/policyDefinitions","name":"44e543aa-41db-42aa-98eb-8a5eb1db53f0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1310 - Device Identification And Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1310"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/450d7ede-823d-4931-a99d-57f6a38807dc","type":"Microsoft.Authorization/policyDefinitions","name":"450d7ede-823d-4931-a99d-57f6a38807dc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1559 - System And Services Acquisition Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1559"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/45692294-f074-42bd-ac54-16f1a3c07554","type":"Microsoft.Authorization/policyDefinitions","name":"45692294-f074-42bd-ac54-16f1a3c07554"},{"properties":{"displayName":"Microsoft
+ Managed Control 1578 - Acquisition Process | Functions / Ports / Protocols
+ / Services In Use","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1578"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/45b7b644-5f91-498e-9d89-7402532d3645","type":"Microsoft.Authorization/policyDefinitions","name":"45b7b644-5f91-498e-9d89-7402532d3645"},{"properties":{"displayName":"Microsoft
+ Managed Control 1565 - System Development Life Cycle","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1565"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/45ce2396-5c76-4654-9737-f8792ab3d26b","type":"Microsoft.Authorization/policyDefinitions","name":"45ce2396-5c76-4654-9737-f8792ab3d26b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1337 - Authenticator Management | In-Person Or Trusted Third-Party
+ Registration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1337"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/463e5220-3f79-4e24-a63f-343e4096cd22","type":"Microsoft.Authorization/policyDefinitions","name":"463e5220-3f79-4e24-a63f-343e4096cd22"},{"properties":{"displayName":"[Deprecated]:
+ Require SQL Server version 12.0","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy ensures all SQL servers use version 12.0. This policy is deprecated
+ because it is no longer possible to create an Azure SQL server with any version
+ other than 12.0.","metadata":{"category":"SQL","deprecated":"true"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers"},{"not":{"field":"Microsoft.Sql/servers/version","equals":"12.0"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf","type":"Microsoft.Authorization/policyDefinitions","name":"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1346 - Identification And Authentication (Non-Organizational
+ Users)","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1346"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/464dc8ce-2200-4720-87a5-dc5952924cc6","type":"Microsoft.Authorization/policyDefinitions","name":"464dc8ce-2200-4720-87a5-dc5952924cc6"},{"properties":{"displayName":"[Deprecated]:
Audit Web Applications that are not using latest supported Python Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported Python version for the latest security classes. Using
older classes and types can make your application vulnerable.","metadata":{"category":"Security
@@ -807,7 +1652,14 @@ interactions:
automatic OS image patching on Virtual Machine Scale Sets","policyType":"BuiltIn","mode":"All","description":"This
policy enforces enabling automatic OS image patching on Virtual Machine Scale
Sets to always keep Virtual Machines secure by safely applying latest security
- patches every month.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgradePolicy.enableAutomaticOSUpgrade","notEquals":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade","notEquals":"True"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"465f0161-0087-490a-9ad9-ad6217f4f43a"},{"properties":{"displayName":"Automatic
+ patches every month.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgradePolicy.enableAutomaticOSUpgrade","notEquals":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade","notEquals":"True"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"465f0161-0087-490a-9ad9-ad6217f4f43a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1368 - Incident Handling | Correlation With External Organizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1368"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/465f32da-0ace-4603-8d1b-7be5a3a702de","type":"Microsoft.Authorization/policyDefinitions","name":"465f32da-0ace-4603-8d1b-7be5a3a702de"},{"properties":{"displayName":"Microsoft
+ Managed Control 1062 - Remote Access | Protection Of Confidentiality / Integrity
+ Using Encryption","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1062"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4708723f-e099-4af1-bbf9-b6df7642e444","type":"Microsoft.Authorization/policyDefinitions","name":"4708723f-e099-4af1-bbf9-b6df7642e444"},{"properties":{"displayName":"Automatic
provisioning of the Log Analytics monitoring agent should be enabled on your
subscription","policyType":"BuiltIn","mode":"All","description":"Enable automatic
provisioning of the Log Analytics monitoring agent in order to collect security
@@ -816,12 +1668,51 @@ interactions:
Application Controls should be enabled on virtual machines","policyType":"BuiltIn","mode":"All","description":"Possible
Application Whitelist configuration will be monitored by Azure Security Center","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"applicationWhitelisting","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","type":"Microsoft.Authorization/policyDefinitions","name":"47a6b606-51aa-4496-8bb7-64b11cf66adc"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"applicationWhitelisting","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","type":"Microsoft.Authorization/policyDefinitions","name":"47a6b606-51aa-4496-8bb7-64b11cf66adc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1359 - Incident Response Testing | Coordination With Related
+ Plans","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Incident Response control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1359"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/47bc7ea0-7d13-4f7c-a154-b903f7194253","type":"Microsoft.Authorization/policyDefinitions","name":"47bc7ea0-7d13-4f7c-a154-b903f7194253"},{"properties":{"displayName":"Microsoft
+ Managed Control 1165 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1165"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/47e10916-6c9e-446b-b0bd-ff5fd439d79d","type":"Microsoft.Authorization/policyDefinitions","name":"47e10916-6c9e-446b-b0bd-ff5fd439d79d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1048 - System Use Notification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1048"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/483e7ca9-82b3-45a2-be97-b93163a0deb7","type":"Microsoft.Authorization/policyDefinitions","name":"483e7ca9-82b3-45a2-be97-b93163a0deb7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1033 - Separation Of Duties","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1033"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48540f01-fc11-411a-b160-42807c68896e","type":"Microsoft.Authorization/policyDefinitions","name":"48540f01-fc11-411a-b160-42807c68896e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1477 - Fire Protection | Detection Devices / Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1477"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4862a63c-6c74-4a9d-a221-89af3c374503","type":"Microsoft.Authorization/policyDefinitions","name":"4862a63c-6c74-4a9d-a221-89af3c374503"},{"properties":{"displayName":"Microsoft
+ Managed Control 1484 - Water Damage Protection | Automation Support","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1484"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/486b006a-3653-45e8-b41c-a052d3e05456","type":"Microsoft.Authorization/policyDefinitions","name":"486b006a-3653-45e8-b41c-a052d3e05456"},{"properties":{"displayName":"[Deprecated]:
Audit IP restrictions configuration for an API App","policyType":"BuiltIn","mode":"All","description":"IP
Restrictions allow you to define a list of IP addresses that are allowed to
access your app. Use of IP Restrictions protects an API app from common attacks.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53","type":"Microsoft.Authorization/policyDefinitions","name":"48893b84-a2c8-4d9a-badf-835d5d1b7d53"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53","type":"Microsoft.Authorization/policyDefinitions","name":"48893b84-a2c8-4d9a-badf-835d5d1b7d53"},{"properties":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for PostgreSQL","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure Database for PostgreSQL with geo-redundant backup
+ not enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},{"field":"Microsoft.DBforPostgreSQL/servers/storageProfile.geoRedundantBackup","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","type":"Microsoft.Authorization/policyDefinitions","name":"48af4db5-9b8b-401c-8e74-076be876a430"},{"properties":{"displayName":"Microsoft
+ Managed Control 1669 - Flaw Remediation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1669"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48f2f62b-5743-4415-a143-288adc0e078d","type":"Microsoft.Authorization/policyDefinitions","name":"48f2f62b-5743-4415-a143-288adc0e078d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1376 - Incident Response Assistance | Coordination With External
+ Providers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1376"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/493a95f3-f2e3-47d0-af02-65e6d6decc2f","type":"Microsoft.Authorization/policyDefinitions","name":"493a95f3-f2e3-47d0-af02-65e6d6decc2f"},{"properties":{"displayName":"Ensure
+ that ''Java version'' is the latest, if used as a part of the Web app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Java software either due to security flaws
+ or to include additional functionality. Using the latest Java version for
+ web apps is recommended in order to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ Java version","description":"Latest supported Java version for App Services"},"defaultValue":"11"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"JAVA"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","like":"[concat(''*'',
+ parameters(''JavaLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.javaVersion","like":"[concat(parameters(''JavaLatestVersion''),
+ ''*'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","type":"Microsoft.Authorization/policyDefinitions","name":"496223c3-ad65-4ecd-878a-bae78737e9ed"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Audit''","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Windows virtual machines
@@ -837,15 +1728,52 @@ interactions:
''='', parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsAudit"},"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"value":"[parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit:
Shut down system immediately if unable to log security audits;ExpectedValue","value":"[parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/498b810c-59cd-4222-9338-352ba146ccf3","type":"Microsoft.Authorization/policyDefinitions","name":"498b810c-59cd-4222-9338-352ba146ccf3"},{"properties":{"displayName":"Append
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/498b810c-59cd-4222-9338-352ba146ccf3","type":"Microsoft.Authorization/policyDefinitions","name":"498b810c-59cd-4222-9338-352ba146ccf3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1329 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1329"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/498f6234-3e20-4b6a-a880-cbd646d973bd","type":"Microsoft.Authorization/policyDefinitions","name":"498f6234-3e20-4b6a-a880-cbd646d973bd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1638 - Boundary Protection | Dynamic Isolation / Segregation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1638"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49b99653-32cd-405d-a135-e7d60a9aae1f","type":"Microsoft.Authorization/policyDefinitions","name":"49b99653-32cd-405d-a135-e7d60a9aae1f"},{"properties":{"displayName":"Append
tag and its default value to resource groups","policyType":"BuiltIn","mode":"All","description":"Appends
the specified tag and value when any resource group which is missing this
tag is created or updated. Does not modify the tags of resource groups created
- before this policy was applied until those resource groups are changed.","metadata":{"category":"General"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ before this policy was applied until those resource groups are changed. New
+ ''modify'' effect policies are available that support remediation of tags
+ on existing resources (see https://aka.ms/modifydoc).","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
- Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","exists":"false"},{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"}]},"then":{"effect":"append","details":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71","type":"Microsoft.Authorization/policyDefinitions","name":"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71"},{"properties":{"displayName":"Deploy
+ Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"append","details":[{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71","type":"Microsoft.Authorization/policyDefinitions","name":"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71"},{"properties":{"displayName":"Microsoft
+ Managed Control 1294 - Information System Backup | Transfer To Alternate Storage
+ Site","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1294"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49dbe627-2c1e-438c-979e-dd7a39bbf81d","type":"Microsoft.Authorization/policyDefinitions","name":"49dbe627-2c1e-438c-979e-dd7a39bbf81d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1218 - Least Functionality | Prevent Program Execution","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1218"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4a1d0394-b9f5-493e-9e83-563fd0ac4df8","type":"Microsoft.Authorization/policyDefinitions","name":"4a1d0394-b9f5-493e-9e83-563fd0ac4df8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1677 - Malicious Code Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1677"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4a248e1e-040f-43e5-bff2-afc3a57a3923","type":"Microsoft.Authorization/policyDefinitions","name":"4a248e1e-040f-43e5-bff2-afc3a57a3923"},{"properties":{"displayName":"Microsoft
+ Managed Control 1094 - Role-Based Security Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1094"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4b1853e0-8973-446b-b567-09d901d31a09","type":"Microsoft.Authorization/policyDefinitions","name":"4b1853e0-8973-446b-b567-09d901d31a09"},{"properties":{"displayName":"Microsoft
+ Managed Control 1114 - Response To Audit Processing Failures | Real-Time Alerts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1114"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4c090801-59bc-4454-bb33-e0455133486a","type":"Microsoft.Authorization/policyDefinitions","name":"4c090801-59bc-4454-bb33-e0455133486a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1364 - Incident Handling | Dynamic Reconfiguration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1364"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4c615c2a-dc83-4dda-8220-abce7b50c9bc","type":"Microsoft.Authorization/policyDefinitions","name":"4c615c2a-dc83-4dda-8220-abce7b50c9bc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1661 - Session Authenticity | Invalidate Session Identifiers
+ At Logout","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1661"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4c643c9a-1be7-4016-a5e7-e4bada052920","type":"Microsoft.Authorization/policyDefinitions","name":"4c643c9a-1be7-4016-a5e7-e4bada052920"},{"properties":{"displayName":"Microsoft
+ Managed Control 1373 - Incident Reporting | Automated Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1373"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4cca950f-c3b7-492a-8e8f-ea39663c14f9","type":"Microsoft.Authorization/policyDefinitions","name":"4cca950f-c3b7-492a-8e8f-ea39663c14f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1632 - Boundary Protection | Prevent Split Tunneling For Remote
+ Devices","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1632"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4ce9073a-77fa-48f0-96b1-87aa8e6091c2","type":"Microsoft.Authorization/policyDefinitions","name":"4ce9073a-77fa-48f0-96b1-87aa8e6091c2"},{"properties":{"displayName":"Deploy
prerequisites to audit Linux VMs that do not have the specified applications
installed","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Linux virtual machines that
@@ -857,66 +1785,277 @@ interactions:
names","description":"A semicolon-separated list of the names of the applications
that should be installed. e.g. ''python; powershell''"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"installed_application_linux","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent'',
''='', concat(''packages: ['', replace(parameters(''ApplicationName''), '';'',
- '',''), '']'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"installed_application_linux"},"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ApplicationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ '',''), '']'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"installed_application_linux"},"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ApplicationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent","value":"[concat(''packages:
- ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent","value":"[concat(''packages:
- ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721","type":"Microsoft.Authorization/policyDefinitions","name":"4d1c04de-2172-403f-901b-90608c35c721"},{"properties":{"displayName":"[Preview]:
+ ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721","type":"Microsoft.Authorization/policyDefinitions","name":"4d1c04de-2172-403f-901b-90608c35c721"},{"properties":{"displayName":"FTPS
+ should be required in your Web App","policyType":"BuiltIn","mode":"Indexed","description":"Enable
+ FTPS enforcement for enhanced security","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/ftpsState","equals":"FtpsOnly"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","type":"Microsoft.Authorization/policyDefinitions","name":"4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1155 - System Interconnections | Restrictions On External
+ System Connections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1155"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d33f9f1-12d0-46ad-9fbd-8f8046694977","type":"Microsoft.Authorization/policyDefinitions","name":"4d33f9f1-12d0-46ad-9fbd-8f8046694977"},{"properties":{"displayName":"Microsoft
+ Managed Control 1156 - Plan Of Action And Milestones","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1156"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d52e864-9a3b-41ee-8f03-520815fe5378","type":"Microsoft.Authorization/policyDefinitions","name":"4d52e864-9a3b-41ee-8f03-520815fe5378"},{"properties":{"displayName":"Microsoft
+ Managed Control 1312 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1312"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d6a5968-9eef-4c18-8534-376790ab7274","type":"Microsoft.Authorization/policyDefinitions","name":"4d6a5968-9eef-4c18-8534-376790ab7274"},{"properties":{"displayName":"[Preview]:
Deploy Dependency Agent for Linux VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined
and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''),
''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee","type":"Microsoft.Authorization/policyDefinitions","name":"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee"},{"properties":{"displayName":"A
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee","type":"Microsoft.Authorization/policyDefinitions","name":"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Data Lake Analytics to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Analytics to stream to a regional Event
+ Hub when any Data Lake Analytics which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeAnalytics/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeAnalytics/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4daddf25-4823-43d4-88eb-2419eb6dcc08","type":"Microsoft.Authorization/policyDefinitions","name":"4daddf25-4823-43d4-88eb-2419eb6dcc08"},{"properties":{"displayName":"Microsoft
+ Managed Control 1394 - System Maintenance Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1394"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4db56f68-3f50-45ab-88f3-ca46f5379a94","type":"Microsoft.Authorization/policyDefinitions","name":"4db56f68-3f50-45ab-88f3-ca46f5379a94"},{"properties":{"displayName":"Microsoft
+ Managed Control 1702 - Information System Monitoring | Indicators Of Compromise","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1702"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4dfc0855-92c4-4641-b155-a55ddd962362","type":"Microsoft.Authorization/policyDefinitions","name":"4dfc0855-92c4-4641-b155-a55ddd962362"},{"properties":{"displayName":"Microsoft
+ Managed Control 1001 - Access Control Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1001"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e26f8c3-4bf3-4191-b8fc-d888805101b7","type":"Microsoft.Authorization/policyDefinitions","name":"4e26f8c3-4bf3-4191-b8fc-d888805101b7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1083 - Publicly Accessible Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1083"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e319cb6-2ca3-4a58-ad75-e67f484e50ec","type":"Microsoft.Authorization/policyDefinitions","name":"4e319cb6-2ca3-4a58-ad75-e67f484e50ec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1579 - Acquisition Process | Use Of Approved Piv Products","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1579"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e54c7ef-7457-430b-9a3e-ef8881d4a8e0","type":"Microsoft.Authorization/policyDefinitions","name":"4e54c7ef-7457-430b-9a3e-ef8881d4a8e0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1247 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1247"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e666db5-b2ef-4b06-aac6-09bfce49151b","type":"Microsoft.Authorization/policyDefinitions","name":"4e666db5-b2ef-4b06-aac6-09bfce49151b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1196 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1196"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e7f4ea4-dd62-44f6-8886-ac6137cf52b0","type":"Microsoft.Authorization/policyDefinitions","name":"4e7f4ea4-dd62-44f6-8886-ac6137cf52b0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1134 - Protection Of Audit Information | Access By Subset
+ Of Privileged Users","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1134"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e95f70e-181c-4422-9da2-43079710c789","type":"Microsoft.Authorization/policyDefinitions","name":"4e95f70e-181c-4422-9da2-43079710c789"},{"properties":{"displayName":"Microsoft
+ Managed Control 1267 - Alternate Storage Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1267"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4e97ba1d-be5d-4953-8da4-0cccf28f4805","type":"Microsoft.Authorization/policyDefinitions","name":"4e97ba1d-be5d-4953-8da4-0cccf28f4805"},{"properties":{"displayName":"Microsoft
+ Managed Control 1192 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1192"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4ebd97f7-b105-4f50-8daf-c51465991240","type":"Microsoft.Authorization/policyDefinitions","name":"4ebd97f7-b105-4f50-8daf-c51465991240"},{"properties":{"displayName":"Microsoft
+ Managed Control 1139 - Audit Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1139"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4ed62522-de00-4dda-9810-5205733d2f34","type":"Microsoft.Authorization/policyDefinitions","name":"4ed62522-de00-4dda-9810-5205733d2f34"},{"properties":{"displayName":"A
maximum of 3 owners should be designated for your subscription","policyType":"BuiltIn","mode":"All","description":"It
is recommended to designate up to 3 subscription owners in order to reduce
the potential for breach by a compromised owner.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateLessThanXOwners","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","type":"Microsoft.Authorization/policyDefinitions","name":"4f11b553-d42e-4e3a-89be-32ca364cad4c"},{"properties":{"displayName":"A
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateLessThanXOwners","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","type":"Microsoft.Authorization/policyDefinitions","name":"4f11b553-d42e-4e3a-89be-32ca364cad4c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1442 - Media Sanitization | Nondestructive Techniques","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1442"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f26049b-2c5a-4841-9ff3-d48a26aae475","type":"Microsoft.Authorization/policyDefinitions","name":"4f26049b-2c5a-4841-9ff3-d48a26aae475"},{"properties":{"displayName":"Microsoft
+ Managed Control 1182 - Baseline Configuration | Configure Systems, Components,
+ Or Devices For High-Risk Areas","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1182"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f34f554-da4b-4786-8d66-7915c90893da","type":"Microsoft.Authorization/policyDefinitions","name":"4f34f554-da4b-4786-8d66-7915c90893da"},{"properties":{"displayName":"A
security contact email address should be provided for your subscription","policyType":"BuiltIn","mode":"All","description":"Enter
an email address to receive notifications when Azure Security Center detects
compromised resources","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/email","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","type":"Microsoft.Authorization/policyDefinitions","name":"4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7"},{"properties":{"displayName":"[Preview]
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/email","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","type":"Microsoft.Authorization/policyDefinitions","name":"4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7"},{"properties":{"displayName":"Add
+ a tag to resources","policyType":"BuiltIn","mode":"Indexed","description":"Adds
+ the specified tag and value when any resource missing this tag is created
+ or updated. Existing resources can be remediated by triggering a remediation
+ task. If the tag exists with a different value it will not be changed. Does
+ not modify tags on resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
+ Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","exists":"false"},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"add","field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f9dc7db-30c1-420c-b61a-e1d640128d26","type":"Microsoft.Authorization/policyDefinitions","name":"4f9dc7db-30c1-420c-b61a-e1d640128d26"},{"properties":{"displayName":"[Preview]
Vulnerability Assessment should be enabled on Virtual Machines","policyType":"BuiltIn","mode":"All","description":"Monitors
vulnerabilities detected by Azure Security Center Vulnerability Assessment
on Virtual Machines","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"serverVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["NotApplicable","OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","type":"Microsoft.Authorization/policyDefinitions","name":"501541f7-f7e7-4cd6-868c-4190fdad3ac9"},{"properties":{"displayName":"Connection
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"serverVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["NotApplicable","OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","type":"Microsoft.Authorization/policyDefinitions","name":"501541f7-f7e7-4cd6-868c-4190fdad3ac9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1485 - Delivery And Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1485"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50301354-95d0-4a11-8af5-8039ecf6d38b","type":"Microsoft.Authorization/policyDefinitions","name":"50301354-95d0-4a11-8af5-8039ecf6d38b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1646 - Cryptographic Key Establishment And Management | Asymmetric
+ Keys","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1646"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/506814fa-b930-4b10-894e-a45b98c40e1a","type":"Microsoft.Authorization/policyDefinitions","name":"506814fa-b930-4b10-894e-a45b98c40e1a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1566 - System Development Life Cycle","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1566"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50ad3724-e2ac-4716-afcc-d8eabd97adb9","type":"Microsoft.Authorization/policyDefinitions","name":"50ad3724-e2ac-4716-afcc-d8eabd97adb9"},{"properties":{"displayName":"A
+ custom IPsec/IKE policy must be applied to all Azure virtual network gateway
+ connections","policyType":"BuiltIn","mode":"All","description":"This policy
+ ensures that all Azure virtual network gateway connections use a custom Internet
+ Protocol Security(Ipsec)/Internet Key Exchange(IKE) policy. Supported algorithms
+ and key strengths - https://aka.ms/AA62kb0","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"IPsecEncryption":{"type":"Array","metadata":{"displayName":"IPsec
+ Encryption","description":"IPsec Encryption"}},"IPsecIntegrity":{"type":"Array","metadata":{"displayName":"IPsec
+ Integrity","description":"IPsec Integrity"}},"IKEEncryption":{"type":"Array","metadata":{"displayName":"IKE
+ Encryption","description":"IKE Encryption"}},"IKEIntegrity":{"type":"Array","metadata":{"displayName":"IKE
+ Integrity","description":"IKE Integrity"}},"DHGroup":{"type":"Array","metadata":{"displayName":"DH
+ Group","description":"DH Group"}},"PFSGroup":{"type":"Array","metadata":{"displayName":"PFS
+ Group","description":"PFS Group"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/connections"},{"anyOf":[{"field":"Microsoft.Network/connections/ipsecPolicies[*].ipsecEncryption","notIn":"[parameters(''IPsecEncryption'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ipsecIntegrity","notIn":"[parameters(''IPsecIntegrity'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ikeEncryption","notIn":"[parameters(''IKEEncryption'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ikeIntegrity","notIn":"[parameters(''IKEIntegrity'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].dhGroup","notIn":"[parameters(''DHGroup'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].pfsGroup","notIn":"[parameters(''PFSGroup'')]"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50b83b09-03da-41c1-b656-c293c914862b","type":"Microsoft.Authorization/policyDefinitions","name":"50b83b09-03da-41c1-b656-c293c914862b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1248 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1248"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50fc602d-d8e0-444b-a039-ad138ee5deb0","type":"Microsoft.Authorization/policyDefinitions","name":"50fc602d-d8e0-444b-a039-ad138ee5deb0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1386 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1386"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5120193e-91fd-4f9d-bc6d-194f94734065","type":"Microsoft.Authorization/policyDefinitions","name":"5120193e-91fd-4f9d-bc6d-194f94734065"},{"properties":{"displayName":"Microsoft
+ Managed Control 1352 - Incident Response Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1352"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/518cb545-bfa8-43f8-a108-3b7d5037469a","type":"Microsoft.Authorization/policyDefinitions","name":"518cb545-bfa8-43f8-a108-3b7d5037469a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1642 - Network Disconnect","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1642"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/53397227-5ee3-4b23-9e5e-c8a767ce6928","type":"Microsoft.Authorization/policyDefinitions","name":"53397227-5ee3-4b23-9e5e-c8a767ce6928"},{"properties":{"displayName":"Connection
throttling should be enabled for PostgreSQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy helps audit any PostgreSQL databases in your environment without Connection
throttling enabled. This setting enables temporary connection throttling per
IP for too many invalid password login failures.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"connection_throttling","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd","type":"Microsoft.Authorization/policyDefinitions","name":"5345bb39-67dc-4960-a1bf-427e16b9a0bd"},{"properties":{"displayName":"CORS
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"connection_throttling","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd","type":"Microsoft.Authorization/policyDefinitions","name":"5345bb39-67dc-4960-a1bf-427e16b9a0bd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1467 - Visitor Access Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1467"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5350cbf9-8bdd-4904-b22a-e88be84ca49d","type":"Microsoft.Authorization/policyDefinitions","name":"5350cbf9-8bdd-4904-b22a-e88be84ca49d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1183 - Baseline Configuration | Configure Systems, Components,
+ Or Devices For High-Risk Areas","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1183"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5352e3e0-e63a-452e-9e5f-9c1d181cff9c","type":"Microsoft.Authorization/policyDefinitions","name":"5352e3e0-e63a-452e-9e5f-9c1d181cff9c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1029 - Information Flow Enforcement | Security Policy Filters","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1029"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69","type":"Microsoft.Authorization/policyDefinitions","name":"53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69"},{"properties":{"displayName":"Microsoft
+ Managed Control 1270 - Alternate Storage Site | Recovery Time / Point Objectives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1270"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/53c76a39-2097-408a-b237-b279f7b4614d","type":"Microsoft.Authorization/policyDefinitions","name":"53c76a39-2097-408a-b237-b279f7b4614d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1040 - Least Privilege | Review Of User Privileges","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1040"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/54205576-cec9-463f-ba44-b4b3f5d0a84c","type":"Microsoft.Authorization/policyDefinitions","name":"54205576-cec9-463f-ba44-b4b3f5d0a84c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1015 - Account Management | Disable Inactive Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1015"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/544a208a-9c3f-40bc-b1d1-d7e144495c14","type":"Microsoft.Authorization/policyDefinitions","name":"544a208a-9c3f-40bc-b1d1-d7e144495c14"},{"properties":{"displayName":"Microsoft
+ Managed Control 1026 - Account Management | Disable Accounts For High-Risk
+ Individuals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1026"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/55419419-c597-4cd4-b51e-009fd2266783","type":"Microsoft.Authorization/policyDefinitions","name":"55419419-c597-4cd4-b51e-009fd2266783"},{"properties":{"displayName":"Microsoft
+ Managed Control 1045 - Unsuccessful Logon Attempts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1045"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/554d2dd6-f3a8-4ad5-b66f-5ce23bd18892","type":"Microsoft.Authorization/policyDefinitions","name":"554d2dd6-f3a8-4ad5-b66f-5ce23bd18892"},{"properties":{"displayName":"Microsoft
+ Managed Control 1523 - Personnel Transfer","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1523"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5577a310-2551-49c8-803b-36e0d5e55601","type":"Microsoft.Authorization/policyDefinitions","name":"5577a310-2551-49c8-803b-36e0d5e55601"},{"properties":{"displayName":"Microsoft
+ Managed Control 1113 - Response To Audit Processing Failures | Audit Storage
+ Capacity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1113"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/562afd61-56be-4313-8fe4-b9564aa4ba7d","type":"Microsoft.Authorization/policyDefinitions","name":"562afd61-56be-4313-8fe4-b9564aa4ba7d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1212 - Configuration Settings | Automated Central Management
+ / Application / Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1212"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/56d970ee-4efc-49c8-8a4e-5916940d784c","type":"Microsoft.Authorization/policyDefinitions","name":"56d970ee-4efc-49c8-8a4e-5916940d784c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1403 - Controlled Maintenance | Automated Maintenance Activities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1403"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/57149289-d52b-4f40-9fe6-5233c1ef80f7","type":"Microsoft.Authorization/policyDefinitions","name":"57149289-d52b-4f40-9fe6-5233c1ef80f7"},{"properties":{"displayName":"CORS
should not allow every resource to access your Web Applications","policyType":"BuiltIn","mode":"Indexed","description":"Cross-Origin
Resource Sharing (CORS) should not allow all domains to access your web application.
Allow only required domains to interact with your web app.","metadata":{"category":"App
Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","type":"Microsoft.Authorization/policyDefinitions","name":"5744710e-cc2f-4ee8-8809-3b11e89f4bc9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","type":"Microsoft.Authorization/policyDefinitions","name":"5744710e-cc2f-4ee8-8809-3b11e89f4bc9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1162 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1162"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592","type":"Microsoft.Authorization/policyDefinitions","name":"5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592"},{"properties":{"displayName":"Microsoft
+ Managed Control 1054 - Session Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1054"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5807e1b4-ba5e-4718-8689-a0ca05a191b2","type":"Microsoft.Authorization/policyDefinitions","name":"5807e1b4-ba5e-4718-8689-a0ca05a191b2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1584 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1584"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5864522b-ff1d-4979-a9f8-58bee1fb174c","type":"Microsoft.Authorization/policyDefinitions","name":"5864522b-ff1d-4979-a9f8-58bee1fb174c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1547 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1547"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52","type":"Microsoft.Authorization/policyDefinitions","name":"58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52"},{"properties":{"displayName":"Microsoft
+ Managed Control 1573 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1573"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/58c93053-7b98-4cf0-b99f-1beb985416c2","type":"Microsoft.Authorization/policyDefinitions","name":"58c93053-7b98-4cf0-b99f-1beb985416c2"},{"properties":{"displayName":"[Deprecated]:
+ Ensure Function app is using the latest version of TLS encryption","policyType":"BuiltIn","mode":"Indexed","description":"Please
+ use /providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193
+ instead. The TLS(Transport Layer Security) protocol secures transmission of
+ data over the internet using standard encryption technology. Encryption should
+ be set with the latest version of TLS. App service allows TLS 1.2 by default,
+ which is the recommended TLS level by industry standards, such as PCI DSS","metadata":{"category":"App
+ Service","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/58d94fc1-a072-47c2-bd37-9cdb38e77453","type":"Microsoft.Authorization/policyDefinitions","name":"58d94fc1-a072-47c2-bd37-9cdb38e77453"},{"properties":{"displayName":"Microsoft
+ Managed Control 1063 - Remote Access | Managed Access Control Points","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1063"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/593ce201-54b2-4dd0-b34f-c308005d7780","type":"Microsoft.Authorization/policyDefinitions","name":"593ce201-54b2-4dd0-b34f-c308005d7780"},{"properties":{"displayName":"Microsoft
+ Managed Control 1463 - Monitoring Physical Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1463"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/59721f87-ae25-4db0-a2a4-77cc5b25d495","type":"Microsoft.Authorization/policyDefinitions","name":"59721f87-ae25-4db0-a2a4-77cc5b25d495"},{"properties":{"displayName":"Microsoft
+ Managed Control 1425 - Timely Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1425"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5983d99c-f39b-4c32-a3dc-170f19f6941b","type":"Microsoft.Authorization/policyDefinitions","name":"5983d99c-f39b-4c32-a3dc-170f19f6941b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1512 - Personnel Screening","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1512"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5a8324ad-f599-429b-aaed-f9c6e8c987a8","type":"Microsoft.Authorization/policyDefinitions","name":"5a8324ad-f599-429b-aaed-f9c6e8c987a8"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that do not have a minimum password age
of 1 day","policyType":"BuiltIn","mode":"All","description":"This policy should
only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that do not have a minimum password age of 1 day. For more
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","type":"Microsoft.Authorization/policyDefinitions","name":"5aa11bbc-5c76-4302-80e5-aba46a4282e7"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","type":"Microsoft.Authorization/policyDefinitions","name":"5aa11bbc-5c76-4302-80e5-aba46a4282e7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1032 - Separation Of Duties","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1032"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aa85661-d618-46b8-a20f-ca40a86f0751","type":"Microsoft.Authorization/policyDefinitions","name":"5aa85661-d618-46b8-a20f-ca40a86f0751"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that do not restrict the minimum password
length to 14 characters","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that do not restrict the minimum password
length to 14 characters. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","type":"Microsoft.Authorization/policyDefinitions","name":"5aebc8d1-020d-4037-89a0-02043a7524ec"},{"properties":{"displayName":"Show
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","type":"Microsoft.Authorization/policyDefinitions","name":"5aebc8d1-020d-4037-89a0-02043a7524ec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1555 - Vulnerability Scanning | Privileged Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1555"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5afa8cab-1ed7-4e40-884c-64e0ac2059cc","type":"Microsoft.Authorization/policyDefinitions","name":"5afa8cab-1ed7-4e40-884c-64e0ac2059cc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1205 - Access Restrictions For Change | Signed Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1205"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b070cab-0fb8-4e48-ad29-fc90b4c2797c","type":"Microsoft.Authorization/policyDefinitions","name":"5b070cab-0fb8-4e48-ad29-fc90b4c2797c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1005 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1005"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b626abc-26d4-4e22-9de8-3831818526b1","type":"Microsoft.Authorization/policyDefinitions","name":"5b626abc-26d4-4e22-9de8-3831818526b1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1105 - Audit Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1105"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b73f57b-587d-4470-a344-0b0ae805f459","type":"Microsoft.Authorization/policyDefinitions","name":"5b73f57b-587d-4470-a344-0b0ae805f459"},{"properties":{"displayName":"Show
audit results from Linux VMs that have the specified applications installed","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Linux virtual machines that have the specified applications installed.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"not_installed_application_linux","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8","type":"Microsoft.Authorization/policyDefinitions","name":"5b842acb-0fe7-41b0-9f40-880ec4ad84d8"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"not_installed_application_linux","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8","type":"Microsoft.Authorization/policyDefinitions","name":"5b842acb-0fe7-41b0-9f40-880ec4ad84d8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1433 - Media Transport","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1433"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b879b41-2728-41c5-ad24-9ee2c37cbe65","type":"Microsoft.Authorization/policyDefinitions","name":"5b879b41-2728-41c5-ad24-9ee2c37cbe65"},{"properties":{"displayName":"Ensure
+ WEB app has ''Client Certificates (Incoming client certificates)'' set to
+ ''On''","policyType":"BuiltIn","mode":"Indexed","description":"Client certificates
+ allow for the app to request a certificate for incoming requests. Only clients
+ that have a valid certificate will be able to reach the app.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"},{"field":"Microsoft.Web/sites/clientCertEnabled","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","type":"Microsoft.Authorization/policyDefinitions","name":"5bb220d9-2698-4ee4-8404-b9c30c9df609"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs on which the remote host connection
status does not match the specified one","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -937,14 +2076,17 @@ interactions:
so the machine will be non-compliant if it can establish a connection."},"allowedValues":["True","False"],"defaultValue":"False"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsRemoteConnection","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[WindowsRemoteConnection]WindowsRemoteConnection1;host'',
''='', parameters(''host''), '','', ''[WindowsRemoteConnection]WindowsRemoteConnection1;port'',
''='', parameters(''port''), '','', ''[WindowsRemoteConnection]WindowsRemoteConnection1;shouldConnect'',
- ''='', parameters(''shouldConnect'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsRemoteConnection"},"host":{"value":"[parameters(''host'')]"},"port":{"value":"[parameters(''port'')]"},"shouldConnect":{"value":"[parameters(''shouldConnect'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"host":{"type":"string"},"port":{"type":"string"},"shouldConnect":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;host","value":"[parameters(''host'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;port","value":"[parameters(''port'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;shouldConnect","value":"[parameters(''shouldConnect'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;host","value":"[parameters(''host'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;port","value":"[parameters(''port'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;shouldConnect","value":"[parameters(''shouldConnect'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5bb36dda-8a78-4df9-affd-4f05a8612a8a","type":"Microsoft.Authorization/policyDefinitions","name":"5bb36dda-8a78-4df9-affd-4f05a8612a8a"},{"properties":{"displayName":"[Preview]:
+ ''='', parameters(''shouldConnect'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsRemoteConnection"},"host":{"value":"[parameters(''host'')]"},"port":{"value":"[parameters(''port'')]"},"shouldConnect":{"value":"[parameters(''shouldConnect'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"host":{"type":"string"},"port":{"type":"string"},"shouldConnect":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;host","value":"[parameters(''host'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;port","value":"[parameters(''port'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;shouldConnect","value":"[parameters(''shouldConnect'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;host","value":"[parameters(''host'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;port","value":"[parameters(''port'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;shouldConnect","value":"[parameters(''shouldConnect'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5bb36dda-8a78-4df9-affd-4f05a8612a8a","type":"Microsoft.Authorization/policyDefinitions","name":"5bb36dda-8a78-4df9-affd-4f05a8612a8a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1551 - Vulnerability Scanning | Update Tool Capability","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1551"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5bbda922-0172-4095-89e6-5b4a0bf03af7","type":"Microsoft.Authorization/policyDefinitions","name":"5bbda922-0172-4095-89e6-5b4a0bf03af7"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Network Security''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -960,16 +2102,38 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","type":"Microsoft.Authorization/policyDefinitions","name":"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138"},{"properties":{"displayName":"External
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","type":"Microsoft.Authorization/policyDefinitions","name":"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138"},{"properties":{"displayName":"Microsoft
+ Managed Control 1671 - Flaw Remediation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1671"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c5bbef7-a316-415b-9b38-29753ce8e698","type":"Microsoft.Authorization/policyDefinitions","name":"5c5bbef7-a316-415b-9b38-29753ce8e698"},{"properties":{"displayName":"Microsoft
+ Managed Control 1067 - Wireless Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1067"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c5e54f6-0127-44d0-8b61-f31dc8dd6190","type":"Microsoft.Authorization/policyDefinitions","name":"5c5e54f6-0127-44d0-8b61-f31dc8dd6190"},{"properties":{"displayName":"External
accounts with write permissions should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"External
accounts with write privileges should be removed from your subscription in
order to prevent unmonitored access.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","type":"Microsoft.Authorization/policyDefinitions","name":"5c607a2e-c700-4744-8254-d77e7c9eb5e4"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","type":"Microsoft.Authorization/policyDefinitions","name":"5c607a2e-c700-4744-8254-d77e7c9eb5e4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1483 - Water Damage Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1483"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5cb81060-3c8a-4968-bcdc-395a1801f6c1","type":"Microsoft.Authorization/policyDefinitions","name":"5cb81060-3c8a-4968-bcdc-395a1801f6c1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1362 - Incident Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1362"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5d169442-d6ef-439b-8dca-46c2c3248214","type":"Microsoft.Authorization/policyDefinitions","name":"5d169442-d6ef-439b-8dca-46c2c3248214"},{"properties":{"displayName":"Microsoft
+ Managed Control 1014 - Account Management | Removal Of Temporary / Emergency
+ Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1014"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5dee936c-8037-4df1-ab35-6635733da48c","type":"Microsoft.Authorization/policyDefinitions","name":"5dee936c-8037-4df1-ab35-6635733da48c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1665 - Process Isolation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1665"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5df3a55c-8456-44d4-941e-175f79332512","type":"Microsoft.Authorization/policyDefinitions","name":"5df3a55c-8456-44d4-941e-175f79332512"},{"properties":{"displayName":"[Deprecated]:
Function App should only be accessible over HTTPS","policyType":"BuiltIn","mode":"All","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"Security
Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForFunctionApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55","type":"Microsoft.Authorization/policyDefinitions","name":"5df82f4f-773a-4a2d-97a2-422a806f1a55"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForFunctionApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55","type":"Microsoft.Authorization/policyDefinitions","name":"5df82f4f-773a-4a2d-97a2-422a806f1a55"},{"properties":{"displayName":"Microsoft
+ Managed Control 1251 - Contingency Plan | Coordinate With Related Plans","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1251"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e2b3730-8c14-4081-8893-19dbb5de7348","type":"Microsoft.Authorization/policyDefinitions","name":"5e2b3730-8c14-4081-8893-19dbb5de7348"},{"properties":{"displayName":"[Deprecated]:
Audit Web Applications that are not using latest supported .NET Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported .NET Framework version for the latest security classes.
Using older classes and types can make your application vulnerable.","metadata":{"category":"Security
@@ -981,8 +2145,14 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that do not have the specified applications installed. For
more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WhitelistedApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9","type":"Microsoft.Authorization/policyDefinitions","name":"5e393799-e3ca-4e43-a9a5-0ec4648a57d9"},{"properties":{"displayName":"Allow
- resource creation only in India data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WhitelistedApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9","type":"Microsoft.Authorization/policyDefinitions","name":"5e393799-e3ca-4e43-a9a5-0ec4648a57d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1116 - Audit Review, Analysis, And Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1116"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e47bc51-35d1-44b8-92af-e2f2d8b67635","type":"Microsoft.Authorization/policyDefinitions","name":"5e47bc51-35d1-44b8-92af-e2f2d8b67635"},{"properties":{"displayName":"Microsoft
+ Managed Control 1208 - Configuration Settings","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1208"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ea87673-d06b-456f-a324-8abcee5c159f","type":"Microsoft.Authorization/policyDefinitions","name":"5ea87673-d06b-456f-a324-8abcee5c159f"},{"properties":{"displayName":"[Deprecated]:
+ Allow resource creation only in India data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation in the following locations only: West India, South India,
Central India","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["westindia","southindia","centralindia"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54","type":"Microsoft.Authorization/policyDefinitions","name":"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54"},{"properties":{"displayName":"[Preview]:
Deploy Log Analytics Agent for Linux VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
@@ -999,11 +2169,26 @@ interactions:
''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachineScaleSets/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069","type":"Microsoft.Authorization/policyDefinitions","name":"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069"},{"properties":{"displayName":"External
+ extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069","type":"Microsoft.Authorization/policyDefinitions","name":"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069"},{"properties":{"displayName":"Microsoft
+ Managed Control 1576 - Acquisition Process | Design / Implementation Information
+ For Security Controls","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1576"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5f18c885-ade3-48c5-80b1-8f9216019c18","type":"Microsoft.Authorization/policyDefinitions","name":"5f18c885-ade3-48c5-80b1-8f9216019c18"},{"properties":{"displayName":"External
accounts with read permissions should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"External
accounts with read privileges should be removed from your subscription in
order to prevent unmonitored access.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithReadPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","type":"Microsoft.Authorization/policyDefinitions","name":"5f76cf89-fbf2-47fd-a3f4-b891fa780b60"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithReadPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","type":"Microsoft.Authorization/policyDefinitions","name":"5f76cf89-fbf2-47fd-a3f4-b891fa780b60"},{"properties":{"displayName":"Add
+ or replace a tag on resources","policyType":"BuiltIn","mode":"Indexed","description":"Adds
+ or replaces the specified tag and value when any resource is created or updated.
+ Existing resources can be remediated by triggering a remediation task. Does
+ not modify tags on resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
+ Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","notEquals":"[parameters(''tagValue'')]"},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"addOrReplace","field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ffd78d9-436d-4b41-a421-5baa819e3008","type":"Microsoft.Authorization/policyDefinitions","name":"5ffd78d9-436d-4b41-a421-5baa819e3008"},{"properties":{"displayName":"Microsoft
+ Managed Control 1663 - Protection Of Information At Rest","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1663"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/60171210-6dde-40af-a144-bf2670518bfa","type":"Microsoft.Authorization/policyDefinitions","name":"60171210-6dde-40af-a144-bf2670518bfa"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Object Access''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -1011,7 +2196,11 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''System Audit Policies - Object Access''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesObjectAccess","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/60aeaf73-a074-417a-905f-7ce9df0ff77b","type":"Microsoft.Authorization/policyDefinitions","name":"60aeaf73-a074-417a-905f-7ce9df0ff77b"},{"properties":{"displayName":"Show
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesObjectAccess","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/60aeaf73-a074-417a-905f-7ce9df0ff77b","type":"Microsoft.Authorization/policyDefinitions","name":"60aeaf73-a074-417a-905f-7ce9df0ff77b"},{"properties":{"displayName":"Storage
+ Accounts should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Storage Account not configured to use a virtual network
+ service endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"anyOf":[{"field":"Microsoft.Storage/storageAccounts/networkAcls.defaultAction","notEquals":"Deny"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.virtualNetworkRules[*].id","exists":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/60d21c4f-21a3-4d94-85f4-b924e6aeeda4","type":"Microsoft.Authorization/policyDefinitions","name":"60d21c4f-21a3-4d94-85f4-b924e6aeeda4"},{"properties":{"displayName":"Show
audit results from Windows web servers that are not using secure communication
protocols","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
@@ -1025,19 +2214,87 @@ interactions:
a storage account in the same region and resource group as the SQL server
to store scan results, with a ''sqlva'' prefix.","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/securityAlertPolicies.state","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3","/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"serverName":{"type":"string"},"location":{"type":"string"}},"variables":{"serverResourceGroupName":"[resourceGroup().name]","subscriptionId":"[subscription().subscriptionId]","uniqueStorage":"[uniqueString(variables(''subscriptionId''),
variables(''serverResourceGroupName''), parameters(''location''))]","storageName":"[tolower(concat(''sqlva'',
- variables(''uniqueStorage'')))]"},"resources":[{"type":"Microsoft.Storage/storageAccounts","name":"[variables(''storageName'')]","apiVersion":"2016-01-01","location":"[parameters(''location'')]","sku":{"name":"Standard_LRS"},"kind":"Storage","properties":{}},{"name":"[concat(parameters(''serverName''),
+ variables(''uniqueStorage'')))]"},"resources":[{"type":"Microsoft.Storage/storageAccounts","name":"[variables(''storageName'')]","apiVersion":"2019-04-01","location":"[parameters(''location'')]","sku":{"name":"Standard_LRS"},"kind":"StorageV2","properties":{}},{"name":"[concat(parameters(''serverName''),
''/Default'')]","type":"Microsoft.Sql/servers/securityAlertPolicies","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","emailAccountAdmins":true}},{"name":"[concat(parameters(''serverName''),
''/Default'')]","type":"Microsoft.Sql/servers/vulnerabilityAssessments","apiVersion":"2018-06-01-preview","properties":{"storageContainerPath":"[concat(reference(resourceId(''Microsoft.Storage/storageAccounts'',
variables(''storageName''))).primaryEndpoints.blob, ''vulnerability-assessment'')]","storageAccountAccessKey":"[listKeys(resourceId(''Microsoft.Storage/storageAccounts'',
variables(''storageName'')), ''2018-02-01'').keys[0].value]","recurringScans":{"isEnabled":true,"emailSubscriptionAdmins":true,"emails":[]}},"dependsOn":["[concat(''Microsoft.Storage/storageAccounts/'',
variables(''storageName''))]","[concat(''Microsoft.Sql/servers/'', parameters(''serverName''),
- ''/securityAlertPolicies/Default'')]"]}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6","type":"Microsoft.Authorization/policyDefinitions","name":"6134c3db-786f-471e-87bc-8f479dc890f6"},{"properties":{"displayName":"Service
+ ''/securityAlertPolicies/Default'')]"]}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6","type":"Microsoft.Authorization/policyDefinitions","name":"6134c3db-786f-471e-87bc-8f479dc890f6"},{"properties":{"displayName":"Configure
+ time zone on Windows machines.","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to set specified time zone
+ on Windows virtual machines.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"TimeZone":{"type":"String","metadata":{"displayName":"Time
+ zone","description":"The expected time zone"},"allowedValues":["(UTC-12:00)
+ International Date Line West","(UTC-11:00) Coordinated Universal Time-11","(UTC-10:00)
+ Aleutian Islands","(UTC-10:00) Hawaii","(UTC-09:30) Marquesas Islands","(UTC-09:00)
+ Alaska","(UTC-09:00) Coordinated Universal Time-09","(UTC-08:00) Baja California","(UTC-08:00)
+ Coordinated Universal Time-08","(UTC-08:00) Pacific Time (US & Canada)","(UTC-07:00)
+ Arizona","(UTC-07:00) Chihuahua, La Paz, Mazatlan","(UTC-07:00) Mountain Time
+ (US & Canada)","(UTC-06:00) Central America","(UTC-06:00) Central Time (US
+ & Canada)","(UTC-06:00) Easter Island","(UTC-06:00) Guadalajara, Mexico City,
+ Monterrey","(UTC-06:00) Saskatchewan","(UTC-05:00) Bogota, Lima, Quito, Rio
+ Branco","(UTC-05:00) Chetumal","(UTC-05:00) Eastern Time (US & Canada)","(UTC-05:00)
+ Haiti","(UTC-05:00) Havana","(UTC-05:00) Indiana (East)","(UTC-05:00) Turks
+ and Caicos","(UTC-04:00) Asuncion","(UTC-04:00) Atlantic Time (Canada)","(UTC-04:00)
+ Caracas","(UTC-04:00) Cuiaba","(UTC-04:00) Georgetown, La Paz, Manaus, San
+ Juan","(UTC-04:00) Santiago","(UTC-03:30) Newfoundland","(UTC-03:00) Araguaina","(UTC-03:00)
+ Brasilia","(UTC-03:00) Cayenne, Fortaleza","(UTC-03:00) City of Buenos Aires","(UTC-03:00)
+ Greenland","(UTC-03:00) Montevideo","(UTC-03:00) Punta Arenas","(UTC-03:00)
+ Saint Pierre and Miquelon","(UTC-03:00) Salvador","(UTC-02:00) Coordinated
+ Universal Time-02","(UTC-02:00) Mid-Atlantic - Old","(UTC-01:00) Azores","(UTC-01:00)
+ Cabo Verde Is.","(UTC) Coordinated Universal Time","(UTC+00:00) Dublin, Edinburgh,
+ Lisbon, London","(UTC+00:00) Monrovia, Reykjavik","(UTC+00:00) Sao Tome","(UTC+01:00)
+ Casablanca","(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna","(UTC+01:00)
+ Belgrade, Bratislava, Budapest, Ljubljana, Prague","(UTC+01:00) Brussels,
+ Copenhagen, Madrid, Paris","(UTC+01:00) Sarajevo, Skopje, Warsaw, Zagreb","(UTC+01:00)
+ West Central Africa","(UTC+02:00) Amman","(UTC+02:00) Athens, Bucharest","(UTC+02:00)
+ Beirut","(UTC+02:00) Cairo","(UTC+02:00) Chisinau","(UTC+02:00) Damascus","(UTC+02:00)
+ Gaza, Hebron","(UTC+02:00) Harare, Pretoria","(UTC+02:00) Helsinki, Kyiv,
+ Riga, Sofia, Tallinn, Vilnius","(UTC+02:00) Jerusalem","(UTC+02:00) Kaliningrad","(UTC+02:00)
+ Khartoum","(UTC+02:00) Tripoli","(UTC+02:00) Windhoek","(UTC+03:00) Baghdad","(UTC+03:00)
+ Istanbul","(UTC+03:00) Kuwait, Riyadh","(UTC+03:00) Minsk","(UTC+03:00) Moscow,
+ St. Petersburg","(UTC+03:00) Nairobi","(UTC+03:30) Tehran","(UTC+04:00) Abu
+ Dhabi, Muscat","(UTC+04:00) Astrakhan, Ulyanovsk","(UTC+04:00) Baku","(UTC+04:00)
+ Izhevsk, Samara","(UTC+04:00) Port Louis","(UTC+04:00) Saratov","(UTC+04:00)
+ Tbilisi","(UTC+04:00) Volgograd","(UTC+04:00) Yerevan","(UTC+04:30) Kabul","(UTC+05:00)
+ Ashgabat, Tashkent","(UTC+05:00) Ekaterinburg","(UTC+05:00) Islamabad, Karachi","(UTC+05:00)
+ Qyzylorda","(UTC+05:30) Chennai, Kolkata, Mumbai, New Delhi","(UTC+05:30)
+ Sri Jayawardenepura","(UTC+05:45) Kathmandu","(UTC+06:00) Astana","(UTC+06:00)
+ Dhaka","(UTC+06:00) Omsk","(UTC+06:30) Yangon (Rangoon)","(UTC+07:00) Bangkok,
+ Hanoi, Jakarta","(UTC+07:00) Barnaul, Gorno-Altaysk","(UTC+07:00) Hovd","(UTC+07:00)
+ Krasnoyarsk","(UTC+07:00) Novosibirsk","(UTC+07:00) Tomsk","(UTC+08:00) Beijing,
+ Chongqing, Hong Kong, Urumqi","(UTC+08:00) Irkutsk","(UTC+08:00) Kuala Lumpur,
+ Singapore","(UTC+08:00) Perth","(UTC+08:00) Taipei","(UTC+08:00) Ulaanbaatar","(UTC+08:45)
+ Eucla","(UTC+09:00) Chita","(UTC+09:00) Osaka, Sapporo, Tokyo","(UTC+09:00)
+ Pyongyang","(UTC+09:00) Seoul","(UTC+09:00) Yakutsk","(UTC+09:30) Adelaide","(UTC+09:30)
+ Darwin","(UTC+10:00) Brisbane","(UTC+10:00) Canberra, Melbourne, Sydney","(UTC+10:00)
+ Guam, Port Moresby","(UTC+10:00) Hobart","(UTC+10:00) Vladivostok","(UTC+10:30)
+ Lord Howe Island","(UTC+11:00) Bougainville Island","(UTC+11:00) Chokurdakh","(UTC+11:00)
+ Magadan","(UTC+11:00) Norfolk Island","(UTC+11:00) Sakhalin","(UTC+11:00)
+ Solomon Is., New Caledonia","(UTC+12:00) Anadyr, Petropavlovsk-Kamchatsky","(UTC+12:00)
+ Auckland, Wellington","(UTC+12:00) Coordinated Universal Time+12","(UTC+12:00)
+ Fiji","(UTC+12:00) Petropavlovsk-Kamchatsky - Old","(UTC+12:45) Chatham Islands","(UTC+13:00)
+ Coordinated Universal Time+13","(UTC+13:00) Nuku''alofa","(UTC+13:00) Samoa","(UTC+14:00)
+ Kiritimati Island"]}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"SetWindowsTimeZone","existenceCondition":{"allOf":[{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[WindowsTimeZone]WindowsTimeZone1;TimeZone'',
+ ''='', parameters(''TimeZone'')))]"},{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"SetWindowsTimeZone"},"TimeZone":{"value":"[parameters(''TimeZone'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"TimeZone":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","assignmentType":"DeployAndAutoCorrect","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","assignmentType":"DeployAndAutoCorrect","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6141c932-9384-44c6-a395-59e4c057d7c9","type":"Microsoft.Authorization/policyDefinitions","name":"6141c932-9384-44c6-a395-59e4c057d7c9"},{"properties":{"displayName":"Service
Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign","policyType":"BuiltIn","mode":"Indexed","description":"Service
Fabric provides three levels of protection (None, Sign and EncryptAndSign)
for node-to-node communication using a primary cluster certificate. Set the
protection level to ensure that all node-to-node messages are encrypted and
digitally signed","metadata":{"category":"Service Fabric"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceFabric/clusters"},{"anyOf":[{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].name","notEquals":"Security"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name","notEquals":"ClusterProtectionLevel"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value","notEquals":"EncryptAndSign"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","type":"Microsoft.Authorization/policyDefinitions","name":"617c02be-7f02-4efd-8836-3180d47b6c68"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceFabric/clusters"},{"anyOf":[{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].name","notEquals":"Security"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name","notEquals":"ClusterProtectionLevel"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value","notEquals":"EncryptAndSign"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","type":"Microsoft.Authorization/policyDefinitions","name":"617c02be-7f02-4efd-8836-3180d47b6c68"},{"properties":{"displayName":"Microsoft
+ Managed Control 1110 - Audit Storage Capacity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1110"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6182bfa7-0f2a-43f5-834a-a2ddf31c13c7","type":"Microsoft.Authorization/policyDefinitions","name":"6182bfa7-0f2a-43f5-834a-a2ddf31c13c7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1415 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1415"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/61a1dd98-b259-4840-abd5-fbba7ee0da83","type":"Microsoft.Authorization/policyDefinitions","name":"61a1dd98-b259-4840-abd5-fbba7ee0da83"},{"properties":{"displayName":"Microsoft
+ Managed Control 1153 - System Interconnections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1153"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/61cf3125-142c-4754-8a16-41ab4d529635","type":"Microsoft.Authorization/policyDefinitions","name":"61cf3125-142c-4754-8a16-41ab4d529635"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
System objects''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -1045,7 +2302,24 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - System objects''. For more information on Guest
Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsSystemobjects","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/620e58b5-ac75-49b4-993f-a9d4f0459636","type":"Microsoft.Authorization/policyDefinitions","name":"620e58b5-ac75-49b4-993f-a9d4f0459636"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsSystemobjects","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/620e58b5-ac75-49b4-993f-a9d4f0459636","type":"Microsoft.Authorization/policyDefinitions","name":"620e58b5-ac75-49b4-993f-a9d4f0459636"},{"properties":{"displayName":"Microsoft
+ Managed Control 1682 - Malicious Code Protection | Nonsignature-Based Detection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1682"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/62b638c5-29d7-404b-8d93-f21e4b1ce198","type":"Microsoft.Authorization/policyDefinitions","name":"62b638c5-29d7-404b-8d93-f21e4b1ce198"},{"properties":{"displayName":"Microsoft
+ Managed Control 1660 - Session Authenticity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1660"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/63096613-ce83-43e5-96f4-e588e8813554","type":"Microsoft.Authorization/policyDefinitions","name":"63096613-ce83-43e5-96f4-e588e8813554"},{"properties":{"displayName":"Microsoft
+ Managed Control 1002 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1002"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/632024c2-8079-439d-a7f6-90af1d78cc65","type":"Microsoft.Authorization/policyDefinitions","name":"632024c2-8079-439d-a7f6-90af1d78cc65"},{"properties":{"displayName":"Microsoft
+ Managed Control 1498 - Rules Of Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1498"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/633988b9-cf2f-4323-8394-f0d2af9cd6e1","type":"Microsoft.Authorization/policyDefinitions","name":"633988b9-cf2f-4323-8394-f0d2af9cd6e1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1177 - Baseline Configuration | Reviews And Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1177"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc","type":"Microsoft.Authorization/policyDefinitions","name":"63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1185 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1185"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6420cd73-b939-43b7-9d99-e8688fea053c","type":"Microsoft.Authorization/policyDefinitions","name":"6420cd73-b939-43b7-9d99-e8688fea053c"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Devices''","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Windows virtual machines
@@ -1062,16 +2336,38 @@ interactions:
Allowed to format and eject removable media;ExpectedValue'', ''='', parameters(''DevicesAllowedToFormatAndEjectRemovableMedia'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsDevices"},"DevicesAllowedToFormatAndEjectRemovableMedia":{"value":"[parameters(''DevicesAllowedToFormatAndEjectRemovableMedia'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"DevicesAllowedToFormatAndEjectRemovableMedia":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Devices:
Allowed to format and eject removable media;ExpectedValue","value":"[parameters(''DevicesAllowedToFormatAndEjectRemovableMedia'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6481cc21-ed6e-4480-99dd-ea7c5222e897","type":"Microsoft.Authorization/policyDefinitions","name":"6481cc21-ed6e-4480-99dd-ea7c5222e897"},{"properties":{"displayName":"[Deprecated]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6481cc21-ed6e-4480-99dd-ea7c5222e897","type":"Microsoft.Authorization/policyDefinitions","name":"6481cc21-ed6e-4480-99dd-ea7c5222e897"},{"properties":{"displayName":"Microsoft
+ Managed Control 1441 - Media Sanitization | Equipment Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1441"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6519d7f3-e8a2-4ff3-a935-9a9497152ad7","type":"Microsoft.Authorization/policyDefinitions","name":"6519d7f3-e8a2-4ff3-a935-9a9497152ad7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1558 - Vulnerability Scanning | Correlate Scanning Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1558"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/65592b16-4367-42c5-a26e-d371be450e17","type":"Microsoft.Authorization/policyDefinitions","name":"65592b16-4367-42c5-a26e-d371be450e17"},{"properties":{"displayName":"[Deprecated]:
Audit missing blob encryption for storage accounts","policyType":"BuiltIn","mode":"All","description":"This
policy is no longer necessary because storage blob encryption is enabled by
default and cannot be turned off.","metadata":{"category":"Security Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759","type":"Microsoft.Authorization/policyDefinitions","name":"655cb504-bcee-4362-bd4c-402e6aa38759"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759","type":"Microsoft.Authorization/policyDefinitions","name":"655cb504-bcee-4362-bd4c-402e6aa38759"},{"properties":{"displayName":"Microsoft
+ Managed Control 1261 - Contingency Plan Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1261"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/65aeceb5-a59c-4cb1-8d82-9c474be5d431","type":"Microsoft.Authorization/policyDefinitions","name":"65aeceb5-a59c-4cb1-8d82-9c474be5d431"},{"properties":{"displayName":"[Deprecated]:
Audit IP restrictions configuration for a Function App","policyType":"BuiltIn","mode":"All","description":"IP
Restrictions allow you to define a list of IP addresses that are allowed to
access your app. Use of IP Restrictions protects a Function app from common
attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90","type":"Microsoft.Authorization/policyDefinitions","name":"664346d9-be92-43fb-a219-d595eeb76a90"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90","type":"Microsoft.Authorization/policyDefinitions","name":"664346d9-be92-43fb-a219-d595eeb76a90"},{"properties":{"displayName":"Microsoft
+ Managed Control 1444 - Media Use | Prohibit Use Without Owner","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1444"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/666143df-f5e0-45bd-b554-135f0f93e44e","type":"Microsoft.Authorization/policyDefinitions","name":"666143df-f5e0-45bd-b554-135f0f93e44e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1319 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1319"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/66f7ae57-5560-4fc5-85c9-659f204e7a42","type":"Microsoft.Authorization/policyDefinitions","name":"66f7ae57-5560-4fc5-85c9-659f204e7a42"},{"properties":{"displayName":"Microsoft
+ Managed Control 1628 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1628"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/67de62b4-a737-4781-8861-3baed3c35069","type":"Microsoft.Authorization/policyDefinitions","name":"67de62b4-a737-4781-8861-3baed3c35069"},{"properties":{"displayName":"Microsoft
+ Managed Control 1377 - Incident Response Assistance | Coordination With External
+ Providers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1377"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68434bd1-e14b-4031-9edb-a4adf5f84a67","type":"Microsoft.Authorization/policyDefinitions","name":"68434bd1-e14b-4031-9edb-a4adf5f84a67"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs on which the Log Analytics agent
is not connected as expected","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -1083,14 +2379,42 @@ interactions:
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"WorkspaceId":{"type":"String","metadata":{"displayName":"Connected
workspace IDs","description":"A semicolon-separated list of the workspace
IDs that the Log Analytics agent should be connected to"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsLogAnalyticsAgentConnection","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[LogAnalyticsAgent]LogAnalyticsAgent1;WorkspaceId'',
- ''='', parameters(''WorkspaceId'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsLogAnalyticsAgentConnection"},"WorkspaceId":{"value":"[parameters(''WorkspaceId'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"WorkspaceId":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LogAnalyticsAgent]LogAnalyticsAgent1;WorkspaceId","value":"[parameters(''WorkspaceId'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LogAnalyticsAgent]LogAnalyticsAgent1;WorkspaceId","value":"[parameters(''WorkspaceId'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68511db2-bd02-41c4-ae6b-1900a012968a","type":"Microsoft.Authorization/policyDefinitions","name":"68511db2-bd02-41c4-ae6b-1900a012968a"},{"properties":{"displayName":"[Preview]:
+ ''='', parameters(''WorkspaceId'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsLogAnalyticsAgentConnection"},"WorkspaceId":{"value":"[parameters(''WorkspaceId'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"WorkspaceId":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LogAnalyticsAgent]LogAnalyticsAgent1;WorkspaceId","value":"[parameters(''WorkspaceId'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LogAnalyticsAgent]LogAnalyticsAgent1;WorkspaceId","value":"[parameters(''WorkspaceId'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68511db2-bd02-41c4-ae6b-1900a012968a","type":"Microsoft.Authorization/policyDefinitions","name":"68511db2-bd02-41c4-ae6b-1900a012968a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1597 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1597"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68b250ec-2e4f-4eee-898a-117a9fda7016","type":"Microsoft.Authorization/policyDefinitions","name":"68b250ec-2e4f-4eee-898a-117a9fda7016"},{"properties":{"displayName":"Microsoft
+ Managed Control 1588 - External Information System Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1588"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68ebae26-e0e0-4ecb-8379-aabf633b51e9","type":"Microsoft.Authorization/policyDefinitions","name":"68ebae26-e0e0-4ecb-8379-aabf633b51e9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1070 - Wireless Access | Disable Wireless Networking","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1070"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68f837d0-8942-4b1e-9b31-be78b247bda8","type":"Microsoft.Authorization/policyDefinitions","name":"68f837d0-8942-4b1e-9b31-be78b247bda8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1727 - Memory Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1727"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/697175a7-9715-4e89-b98b-c6f605888fa3","type":"Microsoft.Authorization/policyDefinitions","name":"697175a7-9715-4e89-b98b-c6f605888fa3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1652 - Mobile Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1652"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6998e84a-2d29-4e10-8962-76754d4f772d","type":"Microsoft.Authorization/policyDefinitions","name":"6998e84a-2d29-4e10-8962-76754d4f772d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1699 - Information System Monitoring | Privileged Users","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1699"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/69c7bee8-bc19-4129-a51e-65a7b39d3e7c","type":"Microsoft.Authorization/policyDefinitions","name":"69c7bee8-bc19-4129-a51e-65a7b39d3e7c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1696 - Information System Monitoring | Correlate Monitoring
+ Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1696"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/69d2a238-20ab-4206-a6dc-f302bf88b1b8","type":"Microsoft.Authorization/policyDefinitions","name":"69d2a238-20ab-4206-a6dc-f302bf88b1b8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1244 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1244"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a13a8f8-c163-4b1b-8554-d63569dab937","type":"Microsoft.Authorization/policyDefinitions","name":"6a13a8f8-c163-4b1b-8554-d63569dab937"},{"properties":{"displayName":"Microsoft
+ Managed Control 1019 - Account Management | Role-Based Schemes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1019"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a3ee9b2-3977-459c-b8ce-2db583abd9f7","type":"Microsoft.Authorization/policyDefinitions","name":"6a3ee9b2-3977-459c-b8ce-2db583abd9f7"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs on which Windows Defender Exploit
Guard is not enabled","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -1105,41 +2429,120 @@ interactions:
machines with older versions on which Windows Defender Exploit Guard is not
available (such as Windows Server 2012 R2) non-compliant. Setting this value
to ''Compliant'' will make these machines compliant."},"allowedValues":["Compliant","Non-Compliant"],"defaultValue":"Non-Compliant"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDefenderExploitGuard","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[WindowsDefenderExploitGuard]WindowsDefenderExploitGuard1;NotAvailableMachineState'',
- ''='', parameters(''NotAvailableMachineState'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDefenderExploitGuard"},"NotAvailableMachineState":{"value":"[parameters(''NotAvailableMachineState'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"NotAvailableMachineState":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsDefenderExploitGuard]WindowsDefenderExploitGuard1;NotAvailableMachineState","value":"[parameters(''NotAvailableMachineState'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsDefenderExploitGuard]WindowsDefenderExploitGuard1;NotAvailableMachineState","value":"[parameters(''NotAvailableMachineState'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''='', parameters(''NotAvailableMachineState'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDefenderExploitGuard"},"NotAvailableMachineState":{"value":"[parameters(''NotAvailableMachineState'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"NotAvailableMachineState":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsDefenderExploitGuard]WindowsDefenderExploitGuard1;NotAvailableMachineState","value":"[parameters(''NotAvailableMachineState'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsDefenderExploitGuard]WindowsDefenderExploitGuard1;NotAvailableMachineState","value":"[parameters(''NotAvailableMachineState'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a7a2bcf-f9be-4e35-9734-4f9657a70f1d","type":"Microsoft.Authorization/policyDefinitions","name":"6a7a2bcf-f9be-4e35-9734-4f9657a70f1d"},{"properties":{"displayName":"[Deprecated]:
Audit IP restrictions configuration for a Web Application","policyType":"BuiltIn","mode":"All","description":"IP
Restrictions allow you to define a list of IP addresses that are allowed to
access your app. Use of IP Restrictions protects a web application from common
attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe","type":"Microsoft.Authorization/policyDefinitions","name":"6a8450e2-6c61-43b4-be65-62e3a197bffe"},{"properties":{"displayName":"Deprecated
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe","type":"Microsoft.Authorization/policyDefinitions","name":"6a8450e2-6c61-43b4-be65-62e3a197bffe"},{"properties":{"displayName":"Microsoft
+ Managed Control 1211 - Configuration Settings","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1211"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a8b9dc8-6b00-4701-aa96-bba3277ebf50","type":"Microsoft.Authorization/policyDefinitions","name":"6a8b9dc8-6b00-4701-aa96-bba3277ebf50"},{"properties":{"displayName":"[Deprecated]:
+ Ensure WEB app is using the latest version of TLS encryption ","policyType":"BuiltIn","mode":"Indexed","description":"Please
+ use /providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b
+ instead. The TLS(Transport Layer Security) protocol secures transmission of
+ data over the internet using standard encryption technology. Encryption should
+ be set with the latest version of TLS. App service allows TLS 1.2 by default,
+ which is the recommended TLS level by industry standards, such as PCI DSS.","metadata":{"category":"App
+ Service","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6ad61431-88ce-4357-a0e1-6da43f292bd7","type":"Microsoft.Authorization/policyDefinitions","name":"6ad61431-88ce-4357-a0e1-6da43f292bd7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1653 - Mobile Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1653"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b","type":"Microsoft.Authorization/policyDefinitions","name":"6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b"},{"properties":{"displayName":"Deprecated
accounts should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"Deprecated
accounts should be removed from your subscriptions. Deprecated accounts are
accounts that have been blocked from signing in.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveDeprecatedAccounts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","type":"Microsoft.Authorization/policyDefinitions","name":"6b1cbf55-e8b6-442f-ba4c-7246b6381474"},{"properties":{"displayName":"Not
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveDeprecatedAccounts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","type":"Microsoft.Authorization/policyDefinitions","name":"6b1cbf55-e8b6-442f-ba4c-7246b6381474"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Service Bus to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Service Bus to stream to a regional Event Hub
+ when any Service Bus which is missing this diagnostic settings is created
+ or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.ServiceBus/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b51af03-9277-49a9-a3f8-1c69c9ff7403","type":"Microsoft.Authorization/policyDefinitions","name":"6b51af03-9277-49a9-a3f8-1c69c9ff7403"},{"properties":{"displayName":"Microsoft
+ Managed Control 1031 - Separation Of Duties","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1031"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b93a801-fe25-4574-a60d-cb22acffae00","type":"Microsoft.Authorization/policyDefinitions","name":"6b93a801-fe25-4574-a60d-cb22acffae00"},{"properties":{"displayName":"Not
allowed resource types","policyType":"BuiltIn","mode":"All","description":"This
policy enables you to specify the resource types that your organization cannot
deploy.","metadata":{"category":"General"},"parameters":{"listOfResourceTypesNotAllowed":{"type":"Array","metadata":{"description":"The
list of resource types that cannot be deployed.","displayName":"Not allowed
- resource types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypesNotAllowed'')]"},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749","type":"Microsoft.Authorization/policyDefinitions","name":"6c112d4e-5bc7-47ae-a041-ea2d9dccd749"},{"properties":{"displayName":"Function
+ resource types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypesNotAllowed'')]"},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749","type":"Microsoft.Authorization/policyDefinitions","name":"6c112d4e-5bc7-47ae-a041-ea2d9dccd749"},{"properties":{"displayName":"Microsoft
+ Managed Control 1338 - Authenticator Management | Automated Support For Password
+ Strength Determination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1338"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6c59a207-6aed-41dc-83a2-e1ff66e4a4db","type":"Microsoft.Authorization/policyDefinitions","name":"6c59a207-6aed-41dc-83a2-e1ff66e4a4db"},{"properties":{"displayName":"Microsoft
+ Managed Control 1304 - Identification And Authentication (Org. Users) | Local
+ Access To Non-Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1304"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b","type":"Microsoft.Authorization/policyDefinitions","name":"6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1437 - Media Transport | Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1437"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d1eb6ed-bf13-4046-b993-b9e2aef0f76c","type":"Microsoft.Authorization/policyDefinitions","name":"6d1eb6ed-bf13-4046-b993-b9e2aef0f76c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1171 - Penetration Testing | Independent Penetration Agent
+ Or Team","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1171"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d4820bc-8b61-4982-9501-2123cb776c00","type":"Microsoft.Authorization/policyDefinitions","name":"6d4820bc-8b61-4982-9501-2123cb776c00"},{"properties":{"displayName":"Function
App should only be accessible over HTTPS","policyType":"BuiltIn","mode":"Indexed","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","type":"Microsoft.Authorization/policyDefinitions","name":"6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab"},{"properties":{"displayName":"Email
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","type":"Microsoft.Authorization/policyDefinitions","name":"6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab"},{"properties":{"displayName":"Microsoft
+ Managed Control 1643 - Cryptographic Key Establishment And Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1643"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d8d492c-dd7a-46f7-a723-fa66a425b87c","type":"Microsoft.Authorization/policyDefinitions","name":"6d8d492c-dd7a-46f7-a723-fa66a425b87c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1291 - Information System Backup | Testing For Reliability
+ / Integrity","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1291"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912","type":"Microsoft.Authorization/policyDefinitions","name":"6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912"},{"properties":{"displayName":"Microsoft
+ Managed Control 1175 - Configuration Management Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1175"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6dab4254-c30d-4bb7-ae99-1d21586c063c","type":"Microsoft.Authorization/policyDefinitions","name":"6dab4254-c30d-4bb7-ae99-1d21586c063c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1651 - Mobile Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1651"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6db63528-c9ba-491c-8a80-83e1e6977a50","type":"Microsoft.Authorization/policyDefinitions","name":"6db63528-c9ba-491c-8a80-83e1e6977a50"},{"properties":{"displayName":"Email
notification for high severity alerts should be enabled","policyType":"BuiltIn","mode":"All","description":"Enable
emailing security alerts to the security contact, in order to have them receive
security alert emails from Microsoft. This ensures that the right people are
aware of any potential security issues and are able to mitigate the risks","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertNotifications","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","type":"Microsoft.Authorization/policyDefinitions","name":"6e2593d9-add6-4083-9c9b-4b7d2188c899"},{"properties":{"displayName":"Allow
- resource creation only in Japan data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
- resource creation in the following locations only: Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4","type":"Microsoft.Authorization/policyDefinitions","name":"6fdb9205-3462-4cfc-87d8-16c7860b53f4"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertNotifications","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","type":"Microsoft.Authorization/policyDefinitions","name":"6e2593d9-add6-4083-9c9b-4b7d2188c899"},{"properties":{"displayName":"Microsoft
+ Managed Control 1586 - External Information System Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1586"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e3b2fbd-8f37-4766-a64d-3f37703dcb51","type":"Microsoft.Authorization/policyDefinitions","name":"6e3b2fbd-8f37-4766-a64d-3f37703dcb51"},{"properties":{"displayName":"Microsoft
+ Managed Control 1536 - Risk Assessment Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1536"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e40d9de-2ad4-4cb5-8945-23143326a502","type":"Microsoft.Authorization/policyDefinitions","name":"6e40d9de-2ad4-4cb5-8945-23143326a502"},{"properties":{"displayName":"Microsoft
+ Managed Control 1530 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1530"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e8f9566-29f1-49cd-b61f-f8628a3cf993","type":"Microsoft.Authorization/policyDefinitions","name":"6e8f9566-29f1-49cd-b61f-f8628a3cf993"},{"properties":{"displayName":"Microsoft
+ Managed Control 1460 - Access Control For Output Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1460"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6f3ce1bb-4f77-4695-8355-70b08d54fdda","type":"Microsoft.Authorization/policyDefinitions","name":"6f3ce1bb-4f77-4695-8355-70b08d54fdda"},{"properties":{"displayName":"Microsoft
+ Managed Control 1320 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1320"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6f54c732-71d4-4f93-a696-4e373eca3a77","type":"Microsoft.Authorization/policyDefinitions","name":"6f54c732-71d4-4f93-a696-4e373eca3a77"},{"properties":{"displayName":"[Deprecated]:
+ Allow resource creation only in Japan data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ resource creation in the following locations only: Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4","type":"Microsoft.Authorization/policyDefinitions","name":"6fdb9205-3462-4cfc-87d8-16c7860b53f4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1141 - Audit Generation | Changes By Authorized Individuals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1141"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fdefbf4-93e7-4513-bc95-c1858b7093e0","type":"Microsoft.Authorization/policyDefinitions","name":"6fdefbf4-93e7-4513-bc95-c1858b7093e0"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Microsoft Network Server''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -1147,7 +2550,19 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - Microsoft Network Server''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkServer","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fe4ef56-7576-4dc4-8e9c-26bad4b087ce","type":"Microsoft.Authorization/policyDefinitions","name":"6fe4ef56-7576-4dc4-8e9c-26bad4b087ce"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkServer","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fe4ef56-7576-4dc4-8e9c-26bad4b087ce","type":"Microsoft.Authorization/policyDefinitions","name":"6fe4ef56-7576-4dc4-8e9c-26bad4b087ce"},{"properties":{"displayName":"Ensure
+ that ''Python version'' is the latest, if used as a part of the Web app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Python software either due to security flaws
+ or to include additional functionality. Using the latest Python version for
+ web apps is recommended in order to to take advantage of security fixes, if
+ any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"WindowsPythonLatestVersion":{"type":"String","metadata":{"displayName":"Windows
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.6"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"Linux
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.8"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PYTHON"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PYTHON|'',
+ parameters(''LinuxPythonLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":"[parameters(''WindowsPythonLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","type":"Microsoft.Authorization/policyDefinitions","name":"7008174a-fd10-4ef0-817e-fc820a951d73"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Windows Components''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
with non-compliant settings in Group Policy category: ''Windows Components''.
@@ -1259,14 +2674,36 @@ interactions:
Specify the maximum log file size (KB);ExpectedValue","value":"[parameters(''SystemSpecifyTheMaximumLogFileSizeKB'')]"},{"name":"Turn
off Data Execution Prevention for Explorer;ExpectedValue","value":"[parameters(''TurnOffDataExecutionPreventionForExplorer'')]"},{"name":"Specify
the interval to check for definition updates;ExpectedValue","value":"[parameters(''SpecifyTheIntervalToCheckForDefinitionUpdates'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7040a231-fb65-4412-8c0a-b365f4866c24","type":"Microsoft.Authorization/policyDefinitions","name":"7040a231-fb65-4412-8c0a-b365f4866c24"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7040a231-fb65-4412-8c0a-b365f4866c24","type":"Microsoft.Authorization/policyDefinitions","name":"7040a231-fb65-4412-8c0a-b365f4866c24"},{"properties":{"displayName":"Microsoft
+ Managed Control 1254 - Contingency Plan | Resume All Missions / Business Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1254"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/704e136a-4fe0-427c-b829-cd69957f5d2b","type":"Microsoft.Authorization/policyDefinitions","name":"704e136a-4fe0-427c-b829-cd69957f5d2b"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- System''","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''System
Audit Policies - System''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7066131b-61a6-4917-a7e4-72e8983f0aa6","type":"Microsoft.Authorization/policyDefinitions","name":"7066131b-61a6-4917-a7e4-72e8983f0aa6"},{"properties":{"displayName":"[Preview]:
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7066131b-61a6-4917-a7e4-72e8983f0aa6","type":"Microsoft.Authorization/policyDefinitions","name":"7066131b-61a6-4917-a7e4-72e8983f0aa6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1509 - Position Risk Designation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1509"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/70792197-9bfc-4813-905a-bd33993e327f","type":"Microsoft.Authorization/policyDefinitions","name":"70792197-9bfc-4813-905a-bd33993e327f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1541 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1541"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/70f6af82-7be6-44aa-9b15-8b9231b2e434","type":"Microsoft.Authorization/policyDefinitions","name":"70f6af82-7be6-44aa-9b15-8b9231b2e434"},{"properties":{"displayName":"Microsoft
+ Managed Control 1691 - Information System Monitoring | Automated Tools For
+ Real-Time Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1691"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/71475fb4-49bd-450b-a1a5-f63894c24725","type":"Microsoft.Authorization/policyDefinitions","name":"71475fb4-49bd-450b-a1a5-f63894c24725"},{"properties":{"displayName":"Microsoft
+ Managed Control 1481 - Temperature And Humidity Controls","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1481"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/717a1c78-a267-4f56-ac58-ee6c54dc4339","type":"Microsoft.Authorization/policyDefinitions","name":"717a1c78-a267-4f56-ac58-ee6c54dc4339"},{"properties":{"displayName":"Microsoft
+ Managed Control 1129 - Time Stamps | Synchronization With Authoritative Time
+ Source","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1129"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/71bb965d-4047-4623-afd4-b8189a58df5d","type":"Microsoft.Authorization/policyDefinitions","name":"71bb965d-4047-4623-afd4-b8189a58df5d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1395 - System Maintenance Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1395"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7207a023-a517-41c5-9df2-09d4c6845a05","type":"Microsoft.Authorization/policyDefinitions","name":"7207a023-a517-41c5-9df2-09d4c6845a05"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs on which the DSC configuration is not
compliant","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
@@ -1281,7 +2718,28 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Administrative
Templates - Network''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesNetwork","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7229bd6a-693d-478a-87f0-1dc1af06f3b8","type":"Microsoft.Authorization/policyDefinitions","name":"7229bd6a-693d-478a-87f0-1dc1af06f3b8"},{"properties":{"displayName":"[Preview]:
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesNetwork","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7229bd6a-693d-478a-87f0-1dc1af06f3b8","type":"Microsoft.Authorization/policyDefinitions","name":"7229bd6a-693d-478a-87f0-1dc1af06f3b8"},{"properties":{"displayName":"Ensure
+ that ''Python version'' is the latest, if used as a part of the Function app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Python software either due to security flaws
+ or to include additional functionality. Using the latest Python version for
+ Function apps is recommended in order to to take advantage of security fixes,
+ if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"WindowsPythonLatestVersion":{"type":"String","metadata":{"displayName":"Windows
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.6"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"Linux
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.8"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PYTHON"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PYTHON|'',
+ parameters(''LinuxPythonLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":"[parameters(''WindowsPythonLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","type":"Microsoft.Authorization/policyDefinitions","name":"7238174a-fd10-4ef0-817e-fc820a951d73"},{"properties":{"displayName":"Ensure
+ that ''PHP version'' is the latest, if used as a part of the WEB app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for PHP software either due to security flaws
+ or to include additional functionality. Using the latest PHP version for web
+ apps is recommended in order to to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ PHP version","description":"Latest supported PHP version for App Services"},"defaultValue":"7.3"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PHP"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PHP|'',
+ parameters(''PHPLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":"[parameters(''PHPLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","type":"Microsoft.Authorization/policyDefinitions","name":"7261b898-8a84-4db8-9e04-18527132abb3"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that allow re-use of the previous
24 passwords","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -1289,24 +2747,75 @@ interactions:
managed identity and deploys the VM extension for Guest Configuration. This
policy should only be used along with its corresponding audit policy in an
initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"EnforcePasswordHistory"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","type":"Microsoft.Authorization/policyDefinitions","name":"726671ac-c4de-4908-8c7d-6043ae62e3b6"},{"properties":{"displayName":"Allowed
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"EnforcePasswordHistory"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","type":"Microsoft.Authorization/policyDefinitions","name":"726671ac-c4de-4908-8c7d-6043ae62e3b6"},{"properties":{"displayName":"Add
+ a tag to resource groups","policyType":"BuiltIn","mode":"All","description":"Adds
+ the specified tag and value when any resource group missing this tag is created
+ or updated. Existing resource groups can be remediated by triggering a remediation
+ task. If the tag exists with a different value it will not be changed.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
+ Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"add","field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/726aca4c-86e9-4b04-b0c5-073027359532","type":"Microsoft.Authorization/policyDefinitions","name":"726aca4c-86e9-4b04-b0c5-073027359532"},{"properties":{"displayName":"Microsoft
+ Managed Control 1524 - Personnel Transfer","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1524"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/72f1cb4e-2439-4fe8-88ea-b8671ce3c268","type":"Microsoft.Authorization/policyDefinitions","name":"72f1cb4e-2439-4fe8-88ea-b8671ce3c268"},{"properties":{"displayName":"Microsoft
+ Managed Control 1393 - Information Spillage Response | Exposure To Unauthorized
+ Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1393"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/731856d8-1598-4b75-92de-7d46235747c0","type":"Microsoft.Authorization/policyDefinitions","name":"731856d8-1598-4b75-92de-7d46235747c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1101 - Audit And Accountability Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1101"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7327b708-f0e0-457d-9d2a-527fcc9c9a65","type":"Microsoft.Authorization/policyDefinitions","name":"7327b708-f0e0-457d-9d2a-527fcc9c9a65"},{"properties":{"displayName":"Microsoft
+ Managed Control 1456 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1456"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/733ba9e3-9e7c-440a-a7aa-6196a90a2870","type":"Microsoft.Authorization/policyDefinitions","name":"733ba9e3-9e7c-440a-a7aa-6196a90a2870"},{"properties":{"displayName":"Microsoft
+ Managed Control 1581 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1581"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/742b549b-7a25-465f-b83c-ea1ffb4f4e0e","type":"Microsoft.Authorization/policyDefinitions","name":"742b549b-7a25-465f-b83c-ea1ffb4f4e0e"},{"properties":{"displayName":"Allowed
storage account SKUs","policyType":"BuiltIn","mode":"Indexed","description":"This
policy enables you to specify a set of storage account SKUs that your organization
can deploy.","metadata":{"category":"Storage"},"parameters":{"listOfAllowedSKUs":{"type":"Array","metadata":{"description":"The
list of SKUs that can be specified for storage accounts.","displayName":"Allowed
- SKUs","strongType":"StorageSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1","type":"Microsoft.Authorization/policyDefinitions","name":"7433c107-6db4-4ad1-b57a-a76dce0154a1"},{"properties":{"displayName":"[Deprecated]:
+ SKUs","strongType":"StorageSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1","type":"Microsoft.Authorization/policyDefinitions","name":"7433c107-6db4-4ad1-b57a-a76dce0154a1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1631 - Boundary Protection | Deny By Default / Allow By Exception","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1631"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/74ae9b8e-e7bb-4c9c-992f-c535282f7a2c","type":"Microsoft.Authorization/policyDefinitions","name":"74ae9b8e-e7bb-4c9c-992f-c535282f7a2c"},{"properties":{"displayName":"Ensure
+ that ''Python version'' is the latest, if used as a part of the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Python software either due to security flaws
+ or to include additional functionality. Using the latest Python version for
+ Api apps is recommended in order to to take advantage of security fixes, if
+ any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"WindowsPythonLatestVersion":{"type":"String","metadata":{"displayName":"Windows
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.6"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"Linux
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.8"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PYTHON"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PYTHON|'',
+ parameters(''LinuxPythonLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":"[parameters(''WindowsPythonLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","type":"Microsoft.Authorization/policyDefinitions","name":"74c3584d-afae-46f7-a20a-6f8adba71a16"},{"properties":{"displayName":"Microsoft
+ Managed Control 1417 - Nonlocal Maintenance | Comparable Security / Sanitization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1417"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7522ed84-70d5-4181-afc0-21e50b1b6d0e","type":"Microsoft.Authorization/policyDefinitions","name":"7522ed84-70d5-4181-afc0-21e50b1b6d0e"},{"properties":{"displayName":"[Deprecated]:
Audit enabling of diagnostic logs in App Services","policyType":"BuiltIn","mode":"All","description":"Audit
enabling of diagnostic logs on the app. This enables you to recreate activity
trails for investigation purposes if a security incident occurs or your network
is compromised","metadata":{"category":"App Service","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites/config"},{"field":"name","equals":"web"},{"anyOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","notEquals":"true"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac","type":"Microsoft.Authorization/policyDefinitions","name":"752c6934-9bcc-4749-b004-655e676ae2ac"},{"properties":{"displayName":"Vulnerabilities
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites/config"},{"field":"name","equals":"web"},{"anyOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","notEquals":"true"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac","type":"Microsoft.Authorization/policyDefinitions","name":"752c6934-9bcc-4749-b004-655e676ae2ac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1468 - Visitor Access Records | Automated Records Maintenance
+ / Review","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1468"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/75603f96-80a1-4757-991d-5a1221765ddd","type":"Microsoft.Authorization/policyDefinitions","name":"75603f96-80a1-4757-991d-5a1221765ddd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1053 - Session Lock | Pattern-Hiding Displays","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1053"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7582b19c-9dba-438e-aed8-ede59ac35ba3","type":"Microsoft.Authorization/policyDefinitions","name":"7582b19c-9dba-438e-aed8-ede59ac35ba3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1459 - Access Control For Transmission Medium","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1459"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0","type":"Microsoft.Authorization/policyDefinitions","name":"75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0"},{"properties":{"displayName":"Vulnerabilities
should be remediated by a Vulnerability Assessment solution","policyType":"BuiltIn","mode":"All","description":"Monitors
vulnerabilities detected by Vulnerability Assessment solution and VMs without
a Vulnerability Assessment solution in Azure Security Center as recommendations.","metadata":{"category":"Security
@@ -1320,12 +2829,63 @@ interactions:
List of VM images that have supported Linux OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.7"},"resources":[{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","name":"[concat(parameters(''vmName''),
''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0","type":"Microsoft.Authorization/policyDefinitions","name":"765266ab-e40e-4c61-bcb2-5a5275d0b7c0"},{"properties":{"displayName":"Azure
+ extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0","type":"Microsoft.Authorization/policyDefinitions","name":"765266ab-e40e-4c61-bcb2-5a5275d0b7c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1055 - Session Termination| User-Initiated Logouts / Message
+ Displays","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1055"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/769efd9b-3587-4e22-90ce-65ddcd5bd969","type":"Microsoft.Authorization/policyDefinitions","name":"769efd9b-3587-4e22-90ce-65ddcd5bd969"},{"properties":{"displayName":"Audit
+ delegation of scopes to a managing tenant","policyType":"BuiltIn","mode":"All","description":"Audit
+ delegation of scopes to a managing tenant via Azure Lighthouse.","metadata":{"category":"Lighthouse"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ManagedServices/registrationAssignments"},{"value":"true","equals":"true"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/76bed37b-484f-430f-a009-fd7592dff818","type":"Microsoft.Authorization/policyDefinitions","name":"76bed37b-484f-430f-a009-fd7592dff818"},{"properties":{"displayName":"Microsoft
+ Managed Control 1058 - Permitted Actions Without Identification Or Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1058"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/76e85d08-8fbb-4112-a1c1-93521e6a9254","type":"Microsoft.Authorization/policyDefinitions","name":"76e85d08-8fbb-4112-a1c1-93521e6a9254"},{"properties":{"displayName":"Microsoft
+ Managed Control 1508 - Position Risk Designation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1508"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/76f500cc-4bca-4583-bda1-6d084dc21086","type":"Microsoft.Authorization/policyDefinitions","name":"76f500cc-4bca-4583-bda1-6d084dc21086"},{"properties":{"displayName":"Microsoft
+ Managed Control 1423 - Maintenance Personnel | Individuals Without Appropriate
+ Access","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1423"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7741669e-d4f6-485a-83cb-e70ce7cbbc20","type":"Microsoft.Authorization/policyDefinitions","name":"7741669e-d4f6-485a-83cb-e70ce7cbbc20"},{"properties":{"displayName":"Azure
subscriptions should have a log profile for Activity Log","policyType":"BuiltIn","mode":"All","description":"This
policy ensures if a log profile is enabled for exporting activity logs. It
audits if there is no log profile created to export the logs either to a storage
account or to an event hub.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"field":"Microsoft.Insights/logProfiles/categories","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","type":"Microsoft.Authorization/policyDefinitions","name":"7796937f-307b-4598-941c-67d3a05ebfe7"},{"properties":{"displayName":"Deploy
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"field":"Microsoft.Insights/logProfiles/categories","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","type":"Microsoft.Authorization/policyDefinitions","name":"7796937f-307b-4598-941c-67d3a05ebfe7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1336 - Authenticator Management | Pki-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1336"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/77f56280-e367-432a-a3b9-8ca2aa636a26","type":"Microsoft.Authorization/policyDefinitions","name":"77f56280-e367-432a-a3b9-8ca2aa636a26"},{"properties":{"displayName":"Microsoft
+ Managed Control 1258 - Contingency Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1258"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7814506c-382c-4d33-a142-249dd4a0dbff","type":"Microsoft.Authorization/policyDefinitions","name":"7814506c-382c-4d33-a142-249dd4a0dbff"},{"properties":{"displayName":"Microsoft
+ Managed Control 1178 - Baseline Configuration | Reviews And Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1178"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7818b8f4-47c6-441a-90ae-12ce04e99893","type":"Microsoft.Authorization/policyDefinitions","name":"7818b8f4-47c6-441a-90ae-12ce04e99893"},{"properties":{"displayName":"Microsoft
+ Managed Control 1057 - Permitted Actions Without Identification Or Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1057"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/78255758-6d45-4bf0-a005-7016bc03b13c","type":"Microsoft.Authorization/policyDefinitions","name":"78255758-6d45-4bf0-a005-7016bc03b13c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1700 - Information System Monitoring | Unauthorized Network
+ Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1700"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5","type":"Microsoft.Authorization/policyDefinitions","name":"7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1010 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1010"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/784663a8-1eb0-418a-a98c-24d19bc1bb62","type":"Microsoft.Authorization/policyDefinitions","name":"784663a8-1eb0-418a-a98c-24d19bc1bb62"},{"properties":{"displayName":"Microsoft
+ Managed Control 1216 - Least Functionality | Periodic Review","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1216"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7894fe6a-f5cb-44c8-ba90-c3f254ff9484","type":"Microsoft.Authorization/policyDefinitions","name":"7894fe6a-f5cb-44c8-ba90-c3f254ff9484"},{"properties":{"displayName":"Microsoft
+ Managed Control 1639 - Boundary Protection | Isolation Of Information System
+ Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1639"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/78e8e649-50f6-4fe3-99ac-fedc2e63b03f","type":"Microsoft.Authorization/policyDefinitions","name":"78e8e649-50f6-4fe3-99ac-fedc2e63b03f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1647 - Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1647"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/791cfc15-6974-42a0-9f4c-2d4b82f4a78c","type":"Microsoft.Authorization/policyDefinitions","name":"791cfc15-6974-42a0-9f4c-2d4b82f4a78c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1510 - Position Risk Designation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1510"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/79da5b09-0e7e-499e-adda-141b069c7998","type":"Microsoft.Authorization/policyDefinitions","name":"79da5b09-0e7e-499e-adda-141b069c7998"},{"properties":{"displayName":"Microsoft
+ Managed Control 1384 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1384"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/79fbc228-461c-4a45-9004-a865ca0728a7","type":"Microsoft.Authorization/policyDefinitions","name":"79fbc228-461c-4a45-9004-a865ca0728a7"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows Server VMs on which Windows Serial Console
is not enabled","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows Server virtual
@@ -1341,14 +2901,35 @@ interactions:
the Emergency Management Services (EMS) console redirection. For more information
on EMS settings, please visit https://aka.ms/gcpolwsc"},"allowedValues":["9600","19200","38400","57600","115200"],"defaultValue":"115200"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsSerialConsole","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[WindowsSerialConsole]WindowsSerialConsole;EMSPortNumber'',
''='', parameters(''EMSPortNumber''), '','', ''[WindowsSerialConsole]WindowsSerialConsole;EMSBaudRate'',
- ''='', parameters(''EMSBaudRate'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsSerialConsole"},"EMSPortNumber":{"value":"[parameters(''EMSPortNumber'')]"},"EMSBaudRate":{"value":"[parameters(''EMSBaudRate'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"EMSPortNumber":{"type":"string"},"EMSBaudRate":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSPortNumber","value":"[parameters(''EMSPortNumber'')]"},{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSBaudRate","value":"[parameters(''EMSBaudRate'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSPortNumber","value":"[parameters(''EMSPortNumber'')]"},{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSBaudRate","value":"[parameters(''EMSBaudRate'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a031c68-d6ab-406e-a506-697a19c634b0","type":"Microsoft.Authorization/policyDefinitions","name":"7a031c68-d6ab-406e-a506-697a19c634b0"},{"properties":{"displayName":"Diagnostic
+ ''='', parameters(''EMSBaudRate'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsSerialConsole"},"EMSPortNumber":{"value":"[parameters(''EMSPortNumber'')]"},"EMSBaudRate":{"value":"[parameters(''EMSBaudRate'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"EMSPortNumber":{"type":"string"},"EMSBaudRate":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSPortNumber","value":"[parameters(''EMSPortNumber'')]"},{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSBaudRate","value":"[parameters(''EMSBaudRate'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSPortNumber","value":"[parameters(''EMSPortNumber'')]"},{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSBaudRate","value":"[parameters(''EMSBaudRate'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a031c68-d6ab-406e-a506-697a19c634b0","type":"Microsoft.Authorization/policyDefinitions","name":"7a031c68-d6ab-406e-a506-697a19c634b0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1093 - Role-Based Security Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1093"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a0bdeeb-15f4-47e8-a1da-9f769f845fdf","type":"Microsoft.Authorization/policyDefinitions","name":"7a0bdeeb-15f4-47e8-a1da-9f769f845fdf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1708 - Security Function Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1708"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a1e2c88-13de-4959-8ee7-47e3d74f1f48","type":"Microsoft.Authorization/policyDefinitions","name":"7a1e2c88-13de-4959-8ee7-47e3d74f1f48"},{"properties":{"displayName":"Microsoft
+ Managed Control 1289 - Information System Backup","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1289"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a724864-956a-496c-b778-637cb1d762cf","type":"Microsoft.Authorization/policyDefinitions","name":"7a724864-956a-496c-b778-637cb1d762cf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1687 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1687"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a87fc7f-301e-49f3-ba2a-4d74f424fa97","type":"Microsoft.Authorization/policyDefinitions","name":"7a87fc7f-301e-49f3-ba2a-4d74f424fa97"},{"properties":{"displayName":"Microsoft
+ Managed Control 1061 - Remote Access | Automated Monitoring / Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1061"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ac22808-a2e8-41c4-9d46-429b50738914","type":"Microsoft.Authorization/policyDefinitions","name":"7ac22808-a2e8-41c4-9d46-429b50738914"},{"properties":{"displayName":"Microsoft
+ Managed Control 1492 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1492"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ad5f307-e045-46f7-8214-5bdb7e973737","type":"Microsoft.Authorization/policyDefinitions","name":"7ad5f307-e045-46f7-8214-5bdb7e973737"},{"properties":{"displayName":"Microsoft
+ Managed Control 1636 - Boundary Protection | Isolation Of Security Tools /
+ Mechanisms / Support Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1636"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7b694eed-7081-43c6-867c-41c76c961043","type":"Microsoft.Authorization/policyDefinitions","name":"7b694eed-7081-43c6-867c-41c76c961043"},{"properties":{"displayName":"Diagnostic
logs in Virtual Machine Scale Sets should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"It
is recommended to enable Logs so that activity trail can be recreated when
investigations are required in the event of an incident or a compromise.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -1357,20 +2938,46 @@ interactions:
policy ensures blob encryption for storage accounts is turned on. It only
applies to Microsoft.Storage resource types, not other storage providers.
This policy is deprecated because storage blob encryption is now enabled by
- default, and can no longer be disabled.","metadata":{"category":"Storage","deprecated":true},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f","type":"Microsoft.Authorization/policyDefinitions","name":"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f"},{"properties":{"displayName":"Show
+ default, and can no longer be disabled.","metadata":{"category":"Storage","deprecated":true},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f","type":"Microsoft.Authorization/policyDefinitions","name":"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1143 - Security Assessment And Authorization Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1143"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7c6de11b-5f51-4f7c-8d83-d2467c8a816e","type":"Microsoft.Authorization/policyDefinitions","name":"7c6de11b-5f51-4f7c-8d83-d2467c8a816e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1051 - Session Lock","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1051"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7cac6ee9-b58b-40c8-a5ce-f0efc3d9b339","type":"Microsoft.Authorization/policyDefinitions","name":"7cac6ee9-b58b-40c8-a5ce-f0efc3d9b339"},{"properties":{"displayName":"Microsoft
+ Managed Control 1279 - Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1279"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0","type":"Microsoft.Authorization/policyDefinitions","name":"7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1109 - Content Of Audit Records | Centralized Management Of
+ Planned Audit Record Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1109"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7d9ffa23-ad92-4d0d-b1f4-7db274cc2aec","type":"Microsoft.Authorization/policyDefinitions","name":"7d9ffa23-ad92-4d0d-b1f4-7db274cc2aec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1201 - Security Impact Analysis | Separate Test Environments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1201"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7daef997-fdd3-461b-8807-a608a6dd70f1","type":"Microsoft.Authorization/policyDefinitions","name":"7daef997-fdd3-461b-8807-a608a6dd70f1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1471 - Emergency Shutoff","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1471"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7dd0e9ce-1772-41fb-a50a-99977071f916","type":"Microsoft.Authorization/policyDefinitions","name":"7dd0e9ce-1772-41fb-a50a-99977071f916"},{"properties":{"displayName":"Show
audit results from Windows VMs that have the specified applications installed","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that have the specified applications installed.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"NotInstalledApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c","type":"Microsoft.Authorization/policyDefinitions","name":"7e56b49b-5990-4159-a734-511ea19b731c"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"NotInstalledApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c","type":"Microsoft.Authorization/policyDefinitions","name":"7e56b49b-5990-4159-a734-511ea19b731c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1011 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1011"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e6a54f3-883f-43d5-87c4-172dfd64a1f5","type":"Microsoft.Authorization/policyDefinitions","name":"7e6a54f3-883f-43d5-87c4-172dfd64a1f5"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that have not restarted within the specified
number of days","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that have not restarted within the specified number of days.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MachineLastBootUpTime","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e84ba44-6d03-46fd-950e-5efa5a1112fa","type":"Microsoft.Authorization/policyDefinitions","name":"7e84ba44-6d03-46fd-950e-5efa5a1112fa"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MachineLastBootUpTime","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e84ba44-6d03-46fd-950e-5efa5a1112fa","type":"Microsoft.Authorization/policyDefinitions","name":"7e84ba44-6d03-46fd-950e-5efa5a1112fa"},{"properties":{"displayName":"Microsoft
+ Managed Control 1692 - Information System Monitoring | Inbound And Outbound
+ Communications Traffic","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1692"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ecda928-9df4-4dd7-8f44-641a91e470e8","type":"Microsoft.Authorization/policyDefinitions","name":"7ecda928-9df4-4dd7-8f44-641a91e470e8"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not have the password complexity
setting enabled","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -1379,14 +2986,24 @@ interactions:
Configuration. This policy should only be used along with its corresponding
audit policy in an initiative. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordMustMeetComplexityRequirements"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","type":"Microsoft.Authorization/policyDefinitions","name":"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8"},{"properties":{"displayName":"[Preview]:
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordMustMeetComplexityRequirements"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","type":"Microsoft.Authorization/policyDefinitions","name":"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1191 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1191"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f26a61b-a74d-467c-99cf-63644db144f7","type":"Microsoft.Authorization/policyDefinitions","name":"7f26a61b-a74d-467c-99cf-63644db144f7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1520 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1520"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f2c513b-eb16-463b-b469-c10e5fa94f0a","type":"Microsoft.Authorization/policyDefinitions","name":"7f2c513b-eb16-463b-b469-c10e5fa94f0a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1126 - Audit Reduction And Report Generation | Automatic Processing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1126"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f37f71b-420f-49bf-9477-9c0196974ecf","type":"Microsoft.Authorization/policyDefinitions","name":"7f37f71b-420f-49bf-9477-9c0196974ecf"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Privilege Use''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -1397,13 +3014,28 @@ interactions:
Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPrivilegeUse","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f4e96d1-e4f3-4dbb-b767-33ca4df8df7c","type":"Microsoft.Authorization/policyDefinitions","name":"7f4e96d1-e4f3-4dbb-b767-33ca4df8df7c"},{"properties":{"displayName":"Audit
diagnostic setting","policyType":"BuiltIn","mode":"All","description":"Audit
diagnostic setting for selected resource types","metadata":{"category":"Monitoring"},"parameters":{"listOfResourceTypes":{"type":"Array","metadata":{"displayName":"Resource
- Types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypes'')]"},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","type":"Microsoft.Authorization/policyDefinitions","name":"7f89b1eb-583c-429a-8828-af049802c1d9"},{"properties":{"displayName":"SQL
+ Types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypes'')]"},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","type":"Microsoft.Authorization/policyDefinitions","name":"7f89b1eb-583c-429a-8828-af049802c1d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1117 - Audit Review, Analysis, And Reporting | Process Integration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1117"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7fbfe680-6dbb-4037-963c-a621c5635902","type":"Microsoft.Authorization/policyDefinitions","name":"7fbfe680-6dbb-4037-963c-a621c5635902"},{"properties":{"displayName":"SQL
Auditing settings should have Action-Groups configured to capture critical
activities","policyType":"BuiltIn","mode":"Indexed","description":"The AuditActionsAndGroups
property should contain at least SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,
FAILED_DATABASE_AUTHENTICATION_GROUP, BATCH_COMPLETED_GROUP to ensure a thorough
audit logging","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"FAILED_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"BATCH_COMPLETED_GROUP"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","type":"Microsoft.Authorization/policyDefinitions","name":"7ff426e2-515f-405a-91c8-4f2333442eb5"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"FAILED_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"BATCH_COMPLETED_GROUP"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","type":"Microsoft.Authorization/policyDefinitions","name":"7ff426e2-515f-405a-91c8-4f2333442eb5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1703 - Security Alerts, Advisories, And Directives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1703"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/804faf7d-b687-40f7-9f74-79e28adf4205","type":"Microsoft.Authorization/policyDefinitions","name":"804faf7d-b687-40f7-9f74-79e28adf4205"},{"properties":{"displayName":"Microsoft
+ Managed Control 1303 - Identification And Authentication (Org. Users) | Local
+ Access To Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1303"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/80ca0a27-918a-4604-af9e-723a27ee51e8","type":"Microsoft.Authorization/policyDefinitions","name":"80ca0a27-918a-4604-af9e-723a27ee51e8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1505 - Information Security Architecture","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1505"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/813a10a7-3943-4fe3-8678-00dc52db5490","type":"Microsoft.Authorization/policyDefinitions","name":"813a10a7-3943-4fe3-8678-00dc52db5490"},{"properties":{"displayName":"Microsoft
+ Managed Control 1614 - Developer Security Architecture And Design","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1614"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8154e3b3-cc52-40be-9407-7756581d71f6","type":"Microsoft.Authorization/policyDefinitions","name":"8154e3b3-cc52-40be-9407-7756581d71f6"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''User Rights Assignment''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
with non-compliant settings in Group Policy category: ''User Rights Assignment''.
@@ -1504,7 +3136,35 @@ interactions:
files and directories;ExpectedValue","value":"[parameters(''UsersAndGroupsThatMayRestoreFilesAndDirectories'')]"},{"name":"Shut
down the system;ExpectedValue","value":"[parameters(''UsersAndGroupsThatMayShutDownTheSystem'')]"},{"name":"Take
ownership of files or other objects;ExpectedValue","value":"[parameters(''UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/815dcc9f-6662-43f2-9a03-1b83e9876f24","type":"Microsoft.Authorization/policyDefinitions","name":"815dcc9f-6662-43f2-9a03-1b83e9876f24"},{"properties":{"displayName":"Diagnostic
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/815dcc9f-6662-43f2-9a03-1b83e9876f24","type":"Microsoft.Authorization/policyDefinitions","name":"815dcc9f-6662-43f2-9a03-1b83e9876f24"},{"properties":{"displayName":"Microsoft
+ Managed Control 1308 - Identification And Authentication (Org. Users) | Remote
+ Access - Separate Device","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1308"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/81817e1c-5347-48dd-965a-40159d008229","type":"Microsoft.Authorization/policyDefinitions","name":"81817e1c-5347-48dd-965a-40159d008229"},{"properties":{"displayName":"Microsoft
+ Managed Control 1287 - Information System Backup","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1287"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/819dc6da-289d-476e-8500-7e341ef8677d","type":"Microsoft.Authorization/policyDefinitions","name":"819dc6da-289d-476e-8500-7e341ef8677d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1213 - Configuration Settings | Respond To Unauthorized Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1213"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/81f11e32-a293-4a58-82cd-134af52e2318","type":"Microsoft.Authorization/policyDefinitions","name":"81f11e32-a293-4a58-82cd-134af52e2318"},{"properties":{"displayName":"Geo-redundant
+ backup should be enabled for Azure Database for MySQL","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure Database for MySQL with geo-redundant backup not enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMySQL/servers"},{"field":"Microsoft.DBforMySQL/servers/storageProfile.geoRedundantBackup","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","type":"Microsoft.Authorization/policyDefinitions","name":"82339799-d096-41ae-8538-b108becf0970"},{"properties":{"displayName":"Microsoft
+ Managed Control 1168 - Continuous Monitoring | Independent Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1168"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/82409f9e-1f32-4775-bf07-b99d53a91b06","type":"Microsoft.Authorization/policyDefinitions","name":"82409f9e-1f32-4775-bf07-b99d53a91b06"},{"properties":{"displayName":"Microsoft
+ Managed Control 1448 - Physical Access Authorizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1448"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/825d6494-e583-42f2-a3f2-6458e6f0004f","type":"Microsoft.Authorization/policyDefinitions","name":"825d6494-e583-42f2-a3f2-6458e6f0004f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1452 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1452"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/82c76455-4d3f-4e09-a654-22e592107e74","type":"Microsoft.Authorization/policyDefinitions","name":"82c76455-4d3f-4e09-a654-22e592107e74"},{"properties":{"displayName":"Microsoft
+ Managed Control 1262 - Contingency Plan Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1262"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/831e510e-db41-4c72-888e-a0621ab62265","type":"Microsoft.Authorization/policyDefinitions","name":"831e510e-db41-4c72-888e-a0621ab62265"},{"properties":{"displayName":"Microsoft
+ Managed Control 1008 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1008"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8356cfc6-507a-4d20-b818-08038011cd07","type":"Microsoft.Authorization/policyDefinitions","name":"8356cfc6-507a-4d20-b818-08038011cd07"},{"properties":{"displayName":"Diagnostic
logs in Event Hub should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
@@ -1516,7 +3176,48 @@ interactions:
policy denies the network interfaces which are configured with any public
IP. Public IP addresses allow internet resources to communicate inbound to
Azure resources, and Azure resources to communicate outbound to the internet.
- This should be reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"not":{"field":"Microsoft.Network/networkInterfaces/ipconfigurations[*].publicIpAddress.id","notLike":"*"}}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114","type":"Microsoft.Authorization/policyDefinitions","name":"83a86a26-fd1f-447c-b59d-e51f44264114"},{"properties":{"displayName":"[Preview]:
+ This should be reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"not":{"field":"Microsoft.Network/networkInterfaces/ipconfigurations[*].publicIpAddress.id","notLike":"*"}}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114","type":"Microsoft.Authorization/policyDefinitions","name":"83a86a26-fd1f-447c-b59d-e51f44264114"},{"properties":{"displayName":"Microsoft
+ Managed Control 1382 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1382"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/841392b3-40da-4473-b328-4cde49db67b3","type":"Microsoft.Authorization/policyDefinitions","name":"841392b3-40da-4473-b328-4cde49db67b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1098 - Security Training Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1098"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/84363adb-dde3-411a-9fc1-36b56737f822","type":"Microsoft.Authorization/policyDefinitions","name":"84363adb-dde3-411a-9fc1-36b56737f822"},{"properties":{"displayName":"Ensure
+ that ''.Net Framework'' version is the latest, if used as a part of the Web
+ app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for .Net Framework software either due to security
+ flaws or to include additional functionality. Using the latest .Net framework
+ version for web apps is recommended in order to to take advantage of security
+ fixes, if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.netFrameworkVersion","in":["v3.0","v4.0"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/843664e0-7563-41ee-a9cb-7522c382d2c4","type":"Microsoft.Authorization/policyDefinitions","name":"843664e0-7563-41ee-a9cb-7522c382d2c4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1119 - Audit Review, Analysis, And Reporting | Central Review
+ And Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1119"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/845f6359-b764-4b40-b579-657aefe23c44","type":"Microsoft.Authorization/policyDefinitions","name":"845f6359-b764-4b40-b579-657aefe23c44"},{"properties":{"displayName":"Microsoft
+ Managed Control 1024 - Account Management | Account Monitoring / Atypical
+ Usage","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1024"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/84914fb4-12da-4c53-a341-a9fd463bed10","type":"Microsoft.Authorization/policyDefinitions","name":"84914fb4-12da-4c53-a341-a9fd463bed10"},{"properties":{"displayName":"Microsoft
+ Managed Control 1307 - Identification And Authentication (Org. Users) | Net.
+ Access To Non-Priv. Accts. - Replay","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1307"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/84e622c8-4bed-417c-84c6-b2fb0dd73682","type":"Microsoft.Authorization/policyDefinitions","name":"84e622c8-4bed-417c-84c6-b2fb0dd73682"},{"properties":{"displayName":"Microsoft
+ Managed Control 1080 - Use Of External Information Systems | Portable Storage
+ Devices","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1080"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/852981b4-a380-4704-aa1e-2e52d63445e5","type":"Microsoft.Authorization/policyDefinitions","name":"852981b4-a380-4704-aa1e-2e52d63445e5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1580 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1580"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/854db8ac-6adf-42a0-bef3-b73f764f40b9","type":"Microsoft.Authorization/policyDefinitions","name":"854db8ac-6adf-42a0-bef3-b73f764f40b9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1348 - Identification And Authentication (Non-Org. Users)
+ | Acceptance Of Third-Party Credentials","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1348"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/855ced56-417b-4d74-9d5f-dd1bc81e22d6","type":"Microsoft.Authorization/policyDefinitions","name":"855ced56-417b-4d74-9d5f-dd1bc81e22d6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1079 - Use Of External Information Systems | Limits On Authorized
+ Use","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1079"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/85c32733-7d23-4948-88da-058e2c56b60f","type":"Microsoft.Authorization/policyDefinitions","name":"85c32733-7d23-4948-88da-058e2c56b60f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1326 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1326"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8605fc00-1bf5-4fb3-984e-c95cec4f231d","type":"Microsoft.Authorization/policyDefinitions","name":"8605fc00-1bf5-4fb3-984e-c95cec4f231d"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Microsoft Network Server''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -1534,11 +3235,39 @@ interactions:
updates should be installed on your machines","policyType":"BuiltIn","mode":"All","description":"Missing
security system updates on your servers will be monitored by Azure Security
Center as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"systemUpdates","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","type":"Microsoft.Authorization/policyDefinitions","name":"86b3d65f-7626-441e-b690-81a8b71cff60"},{"properties":{"displayName":"Require
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"systemUpdates","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","type":"Microsoft.Authorization/policyDefinitions","name":"86b3d65f-7626-441e-b690-81a8b71cff60"},{"properties":{"displayName":"Microsoft
+ Managed Control 1507 - Personnel Security Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1507"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86ccd1bf-e7ad-4851-93ce-6ec817469c1e","type":"Microsoft.Authorization/policyDefinitions","name":"86ccd1bf-e7ad-4851-93ce-6ec817469c1e"},{"properties":{"displayName":"Ensure
+ that Register with Azure Active Directory is enabled on API app","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86d97760-d216-4d81-a3ad-163087b2b6c3","type":"Microsoft.Authorization/policyDefinitions","name":"86d97760-d216-4d81-a3ad-163087b2b6c3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1392 - Information Spillage Response | Post-Spill Operations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1392"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86dc819f-15e1-43f9-a271-41ae58d4cecc","type":"Microsoft.Authorization/policyDefinitions","name":"86dc819f-15e1-43f9-a271-41ae58d4cecc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1589 - External Information System Services | Risk Assessments
+ / Organizational Approvals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1589"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86ec7f9b-9478-40ff-8cfd-6a0d510081a8","type":"Microsoft.Authorization/policyDefinitions","name":"86ec7f9b-9478-40ff-8cfd-6a0d510081a8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1207 - Access Restrictions For Change | Limit Production /
+ Operational Privileges","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1207"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8713a0ed-0d1e-4d10-be82-83dffb39830e","type":"Microsoft.Authorization/policyDefinitions","name":"8713a0ed-0d1e-4d10-be82-83dffb39830e"},{"properties":{"displayName":"Require
specified tag","policyType":"BuiltIn","mode":"Indexed","description":"Enforces
- existence of a tag. Does not apply to resource groups.","metadata":{"category":"General"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ existence of a tag. Does not apply to resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","exists":"false"},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/871b6d14-10aa-478d-b590-94f262ecfa99","type":"Microsoft.Authorization/policyDefinitions","name":"871b6d14-10aa-478d-b590-94f262ecfa99"},{"properties":{"displayName":"[Preview]:
+ parameters(''tagName''), '']'')]","exists":"false"},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/871b6d14-10aa-478d-b590-94f262ecfa99","type":"Microsoft.Authorization/policyDefinitions","name":"871b6d14-10aa-478d-b590-94f262ecfa99"},{"properties":{"displayName":"Microsoft
+ Managed Control 1180 - Baseline Configuration | Automation Support For Accuracy
+ / Currency","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1180"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/874e7880-a067-42a7-bcbe-1a340f54c8cc","type":"Microsoft.Authorization/policyDefinitions","name":"874e7880-a067-42a7-bcbe-1a340f54c8cc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1635 - Boundary Protection | Host-Based Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1635"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e","type":"Microsoft.Authorization/policyDefinitions","name":"87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Administrative Templates
- Control Panel''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -1546,7 +3275,18 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Administrative Templates - Control Panel''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesControlPanel","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/87b590fe-4a1d-4697-ae74-d4fe72ab786c","type":"Microsoft.Authorization/policyDefinitions","name":"87b590fe-4a1d-4697-ae74-d4fe72ab786c"},{"properties":{"displayName":"Deploy
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesControlPanel","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/87b590fe-4a1d-4697-ae74-d4fe72ab786c","type":"Microsoft.Authorization/policyDefinitions","name":"87b590fe-4a1d-4697-ae74-d4fe72ab786c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1293 - Information System Backup | Separate Storage For Critical
+ Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1293"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/87f7cd82-2e45-4d0f-9e2f-586b0962d142","type":"Microsoft.Authorization/policyDefinitions","name":"87f7cd82-2e45-4d0f-9e2f-586b0962d142"},{"properties":{"displayName":"Microsoft
+ Managed Control 1440 - Media Sanitization | Review / Approve / Track / Document
+ / Verify","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1440"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/881299bf-2a5b-4686-a1b2-321d33679953","type":"Microsoft.Authorization/policyDefinitions","name":"881299bf-2a5b-4686-a1b2-321d33679953"},{"properties":{"displayName":"Microsoft
+ Managed Control 1356 - Incident Response Training | Simulated Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1356"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8829f8f5-e8be-441e-85c9-85b72a5d0ef3","type":"Microsoft.Authorization/policyDefinitions","name":"8829f8f5-e8be-441e-85c9-85b72a5d0ef3"},{"properties":{"displayName":"Deploy
prerequisites to audit Linux VMs that have the specified applications installed","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Linux virtual machines
that have the specified applications installed. It also creates a system-assigned
@@ -1557,24 +3297,46 @@ interactions:
names","description":"A semicolon-separated list of the names of the applications
that should not be installed. e.g. ''python; powershell''"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"not_installed_application_linux","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent'',
''='', concat(''packages: ['', replace(parameters(''ApplicationName''), '';'',
- '',''), '']'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"not_installed_application_linux"},"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ApplicationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ '',''), '']'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"not_installed_application_linux"},"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ApplicationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent","value":"[concat(''packages:
- ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent","value":"[concat(''packages:
- ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0","type":"Microsoft.Authorization/policyDefinitions","name":"884b209a-963b-4520-8006-d20cb3c213e0"},{"properties":{"displayName":"Network
+ ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0","type":"Microsoft.Authorization/policyDefinitions","name":"884b209a-963b-4520-8006-d20cb3c213e0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1317 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1317"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8877f519-c166-47b7-81b7-8a8eb4ff3775","type":"Microsoft.Authorization/policyDefinitions","name":"8877f519-c166-47b7-81b7-8a8eb4ff3775"},{"properties":{"displayName":"Microsoft
+ Managed Control 1501 - Rules Of Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1501"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88817b58-8472-4f6c-81fa-58ce42b67f51","type":"Microsoft.Authorization/policyDefinitions","name":"88817b58-8472-4f6c-81fa-58ce42b67f51"},{"properties":{"displayName":"Ensure
+ that ''Java version'' is the latest, if used as a part of the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Java either due to security flaws or to include
+ additional functionality. Using the latest Python version for Api apps is
+ recommended in order to to take advantage of security fixes, if any, and/or
+ new functionalities of the latest version.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ Java version","description":"Latest supported Java version for App Services"},"defaultValue":"11"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"JAVA"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","like":"[concat(''*'',
+ parameters(''JavaLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.javaVersion","like":"[concat(parameters(''JavaLatestVersion''),
+ ''*'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","type":"Microsoft.Authorization/policyDefinitions","name":"88999f4c-376a-45c8-bcb3-4058f713cf39"},{"properties":{"displayName":"Network
interfaces should disable IP forwarding","policyType":"BuiltIn","mode":"Indexed","description":"This
policy denies the network interfaces which enabled IP forwarding. The setting
of IP forwarding disables Azure''s check of the source and destination for
- a network interface. This should be reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"field":"Microsoft.Network/networkInterfaces/enableIpForwarding","equals":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900","type":"Microsoft.Authorization/policyDefinitions","name":"88c0b9da-ce96-4b03-9635-f29a937e2900"},{"properties":{"displayName":"SQL
+ a network interface. This should be reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"field":"Microsoft.Network/networkInterfaces/enableIpForwarding","equals":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900","type":"Microsoft.Authorization/policyDefinitions","name":"88c0b9da-ce96-4b03-9635-f29a937e2900"},{"properties":{"displayName":"Microsoft
+ Managed Control 1215 - Least Functionality","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1215"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88fc93e8-4745-4785-b5a5-b44bb92c44ff","type":"Microsoft.Authorization/policyDefinitions","name":"88fc93e8-4745-4785-b5a5-b44bb92c44ff"},{"properties":{"displayName":"SQL
servers should be configured with auditing retention days greater than 90
days.","policyType":"BuiltIn","mode":"Indexed","description":"Audit SQL servers
configured with an auditing retention period of less than 90 days.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/auditingSettings/retentionDays","greater":90}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","type":"Microsoft.Authorization/policyDefinitions","name":"89099bee-89e0-4b26-a5f4-165451757743"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/auditingSettings/retentionDays","greater":90}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","type":"Microsoft.Authorization/policyDefinitions","name":"89099bee-89e0-4b26-a5f4-165451757743"},{"properties":{"displayName":"Microsoft
+ Managed Control 1411 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1411"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/898d4fe8-f743-4333-86b7-0c9245d93e7d","type":"Microsoft.Authorization/policyDefinitions","name":"898d4fe8-f743-4333-86b7-0c9245d93e7d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1092 - Security Awareness Training | Insider Threat","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1092"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8a29d47b-8604-4667-84ef-90d203fcb305","type":"Microsoft.Authorization/policyDefinitions","name":"8a29d47b-8604-4667-84ef-90d203fcb305"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
System settings''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -1588,19 +3350,60 @@ interactions:
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines with a pending reboot. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8b0de57a-f511-4d45-a277-17cb79cb163b","type":"Microsoft.Authorization/policyDefinitions","name":"8b0de57a-f511-4d45-a277-17cb79cb163b"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8b0de57a-f511-4d45-a277-17cb79cb163b","type":"Microsoft.Authorization/policyDefinitions","name":"8b0de57a-f511-4d45-a277-17cb79cb163b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1534 - Personnel Sanctions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1534"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8b2b263e-cd05-4488-bcbf-4debec7a17d9","type":"Microsoft.Authorization/policyDefinitions","name":"8b2b263e-cd05-4488-bcbf-4debec7a17d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1170 - Penetration Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1170"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8b78b9b3-ee3c-48e0-a243-ed6dba5b7a12","type":"Microsoft.Authorization/policyDefinitions","name":"8b78b9b3-ee3c-48e0-a243-ed6dba5b7a12"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Windows Firewall Properties''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Windows Firewall Properties''. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsFirewallProperties","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8bbd627e-4d25-4906-9a6e-3789780af3ec","type":"Microsoft.Authorization/policyDefinitions","name":"8bbd627e-4d25-4906-9a6e-3789780af3ec"},{"properties":{"displayName":"Require
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsFirewallProperties","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8bbd627e-4d25-4906-9a6e-3789780af3ec","type":"Microsoft.Authorization/policyDefinitions","name":"8bbd627e-4d25-4906-9a6e-3789780af3ec"},{"properties":{"displayName":"Ensure
+ that ''HTTP Version'' is the latest, if used to run the Web app","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.http20Enabled","Equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae","type":"Microsoft.Authorization/policyDefinitions","name":"8c122334-9d20-4eb8-89ea-ac9a705b74ae"},{"properties":{"displayName":"Microsoft
+ Managed Control 1458 - Physical Access Control | Information System Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1458"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8c19ceb7-56e9-4488-8ddb-b1eb3aa6d203","type":"Microsoft.Authorization/policyDefinitions","name":"8c19ceb7-56e9-4488-8ddb-b1eb3aa6d203"},{"properties":{"displayName":"Microsoft
+ Managed Control 1683 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1683"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8c79fee4-88dd-44ce-bbd4-4de88948c4f8","type":"Microsoft.Authorization/policyDefinitions","name":"8c79fee4-88dd-44ce-bbd4-4de88948c4f8"},{"properties":{"displayName":"Latest
+ TLS version should be used in your API App","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
+ to the latest TLS version","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","type":"Microsoft.Authorization/policyDefinitions","name":"8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1316 - Identifier Management | Identify User Status","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1316"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ce14753-66e5-465d-9841-26ef55c09c0d","type":"Microsoft.Authorization/policyDefinitions","name":"8ce14753-66e5-465d-9841-26ef55c09c0d"},{"properties":{"displayName":"Require
tag and its value on resource groups","policyType":"BuiltIn","mode":"All","description":"Enforces
- a required tag and its value on resource groups.","metadata":{"category":"General"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ a required tag and its value on resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
- Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","notEquals":"[parameters(''tagValue'')]"},{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46","type":"Microsoft.Authorization/policyDefinitions","name":"8ce3da23-7156-49e4-b145-24f95f9dcb46"},{"properties":{"displayName":"[Preview]:
+ Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","notEquals":"[parameters(''tagValue'')]"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46","type":"Microsoft.Authorization/policyDefinitions","name":"8ce3da23-7156-49e4-b145-24f95f9dcb46"},{"properties":{"displayName":"Microsoft
+ Managed Control 1324 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1324"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8cfea2b3-7f77-497e-ac20-0752f2ff6eee","type":"Microsoft.Authorization/policyDefinitions","name":"8cfea2b3-7f77-497e-ac20-0752f2ff6eee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1225 - Information System Component Inventory | Automated
+ Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1225"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8d096fe0-f510-4486-8b4d-d17dc230980b","type":"Microsoft.Authorization/policyDefinitions","name":"8d096fe0-f510-4486-8b4d-d17dc230980b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1288 - Information System Backup","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1288"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f","type":"Microsoft.Authorization/policyDefinitions","name":"8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1281 - Telecommunications Services | Priority Of Service Provisions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1281"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8dc459b3-0e77-45af-8d71-cfd8c9654fe2","type":"Microsoft.Authorization/policyDefinitions","name":"8dc459b3-0e77-45af-8d71-cfd8c9654fe2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1250 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1250"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8de614d8-a8b7-4f70-a62a-6d37089a002c","type":"Microsoft.Authorization/policyDefinitions","name":"8de614d8-a8b7-4f70-a62a-6d37089a002c"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - Object Access''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -1629,7 +3432,22 @@ interactions:
Detailed File Share;ExpectedValue","value":"[parameters(''AuditDetailedFileShare'')]"},{"name":"Audit
File Share;ExpectedValue","value":"[parameters(''AuditFileShare'')]"},{"name":"Audit
File System;ExpectedValue","value":"[parameters(''AuditFileSystem'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8e170edb-e0f5-497a-bb36-48b3280cec6a","type":"Microsoft.Authorization/policyDefinitions","name":"8e170edb-e0f5-497a-bb36-48b3280cec6a"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8e170edb-e0f5-497a-bb36-48b3280cec6a","type":"Microsoft.Authorization/policyDefinitions","name":"8e170edb-e0f5-497a-bb36-48b3280cec6a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1278 - Alternate Processing Site | Preparation For Use","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1278"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8e5ef485-9e16-4c53-a475-fbb8107eac59","type":"Microsoft.Authorization/policyDefinitions","name":"8e5ef485-9e16-4c53-a475-fbb8107eac59"},{"properties":{"displayName":"Microsoft
+ Managed Control 1517 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1517"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8f5ad423-50d6-4617-b058-69908f5586c9","type":"Microsoft.Authorization/policyDefinitions","name":"8f5ad423-50d6-4617-b058-69908f5586c9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1668 - Flaw Remediation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1668"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8fb0966e-be1d-42c3-baca-60df5c0bcc61","type":"Microsoft.Authorization/policyDefinitions","name":"8fb0966e-be1d-42c3-baca-60df5c0bcc61"},{"properties":{"displayName":"Microsoft
+ Managed Control 1013 - Account Management | Automated System Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1013"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8fd7b917-d83b-4379-af60-51e14e316c61","type":"Microsoft.Authorization/policyDefinitions","name":"8fd7b917-d83b-4379-af60-51e14e316c61"},{"properties":{"displayName":"Microsoft
+ Managed Control 1147 - Security Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1147"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8fef824a-29a8-4a4c-88fc-420a39c0d541","type":"Microsoft.Authorization/policyDefinitions","name":"8fef824a-29a8-4a4c-88fc-420a39c0d541"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that do not store passwords using
reversible encryption","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -1637,14 +3455,17 @@ interactions:
system-assigned managed identity and deploys the VM extension for Guest Configuration.
This policy should only be used along with its corresponding audit policy
in an initiative. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"StorePasswordsUsingReversibleEncryption","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"StorePasswordsUsingReversibleEncryption"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","type":"Microsoft.Authorization/policyDefinitions","name":"8ff0b18b-262e-4512-857a-48ad0aeb9a78"},{"properties":{"displayName":"[Preview]:
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"StorePasswordsUsingReversibleEncryption","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"StorePasswordsUsingReversibleEncryption"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","type":"Microsoft.Authorization/policyDefinitions","name":"8ff0b18b-262e-4512-857a-48ad0aeb9a78"},{"properties":{"displayName":"Microsoft
+ Managed Control 1550 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1550"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/902908fb-25a8-4225-a3a5-5603c80066c9","type":"Microsoft.Authorization/policyDefinitions","name":"902908fb-25a8-4225-a3a5-5603c80066c9"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Windows Firewall
Properties''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -1777,7 +3598,10 @@ interactions:
Firewall: Domain: Allow unicast response;ExpectedValue","value":"[parameters(''WindowsFirewallDomainAllowUnicastResponse'')]"},{"name":"Windows
Firewall: Private: Allow unicast response;ExpectedValue","value":"[parameters(''WindowsFirewallPrivateAllowUnicastResponse'')]"},{"name":"Windows
Firewall: Public: Allow unicast response;ExpectedValue","value":"[parameters(''WindowsFirewallPublicAllowUnicastResponse'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/909c958d-1b99-4c74-b88f-46a5c5bc34f9","type":"Microsoft.Authorization/policyDefinitions","name":"909c958d-1b99-4c74-b88f-46a5c5bc34f9"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/909c958d-1b99-4c74-b88f-46a5c5bc34f9","type":"Microsoft.Authorization/policyDefinitions","name":"909c958d-1b99-4c74-b88f-46a5c5bc34f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1133 - Protection Of Audit Information | Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1133"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90b60a09-133d-45bc-86ef-b206a6134bbe","type":"Microsoft.Authorization/policyDefinitions","name":"90b60a09-133d-45bc-86ef-b206a6134bbe"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that do not have the specified Windows
PowerShell modules installed","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -1792,26 +3616,47 @@ interactions:
of a module that should be installed by including a comma after the module
name, followed by the desired version. e.g. PSDscResources; SqlServerDsc,
12.0.0.0; ComputerManagementDsc, 6.1.0.0"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellModules","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[PowerShellModules]PowerShellModules1;Modules'',
- ''='', parameters(''Modules'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPowerShellModules"},"Modules":{"value":"[parameters(''Modules'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"Modules":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellModules]PowerShellModules1;Modules","value":"[parameters(''Modules'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellModules]PowerShellModules1;Modules","value":"[parameters(''Modules'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90ba2ee7-4ca8-4673-84d1-c851c50d3baf","type":"Microsoft.Authorization/policyDefinitions","name":"90ba2ee7-4ca8-4673-84d1-c851c50d3baf"},{"properties":{"displayName":"[Preview]:
+ ''='', parameters(''Modules'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPowerShellModules"},"Modules":{"value":"[parameters(''Modules'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"Modules":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellModules]PowerShellModules1;Modules","value":"[parameters(''Modules'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellModules]PowerShellModules1;Modules","value":"[parameters(''Modules'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90ba2ee7-4ca8-4673-84d1-c851c50d3baf","type":"Microsoft.Authorization/policyDefinitions","name":"90ba2ee7-4ca8-4673-84d1-c851c50d3baf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1140 - Audit Generation | System-Wide / Time-Correlated Audit
+ Trail","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1140"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90d8b8ad-8ee3-4db7-913f-2a53fcff5316","type":"Microsoft.Authorization/policyDefinitions","name":"90d8b8ad-8ee3-4db7-913f-2a53fcff5316"},{"properties":{"displayName":"Microsoft
+ Managed Control 1355 - Incident Response Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1355"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90e01f69-3074-4de8-ade7-0fef3e7d83e0","type":"Microsoft.Authorization/policyDefinitions","name":"90e01f69-3074-4de8-ade7-0fef3e7d83e0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1657 - Secure Name / Address Resolution Service (Authoritative
+ Source)","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1657"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90f01329-a100-43c2-af31-098996135d2b","type":"Microsoft.Authorization/policyDefinitions","name":"90f01329-a100-43c2-af31-098996135d2b"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Windows Components''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Windows Components''. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsComponents","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9178b430-2295-406e-bb28-f6a7a2a2f897","type":"Microsoft.Authorization/policyDefinitions","name":"9178b430-2295-406e-bb28-f6a7a2a2f897"},{"properties":{"displayName":"MFA
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsComponents","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9178b430-2295-406e-bb28-f6a7a2a2f897","type":"Microsoft.Authorization/policyDefinitions","name":"9178b430-2295-406e-bb28-f6a7a2a2f897"},{"properties":{"displayName":"Microsoft
+ Managed Control 1069 - Wireless Access | Authentication And Encryption","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1069"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/91c97b44-791e-46e9-bad7-ab7c4949edbb","type":"Microsoft.Authorization/policyDefinitions","name":"91c97b44-791e-46e9-bad7-ab7c4949edbb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1370 - Incident Monitoring | Automated Tracking / Data Collection
+ / Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1370"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/924e1b2d-c502-478f-bfdb-a7e09a0d5c01","type":"Microsoft.Authorization/policyDefinitions","name":"924e1b2d-c502-478f-bfdb-a7e09a0d5c01"},{"properties":{"displayName":"MFA
should be enabled accounts with write permissions on your subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor
Authentication (MFA) should be enabled for all subscription accounts with
write privileges to prevent a breach of accounts or resources.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","type":"Microsoft.Authorization/policyDefinitions","name":"9297c21d-2ed6-4474-b48f-163f75654ce3"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","type":"Microsoft.Authorization/policyDefinitions","name":"9297c21d-2ed6-4474-b48f-163f75654ce3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1290 - Information System Backup","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1290"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/92f85ce9-17b7-49ea-85ee-ea7271ea6b82","type":"Microsoft.Authorization/policyDefinitions","name":"92f85ce9-17b7-49ea-85ee-ea7271ea6b82"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that contain certificates expiring within
the specified number of days","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -1832,26 +3677,60 @@ interactions:
to include","description":"A semicolon-separated list of members that should
be included in the Administrators local group. Ex: Administrator; myUser1;
myUser2"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AdministratorsGroupMembersToInclude","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[LocalGroup]AdministratorsGroup;MembersToInclude'',
- ''='', parameters(''MembersToInclude'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AdministratorsGroupMembersToInclude"},"MembersToInclude":{"value":"[parameters(''MembersToInclude'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"MembersToInclude":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToInclude","value":"[parameters(''MembersToInclude'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToInclude","value":"[parameters(''MembersToInclude'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","type":"Microsoft.Authorization/policyDefinitions","name":"93507a81-10a4-4af0-9ee2-34cf25a96e98"},{"properties":{"displayName":"Allow
- resource creation only in European data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
- resource creation in the following locations only: North Europe, West Europe","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["northeurope","westeurope"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b","type":"Microsoft.Authorization/policyDefinitions","name":"94c19f19-8192-48cd-a11b-e37099d3e36b"},{"properties":{"displayName":"Require
+ ''='', parameters(''MembersToInclude'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AdministratorsGroupMembersToInclude"},"MembersToInclude":{"value":"[parameters(''MembersToInclude'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"MembersToInclude":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToInclude","value":"[parameters(''MembersToInclude'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToInclude","value":"[parameters(''MembersToInclude'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","type":"Microsoft.Authorization/policyDefinitions","name":"93507a81-10a4-4af0-9ee2-34cf25a96e98"},{"properties":{"displayName":"Microsoft
+ Managed Control 1575 - Acquisition Process | Functional Properties Of Security
+ Controls","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1575"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93e1bb73-1b08-4dbe-9c62-8e2e92e7ec41","type":"Microsoft.Authorization/policyDefinitions","name":"93e1bb73-1b08-4dbe-9c62-8e2e92e7ec41"},{"properties":{"displayName":"Microsoft
+ Managed Control 1674 - Flaw Remediation | Time To Remediate Flaws / Benchmarks
+ For Corrective Actions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1674"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93e9e233-dd0a-4bde-aea5-1371bce0e002","type":"Microsoft.Authorization/policyDefinitions","name":"93e9e233-dd0a-4bde-aea5-1371bce0e002"},{"properties":{"displayName":"Microsoft
+ Managed Control 1297 - Information System Recovery And Reconstitution | Restore
+ Within Time Period","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1297"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93fd8af1-c161-4bae-9ba9-f62731f76439","type":"Microsoft.Authorization/policyDefinitions","name":"93fd8af1-c161-4bae-9ba9-f62731f76439"},{"properties":{"displayName":"Microsoft
+ Managed Control 1284 - Telecommunications Services | Provider Contingency
+ Plan","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1284"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/942b3e97-6ae3-410e-a794-c9c999b97c0b","type":"Microsoft.Authorization/policyDefinitions","name":"942b3e97-6ae3-410e-a794-c9c999b97c0b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1379 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1379"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9442dd2c-a07f-46cd-b55a-553b66ba47ca","type":"Microsoft.Authorization/policyDefinitions","name":"9442dd2c-a07f-46cd-b55a-553b66ba47ca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1371 - Incident Reporting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1371"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9447f354-2c85-4700-93b3-ecdc6cb6a417","type":"Microsoft.Authorization/policyDefinitions","name":"9447f354-2c85-4700-93b3-ecdc6cb6a417"},{"properties":{"displayName":"[Deprecated]:
+ Allow resource creation only in European data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ resource creation in the following locations only: North Europe, West Europe","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["northeurope","westeurope"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b","type":"Microsoft.Authorization/policyDefinitions","name":"94c19f19-8192-48cd-a11b-e37099d3e36b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1526 - Access Agreements","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1526"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/953e6261-a05a-44fd-8246-000e1a3edbb9","type":"Microsoft.Authorization/policyDefinitions","name":"953e6261-a05a-44fd-8246-000e1a3edbb9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1163 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1163"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/961663a1-8a91-4e59-b6f5-1eee57c0f49c","type":"Microsoft.Authorization/policyDefinitions","name":"961663a1-8a91-4e59-b6f5-1eee57c0f49c"},{"properties":{"displayName":"Require
specified tag on resource groups","policyType":"BuiltIn","mode":"All","description":"Enforces
- existence of a tag on resource groups.","metadata":{"category":"General"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ existence of a tag on resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/96670d01-0a4d-4649-9c89-2d3abc0a5025","type":"Microsoft.Authorization/policyDefinitions","name":"96670d01-0a4d-4649-9c89-2d3abc0a5025"},{"properties":{"displayName":"Advanced
+ parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/96670d01-0a4d-4649-9c89-2d3abc0a5025","type":"Microsoft.Authorization/policyDefinitions","name":"96670d01-0a4d-4649-9c89-2d3abc0a5025"},{"properties":{"displayName":"Microsoft
+ Managed Control 1717 - Software, Firmware, And Information Integrity | Binary
+ Or Machine Executable Code","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1717"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef","type":"Microsoft.Authorization/policyDefinitions","name":"967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef"},{"properties":{"displayName":"Advanced
data security settings for SQL server should contain an email address to receive
security alerts","policyType":"BuiltIn","mode":"Indexed","description":"Ensure
that an email address is provided for the ''Send alerts to'' field in the
Advanced Data Security server settings. This email address receives alert
notifications when anomalous activities are detected on SQL servers.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAddresses[*]","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","type":"Microsoft.Authorization/policyDefinitions","name":"9677b740-f641-4f3c-b9c5-466005c85278"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAddresses[*]","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","type":"Microsoft.Authorization/policyDefinitions","name":"9677b740-f641-4f3c-b9c5-466005c85278"},{"properties":{"displayName":"Microsoft
+ Managed Control 1453 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1453"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9693b564-3008-42bc-9d5d-9c7fe198c011","type":"Microsoft.Authorization/policyDefinitions","name":"9693b564-3008-42bc-9d5d-9c7fe198c011"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Adminstrative Templates
- MSS (Legacy)''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -1859,7 +3738,11 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Adminstrative Templates - MSS (Legacy)''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdminstrativeTemplatesMSSLegacy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97646672-5efa-4622-9b54-740270ad60bf","type":"Microsoft.Authorization/policyDefinitions","name":"97646672-5efa-4622-9b54-740270ad60bf"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdminstrativeTemplatesMSSLegacy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97646672-5efa-4622-9b54-740270ad60bf","type":"Microsoft.Authorization/policyDefinitions","name":"97646672-5efa-4622-9b54-740270ad60bf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1607 - Developer Security Testing And Evaluation | Dynamic
+ Code Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1607"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/976a74cf-b192-4d35-8cab-2068f272addb","type":"Microsoft.Authorization/policyDefinitions","name":"976a74cf-b192-4d35-8cab-2068f272addb"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - Policy Change''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -1884,8 +3767,14 @@ interactions:
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit
Authentication Policy Change;ExpectedValue","value":"[parameters(''AuditAuthenticationPolicyChange'')]"},{"name":"Audit
Authorization Policy Change;ExpectedValue","value":"[parameters(''AuditAuthorizationPolicyChange'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97b595c8-fd10-400e-8543-28e2b9138b13","type":"Microsoft.Authorization/policyDefinitions","name":"97b595c8-fd10-400e-8543-28e2b9138b13"},{"properties":{"displayName":"Allow
- resource creation only in United States data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97b595c8-fd10-400e-8543-28e2b9138b13","type":"Microsoft.Authorization/policyDefinitions","name":"97b595c8-fd10-400e-8543-28e2b9138b13"},{"properties":{"displayName":"Microsoft
+ Managed Control 1136 - Audit Record Retention","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1136"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97ed5bac-a92f-4f6d-a8ed-dc094723597c","type":"Microsoft.Authorization/policyDefinitions","name":"97ed5bac-a92f-4f6d-a8ed-dc094723597c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1378 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1378"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97fceb70-6983-42d0-9331-18ad8253184d","type":"Microsoft.Authorization/policyDefinitions","name":"97fceb70-6983-42d0-9331-18ad8253184d"},{"properties":{"displayName":"[Deprecated]:
+ Allow resource creation only in United States data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation in the following locations only: Central US, East US, East
US2, North Central US, South Central US, West US","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["centralus","eastus","eastus2","northcentralus","southcentralus","westus"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869","type":"Microsoft.Authorization/policyDefinitions","name":"983211ba-f348-4758-983b-21fa29294869"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Administrative
@@ -1914,7 +3803,33 @@ interactions:
insecure guest logons;ExpectedValue","value":"[parameters(''EnableInsecureGuestLogons'')]"},{"name":"Minimize
the number of simultaneous connections to the Internet or a Windows Domain;ExpectedValue","value":"[parameters(''AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain'')]"},{"name":"Turn
off multicast name resolution;ExpectedValue","value":"[parameters(''TurnOffMulticastNameResolution'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/985285b7-b97a-419c-8d48-c88cc934c8d8","type":"Microsoft.Authorization/policyDefinitions","name":"985285b7-b97a-419c-8d48-c88cc934c8d8"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/985285b7-b97a-419c-8d48-c88cc934c8d8","type":"Microsoft.Authorization/policyDefinitions","name":"985285b7-b97a-419c-8d48-c88cc934c8d8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1076 - Use Of External Information Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1076"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/98a4bd5f-6436-46d4-ad00-930b5b1dfed4","type":"Microsoft.Authorization/policyDefinitions","name":"98a4bd5f-6436-46d4-ad00-930b5b1dfed4"},{"properties":{"displayName":"Ensure
+ that ''HTTP Version'' is the latest, if used to run the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for HTTP either due to security flaws or to include
+ additional functionality. Using the latest HTTP version for web apps to take
+ advantage of security fixes, if any, and/or new functionalities of the newer
+ version.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.http20Enabled","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db","type":"Microsoft.Authorization/policyDefinitions","name":"991310cd-e9f3-47bc-b7b6-f57b557d07db"},{"properties":{"displayName":"Microsoft
+ Managed Control 1102 - Audit Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1102"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9943c16a-c54c-4b4a-ad28-bfd938cdbf57","type":"Microsoft.Authorization/policyDefinitions","name":"9943c16a-c54c-4b4a-ad28-bfd938cdbf57"},{"properties":{"displayName":"Microsoft
+ Managed Control 1300 - Identification And Authentication (Organizational Users)","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1300"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/99deec7d-5526-472e-b07c-3645a792026a","type":"Microsoft.Authorization/policyDefinitions","name":"99deec7d-5526-472e-b07c-3645a792026a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1036 - Least Privilege | Non-Privileged Access For Nonsecurity
+ Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1036"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9a16d673-8cf0-4dcf-b1d5-9b3e114fef71","type":"Microsoft.Authorization/policyDefinitions","name":"9a16d673-8cf0-4dcf-b1d5-9b3e114fef71"},{"properties":{"displayName":"FTPS
+ only should be required in your API App","policyType":"BuiltIn","mode":"Indexed","description":"Enable
+ FTPS enforcement for enhanced security","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/ftpsState","equals":"FtpsOnly"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5","type":"Microsoft.Authorization/policyDefinitions","name":"9a1b8c48-453a-4044-86c3-d8bfd823e4f5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1021 - Account Management | Restrictions On Use Of Shared
+ / Group Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1021"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9a3eb0a3-428d-4669-baff-20a14eb4b551","type":"Microsoft.Authorization/policyDefinitions","name":"9a3eb0a3-428d-4669-baff-20a14eb4b551"},{"properties":{"displayName":"Deploy
Diagnostic Settings for Azure SQL Database to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
the diagnostic settings for Azure SQL Database to stream to a regional Event
Hub on any Azure SQL Database which is missing this diagnostic settings is
@@ -1931,35 +3846,111 @@ interactions:
or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"fullName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"resources":[{"type":"Microsoft.Sql/servers/databases/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''fullName''),
''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"QueryStoreRuntimeStatistics","enabled":"[parameters(''logsEnabled'')]"},{"category":"QueryStoreWaitStatistics","enabled":"[parameters(''logsEnabled'')]"},{"category":"Errors","enabled":"[parameters(''logsEnabled'')]"},{"category":"DatabaseWaitStatistics","enabled":"[parameters(''logsEnabled'')]"},{"category":"Blocks","enabled":"[parameters(''logsEnabled'')]"},{"category":"SQLInsights","enabled":"[parameters(''logsEnabled'')]"},{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"SQLSecurityAuditEvents","enabled":"[parameters(''logsEnabled'')]"},{"category":"Timeouts","enabled":"[parameters(''logsEnabled'')]"},{"category":"AutomaticTuning","enabled":"[parameters(''logsEnabled'')]"},{"category":"Deadlocks","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
diagnostic settings for '', parameters(''fullName''))]"}}},"parameters":{"location":{"value":"[field(''location'')]"},"fullName":{"value":"[field(''fullName'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9a7c7a7d-49e5-4213-bea8-6a502b6272e0","type":"Microsoft.Authorization/policyDefinitions","name":"9a7c7a7d-49e5-4213-bea8-6a502b6272e0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1049 - System Use Notification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1049"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9adf7ba7-900a-4f35-8d57-9f34aafc405c","type":"Microsoft.Authorization/policyDefinitions","name":"9adf7ba7-900a-4f35-8d57-9f34aafc405c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1563 - Allocation Of Resources","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1563"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9afe2edf-232c-4fdf-8e6a-e867a5c525fd","type":"Microsoft.Authorization/policyDefinitions","name":"9afe2edf-232c-4fdf-8e6a-e867a5c525fd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1462 - Monitoring Physical Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1462"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9b1f3a9a-13a1-4b40-8420-36bca6fd8c02","type":"Microsoft.Authorization/policyDefinitions","name":"9b1f3a9a-13a1-4b40-8420-36bca6fd8c02"},{"properties":{"displayName":"Microsoft
IaaSAntimalware extension should be deployed on Windows servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any Windows server VM without Microsoft IaaSAntimalware extension
deployed.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk"]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","type":"Microsoft.Authorization/policyDefinitions","name":"9b597639-28e4-48eb-b506-56b05d366257"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk"]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","type":"Microsoft.Authorization/policyDefinitions","name":"9b597639-28e4-48eb-b506-56b05d366257"},{"properties":{"displayName":"Microsoft
+ Managed Control 1236 - Software Usage Restrictions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1236"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ba3ed84-c768-4e18-b87c-34ef1aff1b57","type":"Microsoft.Authorization/policyDefinitions","name":"9ba3ed84-c768-4e18-b87c-34ef1aff1b57"},{"properties":{"displayName":"Microsoft
+ Managed Control 1525 - Personnel Transfer","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1525"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9be2f688-7a61-45e3-8230-e1ec93893f66","type":"Microsoft.Authorization/policyDefinitions","name":"9be2f688-7a61-45e3-8230-e1ec93893f66"},{"properties":{"displayName":"[Deprecated]:
Audit API Applications that are not using latest supported Java Framework","policyType":"BuiltIn","mode":"All","description":"Use
the latest supported Java version for the latest security classes. Using older
classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745","type":"Microsoft.Authorization/policyDefinitions","name":"9bfe3727-0a17-471f-a2fe-eddd6b668745"},{"properties":{"displayName":"Access
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745","type":"Microsoft.Authorization/policyDefinitions","name":"9bfe3727-0a17-471f-a2fe-eddd6b668745"},{"properties":{"displayName":"Microsoft
+ Managed Control 1138 - Audit Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1138"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9c284fc0-268a-4f29-af44-3c126674edb4","type":"Microsoft.Authorization/policyDefinitions","name":"9c284fc0-268a-4f29-af44-3c126674edb4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1135 - Non-Repudiation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1135"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9c308b6b-2429-4b97-86cf-081b8e737b04","type":"Microsoft.Authorization/policyDefinitions","name":"9c308b6b-2429-4b97-86cf-081b8e737b04"},{"properties":{"displayName":"Microsoft
+ Managed Control 1489 - Location Of Information System Components","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1489"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d0a794f-1444-4c96-9534-e35fc8c39c91","type":"Microsoft.Authorization/policyDefinitions","name":"9d0a794f-1444-4c96-9534-e35fc8c39c91"},{"properties":{"displayName":"Ensure
+ that ''Java version'' is the latest, if used as a part of the Funtion app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Java software either due to security flaws
+ or to include additional functionality. Using the latest Java version for
+ Function apps is recommended in order to to take advantage of security fixes,
+ if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ Java version","description":"Latest supported Java version for App Services"},"defaultValue":"11"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"JAVA"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","like":"[concat(''*'',
+ parameters(''JavaLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.javaVersion","like":"[concat(parameters(''JavaLatestVersion''),
+ ''*'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","type":"Microsoft.Authorization/policyDefinitions","name":"9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1322 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1322"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d1d971e-467e-4278-9633-c74c3d4fecc4","type":"Microsoft.Authorization/policyDefinitions","name":"9d1d971e-467e-4278-9633-c74c3d4fecc4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1233 - Configuration Management Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1233"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d79001f-95fe-45d0-8736-f217e78c1f57","type":"Microsoft.Authorization/policyDefinitions","name":"9d79001f-95fe-45d0-8736-f217e78c1f57"},{"properties":{"displayName":"Microsoft
+ Managed Control 1305 - Identification And Authentication (Org. Users) | Group
+ Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1305"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d9166a8-1722-4b8f-847c-2cf3f2618b3d","type":"Microsoft.Authorization/policyDefinitions","name":"9d9166a8-1722-4b8f-847c-2cf3f2618b3d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1259 - Contingency Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1259"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d9e18f7-bad9-4d30-8806-a0c9d5e26208","type":"Microsoft.Authorization/policyDefinitions","name":"9d9e18f7-bad9-4d30-8806-a0c9d5e26208"},{"properties":{"displayName":"Access
through Internet facing endpoint should be restricted","policyType":"BuiltIn","mode":"All","description":"Azure
Security center has identified some of your Network Security Groups'' inbound
rules to be too permissive. Inbound rules should not allow access from ''Any''
or ''Internet'' ranges. This can potentially enable attackers to easily target
your resources.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedNetworkEndpoint","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","type":"Microsoft.Authorization/policyDefinitions","name":"9daedab3-fb2d-461e-b861-71790eead4f6"},{"properties":{"displayName":"Append
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedNetworkEndpoint","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","type":"Microsoft.Authorization/policyDefinitions","name":"9daedab3-fb2d-461e-b861-71790eead4f6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1500 - Rules Of Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1500"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9dd5b241-03cb-47d3-a5cd-4b89f9c53c92","type":"Microsoft.Authorization/policyDefinitions","name":"9dd5b241-03cb-47d3-a5cd-4b89f9c53c92"},{"properties":{"displayName":"Microsoft
+ Managed Control 1482 - Temperature And Humidity Controls | Monitoring With
+ Alarms / Notifications","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1482"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9df4277e-8c88-4d5c-9b1a-541d53d15d7b","type":"Microsoft.Authorization/policyDefinitions","name":"9df4277e-8c88-4d5c-9b1a-541d53d15d7b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1553 - Vulnerability Scanning | Breadth / Depth Of Coverage","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1553"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9e5225fe-cdfb-4fce-9aec-0fe20dd53b62","type":"Microsoft.Authorization/policyDefinitions","name":"9e5225fe-cdfb-4fce-9aec-0fe20dd53b62"},{"properties":{"displayName":"Microsoft
+ Managed Control 1490 - Security Planning Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1490"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9e61da80-0957-4892-b70c-609d5eaafb6b","type":"Microsoft.Authorization/policyDefinitions","name":"9e61da80-0957-4892-b70c-609d5eaafb6b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1504 - Information Security Architecture","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1504"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9e7c35d0-12d4-4e0c-80a2-8a352537aefd","type":"Microsoft.Authorization/policyDefinitions","name":"9e7c35d0-12d4-4e0c-80a2-8a352537aefd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1609 - Development Process, Standards, And Tools","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1609"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9e93fa71-42ac-41a7-b177-efbfdc53c69f","type":"Microsoft.Authorization/policyDefinitions","name":"9e93fa71-42ac-41a7-b177-efbfdc53c69f"},{"properties":{"displayName":"Append
tag and its value from the resource group","policyType":"BuiltIn","mode":"Indexed","description":"Appends
the specified tag with its value from the resource group when any resource
which is missing this tag is created or updated. Does not modify the tags
of resources created before this policy was applied until those resources
- are changed.","metadata":{"category":"General"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ are changed. New ''modify'' effect policies are available that support remediation
+ of tags on existing resources (see https://aka.ms/modifydoc).","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"allOf":[{"field":"[concat(''tags['',
parameters(''tagName''), '']'')]","exists":"false"},{"value":"[resourceGroup().tags[parameters(''tagName'')]]","notEquals":""}]},"then":{"effect":"append","details":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[resourceGroup().tags[parameters(''tagName'')]]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ea02ca2-71db-412d-8b00-7c7ca9fcd32d","type":"Microsoft.Authorization/policyDefinitions","name":"9ea02ca2-71db-412d-8b00-7c7ca9fcd32d"},{"properties":{"displayName":"Show
+ parameters(''tagName''), '']'')]","value":"[resourceGroup().tags[parameters(''tagName'')]]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ea02ca2-71db-412d-8b00-7c7ca9fcd32d","type":"Microsoft.Authorization/policyDefinitions","name":"9ea02ca2-71db-412d-8b00-7c7ca9fcd32d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1494 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1494"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ed09d84-3311-4853-8b67-2b55dfa33d09","type":"Microsoft.Authorization/policyDefinitions","name":"9ed09d84-3311-4853-8b67-2b55dfa33d09"},{"properties":{"displayName":"Microsoft
+ Managed Control 1514 - Personnel Screening | Information With Special Protection
+ Measures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1514"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ed5ca00-0e43-434e-a018-7aab91461ba7","type":"Microsoft.Authorization/policyDefinitions","name":"9ed5ca00-0e43-434e-a018-7aab91461ba7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1187 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1187"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9f2b2f9e-4ba6-46c3-907f-66db138b6f85","type":"Microsoft.Authorization/policyDefinitions","name":"9f2b2f9e-4ba6-46c3-907f-66db138b6f85"},{"properties":{"displayName":"Show
audit results from Windows VMs that are not set to the specified time zone","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that are not set to the specified time zone.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsTimeZone","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9f658460-46b7-43af-8565-94fc0662be38","type":"Microsoft.Authorization/policyDefinitions","name":"9f658460-46b7-43af-8565-94fc0662be38"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsTimeZone","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9f658460-46b7-43af-8565-94fc0662be38","type":"Microsoft.Authorization/policyDefinitions","name":"9f658460-46b7-43af-8565-94fc0662be38"},{"properties":{"displayName":"Microsoft
+ Managed Control 1354 - Incident Response Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1354"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9fd92c17-163a-4511-bb96-bbb476449796","type":"Microsoft.Authorization/policyDefinitions","name":"9fd92c17-163a-4511-bb96-bbb476449796"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs on which the Log Analytics agent is not
connected as expected","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -1967,14 +3958,22 @@ interactions:
auditing Windows virtual machines on which the Log Analytics agent is not
connected to the specified workspaces. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsLogAnalyticsAgentConnection","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a030a57e-4639-4e8f-ade9-a92f33afe7ee","type":"Microsoft.Authorization/policyDefinitions","name":"a030a57e-4639-4e8f-ade9-a92f33afe7ee"},{"properties":{"displayName":"Allowed
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsLogAnalyticsAgentConnection","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a030a57e-4639-4e8f-ade9-a92f33afe7ee","type":"Microsoft.Authorization/policyDefinitions","name":"a030a57e-4639-4e8f-ade9-a92f33afe7ee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1145 - Security Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1145"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a0724970-9c75-4a64-a225-a28002953f28","type":"Microsoft.Authorization/policyDefinitions","name":"a0724970-9c75-4a64-a225-a28002953f28"},{"properties":{"displayName":"Allowed
resource types","policyType":"BuiltIn","mode":"Indexed","description":"This
policy enables you to specify the resource types that your organization can
deploy. Only resource types that support ''tags'' and ''location'' will be
affected by this policy. To restrict all resources please duplicate this policy
and change the ''mode'' to ''All''.","metadata":{"category":"General"},"parameters":{"listOfResourceTypesAllowed":{"type":"Array","metadata":{"description":"The
list of resource types that can be deployed.","displayName":"Allowed resource
- types","strongType":"resourceTypes"}}},"policyRule":{"if":{"not":{"field":"type","in":"[parameters(''listOfResourceTypesAllowed'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c","type":"Microsoft.Authorization/policyDefinitions","name":"a08ec900-254a-4555-9bf5-e42af04b5c5c"},{"properties":{"displayName":"Security
+ types","strongType":"resourceTypes"}}},"policyRule":{"if":{"not":{"field":"type","in":"[parameters(''listOfResourceTypesAllowed'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c","type":"Microsoft.Authorization/policyDefinitions","name":"a08ec900-254a-4555-9bf5-e42af04b5c5c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1245 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1245"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a0e45314-57b8-4623-80cd-bbb561f59516","type":"Microsoft.Authorization/policyDefinitions","name":"a0e45314-57b8-4623-80cd-bbb561f59516"},{"properties":{"displayName":"Microsoft
+ Managed Control 1406 - Maintenance Tools | Inspect Media","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1406"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a0f5339c-9292-43aa-a0bc-d27c6b8e30aa","type":"Microsoft.Authorization/policyDefinitions","name":"a0f5339c-9292-43aa-a0bc-d27c6b8e30aa"},{"properties":{"displayName":"Security
Center standard pricing tier should be selected","policyType":"BuiltIn","mode":"All","description":"The
standard pricing tier enables threat detection for networks and virtual machines,
providing threat intelligence, anomaly detection, and behavior analytics in
@@ -1987,20 +3986,72 @@ interactions:
security model, you shoud create access policies at the entity level for queues
and topics to provide access to only the specific entity","metadata":{"category":"Service
Bus"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceBus/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","type":"Microsoft.Authorization/policyDefinitions","name":"a1817ec0-a368-432a-8057-8371e17ac6ee"},{"properties":{"displayName":"[Preview]:
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceBus/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","type":"Microsoft.Authorization/policyDefinitions","name":"a1817ec0-a368-432a-8057-8371e17ac6ee"},{"properties":{"displayName":"Microsoft
+ Managed Control 1265 - Contingency Plan Testing | Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1265"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a18adb5b-1db6-4a5b-901a-7d3797d12972","type":"Microsoft.Authorization/policyDefinitions","name":"a18adb5b-1db6-4a5b-901a-7d3797d12972"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Logic Apps to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Logic Apps to stream to a regional Event Hub when
+ any Logic Apps which is missing this diagnostic settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Logic/workflows/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"WorkflowRuntime","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1dae6c7-13f3-48ea-a149-ff8442661f60","type":"Microsoft.Authorization/policyDefinitions","name":"a1dae6c7-13f3-48ea-a149-ff8442661f60"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Administrative Templates
- System''","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Administrative
Templates - System''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1e8dda3-9fd2-4835-aec3-0e55531fde33","type":"Microsoft.Authorization/policyDefinitions","name":"a1e8dda3-9fd2-4835-aec3-0e55531fde33"},{"properties":{"displayName":"Show
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1e8dda3-9fd2-4835-aec3-0e55531fde33","type":"Microsoft.Authorization/policyDefinitions","name":"a1e8dda3-9fd2-4835-aec3-0e55531fde33"},{"properties":{"displayName":"Microsoft
+ Managed Control 1612 - Developer Security Architecture And Design","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1612"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2037b3d-8b04-4171-8610-e6d4f1d08db5","type":"Microsoft.Authorization/policyDefinitions","name":"a2037b3d-8b04-4171-8610-e6d4f1d08db5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1197 - Configuration Change Control | Test / Validate / Document
+ Changes","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1197"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a20d2eaa-88e2-4907-96a2-8f3a05797e5c","type":"Microsoft.Authorization/policyDefinitions","name":"a20d2eaa-88e2-4907-96a2-8f3a05797e5c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1275 - Alternate Processing Site | Separation From Primary
+ Site","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1275"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a23d9d53-ad2e-45ef-afd5-e6d10900a737","type":"Microsoft.Authorization/policyDefinitions","name":"a23d9d53-ad2e-45ef-afd5-e6d10900a737"},{"properties":{"displayName":"Microsoft
+ Managed Control 1690 - Information System Monitoring | System-Wide Intrusion
+ Detection System","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1690"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2567a23-d1c3-4783-99f3-d471302a4d6b","type":"Microsoft.Authorization/policyDefinitions","name":"a2567a23-d1c3-4783-99f3-d471302a4d6b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1410 - Maintenance Tools | Prevent Unauthorized Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1410"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2596a9f-e59f-420d-9625-6e0b536348be","type":"Microsoft.Authorization/policyDefinitions","name":"a2596a9f-e59f-420d-9625-6e0b536348be"},{"properties":{"displayName":"Microsoft
+ Managed Control 1059 - Remote Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1059"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a29b5d9f-4953-4afe-b560-203a6410b6b4","type":"Microsoft.Authorization/policyDefinitions","name":"a29b5d9f-4953-4afe-b560-203a6410b6b4"},{"properties":{"displayName":"Show
audit results from Windows VMs that are not joined to the specified domain","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that are not joined to the specified domain.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDomainMembership","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a29ee95c-0395-4515-9851-cc04ffe82a91","type":"Microsoft.Authorization/policyDefinitions","name":"a29ee95c-0395-4515-9851-cc04ffe82a91"},{"properties":{"displayName":"Audit
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDomainMembership","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a29ee95c-0395-4515-9851-cc04ffe82a91","type":"Microsoft.Authorization/policyDefinitions","name":"a29ee95c-0395-4515-9851-cc04ffe82a91"},{"properties":{"displayName":"Microsoft
+ Managed Control 1532 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1532"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2c66299-9017-4d95-8040-8bdbf7901d52","type":"Microsoft.Authorization/policyDefinitions","name":"a2c66299-9017-4d95-8040-8bdbf7901d52"},{"properties":{"displayName":"Microsoft
+ Managed Control 1664 - Protection Of Information At Rest | Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1664"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2cdf6b8-9505-4619-b579-309ba72037ac","type":"Microsoft.Authorization/policyDefinitions","name":"a2cdf6b8-9505-4619-b579-309ba72037ac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1252 - Contingency Plan | Capacity Planning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1252"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a328fd72-8ff5-4f96-8c9c-b30ed95db4ab","type":"Microsoft.Authorization/policyDefinitions","name":"a328fd72-8ff5-4f96-8c9c-b30ed95db4ab"},{"properties":{"displayName":"Microsoft
+ Managed Control 1238 - User-Installed Software","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1238"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1","type":"Microsoft.Authorization/policyDefinitions","name":"a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1693 - Information System Monitoring | System-Generated Alerts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1693"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a450eba6-2efc-4a00-846a-5804a93c6b77","type":"Microsoft.Authorization/policyDefinitions","name":"a450eba6-2efc-4a00-846a-5804a93c6b77"},{"properties":{"displayName":"Audit
usage of custom RBAC rules","policyType":"BuiltIn","mode":"All","description":"Audit
built-in roles such as ''Owner, Contributer, Reader'' instead of custom RBAC
roles, which are error prone. Using custom roles is treated as an exception
@@ -2009,28 +4060,63 @@ interactions:
Application should only be accessible over HTTPS","policyType":"BuiltIn","mode":"Indexed","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","type":"Microsoft.Authorization/policyDefinitions","name":"a4af4a39-4135-47fb-b175-47fbdf85311d"},{"properties":{"displayName":"Auditing
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","type":"Microsoft.Authorization/policyDefinitions","name":"a4af4a39-4135-47fb-b175-47fbdf85311d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1617 - Application Partitioning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1617"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a631d8f5-eb81-4f9d-9ee1-74431371e4a3","type":"Microsoft.Authorization/policyDefinitions","name":"a631d8f5-eb81-4f9d-9ee1-74431371e4a3"},{"properties":{"displayName":"Auditing
should be enabled on advanced data security settings on SQL Server","policyType":"BuiltIn","mode":"Indexed","description":"Auditing
tracks database events and writes them to an audit log in the Azure storage
account. It also helps to maintain regulatory compliance, understand database
activity, and gain insight into discrepancies and anomalies that could indicate
business concerns or suspected security violations.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"setting":{"type":"String","metadata":{"displayName":"Desired
- Auditing setting"},"allowedValues":["enabled","disabled"],"defaultValue":"enabled"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"field":"Microsoft.Sql/auditingSettings.state","equals":"[parameters(''setting'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","type":"Microsoft.Authorization/policyDefinitions","name":"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9"},{"properties":{"displayName":"DDoS
+ Auditing setting"},"allowedValues":["enabled","disabled"],"defaultValue":"enabled"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"field":"Microsoft.Sql/auditingSettings.state","equals":"[parameters(''setting'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","type":"Microsoft.Authorization/policyDefinitions","name":"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9"},{"properties":{"displayName":"The
+ Log Analytics agent should be installed on virtual machines","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Windows/Linux virtual machines if the Log Analytics agent
+ is not installed.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","in":["MicrosoftMonitoringAgent","OmsAgentForLinux"]},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"},{"field":"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be","type":"Microsoft.Authorization/policyDefinitions","name":"a70ca396-0a34-413a-88e1-b956c1e683be"},{"properties":{"displayName":"Microsoft
+ Managed Control 1431 - Media Storage","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1431"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7173c52-2b99-4696-a576-63dd5f970ef4","type":"Microsoft.Authorization/policyDefinitions","name":"a7173c52-2b99-4696-a576-63dd5f970ef4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1644 - Cryptographic Key Establishment And Management | Availability","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1644"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7211477-c970-446b-b4af-062f37461147","type":"Microsoft.Authorization/policyDefinitions","name":"a7211477-c970-446b-b4af-062f37461147"},{"properties":{"displayName":"Microsoft
+ Managed Control 1027 - Access Enforcement","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1027"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c","type":"Microsoft.Authorization/policyDefinitions","name":"a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c"},{"properties":{"displayName":"DDoS
Protection Standard should be enabled","policyType":"BuiltIn","mode":"All","description":"DDoS
protection standard should be enabled for all virtual networks with a subnet
that is part of an application gateway with a public IP.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"microsoft.network/virtualNetworks"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableDDoSProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","type":"Microsoft.Authorization/policyDefinitions","name":"a7aca53f-2ed4-4466-a25e-0b45ade68efd"},{"properties":{"displayName":"Require
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"microsoft.network/virtualNetworks"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableDDoSProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","type":"Microsoft.Authorization/policyDefinitions","name":"a7aca53f-2ed4-4466-a25e-0b45ade68efd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1570 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1570"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7fcf38d-bb09-4600-be7d-825046eb162a","type":"Microsoft.Authorization/policyDefinitions","name":"a7fcf38d-bb09-4600-be7d-825046eb162a"},{"properties":{"displayName":"Require
encryption on Data Lake Store accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
policy ensures encryption is enabled on all Data Lake Store accounts","metadata":{"category":"Data
- Lake"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},{"field":"Microsoft.DataLakeStore/accounts/encryptionState","equals":"Disabled"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"a7ff3161-0087-490a-9ad9-ad6217f4f43a"},{"properties":{"displayName":"[Deprecated]
+ Lake"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},{"field":"Microsoft.DataLakeStore/accounts/encryptionState","equals":"Disabled"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"a7ff3161-0087-490a-9ad9-ad6217f4f43a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1295 - Information System Recovery And Reconstitution","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1295"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a895fbdb-204d-4302-9689-0a59dc42b3d9","type":"Microsoft.Authorization/policyDefinitions","name":"a895fbdb-204d-4302-9689-0a59dc42b3d9"},{"properties":{"displayName":"[Deprecated]
Monitor unencrypted SQL databases in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Unencrypted
SQL databases will be monitored by Azure Security Center as recommendations.
This policy is deprecated and replaced by the following policy: Transparent
Data Encryption on SQL databases should be enabled''","metadata":{"category":"Security
Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16","type":"Microsoft.Authorization/policyDefinitions","name":"a8bef009-a5c9-4d0f-90d7-6018734e8a16"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16","type":"Microsoft.Authorization/policyDefinitions","name":"a8bef009-a5c9-4d0f-90d7-6018734e8a16"},{"properties":{"displayName":"Microsoft
+ Managed Control 1283 - Telecommunications Services | Separation Of Primary
+ / Alternate Providers","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1283"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9172e76-7f56-46e9-93bf-75d69bdb5491","type":"Microsoft.Authorization/policyDefinitions","name":"a9172e76-7f56-46e9-93bf-75d69bdb5491"},{"properties":{"displayName":"Microsoft
+ Managed Control 1400 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1400"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a96d5098-a604-4cdf-90b1-ef6449a27424","type":"Microsoft.Authorization/policyDefinitions","name":"a96d5098-a604-4cdf-90b1-ef6449a27424"},{"properties":{"displayName":"Microsoft
+ Managed Control 1118 - Audit Review, Analysis, And Reporting | Correlate Audit
+ Repositories","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1118"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a96f743d-a195-420d-983a-08aa06bc441e","type":"Microsoft.Authorization/policyDefinitions","name":"a96f743d-a195-420d-983a-08aa06bc441e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1199 - Configuration Change Control | Cryptography Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1199"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9a08d1c-09b1-48f1-90ea-029bbdf7111e","type":"Microsoft.Authorization/policyDefinitions","name":"a9a08d1c-09b1-48f1-90ea-029bbdf7111e"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Detailed Tracking''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -2043,38 +4129,100 @@ interactions:
policy creates a network watcher resource in regions with virtual networks.
You need to ensure existence of a resource group named networkWatcherRG, which
will be used to deploy network watcher instances.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/virtualNetworks"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Network/networkWatchers","resourceGroupName":"networkWatcherRG","existenceCondition":{"field":"location","equals":"[field(''location'')]"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json","contentVersion":"1.0.0.0","parameters":{"location":{"type":"string"}},"resources":[{"apiVersion":"2016-09-01","type":"Microsoft.Network/networkWatchers","name":"[concat(''networkWatcher_'',
- parameters(''location''))]","location":"[parameters(''location'')]"}]},"parameters":{"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9","type":"Microsoft.Authorization/policyDefinitions","name":"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9"},{"properties":{"displayName":"MFA
+ parameters(''location''))]","location":"[parameters(''location'')]"}]},"parameters":{"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9","type":"Microsoft.Authorization/policyDefinitions","name":"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1511 - Personnel Screening","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1511"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9eae324-d327-4539-9293-b48e122465f8","type":"Microsoft.Authorization/policyDefinitions","name":"a9eae324-d327-4539-9293-b48e122465f8"},{"properties":{"displayName":"MFA
should be enabled on accounts with owner permissions on your subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor
Authentication (MFA) should be enabled for all subscription accounts with
owner permissions to prevent a breach of accounts or resources.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","type":"Microsoft.Authorization/policyDefinitions","name":"aa633080-8b72-40c4-a2d7-d00c03e80bed"},{"properties":{"displayName":"Automatic
- provisioning of security monitoring agent","policyType":"BuiltIn","mode":"All","description":"Installs
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","type":"Microsoft.Authorization/policyDefinitions","name":"aa633080-8b72-40c4-a2d7-d00c03e80bed"},{"properties":{"displayName":"Ensure
+ that Register with Azure Active Directory is enabled on WEB App","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aa81768c-cb87-4ce2-bfaa-00baa10d760c","type":"Microsoft.Authorization/policyDefinitions","name":"aa81768c-cb87-4ce2-bfaa-00baa10d760c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1539 - Security Categorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1539"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aabb155f-e7a5-4896-a767-e918bfae2ee0","type":"Microsoft.Authorization/policyDefinitions","name":"aabb155f-e7a5-4896-a767-e918bfae2ee0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1006 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1006"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aae8d54c-4bce-4c04-b3aa-5b65b67caac8","type":"Microsoft.Authorization/policyDefinitions","name":"aae8d54c-4bce-4c04-b3aa-5b65b67caac8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1461 - Monitoring Physical Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1461"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aafef03e-fea8-470b-88fa-54bd1fcd7064","type":"Microsoft.Authorization/policyDefinitions","name":"aafef03e-fea8-470b-88fa-54bd1fcd7064"},{"properties":{"displayName":"Microsoft
+ Managed Control 1073 - Access Control For Mobile Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1073"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ab55cdb0-c7dd-4bd8-ae22-a7cea7594e9c","type":"Microsoft.Authorization/policyDefinitions","name":"ab55cdb0-c7dd-4bd8-ae22-a7cea7594e9c"},{"properties":{"displayName":"Ensure
+ that ''PHP version'' is the latest, if used as a part of the Function app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for PHP software either due to security flaws
+ or to include additional functionality. Using the latest PHP version for Function
+ apps is recommended in order to to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ PHP version","description":"Latest supported PHP version for App Services"},"defaultValue":"7.3"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PHP"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PHP|'',
+ parameters(''PHPLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":"[parameters(''PHPLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ab965db2-d2bf-4b64-8b39-c38ec8179461","type":"Microsoft.Authorization/policyDefinitions","name":"ab965db2-d2bf-4b64-8b39-c38ec8179461"},{"properties":{"displayName":"[Deprecated]:
+ Automatic provisioning of security monitoring agent","policyType":"BuiltIn","mode":"All","description":"Installs
security agent on VMs for advanced security alerts and preventions in Azure
Security Center. Applies only for subscriptions that use Azure Security Center.","metadata":{"category":"Security
- Center","deprecated":true},"parameters":{},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Security/complianceResults","name":"securityAgent","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24","type":"Microsoft.Authorization/policyDefinitions","name":"abcc6037-1fc4-47f6-aac5-89706589be24"},{"properties":{"displayName":"Advanced
+ Center","deprecated":true},"parameters":{},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Security/complianceResults","name":"securityAgent","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24","type":"Microsoft.Authorization/policyDefinitions","name":"abcc6037-1fc4-47f6-aac5-89706589be24"},{"properties":{"displayName":"Microsoft
+ Managed Control 1323 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1323"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abe8f70b-680f-470c-9b86-a7edfb664ecc","type":"Microsoft.Authorization/policyDefinitions","name":"abe8f70b-680f-470c-9b86-a7edfb664ecc"},{"properties":{"displayName":"Advanced
data security should be enabled on your SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"Audit
SQL servers without Advanced Data Security","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/state","equals":"Enabled"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","type":"Microsoft.Authorization/policyDefinitions","name":"abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9"},{"properties":{"displayName":"Advanced
data security should be enabled on your SQL managed instances","policyType":"BuiltIn","mode":"Indexed","description":"Audit
SQL managed instances without Advanced Data Security","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/state","equals":"Enabled"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","type":"Microsoft.Authorization/policyDefinitions","name":"abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/state","equals":"Enabled"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","type":"Microsoft.Authorization/policyDefinitions","name":"abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1056 - Session Termination | User-Initiated Logouts / Message
+ Displays","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1056"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac43352f-df83-4694-8738-cfce549fd08d","type":"Microsoft.Authorization/policyDefinitions","name":"ac43352f-df83-4694-8738-cfce549fd08d"},{"properties":{"displayName":"[Preview]:
Role-Based Access Control (RBAC) should be used on Kubernetes Services","policyType":"BuiltIn","mode":"All","description":"To
provide granular filtering on the actions that users can perform, use Role-Based
Access Control (RBAC) to manage permissions in Kubernetes Service Clusters
and configure relevant authorization policies.","metadata":{"category":"Security
Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/enableRBAC","exists":"false"},{"field":"Microsoft.ContainerService/managedClusters/enableRBAC","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","type":"Microsoft.Authorization/policyDefinitions","name":"ac4a19c2-fa67-49b4-8ae5-0b2e78c49457"},{"properties":{"displayName":"Allow
- resource creation if ''environment'' tag value in allowed values","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/enableRBAC","exists":"false"},{"field":"Microsoft.ContainerService/managedClusters/enableRBAC","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","type":"Microsoft.Authorization/policyDefinitions","name":"ac4a19c2-fa67-49b4-8ae5-0b2e78c49457"},{"properties":{"displayName":"[Deprecated]:
+ Allow resource creation if ''environment'' tag value in allowed values","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation if the ''environment'' tag is set to one of the following
- values: production, dev, test, staging","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags.environment","in":["production","dev","test","staging"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9","type":"Microsoft.Authorization/policyDefinitions","name":"ac7e5fc0-c029-4b12-91d4-a8500ce697f9"},{"properties":{"displayName":"Email
+ values: production, dev, test, staging","metadata":{"category":"Tags","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags[''environment'']","in":["production","dev","test","staging"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9","type":"Microsoft.Authorization/policyDefinitions","name":"ac7e5fc0-c029-4b12-91d4-a8500ce697f9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1569 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1569"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ad2f8e61-a564-4dfd-8eaa-816f5be8cb34","type":"Microsoft.Authorization/policyDefinitions","name":"ad2f8e61-a564-4dfd-8eaa-816f5be8cb34"},{"properties":{"displayName":"Microsoft
+ Managed Control 1454 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1454"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ad58985d-ab32-4f99-8bd3-b7e134c90229","type":"Microsoft.Authorization/policyDefinitions","name":"ad58985d-ab32-4f99-8bd3-b7e134c90229"},{"properties":{"displayName":"Microsoft
+ Managed Control 1025 - Account Management | Account Monitoring / Atypical
+ Usage","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1025"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/adfe020d-0a97-45f4-a39c-696ef99f3a95","type":"Microsoft.Authorization/policyDefinitions","name":"adfe020d-0a97-45f4-a39c-696ef99f3a95"},{"properties":{"displayName":"Microsoft
+ Managed Control 1272 - Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1272"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8","type":"Microsoft.Authorization/policyDefinitions","name":"ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8"},{"properties":{"displayName":"SQL
+ Server should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any SQL Server not configured to use a virtual network service
+ endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/virtualNetworkRules","existenceCondition":{"field":"Microsoft.Sql/servers/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ae5d2f14-d830-42b6-9899-df6cfe9c71a3","type":"Microsoft.Authorization/policyDefinitions","name":"ae5d2f14-d830-42b6-9899-df6cfe9c71a3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1598 - Developer Configuration Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1598"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ae7e1f5e-2d63-4b38-91ef-bce14151cce3","type":"Microsoft.Authorization/policyDefinitions","name":"ae7e1f5e-2d63-4b38-91ef-bce14151cce3"},{"properties":{"displayName":"Email
notifications to admins and subscription owners should be enabled in SQL managed
instance advanced data security settings","policyType":"BuiltIn","mode":"Indexed","description":"Audit
that ''email notification to admins and subscription owners'' is enabled in
the SQL managed instance advanced threat protection settings. This ensures
that any detections of anomalous activities on SQL managed instance are reported
as soon as possible to the admins.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","type":"Microsoft.Authorization/policyDefinitions","name":"aeb23562-188d-47cb-80b8-551f16ef9fff"},{"properties":{"displayName":"Monitor
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","type":"Microsoft.Authorization/policyDefinitions","name":"aeb23562-188d-47cb-80b8-551f16ef9fff"},{"properties":{"displayName":"Microsoft
+ Managed Control 1413 - Nonlocal Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1413"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aeedddb6-6bc0-42d5-809b-80048033419d","type":"Microsoft.Authorization/policyDefinitions","name":"aeedddb6-6bc0-42d5-809b-80048033419d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1710 - Security Function Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1710"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/af2a93c8-e6dd-4c94-acdd-4a2eedfc478e","type":"Microsoft.Authorization/policyDefinitions","name":"af2a93c8-e6dd-4c94-acdd-4a2eedfc478e"},{"properties":{"displayName":"Monitor
missing Endpoint Protection in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Servers
without an installed Endpoint Protection agent will be monitored by Azure
Security Center as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -2084,22 +4232,50 @@ interactions:
Security Center as recommendations. This policy is deprecated and replaced
by the following policy: ''Auditing should be enabled on advanced data security
settings on SQL Server''","metadata":{"category":"Security Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"auditing","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d","type":"Microsoft.Authorization/policyDefinitions","name":"af8051bf-258b-44e2-a2bf-165330459f9d"},{"properties":{"displayName":"Activity
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"auditing","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d","type":"Microsoft.Authorization/policyDefinitions","name":"af8051bf-258b-44e2-a2bf-165330459f9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1645 - Cryptographic Key Establishment And Management | Symmetric
+ Keys","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1645"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/afbd0baf-ff1a-4447-a86f-088a97347c0c","type":"Microsoft.Authorization/policyDefinitions","name":"afbd0baf-ff1a-4447-a86f-088a97347c0c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1725 - Error Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1725"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/afc234b5-456b-4aa5-b3e2-ce89108124cc","type":"Microsoft.Authorization/policyDefinitions","name":"afc234b5-456b-4aa5-b3e2-ce89108124cc"},{"properties":{"displayName":"Activity
log should be retained for at least one year","policyType":"BuiltIn","mode":"All","description":"This
policy audits the activity log if the retention is not set for 365 days or
forever (retention days set to 0).","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"true"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"365"}]},{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"false"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"0"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","type":"Microsoft.Authorization/policyDefinitions","name":"b02aacc0-b073-424e-8298-42b22829ee0a"},{"properties":{"displayName":"Just-In-Time
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"true"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"365"}]},{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"false"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"0"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","type":"Microsoft.Authorization/policyDefinitions","name":"b02aacc0-b073-424e-8298-42b22829ee0a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1429 - Media Marking","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1429"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b07c9b24-729e-4e85-95fc-f224d2d08a80","type":"Microsoft.Authorization/policyDefinitions","name":"b07c9b24-729e-4e85-95fc-f224d2d08a80"},{"properties":{"displayName":"Microsoft
+ Managed Control 1711 - Security Function Verification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1711"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b083a535-a66a-41ec-ba7f-f9498bf67cde","type":"Microsoft.Authorization/policyDefinitions","name":"b083a535-a66a-41ec-ba7f-f9498bf67cde"},{"properties":{"displayName":"Just-In-Time
network access control should be applied on virtual machines","policyType":"BuiltIn","mode":"All","description":"Possible
network Just In Time (JIT) access will be monitored by Azure Security Center
as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"jitNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","type":"Microsoft.Authorization/policyDefinitions","name":"b0f33259-77d7-4c9e-aac6-3aabcfae693c"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"jitNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","type":"Microsoft.Authorization/policyDefinitions","name":"b0f33259-77d7-4c9e-aac6-3aabcfae693c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1571 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1571"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b11c985b-f2cd-4bd7-85f4-b52426edf905","type":"Microsoft.Authorization/policyDefinitions","name":"b11c985b-f2cd-4bd7-85f4-b52426edf905"},{"properties":{"displayName":"[Preview]:
Show audit results from Linux VMs that do not have the passwd file permissions
set to 0644","policyType":"BuiltIn","mode":"All","description":"This policy
should only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Linux
virtual machines that do not have the passwd file permissions set to 0644.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","type":"Microsoft.Authorization/policyDefinitions","name":"b18175dd-c599-4c64-83ba-bb018a06d35b"},{"properties":{"displayName":"All
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","type":"Microsoft.Authorization/policyDefinitions","name":"b18175dd-c599-4c64-83ba-bb018a06d35b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1537 - Risk Assessment Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1537"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b19454ca-0d70-42c0-acf5-ea1c1e5726d1","type":"Microsoft.Authorization/policyDefinitions","name":"b19454ca-0d70-42c0-acf5-ea1c1e5726d1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1091 - Security Awareness Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1091"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b23bd715-5d1c-4e5c-9759-9cbdf79ded9d","type":"Microsoft.Authorization/policyDefinitions","name":"b23bd715-5d1c-4e5c-9759-9cbdf79ded9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1078 - Use Of External Information Systems | Limits On Authorized
+ Use","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Access Control control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1078"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b25faf85-8a16-4f28-8e15-d05c0072d64d","type":"Microsoft.Authorization/policyDefinitions","name":"b25faf85-8a16-4f28-8e15-d05c0072d64d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1009 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1009"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b26f8610-e615-47c2-abd6-c00b2b0b503a","type":"Microsoft.Authorization/policyDefinitions","name":"b26f8610-e615-47c2-abd6-c00b2b0b503a"},{"properties":{"displayName":"All
authorization rules except RootManageSharedAccessKey should be removed from
Event Hub namespace","policyType":"BuiltIn","mode":"All","description":"Event
Hub clients should not use a namespace level access policy that provides access
@@ -2107,7 +4283,13 @@ interactions:
security model, you shoud create access policies at the entity level for queues
and topics to provide access to only the specific entity","metadata":{"category":"Event
Hub"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.EventHub/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","type":"Microsoft.Authorization/policyDefinitions","name":"b278e460-7cfc-4451-8294-cccc40a940d7"},{"properties":{"displayName":"Deploy
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.EventHub/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","type":"Microsoft.Authorization/policyDefinitions","name":"b278e460-7cfc-4451-8294-cccc40a940d7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1234 - Software Usage Restrictions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1234"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b293f881-361c-47ed-b997-bc4e2296bc0b","type":"Microsoft.Authorization/policyDefinitions","name":"b293f881-361c-47ed-b997-bc4e2296bc0b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1107 - Content Of Audit Records","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1107"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b29ed931-8e21-4779-8458-27916122a904","type":"Microsoft.Authorization/policyDefinitions","name":"b29ed931-8e21-4779-8458-27916122a904"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows web servers that are not using secure communication
protocols","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Windows web servers that
@@ -2119,13 +4301,13 @@ interactions:
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"MinimumTLSVersion":{"type":"String","metadata":{"displayName":"Minimum
TLS version","description":"The minimum TLS protocol version that should be
enabled. Windows web servers with lower TLS versions will be marked as non-compliant."},"allowedValues":["1.1","1.2"],"defaultValue":"1.1"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AuditSecureProtocol","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"anyOf":[{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[SecureWebServer]s1;MinimumTLSVersion'',
- ''='', parameters(''MinimumTLSVersion'')))]"},{"allOf":[{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":""},{"value":"[parameters(''MinimumTLSVersion'')]","equals":"1.1"}]}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AuditSecureProtocol"},"MinimumTLSVersion":{"value":"[parameters(''MinimumTLSVersion'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"MinimumTLSVersion":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[SecureWebServer]s1;MinimumTLSVersion","value":"[parameters(''MinimumTLSVersion'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[SecureWebServer]s1;MinimumTLSVersion","value":"[parameters(''MinimumTLSVersion'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''='', parameters(''MinimumTLSVersion'')))]"},{"allOf":[{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":""},{"value":"[parameters(''MinimumTLSVersion'')]","equals":"1.1"}]}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AuditSecureProtocol"},"MinimumTLSVersion":{"value":"[parameters(''MinimumTLSVersion'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"MinimumTLSVersion":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[SecureWebServer]s1;MinimumTLSVersion","value":"[parameters(''MinimumTLSVersion'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[SecureWebServer]s1;MinimumTLSVersion","value":"[parameters(''MinimumTLSVersion'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","type":"Microsoft.Authorization/policyDefinitions","name":"b2fc8f91-866d-4434-9089-5ebfe38d6fd8"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Logon-Logoff''","policyType":"BuiltIn","mode":"All","description":"This
@@ -2134,14 +4316,29 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''System Audit Policies - Logon-Logoff''. For more information on
Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesLogonLogoff","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b3802d79-dd88-4bce-b81d-780218e48280","type":"Microsoft.Authorization/policyDefinitions","name":"b3802d79-dd88-4bce-b81d-780218e48280"},{"properties":{"displayName":"Diagnostic
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesLogonLogoff","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b3802d79-dd88-4bce-b81d-780218e48280","type":"Microsoft.Authorization/policyDefinitions","name":"b3802d79-dd88-4bce-b81d-780218e48280"},{"properties":{"displayName":"Microsoft
+ Managed Control 1041 - Least Privilege | Privilege Levels For Code Execution","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1041"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b3d8d15b-627a-4219-8c96-4d16f788888b","type":"Microsoft.Authorization/policyDefinitions","name":"b3d8d15b-627a-4219-8c96-4d16f788888b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1380 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1380"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4319b7e-ea8d-42ff-8a67-ccd462972827","type":"Microsoft.Authorization/policyDefinitions","name":"b4319b7e-ea8d-42ff-8a67-ccd462972827"},{"properties":{"displayName":"Diagnostic
logs in Search services should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Search"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","type":"Microsoft.Authorization/policyDefinitions","name":"b4330a05-a843-4bc8-bf9a-cacce50c67f4"},{"properties":{"displayName":"[Deprecated]:
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","type":"Microsoft.Authorization/policyDefinitions","name":"b4330a05-a843-4bc8-bf9a-cacce50c67f4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1172 - Internal System Connections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1172"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b43e946e-a4c8-4b92-8201-4a39331db43c","type":"Microsoft.Authorization/policyDefinitions","name":"b43e946e-a4c8-4b92-8201-4a39331db43c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1672 - Flaw Remediation | Central Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1672"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b45fe972-904e-45a4-ac20-673ba027a301","type":"Microsoft.Authorization/policyDefinitions","name":"b45fe972-904e-45a4-ac20-673ba027a301"},{"properties":{"displayName":"Microsoft
+ Managed Control 1131 - Protection Of Audit Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1131"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b472a17e-c2bc-493f-b50b-42d55a346962","type":"Microsoft.Authorization/policyDefinitions","name":"b472a17e-c2bc-493f-b50b-42d55a346962"},{"properties":{"displayName":"[Deprecated]:
Audit Web Sockets state for an API App","policyType":"BuiltIn","mode":"All","description":"The
Web Sockets protocol is vulnerable to different types of security threats.
Use of Web Sockets within an API app must be carefully reviewed.","metadata":{"category":"Security
@@ -2150,7 +4347,10 @@ interactions:
security contact phone number should be provided for your subscription","policyType":"BuiltIn","mode":"All","description":"Enter
a phone number to receive notifications when Azure Security Center detects
compromised resources","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/phone","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","type":"Microsoft.Authorization/policyDefinitions","name":"b4d66858-c922-44e3-9566-5cdb7a7be744"},{"properties":{"displayName":"Service
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/phone","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","type":"Microsoft.Authorization/policyDefinitions","name":"b4d66858-c922-44e3-9566-5cdb7a7be744"},{"properties":{"displayName":"Microsoft
+ Managed Control 1286 - Telecommunications Services | Provider Contingency
+ Plan","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1286"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4f9b47a-2116-4e6f-88db-4edbf22753f1","type":"Microsoft.Authorization/policyDefinitions","name":"b4f9b47a-2116-4e6f-88db-4edbf22753f1"},{"properties":{"displayName":"Service
Fabric clusters should only use Azure Active Directory for client authentication","policyType":"BuiltIn","mode":"Indexed","description":"Audit
usage of client authentication only via Azure Active Directory in Service
Fabric","metadata":{"category":"Service Fabric"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -2158,20 +4358,34 @@ interactions:
Advanced Threat Protection for Cosmos DB Accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
policy enables Advanced Threat Protection across Cosmos DB accounts.","metadata":{"category":"Cosmos
DB"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"cosmosDbAccountName":{"type":"string"}},"resources":[{"apiVersion":"2017-08-01-preview","type":"Microsoft.DocumentDB/databaseAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''cosmosDbAccountName''),
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"cosmosDbAccountName":{"type":"string"}},"resources":[{"apiVersion":"2019-01-01","type":"Microsoft.DocumentDB/databaseAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''cosmosDbAccountName''),
''/Microsoft.Security/current'')]","properties":{"isEnabled":true}}]},"parameters":{"cosmosDbAccountName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656","type":"Microsoft.Authorization/policyDefinitions","name":"b5f04e03-92a3-4b09-9410-2cc5e5047656"},{"properties":{"displayName":"Diagnostic
logs in App Services should be enabled","policyType":"BuiltIn","mode":"All","description":"Audit
enabling of diagnostic logs on the app. This enables you to recreate activity
trails for investigation purposes if a security incident occurs or your network
is compromised","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","notContains":"functionapp"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"allOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","type":"Microsoft.Authorization/policyDefinitions","name":"b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0"},{"properties":{"displayName":"Network
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","notContains":"functionapp"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"allOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","type":"Microsoft.Authorization/policyDefinitions","name":"b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1419 - Nonlocal Maintenance | Cryptographic Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1419"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6747bf9-2b97-45b8-b162-3c8becb9937d","type":"Microsoft.Authorization/policyDefinitions","name":"b6747bf9-2b97-45b8-b162-3c8becb9937d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1301 - Identification And Authentication (Org. Users) | Network
+ Access To Privileged Accounts","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1301"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08","type":"Microsoft.Authorization/policyDefinitions","name":"b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08"},{"properties":{"displayName":"Microsoft
+ Managed Control 1568 - Acquisition Process","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1568"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6a8eae8-9854-495a-ac82-d2cd3eac02a6","type":"Microsoft.Authorization/policyDefinitions","name":"b6a8eae8-9854-495a-ac82-d2cd3eac02a6"},{"properties":{"displayName":"Network
Watcher should be enabled","policyType":"BuiltIn","mode":"All","description":"Network
Watcher is a regional service that enables you to monitor and diagnose conditions
at a network scenario level in, to, and from Azure. Scenario level monitoring
enables you to diagnose problems at an end to end network level view. Network
diagnostic and visualization tools available with Network Watcher help you
understand, diagnose, and gain insights to your network in Azure.","metadata":{"category":"Network"},"parameters":{"listOfLocations":{"type":"Array","metadata":{"displayName":"Locations","description":"Audit
- if Network Watcher is not enabled for region(s).","strongType":"location"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Network/networkWatchers","resourceGroupName":"NetworkWatcherRG","existenceCondition":{"field":"location","in":"[parameters(''listOfLocations'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","type":"Microsoft.Authorization/policyDefinitions","name":"b6e2945c-0b7b-40f5-9233-7a5323b5cdc6"},{"properties":{"displayName":"API
+ if Network Watcher is not enabled for region(s).","strongType":"location"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Network/networkWatchers","resourceGroupName":"NetworkWatcherRG","existenceCondition":{"field":"location","in":"[parameters(''listOfLocations'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","type":"Microsoft.Authorization/policyDefinitions","name":"b6e2945c-0b7b-40f5-9233-7a5323b5cdc6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1608 - Supply Chain Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1608"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b73b7b3b-677c-4a2a-b949-ad4dc4acd89f","type":"Microsoft.Authorization/policyDefinitions","name":"b73b7b3b-677c-4a2a-b949-ad4dc4acd89f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1401 - Controlled Maintenance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1401"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b78ee928-e3c1-4569-ad97-9f8c4b629847","type":"Microsoft.Authorization/policyDefinitions","name":"b78ee928-e3c1-4569-ad97-9f8c4b629847"},{"properties":{"displayName":"API
App should only be accessible over HTTPS","policyType":"BuiltIn","mode":"Indexed","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -2187,13 +4401,13 @@ interactions:
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"Members":{"type":"String","metadata":{"displayName":"Members","description":"A
semicolon-separated list of all the expected members of the Administrators
local group. Ex: Administrator; myUser1; myUser2"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AdministratorsGroupMembers","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[LocalGroup]AdministratorsGroup;Members'',
- ''='', parameters(''Members'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AdministratorsGroupMembers"},"Members":{"value":"[parameters(''Members'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"Members":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;Members","value":"[parameters(''Members'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;Members","value":"[parameters(''Members'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''='', parameters(''Members'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AdministratorsGroupMembers"},"Members":{"value":"[parameters(''Members'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"Members":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;Members","value":"[parameters(''Members'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;Members","value":"[parameters(''Members'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b821191b-3a12-44bc-9c38-212138a29ff3","type":"Microsoft.Authorization/policyDefinitions","name":"b821191b-3a12-44bc-9c38-212138a29ff3"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Accounts''","policyType":"BuiltIn","mode":"All","description":"This policy
@@ -2201,7 +4415,37 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines with non-compliant settings in Group Policy category: ''Security
Options - Accounts''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAccounts","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b872a447-cc6f-43b9-bccf-45703cd81607","type":"Microsoft.Authorization/policyDefinitions","name":"b872a447-cc6f-43b9-bccf-45703cd81607"},{"properties":{"displayName":"[Preview]:
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAccounts","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b872a447-cc6f-43b9-bccf-45703cd81607","type":"Microsoft.Authorization/policyDefinitions","name":"b872a447-cc6f-43b9-bccf-45703cd81607"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Logic Apps to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Logic Apps to stream to a regional Log Analytics
+ workspace when any Logic Apps which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Logic/workflows/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"WorkflowRuntime","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721","type":"Microsoft.Authorization/policyDefinitions","name":"b889a06c-ec72-4b03-910a-cb169ee18721"},{"properties":{"displayName":"Microsoft
+ Managed Control 1257 - Contingency Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1257"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b958b241-4245-4bd6-bd2d-b8f0779fb543","type":"Microsoft.Authorization/policyDefinitions","name":"b958b241-4245-4bd6-bd2d-b8f0779fb543"},{"properties":{"displayName":"Microsoft
+ Managed Control 1186 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1186"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b95ba3bd-4ded-49ea-9d10-c6f4b680813d","type":"Microsoft.Authorization/policyDefinitions","name":"b95ba3bd-4ded-49ea-9d10-c6f4b680813d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1447 - Physical Access Authorizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1447"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b9783a99-98fe-4a95-873f-29613309fe9a","type":"Microsoft.Authorization/policyDefinitions","name":"b9783a99-98fe-4a95-873f-29613309fe9a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1625 - Boundary Protection | Access Points","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1625"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b9b66a4d-70a1-4b47-8fa1-289cec68c605","type":"Microsoft.Authorization/policyDefinitions","name":"b9b66a4d-70a1-4b47-8fa1-289cec68c605"},{"properties":{"displayName":"Microsoft
+ Managed Control 1610 - Development Process, Standards, And Tools","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1610"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b9f3fb54-4222-46a1-a308-4874061f8491","type":"Microsoft.Authorization/policyDefinitions","name":"b9f3fb54-4222-46a1-a308-4874061f8491"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Recovery console''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -2209,7 +4453,23 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - Recovery console''. For more information on
Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsRecoveryconsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b","type":"Microsoft.Authorization/policyDefinitions","name":"ba12366f-f9a6-42b8-9d98-157d0b1a837b"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsRecoveryconsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b","type":"Microsoft.Authorization/policyDefinitions","name":"ba12366f-f9a6-42b8-9d98-157d0b1a837b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1606 - Developer Security Testing And Evaluation | Threat
+ And Vulnerability Analyses","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1606"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca","type":"Microsoft.Authorization/policyDefinitions","name":"baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1726 - Information Handling And Retention","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1726"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/baff1279-05e0-4463-9a70-8ba5de4c7aa4","type":"Microsoft.Authorization/policyDefinitions","name":"baff1279-05e0-4463-9a70-8ba5de4c7aa4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1166 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1166"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bb02733d-3cc5-4bb0-a6cd-695ba2c2272e","type":"Microsoft.Authorization/policyDefinitions","name":"bb02733d-3cc5-4bb0-a6cd-695ba2c2272e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1188 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1188"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bb20548a-c926-4e4d-855c-bcddc6faf95e","type":"Microsoft.Authorization/policyDefinitions","name":"bb20548a-c926-4e4d-855c-bcddc6faf95e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1533 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1533"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bba2a036-fb3b-4261-b1be-a13dfb5fbcaa","type":"Microsoft.Authorization/policyDefinitions","name":"bba2a036-fb3b-4261-b1be-a13dfb5fbcaa"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Microsoft Network Client''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -2258,7 +4518,14 @@ interactions:
the latest supported Python version for the latest security classes. Using
older classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPython","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644","type":"Microsoft.Authorization/policyDefinitions","name":"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPython","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644","type":"Microsoft.Authorization/policyDefinitions","name":"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644"},{"properties":{"displayName":"Microsoft
+ Managed Control 1194 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1194"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc34667f-397e-4a65-9b72-d0358f0b6b09","type":"Microsoft.Authorization/policyDefinitions","name":"bc34667f-397e-4a65-9b72-d0358f0b6b09"},{"properties":{"displayName":"Microsoft
+ Managed Control 1095 - Role-Based Security Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1095"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc3f6f7a-057b-433e-9834-e8c97b0194f6","type":"Microsoft.Authorization/policyDefinitions","name":"bc3f6f7a-057b-433e-9834-e8c97b0194f6"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''System Audit Policies
- Account Logon''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -2266,7 +4533,16 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''System Audit Policies - Account Logon''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesAccountLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc87d811-4a9b-47cc-ae54-0a41abda7768","type":"Microsoft.Authorization/policyDefinitions","name":"bc87d811-4a9b-47cc-ae54-0a41abda7768"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesAccountLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc87d811-4a9b-47cc-ae54-0a41abda7768","type":"Microsoft.Authorization/policyDefinitions","name":"bc87d811-4a9b-47cc-ae54-0a41abda7768"},{"properties":{"displayName":"Microsoft
+ Managed Control 1427 - Media Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1427"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc90e44f-d83f-4bdf-900f-3d5eb4111b31","type":"Microsoft.Authorization/policyDefinitions","name":"bc90e44f-d83f-4bdf-900f-3d5eb4111b31"},{"properties":{"displayName":"Microsoft
+ Managed Control 1351 - Incident Response Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1351"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bcfb6683-05e5-4ce6-9723-c3fbe9896bdd","type":"Microsoft.Authorization/policyDefinitions","name":"bcfb6683-05e5-4ce6-9723-c3fbe9896bdd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1050 - Concurrent Session Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1050"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bd20184c-b4ec-4ce5-8db6-6e86352d183f","type":"Microsoft.Authorization/policyDefinitions","name":"bd20184c-b4ec-4ce5-8db6-6e86352d183f"},{"properties":{"displayName":"[Preview]:
IP Forwarding on your virtual machine should be disabled","policyType":"BuiltIn","mode":"All","description":"Enabling
IP forwarding on a virtual machine''s NIC allows the machine to receive traffic
addressed to other destinations. IP forwarding is rarely required (e.g., when
@@ -2291,7 +4567,38 @@ interactions:
the latest supported Java version for the latest security classes. Using older
classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6","type":"Microsoft.Authorization/policyDefinitions","name":"be0a7681-bed4-48dc-9ff3-f0171ee170b6"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6","type":"Microsoft.Authorization/policyDefinitions","name":"be0a7681-bed4-48dc-9ff3-f0171ee170b6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1360 - Incident Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1360"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/be5b05e7-0b82-4ebc-9eda-25e447b1a41e","type":"Microsoft.Authorization/policyDefinitions","name":"be5b05e7-0b82-4ebc-9eda-25e447b1a41e"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Key Vault to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Key Vault to stream to a regional Log Analytics
+ workspace when any Key Vault which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.KeyVault/vaults/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"AuditEvent","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47","type":"Microsoft.Authorization/policyDefinitions","name":"bef3f64c-5290-43b7-85b0-9b254eef4c47"},{"properties":{"displayName":"Microsoft
+ Managed Control 1152 - System Interconnections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1152"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/beff0acf-7e67-40b2-b1ca-1a0e8205cf1b","type":"Microsoft.Authorization/policyDefinitions","name":"beff0acf-7e67-40b2-b1ca-1a0e8205cf1b"},{"properties":{"displayName":"Geo-redundant
+ storage should be enabled for Storage Accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Storage Account with geo-redundant storage not enabled.","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":["Standard_GRS","Standard_RAGRS","Standard_GZRS","Standard_RAGZRS"]}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bf045164-79ba-4215-8f95-f8048dc1780b","type":"Microsoft.Authorization/policyDefinitions","name":"bf045164-79ba-4215-8f95-f8048dc1780b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1590 - External Information System Services | Risk Assessments
+ / Organizational Approvals","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1590"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bf296b8c-f391-4ea4-9198-be3c9d39dd1f","type":"Microsoft.Authorization/policyDefinitions","name":"bf296b8c-f391-4ea4-9198-be3c9d39dd1f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1446 - Physical And Environmental Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1446"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bf6850fe-abba-468e-9ef4-d09ec7d983cd","type":"Microsoft.Authorization/policyDefinitions","name":"bf6850fe-abba-468e-9ef4-d09ec7d983cd"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - Logon-Logoff''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -2312,8 +4619,42 @@ interactions:
policy governs the virtual machine extensions that are not approved.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"approvedExtensions":{"type":"Array","metadata":{"description":"The
list of approved extension types that can be installed. Example: AzureDiskEncryption","displayName":"Approved
- extensions"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines/extensions"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","notIn":"[parameters(''approvedExtensions'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432","type":"Microsoft.Authorization/policyDefinitions","name":"c0e996f8-39cf-4af9-9f45-83fbde810432"},{"properties":{"displayName":"Allow
- resource creation only in Asia data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ extensions"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines/extensions"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","notIn":"[parameters(''approvedExtensions'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432","type":"Microsoft.Authorization/policyDefinitions","name":"c0e996f8-39cf-4af9-9f45-83fbde810432"},{"properties":{"displayName":"Microsoft
+ Managed Control 1124 - Audit Reduction And Report Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1124"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c10152dd-78f8-4335-ae2d-ad92cc028da4","type":"Microsoft.Authorization/policyDefinitions","name":"c10152dd-78f8-4335-ae2d-ad92cc028da4"},{"properties":{"displayName":"Microsoft
+ Managed Control 1676 - Malicious Code Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1676"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c10fb58b-56a8-489e-9ce3-7ffe24e78e4b","type":"Microsoft.Authorization/policyDefinitions","name":"c10fb58b-56a8-489e-9ce3-7ffe24e78e4b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1719 - Spam Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1719"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c13da9b4-fe14-4fe2-853a-5997c9d4215a","type":"Microsoft.Authorization/policyDefinitions","name":"c13da9b4-fe14-4fe2-853a-5997c9d4215a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1226 - Information System Component Inventory | Automated
+ Unauthorized Component Detection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1226"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c158eb1c-ae7e-4081-8057-d527140c4e0c","type":"Microsoft.Authorization/policyDefinitions","name":"c158eb1c-ae7e-4081-8057-d527140c4e0c"},{"properties":{"displayName":"Deploy
+ associations for a custom provider","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ an association resource that associates selected resource types to the specified
+ custom provider. This policy deployment does not support nested resource types.","metadata":{"category":"Custom
+ Provider"},"parameters":{"targetCustomProviderId":{"type":"String","metadata":{"displayName":"Custom
+ provider Id","description":"Resource ID of the Custom provider to which resources
+ need to be associated."}},"resourceTypesToAssociate":{"type":"Array","metadata":{"displayName":"Resource
+ types to associate","description":"The list of resource types to be associated
+ to the custom provider.","strongType":"resourceTypes"}},"associationNamePrefix":{"type":"String","metadata":{"displayName":"Association
+ name prefix","description":"Prefix to be added to the name of the association
+ resource being created."},"defaultValue":"DeployedByPolicy"}},"policyRule":{"if":{"field":"type","in":"[parameters(''resourceTypesToAssociate'')]"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.CustomProviders/Associations","name":"[concat(parameters(''associationNamePrefix''),
+ ''-'', uniqueString(parameters(''targetCustomProviderId'')))]","roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"associatedResourceName":{"type":"string"},"resourceTypesToAssociate":{"type":"string"},"targetCustomProviderId":{"type":"string"},"associationNamePrefix":{"type":"string"}},"variables":{"resourceType":"[concat(parameters(''resourceTypesToAssociate''),
+ ''/providers/associations'')]","resourceName":"[concat(parameters(''associatedResourceName''),
+ ''/microsoft.customproviders/'', parameters(''associationNamePrefix''), ''-'',
+ uniqueString(parameters(''targetCustomProviderId'')))]"},"resources":[{"type":"Microsoft.Resources/deployments","apiVersion":"2017-05-10","name":"[concat(deployment().Name,
+ ''-2'')]","properties":{"mode":"Incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[{"type":"[variables(''resourceType'')]","name":"[variables(''resourceName'')]","apiVersion":"2018-09-01-preview","properties":{"targetResourceId":"[parameters(''targetCustomProviderId'')]"}}]}}}]},"parameters":{"resourceTypesToAssociate":{"value":"[field(''type'')]"},"associatedResourceName":{"value":"[field(''name'')]"},"targetCustomProviderId":{"value":"[parameters(''targetCustomProviderId'')]"},"associationNamePrefix":{"value":"[parameters(''associationNamePrefix'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c15c281f-ea5c-44cd-90b8-fc3c14d13f0c","type":"Microsoft.Authorization/policyDefinitions","name":"c15c281f-ea5c-44cd-90b8-fc3c14d13f0c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1629 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1629"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c171b095-7756-41de-8644-a062a96043f2","type":"Microsoft.Authorization/policyDefinitions","name":"c171b095-7756-41de-8644-a062a96043f2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1004 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1004"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c17822dc-736f-4eb4-a97d-e6be662ff835","type":"Microsoft.Authorization/policyDefinitions","name":"c17822dc-736f-4eb4-a97d-e6be662ff835"},{"properties":{"displayName":"[Deprecated]:
+ Allow resource creation only in Asia data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
resource creation in the following locations only: East Asia, Southeast Asia,
West India, South India, Central India, Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["eastasia","southeastasia","westindia","southindia","centralindia","japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94","type":"Microsoft.Authorization/policyDefinitions","name":"c1b9cbed-08e3-427d-b9ce-7c535b1e9b94"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
@@ -2334,7 +4675,9 @@ interactions:
Credential Validation;ExpectedValue'', ''='', parameters(''AuditCredentialValidation'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesAccountLogon"},"AuditCredentialValidation":{"value":"[parameters(''AuditCredentialValidation'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AuditCredentialValidation":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit
Credential Validation;ExpectedValue","value":"[parameters(''AuditCredentialValidation'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1e289c0-ffad-475d-a924-adc058765d65","type":"Microsoft.Authorization/policyDefinitions","name":"c1e289c0-ffad-475d-a924-adc058765d65"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1e289c0-ffad-475d-a924-adc058765d65","type":"Microsoft.Authorization/policyDefinitions","name":"c1e289c0-ffad-475d-a924-adc058765d65"},{"properties":{"displayName":"Microsoft
+ Managed Control 1503 - Information Security Architecture","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1503"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1fa9c2f-d439-4ab9-8b83-81fb1934f81d","type":"Microsoft.Authorization/policyDefinitions","name":"c1fa9c2f-d439-4ab9-8b83-81fb1934f81d"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that are not set to the specified time
zone","policyType":"BuiltIn","mode":"Indexed","description":"This policy creates
a Guest Configuration assignment to audit Windows virtual machines that are
@@ -2395,13 +4738,13 @@ interactions:
Fiji","(UTC+12:00) Petropavlovsk-Kamchatsky - Old","(UTC+12:45) Chatham Islands","(UTC+13:00)
Coordinated Universal Time+13","(UTC+13:00) Nuku''alofa","(UTC+13:00) Samoa","(UTC+14:00)
Kiritimati Island"]}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsTimeZone","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[WindowsTimeZone]WindowsTimeZone1;TimeZone'',
- ''='', parameters(''TimeZone'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsTimeZone"},"TimeZone":{"value":"[parameters(''TimeZone'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"TimeZone":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''='', parameters(''TimeZone'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsTimeZone"},"TimeZone":{"value":"[parameters(''TimeZone'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"TimeZone":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c21f7060-c148-41cf-a68b-0ab3e14c764c","type":"Microsoft.Authorization/policyDefinitions","name":"c21f7060-c148-41cf-a68b-0ab3e14c764c"},{"properties":{"displayName":"Show
audit results from Windows VMs on which the specified services are not installed
and ''Running''","policyType":"BuiltIn","mode":"All","description":"This policy
@@ -2409,7 +4752,24 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines on which the specified services are not installed and ''Running''.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsServiceStatus","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a","type":"Microsoft.Authorization/policyDefinitions","name":"c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a"},{"properties":{"displayName":"System
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsServiceStatus","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a","type":"Microsoft.Authorization/policyDefinitions","name":"c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a"},{"properties":{"displayName":"Ensure
+ that ''.Net Framework'' version is the latest, if used as a part of the API
+ app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for .Net Framework software either due to security
+ flaws or to include additional functionality. Using the latest .Net framework
+ version for web apps is recommended in order to to take advantage of security
+ fixes, if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.netFrameworkVersion","in":["v3.0","v4.0"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c2e7ca55-f62c-49b2-89a4-d41eb661d2f0","type":"Microsoft.Authorization/policyDefinitions","name":"c2e7ca55-f62c-49b2-89a4-d41eb661d2f0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1176 - Baseline Configuration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1176"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c30690a5-7bf3-467f-b0cd-ef5c7c7449cd","type":"Microsoft.Authorization/policyDefinitions","name":"c30690a5-7bf3-467f-b0cd-ef5c7c7449cd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1389 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1389"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c39e6fda-ae70-4891-a739-be7bba6d1062","type":"Microsoft.Authorization/policyDefinitions","name":"c39e6fda-ae70-4891-a739-be7bba6d1062"},{"properties":{"displayName":"Microsoft
+ Managed Control 1390 - Information Spillage Response | Responsible Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1390"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c3b65b63-09ec-4cb5-8028-7dd324d10eb0","type":"Microsoft.Authorization/policyDefinitions","name":"c3b65b63-09ec-4cb5-8028-7dd324d10eb0"},{"properties":{"displayName":"System
updates on virtual machine scale sets should be installed","policyType":"BuiltIn","mode":"Indexed","description":"Audit
whether there are any missing system security updates and critical updates
that should be installed to ensure that your Windows and Linux virtual machine
@@ -2421,11 +4781,37 @@ interactions:
auditing Linux virtual machines that have accounts without passwords. For
more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid232","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","type":"Microsoft.Authorization/policyDefinitions","name":"c40c9087-1981-4e73-9f53-39743eda9d05"},{"properties":{"displayName":"Microsoft
+ Managed Control 1220 - Least Functionality | Authorized Software / Whitelisting","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1220"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c40f31a7-81e1-4130-99e5-a02ceea2a1d6","type":"Microsoft.Authorization/policyDefinitions","name":"c40f31a7-81e1-4130-99e5-a02ceea2a1d6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1513 - Personnel Screening | Information With Special Protection
+ Measures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1513"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c416970d-b12b-49eb-8af4-fb144cd7c290","type":"Microsoft.Authorization/policyDefinitions","name":"c416970d-b12b-49eb-8af4-fb144cd7c290"},{"properties":{"displayName":"Microsoft
Antimalware for Azure should be configured to automatically update protection
signatures","policyType":"BuiltIn","mode":"Indexed","description":"This policy
audits any Windows virtual machine not configured with automatic update of
Microsoft Antimalware protection signatures.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType","equals":"Windows"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"},{"field":"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c43e4a30-77cb-48ab-a4dd-93f175c63b57","type":"Microsoft.Authorization/policyDefinitions","name":"c43e4a30-77cb-48ab-a4dd-93f175c63b57"},{"properties":{"displayName":"[Preview]:
+ Container Registry should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Container Registry not configured to use a virtual network
+ service endpoint.","metadata":{"category":"Network","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerRegistry/registries"},{"anyOf":[{"field":"Microsoft.ContainerRegistry/registries/networkRuleSet.defaultAction","notEquals":"Deny"},{"field":"Microsoft.ContainerRegistry/registries/networkRuleSet.virtualNetworkRules[*].action","exists":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c4857be7-912a-4c75-87e6-e30292bcdf78","type":"Microsoft.Authorization/policyDefinitions","name":"c4857be7-912a-4c75-87e6-e30292bcdf78"},{"properties":{"displayName":"Microsoft
+ Managed Control 1235 - Software Usage Restrictions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1235"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c49c610b-ece4-44b3-988c-2172b70d6e46","type":"Microsoft.Authorization/policyDefinitions","name":"c49c610b-ece4-44b3-988c-2172b70d6e46"},{"properties":{"displayName":"Microsoft
+ Managed Control 1173 - Internal System Connections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1173"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c4aff9e7-2e60-46fa-86be-506b79033fc5","type":"Microsoft.Authorization/policyDefinitions","name":"c4aff9e7-2e60-46fa-86be-506b79033fc5"},{"properties":{"displayName":"Managed
+ identity should be used in your API App","policyType":"BuiltIn","mode":"Indexed","description":"Use
+ a managed identity for enhanced authentication security","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","type":"Microsoft.Authorization/policyDefinitions","name":"c4d441f8-f9d9-4a9e-9cef-e82117cb3eef"},{"properties":{"displayName":"Microsoft
+ Managed Control 1600 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1600"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c53f3123-d233-44a7-930b-f40d3bfeb7d6","type":"Microsoft.Authorization/policyDefinitions","name":"c53f3123-d233-44a7-930b-f40d3bfeb7d6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1408 - Maintenance Tools | Prevent Unauthorized Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1408"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c5f56ac6-4bb2-4086-bc41-ad76344ba2c2","type":"Microsoft.Authorization/policyDefinitions","name":"c5f56ac6-4bb2-4086-bc41-ad76344ba2c2"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that contain certificates expiring
within the specified number of days","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -2459,26 +4845,67 @@ interactions:
''='', parameters(''ExpirationLimitInDays''), '','', ''[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude'',
''='', parameters(''CertificateThumbprintsToInclude''), '','', ''[CertificateStore]CertificateStore1;CertificateThumbprintsToExclude'',
''='', parameters(''CertificateThumbprintsToExclude''), '','', ''[CertificateStore]CertificateStore1;IncludeExpiredCertificates'',
- ''='', parameters(''IncludeExpiredCertificates'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"CertificateExpiration"},"CertificateStorePath":{"value":"[parameters(''CertificateStorePath'')]"},"ExpirationLimitInDays":{"value":"[parameters(''ExpirationLimitInDays'')]"},"CertificateThumbprintsToInclude":{"value":"[parameters(''CertificateThumbprintsToInclude'')]"},"CertificateThumbprintsToExclude":{"value":"[parameters(''CertificateThumbprintsToExclude'')]"},"IncludeExpiredCertificates":{"value":"[parameters(''IncludeExpiredCertificates'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"CertificateStorePath":{"type":"string"},"ExpirationLimitInDays":{"type":"string"},"CertificateThumbprintsToInclude":{"type":"string"},"CertificateThumbprintsToExclude":{"type":"string"},"IncludeExpiredCertificates":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateStorePath","value":"[parameters(''CertificateStorePath'')]"},{"name":"[CertificateStore]CertificateStore1;ExpirationLimitInDays","value":"[parameters(''ExpirationLimitInDays'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprintsToInclude'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToExclude","value":"[parameters(''CertificateThumbprintsToExclude'')]"},{"name":"[CertificateStore]CertificateStore1;IncludeExpiredCertificates","value":"[parameters(''IncludeExpiredCertificates'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateStorePath","value":"[parameters(''CertificateStorePath'')]"},{"name":"[CertificateStore]CertificateStore1;ExpirationLimitInDays","value":"[parameters(''ExpirationLimitInDays'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprintsToInclude'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToExclude","value":"[parameters(''CertificateThumbprintsToExclude'')]"},{"name":"[CertificateStore]CertificateStore1;IncludeExpiredCertificates","value":"[parameters(''IncludeExpiredCertificates'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c5fbc59e-fb6f-494f-81e2-d99a671bdaa8","type":"Microsoft.Authorization/policyDefinitions","name":"c5fbc59e-fb6f-494f-81e2-d99a671bdaa8"},{"properties":{"displayName":"Email
+ ''='', parameters(''IncludeExpiredCertificates'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"CertificateExpiration"},"CertificateStorePath":{"value":"[parameters(''CertificateStorePath'')]"},"ExpirationLimitInDays":{"value":"[parameters(''ExpirationLimitInDays'')]"},"CertificateThumbprintsToInclude":{"value":"[parameters(''CertificateThumbprintsToInclude'')]"},"CertificateThumbprintsToExclude":{"value":"[parameters(''CertificateThumbprintsToExclude'')]"},"IncludeExpiredCertificates":{"value":"[parameters(''IncludeExpiredCertificates'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"CertificateStorePath":{"type":"string"},"ExpirationLimitInDays":{"type":"string"},"CertificateThumbprintsToInclude":{"type":"string"},"CertificateThumbprintsToExclude":{"type":"string"},"IncludeExpiredCertificates":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateStorePath","value":"[parameters(''CertificateStorePath'')]"},{"name":"[CertificateStore]CertificateStore1;ExpirationLimitInDays","value":"[parameters(''ExpirationLimitInDays'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprintsToInclude'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToExclude","value":"[parameters(''CertificateThumbprintsToExclude'')]"},{"name":"[CertificateStore]CertificateStore1;IncludeExpiredCertificates","value":"[parameters(''IncludeExpiredCertificates'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateStorePath","value":"[parameters(''CertificateStorePath'')]"},{"name":"[CertificateStore]CertificateStore1;ExpirationLimitInDays","value":"[parameters(''ExpirationLimitInDays'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprintsToInclude'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToExclude","value":"[parameters(''CertificateThumbprintsToExclude'')]"},{"name":"[CertificateStore]CertificateStore1;IncludeExpiredCertificates","value":"[parameters(''IncludeExpiredCertificates'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c5fbc59e-fb6f-494f-81e2-d99a671bdaa8","type":"Microsoft.Authorization/policyDefinitions","name":"c5fbc59e-fb6f-494f-81e2-d99a671bdaa8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1670 - Flaw Remediation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1670"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c6108469-57ee-4666-af7e-79ba61c7ae0c","type":"Microsoft.Authorization/policyDefinitions","name":"c6108469-57ee-4666-af7e-79ba61c7ae0c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1190 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1190"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c66a3d1e-465b-4f28-9da5-aef701b59892","type":"Microsoft.Authorization/policyDefinitions","name":"c66a3d1e-465b-4f28-9da5-aef701b59892"},{"properties":{"displayName":"Microsoft
+ Managed Control 1120 - Audit Review, Analysis, And Reporting | Integration
+ / Scanning And Monitoring Capabilities","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1120"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c69b870e-857b-458b-af02-bb234f7a00d3","type":"Microsoft.Authorization/policyDefinitions","name":"c69b870e-857b-458b-af02-bb234f7a00d3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1125 - Audit Reduction And Report Generation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1125"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c6ce745a-670e-47d3-a6c4-3cfe5ef00c10","type":"Microsoft.Authorization/policyDefinitions","name":"c6ce745a-670e-47d3-a6c4-3cfe5ef00c10"},{"properties":{"displayName":"Microsoft
+ Managed Control 1619 - Information In Shared Resources","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1619"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c722e569-cb52-45f3-a643-836547d016e1","type":"Microsoft.Authorization/policyDefinitions","name":"c722e569-cb52-45f3-a643-836547d016e1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1121 - Audit Review, Analysis, And Reporting | Correlation
+ With Physical Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1121"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c72b0eb9-1fc2-44e5-a866-e7cb0532f7c1","type":"Microsoft.Authorization/policyDefinitions","name":"c72b0eb9-1fc2-44e5-a866-e7cb0532f7c1"},{"properties":{"displayName":"Microsoft
+ Managed Control 1353 - Incident Response Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1353"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c785ad59-f78f-44ad-9a7f-d1202318c748","type":"Microsoft.Authorization/policyDefinitions","name":"c785ad59-f78f-44ad-9a7f-d1202318c748"},{"properties":{"displayName":"Email
notifications to admins and subscription owners should be enabled in SQL server
advanced data security settings","policyType":"BuiltIn","mode":"Indexed","description":"Audit
that ''email notification to admins and subscription owners'' is enabled in
the SQL server advanced threat protection settings. This ensures that any
detections of anomalous activities on SQL server are reported as soon as possible
to the admins.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","type":"Microsoft.Authorization/policyDefinitions","name":"c8343d2f-fdc9-4a97-b76f-fc71d1163bfc"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","type":"Microsoft.Authorization/policyDefinitions","name":"c8343d2f-fdc9-4a97-b76f-fc71d1163bfc"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Batch Account to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Batch Account to stream to a regional Log Analytics
+ workspace when any Batch Account which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Batch/batchAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Batch/batchAccounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ServiceLog","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5","type":"Microsoft.Authorization/policyDefinitions","name":"c84e5349-db6d-4769-805e-e14037dab9b5"},{"properties":{"displayName":"[Deprecated]:
API App should only be accessible over HTTPS","policyType":"BuiltIn","mode":"All","description":"Use
of HTTPS ensures server/service authentication and protects data in transit
from network layer eavesdropping attacks.","metadata":{"category":"Security
Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForApiApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d","type":"Microsoft.Authorization/policyDefinitions","name":"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForApiApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d","type":"Microsoft.Authorization/policyDefinitions","name":"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1470 - Emergency Shutoff","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1470"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c89ba09f-2e0f-44d0-8095-65b05bd151ef","type":"Microsoft.Authorization/policyDefinitions","name":"c89ba09f-2e0f-44d0-8095-65b05bd151ef"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Interactive Logon''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -2486,7 +4913,10 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - Interactive Logon''. For more information on
Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsInteractiveLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8abcef9-fc26-482f-b8db-5fa60ee4586d","type":"Microsoft.Authorization/policyDefinitions","name":"c8abcef9-fc26-482f-b8db-5fa60ee4586d"},{"properties":{"displayName":"Diagnostic
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsInteractiveLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8abcef9-fc26-482f-b8db-5fa60ee4586d","type":"Microsoft.Authorization/policyDefinitions","name":"c8abcef9-fc26-482f-b8db-5fa60ee4586d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1018 - Account Management | Role-Based Schemes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1018"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c9121abf-e698-4ee9-b1cf-71ee528ff07f","type":"Microsoft.Authorization/policyDefinitions","name":"c9121abf-e698-4ee9-b1cf-71ee528ff07f"},{"properties":{"displayName":"Diagnostic
logs in Data Lake Analytics should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
@@ -2507,13 +4937,13 @@ interactions:
and deploys the VM extension for Guest Configuration. This policy should only
be used along with its corresponding audit policy in an initiative. For more
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPendingReboot"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPendingReboot"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c96f3246-4382-4264-bf6b-af0b35e23c3c","type":"Microsoft.Authorization/policyDefinitions","name":"c96f3246-4382-4264-bf6b-af0b35e23c3c"},{"properties":{"displayName":"Deploy
Diagnostic Settings for Network Security Groups","policyType":"BuiltIn","mode":"Indexed","description":"This
policy automatically deploys diagnostic settings to network security groups.
@@ -2535,11 +4965,30 @@ interactions:
service work as intended, allow the set of trusted Microsoft services to bypass
the network rules. These services will then use strong authentication to access
the storage account.","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","exists":"true"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","notContains":"AzureServices"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","type":"Microsoft.Authorization/policyDefinitions","name":"c9d007d0-c057-4772-b18c-01e546713bcd"},{"properties":{"displayName":"Remote
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","exists":"true"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","notContains":"AzureServices"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","type":"Microsoft.Authorization/policyDefinitions","name":"c9d007d0-c057-4772-b18c-01e546713bcd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1035 - Least Privilege | Authorize Access To Security Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1035"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ca94b046-45e2-444f-a862-dc8ce262a516","type":"Microsoft.Authorization/policyDefinitions","name":"ca94b046-45e2-444f-a862-dc8ce262a516"},{"properties":{"displayName":"Microsoft
+ Managed Control 1243 - Contingency Planning Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1243"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ca9a4469-d6df-4ab2-a42f-1213c396f0ec","type":"Microsoft.Authorization/policyDefinitions","name":"ca9a4469-d6df-4ab2-a42f-1213c396f0ec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1306 - Identification And Authentication (Org. Users) | Net.
+ Access To Priv. Accts. - Replay","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1306"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff","type":"Microsoft.Authorization/policyDefinitions","name":"cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff"},{"properties":{"displayName":"Remote
debugging should be turned off for Web Applications","policyType":"BuiltIn","mode":"Indexed","description":"Remote
debugging requires inbound ports to be opened on a web application. Remote
debugging should be turned off.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","type":"Microsoft.Authorization/policyDefinitions","name":"cb510bfd-1cba-4d9f-a230-cb0976f4bb71"},{"properties":{"displayName":"Show
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","type":"Microsoft.Authorization/policyDefinitions","name":"cb510bfd-1cba-4d9f-a230-cb0976f4bb71"},{"properties":{"displayName":"Microsoft
+ Managed Control 1486 - Alternate Work Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1486"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cb790345-a51f-43de-934e-98dbfaf9dca5","type":"Microsoft.Authorization/policyDefinitions","name":"cb790345-a51f-43de-934e-98dbfaf9dca5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1167 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1167"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cbb2be76-4891-430b-95a7-ca0b0a3d1300","type":"Microsoft.Authorization/policyDefinitions","name":"cbb2be76-4891-430b-95a7-ca0b0a3d1300"},{"properties":{"displayName":"Microsoft
+ Managed Control 1374 - Incident Response Assistance","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1374"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cc5c8616-52ef-4e5e-8000-491634ed9249","type":"Microsoft.Authorization/policyDefinitions","name":"cc5c8616-52ef-4e5e-8000-491634ed9249"},{"properties":{"displayName":"Show
audit results from Windows VMs in which the Administrators group does not
contain only the specified members","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -2558,15 +5007,31 @@ interactions:
policy enables you to specify a set of virtual machine SKUs that your organization
can deploy.","metadata":{"category":"Compute"},"parameters":{"listOfAllowedSKUs":{"type":"Array","metadata":{"description":"The
list of SKUs that can be specified for virtual machines.","displayName":"Allowed
- SKUs","strongType":"VMSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"field":"Microsoft.Compute/virtualMachines/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3","type":"Microsoft.Authorization/policyDefinitions","name":"cccc23c7-8427-4f53-ad12-b6a63eb452b3"},{"properties":{"displayName":"Allow
- resource creation if ''department'' tag set","policyType":"BuiltIn","mode":"Indexed","description":"Allows
- resource creation only if the ''department'' tag is set","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags","containsKey":"department"}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064","type":"Microsoft.Authorization/policyDefinitions","name":"cd8dc879-a2ae-43c3-8211-1877c5755064"},{"properties":{"displayName":"[Preview]:
+ SKUs","strongType":"VMSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"field":"Microsoft.Compute/virtualMachines/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3","type":"Microsoft.Authorization/policyDefinitions","name":"cccc23c7-8427-4f53-ad12-b6a63eb452b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1443 - Media Use","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1443"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd0ec6fa-a2e7-4361-aee4-a8688659a9ed","type":"Microsoft.Authorization/policyDefinitions","name":"cd0ec6fa-a2e7-4361-aee4-a8688659a9ed"},{"properties":{"displayName":"Inherit
+ a tag from the resource group","policyType":"BuiltIn","mode":"Indexed","description":"Adds
+ or replaces the specified tag and value from the parent resource group when
+ any resource is created or updated. Existing resources can be remediated by
+ triggering a remediation task.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"allOf":[{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","notEquals":"[resourceGroup().tags[parameters(''tagName'')]]"},{"value":"[resourceGroup().tags[parameters(''tagName'')]]","notEquals":""}]},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"addOrReplace","field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","value":"[resourceGroup().tags[parameters(''tagName'')]]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd3aa116-8754-49c9-a813-ad46512ece54","type":"Microsoft.Authorization/policyDefinitions","name":"cd3aa116-8754-49c9-a813-ad46512ece54"},{"properties":{"displayName":"[Deprecated]:
+ Allow resource creation if ''department'' tag set","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ resource creation only if the ''department'' tag is set","metadata":{"category":"Tags","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags","containsKey":"department"}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064","type":"Microsoft.Authorization/policyDefinitions","name":"cd8dc879-a2ae-43c3-8211-1877c5755064"},{"properties":{"displayName":"Microsoft
+ Managed Control 1582 - Information System Documentation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1582"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd9e2f38-259b-462c-bfad-0ad7ab4e65c5","type":"Microsoft.Authorization/policyDefinitions","name":"cd9e2f38-259b-462c-bfad-0ad7ab4e65c5"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs that allow re-use of the previous 24 passwords","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines that allow re-use of the previous 24 passwords.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","type":"Microsoft.Authorization/policyDefinitions","name":"cdbf72d9-ac9c-4026-8a3a-491a5ac59293"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","type":"Microsoft.Authorization/policyDefinitions","name":"cdbf72d9-ac9c-4026-8a3a-491a5ac59293"},{"properties":{"displayName":"Microsoft
+ Managed Control 1104 - Audit Events","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1104"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cdd8d244-18b2-4306-a1d1-df175ae0935f","type":"Microsoft.Authorization/policyDefinitions","name":"cdd8d244-18b2-4306-a1d1-df175ae0935f"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - Privilege Use''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -2577,14 +5042,45 @@ interactions:
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPrivilegeUse","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesPrivilegeUse"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ce2370f6-0ac5-4d85-8ab4-10721cc640b0","type":"Microsoft.Authorization/policyDefinitions","name":"ce2370f6-0ac5-4d85-8ab4-10721cc640b0"},{"properties":{"displayName":"Diagnostic
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ce2370f6-0ac5-4d85-8ab4-10721cc640b0","type":"Microsoft.Authorization/policyDefinitions","name":"ce2370f6-0ac5-4d85-8ab4-10721cc640b0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1209 - Configuration Settings","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1209"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ce669c31-9103-4552-ae9c-cdef4e03580d","type":"Microsoft.Authorization/policyDefinitions","name":"ce669c31-9103-4552-ae9c-cdef4e03580d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1242 - Contingency Planning Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1242"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf3b3293-667a-445e-a722-fa0b0afc0958","type":"Microsoft.Authorization/policyDefinitions","name":"cf3b3293-667a-445e-a722-fa0b0afc0958"},{"properties":{"displayName":"Microsoft
+ Managed Control 1097 - Role-Based Security Training | Suspicious Communications
+ And Anomalous System Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1097"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf3e4836-f19e-47eb-a8cd-c3ca150452c0","type":"Microsoft.Authorization/policyDefinitions","name":"cf3e4836-f19e-47eb-a8cd-c3ca150452c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1424 - Maintenance Personnel | Individuals Without Appropriate
+ Access","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1424"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf55fc87-48e1-4676-a2f8-d9a8cf993283","type":"Microsoft.Authorization/policyDefinitions","name":"cf55fc87-48e1-4676-a2f8-d9a8cf993283"},{"properties":{"displayName":"Diagnostic
logs in Key Vault should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Key Vault"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","type":"Microsoft.Authorization/policyDefinitions","name":"cf820ca0-f99e-4f3e-84fb-66e913812d21"},{"properties":{"displayName":"Enforce
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","type":"Microsoft.Authorization/policyDefinitions","name":"cf820ca0-f99e-4f3e-84fb-66e913812d21"},{"properties":{"displayName":"Microsoft
+ Managed Control 1292 - Information System Backup | Test Restoration Using
+ Sampling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1292"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d03516cf-0293-489f-9b32-a18f2a79f836","type":"Microsoft.Authorization/policyDefinitions","name":"d03516cf-0293-489f-9b32-a18f2a79f836"},{"properties":{"displayName":"Microsoft
+ Managed Control 1724 - Error Handling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1724"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d07594d1-0307-4c08-94db-5d71ff31f0f6","type":"Microsoft.Authorization/policyDefinitions","name":"d07594d1-0307-4c08-94db-5d71ff31f0f6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1084 - Publicly Accessible Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1084"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d0eb15db-dd1c-4d1d-b200-b12dd6cd060c","type":"Microsoft.Authorization/policyDefinitions","name":"d0eb15db-dd1c-4d1d-b200-b12dd6cd060c"},{"properties":{"displayName":"Add
+ or replace a tag on resource groups","policyType":"BuiltIn","mode":"All","description":"Adds
+ or replaces the specified tag and value when any resource group is created
+ or updated. Existing resource groups can be remediated by triggering a remediation
+ task.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
+ Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","notEquals":"[parameters(''tagValue'')]"}]},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"addOrReplace","field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d157c373-a6c4-483d-aaad-570756956268","type":"Microsoft.Authorization/policyDefinitions","name":"d157c373-a6c4-483d-aaad-570756956268"},{"properties":{"displayName":"Enforce
SSL connection should be enabled for PostgreSQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any PostgreSQL server that is not enforcing SSL connection.
Azure Database for PostgreSQL prefers connecting your client applications
@@ -2592,11 +5088,30 @@ interactions:
connections between your database server and your client applications helps
protect against ''man-in-the-middle'' attacks by encrypting the data stream
between the server and your application","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","type":"Microsoft.Authorization/policyDefinitions","name":"d158790f-bfb0-486c-8631-2dc6b4e8e6af"},{"properties":{"displayName":"[Deprecated]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","type":"Microsoft.Authorization/policyDefinitions","name":"d158790f-bfb0-486c-8631-2dc6b4e8e6af"},{"properties":{"displayName":"Microsoft
+ Managed Control 1620 - Denial Of Service Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1620"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d17c826b-1dec-43e1-a984-7b71c446649c","type":"Microsoft.Authorization/policyDefinitions","name":"d17c826b-1dec-43e1-a984-7b71c446649c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1409 - Maintenance Tools | Prevent Unauthorized Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1409"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d1880188-e51a-4772-b2ab-68f5e8bd27f6","type":"Microsoft.Authorization/policyDefinitions","name":"d1880188-e51a-4772-b2ab-68f5e8bd27f6"},{"properties":{"displayName":"[Deprecated]:
Audit Function Apps that are not using custom domains","policyType":"BuiltIn","mode":"All","description":"Use
of custom domains protects a Function app from common attacks such as phishing
and other DNS-related attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c","type":"Microsoft.Authorization/policyDefinitions","name":"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c","type":"Microsoft.Authorization/policyDefinitions","name":"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1195 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1195"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d1e1d65c-1013-4484-bd54-991332e6a0d2","type":"Microsoft.Authorization/policyDefinitions","name":"d1e1d65c-1013-4484-bd54-991332e6a0d2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1721 - Spam Protection | Central Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1721"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a","type":"Microsoft.Authorization/policyDefinitions","name":"d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1106 - Audit Events | Reviews And Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1106"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d2b4feae-61ab-423f-a4c5-0e38ac4464d8","type":"Microsoft.Authorization/policyDefinitions","name":"d2b4feae-61ab-423f-a4c5-0e38ac4464d8"},{"properties":{"displayName":"Microsoft
+ Managed Control 1030 - Information Flow Enforcement | Physical / Logical Separation
+ Of Information Flows","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1030"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d3531453-b869-4606-9122-29c1cd6e7ed1","type":"Microsoft.Authorization/policyDefinitions","name":"d3531453-b869-4606-9122-29c1cd6e7ed1"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs on which the DSC configuration is
not compliant","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows VMs on which
@@ -2606,21 +5121,127 @@ interactions:
Configuration. This policy should only be used along with its corresponding
audit policy in an initiative. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDscConfiguration","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDscConfiguration"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d38b4c26-9d2e-47d7-aefe-18d859a8706a","type":"Microsoft.Authorization/policyDefinitions","name":"d38b4c26-9d2e-47d7-aefe-18d859a8706a"},{"properties":{"displayName":"Show
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDscConfiguration","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDscConfiguration"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d38b4c26-9d2e-47d7-aefe-18d859a8706a","type":"Microsoft.Authorization/policyDefinitions","name":"d38b4c26-9d2e-47d7-aefe-18d859a8706a"},{"properties":{"displayName":"Long-term
+ geo-redundant backup should be enabled for Azure SQL Databases","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure SQL Database with long-term geo-redundant backup not
+ enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies","name":"default","existenceCondition":{"anyOf":[{"field":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies/weeklyRetention","notEquals":"PT0S"},{"field":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies/monthlyRetention","notEquals":"PT0S"},{"field":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies/yearlyRetention","notEquals":"PT0S"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","type":"Microsoft.Authorization/policyDefinitions","name":"d38fc420-0735-4ef3-ac11-c806f651a570"},{"properties":{"displayName":"Microsoft
+ Managed Control 1641 - Transmission Confidentiality And Integrity | Cryptographic
+ Or Alternate Physical Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1641"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d39d4f68-7346-4133-8841-15318a714a24","type":"Microsoft.Authorization/policyDefinitions","name":"d39d4f68-7346-4133-8841-15318a714a24"},{"properties":{"displayName":"Microsoft
+ Managed Control 1249 - Contingency Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1249"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d3bf4251-0818-42db-950b-afd5b25a51c2","type":"Microsoft.Authorization/policyDefinitions","name":"d3bf4251-0818-42db-950b-afd5b25a51c2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1562 - Allocation Of Resources","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1562"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d4142013-7964-4163-a313-a900301c2cef","type":"Microsoft.Authorization/policyDefinitions","name":"d4142013-7964-4163-a313-a900301c2cef"},{"properties":{"displayName":"Virtual
+ machines should be connected to an approved virtual network","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any virtual machine connected to a virtual network that is not
+ approved.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"virtualNetworkId":{"type":"String","metadata":{"displayName":"Virtual
+ network Id","description":"Resource Id of the virtual network. Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroupName/providers/Microsoft.Network/virtualNetworks/Name"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"not":{"field":"Microsoft.Network/networkInterfaces/ipconfigurations[*].subnet.id","like":"[concat(parameters(''virtualNetworkId''),''/*'')]"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d416745a-506c-48b6-8ab1-83cb814bcaa3","type":"Microsoft.Authorization/policyDefinitions","name":"d416745a-506c-48b6-8ab1-83cb814bcaa3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1383 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1383"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d4558451-e16a-4d2d-a066-fe12a6282bb9","type":"Microsoft.Authorization/policyDefinitions","name":"d4558451-e16a-4d2d-a066-fe12a6282bb9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1112 - Response To Audit Processing Failures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1112"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d530aad8-4ee2-45f4-b234-c061dae683c0","type":"Microsoft.Authorization/policyDefinitions","name":"d530aad8-4ee2-45f4-b234-c061dae683c0"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Data Lake Analytics to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Analytics to stream to a regional Log
+ Analytics workspace when any Data Lake Analytics which is missing this diagnostic
+ settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeAnalytics/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeAnalytics/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03","type":"Microsoft.Authorization/policyDefinitions","name":"d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03"},{"properties":{"displayName":"Microsoft
+ Managed Control 1585 - Security Engineering Principles","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1585"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d57f8732-5cdc-4cda-8d27-ab148e1f3a55","type":"Microsoft.Authorization/policyDefinitions","name":"d57f8732-5cdc-4cda-8d27-ab148e1f3a55"},{"properties":{"displayName":"Microsoft
+ Managed Control 1667 - System And Information Integrity Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1667"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d61880dc-6e38-4f2a-a30c-3406a98f8220","type":"Microsoft.Authorization/policyDefinitions","name":"d61880dc-6e38-4f2a-a30c-3406a98f8220"},{"properties":{"displayName":"Microsoft
+ Managed Control 1150 - Security Assessments | External Organizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1150"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d630429d-e763-40b1-8fba-d20ba7314afb","type":"Microsoft.Authorization/policyDefinitions","name":"d630429d-e763-40b1-8fba-d20ba7314afb"},{"properties":{"displayName":"Event
+ Hub should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Event Hub not configured to use a virtual network service
+ endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.EventHub/namespaces/virtualNetworkRules","existenceCondition":{"field":"Microsoft.EventHub/namespaces/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d63edb4a-c612-454d-b47d-191a724fcbf0","type":"Microsoft.Authorization/policyDefinitions","name":"d63edb4a-c612-454d-b47d-191a724fcbf0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1549 - Vulnerability Scanning","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1549"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d6976a08-d969-4df2-bb38-29556c2eb48a","type":"Microsoft.Authorization/policyDefinitions","name":"d6976a08-d969-4df2-bb38-29556c2eb48a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1473 - Emergency Power","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1473"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d7047705-d719-46a7-8bb0-76ad233eba71","type":"Microsoft.Authorization/policyDefinitions","name":"d7047705-d719-46a7-8bb0-76ad233eba71"},{"properties":{"displayName":"Microsoft
+ Managed Control 1529 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1529"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d74fdc92-1cb8-4a34-9978-8556425cd14c","type":"Microsoft.Authorization/policyDefinitions","name":"d74fdc92-1cb8-4a34-9978-8556425cd14c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1350 - Identification And Authentication (Non-Org. Users)
+ | Use Of FICAM-Issued Profiles","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1350"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d77fd943-6ba6-4a21-ba07-22b03e347cc4","type":"Microsoft.Authorization/policyDefinitions","name":"d77fd943-6ba6-4a21-ba07-22b03e347cc4"},{"properties":{"displayName":"Show
audit results from Windows Server VMs on which Windows Serial Console is not
enabled","policyType":"BuiltIn","mode":"All","description":"This policy should
only be used along with its corresponding deploy policy in an initiative.
This definition allows Azure Policy to process the results of auditing Windows
Server virtual machines on which Windows Serial Console is not enabled. For
more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsSerialConsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d7ccd0ca-8d78-42af-a43d-6b7f928accbc","type":"Microsoft.Authorization/policyDefinitions","name":"d7ccd0ca-8d78-42af-a43d-6b7f928accbc"},{"properties":{"displayName":"[Deprecated]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsSerialConsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d7ccd0ca-8d78-42af-a43d-6b7f928accbc","type":"Microsoft.Authorization/policyDefinitions","name":"d7ccd0ca-8d78-42af-a43d-6b7f928accbc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1016 - Account Management | Automated Audit Actions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1016"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d8b43277-512e-40c3-ab00-14b3b6e72238","type":"Microsoft.Authorization/policyDefinitions","name":"d8b43277-512e-40c3-ab00-14b3b6e72238"},{"properties":{"displayName":"Microsoft
+ Managed Control 1488 - Alternate Work Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1488"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d8ef30eb-a44f-47af-8524-ac19a36d41d2","type":"Microsoft.Authorization/policyDefinitions","name":"d8ef30eb-a44f-47af-8524-ac19a36d41d2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1577 - Acquisition Process | Continuous Monitoring Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1577"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d922484a-8cfc-4a6b-95a4-77d6a685407f","type":"Microsoft.Authorization/policyDefinitions","name":"d922484a-8cfc-4a6b-95a4-77d6a685407f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1271 - Alternate Storage Site | Accessibility","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1271"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/da3bfb53-9c46-4010-b3db-a7ba1296dada","type":"Microsoft.Authorization/policyDefinitions","name":"da3bfb53-9c46-4010-b3db-a7ba1296dada"},{"properties":{"displayName":"Microsoft
+ Managed Control 1516 - Personnel Termination","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1516"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/da3cd269-156f-435b-b472-c3af34c032ed","type":"Microsoft.Authorization/policyDefinitions","name":"da3cd269-156f-435b-b472-c3af34c032ed"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Batch Account to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Batch Account to stream to a regional Event Hub
+ when any Batch Account which is missing this diagnostic settings is created
+ or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Batch/batchAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Batch/batchAccounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ServiceLog","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/db51110f-0865-4a6e-b274-e2e07a5b2cd7","type":"Microsoft.Authorization/policyDefinitions","name":"db51110f-0865-4a6e-b274-e2e07a5b2cd7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1277 - Alternate Processing Site | Priority Of Service","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1277"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dc43e829-3d50-4a0a-aa0f-428d551862aa","type":"Microsoft.Authorization/policyDefinitions","name":"dc43e829-3d50-4a0a-aa0f-428d551862aa"},{"properties":{"displayName":"Microsoft
+ Managed Control 1439 - Media Sanitization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1439"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dce72873-c5f1-47c3-9b4f-6b8207fd5a45","type":"Microsoft.Authorization/policyDefinitions","name":"dce72873-c5f1-47c3-9b4f-6b8207fd5a45"},{"properties":{"displayName":"Microsoft
+ Managed Control 1264 - Contingency Plan Testing | Coordinate With Related
+ Plans","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Contingency Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1264"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd280d4b-50a1-42fb-a479-ece5878acf19","type":"Microsoft.Authorization/policyDefinitions","name":"dd280d4b-50a1-42fb-a479-ece5878acf19"},{"properties":{"displayName":"[Deprecated]:
Audit Web Applications that are not using custom domains","policyType":"BuiltIn","mode":"All","description":"Use
of custom domains protects a web application from common attacks such as phishing
and other DNS-related attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
@@ -2632,7 +5253,23 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''System Audit Policies - Policy Change''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPolicyChange","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd4680ed-0559-4a6a-ad10-081d14cbb484","type":"Microsoft.Authorization/policyDefinitions","name":"dd4680ed-0559-4a6a-ad10-081d14cbb484"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPolicyChange","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd4680ed-0559-4a6a-ad10-081d14cbb484","type":"Microsoft.Authorization/policyDefinitions","name":"dd4680ed-0559-4a6a-ad10-081d14cbb484"},{"properties":{"displayName":"Microsoft
+ Managed Control 1715 - Software, Firmware, And Information Integrity | Automated
+ Response To Integrity Violations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1715"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd469ae0-71a8-4adc-aafc-de6949ca3339","type":"Microsoft.Authorization/policyDefinitions","name":"dd469ae0-71a8-4adc-aafc-de6949ca3339"},{"properties":{"displayName":"Microsoft
+ Managed Control 1678 - Malicious Code Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1678"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd533cb0-b416-4be7-8e86-4d154824dfd7","type":"Microsoft.Authorization/policyDefinitions","name":"dd533cb0-b416-4be7-8e86-4d154824dfd7"},{"properties":{"displayName":"Microsoft
+ Managed Control 1391 - Information Spillage Response | Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1391"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd6ac1a1-660e-4810-baa8-74e868e2ed47","type":"Microsoft.Authorization/policyDefinitions","name":"dd6ac1a1-660e-4810-baa8-74e868e2ed47"},{"properties":{"displayName":"Microsoft
+ Managed Control 1146 - Security Assessments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1146"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd83410c-ecb6-4547-8f14-748c3cbdc7ac","type":"Microsoft.Authorization/policyDefinitions","name":"dd83410c-ecb6-4547-8f14-748c3cbdc7ac"},{"properties":{"displayName":"Microsoft
+ Managed Control 1602 - Developer Security Testing And Evaluation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1602"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ddae2e97-a449-499f-a1c8-aea4a7e52ec9","type":"Microsoft.Authorization/policyDefinitions","name":"ddae2e97-a449-499f-a1c8-aea4a7e52ec9"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Settings
- Account Policies''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -2657,9 +5294,26 @@ interactions:
''='', parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsRecoveryconsole"},"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Recovery
console: Allow floppy copy and access to all drives and all folders;ExpectedValue","value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b","type":"Microsoft.Authorization/policyDefinitions","name":"ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b"},{"properties":{"displayName":"Allow
- resource creation only in Japan data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
- resource creation in the following locations only: Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697","type":"Microsoft.Authorization/policyDefinitions","name":"e01598e8-6538-41ed-95e8-8b29746cd697"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b","type":"Microsoft.Authorization/policyDefinitions","name":"ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1689 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1689"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/de901f2f-a01a-4456-97f0-33cda7966172","type":"Microsoft.Authorization/policyDefinitions","name":"de901f2f-a01a-4456-97f0-33cda7966172"},{"properties":{"displayName":"Microsoft
+ Managed Control 1528 - Access Agreements","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1528"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/deb9797c-22f8-40e8-b342-a84003c924e6","type":"Microsoft.Authorization/policyDefinitions","name":"deb9797c-22f8-40e8-b342-a84003c924e6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1673 - Flaw Remediation | Automated Flaw Remediation Status","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1673"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dff0b90d-5a6f-491c-b2f8-b90aa402d844","type":"Microsoft.Authorization/policyDefinitions","name":"dff0b90d-5a6f-491c-b2f8-b90aa402d844"},{"properties":{"displayName":"[Deprecated]:
+ Allow resource creation only in Japan data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ resource creation in the following locations only: Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697","type":"Microsoft.Authorization/policyDefinitions","name":"e01598e8-6538-41ed-95e8-8b29746cd697"},{"properties":{"displayName":"Cosmos
+ DB should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Cosmos DB not configured to use a virtual network service
+ endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"field":"Microsoft.DocumentDB/databaseAccounts/virtualNetworkRules[*].id","exists":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9","type":"Microsoft.Authorization/policyDefinitions","name":"e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1206 - Access Restrictions For Change | Limit Production /
+ Operational Privileges","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1206"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0de232d-02a0-4652-872d-88afb4ae5e91","type":"Microsoft.Authorization/policyDefinitions","name":"e0de232d-02a0-4652-872d-88afb4ae5e91"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that do not have the specified Windows
PowerShell execution policy","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -2670,18 +5324,43 @@ interactions:
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"ExecutionPolicy":{"type":"String","metadata":{"displayName":"PowerShell
Execution Policy","description":"The expected PowerShell execution policy."},"allowedValues":["AllSigned","Bypass","Default","RemoteSigned","Restricted","Undefined","Unrestricted"]}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellExecutionPolicy","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[PowerShellExecutionPolicy]PowerShellExecutionPolicy1;ExecutionPolicy'',
- ''='', parameters(''ExecutionPolicy'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPowerShellExecutionPolicy"},"ExecutionPolicy":{"value":"[parameters(''ExecutionPolicy'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ExecutionPolicy":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellExecutionPolicy]PowerShellExecutionPolicy1;ExecutionPolicy","value":"[parameters(''ExecutionPolicy'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellExecutionPolicy]PowerShellExecutionPolicy1;ExecutionPolicy","value":"[parameters(''ExecutionPolicy'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0efc13a-122a-47c5-b817-2ccfe5d12615","type":"Microsoft.Authorization/policyDefinitions","name":"e0efc13a-122a-47c5-b817-2ccfe5d12615"},{"properties":{"displayName":"Vulnerabilities
+ ''='', parameters(''ExecutionPolicy'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPowerShellExecutionPolicy"},"ExecutionPolicy":{"value":"[parameters(''ExecutionPolicy'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ExecutionPolicy":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellExecutionPolicy]PowerShellExecutionPolicy1;ExecutionPolicy","value":"[parameters(''ExecutionPolicy'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellExecutionPolicy]PowerShellExecutionPolicy1;ExecutionPolicy","value":"[parameters(''ExecutionPolicy'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0efc13a-122a-47c5-b817-2ccfe5d12615","type":"Microsoft.Authorization/policyDefinitions","name":"e0efc13a-122a-47c5-b817-2ccfe5d12615"},{"properties":{"displayName":"Microsoft
+ Managed Control 1714 - Software, Firmware, And Information Integrity | Automated
+ Notifications Of Integrity Violations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1714"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e12494fa-b81e-4080-af71-7dbacc2da0ec","type":"Microsoft.Authorization/policyDefinitions","name":"e12494fa-b81e-4080-af71-7dbacc2da0ec"},{"properties":{"displayName":"Microsoft
+ Managed Control 1686 - Information System Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1686"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e17085c5-0be8-4423-b39b-a52d3d1402e5","type":"Microsoft.Authorization/policyDefinitions","name":"e17085c5-0be8-4423-b39b-a52d3d1402e5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1722 - Spam Protection | Automatic Updates","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1722"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1da06bd-25b6-4127-a301-c313d6873fff","type":"Microsoft.Authorization/policyDefinitions","name":"e1da06bd-25b6-4127-a301-c313d6873fff"},{"properties":{"displayName":"Vulnerabilities
in security configuration on your machines should be remediated","policyType":"BuiltIn","mode":"All","description":"Servers
which do not satisfy the configured baseline will be monitored by Azure Security
Center as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"osVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","type":"Microsoft.Authorization/policyDefinitions","name":"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"osVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","type":"Microsoft.Authorization/policyDefinitions","name":"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15"},{"properties":{"displayName":"Microsoft
+ Managed Control 1047 - System Use Notification","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1047"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62","type":"Microsoft.Authorization/policyDefinitions","name":"e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62"},{"properties":{"displayName":"Microsoft
+ Managed Control 1276 - Alternate Processing Site | Accessibility","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1276"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e214e563-1206-4a43-a56b-ac5880c9c571","type":"Microsoft.Authorization/policyDefinitions","name":"e214e563-1206-4a43-a56b-ac5880c9c571"},{"properties":{"displayName":"Microsoft
+ Managed Control 1560 - System And Services Acquisition Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1560"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e29e0915-5c2f-4d09-8806-048b749ad763","type":"Microsoft.Authorization/policyDefinitions","name":"e29e0915-5c2f-4d09-8806-048b749ad763"},{"properties":{"displayName":"Ensure
+ that ''HTTP Version'' is the latest, if used to run the Function app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for HTTP either due to security flaws or to include
+ additional functionality. Using the latest HTTP version for web apps to take
+ advantage of security fixes, if any, and/or new functionalities of the newer
+ version.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.http20Enabled","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c","type":"Microsoft.Authorization/policyDefinitions","name":"e2c1c086-2d84-4019-bff3-c44ccd95113c"},{"properties":{"displayName":"[Preview]:
Audit Dependency Agent Deployment in VMSS - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports
VMSS as non-compliant if the VM Image (OS) is not in the list defined and
the agent is not installed. The list of OS images will be updated over time
@@ -2689,7 +5368,19 @@ interactions:
List of VM images that have supported Windows OS to add to scope","description":"Example
value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10","type":"Microsoft.Authorization/policyDefinitions","name":"e2dd799a-a932-4e9d-ac17-d473bc3c6c10"},{"properties":{"displayName":"MFA
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10","type":"Microsoft.Authorization/policyDefinitions","name":"e2dd799a-a932-4e9d-ac17-d473bc3c6c10"},{"properties":{"displayName":"Microsoft
+ Managed Control 1161 - Continuous Monitoring","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1161"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2f8f6c6-dde4-436b-a79d-bc50e129eb3a","type":"Microsoft.Authorization/policyDefinitions","name":"e2f8f6c6-dde4-436b-a79d-bc50e129eb3a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1387 - Information Spillage Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1387"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3007185-3857-43a9-8237-06ca94f1084c","type":"Microsoft.Authorization/policyDefinitions","name":"e3007185-3857-43a9-8237-06ca94f1084c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1479 - Fire Protection | Automatic Fire Suppression","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1479"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e327b072-281d-4f75-9c28-4216e5d72f26","type":"Microsoft.Authorization/policyDefinitions","name":"e327b072-281d-4f75-9c28-4216e5d72f26"},{"properties":{"displayName":"Azure
+ VPN gateways should not use ''basic'' SKU","policyType":"BuiltIn","mode":"All","description":"This
+ policy ensures that VPN gateways do not use ''basic'' SKU.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/virtualNetworkGateways"},{"field":"Microsoft.Network/virtualNetworkGateways/gatewayType","equals":"Vpn"},{"field":"Microsoft.Network/virtualNetworkGateways/sku.tier","equals":"Basic"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e345b6c3-24bd-4c93-9bbb-7e5e49a17b78","type":"Microsoft.Authorization/policyDefinitions","name":"e345b6c3-24bd-4c93-9bbb-7e5e49a17b78"},{"properties":{"displayName":"MFA
should be enabled on accounts with read permissions on your subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor
Authentication (MFA) should be enabled for all subscription accounts with
read privileges to prevent a breach of accounts or resources.","metadata":{"category":"Security
@@ -2737,7 +5428,13 @@ interactions:
password age;ExpectedValue","value":"[parameters(''MinimumPasswordAge'')]"},{"name":"Minimum
password length;ExpectedValue","value":"[parameters(''MinimumPasswordLength'')]"},{"name":"Password
must meet complexity requirements;ExpectedValue","value":"[parameters(''PasswordMustMeetComplexityRequirements'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3d95ab7-f47a-49d8-a347-784177b6c94c","type":"Microsoft.Authorization/policyDefinitions","name":"e3d95ab7-f47a-49d8-a347-784177b6c94c"},{"properties":{"displayName":"[Preview]:
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3d95ab7-f47a-49d8-a347-784177b6c94c","type":"Microsoft.Authorization/policyDefinitions","name":"e3d95ab7-f47a-49d8-a347-784177b6c94c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1451 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1451"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3f1e5a3-25c1-4476-8cb6-3955031f8e65","type":"Microsoft.Authorization/policyDefinitions","name":"e3f1e5a3-25c1-4476-8cb6-3955031f8e65"},{"properties":{"displayName":"Microsoft
+ Managed Control 1357 - Incident Response Training | Automated Training Environments","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1357"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e4213689-05e8-4241-9d4e-8dd1cdafd105","type":"Microsoft.Authorization/policyDefinitions","name":"e4213689-05e8-4241-9d4e-8dd1cdafd105"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- User Account Control''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -2769,14 +5466,36 @@ interactions:
Approval Mode;ExpectedValue","value":"[parameters(''UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode'')]"},{"name":"User
Account Control: Detect application installations and prompt for elevation;ExpectedValue","value":"[parameters(''UACDetectApplicationInstallationsAndPromptForElevation'')]"},{"name":"User
Account Control: Run all administrators in Admin Approval Mode;ExpectedValue","value":"[parameters(''UACRunAllAdministratorsInAdminApprovalMode'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e425e402-a050-45e5-b010-bd3f934589fc","type":"Microsoft.Authorization/policyDefinitions","name":"e425e402-a050-45e5-b010-bd3f934589fc"},{"properties":{"displayName":"Allowed
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e425e402-a050-45e5-b010-bd3f934589fc","type":"Microsoft.Authorization/policyDefinitions","name":"e425e402-a050-45e5-b010-bd3f934589fc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1340 - Authenticator Management | No Embedded Unencrypted
+ Static Authenticators","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1340"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e51ff84b-e5ea-408f-b651-2ecc2933e4c6","type":"Microsoft.Authorization/policyDefinitions","name":"e51ff84b-e5ea-408f-b651-2ecc2933e4c6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1381 - Incident Response Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1381"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e5368258-9684-4567-8126-269f34e65eab","type":"Microsoft.Authorization/policyDefinitions","name":"e5368258-9684-4567-8126-269f34e65eab"},{"properties":{"displayName":"Microsoft
+ Managed Control 1421 - Maintenance Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1421"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e539caaa-da8c-41b8-9e1e-449851e2f7a6","type":"Microsoft.Authorization/policyDefinitions","name":"e539caaa-da8c-41b8-9e1e-449851e2f7a6"},{"properties":{"displayName":"Microsoft
+ Managed Control 1716 - Software, Firmware, And Information Integrity | Integration
+ Of Detection And Response","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1716"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e54c325e-42a0-4dcf-b105-046e0f6f590f","type":"Microsoft.Authorization/policyDefinitions","name":"e54c325e-42a0-4dcf-b105-046e0f6f590f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1023 - Account Management | Usage Conditions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1023"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e55698b6-3dea-4aa9-99b9-d8218c6ab6e5","type":"Microsoft.Authorization/policyDefinitions","name":"e55698b6-3dea-4aa9-99b9-d8218c6ab6e5"},{"properties":{"displayName":"Allowed
locations","policyType":"BuiltIn","mode":"Indexed","description":"This policy
enables you to restrict the locations your organization can specify when deploying
resources. Use to enforce your geo-compliance requirements. Excludes resource
groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources that
use the ''global'' region.","metadata":{"category":"General"},"parameters":{"listOfAllowedLocations":{"type":"Array","metadata":{"description":"The
list of locations that can be specified when deploying resources.","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"allOf":[{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"},{"field":"location","notEquals":"global"},{"field":"type","notEquals":"Microsoft.AzureActiveDirectory/b2cDirectories"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","type":"Microsoft.Authorization/policyDefinitions","name":"e56962a6-4747-49cd-b67b-bf8b01975c4c"},{"properties":{"displayName":"[Preview]:
+ locations"}}},"policyRule":{"if":{"allOf":[{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"},{"field":"location","notEquals":"global"},{"field":"type","notEquals":"Microsoft.AzureActiveDirectory/b2cDirectories"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","type":"Microsoft.Authorization/policyDefinitions","name":"e56962a6-4747-49cd-b67b-bf8b01975c4c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1296 - Information System Recovery And Reconstitution | Transaction
+ Recovery","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1296"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e57b98a0-a011-4956-a79d-5d17ed8b8e48","type":"Microsoft.Authorization/policyDefinitions","name":"e57b98a0-a011-4956-a79d-5d17ed8b8e48"},{"properties":{"displayName":"Microsoft
+ Managed Control 1499 - Rules Of Behavior","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1499"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e59671ab-9720-4ee2-9c60-170e8c82251e","type":"Microsoft.Authorization/policyDefinitions","name":"e59671ab-9720-4ee2-9c60-170e8c82251e"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Accounts''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -2796,29 +5515,49 @@ interactions:
the latest supported Node.js version for the latest security classes. Using
older classes and types can make your application vulnerable.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestNodeJS","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008","type":"Microsoft.Authorization/policyDefinitions","name":"e67687e8-08d5-4e7f-8226-5b4753bba008"},{"properties":{"displayName":"Subnets
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestNodeJS","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008","type":"Microsoft.Authorization/policyDefinitions","name":"e67687e8-08d5-4e7f-8226-5b4753bba008"},{"properties":{"displayName":"Microsoft
+ Managed Control 1465 - Monitoring Physical Access | Monitoring Physical Access
+ To Information Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1465"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e6e41554-86b5-4537-9f7f-4fc41a1d1640","type":"Microsoft.Authorization/policyDefinitions","name":"e6e41554-86b5-4537-9f7f-4fc41a1d1640"},{"properties":{"displayName":"Subnets
should be associated with a Network Security Group","policyType":"BuiltIn","mode":"All","description":"Protect
your subnet from potential threats by restricting access to it with a Network
Security Group (NSG). NSGs contain a list of Access Control List (ACL) rules
that allow or deny network traffic to your subnet.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnSubnets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","type":"Microsoft.Authorization/policyDefinitions","name":"e71308d3-144b-4262-b144-efdc3cc90517"},{"properties":{"displayName":"Advanced
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnSubnets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","type":"Microsoft.Authorization/policyDefinitions","name":"e71308d3-144b-4262-b144-efdc3cc90517"},{"properties":{"displayName":"Microsoft
+ Managed Control 1567 - System Development Life Cycle","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1567"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e72edbf6-aa61-436d-a227-0f32b77194b3","type":"Microsoft.Authorization/policyDefinitions","name":"e72edbf6-aa61-436d-a227-0f32b77194b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1311 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1311"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e7568697-0c9e-4ea3-9cec-9e567d14f3c6","type":"Microsoft.Authorization/policyDefinitions","name":"e7568697-0c9e-4ea3-9cec-9e567d14f3c6"},{"properties":{"displayName":"Advanced
Threat Protection types should be set to ''All'' in SQL server Advanced Data
Security settings","policyType":"BuiltIn","mode":"Indexed","description":"It
is recommended to enable all Advanced Threat Protection types on your SQL
servers. Enabling all types protects against SQL injection, database vulnerabilities,
and any other anomalous activities.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/disabledAlerts[*]","equals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","type":"Microsoft.Authorization/policyDefinitions","name":"e756b945-1b1b-480b-8de8-9a0859d5f7ad"},{"properties":{"displayName":"Allowed
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/disabledAlerts[*]","equals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","type":"Microsoft.Authorization/policyDefinitions","name":"e756b945-1b1b-480b-8de8-9a0859d5f7ad"},{"properties":{"displayName":"Microsoft
+ Managed Control 1154 - System Interconnections | Unclassified Non-National
+ Security System Connections","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1154"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e757ceb9-93b3-45fe-a4f4-f43f64f1ac5a","type":"Microsoft.Authorization/policyDefinitions","name":"e757ceb9-93b3-45fe-a4f4-f43f64f1ac5a"},{"properties":{"displayName":"Allowed
locations for resource groups","policyType":"BuiltIn","mode":"All","description":"This
policy enables you to restrict the locations your organization can create
resource groups in. Use to enforce your geo-compliance requirements.","metadata":{"category":"General"},"parameters":{"listOfAllowedLocations":{"type":"Array","metadata":{"description":"The
list of locations that resource groups can be created in.","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"allOf":[{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"},{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988","type":"Microsoft.Authorization/policyDefinitions","name":"e765b5de-1225-4ba3-bd56-1ac6695af988"},{"properties":{"displayName":"[Deprecated]:
+ locations"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988","type":"Microsoft.Authorization/policyDefinitions","name":"e765b5de-1225-4ba3-bd56-1ac6695af988"},{"properties":{"displayName":"Microsoft
+ Managed Control 1273 - Alternate Processing Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1273"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e77fcbf2-a1e8-44f1-860e-ed6583761e65","type":"Microsoft.Authorization/policyDefinitions","name":"e77fcbf2-a1e8-44f1-860e-ed6583761e65"},{"properties":{"displayName":"[Deprecated]:
Audit Web Sockets state for a Web Application","policyType":"BuiltIn","mode":"All","description":"The
Web Sockets protocol is vulnerable to different types of security threats.
Use of Web Sockets within a web application must be carefully reviewed.","metadata":{"category":"Security
Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e","type":"Microsoft.Authorization/policyDefinitions","name":"e797f851-8be7-4c40-bb56-2e3395215b0e"},{"properties":{"displayName":"Enforce
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e","type":"Microsoft.Authorization/policyDefinitions","name":"e797f851-8be7-4c40-bb56-2e3395215b0e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1169 - Continuous Monitoring | Trend Analyses","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1169"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e7ba2cb3-5675-4468-8b50-8486bdd998a5","type":"Microsoft.Authorization/policyDefinitions","name":"e7ba2cb3-5675-4468-8b50-8486bdd998a5"},{"properties":{"displayName":"Enforce
SSL connection should be enabled for MySQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy audits any MySQL server that is not enforcing SSL connection. Azure
Database for MySQL supports connecting your Azure Database for MySQL server
@@ -2826,16 +5565,97 @@ interactions:
between your database server and your client applications helps protect against
''man in the middle'' attacks by encrypting the data stream between the server
and your application.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMySQL/servers"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","type":"Microsoft.Authorization/policyDefinitions","name":"e802a67a-daf5-4436-9ea6-f6d821dd0c5d"},{"properties":{"displayName":"Vulnerabilities
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMySQL/servers"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","type":"Microsoft.Authorization/policyDefinitions","name":"e802a67a-daf5-4436-9ea6-f6d821dd0c5d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1237 - Software Usage Restrictions | Open Source Software","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1237"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e80b6812-0bfa-4383-8223-cdd86a46a890","type":"Microsoft.Authorization/policyDefinitions","name":"e80b6812-0bfa-4383-8223-cdd86a46a890"},{"properties":{"displayName":"Vulnerabilities
in container security configurations should be remediated","policyType":"BuiltIn","mode":"All","description":"Audit
vulnerabilities in security configuration on machines with Docker installed
and display as recommendations in Azure Security Center.","metadata":{"category":"Security
Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ContainerBenchmark","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","type":"Microsoft.Authorization/policyDefinitions","name":"e8cbc669-f12d-49eb-93e7-9273119e9933"},{"properties":{"displayName":"Remote
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ContainerBenchmark","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","type":"Microsoft.Authorization/policyDefinitions","name":"e8cbc669-f12d-49eb-93e7-9273119e9933"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Data Lake Storage Gen1 to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Storage Gen1 to stream to a regional
+ Event Hub when any Data Lake Storage Gen1 which is missing this diagnostic
+ settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeStore/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e8d096bc-85de-4c5f-8cfb-857bd1b9d62d","type":"Microsoft.Authorization/policyDefinitions","name":"e8d096bc-85de-4c5f-8cfb-857bd1b9d62d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1626 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1626"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e8f6bddd-6d67-439a-88d4-c5fe39a79341","type":"Microsoft.Authorization/policyDefinitions","name":"e8f6bddd-6d67-439a-88d4-c5fe39a79341"},{"properties":{"displayName":"Microsoft
+ Managed Control 1502 - Rules Of Behavior | Social Media And Networking Restrictions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1502"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e901375c-8f01-4ac8-9183-d5312f47fe63","type":"Microsoft.Authorization/policyDefinitions","name":"e901375c-8f01-4ac8-9183-d5312f47fe63"},{"properties":{"displayName":"Microsoft
+ Managed Control 1723 - Information Input Validation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1723"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e91927a0-ac1d-44a0-95f8-5185f9dfce9f","type":"Microsoft.Authorization/policyDefinitions","name":"e91927a0-ac1d-44a0-95f8-5185f9dfce9f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1200 - Security Impact Analysis","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1200"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e98fe9d7-2ed3-44f8-93b7-24dca69783ff","type":"Microsoft.Authorization/policyDefinitions","name":"e98fe9d7-2ed3-44f8-93b7-24dca69783ff"},{"properties":{"displayName":"Microsoft
+ Managed Control 1487 - Alternate Work Site","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1487"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e9c3371d-c30c-4f58-abd9-30b8a8199571","type":"Microsoft.Authorization/policyDefinitions","name":"e9c3371d-c30c-4f58-abd9-30b8a8199571"},{"properties":{"displayName":"Remote
debugging should be turned off for API Apps","policyType":"BuiltIn","mode":"Indexed","description":"Remote
debugging requires inbound ports to be opened on an API apps. Remote debugging
should be turned off.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","type":"Microsoft.Authorization/policyDefinitions","name":"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e"},{"properties":{"displayName":"Deprecated
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","type":"Microsoft.Authorization/policyDefinitions","name":"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1363 - Incident Handling | Automated Incident Handling Processes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1363"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ea3e8156-89a1-45b1-8bd6-938abc79fdfd","type":"Microsoft.Authorization/policyDefinitions","name":"ea3e8156-89a1-45b1-8bd6-938abc79fdfd"},{"properties":{"displayName":"Inherit
+ a tag from the resource group if missing","policyType":"BuiltIn","mode":"Indexed","description":"Adds
+ the specified tag with its value from the parent resource group when any resource
+ missing this tag is created or updated. Existing resources can be remediated
+ by triggering a remediation task. If the tag exists with a different value
+ it will not be changed.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"allOf":[{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","exists":"false"},{"value":"[resourceGroup().tags[parameters(''tagName'')]]","notEquals":""}]},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"add","field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","value":"[resourceGroup().tags[parameters(''tagName'')]]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ea3f2387-9b95-492a-a190-fcdc54f7b070","type":"Microsoft.Authorization/policyDefinitions","name":"ea3f2387-9b95-492a-a190-fcdc54f7b070"},{"properties":{"displayName":"Key
+ Vault should use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Key Vault not configured to use a virtual network service
+ endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"anyOf":[{"field":"Microsoft.KeyVault/vaults/networkAcls.defaultAction","notEquals":"Deny"},{"field":"Microsoft.KeyVault/vaults/networkAcls.virtualNetworkRules[*].id","exists":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ea4d6841-2173-4317-9747-ff522a45120f","type":"Microsoft.Authorization/policyDefinitions","name":"ea4d6841-2173-4317-9747-ff522a45120f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1422 - Maintenance Personnel","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1422"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ea556850-838d-4a37-8ce5-9d7642f95e11","type":"Microsoft.Authorization/policyDefinitions","name":"ea556850-838d-4a37-8ce5-9d7642f95e11"},{"properties":{"displayName":"Microsoft
+ Managed Control 1542 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1542"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eab340d0-3d55-4826-a0e5-feebfeb0131d","type":"Microsoft.Authorization/policyDefinitions","name":"eab340d0-3d55-4826-a0e5-feebfeb0131d"},{"properties":{"displayName":"Ensure
+ Function app has ''Client Certificates (Incoming client certificates)'' set
+ to ''On''","policyType":"BuiltIn","mode":"Indexed","description":"Client certificates
+ allow for the app to request a certificate for incoming requests. Only clients
+ that have a valid certificate will be able to reach the app.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"},{"field":"Microsoft.Web/sites/clientCertEnabled","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c","type":"Microsoft.Authorization/policyDefinitions","name":"eaebaea7-8013-4ceb-9d14-7eb32271373c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1064 - Remote Access | Privileged Commands / Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1064"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eb4d9508-cbf0-4a3c-bb5c-6c95b159f3fb","type":"Microsoft.Authorization/policyDefinitions","name":"eb4d9508-cbf0-4a3c-bb5c-6c95b159f3fb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1321 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1321"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eb627cc6-3a9d-46b5-96b7-5fca49178a37","type":"Microsoft.Authorization/policyDefinitions","name":"eb627cc6-3a9d-46b5-96b7-5fca49178a37"},{"properties":{"displayName":"Log
+ checkpoints should be enabled for PostgreSQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy helps audit any PostgreSQL databases in your environment without log_checkpoints
+ setting enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"log_checkpoints","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d","type":"Microsoft.Authorization/policyDefinitions","name":"eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d"},{"properties":{"displayName":"Log
+ connections should be enabled for PostgreSQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy helps audit any PostgreSQL databases in your environment without log_connections
+ setting enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"log_connections","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e442","type":"Microsoft.Authorization/policyDefinitions","name":"eb6f77b9-bd53-4e35-a23d-7f65d5f0e442"},{"properties":{"displayName":"Disconnections
+ should be logged for PostgreSQL database servers.","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy helps audit any PostgreSQL databases in your environment without log_disconnections
+ enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"log_disconnections","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e446","type":"Microsoft.Authorization/policyDefinitions","name":"eb6f77b9-bd53-4e35-a23d-7f65d5f0e446"},{"properties":{"displayName":"Log
+ duration should be enabled for PostgreSQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy helps audit any PostgreSQL databases in your environment without log_duration
+ setting enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"log_duration","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e8f3","type":"Microsoft.Authorization/policyDefinitions","name":"eb6f77b9-bd53-4e35-a23d-7f65d5f0e8f3"},{"properties":{"displayName":"Deprecated
accounts with owner permissions should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"Deprecated
accounts with owner permissions should be removed from your subscription. Deprecated
accounts are accounts that have been blocked from signing in.","metadata":{"category":"Security
@@ -2849,13 +5669,13 @@ interactions:
Configuration. This policy should only be used along with its corresponding
audit policy in an initiative. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid110"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid110"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","type":"Microsoft.Authorization/policyDefinitions","name":"ec49586f-4939-402d-a29e-6ff502b20592"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Administrative
Templates - Control Panel''","policyType":"BuiltIn","mode":"Indexed","description":"This
@@ -2867,7 +5687,13 @@ interactions:
information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesControlPanel","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_AdministrativeTemplatesControlPanel"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ec7ac234-2af5-4729-94d2-c557c071799d","type":"Microsoft.Authorization/policyDefinitions","name":"ec7ac234-2af5-4729-94d2-c557c071799d"},{"properties":{"displayName":"Deploy
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ec7ac234-2af5-4729-94d2-c557c071799d","type":"Microsoft.Authorization/policyDefinitions","name":"ec7ac234-2af5-4729-94d2-c557c071799d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1241 - User-Installed Software | Alerts For Unauthorized Installations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1241"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eca4d7b2-65e2-4e04-95d4-c68606b063c3","type":"Microsoft.Authorization/policyDefinitions","name":"eca4d7b2-65e2-4e04-95d4-c68606b063c3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1622 - Boundary Protection","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1622"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ecf56554-164d-499a-8d00-206b07c27bed","type":"Microsoft.Authorization/policyDefinitions","name":"ecf56554-164d-499a-8d00-206b07c27bed"},{"properties":{"displayName":"Deploy
Diagnostic Settings for Key Vault to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
the diagnostic settings for Key Vault to stream to a regional Event Hub when
any Key Vault which is missing this diagnostic settings is created or updated.","metadata":{"category":"Key
@@ -2883,12 +5709,78 @@ interactions:
logs","description":"Whether to enable logs stream to the Event Hub - True
or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vaultName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"resources":[{"type":"Microsoft.KeyVault/vaults/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''vaultName''),
''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"AuditEvent","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- diagnostic settings for '', parameters(''vaultName''))]"}}},"parameters":{"location":{"value":"[field(''location'')]"},"vaultName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ed7c8c13-51e7-49d1-8a43-8490431a0da2","type":"Microsoft.Authorization/policyDefinitions","name":"ed7c8c13-51e7-49d1-8a43-8490431a0da2"},{"properties":{"displayName":"Vulnerability
+ diagnostic settings for '', parameters(''vaultName''))]"}}},"parameters":{"location":{"value":"[field(''location'')]"},"vaultName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ed7c8c13-51e7-49d1-8a43-8490431a0da2","type":"Microsoft.Authorization/policyDefinitions","name":"ed7c8c13-51e7-49d1-8a43-8490431a0da2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1217 - Least Functionality | Periodic Review","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1217"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/edea4f20-b02c-4115-be75-86c080e5c0ed","type":"Microsoft.Authorization/policyDefinitions","name":"edea4f20-b02c-4115-be75-86c080e5c0ed"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Stream Analytics to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Stream Analytics to stream to a regional Event
+ Hub when any Stream Analytics which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingjobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.StreamAnalytics/streamingjobs/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Execution","enabled":"[parameters(''logsEnabled'')]"},{"category":"Authoring","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/edf3780c-3d70-40fe-b17e-ab72013dafca","type":"Microsoft.Authorization/policyDefinitions","name":"edf3780c-3d70-40fe-b17e-ab72013dafca"},{"properties":{"displayName":"Microsoft
+ Managed Control 1189 - Configuration Change Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1189"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ee45e02a-4140-416c-82c4-fecfea660b9d","type":"Microsoft.Authorization/policyDefinitions","name":"ee45e02a-4140-416c-82c4-fecfea660b9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1089 - Security Awareness Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Awareness and Training control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1089"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef080e67-0d1a-4f76-a0c5-fb9b0358485e","type":"Microsoft.Authorization/policyDefinitions","name":"ef080e67-0d1a-4f76-a0c5-fb9b0358485e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1314 - Identifier Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1314"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef0c8530-efd9-45b8-b753-f03083d06295","type":"Microsoft.Authorization/policyDefinitions","name":"ef0c8530-efd9-45b8-b753-f03083d06295"},{"properties":{"displayName":"Microsoft
+ Managed Control 1128 - Time Stamps","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1128"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef212163-3bc4-4e86-bcf8-705127086393","type":"Microsoft.Authorization/policyDefinitions","name":"ef212163-3bc4-4e86-bcf8-705127086393"},{"properties":{"displayName":"Vulnerability
assessment should be enabled on your SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"Audit
Azure SQL servers which do not have recurring vulnerability assessment scans
enabled. Vulnerability assessment can discover, track, and help you remediate
potential database vulnerabilities.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/vulnerabilityAssessments/recurringScans.isEnabled","equals":"True"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","type":"Microsoft.Authorization/policyDefinitions","name":"ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9"},{"properties":{"displayName":"Deploy
+ Diagnostic Settings for Event Hub to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Event Hub to stream to a regional Event Hub when
+ any Event Hub which is missing this diagnostic settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.EventHub/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ArchiveLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"AutoScaleLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"KafkaCoordinatorLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"EventHubVNetConnectionEvent","enabled":"[parameters(''logsEnabled'')]"},{"category":"CustomerManagedKeyUserLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef7b61ef-b8e4-4c91-8e78-6946c6b0023f","type":"Microsoft.Authorization/policyDefinitions","name":"ef7b61ef-b8e4-4c91-8e78-6946c6b0023f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1472 - Emergency Shutoff","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1472"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef869332-921d-4c28-9402-3be73e6e50c8","type":"Microsoft.Authorization/policyDefinitions","name":"ef869332-921d-4c28-9402-3be73e6e50c8"},{"properties":{"displayName":"The
+ Log Analytics agent should be installed on Virtual Machine Scale Sets","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Windows/Linux Virtual Machine Scale Sets if the Log Analytics
+ agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","in":["MicrosoftMonitoringAgent","OmsAgentForLinux"]},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/provisioningState","equals":"Succeeded"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/settings.workspaceId","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf","type":"Microsoft.Authorization/policyDefinitions","name":"efbde977-ba53-4479-b8e9-10b957924fbf"},{"properties":{"displayName":"Microsoft
+ Managed Control 1012 - Account Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1012"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/efd7b9ae-1db6-4eb6-b0fe-87e6565f9738","type":"Microsoft.Authorization/policyDefinitions","name":"efd7b9ae-1db6-4eb6-b0fe-87e6565f9738"},{"properties":{"displayName":"Microsoft
+ Managed Control 1358 - Incident Response Testing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Incident Response control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1358"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/effbaeef-5bf4-400d-895e-ef8cbc0e64c7","type":"Microsoft.Authorization/policyDefinitions","name":"effbaeef-5bf4-400d-895e-ef8cbc0e64c7"},{"properties":{"displayName":"Ensure
+ that Register with Azure Active Directory is enabled on Function App","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0473e7a-a1ba-4e86-afb2-e829e11b01d8","type":"Microsoft.Authorization/policyDefinitions","name":"f0473e7a-a1ba-4e86-afb2-e829e11b01d8"},{"properties":{"displayName":"Deploy
prerequisites to audit Windows VMs that have the specified applications installed","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
that have the specified applications installed. It also creates a system-assigned
@@ -2900,14 +5792,30 @@ interactions:
names of the applications that should not be installed. e.g. ''Microsoft SQL
Server 2014 (64-bit); Microsoft Visual Studio Code'' or ''Microsoft SQL Server
2014*'' (to match any application starting with ''Microsoft SQL Server 2014'')"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"NotInstalledApplication","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[InstalledApplication]NotInstalledApplicationResource1;Name'',
- ''='', parameters(''ApplicationName'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"NotInstalledApplication"},"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ApplicationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]NotInstalledApplicationResource1;Name","value":"[parameters(''ApplicationName'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]NotInstalledApplicationResource1;Name","value":"[parameters(''ApplicationName'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2","type":"Microsoft.Authorization/policyDefinitions","name":"f0633351-c7b2-41ff-9981-508fc08553c2"},{"properties":{"displayName":"[Preview]:
+ ''='', parameters(''ApplicationName'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"NotInstalledApplication"},"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ApplicationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]NotInstalledApplicationResource1;Name","value":"[parameters(''ApplicationName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]NotInstalledApplicationResource1;Name","value":"[parameters(''ApplicationName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2","type":"Microsoft.Authorization/policyDefinitions","name":"f0633351-c7b2-41ff-9981-508fc08553c2"},{"properties":{"displayName":"Microsoft
+ Managed Control 1531 - Third-Party Personnel Security","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1531"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0643e0c-eee5-4113-8684-c608d05c5236","type":"Microsoft.Authorization/policyDefinitions","name":"f0643e0c-eee5-4113-8684-c608d05c5236"},{"properties":{"displayName":"Latest
+ TLS version should be used in your Web App","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
+ to the latest TLS version","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","type":"Microsoft.Authorization/policyDefinitions","name":"f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1028 - Information Flow Enforcement","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1028"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f171df5c-921b-41e9-b12b-50801c315475","type":"Microsoft.Authorization/policyDefinitions","name":"f171df5c-921b-41e9-b12b-50801c315475"},{"properties":{"displayName":"Virtual
+ networks should use specified virtual network gateway","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any virtual network if the default route does not point to the
+ specified virtual network gateway.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"virtualNetworkGatewayId":{"type":"String","metadata":{"displayName":"Virtual
+ network gateway Id","description":"Resource Id of the virtual network gateway.
+ Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroup/providers/Microsoft.Network/virtualNetworkGateways/Name"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/virtualNetworks"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Network/virtualNetworks/subnets","name":"GatewaySubnet","existenceCondition":{"not":{"field":"Microsoft.Network/virtualNetworks/subnets/ipConfigurations[*].id","notContains":"[concat(parameters(''virtualNetworkGatewayId''),
+ ''/'')]"}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f1776c76-f58c-4245-a8d0-2b207198dc8b","type":"Microsoft.Authorization/policyDefinitions","name":"f1776c76-f58c-4245-a8d0-2b207198dc8b"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Linux VMs that do not have the passwd file permissions
set to 0644","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Linux virtual machines that
@@ -2915,13 +5823,13 @@ interactions:
managed identity and deploys the VM extension for Guest Configuration. This
policy should only be used along with its corresponding audit policy in an
initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid121"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid121"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","type":"Microsoft.Authorization/policyDefinitions","name":"f19aa1c1-6b91-4c27-ae6a-970279f03db9"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Adminstrative
Templates - MSS (Legacy)''","policyType":"BuiltIn","mode":"Indexed","description":"This
@@ -2933,7 +5841,24 @@ interactions:
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdminstrativeTemplatesMSSLegacy","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_AdminstrativeTemplatesMSSLegacy"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f1f4825d-58fb-4257-8016-8c00e3c9ed9d","type":"Microsoft.Authorization/policyDefinitions","name":"f1f4825d-58fb-4257-8016-8c00e3c9ed9d"},{"properties":{"displayName":"Show
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f1f4825d-58fb-4257-8016-8c00e3c9ed9d","type":"Microsoft.Authorization/policyDefinitions","name":"f1f4825d-58fb-4257-8016-8c00e3c9ed9d"},{"properties":{"displayName":"Microsoft
+ Managed Control 1701 - Information System Monitoring | Host-Based Devices","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1701"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f25bc08f-27cb-43b6-9a23-014d00700426","type":"Microsoft.Authorization/policyDefinitions","name":"f25bc08f-27cb-43b6-9a23-014d00700426"},{"properties":{"displayName":"Microsoft
+ Managed Control 1457 - Physical Access Control","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1457"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f2d9d3e6-8886-4305-865d-639163e5c305","type":"Microsoft.Authorization/policyDefinitions","name":"f2d9d3e6-8886-4305-865d-639163e5c305"},{"properties":{"displayName":"Microsoft
+ Managed Control 1309 - Identification And Authentication (Org. Users) | Acceptance
+ Of Piv Credentials","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1309"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f355d62b-39a8-4ba3-abf7-90f71cb3b000","type":"Microsoft.Authorization/policyDefinitions","name":"f355d62b-39a8-4ba3-abf7-90f71cb3b000"},{"properties":{"displayName":"Microsoft
+ Managed Control 1615 - System And Communications Protection Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1615"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f35e02aa-0a55-49f8-8811-8abfa7e6f2c0","type":"Microsoft.Authorization/policyDefinitions","name":"f35e02aa-0a55-49f8-8811-8abfa7e6f2c0"},{"properties":{"displayName":"Microsoft
+ Managed Control 1255 - Contingency Plan | Continue Essential Missions / Business
+ Functions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1255"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f3793f5e-937f-44f7-bfba-40647ef3efa0","type":"Microsoft.Authorization/policyDefinitions","name":"f3793f5e-937f-44f7-bfba-40647ef3efa0"},{"properties":{"displayName":"Show
audit results from Windows VMs in which the Administrators group does not
contain all of the specified members","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -2949,7 +5874,10 @@ interactions:
VMs that do not contain the specified certificates in the Trusted Root Certification
Authorities certificate store (Cert:\\LocalMachine\\Root). For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsCertificateInTrustedRoot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f3b9ad83-000d-4dc1-bff0-6d54533dd03f","type":"Microsoft.Authorization/policyDefinitions","name":"f3b9ad83-000d-4dc1-bff0-6d54533dd03f"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsCertificateInTrustedRoot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f3b9ad83-000d-4dc1-bff0-6d54533dd03f","type":"Microsoft.Authorization/policyDefinitions","name":"f3b9ad83-000d-4dc1-bff0-6d54533dd03f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1706 - Security Alerts, Advisories, And Directives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1706"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f475ee0e-f560-4c9b-876b-04a77460a404","type":"Microsoft.Authorization/policyDefinitions","name":"f475ee0e-f560-4c9b-876b-04a77460a404"},{"properties":{"displayName":"[Preview]:
Audit Log Analytics Workspace for VM - Report Mismatch","policyType":"BuiltIn","mode":"Indexed","description":"Reports
VMs as non-compliant if they not logging to the LA workspace specified in
the policy/initiative assignment.","metadata":{"category":"Monitoring"},"parameters":{"logAnalyticsWorkspaceId":{"type":"String","metadata":{"displayName":"Log
@@ -2966,7 +5894,9 @@ interactions:
This definition allows Azure Policy to process the results of auditing Windows
virtual machines that do not have the password complexity setting enabled.
For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","type":"Microsoft.Authorization/policyDefinitions","name":"f48b2913-1dc5-4834-8c72-ccc1dfd819bb"},{"properties":{"displayName":"[Preview]:
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","type":"Microsoft.Authorization/policyDefinitions","name":"f48b2913-1dc5-4834-8c72-ccc1dfd819bb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1495 - System Security Plan","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Planning control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1495"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f4978d0e-a596-48e7-9f8c-bbf52554ce8d","type":"Microsoft.Authorization/policyDefinitions","name":"f4978d0e-a596-48e7-9f8c-bbf52554ce8d"},{"properties":{"displayName":"[Preview]:
Deploy prerequisites to audit Windows VMs that have not restarted within the
specified number of days","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -2978,13 +5908,13 @@ interactions:
Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"NumberOfDays":{"type":"String","metadata":{"displayName":"Number
of days","description":"The number of days without restart until the machine
is considered non-compliant"},"defaultValue":"12"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MachineLastBootUpTime","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[MachineUpTime]MachineLastBootUpTime;NumberOfDays'',
- ''='', parameters(''NumberOfDays'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MachineLastBootUpTime"},"NumberOfDays":{"value":"[parameters(''NumberOfDays'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"NumberOfDays":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[MachineUpTime]MachineLastBootUpTime;NumberOfDays","value":"[parameters(''NumberOfDays'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[MachineUpTime]MachineLastBootUpTime;NumberOfDays","value":"[parameters(''NumberOfDays'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''='', parameters(''NumberOfDays'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MachineLastBootUpTime"},"NumberOfDays":{"value":"[parameters(''NumberOfDays'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"NumberOfDays":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[MachineUpTime]MachineLastBootUpTime;NumberOfDays","value":"[parameters(''NumberOfDays'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[MachineUpTime]MachineLastBootUpTime;NumberOfDays","value":"[parameters(''NumberOfDays'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f4b245d4-46c9-42be-9b1a-49e2b5b94194","type":"Microsoft.Authorization/policyDefinitions","name":"f4b245d4-46c9-42be-9b1a-49e2b5b94194"},{"properties":{"displayName":"Deploy
Auditing on SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"This
policy ensures that Auditing is enabled on SQL Servers for enhanced security
@@ -3001,7 +5931,13 @@ interactions:
0, 3)]","storageName":"[tolower(concat(''sqlaudit'', variables(''locationCode''),
variables(''uniqueStorage'')))]","createStorageAccountDeploymentName":"[concat(''sqlServerAuditingStorageAccount-'',
uniqueString(variables(''locationCode''), parameters(''serverName'')))]"},"resources":[{"apiVersion":"2017-05-10","name":"[variables(''createStorageAccountDeploymentName'')]","type":"Microsoft.Resources/deployments","resourceGroup":"[parameters(''storageAccountsResourceGroup'')]","properties":{"mode":"Incremental","parameters":{"location":{"value":"[parameters(''location'')]"},"storageName":{"value":"[variables(''storageName'')]"}},"templateLink":{"uri":"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json","contentVersion":"1.0.0.0"}}},{"name":"[concat(parameters(''serverName''),
- ''/Default'')]","type":"Microsoft.Sql/servers/auditingSettings","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","storageEndpoint":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountEndPoint.value]","storageAccountAccessKey":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountKey.value]","retentionDays":"[variables(''retentionDays'')]","auditActionsAndGroups":null,"storageAccountSubscriptionId":"[subscription().subscriptionId]","isStorageSecondaryKeyInUse":false}}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"auditRetentionDays":{"value":"[parameters(''retentionDays'')]"},"storageAccountsResourceGroup":{"value":"[parameters(''storageAccountsResourceGroup'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036","type":"Microsoft.Authorization/policyDefinitions","name":"f4c68484-132f-41f9-9b6d-3e4b1cb55036"},{"properties":{"displayName":"[Preview]:
+ ''/Default'')]","type":"Microsoft.Sql/servers/auditingSettings","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","storageEndpoint":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountEndPoint.value]","storageAccountAccessKey":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountKey.value]","retentionDays":"[variables(''retentionDays'')]","auditActionsAndGroups":null,"storageAccountSubscriptionId":"[subscription().subscriptionId]","isStorageSecondaryKeyInUse":false}}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"auditRetentionDays":{"value":"[parameters(''retentionDays'')]"},"storageAccountsResourceGroup":{"value":"[parameters(''storageAccountsResourceGroup'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036","type":"Microsoft.Authorization/policyDefinitions","name":"f4c68484-132f-41f9-9b6d-3e4b1cb55036"},{"properties":{"displayName":"Microsoft
+ Managed Control 1469 - Power Equipment And Cabling","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1469"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd","type":"Microsoft.Authorization/policyDefinitions","name":"f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd"},{"properties":{"displayName":"Microsoft
+ Managed Control 1618 - Security Function Isolation","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1618"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f52f89aa-4489-4ec4-950e-8c96a036baa9","type":"Microsoft.Authorization/policyDefinitions","name":"f52f89aa-4489-4ec4-950e-8c96a036baa9"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''Security Options
- Network Access''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -3037,13 +5973,42 @@ interactions:
access: Remotely accessible registry paths;ExpectedValue","value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPaths'')]"},{"name":"Network
access: Remotely accessible registry paths and sub-paths;ExpectedValue","value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths'')]"},{"name":"Network
access: Shares that can be accessed anonymously;ExpectedValue","value":"[parameters(''NetworkAccessSharesThatCanBeAccessedAnonymously'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f56a3ab2-89d1-44de-ac0d-2ada5962e22a","type":"Microsoft.Authorization/policyDefinitions","name":"f56a3ab2-89d1-44de-ac0d-2ada5962e22a"},{"properties":{"displayName":"Virtual
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f56a3ab2-89d1-44de-ac0d-2ada5962e22a","type":"Microsoft.Authorization/policyDefinitions","name":"f56a3ab2-89d1-44de-ac0d-2ada5962e22a"},{"properties":{"displayName":"Microsoft
+ Managed Control 1198 - Configuration Change Control | Security Representative","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1198"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f56be5c3-660b-4c61-9078-f67cf072c356","type":"Microsoft.Authorization/policyDefinitions","name":"f56be5c3-660b-4c61-9078-f67cf072c356"},{"properties":{"displayName":"Microsoft
+ Managed Control 1328 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1328"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f5c66fdc-3d02-4034-9db5-ba57802609de","type":"Microsoft.Authorization/policyDefinitions","name":"f5c66fdc-3d02-4034-9db5-ba57802609de"},{"properties":{"displayName":"Microsoft
+ Managed Control 1193 - Configuration Change Control | Automated Document /
+ Notification / Prohibition Of Changes","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1193"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f5fd629f-3075-4cae-ab53-bad65495a4ac","type":"Microsoft.Authorization/policyDefinitions","name":"f5fd629f-3075-4cae-ab53-bad65495a4ac"},{"properties":{"displayName":"Virtual
machines should be associated with a Network Security Group","policyType":"BuiltIn","mode":"All","description":"Protect
your VM from potential threats by restricting access to it with a Network
Security Group (NSG). NSGs contain a list of Access Control List (ACL) rules
that allow or deny network traffic to your VM from other instances, in or
outside the same subnet.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnVirtualMachines","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","type":"Microsoft.Authorization/policyDefinitions","name":"f6de0be7-9a8a-4b8a-b349-43cf02d22f7c"},{"properties":{"displayName":"Show
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnVirtualMachines","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","type":"Microsoft.Authorization/policyDefinitions","name":"f6de0be7-9a8a-4b8a-b349-43cf02d22f7c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1214 - Least Functionality","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1214"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f714a4e2-b580-47b6-ae8c-f2812d3750f3","type":"Microsoft.Authorization/policyDefinitions","name":"f714a4e2-b580-47b6-ae8c-f2812d3750f3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1591 - External Information System Services | Ident. Of Functions
+ / Ports / Protocols / Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1591"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f751cdb7-fbee-406b-969b-815d367cb9b3","type":"Microsoft.Authorization/policyDefinitions","name":"f751cdb7-fbee-406b-969b-815d367cb9b3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1330 - Authenticator Management | Password-Based Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1330"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f75cedb2-5def-4b31-973e-b69e8c7bd031","type":"Microsoft.Authorization/policyDefinitions","name":"f75cedb2-5def-4b31-973e-b69e8c7bd031"},{"properties":{"displayName":"Microsoft
+ Managed Control 1540 - Security Categorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1540"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f771f8cb-6642-45cc-9a15-8a41cd5c6977","type":"Microsoft.Authorization/policyDefinitions","name":"f771f8cb-6642-45cc-9a15-8a41cd5c6977"},{"properties":{"displayName":"Microsoft
+ Managed Control 1449 - Physical Access Authorizations","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1449"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f784d3b0-5f2b-49b7-b9f3-00ba8653ced5","type":"Microsoft.Authorization/policyDefinitions","name":"f784d3b0-5f2b-49b7-b9f3-00ba8653ced5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1506 - Personnel Security Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1506"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f7d2ff17-d604-4dd9-b607-9ecf63f28ad2","type":"Microsoft.Authorization/policyDefinitions","name":"f7d2ff17-d604-4dd9-b607-9ecf63f28ad2"},{"properties":{"displayName":"Show
audit results from Windows VMs that do not have the specified Windows PowerShell
execution policy","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -3051,11 +6016,20 @@ interactions:
auditing Windows virtual machines where Windows PowerShell is not configured
to use the specified PowerShell execution policy. For more information on
Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellExecutionPolicy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8036bd0-c10b-4931-86bb-94a878add855","type":"Microsoft.Authorization/policyDefinitions","name":"f8036bd0-c10b-4931-86bb-94a878add855"},{"properties":{"displayName":"External
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellExecutionPolicy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8036bd0-c10b-4931-86bb-94a878add855","type":"Microsoft.Authorization/policyDefinitions","name":"f8036bd0-c10b-4931-86bb-94a878add855"},{"properties":{"displayName":"Microsoft
+ Managed Control 1705 - Security Alerts, Advisories, And Directives","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1705"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f82e3639-fa2b-4e06-a786-932d8379b972","type":"Microsoft.Authorization/policyDefinitions","name":"f82e3639-fa2b-4e06-a786-932d8379b972"},{"properties":{"displayName":"External
accounts with owner permissions should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"External
accounts with owner permissions should be removed from your subscription in
order to prevent unmonitored access.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","type":"Microsoft.Authorization/policyDefinitions","name":"f8456c1c-aa66-4dfb-861a-25d127b775c9"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","type":"Microsoft.Authorization/policyDefinitions","name":"f8456c1c-aa66-4dfb-861a-25d127b775c9"},{"properties":{"displayName":"Microsoft
+ Managed Control 1345 - Cryptographic Module Authentication","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1345"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f86aa129-7c07-4aa4-bbf5-792d93ffd9ea","type":"Microsoft.Authorization/policyDefinitions","name":"f86aa129-7c07-4aa4-bbf5-792d93ffd9ea"},{"properties":{"displayName":"Microsoft
+ Managed Control 1065 - Remote Access | Privileged Commands / Access","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1065"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f87b8085-dca9-4cf1-8f7b-9822b997797c","type":"Microsoft.Authorization/policyDefinitions","name":"f87b8085-dca9-4cf1-8f7b-9822b997797c"},{"properties":{"displayName":"[Preview]:
Deploy requirements to audit Windows VMs configurations in ''System Audit
Policies - System''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
@@ -3080,20 +6054,69 @@ interactions:
your network is compromised","metadata":{"category":"Service Bus"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","type":"Microsoft.Authorization/policyDefinitions","name":"f8d36e2f-389b-4ee4-898d-21aeb69a0f45"},{"properties":{"displayName":"Diagnostic
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","type":"Microsoft.Authorization/policyDefinitions","name":"f8d36e2f-389b-4ee4-898d-21aeb69a0f45"},{"properties":{"displayName":"Microsoft
+ Managed Control 1203 - Access Restrictions For Change | Automated Access Enforcement
+ / Auditing","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1203"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9012d14-e3e6-4d7b-b926-9f37b5537066","type":"Microsoft.Authorization/policyDefinitions","name":"f9012d14-e3e6-4d7b-b926-9f37b5537066"},{"properties":{"displayName":"Microsoft
+ Managed Control 1697 - Information System Monitoring | Analyze Traffic / Covert
+ Exfiltration","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1697"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9873db2-18ad-46b3-a11a-1a1f8cbf0335","type":"Microsoft.Authorization/policyDefinitions","name":"f9873db2-18ad-46b3-a11a-1a1f8cbf0335"},{"properties":{"displayName":"Microsoft
+ Managed Control 1478 - Fire Protection | Suppression Devices / Systems","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Physical and Environmental Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1478"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f997df46-cfbb-4cc8-aac8-3fecdaf6a183","type":"Microsoft.Authorization/policyDefinitions","name":"f997df46-cfbb-4cc8-aac8-3fecdaf6a183"},{"properties":{"displayName":"Microsoft
+ Managed Control 1535 - Personnel Sanctions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Personnel Security control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1535"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9a165d2-967d-4733-8399-1074270dae2e","type":"Microsoft.Authorization/policyDefinitions","name":"f9a165d2-967d-4733-8399-1074270dae2e"},{"properties":{"displayName":"Microsoft
+ Managed Control 1108 - Content Of Audit Records | Additional Audit Information","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1108"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9ad559e-c12d-415e-9a78-e50fdd7da7ba","type":"Microsoft.Authorization/policyDefinitions","name":"f9ad559e-c12d-415e-9a78-e50fdd7da7ba"},{"properties":{"displayName":"Diagnostic
logs in Azure Stream Analytics should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
enabling of diagnostic logs. This enables you to recreate activity trails
to use for investigation purposes; when a security incident occurs or when
your network is compromised","metadata":{"category":"Stream Analytics"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingJobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","type":"Microsoft.Authorization/policyDefinitions","name":"f9be5368-9bf5-4b84-9e0a-7850da98bb46"},{"properties":{"displayName":"[Preview]:
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingJobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","type":"Microsoft.Authorization/policyDefinitions","name":"f9be5368-9bf5-4b84-9e0a-7850da98bb46"},{"properties":{"displayName":"Latest
+ TLS version should be used in your Function App","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
+ to the latest TLS version","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","type":"Microsoft.Authorization/policyDefinitions","name":"f9d614c5-c173-4d56-95a7-b4437057d193"},{"properties":{"displayName":"Microsoft
+ Managed Control 1280 - Telecommunications Services | Priority Of Service Provisions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Contingency Planning control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1280"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fa108498-b3a8-4ffb-9e79-1107e76afad3","type":"Microsoft.Authorization/policyDefinitions","name":"fa108498-b3a8-4ffb-9e79-1107e76afad3"},{"properties":{"displayName":"Microsoft
+ Managed Control 1037 - Least Privilege | Network Access To Privileged Commands","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1037"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fa4c2a3d-1294-41a3-9ada-0e540471e9fb","type":"Microsoft.Authorization/policyDefinitions","name":"fa4c2a3d-1294-41a3-9ada-0e540471e9fb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1435 - Media Transport","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Media Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1435"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fa8d221b-d130-4637-ba16-501e666628bb","type":"Microsoft.Authorization/policyDefinitions","name":"fa8d221b-d130-4637-ba16-501e666628bb"},{"properties":{"displayName":"Microsoft
+ Managed Control 1675 - Flaw Remediation | Time To Remediate Flaws / Benchmarks
+ For Corrective Actions","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1675"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/facb66e0-1c48-478a-bed5-747a312323e1","type":"Microsoft.Authorization/policyDefinitions","name":"facb66e0-1c48-478a-bed5-747a312323e1"},{"properties":{"displayName":"Deploy
+ prerequisites to enable Guest Configuration Policy on Linux VMs.","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a system-assigned managed identity and deploys the VM extension
+ for Guest Configuration on Linux VMs. This is a prerequisites for Guest Configuration
+ Policy and must be assigned to the scope before using any Guest Configuration
+ policy. For more information on Guest Configuration policies, please visit
+ https://aka.ms/gcpol.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.Compute/virtualMachines/extensions","name":"AzurePolicyforLinux","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.GuestConfiguration"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"ConfigurationforLinux"}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"resources":[{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}}}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb27e9e0-526e-4ae1-89f2-a2a0bf0f8a50","type":"Microsoft.Authorization/policyDefinitions","name":"fb27e9e0-526e-4ae1-89f2-a2a0bf0f8a50"},{"properties":{"displayName":"Microsoft
+ Managed Control 1086 - Publicly Accessible Content","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1086"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb321e6f-16a0-4be3-878f-500956e309c5","type":"Microsoft.Authorization/policyDefinitions","name":"fb321e6f-16a0-4be3-878f-500956e309c5"},{"properties":{"displayName":"Microsoft
+ Managed Control 1222 - Information System Component Inventory","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Configuration Management control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1222"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb39e62f-6bda-4558-8088-ec03d5670914","type":"Microsoft.Authorization/policyDefinitions","name":"fb39e62f-6bda-4558-8088-ec03d5670914"},{"properties":{"displayName":"[Preview]:
Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
your Kubernetes service cluster to a later Kubernetes version to protect against
known vulnerabilities in your current Kubernetes version. Vulnerability CVE-2019-9946
has been patched in Kubernetes versions 1.11.9+, 1.12.7+, 1.13.5+, and 1.14.0+","metadata":{"category":"Security
Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.13.4","1.13.3","1.13.2","1.13.1","1.13.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.12.6","1.12.5","1.12.4","1.12.3","1.12.2","1.12.1","1.12.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.11.8","1.11.7","1.11.6","1.11.5","1.11.4","1.11.3","1.11.2","1.11.1","1.11.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.10.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.9.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.8.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.7.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.6.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.5.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.4.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.3.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.2.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.1.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.0.*"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","type":"Microsoft.Authorization/policyDefinitions","name":"fb893a29-21bb-418c-a157-e99480ec364c"},{"properties":{"displayName":"[Preview]:
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.13.4","1.13.3","1.13.2","1.13.1","1.13.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.12.6","1.12.5","1.12.4","1.12.3","1.12.2","1.12.1","1.12.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.11.8","1.11.7","1.11.6","1.11.5","1.11.4","1.11.3","1.11.2","1.11.1","1.11.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.10.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.9.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.8.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.7.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.6.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.5.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.4.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.3.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.2.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.1.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.0.*"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","type":"Microsoft.Authorization/policyDefinitions","name":"fb893a29-21bb-418c-a157-e99480ec364c"},{"properties":{"displayName":"Microsoft
+ Managed Control 1075 - Access Control For Mobile Devices | Full Device / Container-Based Encryption","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Access Control control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1075"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fc933d22-04df-48ed-8f87-22a3773d4309","type":"Microsoft.Authorization/policyDefinitions","name":"fc933d22-04df-48ed-8f87-22a3773d4309"},{"properties":{"displayName":"[Preview]:
Show audit results from Windows VMs configurations in ''Security Options -
Microsoft Network Client''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
@@ -3101,7 +6124,35 @@ interactions:
auditing Windows virtual machines with non-compliant settings in Group Policy
category: ''Security Options - Microsoft Network Client''. For more information
on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkClient","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fcbc55c9-f25a-4e55-a6cb-33acb3be778b","type":"Microsoft.Authorization/policyDefinitions","name":"fcbc55c9-f25a-4e55-a6cb-33acb3be778b"},{"properties":{"displayName":"Show
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkClient","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fcbc55c9-f25a-4e55-a6cb-33acb3be778b","type":"Microsoft.Authorization/policyDefinitions","name":"fcbc55c9-f25a-4e55-a6cb-33acb3be778b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1318 - Authenticator Management","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1318"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fced5fda-3bdb-4d73-bfea-0e2c80428b66","type":"Microsoft.Authorization/policyDefinitions","name":"fced5fda-3bdb-4d73-bfea-0e2c80428b66"},{"properties":{"displayName":"Microsoft
+ Managed Control 1543 - Risk Assessment","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Risk Assessment control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1543"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd00b778-b5b5-49c0-a994-734ea7bd3624","type":"Microsoft.Authorization/policyDefinitions","name":"fd00b778-b5b5-49c0-a994-734ea7bd3624"},{"properties":{"displayName":"Microsoft
+ Managed Control 1707 - Security Alerts, Advisories, And Directives | Automated
+ Alerts And Advisories","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Information Integrity control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1707"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd4a2ac8-868a-4702-a345-6c896c3361ce","type":"Microsoft.Authorization/policyDefinitions","name":"fd4a2ac8-868a-4702-a345-6c896c3361ce"},{"properties":{"displayName":"Microsoft
+ Managed Control 1299 - Identification And Authentication Policy And Procedures","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Identification and Authentication control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1299"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd4e54f7-9ab0-4bae-b6cc-457809948a89","type":"Microsoft.Authorization/policyDefinitions","name":"fd4e54f7-9ab0-4bae-b6cc-457809948a89"},{"properties":{"displayName":"Microsoft
+ Managed Control 1627 - Boundary Protection | External Telecommunications Services","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Communications Protection control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1627"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd73310d-76fc-422d-bda4-3a077149f179","type":"Microsoft.Authorization/policyDefinitions","name":"fd73310d-76fc-422d-bda4-3a077149f179"},{"properties":{"displayName":"Microsoft
+ Managed Control 1130 - Time Stamps | Synchronization With Authoritative Time
+ Source","policyType":"Static","mode":"Indexed","description":"Microsoft implements
+ this Audit and Accountability control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1130"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fd7c4c1d-51ee-4349-9dab-89a7f8c8d102","type":"Microsoft.Authorization/policyDefinitions","name":"fd7c4c1d-51ee-4349-9dab-89a7f8c8d102"},{"properties":{"displayName":"Microsoft
+ Managed Control 1611 - Developer-Provided Training","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1611"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f","type":"Microsoft.Authorization/policyDefinitions","name":"fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f"},{"properties":{"displayName":"Microsoft
+ Managed Control 1405 - Maintenance Tools | Inspect Tools","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1405"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b","type":"Microsoft.Authorization/policyDefinitions","name":"fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b"},{"properties":{"displayName":"Microsoft
+ Managed Control 1613 - Developer Security Architecture And Design","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this System and Services Acquisition control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1613"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fe2ad78b-8748-4bff-a924-f74dfca93f30","type":"Microsoft.Authorization/policyDefinitions","name":"fe2ad78b-8748-4bff-a924-f74dfca93f30"},{"properties":{"displayName":"Show
audit results from Linux VMs that do not have the specified applications installed","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
@@ -3111,8 +6162,20 @@ interactions:
on your SQL databases should be remediated","policyType":"BuiltIn","mode":"Indexed","description":"Monitor
Vulnerability Assessment scan results and recommendations for how to remediate
database vulnerabilities.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Sql/servers/databases","Microsoft.Sql/managedinstances/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"sqlVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","type":"Microsoft.Authorization/policyDefinitions","name":"feedbf84-6b99-488c-acc2-71c829aa5ffc"},{"properties":{"displayName":"[Limited
- Preview]: Ensure containers listen only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Sql/servers/databases","Microsoft.Sql/managedinstances/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"sqlVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","type":"Microsoft.Authorization/policyDefinitions","name":"feedbf84-6b99-488c-acc2-71c829aa5ffc"},{"properties":{"displayName":"Microsoft
+ Managed Control 1407 - Maintenance Tools | Prevent Unauthorized Removal","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Maintenance control","metadata":{"category":"Regulatory Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1407"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ff9fbd83-1d8d-4b41-aac2-94cb44b33976","type":"Microsoft.Authorization/policyDefinitions","name":"ff9fbd83-1d8d-4b41-aac2-94cb44b33976"},{"properties":{"displayName":"Microsoft
+ Managed Control 1158 - Security Authorization","policyType":"Static","mode":"Indexed","description":"Microsoft
+ implements this Security Assessment and Authorization control","metadata":{"category":"Regulatory
+ Compliance","additionalMetadataId":"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1158"},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Resources/subscriptions","Microsoft.Resources/subscriptions/resourceGroups"]},{"value":"false","equals":"true"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fff50cf2-28eb-45b4-b378-c99412688907","type":"Microsoft.Authorization/policyDefinitions","name":"fff50cf2-28eb-45b4-b378-c99412688907"},{"properties":{"displayName":"[Preview]:
+ Manage certificate validity period","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the maximum validity period for certificates in months.","metadata":{"category":"Key
+ Vault","preview":true},"parameters":{"maximumValidityInMonths":{"type":"Integer","metadata":{"displayName":"The
+ maximum validity in months","description":"The limit to how long a certificate
+ may be valid for. Certificates with lengthy validity periods aren''t best
+ practice."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/properties.validityInMonths","greater":"[parameters(''maximumValidityInMonths'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560","type":"Microsoft.Authorization/policyDefinitions","name":"0a075868-4c26-42ef-914c-5bc007359560"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Ensure containers listen only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces containers to listen only on allowed ports in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
@@ -3120,8 +6183,25 @@ interactions:
service"},"parameters":{"allowedContainerPortsRegex":{"type":"String","metadata":{"displayName":"Allowed
container ports regex","description":"Regex representing container ports allowed
in Kubernetes cluster. E.g. Regex for allowing ports 443,446 is ^(443|446)$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerAllowedPorts","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-allowed-ports/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedContainerPortsRegex":"[parameters(''allowedContainerPortsRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f636243-1b1c-4d50-880f-310f6199f2cb","type":"Microsoft.Authorization/policyDefinitions","name":"0f636243-1b1c-4d50-880f-310f6199f2cb"},{"properties":{"displayName":"[Limited
- Preview]: Enforce labels on pods in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerAllowedPorts","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-allowed-ports/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedContainerPortsRegex":"[parameters(''allowedContainerPortsRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f636243-1b1c-4d50-880f-310f6199f2cb","type":"Microsoft.Authorization/policyDefinitions","name":"0f636243-1b1c-4d50-880f-310f6199f2cb"},{"properties":{"displayName":"[Preview]:
+ Manage allowed certificate key types","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the allowed key types for certificates.","metadata":{"category":"Key
+ Vault","preview":true},"parameters":{"allowedKeyTypes":{"type":"Array","metadata":{"displayName":"Allowed
+ key types","description":"The list of allowed certificate key types."},"allowedValues":["RSA","RSA-HSM","EC","EC-HSM"],"defaultValue":["RSA","RSA-HSM"]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType","notIn":"[parameters(''allowedKeyTypes'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f","type":"Microsoft.Authorization/policyDefinitions","name":"1151cede-290b-4ba0-8b38-0ad145ac888f"},{"properties":{"displayName":"[Preview]:
+ Manage certificate lifetime action triggers","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the configuration for certificate lifetime action triggers
+ before certificate expiration.","metadata":{"category":"Key Vault","preview":true},"parameters":{"maximumPercentageLife":{"type":"Integer","metadata":{"displayName":"The
+ maximum lifetime percentage","description":"Enter the percentage of lifetime
+ of the certificate when you want to trigger the policy action. For example,
+ to trigger a policy action at 80% of the certificate''s valid life, enter
+ ''80''."}},"minimumDaysBeforeExpiry":{"type":"Integer","metadata":{"displayName":"The
+ minimum days before expiry","description":"Enter the days before expiration
+ of the certificate when you want to trigger the policy action. For example,
+ to trigger a policy action 90 days before the certificate''s expiration, enter
+ ''90''."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.daysBeforeExpiry","exists":"True"},{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.daysBeforeExpiry","less":"[parameters(''minimumDaysBeforeExpiry'')]"}]},{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.lifetimePercentage","exists":"True"},{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.lifetimePercentage","greater":"[parameters(''maximumPercentageLife'')]"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417","type":"Microsoft.Authorization/policyDefinitions","name":"12ef42cb-9903-4e39-9c26-422d29570417"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Enforce labels on pods in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces the specified labels are provided for pods in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
@@ -3129,8 +6209,20 @@ interactions:
service"},"parameters":{"commaSeparatedListOfLabels":{"type":"String","metadata":{"displayName":"Comma-separated
list of labels","description":"A comma-separated list of labels to be specified
on Pods in Kubernetes cluster. E.g. test1,test2"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"PodEnforceLabels","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/pod-enforce-labels/limited-preview/gatekeeperpolicy.rego","policyParameters":{"commaSeparatedListOfLabels":"[parameters(''commaSeparatedListOfLabels'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16c6ca72-89d2-4798-b87e-496f9de7fcb7","type":"Microsoft.Authorization/policyDefinitions","name":"16c6ca72-89d2-4798-b87e-496f9de7fcb7"},{"properties":{"displayName":"[Limited
- Preview]: Ensure services listen only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"PodEnforceLabels","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/pod-enforce-labels/limited-preview/gatekeeperpolicy.rego","policyParameters":{"commaSeparatedListOfLabels":"[parameters(''commaSeparatedListOfLabels'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16c6ca72-89d2-4798-b87e-496f9de7fcb7","type":"Microsoft.Authorization/policyDefinitions","name":"16c6ca72-89d2-4798-b87e-496f9de7fcb7"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Enforce HTTPS ingress in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces HTTPS ingress in a Kubernetes cluster. For instructions on
+ using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-https-only/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-https-only/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d","type":"Microsoft.Authorization/policyDefinitions","name":"1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Ensure services listen only on allowed ports in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces services to listen only on allowed ports in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"allowedServicePortsList":{"type":"Array","metadata":{"displayName":"Allowed
+ service ports list","description":"The list of service ports allowed in a
+ Kubernetes cluster."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/service-allowed-ports/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/service-allowed-ports/constraint.yaml","values":{"allowedServicePorts":"[parameters(''allowedServicePortsList'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/233a2a17-77ca-4fb1-9b6b-69223d272a44","type":"Microsoft.Authorization/policyDefinitions","name":"233a2a17-77ca-4fb1-9b6b-69223d272a44"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Ensure services listen only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces services to listen only on allowed ports in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
@@ -3139,14 +6231,34 @@ interactions:
service ports regex","description":"Regex representing service ports allowed
in Kubernetes cluster. E.g. Regex for allowing ports 443,446 is ^(443|446)$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ServiceAllowedPorts","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/service-allowed-ports/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedServicePortsRegex":"[parameters(''allowedServicePortsRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/25dee3db-6ce0-4c02-ab5d-245887b24077","type":"Microsoft.Authorization/policyDefinitions","name":"25dee3db-6ce0-4c02-ab5d-245887b24077"},{"properties":{"displayName":"[Limited
- Preview]: Enforce HTTPS ingress in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ Preview]: [AKS] Enforce HTTPS ingress in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces HTTPS ingress in an Azure Kubernetes Service cluster. Limited
Preview policies only work for registered subscriptions. To register, please
go to https://aka.ms/akspolicyonboarding. For instruction on using this policy,
please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"HttpsIngressOnly","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-https-only/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fbff515-eecc-4b7e-9b63-fcc7138b7dc3","type":"Microsoft.Authorization/policyDefinitions","name":"2fbff515-eecc-4b7e-9b63-fcc7138b7dc3"},{"properties":{"displayName":"[Limited
- Preview]: Ensure only allowed container images in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"HttpsIngressOnly","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-https-only/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fbff515-eecc-4b7e-9b63-fcc7138b7dc3","type":"Microsoft.Authorization/policyDefinitions","name":"2fbff515-eecc-4b7e-9b63-fcc7138b7dc3"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Enforce internal load balancers in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces load balancers do not have public IPs in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/load-balancer-no-public-ips/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/load-balancer-no-public-ips/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e","type":"Microsoft.Authorization/policyDefinitions","name":"3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Ensure containers listen only on allowed ports in Kubernetes
+ cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces containers to listen only on allowed ports in a Kubernetes
+ cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"allowedContainerPortsList":{"type":"Array","metadata":{"displayName":"Allowed
+ container ports list","description":"The list of container ports allowed in
+ a Kubernetes cluster."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-ports/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-ports/constraint.yaml","values":{"allowedContainerPorts":"[parameters(''allowedContainerPortsList'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/440b515e-a580-421e-abeb-b159a61ddcbc","type":"Microsoft.Authorization/policyDefinitions","name":"440b515e-a580-421e-abeb-b159a61ddcbc"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Enforce labels on pods in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces the specified labels are provided for pods in a Kubernetes
+ cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"labelsList":{"type":"Array","metadata":{"displayName":"List
+ of labels","description":"The list of labels to be specified on Pods in a
+ Kubernetes cluster."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/pod-enforce-labels/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/pod-enforce-labels/constraint.yaml","values":{"labels":"[parameters(''labelsList'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/46592696-4c7b-4bf3-9e45-6c2763bdc0a6","type":"Microsoft.Authorization/policyDefinitions","name":"46592696-4c7b-4bf3-9e45-6c2763bdc0a6"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Ensure only allowed container images in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy ensures only allowed container images are running in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
@@ -3156,47 +6268,123 @@ interactions:
allowed in Kubernetes cluster. E.g. Regex of azure container registry images
is ^.+azurecr.io/.+$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerAllowedImages","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-allowed-images/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedContainerImagesRegex":"[parameters(''allowedContainerImagesRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5f86cb6e-c4da-441b-807c-44bd0cc14e66","type":"Microsoft.Authorization/policyDefinitions","name":"5f86cb6e-c4da-441b-807c-44bd0cc14e66"},{"properties":{"displayName":"[Limited
- Preview]: Do not allow privileged containers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ Preview]: [AKS] Do not allow privileged containers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy does not allow privileged containers creation in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerNoPrivilege","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-no-privilege/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ce7ac02-a5c6-45d6-8d1b-844feb1c1531","type":"Microsoft.Authorization/policyDefinitions","name":"7ce7ac02-a5c6-45d6-8d1b-844feb1c1531"},{"properties":{"displayName":"[Limited
- Preview]: Ensure CPU and memory resource limits defined on containers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerNoPrivilege","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-no-privilege/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ce7ac02-a5c6-45d6-8d1b-844feb1c1531","type":"Microsoft.Authorization/policyDefinitions","name":"7ce7ac02-a5c6-45d6-8d1b-844feb1c1531"},{"properties":{"displayName":"[Preview]:
+ Manage certificates issued by an integrated CA","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages certificates are issued by a specified key vault integrated
+ Certificate Authority.","metadata":{"category":"Key Vault","preview":true},"parameters":{"allowedCAs":{"type":"Array","metadata":{"displayName":"Allowed
+ Azure Key Vault Supported CAs","description":"The list of allowed certificate
+ authorities supported by Azure Key Vault."},"allowedValues":["DigiCert","GlobalSign"],"defaultValue":["DigiCert","GlobalSign"]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/issuer.name","notIn":"[parameters(''allowedCAs'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82","type":"Microsoft.Authorization/policyDefinitions","name":"8e826246-c976-48f6-b03e-619bb92b3d82"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Do not allow privileged containers in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy does not allow privileged containers creation in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-no-privilege/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-no-privilege/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4","type":"Microsoft.Authorization/policyDefinitions","name":"95edb821-ddaf-4404-9732-666045e056b4"},{"properties":{"displayName":"[Preview]:
+ Manage certificates issued by a non-integrated CA","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages certificates are issued by a specified non-integrated Certificate
+ Authority.","metadata":{"category":"Key Vault","preview":true},"parameters":{"caCommonName":{"type":"String","metadata":{"displayName":"The
+ common name of the certificate authority","description":"The common name (CN)
+ of the Certificate Authority (CA) provider. For example, for an issuer CN
+ = Contoso, OU = .., DC = .., you can specify Contoso"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/issuer.commonName","notContains":"[parameters(''caCommonName'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341","type":"Microsoft.Authorization/policyDefinitions","name":"a22f4a40-01d3-4c7d-8071-da157eeff341"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Ensure CPU and memory resource limits defined on containers
+ in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy ensures CPU and memory resource limits are defined on containers in
an Azure Kubernetes Service cluster. Limited Preview policies only work for
registered subscriptions. To register, please go to https://aka.ms/akspolicyonboarding.
For instruction on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerResourceLimits","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-resource-limits/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2d3ed81-8d11-4079-80a5-1faadc0024f4","type":"Microsoft.Authorization/policyDefinitions","name":"a2d3ed81-8d11-4079-80a5-1faadc0024f4"},{"properties":{"displayName":"[Limited
- Preview]: Enforce internal load balancers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ Preview]: [AKS] Enforce internal load balancers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces load balancers do not have public IPs in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"LoadBalancersInternal","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/loadbalancer-no-publicips/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a74d8f00-2fd9-4ce4-968e-0ee1eb821698","type":"Microsoft.Authorization/policyDefinitions","name":"a74d8f00-2fd9-4ce4-968e-0ee1eb821698"},{"properties":{"displayName":"[Limited
- Preview]: Enforce unique ingress hostnames across namespaces in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"LoadBalancersInternal","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/loadbalancer-no-publicips/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a74d8f00-2fd9-4ce4-968e-0ee1eb821698","type":"Microsoft.Authorization/policyDefinitions","name":"a74d8f00-2fd9-4ce4-968e-0ee1eb821698"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Enforce unique ingress hostnames across namespaces in Kubernetes
+ cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces unique ingress hostnames across namespaces in a Kubernetes
+ cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-hostnames-conflict/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-hostnames-conflict/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b2fd3e59-6390-4f2b-8247-ea676bd03e2d","type":"Microsoft.Authorization/policyDefinitions","name":"b2fd3e59-6390-4f2b-8247-ea676bd03e2d"},{"properties":{"displayName":"[Preview]:
+ Manage allowed curve names for elliptic curve cryptography certificates","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the allowed elliptic curve names for elliptic curve cryptography
+ certificates.","metadata":{"category":"Key Vault","preview":true},"parameters":{"allowedECNames":{"type":"Array","metadata":{"displayName":"Allowed
+ elliptic curve names","description":"The list of allowed curve names for elliptic
+ curve cryptography certificates."},"allowedValues":["P-256","P-256K","P-384","P-521"],"defaultValue":["P-256","P-256K","P-384","P-521"]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType","in":["EC","EC-HSM"]},{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.ellipticCurveName","notIn":"[parameters(''allowedECNames'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf","type":"Microsoft.Authorization/policyDefinitions","name":"bd78111f-4953-4367-9fd5-7e08808b54bf"},{"properties":{"displayName":"[Preview]:
+ Manage minimum key size for RSA certificates","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the minimum key size for RSA certificates.","metadata":{"category":"Key
+ Vault","preview":true},"parameters":{"minimumRSAKeySize":{"type":"Integer","metadata":{"displayName":"Minimum
+ RSA key size","description":"The minimum key size for RSA certificates."},"allowedValues":[2048,3072,4096]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType","in":["RSA","RSA-HSM"]},{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keySize","less":"[parameters(''minimumRSAKeySize'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0","type":"Microsoft.Authorization/policyDefinitions","name":"cee51871-e572-4576-855c-047c820360f0"},{"properties":{"displayName":"[Limited
+ Preview]: [AKS] Enforce unique ingress hostnames across namespaces in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
policy enforces unique ingress hostnames across namespaces in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"UniqueIngressHostnames","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-hostnames-conflict/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d011d9f7-ba32-4005-b727-b3d09371ca60","type":"Microsoft.Authorization/policyDefinitions","name":"d011d9f7-ba32-4005-b727-b3d09371ca60"},{"properties":{"displayName":"audit
- tag perf test","policyType":"Custom","mode":"All","metadata":{},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"tagName","description":null}},"tagValue":{"type":"String","metadata":{"displayName":"tagValue","description":null}}},"policyRule":{"if":{"not":{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","equals":"[parameters(''tagValue'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/2b045b1b-f457-4358-aba2-cf8cff3c3136","type":"Microsoft.Authorization/policyDefinitions","name":"2b045b1b-f457-4358-aba2-cf8cff3c3136"},{"properties":{"displayName":"Audit
- if not perf test","policyType":"Custom","mode":"All","metadata":{"category":"PerfTest"},"policyRule":{"if":{"not":{"field":"tags.Test","equals":"Perf"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/audit-tags.shouldBePerfTest","type":"Microsoft.Authorization/policyDefinitions","name":"audit-tags.shouldBePerfTest"},{"properties":{"displayName":"Audit
- if not unit test","policyType":"Custom","mode":"All","metadata":{"category":"PerfTest"},"policyRule":{"if":{"not":{"field":"tags.Test","equals":"UnitTest"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/audit-tags.shouldBeUnitTest","type":"Microsoft.Authorization/policyDefinitions","name":"audit-tags.shouldBeUnitTest"},{"properties":{"displayName":"Audit
- tag","policyType":"Custom","mode":"Indexed","description":"Audit a specified
- Tag key to be present without requiring a value or applying a default value.","metadata":{"createdBy":"611684ad-7140-4124-b482-8d031bdc553e","createdOn":"2019-06-13T15:55:32.9932893Z","updatedBy":"611684ad-7140-4124-b482-8d031bdc553e","updatedOn":"2019-06-13T17:54:27.1111611Z"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
- Name","description":"Name of the tag, such as environment"}}},"policyRule":{"if":{"field":"[concat(''tags.'',parameters(''tagName''))]","exists":false},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/gokmenhTestDefinition","type":"Microsoft.Authorization/policyDefinitions","name":"gokmenhTestDefinition"},{"properties":{"displayName":"Deny
- tag","policyType":"Custom","mode":"Indexed","description":"Deny a specified
- Tag key to be present without requiring a value or applying a default value.","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-08-05T22:32:52.3646544Z","updatedBy":null,"updatedOn":null},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
- Name","description":"Name of the tag, such as environment"}}},"policyRule":{"if":{"field":"[concat(''tags.'',parameters(''tagName''))]","exists":false},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/sandipTestDefinition","type":"Microsoft.Authorization/policyDefinitions","name":"sandipTestDefinition"},{"properties":{"displayName":"rohitbh
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"UniqueIngressHostnames","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-hostnames-conflict/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d011d9f7-ba32-4005-b727-b3d09371ca60","type":"Microsoft.Authorization/policyDefinitions","name":"d011d9f7-ba32-4005-b727-b3d09371ca60"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Ensure container CPU and memory resource limits do not exceed
+ the specified limits in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy ensures container CPU and memory resource limits are defined and do
+ not exceed the specified limits in a Kubernetes cluster. For instructions
+ on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"cpuLimit":{"type":"String","metadata":{"displayName":"Max
+ allowed CPU units","description":"The maximum CPU units allowed for a container.
+ E.g. 200m. For more information, please refer https://aka.ms/k8s-policy-pod-limits"}},"memoryLimit":{"type":"String","metadata":{"displayName":"Max
+ allowed memory bytes","description":"The maximum memory bytes allowed for
+ a container. E.g. 1Gi. For more information, please refer https://aka.ms/k8s-policy-pod-limits"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-resource-limits/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-resource-limits/constraint.yaml","values":{"cpuLimit":"[parameters(''cpuLimit'')]","memoryLimit":"[parameters(''memoryLimit'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e345eecc-fa47-480f-9e88-67dcc122b164","type":"Microsoft.Authorization/policyDefinitions","name":"e345eecc-fa47-480f-9e88-67dcc122b164"},{"properties":{"displayName":"[Preview]:
+ Manage certificates that are within a specified number of days of expiration","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages certificates that are within a specified number of days to
+ their expiration date.","metadata":{"category":"Key Vault","preview":true},"parameters":{"daysToExpire":{"type":"Integer","metadata":{"displayName":"Days
+ to expire","description":"The number of days for a certificate to expire."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/attributes.expiresOn","lessOrEquals":"[addDays(utcNow(),
+ parameters(''daysToExpire''))]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427","type":"Microsoft.Authorization/policyDefinitions","name":"f772fb64-8e40-40ad-87bc-7706e1949427"},{"properties":{"displayName":"[Preview]:
+ [AKS Engine] Ensure only allowed container images in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy ensures only allowed container images are running in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"allowedContainerImagesRegex":{"type":"String","metadata":{"displayName":"Allowed
+ container images regex","description":"Regex representing container images
+ allowed in a Kubernetes cluster. E.g. Regex for azure container registry images
+ is ^.+azurecr.io/.+$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-images/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-images/constraint.yaml","values":{"allowedContainerImagesRegex":"[parameters(''allowedContainerImagesRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/febd0533-8e55-448f-b837-bd0e06f16469","type":"Microsoft.Authorization/policyDefinitions","name":"febd0533-8e55-448f-b837-bd0e06f16469"},{"properties":{"displayName":"Replace
+ tag without becoming compliant","policyType":"Custom","mode":"Indexed","description":"","metadata":{"category":"Tags","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-21T00:28:28.0537053Z","updatedBy":null,"updatedOn":null},"parameters":{},"policyRule":{"if":{"value":"true","equals":"true"},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"addOrReplace","field":"tags.mockTag","value":"mockValue"}]}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/270f0d11-af30-4c15-95f7-28ba884518f0","type":"Microsoft.Authorization/policyDefinitions","name":"270f0d11-af30-4c15-95f7-28ba884518f0"},{"properties":{"displayName":"rohitbh:
+ Key vault access policy","policyType":"Custom","mode":"All","description":"definition
+ description","metadata":{"createdBy":"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e","createdOn":"2019-03-26T00:11:44.907552Z","updatedBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","updatedOn":"2019-11-12T22:08:39.7776262Z"},"parameters":{"userObjectId":{"type":"String","metadata":{"displayName":"User
+ Object ID","description":"The GUID for the user which should have access"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"field":"Microsoft.Keyvault/vaults/accessPolicies[*].objectId","notEquals":"[parameters(''userObjectId'')]"}]},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.KeyVault/vaults","name":"current","deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"objectId":{"type":"string"},"keyVaultName":{"type":"string"},"secretsPermissions":{"type":"array","defaultValue":["list"]},"tenantId":{"type":"string"},"location":{"type":"string"},"sku":{"type":"object"},"existingAccessPolicies":{"type":"array","defaultValue":[]}},"variables":{"accessPolicies":[{"tenantId":"[parameters(''tenantId'')]","objectId":"[parameters(''objectId'')]","permissions":{"secrets":"[parameters(''secretsPermissions'')]"}}]},"resources":[{"type":"Microsoft.KeyVault/vaults","name":"[parameters(''keyVaultName'')]","location":"[parameters(''location'')]","apiVersion":"2018-02-14","properties":{"sku":"[parameters(''sku'')]","tenantId":"[parameters(''tenantId'')]","accessPolicies":"[concat(parameters(''existingAccessPolicies''),
+ variables(''accessPolicies''))]"}}]},"parameters":{"objectId":{"value":"[parameters(''userObjectId'')]"},"tenantId":{"value":"[field(''Microsoft.Keyvault/vaults/tenantId'')]"},"keyVaultName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"sku":{"value":"[field(''Microsoft.Keyvault/vaults/sku'')]"},"existingAccessPolicies":{"value":"[field(''Microsoft.Keyvault/vaults/accessPolicies'')]"}}}},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/f25e0fa2-a7c8-4377-a976-54943a77a395"]}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3863c624-094c-480d-bc42-74970b55e5e1","type":"Microsoft.Authorization/policyDefinitions","name":"3863c624-094c-480d-bc42-74970b55e5e1"},{"properties":{"displayName":"test_policyem3nif7gi","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-06T21:51:40.6097535Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
+ locations","description":"The list of locations that can be specified when
+ deploying resources"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policykavffx3v6","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policykavffx3v6"},{"properties":{"displayName":"testDisplay","policyType":"Custom","mode":"Indexed","description":"Updated
+ Unit test junk: sorry for littering. Please delete me!","metadata":{"testName":"testValue","createdBy":"7140c269-e408-47a5-a626-a1d836b96883","createdOn":"2019-12-02T22:35:27.2634648Z","updatedBy":"7140c269-e408-47a5-a626-a1d836b96883","updatedOn":"2019-12-02T22:35:29.2696603Z"},"policyRule":{"if":{"source":"action","equals":"Microsoft.Resources/Subscriptions/ResourceGroups/write"},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ps7866","type":"Microsoft.Authorization/policyDefinitions","name":"ps7866"},{"properties":{"displayName":"robga
+ test modify","policyType":"Custom","mode":"Indexed","metadata":{"createdBy":"0dc80135-ae53-4da3-8695-220a2d93aad8","createdOn":"2019-08-06T13:52:23.9266854Z","updatedBy":"0dc80135-ae53-4da3-8695-220a2d93aad8","updatedOn":"2019-08-28T17:18:53.3118044Z"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"tags.testModify","exists":"false"}]},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"add","field":"tags.testModify","value":"addModifyOperation"}]}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/robgaTestModify","type":"Microsoft.Authorization/policyDefinitions","name":"robgaTestModify"},{"properties":{"displayName":"Audit
+ tag at MG","policyType":"Custom","mode":"All","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-19T21:02:29.3038974Z","updatedBy":null,"updatedOn":null},"parameters":{},"policyRule":{"if":{"not":{"field":"tags.Test","equals":"UnitTest"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/03ae6c12-b46a-43f1-9f3d-c20620473106","type":"Microsoft.Authorization/policyDefinitions","name":"03ae6c12-b46a-43f1-9f3d-c20620473106"},{"properties":{"displayName":"\"metadata\":
+ { \"category\": \"testResourcesGrid\" },","policyType":"Custom","mode":"All","metadata":{"createdBy":"327c26bf-bf3e-4128-9b75-fbbd99e98739","createdOn":"2019-09-19T20:48:36.8149755Z","updatedBy":null,"updatedOn":null},"parameters":{},"policyRule":{"if":{"not":{"field":"tags.testResourcesGrid","equals":"testResourcesGrid"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/4bba2e95-2749-431f-95ff-d032a3ae57f6","type":"Microsoft.Authorization/policyDefinitions","name":"4bba2e95-2749-431f-95ff-d032a3ae57f6"},{"properties":{"displayName":"CaleC
+ - Technical Owner Email Tag on RG","policyType":"Custom","mode":"All","metadata":{"category":"Test","createdBy":"b8890a11-51b6-457d-99f0-b36fde28fa4f","createdOn":"2019-11-13T21:16:37.0623117Z","updatedBy":null,"updatedOn":null},"parameters":{"namePattern":{"type":"String","metadata":{"displayName":"Pattern
+ matching","description":"Pattern to use for names. Can include wildcard (*)."}},"tagName":{"type":"String","metadata":{"displayName":"tagName","description":"Technical
+ Owner Email Address"},"defaultValue":"TechnicalOwnerEmail"}},"policyRule":{"if":{"allOf":[{"not":{"field":"[concat(''tags['',parameters(''tagName''),
+ '']'')]","like":"[parameters(''namePattern'')]"}},{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/54d50b8c-c4c6-4552-9e50-19925aedcf44","type":"Microsoft.Authorization/policyDefinitions","name":"54d50b8c-c4c6-4552-9e50-19925aedcf44"},{"properties":{"displayName":"rohitbh
def","policyType":"Custom","mode":"All","metadata":{"category":"Test","createdBy":"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e","createdOn":"2019-03-28T00:13:27.0393653Z","updatedBy":null,"updatedOn":null},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed
locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/5b51a7de-acd9-42cd-81bd-32d9c01968e9","type":"Microsoft.Authorization/policyDefinitions","name":"5b51a7de-acd9-42cd-81bd-32d9c01968e9"},{"properties":{"displayName":"jilim
- audit subscriptions without security contacts","policyType":"Custom","mode":"All","metadata":{"createdBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","createdOn":"2019-06-07T20:59:59.7600143Z","updatedBy":null,"updatedOn":null},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/Subscriptions"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Security/securityContacts"}}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/67d90168-f067-43df-bd57-bca4b46df3a0","type":"Microsoft.Authorization/policyDefinitions","name":"67d90168-f067-43df-bd57-bca4b46df3a0"},{"properties":{"displayName":"jilim
+ audit subscriptions without security contacts","policyType":"Custom","mode":"All","metadata":{"createdBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","createdOn":"2019-06-07T20:59:59.7600143Z","updatedBy":null,"updatedOn":null},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/Subscriptions"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Security/securityContacts"}}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/67d90168-f067-43df-bd57-bca4b46df3a0","type":"Microsoft.Authorization/policyDefinitions","name":"67d90168-f067-43df-bd57-bca4b46df3a0"},{"properties":{"displayName":"Empty
+ deployment on each KeyVault resource","policyType":"Custom","mode":"Indexed","description":"Deploys
+ an empty deployment (with one output) on each KeyVault vault. Used for some
+ PolicyInsights SDK tests.","metadata":{"category":"SDK Tests","createdBy":"36e2f355-d2e2-4fbc-88ab-4281639dff94","createdOn":"2019-11-21T17:43:12.9974078Z","updatedBy":null,"updatedOn":null},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Authorization/policyAssignments","name":"notExists","roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/f25e0fa2-a7c8-4377-a976-54943a77a395"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[],"outputs":{"constantOutput":{"type":"string","value":"someConstantValue"}}}}}}}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/78a38c70-5549-49bd-8a16-fe3619e5d2cf","type":"Microsoft.Authorization/policyDefinitions","name":"78a38c70-5549-49bd-8a16-fe3619e5d2cf"},{"properties":{"displayName":"CaleC
+ - Ensure principal is member of role","policyType":"Custom","mode":"All","metadata":{"category":"Test","createdBy":"b8890a11-51b6-457d-99f0-b36fde28fa4f","createdOn":"2019-11-08T01:55:56.4678953Z","updatedBy":"b8890a11-51b6-457d-99f0-b36fde28fa4f","updatedOn":"2019-11-13T21:19:54.5769298Z"},"parameters":{"roleDefinitionId":{"type":"String","metadata":{"displayName":"Approved
+ Role Definition","description":"The role definition id to add the principal
+ to."}},"principalId":{"type":"String","metadata":{"displayName":"Principal
+ Id","description":"Principal Id to add to roles"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Authorization/roleDefinitions"},{"field":"name","equals":"[parameters(''roleDefinitionId'')]"}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Authorization/roleAssignments","deploymentScope":"subscription","existenceScope":"subscription","existenceCondition":{"allOf":[{"field":"Microsoft.Authorization/roleAssignments/principalId","equals":"[parameters(''principalId'')]"},{"field":"Microsoft.Authorization/roleAssignments/roleDefinitionId","equals":"[concat(subscription().id,
+ ''/providers/Microsoft.Authorization/roleDefinitions/'', parameters(''roleDefinitionId''))]"}]},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635"],"deployment":{"location":"eastus","properties":{"mode":"incremental","parameters":{"roleId":{"value":"[parameters(''roleDefinitionId'')]"},"principalId":{"value":"[parameters(''principalId'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"principalId":{"type":"string"},"roleId":{"type":"string"}},"resources":[{"name":"[guid(subscription().id,
+ parameters(''roleId''), parameters(''principalId''))]","type":"Microsoft.Authorization/roleAssignments","apiVersion":"2019-04-01-preview","properties":{"principalId":"[parameters(''principalId'')]","roleDefinitionId":"[concat(subscription().id,
+ ''/providers/Microsoft.Authorization/roleDefinitions/'', parameters(''roleId''))]"}}]}}}}}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/906ef7c2-27f9-48f4-b111-1f0aca8697cd","type":"Microsoft.Authorization/policyDefinitions","name":"906ef7c2-27f9-48f4-b111-1f0aca8697cd"},{"properties":{"displayName":"jilim
mg test 2","policyType":"Custom","mode":"All","metadata":{"createdBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","createdOn":"2019-04-01T18:34:15.5651057Z","updatedBy":null,"updatedOn":null},"policyRule":{"if":{"source":"action","equals":"Microsoft.Compute/virtualMachines/write"},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/jilim
mg test 2","type":"Microsoft.Authorization/policyDefinitions","name":"jilim
mg test 2"},{"properties":{"displayName":"jilim mg test","policyType":"Custom","mode":"All","metadata":{"createdBy":"69108416-6ac7-4a4f-ac13-fee20ff1ee02","createdOn":"2019-04-01T18:00:41.0087033Z","updatedBy":null,"updatedOn":null},"policyRule":{"if":{"source":"action","equals":"Microsoft.Compute/virtualMachines/write"},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/jilimmgtest","type":"Microsoft.Authorization/policyDefinitions","name":"jilimmgtest"}]}'
@@ -3204,11 +6392,11 @@ interactions:
cache-control:
- no-cache
content-length:
- - '880881'
+ - '1645036'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:46:50 GMT
+ - Fri, 06 Dec 2019 22:02:38 GMT
expires:
- '-1'
pragma:
@@ -3238,12 +6426,12 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
@@ -3256,7 +6444,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:46:50 GMT
+ - Fri, 06 Dec 2019 22:02:40 GMT
expires:
- '-1'
pragma:
@@ -3282,12 +6470,12 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56?api-version=2019-09-01
response:
body:
string: '{"properties":{"displayName":"Audit virtual machines without disaster
@@ -3302,7 +6490,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:46:50 GMT
+ - Fri, 06 Dec 2019 22:02:41 GMT
expires:
- '-1'
pragma:
@@ -3332,12 +6520,12 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
@@ -3350,7 +6538,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:46:51 GMT
+ - Fri, 06 Dec 2019 22:02:42 GMT
expires:
- '-1'
pragma:
@@ -3376,12 +6564,12 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd?api-version=2019-09-01
response:
body:
string: '{"properties":{"displayName":"[Deprecated]: Audit Web Sockets state
@@ -3398,7 +6586,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:46:51 GMT
+ - Fri, 06 Dec 2019 22:02:43 GMT
expires:
- '-1'
pragma:
@@ -3428,12 +6616,12 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/02a84be7-c304-421f-9bb7-5d2c26af54ad?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/02a84be7-c304-421f-9bb7-5d2c26af54ad?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
@@ -3446,7 +6634,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:46:52 GMT
+ - Fri, 06 Dec 2019 22:02:44 GMT
expires:
- '-1'
pragma:
@@ -3472,12 +6660,12 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/02a84be7-c304-421f-9bb7-5d2c26af54ad?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/02a84be7-c304-421f-9bb7-5d2c26af54ad?api-version=2019-09-01
response:
body:
string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
@@ -3496,7 +6684,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:46:52 GMT
+ - Fri, 06 Dec 2019 22:02:44 GMT
expires:
- '-1'
pragma:
@@ -3526,12 +6714,12 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
@@ -3544,7 +6732,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:46:53 GMT
+ - Fri, 06 Dec 2019 22:02:45 GMT
expires:
- '-1'
pragma:
@@ -3570,12 +6758,12 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260?api-version=2019-09-01
response:
body:
string: '{"properties":{"displayName":"SQL managed instance TDE protector should
@@ -3592,7 +6780,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:46:53 GMT
+ - Fri, 06 Dec 2019 22:02:45 GMT
expires:
- '-1'
pragma:
@@ -3622,16 +6810,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/04c4380f-3fae-46e8-96c9-30193528f602?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''053d3325-282c-4e5c-b944-24faffd30d77'' could not be found."}}'
+ ''04c4380f-3fae-46e8-96c9-30193528f602'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -3640,7 +6828,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:46:53 GMT
+ - Fri, 06 Dec 2019 22:02:46 GMT
expires:
- '-1'
pragma:
@@ -3666,37 +6854,30 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/04c4380f-3fae-46e8-96c9-30193528f602?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy Log Analytics Agent
- for Linux VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
- Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined
- and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log
- Analytics workspace","description":"Select Log Analytics workspace from dropdown
- list. If this workspace is outside of the scope of the assignment you must
- manually grant ''Log Analytics Contributor'' permissions (or similar) to the
- policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional:
- List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"OmsAgentForLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"OmsAgentForLinux","vmExtensionTypeHandlerVersion":"1.7"},"resources":[{"name":"[concat(parameters(''vmName''),
- ''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
- ''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
- ''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77","type":"Microsoft.Authorization/policyDefinitions","name":"053d3325-282c-4e5c-b944-24faffd30d77"}'
+ string: '{"properties":{"displayName":"[Preview]: Network traffic data collection
+ agent should be installed on Linux virtual machines","policyType":"BuiltIn","mode":"Indexed","description":"Security
+ Center uses the Microsoft Monitoring Dependency Agent to collect network traffic
+ data from your Azure virtual machines to enable advanced network protection
+ features such as traffic visualization on the network map, network hardening
+ recommendations and specific network threats.","metadata":{"category":"Monitoring","preview":"true"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable Dependency Agent for Linux VMs monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/04c4380f-3fae-46e8-96c9-30193528f602","type":"Microsoft.Authorization/policyDefinitions","name":"04c4380f-3fae-46e8-96c9-30193528f602"}'
headers:
cache-control:
- no-cache
content-length:
- - '4955'
+ - '2955'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:46:53 GMT
+ - Fri, 06 Dec 2019 22:02:47 GMT
expires:
- '-1'
pragma:
@@ -3726,16 +6907,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''057ef27e-665e-4328-8ea3-04b3122bd9fb'' could not be found."}}'
+ ''04d53d87-841c-4f23-8a5b-21564380b55e'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -3744,7 +6925,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:46:54 GMT
+ - Fri, 06 Dec 2019 22:02:48 GMT
expires:
- '-1'
pragma:
@@ -3770,31 +6951,39 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Diagnostic logs in Azure Data Lake Store
- should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
- enabling of diagnostic logs. This enables you to recreate activity trails
- to use for investigation purposes; when a security incident occurs or when
- your network is compromised","metadata":{"category":"Data Lake"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
- retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","type":"Microsoft.Authorization/policyDefinitions","name":"057ef27e-665e-4328-8ea3-04b3122bd9fb"}'
+ string: '{"properties":{"displayName":"Deploy Diagnostic Settings for Service
+ Bus to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Service Bus to stream to a regional Log Analytics
+ workspace when any Service Bus which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.ServiceBus/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e","type":"Microsoft.Authorization/policyDefinitions","name":"04d53d87-841c-4f23-8a5b-21564380b55e"}'
headers:
cache-control:
- no-cache
content-length:
- - '1797'
+ - '3721'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:46:54 GMT
+ - Fri, 06 Dec 2019 22:02:48 GMT
expires:
- '-1'
pragma:
@@ -3824,16 +7013,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''06a78e20-9358-41c9-923c-fb736d382a12'' could not be found."}}'
+ ''053d3325-282c-4e5c-b944-24faffd30d77'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -3842,7 +7031,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:46:54 GMT
+ - Fri, 06 Dec 2019 22:02:49 GMT
expires:
- '-1'
pragma:
@@ -3868,26 +7057,37 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Audit SQL DB Level Audit Setting","policyType":"BuiltIn","mode":"All","description":"Audit
- DB level audit setting for SQL databases","metadata":{"category":"SQL","deprecated":true},"parameters":{"setting":{"type":"String","metadata":{"displayName":"Audit
- Setting"},"allowedValues":["enabled","disabled"]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Sql/servers/databases/auditingSettings","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/auditingSettings.state","equals":"[parameters(''setting'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a12"}'
+ string: '{"properties":{"displayName":"[Preview]: Deploy Log Analytics Agent
+ for Linux VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
+ Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined
+ and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional:
+ List of VM images that have supported Linux OS to add to scope","description":"Example
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"OmsAgentForLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"OmsAgentForLinux","vmExtensionTypeHandlerVersion":"1.7"},"resources":[{"name":"[concat(parameters(''vmName''),
+ ''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
+ ''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
+ ''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77","type":"Microsoft.Authorization/policyDefinitions","name":"053d3325-282c-4e5c-b944-24faffd30d77"}'
headers:
cache-control:
- no-cache
content-length:
- - '902'
+ - '4955'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:46:54 GMT
+ - Fri, 06 Dec 2019 22:02:50 GMT
expires:
- '-1'
pragma:
@@ -3917,16 +7117,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''06a78e20-9358-41c9-923c-fb736d382a4d'' could not be found."}}'
+ ''057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -3935,7 +7135,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:46:54 GMT
+ - Fri, 06 Dec 2019 22:02:50 GMT
expires:
- '-1'
pragma:
@@ -3961,25 +7161,29 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Audit VMs that do not use managed disks","policyType":"BuiltIn","mode":"All","description":"This
- policy audits VMs that do not use managed disks","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/virtualMachines/osDisk.uri","exists":"True"}]},{"allOf":[{"field":"type","equals":"Microsoft.Compute/VirtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers","exists":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl","exists":"True"}]}]}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a4d"}'
+ string: '{"properties":{"displayName":"Vulnerability Assessment settings for
+ SQL server should contain an email address to receive scan reports","policyType":"BuiltIn","mode":"Indexed","description":"Ensure
+ that an email address is provided for the ''Send scan reports to'' field in
+ the Vulnerability Assessment settings. This email address receives scan result
+ summary after a periodic scan runs on SQL servers.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/vulnerabilityAssessments/default.recurringScans.emails[*]","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9","type":"Microsoft.Authorization/policyDefinitions","name":"057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9"}'
headers:
cache-control:
- no-cache
content-length:
- - '897'
+ - '1176'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:46:54 GMT
+ - Fri, 06 Dec 2019 22:02:51 GMT
expires:
- '-1'
pragma:
@@ -4009,16 +7213,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''0820b7b9-23aa-4725-a1ce-ae4558f718e5'' could not be found."}}'
+ ''057ef27e-665e-4328-8ea3-04b3122bd9fb'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -4027,7 +7231,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:46:55 GMT
+ - Fri, 06 Dec 2019 22:02:52 GMT
expires:
- '-1'
pragma:
@@ -4053,29 +7257,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"CORS should not allow every resource
- to access your Function Apps","policyType":"BuiltIn","mode":"Indexed","description":"Cross-Origin
- Resource Sharing (CORS) should not allow all domains to access your Function
- app. Allow only required domains to interact with your Function app.","metadata":{"category":"App
- Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5","type":"Microsoft.Authorization/policyDefinitions","name":"0820b7b9-23aa-4725-a1ce-ae4558f718e5"}'
+ string: '{"properties":{"displayName":"Diagnostic logs in Azure Data Lake Store
+ should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
+ enabling of diagnostic logs. This enables you to recreate activity trails
+ to use for investigation purposes; when a security incident occurs or when
+ your network is compromised","metadata":{"category":"Data Lake"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (days)","description":"The required diagnostic logs retention in
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","type":"Microsoft.Authorization/policyDefinitions","name":"057ef27e-665e-4328-8ea3-04b3122bd9fb"}'
headers:
cache-control:
- no-cache
content-length:
- - '1080'
+ - '1797'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:46:55 GMT
+ - Fri, 06 Dec 2019 22:02:53 GMT
expires:
- '-1'
pragma:
@@ -4105,16 +7311,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''0868462e-646c-4fe3-9ced-a733534b6a2c'' could not be found."}}'
+ ''06a78e20-9358-41c9-923c-fb736d382a12'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -4123,7 +7329,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:46:55 GMT
+ - Fri, 06 Dec 2019 22:02:54 GMT
expires:
- '-1'
pragma:
@@ -4149,38 +7355,27 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy Log Analytics Agent
- for Windows VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
- Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined
- and the agent is not installed. The list of OS images will be updated over
- time as support is updated.","metadata":{"category":"Monitoring"},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log
- Analytics workspace","description":"Select Log Analytics workspace from dropdown
- list. If this workspace is outside of the scope of the assignment you must
- manually grant ''Log Analytics Contributor'' permissions (or similar) to the
- policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional:
- List of VM images that have supported Windows OS to add to scope","description":"Example
- values: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"MicrosoftMonitoringAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"MicrosoftMonitoringAgent","vmExtensionTypeHandlerVersion":"1.0"},"resources":[{"name":"[concat(parameters(''vmName''),
- ''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
- ''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
- ''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c","type":"Microsoft.Authorization/policyDefinitions","name":"0868462e-646c-4fe3-9ced-a733534b6a2c"}'
+ string: '{"properties":{"displayName":"[Deprecated]: Audit SQL DB Level Audit
+ Setting","policyType":"BuiltIn","mode":"All","description":"Audit DB level
+ audit setting for SQL databases","metadata":{"category":"SQL","deprecated":true},"parameters":{"setting":{"type":"String","metadata":{"displayName":"Audit
+ Setting"},"allowedValues":["enabled","disabled"]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Sql/servers/databases/auditingSettings","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/auditingSettings.state","equals":"[parameters(''setting'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a12"}'
headers:
cache-control:
- no-cache
content-length:
- - '5940'
+ - '916'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:46:56 GMT
+ - Fri, 06 Dec 2019 22:02:54 GMT
expires:
- '-1'
pragma:
@@ -4210,16 +7405,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''08b17839-76c6-4015-90e0-33d9d54d219c'' could not be found."}}'
+ ''06a78e20-9358-41c9-923c-fb736d382a4d'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -4228,7 +7423,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:46:57 GMT
+ - Fri, 06 Dec 2019 22:02:55 GMT
expires:
- '-1'
pragma:
@@ -4254,29 +7449,25 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Deprecated]: Audit Web Applications
- that are not using latest supported PHP Framework","policyType":"BuiltIn","mode":"All","description":"Use
- the latest supported PHP version for the latest security classes. Using older
- classes and types can make your application vulnerable.","metadata":{"category":"Security
- Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c","type":"Microsoft.Authorization/policyDefinitions","name":"08b17839-76c6-4015-90e0-33d9d54d219c"}'
+ string: '{"properties":{"displayName":"Audit VMs that do not use managed disks","policyType":"BuiltIn","mode":"All","description":"This
+ policy audits VMs that do not use managed disks","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/virtualMachines/osDisk.uri","exists":"True"}]},{"allOf":[{"field":"type","equals":"Microsoft.Compute/VirtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers","exists":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl","exists":"True"}]}]}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a4d"}'
headers:
cache-control:
- no-cache
content-length:
- - '1284'
+ - '897'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:46:57 GMT
+ - Fri, 06 Dec 2019 22:02:55 GMT
expires:
- '-1'
pragma:
@@ -4306,16 +7497,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''08e6af2d-db70-460a-bfe9-d5bd474ba9d6'' could not be found."}}'
+ ''0820b7b9-23aa-4725-a1ce-ae4558f718e5'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -4324,7 +7515,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:46:56 GMT
+ - Fri, 06 Dec 2019 22:02:56 GMT
expires:
- '-1'
pragma:
@@ -4350,29 +7541,29 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Network Security Group Rules for Internet
- facing virtual machines should be hardened","policyType":"BuiltIn","mode":"Indexed","description":"Azure
- Security Center analyzes the traffic patterns of Internet facing virtual machines
- and provides Network Security Group rule recommendations that reduce the potential
- attack surface","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"adaptiveNetworkHardenings","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","type":"Microsoft.Authorization/policyDefinitions","name":"08e6af2d-db70-460a-bfe9-d5bd474ba9d6"}'
+ string: '{"properties":{"displayName":"CORS should not allow every resource
+ to access your Function Apps","policyType":"BuiltIn","mode":"Indexed","description":"Cross-Origin
+ Resource Sharing (CORS) should not allow all domains to access your Function
+ app. Allow only required domains to interact with your Function app.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5","type":"Microsoft.Authorization/policyDefinitions","name":"0820b7b9-23aa-4725-a1ce-ae4558f718e5"}'
headers:
cache-control:
- no-cache
content-length:
- - '1151'
+ - '1080'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:46:56 GMT
+ - Fri, 06 Dec 2019 22:02:57 GMT
expires:
- '-1'
pragma:
@@ -4402,16 +7593,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''09024ccc-0c5f-475e-9457-b7c0d9ed487b'' could not be found."}}'
+ ''0868462e-646c-4fe3-9ced-a733534b6a2c'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -4420,7 +7611,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:46:57 GMT
+ - Fri, 06 Dec 2019 22:02:58 GMT
expires:
- '-1'
pragma:
@@ -4446,28 +7637,38 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"There should be more than one owner assigned
- to your subscription","policyType":"BuiltIn","mode":"All","description":"It
- is recommended to designate more than one subscription owner in order to have
- administrator access redundancy.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateMoreThanOneOwner","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","type":"Microsoft.Authorization/policyDefinitions","name":"09024ccc-0c5f-475e-9457-b7c0d9ed487b"}'
+ string: '{"properties":{"displayName":"[Preview]: Deploy Log Analytics Agent
+ for Windows VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
+ Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined
+ and the agent is not installed. The list of OS images will be updated over
+ time as support is updated.","metadata":{"category":"Monitoring"},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional:
+ List of VM images that have supported Windows OS to add to scope","description":"Example
+ values: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"MicrosoftMonitoringAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"MicrosoftMonitoringAgent","vmExtensionTypeHandlerVersion":"1.0"},"resources":[{"name":"[concat(parameters(''vmName''),
+ ''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
+ ''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
+ ''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c","type":"Microsoft.Authorization/policyDefinitions","name":"0868462e-646c-4fe3-9ced-a733534b6a2c"}'
headers:
cache-control:
- no-cache
content-length:
- - '1056'
+ - '5940'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:46:57 GMT
+ - Fri, 06 Dec 2019 22:02:58 GMT
expires:
- '-1'
pragma:
@@ -4497,16 +7698,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''0961003e-5a0a-4549-abde-af6a37f2724d'' could not be found."}}'
+ ''08b17839-76c6-4015-90e0-33d9d54d219c'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -4515,7 +7716,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:46:57 GMT
+ - Fri, 06 Dec 2019 22:02:59 GMT
expires:
- '-1'
pragma:
@@ -4541,28 +7742,29 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Disk encryption should be applied on
- virtual machines","policyType":"BuiltIn","mode":"All","description":"VMs without
- an enabled disk encryption will be monitored by Azure Security Center as recommendations","metadata":{"category":"Security
- Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","type":"Microsoft.Authorization/policyDefinitions","name":"0961003e-5a0a-4549-abde-af6a37f2724d"}'
+ string: '{"properties":{"displayName":"[Deprecated]: Audit Web Applications
+ that are not using latest supported PHP Framework","policyType":"BuiltIn","mode":"All","description":"Use
+ the latest supported PHP version for the latest security classes. Using older
+ classes and types can make your application vulnerable.","metadata":{"category":"Security
+ Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c","type":"Microsoft.Authorization/policyDefinitions","name":"08b17839-76c6-4015-90e0-33d9d54d219c"}'
headers:
cache-control:
- no-cache
content-length:
- - '1016'
+ - '1284'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:46:57 GMT
+ - Fri, 06 Dec 2019 22:02:59 GMT
expires:
- '-1'
pragma:
@@ -4592,16 +7794,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''0a914e76-4921-4c19-b460-a2d36003525a'' could not be found."}}'
+ ''08ba64b8-738f-4918-9686-730d2ed79c7d'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -4610,7 +7812,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:46:58 GMT
+ - Fri, 06 Dec 2019 22:03:01 GMT
expires:
- '-1'
pragma:
@@ -4636,26 +7838,39 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Audit resource location matches resource
- group location","policyType":"BuiltIn","mode":"Indexed","description":"Audit
- that the resource location matches its resource group location","metadata":{"category":"General"},"policyRule":{"if":{"field":"location","notIn":["[resourcegroup().location]","global"]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a","type":"Microsoft.Authorization/policyDefinitions","name":"0a914e76-4921-4c19-b460-a2d36003525a"}'
+ string: '{"properties":{"displayName":"Deploy Diagnostic Settings for Search
+ Services to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Search Services to stream to a regional Log Analytics
+ workspace when any Search Services which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Search/searchServices/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d","type":"Microsoft.Authorization/policyDefinitions","name":"08ba64b8-738f-4918-9686-730d2ed79c7d"}'
headers:
cache-control:
- no-cache
content-length:
- - '556'
+ - '3731'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:46:58 GMT
+ - Fri, 06 Dec 2019 22:03:01 GMT
expires:
- '-1'
pragma:
@@ -4685,16 +7900,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''0a9991e6-21be-49f9-8916-a06d934bcf29'' could not be found."}}'
+ ''08e6af2d-db70-460a-bfe9-d5bd474ba9d6'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -4703,7 +7918,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:46:58 GMT
+ - Fri, 06 Dec 2019 22:03:02 GMT
expires:
- '-1'
pragma:
@@ -4729,34 +7944,29 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
- Windows VMs configurations in ''System Audit Policies - Account Management''","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Windows virtual machines
- with non-compliant settings in Group Policy category: ''System Audit Policies
- - Account Management''. It also creates a system-assigned managed identity
- and deploys the VM extension for Guest Configuration. This policy should only
- be used along with its corresponding audit policy in an initiative. For more
- information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesAccountManagement","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesAccountManagement"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29","type":"Microsoft.Authorization/policyDefinitions","name":"0a9991e6-21be-49f9-8916-a06d934bcf29"}'
+ string: '{"properties":{"displayName":"Network Security Group Rules for Internet
+ facing virtual machines should be hardened","policyType":"BuiltIn","mode":"Indexed","description":"Azure
+ Security Center analyzes the traffic patterns of Internet facing virtual machines
+ and provides Network Security Group rule recommendations that reduce the potential
+ attack surface","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"adaptiveNetworkHardenings","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6","type":"Microsoft.Authorization/policyDefinitions","name":"08e6af2d-db70-460a-bfe9-d5bd474ba9d6"}'
headers:
cache-control:
- no-cache
content-length:
- - '4414'
+ - '1151'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:46:58 GMT
+ - Fri, 06 Dec 2019 22:03:03 GMT
expires:
- '-1'
pragma:
@@ -4786,16 +7996,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''0b15565f-aa9e-48ba-8619-45960f2c314d'' could not be found."}}'
+ ''09024ccc-0c5f-475e-9457-b7c0d9ed487b'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -4804,7 +8014,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:46:59 GMT
+ - Fri, 06 Dec 2019 22:03:04 GMT
expires:
- '-1'
pragma:
@@ -4830,30 +8040,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Email notification to subscription owner
- for high severity alerts should be enabled","policyType":"BuiltIn","mode":"All","description":"Enable
- emailing security alerts to the subscription owner, in order to have them
- receive security alert emails from Microsoft. This ensures that they are aware
- of any potential security issues and can mitigate the risk in a timely fashion","metadata":{"category":"Security
- Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertsToAdmins","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","type":"Microsoft.Authorization/policyDefinitions","name":"0b15565f-aa9e-48ba-8619-45960f2c314d"}'
+ string: '{"properties":{"displayName":"There should be more than one owner assigned
+ to your subscription","policyType":"BuiltIn","mode":"All","description":"It
+ is recommended to designate more than one subscription owner in order to have
+ administrator access redundancy.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateMoreThanOneOwner","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","type":"Microsoft.Authorization/policyDefinitions","name":"09024ccc-0c5f-475e-9457-b7c0d9ed487b"}'
headers:
cache-control:
- no-cache
content-length:
- - '1149'
+ - '1056'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:00 GMT
+ - Fri, 06 Dec 2019 22:03:05 GMT
expires:
- '-1'
pragma:
@@ -4883,16 +8091,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''0b60c0b2-2dc2-4e1c-b5c9-abbed971de53'' could not be found."}}'
+ ''0961003e-5a0a-4549-abde-af6a37f2724d'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -4901,7 +8109,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:46:59 GMT
+ - Fri, 06 Dec 2019 22:03:05 GMT
expires:
- '-1'
pragma:
@@ -4927,32 +8135,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Key Vault objects should be recoverable","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy audits if key vault objects are not recoverable. Soft Delete feature
- helps to effectively hold the resources for a given retention period (90 days)
- even after a DELETE operation, while giving the appearance that the object
- is deleted. When ''Purge protection'' is on, a vault or an object in deleted
- state cannot be purged until the retention period of 90 days has passed. These
- vaults and objects can still be recovered, assuring customers that the retention
- policy will be followed.","metadata":{"category":"Key Vault"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"anyOf":[{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","equals":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","type":"Microsoft.Authorization/policyDefinitions","name":"0b60c0b2-2dc2-4e1c-b5c9-abbed971de53"}'
+ string: '{"properties":{"displayName":"Disk encryption should be applied on
+ virtual machines","policyType":"BuiltIn","mode":"All","description":"VMs without
+ an enabled disk encryption will be monitored by Azure Security Center as recommendations","metadata":{"category":"Security
+ Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","type":"Microsoft.Authorization/policyDefinitions","name":"0961003e-5a0a-4549-abde-af6a37f2724d"}'
headers:
cache-control:
- no-cache
content-length:
- - '1492'
+ - '1016'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:46:59 GMT
+ - Fri, 06 Dec 2019 22:03:06 GMT
expires:
- '-1'
pragma:
@@ -4982,16 +8186,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/09ce66bc-1220-4153-8104-e3f51c936913?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''0d134df8-db83-46fb-ad72-fe0c9428c8dd'' could not be found."}}'
+ ''09ce66bc-1220-4153-8104-e3f51c936913'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -5000,7 +8204,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:00 GMT
+ - Fri, 06 Dec 2019 22:03:07 GMT
expires:
- '-1'
pragma:
@@ -5026,29 +8230,48 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/09ce66bc-1220-4153-8104-e3f51c936913?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"SQL server TDE protector should be encrypted
- with your own key","policyType":"BuiltIn","mode":"Indexed","description":"Transparent
- Data Encryption (TDE) with your own key support provides increased transparency
- and control over the TDE Protector, increased security with an HSM-backed
- external service, and promotion of separation of duties.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/encryptionProtector","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/servers/encryptionProtector/serverKeyType","equals":"AzureKeyVault"},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","notEquals":""},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","type":"Microsoft.Authorization/policyDefinitions","name":"0d134df8-db83-46fb-ad72-fe0c9428c8dd"}'
+ string: '{"properties":{"displayName":"Configure backup on VMs of a location
+ to an existing central Vault in the same location","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy configures Azure Backup protection on VMs in a given location to an
+ existing central vault in the same location. It applies to only those VMs
+ that are not already configured for backup. It is recommended that this policy
+ is assigned to not more than 200 VMs. If the policy is assigned for more than
+ 200 VMs, it can result in the backup getting triggered a few hours beyond
+ the defined schedule. This policy will be enhanced to support more VM images.","metadata":{"category":"Backup"},"parameters":{"vaultLocation":{"type":"String","metadata":{"displayName":"Location
+ (Specify the location of the VMs that you want to protect)","description":"Specify
+ the location of the VMs that you want to protect. VMs should be backed up
+ to a vault in the same location.\nFor example - southeastasia","strongType":"location"}},"backupPolicyId":{"type":"String","metadata":{"displayName":"Backup
+ Policy (of type Azure VM from a vault in the location chosen above)","description":"Specify
+ the id of the Azure backup policy to configure backup of the virtual machines.
+ The selected Azure backup policy should be of type Azure virtual machine.
+ This policy needs to be in a vault that is present in the location chosen
+ above.\nFor example - /subscriptions//resourceGroups//providers/Microsoft.RecoveryServices/vaults//backupPolicies/","strongType":"Microsoft.RecoveryServices/vaults/backupPolicies"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["deployIfNotExists","auditIfNotExists","disabled"],"defaultValue":"deployIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"location","equals":"[parameters(''vaultLocation'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c","/providers/microsoft.authorization/roleDefinitions/5e467623-bb1f-42f4-a55d-6e525e11384b"],"type":"Microsoft.RecoveryServices/backupprotecteditems","deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"backupPolicyId":{"type":"String"},"fabricName":{"type":"String"},"protectionContainers":{"type":"String"},"protectedItems":{"type":"String"},"sourceResourceId":{"type":"String"}},"resources":[{"apiVersion":"2017-05-10","name":"[concat(''DeployProtection-'',uniqueString(parameters(''protectedItems'')))]","type":"Microsoft.Resources/deployments","resourceGroup":"[first(skip(split(parameters(''backupPolicyId''),
+ ''/''), 4))]","subscriptionId":"[first(skip(split(parameters(''backupPolicyId''),
+ ''/''), 2))]","properties":{"mode":"Incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"backupPolicyId":{"type":"String"},"fabricName":{"type":"String"},"protectionContainers":{"type":"String"},"protectedItems":{"type":"String"},"sourceResourceId":{"type":"String"}},"resources":[{"type":"Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems","name":"[concat(first(skip(split(parameters(''backupPolicyId''),
+ ''/''), 8)), ''/'', parameters(''fabricName''), ''/'',parameters(''protectionContainers''),
+ ''/'', parameters(''protectedItems''))]","apiVersion":"2016-06-01","properties":{"protectedItemType":"Microsoft.Compute/virtualMachines","policyId":"[parameters(''backupPolicyId'')]","sourceResourceId":"[parameters(''sourceResourceId'')]"}}]},"parameters":{"backupPolicyId":{"value":"[parameters(''backupPolicyId'')]"},"fabricName":{"value":"[parameters(''fabricName'')]"},"protectionContainers":{"value":"[parameters(''protectionContainers'')]"},"protectedItems":{"value":"[parameters(''protectedItems'')]"},"sourceResourceId":{"value":"[parameters(''sourceResourceId'')]"}}}}]},"parameters":{"backupPolicyId":{"value":"[parameters(''backupPolicyId'')]"},"fabricName":{"value":"Azure"},"protectionContainers":{"value":"[concat(''iaasvmcontainer;iaasvmcontainerv2;'',
+ resourceGroup().name, '';'' ,field(''name''))]"},"protectedItems":{"value":"[concat(''vm;iaasvmcontainerv2;'',
+ resourceGroup().name, '';'' ,field(''name''))]"},"sourceResourceId":{"value":"[concat(''/subscriptions/'',
+ subscription().subscriptionId, ''/resourceGroups/'', resourceGroup().name,
+ ''/providers/Microsoft.Compute/virtualMachines/'',field(''name''))]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09ce66bc-1220-4153-8104-e3f51c936913","type":"Microsoft.Authorization/policyDefinitions","name":"09ce66bc-1220-4153-8104-e3f51c936913"}'
headers:
cache-control:
- no-cache
content-length:
- - '1286'
+ - '9089'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:00 GMT
+ - Fri, 06 Dec 2019 22:03:07 GMT
expires:
- '-1'
pragma:
@@ -5078,16 +8301,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''0d9b45ff-9ddd-43fc-bf59-fbd1c8423053'' could not be found."}}'
+ ''0a914e76-4921-4c19-b460-a2d36003525a'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -5096,7 +8319,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:01 GMT
+ - Fri, 06 Dec 2019 22:03:08 GMT
expires:
- '-1'
pragma:
@@ -5122,30 +8345,26 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
- VMs on which Windows Defender Exploit Guard is not enabled","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines on which Windows Defender Exploit Guard
- is not enabled. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDefenderExploitGuard","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053","type":"Microsoft.Authorization/policyDefinitions","name":"0d9b45ff-9ddd-43fc-bf59-fbd1c8423053"}'
+ string: '{"properties":{"displayName":"Audit resource location matches resource
+ group location","policyType":"BuiltIn","mode":"Indexed","description":"Audit
+ that the resource location matches its resource group location","metadata":{"category":"General"},"policyRule":{"if":{"field":"location","notIn":["[resourcegroup().location]","global"]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a","type":"Microsoft.Authorization/policyDefinitions","name":"0a914e76-4921-4c19-b460-a2d36003525a"}'
headers:
cache-control:
- no-cache
content-length:
- - '2765'
+ - '556'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:01 GMT
+ - Fri, 06 Dec 2019 22:03:09 GMT
expires:
- '-1'
pragma:
@@ -5175,16 +8394,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/0e246bcf-5f6f-4f87-bc6f-775d4712c7ea?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''0e246bcf-5f6f-4f87-bc6f-775d4712c7ea'' could not be found."}}'
+ ''0a9991e6-21be-49f9-8916-a06d934bcf29'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -5193,7 +8412,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:01 GMT
+ - Fri, 06 Dec 2019 22:03:10 GMT
expires:
- '-1'
pragma:
@@ -5219,30 +8438,34 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/0e246bcf-5f6f-4f87-bc6f-775d4712c7ea?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Authorized IP ranges should
- be defined on Kubernetes Services","policyType":"BuiltIn","mode":"All","description":"Restrict
- access to the Kubernetes Service Management API by granting API access only
- to IP addresses in specific ranges. It is recommended to limit access to authorized
- IP ranges to ensure that only applications from allowed networks can access
- the cluster.","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"field":"Microsoft.ContainerService/managedClusters/apiServerAuthorizedIPRanges","exists":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0e246bcf-5f6f-4f87-bc6f-775d4712c7ea","type":"Microsoft.Authorization/policyDefinitions","name":"0e246bcf-5f6f-4f87-bc6f-775d4712c7ea"}'
+ string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
+ Windows VMs configurations in ''System Audit Policies - Account Management''","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Windows virtual machines
+ with non-compliant settings in Group Policy category: ''System Audit Policies
+ - Account Management''. It also creates a system-assigned managed identity
+ and deploys the VM extension for Guest Configuration. This policy should only
+ be used along with its corresponding audit policy in an initiative. For more
+ information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesAccountManagement","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesAccountManagement"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29","type":"Microsoft.Authorization/policyDefinitions","name":"0a9991e6-21be-49f9-8916-a06d934bcf29"}'
headers:
cache-control:
- no-cache
content-length:
- - '1112'
+ - '4414'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:01 GMT
+ - Fri, 06 Dec 2019 22:03:10 GMT
expires:
- '-1'
pragma:
@@ -5272,16 +8495,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''0e60b895-3786-45da-8377-9c6b4b6ac5f9'' could not be found."}}'
+ ''0b15565f-aa9e-48ba-8619-45960f2c314d'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -5290,7 +8513,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:02 GMT
+ - Fri, 06 Dec 2019 22:03:12 GMT
expires:
- '-1'
pragma:
@@ -5316,28 +8539,30 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Remote debugging should be turned off
- for Function Apps","policyType":"BuiltIn","mode":"Indexed","description":"Remote
- debugging requires inbound ports to be opened on an function app. Remote debugging
- should be turned off.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","type":"Microsoft.Authorization/policyDefinitions","name":"0e60b895-3786-45da-8377-9c6b4b6ac5f9"}'
+ string: '{"properties":{"displayName":"Email notification to subscription owner
+ for high severity alerts should be enabled","policyType":"BuiltIn","mode":"All","description":"Enable
+ emailing security alerts to the subscription owner, in order to have them
+ receive security alert emails from Microsoft. This ensures that they are aware
+ of any potential security issues and can mitigate the risk in a timely fashion","metadata":{"category":"Security
+ Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertsToAdmins","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d","type":"Microsoft.Authorization/policyDefinitions","name":"0b15565f-aa9e-48ba-8619-45960f2c314d"}'
headers:
cache-control:
- no-cache
content-length:
- - '1024'
+ - '1149'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:02 GMT
+ - Fri, 06 Dec 2019 22:03:12 GMT
expires:
- '-1'
pragma:
@@ -5367,16 +8592,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/106ccbe4-a791-4f33-a44a-06796944b8d5?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''106ccbe4-a791-4f33-a44a-06796944b8d5'' could not be found."}}'
+ ''0b60c0b2-2dc2-4e1c-b5c9-abbed971de53'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -5385,7 +8610,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:02 GMT
+ - Fri, 06 Dec 2019 22:03:13 GMT
expires:
- '-1'
pragma:
@@ -5411,44 +8636,32 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/106ccbe4-a791-4f33-a44a-06796944b8d5?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy prerequisites to audit
- Windows VMs that do not contain the specified certificates in Trusted Root","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Windows VMs that
- do not contain the specified certificates in the Trusted Root Certification
- Authorities certificate store (Cert:\\LocalMachine\\Root). It also creates
- a system-assigned managed identity and deploys the VM extension for Guest
- Configuration. This policy should only be used along with its corresponding
- audit policy in an initiative. For more information on Guest Configuration
- policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"CertificateThumbprints":{"type":"String","metadata":{"displayName":"Certificate
- thumbprints","description":"A semicolon-separated list of certificate thumbprints
- that should exist under the Trusted Root certificate store (Cert:\\LocalMachine\\Root).
- e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsCertificateInTrustedRoot","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude'',
- ''='', parameters(''CertificateThumbprints'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsCertificateInTrustedRoot"},"CertificateThumbprints":{"value":"[parameters(''CertificateThumbprints'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"CertificateThumbprints":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprints'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprints'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/106ccbe4-a791-4f33-a44a-06796944b8d5","type":"Microsoft.Authorization/policyDefinitions","name":"106ccbe4-a791-4f33-a44a-06796944b8d5"}'
+ string: '{"properties":{"displayName":"Key Vault objects should be recoverable","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits if key vault objects are not recoverable. Soft Delete feature
+ helps to effectively hold the resources for a given retention period (90 days)
+ even after a DELETE operation, while giving the appearance that the object
+ is deleted. When ''Purge protection'' is on, a vault or an object in deleted
+ state cannot be purged until the retention period of 90 days has passed. These
+ vaults and objects can still be recovered, assuring customers that the retention
+ policy will be followed.","metadata":{"category":"Key Vault"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"anyOf":[{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","exists":"false"},{"field":"Microsoft.KeyVault/vaults/enableSoftDelete","equals":"false"},{"field":"Microsoft.KeyVault/vaults/enablePurgeProtection","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53","type":"Microsoft.Authorization/policyDefinitions","name":"0b60c0b2-2dc2-4e1c-b5c9-abbed971de53"}'
headers:
cache-control:
- no-cache
content-length:
- - '6272'
+ - '1492'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:02 GMT
+ - Fri, 06 Dec 2019 22:03:13 GMT
expires:
- '-1'
pragma:
@@ -5478,16 +8691,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''11ac78e3-31bc-4f0c-8434-37ab963cea07'' could not be found."}}'
+ ''0c192fe8-9cbb-4516-85b3-0ade8bd03886'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -5496,7 +8709,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:03 GMT
+ - Fri, 06 Dec 2019 22:03:15 GMT
expires:
- '-1'
pragma:
@@ -5522,32 +8735,29 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Audit Dependency Agent Deployment
- - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports
- VMs as non-compliant if the VM Image (OS) is not in the list defined and the
- agent is not installed. The list of OS images will be updated over time as
- support is updated.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude_windows":{"type":"Array","metadata":{"displayName":"Optional:
- List of VM images that have supported Windows OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
- List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","type":"Microsoft.Authorization/policyDefinitions","name":"11ac78e3-31bc-4f0c-8434-37ab963cea07"}'
+ string: '{"properties":{"displayName":"Ensure API app has ''Client Certificates
+ (Incoming client certificates)'' set to ''On''","policyType":"BuiltIn","mode":"Indexed","description":"Client
+ certificates allow for the app to request a certificate for incoming requests.
+ Only clients that have a valid certificate will be able to reach the app.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"},{"field":"Microsoft.Web/sites/clientCertEnabled","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886","type":"Microsoft.Authorization/policyDefinitions","name":"0c192fe8-9cbb-4516-85b3-0ade8bd03886"}'
headers:
cache-control:
- no-cache
content-length:
- - '5737'
+ - '985'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:03 GMT
+ - Fri, 06 Dec 2019 22:03:15 GMT
expires:
- '-1'
pragma:
@@ -5577,16 +8787,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/12ae2d24-3805-4b37-9fa9-465968bfbcfa?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''12ae2d24-3805-4b37-9fa9-465968bfbcfa'' could not be found."}}'
+ ''0d134df8-db83-46fb-ad72-fe0c9428c8dd'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -5595,7 +8805,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:03 GMT
+ - Fri, 06 Dec 2019 22:03:16 GMT
expires:
- '-1'
pragma:
@@ -5621,34 +8831,29 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/12ae2d24-3805-4b37-9fa9-465968bfbcfa?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
- Windows VMs configurations in ''Security Options - System objects''","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Windows virtual machines
- with non-compliant settings in Group Policy category: ''Security Options -
- System objects''. It also creates a system-assigned managed identity and deploys
- the VM extension for Guest Configuration. This policy should only be used
- along with its corresponding audit policy in an initiative. For more information
- on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsSystemobjects","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsSystemobjects"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12ae2d24-3805-4b37-9fa9-465968bfbcfa","type":"Microsoft.Authorization/policyDefinitions","name":"12ae2d24-3805-4b37-9fa9-465968bfbcfa"}'
+ string: '{"properties":{"displayName":"SQL server TDE protector should be encrypted
+ with your own key","policyType":"BuiltIn","mode":"Indexed","description":"Transparent
+ Data Encryption (TDE) with your own key support provides increased transparency
+ and control over the TDE Protector, increased security with an HSM-backed
+ external service, and promotion of separation of duties.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/encryptionProtector","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/servers/encryptionProtector/serverKeyType","equals":"AzureKeyVault"},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","notEquals":""},{"field":"Microsoft.Sql/servers/encryptionProtector/uri","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd","type":"Microsoft.Authorization/policyDefinitions","name":"0d134df8-db83-46fb-ad72-fe0c9428c8dd"}'
headers:
cache-control:
- no-cache
content-length:
- - '4380'
+ - '1286'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:03 GMT
+ - Fri, 06 Dec 2019 22:03:16 GMT
expires:
- '-1'
pragma:
@@ -5678,16 +8883,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''12f7e5d0-42a7-4630-80d8-54fb7cff9bd6'' could not be found."}}'
+ ''0d9b45ff-9ddd-43fc-bf59-fbd1c8423053'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -5696,7 +8901,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:04 GMT
+ - Fri, 06 Dec 2019 22:03:17 GMT
expires:
- '-1'
pragma:
@@ -5722,43 +8927,30 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Deploy prerequisites to audit Windows
- VMs that do not have the specified applications installed","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Windows virtual machines
- that do not have the specified applications installed. It also creates a system-assigned
- managed identity and deploys the VM extension for Guest Configuration. This
- policy should only be used along with its corresponding audit policy in an
- initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"installedApplication":{"type":"String","metadata":{"displayName":"Application
- names (supports wildcards)","description":"A semicolon-separated list of the
- names of the applications that should be installed. e.g. ''Microsoft SQL Server
- 2014 (64-bit); Microsoft Visual Studio Code'' or ''Microsoft SQL Server 2014*''
- (to match any application starting with ''Microsoft SQL Server 2014'')"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WhitelistedApplication","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[InstalledApplication]bwhitelistedapp;Name'',
- ''='', parameters(''installedApplication'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WhitelistedApplication"},"installedApplication":{"value":"[parameters(''installedApplication'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"installedApplication":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]bwhitelistedapp;Name","value":"[parameters(''installedApplication'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]bwhitelistedapp;Name","value":"[parameters(''installedApplication'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6","type":"Microsoft.Authorization/policyDefinitions","name":"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6"}'
+ string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
+ VMs on which Windows Defender Exploit Guard is not enabled","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Windows virtual machines on which Windows Defender Exploit Guard
+ is not enabled. For more information on Guest Configuration policies, please
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDefenderExploitGuard","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053","type":"Microsoft.Authorization/policyDefinitions","name":"0d9b45ff-9ddd-43fc-bf59-fbd1c8423053"}'
headers:
cache-control:
- no-cache
content-length:
- - '6164'
+ - '2765'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:04 GMT
+ - Fri, 06 Dec 2019 22:03:18 GMT
expires:
- '-1'
pragma:
@@ -5788,16 +8980,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''144f1397-32f9-4598-8c88-118decc3ccba'' could not be found."}}'
+ ''0da106f2-4ca3-48e8-bc85-c638fe6aea8f'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -5806,7 +8998,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:05 GMT
+ - Fri, 06 Dec 2019 22:03:19 GMT
expires:
- '-1'
pragma:
@@ -5832,43 +9024,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Deploy prerequisites to audit Windows
- VMs in which the Administrators group contains any of the specified members","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Windows virtual machines
- in which the Administrators group contains any of the specified members. It
- also creates a system-assigned managed identity and deploys the VM extension
- for Guest Configuration. This policy should only be used along with its corresponding
- audit policy in an initiative. For more information on Guest Configuration
- policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"MembersToExclude":{"type":"String","metadata":{"displayName":"Members
- to exclude","description":"A semicolon-separated list of members that should
- be excluded in the Administrators local group. Ex: Administrator; myUser1;
- myUser2"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AdministratorsGroupMembersToExclude","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[LocalGroup]AdministratorsGroup;MembersToExclude'',
- ''='', parameters(''MembersToExclude'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AdministratorsGroupMembersToExclude"},"MembersToExclude":{"value":"[parameters(''MembersToExclude'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"MembersToExclude":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToExclude","value":"[parameters(''MembersToExclude'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToExclude","value":"[parameters(''MembersToExclude'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","type":"Microsoft.Authorization/policyDefinitions","name":"144f1397-32f9-4598-8c88-118decc3ccba"}'
+ string: '{"properties":{"displayName":"Managed identity should be used in your
+ Function App","policyType":"BuiltIn","mode":"Indexed","description":"Use a
+ managed identity for enhanced authentication security","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f","type":"Microsoft.Authorization/policyDefinitions","name":"0da106f2-4ca3-48e8-bc85-c638fe6aea8f"}'
headers:
cache-control:
- no-cache
content-length:
- - '6070'
+ - '979'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:05 GMT
+ - Fri, 06 Dec 2019 22:03:20 GMT
expires:
- '-1'
pragma:
@@ -5898,16 +9075,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/0e246bcf-5f6f-4f87-bc6f-775d4712c7ea?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''16390df4-2f73-4b42-af13-c801066763df'' could not be found."}}'
+ ''0e246bcf-5f6f-4f87-bc6f-775d4712c7ea'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -5916,7 +9093,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:05 GMT
+ - Fri, 06 Dec 2019 22:03:21 GMT
expires:
- '-1'
pragma:
@@ -5942,38 +9119,30 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/0e246bcf-5f6f-4f87-bc6f-775d4712c7ea?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy prerequisites to audit
- Windows VMs that do not have a minimum password age of 1 day","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Windows virtual machines
- that do not have a minimum password age of 1 day. It also creates a system-assigned
- managed identity and deploys the VM extension for Guest Configuration. This
- policy should only be used along with its corresponding audit policy in an
- initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","type":"Microsoft.Authorization/policyDefinitions","name":"16390df4-2f73-4b42-af13-c801066763df"}'
+ string: '{"properties":{"displayName":"[Preview]: Authorized IP ranges should
+ be defined on Kubernetes Services","policyType":"BuiltIn","mode":"All","description":"Restrict
+ access to the Kubernetes Service Management API by granting API access only
+ to IP addresses in specific ranges. It is recommended to limit access to authorized
+ IP ranges to ensure that only applications from allowed networks can access
+ the cluster.","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"field":"Microsoft.ContainerService/managedClusters/apiServerAuthorizedIPRanges","exists":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0e246bcf-5f6f-4f87-bc6f-775d4712c7ea","type":"Microsoft.Authorization/policyDefinitions","name":"0e246bcf-5f6f-4f87-bc6f-775d4712c7ea"}'
headers:
cache-control:
- no-cache
content-length:
- - '5168'
+ - '1112'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:05 GMT
+ - Fri, 06 Dec 2019 22:03:21 GMT
expires:
- '-1'
pragma:
@@ -6003,16 +9172,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/16f9b37c-4408-4c30-bc17-254958f2e2d6?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''16f9b37c-4408-4c30-bc17-254958f2e2d6'' could not be found."}}'
+ ''0e60b895-3786-45da-8377-9c6b4b6ac5f9'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -6021,7 +9190,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:05 GMT
+ - Fri, 06 Dec 2019 22:03:22 GMT
expires:
- '-1'
pragma:
@@ -6047,30 +9216,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/16f9b37c-4408-4c30-bc17-254958f2e2d6?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Show audit results from Windows VMs that
- do not have the specified Windows PowerShell modules installed","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines that do not have the specified Windows PowerShell
- modules installed. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellModules","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16f9b37c-4408-4c30-bc17-254958f2e2d6","type":"Microsoft.Authorization/policyDefinitions","name":"16f9b37c-4408-4c30-bc17-254958f2e2d6"}'
+ string: '{"properties":{"displayName":"Remote debugging should be turned off
+ for Function Apps","policyType":"BuiltIn","mode":"Indexed","description":"Remote
+ debugging requires inbound ports to be opened on an function app. Remote debugging
+ should be turned off.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9","type":"Microsoft.Authorization/policyDefinitions","name":"0e60b895-3786-45da-8377-9c6b4b6ac5f9"}'
headers:
cache-control:
- no-cache
content-length:
- - '2777'
+ - '1024'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:05 GMT
+ - Fri, 06 Dec 2019 22:03:23 GMT
expires:
- '-1'
pragma:
@@ -6100,16 +9267,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''17k78e20-9358-41c9-923c-fb736d382a12'' could not be found."}}'
+ ''0ec47710-77ff-4a3d-9181-6aa50af424d0'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -6118,7 +9285,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:06 GMT
+ - Fri, 06 Dec 2019 22:03:24 GMT
expires:
- '-1'
pragma:
@@ -6144,27 +9311,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Transparent Data Encryption on SQL databases
- should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
- transparent data encryption status for SQL databases","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"enabled"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"17k78e20-9358-41c9-923c-fb736d382a12"}'
+ string: '{"properties":{"displayName":"Geo-redundant backup should be enabled
+ for Azure Database for MariaDB","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure Database for MariaDB with geo-redundant backup not
+ enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMariaDB/servers"},{"field":"Microsoft.DBforMariaDB/servers/storageProfile.geoRedundantBackup","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0","type":"Microsoft.Authorization/policyDefinitions","name":"0ec47710-77ff-4a3d-9181-6aa50af424d0"}'
headers:
cache-control:
- no-cache
content-length:
- - '1036'
+ - '904'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:06 GMT
+ - Fri, 06 Dec 2019 22:03:24 GMT
expires:
- '-1'
pragma:
@@ -6194,16 +9362,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/0ecd903d-91e7-4726-83d3-a229d7f2e293?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''1a4e592a-6a6e-44a5-9814-e36264ca96e7'' could not be found."}}'
+ ''0ecd903d-91e7-4726-83d3-a229d7f2e293'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -6212,7 +9380,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:07 GMT
+ - Fri, 06 Dec 2019 22:03:26 GMT
expires:
- '-1'
pragma:
@@ -6238,28 +9406,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/0ecd903d-91e7-4726-83d3-a229d7f2e293?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Azure Monitor log profile should collect
- logs for categories ''write,'' ''delete,'' and ''action''","policyType":"BuiltIn","mode":"All","description":"This
- policy ensures that a log profile collects logs for categories ''write,''
- ''delete,'' and ''action''","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logprofiles","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Insights/logProfiles/categories[*]","notEquals":"Write"}},{"not":{"field":"Microsoft.Insights/logProfiles/categories[*]","notEquals":"Delete"}},{"not":{"field":"Microsoft.Insights/logProfiles/categories[*]","notEquals":"Action"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7","type":"Microsoft.Authorization/policyDefinitions","name":"1a4e592a-6a6e-44a5-9814-e36264ca96e7"}'
+ string: '{"properties":{"displayName":"Deploy prerequisites to enable Guest
+ Configuration Policy on Windows VMs.","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a system-assigned managed identity and deploys the VM extension
+ for Guest Configuration on Windows VMs. This is a prerequisites for Guest
+ Configuration Policy and must be assigned to the scope before using any Guest
+ Configuration policy. For more information on Guest Configuration policies,
+ please visit https://aka.ms/gcpol.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.Compute/virtualMachines/extensions","name":"AzurePolicyforWindows","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.GuestConfiguration"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"ConfigurationforWindows"}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"resources":[{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}}}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0ecd903d-91e7-4726-83d3-a229d7f2e293","type":"Microsoft.Authorization/policyDefinitions","name":"0ecd903d-91e7-4726-83d3-a229d7f2e293"}'
headers:
cache-control:
- no-cache
content-length:
- - '1197'
+ - '3779'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:07 GMT
+ - Fri, 06 Dec 2019 22:03:27 GMT
expires:
- '-1'
pragma:
@@ -6289,16 +9460,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/1a833ff1-d297-4a0f-9944-888428f8e0ff?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/106ccbe4-a791-4f33-a44a-06796944b8d5?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''1a833ff1-d297-4a0f-9944-888428f8e0ff'' could not be found."}}'
+ ''106ccbe4-a791-4f33-a44a-06796944b8d5'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -6307,7 +9478,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:07 GMT
+ - Fri, 06 Dec 2019 22:03:28 GMT
expires:
- '-1'
pragma:
@@ -6333,29 +9504,44 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/1a833ff1-d297-4a0f-9944-888428f8e0ff?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/106ccbe4-a791-4f33-a44a-06796944b8d5?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Access to App Services should
- be restricted","policyType":"BuiltIn","mode":"All","description":"Azure security
- center has discovered that the networking configuration of some of your app
- services are overly permissive and allow inbound traffic from ranges that
- are too broad","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Web/sites"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"restrictAccessToAppServices","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1a833ff1-d297-4a0f-9944-888428f8e0ff","type":"Microsoft.Authorization/policyDefinitions","name":"1a833ff1-d297-4a0f-9944-888428f8e0ff"}'
+ string: '{"properties":{"displayName":"[Preview]: Deploy prerequisites to audit
+ Windows VMs that do not contain the specified certificates in Trusted Root","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Windows VMs that
+ do not contain the specified certificates in the Trusted Root Certification
+ Authorities certificate store (Cert:\\LocalMachine\\Root). It also creates
+ a system-assigned managed identity and deploys the VM extension for Guest
+ Configuration. This policy should only be used along with its corresponding
+ audit policy in an initiative. For more information on Guest Configuration
+ policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"CertificateThumbprints":{"type":"String","metadata":{"displayName":"Certificate
+ thumbprints","description":"A semicolon-separated list of certificate thumbprints
+ that should exist under the Trusted Root certificate store (Cert:\\LocalMachine\\Root).
+ e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsCertificateInTrustedRoot","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude'',
+ ''='', parameters(''CertificateThumbprints'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsCertificateInTrustedRoot"},"CertificateThumbprints":{"value":"[parameters(''CertificateThumbprints'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"CertificateThumbprints":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprints'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprints'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/106ccbe4-a791-4f33-a44a-06796944b8d5","type":"Microsoft.Authorization/policyDefinitions","name":"106ccbe4-a791-4f33-a44a-06796944b8d5"}'
headers:
cache-control:
- no-cache
content-length:
- - '1113'
+ - '6344'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:07 GMT
+ - Fri, 06 Dec 2019 22:03:28 GMT
expires:
- '-1'
pragma:
@@ -6385,16 +9571,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/10c1859c-e1a7-4df3-ab97-a487fa8059f6?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''1b7aa243-30e4-4c9e-bca8-d0d3022b634a'' could not be found."}}'
+ ''10c1859c-e1a7-4df3-ab97-a487fa8059f6'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -6403,7 +9589,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:08 GMT
+ - Fri, 06 Dec 2019 22:03:28 GMT
expires:
- '-1'
pragma:
@@ -6429,29 +9615,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/10c1859c-e1a7-4df3-ab97-a487fa8059f6?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Vulnerability assessment should be enabled
- on your SQL managed instances","policyType":"BuiltIn","mode":"Indexed","description":"Audit
- SQL managed instances which do not have recurring vulnerability assessment
- scans enabled. Vulnerability assessment can discover, track, and help you
- remediate potential database vulnerabilities.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/vulnerabilityAssessments/recurringScans.isEnabled","equals":"True"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","type":"Microsoft.Authorization/policyDefinitions","name":"1b7aa243-30e4-4c9e-bca8-d0d3022b634a"}'
+ string: '{"properties":{"displayName":"Ensure that ''.Net Framework'' version
+ is the latest, if used as a part of the Function App","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for .Net Framework software either due to security
+ flaws or to include additional functionality. Using the latest .Net framework
+ version for web apps is recommended in order to to take advantage of security
+ fixes, if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.netFrameworkVersion","in":["v3.0","v4.0"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/10c1859c-e1a7-4df3-ab97-a487fa8059f6","type":"Microsoft.Authorization/policyDefinitions","name":"10c1859c-e1a7-4df3-ab97-a487fa8059f6"}'
headers:
cache-control:
- no-cache
content-length:
- - '1154'
+ - '1274'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:08 GMT
+ - Fri, 06 Dec 2019 22:03:29 GMT
expires:
- '-1'
pragma:
@@ -6481,16 +9669,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''1c210e94-a481-4beb-95fa-1571b434fb04'' could not be found."}}'
+ ''10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -6499,7 +9687,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:09 GMT
+ - Fri, 06 Dec 2019 22:03:30 GMT
expires:
- '-1'
pragma:
@@ -6525,32 +9713,126 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy Dependency Agent for
- Windows VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
- Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined
- and the agent is not installed. The list of OS images will be updated over
- time as support is updated.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional:
+ string: '{"properties":{"displayName":"Custom subscription owner roles should
+ not exist","policyType":"BuiltIn","mode":"All","description":"This policy
+ ensures that no custom subscription owner roles exist.","metadata":{"category":"General"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Authorization/roleDefinitions"},{"field":"Microsoft.Authorization/roleDefinitions/type","equals":"CustomRole"},{"anyOf":[{"not":{"field":"Microsoft.Authorization/roleDefinitions/permissions[*].actions[*]","notEquals":"*"}},{"not":{"field":"Microsoft.Authorization/roleDefinitions/permissions.actions[*]","notEquals":"*"}}]},{"not":{"field":"Microsoft.Authorization/roleDefinitions/assignableScopes[*]","notIn":["[concat(subscription().id,''/'')]","[subscription().id]","/"]}},{"not":{"field":"Microsoft.Authorization/roleDefinitions/assignableScopes[*]","notLike":"/providers/Microsoft.Management/*"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9","type":"Microsoft.Authorization/policyDefinitions","name":"10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1339'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:03:31 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''11ac78e3-31bc-4f0c-8434-37ab963cea07'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:03:32 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"[Preview]: Audit Dependency Agent Deployment
+ - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports
+ VMs as non-compliant if the VM Image (OS) is not in the list defined and the
+ agent is not installed. The list of OS images will be updated over time as
+ support is updated.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude_windows":{"type":"Array","metadata":{"displayName":"Optional:
List of VM images that have supported Windows OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentWindows","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''),
- ''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","type":"Microsoft.Authorization/policyDefinitions","name":"1c210e94-a481-4beb-95fa-1571b434fb04"}'
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
+ List of VM images that have supported Linux OS to add to scope","description":"Example
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","type":"Microsoft.Authorization/policyDefinitions","name":"11ac78e3-31bc-4f0c-8434-37ab963cea07"}'
headers:
cache-control:
- no-cache
content-length:
- - '5233'
+ - '5737'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:09 GMT
+ - Fri, 06 Dec 2019 22:03:32 GMT
expires:
- '-1'
pragma:
@@ -6580,16 +9862,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/12ae2d24-3805-4b37-9fa9-465968bfbcfa?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''1d84d5fb-01f6-4d12-ba4f-4a26081d403d'' could not be found."}}'
+ ''12ae2d24-3805-4b37-9fa9-465968bfbcfa'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -6598,7 +9880,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:08 GMT
+ - Fri, 06 Dec 2019 22:03:33 GMT
expires:
- '-1'
pragma:
@@ -6624,31 +9906,34 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/12ae2d24-3805-4b37-9fa9-465968bfbcfa?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Virtual machines should be migrated to
- new Azure Resource Manager resources","policyType":"BuiltIn","mode":"All","description":"Use
- new Azure Resource Manager for your virtual machines to provide security enhancements
- such as: stronger access control (RBAC), better auditing, ARM-based deployment
- and governance, access to managed identities, access to key vault for secrets,
- Azure AD-based authentication and support for tags and resource groups for
- easier security management","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.classicCompute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","type":"Microsoft.Authorization/policyDefinitions","name":"1d84d5fb-01f6-4d12-ba4f-4a26081d403d"}'
+ string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
+ Windows VMs configurations in ''Security Options - System objects''","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Windows virtual machines
+ with non-compliant settings in Group Policy category: ''Security Options -
+ System objects''. It also creates a system-assigned managed identity and deploys
+ the VM extension for Guest Configuration. This policy should only be used
+ along with its corresponding audit policy in an initiative. For more information
+ on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsSystemobjects","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsSystemobjects"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12ae2d24-3805-4b37-9fa9-465968bfbcfa","type":"Microsoft.Authorization/policyDefinitions","name":"12ae2d24-3805-4b37-9fa9-465968bfbcfa"}'
headers:
cache-control:
- no-cache
content-length:
- - '1109'
+ - '4380'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:08 GMT
+ - Fri, 06 Dec 2019 22:03:34 GMT
expires:
- '-1'
pragma:
@@ -6678,112 +9963,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''1de7b11d-1870-41a5-8181-507e7c663cfb'' could not be found."}}'
- headers:
- cache-control:
- - no-cache
- content-length:
- - '138'
- content-type:
- - application/json; charset=utf-8
- date:
- - Mon, 09 Sep 2019 23:47:09 GMT
- expires:
- - '-1'
- pragma:
- - no-cache
- strict-transport-security:
- - max-age=31536000; includeSubDomains
- x-content-type-options:
- - nosniff
- status:
- code: 404
- message: Not Found
-- request:
- body: null
- headers:
- Accept:
- - application/json
- Accept-Encoding:
- - gzip, deflate
- CommandName:
- - policy definition show
- Connection:
- - keep-alive
- ParameterSetName:
- - -n
- User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
- accept-language:
- - en-US
- method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb?api-version=2019-06-01
- response:
- body:
- string: '{"properties":{"displayName":"[Deprecated]: Audit API Applications
- that are not using latest supported .NET Framework","policyType":"BuiltIn","mode":"All","description":"Use
- the latest supported .NET Framework version for the latest security classes.
- Using older classes and types can make your application vulnerable.","metadata":{"category":"Security
- Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestDotNet","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb","type":"Microsoft.Authorization/policyDefinitions","name":"1de7b11d-1870-41a5-8181-507e7c663cfb"}'
- headers:
- cache-control:
- - no-cache
- content-length:
- - '1213'
- content-type:
- - application/json; charset=utf-8
- date:
- - Mon, 09 Sep 2019 23:47:09 GMT
- expires:
- - '-1'
- pragma:
- - no-cache
- strict-transport-security:
- - max-age=31536000; includeSubDomains
- transfer-encoding:
- - chunked
- vary:
- - Accept-Encoding,Accept-Encoding
- x-content-type-options:
- - nosniff
- status:
- code: 200
- message: OK
-- request:
- body: null
- headers:
- Accept:
- - application/json
- Accept-Encoding:
- - gzip, deflate
- CommandName:
- - policy definition show
- Connection:
- - keep-alive
- ParameterSetName:
- - -n
- User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
- accept-language:
- - en-US
- method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62?api-version=2019-06-01
- response:
- body:
- string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''1e30110a-5ceb-460c-a204-c1c3969c6d62'' could not be found."}}'
+ ''12f7e5d0-42a7-4630-80d8-54fb7cff9bd6'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -6792,7 +9981,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:09 GMT
+ - Fri, 06 Dec 2019 22:03:35 GMT
expires:
- '-1'
pragma:
@@ -6818,28 +10007,43 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Require tag and its value","policyType":"BuiltIn","mode":"Indexed","description":"Enforces
- a required tag and its value. Does not apply to resource groups.","metadata":{"category":"General"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
- Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
- Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"not":{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","equals":"[parameters(''tagValue'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62","type":"Microsoft.Authorization/policyDefinitions","name":"1e30110a-5ceb-460c-a204-c1c3969c6d62"}'
+ string: '{"properties":{"displayName":"Deploy prerequisites to audit Windows
+ VMs that do not have the specified applications installed","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Windows virtual machines
+ that do not have the specified applications installed. It also creates a system-assigned
+ managed identity and deploys the VM extension for Guest Configuration. This
+ policy should only be used along with its corresponding audit policy in an
+ initiative. For more information on Guest Configuration policies, please visit
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"installedApplication":{"type":"String","metadata":{"displayName":"Application
+ names (supports wildcards)","description":"A semicolon-separated list of the
+ names of the applications that should be installed. e.g. ''Microsoft SQL Server
+ 2014 (64-bit); Microsoft Visual Studio Code'' or ''Microsoft SQL Server 2014*''
+ (to match any application starting with ''Microsoft SQL Server 2014'')"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WhitelistedApplication","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[InstalledApplication]bwhitelistedapp;Name'',
+ ''='', parameters(''installedApplication'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WhitelistedApplication"},"installedApplication":{"value":"[parameters(''installedApplication'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"installedApplication":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]bwhitelistedapp;Name","value":"[parameters(''installedApplication'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]bwhitelistedapp;Name","value":"[parameters(''installedApplication'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6","type":"Microsoft.Authorization/policyDefinitions","name":"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6"}'
headers:
cache-control:
- no-cache
content-length:
- - '822'
+ - '6236'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:09 GMT
+ - Fri, 06 Dec 2019 22:03:35 GMT
expires:
- '-1'
pragma:
@@ -6869,16 +10073,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''1f314764-cb73-4fc9-b863-8eca98ac36e9'' could not be found."}}'
+ ''144f1397-32f9-4598-8c88-118decc3ccba'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -6887,7 +10091,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:10 GMT
+ - Fri, 06 Dec 2019 22:03:36 GMT
expires:
- '-1'
pragma:
@@ -6913,30 +10117,43 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"An Azure Active Directory administrator
- should be provisioned for SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"Audit
- provisioning of an Azure Active Directory administrator for your SQL server
- to enable Azure AD authentication. Azure AD authentication enables simplified
- permission management and centralized identity management of database users
- and other Microsoft services","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/administrators"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","type":"Microsoft.Authorization/policyDefinitions","name":"1f314764-cb73-4fc9-b863-8eca98ac36e9"}'
+ string: '{"properties":{"displayName":"Deploy prerequisites to audit Windows
+ VMs in which the Administrators group contains any of the specified members","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Windows virtual machines
+ in which the Administrators group contains any of the specified members. It
+ also creates a system-assigned managed identity and deploys the VM extension
+ for Guest Configuration. This policy should only be used along with its corresponding
+ audit policy in an initiative. For more information on Guest Configuration
+ policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"MembersToExclude":{"type":"String","metadata":{"displayName":"Members
+ to exclude","description":"A semicolon-separated list of members that should
+ be excluded in the Administrators local group. Ex: Administrator; myUser1;
+ myUser2"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AdministratorsGroupMembersToExclude","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[LocalGroup]AdministratorsGroup;MembersToExclude'',
+ ''='', parameters(''MembersToExclude'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AdministratorsGroupMembersToExclude"},"MembersToExclude":{"value":"[parameters(''MembersToExclude'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"MembersToExclude":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToExclude","value":"[parameters(''MembersToExclude'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToExclude","value":"[parameters(''MembersToExclude'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba","type":"Microsoft.Authorization/policyDefinitions","name":"144f1397-32f9-4598-8c88-118decc3ccba"}'
headers:
cache-control:
- no-cache
content-length:
- - '1048'
+ - '6142'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:10 GMT
+ - Fri, 06 Dec 2019 22:03:37 GMT
expires:
- '-1'
pragma:
@@ -6966,16 +10183,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/1f8c20ce-3414-4496-8b26-0e902a1541da?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''1f8c20ce-3414-4496-8b26-0e902a1541da'' could not be found."}}'
+ ''16390df4-2f73-4b42-af13-c801066763df'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -6984,7 +10201,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:10 GMT
+ - Fri, 06 Dec 2019 22:03:37 GMT
expires:
- '-1'
pragma:
@@ -7010,48 +10227,38 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/1f8c20ce-3414-4496-8b26-0e902a1541da?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
- Windows VMs configurations in ''Security Options - Shutdown''","policyType":"BuiltIn","mode":"Indexed","description":"This
+ string: '{"properties":{"displayName":"[Preview]: Deploy prerequisites to audit
+ Windows VMs that do not have a minimum password age of 1 day","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
- with non-compliant settings in Group Policy category: ''Security Options -
- Shutdown''. It also creates a system-assigned managed identity and deploys
- the VM extension for Guest Configuration. This policy should only be used
- along with its corresponding audit policy in an initiative. For more information
- on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn":{"type":"String","metadata":{"displayName":"Shutdown:
- Allow system to be shut down without having to log on","description":"Specifies
- whether a computer can be shut down when a user is not logged on. If this
- policy setting is enabled, the shutdown command is available on the Windows
- logon screen."},"defaultValue":"0"},"ShutdownClearVirtualMemoryPagefile":{"type":"String","metadata":{"displayName":"Shutdown:
- Clear virtual memory pagefile","description":"Specifies whether the virtual
- memory pagefile is cleared when the system is shut down. When this policy
- setting is enabled, the system pagefile is cleared each time that the system
- shuts down properly. For systems with large amounts of RAM, this could result
- in substantial time needed to complete the shutdown."},"defaultValue":"0"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsShutdown","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''Shutdown:
- Allow system to be shut down without having to log on;ExpectedValue'', ''='',
- parameters(''ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn''), '','',
- ''Shutdown: Clear virtual memory pagefile;ExpectedValue'', ''='', parameters(''ShutdownClearVirtualMemoryPagefile'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsShutdown"},"ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn":{"value":"[parameters(''ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn'')]"},"ShutdownClearVirtualMemoryPagefile":{"value":"[parameters(''ShutdownClearVirtualMemoryPagefile'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn":{"type":"string"},"ShutdownClearVirtualMemoryPagefile":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Shutdown:
- Allow system to be shut down without having to log on;ExpectedValue","value":"[parameters(''ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn'')]"},{"name":"Shutdown:
- Clear virtual memory pagefile;ExpectedValue","value":"[parameters(''ShutdownClearVirtualMemoryPagefile'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f8c20ce-3414-4496-8b26-0e902a1541da","type":"Microsoft.Authorization/policyDefinitions","name":"1f8c20ce-3414-4496-8b26-0e902a1541da"}'
+ that do not have a minimum password age of 1 day. It also creates a system-assigned
+ managed identity and deploys the VM extension for Guest Configuration. This
+ policy should only be used along with its corresponding audit policy in an
+ initiative. For more information on Guest Configuration policies, please visit
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","type":"Microsoft.Authorization/policyDefinitions","name":"16390df4-2f73-4b42-af13-c801066763df"}'
headers:
cache-control:
- no-cache
content-length:
- - '6303'
+ - '5240'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:11 GMT
+ - Fri, 06 Dec 2019 22:03:38 GMT
expires:
- '-1'
pragma:
@@ -7081,16 +10288,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/16f9b37c-4408-4c30-bc17-254958f2e2d6?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''201ea587-7c90-41c3-910f-c280ae01cfd6'' could not be found."}}'
+ ''16f9b37c-4408-4c30-bc17-254958f2e2d6'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -7099,7 +10306,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:11 GMT
+ - Fri, 06 Dec 2019 22:03:40 GMT
expires:
- '-1'
pragma:
@@ -7125,30 +10332,30 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/16f9b37c-4408-4c30-bc17-254958f2e2d6?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"The NSGs rules for web applications on
- IaaS should be hardened","policyType":"BuiltIn","mode":"All","description":"Azure
- security center has discovered that some of your virtual machines are running
- web applications, and the NSGs associated to these virtual machines are overly
- permissive with regards to the web application ports","metadata":{"category":"Security
- Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedWebApplication","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","type":"Microsoft.Authorization/policyDefinitions","name":"201ea587-7c90-41c3-910f-c280ae01cfd6"}'
+ string: '{"properties":{"displayName":"Show audit results from Windows VMs that
+ do not have the specified Windows PowerShell modules installed","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Windows virtual machines that do not have the specified Windows PowerShell
+ modules installed. For more information on Guest Configuration policies, please
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellModules","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16f9b37c-4408-4c30-bc17-254958f2e2d6","type":"Microsoft.Authorization/policyDefinitions","name":"16f9b37c-4408-4c30-bc17-254958f2e2d6"}'
headers:
cache-control:
- no-cache
content-length:
- - '1196'
+ - '2777'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:11 GMT
+ - Fri, 06 Dec 2019 22:03:40 GMT
expires:
- '-1'
pragma:
@@ -7178,16 +10385,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/21e2995e-683e-497a-9e81-2f42ad07050a?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/17763ad9-70c0-4794-9397-53d765932634?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''21e2995e-683e-497a-9e81-2f42ad07050a'' could not be found."}}'
+ ''17763ad9-70c0-4794-9397-53d765932634'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -7196,7 +10403,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:11 GMT
+ - Fri, 06 Dec 2019 22:03:42 GMT
expires:
- '-1'
pragma:
@@ -7222,31 +10429,38 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/21e2995e-683e-497a-9e81-2f42ad07050a?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/17763ad9-70c0-4794-9397-53d765932634?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
- VMs configurations in ''Security Options - Audit''","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines with non-compliant settings in Group Policy
- category: ''Security Options - Audit''. For more information on Guest Configuration
- policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAudit","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21e2995e-683e-497a-9e81-2f42ad07050a","type":"Microsoft.Authorization/policyDefinitions","name":"21e2995e-683e-497a-9e81-2f42ad07050a"}'
+ string: '{"properties":{"displayName":"Deploy associations for a managed application","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ an association resource that associates selected resource types to the specified
+ managed application. This policy deployment does not support nested resource
+ types.","metadata":{"category":"Managed Application"},"parameters":{"targetManagedApplicationId":{"type":"String","metadata":{"displayName":"Managed
+ application Id","description":"Resource ID of the managed application to which
+ resources need to be associated."}},"resourceTypesToAssociate":{"type":"Array","metadata":{"displayName":"Resource
+ types to associate","description":"The list of resource types to be associated
+ to the managed application.","strongType":"resourceTypes"}},"associationNamePrefix":{"type":"String","metadata":{"displayName":"Association
+ name prefix","description":"Prefix to be added to the name of the association
+ resource being created."},"defaultValue":"DeployedByPolicy"}},"policyRule":{"if":{"field":"type","in":"[parameters(''resourceTypesToAssociate'')]"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.CustomProviders/Associations","name":"[concat(parameters(''associationNamePrefix''),
+ ''-'', uniqueString(parameters(''targetManagedApplicationId'')))]","roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"associatedResourceName":{"type":"string"},"resourceTypesToAssociate":{"type":"string"},"targetManagedApplicationId":{"type":"string"},"associationNamePrefix":{"type":"string"}},"variables":{"resourceType":"[concat(parameters(''resourceTypesToAssociate''),
+ ''/providers/associations'')]","resourceName":"[concat(parameters(''associatedResourceName''),
+ ''/microsoft.customproviders/'', parameters(''associationNamePrefix''), ''-'',
+ uniqueString(parameters(''targetManagedApplicationId'')))]"},"resources":[{"type":"Microsoft.Resources/deployments","apiVersion":"2017-05-10","name":"[concat(deployment().Name,
+ ''-2'')]","properties":{"mode":"Incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[{"type":"[variables(''resourceType'')]","name":"[variables(''resourceName'')]","apiVersion":"2018-09-01-preview","properties":{"targetResourceId":"[parameters(''targetManagedApplicationId'')]"}}]}}}]},"parameters":{"resourceTypesToAssociate":{"value":"[field(''type'')]"},"associatedResourceName":{"value":"[field(''name'')]"},"targetManagedApplicationId":{"value":"[parameters(''targetManagedApplicationId'')]"},"associationNamePrefix":{"value":"[parameters(''associationNamePrefix'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17763ad9-70c0-4794-9397-53d765932634","type":"Microsoft.Authorization/policyDefinitions","name":"17763ad9-70c0-4794-9397-53d765932634"}'
headers:
cache-control:
- no-cache
content-length:
- - '2638'
+ - '3060'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:11 GMT
+ - Fri, 06 Dec 2019 22:03:42 GMT
expires:
- '-1'
pragma:
@@ -7276,16 +10490,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''224da9fe-0d38-4e79-adb3-0a6e2af942ac'' could not be found."}}'
+ ''17k78e20-9358-41c9-923c-fb736d382a12'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -7294,7 +10508,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:11 GMT
+ - Fri, 06 Dec 2019 22:03:43 GMT
expires:
- '-1'
pragma:
@@ -7320,28 +10534,27 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Deprecated]: Audit API Apps that are
- not using custom domains","policyType":"BuiltIn","mode":"All","description":"Use
- of custom domains protects a API app from common attacks such as phishing
- and other DNS-related attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac","type":"Microsoft.Authorization/policyDefinitions","name":"224da9fe-0d38-4e79-adb3-0a6e2af942ac"}'
+ string: '{"properties":{"displayName":"Transparent Data Encryption on SQL databases
+ should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
+ transparent data encryption status for SQL databases","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"enabled"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"17k78e20-9358-41c9-923c-fb736d382a12"}'
headers:
cache-control:
- no-cache
content-length:
- - '1150'
+ - '1036'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:11 GMT
+ - Fri, 06 Dec 2019 22:03:43 GMT
expires:
- '-1'
pragma:
@@ -7371,16 +10584,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/225e937e-d32e-4713-ab74-13ce95b3519a?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''225e937e-d32e-4713-ab74-13ce95b3519a'' could not be found."}}'
+ ''1a4e592a-6a6e-44a5-9814-e36264ca96e7'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -7389,7 +10602,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:12 GMT
+ - Fri, 06 Dec 2019 22:03:44 GMT
expires:
- '-1'
pragma:
@@ -7415,31 +10628,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/225e937e-d32e-4713-ab74-13ce95b3519a?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
- VMs configurations in ''System Audit Policies - Account Management''","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines with non-compliant settings in Group Policy
- category: ''System Audit Policies - Account Management''. For more information
- on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesAccountManagement","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/225e937e-d32e-4713-ab74-13ce95b3519a","type":"Microsoft.Authorization/policyDefinitions","name":"225e937e-d32e-4713-ab74-13ce95b3519a"}'
+ string: '{"properties":{"displayName":"Azure Monitor log profile should collect
+ logs for categories ''write,'' ''delete,'' and ''action''","policyType":"BuiltIn","mode":"All","description":"This
+ policy ensures that a log profile collects logs for categories ''write,''
+ ''delete,'' and ''action''","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logprofiles","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Insights/logProfiles/categories[*]","notEquals":"Write"}},{"not":{"field":"Microsoft.Insights/logProfiles/categories[*]","notEquals":"Delete"}},{"not":{"field":"Microsoft.Insights/logProfiles/categories[*]","notEquals":"Action"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7","type":"Microsoft.Authorization/policyDefinitions","name":"1a4e592a-6a6e-44a5-9814-e36264ca96e7"}'
headers:
cache-control:
- no-cache
content-length:
- - '2690'
+ - '1197'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:12 GMT
+ - Fri, 06 Dec 2019 22:03:45 GMT
expires:
- '-1'
pragma:
@@ -7469,16 +10679,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/1a833ff1-d297-4a0f-9944-888428f8e0ff?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''22730e10-96f6-4aac-ad84-9383d35b5917'' could not be found."}}'
+ ''1a833ff1-d297-4a0f-9944-888428f8e0ff'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -7487,7 +10697,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:13 GMT
+ - Fri, 06 Dec 2019 22:03:46 GMT
expires:
- '-1'
pragma:
@@ -7513,29 +10723,29 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/1a833ff1-d297-4a0f-9944-888428f8e0ff?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Management ports should be closed on
- your virtual machines","policyType":"BuiltIn","mode":"All","description":"Open
- remote management ports are exposing your VM to a high level of risk from
- Internet-based attacks. These attacks attempt to brute force credentials to
- gain admin access to the machine.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"restrictAccessToManagementPorts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","type":"Microsoft.Authorization/policyDefinitions","name":"22730e10-96f6-4aac-ad84-9383d35b5917"}'
+ string: '{"properties":{"displayName":"[Preview]: Access to App Services should
+ be restricted","policyType":"BuiltIn","mode":"All","description":"Azure security
+ center has discovered that the networking configuration of some of your app
+ services are overly permissive and allow inbound traffic from ranges that
+ are too broad","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Web/sites"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"restrictAccessToAppServices","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1a833ff1-d297-4a0f-9944-888428f8e0ff","type":"Microsoft.Authorization/policyDefinitions","name":"1a833ff1-d297-4a0f-9944-888428f8e0ff"}'
headers:
cache-control:
- no-cache
content-length:
- - '1171'
+ - '1113'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:13 GMT
+ - Fri, 06 Dec 2019 22:03:47 GMT
expires:
- '-1'
pragma:
@@ -7565,16 +10775,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''22bee202-a82f-4305-9a2a-6d7f44d4dedb'' could not be found."}}'
+ ''1b7aa243-30e4-4c9e-bca8-d0d3022b634a'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -7583,7 +10793,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:13 GMT
+ - Fri, 06 Dec 2019 22:03:48 GMT
expires:
- '-1'
pragma:
@@ -7609,30 +10819,29 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Only secure connections to your Redis
- Cache should be enabled","policyType":"BuiltIn","mode":"All","description":"Audit
- enabling of only connections via SSL to Redis Cache. Use of secure connections
- ensures authentication between the server and the service and protects data
- in transit from network layer attacks such as man-in-the-middle, eavesdropping,
- and session-hijacking","metadata":{"category":"Cache"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Cache/redis"},{"field":"Microsoft.Cache/Redis/enableNonSslPort","equals":"true"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","type":"Microsoft.Authorization/policyDefinitions","name":"22bee202-a82f-4305-9a2a-6d7f44d4dedb"}'
+ string: '{"properties":{"displayName":"Vulnerability assessment should be enabled
+ on your SQL managed instances","policyType":"BuiltIn","mode":"Indexed","description":"Audit
+ SQL managed instances which do not have recurring vulnerability assessment
+ scans enabled. Vulnerability assessment can discover, track, and help you
+ remediate potential database vulnerabilities.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/vulnerabilityAssessments/recurringScans.isEnabled","equals":"True"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a","type":"Microsoft.Authorization/policyDefinitions","name":"1b7aa243-30e4-4c9e-bca8-d0d3022b634a"}'
headers:
cache-control:
- no-cache
content-length:
- - '1066'
+ - '1154'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:13 GMT
+ - Fri, 06 Dec 2019 22:03:48 GMT
expires:
- '-1'
pragma:
@@ -7662,16 +10871,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''23020aa6-1135-4be2-bae2-149982b06eca'' could not be found."}}'
+ ''1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -7680,7 +10889,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:13 GMT
+ - Fri, 06 Dec 2019 22:03:49 GMT
expires:
- '-1'
pragma:
@@ -7706,39 +10915,33 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy prerequisites to audit
- Windows VMs that do not restrict the minimum password length to 14 characters","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Windows virtual machines
- that do not restrict the minimum password length to 14 characters. It also
- creates a system-assigned managed identity and deploys the VM extension for
- Guest Configuration. This policy should only be used along with its corresponding
- audit policy in an initiative. For more information on Guest Configuration
- policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordLength"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","type":"Microsoft.Authorization/policyDefinitions","name":"23020aa6-1135-4be2-bae2-149982b06eca"}'
+ string: '{"properties":{"displayName":"Ensure that ''PHP version'' is the latest,
+ if used as a part of the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for PHP software either due to security flaws
+ or to include additional functionality. Using the latest PHP version for API
+ apps is recommended in order to to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ PHP version","description":"Latest supported PHP version for App Services"},"defaultValue":"7.3"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PHP"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PHP|'',
+ parameters(''PHPLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":"[parameters(''PHPLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba","type":"Microsoft.Authorization/policyDefinitions","name":"1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba"}'
headers:
cache-control:
- no-cache
content-length:
- - '5208'
+ - '1856'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:13 GMT
+ - Fri, 06 Dec 2019 22:03:50 GMT
expires:
- '-1'
pragma:
@@ -7768,16 +10971,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''24dde96d-f0b1-425e-884f-4a1421e2dcdc'' could not be found."}}'
+ ''1c210e94-a481-4beb-95fa-1571b434fb04'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -7786,7 +10989,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:14 GMT
+ - Fri, 06 Dec 2019 22:03:46 GMT
expires:
- '-1'
pragma:
@@ -7812,30 +11015,32 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
- VMs that do not have a maximum password age of 70 days","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines that do not have a maximum password age
- of 70 days. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","type":"Microsoft.Authorization/policyDefinitions","name":"24dde96d-f0b1-425e-884f-4a1421e2dcdc"}'
+ string: '{"properties":{"displayName":"[Preview]: Deploy Dependency Agent for
+ Windows VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
+ Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined
+ and the agent is not installed. The list of OS images will be updated over
+ time as support is updated.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional:
+ List of VM images that have supported Windows OS to add to scope","description":"Example
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentWindows","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''),
+ ''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","type":"Microsoft.Authorization/policyDefinitions","name":"1c210e94-a481-4beb-95fa-1571b434fb04"}'
headers:
cache-control:
- no-cache
content-length:
- - '2748'
+ - '5233'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:14 GMT
+ - Fri, 06 Dec 2019 22:03:47 GMT
expires:
- '-1'
pragma:
@@ -7865,16 +11070,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''26a828e1-e88f-464e-bbb3-c134a282b9de'' could not be found."}}'
+ ''1d84d5fb-01f6-4d12-ba4f-4a26081d403d'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -7883,7 +11088,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:15 GMT
+ - Fri, 06 Dec 2019 22:03:52 GMT
expires:
- '-1'
pragma:
@@ -7909,29 +11114,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Endpoint protection solution should be
- installed on virtual machine scale sets","policyType":"BuiltIn","mode":"Indexed","description":"Audit
- the existence and health of an endpoint protection solution on your virtual
- machines scale sets, to protect them from threats and vulnerabilities.","metadata":{"category":"Security
- Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EndpointProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","type":"Microsoft.Authorization/policyDefinitions","name":"26a828e1-e88f-464e-bbb3-c134a282b9de"}'
+ string: '{"properties":{"displayName":"Virtual machines should be migrated to
+ new Azure Resource Manager resources","policyType":"BuiltIn","mode":"All","description":"Use
+ new Azure Resource Manager for your virtual machines to provide security enhancements
+ such as: stronger access control (RBAC), better auditing, ARM-based deployment
+ and governance, access to managed identities, access to key vault for secrets,
+ Azure AD-based authentication and support for tags and resource groups for
+ easier security management","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.ClassicCompute/virtualMachines","Microsoft.Compute/virtualMachines"]},{"value":"[field(''type'')]","equals":"Microsoft.ClassicCompute/virtualMachines"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","type":"Microsoft.Authorization/policyDefinitions","name":"1d84d5fb-01f6-4d12-ba4f-4a26081d403d"}'
headers:
cache-control:
- no-cache
content-length:
- - '1113'
+ - '1235'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:15 GMT
+ - Fri, 06 Dec 2019 22:03:52 GMT
expires:
- '-1'
pragma:
@@ -7961,16 +11168,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7'' could not be found."}}'
+ ''1de7b11d-1870-41a5-8181-507e7c663cfb'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -7979,7 +11186,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:15 GMT
+ - Fri, 06 Dec 2019 22:03:54 GMT
expires:
- '-1'
pragma:
@@ -8005,31 +11212,29 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Metric alert rules should be configured
- on Batch accounts","policyType":"BuiltIn","mode":"Indexed","description":"Audit
- configuration of metric alert rules on Batch account to enable the required
- metric","metadata":{"category":"Batch"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"metricName":{"type":"String","metadata":{"displayName":"Metric
- name","description":"The metric name that an alert rule must be enabled on"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Batch/batchAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/alertRules","existenceScope":"Subscription","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/alertRules/isEnabled","equals":"true"},{"field":"Microsoft.Insights/alertRules/condition.dataSource.metricName","equals":"[parameters(''metricName'')]"},{"field":"Microsoft.Insights/alertRules/condition.dataSource.resourceUri","equals":"[concat(''/subscriptions/'',
- subscription().subscriptionId, ''/resourcegroups/'', resourceGroup().name,
- ''/providers/Microsoft.Batch/batchAccounts/'', field(''name''))]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","type":"Microsoft.Authorization/policyDefinitions","name":"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7"}'
+ string: '{"properties":{"displayName":"[Deprecated]: Audit API Applications
+ that are not using latest supported .NET Framework","policyType":"BuiltIn","mode":"All","description":"Use
+ the latest supported .NET Framework version for the latest security classes.
+ Using older classes and types can make your application vulnerable.","metadata":{"category":"Security
+ Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestDotNet","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb","type":"Microsoft.Authorization/policyDefinitions","name":"1de7b11d-1870-41a5-8181-507e7c663cfb"}'
headers:
cache-control:
- no-cache
content-length:
- - '1489'
+ - '1213'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:15 GMT
+ - Fri, 06 Dec 2019 22:03:54 GMT
expires:
- '-1'
pragma:
@@ -8059,16 +11264,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''2835b622-407b-4114-9198-6f7064cbe0dc'' could not be found."}}'
+ ''1e30110a-5ceb-460c-a204-c1c3969c6d62'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -8077,7 +11282,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:15 GMT
+ - Fri, 06 Dec 2019 22:03:56 GMT
expires:
- '-1'
pragma:
@@ -8103,36 +11308,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Deploy default Microsoft IaaSAntimalware
- extension for Windows Server","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy deploys a Microsoft IaaSAntimalware extension with a default configuration
- when a VM is not configured with the antimalware extension.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk"]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"ExclusionsPaths":{"type":"string","defaultValue":"","metadata":{"description":"Semicolon
- delimited list of file paths or locations to exclude from scanning"}},"ExclusionsExtensions":{"type":"string","defaultValue":"","metadata":{"description":"Semicolon
- delimited list of file extensions to exclude from scanning"}},"ExclusionsProcesses":{"type":"string","defaultValue":"","metadata":{"description":"Semicolon
- delimited list of process names to exclude from scanning"}},"RealtimeProtectionEnabled":{"type":"string","defaultValue":"true","metadata":{"description":"Indicates
- whether or not real time protection is enabled (default is true)"}},"ScheduledScanSettingsIsEnabled":{"type":"string","defaultValue":"false","metadata":{"description":"Indicates
- whether or not custom scheduled scan settings are enabled (default is false)"}},"ScheduledScanSettingsScanType":{"type":"string","defaultValue":"Quick","metadata":{"description":"Indicates
- whether scheduled scan setting type is set to Quick or Full (default is Quick)"}},"ScheduledScanSettingsDay":{"type":"string","defaultValue":"7","metadata":{"description":"Day
- of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)"}},"ScheduledScanSettingsTime":{"type":"string","defaultValue":"120","metadata":{"description":"When
- to perform the scheduled scan, measured in minutes from midnight (0-1440).
- For example: 0 = 12AM, 60 = 1AM, 120 = 2AM."}}},"resources":[{"name":"[concat(parameters(''vmName''),''/IaaSAntimalware'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2017-12-01","properties":{"publisher":"Microsoft.Azure.Security","type":"IaaSAntimalware","typeHandlerVersion":"1.3","autoUpgradeMinorVersion":true,"settings":{"AntimalwareEnabled":true,"RealtimeProtectionEnabled":"[parameters(''RealtimeProtectionEnabled'')]","ScheduledScanSettings":{"isEnabled":"[parameters(''ScheduledScanSettingsIsEnabled'')]","day":"[parameters(''ScheduledScanSettingsDay'')]","time":"[parameters(''ScheduledScanSettingsTime'')]","scanType":"[parameters(''ScheduledScanSettingsScanType'')]"},"Exclusions":{"Extensions":"[parameters(''ExclusionsExtensions'')]","Paths":"[parameters(''ExclusionsPaths'')]","Processes":"[parameters(''ExclusionsProcesses'')]"}}}}]},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"RealtimeProtectionEnabled":{"value":"true"},"ScheduledScanSettingsIsEnabled":{"value":"true"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc","type":"Microsoft.Authorization/policyDefinitions","name":"2835b622-407b-4114-9198-6f7064cbe0dc"}'
+ string: '{"properties":{"displayName":"Require tag and its value","policyType":"BuiltIn","mode":"Indexed","description":"Enforces
+ a required tag and its value. Does not apply to resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
+ Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"not":{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","equals":"[parameters(''tagValue'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62","type":"Microsoft.Authorization/policyDefinitions","name":"1e30110a-5ceb-460c-a204-c1c3969c6d62"}'
headers:
cache-control:
- no-cache
content-length:
- - '4556'
+ - '819'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:16 GMT
+ - Fri, 06 Dec 2019 22:03:56 GMT
expires:
- '-1'
pragma:
@@ -8162,16 +11359,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/29829ec2-489d-4925-81b7-bda06b1718e0?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''29829ec2-489d-4925-81b7-bda06b1718e0'' could not be found."}}'
+ ''1f314764-cb73-4fc9-b863-8eca98ac36e9'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -8180,7 +11377,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:16 GMT
+ - Fri, 06 Dec 2019 22:03:57 GMT
expires:
- '-1'
pragma:
@@ -8206,31 +11403,30 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/29829ec2-489d-4925-81b7-bda06b1718e0?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
- VMs configurations in ''Security Options - User Account Control''","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines with non-compliant settings in Group Policy
- category: ''Security Options - User Account Control''. For more information
- on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsUserAccountControl","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/29829ec2-489d-4925-81b7-bda06b1718e0","type":"Microsoft.Authorization/policyDefinitions","name":"29829ec2-489d-4925-81b7-bda06b1718e0"}'
+ string: '{"properties":{"displayName":"An Azure Active Directory administrator
+ should be provisioned for SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"Audit
+ provisioning of an Azure Active Directory administrator for your SQL server
+ to enable Azure AD authentication. Azure AD authentication enables simplified
+ permission management and centralized identity management of database users
+ and other Microsoft services","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/administrators"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","type":"Microsoft.Authorization/policyDefinitions","name":"1f314764-cb73-4fc9-b863-8eca98ac36e9"}'
headers:
cache-control:
- no-cache
content-length:
- - '2681'
+ - '1048'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:16 GMT
+ - Fri, 06 Dec 2019 22:03:57 GMT
expires:
- '-1'
pragma:
@@ -8260,16 +11456,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''2a0e14a6-b0a6-4fab-991a-187a4f81c498'' could not be found."}}'
+ ''1f6e93e8-6b31-41b1-83f6-36e449a42579'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -8278,7 +11474,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:16 GMT
+ - Fri, 06 Dec 2019 22:03:58 GMT
expires:
- '-1'
pragma:
@@ -8304,32 +11500,39 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Append tag and its default value","policyType":"BuiltIn","mode":"Indexed","description":"Appends
- the specified tag and value when any resource which is missing this tag is
- created or updated. Does not modify the tags of resources created before this
- policy was applied until those resources are changed. Does not apply to resource
- groups.","metadata":{"category":"General"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
- Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
- Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","exists":"false"},"then":{"effect":"append","details":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498","type":"Microsoft.Authorization/policyDefinitions","name":"2a0e14a6-b0a6-4fab-991a-187a4f81c498"}'
+ string: '{"properties":{"displayName":"Deploy Diagnostic Settings for Event
+ Hub to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Event Hub to stream to a regional Log Analytics
+ workspace when any Event Hub which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.EventHub/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ArchiveLogs","enabled":true,"retentionPolicy":{"enabled":false,"days":0}},{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"AutoScaleLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"KafkaCoordinatorLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"EventHubVNetConnectionEvent","enabled":"[parameters(''logsEnabled'')]"},{"category":"CustomerManagedKeyUserLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579","type":"Microsoft.Authorization/policyDefinitions","name":"1f6e93e8-6b31-41b1-83f6-36e449a42579"}'
headers:
cache-control:
- no-cache
content-length:
- - '1085'
+ - '4108'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:16 GMT
+ - Fri, 06 Dec 2019 22:03:59 GMT
expires:
- '-1'
pragma:
@@ -8359,16 +11562,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/1f8c20ce-3414-4496-8b26-0e902a1541da?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''2c89a2e5-7285-40fe-afe0-ae8654b92fb2'' could not be found."}}'
+ ''1f8c20ce-3414-4496-8b26-0e902a1541da'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -8377,7 +11580,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:17 GMT
+ - Fri, 06 Dec 2019 22:04:00 GMT
expires:
- '-1'
pragma:
@@ -8403,26 +11606,48 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/1f8c20ce-3414-4496-8b26-0e902a1541da?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Unattached disks should be encrypted","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy audits any unattached disk without encryption enabled.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/disks"},{"field":"Microsoft.Compute/disks/diskState","equals":"Unattached"},{"anyOf":[{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","exists":"false"},{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","type":"Microsoft.Authorization/policyDefinitions","name":"2c89a2e5-7285-40fe-afe0-ae8654b92fb2"}'
+ string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
+ Windows VMs configurations in ''Security Options - Shutdown''","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Windows virtual machines
+ with non-compliant settings in Group Policy category: ''Security Options -
+ Shutdown''. It also creates a system-assigned managed identity and deploys
+ the VM extension for Guest Configuration. This policy should only be used
+ along with its corresponding audit policy in an initiative. For more information
+ on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn":{"type":"String","metadata":{"displayName":"Shutdown:
+ Allow system to be shut down without having to log on","description":"Specifies
+ whether a computer can be shut down when a user is not logged on. If this
+ policy setting is enabled, the shutdown command is available on the Windows
+ logon screen."},"defaultValue":"0"},"ShutdownClearVirtualMemoryPagefile":{"type":"String","metadata":{"displayName":"Shutdown:
+ Clear virtual memory pagefile","description":"Specifies whether the virtual
+ memory pagefile is cleared when the system is shut down. When this policy
+ setting is enabled, the system pagefile is cleared each time that the system
+ shuts down properly. For systems with large amounts of RAM, this could result
+ in substantial time needed to complete the shutdown."},"defaultValue":"0"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsShutdown","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''Shutdown:
+ Allow system to be shut down without having to log on;ExpectedValue'', ''='',
+ parameters(''ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn''), '','',
+ ''Shutdown: Clear virtual memory pagefile;ExpectedValue'', ''='', parameters(''ShutdownClearVirtualMemoryPagefile'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsShutdown"},"ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn":{"value":"[parameters(''ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn'')]"},"ShutdownClearVirtualMemoryPagefile":{"value":"[parameters(''ShutdownClearVirtualMemoryPagefile'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn":{"type":"string"},"ShutdownClearVirtualMemoryPagefile":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Shutdown:
+ Allow system to be shut down without having to log on;ExpectedValue","value":"[parameters(''ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn'')]"},{"name":"Shutdown:
+ Clear virtual memory pagefile;ExpectedValue","value":"[parameters(''ShutdownClearVirtualMemoryPagefile'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f8c20ce-3414-4496-8b26-0e902a1541da","type":"Microsoft.Authorization/policyDefinitions","name":"1f8c20ce-3414-4496-8b26-0e902a1541da"}'
headers:
cache-control:
- no-cache
content-length:
- - '1007'
+ - '6303'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:17 GMT
+ - Fri, 06 Dec 2019 22:04:01 GMT
expires:
- '-1'
pragma:
@@ -8452,16 +11677,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''2d60d3b7-aa10-454c-88a8-de39d99d17c6'' could not be found."}}'
+ ''201ea587-7c90-41c3-910f-c280ae01cfd6'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -8470,7 +11695,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:17 GMT
+ - Fri, 06 Dec 2019 22:04:01 GMT
expires:
- '-1'
pragma:
@@ -8496,30 +11721,128 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"The NSGs rules for web applications on
+ IaaS should be hardened","policyType":"BuiltIn","mode":"All","description":"Azure
+ security center has discovered that some of your virtual machines are running
+ web applications, and the NSGs associated to these virtual machines are overly
+ permissive with regards to the web application ports","metadata":{"category":"Security
+ Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedWebApplication","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","type":"Microsoft.Authorization/policyDefinitions","name":"201ea587-7c90-41c3-910f-c280ae01cfd6"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1196'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:04:02 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/21e2995e-683e-497a-9e81-2f42ad07050a?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''21e2995e-683e-497a-9e81-2f42ad07050a'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:04:04 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/21e2995e-683e-497a-9e81-2f42ad07050a?api-version=2019-09-01
response:
body:
string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
- VMs that do not store passwords using reversible encryption","policyType":"BuiltIn","mode":"All","description":"This
+ VMs configurations in ''Security Options - Audit''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines that do not store passwords using reversible
- encryption. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"StorePasswordsUsingReversibleEncryption","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6","type":"Microsoft.Authorization/policyDefinitions","name":"2d60d3b7-aa10-454c-88a8-de39d99d17c6"}'
+ auditing Windows virtual machines with non-compliant settings in Group Policy
+ category: ''Security Options - Audit''. For more information on Guest Configuration
+ policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAudit","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/21e2995e-683e-497a-9e81-2f42ad07050a","type":"Microsoft.Authorization/policyDefinitions","name":"21e2995e-683e-497a-9e81-2f42ad07050a"}'
headers:
cache-control:
- no-cache
content-length:
- - '2779'
+ - '2638'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:17 GMT
+ - Fri, 06 Dec 2019 22:04:05 GMT
expires:
- '-1'
pragma:
@@ -8549,16 +11872,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''2d67222d-05fd-4526-a171-2ee132ad9e83'' could not be found."}}'
+ ''224da9fe-0d38-4e79-adb3-0a6e2af942ac'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -8567,7 +11890,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:18 GMT
+ - Fri, 06 Dec 2019 22:04:05 GMT
expires:
- '-1'
pragma:
@@ -8593,30 +11916,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Show audit results from Linux
- VMs that allow remote connections from accounts without passwords","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Linux virtual machines that allow remote connections from accounts
- without passwords. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","type":"Microsoft.Authorization/policyDefinitions","name":"2d67222d-05fd-4526-a171-2ee132ad9e83"}'
+ string: '{"properties":{"displayName":"[Deprecated]: Audit API Apps that are
+ not using custom domains","policyType":"BuiltIn","mode":"All","description":"Use
+ of custom domains protects a API app from common attacks such as phishing
+ and other DNS-related attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac","type":"Microsoft.Authorization/policyDefinitions","name":"224da9fe-0d38-4e79-adb3-0a6e2af942ac"}'
headers:
cache-control:
- no-cache
content-length:
- - '3214'
+ - '1150'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:18 GMT
+ - Fri, 06 Dec 2019 22:04:06 GMT
expires:
- '-1'
pragma:
@@ -8646,112 +11967,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/225e937e-d32e-4713-ab74-13ce95b3519a?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''2fde8a98-6892-426a-83ba-050e640c0ce0'' could not be found."}}'
- headers:
- cache-control:
- - no-cache
- content-length:
- - '138'
- content-type:
- - application/json; charset=utf-8
- date:
- - Mon, 09 Sep 2019 23:47:18 GMT
- expires:
- - '-1'
- pragma:
- - no-cache
- strict-transport-security:
- - max-age=31536000; includeSubDomains
- x-content-type-options:
- - nosniff
- status:
- code: 404
- message: Not Found
-- request:
- body: null
- headers:
- Accept:
- - application/json
- Accept-Encoding:
- - gzip, deflate
- CommandName:
- - policy definition show
- Connection:
- - keep-alive
- ParameterSetName:
- - -n
- User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
- accept-language:
- - en-US
- method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0?api-version=2019-06-01
- response:
- body:
- string: '{"properties":{"displayName":"[Deprecated]: Web Application should
- only be accessible over HTTPS","policyType":"BuiltIn","mode":"All","description":"Use
- of HTTPS ensures server/service authentication and protects data in transit
- from network layer eavesdropping attacks.","metadata":{"category":"Security
- Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForWebApplication","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0","type":"Microsoft.Authorization/policyDefinitions","name":"2fde8a98-6892-426a-83ba-050e640c0ce0"}'
- headers:
- cache-control:
- - no-cache
- content-length:
- - '1247'
- content-type:
- - application/json; charset=utf-8
- date:
- - Mon, 09 Sep 2019 23:47:18 GMT
- expires:
- - '-1'
- pragma:
- - no-cache
- strict-transport-security:
- - max-age=31536000; includeSubDomains
- transfer-encoding:
- - chunked
- vary:
- - Accept-Encoding,Accept-Encoding
- x-content-type-options:
- - nosniff
- status:
- code: 200
- message: OK
-- request:
- body: null
- headers:
- Accept:
- - application/json
- Accept-Encoding:
- - gzip, deflate
- CommandName:
- - policy definition show
- Connection:
- - keep-alive
- ParameterSetName:
- - -n
- User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
- accept-language:
- - en-US
- method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/30040dab-4e75-4456-8273-14b8f75d91d9?api-version=2019-06-01
- response:
- body:
- string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''30040dab-4e75-4456-8273-14b8f75d91d9'' could not be found."}}'
+ ''225e937e-d32e-4713-ab74-13ce95b3519a'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -8760,7 +11985,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:18 GMT
+ - Fri, 06 Dec 2019 22:04:07 GMT
expires:
- '-1'
pragma:
@@ -8786,31 +12011,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/30040dab-4e75-4456-8273-14b8f75d91d9?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/225e937e-d32e-4713-ab74-13ce95b3519a?api-version=2019-09-01
response:
body:
string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
- VMs configurations in ''Security Options - Network Access''","policyType":"BuiltIn","mode":"All","description":"This
+ VMs configurations in ''System Audit Policies - Account Management''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines with non-compliant settings in Group Policy
- category: ''Security Options - Network Access''. For more information on Guest
- Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsNetworkAccess","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/30040dab-4e75-4456-8273-14b8f75d91d9","type":"Microsoft.Authorization/policyDefinitions","name":"30040dab-4e75-4456-8273-14b8f75d91d9"}'
+ category: ''System Audit Policies - Account Management''. For more information
+ on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesAccountManagement","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/225e937e-d32e-4713-ab74-13ce95b3519a","type":"Microsoft.Authorization/policyDefinitions","name":"225e937e-d32e-4713-ab74-13ce95b3519a"}'
headers:
cache-control:
- no-cache
content-length:
- - '2664'
+ - '2690'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:18 GMT
+ - Fri, 06 Dec 2019 22:04:08 GMT
expires:
- '-1'
pragma:
@@ -8840,16 +12065,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/315c850a-272d-4502-8935-b79010405970?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''315c850a-272d-4502-8935-b79010405970'' could not be found."}}'
+ ''22730e10-96f6-4aac-ad84-9383d35b5917'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -8858,7 +12083,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:19 GMT
+ - Fri, 06 Dec 2019 22:04:09 GMT
expires:
- '-1'
pragma:
@@ -8884,41 +12109,29 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/315c850a-272d-4502-8935-b79010405970?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Deploy prerequisites to audit Windows
- VMs that are not joined to the specified domain","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Windows virtual machines
- that are not joined to the specified domain. It also creates a system-assigned
- managed identity and deploys the VM extension for Guest Configuration. This
- policy should only be used along with its corresponding audit policy in an
- initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"DomainName":{"type":"String","metadata":{"displayName":"Domain
- Name (FQDN)","description":"The fully qualified domain name (FQDN) that the
- Windows VMs should be joined to"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDomainMembership","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[DomainMembership]WindowsDomainMembership;DomainName'',
- ''='', parameters(''DomainName'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDomainMembership"},"DomainName":{"value":"[parameters(''DomainName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"DomainName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[DomainMembership]WindowsDomainMembership;DomainName","value":"[parameters(''DomainName'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[DomainMembership]WindowsDomainMembership;DomainName","value":"[parameters(''DomainName'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/315c850a-272d-4502-8935-b79010405970","type":"Microsoft.Authorization/policyDefinitions","name":"315c850a-272d-4502-8935-b79010405970"}'
+ string: '{"properties":{"displayName":"Management ports should be closed on
+ your virtual machines","policyType":"BuiltIn","mode":"All","description":"Open
+ remote management ports are exposing your VM to a high level of risk from
+ Internet-based attacks. These attacks attempt to brute force credentials to
+ gain admin access to the machine.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"restrictAccessToManagementPorts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917","type":"Microsoft.Authorization/policyDefinitions","name":"22730e10-96f6-4aac-ad84-9383d35b5917"}'
headers:
cache-control:
- no-cache
content-length:
- - '5907'
+ - '1171'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:19 GMT
+ - Fri, 06 Dec 2019 22:04:09 GMT
expires:
- '-1'
pragma:
@@ -8948,16 +12161,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''32133ab0-ee4b-4b44-98d6-042180979d50'' could not be found."}}'
+ ''22bee202-a82f-4305-9a2a-6d7f44d4dedb'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -8966,7 +12179,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:19 GMT
+ - Fri, 06 Dec 2019 22:04:10 GMT
expires:
- '-1'
pragma:
@@ -8992,32 +12205,30 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Audit Log Analytics Agent
- Deployment - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports
- VMs as non-compliant if the VM Image (OS) is not in the list defined and the
- agent is not installed. The list of OS images will be updated over time as
- support is updated.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude_windows":{"type":"Array","metadata":{"displayName":"Optional:
- List of VM images that have supported Windows OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
- List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","type":"Microsoft.Authorization/policyDefinitions","name":"32133ab0-ee4b-4b44-98d6-042180979d50"}'
+ string: '{"properties":{"displayName":"Only secure connections to your Redis
+ Cache should be enabled","policyType":"BuiltIn","mode":"All","description":"Audit
+ enabling of only connections via SSL to Redis Cache. Use of secure connections
+ ensures authentication between the server and the service and protects data
+ in transit from network layer attacks such as man-in-the-middle, eavesdropping,
+ and session-hijacking","metadata":{"category":"Cache"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Cache/redis"},{"field":"Microsoft.Cache/Redis/enableNonSslPort","equals":"true"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","type":"Microsoft.Authorization/policyDefinitions","name":"22bee202-a82f-4305-9a2a-6d7f44d4dedb"}'
headers:
cache-control:
- no-cache
content-length:
- - '5925'
+ - '1066'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:20 GMT
+ - Fri, 06 Dec 2019 22:04:11 GMT
expires:
- '-1'
pragma:
@@ -9047,16 +12258,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/32b1e4d4-6cd5-47b4-a935-169da8a5c262?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''32b1e4d4-6cd5-47b4-a935-169da8a5c262'' could not be found."}}'
+ ''23020aa6-1135-4be2-bae2-149982b06eca'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -9065,7 +12276,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:20 GMT
+ - Fri, 06 Dec 2019 22:04:12 GMT
expires:
- '-1'
pragma:
@@ -9091,42 +12302,39 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/32b1e4d4-6cd5-47b4-a935-169da8a5c262?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Deploy prerequisites to audit Windows
- VMs on which the specified services are not installed and ''Running''","policyType":"BuiltIn","mode":"Indexed","description":"This
+ string: '{"properties":{"displayName":"[Preview]: Deploy prerequisites to audit
+ Windows VMs that do not restrict the minimum password length to 14 characters","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
- on which the specified services are not installed and ''Running''. It also
+ that do not restrict the minimum password length to 14 characters. It also
creates a system-assigned managed identity and deploys the VM extension for
Guest Configuration. This policy should only be used along with its corresponding
audit policy in an initiative. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"ServiceName":{"type":"String","metadata":{"displayName":"Service
- names (supports wildcards)","description":"A semicolon-separated list of the
- names of the services that should be installed and ''Running''. e.g. ''WinRm;Wi*''"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsServiceStatus","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[WindowsServiceStatus]WindowsServiceStatus1;ServiceName'',
- ''='', parameters(''ServiceName'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsServiceStatus"},"ServiceName":{"value":"[parameters(''ServiceName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ServiceName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsServiceStatus]WindowsServiceStatus1;ServiceName","value":"[parameters(''ServiceName'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsServiceStatus]WindowsServiceStatus1;ServiceName","value":"[parameters(''ServiceName'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32b1e4d4-6cd5-47b4-a935-169da8a5c262","type":"Microsoft.Authorization/policyDefinitions","name":"32b1e4d4-6cd5-47b4-a935-169da8a5c262"}'
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MinimumPasswordLength"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","type":"Microsoft.Authorization/policyDefinitions","name":"23020aa6-1135-4be2-bae2-149982b06eca"}'
headers:
cache-control:
- no-cache
content-length:
- - '6006'
+ - '5280'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:20 GMT
+ - Fri, 06 Dec 2019 22:04:12 GMT
expires:
- '-1'
pragma:
@@ -9156,16 +12364,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/235359c5-7c52-4b82-9055-01c75cf9f60e?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''3470477a-b35a-49db-aca5-1073d04524fe'' could not be found."}}'
+ ''235359c5-7c52-4b82-9055-01c75cf9f60e'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -9174,7 +12382,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:20 GMT
+ - Fri, 06 Dec 2019 22:04:14 GMT
expires:
- '-1'
pragma:
@@ -9200,38 +12408,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/235359c5-7c52-4b82-9055-01c75cf9f60e?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy prerequisites to audit
- Linux VMs that have accounts without passwords","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Linux virtual machines
- that have accounts without passwords. It also creates a system-assigned managed
- identity and deploys the VM extension for Guest Configuration. This policy
- should only be used along with its corresponding audit policy in an initiative.
- For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid232","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid232"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","type":"Microsoft.Authorization/policyDefinitions","name":"3470477a-b35a-49db-aca5-1073d04524fe"}'
+ string: '{"properties":{"displayName":"Service Bus should use a virtual network
+ service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Service Bus not configured to use a virtual network service
+ endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.ServiceBus/namespaces/virtualNetworkRules","existenceCondition":{"field":"Microsoft.ServiceBus/namespaces/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/235359c5-7c52-4b82-9055-01c75cf9f60e","type":"Microsoft.Authorization/policyDefinitions","name":"235359c5-7c52-4b82-9055-01c75cf9f60e"}'
headers:
cache-control:
- no-cache
content-length:
- - '5588'
+ - '1009'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:20 GMT
+ - Fri, 06 Dec 2019 22:04:14 GMT
expires:
- '-1'
pragma:
@@ -9261,16 +12459,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''34c877ad-507e-4c82-993e-3452a6e0ad3c'' could not be found."}}'
+ ''237e0f7e-b0e8-4ec4-ad46-8c12cb66d673'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -9279,7 +12477,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:21 GMT
+ - Fri, 06 Dec 2019 22:04:16 GMT
expires:
- '-1'
pragma:
@@ -9305,31 +12503,39 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Audit unrestricted network access to
- storage accounts","policyType":"BuiltIn","mode":"Indexed","description":"Audit
- unrestricted network access in your storage account firewall settings. Instead,
- configure network rules so only applications from allowed networks can access
- the storage account. To allow connections from specific internet or on-premise
- clients, access can be granted to traffic from specific Azure virtual networks
- or to public internet IP address ranges","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.defaultAction","equals":"Allow"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","type":"Microsoft.Authorization/policyDefinitions","name":"34c877ad-507e-4c82-993e-3452a6e0ad3c"}'
+ string: '{"properties":{"displayName":"Deploy Diagnostic Settings for Stream
+ Analytics to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Stream Analytics to stream to a regional Log Analytics
+ workspace when any Stream Analytics which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingjobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.StreamAnalytics/streamingjobs/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Execution","enabled":"[parameters(''logsEnabled'')]"},{"category":"Authoring","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673","type":"Microsoft.Authorization/policyDefinitions","name":"237e0f7e-b0e8-4ec4-ad46-8c12cb66d673"}'
headers:
cache-control:
- no-cache
content-length:
- - '1158'
+ - '3811'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:21 GMT
+ - Fri, 06 Dec 2019 22:04:16 GMT
expires:
- '-1'
pragma:
@@ -9359,16 +12565,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''34f95f76-5386-4de7-b824-0d8478470c9d'' could not be found."}}'
+ ''24dde96d-f0b1-425e-884f-4a1421e2dcdc'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -9377,7 +12583,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:21 GMT
+ - Fri, 06 Dec 2019 22:04:18 GMT
expires:
- '-1'
pragma:
@@ -9403,31 +12609,30 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Diagnostic logs in Logic Apps should
- be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit enabling
- of diagnostic logs. This enables you to recreate activity trails to use for
- investigation purposes; when a security incident occurs or when your network
- is compromised","metadata":{"category":"Logic Apps"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
- retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","type":"Microsoft.Authorization/policyDefinitions","name":"34f95f76-5386-4de7-b824-0d8478470c9d"}'
+ string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
+ VMs that do not have a maximum password age of 70 days","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Windows virtual machines that do not have a maximum password age
+ of 70 days. For more information on Guest Configuration policies, please visit
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","type":"Microsoft.Authorization/policyDefinitions","name":"24dde96d-f0b1-425e-884f-4a1421e2dcdc"}'
headers:
cache-control:
- no-cache
content-length:
- - '1780'
+ - '2748'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:21 GMT
+ - Fri, 06 Dec 2019 22:04:19 GMT
expires:
- '-1'
pragma:
@@ -9457,16 +12662,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/25763a0a-5783-4f14-969e-79d4933eb74b?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''356a906e-05e5-4625-8729-90771e0ee934'' could not be found."}}'
+ ''25763a0a-5783-4f14-969e-79d4933eb74b'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -9475,7 +12680,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:22 GMT
+ - Fri, 06 Dec 2019 22:04:19 GMT
expires:
- '-1'
pragma:
@@ -9501,38 +12706,39 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/25763a0a-5783-4f14-969e-79d4933eb74b?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy prerequisites to audit
- Windows VMs that do not have a maximum password age of 70 days","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Windows virtual machines
- that do not have a maximum password age of 70 days. It also creates a system-assigned
- managed identity and deploys the VM extension for Guest Configuration. This
- policy should only be used along with its corresponding audit policy in an
- initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MaximumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","type":"Microsoft.Authorization/policyDefinitions","name":"356a906e-05e5-4625-8729-90771e0ee934"}'
+ string: '{"properties":{"displayName":"Deploy Diagnostic Settings for Data Lake
+ Storage Gen1 to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Storage Gen1 to stream to a regional
+ Log Analytics workspace when any Data Lake Storage Gen1 which is missing this
+ diagnostic settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeStore/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/25763a0a-5783-4f14-969e-79d4933eb74b","type":"Microsoft.Authorization/policyDefinitions","name":"25763a0a-5783-4f14-969e-79d4933eb74b"}'
headers:
cache-control:
- no-cache
content-length:
- - '5172'
+ - '3810'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:22 GMT
+ - Fri, 06 Dec 2019 22:04:20 GMT
expires:
- '-1'
pragma:
@@ -9562,16 +12768,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''358c20a6-3f9e-4f0e-97ff-c6ce485e2aac'' could not be found."}}'
+ ''26a828e1-e88f-464e-bbb3-c134a282b9de'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -9580,7 +12786,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:22 GMT
+ - Fri, 06 Dec 2019 22:04:21 GMT
expires:
- '-1'
pragma:
@@ -9606,29 +12812,29 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"CORS should not allow every resource
- to access your API App","policyType":"BuiltIn","mode":"Indexed","description":"Cross-Origin
- Resource Sharing (CORS) should not allow all domains to access your API app.
- Allow only required domains to interact with your API app.","metadata":{"category":"App
- Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","type":"Microsoft.Authorization/policyDefinitions","name":"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac"}'
+ string: '{"properties":{"displayName":"Endpoint protection solution should be
+ installed on virtual machine scale sets","policyType":"BuiltIn","mode":"Indexed","description":"Audit
+ the existence and health of an endpoint protection solution on your virtual
+ machines scale sets, to protect them from threats and vulnerabilities.","metadata":{"category":"Security
+ Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EndpointProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de","type":"Microsoft.Authorization/policyDefinitions","name":"26a828e1-e88f-464e-bbb3-c134a282b9de"}'
headers:
cache-control:
- no-cache
content-length:
- - '1056'
+ - '1113'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:22 GMT
+ - Fri, 06 Dec 2019 22:04:22 GMT
expires:
- '-1'
pragma:
@@ -9658,16 +12864,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''35f9c03a-cc27-418e-9c0c-539ff999d010'' could not be found."}}'
+ ''26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -9676,7 +12882,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:22 GMT
+ - Fri, 06 Dec 2019 22:04:23 GMT
expires:
- '-1'
pragma:
@@ -9702,28 +12908,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Gateway subnets should not be configured
- with a network security group","policyType":"BuiltIn","mode":"All","description":"This
- policy denies if a gateway subnet is configured with a network security group.
- Assigning a network security group to a gateway subnet will cause the gateway
- to stop functioning.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},{"field":"name","equals":"GatewaySubnet"},{"field":"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id","exists":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010","type":"Microsoft.Authorization/policyDefinitions","name":"35f9c03a-cc27-418e-9c0c-539ff999d010"}'
+ string: '{"properties":{"displayName":"Metric alert rules should be configured
+ on Batch accounts","policyType":"BuiltIn","mode":"Indexed","description":"Audit
+ configuration of metric alert rules on Batch account to enable the required
+ metric","metadata":{"category":"Batch"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"metricName":{"type":"String","metadata":{"displayName":"Metric
+ name","description":"The metric name that an alert rule must be enabled on"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Batch/batchAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/alertRules","existenceScope":"Subscription","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/alertRules/isEnabled","equals":"true"},{"field":"Microsoft.Insights/alertRules/condition.dataSource.metricName","equals":"[parameters(''metricName'')]"},{"field":"Microsoft.Insights/alertRules/condition.dataSource.resourceUri","equals":"[concat(''/subscriptions/'',
+ subscription().subscriptionId, ''/resourcegroups/'', resourceGroup().name,
+ ''/providers/Microsoft.Batch/batchAccounts/'', field(''name''))]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","type":"Microsoft.Authorization/policyDefinitions","name":"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7"}'
headers:
cache-control:
- no-cache
content-length:
- - '845'
+ - '1489'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:22 GMT
+ - Fri, 06 Dec 2019 22:04:24 GMT
expires:
- '-1'
pragma:
@@ -9753,16 +12962,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''361c2074-3595-4e5d-8cab-4f21dffc835c'' could not be found."}}'
+ ''2835b622-407b-4114-9198-6f7064cbe0dc'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -9771,7 +12980,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:23 GMT
+ - Fri, 06 Dec 2019 22:04:24 GMT
expires:
- '-1'
pragma:
@@ -9797,28 +13006,36 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Deploy Advanced Threat Protection on
- Storage Accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy enables Advanced Threat Protection on Storage Accounts.","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Storage/storageAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"storageAccountName":{"type":"string"}},"resources":[{"apiVersion":"2017-08-01-preview","type":"Microsoft.Storage/storageAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''storageAccountName''),
- ''/Microsoft.Security/current'')]","properties":{"isEnabled":true}}]},"parameters":{"storageAccountName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c","type":"Microsoft.Authorization/policyDefinitions","name":"361c2074-3595-4e5d-8cab-4f21dffc835c"}'
+ string: '{"properties":{"displayName":"Deploy default Microsoft IaaSAntimalware
+ extension for Windows Server","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy deploys a Microsoft IaaSAntimalware extension with a default configuration
+ when a VM is not configured with the antimalware extension.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk"]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"ExclusionsPaths":{"type":"string","defaultValue":"","metadata":{"description":"Semicolon
+ delimited list of file paths or locations to exclude from scanning"}},"ExclusionsExtensions":{"type":"string","defaultValue":"","metadata":{"description":"Semicolon
+ delimited list of file extensions to exclude from scanning"}},"ExclusionsProcesses":{"type":"string","defaultValue":"","metadata":{"description":"Semicolon
+ delimited list of process names to exclude from scanning"}},"RealtimeProtectionEnabled":{"type":"string","defaultValue":"true","metadata":{"description":"Indicates
+ whether or not real time protection is enabled (default is true)"}},"ScheduledScanSettingsIsEnabled":{"type":"string","defaultValue":"false","metadata":{"description":"Indicates
+ whether or not custom scheduled scan settings are enabled (default is false)"}},"ScheduledScanSettingsScanType":{"type":"string","defaultValue":"Quick","metadata":{"description":"Indicates
+ whether scheduled scan setting type is set to Quick or Full (default is Quick)"}},"ScheduledScanSettingsDay":{"type":"string","defaultValue":"7","metadata":{"description":"Day
+ of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)"}},"ScheduledScanSettingsTime":{"type":"string","defaultValue":"120","metadata":{"description":"When
+ to perform the scheduled scan, measured in minutes from midnight (0-1440).
+ For example: 0 = 12AM, 60 = 1AM, 120 = 2AM."}}},"resources":[{"name":"[concat(parameters(''vmName''),''/IaaSAntimalware'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2017-12-01","properties":{"publisher":"Microsoft.Azure.Security","type":"IaaSAntimalware","typeHandlerVersion":"1.3","autoUpgradeMinorVersion":true,"settings":{"AntimalwareEnabled":true,"RealtimeProtectionEnabled":"[parameters(''RealtimeProtectionEnabled'')]","ScheduledScanSettings":{"isEnabled":"[parameters(''ScheduledScanSettingsIsEnabled'')]","day":"[parameters(''ScheduledScanSettingsDay'')]","time":"[parameters(''ScheduledScanSettingsTime'')]","scanType":"[parameters(''ScheduledScanSettingsScanType'')]"},"Exclusions":{"Extensions":"[parameters(''ExclusionsExtensions'')]","Paths":"[parameters(''ExclusionsPaths'')]","Processes":"[parameters(''ExclusionsProcesses'')]"}}}}]},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"RealtimeProtectionEnabled":{"value":"true"},"ScheduledScanSettingsIsEnabled":{"value":"true"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc","type":"Microsoft.Authorization/policyDefinitions","name":"2835b622-407b-4114-9198-6f7064cbe0dc"}'
headers:
cache-control:
- no-cache
content-length:
- - '1651'
+ - '4556'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:24 GMT
+ - Fri, 06 Dec 2019 22:04:25 GMT
expires:
- '-1'
pragma:
@@ -9848,16 +13065,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/29829ec2-489d-4925-81b7-bda06b1718e0?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''3657f5a0-770e-44a3-b44e-9431ba1e9735'' could not be found."}}'
+ ''29829ec2-489d-4925-81b7-bda06b1718e0'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -9866,7 +13083,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:23 GMT
+ - Fri, 06 Dec 2019 22:04:26 GMT
expires:
- '-1'
pragma:
@@ -9892,28 +13109,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/29829ec2-489d-4925-81b7-bda06b1718e0?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Automation account variables should be
- encrypted","policyType":"BuiltIn","mode":"All","description":"It is important
- to enable encryption of Automation account variable assets when storing sensitive
- data","metadata":{"category":"Automation"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Automation/automationAccounts/variables"},{"field":"Microsoft.Automation/automationAccounts/variables/isEncrypted","notEquals":"true"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","type":"Microsoft.Authorization/policyDefinitions","name":"3657f5a0-770e-44a3-b44e-9431ba1e9735"}'
+ string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
+ VMs configurations in ''Security Options - User Account Control''","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Windows virtual machines with non-compliant settings in Group Policy
+ category: ''Security Options - User Account Control''. For more information
+ on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsUserAccountControl","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/29829ec2-489d-4925-81b7-bda06b1718e0","type":"Microsoft.Authorization/policyDefinitions","name":"29829ec2-489d-4925-81b7-bda06b1718e0"}'
headers:
cache-control:
- no-cache
content-length:
- - '913'
+ - '2681'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:23 GMT
+ - Fri, 06 Dec 2019 22:04:27 GMT
expires:
- '-1'
pragma:
@@ -9943,16 +13163,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''36d49e87-48c4-4f2e-beed-ba4ed02b71f5'' could not be found."}}'
+ ''2a0e14a6-b0a6-4fab-991a-187a4f81c498'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -9961,7 +13181,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:24 GMT
+ - Fri, 06 Dec 2019 22:04:29 GMT
expires:
- '-1'
pragma:
@@ -9987,26 +13207,33 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Deploy Threat Detection on SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy ensures that Threat Detection is enabled on SQL Servers.","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/securityAlertPolicies.state","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"serverName":{"type":"string"}},"variables":{},"resources":[{"name":"[concat(parameters(''serverName''),
- ''/Default'')]","type":"Microsoft.Sql/servers/securityAlertPolicies","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","emailAccountAdmins":true}}]},"parameters":{"serverName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5","type":"Microsoft.Authorization/policyDefinitions","name":"36d49e87-48c4-4f2e-beed-ba4ed02b71f5"}'
+ string: '{"properties":{"displayName":"Append tag and its default value","policyType":"BuiltIn","mode":"Indexed","description":"Appends
+ the specified tag and value when any resource which is missing this tag is
+ created or updated. Does not modify the tags of resources created before this
+ policy was applied until those resources are changed. Does not apply to resource
+ groups. New ''modify'' effect policies are available that support remediation
+ of tags on existing resources (see https://aka.ms/modifydoc).","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
+ Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","exists":"false"},"then":{"effect":"append","details":[{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498","type":"Microsoft.Authorization/policyDefinitions","name":"2a0e14a6-b0a6-4fab-991a-187a4f81c498"}'
headers:
cache-control:
- no-cache
content-length:
- - '1349'
+ - '1212'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:24 GMT
+ - Fri, 06 Dec 2019 22:04:29 GMT
expires:
- '-1'
pragma:
@@ -10036,16 +13263,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/36e17963-7202-494a-80c3-f508211c826b?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''36e17963-7202-494a-80c3-f508211c826b'' could not be found."}}'
+ ''2b9ad585-36bc-4615-b300-fd4435808332'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -10054,7 +13281,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:24 GMT
+ - Fri, 06 Dec 2019 22:04:30 GMT
expires:
- '-1'
pragma:
@@ -10080,69 +13307,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/36e17963-7202-494a-80c3-f508211c826b?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
- Windows VMs configurations in ''Security Options - Network Security''","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Windows virtual machines
- with non-compliant settings in Group Policy category: ''Security Options -
- Network Security''. It also creates a system-assigned managed identity and
- deploys the VM extension for Guest Configuration. This policy should only
- be used along with its corresponding audit policy in an initiative. For more
- information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"NetworkSecurityConfigureEncryptionTypesAllowedForKerberos":{"type":"String","metadata":{"displayName":"Network
- Security: Configure encryption types allowed for Kerberos","description":"Specifies
- the encryption types that Kerberos is allowed to use."},"defaultValue":"2147483644"},"NetworkSecurityLANManagerAuthenticationLevel":{"type":"String","metadata":{"displayName":"Network
- security: LAN Manager authentication level","description":"Specify which challenge-response
- authentication protocol is used for network logons. This choice affects the
- level of authentication protocol used by clients, the level of session security
- negotiated, and the level of authentication accepted by servers."},"defaultValue":"5"},"NetworkSecurityLDAPClientSigningRequirements":{"type":"String","metadata":{"displayName":"Network
- security: LDAP client signing requirements","description":"Specify the level
- of data signing that is requested on behalf of clients that issue LDAP BIND
- requests."},"defaultValue":"1"},"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients":{"type":"String","metadata":{"displayName":"Network
- security: Minimum session security for NTLM SSP based (including secure RPC)
- clients","description":"Specifies which behaviors are allowed by clients for
- applications using the NTLM Security Support Provider (SSP). The SSP Interface
- (SSPI) is used by applications that need authentication services. See https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers
- for more information."},"defaultValue":"537395200"},"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers":{"type":"String","metadata":{"displayName":"Network
- security: Minimum session security for NTLM SSP based (including secure RPC)
- servers","description":"Specifies which behaviors are allowed by servers for
- applications using the NTLM Security Support Provider (SSP). The SSP Interface
- (SSPI) is used by applications that need authentication services."},"defaultValue":"537395200"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsNetworkSecurity","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''Network
- Security: Configure encryption types allowed for Kerberos;ExpectedValue'',
- ''='', parameters(''NetworkSecurityConfigureEncryptionTypesAllowedForKerberos''),
- '','', ''Network security: LAN Manager authentication level;ExpectedValue'',
- ''='', parameters(''NetworkSecurityLANManagerAuthenticationLevel''), '','',
- ''Network security: LDAP client signing requirements;ExpectedValue'', ''='',
- parameters(''NetworkSecurityLDAPClientSigningRequirements''), '','', ''Network
- security: Minimum session security for NTLM SSP based (including secure RPC)
- clients;ExpectedValue'', ''='', parameters(''NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients''),
- '','', ''Network security: Minimum session security for NTLM SSP based (including
- secure RPC) servers;ExpectedValue'', ''='', parameters(''NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsNetworkSecurity"},"NetworkSecurityConfigureEncryptionTypesAllowedForKerberos":{"value":"[parameters(''NetworkSecurityConfigureEncryptionTypesAllowedForKerberos'')]"},"NetworkSecurityLANManagerAuthenticationLevel":{"value":"[parameters(''NetworkSecurityLANManagerAuthenticationLevel'')]"},"NetworkSecurityLDAPClientSigningRequirements":{"value":"[parameters(''NetworkSecurityLDAPClientSigningRequirements'')]"},"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients":{"value":"[parameters(''NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients'')]"},"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers":{"value":"[parameters(''NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"NetworkSecurityConfigureEncryptionTypesAllowedForKerberos":{"type":"string"},"NetworkSecurityLANManagerAuthenticationLevel":{"type":"string"},"NetworkSecurityLDAPClientSigningRequirements":{"type":"string"},"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients":{"type":"string"},"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Network
- Security: Configure encryption types allowed for Kerberos;ExpectedValue","value":"[parameters(''NetworkSecurityConfigureEncryptionTypesAllowedForKerberos'')]"},{"name":"Network
- security: LAN Manager authentication level;ExpectedValue","value":"[parameters(''NetworkSecurityLANManagerAuthenticationLevel'')]"},{"name":"Network
- security: LDAP client signing requirements;ExpectedValue","value":"[parameters(''NetworkSecurityLDAPClientSigningRequirements'')]"},{"name":"Network
- security: Minimum session security for NTLM SSP based (including secure RPC)
- clients;ExpectedValue","value":"[parameters(''NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients'')]"},{"name":"Network
- security: Minimum session security for NTLM SSP based (including secure RPC)
- servers;ExpectedValue","value":"[parameters(''NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36e17963-7202-494a-80c3-f508211c826b","type":"Microsoft.Authorization/policyDefinitions","name":"36e17963-7202-494a-80c3-f508211c826b"}'
+ string: '{"properties":{"displayName":"Managed identity should be used in your
+ Web App","policyType":"BuiltIn","mode":"Indexed","description":"Use a managed
+ identity for enhanced authentication security","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332","type":"Microsoft.Authorization/policyDefinitions","name":"2b9ad585-36bc-4615-b300-fd4435808332"}'
headers:
cache-control:
- no-cache
content-length:
- - '9632'
+ - '966'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:25 GMT
+ - Fri, 06 Dec 2019 22:04:31 GMT
expires:
- '-1'
pragma:
@@ -10172,16 +13358,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3750712b-43d0-478e-9966-d2c26f6141b9?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''3750712b-43d0-478e-9966-d2c26f6141b9'' could not be found."}}'
+ ''2c89a2e5-7285-40fe-afe0-ae8654b92fb2'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -10190,7 +13376,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:26 GMT
+ - Fri, 06 Dec 2019 22:04:33 GMT
expires:
- '-1'
pragma:
@@ -10216,34 +13402,26 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/3750712b-43d0-478e-9966-d2c26f6141b9?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
- Windows VMs configurations in ''Security Options - Interactive Logon''","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Windows virtual machines
- with non-compliant settings in Group Policy category: ''Security Options -
- Interactive Logon''. It also creates a system-assigned managed identity and
- deploys the VM extension for Guest Configuration. This policy should only
- be used along with its corresponding audit policy in an initiative. For more
- information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsInteractiveLogon","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsInteractiveLogon"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3750712b-43d0-478e-9966-d2c26f6141b9","type":"Microsoft.Authorization/policyDefinitions","name":"3750712b-43d0-478e-9966-d2c26f6141b9"}'
+ string: '{"properties":{"displayName":"Unattached disks should be encrypted","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any unattached disk without encryption enabled.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/disks"},{"field":"Microsoft.Compute/disks/diskState","equals":"Unattached"},{"anyOf":[{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","exists":"false"},{"field":"Microsoft.Compute/disks/encryptionSettingsCollection.enabled","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2","type":"Microsoft.Authorization/policyDefinitions","name":"2c89a2e5-7285-40fe-afe0-ae8654b92fb2"}'
headers:
cache-control:
- no-cache
content-length:
- - '4392'
+ - '1007'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:26 GMT
+ - Fri, 06 Dec 2019 22:04:33 GMT
expires:
- '-1'
pragma:
@@ -10273,16 +13451,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/2d21331d-a4c2-4def-a9ad-ee4e1e023beb?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''37e0d2fe-28a5-43d6-a273-67d37d1f5606'' could not be found."}}'
+ ''2d21331d-a4c2-4def-a9ad-ee4e1e023beb'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -10291,7 +13469,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:26 GMT
+ - Fri, 06 Dec 2019 22:04:35 GMT
expires:
- '-1'
pragma:
@@ -10317,31 +13495,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/2d21331d-a4c2-4def-a9ad-ee4e1e023beb?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Storage accounts should be migrated to
- new Azure Resource Manager resources","policyType":"BuiltIn","mode":"All","description":"Use
- new Azure Resource Manager for your storage accounts to provide security enhancements
- such as: stronger access control (RBAC), better auditing, Azure Resource Manager
- based deployment and governance, access to managed identities, access to key
- vault for secrets, Azure AD-based authentication and support for tags and
- resource groups for easier security management","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.classicStorage/storageAccounts"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","type":"Microsoft.Authorization/policyDefinitions","name":"37e0d2fe-28a5-43d6-a273-67d37d1f5606"}'
+ string: '{"properties":{"displayName":"App Service should use a virtual network
+ service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any App Service not configured to use a virtual network service
+ endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/virtualNetworkConnections","existenceCondition":{"field":"Microsoft.Web/sites/virtualnetworkconnections/vnetResourceId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d21331d-a4c2-4def-a9ad-ee4e1e023beb","type":"Microsoft.Authorization/policyDefinitions","name":"2d21331d-a4c2-4def-a9ad-ee4e1e023beb"}'
headers:
cache-control:
- no-cache
content-length:
- - '1128'
+ - '1020'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:26 GMT
+ - Fri, 06 Dec 2019 22:04:35 GMT
expires:
- '-1'
pragma:
@@ -10371,16 +13546,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''383856f8-de7f-44a2-81fc-e5135b5c2aa4'' could not be found."}}'
+ ''2d60d3b7-aa10-454c-88a8-de39d99d17c6'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -10389,7 +13564,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:27 GMT
+ - Fri, 06 Dec 2019 22:04:36 GMT
expires:
- '-1'
pragma:
@@ -10415,31 +13590,30 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Diagnostic logs in IoT Hub should be
- enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit enabling
- of diagnostic logs. This enables you to recreate activity trails to use for
- investigation purposes; when a security incident occurs or when your network
- is compromised","metadata":{"category":"Internet of Things"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
- retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Devices/IotHubs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","type":"Microsoft.Authorization/policyDefinitions","name":"383856f8-de7f-44a2-81fc-e5135b5c2aa4"}'
+ string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
+ VMs that do not store passwords using reversible encryption","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Windows virtual machines that do not store passwords using reversible
+ encryption. For more information on Guest Configuration policies, please visit
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"StorePasswordsUsingReversibleEncryption","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6","type":"Microsoft.Authorization/policyDefinitions","name":"2d60d3b7-aa10-454c-88a8-de39d99d17c6"}'
headers:
cache-control:
- no-cache
content-length:
- - '1785'
+ - '2779'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:27 GMT
+ - Fri, 06 Dec 2019 22:04:36 GMT
expires:
- '-1'
pragma:
@@ -10469,16 +13643,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''3965c43d-b5f4-482e-b74a-d89ee0e0b3a8'' could not be found."}}'
+ ''2d67222d-05fd-4526-a171-2ee132ad9e83'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -10487,7 +13661,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:27 GMT
+ - Fri, 06 Dec 2019 22:04:38 GMT
expires:
- '-1'
pragma:
@@ -10513,29 +13687,30 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Advanced data security settings for SQL
- managed instance should contain an email address to receive security alerts","policyType":"BuiltIn","mode":"Indexed","description":"Ensure
- that an email address is provided for the ''Send alerts to'' field in the
- Advanced Data Security server settings. This email address receives alert
- notifications when anomalous activities are detected on SQL managed instances.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","notEquals":""},{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","type":"Microsoft.Authorization/policyDefinitions","name":"3965c43d-b5f4-482e-b74a-d89ee0e0b3a8"}'
+ string: '{"properties":{"displayName":"[Preview]: Show audit results from Linux
+ VMs that allow remote connections from accounts without passwords","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Linux virtual machines that allow remote connections from accounts
+ without passwords. For more information on Guest Configuration policies, please
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","type":"Microsoft.Authorization/policyDefinitions","name":"2d67222d-05fd-4526-a171-2ee132ad9e83"}'
headers:
cache-control:
- no-cache
content-length:
- - '1325'
+ - '3214'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:27 GMT
+ - Fri, 06 Dec 2019 22:04:39 GMT
expires:
- '-1'
pragma:
@@ -10565,16 +13740,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/2f2ee1de-44aa-4762-b6bd-0893fc3f306d?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''3abeb944-26af-43ee-b83d-32aaf060fb94'' could not be found."}}'
+ ''2f2ee1de-44aa-4762-b6bd-0893fc3f306d'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -10583,7 +13758,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:27 GMT
+ - Fri, 06 Dec 2019 22:04:39 GMT
expires:
- '-1'
pragma:
@@ -10609,30 +13784,30 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/2f2ee1de-44aa-4762-b6bd-0893fc3f306d?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Pod Security Policies should
- be defined on Kubernetes Services","policyType":"BuiltIn","mode":"All","description":"Define
- Pod Security Policies to reduce the attack vector by removing unnecessary
- application privileges. It is recommended to configure Pod Security Policies
- to only allow pods to access the resources which they have permissions to
- access.","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","exists":"false"},{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94","type":"Microsoft.Authorization/policyDefinitions","name":"3abeb944-26af-43ee-b83d-32aaf060fb94"}'
+ string: '{"properties":{"displayName":"[Preview]: Network traffic data collection
+ agent should be installed on Windows virtual machines","policyType":"BuiltIn","mode":"Indexed","description":"Security
+ Center uses the Microsoft Monitoring Dependency Agent to collect network traffic
+ data from your Azure virtual machines to enable advanced network protection
+ features such as traffic visualization on the network map, network hardening
+ recommendations and specific network threats.","metadata":{"category":"Monitoring","preview":"true"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable Dependency Agent for Windows VMs monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2f2ee1de-44aa-4762-b6bd-0893fc3f306d","type":"Microsoft.Authorization/policyDefinitions","name":"2f2ee1de-44aa-4762-b6bd-0893fc3f306d"}'
headers:
cache-control:
- no-cache
content-length:
- - '1199'
+ - '4043'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:27 GMT
+ - Fri, 06 Dec 2019 22:04:40 GMT
expires:
- '-1'
pragma:
@@ -10662,16 +13837,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''3be22e3b-d919-47aa-805e-8985dbeb0ad9'' could not be found."}}'
+ ''2fde8a98-6892-426a-83ba-050e640c0ce0'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -10680,7 +13855,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:28 GMT
+ - Fri, 06 Dec 2019 22:04:41 GMT
expires:
- '-1'
pragma:
@@ -10706,34 +13881,29 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy Dependency Agent for
- Windows VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
- Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the
- list defined and the agent is not installed. The list of OS images will be
- updated over time as support is updated. Note: if your scale set upgradePolicy
- is set to Manual, you need to apply the extension to the all VMs in the set
- by calling upgrade on them. In CLI this would be az vmss update-instances.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional:
- List of VM images that have supported Windows OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentWindows","vmExtensionTypeHandlerVersion":"9.7"},"resources":[{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","name":"[concat(parameters(''vmName''),
- ''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9","type":"Microsoft.Authorization/policyDefinitions","name":"3be22e3b-d919-47aa-805e-8985dbeb0ad9"}'
+ string: '{"properties":{"displayName":"[Deprecated]: Web Application should
+ only be accessible over HTTPS","policyType":"BuiltIn","mode":"All","description":"Use
+ of HTTPS ensures server/service authentication and protects data in transit
+ from network layer eavesdropping attacks.","metadata":{"category":"Security
+ Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForWebApplication","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0","type":"Microsoft.Authorization/policyDefinitions","name":"2fde8a98-6892-426a-83ba-050e640c0ce0"}'
headers:
cache-control:
- no-cache
content-length:
- - '5386'
+ - '1247'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:29 GMT
+ - Fri, 06 Dec 2019 22:04:42 GMT
expires:
- '-1'
pragma:
@@ -10763,16 +13933,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/30040dab-4e75-4456-8273-14b8f75d91d9?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''3c1b3629-c8f8-4bf6-862c-037cb9094038'' could not be found."}}'
+ ''30040dab-4e75-4456-8273-14b8f75d91d9'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -10781,7 +13951,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:28 GMT
+ - Fri, 06 Dec 2019 22:04:43 GMT
expires:
- '-1'
pragma:
@@ -10807,40 +13977,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/30040dab-4e75-4456-8273-14b8f75d91d9?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy Log Analytics Agent
- for Windows VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
- Log Analytics Agent for Windows VM Scale Sets if the VM Image (OS) is in the
- list defined and the agent is not installed. The list of OS images will be
- updated over time as support is updated. Note: if your scale set upgradePolicy
- is set to Manual, you need to apply the extension to the all VMs in the set
- by calling upgrade on them. In CLI this would be az vmss update-instances.","metadata":{"category":"Monitoring"},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log
- Analytics workspace","description":"Select Log Analytics workspace from dropdown
- list. If this workspace is outside of the scope of the assignment you must
- manually grant ''Log Analytics Contributor'' permissions (or similar) to the
- policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional:
- List of VM images that have supported Windows OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293","/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"MicrosoftMonitoringAgent"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"MicrosoftMonitoringAgent","vmExtensionTypeHandlerVersion":"1.0"},"resources":[{"name":"[concat(parameters(''vmName''),
- ''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachineScaleSets/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
- ''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
- ''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038","type":"Microsoft.Authorization/policyDefinitions","name":"3c1b3629-c8f8-4bf6-862c-037cb9094038"}'
+ string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
+ VMs configurations in ''Security Options - Network Access''","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Windows virtual machines with non-compliant settings in Group Policy
+ category: ''Security Options - Network Access''. For more information on Guest
+ Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsNetworkAccess","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/30040dab-4e75-4456-8273-14b8f75d91d9","type":"Microsoft.Authorization/policyDefinitions","name":"30040dab-4e75-4456-8273-14b8f75d91d9"}'
headers:
cache-control:
- no-cache
content-length:
- - '6182'
+ - '2664'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:28 GMT
+ - Fri, 06 Dec 2019 22:04:44 GMT
expires:
- '-1'
pragma:
@@ -10870,16 +14031,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/315c850a-272d-4502-8935-b79010405970?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4'' could not be found."}}'
+ ''315c850a-272d-4502-8935-b79010405970'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -10888,7 +14049,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:29 GMT
+ - Fri, 06 Dec 2019 22:04:45 GMT
expires:
- '-1'
pragma:
@@ -10914,28 +14075,41 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/315c850a-272d-4502-8935-b79010405970?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Vulnerabilities in security configuration
- on your virtual machine scale sets should be remediated","policyType":"BuiltIn","mode":"Indexed","description":"Audit
- the OS vulnerabilities on your virtual machine scale sets to protect them
- from attacks.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OsVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","type":"Microsoft.Authorization/policyDefinitions","name":"3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4"}'
+ string: '{"properties":{"displayName":"Deploy prerequisites to audit Windows
+ VMs that are not joined to the specified domain","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Windows virtual machines
+ that are not joined to the specified domain. It also creates a system-assigned
+ managed identity and deploys the VM extension for Guest Configuration. This
+ policy should only be used along with its corresponding audit policy in an
+ initiative. For more information on Guest Configuration policies, please visit
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"DomainName":{"type":"String","metadata":{"displayName":"Domain
+ Name (FQDN)","description":"The fully qualified domain name (FQDN) that the
+ Windows VMs should be joined to"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDomainMembership","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[DomainMembership]WindowsDomainMembership;DomainName'',
+ ''='', parameters(''DomainName'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDomainMembership"},"DomainName":{"value":"[parameters(''DomainName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"DomainName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[DomainMembership]WindowsDomainMembership;DomainName","value":"[parameters(''DomainName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[DomainMembership]WindowsDomainMembership;DomainName","value":"[parameters(''DomainName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/315c850a-272d-4502-8935-b79010405970","type":"Microsoft.Authorization/policyDefinitions","name":"315c850a-272d-4502-8935-b79010405970"}'
headers:
cache-control:
- no-cache
content-length:
- - '1072'
+ - '5979'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:29 GMT
+ - Fri, 06 Dec 2019 22:04:45 GMT
expires:
- '-1'
pragma:
@@ -10965,16 +14139,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3d7b154e-2700-4c8c-9e46-cb65ac1578c2?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''3d7b154e-2700-4c8c-9e46-cb65ac1578c2'' could not be found."}}'
+ ''32133ab0-ee4b-4b44-98d6-042180979d50'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -10983,7 +14157,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:30 GMT
+ - Fri, 06 Dec 2019 22:04:46 GMT
expires:
- '-1'
pragma:
@@ -11009,31 +14183,32 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/3d7b154e-2700-4c8c-9e46-cb65ac1578c2?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
- VMs configurations in ''Security Options - Devices''","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines with non-compliant settings in Group Policy
- category: ''Security Options - Devices''. For more information on Guest Configuration
- policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsDevices","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d7b154e-2700-4c8c-9e46-cb65ac1578c2","type":"Microsoft.Authorization/policyDefinitions","name":"3d7b154e-2700-4c8c-9e46-cb65ac1578c2"}'
+ string: '{"properties":{"displayName":"[Preview]: Audit Log Analytics Agent
+ Deployment - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports
+ VMs as non-compliant if the VM Image (OS) is not in the list defined and the
+ agent is not installed. The list of OS images will be updated over time as
+ support is updated.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude_windows":{"type":"Array","metadata":{"displayName":"Optional:
+ List of VM images that have supported Windows OS to add to scope","description":"Example
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
+ List of VM images that have supported Linux OS to add to scope","description":"Example
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","type":"Microsoft.Authorization/policyDefinitions","name":"32133ab0-ee4b-4b44-98d6-042180979d50"}'
headers:
cache-control:
- no-cache
content-length:
- - '2644'
+ - '5925'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:30 GMT
+ - Fri, 06 Dec 2019 22:04:47 GMT
expires:
- '-1'
pragma:
@@ -11063,16 +14238,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/32b1e4d4-6cd5-47b4-a935-169da8a5c262?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''3d8640fc-63f6-4734-8dcb-cfd3d8c78f38'' could not be found."}}'
+ ''32b1e4d4-6cd5-47b4-a935-169da8a5c262'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -11081,7 +14256,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:30 GMT
+ - Fri, 06 Dec 2019 22:04:48 GMT
expires:
- '-1'
pragma:
@@ -11107,34 +14282,42 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/32b1e4d4-6cd5-47b4-a935-169da8a5c262?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Deploy default Log Analytics Agent for
- Ubuntu VMs","policyType":"BuiltIn","mode":"Indexed","description":"This policy
- deploys the Log Analytics Agent on Ubuntu VMs, and connects to the selected
- Log Analytics workspace","metadata":{"category":"Compute","deprecated":true},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log
- Analytics workspace","description":"Select Log Analytics workspace from dropdown
- list. If this workspace is outside of the scope of the assignment you must
- manually grant ''Log Analytics Contributor'' permissions (or similar) to the
- policy assignment''s principal ID.","strongType":"omsWorkspace"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS","16.04-LTS","16.04.0-LTS","14.04.2-LTS","12.04.5-LTS"]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"OmsAgentForLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"resources":[{"name":"[concat(parameters(''vmName''),''/omsPolicy'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2017-12-01","properties":{"publisher":"Microsoft.EnterpriseCloud.Monitoring","type":"OmsAgentForLinux","typeHandlerVersion":"1.4","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
- ''2015-03-20'').customerId]"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
- ''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- monitoring for Linux VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38","type":"Microsoft.Authorization/policyDefinitions","name":"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38"}'
+ string: '{"properties":{"displayName":"Deploy prerequisites to audit Windows
+ VMs on which the specified services are not installed and ''Running''","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Windows virtual machines
+ on which the specified services are not installed and ''Running''. It also
+ creates a system-assigned managed identity and deploys the VM extension for
+ Guest Configuration. This policy should only be used along with its corresponding
+ audit policy in an initiative. For more information on Guest Configuration
+ policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"ServiceName":{"type":"String","metadata":{"displayName":"Service
+ names (supports wildcards)","description":"A semicolon-separated list of the
+ names of the services that should be installed and ''Running''. e.g. ''WinRm;Wi*''"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsServiceStatus","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[WindowsServiceStatus]WindowsServiceStatus1;ServiceName'',
+ ''='', parameters(''ServiceName'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsServiceStatus"},"ServiceName":{"value":"[parameters(''ServiceName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ServiceName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsServiceStatus]WindowsServiceStatus1;ServiceName","value":"[parameters(''ServiceName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsServiceStatus]WindowsServiceStatus1;ServiceName","value":"[parameters(''ServiceName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32b1e4d4-6cd5-47b4-a935-169da8a5c262","type":"Microsoft.Authorization/policyDefinitions","name":"32b1e4d4-6cd5-47b4-a935-169da8a5c262"}'
headers:
cache-control:
- no-cache
content-length:
- - '2759'
+ - '6078'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:30 GMT
+ - Fri, 06 Dec 2019 22:04:49 GMT
expires:
- '-1'
pragma:
@@ -11164,16 +14347,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3e596b57-105f-48a6-be97-03e9243bad6e?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''3e596b57-105f-48a6-be97-03e9243bad6e'' could not be found."}}'
+ ''3470477a-b35a-49db-aca5-1073d04524fe'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -11182,7 +14365,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:30 GMT
+ - Fri, 06 Dec 2019 22:04:50 GMT
expires:
- '-1'
pragma:
@@ -11208,27 +14391,38 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/3e596b57-105f-48a6-be97-03e9243bad6e?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Azure Monitor solution ''Security and
- Audit'' must be deployed","policyType":"BuiltIn","mode":"All","description":"This
- policy ensures that Security and Audit is deployed.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.OperationsManagement/solutions","existenceCondition":{"allOf":[{"field":"Microsoft.OperationsManagement/solutions/provisioningState","equals":"Succeeded"},{"field":"name","like":"Security(*)"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3e596b57-105f-48a6-be97-03e9243bad6e","type":"Microsoft.Authorization/policyDefinitions","name":"3e596b57-105f-48a6-be97-03e9243bad6e"}'
+ string: '{"properties":{"displayName":"[Preview]: Deploy prerequisites to audit
+ Linux VMs that have accounts without passwords","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Linux virtual machines
+ that have accounts without passwords. It also creates a system-assigned managed
+ identity and deploys the VM extension for Guest Configuration. This policy
+ should only be used along with its corresponding audit policy in an initiative.
+ For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid232","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid232"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","type":"Microsoft.Authorization/policyDefinitions","name":"3470477a-b35a-49db-aca5-1073d04524fe"}'
headers:
cache-control:
- no-cache
content-length:
- - '1005'
+ - '5660'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:30 GMT
+ - Fri, 06 Dec 2019 22:04:51 GMT
expires:
- '-1'
pragma:
@@ -11258,16 +14452,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''3fe37002-5d00-4b37-a301-da09e3a0ca66'' could not be found."}}'
+ ''34c877ad-507e-4c82-993e-3452a6e0ad3c'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -11276,7 +14470,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:31 GMT
+ - Fri, 06 Dec 2019 22:04:51 GMT
expires:
- '-1'
pragma:
@@ -11302,29 +14496,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Deprecated]: Audit API Applications
- that are not using latest supported PHP Framework","policyType":"BuiltIn","mode":"All","description":"Use
- the latest supported PHP version for the latest security classes. Using older
- classes and types can make your application vulnerable.","metadata":{"category":"Security
- Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66","type":"Microsoft.Authorization/policyDefinitions","name":"3fe37002-5d00-4b37-a301-da09e3a0ca66"}'
+ string: '{"properties":{"displayName":"Audit unrestricted network access to
+ storage accounts","policyType":"BuiltIn","mode":"Indexed","description":"Audit
+ unrestricted network access in your storage account firewall settings. Instead,
+ configure network rules so only applications from allowed networks can access
+ the storage account. To allow connections from specific internet or on-premise
+ clients, access can be granted to traffic from specific Azure virtual networks
+ or to public internet IP address ranges","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.defaultAction","equals":"Allow"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","type":"Microsoft.Authorization/policyDefinitions","name":"34c877ad-507e-4c82-993e-3452a6e0ad3c"}'
headers:
cache-control:
- no-cache
content-length:
- - '1198'
+ - '1158'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:32 GMT
+ - Fri, 06 Dec 2019 22:04:52 GMT
expires:
- '-1'
pragma:
@@ -11354,16 +14550,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''404c3081-a854-4457-ae30-26a93ef643f9'' could not be found."}}'
+ ''34f95f76-5386-4de7-b824-0d8478470c9d'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -11372,7 +14568,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:32 GMT
+ - Fri, 06 Dec 2019 22:04:53 GMT
expires:
- '-1'
pragma:
@@ -11398,31 +14594,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Secure transfer to storage accounts should
- be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit requirment
- of Secure transfer in your storage account. Secure transfer is an option that
- forces your storage account to accept requests only from secure connections
- (HTTPS). Use of HTTPS ensures authentication between the server and the service
- and protects data in transit from network layer attacks such as man-in-the-middle,
- eavesdropping, and session-hijacking","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","type":"Microsoft.Authorization/policyDefinitions","name":"404c3081-a854-4457-ae30-26a93ef643f9"}'
+ string: '{"properties":{"displayName":"Diagnostic logs in Logic Apps should
+ be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit enabling
+ of diagnostic logs. This enables you to recreate activity trails to use for
+ investigation purposes; when a security incident occurs or when your network
+ is compromised","metadata":{"category":"Logic Apps"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (days)","description":"The required diagnostic logs retention in
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","type":"Microsoft.Authorization/policyDefinitions","name":"34f95f76-5386-4de7-b824-0d8478470c9d"}'
headers:
cache-control:
- no-cache
content-length:
- - '1212'
+ - '1780'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:32 GMT
+ - Fri, 06 Dec 2019 22:04:54 GMT
expires:
- '-1'
pragma:
@@ -11452,16 +14648,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/40917425-69db-4018-8dae-2a0556cef899?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''40917425-69db-4018-8dae-2a0556cef899'' could not be found."}}'
+ ''356a906e-05e5-4625-8729-90771e0ee934'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -11470,7 +14666,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:32 GMT
+ - Fri, 06 Dec 2019 22:04:55 GMT
expires:
- '-1'
pragma:
@@ -11496,53 +14692,38 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/40917425-69db-4018-8dae-2a0556cef899?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
- Windows VMs configurations in ''Administrative Templates - System''","policyType":"BuiltIn","mode":"Indexed","description":"This
+ string: '{"properties":{"displayName":"[Preview]: Deploy prerequisites to audit
+ Windows VMs that do not have a maximum password age of 70 days","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
- with non-compliant settings in Group Policy category: ''Administrative Templates
- - System''. It also creates a system-assigned managed identity and deploys
- the VM extension for Guest Configuration. This policy should only be used
- along with its corresponding audit policy in an initiative. For more information
- on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"AlwaysUseClassicLogon":{"type":"String","metadata":{"displayName":"Always
- use classic logon","description":"Specifies whether to force the user to log
- on to the computer using the classic logon screen. This setting only works
- when the computer is not on a domain."},"defaultValue":"0"},"BootStartDriverInitializationPolicy":{"type":"String","metadata":{"displayName":"Boot-Start
- Driver Initialization Policy","description":"Specifies which boot-start drivers
- are initialized based on a classification determined by an Early Launch Antimalware
- boot-start driver."},"defaultValue":"3"},"EnableWindowsNTPClient":{"type":"String","metadata":{"displayName":"Enable
- Windows NTP Client","description":"Specifies whether the Windows NTP Client
- is enabled. Enabling the Windows NTP Client allows your computer to synchronize
- its computer clock with other NTP servers."},"defaultValue":"1"},"TurnOnConveniencePINSignin":{"type":"String","metadata":{"displayName":"Turn
- on convenience PIN sign-in","description":"Specifies whether a domain user
- can sign in using a convenience PIN."},"defaultValue":"0"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesSystem","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''Always
- use classic logon;ExpectedValue'', ''='', parameters(''AlwaysUseClassicLogon''),
- '','', ''Boot-Start Driver Initialization Policy;ExpectedValue'', ''='', parameters(''BootStartDriverInitializationPolicy''),
- '','', ''Enable Windows NTP Client;ExpectedValue'', ''='', parameters(''EnableWindowsNTPClient''),
- '','', ''Turn on convenience PIN sign-in;ExpectedValue'', ''='', parameters(''TurnOnConveniencePINSignin'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_AdministrativeTemplatesSystem"},"AlwaysUseClassicLogon":{"value":"[parameters(''AlwaysUseClassicLogon'')]"},"BootStartDriverInitializationPolicy":{"value":"[parameters(''BootStartDriverInitializationPolicy'')]"},"EnableWindowsNTPClient":{"value":"[parameters(''EnableWindowsNTPClient'')]"},"TurnOnConveniencePINSignin":{"value":"[parameters(''TurnOnConveniencePINSignin'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AlwaysUseClassicLogon":{"type":"string"},"BootStartDriverInitializationPolicy":{"type":"string"},"EnableWindowsNTPClient":{"type":"string"},"TurnOnConveniencePINSignin":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Always
- use classic logon;ExpectedValue","value":"[parameters(''AlwaysUseClassicLogon'')]"},{"name":"Boot-Start
- Driver Initialization Policy;ExpectedValue","value":"[parameters(''BootStartDriverInitializationPolicy'')]"},{"name":"Enable
- Windows NTP Client;ExpectedValue","value":"[parameters(''EnableWindowsNTPClient'')]"},{"name":"Turn
- on convenience PIN sign-in;ExpectedValue","value":"[parameters(''TurnOnConveniencePINSignin'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40917425-69db-4018-8dae-2a0556cef899","type":"Microsoft.Authorization/policyDefinitions","name":"40917425-69db-4018-8dae-2a0556cef899"}'
+ that do not have a maximum password age of 70 days. It also creates a system-assigned
+ managed identity and deploys the VM extension for Guest Configuration. This
+ policy should only be used along with its corresponding audit policy in an
+ initiative. For more information on Guest Configuration policies, please visit
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MaximumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","type":"Microsoft.Authorization/policyDefinitions","name":"356a906e-05e5-4625-8729-90771e0ee934"}'
headers:
cache-control:
- no-cache
content-length:
- - '7005'
+ - '5244'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:32 GMT
+ - Fri, 06 Dec 2019 22:04:56 GMT
expires:
- '-1'
pragma:
@@ -11572,16 +14753,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''41388f1c-2db0-4c25-95b2-35d7f5ccbfa9'' could not be found."}}'
+ ''358c20a6-3f9e-4f0e-97ff-c6ce485e2aac'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -11590,7 +14771,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:33 GMT
+ - Fri, 06 Dec 2019 22:04:56 GMT
expires:
- '-1'
pragma:
@@ -11616,28 +14797,29 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Azure Monitor should collect activity
- logs from all regions","policyType":"BuiltIn","mode":"All","description":"This
- policy audits the Azure Monitor log profile which does not export activities
- from all Azure supported regions including global.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiasoutheast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"brazilsouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francesouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japaneast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japanwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreasouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricanorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricawest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southeastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaenorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uksouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"ukwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"global"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","type":"Microsoft.Authorization/policyDefinitions","name":"41388f1c-2db0-4c25-95b2-35d7f5ccbfa9"}'
+ string: '{"properties":{"displayName":"CORS should not allow every resource
+ to access your API App","policyType":"BuiltIn","mode":"Indexed","description":"Cross-Origin
+ Resource Sharing (CORS) should not allow all domains to access your API app.
+ Allow only required domains to interact with your API app.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac","type":"Microsoft.Authorization/policyDefinitions","name":"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac"}'
headers:
cache-control:
- no-cache
content-length:
- - '4084'
+ - '1056'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:33 GMT
+ - Fri, 06 Dec 2019 22:04:57 GMT
expires:
- '-1'
pragma:
@@ -11667,16 +14849,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''428256e6-1fac-4f48-a757-df34c2b3336d'' could not be found."}}'
+ ''35f9c03a-cc27-418e-9c0c-539ff999d010'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -11685,7 +14867,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:33 GMT
+ - Fri, 06 Dec 2019 22:04:58 GMT
expires:
- '-1'
pragma:
@@ -11711,31 +14893,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Diagnostic logs in Batch accounts should
- be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit enabling
- of diagnostic logs. This enables you to recreate activity trails to use for
- investigation purposes; when a security incident occurs or when your network
- is compromised","metadata":{"category":"Batch"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
- retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Batch/batchAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","type":"Microsoft.Authorization/policyDefinitions","name":"428256e6-1fac-4f48-a757-df34c2b3336d"}'
+ string: '{"properties":{"displayName":"Gateway subnets should not be configured
+ with a network security group","policyType":"BuiltIn","mode":"All","description":"This
+ policy denies if a gateway subnet is configured with a network security group.
+ Assigning a network security group to a gateway subnet will cause the gateway
+ to stop functioning.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},{"field":"name","equals":"GatewaySubnet"},{"field":"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id","exists":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010","type":"Microsoft.Authorization/policyDefinitions","name":"35f9c03a-cc27-418e-9c0c-539ff999d010"}'
headers:
cache-control:
- no-cache
content-length:
- - '1783'
+ - '845'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:33 GMT
+ - Fri, 06 Dec 2019 22:04:59 GMT
expires:
- '-1'
pragma:
@@ -11765,16 +14944,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/42a07bbf-ffcf-459a-b4b1-30ecd118a505?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''42a07bbf-ffcf-459a-b4b1-30ecd118a505'' could not be found."}}'
+ ''361c2074-3595-4e5d-8cab-4f21dffc835c'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -11783,7 +14962,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:58 GMT
+ - Fri, 06 Dec 2019 22:05:00 GMT
expires:
- '-1'
pragma:
@@ -11809,40 +14988,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/42a07bbf-ffcf-459a-b4b1-30ecd118a505?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
- Windows VMs configurations in ''System Audit Policies - Detailed Tracking''","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Windows virtual machines
- with non-compliant settings in Group Policy category: ''System Audit Policies
- - Detailed Tracking''. It also creates a system-assigned managed identity
- and deploys the VM extension for Guest Configuration. This policy should only
- be used along with its corresponding audit policy in an initiative. For more
- information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"AuditProcessTermination":{"type":"String","metadata":{"displayName":"Audit
- Process Termination","description":"Specifies whether audit events are generated
- when a process has exited. Recommended for monitoring termination of critical
- processes."},"allowedValues":["No Auditing","Success","Failure","Success and
- Failure"],"defaultValue":"No Auditing"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesDetailedTracking","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''Audit
- Process Termination;ExpectedValue'', ''='', parameters(''AuditProcessTermination'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesDetailedTracking"},"AuditProcessTermination":{"value":"[parameters(''AuditProcessTermination'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AuditProcessTermination":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit
- Process Termination;ExpectedValue","value":"[parameters(''AuditProcessTermination'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/42a07bbf-ffcf-459a-b4b1-30ecd118a505","type":"Microsoft.Authorization/policyDefinitions","name":"42a07bbf-ffcf-459a-b4b1-30ecd118a505"}'
+ string: '{"properties":{"displayName":"Deploy Advanced Threat Protection on
+ Storage Accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy enables Advanced Threat Protection on Storage Accounts.","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Storage/storageAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"storageAccountName":{"type":"string"}},"resources":[{"apiVersion":"2019-01-01","type":"Microsoft.Storage/storageAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''storageAccountName''),
+ ''/Microsoft.Security/current'')]","properties":{"isEnabled":true}}]},"parameters":{"storageAccountName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c","type":"Microsoft.Authorization/policyDefinitions","name":"361c2074-3595-4e5d-8cab-4f21dffc835c"}'
headers:
cache-control:
- no-cache
content-length:
- - '5248'
+ - '1643'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:47:58 GMT
+ - Fri, 06 Dec 2019 22:05:00 GMT
expires:
- '-1'
pragma:
@@ -11872,16 +15039,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/437a1f8f-8552-47a8-8b12-a2fee3269dd5?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''437a1f8f-8552-47a8-8b12-a2fee3269dd5'' could not be found."}}'
+ ''3657f5a0-770e-44a3-b44e-9431ba1e9735'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -11890,7 +15057,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:48:01 GMT
+ - Fri, 06 Dec 2019 22:05:01 GMT
expires:
- '-1'
pragma:
@@ -11916,45 +15083,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/437a1f8f-8552-47a8-8b12-a2fee3269dd5?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
- Windows VMs configurations in ''Security Options - System settings''","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Windows virtual machines
- with non-compliant settings in Group Policy category: ''Security Options -
- System settings''. It also creates a system-assigned managed identity and
- deploys the VM extension for Guest Configuration. This policy should only
- be used along with its corresponding audit policy in an initiative. For more
- information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies":{"type":"String","metadata":{"displayName":"System
- settings: Use Certificate Rules on Windows Executables for Software Restriction
- Policies","description":"Specifies whether digital certificates are processed
- when software restriction policies are enabled and a user or process attempts
- to run software with an .exe file name extension. It enables or disables certificate
- rules (a type of software restriction policies rule). For certificate rules
- to take effect in software restriction policies, you must enable this policy
- setting."},"defaultValue":"1"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsSystemsettings","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''System
- settings: Use Certificate Rules on Windows Executables for Software Restriction
- Policies;ExpectedValue'', ''='', parameters(''SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsSystemsettings"},"SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies":{"value":"[parameters(''SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"System
- settings: Use Certificate Rules on Windows Executables for Software Restriction
- Policies;ExpectedValue","value":"[parameters(''SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/437a1f8f-8552-47a8-8b12-a2fee3269dd5","type":"Microsoft.Authorization/policyDefinitions","name":"437a1f8f-8552-47a8-8b12-a2fee3269dd5"}'
+ string: '{"properties":{"displayName":"Automation account variables should be
+ encrypted","policyType":"BuiltIn","mode":"All","description":"It is important
+ to enable encryption of Automation account variable assets when storing sensitive
+ data","metadata":{"category":"Automation"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Automation/automationAccounts/variables"},{"field":"Microsoft.Automation/automationAccounts/variables/isEncrypted","notEquals":"true"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","type":"Microsoft.Authorization/policyDefinitions","name":"3657f5a0-770e-44a3-b44e-9431ba1e9735"}'
headers:
cache-control:
- no-cache
content-length:
- - '5952'
+ - '913'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:48:03 GMT
+ - Fri, 06 Dec 2019 22:05:01 GMT
expires:
- '-1'
pragma:
@@ -11984,16 +15134,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''44452482-524f-4bf4-b852-0bff7cc4a3ed'' could not be found."}}'
+ ''36d49e87-48c4-4f2e-beed-ba4ed02b71f5'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -12002,7 +15152,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:48:06 GMT
+ - Fri, 06 Dec 2019 22:05:03 GMT
expires:
- '-1'
pragma:
@@ -12028,28 +15178,26 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Deprecated]: Monitor permissive network
- access in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Network
- Security Groups with too permissive rules will be monitored by Azure Security
- Center as recommendations","metadata":{"category":"Security Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"permissiveNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed","type":"Microsoft.Authorization/policyDefinitions","name":"44452482-524f-4bf4-b852-0bff7cc4a3ed"}'
+ string: '{"properties":{"displayName":"Deploy Threat Detection on SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy ensures that Threat Detection is enabled on SQL Servers.","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/securityAlertPolicies.state","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"serverName":{"type":"string"}},"variables":{},"resources":[{"name":"[concat(parameters(''serverName''),
+ ''/Default'')]","type":"Microsoft.Sql/servers/securityAlertPolicies","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","emailAccountAdmins":true}}]},"parameters":{"serverName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5","type":"Microsoft.Authorization/policyDefinitions","name":"36d49e87-48c4-4f2e-beed-ba4ed02b71f5"}'
headers:
cache-control:
- no-cache
content-length:
- - '1118'
+ - '1349'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:48:09 GMT
+ - Fri, 06 Dec 2019 22:05:03 GMT
expires:
- '-1'
pragma:
@@ -12079,16 +15227,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/36e17963-7202-494a-80c3-f508211c826b?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf'' could not be found."}}'
+ ''36e17963-7202-494a-80c3-f508211c826b'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -12097,7 +15245,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:48:17 GMT
+ - Fri, 06 Dec 2019 22:05:04 GMT
expires:
- '-1'
pragma:
@@ -12123,25 +15271,69 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/36e17963-7202-494a-80c3-f508211c826b?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Require SQL Server version 12.0","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy ensures all SQL servers use version 12.0","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers"},{"not":{"field":"Microsoft.Sql/servers/version","equals":"12.0"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf","type":"Microsoft.Authorization/policyDefinitions","name":"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf"}'
+ string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
+ Windows VMs configurations in ''Security Options - Network Security''","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Windows virtual machines
+ with non-compliant settings in Group Policy category: ''Security Options -
+ Network Security''. It also creates a system-assigned managed identity and
+ deploys the VM extension for Guest Configuration. This policy should only
+ be used along with its corresponding audit policy in an initiative. For more
+ information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"NetworkSecurityConfigureEncryptionTypesAllowedForKerberos":{"type":"String","metadata":{"displayName":"Network
+ Security: Configure encryption types allowed for Kerberos","description":"Specifies
+ the encryption types that Kerberos is allowed to use."},"defaultValue":"2147483644"},"NetworkSecurityLANManagerAuthenticationLevel":{"type":"String","metadata":{"displayName":"Network
+ security: LAN Manager authentication level","description":"Specify which challenge-response
+ authentication protocol is used for network logons. This choice affects the
+ level of authentication protocol used by clients, the level of session security
+ negotiated, and the level of authentication accepted by servers."},"defaultValue":"5"},"NetworkSecurityLDAPClientSigningRequirements":{"type":"String","metadata":{"displayName":"Network
+ security: LDAP client signing requirements","description":"Specify the level
+ of data signing that is requested on behalf of clients that issue LDAP BIND
+ requests."},"defaultValue":"1"},"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients":{"type":"String","metadata":{"displayName":"Network
+ security: Minimum session security for NTLM SSP based (including secure RPC)
+ clients","description":"Specifies which behaviors are allowed by clients for
+ applications using the NTLM Security Support Provider (SSP). The SSP Interface
+ (SSPI) is used by applications that need authentication services. See https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers
+ for more information."},"defaultValue":"537395200"},"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers":{"type":"String","metadata":{"displayName":"Network
+ security: Minimum session security for NTLM SSP based (including secure RPC)
+ servers","description":"Specifies which behaviors are allowed by servers for
+ applications using the NTLM Security Support Provider (SSP). The SSP Interface
+ (SSPI) is used by applications that need authentication services."},"defaultValue":"537395200"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsNetworkSecurity","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''Network
+ Security: Configure encryption types allowed for Kerberos;ExpectedValue'',
+ ''='', parameters(''NetworkSecurityConfigureEncryptionTypesAllowedForKerberos''),
+ '','', ''Network security: LAN Manager authentication level;ExpectedValue'',
+ ''='', parameters(''NetworkSecurityLANManagerAuthenticationLevel''), '','',
+ ''Network security: LDAP client signing requirements;ExpectedValue'', ''='',
+ parameters(''NetworkSecurityLDAPClientSigningRequirements''), '','', ''Network
+ security: Minimum session security for NTLM SSP based (including secure RPC)
+ clients;ExpectedValue'', ''='', parameters(''NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients''),
+ '','', ''Network security: Minimum session security for NTLM SSP based (including
+ secure RPC) servers;ExpectedValue'', ''='', parameters(''NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsNetworkSecurity"},"NetworkSecurityConfigureEncryptionTypesAllowedForKerberos":{"value":"[parameters(''NetworkSecurityConfigureEncryptionTypesAllowedForKerberos'')]"},"NetworkSecurityLANManagerAuthenticationLevel":{"value":"[parameters(''NetworkSecurityLANManagerAuthenticationLevel'')]"},"NetworkSecurityLDAPClientSigningRequirements":{"value":"[parameters(''NetworkSecurityLDAPClientSigningRequirements'')]"},"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients":{"value":"[parameters(''NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients'')]"},"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers":{"value":"[parameters(''NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"NetworkSecurityConfigureEncryptionTypesAllowedForKerberos":{"type":"string"},"NetworkSecurityLANManagerAuthenticationLevel":{"type":"string"},"NetworkSecurityLDAPClientSigningRequirements":{"type":"string"},"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients":{"type":"string"},"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Network
+ Security: Configure encryption types allowed for Kerberos;ExpectedValue","value":"[parameters(''NetworkSecurityConfigureEncryptionTypesAllowedForKerberos'')]"},{"name":"Network
+ security: LAN Manager authentication level;ExpectedValue","value":"[parameters(''NetworkSecurityLANManagerAuthenticationLevel'')]"},{"name":"Network
+ security: LDAP client signing requirements;ExpectedValue","value":"[parameters(''NetworkSecurityLDAPClientSigningRequirements'')]"},{"name":"Network
+ security: Minimum session security for NTLM SSP based (including secure RPC)
+ clients;ExpectedValue","value":"[parameters(''NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients'')]"},{"name":"Network
+ security: Minimum session security for NTLM SSP based (including secure RPC)
+ servers;ExpectedValue","value":"[parameters(''NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36e17963-7202-494a-80c3-f508211c826b","type":"Microsoft.Authorization/policyDefinitions","name":"36e17963-7202-494a-80c3-f508211c826b"}'
headers:
cache-control:
- no-cache
content-length:
- - '586'
+ - '9632'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:48:21 GMT
+ - Fri, 06 Dec 2019 22:05:04 GMT
expires:
- '-1'
pragma:
@@ -12171,16 +15363,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3750712b-43d0-478e-9966-d2c26f6141b9?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''46544d7b-1f0d-46f5-81da-5c1351de1b06'' could not be found."}}'
+ ''3750712b-43d0-478e-9966-d2c26f6141b9'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -12189,7 +15381,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:49:16 GMT
+ - Fri, 06 Dec 2019 22:05:05 GMT
expires:
- '-1'
pragma:
@@ -12215,29 +15407,34 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/3750712b-43d0-478e-9966-d2c26f6141b9?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Deprecated]: Audit Web Applications
- that are not using latest supported Python Framework","policyType":"BuiltIn","mode":"All","description":"Use
- the latest supported Python version for the latest security classes. Using
- older classes and types can make your application vulnerable.","metadata":{"category":"Security
- Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPython","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06","type":"Microsoft.Authorization/policyDefinitions","name":"46544d7b-1f0d-46f5-81da-5c1351de1b06"}'
+ string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
+ Windows VMs configurations in ''Security Options - Interactive Logon''","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Windows virtual machines
+ with non-compliant settings in Group Policy category: ''Security Options -
+ Interactive Logon''. It also creates a system-assigned managed identity and
+ deploys the VM extension for Guest Configuration. This policy should only
+ be used along with its corresponding audit policy in an initiative. For more
+ information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsInteractiveLogon","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsInteractiveLogon"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3750712b-43d0-478e-9966-d2c26f6141b9","type":"Microsoft.Authorization/policyDefinitions","name":"3750712b-43d0-478e-9966-d2c26f6141b9"}'
headers:
cache-control:
- no-cache
content-length:
- - '1207'
+ - '4392'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:49:17 GMT
+ - Fri, 06 Dec 2019 22:05:07 GMT
expires:
- '-1'
pragma:
@@ -12267,16 +15464,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''465f0161-0087-490a-9ad9-ad6217f4f43a'' could not be found."}}'
+ ''37e0d2fe-28a5-43d6-a273-67d37d1f5606'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -12285,7 +15482,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:49:59 GMT
+ - Fri, 06 Dec 2019 22:05:08 GMT
expires:
- '-1'
pragma:
@@ -12311,28 +15508,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Require automatic OS image patching on
- Virtual Machine Scale Sets","policyType":"BuiltIn","mode":"All","description":"This
- policy enforces enabling automatic OS image patching on Virtual Machine Scale
- Sets to always keep Virtual Machines secure by safely applying latest security
- patches every month.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgradePolicy.enableAutomaticOSUpgrade","notEquals":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade","notEquals":"True"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"465f0161-0087-490a-9ad9-ad6217f4f43a"}'
+ string: '{"properties":{"displayName":"Storage accounts should be migrated to
+ new Azure Resource Manager resources","policyType":"BuiltIn","mode":"All","description":"Use
+ new Azure Resource Manager for your storage accounts to provide security enhancements
+ such as: stronger access control (RBAC), better auditing, Azure Resource Manager
+ based deployment and governance, access to managed identities, access to key
+ vault for secrets, Azure AD-based authentication and support for tags and
+ resource groups for easier security management","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.ClassicStorage/storageAccounts","Microsoft.Storage/StorageAccounts"]},{"value":"[field(''type'')]","equals":"Microsoft.ClassicStorage/storageAccounts"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","type":"Microsoft.Authorization/policyDefinitions","name":"37e0d2fe-28a5-43d6-a273-67d37d1f5606"}'
headers:
cache-control:
- no-cache
content-length:
- - '947'
+ - '1254'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:50:00 GMT
+ - Fri, 06 Dec 2019 22:05:09 GMT
expires:
- '-1'
pragma:
@@ -12362,16 +15562,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''475aae12-b88a-4572-8b36-9b712b2b3a17'' could not be found."}}'
+ ''383856f8-de7f-44a2-81fc-e5135b5c2aa4'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -12380,7 +15580,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:50:03 GMT
+ - Fri, 06 Dec 2019 22:05:09 GMT
expires:
- '-1'
pragma:
@@ -12406,28 +15606,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Automatic provisioning of the Log Analytics
- monitoring agent should be enabled on your subscription","policyType":"BuiltIn","mode":"All","description":"Enable
- automatic provisioning of the Log Analytics monitoring agent in order to collect
- security data","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/autoProvisioningSettings","existenceCondition":{"field":"Microsoft.Security/autoProvisioningSettings/autoProvision","equals":"On"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17","type":"Microsoft.Authorization/policyDefinitions","name":"475aae12-b88a-4572-8b36-9b712b2b3a17"}'
+ string: '{"properties":{"displayName":"Diagnostic logs in IoT Hub should be
+ enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit enabling
+ of diagnostic logs. This enables you to recreate activity trails to use for
+ investigation purposes; when a security incident occurs or when your network
+ is compromised","metadata":{"category":"Internet of Things"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (days)","description":"The required diagnostic logs retention in
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Devices/IotHubs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4","type":"Microsoft.Authorization/policyDefinitions","name":"383856f8-de7f-44a2-81fc-e5135b5c2aa4"}'
headers:
cache-control:
- no-cache
content-length:
- - '1039'
+ - '1785'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:50:08 GMT
+ - Fri, 06 Dec 2019 22:05:10 GMT
expires:
- '-1'
pragma:
@@ -12457,16 +15660,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''47a6b606-51aa-4496-8bb7-64b11cf66adc'' could not be found."}}'
+ ''3965c43d-b5f4-482e-b74a-d89ee0e0b3a8'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -12475,7 +15678,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:50:09 GMT
+ - Fri, 06 Dec 2019 22:05:12 GMT
expires:
- '-1'
pragma:
@@ -12501,28 +15704,29 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Adaptive Application Controls should
- be enabled on virtual machines","policyType":"BuiltIn","mode":"All","description":"Possible
- Application Whitelist configuration will be monitored by Azure Security Center","metadata":{"category":"Security
- Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"applicationWhitelisting","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","type":"Microsoft.Authorization/policyDefinitions","name":"47a6b606-51aa-4496-8bb7-64b11cf66adc"}'
+ string: '{"properties":{"displayName":"Advanced data security settings for SQL
+ managed instance should contain an email address to receive security alerts","policyType":"BuiltIn","mode":"Indexed","description":"Ensure
+ that an email address is provided for the ''Send alerts to'' field in the
+ Advanced Data Security server settings. This email address receives alert
+ notifications when anomalous activities are detected on SQL managed instances.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","notEquals":""},{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8","type":"Microsoft.Authorization/policyDefinitions","name":"3965c43d-b5f4-482e-b74a-d89ee0e0b3a8"}'
headers:
cache-control:
- no-cache
content-length:
- - '1071'
+ - '1325'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:50:09 GMT
+ - Fri, 06 Dec 2019 22:05:12 GMT
expires:
- '-1'
pragma:
@@ -12552,16 +15756,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''48893b84-a2c8-4d9a-badf-835d5d1b7d53'' could not be found."}}'
+ ''399b2637-a50f-4f95-96f8-3a145476eb15'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -12570,7 +15774,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:50:24 GMT
+ - Fri, 06 Dec 2019 22:05:13 GMT
expires:
- '-1'
pragma:
@@ -12596,29 +15800,27 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Deprecated]: Audit IP restrictions configuration
- for an API App","policyType":"BuiltIn","mode":"All","description":"IP Restrictions
- allow you to define a list of IP addresses that are allowed to access your
- app. Use of IP Restrictions protects an API app from common attacks.","metadata":{"category":"Security
- Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53","type":"Microsoft.Authorization/policyDefinitions","name":"48893b84-a2c8-4d9a-badf-835d5d1b7d53"}'
+ string: '{"properties":{"displayName":"FTPS only should be required in your
+ Function App","policyType":"BuiltIn","mode":"Indexed","description":"Enable
+ FTPS enforcement for enhanced security","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/ftpsState","equals":"FtpsOnly"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15","type":"Microsoft.Authorization/policyDefinitions","name":"399b2637-a50f-4f95-96f8-3a145476eb15"}'
headers:
cache-control:
- no-cache
content-length:
- - '1209'
+ - '951'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:50:25 GMT
+ - Fri, 06 Dec 2019 22:05:13 GMT
expires:
- '-1'
pragma:
@@ -12648,16 +15850,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/498b810c-59cd-4222-9338-352ba146ccf3?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''498b810c-59cd-4222-9338-352ba146ccf3'' could not be found."}}'
+ ''3abeb944-26af-43ee-b83d-32aaf060fb94'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -12666,7 +15868,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:51:33 GMT
+ - Fri, 06 Dec 2019 22:05:14 GMT
expires:
- '-1'
pragma:
@@ -12692,39 +15894,30 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/498b810c-59cd-4222-9338-352ba146ccf3?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
- Windows VMs configurations in ''Security Options - Audit''","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Windows virtual machines
- with non-compliant settings in Group Policy category: ''Security Options -
- Audit''. It also creates a system-assigned managed identity and deploys the
- VM extension for Guest Configuration. This policy should only be used along
- with its corresponding audit policy in an initiative. For more information
- on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"type":"String","metadata":{"displayName":"Audit:
- Shut down system immediately if unable to log security audits","description":"Audits
- if the system will shut down when unable to log Security events."},"defaultValue":"0"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAudit","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''Audit:
- Shut down system immediately if unable to log security audits;ExpectedValue'',
- ''='', parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsAudit"},"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"value":"[parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit:
- Shut down system immediately if unable to log security audits;ExpectedValue","value":"[parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/498b810c-59cd-4222-9338-352ba146ccf3","type":"Microsoft.Authorization/policyDefinitions","name":"498b810c-59cd-4222-9338-352ba146ccf3"}'
+ string: '{"properties":{"displayName":"[Preview]: Pod Security Policies should
+ be defined on Kubernetes Services","policyType":"BuiltIn","mode":"All","description":"Define
+ Pod Security Policies to reduce the attack vector by removing unnecessary
+ application privileges. It is recommended to configure Pod Security Policies
+ to only allow pods to access the resources which they have permissions to
+ access.","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","exists":"false"},{"field":"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94","type":"Microsoft.Authorization/policyDefinitions","name":"3abeb944-26af-43ee-b83d-32aaf060fb94"}'
headers:
cache-control:
- no-cache
content-length:
- - '5371'
+ - '1199'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:51:33 GMT
+ - Fri, 06 Dec 2019 22:05:15 GMT
expires:
- '-1'
pragma:
@@ -12754,16 +15947,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''49c88fc8-6fd1-46fd-a676-f12d1d3a4c71'' could not be found."}}'
+ ''3be22e3b-d919-47aa-805e-8985dbeb0ad9'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -12772,7 +15965,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:51:50 GMT
+ - Fri, 06 Dec 2019 22:05:17 GMT
expires:
- '-1'
pragma:
@@ -12798,32 +15991,34 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Append tag and its default value to resource
- groups","policyType":"BuiltIn","mode":"All","description":"Appends the specified
- tag and value when any resource group which is missing this tag is created
- or updated. Does not modify the tags of resource groups created before this
- policy was applied until those resource groups are changed.","metadata":{"category":"General"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
- Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
- Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","exists":"false"},{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"}]},"then":{"effect":"append","details":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71","type":"Microsoft.Authorization/policyDefinitions","name":"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71"}'
+ string: '{"properties":{"displayName":"[Preview]: Deploy Dependency Agent for
+ Windows VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
+ Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the
+ list defined and the agent is not installed. The list of OS images will be
+ updated over time as support is updated. Note: if your scale set upgradePolicy
+ is set to Manual, you need to apply the extension to the all VMs in the set
+ by calling upgrade on them. In CLI this would be az vmss update-instances.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional:
+ List of VM images that have supported Windows OS to add to scope","description":"Example
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentWindows","vmExtensionTypeHandlerVersion":"9.7"},"resources":[{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","name":"[concat(parameters(''vmName''),
+ ''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
+ extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9","type":"Microsoft.Authorization/policyDefinitions","name":"3be22e3b-d919-47aa-805e-8985dbeb0ad9"}'
headers:
cache-control:
- no-cache
content-length:
- - '1172'
+ - '5386'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:51:53 GMT
+ - Fri, 06 Dec 2019 22:05:17 GMT
expires:
- '-1'
pragma:
@@ -12853,16 +16048,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''4d1c04de-2172-403f-901b-90608c35c721'' could not be found."}}'
+ ''3c1b3629-c8f8-4bf6-862c-037cb9094038'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -12871,7 +16066,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:51:53 GMT
+ - Fri, 06 Dec 2019 22:05:18 GMT
expires:
- '-1'
pragma:
@@ -12897,44 +16092,40 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Deploy prerequisites to audit Linux VMs
- that do not have the specified applications installed","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Linux virtual machines
- that do not have the specified applications installed. It also creates a system-assigned
- managed identity and deploys the VM extension for Guest Configuration. This
- policy should only be used along with its corresponding audit policy in an
- initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"ApplicationName":{"type":"String","metadata":{"displayName":"Application
- names","description":"A semicolon-separated list of the names of the applications
- that should be installed. e.g. ''python; powershell''"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"installed_application_linux","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent'',
- ''='', concat(''packages: ['', replace(parameters(''ApplicationName''), '';'',
- '',''), '']'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"installed_application_linux"},"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ApplicationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent","value":"[concat(''packages:
- ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent","value":"[concat(''packages:
- ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721","type":"Microsoft.Authorization/policyDefinitions","name":"4d1c04de-2172-403f-901b-90608c35c721"}'
+ string: '{"properties":{"displayName":"[Preview]: Deploy Log Analytics Agent
+ for Windows VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
+ Log Analytics Agent for Windows VM Scale Sets if the VM Image (OS) is in the
+ list defined and the agent is not installed. The list of OS images will be
+ updated over time as support is updated. Note: if your scale set upgradePolicy
+ is set to Manual, you need to apply the extension to the all VMs in the set
+ by calling upgrade on them. In CLI this would be az vmss update-instances.","metadata":{"category":"Monitoring"},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional:
+ List of VM images that have supported Windows OS to add to scope","description":"Example
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293","/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"MicrosoftMonitoringAgent"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"MicrosoftMonitoringAgent","vmExtensionTypeHandlerVersion":"1.0"},"resources":[{"name":"[concat(parameters(''vmName''),
+ ''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachineScaleSets/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
+ ''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
+ ''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
+ extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038","type":"Microsoft.Authorization/policyDefinitions","name":"3c1b3629-c8f8-4bf6-862c-037cb9094038"}'
headers:
cache-control:
- no-cache
content-length:
- - '6623'
+ - '6182'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:51:55 GMT
+ - Fri, 06 Dec 2019 22:05:19 GMT
expires:
- '-1'
pragma:
@@ -12964,16 +16155,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''4da21710-ce6f-4e06-8cdb-5cc4c93ffbee'' could not be found."}}'
+ ''3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -12982,7 +16173,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:52:40 GMT
+ - Fri, 06 Dec 2019 22:05:20 GMT
expires:
- '-1'
pragma:
@@ -13008,31 +16199,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy Dependency Agent for
- Linux VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy Dependency
- Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent
- is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional:
- List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''),
- ''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee","type":"Microsoft.Authorization/policyDefinitions","name":"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee"}'
+ string: '{"properties":{"displayName":"Vulnerabilities in security configuration
+ on your virtual machine scale sets should be remediated","policyType":"BuiltIn","mode":"Indexed","description":"Audit
+ the OS vulnerabilities on your virtual machine scale sets to protect them
+ from attacks.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OsVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4","type":"Microsoft.Authorization/policyDefinitions","name":"3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4"}'
headers:
cache-control:
- no-cache
content-length:
- - '4070'
+ - '1072'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:52:40 GMT
+ - Fri, 06 Dec 2019 22:05:21 GMT
expires:
- '-1'
pragma:
@@ -13062,16 +16250,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3d5da587-71bd-41f5-ac95-dd3330c2d58d?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''4f11b553-d42e-4e3a-89be-32ca364cad4c'' could not be found."}}'
+ ''3d5da587-71bd-41f5-ac95-dd3330c2d58d'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -13080,7 +16268,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:52:41 GMT
+ - Fri, 06 Dec 2019 22:05:21 GMT
expires:
- '-1'
pragma:
@@ -13106,37 +16294,50 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/3d5da587-71bd-41f5-ac95-dd3330c2d58d?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"A maximum of 3 owners should be designated
- for your subscription","policyType":"BuiltIn","mode":"All","description":"It
- is recommended to designate up to 3 subscription owners in order to reduce
- the potential for breach by a compromised owner.","metadata":{"category":"Security
- Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateLessThanXOwners","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","type":"Microsoft.Authorization/policyDefinitions","name":"4f11b553-d42e-4e3a-89be-32ca364cad4c"}'
+ string: '{"properties":{"displayName":"Deploy Diagnostic Settings for Search
+ Services to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Search Services to stream to a regional Event
+ Hub when any Search Services which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Search/searchServices/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d5da587-71bd-41f5-ac95-dd3330c2d58d","type":"Microsoft.Authorization/policyDefinitions","name":"3d5da587-71bd-41f5-ac95-dd3330c2d58d"}'
headers:
cache-control:
- no-cache
content-length:
- - '1067'
+ - '3746'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:52:41 GMT
+ - Fri, 06 Dec 2019 22:05:23 GMT
expires:
- '-1'
pragma:
- no-cache
strict-transport-security:
- max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
vary:
- - Accept-Encoding
+ - Accept-Encoding,Accept-Encoding
x-content-type-options:
- nosniff
status:
@@ -13156,16 +16357,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3d7b154e-2700-4c8c-9e46-cb65ac1578c2?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7'' could not be found."}}'
+ ''3d7b154e-2700-4c8c-9e46-cb65ac1578c2'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -13174,7 +16375,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:52:55 GMT
+ - Fri, 06 Dec 2019 22:05:23 GMT
expires:
- '-1'
pragma:
@@ -13200,28 +16401,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/3d7b154e-2700-4c8c-9e46-cb65ac1578c2?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"A security contact email address should
- be provided for your subscription","policyType":"BuiltIn","mode":"All","description":"Enter
- an email address to receive notifications when Azure Security Center detects
- compromised resources","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/email","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","type":"Microsoft.Authorization/policyDefinitions","name":"4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7"}'
+ string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
+ VMs configurations in ''Security Options - Devices''","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Windows virtual machines with non-compliant settings in Group Policy
+ category: ''Security Options - Devices''. For more information on Guest Configuration
+ policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsDevices","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d7b154e-2700-4c8c-9e46-cb65ac1578c2","type":"Microsoft.Authorization/policyDefinitions","name":"3d7b154e-2700-4c8c-9e46-cb65ac1578c2"}'
headers:
cache-control:
- no-cache
content-length:
- - '993'
+ - '2644'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:52:55 GMT
+ - Fri, 06 Dec 2019 22:05:24 GMT
expires:
- '-1'
pragma:
@@ -13251,16 +16455,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''501541f7-f7e7-4cd6-868c-4190fdad3ac9'' could not be found."}}'
+ ''3d8640fc-63f6-4734-8dcb-cfd3d8c78f38'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -13269,7 +16473,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:53:02 GMT
+ - Fri, 06 Dec 2019 22:05:25 GMT
expires:
- '-1'
pragma:
@@ -13295,28 +16499,34 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview] Vulnerability Assessment should
- be enabled on Virtual Machines","policyType":"BuiltIn","mode":"All","description":"Monitors
- vulnerabilities detected by Azure Security Center Vulnerability Assessment
- on Virtual Machines","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"serverVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["NotApplicable","OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","type":"Microsoft.Authorization/policyDefinitions","name":"501541f7-f7e7-4cd6-868c-4190fdad3ac9"}'
+ string: '{"properties":{"displayName":"[Deprecated]: Deploy default Log Analytics
+ Agent for Ubuntu VMs","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy deploys the Log Analytics Agent on Ubuntu VMs, and connects to the
+ selected Log Analytics workspace","metadata":{"category":"Compute","deprecated":true},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS","16.04-LTS","16.04.0-LTS","14.04.2-LTS","12.04.5-LTS"]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"OmsAgentForLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"resources":[{"name":"[concat(parameters(''vmName''),''/omsPolicy'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2017-12-01","properties":{"publisher":"Microsoft.EnterpriseCloud.Monitoring","type":"OmsAgentForLinux","typeHandlerVersion":"1.4","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
+ ''2015-03-20'').customerId]"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
+ ''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
+ monitoring for Linux VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38","type":"Microsoft.Authorization/policyDefinitions","name":"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38"}'
headers:
cache-control:
- no-cache
content-length:
- - '1114'
+ - '2773'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:53:02 GMT
+ - Fri, 06 Dec 2019 22:05:26 GMT
expires:
- '-1'
pragma:
@@ -13346,16 +16556,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3e596b57-105f-48a6-be97-03e9243bad6e?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''5345bb39-67dc-4960-a1bf-427e16b9a0bd'' could not be found."}}'
+ ''3e596b57-105f-48a6-be97-03e9243bad6e'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -13364,7 +16574,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:53:29 GMT
+ - Fri, 06 Dec 2019 22:05:27 GMT
expires:
- '-1'
pragma:
@@ -13390,29 +16600,27 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/3e596b57-105f-48a6-be97-03e9243bad6e?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Connection throttling should be enabled
- for PostgreSQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy helps audit any PostgreSQL databases in your environment without Connection
- throttling enabled. This setting enables temporary connection throttling per
- IP for too many invalid password login failures.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"connection_throttling","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd","type":"Microsoft.Authorization/policyDefinitions","name":"5345bb39-67dc-4960-a1bf-427e16b9a0bd"}'
+ string: '{"properties":{"displayName":"Azure Monitor solution ''Security and
+ Audit'' must be deployed","policyType":"BuiltIn","mode":"All","description":"This
+ policy ensures that Security and Audit is deployed.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.OperationsManagement/solutions","existenceCondition":{"allOf":[{"field":"Microsoft.OperationsManagement/solutions/provisioningState","equals":"Succeeded"},{"field":"name","like":"Security(*)"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3e596b57-105f-48a6-be97-03e9243bad6e","type":"Microsoft.Authorization/policyDefinitions","name":"3e596b57-105f-48a6-be97-03e9243bad6e"}'
headers:
cache-control:
- no-cache
content-length:
- - '1148'
+ - '1005'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:54:29 GMT
+ - Fri, 06 Dec 2019 22:05:28 GMT
expires:
- '-1'
pragma:
@@ -13442,16 +16650,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''5744710e-cc2f-4ee8-8809-3b11e89f4bc9'' could not be found."}}'
+ ''3fe37002-5d00-4b37-a301-da09e3a0ca66'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -13460,7 +16668,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:55:09 GMT
+ - Fri, 06 Dec 2019 22:05:30 GMT
expires:
- '-1'
pragma:
@@ -13486,29 +16694,29 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"CORS should not allow every resource
- to access your Web Applications","policyType":"BuiltIn","mode":"Indexed","description":"Cross-Origin
- Resource Sharing (CORS) should not allow all domains to access your web application.
- Allow only required domains to interact with your web app.","metadata":{"category":"App
- Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","type":"Microsoft.Authorization/policyDefinitions","name":"5744710e-cc2f-4ee8-8809-3b11e89f4bc9"}'
+ string: '{"properties":{"displayName":"[Deprecated]: Audit API Applications
+ that are not using latest supported PHP Framework","policyType":"BuiltIn","mode":"All","description":"Use
+ the latest supported PHP version for the latest security classes. Using older
+ classes and types can make your application vulnerable.","metadata":{"category":"Security
+ Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPHP","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66","type":"Microsoft.Authorization/policyDefinitions","name":"3fe37002-5d00-4b37-a301-da09e3a0ca66"}'
headers:
cache-control:
- no-cache
content-length:
- - '1073'
+ - '1198'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:55:10 GMT
+ - Fri, 06 Dec 2019 22:05:31 GMT
expires:
- '-1'
pragma:
@@ -13538,16 +16746,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''5aa11bbc-5c76-4302-80e5-aba46a4282e7'' could not be found."}}'
+ ''404c3081-a854-4457-ae30-26a93ef643f9'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -13556,7 +16764,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:55:25 GMT
+ - Fri, 06 Dec 2019 22:05:31 GMT
expires:
- '-1'
pragma:
@@ -13582,38 +16790,41 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
- VMs that do not have a minimum password age of 1 day","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines that do not have a minimum password age
- of 1 day. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","type":"Microsoft.Authorization/policyDefinitions","name":"5aa11bbc-5c76-4302-80e5-aba46a4282e7"}'
+ string: '{"properties":{"displayName":"Secure transfer to storage accounts should
+ be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit requirment
+ of Secure transfer in your storage account. Secure transfer is an option that
+ forces your storage account to accept requests only from secure connections
+ (HTTPS). Use of HTTPS ensures authentication between the server and the service
+ and protects data in transit from network layer attacks such as man-in-the-middle,
+ eavesdropping, and session-hijacking","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","type":"Microsoft.Authorization/policyDefinitions","name":"404c3081-a854-4457-ae30-26a93ef643f9"}'
headers:
cache-control:
- no-cache
content-length:
- - '2744'
+ - '1212'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:55:25 GMT
+ - Fri, 06 Dec 2019 22:05:32 GMT
expires:
- '-1'
pragma:
- no-cache
strict-transport-security:
- max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
vary:
- - Accept-Encoding
+ - Accept-Encoding,Accept-Encoding
x-content-type-options:
- nosniff
status:
@@ -13633,16 +16844,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/40917425-69db-4018-8dae-2a0556cef899?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''5aebc8d1-020d-4037-89a0-02043a7524ec'' could not be found."}}'
+ ''40917425-69db-4018-8dae-2a0556cef899'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -13651,7 +16862,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:55:43 GMT
+ - Fri, 06 Dec 2019 22:05:33 GMT
expires:
- '-1'
pragma:
@@ -13677,38 +16888,63 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/40917425-69db-4018-8dae-2a0556cef899?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
- VMs that do not restrict the minimum password length to 14 characters","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines that do not restrict the minimum password
- length to 14 characters. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","type":"Microsoft.Authorization/policyDefinitions","name":"5aebc8d1-020d-4037-89a0-02043a7524ec"}'
+ string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
+ Windows VMs configurations in ''Administrative Templates - System''","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Windows virtual machines
+ with non-compliant settings in Group Policy category: ''Administrative Templates
+ - System''. It also creates a system-assigned managed identity and deploys
+ the VM extension for Guest Configuration. This policy should only be used
+ along with its corresponding audit policy in an initiative. For more information
+ on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"AlwaysUseClassicLogon":{"type":"String","metadata":{"displayName":"Always
+ use classic logon","description":"Specifies whether to force the user to log
+ on to the computer using the classic logon screen. This setting only works
+ when the computer is not on a domain."},"defaultValue":"0"},"BootStartDriverInitializationPolicy":{"type":"String","metadata":{"displayName":"Boot-Start
+ Driver Initialization Policy","description":"Specifies which boot-start drivers
+ are initialized based on a classification determined by an Early Launch Antimalware
+ boot-start driver."},"defaultValue":"3"},"EnableWindowsNTPClient":{"type":"String","metadata":{"displayName":"Enable
+ Windows NTP Client","description":"Specifies whether the Windows NTP Client
+ is enabled. Enabling the Windows NTP Client allows your computer to synchronize
+ its computer clock with other NTP servers."},"defaultValue":"1"},"TurnOnConveniencePINSignin":{"type":"String","metadata":{"displayName":"Turn
+ on convenience PIN sign-in","description":"Specifies whether a domain user
+ can sign in using a convenience PIN."},"defaultValue":"0"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesSystem","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''Always
+ use classic logon;ExpectedValue'', ''='', parameters(''AlwaysUseClassicLogon''),
+ '','', ''Boot-Start Driver Initialization Policy;ExpectedValue'', ''='', parameters(''BootStartDriverInitializationPolicy''),
+ '','', ''Enable Windows NTP Client;ExpectedValue'', ''='', parameters(''EnableWindowsNTPClient''),
+ '','', ''Turn on convenience PIN sign-in;ExpectedValue'', ''='', parameters(''TurnOnConveniencePINSignin'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_AdministrativeTemplatesSystem"},"AlwaysUseClassicLogon":{"value":"[parameters(''AlwaysUseClassicLogon'')]"},"BootStartDriverInitializationPolicy":{"value":"[parameters(''BootStartDriverInitializationPolicy'')]"},"EnableWindowsNTPClient":{"value":"[parameters(''EnableWindowsNTPClient'')]"},"TurnOnConveniencePINSignin":{"value":"[parameters(''TurnOnConveniencePINSignin'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AlwaysUseClassicLogon":{"type":"string"},"BootStartDriverInitializationPolicy":{"type":"string"},"EnableWindowsNTPClient":{"type":"string"},"TurnOnConveniencePINSignin":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Always
+ use classic logon;ExpectedValue","value":"[parameters(''AlwaysUseClassicLogon'')]"},{"name":"Boot-Start
+ Driver Initialization Policy;ExpectedValue","value":"[parameters(''BootStartDriverInitializationPolicy'')]"},{"name":"Enable
+ Windows NTP Client;ExpectedValue","value":"[parameters(''EnableWindowsNTPClient'')]"},{"name":"Turn
+ on convenience PIN sign-in;ExpectedValue","value":"[parameters(''TurnOnConveniencePINSignin'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/40917425-69db-4018-8dae-2a0556cef899","type":"Microsoft.Authorization/policyDefinitions","name":"40917425-69db-4018-8dae-2a0556cef899"}'
headers:
cache-control:
- no-cache
content-length:
- - '2781'
+ - '7005'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:55:45 GMT
+ - Fri, 06 Dec 2019 22:05:34 GMT
expires:
- '-1'
pragma:
- no-cache
strict-transport-security:
- max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
vary:
- - Accept-Encoding
+ - Accept-Encoding,Accept-Encoding
x-content-type-options:
- nosniff
status:
@@ -13728,16 +16964,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''5b842acb-0fe7-41b0-9f40-880ec4ad84d8'' could not be found."}}'
+ ''41388f1c-2db0-4c25-95b2-35d7f5ccbfa9'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -13746,7 +16982,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:56:03 GMT
+ - Fri, 06 Dec 2019 22:05:36 GMT
expires:
- '-1'
pragma:
@@ -13772,30 +17008,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Show audit results from Linux VMs that
- have the specified applications installed","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Linux virtual machines that have the specified applications installed.
- For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"not_installed_application_linux","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8","type":"Microsoft.Authorization/policyDefinitions","name":"5b842acb-0fe7-41b0-9f40-880ec4ad84d8"}'
+ string: '{"properties":{"displayName":"Azure Monitor should collect activity
+ logs from all regions","policyType":"BuiltIn","mode":"All","description":"This
+ policy audits the Azure Monitor log profile which does not export activities
+ from all Azure supported regions including global.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiacentral2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"australiasoutheast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"brazilsouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"canadaeast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"centralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"eastus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"francesouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japaneast"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"japanwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreacentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"koreasouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"northeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricanorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southafricawest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"southeastasia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaecentral"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uaenorth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"uksouth"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"ukwest"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westcentralus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westeurope"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westindia"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"westus2"}},{"not":{"field":"Microsoft.Insights/logProfiles/locations[*]","notEquals":"global"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9","type":"Microsoft.Authorization/policyDefinitions","name":"41388f1c-2db0-4c25-95b2-35d7f5ccbfa9"}'
headers:
cache-control:
- no-cache
content-length:
- - '3182'
+ - '4084'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:56:03 GMT
+ - Fri, 06 Dec 2019 22:05:36 GMT
expires:
- '-1'
pragma:
@@ -13825,16 +17059,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5bb36dda-8a78-4df9-affd-4f05a8612a8a?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''5bb36dda-8a78-4df9-affd-4f05a8612a8a'' could not be found."}}'
+ ''428256e6-1fac-4f48-a757-df34c2b3336d'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -13843,7 +17077,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:56:26 GMT
+ - Fri, 06 Dec 2019 22:05:38 GMT
expires:
- '-1'
pragma:
@@ -13869,52 +17103,138 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/5bb36dda-8a78-4df9-affd-4f05a8612a8a?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy prerequisites to audit
- Windows VMs on which the remote host connection status does not match the
- specified one","policyType":"BuiltIn","mode":"Indexed","description":"This
+ string: '{"properties":{"displayName":"Diagnostic logs in Batch accounts should
+ be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit enabling
+ of diagnostic logs. This enables you to recreate activity trails to use for
+ investigation purposes; when a security incident occurs or when your network
+ is compromised","metadata":{"category":"Batch"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (days)","description":"The required diagnostic logs retention in
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Batch/batchAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","type":"Microsoft.Authorization/policyDefinitions","name":"428256e6-1fac-4f48-a757-df34c2b3336d"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1783'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:05:38 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/42a07bbf-ffcf-459a-b4b1-30ecd118a505?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''42a07bbf-ffcf-459a-b4b1-30ecd118a505'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:05:40 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/42a07bbf-ffcf-459a-b4b1-30ecd118a505?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
+ Windows VMs configurations in ''System Audit Policies - Detailed Tracking''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
- on which the remote host connection status does not match the specified one.
- It also creates a system-assigned managed identity and deploys the VM extension
- for Guest Configuration. This policy should only be used along with its corresponding
- audit policy in an initiative. For more information on Guest Configuration
- policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"host":{"type":"String","metadata":{"displayName":"Remote
- Host Name","description":"Specifies the Domain Name System (DNS) name or IP
- address of the remote host machine."}},"port":{"type":"String","metadata":{"displayName":"Port","description":"The
- TCP port number on the remote host name."}},"shouldConnect":{"type":"String","metadata":{"displayName":"Should
- connect to remote host","description":"Must be ''True'' or ''False''. ''True''
- indicates that the virtual machine should be able to establish a connection
- with the remote host specified, so the machine will be non-compliant if it
- cannot establish a connection. ''False'' indicates that the virtual machine
- should not be able to establish a connection with the remote host specified,
- so the machine will be non-compliant if it can establish a connection."},"allowedValues":["True","False"],"defaultValue":"False"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsRemoteConnection","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[WindowsRemoteConnection]WindowsRemoteConnection1;host'',
- ''='', parameters(''host''), '','', ''[WindowsRemoteConnection]WindowsRemoteConnection1;port'',
- ''='', parameters(''port''), '','', ''[WindowsRemoteConnection]WindowsRemoteConnection1;shouldConnect'',
- ''='', parameters(''shouldConnect'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsRemoteConnection"},"host":{"value":"[parameters(''host'')]"},"port":{"value":"[parameters(''port'')]"},"shouldConnect":{"value":"[parameters(''shouldConnect'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"host":{"type":"string"},"port":{"type":"string"},"shouldConnect":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;host","value":"[parameters(''host'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;port","value":"[parameters(''port'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;shouldConnect","value":"[parameters(''shouldConnect'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;host","value":"[parameters(''host'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;port","value":"[parameters(''port'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;shouldConnect","value":"[parameters(''shouldConnect'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5bb36dda-8a78-4df9-affd-4f05a8612a8a","type":"Microsoft.Authorization/policyDefinitions","name":"5bb36dda-8a78-4df9-affd-4f05a8612a8a"}'
+ with non-compliant settings in Group Policy category: ''System Audit Policies
+ - Detailed Tracking''. It also creates a system-assigned managed identity
+ and deploys the VM extension for Guest Configuration. This policy should only
+ be used along with its corresponding audit policy in an initiative. For more
+ information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"AuditProcessTermination":{"type":"String","metadata":{"displayName":"Audit
+ Process Termination","description":"Specifies whether audit events are generated
+ when a process has exited. Recommended for monitoring termination of critical
+ processes."},"allowedValues":["No Auditing","Success","Failure","Success and
+ Failure"],"defaultValue":"No Auditing"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesDetailedTracking","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''Audit
+ Process Termination;ExpectedValue'', ''='', parameters(''AuditProcessTermination'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesDetailedTracking"},"AuditProcessTermination":{"value":"[parameters(''AuditProcessTermination'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AuditProcessTermination":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit
+ Process Termination;ExpectedValue","value":"[parameters(''AuditProcessTermination'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/42a07bbf-ffcf-459a-b4b1-30ecd118a505","type":"Microsoft.Authorization/policyDefinitions","name":"42a07bbf-ffcf-459a-b4b1-30ecd118a505"}'
headers:
cache-control:
- no-cache
content-length:
- - '7417'
+ - '5248'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:56:30 GMT
+ - Fri, 06 Dec 2019 22:05:41 GMT
expires:
- '-1'
pragma:
@@ -13944,16 +17264,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5c028d2a-1889-45f6-b821-31f42711ced8?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/437a1f8f-8552-47a8-8b12-a2fee3269dd5?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''5c028d2a-1889-45f6-b821-31f42711ced8'' could not be found."}}'
+ ''437a1f8f-8552-47a8-8b12-a2fee3269dd5'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -13962,7 +17282,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:56:52 GMT
+ - Fri, 06 Dec 2019 22:05:42 GMT
expires:
- '-1'
pragma:
@@ -13988,31 +17308,45 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/5c028d2a-1889-45f6-b821-31f42711ced8?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/437a1f8f-8552-47a8-8b12-a2fee3269dd5?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
- VMs configurations in ''Security Options - Network Security''","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines with non-compliant settings in Group Policy
- category: ''Security Options - Network Security''. For more information on
- Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsNetworkSecurity","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c028d2a-1889-45f6-b821-31f42711ced8","type":"Microsoft.Authorization/policyDefinitions","name":"5c028d2a-1889-45f6-b821-31f42711ced8"}'
+ string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
+ Windows VMs configurations in ''Security Options - System settings''","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Windows virtual machines
+ with non-compliant settings in Group Policy category: ''Security Options -
+ System settings''. It also creates a system-assigned managed identity and
+ deploys the VM extension for Guest Configuration. This policy should only
+ be used along with its corresponding audit policy in an initiative. For more
+ information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies":{"type":"String","metadata":{"displayName":"System
+ settings: Use Certificate Rules on Windows Executables for Software Restriction
+ Policies","description":"Specifies whether digital certificates are processed
+ when software restriction policies are enabled and a user or process attempts
+ to run software with an .exe file name extension. It enables or disables certificate
+ rules (a type of software restriction policies rule). For certificate rules
+ to take effect in software restriction policies, you must enable this policy
+ setting."},"defaultValue":"1"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsSystemsettings","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''System
+ settings: Use Certificate Rules on Windows Executables for Software Restriction
+ Policies;ExpectedValue'', ''='', parameters(''SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsSystemsettings"},"SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies":{"value":"[parameters(''SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"System
+ settings: Use Certificate Rules on Windows Executables for Software Restriction
+ Policies;ExpectedValue","value":"[parameters(''SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/437a1f8f-8552-47a8-8b12-a2fee3269dd5","type":"Microsoft.Authorization/policyDefinitions","name":"437a1f8f-8552-47a8-8b12-a2fee3269dd5"}'
headers:
cache-control:
- no-cache
content-length:
- - '2670'
+ - '5952'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:56:53 GMT
+ - Fri, 06 Dec 2019 22:05:43 GMT
expires:
- '-1'
pragma:
@@ -14042,16 +17376,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138'' could not be found."}}'
+ ''44452482-524f-4bf4-b852-0bff7cc4a3ed'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -14060,7 +17394,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:57:12 GMT
+ - Fri, 06 Dec 2019 22:05:44 GMT
expires:
- '-1'
pragma:
@@ -14086,32 +17420,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Audit Log Analytics Agent
- Deployment in VMSS - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports
- VMSS as non-compliant if the VM Image (OS) is not in the list defined and
- the agent is not installed. The list of OS images will be updated over time
- as support is updated.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude_windows":{"type":"Array","metadata":{"displayName":"Optional:
- List of VM images that have supported Windows OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
- List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","type":"Microsoft.Authorization/policyDefinitions","name":"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138"}'
+ string: '{"properties":{"displayName":"[Deprecated]: Monitor permissive network
+ access in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Network
+ Security Groups with too permissive rules will be monitored by Azure Security
+ Center as recommendations","metadata":{"category":"Security Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"permissiveNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed","type":"Microsoft.Authorization/policyDefinitions","name":"44452482-524f-4bf4-b852-0bff7cc4a3ed"}'
headers:
cache-control:
- no-cache
content-length:
- - '5958'
+ - '1118'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:57:15 GMT
+ - Fri, 06 Dec 2019 22:05:45 GMT
expires:
- '-1'
pragma:
@@ -14141,16 +17471,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''5c607a2e-c700-4744-8254-d77e7c9eb5e4'' could not be found."}}'
+ ''464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -14159,7 +17489,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:57:44 GMT
+ - Fri, 06 Dec 2019 22:05:46 GMT
expires:
- '-1'
pragma:
@@ -14185,36 +17515,38 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"External accounts with write permissions
- should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"External
- accounts with write privileges should be removed from your subscription in
- order to prevent unmonitored access.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","type":"Microsoft.Authorization/policyDefinitions","name":"5c607a2e-c700-4744-8254-d77e7c9eb5e4"}'
+ string: '{"properties":{"displayName":"[Deprecated]: Require SQL Server version
+ 12.0","policyType":"BuiltIn","mode":"Indexed","description":"This policy ensures
+ all SQL servers use version 12.0. This policy is deprecated because it is
+ no longer possible to create an Azure SQL server with any version other than
+ 12.0.","metadata":{"category":"SQL","deprecated":"true"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers"},{"not":{"field":"Microsoft.Sql/servers/version","equals":"12.0"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf","type":"Microsoft.Authorization/policyDefinitions","name":"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf"}'
headers:
cache-control:
- no-cache
content-length:
- - '1096'
+ - '744'
content-type:
- application/json; charset=utf-8
date:
- - Mon, 09 Sep 2019 23:59:24 GMT
+ - Fri, 06 Dec 2019 22:05:47 GMT
expires:
- '-1'
pragma:
- no-cache
strict-transport-security:
- max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
vary:
- - Accept-Encoding
+ - Accept-Encoding,Accept-Encoding
x-content-type-options:
- nosniff
status:
@@ -14234,16 +17566,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''5df82f4f-773a-4a2d-97a2-422a806f1a55'' could not be found."}}'
+ ''46544d7b-1f0d-46f5-81da-5c1351de1b06'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -14252,7 +17584,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:03:48 GMT
+ - Fri, 06 Dec 2019 22:05:48 GMT
expires:
- '-1'
pragma:
@@ -14278,37 +17610,39 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Deprecated]: Function App should only
- be accessible over HTTPS","policyType":"BuiltIn","mode":"All","description":"Use
- of HTTPS ensures server/service authentication and protects data in transit
- from network layer eavesdropping attacks.","metadata":{"category":"Security
- Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForFunctionApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55","type":"Microsoft.Authorization/policyDefinitions","name":"5df82f4f-773a-4a2d-97a2-422a806f1a55"}'
+ string: '{"properties":{"displayName":"[Deprecated]: Audit Web Applications
+ that are not using latest supported Python Framework","policyType":"BuiltIn","mode":"All","description":"Use
+ the latest supported Python version for the latest security classes. Using
+ older classes and types can make your application vulnerable.","metadata":{"category":"Security
+ Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPython","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06","type":"Microsoft.Authorization/policyDefinitions","name":"46544d7b-1f0d-46f5-81da-5c1351de1b06"}'
headers:
cache-control:
- no-cache
content-length:
- - '1230'
+ - '1207'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:05:22 GMT
+ - Fri, 06 Dec 2019 22:05:49 GMT
expires:
- '-1'
pragma:
- no-cache
strict-transport-security:
- max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
vary:
- - Accept-Encoding
+ - Accept-Encoding,Accept-Encoding
x-content-type-options:
- nosniff
status:
@@ -14328,16 +17662,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''5e3315e0-a414-4efb-a4d2-c7bd2b0443d2'' could not be found."}}'
+ ''465f0161-0087-490a-9ad9-ad6217f4f43a'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -14346,7 +17680,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:06:02 GMT
+ - Fri, 06 Dec 2019 22:05:50 GMT
expires:
- '-1'
pragma:
@@ -14372,37 +17706,38 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Deprecated]: Audit Web Applications
- that are not using latest supported .NET Framework","policyType":"BuiltIn","mode":"All","description":"Use
- the latest supported .NET Framework version for the latest security classes.
- Using older classes and types can make your application vulnerable.","metadata":{"category":"Security
- Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestDotNet","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2","type":"Microsoft.Authorization/policyDefinitions","name":"5e3315e0-a414-4efb-a4d2-c7bd2b0443d2"}'
+ string: '{"properties":{"displayName":"Require automatic OS image patching on
+ Virtual Machine Scale Sets","policyType":"BuiltIn","mode":"All","description":"This
+ policy enforces enabling automatic OS image patching on Virtual Machine Scale
+ Sets to always keep Virtual Machines secure by safely applying latest security
+ patches every month.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgradePolicy.enableAutomaticOSUpgrade","notEquals":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade","notEquals":"True"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"465f0161-0087-490a-9ad9-ad6217f4f43a"}'
headers:
cache-control:
- no-cache
content-length:
- - '1299'
+ - '947'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:06:03 GMT
+ - Fri, 06 Dec 2019 22:05:51 GMT
expires:
- '-1'
pragma:
- no-cache
strict-transport-security:
- max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
vary:
- - Accept-Encoding
+ - Accept-Encoding,Accept-Encoding
x-content-type-options:
- nosniff
status:
@@ -14422,16 +17757,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''5e393799-e3ca-4e43-a9a5-0ec4648a57d9'' could not be found."}}'
+ ''475aae12-b88a-4572-8b36-9b712b2b3a17'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -14440,7 +17775,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:06:41 GMT
+ - Fri, 06 Dec 2019 22:05:53 GMT
expires:
- '-1'
pragma:
@@ -14466,38 +17801,38 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Show audit results from Windows VMs that
- do not have the specified applications installed","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines that do not have the specified applications
- installed. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WhitelistedApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9","type":"Microsoft.Authorization/policyDefinitions","name":"5e393799-e3ca-4e43-a9a5-0ec4648a57d9"}'
+ string: '{"properties":{"displayName":"Automatic provisioning of the Log Analytics
+ monitoring agent should be enabled on your subscription","policyType":"BuiltIn","mode":"All","description":"Enable
+ automatic provisioning of the Log Analytics monitoring agent in order to collect
+ security data","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/autoProvisioningSettings","existenceCondition":{"field":"Microsoft.Security/autoProvisioningSettings/autoProvision","equals":"On"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17","type":"Microsoft.Authorization/policyDefinitions","name":"475aae12-b88a-4572-8b36-9b712b2b3a17"}'
headers:
cache-control:
- no-cache
content-length:
- - '2747'
+ - '1039'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:06:49 GMT
+ - Fri, 06 Dec 2019 22:05:54 GMT
expires:
- '-1'
pragma:
- no-cache
strict-transport-security:
- max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
vary:
- - Accept-Encoding
+ - Accept-Encoding,Accept-Encoding
x-content-type-options:
- nosniff
status:
@@ -14517,16 +17852,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54'' could not be found."}}'
+ ''47a6b606-51aa-4496-8bb7-64b11cf66adc'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -14535,7 +17870,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:06:51 GMT
+ - Fri, 06 Dec 2019 22:05:55 GMT
expires:
- '-1'
pragma:
@@ -14561,27 +17896,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Allow resource creation only in India
- data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
- resource creation in the following locations only: West India, South India,
- Central India","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["westindia","southindia","centralindia"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54","type":"Microsoft.Authorization/policyDefinitions","name":"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54"}'
+ string: '{"properties":{"displayName":"Adaptive Application Controls should
+ be enabled on virtual machines","policyType":"BuiltIn","mode":"All","description":"Possible
+ Application Whitelist configuration will be monitored by Azure Security Center","metadata":{"category":"Security
+ Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"applicationWhitelisting","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","type":"Microsoft.Authorization/policyDefinitions","name":"47a6b606-51aa-4496-8bb7-64b11cf66adc"}'
headers:
cache-control:
- no-cache
content-length:
- - '619'
+ - '1071'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:06:52 GMT
+ - Fri, 06 Dec 2019 22:05:56 GMT
expires:
- '-1'
pragma:
@@ -14611,16 +17947,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069'' could not be found."}}'
+ ''48893b84-a2c8-4d9a-badf-835d5d1b7d53'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -14629,7 +17965,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:07:06 GMT
+ - Fri, 06 Dec 2019 22:05:58 GMT
expires:
- '-1'
pragma:
@@ -14655,47 +17991,39 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy Log Analytics Agent
- for Linux VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
- Log Analytics Agent for Linux VM Scale Sets if the VM Image (OS) is in the
- list defined and the agent is not installed. Note: if your scale set upgradePolicy
- is set to Manual, you need to apply the extension to the all VMs in the set
- by calling upgrade on them. In CLI this would be az vmss update-instances.","metadata":{"category":"Monitoring"},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log
- Analytics workspace","description":"Select Log Analytics workspace from dropdown
- list. If this workspace is outside of the scope of the assignment you must
- manually grant ''Log Analytics Contributor'' permissions (or similar) to the
- policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional:
- List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293","/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"OmsAgentForLinux"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"OmsAgentForLinux","vmExtensionTypeHandlerVersion":"1.7"},"resources":[{"name":"[concat(parameters(''vmName''),
- ''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachineScaleSets/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
- ''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
- ''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069","type":"Microsoft.Authorization/policyDefinitions","name":"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069"}'
+ string: '{"properties":{"displayName":"[Deprecated]: Audit IP restrictions configuration
+ for an API App","policyType":"BuiltIn","mode":"All","description":"IP Restrictions
+ allow you to define a list of IP addresses that are allowed to access your
+ app. Use of IP Restrictions protects an API app from common attacks.","metadata":{"category":"Security
+ Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53","type":"Microsoft.Authorization/policyDefinitions","name":"48893b84-a2c8-4d9a-badf-835d5d1b7d53"}'
headers:
cache-control:
- no-cache
content-length:
- - '5198'
+ - '1209'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:07:12 GMT
+ - Fri, 06 Dec 2019 22:05:59 GMT
expires:
- '-1'
pragma:
- no-cache
strict-transport-security:
- max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
vary:
- - Accept-Encoding
+ - Accept-Encoding,Accept-Encoding
x-content-type-options:
- nosniff
status:
@@ -14715,16 +18043,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''5f76cf89-fbf2-47fd-a3f4-b891fa780b60'' could not be found."}}'
+ ''48af4db5-9b8b-401c-8e74-076be876a430'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -14733,7 +18061,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:07:13 GMT
+ - Fri, 06 Dec 2019 22:06:01 GMT
expires:
- '-1'
pragma:
@@ -14759,36 +18087,38 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"External accounts with read permissions
- should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"External
- accounts with read privileges should be removed from your subscription in
- order to prevent unmonitored access.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithReadPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","type":"Microsoft.Authorization/policyDefinitions","name":"5f76cf89-fbf2-47fd-a3f4-b891fa780b60"}'
+ string: '{"properties":{"displayName":"Geo-redundant backup should be enabled
+ for Azure Database for PostgreSQL","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure Database for PostgreSQL with geo-redundant backup
+ not enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},{"field":"Microsoft.DBforPostgreSQL/servers/storageProfile.geoRedundantBackup","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430","type":"Microsoft.Authorization/policyDefinitions","name":"48af4db5-9b8b-401c-8e74-076be876a430"}'
headers:
cache-control:
- no-cache
content-length:
- - '1093'
+ - '916'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:07:13 GMT
+ - Fri, 06 Dec 2019 22:06:02 GMT
expires:
- '-1'
pragma:
- no-cache
strict-transport-security:
- max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
vary:
- - Accept-Encoding
+ - Accept-Encoding,Accept-Encoding
x-content-type-options:
- nosniff
status:
@@ -14808,16 +18138,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/60aeaf73-a074-417a-905f-7ce9df0ff77b?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''60aeaf73-a074-417a-905f-7ce9df0ff77b'' could not be found."}}'
+ ''496223c3-ad65-4ecd-878a-bae78737e9ed'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -14826,7 +18156,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:07:17 GMT
+ - Fri, 06 Dec 2019 22:06:03 GMT
expires:
- '-1'
pragma:
@@ -14852,31 +18182,34 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/60aeaf73-a074-417a-905f-7ce9df0ff77b?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
- VMs configurations in ''System Audit Policies - Object Access''","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines with non-compliant settings in Group Policy
- category: ''System Audit Policies - Object Access''. For more information
- on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesObjectAccess","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/60aeaf73-a074-417a-905f-7ce9df0ff77b","type":"Microsoft.Authorization/policyDefinitions","name":"60aeaf73-a074-417a-905f-7ce9df0ff77b"}'
+ string: '{"properties":{"displayName":"Ensure that ''Java version'' is the latest,
+ if used as a part of the Web app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Java software either due to security flaws
+ or to include additional functionality. Using the latest Java version for
+ web apps is recommended in order to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ Java version","description":"Latest supported Java version for App Services"},"defaultValue":"11"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"JAVA"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","like":"[concat(''*'',
+ parameters(''JavaLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.javaVersion","like":"[concat(parameters(''JavaLatestVersion''),
+ ''*'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed","type":"Microsoft.Authorization/policyDefinitions","name":"496223c3-ad65-4ecd-878a-bae78737e9ed"}'
headers:
cache-control:
- no-cache
content-length:
- - '2675'
+ - '1870'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:07:18 GMT
+ - Fri, 06 Dec 2019 22:06:04 GMT
expires:
- '-1'
pragma:
@@ -14906,16 +18239,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/498b810c-59cd-4222-9338-352ba146ccf3?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''60ffe3e2-4604-4460-8f22-0f1da058266c'' could not be found."}}'
+ ''498b810c-59cd-4222-9338-352ba146ccf3'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -14924,7 +18257,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:08:46 GMT
+ - Fri, 06 Dec 2019 22:06:06 GMT
expires:
- '-1'
pragma:
@@ -14950,30 +18283,39 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/498b810c-59cd-4222-9338-352ba146ccf3?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Show audit results from Windows web servers
- that are not using secure communication protocols","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Windows web servers that are not using secure communication protocols
- (TLS 1.1 or TLS 1.2). For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AuditSecureProtocol","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","type":"Microsoft.Authorization/policyDefinitions","name":"60ffe3e2-4604-4460-8f22-0f1da058266c"}'
+ string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
+ Windows VMs configurations in ''Security Options - Audit''","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Windows virtual machines
+ with non-compliant settings in Group Policy category: ''Security Options -
+ Audit''. It also creates a system-assigned managed identity and deploys the
+ VM extension for Guest Configuration. This policy should only be used along
+ with its corresponding audit policy in an initiative. For more information
+ on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"type":"String","metadata":{"displayName":"Audit:
+ Shut down system immediately if unable to log security audits","description":"Audits
+ if the system will shut down when unable to log Security events."},"defaultValue":"0"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAudit","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''Audit:
+ Shut down system immediately if unable to log security audits;ExpectedValue'',
+ ''='', parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsAudit"},"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"value":"[parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit:
+ Shut down system immediately if unable to log security audits;ExpectedValue","value":"[parameters(''AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/498b810c-59cd-4222-9338-352ba146ccf3","type":"Microsoft.Authorization/policyDefinitions","name":"498b810c-59cd-4222-9338-352ba146ccf3"}'
headers:
cache-control:
- no-cache
content-length:
- - '2760'
+ - '5371'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:08:48 GMT
+ - Fri, 06 Dec 2019 22:06:06 GMT
expires:
- '-1'
pragma:
@@ -15003,16 +18345,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''6134c3db-786f-471e-87bc-8f479dc890f6'' could not be found."}}'
+ ''49c88fc8-6fd1-46fd-a676-f12d1d3a4c71'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -15021,7 +18363,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:08:49 GMT
+ - Fri, 06 Dec 2019 22:06:08 GMT
expires:
- '-1'
pragma:
@@ -15047,37 +18389,34 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Deploy Advanced Data Security on SQL
- servers","policyType":"BuiltIn","mode":"Indexed","description":"This policy
- enables Advanced Data Security on SQL Servers. This includes turning on Threat
- Detection and Vulnerability Assessment. It will automatically create a storage
- account in the same region and resource group as the SQL server to store scan
- results, with a ''sqlva'' prefix.","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/securityAlertPolicies.state","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3","/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"serverName":{"type":"string"},"location":{"type":"string"}},"variables":{"serverResourceGroupName":"[resourceGroup().name]","subscriptionId":"[subscription().subscriptionId]","uniqueStorage":"[uniqueString(variables(''subscriptionId''),
- variables(''serverResourceGroupName''), parameters(''location''))]","storageName":"[tolower(concat(''sqlva'',
- variables(''uniqueStorage'')))]"},"resources":[{"type":"Microsoft.Storage/storageAccounts","name":"[variables(''storageName'')]","apiVersion":"2016-01-01","location":"[parameters(''location'')]","sku":{"name":"Standard_LRS"},"kind":"Storage","properties":{}},{"name":"[concat(parameters(''serverName''),
- ''/Default'')]","type":"Microsoft.Sql/servers/securityAlertPolicies","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","emailAccountAdmins":true}},{"name":"[concat(parameters(''serverName''),
- ''/Default'')]","type":"Microsoft.Sql/servers/vulnerabilityAssessments","apiVersion":"2018-06-01-preview","properties":{"storageContainerPath":"[concat(reference(resourceId(''Microsoft.Storage/storageAccounts'',
- variables(''storageName''))).primaryEndpoints.blob, ''vulnerability-assessment'')]","storageAccountAccessKey":"[listKeys(resourceId(''Microsoft.Storage/storageAccounts'',
- variables(''storageName'')), ''2018-02-01'').keys[0].value]","recurringScans":{"isEnabled":true,"emailSubscriptionAdmins":true,"emails":[]}},"dependsOn":["[concat(''Microsoft.Storage/storageAccounts/'',
- variables(''storageName''))]","[concat(''Microsoft.Sql/servers/'', parameters(''serverName''),
- ''/securityAlertPolicies/Default'')]"]}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6","type":"Microsoft.Authorization/policyDefinitions","name":"6134c3db-786f-471e-87bc-8f479dc890f6"}'
+ string: '{"properties":{"displayName":"Append tag and its default value to resource
+ groups","policyType":"BuiltIn","mode":"All","description":"Appends the specified
+ tag and value when any resource group which is missing this tag is created
+ or updated. Does not modify the tags of resource groups created before this
+ policy was applied until those resource groups are changed. New ''modify''
+ effect policies are available that support remediation of tags on existing
+ resources (see https://aka.ms/modifydoc).","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
+ Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"append","details":[{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71","type":"Microsoft.Authorization/policyDefinitions","name":"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71"}'
headers:
cache-control:
- no-cache
content-length:
- - '2972'
+ - '1299'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:08:49 GMT
+ - Fri, 06 Dec 2019 22:06:09 GMT
expires:
- '-1'
pragma:
@@ -15107,16 +18446,127 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''4d1c04de-2172-403f-901b-90608c35c721'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:06:10 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Deploy prerequisites to audit Linux VMs
+ that do not have the specified applications installed","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Linux virtual machines
+ that do not have the specified applications installed. It also creates a system-assigned
+ managed identity and deploys the VM extension for Guest Configuration. This
+ policy should only be used along with its corresponding audit policy in an
+ initiative. For more information on Guest Configuration policies, please visit
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"ApplicationName":{"type":"String","metadata":{"displayName":"Application
+ names","description":"A semicolon-separated list of the names of the applications
+ that should be installed. e.g. ''python; powershell''"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"installed_application_linux","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent'',
+ ''='', concat(''packages: ['', replace(parameters(''ApplicationName''), '';'',
+ '',''), '']'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"installed_application_linux"},"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ApplicationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent","value":"[concat(''packages:
+ ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent","value":"[concat(''packages:
+ ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721","type":"Microsoft.Authorization/policyDefinitions","name":"4d1c04de-2172-403f-901b-90608c35c721"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '6695'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:06:11 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''617c02be-7f02-4efd-8836-3180d47b6c68'' could not be found."}}'
+ ''4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -15125,7 +18575,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:08:49 GMT
+ - Fri, 06 Dec 2019 22:06:16 GMT
expires:
- '-1'
pragma:
@@ -15151,30 +18601,26 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Service Fabric clusters should have the
- ClusterProtectionLevel property set to EncryptAndSign","policyType":"BuiltIn","mode":"Indexed","description":"Service
- Fabric provides three levels of protection (None, Sign and EncryptAndSign)
- for node-to-node communication using a primary cluster certificate. Set the
- protection level to ensure that all node-to-node messages are encrypted and
- digitally signed","metadata":{"category":"Service Fabric"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceFabric/clusters"},{"anyOf":[{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].name","notEquals":"Security"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name","notEquals":"ClusterProtectionLevel"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value","notEquals":"EncryptAndSign"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","type":"Microsoft.Authorization/policyDefinitions","name":"617c02be-7f02-4efd-8836-3180d47b6c68"}'
+ string: '{"properties":{"displayName":"FTPS should be required in your Web App","policyType":"BuiltIn","mode":"Indexed","description":"Enable
+ FTPS enforcement for enhanced security","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/ftpsState","equals":"FtpsOnly"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b","type":"Microsoft.Authorization/policyDefinitions","name":"4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b"}'
headers:
cache-control:
- no-cache
content-length:
- - '1339'
+ - '933'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:08:49 GMT
+ - Fri, 06 Dec 2019 22:06:17 GMT
expires:
- '-1'
pragma:
@@ -15184,7 +18630,7 @@ interactions:
transfer-encoding:
- chunked
vary:
- - Accept-Encoding,Accept-Encoding
+ - Accept-Encoding
x-content-type-options:
- nosniff
status:
@@ -15204,16 +18650,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/620e58b5-ac75-49b4-993f-a9d4f0459636?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''620e58b5-ac75-49b4-993f-a9d4f0459636'' could not be found."}}'
+ ''4da21710-ce6f-4e06-8cdb-5cc4c93ffbee'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -15222,7 +18668,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:08:49 GMT
+ - Fri, 06 Dec 2019 22:06:18 GMT
expires:
- '-1'
pragma:
@@ -15248,31 +18694,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/620e58b5-ac75-49b4-993f-a9d4f0459636?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
- VMs configurations in ''Security Options - System objects''","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines with non-compliant settings in Group Policy
- category: ''Security Options - System objects''. For more information on Guest
- Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsSystemobjects","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/620e58b5-ac75-49b4-993f-a9d4f0459636","type":"Microsoft.Authorization/policyDefinitions","name":"620e58b5-ac75-49b4-993f-a9d4f0459636"}'
+ string: '{"properties":{"displayName":"[Preview]: Deploy Dependency Agent for
+ Linux VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy Dependency
+ Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent
+ is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional:
+ List of VM images that have supported Linux OS to add to scope","description":"Example
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''),
+ ''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
+ extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee","type":"Microsoft.Authorization/policyDefinitions","name":"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee"}'
headers:
cache-control:
- no-cache
content-length:
- - '2664'
+ - '4070'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:08:50 GMT
+ - Fri, 06 Dec 2019 22:06:19 GMT
expires:
- '-1'
pragma:
@@ -15302,16 +18748,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/6481cc21-ed6e-4480-99dd-ea7c5222e897?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4daddf25-4823-43d4-88eb-2419eb6dcc08?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''6481cc21-ed6e-4480-99dd-ea7c5222e897'' could not be found."}}'
+ ''4daddf25-4823-43d4-88eb-2419eb6dcc08'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -15320,7 +18766,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:09:04 GMT
+ - Fri, 06 Dec 2019 22:06:21 GMT
expires:
- '-1'
pragma:
@@ -15346,40 +18792,40 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/6481cc21-ed6e-4480-99dd-ea7c5222e897?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/4daddf25-4823-43d4-88eb-2419eb6dcc08?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
- Windows VMs configurations in ''Security Options - Devices''","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Windows virtual machines
- with non-compliant settings in Group Policy category: ''Security Options -
- Devices''. It also creates a system-assigned managed identity and deploys
- the VM extension for Guest Configuration. This policy should only be used
- along with its corresponding audit policy in an initiative. For more information
- on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"DevicesAllowedToFormatAndEjectRemovableMedia":{"type":"String","metadata":{"displayName":"Devices:
- Allowed to format and eject removable media","description":"Specifies who
- is allowed to format and eject removable NTFS media. You can use this policy
- setting to prevent unauthorized users from removing data on one computer to
- access it on another computer on which they have local administrator privileges."},"defaultValue":"0"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsDevices","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''Devices:
- Allowed to format and eject removable media;ExpectedValue'', ''='', parameters(''DevicesAllowedToFormatAndEjectRemovableMedia'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsDevices"},"DevicesAllowedToFormatAndEjectRemovableMedia":{"value":"[parameters(''DevicesAllowedToFormatAndEjectRemovableMedia'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"DevicesAllowedToFormatAndEjectRemovableMedia":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Devices:
- Allowed to format and eject removable media;ExpectedValue","value":"[parameters(''DevicesAllowedToFormatAndEjectRemovableMedia'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6481cc21-ed6e-4480-99dd-ea7c5222e897","type":"Microsoft.Authorization/policyDefinitions","name":"6481cc21-ed6e-4480-99dd-ea7c5222e897"}'
+ string: '{"properties":{"displayName":"Deploy Diagnostic Settings for Data Lake
+ Analytics to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Analytics to stream to a regional Event
+ Hub when any Data Lake Analytics which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeAnalytics/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeAnalytics/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4daddf25-4823-43d4-88eb-2419eb6dcc08","type":"Microsoft.Authorization/policyDefinitions","name":"4daddf25-4823-43d4-88eb-2419eb6dcc08"}'
headers:
cache-control:
- no-cache
content-length:
- - '5429'
+ - '3824'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:09:05 GMT
+ - Fri, 06 Dec 2019 22:06:21 GMT
expires:
- '-1'
pragma:
@@ -15409,16 +18855,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''655cb504-bcee-4362-bd4c-402e6aa38759'' could not be found."}}'
+ ''4f11b553-d42e-4e3a-89be-32ca364cad4c'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -15427,7 +18873,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:09:43 GMT
+ - Fri, 06 Dec 2019 22:06:23 GMT
expires:
- '-1'
pragma:
@@ -15453,34 +18899,37 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Deprecated]: Audit missing blob encryption
- for storage accounts","policyType":"BuiltIn","mode":"All","description":"This
- policy is no longer necessary because storage blob encryption is enabled by
- default and cannot be turned off.","metadata":{"category":"Security Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759","type":"Microsoft.Authorization/policyDefinitions","name":"655cb504-bcee-4362-bd4c-402e6aa38759"}'
+ string: '{"properties":{"displayName":"A maximum of 3 owners should be designated
+ for your subscription","policyType":"BuiltIn","mode":"All","description":"It
+ is recommended to designate up to 3 subscription owners in order to reduce
+ the potential for breach by a compromised owner.","metadata":{"category":"Security
+ Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateLessThanXOwners","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","type":"Microsoft.Authorization/policyDefinitions","name":"4f11b553-d42e-4e3a-89be-32ca364cad4c"}'
headers:
cache-control:
- no-cache
content-length:
- - '946'
+ - '1067'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:09:43 GMT
+ - Fri, 06 Dec 2019 22:06:23 GMT
expires:
- '-1'
pragma:
- no-cache
strict-transport-security:
- max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
vary:
- Accept-Encoding
x-content-type-options:
@@ -15502,16 +18951,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''664346d9-be92-43fb-a219-d595eeb76a90'' could not be found."}}'
+ ''4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -15520,7 +18969,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:09:43 GMT
+ - Fri, 06 Dec 2019 22:06:24 GMT
expires:
- '-1'
pragma:
@@ -15546,29 +18995,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Deprecated]: Audit IP restrictions configuration
- for a Function App","policyType":"BuiltIn","mode":"All","description":"IP
- Restrictions allow you to define a list of IP addresses that are allowed to
- access your app. Use of IP Restrictions protects a Function app from common
- attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90","type":"Microsoft.Authorization/policyDefinitions","name":"664346d9-be92-43fb-a219-d595eeb76a90"}'
+ string: '{"properties":{"displayName":"A security contact email address should
+ be provided for your subscription","policyType":"BuiltIn","mode":"All","description":"Enter
+ an email address to receive notifications when Azure Security Center detects
+ compromised resources","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/email","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7","type":"Microsoft.Authorization/policyDefinitions","name":"4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7"}'
headers:
cache-control:
- no-cache
content-length:
- - '1292'
+ - '993'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:09:43 GMT
+ - Fri, 06 Dec 2019 22:06:25 GMT
expires:
- '-1'
pragma:
@@ -15598,16 +19046,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/68511db2-bd02-41c4-ae6b-1900a012968a?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4f9dc7db-30c1-420c-b61a-e1d640128d26?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''68511db2-bd02-41c4-ae6b-1900a012968a'' could not be found."}}'
+ ''4f9dc7db-30c1-420c-b61a-e1d640128d26'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -15616,7 +19064,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:09:43 GMT
+ - Fri, 06 Dec 2019 22:06:27 GMT
expires:
- '-1'
pragma:
@@ -15642,42 +19090,32 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/68511db2-bd02-41c4-ae6b-1900a012968a?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/4f9dc7db-30c1-420c-b61a-e1d640128d26?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy prerequisites to audit
- Windows VMs on which the Log Analytics agent is not connected as expected","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Windows virtual machines
- on which the Log Analytics agent is not connected to the specified workspaces.
- It also creates a system-assigned managed identity and deploys the VM extension
- for Guest Configuration. This policy should only be used along with its corresponding
- audit policy in an initiative. For more information on Guest Configuration
- policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"WorkspaceId":{"type":"String","metadata":{"displayName":"Connected
- workspace IDs","description":"A semicolon-separated list of the workspace
- IDs that the Log Analytics agent should be connected to"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsLogAnalyticsAgentConnection","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[LogAnalyticsAgent]LogAnalyticsAgent1;WorkspaceId'',
- ''='', parameters(''WorkspaceId'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsLogAnalyticsAgentConnection"},"WorkspaceId":{"value":"[parameters(''WorkspaceId'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"WorkspaceId":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LogAnalyticsAgent]LogAnalyticsAgent1;WorkspaceId","value":"[parameters(''WorkspaceId'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LogAnalyticsAgent]LogAnalyticsAgent1;WorkspaceId","value":"[parameters(''WorkspaceId'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68511db2-bd02-41c4-ae6b-1900a012968a","type":"Microsoft.Authorization/policyDefinitions","name":"68511db2-bd02-41c4-ae6b-1900a012968a"}'
+ string: '{"properties":{"displayName":"Add a tag to resources","policyType":"BuiltIn","mode":"Indexed","description":"Adds
+ the specified tag and value when any resource missing this tag is created
+ or updated. Existing resources can be remediated by triggering a remediation
+ task. If the tag exists with a different value it will not be changed. Does
+ not modify tags on resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
+ Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","exists":"false"},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"add","field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f9dc7db-30c1-420c-b61a-e1d640128d26","type":"Microsoft.Authorization/policyDefinitions","name":"4f9dc7db-30c1-420c-b61a-e1d640128d26"}'
headers:
cache-control:
- no-cache
content-length:
- - '6015'
+ - '1235'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:09:43 GMT
+ - Fri, 06 Dec 2019 22:06:28 GMT
expires:
- '-1'
pragma:
@@ -15707,126 +19145,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/6a7a2bcf-f9be-4e35-9734-4f9657a70f1d?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''6a7a2bcf-f9be-4e35-9734-4f9657a70f1d'' could not be found."}}'
- headers:
- cache-control:
- - no-cache
- content-length:
- - '138'
- content-type:
- - application/json; charset=utf-8
- date:
- - Tue, 10 Sep 2019 00:10:32 GMT
- expires:
- - '-1'
- pragma:
- - no-cache
- strict-transport-security:
- - max-age=31536000; includeSubDomains
- x-content-type-options:
- - nosniff
- status:
- code: 404
- message: Not Found
-- request:
- body: null
- headers:
- Accept:
- - application/json
- Accept-Encoding:
- - gzip, deflate
- CommandName:
- - policy definition show
- Connection:
- - keep-alive
- ParameterSetName:
- - -n
- User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
- accept-language:
- - en-US
- method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/6a7a2bcf-f9be-4e35-9734-4f9657a70f1d?api-version=2019-06-01
- response:
- body:
- string: '{"properties":{"displayName":"[Preview]: Deploy prerequisites to audit
- Windows VMs on which Windows Defender Exploit Guard is not enabled","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Windows virtual machines
- on which Windows Defender Exploit Guard is not enabled. It also creates a
- system-assigned managed identity and deploys the VM extension for Guest Configuration.
- This policy should only be used along with its corresponding audit policy
- in an initiative. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"NotAvailableMachineState":{"type":"String","metadata":{"displayName":"State
- in which to show VMs on which Windows Defender Exploit Guard is not available","description":"Windows
- Defender Exploit Guard is only available starting with Windows 10/Windows
- Server with update 1709. Setting this value to ''Non-Compliant'' will make
- machines with older versions on which Windows Defender Exploit Guard is not
- available (such as Windows Server 2012 R2) non-compliant. Setting this value
- to ''Compliant'' will make these machines compliant."},"allowedValues":["Compliant","Non-Compliant"],"defaultValue":"Non-Compliant"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDefenderExploitGuard","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[WindowsDefenderExploitGuard]WindowsDefenderExploitGuard1;NotAvailableMachineState'',
- ''='', parameters(''NotAvailableMachineState'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDefenderExploitGuard"},"NotAvailableMachineState":{"value":"[parameters(''NotAvailableMachineState'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"NotAvailableMachineState":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsDefenderExploitGuard]WindowsDefenderExploitGuard1;NotAvailableMachineState","value":"[parameters(''NotAvailableMachineState'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsDefenderExploitGuard]WindowsDefenderExploitGuard1;NotAvailableMachineState","value":"[parameters(''NotAvailableMachineState'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a7a2bcf-f9be-4e35-9734-4f9657a70f1d","type":"Microsoft.Authorization/policyDefinitions","name":"6a7a2bcf-f9be-4e35-9734-4f9657a70f1d"}'
- headers:
- cache-control:
- - no-cache
- content-length:
- - '6557'
- content-type:
- - application/json; charset=utf-8
- date:
- - Tue, 10 Sep 2019 00:10:32 GMT
- expires:
- - '-1'
- pragma:
- - no-cache
- strict-transport-security:
- - max-age=31536000; includeSubDomains
- vary:
- - Accept-Encoding
- x-content-type-options:
- - nosniff
- status:
- code: 200
- message: OK
-- request:
- body: null
- headers:
- Accept:
- - application/json
- Accept-Encoding:
- - gzip, deflate
- CommandName:
- - policy definition show
- Connection:
- - keep-alive
- ParameterSetName:
- - -n
- User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
- accept-language:
- - en-US
- method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe?api-version=2019-06-01
- response:
- body:
- string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''6a8450e2-6c61-43b4-be65-62e3a197bffe'' could not be found."}}'
+ ''501541f7-f7e7-4cd6-868c-4190fdad3ac9'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -15835,7 +19163,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:10:44 GMT
+ - Fri, 06 Dec 2019 22:06:30 GMT
expires:
- '-1'
pragma:
@@ -15861,29 +19189,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Deprecated]: Audit IP restrictions configuration
- for a Web Application","policyType":"BuiltIn","mode":"All","description":"IP
- Restrictions allow you to define a list of IP addresses that are allowed to
- access your app. Use of IP Restrictions protects a web application from common
- attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe","type":"Microsoft.Authorization/policyDefinitions","name":"6a8450e2-6c61-43b4-be65-62e3a197bffe"}'
+ string: '{"properties":{"displayName":"[Preview] Vulnerability Assessment should
+ be enabled on Virtual Machines","policyType":"BuiltIn","mode":"All","description":"Monitors
+ vulnerabilities detected by Azure Security Center Vulnerability Assessment
+ on Virtual Machines","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"serverVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["NotApplicable","OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9","type":"Microsoft.Authorization/policyDefinitions","name":"501541f7-f7e7-4cd6-868c-4190fdad3ac9"}'
headers:
cache-control:
- no-cache
content-length:
- - '1309'
+ - '1114'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:10:44 GMT
+ - Fri, 06 Dec 2019 22:06:31 GMT
expires:
- '-1'
pragma:
@@ -15913,16 +19240,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/50b83b09-03da-41c1-b656-c293c914862b?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''6b1cbf55-e8b6-442f-ba4c-7246b6381474'' could not be found."}}'
+ ''50b83b09-03da-41c1-b656-c293c914862b'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -15931,7 +19258,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:10:45 GMT
+ - Fri, 06 Dec 2019 22:06:31 GMT
expires:
- '-1'
pragma:
@@ -15957,29 +19284,35 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/50b83b09-03da-41c1-b656-c293c914862b?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Deprecated accounts should be removed
- from your subscription","policyType":"BuiltIn","mode":"All","description":"Deprecated
- accounts should be removed from your subscriptions. Deprecated accounts are
- accounts that have been blocked from signing in.","metadata":{"category":"Security
- Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveDeprecatedAccounts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","type":"Microsoft.Authorization/policyDefinitions","name":"6b1cbf55-e8b6-442f-ba4c-7246b6381474"}'
+ string: '{"properties":{"displayName":"A custom IPsec/IKE policy must be applied
+ to all Azure virtual network gateway connections","policyType":"BuiltIn","mode":"All","description":"This
+ policy ensures that all Azure virtual network gateway connections use a custom
+ Internet Protocol Security(Ipsec)/Internet Key Exchange(IKE) policy. Supported
+ algorithms and key strengths - https://aka.ms/AA62kb0","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"IPsecEncryption":{"type":"Array","metadata":{"displayName":"IPsec
+ Encryption","description":"IPsec Encryption"}},"IPsecIntegrity":{"type":"Array","metadata":{"displayName":"IPsec
+ Integrity","description":"IPsec Integrity"}},"IKEEncryption":{"type":"Array","metadata":{"displayName":"IKE
+ Encryption","description":"IKE Encryption"}},"IKEIntegrity":{"type":"Array","metadata":{"displayName":"IKE
+ Integrity","description":"IKE Integrity"}},"DHGroup":{"type":"Array","metadata":{"displayName":"DH
+ Group","description":"DH Group"}},"PFSGroup":{"type":"Array","metadata":{"displayName":"PFS
+ Group","description":"PFS Group"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/connections"},{"anyOf":[{"field":"Microsoft.Network/connections/ipsecPolicies[*].ipsecEncryption","notIn":"[parameters(''IPsecEncryption'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ipsecIntegrity","notIn":"[parameters(''IPsecIntegrity'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ikeEncryption","notIn":"[parameters(''IKEEncryption'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].ikeIntegrity","notIn":"[parameters(''IKEIntegrity'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].dhGroup","notIn":"[parameters(''DHGroup'')]"},{"field":"Microsoft.Network/connections/ipsecPolicies[*].pfsGroup","notIn":"[parameters(''PFSGroup'')]"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/50b83b09-03da-41c1-b656-c293c914862b","type":"Microsoft.Authorization/policyDefinitions","name":"50b83b09-03da-41c1-b656-c293c914862b"}'
headers:
cache-control:
- no-cache
content-length:
- - '1073'
+ - '2246'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:10:45 GMT
+ - Fri, 06 Dec 2019 22:06:32 GMT
expires:
- '-1'
pragma:
@@ -15989,7 +19322,7 @@ interactions:
transfer-encoding:
- chunked
vary:
- - Accept-Encoding,Accept-Encoding
+ - Accept-Encoding
x-content-type-options:
- nosniff
status:
@@ -16009,16 +19342,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''6c112d4e-5bc7-47ae-a041-ea2d9dccd749'' could not be found."}}'
+ ''5345bb39-67dc-4960-a1bf-427e16b9a0bd'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -16027,7 +19360,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:10:49 GMT
+ - Fri, 06 Dec 2019 22:06:34 GMT
expires:
- '-1'
pragma:
@@ -16053,34 +19386,37 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Not allowed resource types","policyType":"BuiltIn","mode":"All","description":"This
- policy enables you to specify the resource types that your organization cannot
- deploy.","metadata":{"category":"General"},"parameters":{"listOfResourceTypesNotAllowed":{"type":"Array","metadata":{"description":"The
- list of resource types that cannot be deployed.","displayName":"Not allowed
- resource types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypesNotAllowed'')]"},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749","type":"Microsoft.Authorization/policyDefinitions","name":"6c112d4e-5bc7-47ae-a041-ea2d9dccd749"}'
+ string: '{"properties":{"displayName":"Connection throttling should be enabled
+ for PostgreSQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy helps audit any PostgreSQL databases in your environment without Connection
+ throttling enabled. This setting enables temporary connection throttling per
+ IP for too many invalid password login failures.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"connection_throttling","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd","type":"Microsoft.Authorization/policyDefinitions","name":"5345bb39-67dc-4960-a1bf-427e16b9a0bd"}'
headers:
cache-control:
- no-cache
content-length:
- - '763'
+ - '1148'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:10:49 GMT
+ - Fri, 06 Dec 2019 22:06:36 GMT
expires:
- '-1'
pragma:
- no-cache
strict-transport-security:
- max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
vary:
- Accept-Encoding
x-content-type-options:
@@ -16102,16 +19438,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab'' could not be found."}}'
+ ''5744710e-cc2f-4ee8-8809-3b11e89f4bc9'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -16120,7 +19456,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:10:50 GMT
+ - Fri, 06 Dec 2019 22:06:39 GMT
expires:
- '-1'
pragma:
@@ -16146,28 +19482,29 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Function App should only be accessible
- over HTTPS","policyType":"BuiltIn","mode":"Indexed","description":"Use of
- HTTPS ensures server/service authentication and protects data in transit from
- network layer eavesdropping attacks.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","type":"Microsoft.Authorization/policyDefinitions","name":"6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab"}'
+ string: '{"properties":{"displayName":"CORS should not allow every resource
+ to access your Web Applications","policyType":"BuiltIn","mode":"Indexed","description":"Cross-Origin
+ Resource Sharing (CORS) should not allow all domains to access your web application.
+ Allow only required domains to interact with your web app.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]","notEquals":"*"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9","type":"Microsoft.Authorization/policyDefinitions","name":"5744710e-cc2f-4ee8-8809-3b11e89f4bc9"}'
headers:
cache-control:
- no-cache
content-length:
- - '913'
+ - '1073'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:10:50 GMT
+ - Fri, 06 Dec 2019 22:06:40 GMT
expires:
- '-1'
pragma:
@@ -16197,16 +19534,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/58d94fc1-a072-47c2-bd37-9cdb38e77453?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''6e2593d9-add6-4083-9c9b-4b7d2188c899'' could not be found."}}'
+ ''58d94fc1-a072-47c2-bd37-9cdb38e77453'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -16215,7 +19552,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:10:50 GMT
+ - Fri, 06 Dec 2019 22:06:41 GMT
expires:
- '-1'
pragma:
@@ -16241,30 +19578,32 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/58d94fc1-a072-47c2-bd37-9cdb38e77453?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Email notification for high severity
- alerts should be enabled","policyType":"BuiltIn","mode":"All","description":"Enable
- emailing security alerts to the security contact, in order to have them receive
- security alert emails from Microsoft. This ensures that the right people are
- aware of any potential security issues and are able to mitigate the risks","metadata":{"category":"Security
- Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertNotifications","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","type":"Microsoft.Authorization/policyDefinitions","name":"6e2593d9-add6-4083-9c9b-4b7d2188c899"}'
+ string: '{"properties":{"displayName":"[Deprecated]: Ensure Function app is
+ using the latest version of TLS encryption","policyType":"BuiltIn","mode":"Indexed","description":"Please
+ use /providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193
+ instead. The TLS(Transport Layer Security) protocol secures transmission of
+ data over the internet using standard encryption technology. Encryption should
+ be set with the latest version of TLS. App service allows TLS 1.2 by default,
+ which is the recommended TLS level by industry standards, such as PCI DSS","metadata":{"category":"App
+ Service","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/58d94fc1-a072-47c2-bd37-9cdb38e77453","type":"Microsoft.Authorization/policyDefinitions","name":"58d94fc1-a072-47c2-bd37-9cdb38e77453"}'
headers:
cache-control:
- no-cache
content-length:
- - '1130'
+ - '1364'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:10:50 GMT
+ - Fri, 06 Dec 2019 22:06:42 GMT
expires:
- '-1'
pragma:
@@ -16294,16 +19633,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''6fdb9205-3462-4cfc-87d8-16c7860b53f4'' could not be found."}}'
+ ''5aa11bbc-5c76-4302-80e5-aba46a4282e7'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -16312,7 +19651,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:12:12 GMT
+ - Fri, 06 Dec 2019 22:06:44 GMT
expires:
- '-1'
pragma:
@@ -16338,26 +19677,30 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Allow resource creation only in Japan
- data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
- resource creation in the following locations only: Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4","type":"Microsoft.Authorization/policyDefinitions","name":"6fdb9205-3462-4cfc-87d8-16c7860b53f4"}'
+ string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
+ VMs that do not have a minimum password age of 1 day","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Windows virtual machines that do not have a minimum password age
+ of 1 day. For more information on Guest Configuration policies, please visit
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","type":"Microsoft.Authorization/policyDefinitions","name":"5aa11bbc-5c76-4302-80e5-aba46a4282e7"}'
headers:
cache-control:
- no-cache
content-length:
- - '587'
+ - '2744'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:12:12 GMT
+ - Fri, 06 Dec 2019 22:06:44 GMT
expires:
- '-1'
pragma:
@@ -16387,66 +19730,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/6fe4ef56-7576-4dc4-8e9c-26bad4b087ce?api-version=2019-06-01
- response:
- body:
- string: '{"error":{"code":"ServerTimeout","message":"The request timed out.
- Diagnostic information: timestamp ''20190910T001313Z'', subscription id ''6e96e86b-389d-47df-926f-699d040c58f7'',
- tracking id ''507a5083-5aa1-46c4-966e-c83a8e49b434'', request correlation
- id ''507a5083-5aa1-46c4-966e-c83a8e49b434''."}}'
- headers:
- cache-control:
- - no-cache
- connection:
- - close
- content-length:
- - '294'
- content-type:
- - application/json; charset=utf-8
- date:
- - Tue, 10 Sep 2019 00:13:29 GMT
- expires:
- - '-1'
- pragma:
- - no-cache
- strict-transport-security:
- - max-age=31536000; includeSubDomains
- x-content-type-options:
- - nosniff
- x-ms-failure-cause:
- - gateway
- status:
- code: 503
- message: Service Unavailable
-- request:
- body: null
- headers:
- Accept:
- - application/json
- Accept-Encoding:
- - gzip, deflate
- CommandName:
- - policy definition show
- Connection:
- - keep-alive
- ParameterSetName:
- - -n
- User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
- accept-language:
- - en-US
- method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/6fe4ef56-7576-4dc4-8e9c-26bad4b087ce?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''6fe4ef56-7576-4dc4-8e9c-26bad4b087ce'' could not be found."}}'
+ ''5aebc8d1-020d-4037-89a0-02043a7524ec'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -16455,7 +19748,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:14:52 GMT
+ - Fri, 06 Dec 2019 22:06:45 GMT
expires:
- '-1'
pragma:
@@ -16481,31 +19774,30 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/6fe4ef56-7576-4dc4-8e9c-26bad4b087ce?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec?api-version=2019-09-01
response:
body:
string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
- VMs configurations in ''Security Options - Microsoft Network Server''","policyType":"BuiltIn","mode":"All","description":"This
+ VMs that do not restrict the minimum password length to 14 characters","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines with non-compliant settings in Group Policy
- category: ''Security Options - Microsoft Network Server''. For more information
- on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkServer","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fe4ef56-7576-4dc4-8e9c-26bad4b087ce","type":"Microsoft.Authorization/policyDefinitions","name":"6fe4ef56-7576-4dc4-8e9c-26bad4b087ce"}'
+ auditing Windows virtual machines that do not restrict the minimum password
+ length to 14 characters. For more information on Guest Configuration policies,
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","type":"Microsoft.Authorization/policyDefinitions","name":"5aebc8d1-020d-4037-89a0-02043a7524ec"}'
headers:
cache-control:
- no-cache
content-length:
- - '2693'
+ - '2781'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:14:56 GMT
+ - Fri, 06 Dec 2019 22:06:46 GMT
expires:
- '-1'
pragma:
@@ -16535,16 +19827,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/7040a231-fb65-4412-8c0a-b365f4866c24?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''7040a231-fb65-4412-8c0a-b365f4866c24'' could not be found."}}'
+ ''5b842acb-0fe7-41b0-9f40-880ec4ad84d8'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -16553,7 +19845,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:14:56 GMT
+ - Fri, 06 Dec 2019 22:06:49 GMT
expires:
- '-1'
pragma:
@@ -16579,136 +19871,30 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/7040a231-fb65-4412-8c0a-b365f4866c24?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
- Windows VMs configurations in ''Windows Components''","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Windows virtual machines
- with non-compliant settings in Group Policy category: ''Windows Components''.
- It also creates a system-assigned managed identity and deploys the VM extension
- for Guest Configuration. This policy should only be used along with its corresponding
- audit policy in an initiative. For more information on Guest Configuration
- policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"SendFileSamplesWhenFurtherAnalysisIsRequired":{"type":"String","metadata":{"displayName":"Send
- file samples when further analysis is required","description":"Specifies whether
- and how Windows Defender will submit samples of suspected malware to Microsoft
- for further analysis when opt-in for MAPS telemetry is set."},"defaultValue":"1"},"AllowIndexingOfEncryptedFiles":{"type":"String","metadata":{"displayName":"Allow
- indexing of encrypted files","description":"Specifies whether encrypted items
- are allowed to be indexed."},"defaultValue":"0"},"AllowTelemetry":{"type":"String","metadata":{"displayName":"Allow
- Telemetry","description":"Specifies configuration of the amount of diagnostic
- and usage data reported to Microsoft. The data is transmitted securely and
- sensitive data is not sent."},"defaultValue":"2"},"AllowUnencryptedTraffic":{"type":"String","metadata":{"displayName":"Allow
- unencrypted traffic","description":"Specifies whether the Windows Remote Management
- (WinRM) service sends and receives unencrypted messages over the network."},"defaultValue":"0"},"AlwaysInstallWithElevatedPrivileges":{"type":"String","metadata":{"displayName":"Always
- install with elevated privileges","description":"Specifies whether Windows
- Installer should use system permissions when it installs any program on the
- system."},"defaultValue":"0"},"AlwaysPromptForPasswordUponConnection":{"type":"String","metadata":{"displayName":"Always
- prompt for password upon connection","description":"Specifies whether Terminal
- Services/Remote Desktop Connection always prompts the client computer for
- a password upon connection."},"defaultValue":"1"},"ApplicationSpecifyTheMaximumLogFileSizeKB":{"type":"String","metadata":{"displayName":"Application:
- Specify the maximum log file size (KB)","description":"Specifies the maximum
- size for the Application event log in kilobytes."},"defaultValue":"32768"},"AutomaticallySendMemoryDumpsForOSgeneratedErrorReports":{"type":"String","metadata":{"displayName":"Automatically
- send memory dumps for OS-generated error reports","description":"Specifies
- if memory dumps in support of OS-generated error reports can be sent to Microsoft
- automatically."},"defaultValue":"1"},"ConfigureDefaultConsent":{"type":"String","metadata":{"displayName":"Configure
- Default consent","description":"Specifies setting of the default consent handling
- for error reports sent to Microsoft."},"defaultValue":"4"},"ConfigureWindowsSmartScreen":{"type":"String","metadata":{"displayName":"Configure
- Windows SmartScreen","description":"Specifies how to manage the behavior of
- Windows SmartScreen. Windows SmartScreen helps keep PCs safer by warning users
- before running unrecognized programs downloaded from the Internet. Some information
- is sent to Microsoft about files and programs run on PCs with this feature
- enabled."},"defaultValue":"1"},"DisallowDigestAuthentication":{"type":"String","metadata":{"displayName":"Disallow
- Digest authentication","description":"Specifies whether the Windows Remote
- Management (WinRM) client will not use Digest authentication."},"defaultValue":"0"},"DisallowWinRMFromStoringRunAsCredentials":{"type":"String","metadata":{"displayName":"Disallow
- WinRM from storing RunAs credentials","description":"Specifies whether the
- Windows Remote Management (WinRM) service will not allow RunAs credentials
- to be stored for any plug-ins."},"defaultValue":"1"},"DoNotAllowPasswordsToBeSaved":{"type":"String","metadata":{"displayName":"Do
- not allow passwords to be saved","description":"Specifies whether to prevent
- Remote Desktop Services - Terminal Services clients from saving passwords
- on a computer."},"defaultValue":"1"},"SecuritySpecifyTheMaximumLogFileSizeKB":{"type":"String","metadata":{"displayName":"Security:
- Specify the maximum log file size (KB)","description":"Specifies the maximum
- size for the Security event log in kilobytes."},"defaultValue":"196608"},"SetClientConnectionEncryptionLevel":{"type":"String","metadata":{"displayName":"Set
- client connection encryption level","description":"Specifies whether to require
- the use of a specific encryption level to secure communications between client
- computers and RD Session Host servers during Remote Desktop Protocol (RDP)
- connections. This policy only applies when you are using native RDP encryption."},"defaultValue":"3"},"SetTheDefaultBehaviorForAutoRun":{"type":"String","metadata":{"displayName":"Set
- the default behavior for AutoRun","description":"Specifies the default behavior
- for Autorun commands. Autorun commands are generally stored in autorun.inf
- files. They often launch the installation program or other routines."},"defaultValue":"1"},"SetupSpecifyTheMaximumLogFileSizeKB":{"type":"String","metadata":{"displayName":"Setup:
- Specify the maximum log file size (KB)","description":"Specifies the maximum
- size for the Setup event log in kilobytes."},"defaultValue":"32768"},"SystemSpecifyTheMaximumLogFileSizeKB":{"type":"String","metadata":{"displayName":"System:
- Specify the maximum log file size (KB)","description":"Specifies the maximum
- size for the System event log in kilobytes."},"defaultValue":"32768"},"TurnOffDataExecutionPreventionForExplorer":{"type":"String","metadata":{"displayName":"Turn
- off Data Execution Prevention for Explorer","description":"Specifies whether
- to turn off Data Execution Prevention for Windows File Explorer. Disabling
- data execution prevention can allow certain legacy plug-in applications to
- function without terminating Explorer."},"defaultValue":"0"},"SpecifyTheIntervalToCheckForDefinitionUpdates":{"type":"String","metadata":{"displayName":"Specify
- the interval to check for definition updates","description":"Specifies an
- interval at which to check for Windows Defender definition updates. The time
- value is represented as the number of hours between update checks."},"defaultValue":"8"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsComponents","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''Send
- file samples when further analysis is required;ExpectedValue'', ''='', parameters(''SendFileSamplesWhenFurtherAnalysisIsRequired''),
- '','', ''Allow indexing of encrypted files;ExpectedValue'', ''='', parameters(''AllowIndexingOfEncryptedFiles''),
- '','', ''Allow Telemetry;ExpectedValue'', ''='', parameters(''AllowTelemetry''),
- '','', ''Allow unencrypted traffic;ExpectedValue'', ''='', parameters(''AllowUnencryptedTraffic''),
- '','', ''Always install with elevated privileges;ExpectedValue'', ''='', parameters(''AlwaysInstallWithElevatedPrivileges''),
- '','', ''Always prompt for password upon connection;ExpectedValue'', ''='',
- parameters(''AlwaysPromptForPasswordUponConnection''), '','', ''Application:
- Specify the maximum log file size (KB);ExpectedValue'', ''='', parameters(''ApplicationSpecifyTheMaximumLogFileSizeKB''),
- '','', ''Automatically send memory dumps for OS-generated error reports;ExpectedValue'',
- ''='', parameters(''AutomaticallySendMemoryDumpsForOSgeneratedErrorReports''),
- '','', ''Configure Default consent;ExpectedValue'', ''='', parameters(''ConfigureDefaultConsent''),
- '','', ''Configure Windows SmartScreen;ExpectedValue'', ''='', parameters(''ConfigureWindowsSmartScreen''),
- '','', ''Disallow Digest authentication;ExpectedValue'', ''='', parameters(''DisallowDigestAuthentication''),
- '','', ''Disallow WinRM from storing RunAs credentials;ExpectedValue'', ''='',
- parameters(''DisallowWinRMFromStoringRunAsCredentials''), '','', ''Do not
- allow passwords to be saved;ExpectedValue'', ''='', parameters(''DoNotAllowPasswordsToBeSaved''),
- '','', ''Security: Specify the maximum log file size (KB);ExpectedValue'',
- ''='', parameters(''SecuritySpecifyTheMaximumLogFileSizeKB''), '','', ''Set
- client connection encryption level;ExpectedValue'', ''='', parameters(''SetClientConnectionEncryptionLevel''),
- '','', ''Set the default behavior for AutoRun;ExpectedValue'', ''='', parameters(''SetTheDefaultBehaviorForAutoRun''),
- '','', ''Setup: Specify the maximum log file size (KB);ExpectedValue'', ''='',
- parameters(''SetupSpecifyTheMaximumLogFileSizeKB''), '','', ''System: Specify
- the maximum log file size (KB);ExpectedValue'', ''='', parameters(''SystemSpecifyTheMaximumLogFileSizeKB''),
- '','', ''Turn off Data Execution Prevention for Explorer;ExpectedValue'',
- ''='', parameters(''TurnOffDataExecutionPreventionForExplorer''), '','', ''Specify
- the interval to check for definition updates;ExpectedValue'', ''='', parameters(''SpecifyTheIntervalToCheckForDefinitionUpdates'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_WindowsComponents"},"SendFileSamplesWhenFurtherAnalysisIsRequired":{"value":"[parameters(''SendFileSamplesWhenFurtherAnalysisIsRequired'')]"},"AllowIndexingOfEncryptedFiles":{"value":"[parameters(''AllowIndexingOfEncryptedFiles'')]"},"AllowTelemetry":{"value":"[parameters(''AllowTelemetry'')]"},"AllowUnencryptedTraffic":{"value":"[parameters(''AllowUnencryptedTraffic'')]"},"AlwaysInstallWithElevatedPrivileges":{"value":"[parameters(''AlwaysInstallWithElevatedPrivileges'')]"},"AlwaysPromptForPasswordUponConnection":{"value":"[parameters(''AlwaysPromptForPasswordUponConnection'')]"},"ApplicationSpecifyTheMaximumLogFileSizeKB":{"value":"[parameters(''ApplicationSpecifyTheMaximumLogFileSizeKB'')]"},"AutomaticallySendMemoryDumpsForOSgeneratedErrorReports":{"value":"[parameters(''AutomaticallySendMemoryDumpsForOSgeneratedErrorReports'')]"},"ConfigureDefaultConsent":{"value":"[parameters(''ConfigureDefaultConsent'')]"},"ConfigureWindowsSmartScreen":{"value":"[parameters(''ConfigureWindowsSmartScreen'')]"},"DisallowDigestAuthentication":{"value":"[parameters(''DisallowDigestAuthentication'')]"},"DisallowWinRMFromStoringRunAsCredentials":{"value":"[parameters(''DisallowWinRMFromStoringRunAsCredentials'')]"},"DoNotAllowPasswordsToBeSaved":{"value":"[parameters(''DoNotAllowPasswordsToBeSaved'')]"},"SecuritySpecifyTheMaximumLogFileSizeKB":{"value":"[parameters(''SecuritySpecifyTheMaximumLogFileSizeKB'')]"},"SetClientConnectionEncryptionLevel":{"value":"[parameters(''SetClientConnectionEncryptionLevel'')]"},"SetTheDefaultBehaviorForAutoRun":{"value":"[parameters(''SetTheDefaultBehaviorForAutoRun'')]"},"SetupSpecifyTheMaximumLogFileSizeKB":{"value":"[parameters(''SetupSpecifyTheMaximumLogFileSizeKB'')]"},"SystemSpecifyTheMaximumLogFileSizeKB":{"value":"[parameters(''SystemSpecifyTheMaximumLogFileSizeKB'')]"},"TurnOffDataExecutionPreventionForExplorer":{"value":"[parameters(''TurnOffDataExecutionPreventionForExplorer'')]"},"SpecifyTheIntervalToCheckForDefinitionUpdates":{"value":"[parameters(''SpecifyTheIntervalToCheckForDefinitionUpdates'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"SendFileSamplesWhenFurtherAnalysisIsRequired":{"type":"string"},"AllowIndexingOfEncryptedFiles":{"type":"string"},"AllowTelemetry":{"type":"string"},"AllowUnencryptedTraffic":{"type":"string"},"AlwaysInstallWithElevatedPrivileges":{"type":"string"},"AlwaysPromptForPasswordUponConnection":{"type":"string"},"ApplicationSpecifyTheMaximumLogFileSizeKB":{"type":"string"},"AutomaticallySendMemoryDumpsForOSgeneratedErrorReports":{"type":"string"},"ConfigureDefaultConsent":{"type":"string"},"ConfigureWindowsSmartScreen":{"type":"string"},"DisallowDigestAuthentication":{"type":"string"},"DisallowWinRMFromStoringRunAsCredentials":{"type":"string"},"DoNotAllowPasswordsToBeSaved":{"type":"string"},"SecuritySpecifyTheMaximumLogFileSizeKB":{"type":"string"},"SetClientConnectionEncryptionLevel":{"type":"string"},"SetTheDefaultBehaviorForAutoRun":{"type":"string"},"SetupSpecifyTheMaximumLogFileSizeKB":{"type":"string"},"SystemSpecifyTheMaximumLogFileSizeKB":{"type":"string"},"TurnOffDataExecutionPreventionForExplorer":{"type":"string"},"SpecifyTheIntervalToCheckForDefinitionUpdates":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Send
- file samples when further analysis is required;ExpectedValue","value":"[parameters(''SendFileSamplesWhenFurtherAnalysisIsRequired'')]"},{"name":"Allow
- indexing of encrypted files;ExpectedValue","value":"[parameters(''AllowIndexingOfEncryptedFiles'')]"},{"name":"Allow
- Telemetry;ExpectedValue","value":"[parameters(''AllowTelemetry'')]"},{"name":"Allow
- unencrypted traffic;ExpectedValue","value":"[parameters(''AllowUnencryptedTraffic'')]"},{"name":"Always
- install with elevated privileges;ExpectedValue","value":"[parameters(''AlwaysInstallWithElevatedPrivileges'')]"},{"name":"Always
- prompt for password upon connection;ExpectedValue","value":"[parameters(''AlwaysPromptForPasswordUponConnection'')]"},{"name":"Application:
- Specify the maximum log file size (KB);ExpectedValue","value":"[parameters(''ApplicationSpecifyTheMaximumLogFileSizeKB'')]"},{"name":"Automatically
- send memory dumps for OS-generated error reports;ExpectedValue","value":"[parameters(''AutomaticallySendMemoryDumpsForOSgeneratedErrorReports'')]"},{"name":"Configure
- Default consent;ExpectedValue","value":"[parameters(''ConfigureDefaultConsent'')]"},{"name":"Configure
- Windows SmartScreen;ExpectedValue","value":"[parameters(''ConfigureWindowsSmartScreen'')]"},{"name":"Disallow
- Digest authentication;ExpectedValue","value":"[parameters(''DisallowDigestAuthentication'')]"},{"name":"Disallow
- WinRM from storing RunAs credentials;ExpectedValue","value":"[parameters(''DisallowWinRMFromStoringRunAsCredentials'')]"},{"name":"Do
- not allow passwords to be saved;ExpectedValue","value":"[parameters(''DoNotAllowPasswordsToBeSaved'')]"},{"name":"Security:
- Specify the maximum log file size (KB);ExpectedValue","value":"[parameters(''SecuritySpecifyTheMaximumLogFileSizeKB'')]"},{"name":"Set
- client connection encryption level;ExpectedValue","value":"[parameters(''SetClientConnectionEncryptionLevel'')]"},{"name":"Set
- the default behavior for AutoRun;ExpectedValue","value":"[parameters(''SetTheDefaultBehaviorForAutoRun'')]"},{"name":"Setup:
- Specify the maximum log file size (KB);ExpectedValue","value":"[parameters(''SetupSpecifyTheMaximumLogFileSizeKB'')]"},{"name":"System:
- Specify the maximum log file size (KB);ExpectedValue","value":"[parameters(''SystemSpecifyTheMaximumLogFileSizeKB'')]"},{"name":"Turn
- off Data Execution Prevention for Explorer;ExpectedValue","value":"[parameters(''TurnOffDataExecutionPreventionForExplorer'')]"},{"name":"Specify
- the interval to check for definition updates;ExpectedValue","value":"[parameters(''SpecifyTheIntervalToCheckForDefinitionUpdates'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7040a231-fb65-4412-8c0a-b365f4866c24","type":"Microsoft.Authorization/policyDefinitions","name":"7040a231-fb65-4412-8c0a-b365f4866c24"}'
+ string: '{"properties":{"displayName":"Show audit results from Linux VMs that
+ have the specified applications installed","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Linux virtual machines that have the specified applications installed.
+ For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"not_installed_application_linux","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8","type":"Microsoft.Authorization/policyDefinitions","name":"5b842acb-0fe7-41b0-9f40-880ec4ad84d8"}'
headers:
cache-control:
- no-cache
content-length:
- - '18346'
+ - '3182'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:14:56 GMT
+ - Fri, 06 Dec 2019 22:06:50 GMT
expires:
- '-1'
pragma:
@@ -16718,7 +19904,7 @@ interactions:
transfer-encoding:
- chunked
vary:
- - Accept-Encoding,Accept-Encoding
+ - Accept-Encoding
x-content-type-options:
- nosniff
status:
@@ -16738,16 +19924,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/7066131b-61a6-4917-a7e4-72e8983f0aa6?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''7066131b-61a6-4917-a7e4-72e8983f0aa6'' could not be found."}}'
+ ''5bb220d9-2698-4ee4-8404-b9c30c9df609'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -16756,7 +19942,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:14:57 GMT
+ - Fri, 06 Dec 2019 22:06:52 GMT
expires:
- '-1'
pragma:
@@ -16782,31 +19968,29 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/7066131b-61a6-4917-a7e4-72e8983f0aa6?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
- VMs configurations in ''System Audit Policies - System''","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines with non-compliant settings in Group Policy
- category: ''System Audit Policies - System''. For more information on Guest
- Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7066131b-61a6-4917-a7e4-72e8983f0aa6","type":"Microsoft.Authorization/policyDefinitions","name":"7066131b-61a6-4917-a7e4-72e8983f0aa6"}'
+ string: '{"properties":{"displayName":"Ensure WEB app has ''Client Certificates
+ (Incoming client certificates)'' set to ''On''","policyType":"BuiltIn","mode":"Indexed","description":"Client
+ certificates allow for the app to request a certificate for incoming requests.
+ Only clients that have a valid certificate will be able to reach the app.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"},{"field":"Microsoft.Web/sites/clientCertEnabled","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609","type":"Microsoft.Authorization/policyDefinitions","name":"5bb220d9-2698-4ee4-8404-b9c30c9df609"}'
headers:
cache-control:
- no-cache
content-length:
- - '2655'
+ - '985'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:14:57 GMT
+ - Fri, 06 Dec 2019 22:06:53 GMT
expires:
- '-1'
pragma:
@@ -16836,16 +20020,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/7227ebe5-9ff7-47ab-b823-171cd02fb90f?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5bb36dda-8a78-4df9-affd-4f05a8612a8a?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''7227ebe5-9ff7-47ab-b823-171cd02fb90f'' could not be found."}}'
+ ''5bb36dda-8a78-4df9-affd-4f05a8612a8a'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -16854,7 +20038,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:14:57 GMT
+ - Fri, 06 Dec 2019 22:06:55 GMT
expires:
- '-1'
pragma:
@@ -16880,31 +20064,52 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/7227ebe5-9ff7-47ab-b823-171cd02fb90f?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/5bb36dda-8a78-4df9-affd-4f05a8612a8a?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
- VMs on which the DSC configuration is not compliant","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Windows VMs on which the Desired State Configuration (DSC) configuration
- is not compliant. This policy is only applicable to machines with WMF 4 and
- above. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDscConfiguration","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7227ebe5-9ff7-47ab-b823-171cd02fb90f","type":"Microsoft.Authorization/policyDefinitions","name":"7227ebe5-9ff7-47ab-b823-171cd02fb90f"}'
+ string: '{"properties":{"displayName":"[Preview]: Deploy prerequisites to audit
+ Windows VMs on which the remote host connection status does not match the
+ specified one","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Windows virtual machines
+ on which the remote host connection status does not match the specified one.
+ It also creates a system-assigned managed identity and deploys the VM extension
+ for Guest Configuration. This policy should only be used along with its corresponding
+ audit policy in an initiative. For more information on Guest Configuration
+ policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"host":{"type":"String","metadata":{"displayName":"Remote
+ Host Name","description":"Specifies the Domain Name System (DNS) name or IP
+ address of the remote host machine."}},"port":{"type":"String","metadata":{"displayName":"Port","description":"The
+ TCP port number on the remote host name."}},"shouldConnect":{"type":"String","metadata":{"displayName":"Should
+ connect to remote host","description":"Must be ''True'' or ''False''. ''True''
+ indicates that the virtual machine should be able to establish a connection
+ with the remote host specified, so the machine will be non-compliant if it
+ cannot establish a connection. ''False'' indicates that the virtual machine
+ should not be able to establish a connection with the remote host specified,
+ so the machine will be non-compliant if it can establish a connection."},"allowedValues":["True","False"],"defaultValue":"False"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsRemoteConnection","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[WindowsRemoteConnection]WindowsRemoteConnection1;host'',
+ ''='', parameters(''host''), '','', ''[WindowsRemoteConnection]WindowsRemoteConnection1;port'',
+ ''='', parameters(''port''), '','', ''[WindowsRemoteConnection]WindowsRemoteConnection1;shouldConnect'',
+ ''='', parameters(''shouldConnect'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsRemoteConnection"},"host":{"value":"[parameters(''host'')]"},"port":{"value":"[parameters(''port'')]"},"shouldConnect":{"value":"[parameters(''shouldConnect'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"host":{"type":"string"},"port":{"type":"string"},"shouldConnect":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;host","value":"[parameters(''host'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;port","value":"[parameters(''port'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;shouldConnect","value":"[parameters(''shouldConnect'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;host","value":"[parameters(''host'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;port","value":"[parameters(''port'')]"},{"name":"[WindowsRemoteConnection]WindowsRemoteConnection1;shouldConnect","value":"[parameters(''shouldConnect'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5bb36dda-8a78-4df9-affd-4f05a8612a8a","type":"Microsoft.Authorization/policyDefinitions","name":"5bb36dda-8a78-4df9-affd-4f05a8612a8a"}'
headers:
cache-control:
- no-cache
content-length:
- - '2829'
+ - '7489'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:14:57 GMT
+ - Fri, 06 Dec 2019 22:06:56 GMT
expires:
- '-1'
pragma:
@@ -16934,16 +20139,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/7229bd6a-693d-478a-87f0-1dc1af06f3b8?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5c028d2a-1889-45f6-b821-31f42711ced8?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''7229bd6a-693d-478a-87f0-1dc1af06f3b8'' could not be found."}}'
+ ''5c028d2a-1889-45f6-b821-31f42711ced8'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -16952,7 +20157,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:14:58 GMT
+ - Fri, 06 Dec 2019 22:06:56 GMT
expires:
- '-1'
pragma:
@@ -16978,31 +20183,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/7229bd6a-693d-478a-87f0-1dc1af06f3b8?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/5c028d2a-1889-45f6-b821-31f42711ced8?api-version=2019-09-01
response:
body:
string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
- VMs configurations in ''Administrative Templates - Network''","policyType":"BuiltIn","mode":"All","description":"This
+ VMs configurations in ''Security Options - Network Security''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
auditing Windows virtual machines with non-compliant settings in Group Policy
- category: ''Administrative Templates - Network''. For more information on
+ category: ''Security Options - Network Security''. For more information on
Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesNetwork","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7229bd6a-693d-478a-87f0-1dc1af06f3b8","type":"Microsoft.Authorization/policyDefinitions","name":"7229bd6a-693d-478a-87f0-1dc1af06f3b8"}'
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsNetworkSecurity","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c028d2a-1889-45f6-b821-31f42711ced8","type":"Microsoft.Authorization/policyDefinitions","name":"5c028d2a-1889-45f6-b821-31f42711ced8"}'
headers:
cache-control:
- no-cache
content-length:
- - '2668'
+ - '2670'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:14:58 GMT
+ - Fri, 06 Dec 2019 22:06:57 GMT
expires:
- '-1'
pragma:
@@ -17032,16 +20237,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''726671ac-c4de-4908-8c7d-6043ae62e3b6'' could not be found."}}'
+ ''5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -17050,7 +20255,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:14:58 GMT
+ - Fri, 06 Dec 2019 22:06:59 GMT
expires:
- '-1'
pragma:
@@ -17076,38 +20281,32 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy prerequisites to audit
- Windows VMs that allow re-use of the previous 24 passwords","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Windows virtual machines
- that allow re-use of the previous 24 passwords. It also creates a system-assigned
- managed identity and deploys the VM extension for Guest Configuration. This
- policy should only be used along with its corresponding audit policy in an
- initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"EnforcePasswordHistory"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","type":"Microsoft.Authorization/policyDefinitions","name":"726671ac-c4de-4908-8c7d-6043ae62e3b6"}'
+ string: '{"properties":{"displayName":"[Preview]: Audit Log Analytics Agent
+ Deployment in VMSS - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports
+ VMSS as non-compliant if the VM Image (OS) is not in the list defined and
+ the agent is not installed. The list of OS images will be updated over time
+ as support is updated.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude_windows":{"type":"Array","metadata":{"displayName":"Optional:
+ List of VM images that have supported Windows OS to add to scope","description":"Example
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
+ List of VM images that have supported Linux OS to add to scope","description":"Example
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","type":"Microsoft.Authorization/policyDefinitions","name":"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138"}'
headers:
cache-control:
- no-cache
content-length:
- - '5172'
+ - '5958'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:14:58 GMT
+ - Fri, 06 Dec 2019 22:07:00 GMT
expires:
- '-1'
pragma:
@@ -17137,111 +20336,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''7433c107-6db4-4ad1-b57a-a76dce0154a1'' could not be found."}}'
- headers:
- cache-control:
- - no-cache
- content-length:
- - '138'
- content-type:
- - application/json; charset=utf-8
- date:
- - Tue, 10 Sep 2019 00:14:59 GMT
- expires:
- - '-1'
- pragma:
- - no-cache
- strict-transport-security:
- - max-age=31536000; includeSubDomains
- x-content-type-options:
- - nosniff
- status:
- code: 404
- message: Not Found
-- request:
- body: null
- headers:
- Accept:
- - application/json
- Accept-Encoding:
- - gzip, deflate
- CommandName:
- - policy definition show
- Connection:
- - keep-alive
- ParameterSetName:
- - -n
- User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
- accept-language:
- - en-US
- method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1?api-version=2019-06-01
- response:
- body:
- string: '{"properties":{"displayName":"Allowed storage account SKUs","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy enables you to specify a set of storage account SKUs that your organization
- can deploy.","metadata":{"category":"Storage"},"parameters":{"listOfAllowedSKUs":{"type":"Array","metadata":{"description":"The
- list of SKUs that can be specified for storage accounts.","displayName":"Allowed
- SKUs","strongType":"StorageSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1","type":"Microsoft.Authorization/policyDefinitions","name":"7433c107-6db4-4ad1-b57a-a76dce0154a1"}'
- headers:
- cache-control:
- - no-cache
- content-length:
- - '866'
- content-type:
- - application/json; charset=utf-8
- date:
- - Tue, 10 Sep 2019 00:14:59 GMT
- expires:
- - '-1'
- pragma:
- - no-cache
- strict-transport-security:
- - max-age=31536000; includeSubDomains
- transfer-encoding:
- - chunked
- vary:
- - Accept-Encoding,Accept-Encoding
- x-content-type-options:
- - nosniff
- status:
- code: 200
- message: OK
-- request:
- body: null
- headers:
- Accept:
- - application/json
- Accept-Encoding:
- - gzip, deflate
- CommandName:
- - policy definition show
- Connection:
- - keep-alive
- ParameterSetName:
- - -n
- User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
- accept-language:
- - en-US
- method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac?api-version=2019-06-01
- response:
- body:
- string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''752c6934-9bcc-4749-b004-655e676ae2ac'' could not be found."}}'
+ ''5c607a2e-c700-4744-8254-d77e7c9eb5e4'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -17250,7 +20354,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:16:39 GMT
+ - Fri, 06 Dec 2019 22:07:01 GMT
expires:
- '-1'
pragma:
@@ -17276,29 +20380,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Deprecated]: Audit enabling of diagnostic
- logs in App Services","policyType":"BuiltIn","mode":"All","description":"Audit
- enabling of diagnostic logs on the app. This enables you to recreate activity
- trails for investigation purposes if a security incident occurs or your network
- is compromised","metadata":{"category":"App Service","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites/config"},{"field":"name","equals":"web"},{"anyOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","notEquals":"true"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac","type":"Microsoft.Authorization/policyDefinitions","name":"752c6934-9bcc-4749-b004-655e676ae2ac"}'
+ string: '{"properties":{"displayName":"External accounts with write permissions
+ should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"External
+ accounts with write privileges should be removed from your subscription in
+ order to prevent unmonitored access.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","type":"Microsoft.Authorization/policyDefinitions","name":"5c607a2e-c700-4744-8254-d77e7c9eb5e4"}'
headers:
cache-control:
- no-cache
content-length:
- - '1209'
+ - '1096'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:16:39 GMT
+ - Fri, 06 Dec 2019 22:07:02 GMT
expires:
- '-1'
pragma:
@@ -17328,16 +20431,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''760a85ff-6162-42b3-8d70-698e268f648c'' could not be found."}}'
+ ''5df82f4f-773a-4a2d-97a2-422a806f1a55'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -17346,7 +20449,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:16:40 GMT
+ - Fri, 06 Dec 2019 22:07:03 GMT
expires:
- '-1'
pragma:
@@ -17372,29 +20475,29 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Vulnerabilities should be remediated
- by a Vulnerability Assessment solution","policyType":"BuiltIn","mode":"All","description":"Monitors
- vulnerabilities detected by Vulnerability Assessment solution and VMs without
- a Vulnerability Assessment solution in Azure Security Center as recommendations.","metadata":{"category":"Security
- Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"vulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","type":"Microsoft.Authorization/policyDefinitions","name":"760a85ff-6162-42b3-8d70-698e268f648c"}'
+ string: '{"properties":{"displayName":"[Deprecated]: Function App should only
+ be accessible over HTTPS","policyType":"BuiltIn","mode":"All","description":"Use
+ of HTTPS ensures server/service authentication and protects data in transit
+ from network layer eavesdropping attacks.","metadata":{"category":"Security
+ Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForFunctionApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55","type":"Microsoft.Authorization/policyDefinitions","name":"5df82f4f-773a-4a2d-97a2-422a806f1a55"}'
headers:
cache-control:
- no-cache
content-length:
- - '1159'
+ - '1230'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:16:40 GMT
+ - Fri, 06 Dec 2019 22:07:05 GMT
expires:
- '-1'
pragma:
@@ -17424,16 +20527,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''765266ab-e40e-4c61-bcb2-5a5275d0b7c0'' could not be found."}}'
+ ''5e3315e0-a414-4efb-a4d2-c7bd2b0443d2'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -17442,7 +20545,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:16:41 GMT
+ - Fri, 06 Dec 2019 22:07:06 GMT
expires:
- '-1'
pragma:
@@ -17468,33 +20571,29 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy Dependency Agent for
- Linux VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
- Dependency Agent for Linux VM Scale Sets if the VM Image (OS) is in the list
- defined and the agent is not installed. Note: if your scale set upgradePolicy
- is set to Manual, you need to apply the extension to the all VMs in the set
- by calling upgrade on them. In CLI this would be az vmss update-instances.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional:
- List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.7"},"resources":[{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","name":"[concat(parameters(''vmName''),
- ''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0","type":"Microsoft.Authorization/policyDefinitions","name":"765266ab-e40e-4c61-bcb2-5a5275d0b7c0"}'
+ string: '{"properties":{"displayName":"[Deprecated]: Audit Web Applications
+ that are not using latest supported .NET Framework","policyType":"BuiltIn","mode":"All","description":"Use
+ the latest supported .NET Framework version for the latest security classes.
+ Using older classes and types can make your application vulnerable.","metadata":{"category":"Security
+ Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestDotNet","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2","type":"Microsoft.Authorization/policyDefinitions","name":"5e3315e0-a414-4efb-a4d2-c7bd2b0443d2"}'
headers:
cache-control:
- no-cache
content-length:
- - '4223'
+ - '1299'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:16:41 GMT
+ - Fri, 06 Dec 2019 22:07:07 GMT
expires:
- '-1'
pragma:
@@ -17524,16 +20623,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''7796937f-307b-4598-941c-67d3a05ebfe7'' could not be found."}}'
+ ''5e393799-e3ca-4e43-a9a5-0ec4648a57d9'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -17542,7 +20641,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:16:41 GMT
+ - Fri, 06 Dec 2019 22:07:11 GMT
expires:
- '-1'
pragma:
@@ -17568,29 +20667,30 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Azure subscriptions should have a log
- profile for Activity Log","policyType":"BuiltIn","mode":"All","description":"This
- policy ensures if a log profile is enabled for exporting activity logs. It
- audits if there is no log profile created to export the logs either to a storage
- account or to an event hub.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"field":"Microsoft.Insights/logProfiles/categories","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","type":"Microsoft.Authorization/policyDefinitions","name":"7796937f-307b-4598-941c-67d3a05ebfe7"}'
+ string: '{"properties":{"displayName":"Show audit results from Windows VMs that
+ do not have the specified applications installed","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Windows virtual machines that do not have the specified applications
+ installed. For more information on Guest Configuration policies, please visit
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WhitelistedApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9","type":"Microsoft.Authorization/policyDefinitions","name":"5e393799-e3ca-4e43-a9a5-0ec4648a57d9"}'
headers:
cache-control:
- no-cache
content-length:
- - '1057'
+ - '2747'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:16:42 GMT
+ - Fri, 06 Dec 2019 22:07:12 GMT
expires:
- '-1'
pragma:
@@ -17620,16 +20720,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/7a031c68-d6ab-406e-a506-697a19c634b0?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''7a031c68-d6ab-406e-a506-697a19c634b0'' could not be found."}}'
+ ''5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -17638,7 +20738,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:16:42 GMT
+ - Fri, 06 Dec 2019 22:07:14 GMT
expires:
- '-1'
pragma:
@@ -17664,46 +20764,27 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/7a031c68-d6ab-406e-a506-697a19c634b0?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Deploy prerequisites to audit Windows
- Server VMs on which Windows Serial Console is not enabled","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Windows Server virtual
- machines on which Windows Serial Console is not enabled. It also creates a
- system-assigned managed identity and deploys the VM extension for Guest Configuration.
- This policy should only be used along with its corresponding audit policy
- in an initiative. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"EMSPortNumber":{"type":"String","metadata":{"displayName":"EMS
- Port Number","description":"An integer indicating the COM port to be used
- for the Emergency Management Services (EMS) console redirection. For more
- information on EMS settings, please visit https://aka.ms/gcpolwsc"},"allowedValues":["1","2","3","4"],"defaultValue":"1"},"EMSBaudRate":{"type":"String","metadata":{"displayName":"EMS
- Baud Rate","description":"An integer indicating the baud rate to be used for
- the Emergency Management Services (EMS) console redirection. For more information
- on EMS settings, please visit https://aka.ms/gcpolwsc"},"allowedValues":["9600","19200","38400","57600","115200"],"defaultValue":"115200"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsSerialConsole","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[WindowsSerialConsole]WindowsSerialConsole;EMSPortNumber'',
- ''='', parameters(''EMSPortNumber''), '','', ''[WindowsSerialConsole]WindowsSerialConsole;EMSBaudRate'',
- ''='', parameters(''EMSBaudRate'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsSerialConsole"},"EMSPortNumber":{"value":"[parameters(''EMSPortNumber'')]"},"EMSBaudRate":{"value":"[parameters(''EMSBaudRate'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"EMSPortNumber":{"type":"string"},"EMSBaudRate":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSPortNumber","value":"[parameters(''EMSPortNumber'')]"},{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSBaudRate","value":"[parameters(''EMSBaudRate'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSPortNumber","value":"[parameters(''EMSPortNumber'')]"},{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSBaudRate","value":"[parameters(''EMSBaudRate'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a031c68-d6ab-406e-a506-697a19c634b0","type":"Microsoft.Authorization/policyDefinitions","name":"7a031c68-d6ab-406e-a506-697a19c634b0"}'
+ string: '{"properties":{"displayName":"[Deprecated]: Allow resource creation
+ only in India data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ resource creation in the following locations only: West India, South India,
+ Central India","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["westindia","southindia","centralindia"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54","type":"Microsoft.Authorization/policyDefinitions","name":"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54"}'
headers:
cache-control:
- no-cache
content-length:
- - '6859'
+ - '633'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:16:42 GMT
+ - Fri, 06 Dec 2019 22:07:14 GMT
expires:
- '-1'
pragma:
@@ -17733,16 +20814,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''7c1b1214-f927-48bf-8882-84f0af6588b1'' could not be found."}}'
+ ''5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -17751,7 +20832,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:16:43 GMT
+ - Fri, 06 Dec 2019 22:07:16 GMT
expires:
- '-1'
pragma:
@@ -17777,28 +20858,39 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Diagnostic logs in Virtual Machine Scale
- Sets should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"It
- is recommended to enable Logs so that activity trail can be recreated when
- investigations are required in the event of an incident or a compromise.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"IaaSDiagnostics"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Diagnostics"}]},{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"LinuxDiagnostic"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.OSTCExtensions"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","type":"Microsoft.Authorization/policyDefinitions","name":"7c1b1214-f927-48bf-8882-84f0af6588b1"}'
+ string: '{"properties":{"displayName":"[Preview]: Deploy Log Analytics Agent
+ for Linux VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
+ Log Analytics Agent for Linux VM Scale Sets if the VM Image (OS) is in the
+ list defined and the agent is not installed. Note: if your scale set upgradePolicy
+ is set to Manual, you need to apply the extension to the all VMs in the set
+ by calling upgrade on them. In CLI this would be az vmss update-instances.","metadata":{"category":"Monitoring"},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional:
+ List of VM images that have supported Linux OS to add to scope","description":"Example
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293","/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"OmsAgentForLinux"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"OmsAgentForLinux","vmExtensionTypeHandlerVersion":"1.7"},"resources":[{"name":"[concat(parameters(''vmName''),
+ ''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachineScaleSets/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''),
+ ''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''),
+ ''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
+ extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069","type":"Microsoft.Authorization/policyDefinitions","name":"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069"}'
headers:
cache-control:
- no-cache
content-length:
- - '1436'
+ - '5198'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:16:43 GMT
+ - Fri, 06 Dec 2019 22:07:17 GMT
expires:
- '-1'
pragma:
@@ -17808,7 +20900,7 @@ interactions:
transfer-encoding:
- chunked
vary:
- - Accept-Encoding,Accept-Encoding
+ - Accept-Encoding
x-content-type-options:
- nosniff
status:
@@ -17828,16 +20920,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f'' could not be found."}}'
+ ''5f76cf89-fbf2-47fd-a3f4-b891fa780b60'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -17846,7 +20938,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:16:43 GMT
+ - Fri, 06 Dec 2019 22:07:18 GMT
expires:
- '-1'
pragma:
@@ -17872,29 +20964,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Deprecated]: Require blob encryption
- for storage accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy ensures blob encryption for storage accounts is turned on. It only
- applies to Microsoft.Storage resource types, not other storage providers.
- This policy is deprecated because storage blob encryption is now enabled by
- default, and can no longer be disabled.","metadata":{"category":"Storage","deprecated":true},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f","type":"Microsoft.Authorization/policyDefinitions","name":"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f"}'
+ string: '{"properties":{"displayName":"External accounts with read permissions
+ should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"External
+ accounts with read privileges should be removed from your subscription in
+ order to prevent unmonitored access.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithReadPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","type":"Microsoft.Authorization/policyDefinitions","name":"5f76cf89-fbf2-47fd-a3f4-b891fa780b60"}'
headers:
cache-control:
- no-cache
content-length:
- - '881'
+ - '1093'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:16:43 GMT
+ - Fri, 06 Dec 2019 22:07:19 GMT
expires:
- '-1'
pragma:
@@ -17924,16 +21015,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5ffd78d9-436d-4b41-a421-5baa819e3008?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''7e56b49b-5990-4159-a734-511ea19b731c'' could not be found."}}'
+ ''5ffd78d9-436d-4b41-a421-5baa819e3008'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -17942,7 +21033,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:16:43 GMT
+ - Fri, 06 Dec 2019 22:07:20 GMT
expires:
- '-1'
pragma:
@@ -17968,30 +21059,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/5ffd78d9-436d-4b41-a421-5baa819e3008?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Show audit results from Windows VMs that
- have the specified applications installed","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines that have the specified applications installed.
- For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"NotInstalledApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c","type":"Microsoft.Authorization/policyDefinitions","name":"7e56b49b-5990-4159-a734-511ea19b731c"}'
+ string: '{"properties":{"displayName":"Add or replace a tag on resources","policyType":"BuiltIn","mode":"Indexed","description":"Adds
+ or replaces the specified tag and value when any resource is created or updated.
+ Existing resources can be remediated by triggering a remediation task. Does
+ not modify tags on resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
+ Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","notEquals":"[parameters(''tagValue'')]"},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"addOrReplace","field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ffd78d9-436d-4b41-a421-5baa819e3008","type":"Microsoft.Authorization/policyDefinitions","name":"5ffd78d9-436d-4b41-a421-5baa819e3008"}'
headers:
cache-control:
- no-cache
content-length:
- - '2734'
+ - '1207'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:16:43 GMT
+ - Fri, 06 Dec 2019 22:07:21 GMT
expires:
- '-1'
pragma:
@@ -18021,16 +21113,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/7e84ba44-6d03-46fd-950e-5efa5a1112fa?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/60aeaf73-a074-417a-905f-7ce9df0ff77b?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''7e84ba44-6d03-46fd-950e-5efa5a1112fa'' could not be found."}}'
+ ''60aeaf73-a074-417a-905f-7ce9df0ff77b'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -18039,7 +21131,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:16:44 GMT
+ - Fri, 06 Dec 2019 22:07:23 GMT
expires:
- '-1'
pragma:
@@ -18065,30 +21157,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/7e84ba44-6d03-46fd-950e-5efa5a1112fa?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/60aeaf73-a074-417a-905f-7ce9df0ff77b?api-version=2019-09-01
response:
body:
string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
- VMs that have not restarted within the specified number of days","policyType":"BuiltIn","mode":"All","description":"This
+ VMs configurations in ''System Audit Policies - Object Access''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines that have not restarted within the specified
- number of days. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MachineLastBootUpTime","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e84ba44-6d03-46fd-950e-5efa5a1112fa","type":"Microsoft.Authorization/policyDefinitions","name":"7e84ba44-6d03-46fd-950e-5efa5a1112fa"}'
+ auditing Windows virtual machines with non-compliant settings in Group Policy
+ category: ''System Audit Policies - Object Access''. For more information
+ on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesObjectAccess","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/60aeaf73-a074-417a-905f-7ce9df0ff77b","type":"Microsoft.Authorization/policyDefinitions","name":"60aeaf73-a074-417a-905f-7ce9df0ff77b"}'
headers:
cache-control:
- no-cache
content-length:
- - '2769'
+ - '2675'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:16:44 GMT
+ - Fri, 06 Dec 2019 22:07:24 GMT
expires:
- '-1'
pragma:
@@ -18098,7 +21191,7 @@ interactions:
transfer-encoding:
- chunked
vary:
- - Accept-Encoding,Accept-Encoding
+ - Accept-Encoding
x-content-type-options:
- nosniff
status:
@@ -18118,16 +21211,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/60d21c4f-21a3-4d94-85f4-b924e6aeeda4?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8'' could not be found."}}'
+ ''60d21c4f-21a3-4d94-85f4-b924e6aeeda4'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -18136,7 +21229,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:16:45 GMT
+ - Fri, 06 Dec 2019 22:07:25 GMT
expires:
- '-1'
pragma:
@@ -18162,39 +21255,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/60d21c4f-21a3-4d94-85f4-b924e6aeeda4?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy prerequisites to audit
- Windows VMs that do not have the password complexity setting enabled","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Windows virtual machines
- that do not have the password complexity setting enabled. It also creates
- a system-assigned managed identity and deploys the VM extension for Guest
- Configuration. This policy should only be used along with its corresponding
- audit policy in an initiative. For more information on Guest Configuration
- policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordMustMeetComplexityRequirements"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","type":"Microsoft.Authorization/policyDefinitions","name":"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8"}'
+ string: '{"properties":{"displayName":"Storage Accounts should use a virtual
+ network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Storage Account not configured to use a virtual network
+ service endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"anyOf":[{"field":"Microsoft.Storage/storageAccounts/networkAcls.defaultAction","notEquals":"Deny"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.virtualNetworkRules[*].id","exists":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/60d21c4f-21a3-4d94-85f4-b924e6aeeda4","type":"Microsoft.Authorization/policyDefinitions","name":"60d21c4f-21a3-4d94-85f4-b924e6aeeda4"}'
headers:
cache-control:
- no-cache
content-length:
- - '5224'
+ - '1017'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:16:45 GMT
+ - Fri, 06 Dec 2019 22:07:26 GMT
expires:
- '-1'
pragma:
@@ -18204,7 +21286,7 @@ interactions:
transfer-encoding:
- chunked
vary:
- - Accept-Encoding,Accept-Encoding
+ - Accept-Encoding
x-content-type-options:
- nosniff
status:
@@ -18224,16 +21306,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/7f4e96d1-e4f3-4dbb-b767-33ca4df8df7c?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''7f4e96d1-e4f3-4dbb-b767-33ca4df8df7c'' could not be found."}}'
+ ''60ffe3e2-4604-4460-8f22-0f1da058266c'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -18242,7 +21324,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:16:45 GMT
+ - Fri, 06 Dec 2019 22:07:27 GMT
expires:
- '-1'
pragma:
@@ -18268,31 +21350,30 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/7f4e96d1-e4f3-4dbb-b767-33ca4df8df7c?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
- VMs configurations in ''System Audit Policies - Privilege Use''","policyType":"BuiltIn","mode":"All","description":"This
+ string: '{"properties":{"displayName":"Show audit results from Windows web servers
+ that are not using secure communication protocols","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines with non-compliant settings in Group Policy
- category: ''System Audit Policies - Privilege Use''. For more information
- on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPrivilegeUse","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f4e96d1-e4f3-4dbb-b767-33ca4df8df7c","type":"Microsoft.Authorization/policyDefinitions","name":"7f4e96d1-e4f3-4dbb-b767-33ca4df8df7c"}'
+ auditing Windows web servers that are not using secure communication protocols
+ (TLS 1.1 or TLS 1.2). For more information on Guest Configuration policies,
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AuditSecureProtocol","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","type":"Microsoft.Authorization/policyDefinitions","name":"60ffe3e2-4604-4460-8f22-0f1da058266c"}'
headers:
cache-control:
- no-cache
content-length:
- - '2675'
+ - '2760'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:16:45 GMT
+ - Fri, 06 Dec 2019 22:07:29 GMT
expires:
- '-1'
pragma:
@@ -18302,7 +21383,7 @@ interactions:
transfer-encoding:
- chunked
vary:
- - Accept-Encoding,Accept-Encoding
+ - Accept-Encoding
x-content-type-options:
- nosniff
status:
@@ -18322,16 +21403,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''7f89b1eb-583c-429a-8828-af049802c1d9'' could not be found."}}'
+ ''6134c3db-786f-471e-87bc-8f479dc890f6'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -18340,7 +21421,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:16:46 GMT
+ - Fri, 06 Dec 2019 22:07:30 GMT
expires:
- '-1'
pragma:
@@ -18366,26 +21447,37 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Audit diagnostic setting","policyType":"BuiltIn","mode":"All","description":"Audit
- diagnostic setting for selected resource types","metadata":{"category":"Monitoring"},"parameters":{"listOfResourceTypes":{"type":"Array","metadata":{"displayName":"Resource
- Types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypes'')]"},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","type":"Microsoft.Authorization/policyDefinitions","name":"7f89b1eb-583c-429a-8828-af049802c1d9"}'
+ string: '{"properties":{"displayName":"Deploy Advanced Data Security on SQL
+ servers","policyType":"BuiltIn","mode":"Indexed","description":"This policy
+ enables Advanced Data Security on SQL Servers. This includes turning on Threat
+ Detection and Vulnerability Assessment. It will automatically create a storage
+ account in the same region and resource group as the SQL server to store scan
+ results, with a ''sqlva'' prefix.","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/securityAlertPolicies.state","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3","/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"serverName":{"type":"string"},"location":{"type":"string"}},"variables":{"serverResourceGroupName":"[resourceGroup().name]","subscriptionId":"[subscription().subscriptionId]","uniqueStorage":"[uniqueString(variables(''subscriptionId''),
+ variables(''serverResourceGroupName''), parameters(''location''))]","storageName":"[tolower(concat(''sqlva'',
+ variables(''uniqueStorage'')))]"},"resources":[{"type":"Microsoft.Storage/storageAccounts","name":"[variables(''storageName'')]","apiVersion":"2019-04-01","location":"[parameters(''location'')]","sku":{"name":"Standard_LRS"},"kind":"StorageV2","properties":{}},{"name":"[concat(parameters(''serverName''),
+ ''/Default'')]","type":"Microsoft.Sql/servers/securityAlertPolicies","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","emailAccountAdmins":true}},{"name":"[concat(parameters(''serverName''),
+ ''/Default'')]","type":"Microsoft.Sql/servers/vulnerabilityAssessments","apiVersion":"2018-06-01-preview","properties":{"storageContainerPath":"[concat(reference(resourceId(''Microsoft.Storage/storageAccounts'',
+ variables(''storageName''))).primaryEndpoints.blob, ''vulnerability-assessment'')]","storageAccountAccessKey":"[listKeys(resourceId(''Microsoft.Storage/storageAccounts'',
+ variables(''storageName'')), ''2018-02-01'').keys[0].value]","recurringScans":{"isEnabled":true,"emailSubscriptionAdmins":true,"emails":[]}},"dependsOn":["[concat(''Microsoft.Storage/storageAccounts/'',
+ variables(''storageName''))]","[concat(''Microsoft.Sql/servers/'', parameters(''serverName''),
+ ''/securityAlertPolicies/Default'')]"]}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6","type":"Microsoft.Authorization/policyDefinitions","name":"6134c3db-786f-471e-87bc-8f479dc890f6"}'
headers:
cache-control:
- no-cache
content-length:
- - '890'
+ - '2974'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:16:46 GMT
+ - Fri, 06 Dec 2019 22:07:31 GMT
expires:
- '-1'
pragma:
@@ -18395,7 +21487,7 @@ interactions:
transfer-encoding:
- chunked
vary:
- - Accept-Encoding,Accept-Encoding
+ - Accept-Encoding
x-content-type-options:
- nosniff
status:
@@ -18415,16 +21507,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/6141c932-9384-44c6-a395-59e4c057d7c9?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''7ff426e2-515f-405a-91c8-4f2333442eb5'' could not be found."}}'
+ ''6141c932-9384-44c6-a395-59e4c057d7c9'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -18433,7 +21525,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:16:46 GMT
+ - Fri, 06 Dec 2019 22:07:33 GMT
expires:
- '-1'
pragma:
@@ -18459,29 +21551,83 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/6141c932-9384-44c6-a395-59e4c057d7c9?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"SQL Auditing settings should have Action-Groups
- configured to capture critical activities","policyType":"BuiltIn","mode":"Indexed","description":"The
- AuditActionsAndGroups property should contain at least SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,
- FAILED_DATABASE_AUTHENTICATION_GROUP, BATCH_COMPLETED_GROUP to ensure a thorough
- audit logging","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"FAILED_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"BATCH_COMPLETED_GROUP"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","type":"Microsoft.Authorization/policyDefinitions","name":"7ff426e2-515f-405a-91c8-4f2333442eb5"}'
+ string: '{"properties":{"displayName":"Configure time zone on Windows machines.","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to set specified time zone
+ on Windows virtual machines.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"TimeZone":{"type":"String","metadata":{"displayName":"Time
+ zone","description":"The expected time zone"},"allowedValues":["(UTC-12:00)
+ International Date Line West","(UTC-11:00) Coordinated Universal Time-11","(UTC-10:00)
+ Aleutian Islands","(UTC-10:00) Hawaii","(UTC-09:30) Marquesas Islands","(UTC-09:00)
+ Alaska","(UTC-09:00) Coordinated Universal Time-09","(UTC-08:00) Baja California","(UTC-08:00)
+ Coordinated Universal Time-08","(UTC-08:00) Pacific Time (US & Canada)","(UTC-07:00)
+ Arizona","(UTC-07:00) Chihuahua, La Paz, Mazatlan","(UTC-07:00) Mountain Time
+ (US & Canada)","(UTC-06:00) Central America","(UTC-06:00) Central Time (US
+ & Canada)","(UTC-06:00) Easter Island","(UTC-06:00) Guadalajara, Mexico City,
+ Monterrey","(UTC-06:00) Saskatchewan","(UTC-05:00) Bogota, Lima, Quito, Rio
+ Branco","(UTC-05:00) Chetumal","(UTC-05:00) Eastern Time (US & Canada)","(UTC-05:00)
+ Haiti","(UTC-05:00) Havana","(UTC-05:00) Indiana (East)","(UTC-05:00) Turks
+ and Caicos","(UTC-04:00) Asuncion","(UTC-04:00) Atlantic Time (Canada)","(UTC-04:00)
+ Caracas","(UTC-04:00) Cuiaba","(UTC-04:00) Georgetown, La Paz, Manaus, San
+ Juan","(UTC-04:00) Santiago","(UTC-03:30) Newfoundland","(UTC-03:00) Araguaina","(UTC-03:00)
+ Brasilia","(UTC-03:00) Cayenne, Fortaleza","(UTC-03:00) City of Buenos Aires","(UTC-03:00)
+ Greenland","(UTC-03:00) Montevideo","(UTC-03:00) Punta Arenas","(UTC-03:00)
+ Saint Pierre and Miquelon","(UTC-03:00) Salvador","(UTC-02:00) Coordinated
+ Universal Time-02","(UTC-02:00) Mid-Atlantic - Old","(UTC-01:00) Azores","(UTC-01:00)
+ Cabo Verde Is.","(UTC) Coordinated Universal Time","(UTC+00:00) Dublin, Edinburgh,
+ Lisbon, London","(UTC+00:00) Monrovia, Reykjavik","(UTC+00:00) Sao Tome","(UTC+01:00)
+ Casablanca","(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna","(UTC+01:00)
+ Belgrade, Bratislava, Budapest, Ljubljana, Prague","(UTC+01:00) Brussels,
+ Copenhagen, Madrid, Paris","(UTC+01:00) Sarajevo, Skopje, Warsaw, Zagreb","(UTC+01:00)
+ West Central Africa","(UTC+02:00) Amman","(UTC+02:00) Athens, Bucharest","(UTC+02:00)
+ Beirut","(UTC+02:00) Cairo","(UTC+02:00) Chisinau","(UTC+02:00) Damascus","(UTC+02:00)
+ Gaza, Hebron","(UTC+02:00) Harare, Pretoria","(UTC+02:00) Helsinki, Kyiv,
+ Riga, Sofia, Tallinn, Vilnius","(UTC+02:00) Jerusalem","(UTC+02:00) Kaliningrad","(UTC+02:00)
+ Khartoum","(UTC+02:00) Tripoli","(UTC+02:00) Windhoek","(UTC+03:00) Baghdad","(UTC+03:00)
+ Istanbul","(UTC+03:00) Kuwait, Riyadh","(UTC+03:00) Minsk","(UTC+03:00) Moscow,
+ St. Petersburg","(UTC+03:00) Nairobi","(UTC+03:30) Tehran","(UTC+04:00) Abu
+ Dhabi, Muscat","(UTC+04:00) Astrakhan, Ulyanovsk","(UTC+04:00) Baku","(UTC+04:00)
+ Izhevsk, Samara","(UTC+04:00) Port Louis","(UTC+04:00) Saratov","(UTC+04:00)
+ Tbilisi","(UTC+04:00) Volgograd","(UTC+04:00) Yerevan","(UTC+04:30) Kabul","(UTC+05:00)
+ Ashgabat, Tashkent","(UTC+05:00) Ekaterinburg","(UTC+05:00) Islamabad, Karachi","(UTC+05:00)
+ Qyzylorda","(UTC+05:30) Chennai, Kolkata, Mumbai, New Delhi","(UTC+05:30)
+ Sri Jayawardenepura","(UTC+05:45) Kathmandu","(UTC+06:00) Astana","(UTC+06:00)
+ Dhaka","(UTC+06:00) Omsk","(UTC+06:30) Yangon (Rangoon)","(UTC+07:00) Bangkok,
+ Hanoi, Jakarta","(UTC+07:00) Barnaul, Gorno-Altaysk","(UTC+07:00) Hovd","(UTC+07:00)
+ Krasnoyarsk","(UTC+07:00) Novosibirsk","(UTC+07:00) Tomsk","(UTC+08:00) Beijing,
+ Chongqing, Hong Kong, Urumqi","(UTC+08:00) Irkutsk","(UTC+08:00) Kuala Lumpur,
+ Singapore","(UTC+08:00) Perth","(UTC+08:00) Taipei","(UTC+08:00) Ulaanbaatar","(UTC+08:45)
+ Eucla","(UTC+09:00) Chita","(UTC+09:00) Osaka, Sapporo, Tokyo","(UTC+09:00)
+ Pyongyang","(UTC+09:00) Seoul","(UTC+09:00) Yakutsk","(UTC+09:30) Adelaide","(UTC+09:30)
+ Darwin","(UTC+10:00) Brisbane","(UTC+10:00) Canberra, Melbourne, Sydney","(UTC+10:00)
+ Guam, Port Moresby","(UTC+10:00) Hobart","(UTC+10:00) Vladivostok","(UTC+10:30)
+ Lord Howe Island","(UTC+11:00) Bougainville Island","(UTC+11:00) Chokurdakh","(UTC+11:00)
+ Magadan","(UTC+11:00) Norfolk Island","(UTC+11:00) Sakhalin","(UTC+11:00)
+ Solomon Is., New Caledonia","(UTC+12:00) Anadyr, Petropavlovsk-Kamchatsky","(UTC+12:00)
+ Auckland, Wellington","(UTC+12:00) Coordinated Universal Time+12","(UTC+12:00)
+ Fiji","(UTC+12:00) Petropavlovsk-Kamchatsky - Old","(UTC+12:45) Chatham Islands","(UTC+13:00)
+ Coordinated Universal Time+13","(UTC+13:00) Nuku''alofa","(UTC+13:00) Samoa","(UTC+14:00)
+ Kiritimati Island"]}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"SetWindowsTimeZone","existenceCondition":{"allOf":[{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[WindowsTimeZone]WindowsTimeZone1;TimeZone'',
+ ''='', parameters(''TimeZone'')))]"},{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"SetWindowsTimeZone"},"TimeZone":{"value":"[parameters(''TimeZone'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"TimeZone":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","assignmentType":"DeployAndAutoCorrect","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","assignmentType":"DeployAndAutoCorrect","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6141c932-9384-44c6-a395-59e4c057d7c9","type":"Microsoft.Authorization/policyDefinitions","name":"6141c932-9384-44c6-a395-59e4c057d7c9"}'
headers:
cache-control:
- no-cache
content-length:
- - '1437'
+ - '8972'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:16:46 GMT
+ - Fri, 06 Dec 2019 22:07:34 GMT
expires:
- '-1'
pragma:
@@ -18511,16 +21657,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/815dcc9f-6662-43f2-9a03-1b83e9876f24?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''815dcc9f-6662-43f2-9a03-1b83e9876f24'' could not be found."}}'
+ ''617c02be-7f02-4efd-8836-3180d47b6c68'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -18529,7 +21675,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:16:47 GMT
+ - Fri, 06 Dec 2019 22:07:35 GMT
expires:
- '-1'
pragma:
@@ -18555,125 +21701,30 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/815dcc9f-6662-43f2-9a03-1b83e9876f24?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
- Windows VMs configurations in ''User Rights Assignment''","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Windows virtual machines
- with non-compliant settings in Group Policy category: ''User Rights Assignment''.
- It also creates a system-assigned managed identity and deploys the VM extension
- for Guest Configuration. This policy should only be used along with its corresponding
- audit policy in an initiative. For more information on Guest Configuration
- policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"UsersOrGroupsThatMayAccessThisComputerFromTheNetwork":{"type":"String","metadata":{"displayName":"Users
- or groups that may access this computer from the network","description":"Specifies
- which remote users on the network are permitted to connect to the computer.
- This does not include Remote Desktop Connection."},"defaultValue":"Administrators,
- Authenticated Users"},"UsersOrGroupsThatMayLogOnLocally":{"type":"String","metadata":{"displayName":"Users
- or groups that may log on locally","description":"Specifies which users or
- groups can interactively log on to the computer. Users who attempt to log
- on via Remote Desktop Connection or IIS also require this user right."},"defaultValue":"Administrators"},"UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices":{"type":"String","metadata":{"displayName":"Users
- or groups that may log on through Remote Desktop Services","description":"Specifies
- which users or groups are permitted to log on as a Terminal Services client,
- Remote Desktop, or for Remote Assistance."},"defaultValue":"Administrators,
- Remote Desktop Users"},"UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork":{"type":"String","metadata":{"displayName":"Users
- and groups that are denied access to this computer from the network","description":"Specifies
- which users or groups are explicitly prohibited from connecting to the computer
- across the network."},"defaultValue":"Guests"},"UsersOrGroupsThatMayManageAuditingAndSecurityLog":{"type":"String","metadata":{"displayName":"Users
- or groups that may manage auditing and security log","description":"Specifies
- users and groups permitted to change the auditing options for files and directories
- and clear the Security log."},"defaultValue":"Administrators"},"UsersOrGroupsThatMayBackUpFilesAndDirectories":{"type":"String","metadata":{"displayName":"Users
- or groups that may back up files and directories","description":"Specifies
- users and groups allowed to circumvent file and directory permissions to back
- up the system."},"defaultValue":"Administrators, Backup Operators"},"UsersOrGroupsThatMayChangeTheSystemTime":{"type":"String","metadata":{"displayName":"Users
- or groups that may change the system time","description":"Specifies which
- users and groups are permitted to change the time and date on the internal
- clock of the computer."},"defaultValue":"Administrators, LOCAL SERVICE"},"UsersOrGroupsThatMayChangeTheTimeZone":{"type":"String","metadata":{"displayName":"Users
- or groups that may change the time zone","description":"Specifies which users
- and groups are permitted to change the time zone of the computer."},"defaultValue":"Administrators,
- LOCAL SERVICE"},"UsersOrGroupsThatMayCreateATokenObject":{"type":"String","metadata":{"displayName":"Users
- or groups that may create a token object","description":"Specifies which users
- and groups are permitted to create an access token, which may provide elevated
- rights to access sensitive data."},"defaultValue":"No One"},"UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob":{"type":"String","metadata":{"displayName":"Users
- and groups that are denied logging on as a batch job","description":"Specifies
- which users and groups are explicitly not permitted to log on to the computer
- as a batch job (i.e. scheduled task)."},"defaultValue":"Guests"},"UsersAndGroupsThatAreDeniedLoggingOnAsAService":{"type":"String","metadata":{"displayName":"Users
- and groups that are denied logging on as a service","description":"Specifies
- which service accounts are explicitly not permitted to register a process
- as a service."},"defaultValue":"Guests"},"UsersAndGroupsThatAreDeniedLocalLogon":{"type":"String","metadata":{"displayName":"Users
- and groups that are denied local logon","description":"Specifies which users
- and groups are explicitly not permitted to log on to the computer."},"defaultValue":"Guests"},"UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices":{"type":"String","metadata":{"displayName":"Users
- and groups that are denied log on through Remote Desktop Services","description":"Specifies
- which users and groups are explicitly not permitted to log on to the computer
- via Terminal Services/Remote Desktop Client."},"defaultValue":"Guests"},"UserAndGroupsThatMayForceShutdownFromARemoteSystem":{"type":"String","metadata":{"displayName":"User
- and groups that may force shutdown from a remote system","description":"Specifies
- which users and groups are permitted to shut down the computer from a remote
- location on the network."},"defaultValue":"Administrators"},"UsersAndGroupsThatMayRestoreFilesAndDirectories":{"type":"String","metadata":{"displayName":"Users
- and groups that may restore files and directories","description":"Specifies
- which users and groups are permitted to bypass file, directory, registry,
- and other persistent object permissions when restoring backed up files and
- directories."},"defaultValue":"Administrators, Backup Operators"},"UsersAndGroupsThatMayShutDownTheSystem":{"type":"String","metadata":{"displayName":"Users
- and groups that may shut down the system","description":"Specifies which users
- and groups who are logged on locally to the computers in your environment
- are permitted to shut down the operating system with the Shut Down command."},"defaultValue":"Administrators"},"UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects":{"type":"String","metadata":{"displayName":"Users
- or groups that may take ownership of files or other objects","description":"Specifies
- which users and groups are permitted to take ownership of files, folders,
- registry keys, processes, or threads. This user right bypasses any permissions
- that are in place to protect objects to give ownership to the specified user."},"defaultValue":"Administrators"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_UserRightsAssignment","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''Access
- this computer from the network;ExpectedValue'', ''='', parameters(''UsersOrGroupsThatMayAccessThisComputerFromTheNetwork''),
- '','', ''Allow log on locally;ExpectedValue'', ''='', parameters(''UsersOrGroupsThatMayLogOnLocally''),
- '','', ''Allow log on through Remote Desktop Services;ExpectedValue'', ''='',
- parameters(''UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices''), '','',
- ''Deny access to this computer from the network;ExpectedValue'', ''='', parameters(''UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork''),
- '','', ''Manage auditing and security log;ExpectedValue'', ''='', parameters(''UsersOrGroupsThatMayManageAuditingAndSecurityLog''),
- '','', ''Back up files and directories;ExpectedValue'', ''='', parameters(''UsersOrGroupsThatMayBackUpFilesAndDirectories''),
- '','', ''Change the system time;ExpectedValue'', ''='', parameters(''UsersOrGroupsThatMayChangeTheSystemTime''),
- '','', ''Change the time zone;ExpectedValue'', ''='', parameters(''UsersOrGroupsThatMayChangeTheTimeZone''),
- '','', ''Create a token object;ExpectedValue'', ''='', parameters(''UsersOrGroupsThatMayCreateATokenObject''),
- '','', ''Deny log on as a batch job;ExpectedValue'', ''='', parameters(''UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob''),
- '','', ''Deny log on as a service;ExpectedValue'', ''='', parameters(''UsersAndGroupsThatAreDeniedLoggingOnAsAService''),
- '','', ''Deny log on locally;ExpectedValue'', ''='', parameters(''UsersAndGroupsThatAreDeniedLocalLogon''),
- '','', ''Deny log on through Remote Desktop Services;ExpectedValue'', ''='',
- parameters(''UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices''),
- '','', ''Force shutdown from a remote system;ExpectedValue'', ''='', parameters(''UserAndGroupsThatMayForceShutdownFromARemoteSystem''),
- '','', ''Restore files and directories;ExpectedValue'', ''='', parameters(''UsersAndGroupsThatMayRestoreFilesAndDirectories''),
- '','', ''Shut down the system;ExpectedValue'', ''='', parameters(''UsersAndGroupsThatMayShutDownTheSystem''),
- '','', ''Take ownership of files or other objects;ExpectedValue'', ''='',
- parameters(''UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_UserRightsAssignment"},"UsersOrGroupsThatMayAccessThisComputerFromTheNetwork":{"value":"[parameters(''UsersOrGroupsThatMayAccessThisComputerFromTheNetwork'')]"},"UsersOrGroupsThatMayLogOnLocally":{"value":"[parameters(''UsersOrGroupsThatMayLogOnLocally'')]"},"UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices":{"value":"[parameters(''UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices'')]"},"UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork":{"value":"[parameters(''UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork'')]"},"UsersOrGroupsThatMayManageAuditingAndSecurityLog":{"value":"[parameters(''UsersOrGroupsThatMayManageAuditingAndSecurityLog'')]"},"UsersOrGroupsThatMayBackUpFilesAndDirectories":{"value":"[parameters(''UsersOrGroupsThatMayBackUpFilesAndDirectories'')]"},"UsersOrGroupsThatMayChangeTheSystemTime":{"value":"[parameters(''UsersOrGroupsThatMayChangeTheSystemTime'')]"},"UsersOrGroupsThatMayChangeTheTimeZone":{"value":"[parameters(''UsersOrGroupsThatMayChangeTheTimeZone'')]"},"UsersOrGroupsThatMayCreateATokenObject":{"value":"[parameters(''UsersOrGroupsThatMayCreateATokenObject'')]"},"UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob'')]"},"UsersAndGroupsThatAreDeniedLoggingOnAsAService":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLoggingOnAsAService'')]"},"UsersAndGroupsThatAreDeniedLocalLogon":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLocalLogon'')]"},"UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices'')]"},"UserAndGroupsThatMayForceShutdownFromARemoteSystem":{"value":"[parameters(''UserAndGroupsThatMayForceShutdownFromARemoteSystem'')]"},"UsersAndGroupsThatMayRestoreFilesAndDirectories":{"value":"[parameters(''UsersAndGroupsThatMayRestoreFilesAndDirectories'')]"},"UsersAndGroupsThatMayShutDownTheSystem":{"value":"[parameters(''UsersAndGroupsThatMayShutDownTheSystem'')]"},"UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects":{"value":"[parameters(''UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"UsersOrGroupsThatMayAccessThisComputerFromTheNetwork":{"type":"string"},"UsersOrGroupsThatMayLogOnLocally":{"type":"string"},"UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices":{"type":"string"},"UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork":{"type":"string"},"UsersOrGroupsThatMayManageAuditingAndSecurityLog":{"type":"string"},"UsersOrGroupsThatMayBackUpFilesAndDirectories":{"type":"string"},"UsersOrGroupsThatMayChangeTheSystemTime":{"type":"string"},"UsersOrGroupsThatMayChangeTheTimeZone":{"type":"string"},"UsersOrGroupsThatMayCreateATokenObject":{"type":"string"},"UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob":{"type":"string"},"UsersAndGroupsThatAreDeniedLoggingOnAsAService":{"type":"string"},"UsersAndGroupsThatAreDeniedLocalLogon":{"type":"string"},"UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices":{"type":"string"},"UserAndGroupsThatMayForceShutdownFromARemoteSystem":{"type":"string"},"UsersAndGroupsThatMayRestoreFilesAndDirectories":{"type":"string"},"UsersAndGroupsThatMayShutDownTheSystem":{"type":"string"},"UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Access
- this computer from the network;ExpectedValue","value":"[parameters(''UsersOrGroupsThatMayAccessThisComputerFromTheNetwork'')]"},{"name":"Allow
- log on locally;ExpectedValue","value":"[parameters(''UsersOrGroupsThatMayLogOnLocally'')]"},{"name":"Allow
- log on through Remote Desktop Services;ExpectedValue","value":"[parameters(''UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices'')]"},{"name":"Deny
- access to this computer from the network;ExpectedValue","value":"[parameters(''UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork'')]"},{"name":"Manage
- auditing and security log;ExpectedValue","value":"[parameters(''UsersOrGroupsThatMayManageAuditingAndSecurityLog'')]"},{"name":"Back
- up files and directories;ExpectedValue","value":"[parameters(''UsersOrGroupsThatMayBackUpFilesAndDirectories'')]"},{"name":"Change
- the system time;ExpectedValue","value":"[parameters(''UsersOrGroupsThatMayChangeTheSystemTime'')]"},{"name":"Change
- the time zone;ExpectedValue","value":"[parameters(''UsersOrGroupsThatMayChangeTheTimeZone'')]"},{"name":"Create
- a token object;ExpectedValue","value":"[parameters(''UsersOrGroupsThatMayCreateATokenObject'')]"},{"name":"Deny
- log on as a batch job;ExpectedValue","value":"[parameters(''UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob'')]"},{"name":"Deny
- log on as a service;ExpectedValue","value":"[parameters(''UsersAndGroupsThatAreDeniedLoggingOnAsAService'')]"},{"name":"Deny
- log on locally;ExpectedValue","value":"[parameters(''UsersAndGroupsThatAreDeniedLocalLogon'')]"},{"name":"Deny
- log on through Remote Desktop Services;ExpectedValue","value":"[parameters(''UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices'')]"},{"name":"Force
- shutdown from a remote system;ExpectedValue","value":"[parameters(''UserAndGroupsThatMayForceShutdownFromARemoteSystem'')]"},{"name":"Restore
- files and directories;ExpectedValue","value":"[parameters(''UsersAndGroupsThatMayRestoreFilesAndDirectories'')]"},{"name":"Shut
- down the system;ExpectedValue","value":"[parameters(''UsersAndGroupsThatMayShutDownTheSystem'')]"},{"name":"Take
- ownership of files or other objects;ExpectedValue","value":"[parameters(''UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/815dcc9f-6662-43f2-9a03-1b83e9876f24","type":"Microsoft.Authorization/policyDefinitions","name":"815dcc9f-6662-43f2-9a03-1b83e9876f24"}'
+ string: '{"properties":{"displayName":"Service Fabric clusters should have the
+ ClusterProtectionLevel property set to EncryptAndSign","policyType":"BuiltIn","mode":"Indexed","description":"Service
+ Fabric provides three levels of protection (None, Sign and EncryptAndSign)
+ for node-to-node communication using a primary cluster certificate. Set the
+ protection level to ensure that all node-to-node messages are encrypted and
+ digitally signed","metadata":{"category":"Service Fabric"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceFabric/clusters"},{"anyOf":[{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].name","notEquals":"Security"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name","notEquals":"ClusterProtectionLevel"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value","notEquals":"EncryptAndSign"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","type":"Microsoft.Authorization/policyDefinitions","name":"617c02be-7f02-4efd-8836-3180d47b6c68"}'
headers:
cache-control:
- no-cache
content-length:
- - '17711'
+ - '1339'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:16:47 GMT
+ - Fri, 06 Dec 2019 22:07:36 GMT
expires:
- '-1'
pragma:
@@ -18683,7 +21734,7 @@ interactions:
transfer-encoding:
- chunked
vary:
- - Accept-Encoding,Accept-Encoding
+ - Accept-Encoding
x-content-type-options:
- nosniff
status:
@@ -18703,16 +21754,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/620e58b5-ac75-49b4-993f-a9d4f0459636?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''83a214f7-d01a-484b-91a9-ed54470c9a6a'' could not be found."}}'
+ ''620e58b5-ac75-49b4-993f-a9d4f0459636'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -18721,7 +21772,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:16:47 GMT
+ - Fri, 06 Dec 2019 22:07:38 GMT
expires:
- '-1'
pragma:
@@ -18747,31 +21798,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/620e58b5-ac75-49b4-993f-a9d4f0459636?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Diagnostic logs in Event Hub should be
- enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit enabling
- of diagnostic logs. This enables you to recreate activity trails to use for
- investigation purposes; when a security incident occurs or when your network
- is compromised","metadata":{"category":"Event Hub"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
- retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","type":"Microsoft.Authorization/policyDefinitions","name":"83a214f7-d01a-484b-91a9-ed54470c9a6a"}'
+ string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
+ VMs configurations in ''Security Options - System objects''","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Windows virtual machines with non-compliant settings in Group Policy
+ category: ''Security Options - System objects''. For more information on Guest
+ Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsSystemobjects","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/620e58b5-ac75-49b4-993f-a9d4f0459636","type":"Microsoft.Authorization/policyDefinitions","name":"620e58b5-ac75-49b4-993f-a9d4f0459636"}'
headers:
cache-control:
- no-cache
content-length:
- - '1782'
+ - '2664'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:16:47 GMT
+ - Fri, 06 Dec 2019 22:07:39 GMT
expires:
- '-1'
pragma:
@@ -18801,16 +21852,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/6481cc21-ed6e-4480-99dd-ea7c5222e897?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''83a86a26-fd1f-447c-b59d-e51f44264114'' could not be found."}}'
+ ''6481cc21-ed6e-4480-99dd-ea7c5222e897'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -18819,7 +21870,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:16:47 GMT
+ - Fri, 06 Dec 2019 22:07:40 GMT
expires:
- '-1'
pragma:
@@ -18845,29 +21896,40 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/6481cc21-ed6e-4480-99dd-ea7c5222e897?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Network interfaces should not have public
- IPs","policyType":"BuiltIn","mode":"Indexed","description":"This policy denies
- the network interfaces which are configured with any public IP. Public IP
- addresses allow internet resources to communicate inbound to Azure resources,
- and Azure resources to communicate outbound to the internet. This should be
- reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"not":{"field":"Microsoft.Network/networkInterfaces/ipconfigurations[*].publicIpAddress.id","notLike":"*"}}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114","type":"Microsoft.Authorization/policyDefinitions","name":"83a86a26-fd1f-447c-b59d-e51f44264114"}'
+ string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
+ Windows VMs configurations in ''Security Options - Devices''","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Windows virtual machines
+ with non-compliant settings in Group Policy category: ''Security Options -
+ Devices''. It also creates a system-assigned managed identity and deploys
+ the VM extension for Guest Configuration. This policy should only be used
+ along with its corresponding audit policy in an initiative. For more information
+ on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"DevicesAllowedToFormatAndEjectRemovableMedia":{"type":"String","metadata":{"displayName":"Devices:
+ Allowed to format and eject removable media","description":"Specifies who
+ is allowed to format and eject removable NTFS media. You can use this policy
+ setting to prevent unauthorized users from removing data on one computer to
+ access it on another computer on which they have local administrator privileges."},"defaultValue":"0"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsDevices","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''Devices:
+ Allowed to format and eject removable media;ExpectedValue'', ''='', parameters(''DevicesAllowedToFormatAndEjectRemovableMedia'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsDevices"},"DevicesAllowedToFormatAndEjectRemovableMedia":{"value":"[parameters(''DevicesAllowedToFormatAndEjectRemovableMedia'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"DevicesAllowedToFormatAndEjectRemovableMedia":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Devices:
+ Allowed to format and eject removable media;ExpectedValue","value":"[parameters(''DevicesAllowedToFormatAndEjectRemovableMedia'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6481cc21-ed6e-4480-99dd-ea7c5222e897","type":"Microsoft.Authorization/policyDefinitions","name":"6481cc21-ed6e-4480-99dd-ea7c5222e897"}'
headers:
cache-control:
- no-cache
content-length:
- - '894'
+ - '5429'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:16:47 GMT
+ - Fri, 06 Dec 2019 22:07:41 GMT
expires:
- '-1'
pragma:
@@ -18897,16 +21959,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/86880e5c-df35-43c5-95ad-7e120635775e?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''86880e5c-df35-43c5-95ad-7e120635775e'' could not be found."}}'
+ ''655cb504-bcee-4362-bd4c-402e6aa38759'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -18915,7 +21977,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:29 GMT
+ - Fri, 06 Dec 2019 22:07:43 GMT
expires:
- '-1'
pragma:
@@ -18941,34 +22003,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/86880e5c-df35-43c5-95ad-7e120635775e?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
- Windows VMs configurations in ''Security Options - Microsoft Network Server''","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Windows virtual machines
- with non-compliant settings in Group Policy category: ''Security Options -
- Microsoft Network Server''. It also creates a system-assigned managed identity
- and deploys the VM extension for Guest Configuration. This policy should only
- be used along with its corresponding audit policy in an initiative. For more
- information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkServer","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsMicrosoftNetworkServer"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86880e5c-df35-43c5-95ad-7e120635775e","type":"Microsoft.Authorization/policyDefinitions","name":"86880e5c-df35-43c5-95ad-7e120635775e"}'
+ string: '{"properties":{"displayName":"[Deprecated]: Audit missing blob encryption
+ for storage accounts","policyType":"BuiltIn","mode":"All","description":"This
+ policy is no longer necessary because storage blob encryption is enabled by
+ default and cannot be turned off.","metadata":{"category":"Security Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759","type":"Microsoft.Authorization/policyDefinitions","name":"655cb504-bcee-4362-bd4c-402e6aa38759"}'
headers:
cache-control:
- no-cache
content-length:
- - '4418'
+ - '946'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:29 GMT
+ - Fri, 06 Dec 2019 22:07:44 GMT
expires:
- '-1'
pragma:
@@ -18978,7 +22034,7 @@ interactions:
transfer-encoding:
- chunked
vary:
- - Accept-Encoding,Accept-Encoding
+ - Accept-Encoding
x-content-type-options:
- nosniff
status:
@@ -18998,16 +22054,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''86a912f6-9a06-4e26-b447-11b16ba8659f'' could not be found."}}'
+ ''664346d9-be92-43fb-a219-d595eeb76a90'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -19016,7 +22072,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:29 GMT
+ - Fri, 06 Dec 2019 22:07:45 GMT
expires:
- '-1'
pragma:
@@ -19042,26 +22098,29 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Deploy SQL DB transparent data encryption","policyType":"BuiltIn","mode":"Indexed","description":"Enables
- transparent data encryption on SQL databases","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"fullDbName":{"type":"string"}},"resources":[{"name":"[concat(parameters(''fullDbName''),
- ''/current'')]","type":"Microsoft.Sql/servers/databases/transparentDataEncryption","apiVersion":"2014-04-01","properties":{"status":"Enabled"}}]},"parameters":{"fullDbName":{"value":"[field(''fullName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f","type":"Microsoft.Authorization/policyDefinitions","name":"86a912f6-9a06-4e26-b447-11b16ba8659f"}'
+ string: '{"properties":{"displayName":"[Deprecated]: Audit IP restrictions configuration
+ for a Function App","policyType":"BuiltIn","mode":"All","description":"IP
+ Restrictions allow you to define a list of IP addresses that are allowed to
+ access your app. Use of IP Restrictions protects a Function app from common
+ attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90","type":"Microsoft.Authorization/policyDefinitions","name":"664346d9-be92-43fb-a219-d595eeb76a90"}'
headers:
cache-control:
- no-cache
content-length:
- - '1385'
+ - '1292'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:29 GMT
+ - Fri, 06 Dec 2019 22:07:46 GMT
expires:
- '-1'
pragma:
@@ -19091,16 +22150,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/68511db2-bd02-41c4-ae6b-1900a012968a?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''86b3d65f-7626-441e-b690-81a8b71cff60'' could not be found."}}'
+ ''68511db2-bd02-41c4-ae6b-1900a012968a'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -19109,7 +22168,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:30 GMT
+ - Fri, 06 Dec 2019 22:07:47 GMT
expires:
- '-1'
pragma:
@@ -19135,28 +22194,42 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/68511db2-bd02-41c4-ae6b-1900a012968a?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"System updates should be installed on
- your machines","policyType":"BuiltIn","mode":"All","description":"Missing
- security system updates on your servers will be monitored by Azure Security
- Center as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"systemUpdates","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","type":"Microsoft.Authorization/policyDefinitions","name":"86b3d65f-7626-441e-b690-81a8b71cff60"}'
+ string: '{"properties":{"displayName":"[Preview]: Deploy prerequisites to audit
+ Windows VMs on which the Log Analytics agent is not connected as expected","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Windows virtual machines
+ on which the Log Analytics agent is not connected to the specified workspaces.
+ It also creates a system-assigned managed identity and deploys the VM extension
+ for Guest Configuration. This policy should only be used along with its corresponding
+ audit policy in an initiative. For more information on Guest Configuration
+ policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"WorkspaceId":{"type":"String","metadata":{"displayName":"Connected
+ workspace IDs","description":"A semicolon-separated list of the workspace
+ IDs that the Log Analytics agent should be connected to"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsLogAnalyticsAgentConnection","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[LogAnalyticsAgent]LogAnalyticsAgent1;WorkspaceId'',
+ ''='', parameters(''WorkspaceId'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsLogAnalyticsAgentConnection"},"WorkspaceId":{"value":"[parameters(''WorkspaceId'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"WorkspaceId":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LogAnalyticsAgent]LogAnalyticsAgent1;WorkspaceId","value":"[parameters(''WorkspaceId'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LogAnalyticsAgent]LogAnalyticsAgent1;WorkspaceId","value":"[parameters(''WorkspaceId'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/68511db2-bd02-41c4-ae6b-1900a012968a","type":"Microsoft.Authorization/policyDefinitions","name":"68511db2-bd02-41c4-ae6b-1900a012968a"}'
headers:
cache-control:
- no-cache
content-length:
- - '1067'
+ - '6087'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:30 GMT
+ - Fri, 06 Dec 2019 22:07:48 GMT
expires:
- '-1'
pragma:
@@ -19166,7 +22239,7 @@ interactions:
transfer-encoding:
- chunked
vary:
- - Accept-Encoding,Accept-Encoding
+ - Accept-Encoding
x-content-type-options:
- nosniff
status:
@@ -19186,16 +22259,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/871b6d14-10aa-478d-b590-94f262ecfa99?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/6a7a2bcf-f9be-4e35-9734-4f9657a70f1d?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''871b6d14-10aa-478d-b590-94f262ecfa99'' could not be found."}}'
+ ''6a7a2bcf-f9be-4e35-9734-4f9657a70f1d'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -19204,7 +22277,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:29 GMT
+ - Fri, 06 Dec 2019 22:07:50 GMT
expires:
- '-1'
pragma:
@@ -19230,27 +22303,45 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/871b6d14-10aa-478d-b590-94f262ecfa99?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/6a7a2bcf-f9be-4e35-9734-4f9657a70f1d?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Require specified tag","policyType":"BuiltIn","mode":"Indexed","description":"Enforces
- existence of a tag. Does not apply to resource groups.","metadata":{"category":"General"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
- Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","exists":"false"},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/871b6d14-10aa-478d-b590-94f262ecfa99","type":"Microsoft.Authorization/policyDefinitions","name":"871b6d14-10aa-478d-b590-94f262ecfa99"}'
+ string: '{"properties":{"displayName":"[Preview]: Deploy prerequisites to audit
+ Windows VMs on which Windows Defender Exploit Guard is not enabled","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Windows virtual machines
+ on which Windows Defender Exploit Guard is not enabled. It also creates a
+ system-assigned managed identity and deploys the VM extension for Guest Configuration.
+ This policy should only be used along with its corresponding audit policy
+ in an initiative. For more information on Guest Configuration policies, please
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"NotAvailableMachineState":{"type":"String","metadata":{"displayName":"State
+ in which to show VMs on which Windows Defender Exploit Guard is not available","description":"Windows
+ Defender Exploit Guard is only available starting with Windows 10/Windows
+ Server with update 1709. Setting this value to ''Non-Compliant'' will make
+ machines with older versions on which Windows Defender Exploit Guard is not
+ available (such as Windows Server 2012 R2) non-compliant. Setting this value
+ to ''Compliant'' will make these machines compliant."},"allowedValues":["Compliant","Non-Compliant"],"defaultValue":"Non-Compliant"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDefenderExploitGuard","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[WindowsDefenderExploitGuard]WindowsDefenderExploitGuard1;NotAvailableMachineState'',
+ ''='', parameters(''NotAvailableMachineState'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDefenderExploitGuard"},"NotAvailableMachineState":{"value":"[parameters(''NotAvailableMachineState'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"NotAvailableMachineState":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsDefenderExploitGuard]WindowsDefenderExploitGuard1;NotAvailableMachineState","value":"[parameters(''NotAvailableMachineState'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsDefenderExploitGuard]WindowsDefenderExploitGuard1;NotAvailableMachineState","value":"[parameters(''NotAvailableMachineState'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a7a2bcf-f9be-4e35-9734-4f9657a70f1d","type":"Microsoft.Authorization/policyDefinitions","name":"6a7a2bcf-f9be-4e35-9734-4f9657a70f1d"}'
headers:
cache-control:
- no-cache
content-length:
- - '658'
+ - '6629'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:30 GMT
+ - Fri, 06 Dec 2019 22:07:51 GMT
expires:
- '-1'
pragma:
@@ -19280,16 +22371,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/87b590fe-4a1d-4697-ae74-d4fe72ab786c?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''87b590fe-4a1d-4697-ae74-d4fe72ab786c'' could not be found."}}'
+ ''6a8450e2-6c61-43b4-be65-62e3a197bffe'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -19298,7 +22389,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:30 GMT
+ - Fri, 06 Dec 2019 22:07:52 GMT
expires:
- '-1'
pragma:
@@ -19324,31 +22415,29 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/87b590fe-4a1d-4697-ae74-d4fe72ab786c?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
- VMs configurations in ''Administrative Templates - Control Panel''","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines with non-compliant settings in Group Policy
- category: ''Administrative Templates - Control Panel''. For more information
- on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesControlPanel","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/87b590fe-4a1d-4697-ae74-d4fe72ab786c","type":"Microsoft.Authorization/policyDefinitions","name":"87b590fe-4a1d-4697-ae74-d4fe72ab786c"}'
+ string: '{"properties":{"displayName":"[Deprecated]: Audit IP restrictions configuration
+ for a Web Application","policyType":"BuiltIn","mode":"All","description":"IP
+ Restrictions allow you to define a list of IP addresses that are allowed to
+ access your app. Use of IP Restrictions protects a web application from common
+ attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ConfigureIPRestrictions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe","type":"Microsoft.Authorization/policyDefinitions","name":"6a8450e2-6c61-43b4-be65-62e3a197bffe"}'
headers:
cache-control:
- no-cache
content-length:
- - '2685'
+ - '1309'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:31 GMT
+ - Fri, 06 Dec 2019 22:07:53 GMT
expires:
- '-1'
pragma:
@@ -19378,16 +22467,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/6ad61431-88ce-4357-a0e1-6da43f292bd7?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''884b209a-963b-4520-8006-d20cb3c213e0'' could not be found."}}'
+ ''6ad61431-88ce-4357-a0e1-6da43f292bd7'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -19396,7 +22485,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:31 GMT
+ - Fri, 06 Dec 2019 22:07:55 GMT
expires:
- '-1'
pragma:
@@ -19422,44 +22511,32 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/6ad61431-88ce-4357-a0e1-6da43f292bd7?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Deploy prerequisites to audit Linux VMs
- that have the specified applications installed","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Linux virtual machines
- that have the specified applications installed. It also creates a system-assigned
- managed identity and deploys the VM extension for Guest Configuration. This
- policy should only be used along with its corresponding audit policy in an
- initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"ApplicationName":{"type":"String","metadata":{"displayName":"Application
- names","description":"A semicolon-separated list of the names of the applications
- that should not be installed. e.g. ''python; powershell''"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"not_installed_application_linux","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent'',
- ''='', concat(''packages: ['', replace(parameters(''ApplicationName''), '';'',
- '',''), '']'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"not_installed_application_linux"},"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ApplicationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent","value":"[concat(''packages:
- ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent","value":"[concat(''packages:
- ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0","type":"Microsoft.Authorization/policyDefinitions","name":"884b209a-963b-4520-8006-d20cb3c213e0"}'
+ string: '{"properties":{"displayName":"[Deprecated]: Ensure WEB app is using
+ the latest version of TLS encryption ","policyType":"BuiltIn","mode":"Indexed","description":"Please
+ use /providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b
+ instead. The TLS(Transport Layer Security) protocol secures transmission of
+ data over the internet using standard encryption technology. Encryption should
+ be set with the latest version of TLS. App service allows TLS 1.2 by default,
+ which is the recommended TLS level by industry standards, such as PCI DSS.","metadata":{"category":"App
+ Service","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6ad61431-88ce-4357-a0e1-6da43f292bd7","type":"Microsoft.Authorization/policyDefinitions","name":"6ad61431-88ce-4357-a0e1-6da43f292bd7"}'
headers:
cache-control:
- no-cache
content-length:
- - '6630'
+ - '1353'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:31 GMT
+ - Fri, 06 Dec 2019 22:07:55 GMT
expires:
- '-1'
pragma:
@@ -19489,16 +22566,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''88c0b9da-ce96-4b03-9635-f29a937e2900'' could not be found."}}'
+ ''6b1cbf55-e8b6-442f-ba4c-7246b6381474'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -19507,7 +22584,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:31 GMT
+ - Fri, 06 Dec 2019 22:07:57 GMT
expires:
- '-1'
pragma:
@@ -19533,28 +22610,29 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Network interfaces should disable IP
- forwarding","policyType":"BuiltIn","mode":"Indexed","description":"This policy
- denies the network interfaces which enabled IP forwarding. The setting of
- IP forwarding disables Azure''s check of the source and destination for a
- network interface. This should be reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"field":"Microsoft.Network/networkInterfaces/enableIpForwarding","equals":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900","type":"Microsoft.Authorization/policyDefinitions","name":"88c0b9da-ce96-4b03-9635-f29a937e2900"}'
+ string: '{"properties":{"displayName":"Deprecated accounts should be removed
+ from your subscription","policyType":"BuiltIn","mode":"All","description":"Deprecated
+ accounts should be removed from your subscriptions. Deprecated accounts are
+ accounts that have been blocked from signing in.","metadata":{"category":"Security
+ Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveDeprecatedAccounts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","type":"Microsoft.Authorization/policyDefinitions","name":"6b1cbf55-e8b6-442f-ba4c-7246b6381474"}'
headers:
cache-control:
- no-cache
content-length:
- - '816'
+ - '1073'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:31 GMT
+ - Fri, 06 Dec 2019 22:07:58 GMT
expires:
- '-1'
pragma:
@@ -19584,16 +22662,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/6b51af03-9277-49a9-a3f8-1c69c9ff7403?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''89099bee-89e0-4b26-a5f4-165451757743'' could not be found."}}'
+ ''6b51af03-9277-49a9-a3f8-1c69c9ff7403'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -19602,7 +22680,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:32 GMT
+ - Fri, 06 Dec 2019 22:08:00 GMT
expires:
- '-1'
pragma:
@@ -19628,27 +22706,40 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/6b51af03-9277-49a9-a3f8-1c69c9ff7403?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"SQL servers should be configured with
- auditing retention days greater than 90 days.","policyType":"BuiltIn","mode":"Indexed","description":"Audit
- SQL servers configured with an auditing retention period of less than 90 days.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/auditingSettings/retentionDays","greater":90}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","type":"Microsoft.Authorization/policyDefinitions","name":"89099bee-89e0-4b26-a5f4-165451757743"}'
+ string: '{"properties":{"displayName":"Deploy Diagnostic Settings for Service
+ Bus to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Service Bus to stream to a regional Event Hub
+ when any Service Bus which is missing this diagnostic settings is created
+ or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.ServiceBus/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b51af03-9277-49a9-a3f8-1c69c9ff7403","type":"Microsoft.Authorization/policyDefinitions","name":"6b51af03-9277-49a9-a3f8-1c69c9ff7403"}'
headers:
cache-control:
- no-cache
content-length:
- - '992'
+ - '3736'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:32 GMT
+ - Fri, 06 Dec 2019 22:08:01 GMT
expires:
- '-1'
pragma:
@@ -19658,7 +22749,7 @@ interactions:
transfer-encoding:
- chunked
vary:
- - Accept-Encoding,Accept-Encoding
+ - Accept-Encoding
x-content-type-options:
- nosniff
status:
@@ -19678,16 +22769,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/8a39d1f1-5513-4628-b261-f469a5a3341b?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''8a39d1f1-5513-4628-b261-f469a5a3341b'' could not be found."}}'
+ ''6c112d4e-5bc7-47ae-a041-ea2d9dccd749'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -19696,7 +22787,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:33 GMT
+ - Fri, 06 Dec 2019 22:08:03 GMT
expires:
- '-1'
pragma:
@@ -19722,31 +22813,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/8a39d1f1-5513-4628-b261-f469a5a3341b?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
- VMs configurations in ''Security Options - System settings''","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines with non-compliant settings in Group Policy
- category: ''Security Options - System settings''. For more information on
- Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsSystemsettings","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8a39d1f1-5513-4628-b261-f469a5a3341b","type":"Microsoft.Authorization/policyDefinitions","name":"8a39d1f1-5513-4628-b261-f469a5a3341b"}'
+ string: '{"properties":{"displayName":"Not allowed resource types","policyType":"BuiltIn","mode":"All","description":"This
+ policy enables you to specify the resource types that your organization cannot
+ deploy.","metadata":{"category":"General"},"parameters":{"listOfResourceTypesNotAllowed":{"type":"Array","metadata":{"description":"The
+ list of resource types that cannot be deployed.","displayName":"Not allowed
+ resource types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypesNotAllowed'')]"},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749","type":"Microsoft.Authorization/policyDefinitions","name":"6c112d4e-5bc7-47ae-a041-ea2d9dccd749"}'
headers:
cache-control:
- no-cache
content-length:
- - '2667'
+ - '763'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:33 GMT
+ - Fri, 06 Dec 2019 22:08:04 GMT
expires:
- '-1'
pragma:
@@ -19756,7 +22844,7 @@ interactions:
transfer-encoding:
- chunked
vary:
- - Accept-Encoding,Accept-Encoding
+ - Accept-Encoding
x-content-type-options:
- nosniff
status:
@@ -19776,16 +22864,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/8b0de57a-f511-4d45-a277-17cb79cb163b?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''8b0de57a-f511-4d45-a277-17cb79cb163b'' could not be found."}}'
+ ''6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -19794,7 +22882,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:33 GMT
+ - Fri, 06 Dec 2019 22:08:05 GMT
expires:
- '-1'
pragma:
@@ -19820,30 +22908,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/8b0de57a-f511-4d45-a277-17cb79cb163b?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Show audit results from Windows VMs with
- a pending reboot","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines with a pending reboot. For more information
- on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8b0de57a-f511-4d45-a277-17cb79cb163b","type":"Microsoft.Authorization/policyDefinitions","name":"8b0de57a-f511-4d45-a277-17cb79cb163b"}'
+ string: '{"properties":{"displayName":"Function App should only be accessible
+ over HTTPS","policyType":"BuiltIn","mode":"Indexed","description":"Use of
+ HTTPS ensures server/service authentication and protects data in transit from
+ network layer eavesdropping attacks.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab","type":"Microsoft.Authorization/policyDefinitions","name":"6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab"}'
headers:
cache-control:
- no-cache
content-length:
- - '2681'
+ - '913'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:33 GMT
+ - Fri, 06 Dec 2019 22:08:06 GMT
expires:
- '-1'
pragma:
@@ -19853,7 +22939,7 @@ interactions:
transfer-encoding:
- chunked
vary:
- - Accept-Encoding,Accept-Encoding
+ - Accept-Encoding
x-content-type-options:
- nosniff
status:
@@ -19873,16 +22959,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/8bbd627e-4d25-4906-9a6e-3789780af3ec?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''8bbd627e-4d25-4906-9a6e-3789780af3ec'' could not be found."}}'
+ ''6e2593d9-add6-4083-9c9b-4b7d2188c899'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -19891,7 +22977,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:34 GMT
+ - Fri, 06 Dec 2019 22:08:08 GMT
expires:
- '-1'
pragma:
@@ -19917,31 +23003,30 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/8bbd627e-4d25-4906-9a6e-3789780af3ec?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
- VMs configurations in ''Windows Firewall Properties''","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines with non-compliant settings in Group Policy
- category: ''Windows Firewall Properties''. For more information on Guest Configuration
- policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsFirewallProperties","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8bbd627e-4d25-4906-9a6e-3789780af3ec","type":"Microsoft.Authorization/policyDefinitions","name":"8bbd627e-4d25-4906-9a6e-3789780af3ec"}'
+ string: '{"properties":{"displayName":"Email notification for high severity
+ alerts should be enabled","policyType":"BuiltIn","mode":"All","description":"Enable
+ emailing security alerts to the security contact, in order to have them receive
+ security alert emails from Microsoft. This ensures that the right people are
+ aware of any potential security issues and are able to mitigate the risks","metadata":{"category":"Security
+ Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/alertNotifications","notEquals":"Off"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899","type":"Microsoft.Authorization/policyDefinitions","name":"6e2593d9-add6-4083-9c9b-4b7d2188c899"}'
headers:
cache-control:
- no-cache
content-length:
- - '2649'
+ - '1130'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:34 GMT
+ - Fri, 06 Dec 2019 22:08:09 GMT
expires:
- '-1'
pragma:
@@ -19951,7 +23036,7 @@ interactions:
transfer-encoding:
- chunked
vary:
- - Accept-Encoding,Accept-Encoding
+ - Accept-Encoding
x-content-type-options:
- nosniff
status:
@@ -19971,16 +23056,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''8ce3da23-7156-49e4-b145-24f95f9dcb46'' could not be found."}}'
+ ''6fdb9205-3462-4cfc-87d8-16c7860b53f4'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -19989,7 +23074,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:35 GMT
+ - Fri, 06 Dec 2019 22:08:10 GMT
expires:
- '-1'
pragma:
@@ -20015,29 +23100,26 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Require tag and its value on resource
- groups","policyType":"BuiltIn","mode":"All","description":"Enforces a required
- tag and its value on resource groups.","metadata":{"category":"General"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
- Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
- Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","notEquals":"[parameters(''tagValue'')]"},{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46","type":"Microsoft.Authorization/policyDefinitions","name":"8ce3da23-7156-49e4-b145-24f95f9dcb46"}'
+ string: '{"properties":{"displayName":"[Deprecated]: Allow resource creation
+ only in Japan data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ resource creation in the following locations only: Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4","type":"Microsoft.Authorization/policyDefinitions","name":"6fdb9205-3462-4cfc-87d8-16c7860b53f4"}'
headers:
cache-control:
- no-cache
content-length:
- - '905'
+ - '601'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:35 GMT
+ - Fri, 06 Dec 2019 22:08:11 GMT
expires:
- '-1'
pragma:
@@ -20047,7 +23129,7 @@ interactions:
transfer-encoding:
- chunked
vary:
- - Accept-Encoding,Accept-Encoding
+ - Accept-Encoding
x-content-type-options:
- nosniff
status:
@@ -20067,16 +23149,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/8e170edb-e0f5-497a-bb36-48b3280cec6a?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/6fe4ef56-7576-4dc4-8e9c-26bad4b087ce?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''8e170edb-e0f5-497a-bb36-48b3280cec6a'' could not be found."}}'
+ ''6fe4ef56-7576-4dc4-8e9c-26bad4b087ce'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -20085,7 +23167,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:35 GMT
+ - Fri, 06 Dec 2019 22:08:13 GMT
expires:
- '-1'
pragma:
@@ -20111,52 +23193,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/8e170edb-e0f5-497a-bb36-48b3280cec6a?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/6fe4ef56-7576-4dc4-8e9c-26bad4b087ce?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
- Windows VMs configurations in ''System Audit Policies - Object Access''","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Windows virtual machines
- with non-compliant settings in Group Policy category: ''System Audit Policies
- - Object Access''. It also creates a system-assigned managed identity and
- deploys the VM extension for Guest Configuration. This policy should only
- be used along with its corresponding audit policy in an initiative. For more
- information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"AuditDetailedFileShare":{"type":"String","metadata":{"displayName":"Audit
- Detailed File Share","description":"If this policy setting is enabled, access
- to all shared files and folders on the system is audited. Auditing for Success
- can lead to very high volumes of events."},"allowedValues":["No Auditing","Success","Failure","Success
- and Failure"],"defaultValue":"No Auditing"},"AuditFileShare":{"type":"String","metadata":{"displayName":"Audit
- File Share","description":"Specifies whether to audit events related to file
- shares: creation, deletion, modification, and access attempts. Also, it shows
- failed SMB SPN checks. Event volumes can be high on DCs and File Servers."},"allowedValues":["No
- Auditing","Success","Failure","Success and Failure"],"defaultValue":"No Auditing"},"AuditFileSystem":{"type":"String","metadata":{"displayName":"Audit
- File System","description":"Specifies whether audit events are generated when
- users attempt to access file system objects. Audit events are generated only
- for objects that have configured system access control lists (SACLs)."},"allowedValues":["No
- Auditing","Success","Failure","Success and Failure"],"defaultValue":"No Auditing"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesObjectAccess","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''Audit
- Detailed File Share;ExpectedValue'', ''='', parameters(''AuditDetailedFileShare''),
- '','', ''Audit File Share;ExpectedValue'', ''='', parameters(''AuditFileShare''),
- '','', ''Audit File System;ExpectedValue'', ''='', parameters(''AuditFileSystem'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesObjectAccess"},"AuditDetailedFileShare":{"value":"[parameters(''AuditDetailedFileShare'')]"},"AuditFileShare":{"value":"[parameters(''AuditFileShare'')]"},"AuditFileSystem":{"value":"[parameters(''AuditFileSystem'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AuditDetailedFileShare":{"type":"string"},"AuditFileShare":{"type":"string"},"AuditFileSystem":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit
- Detailed File Share;ExpectedValue","value":"[parameters(''AuditDetailedFileShare'')]"},{"name":"Audit
- File Share;ExpectedValue","value":"[parameters(''AuditFileShare'')]"},{"name":"Audit
- File System;ExpectedValue","value":"[parameters(''AuditFileSystem'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8e170edb-e0f5-497a-bb36-48b3280cec6a","type":"Microsoft.Authorization/policyDefinitions","name":"8e170edb-e0f5-497a-bb36-48b3280cec6a"}'
+ string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
+ VMs configurations in ''Security Options - Microsoft Network Server''","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Windows virtual machines with non-compliant settings in Group Policy
+ category: ''Security Options - Microsoft Network Server''. For more information
+ on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkServer","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fe4ef56-7576-4dc4-8e9c-26bad4b087ce","type":"Microsoft.Authorization/policyDefinitions","name":"6fe4ef56-7576-4dc4-8e9c-26bad4b087ce"}'
headers:
cache-control:
- no-cache
content-length:
- - '6566'
+ - '2693'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:35 GMT
+ - Fri, 06 Dec 2019 22:08:14 GMT
expires:
- '-1'
pragma:
@@ -20186,16 +23247,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''8ff0b18b-262e-4512-857a-48ad0aeb9a78'' could not be found."}}'
+ ''7008174a-fd10-4ef0-817e-fc820a951d73'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -20204,7 +23265,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:35 GMT
+ - Fri, 06 Dec 2019 22:08:15 GMT
expires:
- '-1'
pragma:
@@ -20230,38 +23291,36 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy prerequisites to audit
- Windows VMs that do not store passwords using reversible encryption","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Windows virtual machines
- that do not store passwords using reversible encryption. It also creates a
- system-assigned managed identity and deploys the VM extension for Guest Configuration.
- This policy should only be used along with its corresponding audit policy
- in an initiative. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"StorePasswordsUsingReversibleEncryption","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"StorePasswordsUsingReversibleEncryption"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","type":"Microsoft.Authorization/policyDefinitions","name":"8ff0b18b-262e-4512-857a-48ad0aeb9a78"}'
+ string: '{"properties":{"displayName":"Ensure that ''Python version'' is the
+ latest, if used as a part of the Web app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Python software either due to security flaws
+ or to include additional functionality. Using the latest Python version for
+ web apps is recommended in order to to take advantage of security fixes, if
+ any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"WindowsPythonLatestVersion":{"type":"String","metadata":{"displayName":"Windows
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.6"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"Linux
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.8"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PYTHON"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PYTHON|'',
+ parameters(''LinuxPythonLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":"[parameters(''WindowsPythonLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73","type":"Microsoft.Authorization/policyDefinitions","name":"7008174a-fd10-4ef0-817e-fc820a951d73"}'
headers:
cache-control:
- no-cache
content-length:
- - '5224'
+ - '2110'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:35 GMT
+ - Fri, 06 Dec 2019 22:08:16 GMT
expires:
- '-1'
pragma:
@@ -20291,16 +23350,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/909c958d-1b99-4c74-b88f-46a5c5bc34f9?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/7040a231-fb65-4412-8c0a-b365f4866c24?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''909c958d-1b99-4c74-b88f-46a5c5bc34f9'' could not be found."}}'
+ ''7040a231-fb65-4412-8c0a-b365f4866c24'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -20309,7 +23368,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:36 GMT
+ - Fri, 06 Dec 2019 22:08:18 GMT
expires:
- '-1'
pragma:
@@ -20335,156 +23394,10779 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/909c958d-1b99-4c74-b88f-46a5c5bc34f9?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/7040a231-fb65-4412-8c0a-b365f4866c24?api-version=2019-09-01
response:
body:
string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
- Windows VMs configurations in ''Windows Firewall Properties''","policyType":"BuiltIn","mode":"Indexed","description":"This
+ Windows VMs configurations in ''Windows Components''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
- with non-compliant settings in Group Policy category: ''Windows Firewall Properties''.
+ with non-compliant settings in Group Policy category: ''Windows Components''.
It also creates a system-assigned managed identity and deploys the VM extension
for Guest Configuration. This policy should only be used along with its corresponding
audit policy in an initiative. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"WindowsFirewallDomainUseProfileSettings":{"type":"String","metadata":{"displayName":"Windows
- Firewall (Domain): Use profile settings","description":"Specifies whether
- Windows Firewall with Advanced Security uses the settings for the Domain profile
- to filter network traffic. If you select Off, Windows Firewall with Advanced
- Security will not use any of the firewall rules or connection security rules
- for this profile."},"defaultValue":"1"},"WindowsFirewallDomainBehaviorForOutboundConnections":{"type":"String","metadata":{"displayName":"Windows
- Firewall (Domain): Behavior for outbound connections","description":"Specifies
- the behavior for outbound connections for the Domain profile that do not match
- an outbound firewall rule. The default value of 0 means to allow connections,
- and a value of 1 means to block connections."},"defaultValue":"0"},"WindowsFirewallDomainApplyLocalConnectionSecurityRules":{"type":"String","metadata":{"displayName":"Windows
- Firewall (Domain): Apply local connection security rules","description":"Specifies
- whether local administrators are allowed to create connection security rules
- that apply together with connection security rules configured by Group Policy
- for the Domain profile."},"defaultValue":"1"},"WindowsFirewallDomainApplyLocalFirewallRules":{"type":"String","metadata":{"displayName":"Windows
- Firewall (Domain): Apply local firewall rules","description":"Specifies whether
- local administrators are allowed to create local firewall rules that apply
- together with firewall rules configured by Group Policy for the Domain profile."},"defaultValue":"1"},"WindowsFirewallDomainDisplayNotifications":{"type":"String","metadata":{"displayName":"Windows
- Firewall (Domain): Display notifications","description":"Specifies whether
- Windows Firewall with Advanced Security displays notifications to the user
- when a program is blocked from receiving inbound connections, for the Domain
- profile."},"defaultValue":"1"},"WindowsFirewallPrivateUseProfileSettings":{"type":"String","metadata":{"displayName":"Windows
- Firewall (Private): Use profile settings","description":"Specifies whether
- Windows Firewall with Advanced Security uses the settings for the Private
- profile to filter network traffic. If you select Off, Windows Firewall with
- Advanced Security will not use any of the firewall rules or connection security
- rules for this profile."},"defaultValue":"1"},"WindowsFirewallPrivateBehaviorForOutboundConnections":{"type":"String","metadata":{"displayName":"Windows
- Firewall (Private): Behavior for outbound connections","description":"Specifies
- the behavior for outbound connections for the Private profile that do not
- match an outbound firewall rule. The default value of 0 means to allow connections,
- and a value of 1 means to block connections."},"defaultValue":"0"},"WindowsFirewallPrivateApplyLocalConnectionSecurityRules":{"type":"String","metadata":{"displayName":"Windows
- Firewall (Private): Apply local connection security rules","description":"Specifies
- whether local administrators are allowed to create connection security rules
- that apply together with connection security rules configured by Group Policy
- for the Private profile."},"defaultValue":"1"},"WindowsFirewallPrivateApplyLocalFirewallRules":{"type":"String","metadata":{"displayName":"Windows
- Firewall (Private): Apply local firewall rules","description":"Specifies whether
- local administrators are allowed to create local firewall rules that apply
- together with firewall rules configured by Group Policy for the Private profile."},"defaultValue":"1"},"WindowsFirewallPrivateDisplayNotifications":{"type":"String","metadata":{"displayName":"Windows
- Firewall (Private): Display notifications","description":"Specifies whether
- Windows Firewall with Advanced Security displays notifications to the user
- when a program is blocked from receiving inbound connections, for the Private
- profile."},"defaultValue":"1"},"WindowsFirewallPublicUseProfileSettings":{"type":"String","metadata":{"displayName":"Windows
- Firewall (Public): Use profile settings","description":"Specifies whether
- Windows Firewall with Advanced Security uses the settings for the Public profile
- to filter network traffic. If you select Off, Windows Firewall with Advanced
- Security will not use any of the firewall rules or connection security rules
- for this profile."},"defaultValue":"1"},"WindowsFirewallPublicBehaviorForOutboundConnections":{"type":"String","metadata":{"displayName":"Windows
- Firewall (Public): Behavior for outbound connections","description":"Specifies
- the behavior for outbound connections for the Public profile that do not match
- an outbound firewall rule. The default value of 0 means to allow connections,
- and a value of 1 means to block connections."},"defaultValue":"0"},"WindowsFirewallPublicApplyLocalConnectionSecurityRules":{"type":"String","metadata":{"displayName":"Windows
- Firewall (Public): Apply local connection security rules","description":"Specifies
- whether local administrators are allowed to create connection security rules
- that apply together with connection security rules configured by Group Policy
- for the Public profile."},"defaultValue":"1"},"WindowsFirewallPublicApplyLocalFirewallRules":{"type":"String","metadata":{"displayName":"Windows
- Firewall (Public): Apply local firewall rules","description":"Specifies whether
- local administrators are allowed to create local firewall rules that apply
- together with firewall rules configured by Group Policy for the Public profile."},"defaultValue":"1"},"WindowsFirewallPublicDisplayNotifications":{"type":"String","metadata":{"displayName":"Windows
- Firewall (Public): Display notifications","description":"Specifies whether
- Windows Firewall with Advanced Security displays notifications to the user
- when a program is blocked from receiving inbound connections, for the Public
- profile."},"defaultValue":"1"},"WindowsFirewallDomainAllowUnicastResponse":{"type":"String","metadata":{"displayName":"Windows
- Firewall: Domain: Allow unicast response","description":"Specifies whether
- Windows Firewall with Advanced Security permits the local computer to receive
- unicast responses to its outgoing multicast or broadcast messages; for the
- Domain profile."},"defaultValue":"0"},"WindowsFirewallPrivateAllowUnicastResponse":{"type":"String","metadata":{"displayName":"Windows
- Firewall: Private: Allow unicast response","description":"Specifies whether
- Windows Firewall with Advanced Security permits the local computer to receive
- unicast responses to its outgoing multicast or broadcast messages; for the
- Private profile."},"defaultValue":"0"},"WindowsFirewallPublicAllowUnicastResponse":{"type":"String","metadata":{"displayName":"Windows
- Firewall: Public: Allow unicast response","description":"Specifies whether
- Windows Firewall with Advanced Security permits the local computer to receive
- unicast responses to its outgoing multicast or broadcast messages; for the
- Public profile."},"defaultValue":"1"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsFirewallProperties","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''Windows
- Firewall: Domain: Firewall state;ExpectedValue'', ''='', parameters(''WindowsFirewallDomainUseProfileSettings''),
- '','', ''Windows Firewall: Domain: Outbound connections;ExpectedValue'', ''='',
- parameters(''WindowsFirewallDomainBehaviorForOutboundConnections''), '','',
- ''Windows Firewall: Domain: Settings: Apply local connection security rules;ExpectedValue'',
- ''='', parameters(''WindowsFirewallDomainApplyLocalConnectionSecurityRules''),
- '','', ''Windows Firewall: Domain: Settings: Apply local firewall rules;ExpectedValue'',
- ''='', parameters(''WindowsFirewallDomainApplyLocalFirewallRules''), '','',
- ''Windows Firewall: Domain: Settings: Display a notification;ExpectedValue'',
- ''='', parameters(''WindowsFirewallDomainDisplayNotifications''), '','', ''Windows
- Firewall: Private: Firewall state;ExpectedValue'', ''='', parameters(''WindowsFirewallPrivateUseProfileSettings''),
- '','', ''Windows Firewall: Private: Outbound connections;ExpectedValue'',
- ''='', parameters(''WindowsFirewallPrivateBehaviorForOutboundConnections''),
- '','', ''Windows Firewall: Private: Settings: Apply local connection security
- rules;ExpectedValue'', ''='', parameters(''WindowsFirewallPrivateApplyLocalConnectionSecurityRules''),
- '','', ''Windows Firewall: Private: Settings: Apply local firewall rules;ExpectedValue'',
- ''='', parameters(''WindowsFirewallPrivateApplyLocalFirewallRules''), '','',
- ''Windows Firewall: Private: Settings: Display a notification;ExpectedValue'',
- ''='', parameters(''WindowsFirewallPrivateDisplayNotifications''), '','',
- ''Windows Firewall: Public: Firewall state;ExpectedValue'', ''='', parameters(''WindowsFirewallPublicUseProfileSettings''),
- '','', ''Windows Firewall: Public: Outbound connections;ExpectedValue'', ''='',
- parameters(''WindowsFirewallPublicBehaviorForOutboundConnections''), '','',
- ''Windows Firewall: Public: Settings: Apply local connection security rules;ExpectedValue'',
- ''='', parameters(''WindowsFirewallPublicApplyLocalConnectionSecurityRules''),
- '','', ''Windows Firewall: Public: Settings: Apply local firewall rules;ExpectedValue'',
- ''='', parameters(''WindowsFirewallPublicApplyLocalFirewallRules''), '','',
- ''Windows Firewall: Public: Settings: Display a notification;ExpectedValue'',
- ''='', parameters(''WindowsFirewallPublicDisplayNotifications''), '','', ''Windows
- Firewall: Domain: Allow unicast response;ExpectedValue'', ''='', parameters(''WindowsFirewallDomainAllowUnicastResponse''),
- '','', ''Windows Firewall: Private: Allow unicast response;ExpectedValue'',
- ''='', parameters(''WindowsFirewallPrivateAllowUnicastResponse''), '','',
- ''Windows Firewall: Public: Allow unicast response;ExpectedValue'', ''='',
- parameters(''WindowsFirewallPublicAllowUnicastResponse'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_WindowsFirewallProperties"},"WindowsFirewallDomainUseProfileSettings":{"value":"[parameters(''WindowsFirewallDomainUseProfileSettings'')]"},"WindowsFirewallDomainBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallDomainBehaviorForOutboundConnections'')]"},"WindowsFirewallDomainApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallDomainApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalFirewallRules'')]"},"WindowsFirewallDomainDisplayNotifications":{"value":"[parameters(''WindowsFirewallDomainDisplayNotifications'')]"},"WindowsFirewallPrivateUseProfileSettings":{"value":"[parameters(''WindowsFirewallPrivateUseProfileSettings'')]"},"WindowsFirewallPrivateBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPrivateBehaviorForOutboundConnections'')]"},"WindowsFirewallPrivateApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallPrivateApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalFirewallRules'')]"},"WindowsFirewallPrivateDisplayNotifications":{"value":"[parameters(''WindowsFirewallPrivateDisplayNotifications'')]"},"WindowsFirewallPublicUseProfileSettings":{"value":"[parameters(''WindowsFirewallPublicUseProfileSettings'')]"},"WindowsFirewallPublicBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPublicBehaviorForOutboundConnections'')]"},"WindowsFirewallPublicApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallPublicApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalFirewallRules'')]"},"WindowsFirewallPublicDisplayNotifications":{"value":"[parameters(''WindowsFirewallPublicDisplayNotifications'')]"},"WindowsFirewallDomainAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallDomainAllowUnicastResponse'')]"},"WindowsFirewallPrivateAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPrivateAllowUnicastResponse'')]"},"WindowsFirewallPublicAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPublicAllowUnicastResponse'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"WindowsFirewallDomainUseProfileSettings":{"type":"string"},"WindowsFirewallDomainBehaviorForOutboundConnections":{"type":"string"},"WindowsFirewallDomainApplyLocalConnectionSecurityRules":{"type":"string"},"WindowsFirewallDomainApplyLocalFirewallRules":{"type":"string"},"WindowsFirewallDomainDisplayNotifications":{"type":"string"},"WindowsFirewallPrivateUseProfileSettings":{"type":"string"},"WindowsFirewallPrivateBehaviorForOutboundConnections":{"type":"string"},"WindowsFirewallPrivateApplyLocalConnectionSecurityRules":{"type":"string"},"WindowsFirewallPrivateApplyLocalFirewallRules":{"type":"string"},"WindowsFirewallPrivateDisplayNotifications":{"type":"string"},"WindowsFirewallPublicUseProfileSettings":{"type":"string"},"WindowsFirewallPublicBehaviorForOutboundConnections":{"type":"string"},"WindowsFirewallPublicApplyLocalConnectionSecurityRules":{"type":"string"},"WindowsFirewallPublicApplyLocalFirewallRules":{"type":"string"},"WindowsFirewallPublicDisplayNotifications":{"type":"string"},"WindowsFirewallDomainAllowUnicastResponse":{"type":"string"},"WindowsFirewallPrivateAllowUnicastResponse":{"type":"string"},"WindowsFirewallPublicAllowUnicastResponse":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Windows
- Firewall: Domain: Firewall state;ExpectedValue","value":"[parameters(''WindowsFirewallDomainUseProfileSettings'')]"},{"name":"Windows
- Firewall: Domain: Outbound connections;ExpectedValue","value":"[parameters(''WindowsFirewallDomainBehaviorForOutboundConnections'')]"},{"name":"Windows
- Firewall: Domain: Settings: Apply local connection security rules;ExpectedValue","value":"[parameters(''WindowsFirewallDomainApplyLocalConnectionSecurityRules'')]"},{"name":"Windows
- Firewall: Domain: Settings: Apply local firewall rules;ExpectedValue","value":"[parameters(''WindowsFirewallDomainApplyLocalFirewallRules'')]"},{"name":"Windows
- Firewall: Domain: Settings: Display a notification;ExpectedValue","value":"[parameters(''WindowsFirewallDomainDisplayNotifications'')]"},{"name":"Windows
- Firewall: Private: Firewall state;ExpectedValue","value":"[parameters(''WindowsFirewallPrivateUseProfileSettings'')]"},{"name":"Windows
- Firewall: Private: Outbound connections;ExpectedValue","value":"[parameters(''WindowsFirewallPrivateBehaviorForOutboundConnections'')]"},{"name":"Windows
- Firewall: Private: Settings: Apply local connection security rules;ExpectedValue","value":"[parameters(''WindowsFirewallPrivateApplyLocalConnectionSecurityRules'')]"},{"name":"Windows
- Firewall: Private: Settings: Apply local firewall rules;ExpectedValue","value":"[parameters(''WindowsFirewallPrivateApplyLocalFirewallRules'')]"},{"name":"Windows
- Firewall: Private: Settings: Display a notification;ExpectedValue","value":"[parameters(''WindowsFirewallPrivateDisplayNotifications'')]"},{"name":"Windows
- Firewall: Public: Firewall state;ExpectedValue","value":"[parameters(''WindowsFirewallPublicUseProfileSettings'')]"},{"name":"Windows
- Firewall: Public: Outbound connections;ExpectedValue","value":"[parameters(''WindowsFirewallPublicBehaviorForOutboundConnections'')]"},{"name":"Windows
- Firewall: Public: Settings: Apply local connection security rules;ExpectedValue","value":"[parameters(''WindowsFirewallPublicApplyLocalConnectionSecurityRules'')]"},{"name":"Windows
- Firewall: Public: Settings: Apply local firewall rules;ExpectedValue","value":"[parameters(''WindowsFirewallPublicApplyLocalFirewallRules'')]"},{"name":"Windows
- Firewall: Public: Settings: Display a notification;ExpectedValue","value":"[parameters(''WindowsFirewallPublicDisplayNotifications'')]"},{"name":"Windows
- Firewall: Domain: Allow unicast response;ExpectedValue","value":"[parameters(''WindowsFirewallDomainAllowUnicastResponse'')]"},{"name":"Windows
- Firewall: Private: Allow unicast response;ExpectedValue","value":"[parameters(''WindowsFirewallPrivateAllowUnicastResponse'')]"},{"name":"Windows
- Firewall: Public: Allow unicast response;ExpectedValue","value":"[parameters(''WindowsFirewallPublicAllowUnicastResponse'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/909c958d-1b99-4c74-b88f-46a5c5bc34f9","type":"Microsoft.Authorization/policyDefinitions","name":"909c958d-1b99-4c74-b88f-46a5c5bc34f9"}'
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"SendFileSamplesWhenFurtherAnalysisIsRequired":{"type":"String","metadata":{"displayName":"Send
+ file samples when further analysis is required","description":"Specifies whether
+ and how Windows Defender will submit samples of suspected malware to Microsoft
+ for further analysis when opt-in for MAPS telemetry is set."},"defaultValue":"1"},"AllowIndexingOfEncryptedFiles":{"type":"String","metadata":{"displayName":"Allow
+ indexing of encrypted files","description":"Specifies whether encrypted items
+ are allowed to be indexed."},"defaultValue":"0"},"AllowTelemetry":{"type":"String","metadata":{"displayName":"Allow
+ Telemetry","description":"Specifies configuration of the amount of diagnostic
+ and usage data reported to Microsoft. The data is transmitted securely and
+ sensitive data is not sent."},"defaultValue":"2"},"AllowUnencryptedTraffic":{"type":"String","metadata":{"displayName":"Allow
+ unencrypted traffic","description":"Specifies whether the Windows Remote Management
+ (WinRM) service sends and receives unencrypted messages over the network."},"defaultValue":"0"},"AlwaysInstallWithElevatedPrivileges":{"type":"String","metadata":{"displayName":"Always
+ install with elevated privileges","description":"Specifies whether Windows
+ Installer should use system permissions when it installs any program on the
+ system."},"defaultValue":"0"},"AlwaysPromptForPasswordUponConnection":{"type":"String","metadata":{"displayName":"Always
+ prompt for password upon connection","description":"Specifies whether Terminal
+ Services/Remote Desktop Connection always prompts the client computer for
+ a password upon connection."},"defaultValue":"1"},"ApplicationSpecifyTheMaximumLogFileSizeKB":{"type":"String","metadata":{"displayName":"Application:
+ Specify the maximum log file size (KB)","description":"Specifies the maximum
+ size for the Application event log in kilobytes."},"defaultValue":"32768"},"AutomaticallySendMemoryDumpsForOSgeneratedErrorReports":{"type":"String","metadata":{"displayName":"Automatically
+ send memory dumps for OS-generated error reports","description":"Specifies
+ if memory dumps in support of OS-generated error reports can be sent to Microsoft
+ automatically."},"defaultValue":"1"},"ConfigureDefaultConsent":{"type":"String","metadata":{"displayName":"Configure
+ Default consent","description":"Specifies setting of the default consent handling
+ for error reports sent to Microsoft."},"defaultValue":"4"},"ConfigureWindowsSmartScreen":{"type":"String","metadata":{"displayName":"Configure
+ Windows SmartScreen","description":"Specifies how to manage the behavior of
+ Windows SmartScreen. Windows SmartScreen helps keep PCs safer by warning users
+ before running unrecognized programs downloaded from the Internet. Some information
+ is sent to Microsoft about files and programs run on PCs with this feature
+ enabled."},"defaultValue":"1"},"DisallowDigestAuthentication":{"type":"String","metadata":{"displayName":"Disallow
+ Digest authentication","description":"Specifies whether the Windows Remote
+ Management (WinRM) client will not use Digest authentication."},"defaultValue":"0"},"DisallowWinRMFromStoringRunAsCredentials":{"type":"String","metadata":{"displayName":"Disallow
+ WinRM from storing RunAs credentials","description":"Specifies whether the
+ Windows Remote Management (WinRM) service will not allow RunAs credentials
+ to be stored for any plug-ins."},"defaultValue":"1"},"DoNotAllowPasswordsToBeSaved":{"type":"String","metadata":{"displayName":"Do
+ not allow passwords to be saved","description":"Specifies whether to prevent
+ Remote Desktop Services - Terminal Services clients from saving passwords
+ on a computer."},"defaultValue":"1"},"SecuritySpecifyTheMaximumLogFileSizeKB":{"type":"String","metadata":{"displayName":"Security:
+ Specify the maximum log file size (KB)","description":"Specifies the maximum
+ size for the Security event log in kilobytes."},"defaultValue":"196608"},"SetClientConnectionEncryptionLevel":{"type":"String","metadata":{"displayName":"Set
+ client connection encryption level","description":"Specifies whether to require
+ the use of a specific encryption level to secure communications between client
+ computers and RD Session Host servers during Remote Desktop Protocol (RDP)
+ connections. This policy only applies when you are using native RDP encryption."},"defaultValue":"3"},"SetTheDefaultBehaviorForAutoRun":{"type":"String","metadata":{"displayName":"Set
+ the default behavior for AutoRun","description":"Specifies the default behavior
+ for Autorun commands. Autorun commands are generally stored in autorun.inf
+ files. They often launch the installation program or other routines."},"defaultValue":"1"},"SetupSpecifyTheMaximumLogFileSizeKB":{"type":"String","metadata":{"displayName":"Setup:
+ Specify the maximum log file size (KB)","description":"Specifies the maximum
+ size for the Setup event log in kilobytes."},"defaultValue":"32768"},"SystemSpecifyTheMaximumLogFileSizeKB":{"type":"String","metadata":{"displayName":"System:
+ Specify the maximum log file size (KB)","description":"Specifies the maximum
+ size for the System event log in kilobytes."},"defaultValue":"32768"},"TurnOffDataExecutionPreventionForExplorer":{"type":"String","metadata":{"displayName":"Turn
+ off Data Execution Prevention for Explorer","description":"Specifies whether
+ to turn off Data Execution Prevention for Windows File Explorer. Disabling
+ data execution prevention can allow certain legacy plug-in applications to
+ function without terminating Explorer."},"defaultValue":"0"},"SpecifyTheIntervalToCheckForDefinitionUpdates":{"type":"String","metadata":{"displayName":"Specify
+ the interval to check for definition updates","description":"Specifies an
+ interval at which to check for Windows Defender definition updates. The time
+ value is represented as the number of hours between update checks."},"defaultValue":"8"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsComponents","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''Send
+ file samples when further analysis is required;ExpectedValue'', ''='', parameters(''SendFileSamplesWhenFurtherAnalysisIsRequired''),
+ '','', ''Allow indexing of encrypted files;ExpectedValue'', ''='', parameters(''AllowIndexingOfEncryptedFiles''),
+ '','', ''Allow Telemetry;ExpectedValue'', ''='', parameters(''AllowTelemetry''),
+ '','', ''Allow unencrypted traffic;ExpectedValue'', ''='', parameters(''AllowUnencryptedTraffic''),
+ '','', ''Always install with elevated privileges;ExpectedValue'', ''='', parameters(''AlwaysInstallWithElevatedPrivileges''),
+ '','', ''Always prompt for password upon connection;ExpectedValue'', ''='',
+ parameters(''AlwaysPromptForPasswordUponConnection''), '','', ''Application:
+ Specify the maximum log file size (KB);ExpectedValue'', ''='', parameters(''ApplicationSpecifyTheMaximumLogFileSizeKB''),
+ '','', ''Automatically send memory dumps for OS-generated error reports;ExpectedValue'',
+ ''='', parameters(''AutomaticallySendMemoryDumpsForOSgeneratedErrorReports''),
+ '','', ''Configure Default consent;ExpectedValue'', ''='', parameters(''ConfigureDefaultConsent''),
+ '','', ''Configure Windows SmartScreen;ExpectedValue'', ''='', parameters(''ConfigureWindowsSmartScreen''),
+ '','', ''Disallow Digest authentication;ExpectedValue'', ''='', parameters(''DisallowDigestAuthentication''),
+ '','', ''Disallow WinRM from storing RunAs credentials;ExpectedValue'', ''='',
+ parameters(''DisallowWinRMFromStoringRunAsCredentials''), '','', ''Do not
+ allow passwords to be saved;ExpectedValue'', ''='', parameters(''DoNotAllowPasswordsToBeSaved''),
+ '','', ''Security: Specify the maximum log file size (KB);ExpectedValue'',
+ ''='', parameters(''SecuritySpecifyTheMaximumLogFileSizeKB''), '','', ''Set
+ client connection encryption level;ExpectedValue'', ''='', parameters(''SetClientConnectionEncryptionLevel''),
+ '','', ''Set the default behavior for AutoRun;ExpectedValue'', ''='', parameters(''SetTheDefaultBehaviorForAutoRun''),
+ '','', ''Setup: Specify the maximum log file size (KB);ExpectedValue'', ''='',
+ parameters(''SetupSpecifyTheMaximumLogFileSizeKB''), '','', ''System: Specify
+ the maximum log file size (KB);ExpectedValue'', ''='', parameters(''SystemSpecifyTheMaximumLogFileSizeKB''),
+ '','', ''Turn off Data Execution Prevention for Explorer;ExpectedValue'',
+ ''='', parameters(''TurnOffDataExecutionPreventionForExplorer''), '','', ''Specify
+ the interval to check for definition updates;ExpectedValue'', ''='', parameters(''SpecifyTheIntervalToCheckForDefinitionUpdates'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_WindowsComponents"},"SendFileSamplesWhenFurtherAnalysisIsRequired":{"value":"[parameters(''SendFileSamplesWhenFurtherAnalysisIsRequired'')]"},"AllowIndexingOfEncryptedFiles":{"value":"[parameters(''AllowIndexingOfEncryptedFiles'')]"},"AllowTelemetry":{"value":"[parameters(''AllowTelemetry'')]"},"AllowUnencryptedTraffic":{"value":"[parameters(''AllowUnencryptedTraffic'')]"},"AlwaysInstallWithElevatedPrivileges":{"value":"[parameters(''AlwaysInstallWithElevatedPrivileges'')]"},"AlwaysPromptForPasswordUponConnection":{"value":"[parameters(''AlwaysPromptForPasswordUponConnection'')]"},"ApplicationSpecifyTheMaximumLogFileSizeKB":{"value":"[parameters(''ApplicationSpecifyTheMaximumLogFileSizeKB'')]"},"AutomaticallySendMemoryDumpsForOSgeneratedErrorReports":{"value":"[parameters(''AutomaticallySendMemoryDumpsForOSgeneratedErrorReports'')]"},"ConfigureDefaultConsent":{"value":"[parameters(''ConfigureDefaultConsent'')]"},"ConfigureWindowsSmartScreen":{"value":"[parameters(''ConfigureWindowsSmartScreen'')]"},"DisallowDigestAuthentication":{"value":"[parameters(''DisallowDigestAuthentication'')]"},"DisallowWinRMFromStoringRunAsCredentials":{"value":"[parameters(''DisallowWinRMFromStoringRunAsCredentials'')]"},"DoNotAllowPasswordsToBeSaved":{"value":"[parameters(''DoNotAllowPasswordsToBeSaved'')]"},"SecuritySpecifyTheMaximumLogFileSizeKB":{"value":"[parameters(''SecuritySpecifyTheMaximumLogFileSizeKB'')]"},"SetClientConnectionEncryptionLevel":{"value":"[parameters(''SetClientConnectionEncryptionLevel'')]"},"SetTheDefaultBehaviorForAutoRun":{"value":"[parameters(''SetTheDefaultBehaviorForAutoRun'')]"},"SetupSpecifyTheMaximumLogFileSizeKB":{"value":"[parameters(''SetupSpecifyTheMaximumLogFileSizeKB'')]"},"SystemSpecifyTheMaximumLogFileSizeKB":{"value":"[parameters(''SystemSpecifyTheMaximumLogFileSizeKB'')]"},"TurnOffDataExecutionPreventionForExplorer":{"value":"[parameters(''TurnOffDataExecutionPreventionForExplorer'')]"},"SpecifyTheIntervalToCheckForDefinitionUpdates":{"value":"[parameters(''SpecifyTheIntervalToCheckForDefinitionUpdates'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"SendFileSamplesWhenFurtherAnalysisIsRequired":{"type":"string"},"AllowIndexingOfEncryptedFiles":{"type":"string"},"AllowTelemetry":{"type":"string"},"AllowUnencryptedTraffic":{"type":"string"},"AlwaysInstallWithElevatedPrivileges":{"type":"string"},"AlwaysPromptForPasswordUponConnection":{"type":"string"},"ApplicationSpecifyTheMaximumLogFileSizeKB":{"type":"string"},"AutomaticallySendMemoryDumpsForOSgeneratedErrorReports":{"type":"string"},"ConfigureDefaultConsent":{"type":"string"},"ConfigureWindowsSmartScreen":{"type":"string"},"DisallowDigestAuthentication":{"type":"string"},"DisallowWinRMFromStoringRunAsCredentials":{"type":"string"},"DoNotAllowPasswordsToBeSaved":{"type":"string"},"SecuritySpecifyTheMaximumLogFileSizeKB":{"type":"string"},"SetClientConnectionEncryptionLevel":{"type":"string"},"SetTheDefaultBehaviorForAutoRun":{"type":"string"},"SetupSpecifyTheMaximumLogFileSizeKB":{"type":"string"},"SystemSpecifyTheMaximumLogFileSizeKB":{"type":"string"},"TurnOffDataExecutionPreventionForExplorer":{"type":"string"},"SpecifyTheIntervalToCheckForDefinitionUpdates":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Send
+ file samples when further analysis is required;ExpectedValue","value":"[parameters(''SendFileSamplesWhenFurtherAnalysisIsRequired'')]"},{"name":"Allow
+ indexing of encrypted files;ExpectedValue","value":"[parameters(''AllowIndexingOfEncryptedFiles'')]"},{"name":"Allow
+ Telemetry;ExpectedValue","value":"[parameters(''AllowTelemetry'')]"},{"name":"Allow
+ unencrypted traffic;ExpectedValue","value":"[parameters(''AllowUnencryptedTraffic'')]"},{"name":"Always
+ install with elevated privileges;ExpectedValue","value":"[parameters(''AlwaysInstallWithElevatedPrivileges'')]"},{"name":"Always
+ prompt for password upon connection;ExpectedValue","value":"[parameters(''AlwaysPromptForPasswordUponConnection'')]"},{"name":"Application:
+ Specify the maximum log file size (KB);ExpectedValue","value":"[parameters(''ApplicationSpecifyTheMaximumLogFileSizeKB'')]"},{"name":"Automatically
+ send memory dumps for OS-generated error reports;ExpectedValue","value":"[parameters(''AutomaticallySendMemoryDumpsForOSgeneratedErrorReports'')]"},{"name":"Configure
+ Default consent;ExpectedValue","value":"[parameters(''ConfigureDefaultConsent'')]"},{"name":"Configure
+ Windows SmartScreen;ExpectedValue","value":"[parameters(''ConfigureWindowsSmartScreen'')]"},{"name":"Disallow
+ Digest authentication;ExpectedValue","value":"[parameters(''DisallowDigestAuthentication'')]"},{"name":"Disallow
+ WinRM from storing RunAs credentials;ExpectedValue","value":"[parameters(''DisallowWinRMFromStoringRunAsCredentials'')]"},{"name":"Do
+ not allow passwords to be saved;ExpectedValue","value":"[parameters(''DoNotAllowPasswordsToBeSaved'')]"},{"name":"Security:
+ Specify the maximum log file size (KB);ExpectedValue","value":"[parameters(''SecuritySpecifyTheMaximumLogFileSizeKB'')]"},{"name":"Set
+ client connection encryption level;ExpectedValue","value":"[parameters(''SetClientConnectionEncryptionLevel'')]"},{"name":"Set
+ the default behavior for AutoRun;ExpectedValue","value":"[parameters(''SetTheDefaultBehaviorForAutoRun'')]"},{"name":"Setup:
+ Specify the maximum log file size (KB);ExpectedValue","value":"[parameters(''SetupSpecifyTheMaximumLogFileSizeKB'')]"},{"name":"System:
+ Specify the maximum log file size (KB);ExpectedValue","value":"[parameters(''SystemSpecifyTheMaximumLogFileSizeKB'')]"},{"name":"Turn
+ off Data Execution Prevention for Explorer;ExpectedValue","value":"[parameters(''TurnOffDataExecutionPreventionForExplorer'')]"},{"name":"Specify
+ the interval to check for definition updates;ExpectedValue","value":"[parameters(''SpecifyTheIntervalToCheckForDefinitionUpdates'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7040a231-fb65-4412-8c0a-b365f4866c24","type":"Microsoft.Authorization/policyDefinitions","name":"7040a231-fb65-4412-8c0a-b365f4866c24"}'
headers:
cache-control:
- no-cache
content-length:
- - '20256'
+ - '18346'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:08:19 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/7066131b-61a6-4917-a7e4-72e8983f0aa6?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''7066131b-61a6-4917-a7e4-72e8983f0aa6'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:08:21 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/7066131b-61a6-4917-a7e4-72e8983f0aa6?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
+ VMs configurations in ''System Audit Policies - System''","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Windows virtual machines with non-compliant settings in Group Policy
+ category: ''System Audit Policies - System''. For more information on Guest
+ Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7066131b-61a6-4917-a7e4-72e8983f0aa6","type":"Microsoft.Authorization/policyDefinitions","name":"7066131b-61a6-4917-a7e4-72e8983f0aa6"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '2655'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:08:22 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/7227ebe5-9ff7-47ab-b823-171cd02fb90f?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''7227ebe5-9ff7-47ab-b823-171cd02fb90f'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:08:23 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/7227ebe5-9ff7-47ab-b823-171cd02fb90f?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
+ VMs on which the DSC configuration is not compliant","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Windows VMs on which the Desired State Configuration (DSC) configuration
+ is not compliant. This policy is only applicable to machines with WMF 4 and
+ above. For more information on Guest Configuration policies, please visit
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDscConfiguration","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7227ebe5-9ff7-47ab-b823-171cd02fb90f","type":"Microsoft.Authorization/policyDefinitions","name":"7227ebe5-9ff7-47ab-b823-171cd02fb90f"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '2829'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:08:24 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/7229bd6a-693d-478a-87f0-1dc1af06f3b8?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''7229bd6a-693d-478a-87f0-1dc1af06f3b8'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:08:25 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/7229bd6a-693d-478a-87f0-1dc1af06f3b8?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
+ VMs configurations in ''Administrative Templates - Network''","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Windows virtual machines with non-compliant settings in Group Policy
+ category: ''Administrative Templates - Network''. For more information on
+ Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesNetwork","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7229bd6a-693d-478a-87f0-1dc1af06f3b8","type":"Microsoft.Authorization/policyDefinitions","name":"7229bd6a-693d-478a-87f0-1dc1af06f3b8"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '2668'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:08:26 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''7238174a-fd10-4ef0-817e-fc820a951d73'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:08:29 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Ensure that ''Python version'' is the
+ latest, if used as a part of the Function app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Python software either due to security flaws
+ or to include additional functionality. Using the latest Python version for
+ Function apps is recommended in order to to take advantage of security fixes,
+ if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"WindowsPythonLatestVersion":{"type":"String","metadata":{"displayName":"Windows
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.6"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"Linux
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.8"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PYTHON"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PYTHON|'',
+ parameters(''LinuxPythonLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":"[parameters(''WindowsPythonLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73","type":"Microsoft.Authorization/policyDefinitions","name":"7238174a-fd10-4ef0-817e-fc820a951d73"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '2128'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:08:30 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''7261b898-8a84-4db8-9e04-18527132abb3'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:08:32 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Ensure that ''PHP version'' is the latest,
+ if used as a part of the WEB app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for PHP software either due to security flaws
+ or to include additional functionality. Using the latest PHP version for web
+ apps is recommended in order to to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ PHP version","description":"Latest supported PHP version for App Services"},"defaultValue":"7.3"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PHP"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PHP|'',
+ parameters(''PHPLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":"[parameters(''PHPLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3","type":"Microsoft.Authorization/policyDefinitions","name":"7261b898-8a84-4db8-9e04-18527132abb3"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1856'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:08:33 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''726671ac-c4de-4908-8c7d-6043ae62e3b6'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:08:35 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"[Preview]: Deploy prerequisites to audit
+ Windows VMs that allow re-use of the previous 24 passwords","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Windows virtual machines
+ that allow re-use of the previous 24 passwords. It also creates a system-assigned
+ managed identity and deploys the VM extension for Guest Configuration. This
+ policy should only be used along with its corresponding audit policy in an
+ initiative. For more information on Guest Configuration policies, please visit
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"EnforcePasswordHistory"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","type":"Microsoft.Authorization/policyDefinitions","name":"726671ac-c4de-4908-8c7d-6043ae62e3b6"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '5244'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:08:36 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/726aca4c-86e9-4b04-b0c5-073027359532?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''726aca4c-86e9-4b04-b0c5-073027359532'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:08:37 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/726aca4c-86e9-4b04-b0c5-073027359532?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Add a tag to resource groups","policyType":"BuiltIn","mode":"All","description":"Adds
+ the specified tag and value when any resource group missing this tag is created
+ or updated. Existing resource groups can be remediated by triggering a remediation
+ task. If the tag exists with a different value it will not be changed.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
+ Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"add","field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/726aca4c-86e9-4b04-b0c5-073027359532","type":"Microsoft.Authorization/policyDefinitions","name":"726aca4c-86e9-4b04-b0c5-073027359532"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1297'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:08:38 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''7433c107-6db4-4ad1-b57a-a76dce0154a1'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:08:40 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Allowed storage account SKUs","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy enables you to specify a set of storage account SKUs that your organization
+ can deploy.","metadata":{"category":"Storage"},"parameters":{"listOfAllowedSKUs":{"type":"Array","metadata":{"description":"The
+ list of SKUs that can be specified for storage accounts.","displayName":"Allowed
+ SKUs","strongType":"StorageSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1","type":"Microsoft.Authorization/policyDefinitions","name":"7433c107-6db4-4ad1-b57a-a76dce0154a1"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '866'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:08:41 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''74c3584d-afae-46f7-a20a-6f8adba71a16'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:08:43 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Ensure that ''Python version'' is the
+ latest, if used as a part of the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Python software either due to security flaws
+ or to include additional functionality. Using the latest Python version for
+ Api apps is recommended in order to to take advantage of security fixes, if
+ any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"WindowsPythonLatestVersion":{"type":"String","metadata":{"displayName":"Windows
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.6"},"LinuxPythonLatestVersion":{"type":"String","metadata":{"displayName":"Linux
+ Latest Python version","description":"Latest supported Python version for
+ App Services"},"defaultValue":"3.8"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PYTHON"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PYTHON|'',
+ parameters(''LinuxPythonLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.pythonVersion","equals":"[parameters(''WindowsPythonLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16","type":"Microsoft.Authorization/policyDefinitions","name":"74c3584d-afae-46f7-a20a-6f8adba71a16"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '2110'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:08:44 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''752c6934-9bcc-4749-b004-655e676ae2ac'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:08:45 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"[Deprecated]: Audit enabling of diagnostic
+ logs in App Services","policyType":"BuiltIn","mode":"All","description":"Audit
+ enabling of diagnostic logs on the app. This enables you to recreate activity
+ trails for investigation purposes if a security incident occurs or your network
+ is compromised","metadata":{"category":"App Service","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites/config"},{"field":"name","equals":"web"},{"anyOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","notEquals":"true"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac","type":"Microsoft.Authorization/policyDefinitions","name":"752c6934-9bcc-4749-b004-655e676ae2ac"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1209'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:08:45 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''760a85ff-6162-42b3-8d70-698e268f648c'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:08:47 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Vulnerabilities should be remediated
+ by a Vulnerability Assessment solution","policyType":"BuiltIn","mode":"All","description":"Monitors
+ vulnerabilities detected by Vulnerability Assessment solution and VMs without
+ a Vulnerability Assessment solution in Azure Security Center as recommendations.","metadata":{"category":"Security
+ Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"vulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","type":"Microsoft.Authorization/policyDefinitions","name":"760a85ff-6162-42b3-8d70-698e268f648c"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1159'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:08:48 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''765266ab-e40e-4c61-bcb2-5a5275d0b7c0'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:08:49 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"[Preview]: Deploy Dependency Agent for
+ Linux VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy
+ Dependency Agent for Linux VM Scale Sets if the VM Image (OS) is in the list
+ defined and the agent is not installed. Note: if your scale set upgradePolicy
+ is set to Manual, you need to apply the extension to the all VMs in the set
+ by calling upgrade on them. In CLI this would be az vmss update-instances.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional:
+ List of VM images that have supported Linux OS to add to scope","description":"Example
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.7"},"resources":[{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","name":"[concat(parameters(''vmName''),
+ ''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
+ extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0","type":"Microsoft.Authorization/policyDefinitions","name":"765266ab-e40e-4c61-bcb2-5a5275d0b7c0"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '4223'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:08:50 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/76bed37b-484f-430f-a009-fd7592dff818?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''76bed37b-484f-430f-a009-fd7592dff818'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:08:52 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/76bed37b-484f-430f-a009-fd7592dff818?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Audit delegation of scopes to a managing
+ tenant","policyType":"BuiltIn","mode":"All","description":"Audit delegation
+ of scopes to a managing tenant via Azure Lighthouse.","metadata":{"category":"Lighthouse"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ManagedServices/registrationAssignments"},{"value":"true","equals":"true"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/76bed37b-484f-430f-a009-fd7592dff818","type":"Microsoft.Authorization/policyDefinitions","name":"76bed37b-484f-430f-a009-fd7592dff818"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '819'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:08:52 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''7796937f-307b-4598-941c-67d3a05ebfe7'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:08:54 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Azure subscriptions should have a log
+ profile for Activity Log","policyType":"BuiltIn","mode":"All","description":"This
+ policy ensures if a log profile is enabled for exporting activity logs. It
+ audits if there is no log profile created to export the logs either to a storage
+ account or to an event hub.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"field":"Microsoft.Insights/logProfiles/categories","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7","type":"Microsoft.Authorization/policyDefinitions","name":"7796937f-307b-4598-941c-67d3a05ebfe7"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1057'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:08:55 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/7a031c68-d6ab-406e-a506-697a19c634b0?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''7a031c68-d6ab-406e-a506-697a19c634b0'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:08:56 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/7a031c68-d6ab-406e-a506-697a19c634b0?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Deploy prerequisites to audit Windows
+ Server VMs on which Windows Serial Console is not enabled","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Windows Server virtual
+ machines on which Windows Serial Console is not enabled. It also creates a
+ system-assigned managed identity and deploys the VM extension for Guest Configuration.
+ This policy should only be used along with its corresponding audit policy
+ in an initiative. For more information on Guest Configuration policies, please
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"EMSPortNumber":{"type":"String","metadata":{"displayName":"EMS
+ Port Number","description":"An integer indicating the COM port to be used
+ for the Emergency Management Services (EMS) console redirection. For more
+ information on EMS settings, please visit https://aka.ms/gcpolwsc"},"allowedValues":["1","2","3","4"],"defaultValue":"1"},"EMSBaudRate":{"type":"String","metadata":{"displayName":"EMS
+ Baud Rate","description":"An integer indicating the baud rate to be used for
+ the Emergency Management Services (EMS) console redirection. For more information
+ on EMS settings, please visit https://aka.ms/gcpolwsc"},"allowedValues":["9600","19200","38400","57600","115200"],"defaultValue":"115200"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsSerialConsole","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[WindowsSerialConsole]WindowsSerialConsole;EMSPortNumber'',
+ ''='', parameters(''EMSPortNumber''), '','', ''[WindowsSerialConsole]WindowsSerialConsole;EMSBaudRate'',
+ ''='', parameters(''EMSBaudRate'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsSerialConsole"},"EMSPortNumber":{"value":"[parameters(''EMSPortNumber'')]"},"EMSBaudRate":{"value":"[parameters(''EMSBaudRate'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"EMSPortNumber":{"type":"string"},"EMSBaudRate":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSPortNumber","value":"[parameters(''EMSPortNumber'')]"},{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSBaudRate","value":"[parameters(''EMSBaudRate'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSPortNumber","value":"[parameters(''EMSPortNumber'')]"},{"name":"[WindowsSerialConsole]WindowsSerialConsole;EMSBaudRate","value":"[parameters(''EMSBaudRate'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7a031c68-d6ab-406e-a506-697a19c634b0","type":"Microsoft.Authorization/policyDefinitions","name":"7a031c68-d6ab-406e-a506-697a19c634b0"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '6931'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:08:57 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''7c1b1214-f927-48bf-8882-84f0af6588b1'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:08:58 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Diagnostic logs in Virtual Machine Scale
+ Sets should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"It
+ is recommended to enable Logs so that activity trail can be recreated when
+ investigations are required in the event of an incident or a compromise.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"IaaSDiagnostics"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Diagnostics"}]},{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"LinuxDiagnostic"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.OSTCExtensions"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","type":"Microsoft.Authorization/policyDefinitions","name":"7c1b1214-f927-48bf-8882-84f0af6588b1"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1436'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:08:59 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:01 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"[Deprecated]: Require blob encryption
+ for storage accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy ensures blob encryption for storage accounts is turned on. It only
+ applies to Microsoft.Storage resource types, not other storage providers.
+ This policy is deprecated because storage blob encryption is now enabled by
+ default, and can no longer be disabled.","metadata":{"category":"Storage","deprecated":true},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f","type":"Microsoft.Authorization/policyDefinitions","name":"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '881'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:02 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''7e56b49b-5990-4159-a734-511ea19b731c'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:03 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Show audit results from Windows VMs that
+ have the specified applications installed","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Windows virtual machines that have the specified applications installed.
+ For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"NotInstalledApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c","type":"Microsoft.Authorization/policyDefinitions","name":"7e56b49b-5990-4159-a734-511ea19b731c"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '2734'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:04 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/7e84ba44-6d03-46fd-950e-5efa5a1112fa?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''7e84ba44-6d03-46fd-950e-5efa5a1112fa'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:05 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/7e84ba44-6d03-46fd-950e-5efa5a1112fa?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
+ VMs that have not restarted within the specified number of days","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Windows virtual machines that have not restarted within the specified
+ number of days. For more information on Guest Configuration policies, please
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MachineLastBootUpTime","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7e84ba44-6d03-46fd-950e-5efa5a1112fa","type":"Microsoft.Authorization/policyDefinitions","name":"7e84ba44-6d03-46fd-950e-5efa5a1112fa"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '2769'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:06 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:08 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"[Preview]: Deploy prerequisites to audit
+ Windows VMs that do not have the password complexity setting enabled","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Windows virtual machines
+ that do not have the password complexity setting enabled. It also creates
+ a system-assigned managed identity and deploys the VM extension for Guest
+ Configuration. This policy should only be used along with its corresponding
+ audit policy in an initiative. For more information on Guest Configuration
+ policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordMustMeetComplexityRequirements"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","type":"Microsoft.Authorization/policyDefinitions","name":"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '5296'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:09 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/7f4e96d1-e4f3-4dbb-b767-33ca4df8df7c?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''7f4e96d1-e4f3-4dbb-b767-33ca4df8df7c'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:10 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/7f4e96d1-e4f3-4dbb-b767-33ca4df8df7c?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
+ VMs configurations in ''System Audit Policies - Privilege Use''","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Windows virtual machines with non-compliant settings in Group Policy
+ category: ''System Audit Policies - Privilege Use''. For more information
+ on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPrivilegeUse","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f4e96d1-e4f3-4dbb-b767-33ca4df8df7c","type":"Microsoft.Authorization/policyDefinitions","name":"7f4e96d1-e4f3-4dbb-b767-33ca4df8df7c"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '2675'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:11 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''7f89b1eb-583c-429a-8828-af049802c1d9'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:12 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Audit diagnostic setting","policyType":"BuiltIn","mode":"All","description":"Audit
+ diagnostic setting for selected resource types","metadata":{"category":"Monitoring"},"parameters":{"listOfResourceTypes":{"type":"Array","metadata":{"displayName":"Resource
+ Types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypes'')]"},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","type":"Microsoft.Authorization/policyDefinitions","name":"7f89b1eb-583c-429a-8828-af049802c1d9"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '890'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:13 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''7ff426e2-515f-405a-91c8-4f2333442eb5'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:14 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"SQL Auditing settings should have Action-Groups
+ configured to capture critical activities","policyType":"BuiltIn","mode":"Indexed","description":"The
+ AuditActionsAndGroups property should contain at least SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,
+ FAILED_DATABASE_AUTHENTICATION_GROUP, BATCH_COMPLETED_GROUP to ensure a thorough
+ audit logging","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"allOf":[{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"FAILED_DATABASE_AUTHENTICATION_GROUP"}},{"not":{"field":"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]","notEquals":"BATCH_COMPLETED_GROUP"}}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5","type":"Microsoft.Authorization/policyDefinitions","name":"7ff426e2-515f-405a-91c8-4f2333442eb5"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1437'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:15 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/815dcc9f-6662-43f2-9a03-1b83e9876f24?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''815dcc9f-6662-43f2-9a03-1b83e9876f24'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:17 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/815dcc9f-6662-43f2-9a03-1b83e9876f24?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
+ Windows VMs configurations in ''User Rights Assignment''","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Windows virtual machines
+ with non-compliant settings in Group Policy category: ''User Rights Assignment''.
+ It also creates a system-assigned managed identity and deploys the VM extension
+ for Guest Configuration. This policy should only be used along with its corresponding
+ audit policy in an initiative. For more information on Guest Configuration
+ policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"UsersOrGroupsThatMayAccessThisComputerFromTheNetwork":{"type":"String","metadata":{"displayName":"Users
+ or groups that may access this computer from the network","description":"Specifies
+ which remote users on the network are permitted to connect to the computer.
+ This does not include Remote Desktop Connection."},"defaultValue":"Administrators,
+ Authenticated Users"},"UsersOrGroupsThatMayLogOnLocally":{"type":"String","metadata":{"displayName":"Users
+ or groups that may log on locally","description":"Specifies which users or
+ groups can interactively log on to the computer. Users who attempt to log
+ on via Remote Desktop Connection or IIS also require this user right."},"defaultValue":"Administrators"},"UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices":{"type":"String","metadata":{"displayName":"Users
+ or groups that may log on through Remote Desktop Services","description":"Specifies
+ which users or groups are permitted to log on as a Terminal Services client,
+ Remote Desktop, or for Remote Assistance."},"defaultValue":"Administrators,
+ Remote Desktop Users"},"UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork":{"type":"String","metadata":{"displayName":"Users
+ and groups that are denied access to this computer from the network","description":"Specifies
+ which users or groups are explicitly prohibited from connecting to the computer
+ across the network."},"defaultValue":"Guests"},"UsersOrGroupsThatMayManageAuditingAndSecurityLog":{"type":"String","metadata":{"displayName":"Users
+ or groups that may manage auditing and security log","description":"Specifies
+ users and groups permitted to change the auditing options for files and directories
+ and clear the Security log."},"defaultValue":"Administrators"},"UsersOrGroupsThatMayBackUpFilesAndDirectories":{"type":"String","metadata":{"displayName":"Users
+ or groups that may back up files and directories","description":"Specifies
+ users and groups allowed to circumvent file and directory permissions to back
+ up the system."},"defaultValue":"Administrators, Backup Operators"},"UsersOrGroupsThatMayChangeTheSystemTime":{"type":"String","metadata":{"displayName":"Users
+ or groups that may change the system time","description":"Specifies which
+ users and groups are permitted to change the time and date on the internal
+ clock of the computer."},"defaultValue":"Administrators, LOCAL SERVICE"},"UsersOrGroupsThatMayChangeTheTimeZone":{"type":"String","metadata":{"displayName":"Users
+ or groups that may change the time zone","description":"Specifies which users
+ and groups are permitted to change the time zone of the computer."},"defaultValue":"Administrators,
+ LOCAL SERVICE"},"UsersOrGroupsThatMayCreateATokenObject":{"type":"String","metadata":{"displayName":"Users
+ or groups that may create a token object","description":"Specifies which users
+ and groups are permitted to create an access token, which may provide elevated
+ rights to access sensitive data."},"defaultValue":"No One"},"UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob":{"type":"String","metadata":{"displayName":"Users
+ and groups that are denied logging on as a batch job","description":"Specifies
+ which users and groups are explicitly not permitted to log on to the computer
+ as a batch job (i.e. scheduled task)."},"defaultValue":"Guests"},"UsersAndGroupsThatAreDeniedLoggingOnAsAService":{"type":"String","metadata":{"displayName":"Users
+ and groups that are denied logging on as a service","description":"Specifies
+ which service accounts are explicitly not permitted to register a process
+ as a service."},"defaultValue":"Guests"},"UsersAndGroupsThatAreDeniedLocalLogon":{"type":"String","metadata":{"displayName":"Users
+ and groups that are denied local logon","description":"Specifies which users
+ and groups are explicitly not permitted to log on to the computer."},"defaultValue":"Guests"},"UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices":{"type":"String","metadata":{"displayName":"Users
+ and groups that are denied log on through Remote Desktop Services","description":"Specifies
+ which users and groups are explicitly not permitted to log on to the computer
+ via Terminal Services/Remote Desktop Client."},"defaultValue":"Guests"},"UserAndGroupsThatMayForceShutdownFromARemoteSystem":{"type":"String","metadata":{"displayName":"User
+ and groups that may force shutdown from a remote system","description":"Specifies
+ which users and groups are permitted to shut down the computer from a remote
+ location on the network."},"defaultValue":"Administrators"},"UsersAndGroupsThatMayRestoreFilesAndDirectories":{"type":"String","metadata":{"displayName":"Users
+ and groups that may restore files and directories","description":"Specifies
+ which users and groups are permitted to bypass file, directory, registry,
+ and other persistent object permissions when restoring backed up files and
+ directories."},"defaultValue":"Administrators, Backup Operators"},"UsersAndGroupsThatMayShutDownTheSystem":{"type":"String","metadata":{"displayName":"Users
+ and groups that may shut down the system","description":"Specifies which users
+ and groups who are logged on locally to the computers in your environment
+ are permitted to shut down the operating system with the Shut Down command."},"defaultValue":"Administrators"},"UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects":{"type":"String","metadata":{"displayName":"Users
+ or groups that may take ownership of files or other objects","description":"Specifies
+ which users and groups are permitted to take ownership of files, folders,
+ registry keys, processes, or threads. This user right bypasses any permissions
+ that are in place to protect objects to give ownership to the specified user."},"defaultValue":"Administrators"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_UserRightsAssignment","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''Access
+ this computer from the network;ExpectedValue'', ''='', parameters(''UsersOrGroupsThatMayAccessThisComputerFromTheNetwork''),
+ '','', ''Allow log on locally;ExpectedValue'', ''='', parameters(''UsersOrGroupsThatMayLogOnLocally''),
+ '','', ''Allow log on through Remote Desktop Services;ExpectedValue'', ''='',
+ parameters(''UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices''), '','',
+ ''Deny access to this computer from the network;ExpectedValue'', ''='', parameters(''UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork''),
+ '','', ''Manage auditing and security log;ExpectedValue'', ''='', parameters(''UsersOrGroupsThatMayManageAuditingAndSecurityLog''),
+ '','', ''Back up files and directories;ExpectedValue'', ''='', parameters(''UsersOrGroupsThatMayBackUpFilesAndDirectories''),
+ '','', ''Change the system time;ExpectedValue'', ''='', parameters(''UsersOrGroupsThatMayChangeTheSystemTime''),
+ '','', ''Change the time zone;ExpectedValue'', ''='', parameters(''UsersOrGroupsThatMayChangeTheTimeZone''),
+ '','', ''Create a token object;ExpectedValue'', ''='', parameters(''UsersOrGroupsThatMayCreateATokenObject''),
+ '','', ''Deny log on as a batch job;ExpectedValue'', ''='', parameters(''UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob''),
+ '','', ''Deny log on as a service;ExpectedValue'', ''='', parameters(''UsersAndGroupsThatAreDeniedLoggingOnAsAService''),
+ '','', ''Deny log on locally;ExpectedValue'', ''='', parameters(''UsersAndGroupsThatAreDeniedLocalLogon''),
+ '','', ''Deny log on through Remote Desktop Services;ExpectedValue'', ''='',
+ parameters(''UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices''),
+ '','', ''Force shutdown from a remote system;ExpectedValue'', ''='', parameters(''UserAndGroupsThatMayForceShutdownFromARemoteSystem''),
+ '','', ''Restore files and directories;ExpectedValue'', ''='', parameters(''UsersAndGroupsThatMayRestoreFilesAndDirectories''),
+ '','', ''Shut down the system;ExpectedValue'', ''='', parameters(''UsersAndGroupsThatMayShutDownTheSystem''),
+ '','', ''Take ownership of files or other objects;ExpectedValue'', ''='',
+ parameters(''UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_UserRightsAssignment"},"UsersOrGroupsThatMayAccessThisComputerFromTheNetwork":{"value":"[parameters(''UsersOrGroupsThatMayAccessThisComputerFromTheNetwork'')]"},"UsersOrGroupsThatMayLogOnLocally":{"value":"[parameters(''UsersOrGroupsThatMayLogOnLocally'')]"},"UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices":{"value":"[parameters(''UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices'')]"},"UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork":{"value":"[parameters(''UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork'')]"},"UsersOrGroupsThatMayManageAuditingAndSecurityLog":{"value":"[parameters(''UsersOrGroupsThatMayManageAuditingAndSecurityLog'')]"},"UsersOrGroupsThatMayBackUpFilesAndDirectories":{"value":"[parameters(''UsersOrGroupsThatMayBackUpFilesAndDirectories'')]"},"UsersOrGroupsThatMayChangeTheSystemTime":{"value":"[parameters(''UsersOrGroupsThatMayChangeTheSystemTime'')]"},"UsersOrGroupsThatMayChangeTheTimeZone":{"value":"[parameters(''UsersOrGroupsThatMayChangeTheTimeZone'')]"},"UsersOrGroupsThatMayCreateATokenObject":{"value":"[parameters(''UsersOrGroupsThatMayCreateATokenObject'')]"},"UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob'')]"},"UsersAndGroupsThatAreDeniedLoggingOnAsAService":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLoggingOnAsAService'')]"},"UsersAndGroupsThatAreDeniedLocalLogon":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLocalLogon'')]"},"UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices":{"value":"[parameters(''UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices'')]"},"UserAndGroupsThatMayForceShutdownFromARemoteSystem":{"value":"[parameters(''UserAndGroupsThatMayForceShutdownFromARemoteSystem'')]"},"UsersAndGroupsThatMayRestoreFilesAndDirectories":{"value":"[parameters(''UsersAndGroupsThatMayRestoreFilesAndDirectories'')]"},"UsersAndGroupsThatMayShutDownTheSystem":{"value":"[parameters(''UsersAndGroupsThatMayShutDownTheSystem'')]"},"UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects":{"value":"[parameters(''UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"UsersOrGroupsThatMayAccessThisComputerFromTheNetwork":{"type":"string"},"UsersOrGroupsThatMayLogOnLocally":{"type":"string"},"UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices":{"type":"string"},"UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork":{"type":"string"},"UsersOrGroupsThatMayManageAuditingAndSecurityLog":{"type":"string"},"UsersOrGroupsThatMayBackUpFilesAndDirectories":{"type":"string"},"UsersOrGroupsThatMayChangeTheSystemTime":{"type":"string"},"UsersOrGroupsThatMayChangeTheTimeZone":{"type":"string"},"UsersOrGroupsThatMayCreateATokenObject":{"type":"string"},"UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob":{"type":"string"},"UsersAndGroupsThatAreDeniedLoggingOnAsAService":{"type":"string"},"UsersAndGroupsThatAreDeniedLocalLogon":{"type":"string"},"UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices":{"type":"string"},"UserAndGroupsThatMayForceShutdownFromARemoteSystem":{"type":"string"},"UsersAndGroupsThatMayRestoreFilesAndDirectories":{"type":"string"},"UsersAndGroupsThatMayShutDownTheSystem":{"type":"string"},"UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Access
+ this computer from the network;ExpectedValue","value":"[parameters(''UsersOrGroupsThatMayAccessThisComputerFromTheNetwork'')]"},{"name":"Allow
+ log on locally;ExpectedValue","value":"[parameters(''UsersOrGroupsThatMayLogOnLocally'')]"},{"name":"Allow
+ log on through Remote Desktop Services;ExpectedValue","value":"[parameters(''UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices'')]"},{"name":"Deny
+ access to this computer from the network;ExpectedValue","value":"[parameters(''UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork'')]"},{"name":"Manage
+ auditing and security log;ExpectedValue","value":"[parameters(''UsersOrGroupsThatMayManageAuditingAndSecurityLog'')]"},{"name":"Back
+ up files and directories;ExpectedValue","value":"[parameters(''UsersOrGroupsThatMayBackUpFilesAndDirectories'')]"},{"name":"Change
+ the system time;ExpectedValue","value":"[parameters(''UsersOrGroupsThatMayChangeTheSystemTime'')]"},{"name":"Change
+ the time zone;ExpectedValue","value":"[parameters(''UsersOrGroupsThatMayChangeTheTimeZone'')]"},{"name":"Create
+ a token object;ExpectedValue","value":"[parameters(''UsersOrGroupsThatMayCreateATokenObject'')]"},{"name":"Deny
+ log on as a batch job;ExpectedValue","value":"[parameters(''UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob'')]"},{"name":"Deny
+ log on as a service;ExpectedValue","value":"[parameters(''UsersAndGroupsThatAreDeniedLoggingOnAsAService'')]"},{"name":"Deny
+ log on locally;ExpectedValue","value":"[parameters(''UsersAndGroupsThatAreDeniedLocalLogon'')]"},{"name":"Deny
+ log on through Remote Desktop Services;ExpectedValue","value":"[parameters(''UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices'')]"},{"name":"Force
+ shutdown from a remote system;ExpectedValue","value":"[parameters(''UserAndGroupsThatMayForceShutdownFromARemoteSystem'')]"},{"name":"Restore
+ files and directories;ExpectedValue","value":"[parameters(''UsersAndGroupsThatMayRestoreFilesAndDirectories'')]"},{"name":"Shut
+ down the system;ExpectedValue","value":"[parameters(''UsersAndGroupsThatMayShutDownTheSystem'')]"},{"name":"Take
+ ownership of files or other objects;ExpectedValue","value":"[parameters(''UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/815dcc9f-6662-43f2-9a03-1b83e9876f24","type":"Microsoft.Authorization/policyDefinitions","name":"815dcc9f-6662-43f2-9a03-1b83e9876f24"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '17711'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:18 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''82339799-d096-41ae-8538-b108becf0970'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:19 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Geo-redundant backup should be enabled
+ for Azure Database for MySQL","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure Database for MySQL with geo-redundant backup not enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMySQL/servers"},{"field":"Microsoft.DBforMySQL/servers/storageProfile.geoRedundantBackup","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970","type":"Microsoft.Authorization/policyDefinitions","name":"82339799-d096-41ae-8538-b108becf0970"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '896'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:19 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''83a214f7-d01a-484b-91a9-ed54470c9a6a'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:21 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Diagnostic logs in Event Hub should be
+ enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit enabling
+ of diagnostic logs. This enables you to recreate activity trails to use for
+ investigation purposes; when a security incident occurs or when your network
+ is compromised","metadata":{"category":"Event Hub"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (days)","description":"The required diagnostic logs retention in
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","type":"Microsoft.Authorization/policyDefinitions","name":"83a214f7-d01a-484b-91a9-ed54470c9a6a"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1782'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:22 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''83a86a26-fd1f-447c-b59d-e51f44264114'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:23 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Network interfaces should not have public
+ IPs","policyType":"BuiltIn","mode":"Indexed","description":"This policy denies
+ the network interfaces which are configured with any public IP. Public IP
+ addresses allow internet resources to communicate inbound to Azure resources,
+ and Azure resources to communicate outbound to the internet. This should be
+ reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"not":{"field":"Microsoft.Network/networkInterfaces/ipconfigurations[*].publicIpAddress.id","notLike":"*"}}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114","type":"Microsoft.Authorization/policyDefinitions","name":"83a86a26-fd1f-447c-b59d-e51f44264114"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '894'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:24 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/843664e0-7563-41ee-a9cb-7522c382d2c4?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''843664e0-7563-41ee-a9cb-7522c382d2c4'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:26 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/843664e0-7563-41ee-a9cb-7522c382d2c4?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Ensure that ''.Net Framework'' version
+ is the latest, if used as a part of the Web app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for .Net Framework software either due to security
+ flaws or to include additional functionality. Using the latest .Net framework
+ version for web apps is recommended in order to to take advantage of security
+ fixes, if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.netFrameworkVersion","in":["v3.0","v4.0"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/843664e0-7563-41ee-a9cb-7522c382d2c4","type":"Microsoft.Authorization/policyDefinitions","name":"843664e0-7563-41ee-a9cb-7522c382d2c4"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1248'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:26 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/86880e5c-df35-43c5-95ad-7e120635775e?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''86880e5c-df35-43c5-95ad-7e120635775e'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:29 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/86880e5c-df35-43c5-95ad-7e120635775e?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
+ Windows VMs configurations in ''Security Options - Microsoft Network Server''","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Windows virtual machines
+ with non-compliant settings in Group Policy category: ''Security Options -
+ Microsoft Network Server''. It also creates a system-assigned managed identity
+ and deploys the VM extension for Guest Configuration. This policy should only
+ be used along with its corresponding audit policy in an initiative. For more
+ information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkServer","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsMicrosoftNetworkServer"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86880e5c-df35-43c5-95ad-7e120635775e","type":"Microsoft.Authorization/policyDefinitions","name":"86880e5c-df35-43c5-95ad-7e120635775e"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '4418'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:29 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''86a912f6-9a06-4e26-b447-11b16ba8659f'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:30 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Deploy SQL DB transparent data encryption","policyType":"BuiltIn","mode":"Indexed","description":"Enables
+ transparent data encryption on SQL databases","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"fullDbName":{"type":"string"}},"resources":[{"name":"[concat(parameters(''fullDbName''),
+ ''/current'')]","type":"Microsoft.Sql/servers/databases/transparentDataEncryption","apiVersion":"2014-04-01","properties":{"status":"Enabled"}}]},"parameters":{"fullDbName":{"value":"[field(''fullName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f","type":"Microsoft.Authorization/policyDefinitions","name":"86a912f6-9a06-4e26-b447-11b16ba8659f"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1385'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:31 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''86b3d65f-7626-441e-b690-81a8b71cff60'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:33 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"System updates should be installed on
+ your machines","policyType":"BuiltIn","mode":"All","description":"Missing
+ security system updates on your servers will be monitored by Azure Security
+ Center as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"systemUpdates","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","type":"Microsoft.Authorization/policyDefinitions","name":"86b3d65f-7626-441e-b690-81a8b71cff60"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1067'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:34 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/86d97760-d216-4d81-a3ad-163087b2b6c3?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''86d97760-d216-4d81-a3ad-163087b2b6c3'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:35 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/86d97760-d216-4d81-a3ad-163087b2b6c3?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Ensure that Register with Azure Active
+ Directory is enabled on API app","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86d97760-d216-4d81-a3ad-163087b2b6c3","type":"Microsoft.Authorization/policyDefinitions","name":"86d97760-d216-4d81-a3ad-163087b2b6c3"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1245'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:36 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/871b6d14-10aa-478d-b590-94f262ecfa99?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''871b6d14-10aa-478d-b590-94f262ecfa99'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:38 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/871b6d14-10aa-478d-b590-94f262ecfa99?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Require specified tag","policyType":"BuiltIn","mode":"Indexed","description":"Enforces
+ existence of a tag. Does not apply to resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","exists":"false"},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/871b6d14-10aa-478d-b590-94f262ecfa99","type":"Microsoft.Authorization/policyDefinitions","name":"871b6d14-10aa-478d-b590-94f262ecfa99"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '655'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:39 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/87b590fe-4a1d-4697-ae74-d4fe72ab786c?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''87b590fe-4a1d-4697-ae74-d4fe72ab786c'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:40 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/87b590fe-4a1d-4697-ae74-d4fe72ab786c?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
+ VMs configurations in ''Administrative Templates - Control Panel''","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Windows virtual machines with non-compliant settings in Group Policy
+ category: ''Administrative Templates - Control Panel''. For more information
+ on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesControlPanel","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/87b590fe-4a1d-4697-ae74-d4fe72ab786c","type":"Microsoft.Authorization/policyDefinitions","name":"87b590fe-4a1d-4697-ae74-d4fe72ab786c"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '2685'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:41 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''884b209a-963b-4520-8006-d20cb3c213e0'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:42 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Deploy prerequisites to audit Linux VMs
+ that have the specified applications installed","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Linux virtual machines
+ that have the specified applications installed. It also creates a system-assigned
+ managed identity and deploys the VM extension for Guest Configuration. This
+ policy should only be used along with its corresponding audit policy in an
+ initiative. For more information on Guest Configuration policies, please visit
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"ApplicationName":{"type":"String","metadata":{"displayName":"Application
+ names","description":"A semicolon-separated list of the names of the applications
+ that should not be installed. e.g. ''python; powershell''"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"not_installed_application_linux","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent'',
+ ''='', concat(''packages: ['', replace(parameters(''ApplicationName''), '';'',
+ '',''), '']'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"not_installed_application_linux"},"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ApplicationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent","value":"[concat(''packages:
+ ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent","value":"[concat(''packages:
+ ['', replace(parameters(''ApplicationName''), '';'', '',''), '']'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0","type":"Microsoft.Authorization/policyDefinitions","name":"884b209a-963b-4520-8006-d20cb3c213e0"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '6702'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:43 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''88999f4c-376a-45c8-bcb3-4058f713cf39'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:45 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Ensure that ''Java version'' is the latest,
+ if used as a part of the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Java either due to security flaws or to include
+ additional functionality. Using the latest Python version for Api apps is
+ recommended in order to to take advantage of security fixes, if any, and/or
+ new functionalities of the latest version.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ Java version","description":"Latest supported Java version for App Services"},"defaultValue":"11"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"JAVA"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","like":"[concat(''*'',
+ parameters(''JavaLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.javaVersion","like":"[concat(parameters(''JavaLatestVersion''),
+ ''*'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39","type":"Microsoft.Authorization/policyDefinitions","name":"88999f4c-376a-45c8-bcb3-4058f713cf39"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1866'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:47 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''88c0b9da-ce96-4b03-9635-f29a937e2900'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:48 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Network interfaces should disable IP
+ forwarding","policyType":"BuiltIn","mode":"Indexed","description":"This policy
+ denies the network interfaces which enabled IP forwarding. The setting of
+ IP forwarding disables Azure''s check of the source and destination for a
+ network interface. This should be reviewed by the network security team.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"field":"Microsoft.Network/networkInterfaces/enableIpForwarding","equals":"true"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900","type":"Microsoft.Authorization/policyDefinitions","name":"88c0b9da-ce96-4b03-9635-f29a937e2900"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '816'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:49 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''89099bee-89e0-4b26-a5f4-165451757743'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:51 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"SQL servers should be configured with
+ auditing retention days greater than 90 days.","policyType":"BuiltIn","mode":"Indexed","description":"Audit
+ SQL servers configured with an auditing retention period of less than 90 days.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/auditingSettings/retentionDays","greater":90}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743","type":"Microsoft.Authorization/policyDefinitions","name":"89099bee-89e0-4b26-a5f4-165451757743"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '992'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:52 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/8a39d1f1-5513-4628-b261-f469a5a3341b?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''8a39d1f1-5513-4628-b261-f469a5a3341b'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:54 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/8a39d1f1-5513-4628-b261-f469a5a3341b?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
+ VMs configurations in ''Security Options - System settings''","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Windows virtual machines with non-compliant settings in Group Policy
+ category: ''Security Options - System settings''. For more information on
+ Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsSystemsettings","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8a39d1f1-5513-4628-b261-f469a5a3341b","type":"Microsoft.Authorization/policyDefinitions","name":"8a39d1f1-5513-4628-b261-f469a5a3341b"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '2667'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:54 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/8b0de57a-f511-4d45-a277-17cb79cb163b?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''8b0de57a-f511-4d45-a277-17cb79cb163b'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:56 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/8b0de57a-f511-4d45-a277-17cb79cb163b?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Show audit results from Windows VMs with
+ a pending reboot","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Windows virtual machines with a pending reboot. For more information
+ on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8b0de57a-f511-4d45-a277-17cb79cb163b","type":"Microsoft.Authorization/policyDefinitions","name":"8b0de57a-f511-4d45-a277-17cb79cb163b"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '2681'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:57 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/8bbd627e-4d25-4906-9a6e-3789780af3ec?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''8bbd627e-4d25-4906-9a6e-3789780af3ec'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:58 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/8bbd627e-4d25-4906-9a6e-3789780af3ec?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
+ VMs configurations in ''Windows Firewall Properties''","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Windows virtual machines with non-compliant settings in Group Policy
+ category: ''Windows Firewall Properties''. For more information on Guest Configuration
+ policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsFirewallProperties","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8bbd627e-4d25-4906-9a6e-3789780af3ec","type":"Microsoft.Authorization/policyDefinitions","name":"8bbd627e-4d25-4906-9a6e-3789780af3ec"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '2649'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:59 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''8c122334-9d20-4eb8-89ea-ac9a705b74ae'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:00 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Ensure that ''HTTP Version'' is the latest,
+ if used to run the Web app","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.http20Enabled","Equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae","type":"Microsoft.Authorization/policyDefinitions","name":"8c122334-9d20-4eb8-89ea-ac9a705b74ae"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1232'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:01 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:09:59 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Latest TLS version should be used in
+ your API App","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
+ to the latest TLS version","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e","type":"Microsoft.Authorization/policyDefinitions","name":"8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '930'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:00 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''8ce3da23-7156-49e4-b145-24f95f9dcb46'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:05 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Require tag and its value on resource
+ groups","policyType":"BuiltIn","mode":"All","description":"Enforces a required
+ tag and its value on resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
+ Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","notEquals":"[parameters(''tagValue'')]"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46","type":"Microsoft.Authorization/policyDefinitions","name":"8ce3da23-7156-49e4-b145-24f95f9dcb46"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '902'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:06 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/8e170edb-e0f5-497a-bb36-48b3280cec6a?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''8e170edb-e0f5-497a-bb36-48b3280cec6a'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:08 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/8e170edb-e0f5-497a-bb36-48b3280cec6a?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
+ Windows VMs configurations in ''System Audit Policies - Object Access''","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Windows virtual machines
+ with non-compliant settings in Group Policy category: ''System Audit Policies
+ - Object Access''. It also creates a system-assigned managed identity and
+ deploys the VM extension for Guest Configuration. This policy should only
+ be used along with its corresponding audit policy in an initiative. For more
+ information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"AuditDetailedFileShare":{"type":"String","metadata":{"displayName":"Audit
+ Detailed File Share","description":"If this policy setting is enabled, access
+ to all shared files and folders on the system is audited. Auditing for Success
+ can lead to very high volumes of events."},"allowedValues":["No Auditing","Success","Failure","Success
+ and Failure"],"defaultValue":"No Auditing"},"AuditFileShare":{"type":"String","metadata":{"displayName":"Audit
+ File Share","description":"Specifies whether to audit events related to file
+ shares: creation, deletion, modification, and access attempts. Also, it shows
+ failed SMB SPN checks. Event volumes can be high on DCs and File Servers."},"allowedValues":["No
+ Auditing","Success","Failure","Success and Failure"],"defaultValue":"No Auditing"},"AuditFileSystem":{"type":"String","metadata":{"displayName":"Audit
+ File System","description":"Specifies whether audit events are generated when
+ users attempt to access file system objects. Audit events are generated only
+ for objects that have configured system access control lists (SACLs)."},"allowedValues":["No
+ Auditing","Success","Failure","Success and Failure"],"defaultValue":"No Auditing"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesObjectAccess","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''Audit
+ Detailed File Share;ExpectedValue'', ''='', parameters(''AuditDetailedFileShare''),
+ '','', ''Audit File Share;ExpectedValue'', ''='', parameters(''AuditFileShare''),
+ '','', ''Audit File System;ExpectedValue'', ''='', parameters(''AuditFileSystem'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesObjectAccess"},"AuditDetailedFileShare":{"value":"[parameters(''AuditDetailedFileShare'')]"},"AuditFileShare":{"value":"[parameters(''AuditFileShare'')]"},"AuditFileSystem":{"value":"[parameters(''AuditFileSystem'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AuditDetailedFileShare":{"type":"string"},"AuditFileShare":{"type":"string"},"AuditFileSystem":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit
+ Detailed File Share;ExpectedValue","value":"[parameters(''AuditDetailedFileShare'')]"},{"name":"Audit
+ File Share;ExpectedValue","value":"[parameters(''AuditFileShare'')]"},{"name":"Audit
+ File System;ExpectedValue","value":"[parameters(''AuditFileSystem'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8e170edb-e0f5-497a-bb36-48b3280cec6a","type":"Microsoft.Authorization/policyDefinitions","name":"8e170edb-e0f5-497a-bb36-48b3280cec6a"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '6566'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:09 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''8ff0b18b-262e-4512-857a-48ad0aeb9a78'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:10 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"[Preview]: Deploy prerequisites to audit
+ Windows VMs that do not store passwords using reversible encryption","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Windows virtual machines
+ that do not store passwords using reversible encryption. It also creates a
+ system-assigned managed identity and deploys the VM extension for Guest Configuration.
+ This policy should only be used along with its corresponding audit policy
+ in an initiative. For more information on Guest Configuration policies, please
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"StorePasswordsUsingReversibleEncryption","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"StorePasswordsUsingReversibleEncryption"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","type":"Microsoft.Authorization/policyDefinitions","name":"8ff0b18b-262e-4512-857a-48ad0aeb9a78"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '5296'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:11 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/909c958d-1b99-4c74-b88f-46a5c5bc34f9?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''909c958d-1b99-4c74-b88f-46a5c5bc34f9'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:12 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/909c958d-1b99-4c74-b88f-46a5c5bc34f9?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
+ Windows VMs configurations in ''Windows Firewall Properties''","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Windows virtual machines
+ with non-compliant settings in Group Policy category: ''Windows Firewall Properties''.
+ It also creates a system-assigned managed identity and deploys the VM extension
+ for Guest Configuration. This policy should only be used along with its corresponding
+ audit policy in an initiative. For more information on Guest Configuration
+ policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"WindowsFirewallDomainUseProfileSettings":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Use profile settings","description":"Specifies whether
+ Windows Firewall with Advanced Security uses the settings for the Domain profile
+ to filter network traffic. If you select Off, Windows Firewall with Advanced
+ Security will not use any of the firewall rules or connection security rules
+ for this profile."},"defaultValue":"1"},"WindowsFirewallDomainBehaviorForOutboundConnections":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Behavior for outbound connections","description":"Specifies
+ the behavior for outbound connections for the Domain profile that do not match
+ an outbound firewall rule. The default value of 0 means to allow connections,
+ and a value of 1 means to block connections."},"defaultValue":"0"},"WindowsFirewallDomainApplyLocalConnectionSecurityRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Apply local connection security rules","description":"Specifies
+ whether local administrators are allowed to create connection security rules
+ that apply together with connection security rules configured by Group Policy
+ for the Domain profile."},"defaultValue":"1"},"WindowsFirewallDomainApplyLocalFirewallRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Apply local firewall rules","description":"Specifies whether
+ local administrators are allowed to create local firewall rules that apply
+ together with firewall rules configured by Group Policy for the Domain profile."},"defaultValue":"1"},"WindowsFirewallDomainDisplayNotifications":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Domain): Display notifications","description":"Specifies whether
+ Windows Firewall with Advanced Security displays notifications to the user
+ when a program is blocked from receiving inbound connections, for the Domain
+ profile."},"defaultValue":"1"},"WindowsFirewallPrivateUseProfileSettings":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Use profile settings","description":"Specifies whether
+ Windows Firewall with Advanced Security uses the settings for the Private
+ profile to filter network traffic. If you select Off, Windows Firewall with
+ Advanced Security will not use any of the firewall rules or connection security
+ rules for this profile."},"defaultValue":"1"},"WindowsFirewallPrivateBehaviorForOutboundConnections":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Behavior for outbound connections","description":"Specifies
+ the behavior for outbound connections for the Private profile that do not
+ match an outbound firewall rule. The default value of 0 means to allow connections,
+ and a value of 1 means to block connections."},"defaultValue":"0"},"WindowsFirewallPrivateApplyLocalConnectionSecurityRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Apply local connection security rules","description":"Specifies
+ whether local administrators are allowed to create connection security rules
+ that apply together with connection security rules configured by Group Policy
+ for the Private profile."},"defaultValue":"1"},"WindowsFirewallPrivateApplyLocalFirewallRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Apply local firewall rules","description":"Specifies whether
+ local administrators are allowed to create local firewall rules that apply
+ together with firewall rules configured by Group Policy for the Private profile."},"defaultValue":"1"},"WindowsFirewallPrivateDisplayNotifications":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Private): Display notifications","description":"Specifies whether
+ Windows Firewall with Advanced Security displays notifications to the user
+ when a program is blocked from receiving inbound connections, for the Private
+ profile."},"defaultValue":"1"},"WindowsFirewallPublicUseProfileSettings":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Use profile settings","description":"Specifies whether
+ Windows Firewall with Advanced Security uses the settings for the Public profile
+ to filter network traffic. If you select Off, Windows Firewall with Advanced
+ Security will not use any of the firewall rules or connection security rules
+ for this profile."},"defaultValue":"1"},"WindowsFirewallPublicBehaviorForOutboundConnections":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Behavior for outbound connections","description":"Specifies
+ the behavior for outbound connections for the Public profile that do not match
+ an outbound firewall rule. The default value of 0 means to allow connections,
+ and a value of 1 means to block connections."},"defaultValue":"0"},"WindowsFirewallPublicApplyLocalConnectionSecurityRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Apply local connection security rules","description":"Specifies
+ whether local administrators are allowed to create connection security rules
+ that apply together with connection security rules configured by Group Policy
+ for the Public profile."},"defaultValue":"1"},"WindowsFirewallPublicApplyLocalFirewallRules":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Apply local firewall rules","description":"Specifies whether
+ local administrators are allowed to create local firewall rules that apply
+ together with firewall rules configured by Group Policy for the Public profile."},"defaultValue":"1"},"WindowsFirewallPublicDisplayNotifications":{"type":"String","metadata":{"displayName":"Windows
+ Firewall (Public): Display notifications","description":"Specifies whether
+ Windows Firewall with Advanced Security displays notifications to the user
+ when a program is blocked from receiving inbound connections, for the Public
+ profile."},"defaultValue":"1"},"WindowsFirewallDomainAllowUnicastResponse":{"type":"String","metadata":{"displayName":"Windows
+ Firewall: Domain: Allow unicast response","description":"Specifies whether
+ Windows Firewall with Advanced Security permits the local computer to receive
+ unicast responses to its outgoing multicast or broadcast messages; for the
+ Domain profile."},"defaultValue":"0"},"WindowsFirewallPrivateAllowUnicastResponse":{"type":"String","metadata":{"displayName":"Windows
+ Firewall: Private: Allow unicast response","description":"Specifies whether
+ Windows Firewall with Advanced Security permits the local computer to receive
+ unicast responses to its outgoing multicast or broadcast messages; for the
+ Private profile."},"defaultValue":"0"},"WindowsFirewallPublicAllowUnicastResponse":{"type":"String","metadata":{"displayName":"Windows
+ Firewall: Public: Allow unicast response","description":"Specifies whether
+ Windows Firewall with Advanced Security permits the local computer to receive
+ unicast responses to its outgoing multicast or broadcast messages; for the
+ Public profile."},"defaultValue":"1"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsFirewallProperties","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''Windows
+ Firewall: Domain: Firewall state;ExpectedValue'', ''='', parameters(''WindowsFirewallDomainUseProfileSettings''),
+ '','', ''Windows Firewall: Domain: Outbound connections;ExpectedValue'', ''='',
+ parameters(''WindowsFirewallDomainBehaviorForOutboundConnections''), '','',
+ ''Windows Firewall: Domain: Settings: Apply local connection security rules;ExpectedValue'',
+ ''='', parameters(''WindowsFirewallDomainApplyLocalConnectionSecurityRules''),
+ '','', ''Windows Firewall: Domain: Settings: Apply local firewall rules;ExpectedValue'',
+ ''='', parameters(''WindowsFirewallDomainApplyLocalFirewallRules''), '','',
+ ''Windows Firewall: Domain: Settings: Display a notification;ExpectedValue'',
+ ''='', parameters(''WindowsFirewallDomainDisplayNotifications''), '','', ''Windows
+ Firewall: Private: Firewall state;ExpectedValue'', ''='', parameters(''WindowsFirewallPrivateUseProfileSettings''),
+ '','', ''Windows Firewall: Private: Outbound connections;ExpectedValue'',
+ ''='', parameters(''WindowsFirewallPrivateBehaviorForOutboundConnections''),
+ '','', ''Windows Firewall: Private: Settings: Apply local connection security
+ rules;ExpectedValue'', ''='', parameters(''WindowsFirewallPrivateApplyLocalConnectionSecurityRules''),
+ '','', ''Windows Firewall: Private: Settings: Apply local firewall rules;ExpectedValue'',
+ ''='', parameters(''WindowsFirewallPrivateApplyLocalFirewallRules''), '','',
+ ''Windows Firewall: Private: Settings: Display a notification;ExpectedValue'',
+ ''='', parameters(''WindowsFirewallPrivateDisplayNotifications''), '','',
+ ''Windows Firewall: Public: Firewall state;ExpectedValue'', ''='', parameters(''WindowsFirewallPublicUseProfileSettings''),
+ '','', ''Windows Firewall: Public: Outbound connections;ExpectedValue'', ''='',
+ parameters(''WindowsFirewallPublicBehaviorForOutboundConnections''), '','',
+ ''Windows Firewall: Public: Settings: Apply local connection security rules;ExpectedValue'',
+ ''='', parameters(''WindowsFirewallPublicApplyLocalConnectionSecurityRules''),
+ '','', ''Windows Firewall: Public: Settings: Apply local firewall rules;ExpectedValue'',
+ ''='', parameters(''WindowsFirewallPublicApplyLocalFirewallRules''), '','',
+ ''Windows Firewall: Public: Settings: Display a notification;ExpectedValue'',
+ ''='', parameters(''WindowsFirewallPublicDisplayNotifications''), '','', ''Windows
+ Firewall: Domain: Allow unicast response;ExpectedValue'', ''='', parameters(''WindowsFirewallDomainAllowUnicastResponse''),
+ '','', ''Windows Firewall: Private: Allow unicast response;ExpectedValue'',
+ ''='', parameters(''WindowsFirewallPrivateAllowUnicastResponse''), '','',
+ ''Windows Firewall: Public: Allow unicast response;ExpectedValue'', ''='',
+ parameters(''WindowsFirewallPublicAllowUnicastResponse'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_WindowsFirewallProperties"},"WindowsFirewallDomainUseProfileSettings":{"value":"[parameters(''WindowsFirewallDomainUseProfileSettings'')]"},"WindowsFirewallDomainBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallDomainBehaviorForOutboundConnections'')]"},"WindowsFirewallDomainApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallDomainApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallDomainApplyLocalFirewallRules'')]"},"WindowsFirewallDomainDisplayNotifications":{"value":"[parameters(''WindowsFirewallDomainDisplayNotifications'')]"},"WindowsFirewallPrivateUseProfileSettings":{"value":"[parameters(''WindowsFirewallPrivateUseProfileSettings'')]"},"WindowsFirewallPrivateBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPrivateBehaviorForOutboundConnections'')]"},"WindowsFirewallPrivateApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallPrivateApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPrivateApplyLocalFirewallRules'')]"},"WindowsFirewallPrivateDisplayNotifications":{"value":"[parameters(''WindowsFirewallPrivateDisplayNotifications'')]"},"WindowsFirewallPublicUseProfileSettings":{"value":"[parameters(''WindowsFirewallPublicUseProfileSettings'')]"},"WindowsFirewallPublicBehaviorForOutboundConnections":{"value":"[parameters(''WindowsFirewallPublicBehaviorForOutboundConnections'')]"},"WindowsFirewallPublicApplyLocalConnectionSecurityRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalConnectionSecurityRules'')]"},"WindowsFirewallPublicApplyLocalFirewallRules":{"value":"[parameters(''WindowsFirewallPublicApplyLocalFirewallRules'')]"},"WindowsFirewallPublicDisplayNotifications":{"value":"[parameters(''WindowsFirewallPublicDisplayNotifications'')]"},"WindowsFirewallDomainAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallDomainAllowUnicastResponse'')]"},"WindowsFirewallPrivateAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPrivateAllowUnicastResponse'')]"},"WindowsFirewallPublicAllowUnicastResponse":{"value":"[parameters(''WindowsFirewallPublicAllowUnicastResponse'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"WindowsFirewallDomainUseProfileSettings":{"type":"string"},"WindowsFirewallDomainBehaviorForOutboundConnections":{"type":"string"},"WindowsFirewallDomainApplyLocalConnectionSecurityRules":{"type":"string"},"WindowsFirewallDomainApplyLocalFirewallRules":{"type":"string"},"WindowsFirewallDomainDisplayNotifications":{"type":"string"},"WindowsFirewallPrivateUseProfileSettings":{"type":"string"},"WindowsFirewallPrivateBehaviorForOutboundConnections":{"type":"string"},"WindowsFirewallPrivateApplyLocalConnectionSecurityRules":{"type":"string"},"WindowsFirewallPrivateApplyLocalFirewallRules":{"type":"string"},"WindowsFirewallPrivateDisplayNotifications":{"type":"string"},"WindowsFirewallPublicUseProfileSettings":{"type":"string"},"WindowsFirewallPublicBehaviorForOutboundConnections":{"type":"string"},"WindowsFirewallPublicApplyLocalConnectionSecurityRules":{"type":"string"},"WindowsFirewallPublicApplyLocalFirewallRules":{"type":"string"},"WindowsFirewallPublicDisplayNotifications":{"type":"string"},"WindowsFirewallDomainAllowUnicastResponse":{"type":"string"},"WindowsFirewallPrivateAllowUnicastResponse":{"type":"string"},"WindowsFirewallPublicAllowUnicastResponse":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Windows
+ Firewall: Domain: Firewall state;ExpectedValue","value":"[parameters(''WindowsFirewallDomainUseProfileSettings'')]"},{"name":"Windows
+ Firewall: Domain: Outbound connections;ExpectedValue","value":"[parameters(''WindowsFirewallDomainBehaviorForOutboundConnections'')]"},{"name":"Windows
+ Firewall: Domain: Settings: Apply local connection security rules;ExpectedValue","value":"[parameters(''WindowsFirewallDomainApplyLocalConnectionSecurityRules'')]"},{"name":"Windows
+ Firewall: Domain: Settings: Apply local firewall rules;ExpectedValue","value":"[parameters(''WindowsFirewallDomainApplyLocalFirewallRules'')]"},{"name":"Windows
+ Firewall: Domain: Settings: Display a notification;ExpectedValue","value":"[parameters(''WindowsFirewallDomainDisplayNotifications'')]"},{"name":"Windows
+ Firewall: Private: Firewall state;ExpectedValue","value":"[parameters(''WindowsFirewallPrivateUseProfileSettings'')]"},{"name":"Windows
+ Firewall: Private: Outbound connections;ExpectedValue","value":"[parameters(''WindowsFirewallPrivateBehaviorForOutboundConnections'')]"},{"name":"Windows
+ Firewall: Private: Settings: Apply local connection security rules;ExpectedValue","value":"[parameters(''WindowsFirewallPrivateApplyLocalConnectionSecurityRules'')]"},{"name":"Windows
+ Firewall: Private: Settings: Apply local firewall rules;ExpectedValue","value":"[parameters(''WindowsFirewallPrivateApplyLocalFirewallRules'')]"},{"name":"Windows
+ Firewall: Private: Settings: Display a notification;ExpectedValue","value":"[parameters(''WindowsFirewallPrivateDisplayNotifications'')]"},{"name":"Windows
+ Firewall: Public: Firewall state;ExpectedValue","value":"[parameters(''WindowsFirewallPublicUseProfileSettings'')]"},{"name":"Windows
+ Firewall: Public: Outbound connections;ExpectedValue","value":"[parameters(''WindowsFirewallPublicBehaviorForOutboundConnections'')]"},{"name":"Windows
+ Firewall: Public: Settings: Apply local connection security rules;ExpectedValue","value":"[parameters(''WindowsFirewallPublicApplyLocalConnectionSecurityRules'')]"},{"name":"Windows
+ Firewall: Public: Settings: Apply local firewall rules;ExpectedValue","value":"[parameters(''WindowsFirewallPublicApplyLocalFirewallRules'')]"},{"name":"Windows
+ Firewall: Public: Settings: Display a notification;ExpectedValue","value":"[parameters(''WindowsFirewallPublicDisplayNotifications'')]"},{"name":"Windows
+ Firewall: Domain: Allow unicast response;ExpectedValue","value":"[parameters(''WindowsFirewallDomainAllowUnicastResponse'')]"},{"name":"Windows
+ Firewall: Private: Allow unicast response;ExpectedValue","value":"[parameters(''WindowsFirewallPrivateAllowUnicastResponse'')]"},{"name":"Windows
+ Firewall: Public: Allow unicast response;ExpectedValue","value":"[parameters(''WindowsFirewallPublicAllowUnicastResponse'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/909c958d-1b99-4c74-b88f-46a5c5bc34f9","type":"Microsoft.Authorization/policyDefinitions","name":"909c958d-1b99-4c74-b88f-46a5c5bc34f9"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '20256'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:13 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/90ba2ee7-4ca8-4673-84d1-c851c50d3baf?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''90ba2ee7-4ca8-4673-84d1-c851c50d3baf'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:15 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/90ba2ee7-4ca8-4673-84d1-c851c50d3baf?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Deploy prerequisites to audit Windows
+ VMs that do not have the specified Windows PowerShell modules installed","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Windows virtual machines
+ that do not have the specified Windows PowerShell modules installed. It also
+ creates a system-assigned managed identity and deploys the VM extension for
+ Guest Configuration. This policy should only be used along with its corresponding
+ audit policy in an initiative. For more information on Guest Configuration
+ policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"Modules":{"type":"String","metadata":{"displayName":"PowerShell
+ Modules","description":"A semicolon-separated list of the names of the PowerShell
+ modules that should be installed. You may also specify a specific version
+ of a module that should be installed by including a comma after the module
+ name, followed by the desired version. e.g. PSDscResources; SqlServerDsc,
+ 12.0.0.0; ComputerManagementDsc, 6.1.0.0"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellModules","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[PowerShellModules]PowerShellModules1;Modules'',
+ ''='', parameters(''Modules'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPowerShellModules"},"Modules":{"value":"[parameters(''Modules'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"Modules":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellModules]PowerShellModules1;Modules","value":"[parameters(''Modules'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellModules]PowerShellModules1;Modules","value":"[parameters(''Modules'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90ba2ee7-4ca8-4673-84d1-c851c50d3baf","type":"Microsoft.Authorization/policyDefinitions","name":"90ba2ee7-4ca8-4673-84d1-c851c50d3baf"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '6229'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:16 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/9178b430-2295-406e-bb28-f6a7a2a2f897?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''9178b430-2295-406e-bb28-f6a7a2a2f897'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:18 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/9178b430-2295-406e-bb28-f6a7a2a2f897?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
+ VMs configurations in ''Windows Components''","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Windows virtual machines with non-compliant settings in Group Policy
+ category: ''Windows Components''. For more information on Guest Configuration
+ policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsComponents","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9178b430-2295-406e-bb28-f6a7a2a2f897","type":"Microsoft.Authorization/policyDefinitions","name":"9178b430-2295-406e-bb28-f6a7a2a2f897"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '2623'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:19 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''9297c21d-2ed6-4474-b48f-163f75654ce3'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:21 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"MFA should be enabled accounts with write
+ permissions on your subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor
+ Authentication (MFA) should be enabled for all subscription accounts with
+ write privileges to prevent a breach of accounts or resources.","metadata":{"category":"Security
+ Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","type":"Microsoft.Authorization/policyDefinitions","name":"9297c21d-2ed6-4474-b48f-163f75654ce3"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1104'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:22 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/9328f27e-611e-44a7-a244-39109d7d35ab?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''9328f27e-611e-44a7-a244-39109d7d35ab'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:23 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/9328f27e-611e-44a7-a244-39109d7d35ab?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
+ VMs that contain certificates expiring within the specified number of days","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Windows virtual machines that contain certificates expiring within
+ the specified number of days. For more information on Guest Configuration
+ policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"CertificateExpiration","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9328f27e-611e-44a7-a244-39109d7d35ab","type":"Microsoft.Authorization/policyDefinitions","name":"9328f27e-611e-44a7-a244-39109d7d35ab"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '2791'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:24 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''93507a81-10a4-4af0-9ee2-34cf25a96e98'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:26 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Deploy prerequisites to audit Windows
+ VMs in which the Administrators group does not contain all of the specified
+ members","policyType":"BuiltIn","mode":"Indexed","description":"This policy
+ creates a Guest Configuration assignment to audit Windows virtual machines
+ in which the Administrators group does not contain all of the specified members.
+ It also creates a system-assigned managed identity and deploys the VM extension
+ for Guest Configuration. This policy should only be used along with its corresponding
+ audit policy in an initiative. For more information on Guest Configuration
+ policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"MembersToInclude":{"type":"String","metadata":{"displayName":"Members
+ to include","description":"A semicolon-separated list of members that should
+ be included in the Administrators local group. Ex: Administrator; myUser1;
+ myUser2"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AdministratorsGroupMembersToInclude","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[LocalGroup]AdministratorsGroup;MembersToInclude'',
+ ''='', parameters(''MembersToInclude'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AdministratorsGroupMembersToInclude"},"MembersToInclude":{"value":"[parameters(''MembersToInclude'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"MembersToInclude":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToInclude","value":"[parameters(''MembersToInclude'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToInclude","value":"[parameters(''MembersToInclude'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","type":"Microsoft.Authorization/policyDefinitions","name":"93507a81-10a4-4af0-9ee2-34cf25a96e98"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '6158'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:27 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''94c19f19-8192-48cd-a11b-e37099d3e36b'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:28 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"[Deprecated]: Allow resource creation
+ only in European data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ resource creation in the following locations only: North Europe, West Europe","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["northeurope","westeurope"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b","type":"Microsoft.Authorization/policyDefinitions","name":"94c19f19-8192-48cd-a11b-e37099d3e36b"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '610'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:29 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/96670d01-0a4d-4649-9c89-2d3abc0a5025?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''96670d01-0a4d-4649-9c89-2d3abc0a5025'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:31 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/96670d01-0a4d-4649-9c89-2d3abc0a5025?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Require specified tag on resource groups","policyType":"BuiltIn","mode":"All","description":"Enforces
+ existence of a tag on resource groups.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/96670d01-0a4d-4649-9c89-2d3abc0a5025","type":"Microsoft.Authorization/policyDefinitions","name":"96670d01-0a4d-4649-9c89-2d3abc0a5025"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '743'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:32 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''9677b740-f641-4f3c-b9c5-466005c85278'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:33 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Advanced data security settings for SQL
+ server should contain an email address to receive security alerts","policyType":"BuiltIn","mode":"Indexed","description":"Ensure
+ that an email address is provided for the ''Send alerts to'' field in the
+ Advanced Data Security server settings. This email address receives alert
+ notifications when anomalous activities are detected on SQL servers.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAddresses[*]","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","type":"Microsoft.Authorization/policyDefinitions","name":"9677b740-f641-4f3c-b9c5-466005c85278"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1167'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:34 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/97646672-5efa-4622-9b54-740270ad60bf?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''97646672-5efa-4622-9b54-740270ad60bf'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:37 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/97646672-5efa-4622-9b54-740270ad60bf?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
+ VMs configurations in ''Adminstrative Templates - MSS (Legacy)''","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Windows virtual machines with non-compliant settings in Group Policy
+ category: ''Adminstrative Templates - MSS (Legacy)''. For more information
+ on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdminstrativeTemplatesMSSLegacy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97646672-5efa-4622-9b54-740270ad60bf","type":"Microsoft.Authorization/policyDefinitions","name":"97646672-5efa-4622-9b54-740270ad60bf"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '2677'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:38 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/97b595c8-fd10-400e-8543-28e2b9138b13?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''97b595c8-fd10-400e-8543-28e2b9138b13'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:40 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/97b595c8-fd10-400e-8543-28e2b9138b13?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
+ Windows VMs configurations in ''System Audit Policies - Policy Change''","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Windows virtual machines
+ with non-compliant settings in Group Policy category: ''System Audit Policies
+ - Policy Change''. It also creates a system-assigned managed identity and
+ deploys the VM extension for Guest Configuration. This policy should only
+ be used along with its corresponding audit policy in an initiative. For more
+ information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"AuditAuthenticationPolicyChange":{"type":"String","metadata":{"displayName":"Audit
+ Authentication Policy Change","description":"Specifies whether audit events
+ are generated when changes are made to authentication policy. This setting
+ is useful for tracking changes in domain-level and forest-level trust and
+ privileges that are granted to user accounts or groups."},"allowedValues":["No
+ Auditing","Success","Failure","Success and Failure"],"defaultValue":"Success"},"AuditAuthorizationPolicyChange":{"type":"String","metadata":{"displayName":"Audit
+ Authorization Policy Change","description":"Specifies whether audit events
+ are generated for assignment and removal of user rights in user right policies,
+ changes in security token object permission, resource attributes changes and
+ Central Access Policy changes for file system objects."},"allowedValues":["No
+ Auditing","Success","Failure","Success and Failure"],"defaultValue":"No Auditing"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPolicyChange","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''Audit
+ Authentication Policy Change;ExpectedValue'', ''='', parameters(''AuditAuthenticationPolicyChange''),
+ '','', ''Audit Authorization Policy Change;ExpectedValue'', ''='', parameters(''AuditAuthorizationPolicyChange'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesPolicyChange"},"AuditAuthenticationPolicyChange":{"value":"[parameters(''AuditAuthenticationPolicyChange'')]"},"AuditAuthorizationPolicyChange":{"value":"[parameters(''AuditAuthorizationPolicyChange'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AuditAuthenticationPolicyChange":{"type":"string"},"AuditAuthorizationPolicyChange":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit
+ Authentication Policy Change;ExpectedValue","value":"[parameters(''AuditAuthenticationPolicyChange'')]"},{"name":"Audit
+ Authorization Policy Change;ExpectedValue","value":"[parameters(''AuditAuthorizationPolicyChange'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97b595c8-fd10-400e-8543-28e2b9138b13","type":"Microsoft.Authorization/policyDefinitions","name":"97b595c8-fd10-400e-8543-28e2b9138b13"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '6247'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:41 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''983211ba-f348-4758-983b-21fa29294869'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:42 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"[Deprecated]: Allow resource creation
+ only in United States data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ resource creation in the following locations only: Central US, East US, East
+ US2, North Central US, South Central US, West US","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["centralus","eastus","eastus2","northcentralus","southcentralus","westus"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869","type":"Microsoft.Authorization/policyDefinitions","name":"983211ba-f348-4758-983b-21fa29294869"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '711'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:43 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/985285b7-b97a-419c-8d48-c88cc934c8d8?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''985285b7-b97a-419c-8d48-c88cc934c8d8'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:44 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/985285b7-b97a-419c-8d48-c88cc934c8d8?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
+ Windows VMs configurations in ''Administrative Templates - Network''","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Windows virtual machines
+ with non-compliant settings in Group Policy category: ''Administrative Templates
+ - Network''. It also creates a system-assigned managed identity and deploys
+ the VM extension for Guest Configuration. This policy should only be used
+ along with its corresponding audit policy in an initiative. For more information
+ on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"EnableInsecureGuestLogons":{"type":"String","metadata":{"displayName":"Enable
+ insecure guest logons","description":"Specifies whether the SMB client will
+ allow insecure guest logons to an SMB server."},"defaultValue":"0"},"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain":{"type":"String","metadata":{"displayName":"Allow
+ simultaneous connections to the Internet or a Windows Domain","description":"Specify
+ whether to prevent computers from connecting to both a domain based network
+ and a non-domain based network at the same time. A value of 0 allows simultaneous
+ connections, and a value of 1 blocks them."},"defaultValue":"1"},"TurnOffMulticastNameResolution":{"type":"String","metadata":{"displayName":"Turn
+ off multicast name resolution","description":"Specifies whether LLMNR, a secondary
+ name resolution protocol that transmits using multicast over a local subnet
+ link on a single subnet, is enabled."},"defaultValue":"1"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesNetwork","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''Enable
+ insecure guest logons;ExpectedValue'', ''='', parameters(''EnableInsecureGuestLogons''),
+ '','', ''Minimize the number of simultaneous connections to the Internet or
+ a Windows Domain;ExpectedValue'', ''='', parameters(''AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain''),
+ '','', ''Turn off multicast name resolution;ExpectedValue'', ''='', parameters(''TurnOffMulticastNameResolution'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_AdministrativeTemplatesNetwork"},"EnableInsecureGuestLogons":{"value":"[parameters(''EnableInsecureGuestLogons'')]"},"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain":{"value":"[parameters(''AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain'')]"},"TurnOffMulticastNameResolution":{"value":"[parameters(''TurnOffMulticastNameResolution'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"EnableInsecureGuestLogons":{"type":"string"},"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain":{"type":"string"},"TurnOffMulticastNameResolution":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Enable
+ insecure guest logons;ExpectedValue","value":"[parameters(''EnableInsecureGuestLogons'')]"},{"name":"Minimize
+ the number of simultaneous connections to the Internet or a Windows Domain;ExpectedValue","value":"[parameters(''AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain'')]"},{"name":"Turn
+ off multicast name resolution;ExpectedValue","value":"[parameters(''TurnOffMulticastNameResolution'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/985285b7-b97a-419c-8d48-c88cc934c8d8","type":"Microsoft.Authorization/policyDefinitions","name":"985285b7-b97a-419c-8d48-c88cc934c8d8"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '6798'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:45 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''991310cd-e9f3-47bc-b7b6-f57b557d07db'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:48 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Ensure that ''HTTP Version'' is the latest,
+ if used to run the Api app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for HTTP either due to security flaws or to include
+ additional functionality. Using the latest HTTP version for web apps to take
+ advantage of security fixes, if any, and/or new functionalities of the newer
+ version.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.http20Enabled","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db","type":"Microsoft.Authorization/policyDefinitions","name":"991310cd-e9f3-47bc-b7b6-f57b557d07db"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1177'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:49 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''9a1b8c48-453a-4044-86c3-d8bfd823e4f5'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:50 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"FTPS only should be required in your
+ API App","policyType":"BuiltIn","mode":"Indexed","description":"Enable FTPS
+ enforcement for enhanced security","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/ftpsState","equals":"FtpsOnly"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5","type":"Microsoft.Authorization/policyDefinitions","name":"9a1b8c48-453a-4044-86c3-d8bfd823e4f5"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '938'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:51 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/9a7c7a7d-49e5-4213-bea8-6a502b6272e0?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''9a7c7a7d-49e5-4213-bea8-6a502b6272e0'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:53 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/9a7c7a7d-49e5-4213-bea8-6a502b6272e0?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Deploy Diagnostic Settings for Azure
+ SQL Database to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Azure SQL Database to stream to a regional Event
+ Hub on any Azure SQL Database which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"SQL"},"parameters":{"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"fullName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"resources":[{"type":"Microsoft.Sql/servers/databases/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''fullName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"QueryStoreRuntimeStatistics","enabled":"[parameters(''logsEnabled'')]"},{"category":"QueryStoreWaitStatistics","enabled":"[parameters(''logsEnabled'')]"},{"category":"Errors","enabled":"[parameters(''logsEnabled'')]"},{"category":"DatabaseWaitStatistics","enabled":"[parameters(''logsEnabled'')]"},{"category":"Blocks","enabled":"[parameters(''logsEnabled'')]"},{"category":"SQLInsights","enabled":"[parameters(''logsEnabled'')]"},{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"SQLSecurityAuditEvents","enabled":"[parameters(''logsEnabled'')]"},{"category":"Timeouts","enabled":"[parameters(''logsEnabled'')]"},{"category":"AutomaticTuning","enabled":"[parameters(''logsEnabled'')]"},{"category":"Deadlocks","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
+ diagnostic settings for '', parameters(''fullName''))]"}}},"parameters":{"location":{"value":"[field(''location'')]"},"fullName":{"value":"[field(''fullName'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9a7c7a7d-49e5-4213-bea8-6a502b6272e0","type":"Microsoft.Authorization/policyDefinitions","name":"9a7c7a7d-49e5-4213-bea8-6a502b6272e0"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '4307'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:54 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''9b597639-28e4-48eb-b506-56b05d366257'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:55 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Microsoft IaaSAntimalware extension should
+ be deployed on Windows servers","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Windows server VM without Microsoft IaaSAntimalware extension
+ deployed.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk"]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","type":"Microsoft.Authorization/policyDefinitions","name":"9b597639-28e4-48eb-b506-56b05d366257"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1908'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:56 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''9bfe3727-0a17-471f-a2fe-eddd6b668745'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:10:58 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"[Deprecated]: Audit API Applications
+ that are not using latest supported Java Framework","policyType":"BuiltIn","mode":"All","description":"Use
+ the latest supported Java version for the latest security classes. Using older
+ classes and types can make your application vulnerable.","metadata":{"category":"Security
+ Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745","type":"Microsoft.Authorization/policyDefinitions","name":"9bfe3727-0a17-471f-a2fe-eddd6b668745"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1201'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:00 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:01 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Ensure that ''Java version'' is the latest,
+ if used as a part of the Funtion app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for Java software either due to security flaws
+ or to include additional functionality. Using the latest Java version for
+ Function apps is recommended in order to to take advantage of security fixes,
+ if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"JavaLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ Java version","description":"Latest supported Java version for App Services"},"defaultValue":"11"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"JAVA"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","like":"[concat(''*'',
+ parameters(''JavaLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.javaVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.javaVersion","like":"[concat(parameters(''JavaLatestVersion''),
+ ''*'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc","type":"Microsoft.Authorization/policyDefinitions","name":"9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1890'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:01 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''9daedab3-fb2d-461e-b861-71790eead4f6'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:04 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Access through Internet facing endpoint
+ should be restricted","policyType":"BuiltIn","mode":"All","description":"Azure
+ Security center has identified some of your Network Security Groups'' inbound
+ rules to be too permissive. Inbound rules should not allow access from ''Any''
+ or ''Internet'' ranges. This can potentially enable attackers to easily target
+ your resources.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedNetworkEndpoint","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","type":"Microsoft.Authorization/policyDefinitions","name":"9daedab3-fb2d-461e-b861-71790eead4f6"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1232'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:04 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/9ea02ca2-71db-412d-8b00-7c7ca9fcd32d?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''9ea02ca2-71db-412d-8b00-7c7ca9fcd32d'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:05 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/9ea02ca2-71db-412d-8b00-7c7ca9fcd32d?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Append tag and its value from the resource
+ group","policyType":"BuiltIn","mode":"Indexed","description":"Appends the
+ specified tag with its value from the resource group when any resource which
+ is missing this tag is created or updated. Does not modify the tags of resources
+ created before this policy was applied until those resources are changed.
+ New ''modify'' effect policies are available that support remediation of tags
+ on existing resources (see https://aka.ms/modifydoc).","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"allOf":[{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","exists":"false"},{"value":"[resourceGroup().tags[parameters(''tagName'')]]","notEquals":""}]},"then":{"effect":"append","details":[{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","value":"[resourceGroup().tags[parameters(''tagName'')]]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ea02ca2-71db-412d-8b00-7c7ca9fcd32d","type":"Microsoft.Authorization/policyDefinitions","name":"9ea02ca2-71db-412d-8b00-7c7ca9fcd32d"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1205'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:06 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/9f658460-46b7-43af-8565-94fc0662be38?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''9f658460-46b7-43af-8565-94fc0662be38'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:08 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/9f658460-46b7-43af-8565-94fc0662be38?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Show audit results from Windows VMs that
+ are not set to the specified time zone","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Windows virtual machines that are not set to the specified time zone.
+ For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsTimeZone","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9f658460-46b7-43af-8565-94fc0662be38","type":"Microsoft.Authorization/policyDefinitions","name":"9f658460-46b7-43af-8565-94fc0662be38"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '2720'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:09 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a030a57e-4639-4e8f-ade9-a92f33afe7ee?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''a030a57e-4639-4e8f-ade9-a92f33afe7ee'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:11 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/a030a57e-4639-4e8f-ade9-a92f33afe7ee?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
+ VMs on which the Log Analytics agent is not connected as expected","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Windows virtual machines on which the Log Analytics agent is not
+ connected to the specified workspaces. For more information on Guest Configuration
+ policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsLogAnalyticsAgentConnection","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a030a57e-4639-4e8f-ade9-a92f33afe7ee","type":"Microsoft.Authorization/policyDefinitions","name":"a030a57e-4639-4e8f-ade9-a92f33afe7ee"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '2802'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:12 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''a08ec900-254a-4555-9bf5-e42af04b5c5c'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:13 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Allowed resource types","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy enables you to specify the resource types that your organization can
+ deploy. Only resource types that support ''tags'' and ''location'' will be
+ affected by this policy. To restrict all resources please duplicate this policy
+ and change the ''mode'' to ''All''.","metadata":{"category":"General"},"parameters":{"listOfResourceTypesAllowed":{"type":"Array","metadata":{"description":"The
+ list of resource types that can be deployed.","displayName":"Allowed resource
+ types","strongType":"resourceTypes"}}},"policyRule":{"if":{"not":{"field":"type","in":"[parameters(''listOfResourceTypesAllowed'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c","type":"Microsoft.Authorization/policyDefinitions","name":"a08ec900-254a-4555-9bf5-e42af04b5c5c"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '930'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:14 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a1181c5f-672a-477a-979a-7d58aa086233?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''a1181c5f-672a-477a-979a-7d58aa086233'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:16 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/a1181c5f-672a-477a-979a-7d58aa086233?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Security Center standard pricing tier
+ should be selected","policyType":"BuiltIn","mode":"All","description":"The
+ standard pricing tier enables threat detection for networks and virtual machines,
+ providing threat intelligence, anomaly detection, and behavior analytics in
+ Azure Security Center","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Security/pricings"},{"field":"Microsoft.Security/pricings/pricingTier","exists":"true"},{"field":"Microsoft.Security/pricings/pricingTier","notEquals":"Standard"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1181c5f-672a-477a-979a-7d58aa086233","type":"Microsoft.Authorization/policyDefinitions","name":"a1181c5f-672a-477a-979a-7d58aa086233"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1035'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:17 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''a1817ec0-a368-432a-8057-8371e17ac6ee'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:19 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"All authorization rules except RootManageSharedAccessKey
+ should be removed from Service Bus namespace","policyType":"BuiltIn","mode":"All","description":"Service
+ Bus clients should not use a namespace level access policy that provides access
+ to all queues and topics in a namespace. To align with the least privilege
+ security model, you shoud create access policies at the entity level for queues
+ and topics to provide access to only the specific entity","metadata":{"category":"Service
+ Bus"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceBus/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","type":"Microsoft.Authorization/policyDefinitions","name":"a1817ec0-a368-432a-8057-8371e17ac6ee"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1168'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:19 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a1dae6c7-13f3-48ea-a149-ff8442661f60?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''a1dae6c7-13f3-48ea-a149-ff8442661f60'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:21 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/a1dae6c7-13f3-48ea-a149-ff8442661f60?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Deploy Diagnostic Settings for Logic
+ Apps to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Logic Apps to stream to a regional Event Hub when
+ any Logic Apps which is missing this diagnostic settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Logic/workflows/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"WorkflowRuntime","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1dae6c7-13f3-48ea-a149-ff8442661f60","type":"Microsoft.Authorization/policyDefinitions","name":"a1dae6c7-13f3-48ea-a149-ff8442661f60"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3721'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:23 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a1e8dda3-9fd2-4835-aec3-0e55531fde33?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''a1e8dda3-9fd2-4835-aec3-0e55531fde33'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:24 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/a1e8dda3-9fd2-4835-aec3-0e55531fde33?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
+ VMs configurations in ''Administrative Templates - System''","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Windows virtual machines with non-compliant settings in Group Policy
+ category: ''Administrative Templates - System''. For more information on Guest
+ Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1e8dda3-9fd2-4835-aec3-0e55531fde33","type":"Microsoft.Authorization/policyDefinitions","name":"a1e8dda3-9fd2-4835-aec3-0e55531fde33"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '2665'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:25 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a29ee95c-0395-4515-9851-cc04ffe82a91?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''a29ee95c-0395-4515-9851-cc04ffe82a91'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:27 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/a29ee95c-0395-4515-9851-cc04ffe82a91?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Show audit results from Windows VMs that
+ are not joined to the specified domain","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Windows virtual machines that are not joined to the specified domain.
+ For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDomainMembership","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a29ee95c-0395-4515-9851-cc04ffe82a91","type":"Microsoft.Authorization/policyDefinitions","name":"a29ee95c-0395-4515-9851-cc04ffe82a91"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '2728'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:28 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''a451c1ef-c6ca-483d-87ed-f49761e3ffb5'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:30 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Audit usage of custom RBAC rules","policyType":"BuiltIn","mode":"All","description":"Audit
+ built-in roles such as ''Owner, Contributer, Reader'' instead of custom RBAC
+ roles, which are error prone. Using custom roles is treated as an exception
+ and requires a rigorous review and threat modeling","metadata":{"category":"General"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Authorization/roleDefinitions"},{"field":"Microsoft.Authorization/roleDefinitions/type","equals":"CustomRole"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","type":"Microsoft.Authorization/policyDefinitions","name":"a451c1ef-c6ca-483d-87ed-f49761e3ffb5"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '975'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:30 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''a4af4a39-4135-47fb-b175-47fbdf85311d'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:32 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Web Application should only be accessible
+ over HTTPS","policyType":"BuiltIn","mode":"Indexed","description":"Use of
+ HTTPS ensures server/service authentication and protects data in transit from
+ network layer eavesdropping attacks.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","type":"Microsoft.Authorization/policyDefinitions","name":"a4af4a39-4135-47fb-b175-47fbdf85311d"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '908'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:33 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:35 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Auditing should be enabled on advanced
+ data security settings on SQL Server","policyType":"BuiltIn","mode":"Indexed","description":"Auditing
+ tracks database events and writes them to an audit log in the Azure storage
+ account. It also helps to maintain regulatory compliance, understand database
+ activity, and gain insight into discrepancies and anomalies that could indicate
+ business concerns or suspected security violations.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"setting":{"type":"String","metadata":{"displayName":"Desired
+ Auditing setting"},"allowedValues":["enabled","disabled"],"defaultValue":"enabled"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"field":"Microsoft.Sql/auditingSettings.state","equals":"[parameters(''setting'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","type":"Microsoft.Authorization/policyDefinitions","name":"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1346'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:37 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''a70ca396-0a34-413a-88e1-b956c1e683be'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:39 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"The Log Analytics agent should be installed
+ on virtual machines","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Windows/Linux virtual machines if the Log Analytics agent
+ is not installed.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","in":["MicrosoftMonitoringAgent","OmsAgentForLinux"]},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"},{"field":"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be","type":"Microsoft.Authorization/policyDefinitions","name":"a70ca396-0a34-413a-88e1-b956c1e683be"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1348'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:40 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''a7aca53f-2ed4-4466-a25e-0b45ade68efd'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:42 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"DDoS Protection Standard should be enabled","policyType":"BuiltIn","mode":"All","description":"DDoS
+ protection standard should be enabled for all virtual networks with a subnet
+ that is part of an application gateway with a public IP.","metadata":{"category":"Security
+ Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"microsoft.network/virtualNetworks"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableDDoSProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","type":"Microsoft.Authorization/policyDefinitions","name":"a7aca53f-2ed4-4466-a25e-0b45ade68efd"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1053'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:43 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''a7ff3161-0087-490a-9ad9-ad6217f4f43a'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:44 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Require encryption on Data Lake Store
+ accounts","policyType":"BuiltIn","mode":"Indexed","description":"This policy
+ ensures encryption is enabled on all Data Lake Store accounts","metadata":{"category":"Data
+ Lake"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},{"field":"Microsoft.DataLakeStore/accounts/encryptionState","equals":"Disabled"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"a7ff3161-0087-490a-9ad9-ad6217f4f43a"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '654'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:45 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''a8bef009-a5c9-4d0f-90d7-6018734e8a16'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:47 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"[Deprecated] Monitor unencrypted SQL
+ databases in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Unencrypted
+ SQL databases will be monitored by Azure Security Center as recommendations.
+ This policy is deprecated and replaced by the following policy: Transparent
+ Data Encryption on SQL databases should be enabled''","metadata":{"category":"Security
+ Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16","type":"Microsoft.Authorization/policyDefinitions","name":"a8bef009-a5c9-4d0f-90d7-6018734e8a16"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1164'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:48 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a9a33475-481d-4b81-9116-0bf02ffe67e8?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''a9a33475-481d-4b81-9116-0bf02ffe67e8'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:50 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/a9a33475-481d-4b81-9116-0bf02ffe67e8?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
+ VMs configurations in ''System Audit Policies - Detailed Tracking''","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Windows virtual machines with non-compliant settings in Group Policy
+ category: ''System Audit Policies - Detailed Tracking''. For more information
+ on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesDetailedTracking","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9a33475-481d-4b81-9116-0bf02ffe67e8","type":"Microsoft.Authorization/policyDefinitions","name":"a9a33475-481d-4b81-9116-0bf02ffe67e8"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '2687'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:51 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''a9b99dd8-06c5-4317-8629-9d86a3c6e7d9'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:53 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Deploy network watcher when virtual networks
+ are created","policyType":"BuiltIn","mode":"Indexed","description":"This policy
+ creates a network watcher resource in regions with virtual networks. You need
+ to ensure existence of a resource group named networkWatcherRG, which will
+ be used to deploy network watcher instances.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/virtualNetworks"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Network/networkWatchers","resourceGroupName":"networkWatcherRG","existenceCondition":{"field":"location","equals":"[field(''location'')]"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json","contentVersion":"1.0.0.0","parameters":{"location":{"type":"string"}},"resources":[{"apiVersion":"2016-09-01","type":"Microsoft.Network/networkWatchers","name":"[concat(''networkWatcher_'',
+ parameters(''location''))]","location":"[parameters(''location'')]"}]},"parameters":{"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9","type":"Microsoft.Authorization/policyDefinitions","name":"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1466'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:54 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''aa633080-8b72-40c4-a2d7-d00c03e80bed'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:55 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"MFA should be enabled on accounts with
+ owner permissions on your subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor
+ Authentication (MFA) should be enabled for all subscription accounts with
+ owner permissions to prevent a breach of accounts or resources.","metadata":{"category":"Security
+ Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","type":"Microsoft.Authorization/policyDefinitions","name":"aa633080-8b72-40c4-a2d7-d00c03e80bed"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1108'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:56 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/aa81768c-cb87-4ce2-bfaa-00baa10d760c?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''aa81768c-cb87-4ce2-bfaa-00baa10d760c'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:58 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/aa81768c-cb87-4ce2-bfaa-00baa10d760c?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Ensure that Register with Azure Active
+ Directory is enabled on WEB App","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aa81768c-cb87-4ce2-bfaa-00baa10d760c","type":"Microsoft.Authorization/policyDefinitions","name":"aa81768c-cb87-4ce2-bfaa-00baa10d760c"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1245'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:11:59 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ab965db2-d2bf-4b64-8b39-c38ec8179461?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''ab965db2-d2bf-4b64-8b39-c38ec8179461'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:12:01 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/ab965db2-d2bf-4b64-8b39-c38ec8179461?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Ensure that ''PHP version'' is the latest,
+ if used as a part of the Function app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for PHP software either due to security flaws
+ or to include additional functionality. Using the latest PHP version for Function
+ apps is recommended in order to to take advantage of security fixes, if any,
+ and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"PHPLatestVersion":{"type":"String","metadata":{"displayName":"Latest
+ PHP version","description":"Latest supported PHP version for App Services"},"defaultValue":"7.3"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","notContains":"PHP"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":"[concat(''PHP|'',
+ parameters(''PHPLatestVersion''))]"},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":""}]},{"allOf":[{"field":"Microsoft.Web/sites/config/web.linuxFxVersion","equals":""},{"field":"Microsoft.Web/sites/config/web.phpVersion","equals":"[parameters(''PHPLatestVersion'')]"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ab965db2-d2bf-4b64-8b39-c38ec8179461","type":"Microsoft.Authorization/policyDefinitions","name":"ab965db2-d2bf-4b64-8b39-c38ec8179461"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1874'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:12:02 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''abcc6037-1fc4-47f6-aac5-89706589be24'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:12:03 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"[Deprecated]: Automatic provisioning
+ of security monitoring agent","policyType":"BuiltIn","mode":"All","description":"Installs
+ security agent on VMs for advanced security alerts and preventions in Azure
+ Security Center. Applies only for subscriptions that use Azure Security Center.","metadata":{"category":"Security
+ Center","deprecated":true},"parameters":{},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Security/complianceResults","name":"securityAgent","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24","type":"Microsoft.Authorization/policyDefinitions","name":"abcc6037-1fc4-47f6-aac5-89706589be24"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '942'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:12:04 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:12:06 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Advanced data security should be enabled
+ on your SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"Audit
+ SQL servers without Advanced Data Security","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/state","equals":"Enabled"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","type":"Microsoft.Authorization/policyDefinitions","name":"abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '941'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:12:07 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:12:08 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Advanced data security should be enabled
+ on your SQL managed instances","policyType":"BuiltIn","mode":"Indexed","description":"Audit
+ SQL managed instances without Advanced Data Security","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/state","equals":"Enabled"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","type":"Microsoft.Authorization/policyDefinitions","name":"abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '988'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:12:09 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''ac4a19c2-fa67-49b4-8ae5-0b2e78c49457'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:12:10 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"[Preview]: Role-Based Access Control
+ (RBAC) should be used on Kubernetes Services","policyType":"BuiltIn","mode":"All","description":"To
+ provide granular filtering on the actions that users can perform, use Role-Based
+ Access Control (RBAC) to manage permissions in Kubernetes Service Clusters
+ and configure relevant authorization policies.","metadata":{"category":"Security
+ Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/enableRBAC","exists":"false"},{"field":"Microsoft.ContainerService/managedClusters/enableRBAC","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","type":"Microsoft.Authorization/policyDefinitions","name":"ac4a19c2-fa67-49b4-8ae5-0b2e78c49457"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1147'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:12:11 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''ac7e5fc0-c029-4b12-91d4-a8500ce697f9'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:12:13 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"[Deprecated]: Allow resource creation
+ if ''environment'' tag value in allowed values","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ resource creation if the ''environment'' tag is set to one of the following
+ values: production, dev, test, staging","metadata":{"category":"Tags","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags[''environment'']","in":["production","dev","test","staging"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9","type":"Microsoft.Authorization/policyDefinitions","name":"ac7e5fc0-c029-4b12-91d4-a8500ce697f9"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '678'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:12:14 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ae5d2f14-d830-42b6-9899-df6cfe9c71a3?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''ae5d2f14-d830-42b6-9899-df6cfe9c71a3'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:12:16 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/ae5d2f14-d830-42b6-9899-df6cfe9c71a3?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"SQL Server should use a virtual network
+ service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any SQL Server not configured to use a virtual network service
+ endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/virtualNetworkRules","existenceCondition":{"field":"Microsoft.Sql/servers/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ae5d2f14-d830-42b6-9899-df6cfe9c71a3","type":"Microsoft.Authorization/policyDefinitions","name":"ae5d2f14-d830-42b6-9899-df6cfe9c71a3"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '977'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:12:16 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''aeb23562-188d-47cb-80b8-551f16ef9fff'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:12:18 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Email notifications to admins and subscription
+ owners should be enabled in SQL managed instance advanced data security settings","policyType":"BuiltIn","mode":"Indexed","description":"Audit
+ that ''email notification to admins and subscription owners'' is enabled in
+ the SQL managed instance advanced threat protection settings. This ensures
+ that any detections of anomalous activities on SQL managed instance are reported
+ as soon as possible to the admins.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","type":"Microsoft.Authorization/policyDefinitions","name":"aeb23562-188d-47cb-80b8-551f16ef9fff"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1267'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:12:19 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''af6cd1bd-1635-48cb-bde7-5b15693900b9'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:12:20 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Monitor missing Endpoint Protection in
+ Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Servers
+ without an installed Endpoint Protection agent will be monitored by Azure
+ Security Center as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"endpointProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","type":"Microsoft.Authorization/policyDefinitions","name":"af6cd1bd-1635-48cb-bde7-5b15693900b9"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1088'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:12:21 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''af8051bf-258b-44e2-a2bf-165330459f9d'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:12:23 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"[Deprecated] Monitor unaudited SQL servers
+ in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"SQL
+ servers which don''t have SQL auditing turned on will be monitored by Azure
+ Security Center as recommendations. This policy is deprecated and replaced
+ by the following policy: ''Auditing should be enabled on advanced data security
+ settings on SQL Server''","metadata":{"category":"Security Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"auditing","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d","type":"Microsoft.Authorization/policyDefinitions","name":"af8051bf-258b-44e2-a2bf-165330459f9d"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1188'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:12:23 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''b02aacc0-b073-424e-8298-42b22829ee0a'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:12:25 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Activity log should be retained for at
+ least one year","policyType":"BuiltIn","mode":"All","description":"This policy
+ audits the activity log if the retention is not set for 365 days or forever
+ (retention days set to 0).","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"true"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"365"}]},{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"false"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"0"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","type":"Microsoft.Authorization/policyDefinitions","name":"b02aacc0-b073-424e-8298-42b22829ee0a"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1263'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:12:26 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''b0f33259-77d7-4c9e-aac6-3aabcfae693c'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:12:28 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Just-In-Time network access control should
+ be applied on virtual machines","policyType":"BuiltIn","mode":"All","description":"Possible
+ network Just In Time (JIT) access will be monitored by Azure Security Center
+ as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"jitNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","type":"Microsoft.Authorization/policyDefinitions","name":"b0f33259-77d7-4c9e-aac6-3aabcfae693c"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1046'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:12:29 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''b18175dd-c599-4c64-83ba-bb018a06d35b'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:12:30 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"[Preview]: Show audit results from Linux
+ VMs that do not have the passwd file permissions set to 0644","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Linux virtual machines that do not have the passwd file permissions
+ set to 0644. For more information on Guest Configuration policies, please
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","type":"Microsoft.Authorization/policyDefinitions","name":"b18175dd-c599-4c64-83ba-bb018a06d35b"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '3204'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:12:31 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''b278e460-7cfc-4451-8294-cccc40a940d7'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:12:33 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"All authorization rules except RootManageSharedAccessKey
+ should be removed from Event Hub namespace","policyType":"BuiltIn","mode":"All","description":"Event
+ Hub clients should not use a namespace level access policy that provides access
+ to all queues and topics in a namespace. To align with the least privilege
+ security model, you shoud create access policies at the entity level for queues
+ and topics to provide access to only the specific entity","metadata":{"category":"Event
+ Hub"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.EventHub/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","type":"Microsoft.Authorization/policyDefinitions","name":"b278e460-7cfc-4451-8294-cccc40a940d7"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1160'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:12:34 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''b2fc8f91-866d-4434-9089-5ebfe38d6fd8'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:12:36 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Deploy prerequisites to audit Windows
+ web servers that are not using secure communication protocols","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Windows web servers
+ that are not using secure communication protocols (TLS 1.1 or TLS 1.2). It
+ also creates a system-assigned managed identity and deploys the VM extension
+ for Guest Configuration. This policy should only be used along with its corresponding
+ audit policy in an initiative. For more information on Guest Configuration
+ policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"MinimumTLSVersion":{"type":"String","metadata":{"displayName":"Minimum
+ TLS version","description":"The minimum TLS protocol version that should be
+ enabled. Windows web servers with lower TLS versions will be marked as non-compliant."},"allowedValues":["1.1","1.2"],"defaultValue":"1.1"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AuditSecureProtocol","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"anyOf":[{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[SecureWebServer]s1;MinimumTLSVersion'',
+ ''='', parameters(''MinimumTLSVersion'')))]"},{"allOf":[{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":""},{"value":"[parameters(''MinimumTLSVersion'')]","equals":"1.1"}]}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AuditSecureProtocol"},"MinimumTLSVersion":{"value":"[parameters(''MinimumTLSVersion'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"MinimumTLSVersion":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[SecureWebServer]s1;MinimumTLSVersion","value":"[parameters(''MinimumTLSVersion'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[SecureWebServer]s1;MinimumTLSVersion","value":"[parameters(''MinimumTLSVersion'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","type":"Microsoft.Authorization/policyDefinitions","name":"b2fc8f91-866d-4434-9089-5ebfe38d6fd8"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '6299'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:12:37 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/b3802d79-dd88-4bce-b81d-780218e48280?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''b3802d79-dd88-4bce-b81d-780218e48280'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:12:38 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/b3802d79-dd88-4bce-b81d-780218e48280?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
+ VMs configurations in ''System Audit Policies - Logon-Logoff''","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Windows virtual machines with non-compliant settings in Group Policy
+ category: ''System Audit Policies - Logon-Logoff''. For more information on
+ Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesLogonLogoff","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b3802d79-dd88-4bce-b81d-780218e48280","type":"Microsoft.Authorization/policyDefinitions","name":"b3802d79-dd88-4bce-b81d-780218e48280"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '2672'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:12:39 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''b4330a05-a843-4bc8-bf9a-cacce50c67f4'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:12:42 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Diagnostic logs in Search services should
+ be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit enabling
+ of diagnostic logs. This enables you to recreate activity trails to use for
+ investigation purposes; when a security incident occurs or when your network
+ is compromised","metadata":{"category":"Search"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (days)","description":"The required diagnostic logs retention in
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","type":"Microsoft.Authorization/policyDefinitions","name":"b4330a05-a843-4bc8-bf9a-cacce50c67f4"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1787'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:12:43 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''b48334a4-911b-4084-b1ab-3e6a4e50b951'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:12:44 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"[Deprecated]: Audit Web Sockets state
+ for an API App","policyType":"BuiltIn","mode":"All","description":"The Web
+ Sockets protocol is vulnerable to different types of security threats. Use
+ of Web Sockets within an API app must be carefully reviewed.","metadata":{"category":"Security
+ Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951","type":"Microsoft.Authorization/policyDefinitions","name":"b48334a4-911b-4084-b1ab-3e6a4e50b951"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1175'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:12:45 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''b4d66858-c922-44e3-9566-5cdb7a7be744'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:12:47 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"A security contact phone number should
+ be provided for your subscription","policyType":"BuiltIn","mode":"All","description":"Enter
+ a phone number to receive notifications when Azure Security Center detects
+ compromised resources","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/phone","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","type":"Microsoft.Authorization/policyDefinitions","name":"b4d66858-c922-44e3-9566-5cdb7a7be744"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '990'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:12:48 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''b54ed75b-3e1a-44ac-a333-05ba39b99ff0'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:12:49 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"Service Fabric clusters should only use
+ Azure Active Directory for client authentication","policyType":"BuiltIn","mode":"Indexed","description":"Audit
+ usage of client authentication only via Azure Active Directory in Service
+ Fabric","metadata":{"category":"Service Fabric"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceFabric/clusters"},{"anyOf":[{"field":"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId","exists":"false"},{"field":"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId","equals":""}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","type":"Microsoft.Authorization/policyDefinitions","name":"b54ed75b-3e1a-44ac-a333-05ba39b99ff0"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1026'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:36 GMT
+ - Fri, 06 Dec 2019 22:12:50 GMT
expires:
- '-1'
pragma:
@@ -20514,16 +34196,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/90ba2ee7-4ca8-4673-84d1-c851c50d3baf?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''90ba2ee7-4ca8-4673-84d1-c851c50d3baf'' could not be found."}}'
+ ''b5f04e03-92a3-4b09-9410-2cc5e5047656'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -20532,7 +34214,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:36 GMT
+ - Fri, 06 Dec 2019 22:12:53 GMT
expires:
- '-1'
pragma:
@@ -20558,45 +34240,29 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/90ba2ee7-4ca8-4673-84d1-c851c50d3baf?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Deploy prerequisites to audit Windows
- VMs that do not have the specified Windows PowerShell modules installed","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Windows virtual machines
- that do not have the specified Windows PowerShell modules installed. It also
- creates a system-assigned managed identity and deploys the VM extension for
- Guest Configuration. This policy should only be used along with its corresponding
- audit policy in an initiative. For more information on Guest Configuration
- policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"Modules":{"type":"String","metadata":{"displayName":"PowerShell
- Modules","description":"A semicolon-separated list of the names of the PowerShell
- modules that should be installed. You may also specify a specific version
- of a module that should be installed by including a comma after the module
- name, followed by the desired version. e.g. PSDscResources; SqlServerDsc,
- 12.0.0.0; ComputerManagementDsc, 6.1.0.0"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellModules","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[PowerShellModules]PowerShellModules1;Modules'',
- ''='', parameters(''Modules'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPowerShellModules"},"Modules":{"value":"[parameters(''Modules'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"Modules":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellModules]PowerShellModules1;Modules","value":"[parameters(''Modules'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellModules]PowerShellModules1;Modules","value":"[parameters(''Modules'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/90ba2ee7-4ca8-4673-84d1-c851c50d3baf","type":"Microsoft.Authorization/policyDefinitions","name":"90ba2ee7-4ca8-4673-84d1-c851c50d3baf"}'
+ string: '{"properties":{"displayName":"Deploy Advanced Threat Protection for
+ Cosmos DB Accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy enables Advanced Threat Protection across Cosmos DB accounts.","metadata":{"category":"Cosmos
+ DB"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"cosmosDbAccountName":{"type":"string"}},"resources":[{"apiVersion":"2019-01-01","type":"Microsoft.DocumentDB/databaseAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''cosmosDbAccountName''),
+ ''/Microsoft.Security/current'')]","properties":{"isEnabled":true}}]},"parameters":{"cosmosDbAccountName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656","type":"Microsoft.Authorization/policyDefinitions","name":"b5f04e03-92a3-4b09-9410-2cc5e5047656"}'
headers:
cache-control:
- no-cache
content-length:
- - '6157'
+ - '1665'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:36 GMT
+ - Fri, 06 Dec 2019 22:12:54 GMT
expires:
- '-1'
pragma:
@@ -20626,16 +34292,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/9178b430-2295-406e-bb28-f6a7a2a2f897?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''9178b430-2295-406e-bb28-f6a7a2a2f897'' could not be found."}}'
+ ''b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -20644,7 +34310,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:37 GMT
+ - Fri, 06 Dec 2019 22:12:56 GMT
expires:
- '-1'
pragma:
@@ -20670,31 +34336,29 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/9178b430-2295-406e-bb28-f6a7a2a2f897?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
- VMs configurations in ''Windows Components''","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines with non-compliant settings in Group Policy
- category: ''Windows Components''. For more information on Guest Configuration
- policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_WindowsComponents","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9178b430-2295-406e-bb28-f6a7a2a2f897","type":"Microsoft.Authorization/policyDefinitions","name":"9178b430-2295-406e-bb28-f6a7a2a2f897"}'
+ string: '{"properties":{"displayName":"Diagnostic logs in App Services should
+ be enabled","policyType":"BuiltIn","mode":"All","description":"Audit enabling
+ of diagnostic logs on the app. This enables you to recreate activity trails
+ for investigation purposes if a security incident occurs or your network is
+ compromised","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","notContains":"functionapp"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"allOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","type":"Microsoft.Authorization/policyDefinitions","name":"b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0"}'
headers:
cache-control:
- no-cache
content-length:
- - '2623'
+ - '1250'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:37 GMT
+ - Fri, 06 Dec 2019 22:12:57 GMT
expires:
- '-1'
pragma:
@@ -20724,16 +34388,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''9297c21d-2ed6-4474-b48f-163f75654ce3'' could not be found."}}'
+ ''b6e2945c-0b7b-40f5-9233-7a5323b5cdc6'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -20742,7 +34406,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:38 GMT
+ - Fri, 06 Dec 2019 22:12:59 GMT
expires:
- '-1'
pragma:
@@ -20768,29 +34432,30 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"MFA should be enabled accounts with write
- permissions on your subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor
- Authentication (MFA) should be enabled for all subscription accounts with
- write privileges to prevent a breach of accounts or resources.","metadata":{"category":"Security
- Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","type":"Microsoft.Authorization/policyDefinitions","name":"9297c21d-2ed6-4474-b48f-163f75654ce3"}'
+ string: '{"properties":{"displayName":"Network Watcher should be enabled","policyType":"BuiltIn","mode":"All","description":"Network
+ Watcher is a regional service that enables you to monitor and diagnose conditions
+ at a network scenario level in, to, and from Azure. Scenario level monitoring
+ enables you to diagnose problems at an end to end network level view. Network
+ diagnostic and visualization tools available with Network Watcher help you
+ understand, diagnose, and gain insights to your network in Azure.","metadata":{"category":"Network"},"parameters":{"listOfLocations":{"type":"Array","metadata":{"displayName":"Locations","description":"Audit
+ if Network Watcher is not enabled for region(s).","strongType":"location"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Network/networkWatchers","resourceGroupName":"NetworkWatcherRG","existenceCondition":{"field":"location","in":"[parameters(''listOfLocations'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","type":"Microsoft.Authorization/policyDefinitions","name":"b6e2945c-0b7b-40f5-9233-7a5323b5cdc6"}'
headers:
cache-control:
- no-cache
content-length:
- - '1104'
+ - '1211'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:38 GMT
+ - Fri, 06 Dec 2019 22:13:00 GMT
expires:
- '-1'
pragma:
@@ -20820,16 +34485,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/9328f27e-611e-44a7-a244-39109d7d35ab?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''9328f27e-611e-44a7-a244-39109d7d35ab'' could not be found."}}'
+ ''b7ddfbdc-1260-477d-91fd-98bd9be789a6'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -20838,7 +34503,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:38 GMT
+ - Fri, 06 Dec 2019 22:13:02 GMT
expires:
- '-1'
pragma:
@@ -20864,31 +34529,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/9328f27e-611e-44a7-a244-39109d7d35ab?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
- VMs that contain certificates expiring within the specified number of days","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines that contain certificates expiring within
- the specified number of days. For more information on Guest Configuration
- policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"CertificateExpiration","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9328f27e-611e-44a7-a244-39109d7d35ab","type":"Microsoft.Authorization/policyDefinitions","name":"9328f27e-611e-44a7-a244-39109d7d35ab"}'
+ string: '{"properties":{"displayName":"API App should only be accessible over
+ HTTPS","policyType":"BuiltIn","mode":"Indexed","description":"Use of HTTPS
+ ensures server/service authentication and protects data in transit from network
+ layer eavesdropping attacks.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","type":"Microsoft.Authorization/policyDefinitions","name":"b7ddfbdc-1260-477d-91fd-98bd9be789a6"}'
headers:
cache-control:
- no-cache
content-length:
- - '2791'
+ - '900'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:38 GMT
+ - Fri, 06 Dec 2019 22:13:03 GMT
expires:
- '-1'
pragma:
@@ -20918,16 +34580,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/b821191b-3a12-44bc-9c38-212138a29ff3?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''93507a81-10a4-4af0-9ee2-34cf25a96e98'' could not be found."}}'
+ ''b821191b-3a12-44bc-9c38-212138a29ff3'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -20936,7 +34598,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:39 GMT
+ - Fri, 06 Dec 2019 22:13:05 GMT
expires:
- '-1'
pragma:
@@ -20962,231 +34624,43 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/b821191b-3a12-44bc-9c38-212138a29ff3?api-version=2019-09-01
response:
body:
string: '{"properties":{"displayName":"Deploy prerequisites to audit Windows
- VMs in which the Administrators group does not contain all of the specified
+ VMs in which the Administrators group does not contain only the specified
members","policyType":"BuiltIn","mode":"Indexed","description":"This policy
creates a Guest Configuration assignment to audit Windows virtual machines
- in which the Administrators group does not contain all of the specified members.
+ in which the Administrators group does not contain only the specified members.
It also creates a system-assigned managed identity and deploys the VM extension
for Guest Configuration. This policy should only be used along with its corresponding
audit policy in an initiative. For more information on Guest Configuration
policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"MembersToInclude":{"type":"String","metadata":{"displayName":"Members
- to include","description":"A semicolon-separated list of members that should
- be included in the Administrators local group. Ex: Administrator; myUser1;
- myUser2"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AdministratorsGroupMembersToInclude","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[LocalGroup]AdministratorsGroup;MembersToInclude'',
- ''='', parameters(''MembersToInclude'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AdministratorsGroupMembersToInclude"},"MembersToInclude":{"value":"[parameters(''MembersToInclude'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"MembersToInclude":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToInclude","value":"[parameters(''MembersToInclude'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;MembersToInclude","value":"[parameters(''MembersToInclude'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98","type":"Microsoft.Authorization/policyDefinitions","name":"93507a81-10a4-4af0-9ee2-34cf25a96e98"}'
- headers:
- cache-control:
- - no-cache
- content-length:
- - '6086'
- content-type:
- - application/json; charset=utf-8
- date:
- - Tue, 10 Sep 2019 00:18:39 GMT
- expires:
- - '-1'
- pragma:
- - no-cache
- strict-transport-security:
- - max-age=31536000; includeSubDomains
- transfer-encoding:
- - chunked
- vary:
- - Accept-Encoding,Accept-Encoding
- x-content-type-options:
- - nosniff
- status:
- code: 200
- message: OK
-- request:
- body: null
- headers:
- Accept:
- - application/json
- Accept-Encoding:
- - gzip, deflate
- CommandName:
- - policy definition show
- Connection:
- - keep-alive
- ParameterSetName:
- - -n
- User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
- accept-language:
- - en-US
- method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b?api-version=2019-06-01
- response:
- body:
- string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''94c19f19-8192-48cd-a11b-e37099d3e36b'' could not be found."}}'
- headers:
- cache-control:
- - no-cache
- content-length:
- - '138'
- content-type:
- - application/json; charset=utf-8
- date:
- - Tue, 10 Sep 2019 00:18:39 GMT
- expires:
- - '-1'
- pragma:
- - no-cache
- strict-transport-security:
- - max-age=31536000; includeSubDomains
- x-content-type-options:
- - nosniff
- status:
- code: 404
- message: Not Found
-- request:
- body: null
- headers:
- Accept:
- - application/json
- Accept-Encoding:
- - gzip, deflate
- CommandName:
- - policy definition show
- Connection:
- - keep-alive
- ParameterSetName:
- - -n
- User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
- accept-language:
- - en-US
- method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b?api-version=2019-06-01
- response:
- body:
- string: '{"properties":{"displayName":"Allow resource creation only in European
- data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
- resource creation in the following locations only: North Europe, West Europe","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["northeurope","westeurope"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b","type":"Microsoft.Authorization/policyDefinitions","name":"94c19f19-8192-48cd-a11b-e37099d3e36b"}'
- headers:
- cache-control:
- - no-cache
- content-length:
- - '596'
- content-type:
- - application/json; charset=utf-8
- date:
- - Tue, 10 Sep 2019 00:18:39 GMT
- expires:
- - '-1'
- pragma:
- - no-cache
- strict-transport-security:
- - max-age=31536000; includeSubDomains
- transfer-encoding:
- - chunked
- vary:
- - Accept-Encoding,Accept-Encoding
- x-content-type-options:
- - nosniff
- status:
- code: 200
- message: OK
-- request:
- body: null
- headers:
- Accept:
- - application/json
- Accept-Encoding:
- - gzip, deflate
- CommandName:
- - policy definition show
- Connection:
- - keep-alive
- ParameterSetName:
- - -n
- User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
- accept-language:
- - en-US
- method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/96670d01-0a4d-4649-9c89-2d3abc0a5025?api-version=2019-06-01
- response:
- body:
- string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''96670d01-0a4d-4649-9c89-2d3abc0a5025'' could not be found."}}'
- headers:
- cache-control:
- - no-cache
- content-length:
- - '138'
- content-type:
- - application/json; charset=utf-8
- date:
- - Tue, 10 Sep 2019 00:18:39 GMT
- expires:
- - '-1'
- pragma:
- - no-cache
- strict-transport-security:
- - max-age=31536000; includeSubDomains
- x-content-type-options:
- - nosniff
- status:
- code: 404
- message: Not Found
-- request:
- body: null
- headers:
- Accept:
- - application/json
- Accept-Encoding:
- - gzip, deflate
- CommandName:
- - policy definition show
- Connection:
- - keep-alive
- ParameterSetName:
- - -n
- User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
- accept-language:
- - en-US
- method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/96670d01-0a4d-4649-9c89-2d3abc0a5025?api-version=2019-06-01
- response:
- body:
- string: '{"properties":{"displayName":"Require specified tag on resource groups","policyType":"BuiltIn","mode":"All","description":"Enforces
- existence of a tag on resource groups.","metadata":{"category":"General"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
- Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","exists":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/96670d01-0a4d-4649-9c89-2d3abc0a5025","type":"Microsoft.Authorization/policyDefinitions","name":"96670d01-0a4d-4649-9c89-2d3abc0a5025"}'
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"Members":{"type":"String","metadata":{"displayName":"Members","description":"A
+ semicolon-separated list of all the expected members of the Administrators
+ local group. Ex: Administrator; myUser1; myUser2"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AdministratorsGroupMembers","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[LocalGroup]AdministratorsGroup;Members'',
+ ''='', parameters(''Members'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AdministratorsGroupMembers"},"Members":{"value":"[parameters(''Members'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"Members":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;Members","value":"[parameters(''Members'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;Members","value":"[parameters(''Members'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b821191b-3a12-44bc-9c38-212138a29ff3","type":"Microsoft.Authorization/policyDefinitions","name":"b821191b-3a12-44bc-9c38-212138a29ff3"}'
headers:
cache-control:
- no-cache
content-length:
- - '746'
+ - '6028'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:39 GMT
+ - Fri, 06 Dec 2019 22:13:06 GMT
expires:
- '-1'
pragma:
@@ -21216,16 +34690,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/b872a447-cc6f-43b9-bccf-45703cd81607?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''9677b740-f641-4f3c-b9c5-466005c85278'' could not be found."}}'
+ ''b872a447-cc6f-43b9-bccf-45703cd81607'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -21234,7 +34708,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:40 GMT
+ - Fri, 06 Dec 2019 22:13:08 GMT
expires:
- '-1'
pragma:
@@ -21260,29 +34734,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/b872a447-cc6f-43b9-bccf-45703cd81607?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Advanced data security settings for SQL
- server should contain an email address to receive security alerts","policyType":"BuiltIn","mode":"Indexed","description":"Ensure
- that an email address is provided for the ''Send alerts to'' field in the
- Advanced Data Security server settings. This email address receives alert
- notifications when anomalous activities are detected on SQL servers.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAddresses[*]","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278","type":"Microsoft.Authorization/policyDefinitions","name":"9677b740-f641-4f3c-b9c5-466005c85278"}'
+ string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
+ VMs configurations in ''Security Options - Accounts''","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Windows virtual machines with non-compliant settings in Group Policy
+ category: ''Security Options - Accounts''. For more information on Guest Configuration
+ policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAccounts","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b872a447-cc6f-43b9-bccf-45703cd81607","type":"Microsoft.Authorization/policyDefinitions","name":"b872a447-cc6f-43b9-bccf-45703cd81607"}'
headers:
cache-control:
- no-cache
content-length:
- - '1167'
+ - '2647'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:40 GMT
+ - Fri, 06 Dec 2019 22:13:10 GMT
expires:
- '-1'
pragma:
@@ -21312,16 +34788,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/97646672-5efa-4622-9b54-740270ad60bf?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''97646672-5efa-4622-9b54-740270ad60bf'' could not be found."}}'
+ ''b889a06c-ec72-4b03-910a-cb169ee18721'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -21330,7 +34806,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:41 GMT
+ - Fri, 06 Dec 2019 22:13:11 GMT
expires:
- '-1'
pragma:
@@ -21356,31 +34832,39 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/97646672-5efa-4622-9b54-740270ad60bf?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
- VMs configurations in ''Adminstrative Templates - MSS (Legacy)''","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines with non-compliant settings in Group Policy
- category: ''Adminstrative Templates - MSS (Legacy)''. For more information
- on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdminstrativeTemplatesMSSLegacy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97646672-5efa-4622-9b54-740270ad60bf","type":"Microsoft.Authorization/policyDefinitions","name":"97646672-5efa-4622-9b54-740270ad60bf"}'
+ string: '{"properties":{"displayName":"Deploy Diagnostic Settings for Logic
+ Apps to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Logic Apps to stream to a regional Log Analytics
+ workspace when any Logic Apps which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Logic/workflows/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"WorkflowRuntime","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721","type":"Microsoft.Authorization/policyDefinitions","name":"b889a06c-ec72-4b03-910a-cb169ee18721"}'
headers:
cache-control:
- no-cache
content-length:
- - '2677'
+ - '3706'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:41 GMT
+ - Fri, 06 Dec 2019 22:13:12 GMT
expires:
- '-1'
pragma:
@@ -21410,16 +34894,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/97b595c8-fd10-400e-8543-28e2b9138b13?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''97b595c8-fd10-400e-8543-28e2b9138b13'' could not be found."}}'
+ ''ba12366f-f9a6-42b8-9d98-157d0b1a837b'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -21428,7 +34912,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:41 GMT
+ - Fri, 06 Dec 2019 22:13:14 GMT
expires:
- '-1'
pragma:
@@ -21454,48 +34938,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/97b595c8-fd10-400e-8543-28e2b9138b13?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
- Windows VMs configurations in ''System Audit Policies - Policy Change''","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Windows virtual machines
- with non-compliant settings in Group Policy category: ''System Audit Policies
- - Policy Change''. It also creates a system-assigned managed identity and
- deploys the VM extension for Guest Configuration. This policy should only
- be used along with its corresponding audit policy in an initiative. For more
- information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"AuditAuthenticationPolicyChange":{"type":"String","metadata":{"displayName":"Audit
- Authentication Policy Change","description":"Specifies whether audit events
- are generated when changes are made to authentication policy. This setting
- is useful for tracking changes in domain-level and forest-level trust and
- privileges that are granted to user accounts or groups."},"allowedValues":["No
- Auditing","Success","Failure","Success and Failure"],"defaultValue":"Success"},"AuditAuthorizationPolicyChange":{"type":"String","metadata":{"displayName":"Audit
- Authorization Policy Change","description":"Specifies whether audit events
- are generated for assignment and removal of user rights in user right policies,
- changes in security token object permission, resource attributes changes and
- Central Access Policy changes for file system objects."},"allowedValues":["No
- Auditing","Success","Failure","Success and Failure"],"defaultValue":"No Auditing"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPolicyChange","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''Audit
- Authentication Policy Change;ExpectedValue'', ''='', parameters(''AuditAuthenticationPolicyChange''),
- '','', ''Audit Authorization Policy Change;ExpectedValue'', ''='', parameters(''AuditAuthorizationPolicyChange'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesPolicyChange"},"AuditAuthenticationPolicyChange":{"value":"[parameters(''AuditAuthenticationPolicyChange'')]"},"AuditAuthorizationPolicyChange":{"value":"[parameters(''AuditAuthorizationPolicyChange'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AuditAuthenticationPolicyChange":{"type":"string"},"AuditAuthorizationPolicyChange":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit
- Authentication Policy Change;ExpectedValue","value":"[parameters(''AuditAuthenticationPolicyChange'')]"},{"name":"Audit
- Authorization Policy Change;ExpectedValue","value":"[parameters(''AuditAuthorizationPolicyChange'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/97b595c8-fd10-400e-8543-28e2b9138b13","type":"Microsoft.Authorization/policyDefinitions","name":"97b595c8-fd10-400e-8543-28e2b9138b13"}'
+ string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
+ VMs configurations in ''Security Options - Recovery console''","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Windows virtual machines with non-compliant settings in Group Policy
+ category: ''Security Options - Recovery console''. For more information on
+ Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsRecoveryconsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b","type":"Microsoft.Authorization/policyDefinitions","name":"ba12366f-f9a6-42b8-9d98-157d0b1a837b"}'
headers:
cache-control:
- no-cache
content-length:
- - '6247'
+ - '2670'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:41 GMT
+ - Fri, 06 Dec 2019 22:13:15 GMT
expires:
- '-1'
pragma:
@@ -21525,16 +34992,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/bbcdd8fa-b600-4ee3-85b8-d184e3339652?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''983211ba-f348-4758-983b-21fa29294869'' could not be found."}}'
+ ''bbcdd8fa-b600-4ee3-85b8-d184e3339652'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -21543,7 +35010,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:42 GMT
+ - Fri, 06 Dec 2019 22:13:18 GMT
expires:
- '-1'
pragma:
@@ -21569,27 +35036,67 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/bbcdd8fa-b600-4ee3-85b8-d184e3339652?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Allow resource creation only in United
- States data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
- resource creation in the following locations only: Central US, East US, East
- US2, North Central US, South Central US, West US","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["centralus","eastus","eastus2","northcentralus","southcentralus","westus"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869","type":"Microsoft.Authorization/policyDefinitions","name":"983211ba-f348-4758-983b-21fa29294869"}'
+ string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
+ Windows VMs configurations in ''Security Options - Microsoft Network Client''","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Windows virtual machines
+ with non-compliant settings in Group Policy category: ''Security Options -
+ Microsoft Network Client''. It also creates a system-assigned managed identity
+ and deploys the VM extension for Guest Configuration. This policy should only
+ be used along with its corresponding audit policy in an initiative. For more
+ information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"MicrosoftNetworkClientDigitallySignCommunicationsAlways":{"type":"String","metadata":{"displayName":"Microsoft
+ network client: Digitally sign communications (always)","description":"Specifies
+ whether packet signing is required by the SMB client component."},"defaultValue":"1"},"MicrosoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers":{"type":"String","metadata":{"displayName":"Microsoft
+ network client: Send unencrypted password to third-party SMB servers","description":"Specifies
+ whether the SMB redirector will send plaintext passwords during authentication
+ to third-party SMB servers that do not support password encryption. It is
+ recommended that you disable this policy setting unless there is a strong
+ business case to enable it."},"defaultValue":"0"},"MicrosoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession":{"type":"String","metadata":{"displayName":"Microsoft
+ network server: Amount of idle time required before suspending session","description":"Specifies
+ the amount of continuous idle time that must pass in an SMB session before
+ the session is suspended because of inactivity. The format of the value is
+ two integers separated by a comma, denoting an inclusive range."},"defaultValue":"1,15"},"MicrosoftNetworkServerDigitallySignCommunicationsAlways":{"type":"String","metadata":{"displayName":"Microsoft
+ network server: Digitally sign communications (always)","description":"Specifies
+ whether packet signing is required by the SMB server component."},"defaultValue":"1"},"MicrosoftNetworkServerDisconnectClientsWhenLogonHoursExpire":{"type":"String","metadata":{"displayName":"Microsoft
+ network server: Disconnect clients when logon hours expire","description":"Specifies
+ whether to disconnect users who are connected to the local computer outside
+ their user account''s valid logon hours. This setting affects the Server Message
+ Block (SMB) component. If you enable this policy setting you should also enable
+ ''Network security: Force logoff when logon hours expire''"},"defaultValue":"1"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkClient","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''Microsoft
+ network client: Digitally sign communications (always);ExpectedValue'', ''='',
+ parameters(''MicrosoftNetworkClientDigitallySignCommunicationsAlways''), '','',
+ ''Microsoft network client: Send unencrypted password to third-party SMB servers;ExpectedValue'',
+ ''='', parameters(''MicrosoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers''),
+ '','', ''Microsoft network server: Amount of idle time required before suspending
+ session;ExpectedValue'', ''='', parameters(''MicrosoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession''),
+ '','', ''Microsoft network server: Digitally sign communications (always);ExpectedValue'',
+ ''='', parameters(''MicrosoftNetworkServerDigitallySignCommunicationsAlways''),
+ '','', ''Microsoft network server: Disconnect clients when logon hours expire;ExpectedValue'',
+ ''='', parameters(''MicrosoftNetworkServerDisconnectClientsWhenLogonHoursExpire'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsMicrosoftNetworkClient"},"MicrosoftNetworkClientDigitallySignCommunicationsAlways":{"value":"[parameters(''MicrosoftNetworkClientDigitallySignCommunicationsAlways'')]"},"MicrosoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers":{"value":"[parameters(''MicrosoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers'')]"},"MicrosoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession":{"value":"[parameters(''MicrosoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession'')]"},"MicrosoftNetworkServerDigitallySignCommunicationsAlways":{"value":"[parameters(''MicrosoftNetworkServerDigitallySignCommunicationsAlways'')]"},"MicrosoftNetworkServerDisconnectClientsWhenLogonHoursExpire":{"value":"[parameters(''MicrosoftNetworkServerDisconnectClientsWhenLogonHoursExpire'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"MicrosoftNetworkClientDigitallySignCommunicationsAlways":{"type":"string"},"MicrosoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers":{"type":"string"},"MicrosoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession":{"type":"string"},"MicrosoftNetworkServerDigitallySignCommunicationsAlways":{"type":"string"},"MicrosoftNetworkServerDisconnectClientsWhenLogonHoursExpire":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Microsoft
+ network client: Digitally sign communications (always);ExpectedValue","value":"[parameters(''MicrosoftNetworkClientDigitallySignCommunicationsAlways'')]"},{"name":"Microsoft
+ network client: Send unencrypted password to third-party SMB servers;ExpectedValue","value":"[parameters(''MicrosoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers'')]"},{"name":"Microsoft
+ network server: Amount of idle time required before suspending session;ExpectedValue","value":"[parameters(''MicrosoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession'')]"},{"name":"Microsoft
+ network server: Digitally sign communications (always);ExpectedValue","value":"[parameters(''MicrosoftNetworkServerDigitallySignCommunicationsAlways'')]"},{"name":"Microsoft
+ network server: Disconnect clients when logon hours expire;ExpectedValue","value":"[parameters(''MicrosoftNetworkServerDisconnectClientsWhenLogonHoursExpire'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bbcdd8fa-b600-4ee3-85b8-d184e3339652","type":"Microsoft.Authorization/policyDefinitions","name":"bbcdd8fa-b600-4ee3-85b8-d184e3339652"}'
headers:
cache-control:
- no-cache
content-length:
- - '697'
+ - '9604'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:18:42 GMT
+ - Fri, 06 Dec 2019 22:13:19 GMT
expires:
- '-1'
pragma:
@@ -21619,16 +35126,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/985285b7-b97a-419c-8d48-c88cc934c8d8?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''985285b7-b97a-419c-8d48-c88cc934c8d8'' could not be found."}}'
+ ''bc0378bb-d7ab-4614-a0f6-5a6e3f02d644'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -21637,7 +35144,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:23 GMT
+ - Fri, 06 Dec 2019 22:13:20 GMT
expires:
- '-1'
pragma:
@@ -21663,50 +35170,29 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/985285b7-b97a-419c-8d48-c88cc934c8d8?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
- Windows VMs configurations in ''Administrative Templates - Network''","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Windows virtual machines
- with non-compliant settings in Group Policy category: ''Administrative Templates
- - Network''. It also creates a system-assigned managed identity and deploys
- the VM extension for Guest Configuration. This policy should only be used
- along with its corresponding audit policy in an initiative. For more information
- on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"EnableInsecureGuestLogons":{"type":"String","metadata":{"displayName":"Enable
- insecure guest logons","description":"Specifies whether the SMB client will
- allow insecure guest logons to an SMB server."},"defaultValue":"0"},"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain":{"type":"String","metadata":{"displayName":"Allow
- simultaneous connections to the Internet or a Windows Domain","description":"Specify
- whether to prevent computers from connecting to both a domain based network
- and a non-domain based network at the same time. A value of 0 allows simultaneous
- connections, and a value of 1 blocks them."},"defaultValue":"1"},"TurnOffMulticastNameResolution":{"type":"String","metadata":{"displayName":"Turn
- off multicast name resolution","description":"Specifies whether LLMNR, a secondary
- name resolution protocol that transmits using multicast over a local subnet
- link on a single subnet, is enabled."},"defaultValue":"1"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesNetwork","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''Enable
- insecure guest logons;ExpectedValue'', ''='', parameters(''EnableInsecureGuestLogons''),
- '','', ''Minimize the number of simultaneous connections to the Internet or
- a Windows Domain;ExpectedValue'', ''='', parameters(''AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain''),
- '','', ''Turn off multicast name resolution;ExpectedValue'', ''='', parameters(''TurnOffMulticastNameResolution'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_AdministrativeTemplatesNetwork"},"EnableInsecureGuestLogons":{"value":"[parameters(''EnableInsecureGuestLogons'')]"},"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain":{"value":"[parameters(''AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain'')]"},"TurnOffMulticastNameResolution":{"value":"[parameters(''TurnOffMulticastNameResolution'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"EnableInsecureGuestLogons":{"type":"string"},"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain":{"type":"string"},"TurnOffMulticastNameResolution":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Enable
- insecure guest logons;ExpectedValue","value":"[parameters(''EnableInsecureGuestLogons'')]"},{"name":"Minimize
- the number of simultaneous connections to the Internet or a Windows Domain;ExpectedValue","value":"[parameters(''AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain'')]"},{"name":"Turn
- off multicast name resolution;ExpectedValue","value":"[parameters(''TurnOffMulticastNameResolution'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/985285b7-b97a-419c-8d48-c88cc934c8d8","type":"Microsoft.Authorization/policyDefinitions","name":"985285b7-b97a-419c-8d48-c88cc934c8d8"}'
+ string: '{"properties":{"displayName":"[Deprecated]: Audit API Applications
+ that are not using latest supported Python Framework","policyType":"BuiltIn","mode":"All","description":"Use
+ the latest supported Python version for the latest security classes. Using
+ older classes and types can make your application vulnerable.","metadata":{"category":"Security
+ Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPython","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644","type":"Microsoft.Authorization/policyDefinitions","name":"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644"}'
headers:
cache-control:
- no-cache
content-length:
- - '6798'
+ - '1207'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:23 GMT
+ - Fri, 06 Dec 2019 22:13:21 GMT
expires:
- '-1'
pragma:
@@ -21736,16 +35222,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/9a7c7a7d-49e5-4213-bea8-6a502b6272e0?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/bc87d811-4a9b-47cc-ae54-0a41abda7768?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''9a7c7a7d-49e5-4213-bea8-6a502b6272e0'' could not be found."}}'
+ ''bc87d811-4a9b-47cc-ae54-0a41abda7768'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -21754,7 +35240,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:23 GMT
+ - Fri, 06 Dec 2019 22:13:23 GMT
expires:
- '-1'
pragma:
@@ -21780,40 +35266,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/9a7c7a7d-49e5-4213-bea8-6a502b6272e0?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/bc87d811-4a9b-47cc-ae54-0a41abda7768?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Deploy Diagnostic Settings for Azure
- SQL Database to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
- the diagnostic settings for Azure SQL Database to stream to a regional Event
- Hub on any Azure SQL Database which is missing this diagnostic settings is
- created or updated.","metadata":{"category":"SQL"},"parameters":{"profileName":{"type":"String","metadata":{"displayName":"Profile
- name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
- Hub Authorization Rule Id","description":"The Event Hub authorization rule
- Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
- namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
- group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
- rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
- metrics","description":"Whether to enable metrics stream to the Event Hub
- - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
- logs","description":"Whether to enable logs stream to the Event Hub - True
- or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"fullName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"resources":[{"type":"Microsoft.Sql/servers/databases/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''fullName''),
- ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"QueryStoreRuntimeStatistics","enabled":"[parameters(''logsEnabled'')]"},{"category":"QueryStoreWaitStatistics","enabled":"[parameters(''logsEnabled'')]"},{"category":"Errors","enabled":"[parameters(''logsEnabled'')]"},{"category":"DatabaseWaitStatistics","enabled":"[parameters(''logsEnabled'')]"},{"category":"Blocks","enabled":"[parameters(''logsEnabled'')]"},{"category":"SQLInsights","enabled":"[parameters(''logsEnabled'')]"},{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"SQLSecurityAuditEvents","enabled":"[parameters(''logsEnabled'')]"},{"category":"Timeouts","enabled":"[parameters(''logsEnabled'')]"},{"category":"AutomaticTuning","enabled":"[parameters(''logsEnabled'')]"},{"category":"Deadlocks","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- diagnostic settings for '', parameters(''fullName''))]"}}},"parameters":{"location":{"value":"[field(''location'')]"},"fullName":{"value":"[field(''fullName'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9a7c7a7d-49e5-4213-bea8-6a502b6272e0","type":"Microsoft.Authorization/policyDefinitions","name":"9a7c7a7d-49e5-4213-bea8-6a502b6272e0"}'
+ string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
+ VMs configurations in ''System Audit Policies - Account Logon''","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Windows virtual machines with non-compliant settings in Group Policy
+ category: ''System Audit Policies - Account Logon''. For more information
+ on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesAccountLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc87d811-4a9b-47cc-ae54-0a41abda7768","type":"Microsoft.Authorization/policyDefinitions","name":"bc87d811-4a9b-47cc-ae54-0a41abda7768"}'
headers:
cache-control:
- no-cache
content-length:
- - '4307'
+ - '2675'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:23 GMT
+ - Fri, 06 Dec 2019 22:13:24 GMT
expires:
- '-1'
pragma:
@@ -21843,16 +35320,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''9b597639-28e4-48eb-b506-56b05d366257'' could not be found."}}'
+ ''bd352bd5-2853-4985-bf0d-73806b4a5744'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -21861,7 +35338,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:24 GMT
+ - Fri, 06 Dec 2019 22:13:26 GMT
expires:
- '-1'
pragma:
@@ -21887,28 +35364,30 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Microsoft IaaSAntimalware extension should
- be deployed on Windows servers","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy audits any Windows server VM without Microsoft IaaSAntimalware extension
- deployed.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk"]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257","type":"Microsoft.Authorization/policyDefinitions","name":"9b597639-28e4-48eb-b506-56b05d366257"}'
+ string: '{"properties":{"displayName":"[Preview]: IP Forwarding on your virtual
+ machine should be disabled","policyType":"BuiltIn","mode":"All","description":"Enabling
+ IP forwarding on a virtual machine''s NIC allows the machine to receive traffic
+ addressed to other destinations. IP forwarding is rarely required (e.g., when
+ using the VM as a network virtual appliance), and therefore, this should be
+ reviewed by the network security team.","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"disableIPForwarding","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["Monitored","OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744","type":"Microsoft.Authorization/policyDefinitions","name":"bd352bd5-2853-4985-bf0d-73806b4a5744"}'
headers:
cache-control:
- no-cache
content-length:
- - '1908'
+ - '1287'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:24 GMT
+ - Fri, 06 Dec 2019 22:13:27 GMT
expires:
- '-1'
pragma:
@@ -21938,16 +35417,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''9bfe3727-0a17-471f-a2fe-eddd6b668745'' could not be found."}}'
+ ''bda18df3-5e41-4709-add9-2554ce68c966'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -21956,7 +35435,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:24 GMT
+ - Fri, 06 Dec 2019 22:13:28 GMT
expires:
- '-1'
pragma:
@@ -21982,29 +35461,29 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Deprecated]: Audit API Applications
- that are not using latest supported Java Framework","policyType":"BuiltIn","mode":"All","description":"Use
- the latest supported Java version for the latest security classes. Using older
- classes and types can make your application vulnerable.","metadata":{"category":"Security
- Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745","type":"Microsoft.Authorization/policyDefinitions","name":"9bfe3727-0a17-471f-a2fe-eddd6b668745"}'
+ string: '{"properties":{"displayName":"Advanced Threat Protection types should
+ be set to ''All'' in SQL managed instance Advanced Data Security settings","policyType":"BuiltIn","mode":"Indexed","description":"It
+ is recommended to enable all Advanced Threat Protection types on your SQL
+ servers. Enabling all types protects against SQL injection, database vulnerabilities,
+ and any other anomalous activities.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/disabledAlerts[*]","equals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","type":"Microsoft.Authorization/policyDefinitions","name":"bda18df3-5e41-4709-add9-2554ce68c966"}'
headers:
cache-control:
- no-cache
content-length:
- - '1201'
+ - '1174'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:24 GMT
+ - Fri, 06 Dec 2019 22:13:30 GMT
expires:
- '-1'
pragma:
@@ -22034,16 +35513,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''9daedab3-fb2d-461e-b861-71790eead4f6'' could not be found."}}'
+ ''bde62c94-ccca-4821-a815-92c1d31a76de'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -22052,7 +35531,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:25 GMT
+ - Fri, 06 Dec 2019 22:13:32 GMT
expires:
- '-1'
pragma:
@@ -22078,30 +35557,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Access through Internet facing endpoint
- should be restricted","policyType":"BuiltIn","mode":"All","description":"Azure
- Security center has identified some of your Network Security Groups'' inbound
- rules to be too permissive. Inbound rules should not allow access from ''Any''
- or ''Internet'' ranges. This can potentially enable attackers to easily target
- your resources.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedNetworkEndpoint","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","type":"Microsoft.Authorization/policyDefinitions","name":"9daedab3-fb2d-461e-b861-71790eead4f6"}'
+ string: '{"properties":{"displayName":"Show audit results from Windows VMs in
+ which the Administrators group contains any of the specified members","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Windows virtual machines in which the Administrators group contains
+ any of the specified members. For more information on Guest Configuration
+ policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AdministratorsGroupMembersToExclude","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de","type":"Microsoft.Authorization/policyDefinitions","name":"bde62c94-ccca-4821-a815-92c1d31a76de"}'
headers:
cache-control:
- no-cache
content-length:
- - '1232'
+ - '2796'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:25 GMT
+ - Fri, 06 Dec 2019 22:13:33 GMT
expires:
- '-1'
pragma:
@@ -22131,16 +35611,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/9ea02ca2-71db-412d-8b00-7c7ca9fcd32d?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''9ea02ca2-71db-412d-8b00-7c7ca9fcd32d'' could not be found."}}'
+ ''be0a7681-bed4-48dc-9ff3-f0171ee170b6'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -22149,7 +35629,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:25 GMT
+ - Fri, 06 Dec 2019 22:13:35 GMT
expires:
- '-1'
pragma:
@@ -22175,31 +35655,29 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/9ea02ca2-71db-412d-8b00-7c7ca9fcd32d?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Append tag and its value from the resource
- group","policyType":"BuiltIn","mode":"Indexed","description":"Appends the
- specified tag with its value from the resource group when any resource which
- is missing this tag is created or updated. Does not modify the tags of resources
- created before this policy was applied until those resources are changed.","metadata":{"category":"General"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
- Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"allOf":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","exists":"false"},{"value":"[resourceGroup().tags[parameters(''tagName'')]]","notEquals":""}]},"then":{"effect":"append","details":[{"field":"[concat(''tags['',
- parameters(''tagName''), '']'')]","value":"[resourceGroup().tags[parameters(''tagName'')]]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9ea02ca2-71db-412d-8b00-7c7ca9fcd32d","type":"Microsoft.Authorization/policyDefinitions","name":"9ea02ca2-71db-412d-8b00-7c7ca9fcd32d"}'
+ string: '{"properties":{"displayName":"[Deprecated]: Audit Web Applications
+ that are not using latest supported Java Framework","policyType":"BuiltIn","mode":"All","description":"Use
+ the latest supported Java version for the latest security classes. Using older
+ classes and types can make your application vulnerable.","metadata":{"category":"Security
+ Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6","type":"Microsoft.Authorization/policyDefinitions","name":"be0a7681-bed4-48dc-9ff3-f0171ee170b6"}'
headers:
cache-control:
- no-cache
content-length:
- - '1078'
+ - '1287'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:25 GMT
+ - Fri, 06 Dec 2019 22:13:36 GMT
expires:
- '-1'
pragma:
@@ -22229,16 +35707,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/9f658460-46b7-43af-8565-94fc0662be38?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''9f658460-46b7-43af-8565-94fc0662be38'' could not be found."}}'
+ ''bef3f64c-5290-43b7-85b0-9b254eef4c47'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -22247,7 +35725,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:25 GMT
+ - Fri, 06 Dec 2019 22:13:37 GMT
expires:
- '-1'
pragma:
@@ -22273,30 +35751,39 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/9f658460-46b7-43af-8565-94fc0662be38?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Show audit results from Windows VMs that
- are not set to the specified time zone","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines that are not set to the specified time zone.
- For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsTimeZone","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9f658460-46b7-43af-8565-94fc0662be38","type":"Microsoft.Authorization/policyDefinitions","name":"9f658460-46b7-43af-8565-94fc0662be38"}'
+ string: '{"properties":{"displayName":"Deploy Diagnostic Settings for Key Vault
+ to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Key Vault to stream to a regional Log Analytics
+ workspace when any Key Vault which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.KeyVault/vaults/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"AuditEvent","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47","type":"Microsoft.Authorization/policyDefinitions","name":"bef3f64c-5290-43b7-85b0-9b254eef4c47"}'
headers:
cache-control:
- no-cache
content-length:
- - '2720'
+ - '3698'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:26 GMT
+ - Fri, 06 Dec 2019 22:13:38 GMT
expires:
- '-1'
pragma:
@@ -22326,16 +35813,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a030a57e-4639-4e8f-ade9-a92f33afe7ee?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/bf045164-79ba-4215-8f95-f8048dc1780b?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''a030a57e-4639-4e8f-ade9-a92f33afe7ee'' could not be found."}}'
+ ''bf045164-79ba-4215-8f95-f8048dc1780b'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -22344,7 +35831,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:26 GMT
+ - Fri, 06 Dec 2019 22:13:40 GMT
expires:
- '-1'
pragma:
@@ -22370,31 +35857,27 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/a030a57e-4639-4e8f-ade9-a92f33afe7ee?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/bf045164-79ba-4215-8f95-f8048dc1780b?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
- VMs on which the Log Analytics agent is not connected as expected","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines on which the Log Analytics agent is not
- connected to the specified workspaces. For more information on Guest Configuration
- policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsLogAnalyticsAgentConnection","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a030a57e-4639-4e8f-ade9-a92f33afe7ee","type":"Microsoft.Authorization/policyDefinitions","name":"a030a57e-4639-4e8f-ade9-a92f33afe7ee"}'
+ string: '{"properties":{"displayName":"Geo-redundant storage should be enabled
+ for Storage Accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Storage Account with geo-redundant storage not enabled.","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":["Standard_GRS","Standard_RAGRS","Standard_GZRS","Standard_RAGZRS"]}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bf045164-79ba-4215-8f95-f8048dc1780b","type":"Microsoft.Authorization/policyDefinitions","name":"bf045164-79ba-4215-8f95-f8048dc1780b"}'
headers:
cache-control:
- no-cache
content-length:
- - '2802'
+ - '929'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:26 GMT
+ - Fri, 06 Dec 2019 22:13:41 GMT
expires:
- '-1'
pragma:
@@ -22424,16 +35907,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c04255ee-1b9f-42c1-abaa-bf1553f79930?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''a08ec900-254a-4555-9bf5-e42af04b5c5c'' could not be found."}}'
+ ''c04255ee-1b9f-42c1-abaa-bf1553f79930'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -22442,7 +35925,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:27 GMT
+ - Fri, 06 Dec 2019 22:13:43 GMT
expires:
- '-1'
pragma:
@@ -22468,30 +35951,39 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/c04255ee-1b9f-42c1-abaa-bf1553f79930?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Allowed resource types","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy enables you to specify the resource types that your organization can
- deploy. Only resource types that support ''tags'' and ''location'' will be
- affected by this policy. To restrict all resources please duplicate this policy
- and change the ''mode'' to ''All''.","metadata":{"category":"General"},"parameters":{"listOfResourceTypesAllowed":{"type":"Array","metadata":{"description":"The
- list of resource types that can be deployed.","displayName":"Allowed resource
- types","strongType":"resourceTypes"}}},"policyRule":{"if":{"not":{"field":"type","in":"[parameters(''listOfResourceTypesAllowed'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c","type":"Microsoft.Authorization/policyDefinitions","name":"a08ec900-254a-4555-9bf5-e42af04b5c5c"}'
+ string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
+ Windows VMs configurations in ''System Audit Policies - Logon-Logoff''","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Windows virtual machines
+ with non-compliant settings in Group Policy category: ''System Audit Policies
+ - Logon-Logoff''. It also creates a system-assigned managed identity and deploys
+ the VM extension for Guest Configuration. This policy should only be used
+ along with its corresponding audit policy in an initiative. For more information
+ on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"AuditGroupMembership":{"type":"String","metadata":{"displayName":"Audit
+ Group Membership","description":"Specifies whether audit events are generated
+ when group memberships are enumerated on the client computer."},"allowedValues":["No
+ Auditing","Success","Failure","Success and Failure"],"defaultValue":"Success"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesLogonLogoff","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''Audit
+ Group Membership;ExpectedValue'', ''='', parameters(''AuditGroupMembership'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesLogonLogoff"},"AuditGroupMembership":{"value":"[parameters(''AuditGroupMembership'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AuditGroupMembership":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit
+ Group Membership;ExpectedValue","value":"[parameters(''AuditGroupMembership'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c04255ee-1b9f-42c1-abaa-bf1553f79930","type":"Microsoft.Authorization/policyDefinitions","name":"c04255ee-1b9f-42c1-abaa-bf1553f79930"}'
headers:
cache-control:
- no-cache
content-length:
- - '930'
+ - '5170'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:28 GMT
+ - Fri, 06 Dec 2019 22:13:44 GMT
expires:
- '-1'
pragma:
@@ -22521,16 +36013,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a1181c5f-672a-477a-979a-7d58aa086233?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''a1181c5f-672a-477a-979a-7d58aa086233'' could not be found."}}'
+ ''c0e996f8-39cf-4af9-9f45-83fbde810432'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -22539,7 +36031,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:27 GMT
+ - Fri, 06 Dec 2019 22:13:46 GMT
expires:
- '-1'
pragma:
@@ -22565,29 +36057,29 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/a1181c5f-672a-477a-979a-7d58aa086233?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Security Center standard pricing tier
- should be selected","policyType":"BuiltIn","mode":"All","description":"The
- standard pricing tier enables threat detection for networks and virtual machines,
- providing threat intelligence, anomaly detection, and behavior analytics in
- Azure Security Center","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Security/pricings"},{"field":"Microsoft.Security/pricings/pricingTier","exists":"true"},{"field":"Microsoft.Security/pricings/pricingTier","notEquals":"Standard"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1181c5f-672a-477a-979a-7d58aa086233","type":"Microsoft.Authorization/policyDefinitions","name":"a1181c5f-672a-477a-979a-7d58aa086233"}'
+ string: '{"properties":{"displayName":"Only approved VM extensions should be
+ installed","policyType":"BuiltIn","mode":"Indexed","description":"This policy
+ governs the virtual machine extensions that are not approved.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"approvedExtensions":{"type":"Array","metadata":{"description":"The
+ list of approved extension types that can be installed. Example: AzureDiskEncryption","displayName":"Approved
+ extensions"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines/extensions"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","notIn":"[parameters(''approvedExtensions'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432","type":"Microsoft.Authorization/policyDefinitions","name":"c0e996f8-39cf-4af9-9f45-83fbde810432"}'
headers:
cache-control:
- no-cache
content-length:
- - '1035'
+ - '1124'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:27 GMT
+ - Fri, 06 Dec 2019 22:13:47 GMT
expires:
- '-1'
pragma:
@@ -22617,16 +36109,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c15c281f-ea5c-44cd-90b8-fc3c14d13f0c?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''a1817ec0-a368-432a-8057-8371e17ac6ee'' could not be found."}}'
+ ''c15c281f-ea5c-44cd-90b8-fc3c14d13f0c'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -22635,7 +36127,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:28 GMT
+ - Fri, 06 Dec 2019 22:13:49 GMT
expires:
- '-1'
pragma:
@@ -22661,31 +36153,38 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/c15c281f-ea5c-44cd-90b8-fc3c14d13f0c?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"All authorization rules except RootManageSharedAccessKey
- should be removed from Service Bus namespace","policyType":"BuiltIn","mode":"All","description":"Service
- Bus clients should not use a namespace level access policy that provides access
- to all queues and topics in a namespace. To align with the least privilege
- security model, you shoud create access policies at the entity level for queues
- and topics to provide access to only the specific entity","metadata":{"category":"Service
- Bus"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceBus/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","type":"Microsoft.Authorization/policyDefinitions","name":"a1817ec0-a368-432a-8057-8371e17ac6ee"}'
+ string: '{"properties":{"displayName":"Deploy associations for a custom provider","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ an association resource that associates selected resource types to the specified
+ custom provider. This policy deployment does not support nested resource types.","metadata":{"category":"Custom
+ Provider"},"parameters":{"targetCustomProviderId":{"type":"String","metadata":{"displayName":"Custom
+ provider Id","description":"Resource ID of the Custom provider to which resources
+ need to be associated."}},"resourceTypesToAssociate":{"type":"Array","metadata":{"displayName":"Resource
+ types to associate","description":"The list of resource types to be associated
+ to the custom provider.","strongType":"resourceTypes"}},"associationNamePrefix":{"type":"String","metadata":{"displayName":"Association
+ name prefix","description":"Prefix to be added to the name of the association
+ resource being created."},"defaultValue":"DeployedByPolicy"}},"policyRule":{"if":{"field":"type","in":"[parameters(''resourceTypesToAssociate'')]"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.CustomProviders/Associations","name":"[concat(parameters(''associationNamePrefix''),
+ ''-'', uniqueString(parameters(''targetCustomProviderId'')))]","roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"associatedResourceName":{"type":"string"},"resourceTypesToAssociate":{"type":"string"},"targetCustomProviderId":{"type":"string"},"associationNamePrefix":{"type":"string"}},"variables":{"resourceType":"[concat(parameters(''resourceTypesToAssociate''),
+ ''/providers/associations'')]","resourceName":"[concat(parameters(''associatedResourceName''),
+ ''/microsoft.customproviders/'', parameters(''associationNamePrefix''), ''-'',
+ uniqueString(parameters(''targetCustomProviderId'')))]"},"resources":[{"type":"Microsoft.Resources/deployments","apiVersion":"2017-05-10","name":"[concat(deployment().Name,
+ ''-2'')]","properties":{"mode":"Incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[{"type":"[variables(''resourceType'')]","name":"[variables(''resourceName'')]","apiVersion":"2018-09-01-preview","properties":{"targetResourceId":"[parameters(''targetCustomProviderId'')]"}}]}}}]},"parameters":{"resourceTypesToAssociate":{"value":"[field(''type'')]"},"associatedResourceName":{"value":"[field(''name'')]"},"targetCustomProviderId":{"value":"[parameters(''targetCustomProviderId'')]"},"associationNamePrefix":{"value":"[parameters(''associationNamePrefix'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c15c281f-ea5c-44cd-90b8-fc3c14d13f0c","type":"Microsoft.Authorization/policyDefinitions","name":"c15c281f-ea5c-44cd-90b8-fc3c14d13f0c"}'
headers:
cache-control:
- no-cache
content-length:
- - '1168'
+ - '3007'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:28 GMT
+ - Fri, 06 Dec 2019 22:13:50 GMT
expires:
- '-1'
pragma:
@@ -22715,16 +36214,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a1e8dda3-9fd2-4835-aec3-0e55531fde33?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''a1e8dda3-9fd2-4835-aec3-0e55531fde33'' could not be found."}}'
+ ''c1b9cbed-08e3-427d-b9ce-7c535b1e9b94'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -22733,7 +36232,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:29 GMT
+ - Fri, 06 Dec 2019 22:13:52 GMT
expires:
- '-1'
pragma:
@@ -22759,31 +36258,27 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/a1e8dda3-9fd2-4835-aec3-0e55531fde33?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
- VMs configurations in ''Administrative Templates - System''","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines with non-compliant settings in Group Policy
- category: ''Administrative Templates - System''. For more information on Guest
- Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesSystem","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1e8dda3-9fd2-4835-aec3-0e55531fde33","type":"Microsoft.Authorization/policyDefinitions","name":"a1e8dda3-9fd2-4835-aec3-0e55531fde33"}'
+ string: '{"properties":{"displayName":"[Deprecated]: Allow resource creation
+ only in Asia data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ resource creation in the following locations only: East Asia, Southeast Asia,
+ West India, South India, Central India, Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["eastasia","southeastasia","westindia","southindia","centralindia","japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94","type":"Microsoft.Authorization/policyDefinitions","name":"c1b9cbed-08e3-427d-b9ce-7c535b1e9b94"}'
headers:
cache-control:
- no-cache
content-length:
- - '2665'
+ - '734'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:29 GMT
+ - Fri, 06 Dec 2019 22:13:53 GMT
expires:
- '-1'
pragma:
@@ -22813,16 +36308,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a29ee95c-0395-4515-9851-cc04ffe82a91?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c1e289c0-ffad-475d-a924-adc058765d65?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''a29ee95c-0395-4515-9851-cc04ffe82a91'' could not be found."}}'
+ ''c1e289c0-ffad-475d-a924-adc058765d65'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -22831,7 +36326,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:29 GMT
+ - Fri, 06 Dec 2019 22:13:55 GMT
expires:
- '-1'
pragma:
@@ -22857,30 +36352,42 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/a29ee95c-0395-4515-9851-cc04ffe82a91?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/c1e289c0-ffad-475d-a924-adc058765d65?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Show audit results from Windows VMs that
- are not joined to the specified domain","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines that are not joined to the specified domain.
- For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDomainMembership","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a29ee95c-0395-4515-9851-cc04ffe82a91","type":"Microsoft.Authorization/policyDefinitions","name":"a29ee95c-0395-4515-9851-cc04ffe82a91"}'
+ string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
+ Windows VMs configurations in ''System Audit Policies - Account Logon''","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Windows virtual machines
+ with non-compliant settings in Group Policy category: ''System Audit Policies
+ - Account Logon''. It also creates a system-assigned managed identity and
+ deploys the VM extension for Guest Configuration. This policy should only
+ be used along with its corresponding audit policy in an initiative. For more
+ information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"AuditCredentialValidation":{"type":"String","metadata":{"displayName":"Audit
+ Credential Validation","description":"Specifies whether audit events are generated
+ when credentials are submitted for a user account logon request. This setting
+ is especially useful for monitoring unsuccessful attempts, to find brute-force
+ attacks, account enumeration, and potential account compromise events on domain
+ controllers."},"allowedValues":["No Auditing","Success","Failure","Success
+ and Failure"],"defaultValue":"Success and Failure"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesAccountLogon","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''Audit
+ Credential Validation;ExpectedValue'', ''='', parameters(''AuditCredentialValidation'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesAccountLogon"},"AuditCredentialValidation":{"value":"[parameters(''AuditCredentialValidation'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AuditCredentialValidation":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit
+ Credential Validation;ExpectedValue","value":"[parameters(''AuditCredentialValidation'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1e289c0-ffad-475d-a924-adc058765d65","type":"Microsoft.Authorization/policyDefinitions","name":"c1e289c0-ffad-475d-a924-adc058765d65"}'
headers:
cache-control:
- no-cache
content-length:
- - '2728'
+ - '5420'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:30 GMT
+ - Fri, 06 Dec 2019 22:13:56 GMT
expires:
- '-1'
pragma:
@@ -22910,16 +36417,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c21f7060-c148-41cf-a68b-0ab3e14c764c?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''a451c1ef-c6ca-483d-87ed-f49761e3ffb5'' could not be found."}}'
+ ''c21f7060-c148-41cf-a68b-0ab3e14c764c'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -22928,7 +36435,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:30 GMT
+ - Fri, 06 Dec 2019 22:13:58 GMT
expires:
- '-1'
pragma:
@@ -22954,28 +36461,91 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/c21f7060-c148-41cf-a68b-0ab3e14c764c?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Audit usage of custom RBAC rules","policyType":"BuiltIn","mode":"All","description":"Audit
- built-in roles such as ''Owner, Contributer, Reader'' instead of custom RBAC
- roles, which are error prone. Using custom roles is treated as an exception
- and requires a rigorous review and threat modeling","metadata":{"category":"General"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Authorization/roleDefinitions"},{"field":"Microsoft.Authorization/roleDefinitions/type","equals":"CustomRole"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","type":"Microsoft.Authorization/policyDefinitions","name":"a451c1ef-c6ca-483d-87ed-f49761e3ffb5"}'
+ string: '{"properties":{"displayName":"Deploy prerequisites to audit Windows
+ VMs that are not set to the specified time zone","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Windows virtual machines
+ that are not set to the specified time zone. It also creates a system-assigned
+ managed identity and deploys the VM extension for Guest Configuration. This
+ policy should only be used along with its corresponding audit policy in an
+ initiative. For more information on Guest Configuration policies, please visit
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"TimeZone":{"type":"String","metadata":{"displayName":"Time
+ zone","description":"The expected time zone"},"allowedValues":["(UTC-12:00)
+ International Date Line West","(UTC-11:00) Coordinated Universal Time-11","(UTC-10:00)
+ Aleutian Islands","(UTC-10:00) Hawaii","(UTC-09:30) Marquesas Islands","(UTC-09:00)
+ Alaska","(UTC-09:00) Coordinated Universal Time-09","(UTC-08:00) Baja California","(UTC-08:00)
+ Coordinated Universal Time-08","(UTC-08:00) Pacific Time (US & Canada)","(UTC-07:00)
+ Arizona","(UTC-07:00) Chihuahua, La Paz, Mazatlan","(UTC-07:00) Mountain Time
+ (US & Canada)","(UTC-06:00) Central America","(UTC-06:00) Central Time (US
+ & Canada)","(UTC-06:00) Easter Island","(UTC-06:00) Guadalajara, Mexico City,
+ Monterrey","(UTC-06:00) Saskatchewan","(UTC-05:00) Bogota, Lima, Quito, Rio
+ Branco","(UTC-05:00) Chetumal","(UTC-05:00) Eastern Time (US & Canada)","(UTC-05:00)
+ Haiti","(UTC-05:00) Havana","(UTC-05:00) Indiana (East)","(UTC-05:00) Turks
+ and Caicos","(UTC-04:00) Asuncion","(UTC-04:00) Atlantic Time (Canada)","(UTC-04:00)
+ Caracas","(UTC-04:00) Cuiaba","(UTC-04:00) Georgetown, La Paz, Manaus, San
+ Juan","(UTC-04:00) Santiago","(UTC-03:30) Newfoundland","(UTC-03:00) Araguaina","(UTC-03:00)
+ Brasilia","(UTC-03:00) Cayenne, Fortaleza","(UTC-03:00) City of Buenos Aires","(UTC-03:00)
+ Greenland","(UTC-03:00) Montevideo","(UTC-03:00) Punta Arenas","(UTC-03:00)
+ Saint Pierre and Miquelon","(UTC-03:00) Salvador","(UTC-02:00) Coordinated
+ Universal Time-02","(UTC-02:00) Mid-Atlantic - Old","(UTC-01:00) Azores","(UTC-01:00)
+ Cabo Verde Is.","(UTC) Coordinated Universal Time","(UTC+00:00) Dublin, Edinburgh,
+ Lisbon, London","(UTC+00:00) Monrovia, Reykjavik","(UTC+00:00) Sao Tome","(UTC+01:00)
+ Casablanca","(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna","(UTC+01:00)
+ Belgrade, Bratislava, Budapest, Ljubljana, Prague","(UTC+01:00) Brussels,
+ Copenhagen, Madrid, Paris","(UTC+01:00) Sarajevo, Skopje, Warsaw, Zagreb","(UTC+01:00)
+ West Central Africa","(UTC+02:00) Amman","(UTC+02:00) Athens, Bucharest","(UTC+02:00)
+ Beirut","(UTC+02:00) Cairo","(UTC+02:00) Chisinau","(UTC+02:00) Damascus","(UTC+02:00)
+ Gaza, Hebron","(UTC+02:00) Harare, Pretoria","(UTC+02:00) Helsinki, Kyiv,
+ Riga, Sofia, Tallinn, Vilnius","(UTC+02:00) Jerusalem","(UTC+02:00) Kaliningrad","(UTC+02:00)
+ Khartoum","(UTC+02:00) Tripoli","(UTC+02:00) Windhoek","(UTC+03:00) Baghdad","(UTC+03:00)
+ Istanbul","(UTC+03:00) Kuwait, Riyadh","(UTC+03:00) Minsk","(UTC+03:00) Moscow,
+ St. Petersburg","(UTC+03:00) Nairobi","(UTC+03:30) Tehran","(UTC+04:00) Abu
+ Dhabi, Muscat","(UTC+04:00) Astrakhan, Ulyanovsk","(UTC+04:00) Baku","(UTC+04:00)
+ Izhevsk, Samara","(UTC+04:00) Port Louis","(UTC+04:00) Saratov","(UTC+04:00)
+ Tbilisi","(UTC+04:00) Volgograd","(UTC+04:00) Yerevan","(UTC+04:30) Kabul","(UTC+05:00)
+ Ashgabat, Tashkent","(UTC+05:00) Ekaterinburg","(UTC+05:00) Islamabad, Karachi","(UTC+05:00)
+ Qyzylorda","(UTC+05:30) Chennai, Kolkata, Mumbai, New Delhi","(UTC+05:30)
+ Sri Jayawardenepura","(UTC+05:45) Kathmandu","(UTC+06:00) Astana","(UTC+06:00)
+ Dhaka","(UTC+06:00) Omsk","(UTC+06:30) Yangon (Rangoon)","(UTC+07:00) Bangkok,
+ Hanoi, Jakarta","(UTC+07:00) Barnaul, Gorno-Altaysk","(UTC+07:00) Hovd","(UTC+07:00)
+ Krasnoyarsk","(UTC+07:00) Novosibirsk","(UTC+07:00) Tomsk","(UTC+08:00) Beijing,
+ Chongqing, Hong Kong, Urumqi","(UTC+08:00) Irkutsk","(UTC+08:00) Kuala Lumpur,
+ Singapore","(UTC+08:00) Perth","(UTC+08:00) Taipei","(UTC+08:00) Ulaanbaatar","(UTC+08:45)
+ Eucla","(UTC+09:00) Chita","(UTC+09:00) Osaka, Sapporo, Tokyo","(UTC+09:00)
+ Pyongyang","(UTC+09:00) Seoul","(UTC+09:00) Yakutsk","(UTC+09:30) Adelaide","(UTC+09:30)
+ Darwin","(UTC+10:00) Brisbane","(UTC+10:00) Canberra, Melbourne, Sydney","(UTC+10:00)
+ Guam, Port Moresby","(UTC+10:00) Hobart","(UTC+10:00) Vladivostok","(UTC+10:30)
+ Lord Howe Island","(UTC+11:00) Bougainville Island","(UTC+11:00) Chokurdakh","(UTC+11:00)
+ Magadan","(UTC+11:00) Norfolk Island","(UTC+11:00) Sakhalin","(UTC+11:00)
+ Solomon Is., New Caledonia","(UTC+12:00) Anadyr, Petropavlovsk-Kamchatsky","(UTC+12:00)
+ Auckland, Wellington","(UTC+12:00) Coordinated Universal Time+12","(UTC+12:00)
+ Fiji","(UTC+12:00) Petropavlovsk-Kamchatsky - Old","(UTC+12:45) Chatham Islands","(UTC+13:00)
+ Coordinated Universal Time+13","(UTC+13:00) Nuku''alofa","(UTC+13:00) Samoa","(UTC+14:00)
+ Kiritimati Island"]}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsTimeZone","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[WindowsTimeZone]WindowsTimeZone1;TimeZone'',
+ ''='', parameters(''TimeZone'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsTimeZone"},"TimeZone":{"value":"[parameters(''TimeZone'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"TimeZone":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c21f7060-c148-41cf-a68b-0ab3e14c764c","type":"Microsoft.Authorization/policyDefinitions","name":"c21f7060-c148-41cf-a68b-0ab3e14c764c"}'
headers:
cache-control:
- no-cache
content-length:
- - '975'
+ - '10061'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:30 GMT
+ - Fri, 06 Dec 2019 22:13:59 GMT
expires:
- '-1'
pragma:
@@ -23005,16 +36575,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''a4af4a39-4135-47fb-b175-47fbdf85311d'' could not be found."}}'
+ ''c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -23023,7 +36593,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:30 GMT
+ - Fri, 06 Dec 2019 22:14:01 GMT
expires:
- '-1'
pragma:
@@ -23049,28 +36619,30 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Web Application should only be accessible
- over HTTPS","policyType":"BuiltIn","mode":"Indexed","description":"Use of
- HTTPS ensures server/service authentication and protects data in transit from
- network layer eavesdropping attacks.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d","type":"Microsoft.Authorization/policyDefinitions","name":"a4af4a39-4135-47fb-b175-47fbdf85311d"}'
+ string: '{"properties":{"displayName":"Show audit results from Windows VMs on
+ which the specified services are not installed and ''Running''","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Windows virtual machines on which the specified services are not
+ installed and ''Running''. For more information on Guest Configuration policies,
+ please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsServiceStatus","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a","type":"Microsoft.Authorization/policyDefinitions","name":"c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a"}'
headers:
cache-control:
- no-cache
content-length:
- - '908'
+ - '2765'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:30 GMT
+ - Fri, 06 Dec 2019 22:14:02 GMT
expires:
- '-1'
pragma:
@@ -23100,16 +36672,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c2e7ca55-f62c-49b2-89a4-d41eb661d2f0?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9'' could not be found."}}'
+ ''c2e7ca55-f62c-49b2-89a4-d41eb661d2f0'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -23118,7 +36690,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:31 GMT
+ - Fri, 06 Dec 2019 22:14:04 GMT
expires:
- '-1'
pragma:
@@ -23144,31 +36716,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/c2e7ca55-f62c-49b2-89a4-d41eb661d2f0?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Auditing should be enabled on advanced
- data security settings on SQL Server","policyType":"BuiltIn","mode":"Indexed","description":"Auditing
- tracks database events and writes them to an audit log in the Azure storage
- account. It also helps to maintain regulatory compliance, understand database
- activity, and gain insight into discrepancies and anomalies that could indicate
- business concerns or suspected security violations.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"setting":{"type":"String","metadata":{"displayName":"Desired
- Auditing setting"},"allowedValues":["enabled","disabled"],"defaultValue":"enabled"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"field":"Microsoft.Sql/auditingSettings.state","equals":"[parameters(''setting'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","type":"Microsoft.Authorization/policyDefinitions","name":"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9"}'
+ string: '{"properties":{"displayName":"Ensure that ''.Net Framework'' version
+ is the latest, if used as a part of the API app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for .Net Framework software either due to security
+ flaws or to include additional functionality. Using the latest .Net framework
+ version for web apps is recommended in order to to take advantage of security
+ fixes, if any, and/or new functionalities of the latest version.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.netFrameworkVersion","in":["v3.0","v4.0"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c2e7ca55-f62c-49b2-89a4-d41eb661d2f0","type":"Microsoft.Authorization/policyDefinitions","name":"c2e7ca55-f62c-49b2-89a4-d41eb661d2f0"}'
headers:
cache-control:
- no-cache
content-length:
- - '1346'
+ - '1261'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:31 GMT
+ - Fri, 06 Dec 2019 22:14:05 GMT
expires:
- '-1'
pragma:
@@ -23198,16 +36770,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''a7aca53f-2ed4-4466-a25e-0b45ade68efd'' could not be found."}}'
+ ''c3f317a7-a95c-4547-b7e7-11017ebdf2fe'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -23216,7 +36788,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:32 GMT
+ - Fri, 06 Dec 2019 22:14:07 GMT
expires:
- '-1'
pragma:
@@ -23242,28 +36814,29 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"DDoS Protection Standard should be enabled","policyType":"BuiltIn","mode":"All","description":"DDoS
- protection standard should be enabled for all virtual networks with a subnet
- that is part of an application gateway with a public IP.","metadata":{"category":"Security
- Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"microsoft.network/virtualNetworks"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableDDoSProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd","type":"Microsoft.Authorization/policyDefinitions","name":"a7aca53f-2ed4-4466-a25e-0b45ade68efd"}'
+ string: '{"properties":{"displayName":"System updates on virtual machine scale
+ sets should be installed","policyType":"BuiltIn","mode":"Indexed","description":"Audit
+ whether there are any missing system security updates and critical updates
+ that should be installed to ensure that your Windows and Linux virtual machine
+ scale sets are secure.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"SystemUpdates","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","type":"Microsoft.Authorization/policyDefinitions","name":"c3f317a7-a95c-4547-b7e7-11017ebdf2fe"}'
headers:
cache-control:
- no-cache
content-length:
- - '1053'
+ - '1124'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:32 GMT
+ - Fri, 06 Dec 2019 22:14:08 GMT
expires:
- '-1'
pragma:
@@ -23293,16 +36866,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''a7ff3161-0087-490a-9ad9-ad6217f4f43a'' could not be found."}}'
+ ''c40c9087-1981-4e73-9f53-39743eda9d05'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -23311,7 +36884,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:32 GMT
+ - Fri, 06 Dec 2019 22:14:09 GMT
expires:
- '-1'
pragma:
@@ -23337,27 +36910,30 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Require encryption on Data Lake Store
- accounts","policyType":"BuiltIn","mode":"Indexed","description":"This policy
- ensures encryption is enabled on all Data Lake Store accounts","metadata":{"category":"Data
- Lake"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},{"field":"Microsoft.DataLakeStore/accounts/encryptionState","equals":"Disabled"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"a7ff3161-0087-490a-9ad9-ad6217f4f43a"}'
+ string: '{"properties":{"displayName":"[Preview]: Show audit results from Linux
+ VMs that have accounts without passwords","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Linux virtual machines that have accounts without passwords. For
+ more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid232","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","type":"Microsoft.Authorization/policyDefinitions","name":"c40c9087-1981-4e73-9f53-39743eda9d05"}'
headers:
cache-control:
- no-cache
content-length:
- - '654'
+ - '3164'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:32 GMT
+ - Fri, 06 Dec 2019 22:14:11 GMT
expires:
- '-1'
pragma:
@@ -23387,16 +36963,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c43e4a30-77cb-48ab-a4dd-93f175c63b57?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''a8bef009-a5c9-4d0f-90d7-6018734e8a16'' could not be found."}}'
+ ''c43e4a30-77cb-48ab-a4dd-93f175c63b57'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -23405,7 +36981,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:32 GMT
+ - Fri, 06 Dec 2019 22:14:13 GMT
expires:
- '-1'
pragma:
@@ -23431,30 +37007,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/c43e4a30-77cb-48ab-a4dd-93f175c63b57?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Deprecated] Monitor unencrypted SQL
- databases in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Unencrypted
- SQL databases will be monitored by Azure Security Center as recommendations.
- This policy is deprecated and replaced by the following policy: Transparent
- Data Encryption on SQL databases should be enabled''","metadata":{"category":"Security
- Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16","type":"Microsoft.Authorization/policyDefinitions","name":"a8bef009-a5c9-4d0f-90d7-6018734e8a16"}'
+ string: '{"properties":{"displayName":"Microsoft Antimalware for Azure should
+ be configured to automatically update protection signatures","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Windows virtual machine not configured with automatic update
+ of Microsoft Antimalware protection signatures.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType","equals":"Windows"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"},{"field":"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c43e4a30-77cb-48ab-a4dd-93f175c63b57","type":"Microsoft.Authorization/policyDefinitions","name":"c43e4a30-77cb-48ab-a4dd-93f175c63b57"}'
headers:
cache-control:
- no-cache
content-length:
- - '1164'
+ - '1388'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:32 GMT
+ - Fri, 06 Dec 2019 22:14:14 GMT
expires:
- '-1'
pragma:
@@ -23484,16 +37058,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a9a33475-481d-4b81-9116-0bf02ffe67e8?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c4857be7-912a-4c75-87e6-e30292bcdf78?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''a9a33475-481d-4b81-9116-0bf02ffe67e8'' could not be found."}}'
+ ''c4857be7-912a-4c75-87e6-e30292bcdf78'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -23502,7 +37076,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:33 GMT
+ - Fri, 06 Dec 2019 22:14:15 GMT
expires:
- '-1'
pragma:
@@ -23528,31 +37102,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/a9a33475-481d-4b81-9116-0bf02ffe67e8?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/c4857be7-912a-4c75-87e6-e30292bcdf78?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
- VMs configurations in ''System Audit Policies - Detailed Tracking''","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines with non-compliant settings in Group Policy
- category: ''System Audit Policies - Detailed Tracking''. For more information
- on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesDetailedTracking","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9a33475-481d-4b81-9116-0bf02ffe67e8","type":"Microsoft.Authorization/policyDefinitions","name":"a9a33475-481d-4b81-9116-0bf02ffe67e8"}'
+ string: '{"properties":{"displayName":"[Preview]: Container Registry should
+ use a virtual network service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Container Registry not configured to use a virtual network
+ service endpoint.","metadata":{"category":"Network","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerRegistry/registries"},{"anyOf":[{"field":"Microsoft.ContainerRegistry/registries/networkRuleSet.defaultAction","notEquals":"Deny"},{"field":"Microsoft.ContainerRegistry/registries/networkRuleSet.virtualNetworkRules[*].action","exists":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c4857be7-912a-4c75-87e6-e30292bcdf78","type":"Microsoft.Authorization/policyDefinitions","name":"c4857be7-912a-4c75-87e6-e30292bcdf78"}'
headers:
cache-control:
- no-cache
content-length:
- - '2687'
+ - '1073'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:33 GMT
+ - Fri, 06 Dec 2019 22:14:16 GMT
expires:
- '-1'
pragma:
@@ -23582,16 +37153,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''a9b99dd8-06c5-4317-8629-9d86a3c6e7d9'' could not be found."}}'
+ ''c4d441f8-f9d9-4a9e-9cef-e82117cb3eef'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -23600,7 +37171,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:33 GMT
+ - Fri, 06 Dec 2019 22:14:18 GMT
expires:
- '-1'
pragma:
@@ -23626,29 +37197,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Deploy network watcher when virtual networks
- are created","policyType":"BuiltIn","mode":"Indexed","description":"This policy
- creates a network watcher resource in regions with virtual networks. You need
- to ensure existence of a resource group named networkWatcherRG, which will
- be used to deploy network watcher instances.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/virtualNetworks"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Network/networkWatchers","resourceGroupName":"networkWatcherRG","existenceCondition":{"field":"location","equals":"[field(''location'')]"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json","contentVersion":"1.0.0.0","parameters":{"location":{"type":"string"}},"resources":[{"apiVersion":"2016-09-01","type":"Microsoft.Network/networkWatchers","name":"[concat(''networkWatcher_'',
- parameters(''location''))]","location":"[parameters(''location'')]"}]},"parameters":{"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9","type":"Microsoft.Authorization/policyDefinitions","name":"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9"}'
+ string: '{"properties":{"displayName":"Managed identity should be used in your
+ API App","policyType":"BuiltIn","mode":"Indexed","description":"Use a managed
+ identity for enhanced authentication security","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef","type":"Microsoft.Authorization/policyDefinitions","name":"c4d441f8-f9d9-4a9e-9cef-e82117cb3eef"}'
headers:
cache-control:
- no-cache
content-length:
- - '1466'
+ - '966'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:33 GMT
+ - Fri, 06 Dec 2019 22:14:19 GMT
expires:
- '-1'
pragma:
@@ -23678,16 +37248,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c5fbc59e-fb6f-494f-81e2-d99a671bdaa8?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''aa633080-8b72-40c4-a2d7-d00c03e80bed'' could not be found."}}'
+ ''c5fbc59e-fb6f-494f-81e2-d99a671bdaa8'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -23696,7 +37266,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:34 GMT
+ - Fri, 06 Dec 2019 22:14:21 GMT
expires:
- '-1'
pragma:
@@ -23722,29 +37292,65 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/c5fbc59e-fb6f-494f-81e2-d99a671bdaa8?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"MFA should be enabled on accounts with
- owner permissions on your subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor
- Authentication (MFA) should be enabled for all subscription accounts with
- owner permissions to prevent a breach of accounts or resources.","metadata":{"category":"Security
- Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","type":"Microsoft.Authorization/policyDefinitions","name":"aa633080-8b72-40c4-a2d7-d00c03e80bed"}'
+ string: '{"properties":{"displayName":"[Preview]: Deploy prerequisites to audit
+ Windows VMs that contain certificates expiring within the specified number
+ of days","policyType":"BuiltIn","mode":"Indexed","description":"This policy
+ creates a Guest Configuration assignment to audit Windows virtual machines
+ that contain certificates expiring within the specified number of days. It
+ also creates a system-assigned managed identity and deploys the VM extension
+ for Guest Configuration. This policy should only be used along with its corresponding
+ audit policy in an initiative. For more information on Guest Configuration
+ policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"CertificateStorePath":{"type":"String","metadata":{"displayName":"Certificate
+ store path","description":"The path to the certificate store containing the
+ certificates to check the expiration dates of. Default value is ''Cert:''
+ which is the root certificate store path, so all certificates on the machine
+ will be checked. Other example paths: ''Cert:\\LocalMachine'', ''Cert:\\LocalMachine\\TrustedPublisher'',
+ ''Cert:\\CurrentUser''"},"defaultValue":"Cert:"},"ExpirationLimitInDays":{"type":"String","metadata":{"displayName":"Expiration
+ limit in days","description":"An integer indicating the number of days within
+ which to check for certificates that are expiring. For example, if this value
+ is 30, any certificate expiring within the next 30 days will cause this policy
+ to be non-compliant."},"defaultValue":"30"},"CertificateThumbprintsToInclude":{"type":"String","metadata":{"displayName":"Certificate
+ thumbprints to include","description":"A semicolon-separated list of certificate
+ thumbprints to check under the specified path. If a value is not specified,
+ all certificates under the certificate store path will be checked. If a value
+ is specified, no certificates other than those with the thumbprints specified
+ will be checked. e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3"},"defaultValue":""},"CertificateThumbprintsToExclude":{"type":"String","metadata":{"displayName":"Certificate
+ thumbprints to exclude","description":"A semicolon-separated list of certificate
+ thumbprints to ignore. e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3"},"defaultValue":""},"IncludeExpiredCertificates":{"type":"String","metadata":{"displayName":"Include
+ expired certificates","description":"Must be ''true'' or ''false''. True indicates
+ that any found certificates that have already expired will also make this
+ policy non-compliant. False indicates that certificates that have expired
+ will be be ignored."},"allowedValues":["true","false"],"defaultValue":"false"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"CertificateExpiration","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[CertificateStore]CertificateStore1;CertificateStorePath'',
+ ''='', parameters(''CertificateStorePath''), '','', ''[CertificateStore]CertificateStore1;ExpirationLimitInDays'',
+ ''='', parameters(''ExpirationLimitInDays''), '','', ''[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude'',
+ ''='', parameters(''CertificateThumbprintsToInclude''), '','', ''[CertificateStore]CertificateStore1;CertificateThumbprintsToExclude'',
+ ''='', parameters(''CertificateThumbprintsToExclude''), '','', ''[CertificateStore]CertificateStore1;IncludeExpiredCertificates'',
+ ''='', parameters(''IncludeExpiredCertificates'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"CertificateExpiration"},"CertificateStorePath":{"value":"[parameters(''CertificateStorePath'')]"},"ExpirationLimitInDays":{"value":"[parameters(''ExpirationLimitInDays'')]"},"CertificateThumbprintsToInclude":{"value":"[parameters(''CertificateThumbprintsToInclude'')]"},"CertificateThumbprintsToExclude":{"value":"[parameters(''CertificateThumbprintsToExclude'')]"},"IncludeExpiredCertificates":{"value":"[parameters(''IncludeExpiredCertificates'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"CertificateStorePath":{"type":"string"},"ExpirationLimitInDays":{"type":"string"},"CertificateThumbprintsToInclude":{"type":"string"},"CertificateThumbprintsToExclude":{"type":"string"},"IncludeExpiredCertificates":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateStorePath","value":"[parameters(''CertificateStorePath'')]"},{"name":"[CertificateStore]CertificateStore1;ExpirationLimitInDays","value":"[parameters(''ExpirationLimitInDays'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprintsToInclude'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToExclude","value":"[parameters(''CertificateThumbprintsToExclude'')]"},{"name":"[CertificateStore]CertificateStore1;IncludeExpiredCertificates","value":"[parameters(''IncludeExpiredCertificates'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateStorePath","value":"[parameters(''CertificateStorePath'')]"},{"name":"[CertificateStore]CertificateStore1;ExpirationLimitInDays","value":"[parameters(''ExpirationLimitInDays'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprintsToInclude'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToExclude","value":"[parameters(''CertificateThumbprintsToExclude'')]"},{"name":"[CertificateStore]CertificateStore1;IncludeExpiredCertificates","value":"[parameters(''IncludeExpiredCertificates'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c5fbc59e-fb6f-494f-81e2-d99a671bdaa8","type":"Microsoft.Authorization/policyDefinitions","name":"c5fbc59e-fb6f-494f-81e2-d99a671bdaa8"}'
headers:
cache-control:
- no-cache
content-length:
- - '1108'
+ - '9930'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:34 GMT
+ - Fri, 06 Dec 2019 22:14:22 GMT
expires:
- '-1'
pragma:
@@ -23774,16 +37380,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''abcc6037-1fc4-47f6-aac5-89706589be24'' could not be found."}}'
+ ''c8343d2f-fdc9-4a97-b76f-fc71d1163bfc'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -23792,7 +37398,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:35 GMT
+ - Fri, 06 Dec 2019 22:14:24 GMT
expires:
- '-1'
pragma:
@@ -23818,28 +37424,30 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Automatic provisioning of security monitoring
- agent","policyType":"BuiltIn","mode":"All","description":"Installs security
- agent on VMs for advanced security alerts and preventions in Azure Security
- Center. Applies only for subscriptions that use Azure Security Center.","metadata":{"category":"Security
- Center","deprecated":true},"parameters":{},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Security/complianceResults","name":"securityAgent","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24","type":"Microsoft.Authorization/policyDefinitions","name":"abcc6037-1fc4-47f6-aac5-89706589be24"}'
+ string: '{"properties":{"displayName":"Email notifications to admins and subscription
+ owners should be enabled in SQL server advanced data security settings","policyType":"BuiltIn","mode":"Indexed","description":"Audit
+ that ''email notification to admins and subscription owners'' is enabled in
+ the SQL server advanced threat protection settings. This ensures that any
+ detections of anomalous activities on SQL server are reported as soon as possible
+ to the admins.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","type":"Microsoft.Authorization/policyDefinitions","name":"c8343d2f-fdc9-4a97-b76f-fc71d1163bfc"}'
headers:
cache-control:
- no-cache
content-length:
- - '928'
+ - '1210'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:35 GMT
+ - Fri, 06 Dec 2019 22:14:25 GMT
expires:
- '-1'
pragma:
@@ -23869,16 +37477,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9'' could not be found."}}'
+ ''c84e5349-db6d-4769-805e-e14037dab9b5'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -23887,7 +37495,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:35 GMT
+ - Fri, 06 Dec 2019 22:14:27 GMT
expires:
- '-1'
pragma:
@@ -23913,27 +37521,39 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Advanced data security should be enabled
- on your SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"Audit
- SQL servers without Advanced Data Security","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/state","equals":"Enabled"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9","type":"Microsoft.Authorization/policyDefinitions","name":"abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9"}'
+ string: '{"properties":{"displayName":"Deploy Diagnostic Settings for Batch
+ Account to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Batch Account to stream to a regional Log Analytics
+ workspace when any Batch Account which is missing this diagnostic settings
+ is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Batch/batchAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Batch/batchAccounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ServiceLog","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5","type":"Microsoft.Authorization/policyDefinitions","name":"c84e5349-db6d-4769-805e-e14037dab9b5"}'
headers:
cache-control:
- no-cache
content-length:
- - '941'
+ - '3718'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:35 GMT
+ - Fri, 06 Dec 2019 22:14:28 GMT
expires:
- '-1'
pragma:
@@ -23963,16 +37583,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9'' could not be found."}}'
+ ''c85538c1-b527-4ce4-bdb4-1dabcb3fd90d'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -23981,7 +37601,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:36 GMT
+ - Fri, 06 Dec 2019 22:14:30 GMT
expires:
- '-1'
pragma:
@@ -24007,27 +37627,29 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Advanced data security should be enabled
- on your SQL managed instances","policyType":"BuiltIn","mode":"Indexed","description":"Audit
- SQL managed instances without Advanced Data Security","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/state","equals":"Enabled"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9","type":"Microsoft.Authorization/policyDefinitions","name":"abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9"}'
+ string: '{"properties":{"displayName":"[Deprecated]: API App should only be
+ accessible over HTTPS","policyType":"BuiltIn","mode":"All","description":"Use
+ of HTTPS ensures server/service authentication and protects data in transit
+ from network layer eavesdropping attacks.","metadata":{"category":"Security
+ Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForApiApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d","type":"Microsoft.Authorization/policyDefinitions","name":"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d"}'
headers:
cache-control:
- no-cache
content-length:
- - '988'
+ - '1145'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:36 GMT
+ - Fri, 06 Dec 2019 22:14:31 GMT
expires:
- '-1'
pragma:
@@ -24057,16 +37679,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c8abcef9-fc26-482f-b8db-5fa60ee4586d?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''ac4a19c2-fa67-49b4-8ae5-0b2e78c49457'' could not be found."}}'
+ ''c8abcef9-fc26-482f-b8db-5fa60ee4586d'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -24075,7 +37697,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:36 GMT
+ - Fri, 06 Dec 2019 22:14:33 GMT
expires:
- '-1'
pragma:
@@ -24101,30 +37723,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/c8abcef9-fc26-482f-b8db-5fa60ee4586d?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Role-Based Access Control
- (RBAC) should be used on Kubernetes Services","policyType":"BuiltIn","mode":"All","description":"To
- provide granular filtering on the actions that users can perform, use Role-Based
- Access Control (RBAC) to manage permissions in Kubernetes Service Clusters
- and configure relevant authorization policies.","metadata":{"category":"Security
- Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/enableRBAC","exists":"false"},{"field":"Microsoft.ContainerService/managedClusters/enableRBAC","equals":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457","type":"Microsoft.Authorization/policyDefinitions","name":"ac4a19c2-fa67-49b4-8ae5-0b2e78c49457"}'
+ string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
+ VMs configurations in ''Security Options - Interactive Logon''","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Windows virtual machines with non-compliant settings in Group Policy
+ category: ''Security Options - Interactive Logon''. For more information on
+ Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsInteractiveLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8abcef9-fc26-482f-b8db-5fa60ee4586d","type":"Microsoft.Authorization/policyDefinitions","name":"c8abcef9-fc26-482f-b8db-5fa60ee4586d"}'
headers:
cache-control:
- no-cache
content-length:
- - '1147'
+ - '2673'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:36 GMT
+ - Fri, 06 Dec 2019 22:14:34 GMT
expires:
- '-1'
pragma:
@@ -24154,16 +37777,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''ac7e5fc0-c029-4b12-91d4-a8500ce697f9'' could not be found."}}'
+ ''c95c74d9-38fe-4f0d-af86-0c7d626a315c'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -24172,7 +37795,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:37 GMT
+ - Fri, 06 Dec 2019 22:14:36 GMT
expires:
- '-1'
pragma:
@@ -24198,27 +37821,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Allow resource creation if ''environment''
- tag value in allowed values","policyType":"BuiltIn","mode":"Indexed","description":"Allows
- resource creation if the ''environment'' tag is set to one of the following
- values: production, dev, test, staging","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags.environment","in":["production","dev","test","staging"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9","type":"Microsoft.Authorization/policyDefinitions","name":"ac7e5fc0-c029-4b12-91d4-a8500ce697f9"}'
+ string: '{"properties":{"displayName":"Diagnostic logs in Data Lake Analytics
+ should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
+ enabling of diagnostic logs. This enables you to recreate activity trails
+ to use for investigation purposes; when a security incident occurs or when
+ your network is compromised","metadata":{"category":"Data Lake"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (days)","description":"The required diagnostic logs retention in
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeAnalytics/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","type":"Microsoft.Authorization/policyDefinitions","name":"c95c74d9-38fe-4f0d-af86-0c7d626a315c"}'
headers:
cache-control:
- no-cache
content-length:
- - '664'
+ - '1799'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:37 GMT
+ - Fri, 06 Dec 2019 22:14:37 GMT
expires:
- '-1'
pragma:
@@ -24248,16 +37875,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c961dac9-5916-42e8-8fb1-703148323994?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''aeb23562-188d-47cb-80b8-551f16ef9fff'' could not be found."}}'
+ ''c961dac9-5916-42e8-8fb1-703148323994'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -24266,7 +37893,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:38 GMT
+ - Fri, 06 Dec 2019 22:14:39 GMT
expires:
- '-1'
pragma:
@@ -24292,30 +37919,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/c961dac9-5916-42e8-8fb1-703148323994?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Email notifications to admins and subscription
- owners should be enabled in SQL managed instance advanced data security settings","policyType":"BuiltIn","mode":"Indexed","description":"Audit
- that ''email notification to admins and subscription owners'' is enabled in
- the SQL managed instance advanced threat protection settings. This ensures
- that any detections of anomalous activities on SQL managed instance are reported
- as soon as possible to the admins.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff","type":"Microsoft.Authorization/policyDefinitions","name":"aeb23562-188d-47cb-80b8-551f16ef9fff"}'
+ string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
+ VMs configurations in ''User Rights Assignment''","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Windows virtual machines with non-compliant settings in Group Policy
+ category: ''User Rights Assignment''. For more information on Guest Configuration
+ policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_UserRightsAssignment","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c961dac9-5916-42e8-8fb1-703148323994","type":"Microsoft.Authorization/policyDefinitions","name":"c961dac9-5916-42e8-8fb1-703148323994"}'
headers:
cache-control:
- no-cache
content-length:
- - '1267'
+ - '2634'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:38 GMT
+ - Fri, 06 Dec 2019 22:14:40 GMT
expires:
- '-1'
pragma:
@@ -24345,16 +37973,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c96f3246-4382-4264-bf6b-af0b35e23c3c?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''af6cd1bd-1635-48cb-bde7-5b15693900b9'' could not be found."}}'
+ ''c96f3246-4382-4264-bf6b-af0b35e23c3c'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -24363,7 +37991,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:38 GMT
+ - Fri, 06 Dec 2019 22:14:42 GMT
expires:
- '-1'
pragma:
@@ -24389,28 +38017,38 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/c96f3246-4382-4264-bf6b-af0b35e23c3c?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Monitor missing Endpoint Protection in
- Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Servers
- without an installed Endpoint Protection agent will be monitored by Azure
- Security Center as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"endpointProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","type":"Microsoft.Authorization/policyDefinitions","name":"af6cd1bd-1635-48cb-bde7-5b15693900b9"}'
+ string: '{"properties":{"displayName":"Deploy prerequisites to audit Windows
+ VMs with a pending reboot","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Windows virtual machines
+ with a pending reboot. It also creates a system-assigned managed identity
+ and deploys the VM extension for Guest Configuration. This policy should only
+ be used along with its corresponding audit policy in an initiative. For more
+ information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPendingReboot"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c96f3246-4382-4264-bf6b-af0b35e23c3c","type":"Microsoft.Authorization/policyDefinitions","name":"c96f3246-4382-4264-bf6b-af0b35e23c3c"}'
headers:
cache-control:
- no-cache
content-length:
- - '1088'
+ - '5179'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:38 GMT
+ - Fri, 06 Dec 2019 22:14:43 GMT
expires:
- '-1'
pragma:
@@ -24440,16 +38078,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''af8051bf-258b-44e2-a2bf-165330459f9d'' could not be found."}}'
+ ''c9c29499-c1d1-4195-99bd-2ec9e3a9dc89'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -24458,7 +38096,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:39 GMT
+ - Fri, 06 Dec 2019 22:14:45 GMT
expires:
- '-1'
pragma:
@@ -24484,30 +38122,38 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Deprecated] Monitor unaudited SQL servers
- in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"SQL
- servers which don''t have SQL auditing turned on will be monitored by Azure
- Security Center as recommendations. This policy is deprecated and replaced
- by the following policy: ''Auditing should be enabled on advanced data security
- settings on SQL Server''","metadata":{"category":"Security Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"auditing","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d","type":"Microsoft.Authorization/policyDefinitions","name":"af8051bf-258b-44e2-a2bf-165330459f9d"}'
+ string: '{"properties":{"displayName":"Deploy Diagnostic Settings for Network
+ Security Groups","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy automatically deploys diagnostic settings to network security groups.
+ A storage account with name ''{storagePrefixParameter}{NSGLocation}'' will
+ be automatically created.","metadata":{"category":"Monitoring"},"parameters":{"storagePrefix":{"type":"String","metadata":{"displayName":"Storage
+ Account Prefix for Regional Storage Account","description":"This prefix will
+ be combined with the network security group location to form the created storage
+ account name."}},"rgName":{"type":"String","metadata":{"displayName":"Resource
+ Group Name for Storage Account (must exist)","description":"The resource group
+ that the storage account will be created in. This resource group must already
+ exist.","strongType":"ExistingResourceGroups"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/networkSecurityGroups"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"setbypolicy","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"location":{"type":"string"},"storagePrefix":{"type":"string"},"nsgName":{"type":"string"},"rgName":{"type":"string"}},"variables":{"storageDeployName":"[concat(''policyStorage_'',
+ uniqueString(parameters(''location''), parameters(''nsgName'')))]"},"resources":[{"type":"Microsoft.Network/networkSecurityGroups/providers/diagnosticSettings","name":"[concat(parameters(''nsgName''),''/Microsoft.Insights/setbypolicy'')]","apiVersion":"2017-05-01-preview","location":"[parameters(''location'')]","dependsOn":["[variables(''storageDeployName'')]"],"properties":{"storageAccountId":"[reference(variables(''storageDeployName'')).outputs.storageAccountId.value]","logs":[{"category":"NetworkSecurityGroupEvent","enabled":true,"retentionPolicy":{"enabled":false,"days":0}},{"category":"NetworkSecurityGroupRuleCounter","enabled":true,"retentionPolicy":{"enabled":false,"days":0}}]}},{"apiVersion":"2017-05-10","name":"[variables(''storageDeployName'')]","type":"Microsoft.Resources/deployments","resourceGroup":"[parameters(''rgName'')]","properties":{"mode":"incremental","parameters":{"location":{"value":"[parameters(''location'')]"},"storagePrefix":{"value":"[parameters(''storagePrefix'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json","contentVersion":"1.0.0.0","parameters":{"location":{"type":"string"},"storagePrefix":{"type":"string"}},"resources":[{"apiVersion":"2017-06-01","type":"Microsoft.Storage/storageAccounts","name":"[concat(parameters(''storageprefix''),
+ parameters(''location''))]","sku":{"name":"Standard_LRS","tier":"Standard"},"kind":"Storage","location":"[parameters(''location'')]","tags":{"created-by":"policy"},"scale":null,"properties":{"networkAcls":{"bypass":"AzureServices","defaultAction":"Allow","ipRules":[],"virtualNetworkRules":[]},"supportsHttpsTrafficOnly":true}}],"outputs":{"storageAccountId":{"type":"string","value":"[resourceId(parameters(''rgName''),
+ ''Microsoft.Storage/storageAccounts'',concat(parameters(''storagePrefix''),
+ parameters(''location'')))]"}}}}}]},"parameters":{"location":{"value":"[field(''location'')]"},"storagePrefix":{"value":"[parameters(''storagePrefix'')]"},"rgName":{"value":"[parameters(''rgName'')]"},"nsgName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89","type":"Microsoft.Authorization/policyDefinitions","name":"c9c29499-c1d1-4195-99bd-2ec9e3a9dc89"}'
headers:
cache-control:
- no-cache
content-length:
- - '1188'
+ - '3906'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:39 GMT
+ - Fri, 06 Dec 2019 22:14:46 GMT
expires:
- '-1'
pragma:
@@ -24537,16 +38183,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''b02aacc0-b073-424e-8298-42b22829ee0a'' could not be found."}}'
+ ''c9d007d0-c057-4772-b18c-01e546713bcd'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -24555,7 +38201,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:39 GMT
+ - Fri, 06 Dec 2019 22:14:48 GMT
expires:
- '-1'
pragma:
@@ -24581,28 +38227,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Activity log should be retained for at
- least one year","policyType":"BuiltIn","mode":"All","description":"This policy
- audits the activity log if the retention is not set for 365 days or forever
- (retention days set to 0).","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/logProfiles","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"true"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"365"}]},{"allOf":[{"field":"Microsoft.Insights/logProfiles/retentionPolicy.enabled","equals":"false"},{"field":"Microsoft.Insights/logProfiles/retentionPolicy.days","equals":"0"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a","type":"Microsoft.Authorization/policyDefinitions","name":"b02aacc0-b073-424e-8298-42b22829ee0a"}'
+ string: '{"properties":{"displayName":"Storage accounts should allow access
+ from trusted Microsoft services","policyType":"BuiltIn","mode":"Indexed","description":"Some
+ Microsoft services that interact with storage accounts operate from networks
+ that can''t be granted access through network rules. To help this type of
+ service work as intended, allow the set of trusted Microsoft services to bypass
+ the network rules. These services will then use strong authentication to access
+ the storage account.","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","exists":"true"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","notContains":"AzureServices"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","type":"Microsoft.Authorization/policyDefinitions","name":"c9d007d0-c057-4772-b18c-01e546713bcd"}'
headers:
cache-control:
- no-cache
content-length:
- - '1263'
+ - '1273'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:39 GMT
+ - Fri, 06 Dec 2019 22:14:49 GMT
expires:
- '-1'
pragma:
@@ -24632,16 +38281,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''b0f33259-77d7-4c9e-aac6-3aabcfae693c'' could not be found."}}'
+ ''cb510bfd-1cba-4d9f-a230-cb0976f4bb71'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -24650,7 +38299,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:39 GMT
+ - Fri, 06 Dec 2019 22:14:51 GMT
expires:
- '-1'
pragma:
@@ -24676,28 +38325,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Just-In-Time network access control should
- be applied on virtual machines","policyType":"BuiltIn","mode":"All","description":"Possible
- network Just In Time (JIT) access will be monitored by Azure Security Center
- as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"jitNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","type":"Microsoft.Authorization/policyDefinitions","name":"b0f33259-77d7-4c9e-aac6-3aabcfae693c"}'
+ string: '{"properties":{"displayName":"Remote debugging should be turned off
+ for Web Applications","policyType":"BuiltIn","mode":"Indexed","description":"Remote
+ debugging requires inbound ports to be opened on a web application. Remote
+ debugging should be turned off.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","type":"Microsoft.Authorization/policyDefinitions","name":"cb510bfd-1cba-4d9f-a230-cb0976f4bb71"}'
headers:
cache-control:
- no-cache
content-length:
- - '1046'
+ - '1021'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:39 GMT
+ - Fri, 06 Dec 2019 22:14:52 GMT
expires:
- '-1'
pragma:
@@ -24727,16 +38376,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/cc7cda28-f867-4311-8497-a526129a8d19?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''b18175dd-c599-4c64-83ba-bb018a06d35b'' could not be found."}}'
+ ''cc7cda28-f867-4311-8497-a526129a8d19'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -24745,7 +38394,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:40 GMT
+ - Fri, 06 Dec 2019 22:14:53 GMT
expires:
- '-1'
pragma:
@@ -24771,30 +38420,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/cc7cda28-f867-4311-8497-a526129a8d19?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Show audit results from Linux
- VMs that do not have the passwd file permissions set to 0644","policyType":"BuiltIn","mode":"All","description":"This
+ string: '{"properties":{"displayName":"Show audit results from Windows VMs in
+ which the Administrators group does not contain only the specified members","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
- auditing Linux virtual machines that do not have the passwd file permissions
- set to 0644. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","type":"Microsoft.Authorization/policyDefinitions","name":"b18175dd-c599-4c64-83ba-bb018a06d35b"}'
+ auditing Windows virtual machines in which the Administrators group does not
+ contain only the specified members. For more information on Guest Configuration
+ policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AdministratorsGroupMembers","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cc7cda28-f867-4311-8497-a526129a8d19","type":"Microsoft.Authorization/policyDefinitions","name":"cc7cda28-f867-4311-8497-a526129a8d19"}'
headers:
cache-control:
- no-cache
content-length:
- - '3204'
+ - '2799'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:40 GMT
+ - Fri, 06 Dec 2019 22:14:55 GMT
expires:
- '-1'
pragma:
@@ -24824,16 +38474,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''b278e460-7cfc-4451-8294-cccc40a940d7'' could not be found."}}'
+ ''cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -24842,7 +38492,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:40 GMT
+ - Fri, 06 Dec 2019 22:14:57 GMT
expires:
- '-1'
pragma:
@@ -24868,31 +38518,30 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"All authorization rules except RootManageSharedAccessKey
- should be removed from Event Hub namespace","policyType":"BuiltIn","mode":"All","description":"Event
- Hub clients should not use a namespace level access policy that provides access
- to all queues and topics in a namespace. To align with the least privilege
- security model, you shoud create access policies at the entity level for queues
- and topics to provide access to only the specific entity","metadata":{"category":"Event
- Hub"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.EventHub/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","type":"Microsoft.Authorization/policyDefinitions","name":"b278e460-7cfc-4451-8294-cccc40a940d7"}'
+ string: '{"properties":{"displayName":"[Preview]: Sensitive data in your SQL
+ databases should be classified","policyType":"BuiltIn","mode":"Indexed","description":"Azure
+ Security Center monitors the data discovery and classification scan results
+ for your SQL databases and provides recommendations to classify the sensitive
+ data in your databases for better monitoring and security","metadata":{"category":"Security
+ Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Sql/servers/databases","Microsoft.Sql/managedInstances/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"sqlDataClassification","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349","type":"Microsoft.Authorization/policyDefinitions","name":"cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349"}'
headers:
cache-control:
- no-cache
content-length:
- - '1160'
+ - '1217'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:40 GMT
+ - Fri, 06 Dec 2019 22:14:59 GMT
expires:
- '-1'
pragma:
@@ -24922,16 +38571,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''b2fc8f91-866d-4434-9089-5ebfe38d6fd8'' could not be found."}}'
+ ''cccc23c7-8427-4f53-ad12-b6a63eb452b3'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -24940,7 +38589,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:41 GMT
+ - Fri, 06 Dec 2019 22:15:00 GMT
expires:
- '-1'
pragma:
@@ -24966,42 +38615,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Deploy prerequisites to audit Windows
- web servers that are not using secure communication protocols","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Windows web servers
- that are not using secure communication protocols (TLS 1.1 or TLS 1.2). It
- also creates a system-assigned managed identity and deploys the VM extension
- for Guest Configuration. This policy should only be used along with its corresponding
- audit policy in an initiative. For more information on Guest Configuration
- policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"MinimumTLSVersion":{"type":"String","metadata":{"displayName":"Minimum
- TLS version","description":"The minimum TLS protocol version that should be
- enabled. Windows web servers with lower TLS versions will be marked as non-compliant."},"allowedValues":["1.1","1.2"],"defaultValue":"1.1"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AuditSecureProtocol","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"anyOf":[{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[SecureWebServer]s1;MinimumTLSVersion'',
- ''='', parameters(''MinimumTLSVersion'')))]"},{"allOf":[{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":""},{"value":"[parameters(''MinimumTLSVersion'')]","equals":"1.1"}]}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AuditSecureProtocol"},"MinimumTLSVersion":{"value":"[parameters(''MinimumTLSVersion'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"MinimumTLSVersion":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[SecureWebServer]s1;MinimumTLSVersion","value":"[parameters(''MinimumTLSVersion'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[SecureWebServer]s1;MinimumTLSVersion","value":"[parameters(''MinimumTLSVersion'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","type":"Microsoft.Authorization/policyDefinitions","name":"b2fc8f91-866d-4434-9089-5ebfe38d6fd8"}'
+ string: '{"properties":{"displayName":"Allowed virtual machine SKUs","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy enables you to specify a set of virtual machine SKUs that your organization
+ can deploy.","metadata":{"category":"Compute"},"parameters":{"listOfAllowedSKUs":{"type":"Array","metadata":{"description":"The
+ list of SKUs that can be specified for virtual machines.","displayName":"Allowed
+ SKUs","strongType":"VMSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"field":"Microsoft.Compute/virtualMachines/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3","type":"Microsoft.Authorization/policyDefinitions","name":"cccc23c7-8427-4f53-ad12-b6a63eb452b3"}'
headers:
cache-control:
- no-cache
content-length:
- - '6227'
+ - '861'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:41 GMT
+ - Fri, 06 Dec 2019 22:15:01 GMT
expires:
- '-1'
pragma:
@@ -25031,16 +38666,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/b3802d79-dd88-4bce-b81d-780218e48280?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/cd3aa116-8754-49c9-a813-ad46512ece54?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''b3802d79-dd88-4bce-b81d-780218e48280'' could not be found."}}'
+ ''cd3aa116-8754-49c9-a813-ad46512ece54'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -25049,7 +38684,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:41 GMT
+ - Fri, 06 Dec 2019 22:15:04 GMT
expires:
- '-1'
pragma:
@@ -25075,31 +38710,30 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/b3802d79-dd88-4bce-b81d-780218e48280?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/cd3aa116-8754-49c9-a813-ad46512ece54?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
- VMs configurations in ''System Audit Policies - Logon-Logoff''","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines with non-compliant settings in Group Policy
- category: ''System Audit Policies - Logon-Logoff''. For more information on
- Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesLogonLogoff","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b3802d79-dd88-4bce-b81d-780218e48280","type":"Microsoft.Authorization/policyDefinitions","name":"b3802d79-dd88-4bce-b81d-780218e48280"}'
+ string: '{"properties":{"displayName":"Inherit a tag from the resource group","policyType":"BuiltIn","mode":"Indexed","description":"Adds
+ or replaces the specified tag and value from the parent resource group when
+ any resource is created or updated. Existing resources can be remediated by
+ triggering a remediation task.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"allOf":[{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","notEquals":"[resourceGroup().tags[parameters(''tagName'')]]"},{"value":"[resourceGroup().tags[parameters(''tagName'')]]","notEquals":""}]},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"addOrReplace","field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","value":"[resourceGroup().tags[parameters(''tagName'')]]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd3aa116-8754-49c9-a813-ad46512ece54","type":"Microsoft.Authorization/policyDefinitions","name":"cd3aa116-8754-49c9-a813-ad46512ece54"}'
headers:
cache-control:
- no-cache
content-length:
- - '2672'
+ - '1205'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:42 GMT
+ - Fri, 06 Dec 2019 22:15:05 GMT
expires:
- '-1'
pragma:
@@ -25129,16 +38763,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''b4330a05-a843-4bc8-bf9a-cacce50c67f4'' could not be found."}}'
+ ''cd8dc879-a2ae-43c3-8211-1877c5755064'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -25147,7 +38781,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:42 GMT
+ - Fri, 06 Dec 2019 22:15:06 GMT
expires:
- '-1'
pragma:
@@ -25173,31 +38807,26 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Diagnostic logs in Search services should
- be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit enabling
- of diagnostic logs. This enables you to recreate activity trails to use for
- investigation purposes; when a security incident occurs or when your network
- is compromised","metadata":{"category":"Search"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
- retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","type":"Microsoft.Authorization/policyDefinitions","name":"b4330a05-a843-4bc8-bf9a-cacce50c67f4"}'
+ string: '{"properties":{"displayName":"[Deprecated]: Allow resource creation
+ if ''department'' tag set","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ resource creation only if the ''department'' tag is set","metadata":{"category":"Tags","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags","containsKey":"department"}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064","type":"Microsoft.Authorization/policyDefinitions","name":"cd8dc879-a2ae-43c3-8211-1877c5755064"}'
headers:
cache-control:
- no-cache
content-length:
- - '1787'
+ - '567'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:42 GMT
+ - Fri, 06 Dec 2019 22:15:07 GMT
expires:
- '-1'
pragma:
@@ -25227,16 +38856,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''b48334a4-911b-4084-b1ab-3e6a4e50b951'' could not be found."}}'
+ ''cdbf72d9-ac9c-4026-8a3a-491a5ac59293'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -25245,7 +38874,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:43 GMT
+ - Fri, 06 Dec 2019 22:15:10 GMT
expires:
- '-1'
pragma:
@@ -25271,29 +38900,30 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Deprecated]: Audit Web Sockets state
- for an API App","policyType":"BuiltIn","mode":"All","description":"The Web
- Sockets protocol is vulnerable to different types of security threats. Use
- of Web Sockets within an API app must be carefully reviewed.","metadata":{"category":"Security
- Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951","type":"Microsoft.Authorization/policyDefinitions","name":"b48334a4-911b-4084-b1ab-3e6a4e50b951"}'
+ string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
+ VMs that allow re-use of the previous 24 passwords","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Windows virtual machines that allow re-use of the previous 24 passwords.
+ For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","type":"Microsoft.Authorization/policyDefinitions","name":"cdbf72d9-ac9c-4026-8a3a-491a5ac59293"}'
headers:
cache-control:
- no-cache
content-length:
- - '1175'
+ - '2744'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:43 GMT
+ - Fri, 06 Dec 2019 22:15:11 GMT
expires:
- '-1'
pragma:
@@ -25323,16 +38953,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ce2370f6-0ac5-4d85-8ab4-10721cc640b0?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''b4d66858-c922-44e3-9566-5cdb7a7be744'' could not be found."}}'
+ ''ce2370f6-0ac5-4d85-8ab4-10721cc640b0'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -25341,7 +38971,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:43 GMT
+ - Fri, 06 Dec 2019 22:15:12 GMT
expires:
- '-1'
pragma:
@@ -25367,28 +38997,34 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/ce2370f6-0ac5-4d85-8ab4-10721cc640b0?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"A security contact phone number should
- be provided for your subscription","policyType":"BuiltIn","mode":"All","description":"Enter
- a phone number to receive notifications when Azure Security Center detects
- compromised resources","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/securityContacts","existenceCondition":{"field":"Microsoft.Security/securityContacts/phone","notEquals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744","type":"Microsoft.Authorization/policyDefinitions","name":"b4d66858-c922-44e3-9566-5cdb7a7be744"}'
+ string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
+ Windows VMs configurations in ''System Audit Policies - Privilege Use''","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Windows virtual machines
+ with non-compliant settings in Group Policy category: ''System Audit Policies
+ - Privilege Use''. It also creates a system-assigned managed identity and
+ deploys the VM extension for Guest Configuration. This policy should only
+ be used along with its corresponding audit policy in an initiative. For more
+ information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPrivilegeUse","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesPrivilegeUse"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ce2370f6-0ac5-4d85-8ab4-10721cc640b0","type":"Microsoft.Authorization/policyDefinitions","name":"ce2370f6-0ac5-4d85-8ab4-10721cc640b0"}'
headers:
cache-control:
- no-cache
content-length:
- - '990'
+ - '4394'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:43 GMT
+ - Fri, 06 Dec 2019 22:15:14 GMT
expires:
- '-1'
pragma:
@@ -25418,16 +39054,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''b54ed75b-3e1a-44ac-a333-05ba39b99ff0'' could not be found."}}'
+ ''cf820ca0-f99e-4f3e-84fb-66e913812d21'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -25436,7 +39072,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:44 GMT
+ - Fri, 06 Dec 2019 22:15:16 GMT
expires:
- '-1'
pragma:
@@ -25462,28 +39098,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Service Fabric clusters should only use
- Azure Active Directory for client authentication","policyType":"BuiltIn","mode":"Indexed","description":"Audit
- usage of client authentication only via Azure Active Directory in Service
- Fabric","metadata":{"category":"Service Fabric"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceFabric/clusters"},{"anyOf":[{"field":"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId","exists":"false"},{"field":"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId","equals":""}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","type":"Microsoft.Authorization/policyDefinitions","name":"b54ed75b-3e1a-44ac-a333-05ba39b99ff0"}'
+ string: '{"properties":{"displayName":"Diagnostic logs in Key Vault should be
+ enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit enabling
+ of diagnostic logs. This enables you to recreate activity trails to use for
+ investigation purposes; when a security incident occurs or when your network
+ is compromised","metadata":{"category":"Key Vault"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (days)","description":"The required diagnostic logs retention in
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","type":"Microsoft.Authorization/policyDefinitions","name":"cf820ca0-f99e-4f3e-84fb-66e913812d21"}'
headers:
cache-control:
- no-cache
content-length:
- - '1026'
+ - '1778'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:44 GMT
+ - Fri, 06 Dec 2019 22:15:17 GMT
expires:
- '-1'
pragma:
@@ -25513,16 +39152,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d157c373-a6c4-483d-aaad-570756956268?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''b5f04e03-92a3-4b09-9410-2cc5e5047656'' could not be found."}}'
+ ''d157c373-a6c4-483d-aaad-570756956268'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -25531,7 +39170,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:44 GMT
+ - Fri, 06 Dec 2019 22:15:19 GMT
expires:
- '-1'
pragma:
@@ -25557,29 +39196,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/d157c373-a6c4-483d-aaad-570756956268?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Deploy Advanced Threat Protection for
- Cosmos DB Accounts","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy enables Advanced Threat Protection across Cosmos DB accounts.","metadata":{"category":"Cosmos
- DB"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/advancedThreatProtectionSettings","name":"current","existenceCondition":{"field":"Microsoft.Security/advancedThreatProtectionSettings/isEnabled","equals":"true"},"roleDefinitionIds":["/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"cosmosDbAccountName":{"type":"string"}},"resources":[{"apiVersion":"2017-08-01-preview","type":"Microsoft.DocumentDB/databaseAccounts/providers/advancedThreatProtectionSettings","name":"[concat(parameters(''cosmosDbAccountName''),
- ''/Microsoft.Security/current'')]","properties":{"isEnabled":true}}]},"parameters":{"cosmosDbAccountName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656","type":"Microsoft.Authorization/policyDefinitions","name":"b5f04e03-92a3-4b09-9410-2cc5e5047656"}'
+ string: '{"properties":{"displayName":"Add or replace a tag on resource groups","policyType":"BuiltIn","mode":"All","description":"Adds
+ or replaces the specified tag and value when any resource group is created
+ or updated. Existing resource groups can be remediated by triggering a remediation
+ task.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag
+ Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","notEquals":"[parameters(''tagValue'')]"}]},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"addOrReplace","field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d157c373-a6c4-483d-aaad-570756956268","type":"Microsoft.Authorization/policyDefinitions","name":"d157c373-a6c4-483d-aaad-570756956268"}'
headers:
cache-control:
- no-cache
content-length:
- - '1673'
+ - '1269'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:44 GMT
+ - Fri, 06 Dec 2019 22:15:20 GMT
expires:
- '-1'
pragma:
@@ -25609,16 +39250,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0'' could not be found."}}'
+ ''d158790f-bfb0-486c-8631-2dc6b4e8e6af'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -25627,7 +39268,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:44 GMT
+ - Fri, 06 Dec 2019 22:15:23 GMT
expires:
- '-1'
pragma:
@@ -25653,29 +39294,32 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Diagnostic logs in App Services should
- be enabled","policyType":"BuiltIn","mode":"All","description":"Audit enabling
- of diagnostic logs on the app. This enables you to recreate activity trails
- for investigation purposes if a security incident occurs or your network is
- compromised","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","notContains":"functionapp"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"allOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","equals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0","type":"Microsoft.Authorization/policyDefinitions","name":"b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0"}'
+ string: '{"properties":{"displayName":"Enforce SSL connection should be enabled
+ for PostgreSQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any PostgreSQL server that is not enforcing SSL connection.
+ Azure Database for PostgreSQL prefers connecting your client applications
+ to the PostgreSQL service using Secure Sockets Layer (SSL). Enforcing SSL
+ connections between your database server and your client applications helps
+ protect against ''man-in-the-middle'' attacks by encrypting the data stream
+ between the server and your application","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","type":"Microsoft.Authorization/policyDefinitions","name":"d158790f-bfb0-486c-8631-2dc6b4e8e6af"}'
headers:
cache-control:
- no-cache
content-length:
- - '1250'
+ - '1299'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:45 GMT
+ - Fri, 06 Dec 2019 22:15:24 GMT
expires:
- '-1'
pragma:
@@ -25705,16 +39349,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''b6e2945c-0b7b-40f5-9233-7a5323b5cdc6'' could not be found."}}'
+ ''d1cb47db-b7a1-4c46-814e-aad1c0e84f3c'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -25723,7 +39367,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:45 GMT
+ - Fri, 06 Dec 2019 22:15:26 GMT
expires:
- '-1'
pragma:
@@ -25749,30 +39393,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Network Watcher should be enabled","policyType":"BuiltIn","mode":"All","description":"Network
- Watcher is a regional service that enables you to monitor and diagnose conditions
- at a network scenario level in, to, and from Azure. Scenario level monitoring
- enables you to diagnose problems at an end to end network level view. Network
- diagnostic and visualization tools available with Network Watcher help you
- understand, diagnose, and gain insights to your network in Azure.","metadata":{"category":"Network"},"parameters":{"listOfLocations":{"type":"Array","metadata":{"displayName":"Locations","description":"Audit
- if Network Watcher is not enabled for region(s).","strongType":"location"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Network/networkWatchers","resourceGroupName":"NetworkWatcherRG","existenceCondition":{"field":"location","in":"[parameters(''listOfLocations'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6","type":"Microsoft.Authorization/policyDefinitions","name":"b6e2945c-0b7b-40f5-9233-7a5323b5cdc6"}'
+ string: '{"properties":{"displayName":"[Deprecated]: Audit Function Apps that
+ are not using custom domains","policyType":"BuiltIn","mode":"All","description":"Use
+ of custom domains protects a Function app from common attacks such as phishing
+ and other DNS-related attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c","type":"Microsoft.Authorization/policyDefinitions","name":"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c"}'
headers:
cache-control:
- no-cache
content-length:
- - '1211'
+ - '1235'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:45 GMT
+ - Fri, 06 Dec 2019 22:15:27 GMT
expires:
- '-1'
pragma:
@@ -25802,16 +39444,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d38b4c26-9d2e-47d7-aefe-18d859a8706a?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''b7ddfbdc-1260-477d-91fd-98bd9be789a6'' could not be found."}}'
+ ''d38b4c26-9d2e-47d7-aefe-18d859a8706a'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -25820,7 +39462,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:45 GMT
+ - Fri, 06 Dec 2019 22:15:29 GMT
expires:
- '-1'
pragma:
@@ -25846,28 +39488,40 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/d38b4c26-9d2e-47d7-aefe-18d859a8706a?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"API App should only be accessible over
- HTTPS","policyType":"BuiltIn","mode":"Indexed","description":"Use of HTTPS
- ensures server/service authentication and protects data in transit from network
- layer eavesdropping attacks.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6","type":"Microsoft.Authorization/policyDefinitions","name":"b7ddfbdc-1260-477d-91fd-98bd9be789a6"}'
+ string: '{"properties":{"displayName":"[Preview]: Deploy prerequisites to audit
+ Windows VMs on which the DSC configuration is not compliant","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Windows VMs on which
+ the Desired State Configuration (DSC) configuration is not compliant. This
+ policy is only applicable to machines with WMF 4 and above. It also creates
+ a system-assigned managed identity and deploys the VM extension for Guest
+ Configuration. This policy should only be used along with its corresponding
+ audit policy in an initiative. For more information on Guest Configuration
+ policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDscConfiguration","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDscConfiguration"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d38b4c26-9d2e-47d7-aefe-18d859a8706a","type":"Microsoft.Authorization/policyDefinitions","name":"d38b4c26-9d2e-47d7-aefe-18d859a8706a"}'
headers:
cache-control:
- no-cache
content-length:
- - '900'
+ - '5330'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:46 GMT
+ - Fri, 06 Dec 2019 22:15:30 GMT
expires:
- '-1'
pragma:
@@ -25897,16 +39551,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/b821191b-3a12-44bc-9c38-212138a29ff3?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''b821191b-3a12-44bc-9c38-212138a29ff3'' could not be found."}}'
+ ''d38fc420-0735-4ef3-ac11-c806f651a570'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -25915,7 +39569,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:47 GMT
+ - Fri, 06 Dec 2019 22:15:32 GMT
expires:
- '-1'
pragma:
@@ -25941,43 +39595,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/b821191b-3a12-44bc-9c38-212138a29ff3?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Deploy prerequisites to audit Windows
- VMs in which the Administrators group does not contain only the specified
- members","policyType":"BuiltIn","mode":"Indexed","description":"This policy
- creates a Guest Configuration assignment to audit Windows virtual machines
- in which the Administrators group does not contain only the specified members.
- It also creates a system-assigned managed identity and deploys the VM extension
- for Guest Configuration. This policy should only be used along with its corresponding
- audit policy in an initiative. For more information on Guest Configuration
- policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"Members":{"type":"String","metadata":{"displayName":"Members","description":"A
- semicolon-separated list of all the expected members of the Administrators
- local group. Ex: Administrator; myUser1; myUser2"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AdministratorsGroupMembers","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[LocalGroup]AdministratorsGroup;Members'',
- ''='', parameters(''Members'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"AdministratorsGroupMembers"},"Members":{"value":"[parameters(''Members'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"Members":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;Members","value":"[parameters(''Members'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[LocalGroup]AdministratorsGroup;Members","value":"[parameters(''Members'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b821191b-3a12-44bc-9c38-212138a29ff3","type":"Microsoft.Authorization/policyDefinitions","name":"b821191b-3a12-44bc-9c38-212138a29ff3"}'
+ string: '{"properties":{"displayName":"Long-term geo-redundant backup should
+ be enabled for Azure SQL Databases","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Azure SQL Database with long-term geo-redundant backup not
+ enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies","name":"default","existenceCondition":{"anyOf":[{"field":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies/weeklyRetention","notEquals":"PT0S"},{"field":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies/monthlyRetention","notEquals":"PT0S"},{"field":"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies/yearlyRetention","notEquals":"PT0S"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570","type":"Microsoft.Authorization/policyDefinitions","name":"d38fc420-0735-4ef3-ac11-c806f651a570"}'
headers:
cache-control:
- no-cache
content-length:
- - '5956'
+ - '1290'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:47 GMT
+ - Fri, 06 Dec 2019 22:15:34 GMT
expires:
- '-1'
pragma:
@@ -26007,16 +39646,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/b872a447-cc6f-43b9-bccf-45703cd81607?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d416745a-506c-48b6-8ab1-83cb814bcaa3?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''b872a447-cc6f-43b9-bccf-45703cd81607'' could not be found."}}'
+ ''d416745a-506c-48b6-8ab1-83cb814bcaa3'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -26025,7 +39664,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:47 GMT
+ - Fri, 06 Dec 2019 22:15:35 GMT
expires:
- '-1'
pragma:
@@ -26051,31 +39690,29 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/b872a447-cc6f-43b9-bccf-45703cd81607?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/d416745a-506c-48b6-8ab1-83cb814bcaa3?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
- VMs configurations in ''Security Options - Accounts''","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines with non-compliant settings in Group Policy
- category: ''Security Options - Accounts''. For more information on Guest Configuration
- policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAccounts","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b872a447-cc6f-43b9-bccf-45703cd81607","type":"Microsoft.Authorization/policyDefinitions","name":"b872a447-cc6f-43b9-bccf-45703cd81607"}'
+ string: '{"properties":{"displayName":"Virtual machines should be connected
+ to an approved virtual network","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any virtual machine connected to a virtual network that is not
+ approved.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
+ effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"virtualNetworkId":{"type":"String","metadata":{"displayName":"Virtual
+ network Id","description":"Resource Id of the virtual network. Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroupName/providers/Microsoft.Network/virtualNetworks/Name"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkInterfaces"},{"not":{"field":"Microsoft.Network/networkInterfaces/ipconfigurations[*].subnet.id","like":"[concat(parameters(''virtualNetworkId''),''/*'')]"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d416745a-506c-48b6-8ab1-83cb814bcaa3","type":"Microsoft.Authorization/policyDefinitions","name":"d416745a-506c-48b6-8ab1-83cb814bcaa3"}'
headers:
cache-control:
- no-cache
content-length:
- - '2647'
+ - '1261'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:47 GMT
+ - Fri, 06 Dec 2019 22:15:36 GMT
expires:
- '-1'
pragma:
@@ -26105,16 +39742,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''ba12366f-f9a6-42b8-9d98-157d0b1a837b'' could not be found."}}'
+ ''d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -26123,7 +39760,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:47 GMT
+ - Fri, 06 Dec 2019 22:15:38 GMT
expires:
- '-1'
pragma:
@@ -26149,31 +39786,39 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
- VMs configurations in ''Security Options - Recovery console''","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines with non-compliant settings in Group Policy
- category: ''Security Options - Recovery console''. For more information on
- Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsRecoveryconsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b","type":"Microsoft.Authorization/policyDefinitions","name":"ba12366f-f9a6-42b8-9d98-157d0b1a837b"}'
+ string: '{"properties":{"displayName":"Deploy Diagnostic Settings for Data Lake
+ Analytics to Log Analytics workspace","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Analytics to stream to a regional Log
+ Analytics workspace when any Data Lake Analytics which is missing this diagnostic
+ settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_logAnalytics"},"logAnalytics":{"type":"String","metadata":{"displayName":"Log
+ Analytics workspace","description":"Select Log Analytics workspace from dropdown
+ list. If this workspace is outside of the scope of the assignment you must
+ manually grant ''Log Analytics Contributor'' permissions (or similar) to the
+ policy assignment''s principal ID.","strongType":"omsWorkspace","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeAnalytics/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeAnalytics/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"workspaceId":"[parameters(''logAnalytics'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03","type":"Microsoft.Authorization/policyDefinitions","name":"d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03"}'
headers:
cache-control:
- no-cache
content-length:
- - '2670'
+ - '3809'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:47 GMT
+ - Fri, 06 Dec 2019 22:15:39 GMT
expires:
- '-1'
pragma:
@@ -26203,16 +39848,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/bbcdd8fa-b600-4ee3-85b8-d184e3339652?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d63edb4a-c612-454d-b47d-191a724fcbf0?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''bbcdd8fa-b600-4ee3-85b8-d184e3339652'' could not be found."}}'
+ ''d63edb4a-c612-454d-b47d-191a724fcbf0'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -26221,7 +39866,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:48 GMT
+ - Fri, 06 Dec 2019 22:15:42 GMT
expires:
- '-1'
pragma:
@@ -26247,67 +39892,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/bbcdd8fa-b600-4ee3-85b8-d184e3339652?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/d63edb4a-c612-454d-b47d-191a724fcbf0?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
- Windows VMs configurations in ''Security Options - Microsoft Network Client''","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Windows virtual machines
- with non-compliant settings in Group Policy category: ''Security Options -
- Microsoft Network Client''. It also creates a system-assigned managed identity
- and deploys the VM extension for Guest Configuration. This policy should only
- be used along with its corresponding audit policy in an initiative. For more
- information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"MicrosoftNetworkClientDigitallySignCommunicationsAlways":{"type":"String","metadata":{"displayName":"Microsoft
- network client: Digitally sign communications (always)","description":"Specifies
- whether packet signing is required by the SMB client component."},"defaultValue":"1"},"MicrosoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers":{"type":"String","metadata":{"displayName":"Microsoft
- network client: Send unencrypted password to third-party SMB servers","description":"Specifies
- whether the SMB redirector will send plaintext passwords during authentication
- to third-party SMB servers that do not support password encryption. It is
- recommended that you disable this policy setting unless there is a strong
- business case to enable it."},"defaultValue":"0"},"MicrosoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession":{"type":"String","metadata":{"displayName":"Microsoft
- network server: Amount of idle time required before suspending session","description":"Specifies
- the amount of continuous idle time that must pass in an SMB session before
- the session is suspended because of inactivity. The format of the value is
- two integers separated by a comma, denoting an inclusive range."},"defaultValue":"1,15"},"MicrosoftNetworkServerDigitallySignCommunicationsAlways":{"type":"String","metadata":{"displayName":"Microsoft
- network server: Digitally sign communications (always)","description":"Specifies
- whether packet signing is required by the SMB server component."},"defaultValue":"1"},"MicrosoftNetworkServerDisconnectClientsWhenLogonHoursExpire":{"type":"String","metadata":{"displayName":"Microsoft
- network server: Disconnect clients when logon hours expire","description":"Specifies
- whether to disconnect users who are connected to the local computer outside
- their user account''s valid logon hours. This setting affects the Server Message
- Block (SMB) component. If you enable this policy setting you should also enable
- ''Network security: Force logoff when logon hours expire''"},"defaultValue":"1"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkClient","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''Microsoft
- network client: Digitally sign communications (always);ExpectedValue'', ''='',
- parameters(''MicrosoftNetworkClientDigitallySignCommunicationsAlways''), '','',
- ''Microsoft network client: Send unencrypted password to third-party SMB servers;ExpectedValue'',
- ''='', parameters(''MicrosoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers''),
- '','', ''Microsoft network server: Amount of idle time required before suspending
- session;ExpectedValue'', ''='', parameters(''MicrosoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession''),
- '','', ''Microsoft network server: Digitally sign communications (always);ExpectedValue'',
- ''='', parameters(''MicrosoftNetworkServerDigitallySignCommunicationsAlways''),
- '','', ''Microsoft network server: Disconnect clients when logon hours expire;ExpectedValue'',
- ''='', parameters(''MicrosoftNetworkServerDisconnectClientsWhenLogonHoursExpire'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsMicrosoftNetworkClient"},"MicrosoftNetworkClientDigitallySignCommunicationsAlways":{"value":"[parameters(''MicrosoftNetworkClientDigitallySignCommunicationsAlways'')]"},"MicrosoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers":{"value":"[parameters(''MicrosoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers'')]"},"MicrosoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession":{"value":"[parameters(''MicrosoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession'')]"},"MicrosoftNetworkServerDigitallySignCommunicationsAlways":{"value":"[parameters(''MicrosoftNetworkServerDigitallySignCommunicationsAlways'')]"},"MicrosoftNetworkServerDisconnectClientsWhenLogonHoursExpire":{"value":"[parameters(''MicrosoftNetworkServerDisconnectClientsWhenLogonHoursExpire'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"MicrosoftNetworkClientDigitallySignCommunicationsAlways":{"type":"string"},"MicrosoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers":{"type":"string"},"MicrosoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession":{"type":"string"},"MicrosoftNetworkServerDigitallySignCommunicationsAlways":{"type":"string"},"MicrosoftNetworkServerDisconnectClientsWhenLogonHoursExpire":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Microsoft
- network client: Digitally sign communications (always);ExpectedValue","value":"[parameters(''MicrosoftNetworkClientDigitallySignCommunicationsAlways'')]"},{"name":"Microsoft
- network client: Send unencrypted password to third-party SMB servers;ExpectedValue","value":"[parameters(''MicrosoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers'')]"},{"name":"Microsoft
- network server: Amount of idle time required before suspending session;ExpectedValue","value":"[parameters(''MicrosoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession'')]"},{"name":"Microsoft
- network server: Digitally sign communications (always);ExpectedValue","value":"[parameters(''MicrosoftNetworkServerDigitallySignCommunicationsAlways'')]"},{"name":"Microsoft
- network server: Disconnect clients when logon hours expire;ExpectedValue","value":"[parameters(''MicrosoftNetworkServerDisconnectClientsWhenLogonHoursExpire'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bbcdd8fa-b600-4ee3-85b8-d184e3339652","type":"Microsoft.Authorization/policyDefinitions","name":"bbcdd8fa-b600-4ee3-85b8-d184e3339652"}'
+ string: '{"properties":{"displayName":"Event Hub should use a virtual network
+ service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Event Hub not configured to use a virtual network service
+ endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.EventHub/namespaces/virtualNetworkRules","existenceCondition":{"field":"Microsoft.EventHub/namespaces/virtualNetworkRules/virtualNetworkSubnetId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d63edb4a-c612-454d-b47d-191a724fcbf0","type":"Microsoft.Authorization/policyDefinitions","name":"d63edb4a-c612-454d-b47d-191a724fcbf0"}'
headers:
cache-control:
- no-cache
content-length:
- - '9604'
+ - '999'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:49 GMT
+ - Fri, 06 Dec 2019 22:15:43 GMT
expires:
- '-1'
pragma:
@@ -26337,16 +39943,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d7ccd0ca-8d78-42af-a43d-6b7f928accbc?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''bc0378bb-d7ab-4614-a0f6-5a6e3f02d644'' could not be found."}}'
+ ''d7ccd0ca-8d78-42af-a43d-6b7f928accbc'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -26355,7 +39961,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:49 GMT
+ - Fri, 06 Dec 2019 22:15:45 GMT
expires:
- '-1'
pragma:
@@ -26381,29 +39987,30 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/d7ccd0ca-8d78-42af-a43d-6b7f928accbc?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Deprecated]: Audit API Applications
- that are not using latest supported Python Framework","policyType":"BuiltIn","mode":"All","description":"Use
- the latest supported Python version for the latest security classes. Using
- older classes and types can make your application vulnerable.","metadata":{"category":"Security
- Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestPython","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644","type":"Microsoft.Authorization/policyDefinitions","name":"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644"}'
+ string: '{"properties":{"displayName":"Show audit results from Windows Server
+ VMs on which Windows Serial Console is not enabled","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Windows Server virtual machines on which Windows Serial Console is
+ not enabled. For more information on Guest Configuration policies, please
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsSerialConsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d7ccd0ca-8d78-42af-a43d-6b7f928accbc","type":"Microsoft.Authorization/policyDefinitions","name":"d7ccd0ca-8d78-42af-a43d-6b7f928accbc"}'
headers:
cache-control:
- no-cache
content-length:
- - '1207'
+ - '2745'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:49 GMT
+ - Fri, 06 Dec 2019 22:15:46 GMT
expires:
- '-1'
pragma:
@@ -26433,16 +40040,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/bc87d811-4a9b-47cc-ae54-0a41abda7768?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/db51110f-0865-4a6e-b274-e2e07a5b2cd7?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''bc87d811-4a9b-47cc-ae54-0a41abda7768'' could not be found."}}'
+ ''db51110f-0865-4a6e-b274-e2e07a5b2cd7'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -26451,7 +40058,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:49 GMT
+ - Fri, 06 Dec 2019 22:15:47 GMT
expires:
- '-1'
pragma:
@@ -26477,31 +40084,40 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/bc87d811-4a9b-47cc-ae54-0a41abda7768?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/db51110f-0865-4a6e-b274-e2e07a5b2cd7?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
- VMs configurations in ''System Audit Policies - Account Logon''","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines with non-compliant settings in Group Policy
- category: ''System Audit Policies - Account Logon''. For more information
- on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesAccountLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bc87d811-4a9b-47cc-ae54-0a41abda7768","type":"Microsoft.Authorization/policyDefinitions","name":"bc87d811-4a9b-47cc-ae54-0a41abda7768"}'
+ string: '{"properties":{"displayName":"Deploy Diagnostic Settings for Batch
+ Account to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Batch Account to stream to a regional Event Hub
+ when any Batch Account which is missing this diagnostic settings is created
+ or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Batch/batchAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Batch/batchAccounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ServiceLog","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/db51110f-0865-4a6e-b274-e2e07a5b2cd7","type":"Microsoft.Authorization/policyDefinitions","name":"db51110f-0865-4a6e-b274-e2e07a5b2cd7"}'
headers:
cache-control:
- no-cache
content-length:
- - '2675'
+ - '3733'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:49 GMT
+ - Fri, 06 Dec 2019 22:15:48 GMT
expires:
- '-1'
pragma:
@@ -26531,16 +40147,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''bd352bd5-2853-4985-bf0d-73806b4a5744'' could not be found."}}'
+ ''dd2ea520-6b06-45c3-806e-ea297c23e06a'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -26549,7 +40165,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:49 GMT
+ - Fri, 06 Dec 2019 22:15:50 GMT
expires:
- '-1'
pragma:
@@ -26575,30 +40191,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: IP Forwarding on your virtual
- machine should be disabled","policyType":"BuiltIn","mode":"All","description":"Enabling
- IP forwarding on a virtual machine''s NIC allows the machine to receive traffic
- addressed to other destinations. IP forwarding is rarely required (e.g., when
- using the VM as a network virtual appliance), and therefore, this should be
- reviewed by the network security team.","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"disableIPForwarding","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["Monitored","OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744","type":"Microsoft.Authorization/policyDefinitions","name":"bd352bd5-2853-4985-bf0d-73806b4a5744"}'
+ string: '{"properties":{"displayName":"[Deprecated]: Audit Web Applications
+ that are not using custom domains","policyType":"BuiltIn","mode":"All","description":"Use
+ of custom domains protects a web application from common attacks such as phishing
+ and other DNS-related attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a","type":"Microsoft.Authorization/policyDefinitions","name":"dd2ea520-6b06-45c3-806e-ea297c23e06a"}'
headers:
cache-control:
- no-cache
content-length:
- - '1287'
+ - '1252'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:49 GMT
+ - Fri, 06 Dec 2019 22:15:51 GMT
expires:
- '-1'
pragma:
@@ -26628,16 +40242,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/dd4680ed-0559-4a6a-ad10-081d14cbb484?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''bda18df3-5e41-4709-add9-2554ce68c966'' could not be found."}}'
+ ''dd4680ed-0559-4a6a-ad10-081d14cbb484'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -26646,7 +40260,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:50 GMT
+ - Fri, 06 Dec 2019 22:15:49 GMT
expires:
- '-1'
pragma:
@@ -26672,29 +40286,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/dd4680ed-0559-4a6a-ad10-081d14cbb484?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Advanced Threat Protection types should
- be set to ''All'' in SQL managed instance Advanced Data Security settings","policyType":"BuiltIn","mode":"Indexed","description":"It
- is recommended to enable all Advanced Threat Protection types on your SQL
- servers. Enabling all types protects against SQL injection, database vulnerabilities,
- and any other anomalous activities.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/managedInstances"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/managedInstances/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/managedInstances/securityAlertPolicies/disabledAlerts[*]","equals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966","type":"Microsoft.Authorization/policyDefinitions","name":"bda18df3-5e41-4709-add9-2554ce68c966"}'
+ string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
+ VMs configurations in ''System Audit Policies - Policy Change''","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Windows virtual machines with non-compliant settings in Group Policy
+ category: ''System Audit Policies - Policy Change''. For more information
+ on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPolicyChange","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd4680ed-0559-4a6a-ad10-081d14cbb484","type":"Microsoft.Authorization/policyDefinitions","name":"dd4680ed-0559-4a6a-ad10-081d14cbb484"}'
headers:
cache-control:
- no-cache
content-length:
- - '1174'
+ - '2675'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:51 GMT
+ - Fri, 06 Dec 2019 22:15:50 GMT
expires:
- '-1'
pragma:
@@ -26724,16 +40340,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ddb53c61-9db4-41d4-a953-2abff5b66c12?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''bde62c94-ccca-4821-a815-92c1d31a76de'' could not be found."}}'
+ ''ddb53c61-9db4-41d4-a953-2abff5b66c12'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -26742,7 +40358,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:51 GMT
+ - Fri, 06 Dec 2019 22:15:57 GMT
expires:
- '-1'
pragma:
@@ -26768,31 +40384,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/ddb53c61-9db4-41d4-a953-2abff5b66c12?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Show audit results from Windows VMs in
- which the Administrators group contains any of the specified members","policyType":"BuiltIn","mode":"All","description":"This
+ string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
+ VMs configurations in ''Security Settings - Account Policies''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines in which the Administrators group contains
- any of the specified members. For more information on Guest Configuration
- policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AdministratorsGroupMembersToExclude","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de","type":"Microsoft.Authorization/policyDefinitions","name":"bde62c94-ccca-4821-a815-92c1d31a76de"}'
+ auditing Windows virtual machines with non-compliant settings in Group Policy
+ category: ''Security Settings - Account Policies''. For more information on
+ Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecuritySettingsAccountPolicies","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ddb53c61-9db4-41d4-a953-2abff5b66c12","type":"Microsoft.Authorization/policyDefinitions","name":"ddb53c61-9db4-41d4-a953-2abff5b66c12"}'
headers:
cache-control:
- no-cache
content-length:
- - '2796'
+ - '2673'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:51 GMT
+ - Fri, 06 Dec 2019 22:15:58 GMT
expires:
- '-1'
pragma:
@@ -26822,16 +40438,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''be0a7681-bed4-48dc-9ff3-f0171ee170b6'' could not be found."}}'
+ ''ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -26840,7 +40456,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:51 GMT
+ - Fri, 06 Dec 2019 22:15:59 GMT
expires:
- '-1'
pragma:
@@ -26866,29 +40482,40 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Deprecated]: Audit Web Applications
- that are not using latest supported Java Framework","policyType":"BuiltIn","mode":"All","description":"Use
- the latest supported Java version for the latest security classes. Using older
- classes and types can make your application vulnerable.","metadata":{"category":"Security
- Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestJava","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6","type":"Microsoft.Authorization/policyDefinitions","name":"be0a7681-bed4-48dc-9ff3-f0171ee170b6"}'
+ string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
+ Windows VMs configurations in ''Security Options - Recovery console''","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Windows virtual machines
+ with non-compliant settings in Group Policy category: ''Security Options -
+ Recovery console''. It also creates a system-assigned managed identity and
+ deploys the VM extension for Guest Configuration. This policy should only
+ be used along with its corresponding audit policy in an initiative. For more
+ information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"type":"String","metadata":{"displayName":"Recovery
+ console: Allow floppy copy and access to all drives and all folders","description":"Specifies
+ whether to make the Recovery Console SET command available, which allows setting
+ of recovery console environment variables."},"defaultValue":"0"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsRecoveryconsole","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''Recovery
+ console: Allow floppy copy and access to all drives and all folders;ExpectedValue'',
+ ''='', parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsRecoveryconsole"},"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Recovery
+ console: Allow floppy copy and access to all drives and all folders;ExpectedValue","value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b","type":"Microsoft.Authorization/policyDefinitions","name":"ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b"}'
headers:
cache-control:
- no-cache
content-length:
- - '1287'
+ - '5535'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:51 GMT
+ - Fri, 06 Dec 2019 22:16:00 GMT
expires:
- '-1'
pragma:
@@ -26918,16 +40545,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c04255ee-1b9f-42c1-abaa-bf1553f79930?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''c04255ee-1b9f-42c1-abaa-bf1553f79930'' could not be found."}}'
+ ''e01598e8-6538-41ed-95e8-8b29746cd697'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -26936,7 +40563,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:51 GMT
+ - Fri, 06 Dec 2019 22:16:03 GMT
expires:
- '-1'
pragma:
@@ -26962,39 +40589,26 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/c04255ee-1b9f-42c1-abaa-bf1553f79930?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
- Windows VMs configurations in ''System Audit Policies - Logon-Logoff''","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Windows virtual machines
- with non-compliant settings in Group Policy category: ''System Audit Policies
- - Logon-Logoff''. It also creates a system-assigned managed identity and deploys
- the VM extension for Guest Configuration. This policy should only be used
- along with its corresponding audit policy in an initiative. For more information
- on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"AuditGroupMembership":{"type":"String","metadata":{"displayName":"Audit
- Group Membership","description":"Specifies whether audit events are generated
- when group memberships are enumerated on the client computer."},"allowedValues":["No
- Auditing","Success","Failure","Success and Failure"],"defaultValue":"Success"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesLogonLogoff","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''Audit
- Group Membership;ExpectedValue'', ''='', parameters(''AuditGroupMembership'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesLogonLogoff"},"AuditGroupMembership":{"value":"[parameters(''AuditGroupMembership'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AuditGroupMembership":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit
- Group Membership;ExpectedValue","value":"[parameters(''AuditGroupMembership'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c04255ee-1b9f-42c1-abaa-bf1553f79930","type":"Microsoft.Authorization/policyDefinitions","name":"c04255ee-1b9f-42c1-abaa-bf1553f79930"}'
+ string: '{"properties":{"displayName":"[Deprecated]: Allow resource creation
+ only in Japan data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
+ resource creation in the following locations only: Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697","type":"Microsoft.Authorization/policyDefinitions","name":"e01598e8-6538-41ed-95e8-8b29746cd697"}'
headers:
cache-control:
- no-cache
content-length:
- - '5170'
+ - '601'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:51 GMT
+ - Fri, 06 Dec 2019 22:16:04 GMT
expires:
- '-1'
pragma:
@@ -27024,16 +40638,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''c0e996f8-39cf-4af9-9f45-83fbde810432'' could not be found."}}'
+ ''e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -27042,7 +40656,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:52 GMT
+ - Fri, 06 Dec 2019 22:16:06 GMT
expires:
- '-1'
pragma:
@@ -27068,29 +40682,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Only approved VM extensions should be
- installed","policyType":"BuiltIn","mode":"Indexed","description":"This policy
- governs the virtual machine extensions that are not approved.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"},"approvedExtensions":{"type":"Array","metadata":{"description":"The
- list of approved extension types that can be installed. Example: AzureDiskEncryption","displayName":"Approved
- extensions"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines/extensions"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","notIn":"[parameters(''approvedExtensions'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432","type":"Microsoft.Authorization/policyDefinitions","name":"c0e996f8-39cf-4af9-9f45-83fbde810432"}'
+ string: '{"properties":{"displayName":"Cosmos DB should use a virtual network
+ service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Cosmos DB not configured to use a virtual network service
+ endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"field":"Microsoft.DocumentDB/databaseAccounts/virtualNetworkRules[*].id","exists":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9","type":"Microsoft.Authorization/policyDefinitions","name":"e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9"}'
headers:
cache-control:
- no-cache
content-length:
- - '1124'
+ - '897'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:52 GMT
+ - Fri, 06 Dec 2019 22:16:07 GMT
expires:
- '-1'
pragma:
@@ -27120,16 +40733,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e0efc13a-122a-47c5-b817-2ccfe5d12615?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''c1b9cbed-08e3-427d-b9ce-7c535b1e9b94'' could not be found."}}'
+ ''e0efc13a-122a-47c5-b817-2ccfe5d12615'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -27138,7 +40751,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:52 GMT
+ - Fri, 06 Dec 2019 22:16:09 GMT
expires:
- '-1'
pragma:
@@ -27164,27 +40777,41 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/e0efc13a-122a-47c5-b817-2ccfe5d12615?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Allow resource creation only in Asia
- data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
- resource creation in the following locations only: East Asia, Southeast Asia,
- West India, South India, Central India, Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["eastasia","southeastasia","westindia","southindia","centralindia","japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94","type":"Microsoft.Authorization/policyDefinitions","name":"c1b9cbed-08e3-427d-b9ce-7c535b1e9b94"}'
+ string: '{"properties":{"displayName":"Deploy prerequisites to audit Windows
+ VMs that do not have the specified Windows PowerShell execution policy","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Windows virtual machines
+ where Windows PowerShell is not configured to use the specified PowerShell
+ execution policy. It also creates a system-assigned managed identity and deploys
+ the VM extension for Guest Configuration. This policy should only be used
+ along with its corresponding audit policy in an initiative. For more information
+ on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"ExecutionPolicy":{"type":"String","metadata":{"displayName":"PowerShell
+ Execution Policy","description":"The expected PowerShell execution policy."},"allowedValues":["AllSigned","Bypass","Default","RemoteSigned","Restricted","Undefined","Unrestricted"]}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellExecutionPolicy","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[PowerShellExecutionPolicy]PowerShellExecutionPolicy1;ExecutionPolicy'',
+ ''='', parameters(''ExecutionPolicy'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPowerShellExecutionPolicy"},"ExecutionPolicy":{"value":"[parameters(''ExecutionPolicy'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ExecutionPolicy":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellExecutionPolicy]PowerShellExecutionPolicy1;ExecutionPolicy","value":"[parameters(''ExecutionPolicy'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellExecutionPolicy]PowerShellExecutionPolicy1;ExecutionPolicy","value":"[parameters(''ExecutionPolicy'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0efc13a-122a-47c5-b817-2ccfe5d12615","type":"Microsoft.Authorization/policyDefinitions","name":"e0efc13a-122a-47c5-b817-2ccfe5d12615"}'
headers:
cache-control:
- no-cache
content-length:
- - '720'
+ - '6229'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:53 GMT
+ - Fri, 06 Dec 2019 22:16:10 GMT
expires:
- '-1'
pragma:
@@ -27214,16 +40841,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c1e289c0-ffad-475d-a924-adc058765d65?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''c1e289c0-ffad-475d-a924-adc058765d65'' could not be found."}}'
+ ''e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -27232,7 +40859,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:53 GMT
+ - Fri, 06 Dec 2019 22:16:12 GMT
expires:
- '-1'
pragma:
@@ -27258,42 +40885,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/c1e289c0-ffad-475d-a924-adc058765d65?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
- Windows VMs configurations in ''System Audit Policies - Account Logon''","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Windows virtual machines
- with non-compliant settings in Group Policy category: ''System Audit Policies
- - Account Logon''. It also creates a system-assigned managed identity and
- deploys the VM extension for Guest Configuration. This policy should only
- be used along with its corresponding audit policy in an initiative. For more
- information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"AuditCredentialValidation":{"type":"String","metadata":{"displayName":"Audit
- Credential Validation","description":"Specifies whether audit events are generated
- when credentials are submitted for a user account logon request. This setting
- is especially useful for monitoring unsuccessful attempts, to find brute-force
- attacks, account enumeration, and potential account compromise events on domain
- controllers."},"allowedValues":["No Auditing","Success","Failure","Success
- and Failure"],"defaultValue":"Success and Failure"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesAccountLogon","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''Audit
- Credential Validation;ExpectedValue'', ''='', parameters(''AuditCredentialValidation'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesAccountLogon"},"AuditCredentialValidation":{"value":"[parameters(''AuditCredentialValidation'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AuditCredentialValidation":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit
- Credential Validation;ExpectedValue","value":"[parameters(''AuditCredentialValidation'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1e289c0-ffad-475d-a924-adc058765d65","type":"Microsoft.Authorization/policyDefinitions","name":"c1e289c0-ffad-475d-a924-adc058765d65"}'
+ string: '{"properties":{"displayName":"Vulnerabilities in security configuration
+ on your machines should be remediated","policyType":"BuiltIn","mode":"All","description":"Servers
+ which do not satisfy the configured baseline will be monitored by Azure Security
+ Center as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"osVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","type":"Microsoft.Authorization/policyDefinitions","name":"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15"}'
headers:
cache-control:
- no-cache
content-length:
- - '5420'
+ - '1104'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:53 GMT
+ - Fri, 06 Dec 2019 22:16:13 GMT
expires:
- '-1'
pragma:
@@ -27323,16 +40936,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c21f7060-c148-41cf-a68b-0ab3e14c764c?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''c21f7060-c148-41cf-a68b-0ab3e14c764c'' could not be found."}}'
+ ''e2c1c086-2d84-4019-bff3-c44ccd95113c'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -27341,7 +40954,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:54 GMT
+ - Fri, 06 Dec 2019 22:16:16 GMT
expires:
- '-1'
pragma:
@@ -27367,91 +40980,30 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/c21f7060-c148-41cf-a68b-0ab3e14c764c?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Deploy prerequisites to audit Windows
- VMs that are not set to the specified time zone","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Windows virtual machines
- that are not set to the specified time zone. It also creates a system-assigned
- managed identity and deploys the VM extension for Guest Configuration. This
- policy should only be used along with its corresponding audit policy in an
- initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"TimeZone":{"type":"String","metadata":{"displayName":"Time
- zone","description":"The expected time zone"},"allowedValues":["(UTC-12:00)
- International Date Line West","(UTC-11:00) Coordinated Universal Time-11","(UTC-10:00)
- Aleutian Islands","(UTC-10:00) Hawaii","(UTC-09:30) Marquesas Islands","(UTC-09:00)
- Alaska","(UTC-09:00) Coordinated Universal Time-09","(UTC-08:00) Baja California","(UTC-08:00)
- Coordinated Universal Time-08","(UTC-08:00) Pacific Time (US & Canada)","(UTC-07:00)
- Arizona","(UTC-07:00) Chihuahua, La Paz, Mazatlan","(UTC-07:00) Mountain Time
- (US & Canada)","(UTC-06:00) Central America","(UTC-06:00) Central Time (US
- & Canada)","(UTC-06:00) Easter Island","(UTC-06:00) Guadalajara, Mexico City,
- Monterrey","(UTC-06:00) Saskatchewan","(UTC-05:00) Bogota, Lima, Quito, Rio
- Branco","(UTC-05:00) Chetumal","(UTC-05:00) Eastern Time (US & Canada)","(UTC-05:00)
- Haiti","(UTC-05:00) Havana","(UTC-05:00) Indiana (East)","(UTC-05:00) Turks
- and Caicos","(UTC-04:00) Asuncion","(UTC-04:00) Atlantic Time (Canada)","(UTC-04:00)
- Caracas","(UTC-04:00) Cuiaba","(UTC-04:00) Georgetown, La Paz, Manaus, San
- Juan","(UTC-04:00) Santiago","(UTC-03:30) Newfoundland","(UTC-03:00) Araguaina","(UTC-03:00)
- Brasilia","(UTC-03:00) Cayenne, Fortaleza","(UTC-03:00) City of Buenos Aires","(UTC-03:00)
- Greenland","(UTC-03:00) Montevideo","(UTC-03:00) Punta Arenas","(UTC-03:00)
- Saint Pierre and Miquelon","(UTC-03:00) Salvador","(UTC-02:00) Coordinated
- Universal Time-02","(UTC-02:00) Mid-Atlantic - Old","(UTC-01:00) Azores","(UTC-01:00)
- Cabo Verde Is.","(UTC) Coordinated Universal Time","(UTC+00:00) Dublin, Edinburgh,
- Lisbon, London","(UTC+00:00) Monrovia, Reykjavik","(UTC+00:00) Sao Tome","(UTC+01:00)
- Casablanca","(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna","(UTC+01:00)
- Belgrade, Bratislava, Budapest, Ljubljana, Prague","(UTC+01:00) Brussels,
- Copenhagen, Madrid, Paris","(UTC+01:00) Sarajevo, Skopje, Warsaw, Zagreb","(UTC+01:00)
- West Central Africa","(UTC+02:00) Amman","(UTC+02:00) Athens, Bucharest","(UTC+02:00)
- Beirut","(UTC+02:00) Cairo","(UTC+02:00) Chisinau","(UTC+02:00) Damascus","(UTC+02:00)
- Gaza, Hebron","(UTC+02:00) Harare, Pretoria","(UTC+02:00) Helsinki, Kyiv,
- Riga, Sofia, Tallinn, Vilnius","(UTC+02:00) Jerusalem","(UTC+02:00) Kaliningrad","(UTC+02:00)
- Khartoum","(UTC+02:00) Tripoli","(UTC+02:00) Windhoek","(UTC+03:00) Baghdad","(UTC+03:00)
- Istanbul","(UTC+03:00) Kuwait, Riyadh","(UTC+03:00) Minsk","(UTC+03:00) Moscow,
- St. Petersburg","(UTC+03:00) Nairobi","(UTC+03:30) Tehran","(UTC+04:00) Abu
- Dhabi, Muscat","(UTC+04:00) Astrakhan, Ulyanovsk","(UTC+04:00) Baku","(UTC+04:00)
- Izhevsk, Samara","(UTC+04:00) Port Louis","(UTC+04:00) Saratov","(UTC+04:00)
- Tbilisi","(UTC+04:00) Volgograd","(UTC+04:00) Yerevan","(UTC+04:30) Kabul","(UTC+05:00)
- Ashgabat, Tashkent","(UTC+05:00) Ekaterinburg","(UTC+05:00) Islamabad, Karachi","(UTC+05:00)
- Qyzylorda","(UTC+05:30) Chennai, Kolkata, Mumbai, New Delhi","(UTC+05:30)
- Sri Jayawardenepura","(UTC+05:45) Kathmandu","(UTC+06:00) Astana","(UTC+06:00)
- Dhaka","(UTC+06:00) Omsk","(UTC+06:30) Yangon (Rangoon)","(UTC+07:00) Bangkok,
- Hanoi, Jakarta","(UTC+07:00) Barnaul, Gorno-Altaysk","(UTC+07:00) Hovd","(UTC+07:00)
- Krasnoyarsk","(UTC+07:00) Novosibirsk","(UTC+07:00) Tomsk","(UTC+08:00) Beijing,
- Chongqing, Hong Kong, Urumqi","(UTC+08:00) Irkutsk","(UTC+08:00) Kuala Lumpur,
- Singapore","(UTC+08:00) Perth","(UTC+08:00) Taipei","(UTC+08:00) Ulaanbaatar","(UTC+08:45)
- Eucla","(UTC+09:00) Chita","(UTC+09:00) Osaka, Sapporo, Tokyo","(UTC+09:00)
- Pyongyang","(UTC+09:00) Seoul","(UTC+09:00) Yakutsk","(UTC+09:30) Adelaide","(UTC+09:30)
- Darwin","(UTC+10:00) Brisbane","(UTC+10:00) Canberra, Melbourne, Sydney","(UTC+10:00)
- Guam, Port Moresby","(UTC+10:00) Hobart","(UTC+10:00) Vladivostok","(UTC+10:30)
- Lord Howe Island","(UTC+11:00) Bougainville Island","(UTC+11:00) Chokurdakh","(UTC+11:00)
- Magadan","(UTC+11:00) Norfolk Island","(UTC+11:00) Sakhalin","(UTC+11:00)
- Solomon Is., New Caledonia","(UTC+12:00) Anadyr, Petropavlovsk-Kamchatsky","(UTC+12:00)
- Auckland, Wellington","(UTC+12:00) Coordinated Universal Time+12","(UTC+12:00)
- Fiji","(UTC+12:00) Petropavlovsk-Kamchatsky - Old","(UTC+12:45) Chatham Islands","(UTC+13:00)
- Coordinated Universal Time+13","(UTC+13:00) Nuku''alofa","(UTC+13:00) Samoa","(UTC+14:00)
- Kiritimati Island"]}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsTimeZone","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[WindowsTimeZone]WindowsTimeZone1;TimeZone'',
- ''='', parameters(''TimeZone'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsTimeZone"},"TimeZone":{"value":"[parameters(''TimeZone'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"TimeZone":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[WindowsTimeZone]WindowsTimeZone1;TimeZone","value":"[parameters(''TimeZone'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c21f7060-c148-41cf-a68b-0ab3e14c764c","type":"Microsoft.Authorization/policyDefinitions","name":"c21f7060-c148-41cf-a68b-0ab3e14c764c"}'
+ string: '{"properties":{"displayName":"Ensure that ''HTTP Version'' is the latest,
+ if used to run the Function app","policyType":"BuiltIn","mode":"Indexed","description":"Periodically,
+ newer versions are released for HTTP either due to security flaws or to include
+ additional functionality. Using the latest HTTP version for web apps to take
+ advantage of security fixes, if any, and/or new functionalities of the newer
+ version.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.http20Enabled","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c","type":"Microsoft.Authorization/policyDefinitions","name":"e2c1c086-2d84-4019-bff3-c44ccd95113c"}'
headers:
cache-control:
- no-cache
content-length:
- - '9989'
+ - '1190'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:54 GMT
+ - Fri, 06 Dec 2019 22:16:17 GMT
expires:
- '-1'
pragma:
@@ -27481,16 +41033,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a'' could not be found."}}'
+ ''e2dd799a-a932-4e9d-ac17-d473bc3c6c10'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -27499,7 +41051,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:54 GMT
+ - Fri, 06 Dec 2019 22:16:19 GMT
expires:
- '-1'
pragma:
@@ -27525,30 +41077,32 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Show audit results from Windows VMs on
- which the specified services are not installed and ''Running''","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines on which the specified services are not
- installed and ''Running''. For more information on Guest Configuration policies,
- please visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsServiceStatus","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a","type":"Microsoft.Authorization/policyDefinitions","name":"c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a"}'
+ string: '{"properties":{"displayName":"[Preview]: Audit Dependency Agent Deployment
+ in VMSS - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports
+ VMSS as non-compliant if the VM Image (OS) is not in the list defined and
+ the agent is not installed. The list of OS images will be updated over time
+ as support is updated.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude_windows":{"type":"Array","metadata":{"displayName":"Optional:
+ List of VM images that have supported Windows OS to add to scope","description":"Example
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
+ List of VM images that have supported Linux OS to add to scope","description":"Example
+ value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10","type":"Microsoft.Authorization/policyDefinitions","name":"e2dd799a-a932-4e9d-ac17-d473bc3c6c10"}'
headers:
cache-control:
- no-cache
content-length:
- - '2765'
+ - '5770'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:55 GMT
+ - Fri, 06 Dec 2019 22:16:21 GMT
expires:
- '-1'
pragma:
@@ -27578,16 +41132,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e345b6c3-24bd-4c93-9bbb-7e5e49a17b78?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''c3f317a7-a95c-4547-b7e7-11017ebdf2fe'' could not be found."}}'
+ ''e345b6c3-24bd-4c93-9bbb-7e5e49a17b78'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -27596,7 +41150,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:55 GMT
+ - Fri, 06 Dec 2019 22:16:22 GMT
expires:
- '-1'
pragma:
@@ -27622,29 +41176,27 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/e345b6c3-24bd-4c93-9bbb-7e5e49a17b78?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"System updates on virtual machine scale
- sets should be installed","policyType":"BuiltIn","mode":"Indexed","description":"Audit
- whether there are any missing system security updates and critical updates
- that should be installed to ensure that your Windows and Linux virtual machine
- scale sets are secure.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"SystemUpdates","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe","type":"Microsoft.Authorization/policyDefinitions","name":"c3f317a7-a95c-4547-b7e7-11017ebdf2fe"}'
+ string: '{"properties":{"displayName":"Azure VPN gateways should not use ''basic''
+ SKU","policyType":"BuiltIn","mode":"All","description":"This policy ensures
+ that VPN gateways do not use ''basic'' SKU.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/virtualNetworkGateways"},{"field":"Microsoft.Network/virtualNetworkGateways/gatewayType","equals":"Vpn"},{"field":"Microsoft.Network/virtualNetworkGateways/sku.tier","equals":"Basic"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e345b6c3-24bd-4c93-9bbb-7e5e49a17b78","type":"Microsoft.Authorization/policyDefinitions","name":"e345b6c3-24bd-4c93-9bbb-7e5e49a17b78"}'
headers:
cache-control:
- no-cache
content-length:
- - '1124'
+ - '923'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:56 GMT
+ - Fri, 06 Dec 2019 22:16:24 GMT
expires:
- '-1'
pragma:
@@ -27674,16 +41226,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''c40c9087-1981-4e73-9f53-39743eda9d05'' could not be found."}}'
+ ''e3576e28-8b17-4677-84c3-db2990658d64'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -27692,7 +41244,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:56 GMT
+ - Fri, 06 Dec 2019 22:16:26 GMT
expires:
- '-1'
pragma:
@@ -27718,30 +41270,29 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Show audit results from Linux
- VMs that have accounts without passwords","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Linux virtual machines that have accounts without passwords. For
- more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid232","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","type":"Microsoft.Authorization/policyDefinitions","name":"c40c9087-1981-4e73-9f53-39743eda9d05"}'
+ string: '{"properties":{"displayName":"MFA should be enabled on accounts with
+ read permissions on your subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor
+ Authentication (MFA) should be enabled for all subscription accounts with
+ read privileges to prevent a breach of accounts or resources.","metadata":{"category":"Security
+ Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForReadPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","type":"Microsoft.Authorization/policyDefinitions","name":"e3576e28-8b17-4677-84c3-db2990658d64"}'
headers:
cache-control:
- no-cache
content-length:
- - '3164'
+ - '1104'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:56 GMT
+ - Fri, 06 Dec 2019 22:16:27 GMT
expires:
- '-1'
pragma:
@@ -27771,16 +41322,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c43e4a30-77cb-48ab-a4dd-93f175c63b57?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e3a77a94-cf41-4ee8-b45c-98be28841c03?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''c43e4a30-77cb-48ab-a4dd-93f175c63b57'' could not be found."}}'
+ ''e3a77a94-cf41-4ee8-b45c-98be28841c03'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -27789,7 +41340,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:57 GMT
+ - Fri, 06 Dec 2019 22:16:29 GMT
expires:
- '-1'
pragma:
@@ -27815,28 +41366,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/c43e4a30-77cb-48ab-a4dd-93f175c63b57?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/e3a77a94-cf41-4ee8-b45c-98be28841c03?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Microsoft Antimalware for Azure should
- be configured to automatically update protection signatures","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy audits any Windows virtual machine not configured with automatic update
- of Microsoft Antimalware protection signatures.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType","equals":"Windows"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"},{"field":"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c43e4a30-77cb-48ab-a4dd-93f175c63b57","type":"Microsoft.Authorization/policyDefinitions","name":"c43e4a30-77cb-48ab-a4dd-93f175c63b57"}'
+ string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
+ VMs configurations in ''Security Options - Shutdown''","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Windows virtual machines with non-compliant settings in Group Policy
+ category: ''Security Options - Shutdown''. For more information on Guest Configuration
+ policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsShutdown","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3a77a94-cf41-4ee8-b45c-98be28841c03","type":"Microsoft.Authorization/policyDefinitions","name":"e3a77a94-cf41-4ee8-b45c-98be28841c03"}'
headers:
cache-control:
- no-cache
content-length:
- - '1388'
+ - '2647'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:57 GMT
+ - Fri, 06 Dec 2019 22:16:30 GMT
expires:
- '-1'
pragma:
@@ -27866,16 +41420,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c5fbc59e-fb6f-494f-81e2-d99a671bdaa8?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e3d95ab7-f47a-49d8-a347-784177b6c94c?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''c5fbc59e-fb6f-494f-81e2-d99a671bdaa8'' could not be found."}}'
+ ''e3d95ab7-f47a-49d8-a347-784177b6c94c'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -27884,7 +41438,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:57 GMT
+ - Fri, 06 Dec 2019 22:16:32 GMT
expires:
- '-1'
pragma:
@@ -27910,65 +41464,59 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/c5fbc59e-fb6f-494f-81e2-d99a671bdaa8?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/e3d95ab7-f47a-49d8-a347-784177b6c94c?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy prerequisites to audit
- Windows VMs that contain certificates expiring within the specified number
- of days","policyType":"BuiltIn","mode":"Indexed","description":"This policy
- creates a Guest Configuration assignment to audit Windows virtual machines
- that contain certificates expiring within the specified number of days. It
- also creates a system-assigned managed identity and deploys the VM extension
- for Guest Configuration. This policy should only be used along with its corresponding
- audit policy in an initiative. For more information on Guest Configuration
- policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"CertificateStorePath":{"type":"String","metadata":{"displayName":"Certificate
- store path","description":"The path to the certificate store containing the
- certificates to check the expiration dates of. Default value is ''Cert:''
- which is the root certificate store path, so all certificates on the machine
- will be checked. Other example paths: ''Cert:\\LocalMachine'', ''Cert:\\LocalMachine\\TrustedPublisher'',
- ''Cert:\\CurrentUser''"},"defaultValue":"Cert:"},"ExpirationLimitInDays":{"type":"String","metadata":{"displayName":"Expiration
- limit in days","description":"An integer indicating the number of days within
- which to check for certificates that are expiring. For example, if this value
- is 30, any certificate expiring within the next 30 days will cause this policy
- to be non-compliant."},"defaultValue":"30"},"CertificateThumbprintsToInclude":{"type":"String","metadata":{"displayName":"Certificate
- thumbprints to include","description":"A semicolon-separated list of certificate
- thumbprints to check under the specified path. If a value is not specified,
- all certificates under the certificate store path will be checked. If a value
- is specified, no certificates other than those with the thumbprints specified
- will be checked. e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3"},"defaultValue":""},"CertificateThumbprintsToExclude":{"type":"String","metadata":{"displayName":"Certificate
- thumbprints to exclude","description":"A semicolon-separated list of certificate
- thumbprints to ignore. e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3"},"defaultValue":""},"IncludeExpiredCertificates":{"type":"String","metadata":{"displayName":"Include
- expired certificates","description":"Must be ''true'' or ''false''. True indicates
- that any found certificates that have already expired will also make this
- policy non-compliant. False indicates that certificates that have expired
- will be be ignored."},"allowedValues":["true","false"],"defaultValue":"false"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"CertificateExpiration","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[CertificateStore]CertificateStore1;CertificateStorePath'',
- ''='', parameters(''CertificateStorePath''), '','', ''[CertificateStore]CertificateStore1;ExpirationLimitInDays'',
- ''='', parameters(''ExpirationLimitInDays''), '','', ''[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude'',
- ''='', parameters(''CertificateThumbprintsToInclude''), '','', ''[CertificateStore]CertificateStore1;CertificateThumbprintsToExclude'',
- ''='', parameters(''CertificateThumbprintsToExclude''), '','', ''[CertificateStore]CertificateStore1;IncludeExpiredCertificates'',
- ''='', parameters(''IncludeExpiredCertificates'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"CertificateExpiration"},"CertificateStorePath":{"value":"[parameters(''CertificateStorePath'')]"},"ExpirationLimitInDays":{"value":"[parameters(''ExpirationLimitInDays'')]"},"CertificateThumbprintsToInclude":{"value":"[parameters(''CertificateThumbprintsToInclude'')]"},"CertificateThumbprintsToExclude":{"value":"[parameters(''CertificateThumbprintsToExclude'')]"},"IncludeExpiredCertificates":{"value":"[parameters(''IncludeExpiredCertificates'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"CertificateStorePath":{"type":"string"},"ExpirationLimitInDays":{"type":"string"},"CertificateThumbprintsToInclude":{"type":"string"},"CertificateThumbprintsToExclude":{"type":"string"},"IncludeExpiredCertificates":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateStorePath","value":"[parameters(''CertificateStorePath'')]"},{"name":"[CertificateStore]CertificateStore1;ExpirationLimitInDays","value":"[parameters(''ExpirationLimitInDays'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprintsToInclude'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToExclude","value":"[parameters(''CertificateThumbprintsToExclude'')]"},{"name":"[CertificateStore]CertificateStore1;IncludeExpiredCertificates","value":"[parameters(''IncludeExpiredCertificates'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[CertificateStore]CertificateStore1;CertificateStorePath","value":"[parameters(''CertificateStorePath'')]"},{"name":"[CertificateStore]CertificateStore1;ExpirationLimitInDays","value":"[parameters(''ExpirationLimitInDays'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude","value":"[parameters(''CertificateThumbprintsToInclude'')]"},{"name":"[CertificateStore]CertificateStore1;CertificateThumbprintsToExclude","value":"[parameters(''CertificateThumbprintsToExclude'')]"},{"name":"[CertificateStore]CertificateStore1;IncludeExpiredCertificates","value":"[parameters(''IncludeExpiredCertificates'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c5fbc59e-fb6f-494f-81e2-d99a671bdaa8","type":"Microsoft.Authorization/policyDefinitions","name":"c5fbc59e-fb6f-494f-81e2-d99a671bdaa8"}'
+ string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
+ Windows VMs configurations in ''Security Settings - Account Policies''","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Windows virtual machines
+ with non-compliant settings in Group Policy category: ''Security Settings
+ - Account Policies''. It also creates a system-assigned managed identity and
+ deploys the VM extension for Guest Configuration. This policy should only
+ be used along with its corresponding audit policy in an initiative. For more
+ information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"EnforcePasswordHistory":{"type":"String","metadata":{"displayName":"Enforce
+ password history","description":"Specifies limits on password reuse - how
+ many times a new password must be created for a user account before the password
+ can be repeated."},"defaultValue":"24"},"MaximumPasswordAge":{"type":"String","metadata":{"displayName":"Maximum
+ password age","description":"Specifies the maximum number of days that may
+ elapse before a user account password must be changed. The format of the value
+ is two integers separated by a comma, denoting an inclusive range."},"defaultValue":"1,70"},"MinimumPasswordAge":{"type":"String","metadata":{"displayName":"Minimum
+ password age","description":"Specifies the minimum number of days that must
+ elapse before a user account password can be changed."},"defaultValue":"1"},"MinimumPasswordLength":{"type":"String","metadata":{"displayName":"Minimum
+ password length","description":"Specifies the minimum number of characters
+ that a user account password may contain."},"defaultValue":"14"},"PasswordMustMeetComplexityRequirements":{"type":"String","metadata":{"displayName":"Password
+ must meet complexity requirements","description":"Specifies whether a user
+ account password must be complex. If required, a complex password must not
+ contain part of user''s account name or full name; be at least 6 characters
+ long; contain a mix of uppercase, lowercase, number, and non-alphabetic characters."},"defaultValue":"1"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecuritySettingsAccountPolicies","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''Enforce
+ password history;ExpectedValue'', ''='', parameters(''EnforcePasswordHistory''),
+ '','', ''Maximum password age;ExpectedValue'', ''='', parameters(''MaximumPasswordAge''),
+ '','', ''Minimum password age;ExpectedValue'', ''='', parameters(''MinimumPasswordAge''),
+ '','', ''Minimum password length;ExpectedValue'', ''='', parameters(''MinimumPasswordLength''),
+ '','', ''Password must meet complexity requirements;ExpectedValue'', ''='',
+ parameters(''PasswordMustMeetComplexityRequirements'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecuritySettingsAccountPolicies"},"EnforcePasswordHistory":{"value":"[parameters(''EnforcePasswordHistory'')]"},"MaximumPasswordAge":{"value":"[parameters(''MaximumPasswordAge'')]"},"MinimumPasswordAge":{"value":"[parameters(''MinimumPasswordAge'')]"},"MinimumPasswordLength":{"value":"[parameters(''MinimumPasswordLength'')]"},"PasswordMustMeetComplexityRequirements":{"value":"[parameters(''PasswordMustMeetComplexityRequirements'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"EnforcePasswordHistory":{"type":"string"},"MaximumPasswordAge":{"type":"string"},"MinimumPasswordAge":{"type":"string"},"MinimumPasswordLength":{"type":"string"},"PasswordMustMeetComplexityRequirements":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Enforce
+ password history;ExpectedValue","value":"[parameters(''EnforcePasswordHistory'')]"},{"name":"Maximum
+ password age;ExpectedValue","value":"[parameters(''MaximumPasswordAge'')]"},{"name":"Minimum
+ password age;ExpectedValue","value":"[parameters(''MinimumPasswordAge'')]"},{"name":"Minimum
+ password length;ExpectedValue","value":"[parameters(''MinimumPasswordLength'')]"},{"name":"Password
+ must meet complexity requirements;ExpectedValue","value":"[parameters(''PasswordMustMeetComplexityRequirements'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3d95ab7-f47a-49d8-a347-784177b6c94c","type":"Microsoft.Authorization/policyDefinitions","name":"e3d95ab7-f47a-49d8-a347-784177b6c94c"}'
headers:
cache-control:
- no-cache
content-length:
- - '9858'
+ - '7614'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:57 GMT
+ - Fri, 06 Dec 2019 22:16:33 GMT
expires:
- '-1'
pragma:
@@ -27998,16 +41546,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e425e402-a050-45e5-b010-bd3f934589fc?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''c8343d2f-fdc9-4a97-b76f-fc71d1163bfc'' could not be found."}}'
+ ''e425e402-a050-45e5-b010-bd3f934589fc'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -28016,7 +41564,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:58 GMT
+ - Fri, 06 Dec 2019 22:16:35 GMT
expires:
- '-1'
pragma:
@@ -28042,30 +41590,55 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/e425e402-a050-45e5-b010-bd3f934589fc?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Email notifications to admins and subscription
- owners should be enabled in SQL server advanced data security settings","policyType":"BuiltIn","mode":"Indexed","description":"Audit
- that ''email notification to admins and subscription owners'' is enabled in
- the SQL server advanced threat protection settings. This ensures that any
- detections of anomalous activities on SQL server are reported as soon as possible
- to the admins.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/emailAccountAdmins","equals":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc","type":"Microsoft.Authorization/policyDefinitions","name":"c8343d2f-fdc9-4a97-b76f-fc71d1163bfc"}'
+ string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
+ Windows VMs configurations in ''Security Options - User Account Control''","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Windows virtual machines
+ with non-compliant settings in Group Policy category: ''Security Options -
+ User Account Control''. It also creates a system-assigned managed identity
+ and deploys the VM extension for Guest Configuration. This policy should only
+ be used along with its corresponding audit policy in an initiative. For more
+ information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"UACAdminApprovalModeForTheBuiltinAdministratorAccount":{"type":"String","metadata":{"displayName":"UAC:
+ Admin Approval Mode for the Built-in Administrator account","description":"Specifies
+ the behavior of Admin Approval Mode for the built-in Administrator account."},"defaultValue":"1"},"UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode":{"type":"String","metadata":{"displayName":"UAC:
+ Behavior of the elevation prompt for administrators in Admin Approval Mode","description":"Specifies
+ the behavior of the elevation prompt for administrators."},"defaultValue":"2"},"UACDetectApplicationInstallationsAndPromptForElevation":{"type":"String","metadata":{"displayName":"UAC:
+ Detect application installations and prompt for elevation","description":"Specifies
+ the behavior of application installation detection for the computer."},"defaultValue":"1"},"UACRunAllAdministratorsInAdminApprovalMode":{"type":"String","metadata":{"displayName":"UAC:
+ Run all administrators in Admin Approval Mode","description":"Specifies the
+ behavior of all User Account Control (UAC) policy settings for the computer."},"defaultValue":"1"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsUserAccountControl","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''User
+ Account Control: Admin Approval Mode for the Built-in Administrator account;ExpectedValue'',
+ ''='', parameters(''UACAdminApprovalModeForTheBuiltinAdministratorAccount''),
+ '','', ''User Account Control: Behavior of the elevation prompt for administrators
+ in Admin Approval Mode;ExpectedValue'', ''='', parameters(''UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode''),
+ '','', ''User Account Control: Detect application installations and prompt
+ for elevation;ExpectedValue'', ''='', parameters(''UACDetectApplicationInstallationsAndPromptForElevation''),
+ '','', ''User Account Control: Run all administrators in Admin Approval Mode;ExpectedValue'',
+ ''='', parameters(''UACRunAllAdministratorsInAdminApprovalMode'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsUserAccountControl"},"UACAdminApprovalModeForTheBuiltinAdministratorAccount":{"value":"[parameters(''UACAdminApprovalModeForTheBuiltinAdministratorAccount'')]"},"UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode":{"value":"[parameters(''UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode'')]"},"UACDetectApplicationInstallationsAndPromptForElevation":{"value":"[parameters(''UACDetectApplicationInstallationsAndPromptForElevation'')]"},"UACRunAllAdministratorsInAdminApprovalMode":{"value":"[parameters(''UACRunAllAdministratorsInAdminApprovalMode'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"UACAdminApprovalModeForTheBuiltinAdministratorAccount":{"type":"string"},"UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode":{"type":"string"},"UACDetectApplicationInstallationsAndPromptForElevation":{"type":"string"},"UACRunAllAdministratorsInAdminApprovalMode":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"User
+ Account Control: Admin Approval Mode for the Built-in Administrator account;ExpectedValue","value":"[parameters(''UACAdminApprovalModeForTheBuiltinAdministratorAccount'')]"},{"name":"User
+ Account Control: Behavior of the elevation prompt for administrators in Admin
+ Approval Mode;ExpectedValue","value":"[parameters(''UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode'')]"},{"name":"User
+ Account Control: Detect application installations and prompt for elevation;ExpectedValue","value":"[parameters(''UACDetectApplicationInstallationsAndPromptForElevation'')]"},{"name":"User
+ Account Control: Run all administrators in Admin Approval Mode;ExpectedValue","value":"[parameters(''UACRunAllAdministratorsInAdminApprovalMode'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e425e402-a050-45e5-b010-bd3f934589fc","type":"Microsoft.Authorization/policyDefinitions","name":"e425e402-a050-45e5-b010-bd3f934589fc"}'
headers:
cache-control:
- no-cache
content-length:
- - '1210'
+ - '8034'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:58 GMT
+ - Fri, 06 Dec 2019 22:16:36 GMT
expires:
- '-1'
pragma:
@@ -28095,16 +41668,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''c85538c1-b527-4ce4-bdb4-1dabcb3fd90d'' could not be found."}}'
+ ''e56962a6-4747-49cd-b67b-bf8b01975c4c'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -28113,7 +41686,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:58 GMT
+ - Fri, 06 Dec 2019 22:16:39 GMT
expires:
- '-1'
pragma:
@@ -28139,29 +41712,30 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Deprecated]: API App should only be
- accessible over HTTPS","policyType":"BuiltIn","mode":"All","description":"Use
- of HTTPS ensures server/service authentication and protects data in transit
- from network layer eavesdropping attacks.","metadata":{"category":"Security
- Center","deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"api"},{"field":"kind","equals":"apiApp"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"OnlyHttpsForApiApp","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d","type":"Microsoft.Authorization/policyDefinitions","name":"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d"}'
+ string: '{"properties":{"displayName":"Allowed locations","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy enables you to restrict the locations your organization can specify
+ when deploying resources. Use to enforce your geo-compliance requirements.
+ Excludes resource groups, Microsoft.AzureActiveDirectory/b2cDirectories, and
+ resources that use the ''global'' region.","metadata":{"category":"General"},"parameters":{"listOfAllowedLocations":{"type":"Array","metadata":{"description":"The
+ list of locations that can be specified when deploying resources.","strongType":"location","displayName":"Allowed
+ locations"}}},"policyRule":{"if":{"allOf":[{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"},{"field":"location","notEquals":"global"},{"field":"type","notEquals":"Microsoft.AzureActiveDirectory/b2cDirectories"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","type":"Microsoft.Authorization/policyDefinitions","name":"e56962a6-4747-49cd-b67b-bf8b01975c4c"}'
headers:
cache-control:
- no-cache
content-length:
- - '1145'
+ - '1066'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:58 GMT
+ - Fri, 06 Dec 2019 22:16:40 GMT
expires:
- '-1'
pragma:
@@ -28191,16 +41765,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c8abcef9-fc26-482f-b8db-5fa60ee4586d?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e5b81f87-9185-4224-bf00-9f505e9f89f3?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''c8abcef9-fc26-482f-b8db-5fa60ee4586d'' could not be found."}}'
+ ''e5b81f87-9185-4224-bf00-9f505e9f89f3'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -28209,7 +41783,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:59 GMT
+ - Fri, 06 Dec 2019 22:16:42 GMT
expires:
- '-1'
pragma:
@@ -28235,31 +41809,38 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/c8abcef9-fc26-482f-b8db-5fa60ee4586d?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/e5b81f87-9185-4224-bf00-9f505e9f89f3?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
- VMs configurations in ''Security Options - Interactive Logon''","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines with non-compliant settings in Group Policy
- category: ''Security Options - Interactive Logon''. For more information on
- Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsInteractiveLogon","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c8abcef9-fc26-482f-b8db-5fa60ee4586d","type":"Microsoft.Authorization/policyDefinitions","name":"c8abcef9-fc26-482f-b8db-5fa60ee4586d"}'
+ string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
+ Windows VMs configurations in ''Security Options - Accounts''","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Windows virtual machines
+ with non-compliant settings in Group Policy category: ''Security Options -
+ Accounts''. It also creates a system-assigned managed identity and deploys
+ the VM extension for Guest Configuration. This policy should only be used
+ along with its corresponding audit policy in an initiative. For more information
+ on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"AccountsGuestAccountStatus":{"type":"String","metadata":{"displayName":"Accounts:
+ Guest account status","description":"Specifies whether the local Guest account
+ is disabled."},"defaultValue":"0"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAccounts","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''Accounts:
+ Guest account status;ExpectedValue'', ''='', parameters(''AccountsGuestAccountStatus'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsAccounts"},"AccountsGuestAccountStatus":{"value":"[parameters(''AccountsGuestAccountStatus'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AccountsGuestAccountStatus":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Accounts:
+ Guest account status;ExpectedValue","value":"[parameters(''AccountsGuestAccountStatus'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e5b81f87-9185-4224-bf00-9f505e9f89f3","type":"Microsoft.Authorization/policyDefinitions","name":"e5b81f87-9185-4224-bf00-9f505e9f89f3"}'
headers:
cache-control:
- no-cache
content-length:
- - '2673'
+ - '5066'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:20:59 GMT
+ - Fri, 06 Dec 2019 22:16:43 GMT
expires:
- '-1'
pragma:
@@ -28289,16 +41870,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''c95c74d9-38fe-4f0d-af86-0c7d626a315c'' could not be found."}}'
+ ''e67687e8-08d5-4e7f-8226-5b4753bba008'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -28307,7 +41888,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:21:00 GMT
+ - Fri, 06 Dec 2019 22:16:45 GMT
expires:
- '-1'
pragma:
@@ -28333,31 +41914,29 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Diagnostic logs in Data Lake Analytics
- should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
- enabling of diagnostic logs. This enables you to recreate activity trails
- to use for investigation purposes; when a security incident occurs or when
- your network is compromised","metadata":{"category":"Data Lake"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
- retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeAnalytics/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","type":"Microsoft.Authorization/policyDefinitions","name":"c95c74d9-38fe-4f0d-af86-0c7d626a315c"}'
+ string: '{"properties":{"displayName":"[Deprecated]: Audit Web Applications
+ that are not using latest supported Node.js Framework","policyType":"BuiltIn","mode":"All","description":"Use
+ the latest supported Node.js version for the latest security classes. Using
+ older classes and types can make your application vulnerable.","metadata":{"category":"Security
+ Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestNodeJS","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008","type":"Microsoft.Authorization/policyDefinitions","name":"e67687e8-08d5-4e7f-8226-5b4753bba008"}'
headers:
cache-control:
- no-cache
content-length:
- - '1799'
+ - '1228'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:21:00 GMT
+ - Fri, 06 Dec 2019 22:16:46 GMT
expires:
- '-1'
pragma:
@@ -28387,16 +41966,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c961dac9-5916-42e8-8fb1-703148323994?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''c961dac9-5916-42e8-8fb1-703148323994'' could not be found."}}'
+ ''e71308d3-144b-4262-b144-efdc3cc90517'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -28405,7 +41984,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:21:26 GMT
+ - Fri, 06 Dec 2019 22:16:48 GMT
expires:
- '-1'
pragma:
@@ -28431,31 +42010,30 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/c961dac9-5916-42e8-8fb1-703148323994?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
- VMs configurations in ''User Rights Assignment''","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines with non-compliant settings in Group Policy
- category: ''User Rights Assignment''. For more information on Guest Configuration
- policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_UserRightsAssignment","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c961dac9-5916-42e8-8fb1-703148323994","type":"Microsoft.Authorization/policyDefinitions","name":"c961dac9-5916-42e8-8fb1-703148323994"}'
+ string: '{"properties":{"displayName":"Subnets should be associated with a Network
+ Security Group","policyType":"BuiltIn","mode":"All","description":"Protect
+ your subnet from potential threats by restricting access to it with a Network
+ Security Group (NSG). NSGs contain a list of Access Control List (ACL) rules
+ that allow or deny network traffic to your subnet.","metadata":{"category":"Security
+ Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnSubnets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","type":"Microsoft.Authorization/policyDefinitions","name":"e71308d3-144b-4262-b144-efdc3cc90517"}'
headers:
cache-control:
- no-cache
content-length:
- - '2634'
+ - '1162'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:21:46 GMT
+ - Fri, 06 Dec 2019 22:16:50 GMT
expires:
- '-1'
pragma:
@@ -28485,16 +42063,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c96f3246-4382-4264-bf6b-af0b35e23c3c?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''c96f3246-4382-4264-bf6b-af0b35e23c3c'' could not be found."}}'
+ ''e756b945-1b1b-480b-8de8-9a0859d5f7ad'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -28503,7 +42081,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:21:48 GMT
+ - Fri, 06 Dec 2019 22:16:52 GMT
expires:
- '-1'
pragma:
@@ -28529,38 +42107,29 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/c96f3246-4382-4264-bf6b-af0b35e23c3c?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Deploy prerequisites to audit Windows
- VMs with a pending reboot","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Windows virtual machines
- with a pending reboot. It also creates a system-assigned managed identity
- and deploys the VM extension for Guest Configuration. This policy should only
- be used along with its corresponding audit policy in an initiative. For more
- information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPendingReboot","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPendingReboot"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c96f3246-4382-4264-bf6b-af0b35e23c3c","type":"Microsoft.Authorization/policyDefinitions","name":"c96f3246-4382-4264-bf6b-af0b35e23c3c"}'
+ string: '{"properties":{"displayName":"Advanced Threat Protection types should
+ be set to ''All'' in SQL server Advanced Data Security settings","policyType":"BuiltIn","mode":"Indexed","description":"It
+ is recommended to enable all Advanced Threat Protection types on your SQL
+ servers. Enabling all types protects against SQL injection, database vulnerabilities,
+ and any other anomalous activities.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/disabledAlerts[*]","equals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","type":"Microsoft.Authorization/policyDefinitions","name":"e756b945-1b1b-480b-8de8-9a0859d5f7ad"}'
headers:
cache-control:
- no-cache
content-length:
- - '5107'
+ - '1137'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:21:48 GMT
+ - Fri, 06 Dec 2019 22:16:53 GMT
expires:
- '-1'
pragma:
@@ -28590,16 +42159,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''c9c29499-c1d1-4195-99bd-2ec9e3a9dc89'' could not be found."}}'
+ ''e765b5de-1225-4ba3-bd56-1ac6695af988'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -28608,7 +42177,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:04 GMT
+ - Fri, 06 Dec 2019 22:16:55 GMT
expires:
- '-1'
pragma:
@@ -28634,38 +42203,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Deploy Diagnostic Settings for Network
- Security Groups","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy automatically deploys diagnostic settings to network security groups.
- A storage account with name ''{storagePrefixParameter}{NSGLocation}'' will
- be automatically created.","metadata":{"category":"Monitoring"},"parameters":{"storagePrefix":{"type":"String","metadata":{"displayName":"Storage
- Account Prefix for Regional Storage Account","description":"This prefix will
- be combined with the network security group location to form the created storage
- account name."}},"rgName":{"type":"String","metadata":{"displayName":"Resource
- Group Name for Storage Account (must exist)","description":"The resource group
- that the storage account will be created in. This resource group must already
- exist.","strongType":"ExistingResourceGroups"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/networkSecurityGroups"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"setbypolicy","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"location":{"type":"string"},"storagePrefix":{"type":"string"},"nsgName":{"type":"string"},"rgName":{"type":"string"}},"variables":{"storageDeployName":"[concat(''policyStorage_'',
- uniqueString(parameters(''location''), parameters(''nsgName'')))]"},"resources":[{"type":"Microsoft.Network/networkSecurityGroups/providers/diagnosticSettings","name":"[concat(parameters(''nsgName''),''/Microsoft.Insights/setbypolicy'')]","apiVersion":"2017-05-01-preview","location":"[parameters(''location'')]","dependsOn":["[variables(''storageDeployName'')]"],"properties":{"storageAccountId":"[reference(variables(''storageDeployName'')).outputs.storageAccountId.value]","logs":[{"category":"NetworkSecurityGroupEvent","enabled":true,"retentionPolicy":{"enabled":false,"days":0}},{"category":"NetworkSecurityGroupRuleCounter","enabled":true,"retentionPolicy":{"enabled":false,"days":0}}]}},{"apiVersion":"2017-05-10","name":"[variables(''storageDeployName'')]","type":"Microsoft.Resources/deployments","resourceGroup":"[parameters(''rgName'')]","properties":{"mode":"incremental","parameters":{"location":{"value":"[parameters(''location'')]"},"storagePrefix":{"value":"[parameters(''storagePrefix'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json","contentVersion":"1.0.0.0","parameters":{"location":{"type":"string"},"storagePrefix":{"type":"string"}},"resources":[{"apiVersion":"2017-06-01","type":"Microsoft.Storage/storageAccounts","name":"[concat(parameters(''storageprefix''),
- parameters(''location''))]","sku":{"name":"Standard_LRS","tier":"Standard"},"kind":"Storage","location":"[parameters(''location'')]","tags":{"created-by":"policy"},"scale":null,"properties":{"networkAcls":{"bypass":"AzureServices","defaultAction":"Allow","ipRules":[],"virtualNetworkRules":[]},"supportsHttpsTrafficOnly":true}}],"outputs":{"storageAccountId":{"type":"string","value":"[resourceId(parameters(''rgName''),
- ''Microsoft.Storage/storageAccounts'',concat(parameters(''storagePrefix''),
- parameters(''location'')))]"}}}}}]},"parameters":{"location":{"value":"[field(''location'')]"},"storagePrefix":{"value":"[parameters(''storagePrefix'')]"},"rgName":{"value":"[parameters(''rgName'')]"},"nsgName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89","type":"Microsoft.Authorization/policyDefinitions","name":"c9c29499-c1d1-4195-99bd-2ec9e3a9dc89"}'
+ string: '{"properties":{"displayName":"Allowed locations for resource groups","policyType":"BuiltIn","mode":"All","description":"This
+ policy enables you to restrict the locations your organization can create
+ resource groups in. Use to enforce your geo-compliance requirements.","metadata":{"category":"General"},"parameters":{"listOfAllowedLocations":{"type":"Array","metadata":{"description":"The
+ list of locations that resource groups can be created in.","strongType":"location","displayName":"Allowed
+ locations"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988","type":"Microsoft.Authorization/policyDefinitions","name":"e765b5de-1225-4ba3-bd56-1ac6695af988"}'
headers:
cache-control:
- no-cache
content-length:
- - '3906'
+ - '908'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:04 GMT
+ - Fri, 06 Dec 2019 22:16:56 GMT
expires:
- '-1'
pragma:
@@ -28695,16 +42254,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''c9d007d0-c057-4772-b18c-01e546713bcd'' could not be found."}}'
+ ''e797f851-8be7-4c40-bb56-2e3395215b0e'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -28713,7 +42272,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:04 GMT
+ - Fri, 06 Dec 2019 22:16:58 GMT
expires:
- '-1'
pragma:
@@ -28739,31 +42298,29 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Storage accounts should allow access
- from trusted Microsoft services","policyType":"BuiltIn","mode":"Indexed","description":"Some
- Microsoft services that interact with storage accounts operate from networks
- that can''t be granted access through network rules. To help this type of
- service work as intended, allow the set of trusted Microsoft services to bypass
- the network rules. These services will then use strong authentication to access
- the storage account.","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The
- effect determines what happens when the policy rule is evaluated to match"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","exists":"true"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.bypass","notContains":"AzureServices"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd","type":"Microsoft.Authorization/policyDefinitions","name":"c9d007d0-c057-4772-b18c-01e546713bcd"}'
+ string: '{"properties":{"displayName":"[Deprecated]: Audit Web Sockets state
+ for a Web Application","policyType":"BuiltIn","mode":"All","description":"The
+ Web Sockets protocol is vulnerable to different types of security threats.
+ Use of Web Sockets within a web application must be carefully reviewed.","metadata":{"category":"Security
+ Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e","type":"Microsoft.Authorization/policyDefinitions","name":"e797f851-8be7-4c40-bb56-2e3395215b0e"}'
headers:
cache-control:
- no-cache
content-length:
- - '1273'
+ - '1275'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:05 GMT
+ - Fri, 06 Dec 2019 22:17:00 GMT
expires:
- '-1'
pragma:
@@ -28793,16 +42350,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''cb510bfd-1cba-4d9f-a230-cb0976f4bb71'' could not be found."}}'
+ ''e802a67a-daf5-4436-9ea6-f6d821dd0c5d'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -28811,7 +42368,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:05 GMT
+ - Fri, 06 Dec 2019 22:17:01 GMT
expires:
- '-1'
pragma:
@@ -28837,28 +42394,32 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Remote debugging should be turned off
- for Web Applications","policyType":"BuiltIn","mode":"Indexed","description":"Remote
- debugging requires inbound ports to be opened on a web application. Remote
- debugging should be turned off.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71","type":"Microsoft.Authorization/policyDefinitions","name":"cb510bfd-1cba-4d9f-a230-cb0976f4bb71"}'
+ string: '{"properties":{"displayName":"Enforce SSL connection should be enabled
+ for MySQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any MySQL server that is not enforcing SSL connection. Azure
+ Database for MySQL supports connecting your Azure Database for MySQL server
+ to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections
+ between your database server and your client applications helps protect against
+ ''man in the middle'' attacks by encrypting the data stream between the server
+ and your application.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMySQL/servers"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","type":"Microsoft.Authorization/policyDefinitions","name":"e802a67a-daf5-4436-9ea6-f6d821dd0c5d"}'
headers:
cache-control:
- no-cache
content-length:
- - '1021'
+ - '1280'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:05 GMT
+ - Fri, 06 Dec 2019 22:17:02 GMT
expires:
- '-1'
pragma:
@@ -28888,16 +42449,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/cc7cda28-f867-4311-8497-a526129a8d19?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''cc7cda28-f867-4311-8497-a526129a8d19'' could not be found."}}'
+ ''e8cbc669-f12d-49eb-93e7-9273119e9933'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -28906,7 +42467,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:05 GMT
+ - Fri, 06 Dec 2019 22:17:05 GMT
expires:
- '-1'
pragma:
@@ -28932,31 +42493,29 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/cc7cda28-f867-4311-8497-a526129a8d19?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Show audit results from Windows VMs in
- which the Administrators group does not contain only the specified members","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines in which the Administrators group does not
- contain only the specified members. For more information on Guest Configuration
- policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AdministratorsGroupMembers","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cc7cda28-f867-4311-8497-a526129a8d19","type":"Microsoft.Authorization/policyDefinitions","name":"cc7cda28-f867-4311-8497-a526129a8d19"}'
+ string: '{"properties":{"displayName":"Vulnerabilities in container security
+ configurations should be remediated","policyType":"BuiltIn","mode":"All","description":"Audit
+ vulnerabilities in security configuration on machines with Docker installed
+ and display as recommendations in Azure Security Center.","metadata":{"category":"Security
+ Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ContainerBenchmark","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","type":"Microsoft.Authorization/policyDefinitions","name":"e8cbc669-f12d-49eb-93e7-9273119e9933"}'
headers:
cache-control:
- no-cache
content-length:
- - '2799'
+ - '1167'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:05 GMT
+ - Fri, 06 Dec 2019 22:17:07 GMT
expires:
- '-1'
pragma:
@@ -28986,16 +42545,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e8d096bc-85de-4c5f-8cfb-857bd1b9d62d?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349'' could not be found."}}'
+ ''e8d096bc-85de-4c5f-8cfb-857bd1b9d62d'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -29004,7 +42563,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:06 GMT
+ - Fri, 06 Dec 2019 22:17:08 GMT
expires:
- '-1'
pragma:
@@ -29030,30 +42589,40 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/e8d096bc-85de-4c5f-8cfb-857bd1b9d62d?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Sensitive data in your SQL
- databases should be classified","policyType":"BuiltIn","mode":"Indexed","description":"Azure
- Security Center monitors the data discovery and classification scan results
- for your SQL databases and provides recommendations to classify the sensitive
- data in your databases for better monitoring and security","metadata":{"category":"Security
- Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Sql/servers/databases","Microsoft.Sql/managedInstances/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"sqlDataClassification","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349","type":"Microsoft.Authorization/policyDefinitions","name":"cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349"}'
+ string: '{"properties":{"displayName":"Deploy Diagnostic Settings for Data Lake
+ Storage Gen1 to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Data Lake Storage Gen1 to stream to a regional
+ Event Hub when any Data Lake Storage Gen1 which is missing this diagnostic
+ settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.DataLakeStore/accounts/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Audit","enabled":"[parameters(''logsEnabled'')]"},{"category":"Requests","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e8d096bc-85de-4c5f-8cfb-857bd1b9d62d","type":"Microsoft.Authorization/policyDefinitions","name":"e8d096bc-85de-4c5f-8cfb-857bd1b9d62d"}'
headers:
cache-control:
- no-cache
content-length:
- - '1217'
+ - '3825'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:06 GMT
+ - Fri, 06 Dec 2019 22:17:10 GMT
expires:
- '-1'
pragma:
@@ -29083,16 +42652,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''cccc23c7-8427-4f53-ad12-b6a63eb452b3'' could not be found."}}'
+ ''e9c8d085-d9cc-4b17-9cdc-059f1f01f19e'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -29101,7 +42670,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:06 GMT
+ - Fri, 06 Dec 2019 22:17:12 GMT
expires:
- '-1'
pragma:
@@ -29127,28 +42696,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Allowed virtual machine SKUs","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy enables you to specify a set of virtual machine SKUs that your organization
- can deploy.","metadata":{"category":"Compute"},"parameters":{"listOfAllowedSKUs":{"type":"Array","metadata":{"description":"The
- list of SKUs that can be specified for virtual machines.","displayName":"Allowed
- SKUs","strongType":"VMSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"field":"Microsoft.Compute/virtualMachines/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3","type":"Microsoft.Authorization/policyDefinitions","name":"cccc23c7-8427-4f53-ad12-b6a63eb452b3"}'
+ string: '{"properties":{"displayName":"Remote debugging should be turned off
+ for API Apps","policyType":"BuiltIn","mode":"Indexed","description":"Remote
+ debugging requires inbound ports to be opened on an API apps. Remote debugging
+ should be turned off.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","type":"Microsoft.Authorization/policyDefinitions","name":"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e"}'
headers:
cache-control:
- no-cache
content-length:
- - '861'
+ - '1007'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:06 GMT
+ - Fri, 06 Dec 2019 22:17:13 GMT
expires:
- '-1'
pragma:
@@ -29178,16 +42747,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ea3f2387-9b95-492a-a190-fcdc54f7b070?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''cd8dc879-a2ae-43c3-8211-1877c5755064'' could not be found."}}'
+ ''ea3f2387-9b95-492a-a190-fcdc54f7b070'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -29196,7 +42765,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:08 GMT
+ - Fri, 06 Dec 2019 22:17:15 GMT
expires:
- '-1'
pragma:
@@ -29222,26 +42791,32 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/ea3f2387-9b95-492a-a190-fcdc54f7b070?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Allow resource creation if ''department''
- tag set","policyType":"BuiltIn","mode":"Indexed","description":"Allows resource
- creation only if the ''department'' tag is set","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags","containsKey":"department"}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064","type":"Microsoft.Authorization/policyDefinitions","name":"cd8dc879-a2ae-43c3-8211-1877c5755064"}'
+ string: '{"properties":{"displayName":"Inherit a tag from the resource group
+ if missing","policyType":"BuiltIn","mode":"Indexed","description":"Adds the
+ specified tag with its value from the parent resource group when any resource
+ missing this tag is created or updated. Existing resources can be remediated
+ by triggering a remediation task. If the tag exists with a different value
+ it will not be changed.","metadata":{"category":"Tags"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag
+ Name","description":"Name of the tag, such as ''environment''"}}},"policyRule":{"if":{"allOf":[{"field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","exists":"false"},{"value":"[resourceGroup().tags[parameters(''tagName'')]]","notEquals":""}]},"then":{"effect":"modify","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"operation":"add","field":"[concat(''tags['',
+ parameters(''tagName''), '']'')]","value":"[resourceGroup().tags[parameters(''tagName'')]]"}]}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ea3f2387-9b95-492a-a190-fcdc54f7b070","type":"Microsoft.Authorization/policyDefinitions","name":"ea3f2387-9b95-492a-a190-fcdc54f7b070"}'
headers:
cache-control:
- no-cache
content-length:
- - '556'
+ - '1239'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:08 GMT
+ - Fri, 06 Dec 2019 22:17:16 GMT
expires:
- '-1'
pragma:
@@ -29271,16 +42846,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ea4d6841-2173-4317-9747-ff522a45120f?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''cdbf72d9-ac9c-4026-8a3a-491a5ac59293'' could not be found."}}'
+ ''ea4d6841-2173-4317-9747-ff522a45120f'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -29289,7 +42864,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:08 GMT
+ - Fri, 06 Dec 2019 22:17:19 GMT
expires:
- '-1'
pragma:
@@ -29315,30 +42890,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/ea4d6841-2173-4317-9747-ff522a45120f?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
- VMs that allow re-use of the previous 24 passwords","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines that allow re-use of the previous 24 passwords.
- For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","type":"Microsoft.Authorization/policyDefinitions","name":"cdbf72d9-ac9c-4026-8a3a-491a5ac59293"}'
+ string: '{"properties":{"displayName":"Key Vault should use a virtual network
+ service endpoint","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Key Vault not configured to use a virtual network service
+ endpoint.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"anyOf":[{"field":"Microsoft.KeyVault/vaults/networkAcls.defaultAction","notEquals":"Deny"},{"field":"Microsoft.KeyVault/vaults/networkAcls.virtualNetworkRules[*].id","exists":"false"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ea4d6841-2173-4317-9747-ff522a45120f","type":"Microsoft.Authorization/policyDefinitions","name":"ea4d6841-2173-4317-9747-ff522a45120f"}'
headers:
cache-control:
- no-cache
content-length:
- - '2744'
+ - '980'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:08 GMT
+ - Fri, 06 Dec 2019 22:17:20 GMT
expires:
- '-1'
pragma:
@@ -29368,16 +42941,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ce2370f6-0ac5-4d85-8ab4-10721cc640b0?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''ce2370f6-0ac5-4d85-8ab4-10721cc640b0'' could not be found."}}'
+ ''eaebaea7-8013-4ceb-9d14-7eb32271373c'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -29386,7 +42959,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:09 GMT
+ - Fri, 06 Dec 2019 22:17:21 GMT
expires:
- '-1'
pragma:
@@ -29412,34 +42985,29 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/ce2370f6-0ac5-4d85-8ab4-10721cc640b0?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
- Windows VMs configurations in ''System Audit Policies - Privilege Use''","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Windows virtual machines
- with non-compliant settings in Group Policy category: ''System Audit Policies
- - Privilege Use''. It also creates a system-assigned managed identity and
- deploys the VM extension for Guest Configuration. This policy should only
- be used along with its corresponding audit policy in an initiative. For more
- information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPrivilegeUse","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesPrivilegeUse"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ce2370f6-0ac5-4d85-8ab4-10721cc640b0","type":"Microsoft.Authorization/policyDefinitions","name":"ce2370f6-0ac5-4d85-8ab4-10721cc640b0"}'
+ string: '{"properties":{"displayName":"Ensure Function app has ''Client Certificates
+ (Incoming client certificates)'' set to ''On''","policyType":"BuiltIn","mode":"Indexed","description":"Client
+ certificates allow for the app to request a certificate for incoming requests.
+ Only clients that have a valid certificate will be able to reach the app.","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"},{"field":"Microsoft.Web/sites/clientCertEnabled","equals":"false"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c","type":"Microsoft.Authorization/policyDefinitions","name":"eaebaea7-8013-4ceb-9d14-7eb32271373c"}'
headers:
cache-control:
- no-cache
content-length:
- - '4394'
+ - '998'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:09 GMT
+ - Fri, 06 Dec 2019 22:17:23 GMT
expires:
- '-1'
pragma:
@@ -29469,16 +43037,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''cf820ca0-f99e-4f3e-84fb-66e913812d21'' could not be found."}}'
+ ''eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -29487,7 +43055,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:08 GMT
+ - Fri, 06 Dec 2019 22:17:26 GMT
expires:
- '-1'
pragma:
@@ -29513,31 +43081,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Diagnostic logs in Key Vault should be
- enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit enabling
- of diagnostic logs. This enables you to recreate activity trails to use for
- investigation purposes; when a security incident occurs or when your network
- is compromised","metadata":{"category":"Key Vault"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
- retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","type":"Microsoft.Authorization/policyDefinitions","name":"cf820ca0-f99e-4f3e-84fb-66e913812d21"}'
+ string: '{"properties":{"displayName":"Log checkpoints should be enabled for
+ PostgreSQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy helps audit any PostgreSQL databases in your environment without log_checkpoints
+ setting enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"log_checkpoints","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d","type":"Microsoft.Authorization/policyDefinitions","name":"eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d"}'
headers:
cache-control:
- no-cache
content-length:
- - '1778'
+ - '1032'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:09 GMT
+ - Fri, 06 Dec 2019 22:17:27 GMT
expires:
- '-1'
pragma:
@@ -29567,16 +43132,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e442?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''d158790f-bfb0-486c-8631-2dc6b4e8e6af'' could not be found."}}'
+ ''eb6f77b9-bd53-4e35-a23d-7f65d5f0e442'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -29585,7 +43150,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:10 GMT
+ - Fri, 06 Dec 2019 22:17:29 GMT
expires:
- '-1'
pragma:
@@ -29611,32 +43176,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e442?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Enforce SSL connection should be enabled
- for PostgreSQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy audits any PostgreSQL server that is not enforcing SSL connection.
- Azure Database for PostgreSQL prefers connecting your client applications
- to the PostgreSQL service using Secure Sockets Layer (SSL). Enforcing SSL
- connections between your database server and your client applications helps
- protect against ''man-in-the-middle'' attacks by encrypting the data stream
- between the server and your application","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforPostgreSQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af","type":"Microsoft.Authorization/policyDefinitions","name":"d158790f-bfb0-486c-8631-2dc6b4e8e6af"}'
+ string: '{"properties":{"displayName":"Log connections should be enabled for
+ PostgreSQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy helps audit any PostgreSQL databases in your environment without log_connections
+ setting enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"log_connections","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e442","type":"Microsoft.Authorization/policyDefinitions","name":"eb6f77b9-bd53-4e35-a23d-7f65d5f0e442"}'
headers:
cache-control:
- no-cache
content-length:
- - '1299'
+ - '1032'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:10 GMT
+ - Fri, 06 Dec 2019 22:17:31 GMT
expires:
- '-1'
pragma:
@@ -29666,16 +43227,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e446?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''d1cb47db-b7a1-4c46-814e-aad1c0e84f3c'' could not be found."}}'
+ ''eb6f77b9-bd53-4e35-a23d-7f65d5f0e446'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -29684,7 +43245,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:10 GMT
+ - Fri, 06 Dec 2019 22:17:33 GMT
expires:
- '-1'
pragma:
@@ -29710,28 +43271,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e446?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Deprecated]: Audit Function Apps that
- are not using custom domains","policyType":"BuiltIn","mode":"All","description":"Use
- of custom domains protects a Function app from common attacks such as phishing
- and other DNS-related attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"functionapp"},{"field":"kind","equals":"functionapp,linux"},{"field":"kind","equals":"functionapp,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c","type":"Microsoft.Authorization/policyDefinitions","name":"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c"}'
+ string: '{"properties":{"displayName":"Disconnections should be logged for PostgreSQL
+ database servers.","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy helps audit any PostgreSQL databases in your environment without log_disconnections
+ enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"log_disconnections","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e446","type":"Microsoft.Authorization/policyDefinitions","name":"eb6f77b9-bd53-4e35-a23d-7f65d5f0e446"}'
headers:
cache-control:
- no-cache
content-length:
- - '1235'
+ - '1029'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:10 GMT
+ - Fri, 06 Dec 2019 22:17:35 GMT
expires:
- '-1'
pragma:
@@ -29761,16 +43322,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d38b4c26-9d2e-47d7-aefe-18d859a8706a?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e8f3?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''d38b4c26-9d2e-47d7-aefe-18d859a8706a'' could not be found."}}'
+ ''eb6f77b9-bd53-4e35-a23d-7f65d5f0e8f3'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -29779,7 +43340,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:10 GMT
+ - Fri, 06 Dec 2019 22:17:37 GMT
expires:
- '-1'
pragma:
@@ -29805,40 +43366,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/d38b4c26-9d2e-47d7-aefe-18d859a8706a?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e8f3?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy prerequisites to audit
- Windows VMs on which the DSC configuration is not compliant","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Windows VMs on which
- the Desired State Configuration (DSC) configuration is not compliant. This
- policy is only applicable to machines with WMF 4 and above. It also creates
- a system-assigned managed identity and deploys the VM extension for Guest
- Configuration. This policy should only be used along with its corresponding
- audit policy in an initiative. For more information on Guest Configuration
- policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsDscConfiguration","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsDscConfiguration"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d38b4c26-9d2e-47d7-aefe-18d859a8706a","type":"Microsoft.Authorization/policyDefinitions","name":"d38b4c26-9d2e-47d7-aefe-18d859a8706a"}'
+ string: '{"properties":{"displayName":"Log duration should be enabled for PostgreSQL
+ database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy helps audit any PostgreSQL databases in your environment without log_duration
+ setting enabled.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DBforPostgreSQL/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.DBforPostgreSQL/servers/configurations","name":"log_duration","existenceCondition":{"field":"Microsoft.DBforPostgreSQL/servers/configurations/value","equals":"ON"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e8f3","type":"Microsoft.Authorization/policyDefinitions","name":"eb6f77b9-bd53-4e35-a23d-7f65d5f0e8f3"}'
headers:
cache-control:
- no-cache
content-length:
- - '5258'
+ - '1023'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:10 GMT
+ - Fri, 06 Dec 2019 22:17:39 GMT
expires:
- '-1'
pragma:
@@ -29868,16 +43417,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d7ccd0ca-8d78-42af-a43d-6b7f928accbc?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''d7ccd0ca-8d78-42af-a43d-6b7f928accbc'' could not be found."}}'
+ ''ebb62a0c-3560-49e1-89ed-27e074e9f8ad'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -29886,7 +43435,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:11 GMT
+ - Fri, 06 Dec 2019 22:17:41 GMT
expires:
- '-1'
pragma:
@@ -29912,30 +43461,29 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/d7ccd0ca-8d78-42af-a43d-6b7f928accbc?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Show audit results from Windows Server
- VMs on which Windows Serial Console is not enabled","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Windows Server virtual machines on which Windows Serial Console is
- not enabled. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsSerialConsole","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d7ccd0ca-8d78-42af-a43d-6b7f928accbc","type":"Microsoft.Authorization/policyDefinitions","name":"d7ccd0ca-8d78-42af-a43d-6b7f928accbc"}'
+ string: '{"properties":{"displayName":"Deprecated accounts with owner permissions
+ should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"Deprecated
+ accounts with owner permissions should be removed from your subscription. Deprecated
+ accounts are accounts that have been blocked from signing in.","metadata":{"category":"Security
+ Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveDeprecatedAccountsWithOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","type":"Microsoft.Authorization/policyDefinitions","name":"ebb62a0c-3560-49e1-89ed-27e074e9f8ad"}'
headers:
cache-control:
- no-cache
content-length:
- - '2745'
+ - '1138'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:11 GMT
+ - Fri, 06 Dec 2019 22:17:42 GMT
expires:
- '-1'
pragma:
@@ -29965,16 +43513,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''dd2ea520-6b06-45c3-806e-ea297c23e06a'' could not be found."}}'
+ ''ec49586f-4939-402d-a29e-6ff502b20592'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -29983,7 +43531,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:12 GMT
+ - Fri, 06 Dec 2019 22:17:45 GMT
expires:
- '-1'
pragma:
@@ -30009,28 +43557,39 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Deprecated]: Audit Web Applications
- that are not using custom domains","policyType":"BuiltIn","mode":"All","description":"Use
- of custom domains protects a web application from common attacks such as phishing
- and other DNS-related attacks.","metadata":{"category":"Security Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UsedCustomDomains","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a","type":"Microsoft.Authorization/policyDefinitions","name":"dd2ea520-6b06-45c3-806e-ea297c23e06a"}'
+ string: '{"properties":{"displayName":"[Preview]: Deploy prerequisites to audit
+ Linux VMs that allow remote connections from accounts without passwords","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Linux virtual machines
+ that allow remote connections from accounts without passwords. It also creates
+ a system-assigned managed identity and deploys the VM extension for Guest
+ Configuration. This policy should only be used along with its corresponding
+ audit policy in an initiative. For more information on Guest Configuration
+ policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid110"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","type":"Microsoft.Authorization/policyDefinitions","name":"ec49586f-4939-402d-a29e-6ff502b20592"}'
headers:
cache-control:
- no-cache
content-length:
- - '1252'
+ - '5710'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:12 GMT
+ - Fri, 06 Dec 2019 22:17:46 GMT
expires:
- '-1'
pragma:
@@ -30060,16 +43619,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/dd4680ed-0559-4a6a-ad10-081d14cbb484?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ec7ac234-2af5-4729-94d2-c557c071799d?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''dd4680ed-0559-4a6a-ad10-081d14cbb484'' could not be found."}}'
+ ''ec7ac234-2af5-4729-94d2-c557c071799d'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -30078,7 +43637,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:13 GMT
+ - Fri, 06 Dec 2019 22:17:48 GMT
expires:
- '-1'
pragma:
@@ -30104,31 +43663,34 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/dd4680ed-0559-4a6a-ad10-081d14cbb484?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/ec7ac234-2af5-4729-94d2-c557c071799d?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
- VMs configurations in ''System Audit Policies - Policy Change''","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines with non-compliant settings in Group Policy
- category: ''System Audit Policies - Policy Change''. For more information
- on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesPolicyChange","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/dd4680ed-0559-4a6a-ad10-081d14cbb484","type":"Microsoft.Authorization/policyDefinitions","name":"dd4680ed-0559-4a6a-ad10-081d14cbb484"}'
+ string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
+ Windows VMs configurations in ''Administrative Templates - Control Panel''","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Windows virtual machines
+ with non-compliant settings in Group Policy category: ''Administrative Templates
+ - Control Panel''. It also creates a system-assigned managed identity and
+ deploys the VM extension for Guest Configuration. This policy should only
+ be used along with its corresponding audit policy in an initiative. For more
+ information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesControlPanel","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_AdministrativeTemplatesControlPanel"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ec7ac234-2af5-4729-94d2-c557c071799d","type":"Microsoft.Authorization/policyDefinitions","name":"ec7ac234-2af5-4729-94d2-c557c071799d"}'
headers:
cache-control:
- no-cache
content-length:
- - '2675'
+ - '4408'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:13 GMT
+ - Fri, 06 Dec 2019 22:17:49 GMT
expires:
- '-1'
pragma:
@@ -30158,16 +43720,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ddb53c61-9db4-41d4-a953-2abff5b66c12?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ed7c8c13-51e7-49d1-8a43-8490431a0da2?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''ddb53c61-9db4-41d4-a953-2abff5b66c12'' could not be found."}}'
+ ''ed7c8c13-51e7-49d1-8a43-8490431a0da2'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -30176,7 +43738,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:13 GMT
+ - Fri, 06 Dec 2019 22:17:51 GMT
expires:
- '-1'
pragma:
@@ -30202,31 +43764,40 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/ddb53c61-9db4-41d4-a953-2abff5b66c12?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/ed7c8c13-51e7-49d1-8a43-8490431a0da2?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
- VMs configurations in ''Security Settings - Account Policies''","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines with non-compliant settings in Group Policy
- category: ''Security Settings - Account Policies''. For more information on
- Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecuritySettingsAccountPolicies","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ddb53c61-9db4-41d4-a953-2abff5b66c12","type":"Microsoft.Authorization/policyDefinitions","name":"ddb53c61-9db4-41d4-a953-2abff5b66c12"}'
+ string: '{"properties":{"displayName":"Deploy Diagnostic Settings for Key Vault
+ to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Key Vault to stream to a regional Event Hub when
+ any Key Vault which is missing this diagnostic settings is created or updated.","metadata":{"category":"Key
+ Vault"},"parameters":{"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vaultName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"resources":[{"type":"Microsoft.KeyVault/vaults/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''vaultName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"AuditEvent","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
+ diagnostic settings for '', parameters(''vaultName''))]"}}},"parameters":{"location":{"value":"[field(''location'')]"},"vaultName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ed7c8c13-51e7-49d1-8a43-8490431a0da2","type":"Microsoft.Authorization/policyDefinitions","name":"ed7c8c13-51e7-49d1-8a43-8490431a0da2"}'
headers:
cache-control:
- no-cache
content-length:
- - '2673'
+ - '3571'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:13 GMT
+ - Fri, 06 Dec 2019 22:17:52 GMT
expires:
- '-1'
pragma:
@@ -30256,16 +43827,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/edf3780c-3d70-40fe-b17e-ab72013dafca?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b'' could not be found."}}'
+ ''edf3780c-3d70-40fe-b17e-ab72013dafca'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -30274,7 +43845,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:14 GMT
+ - Fri, 06 Dec 2019 22:17:54 GMT
expires:
- '-1'
pragma:
@@ -30300,40 +43871,40 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/edf3780c-3d70-40fe-b17e-ab72013dafca?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
- Windows VMs configurations in ''Security Options - Recovery console''","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Windows virtual machines
- with non-compliant settings in Group Policy category: ''Security Options -
- Recovery console''. It also creates a system-assigned managed identity and
- deploys the VM extension for Guest Configuration. This policy should only
- be used along with its corresponding audit policy in an initiative. For more
- information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"type":"String","metadata":{"displayName":"Recovery
- console: Allow floppy copy and access to all drives and all folders","description":"Specifies
- whether to make the Recovery Console SET command available, which allows setting
- of recovery console environment variables."},"defaultValue":"0"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsRecoveryconsole","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''Recovery
- console: Allow floppy copy and access to all drives and all folders;ExpectedValue'',
- ''='', parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsRecoveryconsole"},"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Recovery
- console: Allow floppy copy and access to all drives and all folders;ExpectedValue","value":"[parameters(''RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b","type":"Microsoft.Authorization/policyDefinitions","name":"ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b"}'
+ string: '{"properties":{"displayName":"Deploy Diagnostic Settings for Stream
+ Analytics to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Stream Analytics to stream to a regional Event
+ Hub when any Stream Analytics which is missing this diagnostic settings is
+ created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingjobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.StreamAnalytics/streamingjobs/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"Execution","enabled":"[parameters(''logsEnabled'')]"},{"category":"Authoring","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/edf3780c-3d70-40fe-b17e-ab72013dafca","type":"Microsoft.Authorization/policyDefinitions","name":"edf3780c-3d70-40fe-b17e-ab72013dafca"}'
headers:
cache-control:
- no-cache
content-length:
- - '5535'
+ - '3826'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:14 GMT
+ - Fri, 06 Dec 2019 22:17:56 GMT
expires:
- '-1'
pragma:
@@ -30363,16 +43934,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''e01598e8-6538-41ed-95e8-8b29746cd697'' could not be found."}}'
+ ''ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -30381,7 +43952,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:14 GMT
+ - Fri, 06 Dec 2019 22:17:58 GMT
expires:
- '-1'
pragma:
@@ -30407,26 +43978,29 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Allow resource creation only in Japan
- data centers","policyType":"BuiltIn","mode":"Indexed","description":"Allows
- resource creation in the following locations only: Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697","type":"Microsoft.Authorization/policyDefinitions","name":"e01598e8-6538-41ed-95e8-8b29746cd697"}'
+ string: '{"properties":{"displayName":"Vulnerability assessment should be enabled
+ on your SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"Audit
+ Azure SQL servers which do not have recurring vulnerability assessment scans
+ enabled. Vulnerability assessment can discover, track, and help you remediate
+ potential database vulnerabilities.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/vulnerabilityAssessments/recurringScans.isEnabled","equals":"True"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","type":"Microsoft.Authorization/policyDefinitions","name":"ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9"}'
headers:
cache-control:
- no-cache
content-length:
- - '587'
+ - '1113'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:14 GMT
+ - Fri, 06 Dec 2019 22:18:00 GMT
expires:
- '-1'
pragma:
@@ -30456,16 +44030,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e0efc13a-122a-47c5-b817-2ccfe5d12615?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ef7b61ef-b8e4-4c91-8e78-6946c6b0023f?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''e0efc13a-122a-47c5-b817-2ccfe5d12615'' could not be found."}}'
+ ''ef7b61ef-b8e4-4c91-8e78-6946c6b0023f'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -30474,7 +44048,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:14 GMT
+ - Fri, 06 Dec 2019 22:18:02 GMT
expires:
- '-1'
pragma:
@@ -30500,41 +44074,39 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/e0efc13a-122a-47c5-b817-2ccfe5d12615?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/ef7b61ef-b8e4-4c91-8e78-6946c6b0023f?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Deploy prerequisites to audit Windows
- VMs that do not have the specified Windows PowerShell execution policy","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Windows virtual machines
- where Windows PowerShell is not configured to use the specified PowerShell
- execution policy. It also creates a system-assigned managed identity and deploys
- the VM extension for Guest Configuration. This policy should only be used
- along with its corresponding audit policy in an initiative. For more information
- on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"ExecutionPolicy":{"type":"String","metadata":{"displayName":"PowerShell
- Execution Policy","description":"The expected PowerShell execution policy."},"allowedValues":["AllSigned","Bypass","Default","RemoteSigned","Restricted","Undefined","Unrestricted"]}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellExecutionPolicy","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[PowerShellExecutionPolicy]PowerShellExecutionPolicy1;ExecutionPolicy'',
- ''='', parameters(''ExecutionPolicy'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"WindowsPowerShellExecutionPolicy"},"ExecutionPolicy":{"value":"[parameters(''ExecutionPolicy'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ExecutionPolicy":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellExecutionPolicy]PowerShellExecutionPolicy1;ExecutionPolicy","value":"[parameters(''ExecutionPolicy'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[PowerShellExecutionPolicy]PowerShellExecutionPolicy1;ExecutionPolicy","value":"[parameters(''ExecutionPolicy'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e0efc13a-122a-47c5-b817-2ccfe5d12615","type":"Microsoft.Authorization/policyDefinitions","name":"e0efc13a-122a-47c5-b817-2ccfe5d12615"}'
+ string: '{"properties":{"displayName":"Deploy Diagnostic Settings for Event
+ Hub to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
+ the diagnostic settings for Event Hub to stream to a regional Event Hub when
+ any Event Hub which is missing this diagnostic settings is created or updated.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["DeployIfNotExists","Disabled"],"defaultValue":"DeployIfNotExists"},"profileName":{"type":"String","metadata":{"displayName":"Profile
+ name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy_eventHub"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
+ Hub Authorization Rule Id","description":"The Event Hub authorization rule
+ Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
+ namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
+ group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
+ rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ metrics","description":"Whether to enable metrics stream to the Event Hub
+ - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
+ logs","description":"Whether to enable logs stream to the Event Hub - True
+ or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"resourceName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.EventHub/namespaces/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''resourceName''),
+ ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"ArchiveLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"OperationalLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"AutoScaleLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"KafkaCoordinatorLogs","enabled":"[parameters(''logsEnabled'')]"},{"category":"EventHubVNetConnectionEvent","enabled":"[parameters(''logsEnabled'')]"},{"category":"CustomerManagedKeyUserLogs","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{}},"parameters":{"location":{"value":"[field(''location'')]"},"resourceName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef7b61ef-b8e4-4c91-8e78-6946c6b0023f","type":"Microsoft.Authorization/policyDefinitions","name":"ef7b61ef-b8e4-4c91-8e78-6946c6b0023f"}'
headers:
cache-control:
- no-cache
content-length:
- - '6157'
+ - '4103'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:14 GMT
+ - Fri, 06 Dec 2019 22:18:03 GMT
expires:
- '-1'
pragma:
@@ -30564,16 +44136,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15'' could not be found."}}'
+ ''efbde977-ba53-4479-b8e9-10b957924fbf'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -30582,7 +44154,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:15 GMT
+ - Fri, 06 Dec 2019 22:18:05 GMT
expires:
- '-1'
pragma:
@@ -30608,28 +44180,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Vulnerabilities in security configuration
- on your machines should be remediated","policyType":"BuiltIn","mode":"All","description":"Servers
- which do not satisfy the configured baseline will be monitored by Azure Security
- Center as recommendations","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"osVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","type":"Microsoft.Authorization/policyDefinitions","name":"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15"}'
+ string: '{"properties":{"displayName":"The Log Analytics agent should be installed
+ on Virtual Machine Scale Sets","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any Windows/Linux Virtual Machine Scale Sets if the Log Analytics
+ agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","in":["MicrosoftMonitoringAgent","OmsAgentForLinux"]},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/provisioningState","equals":"Succeeded"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/settings.workspaceId","exists":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf","type":"Microsoft.Authorization/policyDefinitions","name":"efbde977-ba53-4479-b8e9-10b957924fbf"}'
headers:
cache-control:
- no-cache
content-length:
- - '1104'
+ - '1416'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:15 GMT
+ - Fri, 06 Dec 2019 22:18:06 GMT
expires:
- '-1'
pragma:
@@ -30659,16 +44231,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/f0473e7a-a1ba-4e86-afb2-e829e11b01d8?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''e2dd799a-a932-4e9d-ac17-d473bc3c6c10'' could not be found."}}'
+ ''f0473e7a-a1ba-4e86-afb2-e829e11b01d8'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -30677,7 +44249,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:16 GMT
+ - Fri, 06 Dec 2019 22:18:08 GMT
expires:
- '-1'
pragma:
@@ -30703,32 +44275,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/f0473e7a-a1ba-4e86-afb2-e829e11b01d8?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Audit Dependency Agent Deployment
- in VMSS - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports
- VMSS as non-compliant if the VM Image (OS) is not in the list defined and
- the agent is not installed. The list of OS images will be updated over time
- as support is updated.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude_windows":{"type":"Array","metadata":{"displayName":"Optional:
- List of VM images that have supported Windows OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional:
- List of VM images that have supported Linux OS to add to scope","description":"Example
- value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH","2019-Datacenter","2019-Datacenter-Core","2019-Datacenter-Core-smalldisk","2019-Datacenter-Core-with-Containers","2019-Datacenter-Core-with-Containers-smalldisk","2019-Datacenter-smalldisk","2019-Datacenter-with-Containers","2019-Datacenter-with-Containers-smalldisk","2019-Datacenter-zhcn"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2","12-SP3","12-SP4"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10","type":"Microsoft.Authorization/policyDefinitions","name":"e2dd799a-a932-4e9d-ac17-d473bc3c6c10"}'
+ string: '{"properties":{"displayName":"Ensure that Register with Azure Active
+ Directory is enabled on Function App","policyType":"BuiltIn","mode":"Indexed","description":"Managed
+ service identity in App Service makes the app more secure by eliminating secrets
+ from the app, such as credentials in the connection strings. When registering
+ with Azure Active Directory in the app service, the app will connect to other
+ Azure services securely without the need of username and passwords","metadata":{"category":"App
+ Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/web.managedServiceIdentityId","exists":"true"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0473e7a-a1ba-4e86-afb2-e829e11b01d8","type":"Microsoft.Authorization/policyDefinitions","name":"f0473e7a-a1ba-4e86-afb2-e829e11b01d8"}'
headers:
cache-control:
- no-cache
content-length:
- - '5770'
+ - '1258'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:16 GMT
+ - Fri, 06 Dec 2019 22:18:10 GMT
expires:
- '-1'
pragma:
@@ -30758,16 +44329,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''e3576e28-8b17-4677-84c3-db2990658d64'' could not be found."}}'
+ ''f0633351-c7b2-41ff-9981-508fc08553c2'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -30776,7 +44347,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:16 GMT
+ - Fri, 06 Dec 2019 22:18:12 GMT
expires:
- '-1'
pragma:
@@ -30802,29 +44373,43 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"MFA should be enabled on accounts with
- read permissions on your subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor
- Authentication (MFA) should be enabled for all subscription accounts with
- read privileges to prevent a breach of accounts or resources.","metadata":{"category":"Security
- Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForReadPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","type":"Microsoft.Authorization/policyDefinitions","name":"e3576e28-8b17-4677-84c3-db2990658d64"}'
+ string: '{"properties":{"displayName":"Deploy prerequisites to audit Windows
+ VMs that have the specified applications installed","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Windows virtual machines
+ that have the specified applications installed. It also creates a system-assigned
+ managed identity and deploys the VM extension for Guest Configuration. This
+ policy should only be used along with its corresponding audit policy in an
+ initiative. For more information on Guest Configuration policies, please visit
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"ApplicationName":{"type":"String","metadata":{"displayName":"Application
+ names (supports wildcards)","description":"A semicolon-separated list of the
+ names of the applications that should not be installed. e.g. ''Microsoft SQL
+ Server 2014 (64-bit); Microsoft Visual Studio Code'' or ''Microsoft SQL Server
+ 2014*'' (to match any application starting with ''Microsoft SQL Server 2014'')"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"NotInstalledApplication","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[InstalledApplication]NotInstalledApplicationResource1;Name'',
+ ''='', parameters(''ApplicationName'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"NotInstalledApplication"},"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ApplicationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]NotInstalledApplicationResource1;Name","value":"[parameters(''ApplicationName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]NotInstalledApplicationResource1;Name","value":"[parameters(''ApplicationName'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2","type":"Microsoft.Authorization/policyDefinitions","name":"f0633351-c7b2-41ff-9981-508fc08553c2"}'
headers:
cache-control:
- no-cache
content-length:
- - '1104'
+ - '6244'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:16 GMT
+ - Fri, 06 Dec 2019 22:18:13 GMT
expires:
- '-1'
pragma:
@@ -30854,16 +44439,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e3a77a94-cf41-4ee8-b45c-98be28841c03?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''e3a77a94-cf41-4ee8-b45c-98be28841c03'' could not be found."}}'
+ ''f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -30872,7 +44457,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:17 GMT
+ - Fri, 06 Dec 2019 22:18:16 GMT
expires:
- '-1'
pragma:
@@ -30898,31 +44483,27 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/e3a77a94-cf41-4ee8-b45c-98be28841c03?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
- VMs configurations in ''Security Options - Shutdown''","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines with non-compliant settings in Group Policy
- category: ''Security Options - Shutdown''. For more information on Guest Configuration
- policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsShutdown","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3a77a94-cf41-4ee8-b45c-98be28841c03","type":"Microsoft.Authorization/policyDefinitions","name":"e3a77a94-cf41-4ee8-b45c-98be28841c03"}'
+ string: '{"properties":{"displayName":"Latest TLS version should be used in
+ your Web App","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
+ to the latest TLS version","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"app*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b","type":"Microsoft.Authorization/policyDefinitions","name":"f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b"}'
headers:
cache-control:
- no-cache
content-length:
- - '2647'
+ - '930'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:17 GMT
+ - Fri, 06 Dec 2019 22:18:17 GMT
expires:
- '-1'
pragma:
@@ -30952,16 +44533,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e3d95ab7-f47a-49d8-a347-784177b6c94c?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/f1776c76-f58c-4245-a8d0-2b207198dc8b?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''e3d95ab7-f47a-49d8-a347-784177b6c94c'' could not be found."}}'
+ ''f1776c76-f58c-4245-a8d0-2b207198dc8b'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -30970,7 +44551,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:17 GMT
+ - Fri, 06 Dec 2019 22:18:20 GMT
expires:
- '-1'
pragma:
@@ -30996,59 +44577,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/e3d95ab7-f47a-49d8-a347-784177b6c94c?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/f1776c76-f58c-4245-a8d0-2b207198dc8b?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
- Windows VMs configurations in ''Security Settings - Account Policies''","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Windows virtual machines
- with non-compliant settings in Group Policy category: ''Security Settings
- - Account Policies''. It also creates a system-assigned managed identity and
- deploys the VM extension for Guest Configuration. This policy should only
- be used along with its corresponding audit policy in an initiative. For more
- information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"EnforcePasswordHistory":{"type":"String","metadata":{"displayName":"Enforce
- password history","description":"Specifies limits on password reuse - how
- many times a new password must be created for a user account before the password
- can be repeated."},"defaultValue":"24"},"MaximumPasswordAge":{"type":"String","metadata":{"displayName":"Maximum
- password age","description":"Specifies the maximum number of days that may
- elapse before a user account password must be changed. The format of the value
- is two integers separated by a comma, denoting an inclusive range."},"defaultValue":"1,70"},"MinimumPasswordAge":{"type":"String","metadata":{"displayName":"Minimum
- password age","description":"Specifies the minimum number of days that must
- elapse before a user account password can be changed."},"defaultValue":"1"},"MinimumPasswordLength":{"type":"String","metadata":{"displayName":"Minimum
- password length","description":"Specifies the minimum number of characters
- that a user account password may contain."},"defaultValue":"14"},"PasswordMustMeetComplexityRequirements":{"type":"String","metadata":{"displayName":"Password
- must meet complexity requirements","description":"Specifies whether a user
- account password must be complex. If required, a complex password must not
- contain part of user''s account name or full name; be at least 6 characters
- long; contain a mix of uppercase, lowercase, number, and non-alphabetic characters."},"defaultValue":"1"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecuritySettingsAccountPolicies","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''Enforce
- password history;ExpectedValue'', ''='', parameters(''EnforcePasswordHistory''),
- '','', ''Maximum password age;ExpectedValue'', ''='', parameters(''MaximumPasswordAge''),
- '','', ''Minimum password age;ExpectedValue'', ''='', parameters(''MinimumPasswordAge''),
- '','', ''Minimum password length;ExpectedValue'', ''='', parameters(''MinimumPasswordLength''),
- '','', ''Password must meet complexity requirements;ExpectedValue'', ''='',
- parameters(''PasswordMustMeetComplexityRequirements'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecuritySettingsAccountPolicies"},"EnforcePasswordHistory":{"value":"[parameters(''EnforcePasswordHistory'')]"},"MaximumPasswordAge":{"value":"[parameters(''MaximumPasswordAge'')]"},"MinimumPasswordAge":{"value":"[parameters(''MinimumPasswordAge'')]"},"MinimumPasswordLength":{"value":"[parameters(''MinimumPasswordLength'')]"},"PasswordMustMeetComplexityRequirements":{"value":"[parameters(''PasswordMustMeetComplexityRequirements'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"EnforcePasswordHistory":{"type":"string"},"MaximumPasswordAge":{"type":"string"},"MinimumPasswordAge":{"type":"string"},"MinimumPasswordLength":{"type":"string"},"PasswordMustMeetComplexityRequirements":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Enforce
- password history;ExpectedValue","value":"[parameters(''EnforcePasswordHistory'')]"},{"name":"Maximum
- password age;ExpectedValue","value":"[parameters(''MaximumPasswordAge'')]"},{"name":"Minimum
- password age;ExpectedValue","value":"[parameters(''MinimumPasswordAge'')]"},{"name":"Minimum
- password length;ExpectedValue","value":"[parameters(''MinimumPasswordLength'')]"},{"name":"Password
- must meet complexity requirements;ExpectedValue","value":"[parameters(''PasswordMustMeetComplexityRequirements'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3d95ab7-f47a-49d8-a347-784177b6c94c","type":"Microsoft.Authorization/policyDefinitions","name":"e3d95ab7-f47a-49d8-a347-784177b6c94c"}'
+ string: '{"properties":{"displayName":"Virtual networks should use specified
+ virtual network gateway","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy audits any virtual network if the default route does not point to the
+ specified virtual network gateway.","metadata":{"category":"Network"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"virtualNetworkGatewayId":{"type":"String","metadata":{"displayName":"Virtual
+ network gateway Id","description":"Resource Id of the virtual network gateway.
+ Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroup/providers/Microsoft.Network/virtualNetworkGateways/Name"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/virtualNetworks"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Network/virtualNetworks/subnets","name":"GatewaySubnet","existenceCondition":{"not":{"field":"Microsoft.Network/virtualNetworks/subnets/ipConfigurations[*].id","notContains":"[concat(parameters(''virtualNetworkGatewayId''),
+ ''/'')]"}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f1776c76-f58c-4245-a8d0-2b207198dc8b","type":"Microsoft.Authorization/policyDefinitions","name":"f1776c76-f58c-4245-a8d0-2b207198dc8b"}'
headers:
cache-control:
- no-cache
content-length:
- - '7614'
+ - '1395'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:17 GMT
+ - Fri, 06 Dec 2019 22:18:21 GMT
expires:
- '-1'
pragma:
@@ -31078,16 +44631,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e425e402-a050-45e5-b010-bd3f934589fc?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''e425e402-a050-45e5-b010-bd3f934589fc'' could not be found."}}'
+ ''f19aa1c1-6b91-4c27-ae6a-970279f03db9'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -31096,7 +44649,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:18 GMT
+ - Fri, 06 Dec 2019 22:18:23 GMT
expires:
- '-1'
pragma:
@@ -31122,55 +44675,39 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/e425e402-a050-45e5-b010-bd3f934589fc?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
- Windows VMs configurations in ''Security Options - User Account Control''","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Windows virtual machines
- with non-compliant settings in Group Policy category: ''Security Options -
- User Account Control''. It also creates a system-assigned managed identity
- and deploys the VM extension for Guest Configuration. This policy should only
- be used along with its corresponding audit policy in an initiative. For more
- information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"UACAdminApprovalModeForTheBuiltinAdministratorAccount":{"type":"String","metadata":{"displayName":"UAC:
- Admin Approval Mode for the Built-in Administrator account","description":"Specifies
- the behavior of Admin Approval Mode for the built-in Administrator account."},"defaultValue":"1"},"UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode":{"type":"String","metadata":{"displayName":"UAC:
- Behavior of the elevation prompt for administrators in Admin Approval Mode","description":"Specifies
- the behavior of the elevation prompt for administrators."},"defaultValue":"2"},"UACDetectApplicationInstallationsAndPromptForElevation":{"type":"String","metadata":{"displayName":"UAC:
- Detect application installations and prompt for elevation","description":"Specifies
- the behavior of application installation detection for the computer."},"defaultValue":"1"},"UACRunAllAdministratorsInAdminApprovalMode":{"type":"String","metadata":{"displayName":"UAC:
- Run all administrators in Admin Approval Mode","description":"Specifies the
- behavior of all User Account Control (UAC) policy settings for the computer."},"defaultValue":"1"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsUserAccountControl","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''User
- Account Control: Admin Approval Mode for the Built-in Administrator account;ExpectedValue'',
- ''='', parameters(''UACAdminApprovalModeForTheBuiltinAdministratorAccount''),
- '','', ''User Account Control: Behavior of the elevation prompt for administrators
- in Admin Approval Mode;ExpectedValue'', ''='', parameters(''UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode''),
- '','', ''User Account Control: Detect application installations and prompt
- for elevation;ExpectedValue'', ''='', parameters(''UACDetectApplicationInstallationsAndPromptForElevation''),
- '','', ''User Account Control: Run all administrators in Admin Approval Mode;ExpectedValue'',
- ''='', parameters(''UACRunAllAdministratorsInAdminApprovalMode'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsUserAccountControl"},"UACAdminApprovalModeForTheBuiltinAdministratorAccount":{"value":"[parameters(''UACAdminApprovalModeForTheBuiltinAdministratorAccount'')]"},"UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode":{"value":"[parameters(''UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode'')]"},"UACDetectApplicationInstallationsAndPromptForElevation":{"value":"[parameters(''UACDetectApplicationInstallationsAndPromptForElevation'')]"},"UACRunAllAdministratorsInAdminApprovalMode":{"value":"[parameters(''UACRunAllAdministratorsInAdminApprovalMode'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"UACAdminApprovalModeForTheBuiltinAdministratorAccount":{"type":"string"},"UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode":{"type":"string"},"UACDetectApplicationInstallationsAndPromptForElevation":{"type":"string"},"UACRunAllAdministratorsInAdminApprovalMode":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"User
- Account Control: Admin Approval Mode for the Built-in Administrator account;ExpectedValue","value":"[parameters(''UACAdminApprovalModeForTheBuiltinAdministratorAccount'')]"},{"name":"User
- Account Control: Behavior of the elevation prompt for administrators in Admin
- Approval Mode;ExpectedValue","value":"[parameters(''UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode'')]"},{"name":"User
- Account Control: Detect application installations and prompt for elevation;ExpectedValue","value":"[parameters(''UACDetectApplicationInstallationsAndPromptForElevation'')]"},{"name":"User
- Account Control: Run all administrators in Admin Approval Mode;ExpectedValue","value":"[parameters(''UACRunAllAdministratorsInAdminApprovalMode'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e425e402-a050-45e5-b010-bd3f934589fc","type":"Microsoft.Authorization/policyDefinitions","name":"e425e402-a050-45e5-b010-bd3f934589fc"}'
+ string: '{"properties":{"displayName":"[Preview]: Deploy prerequisites to audit
+ Linux VMs that do not have the passwd file permissions set to 0644","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Linux virtual machines
+ that do not have the passwd file permissions set to 0644. It also creates
+ a system-assigned managed identity and deploys the VM extension for Guest
+ Configuration. This policy should only be used along with its corresponding
+ audit policy in an initiative. For more information on Guest Configuration
+ policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid121"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","type":"Microsoft.Authorization/policyDefinitions","name":"f19aa1c1-6b91-4c27-ae6a-970279f03db9"}'
headers:
cache-control:
- no-cache
content-length:
- - '8034'
+ - '5700'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:18 GMT
+ - Fri, 06 Dec 2019 22:18:24 GMT
expires:
- '-1'
pragma:
@@ -31200,16 +44737,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/f1f4825d-58fb-4257-8016-8c00e3c9ed9d?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''e56962a6-4747-49cd-b67b-bf8b01975c4c'' could not be found."}}'
+ ''f1f4825d-58fb-4257-8016-8c00e3c9ed9d'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -31218,7 +44755,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:19 GMT
+ - Fri, 06 Dec 2019 22:18:26 GMT
expires:
- '-1'
pragma:
@@ -31244,30 +44781,34 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/f1f4825d-58fb-4257-8016-8c00e3c9ed9d?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Allowed locations","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy enables you to restrict the locations your organization can specify
- when deploying resources. Use to enforce your geo-compliance requirements.
- Excludes resource groups, Microsoft.AzureActiveDirectory/b2cDirectories, and
- resources that use the ''global'' region.","metadata":{"category":"General"},"parameters":{"listOfAllowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that can be specified when deploying resources.","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"allOf":[{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"},{"field":"location","notEquals":"global"},{"field":"type","notEquals":"Microsoft.AzureActiveDirectory/b2cDirectories"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","type":"Microsoft.Authorization/policyDefinitions","name":"e56962a6-4747-49cd-b67b-bf8b01975c4c"}'
+ string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
+ Windows VMs configurations in ''Adminstrative Templates - MSS (Legacy)''","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Windows virtual machines
+ with non-compliant settings in Group Policy category: ''Adminstrative Templates
+ - MSS (Legacy)''. It also creates a system-assigned managed identity and deploys
+ the VM extension for Guest Configuration. This policy should only be used
+ along with its corresponding audit policy in an initiative. For more information
+ on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdminstrativeTemplatesMSSLegacy","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_AdminstrativeTemplatesMSSLegacy"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f1f4825d-58fb-4257-8016-8c00e3c9ed9d","type":"Microsoft.Authorization/policyDefinitions","name":"f1f4825d-58fb-4257-8016-8c00e3c9ed9d"}'
headers:
cache-control:
- no-cache
content-length:
- - '1066'
+ - '4396'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:19 GMT
+ - Fri, 06 Dec 2019 22:18:28 GMT
expires:
- '-1'
pragma:
@@ -31297,16 +44838,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e5b81f87-9185-4224-bf00-9f505e9f89f3?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''e5b81f87-9185-4224-bf00-9f505e9f89f3'' could not be found."}}'
+ ''f3b44e5d-1456-475f-9c67-c66c4618e85a'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -31315,7 +44856,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:19 GMT
+ - Fri, 06 Dec 2019 22:18:31 GMT
expires:
- '-1'
pragma:
@@ -31341,38 +44882,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/e5b81f87-9185-4224-bf00-9f505e9f89f3?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
- Windows VMs configurations in ''Security Options - Accounts''","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Windows virtual machines
- with non-compliant settings in Group Policy category: ''Security Options -
- Accounts''. It also creates a system-assigned managed identity and deploys
- the VM extension for Guest Configuration. This policy should only be used
- along with its corresponding audit policy in an initiative. For more information
- on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"AccountsGuestAccountStatus":{"type":"String","metadata":{"displayName":"Accounts:
- Guest account status","description":"Specifies whether the local Guest account
- is disabled."},"defaultValue":"0"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsAccounts","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''Accounts:
- Guest account status;ExpectedValue'', ''='', parameters(''AccountsGuestAccountStatus'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsAccounts"},"AccountsGuestAccountStatus":{"value":"[parameters(''AccountsGuestAccountStatus'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AccountsGuestAccountStatus":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Accounts:
- Guest account status;ExpectedValue","value":"[parameters(''AccountsGuestAccountStatus'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e5b81f87-9185-4224-bf00-9f505e9f89f3","type":"Microsoft.Authorization/policyDefinitions","name":"e5b81f87-9185-4224-bf00-9f505e9f89f3"}'
+ string: '{"properties":{"displayName":"Show audit results from Windows VMs in
+ which the Administrators group does not contain all of the specified members","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Windows virtual machines in which the Administrators group does not
+ contain all of the specified members. For more information on Guest Configuration
+ policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AdministratorsGroupMembersToInclude","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a","type":"Microsoft.Authorization/policyDefinitions","name":"f3b44e5d-1456-475f-9c67-c66c4618e85a"}'
headers:
cache-control:
- no-cache
content-length:
- - '5066'
+ - '2812'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:19 GMT
+ - Fri, 06 Dec 2019 22:18:32 GMT
expires:
- '-1'
pragma:
@@ -31402,16 +44936,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/f3b9ad83-000d-4dc1-bff0-6d54533dd03f?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''e67687e8-08d5-4e7f-8226-5b4753bba008'' could not be found."}}'
+ ''f3b9ad83-000d-4dc1-bff0-6d54533dd03f'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -31420,7 +44954,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:20 GMT
+ - Fri, 06 Dec 2019 22:18:33 GMT
expires:
- '-1'
pragma:
@@ -31446,29 +44980,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/f3b9ad83-000d-4dc1-bff0-6d54533dd03f?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Deprecated]: Audit Web Applications
- that are not using latest supported Node.js Framework","policyType":"BuiltIn","mode":"All","description":"Use
- the latest supported Node.js version for the latest security classes. Using
- older classes and types can make your application vulnerable.","metadata":{"category":"Security
- Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"UseLatestNodeJS","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008","type":"Microsoft.Authorization/policyDefinitions","name":"e67687e8-08d5-4e7f-8226-5b4753bba008"}'
+ string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
+ VMs that do not contain the specified certificates in Trusted Root","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Windows VMs that do not contain the specified certificates in the
+ Trusted Root Certification Authorities certificate store (Cert:\\LocalMachine\\Root).
+ For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsCertificateInTrustedRoot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f3b9ad83-000d-4dc1-bff0-6d54533dd03f","type":"Microsoft.Authorization/policyDefinitions","name":"f3b9ad83-000d-4dc1-bff0-6d54533dd03f"}'
headers:
cache-control:
- no-cache
content-length:
- - '1228'
+ - '2848'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:20 GMT
+ - Fri, 06 Dec 2019 22:18:35 GMT
expires:
- '-1'
pragma:
@@ -31498,16 +45034,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''e71308d3-144b-4262-b144-efdc3cc90517'' could not be found."}}'
+ ''f47b5582-33ec-4c5c-87c0-b010a6b2e917'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -31516,7 +45052,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:20 GMT
+ - Fri, 06 Dec 2019 22:18:37 GMT
expires:
- '-1'
pragma:
@@ -31542,30 +45078,30 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Subnets should be associated with a Network
- Security Group","policyType":"BuiltIn","mode":"All","description":"Protect
- your subnet from potential threats by restricting access to it with a Network
- Security Group (NSG). NSGs contain a list of Access Control List (ACL) rules
- that allow or deny network traffic to your subnet.","metadata":{"category":"Security
- Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnSubnets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517","type":"Microsoft.Authorization/policyDefinitions","name":"e71308d3-144b-4262-b144-efdc3cc90517"}'
+ string: '{"properties":{"displayName":"[Preview]: Audit Log Analytics Workspace
+ for VM - Report Mismatch","policyType":"BuiltIn","mode":"Indexed","description":"Reports
+ VMs as non-compliant if they not logging to the LA workspace specified in
+ the policy/initiative assignment.","metadata":{"category":"Monitoring"},"parameters":{"logAnalyticsWorkspaceId":{"type":"String","metadata":{"displayName":"Log
+ Analytics Workspace Id that VMs should be configured for","description":"This
+ is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured
+ for."}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines/extensions"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId","notEquals":"[parameters(''logAnalyticsWorkspaceId'')]"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","type":"Microsoft.Authorization/policyDefinitions","name":"f47b5582-33ec-4c5c-87c0-b010a6b2e917"}'
headers:
cache-control:
- no-cache
content-length:
- - '1162'
+ - '1136'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:20 GMT
+ - Fri, 06 Dec 2019 22:18:39 GMT
expires:
- '-1'
pragma:
@@ -31595,16 +45131,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''e756b945-1b1b-480b-8de8-9a0859d5f7ad'' could not be found."}}'
+ ''f4826e5f-6a27-407c-ae3e-9582eb39891d'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -31613,7 +45149,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:21 GMT
+ - Fri, 06 Dec 2019 22:18:41 GMT
expires:
- '-1'
pragma:
@@ -31639,29 +45175,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Advanced Threat Protection types should
- be set to ''All'' in SQL server Advanced Data Security settings","policyType":"BuiltIn","mode":"Indexed","description":"It
- is recommended to enable all Advanced Threat Protection types on your SQL
- servers. Enabling all types protects against SQL injection, database vulnerabilities,
- and any other anomalous activities.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/securityAlertPolicies/disabledAlerts[*]","equals":""}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad","type":"Microsoft.Authorization/policyDefinitions","name":"e756b945-1b1b-480b-8de8-9a0859d5f7ad"}'
+ string: '{"properties":{"displayName":"Authorization rules on the Event Hub
+ instance should be defined","policyType":"BuiltIn","mode":"All","description":"Audit
+ existence of authorization rules on Event Hub entities to grant least-privileged
+ access","metadata":{"category":"Event Hub"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces/eventhubs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.EventHub/namespaces/eventHubs/authorizationRules"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d","type":"Microsoft.Authorization/policyDefinitions","name":"f4826e5f-6a27-407c-ae3e-9582eb39891d"}'
headers:
cache-control:
- no-cache
content-length:
- - '1137'
+ - '905'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:21 GMT
+ - Fri, 06 Dec 2019 22:18:42 GMT
expires:
- '-1'
pragma:
@@ -31691,16 +45226,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''e765b5de-1225-4ba3-bd56-1ac6695af988'' could not be found."}}'
+ ''f48b2913-1dc5-4834-8c72-ccc1dfd819bb'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -31709,7 +45244,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:21 GMT
+ - Fri, 06 Dec 2019 22:18:44 GMT
expires:
- '-1'
pragma:
@@ -31735,28 +45270,30 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Allowed locations for resource groups","policyType":"BuiltIn","mode":"All","description":"This
- policy enables you to restrict the locations your organization can create
- resource groups in. Use to enforce your geo-compliance requirements.","metadata":{"category":"General"},"parameters":{"listOfAllowedLocations":{"type":"Array","metadata":{"description":"The
- list of locations that resource groups can be created in.","strongType":"location","displayName":"Allowed
- locations"}}},"policyRule":{"if":{"allOf":[{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"},{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988","type":"Microsoft.Authorization/policyDefinitions","name":"e765b5de-1225-4ba3-bd56-1ac6695af988"}'
+ string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
+ VMs that do not have the password complexity setting enabled","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Windows virtual machines that do not have the password complexity
+ setting enabled. For more information on Guest Configuration policies, please
+ visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","type":"Microsoft.Authorization/policyDefinitions","name":"f48b2913-1dc5-4834-8c72-ccc1dfd819bb"}'
headers:
cache-control:
- no-cache
content-length:
- - '908'
+ - '2780'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:22 GMT
+ - Fri, 06 Dec 2019 22:18:46 GMT
expires:
- '-1'
pragma:
@@ -31786,16 +45323,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/f4b245d4-46c9-42be-9b1a-49e2b5b94194?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''e797f851-8be7-4c40-bb56-2e3395215b0e'' could not be found."}}'
+ ''f4b245d4-46c9-42be-9b1a-49e2b5b94194'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -31804,7 +45341,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:22 GMT
+ - Fri, 06 Dec 2019 22:18:48 GMT
expires:
- '-1'
pragma:
@@ -31830,29 +45367,42 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/f4b245d4-46c9-42be-9b1a-49e2b5b94194?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Deprecated]: Audit Web Sockets state
- for a Web Application","policyType":"BuiltIn","mode":"All","description":"The
- Web Sockets protocol is vulnerable to different types of security threats.
- Use of Web Sockets within a web application must be carefully reviewed.","metadata":{"category":"Security
- Center","preview":true,"deprecated":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.Web/sites"},{"anyOf":[{"field":"kind","equals":"app"},{"field":"kind","equals":"WebApp"},{"field":"kind","equals":"app,linux"},{"field":"kind","equals":"app,linux,container"}]}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DisableWebSockets","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e","type":"Microsoft.Authorization/policyDefinitions","name":"e797f851-8be7-4c40-bb56-2e3395215b0e"}'
+ string: '{"properties":{"displayName":"[Preview]: Deploy prerequisites to audit
+ Windows VMs that have not restarted within the specified number of days","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Windows virtual machines
+ that have not restarted within the specified number of days. It also creates
+ a system-assigned managed identity and deploys the VM extension for Guest
+ Configuration. This policy should only be used along with its corresponding
+ audit policy in an initiative. For more information on Guest Configuration
+ policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"NumberOfDays":{"type":"String","metadata":{"displayName":"Number
+ of days","description":"The number of days without restart until the machine
+ is considered non-compliant"},"defaultValue":"12"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MachineLastBootUpTime","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[MachineUpTime]MachineLastBootUpTime;NumberOfDays'',
+ ''='', parameters(''NumberOfDays'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MachineLastBootUpTime"},"NumberOfDays":{"value":"[parameters(''NumberOfDays'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"NumberOfDays":{"type":"string"}},"resources":[{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''microsoft.hybridcompute/machines''))]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[MachineUpTime]MachineLastBootUpTime;NumberOfDays","value":"[parameters(''NumberOfDays'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[MachineUpTime]MachineLastBootUpTime;NumberOfDays","value":"[parameters(''NumberOfDays'')]"}]}}},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(toLower(parameters(''type'')),
+ toLower(''Microsoft.Compute/virtualMachines''))]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f4b245d4-46c9-42be-9b1a-49e2b5b94194","type":"Microsoft.Authorization/policyDefinitions","name":"f4b245d4-46c9-42be-9b1a-49e2b5b94194"}'
headers:
cache-control:
- no-cache
content-length:
- - '1275'
+ - '6040'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:22 GMT
+ - Fri, 06 Dec 2019 22:18:50 GMT
expires:
- '-1'
pragma:
@@ -31882,16 +45432,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''e802a67a-daf5-4436-9ea6-f6d821dd0c5d'' could not be found."}}'
+ ''f4c68484-132f-41f9-9b6d-3e4b1cb55036'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -31900,7 +45450,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:22 GMT
+ - Fri, 06 Dec 2019 22:18:52 GMT
expires:
- '-1'
pragma:
@@ -31926,32 +45476,39 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Enforce SSL connection should be enabled
- for MySQL database servers","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy audits any MySQL server that is not enforcing SSL connection. Azure
- Database for MySQL supports connecting your Azure Database for MySQL server
- to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections
- between your database server and your client applications helps protect against
- ''man in the middle'' attacks by encrypting the data stream between the server
- and your application.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DBforMySQL/servers"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","exists":"true"},{"field":"Microsoft.DBforMySQL/servers/sslEnforcement","notEquals":"Enabled"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d","type":"Microsoft.Authorization/policyDefinitions","name":"e802a67a-daf5-4436-9ea6-f6d821dd0c5d"}'
+ string: '{"properties":{"displayName":"Deploy Auditing on SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy ensures that Auditing is enabled on SQL Servers for enhanced security
+ and compliance. It will automatically create a storage account in the same
+ region as the SQL server to store audit records.","metadata":{"category":"SQL"},"parameters":{"retentionDays":{"type":"String","metadata":{"description":"The
+ value in days of the retention period (0 indicates unlimited retention)","displayName":"Retention
+ days (optional, 180 days if unspecified)"},"defaultValue":"180"},"storageAccountsResourceGroup":{"type":"String","metadata":{"displayName":"Resource
+ group name for storage accounts","description":"Auditing writes database events
+ to an audit log in your Azure Storage account (a storage account will be created
+ in each region where a SQL Server is created that will be shared by all servers
+ in that region). Important - for proper operation of Auditing do not delete
+ or rename the resource group or the storage accounts.","strongType":"existingResourceGroups"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"Default","existenceCondition":{"field":"Microsoft.Sql/auditingSettings.state","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3","/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"serverName":{"type":"string"},"auditRetentionDays":{"type":"string"},"storageAccountsResourceGroup":{"type":"string"},"location":{"type":"string"}},"variables":{"retentionDays":"[int(parameters(''auditRetentionDays''))]","subscriptionId":"[subscription().subscriptionId]","uniqueStorage":"[uniqueString(variables(''subscriptionId''),
+ parameters(''location''), parameters(''storageAccountsResourceGroup''))]","locationCode":"[substring(parameters(''location''),
+ 0, 3)]","storageName":"[tolower(concat(''sqlaudit'', variables(''locationCode''),
+ variables(''uniqueStorage'')))]","createStorageAccountDeploymentName":"[concat(''sqlServerAuditingStorageAccount-'',
+ uniqueString(variables(''locationCode''), parameters(''serverName'')))]"},"resources":[{"apiVersion":"2017-05-10","name":"[variables(''createStorageAccountDeploymentName'')]","type":"Microsoft.Resources/deployments","resourceGroup":"[parameters(''storageAccountsResourceGroup'')]","properties":{"mode":"Incremental","parameters":{"location":{"value":"[parameters(''location'')]"},"storageName":{"value":"[variables(''storageName'')]"}},"templateLink":{"uri":"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json","contentVersion":"1.0.0.0"}}},{"name":"[concat(parameters(''serverName''),
+ ''/Default'')]","type":"Microsoft.Sql/servers/auditingSettings","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","storageEndpoint":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountEndPoint.value]","storageAccountAccessKey":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountKey.value]","retentionDays":"[variables(''retentionDays'')]","auditActionsAndGroups":null,"storageAccountSubscriptionId":"[subscription().subscriptionId]","isStorageSecondaryKeyInUse":false}}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"auditRetentionDays":{"value":"[parameters(''retentionDays'')]"},"storageAccountsResourceGroup":{"value":"[parameters(''storageAccountsResourceGroup'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036","type":"Microsoft.Authorization/policyDefinitions","name":"f4c68484-132f-41f9-9b6d-3e4b1cb55036"}'
headers:
cache-control:
- no-cache
content-length:
- - '1280'
+ - '4046'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:22 GMT
+ - Fri, 06 Dec 2019 22:18:53 GMT
expires:
- '-1'
pragma:
@@ -31981,16 +45538,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/f56a3ab2-89d1-44de-ac0d-2ada5962e22a?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''e8cbc669-f12d-49eb-93e7-9273119e9933'' could not be found."}}'
+ ''f56a3ab2-89d1-44de-ac0d-2ada5962e22a'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -31999,7 +45556,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:24 GMT
+ - Fri, 06 Dec 2019 22:18:55 GMT
expires:
- '-1'
pragma:
@@ -32025,29 +45582,59 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/f56a3ab2-89d1-44de-ac0d-2ada5962e22a?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Vulnerabilities in container security
- configurations should be remediated","policyType":"BuiltIn","mode":"All","description":"Audit
- vulnerabilities in security configuration on machines with Docker installed
- and display as recommendations in Azure Security Center.","metadata":{"category":"Security
- Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines","Microsoft.Compute/virtualMachineScaleSets"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"ContainerBenchmark","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933","type":"Microsoft.Authorization/policyDefinitions","name":"e8cbc669-f12d-49eb-93e7-9273119e9933"}'
+ string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
+ Windows VMs configurations in ''Security Options - Network Access''","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a Guest Configuration assignment to audit Windows virtual machines
+ with non-compliant settings in Group Policy category: ''Security Options -
+ Network Access''. It also creates a system-assigned managed identity and deploys
+ the VM extension for Guest Configuration. This policy should only be used
+ along with its corresponding audit policy in an initiative. For more information
+ on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"NetworkAccessRemotelyAccessibleRegistryPaths":{"type":"String","metadata":{"displayName":"Network
+ access: Remotely accessible registry paths","description":"Specifies which
+ registry paths will be accessible over the network, regardless of the users
+ or groups listed in the access control list (ACL) of the `winreg` registry
+ key."},"defaultValue":"System\\CurrentControlSet\\Control\\ProductOptions|#|System\\CurrentControlSet\\Control\\Server
+ Applications|#|Software\\Microsoft\\Windows NT\\CurrentVersion"},"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths":{"type":"String","metadata":{"displayName":"Network
+ access: Remotely accessible registry paths and sub-paths","description":"Specifies
+ which registry paths and sub-paths will be accessible over the network, regardless
+ of the users or groups listed in the access control list (ACL) of the `winreg`
+ registry key."},"defaultValue":"System\\CurrentControlSet\\Control\\Print\\Printers|#|System\\CurrentControlSet\\Services\\Eventlog|#|Software\\Microsoft\\OLAP
+ Server|#|Software\\Microsoft\\Windows NT\\CurrentVersion\\Print|#|Software\\Microsoft\\Windows
+ NT\\CurrentVersion\\Windows|#|System\\CurrentControlSet\\Control\\ContentIndex|#|System\\CurrentControlSet\\Control\\Terminal
+ Server|#|System\\CurrentControlSet\\Control\\Terminal Server\\UserConfig|#|System\\CurrentControlSet\\Control\\Terminal
+ Server\\DefaultUserConfiguration|#|Software\\Microsoft\\Windows NT\\CurrentVersion\\Perflib|#|System\\CurrentControlSet\\Services\\SysmonLog"},"NetworkAccessSharesThatCanBeAccessedAnonymously":{"type":"String","metadata":{"displayName":"Network
+ access: Shares that can be accessed anonymously","description":"Specifies
+ which network shares can be accessed by anonymous users. The default configuration
+ for this policy setting has little effect because all users have to be authenticated
+ before they can access shared resources on the server."},"defaultValue":"0"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsNetworkAccess","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''Network
+ access: Remotely accessible registry paths;ExpectedValue'', ''='', parameters(''NetworkAccessRemotelyAccessibleRegistryPaths''),
+ '','', ''Network access: Remotely accessible registry paths and sub-paths;ExpectedValue'',
+ ''='', parameters(''NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths''),
+ '','', ''Network access: Shares that can be accessed anonymously;ExpectedValue'',
+ ''='', parameters(''NetworkAccessSharesThatCanBeAccessedAnonymously'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsNetworkAccess"},"NetworkAccessRemotelyAccessibleRegistryPaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPaths'')]"},"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths'')]"},"NetworkAccessSharesThatCanBeAccessedAnonymously":{"value":"[parameters(''NetworkAccessSharesThatCanBeAccessedAnonymously'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"NetworkAccessRemotelyAccessibleRegistryPaths":{"type":"string"},"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths":{"type":"string"},"NetworkAccessSharesThatCanBeAccessedAnonymously":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Network
+ access: Remotely accessible registry paths;ExpectedValue","value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPaths'')]"},{"name":"Network
+ access: Remotely accessible registry paths and sub-paths;ExpectedValue","value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths'')]"},{"name":"Network
+ access: Shares that can be accessed anonymously;ExpectedValue","value":"[parameters(''NetworkAccessSharesThatCanBeAccessedAnonymously'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f56a3ab2-89d1-44de-ac0d-2ada5962e22a","type":"Microsoft.Authorization/policyDefinitions","name":"f56a3ab2-89d1-44de-ac0d-2ada5962e22a"}'
headers:
cache-control:
- no-cache
content-length:
- - '1167'
+ - '7998'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:24 GMT
+ - Fri, 06 Dec 2019 22:18:56 GMT
expires:
- '-1'
pragma:
@@ -32077,16 +45664,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''e9c8d085-d9cc-4b17-9cdc-059f1f01f19e'' could not be found."}}'
+ ''f6de0be7-9a8a-4b8a-b349-43cf02d22f7c'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -32095,7 +45682,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:24 GMT
+ - Fri, 06 Dec 2019 22:18:58 GMT
expires:
- '-1'
pragma:
@@ -32121,28 +45708,30 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Remote debugging should be turned off
- for API Apps","policyType":"BuiltIn","mode":"Indexed","description":"Remote
- debugging requires inbound ports to be opened on an API apps. Remote debugging
- should be turned off.","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"*api"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","existenceCondition":{"field":"Microsoft.Web/sites/config/web.remoteDebuggingEnabled","equals":"false"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e","type":"Microsoft.Authorization/policyDefinitions","name":"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e"}'
+ string: '{"properties":{"displayName":"Virtual machines should be associated
+ with a Network Security Group","policyType":"BuiltIn","mode":"All","description":"Protect
+ your VM from potential threats by restricting access to it with a Network
+ Security Group (NSG). NSGs contain a list of Access Control List (ACL) rules
+ that allow or deny network traffic to your VM from other instances, in or
+ outside the same subnet.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnVirtualMachines","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","type":"Microsoft.Authorization/policyDefinitions","name":"f6de0be7-9a8a-4b8a-b349-43cf02d22f7c"}'
headers:
cache-control:
- no-cache
content-length:
- - '1007'
+ - '1256'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:24 GMT
+ - Fri, 06 Dec 2019 22:18:59 GMT
expires:
- '-1'
pragma:
@@ -32172,16 +45761,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/f8036bd0-c10b-4931-86bb-94a878add855?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''ebb62a0c-3560-49e1-89ed-27e074e9f8ad'' could not be found."}}'
+ ''f8036bd0-c10b-4931-86bb-94a878add855'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -32190,7 +45779,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:24 GMT
+ - Fri, 06 Dec 2019 22:19:02 GMT
expires:
- '-1'
pragma:
@@ -32216,29 +45805,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/f8036bd0-c10b-4931-86bb-94a878add855?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Deprecated accounts with owner permissions
- should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"Deprecated
- accounts with owner permissions should be removed from your subscription. Deprecated
- accounts are accounts that have been blocked from signing in.","metadata":{"category":"Security
- Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveDeprecatedAccountsWithOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","type":"Microsoft.Authorization/policyDefinitions","name":"ebb62a0c-3560-49e1-89ed-27e074e9f8ad"}'
+ string: '{"properties":{"displayName":"Show audit results from Windows VMs that
+ do not have the specified Windows PowerShell execution policy","policyType":"BuiltIn","mode":"All","description":"This
+ policy should only be used along with its corresponding deploy policy in an
+ initiative. This definition allows Azure Policy to process the results of
+ auditing Windows virtual machines where Windows PowerShell is not configured
+ to use the specified PowerShell execution policy. For more information on
+ Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellExecutionPolicy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8036bd0-c10b-4931-86bb-94a878add855","type":"Microsoft.Authorization/policyDefinitions","name":"f8036bd0-c10b-4931-86bb-94a878add855"}'
headers:
cache-control:
- no-cache
content-length:
- - '1138'
+ - '2808'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:24 GMT
+ - Fri, 06 Dec 2019 22:19:03 GMT
expires:
- '-1'
pragma:
@@ -32268,16 +45859,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''ec49586f-4939-402d-a29e-6ff502b20592'' could not be found."}}'
+ ''f8456c1c-aa66-4dfb-861a-25d127b775c9'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -32286,7 +45877,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:25 GMT
+ - Fri, 06 Dec 2019 22:19:06 GMT
expires:
- '-1'
pragma:
@@ -32312,39 +45903,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy prerequisites to audit
- Linux VMs that allow remote connections from accounts without passwords","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Linux virtual machines
- that allow remote connections from accounts without passwords. It also creates
- a system-assigned managed identity and deploys the VM extension for Guest
- Configuration. This policy should only be used along with its corresponding
- audit policy in an initiative. For more information on Guest Configuration
- policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid110"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","type":"Microsoft.Authorization/policyDefinitions","name":"ec49586f-4939-402d-a29e-6ff502b20592"}'
+ string: '{"properties":{"displayName":"External accounts with owner permissions
+ should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"External
+ accounts with owner permissions should be removed from your subscription in
+ order to prevent unmonitored access.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","type":"Microsoft.Authorization/policyDefinitions","name":"f8456c1c-aa66-4dfb-861a-25d127b775c9"}'
headers:
cache-control:
- no-cache
content-length:
- - '5638'
+ - '1097'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:26 GMT
+ - Fri, 06 Dec 2019 22:19:07 GMT
expires:
- '-1'
pragma:
@@ -32374,16 +45954,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ec7ac234-2af5-4729-94d2-c557c071799d?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/f8b0158d-4766-490f-bea0-259e52dba473?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''ec7ac234-2af5-4729-94d2-c557c071799d'' could not be found."}}'
+ ''f8b0158d-4766-490f-bea0-259e52dba473'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -32392,7 +45972,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:26 GMT
+ - Fri, 06 Dec 2019 22:19:09 GMT
expires:
- '-1'
pragma:
@@ -32418,34 +45998,41 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/ec7ac234-2af5-4729-94d2-c557c071799d?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/f8b0158d-4766-490f-bea0-259e52dba473?api-version=2019-09-01
response:
body:
string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
- Windows VMs configurations in ''Administrative Templates - Control Panel''","policyType":"BuiltIn","mode":"Indexed","description":"This
+ Windows VMs configurations in ''System Audit Policies - System''","policyType":"BuiltIn","mode":"Indexed","description":"This
policy creates a Guest Configuration assignment to audit Windows virtual machines
- with non-compliant settings in Group Policy category: ''Administrative Templates
- - Control Panel''. It also creates a system-assigned managed identity and
- deploys the VM extension for Guest Configuration. This policy should only
- be used along with its corresponding audit policy in an initiative. For more
- information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdministrativeTemplatesControlPanel","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_AdministrativeTemplatesControlPanel"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ec7ac234-2af5-4729-94d2-c557c071799d","type":"Microsoft.Authorization/policyDefinitions","name":"ec7ac234-2af5-4729-94d2-c557c071799d"}'
+ with non-compliant settings in Group Policy category: ''System Audit Policies
+ - System''. It also creates a system-assigned managed identity and deploys
+ the VM extension for Guest Configuration. This policy should only be used
+ along with its corresponding audit policy in an initiative. For more information
+ on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"AuditOtherSystemEvents":{"type":"String","metadata":{"displayName":"Audit
+ Other System Events","description":"Specifies whether audit events are generated
+ for Windows Firewall Service and Windows Firewall driver start and stop events,
+ failure events for these services and Windows Firewall Service policy processing
+ failures."},"allowedValues":["No Auditing","Success","Failure","Success and
+ Failure"],"defaultValue":"No Auditing"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesSystem","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''Audit
+ Other System Events;ExpectedValue'', ''='', parameters(''AuditOtherSystemEvents'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesSystem"},"AuditOtherSystemEvents":{"value":"[parameters(''AuditOtherSystemEvents'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AuditOtherSystemEvents":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
+ ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit
+ Other System Events;ExpectedValue","value":"[parameters(''AuditOtherSystemEvents'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8b0158d-4766-490f-bea0-259e52dba473","type":"Microsoft.Authorization/policyDefinitions","name":"f8b0158d-4766-490f-bea0-259e52dba473"}'
headers:
cache-control:
- no-cache
content-length:
- - '4408'
+ - '5282'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:26 GMT
+ - Fri, 06 Dec 2019 22:19:11 GMT
expires:
- '-1'
pragma:
@@ -32475,16 +46062,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ed7c8c13-51e7-49d1-8a43-8490431a0da2?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''ed7c8c13-51e7-49d1-8a43-8490431a0da2'' could not be found."}}'
+ ''f8d36e2f-389b-4ee4-898d-21aeb69a0f45'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -32493,7 +46080,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:26 GMT
+ - Fri, 06 Dec 2019 22:19:12 GMT
expires:
- '-1'
pragma:
@@ -32519,40 +46106,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/ed7c8c13-51e7-49d1-8a43-8490431a0da2?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Deploy Diagnostic Settings for Key Vault
- to Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Deploys
- the diagnostic settings for Key Vault to stream to a regional Event Hub when
- any Key Vault which is missing this diagnostic settings is created or updated.","metadata":{"category":"Key
- Vault"},"parameters":{"profileName":{"type":"String","metadata":{"displayName":"Profile
- name","description":"The diagnostic settings profile name"},"defaultValue":"setbypolicy"},"eventHubRuleId":{"type":"String","metadata":{"displayName":"Event
- Hub Authorization Rule Id","description":"The Event Hub authorization rule
- Id for Azure Diagnostics. The authorization rule needs to be at Event Hub
- namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource
- group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization
- rule}","strongType":"Microsoft.EventHub/Namespaces/AuthorizationRules","assignPermissions":true}},"metricsEnabled":{"type":"String","metadata":{"displayName":"Enable
- metrics","description":"Whether to enable metrics stream to the Event Hub
- - True or False"},"allowedValues":["True","False"],"defaultValue":"False"},"logsEnabled":{"type":"String","metadata":{"displayName":"Enable
- logs","description":"Whether to enable logs stream to the Event Hub - True
- or False"},"allowedValues":["True","False"],"defaultValue":"True"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"[parameters(''profileName'')]","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"[parameters(''logsEnabled'')]"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"[parameters(''metricsEnabled'')]"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vaultName":{"type":"string"},"location":{"type":"string"},"eventHubRuleId":{"type":"string"},"metricsEnabled":{"type":"string"},"logsEnabled":{"type":"string"},"profileName":{"type":"string"}},"resources":[{"type":"Microsoft.KeyVault/vaults/providers/diagnosticSettings","apiVersion":"2017-05-01-preview","name":"[concat(parameters(''vaultName''),
- ''/'', ''Microsoft.Insights/'', parameters(''profileName''))]","location":"[parameters(''location'')]","dependsOn":[],"properties":{"eventHubAuthorizationRuleId":"[parameters(''eventHubRuleId'')]","metrics":[{"category":"AllMetrics","enabled":"[parameters(''metricsEnabled'')]","retentionPolicy":{"enabled":false,"days":0}}],"logs":[{"category":"AuditEvent","enabled":"[parameters(''logsEnabled'')]"}]}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled
- diagnostic settings for '', parameters(''vaultName''))]"}}},"parameters":{"location":{"value":"[field(''location'')]"},"vaultName":{"value":"[field(''name'')]"},"eventHubRuleId":{"value":"[parameters(''eventHubRuleId'')]"},"metricsEnabled":{"value":"[parameters(''metricsEnabled'')]"},"logsEnabled":{"value":"[parameters(''logsEnabled'')]"},"profileName":{"value":"[parameters(''profileName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ed7c8c13-51e7-49d1-8a43-8490431a0da2","type":"Microsoft.Authorization/policyDefinitions","name":"ed7c8c13-51e7-49d1-8a43-8490431a0da2"}'
+ string: '{"properties":{"displayName":"Diagnostic logs in Service Bus should
+ be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit enabling
+ of diagnostic logs. This enables you to recreate activity trails to use for
+ investigation purposes; when a security incident occurs or when your network
+ is compromised","metadata":{"category":"Service Bus"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (days)","description":"The required diagnostic logs retention in
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","type":"Microsoft.Authorization/policyDefinitions","name":"f8d36e2f-389b-4ee4-898d-21aeb69a0f45"}'
headers:
cache-control:
- no-cache
content-length:
- - '3571'
+ - '1788'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:26 GMT
+ - Fri, 06 Dec 2019 22:19:14 GMT
expires:
- '-1'
pragma:
@@ -32582,16 +46160,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9'' could not be found."}}'
+ ''f9be5368-9bf5-4b84-9e0a-7850da98bb46'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -32600,7 +46178,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:27 GMT
+ - Fri, 06 Dec 2019 22:19:16 GMT
expires:
- '-1'
pragma:
@@ -32626,29 +46204,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Vulnerability assessment should be enabled
- on your SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"Audit
- Azure SQL servers which do not have recurring vulnerability assessment scans
- enabled. Vulnerability assessment can discover, track, and help you remediate
- potential database vulnerabilities.","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/vulnerabilityAssessments","name":"default","existenceCondition":{"field":"Microsoft.Sql/servers/vulnerabilityAssessments/recurringScans.isEnabled","equals":"True"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9","type":"Microsoft.Authorization/policyDefinitions","name":"ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9"}'
+ string: '{"properties":{"displayName":"Diagnostic logs in Azure Stream Analytics
+ should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
+ enabling of diagnostic logs. This enables you to recreate activity trails
+ to use for investigation purposes; when a security incident occurs or when
+ your network is compromised","metadata":{"category":"Stream Analytics"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
+ retention (days)","description":"The required diagnostic logs retention in
+ days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingJobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","type":"Microsoft.Authorization/policyDefinitions","name":"f9be5368-9bf5-4b84-9e0a-7850da98bb46"}'
headers:
cache-control:
- no-cache
content-length:
- - '1113'
+ - '1812'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:27 GMT
+ - Fri, 06 Dec 2019 22:19:18 GMT
expires:
- '-1'
pragma:
@@ -32678,16 +46258,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''f0633351-c7b2-41ff-9981-508fc08553c2'' could not be found."}}'
+ ''f9d614c5-c173-4d56-95a7-b4437057d193'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -32696,7 +46276,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:27 GMT
+ - Fri, 06 Dec 2019 22:19:20 GMT
expires:
- '-1'
pragma:
@@ -32722,43 +46302,27 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Deploy prerequisites to audit Windows
- VMs that have the specified applications installed","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Windows virtual machines
- that have the specified applications installed. It also creates a system-assigned
- managed identity and deploys the VM extension for Guest Configuration. This
- policy should only be used along with its corresponding audit policy in an
- initiative. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"ApplicationName":{"type":"String","metadata":{"displayName":"Application
- names (supports wildcards)","description":"A semicolon-separated list of the
- names of the applications that should not be installed. e.g. ''Microsoft SQL
- Server 2014 (64-bit); Microsoft Visual Studio Code'' or ''Microsoft SQL Server
- 2014*'' (to match any application starting with ''Microsoft SQL Server 2014'')"}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"NotInstalledApplication","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[InstalledApplication]NotInstalledApplicationResource1;Name'',
- ''='', parameters(''ApplicationName'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"NotInstalledApplication"},"ApplicationName":{"value":"[parameters(''ApplicationName'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"ApplicationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]NotInstalledApplicationResource1;Name","value":"[parameters(''ApplicationName'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]NotInstalledApplicationResource1;Name","value":"[parameters(''ApplicationName'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2","type":"Microsoft.Authorization/policyDefinitions","name":"f0633351-c7b2-41ff-9981-508fc08553c2"}'
+ string: '{"properties":{"displayName":"Latest TLS version should be used in
+ your Function App","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
+ to the latest TLS version","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"field":"kind","like":"functionapp*"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Web/sites/config","name":"web","existenceCondition":{"field":"Microsoft.Web/sites/config/minTlsVersion","equals":"1.2"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193","type":"Microsoft.Authorization/policyDefinitions","name":"f9d614c5-c173-4d56-95a7-b4437057d193"}'
headers:
cache-control:
- no-cache
content-length:
- - '6172'
+ - '943'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:27 GMT
+ - Fri, 06 Dec 2019 22:19:21 GMT
expires:
- '-1'
pragma:
@@ -32788,16 +46352,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/fb27e9e0-526e-4ae1-89f2-a2a0bf0f8a50?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''f19aa1c1-6b91-4c27-ae6a-970279f03db9'' could not be found."}}'
+ ''fb27e9e0-526e-4ae1-89f2-a2a0bf0f8a50'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -32806,7 +46370,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:29 GMT
+ - Fri, 06 Dec 2019 22:19:22 GMT
expires:
- '-1'
pragma:
@@ -32832,39 +46396,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/fb27e9e0-526e-4ae1-89f2-a2a0bf0f8a50?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy prerequisites to audit
- Linux VMs that do not have the passwd file permissions set to 0644","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Linux virtual machines
- that do not have the passwd file permissions set to 0644. It also creates
- a system-assigned managed identity and deploys the VM extension for Guest
- Configuration. This policy should only be used along with its corresponding
- audit policy in an initiative. For more information on Guest Configuration
- policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"PasswordPolicy_msid121"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","type":"Microsoft.Authorization/policyDefinitions","name":"f19aa1c1-6b91-4c27-ae6a-970279f03db9"}'
+ string: '{"properties":{"displayName":"Deploy prerequisites to enable Guest
+ Configuration Policy on Linux VMs.","policyType":"BuiltIn","mode":"Indexed","description":"This
+ policy creates a system-assigned managed identity and deploys the VM extension
+ for Guest Configuration on Linux VMs. This is a prerequisites for Guest Configuration
+ Policy and must be assigned to the scope before using any Guest Configuration
+ policy. For more information on Guest Configuration policies, please visit
+ https://aka.ms/gcpol.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"type":"Microsoft.Compute/virtualMachines/extensions","name":"AzurePolicyforLinux","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.GuestConfiguration"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"ConfigurationforLinux"}]},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"resources":[{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
+ ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}}}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb27e9e0-526e-4ae1-89f2-a2a0bf0f8a50","type":"Microsoft.Authorization/policyDefinitions","name":"fb27e9e0-526e-4ae1-89f2-a2a0bf0f8a50"}'
headers:
cache-control:
- no-cache
content-length:
- - '5628'
+ - '4213'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:29 GMT
+ - Fri, 06 Dec 2019 22:19:24 GMT
expires:
- '-1'
pragma:
@@ -32894,16 +46450,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/f1f4825d-58fb-4257-8016-8c00e3c9ed9d?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''f1f4825d-58fb-4257-8016-8c00e3c9ed9d'' could not be found."}}'
+ ''fb893a29-21bb-418c-a157-e99480ec364c'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -32912,7 +46468,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:29 GMT
+ - Fri, 06 Dec 2019 22:19:26 GMT
expires:
- '-1'
pragma:
@@ -32938,34 +46494,30 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/f1f4825d-58fb-4257-8016-8c00e3c9ed9d?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
- Windows VMs configurations in ''Adminstrative Templates - MSS (Legacy)''","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Windows virtual machines
- with non-compliant settings in Group Policy category: ''Adminstrative Templates
- - MSS (Legacy)''. It also creates a system-assigned managed identity and deploys
- the VM extension for Guest Configuration. This policy should only be used
- along with its corresponding audit policy in an initiative. For more information
- on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_AdminstrativeTemplatesMSSLegacy","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_AdminstrativeTemplatesMSSLegacy"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f1f4825d-58fb-4257-8016-8c00e3c9ed9d","type":"Microsoft.Authorization/policyDefinitions","name":"f1f4825d-58fb-4257-8016-8c00e3c9ed9d"}'
+ string: '{"properties":{"displayName":"[Preview]: Kubernetes Services should
+ be upgraded to a non-vulnerable Kubernetes version","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
+ your Kubernetes service cluster to a later Kubernetes version to protect against
+ known vulnerabilities in your current Kubernetes version. Vulnerability CVE-2019-9946
+ has been patched in Kubernetes versions 1.11.9+, 1.12.7+, 1.13.5+, and 1.14.0+","metadata":{"category":"Security
+ Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.13.4","1.13.3","1.13.2","1.13.1","1.13.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.12.6","1.12.5","1.12.4","1.12.3","1.12.2","1.12.1","1.12.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.11.8","1.11.7","1.11.6","1.11.5","1.11.4","1.11.3","1.11.2","1.11.1","1.11.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.10.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.9.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.8.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.7.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.6.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.5.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.4.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.3.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.2.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.1.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.0.*"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","type":"Microsoft.Authorization/policyDefinitions","name":"fb893a29-21bb-418c-a157-e99480ec364c"}'
headers:
cache-control:
- no-cache
content-length:
- - '4396'
+ - '2438'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:29 GMT
+ - Fri, 06 Dec 2019 22:19:27 GMT
expires:
- '-1'
pragma:
@@ -32995,16 +46547,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/fcbc55c9-f25a-4e55-a6cb-33acb3be778b?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''f3b44e5d-1456-475f-9c67-c66c4618e85a'' could not be found."}}'
+ ''fcbc55c9-f25a-4e55-a6cb-33acb3be778b'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -33013,7 +46565,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:30 GMT
+ - Fri, 06 Dec 2019 22:19:29 GMT
expires:
- '-1'
pragma:
@@ -33039,31 +46591,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/fcbc55c9-f25a-4e55-a6cb-33acb3be778b?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Show audit results from Windows VMs in
- which the Administrators group does not contain all of the specified members","policyType":"BuiltIn","mode":"All","description":"This
+ string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
+ VMs configurations in ''Security Options - Microsoft Network Client''","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines in which the Administrators group does not
- contain all of the specified members. For more information on Guest Configuration
- policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AdministratorsGroupMembersToInclude","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a","type":"Microsoft.Authorization/policyDefinitions","name":"f3b44e5d-1456-475f-9c67-c66c4618e85a"}'
+ auditing Windows virtual machines with non-compliant settings in Group Policy
+ category: ''Security Options - Microsoft Network Client''. For more information
+ on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
+ Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkClient","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fcbc55c9-f25a-4e55-a6cb-33acb3be778b","type":"Microsoft.Authorization/policyDefinitions","name":"fcbc55c9-f25a-4e55-a6cb-33acb3be778b"}'
headers:
cache-control:
- no-cache
content-length:
- - '2812'
+ - '2693'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:30 GMT
+ - Fri, 06 Dec 2019 22:19:30 GMT
expires:
- '-1'
pragma:
@@ -33093,16 +46645,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/f3b9ad83-000d-4dc1-bff0-6d54533dd03f?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''f3b9ad83-000d-4dc1-bff0-6d54533dd03f'' could not be found."}}'
+ ''fee5cb2b-9d9b-410e-afe3-2902d90d0004'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -33111,7 +46663,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:29 GMT
+ - Fri, 06 Dec 2019 22:19:33 GMT
expires:
- '-1'
pragma:
@@ -33137,31 +46689,30 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/f3b9ad83-000d-4dc1-bff0-6d54533dd03f?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
- VMs that do not contain the specified certificates in Trusted Root","policyType":"BuiltIn","mode":"All","description":"This
+ string: '{"properties":{"displayName":"Show audit results from Linux VMs that
+ do not have the specified applications installed","policyType":"BuiltIn","mode":"All","description":"This
policy should only be used along with its corresponding deploy policy in an
initiative. This definition allows Azure Policy to process the results of
- auditing Windows VMs that do not contain the specified certificates in the
- Trusted Root Certification Authorities certificate store (Cert:\\LocalMachine\\Root).
- For more information on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsCertificateInTrustedRoot","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f3b9ad83-000d-4dc1-bff0-6d54533dd03f","type":"Microsoft.Authorization/policyDefinitions","name":"f3b9ad83-000d-4dc1-bff0-6d54533dd03f"}'
+ auditing Linux virtual machines that do not have the specified applications
+ installed. For more information on Guest Configuration policies, please visit
+ https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"installed_application_linux","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004","type":"Microsoft.Authorization/policyDefinitions","name":"fee5cb2b-9d9b-410e-afe3-2902d90d0004"}'
headers:
cache-control:
- no-cache
content-length:
- - '2848'
+ - '3192'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:30 GMT
+ - Fri, 06 Dec 2019 22:19:35 GMT
expires:
- '-1'
pragma:
@@ -33191,16 +46742,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''f47b5582-33ec-4c5c-87c0-b010a6b2e917'' could not be found."}}'
+ ''feedbf84-6b99-488c-acc2-71c829aa5ffc'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -33209,7 +46760,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:30 GMT
+ - Fri, 06 Dec 2019 22:19:36 GMT
expires:
- '-1'
pragma:
@@ -33235,30 +46786,28 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Audit Log Analytics Workspace
- for VM - Report Mismatch","policyType":"BuiltIn","mode":"Indexed","description":"Reports
- VMs as non-compliant if they not logging to the LA workspace specified in
- the policy/initiative assignment.","metadata":{"category":"Monitoring"},"parameters":{"logAnalyticsWorkspaceId":{"type":"String","metadata":{"displayName":"Log
- Analytics Workspace Id that VMs should be configured for","description":"This
- is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured
- for."}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines/extensions"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId","notEquals":"[parameters(''logAnalyticsWorkspaceId'')]"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","type":"Microsoft.Authorization/policyDefinitions","name":"f47b5582-33ec-4c5c-87c0-b010a6b2e917"}'
+ string: '{"properties":{"displayName":"Vulnerabilities on your SQL databases
+ should be remediated","policyType":"BuiltIn","mode":"Indexed","description":"Monitor
+ Vulnerability Assessment scan results and recommendations for how to remediate
+ database vulnerabilities.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Sql/servers/databases","Microsoft.Sql/managedinstances/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"sqlVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","type":"Microsoft.Authorization/policyDefinitions","name":"feedbf84-6b99-488c-acc2-71c829aa5ffc"}'
headers:
cache-control:
- no-cache
content-length:
- - '1136'
+ - '1092'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:30 GMT
+ - Fri, 06 Dec 2019 22:19:38 GMT
expires:
- '-1'
pragma:
@@ -33288,16 +46837,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''f4826e5f-6a27-407c-ae3e-9582eb39891d'' could not be found."}}'
+ ''0a075868-4c26-42ef-914c-5bc007359560'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -33306,7 +46855,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:31 GMT
+ - Fri, 06 Dec 2019 22:19:40 GMT
expires:
- '-1'
pragma:
@@ -33332,28 +46881,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Authorization rules on the Event Hub
- instance should be defined","policyType":"BuiltIn","mode":"All","description":"Audit
- existence of authorization rules on Event Hub entities to grant least-privileged
- access","metadata":{"category":"Event Hub"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces/eventhubs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.EventHub/namespaces/eventHubs/authorizationRules"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d","type":"Microsoft.Authorization/policyDefinitions","name":"f4826e5f-6a27-407c-ae3e-9582eb39891d"}'
+ string: '{"properties":{"displayName":"[Preview]: Manage certificate validity
+ period","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the maximum validity period for certificates in months.","metadata":{"category":"Key
+ Vault","preview":true},"parameters":{"maximumValidityInMonths":{"type":"Integer","metadata":{"displayName":"The
+ maximum validity in months","description":"The limit to how long a certificate
+ may be valid for. Certificates with lengthy validity periods aren''t best
+ practice."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/properties.validityInMonths","greater":"[parameters(''maximumValidityInMonths'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560","type":"Microsoft.Authorization/policyDefinitions","name":"0a075868-4c26-42ef-914c-5bc007359560"}'
headers:
cache-control:
- no-cache
content-length:
- - '905'
+ - '1117'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:31 GMT
+ - Fri, 06 Dec 2019 22:19:41 GMT
expires:
- '-1'
pragma:
@@ -33383,16 +46935,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/0f636243-1b1c-4d50-880f-310f6199f2cb?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''f48b2913-1dc5-4834-8c72-ccc1dfd819bb'' could not be found."}}'
+ ''0f636243-1b1c-4d50-880f-310f6199f2cb'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -33401,7 +46953,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:32 GMT
+ - Fri, 06 Dec 2019 22:19:43 GMT
expires:
- '-1'
pragma:
@@ -33427,30 +46979,33 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/0f636243-1b1c-4d50-880f-310f6199f2cb?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
- VMs that do not have the password complexity setting enabled","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines that do not have the password complexity
- setting enabled. For more information on Guest Configuration policies, please
- visit https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","type":"Microsoft.Authorization/policyDefinitions","name":"f48b2913-1dc5-4834-8c72-ccc1dfd819bb"}'
+ string: '{"properties":{"displayName":"[Limited Preview]: [AKS] Ensure containers
+ listen only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ policy enforces containers to listen only on allowed ports in an Azure Kubernetes
+ Service cluster. Limited Preview policies only work for registered subscriptions.
+ To register, please go to https://aka.ms/akspolicyonboarding. For instruction
+ on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
+ service"},"parameters":{"allowedContainerPortsRegex":{"type":"String","metadata":{"displayName":"Allowed
+ container ports regex","description":"Regex representing container ports allowed
+ in Kubernetes cluster. E.g. Regex for allowing ports 443,446 is ^(443|446)$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerAllowedPorts","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-allowed-ports/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedContainerPortsRegex":"[parameters(''allowedContainerPortsRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f636243-1b1c-4d50-880f-310f6199f2cb","type":"Microsoft.Authorization/policyDefinitions","name":"0f636243-1b1c-4d50-880f-310f6199f2cb"}'
headers:
cache-control:
- no-cache
content-length:
- - '2780'
+ - '1653'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:32 GMT
+ - Fri, 06 Dec 2019 22:19:45 GMT
expires:
- '-1'
pragma:
@@ -33480,16 +47035,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/f4b245d4-46c9-42be-9b1a-49e2b5b94194?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''f4b245d4-46c9-42be-9b1a-49e2b5b94194'' could not be found."}}'
+ ''1151cede-290b-4ba0-8b38-0ad145ac888f'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -33498,7 +47053,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:33 GMT
+ - Fri, 06 Dec 2019 22:19:47 GMT
expires:
- '-1'
pragma:
@@ -33524,42 +47079,29 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/f4b245d4-46c9-42be-9b1a-49e2b5b94194?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy prerequisites to audit
- Windows VMs that have not restarted within the specified number of days","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Windows virtual machines
- that have not restarted within the specified number of days. It also creates
- a system-assigned managed identity and deploys the VM extension for Guest
- Configuration. This policy should only be used along with its corresponding
- audit policy in an initiative. For more information on Guest Configuration
- policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"NumberOfDays":{"type":"String","metadata":{"displayName":"Number
- of days","description":"The number of days without restart until the machine
- is considered non-compliant"},"defaultValue":"12"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MachineLastBootUpTime","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''[MachineUpTime]MachineLastBootUpTime;NumberOfDays'',
- ''='', parameters(''NumberOfDays'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"type":{"value":"[field(''type'')]"},"configurationName":{"value":"MachineLastBootUpTime"},"NumberOfDays":{"value":"[parameters(''NumberOfDays'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"type":{"type":"string"},"configurationName":{"type":"string"},"NumberOfDays":{"type":"string"}},"resources":[{"condition":"[equals(parameters(''type''),
- ''microsoft.hybridcompute/machines'')]","apiVersion":"2018-11-20","type":"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[MachineUpTime]MachineLastBootUpTime;NumberOfDays","value":"[parameters(''NumberOfDays'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[MachineUpTime]MachineLastBootUpTime;NumberOfDays","value":"[parameters(''NumberOfDays'')]"}]}}},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"condition":"[equals(parameters(''type''),
- ''Microsoft.Compute/virtualMachines'')]","apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f4b245d4-46c9-42be-9b1a-49e2b5b94194","type":"Microsoft.Authorization/policyDefinitions","name":"f4b245d4-46c9-42be-9b1a-49e2b5b94194"}'
+ string: '{"properties":{"displayName":"[Preview]: Manage allowed certificate
+ key types","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the allowed key types for certificates.","metadata":{"category":"Key
+ Vault","preview":true},"parameters":{"allowedKeyTypes":{"type":"Array","metadata":{"displayName":"Allowed
+ key types","description":"The list of allowed certificate key types."},"allowedValues":["RSA","RSA-HSM","EC","EC-HSM"],"defaultValue":["RSA","RSA-HSM"]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType","notIn":"[parameters(''allowedKeyTypes'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f","type":"Microsoft.Authorization/policyDefinitions","name":"1151cede-290b-4ba0-8b38-0ad145ac888f"}'
headers:
cache-control:
- no-cache
content-length:
- - '5968'
+ - '1069'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:33 GMT
+ - Fri, 06 Dec 2019 22:19:49 GMT
expires:
- '-1'
pragma:
@@ -33589,16 +47131,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''f4c68484-132f-41f9-9b6d-3e4b1cb55036'' could not be found."}}'
+ ''12ef42cb-9903-4e39-9c26-422d29570417'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -33607,7 +47149,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:33 GMT
+ - Fri, 06 Dec 2019 22:19:51 GMT
expires:
- '-1'
pragma:
@@ -33633,39 +47175,36 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Deploy Auditing on SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy ensures that Auditing is enabled on SQL Servers for enhanced security
- and compliance. It will automatically create a storage account in the same
- region as the SQL server to store audit records.","metadata":{"category":"SQL"},"parameters":{"retentionDays":{"type":"String","metadata":{"description":"The
- value in days of the retention period (0 indicates unlimited retention)","displayName":"Retention
- days (optional, 180 days if unspecified)"},"defaultValue":"180"},"storageAccountsResourceGroup":{"type":"String","metadata":{"displayName":"Resource
- group name for storage accounts","description":"Auditing writes database events
- to an audit log in your Azure Storage account (a storage account will be created
- in each region where a SQL Server is created that will be shared by all servers
- in that region). Important - for proper operation of Auditing do not delete
- or rename the resource group or the storage accounts.","strongType":"existingResourceGroups"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"Default","existenceCondition":{"field":"Microsoft.Sql/auditingSettings.state","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3","/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"serverName":{"type":"string"},"auditRetentionDays":{"type":"string"},"storageAccountsResourceGroup":{"type":"string"},"location":{"type":"string"}},"variables":{"retentionDays":"[int(parameters(''auditRetentionDays''))]","subscriptionId":"[subscription().subscriptionId]","uniqueStorage":"[uniqueString(variables(''subscriptionId''),
- parameters(''location''), parameters(''storageAccountsResourceGroup''))]","locationCode":"[substring(parameters(''location''),
- 0, 3)]","storageName":"[tolower(concat(''sqlaudit'', variables(''locationCode''),
- variables(''uniqueStorage'')))]","createStorageAccountDeploymentName":"[concat(''sqlServerAuditingStorageAccount-'',
- uniqueString(variables(''locationCode''), parameters(''serverName'')))]"},"resources":[{"apiVersion":"2017-05-10","name":"[variables(''createStorageAccountDeploymentName'')]","type":"Microsoft.Resources/deployments","resourceGroup":"[parameters(''storageAccountsResourceGroup'')]","properties":{"mode":"Incremental","parameters":{"location":{"value":"[parameters(''location'')]"},"storageName":{"value":"[variables(''storageName'')]"}},"templateLink":{"uri":"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json","contentVersion":"1.0.0.0"}}},{"name":"[concat(parameters(''serverName''),
- ''/Default'')]","type":"Microsoft.Sql/servers/auditingSettings","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","storageEndpoint":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountEndPoint.value]","storageAccountAccessKey":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountKey.value]","retentionDays":"[variables(''retentionDays'')]","auditActionsAndGroups":null,"storageAccountSubscriptionId":"[subscription().subscriptionId]","isStorageSecondaryKeyInUse":false}}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"auditRetentionDays":{"value":"[parameters(''retentionDays'')]"},"storageAccountsResourceGroup":{"value":"[parameters(''storageAccountsResourceGroup'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036","type":"Microsoft.Authorization/policyDefinitions","name":"f4c68484-132f-41f9-9b6d-3e4b1cb55036"}'
+ string: '{"properties":{"displayName":"[Preview]: Manage certificate lifetime
+ action triggers","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the configuration for certificate lifetime action triggers
+ before certificate expiration.","metadata":{"category":"Key Vault","preview":true},"parameters":{"maximumPercentageLife":{"type":"Integer","metadata":{"displayName":"The
+ maximum lifetime percentage","description":"Enter the percentage of lifetime
+ of the certificate when you want to trigger the policy action. For example,
+ to trigger a policy action at 80% of the certificate''s valid life, enter
+ ''80''."}},"minimumDaysBeforeExpiry":{"type":"Integer","metadata":{"displayName":"The
+ minimum days before expiry","description":"Enter the days before expiration
+ of the certificate when you want to trigger the policy action. For example,
+ to trigger a policy action 90 days before the certificate''s expiration, enter
+ ''90''."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.daysBeforeExpiry","exists":"True"},{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.daysBeforeExpiry","less":"[parameters(''minimumDaysBeforeExpiry'')]"}]},{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.lifetimePercentage","exists":"True"},{"field":"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.lifetimePercentage","greater":"[parameters(''maximumPercentageLife'')]"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417","type":"Microsoft.Authorization/policyDefinitions","name":"12ef42cb-9903-4e39-9c26-422d29570417"}'
headers:
cache-control:
- no-cache
content-length:
- - '4046'
+ - '1929'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:33 GMT
+ - Fri, 06 Dec 2019 22:19:53 GMT
expires:
- '-1'
pragma:
@@ -33695,16 +47234,212 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/f56a3ab2-89d1-44de-ac0d-2ada5962e22a?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/16c6ca72-89d2-4798-b87e-496f9de7fcb7?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''f56a3ab2-89d1-44de-ac0d-2ada5962e22a'' could not be found."}}'
+ ''16c6ca72-89d2-4798-b87e-496f9de7fcb7'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:19:55 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/16c6ca72-89d2-4798-b87e-496f9de7fcb7?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"[Limited Preview]: [AKS] Enforce labels
+ on pods in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ policy enforces the specified labels are provided for pods in an Azure Kubernetes
+ Service cluster. Limited Preview policies only work for registered subscriptions.
+ To register, please go to https://aka.ms/akspolicyonboarding. For instruction
+ on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
+ service"},"parameters":{"commaSeparatedListOfLabels":{"type":"String","metadata":{"displayName":"Comma-separated
+ list of labels","description":"A comma-separated list of labels to be specified
+ on Pods in Kubernetes cluster. E.g. test1,test2"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"PodEnforceLabels","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/pod-enforce-labels/limited-preview/gatekeeperpolicy.rego","policyParameters":{"commaSeparatedListOfLabels":"[parameters(''commaSeparatedListOfLabels'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16c6ca72-89d2-4798-b87e-496f9de7fcb7","type":"Microsoft.Authorization/policyDefinitions","name":"16c6ca72-89d2-4798-b87e-496f9de7fcb7"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1598'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:19:56 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d'' could not be found."}}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '138'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:19:58 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 404
+ message: Not Found
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d?api-version=2019-09-01
+ response:
+ body:
+ string: '{"properties":{"displayName":"[Preview]: [AKS Engine] Enforce HTTPS
+ ingress in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces HTTPS ingress in a Kubernetes cluster. For instructions on
+ using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-https-only/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-https-only/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d","type":"Microsoft.Authorization/policyDefinitions","name":"1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d"}'
+ headers:
+ cache-control:
+ - no-cache
+ content-length:
+ - '1177'
+ content-type:
+ - application/json; charset=utf-8
+ date:
+ - Fri, 06 Dec 2019 22:19:59 GMT
+ expires:
+ - '-1'
+ pragma:
+ - no-cache
+ strict-transport-security:
+ - max-age=31536000; includeSubDomains
+ transfer-encoding:
+ - chunked
+ vary:
+ - Accept-Encoding,Accept-Encoding
+ x-content-type-options:
+ - nosniff
+ status:
+ code: 200
+ message: OK
+- request:
+ body: null
+ headers:
+ Accept:
+ - application/json
+ Accept-Encoding:
+ - gzip, deflate
+ CommandName:
+ - policy definition show
+ Connection:
+ - keep-alive
+ ParameterSetName:
+ - -n
+ User-Agent:
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
+ accept-language:
+ - en-US
+ method: GET
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/233a2a17-77ca-4fb1-9b6b-69223d272a44?api-version=2019-09-01
+ response:
+ body:
+ string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
+ ''233a2a17-77ca-4fb1-9b6b-69223d272a44'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -33713,7 +47448,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:34 GMT
+ - Fri, 06 Dec 2019 22:20:02 GMT
expires:
- '-1'
pragma:
@@ -33739,59 +47474,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/f56a3ab2-89d1-44de-ac0d-2ada5962e22a?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/233a2a17-77ca-4fb1-9b6b-69223d272a44?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
- Windows VMs configurations in ''Security Options - Network Access''","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Windows virtual machines
- with non-compliant settings in Group Policy category: ''Security Options -
- Network Access''. It also creates a system-assigned managed identity and deploys
- the VM extension for Guest Configuration. This policy should only be used
- along with its corresponding audit policy in an initiative. For more information
- on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"NetworkAccessRemotelyAccessibleRegistryPaths":{"type":"String","metadata":{"displayName":"Network
- access: Remotely accessible registry paths","description":"Specifies which
- registry paths will be accessible over the network, regardless of the users
- or groups listed in the access control list (ACL) of the `winreg` registry
- key."},"defaultValue":"System\\CurrentControlSet\\Control\\ProductOptions|#|System\\CurrentControlSet\\Control\\Server
- Applications|#|Software\\Microsoft\\Windows NT\\CurrentVersion"},"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths":{"type":"String","metadata":{"displayName":"Network
- access: Remotely accessible registry paths and sub-paths","description":"Specifies
- which registry paths and sub-paths will be accessible over the network, regardless
- of the users or groups listed in the access control list (ACL) of the `winreg`
- registry key."},"defaultValue":"System\\CurrentControlSet\\Control\\Print\\Printers|#|System\\CurrentControlSet\\Services\\Eventlog|#|Software\\Microsoft\\OLAP
- Server|#|Software\\Microsoft\\Windows NT\\CurrentVersion\\Print|#|Software\\Microsoft\\Windows
- NT\\CurrentVersion\\Windows|#|System\\CurrentControlSet\\Control\\ContentIndex|#|System\\CurrentControlSet\\Control\\Terminal
- Server|#|System\\CurrentControlSet\\Control\\Terminal Server\\UserConfig|#|System\\CurrentControlSet\\Control\\Terminal
- Server\\DefaultUserConfiguration|#|Software\\Microsoft\\Windows NT\\CurrentVersion\\Perflib|#|System\\CurrentControlSet\\Services\\SysmonLog"},"NetworkAccessSharesThatCanBeAccessedAnonymously":{"type":"String","metadata":{"displayName":"Network
- access: Shares that can be accessed anonymously","description":"Specifies
- which network shares can be accessed by anonymous users. The default configuration
- for this policy setting has little effect because all users have to be authenticated
- before they can access shared resources on the server."},"defaultValue":"0"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsNetworkAccess","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''Network
- access: Remotely accessible registry paths;ExpectedValue'', ''='', parameters(''NetworkAccessRemotelyAccessibleRegistryPaths''),
- '','', ''Network access: Remotely accessible registry paths and sub-paths;ExpectedValue'',
- ''='', parameters(''NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths''),
- '','', ''Network access: Shares that can be accessed anonymously;ExpectedValue'',
- ''='', parameters(''NetworkAccessSharesThatCanBeAccessedAnonymously'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SecurityOptionsNetworkAccess"},"NetworkAccessRemotelyAccessibleRegistryPaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPaths'')]"},"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths":{"value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths'')]"},"NetworkAccessSharesThatCanBeAccessedAnonymously":{"value":"[parameters(''NetworkAccessSharesThatCanBeAccessedAnonymously'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"NetworkAccessRemotelyAccessibleRegistryPaths":{"type":"string"},"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths":{"type":"string"},"NetworkAccessSharesThatCanBeAccessedAnonymously":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Network
- access: Remotely accessible registry paths;ExpectedValue","value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPaths'')]"},{"name":"Network
- access: Remotely accessible registry paths and sub-paths;ExpectedValue","value":"[parameters(''NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths'')]"},{"name":"Network
- access: Shares that can be accessed anonymously;ExpectedValue","value":"[parameters(''NetworkAccessSharesThatCanBeAccessedAnonymously'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f56a3ab2-89d1-44de-ac0d-2ada5962e22a","type":"Microsoft.Authorization/policyDefinitions","name":"f56a3ab2-89d1-44de-ac0d-2ada5962e22a"}'
+ string: '{"properties":{"displayName":"[Preview]: [AKS Engine] Ensure services
+ listen only on allowed ports in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces services to listen only on allowed ports in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"allowedServicePortsList":{"type":"Array","metadata":{"displayName":"Allowed
+ service ports list","description":"The list of service ports allowed in a
+ Kubernetes cluster."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/service-allowed-ports/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/service-allowed-ports/constraint.yaml","values":{"allowedServicePorts":"[parameters(''allowedServicePortsList'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/233a2a17-77ca-4fb1-9b6b-69223d272a44","type":"Microsoft.Authorization/policyDefinitions","name":"233a2a17-77ca-4fb1-9b6b-69223d272a44"}'
headers:
cache-control:
- no-cache
content-length:
- - '7998'
+ - '1482'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:34 GMT
+ - Fri, 06 Dec 2019 22:20:03 GMT
expires:
- '-1'
pragma:
@@ -33821,16 +47528,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/25dee3db-6ce0-4c02-ab5d-245887b24077?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''f6de0be7-9a8a-4b8a-b349-43cf02d22f7c'' could not be found."}}'
+ ''25dee3db-6ce0-4c02-ab5d-245887b24077'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -33839,7 +47546,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:34 GMT
+ - Fri, 06 Dec 2019 22:20:05 GMT
expires:
- '-1'
pragma:
@@ -33865,30 +47572,33 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/25dee3db-6ce0-4c02-ab5d-245887b24077?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Virtual machines should be associated
- with a Network Security Group","policyType":"BuiltIn","mode":"All","description":"Protect
- your VM from potential threats by restricting access to it with a Network
- Security Group (NSG). NSGs contain a list of Access Control List (ACL) rules
- that allow or deny network traffic to your VM from other instances, in or
- outside the same subnet.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"networkSecurityGroupsOnVirtualMachines","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c","type":"Microsoft.Authorization/policyDefinitions","name":"f6de0be7-9a8a-4b8a-b349-43cf02d22f7c"}'
+ string: '{"properties":{"displayName":"[Limited Preview]: [AKS] Ensure services
+ listen only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ policy enforces services to listen only on allowed ports in an Azure Kubernetes
+ Service cluster. Limited Preview policies only work for registered subscriptions.
+ To register, please go to https://aka.ms/akspolicyonboarding. For instruction
+ on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
+ service"},"parameters":{"allowedServicePortsRegex":{"type":"String","metadata":{"displayName":"Allowed
+ service ports regex","description":"Regex representing service ports allowed
+ in Kubernetes cluster. E.g. Regex for allowing ports 443,446 is ^(443|446)$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ServiceAllowedPorts","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/service-allowed-ports/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedServicePortsRegex":"[parameters(''allowedServicePortsRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/25dee3db-6ce0-4c02-ab5d-245887b24077","type":"Microsoft.Authorization/policyDefinitions","name":"25dee3db-6ce0-4c02-ab5d-245887b24077"}'
headers:
cache-control:
- no-cache
content-length:
- - '1256'
+ - '1635'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:34 GMT
+ - Fri, 06 Dec 2019 22:20:06 GMT
expires:
- '-1'
pragma:
@@ -33918,16 +47628,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/f8036bd0-c10b-4931-86bb-94a878add855?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/2fbff515-eecc-4b7e-9b63-fcc7138b7dc3?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''f8036bd0-c10b-4931-86bb-94a878add855'' could not be found."}}'
+ ''2fbff515-eecc-4b7e-9b63-fcc7138b7dc3'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -33936,7 +47646,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:35 GMT
+ - Fri, 06 Dec 2019 22:20:09 GMT
expires:
- '-1'
pragma:
@@ -33962,31 +47672,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/f8036bd0-c10b-4931-86bb-94a878add855?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/2fbff515-eecc-4b7e-9b63-fcc7138b7dc3?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Show audit results from Windows VMs that
- do not have the specified Windows PowerShell execution policy","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines where Windows PowerShell is not configured
- to use the specified PowerShell execution policy. For more information on
- Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"windows*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WindowsPowerShellExecutionPolicy","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8036bd0-c10b-4931-86bb-94a878add855","type":"Microsoft.Authorization/policyDefinitions","name":"f8036bd0-c10b-4931-86bb-94a878add855"}'
+ string: '{"properties":{"displayName":"[Limited Preview]: [AKS] Enforce HTTPS
+ ingress in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ policy enforces HTTPS ingress in an Azure Kubernetes Service cluster. Limited
+ Preview policies only work for registered subscriptions. To register, please
+ go to https://aka.ms/akspolicyonboarding. For instruction on using this policy,
+ please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
+ service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"HttpsIngressOnly","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-https-only/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fbff515-eecc-4b7e-9b63-fcc7138b7dc3","type":"Microsoft.Authorization/policyDefinitions","name":"2fbff515-eecc-4b7e-9b63-fcc7138b7dc3"}'
headers:
cache-control:
- no-cache
content-length:
- - '2808'
+ - '1253'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:35 GMT
+ - Fri, 06 Dec 2019 22:20:10 GMT
expires:
- '-1'
pragma:
@@ -34016,16 +47726,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''f8456c1c-aa66-4dfb-861a-25d127b775c9'' could not be found."}}'
+ ''3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -34034,7 +47744,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:35 GMT
+ - Fri, 06 Dec 2019 22:20:12 GMT
expires:
- '-1'
pragma:
@@ -34060,28 +47770,29 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"External accounts with owner permissions
- should be removed from your subscription","policyType":"BuiltIn","mode":"All","description":"External
- accounts with owner permissions should be removed from your subscription in
- order to prevent unmonitored access.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","type":"Microsoft.Authorization/policyDefinitions","name":"f8456c1c-aa66-4dfb-861a-25d127b775c9"}'
+ string: '{"properties":{"displayName":"[Preview]: [AKS Engine] Enforce internal
+ load balancers in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces load balancers do not have public IPs in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/load-balancer-no-public-ips/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/load-balancer-no-public-ips/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e","type":"Microsoft.Authorization/policyDefinitions","name":"3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e"}'
headers:
cache-control:
- no-cache
content-length:
- - '1097'
+ - '1229'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:35 GMT
+ - Fri, 06 Dec 2019 22:20:14 GMT
expires:
- '-1'
pragma:
@@ -34111,16 +47822,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/f8b0158d-4766-490f-bea0-259e52dba473?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/440b515e-a580-421e-abeb-b159a61ddcbc?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''f8b0158d-4766-490f-bea0-259e52dba473'' could not be found."}}'
+ ''440b515e-a580-421e-abeb-b159a61ddcbc'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -34129,7 +47840,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:36 GMT
+ - Fri, 06 Dec 2019 22:20:16 GMT
expires:
- '-1'
pragma:
@@ -34155,41 +47866,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/f8b0158d-4766-490f-bea0-259e52dba473?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/440b515e-a580-421e-abeb-b159a61ddcbc?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Deploy requirements to audit
- Windows VMs configurations in ''System Audit Policies - System''","policyType":"BuiltIn","mode":"Indexed","description":"This
- policy creates a Guest Configuration assignment to audit Windows virtual machines
- with non-compliant settings in Group Policy category: ''System Audit Policies
- - System''. It also creates a system-assigned managed identity and deploys
- the VM extension for Guest Configuration. This policy should only be used
- along with its corresponding audit policy in an initiative. For more information
- on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"AuditOtherSystemEvents":{"type":"String","metadata":{"displayName":"Audit
- Other System Events","description":"Specifies whether audit events are generated
- for Windows Firewall Service and Windows Firewall driver start and stop events,
- failure events for these services and Windows Firewall Service policy processing
- failures."},"allowedValues":["No Auditing","Success","Failure","Success and
- Failure"],"defaultValue":"No Auditing"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SystemAuditPoliciesSystem","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash","equals":"[base64(concat(''Audit
- Other System Events;ExpectedValue'', ''='', parameters(''AuditOtherSystemEvents'')))]"},"deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AzureBaseline_SystemAuditPoliciesSystem"},"AuditOtherSystemEvents":{"value":"[parameters(''AuditOtherSystemEvents'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"AuditOtherSystemEvents":{"type":"string"}},"resources":[{"apiVersion":"2018-11-20","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''),
- ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"Audit
- Other System Events;ExpectedValue","value":"[parameters(''AuditOtherSystemEvents'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''),
- ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8b0158d-4766-490f-bea0-259e52dba473","type":"Microsoft.Authorization/policyDefinitions","name":"f8b0158d-4766-490f-bea0-259e52dba473"}'
+ string: '{"properties":{"displayName":"[Preview]: [AKS Engine] Ensure containers
+ listen only on allowed ports in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces containers to listen only on allowed ports in a Kubernetes
+ cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"allowedContainerPortsList":{"type":"Array","metadata":{"displayName":"Allowed
+ container ports list","description":"The list of container ports allowed in
+ a Kubernetes cluster."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-ports/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-ports/constraint.yaml","values":{"allowedContainerPorts":"[parameters(''allowedContainerPortsList'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/440b515e-a580-421e-abeb-b159a61ddcbc","type":"Microsoft.Authorization/policyDefinitions","name":"440b515e-a580-421e-abeb-b159a61ddcbc"}'
headers:
cache-control:
- no-cache
content-length:
- - '5282'
+ - '1500'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:37 GMT
+ - Fri, 06 Dec 2019 22:20:17 GMT
expires:
- '-1'
pragma:
@@ -34219,16 +47920,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/46592696-4c7b-4bf3-9e45-6c2763bdc0a6?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''f8d36e2f-389b-4ee4-898d-21aeb69a0f45'' could not be found."}}'
+ ''46592696-4c7b-4bf3-9e45-6c2763bdc0a6'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -34237,7 +47938,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:36 GMT
+ - Fri, 06 Dec 2019 22:20:19 GMT
expires:
- '-1'
pragma:
@@ -34263,31 +47964,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/46592696-4c7b-4bf3-9e45-6c2763bdc0a6?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Diagnostic logs in Service Bus should
- be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit enabling
- of diagnostic logs. This enables you to recreate activity trails to use for
- investigation purposes; when a security incident occurs or when your network
- is compromised","metadata":{"category":"Service Bus"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
- retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","type":"Microsoft.Authorization/policyDefinitions","name":"f8d36e2f-389b-4ee4-898d-21aeb69a0f45"}'
+ string: '{"properties":{"displayName":"[Preview]: [AKS Engine] Enforce labels
+ on pods in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces the specified labels are provided for pods in a Kubernetes
+ cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"labelsList":{"type":"Array","metadata":{"displayName":"List
+ of labels","description":"The list of labels to be specified on Pods in a
+ Kubernetes cluster."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/pod-enforce-labels/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/pod-enforce-labels/constraint.yaml","values":{"labels":"[parameters(''labelsList'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/46592696-4c7b-4bf3-9e45-6c2763bdc0a6","type":"Microsoft.Authorization/policyDefinitions","name":"46592696-4c7b-4bf3-9e45-6c2763bdc0a6"}'
headers:
cache-control:
- no-cache
content-length:
- - '1788'
+ - '1414'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:37 GMT
+ - Fri, 06 Dec 2019 22:20:21 GMT
expires:
- '-1'
pragma:
@@ -34317,16 +48018,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5f86cb6e-c4da-441b-807c-44bd0cc14e66?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''f9be5368-9bf5-4b84-9e0a-7850da98bb46'' could not be found."}}'
+ ''5f86cb6e-c4da-441b-807c-44bd0cc14e66'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -34335,7 +48036,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:37 GMT
+ - Fri, 06 Dec 2019 22:20:23 GMT
expires:
- '-1'
pragma:
@@ -34361,31 +48062,34 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/5f86cb6e-c4da-441b-807c-44bd0cc14e66?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Diagnostic logs in Azure Stream Analytics
- should be enabled","policyType":"BuiltIn","mode":"Indexed","description":"Audit
- enabling of diagnostic logs. This enables you to recreate activity trails
- to use for investigation purposes; when a security incident occurs or when
- your network is compromised","metadata":{"category":"Stream Analytics"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required
- retention (days)","description":"The required diagnostic logs retention in
- days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingJobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"anyOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"0"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]},{"allOf":[{"not":{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"}},{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","type":"Microsoft.Authorization/policyDefinitions","name":"f9be5368-9bf5-4b84-9e0a-7850da98bb46"}'
+ string: '{"properties":{"displayName":"[Limited Preview]: [AKS] Ensure only
+ allowed container images in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ policy ensures only allowed container images are running in an Azure Kubernetes
+ Service cluster. Limited Preview policies only work for registered subscriptions.
+ To register, please go to https://aka.ms/akspolicyonboarding. For instruction
+ on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
+ service"},"parameters":{"allowedContainerImagesRegex":{"type":"String","metadata":{"displayName":"Allowed
+ container images regex","description":"Regex representing container images
+ allowed in Kubernetes cluster. E.g. Regex of azure container registry images
+ is ^.+azurecr.io/.+$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerAllowedImages","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-allowed-images/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedContainerImagesRegex":"[parameters(''allowedContainerImagesRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5f86cb6e-c4da-441b-807c-44bd0cc14e66","type":"Microsoft.Authorization/policyDefinitions","name":"5f86cb6e-c4da-441b-807c-44bd0cc14e66"}'
headers:
cache-control:
- no-cache
content-length:
- - '1812'
+ - '1662'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:37 GMT
+ - Fri, 06 Dec 2019 22:20:24 GMT
expires:
- '-1'
pragma:
@@ -34415,16 +48119,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/7ce7ac02-a5c6-45d6-8d1b-844feb1c1531?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''fb893a29-21bb-418c-a157-e99480ec364c'' could not be found."}}'
+ ''7ce7ac02-a5c6-45d6-8d1b-844feb1c1531'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -34433,7 +48137,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:38 GMT
+ - Fri, 06 Dec 2019 22:20:27 GMT
expires:
- '-1'
pragma:
@@ -34459,30 +48163,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/7ce7ac02-a5c6-45d6-8d1b-844feb1c1531?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Kubernetes Services should
- be upgraded to a non-vulnerable Kubernetes version","policyType":"BuiltIn","mode":"Indexed","description":"Upgrade
- your Kubernetes service cluster to a later Kubernetes version to protect against
- known vulnerabilities in your current Kubernetes version. Vulnerability CVE-2019-9946
- has been patched in Kubernetes versions 1.11.9+, 1.12.7+, 1.13.5+, and 1.14.0+","metadata":{"category":"Security
- Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},{"anyOf":[{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.13.4","1.13.3","1.13.2","1.13.1","1.13.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.12.6","1.12.5","1.12.4","1.12.3","1.12.2","1.12.1","1.12.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","in":["1.11.8","1.11.7","1.11.6","1.11.5","1.11.4","1.11.3","1.11.2","1.11.1","1.11.0"]},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.10.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.9.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.8.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.7.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.6.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.5.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.4.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.3.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.2.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.1.*"},{"field":"Microsoft.ContainerService/managedClusters/kubernetesVersion","like":"1.0.*"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c","type":"Microsoft.Authorization/policyDefinitions","name":"fb893a29-21bb-418c-a157-e99480ec364c"}'
+ string: '{"properties":{"displayName":"[Limited Preview]: [AKS] Do not allow
+ privileged containers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ policy does not allow privileged containers creation in an Azure Kubernetes
+ Service cluster. Limited Preview policies only work for registered subscriptions.
+ To register, please go to https://aka.ms/akspolicyonboarding. For instruction
+ on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
+ service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerNoPrivilege","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-no-privilege/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ce7ac02-a5c6-45d6-8d1b-844feb1c1531","type":"Microsoft.Authorization/policyDefinitions","name":"7ce7ac02-a5c6-45d6-8d1b-844feb1c1531"}'
headers:
cache-control:
- no-cache
content-length:
- - '2438'
+ - '1297'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:39 GMT
+ - Fri, 06 Dec 2019 22:20:28 GMT
expires:
- '-1'
pragma:
@@ -34512,16 +48217,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/fcbc55c9-f25a-4e55-a6cb-33acb3be778b?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''fcbc55c9-f25a-4e55-a6cb-33acb3be778b'' could not be found."}}'
+ ''8e826246-c976-48f6-b03e-619bb92b3d82'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -34530,7 +48235,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:39 GMT
+ - Fri, 06 Dec 2019 22:20:31 GMT
expires:
- '-1'
pragma:
@@ -34556,31 +48261,30 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/fcbc55c9-f25a-4e55-a6cb-33acb3be778b?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Preview]: Show audit results from Windows
- VMs configurations in ''Security Options - Microsoft Network Client''","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Windows virtual machines with non-compliant settings in Group Policy
- category: ''Security Options - Microsoft Network Client''. For more information
- on Guest Configuration policies, please visit https://aka.ms/gcpol","metadata":{"category":"Guest
- Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["esri","incredibuild","MicrosoftDynamicsAX","MicrosoftSharepoint","MicrosoftVisualStudio","MicrosoftWindowsDesktop","MicrosoftWindowsServerHPCPack"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"2008*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"field":"Microsoft.Compute/imageSKU","notEquals":"SQL2008R2SP3-WS2008R2SP1"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","equals":"dsvm-windows"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","in":["standard-data-science-vm","windows-data-science-vm"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"batch"},{"field":"Microsoft.Compute/imageOffer","equals":"rendering-windows2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"center-for-internet-security-inc"},{"field":"Microsoft.Compute/imageOffer","like":"cis-windows-server-201*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"pivotal"},{"field":"Microsoft.Compute/imageOffer","like":"bosh-windows-server*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloud-infrastructure-services"},{"field":"Microsoft.Compute/imageOffer","like":"ad*"}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AzureBaseline_SecurityOptionsMicrosoftNetworkClient","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fcbc55c9-f25a-4e55-a6cb-33acb3be778b","type":"Microsoft.Authorization/policyDefinitions","name":"fcbc55c9-f25a-4e55-a6cb-33acb3be778b"}'
+ string: '{"properties":{"displayName":"[Preview]: Manage certificates issued
+ by an integrated CA","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages certificates are issued by a specified key vault integrated
+ Certificate Authority.","metadata":{"category":"Key Vault","preview":true},"parameters":{"allowedCAs":{"type":"Array","metadata":{"displayName":"Allowed
+ Azure Key Vault Supported CAs","description":"The list of allowed certificate
+ authorities supported by Azure Key Vault."},"allowedValues":["DigiCert","GlobalSign"],"defaultValue":["DigiCert","GlobalSign"]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/issuer.name","notIn":"[parameters(''allowedCAs'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82","type":"Microsoft.Authorization/policyDefinitions","name":"8e826246-c976-48f6-b03e-619bb92b3d82"}'
headers:
cache-control:
- no-cache
content-length:
- - '2693'
+ - '1155'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:39 GMT
+ - Fri, 06 Dec 2019 22:20:32 GMT
expires:
- '-1'
pragma:
@@ -34610,16 +48314,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''fee5cb2b-9d9b-410e-afe3-2902d90d0004'' could not be found."}}'
+ ''95edb821-ddaf-4404-9732-666045e056b4'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -34628,7 +48332,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:39 GMT
+ - Fri, 06 Dec 2019 22:20:34 GMT
expires:
- '-1'
pragma:
@@ -34654,30 +48358,29 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Show audit results from Linux VMs that
- do not have the specified applications installed","policyType":"BuiltIn","mode":"All","description":"This
- policy should only be used along with its corresponding deploy policy in an
- initiative. This definition allows Azure Policy to process the results of
- auditing Linux virtual machines that do not have the specified applications
- installed. For more information on Guest Configuration policies, please visit
- https://aka.ms/gcpol","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imagePublisher","in":["microsoft-aks","AzureDatabricks","qubole-inc","datastax","couchbase","scalegrid","checkpoint","paloaltonetworks"]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","like":"CentOS*"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"osa"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","notLike":"7*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","like":"SLES*"},{"field":"Microsoft.Compute/imageSKU","notLike":"11*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","notLike":"12*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-dsvm"},{"field":"Microsoft.Compute/imageOffer","in":["linux-data-science-vm-ubuntu","azureml"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","notLike":"6*"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-altus-centos-os"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","like":"linux*"}]}]}]},{"allOf":[{"field":"type","equals":"Microsoft.HybridCompute/machines"},{"field":"Microsoft.HybridCompute/imageOffer","like":"linux*"}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"installed_application_linux","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004","type":"Microsoft.Authorization/policyDefinitions","name":"fee5cb2b-9d9b-410e-afe3-2902d90d0004"}'
+ string: '{"properties":{"displayName":"[Preview]: [AKS Engine] Do not allow
+ privileged containers in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy does not allow privileged containers creation in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-no-privilege/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-no-privilege/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4","type":"Microsoft.Authorization/policyDefinitions","name":"95edb821-ddaf-4404-9732-666045e056b4"}'
headers:
cache-control:
- no-cache
content-length:
- - '3192'
+ - '1221'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:40 GMT
+ - Fri, 06 Dec 2019 22:20:35 GMT
expires:
- '-1'
pragma:
@@ -34707,16 +48410,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''feedbf84-6b99-488c-acc2-71c829aa5ffc'' could not be found."}}'
+ ''a22f4a40-01d3-4c7d-8071-da157eeff341'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -34725,7 +48428,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:40 GMT
+ - Fri, 06 Dec 2019 22:20:38 GMT
expires:
- '-1'
pragma:
@@ -34751,28 +48454,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"Vulnerabilities on your SQL databases
- should be remediated","policyType":"BuiltIn","mode":"Indexed","description":"Monitor
- Vulnerability Assessment scan results and recommendations for how to remediate
- database vulnerabilities.","metadata":{"category":"Security Center"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Sql/servers/databases","Microsoft.Sql/managedinstances/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"sqlVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","in":["OffByPolicy","Healthy"]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","type":"Microsoft.Authorization/policyDefinitions","name":"feedbf84-6b99-488c-acc2-71c829aa5ffc"}'
+ string: '{"properties":{"displayName":"[Preview]: Manage certificates issued
+ by a non-integrated CA","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages certificates are issued by a specified non-integrated Certificate
+ Authority.","metadata":{"category":"Key Vault","preview":true},"parameters":{"caCommonName":{"type":"String","metadata":{"displayName":"The
+ common name of the certificate authority","description":"The common name (CN)
+ of the Certificate Authority (CA) provider. For example, for an issuer CN
+ = Contoso, OU = .., DC = .., you can specify Contoso"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/issuer.commonName","notContains":"[parameters(''caCommonName'')]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341","type":"Microsoft.Authorization/policyDefinitions","name":"a22f4a40-01d3-4c7d-8071-da157eeff341"}'
headers:
cache-control:
- no-cache
content-length:
- - '1092'
+ - '1167'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:40 GMT
+ - Fri, 06 Dec 2019 22:20:39 GMT
expires:
- '-1'
pragma:
@@ -34802,16 +48508,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/0f636243-1b1c-4d50-880f-310f6199f2cb?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a2d3ed81-8d11-4079-80a5-1faadc0024f4?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''0f636243-1b1c-4d50-880f-310f6199f2cb'' could not be found."}}'
+ ''a2d3ed81-8d11-4079-80a5-1faadc0024f4'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -34820,7 +48526,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:40 GMT
+ - Fri, 06 Dec 2019 22:20:41 GMT
expires:
- '-1'
pragma:
@@ -34846,33 +48552,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/0f636243-1b1c-4d50-880f-310f6199f2cb?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/a2d3ed81-8d11-4079-80a5-1faadc0024f4?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Limited Preview]: Ensure containers
- listen only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
- policy enforces containers to listen only on allowed ports in an Azure Kubernetes
- Service cluster. Limited Preview policies only work for registered subscriptions.
- To register, please go to https://aka.ms/akspolicyonboarding. For instruction
- on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
- service"},"parameters":{"allowedContainerPortsRegex":{"type":"String","metadata":{"displayName":"Allowed
- container ports regex","description":"Regex representing container ports allowed
- in Kubernetes cluster. E.g. Regex for allowing ports 443,446 is ^(443|446)$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerAllowedPorts","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-allowed-ports/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedContainerPortsRegex":"[parameters(''allowedContainerPortsRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0f636243-1b1c-4d50-880f-310f6199f2cb","type":"Microsoft.Authorization/policyDefinitions","name":"0f636243-1b1c-4d50-880f-310f6199f2cb"}'
+ string: '{"properties":{"displayName":"[Limited Preview]: [AKS] Ensure CPU and
+ memory resource limits defined on containers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ policy ensures CPU and memory resource limits are defined on containers in
+ an Azure Kubernetes Service cluster. Limited Preview policies only work for
+ registered subscriptions. To register, please go to https://aka.ms/akspolicyonboarding.
+ For instruction on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
+ service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerResourceLimits","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-resource-limits/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2d3ed81-8d11-4079-80a5-1faadc0024f4","type":"Microsoft.Authorization/policyDefinitions","name":"a2d3ed81-8d11-4079-80a5-1faadc0024f4"}'
headers:
cache-control:
- no-cache
content-length:
- - '1647'
+ - '1347'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:40 GMT
+ - Fri, 06 Dec 2019 22:20:43 GMT
expires:
- '-1'
pragma:
@@ -34902,16 +48606,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/16c6ca72-89d2-4798-b87e-496f9de7fcb7?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a74d8f00-2fd9-4ce4-968e-0ee1eb821698?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''16c6ca72-89d2-4798-b87e-496f9de7fcb7'' could not be found."}}'
+ ''a74d8f00-2fd9-4ce4-968e-0ee1eb821698'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -34920,7 +48624,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:41 GMT
+ - Fri, 06 Dec 2019 22:20:45 GMT
expires:
- '-1'
pragma:
@@ -34946,33 +48650,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/16c6ca72-89d2-4798-b87e-496f9de7fcb7?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/a74d8f00-2fd9-4ce4-968e-0ee1eb821698?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Limited Preview]: Enforce labels on
- pods in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
- policy enforces the specified labels are provided for pods in an Azure Kubernetes
+ string: '{"properties":{"displayName":"[Limited Preview]: [AKS] Enforce internal
+ load balancers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ policy enforces load balancers do not have public IPs in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
- service"},"parameters":{"commaSeparatedListOfLabels":{"type":"String","metadata":{"displayName":"Comma-separated
- list of labels","description":"A comma-separated list of labels to be specified
- on Pods in Kubernetes cluster. E.g. test1,test2"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"PodEnforceLabels","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/pod-enforce-labels/limited-preview/gatekeeperpolicy.rego","policyParameters":{"commaSeparatedListOfLabels":"[parameters(''commaSeparatedListOfLabels'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16c6ca72-89d2-4798-b87e-496f9de7fcb7","type":"Microsoft.Authorization/policyDefinitions","name":"16c6ca72-89d2-4798-b87e-496f9de7fcb7"}'
+ service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"LoadBalancersInternal","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/loadbalancer-no-publicips/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a74d8f00-2fd9-4ce4-968e-0ee1eb821698","type":"Microsoft.Authorization/policyDefinitions","name":"a74d8f00-2fd9-4ce4-968e-0ee1eb821698"}'
headers:
cache-control:
- no-cache
content-length:
- - '1592'
+ - '1299'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:41 GMT
+ - Fri, 06 Dec 2019 22:20:47 GMT
expires:
- '-1'
pragma:
@@ -35002,16 +48704,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/25dee3db-6ce0-4c02-ab5d-245887b24077?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/b2fd3e59-6390-4f2b-8247-ea676bd03e2d?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''25dee3db-6ce0-4c02-ab5d-245887b24077'' could not be found."}}'
+ ''b2fd3e59-6390-4f2b-8247-ea676bd03e2d'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -35020,7 +48722,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:42 GMT
+ - Fri, 06 Dec 2019 22:20:49 GMT
expires:
- '-1'
pragma:
@@ -35046,33 +48748,29 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/25dee3db-6ce0-4c02-ab5d-245887b24077?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/b2fd3e59-6390-4f2b-8247-ea676bd03e2d?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Limited Preview]: Ensure services listen
- only on allowed ports in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
- policy enforces services to listen only on allowed ports in an Azure Kubernetes
- Service cluster. Limited Preview policies only work for registered subscriptions.
- To register, please go to https://aka.ms/akspolicyonboarding. For instruction
- on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
- service"},"parameters":{"allowedServicePortsRegex":{"type":"String","metadata":{"displayName":"Allowed
- service ports regex","description":"Regex representing service ports allowed
- in Kubernetes cluster. E.g. Regex for allowing ports 443,446 is ^(443|446)$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ServiceAllowedPorts","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/service-allowed-ports/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedServicePortsRegex":"[parameters(''allowedServicePortsRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/25dee3db-6ce0-4c02-ab5d-245887b24077","type":"Microsoft.Authorization/policyDefinitions","name":"25dee3db-6ce0-4c02-ab5d-245887b24077"}'
+ string: '{"properties":{"displayName":"[Preview]: [AKS Engine] Enforce unique
+ ingress hostnames across namespaces in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy enforces unique ingress hostnames across namespaces in a Kubernetes
+ cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-hostnames-conflict/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-hostnames-conflict/constraint.yaml"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b2fd3e59-6390-4f2b-8247-ea676bd03e2d","type":"Microsoft.Authorization/policyDefinitions","name":"b2fd3e59-6390-4f2b-8247-ea676bd03e2d"}'
headers:
cache-control:
- no-cache
content-length:
- - '1629'
+ - '1251'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:42 GMT
+ - Fri, 06 Dec 2019 22:20:50 GMT
expires:
- '-1'
pragma:
@@ -35102,16 +48800,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/2fbff515-eecc-4b7e-9b63-fcc7138b7dc3?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''2fbff515-eecc-4b7e-9b63-fcc7138b7dc3'' could not be found."}}'
+ ''bd78111f-4953-4367-9fd5-7e08808b54bf'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -35120,7 +48818,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:43 GMT
+ - Fri, 06 Dec 2019 22:20:52 GMT
expires:
- '-1'
pragma:
@@ -35146,31 +48844,30 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/2fbff515-eecc-4b7e-9b63-fcc7138b7dc3?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Limited Preview]: Enforce HTTPS ingress
- in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
- policy enforces HTTPS ingress in an Azure Kubernetes Service cluster. Limited
- Preview policies only work for registered subscriptions. To register, please
- go to https://aka.ms/akspolicyonboarding. For instruction on using this policy,
- please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
- service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"HttpsIngressOnly","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-https-only/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2fbff515-eecc-4b7e-9b63-fcc7138b7dc3","type":"Microsoft.Authorization/policyDefinitions","name":"2fbff515-eecc-4b7e-9b63-fcc7138b7dc3"}'
+ string: '{"properties":{"displayName":"[Preview]: Manage allowed curve names
+ for elliptic curve cryptography certificates","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the allowed elliptic curve names for elliptic curve cryptography
+ certificates.","metadata":{"category":"Key Vault","preview":true},"parameters":{"allowedECNames":{"type":"Array","metadata":{"displayName":"Allowed
+ elliptic curve names","description":"The list of allowed curve names for elliptic
+ curve cryptography certificates."},"allowedValues":["P-256","P-256K","P-384","P-521"],"defaultValue":["P-256","P-256K","P-384","P-521"]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType","in":["EC","EC-HSM"]},{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.ellipticCurveName","notIn":"[parameters(''allowedECNames'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf","type":"Microsoft.Authorization/policyDefinitions","name":"bd78111f-4953-4367-9fd5-7e08808b54bf"}'
headers:
cache-control:
- no-cache
content-length:
- - '1247'
+ - '1328'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:43 GMT
+ - Fri, 06 Dec 2019 22:20:54 GMT
expires:
- '-1'
pragma:
@@ -35200,16 +48897,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5f86cb6e-c4da-441b-807c-44bd0cc14e66?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''5f86cb6e-c4da-441b-807c-44bd0cc14e66'' could not be found."}}'
+ ''cee51871-e572-4576-855c-047c820360f0'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -35218,7 +48915,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:43 GMT
+ - Fri, 06 Dec 2019 22:20:56 GMT
expires:
- '-1'
pragma:
@@ -35244,34 +48941,29 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/5f86cb6e-c4da-441b-807c-44bd0cc14e66?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Limited Preview]: Ensure only allowed
- container images in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
- policy ensures only allowed container images are running in an Azure Kubernetes
- Service cluster. Limited Preview policies only work for registered subscriptions.
- To register, please go to https://aka.ms/akspolicyonboarding. For instruction
- on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
- service"},"parameters":{"allowedContainerImagesRegex":{"type":"String","metadata":{"displayName":"Allowed
- container images regex","description":"Regex representing container images
- allowed in Kubernetes cluster. E.g. Regex of azure container registry images
- is ^.+azurecr.io/.+$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerAllowedImages","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-allowed-images/limited-preview/gatekeeperpolicy.rego","policyParameters":{"allowedContainerImagesRegex":"[parameters(''allowedContainerImagesRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5f86cb6e-c4da-441b-807c-44bd0cc14e66","type":"Microsoft.Authorization/policyDefinitions","name":"5f86cb6e-c4da-441b-807c-44bd0cc14e66"}'
+ string: '{"properties":{"displayName":"[Preview]: Manage minimum key size for
+ RSA certificates","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages the minimum key size for RSA certificates.","metadata":{"category":"Key
+ Vault","preview":true},"parameters":{"minimumRSAKeySize":{"type":"Integer","metadata":{"displayName":"Minimum
+ RSA key size","description":"The minimum key size for RSA certificates."},"allowedValues":[2048,3072,4096]},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"allOf":[{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType","in":["RSA","RSA-HSM"]},{"field":"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keySize","less":"[parameters(''minimumRSAKeySize'')]"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0","type":"Microsoft.Authorization/policyDefinitions","name":"cee51871-e572-4576-855c-047c820360f0"}'
headers:
cache-control:
- no-cache
content-length:
- - '1656'
+ - '1153'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:43 GMT
+ - Fri, 06 Dec 2019 22:20:58 GMT
expires:
- '-1'
pragma:
@@ -35301,16 +48993,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/7ce7ac02-a5c6-45d6-8d1b-844feb1c1531?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d011d9f7-ba32-4005-b727-b3d09371ca60?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''7ce7ac02-a5c6-45d6-8d1b-844feb1c1531'' could not be found."}}'
+ ''d011d9f7-ba32-4005-b727-b3d09371ca60'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -35319,7 +49011,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:43 GMT
+ - Fri, 06 Dec 2019 22:21:00 GMT
expires:
- '-1'
pragma:
@@ -35345,31 +49037,31 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/7ce7ac02-a5c6-45d6-8d1b-844feb1c1531?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/d011d9f7-ba32-4005-b727-b3d09371ca60?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Limited Preview]: Do not allow privileged
- containers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
- policy does not allow privileged containers creation in an Azure Kubernetes
+ string: '{"properties":{"displayName":"[Limited Preview]: [AKS] Enforce unique
+ ingress hostnames across namespaces in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
+ policy enforces unique ingress hostnames across namespaces in an Azure Kubernetes
Service cluster. Limited Preview policies only work for registered subscriptions.
To register, please go to https://aka.ms/akspolicyonboarding. For instruction
on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerNoPrivilege","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-no-privilege/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ce7ac02-a5c6-45d6-8d1b-844feb1c1531","type":"Microsoft.Authorization/policyDefinitions","name":"7ce7ac02-a5c6-45d6-8d1b-844feb1c1531"}'
+ or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"UniqueIngressHostnames","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-hostnames-conflict/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d011d9f7-ba32-4005-b727-b3d09371ca60","type":"Microsoft.Authorization/policyDefinitions","name":"d011d9f7-ba32-4005-b727-b3d09371ca60"}'
headers:
cache-control:
- no-cache
content-length:
- - '1291'
+ - '1325'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:44 GMT
+ - Fri, 06 Dec 2019 22:21:01 GMT
expires:
- '-1'
pragma:
@@ -35399,16 +49091,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a2d3ed81-8d11-4079-80a5-1faadc0024f4?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e345eecc-fa47-480f-9e88-67dcc122b164?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''a2d3ed81-8d11-4079-80a5-1faadc0024f4'' could not be found."}}'
+ ''e345eecc-fa47-480f-9e88-67dcc122b164'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -35417,7 +49109,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:44 GMT
+ - Fri, 06 Dec 2019 22:21:04 GMT
expires:
- '-1'
pragma:
@@ -35443,31 +49135,35 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/a2d3ed81-8d11-4079-80a5-1faadc0024f4?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/e345eecc-fa47-480f-9e88-67dcc122b164?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Limited Preview]: Ensure CPU and memory
- resource limits defined on containers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
- policy ensures CPU and memory resource limits are defined on containers in
- an Azure Kubernetes Service cluster. Limited Preview policies only work for
- registered subscriptions. To register, please go to https://aka.ms/akspolicyonboarding.
- For instruction on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
- service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"ContainerResourceLimits","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-resource-limits/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a2d3ed81-8d11-4079-80a5-1faadc0024f4","type":"Microsoft.Authorization/policyDefinitions","name":"a2d3ed81-8d11-4079-80a5-1faadc0024f4"}'
+ string: '{"properties":{"displayName":"[Preview]: [AKS Engine] Ensure container
+ CPU and memory resource limits do not exceed the specified limits in Kubernetes
+ cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy ensures container CPU and memory resource limits are defined and do
+ not exceed the specified limits in a Kubernetes cluster. For instructions
+ on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"cpuLimit":{"type":"String","metadata":{"displayName":"Max
+ allowed CPU units","description":"The maximum CPU units allowed for a container.
+ E.g. 200m. For more information, please refer https://aka.ms/k8s-policy-pod-limits"}},"memoryLimit":{"type":"String","metadata":{"displayName":"Max
+ allowed memory bytes","description":"The maximum memory bytes allowed for
+ a container. E.g. 1Gi. For more information, please refer https://aka.ms/k8s-policy-pod-limits"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-resource-limits/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-resource-limits/constraint.yaml","values":{"cpuLimit":"[parameters(''cpuLimit'')]","memoryLimit":"[parameters(''memoryLimit'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e345eecc-fa47-480f-9e88-67dcc122b164","type":"Microsoft.Authorization/policyDefinitions","name":"e345eecc-fa47-480f-9e88-67dcc122b164"}'
headers:
cache-control:
- no-cache
content-length:
- - '1341'
+ - '1882'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:44 GMT
+ - Fri, 06 Dec 2019 22:21:05 GMT
expires:
- '-1'
pragma:
@@ -35497,16 +49193,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a74d8f00-2fd9-4ce4-968e-0ee1eb821698?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''a74d8f00-2fd9-4ce4-968e-0ee1eb821698'' could not be found."}}'
+ ''f772fb64-8e40-40ad-87bc-7706e1949427'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -35515,7 +49211,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:45 GMT
+ - Fri, 06 Dec 2019 22:21:07 GMT
expires:
- '-1'
pragma:
@@ -35541,31 +49237,30 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/a74d8f00-2fd9-4ce4-968e-0ee1eb821698?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Limited Preview]: Enforce internal load
- balancers in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
- policy enforces load balancers do not have public IPs in an Azure Kubernetes
- Service cluster. Limited Preview policies only work for registered subscriptions.
- To register, please go to https://aka.ms/akspolicyonboarding. For instruction
- on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
- service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"LoadBalancersInternal","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/loadbalancer-no-publicips/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a74d8f00-2fd9-4ce4-968e-0ee1eb821698","type":"Microsoft.Authorization/policyDefinitions","name":"a74d8f00-2fd9-4ce4-968e-0ee1eb821698"}'
+ string: '{"properties":{"displayName":"[Preview]: Manage certificates that are
+ within a specified number of days of expiration","policyType":"BuiltIn","mode":"Microsoft.KeyVault.Data","description":"This
+ policy manages certificates that are within a specified number of days to
+ their expiration date.","metadata":{"category":"Key Vault","preview":true},"parameters":{"daysToExpire":{"type":"Integer","metadata":{"displayName":"Days
+ to expire","description":"The number of days for a certificate to expire."}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["audit","deny","disabled"],"defaultValue":"audit"}},"policyRule":{"if":{"field":"Microsoft.KeyVault.Data/vaults/certificates/attributes.expiresOn","lessOrEquals":"[addDays(utcNow(),
+ parameters(''daysToExpire''))]"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427","type":"Microsoft.Authorization/policyDefinitions","name":"f772fb64-8e40-40ad-87bc-7706e1949427"}'
headers:
cache-control:
- no-cache
content-length:
- - '1293'
+ - '1093'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:45 GMT
+ - Fri, 06 Dec 2019 22:21:09 GMT
expires:
- '-1'
pragma:
@@ -35595,16 +49290,16 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d011d9f7-ba32-4005-b727-b3d09371ca60?api-version=2019-06-01
+ uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/febd0533-8e55-448f-b837-bd0e06f16469?api-version=2019-09-01
response:
body:
string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy definition
- ''d011d9f7-ba32-4005-b727-b3d09371ca60'' could not be found."}}'
+ ''febd0533-8e55-448f-b837-bd0e06f16469'' could not be found."}}'
headers:
cache-control:
- no-cache
@@ -35613,7 +49308,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:46 GMT
+ - Fri, 06 Dec 2019 22:21:11 GMT
expires:
- '-1'
pragma:
@@ -35639,31 +49334,32 @@ interactions:
ParameterSetName:
- -n
User-Agent:
- - python/3.7.3 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.1 azure-mgmt-resource/4.0.0
- Azure-SDK-For-Python AZURECLI/2.0.72
+ - python/3.8.0 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2
+ azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.77
accept-language:
- en-US
method: GET
- uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/d011d9f7-ba32-4005-b727-b3d09371ca60?api-version=2019-06-01
+ uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/febd0533-8e55-448f-b837-bd0e06f16469?api-version=2019-09-01
response:
body:
- string: '{"properties":{"displayName":"[Limited Preview]: Enforce unique ingress
- hostnames across namespaces in AKS","policyType":"BuiltIn","mode":"Microsoft.ContainerService.Data","description":"This
- policy enforces unique ingress hostnames across namespaces in an Azure Kubernetes
- Service cluster. Limited Preview policies only work for registered subscriptions.
- To register, please go to https://aka.ms/akspolicyonboarding. For instruction
- on using this policy, please go to https://aka.ms/akspolicydoc.","metadata":{"category":"Kubernetes
- service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
- or disable the execution of the policy"},"allowedValues":["EnforceRegoPolicy","Disabled"],"defaultValue":"EnforceRegoPolicy"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ContainerService/managedClusters"},"then":{"effect":"[parameters(''effect'')]","details":{"policyId":"UniqueIngressHostnames","policy":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-hostnames-conflict/limited-preview/gatekeeperpolicy.rego"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/d011d9f7-ba32-4005-b727-b3d09371ca60","type":"Microsoft.Authorization/policyDefinitions","name":"d011d9f7-ba32-4005-b727-b3d09371ca60"}'
+ string: '{"properties":{"displayName":"[Preview]: [AKS Engine] Ensure only allowed
+ container images in Kubernetes cluster","policyType":"BuiltIn","mode":"Microsoft.Kubernetes.Data","description":"This
+ policy ensures only allowed container images are running in a Kubernetes cluster.
+ For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.","metadata":{"category":"Kubernetes"},"parameters":{"allowedContainerImagesRegex":{"type":"String","metadata":{"displayName":"Allowed
+ container images regex","description":"Regex representing container images
+ allowed in a Kubernetes cluster. E.g. Regex for azure container registry images
+ is ^.+azurecr.io/.+$"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable
+ or disable the execution of the policy"},"allowedValues":["enforceOPAConstraint","disabled"],"defaultValue":"enforceOPAConstraint"}},"policyRule":{"if":{"field":"type","in":["AKS
+ Engine"]},"then":{"effect":"[parameters(''effect'')]","details":{"constraintTemplate":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-images/template.yaml","constraint":"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-images/constraint.yaml","values":{"allowedContainerImagesRegex":"[parameters(''allowedContainerImagesRegex'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/febd0533-8e55-448f-b837-bd0e06f16469","type":"Microsoft.Authorization/policyDefinitions","name":"febd0533-8e55-448f-b837-bd0e06f16469"}'
headers:
cache-control:
- no-cache
content-length:
- - '1319'
+ - '1579'
content-type:
- application/json; charset=utf-8
date:
- - Tue, 10 Sep 2019 00:22:46 GMT
+ - Fri, 06 Dec 2019 22:21:12 GMT
expires:
- '-1'
pragma:
diff --git a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/sample_data_policy_rule.json b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/sample_data_policy_rule.json
index d3ad57d1eb7..9833081c0b3 100644
--- a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/sample_data_policy_rule.json
+++ b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/sample_data_policy_rule.json
@@ -1,9 +1,17 @@
{
"if": {
- "field": "Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType",
- "equals": "RSA"
+ "field": "Microsoft.DataCatalog.Data/catalog/entity/type",
+ "equals": "SomeEntityType"
},
"then": {
- "effect": "audit"
+ "effect": "ModifyClassifications",
+ "details": {
+ "classificationsToAdd": [
+ "foo"
+ ],
+ "classificationsToRemove": [
+ "bar"
+ ]
+ }
}
}
\ No newline at end of file
diff --git a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/sample_policy_groups_def.json b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/sample_policy_groups_def.json
new file mode 100644
index 00000000000..7cf99ec6887
--- /dev/null
+++ b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/sample_policy_groups_def.json
@@ -0,0 +1 @@
+[{ "name": "group1", "displayName": "Cost Savings" }, { "name": "group2", "displayName": "Organizational" }]
\ No newline at end of file
diff --git a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/sample_policy_groups_def2.json b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/sample_policy_groups_def2.json
new file mode 100644
index 00000000000..10589a2522c
--- /dev/null
+++ b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/sample_policy_groups_def2.json
@@ -0,0 +1 @@
+[{"name": "group1", "displayName": "Updated display name"}, {"name": "group2", "displayName": "Organizational"}]
\ No newline at end of file
diff --git a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/sample_policy_set_grouping.json b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/sample_policy_set_grouping.json
new file mode 100644
index 00000000000..d8f430eaa0e
--- /dev/null
+++ b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/sample_policy_set_grouping.json
@@ -0,0 +1 @@
+[{"policyDefinitionId": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002", "policyDefinitionReferenceId": "1", "groupNames": ["group1", "group2"], "parameters": {"allowedLocations": {"value": ["eastus"]}}}, {"policyDefinitionId": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002", "policyDefinitionReferenceId": "2", "groupNames": ["group1"], "parameters": {"allowedLocations": {"value": ["eastus"]}}}]
\ No newline at end of file
diff --git a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/test_resource.py b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/test_resource.py
index d339f55d4c3..474e38d80b6 100644
--- a/src/azure-cli/azure/cli/command_modules/resource/tests/latest/test_resource.py
+++ b/src/azure-cli/azure/cli/command_modules/resource/tests/latest/test_resource.py
@@ -772,7 +772,7 @@ def resource_policyset_operations(self, resource_group, management_group=None, s
'dpn': self.create_random_name('azure-cli-test-data-policy', 30),
'dpdn': self.create_random_name('test_data_policy', 20),
'dp_desc': 'desc_for_test_data_policy_123',
- 'dp_mode': 'Microsoft.KeyVault.Data',
+ 'dp_mode': 'Microsoft.DataCatalog.Data',
'psn': self.create_random_name('azure-cli-test-policyset', 30),
'psdn': self.create_random_name('test_policyset', 20),
'ps_desc': 'desc_for_test_policyset_123',
@@ -1002,7 +1002,7 @@ def test_resource_policy_identity(self, resource_group, resource_group_location)
self.cmd('policy assignment delete -n {pan} -g {rg}')
@ResourceGroupPreparer(name_prefix='cli_test_policy_management_group')
- @AllowLargeResponse()
+ @AllowLargeResponse(4096)
def test_resource_policy_management_group(self, resource_group):
management_group_name = self.create_random_name('cli-test-mgmt-group', 30)
self.cmd('account management-group create -n ' + management_group_name)
@@ -1021,17 +1021,17 @@ def test_resource_policy_subscription_id(self, resource_group):
if not self.in_recording:
with mock.patch('azure.cli.command_modules.resource.custom._get_subscription_id_from_subscription',
return_value=MOCKED_SUBSCRIPTION_ID):
- self.resource_policy_operations(resource_group, None, 'e78961ba-36fe-4739-9212-e3031b4c8db7')
+ self.resource_policy_operations(resource_group, None, 'f67cc918-f64f-4c3f-aa24-a855465f9d41')
else:
- self.resource_policy_operations(resource_group, None, 'e78961ba-36fe-4739-9212-e3031b4c8db7')
+ self.resource_policy_operations(resource_group, None, 'f67cc918-f64f-4c3f-aa24-a855465f9d41')
@ResourceGroupPreparer(name_prefix='cli_test_policyset')
- @AllowLargeResponse()
+ @AllowLargeResponse(4096)
def test_resource_policyset_default(self, resource_group):
self.resource_policyset_operations(resource_group)
@ResourceGroupPreparer(name_prefix='cli_test_policyset_management_group')
- @AllowLargeResponse()
+ @AllowLargeResponse(4096)
def test_resource_policyset_management_group(self, resource_group):
management_group_name = self.create_random_name('cli-test-mgmt-group', 30)
self.cmd('account management-group create -n ' + management_group_name)
@@ -1042,16 +1042,80 @@ def test_resource_policyset_management_group(self, resource_group):
@record_only()
@ResourceGroupPreparer(name_prefix='cli_test_policyset_subscription_id')
- @AllowLargeResponse()
+ @AllowLargeResponse(4096)
def test_resource_policyset_subscription_id(self, resource_group):
# under playback, we mock it so the subscription id will be '00000000...' and it will match
# the same sanitized value in the recording
if not self.in_recording:
with mock.patch('azure.cli.command_modules.resource.custom._get_subscription_id_from_subscription',
return_value=MOCKED_SUBSCRIPTION_ID):
- self.resource_policyset_operations(resource_group, None, 'e78961ba-36fe-4739-9212-e3031b4c8db7')
+ self.resource_policyset_operations(resource_group, None, 'f67cc918-f64f-4c3f-aa24-a855465f9d41')
else:
- self.resource_policyset_operations(resource_group, None, 'e78961ba-36fe-4739-9212-e3031b4c8db7')
+ self.resource_policyset_operations(resource_group, None, 'f67cc918-f64f-4c3f-aa24-a855465f9d41')
+
+ @ResourceGroupPreparer(name_prefix='cli_test_policyset_grouping')
+ @AllowLargeResponse()
+ def test_resource_policyset_grouping(self, resource_group):
+ curr_dir = os.path.dirname(os.path.realpath(__file__))
+
+ self.kwargs.update({
+ 'pn': self.create_random_name('azure-cli-test-policy', 30),
+ 'pdn': self.create_random_name('test_policy', 20),
+ 'psn': self.create_random_name('azure-cli-test-policyset', 30),
+ 'psdn': self.create_random_name('test_policyset', 20),
+ 'rf': os.path.join(curr_dir, 'sample_policy_rule.json').replace('\\', '\\\\'),
+ 'psf': os.path.join(curr_dir, 'sample_policy_set_grouping.json').replace('\\', '\\\\'),
+ 'pgf': os.path.join(curr_dir, 'sample_policy_groups_def.json').replace('\\', '\\\\'),
+ 'pgf2': os.path.join(curr_dir, 'sample_policy_groups_def2.json').replace('\\', '\\\\'),
+ 'pdf': os.path.join(curr_dir, 'sample_policy_param_def.json').replace('\\', '\\\\')
+ })
+
+ # create a policy
+ policy = self.cmd('policy definition create -n {pn} --rules {rf} --params {pdf} --display-name {pdn}').get_output_in_json()
+
+ # create a policy set
+ policyset = get_file_json(self.kwargs['psf'])
+ policyset[0]['policyDefinitionId'] = policy['id']
+ policyset[1]['policyDefinitionId'] = policy['id']
+ with open(os.path.join(curr_dir, 'sample_policy_set_grouping.json'), 'w') as outfile:
+ json.dump(policyset, outfile)
+
+ self.cmd('policy set-definition create -n {psn} --definitions @"{psf}" --display-name {psdn} --definition-groups @"{pgf}"', checks=[
+ self.check('name', '{psn}'),
+ self.check('displayName', '{psdn}'),
+ self.check('length(policyDefinitionGroups)', 2),
+ self.check("length(policyDefinitionGroups[?name=='group1'])", 1),
+ self.check("length(policyDefinitionGroups[?name=='group2'])", 1),
+ self.check('length(policyDefinitions[0].groupNames)', 2),
+ self.check('length(policyDefinitions[1].groupNames)', 1)
+ ])
+
+ # update the groups
+ groups = get_file_json(self.kwargs['pgf'])
+ groups[0]['displayName'] = "Updated display name"
+ with open(os.path.join(curr_dir, 'sample_policy_groups_def2.json'), 'w') as outfile:
+ json.dump(groups, outfile)
+
+ self.cmd('policy set-definition update -n {psn} --definition-groups @"{pgf2}"', checks=[
+ self.check('length(policyDefinitionGroups)', 2),
+ self.check("length(policyDefinitionGroups[?name=='group1'])", 1),
+ self.check("length(policyDefinitionGroups[?name=='group2'])", 1),
+ self.check("length(policyDefinitionGroups[?displayName=='Updated display name\'])", 1)
+ ])
+
+ # show it
+ self.cmd('policy set-definition show -n {psn}',
+ checks=self.check('length(policyDefinitionGroups)', 2))
+
+ # delete the policy set
+ self.cmd('policy set-definition delete -n {psn}')
+ time.sleep(10) # ensure the policy is gone when run live.
+
+ self.cmd('policy set-definition list',
+ checks=self.check("length([?name=='{psn}'])", 0))
+
+ # delete the policy
+ self.cmd('policy definition delete -n {pn}')
@AllowLargeResponse(8192)
def test_show_built_in_policy(self):
@@ -1079,7 +1143,7 @@ def test_managedappdef(self, resource_group):
'adn': self.create_random_name('testappdefname', 20),
'addn': self.create_random_name('test_appdef', 20),
'ad_desc': 'test_appdef_123',
- 'uri': 'https://testclinew.blob.core.windows.net/files/vivekMAD.zip',
+ 'uri': 'https://raw.githubusercontent.com/Azure/azure-managedapp-samples/master/Managed%20Application%20Sample%20Packages/201-managed-storage-account/managedstorage.zip',
'auth': '5e91139a-c94b-462e-a6ff-1ee95e8aac07:8e3af657-a8ff-443c-a75c-2fe8c4bcb635',
'lock': 'None'
})
diff --git a/src/azure-cli/requirements.py2.Darwin.txt b/src/azure-cli/requirements.py2.Darwin.txt
index 9a030f8de15..e08725f2f31 100644
--- a/src/azure-cli/requirements.py2.Darwin.txt
+++ b/src/azure-cli/requirements.py2.Darwin.txt
@@ -67,7 +67,7 @@ azure-mgmt-recoveryservicesbackup==0.4.0
azure-mgmt-redis==6.0.0
azure-mgmt-relay==0.1.0
azure-mgmt-reservations==0.6.0
-azure-mgmt-resource==4.0.0
+azure-mgmt-resource==6.0.0
azure-mgmt-search==2.1.0
azure-mgmt-security==0.1.0
azure-mgmt-servicebus==0.6.0
diff --git a/src/azure-cli/requirements.py2.Linux.txt b/src/azure-cli/requirements.py2.Linux.txt
index 9a030f8de15..e08725f2f31 100644
--- a/src/azure-cli/requirements.py2.Linux.txt
+++ b/src/azure-cli/requirements.py2.Linux.txt
@@ -67,7 +67,7 @@ azure-mgmt-recoveryservicesbackup==0.4.0
azure-mgmt-redis==6.0.0
azure-mgmt-relay==0.1.0
azure-mgmt-reservations==0.6.0
-azure-mgmt-resource==4.0.0
+azure-mgmt-resource==6.0.0
azure-mgmt-search==2.1.0
azure-mgmt-security==0.1.0
azure-mgmt-servicebus==0.6.0
diff --git a/src/azure-cli/requirements.py2.windows.txt b/src/azure-cli/requirements.py2.windows.txt
index 2cf70976d94..965873c3d8c 100644
--- a/src/azure-cli/requirements.py2.windows.txt
+++ b/src/azure-cli/requirements.py2.windows.txt
@@ -66,7 +66,7 @@ azure-mgmt-recoveryservicesbackup==0.4.0
azure-mgmt-redis==6.0.0
azure-mgmt-relay==0.1.0
azure-mgmt-reservations==0.6.0
-azure-mgmt-resource==4.0.0
+azure-mgmt-resource==6.0.0
azure-mgmt-search==2.1.0
azure-mgmt-security==0.1.0
azure-mgmt-servicebus==0.6.0
diff --git a/src/azure-cli/requirements.py3.Darwin.txt b/src/azure-cli/requirements.py3.Darwin.txt
index cdb9eb03fc2..19c1eeb1f2b 100644
--- a/src/azure-cli/requirements.py3.Darwin.txt
+++ b/src/azure-cli/requirements.py3.Darwin.txt
@@ -67,7 +67,7 @@ azure-mgmt-recoveryservicesbackup==0.4.0
azure-mgmt-redis==6.0.0
azure-mgmt-relay==0.1.0
azure-mgmt-reservations==0.6.0
-azure-mgmt-resource==4.0.0
+azure-mgmt-resource==6.0.0
azure-mgmt-search==2.1.0
azure-mgmt-security==0.1.0
azure-mgmt-servicebus==0.6.0
diff --git a/src/azure-cli/requirements.py3.Linux.txt b/src/azure-cli/requirements.py3.Linux.txt
index cdb9eb03fc2..19c1eeb1f2b 100644
--- a/src/azure-cli/requirements.py3.Linux.txt
+++ b/src/azure-cli/requirements.py3.Linux.txt
@@ -67,7 +67,7 @@ azure-mgmt-recoveryservicesbackup==0.4.0
azure-mgmt-redis==6.0.0
azure-mgmt-relay==0.1.0
azure-mgmt-reservations==0.6.0
-azure-mgmt-resource==4.0.0
+azure-mgmt-resource==6.0.0
azure-mgmt-search==2.1.0
azure-mgmt-security==0.1.0
azure-mgmt-servicebus==0.6.0
diff --git a/src/azure-cli/requirements.py3.windows.txt b/src/azure-cli/requirements.py3.windows.txt
index 96299c45372..636f2e51b11 100644
--- a/src/azure-cli/requirements.py3.windows.txt
+++ b/src/azure-cli/requirements.py3.windows.txt
@@ -66,7 +66,7 @@ azure-mgmt-recoveryservicesbackup==0.4.0
azure-mgmt-redis==6.0.0
azure-mgmt-relay==0.1.0
azure-mgmt-reservations==0.6.0
-azure-mgmt-resource==4.0.0
+azure-mgmt-resource==6.0.0
azure-mgmt-search==2.1.0
azure-mgmt-security==0.1.0
azure-mgmt-servicebus==0.6.0
diff --git a/src/azure-cli/setup.py b/src/azure-cli/setup.py
index 861fcfad397..82ccf70376a 100644
--- a/src/azure-cli/setup.py
+++ b/src/azure-cli/setup.py
@@ -114,7 +114,7 @@
'azure-mgmt-relay~=0.1.0',
# 'azure-mgmt-reservations~=0.6.0',
'azure-mgmt-reservations==0.6.0', # TODO: Use requirements.txt instead of '==' #9781
- 'azure-mgmt-resource~=4.0',
+ 'azure-mgmt-resource~=6.0',
'azure-mgmt-search~=2.0',
'azure-mgmt-security~=0.1.0',
'azure-mgmt-servicebus~=0.6.0',